|I-Worm.Mydoom.aa is a modification of Mydoom.a.
It spreads via the Internet as an attachment to infected emails and via the Kazaa file-sharing network.
Only activated if the user opens the archive and launches the infected file.
The worm changes the standard 'hosts' file and users of infected machines will be unable to access some domains.
The worm also attempts to download a file named 'scran.jpg' from a specific site and to save it in the C: root directory under the name 'Scran.exe'.
This file is Worm.P2P.Scranor.a, another network worm.
The worm's mass mailing function is almost identical to that of Mydoom.a.
'tcp5424.dll', which is installed by the worm, is a backdoor which opens TCP port 5424 to receive commands.
The worm searches the system registry for the 'ICQ Net' and 'MsnMsgr' values and deletes them.
Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.