I infected myself (silly me) with this virus having AVAST installed and up to date. I realised that I was infected about 30 minutes after when I found out that AVAST was not running anymore and could not be started again. (EXE-file disappeared). I tried to reinstall AVAST but the EXE disappeared again and the startup scanner didn’t find anything. So I installed ICESWORD and this guided me to a suspicious srose.sys which I googled and found out about the virus and how to kill it. (Delete srose.sys, delete hidr.exe, delete wintems.exe, clean registry delete “%WinDir%\exefld” directory.
I knew which file infected me so I scanned it at virustotal.com with the following results:
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - IRC/BackDoor.SdBot3.WBY
BitDefender - - Trojan.Downloader.Bagle.EO
CAT-QuickHeal - - TrojanDownloader.Bagle.gh
ClamAV - - PUA.Packed.Themida
DrWeb - - Win32.HLLM.Beagle
eSafe - - Win32.Bagle.gh
eTrust-Vet - - Win32/Glieder.HB
Ewido - - -
FileAdvisor - - -
Fortinet - - W32/Bagle.GH!tr.dldr
F-Prot - - W32/Trojan2.HXR
F-Secure - - Trojan-Downloader.Win32.Bagle.gh
Ikarus - - Trojan-Downloader.Win32.Bagle.gh
Kaspersky - - Trojan-Downloader.Win32.Bagle.gh
McAfee - - W32/Sdbot.worm.gen.ca
Microsoft - - TrojanDownloader:Win32/Bagle.PB
NOD32v2 - - Win32/Bagle.LB
Norman - - SDBot.gen8
Panda - - -
Prevx1 - - Heuristic: Suspicious Self Modifying EXE
Rising - - Trojan.DL.Win32.Bagle.fv
Sophos - - Troj/BagleDl-DC
Sunbelt - - VIPRE.Suspicious
Symantec - - -
TheHacker - - Trojan/Downloader.Bagle.gh
VBA32 - - Trojan-Downloader.Win32.Bagle.gh
VirusBuster - - Trojan.DL.Bagle.QS
Webwasher-Gateway - - Win32.Malware.gen (suspicious)
As you can see there are several scanners that do not recognise it. I am looking for a address to send a sample to AVAST because by the date of today (05/dec/07 - 1:41) it is still not recognised.
Thanks for your help