McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Characteristics

This detection is for a minor variant of W32/Mabutu.a@MM . Please see that description for further details.

This threat is already detected with the 4382 DAT files:

• EXE - detected as W32/Mabutu.a@MM
• DLL - detected as W32/Mabutu.gen@MM
• ZIP - top level detection as virus or variant W32/Mabutu

Exact detection for the ZIP is included in the beta daily DAT files and will be included in the next scheduled DAT release.

This variant is virtually identical to its predecessor, again with main functionality included in the DLL. Some of the strings used in the filenames and subject lines of outgoing messages have been modified ('the_' prepended):

• THE_MESSAGE
• THE_DOCUMENT
• THE_DETAILS

Symptoms

This detection is for a minor variant of W32/Mabutu.a@MM . Please see that description for further details.

Method of Infection

This detection is for a minor variant of W32/Mabutu.a@MM . Please see that description for further details.

Removal

All Users:
Use specified engine and DAT files for detection. The 4.2.40 engine can complete repair without reboot, but older engines require a reboot for repair to complete.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the current engine and DAT combination (or higher), older engines may not be able to remove all registry keys created by this threat.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Characteristics

Characteristics -

This detection is for a minor variant of W32/Mabutu.a@MM . Please see that description for further details.

This threat is already detected with the 4382 DAT files:

• EXE - detected as W32/Mabutu.a@MM
• DLL - detected as W32/Mabutu.gen@MM
• ZIP - top level detection as virus or variant W32/Mabutu

Exact detection for the ZIP is included in the beta daily DAT files and will be included in the next scheduled DAT release.

This variant is virtually identical to its predecessor, again with main functionality included in the DLL. Some of the strings used in the filenames and subject lines of outgoing messages have been modified ('the_' prepended):

• THE_MESSAGE
• THE_DOCUMENT
• THE_DETAILS

Symptoms

Symptoms -

This detection is for a minor variant of W32/Mabutu.a@MM . Please see that description for further details.

Method of Infection

Method of Infection -

This detection is for a minor variant of W32/Mabutu.a@MM . Please see that description for further details.

Removal -

Removal -

All Users:
Use specified engine and DAT files for detection. The 4.2.40 engine can complete repair without reboot, but older engines require a reboot for repair to complete.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the current engine and DAT combination (or higher), older engines may not be able to remove all registry keys created by this threat.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A