ATTN: Avast Staff... Please Add this virus to your Detection Database

Viruses and worms
1

Currently working on a customer’s PC that is infected with a virus avast isn’t detecting…

the file is alg.exe

normally this file when located in windows\system32 is a valid file, in this case its in c:\windows\ and is very malicious…

here is the scan list from VirusTotal.com:

Antivirus Version Update Result 
AntiVir 6.35.0.19     06.28.2006     Worm/Sdbot.59904.27 
Authentium 4.93.8  06.28.2006     W32/Sdbot.TAF 
Avast 4.7.844.0      06.28.2006     no virus found 
AVG 386                  06.27.2006 I   RC/BackDoor.SdBot2.BMN 
BitDefender 7.2       06.28.2006    Backdoor.SdBot.AAD 
CAT-QuickHeal 8.00 06.28.2006 (Suspicious) - DNAScan 
eTrust-InoculateIT 23.72.51 06.27.2006     Win32/Sdbot.8lp!Worm 
eTrust-Vet 12.6.2279 06.28.2006 Win32/Petribot.SN 
Ewido 3.5 06.28.2006 Backdoor.SdBot.aad 
Fortinet 2.77.0.0 06.28.2006 W32/SDBot.AAD!tr.bdr 
F-Prot 3.16f 06.28.2006 security risk named W32/Sdbot.TAF 
Ikarus 0.2.65.0 06.28.2006 Backdoor.Win32.SdBot.AAD 
Kaspersky 4.0.2.24 06.28.2006 Backdoor.Win32.SdBot.aad 
McAfee 4794 06.27.2006 W32/Sdbot.worm.gen.as 
Microsoft 1.1481 06.28.2006  no virus found 
NOD32v2 1.1630 06.28.2006 a variant of IRC/SdBot 
Norman 5.90.21 06.28.2006 W32/SDBot.ADFV 
Panda 9.0.0.4 06.28.2006 W32/Sdbot.HGY.worm 
Sophos 4.07.0 06.28.2006 W32/Tilebot-EU 
Symantec 8.0 06.28.2006 W32.Spybot.Worm 
TheHacker 5.9.8.166 06.28.2006  no virus found 
UNA 1.83 06.28.2006 Backdoor.SdBot 
VBA32 3.11.0 06.27.2006 Backdoor.Win32.SdBot.aad 
VirusBuster 4.3.7:9 06.28.2006 Worm.SdBot.CGG

I have attached the virus file… a txt file extension has been added for uploading.

Thanks,
Matt

2

Please don’t put live viruses on the forums or link to them (please modify your post), send it to virus @ avast.com

If you are not getting a virus warning that you believe is a new, undetected virus then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a new, undetected virus and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

3

dont forget mine :wink:
put it into new VPS update
http://forum.avast.com/index.php?topic=22010.0

4

I have no idea why you posted in this Topic started by mburris, if you wanted to bring attention to your post then that would be the place to do it. A post in that Topic would bump it to the top of the list, drawing direct attention to it. This way doesn’t.

5

Sorry Dave…
Sorry Mburris…

I remember my last succesfull request database, only few hours done by FIXER :frowning: