• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Nimda Virus revisited - wheres it hiding?



Hi all,

I hate to dredge this topic up again but you guessed it, its back!
I posted last week and you all helped me kill it off with Norton AV, and the Nimda Fix Tools.

I had thought I killed it. After all the scans came back negative I had to reformat and reinstall the OS because it had damaged so many of my sons programs his computer was useless.

I first ran the old Debug program over the disk then I partitioned the disk into two parts. A 4 gig for the OS, 16 gigs for the files (photos, music, apps) and a 1 gig for the Page File.

I did a full format on the 4 gig BUT BUT BUT only a 'Quick format' on the other 17 gigs.

I loaded new programs (photo 7, acrobat, winRAR, Office2002, ACDsee 5.0, Norton AV corp, Trojan Killer, maybe a few more).

I updated Norton but did not scan the computer.

Well my son DID NOT even get a chance to load ANY of his old data. The next day Norton detected the dreaded Nimda Virus again (250 infected files) at his second sitting at the computer!

What did I do wrong and where did this come from? Is it because I failed to do a full format of all the disk? I also did not replace the MBR. Was this it? Its not the web sites for I check all the three sites he visited with an old machine and it was fine.

All I can figure is the ‘Quick format’ I did on the Page file partition and the Data partition left some remnants of NIMDA. If that’s true then why didn’t the ‘Nimda fix tool’ work to kill that virus?

Please, any ideas would be greatly appreciated.

I've already started the reformat process again but this time I'm formatting the entire disk. I'll partition it later.



OS: winxp corp, w/ Norton AV corp (7.61.930)


Sorry to hear this Doug, what a mess to deal with
(as if you don't need me to tell you that )

CAUTION: Once a computer has been attacked by W32.Nimda.E@mm, it is possible that the system has been accessed remotely by an unauthorized user. For this reason it is impossible to guarantee the integrity of a system that has had such an infection. The remote user could have made changes to the system, including but not limited to the following:
Stealing or changing passwords or password files
Installing remote-connectivity host software, also known as backdoors
Installing keystroke-logging software
Configuring of firewall rules
Stealing of credit card numbers, banking information, personal data, and so on
Deletion or modification of files
Sending of inappropriate or even incriminating material from a customer's email account
Modifying access rights on user accounts or files
Deleting information from log files to hide such activities

If you need to be certain that your organization is secure, you must reinstall the operating system, and restore files from a backup that was made before the infection took place, and change all passwords that may have been on the infected computers or that were accessible from it. This is the only way to ensure that your systems are safe.

More info. here:


Members online

No members online now.

Latest posts

Latest profile posts

Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
What a long strange trip it's been. =)

Forum statistics

Latest member