Troj/Padodo-Fam is a family of proxy and backdoor Trojans with password
When first run the Trojans copy themselves to the Windows system folder
with a random filename and an extension of EXE and drop a library DLL to
the system folder with a random filename and an extension of DLL.
The DLL is registered as a COM object creating registry entries similar
to the following:
\InProcServer32\@ = <pathname of dropped DLL>
How it spreads Email attachments
Vulnerable operating systems Windows
Side effects Downloads code from the internet
W32/MyDoom-S is a mass-mailing worm which harvests email addresses from your hard drive. The worm copies itself to the Windows folder and the System folder, and adds a registry entry to ensure it starts whenever you logon.
Emails sent by this worm have the subject line photos and an attachment named photos_arc.exe.