Q

How can I be sure I've really gotten rid of the Nimda virus?

I've got a computer workstation that is affected by the Nimda virus. Once I do a cleanup, how can I make sure that the virus has really been removed? Is monitoring the amount of free space on the hard disk (allowing for the normal fill rate) enough?
The Nimda virus is pretty nasty. The virus works by doing these four things:

1. Activates the Guest account and add it to the Administrators group
2. Shares the C drive will full access to Everyone
3. Disables share-level permissions on all shared directories on the system
4. Modifies several other registry keys and system files

From all reports I've seen, the best way to rid your system from this virus is to reformat the system immediately and reinstall all software from trusted copies. According to Dr. Jesper Johansson, editor of the SANS Windows Digest, "while a 'cleaner' may remove the detritus left by the worm, you have had a system-level compromise of your system. No 'cleaner' is able to remove any additional problems introduced through the backdoors left by the worm. This is a severe measure, but it is the only reasonable course of action after an attack such as this."

Good luck!

This was first published in October 2001

Dig deeper on Network intrusion detection and prevention and malware removal

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close