Problem solve Get help with specific problems with your technologies, process and projects.

How can I be sure I've really gotten rid of the Nimda virus?

I've got a computer workstation that is affected by the Nimda virus. Once I do a cleanup, how can I make sure that the virus has really been removed? Is monitoring the amount of free space on the hard disk (allowing for the normal fill rate) enough?
The Nimda virus is pretty nasty. The virus works by doing these four things:

1. Activates the Guest account and add it to the Administrators group
2. Shares the C drive will full access to Everyone
3. Disables share-level permissions on all shared directories on the system
4. Modifies several other registry keys and system files

From all reports I've seen, the best way to rid your system from this virus is to reformat the system immediately and reinstall all software from trusted copies. According to Dr. Jesper Johansson, editor of the SANS Windows Digest, "while a 'cleaner' may remove the detritus left by the worm, you have had a system-level compromise of your system. No 'cleaner' is able to remove any additional problems introduced through the backdoors left by the worm. This is a severe measure, but it is the only reasonable course of action after an attack such as this."

Good luck!

This was last published in October 2001

Dig Deeper on Network intrusion detection and prevention and malware removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.