病毒大百科

Worm.Mytob.p是一个能大规模发送电子邮件的蠕虫病毒。该病毒能开启后门，并降低计算机的安全属性。

1，释放病毒到下列目录：
%System%\winsys32.exe

2，添加注册表键值：
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Windows System" = "\winsys32.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
"Windows System" = "\winsys32.exe"

3，添加注册表键值，禁用任务管理器：
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
"DisableTaskMgr" = "1"

4，在机器上搜索电子邮件地址，并利用自带的SMTP引擎，把自身作为附件，发送出去。

5，邮件内容为:
From:
spm@[随机]
fcnz@[随机]
www@[随机]
secur@[随机]
abuse@[随机]
主题:
Account Alert

内容:
Dear Valued Member,
According to our terms of services, you will have to confirm your e-mail by the following link, or your account will be suspended within 24 hours for security reasons.
http:///www.[DOMAIN]/confirm.php?account=[E-MAIL]
After following the instructions in the sheet, your account will not be interrupted and will continue as normal.
Thanks for your attention to this request. We apologize for any inconvenience.
Sincerely, Abuse Department

6,不发送邮件到含有下列字符串的地址:
mcafee
symantec
sophos
bitdefender
avg
kaspersky
avast
nod32
vba32
antivir
avira
cat-quickheal
clamav
drweb
f-prot
etrust
fortinet
ikarus
norman
panda
thehacker
ewido
等

7,关闭大量安全软件和常用软件

8,自动连接到下列地址,接受黑客命令:
**.thinki.co.uk:8585

9,修改host文件，阻止访问大量安全软件公司的网站