|
Don’t
Let Viruses and Worms Doom Your Computer
February 24, 2004
What are MyDoom and Doomjuice?
Mydoom is a virus that spreads through e-mail attachments and
installs a harmful “backdoor” on the user's computer,
potentially allowing a hacker to access and degrade your computer
system. The virus sends copies of itself to all the contacts
in the user's e-mail address book and, according to Symantec,
will also place infected files in folders shared by Kazaa. Thus,
the MyDoom infection could also spread by someone downloading
and executing an infected file via Kazaa.
Doomjuice is a new worm—which, unlike viruses, does
not require activation, as by opening an attachment—that
spreads by exploiting the backdoor created by MyDoom and sending
itself to other computers on your network.
How do I know if my computer has been hit?
If your computer is connected to the campus network and a virus
and/or worm is detected, your computer will be disconnected.
You will have to remove the virus and/or worm in order to be
reconnected. Otherwise, infected computers will send malicious
traffic through the campus network seeking other computers to
infect. You may also experience degraded performance and a very
slow network connection, and contacts in your address book may
report that they received an e-mail message from you that you
did not send. Other signs that your computer may be infected
with MyDoom:
- If you find a file named “Shimgapi.dll” in the
C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows
NT/2000), or C:\Windows\System32 (Windows XP), it is likely
that your computer is infected by MyDoom.
- If you find any of the following files in a Kazaa shared
folder, winamp5, icq2004-final, activation_crack, strip-girl-2.0bdcom_patches,
rootkitXP, office_crack, nuke2004, your computer may be infected
by MyDoom.
What is the campus doing about it?
UCD will begin offering Symantec Anti-Virus software FREE
to students from the MyUCDavis web portal.
Log into my.ucdavis.edu and click on “Software”
under the “Resources” tab at the top of the window.
It is extremely important not just to have anti-virus software,
but to update daily (you can set the software up to do this
automatically) in order to protect against new viruses.
How do I remove MyDoom and other viruses and worms?
Windows users should visit http://support.microsoft.com/?kbid=836528
for removal tools. If your computer cannot connect to this website,
have a friend download the tool on his or her computer and put
it on a floppy disk for you.
For security responses and removal tools for other viruses,
see securityresponse.symantec.com. For further advice, contact
the computing helpdesk IT Express at 754-HELP or ithelp@ucdavis.edu,
or drop in at 182 Shields Library.
What can I do to protect my computer in the future?
Aside from keeping anti-virus software updated daily, be cautious
of opening instant messenger links and email attachments, even
if they’re from people you know. Viruses often find screen
names on your buddy list or email addresses in your address
book and then send themselves to those contacts without your
knowledge.
Bits & Bytes Archives
2006-2007
2005-2006
2004-2005
2003-2004
|
