Welcome to the Virus Encyclopedia of Panda Security.
It connects to an IRC server to receive remote control commands, ends several processes and prevents users from accessing several websites. It spreads via email.
|First detected on:||Jan. 28, 2006|
|Detection updated on:||Jan. 28, 2006|
|Yes, using TruPrevent Technologies
Mytob.MW is a worm with backdoor characteristics that connects to the channel #thirdy of the IRC server st0ned.fastassrides.info in order to receive control commands, which allow the affected computer to be remotely administrated.
This worm ends processes belonging to several security tools, such as antivirus programs and firewalls, among others. It also ends processes belonging to other malware.
Aditionally, it prevents users from accessing certain web pages, mostly belonging to antivirus companies.
In Windows XP computers, Mytob.MW disables the firewall.
Mytob.MW spreads via email, in a message with variable characteristics that contains an attached file with ZIP extension.
Mytob.MW is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.