How to deal with virus Mydoom

J

Jim Walker

I got a notice from my ISP that I had sent an email with a virus. It was an
email that I had not initiated, so perhaps some virus hijacked my computer.
The virus they said I sent was W32/Mydoom@MM. My NAV doesn't detect this
even after the most recent update. Does anyone have info or places to
search to allow me to detect and remove this virus?
 
N

null

I got a notice from my ISP that I had sent an email with a virus. It was an
email that I had not initiated, so perhaps some virus hijacked my computer.
The virus they said I sent was W32/Mydoom@MM. My NAV doesn't detect this
even after the most recent update. Does anyone have info or places to
search to allow me to detect and remove this virus?
Click to expand...

F-Secure has provided a removal tool:

ftp://ftp.f-secure.com/anti-virus/tools/f-mydoom.zip


Art
http://www.epix.net/~artnpeg
 
K

Keanu Reeves

Jim im gettin this to even though ive got norton updated.So far ive had 20+
since this morning and im still getting it.This virus so far worse than swen
grrrrr.All i been doin is keep deleteing em and hoping it ll go away.No such
luck so far.Ive even emailed the addresses telling em they have a virus on
there pc and to update there anti virus software.No such luck come back with
a message undeliverable cause there inbox full tsk. Keanu
 
G

Ghost2020

The worm does spoof addresses, so that could be it.
So you'll never know who was originally infected, but it was someone who had
your address in their address book.
 
K

Keanu Reeves

yeah well ive warned em all now.I was thinkin maybe someone usin peoples
email addresses in these newsgroups to as half the emails say somethin about
binaries.Anyway im pullin me hair out ere im gettin loads lol.Im virus clean
anyway just done scan with norton and trend micro . Keanu
 
Y

Yen

Ghost2020 said:
The worm does spoof addresses, so that could be it.
So you'll never know who was originally infected, but it was someone who had
your address in their address book.



was
Click to expand...

Depending on your definition of "originally infected", you may be able to
find out. At least by looking at the mail headers, you can see what computer
(or gateway) originally sent the infected mail you are being accused of.
 
J

Jim Walker

Thanks. I downloaded the file, unzipped it, and double clicked the
application. It ran in the DOS shell and apparently went over all of the
files on my computer. Thanks! The computer is running as well as ever
supposedly now sans my-doom. It is a little disconcerting loading a program
called my doom and running it on my computer. It is amazing that F-Secure
has the tool out so quickly. I will definitely look into their other
software.
 
C

Conor

The worm does spoof addresses, so that could be it.
Click to expand...

You'd have thought that ISPs would've worked this out by now. But no. I
expect the levels of traffic generated by AV autoresponders from ISPs
is as bad as the worm itself.

--
Conor

"The vast majority of Iraqis want to live in a peaceful, free world.
And we will find these people and we will bring them to justice."
- George Bush
 
G

Gabriele Neukam

On that special day, Keanu Reeves, ([email protected]) said...
This virus so far worse than swen
Click to expand...

A propos Swen. In spite of many of your cases, I haven't received any of
the Mydoom/Novarg/Mimail.thingie worms. Can it be that it leaves
addresses alone which contain the string "spam", as Swen does?

I can only ask if there are users of addresses with "spam" in the
address, and whether they receiving infectious mails or not.


Gabriele Neukam

(e-mail address removed)
 
S

Sugien

Gabriele Neukam said:
On that special day, Keanu Reeves, ([email protected]) said...


A propos Swen. In spite of many of your cases, I haven't received any of
the Mydoom/Novarg/Mimail.thingie worms. Can it be that it leaves
addresses alone which contain the string "spam", as Swen does?

I can only ask if there are users of addresses with "spam" in the
address, and whether they receiving infectious mails or not.


Gabriele Neukam

(e-mail address removed)
Click to expand...

I have my address set to (e-mail address removed) but I have received
a few, so it looks like someone has my email address in their address book
with the hat removed, lol
--
http://home.adelphia.net/~dinosoft
/}
@###{ ]::::::Dino-Soft Software::::::>
\}
live web cam http://www.dino-soft.org/cam
live web cam fixed and active 12 hours a day minimum
 
G

Gabriele Neukam

On that special day, Sugien, ([email protected]) said...
I have my address set to (e-mail address removed) but I have received
a few, so it looks like someone has my email address in their address book
with the hat removed, lol
Click to expand...

Sug, you don't have to quote my sig. It is arbitrary.

Meanwhile, with Mydoom.B being unleashed (obviuosly from the same
person, as it does even have an update function for Mydoom.A, see
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.b@mm.
html
at item number eleven)
things may change, but I haven't received one yet. Maybe it is because
of something sitting inside my mail address which makes the worm believe
I am "part of it"?

NAI says in
http://vil.nai.com/vil/content/v_100988.htm (this is on Variant B)
"Method of Infection"

"Again like its predecessor, this variant avoids targetting certain
email addresses (those containing strings carried in the worm)."

Still wondering what I did wrong/right to not receive it.


Gabriele Neukam

(e-mail address removed)
 
B

BoB

On that special day, Keanu Reeves, ([email protected]) said...


A propos Swen. In spite of many of your cases, I haven't received any of
the Mydoom/Novarg/Mimail.thingie worms. Can it be that it leaves
addresses alone which contain the string "spam", as Swen does?

I can only ask if there are users of addresses with "spam" in the
address, and whether they receiving infectious mails or not.

Gabriele Neukam
Click to expand...

Be patient Gabriele, I only got my first Mydoom today. I knew
Avast had very recently added mydoom to its definitions files,
so I activated Avast's On-Access scanner before saving the
attached .pif to my HD. Avast alerted and then would not allow
a move/copy or let me try to test it with another AV. Avast did
OK so will test a different AV on the next one.

A local newscast just said it is estimated that 20% of all
computers in east Tennessee now have the mydoom virus on board.

BoB
 
§

§ÐÎßÓ

I got a notice from my ISP that I had sent an email with a virus. It was an
email that I had not initiated, so perhaps some virus hijacked my computer.
The virus they said I sent was W32/Mydoom@MM. My NAV doesn't detect this
even after the most recent update. Does anyone have info or places to
search to allow me to detect and remove this virus?
Click to expand...

Shame on you !!!!!
You sent it on purpose, and now we all know the truth......
 
J

John Simpson

Well the virus really doesnt impact your PC. It simply redistributes
itself through e-mail. The purpose of the virus is to attack SCO and
Microsoft... and if you ask me, they deserve it.
As for your ISP, theyll understand, it was last estimated that one in
three e-mails were infected with MyDoom... so theres not much you can
do but sit back and watch the anarchy as SCO and Microsoft get hit.
 
F

FromTheRafters

John Simpson said:
Well the virus really doesnt impact your PC.
Click to expand...

It doesn't?
It simply redistributes itself through e-mail.
Click to expand...

So, no worries then...

....unless you are the kind of person that worries about the little
things like backdoor servers allowing for complete remote
access to your computer for strangers.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

new doom varient? 3
Does MyDoom Mix'Match To Spoof Email Addresses? 1
New (?) virus being circulated via e-mail (Mytob or Mydoom) 4
What is BEST Removal Tool for MyDoom?? 4
Virus Infection??? 1
How does MyDoom get into _restore\temp without running? 7
MyDoom Characteristics 1
Odd virus issue - coming from anit-virus company? 16

Top