Removing the W32.Nimda.A@mm from Windows 95/98

From: Luis Rivera (lrivera@IT.FIT.EDU)
Date: 09/18/01 

Message-ID:  <F9FB98D0AADE5340A3F623E11476DDCB099EFF@indicium.fit.edu>
Date:         Tue, 18 Sep 2001 16:09:10 -0400
From: Luis Rivera <lrivera@IT.FIT.EDU>
Subject:      Removing the W32.Nimda.A@mm from Windows 95/98
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Hello Russ,

I am not sure if anyone has posted this info yet but we were able to
figure out how to remove the W32.Nimda.A@mm from Windows 95/98. So far
it has been effective,

1) boot in DOS mode
2) edit system.ini file in c:\windows
3) look for this line
        shell= explorer.exe load.exe -donotloadold

replace it with

        shell=explorer.exe

4) goto c:\windows\system
        1) run attrib -s -h riched20.dll
        2) run attrib -s -h load.exe
        3) del riched20.dll, 56kb (check the date on it, if todays date
delete it)
        4) del load.exe

If anyone has gotten further with win2k would appreciate the info.

- Luis Rivera
Florida Tech

======================================
Delivery co-sponsored by Trend Micro, Inc.
======================================
TREND MICRO SCANMAIL FOR EXCHANGE 2000 -- SECOND to NONE

If you are worried about email viruses, you need Trend Micro ScanMail for
Exchange. ScanMail is the first antivirus solution that seamlessly
integrates with the Microsoft Exchange 2000 virus-scanning API 2.0. ScanMail
ensures 100% inbound and outbound email virus scanning and provides remote
software management. Download a FREE 30-day trial copy of ScanMail and find
out why it is the best:
http://www.antivirus.com/banners/tracking.asp?siBI;$0&UL;=/smex2000
======================================

Relevant Pages