Home / malware
First posted on 29 November 2017.
There are no other names known for Virus:Win32/Mewsei.A.
This threat spreads by infecting files on network and removable drives.
It does this by traversing all the drives on the infected system from A:\ to Z:\. Once an accessible location is found the virus searches for .exe files and starts the infection.
The virus makes a copy of itself in the target drive and appends its payload and an encrypted host file in a new portable executable (PE) overlay. It updates the icon and version information of the new file and renames it.
Steals your sensitive information
This threat can steal your personal information such as:
- A list of your PCs running processes and opened windows
- Captured webcam images
- Information about your PC, such as its CPU, memory, video card, current time, and keyboard language
- Saved passwords from your web browsers, including Putty, Firefox, Filezilla, Chorme, and Opera
It can also record which keys you press and upload this information to a remote server.
It can also download and upload executable files to a remote server. We have seen this threat contact the following command and control servers:
Blocks security software
This threat can block the following programs:
Analysis by Mihai Calota
Last update 29 November 2017