Doubleclick DDoS'd, W32.Zindos.A Microsoft DoS, FXMYDOOM Feedback

Published: 2004-07-27
Last Updated: 2004-07-28 02:25:27 UTC
by John Bambenek (Version: 1)
0 comment(s)
Doubleclick DDoS'd

Around 10:30 EDT Doubleclick, a provider of web advertisements, started experiencing a massive denial-of-service attack on their DNS servers. This has caused a peripheral slowdown of other sites that use the Doubleclick service to serve ads on their webpages. Read more at:
W32.Zindos.A Microsoft DoS

The W32.Zindos.A worm which infects machines via the backdoor that Backdoor.Zincite.A opens (which is delivered by MyDoom.M) performs a DoS against the domain. Due to the buggy code, this will cause a machine to become slow and unresponsive due to repetitive infections of Zindos. For more information go to:

A user wrote in stating that the FXMYDOOM program would not completely clean up a system from all the processes. He gave the following steps to ensure a clean system.

1. Reboot into safe mode with networking support and sign in.

2. Run FXMYDOOM, downloadable from Symantec. Go onto step 3 while step 2 runs.

3. Visit the ?Run? sections of both HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER (full example path above) and delete any calls to:
a. Javavm

b. Services

c. Tray (which will have a path to ********.exe listed in the data field)
Norton?s tool usually didn?t catch the ?javavm? or ?tray? entries on PC?s I worked on, so be on the lookout for them.

4. Once step 2 has completed, manually verify javavm.exe and services.exe are no longer in %windir%

5. Reboot into normal mode, ideally, user should sign-in. In absence of user, sign in yourself.

6. Once boot completes and taskbar fully loads check ?processes? tab to make sure there aren?t any extra ?services?, ?javavm?, or ?********.exe? files running. Note it is normal to have one copy of ?services? running on a PC. One copy, good. Two copies, bad.

7. Re-run step 2. Have user contact you if it finds any instance of mydoom on the PC.


John Bambenek, jbamb -at-
0 comment(s)


Diary Archives