Jump to content
Ghost Recon.net Forums

Mydoom / Novarg Virus


Recommended Posts

As many of you know there is a new Virus out that is currently infecting machines all over the place and is on course to be the "largest virus outbreak in months".

It is known as one of the following aliases:


  • Mydoom
  • Mimail.R,
  • Novarg.A,
  • Shimg,
  • W32.Novarg.A@mm,
  • W32/Mydoom@MM

My mother received an infected e-mail just a few hours ago but fortunately Norton Anti-Virus stopped it dead. :thumbsup:

So to those of you with decent AV software, I recommend you update your signature files asap before downloading any e-mail.

Full Virus Details can be found here > Symantec or here > Sophos

A less technical article can be found at the BBC News page or at CNN news page

Link to post
Share on other sites
The new virus, which has the aliases of MyDoom or Novarg, arrives as an

attachment with an .exe, .scr, .zip or .pif extension and can have a subject

line of "test" or "status." Another recent virus purports to be from Microsoft

and instructs people to click on the attachment to install a security upgrade.

Microsoft do not send out such e:mails and the 'upgrade' contains a virus.

Link to post
Share on other sites

In brief, this worm scans your local files for email addresses, harvests them, attempts to send itself to those email addresses, and also leaves a "back door" on your system.

It's most obvious "function" is providing a DDoS attack on SCO's webserver.

Link to post
Share on other sites

I couldn't figure out a quick check to see if your machine is infected. I am getting so many through the mail, and so many bounced to be that I am wondering. AVG came up clean, is there a certain file we can search for in a certain folder to know if we have it?

Link to post
Share on other sites

There is... below is the message I got at work...

Mydoom  is a highly pervasive new computer worm (a program that makes copies of itself by using e-mail or any number of other methods) that is attacking computers worldwide.

This worm arrives at your pc in one of two ways:

1) P2P file sharing.  The worm can spread to your PC  if you access Internet file sharing networks, like Kazaa, or many web chat programs that use ICQ. 

2) Via email attachment.  The subject line/name/extension all vary.  It "spoofs" the from name, so it may arrive in an email from someone you know.  (This also means that someone else may also get the virus with your name in the "from" line, but that doesn't mean the virus was sent by you.  It simply means your address was in someone's address book who had the virus and it used those addresses when it replicated).

What you can do for your home PC:

The best thing you can do is to update your anti-virus program and do not open email attachments, even if the sender name is familiar to you.  One way to look for the worm is to go to Start, Search, and look for the file shimgapi.dll  on your local C drive.  If you find the file, you have the worm.

Link to post
Share on other sites
Bah, just got one of them flippin emails. Why must people invent this crap.<_<

One? Geez, I get 50 a day.

And it's not so much the people that invent them that really bug me, it's the fools who open them that are the problem. :wall::wall::wall::wall:

Link to post
Share on other sites

Sart, can you forward it to me?

I haven't received one of 'em at my personal account. I wanna test my high-tech Anti-Virus thingymabob. :ph34r:

Feel the wub.

@ Rocky

I completely agree with you. You don't know how frusturating it is to tell someone not to open emails/attachments from senders they don't recognize, only to receive a call from them 10 minutes later wondering why their Anti-Virus software popped up, informing them they had a virus attached to the email they just opened! :wall:

Link to post
Share on other sites
Sart, can you forward it to me?

I can't, I was joking about the whole forward thing, I deleted the frick'n thing soon as I got it. :ninja:

I love the fact that the email was from me, nice touch, I haven't sent any email in over a week. :lol:

Link to post
Share on other sites

probably not the real Bajabravo mate. When Sobig-F was at its worst I got mails from what seemed to be from a number of different GR.net members, including one from Baja and Rocky himself. They were all from hotmail accounts though. I know this virus faked an addy but what I can't understand was how it could fake an addy so it showed up like it was from someone I knew from the forum. :wacko:

Link to post
Share on other sites

Most of these virus writing A-Holes don't want to get caught, so they piggyback an email address that they stole from a previous virus they sent out when they were stealing address books earlier in the year last year. We all remember that.

IP addys and email addys aren't proof of anything anymore without sophisticated software, a hell of a computer, and the knowledge to put them both to good use.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...