W32.Zimuse
W32.Zimuse is a Windows platform worm that typically spreads by copying itself to removable drives. W32.Zimuse arrives as an iqTest.exe file and then it drops other harmful files once it has been executed. W32.Zimuse will also create malicious services and modify the registry to ensure that it runs each time Windows is started. After a certain amount of time, W32.Zimuse will attempt to delete all the files and folders on a compromised machine.
File System Details
W32.Zimuse may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %System%\mseus.exe | |
| 2. | Dump.exe | |
| 3. | %System%\\drivers\\Mseu.sys %System%\\drivers\\Mstart.sys %System%\\ainf.inf %System%\\mseus.exe %System%\\tokset.dll | |
| 4. | Iqtest.exe | |
| 5. | %System%\tokset.dll | |
| 6. | %System%\drivers\Mseu.sys %System%\drivers\Mstart.sys %System%\ainf.inf |
Registry Details
W32.Zimuse may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UnzipService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSTART
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mseu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Dump" = "C:\Program files\Dump\Dump.exe"
