Complaint Rating:

Hello,
I found a new virus, the executable file name is System.exe (364KB ), i got it from my colleague Flash drive.
I sent it to Kaspersky newvirus service, but until the date ( 10 day passed ) no results - no database update.
I am surprised with there service, i had definitely different opinion about the company!

I am sure that is is a virus cause i deliberately ran it on a virtual machine and monitored the registry and here's what i found ( i am not an expert in identifying virus, so the information is not full):
1- The virus copy's (fake Lsass.exe ) to Application Data ( attribute : Hidden System file )
2- Insert's a new value to the Registry ( HKLC ------------------------Run) pointing to the previously mentioned file
3- when systems restarts, you will find in the Task Manager two lsass.exe process one under system and the second under your name.

any body interested i can send him a copy of the file to check ( russian_illusion@mail.ru )