w32/MYDOOM

Hello, Like a dummy I opened an attachment. Just for the heck of it I ran this new STINGER program. It found 10 versions of it. AVG and Norton don't see it to remove it. How can I remove it? I don't wanna infect everyone on my address book
Thanks

 

http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html
Free.

 

Thanks Reboot No viruses found!!!!!!!!!!!!!

 

Just for the heck of it I ran this new STINGER program. It found 10 versions of it. AVG and Norton don't see it to remove it.

10 versions of what? MyDoom? Try to update your Norton's virus definitions. If you can't, then you got the new variant. Look down a couple posts for info.

 

Thanks aleekat: 10 versions of w32/MYDOOM.a@mm in my Netscape trash was found by Stinger. I found in other posts some links to remove all the junk.

Thanks guys

 

Virus??

I just ran that Stinger proram from Mcafee that they released 1/28/04. It says I have the W32/Dumaru@mm 2 times. So I went to Symantic and found their W32/Dumaru@mm fix tool. It says I have NO such virus. Who do I believe???

Thanks Marty

Btw, I'm running AVG antivirus. Fully up to date and it finds nothing wrong either??

 

If in doubt walk through the manual cleanups. Look for files and regkeys mentioned.

Perhaps you have quarantined files by Norton that mcaffee is detecting as viral.

OR maybe this log file flips mcaffee out, as mentioned in the link provided:

Creates %Windir%\winload.log, which is a log file. The worm uses this file to store the stolen email addresses.

NOTE: This file is not viral by itself, and therefore, Symantec antivirus products do not detect this file. Manually delete it if your system is infected with this worm.

 

Thanks for replying goddez1, beyond using a removal tool for viruses I have no idea how to remove them. Basicly I don't follow what you said.

Marty

 

From Symantec: a.Click Start, and then click Run. (The Run dialog box appears.)
b.Type regedit

Then click OK. (The Registry Editor opens.)

c.Navigate to the key:

HKEY_LOCAL_MACHINE SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run

d.In the right pane, delete the value:

"load32 "= "%Windir%\load32.exe "

e.Exit the Registry Editor.
Nothing was there

 

Isn't this your second post the this "Stinger" found something, but others did not? Why not try an online scan. Housecall

 

I merged the two threads.
You haven't mentioned the OS, but is it possible these are found in the Restore folder?
I would disable System Restore, reboot, then enable it, if your OS has this.

 

Hello markp62: I have win 98. It does'nt have
that disable System Restore option right? House call would'nt run on my Netscape 4.79. I ran it on IE 6 and it says no viruses. Maybe thats it, I hope.

Marty

 

No, 98 does not have System Restore. I would go with the opinion of Housecall. Some AV programs do make what is called a false positive, that is why more than one scan is good.