Worm:W32/Agent.BTZ: Worms are computer programs that replicate independently by copying themselves to other systems.
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
The files "winview.ocx" and "mswmpdat.tlb" holds the log of the files and their location that the malware has installed. The content of these file are encrypted. The file "muxbde40.dll" is the malware itself with a different name.
The worm spreads by creating an AUTORUN.INF file to the root of each drive with the malicious .dll file. The contents of the file are as follows:
[autorun] open= shell\open=Explore shell\open\Command=rundll32.exe .\\[RANDOM].dll,InstallM shell\open\Default=1
Note: [RANDOM] represents a random name that the worm creates for the dll. If the malware detects a new partition, or usb stick for example, it will get infected immediately. The registry keys are used to make sure that the malware gets launched when the computer starts.
Creates these files:
Attempts to download files from:
Sets these values:
Creates these keys:
Description Created: 2008-06-26 15:41:53.0
Description Last Modified: 2008-06-26 16:54:32.0