Softpedia >Windows >Antivirus >Removal Tools >  Nimda Detection & Clean
Nimda Detection & Clean icon

Nimda Detection & Clean

4.6/5 8
Certified 100% CLEAN Freeware   

Remove the Nimda virus from any system #Nimda antivirus  #Nimda remover  #Nimda cleaner  #Nimda  #Antivirus  #Remover  

Description

Free Download

Nimda Detection & Clean screenshot

Nimda Detection & Clean is a lightweight and useful tool that was designed in order to help you erase the dangerous Win32.Nimda.A@mm and Win32.Nimda.E@mm viruses.

This virus comes through e-mail as an attached file, with the body of the mail apparently empty but which actually contains the code to use the IFRAME exploit which will execute the virus when the user just view the message (if he is using Outlook or Outlook Express without latest Service Packs or patches from Microsoft). Once installed it copies itself in the system directory with the name riched20.dll modifying itself to be loaded as a DLL (Dinamically Link Library). This DLL is used by applications that work with Richedit Text Format such as Wordpad.

To be activated at every reboot, the virus modifies system.ini in the boot section, writing the following line: shell=explorer.exe load.exe -dontrunold

The virus attaches a thread to explorer.exe to run its viral code.

To spread it uses MAPI (Mailing API) functions to read user's e-mails from where it extracts SMTP (Simple Mail Transfer Protocol) addresses and e-mail addresses.

Another method to spread is by using the Unicode Web Traversal exploit similar to CodeBlue.

Using this exploit the virus gets control of the execution flow on that server and download itself under the name admin.dll, then puts a HTML code in the web page hosted by the IIS server to download the virus. To do this it tries to modify the files with the name: index, main, default and with the extension one of: .html .htm .asp

Also the virus enumerates the network resources visible to the infected computer and tries to copy in shared files or folders.

The virus is able to infect files by attaching the executable as a resource with raw data named f in the virus program. When the infected file is executed the virus takes over the control and executes the original file so the user doesn't notice anything. This is accomplished by dropping that f resource in a file with the same name as the original but with a space appended, followed by .exe.

The virus activates the user guest with no password and add it to the Administrator group. Also it creates a share for every root directory (from C to Z) with all access rights, and disables the proxy by modifying the keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy with the value "1" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable with the value "0" HKEY_CURRENT_CONFIG\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable with the value "0"

Leaving the library riched20.dll not deleted will reactivate the virus when a program using this library is executed.

Nimda Detection & Clean 1.0.0.1

 add to watchlist add to download basket send us an update REPORT
  runs on:
Windows All
  file size:
240 KB
  filename:
antinimda.exe
  1 screenshot:
Nimda Detection & Clean - With the help of Nimda Detection & Clean you can get rid of the dangerous virus.
  main category:
Antivirus
  developer:
  visit homepage

4k Video Downloader

Export your favorite YouTube videos and playlists with this intuitive, lightweight program, built to facilitate downloading clips from the popular website
4k Video Downloader

calibre

Effortlessly keep your e-book library thoroughly organized with the help of the numerous features offered by this efficient and capable manager
calibre

Windows Sandbox Launcher

Set up the Windows Sandbox parameters to your specific requirements, with this dedicated launcher that features advanced parametrization
Windows Sandbox Launcher

7-Zip

An intuitive application with a very good compression ratio that can help you not only create and extract archives, but also test them for errors
7-Zip

Zoom Client

The official desktop client for Zoom, the popular video conferencing and collaboration tool used by millions of people worldwide
Zoom Client

ShareX

Capture your screen, create GIFs, and record videos through this versatile solution that includes various other amenities: an OCR scanner, image uploader, URL shortener, and much more
ShareX

Bitdefender Antivirus Free

Feather-light and free antivirus solution from renowned developer that keeps the PC protected at all times from malware without requiring user configuration
Bitdefender Antivirus Free

Microsoft Teams

Effortlessly chat, collaborate on projects, and transfer files within a business-like environment by employing this Microsoft-vetted application
Microsoft Teams

IrfanView

With support for a long list of plugins, this minimalistic utility helps you view images, as well as edit and convert them using a built-in batch mode
IrfanView

Context Menu Manager

Customize Windows’ original right-click context menu using this free, portable and open-source utility meant to enhance your workflow
Context Menu Manager

% discount
Microsoft Teams
  • Microsoft Teams
  • IrfanView
  • Context Menu Manager
  • 4k Video Downloader
  • calibre
  • Windows Sandbox Launcher
  • 7-Zip
  • Zoom Client
  • ShareX
  • Bitdefender Antivirus Free
TRY
essentials
Click to load comments
This enables Disqus, Inc. to process some of your data. Disqus privacy policy