W32.Mugly.A@mm
Aliases: Win32.Mugly.A, Worm.Win32.Wurmark.a, W32/Mugly.a@MM, WORM_MUGLY.A
Variants: Email-Worm.Win32.Wurmark.d, W32.Mugly.D@mm, W32.Mugly.E@mm, W32/Wurmark
Classification: Malware
Category: Computer Worm
Status: Inactive
Spreading: Fast
Geographical info: N/A
Removal: Hard
Platform: W32
Discovered: 02 Dec 2004
Damage: Medium
Characteristics: This worm is an email worm that utilizes its own Simple Mail Transfer Protocol or SMTP engine to propagate its code. It sends its code as an attachment to email addresses it has collected from the infected computer system. The W32.Mugly.A@mm malware is also known to drop and execute a variant of the W32.Spybot.Worm and will try to open up a back door in the affected machine.
W32.Mugly.A@mm Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Mugly.A@mm from your computer.
More details about W32.Mugly.A@mm
The W32.Mugly.A@mm is a mass mailing memory resident worm that arrives on the infected machine as an email attachment. When it executes in the machine, it will drop a copy of itself as a .TMP file and will also drop several other files. Among the files dropped by the malware is a ZIP file which is the worm’s compressed copy, an EXE file which is a copy of the W32.SdBot.Worm, a JPG file that is not malicious and 2 DLLs – one is its SMTP mailing engine and the other one is a typical archive engine. It will likewise drop a SYS file which is an unpacker component that will be used by the worm for registering the SVK Protector. This SVK Protector is used by the worm for unpacking one of its several dropped files that is packed using SVKP.This mass mailing worm also create registry entries to allow its dropped EXE file to run during startup. This file will create a service. The worm will then register its SMTP engine by creating more registry entries so that it can carry out mass mailing. The W32.Mugly.A@mm worm will try to locate target email recipients from files that have the extensions asp, adb, doc, dbx, html, htm, sht, php, txt, tbb and wab. It will however avoid sending messages to email addresses containing security related strings. The worm is also known to exploit the Windows LSASS and RPC DCOM vulnerabilities. It also connects to a predefined server and opens up arbitrary ports to wait for instructions from its remote author. When executed in the machine, this worm will display its dropped JPG file which is a picture of a man with a contorted face.
Browse for more malware information
- W32.Mugly.A@mm
- W32.Mular.A
- W32.Multex.B
- W32.Music.A.Worm
- W32.Muzk.Irc
- W32.MyLife@mm
- W32.MyPower@mm
- W32.Mybabypic.Worm
- W32.Mydoom!gen
- W32.Myfip.A
- W32.Myparty@mm
- W32.Mypics.Worm
- W32.Mysamurai
- W32.Mytob!gen
- W32.Naco@mm
- W32.Naked@mm
- W32.Namshare
- W32.Narcha
- W32.Narcs
- W32.Navidad
- W32.Neela
- W32.Neeris
- W32.Nekat.A
- W32.Netav.Worm
- W32.Netlip.Worm
- W32.Netsky.AA@mm
- W32.Netsky@mm
- W32.Netspree.Worm
- W32.Neveg.A@mm
- W32.NewApt.Worm
Contact Us
|
Privacy Policy
|
Site Map
Copyright © Uniblue Systems Limited 2007. All rights reserved.