How can I protect my computer from the Nimda virus over the network? I just scanned my computer for the virus and it detected and deleted 11 files with viruses. The majority of files had names of songs followed by .EML extensions, such as "311 - from chaos - 03 - you wouldn't believe(1).eml". I have an FTP server with an Upload directory, and occasionally I seem to find .EML files in there. I was wondering what I can do to prevent the virus spread through network or FTP?
The scanner gave me the following information besides the files deleted:
The total number of the scanned files: 51099
The number of deleted files: 11
The number of repaired files: 0
The number of viral processes terminated: 0
The Guest account was removed from the administrators group: NO
The Guest account was disabled: YES
The number of shares found: 7
The number of shares secured for administrator use only: 7
The number of registry keys deleted: 0
VERY IMPORTANT NOTE
W32.Nimda.A@mm has been detected on your computer. This means that it is
possible that your system has been accessed remotely by an unauthorized user.
For this reason it is impossible to guarantee the integrity of a system
that has had such an infection. The remote user could have made
changes to your system, including but not limited to the following:
Stealing or changing passwords or password files
Installing remote-connectivity host software, also known as backdoors
Installing keystroke logging software
Configuring of firewall rules
Stealing of credit card numbers, banking information, personal data, etc.
Deletion or modification of files
Sending of inappropriate or even incriminating material from
customer's email account
Modifying access rights on user accounts or files
Deleting information from log files to hide such activities.
For this reason, if you need to be certain that your organization is
secure, you must reinstall your operating system, and restore from a backup
made before the infection took place, change all passwords in your
organization that may have been on this machine or accessible from it.
This is the only way to ensure that your systems are safe. For more
information regarding security in your organization, contact your
system administrator
-mosdef
The scanner gave me the following information besides the files deleted:
The total number of the scanned files: 51099
The number of deleted files: 11
The number of repaired files: 0
The number of viral processes terminated: 0
The Guest account was removed from the administrators group: NO
The Guest account was disabled: YES
The number of shares found: 7
The number of shares secured for administrator use only: 7
The number of registry keys deleted: 0
VERY IMPORTANT NOTE
W32.Nimda.A@mm has been detected on your computer. This means that it is
possible that your system has been accessed remotely by an unauthorized user.
For this reason it is impossible to guarantee the integrity of a system
that has had such an infection. The remote user could have made
changes to your system, including but not limited to the following:
Stealing or changing passwords or password files
Installing remote-connectivity host software, also known as backdoors
Installing keystroke logging software
Configuring of firewall rules
Stealing of credit card numbers, banking information, personal data, etc.
Deletion or modification of files
Sending of inappropriate or even incriminating material from
customer's email account
Modifying access rights on user accounts or files
Deleting information from log files to hide such activities.
For this reason, if you need to be certain that your organization is
secure, you must reinstall your operating system, and restore from a backup
made before the infection took place, change all passwords in your
organization that may have been on this machine or accessible from it.
This is the only way to ensure that your systems are safe. For more
information regarding security in your organization, contact your
system administrator
-mosdef