danbtr270414.exe (Danber virus)

Viruses and worms
1

Somebody had an experience with this virus and Avast?

It seems Avast don’t detect it, this virus was detected on May 22, 2007

http://www.virustotal.com/es/analisis/2fd68a67a92564efda404fa02e44021f

Best Regards
Sergio Ariza.

2

Thank you for improving detection.

Send the sample in a password-protected zip folder to virus@avast.com with Undetected Malware in subject and the password mentioned in the email body.

3

I did that yesterday morning, no response today…

4

You won’t normally be contacted unless they require more information.

Add the file to the User Files (File, Add) section of the avast chest where it can do no harm and periodically scan it from within the chest (you can’t from outside it) after VPS updates. That way you should see when it is detected.

You can also resubmit from here (right click on the file, email to Alwil) if you want to prompt, etc. no need to zip and password protect, etc. the new submission process doesn’t use email now, but uploads it to avast during manual or auto VPS/Program updates.

5

Hi Sergio C. Ariza Montero

Information on how to manually cleanse this virus here:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2007-052218-4154-99

Description:
W32.Danber propagates on unsecured network shares by copying itself on its shared hard drives and folders.

Technical Name: W32.Danber

Threat Level: Low

Type: Worm

Systems Affected: Windows All

W32.Danber removal procedure requires technical know-how on computer troubleshooting.

HOW TO REMOVE W32.Danber :

  1. Temporarily Disable System Restore (Windows Me/XP). [how to: http://www.precisesecurity.com/how-to/ht-srxp.htm ]

  2. Update the virus definitions.

  3. Reboot computer in SafeMode [how to: http://www.precisesecurity.com/how-to/ht-smode.htm ]

  4. Run a full system scan and clean/delete all infected files

  5. Delete/Modify any values added to the registry. [how to edit registry: http://www.precisesecurity.com/how-to/ht-regedit.htm]

Navigate to and delete the following entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

"DanBtR270414" = “%System%\DanBtR270414.exe”

  1. Exit registry editor and restart the computer.
  2. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using SAS and MBAM from here: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

polonus

6

Thanks for your suggestions, Alwil sent the fix on VPS 081127-1, everything works fine.

Best Regards
Sergio Ariza.

7

You’re welcome.