Contribution of a new undetectable virus for avast database

Hello everyone, this morning as downloading a program file named ares ps2 I met a mysterious new virus never before seen.

This virus does not detect avast avast internet security and the free, because I take care to report it for investigation, analyze and block that is strong.

I have not much to speak to the virus integrates into the system shell files avast does not detect the virus that puts autorun in USB drives.

Functions of the virus detected by myself:

  • Block the page including all antivirus avast.
  • The Internet makes it very slow and when he wants up.
  • He goes into the USB as if nothing is hidden, and sometimes makes every shortcut.
  • USB memory makes you a folder, the virus that gets called to the USB autorun.inf and besides that hides a folder called numbers that inside it there is a virus called undetectable fox.exe which is also for all antivirus.

The virus deletes files from the PC one by one as they do not realize, blocks many things, replaces a process called svchost as the Explorer reopens the hardware does not rise.

This virus causes many more things I had to reformat my PC and my portable hard because of the threat which no other antivirus detected.

Well here is your download, rar and other compressed into zip file and is password protected so that servers do not delete fence, I hope this is resolved.

THE PASSWORD IS: avast123

Download virus, megaupload:
hxxp://www.megaupload.com/?d=VG585LSZ

Download virus, mediafire:
hxxp://www.mediafire.com/?wa1zmyz6tzql18m

to remove this virus now!

Greetings, I hope to settle it as they can, in addition to this there is another virus that avast detects me who gets to sistem32 is called X malware detected each time.

This virus is very strange and the malwarebytes it could remove the PC now appears that I format the PC but when I’m going to fight back out to extract the virus and report it because that I had gone crazy with the hardware and the USB like this.

Pardon my LANGUAGE
NOT MUCH ENGLISH
TRANSLATOR USE GOOGLE!

Hi,

This is not how to submit a virus to Avast!. You can do that 2 ways.
1: Send to virus-at-avast-dot-com
2: Put it in Avast! chest, right click, then send.

Never post a live link to a virus on the forum. Please remove those links as soon as possible.

If it reappeared, you probably have a rootkit also. See this guide on how to start to clean your system>>http://forum.avast.com/index.php?topic=53253.msg451454#msg451454

Virus Total: 27/43

http://www.virustotal.com/file-scan/report.html?id=f5e42f366002a691ba2dc22801323356be82a9c9531ea4da057624d30d1a686c-1311132444

I have sent this to Avast.

As Gargamel stated, Remove the link so others don’t get infected.

as I do that?
avast as I inform?

Ok, the first post was readable, but you lost me on that one.

Bottom line is, take down the megaupload links. That applies to your double post in the international section also. Avast! does not take virus submissions through the forum. It will only be ignored here, and possibly infect someone on accident.

Hi gays

If you send a copy of the malware on Virustotal, avast lab soon will receive a copy
of the file uploaded sample.

Avast antivirus should detect this malware and remove it a few days from naw…

@BormPcs

You may send malware file personally if you wish…

Send [abbr=False Positives]FPs[/abbr] and suspicious files
If avast! fails to detect a file or falsely detects a file as a malware, you may use any of these two methods:

Method 1
Use this method if the file(s) is already quarantined in avast! Virus Chest.
1 Double click avast! Antivirus desktop icon
2 From the avast! window, click MAINTENANCE > Virus Chest
3 Select the file you wish to submit for analysis
4 Right click and select Submit to Virus Lab…

Method 2
This method requires a file compressing software like 7-Zip.
1 Locate the file(s) you wish to submit for analysis
2 Right click the file(s) and add it to an archive/compressed file
3 Enter a password, preferrably: virus
4 Log in to your e-mail client and attach the compressed file
5 If it is an FP, type this in the subject: False Positive
If it is an undetected file, type in the subject: Undetected File
6 In the message body, type in the password
7 Send the file to :

virus@avast.com

If you need help with the malware removal please do the following:

Please download MCShield to your desktop.

[*] Double-click MCShield-Setup.exe and follow the prompts to install the program.
[*] Allow MCShieldUPD.exe to access the internet.
[*] If an update is found, it will download and install the latest update.
[*] Once MCShield has loaded (or manually start the MCShield. Right click on the blue round icon in system tray and click on Control Panel)
click on Defaults to load defaults settings.

Then put a checkmark in the checkbox for next options:

[0] Always show log file if malware has been faund
[0] Unhide files and folders on removable drivers

[*] click Save

[] Connect all of the USB storage devices to the PC, one at a time, and wait a couple of seconds for scaning.
[
] Once it has finished, If malware has been faund it will produce a log report for you.

Attach log reports back to topic.

Run Malwarebytes and as needed OTS tool and attach logs here …

@magna86… about your Method 1

Method 1 Use this method if the file(s) is already quarantined in avast! Virus Chest.
that usually means that avast detect it ;)

unless you did it it manually like this

Moving files to the Virus Chest
https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=501#idt_03

This is a newer variant of a 2008 worm that goes by names as fox.exe, passwordfox.exe etc.
This threat file has an associated program:
The executable performs the following actions:

The process is packed and/or encrypted using a software packing process;
It is found on infected systems and resists interrogation by security products;
It uses rootkit techniques to try and hide its presence, interrogation or removal;
This process is a file infector which modifies program files to include a copy of the infection;
This process creates other processes on your system.
It includes file creation code which could be used to test for interception by security products;
It executes a process
The executable also performs the following actions:
It is been executed as a process that deletes a process from disk;
It is created as a process in your system;
It is registered as a Dynamic Link Library File (dll);
It is copied to multiple locations on the system;
It is being created by processes which appear to be checking for interception by security products;
It is terminated as a process;
It is being executed from temporary files;
The analysis of the binairies can be found here, based on the MD5 hash:
http://report.xandora.net/xangui/malware/view/81268ffadc8978f0f1f8428127fef981

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug
The just-in-time debugger setting is used in the malciious autorun features of the worm,

smss.exe is a spybot file, also found in Smitfraud BHO malware;
csrss.exe is a hidden service;
services.exe is a service also found in Kryptik malware;
lsass.exe is used for task manager simulation;

the outbound traffic is to here, see: -http://amada.abuse.ch/palevotracker.php?ipaddress=91 dot212dot135dot176, a malicious URL with badware with current attack events,

polonus

Use this method if the file(s) is already quarantined in avast! Virus Chest.
that usually means that avast detect it

hehe…
It’s just Canned Speeches I use. ;D
I have not much paid attention to the content…my fault :smiley:

Thank you all for your help!
I will report this dangerous threat

This happened to me a lot of virus and is first time I reported one of avast!
I’ma computer technician and am able to detect any virus hidden in a usb or visible manual so I knew that this was the virus.
Sometimes work faster than the same avast hehe
When I remove a virus so I first hehe
Well I’ll see what I do with this discomfort
I turned the virus into the computer fucked
It seems that my internal router

Avast take out this router?
Avast virus eliminates the router?

Hi BormPcs,

This could be part of the manual cleansing routine you are about to perform:
Because of altered malcode settings of
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug]
normal value should be “UserDebuggerHotKey”=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\AeDebug\AutoExclusionList]
and there it should be: “DWM.exe”=dword:00000001
Here is a utility to be used to restore the ,exe file association:
http://support.kaspersky.com/viruses/cleanautorun *
for .exe: http://support.kaspersky.com/downloads/utils/cleanautorun.exe
for .com: http://support.kaspersky.com/downloads/utils/cleanautorun.com
for .pif: http://support.kaspersky.com/downloads/utils/cleanautorun.pif
for use and additional values to run, see mentioned link *

polonus