W32.Myfip.A
Aliases: W32/Myfip.worm, Worm/Myfip.A
Variants: Worm.Win32.Myfip.e, WORM_MYFIP.E, W32/Myfip.D.worm, Win32.Worm.Myfip.D
Classification: Malware
Category: Computer Worm
Status: Inactive
Spreading: Moderate
Geographical info: N/A
Removal: Hard
Platform: W32
Discovered: 04 Aug 2004
Damage: Low
Characteristics: This security threat is a network aware worm that can steal files from compromised computer systems. The W32.Myfip.A malware resides in the system memory and can arrive on a target machine as an email message that has the IFRAME exploit. This IFRAME window will point to a particular malicious file.
W32.Myfip.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Myfip.A from your computer.
More details about W32.Myfip.A
Once the W32.Myfip.A worm is launched in the victim machine, it will create the ‘fjsy’ mutex in order that only one version of the malware runs at a given time on the computer. It then copies itself to the system as an executable file. This worm will use FTP (file transfer protocol) to retrieve a possibly malicious file from a predefined domain. The file will contain a username, password and server that will be used by the worm to connect to another FTP server. It then adds a value to a registry entry so that it executes when Windows starts. The worm will then try to locate a local system for network directories and if it locates one, it will try to copy its code to the remote system as a file with the extension txt.exe. If the directory needs authentication, the malware will try to connect to it using one of its many predetermined passwords.When the W32.Myfip.A worm has successfully logged in to the directory, it will create files with the .txt and .exe extensions. It will then register a file as the ‘Distributed Link Tracking Extensions’ service which will be responsible for running the worm’s copy with Administrator benefits. It then tries to locate PDF files and then send these to the FTP server it uses. When the W32.Myfip.A worm is successfully installed in the computer, its creator could administer the backdoor’s installation, restrain the IRC client on the compromised machine, download other threats, execute files, send the infection to other channels to take control of other computers, terminate running applications, perform denial of service attacks against other parties and totally uninstall itself by eradicating its pertinent registry entries.
Browse for more malware information
- W32.Myfip.A
- W32.Myparty@mm
- W32.Mypics.Worm
- W32.Mysamurai
- W32.Mytob!gen
- W32.Naco@mm
- W32.Naked@mm
- W32.Namshare
- W32.Narcha
- W32.Narcs
- W32.Navidad
- W32.Neela
- W32.Neeris
- W32.Nekat.A
- W32.Netav.Worm
- W32.Netlip.Worm
- W32.Netsky.AA@mm
- W32.Netsky@mm
- W32.Netspree.Worm
- W32.Neveg.A@mm
- W32.NewApt.Worm
- W32.Nimda.A@mm
- W32.Nits.A
- W32.Niucoft
- W32.Niuniu
- W32.Noddaba
- W32.Nodmin@mm
- W32.Nogrov@mm
- W32.Nohoper.7397
- W32.Nolor@mm
Contact Us
|
Privacy Policy
|
Site Map
Copyright © Uniblue Systems Limited 2007. All rights reserved.