Q

Corruption of RAID drivers by Nimda

One of my NT servers that was Nimda compromised will no longer boot. I know it was compromised because I watched it (via a sniffer) tftp the admin.dll file from an external source.

Is it possible that during the modifications of the .exe files that Nimda does, that it could have corrupted my RAID drivers?
Since the Nimda worm attaches to file, YES, there is a chance either a driver or other support file were prepended with the worm code.

If the server is a Compaq device try and access the RAID information in the BIOs during the System boot. IF the Compaq Utilities still show the RAID device and assoicated hard drives, then the equipment is fine and maybe the software drivers are corrupt. It is best to determine if there is a hardware error first, then software.


This was last published in September 2001

Dig Deeper on Disk Encryption and File Encryption

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close