Free mydoom software for windows

Mydoom.F Remover will enable you to easily get rid of the virus infection. All you need to do is download and run the application on the infected PC.

Mydoom.N installs a file that behaves as a backdoor by opening the TCP port 1034 and listens to it. By doing so, it allows hackers to remotely access the affected computer in order to carry out actions that would compromise users confidentiality or impede normal work.
Mydoom.N spreads via e-mail in a message with variable characteristics. The Mydoom.N Remover will allow you to get rid of the virus infection in nos time.

Mydoom.A is a worm that spreads via e-mail in a message with variable characteristics and through the peer-to-peer (P2P) file sharing program KaZaA.
Mydoom.A launches DDoS (Distributed Denial of Service) attacks against the website www.sco.com if the system date is between February 1 and February 12, 2004. It does this by launching GET/ HTTP/ 1.1 requests every 1,024 milliseconds. On February 12, 2004, the worm finishes its payload, ending its execution whenever it is activated.
Mydoom.A drops the DLL (Dynamic Link Library) SHIMGAPI.DLL, which creates a backdoor, opening the first available TCP port in the range from 3127 to 3198. This backdoor component allows to download and run an executable file, and acts as a TCP proxy server, allowing a hacker to gain remote access to network resources.
The Mydoom.A Remover will help you easily clean the virus from your computer.

This virus removal tool was designed to help users disinfect their computers when infected with I-Worm.Mydoom.A-H (I-Worm.Mydoom.A).

Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms.
They terminate any virus processes and reset any registry keys that the virus changed. Existing infections can be cleaned up quickly and easily, both on individual workstations and over networks with large numbers of computers.
W32/MyDoom-A is a worm which spreads by email. When the infected
attachment is launched, the worm harvests email addresses from address
books and from files with the following extensions: WAB, TXT, HTM, SHT, PHP,
ASP, DBX, TBB, ADB and PL.
W32/MyDoom-A creates a file called Message in the temp folder and runs Notepad to display the contents, which displays random characters.
W32/MyDoom-A spoofs, using randomly chosen email addresses in the "To:" and "From:" fields as well as a randomly chosen subject line. The emails distributing this worm have the following characteristics.
Subject lines
error
hello
hi
mail delivery system
mail transaction failed
server report
status
test
[random collection of characters]
Message texts
test
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment
The message contains Unicode characters and has been sent as a binary attachment.
Mail transaction failed. Partial message is available.
Attachment filenames
body
data
doc
document
file
message
readme
test
[random collection of characters]
Attached files will have an extension of BAT, CMD, EXE, PIF, SCR or ZIP.
W32/MyDoom-A is programmed to not forward itself via email if the recipient email address satisfies various conditions:
The worm will not send itself to email addresses belonging to domains containing the following strings: acketst, arin., avp, berkeley, borlan, bsd, example, fido, foo., fsf., gnu, google, .gov, gov., hotmail, iana, ibm.com, icrosof, ietf, inpris, isc.o, isi.e, kernel, linux, math, .mil, mit.e, mozilla, msn., mydomai, nodomai, panda, pgp, rfc-ed, ripe., ruslis, secur, sendmail, sopho, syma, tanford.e, unix, usenet, utgers.ed As a consequence the worm does not forward itself to a number of email domains, including several anti-virus companies and Microsoft.
The worm will not send itself to email addresses in which the username contains the following strings: abuse, anyone, bugs, ca, contact, feste, gold-certs, help, info, me, no, noone, nobody, not, nothing, page, postmaster, privacy, rating, root, samples, secur, service, site, spm, soft, somebody, someone, submit, the.bat, webmaster, you, your, www
The worm will not send itself to email addresses which contain the the following strings: admin, accoun, bsd, certific, google, icrosoft, linux, listserv, ntivi, spam, support, unix
The worm can also copy itself into the shared folder of the KaZaA peer-to-peer application with one of the following filenames and a PIF, EXE, SCR or BAT extension:
activation_crack
icq2004-final
nuke2004
office_crack
rootkitXP
strip-girl-2.0bdcom_patches
winamp5
Further reading: MyDoom worm spreads widely across internet, Sophos warns users to be wary of viral email and hacker attack W32/MyDoom-A is a worm which spreads by email. When the infected
attachment is launched, the worm harvests email addresses from address
books and from files with the following extensions: WAB, TXT, HTM, SHT, PHP,
ASP, DBX, TBB, ADB and PL.
W32/MyDoom-A creates a file called Message in the temp folder and runs Notepad to display the contents, which displays random characters.
W32/MyDoom-A spoofs, using randomly chosen email addresses in the "To:" and "From:" fields as well as a randomly chosen subject line. The emails distributing this worm have the following characteristics.
Subject lines
error
hello
hi
mail delivery system
mail transaction failed
server report
status
test
[random collection of characters]
Message texts
test
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment
The message contains Unicode characters and has been sent as a binary attachment.
Mail transaction failed. Partial message is available.
Attachment filenames
body
data
doc
document
file
message
readme
test
[random collection of characters]
Attached files will have an extension of BAT, CMD, EXE, PIF, SCR or ZIP.
W32/MyDoom-A is programmed to not forward itself via email if the recipient email address satisfies various conditions:
The worm will not send itself to email addresses belonging to domains containing the following strings: acketst, arin., avp, berkeley, borlan, bsd, example, fido, foo., fsf., gnu, google, .gov, gov., hotmail, iana, ibm.com, icrosof, ietf, inpris, isc.o, isi.e, kernel, linux, math, .mil, mit.e, mozilla, msn., mydomai, nodomai, panda, pgp, rfc-ed, ripe., ruslis, secur, sendmail, sopho, syma, tanford.e, unix, usenet, utgers.ed As a consequence the worm does not forward itself to a number of email domains, including several anti-virus companies and Microsoft.
The worm will not send itself to email addresses in which the username contains the following strings: abuse, anyone, bugs, ca, contact, feste, gold-certs, help, info, me, no, noone, nobody, not, nothing, page, postmaster, privacy, rating, root, samples, secur, service, site, spm, soft, somebody, someone, submit, the.bat, webmaster, you, your, www
The worm will not send itself to email addresses which contain the the following strings: admin, accoun, bsd, certific, google, icrosoft, linux, listserv, ntivi, spam, support, unix
The worm can also copy itself into the shared folder of the KaZaA peer-to-peer application with one of the following filenames and a PIF, EXE, SCR or BAT extension:
activation_crack
icq2004-final
nuke2004
office_crack
rootkitXP
strip-girl-2.0bdcom_patches
winamp5
W32/MyDoom-A creates a file called taskmon.exe in the system or temp folder and adds the following registry entry to run this file every time Windows starts up:
HKLMSoftwareMicrosoftWindowsCurrentVersionRunTaskmon = taskmon.exe
Please note that on Windows 95/98/Me, there is a legitimate file called taskmon.exe in the Windows folder.
W32/MyDoom-A also drops a file named shimgapi.dll to the temp or system folder. This is a backdoor program loaded by the worm that allows outsiders to connect to TCP port 3127. The DLL adds the following registry entry so that it is run on startup:
HKCRCLSID{E6FB5E20-DE35-11CF-9C87-00AA005127ED}InProcServer32
Default= ""
The worm will also add the following entries to the registry:
HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerComDlg32
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerComDlg32
W32/MyDoom-A, W32/MyDoom-AJ, W32/MyDoom-B, W32/MyDoom-F, W32/MyDoom-N, W32/MyDoom-O, W32/MyDoom-S and Troj/Bdoor-CHR can be removed from Windows computers automatically with the following Resolve tools:
Windows disinfector
BDLAAGUI is a disinfector for standalone Windows computers. To use it you have to do the following:
- Open MYDOOGUI.com file from your desktop after downloading it.
- Click on the Start Scan Button.
- Wait for the process to complete.
Command line disinfector
MYDOOSFX.EXE is a self-extracting archive containing MYDOOCLI, a Resolve command line disinfector for use on Windows networks. Read the notes enclosed in the self-extractor for details on running this program.
For Troj/Bdoor-CHR, you should replace the HOSTS file from backup, or open it in Notepad and remove any of the entries listed in the virus description.