Nimda.A and E

[kdub2000]

I had both Nimda A and E hit an W2K and E2K server (one box). I've run NAI removal tools and applied patches from Microsoft, but I still have two files (both .DLL) that are still corrupt.

Unfortunately one is ADMIN.DLL and I cannot get it cleaned, or moved. Is there anything I can do to get rid of the Nimda virus that isn't too drastic?

 

[AVChap]

Have you tried the stand-alone removers? It works most of the time.

AVChap

 

[kdub2000]

I haven't...I'll locate some and try to see if they work.
Thanks

 

[AVChap]

Check on this link to download McAfee's stand-alone remover for Nimda & Funlove.

http://download.nai.com/products/mcafee-avert/nfrvscan.zip

Hope this helps.

AVChap

 

[kdub2000]

AVChap,

Thanks...I've downloaded it and ran it...it took me a few tries to get all of the corrupt files fixed or deleted. But it worked.

Thanks again,
kdub

 

[c0i0nes]

Looking at this forum, Nimda died down after it's initial release and massive replication in September, and has reappeared this March as a mixed Nimda A and E infection. This is proving more tricky than six months ago, and with huge volumes of 30 Gb upwards, the time taken to sweep them clean is not trivial.
Does anyone have a good firewall solution to stop Nimda being written to shared disks on a network? In particular, one with Linux and Macintosh shared volumes as well as PCs running various WinOSes. Linux and Mac OSes have poor AntiWinVirus support, and can harbour Nimda, the only harm done is the disk filling up with viral junk.

 

[lmcny]

I had an infected workstation NimdaE, I tried the removal utility, still had a ton of infected windows system files, and it toasted Microsoft Office. I had to reformat and reinstall everything. Happy Happy

 

[Guest_imported]

please my pc is virüses

 

[Guest_imported]

c0h0nes: I use BlackICe Defender on my network, and it has eliminated every nimda attack thusfar. I just wish the place I worked at would spend the money, so I could do real work, and not viral elimination.

 

[paulwood]

c0h0nes,

I've just set up SmoothWall firewall on a redundant pc, this is a free hardened Linux distribution which can also act as a proxy and dhcp server. Initial impressions are favourable once I got a few gotcha's sorted out, may not be what your after though since it works at the entry point to the network. It's a little over the top, but to do what I think you are suggesting would need a firewall on each workstation. Zonealarm still do a free version.

 

[c0i0nes]

Thanks fishies and paulwood, like last September, Nimda now seems to have calmed down. All the PCs here have now been patched with their various windows updates. I think a firewall proxy / NAT server will be the way I shall have to go.