WinMX

· Overview ·
· Origins ·
· Operation ·
· Detection and Removal ·
· Research ·

Overview

Vendor Notes:

 From the doc: 'When this program is opened by the victim, it will start its search for Word-documents, Textfiles, Inifiles, Batchfiles , every important file on the victims computer will be found and copied into a directory. That directory will be shared with all WinMX users. The trojan adds the extension '.avi' to every file in that folder, else the files cannot be found on the WinMX network. When the search is over, the program adds itself to the registry to make sure that he can refresh the folder every 10 days. When the filename of the program is 'winmxtrjn' , a help menu will appear with more information. So don't send it to your victim with this filename! The program must be send with the extensions .scr or .exe, else the program won't work. The filename of the program may be changed in everything of course.'

Alias:

 Trj/Mmxwin [Panda], Trojan.Win32.WinMX.10, Win32.Glimp [Computer Associates], Win32/WinMX!Trojan [Computer Associates], WinMX File Sharing Trojan 1.0

Category:

P2P: Any peer-to-peer file swapping program, such as Audiogalaxy, Bearshare, Blubster, E-Mule, Gnucleus, Grokster, Imesh, KaZaa, KaZaa Lite, Limewire, Morpheus, Shareaza, WinMX and Xolox. In an organization, can degrade network performance and consume vast amounts of storage. May create security issues as outsiders are granted access to internal files. Often bundled with Adware or Spyware.

Trojan: Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs.

Similar Pests:

 P2P · Trojan

Origins

Author:

 Migl H

Programming Language:

 Visual Basic

Date of Origin:

 January, 2003

Place of Origin:

 Netherlands

Operation

Storage Required:
  • WinMX: at least 45 KB
    		•

    Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.

    Manual Removal:

    		 Follow these steps to remove WinMX from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Research

    File Analyses:

    More Info:
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 April 07, 2005