cancel
Showing results for 
Search instead for 
Did you mean: 

Worm.Mytob.ca

N/A

Worm.Mytob.ca

Hello Folks
Help needed and I hope that someone in here wil be able to offer me some advice.
ok as you can see from the heading have got a worm in my email , its beeing stopped now by Plusnet server but how can i stop it sending myself email if you get my drift.
I could close the email box and open another but if i do this it wil mean changing all my accounts gas.electric and so on.
What is a worm and i mean in the land of the net not the ground.
Looking forward to any ideas.
6 REPLIES
N/A

Worm.Mytob.ca

W32/Mytob-CA is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.

When first run W32/Mytob-CA copies itself to the Windows system folder as shell.exe and creates the following registry entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows Shell
"shell.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Windows Shell
"shell.exe"

W32/Mytob-CA also appends the following to the HOSTS file to deny access to security related websites:

127.0.0.1 avp.com
127.0.0.1 ca.com
127.0.0.1 customer.symantec.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1 f-secure.com
127.0.0.1 kaspersky-labs.com
127.0.0.1 kaspersky.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 mast.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 nai.com
127.0.0.1 networkassociates.com
127.0.0.1 rads.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 sophos.com
127.0.0.1 symantec.com
127.0.0.1 trendmicro.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 www.avp.com
127.0.0.1 www.ca.com
127.0.0.1 www.grisoft.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.mcafee.com
127.0.0.1 www.microsoft.com
127.0.0.1 www.my-etrust.com
127.0.0.1 www.nai.com
127.0.0.1 www.networkassociates.com
127.0.0.1 www.sophos.com
127.0.0.1 www.symantec.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.viruslist.com

Please follow the instructions for removing worms.

Replace the Hosts file from a backup or edit it in Notepad to remove the changes that the worm has made.

You will also need to edit the following registry entries, if they are present. Please read the warning about editing the registry.

At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

and remove any reference to any file you deleted.

Close the registry editor.

Full details
http://www.sophos.com/virusinfo/analyses/w32mytobca.html
N/A

Worm.Mytob.ca

Changing your email address won't really help. If your PC is infected, any email address you use will carry the worm. You first have to eliminate the worm from your PC. The method above would work, but may not be easy to follow.

This may be a simpler solution. Go to:
http://housecall.trendmicro.com/
and run an on-line virus scan, it's free. If a virus is found, you'll get instructions for removal after the scan.

You may want to run also the spyware scan since you're there.

If the on-line scan doesn't work, ask here again. There are good freeware programs you can use. Also, if you use Windows, make sure it's up to date with all the security patches.

Good luck !
N/A

Worm

Thank you both for the advice
cannot understand why my norton did not do anything about this matter.
mwright thanks for the advice but i am not computer person so will have to take a weekend off to try the sort you sent me Sad .

Have done a scan udhiyana but it found nothing at all but thanks for the link and wil use it again.

I think its a weekend job and fingers crossed.
N/A

Viruses & Spam Ivan

Hi,

This is a common problem with computers and anti virus software, anti virus software has two major limitations namely there is

1) a vulnerable LAG TIME between a new virus or worm infection being released into the wild (i.e. usually this means the internet) and it being picked up by the anti virus software companies and then working out how & what it does (how it behaves in reality) and then the software makers releasing an update for their anti virus products.

2) Even then your anti virus software is ONLY any good if you keep it updated very regularly, this means atleast every 2 weeks minimum and possibly every day for some people (usually x1 per week is OK). Keeping the program updated means the program will be able hopefully to detect the latest nasties.

3) How & what you open in terms of emails is also extremely important, as spammers,hackers,crackers,script kiddies, etc will try alsorts of cons and tricks to get you to open their crappy nasty emails. The main problem isnt usually the email itself its the payload it carries.

Payloads can be just the email itself containing a script once openned it runs so there is little one can do once that happens. But more likely an attachment file, attachments are a dead give away its a virus or executable program of some sort. Which is why we are always told NEVER open email attachments unless your 100% certain where they came from & whom sent them to you. If in doubte in anyway BIN the file I always do under such circumstances and this rule has served me well over the past many years.

**I like and use a program called Mailwasher Pro which I highly recommend as it allows you to see the spam,virus ridden stuff,etc on the mail server BEFORE you even download it to your computer. With Mailwasher you can blacklist the rubbish etc and also delete the offal off the server itself (so you never receive it) you can equally add email address's to your friends list and you will only get the mail you want. I use this program locally on my machine in conjunction with force9's anti spam & anti virus service (at server level) so I have a multi layered approach or belt & braces if you like, anyway it works very well. http://www.mailwasher.net/ or http://www.firetrust.com

**Sadly 87% of my emails are offal, or offending rubbish with the remaining legitimate.

**Worm infections & Trojens are quite slippery & sneaky in nature, & they are always be changed and varients come out all the time. So dont be entirely suprised if your anti virus software didnt pick these things up. Worms & trojen dont behave in expected ways or ways the AV software expects hence it can & does miss them. Anti Trojen scanners are probably a better solution to these specific items. http://www.misec.net/trojanhunter/
& also see http://www.anti-trojan-software-reviews.com/index.htm

Ivan
--------------------------------------------------
F9 FOL Forum Moderator
F9 Broadband Premier 2MB User
Your Forum, Make Your Voice Count!
N/A

Worm.Mytob.ca

Hi pjones!

It could be that your PC isn't infected, but your email address is being used. For instance, it could have been picked up from the address book of someone with a compromised PC. In which case, I suppose, best thing would be to stop using it and create a new one.

Before you go and dismantle your registry trying to find the worm, you could try a few other ways to check whether it's in your PC or not.

1. Install Zone Alarm (choose the free version!)
http://www.zonelabs.com/store/content/home.jsp
This will tell you if any program in your PC is trying to access the Internet without you knowing, as would be the case if the worm was sending infected emails from your email client.

2. Try the Micro$oft removal tool
http://go.microsoft.com/?linkid=3792740
I'm not sure if this is any good, but another free scan won't do any harm.

3. Install and run these (make sure you download also the latest definitions)
SpyBot Search & Destroy: http://www.safer-networking.org/
Lavasoft Adaware: http://www.lavasoftusa.com/
M$ Antispyware (for XP only): http://www.microsoft.com/athome/security/spyware/software/default.mspx
These are all free and can live happily with each other.

I think if you do all this and nothing shows up, the chances are your PC isn't infected. You can enjoy the rest of the weekend Tongue

There's also very good advice here:
http://portal.plus.net/central/forums/viewtopic.php?t=14028
N/A

Worm.Mytob.ca

If you have nortons go to their home page and run their free scan and follow what they tell you. Check for updates first.

DO NOT run 2 seperate firewalls at the same time, they will eventually block everything. Zone alarm AND nortons is going to cause more problems.