Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Shaun E on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
how can clean nimda virus 2
- Thread starter ayalamite
- Start date
Stevehewitt
IS-IT--Management
Ok, now try it in English Steve Hewitt
IT Administrator
Windows 2000 Microsoft Certified System Engineer
IT Administrator
Windows 2000 Microsoft Certified System Engineer
sixthsense
Technical User
it certainly looks like he has tried his best efforts Kapil Aggarwal
Technical Director
Infovalley Interweb Pvt. Ltd.
Microsoft Certified System Engineer
visit
If u find the information provided here useful to u then let me know by clicking on the link below s-)
Technical Director
Infovalley Interweb Pvt. Ltd.
Microsoft Certified System Engineer
visit
If u find the information provided here useful to u then let me know by clicking on the link below s-)
I assume this means you tried the Nimda removal tool from norton. If you ran this tool and had it "repair" your shares it has removed all share access execept for administrator. Also please remember that the Norton tool simply removes the virus and you must still apply the patches from Microsoft to prevent it from being reinfected. Could you describe exactly what you mean by server down?
-
1
- #6
I would format machine and rebuild from back up.
Problem is - if your machine has been compromised by Nimda
it opens many backdoors to attackers. You can remove Nimda by using a virus scanner or the tools at various sites but your server has been effectively open to attack and who knows what may have been done to it.
IMHO a server should be rebuilt unless you have a very good reason (like no back ups - whoops
)
Good source of info including analysis and removal tools
is
Hope this helps
Problem is - if your machine has been compromised by Nimda
it opens many backdoors to attackers. You can remove Nimda by using a virus scanner or the tools at various sites but your server has been effectively open to attack and who knows what may have been done to it.
IMHO a server should be rebuilt unless you have a very good reason (like no back ups - whoops
)Good source of info including analysis and removal tools
is
Hope this helps
-
1
- #7
But it should be pointed out that the root.exe was created by the Codered virus and used as a backdoor by Nimda.
Seriously the virus does many things and to maintain integrity you would need to check every file. There are variants around already -so looking for certain files and deleting certain reg entries is not going to give you a clean system - you should use one of the removal tools if you do go down this route.
Remember to patch server as well - Nimda is still active and probing the network (although I think CodeREd ceased on Oct1)
Seriously the virus does many things and to maintain integrity you would need to check every file. There are variants around already -so looking for certain files and deleting certain reg entries is not going to give you a clean system - you should use one of the removal tools if you do go down this route.
Remember to patch server as well - Nimda is still active and probing the network (although I think CodeREd ceased on Oct1)
- Status
Similar threads
- Locked
- Question