MyDoom & Doomjuice

[j]

(Note: O/S - Windows XP Home) Computer has MyDoom and
Doomjuice variance worm. It recognizes when I try to
perform following tasks: (Ctrl + Alt + Delete for) Task
Manager; (run) regedit; regedt32; msconfig; (and try to
run programs like) Spybot - Search and Destroy; AVG anti-
virus. Worm is recognizing these are being ran and shuts
them down immediately. Unable to perform anything.
Downloaded the removal tool from Microsoft - says that my
computer doesn't have virus, but the 30 secs or so AVG
can perform a scan, at the beginning it shows the
specific viruses. Tried running AVG in safe mode -
unable to (can run Spybot in safe mode). Found out could
run AVG in MS-Dos mode. Tried to run command prompt in
safe mode but I got an error when starting the avg
program (something about not being able to access the
hard drive). But still able to go into program and do a
scan (couldn't read some files it said during scan).
Aborted scan - concerned about the error message
received. Made a MS-Dos startup disc and restarted
computer w/ disk in. Didn't go into MS-Dos. Won't go
into MS-Dos mode. How can I go into MS-Dos mode on
startup? Anyone have any suggestions, really need some
help. Thank you.

 

[Carey Frisch [MVP]]

Unfortunately, the penalty for not having a good antivirus program installed,
not enabling a firewall, and not downloading the critical updates
available from the Windows Update website, is an opportunity
to perform a "clean install" of your operating system. Virus files are
designed to inflict damage to a PC, and apparently that is what happened.

Since Windows XP is not based on the old MS-DOS platform, one cannot
boot into MS-DOS because it does not exist.

I would suggest backing up your important documents and files
and proceed with a "clean install" of Windows XP:

The Windows XP CD is bootable and contains all the tools necessary
to partition and format your drive. Follow this procedure and allow
Windows XP to partition and format your drive:

NOTE: It would be best to physically disconnect all your peripheral hardware
devices, except the monitor, mouse and keyboard, before installing XP.

1. Open your BIOS and set your "CD Drive as the first bootable device".

===> Accessing Motherboard BIOS
===> http://www.michaelstevenstech.com/bios_manufacturer.htm

2. Insert your Windows XP CD in the CD Drive and reboot your computer.
3. You'll see a message to boot to the CD....follow the instructions.
4. The setup menu will appear and you should elect to delete the existing
Windows partitions, then create a new partition, then format the primary
partition (preferably NTFS) and proceed to install Windows XP.

5. Clean Install Windows XP
http://michaelstevenstech.com/cleanxpinstall.html

[Courtesy of Michael Stevens, MS-MVP]

6. ==> Immediately after installing Windows XP, turn on XP's Firewall.
==> http://www.microsoft.com/security/protect/

7. After Windows XP is installed, visit the Windows Update website
and download the available "Critical Updates".

8. After installing the critical updates, be sure and visit the support website
of the manufacturer of the computer to download and install any
available Windows XP compatible drivers, such as video adapter
and audio drivers.

9. If you happen to run into any installation difficulties, use the following resources:

How to Troubleshoot Windows XP Problems During Installation
http://support.microsoft.com/default.aspx?scid=kb;EN-US;310064

Troubleshooting Windows XP Setup
http://www.kellys-korner-xp.com/xp_setup.htm

[Courtesy of MS-MVP Kelly Theriot]

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

-----------------------------------------------------------------------------


| (Note: O/S - Windows XP Home) Computer has MyDoom and
| Doomjuice variance worm. It recognizes when I try to
| perform following tasks: (Ctrl + Alt + Delete for) Task
| Manager; (run) regedit; regedt32; msconfig; (and try to
| run programs like) Spybot - Search and Destroy; AVG anti-
| virus. Worm is recognizing these are being ran and shuts
| them down immediately. Unable to perform anything.
| Downloaded the removal tool from Microsoft - says that my
| computer doesn't have virus, but the 30 secs or so AVG
| can perform a scan, at the beginning it shows the
| specific viruses. Tried running AVG in safe mode -
| unable to (can run Spybot in safe mode). Found out could
| run AVG in MS-Dos mode. Tried to run command prompt in
| safe mode but I got an error when starting the avg
| program (something about not being able to access the
| hard drive). But still able to go into program and do a
| scan (couldn't read some files it said during scan).
| Aborted scan - concerned about the error message
| received. Made a MS-Dos startup disc and restarted
| computer w/ disk in. Didn't go into MS-Dos. Won't go
| into MS-Dos mode. How can I go into MS-Dos mode on
| startup? Anyone have any suggestions, really need some
| help. Thank you.

 

[j]

Excuse my ignorance but is there a way to start up in
command prompt mode w/out going into safe mode command
prompt (were I get the error)? I know that they created
a new platform for Windows XP.

-----Original Message-----
Unfortunately, the penalty for not having a good antivirus program installed,
not enabling a firewall, and not downloading the critical updates
available from the Windows Update website, is an opportunity
to perform a "clean install" of your operating system. Virus files are
designed to inflict damage to a PC, and apparently that is what happened.

Since Windows XP is not based on the old MS-DOS platform, one cannot
boot into MS-DOS because it does not exist.

