W32.Whitebait@mm

What is W32.Whitebait@mm?
W32.Whitebait@mm is a mass-mailing worm that drops a remote access Trojan and attempts to forward itself via any e-mail addresses found within files on the local system. It spreads as a large attachment named MSsecu.exe in its e-mail messages which are sent using its own SMTP code, independent of MAPI servers, for example, Outlook.

Once executed this attachment, the worm will copy itself to the Windows directory as MSSECU.EXE, and then drop and execute another file name WinSystem.exe in the Windows directory. W32.Whitebait@mm usually contains some explicit but low-quality pornographic images and provides a window with buttons to flip through them.

W32.Whitebait@mm is also known as Backdoor.Blaire [Kaspersky Lab], W32/Whitebait.gen@MM [McAfee], W32.Whitebait@mm [Symantec], BackDoor.Blaireau.314 [Doctor Web].

Do you have W32.Whitebait@mm?
If you have enough time and expertise, you can search your computer for W32.Whitebait@mm manually. However, it might take hours to find out all files of W32.Whitebait@mm, and it is possible that W32.Whitebait@mm will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for W32.Whitebait@mm
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual W32.Whitebait@mm removal instructions
WARNING: The manually removal method is for advanced users. W32.Whitebait@mm manually removal can be difficult and time-consuming. There is no guarantee that W32.Whitebait@mm can be completely removed, for there are hundreds of files generated when W32.Whitebait@mm installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below for W32.Whitebait@mm removal manually:

Navigate and stop the W32.Whitebait@mm processes:
backdoor.blaire.exe
mssecu.exe
winsystem.exe

Navigate and delete W32.Whitebait@mm files:
backdoor.blaire.exe
bdn.com
mssecu.exe
winsystem.exe

Navigate and remove W32.Whitebait@mm registry keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\winsystem

What are the symptoms of W32.Whitebait@mm?

• W32.Whitebait@mm may hide from users
• W32.Whitebait@mm may stay resident in background

How do I keep away from W32.Whitebait@mm?
Once you have cleaned up W32.Whitebait@mm, the most important point to prevent W32.Whitebait@mm and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against W32.Whitebait@mm and other malware:

• Use a computer firewall
• Confirm that you have downloaded all the latest critical security updates
• Adjust Internet Explorer web browser’s security settings
• Download and install anti-spyware protection, such as, Spyware Cease
• Surf sites and download programs from the web sites you trust

What is Worm?

W32.Whitebait@mm is a type of Worm.

In a computer, a worm is a self-replicating computer program that does not alter files but resides in active memory. The difference between a computer worm and a computer virus is that a computer virus can not run itself. A virus usually needs a virus program to run, and the virus code also runs as part of the host program. However, a worm does not need a host program to run; it uses a network to spread itself over computers on the network.

The original computer worm was released (maybe accidentally) on the Internet by Robert Tappan Morris in 1988. The Internet Worm used sendmail, fingerd, and rsh/rexec to spread itself across the Internet.

The SQL Slammer Worm of 2003 used a vulnerability in Microsoft SQL Server 2000 to spread itself across the Internet. The Blaster Worm, also of 2003, used a vulnerability in Microsoft DCOM RPC to spread itself.

The Melissa worm of 1999, the Sobig worms of 2003 and the Mydoom worm of 2004, all spread through e-mail. These worms shared some features of a trojan horse, in that they spread by enticing a user to open an infected e-mail attachment.

Mydoom also attempted to spread itself through the peer-to-peer file sharing application KaZaA. The Mydoom worms attempted a Denial of Service (DoS) attack against SCO and Microsoft.