Hunker down people, BIG virus coming your way!!!!! **Updated with removal tools**

[JackBurton]

The W32/Mydoom@MM has just slammed into us. The virus just came out TODAY so your anti-virus probably won't catch it. It is rated as a "High-Outbreak" for home and corp users. The virus comes through email (of course) and has a *.zip attachment...

This is a mass-mailing worm that arrives in an email message as follows:

Subject: (Random)
Body: (Varies, such as)

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
Attachment: (varies - often arrives in a ZIP archive) (22,528 bytes)

The icon used by the file tries to make it appear as if the attachment is a text file




When this file is run it copies itself to the local system with the following filenames:

c:\Program Files\KaZaA\My Shared Folder\activation_crack.scr
c:\WINDOWS\Desktop\Document.scr
c:\WINDOWS\SYSTEM\taskmon.exe

It also uses a DLL that it creates in the Windows System directory:

c:\WINDOWS\SYSTEM\shimgapi.dll (4,096 bytes)

It creates the following registry entry to hook Windows startup:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\_
CurrentVersion\Run "TaskMon" = %SysDir%\taskmon.exe

Watch out guys, this is ugly!



**Update** Here are some virus removal tools submitted by ViRGE and MaxDepth:

Gaobot removal tool

McAfee AVERT Stinger

 

[NathanBWF]

been getting these all afternoon....I just blocked .zip attachments on the email server...

EDIT: Sticky?

 

[Paulson]

Symantec doesn't have an update for norton yet... hmmm

 

[RossMAN]

How do people normally get these viruses, what are the 5 most common methods of infection?

I don't use P2P or bit torrent applications.
I don't use Outlook or Outlook Express (either PINE or Webmail for me).
If I receive e-mail from people I don't know, it gets deleted immediately without even viewing it.
I practice safe disk swapping.

So how would I contract this or any other virus?

 

[TheToOTaLL]

<3 Exchange Attachment filtering

 

[JackBurton]

Originally posted by: RossMAN
How do people normally get these viruses, what are the 5 most common methods of infection?

I don't use P2P or bit torrent applications.
I don't use Outlook or Outlook Express (either PINE or Webmail for me).
If I receive e-mail from people I don't know, it gets deleted immediately without even viewing it.
I practice safe disk swapping.

So how would I contract this or any other virus?

This virus comes from people you DO know.

 

[JonnyBlaze]

i think i already got that emailed to me. it said it was from elaine, the real address was a hotmail account. the zip file had one file in it that said something like pic.jpg ...exe

lol

i feel bad for anyone who actually opens these.

JB

 

[Ynog]

I love linux.

 

[NathanBWF]

Originally posted by: TheToOTaLL
<3 Exchange Attachment filtering

:beer:

 

[GoingUp]

so what does it do to your computer when you get it?

 

[RossMAN]

Originally posted by: JackBurton

Originally posted by: RossMAN
How do people normally get these viruses, what are the 5 most common methods of infection?

I don't use P2P or bit torrent applications.
I don't use Outlook or Outlook Express (either PINE or Webmail for me).
If I receive e-mail from people I don't know, it gets deleted immediately without even viewing it.
I practice safe disk swapping.

So how would I contract this or any other virus?

This virus comes from people you DO know.

Ah good point, didn't think about that ... but it's an attachment right?

 

[ivol07]

Got a few today, seems to be more than other viruses.

 

[MercenaryForHire]

EXE attachments are like Darwin Awards for computer users.

Do not click on them. Ever.

- M4H

 

[ViRGE]

A near repost(by 2 minutes).

 

[CraigRT]

hm, haven't seen one of these yet... damn good thing i guess too

 

[JackBurton]

Originally posted by: MercenaryForHire
EXE attachments are like Darwin Awards for computer users.

Do not click on them. Ever.

- M4H

Dude, this one is tricky (for regular users). It comes in a zip and when you open the zip, it looks like a text file (has a text icon) but has a *.scr extension. Users not paying attention see a text file, open it and BAM, your toast!

 

[SoylentGreen]

Originally posted by: Ynog
I love linux.

 

[Nocturnal]

I NEVER open files from people I don't know nor do I open files from people I do know. How do so many people get infected?

 

[azazyel]

Thanks for the Heads up....I think I just got it emailed to me.

 

[azazyel]

Thanks for the Heads up....I think I just got it emailed to me.

 

[konichiwa]

Originally posted by: Gobadgrs
so what does it do to your computer when you get it?

Opens up a TCP port, presumably so some jerkoff can access your PC.

 

[Nocturnal]

Originally posted by: JackBurton

Originally posted by: MercenaryForHire
EXE attachments are like Darwin Awards for computer users.

Do not click on them. Ever.

- M4H

Dude, this one is tricky (for regular users). It comes in a zip and when you open the zip, it looks like a text file (has a text icon) but has a *.scr extension. Users not paying attention see a text file, open it and BAM, your toast!

Sorry but this is like the oldest trick in the book. I've never been infected by a virus like this just because I never run attatchments, ever. Unless I have spoken to someone via AIM or phone and they've told me previously before hand that they were going to send me a file.

 

[MercenaryForHire]

Originally posted by: JackBurton

Originally posted by: MercenaryForHire
EXE attachments are like Darwin Awards for computer users.

Do not click on them. Ever.

- M4H

Dude, this one is tricky (for regular users). It comes in a zip and when you open the zip, it looks like a text file (has a text icon) but has a *.scr extension. Users not paying attention see a text file, open it and BAM, your toast!

For stupid users perhaps! Even my mother, who has the minimal knowledge necessary, sees those come in and goes "I didn't ask for any Zip file! This is a virus, isn't it!" [DELETE]

- M4H

 

[JonnyBlaze]

Originally posted by: Nocturnal

Originally posted by: JackBurton

Originally posted by: MercenaryForHire
EXE attachments are like Darwin Awards for computer users.

Do not click on them. Ever.

- M4H

Dude, this one is tricky (for regular users). It comes in a zip and when you open the zip, it looks like a text file (has a text icon) but has a *.scr extension. Users not paying attention see a text file, open it and BAM, your toast!

Sorry but this is like the oldest trick in the book. I've never been infected by a virus like this just because I never run attatchments, ever. Unless I have spoken to someone via AIM or phone and they've told me previously before hand that they were going to send me a file.

same reason i have never gotten one of these worms you allways hear about.

JB

 

[Jzero]

Originally posted by: Nocturnal
I NEVER open files from people I don't know nor do I open files from people I do know. How do so many people get infected?

They just go clickety-click! I use a rule-based filter that sends you a message saying "The following file was quarantined, please e-mail us if you actually needed it."

I've had people go "I need this file virus.exe. Can you get it for me?"
And I say "Were you expecting it? Do you know the sender?"
And they say "No and no, but what if it's something important?"

Gimme a break!