Yesterday, when I’m back from laborary. I saw my USB contains some strange executable file!
When I use Avast with the VDF date is 04/02/2008, it couldn’t detect any of them. But when I scan with Avira (VDF 03/06/2008), all detected!
Here is the link to virus file (I renamed from xxx.exe to xxx.exe.bak, all zipped)
hxxp://quanmltya.newsit.es/avast_virus/SSVICHOSST.zip
Note: They are old virus because I saw it for a long time (my uni’s laborary). I’ll delete that link after 1 or 2 months (I’m afraid of host deleting from provider) :-\
Sorry!
But it’s real virus/worm!
After run that virus/worm (xD):
Windows Registry changed:
Disabled Task manager.
Disabled Windows Registry.
When you plug-in USB or any removable storage devide, it copy itself to your USB (also create an autorun.inf file (from %windir%\system32\autorun.ini) to be automatical executed when you open USB (double click USB icon from My Computer).
When you open any folder (or it auto. scans your computer), it’ll make that folder to be hidden (set hidden attribute), simultaneous copy itself with the its name is that folder name.
It slow down your computer!
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
The two samples are the same virus variant, identical file properties, same md5 and get the same results on Virus total.
10/32 detections at Virus Total for New Folder.exe.bak
MD5: 85e3b3a8b8d74e2e10973ac0788d85ad
I’m having the opposite prob. and that’s the overwhelming number of relentless ALERTS that Avast sends me about the same virus–Win32:TratBHO [trj]–prevents me from accomplishing much at all. I find it now–24 years after my first Apple–all very discouraging.
Why wouldn’t Avast provide a place on their site to download a low-priced anti-virus routine that chased this little rat back into its hole mangled and crippled as a force to contend with?
They should focus on avoiding it to get into your computer. Prevention is better than cleaning.
Did you sent a sample of the infected files to virus avast com ?