mytob.mq removal tool enterprise setting

Discussion in 'NOD32 version 2 Forum' started by username1, Jan 26, 2006.

Thread Status:
Not open for further replies.
  1. username1

    username1 Guest

    We use NOD32 enterprise along with the admin console with 100 users. Two of our users have worms. Win32/Mytob.MQ and Win32/Sober.Y. I have not seen removal tools for Mytob.MQ. The only cleaner I've seen is for Mytob.T. Will the Mytob.T cleaner work on Mytob.MQ?

    Thanks
     
  2. Happy Bytes

    Happy Bytes Guest

    If you have only 2 infected machines, then unplug them (Mytob uses network exploiting code) first.

    If i remember right Mytob.MQ registers itself as "fdd.exe" under registry autostart. Best thing is first to terminate this process fdd.exe and then delete this file from the system folder. Then remove this reg key.

    One thing you should do is updating the hostfile - mytob does alternate this and might prevent these infected machines to connect to antivirus updates and other security update related sites.
     
  3. Happy Bytes

    Happy Bytes Guest

  4. Happy Bytes

    Happy Bytes Guest

    There's only one tricky part:

    You have to download a processkiller. This worm does terminate the taskmanager, so you cannot use it to terminate the worm. try www.sysinternals.com to get this process explorer:
    http://www.sysinternals.com/Utilities/ProcessExplorer.html

    With this you can easily terminate the worm. Please note: As long as the worm runs it recreates the autostart reg keys. Therefore you have to terminate the worm FIRST!
     
  5. username1

    username1 Guest

    Oh man. This is going to be messy I can see already. This PC is the county admin economic admin pc, which makes it worse if anything goes wrong here. Thanks for the advice and I will follow it.
     
  6. Happy Bytes

    Happy Bytes Guest

    If you have problems register here, drop me a PM and i can live assist you over MSN or phone if needed.
     
Thread Status:
Not open for further replies.