Results 1 to 3 of 3
  1. #1
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: W32.Nimda Virus (Win ME, Office XP)

    Trend Micro has a clean-up tool, but the read me file warns that infected files must be deleted, and if they are Windows system files, this is a problem. You can read more about the relevant here:

    PE_NIMDA.A
    PE_NIMDA.B
    PE_NIMDA.C
    PE_NIMDA.D
    PE_NIMDA.E
    PE_NIMDA.F
    PE_NIMDA.G
    JS_NIMDA.A
    JS_NIMDA.B

    I have not read all of these articles, but the first one, at least, explains that the worm lowers security on the system to allow reinfection. I wish you the best in cleaning it up.

  2. #2
    3 Star Lounger
    Join Date
    Jan 2002
    Location
    Texas, USA
    Posts
    273
    Thanks
    0
    Thanked 0 Times in 0 Posts

    W32.Nimda Virus (Win ME, Office XP)

    I just spent about 4 days cleaning up my daughter's PC while she was home on spring break. I re-formatted the HD and reinstalled WinME and all device drivers after copying her voluminous files to CD's. I checked each application scrupulously after all this work. I set Norton AV to run actively. I was careful to update the AV files as part of my rehab. Yes, I ran the updates until Norton's update facility told me there were no more updates to be had. I even redid the floppy/ZIP rescue to the latest version. I ran NAV just before we packed the system up for her return to campus, and no viruses were found.

    Today, her system is totally hosed with W32.nimda.*** files. I had her reboot with the Norton Rescue Disk and run NAV. It identified the virus infected files but could do nothing about them. All of the infected files are dated and time stamped after her return to campus and connection to the campus network.

    Can someone tell me how this nimda virus variant infects a system? I am at a loss to know how a virus that has been around as long as Nimda has can bypass current, active NAV protection. She SWEARS that she did not download anything from the net nor open any email with attachments nor change her NAV settings. I want to know if her school's intranet has infected servers or if there is some other cause. We suspect the intranet because most of the infected files have subject lines relevant to campus classes or activities. I would also like to know if she has been singled out and targetted because apparently the campus help desk is unaware of this being a widespread problem. I suppose it is possible that a roommate or other dorm resident could have used the system, but she swears that no one else used it.

    Please help. I want very badly to know how the most recent variants of nimda operate. Her support on campus is minimal, and she can't afford to be without the use of the system for long.

    All help greatly appreciated and gratefully accepted.

  3. #3
    3 Star Lounger
    Join Date
    Jan 2002
    Location
    Texas, USA
    Posts
    273
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: W32.Nimda Virus (Win ME, Office XP)

    Thank you very much for a very prompt response. As a part of the rehab I mentioned, I was careful to download and apply both of the security updates to IE5.5 from Microsoft. Shouldn't this have stopped the exposure? Especially considering the current and active NAV?

    I read the first 3 references you sent. Apparently sharing files or folders was the Achilles heel. We have a LAN at home using WinME, and I set the sharing options to allow moving her files off before reformatting. I probably forgot to change the sharing options back to unshared.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •