XBlock By Actiance - Home
Someone Spying on You? Fight Back!
Currently Notice: Undefined variable: incprefix in /data/www/xblock/product_show.php on line 123 25,860,543 Spy Software Busted!
Full Name:
W32.Mytob.KE@mm
Type: Worm
Also Known As: W32/Mytob-ET (SOPHOS) W32.Mytob.KE@mm (Symantec)
Danger Level: 2
Category Description: Virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. A program that propagates itself by attacking other machines and copying itself to the affected machine.

Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files.
Comment: Mass-mailing worm that has its own SMTP engine to send emails to addresses that it gathers from compromised computers.
Opens ports to allow remote attacker access to computer.
Lowers Internet Explorer security zones.
Can contain one of the following subject lines:

*WARNING* Your Email Account Will Be Closed
*DETECTED* Online User Violation
Your new account password is approved
Your password has been successfully updated
You have successfully updated your password
Your Account is Suspended For Security Reasons
Warning Message: Your services near to be closed.
Important Notification

Can contain one of the following or other message bodies:

Dear user {Username},

You have successfully updated the password of your {domain} account.

If you did not authorize this change or if you need assistance with your account, please contact {domain} customer service

at: {someone@domain}
Thank you for using {domain}!
The <domaim> Support Team

+++ Attachment: No Virus (Clean)
+++ {domain} Antivirus - www.{domain}

Dear user {Username},

It has come to our attention that your {domain} User Profile ( x ) records are out of date. For further details see the

attached document.
Thank you for using {domain}!
The {domain} Support Team

+++ Attachment: No Virus (Clean)
+++ {domain} Antivirus - www.{domain}


Dear {domain} Member,

Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please

take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future

problems with the online service.
If you choose to ignore our request, you leave us no choice but to cancel your membership.

Virtually yours,
The {domain} Support Team

+++ Attachment: No Virus found
+++ {domain} Antivirus - www.{domain}

Dear {domain} Member,

We have temporarily suspended your email account {usersemailaddress}.

This might be due to either of the following reasons:

1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.
See the details to reactivate your {domain} account.

Sincerely,The {domain} Support Team

+++ Attachment: No Virus (Clean)
+++ {domain} Antivirus - www.{domain}


Can contain one of the following or other attachments:

account-info
account-details
account-report
email-details
email-password
updated-password
accepted-password
new-password
important-details
info-text
password

Modifies the hosts file to block access to security web sites.

127.0.0.1 avp.com
127.0.0.1 ca.com
127.0.0.1 customer.symantec.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1 f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 mast.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 nai.com
127.0.0.1 networkassociates.com
127.0.0.1 rads.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 sophos.com
127.0.0.1 symantec.com
127.0.0.1 trendmicro.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 www.avp.com
127.0.0.1 www.ca.com
127.0.0.1 www.f-secure.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.mcafee.com
127.0.0.1 www.microsoft.com
127.0.0.1 www.my-etrust.com
127.0.0.1 www.nai.com
127.0.0.1 www.networkassociates.com
127.0.0.1 www.sophos.com
127.0.0.1 www.symantec.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.viruslist.com

   
Properties:
Manual Removal: Please backup the Windows registry before following the manual removal instructions.

How to back up, edit, and restore the registry in Windows XP and Windows Server 2003
http://support.microsoft.com/kb/322756/

How to back up, edit, and restore the registry in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;322755

How To Backup, Edit, and Restore the Registry in Windows 95, Windows 98, and Windows Me
http://support.microsoft.com/kb/322754/EN-US/



1. Click Start,choose Run.
2. Type regedit
3. Click OK.


4. Navigate to the following subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

5. In the right pane, delete the value:
"Hewlett Packard Manager" = "hpmanager.exe"

6. Exit the Registry Editor.




1. Disable System Restore (Windows Me/XP)

2. Open X-Clenaer

3. Click on the Malware scan tab and highlight the (C:)

4. Click Start Scan for Malware.

5. After scan is finished, browse to C:\WINDOWS\system32\drivers\etc

6. Double click on the hosts file and open it with notepad.

7. Remove these entrieslisted above.

8. Save the host file.


Restore the default security settings in Internet Explorer

1. Click Start, Settings, Control Panel

2. Double click Internet Options

3. Select the Programs tab

Back to the list of products removed by X-Cleaner

© Copyright 2003-2011, Actiance, Inc. All rights reserved.   Privacy Policy