shimgapi.dll - Dangerous
%sysdir%\shimgapi.dll
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.
In addition, the backdoor can download and execute arbitrary files.
The worm will perform a Denial of Service (DoS) starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004. These two events will only occur if the worm is run between or after those dates. While the worm will stop spreading on February 12, 2004, the backdoor component will continue to function after this date.
Searches for the email addresses in the files with same extensions.
Attempts to send email messages using its own SMTP engine.
The worm looks up the mail server that the recipient uses before sending the email. If it is unsuccessful, it will use the local mail server instead.
Removal:
Open RegRun Start Control, go to the Shell DLL's tab.
Remove the "shimgapi.dll" item.
Use RegRun Terminate feature to kill taskmon.exe.
Warning!
Please, do not touch "taskmon.exe" located in the Windows folder.
The Taskmon is legitimate application for Windows 98/Me.
The worm is located in the Windows\System or in Windows\System32 folder.