What about the Nimda virus in Win7? Win7 clear Nimda virus operation method

If Win7 has Nimda virus, what should I do? Nimda is a typical worm, and its spread is very strong, so once the computer has a Nimda virus, it will be cleared as soon as possible. Many partners may not know how to remove the Nimda virus. Let's take a look at how to remove the Nimda virus.

Nimda virus Detailed:

Nimda virus is characterized by a mode of transmission, fast rate of infection, it is through email, a shared network resource, IIS server communication, and it It is also a new virus that infects local files. It is mainly spread by mail, and can be infected during preview, so that the speed of the computer is gradually slowed down, the hard disk is shared without knowing, and the documents such as Word and WordPad cannot be opened, saved or displayed insufficiently. information.

According to the characteristics of Nimda virus, it is recommended to use Rising Network anti-virus software for enterprise users with LAN. Because "Nimda" is the biggest hazard is that it will change the security settings after infecting the computer. The open hard disk is used as a network sharing resource, which infects the server and infects all files shared by local files and remote networks. Therefore, the anti-virus software of the ordinary stand-alone version cannot realize the synchronous upgrade of the whole network. It is the best choice to install the network version.

Method for clearing Nimda virus:

Method 1. Manually clear

1. Open the process manager and view the process list. End the process in which the process name is “xxx.tmp.exe” and “Load.exe” (where xxx is an arbitrary file name).

2. Switch to the TEMP directory of the system and look for files with a file length of 57344 and delete them.

3. Switch to the system directory of the system and look for the file named riched20.dll.

4, view the file size of riched20.dll, the normal file size of the system should be above 100K, and the copy size of the Concept virus is 57,344 bytes.

5, continue to look for the file named load.exe, length 57734 bytes in the system's System directory, delete it.

6. Look for the Admin.DLL file in the root directory of the three logical disks C:\\, D:\\, E:\\. If the file exists in the root directory, delete it

7, open the System.ini file, if there is a line in the (load); shell = explorer.exeload.exe-dontrunold & rdquo;, then changed to "shell=explorer.exe".

8. If it is WinNT or Win2000 and WinXP system, open “ control panel /user and password & rdquo;, delete the guest account in the Administrator group.

Method 2, offline clearing

1, enterprise users without network LAN, no online version of anti-virus (anti-virus software), clear the method of operation:

2, hot start, the end of this worm process.

3. Delete the virus file in the temp file directory of the system.

4, use the non-toxic riched20.dll (about 100k) file to replace the infected riched20.dll file with the same name (57344 bytes)

5, the load in the system directory. The exe file (57344 bytes) is completely deleted and the mmc.exe file in the root directory of the windows; to find the Admin.DLL file in the root directory of each logical disk, if there is an Admin.DLL file, delete these virus files, and Find the file named Readme.eml and also delete it.

6, if the user is using a Windows NT or Windows 2000 operating system computer, then open "ldquo; control panel", then open "ldquo; user and password", the administrator group in the guest account delete.

The Nimda virus is very old. If you encounter this virus, you can try to use the computer butler and other anti-virus software to remove it.