Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.
If the infection is in a local network, please follow the instructions on this webpage:
Mydoom.G is functionally similar to the original variant but it contains this hidden message: to netsky's creator(s): imho, skynet is a decentralized peer-to-peer neural network. we have seen P2P in Slapper in Sinit only. They may be called skynets, but not your shitty application.
Apparently, the author of Mydoom wanted to send a message to the authors of the Netsky worm:
The executable is packed with unmodified UPX, and a minority of the strings are scrambled as in the first variants of the worm, using the old fashioned ROT13.
The emails sent by Mydoom.G will contain one of the following subjects:
It might additionally contain any of the following:
to the subject.
Message bodies are chosen from:
The attachment filename will be composed from combining the any of the following filenames:
and the following extensions:
The worm will go through all the machines' drives and folder on them and performing the following actions on the found files.
Mydoom will harvest email addresses from files with the extensions:
If a file with extension PIF is found, it will overwrite 8 out of 10 times.
If the 'target' file has an extension among:
With a probability of 95% it will copy itself to a filename with the same name as the 'target' file, plus an the extension 'EXE' 8 out of 10 times and 'SCR' otherwise.
Mydoom.G will attempt to launch a DDoS attack against Symantec. When performing the attack, it will try to connect to either symantec.com or www.symantec.com. It will launch from 8 up to 77 of threads, requesting Symantec's main page.