My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Free Virus Removal Tools

PC infected with a specific virus? Get rid of it now, for free! Simply browse through our database of known viruses below and hit the download button to start the virus removal process!

Virus activity

threat level

Alert level : extreme
Latest news
Hackers Breach NASA Database, Leak Account Credentials, Emails and Passwords
The GrenXPaRTa hackers group breached the systems of National Aeronautics and Space Admini [...]
Read More
Backdoor Still Hidden in Patch for Wi-Fi Routers
The backdoor affecting Sercomm wireless DSL routers has not been fixed, and lays hidden in [...]
Read More
Scam Easter Basket Packed with Fake Vouchers, Viagra and Religious Fraud
Cyber-criminals are hiding dangerous goodies among the Easter eggs and chocolate bunnies t [...]
Read More
Hackers attempt to blackmail cosmetic surgery firm, after stealing up to 500,000 patients’ records
The personal details of nearly half a million people, considering cosmetic surgery, may ha [...]
Read More
Are You Ready to Vote for HotforSecurity?
We’re excited to share with you that HotforSecurity and Bitdefender Labs have been nomin [...]
Read More
Bitdefender Blocks .rtf Exploit
Bitdefender has added detection to all products for code exploiting the recently revealed [...]
Read More
Trojan Promises Naked Videos of Facebook Friends
More than 2,000 people have been tricked into installing a Trojan after clicking on a new [...]
Read More
Digging into Facebook ads: finding clues that indicate a scam pattern
The paper by Bitdefender developer Andrei Serbanoiu, titled Digging into Facebook ads: fin [...]
Read More
Icepol MDN – A Server Snapshot
Bitdefender researchers have gained access on September 26, 2013 to the disk images of a s [...]
Read More
On the Cryptolocker Takedown #fail
Bitdefender researchers have identified a number of domains which are still hosting Crypto [...]
Read More
Featured removal tool

Win32.Worm.Mytob.BY

MEDIUM
MEDIUM
2.7 MB
05/30/05
This virus comes by e-mail, spoofing the sender address, and is packed with MEW, an executable file compressor. Once executed, the worm does the following: 1. Creates the mutex, in order to have only one instance of itself running in memory: H-3-1-1-B-0-T-3-F-1-X-3 2. Copies itself as %SYSTEM%\Lien Van de Kelder.exe 3. Creates/modifies the following registry keys: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "http://www.lienvandekelder.be" = "%SYSTEM%\Lien Van de Kelder.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] "http://www.lienvandekelder.be" = "%SYSTEM%\\Lien Van de Kelder.exe" [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess] "Start" = "4" 4. Starts harvesting e-mail addresses, searchin in folder "Temporary Internet Files", the current outlook e-mail account files, and from files matching .txt .htm .sht .jsp .cgi .xml .php .asp .dbx .tbb .adb .pl .wab searching in drives C: to Y: it avoids certain e-mail addresses, by comparing the address with an internal list of substrings. 5. The worm uses its own SMTP engine to send itself to the harvested email addresses, attempts to use the default e-mail account settings also to reconstruct the smtp server by prepending the following strings to the harvested email's domain names: gate. mail. mail1. mx. mx1. mxs. ns. relay. smtp. The email format is: From (spoofed, has a big list of names) Subject (one of the following): %Random string% Notice: **Last Warning** *DETECTED* Online User Violation Your Email Account is Suspended For Security Reasons Account Alert Important Notification *WARNING* Your Email Account Will Be Closed Security measures Email Account Suspension Notice of account limitation Body (one of the following): Once you have completed the form in the attached file , your account records will not be interrupted and will continue as normal. The original message has been included as an attachment. We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached. We attached some important information regarding your account. Please read the attached document and follow it's instructions. Attachment (may begin with): mail-info email-doc information account-details document INFO instructions info-text information followed by double extension (.tmp .doc .htm .txt) .exe .src .pif .zip example: INFO.htm.scr 6. Prevents/terminates execution of many security related products (executables) 7. Blocks access to several security related sites, by modifying the system HOSTS file 8. Has backdoor capabilities (irc bot): Connects to the IRC server irc.blackcarder.net and joins channel ##hb3f1x3 Once connected, listens for commands issued by an possible attacker. The commands may allow the attacker to: download/execute/update files (including the worm itself) gain information about the operating system and computer configuration stop the worm [...] [...]
load more results