MyDoom virus variant has appeared in Vietnam

9 am am 28-7 virus variants MyDoom, the virus that disrupted many online search services, has appeared in Vietnam. Nguyen Tu Quang, director of the Center for Network Security (BKIS), said that until 16g15 the processing plan was updated to the Bkav528 version. Readers can download BKAV528 version at Download Bkav2002 (Version 528) & nbsp; & nbsp; & nbsp; 301kb

As soon as control of the website search on July 27, virus variants MyDoom turned to attack servers that provide advertising services for commercial websites. This makes customers of more than 40 well-known websites such as Nortel Networks, Gateway, MCI and CNN can not see the ads.

Sophos' virus attack on July 27 has led to heavy searches, with Google (45%), Lycos (22.5%), Google (45%), Yahoo! (20%) and Altavista (12.5%). - According to Tuoi Tre

More information on MyDoom Variation and Removal Variations:

BKAV 528 virus update W32.MyDoom.M

To remove the W32.MyDoom.M virus you need to follow these steps:

. Download Bkav software version Bkav528 about a folder on the machine.

If you use Windows Me or XP, you must turn off the function System Restore of the operating system go.

. If your computer has installed other anti-virus programs such as NAV, McAffe must be temporary Turn off the Auto Protect function of those programs.

. Running Bkav528, Select to scan all files, all drives.

Restart computer to complete.

Some characteristics of the W32.MyDoom.M virus

Generate keys

• HKEY_LOCAL_MACHINESoftwareMicrosoftDaemon

• HEY_CURRENT_USERSoftwareMicrosoftDaemon

to mark the machine has been infected with the virus

Copy itself to:

% Windir% java.exe

Generate the following files

% Windir% services.exe
% Temp% services.exe

This file is a backdoor waiting in port 40Ah (1034)

Produce the following strings:

"Services" = "% Windir% services.exe"
"JavaVM" = "% Windir% java.exe"

The worm can run at boot time

MyDoom.M also creates the following files:

% Temp% zincite.log
% Temp% <xâu nhiên="" ngẫu="" tự="" kí=""> .log

Find and extract email addresses in the following extensions files on your entire hard drive:

• .pl 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-nghe?p=1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.quantrimang.com label:Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.quantrimang.com www.mailenable.com www.microsoft.com

• .ph 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-nghe?p=1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.quantrimang.com label:Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.quantrimang.com www.mailenable.com www.microsoft.com

• .tx 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-nghe?p=1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.quantrimang.com label:Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.quantrimang.com www.mailenable.com www.microsoft.com

• .bb

• .ht 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-nghe?p=1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.quantrimang.com label:Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.quantrimang.com www.mailenable.com www.microsoft.com

• .asp

• .sht

• .adb

• .dbx

• .wab

Ignore mail addresses that contain strings:

• mailer-d

• spam

• abuse

• master

• sample

• accoun

• privacycertific

• bugs

• listserv

• submit

• tv

• support

• admin

• page

• the.bat

• gold-certs

• feste

• not

• help

• foo

• soft

• site

• rating

• you

• your

• someone

• anyone

• nothing

• nobody

• noone

• info

• winrar

• winzip

• rarsoft

• sf.net

• sourceforge

• ripe.

• arin.

• google

• gnu.

• gmail

• seclist

• secur

• bar.

• foo.com

• trend

• update

• uslis

• domain

• example

• sophos

• yahoo

• spersk

• panda

• hotmail

• msn.

• msdn.

• microsoft

• sarc.

• syma

• avp

Send the following queries to lycos, altavista, yahoo, google search sites to find more email addresses:

• http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=

• http://www.altavista.com/web/results?q= & amp; kgs = 0 & amp; kls = 0

• http://search.yahoo.com/search?p= & amp; ei = UTF-8 & amp; fr = fp-tab-web-t & amp; cop = mss & amp; tab =

• http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=

  With is the domain name found.

Create and send messages with the following characteristics:

Title maybe

• hello

• error

• status

• test

• report

• không thành công

• Message could not be delivered

• Mail System Error - Returned Mail

• Delivery reports about your e-mail

• Returned mail: see transcript for details

• Trả lời: Định dạng dữ liệu sai

Attachments

File name can be one of the values:

• readme

• instruction

• transcript

• mail

• letter

• file

• text

• attachment

• document

• message

Extensions

• .exe

• .cr

• .com

• .zip

• .pif

• .bat

  Attached files are zip files 75% is compressed twice and 25% is compressed once. Files with other extensions are copies of the virus.

  In addition, the virus also creates the following false extensions to deceive users:

• doc

• txt

• htm

• html

Analyst: Le Nhat Minh, Dao Van Huy. - According to BKAV

Download Bkav2002 (Version 528) & nbsp; & nbsp; & nbsp; 301kb