Worm.Mytob.dc

病毒名称(中文):

病毒别名:

威胁级别:

★☆☆☆☆

病毒类型:

蠕虫病毒

病毒长度:

48640

影响系统:

Win9xWinMeWinNTWin2000WinXPWin2003

病毒行为:

该病毒是一个通过邮件传播的蠕虫病毒。该病毒会连接IRC聊天室，供黑客控制用户主机，是用户机器沦为“肉鸡”。该病毒会屏蔽大量网站，会结束大量进程，并通过搜索特定后缀的文件，获得邮件地址，并发送病毒。

1，从下列后缀文件中搜索邮件地址

doc

txt

htm

tmp

wab

html

pl

adbh

tbbg

dbxn

aspd

phpq

ls

cgil

jspl

shtl

htmb

2，不向包含以下字符的邮件地址发送邮件

sandra

adam

frank

linda

julie

jimmy

jerry

helen

debby

claudia

brenda

anna

sales

brent

paul

ted

fred

jack

bill

stan

smith

等等

3，关闭下列进程

NEC.EXE

TASKMGR.EXE

CMD.EXE

_AVPM.EXE

_AVPCC.EXE

_AVP32.EXE

ZONEALARM.EXE

ZONALM2601.EXE

ZATUTOR.EXE

ZAPSETUP301.EXE

ZAPRO.EXE

XPF202EN.EXE

WYVERNWORKSFIREWALL.EXE

WUPDT.EXE

WUPDATER.EXE

WSBGATE.EXE

WRCTRL.EXE

WRADMIN.EXE

WNT.EXE

WNAD.EXE

WKUFIND.EXE

WINUPDATE.EXE

WINTSK32.EXE

WINSTART01.EXE

WINSTART.EXE

WINSSK32.EXE

WINSERVN.EXE

WINRECON.EXE

WINPPR32.EXE

WINNET.EXE

WINMAIN.EXE

WINLOGIN.EXE

WININITX.EXE

WININIT.EXE

WININETD.EXE

WINDOWS.EXE

WINDOW.EXE

WINACTIVE.EXE

WIN32US.EXE

WIN32.EXE

WIN-BUGSFIX.EXE

WIMMUN32.EXE

WHOSWATCHINGME.EXE

WFINDV32.EXE

WEBTRAP.EXE

WEBSCANX.EXE

WEBDAV.EXE

WATCHDOG.EXE

W9X.EXE

W32DSM89.EXE

VSWINPERSE.EXE

VSWINNTSE.EXE

VSWIN9XE.EXE

VSSTAT.EXE

VSMON.EXE

VSMAIN.EXE

VSISETUP.EXE

VSHWIN32.EXE

VSECOMR.EXE

VSCHED.EXE

VSCENU6.02D30.EXE

VSCAN40.EXE

VPTRAY.EXE

VPFW30S.EXE

VPC42.EXE

VPC32.EXE

VNPC300.EXE

VNLAN30.EXE

VIRUSMDPERSONALFIREWALL.EXE

VIR-HELP.EXE

VFSETUP.EXE

VETTRAY.EXE

VET95.EXE

VET32.EXE

VCSETUP.EXE

VBWINNTW.EXE

VBWIN9X.EXE

VBUST.EXE

VBCONS.EXE

VBCMSERV.EXE

UTPOST.EXE

UPGRAD.EXE

UPDATE.EXE

UPDAT.EXE

UNDOBOOT.EXE

TVTMD.EXE

TVMD.EXE

TSADBOT.EXE

TROJANTRAP3.EXE

TRJSETUP.EXE

TRJSCAN.EXE

TRICKLER.EXE

TRACERT.EXE

TITANINXP.EXE

TITANIN.EXE

TGBOB.EXE

TFAK5.EXE

TFAK.EXE

TEEKIDS.EXE

TDS2-NT.EXE

TDS-3.EXE

TCM.EXE

TCA.EXE

TC.EXE

TBSCAN.EXE

TAUMON.EXE

TASKMON.EXE

TASKMO.EXE

TASKMG.EXE

SYSUPD.EXE

SYSTEM32.EXE

SYSTEM.EXE

SYSEDIT.EXE

SYMTRAY.EXE

SYMPROXYSVC.EXE

SWNETSUP.EXE

SWEEP95.EXE

SVSHOST.EXE

SVCHOSTS.EXE

等等

4，屏蔽下列站点

127.0.0.1ebay.com

127.0.0.1www.ebay.com

127.0.0.1www.moneybookers.com

127.0.0.1moneybookers.com

127.0.0.1paypal.com

127.0.0.1www.paypal.com

127.0.0.1www.amazon.fr

127.0.0.1www.amazon.ca

127.0.0.1www.amazon.co.uk

127.0.0.1www.amazon.com

127.0.0.1virustotal.com

127.0.0.1www.virustotal.com

127.0.0.1microsoft.com

127.0.0.1www.microsoft.com

127.0.0.1www.grisoft.com

127.0.0.1www.trendmicro.com

127.0.0.1www.pandasoftware.com

127.0.0.1pandasoftware.com

127.0.0.1trendmicro.com

127.0.0.1rads.mcafee.com

127.0.0.1customer.symantec.com

127.0.0.1liveupdate.symantec.com

127.0.0.1us.mcafee.com

127.0.0.1updates.symantec.com

127.0.0.1update.symantec.com

127.0.0.1www.nai.com

127.0.0.1nai.com

127.0.0.1secure.nai.com

127.0.0.1dispatch.mcafee.com

127.0.0.1download.mcafee.com

127.0.0.1www.my-etrust.com

127.0.0.1my-etrust.com

127.0.0.1mast.mcafee.com

127.0.0.1ca.com

127.0.0.1www.ca.com

127.0.0.1networkassociates.com

127.0.0.1www.networkassociates.com

127.0.0.1avp.com

127.0.0.1www.kaspersky.com

127.0.0.1www.avp.com

127.0.0.1kaspersky-labs.com

127.0.0.1kaspersky.com

127.0.0.1www.f-secure.com

127.0.0.1f-secure.com

127.0.0.1viruslist.com

127.0.0.1www.viruslist.com

127.0.0.1liveupdate.symantecliveupdate.com

127.0.0.1mcafee.com

127.0.0.1www.mcafee.com

127.0.0.1sophos.com

127.0.0.1www.sophos.com

127.0.0.1symantec.com

127.0.0.1securityresponse.symantec.com

127.0.0.1www.symantec.com

5，发送的邮件内容为

Dearuser%s,

Youhavesuccessfullyupdatedthepasswordofyour%saccount.

Ifyoudidnotauthorizethischangeorifyouneedassistancewithyouraccount,pleasecontact%scustomerserviceat:%s

Thankyouforusing%s!

The%sSupportTeam

+++Attachment:NoVirus(Clean)

+++%sAntivirus-www.%s

Dearuser%s,

Ithascometoourattentionthatyour%sUserProfile(x)recordsareoutofdate.Forfurtherdetailsseetheattacheddocument.

Thankyouforusing%s!

The%sSupportTeam

+++Attachment:NoVirus(Clean)

+++%sAntivirus-www.%s

Dear%sMember,

Wehavetemporarilysuspendedyouremailaccount%s.

Thismightbeduetoeitherofthefollowingreasons:

1.Arecentchangeinyourpersonalinformation(i.e.changeofaddress).

2.Submitinginvalidinformationduringtheinitialsignupprocess.

3.Aninnabilitytoaccuratelyverifyyourselectedoptionofsubscriptionduetoaninternalerrorwithinourprocessors.

Seethedetailstoreactivateyour%saccount.

Sincerely,The%sSupportTeam

+++Attachment:NoVirus(Clean)

+++%sAntivirus-www.%s

Dear%sMember,

Youre-mailaccountwasusedtosendahugeamountofunsolicitedspammessagesduringtherecentweek.Ifyoucouldpleasetake5-10minutesoutofyouronlineexperienceandconfirmtheattacheddocumentsoyouwillnotrunintoanyfutureproblemswiththeonlineservice.

Ifyouchoosetoignoreourrequest,youleaveusnochoicebuttocancelyourmembership.

Virtuallyyours,

The%sSupportTeam

+++Attachment:NoVirusfound

+++%sAntivirus-www.%s

• ·Win32.Troj.Mir2.ak
• ·Worm.QQMsg.y
• ·VTool.Delf.x
• ·Win32.Hack.InSane
• ·Win32.Troj.QQRobber.n
• ·Win32.Troj.PSWGet.d
• ·Win32.Troj.Mir2.c
• ·Worm.Mytob.bi
• ·Win32.Hack.Afcore.ge
• ·Worm.Fanbot.h