Ask the Expert

How can I be sure I've really gotten rid of the Nimda virus?

I've got a computer workstation that is affected by the Nimda virus. Once I do a cleanup, how can I make sure that the virus has really been removed? Is monitoring the amount of free space on the hard disk (allowing for the normal fill rate) enough?
The Nimda virus is pretty nasty. The virus works by doing these four things:

1. Activates the Guest account and add it to the Administrators group
2. Shares the C drive will full access to Everyone
3. Disables share-level permissions on all shared directories on the system
4. Modifies several other registry keys and system files

From all reports I've seen, the best way to rid your system from this virus is to reformat the system immediately and reinstall all software from trusted copies. According to Dr. Jesper Johansson, editor of the SANS Windows Digest, "while a 'cleaner' may remove the detritus left by the worm, you have had a system-level compromise of your system. No 'cleaner' is able to remove any additional problems introduced through the backdoors left by the worm. This is a severe measure, but it is the only reasonable course of action after an attack such as this."

Good luck!

This was first published in October 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: