Win32/Muce.A

Discussion in 'NOD32 version 2 Forum' started by don_piano, Jun 1, 2005.

Thread Status:
Not open for further replies.
  1. don_piano

    don_piano Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5
    Location:
    Norway
    Today I got this virus from an application I downloaded, but after looking what I feel is "all over the place," I couldn't find any information on this virus. It's not even int he virus description list at nod32.com

    Trend Micro and Panda identifies the same virus as PE.Puce not Muce - and then I did find some info. But how come its not on nod32.com, even though it IS in the virus definitions..?
     
  2. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    In the virus definitions are so many viruses, worms, trojans etc.. that it is really hard to add all the malware descriptions to web...
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Yep. An antivirus company could hire hundreds of employees for making comprehensive descriptions, but even if they worked 24 hours a day, 7 days a week, 365 days per year, it would still take ages to make a description oif every single malware in the world.
     
  4. don_piano

    don_piano Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5
    Location:
    Norway
    No, I get that - but my situation today was that I didnt know what the virus did. I made a clean scan afterwards - but still, I didnt know if it had tried to mail itself to friends, or what it might have done.

    I wouldn't really mind going elsewhere to find the information if they had the same name for the virus, but nod32 calls it "muce," while trend and panda calls it "puce." .. Whats up with that?

    The biggest problem is solved, dont get me wrong. Im never deleting my nod32 - I just got a serious scare today, and had to go elsewhere to find out what it was. :doubt:
     
  5. Happy Bytes

    Happy Bytes Guest

    It's a fileinfector virus - it will not spread via email - except you did send executables. Drops with a randomly name into the temp folder (same as parite)

    It creates a mutex pUcE to avoid multiply running instances, searches all local drives for files to infect and is able (like parite.a/parite.b) to spread across network shares.

    Note: This virus is known for damaging files - means you cannot really clean such infected files if the host file body could not be written into the resource section (resource ID: 527 in every infected file) of such a infected file.

    Coz this virus was written in Borland C (same as parite virus) the infected files grow up by a huge amount of bytes (more then 200kb)
    This virus fakes also the fileattributes and date/time stamps to match the hostfile settings.

    every month on 26th this virus will move your mouse around :D

    More questions? :D
     
  6. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    Daddy, am i protected from this virus? ;)
     
  7. Happy Bytes

    Happy Bytes Guest

    You not, but your machine is my son :D
     
  8. don_piano

    don_piano Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5
    Location:
    Norway
    Thank you kindly! :)
     
  9. bsilva

    bsilva Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    238
    Location:
    MA, USA
    This is one big happy family... :D
     
  10. buce..:)

    buce..:) Guest

    Hi!How can i kill this **** from my pc??
     
  11. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    Run NOD32 in safe mode first - it should cleanup anything that can't be found in normal mode - IF that fails, then Google for:

    muce.a removal

    or puce.a removal
     
Thread Status:
Not open for further replies.