BitDefender identified a new e-threat that combines the
destructive behavior of a virus with the spreading mechanisms of a worm. Two
variants are known to this day.
enters the computer disguised as an apparently harmless IQ Test. Once executed,
the worm creates between seven and eleven copies of itself (depending on the
variant) in critical areas of the Windows system.
In order to stay safe, BitDefender recommends downloading,
installing and updating a
complete antimalware suite with antivirus, antispam, antiphishing and
firewall protection. Users should also employ extra caution when prompted to
open files from unfamiliar locations.
BitDefender created a free Zimuse disinfection tool, which
is available for download at http://www.zimuse.com/
What are the other names for Worm.Zimuse.A ?
Trojan.Startpage.G, Win32/Zimuse.A or Worm:Win32/Zumes.A!sys .
What are the symptoms? How do I find out if I have Worm.Zimuse.A on my PC?
Presence of the following files
A technical description of Worm.Zimuse.A :
The malware comes as an application with a WinZip icon in order to
trick the user into running it. To look even more as a a
self-extracting archive it displays a dialog box asking for a password
in order to successfully unzip the package contents.
Once executed the application checks the command line parameters and
if there is a switch ‘/Z’ then it proceeds to delete all the files ,
all the registry keys it and all the services it has created during a
* it checks if it’s set to run at startup up, by checking the
presence of a key named ‘Dump’ in
The malware is inactive for the first 10 days (first variant) and 7
days (second variant). After this period of time, from the moment of
infection, it proceeds to infect all usb drives attached to the
computer using the classical autorun.inf technique.
After 40 days from the infection (first variant) and 20 days
(second variant) the malware goes and overwrites the MBR (master boot
record) with garbage rendering the computer un-bootable.
Worm.Zimuse.A Removal Instructions?
2. People running as a restricted user in Windows XP, right click the “zimuse-removal-tool.exe” program and choose “Run as Administrator” to be prompted to enter credentials for an admin account.
3. BitDefender recommends a system reboot after the disinfection is complete.
For more information please visit Zimuse website.