W32.MyDoom.A@mm Virus

January 26, 2004
aka: W32.Novarg.A@mm

A new virus is widespread at Virginia Tech. The W32.MyDoom.A@mm virus appeared on Monday, January 26, 2004 on campus and is currently infecting computers. W32.MyDoom.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip. When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 thru 3198. This can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources. In addition, the backdoor has the ability to download and execute arbitrary files. The worm will perform a DoS starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004.

Removal

Symantec has released a removal tool for this virus:
Removal Tool
Removal Tool Instructions

Manual removal Instructions are also available from Symantec at: http://www.sarc.com/avcenter/venc/data/w32.mydoom.a@mm.html.

If your computer is still having problems after following the instructions, you will need to format your computer and reinstall your operating system and applications.