How to Remove 'MyDoom' E-mail Virus

Jan. 27 -- The easiest way to remove MyDoom and Novarg is to update your antivirus program. As of today, most antivirus vendors have added at least beta detection and deletion to their pattern definition updates.

If you don't have an antivirus, TrendMicro's freely available Housecall (http://housecall.trendmicro.com), has been updated to detect the virus, but you'll have to manually remove the registry entries as outlined below.

Panda Software also has a free removal utility (registration required) for MyDoom (http://www.pandasoftware.com/ virus_info/encyclo pedia/overview.aspx?idvirus=44140).

McAfee's stinger (http://vil.nai.com/vil/stinger/) has also been updated to detect and remove MyDoom. Note that you need to reboot after running Stinger to completely repair your system.

Instructions for Manually Removing ‘MyDoom’

Manually removing MyDoom requires editing the registry as outlined in the following steps:

Step 1. Disable System Restore if you're using Windows Me/XP.

When you make changes to your system, Windows does a restoration checkpoint. If it does this while the system is infected, it may come back to re-infect later.

For Windows XP (http://support.microsoft.com/default.aspx?kbid=283073) or ME (http://support.microsoft.com/default.aspx?kbid=264887)

Step 2. Restart the computer in "Safe Mode" (or VGA mode on Windows NT).

Since MyDoom creates running processes, and Windows doesn't allow you to delete files connected with running processes, restarting is necessary. Using "Safe Mode" prevents Windows from loading drivers and autorun entries so your system boots relatively clean.

Step 3. Run a full system scan with an updated Antivirus scanner.

If your scanner does not remove everything, follow the next few steps.

Step 4. Your antivirus software should, during detection, produce a list of files associated with the MyDoom virus.

Delete all these files.

The files will typically be the ones mentioned in the description above.