Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Support

Ihre Anfragen

Rufen Sie uns an

+7 (495) 789-45-86

Profil

Win32.HLLM.MyDoom.1423

Added to the Dr.Web virus database: 2012-09-17

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'http://www.lienvandekelder.be' = '\Lien Van de Kelder.exe'
  • [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'http://www.lienvandekelder.be' = '\Lien Van de Kelder.exe'
Malicious functions:
Terminates or attempts to terminate
the following user processes:
  • mpftray.exe
  • NAVAPW32.EXE
  • MCAGENT.EXE
  • fsav32.exe
  • GUARD.EXE
  • zapro.exe
  • ZONEALARM.EXE
  • smc.exe
  • nod32.exe
  • outpost.exe
  • AVP32.EXE
  • AVPCC.EXE
  • AVP.EXE
  • AVGCC32.EXE
  • AVGCTRL.EXE
  • Drwebupw.exe
  • fsav.exe
  • ccapp.exe
  • AVPM.EXE
  • AVSYNMGR.EXE
Modifies file system :
Creates the following files:
  • <SYSTEM32>\Lien Van de Kelder.exe
Network activity:
Connects to:
  • 'di#######here.blackcarder.net':12000
UDP:
  • DNS ASK di#######here.blackcarder.net