A new series of worms (called Downloader.Agent.awf by some AV products) read infected computer's HKLM (or HKCU) Run keys to find previously installed programs. Then the worm copies the original executable to a new location, and replaces the original copy with a copy of the worm. When the computer executes the Run keys, it runs the worm instead, which then launches the original program. (Malware which renames i A new series of worms (called Downloader.Agent.awf by some AV products) read infected computer’s HKLM (or HKCU) Run keys to find previously installed programs.Then the worm copies the original executable to a new location, and replaces the original copy with a copy of the worm. When the computer executes the Run keys, it runs the worm instead, which then launches the original program.(Malware which renames itself as other legitimate called files are known as spawners, twins, or companions).This complicates detection and removal process, because the worm will appear as a “known and trusted”, previously installed executable. While this behavior is not new, it’s apparently becoming popular again. So, when looking for malicious code, you cannot simply trust file names and locations. You must verify each file’s integrity hash against a known good copy. There are many free hash programs available for Windows and Linux. The book ‘PGP and GPG’ turned me onto one for Windows called DigestIT 2004. It like it because it does MD5 and SHA-1 hashs and integrates into Windows as a right-click context menu. Related content analysis The 5 types of cyber attack you're most likely to face Don't be distracted by the exploit of the week. Invest your time and money defending against the threats you're apt to confront By Roger Grimes Aug 21, 2017 7 mins Phishing Malware Social Engineering analysis 'Jump boxes' and SAWs improve security, if you set them up right Organizations consistently and reliably using one or both of these approaches have far less risk than those that do not. By Roger Grimes Jul 26, 2017 13 mins Authentication Access Control Data and Information Security analysis Attention, 'red team' hackers: Stay on target You hire elite hackers to break your defenses and expose vulnerabilities -- not to be distracted by the pursuit of obscure flaws By Roger Grimes Dec 08, 2015 4 mins Hacking Data and Information Security Network Security analysis 4 do's and don'ts for safer holiday computing It's the season for scams, hacks, and malware attacks. But contrary to what you've heard, you can avoid being a victim pretty easily By Roger Grimes Dec 01, 2015 4 mins Phishing Malware Patch Management Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe