Administrative Services Links

Academic Tech Request

Blackboard Request

Computer Labs

Code of Conduct

Student Computers

Submit Work Order

Campus Technology Policies

Technology in the News

CSU Voicemail Reference Guides

Wireless Internet

Administrative Services Directory

CSU homepage

Work Orders Requests

Administrative Work Order Form

Blackboard

Jenzabar | Infomaker

Website Addition | Change Request

Buc TV

CSU Ticket Sale Request

Academic Tech Request

Audio Visual Delivery

Audio Visual Work Order

New Employee Check In

Virus Information and Updates

Wireless Internet (Virus Information and Updates)

UPDATE: January 2004 Novarg/Mydoom

Information:

It has recently been discovered that a new virus(W32.Novarg.A@mm) is spreading across the Internet very quickly. W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip. When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources. In addition, the backdoor can download and execute arbitrary files.

The worm will perform a Denial of Service (DoS) starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004. These two events will only occur if the worm is run between or after those dates. While the worm will stop spreading on February 12, 2004, the backdoor component will continue to function after this date.

This worm is also know as: W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend], Win32.Mydoom.A [Computer Associates], W32/Mydoom-A [Sophos], I-Worm.Novarg [Kaspersky]

Systems effected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Below are instructions for the download and use of the removal tool developed by Symantec.

Note: You must have administrative rights to run this tool on Windows NT/2000/XP.


INSTRUCTIONS

Download the FxNovarg.exe file from: http://securityresponse.symantec.com/avcenter/FxNovarg.exe

Save the file to a convenient location, such as your downloads folder or the Windows desktop, or removable media known to be uninfected.

Close all the running programs before running the tool.

If you are on a network, or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.

If you are running Windows Me or XP, then disable System Restore. To do this click start, then find my computer. Right click on this icon then select the properties option. The system restore tab will be visible in the window that comes up. Click on the system restore tab and check the box that says disable system restore. If you have the "my computer" on your desktop please right click that and proceed as instructed.

Caution: If you are running Windows Me/XP, we strongly recommend that you do not skip this step.

Double-click the FxNovarg.exe file to start the removal tool.

Click Start to begin the process, and then allow the tool to run.

Restart the computer.

Run the removal tool again to ensure that the system is clean.

If you are running Windows Me/XP, then re-enable System Restore.


Note: The removal procedure may not be successful if Windows Me/XP System Restore is not disabled, as previously directed, because Windows prevents outside programs from modifying System Restore.

When the tool has finished running, you will see a message indicating whether the computer was infected by W32.Novarg.A@mm . In the case of a removal of the worm, the program displays the following results:

Total number of the scanned files | Number of deleted files | Number of repaired files | Number of terminated viral processes | Number of fixed registry entries

 

Related Student Computer Information ...

Search and Destroy Spybot installation instructions

 


Charleston Southern University
9200 University Boulevard, Charleston, SC 29406
Local Phone Number: (843) 863-7000

Faculty/Staff Directory | About CSU | Site Map | Contact Us | home