Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

HijackThis automated log analyzer! Submit a log and you will receive ALL the information we have in our DB's on everything on your system INSTANTLY!

oz2.exe


Click here to Run a Free Scan for oz2.exe Related Errors

What is it?
oz2.exe is a file associated with the w32.mydoom.w@mm worm

What does it do?
W32.Mydoom.W@mm is a mass-mailing worm that attempts to perform a Distributed Denial of Service (DDoS) attack against www.symantec.com.

When W32.Mydoom.W@mm is executed, it performs the following actions:
  1. Creates the following registry keys:

    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerComDlg32Version
    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerComDlg32Version
    HKEY_CURRENT_USERSoftwareMicrosoftDaemon
    HKEY_LOCAL_MACHINESoftwareMicrosoftDaemon
  2. Creates the mutex "Sept-Symantec-Attack" so that only one instance of the worm can be executed.
  3. Deletes the files in the Windows Temp folder.
  4. Inserts the following files:
    • %Temp%Services.exe: This file will be detected as Backdoor.Zincite.A.
    • %System%About_Mydoom.txt: This is a text file and should be manually deleted.
    • %System%Doompic.jpg: This is a JPEG file and should be manually deleted.
    • %System%log32zx.exe: This file will be detected as Keylogger.Trojan.
    • %System%Downxz.bat: This file will be detected as Download.Trojan.
  5. Copies itself as:
    • %System%oz11111.exe
    • %Windir%oz2.exe
More information and removal instructions
@symantec

Fix oz2.exe Errors: Free Scan

Recommended: Free PC Speed Test - what is slowing down your PC?


oz2.exe is Spyware!

Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
Startup DB Entries: