Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

HijackThis automated log analyzer! Submit a log and you will receive ALL the information we have in our DB's on everything on your system INSTANTLY!

oz2.exe


Click here to Run a Free Scan for oz2.exe Related Errors

What is it?
oz2.exe is a file associated with the w32.mydoom.w@mm worm

What does it do?
W32.Mydoom.W@mm is a mass-mailing worm that attempts to perform a Distributed Denial of Service (DDoS) attack against www.symantec.com.

When W32.Mydoom.W@mm is executed, it performs the following actions:
  1. Creates the following registry keys:

    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerComDlg32Version
    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerComDlg32Version
    HKEY_CURRENT_USERSoftwareMicrosoftDaemon
    HKEY_LOCAL_MACHINESoftwareMicrosoftDaemon
  2. Creates the mutex "Sept-Symantec-Attack" so that only one instance of the worm can be executed.
  3. Deletes the files in the Windows Temp folder.
  4. Inserts the following files:
    • %Temp%Services.exe: This file will be detected as Backdoor.Zincite.A.
    • %System%About_Mydoom.txt: This is a text file and should be manually deleted.
    • %System%Doompic.jpg: This is a JPEG file and should be manually deleted.
    • %System%log32zx.exe: This file will be detected as Keylogger.Trojan.
    • %System%Downxz.bat: This file will be detected as Download.Trojan.
  5. Copies itself as:
    • %System%oz11111.exe
    • %Windir%oz2.exe
More information and removal instructions
@symantec

Fix oz2.exe Errors: Free Scan

Recommended: Free PC Speed Test - what is slowing down your PC?


oz2.exe is Spyware!

Startup DB Entries:
[oz2]"Added by the MYDOOM.W WORM!" b

Service DB Entries:
Nothing Found

Disclaimer

Every attempt has been made to ensure the information about oz2.exe is accurate but alot of malware applications try to pose as valid applications. If it is something other than what was posted above please leave some feedback in the forum.
Printer Friendly

User Comments
Security Risks - Adware Spyware
sndconfg16.exe | salm.exe | isass.exe | se.dll | kazza.exe | backweb-7288971.exe | bridge.dll | wtoolsa.exe | tkbellexe.exe | dl.exe | newdot~1.dll | wupdt.exe | mwsoemon.exe | saie.exe | webrebates0.exe | bxxs5.dll | funny.exe | 180ax.exe | randreco.exe | mssearchnet.exe | service.exe | webrebates1.exe | saap.exe | sais.exe | wsup.exe | backweb-137903.exe | sed.exe | alcmtr.exe | wo.exe | ffisearch.exe | optimize.exe | iadhide4.dll | backweb-8876480.exe | cdaengine0400.dll | istsvc.exe | newdotnet6_38.dll | Fvprotect.exe | Winupdate.exe | java.exe | cmesys.exe |