New Mytob worms affect AV's

2 new “Mytob” worms (variants .R and .S) block access to several security-related Web sites by appending the following text to the Hosts file:

127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 avp.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 www.microsoft.com
127.0.0.1 www.trendmicro.com

[avast! isn’t one of them! 8)]
Source: Symantec

An italian site ( http://tecnologia.virgilio.it/Notizie/Computer/mytob.content ) give a short definition of the effects of the new maytob worms… unfortunately, don’t speak about how to delete its.

The only thing I can imagine to help you is this: delete all the new strings in the host files and block the list using 1 of the options of the freeware WinPatrol. Probably, the worm used your LSAS with a buffer overflow attack against your pc if you have disabled the restriction of the maximum number of possible connection in Internet Explorer: Microsoft limit only at 2 probably for avoid this risk.

Sorry, I don’t have the skills for help you more.

Good luck!!! :wink:

Hi,

If you check the VPS history (see link below) you will see that ‘Mytob’ was added on the 01.04.2005 (and verious other dates).

http://www.avast.com/eng/vps_history.html

–lee