Aliases: W32/Renama@MM, Email-Worm.Win32.Minusi, I-Worm.Minusi.A, W32/Minusia-A, Win32/Minusi.worm.50176
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 21 Mar 2006
Damage: Medium

Characteristics: W32.Renama.A@mm is a mass-mailing worm. It responds to emails in the user's Outlook inbox. It spreads by replying to the existing emails in the Outlook inbox. It also spreads via network shares and removable drives. It is a slow infector and does medium damage to an infected computer.

More details about W32.Renama.A@mm

W32.Renama@MM spreads by replying to the emails in the Outlook inbox. It also propagates using network shares and removable drives. When executed, it drops a text file named "system_log.txt" in the WINDIR folder. It opens this file using the default text editor and displays a message. The worm does not infect the computer if a text file named "muhammad_is_my_prophet.txt" is found in the WINDIR folder,. The worm copies itself as: safemode.exe, Easy.Windows.Monitoring.exe.exe, system.update.exe.exe mcAfee.Update.exe.exe, mmsg.exe.exe, svchost.exe, and ERSvc.exe in the WINDIR folder. The worm then modifies the registry to make sure it loads every time Windows starts. It also attempts to terminate the following processes: cmd.exe, mmc.exe, msconfig.exe, mirc.exe, excel.exe, and winword.exe. The worm also disables the windows Registry Editor, Command Prompt, and Task Manager. The worm copies itself to fixed and removable drives with names: (random name).exe, _.exe, and listname_of_terrorist.exe.

The W32.Renama.A@mm program is a configuration that typically installs itself through an exploit, a loophole, a backdoor, or some other deceptive means. It aids the download and the installation of other malware and unwanted software onto a target machine. This program downloads adware, spyware, and malware from a vast set of multiple servers and sources on the internet.