W32/MyTob.NA@mm

Alias/esEmail-Worm.Win32.Doombot.b [KAV], W32.Mytob.KU@mm [NAV], W32/Doombot.B-mm, W32/Mytob-GH [Sophos], W32/Mytob.gh@MM [McAfee], W32/Mytob.NA-net, W32/MyTob.NA@mm
Release DateOct 15, 2005
Detection Availability
Active DatabaseExtended Database
FortiGatelowhigh
FortiClient
FortiMailN/A
Current Antivirus Definition Database Version: 12.202
Description

Visible Symptoms

  • Security, Antivirus and debugging software programs and services suddenly terminate after opening an email attachment

  • Creation of the file "d.exe" into the System32 folder

  • Unable to connect with various security websites after becoming infected

  • High CPU usage and utilization due to routines of the virus on an infected system

Detailed Analysis

This threat has a file size: 27480, with file compression:

Files:

  • Copies itself to the local system

Installation to System:

  • When run, it copies itself to:
    C:\WINDOWS\system32\
  • Drops the following files:
    d.exe
  • And creates these registry entries:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices SYSTEM "d.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SYSTEM "d.exe"

More Info:

It drops a copy of itself at %system% directory. It also adds a registry entry to enable itself to run at startup.

Description Last Updated Date: Oct 17, 2005
Reference: ID - 99434