The Mydoom-B Worm spreads via infected email attachments, P2P file sharing and network spreading. The worm is 29,184 bytes long. The Mydoom-B is similar to the Myddom-A worm. the Mydoom-B has added an additional body message which it selects at random when sending out infected files. These are "Sendmail daemon reported." and "Error #804 occured during SMTP session. Partial message has been received."
REMOVAL INSTRUCTIONS:
- Run REGEDIT and delete the values:
- %system_dir%\ctfmon.dll
in registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32]
- "Explorer"="%system_dir%\explorer.exe"
in registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- Run Vbuster.Exe and use it to delete all occurances of the worm
Return Home