Has anyone gotten this? I think I got it from www.messageaccess.com, which provides free voicemail and internet call notification. I use Kaspersky AVP and discovered I was infected. I disinfected my entire system, but my system(win 2000) still seem sluggish. Has anyone else contracted this virus and how did you remove it?
Hey pimp, There was another thread about this a few days ago. I don't know how to search for it though.. Maybe Jeff could help.
I feel kind of bad to say it, but a colleague of mine (extremely good programmer) wrote a paper about a month ago EXACTLY describing how Nimda would come and how it would have to be programmed... I am wondering if those people used his "instructions"...
The virus hit our company yesterday. Here is an account of what I found on my system. Others around me started to complain of unusual activity. Some machines hit were being affected noticeably. Others, like mine, I didn't even notice, but the virus was using it to spread itself. Just by chance I noticed several instances of "cmd" and "tftp" in the task manager that the virus was using to spread itself. Search your system for these files and delete: readme.eml mep*.* readme.exe Also, I found the virus attached to and/or replacing dll's and exe's and also .html, .htm, .asp, etc. all over my system. I just deleted and replaced (from clean machines) what was infected since it never hit anything critical to my system operation. Search for any file containing the string "readme.eml" and, if found, you will notice a similar binary section embedded in each file located in your search. Also, the "guest" account on my machine was added to the administrators group. I uninstalled IIS 5 from my machine (which I just use for development) because the virus used IIS to get to my machine, but when I reinstall it I will apply all of the latest IIS security patches from MS. I've since updated and run mcafee viruscan software. BTW, this software was able to clean up our servers where you couldn't just start deleting all the infected files. Hope this helps.
Our access to the Internet has been taken down at my workplace because this virus has already affected some of our offices over seas. Supposedly, the main corporate IT group are trying to isolate it and we might have Internet access again on Monday. This virus must be a really bad one.
It's like the Virus All-Stars. Combine Code-Red with one of those mailer worms & add in a little bit of SirCam and there you have it. Not particularly inovative but really effective. It's really nasty if you have a SBS type setup with Exchange, IIS, and Domain Controller on 1 system.
