Trege
Poh
oro?
Meddling with Legends 1, Legends 2 and Mega Man 64 data.
Posts: 463
|
Post by Trege on Mar 23, 2009 18:24:37 GMT -5
How bad is this virus? I recently got it and I still don't know how I did I researched it and it only spreads by emails, after comodo detected it I did a virus scan to remove it, and I wanted to know if there is any damage it could have done within 20 minutes or higher.
I got this after I downloaded a Cel shading graphics plugin.
(When I had the virus I noticed my CPU was lagging and 200MB of ram was being used.)
I disabled system restore so it couldn't infect that and deleted my restore points after it was removed.
I'm a bit paranoid because I don't get viruses that often.
|
|
|
Post by Pitch on Mar 24, 2009 13:59:04 GMT -5
mydoom is pretty old by now, so I'd imagine your anti-virus should be able to take care of it. But if you Google "mydoom fix," I'd imagine the first result or two should have something useful. As for what it does, Wikipedia has a nice description. Wikipedia wrote: The original version, Mydoom.A, is described as carrying two payloads:
* A backdoor on port 3127/tcp to allow remote control of the subverted PC (by putting its own SHIMGAPI.DLL file in the system32 directory and launching it as a child process of the Windows Explorer); this is essentially the same backdoor used by Mimail. * A denial of service attack against the website of the controversial company SCO Group, timed to commence 1 February 2004. Many virus analysts doubted if this payload would actually function. Later testing suggests that it functions in only 25% of infected systems.
A second version, Mydoom.B, as well as carrying the original payloads, also targets the Microsoft website and blocks HTTP access to Microsoft sites and popular online antivirus sites, thus blocking virus removal tools or updates to antivirus software. The smaller number of copies of this version in circulation meant that Microsoft's servers suffered few ill effects. I could suggest a much better solution, but I won't. Out of curiosity, what program was the Cel-shading Graphics plug-in for?
|
|
Trege
Poh
oro?
Meddling with Legends 1, Legends 2 and Mega Man 64 data.
Posts: 463
|
Post by Trege on Mar 24, 2009 15:42:50 GMT -5
|
|
|
Post by Pitch on Mar 24, 2009 16:34:14 GMT -5
Thanks for the info, if the virus is gone the backdoor is probably gone too right? One would hope, but it never hurts to be sure, ‘specially with backdoors and such potentially leaving you open to worse infections. If the virus pops up again, that's probably a good indication that the AV. software isn't doing its job, but waiting for that might not be the best idea.
The fix itself looks complicated, but all it's saying is “Disconnect from the internet, close all programs, run the provided application and reboot. Then verify that all's well, to the point of running the fix again if it will make you happy, and make sure to update your AV software.” ..and I guess the bit about killing System Restore and putting it back on when you're done, but does anyone even use System Restore? Furthermore, System Restore is behind one of the several concurrent Microsoft-related incidents that led me to go Linux. But since you're dual booting it already — my respect for you has effectively doubled, btw — I can't really suggest much else.
That cel-shading plug-in looks spiffy indeed.
|
|
Trege
Poh
oro?
Meddling with Legends 1, Legends 2 and Mega Man 64 data.
Posts: 463
|
Post by Trege on Mar 24, 2009 16:54:25 GMT -5
Thanks for your help Green, I'll try out the suggestion for the backdoor.
|
|
|
Post by Reavercat on Mar 24, 2009 18:03:37 GMT -5
Where can we learn more about this cel shading add on?
|
|
|
Post by DeltaTrigger7 on Mar 24, 2009 21:13:44 GMT -5
|
|
Trege
Poh
oro?
Meddling with Legends 1, Legends 2 and Mega Man 64 data.
Posts: 463
|
Post by Trege on Mar 24, 2009 22:12:52 GMT -5
That's nice to know... now I'm more paranoid then before. I hope comodo's defense + can help block some of the damage.
|
|
MayImilae
Zakobon
Badgeless, and proud of it!
Posts: 145
|
Post by MayImilae on Mar 27, 2009 1:43:33 GMT -5
I had Conflicker before. It was pretty easy to get rid of with Kaspersky antivirus here at home, but it raped the computers at school!
And I don't know where you got that plugin from, but it was the wrong place! I got Guest's Plugins Pack 2.3 via google and it scanned and worked fine.
|
|