W32/Wanor@MM

This page shows details and results of our analysis on the malware W32/Wanor@MM

Download Current DAT: 6615

Threat Detail

Malware Type: Virus

Malware Sub-type: N/A

Discovery Date: 2003-03-21

Next Steps:

Overview
Symptoms
Method of Infection
Removal

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Minimum DAT

4254 (2003-03-26)

Updated DAT

4255 (2003-04-02)

Minimum Engine

5.1.00

File Length

71,168 bytes

Description Added

2003-03-21

Description Modified

2003-03-21

Malware Proliferation

Characteristics

Symptoms

Presence of the following files:

%WinDir%\Winscr.scr
%WinDir%\INF\Winm.exe
%SysDir%\Msdepw32.dll
%SysDir%\Msdtv.dll

Method of Infection

This worm spreads via email and peer-to-peer file sharing software.

Removal

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations