W32.Koobface.B

Posted by elise in Blog Latest Spyware Threats, Recent Articles, Worm on January 23rd, 2009 | Leave a comment
TAGS: , , ,

What is W32.Koobface.B?

W32.Koobface.B is a Windows platform network worm that spreads via social network sites such as Facebook and MySpace, in order to send users a copy of itself. This threat usually targets Facebook users by creating spam messages and sending them to the E-mail addresses within the victim’s system via the Facebook web site.

When the threat firstly executes, it automatically creates the following registry entry so that it runs whenever Windows system starts up: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe” Then it will show up the error message saying: Error installing Codec. Please contact support. Moreover, W32.Koobface.B will check for social network cookies, and change your profile by adding links to hazardous sites that contain worms.

Download automatic scanner for W32.Koobface.B
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual W32.Koobface.B removal instructions
WARNING: The manually removal method is for advanced users. W32.Koobface.B manually removal can be difficult and time-consuming. There is no guarantee that W32.Koobface.B can be completely removed, for there are hundreds of files generated when W32.Koobface.B installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for W32.Koobface.B removal manually:

Navigate and stop the W32.Koobface.B processes:
C:\Windows\fbtre6.exe

Navigate and delete W32.Koobface.B files:
C:\Windows\fmark2.dat
C:\Windows\fbtre6.exe

Navigate and remove W32.Koobface.B registry keys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”

What are the symptoms of W32.Koobface.B?

  • W32.Koobface.B may drop a malicious file
  • W32.Koobface.B may send spam E-mail
  • W32.Koobface.B may make use of software vulnerability
  • W32.Koobface.B may lead to registry modification

How do I keep away from W32.Koobface.B
Once you have cleaned up W32.Koobface.B, the most important point to prevent W32.Koobface.B and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against W32.Koobface.B and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Worm?
W32.Koobface.B is a type of Worm.

In a computer, a worm is a self-replicating computer program that does not alter files but resides in active memory. The difference between a computer worm and a computer virus is that a computer virus can not run itself. A virus usually needs a virus program to run, and the virus code also runs as part of the host program. However, a worm does not need a host program to run; it uses a network to spread itself over computers on the network.

The original computer worm was released (maybe accidentally) on the Internet by Robert Tappan Morris in 1988. The Internet Worm used sendmail, fingerd, and rsh/rexec to spread itself across the Internet.

The SQL Slammer Worm of 2003 used a vulnerability in Microsoft SQL Server 2000 to spread itself across the Internet. The Blaster Worm, also of 2003, used a vulnerability in Microsoft DCOM RPC to spread itself.

The Melissa worm of 1999, the Sobig worms of 2003 and the Mydoom worm of 2004, all spread through e-mail. These worms shared some features of a trojan horse, in that they spread by enticing a user to open an infected e-mail attachment.

Mydoom also attempted to spread itself through the peer-to-peer file sharing application KaZaA. The Mydoom worms attempted a Denial of Service (DoS) attack against SCO and Microsoft.

Worm/Mytob.AP

Posted by elise in Blog Latest Spyware News, Latest Spyware Threats, Recent Articles, Top Spyware Threats, Worm on January 19th, 2009 | Leave a comment
TAGS: , , ,

What is Worm/Mytob.AP?
Worm/Mytob.AP is a mess-mailing network worm that infects computers running Windows. It propagates via the Internet as E-mail attachments to all E-mail addresses harvested from the infected system. This worm also propagates via LSASS vulnerability

After installing onto computer system, Worm/Mytob.AP will open a random TCP port so as to establish a connection to the IRC servers, including spm.slo-partija.info, spm.gobice.netand egwf.wegberobpk.info. As a result, it is possible for a hazardous remote user to have full access to the system, to collect information harvested from the infected machine, to download, execute and remove files through the IRC channels.

Worm/Mytob.AP is also known as: Net-Worm.Win32.Mytob.u [Kaspersky Lab] is also known as: W32/Mydoom.gen@MM [McAfee], W32.Mytob.AG@mm [Symantec], Win32.HLLM.MyDoom.37 [Doctor Web], W32/MyDoom-AJ [Sophos]

