reported that a new worm, W32/Cellery-A, poses as a playable version of the classic Russian computer game Tetris as it attempts to spread across networks

The Cellery worm, which gets its name from a message it displays saying "Chancellery", makes changes to Windows settings to ensure that it automatically runs when the operating system starts up. Whilst the Tetris-like arcade game is running it plays a MIDI music tune, and searches for other network drives and attached computers to also try and infect.

"This worm puts up the Tetris game as a smokescreen as it tries to hop from computer to computer across your network," said Graham Cluley, senior technology consultant for Sophos. "If your company has a culture of allowing games to be played in the office, your staff may believe this simply a new game that has been installed - rather than something that should cause concern."

more infos : http://www.sophos.com/virusinfo/analyses/w32cellerya.html

solutions :

At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Systrsy
"format32.exe"

and delete it if it exists.

Each user has a registry area named HKEY_USERS\[code number indicating user]\. For each user locate the entry:

HKU\[code number]\Software\Microsoft\Windows\CurrentVersion\Run\
Systrsy
"format32.exe"

and delete it if it exists.

Close the registry editor.