Re: Explorer Dr. Watsons

["FYOM" <fyom () symmsys com>]

Chris,

I had the same issue, and I'm disinfecting a server that had the worm.

The worm loads a trojan mmc.exe in C:\winnt.  This trojan mmc.exe loads any
time your system runs explorer.exe  Also, you will note a ton of mep*.exe
files in c:\winnt.  These files are the worm's threads of execution and they
modify all your html and asp files on your system to include this line:

----- Original Message -----
From: "Chris Thornberry" <chris () cameronaa com>
To: <incidents () securityfocus com>
Sent: Tuesday, September 18, 2001 3:32 PM
Subject: Explorer Dr. Watsons


> Has anyone been experiencing issues with Dr. Watson Application errors
> in EXPLORER.EXE. Ever since this morning and the W32.Nimda.A@mm issue
> some of my servers have had issues trying to run anything.
>
> Does anyone know of a relation between the two?
>
> Regards,
> Chris
>
> --------------------------------------------
> Chris Thornberry MCSE, CCNA, A+
> Systems Engineer
> Cameron & Associates, Inc.
> E-mail:  chris () cameronaa com
> --------------------------------------------
>
>
>
> --------------------------------------------------------------------------
--
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com