win32/Mytob.EA Worm Solution!

Discussion in 'NOD32 version 2 Forum' started by irnux, Jul 11, 2005.

Thread Status:
Not open for further replies.
  1. irnux

    irnux Registered Member

    Mar 28, 2005
    We have a network protected with NOD32 Enterprise, have protected our Exchange Server with NOD32 XMON also...

    Some of our clients get some emails contaning `win32/Mytob.EA Worm', the emails come from non-real (info, administrator,webmaster,support &...) users from our own local domain...
    NOD32 cleans the infected mails and delete the worm, But how should we get rid of this worm and don't receive this kind of mail...

    The worm sends our clients emails containing non-real information and ... an email like below...

    From: []
    Sent: 27/Jun/2005 12:00 AM
    To: Nasiri, Tofigh
    Subject: [virus Win32/Mytob.EA worm] bpbzwqw

    Dear Domain Member,

    We have temporarily suspended your email account

    This might be due to either of the following reasons:

    1. A recent change in your personal information (i.e. change of address).
    2. Submiting invalid information during the initial sign up process.
    3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.
    See the details to reactivate your Mapna account.

    Sincerely,The Domain Support Team

    __________ NOD32 EMON 1.1155 (20050626) Warning __________

    Warning, NOD32 antivirus system found the following in the message:
    email - Win32/Mytob.EA worm - unable to clean - deleted

  2. mrtwolman

    mrtwolman Eset Staff Account

    Dec 5, 2002
    Uhm, the problem is, as you told, fake email addy. It is generated by a worm and most likely comes from outside your company.... i am afraid there not too much to do with this.
  3. webyourbusiness

    webyourbusiness Registered Member

    Nov 16, 2004
    Throughout the USA and Canada
    but setup your mailserver to NOT handle bounces... it's a pitr...
Thread Status:
Not open for further replies.