Get rid of Nimda 1

[Vec]

I have tried every patch, fix, clean up, and magical Nimda potion I can find. I started with the big names, using Symantics Nimda removal tool etc, all to no avail. I tried following manual removal instructions, replacing Riched32.dll etc etc etc!!
The @#%*! .eml and .nws files keep re-spawning all over the machine. I would love to get my hands around the young pimply faced kid who created this virus.

Anyone have any insight? And please only proven answers, I have tried at east 15 different ways already, if you have a way that you know works because you used it I would be glad to hear it.(Short of formatting of course)

-

Looking Toward The Future

http://www.webfusiondesign.com

 

[Luckyfour]

Have a look on this site at General Virus Discuss as there is considerable information on the Nimda virus (see recent Nimbda question).

 

[smitee]

Vec

You have my sympathy...Removed Nimda a couple of times from this and other machines....

Try this....site, I suggest you read whole article....!

http://www.europe.f-secure.com/v-descs/nimda.shtml

BTW...the dropper is Riched20.dll not Riched32.dll...See how many you have on your system...but best read the whole article at above site...Lots of free cleaners on web...if left to long clean and reload necessary..

Look for these on the web. Symantec has a free cleaner but as usual must be run from command prompt.

CleanNimda.exe
DEACTIGUEST.BAT
ACTIGUEST.BAT

Good Luck

smitee

 

[KarveR]

A very thorough insight into Nimda and its variants as provided by NAI.

Also provided are removal instruction (very thorough and they do work if you follow them)

Also they provide a nimda removal tool (free - when I got mine and this too works perfectly.)

After having a network hit with nimda I talk from experience and overtime.
(And we don't even run any IIS or OUTLOOK products.) ***************************************
Party on, dudes!

 

[KarveR]

guess it also helps to post the link .. glad I'm off to bed now ....

/hides

http://vil.nai.com/vil/content/v_99209.htm#VirusChar

***************************************
Party on, dudes!

 

[IMRevbudgreen]

Nimda is Vicious. Bite the bullet. Back up all data to a different hard drive. Perform a clean install of your OS, then install a GOOD IE: NOT Norton or McAfee anti-virus program on your computer. Do all updates for AV software, and then connect your data drive (Remember it still has nimda on it). Scan the drive and clean any viruses found. Viruses in mail databases will be harder to clean and require more in-depth description. After cleaning, copy data back onto your c: drive as needed.
PEACE Not All Who Wander Are Lost

 

[Vec]

Thanks for the info, but I already knew how to get rid of it that way.

Note original post: "Short of formatting"

-

Looking Toward The Future

http://www.webfusiondesign.com

 

[IMRevbudgreen]

I saw the 'short of formatting'. Thats why I wrote 'bite the bullet'. In the time you have taken to get this far and try all the patches and fixes you have probably already installed (with limited success, I imagine), you could have done the backup, format, clean and be weel on the way to getting back on track. My point is, when you are dealing with a Network-Centric virus like Nimda, do the most secure repair.

PEACE Not All Who Wander Are Lost

 

[dragon99]

remove your share on the hard drive

 

[KarveR]

Nimda creates its own shares.

Follow the NAI instruction and you wont have to format or reinstall anything.

***************************************
Party on, dudes!

 

[ShadowGrafix]

well i learned something here.....not quite how to add a siggy but thats kewl.....i hate that dirty (admin) virus...

http://4.40.26.251/dubiesigdf2.jpg

http://4.40.26.251/anihemp.gif