Manually removing MyDoom requires editing the registry as outlined in the following steps:
Step 1. Disable System Restore if you're using Windows Me/XP.
When you make changes to your system, Windows does a restoration checkpoint. If it does this while the system is infected, it may come back to re-infect later.
For Windows XP (http://support.microsoft.com/default.aspx?kbid=283073) or ME (http://support.microsoft.com/default.aspx?kbid=264887)
Step 2. Restart the computer in "Safe Mode" (or VGA mode on Windows NT).
Since MyDoom creates running processes, and Windows doesn't allow you to delete files connected with running processes, restarting is necessary. Using "Safe Mode" prevents Windows from loading drivers and autorun entries so your system boots relatively clean.
Step 3. Run a full system scan with an updated Antivirus scanner.
If your scanner does not remove everything, follow the next few steps.
Step 4. Your antivirus software should, during detection, produce a list of files associated with the MyDoom virus.
Delete all these files.
The files will typically be the ones mentioned in the description above.
Step 5. Make a backup of the registry before you edit.
For Windows 95/98
Delete the entries associated with MyDoom from the registry as listed above.
Delete any entries flagged by your antivirus program.
Step 5a. The following instructions from the Symantec site outline the exact keys that are modified and need to be edited:
Click "Start," and then click "Run." (The Run dialog box appears.)
Step 5b. Type "regedit," then click "OK." (The Registry Editor opens.)
Step 5c. Navigate to the keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Step 5d. In the right pane, delete the value:
"Taskmon"="%System%\taskmon.exe"
Step 5e. Delete the key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersionExplorer\ComDlg32\Version
Step 5f. Delete the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersionExplorer\ComDlg32\Version
Step 5g. Navigate to the key:
HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32
Step 5h. In the right pane, modify the value as follows:
"(Default)"="%System%\webcheck.dll"
Step 5i. Exit the Registry Editor.
Step 6. Re-enable System Restore (Windows ME, XP), reboot machine.