F-Mydoom
-------

F-Mydoom is a special tool to detect and remove the W32/Mydoom.A@mm
worm from the infected computer.

For detailed information on the Mydoom worm please visit

http://www.f-secure.com/v-descs/novarg.shtml


Usage
-----

NOTE: The tool has to be run with Administrator rights.

1. Unpack the F-Mydoom tool from the provided ZIP archive 
   either with WinZip or PkUnzip utilities. A trial version of 
   WinZip archiver can be downloaded from the following website:

http://www.winzip.com/ddchomea.htm
 
2, Start a command shell
   
   Click 'Start Menu->Run'

   Type 'cmd', press [Enter]

2, Change to the folder where the tool was unpacked

   Type 'cd \folder\where\the\tool\is'

3, Start the tool

   Type 'F-Mydoom'


What the tool does?
-------------------

- F-Mydoom locates the worm in the computer's memory and terminates
  the infected processes if they were found there

- Deletes the infected files from

  %SysDir%\taskmon.exe

  and

  %sysDir%\shimgapi.dll (the dropped backdoor)

- Removes the registry values created by the worm:

 HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TaskMon
 HKCU\Software\Microsoft\Windows\CurrentVersion\Run\TaskMon
 

Contact information
-------------------

If you need further assistance using this tool please contact 
us on 'anti-virus-support@f-secure.com' address.


Copyright (C) 2004 F-Secure Corporation. All rights reserved.

______________________
Manual Disinfection 
______________________

Manual disinfection of Mydoom consists of the following steps: 

1, Delete the registry value and restart the computer: 


 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TaskMon]


 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TaskMon]


 [HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32]

2, Delete the worm from the Windows System Directory: 


 %SysDir%\taskmon.exe

and its backdoor component from: 


 %SysDir%\shimgapi.dll