Virus "W32.Novarg.A@mm"

[Okiewan]

Anti Virus dected the new virus everyone is talking about ... on my machine. I'd strongly suggest everyone make sure your virus definitions are up to date, this is a bad one.

W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.

When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.

In addition, the backdoor can download and execute arbitrary files.

The worm will perform a Denial of Service (DoS) starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004.

More here: http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html

 

[Okiewan]

Just got another infected email from "roxtodd1@aol.com" If you are a member here, SCAN YOUR PC!

Norton said: Norton AntiVirus removed the attachment: body.zip.
The attachment was infected with the W32.Novarg.A@mm virus.

 

[wardy]

My email is getting bomdarded by this worm. I must have gotten 500 e mails in the last day or so. Been deleting every thing coming to the megacross accout. Where does this file or files hide if infected? Norton is current and up to date.

wardy

 

[Michelle]

Okay, I'm going to be a dumbass (just for a change - not).
I d/l'ed the file, ran it, it came up with nothing, then would crash the puter. Restart, run the program, crash - I then had to go out. It didn't crash when running it, it was after, but I can't remember the errors.

However, I got an email from a company? today, saying that an email I'd sent to a person had been quarantined due to the attachment - some .zip file on my E drive. Okay, but I ain't sent an email to this person (don't even know who it is) & I don't zip stuff (heck, I'd even forgotten I had that program). So I did a search for a .zip on the E drive (and the other drives while I was at it) & came up with 0.

My ISP runs a virus scan on all emails coming & going (heck, I thought it did outgoing as well), so my question is, what the hell's going on ;)

I run Win95, Opera 6 (I must go & upgrade again), the puter is old (as I am), I don't recognise the email address, I run Pegasus (real old version, don't even know if you can get it anymore) & only send emails via web browser via DRN, mainly I use pegasus.

I get a few dodgy emails where the ISP has said a virus has been removed & they just get trashed, spam is unread & trashed (they also mark spam emails) & I don't do porn sites (sorry, way too busy with this place & other dirtbike sites to be even contemplating that if I was interested, which I'm not).

I am a bit concerned about the program crapping out the puter, but then again, as it's so old, aren't overly surprised (only that it's still going). I also think that at the time the email was supposedly sent, I was at A&E getting Henk's hand x-rayed so the puter was on, but not online (didn't think it'd take long).

That's all I can think of about it, so I really just want to check with the experts if I need to relook at it or if I'm okay?

 

[Jaybird]

If you aren't running a good anti-virus software, then chances are close to 100% that your system is infected.

Blocks from ISP's simply don't cut it. A good anti-virus will update on a daily basis.

I have included some free software and repair utilites on my website. If you have no anti-virus, or you just aren't sure, please take a few minutes and check your system out.

http://www.best-motorcycle-chain-lube.com/misc_.htm

 

[Chili]

Michelle- part of the characteristics of this virus are that they can "spoof" the e-mail address it is sent from. So anyone laying blame saying "hey you sent me this virus" may be jumping the gun on the accusation. I also received feedback that I had sent this virus to a few folks through my DRN e-mail account. I've since scanned both my pc's and they are clean. Odds are good someone who has you in their address book is infected and their machine sent out the virus spoofing it as coming from your pc. This is not meant to contradict Jaybirds advice as EVERYONE on the internet should have an active antivirus software that updates frequently.

 

[wardy]

the virus shut down AMA's computers completely for two days this week

wardy

 

[Jaybird]

The Novarg.A virus the Okie had detected is an alias for the Mydoom.A virus.
The coder Mydoom.A is the one Micrsoft is offer the 1/4mill reward for.

This putz has also updated the Mydoom. virus into a Mydoom.B, which is a very tenatious program that has actually been morphing to avoid anti-virus detect. These .A & .B versions are the one you need to manually remove.

The link I porvided above links to free removal*
*(these folks are great, but will spam the heck out of you unless you check off the list at signup)

I agree with chili....maybe you can use your firewall to find out where the virus actually orginated and collect the reward...:)
I do think that we have a duty to keep from spreading such crap.
I know good anti-virus costs money, and some folks like the freeness of the web, but anti-up and protect yourself and help to protect others.

 

[KelvinKDX]

It showed up on my work computer.

 

[oldguy]

I am getting between 7 and 15 emails infected per day. So far the virus scan has caught them.

 

[whyzee]

Some very good virus removal tools:
http://www.grisoft.com/us/us_ts_removers.php