|
PureBytes Links
Trading Reference Links
|
Well, I see my lack of completeness has confused some people as usual, so
I'll try to expand just a little. The Nimda virus hides it's files, so
before you can find any nimda files, including riched20.dll, you have to
unhide them. You might find other copies of riched20.dll on your computer
that are not infected and are not hidden, but you must unhide the files to
find the trojan one. For Win98, in windows explorer, follow the menu
sequence view-folder options-view and make sure "show all files" is
selected and it would also be well to make sure "hide file extensions for
known file types" is unchecked. Then immediately use the explorer search
facility, tools-find menu sequence. If a riched20.dll file is found of size
~57kb, then that is the virus. You can right click the file name right
there in the "find" window and click "properties" to get the size of the file.
Another easy way to check is to run MSCONFIG ( start-run- then type in
msconfig, then click ok). Check the boot section of the system.ini file
there. Click the plus sign to the left of [Boot]. If you see a line
containing load.exe-dontrunold, then you have the virus. (Load.exe is
another copy of the virus). There's probably only around 20 lines to look
at, so you can't miss it. For me it occured on the second line, and that's
probably typical.
I don't know the exact procedures for other Windows versions, but I guess
they might be similar.
The best thing to do is check the web pages of the anti-virus program
vendors. Good information is there, scanners, and free cleaner programs.
Symantec and TrendMicro are two good places to start. That way I won't be
confusing anybody else.
David
|