Worm

Win32.Worm.MyDoom.NF information

Malware Removal

The Win32.Worm.MyDoom.NF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32.Worm.MyDoom.NF virus can do?

  • Attempts to connect to a dead IP:Port (13 unique times)
  • Starts servers listening on 0.0.0.0:1042
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Harvests information related to installed mail clients
  • Makes SMTP requests, possibly sending spam or exfiltrating data.
  • Creates a slightly modified copy of itself

Related domains:

ma1-aaemail-dr-lapp01.apple.com
ma1-aaemail-dr-lapp02.apple.com
ma1-aaemail-dr-lapp03.apple.com
rn-mailsvcp-ppex-lapp14.apple.com
rn-mailsvcp-ppex-lapp15.apple.com
rn-mailsvcp-ppex-lapp24.apple.com
rn-mailsvcp-ppex-lapp34.apple.com
rn-mailsvcp-ppex-lapp35.apple.com
rn-mailsvcp-ppex-lapp44.apple.com
mx1-lw-us.apache.org
mx2-lw-eu.apache.org
mx2-lw-us.apache.org
mx1-lw-eu.apache.org
rn-mailsvcp-ppex-lapp45.apple.com
openoffice.org
onlineconnections.com.au
ismtp.sitestar.everyone.net
mx.cam.ac.uk
apple.com
mxb-00377f03.gslb.pphosted.com
mx01.oxsus-vadesecure.net
pb-mx23.pobox.com
mx.openoffice.org
theriver.com
mxb-00377f01.gslb.pphosted.com
mail.openoffice.org
mxa-00377f01.gslb.pphosted.com
smtp.openoffice.org
mx02.oxsus-vadesecure.net
mxa-00377f03.gslb.pphosted.com
pb-mx22.pobox.com
northcoast.com
mx03.oxsus-vadesecure.net
pb-mx9.pobox.com
unicode.org
mx04.oxsus-vadesecure.net
pb-mx21.pobox.com
mx.unicode.org
mail.unicode.org
pb-mx11.pobox.com
smtp.unicode.org
netcom.com
pb-mx14.pobox.com
cl.cam.ac.uk
pb-mx20.pobox.com
mx.cl.cam.ac.uk
pb-mx10.pobox.com
mx.northcoast.com
mail.northcoast.com
smtp.northcoast.com
mail.cl.cam.ac.uk
pobox.com
mx.apple.com
mx.pobox.com
mail.apple.com
mail.pobox.com
smtp.apple.com
mx.onlineconnections.com.au
mail.onlineconnections.com.au
mx.netcom.com
mail.netcom.com
smtp.netcom.com
smtp.onlineconnections.com.au
smtp.cl.cam.ac.uk

How to determine Win32.Worm.MyDoom.NF?


File Info:

crc32: 8C1FEA40
md5: e0d603a3e0d4988e484fddc0e1749f1b
name: E0D603A3E0D4988E484FDDC0E1749F1B.mlw
sha1: e3087ef3ec55dd31ceb592054a1a9c141c749c6d
sha256: fa9bb6b9576601fab9bd1c109763f5a7e86a7ae868ec3f4d8b76286011968530
sha512: a91a8865f859154a50959349232e811335df978d0ce698213adba0f4dad8288b3a238019928164f92a6b67d30efdaec2c68535fe899d8ee4c8ae9d45df9d254a
ssdeep: 384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzUoE:SCIqdH/k1ZVcT194jp4oE
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

0: [No Data]

Win32.Worm.MyDoom.NF also known as:

BkavW32.MyDoomLB.Worm
K7AntiVirusEmailWorm ( 0000439f1 )
Elasticmalicious (high confidence)
DrWebWin32.HLLM.MyDoom.61471
CynetMalicious (score: 100)
CAT-QuickHealWorm.Mydoom
ALYacWorm.Mydoom
CylanceUnsafe
ZillyaWorm.Mydoom.Win32.3
SangforWin.Worm.Mydoom-5
CrowdStrikewin/malicious_confidence_100% (D)
K7GWEmailWorm ( 0000439f1 )
Cybereasonmalicious.3e0d49
BaiduWin32.Worm-Email.Mydoom.a
CyrenW32/Mydoom.CJDZ-5239
ESET-NOD32Win32/Mydoom.Q
ZonerWorm.Win32.Mydoom.24203
APEXMalicious
AvastWin32:Mydoom-EG [Trj]
ClamAVWin.Worm.Mydoom-5
KasperskyEmail-Worm.Win32.Mydoom.l
BitDefenderWin32.Worm.MyDoom.NF
NANO-AntivirusTrojan.Win32.Mydoom.cuyllc
ViRobotI-Worm.Win32.Mydoom.35784
MicroWorld-eScanWin32.Worm.MyDoom.NF
TencentWorm.Win32.Mydoom.l
Ad-AwareWin32.Worm.MyDoom.NF
SophosML/PE-A + W32/MyDoom-N
ComodoWorm.Win32.Mydoom.Q@308v
BitDefenderThetaAI:Packer.ABA073F91F
VIPRETrojan.Win32.Generic!BT
TrendMicroWORM_MYDOOM.GEN
McAfee-GW-EditionBehavesLike.Win32.Mydoom.mc
FireEyeGeneric.mg.e0d603a3e0d4988e
EmsisoftWin32.Worm.MyDoom.NF (B)
SentinelOneStatic AI – Malicious PE
JiangminI-Worm/Zhelatin.sq
WebrootW32.Rogue.Gen
AviraTR/BAS.Samca.zictf
Antiy-AVLTrojan/Generic.ASMalwS.1BED5
KingsoftHeur.SSC.77.1216.(kcloud)
MicrosoftWorm:Win32/Mydoom.L@mm
GridinsoftWorm.Win32.Mydoom.ka!i
ArcabitWin32.Worm.MyDoom.NF
SUPERAntiSpywareWorm.MyDoom
GDataWin32.Trojan.PSE.ZNDUT4
TACHYONWorm/W32.Mydoom.34820
AhnLab-V3Win32/Mydoom.worm.22020.H
Acronissuspicious
McAfeeGenericRXLN-WS!E0D603A3E0D4
MAXmalware (ai score=80)
VBA32Backdoor.Shiz
MalwarebytesMydoom.Worm.DDoS.DDS
PandaW32/Mydoom.DN.worm
TrendMicro-HouseCallWORM_MYDOOM.GEN
RisingWorm.Mail.Win32.Mydoom.l (CLASSIC)
YandexI-Worm.Mydoom.CR
IkarusEmail-Worm.Win32.Mydoom
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/MyDoom.M@mm
AVGWin32:Mydoom-EG [Trj]
Qihoo-360Worm.Win32.Mydoom.A

How to remove Win32.Worm.MyDoom.NF?

Win32.Worm.MyDoom.NF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment