Trojan not detected by OneCare - W32.Mytob.MN@mm RRS feed

  • Question

  • I was using a tool called WinTasks on my wife's XP system to see why it was slow. 


    Looking at a table of running processes that WinTask displays, WinTask detected that "Trojan.W32.Mytob (NetSvc)" was running.   Based upon the dates on NetSvc files, I believe we received this virus on 12/01/07 @ 10:15 AM.  Coincidentally, OneCare had completed a virus/spyware scan 60 minutes earlier!


    I believed I verified that the virus was on my wife's XP system.  I made sure OneCare was up-to-date and reran OneCare again using full scan & a specific scan.  OneCare doesn't detect the virus!  Why not? 


    I searched  the OneCar site & this forum but there's no mention of this virus.  How can I remove it?


    I found a tool called "Spyware Doctor" that can apparently remove this virus but I need to purchase the tool.  (http://www.2-spyware.com/file-netsvc-exe.html


    Thanks for the help!   Ron



    "Trojan.W32.Mytob worm. This virus is distributed via the Internet through e-mail and comes in the form of an e-mail message, in the hopes that you open its hostile attachment. The worm has its own SMTP engine which means it gathers E-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data. This process is a security risk and should be removed from your system"




    Monday, December 3, 2007 4:28 PM


All replies

  • See this post, http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=662566&SiteID=2,  for how to submit infections to Microsoft for review. Please contact OneCare support for help with removal of an infection missed by OneCare.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2



    Monday, December 3, 2007 5:39 PM
  • Steve, thanks for your quick reply.


    I reviewed the material at the links you supplied.  I agree with one of your statements that "Reaching support for a Windows Live OneCare issue can be a frustrating experience for a number of reasons."  


    I'm frustrated! I've unsuccessfully attempted to follow the links to where I could get someone (or a procedure) to help me remove it.  The process that is proposed appears to be for submitting new "cases."   My situation involves a "known" virus.  


    Could you answer this question?   Is Live OneCare suppose to detect & remove this know virus?


    Apparently, there are other competitive solutions that can. 


    I did some further research and there were 2 MS security fixes that are suppose to prevent this situation" MS03-024 (823880) & MS04-011 (823980).  Both are installed.


    Thanks, Ron

    Monday, December 3, 2007 11:52 PM
  • I guess the best answer is that no antivirus software is 100% effective in prevention or removal, with removal being harder than prevention. So, it may be a known virus, but it may be a variant that was contracted.

    The support process is a pain, but you should be able to authenticate and contact support via phone or chat since you are a subscriber.

    Alternatively,  this is not OneCare support, but the antimalware support group - If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx for details.

    For international information, see your local subsidiary Support site.


    Tuesday, December 4, 2007 1:38 AM
  • Steve,


    Again, thanks for your quick reply and being forthright!


    Honestly, I'm befuddled, I'm a new user!  I recently decided to move to OneCare since the 1st-class MS competitive vendor that I have been using for 10+ years has decided not to support W2K.  Even though OneCare also doesn't support W2K, I assumed that MS would be a better choice since they have proprietary knowledge regarding the Windows Operating System and hopefully it would provide better performance.  I now use Zonealarm on the W2K system.


    My expectation was that the OneCare would protect my machines in the same way.  In all these years I never had a problem with any viruses, Trojans, etc. that weren't either detected/removed at the point of entry (e.g., web) or thru a thorough scan.  I've occasionally have run free versions of antivirus programs just to make sure.


    I've been using One Care for 1.5 months now and found out that it can't detect/remove a somewhat old medium-risk virus that recently invaded my newly installed XP machine, it was a new Vista machine that I recently purchased.  Also, I can't find out whether there's a problem with my current installed version by understanding whether this virus detection/removal is even supported my the current OneCare release without going thru an undefined process that requires needless reading, dead-ends, long waits to talk to someone for something that should be on their website, etc. 


    After reading your note yesterday I did some additional research.  I found the following website (there were many more) that supposedly removes the virus for free.  I haven't tried it yet -http://www.azvirus.com/w32.mytob.mn-mm-removal


    Before I tried to remove this virus I decided to run a free scan from my previous antivirus vendor's website.   Yes, it detected this virus and directed me to their website for a removal solution.  Also, it detected another low-risk virus that OneCare missed.


    I'm scared that I'm maybe heading for a virus disaster!  Any advice? Thanks, Ron

    Wednesday, December 5, 2007 4:33 AM
  • You're welcome, Ron. My answer remains the same in that OneCare and any other product won't be 100% effective. It is too bad that you happened upon two infections that could not be removed by OneCare. I'm sure that there are other viruses that OneCare might miss and I wish that this were not true. I'm not sure that I would term it a disaster, though, as I am also sure that OneCare will catch items that would not be caught by Zone Alarm.



    Wednesday, December 5, 2007 6:14 PM