W32.Novarg.A@mm (Mydoom-A) Removal Tool v1.0.3

Published by

Symantec Security Response has developed a removal tool to clean W32.Novarg.A@mm infections.

Also known as: W32/Mydoom@MM [McAfee], WORM_MIMAIL.R [Trend], Win32.Mydoom.A [Computer Associates], W32/Mydoom-A [Sophos], I-Worm.Novarg [Kaspersky]

W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.



When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.

In addition, the backdoor can download and execute arbitrary files.

The W32.Novarg.A@mm Removal Tool does the following:
Terminates the W32.Novarg.A@mm viral processes.
Terminates the viral thread running under Explorer.exe.
Deletes the W32.Novarg.A@mm files.
Deletes the registry values added by the worm.

Download: W32.Novarg.A@mm Removal Tool

View: Removal instructions

Source: Techzonez