Jump to content
Tuts 4 You

Nimda


Nieylana

Recommended Posts

Hey,

My windows xp installation recently has created a random Nimda user on my computer, i'm aware that the Nimda.A virus is supposed to do this by enabling the guest account and then renaming it and adding to the Administrator group. What concerns me the most is that i have run multiple Nimda virus scanners/removers and also NOD32, but none have detected the Nimda virus on my computer.... what am i supposed to do?

Also, i've done some looking online about the nimda virus, and it says to look for specific files in certain locations, these files also are not present on my XP Installation, but the account keeps re-appearing... any help would be appreciated

EDIT: Also, is format-reload the only true option here?

Edited by Nieylana
Link to comment

I would recommend to format the machine and reinstall everything.

The problem is, that although an av-program doesnt recognize a virus, it doesnt mean that there isnt one. Maybe its another virus with the same name or, which is more common, another subversion of the virus which is not yet known.

If there is something mysterious on your machine you are not aware of, such as the account you mentioned (when it is always reapearing the case is quite clear in my opinion) , dont hesitate to format everything.

Even if it gets recognized by an av, you dont know for sure if really everything was deleted or not or if the virus did something no one is aware of.

Edited by unix
Link to comment
Hey mate, did you try this one?
http://free.avg.com/virus-removal.ndi-67783

Good luck

Nacho_dj

rmnimda.exe doesn't find anything, and stats on the virus/worm state that it adds the guest account to the admin group, mine however stays disabled and a seperate account named nimda appears....

Link to comment

hello bro! ;)

so.. look like u are in trouble! :(

ok! i am not a specialist in virus removal , but you can try scanning with Kaspersky 2009 all hdd!

turn off System Restore first! than make the scan!( only like that i could "kill" a virus on my pc )

i hope that will help!

BR,

BP

Link to comment

Another link, I don't know if you have tried this before:

http://www.symantec.com/security_response/writeup.jsp?docid=2001-091923-0344-99

Let's see how it goes...

Cheers

Nacho_dj

Link to comment
Another link, I don't know if you have tried this before:
http://www.symantec.com/security_response/writeup.jsp?docid=2001-091923-0344-99

Let's see how it goes...

Cheers

Nacho_dj

@Nacho_dj, i have tried that to, shows nimda is not present....

@BlackPirate, everytime i turn on Kaspersky 2009 it says that the DB is outdated and needs to update, but will not update the file, and my internet stops working... when i close it says i have 1000+ network connections that will be terminated yada yada...

Link to comment

Many times there is a not much difficult way of deleting virus from your machine, although it doesn't work always.

Try booting your machine in Test Mode. Then open a task manager and kill the suspicious processes.

Go to windows\system32 folder and sort by date. If you find any recent executable with a small size, get all the info about it. If it is not a system file or it is a suspicious one, rename it to .bak (I would delete it, but better don't erase anything).

Go to Execute and type regedit, then enter.

Go to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Delete all entries.

Go to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Delete all entries.

In your folders, go to:

Documents and Settings

Then for every configured account/folder, go to:

Programs\Start

Delete all entries.

Delete all temp files for each user too.

Then restart your machine...

If it keeps failing, there is the option of booting with the last good Windows configuration...

Cheers

Nacho_dj

Link to comment

Hi ...

I think u have to load ur hard disk useing PE windows ...but before that ....do this :

1- run msconfig and see which programs r loaded write it on paper ( or if u suspect in any of programs ) .so try to know the path this is necessary ...

2-restart ur pc load it on PE windows (PE=Windows Preinstallation Environment Technical)

u can use this link if u like to download Windows XP SP2 PE Mini CD Edition:

http://rapidshare.com/files/126342329/W_PE...l.NeT.part1.rar

http://rapidshare.com/files/126341133/W_PE...l.NeT.part2.rar

3-u can use the anti virus which inside it or u can use the Nimda removable which is on Symantic or use the CD boot which given by Symantic to to make scan and to be update or use Avira the Free one with update ( use the portable one and put it on usb flash then use it to scan ur hard disk)

3- open ur C:\ and be sure that the r no Autorun.ini file which could load the virus or any bat file ( all of them has attribute hidden and system attribute ) , and be sure from other drivers D:\ E:\ ....

4-if not work just tell me then :ph34r: i will log to ur PC..and fix the problem , just PM me with ur Email.

Edited by ahmadmansoor
Link to comment

Download SmitFraudFix (juct google, its free), and Combofix (also free), and reboot in safe mode and scan with both... they remove all kind of spyware, rootkits and such stuff... after that install Kaspersky and scan the machine....

There is also SpyBot Search And Destroy wich is also good for this situations

hope this helps (try also HiJackThis to remove stuff from autorun list - best tool i ever used)

Edited by donny
Link to comment
  • 4 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...