There’s a variant of the Mydoom virus going around now. Mydoom.B also targets microsoft.com for the DDoS. It’s mostly a clone, with some filenames changed. http://files.invisibill.net/unmydoomb.inf will remove the new version, just like my last one did on the original.
However, the B version also tampers with your hosts file. A hosts file is a text file that lists some names and the IP addresses they should correspond to. The most common entry in a hosts file is 127.0.0.1 localhost. This is the standard loopback address, and tells the system that you mean your own PC anytime you use the servername localhost. Mydoom.B adds a bunch of common servernames and points them at 0.0.0.0, making it so that your computer can’t connect to those sites. Most of the sites are places you would go for updates or virus info – it attempts to cut you off from finding the information to fix the problem.
(microsoft.com is only added if it’s not within the DDoS date range)
Once the virus is on your system, you won’t be able to successfully connect to any of those sites. The fix is fairly simple though. You just need to remove those lines from your hosts file. You can search for “hosts” or it should be in your Windows directory on Win9x (C:\Windows\hosts) or under your system directory on WinNT (C:\WinNT\system32\drivers\etc\hosts). The hosts file doesn’t have an extension, so you may need to have Notepad (or whatever editor you’re using) look at all filetypes to open it. That’s the dropdown box under the filename in the Open box.
Now that you’ve got the hosts file open, you should see lines with “0.0.0.0” and the servernames above. Just delete any line that starts with 0.0.0.0 and has one of these servernames. Some ad-blockers will add names of ad servers here (so that you never connect to the ad server), but you should be able to tell which ones are valid servers blocked by the virus and which ones are ad servers blocked by another program.