We are seeing a strong surge in the spread of a game password-stealing worm. A number of reports online have described the infection occurring when the user was copying files over a usb drive.
The files that we are seeing drop an executable in the windowssystem32 directory by varying names: “avpo.exe” and “niedeiect.com” are common. This nasty little thing copies itself to various locations on your drive, drops driver files possessing unstable rootkit techniques to hide its own files, and steals the passwords of your favorite games. If you see “avpo” or “amvo0.exe” performing strange behaviors alongside “niedeiect.com” on your drive, like writing to the explorer.exe process, quarantine them.