Threat Information for "Win32.HLLM.MyDoom.33"
| Summary | Top |
- Name: Win32.HLLM.MyDoom.33
- Aliases:
- Date Discovered: 2007-02-20
- Protection Added: 2007-02-26
| Description | Top |
-- Ease of Removal 1: File names randomly generated from a hard-coded list 2: Consistent file contents 3: Uses running processes -- Privacy Risks/Security Changes 1: Modifies host files -- Damage/Intrusion/Annoyance 1: Modifies non-critical registry entries 2: Creates new files -- Propagation/Saturation 1: Infects from a link in an email 2: Infects from an email attachment 3: Installed by other infections
| Technical Details | Top |
- Added Directory/File:
FilePath: %ROOTDRIVE%*.scr MD5: f60834617b0be6bfc7af425e1258f983 - Added Directory/File:
FilePath: %SYSTEMDIR%\*.exe MD5: f60834617b0be6bfc7af425e1258f983 - Added Registry Value:
Key: HKLM\SOFTWARE\Microsoft\OLE Value: WINTASK - Added Registry Value:
Key: HKCU\%CURRENTVERSIONREG%\Run Value: WINTASK - Added Registry Value:
Key: HKU\S-*\Software\Microsoft\OLE Value: WINTASK - Added Registry Value:
Key: HKCU\SYSTEM\CurrentControlSet\Control\Lsa Value: WINTASK - Added Registry Value:
Key: HKLM\SYSTEM\CurrentControlSet\Control\Lsa Value: WINTASK - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\RunServices Value: WINTASK - Added Registry Value:
Key: HKU\S-*\%CURRENTVERSIONREG%\Run Value: WINTASK - Added Registry Value:
Key: HKCU\Software\Microsoft\OLE Value: WINTASK - Added Registry Value:
Key: HKU\S-*\SYSTEM\CurrentControlSet\Control\Lsa Value: WINTASK - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: WINTASK
