W32.SafeSys.Worm

Joe,
Much discussion about this Worm here:

https://www.wilderssecurity.com/showthread.php?t=248137

https://www.wilderssecurity.com/showthread.php?t=247937

Does Prevx detect this and more importantly, clean it up and remove it from the computer

 

I'm unfamiliar with this threat but I've PM'd "developers" to see if I can get my hands on any additional information.

This isn't the first infection to do this, however - the most recent MBR rootkit bypasses every disk protection program we could find as well.

 

Thanks for reply Joe. Could you keep us informed please, I'm sure this is of concern to many of us.

 

Does this worm only aim at Windows 32 system?It seems that it can't run on Windows 7.

 

We checked a sample from the original poster and we have been blocking this threat since March (why VT says we don't detect it I have no idea...).

It is indeed an interesting infection and uses a different technique from what we've found and what we've seen before. Let the arms race continue!

 

It should work fine on 32bit versions of Windows 7 - I haven't tested it on x64 but the technique which they're using to write under the filters can work fine on x64 as well so if it doesn't work on x64, it is probably just a superficial issue.