W32/CMQ.a

Content

W32/CMQ.a

Type: Virus
SubType: Win32
Discovery Date: 08/05/2008
Length: Varies
Minimum DAT: 5354 (08/05/2008)
Updated DAT: 5358 (08/11/2008)
Minimum Engine: 5.2.00
Description Added: 08/05/2008
Description Modified: 08/14/2008 9:03 PM (PT)

Risk Assessment

Corporate User: Low
Home User: Low

Tab Navigation

Characteristics

This is a generic detection for parasitically infected files that loads and executes BackDoor-CMQ.

Infected Win32 Portable Executable (PE) files have their import address table patched to load a DLL component detected as BackDoor-CMQ with one of the following filename(s):

mrpmsg.dll
rsapmsg.dll

When succcessful, the BackDoor-CMQ compoment executes in the memory space of the infected file.

For further characteristics of BackDoor-CMQ, please refer to:

http://vil.nai.com/vil/content/v_130850.htm

Symptoms

Modification of existing PE files.

Method of Infection

W32/CMQ.a are parasitically infected to loads and executes BackDoor-CMQ. It may propagate through network or shared drives, or downloading infected files from malicious websites.

Removal

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

N/A

All Information

Overview -

This is a generic detection for parasitically infected files that loads and executes BackDoor-CMQ.

Characteristics

Characteristics -

This is a generic detection for parasitically infected files that loads and executes BackDoor-CMQ.

Infected Win32 Portable Executable (PE) files have their import address table patched to load a DLL component detected as BackDoor-CMQ with one of the following filename(s):

mrpmsg.dll
rsapmsg.dll

When succcessful, the BackDoor-CMQ compoment executes in the memory space of the infected file.

For further characteristics of BackDoor-CMQ, please refer to:

http://vil.nai.com/vil/content/v_130850.htm

Symptoms

Symptoms -

Modification of existing PE files.

Method of Infection

Method of Infection -

W32/CMQ.a are parasitically infected to loads and executes BackDoor-CMQ. It may propagate through network or shared drives, or downloading infected files from malicious websites.

Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A

McAfee > Theat Center > Virus Detail Page

Navigation

Utility Navigation

Content

W32/CMQ.a

Type

SubType

Discovery Date

Length

Minimum DAT

Updated DAT

Minimum Engine

Description Added

Description Modified

Risk Assessment

Tab Navigation

Overview

Characteristics

Symptoms

Method of Infection

Removal

Variants

Variants

All Information

Overview -

Characteristics

Characteristics -

Symptoms

Symptoms -

Method of Infection

Method of Infection -

Removal -

Removal -

Variants

Variants -

Threat Resources

Footer