McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

This detection covers a tool that allows an attacker to create malicious WMF files, which exploit a vulnerability in the Microsoft Windows operating system.

Files created with this tool are detected as Exploit-WMF with the 4661 DAT files and newer.

Symptoms

N/A This is a tool used by an attacker for its known purpose. Running the tool has no adverse affects on the local system, unless intentionally created Exploit-WMF files are inadvertently executed.

Method of Infection

N/A

Removal

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

This detection covers a tool that allows an attacker to create malicious WMF files, which exploit a vulnerability in the Microsoft Windows operating system.

Files created with this tool are detected as Exploit-WMF with the 4661 DAT files and newer.

Symptoms

Symptoms -

N/A This is a tool used by an attacker for its known purpose. Running the tool has no adverse affects on the local system, unless intentionally created Exploit-WMF files are inadvertently executed.

Method of Infection

Method of Infection -

N/A

Removal -

Removal -

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A