Q

Corruption of RAID drivers by Nimda

One of my NT servers that was Nimda compromised will no longer boot. I know it was compromised because I watched it (via a sniffer) tftp the admin.dll file from an external source.

Is it possible that during the modifications of the .exe files that Nimda does, that it could have corrupted my RAID drivers?
Since the Nimda worm attaches to file, YES, there is a chance either a driver or other support file were prepended with the worm code.

If the server is a Compaq device try and access the RAID information in the BIOs during the System boot. IF the Compaq Utilities still show the RAID device and assoicated hard drives, then the equipment is fine and maybe the software drivers are corrupt. It is best to determine if there is a hardware error first, then software.


This was first published in September 2001

Dig deeper on Disk Encryption and File Encryption

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close