The other day I learned that apparently Vergon had done a “hack my command” on me!!!  I found this trojan interesting in that it plays an mp3 for you to listen to as it goes about its havoc wreaking on your machine.  The file itself has an icon visually similar to that of the default media player shell registration for an mp3 file extension.  When executed it plays an MP3 called Lagu for you to listen to that has already been copied to the system directory.  If the poor sound quality of the extremely compressed audio does not get on your nerves rest assured this little guy is busy coping itself to various locations on your computer as well as instructing your command shell to execute a batch script adding a new account with administrative privileges the next time it is launched.

Although the batch operations can be interrupted with some quick reflexes and a punch of CTRL-C, one may quickly find that attempting to launch various tools like taskmgr and regedit are quickly terminated.  Familiarity with Microsoft operating systems can be of help restoring ones system to a usable state.  It seems to me that the best idea would be not to run something like this in the first place.  Trusting a file based on the visual representation of its icon does not seem to be the best of ideas.  My favorite setting for the ‘hide extensions for known file types’ folder option is off.

More information on this threat can be viewed at our virus information library.
http://vil.nai.com/vil/content/v_143106.htm