Nowadays, people are still struggling to keep their devices and data safe from computer viruses and worms. New threats come daily. Such is the case of the Nimda computer virus.

In the face of it, the best thing you can do to protect yourself is to know what you are up against. Below, you can discover what the Nimda virus is, how it works, and what you can do to protect yourself.

In this article
    1. 📥Lesson 1: Don't open suspicious emails
    2. 🚀Lesson 2: Keep your OS and apps updated
    3. 🎯Lesson 3: Use antivirus software

What is Nimda Virus

Nimda virus or Nimda worm is one of the veteran computer viruses. The initial Nimda virus attack (W32.Nimda.A@mm) dates back to September 18, 2001, when it caused major traffic slowdowns across the global internet network. You've probably noticed that Nimda is, in fact, Admin spelled backward, which refers to the admin.dll file that hackers use to spread the virus via email.

nimda worm infecting computer

Nimda virus infects computers running Microsoft Windows web server (Internet Information Server). Before it was patched, the vulnerability existed in Windows 95, 2000, NT, and XP. The effects of widespread Nimda worm infection all boil down to significant internet traffic slowdown, denial of service, and online chaos.

How the Nimda Computer Virus Works

The Nimda worm is easy to understand as its mechanism is quite simple. It's coded to exploit vulnerabilities in Microsoft's Internet Information Server (IIS). Once it infects a computer or web server, it randomly selects a range of IP addresses and starts probing each IP address within it. It targets servers running vulnerable IIS versions and injects JavaScript malicious codes on web pages on every server.

The intention behind this behavior is to propagate through the infected computer to other computers on the local network and the Internet. It can also propagate on local computers by creating DLL files in document folders to spread through Microsoft Office.

Finally, it scans the computer for any email addresses and sends them an email containing the infected "README.EXE” file, further spreading the Nimda work across computers.

What to Do While Suffering the Nimda Virus

If you think your PC is infected, follow the steps below.

  1. Disconnect the PC from the Internet.

    The first thing you should do is to disconnect your computer from the Internet. This is the best way to prevent the Nimda virus from continuing to spread by injecting malicious scripts into web pages.

  2. Reformat the hard drives and reinstall the OS.

    Since you are unable to tell which files the virus created on your drive, the best way to purge the virus from your PC is to format the hard drives and reinstall the OS. Before you proceed with this step, it's highly recommended to back up your data before formatting the drives.

  3. Scan the system with antivirus tools.

    Antivirus tools can help you scan the system to be 100% sure the virus has been purged from your PC. Consider enabling real-time protection in your antivirus software to remain protected while using your device.

  4. If the scan passes, reconnect the network again.

    Finally, if everything checks out and your antivirus tool doesn't discover any Nimda virus leftovers, you are ready to reconnect the network again.

What We Learned From Nimda

While certain things make Nimda unique compared to other worms and viruses, it's still a computer virus. It simply means that there is a way to protect yourself from it. Here are the most noteworthy lessons we learned from Nimda.

📥Lesson 1: Don't open suspicious emails

Whether you want to protect yourself from Nimda or any other virus or malware, you should always keep your eyes open for suspicious emails. Don't open emails coming from suspicious senders and websites. Emails will often have attachments. Be extra careful around those, and don't open them and save the contents unless you trust the person who sent them.

🚀Lesson 2: Keep your OS and apps updated

Software companies behind operating systems and apps don't apply patches only to introduce new and cool features and functionalities. They use user feedback and track antivirus companies' reports to identify backdoors and vulnerabilities in their systems so they can release security updates. Make sure to update your software to the latest version to avoid your system getting infected.

🎯Lesson 3: Use antivirus software

The final lesson is to always use antivirus software. These tools are developed to provide real-time protection to your device. They will notify you if you are about to visit a sketchy website, install a suspicious app, or open a mail that contains malware. These tools also automatically deal with viruses and worms. Your only job is to make sure they are always updated.

Bonus Advice: How to Recover Data While Dealing With Nimda?

Nimda is a very aggressive virus when it comes to propagation, and it may create hundreds of files on your drive. The safest way to clean it from your PC is to reformat the hard drive. The safest practice has its downsides, though. Formatting your drive means you'll also delete all your personal data.

Fortunately, there are professional data recovery tools such as Wondershare Recoverit to help you with this task.

Free Download
Free Download

Here are the steps you to follow:

  1. Download and install Wondershare Recoverit

    Visit the official Wondershare Recoverit to download the app. Follow the installation wizard instructions to complete the installation.

  2. Scan your drive Select the drive you've formatted to initiate the scan. Wait for the scan to complete. You can see the progress in the bottom left corner.
    scanning drive for deleted files with wondershare recoverit
  3. Recover the deleted files

    Select the files you want to recover and click the Recover button. You can preview the files before recovering them, too. Simply select the file and click the Preview button.

    wondershare recoverit recovering deleted files


The Nimda virus is a malicious malware capable of propagating at an incredible pace while slowing down computers and traffic across the Internet. However, it's easy to keep yourself protected. All you have to do is keep your OS and apps updated, use antivirus software, and exercise caution when opening emails.

If you've reformatted your drives during the virus removal process, you can still get your data back with specialized tools such as Wondershare Recoverit.

Free Download
Free Download


  • Why is this virus named Nimda?
    The cybersecurity specialists discovered in the virus code that it's named the Concept Virus. However, this name was already taken, so they decided to name it Nimda, which is Admin in reverse, as it creates Admin files on infected machines.
  • Does Nimda delete data on the computer it infects?
    No, Nimda malware is not developed to delete data. It infects the computers and uses all the available resources to make as many copies of itself as possible. The infected computers have an incredibly low performance, and the network traffic drops below the minimal threshold.
  • Who made the Nimda virus?
    Once the cybersecurity experts got their hands on the Nimda source code, they discovered a text line containing "R.P.China.” However, this was only the case with the first Nimda variant ever discovered. For instance, the Nimda.d variant contains the text line that reads "Stephen Fernandez.Spain.” So far, the authorities haven't been able to find the culprit.
Alex Nappi
Alex Nappi May 14, 24
Share article: