Joe, Much discussion about this Worm here: https://www.wilderssecurity.com/showthread.php?t=248137 https://www.wilderssecurity.com/showthread.php?t=247937 Does Prevx detect this and more importantly, clean it up and remove it from the computer
I'm unfamiliar with this threat but I've PM'd "developers" to see if I can get my hands on any additional information. This isn't the first infection to do this, however - the most recent MBR rootkit bypasses every disk protection program we could find as well.
We checked a sample from the original poster and we have been blocking this threat since March (why VT says we don't detect it I have no idea...). It is indeed an interesting infection and uses a different technique from what we've found and what we've seen before. Let the arms race continue!
It should work fine on 32bit versions of Windows 7 - I haven't tested it on x64 but the technique which they're using to write under the filters can work fine on x64 as well so if it doesn't work on x64, it is probably just a superficial issue.