Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/MyDoom-E

Feb 15, 2004 1:03PM PST

Type
Win32 worm

W32/MyDoom-E is a worm which spreads by email.
The worm copies itself to the Windows system folder using the filename taskmon.exe and sets the following registry entry that points to this copy to ensure it is run at system logon:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TaskMon

Please note that on Windows 95/98/Me, there is a legitimate file called taskmon.exe in the Windows folder.

W32/MyDoom-E will create the file shimgapi.dll in the Windows system folder.

The worm can also copy itself into the shared folder of the KaZaA peer-to-peer application.

A more detailed description will be published shortly.

http://www.sophos.com/virusinfo/analyses/w32mydoome.html

Discussion is locked