Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

This was forwarded to me, is it legitimate advice?

Feb 2, 2004 9:39PM PST

Last week we alerted you to a very serious virus threat that overtakes your address book on your personal computers and causes E-mails to be issued with the virus imbedded to anyone in your computer with an E-mail address. The virus is properly named the "Mydoom" virus and is also known as the "Hello" virus. There are now two strains of this virus: A and B. The newer B version is especially dangerous in that it blocks access to certain websites such as Microsoft, Symantec and McAfee. Without access to these sites it is impossible to remove the virus or update antivirus files. The message has the known header of either "Hello or Important," but may also appear as a message saying "Returned Mail or Undeliverable Mail." To make matters worse, it may also attach itself as a ".zip" file or other form of attachment to an otherwise harmless message. The virus has become so prevalent that it is now the lead item on Microsoft's Home Page as well as those of Symantec (Norton) and McAfee. What makes this virus especially dangerous is that it has the ability to slip by both Virus Scan programs, even if they are updated to the latest definitions.
There is a fairly simple test to determine if either strain of the virus has made its way into your computer for Windows based systems (NOTE: Apple Computer systems are not impacted by this virus):
Click on Start and then Run
In the dialogue box type in cmd and then click OK
Type in CD\ and enter
At the prompt type: dir shimgapi.dll/a/s and enter
Wait until the computer is scanned. If the results show "File not found" then you are not infected. If, however, files are listed then your computer is infected with the "a" strain of the virus
Repeat step 4, this time typing in dir ctfmon.dll/a/s and enter
Wait until the computer is scanned. If the results show "File not found" then you are not infected. If, however, files are listed then your computer is infected with the "b" strain of the virus
In the event that steps 5 and/or 7 return a result other than "File not found," then you should go to the Microsoft Website (www.microsoft.com)
And click on the Mydoom virus alert box. Click on the third Link (How to tell if a computer is infected with Mydoom A or Mydoom B) and follow the instructions on how to remove the virus from your computer.

Discussion is locked

- Collapse -
Re:This was forwarded to me, is it legitimate advice? - Yes!
Feb 2, 2004 9:55PM PST
- Collapse -
Re:This was forwarded to me, is it legitimate advice?
Feb 2, 2004 10:03PM PST
- Collapse -
Re:This was forwarded to me, is it legitimate advice?
Feb 3, 2004 2:34AM PST

Thanks for the important info regarding MyDoom. Ran the two tests and am free of the virus. Keep up the good work. Happy

- Collapse -
Re:This was forwarded to me, is it legitimate advice?
Feb 6, 2004 3:09AM PST

Hmmm. . . .
I tried taking the advice to detect MyDoom virus:

"Click on Start and then Run
In the dialogue box type in cmd and then click OK
Type in CD\ and enter
At the prompt type: dir shimgapi.dll/a/s and enter
Wait until the computer is scanned.
If the results show "File not found" then . . ."

I typed in "cmd" and got a "File not found"

- Collapse -
Rick, You Didn't Give Your Operating System, But....
Feb 6, 2004 3:33AM PST

...on some older operating systems, the "cmd" (cmd.exe) file isn't available. On those versions, typing "command", or simply clicking on "Start-Programs-MS Dos Prompt" will get you to a command window.

Hope this helps.

Grif

- Collapse -
Re:This was forwarded to me, is it legitimate advice?
Feb 8, 2004 12:47PM PST

Seems a good tool, but what do you do if you have several Hard Drives, could you please let us know what to type in for the other hdd.
Can a second or third hdd become infected?
What about the system restore folder? Can this tool cover that as well?
I received messages from my post office that some email I never sent had the virus, 2 members of my family say that they received an email from me, and that that was a virus, which I never sent. I have run all tests disabled my restore folder, cheaked that doomer scan tool is verified. So as far as I am concerned I donot have this virus. So I appreciate this extra cheaking tool.
Can the doomer be hidden on a pc? Thanks again. Merete

- Collapse -
Re:Re:This was forwarded to me, is it legitimate advice?
Feb 8, 2004 4:39PM PST
could you please let us know what to type in for the other hdd.
If there are not shimgapi.dll or ctfmon.dll in the local drive and wish to check other drives, just type the drive letter and hit enter. Example:

C:\>D: (hit enter)
You should see:
D:\>

Can a second or third hdd become infected?
Yes.

What about the system restore folder? Can this tool cover that as well?
If you will use the removal tool provided by Microsoft or by antivirus vendor, System Restore should be disabled.

Symantec wrote: "Note: The removal procedure may not be successful if Windows Me/XP System Restore is not disabled, as previously directed, because Windows prevents outside programs from modifying System Restore."

Can the doomer be hidden on a pc?
Most removal tools has been updated since Feb.4, make sure you are using the newest version of the tool, disable System Restore prior running the tool, run the tool on each drive (if an OS is installed), update your Antivirus defintions/signatures and run a full system scan (you may add other drives for scan).

More info at:
Symantec
Microsoft
- Collapse -
Re:This was forwarded to me, is it legitimate advice?
Feb 9, 2004 1:54AM PST

it's been forever since I used MS-Dos can somebody tell me what the /a/s mean?