Okay, I have Norton Antivirus Corporate edition on my computers at home. Definitions all up to date and all that jazz.

Problem is, every now and then (can be once a day, or once a week) I get a pop up telling me that an infected file has been discovered and that it was quarantined. The virus is w32.nimda.enc. So I delete the files in quarantine. I do scans of my computers and nothing is turned up, the files just magically appear from time to time on their own.

Anyone know how to prevent that, or where the infected files are coming from? The files that are infected are ones that the virus creates itself, as they never ever are named anything that I would have. It's annoying as hell.

Had similar problem with Seeker virus. One file installs itself, creates infected file, then erases itself. This happens every time you reboot. Pain in the ass, not sure if i ever got rid of it or not.

I too have gotten this, the way I keep getting it is by shared files on the lan... at a friends house he has a computer on the lan that is just all messed up... thing hasnt been formatted/cleaned in years and everything is floating around on it. I have a shared folder sometimes, and if anyone copies out of it or puts something into it, Nimda is all over the shared folder... the only solution I have found is running AVG after someone grabs stuff from my shared folder (AVG is a free virus proggy)... Beyond that, no clue how to take care of it. but, that may be able to shine some light on where the problem is coming from.

Yes, if a computer is infected with Nimda on your LAN, it will try to copy itself into any shares it can. Another computer might be copying nimda into shares on your computer with write access.

Or you may just need to patch your own machine. Nimda can infect older installs w/o your even doing a thing. It randomly generates IP addresses and attempts to infect unpatched servers. Hit up windows update if you havn't.

Norton should detect this, but check to make sure Nimda didn't chnage your system.ini file to contain "load.exe -dontrunold" after your shell= line. (only applies to 9x machines though)

Of course the answer could be as simple as nimda turning up in your email, which happens to just about everyone. I get a bunch of misc virii sent to me from time to time.

All comps (four) on my network are on windows XP, w/ Norton Antivirus, which is totally up to date. So dunno why this shit is still popping up, none of them can detect the source for some reason.

It erases itself when its done copying the infected files...that's why you cant find it. Do a Windows-Find right after rebooting or starting up and you might be able to see it.... Ya gotta know what its called tho :\



Blowth

ok what you do bro is goto www.symantec.com
the virus you have is a greater form of the klez virus and eventually will fuck your comp up

what you do is go to the site search up you virus and download there software it will remove it from ure comp
run it in normal mode if it doesnt go all the way you have to restart ure comp and go into safemode and run it.

also you are probably getting these viruses from kazaa or somthing like that

my aim is demonic0288, so if u have question ask me on there
or u wanna give me MONEY HAHA j/k

Hi, Parak here! In this installment of UselessParakInsights, I bring you the following:


Format.


And that will conclude this installment of UselessParakInsights. Stay tuned to the same URL, same forum, and same username for more UselessParakInsights.



This message was brought to you by our wonderful sponsors vBulletin 2.2.6, Apache/1.3.12 (Unix) PHP/4.0.6 and the TCP/IP Stack.


All rights reserved, copyrights infringed, lawsuits settled, your mileage may vary, call now to reserve your copy, don't wait act now, fast food is bad for you, smoke cigarettes - don't die of old age, time is money, all your base are belong to us.

Format - it's Parak's easy way out of everything! What a cop out!

:P

Hi Drakky! Why so no IRC respond? I miss you much, love long.

http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.removal.tool.html

http://ecusthelp.mcafee.com/cgi-bin/ecust.cfg/php.exe/enduser/std_adp.php?p_sid=luNvXYpg&p_lva=&p_faqid=426&p_created=1010609853&p_sp=cF9ncmlkc29ydD0mcF9yb3dfY250PTImcF9zZWFyY2hfd GV4dD1uaW1kYSZwX3BhZ2U9MQ**&p_li=

It doesn't seem to be the exact filename you're getting, but perhaps one of these methods would work for you.

-Exit

parak is right 100% reformat is teh win !

Just sucks cause I just went through installing Windows XP on 3 computers like 6 weeks ago :/

Homer,
One of the properties of the nimda virus is that it causes antivirus software to work incorrectly. What you need to do is get into your registry editor and search for files named wink*.* The Nimda virus creates files named winkxxx where xxx is random characters.

Once you have delete all files named winkXXX you need to uninstall your antivirus software and reinstall.

The virus can only get into your PC through a security vulenerabity in I.E. 5.5 or lower, or through a LAN connection. I suggest you upgrade to I.E. 6.0.

Hope this helps.

(sorry about my horrible spelling)