Content

W32/MumaWow.e!inf

Type
Virus
SubType
Win32
Discovery Date
06/24/2008
Length
~28 KiloBytes
Minimum DAT
5324 (06/24/2008)
Updated DAT
5586 (04/16/2009)
Minimum Engine
5.1.00
Description Added
06/24/2008
Description Modified
06/30/2008 5:01 AM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

W32/MumaWow.e!inf is a dropper for the W32/MumaWow virus. It also downloads multiple password stealers and newer variants of W32/MumaWow family.

Upon execution of W32/MumaWow.e!inf infected files it drops and executes xue.xue (W32/MumaWow) infector and downloader. For further information on W32/MumaWow infector visit the following link:
http://vil.nai.com/vil/content/v_141958.htm

Symptoms

Presence of xue.xue.

Method of Infection

This is a network aware worm and is capable of spreading through open network shares

Removal

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

W32/MumaWow.e!inf is a dropper for the W32/MumaWow virus. It also downloads multiple password stealers and newer variants of W32/MumaWow family.

Aliases

  • PE_MUMAWOW.BG (Trend Micro)
  • Virus.Win32.Downloader.ba (Kaspersky)
  • Virus:Win32/Cekar.B (Microsoft)
  • W32.Mumawow.F!inf (Symantec)

Characteristics

Characteristics -

W32/MumaWow.e!inf is a dropper for the W32/MumaWow virus. It also downloads multiple password stealers and newer variants of W32/MumaWow family.

Upon execution of W32/MumaWow.e!inf infected files it drops and executes xue.xue (W32/MumaWow) infector and downloader. For further information on W32/MumaWow infector visit the following link:
http://vil.nai.com/vil/content/v_141958.htm

Symptoms

Symptoms -

Presence of xue.xue.

Method of Infection

Method of Infection -

This is a network aware worm and is capable of spreading through open network shares

Removal -

Removal -

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A