|W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.
When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.
In addition, the backdoor can download and execute arbitrary files.
The worm will perform a Denial of Service (DoS) starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004. These two events will only occur if the worm is run between or after those dates. While the worm will stop spreading on February 12, 2004, the backdoor component will continue to function after this date.
Searches for the email addresses in the files with same extensions.
Attempts to send email messages using its own SMTP engine.
The worm looks up the mail server that the recipient uses before sending the email. If it is unsuccessful, it will use the local mail server instead.
Open antivirus (also check How To Remove section)Start Control, go to the Shell DLL's tab.
Remove the "shimgapi.dll" item.
Use antivirus (also check How To Remove section)Terminate feature to kill taskmon.exe.
Please, do not touch "taskmon.exe" located in the Windows folder.
The Taskmon is legitimate application for Windows 98/Me.
The worm is located in the Windows\System or in Windows\System32 folder.