The NIMDA virus

The KLEZ virus
Getting a CD to AutoRun

First off: so far (lucky me) I haven't been hit by this. Might have something to do with my habit of turning off all the hyperactive nonsense MS puts into their browser and mail reader programs. Or not using their software if it can't be turned off.

In any case, I'm simply relaying reports from people I trust. Here goes:

An IE/Outlook/Outlook Express patch from MS to help prevent getting the virus in the first place

Traits of the NIMDA virus

A free NIMDA virus cleaner from Trend Micro

Sophos also has a free NIMDA fixer that can run from DOS.

It's looking worse now. -- Nimda is the first wave of an attack that attempts to open up a system for much worse. This could include installing backdoor software, changing settings in the firewall to allow access, setting up a guest account with admin privileges, etc. Here is the link that talks about this and provides their removal tool.

Symantec AV Center

A user on Compuserve reported Out of Memory error messages from MS Office apps and received this reply from BettyCat (one of the forum Sysops):

I just had this same problem at work and my computer was infected with the nimda virus. I would recommend a complete virus scan, using updated files that came out no later than last Wednesday. Clean the computer of the virus by using your software, but there is more which you will manually have to do. If you have the nimba virus:

It may copy itself to the WINDOWS SYSTEM directory as LOAD.EXE and create a SYSTEM.INI entry to load itself at startup:

Shell=explorer.exe load.exe -dontrunold
This needs to be changed to

This is only one step, for more information go to:
this page

After cleaning your computer completly remove Office, first by uninstalling it, then using the Office 2K eraser program which you can find in the library here. Also delete all you Windows/temp files. Then reinstall Office.

Betty Cat/WUGNET

NIMDA goes after some network printers as well. This from Dick Minnick on Compuserve:

The basic problem is that the input stack overflows from the high volume of hits on Port 80. This is only a problem on network cards that have some sort of internal web browser that monitors Port 80 and doesn't affect HP MIO cards at all.

The Lexmarks go off line and can be cleared by power cycling. If you can telnet into it quickly enough (before it overflows again), you can turn off the web browser until you can get the recently-released firmware upgrade.

Only the early-model HP EIO cards (circa 1997-1998) are affected. The reports we get is that the card is permanently damaged and can no longer be used. You can upgrade the firmware in advance, but the process is difficult and not without risk of immobilizing the card. Currently available HP cards shouldn't have the problem.


Word has insufficient memory. Do you want to save (filename) as Rescued Document n? <<

This is a symptom of the Nimba virus. You need to clean your system with a very up to date virus program. Then there are some manual things you must do. Check here for more information