Works on: Windows 10 | Windows 8.1 | Windows 8 | Windows 7 | Windows 2012 SHA1 Hash: 53261402c9f59efec5bb6ac7d02783692b98dfae Size: 205.82 KB File Format: exe
Rating: 2.173913043
out of 5
based on 23 user ratings
Downloads: 1203 License: Free
Worm.Zimuse.Gen is a free software by Bitdefender LLC and works on Windows 10, Windows 8.1, Windows 8, Windows 7, Windows 2012.
You can download Worm.Zimuse.Gen which is 205.82 KB in size and belongs to the software category Removal Tools. Worm.Zimuse.Gen was released on 2010-08-09 and last updated on our database on 2017-02-27 and is currently at version 1.22.
Thank you for downloading from SoftPaz! Your download should start any moment now. It would be great if you could rate and share:
Rate this software:
Share in your network:
Worm.Zimuse.Gen Description
Worm.Zimuse.Gen is a removal utility that targets the Zimuze malware infection.
The malware comes as an application with a WinZip icon in order to trick the user into running it. To look even more as a a self-extracting archive it displays a dialog box asking for a password in order to successfully unzip the package contents.
Once executed the application checks the command line parameters and if there is a switch /Z then it proceeds to delete all the files , all the registry keys it and all the services it has created during a previous infection.
If no disinfection switch is given then it takes the following actions:
* it checks if its set to run at startup up, by checking the presence of a key named Dump in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
* if no previous infection is found then it infects the computer.
Infection of the computer consists in:
* dropping the files
- %system32%\drivers\mstart.sys and creates and runs a service named mstart from this file;
- %program-files%\Dump\dump.exe"
- %Temp%\Dump.ini
- %Temp%\Regini.exe
- %system32%\drivers\mstart.sys
- %system32%\drivers\mseu.sys
- %Temp%\mseu.ini (used for installation of mseu.sys service)
- %system32%\mseus.exe
- %Temp%\mseus.ini (used for installation of mseus.exe service)
- %system32%\tokset.dll
- %system32%\ainf.inf
- %Temp%\instdrv.exe (which is a clean file used to install services)
- %system_drive%\IQTest\iqtest.exe (in some versions)
- %system_drive%\IQTest\readme.txt (in some versions)
* sets dump.exe file dropped earlier to run at startup (this is the flag of infection)
* deletes the following files (which were used for services instalation)
- %Temp%\Regini.exe
- %Temp%\Dump.ini
- %Temp%\mseu.ini
- %Temp%\mseus.ini
- %Temp%\instdrv.exe
The malware is inactive for the first 10 days (first variant) and 7 days (second variant). After this period of time, from the moment of infection, it proceeds to infect all usb drives attached to the computer using the classical autorun.inf technique.
After 40 days from the infection (first variant) and 20 days (second variant) the malware goes and overwrites the MBR (master boot record) with garbage rendering the computer un-bootable.
Software
Games
Themes
Wallpapers
DLL
Windows 7 and above
View Screenshots(1)
Comments
Download
Similar Software
Recently Searched
Software Categories
Trending Software
Like Us
