Win32.Mydoom.Z@mm
HIGH
MEDIUM
69632 bytes, packed
()
Symptoms
Presence of the file file %WINDIR%\services.exe.
Presence of registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RPCserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\NetBios Ext\\ImagePath = %WINDIR%\services.exe.
Removal instructions:
Automatic removal: let BitDefender disinfect infected files.
Analyzed By
Alexandru Carp BitDefender Virus Researcher
Technical Description:
This looks like a recompile with minor modifications of the Win32.Mydoom.Y@mm worm, with the same
names for files, the same urls for downloading the backdoor and the same e-mails.
Please read its description for more information.
SHARE
THIS ON