Detecting and Finding Nimda Source

tls9923 · Sep 16, 2002

How can I detect and find the source of the Nimda Virus. I show it running on the network but cannot detect where it is running.

Thanks

Terrel

AVChap · Sep 16, 2002

You can't. Probably the best way is to use something like Sniffer and capture HTTP traffic. Then you can find out where the source is. I know Sniffer Pro has a Nimda filter.

AVChap

tls9923 · Sep 16, 2002

I have Sniffer and the Nimda Filter just not sure how to read the results.

Thanks

AVChap · Sep 16, 2002

Look at the 3-pane view and check for identical sources of HTTP traffic. You can also use the "eyeball" view to see where the traffic is coming from. You may need to ask your Sniffer guy you help you read the data.

AVChap

tls9923 · Sep 16, 2002

The source is showing as my unit the one that has sniffer running on it. And for the next 2 weeks I am the Sniffer guy.

Thanks

AVChap · Sep 16, 2002

If that's the case, you might be infected

Try running a full scan (make sure you don't have excluded directories).

AVChap

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Detecting and Finding Nimda Source

tls9923

Technical User

AVChap

Technical User

tls9923

Technical User

AVChap

Technical User

tls9923

Technical User

AVChap

Technical User

Similar threads

Part and Inventory Search

Sponsor