Mynex Contact Us  
Message Center | PC Repair | USA Auctiondrop | USA Overstock Direct | Mynex Portal
:: Site Map

Let Mynex remove viruses and spam from your e-mail before you download it!
No software required! All filtering is performed before it reaches your account at Mynex.
"It's good to have more than one wall of defense."
Click Here for pricing & information

W32/MyDoom-A

 

Mimail.R, Novarg.A, Shimg, W32.Novarg.A@mm, W32/Mydoom@MM

W32/MyDoom-A is a worm which travels by email. The worm harvests email addresses from your hard disk and uses randomly-chosen addresses for both the "to" and "from" fields. This means that the "from" address is spoofed and does not tell you where the mail really came from.

W32/MyDoom-A arrives in emails with the following characteristics:

 

Subject lines include :
error
hello
hi
mail delivery system
mail transaction failed
server report
status
test
[random collection of characters]

 

Attachment names include :
body
data
doc
document
file
message
readme
test
[random collection of characters]

 

Attachment extensions :
bat
cmd
exe
pif
scr
zip

 

W32/MyDoom-A attaches itself to emails in either EXE (Windows program) or ZIP (Zip archive) format.

W32/MyDoom-A drops itself to your System folder under the name taskmon.exe . W32/MyDoom-A also drops a file named shimgapi.dll , which is a backdoor program loaded by the worm. The backdoor allows outsiders to connect to TCP port 3127 on your computer.

 

W32/MyDoom-A adds the value:

 

Taskmon = taskmon.exe

to the following registry key:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

This means that W32/MyDoom-A loads every time you logon to your computer.

W32/MyDoom-A disinfection instructions

 

Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms. They terminate any virus processes and reset any registry keys that the virus changed. Existing infections can be cleaned up quickly and easily, both on individual workstations and over networks with large numbers of computers.

 

Windows 95/98/Me and Windows NT/2000/XP/2003

W32/MyDoom-A can be removed from Windows 95/98/Me and Windows NT/2000/XP/2003 computers automatically with the following Resolve tools.

 

Windows disinfector

MYDOOGUI is a disinfector for standalone Windows computers

If you are disinfecting several computers, download it, save it to floppy disk and run it from there