Aliases
Worm.Win32.Doomjuice.c, W32.HLLW.Doomjuice.B, WORM_DOOMJUICE.B
Type
Win32 worm
Description
W32/Doomjuice-C is a worm which spreads by exploiting a backdoor installed by W32/MyDoom-A. The functionality of the worm is similar to W32/Doomjuice-A but without the dropping of the archive with the W32/MyDoom-A source code.
The worm creates a copy of itself named regedit.exe in the Windows system folder and creates the following registry entry to ensure that the copy is run when Windows is started:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NeroCheck
W32/Doomjuice-C will contact computers infected with W32/MyDoom-A by attempting to connect to port 3127 of randomly chosen IP addresses. If the worm contacts a computer infected with W32/MyDoom-A a copy of W32/Doomjuice-C will be transfered to the computer and executed.
MORE: http://www.sophos.com/virusinfo/analyses/w32doomjuicec.html

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic