WinMyDoomMmm Free Removal tool description
Free removal for Win32.MyDoom.M@mm

Symptoms:

- Presence of the following registry key:
- HKLMSoftwareMicrosofh2>Symptoms:

- Presence of the following registry key:
- HKLMSoftwareMicrosoftWindowsCurrentVersionRunJavaVM
with the following value:
- %WINDIR%java.exe

Presence of the following files:

- %WINDIR%java.exe
- %WINDIR%services.exe

The port 1034 is listening for incoming connections.

Technical description: This is an internet worm that spreads trough e-mail. When it is run it adds the following registry key:
HKLMSoftwareMicrosoftWindowsCurrentVersionRunJavaVM
with the following value: %WINDIR%java.exe

It copies itself to %WINDIR%java.exe
where %WINDIR% is a variable representing the Windows directory.

It drops the following file: %WINDIR%services.exe, that is detected by BitDefender as Backdoor.Mydoom.M

It tries to terminate some programs that have windows with the following names: rctrl_renwnd32, ATH_Note, IEFrame.

External Mirror 1




Author:
admin
Time:
Monday, May 5th, 2008 at 9:49 pm
Category:
AntiVirus
Comments:
You can leave a response, or trackback from your own site.
RSS:
You can follow any responses to this entry through the RSS 2.0 feed.
Navigation:
« W32.Gaobot Removal Tool 1.26.0 Download
Norton 360 2.0.0.242 Download »

Leave a Reply