:(After several uploads to avast of suscpisious malware which was running in the background ie “dllview.exe” i uploaded it to virustotal.com and they cofirmed its a virus virut.gen according to McAfee. Also, after alerting Avast about the Code breaker virus, it still is not detected and cleaned by Avast of which most antirus software detect and remove it. Its not a plaseant virus coz it renames your music and adds an intro to all your music. This is as irritating as Avast not dealing with these viruses for such a long time. i have been using Avast for many years now but this hasnt happen. Whats happening to their detection. Is it they are concentrating on Avast 5? Something has to be done coz every1 nowadays feels personal about their music library despite the fact its long overdue >:(
Hope they improve detection quickly.
Avast still moving on the new office, maybe there were some trouble and issue for the staff. Just be patient, as long as I remember, Avast can detect all the suspicious files I send after a couples of days, or after a week. but sure avast will give a solution.
Just be patient a little.
new Virut… again and again… my “favourite” one… this nasty gets more and more complex day by day and there are some undetected variants… the emulator in v5 is now being cross-checked against various versions of Virut to be able to detect them more precisely… that’s a way to go… the detection in v4 will be harder, but we want to protect all of our users…
Glad to hear it. Thanks.
Thats better to hear, but well enough justification should be made on getting a solution even on the guys using v4. Coz noone wants to be vulnerable. VPS 090911 well, waiting on it to do so.
Hi folks,
Also consider this info:
For an in-depth analysis of one of these variants:
http://www.threatexpert.com/report.aspx?md5=b1afa9c453d42cf7d533587c8f22503b
delete files:
%windir%\17PHolmes1001186.exe
%programfilescommondir%\system\MSIWA32.exe
\boot.exe
delete registry keys:
INTEGRATED WINDOWS AUTHENTICATION
INTEGRATED WINDOWS AUTHENTICATION
INTEGRATED WINDOWS AUTHENTICATION
LEGACY_INTEGRATED_WINDOWS_AUTHENTICATION
LEGACY_INTEGRATED_WINDOWS_AUTHENTICATION
LEGACY_INTEGRATED_WINDOWS_AUTHENTICATION
Installation
Win32/Virut creates a mutex named L0ar or LaOS (or similar)
which it uses to prevent multiple copies of itself from running on the host system.
Win32/Virut disables Windows System File Protection (SFP) by injecting code into WINLOGON.EXE.
The injected code patches sfc_os.dll in memory
which in turn allows the virus to infect files protected by SFP.
Win32/Virut injects code into other processes
and this code will infect files with extensions .EXE and .SCR accessed by those processes.
Win32/Virut avoids infecting files whose names contain any of the following:
WINC
WCUN
WC32
PSTO
polonus