Win32.Worm.Mytob.BC
VERY LOW
VERY LOW
60 KB
(Net-Worm.Win32.Mytob.bc, W32/Mytob-CP)
Symptoms
- Anti-virus/firewall is disabled
- File: LIEN VAN DE KELDERRR.EXE in the Windows System32 directory
- File: HOSTS overwritten to disable some antivirus sites access
Removal instructions:
Let BitDefender delete all files found infected with this worm.
Analyzed By
BitDefender Virus Research Team
Technical Description:
The worm comes by mail with the following characteristics:
From: spoofed
Subject: one of the following:
- Notice: **Last Warning**
- *DETECTED* Online User Violation
- Your Email Account is Suspended For Security Reasons
- Account Alert
- Important Notification
- *WARNING* Your Email Account Will Be Closed
- Security measures
- Email Account Suspension
- Notice of account limitation
Body: one of the following:
- Once you have completed the form in the attached file , your account records will not be interrupted and will continue as normal.
- The original message has been included as an attachment.
- We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.
- We attached some important information regarding your account.
- Please read the attached document and follow it's instructions.
Attachment: one of the following:
- email-info
- email-doc
- information
- account-details
- document
- INFO
- instructions
- info-text
- information
with an executable extension (EXE, PIF or SCR).
The worm also has a backdoor behaviour using the IRC protocol.
SHARE
THIS ON