remove doomjuice.b ???

[Karen]

NOTE: This message was sent thru a mail2news gateway.
No effort was made to verify the identity of the sender.
--------------------------------------------------------

I run Nod32 and update it almost twice daily. Have firewall blocking ports
3127 through 3198 both for UDP and TCP both directions. I use TDS3
(updated daily) and it consistently comes up with I also use Reg Protect
that alerts me as to anything added to registry and unless installing a
pgm, nothing goes into it.

Scan Control Dumped @ 12:15:04 13-02-04
RegVal Trace: Worm.Doomjuice.b please submit: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run
[NeroCheck=C:\WINDOWS\system32\NeroCheck.exe]

on a full scan. I delete this *())_%$#**% and on reboot appears again.
Can't get rid of the thing. Nod32 did catch 6 "mydoom" viruses in 3 days
primarily from spam but on my main account that I don't use for anything
but business.

How do i get rid of this thing?

I thought TDS3 and Nod32 were some of the best software for this stuff??? .
Nothing came up for this one.

Karen


~~~~~~~~~~~~~~~~~~~~~
If you consider the content of this post to be particularly offensive, disgusting or plain illegal,
it is probably 'designer abuse', a message designed specifically to hurt the remailer's reputation/existence.
http://groups.google.com/groups?selm=6THHPRAL38002.4374074074@anonymous&oe=UTF-8&output=gplain
Some people hate this remailer so badly that, for example, they did not hesitate to celebrate the death of 148 French tourists in a plane crash.
Those people seceded from the human race, so don't hesitate to report them directly to the police.
2004/01/03 (contact <[email protected]>) Blue.Jay celebrates
http://groups.google.com/[email protected]&oe=UTF-8&output=gplain
2004/01/19 <[email protected]> Len Sassaman chooses that moment to bring his support to Blue.Jay
http://groups.google.com/[email protected]&oe=UTF-8&output=gplain

More about the subject will be available http://frogadmin.yi.org/HOS/

 

[Guest]

Hi Karen

You got Doomjuice because you had MyDoom. i think you got cought out cos it
moved fast! in some cases faster than the updates!

Here is a link to the MyDoom removal tool,
http://www.bitdefender.com/html/free_tools.php

Also i have some background info cut n pasted below.

Keeping your scanner updated is important and via your ISP use filters for
the spam.
Also starting your pc in safemode and then try the scan helps in many cases.


Name: Win32.Mydoom.B@m (Win32.Novarg.B@mm)
Aliases: I-Worm.Mydoom.b, W32/Mydoom.b@MM, W32/MyDoom-B
Type: Executable Backdoor Mass Mailer
Size: 29184 bytes, 5632 bytes
Discovered: 28.01.2004
Detected: 28.01.2004
Spreading: Low
Damage: Medium
In The Wild: Unknown

Symptoms:
The following files in the Windows System folder (%SYSDIR%):
EXPLORER.EXE
CTFMON.DLL

The following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
with the value:
Explorer = %SYSDIR%\EXPLORER.EXE

Activity on ports 1080 or 10080 and 3127.



Technical description:
This is an internet worm that spreads trough e-mail and file sharing
programs and has backdoor capabilities.

It also tries to infect computers in the local network already infected by
the former variant of the worm, by using the backdoor already installed on
port 3127.

The e-mail arrives in the following format:

From:
A random text or an address with one of the following domains:


a.. aol.com

b.. msn.com

c.. yahoo.com

d.. hotmail.com

Subject:
Randomly chosen from the following list:

a.. Mail Transaction Failed

b.. Unable to deliver the message

c.. Status

d.. Delivery Error

e.. Mail Delivery System

f.. hello

g.. Error

h.. Server Report

i.. Returned mail

Body text:
A random text or one of the following:

a.. test

b.. The message cannot be represented in 7-bit ASCII encoding and has been
sent as a binary attachment.

c.. sendmail daemon reported: Error #804 occured during SMTP session.
Partial message has been received.

d.. The message contains Unicode characters and has been sent as a binary
attachment.

e.. The message contains MIME-encoded graphics and has been sent as a
binary attachment.

f.. Mail transaction failed. Partial message is available.
etc etc

Stephen

I am in no way a prof in these matters so i advise you to check more
sources.

NOTE: This message was sent thru a mail2news gateway.
No effort was made to verify the identity of the sender.
--------------------------------------------------------

I run Nod32 and update it almost twice daily. Have firewall blocking ports
3127 through 3198 both for UDP and TCP both directions. I use TDS3
(updated daily) and it consistently comes up with I also use Reg Protect
that alerts me as to anything added to registry and unless installing a
pgm, nothing goes into it.

Scan Control Dumped @ 12:15:04 13-02-04
RegVal Trace: Worm.Doomjuice.b please submit: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run
[NeroCheck=C:\WINDOWS\system32\NeroCheck.exe]

on a full scan. I delete this *())_%$#**% and on reboot appears again.
Can't get rid of the thing. Nod32 did catch 6 "mydoom" viruses in 3 days
primarily from spam but on my main account that I don't use for anything
but business.

How do i get rid of this thing?

I thought TDS3 and Nod32 were some of the best software for this stuff??? ..
Nothing came up for this one.

Karen


~~~~~~~~~~~~~~~~~~~~~
If you consider the content of this post to be particularly offensive, disgusting or plain illegal,
it is probably 'designer abuse', a message designed specifically to hurt

the remailer's reputation/existence.

http://groups.google.com/groups?selm=6THHPRAL38002.4374074074@anonymous&oe
=UTF-8&output=gplain
Some people hate this remailer so badly that, for example, they did not

hesitate to celebrate the death of 148 French tourists in a plane crash.