Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


SYSMCM.EXE PROCESS INFORMATION

Process Name  : Sysmcm.exe

Process Path : %SYSTEM%\Sysmcm.exe [ C:\Windows\System32\Sysmcm.exe ]

Process type    : Internet Worm

Malware Name : W32.Music@mm

Alias             : I-Worm.Music, W32/Music@mm, W32/Music-A, WORM_Music.A

Threat level : Low

Process Details

                     Sysmcm.exe is the main component dropped by music worm. It uses Windows address book to email itself. The worm is 39,936 bytes long {39and written in Visual Basic 5. It needs "MSVBVM50.dll" to spread otherwise it will show DLL missing error. The e-mail attachment name will be Music.exe or Music.com

                     While opening the e-mail attachment, the worm will display Christmas greetings with music. In the background it copies itself to windows system folder in the name of "SYSMCM.EXE". It also modifies registry setting to load next time automatically.

                     Then it connects to virus author site and downloads additional components to the local machine to e-mail automatically. The additional files will be stored in the name of SYSDRV.EXE and SYSTMP.DLL in Windows directory.

                      It opens the Windows address book and sends email to all the email Ids stored. The message subject will be "Testing to send file", the message body will be "Hi, just testing email using Merry Christmas music file, not bad music." or "Hi, just testing email using Merry Christmas music file, you'll like it" and the attachment name will be Music.exe or Music.com. The icon of the attachments will be similar to Wave file icon.

                     This worm has the ability to update new versions from the virus author site. The file downloaded by I-Worm/Music from virus author site contains the following string.

"Hi, tracing this file? It's a very friendly program, it do nothing harm to your system. In fact I hate a file like this, but the bad thing is I cant find a job, and I need to rent my basement room, I only hope this file could help me to make my both ends meet. Thanks & regards. -- The author, Nov 08, 2000."

How can I protect my system?

                   Solo has incorporated sysmcm.exe in its signature file to protect users from this worm attack. Solo antivirus registered users are already protected from this worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this worm?

                   If you are already infected with sysmcm.exe, you can remove it from your computer using Solo Antivirus software. Solo antivirus can detect and remove W32.Music@mm safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VBS, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link