Raimund Genes, President of European Operations at Trend Micro told us: 'We know for sure that the DLL plant shimgapi.dll opens a backdoor on infected machines. The DOS attacks are programmed to stop after 12 February, but the backdoor remains open. Strangely, after 12 February new infections of MyDoom don't install the backdoor, but we don't know whether this is a deliberate act on the part of the writer or unintentional.
'But, some antivirus companies don't do a proper job. Some of the virus definitions released delete the bomb [the DOS component] but not the backdoor.'
Although he did not name names as to which vendors may be guilty, there are other ways that the machines may remain infected. While MessageLabs - a UK company that secures corporate email - first picked up the virus at 13:05hrs GMT on 26 January, vendors of desktop antivirus products didn't release new virus definitions for their customers to update their systems until several hours later.
http://www.pcpro.co.uk/?http://www.pcpro.co.uk/news/news_story.php?id=53412
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
General discussion
MyDoom-ed PCs still prey to hackers
Discussion is locked
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic