Nimda Removal Tool 2.0.5

  • Last update: 26 Jun 2006
  • License: Freeware
  • Size: 457KB
  • Downloads: 20295

Symantec has provided a fixtool to remove infections of W32.Nimda.A@mm.

Its main goal is simply to spread over the Internet and Intranet, infecting as many users as possible and creating so much traffic that networks are virtually unusable.

What is Nimda :

There are several variants of W32.Nimda in general circulation. Two of the most common are:
· W32.Nimda.A@mm
· W32.Nimda.E@mm

This worm virus infects using several methods including: mass-mailing, network share propagation, the Microsoft Web Folder Transversal vulnerability (also used by W32/CodeBlue), and a Microsoft incorrect MIME Header vulnerability. It also attempts to create network shares, and utilize the backdoor created by the W32/CodeRed.c worm


· Presence of the files C:\ADMIN.DLL, D:\ADMIN.DLL, and E:\ADMIN.DLL
· Presence of many .EML files with the same name (typically README.EML or DESKTOP.EML)
· Surprisingly open network shares

Features of Symantec Nimda Removal Tool:

· Terminates all processes associated with the virus.
· Terminates Explorer.exe process and relaunches it. The virus injects itself into Explorer.exe which makes this step necessary. Because of this, you may see the desktop flash (this is expected behavior).
· Detects all types of W32.Nimda.A@mm infections. Repairs those files that can be repaired. Deletes .eml, .nws, .doc and .txt files that have been detected as infected.

See more details here.

Rating: None 0 (votes) Comments:

write comment all comments