Posted by David Sherman on Tuesday, January 27, 2004 at 12:41PM :
In Reply to: OT - Mydoom virus posted by Joe Cimoch on Tuesday, January 27, 2004 at 9:33AM :
Norton has a web page (see link) that explains how to get rid of the worm, even if you don't have any anti-virus program. Basically you have to edit a bunch of registry keys. The main part of the worm is a file called "shimgapi.dll". If you do all the registry stuff they advise, it doesn't matter if you leave that file on your system, but I would get rid of it anyway just to be sure. I suspect that if you just delete the file (it's in "winnt/system32" on a windows 2000 system) the worm won't work, but you would probably get error messages due to the registry still trying to initiate it. An easy way to see if you're infected it so search your whole hard drive for a file called "shimgapi", and then also search the registry for any entry containing that name. You can't just delete every registry key containing that name, though, because there's an important key that the virus changes that has to be set back to its correct value. In the link below, scroll down to "Deleting and modifying the value from the registry", and follow the instructions. To delete the shimgapi.dll file itself, you might have to reboot in DOS mode and do it from the command line since the virus keeps the file open (and non-removeable) when Windows is running.