NimdaMarch 12, 2002

Time: March 12, 2002
Location:Gustavus Campus
Audience:Campus
Category:
Attendancenone
Description
The Department of Information Technology believes that once again the Nimda virus is circulating around the Gustavus campus.

The two most common strains of the nimda virus are the W32.Nimda.A@mm and the W32.Nimda.E@mm. Symantec has developed a Removal Tool for the Nimda virus. There is no risk in running the Removal Tool. The Removal Tool will scan the machine and report if the machine is infected or not. If infected the removal tool will try and fix the infection. The Removal Tools designed by Symantec are specific for the variant of the virus. Both removal tools are available at the Norton Anti-Virus web site and the local Gustavus web site.

Removal Tool for W32Nimda.A@mm from Norton
Removal Tool for W32.Nimda.E@mm from Norton

Removal Tool for W32.Nimda.A@mm from Gustavus
Removal Tool for W32.Nimda.E@mm from Gustavus

The Nimda Removal Tools and Norton Anti-Virus are also available from the Helpline, located in the Olin Hall Lab.

Gustavus Adolphus College has a site license with Symantec that allows all students to use the Norton Anti-Virus software while they are enrolled at Gustavus. This software, if kept up to date will play a valuable role in preventing further infections. It is available on the Connectivity CD (available from the Helpline).

(11/01/01) The Nimda Virus is an extremely harmful virus that will eventually degrade the performance of an infected machine to a unusable state. The Nimda virus is a Windows virus which spreads via email, network shares and websites. There are a variety of ways that a machine can become infected, the most likely are:

  1. Receiving an email attachment from some mail-server other than Gustavus, like Yahoo or Hotmail. Gustavus has been filtering email attachments delivered on campus for many months now.
  2. Having an open share on your own personal machine that allows users in the Network Neighborhood access to your drive ie a shared directory with write privileges.
  3. Browsing an infected web site, with an outdated and un-patched copy of Internet Explorer.

Symantec has developed a Removal Tool for the Nimda virus. There is no risk in running the Removal Tool. The Removal Tool will scan the machine and report if the machine is infected or not. If infected the removal tool will try and fix the infection. This tool can be downloaded from the Symantec site or the Gustavus webserver or obtained on CD from the Helpline in the Olin Hall Computer Lab. Directions for running the removal tool are available from the Symantec site or by stopping by the Helpline.

Although the removal tool was written specifically for this virus, there is no guarantee that it will restore the computer to it's original state, the only way to guarantee this is to reformat and reinstall the operating system and software. If you have choose to reformat your drive, please be aware that any data you move back to your machine from a backup may be infected and you should install anti-virus software and update the virus definitions. before moving any of your original data back to your machine.

Gustavus Adolphus College has a site license with Symantec that allows all students to use the Norton Anti-Virus software while they are enrolled at Gustavus. This software, if kept up to date will play a valuable role in preventing further infections. It is available on the Connectivity CD (available from the Helpline).

A machine infected with Nimda will continue to attempt to infect others on the network . If you have any questions or concerns regarding this, please contact Tami Aune x6113 tami@gustavus.edu or Rebecca Zeeb x 7130 or rzeeb@gustavus.edu.

Download the Nimda Removal Tool

(10/18/00) The Department of Information Technology has received numerous reports of virus infections on campus. Primarily infecting student owned machines on the campus network. The most common are FunLove (also known by: FLCSS, Funlove, W32.FunLove.4099, W32/Flcss, W32/Funlove.4099.dr, Win32.FLC, Win32.FunLove.4070) and the Matrix Virus (also known as: I-Worm.mtx,MTX.exe, PE_MTX, W32/Apology, W32/Apology-B, W32/MTX@nn, W95.MTX). FunLove will infect exe files on the host machine, and periodically scan network shares with write access, and infect any exe, scr and ocx files on any shared network drives. Matrix sends itself as an attachment with a variety of names (most ending in exe or pif or scr), with nothing in the body of the email. People need to double click to infect themselves. Both are very nasty and quite destructive. Both can render a machine unbootable, and unrepairable.

The Symantec description and removal instructions for FunLove.The Symantec description and removal instructions for Matrix.

As a precaution we remind all students that launching unknown executable files (ending in .exe, .bat or .com) from unknown sources is a risky practice. We encourage all users to use some type of virus protection software. If you suspect you have been infected, update your virus protection software, scan your hard drive and check the web site for your virus protection software. The web sites often have solutions and fixes for the most commonly found viruses.

ContactComputer Helpline

Related Events