[Uglybob]

Discovered January 26, 2004 at 6:06PM EST
Detected January 26, 2004 at 7:49PM EST
Added to referencefile 252 (01R252 27.01.2004)

Also Known As: W32.Novarg.A@mm, W32.Mydoom@MM, W32.Shimg, WORM_MIMAIL.R

Worm emails itself to datamined email addresses. The recipient will receive an email with various headings, including:
Hi
Hello
Error
MAIL DELIVERY SYSTEM
Mail Transaction Failed
Returned Mail: Response Error
Server Report
Test
An attachment (the worm) is included using the file extension .exe, .pif, .zip, and .scr. Filenames include body, document, file, message, test, and text.

Upon execution, it will drop taskmon.exe and shimgapi.dll in the %system% folder, and set taskmon.exe to autostart in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run subkey.

If you receive this email, do not open it. Immediately delete the email, download the latest referencefile and perform a full system scan as shown by the settings here:

Lavasoft Help & Support
How To: Perform a "Full Scan" with Ad-aware
http://www.lavahelp.com/howto/fullscan/


----------------------------------------------------------------
it replicated bbaleds address in my email but it definitely wasnt from him and it had one of those attachments.

[Aaron]

Cheers Bob. I'll bare this in mind before looking at me e-mails in a minute.

[Sheep]

So as long as we dont open the atachment we're ok?
cuz i never open attachments from emails anyway.
thnx bob

[Aaron]

Just don't open the e-mail would be safer.

[MK Chris]

Nissan were infected, I haven't received it from my housemate who works there though.

[Sheep]

But i could have already opened it, i know i havent run any programs from emails recently.

[Aaron]

Thats what a bastard viruses are. They have subjects from your contacts like 'hello' which makes you think it's ok to open, but really isn't.

[kendra k]

do you ever use "hello" as a subject?
i'd delete it

[HoTdOg]

hello

[Mcqueen_]

Is it me you're looking for?

[Dopey]

hello

come in the doors open

[HoTdOg]

kewl i thought i was alone...

[Ahh_Pathetic]

i use hello all the time. i have no imagination but from now on i shall use pineapple chunks.

[kendra k]

use: xzcfaw458q346 PENISSS ENGLARGMENTdger-0eryXXXPPICS

[Dopey]

Or mabe you could use

Make Your partner happy again
men and women look at this
Work from home
Hi its me

[Sheep]

Most of my junk mail is either Porn or asking me to enlage my manhood.

[Uglybob]

yep, impress your wife tonight with a larger penis


wife, they really mustnt have spent any time at the public records place.

[MC]

send these penis enlargement e-mails over to peter andre.

http://www.ananova.com/entertainment/st ... 60026.html

[Matt]

I get spammers boasting they'll reduce the size of my manhood... they must know me too well....

[Adam]

Yep,

Just got a nice email from someone.

W32/Mydoom.a@MM Virus Found

•öôR†5dñZaGÇ®Ãëßd5e‰ŠÊ~1÷
Ã;&xæt4
þêß<ìyûš™´Ý™ª‚<M¨ßøÍŒ“‡Ù:©.Z¿

[Lew]

dum dum chish

haha great punchline on that one

[Sheep]

[quote="Adam"]
•öôR†5dñZaGÇ®Ãëßd5e‰ŠÊ~1÷
Ã;&xæt4
þêß<ìyûš™´Ý™ª‚<M¨ßøÍŒ“‡Ù:©.Z¿

[Sidders]

I got a virus off Kazaa last night. Good job I've got Norton running.

[Sheep]

Norton is being a right arse with me, its half un installed an wont let me uninstall it or re-install it..

[Sidders]

Can't you install it into a different folder?