I would suggest backing up your important documents and files
and proceed with a "clean install" of Windows XP:

The Windows XP CD is bootable and contains all the tools necessary
to partition and format your drive. Follow this procedure and allow
Windows XP to partition and format your drive:

NOTE: It would be best to physically disconnect all your peripheral hardware
devices, except the monitor, mouse and

keyboard, before installing XP.

1. Open your BIOS and set your "CD Drive as the first bootable device".

===> Accessing Motherboard BIOS
===> http://www.michaelstevenstech.com/bios_manufacturer.htm

2. Insert your Windows XP CD in the CD Drive and reboot your computer.
3. You'll see a message to boot to the CD....follow the instructions.
4. The setup menu will appear and you should elect to delete the existing
Windows partitions, then create a new partition, then format the primary
partition (preferably NTFS) and proceed to install Windows XP.

5. Clean Install Windows XP
http://michaelstevenstech.com/cleanxpinstall.html

[Courtesy of Michael Stevens, MS-MVP]

6. ==> Immediately after installing Windows XP, turn on XP's Firewall.
==> http://www.microsoft.com/security/protect/

7. After Windows XP is installed, visit the Windows Update website
and download the available "Critical Updates".

8. After installing the critical updates, be sure and visit the support website
of the manufacturer of the computer to download and install any
available Windows XP compatible drivers, such as video adapter
and audio drivers.

9. If you happen to run into any installation

difficulties, use the following resources:

How to Troubleshoot Windows XP Problems During Installation

http://support.microsoft.com/default.aspx?

scid=kb;EN-US;310064

Troubleshooting Windows XP Setup
http://www.kellys-korner-xp.com/xp_setup.htm

[Courtesy of MS-MVP Kelly Theriot]

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

--------------------------------------------------------- --------------------


| (Note: O/S - Windows XP Home) Computer has MyDoom and
| Doomjuice variance worm. It recognizes when I try to
| perform following tasks: (Ctrl + Alt + Delete for) Task
| Manager; (run) regedit; regedt32; msconfig; (and try to
| run programs like) Spybot - Search and Destroy; AVG anti-
| virus. Worm is recognizing these are being ran and shuts
| them down immediately. Unable to perform anything.
| Downloaded the removal tool from Microsoft - says that my
| computer doesn't have virus, but the 30 secs or so AVG
| can perform a scan, at the beginning it shows the
| specific viruses. Tried running AVG in safe mode -
| unable to (can run Spybot in safe mode). Found out could
| run AVG in MS-Dos mode. Tried to run command prompt in
| safe mode but I got an error when starting the avg
| program (something about not being able to access the
| hard drive). But still able to go into program and do a
| scan (couldn't read some files it said during scan).
| Aborted scan - concerned about the error message
| received. Made a MS-Dos startup disc and restarted
| computer w/ disk in. Didn't go into MS-Dos. Won't go
| into MS-Dos mode. How can I go into MS-Dos mode on
| startup? Anyone have any suggestions, really need some
| help. Thank you.
.

 

[Carey Frisch [MVP]]

HOW TO: Create a Boot Disk for an NTFS or FAT Partition in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;305595

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

-----------------------------------------------------------------------------


| Excuse my ignorance but is there a way to start up in
| command prompt mode w/out going into safe mode command
| prompt (were I get the error)? I know that they created
| a new platform for Windows XP.

 

[Testy]

Ignore "Carey" he is 'off the wall' at the best of times. I lost ALL respect
for the MVP program when he weaseled his way in.

Testy

 

[cquirke (MVP Win9x)]

On Wed, 18 Feb 2004 09:41:19 -0600, "Carey Frisch [MVP]"

Unfortunately, the penalty for not having a good antivirus program installed,
not enabling a firewall, and not downloading the critical updates
available from the Windows Update website, is an opportunity
to perform a "clean install" of your operating system. Virus files are
designed to inflict damage to a PC, and apparently that is what happened.

Carey, you are implying that every active malware infection can only
be sorted (in XP) by a wipe and clean install.

Either that is the worst "cowboy" advice for a reasonable OS, or sound
advice for a unacceptably fragile trash OS. Which?

Since Windows XP is not based on the old MS-DOS platform, one cannot
boot into MS-DOS because it does not exist.

I would suggest backing up your important documents and files
and proceed with a "clean install" of Windows XP:

The Windows XP CD is bootable and contains all the tools necessary
to partition and format your drive. Follow this procedure and allow
Windows XP to partition and format your drive:

The above is ridiculous advice, and totally unneccessary if you avoid
using NTFS - in which case you'd simply shrug and do a formal virus
scan a la http://users.iafrica.com/c/cq/cquirke/virtest.htm

If you took advice to use NTFS (prolly from ppl like Carey, who say
"just format and re-install" whenever a virus goes active), then you
have made life more difficult for yourself. Did you think NTFS would
be "so secure" you'd never need to do a formal malware cleanup, or "so
robust" you'd never need data recovery? Reality check time.

The subject line says "MyDoom" and "Doomjuice". These are not monster
malware - you can prolly clean them with bare hands, after reading the
descs at www.f-secure.com/v-descs or similar sites.

Instead, you get a page full of detailled instructions on how to not
only destroy your installation, but also how to render it wide open to
re-attack (lost all the patches, right?).

Some advice is worth less than worthless.

--------------- ----- ---- --- -- - - -

Tech Support: The guys who follow the
'Parade of New Products' with a shovel.