This tool is capable of removing all known variants of Win32.Worm.Stuxnet, as well as the rootkit drivers that are used to conceal critical components of the worm.
Win32.Worm.Stuxnet is a new breed of e-threats that emerged around mid-July. Although it infects all Windows-based systems alike, it primarily targets supervisory control and data acquisition (SCADA) systems which run the Siemens WinCC software.
The worm spreads by taking advantage of a multitude of 0-day exploits in the current versions of Windows. Moreover, it can execute itself from an infected removable medium as soon as the .lnk file on the drive has been read by the operating system.
Successful exploitation of this vulnerability results in the injection of a backdoor, as well as the installation of two rootkits that will conceal both the .lnk files and the accompanying .tmp files.
BitDefender has added generic detection covering all variants of Stuxnet as of July 19, thus protecting its customers since day zero. Computer users that are not running a BitDefender security solution can now eliminate Stuxnet from the infected systems by running the attached removal tool. The tool can be run on both 32- and 64-bit installations and will eliminate both the rootkit drivers and the worm.
Information in this article is available courtesy of Răzvan Benchea, BitDefender Malware Analyst. The removal tool is available courtesy of Bogdan Timofte, BitDefender Online Threats Researcher.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of their respective owners.