WTF?

(RIP) Jamie · Jan 28, 2004

I had an e-mail otnight from someone called Rachel Weavers at NHS Direct - attached to it was a file called body.

It was a zip file, which due to address I thought was legit, on account of Merle working for the NHS.

So I saved it to me desktop, tried to open it but it has a DOS icon attached and I can't make head nor tail of it.

In the properties it says its a y.htm file and "Performs text-based (command-line) functions."

I e-mailed her back with a WTF type question.

I can't delete it, and me Internet Explorer shortcut has disappeared from me desktop.

Other than that, PC working fine.

What's all abaht?

Oh, and me e-mail server sent me another zip called test - you know, like sent to myself from myself???

Jamie

Fanum · Jan 28, 2004

Jamie....you have just become the proud new owner of the new virus called 'mydoom'...one sec, i'll dig it up, but update your virus def's now and run a full scan.....seriously...this has broken in the last 48 hours and it's big and nasty.....I'll stick more here in a few mins......

Fanum · Jan 28, 2004

Ok, here's Mcafee's info on it.....(It's also called Novarg by the way...)

McAfee Link..MyDoom Virus.

Tips to spot and remove the Mydoom email virus
1) This latest email worm is carried in a small file which appears as an email attachment.
2) Infected emails will often appear to have been sent from organisations like charities or educational institutions.
3) The message subject line is often just “test” or “status” and the main message looks quite technical - it may read "The message contains Unicode characters and has been sent as a binary attachment."
4) If you haven't updated your antivirus software recently, we recommend that you download and install any updates BEFORE you next receive your email.
5) You should always be extremely wary of opening any email attachment that you are not expecting.
6) If you have a firewall installed and it starts showing unusual pop-up messages it is likely that you’ve already been infected by Mydoom.
7) You can check for infection by running the Housecall online virus scanner.

And finally.....This gizmo is what you need to find and destroy the fukker.....

MyDoom AKA Novarg Removal tool.....

Hope that helps.........I'm gonna post a new thread on this as well 'cos as of 9pm tonight they're saying that around one in 9 emails worlwide are carrying this little bugger.......apparentluy it has a payload that's directed at one of the Linux suppliers and is set to offload o Feb 1st.

Steve · Jan 28, 2004

I've had several mails recently, claiming to be a picture that I'd requested. Sure enough, if you look in the zip file there's a file, seemingly with a .jpg extension.

What you don't see is the subsequent long string of spaces, followed by the .exe extension, unless you increase your column width.

Bloody sneaky, and NAV didn't spot it either.

Lucky I'm a suspicious bastard!!

Paul G (BHT) · Jan 28, 2004

I received it too on Sunday... exactly as Steve says, looks like a jpg extension until you expand the column width to reveal the exe extension

I'm a suspicious b'stard too and never open any attachment that I'm not expecting... bin it then delete it from your deleted items folder and keep your virus definitions up to date... check for new updates at least twice a week

(RIP) Jamie · Jan 29, 2004

Fuggit!

Thanks blokes, will now go home and pull me hair out.

See you soon I hope

Jamie

(RIP) Jamie · Jan 29, 2004

Sorted

Thanks Fanum, job done.

That was a close one.

Fanum · Jan 29, 2004

Pleasure mate.....and if anyone else hasn't got themselves covered for this one, I'd humbly suggest that you do.....its still spreading and there are three or four varients now.

:p1zzed:

WTF?

(RIP) Jamie

Well-known member

Fanum

Toubab

Fanum

Toubab

Steve

Registered user

Paul G (BHT)

Janitor

(RIP) Jamie

Well-known member

(RIP) Jamie

Well-known member

Fanum

Toubab

Similar threads