w32.norvag.A@mm

[TekkieFreak]

So far, we haven't gotten hit by any virus. I manage a mid size multi-location company, but there are only about 20 people on PC's connected to the internet. I'm running Norton Corporate.

However, the problem I keep having, is this.

One of our users apparently is in the address book of an infected computer with SoBig, I believe. He called me when he kept getting mail delivery errors from random AOL accounts he had never heard of, or sent mail to. So, I thought the virus was on his machine. 3 scans and a SoBig removel tool later, I realized that his machine was not infected. Someone who had my users address in his address book was infected. So, the infected guy was sending emails that were being spoofed to look like they were coming from my user.

So now, due to the rampant spreading of traffic and viral e-mail that "seems" to be coming from my user, AOL and AT&T are rejecting any e-mail from my domain. And let me tell you, it's a royal pain in the @$$ to get off of a blacklist like that.

[kato2274]

So far, we haven't gotten hit by any virus. I manage a mid size multi-location company, but there are only about 20 people on PC's connected to the internet. I'm running Norton Corporate.

However, the problem I keep having, is this.

One of our users apparently is in the address book of an infected computer with SoBig, I believe. He called me when he kept getting mail delivery errors from random AOL accounts he had never heard of, or sent mail to. So, I thought the virus was on his machine. 3 scans and a SoBig removel tool later, I realized that his machine was not infected. Someone who had my users address in his address book was infected. So, the infected guy was sending emails that were being spoofed to look like they were coming from my user.

So now, due to the rampant spreading of traffic and viral e-mail that "seems" to be coming from my user, AOL and AT&T are rejecting any e-mail from my domain. And let me tell you, it's a royal pain in the @$$ to get off of a blacklist like that.

nice

[hudsonsmith]

So far, we haven't gotten hit by any virus. I manage a mid size multi-location company, but there are only about 20 people on PC's connected to the internet. I'm running Norton Corporate.

However, the problem I keep having, is this.

One of our users apparently is in the address book of an infected computer with SoBig, I believe. He called me when he kept getting mail delivery errors from random AOL accounts he had never heard of, or sent mail to. So, I thought the virus was on his machine. 3 scans and a SoBig removel tool later, I realized that his machine was not infected. Someone who had my users address in his address book was infected. So, the infected guy was sending emails that were being spoofed to look like they were coming from my user.

So now, due to the rampant spreading of traffic and viral e-mail that "seems" to be coming from my user, AOL and AT&T are rejecting any e-mail from my domain. And let me tell you, it's a royal pain in the @$$ to get off of a blacklist like that.

I'm in the same boat (as far as the spoofed headers, not the blacklist). Don't know how effective its been, but I've been doing searches on the originating IP and complaining to the isp. If the moron can't be bothered to clean the infection, let him get shut down.

[charlescpc]

Was wondering.

The virus is supposed to come by email and install code to be activated later to send out email.

Question is: what harm does it do to the infected system? So, if I get infected what sort of damage will occur to my machine.

Can the virus just be cleaned by a virus program ?

OH, by the way .....yes my virus definations are up to date .....

[Stalemate]

By the time specific signatures were issued to detect and remove this virus, it had already started propagating.

It tries to send itself out so fast that it slows down local PCs and bogs down e-mail servers.

We used the McAfee Stinger tool to check local machines suspected of infection while AV updates were being deployed, but in all only 3 users had opened the attachments. Even then, 265 instances had to be cleaned off the Exchange server.

[Cave_Dweller]

The U.S. Department of Homeland Security just created the National Cyber Alert System to get the word about these things out faster.

I started a thread under "Security" with a link to their site.

We almost got ahead of this one at work. McAfee EPO pushed out the new Dats to around 600 machines, but skipped the other 1200. We had the problem resolved fairly quickly though and only ended up with a handful of infections.

MSBlast was a real wakeup call, the steps we took afterwards paid off on this one.

[inferno_gn]

Hi there,

I don't open any attaches files, virus or not. However, right now, Norton and McAfee (or any anti-virus software you ened to pay for) are sure making a large sum of cash preying on the fears of users.

Even the Future Shop website took advantage of it.

Ju Leon...

[ScoobySpike]

I have a file Windows/System/Shimgapi.dll that says it is infected but it will not clean it or delete it. I went to find the file myself and it is not there. Does anyone have any suggestions?

[geoscomp]

"Shimgapi.dll is a proxy-server; the worm opens a TCP port between 3127 and 3198 on the infected machine in order to receive commands. The backdoor function allows the creator of the worm to gain full access to the system. In addition to this, the backdoor can execute random files downloaded from the Internet. "

make sure your computer is set to show hidden files and folders as well as system files and then look again..you may have to delete this one in safe mode

[NooNoo]

First kill the registry key so its not loaded (even in safe mode) then reboot, then you can delete it.

[DonJ]

W32.Novarg.A@mm Removal Tool It's from Symantec...makers of Norton Anti-Virus products.

Hope this works for all of you...let us know.

[slgrieb]

The removal tool works fine, if you follow the instructions. I have only had to do a handful of removals for Novarg/MyDoom, so perhaps I finally have most of my customers listening to me when I talk about security. Or maybe I'm just lucky.

Anyway, as I said earlier, this worm is merely prolific, not great programming. When your system is infected, it is too obvious, too easy to remove, and doesn't do enough damage to get into the Hall of Fame.

I think the relevant comment is: "Nothing can be made fool-proof because the ingenuity of fools is limitless."

[DSTech]

Well, reading thru this thread has answered a problem that's been bugging me since last week as I too received one of these Spoofed Header "returned mails" and was thinking I had a virus although AVG and Housecall found nothing and and system is also clean of ad/spyware and trojans. Also searching my harddrive for suspicious file activity I couldn't find anything.

I still have the email in my inbox for personal reference however. I just happened to be scanning this thread as I was just on the phone with my sister's boyfriend who got his computer all screwed up after trying to clean up a Mydoom infection on his own (he has no computer skills whatsoever). As I received the spoofed email last Tuesday, the 27th, which was just as this virus was gaining momentum, it appears I found the source in his infected computer with my email in his addressbook.

Now I just gotta see if I can walk him thru cleaning the virus from his system, and cleaning up the mess he made by installing McAfee while having Norton already installed when he calls me tomorrow. I hate doing support over the phone with someone who knows nothing about computers.....left that job 5 years ago :P


You guys are still my favorite!
DSTech (still a lurker here)
<<Editted for icky formatting>>