Worm:W32/Agent.BTZ: Worms are computer programs that replicate independently by copying themselves to other systems.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
The files "winview.ocx" and "mswmpdat.tlb" holds the log of the files and their location that the malware has installed. The content of these file are encrypted. The file "muxbde40.dll" is the malware itself with a different name.
The worm spreads by creating an AUTORUN.INF file to the root of each drive with the malicious .dll file. The contents of the file are as follows:
[autorun] open= shell\open=Explore shell\open\Command=rundll32.exe .\\[RANDOM].dll,InstallM shell\open\Default=1
Note: [RANDOM] represents a random name that the worm creates for the dll. If the malware detects a new partition, or usb stick for example, it will get infected immediately. The registry keys are used to make sure that the malware gets launched when the computer starts.
Creates these files:
Attempts to download files from:
Sets these values:
Creates these keys:
Date Created: 2008-06-26 15:41:53.0
Date Last Modified: 2008-06-26 16:54:32.0