What You Should Know About the Mydoom and Doomjuice Worm Variants


Important New Information

A new worm, which infects computers that are already infected with the Mydoom worm, has been detected on the Internet. This new worm is known as Doomjuice (a.k.a. Mydoom.C) and is currently spreading to computers that were already infected with Mydoom.A. Doomjuice and its variant, Doomjuice.B, cause computers to be used in attacks against other computers on the Internet. Infection by Doomjuice can degrade both computer performance and network connections.

Customers who have successfully removed Mydoom.A from their computers are not at risk for Doomjuice (Mydoom.C) infection.

Microsoft recommends that you review the information on this page to determine if you are infected and to learn what to do.

To determine whether you are infected with Mydoom.A, Mydoom.B, or Doomjuice, follow the instructions below. If you are infected, follow the steps on this page to remove the virus. If you are not infected, we still recommend that you go to the Protect Your PC site to check that your machine has a firewall installed and that your antivirus software is up to date.

On This Page

Installing and Enabling a Firewall
How to Tell If Your Computer Is Infected with Mydoom.A, Mydoom.B, or Doomjuice and Remove Them from Your Computer
What to Do If You Are Having Trouble Accessing Some Sites on the Internet
Visit Antivirus Software Vendors for More Information
What the Severity Ratings Mean

Installing and Enabling a Firewall

If you do not already have a firewall installed on your computer, we recommend that you do so immediately. A firewall is a piece of software or hardware that creates a protective barrier between your computer and potentially harmful content on the Internet, such as viruses and worms. A firewall also helps guard your computer against hackers. You will find a comprehensive guide to installing and enabling a firewall on the Microsoft Protect Your PC site.

How to Tell If Your Computer Is Infected with Mydoom.A, Mydoom.B, or Doomjuice and Remove Them from Your Computer

To find out whether your computer is infected, use one of the following procedures.

First, find out which operating system your computer uses.

If you use Microsoft Windows® XP, Windows 2000, Windows 98, Windows Me, Windows Server 2003

You can use our Mydoom and Doomjuice Worm Removal Tool to easily help detect and remove the Mydoom.A, Mydoom.B, and Doomjuice worms automatically.

Automatically Check For and Remove Mydoom and Doomjuice Infection


 Top of page


What to Do If You Are Having Trouble Accessing Some Sites on the Internet

If your computer is infected with the Mydoom worm or one of its variants, contact your antivirus vendor for the latest updates and information. Mydoom.B has a side effect that prevents access to some antivirus vendors' websites. If you are unable to access your antivirus vendor's website, you can regain access to that website by following one of the procedures shown just below.

If you know someone whose computer is infected with the Mydoom.B variant, that person may not be able to access this Web page. It would be helpful to tell that person that the same information that you see on this page can be found at: https://information.microsoft.com/security/antivirus/mydoom.asp

Note If you see a Security Information dialog box with the message "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?", click No.


If you use Windows XP, Windows 2000, Windows 98, Windows Me, or Windows Server 2003

You can use our Mydoom and Doomjuice Worm Removal Tool to easily help detect and remove the Mydoom and Doomjuice worms automatically, which will also restore access to fix access to the websites blocked by Mydoom.B.


 Top of page


Visit Antivirus Software Vendors for More Information

If your computer is infected with either Mydoom or Doomjuice and you need technical assistance, contact your antivirus vendor or Microsoft Product Support Services for help removing the worm.

  • For Microsoft Product Support Services in the United States and Canada, call toll free (866) PCSAFETY (727-2338).
  • For Microsoft Product Support Services outside the United States and Canada, visit the Product Support Services Web page.

Find additional information and resources from antivirus software vendors participating in the Microsoft Virus Information Alliance:


 Top of page


What the Severity Ratings Mean

Critical. A vulnerability related to a Microsoft product has been found, or an update is unavailable; two or more vectors of infection are known; a new vector of infection is possible; the distribution potential is high; unique data destruction can occur; and a significant disruption of service has occurred.

Moderate. A potential vulnerability related to a Microsoft product has been found; two or fewer vectors of infection are known; a new vector of infection is possible; the distribution potential is medium to high; unique data destruction has not occurred; and significant disruption of service has not occurred.

Low. Vulnerabilities related to Microsoft product have not been found; only one vector of infection is known; new vectors of infection have not been found; the distribution potential is low; unique data destruction has not occurred; and significant disruption of service has not occurred.


 Top of page


**

Severity

Impact of Attack

Mass mailing

**
**

Related Links

Technical Virus Alerts
**
**

Glossary Terms

Click the term to get the definition from our Security and Privacy Glossary.
virus
worm

**