Email Viruses Mydoom.A and Mydoom.B

Section 1

1.1 How to tell if your PC is infected with Mydoom.A or Mydoom.B

If you use Windows NT 4, 2000, XP Home or XP Professional

  1. Click Start, and then click Run.
  2. In the Open box, type cmd
  3. Click OK. The black Command Prompt window will open, displaying C:\...>.
  4. Type cd \ and press ENTER. This will change the current directory to C:\ followed by a cursor.
  5. To check for Mydoom.A, click the cursor, and then type dir shimgapi.dll /a /s
  6. Press ENTER.
  7. Wait a few moments:
    If the results show File not found, the computer is not infected with Mydoom.A.
    If the results show Total files listed (see Image 1 - Note: your Directory of results may vary) and the file size is displayed, the computer is infected with Mydoom.A, and you need to contact your antivirus vendor or go to Section 2.
  8. To check for Mydoom.B, click the cursor, and then type dir ctfmon.dll /a /s
  9. 9) Wait a few moments:
    If the results show File not found, the computer is not infected with Mydoom.B.
    If the results show Total files listed (see Image 2 - Note: your Directory of results may vary) and the file size is displayed, the computer is infected with Mydoom.B, and you need to follow the steps in Section 2.

If you use Windows 95, 98, 98SE or ME

  1. Click Start, and then click Run.
  2. In the Open box, type:command
  3. Click OK. The black Command Prompt window will open, displaying C:\...>.
  4. Type cd \ and press ENTER. This will change the current directory to C:\ followed by a cursor.
  5. To check for Mydoom.A, click the cursor, and then type:dir shimgapi.dll /a /s
  6. Press ENTER.
  7. Wait a few moments:
    If the results show File not found, the computer is not infected with Mydoom.A.
    If the results show Total files listed (see Image 1) and the file size is displayed, the computer is infected with Mydoom.A, and you need to contact your antivirus vendor or go to Section 2.
  8. To check for Mydoom.B, click the cursor and then type:dir ctfmon.dll /a /s
  9. Wait a few moments:
    If the results show File not found, the computer is not infected with Mydoom.B.
    If the results show Total files listed (see Image 2) and the file size is displayed, the computer is infected with Mydoom.B, and you need to follow the steps in Section 2.

Section 2

What to do if your PC is infected with Mydoom.A or Mydoom.B

If your computer is infected, first consult your preferred antivirus vendor to get the latest updates and information. If you are unable to access your antivirus vendor's website, you can regain access by using one of the following procedures.

If you use Windows NT 4, 2000, XP Home or XP Professional

  1. Click Start, and then click Run.
  2. In the Open box, type:cmd
  3. Click OK. The black Command Prompt window will open, displaying C:\...>.
  4. Type cd \ and press ENTER. This will change the current directory to C:\ followed by a cursor.
  5. Click the cursor and type:del /F %systemroot%\system32\drivers\etc\hosts
  6. Press ENTER.
  7. Type:echo # Temporary HOSTS file >%systemroot%\system32\drivers\etc\hosts
  8. Press ENTER.
  9. Type:attrib +R %systemroot%\system32\drivers\etc\hosts
  10. Press ENTER.
  11. After typing these commands, do one of the following:
    a. If you use Windows NT 4.0, restart your computer.
    b. If you use Windows XP or Windows 2000, do not restart your computer. Instead, do the following:
  12. Type:ipconfig /flushdns
  13. Press ENTER.

If you use Windows 95, 98, 98SE or ME

  1. Click Start, and then click Run.
  2. In the Open box, type command
  3. Click OK. The black Command Prompt window will open, displaying C:\...>.
  4. Type cd \ and press ENTER. This will change the current directory to C:\ followed by a cursor.
  5. Click the cursor and type del c:\windows\hosts
  6. Press ENTER.

Image 1 - Command Prompt window on a Windows-based computer infected with Mydoom.A

Image 2 - Command Prompt window on a Windows–based computer infected with Mydoom.B
Top of page