Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Doomjuice-C

Mar 5, 2004 12:59AM PST

Aliases
Worm.Win32.Doomjuice.c, W32.HLLW.Doomjuice.B, WORM_DOOMJUICE.B

Type
Win32 worm

Description
W32/Doomjuice-C is a worm which spreads by exploiting a backdoor installed by W32/MyDoom-A. The functionality of the worm is similar to W32/Doomjuice-A but without the dropping of the archive with the W32/MyDoom-A source code.
The worm creates a copy of itself named regedit.exe in the Windows system folder and creates the following registry entry to ensure that the copy is run when Windows is started:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NeroCheck

W32/Doomjuice-C will contact computers infected with W32/MyDoom-A by attempting to connect to port 3127 of randomly chosen IP addresses. If the worm contacts a computer infected with W32/MyDoom-A a copy of W32/Doomjuice-C will be transfered to the computer and executed.


MORE: http://www.sophos.com/virusinfo/analyses/w32doomjuicec.html

Discussion is locked