Manually Removing MyDoom/W32/W32.Novarg.A-mm

To remove it manually from ur System u need to edit some entry in registry as outlined in following steps, but before moving towards Step 1, u hav to make backup of the registry.

Visit to learn How to backup/edit/restore registry http://support.microsoft.com/default.aspx?scid=kb;en-us;322754, for Windows 95/98/ME&

http://support.microsoft.com/default.aspx?scid=kb;en-us;322756, forWindows XP/2000/2003।

Step 1. First disable ur System Restore if you’re using Windows Me/XP, bcos When you make changes to your system, Windows does a restoration checkpoint. If it does this while the system is infected, it may come back to re-infect later. For Windows XP (http://support.microsoft.com/default.aspx?kbid=283073) or ME (http://support.microsoft.com/default.aspx?kbid=264887)

Step 2. Restart the computer in Safe Mode (or VGA mode on Windows NT). Since MyDoom creates running processes, and Windows doesn’t allow you to delete files connected with running processes, restarting is necessary. Using Safe mode prevents Windows from loading drivers and autorun entries so your system boots relatively clean.

Step 3. Run a full system scan with an updated Antivirus scanner. If your scanner does not remove everything, follow the next few steps.

Step 4. Your antivirus software should, during detection, produce a list of files associated with the MyDoom virus. Delete all these files. The files will typically be the ones mentioned in the description above.

Step 5. Delete the entries associated with MyDoom from the registry as listed above. Delete any entries flagged by your antivirus program.

a. The following instructions from the Symantec site outline the exact keys that are modified and need to be edited: Click Start, and then click Run. (The Run dialog box appears.)

b. Type regedit/regedit32 Then click OK.

c. Now Navigate to the keys:
•HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
•HKEY_CURRENT_USER\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run

d. In the right pane, delete the value:
“Taskmon”=”%System%\taskmon.exe”

e. Delete the key HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersionExplorer\ComDlg32\Version

f. Delete the key: HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersionExplorer\ComDlg32\Version

g. Navigate to the key HKEY_CLASSES_ROOT\CLSID\
{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32

h. In right pane, modify the value as follows:
“(Default)”=”%System%\webcheck.dll”

i. Exit from Registry Editor.

Step 6. Re-enable System Restore (if using Windows ME/XP) & finally reboot your System.

Check Also

DuPage Medical group was victim of Cyber-attack in mid-July, potentially compromised patients’ information

Date: 30th August 2021 Severity: High The DuPage Medical group have started notifying patients about …

Leave a Reply

Your email address will not be published. Required fields are marked *