MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

What is a computer virus?

Alert: Computer Virus Outbreaks

AVG Alternative Update URL

AVG Anti-Virus 7 FE

AVG Anti-Virus 7.5

AVG Email Server Edition

AVG File Server Edition

How to - Avoid Getting Infected

How to - Disabling System Restore

How to - Put Windows in Safe Mode

MAC OS X Anti-Virus

Removal of Trojan

Removing File Locked by OS

Stop the virus Ping-Pong

The real thing !

Viruses: Email-borne

Viruses: On-line Scanners
Home » Virus Protection » Alert: Computer Virus Outbreaks » 

Doomjuice Computer Virus

Win32 / Doomjuice is a family of worms that target machines infected with Win32 / Mydoom. Win32 / Doomjuice scans for systems listening on the TCP port opened by the backdoor component of Win32 / Mydoom. The worms launch a denial of service (DoS) attack against microsoft.com. Also known as Computer Associates: Win32.Doomjuice; McAfee: W32 / Doomjuice.worm; Symantec: W32.HLLW.Doomjuice; Trend Micro: WORM_DOOMJUICE.

When Win32 / Doomjuice runs, it copies itself to the %System% or %temp% directory. The worm also adds a value to one of the following registry keys:

  • HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
  • HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run

The data in this registry value references the created copy of the worm. This value causes the worm to run when Windows starts.

Win32 / Doomjuice may create the file sync-src-1.00.tbz in the following locations:

  • root of all fixed drives c-z
  • %Windows%
  • %System%
  • %Temp%
  • %USERPROFILE%

Win32 / Doomjuice randomly selects IP addresses from predefined ranges and sends itself through the port opened by a backdoor component of Win32 / Mydoom, if the target system is already infected by Win32 / Mydoom.


commentPost your comment 
Mail this pageMail this page

MAC-NET Secures IT | internet toolkit

© 2004-2008. All Rights Reserved.