Copyright 2001, Rick Macmurchie - September 24, 2001

The 'Nimda' virus/worm.

This is probably the most infectious virus/worm that I've seen yet.

I saw my first nimda infection today, and I expect I'll see a lot more over the next few weeks.

This one is nasty because it is the first Internet Worm to cause infection by first infecting a web server and then sending out the virus to people viewing the web pages from the infected server. Not only that but it exploits a number of other software bugs to infect through e-mail as well.

It can arrive in your e-mail as a message with no subject line and an attachment called readme.exe.

Note: Load the current security patches before opening previewing or deleting any suspect messages (see below) Nimda doesn't seem to do much other than send out infected e-mail right now, like most of the recent e-mail worms, but you should protect yourself now, the next version could cause real damage.

How do tell if you are vulnerable or infected?

Because this virus is being distributed by infected web servers, almost everyone who browses the web will be exposed to this worm sooner or later.

If the above does not apply to you and you've been browsing the Web you may be infected.

How do you protect yourself from nimda?

What to do if you are Infected?

If you are infected, you will need an up to date Anti-Virus program to remove it, and you will probably have to run the scan using the emergency boot disks created by most anti-virus software during installation.

Note: If you are running Windows ME you will need to disable the System Restore function before cleaning the system. Follow these steps to disable the system restore function.

1. Right click the My Computer icon on the Desktop.
2. Click on the Performance Tab.
3. Click on the File System button.
4. Click on the Troubleshooting Tab.
5. Put a check mark next to "Disable System Restore".
6. Click the Apply button.
7. Click the Close button.
8. Click the Close button again.
9. You will be prompted to restart the computer. Click Yes.

Even after you clean the infected files off of your system, there is still more that has to be done to clean up the damage caused by the infection.

There is more detailed information in the McAfee Virus Information Library; type nimda in the 'limit search to' box and click the 'go' button.

The McAfee site also has a special tool for cleaning up nimda at the AVERT Tools Page I haven't tried it yet, but it it may be easier than any other method of cleaning up after nimda. Read the 'Text Instructions' carefully before trying this utility.

If you are not comfortable cleaning nimda off of your system, or installing the security patches yourself, contact a qualified computer service provider.

I can be contacted for help on southern Vancouver Island.

Back to the article IndexBack to the Great White North Home Page

Did the information on this site help you solve a problem?
Consider making a donation to support the site.

Rick Macmurchie
(250) 658-6319

Hit Counter