Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
I-Worm.MyDoom.gen; W32/MyDoom-Gen; Win32.Mydoom.S@mm
It opens a TCP port and sends itself by email.
Opens a TCP port and sends itself via email.
* Windows 95;
* Windows 98;
* Windows ME;
* Windows NT;
* Windows 2000;
* Windows XP;
* Windows Server 2003.
The worm sends itself by email to all email addresses it can find, using its own SMTP engine.
The email subject is one of the following:
Mail Delivery System
Mail Transaction Failed
MAIL TRANSACTION FAILED
The attachment name is one from the list below:
The extension is:
zip (if the worm sends itself as ZIP archive).
The email contains one of the following texts:
!!!!!!!!!!!, check the attachment!!!.
(Norton Anti Virus : No Virusses Found , Check The Attachment For
(Norton ANti Virus,Panda,Mcafee No Virusses Found).
Check the attachment for more information!.
check the attachment to get the lastest news.
come back my friend.
error , sorry we can't send the email so check the attachment.
error to send the mail!!!!!.
error, check the attachment for more information.
failed to send the email!, check the attachment for more information.
failed,check the attachment for more information.
hello check the attachment thx.
here is what you need,thx.
Mail transaction failed.
Partial message is available.
sorry we can't send the mail try later , check the attachment for more
the attachment for more information.
Try Later, Check the Attachment.
you can check the attachment for more information.
your attachment , thx.
If the email's attachment is executed, the Notepad.exe starts. The window has the following appearance:
The backdoor component of the worm opens the TCP Port 5422 permanentlyand is listening for incoming connections.
A copy of the worm is created in the <%system%> folder with the filename "tasker.exe".
The worm creates the following Registry entry in order to run automatically at the next system restart:
The file Nemog.dll (8.192 bytes) is also created in the <%system%> directory. The following Registry entry is created in order that the DLL file be loaded at the next system restart:
The following message can be read within the worm's body:
- MSG To SkyNet-Netsky: i know skynet is sucks so fuck off and i will complete my projects ok baby!,the second author for mydoom worms!!, he will complete the project, more is coming soon better than better,Kuwait.
Description inserted by Crony Walker on Tuesday, June 15, 2004