Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Win32/Mydoom.B

Win32/Mydoom.B is a variant of Win32/Mydoom.A. The size of the executable is 29 184 bytes. It is compressed by UPX .

Note: In following text a symbolic inscription %windir% is used instead of the name of directory in which Windows operating system is installed. Of course, this may differ from installation to installation. The inscription %system% represents the subdirectory System or System32 in the directory %windir%.

It installs itself into the system folder of Windows as explorer.exe and adds a new value in the following registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.

It also drops the file cftmon.dll into the system folder, which activates a backdoor on the system.
On Windows NT/2000/XP it modifies the file %system%\drivers\etc\hosts. This modification will make the update servers of several anti-virus companies inaccessible to the infected computer.

The detection of Win32/MyDoom.B using sample is added since version 1.613.