W32.MyDoom.M@mm Virus

July 26, 2004

A new virus, W32.MyDoom.M@mm, is widespread at Virginia Tech and is very similar to previous MyDoom viruses. The MyDoom.M@mm virus:

  • Uses its own SMTP engine to send itself to all the email addresses that it finds from an infected system.
    The email has an attachment with a .bat, .cmd, .com, .exe, .pif, .scr, or .zip extension.
  • The attachment name may contain a randomly selected domain, which was found on the sender's system. For example, the attachment name could contain fakedomain.com if the address x@fakedomain.com was harvested.
  • The From field of the email is spoofed.
  • Downloads and executes a backdoor, detected as Backdoor.Zincite.A, on port 1034/tcp.

WARNING: Do not open any suspicious attachments!

Removal

Symantec has released a removal tool for this virus:
Removal Tool
Removal Tool Instructions

Further information, including removal instructions are available at:
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.m@mm.html.

If your computer is still having problems after following the instructions, you will need to format your computer and reinstall your operating system and applications.