- presence of the registry mentioned in Technical Description - computer slows down
Please let BitDefender disinfect your files.
George Cabau, virus researcher
This worm performs the following actions upon execution:
- creates a copy of itself inside “%systemdrive%\RECYCLER\S-1-5-21-[10-digits-random]-[10-digits-random]-[4-digits-random]” directory, under the name “MsMxEng.exe”, and hides this directory from being seen by explorer. - Registers itself at the system start-up by creating a new entry in "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" under the name "Taskman" pointing to “%systemdrive%\RECYCLER\[malware-direcory]\MsMxEng.exe”. - injects its code into the memory space of explorer.exe.
It spreads itself:
- Through USB removable devices, by creating on such locations a folder named USBSYSTEM, where it makes a copy of itself under the name "usp.exe". Additionally creates in the device root an "autorun.inf" file which will run the malware when the infected USB device is used on another computer. - Through MSN by sending malware links. - Through Kazaa and DC++ by sharing its directory. - Through P2P using LimeWire, eMule , iMesh, BearShare
The worm has DoS (Denial of Service) capabilities, it can initiate TCP-SYN flood attacks to remote hosts.