W32/MyTob.NA@mm - Released Oct 15, 2005 - Last Updated Oct 17, 2005
|
Alias/esEmail-Worm.Win32.Doombot.b [KAV], W32.Mytob.KU@mm [NAV], W32/Doombot.B-mm, W32/Mytob-GH [Sophos], W32/Mytob.gh@MM [McAfee], W32/Mytob.NA-net, W32/MyTob.NA@mm |
Detection Availability
|
Visible Symptoms
- Security, Antivirus and debugging software programs
and services suddenly terminate after opening an email
attachment
- Creation of the file "d.exe" into the
System32 folder
- Unable to connect with various security websites
after becoming infected
- High CPU usage and utilization due to routines of
the virus on an infected system
|
Detailed AnalysisThis threat has a file size: 27480, with file compression:
Files:
- Copies itself to the local system
Installation to System:
- When run, it copies itself to:
C:\WINDOWS\system32\ - Drops the following files:
d.exe - And creates these registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices SYSTEM "d.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SYSTEM "d.exe"
More Info:
It drops a copy of itself at %system% directory. It also adds a registry entry to enable itself to run at startup.
|
Recommended Action
FortiGate systems:
- check the main screen using the web interface to
ensure the latest AV/NIDS database has been downloaded
and installed -- if required, enable the "Allow
Push Update" option
|
