john banks

Installed AVD on some of our clients today and whilst scanning found the odd Klez and Nimbda, said it could not clean or delete. Tried a removal process as recommended by McAffee and there was nothing there, and the files named were not there (hidden files displayed). Happened with Nimbda on another machine. I know some of these viruses kill parts of the virus killer, but this was up to date engine and pattern files. Seems a bit odd, but systems report as clean even though I never actually managed to delete anything. Seems a bit odd to me?

Fig

I had exactly the same thing on my machine last month. Sophos found 300+ files infected with Nimda-A, but no evidence of the hidden files, no modification to any system files etc. Spent several hours running cleanup/disinfectant utilities all reported a clean system.

When I asked Sophos about this, replied that you can get Nimda infection from infected websites just by visiting them. They recommended the on-access scanner part of SAV be set to sweep files on write as well as read, which will detect the files being created should it happen again.

Also check other machines on the LAN because Nimda spreads using network shares

JackClark

If you get a chance send me a report/log file. I'd like to get them looked at.