I got this email from Cyberdefender (I use there anti-virus software on my computer – and I bought the upgrade), and it looks like this is a bad one.
If you have Cyberdefender on you computer, it will protect you from this bad boy, but if not then no guarantee:
Threat Name: Total Security 2009
Explanation of behavior:
1. A new variant of System Security 2009 and installs polymorphic executables, different in MD5 and name EVERY time. (example: 12346789.exe) Also, the folder to which this is installed is different.
2. Process runs in memory and once system is restarted, no binaries can be executed. This includes taskmgr.exe and regedit.exe. User receives fake messages that system is infected with the process, making the rogue seem like legit software.
3. Executable installed and running in memory is dropped under all user accounts (C:\Documents and Settings/All Users/Application Data. Therefore, not even logging in as an administrator will help in accessing any binaries or killing process.
4. The Run key pointing to the executable has the same value as the exe file itself, making it complicated to blacklist. Therefore, every time system is restarted, this threat will run and lock all files.