Need help? Ask the community or hire an expert.
Go to Avira Answers
??:Worm/Mydoom.BH.1
????:13/12/2012
??:??
????:?
?????????????
??/?????????
?? / ?????????
????:?
????:131.072 ??
MD5 ???:1aec7aebd916c3862131af0F7fe46da2
VDF ??:7.11.53.216 - donderdag 13 december 2012
IVDF ??:7.11.53.216 - donderdag 13 december 2012

 ???? ????:
   • ????


??:
   •  Mcafee: W32/Mydoom.gen@MM
   •  Kaspersky: Email-Worm.Win32.Mydoom.bh
   •  F-Secure: Email-Worm.Win32.Mydoom.bh
   •  Sophos: W32/MyDoom-BX
   •  Panda: W32/Mydoom.DL.worm
   •  Grisoft: I-Worm/Generic.BXO
   •  Eset: Win32/Mydoom.NA
   •  Bitdefender: Generic.Mydoom.4C96A5D8


??/????:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


???:
   • ??????????
   • ???????????
   • ????????
   • ?????
   • ?????

 ?? ???????????:
   • %SYSDIR%\dvupdate.exe



???????????????



??????:

– ??????????????:
   • %TEMPDIR%\tmp%?????%.tmp

%TEMPDIR%\%?????%.bat ???????????? ?????????????

 ??? ???????????????????????:

  [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
   • Driver Update="%SYSDIR%\dvupdate.exe"

 ???? ?????? SMTP ???????????? ?????????????? ?????????:


???:
?????????


???:
– ????????????????????
 ? WAB (Windows ???) ??????????


??:
??????:
   • A friendly warning
   • Greetings. Please read on.
   • Hello there! Read on.
   • Hey, just warning you
   • HEY, THIS IS KINDA URGENT
   • Some important information
   • You might want to read this...
   • You need to protect yourself

????????????????
???????????


??:
????????(regex)????
??????????????
?????????????????


???????????:

   • I don't know if you have heard yet or not but there's a deadly computer virus going around lately...
     I got caught by it the other day and lost all my files.
     Luckily Microsoft just released a fix which will protect you from it.
     I've attached the fix to this email, so you'll be fine if you install it
     Please open the attached file. It contains very important information concerning you.

   • Please open the attached file. It contains very important information concerning you.

   • I found a file that has a lot of information about YOU in it, I thought you might want to know about it.
     It's attached to this email, so open it if you're interested.

   • Hey, I assume you've heard about that new computer virus?
     A friend of mine got hit by it the other day and lost EVERY file on his compuiter.
     I attached a fix for it to this email, so you should be fine if you install it.
     Good luck!


??:
????????????:

–  ??????????:
   • ReadMe_TXT
   • ReadThisNow_TXT
   • UrgentInfo
   • MSWinFix
   • MSHotFix_Latest
   • Latest_Patch
   • Info_Doc
   • ImportantInfo
   • %?????%

    ?????????????:
   • .exe
   • .zip

??????????????

??????????????????



????????:


 ?? ????:
????????????????:
   • wab
   • adb
   • tbb
   • dbx
   • php
   • sht
   • htm
   • tmp


? TO (???) ??????:
????????????????:
   • sandra; linda; julie; jimmy; jerry; helen; debby; claudia; brenda;
      anna; alice; brent; adam; ted; fred; jack; bill; stan; smith; steve;
      matt; dave; dan; joe; jane; bob; robert; peter; tom; ray; mary; serg;
      brian; jim; maria; leo; jose; andrew; sam; george; david; kevin; mike;
      james; michael; alex; john; accoun; certific; listserv; ntivi;
      support; icrosoft; admin; page; the.bat; gold-certs; ca; feste;
      submit; not; help; service; privacy; somebody; no; soft; contact;
      site; rating; bugs; me; you; your; someone; anyone; nothing; nobody;
      noone; webmaster; postmaster; samples; info; root

????????????????

????????:
   • hotmail.com
   • yahoo.com
   • msn.com
   • aol.com


????:
??????????????????????:
   • mozilla; utgers.ed; tanford.e; pgp; acketst; secur; isc.o; isi.e;
      ripe.; arin.; sendmail; rfc-ed; ietf; iana; usenet; fido; linux;
      kernel; google; ibm.com; fsf.; gnu; mit.e; bsd; math; unix; berkeley;
      foo.; .mil; gov.; .gov; ruslis; nodomai; mydomai; example; inpris;
      borlan; sopho; panda; hotmail; msn.; icrosof; syma; avp; -._!@; -._!;
      spm; fcnz; www; abuse; .edu


MX ???:
?????? MX ????
????????? MX ???:
   • gate.
   • ns.
   • relay.
   • mail1.
   • mxs.
   • mx1.
   • smtp.
   • mail.
   • mx.

 ?? ???????????????:

???????????????

?????????:
   • www.symantec.com
   • securityresponse.symantec.com
   • symantec.com
   • www.sophos.com
   • sophos.com
   • www.mcafee.com
   • mcafee.com
   • liveupdate.symantecliveupdate.com
   • www.viruslist.com
   • viruslist.com
   • viruslist.com
   • f-secure.com
   • www.f-secure.com
   • kaspersky.com
   • kaspersky-labs.com
   • www.kaspersky.com
   • www.networkassociates.com
   • networkassociates.com
   • www.ca.com
   • ca.com
   • mast.mcafee.com
   • my-etrust.com
   • www.my-etrust.com
   • download.mcafee.com
   • dispatch.mcafee.com
   • secure.nai.com
   • nai.com
   • www.nai.com
   • update.symantec.com
   • updates.symantec.com
   • us.mcafee.com
   • liveupdate.symantec.com
   • customer.symantec.com
   • rads.mcafee.com
   • trendmicro.com
   • pandasoftware.com
   • www.pandasoftware.com
   • www.trendmicro.com
   • www.grisoft.com
   • www.microsoft.com
   • microsoft.com
   • update.microsoft.com
   • www.virustotal.com
   • virustotal.com
   • www.ahnlab.com
   • suc.ahnlab.com
   • auth.ahnlab.com
   • ahnlab.com




????hosts ???????:


 ???? ?????:
????:
   • io.phatnet.**********:7001

????????????

???????????:
     ????????


??????:
     ????
     ????
     ????
     ????

 ?? Mutex:
?????? Mutex:
   • doom1

 ?????? ????:
????????? MS Visual C++ ????


???????:
???????????????????????????????

Beschrijving ingevoegd door Monica Ghitun op woensdag 3 oktober 2007
Beschrijving bijgewerkt door Monica Ghitun op donderdag 4 oktober 2007

Terug . . . .
https:// Dit venster is voor uw veiligheid gecodeerd.