What is it?
win32s.exe is a file associated with the w32.mydoom.v@mm
worm. What does it do? W32.Mydoom.V@mm
is a mass-mailing worm that downloads an excutable file.
When W32.Mydoom.V@mm is executed, it does the following:
More info and removal instructions @symantec
- Adds the value:
"Win32System" = "%WinSysDir%win32s.exe"
to the following registry key:
so that it is executed every time Windows starts.
- Creates a mutex named "LLLf54fxrDLLL" so that only one copy of the worm is run on the infected computer.
- Retrieves the email addresses from the Windows address book files.
- Retrieves the email addresses from the files that have the following extensions on drives C through Y:.........