New Mydoom variant

[dpyers]

Apparently google got wacked by it today. According to Symantec, it was encoded in such a way as to prevent them from catching it.
Good time to do an AV update.
http://quote.bloomberg.com/apps/news...p_world _news

[generic]

mcafee's update is ready.

[Silverbug]

Thanks for the heads up

[Vixen]

Now I know why my Norton's was updating today instead of Wednesday.

[dpyers]

Updated my AV definitions just before I made that post. About 5 min later it caught a MyDoom.M in the inbox. Spread fast! Apparently faster that the upstream AV lists could be updated.

Virus propagation takes minutes these days instead of hours or days. Apparently in the very near future substantial propagation by instant messenger facilities may take less than 30 seconds.

While I don't use any IM, and have two forms of virus checking plus vortech's upstream stuff, it's just a matter of time before one slips through and prangs me.

Time to rethink the backup/recovery process for the local machines.

[Brian]

I've lost track of which virus does what... is Mydoom the one that is sending all the .pif files right now?

On another virus note, I think that a browser hijacker got past my Adaware at home... can anyone recommend some decent, and current hijacker removal tools / procedures? My browser is occasionally going to res:cgvbs.dll/index.html?#27983 or something like that.... very annoying.

[dpyers]

Apparently, it can send a variety of executeables, including pif's. You might want to check out http://www.computercops.us for good info on various tools and removing specific hijacks.

[Silverbug]

Quote:

anyone recommend some decent, and current hijacker removal tools / procedures?

yes, its a program that ships with dos 6.22 called format.com. usage: format c: /q/u/s/autotest that should stop your browser going to that site...mind you that should stop your browser all together...

But seriously, I usually just go and download the latest version of adaware and let it remove them.

[cambodia]

i just saw it on msn.com this morning too about mydoom is back ( remind me about jimmy is back ) ha ha need to update my antivirus too

[mresell]

Brian,
Try safer-networking.net spybot S&D. If it is the coolweb variant you could be in trouble.
Does many things, but I believe it exploits ms java vm. Try clean up and then maybe disable java and activex. Firefox isn't a problem. IE is so not worth the hijacking issues. They need to totally revamp the design. This new variant gets around home page locking. First rename that .dll and make it archive read only while in safe mode. May help.

[Brian]

Thanks dpyers!

I went to computercops.us and spent an evening reading about these various hijacks and such, and how to remove them.

I had thought I was doing pretty good with Adaware, and Ad-watch, but after following some of their procedures with several different tools, I was able to remove a whole lot of stuff that was missed.

My IE browser is behaving like a fresh install now! And some of the things that affected my IE browser, also were affecting Opera too. But its all fixed now. Fast, no pop-ups, no changing my homepage, etc... Very good tip! Thanks!

[dpyers]

The thing about spyware is that no one tool catches its all. Takes a lot of work. Computer cops has a program that can log certain types of system/browser start-up activity and you can compare it against what's supposed to be happening.

In the past, I've found that Opera,
Mozilla, and Firefox on WinXP all got hit at one time or another.