Operating System » MS Windows » Windows - Virus Protection » Alert: Computer Virus Outbreaks » Mytob Computer Virus » MYTOB CN Variant

MYTOB CN Variant


Mytob-CN is a mass-mailing internet worm and IRC backdoor Trojan. It copies nec.exe into the system folder and then adds a startup registry entries to run nec.exe.


HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Run HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion RunServices


It then modifies the value Start = 4 in the key:


HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services SharedAccess


in the Windows registry to deny access to run the other programs when windows starts.


The base code for the MYTOB family is a blending of MYDOOM and BOT viruses. Instead of using a single file compression algorithm, MYTOB variants utilize a combination of three different algorithms (including the new Yoda Protector 1.4 and PEncrypt 4.0, and the relatively well-known UPX-compression algorithm), to avoid antivirus scanners.

Updated On: 05.06.02

Leave your message, comment or feedback:
Your Name (shown) & Your E-mail (hidden) is used only to alert you when someone reply your message.