W32/MyDoom-E

Discussion in 'malware problems & news' started by Marianna, Feb 16, 2004.

Thread Status:
Not open for further replies.
  1. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Type
    Win32 worm

    Description
    W32/MyDoom-E is a worm which spreads by email.
    The worm copies itself to the Windows system folder using the filename taskmon.exe and sets the following registry entry that points to this copy to ensure it is run at system logon:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TaskMon

    Please note that on Windows 95/98/Me, there is a legitimate file called taskmon.exe in the Windows folder.

    W32/MyDoom-E will create the file shimgapi.dll in the Windows system folder.

    The worm can also copy itself into the shared folder of the KaZaA peer-to-peer application.

    A more detailed description will be published shortly.

    http://www.sophos.com/virusinfo/analyses/w32mydoome.html
     
Loading...
Similar Threads
  1. boredog
    Replies:
    4
    Views:
    240
Thread Status:
Not open for further replies.