WinMydoomVmm Free Removal toolWin32.Mydoom.V@mm Free Removal tool 1.0 Free Removal tool for Win32.Mydoom.V@mm virus | |
Download |
WinMydoomVmm Free Removal tool Ranking & Summary
Advertisement
WinMydoomVmm Free Removal tool Tags
- virus Free Removal Win32/Virut Win32.Mytob Win32.Evaman Win32.Swash Detect MyDoom Remove MyDoom MyDoom Remover MyDoom Win32.Mofei Mydoom.A antivirus Mydoom.A Win32.Rovud.a-c Win32/Vampiro Win32/Tanatos Win32.Parite I-Worm.Mydoom.A-H Win32/Sality Win32.Pawur Win32/Prepender Mydoom.N antivirus erase Mydoom.N Mydoom.N Win32/Magistr Mydoom antivirus erase Mydoom.AO Mydoom.AO Win32/Mabezat Win32/Kriz Win32/Gaelicum Win32/Elkern Win32/Dupator Win32/Delf.2.B Win32/Alman W32/MyDoom-A Mydoom.F antivirus remove Mydoom.F clean Mydoom.F Mydoom.F Free Removal mm editor Win32.IrcBot Win32 MIDP to Win32 Mydoom Worm mm+g Win32 COM the mydoom virus mm
WinMydoomVmm Free Removal tool Description
Free Removal tool for Win32.Mydoom.V@mm virus Symptoms: Presence of files Documents and SettingsAdministratorStart MenuProgramsStartuprx32hh00.exe and %SYSTEM%winspf32.exe. Presence of a file tmp*.tmp with a size of 234496 bytes. Presence of registry key: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunWinSPF = %SYSTEM%winspf32.exe. HKCUSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsVersion = FrankenShteiN HKLMSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsVersion = FrankenShteiN HKCUSOFTWAREMicrosoftWindowsCurrentVersionInternet Settings5.0User Agent HKLMSOFTWAREMicrosoftWindowsCurrentVersionInternet Settings5.0User Agent This is a mass-mailer that also drops a backdoor. The file is downloaded from one the following urls: "http://www.llc.unibo.it" "http://www.surrenderzeeland.nl" "http://www.mercyships.de" "http://www.hiw.kuleuven.ac.be" "http://www.ach.ch" "http://vugs.geog.uu.nl" "http://www.planetboredom.net" and is downloaded to a temporary file ( with a temporary name ). This file's size is 234496 bytes. It seems that there are more versions of this worm, which are just recompilations of the same source. The worm creates a mutex called 'qwedefacedRDE'. It uses threads for searching for e-mail addreses in the following file types: wab,xls,vbs,uin,txt,tbb,stm,sht,php,msg,mht,jsp,htm,eml,dht,dbx,cgi,cfg,asp. It sends mail using it's own SMTP engine.
WinMydoomVmm Free Removal tool Related Software