Somebody help me!!!


Established Member
Hey guys,

I CAN'T GET RID OF THE GODDAM NIMDA VIRUS!! And I if I forget you can kiss my ftp good bye cuz I'm never going to re rip everything. I've been using this program by Symantec that finds the virus, deletes all the *.eml files, but then everything's back when I reboot. What should I do? Any advice...
If you (or the tool) haven't, do the following:

- Update Internet Explorer. One of the primary reasons this virus gets spread is due to a really, really, stupid error in IE.

- If you're running it, update IIS.

- Replace all copies of riched20.dll and mmc.exe with known good versions, preferably from your Windows install disc.

- Open up c:windowssystem.ini and look at the "shell" variable. If it reads:

Shell = explorer.exe load.exe -dontrunold

then change it to:

Shell = explorer.exe

and delete c:windowssystemload.exe

- Make sure you've got the right removal tool - according to Symantec, there are two common versions of W32.Nimda, for which seperate removal tools exist.
get a decent virus scanner trial version. most importantly, scan all html files on your pc (there's a bunch, like manuals, windows pages, etc), as they contain it too and tend to re-infect you.