WORM_MYTOB.AF Virus Found
Got a virus in the email today.
From: <kaps223@yahoo.co.in>
subject is: Good day
Attachment : document.zip (0.06 MB)
Document Type: document.zip
Here are your banks documents.
MIME-Version: 1.0
Received: from yahoo.co.in ([61.11.19.119]) by bay0-mc11-f4.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Sat, 24 Dec 2005 06:33:03 -0800
X-Message-Info: 6sSXyD95QpUhEqgBHdyXjDQyP7as0fKJhYCB2/ZUfqA=
X-MSMail-Priority: Normal
Return-Path: kaps223@yahoo.co.in
X-OriginalArrivalTime: 24 Dec 2005 14:33:03.0389 (UTC) FILETIME=[F28A14D0:01C60896]
W32.Mytob.AN@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
The worm spreads through the network by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in the Microsoft Security Bulletin MS04-011).
. To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document: How to make a backup of the Windows registry.
Click Start > Run.
Type regedit
Click OK.
Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\OLE
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
In the right pane, delete the value:
"WINMGR" = "taskgmgr.exe"
Exit the Registry Editor.
Got a virus in the email today.
From: <kaps223@yahoo.co.in>
subject is: Good day
Attachment : document.zip (0.06 MB)
Document Type: document.zip
Here are your banks documents.
MIME-Version: 1.0
Received: from yahoo.co.in ([61.11.19.119]) by bay0-mc11-f4.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Sat, 24 Dec 2005 06:33:03 -0800
X-Message-Info: 6sSXyD95QpUhEqgBHdyXjDQyP7as0fKJhYCB2/ZUfqA=
X-MSMail-Priority: Normal
Return-Path: kaps223@yahoo.co.in
X-OriginalArrivalTime: 24 Dec 2005 14:33:03.0389 (UTC) FILETIME=[F28A14D0:01C60896]
W32.Mytob.AN@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
The worm spreads through the network by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in the Microsoft Security Bulletin MS04-011).
. To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document: How to make a backup of the Windows registry.
Click Start > Run.
Type regedit
Click OK.
Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\OLE
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
In the right pane, delete the value:
"WINMGR" = "taskgmgr.exe"
Exit the Registry Editor.
