Access the Windows Registry by following the steps below: 7 Click of the Windows Start button. 7 Select the option Run... 7 Write REGEDIT.COM and click on OK. Follow the steps below in order to locate a specific entry in the Registry: o Click on the + sign next to the folder HKEY_CLASSES_MACHINE. o Click on the + sign next to the subfolder Software. o Click on the + sign next to the subfolder Microsoft. o Click on the + sign next to the subfolder Windows. o Click on the + sign next to the subfolder CurrentVersion. o Click on the + sign next to the subfolder Network. o Click on the + sign next to the subfolder LanMan. o Select the subfolder of the drive that is not shared and delete it. In order to completely eliminate the W32/Nimda virus from your computer, it is also necessary to follow the steps below. However, before doing so, make sure that your computer displays all hidden files. This means doing the following: 7 In computers with the following operating system: Windows 95/98/NT/2000Pro: o Click on Start. o Select Programs. o Select Windows Explorer. o Then select the View option. o Click on Options. o Finally check the option Show all files. 7 If you have Windows Me installed: o Click on Start. o Select Programs. o Select Windows Explorer. o Then select the Tools option. o Click on Options. o Finally check the option Show all files. Once this has been done, your computer will show all files that could have been hidden. This is important with respect to the file searches indicated below. 1. Firstly access the file System.ini. This file is located in the Windows directory. You must run the file by double clicking on it. Once in this file you should modify the following line: shell=explorer.exe load.exe -dontrunold by removing the following: load.exe -dontrunold. 2. Next, it is necessary to delete the virus files. In this case, the file LOAD.EXE should be deleted. Follow the steps below to delete this file: o Click on Start. o Select Find - Files or Folders. o Write the name of the file in the Name field . o The Look in option allows you to select the drive in which to perform the search. o Finally click on Find now. o Once you have found the files, you'll have to delete them. To do this, click on the file using the right mouse button and select the option Delete. 3. Then it would be interesting to delete all the temporary files that the virus generates in the TEMP folder. Follow the steps below to do that: o Click on Start. o Select Find - Files or Folders. o Type the names of the temporary files with the following format: MEP*.TMP and MEP*.EXE in the Name tab. o The option Look in allows you to select the TEMP folder in the Windows directory. o Finally, press the button Find Now. o Once the files have been found it will be necessary to delete them. To do this right-click on the file and select the Delete option. Users are also advised to update the Internet Explorer 5.01 y 5.5 at the following addresses: Internet Explorer 5.01 http://www.microsoft.com/windows/ie/download/critical/q295106/default.asp Internet Explorer 5.5 http://www.microsoft.com/windows/ie/download/critical/q299618/default.asp Servers with IIS installed should update at the following addresses: IIS 4.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32061 IIS 5.0 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32011 Once these steps have been carried out, the virus will be neutralized. If you wish to disinfect the computer update your antivirus and carry out a full scan of your system. -- Navin Parwal MCSE ,CIW , CCNP, CCDP , CCIE(written) /************ We learn from experience that we never learn from experience. George Bernard Shaw (1856 - 1950) ************ / Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=20646&t=20646 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
