My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Win32.Worm.Mytob.BC

VERY LOW
VERY LOW
60 KB
(Net-Worm.Win32.Mytob.bc, W32/Mytob-CP)

Symptoms

  • Anti-virus/firewall is disabled
  • File: LIEN VAN DE KELDERRR.EXE in the Windows System32 directory
  • File: HOSTS overwritten to disable some antivirus sites access

Removal instructions:

Let BitDefender delete all files found infected with this worm.

Analyzed By

BitDefender Virus Research Team

Technical Description:

The worm comes by mail with the following characteristics: From: spoofed Subject: one of the following:
  • Notice: **Last Warning**
  • *DETECTED* Online User Violation
  • Your Email Account is Suspended For Security Reasons
  • Account Alert
  • Important Notification
  • *WARNING* Your Email Account Will Be Closed
  • Security measures
  • Email Account Suspension
  • Notice of account limitation
Body: one of the following:
  • Once you have completed the form in the attached file , your account records will not be interrupted and will continue as normal.
  • The original message has been included as an attachment.
  • We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.
  • We attached some important information regarding your account.
  • Please read the attached document and follow it's instructions.
Attachment: one of the following:
  • email-info
  • email-doc
  • information
  • account-details
  • document
  • INFO
  • instructions
  • info-text
  • information
with an executable extension (EXE, PIF or SCR). The worm also has a backdoor behaviour using the IRC protocol.