Author Topic: E-Mail worm, Anyone?  (Read 711 times)

0 Members and 1 Guest are viewing this topic.

Offline ToecrusherHammerjaw

  • 27
  • Trayus no more.
Hey guys, I'm gonna be away for awhile because 1. I'm going on vacation away from my precious DSL connection, and 2. I got hit by the Mytob E-mail worm.  Very nasty.  Has anyone else got this worm?  If so, how serious is it?  It is Penn State's policy that I have to do a full system reformat before they allow my laptop back online, so I'm gonna do that anyway.  My question here is, what can't I back up other than the system32 folder?  I keep my model pics on a stick and the latest virus scans say that them and my .pof files don't seem affected.  Anyone out there savvy in this matter?  I'd appreciate it.

EDIT:  I am NOT typing from my laptop at the moment.  That would be suicide.  This is from a temporary location.  I have done nothing and will do nothing to endanger the HLP community.
« Last Edit: December 08, 2005, 12:57:55 pm by Trayus »

 
As long as you don't email it'd be ok, is my geuss.

I think you can safely backup anything that isn't executable, contains macros (word documents), orstuff like that. Or just scan the lot before opening it again, it ought to be safe.
just another newbie without any modding, FREDding or real programming experience

you haven't learned masochism until you've tried to read a Microsoft help file.  -- Goober5000
I've got 2 drug-addict syblings and one alcoholic whore. And I'm a ****ing sociopath --an0n
You cannot defeat Windows through strength alone. Only patience, a lot of good luck, and a sledgehammer will do the job. --StratComm

 

Offline Wanderer

  • Wiki Warrior
  • 211
  • Mostly harmless
Looking from the Sophos page it seems rather bad one, but it seems to be copied only to Windows system folder.

And by looking to Symantec the worm may dl rootkit, open its own mail service, open FTP access, block contacts to any anti-virus related address, open a backdoor to the cpu, turn off antivirus systems and the list goes on... That might be the reason for the format request.

Btw here is a removal tool for W32.Mytob@mm. I don't know if it works though, just happened to find it...
Do not meddle in the affairs of coders for they are soggy and hard to light

 

Offline ToecrusherHammerjaw

  • 27
  • Trayus no more.
Wow, thanks Wanderer!  That tool must be fairly recent, or I'd have heard about it sooner.  I will try it when I get home tonight.  If it works, you have my gratitude, and I will tell ResCom about it.  Maybe they can use it, because this virus has seen a serious outbreak throughout the Penn State campus.

And that rootkit, which is said not to be a rootkit at all, but something masquerading as one, was by biggest problem.  Symantec would flash deletion messages every 3 seconds.  It would find it, destroy it, but then it would respawn.  It stopped once I disabled the mail service that came with the virus.
« Last Edit: December 08, 2005, 01:11:36 pm by Trayus »

 

Offline Wanderer

  • Wiki Warrior
  • 211
  • Mostly harmless
Infact it seems to be from February 2005... I found it from here. I'll hope it works. But if you are dealing with a new 'breed' then it might not work.
Do not meddle in the affairs of coders for they are soggy and hard to light

 

Offline Sandwich

  • Got Screen?
  • 213
    • Skype
    • Steam
    • Twitter
    • Brainzipper
Seriously, how do you people get infected with viruses? I just don't get it. Anti-virus programs are like going to a doctor to deal with your broken leg, which you got from falling from the 3rd floor balcony railing you were balancing on - they treat the symptom, not the root. For internet-spreading viruses (viruses that spread over a LAN are another story), follow these simple steps.

First off, don't use IE. It's vulnerable. I - and many, many other people - recommend Firefox, Opera, or Safari (for Mac). Secondly, don't use Outlook Express or Outlook. They're vulnerable as well, since they use IE as the HTML rendering engine. I recommend Mozilla Thunderbird. Thirdly - and only thirdly - use an anti-virus program to catch anything you may still run across.

Seriously, I am willing to bet that someone with no anti-virus, but who knows what simple precautionary steps to take (such as those I outlined above) is far safer from viruses than someone who doesn't know what they're doing, yet runs the top-of-the-line anti-virus. It's all about education, kiddies.
SERIOUSLY...! | {The Sandvich Bar} - Rhino-FS2 Tutorial | CapShip Turret Upgrade | The Complete FS2 Ship List | System Background Package

"...The quintessential quality of our age is that of dreams coming true. Just think of it. For centuries we have dreamt of flying; recently we made that come true: we have always hankered for speed; now we have speeds greater than we can stand: we wanted to speak to far parts of the Earth; we can: we wanted to explore the sea bottom; we have: and so  on, and so on: and, too, we wanted the power to smash our enemies utterly; we have it. If we had truly wanted peace, we should have had that as well. But true peace has never been one of the genuine dreams - we have got little further than preaching against war in order to appease our consciences. The truly wishful dreams, the many-minded dreams are now irresistible - they become facts." - 'The Outward Urge' by John Wyndham

"The very essence of tolerance rests on the fact that we have to be intolerant of intolerance. Stretching right back to Kant, through the Frankfurt School and up to today, liberalism means that we can do anything we like as long as we don't hurt others. This means that if we are tolerant of others' intolerance - especially when that intolerance is a call for genocide - then all we are doing is allowing that intolerance to flourish, and allowing the violence that will spring from that intolerance to continue unabated." - Bren Carlill

 

Offline Windrunner

  • 210
  • The Hammer.
amen brother. those are the rules that i use when i am surfing the net. when i come to think of it i have never been infected by a virus or a worm, some trojans and ad ware have slipped by but those are easily detected by ad aware or any other antispyware.
Staffmember: Hard Light Productions
I said a lot of things.  Some of them were even true. - Aldo_14

  

Offline Wanderer

  • Wiki Warrior
  • 211
  • Mostly harmless
And also use firewalls. Anything is better than nothing.
Do not meddle in the affairs of coders for they are soggy and hard to light