Author Topic: W32:nimda  (Read 4238 times)

0 Members and 1 Guest are viewing this topic.

simpof

  • Guest
W32:nimda
« on: October 28, 2004, 03:12:12 AM »
Hi
Avast scanner have detected virus or Worm call W32:nimda. There is different action that can be taken: suppress, put in quarantain, etc. When we «suppress», does that mean that all possible infected files are free from that virus. Is there other action that we have to do?  

Thanks

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:W32:nimda
« Reply #1 on: October 28, 2004, 03:34:41 AM »
Hi, Avast scanner have detected virus or Worm call W32:nimda. There is different action that can be taken: suppress, put in quarantain, etc. When we «suppress», does that mean that all possible infected files are free from that virus. Is there other action that we have to do?  Thanks

When you click suppress, only the specific file (or worm) is deleted. Not all, but the only that is shown in the message box.
The best action to take, with sure, is 'Send the file to Chest', where you're be safe from further infection and could 'handle' (move, delete, clean, etc.) that file inside of the avast! program.

Wellcome to forums  8)
The best things in life are free.

simpof

  • Guest
Re:W32:nimda
« Reply #2 on: October 28, 2004, 04:12:32 AM »
Thanks for the quick answer
I have already delete.  So how can I send the file to chest. I see an inscription in the log journal, warning: « sign of Win32 nimda has been found in «D:\1386\APPS\App25667.exe\hp\tmp\nav2002\support \EDISK\DISKi.IMG» file

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:W32:nimda
« Reply #3 on: October 28, 2004, 02:23:46 PM »
Thanks for the quick answer
I have already delete.  So how can I send the file to chest. I see an inscription in the log journal, warning: « sign of Win32 nimda has been found in «D:\1386\APPS\App25667.exe\hp\tmp\nav2002\support \EDISK\DISKi.IMG» file

This file is better to delete  ;D
To send files to Chest just click the button 'Move to Chest' in the virus warning message  ;)
The best things in life are free.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:W32:nimda
« Reply #4 on: October 28, 2004, 02:38:20 PM »
Quote
D:\1386\APPS\App25667.exe\hp\tmp\nav2002\support \EDISK\DISKi.IMG
D:\1386\APPS\App25667.exe\hp\tmp\nav2002\support \EDISK\

Very suspicious folder, I think it is better to delete the entire folder.
App25667.exe is definatly not a trusted folder name ;)

simpof

  • Guest
Re:W32:nimda
« Reply #5 on: October 29, 2004, 04:07:22 AM »
Hi
After reading your replys, I maded another scan and again there were a message off infected file, the same as yesterday. So I tried to send file to chest (Mise en quarantaine in french) but I received a message «Access refused» ...!. So I tried action «rename/move» the file have been rename «DISK1.IMG.vir »  and move in
C:/program files/alwill/Avast4/DATA/moved/DISK1.IMG.vir .
I made a third scan of D:/ drive (location of the «potentiel» worm). I received the same warning off infected files .
When I look in the log viewer I got that message:
«D:\1386\APPS\App25667.exe\hp\tmp\nav2002\support \EDISK\DISKi.IMG» fil. The following error occured during the move/rename off the file. Refused access»

So is there something wrong happen...is it better to delete the file from «Chest/User file/ DISK1.IMG.vir

Yesterday I scan with «Avast virus cleaner» and no virus have being detected.

So I am wondering if it is a real issue...?
Thanks for your help

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:W32:nimda
« Reply #6 on: October 29, 2004, 04:16:25 AM »
I suggest you run a boottime scan and delete all infected files.

Also have a look at the page in my signature to see how to clean a system from malware.

simpof

  • Guest
Re:W32:nimda
« Reply #7 on: October 29, 2004, 11:28:44 PM »
What is boottime scan? My english is limited...

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:W32:nimda
« Reply #8 on: October 29, 2004, 11:31:28 PM »
From Avast's manual/help
Quote
Scheduling the Boot Time Scan

Click on the Menu button.
Choose Schedule Boot Time Scan.
Doing so displays a dialog allowing you to schedule virus scanning.
Check Archives, if you want scan all the archives.
Specify whether all the disks or just a specific folder should be scanned.
Select Advanced options for scheduling details.
Select how to automatically process infected files.
Choose how to automatically process infected system files.
Click the Schedule button to confirm the settings.