Win32/Mydoom.A

[scaz69]

If anyone gets an email from held@knifepoint.co.uk, with Hi, or anything else in the subject, delete the thing as it contains the mydoom.a virus.

Anyone stupid enough not to use a virus killer, make sure your email client is not set to automaticly open your emails.

Hurray for NOD32.....

scaz69.

[banzibaby]

Thanks for the warning bud, this is the reason i use mailwasher to see my mail before i download it

BaNzI

[PC-GUY]

Thanks for the warning bud, this is the reason i use mailwasher to see my mail before i download it

BaNzI

I also use mail washer for the same reason. But I'm waiting for the phone calls I know one of my friends will get it. I can think of one friend who got the wormblaster twice lets hope he doesn't get this one. But thank for the tip lets hope he reads it.

[scaz69]

Think i might use mailwaher myself from now on, cheers.

[scaz69]

I dont believe it, ive received another email, this time from..
Mail Delivery Subsystem [MAILER-DAEMON@perf.hotchilli.net] saying..

The original message was received at Tue, 3 Feb 2004 14:12:31 GMT from adsl93.101.dial.hot.broadband.adsl.broadbandonly.c o.uk [195.248.101.93]

----- The following addresses had permanent fatal errors -----
(reason: 550 relaying blocked, read new mail, add 217.72.163.14 to forwarding or enable smtp authentication in y)

----- Transcript of session follows -----
... while talking to mail1.netwinsite.com.:
>>> RCPT To:
<<< 550 relaying blocked, read new mail, add 217.72.163.14 to forwarding or enable smtp authentication in y 550 5.1.1 ... User unknown

This one also containing the mydoom.a virus. Basterds...

[banzibaby]

It weird, but i never got hit with that virus at all, a lot of folk i know did, just wonder what i done different, but then i never download any attachments untill i have checked that the person sending then has indeed sent it

BaNzI

[NetLion]

Attached

Microsoft “Mydoom” Worm Removal Tool - KB836528

[scarecrow]

I LOVE opening such emails... using Thunderbird under Mandrake 9.2!

[NoSpam]

Remember that it's not enough to simply use a cleaner to remove the virus.

1. The virus installs a backdoor, so you need to scan your entire system to be certain nothing else was downloaded to your system. In addition to a virus scanner, I'd scan it with an anti-trojan utility like TrojanHunter or Trojan Remover, or TDS-3, and then also scan with Adaware and Spybot S&D. And of course be certain each scanner has the most up-to-date signature update possible. A good place to check to see when the latest update to most major scanners is dslreports. Go the the security forum, and open the top stickey post (Security Software Updates), and it lists the programs, when they were updated, and download links. _http://www.dslreports.com/forum/security,1

2. You need to improve your security. DON'T automatically open e-mails in Outlook or Outlook Express in the preview pane, DON'T open attachments from someone you don't know, DON'T open executable attachments even from someone you do know unless you were expecting it; verify that they sent it first. DON'T run without a firewall. If the virus did access the net, you either need to tighten rules in your firewall, or install a decent one if heaven forbid you didn't have one. Running without a firewall these days, even if all you have is dial-up, is simply waiting for a disaster to happen. Same thing if you take a firewall down to play a game, rather than taking the time to get the firewall properly configured for your program. You are opening the door and inviting trouble.

NoSpam

[NetLion]

Well said !!!

[scaz69]

Running NOD32, TrojanHunter & Sygate, so luckerly non of the buggers got through. Also do scan with spybot. Had 10 mydoom in all over 3 nights, looks like they got bord.