I’m an enthusiastic Avast!4 Home user. I feel proud to say that, thanks to it, my device ran without any kind of infection problems and I began to spread the news to all of my friends, advicing them to register their trial after installing. Pitifully, I had to uninstall Avast! due to some misfunctions observed in my system: All Word-generated documents into my USB devices were absent! so I activated hidden docs and folders view and there they were, but converted into .exe and my Avast! did not detect anything! I began trying different ways to resolve the problem (without uninstalling my dear Avast!) with no results till I got an antivirus system :-[ which found the threat mentioned as subject, but I had to uninstall my current Avast! before :'(, to avoid any kind of conflicts. I googled around and found poor info about this worm and most of the antivirus, antispyware, etc. developers seem not to have much knowledge about its propagation. Some of the characteristics I think this MW has are: It attacks and blocks windows security center and deactivates windows firewall and automatic updates, it hides .exe extension of other malware to avoid their detection and cleaning, it hides the dllcache folder and wipes out windows security center, firewall and auto updates from services unabling their reactivation, and finally, it changes .doc, .docx and .rtf extensions into .exe. I solved this last, after cleaning system, by opening the hidden files (they open ok in Word), modifying their name using Save as…, and erasing its corresponding hidden .exe copy. First i tried by copyin and pasting or by opening and saving. None of these two options worked.
I don’t have MS Word but I use WordPad all the time and store my rtf documents on a USB Flash stick.
I got an antivirus system which found the threat mentioned as subjectWhat is the anti virus system that found this?
What operating system and Service Pack level are you using?
Get Malwarebytes Anti-Malware (MBAM) then update it then run a Quick scan and let it remove all it finds:
http://www.malwarebytes.org/mbam.php
Post its log here after it completes.