Hi Kamulko,
Mytob authors are very busy people, like you said there now is a generic detecting of over 100 variants of Mytob. Authors modify the source code and release new variants, some can be missed by scanning. Some are repackaged versions, the bot functionality is equal to the Sdbot family. Some newer Mytob iclude FU Rootkit, seeding of the files packed using UPX 49 KB in size, approx. 98 KB in size can be identified by hash or size, but the individual samples can not, because of the garbage at the end of the executable. When attachment is run the virus copies itself as wfdmgr.exe in stead of msnmsgr.exe in C:\windows\system32 and creates registry keys to load file at start up. A nasty virus spreading by e-mail or via the LSASS vulnerability,
greetings,
polonus