Endpoint Protection

Virus alert, cannot be detected by most of the antivirus out in the market.

Will reside on one of our  Recycler profiles. (You should delete the files Desktop.ini, MxEng.exe) if it is in use, you can use the utility Unlocker 1.8)

The virus will create registry entries on

1. HKLM\SOftware\Microsoft\Windows NT\Winlogon\Shell (it will add the exe file csrcs.exe after Explorer.exe)
2. HKLM\SOftware\Microsoft\Windows NT\Winlogon\Taskmon (pls delete this entry)

The virus will use System (svchost) to infect other pcs on the network. It will also scan/send the virus on your network.

I will try to upload samples to Symantec Security Response asap..

Thanks  for the information Paul..

 I had this long back 6-7 months ago..

it also creates an exception in the firewall for csrcs.exe and it creates a service for the same.Since it is a service even if you kill the process it will re-appear.So you will have to delete the service then kill it then submit/delete files.
it also dumps svhost/svhcost or something similar to svchost.exe  file to temp of user profile and/or 5temp%.
It is a worm.

Yes vikram, in my case, the process csrcs.exe hides in the service Explorer.exe on windows logon, that's why it's hard to detect.

Here's a link as to what anti-virus programs can detect it.

http://www.virustotal.com/analisis/902b323658191b25d6e00739dc0da86a15b50937b885f62f373b5db97c2a8de3-1258054052

Unfortunately for Symantec it's not detected yet. :(

Quick detail about the virus;

http://www.prevx.com/filenames/X60308334875662037-X1/MSMXENG.EXE.html

What i have to do solve this problem?

Please say me in details.