Site Search

Site Info

Home » Forums » Forum Archives » Other Computer Problems » Topic # 306

Nimda problems
jubilee_gee Oct-21-01 05:09 AM

I keep getting this pop-up message saying that "Norton AntiVirus has detected the W32.Nimda.A@mm(dll) virus in: File Name: C:\inetpub\scripts\TFTP2764 Unable to repair this file. Access to the File was denied"

The TFTP number keeps changing. What is this TFTP file and why do I keep getting this message? The fixnimda program I got from microsoft's site doesn't detect any nimda virus on my machine when I run it.

tcorp Oct-23-01 12:59 PM
In response to message 0
We had the NIMDA virus attack our whole organization which extends across the US from Maine to California, and internationally. We had to take the following steps to cure ALL our Servers and Workstations, and prevent reinfection:
1. Delete all MEP*.tmp files if any exist
2. Delete c:\admin.dll if exists
3. Delete c:\windows\system\load.exe if exists
4. Delete all riched20.dll files on ALL workstations and server folders EVERYWHERE. Replace c:\windows\system\riched20.dll with known good one. This file should be 200K or larger depending on OS. If it is anything less than 200K it is a corrupt file and will cause memory and other errors in WORD and OUTLOOK.
5. Run FIXNIMDA.exe program available at most Virus makers sites.
6. Install CODE RED patch to all NT and 2000 servers and workstations regardless if IIS is installed. This you can get from MS site.
7. Upgrade Internet explorer to version 5 or 5.5 SERVICE PACK 2. I am unsure if IE 6 is secure at this point.

or further in depth information, go here :

Hope this helps. I know we had 1 long weekend patching and upgrading over 1500 servers and workstations !

| Home | Guides | How to | Reviews | Online Store | FAQ | Forums | Forum Archives |
| Links | News | Newsletter | About Dux | Advertising | Contact Info | Privacy |