MyDoom Virus Characteristics
The icon used by the file tries to make it appear as if the attachment is a text file:
When this file is run, it copies itself to the WINDOWS SYSTEM directory as taskmon.exe %SysDir%\taskmon.exe
%Sysdir% is the Windows System directory, for example C:\WINDOWS\SYSTEM
It
creates the following registry entry to hook Windows startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run "TaskMon" = %SysDir%\taskmon.exe
The virus uses a DLL that it creates in the Windows System directory: %SysDir%\shimgapi.dll (4,096 bytes)
This DLL is injected into the EXPLORER.EXE upon reboot via this registry key: HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32 "(Default)" = %SysDir%\shimgapi.dll
The virus will not replicate on the 12th February or later (although the DLL will still be installed).
MyDoom Novarg Mimail Removal Instructions
AntiVirus Protection Learn about MyDoom
Educate Yourself about the latest Virus threats like MyDoom, Mimail, and Novarg
