W32/MyDoom-S is a mass-mailing worm which harvests email addresses from your hard drive. The worm copies itself to the Windows folder and the System folder, and adds a registry entry to ensure it starts whenever you logon.
Emails sent by this worm have the subject line photos and an attachment named photos_arc.exe.
W32/MyDoom-S is a mass-mailing worm which harvests adresses from your hard drive.
W32/MyDoom-S copies itself to the Windows folder as rasor38a.dll and to the System folder as winpsd.exe. The worm then creates the following registry entry to ensure it is run at system logon:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
winpsd = <SYSTEM>\winpsd.exe
W32/MyDoom-S arrives in an email with the following characteristics:
Subject line: photos
Message text: LOL!;))))
Attached file: photos_arc.exe