W32/Mytob-E

Categoría: Virus y programas espía Protección disponible desde:15 ene 2007 00:00:00 (GMT)
Tipo: Win32 worm Última actualización:15 ene 2007 00:00:00 (GMT)
Predominio:

Download Descargue nuestra herramienta gratuita para la eliminación de virus - Encuentre las amenazas no detectadas por su antivirus

W32/Mytob-E is a mass-mailing worm and backdoor Trojan that targets users of Internet Relay Chat programs. W32/Mytob-E is a mass-mailing worm and backdoor Trojan that targets users of Internet Relay Chat programs.

When first run W32/Mytob-E copies itself to the Windows system folder as taskgmr.exe and creates the following registry entries:

HKCU\Software\Microsoft\OLE
WINTASK
taskgmr.exe

HKCU\SYSTEM\CurrentControlSet\Control\Lsa
WINTASK
taskgmr.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
WINTASK
taskgmr.exe

HKLM\SOFTWARE\Microsoft\Ole
WINTASK
taskgmr.exe

HKLM\SYSTEM\CurrentControlSet\Control\Lsa
WINTASK
taskgmr.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WINTASK
taskgmr.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
WINTASK
taskgmr.exe

W32/Mytob-E copies itself to the root folder as:

funny_pic.scr
my_photo2005.scr
see_this!!.scr

and creates the helper file hellmsn.exe (detected by Sophos as W32/Mytob-D) in the same location.

W32/Mytob-E also appends the following to the HOSTS file to deny access to security related websites:

127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 avp.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 www.microsoft.com
127.0.0.1 www.trendmicro.com

descargar Pruebe los productos de Sophos totalmente gratis
Descargue una evaluación gratuita

© 1997 - 2012 Sophos Ltd. Todos los derechos reservados. Aviso legal Privacidad