This is not malware but a real honest to goodness virus W32/Culler-C that IS NOT detected by Avast
W32/Culler-C is a worm for the Windows platform that spreads via MSN Messenger.
W32/Culler-C includes functionality to access the internet and communicate with a remote server via HTTP.
W32/Culler-C attempts to terminate and disable various security software applications and Windows processes such as Task Manager.
When first run, W32/Culler-C will display the following error message:
"Component "COMDLG32.OCX" or one of its dependencies no correctly registered a file is missing or invalid."
It then copies itself to:
<Windows>\Cfreer.exe
<Windows>\Nzil.exe
<System>\Juegs.exe
<System>\Negdo.exe
W32/Culler-C attempts to download and execute files from a remote location. At the time of writing, these files were unavailable for download.
The worm sets the following registry entries to run at system startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Windows
<Windows>\Cfreer.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
WindowsUpdate
<Windows>\Nzil.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
System
<System>\Juegs.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SystemUpdate
<System>\Negdo.exe
W32/Culler-C sets the following registry entry:
HKCU\Software\VB and VBA Program Settings\SysUpdate\sistema
Marcar
1