My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Win32.Mydoom.Z@mm

HIGH
MEDIUM
69632 bytes, packed

Symptoms

Presence of the file file %WINDIR%\services.exe.

Presence of registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RPCserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\NetBios Ext\\ImagePath = %WINDIR%\services.exe.

Removal instructions:

Automatic removal: let BitDefender disinfect infected files.

Analyzed By

Alexandru Carp BitDefender Virus Researcher

Technical Description:

This looks like a recompile with minor modifications of the Win32.Mydoom.Y@mm worm, with the same
names for files, the same urls for downloading the backdoor and the same e-mails.
Please read its description for more information.