W32/MyDoom-S

Aliases	Ratos
Category	Viruses and Spyware
Type	Worm
What to do	Please contact support for assistance with removal.
Prevalence	low high

Summary

Summary
Action
More Information


How it spreads	Email attachments
Affected operating systems	Windows
Included in our products from	October 2004 (3.86)
Protection available since	16 August 2004 06:51:26 (GMT)
Detected by	All Sophos products

Action

Summary
Action
More Information

Please read the instructions for removing W32/Mydoom-S.

More Information

Summary
Action
More Information

W32/MyDoom-S is a mass-mailing worm which harvests email addresses from your hard drive. The worm copies itself to the Windows folder and the System folder, and adds a registry entry to ensure it starts whenever you logon.

Emails sent by this worm have the subject line photos and an attachment named photos_arc.exe. W32/MyDoom-S is a mass-mailing worm which harvests adresses from your hard drive.

W32/MyDoom-S copies itself to the Windows folder as rasor38a.dll and to the System folder as winpsd.exe. The worm then creates the following registry entry to ensure it is run at system logon:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
winpsd = <SYSTEM>\winpsd.exe

W32/MyDoom-S arrives in an email with the following characteristics:

Subject line: photos
Message text: LOL!;))))
Attached file: photos_arc.exe

Get reports about the latest virus and spyware threats delivered to your computer

In this section

W32/MyDoom-S

Summary

Action

More Information