[ToecrusherHammerjaw]

Hey guys, I'm gonna be away for awhile because 1. I'm going on vacation away from my precious DSL connection, and 2. I got hit by the Mytob E-mail worm.  Very nasty.  Has anyone else got this worm?  If so, how serious is it?  It is Penn State's policy that I have to do a full system reformat before they allow my laptop back online, so I'm gonna do that anyway.  My question here is, what can't I back up other than the system32 folder?  I keep my model pics on a stick and the latest virus scans say that them and my .pof files don't seem affected.  Anyone out there savvy in this matter?  I'd appreciate it.

EDIT:  I am NOT typing from my laptop at the moment.  That would be suicide.  This is from a temporary location.  I have done nothing and will do nothing to endanger the HLP community.

[kasperl]

As long as you don't email it'd be ok, is my geuss.

I think you can safely backup anything that isn't executable, contains macros (word documents), orstuff like that. Or just scan the lot before opening it again, it ought to be safe.

[Wanderer]

Looking from the Sophos page it seems rather bad one, but it seems to be copied only to Windows system folder.

And by looking to Symantec the worm may dl rootkit, open its own mail service, open FTP access, block contacts to any anti-virus related address, open a backdoor to the cpu, turn off antivirus systems and the list goes on... That might be the reason for the format request.

Btw here is a removal tool for W32.Mytob@mm. I don't know if it works though, just happened to find it...

[ToecrusherHammerjaw]

Wow, thanks Wanderer!  That tool must be fairly recent, or I'd have heard about it sooner.  I will try it when I get home tonight.  If it works, you have my gratitude, and I will tell ResCom about it.  Maybe they can use it, because this virus has seen a serious outbreak throughout the Penn State campus.

And that rootkit, which is said not to be a rootkit at all, but something masquerading as one, was by biggest problem.  Symantec would flash deletion messages every 3 seconds.  It would find it, destroy it, but then it would respawn.  It stopped once I disabled the mail service that came with the virus.

[Wanderer]

it seems to be from February 2005... I found it from here. I'll hope it works. But if you are dealing with a new 'breed' then it might not work.

[Sandwich]

Seriously, how do you people get infected with viruses? I just don't get it. Anti-virus programs are like going to a doctor to deal with your broken leg, which you got from falling from the 3rd floor balcony railing you were balancing on - they treat the symptom, not the root. For internet-spreading viruses (viruses that spread over a LAN are another story), follow these simple steps.

First off, don't use IE. It's vulnerable. I - and many, many other people - recommend Firefox, Opera, or Safari (for Mac). Secondly, don't use Outlook Express or Outlook. They're vulnerable as well, since they use IE as the HTML rendering engine. I recommend Mozilla Thunderbird. Thirdly - and only thirdly - use an anti-virus program to catch anything you may still run across.

Seriously, I am willing to bet that someone with no anti-virus, but who knows what simple precautionary steps to take (such as those I outlined above) is far safer from viruses than someone who doesn't know what they're doing, yet runs the top-of-the-line anti-virus. It's all about education, kiddies.

[Windrunner]

amen brother. those are the rules that i use when i am surfing the net. when i come to think of it i have never been infected by a virus or a worm, some trojans and ad ware have slipped by but those are easily detected by ad aware or any other antispyware.

[Wanderer]

And also use firewalls. Anything is better than nothing.