: How to remove Nimda from NT Server without a reload
I've had one server infected. Other than the description below, I used
NAI's removal-tool with no problems. It can be found at
http://vil.nai.com/vil/virusSummary.asp?virus_k=99209 (may be wrapped)
under the heading "Stand-alone rem
>>but when i try to kill it with task manager
>>it says access denied...
Embrace the command line.
Killing processes is MUCH easier, from the command line.
http://www.ultratech-llc.com/KB/?File=Processes.TXT
PSTOOLS are among the best utilities for this...
Also, see the AV vendors for free
I've had one server infected. Other than the description below, I used
NAI's removal-tool with no problems. It can be found at
http://vil.nai.com/vil/virusSummary.asp?virus_k=99209 (may be wrapped)
under the heading "Stand-alone removal tool".
The server was booted in between each step, the whole
I'm in the middle of an all-nighter killing this thing, I'll tell you
what is working for me (you need to be at the console):
Delete Admin.dll and all TFTP* files from %driveletter%\Inetpub\scripts
Stop and disable the server service
Reboot
Apply IIS cumulative patch
Reboot
Apply hotfixes for eith
When you can't stop a process from the task manager try the reskit tool
kill.exe. Can also try the -f option to force a kill. You can kill by
process ID, process name, or wildcard. My cleaning batch file does a 'kill
mmc.exe' and 'kill mep'. Another worm executable will be call
'mep???.txt.exe
September 2001 11:29 AM
To: NT System Admin Issues
Subject: RE: How to remove Nimda from NT Server without a reload
I heard from another list the Trend Micro has a new tool that removes
and corrects. CERT indicates there is no receovery.
Which way to go?
Steve Clark
Clark Systems Support, LLC
ember
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax
-Original Message-
From: Matthew Western [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 10:35 PM
To: NT System Admin Issues
Subject: RE: How to remove Nimda from NT Server without a reload
i'
001 11:29 AM
To: NT System Admin Issues
Subject: RE: How to remove Nimda from NT Server without a reload
I heard from another list the Trend Micro has a new tool that removes and
corrects. CERT indicates there is no receovery.
Which way to go?
Steve Clark
Clark Systems Support, LLC
AVIEN
I heard from another list the Trend Micro has a new tool that removes and
corrects. CERT indicates there is no receovery.
Which way to go?
Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax
-Original Message-