The worm prevents users from accessing the site below:
www.symantec.com
securityresponse.symantec.com
symantec.com
www.sophos.com
sophos.com
www.mcafee.com
mcafee.com
iveupdate.symantecliveupdate.com
www.viruslist.com
viruslist.com
viruslist.com
f-secure.com
www.f-secure.com
kaspersky.com
www.avp.com
www.kaspersky.com
avp.com
www.networkassociates.com
networkassociates.com
www.ca.com
ca.com
mast.mcafee.com
my-etrust.com
www.my-etrust.com
download.mcafee.com
dispatch.mcafee.com
secure.nai.com
nai.com
www.nai.com
update.symantec.com
updates.symantec.com
us.mcafee.com
liveupdate.symantec.com
customer.symantec.com
rads.mcafee.com
trendmicro.com
www.microsoft.com
www.trendmicro.com
metalhead2005.info
irc.blackcarder.net
d66.myleftnut.info

Do you have Worm/Mytob.AP?
If you have enough time and expertise, you can search your computer for Worm/Mytob.AP manually. However, it might take hours to find out all files of Worm/Mytob.AP, and it is possible that Worm/Mytob.AP will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for Worm/Mytob.AP
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual Worm/Mytob.AP removal instructions
WARNING: The manually removal method is for advanced users. Worm/Mytob.AP manually removal can be difficult and time-consuming. There is no guarantee that Worm/Mytob.AP can be completely removed, for there are hundreds of files generated when Worm/Mytob.AP installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for Worm/Mytob.AP removal manually:

Navigate and stop the Worm/Mytob.AP processes:
N/A

Navigate and delete Worm/Mytob.AP files:
%System%\rnathchk.exe
C:\pic.scr
C:\see_this!.pif
C:\my_picture.scr

Navigate and remove Worm/Mytob.AP registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\OLE
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

What are the symptoms of Worm/Mytob.AP?

  • Worm/Mytob.AP may block access to security websites
  • Worm/Mytob.AP may drop a malicious file
  • Worm/Mytob.AP may use its own Email engine to send E-mail
  • Worm/Mytob.AP may make use of system vulnerability
  • Worm/Mytob.AP may lead to registry modification

How do I keep away from Worm/Mytob.AP?
Once you have cleaned up Worm/Mytob.AP, the most important point to prevent Worm/Mytob.AP and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against Worm/Mytob.AP and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Worm?

Worm/Mytob.AP is a type of Worm.

In a computer, a worm is a self-replicating computer program that does not alter files but resides in active memory. The difference between a computer worm and a computer virus is that a computer virus can not run itself. A virus usually needs a virus program to run, and the virus code also runs as part of the host program. However, a worm does not need a host program to run; it uses a network to spread itself over computers on the network.

The original computer worm was released (maybe accidentally) on the Internet by Robert Tappan Morris in 1988. The Internet Worm used sendmail, fingerd, and rsh/rexec to spread itself across the Internet.

The SQL Slammer Worm of 2003 used a vulnerability in Microsoft SQL Server 2000 to spread itself across the Internet. The Blaster Worm, also of 2003, used a vulnerability in Microsoft DCOM RPC to spread itself.

The Melissa worm of 1999, the Sobig worms of 2003 and the Mydoom worm of 2004, all spread through e-mail. These worms shared some features of a trojan horse, in that they spread by enticing a user to open an infected e-mail attachment.

Mydoom also attempted to spread itself through the peer-to-peer file sharing application KaZaA. The Mydoom worms attempted a Denial of Service (DoS) attack against SCO and Microsoft.
.

Worm:W32/Downadup.AL

Posted by Emma Adrian in Blog Latest Spyware News, Latest Spyware Threats, Recent Articles, Top Spyware Threats, Worm on January 19th, 2009 | Leave a comment
TAGS: , ,

What is Worm:W32/Downadup.AL?
Worm:W32/Downadup.AL is a network-aware worm that attempts to use computer or network resources to replicate across the existing network. Worm:W32/Downadup.AL includes code or other malware to damage both the system and the network. It may spread by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability; it also attempts to spread to network shares protected by weak passwords and blocks access to security-related Web sites.

Worm:W32/Downadup.AL is also known as: Win32/Conficker.B[Computer Associates], W32/Confick-D[Sophos], WORM_DOWNAD.AD[Trend], W32.Downadup.B[Symantec], Worm:Win32/Conficker[Microsoft], W32/Conficker.worm.gen[Symantec], Mal/Conficker[Sophos], Net-Worm.Kido!sd6[PCTools], Net-Worm.Win32.Kido.ih[Kaspersky Lab], Mal/Conficker-A[Sophos], Net-Worm.Win32.Kido[Ikarus].

