Win32:Mydoom-M and Win32:Mydoom-L2

[kmnz123]

Hi all

Please can you help.

I've had my PC for a month, it's running XP Home SP2.
I've been running the avast full scan religously weekly and sometimes even more.

However, this is the first time I've run the full scan with archive files included and I've come up with the following errors. 

********************************
Sign of "Win32:Mydoom-M [Wrm]" has been found in "C:\RECYCLER\S-1-5-21-3811365822-3347725313-1055586522-1006\Dc25.pst\Accidentally Deleted Folders\Top of Personal Folders\Inbox\Delivery failed\text.zip" file. 
Sign of "Win32:Mydoom-L2 [Wrm]" has been found in "C:\RECYCLER\S-1-5-21-3811365822-3347725313-1055586522-1006\Dc25.pst\Accidentally Deleted Folders\Top of Personal Folders\Inbox\Delivery failed\text.zip\text.doc                                                                                                                                                                                        .pif\[UPX]" file. 
***********************************

I can't find these files on my PC anywhere, I mean WHERE IS C:\RECYCLER??? (and no it's not the recycle bin that I CAN SEE!!) Also the only pst file I can find via a search (to include hidden and system files) is Outlook.pst which is the "normal place". Should I delete it?

We are NOT using Outlook from this PC at all, as we have laptops that we dowload our mail onto. Any mail activity on this machine is solely on the net. But we have accidentally initiated outlook a couple of times which may be an issue.

I have the latest IAVS and Program Updates and even when I'm prompted to move the files to the Chest (Mydoom-M) or delete them (Mydoom-L2) Avast doesn't do it!

HOW CAN I DELETE THESE FILES?
ALL USEFUL THOUGHTS AND SUGGESTIONS APPRECIATED.

THANKS IN ADVANCE

K

[Omar]

removal tool:

http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom@mm.removal.tool.html

[FreewheelinFrank]

Hi kmnz123,

C:\RECYCLER\ is the location of the recycle bin. You can't find it because it's normally hidden.

You shouldbe able to delete these worms just by emptying the recycle bin for each user on your computer. If that doesn't work, try this link:

http://forums.aspfree.com/archive/t-39154/Crecycler

Or this advice from Experts' Exchange:

1. Restart your machine in safemode and Login as Administrator
2. Goto My Computer>Tools>Folder Options>View and turn on the feature of Show Hidden Files and untick Hide Protected Operatign System Files
3. Open C: drive, can you see a Recycler folder here, open it
4. You must see some hidden recycle bins here, open each bin one by one and delete all the files present in them
5. After that run Norton scan again in safemode and delete anything it detects
6. Restart in normal mode and check for the problem now

http://www.experts-exchange.com/Security/Bugs_Alerts/Q_21238666.html

[kmnz123]

Hey Guys

thanks for your help. All done and dusted now.

Just FYI, and for others who are viewing this:

1. Deleting MY recycle bin didn't help
2. Running the Norton Antivirus didn't help - it couldn't find anything
3. Logging on as one of the other users on the PC, and discovering that THEIR recycle bin was the one that contained the virused files DEFINITELY HELPED. I emptied the trash, ran Antivirus again and presto - files deleted.


One curiosity though ....
I went to dos and did a cd c:\recycler PRIOR to emptying the other user's trash, did a DIR to see what was in there and it came back empty!Any explanations why I couldn't see the other user's trash in the recycling bin? I assumed DOS bypassed all those user securities?

Also, while I'm at it, what would I need to do to see ALL USERS trash bins when I'm signed on as me, WITH Administrative rights?

Cheers

K