W32.Mumawow.A


Aliases: W32/PWFuzz-A
Variants: W32.Mumawow.A!inf, W32.Mumawow.F!inf, W32.Mumawow.E!inf

Classification: Malware
Category: Computer Virus

Status: Active and Spreading
Spreading: Moderate
Geographical info: North America, Asia, Europe
Removal: Easy
Platform: W32
Discovered: 19 Mar 2007
Damage: Low

Characteristics: This security risk is a virus that is capable of infecting executable files found in the compromised system’s Program Files folder. This virus may likewise download files from a remote server and may propagate via network drives. The W32.Mumawow.A virus is also known to compromise system security since it is capable of disabling various security related programs.

More details about W32.Mumawow.A

Upon launching in the compromised system, the W32.Mumawow.A virus will copy itself to the system as an executable file. The virus will also create a DLL file having 5 random numbers for its name and add a value to a registry entry to enable it to run at Windows startup. Next, the virus will attempt to infect every .EXE file located in the dllcache and Program Files folder of drives C, F, E and D. However, the malware will only inject some of its code to the target files so that it will be enabled to download another malicious file from a remote location. This target download file is a Trojan that is actually responsible for executing a variant of the Infostealer.Wowcraft Trojan in the victim machine. On the other hand, the infected .EXE files will download and then launch copies of the W32.Mumawow.A virus.

The virus also waits for an Internet connection to be established so that it can contact a remote server which is believed to be the virus’ author’s address. The malware then goes on to locate security related processes such as those from Kingsoft and McAfee and then terminate them. The W32.Mumawow.A worm can deleted from the system by downloading a good antivirus program. After downloading the antivirus program of your choice, proceed to install it to your desired location and the launch it. Follow all the steps given by the antivirus program. You should also go to the Registry editor and delete the startup value that the virus has added.