Win32.Mydoom.Z@mm
SYMPTOMS: Presence of the file file %WINDIR%\\services.exe.Presence of registry keys: HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\RPCserv HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet\\Services\\NetBios Ext\\ImagePath = %WINDIR%\\services.exe. TECHNICAL DESCRIPTION: This looks like a recompile with minor modifications of the Win32.Mydoom.Y@mm worm, with the samenames for files, the same urls for downloading the backdoor and the same e-mails. Please read its description for more information. Removal instructions: Automatic removal: let BitDefender disinfect infected files.ANALYZED BY: Alexandru Carp,BitDefender Virus Researcher |