Sunbelt software has now released their stand-alone scanner for this id-theft Trojan. Get it now. It is small, fast and good. (I was clean--of course. Are you?) Many anti-virus companies are now adding it into their DAT list as well so make sure your DATS are current.
As I posted over in the TechBlog comments:
Regardless of the "who-found-what-first" or "it's-a-variant" game. I must say, I really appreciate the fact that Sunbelt Software posted a stand-alone application scanner/remover for this trojan. I think it goes a long way for a company's ethics that they care enough about the general web-public to research, design and then post a product that will help all web-users verify the integrity of their system.
Now, I don't use Sunbelt Software's applications. I use my own "holy-trinity" of applications I have tested over the years as a sysadmin. But I will be downloading the trial version of their primary malware tool to review very soon. Good job guys.
As Eric Howes Rogue Anti-Spyware list shows, many unscrupulious vendors claim to detect problems, then offer to sell you their cleaning tool to fix 'em. What you get are a lot of "false-positives" a download full of malware masquerading as anti-malware and a lighter wallet.
So when a company finds a problem, could make a buck off your misfortune, but offers a SMALL, FAST and FREE standalone scanner--Kudos. I personally use Grisoft's antivirus program, but likewise am impressed with McAfee offering their standalone anti-virus/trojan scanner known as STINGER. No it doesn't scan for everything, but having a little FREE stand-alone scanner (kept on my flash-drive) to scan possibly infected systems is a real plus. Keeping these apps small is a real plus for the folk still on dial-up. Many don't have the time or patience to leave their pc on overnight to download a 10+MB application to scan/clean their pc.
On the otherhand, I find it "interesting" that while identity-theft news stories are pretty "sexy" right now, no major media outlet (cable/broadcast/radio) has picked up this identity-theft case and the implications for users. Unless you are in IT or know someone who is, or maybe follow some malware/IT blog, there is a chance your pc could be infected, your identity snatched, and you are still clueless and wouldn't begin to know how to respond to check/clean your pc.
Wow. Now THAT is really scary.
--edit-- This message thread at CNet seems to indicate that some users are getting some false-positives on their systems with this tool. Not real clear yet what is going on. If you are getting results that indicate you have this trojan with this tool, might want to check back with Sunbelt's tool download location and see if they update the tool version in the next couple of days.
Also that thread mentions this PCWorld article. In it a freeware security tool is mentioned to check the Protected Storage area of your Windows pc. It is a tiny app that you might find reveals some information that you would rather not list. The tool is called Protected Storage Passview (PSPV).
Hope to see you in clear blue skies!