Virus W32.MyDoom began to appear in Vietnam on January 27, 2004 and spread very fast in the morning of January 28, 2004. From the morning of January 28, 2004, Bkis Security Center continuously receives emails with the following headers: Hi, Hello, Test, Mail Delivery System, Mail Transaction Failed, Server Report, Status, Error, Attachment virus files and phone calls from many provinces and cities asking about the virus. Bkis Security Center has analyzed the virus samples received and updated Bkav496 antivirus version W32.MyDoom at 4:30 pm on January 28, 2004.
The phenomenon of a computer infected with this virus is that when the network connection will see the network speed drops rapidly because the virus repeatedly sends emails with attachments to the virus file.
To remove the W32.MyDoom virus you need to follow these steps:
1. Download the Bkav software version Bkav496 to a folder on your machine.
2. If you use Windows Me or XP, you must turn off the System Restore function of the operating system.
3. If your computer has other anti-virus programs such as NAV, McAfee, then temporarily disable the Auto Protect function of those programs.
Run Bkav496, choose to scan all files, all drives.
5. Restart the computer.
Detailed description W32.MyDoom virus:
Virus W32.Mydoom is a virus that spreads via email, Kazzaa and p2p network. When it reaches the user, the following steps will be taken:
Copy the two virus files taskmon.exe and shimgapi.dll into the% System% directory - where% System% is the path to the Windows system directory. By default C: WinntSystem32 (Windows NT / 2000), C: WindowsSystem32 (Windows XP).
2. Create a key named "TaskMon" in
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
CurrentVersionRun
or
HKEY_LOCAL_USERSOFTWAREMicrosoft
WindowsCurrentVersionRun
The virus is activated every time the user boots the operating system.
3. Scan all files to collect email addresses from the following extensions:
.adb
.bb
.dbx
.asp
.php
.sht
.htm
4. Email all addresses found. Each letter has the following characteristics:
Subject heading:
Test
hello
Mail Delivery System
Mail Transaction Failed
Server Report
Status
Error
Message body:
test
Thông báo không được nhận ra in 7-bit ASCII encoding
and đã được gửi vào một tập tin binary.
Tập tin chứa ký tự Unicode và đã được gửi
như binary attachment.
Mail transaction failed. Partial message is available.
The attachment is 22,528 bytes in size and has the following name:
document
readme
text
file
data
test
message
body
The extensions of the attachments are:
.pif
.cr
.exe
.cmd
.bat
.zip
5. DoS attack on www.sco.com between 1-2-2004 and 12/2/2004.
Open TCP ports from 3127 to 3198, allowing hackers to infiltrate and exploit resources on the user machine.
You should be careful when receiving emails with the above characteristics and updated version Bkav 496 to kill this virus.
Download URL:
http://www.bkav.com.vn/download/sdownload.php
