Win32/Mydoom.R
[ad#ad2-left]
Win32/Mydoom.R is an e-mail worm for Microsoft Windows systems. Its file is approximately 28 kilobytes long, compressed by UPX. After decompression, its size is about 40kB.
Upon execution the form copies itself in the %windir% using the name java.exe. It also saves a file called services.exe there. This file is a backdoor component, that operates on TCP port 1034.
The following Registry entries are set to point to worm executables:
HKEY_LOCAL_MACCHINE\Software\Microsoft\Windows\CurrentVersion\Run\JavaVM
HKEY_LOCAL_MACCHINE\Software\Microsoft\Windows\CurrentVersion\Run\Services
The first entry contains path to java.exe, and the other points to services.exe.
According to the information on all the website in order to fix this you must use some anti-virus software.
[ad#ad2-right]
WORM_AGENT.AHQV [Trend Micro], Dropper/Xema.189952.B [AhnLab], Dropper.Small.LQ [AVG], Trojan.Crypt.Delf.AC [Bit Defender], Worm.W32.Agent-1 [ClamAV], IRC.W.W32.ClickIt.D [Otros], W32/Trojan3.AS [Authentium], I-Worm.Agent.ez [Quick Heal], Win32.HLLM.MyDoom.134 [Doctor Web], Trojan:W32/Agent.GCK [F-Secure], W32/Basine.C [Fortinet], Trojan.Crypt.Delf.AC [G DATA], Trojan.Crypt.Delf.AC [Ikarus], Email-Worm.Win32.Agent.js [K7 Computing], Email-Worm.Win32.Agent.js [Kaspersky], Worm:Win32/Mytob.SD [Microsoft], Win32/Injector.BZ [ESET], W32/P2PWorm.AAK [Norman], Trojan.Delfinject.Gen.3 [PC Tools], Backdoor.Win32.IRCbot.apj [Rising], Mal/Basine-C [Sophos], Dropper.Delf.26624.B [Hauri], Email-Worm.Win32.Agent.js [F-Secure], Backdoor/W32.IRCBot.28160.C [Otros], AGENT.ARQB [PerAntivirus]
According to the information on all the website in order to fix this you must use some anti-virus software. This one is a variant and should be dealt with as if it it the actual worm. It seems to be spreading through P2p and Email fooling the person into running programs. So be careful out there.
