COMPARTIR
ESTO EN

Facebook Twitter Google Plus

Herramientas de Eliminación de Virus Gratuitas

¿Tiene un PC infectado por un virus específico? ¡Elimínelo ahora mismo gratuitamente! ¡Simplemente navegue por nuestra base de datos de virus conocidos más abajo, y haga clic en el botón de descarga para iniciar el proceso de eliminación del virus!

Actividad de virus

Nivel de amenaza

Nivel de alerta: normal
Últimas noticias
Piracy Groups Caught Selling Fake Android Apps
Leading members of three piracy groups that target Android, Appbucket, Applanet and Snappz [...]
¡Más información
Hacker Finds Undocumented Functions in Apple’s iOS That Could Siphon Data
Jonathan “NerveGas” Zdziarski, an iOS researcher and developer, has found seve [...]
¡Más información
Funny Video Facebook Scam Drops Not so Funny Trojan, Bitdefender Warns
A new “funny” video spreading on Facebook drops a not so hilarious Trojan on users’ [...]
¡Más información
Google Blocks Access to Less Secure Apps
Google added a sign-in security feature to its Gmail service in an effort to help users ke [...]
¡Más información
Apache Server Vulnerability Allows Attackers to Execute Code Remotely Without Authentication
An Apache HTTP server buffer overflow vulnerability could allow attackers to execute code [...]
¡Más información
Pushdo Botnet Tops 40k
According to Bitdefender researchers who are monitoring the sinkholed Pushdo domains, the [...]
¡Más información
Pushdo Sinkholing Continues, Size of Problem now Apparent
The sinkholing of Pushdo C&C domains continues and it has become apparent that the bot [...]
¡Más información
New Pushdo Variant Surfaces
Bitdefender researchers Alexandru Maximciuc, Cristina Vatamanu, Doina Cosovan, Paul Boț a [...]
¡Más información
On Cryptolocker and the Commercial Malware Delivery Platform behind It
In an ever-connected world, malware thrives and multiplies at an incredible rate. More tha [...]
¡Más información
Reveton / IcePol Ransomware Moves to Android
It was just a matter of time until the highly prolific gang behind the Reveton / IcePol ne [...]
¡Más información
Herramienta de eliminación destacada

Win32.Worm.Mytob.BY

MEDIO
MEDIO
2.7 MB
05/29/05
This virus comes by e-mail, spoofing the sender address, and is packed with MEW, an executable file compressor. Once executed, the worm does the following: 1. Creates the mutex, in order to have only one instance of itself running in memory: H-3-1-1-B-0-T-3-F-1-X-3 2. Copies itself as %SYSTEM%\Lien Van de Kelder.exe 3. Creates/modifies the following registry keys: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "http://www.lienvandekelder.be" = "%SYSTEM%\Lien Van de Kelder.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] "http://www.lienvandekelder.be" = "%SYSTEM%\\Lien Van de Kelder.exe" [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess] "Start" = "4" 4. Starts harvesting e-mail addresses, searchin in folder "Temporary Internet Files", the current outlook e-mail account files, and from files matching .txt .htm .sht .jsp .cgi .xml .php .asp .dbx .tbb .adb .pl .wab searching in drives C: to Y: it avoids certain e-mail addresses, by comparing the address with an internal list of substrings. 5. The worm uses its own SMTP engine to send itself to the harvested email addresses, attempts to use the default e-mail account settings also to reconstruct the smtp server by prepending the following strings to the harvested email's domain names: gate. mail. mail1. mx. mx1. mxs. ns. relay. smtp. The email format is: From (spoofed, has a big list of names) Subject (one of the following): %Random string% Notice: **Last Warning** *DETECTED* Online User Violation Your Email Account is Suspended For Security Reasons Account Alert Important Notification *WARNING* Your Email Account Will Be Closed Security measures Email Account Suspension Notice of account limitation Body (one of the following): Once you have completed the form in the attached file , your account records will not be interrupted and will continue as normal. The original message has been included as an attachment. We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached. We attached some important information regarding your account. Please read the attached document and follow it's instructions. Attachment (may begin with): mail-info email-doc information account-details document INFO instructions info-text information followed by double extension (.tmp .doc .htm .txt) .exe .src .pif .zip example: INFO.htm.scr 6. Prevents/terminates execution of many security related products (executables) 7. Blocks access to several security related sites, by modifying the system HOSTS file 8. Has backdoor capabilities (irc bot): Connects to the IRC server irc.blackcarder.net and joins channel ##hb3f1x3 Once connected, listens for commands issued by an possible attacker. The commands may allow the attacker to: download/execute/update files (including the worm itself) gain information about the operating system and computer configuration stop the worm [...] [...]
Mostrar más resultados