Le Nimda virus (code name W32/Nimda) is a worm which spreads by email. It also has four other ways to spread:
The Nimda worm retrieves the list of addresses found in the address books of Microsoft Outlook and Eudora, as well as email addresses contained in HTML files found on the infected machine's hard drive.
Next, the Nimda virus sends all of these recipients an email with an empty body and a subject chosen at random (and often very long). It adds to the message an attachment named Readme.exe or Readme.eml (file containing an executable). The viruses use an .eml extension to exploit a security flaw in Microsoft Internet Explorer 5.
What's more, in Microsoft Windows the Nimda virus can spread over shared network folders, infecting executable files found there.
Viewing Web pages on servers infected by the Nimda virus may lead to infection when a user views pages with the vulnerable Microsoft Internet Explorer 5 browser.
The Nimda virus is also capable of taking control of a Microsoft IIS (Internet Information Server) Web server, by exploiting certain security holes.
Workstations infected by the BadTrans worm will have the following file on their hard drive:
To eradicate the Nimda virus, the best method involves first disconnecting the infected machine from the network, then using up-to-date antivirus software or the Symantec virus removal tool (preferrably restarting the computer in safe mode):
Download the virus removal tool
What's more, the virus can spread using a security hole in Microsoft Internet Explorer, which means that you may catch the virus by visiting an infected site. To fix it, you must download the patch for Microsoft Internet Explorer 5.01 and 5.5. Please check the version of your browser, and download the patch if need be: