nimda

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

tcarter

Thread Starter
Joined
Jun 13, 2001
Messages
24
I have been infected with the Nimda virus on my win 2000 server. I have downloaded a removal tool from symantec, but I am waiting to use it until days end. Currently there are many mep*.tmp.exe processes that are taking up memory. Is it possible to end these processes immediately without affecting the stability of the server?
 
Joined
Oct 14, 2001
Messages
2,218
I'm not sure but read this

Nimda spreads through e-mail (addresses gathered from MAPI messages in Outlook and HTML documents in cache), IP address scanning (probing for vulnerable IIS servers), and open network shares. Nimda's location on a local drive is typically on C:\, D:\, or E:\, but can overwrite system files and can be called a number of filenames, including: ADMIN.DLL, LOAD.EXE, MMC.EXE, README.EXE, RICHED20.DLL, MEP*.TMP.EXE. The RICHED20.DLL file is called by Word and WordPad for rich text documents, and the MMC.EXE file is the same filename as Microsoft Management Console used to manage servers. These files can get overwritten and run accidentally when Nimda has infected a system.


oops

let me look again
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top