Dec
1. Disconnect computer from network.
2. Disable System Restore (XP).
3. Run Symantec’s removal tool FixMytob.exe – we recommend downloading on a “clean” machine and burning to a CD or storing on a USB memory stick, making it read-only before using in an infected machine).
4. When it is finished, it will notify you that it found and cleaned the virus (or that it did not find the virus). It will tell you about two Microsoft Patches that the machines need and ask if you would like to continue. Click “No”.
5. Check running processes in the task manager and look for:
svchost32.exe (NOT svchost.exe)
bingoo.exe (rare).
If either process is running, select it and click “End Process”.
6. Look in C:\WINDOWS\System32\ (on Windows XP systems) or C:\WINNT\System32\ (on Windows 2000 systems) for:
2pac.txt
Bingo.exe
svchost32.exe
Delete all of these files that you find.
7. In the Registry Editor (“Start” -> “Run” type “regedit” and click “OK”) search (Ctrl+F) for “svchost32.exe” (without quotes). Delete ALL instances of it. There are usually around 10 instances of it. Once you find one, hit the delete key and click “yes”. To search for the next instance, hit the “F3” key. Keep searching until no other instances are found (it will say “Finished searching through the registry”.
Repeat step 7 searching for “msgmr.exe”
8. Connect the machine to the network.
9. Run Windows Updates and apply all updates available. (Explorer 6 update can be omitted to save time).
10. Ensure that you have the latest version of Symantec Antivirus program and the latest definitions.
11. Remove from network and run a full system scan with Symantec Antivirus.
12. Reboot the Computer.
13. Logon and check for the following files:
C:\funny_pic.scr
C:\see_this!!.scr
C:\my_photo2005.scr
C:\WINDOWS\System32\2pac.txt (XP) C:\WINNT\System32\2pac.txt (2000)
C:\WINDOWS\System32\bingoo.exe (XP) C:\WINNT\System32\bingoo.exe (2000)
C:\WINDOWS\System32\svchost32.exe (XP) C:\WINNT\System32\svchost32.exe (2000)
If any of them DO exist, go back to step 3 and repeat. If these files do NOT exist, reconnect the machine to the network.
14. Check for and install any other Windows Updates that may be available.
15. Watch for Mytob symptoms. If present, disconnect computer from network and go to step 3.
16. Enable System Restore (XP).