|
Subscribe
to Virus Alert 
|
Win32/Nimda.A Worm
Nimda is a mass mailing email worm. This
worm will infect Windows systems as well as computers installed with IIS
servers. Nimda also spreads over network shares. The worm arrives with a random subject carrying an invisible attachment readme.exe. The content of the mail will be blank. When the infected mail is opened or previewed under Microsoft Outlook or Microsoft Outlook Express, the worm gets activated and tries to propagate in different modes. The worm copies itself into Windows System folder as LOAD.EXE. Later on the worm modifies SYSTEM.INI by adding a line Shell=explore.exe load.exe -dontrunold to activate itself during next windows startup. It copies itself as ADMIN.DLL under root of windows installed drive. The worm then modifies .HTM, .HTML., and .ASP files on the local drives with JavaScript that causes readme.eml, created by the worm to be loaded by Internet Explorer(ver. 5.1 or above) and Outlook Express. The worm overwrites MMC.EXE with itself and infects the exe files, entries present under the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths It replaces the original Riched20.DLL file with worm infected riched20.dll. The worm gets executed whenever Microsoft Word application is activated. After this the worm tries to spread through the network shares by infecting .EXE files and by overwriting .NWS and .EML files. It creates a network share with no password on all the local drives of the infected computer. This would allow easy propagation of worm across network. It mails itself to email addresses present in .HTM and .HTML files of local computer, it also spreads using email addresses under MAPI messages of Microsoft Outlook and Microsoft Outlook Express. This worm first appeared during September 2001.
This worm is also known as W32/Minda@MM, Troj_Nimda, Code Rainbow, Minda, Nimbda
Click
here to download a 30 day Evaluation Copy of |
About
Protector Plus Antivirus Software Packages:Proland Software is the developer of Protector Plus range of antivirus software packages. Protector Plus is available for Windows Vista, Windows 95/98/Me, Windows XP, Windows NT/2000/2003 servers and workstations, MS-Exchange 2000/2003, MS-DOS and NetWare servers.
 |
Protector Plus range of antivirus products
offer on-line virus detection and removal. All the packages have the ability
to detect and isolate all types of viruses, trojans, worms and other types
of malware. Protector Plus antivirus software can detect and remove Win32/Nimda.A worm
reliably.
These products are updated on a continuous basis and the latest upgrades
for all the platforms are made available for downloading from this site.
|
You can download the 30 day evaluation
copy of the
antivirus software free of cost for these platforms:
Copyright ©
2007 Proland Sofrware. All rights reserved.
