How bad is the mydoom virus?

[Trege]

How bad is this virus? I recently got it and I still don't know how I did I researched it and it only spreads by emails, after comodo detected it I did a virus scan to remove it, and I wanted to know if there is any damage it could have done within 20 minutes or higher.

I got this after I downloaded a Cel shading graphics plugin.

(When I had the virus I noticed my CPU was lagging and 200MB of ram was being used.)

I disabled system restore so it couldn't infect that and deleted my restore points after it was removed.

I'm a bit paranoid because I don't get viruses that often.

[Pitch]

mydoom is pretty old by now, so I'd imagine your anti-virus should be able to take care of it. But if you Google "mydoom fix," I'd imagine the first result or two should have something useful. As for what it does, Wikipedia has a nice description.

Wikipedia wrote:
The original version, Mydoom.A, is described as carrying two payloads:

* A backdoor on port 3127/tcp to allow remote control of the subverted PC (by putting its own SHIMGAPI.DLL file in the system32 directory and launching it as a child process of the Windows Explorer); this is essentially the same backdoor used by Mimail.
* A denial of service attack against the website of the controversial company SCO Group, timed to commence 1 February 2004. Many virus analysts doubted if this payload would actually function. Later testing suggests that it functions in only 25% of infected systems.

A second version, Mydoom.B, as well as carrying the original payloads, also targets the Microsoft website and blocks HTTP access to Microsoft sites and popular online antivirus sites, thus blocking virus removal tools or updates to antivirus software. The smaller number of copies of this version in circulation meant that Microsoft's servers suffered few ill effects.

I could suggest a much better solution, but I won't.

Out of curiosity, what program was the Cel-shading Graphics plug-in for?

[Trege]

It only lasted 20 minutes then comodo got rid of it.

Thanks for the info, if the virus is gone the backdoor is probably gone too right?

The plugin was for Epsxe, megaman legends 2 in Cel shading.

s88.photobucket.com/albums/k185/Alecsandar1111/?action=view¤t=MML2Celshaded.png

I think it's a pretty cool addon.

(I have Ubuntu as a dual boot option, I reinstalled it since I still like Linux, it runs well. ;D)

[Pitch]

Thanks for the info, if the virus is gone the backdoor is probably gone too right?
One would hope, but it never hurts to be sure, ‘specially with backdoors and such potentially leaving you open to worse infections. If the virus pops up again, that's probably a good indication that the AV. software isn't doing its job, but waiting for that might not be the best idea.

The fix itself looks complicated, but all it's saying is “Disconnect from the internet, close all programs, run the provided application and reboot. Then verify that all's well, to the point of running the fix again if it will make you happy, and make sure to update your AV software.” ..and I guess the bit about killing System Restore and putting it back on when you're done, but does anyone even use System Restore? Furthermore, System Restore is behind one of the several concurrent Microsoft-related incidents that led me to go Linux. But since you're dual booting it already — my respect for you has effectively doubled, btw — I can't really suggest much else.

That cel-shading plug-in looks spiffy indeed.

[Trege]

Thanks for your help Green, I'll try out the suggestion for the backdoor.

[Reavercat]

Where can we learn more about this cel shading add on?

[DeltaTrigger7]

Heck, I get viruses every few months. Just today, AVG Free Edition's Resident Evil Shield blocked five weird Trojan Horse SHeux varieties.

BTW, if you're paranoid about viruses like I am, you will DEFINITELY want to read these two articles.

en.wikipedia.org/wiki/Conficker

arstechnica.com/security/news/2009/03/confickerc-primed-for-april-fools-activation.ars

Win32/Conficker.C will rape your computer if you're not careful (sorry about being crude, but it's the most colorful word I can think of!).

[Trege]

That's nice to know... now I'm more paranoid then before. I hope comodo's defense + can help block some of the damage.

[MayImilae]

I had Conflicker before. It was pretty easy to get rid of with Kaspersky antivirus here at home, but it raped the computers at school!

And I don't know where you got that plugin from, but it was the wrong place! I got Guest's Plugins Pack 2.3 via google and it scanned and worked fine.