Worm: Win32.HLLM.MyDoom


Win32.HLLM.MyDoom is a family of mass-mailing Internet worms that spread by email using addresses obtained from the infected computer. The From: address is made up by the virus, and probably does not exist.

The subject and content of the message are selected from a large number of text strings. The worm itself is in an attachment, which has the icon of a harmless file type such as a text file or a Microsoft Word document in an attempt to deceive the user.

If activated, the Win32.HLLM.MyDoom worm copies itself to the hard disk and installs a Registry entry so that it is run automatically at startup. The worm file has a randomly generated name, so it can be positively identified only with the aid of an up-to-date virus checker (although any active process with a gobbledygook filename would be a prime candidate.)

The Win32.HLLM.MyDoom worms also install a DLL file containing malware code in the Windows System folder.

The Win32.HLLM.MyDoom worms are also characterised by the following actions:


To prevent another infection by Win32.HLLM.MyDoom worms or similar viruses:


Manual removal

To remove the Win32.HLLM.MyDoom worm manually:

Automated removal

To remove the virus Win32.HLLM.MyDoom please see our tutorial Help! I've got a virus!

More information

Buy Kaspersky Anti-Virus