Nimda

[Nieylana]

Hey,

My windows xp installation recently has created a random Nimda user on my computer, i'm aware that the Nimda.A virus is supposed to do this by enabling the guest account and then renaming it and adding to the Administrator group. What concerns me the most is that i have run multiple Nimda virus scanners/removers and also NOD32, but none have detected the Nimda virus on my computer.... what am i supposed to do?

Also, i've done some looking online about the nimda virus, and it says to look for specific files in certain locations, these files also are not present on my XP Installation, but the account keeps re-appearing... any help would be appreciated

EDIT: Also, is format-reload the only true option here?

Edited January 27, 2009 by Nieylana

[unix]

I would recommend to format the machine and reinstall everything.

The problem is, that although an av-program doesnt recognize a virus, it doesnt mean that there isnt one. Maybe its another virus with the same name or, which is more common, another subversion of the virus which is not yet known.

If there is something mysterious on your machine you are not aware of, such as the account you mentioned (when it is always reapearing the case is quite clear in my opinion) , dont hesitate to format everything.

Even if it gets recognized by an av, you dont know for sure if really everything was deleted or not or if the virus did something no one is aware of.

Edited January 27, 2009 by unix

[Nacho_dj]

Hey mate, did you try this one?

http://free.avg.com/virus-removal.ndi-67783

Good luck

Nacho_dj

[Nieylana]

Hey mate, did you try this one?

http://free.avg.com/virus-removal.ndi-67783

Good luck

Nacho_dj

rmnimda.exe doesn't find anything, and stats on the virus/worm state that it adds the guest account to the admin group, mine however stays disabled and a seperate account named nimda appears....

[blackpirate]

hello bro!

so.. look like u are in trouble!

ok! i am not a specialist in virus removal , but you can try scanning with Kaspersky 2009 all hdd!

turn off System Restore first! than make the scan!( only like that i could "kill" a virus on my pc )

i hope that will help!

BR,

BP

[Nacho_dj]

Another link, I don't know if you have tried this before:

http://www.symantec.com/security_response/writeup.jsp?docid=2001-091923-0344-99

Let's see how it goes...

Cheers

Nacho_dj

[Nieylana]

Another link, I don't know if you have tried this before:

http://www.symantec.com/security_response/writeup.jsp?docid=2001-091923-0344-99

Let's see how it goes...

Cheers

Nacho_dj

@Nacho_dj, i have tried that to, shows nimda is not present....

@BlackPirate, everytime i turn on Kaspersky 2009 it says that the DB is outdated and needs to update, but will not update the file, and my internet stops working... when i close it says i have 1000+ network connections that will be terminated yada yada...

[Nacho_dj]

Many times there is a not much difficult way of deleting virus from your machine, although it doesn't work always.

Try booting your machine in Test Mode. Then open a task manager and kill the suspicious processes.

Go to windows\system32 folder and sort by date. If you find any recent executable with a small size, get all the info about it. If it is not a system file or it is a suspicious one, rename it to .bak (I would delete it, but better don't erase anything).

Go to Execute and type regedit, then enter.

Go to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Delete all entries.

Go to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Delete all entries.

In your folders, go to:

Documents and Settings

Then for every configured account/folder, go to:

Programs\Start

Delete all entries.

Delete all temp files for each user too.

Then restart your machine...

If it keeps failing, there is the option of booting with the last good Windows configuration...

Cheers

Nacho_dj

[ahmadmansoor]

Hi ...

I think u have to load ur hard disk useing PE windows ...but before that ....do this :

1- run msconfig and see which programs r loaded write it on paper ( or if u suspect in any of programs ) .so try to know the path this is necessary ...

2-restart ur pc load it on PE windows (PE=Windows Preinstallation Environment Technical)

u can use this link if u like to download Windows XP SP2 PE Mini CD Edition:

http://rapidshare.com/files/126342329/W_PE...l.NeT.part1.rar

http://rapidshare.com/files/126341133/W_PE...l.NeT.part2.rar

3-u can use the anti virus which inside it or u can use the Nimda removable which is on Symantic or use the CD boot which given by Symantic to to make scan and to be update or use Avira the Free one with update ( use the portable one and put it on usb flash then use it to scan ur hard disk)

3- open ur C:\ and be sure that the r no Autorun.ini file which could load the virus or any bat file ( all of them has attribute hidden and system attribute ) , and be sure from other drivers D:\ E:\ ....

4-if not work just tell me then i will log to ur PC..and fix the problem , just PM me with ur Email.

Edited January 28, 2009 by ahmadmansoor

[ala_borbe]

Download SmitFraudFix (juct google, its free), and Combofix (also free), and reboot in safe mode and scan with both... they remove all kind of spyware, rootkits and such stuff... after that install Kaspersky and scan the machine....

There is also SpyBot Search And Destroy wich is also good for this situations

hope this helps (try also HiJackThis to remove stuff from autorun list - best tool i ever used)

Edited January 28, 2009 by donny

[alien_fx_fiend]

http://www.bootdisk.com/utility.htm try avast its free and highly recommended by me

I use Hex Editor Neo from http://insanerealm.com for reversing apps

I'm looking for programmers to collaborate with email me at total_annihilationx666v@yahoo.com if you're interested in computer science and other high tech top secret stuff

Edited June 3, 2009 by alien_fx_fiend