Is there a way to scan a web page for viruses? I'm having a time getting rid of the I-worm nimda virus. I ran the removal tools from 3 AV sites and removed it 4 times in the last few days. Still I'm getting re-infected. According to what I'm reading, you can get it from infected web servers.As I'm using hotmail for my email that's about the only way I could be getting the re-infections. I've updated my browser to IE 6.0,installed the latest MS updates for security and still getting reinfected.

------------------
If first you don't succeed-visit the DR.

In that case I recommend Mcafee Virus Scan 5 it scan all the pages you get into, your email, ftp, etc. It scan everything. I been using it for years the result are great.

Hiya

You say you keep getting infected. I wonder if you have managed to remove all trces of it. Have you looked at this?
http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html

It mentions about what files to replace after.

Also, go here and download Startup Log. Install and run it, allowing the DOS window to close. Copy/paste.
http://home.earthlink.net/~rmbox/Reticulated/Toys.html

Regards

eddie

------------------
Just go with the flow, like a twig on the shoulders of a mighty stream.

http://forums.techguy.org/

I have read nothing but horror stories about McCrappie Antivirus..Have read of it screwing up a lot of machines and then you can't remove it very easily. It may very well do web pages..But don't do it!!!!!

Thanks for your replies. I've successfully removed nimda from my machine. I have updated everything(AV,IE,Windows Etc.) I had McAfee AV for a long time finally got sick of it and changed to AVG and Trend-Micro PC-Cillian both seem very good. I used fix tools from Symantec,Trend-Micro and AVG-ran them one behind the other untill all showed clear. One last question, I Zone Alarm for about 3 months. I had a lot of cable connection problems-finally uninstalled ZA (whata job)what firewall would you recommend?

------------------
If first you don't succeed-visit the DR.

I use and like Zone Alarm, but don't have a "always on" connection.
John

------------------
"Try to be the person your dog thinks you are"

Check out the suggestions here jmtjet VOP (http://www.voiceofthepublic.org/forums.html)

I use ZoneAlarm on a Win95 and on a Win98 machine with Cox@home cablemodem (always on) connection. No problems at all.

I may be misinterpreting some of the messages in this thread but just in case ....

I use ZoneAlarm and recommend it but don't expect it to protect you from viruses. For that you need an anti-virus.

------------------
Jerry CTX
Computer (In)Security (http://www.ceepeeu.com)
Fight UCITA (http://www.4cite.org)
Free Dmitry Skylarov (http://freeskylarov.org)

Hi

I got the same virus 3 separate times but I have Ontracks Fixit Utilities 4 and it caught it as soon as i opened the webpage...it automatically checks for updates so mine is usually updated once a week,so it does a real nice job.

I'm sorry I don't have any other suggestions for cleaning this virus. I thought the Symantic tool was suppose to clean this virus very well.
And I also thought IE5.0l SP2 through IE6 had protection against getting this virus by clicking on a webpage! Can anyone explain this? I specifically upgraded to IE5.0lSP2 in September for this protection and have had nothing but problems ever since.
Sincerely, Nancee

[edit: Jmtjet - you mention this:
I'm using hotmail for my email that's about the only way I could be getting the re-infections.
Are you using OE? If so, make sure you have the preview pane shut OFF. You can automatically get a virus from you mail if it's on. Also, make sure to separate the attachment and scan it with a virusscanner before you open anything.]
Also, when you run a clean-up tool, have you closed all your running programs except explorer and systray? And, maybe run the tool twice. Don't know if this will help, but it can't hurt.


[This message has been edited by Nanceel0 (edited 11-23-2001).]

Hi Nanceel0 - well according to this article by Microsoft what you say is correct Nimda (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/Nimda.asp) - however, a patch for IE 5.01 SP2 is provided here SecurityUpdate (http://www.microsoft.com/windows/ie/downloads/critical/q295106/default.asp) so ???????

I have Win ME on this PC, 98 on another and am running IE 6, ZA Pro and McAfee with no issues.

I know many don't like the above items, but they work great for my configuration and am just trying to defend the blanket statements any or all of the above can cause issues.

It's not the application it's a conflict on the problematic PC that needs addressed.

tim

Thanks AnnMarie. I checked out that update and I do have it. So I hope I'm protected.
Sincerely, Nancee

To prevent nimda from infecting you by visiting websites, go into internet options--security tab--custom level button--then disable 'file download' and then ok out. Then if you ever want to download anything from a link like a program file you'll first have to go back and enable it again or you'll get an error when trying to download something.

------------------
"Be sober, be vigilant; because your adversary the devil, as a roaring lion, walketh about, seeking whom he may devour." 1 Peter 5:8

[This message has been edited by Kento (edited 11-26-2001).]

Its not only Nimda. I clicked on an innocent looking link on an innocent looking web site a while ago and got this warning from InnoculateIT PE:
The File C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\ULSP43IH\FEELGOOD2[1].EXE is Win32.PE-Crypt dropper. Not restored.
InoculateIT real-time protection has found that C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\ULSP43IH\FEELGOOD2[1].EXE is Win32.PE-Crypt dropper. Not Restored.

The little darling just leapt right of the web page onto my computer. Sent a panicky email to CA who, full credit to them, responded within an hour telling me to delete my Temporary Internet Files and all would be OK. Phew - the relief.

Have since installed HTA Stop from here Wilders (http://www.wilders.org/free_tools.htm). Its free and is a prevention tool for a particular method of transmitting executables, trojans, viruses etc, that are encoded and embedded DIRECTLY into web pages to your computer. It runs alongside Innoculate without any problem. Might be overkill but I'd rather that than the alternative.