PC & Mac
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Execution of the infected file.
This is a detection for a new Bagle variant.
In initial test shown, that this new varaint did not spread by mail.But it tries to connect to several webservers and tries to download and execute a file.
The virus copies itself into the Windows System directory as WinXP.exe. For example:
It also creates other files in this directory to perform its functions:
The following Registry key is added to hook system startup:
A mutex is created to ensure only one instance of the worm is running at a time. One of the following mutex names is used in an attempt to stop particular variants of W32/Netsky running on the infected machine:
It tries to stop processes with the following filenames:
It attemps to download a file for the following URLs:
All Users:Use specified engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Additional Windows ME/XP removal considerations
© 2003-2013 McAfee, Inc.