Event ID - 25

Port No25
Service NameI-Worm.Nimda
RFC Doc0
ProtocolTCP
DescriptionPE_NIMDA.E is a fast-spreading Internet worm and file infector that arrives via email, as an attachment called SAMPLE.EXE. It employs several infection mechanisms and exploits several known vulnerabilities. Similar to the original variant, PE_NIMDA.A, it has four modes of propagation: through email, through network shared drives, through unpatched IIS servers, and through file infection.

The main difference beween this variant and PE_NIMDA.A are the names of three of its dropped files. However, similar to the original variant, the name of the dropped executables are names of valid system files.
Reference LinkI-Worm.Nimda
AttackSolutions:

Windows 9x/ME Systems

Right-click the Network Neighborhood icon on the desktop
Choose the "Find Computer" option in the drop down box.
On the Find Computer Window, type the computer name of the workstation that you want to check for shared folders.
Double-click the found computer.
The folders that will be contained in the new window that will pop up consist of the shared folders contained on the workstation. Take note of the folder names.
Manually look for each folder on the system or click Start>Find>Files or Folders, type the folder name at the "Named" section of the Find All Files window.
When the shared folder (a folder that has an icon of a hand "holding" the folder icon) is found, right-click this and choose the Sharing option in the drop down box.
On the Sharing tab of the folder$$$$s properties, choose the radio button for the Not Shared option and click the Apply button. This successfully unshares the folder. Repeat the above process on each folder that is shared, until all have been unshared.


Windows NT/2000/XP Systems

Right-click the My Network Place icon on the desktop.
Choose the "Search for Computers" option in the drop down box.
On the Search for Computers Window, type the computer name of the workstation you wan to check for shared folders.
Double-click the found computer.
The folders contained in the new window that pops up consist of the shared folders contained on the workstation. Take note of the folder names.
Manually look for the folder or click Start>Search>For Files or Folders, type the folder name at the Named section of the Search For Files window.
When the shared folder (a folder that has an icon of a hand "holding" the folder icon) is found, right-click this and choose the Sharing option from the drop down box.
On the Sharing tab of the folder$$$$s properties, choose the radio button for the "Do Not Share This Folder" option and then click the Apply button. This successfully unshared the folder.
Repeat the above process on each folder that is shared, until all folders are unshared.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.