What is it?
windrv32.exe is a file associated with the W32.Mydoom.T@mm mass mailing worm What does it do?
W32.Mydoom.T@mm is a mass-mailing worm that downloads a copy of Backdoor.Nemog.B
Once W32.Mydoom.T@mm is executed, it performs the following actions:
More info and Removal @symantec
- Creates the following copies of itself:
- %Userprofile%Start MenuProgramsStartupautostart.exe
- %System% is a variable that refers to the System
folder. By default, this is C:WindowsSystem (Windows 95/98/Me),
C:WinntSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows
- %Userprofile% is a variable that refers to the current
user's profile folder. By default, this is C:Documents and
Settings<Current User> (Windows NT/2000/XP).
- Downloads, saves, and executes a temporary file from one of the following domains:
- Adds the value:
"WinSPF" = "%System%windrv32.exe"
to the following registry keys:
so that it is executed every time Windows starts.