You may be thinking: "What? That's not the virus I talked about!" It is! Look at #3 in the technical details:
3. Executes the file C:\winsystem.exe which drops the file msdirectx.sys, currently detected as Hacktool.Rootkit. The rootkit will be started as a service (msdirectx), in an attempt to hide both the rootkit itself and to hide the running W32.Mytob.AR@mm process.
/ –
Look at #3 in the technical details:
