W32/Mytob-KN

Category: Viruses and Spyware Protection available since:22 Feb 2010 19:12:13 (GMT)
Type: Win32 worm Last Updated:22 Feb 2010 19:12:13 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Mytob-KN is a worm with backdoor functionality for the Windows platform.

W32/Mytob-KN includes functionality to run automatically and modify personal firewall settings. The worm an be controlled through the Internet Relay Chat (IRC) network.

When W32/Mytob-KN is installed the following files are created:

<System>\windowsupdate.exe
<Root>\a.bat

The file a.bat is detected as Troj/Batten-A

The following registry entry is set, affecting internet security:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
<System>
windowsupdate.exe

Registry entries are created under:

HKCU\System\CurrentControlSet\Control\Lsa
Windows Firewall Updater
windowsupdate.exe

HKCU\Software\Microsoft\OLE
Windows Firewall Updater
windowsupdate.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Windows Firewall Updater
windowsupdate.exe

HKLM\System\CurrentControlSet\Control\Lsa
Windows Firewall Updater
windowsupdate.exe

HKLM\Software\Microsoft\Ole
Windows Firewall Updater
windowsupdate.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows Firewall Updater
windowsupdate.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Windows Firewall Updater
windowsupdate.exe

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy