Virus Alert: MyDOOM!!!

[need4speed]

MyDoom prevention and cure
By Robert Vamosi



(1/26/04)

MyDoom is a mass-mailing worm that masquerades as a test message. MyDoom (w32.mydoom*mm, also known as Novarg, Shimgapi, Shimg, and MiMail.r) takes advantage of the ZIP file format's ability to pass through e-mail filters. It also uses Kazaa to spread. Within the first few hours, MyDoom spread quickly around the world. It affects only Windows users, not those using Macintosh, Linux, or Unix. Much of the worm's code is itself encrypted, and antivirus firms are still studying it. Because MyDoom spreads via e-mail and could severely slow or shut down e-mail servers with excess traffic, this worm rates a 7 on the CNET Virus Meter.
How it works
MyDoom arrives as e-mail with the subject line "Mail Delivery System," "Test," or "Mail Transaction Failed.” The body text reads: "The message contains Unicode characters and has been sent as a binary attachment." The attached files are one of the following:


document.zip
document.pif
doc.scr readme.exe
file.zip
message.zip
oia.zip
text.zip
When the worm is executed, MyDoom adds the following to the Windows/System subdirectory:


shimgapi.exe
taskmon.exe
If you are running the file-sharing program Kazaa, MyDoom will add a file named activation_crack.scr in this location: C:\Program files\Kazaa\My Shared Folder\.

The worm appears to install programs on infected computers, however, the programs themselves are encrypted. MyDoom is known to open Windows Notepad and display garbage text; it is also thought to be flooding SCO.com with a denial-of-service attack. In addition, the security company iDefense and McAfee are reporting that MyDoom opens port 3127 to listen for commands from a remote attacker.

Prevention
If you receive MyDoom, do not open the attached file. Delete the e-mail.

Removal
Almost all antivirus software companies have updated their signature files to include this worm. This will stop the infection upon contact and in some cases will remove an active infection from your system. For more information, see Central Command, Computer Associates, F-Secure, McAfee, Norman, Sophos, Symantec, or Trend Micro

[Ungas]

Yep, this notorious mass mailing worm can inflict on anyone who opens their email with the attachment. I did received in my OE with more than a couple of senders. Buti na lang it pays to keep your AV updated.

Thanks for the added security info.

[IceColdBeer]

The best thing to do is, don't open any attachments on your email if you're not sure of it.

[mantoy]

update lang kayo ng antivirus definition files. huli lahat yang email na yan. dami ko din na-receive na mails kahapon.

[kennster]

How to Tell if the System has been infected:

1: If the customer has opened an attachment from an email that looks like a bounce email or a test email, and Notepad has come up full of gibberish, then they probably have this worm.
2: If there is a file named "shimgapi.dll" on the hard drive, then the worm is installed on the system.
3: If there is a running process named "taskmon.exe", then the worm is installed and active.

You can also follow the removal procedure at this link: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.R

For more information:
http://vil.nai.com/vil/content/v_100983.htm
http://www.sarc.com/avcenter/venc/data/w32.novarg.a*mm.html

HTH

[pissword]

ako ndi nag oopen ng mail dito sa house...

but recently may natanggap ako galing sa sarili ko haha i mean sa group kasi sinend

HI lang then may attachment...binura ko lahat ang dami kong natanggap na puro HI...