Jump to content
Ghost Recon.net Forums
Pave Low

Mydoom / Novarg Virus

Recommended Posts

As many of you know there is a new Virus out that is currently infecting machines all over the place and is on course to be the "largest virus outbreak in months".

It is known as one of the following aliases:


  • Mydoom
  • Mimail.R,
  • Novarg.A,
  • Shimg,
  • W32.Novarg.A@mm,
  • W32/Mydoom@MM

My mother received an infected e-mail just a few hours ago but fortunately Norton Anti-Virus stopped it dead. :thumbsup:

So to those of you with decent AV software, I recommend you update your signature files asap before downloading any e-mail.

Full Virus Details can be found here > Symantec or here > Sophos

A less technical article can be found at the BBC News page or at CNN news page

Share this post


Link to post
Share on other sites
The new virus, which has the aliases of MyDoom or Novarg, arrives as an

attachment with an .exe, .scr, .zip or .pif extension and can have a subject

line of "test" or "status." Another recent virus purports to be from Microsoft

and instructs people to click on the attachment to install a security upgrade.

Microsoft do not send out such e:mails and the 'upgrade' contains a virus.

Share this post


Link to post
Share on other sites

I have had sooo many of those emails, this is big.

Share this post


Link to post
Share on other sites

Anyone know how it affects the computer?

Edited by Crimson

Share this post


Link to post
Share on other sites

In brief, this worm scans your local files for email addresses, harvests them, attempts to send itself to those email addresses, and also leaves a "back door" on your system.

It's most obvious "function" is providing a DDoS attack on SCO's webserver.

Share this post


Link to post
Share on other sites

I couldn't figure out a quick check to see if your machine is infected. I am getting so many through the mail, and so many bounced to be that I am wondering. AVG came up clean, is there a certain file we can search for in a certain folder to know if we have it?

Share this post


Link to post
Share on other sites
%System%\Shimgapi.dll:

I think that means if you have that file in your windows/system folder, you are screwed.

Share this post


Link to post
Share on other sites

There is... below is the message I got at work...

Mydoom  is a highly pervasive new computer worm (a program that makes copies of itself by using e-mail or any number of other methods) that is attacking computers worldwide.

This worm arrives at your pc in one of two ways:

1) P2P file sharing.  The worm can spread to your PC  if you access Internet file sharing networks, like Kazaa, or many web chat programs that use ICQ. 

2) Via email attachment.  The subject line/name/extension all vary.  It "spoofs" the from name, so it may arrive in an email from someone you know.  (This also means that someone else may also get the virus with your name in the "from" line, but that doesn't mean the virus was sent by you.  It simply means your address was in someone's address book who had the virus and it used those addresses when it replicated).

What you can do for your home PC:

The best thing you can do is to update your anti-virus program and do not open email attachments, even if the sender name is familiar to you.  One way to look for the worm is to go to Start, Search, and look for the file shimgapi.dll  on your local C drive.  If you find the file, you have the worm.

Share this post


Link to post
Share on other sites

that worm sucks like sobig f in summer 2003...

every day up to 150 infected mails :angry:

YOU DAMN VIRUS PROGRAMMER :angry:

Share this post


Link to post
Share on other sites

I've had 2 E-Mails that were infected sent my way....Norton stopped it dead with the newest virus reference files.

Share this post


Link to post
Share on other sites

There's a new variant, apparently from the same author, except this one targets Microsoft.com.

Share this post


Link to post
Share on other sites

My web host installed new AV software this week which scans e-mails, so I'm safe. :)

Share this post


Link to post
Share on other sites
I've had 2 E-Mails that were infected sent my way....Norton stopped it dead with the newest virus reference files.

Thankfully i have Norton!! :thumbsup:

Share this post


Link to post
Share on other sites

Bah, just got one of them flippin emails. Why must people invent this crap.<_<

Share this post


Link to post
Share on other sites
Bah, just got one of them flippin emails. Why must people invent this crap.<_<

One? Geez, I get 50 a day.

And it's not so much the people that invent them that really bug me, it's the fools who open them that are the problem. :wall::wall::wall::wall:

Share this post


Link to post
Share on other sites

Yeah yeah, "Mr. Popularity" rub it in. :P

Just for that, I'm going to forward it to you. ;)

Share this post


Link to post
Share on other sites

Sart, can you forward it to me?

I haven't received one of 'em at my personal account. I wanna test my high-tech Anti-Virus thingymabob. :ph34r:

Feel the wub.

@ Rocky

I completely agree with you. You don't know how frusturating it is to tell someone not to open emails/attachments from senders they don't recognize, only to receive a call from them 10 minutes later wondering why their Anti-Virus software popped up, informing them they had a virus attached to the email they just opened! :wall:

Share this post


Link to post
Share on other sites
Sart, can you forward it to me?

I can't, I was joking about the whole forward thing, I deleted the frick'n thing soon as I got it. :ninja:

I love the fact that the email was from me, nice touch, I haven't sent any email in over a week. :lol:

Share this post


Link to post
Share on other sites

probably not the real Bajabravo mate. When Sobig-F was at its worst I got mails from what seemed to be from a number of different GR.net members, including one from Baja and Rocky himself. They were all from hotmail accounts though. I know this virus faked an addy but what I can't understand was how it could fake an addy so it showed up like it was from someone I knew from the forum. :wacko:

Share this post


Link to post
Share on other sites

Indeed, you cannot go by the sender field. I got one from news@3dretreat this morning for example.

Share this post


Link to post
Share on other sites

Most of these virus writing A-Holes don't want to get caught, so they piggyback an email address that they stole from a previous virus they sent out when they were stealing address books earlier in the year last year. We all remember that.

IP addys and email addys aren't proof of anything anymore without sophisticated software, a hell of a computer, and the knowledge to put them both to good use.

Share this post


Link to post
Share on other sites
Guest SI-Prozac

hackers suck

like that one 15 old kid got caught ... what happened to him?

he better of gotten life behind bars.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×