This tool is designed to remove infections of W32.Nimda.E@mm. It will not remove infections of W32.Nimda.A@mm. If you need to remove a W32.Nimda.A@mm infection, obtain the W32.Nimda.A@mm Removal Tool.
The W32.Nimda.E@mm Removal tool does the following:
1. Terminates all processes associated with the virus.
2. Terminates the Explorer.exe process and relaunches it. The virus injects itself into Explorer.exe, which makes this step necessary. Because of this, you may see the desktop flash (this is expected behavior).
3. Detects all types of W32.Nimda.E@mm infections. Repairs those files that can be repaired. Deletes .eml, .nws, .doc, and .txt files that have been detected as infected.
NOTE: The tool will not delete .eml files in cases where the extension is not one of the four mentioned above. For example, a file with the double extension .eml.bad will not be deleted. You must manually delete such files.
4. Repairs the System.ini file by removing the modifications made to the shell= line.
5. Removes the guest account from the Administrator group and disables the guest account in the Guests group.
6. Repairs multiple HTML infections.
7. Returns shared drives and folders to default security settings.
