If your system has restarted after applying the MS10-015, this might be a sign that your system is infected with the notorious W32.Alureon malware. It is one of complex and advanced piece of malware which is been in existence for quite sometime now. Some of the function it is loaded with are modification of DNS settings, search hijacking, and click fraud. It infects the system critical drivers with whose help it tries to avoid being detected by security products. In the recent version of this malware we seen it is able to infect the miniport driver associated with the hard disk of the operating system, this gives the malware full control on disk activity.
Here is a list of filenames used by this malware:
atapi.sys
iaStor.sys
nvata.sys
nvstor32.sys
nvstor.sys
nvgts.sys
nvatabus.sys
SiSRaid.sys
IdeChnDr.sys
iastorv.sys
For example: ‘atapi.sys’ resides at the following location:
%windir%system32driversatapi.sys
Quick Heal users are well protected by this malware as we have the detection. We will post more information on this soon.
No Comments, Be The First!