I got problem of 'readme.eml' virus file. I've used at least 4 different rootkit virus removal tools for Nimda.the tools are: 1.Kaspersky. Free virus removal tools for all the latest internet threats – powered by Bitdefender. Download your free virus removal tool right now!

Win32/Nimda is a family of worms that targets computers running certain versions of Microsoft Windows. Fried Green Tomatoes Script. The worm exploits the Windows vulnerability described in Microsoft Security Bulletin MS01-020 in order to spread by infecting Web-content documents and attaching itself to e-mails. The worm also spreads by infecting executable files and by copying itself to local folders, network shares, and remote computers through backdoors. The worm compromises security by sharing the C drive and creating a Guest account with administrator permissions. Win32/Nimda is a family of worms that targets computers running certain versions of Microsoft Windows. The worm exploits the Windows vulnerability described in Microsoft Security Bulletin MS01-020 in order to spread by infecting Web-content documents and attaching itself to e-mails.

The worm also spreads by infecting executable files and by copying itself to local folders, network shares, and remote computers through backdoors. The worm compromises security by sharing the C drive and creating a Guest account with administrator permissions. Win32/Nimda spreads in the following ways: • By copying itself to remote computers and running itself there. The worm uses TFTP to copy itself through a backdoor opened by Win32/Nimda or other malicious software such as the Code Red II worm. The malicious software can open a backdoor by exploiting the Windows vulnerability described in Microsoft Security Bulletin MS00-057.

• By exploiting the Windows vulnerability described in Microsoft Security Bulletin MS01-020. Win32/Nimda copies itself to a file, exploiting the vulnerability by adding code that causes the file to run automatically in the following ways: • The worm infects Web-content files in order to run automatically when a user browses the file with low Internet-security settings in Internet Explorer. The worm takes the following actions to accomplish this: • Copies itself as readme.eml to folders that contain Web-content documents such as.html or.asp files. The readme.eml file contains additional code that exploits the MS01-020 vulnerability.

• Infects the Web-content documents with Javascript that calls the readme.eml file. • The worm sends a copy of itself as an e-mail attachment to e-mail addresses that it finds on the infected computer. Acer Iconia W700 Software. The worm copy contains additional code that exploits the MS01-020 vulnerability. This causes the attachment to run automatically when a user simply previews or views the e-mail in Microsoft Outlook or Outlook Express.

(The worm also runs if the user actually opens the attachment, regardless of whether the MS01-020 vulnerability is patched.) • By infecting application files locally and on network shares. The virus runs when a user opens an infected application. • By copying itself as a new file named riched20.dll to local folders that contain files with.doc or.eml extensions.

The virus runs when a user opens a document in Microsoft Word Pad or Microsoft Word, as these applications load the riched20.dll when they open.