|W32.HLLW.Doomjuice uses the computers, which W32.Mydoom.A@mm infects, to spread.
This worm also launches a Denial of Service (DoS) attack on the Microsoft Web site if the current system date is after February 11th, but before the end of this month.
Copies the W32.Mydoom.A@mm source code archive file sync-src-1.00.tbz to the root folder of all the fixed and remote drives.
Sends itself to the machines infected with W32.Mydoom.A@mm.
Copies itself as %System%\intrenat.exe.
Adds the value:
"Gremlin" = "%System%\intrenat.exe"
to one of the following the registry keys:
Randomly generates IP addresses and attempts to connect to those IP addresses on TCP port 3127.
If the connection is established, the worm first sends five bytes to the remote computer.
Then, it sends a copy of itself to the remote computer.
The backdoor component of W32.Mydoom.A@mm will accept the file and execute it.
Remove it from startup with antivirus (also check How To Remove section)Startup Optimizer or manually delete it's registry keys.