help help help

I have been infected by win32: mytob MN and mytob HN. I have tried to remove it using northon, avast and microtrend without anysuccess. I would be grateful if you could help to get red of this stupid worm.
Please help.

Can Avast detect the virus?

what avast version are you using and what is the definiton file (exp. 0540-01)
what OS are you using?

have you send the infected file to virus@avast.com

God Bless Us All ;D

Any information would be helpfull?

  • What OS are you using? is it up to date?
  • What avast! version and VPS file (virus database) number, e.g. 0436-4 (see about avast!)
  • What was the filename, where was it found
    example (C:\windows\system32\infected-filename.xxx)?

Is Norton on your system at the same time as avast, if so it is not advisable to have more than one resident AV, it can cause conflict.

If you have XP, w2k or NT you can schedule a boot-time scan from within avast!

This stupid worm usually gets established because of vulnerabilities in your OS that have been patched by MS ensure that you have your OS fully up to date.

my os is xp and I use avast home and I used trend micro sysclean package as well as norton antivirus 2005

the message i keep getting in my e-mail is
The virus found was: Win32:Mytob-MN [Wrm]

Do you have NAV 2005 installed on the same system as I asked?
If so this can cause conflict, potentially leaving you more vulnerable, not more protected.

Getting infected email messages that are detected by the Internet Mail provider should give you the option to delete them, If you have done that they should be gone. avast’s email scanner scans email before it gets into your inbox, if infected it gives the option to delete the email so it shouldn’t be in the inbox, so you should be OK.

This is a big should because I still know little about your system. Please help us to help you, we ask questions so we can try and pinpoint the problem, without answers we are just guessing. This doesn’t help you either, so please look through the thread again and answer all the questions that are/were asked.

So were these email infections detected by avast?
What is your email program?

the kind of messaged I get in my e-mail is the following:

Warning: antivirus system report

The following message has been detected by the antivirus system ====================================================================

The original message was received at Tue, 15 Nov 2005 11:00:45 +0300 The message was sent from: info@magrabi.com.sa The message was sent to: brenda@magrabi.com.sa

The virus found was: Win32:Mytob-MN [Wrm]

of cours I never sent this message to anybody. also the account brenda@magrabi.com.sa is not in my address book.
As you see nor Norton neither removal tool of avast detect this virus. I don’t even know what is the anitvirus system report come from. my understanding that the visrus itself generates this message.
this morning the virus changed the message to mytob-fu [wrm]. this happens every time I visit your site (the name changes).

have your computer gone strange lately? I mean if you are really infected then something is suppose to be done by the virus (its payload).

If it just been detected by the scanner then that may mean that you’re not infected yet, you know that you have to open the virus in order for it to spread onto your computer.

BTW, DavidR, could this be just a joke program just like what Polonus said in his thread ?

The virus tell that it’s using your email account when, in fact, it’s being sent by another account.
The ISP that receive the email (infected) thinks it comes from you. But not.
You can’t do nothing. Don’t worry about the ISP warning.
Keep your system updated and the antivirus too 8)

I think not… it’s a real infection.

This would appear as Tech said a an email from a dumb email server, having detected a virus in an email, simply fires of a warning to the sender of the email. The reason I said dumb email server is it doesn’t even check for a faked sender address as virtually all emails containing viruses or spam use forged from email addresses. These are usually found in the email addressbook of a friend/colleague/someone you have emailed and their system is infected. This email addressbook is used to send the virus to others and to use for faked from addresses.

Do you have NAV 2005 installed on the same system as I asked?
You didn't directly answer this question, but your comment"As you see nor Norton neither removal tool of avast detect this virus. " would appear that you are using two resident AVs, this can cause conflict, potentially leaving you more vulnerable, not more protected.

The mail you received was probably sent by a dumb ISP’s email server responding to and infected email faked to look like it came from you and it is likely that it didn’t contain a virus ‘Win32:Mytob-MN [Wrm]’ would I believe have been found by either avast or norton.

However, if the two AVs were in conflict then it is perfectly possible that it could get past both of them. Make a decision and go with one resident AV. I would suggest the one where you are likely to get faster and better help/support and (IMO) I believe that to be avast!