high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | May 2005 (3.93) |
| Protection available since | 25 March 2005 03:37:28 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please read the instructions for removing W32/Mytob-D.
More Information
W32/Mytob-D is a mass-mailing worm and backdoor Trojan that targets users of Internet Relay Chat programs. W32/Mytob-D is a mass-mailing worm and backdoor Trojan that targets users of Internet Relay Chat programs.
When first run W32/Mytob-D copies itself to the Windows system folder as msgmr.exe and creates the following registry entries:
HKCU\Software\Microsoft\OLE
Win TaskLoader
msgmr.exe
HKCU\SYSTEM\CurrentControlSet\Control\Lsa
Win TaskLoader
msgmr.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Win TaskLoader
msgmr.exe
HKLM\SOFTWARE\Microsoft\Ole
Win TaskLoader
msgmr.exe
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
Win TaskLoader
msgmr.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Win TaskLoader
msgmr.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Win TaskLoader
msgmr.exe
W32/Mytob-D copies itself to the root folder as:
funny_pic.scr
my_photo2005.scr
see_this!!.scr
hellmsn.exe
W32/Mytob-D also appends the following to the HOSTS file to deny access to security related websites:
127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 avp.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 www.microsoft.com
127.0.0.1 www.trendmicro.com
|