The worm manages to get to available ADMIN$ network shares. It then acquires the lists of usernames for those shares and attempts to log on to targeted computer as an existing user, with one of the following passwords:
000
0000
00000
0000000
00000000
0987654321
111
1111
11111
111111
1111111
11111111
123
123123
12321
123321
1234
12345
123456
1234567
12345678
123456789
1234567890
1234abcd
1234qwer
123abc
123asd
123qwe
1q2w3e
222
2222
22222
222222
2222222
22222222
321
333
3333
33333
333333
3333333
33333333
4321
444
4444
44444
444444
4444444
44444444
54321
555
5555
55555
555555
5555555
55555555
654321
666
6666
66666
666666
6666666
66666666
7654321
777
7777
77777
777777
7777777
77777777
87654321
888
8888
88888
888888
8888888
88888888
987654321
999
9999
99999
999999
9999999
99999999
a1b2c3
aaa
aaaa
aaaaa
abc123
academia
access
account
Admin
admin
admin1
admin12
admin123
adminadmin
administrator
anything
asddsa
asdfgh
asdsa
asdzxc
backup
boss123
business
campus
changeme
cluster
codename
codeword
coffee
computer
controller
cookie
customer
database
default
desktop
domain
example
exchange
explorer
file
files
foo
foobar
foofoo
forever
freedom
fuck
games
home
home123
ihavenopass
Internet
internet
intranet
job
killer
letitbe
letmein
login
Login
lotus
love123
manager
market
money
monitor
mypass
mypassword
mypc123
nimda
nobody
nopass
nopassword
nothing
office
oracle
owner
pass
pass1
pass12
pass123
passwd
password
Password
password1
password12
password123
private
public
pw123
q1w2e3
qazwsx
qazwsxedc
qqq
qqqq
qqqqq
qwe123
qweasd
qweasdzxc
qweewq
qwerty
qwewq
root
root123
rootroot
sample
secret
secure
security
server
shadow
share
sql
student
super
superuser
supervisor
system
temp
temp123
temporary
temptemp
test
test123
testtest
unknown
web
windows
work
work123
xxx
xxxx
xxxxx
zxccxz
zxcvb
zxcvbn
zxcxz
zzz
zzzz
zzzzz

Do you have Worm:W32/Downadup.AL?
If you have enough time and expertise, you can search your computer for Worm:W32/Downadup.AL manually. However, it might take hours to find out all files of Worm:W32/Downadup.AL, and it is possible that Worm:W32/Downadup.AL will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for Worm:W32/Downadup.AL
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual Worm:W32/Downadup.AL removal instructions
WARNING: The manually removal method is for advanced users. Worm:W32/Downadup.AL manually removal can be difficult and time-consuming. There is no guarantee that Worm:W32/Downadup.AL can be completely removed, for there are hundreds of files generated when Worm:W32/Downadup.AL installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instruction below for Worm:W32/Downadup.AL removal manually:

Navigate and Remove Worm:W32/Downadup.AL registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”[RANDOM NAME]” = “rundll32.exe “[RANDOM FILE NAME].dll”, ydmmgvos”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\”dl” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\”dl” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\”ds” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\”ds” = “0″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[WORM GENERATED SERVICE NAME]\”DisplayName” = “[WORM GENERATED SERVICE NAME]”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[WORM GENERATED SERVICE NAME]\”Type” = “4″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[WORM GENERATED SERVICE NAME]\”Start” = “4″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[WORM GENERATED SERVICE NAME]\”ErrorControl” = “4″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[WORM GENERATED SERVICE NAME]\”ImagePath” = “%SystemRoot%\system32\svchost.exe -k
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[WORM GENERATED SERVICE NAME]\Parameters\”ServiceDll” = “[PATH TO WORM]”

Note: [WORM GENERATED SERVICE NAME] represents a two word combination taken from the following list:
Boot
Center
Config
Driver
Helper
Image
Installer
Manager
Microsoft
Monitor
Network
Security
Server
Shell
Support
System
Task
Time
Universal
Update
Windows

What are the symptoms of Worm:W32/Downadup.AL?

  • Worm:W32/Downadup.AL may use computer or network resources to make copies of itself
  • Worm:W32/Downadup.AL may block access to security-related Web sites
  • Worm:W32/Downadup.AL may damage computer system
  • Worm:W32/Downadup.AL may slow down network connection
  • Worm:W32/Downadup.AL may decrease computer performance

How do I keep away from Worm:W32/Downadup.AL?
Once you have cleaned up Worm:W32/Downadup.AL, the most important point to prevent Worm:W32/Downadup.AL and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against Worm:W32/Downadup.AL and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Worm?
Worm:W32/Downadup.AL is a type of Worm.

