To remove the My Doom virus immediately, proceed to Step 1 and 2, below.
MyDoom.B Mischief
The new version of the My Doom virus contains minimal technical innovations over it's predecessor (My Doom.A). MyDoom.B propogates itself via email and the KaZaA file-sharing network just as the "A" version did. One main difference is the email it sends out contains a different set of text strings in the body. The carrier file is about 28 KB in size and contains the text string: "sync-1.01", "andy", "I'm just doing my job", "nothing personal", and "sorry".
MyDoom.B is scheduled to launch attacks on www.sco.com and www.microsoft.com between February 1 and February 12, 2004.
The worm also modifies the operating system to prevent users from reaching many anti-virus vendors' sites, security-related news sites and various sections of the Microsoft site, as well as downloading data from banner networks.
Step 1: Run Kaspersky's CLRAV Remover
Download Kaspersky's CLRAV Remover here, close all active applications, and run it. After running the remover you'll restart your computer.
CLRAV scans the computer memory and hard drive of the infected machine, neutralizes the worm and restores the original configuration of the Windows system registry.
Additionally, this removal tool copes effectively with other malicious programs, including Klez, Lentin, Opasoft, Tanatos, Welchia, Sobif, Dumaru and Swen. Given the current outbreak, CLRAV is most useful for users, who have installed anti-virus protection that does not detect and delete Mydoom correctly.
Step 2: Do a Virus Check
If you don't have any anti-virus software, take a look at the links below. Get yourself setup with some anti-virus software and do a virus check.
See also:
Computer Associates; http://www3.ca.com/virusinfo/virus.aspx?ID=38114
Microsoft: https://information.microsoft.com/security/antivirus/mydoom.asp
Sophos: http://www.sophos.com/virusinfo/analyses/w32mydoomb.html
Symantec: http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
US CERT Technical Alert TA04-028A; http://www.us-cert.gov/cas/techalerts/TA04-028A.html
Source: Virus Encyclopedia
Image source: CNN
|