News  
   Documentation  
  Help   		Training 
Labs
Contacts 		 Connecting
About   
Purchases		 Policies
TTU Home  
ITS Home


Mydoom.O/M Worm and Zindos.A

About Mydoom.O/M           Removal Tools          Disable System Restore in XP

ABOUT Mydoom.O/M

This is a new variant of the Mydoom virus.  If you OPENED a suspicious attachment that appeared to come from TTU Technical Support, you will need to clean your machine.  Remember that the "To" and "From" addresses are generated by the virus from information it gathers on infected machines.  You may become infected by opening an attachment, NOT because a message says you have a virus.

MicroSupport does NOT send email attachments in order to fix worms or  viruses.  They contact you via phone or by making a visit to your office.  All fixes are posted to a web site and not sent directly via email.

Remember that each time a new virus appears, there will be a few hours of susceptibility before the new virus definitions can be developed and then downloaded from antivirus providers.  So please be sure before opening any attachments. 

REMOVAL

From McAfee's Web Site and from Symantec's Web site:

  1. Download the program to your computer and save it to a location you can find such as your desktop: 
    Stinger.exe (McAfee)  or FxMydoom.exe (Symantec- includes removal of Zindos.A).
  2. Close all programs before running the tool.
  3. If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
  4. If you are running Windows Me or XP, disable System Restore (see instructions below).
    Caution: If you are running Windows Me/XP, do not skip this step.
  5. Double-click the Stinger.exe  or the FxMydoom.exe file to start the removal tool.
  6. By default the C: drive will be scanned.  If necessary, click the Add or Browse button to add additional drives/directories to scan.
  7. Click the Scan Now button to begin scanning the specified drives/directories.
  8. By default Stinger will repair all infected files found.
  9. Restart the computer.
  10. Run the removal tool again to ensure that the system is clean.
  11. If you are running Windows Me/XP, next re-enable System Restore (see instructions below).
  12. Reconnect to the network.

Remember to keep all virus definitions up to date and download all Critical Updates from Microsoft for your operating system.

Disabling System Restore in Windows XP

  • Click Start.
  • Right-click My Computer
  • Select  Properties from the floating menu.
  • Click the System Restore tab.
  • Select Turn off System Restore check box.
  • Click Apply.
  • Click Yes in message box.
  • Click OK.

After the worm is removed, restart your computer and follow the steps above to deselect "Turn off System Restore".

If you need additional assistance, please contact MicroSupport@tntech.edu (372-6315)
or your College MicroSupport contact

 

Maintained by:  Academic Computing Support Last updated: August 18, 2004
TTU Home     ITS Home     Contacts     News
Copyright © Tennessee Technological University. All rights reserved.
Information Technology Services, Box 5071— Clement Hall 220, Cookeville, Tennessee 38505   Phone: 931.372.3387