Sunday, March 7, 2010

WIN32 ZIMUSE VIRUS REMOVAL

Win32 Zimuse virus is a disguised IQ test combines virus, rootkit and worm -- malicious code for one fatal formula
Once executed, the worm creates between seven and eleven copies of itself (depending on the variant) in critical areas of the Windows system.

CAUSES OF WIN32 ZIMUSE VIRUS

Win32.Worm.Zimuse.A is an extremely dangerous piece of malware. Unlike average worms, Win32.Worm.Zimuse.A could lead to severe data loss as it overwrites the first 50 KB of the Master Boot Record - a key zone of the hard disk drive.
In order to execute on each Windows boot-up, the worm sets the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Dump"="%programfiles%\Dump\Dump.exe

It also creates two driver files, namely:
%system%\drivers\Mstart.sys and %system%\drivers\Mseu.sys
Since 64-bit versions of Windows Vista and Windows 7 require digitally signed drivers, the worm would fail installing these files.

Unfortunately, in its early stages, this worm makes it nearly impossible for users to know their system has fallen victim to the e-threat. If a certain number of days have elapsed since the infection (40 days for variant A and 20 days for variant B), the computer user receives an error message stating that a problem has occurred due to malicious content in IP packets from a peculiar-looking web address. It then asks the user to recover the system by pressing “OK.” After this message, the next restart causes the computer’s hard disk to become damaged due to the compromised boot sector. To view a video detailing what occurs during an attack by Win32.Worm.Zimuse


HOW TO REMOVE WIN32 ZIMUSE VIRUS


In order to stay safe, BitDefender recommends downloading, installing and updating a complete antimalware suite with antivirus, antispam, antiphishing and firewall protection. Users should also employ extra caution when prompted to open files from unfamiliar locations.

No comments:

Post a Comment