about the city contact us
search
 
 
 
 
 
 
Malware city / Blog / Malware Alert - Win32.Worm.Zimuse.A - The Hard-Dis
Print | Send on Yahoo! | PDF version | Feed RSS | Filed Under: ALERTS

Malware Alert - Win32.Worm.Zimuse.A - The Hard-Disk Wrecker

Date: 01/25/2010
Author: Loredana Botezatu

Blended formula of virus, rootkit and worm. Result: fatal.

BitDefender today identified a new e-threat that combines the destructive behavior of a virus with the spreading mechanisms of a worm. Two variants are known to this day.

Called Win32.Worm.Zimuse.A, this malicious piece is extremely dangerous; unlike average worms, it would lead to severe data loss as it overwrites the first 50 KB of the Master Boot Record, a key zone of the hard disk drive.

Win32.Worm.Zimuse.A enters the computer disguised as an apparently harmless IQ Test. Once executed, the worm creates between seven and eleven copies of itself (depending on the variant) in critical areas of the Windows system.

In order to execute itself on each Windows boot-up, the worm sets the following registry entry: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Dump"="%programfiles%\Dump\Dump.exe", and also creates two driver files, namely %system%\drivers\Mstart.sys and %system%\drivers\Mseu.sys. Since 64-bit versions of Windows Vista and Windows 7 require digitally-signed drivers, the worm would fail installing these files.

The really unfortunate thing about this worm is the fact that in its early stages, it's almost impossible for users to become aware that the system has fallen victim to this e-threat. If a certain number of days have elapsed since the infection (40 days for variant A and 20 days for variant B)-, the computer user receives an error message as the following:

the computer user receives an error message

After this message, the next restart will represent the fatal moment for the computer. The hard disk is damaged as the boot sector has been compromised:

The hard disk is damaged as the boot sector has been compromisedThe hard disk is damaged as the boot sector has been compromised

In order to stay safe, BitDefender recommends that you download, install and update a complete antimalware suite with antivirus, antispam, antiphishing and firewall protection and to manifest extra caution when prompted to open files from unfamiliar locations.

 

For more information please visit Zimuse website.

Share our story:
DiggStumbleUpondel.icio.usYahooMyWebFurlGoogle
RELATED:
RELATED INFO:
Co-Author: Bogdan Botezatu

user comments
This video is very impressive. Sorry that you show only Win XP. Is there a solution for Win 7 Ultimate?
"To bee patient" lol
Do I have to buy a new Computer after this or can I start with my hardcopy new?
This virus is very nasty. The video is very cool and the music rules!
Comment on this:
Name:
Email:
Your email address will not be published!

Please enter the code from the image below.
The code is not case sensitive
Verification Image
Reload image
 
 
Calendar
March 2010
MoTuWeThFrSaSu
1234567
891011121314
15161718192021
22232425262728
293031    
« Feb March Apr »
CategoriesMISCELLANEOUS
WEEKLY REVIEW
VIRUSES DESCRIPTIONS
CONTEST
MALWARE HISTORY
HOW TO....
BOTNETS
ALERTS
SPAM REVIEW
Tag Claud
omelette conficker antivirus bitdefender system file computer data microsoft messages rogue word files infected downadup virus online twitter security review malware trojan software worm spam message canadian exploit windows pharmacy
RSS Feeds
Blogs And Comments RSS News
Malware City Powered by BitDefender © 2010 |  privacy policy   |  city map