BitDefender provides removal tool for recently discovered Zimuse malware 

SYDNEY & AUCKLAND – January 28, 2010 – BitDefender® today posted a removal tool for a new e-threat that combines the destructive behavior of a virus with the spreading mechanisms of a worm. The two known variants of this virus, Zimuse, enter the computer disguised as a harmless IQ test or a self-extracting zip archive. 

Upon execution, the malware will attempt to spread through removable media and overwrite the master boot record (MBR) of all available drives after 40 days for variant A, and 20 days for variant B. This technique was commonly used in viruses dating back from the early 1990’s to quickly spread across removable mediums such as floppy disks and now, their modern day equivalent, removable USB drives.

The IQ test may come from various places like emails, torrent sites, or shared networks. As always, downloading or opening files from unsecured sites or ones with low security carries high risk for inadvertently downloading this virus. Unfortunately, in its early stages, this worm makes it nearly impossible for users to know their system has fallen victim to the e-threat. If a certain number of days have elapsed since the infection (40 days for variant A and 20 days for variant B), the computer user receives an error message stating that a problem has occurred due to malicious content in IP packets from a peculiar-looking web address. It then asks the user to recover the system by pressing ‘OK’. After this message, the next restart causes the computer’s hard disk to become damaged due to the compromised boot sector.

BitDefender’s Zimuse removal tool can be found at:

BitDefender offers a free QuickScan for people who are unsure whether their system has been compromised. The scan is available on the BitDefender Zimuse website, or via: http://quickscan.bitdefender.com/

To clean infected systems, BitDefender’s free Zimuse removal tool is available via: http://www.zimuse.com/download/zimuse-removal-tool.exe