The Nimda virus has infected my network. Norton Antivirus states that it only is placing the file in quarantine...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
and not cleaning the virus. I also get numerous files with the same name and the suffix .eml on all of my servers. Is there any way I can trace where the virus is coming from? How do I get rid of it completely?
I feel your pain. Here are a few points first before I answer:
Okay, now lets see if I can answer you:
Removing the .eml threat requires patching vulnerable systems, disabling network shares, and using the latest DAT files. It can not be removed manually.
Infected systems must:
- Apply the patches
- Close any network shares prior to cleaning
- Exit any running applications
- Stop a running IIS server
- Scan and clean each drive
- Restore the RICHED20.DLL and MMC.EXE files if they were overwritten by the virus and deleted by the scanner.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.