Protector Plus Download Antivirus
Home
Download Antivirus
Antivirus Products
Order Antivirus


Antivirus Software for Windows XP/2000/2003
Antivirus Software for Windows Me/98
Antivirus Software for Exchange 2000/2003
Antivirus Software for NetWare

W32/Mytob.AB Worm

NameW32/Mytob.AB Worm
Aliases W32/Mytob-AB, W32.Mytob.AH@mm, W32/Mydoom.gen@MM, Net-Worm.Win32.Mytob.ab
Discovered on 9th April, 2005

 Virus Information - W32/Mytob.AB Worm:

W32/Mytob.AB is a mass mailing worm. This worm is a variant of W32/Mytob.A. The worm will infect Windows systems and spreads through email.

The infected mail 'From' address prefix will be any one of the following;

adam, alex, andrew, anna, bill, bob, brenda, brent, brian, britney, bush, claudia, dan, dave, david, debby, fred, george, helen, jack, james, jane, jerry, jim, jimmy, joe, john, jose, julie, kevin, leo, linda, lolita, madmax, maria, mary, matt, michael, mike, peter, ray, robert, sam, sandra, serg, smith, stan, steve, ted, to.

the suffix after '@' character will be any one of the following domains;

hotmail.com
cia.gov
fbi.gov
yahoo.com
juno.com
msn.com
aol.com

The subject of the infected mail will be any one of the following;

Good day
hello
status
test
Mail Transaction Failed
error
SERVER REPORT
Mail Delivery System
(Variable String)

The infected attachment will be any one of the following;

message
document
doc
body
data
file
test
text
readme
(Varible String)

The extension of the infected attachment will be single or double, The first extension can be any one of these;

doc, txt, htm.

The second extension can be any one of these;

cmd, bat, pif, scr, zip, exe.

The body of the infected mail will be any one of the following;

The original message was included as an attachment.

Here are your banks documents.

The message contains Unicode characters and has been sent as a binary attachment.

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

Mail transaction failed. Partial message is available.

The original message was included as an attachment.

(Variable String).

Upon execution of the infected attachment, the worm copies itself as;

taskgmr.exe and bingoo.exe in the Windows System folder.
see_this!!.scr, my_photo2005.scr and funny_pic.scr in the root of C: drive

The worm modifies registry at the following location to load itself during each startup.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

To propagate itself, the worm scans the files having the following extensions and collects all the available email addresses from the infected system.

adb, asp, dbx, htm, php, pl, sht, tbb, wab.

It also collects email addresses from the Temporary Internet Files folder.

The worm mails itself to these addresses using its own SMTP engine.

Anti virus for Windows Download Now!

Home Page Download Antivirus Antivirus Products Order Antivirus

Copyright © 2005 Proland Software.All rights reserved

antivirus software, anti virus software, anti virus, download antivirus, download anti virus, free antivirus, free anti virus, antivirus, download, free, windows, windows xp, xp, sp2, windows me, windows 2000, 98, 95, nt, me, 2003, netware, anti-virus, virus, worm, trojan, protector, plus, proland, virus software, spyware