Win32/Rimecud

Win32/Rimecud comes from a family of computer worms that are very dangerous. This malicious threat will infect your machine and will also spread to other systems using various instruments which might include chats (e.g., AOL Instant Messenger, ICQ, Skype, or Yahoo Messenger), P2P sharing tools, as well as removable drives such as USB drives. This worm will result in your entire computer system becoming unstable and hard to manage. On top of that, it might allow malicious online attackers to gain access to your confidential information as well as to all your browsing activity. This puts you at risk of becoming a victim of identity theft or of another major computer crime. This infection can gain access to your system without your knowledge or your consent, which is why you might have a hard time detecting and removing Win32/Rimecud. Fortunately, if you have discovered this infection, the hard part is over.

Do you know what a worm is? A worm is a self-replicating infection that can easily spread its malicious code to local computers connected via the same shared network. If your infected PC belongs to an open or shared network, other machines could be infected as well. If you use removable drives on the infected machine, the worm could infect those as well. Due to this, it is always dangerous to use USB drives that belong to other people or that have been hooked to potentially vulnerable, infected systems. Of course, if reliable security software were installed on your computer, infected devices would be detected right away. The malicious Win32/Rimecud has a specific component designed for spreading, but it also has a component that controls the payload. This component is usually added to the %TEMP% directory, and it creates a folder recycler that is introduced with the icon of the Recycle Bin. If you open this folder, the worm is unleashed.

Once hooked into your operating system, the devious Win32/Rimecud modifies the Windows Registry by adding itself to HKCU\Software\Microsoft\Windows\CurrentVersion\Run. A value added to the Run list ensures that the worm can start its malicious processes as soon as you start Windows. The payload of this clandestine infection is truly intimidating. First and foremost, this worm enables a backdoor access for other malicious infections. This threat can communicate with remote servers (e.g., irc.ekizmedia.com) without permission, and it can insert messages in your online chat services. Win32/Rimecud can also record the location of various P2P file-sharing programs to download malicious files. This worm can easily update itself and download and run additional files. If a worm takes over a system, all kinds of threats could follow, and you need to delete them from your PC as soon as possible. Detecting malware that might have been installed silently is very difficult, and so we advise using a malware scanner to examine your PC.

As mentioned previously, Win32/Rimecud is capable of detecting available messaging tools. This worm can insert messages – including links – on your behalf, and these messages are most likely to be used for infecting other systems. If you do not want to be the reason why the machines of your friends and colleagues are infected, you need to make sure that this worm is eliminated ASAP. Hopefully, a malware scanner will not be disabled by the malware running on your PC, and you will be able to list all threats. Unless you know which malicious programs are active, you will not be able to make the best decision about the removal process. Although some threats might be easily removed, others could use rootkit functions, and their components might be extremely difficult to find and delete. Needless to say, manual removal is not suitable in every case, and we advise employing legitimate antimalware software to delete Win32/Rimecud.

We have a few final recommendations for you. Once you eliminate the malicious worm, change your passwords because this infection could have already leaked this information to cyber criminals. Also, warn the owners of computers on the same network (if connected) that a worm could have invaded their systems. We also recommend that you check your recent chats to see if malware was spread using your name. Finally, employ reliable security software to ensure that malware cannot slither in again.