In a computer, a worm is a self-replicating computer program that does not alter files but resides in active memory. The difference between a computer worm and a computer virus is that a computer virus can not run itself. A virus usually needs a virus program to run, and the virus code also runs as part of the host program. However, a worm does not need a host program to run; it uses a network to spread itself over computers on the network.

The original computer worm was released (maybe accidentally) on the Internet by Robert Tappan Morris in 1988. The Internet Worm used sendmail, fingerd, and rsh/rexec to spread itself across the Internet.

The SQL Slammer Worm of 2003 used vulnerability in Microsoft SQL Server 2000 to spread itself across the Internet. The Blaster Worm, also of 2003, used vulnerability in Microsoft DCOM RPC to spread itself.

The Melissa worm of 1999, the Sobig worms of 2003 and the Mydoom worm of 2004, all spread through e-mail. These worms shared some features of a Trojan horse, in that they spread by enticing a user to open an infected e-mail attachment.

Mydoom also attempted to spread itself through the peer-to-peer file sharing application KaZaA. The Mydoom worms attempted a Denial of Service (DoS) attack against SCO and Microsoft.

Worm/KillAV.GR

Posted by elise in Blog Latest Spyware Threats, Recent Articles, Top Parasite Threats, Top Spyware Threats, Worm on January 15th, 2009 | Leave a comment
TAGS: , , ,

What is Worm/KillAV.GR?
Worm/KillAV.GR is an E-mail and network worm for Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP. This worm automatically checks the system date and attempts to rewrite files with certain extensions (such as doc, xls, mdb, mde, ppt, pps, zip, rar, pdf, psd and dmp) on the third day of every month. This can result in loss of data in these files.

Worm/KillAV.GR propagates by spreading copies of itself to E-mail addresses that it harvests from files on the infected computer, using its own SMTP (Simple Mail Transfer Protocol) engine. Moreover, this worm deletes auto-start registry entries and related files of several programs, most of which are associated with antivirus and firewall applications.

Worm/KillAV.GR is also known as W32/MyWife.d@MM!M24 [McAfee], W32.Blackmal.E@mm [Symantec], Win32.Nyxem.E@mm [Bitdefender], W32/Nyxem-D [Sophos], WORM_GREW.A [Trend Micro], W32/Tearec.A.worm [Panda], Email-Worm.Win32.Nyxem.e [Kaspersky]

Do you have Worm/KillAV.GR?
If you have enough time and expertise, you can search your computer for Worm/KillAV.GR manually. However, it might take hours to find out all files of Worm/KillAV.GR, and it is possible that Worm/KillAV.GR will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for Worm/KillAV.GR
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual Worm/KillAV.GR removal instructions
WARNING: The manually removal method is for advanced users. Worm/KillAV.GR manually removal can be difficult and time-consuming. There is no guarantee that Worm/KillAV.GR can be completely removed, for there are hundreds of files generated when Worm/KillAV.GR installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for Worm/KillAV.GR removal manually:

Navigate and stop the Worm/KillAV.GR processes:
N/A

Navigate and delete Worm/KillAV.GR files:
%Windir%\Rundll16.exe
%System%\WINZIP_TMP.EXE
%System%\SAMPLE.ZIP
%System%\New WinZip File.exe
movies.exe
Zipped Files.exe
%System%\scanregw.exe
%System%\Winzip.exe
%System%\Update.exe

Navigate and remove Worm/KillAV.GR registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState

What are the symptoms of Worm/KillAV.GR?

  • Worm/KillAV.GR may block access to security websites
  • Worm/KillAV.GR may drop a malicious file
  • Worm/KillAV.GR may use its own Email engine to send E-mail
  • Worm/KillAV.GR may make use of software vulnerability
  • Worm/KillAV.GR may lead to registry modification

How do I keep away from Worm/KillAV.GR?
Once you have cleaned up Worm/KillAV.GR, the most important point to prevent Worm/KillAV.GR and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against Worm/KillAV.GR and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Worm?

Worm/KillAV.GR is a type of Worm.

In a computer, a worm is a self-replicating computer program that does not alter files but resides in active memory. The difference between a computer worm and a computer virus is that a computer virus can not run itself. A virus usually needs a virus program to run, and the virus code also runs as part of the host program. However, a worm does not need a host program to run; it uses a network to spread itself over computers on the network.

The original computer worm was released (maybe accidentally) on the Internet by Robert Tappan Morris in 1988. The Internet Worm used sendmail, fingerd, and rsh/rexec to spread itself across the Internet.

