General discussion

Locked

my network drives are full because of th

By DANNO ·
how do i delet the bad files from drives how do i chose the bad ones out the server is full of data since it was hit by the virus

thanks

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

my network drives are full because of th

by nichorton In reply to my network drives are ful ...

I hope you have virus software installed!

I was very impressed with Norton Antivirus. Norton knows how to delete and quarantine NIMDA.

Whatever virus software you use, make sure the engine and the DAT files are current!

Then let the scanrun. It will find the infected files and prompt you for action on what to do with them.

I would quarantine the infected files then back them up to tape or CD. Then delete them from the Network server. If you need the files later restore it andfix it then.

Norton came to the rescue for me 41xs for NIMDA. I had no downtime or problems.

Collapse -

my network drives are full because of th

by DANNO In reply to my network drives are ful ...

Poster rated this answer

Collapse -

my network drives are full because of th

by Ann777 In reply to my network drives are ful ...
Collapse -

my network drives are full because of th

by DANNO In reply to my network drives are ful ...

Poster rated this answer

Collapse -

my network drives are full because of th

by Tejota In reply to my network drives are ful ...

To manually remove the virus search for the following files: readme.exe, riched20.dll, root.exe, admin.dll, load.exe, and mmc.exe. Chances are that your NT station will have these files cause they are genuine files that NT uses. You must distinguish them though by looking at the dates on them. You'll be able to spot the fake ones (which are the virus engines) by the date. The date will basically be current or the date your machine was infected. You will have to delete these fake files. As a little background, the virus copies these genuine files so it can appear as part of the OS when in fact, these are the files that generate the nws and eml files. After you've deleted those virus files, then search for all *.nws and *.eml files and delete. Once done, empty your recycle bin and your done.

Collapse -

my network drives are full because of th

by Tejota In reply to my network drives are ful ...

footnote: One NT server, I had to disable my McAfee to do delete these files manually. The main virus file on my NT server machines were riched20.dll. On our WIN2K machines, we had the readme.exe virus file and had to boot in safe mode in order to delete permantly. Hope this helps. In the end though, you might want to clean it out with the Norton tool which I found pretty good.

Collapse -

my network drives are full because of th

by DANNO In reply to my network drives are ful ...

Poster rated this answer

Collapse -

my network drives are full because of th

by Bhrdwh In reply to my network drives are ful ...

hi, follow each step to get rid of Nimda, it can be removed as..

1. Update your Mcafee / Norton Antivirus with the latest patch, the patch is a exe
file that can be downloaded free from Norton's site).
2. Run Norton, select "Delete files if Virus found" & choose "All files" & "zipped files" as well.
Also from "Exclude files ", remove all entries here, this will make Norton
scan/clean all files & leave no one.

3. Run the scan & dont run any Programs/RRose/Outlook etc during scan. Let
it go on & check your whole system

4. Run "Find" on your system for *.eml, *.nws, delete all files by these
extension. NO data loss if you do it. So dont worry if you delete these files.

5. One check -- Goto the command prompt & type C> MEM /c/p you will see
lots of "Modules using memory below 1MB". Just below that is "Memory
Summary", Here see the "Conventional Memory" - "Total" heading.
IT SHOULD BE 655,360 (not more not less).
If is 655360, then there is no memory resident virus (bootsector virus etc.)
in your system (however email viruses like CodeRed, ILoveU or Nida may still
be there).

6. One major thing, we got the virus from Win 2000 - IIS 5.0 Server that we
have here. Clean all servers running IIS - ALL MUST BECLEAN !!!!
(all NTs running IIS), else Nimda will bounce bac agian even if you clean
Development systems (Win95 / 98s).

Also remove any shared folders on PCs & Servers. Nimda jumps from one system
to another thru these shared folders.
Akash

Collapse -

my network drives are full because of th

by DANNO In reply to my network drives are ful ...

Poster rated this answer

Collapse -

my network drives are full because of th

by @lberto In reply to my network drives are ful ...

The best you can do is go to Symantec web site and download the removal tools and let it search on your server.
Other posibility could be go to www.pspl.com and try out the trial version of Protector Plus, it works, I tested already. Also Norton could help you.
:-)
@lberto

Back to Windows Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums