W32.Winemmem!inf


Aliases: W32/Winemmem!inf, W32/Winemmem, Win32.Winemmem!inf, Virus.Win32/Winemmem!inf
Variants: W32.Winemmem, Win32/Winemmem!inf, Virus.Win32.Winemmem!inf

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 14 Nov 2008
Damage: Medium

Characteristics: The W32.Winemmem!inf program is a program virus that infects ___.dll files. It as well downloads malicious files from the Internet. W32.Winemmem!inf has backdoor functionality. Infection begins with manual execution of the binary. The systems that are affected by this virus are Windows Server 2003, Windows XP, and Windows 2000.

More details about W32.Winemmem!inf

The W32.Winemmem!inf program functions on a Windows operating system. It commonly infects systems through the Kazaa peer-to-peer (P2P) file-sharing network as well as via Internet Chat Relay (IRC) channels. Other means of infection include backdoors created by other Trojan applications and weakly protected network shares. Newer variants of the W32.Winemmem!inf program also exploit security vulnerabilities. All the worm software variants receive commands by connecting to a pre-configured IRC channel. Variants of the W32.Winemmem!inf program reportedly attempt to connect to MS SQL servers using passwords from a list. These attempts may lead to network hacking or user accounts being locked out. The worm applications are also able to download updates of its program. Some variants scan the system for running processes related to anti-virus software and terminate them.

The W32.Winemmem!inf application is installed on the computer using filenames of legitimate Windows programs. This is to avoid being detected as a threat. The program may have rootkit functionality. This function hides the processes of the Trojan application on the computer. The W32.Winemmem!inf software opens a backdoor on the affected computer. This backdoor is used by a remote user to send some commands to the Trojan software on the affected computer. Some of these commands include starting of DDoS (Distributed Denial of Service) attacks, uploading and downloading of unwanted files, and deleting important files from the user’s computer.