WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
January 26, 2004
Intruder Alert 3.6 W32_Novarg_Worm Policy

This policy detects the propagation of the W32.Novarg.Worm through changes in the registry.

W32.Novarg.A@mm is a mass-mailing that is received with any one of the following file extension; .bat, .cmd, .exe, .pif, .scr, and .zip.

NOTE: This policy only works if the instructions for configuration of filewatch have been implemented. These instructions are outlined below.

Download ITA W32_Novarg_Worm Policy

Affected Platforms

Windows NT/2000/2003/XP

Description

This policy detects activity of W32.Novarg.Worm on an affected system.

Policy Rules include:

  • W32_Novarg_Worm_File_Activity
    This rule detects the creation of files associated with the infection of the W32.Novarg.A@mm worm.

ITA Filewatch Configuration Instructions

  1. Browse to the system folder where the ITA agent is installed.

  2. Locate the ntcrit_S.lst file.

  3. Insert the following file to be monitored:

    #windir\system32\shimgapi.dll


Last modified on: Monday, 26-Jan-2004 23:55:01 PST