ESET warns against a new, extremely dangerous worm Win32/Zimuse. The threat affects a key element of the hard disk – the master boot record, corresponding to such for running the operating system.
Win32/Zimuse cleverly avoids detection by antivirus programs, and incompetent attempt to remove it from the system can result in a failure of an infected disk and completely blocking access to the data.
Method of operation Win32/Zimuse like those used by computer virus many years ago. Once inside the victim’s computer at risk of dying a few days, so you can fool some antivirus programs, pretending to be completely benign application.
Only after 7 or 10 days, depending on the version, Win32/Zimuse manifests first activity, involving the execution and distributed a further their copies.
The worm then starts a clock that counts down the time to start the destructive mechanism of the first and foremost on the hard disk boot record, so called. MBR (Master Boot Record).
Deprivation of your information stored in the MBR results in the inability to run the operating system and thereby blocking access to data stored on the media.
Interestingly, use of improper methods of liquidation threat to skip the countdown procedure and immediately commands the destruction. This is like disarming a bomb – the intersection of inadequate results in explosion wire load.
Specialists from the ESET Virus Lab pointed out that currently two versions of the spread and threat Win32/Zimuse.A Win32/Zimuse.B that infect more computers in several ways. You can infect your equipment through the chance to download from the Internet infected, self-extracting ZIP file, hiding in some web sites.
Zimuse can also spoof the application allegedly used to check the level of intelligence. In fact, instead of the IQ test user unaware of a threat to your PC lets dangerous worm. Zimuse can also spread this information using the portable data storage device (flash drive).
Currently, the largest number of machines infected with worm Zimuse located the company Eset in Slovakia, the USA, Thailand, Spain, Italy and Czech Republic. It is very likely that the infection grows in strength and soon transferred to the threat of computer users in other countries. Due to the specificities of risk professionals from ESET’s desire to remind you of the good practice of regularly backing up critical data. It is important that such copy is saved on media other than the one used to store valuable data for us.
ESET has prepared and released a free tool that allows you to safely remove Win32/Zimuse from an infected computer. The program is available at ESET.