Stuxnet, the first Trojan exploiting Windows shortcut vulnerability, has recently been spreading in the wild. Series of expert’s analysis documents as well as many forum topics on Stuxnet have shown the critical level of this worm. Anxiety psychology has made users searching for Stuxnet removal tools on Internet. However, besides some good tools provided by Microsoft, some antivirus companies or IT community, there are many fraud ones. They are created to spread malicious code in large scale.

Recently, our Honeypot system has detected a particularly dangerous counterfeit tool: instead of cleaning Stuxnet, it will clean everything in your drive C.

Picture 1: Posing as Microsoft’s tool

Picture 2: Generate a .bat file executing malicious behaviours

Bkav has detected the Trojan as W32.FakeStuxer.Trojan.

To avoid reinstalling Windows and losing your important data, users should regularly update the latest version of their antivirus software. Also, users should be cautious with tools provided on forums.

Nguyen Van Sao

Malware Analyst


Update: In his comment Freddy suggested that this virus may originate from Germany.

Leave a Reply

Name (required)
Mail (hidden) (required)
Text to Identify

Popup Date Time Portlet

Blogs Aggregator

Recent Posts

Blog Category Portlet


Store Portlet


Vote Baby Portlet