W32.Niumu


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 20 Apr 2007
Damage: Medium

Characteristics: W32.Niumu also has the ability to spread to network shares and gain full control over the compromised computer. It attacks .exe, .scr, or .zip file extensions. All platforms of Windows Operating System can be affected. Once the virus is successfully installed in your computer, the worm multiplies itself to the system directory. The worm then spreads by copying itself with the hidden and system attributes.

More details about W32.Niumu

The space becomes unusable when the memory space is lessened.This worm also steals private information on the compromised computer. This information may lead to the hands of the black market. Confidential email messages and/or usernames and passwords can also be sold iin the Internet. Furthermore, users should be wary that files maliciously downloaded from an untrusted site should always be quarantined or check before execution. This service is actually a legitimate Microsoft service that was altered by the infection to start the muniu.exe infection. Therefore, instead of deleting the service, you should change its ImagePath value back to SystemRoot folder and in System32 folder.

Some reports claim that the W32.Niumu application can distribute its downloaded files to other computers. It can do this using a network connection. Malware with similar function are commonly distributing threats via email, instant messages, and peer-to-peer websites and applications. The remote attacker will most probably disable running programs in the compromised machine using this program. Reports say it can stop security applications like an anti-virus and firewall. This application may be able to disable a whole system as well. Experts believe this could result to the frequent automatic shutting down and restarting of the infected machine.