W32/Nimda.A@mm

Download VIRUSfighter NOW
W32/Nimda.A@mm Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 9/19/2001 • Type: Backdoor, Virus, Worm
• Virus characteristics first published: 9/19/2001 • Spreading mechanism: Email, Network, Webpage
• Virus characteristics latest update: 8/29/2005 • Overall risk: High
• Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista  

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal
  • Update your antivirus product

  • Download available patches and fixes

  • Disconnect your LAN from the Internet

  • Disconnect all infected PC's from your server/LAN. Start with the server(s).

  • Open "sysedit" from "Start | Run", and find the line Shell=Explorer.exe LOAD.EXE -dontrunold in the SYSTEM.INI file.

    Change this to Shell=Explorer.exe

  • Reboot the computer.

  • Open a DOS-window, and write

    attrib -s -h c:\winnt\system32\load.exe (Win2k/WinNT)

    or

    attrib -s -h c:\windows\system\load.exe (Win95/98/ME)

  • Scan all files on all drives. Delete infected files.

  • If disks have been shared out, "unshare" them.

  • Replace the file Riched20.dll with a clean copy from backup or a clean computer.

  • Scan all PCs once more to ensure that they have not been reinfected.

  • Connect the PCs to the network when they are clean - one at a time as they are confirmed to be clean.

  • Connect your LAN to the Internet


For IIS users:


If you are running Internet Information Server (IIS), please make absolutely certain that there is no backdoor installed. The NT/CodeRed.C worm installs a backdoor, which is used by Nimda to spread. If this backdoor exists, cleaning and patching up the machine with the latest patches will be in vain.

Microsoft has released an utility to remove the obvious effects of this backdoor:
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/tools/redfix.asp
# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter