Ask the Expert

Corruption of RAID drivers by Nimda

One of my NT servers that was Nimda compromised will no longer boot. I know it was compromised because I watched it (via a sniffer) tftp the admin.dll file from an external source.

Is it possible that during the modifications of the .exe files that Nimda does, that it could have corrupted my RAID drivers?

    Requires Free Membership to View

Since the Nimda worm attaches to file, YES, there is a chance either a driver or other support file were prepended with the worm code.

If the server is a Compaq device try and access the RAID information in the BIOs during the System boot. IF the Compaq Utilities still show the RAID device and assoicated hard drives, then the equipment is fine and maybe the software drivers are corrupt. It is best to determine if there is a hardware error first, then software.


This was first published in September 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: