CME 24


Hope you can help with this question.

If a computer is infected with CME 24 will it attempt to attack a mapped network drive?
Not just delivering its payload.




Lets first try to understand what CME 24 is, CME – Common Malware Enumeration – is a relatively new standard in the way malwares are identified and sorted.

CME allows different vendors, such as: Aladdin Knowledge Systems, Authentium, Avira, CA, ClamAV, ESET, Fortinet, Grisoft, H+BEDV, iDefense, Kaspersky, McAfee, Microsoft, TrojanDownloader, Norman, Panda, Sophos, Symantec, and Trend Micro to name the malware they identify in such a way that the user can know that the Malware ‘X’ that company A has found is the same Malware named ‘Y’ that company B finds.

CME 24, which is also been named by the different vendors as,
Aladdin Knowledge Systems: Win32.Blackmal.e
Authentium: W32/Kapser.A@mm
CA: Win32/Blackmal.F
Fortinet: W32/Grew.A!wm
F-Secure: Nyxem.E
Grisoft: Worm/Generic.FX
H+BEDV: Worm/KillAV.GR
Kaspersky: Email-Worm.Win32.Nyxem.e
McAfee: W32/MyWife.d@MM
Microsoft: Win32/Mywife.E@mm!CME-24
Norman: W32/Small.KI
Panda: W32/Tearec.A.worm
Sophos: W32/Nyxem-D
Symantec: W32.Blackmal.E@mm
TrendMicro: WORM_GREW.A

Destroy certain data files on an infected user’s machine on Friday, February 3, 2006.

According to our sources and independent analysis conducted on this worm, have revealed that the code should have destroyed. However, it is apparent that ITW (In the Wild) the worm’s payload does not function correctly making it unable to destroy content found on mapped drives.

  • abhi

    how to recover data that have been infected by generis.FX worm