MyDoom.F
This MyDoom variant going around the net is a lot nastier than the previous versions, with a destructive payload that gradually goes through your systems and destroys .jpg, .xls and other files. The gradually part is smart, in a way, as it also launches a DDOS against microsoft and the RIAA, and if someone realizes what's happening right away they'll kill the system.
At this point there isn't that much of a threat to people, the worst of MyDoom is going to be over due to patching, etc. I can't imagine if this had been the first version, though. Lucky again.
At any rate, ClamAV is getting a workout. Yesterday & today its caught over 640, the majority being Worm.SCO.A-dam inter-sprinkled with some Worm.SomeFool and Worm.BugBear.B.
Posted by drunkenbatmanFebruary 25, 2004, at 03:43 PM
Comments (2)
Posted by: drunkenbatman at February 27, 2004 01:49 AM
Well, you're sorta in luck: worm.sco.a-dam is clamav's name for mydoom.a viruses, and the -dam means that it is a damaged version that has become corrupted and is generally fairly ineffective, although it may still be able to spread itself.
This page on MS's site has a link to a piece of software which will disinfect you from the known mydoom variants. Remember the only way to get infected in the first place is to click on suspicious attachments, so try not to do that in the future. :)
Unfortunately if you have been infected with a later version of the worm, it blocks you from going to microsofts site, so you will have to get the patch from a different site, or a different computer and put it on a disk which you can then use to disinfect your infected computer.
HIH
I have found that I have this type of worm on my computer (the Worm.SCO.A-dam one) and I haven't been able to find any support for removing this particular kind of mydoom bug... have any of you found ways to get it off?