Doomjuice.B uses computers infected by Mydoom.A to spread. This worm also launches a Denial of Service (DoS) attack on the Microsoft Web site.

Also known as: W32.HLLW.Doomjuice.B, W32/Doomjuice.worm.b, WORM_DOOMJUICE.B, Win32.Doomjuice.B, Worm.Win32.Doomjuice.B, W32/Doomjuice-B

How Does Doomjuice.B Worm Infect My System?

1. Creates the mutex, "sncZZmtx_133," which allows only one instance of the worm to execute in memory.
   
    
2. Copies itself as %System%\Regedit.exe.
   
    
3. Adds the value:
   
   "NeroCheck" = "%System%\regedit.exe"
   
   to one of the following the registry keys:
   
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   
   HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   
   so that the worm runs when you start Windows.
   
    
4. Randomly generates IP addresses and then attempts to connect to those IP addresses on TCP port 3127.
   
    
5. If the connection is established, the worm sends a copy of itself to the remote computer. The backdoor component of Mydoom.A will accept the file and execute it.
   
    
6. If the current system month is not January and the day is prior to the 8th or later than the 12th, the worm launches a DoS attack against www.microsoft.com, by sending a large number of HTTP GET requests to port 80.

How Can I Remove the Doomjuice.B virus?

Kaspersky Internet Security Can Prevent You From Virus and Intrusion. If Kaspersky detects Doomjuice.B during the scan, it will AUTOMATICALLY offer you the option of deleting it. Do this by following the program's instructions.

Follow these steps in removing the Doomjuice.B worm.

1. Disabling System Restore (Windows Me/XP)

For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles: "How to disable or enable Windows Me/XP System Restore".

2. Updating the virus definitions

If you do not know which anti-virus software can provide strong protection for you, Kaspersky Internet Security is recommended.

3. Identifying the Malware Program

To remove this malware, first identify the malware program.

1. Scan your system with your Pnada antivirus product.
2. NOTE all files detected as Doomjuice.B.

4. Terminating the Malware Program

1. Open Windows Task Manager.
   On Windows 95/98/ME systems, press
   CTRL+ALT+DELETE
   On Windows NT/2000/XP systems, press
   CTRL+SHIFT+ESC, then click the Processes tab.
2. In the list of running programs*, locate the malware file or files detected earlier.
3. Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
4. Do the same for all detected malware files in the list of running processes.
5. To check if the malware process has been terminated, close Task Manager, and then open it again.
6. Close Task Manager.

5. Removing Autostart Entries from the Registry

To remove the malware autostart entries:

1. Open Registry Editor. Click Start>Run, type Regedit then hit Enter.
2. In the left panel, double click the following:
   HKEY_LOCAL_MACHINE>Software>Microsoft>
   Windows>CurrentVersion>Run
3. In the right panel, locate and delete the entry:
   NeroCheck = "<%System%>\regedit.exe"
   Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 95, 98 and ME, C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP.
4. Close Registry Editor.

6. Scanning for and deleting the infected files

1. Start your Kaspersky Internet Security and make sure that it is configured to scan all the files.
2. Run a full system scan.
3. If any files are detected as infected with Doomjuice.B, click Delete.

How to Disinfect My Computer from Worms?

In order to keep your computer protected, bear the following tips in mind:

1. If you have filtering tools installed, configure them to reject messages with the characteristics described above. If, in spite of doing this, you receive the message that contains the virus: do not open it, do not run the attached file and delete it, making sure that you also delete it from the Deleted Items folder.
2. Install a good antivirus in your computer. Select Kaspersky Internet Security to get the Kaspersky antivirus solution that best suits your needs.
3. Keep your antivirus updated. If automatic updates are available, configure your antivirus to use them.
4. Keep your permanent antivirus protection enabled at all times.

Detect and Removal Instruction for Other Worms - 'D':