New Virus – Total Security 2009

I got this email from Cyberdefender (I use there anti-virus software on my computer – and I bought the upgrade), and it looks like this is a bad one.

If you have Cyberdefender on you computer, it will protect you from this bad boy, but if not then no guarantee:

Threat Name: Total Security 2009

Type: Rogue

Severity: High

Explanation of behavior:
1. A new variant of System Security 2009 and installs polymorphic executables, different in MD5 and name EVERY time. (example: 12346789.exe) Also, the folder to which this is installed is different.

2. Process runs in memory and once system is restarted, no binaries can be executed. This includes taskmgr.exe and regedit.exe. User receives fake messages that system is infected with the process, making the rogue seem like legit software.

3. Executable installed and running in memory is dropped under all user accounts (C:\Documents and Settings/All Users/Application Data. Therefore, not even logging in as an administrator will help in accessing any binaries or killing process.

4. The Run key pointing to the executable has the same value as the exe file itself, making it complicated to blacklist. Therefore, every time system is restarted, this threat will run and lock all files.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s