Win32/Muce.A

Today I got this virus from an application I downloaded, but after looking what I feel is "all over the place," I couldn't find any information on this virus. It's not even int he virus description list at nod32.com

Trend Micro and Panda identifies the same virus as PE.Puce not Muce - and then I did find some info. But how come its not on nod32.com, even though it IS in the virus definitions..?

 

In the virus definitions are so many viruses, worms, trojans etc.. that it is really hard to add all the malware descriptions to web...

 

Yep. An antivirus company could hire hundreds of employees for making comprehensive descriptions, but even if they worked 24 hours a day, 7 days a week, 365 days per year, it would still take ages to make a description oif every single malware in the world.

 

No, I get that - but my situation today was that I didnt know what the virus did. I made a clean scan afterwards - but still, I didnt know if it had tried to mail itself to friends, or what it might have done.

I wouldn't really mind going elsewhere to find the information if they had the same name for the virus, but nod32 calls it "muce," while trend and panda calls it "puce." .. Whats up with that?

The biggest problem is solved, dont get me wrong. Im never deleting my nod32 - I just got a serious scare today, and had to go elsewhere to find out what it was.

 

It's a fileinfector virus - it will not spread via email - except you did send executables. Drops with a randomly name into the temp folder (same as parite)

It creates a mutex pUcE to avoid multiply running instances, searches all local drives for files to infect and is able (like parite.a/parite.b) to spread across network shares.

Note: This virus is known for damaging files - means you cannot really clean such infected files if the host file body could not be written into the resource section (resource ID: 527 in every infected file) of such a infected file.

Coz this virus was written in Borland C (same as parite virus) the infected files grow up by a huge amount of bytes (more then 200kb)
This virus fakes also the fileattributes and date/time stamps to match the hostfile settings.

every month on 26th this virus will move your mouse around

More questions?

 

Daddy, am i protected from this virus?

 

You not, but your machine is my son

 

Thank you kindly!

 

This is one big happy family...

 

Hi!How can i kill this **** from my pc??

 

Run NOD32 in safe mode first - it should cleanup anything that can't be found in normal mode - IF that fails, then Google for:

muce.a removal

or puce.a removal