Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Alias:W32/Myba@mm
Type:Worm 
Size:77,824 Bytes 
Origin: 
Date:03-02-2001 
Damage:Sent by email. 
VDF Version:6.23.00.00 
Danger:Low 
Distribution:Medium 

DistributionWorm/Myba.A sends itself by email, using Microsoft Outlook Address Book. The email contains:

Subject: My Baby pic !!!
Body: Its my animated baby picture !!
Attachment: MYBABYPIC.EXE

Technical DetailsWhen the attachment MYBABYPIC.EXE is opened, an obscene picture is displayed, while the worm is copied in Windows system directory as:
WINKERNEL32.EXE
WIN32DLL.EXE
COMMAND.EXE
CMD.EXE
MYBABYPIC.EXE

The worm changes the following registry entries:
HKLM\Software\Microsoft\Windows\Current Version\Run\mybabypic = %WinDIR%%SystemDIR%\mybabypic.exe
HKLM\Software\Microsoft\Windows\Current Version\Run\WINKernel32 = %WinDIR%%SystemDIR%\WINKernel32.exe
HKLM\Software\Microsoft\Windows\Current Version\RunServices = %WinDIR%%SystemDIR%\Win32DLL.exe

Then, Myba enters a new registry key in:
HKCU\Software\Bugger
with the entries:
Default = HACK[2k] and mailed = %number%
The NumLock, CapLock and ScrollLock keys are switched on/off.

It sends the following message to keyboard buffer:
.IM_BESIDES_YOU_
It connects to the Internet site http://www.youvebeenhack.com
and sends the following text:
FROM BUGGER HAPPY VALENTINES DAY
FROM BUGGER HAPPY HALLOWEEN
FROM BUGGER

Files of type .VBS and .VBE are immediately deleted.
The following files are overwritten with the worm code:
.C .CPP .CSS .H .HTA .JS .JSE .PAS .SCT .WSH, and picture files of type: .JPG and .JPEG.
These are saved with the initial names and .exe extension and contain the virus code.
Every file of type .MP2, .MP3 or .M3U is duplicated by a worm copy.
Description insérée par Crony Walker le mardi 15 juin 2004

Retour . . . .
https:// Cet écran est crypté pour votre sécurité.