Mytob Removal Tool

Mytob Removal Tool is a small but effective utility designed to erase any trace of the Win32.Worm.Mytob.BY virus.
This virus comes by e-mail, spoofing the sender address, and is packed with MEW, an executable file compressor. Once executed, the worm does the following:
Creates the mutex, in order to have only one instance of itself running in memory: H-3-1-1-B-0-T-3-F-1-X-3
Copies itself as %SYSTEM%\Lien Van de Kelder.exe
Creates/modifies the following registry keys:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "http://www.lienvandekelder.be" = "%SYSTEM%\Lien Van de Kelder.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] "http://www.lienvandekelder.be" = "%SYSTEM%\\Lien Van de Kelder.exe"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess] "Start" = "4"
Starts harvesting e-mail addresses, searchin in folder "Temporary Internet Files", the current outlook e-mail account files, and from files matching txt, htm, sht, jsp, cgi, xml, php, asp, dbx, tbb, adb, pl, wab searching in drives C: to Y: it avoids certain e-mail addresses, by comparing the address with an internal list of substrings.
The worm uses its own SMTP engine to send itself to the harvested email addresses, attempts to use the default e-mail account settings also to reconstruct the smtp server by prepending the following strings to the harvested emails domain names: gate. mail. mail1. mx. mx1. mxs. ns. relay. smtp.
Prevents/terminates execution of many security related products (executables)
Blocks access to several security related sites, by modifying the system HOSTS file
Has backdoor capabilities (irc bot): Connects to the IRC server irc.blackcarder.net and joins channel ##hb3f1x3 Once connected, listens for commands issued by an possible attacker. The commands may allow the attacker to: download/execute/update files (including the worm itself) gain information about the operating system and computer configuration stop the worm.