Aliases
VirTool:WinNT/Rootkitdrv.HK (other)
Trojan horse SHeur3.XLI (AVG)
Sus/UnkPack-C (Sophos)
Rootkit.TmpHider (other)
Alert Level: Severe
Summary
TrojanDropper:Win32/Stuxnet.A is a trojan that drops and installs other Stuxnet components detected as Trojan:WinNT/Stuxnet.A and Trojan:WinNT/Stuxnet.B. It also injects code into certain processes. The injected code contains links to certain football betting websites.
Symptoms
The following system changes may indicate the presence of this malware:
?The presence of the following files:
system folder\mrxcls.sys
system folder\mrxnet.sys
?The presence of the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Services\MRxCls
HKLM\SYSTEM\CurrentControlSet\Services\MRxNet
Aliases
VirTool:WinNT/Rootkitdrv.HK (Microsoft)
Win32/Rootkit.Agent.NTK (ESET)
Alert Level: Severe
Summary
Trojan:WinNT/Stuxnet.B is a trojan component that loads other malware and is installed by TrojanDropper:Win32/Stuxnet.A.
Symptoms
The following system changes may indicate the presence of this malware:
?The presence of the following files:
system folder\mrxnet.sys
?The presence of the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Services\MRxNet
Is this specific enough for you?
It even gets more specific, see here:
Details from Microsoft
Microsoft Malware Protection Center
The Stuxnet Sting
http://blogs.technet.com/b/mmpc/archive/2010/07/16/the-stuxnet-sting.aspxand here
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWinNT%2FStuxnet.Band here
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3AWin32%2FStuxnet.A&ThreatID=-2147331492Also look at this article:
http://www.eweek.com/c/a/Security/Stuxnet-Malware-Still-Exploiting-Microsoft-Windows-Security-Hole-166909/
