regedit.exe - Dangerous
%system%\regedit.exe
Manual removal instructions:
Antivirus Report of %system%\regedit.exe:
%system%\regedit.exe
Worm.Win32.Doomjuice.b
This worm spreads via the Internet, using computers infected by I-Worm.Mydoom.a and I-Worm.Mydoom.b to propagate.
Copies itself to:
%system%\regedit.exe
Adds the value: NeroCheck = %system%\regedit.exe
to registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
The worm creates the unique identifier _sncZZmtx_133 to show its presence in memory.
The worm connects to TCP port 3127, which has been opened by shimgapi.dll, the backdoor component of Mydoom, to receive commands.
If the infected computer answers the command, then Doomjuice establishes a connection and sends a copy of itself.
The backdoor component of Mydoom accepts the file and executes it.
To determine which IP addresses to attack, the worm uses the following formula: (A.B.C.D) where A,B,C,D is a random numbers.
If the current date is not between the 8th and the 12th of the month and it's not January the worm will launch a DoS attack on the www.microsoft.com site.
With RegRun Startup Optimizer you can automatical remove it from startup.
| %system%\regedit.exe | Malware |
| %system%\regedit.exe | Dangerous |
| %system%\regedit.exe | High Risk |
This worm spreads via the Internet, using computers infected by I-Worm.Mydoom.a and I-Worm.Mydoom.b to propagate.
Copies itself to:
%system%\regedit.exe
Adds the value: NeroCheck = %system%\regedit.exe
to registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
The worm creates the unique identifier _sncZZmtx_133 to show its presence in memory.
The worm connects to TCP port 3127, which has been opened by shimgapi.dll, the backdoor component of Mydoom, to receive commands.
If the infected computer answers the command, then Doomjuice establishes a connection and sends a copy of itself.
The backdoor component of Mydoom accepts the file and executes it.
To determine which IP addresses to attack, the worm uses the following formula: (A.B.C.D) where A,B,C,D is a random numbers.
If the current date is not between the 8th and the 12th of the month and it's not January the worm will launch a DoS attack on the www.microsoft.com site.
With RegRun Startup Optimizer you can automatical remove it from startup.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.