Home / malware Win32.Worm.Doomjuice.B
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Win32.Worm.Doomjuice.B.
Explanation :
Once run, the virus does the following:
1. Creates a mutex COMP_NAME-sncZZmtx_133
where COMP_NAME is the victim's computer name
2. Deletes %SYSTEM%
egedit.exe and creates a copy of the virus as %SYSTEM%
egedit.exe
Note: Window's Registry editor regedit.exe resides in Windows (WinNT) folder.
3. Creates the registry key mentioned in Symptoms
4. Sees if the computer is connected to internet, if not, it waits for the computer to connect.
5. Starts a new thread that attempts to attack www.microsoft.com if the day is greater than 12, except January.
6. It spreads using the backdoor installed on port 3127 by the first Mydoom variant.Last update 21 November 2011