McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• W32/GenericP2P.worm

Characteristics

-- Update January 17, 2005 --
A new variant of W32/MyWife@MM is being proactively detected as W32/Generic.worm!p2p.  For details on this threat, see W32/MyWife.d@MM
--

This is a generic detection of worms that can propagate through P2P file-sharing software (Kazaa, Gnutella, eDonkey, Bearshare, Shareaza, Gnucleus, Limewire, Morpheus, Grokster, etc.).

Many new worms have been detected proactively using the technology implemented in 4240+ engines. For example, just for the last 7 days:

Symptoms

Usually - at least several copies of the same file in the shared P2P folder.

Method of Infection

Usually P2P worms create multiple copies of itself under enticing names in the folders responsible for file-sharing (ex., "Kazaa\My Shared Folder" or "Kazaa\LocalContent"). Then, during a P2P session someone may download one of these files. When the file is executed by the recipient his installation would have copies of the worms for offer too.

AVERT's advice for P2P users is to scan all suspicious files with the highest heuristic settings. Any suspicious file may be submitted to AVERT for analysis.

Removal

All Users :
Use specified engine and DAT files for detection and removal.

If you are using P2P software (Kazaa, Gnotella, Bearshare, Morpheus, eDonkey, eMule, etc.) be very careful with downloaded executable files.

Please make sure that scanning of compressed files is enabled. Always scan downloaded files with the latest DATs in program heuristic mode.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• W32/GenericP2P.worm

Characteristics

Characteristics -

-- Update January 17, 2005 --
A new variant of W32/MyWife@MM is being proactively detected as W32/Generic.worm!p2p.  For details on this threat, see W32/MyWife.d@MM
--

This is a generic detection of worms that can propagate through P2P file-sharing software (Kazaa, Gnutella, eDonkey, Bearshare, Shareaza, Gnucleus, Limewire, Morpheus, Grokster, etc.).

Many new worms have been detected proactively using the technology implemented in 4240+ engines. For example, just for the last 7 days:

Symptoms

Symptoms -

Usually - at least several copies of the same file in the shared P2P folder.

Method of Infection

Method of Infection -

Usually P2P worms create multiple copies of itself under enticing names in the folders responsible for file-sharing (ex., "Kazaa\My Shared Folder" or "Kazaa\LocalContent"). Then, during a P2P session someone may download one of these files. When the file is executed by the recipient his installation would have copies of the worms for offer too.

AVERT's advice for P2P users is to scan all suspicious files with the highest heuristic settings. Any suspicious file may be submitted to AVERT for analysis.

Removal -

Removal -

All Users :
Use specified engine and DAT files for detection and removal.

If you are using P2P software (Kazaa, Gnotella, Bearshare, Morpheus, eDonkey, eMule, etc.) be very careful with downloaded executable files.

Please make sure that scanning of compressed files is enabled. Always scan downloaded files with the latest DATs in program heuristic mode.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A