mattjurado
MIS
w32.novarg.a or w32.mydoom
Its squeaking by Norton and Kaspersky at many of our sites, update your stuff asap!!!
Matt J.
Its squeaking by Norton and Kaspersky at many of our sites, update your stuff asap!!!
Matt J.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
New major virus alert 1
- Thread starter mattjurado
- Start date
- Status
-
1
- Thread starter
- #2
mattjurado
MIS
is Symantec's alert and virus database site. More of a direct link.
for Network Associates info on it, though probably very similar to Symantec's
More useful, Network Associates Stinger programme. Stand-alone virus killer that they've updated to include this one.
More useful, Network Associates Stinger programme. Stand-alone virus killer that they've updated to include this one.
This is from Sophos' web site:
W32/MyDoom-A is a worm which travels by email. The worm harvests email addresses from your hard disk and uses randomly-chosen addresses for both the "to" and "from" fields. This means that the "from" address is spoofed and does not tell you where the mail really came from.
W32/MyDoom-A arrives in emails with the following characteristics:
Subject lines include:
error
hello
hi
mail delivery system
mail transaction failed
server report
status
test
[random collection of characters]
Attachment names include:
body
data
doc
document
file
message
readme
test
[random collection of characters]
Attachment extensions:
bat
cmd
exe
pif
scr
zip
W32/MyDoom-A attaches itself to emails in either EXE (Windows program) or ZIP (Zip archive) format.
W32/MyDoom-A drops itself to your System folder under the name taskmon.exe. W32/MyDoom-A also drops a file named shimgapi.dll, which is a backdoor program loaded by the worm. The backdoor allows outsiders to connect to TCP port 3127 on your computer.
W32/MyDoom-A adds the value:
Taskmon = taskmon.exe
to the following registry key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
This means that W32/MyDoom-A loads every time you logon to your computer.
Further reading:
They are also offering a repair program at
We have already gotten one email with this.
James P. Cottingham
There's no place like 127.0.0.1.
There's no place like 127.0.0.1.
W32/MyDoom-A is a worm which travels by email. The worm harvests email addresses from your hard disk and uses randomly-chosen addresses for both the "to" and "from" fields. This means that the "from" address is spoofed and does not tell you where the mail really came from.
W32/MyDoom-A arrives in emails with the following characteristics:
Subject lines include:
error
hello
hi
mail delivery system
mail transaction failed
server report
status
test
[random collection of characters]
Attachment names include:
body
data
doc
document
file
message
readme
test
[random collection of characters]
Attachment extensions:
bat
cmd
exe
pif
scr
zip
W32/MyDoom-A attaches itself to emails in either EXE (Windows program) or ZIP (Zip archive) format.
W32/MyDoom-A drops itself to your System folder under the name taskmon.exe. W32/MyDoom-A also drops a file named shimgapi.dll, which is a backdoor program loaded by the worm. The backdoor allows outsiders to connect to TCP port 3127 on your computer.
W32/MyDoom-A adds the value:
Taskmon = taskmon.exe
to the following registry key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
This means that W32/MyDoom-A loads every time you logon to your computer.
Further reading:
They are also offering a repair program at
We have already gotten one email with this.
James P. Cottingham
There's no place like 127.0.0.1.
There's no place like 127.0.0.1.
- Status