I do but don't have a virus, what's up?

  • Thread starter Thread starter mmm, Pie
  • Start date Start date
M

mmm, Pie

I keep getting a brief message from NAV saying it found mydoom.a in some
file, (it seems to find it in the EXACT same file every time) and then it
says it deletes it. I've ran NAV (i have latest defs) a couple of times with
no results, and I've also run the mydoomfix from security response, and it
didn't find it. I haven't found any of the files from the report on my
system but I keep getting the warning every now and then.

What can I do about this?
 
do you have it checking incoming mail? are you sure its not giving you
warning about a file attached to an email that is coming in??
 
Steve said:
RTI (Read The Instructions):

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Specifically:

"If you are running Windows Me or XP, then disable System Restore."

There are even links there to tell you how.

Good call, Steve! If System Restore is running, then you really haven't
got rid of the virus.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"
 
I already ran that tool from security response. Maybe it was something to do
with e-mails...

Here's my scenario.

unfortunately, I'm on dialup. I use outlook 2002 and I have a bunch of
messages I need to download. Actually, last thursday I had 27, and it said
it'd take over 4 hours. So, I'm like, great, someone sent me an attachment.
I left dialup on all night to download the messages and I only got the usual
spam worm ones, nothing more then like 30 k. So, I figure my mail server has
to have something because this is rediculous. I've never had problems
sending and receiving e-mails, I mean sure it's a little slow, but never
like this. I'm having the same problems sending e-mail now too, it takes
forever.

Maybe the NAV warnings were when I was trying to send/receive, considering
that I haven't received the error in a while today (probably since I closed
outlook) that could be a hint. The file that was infected was always some
temp file. Does this sound familiar?

Anyways, I'll try outlook again and see if I get those warnings again.
 
Oh, about the e-mails scanning, this is an entirely different message then
normal.

I always have it scanning e-mails but I have it on silent delete mode so I
don't have to tell it what to do for each e-mail.

This message that I'm receiving is in a red window and the only option is
okay or the x on the top right corner.

My friends and I joke about this all the time...

[norton antivirus 2003] [X]
/!\ NAV has detected a virus on your system.
[OK][Cancel]

It's like, great! maybe if I click cancel it will go away? : P
 
Oh, about the e-mails scanning, this is an entirely different message
then normal.

I always have it scanning e-mails but I have it on silent delete mode
so I don't have to tell it what to do for each e-mail.

This message that I'm receiving is in a red window and the only
option is okay or the x on the top right corner.

My friends and I joke about this all the time...

[norton antivirus 2003] [X]
/!\ NAV has detected a virus on your system.
[OK][Cancel]

It's like, great! maybe if I click cancel it will go away? : P

When you ran the Tool from Symantec, did you disable the System Restore
feature in Windows XP?

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"
 
Okay, right when I clicked send receive in outlook I got that alert
again so yeah, it's something to do with the e-mail. And that's gotta
be part of the reason it's taking so long to try and download
messages.

Here's a snap of the nav alert

http://www.wowcentral.com/random/nav_alert.gif

http://www.sophos.com/support/disinfection/mydooma.html

http://vil.nai.com/vil/stinger/

http://www.europe.fsecure.com/v-descs/novarg.shtml#disinf

http://www.microsoft.com/downloads/...e4-3d50-464d-a26c-9c287f8a08c5&displaylang=en

Here is a list of different MyDoom removal tools, but follow the
instructions very carefully.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"
 
Hehheh... our school district has internet filtering:

"You cannot access the following Internet address:
http://www.wowcentral.com/random/nav_alert.gif

The site you requested is blocked under your organization's filtering
policy. It fits into the following filtering category(ies) that your
organization has chosen to block:
Nudity"

Not to be alarmed though - it often spits out false alarms. I'll check
out the screen shot from home.

Steve
 
kurttrail said:
Steve Nielsen wrote:




Good call, Steve! If System Restore is running, then you really haven't
got rid of the virus.

Yep. Thanks for the back-pat Kurt - I need one today :)

Steve
 
LOL yeah, no nudity on that site there heh.

I never use system restore, so yes, it IS turned OFF.
 
The alert clearly shows there was an infected .tmp file on your local
drive. I recommend using Mailwasher to delete/bounce suspicious email at
the server BEFORE it gets dl'd to your local drive. That will also speed
up you getting the mail you do want by eliminating all the crap.

Steve
 
Okay thanks, i'll check it out. The e-mails are just piling up and I really
gotta download em.

I'll let you know what's up.
 
Sweet, it worked perfectly. Does the whole bouncing thing really work
though? I mean, have you noticed less spam because of it? I'm just a little
skeptical that it really works.
 
Cool, glad to hear it helped.

It may take a while for the spambots to nuke your address from their DBs
but yeah it should help cut it down some. Some won't ever give up but
there's nothing you can do about that short of getting a new email
address and NEVER using it online and ONLY give it to those you really
want mail from and pray they practice safe computing, too.

Steve
 
Yeah, I know the routine, my personal e-mail is pretty good, considering
it's ahotmail account too, I only get a couple of spams a week. I used to
give the addy out like crazy since I had an account with my ISP, but it
turned out my ISP sold their lists and I got unbelievable amounts of spam on
it unlike my hotmail which I was giving out as my potential spam account :)

thanks again.
 
Okay, the mail washer program is great and all, but I already have a good
working spam filter locally. I know I'm gonna get spam, so I'm not too
worried about bouncing and stuff. I'm still getting the virus alert error,
and it is not downloading my messages still. The MW was a cool quick
solution, but why all of a sudden did this start happening? is the mydoom
worm affecting server side downloads or what? Why is it preventing me from
downloading my messages?
 
Of course Mailwasher won't prevent you from downloading another infected
message and getting re-infected. That suggestion was soley to get your
server-side junk messages cleared up before downloading the whole
shebang all over again.

If it's the same NAV alert that you posted before then you are getting
re-infected.

Try using a mail program other than Outlook and see what happens. I
don't use Outlook, however I recall reading that with some infected
emails merely having the preview pane enabled and clicking on a message
can infect the machine.

Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top