Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


MYDOOM.AH VARINAT SPREADS IN THE WILD

Virus Name  : W32.Mydoom.AH@mm

Alias             : I-Worm/Mydoom.ad, W32/Bofra-B, WORM_MYDOOM.AH, Mydoom.AH

Virus type    : Internet Worm

Threat level : Medium

Virus details :

                     Mydoom.ah is a mass mailing worm, uses buffer overflow vulnerability in Internet explorer to spread. The worm uses e-mail addresses collected from the infected system to distribute infected messages. Mydoom.ah infected mail will not contain any file attachment. The worm arrives with following characteristics

Subject: Hi, Hello or <blank>
Message text:

" Hi! I am looking for new friends.
My name is Jane, I am from Miami, FL.

See my homepage with my weblog and last webcam photos!

See you! "

or

" Hi! I am looking for new friends. I am from Miami, FL. You can see my homepage with my last webcam photos! "

or

" Congratulations! PayPal has successfully charged $175 to your credit card. Your order tracking number is A866DEC0, and your item will be shipped within three business days.

To see details please click this link.

DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This email is being sent by an automated message system and the reply will not be received.

Thank you for using PayPal ".

The infected mail sample is given below

                     When clicking on the link, the worm file is copied and executed. Mydoom.ah copies itself with a random file name that ends with 32.exe in the Windows system folder. It also copies to vv.dat in the Windows desktop folder.

                     W32.Mydoom.ah@mm modifies registry run section to load automatically on the next startup. The registry modification is given below.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"Reactor3"= C:\%SYSTEM%\<random characters>32.exe

                     W32.Mydoom.AH@mm contains backdoor ability and it opens TCP port 1639 and listens for commands. It also attempts to connect IRC servers. This worm is also known as I-Worm/Mydoom.ad, W32/Bofra-B, WORM_MYDOOM.AH.

How can I protect my system?

                   Solo has incorporated W32.Mydoom.AH@mm in its signature file to protect users from this worm attack. Solo antivirus registered users are already protected from this Worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this Worm?

                   Solo antivirus can detect and remove W32.Mydoom.AH@mm worm safely. If you are already infected with this Worm, you can remove it from your computer using Solo Antivirus software.  Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link