Stuxnet, the first Trojan exploiting Windows shortcut vulnerability, has recently been spreading in the wild. Series of expert’s analysis documents as well as many forum topics on Stuxnet have shown the critical level of this worm. Anxiety psychology has made users searching for Stuxnet removal tools on Internet. However, besides some good tools provided by Microsoft, some antivirus companies or IT community, there are many fraud ones. They are created to spread malicious code in large scale.
Recently, our Honeypot system has detected a particularly dangerous counterfeit tool: instead of cleaning Stuxnet, it will clean everything in your drive C.
Picture 1: Posing as Microsoft’s tool
Picture 2: Generate a .bat file executing malicious behaviours
Bkav has detected the Trojan as W32.FakeStuxer.Trojan.
To avoid reinstalling Windows and losing your important data, users should regularly update the latest version of their antivirus software. Also, users should be cautious with tools provided on forums.
Nguyen Van Sao
Update: In his comment Freddy suggested that this virus may originate from Germany.