Nimda Virus revisited - wheres it hiding?

Discussion in 'Windows Desktop Systems' started by drdoug26, Oct 8, 2002.

  1. drdoug26

    drdoug26 Guest

    Hi all,

    I hate to dredge this topic up again but you guessed it, its back!
    I posted last week and you all helped me kill it off with Norton AV, and the Nimda Fix Tools.

    I had thought I killed it. After all the scans came back negative I had to reformat and reinstall the OS because it had damaged so many of my sons programs his computer was useless.

    I first ran the old Debug program over the disk then I partitioned the disk into two parts. A 4 gig for the OS, 16 gigs for the files (photos, music, apps) and a 1 gig for the Page File.

    I did a full format on the 4 gig BUT BUT BUT only a 'Quick format' on the other 17 gigs.

    I loaded new programs (photo 7, acrobat, winRAR, Office2002, ACDsee 5.0, Norton AV corp, Trojan Killer, maybe a few more).

    I updated Norton but did not scan the computer.

    Well my son DID NOT even get a chance to load ANY of his old data. The next day Norton detected the dreaded Nimda Virus again (250 infected files) at his second sitting at the computer!

    What did I do wrong and where did this come from? Is it because I failed to do a full format of all the disk? I also did not replace the MBR. Was this it? Its not the web sites for I check all the three sites he visited with an old machine and it was fine.

    All I can figure is the ‘Quick format’ I did on the Page file partition and the Data partition left some remnants of NIMDA. If that’s true then why didn’t the ‘Nimda fix tool’ work to kill that virus?

    Please, any ideas would be greatly appreciated.

    I've already started the reformat process again but this time I'm formatting the entire disk. I'll partition it later.



    OS: winxp corp, w/ Norton AV corp (7.61.930)
  2. laptop

    laptop Guest

    Sorry to hear this Doug, what a mess to deal with
    (as if you don't need me to tell you that )

    Stealing or changing passwords or password files
    Installing remote-connectivity host software, also known as backdoors
    Installing keystroke-logging software
    Configuring of firewall rules
    Stealing of credit card numbers, banking information, personal data, and so on
    Deletion or modification of files
    Sending of inappropriate or even incriminating material from a customer's email account
    Modifying access rights on user accounts or files
    Deleting information from log files to hide such activities

    If you need to be certain that your organization is secure, you must reinstall the operating system, and restore files from a backup that was made before the infection took place, and change all passwords that may have been on the infected computers or that were accessible from it. This is the only way to ensure that your systems are safe.

    More info. here: