The following Microsoft products detect and remove this threat:. Send us feedback. Tell us about your experience. Published Nov 09, Updated Aug 15, Learn about other threats. Some variants also spread through peer-to-peer networks. The worm acts as a backdoor Trojan, which allows an attacker to access the infected system. This backdoor may be used to distribute other malicious software. What to do now To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution.
This value causes the worm to start when Windows is started. The backdoor Trojan allows unauthorized access to the infected system. The worm may load and execute the backdoor Trojan. The worm may modify the default values of the following registry keys to reference the backdoor Trojan; this causes Explorer. Mydoom was named by Craig Schmugar, an employee of computer security firm McAfee and one of the earliest discoverers of the worm. Schmugar chose the name after noticing the text "mydom" within a line of the program's code.
He noted: "It was evident early on that this would be very big. I thought having 'doom' in the name would be appropriate. Mydoom is primarily transmitted via e-mail, appearing as a transmission error, with subject lines including "Error", "Mail Delivery System", "Test" or "Mail Transaction Failed" in different languages, including English and French.
The mail contains an attachment that, if executed, resends the worm to e-mail addresses found in local files such as a user's address book.
Some early reports claimed the worm avoids all. A second version, Mydoom. B, as well as carrying the original payloads, also targets the Microsoft website and blocks access to Microsoft sites and popular online antivirus sites by modifying the hosts file, thus blocking virus removal tools or updates to antivirus software.
The smaller number of copies of this version in circulation meant that Microsoft's servers suffered few ill effects. Time Warner. The text of such messages can be any of the following:. The worm contains a bunch of URLs that it tries to download additional file from. The following sites are checked by the worm for the presence of that additional file:.
We are watching these locations in order to get the file that Mydoom is supposed to download and activate on an infected computer. So far we only could download a few files that are a variant of Surila backdoor Backdoor. The following domains are affected:.
Interesting thing is that the worm enables Registry tools and firewalls on a computer where it is present. But to hide its activities the worm adds its file name to the authorised applications list. As a result the worm's actions does not trigger firewall alerts. The worm has a limited lifecycle. After 3rd of February , the worm creates the following Registry key value:. Javascript is disabled in your web browser For full functionality of this site it is necessary to enable JavaScript.
Classification Category :. Type :. Aliases :. Summary MyDoom. Removal Automatic action Suspect a file is incorrectly detected a False Positive? Automatic action Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
Suspect a file is incorrectly detected a False Positive? If you wish, you may also: Check for the latest database updates First check if your F-Secure security program is using the latest detection database updates , then try scanning the file again. Submit a sample After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
Exclude a file from further scanning If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product. For more Support Community Find the latest advice in our Community. Email protection. Download our free Virus Removal Tool - Find and remove threats your antivirus missed. All rights reserved.
Products Products for Business For Business. Security Operations.
0コメント