The Nimda virus has infected my network. Norton Antivirus states that it only is placing the file in quarantine and not cleaning the virus. I also get numerous files with the same name and the suffix .eml on all of my servers. Is there any way I can trace where the virus is coming from? How do I get rid of it completely?
I feel your pain. Here are a few points first before I answer:
Okay, now lets see if I can answer you:
Removing the .eml threat requires patching vulnerable systems, disabling network shares, and using the latest DAT files. It can not be removed manually.
Infected systems must:
- Apply the patches
- Close any network shares prior to cleaning
- Exit any running applications
- Stop a running IIS server
- Scan and clean each drive
- Restore the RICHED20.DLL and MMC.EXE files if they were overwritten by the virus and deleted by the scanner.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.