I'm not sure where to post this alert but I will do it here hoping I can help. Please add this site to spybot's block list: http://www.smartcardsys.com/ that is nothing but a COM file that installs a malicious code named sysguard.exe ( you can look it up ).
This site also appears as a link in the following page: http://icc.skku.ac.kr/~won/electro/smartcards.html.
Thanks. And please spread the alert.
Last edited by tashi; 2009-04-24 at 00:59.
Reason: Disabled urls
I regret to say that I was right the first time after all!
My reason to doubt was that I immediately hardened my DCOM settings, and that prevented it from infecting me again when I was testing it.
This malware also creates the folder c:\Win XP\SMInst or c:\Windows\SMInst and tries to run an application that supposedly will eliminate the threat, prompting you to pay for it in case you want to clean your system.
This seems to be classified as Ramsonware and I prompt the spybot community to spread this information to everyone as well as include it in new spybot definitions.