Q

Files changed by Nimda

Is the Nimda worm destructive to data and/or program files? We have noticed that the attack replicates existing filenames with the extensions *.eml, *.nws and riched20.dll in every directory on an infected system (or infected share). Are the original files being deleted, or are these replicated files simply copies? The Nimda-created files don't appear in the original directory, they appear to be placed randomly on the share.


Nimda has caused original files to be hidden and renamed with the _ (underscore) character in front of them, similar to a companion virus infection. Some users report that EXE files have been corrupted on infection.

While Nimda does not seem to be deliberately damaging, it still has the potential to cause many problems.


This was last published in September 2001

Dig Deeper on Malware, Viruses, Trojans and Spyware

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close