The SQL Slammer Worm of 2003 used a vulnerability in Microsoft SQL Server 2000 to spread itself across the Internet. The Blaster Worm, also of 2003, used a vulnerability in Microsoft DCOM RPC to spread itself.

The Melissa worm of 1999, the Sobig worms of 2003 and the Mydoom worm of 2004, all spread through e-mail. These worms shared some features of a trojan horse, in that they spread by enticing a user to open an infected e-mail attachment.

Mydoom also attempted to spread itself through the peer-to-peer file sharing application KaZaA. The Mydoom worms attempted a Denial of Service (DoS) attack against SCO and Microsoft.
.

Worm/Mytob.AT

Posted by elise in Blog Latest Spyware News, Latest Spyware Threats, Recent Articles, Top Spyware Threats, Worm on January 14th, 2009 | Leave a comment
TAGS: , ,

What is Worm/Mytob.AT?
Worm/Mytob.AT is a mass-mailing worm that uses its own SMTP engine to scatter an E-mail to the addresses it collects from the victim’s computer. Then a direct connection with the destination server will be established. This threat may be packed with a variety of compressed files. Approximately, the size of the compressed file is 55 KB, and the uncompressed file is even larger, up to 200 KB in size. Once executed, the worm will excerpt access to security related sites and terminate certain Windows programs such as task manager.

Worm/Mytob.AT spreads over the Internet community by exploiting the LSASS vulnerability and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow.

Worm/Mytob.AT is also known as Exploit-Lsass.g.gen [McAfee], W32.Mytob.AK@mm [Symantec], Win32.HLLM.MyDoom.33 [Doctor Web], W32/Mytob-Z [Sophos], WORM_MYTOB.AK [Trend Micro], W32/Mytob.AJ.worm [Panda].

Do you have Worm/Mytob.AT?
If you have enough time and expertise, you can search your computer for Worm/Mytob.AT manually. However, it might take hours to find out all files of Worm/Mytob.AT, and it is possible that Worm/Mytob.AT will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for Worm/Mytob.AT
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual Worm/Mytob.AT removal instructions
WARNING: The manually removal method is for advanced users. Worm/Mytob.AT manually removal can be difficult and time-consuming. There is no guarantee that Worm/Mytob.AT can be completely removed, for there are hundreds of files generated when Worm/Mytob.AT installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for Worm/Mytob.AT removal manually:

Navigate and stop the Worm/Mytob.AT processes:
N/A

Navigate and delete Worm/Mytob.AT files:
%System%\msmgrxp.exe
%System%\bingoo.exe
C:\funny_pic.scr
C:\see_this!!.scr
C:\my_photo2005.scr
C:\hellmsn.exe

Navigate and remove Worm/Mytob.AT registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\OLE
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

What are the symptoms of Worm/Mytob.AT?

  • Worm/Mytob.AT may block access to security websites
  • Worm/Mytob.AT may drop a malicious file
  • Worm/Mytob.AT may use its own Email engine to send E-mail
  • Worm/Mytob.AT may make use of software vulnerability
  • Worm/Mytob.AT may lead to registry modification

How do I keep away from Worm/Mytob.AT?
Once you have cleaned up Worm/Mytob.AT, the most important point to prevent Worm/Mytob.AT and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against Worm/Mytob.AT and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Worm?

Worm/Mytob.AT is a type of Worm.

In a computer, a worm is a self-replicating computer program that does not alter files but resides in active memory. The difference between a computer worm and a computer virus is that a computer virus can not run itself. A virus usually needs a virus program to run, and the virus code also runs as part of the host program. However, a worm does not need a host program to run; it uses a network to spread itself over computers on the network.

The original computer worm was released (maybe accidentally) on the Internet by Robert Tappan Morris in 1988. The Internet Worm used sendmail, fingerd, and rsh/rexec to spread itself across the Internet.

The SQL Slammer Worm of 2003 used a vulnerability in Microsoft SQL Server 2000 to spread itself across the Internet. The Blaster Worm, also of 2003, used a vulnerability in Microsoft DCOM RPC to spread itself.

The Melissa worm of 1999, the Sobig worms of 2003 and the Mydoom worm of 2004, all spread through e-mail. These worms shared some features of a trojan horse, in that they spread by enticing a user to open an infected e-mail attachment.

Mydoom also attempted to spread itself through the peer-to-peer file sharing application KaZaA. The Mydoom worms attempted a Denial of Service (DoS) attack against SCO and Microsoft.
.