Recently discovered malware masquerading as an IQ test combines virus, rootkit and worm — malicious code for one fatal formula

BitDefender®, an award-winning provider of innovative anti-malware security solutions, posted a removal tool for a new e-threat that combines the destructive behavior of a virus with the spreading mechanisms of a worm. The two known variants of this virus, Zimuse, enter the computer disguised as a harmless IQ test or a self-extracting zip archive.

Upon execution, the malware will attempt to spread through removable media and overwrite the MBR of all available drives after 40 days for variant A, and 20 days for variant B. The IQ test may come from various places like emails, torrent sites, network shares or dc hubs. As always, downloading or opening files from unsecure sites or ones with low security carries high risk for inadvertently downloading this virus.

The many days between the moment of infection and activation of this virus makes is particularly difficult to track. BitDefender’s removal tool for this virus can be found at:

People unsure if they’ve been infected by this virus can run a QuickScan, in less than 30 seconds.

The scan is available on the BitDefender Zimuse website, or here, at

Instructions for Zimuse Removal include:

1. Download the removal tool (.exe file – 201 KB).

2. People running as a restricted user in Windows XP, right click the “zimuse-removal-tool.exe” program and choose “Run as Administrator” to be prompted to enter credentials for an admin account.

3. BitDefender recommends a system reboot after the disinfection is complete.

4. People without a permanent antivirus protection or if a current antivirus has failed, consider the advanced protection tool provided by BitDefender.