Phanerothyme Posted January 27, 2004 Share Posted January 27, 2004 the removal instructions on symantec's website have been updated recently (3pm) http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html Requires a safe mode restart and the deletion on C:\%system%\shimgapi.dll plus some modification of registry keys. shimgapi.dll is run by EXPLORER.exe so it cannot be shut down under normal circumstances, hence the safe mode bit. *sigh* I wish they had told me this last night, although my host is now purging mailboxes. Still ZA Pro did stop it from using the local mailserver or its own SMTP to send any more outgoing mails. Link to comment Share on other sites More sharing options...
RPG Posted January 27, 2004 Share Posted January 27, 2004 Originally posted by rarstar Any SHU students on here? Has the network gone down or something? There's no email or website. SHU's power has gone down, AFAIK its still not back up yet. Link to comment Share on other sites More sharing options...
Phanerothyme Posted January 27, 2004 Share Posted January 27, 2004 hmm power cut on crescent road too Link to comment Share on other sites More sharing options...
Fletch Posted January 27, 2004 Share Posted January 27, 2004 so what does this virus do then?? sorry im not all up to date on the comp front and am a bit thick Link to comment Share on other sites More sharing options...
Phanerothyme Posted January 27, 2004 Share Posted January 27, 2004 Originally posted by Fletch so what does this virus do then?? sorry im not all up to date on the comp front and am a bit thick http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html Link to comment Share on other sites More sharing options...
RPG Posted January 27, 2004 Share Posted January 27, 2004 thing is, its another "open my attachment" email, if you open them without AV software then really its your own fault if you get infected. Link to comment Share on other sites More sharing options...
Phanerothyme Posted January 29, 2004 Share Posted January 29, 2004 The only reason I opened this file, even though I knew it was a virus was that had not been picked up by NAV on mail scanning or a direct scan of the file. Even after infection NAV wouldn't pick it up - 'twas too new. My smug sophos running friend told me (after I sent him a copy of the infected email) that sophos picked it up straight away. But I was pretty sanguine in that ,apart from 7GB of newly ripped music, I have invested little in this new machine so far, so I went ahead and opened it. And I was able to warn lots of people to back up their mail servers and avoid getting swamped. [edit] Symantec now have a removal tool here: http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.removal.tool.html Link to comment Share on other sites More sharing options...
Geoff Posted January 29, 2004 Author Share Posted January 29, 2004 Security firms are warning that a new strain of the Mydoom virus could spread more widely than its predecessor. They fear that the thousands of PCs infected by the first Mydoom bug are being used to spread the new variant. The second strain, called Mydoom.b, is programmed to attack the websites of Microsoft and software firm SCO. Mydoom is now ranked as one of the largest virus outbreaks ever and at its height made up 30% of all e-mail traffic, according to anti-virus firms... more Time to update the virus definitions again Link to comment Share on other sites More sharing options...
Siân Posted January 29, 2004 Share Posted January 29, 2004 I went off to update my virus definitions after reading this thread (not leaving it to live update) Since doing that I've had a complete nightmare When I rebooted it told me I had no virus definitions at all and the pc kept freezing then crashing ( I do HATE that blue screen). So I uninstalled Norton System Works and then reinstalled it and it all seemed fine - the virus definitons were uploaded with no problems Only it carried on freezing and crashing. Computer illiterate as I am I worked out that it'd had only been a prob since I tried to update the virus definitons so I turned off live update and I've had no more problems. BUT I can't keep my virus definitions up to date. I did a search on Google to see if anyone else was having similar problems and it seems I'm not the only one having problems. I took the advice on one site to go to the ASA on the Symantec site and it's telling me I have an unsupported version of System works and Virus definitions. Now I had been waiting for them to notify me it was time to renew my subscription (like last year) but on checking the LiveUpdate thing on System Works it said I had 366 days left so I assumed I'd paid for a 2 yr subscription without realising ... Obviously that's not the case (although I don't get how I was able to reinstall the virus definitions using Live Update after I'd reinstalled Systems Works if I needed to renew my subs but then I'm probably being thick here) and I am loathe to renew with Symantec now before finding out what other people use/ recommend. I'd be greatful if anyone had any advice to offer on this ( I have Norton System works on Windows 98 atm) (Partic interested in Sophos Phan but would like to know more) Link to comment Share on other sites More sharing options...
Jayne Posted January 29, 2004 Share Posted January 29, 2004 I once nearly killed my computer by installing two different virus killing sofware packages (how was I to know better) apparently they think each other is a virus - then blue screen of death. Don't do it! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.