Here's what I got from the Symantec website:

News Release

Symantec Provides Comprehensive Protection Against W32.NIMDA.A@MM

New Analysis of Computer Worm Indicates Additional Destructive Payload

CUPERTINO, Calif. - Sept. 19, 2001 - Symantec Corp. (Nasdaq: SYMC), a world leader in Internet security, today announced that new analysis of W32.Nimda.A@mm reveals that the worm contains an additional destructive payload that will not only require detection, but removal. The new analysis indicates that the worm is a file infector, infects .exe files resides in memory.

W32.Nimda.A@mm is a mass-mailing worm that utilizes multiple methods to spread itself. The worm sends itself out by e-mail, infects machines over the network, and infects unpatched or already vulnerable Microsoft IIS Web servers. The worm also has various side effects, such as increasing network traffic while searching for machines to infect, which may cause network bandwidth problems. W32.Nimda.A@mm will also attempt to create security holes by creating a guest account with administrator privileges and create open shares on the infected system.

Symantec currently provides an integrated detection and repair solution against W32.Nimda.A@mm. In one step, users can download a solution that will simultaneously detect the worm and repair damaged files. The new definitions are available through Symantec's LiveUpdate feature or from the Symantec Web site securityresponse.symantec.com/avcenter/download.html. Symantec is developing a separate removal tool to eradicate the worm from the PC memory.

"Using blended Internet security threats ­ the combination of viruses, exploits, or vulnerabilities ­ to attack businesses and destroy assets, continue to rise," said Vincent Weafer, senior director of Symantec Security Response. "To combat such a fast spreading threat, Symantec integrated its solution for W32.Nimda.A@mm to detect and repair, allowing for quick clean up with little downtime."

Symantec Security Response recommends that IT administrators implement the following to stop the propagation of W32.Nimda.A@mm:

Block e-mails containing a "readme.exe" attachment.
Update virus definitions and ensure that firewalls are correctly configured.
Download the latest security updates for Enterprise Security Manager and NetRecon.
Install the IIS Unicode Transversal security patch.
Install the malformed MIME header execution security patch.
Close network share drives.
Additionally, consumers can immediately protect themselves against the new worm by implementing the following:
Use Symantec's LiveUpdate feature to obtain the latest virus definitions.
Use the Windows Update feature located on the "Start" menu on Window 95 and higher systems to download new security patches.
Disable the "File Download" feature in Internet Explorer to prevent compromise.

quote:

---

Originally posted by HTWLSS:
Hmmmmm, I haven't seen any problem on my computer. What would I search for?

Block e-mails containing a "readme.exe" attachment.

---

quote:

---

[b]
Both consumers and enterprises can be infected through a variety of methods.
Use Symantec's LiveUpdate feature to obtain the latest virus definitions.
E-mail ­ One of the methods the worm uses to infect PCs though is e-mail. The e-mail arrives with an attachment ­ readme.exe that is not always visible and contains a randomly generated subject line and no body message. The worm uses its own SMTP engine to e-mail itself out to all the addresses it collects by searching the user's incoming and outgoing e-mail boxes. Internet Explorer users v5.01 or v5.5 - (IE 5 with the Service Pak 2 or later installed or IE 6 are not affected) will receive a blank e-mail ­ no subject line, no body and a hidden attachment. Just opening the e-mail can infect users' PCs. For the latest Microsoft security patch, visit http://www.microsoft.com/windows/ie/download/critical/q290108/default.asp.
Shared Drives ­ PC users with shared drives enabled are also at risk. The worm searches for open network shares and will attempt to copy itself to these systems and then execute. IT administrators should close all network shared drives.
Web sites ­When users visit a compromised Web site, the server will run a script attempting to download an Outlook file, which contains the W32.Nimda.A@mm worm. The worm will create an open network share on the infected machine allowing access to the system. W32.Nimda.A@mm specifically targets versions of IIS servers, taking advantage of the known Universal Web Traversal exploit (MS Security Bulletin MS00-078), which is similar to the exploit used in the Code Red attack. Compromised servers will display a Web page and attempt to download an Outlook file that contains the worm as an attachment. IT Administrators should download the Microsoft security patch for IIS 4.0 at http://www.microsoft.com/downloads/Release.asp?ReleaseID=32061 and for IIS v5.0 at http://www.microsoft.com/downloads/Release.asp?ReleaseID=32011.

---

The clue that I got letting me know that I recieved this lovely virus was that when I went to the bomber's site, it told me that it could not acces media player or something similar...If you got that message, you're infected... Do what Symantec says, and if you find you have the firus, make sure you submit it to SARC in the quarantine window..It also helps to set "automatically clear Temp files when IE closes" to on in internet options, advanced tab... Good luck...

