Our team of researches surfs the Internet on an everyday basis in search of the latest registry news and relevant information useful to visitors. This site strives to provide exciting registry information with two basic principles; Simplicity and Quality, with reference to the best information on registries.
The writers of the site present articles illustrated with images, while ensuring that the articles are both clear and concise in order to provide professional, yet easy to understand articles. Registry products and problems are analyzed and evaluated so as to present visitors with professional and factual articles. More...
Mar
23rd

Avoid Encountering W32.Mytob@mm

Author: Indre | Files under Fix slow PC

cartoon.jpgAre you fed up with malware attacking your machine? In order to survive, i would suggest that you follow the latest news on viruses and maybe then you will be able to avoid being attacked unsuspectingly. One of the top viruses bothering computer users nowadays is called W32.Mytob@mm, so your task is to prevent this from occurring!

W32.Mytob.PI@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses which it collected from compromised computers. Apart from that, the worm also attempts to open a back door and lower security settings.

It also has the power to stop the Windows task manager from opening as well as prevent IT admins from checking and terminating the viral processes. Bear in mind that this worm impacts systems like, Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP.

This threat can be identified by the following aliases:

Antivirus -
AhnLab-V3 -
AntiVir TR/Dropper.Gen
Authentium W32/Backdoor2.DJES
Avast -
AVG Dropper.Generic.ADTI
BitDefender DeepScan:Generic.Mydoom.05FFBD97
CAT-QuickHeal -
ClamAV -
DrWeb -
eSafe -
eTrust-Vet -
F-Prot W32/Backdoor2.DJES
F-Secure Email-Worm:W32/Mydoom.BW
Fortinet DeepScan:Generic.Mydoom.05FFBD97
Ikarus Generic.Mydoom
K7AntiVirus -
Kaspersky Worm.Win32.AutoRun.shm
McAfee -
Microsoft Backdoor:Win32/Mydoom.gen
NOD32 a variant of Win32/Injector.DG
Norman -
Panda -
PCTools -
Prevx1 -
Rising -
SecureWeb-Gateway Trojan.Dropper.Gen
Sophos Troj/Agent-IGK
Sunbelt Backdoor.Win32.S (vf)
Symantec W32.Mytob@mm
TheHacker -
TrendMicro -
ViRobot -
VirusBuster -

When W32.Mytob.PI@mm is executed, it performs the actions listed below:

  • Copies itself as the following file:

%System\scalpe91.exe

Note: %System% is a variable pointing to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  • Adds the value:

“WINDOWS SYSTEM SCALPE” = “\scalpe91.exe”smarter_worm2_th.jpg

to the registry subkeys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunServices

so that it runs every time Windows starts.

  • Modifies the value:

“Start” = “4″

in the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess

Prevent your PC from being infected with this worm by taking the following measures:

  • Keep your antivirus software up-to-date, keep realtime protection enabled, and scan your entire system at least weekly.
  • Do not open attachments received unexpectedly as a major part of email worms spoof the ‘From’ address so that they nearly always seem to be from someone you really know.
  • Protect your HOSTS file from unauthorized modifications.
  • Make sure your Windows patches are up-to-date
  • Check to ensure your firewall is functioning well.

Resources:
Malware Spreading
The variants of Mytob
Prevention of Mytob

Post a Comment

Security Code: