Welcome to the Virus Encyclopedia of Panda Security.
It deletes files from the affected computer, drops a backdoor, ends processes belonging to antivirus programs and launches Distributed Denial of Service attacks against the websites www.microsoft.com and www.riaa.com.
|Detection updated on:||April 25, 2005|
|Yes, using TruPrevent Technologies
Mydoom.F is a worm with destructive effects that spreads via e-mail in a message with variable characteristics.
Mydoom.F deletes the files that have any of the following extensions: AVI, BMP, DOC, JPG, MDB, SAV and XLS.
Mydoom.F installs a DLL (Dynamic Link Library) that contains a backdoor. This DLL also ends processes belonging to antivirus programs, which leaves the affected computer vulnerable to the attack of other malwares.
In addition, Mydoom.F launches DDoS (Distributed Denial of Service) attacks against the websites www.microsoft.com and www.riaa.com when the system date is between the days 17 and 22 of any month and year. Two out of three times, the attack is launched against Microsoft's website.
A clear indication that Mydoom.F has affected the computer is that:
- Seven out of ten times, it displays an error message on screen, with any of the following phrases:
File is corrupted
File cannot be opened
Unable to open specified file
- In the remaining percentage, Mydoom.F creates a file with one of the following names: MAIL, BODY, TEXT or DATA. It fills this file with junk data and opens it with Notepad. Then, Mydoom.F deletes this file.