Question 1: Has anybody seen Nimda infect .exe's with the read-only attribute set? I'm wondering if I can use this to ensure the integrity of the cleaner files and what not that I want to copy to an infected server. Question 2: I tried to use the Sophos cleaner to repair an infected system, but it demanded that I have a copy of ntfsdos pro, which I don't have. So I tried running the cleaner from Windows, and it was unable to open many files for writing. How is it then, that the virus can open the files for writing, but the cleaner can't?
