Security researcher details which files and processes to search for

Kaspersky offers guidance on Flame

Researchers at Kaspersky have issued further guidance to anyone who thinks their PC might be infected with the Flame virus.

According to a blog post made by the head of Kaspersky’s Global Research and Analysis Team, Alexander Gostev, the main warning sign of a present or past infection is the presence of a file called ~DEB93D.tmp.

Furthermore, if the registry contains files called mssecmgr.ocx or authpack.ocx then the system is currently infected.

The virus is able to download additional software components, likened to apps, to expand its capabilities and it is thought to be derived from or inspired by a piece of software called Flexible Lightweight Active Measurement Environment.

“The FLAME software is used to measure network characteristics by deploying measurement agents and collecting data in a central database. Despite some similarities, we think that this software is unrelated as it serves different objectives,” wrote Gostev.

Want to receive up-to-the-minute tech news straight to your inbox? Then click here to sign up for the completely free PCR Daily Digest and Newsflash email services. You can also follow PCR on Twitter and Facebook.

Check Also

BT Wholesale launches WHC Teams Direct Connect for small business customers

BT Wholesale’s launch of WHC Teams Direct Connect, gives businesses the ability to access external …