Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Soporte
Soporte 24 horas | Normas de contactar

Sus solicitudes

Perfil

Win32.HLLM.MyDoom.1432

Added to the Dr.Web virus database: 2013-12-13

Virus description added:

Technical Information

Malicious functions:
Creates and executes the following:
  • '%APPDATA%\GOBSV\DVRYG.exe' %APPDATA%\GOBSV\XVICR
  • '%APPDATA%\GOBSV\DVRYG.exe' %APPDATA%\GOBSV\KLFES
Executes the following:
  • '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe'
  • '<SYSTEM32>\wscript.exe' "%APPDATA%\GOBSV\35XD.vbe"
Injects code into
the following system processes:
  • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
Modifies file system :
Creates the following files:
  • %APPDATA%\GOBSV\XVICR
  • %APPDATA%\GOBSV\DVRYG.exe
  • %TEMP%\2EF67.dmp
  • %TEMP%\dw.log
  • %APPDATA%\GOBSV\35XD.vbe
  • %APPDATA%\GOBSV\QITSQ
  • %APPDATA%\GOBSV\UBSRF
  • %APPDATA%\GOBSV\KLFES
  • %APPDATA%\GOBSV\YMQGIX
Sets the 'hidden' attribute to the following files:
  • %APPDATA%\GOBSV\KLFES
Deletes the following files:
  • %APPDATA%\GOBSV\DVRYG.exe
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Shell_TrayWnd' WindowName: '(null)'
  • ClassName: 'EDIT' WindowName: '(null)'