Hi Yanto.Chiang,
BitDefender today identified a new e-threat that combines the destructive behavior of a virus with the spreading mechanisms of a worm. Two variants are known to this day.
Called Win32.Worm.Zimuse.A, this malicious piece is extremely dangerous; unlike average worms, it would lead to severe data loss as it overwrites the first 50 KB of the Master Boot Record, a key zone of the hard disk drive.
Win32.Worm.Zimuse.A enters the computer disguised as an apparently harmless IQ Test. Once executed, the worm creates between seven and eleven copies of itself (depending on the variant) in critical areas of the Windows system.
In order to execute itself on each Windows boot-up, the worm sets the following registry entry: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"Dump"="%programfiles%DumpDump.exe", and also creates two driver files, namely %system%driversMstart.sys and %system%driversMseu.sys. Since 64-bit versions of Windows Vista and Windows 7 require digitally-signed drivers, the worm would fail installing these files.
Analysis here:
http://news.bitdefender.com/NW1318-en--Virus-Writers-Produce-Hardware-Damaging-Code-with-Win32.Worm.Zimuse.htmlRemoval-tool here:
http://www.malwarecity.com/blog/zimuse-removal-tool-739.htmlpolonus