I'm on a network (at work) and haven't had any problems today.

Inoculan for Windows NT hasn't given me any alerts either.

I'm running HouseCall virus scan right now and it's not finding anything (hard drive and network drives).

If I do a "Find files" search, what would I look for?

I've searched my system for "nimda" and the .exe file that is described in the info below from http://www.antivirus.com/pc-cillin/vinfo/virusencyclo/default5.asp?VName=PE_NIMDA.A . I find nothing......are you sure it was The Bomber Restoration site that did it?
I've been listening to Internet Radio all day on Windows Media Player without trouble. I don't think my computer is infected.

=============================================
PE_NIMDA.A
Risk rating:
Virus type: File Infector
Destructive: No

Aliases:
NIMDA.A, W32/Nimda.A@mm, CV-5, Minda, Concept Virus, Code Rainbow

Description:

This worm uses three modes for propagation. It spreads via email, network shares, or through servers with IIS installed using the IIS Web Directory Traversal exploit. When spreading through mail, it typically arrives with the attachment readme.exe. It drops the file mepXXXX.tmp.exe in the C:\Windows\Temp directory, which is an eml format mail. This temp file contains the file attachment sent by the worm.

Solution:
This worm compromises the security of your file system by sharing your local drives to the network. Please check and remove these shares with the following instructions. You may opt to disable all your shared drives or limit the shares to give only READ access to all users since this worm may perpetually infiltrate your system through the shared drives.

For Automatic Cleaning and Removal:

Please download and apply the fix_nimda1.zip fix tool.
Trend Micro requests that all users download and read the readme_nimda.txt before using this tool.
For Manual Removal on Windows 9x/NT Systems:

Right-click the Network Neighborhood icon on the desktop
Choose the "Find Computer" option in the drop down box.
On the Find Computer Window, type the computer name of the workstation that you want to check for shared folders.
Double-click the found computer.
The folders contained in the new window that pops up consists of the shared folders contained on the workstation. Take note of the folder names.
Manually look for each folder on the system or click Start>Find>Files or Folders, type the folder name at the "Named" section of the Find All Files window.
When the shared folder (a folder that has an icon of a hand "holding" the folder icon) is found, right-click this and choose the Sharing option in the drop down box.
On the Sharing tab of the folder's properties, choose the radio button for the Not Shared option and click the Apply button. This successfully unshares the folder.
Repeat the above process on each folder that is still shared, until you have unshared all the shared folders.
For Manual Removal on Windows ME/2000 Systems:
Right-click the My Network Place icon on the desktop.
Choose "Search for Computers" in the drop down box.
On the Search for Computers Window, type the computer name of the workstation you want to check for shared folders.
Double-click the found computer.
The folders contained in the new window that pops up consists of the shared folders contained on the workstation. Take note of the folder names.
Manually look for the folder or click Start>Search>For Files or Fodlers, type the folder name at the Named section of the Search For Files window.
When the shared folder (a folder that has an icon of a hand "holding" the folder icon) is found, right-click this and choose the Sharing option from the drop down box.
On the Sharing tab of the folder's properties, choose the radio button for the "Do Not Share This Folder" option and then click the Apply button. This successfully unshares the folder.
Repeat the above process on each folder that is still shared, until you have unshared all the shared folders.
More Manual Instructions:
Click Start>Run, type SYSTEM.INI then hit the Enter key.
Look for the "Shell =" line and modify as follows:
From:
Shell = explorer.exe load.exe –dontrunold
To:
Shell = explorer.exe
Save and then close SYSTEM.INI.
Click Start>Settings>Folder Options
Click the View tab next to the Gen tab in the Folder Options window.
Under the "Files and Folders" in the Advanced Settings section, click to put a check mark or to tick the "Show all files" box.
Click Start>Run, type WININIT.INI then hit the Enter key.
Delete the contents of WININIT.INI then save.
Close the WININIT.INI.
Scan your system with Trend Micro antivirus and clean all files detected as PE_NIMDA.A. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner. Some infected files may be corrupted or contain only a pure strain of the worm. Delete these files.
The worm is using the Microsoft IE MIME Header Attachment Execution Vulnerability to drop emails. For an explanation and to download the patch please visit Microsoft's Web site.
For IIS users, the worm also uses the Microsoft Web Server Folder Traversal vulnerability. An explanation and patch also is available at Microsoft's Web site.
Trend Micro recommends that customers also use Microsoft's Cumulative IIS patch.

quote:

---

Originally posted by HTWLSS:
nope.....the County has "Inoculan".

I've searched my system for "nimda" and the .exe file that is described in the info below from

---