Selected viruses, spyware, and other threats: sorted alphabetically

Win32/Mydoom.B is a variant of Win32/Mydoom.A. The size of the executable is 29 184 bytes. It is compressed by UPX .

Note: In following text a symbolic inscription %windir% is used instead of the name of directory in which Windows operating system is installed. Of course, this may differ from installation to installation. The inscription %system% represents the subdirectory System or System32 in the directory %windir%.

It installs itself into the system folder of Windows as explorer.exe and adds a new value in the following registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.

It also drops the file cftmon.dll into the system folder, which activates a backdoor on the system.
On Windows NT/2000/XP it modifies the file %system%\drivers\etc\hosts. This modification will make the update servers of several anti-virus companies inaccessible to the infected computer.

The detection of Win32/MyDoom.B using sample is added since version 1.613.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.