Sonicwall Signatures


Go to All Categories list.

Mydoom.L is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Mydoom.L has a file size of 22,020 bytes. Mydoom.L drops the following files on the hard drive:
  • C:\WINDOWS\lsass.exe (22020 bytes)
  • C:\WINDOWS\TEMP\x0cjf.txt (1036 bytes)
It also changes Windows registry:
  • Creates key "HKLM\Software\Microsoft\Windows\CurrentVersion\POSIX".
  • Creates key "HKCU\Software\Microsoft\Windows\CurrentVersion\POSIX".
  • Creates value "Traybar"="C:\WINDOWS\lsass.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
It also has possible backdoor functionality [unknown] port 1042, is executed every time Windows starts.

Relevant Information