This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Indication of Infection
Presence of the aforementioned files
Methods of Infection
This worm spreads via accessible shares (IPC$ and ADMIN$). Random IP addresses on the local class C subnet are targeted by the worm. It uses the HFind.exe trojan to retrieve accessible IP addresses and share passwords (via a dictionary style attack). This information is used to by the worm to be copied to and execute on the target victim system.
Some strains contain a functioning PCGhost keylogging application and are configured to use the SMTP server SMTP.SINA.COM.CN and send key log files to a SINA.COM address. This is likely to vary in future strains.
BAT.Muma (DrWeb), Bat.Mumu.A.Worm (Symantec), BAT_SPYBOT.A (Trend), IPCScan , PCGhost