I used to trust my Avast4.7 very much,but nowadays I don’t know how to say. I found a virus called “msn.exe” has infected my computer for about 20 days. It coyies itself to every c:\ d:\ e:\ f:\ with the file autorun.inf,and add itself to the start-up menu(can’t remove). When my computer link to the internet,it will open a unfriendly web at background,if you don’t use some monitor software you can’t find it. even worse,when you insert a Usb device It will be infected immediately.

I have sent the virus simple as the form you told us on your web site for more than 5 times with different e-mail accounts through the 2 weeks. but may be your company ignore all my letters. I’m so sad!!

Hi welcome to the forum.

What is the full name and path of the file? Submit the file to www.virustotal.com and post the results here.

okaay, send the file to virus[at]avast[dot]com in password protected archive and fill in “for misak - autorun virus” as the subject…

well,I just finish my class. I have send the simple of “msn.exe” to virus@avast.com.
And the www.virustotal.com is on working , I’ll report the result later.

The result is at:
http://www.virustotal.com/zh-cn/resultado.html?def57f901589ff557f2df78a1eb990f0
文件 msn.exe 接收于 2007.11.02 11:29:50 (CET)
当前状态: 正在读取 … 队列中 等待中 扫描中 完成 未发现 停止

结果: 20/32 (62.5%)
正在读取服务器信息中…
您的文件所排队列位置: ___.
预计开始时间为 ___ 和 ___ 之间.
扫描完成前请勿关闭窗口.
目前针对您的文件所进行的扫描进程已停止, 我们将会在稍后恢复.
如果您的等候时间超过 5 分钟, 请重新发送文件.
您的文件目前正在被 VirusTotal 扫描中,
结果将会稍后完成时生成.
格式化文本 打印结果
您的文件已过期或不存在.
目前服务已停止, 您的文件将会稍后的未知时间内进行扫描 (位置: ).

您可以继续等待回应 (自动读取) 或者在下面的表单内输入您的电子邮件地址, 并按下 “获取”, 当扫描完成时, 系统会自动给您发送电子邮件通知.
Email:

反病毒引擎 版本 最后更新 扫描结果
AhnLab-V3 2007.11.2.1 2007.11.02 -
AntiVir 7.6.0.30 2007.11.02 HEUR/Crypted
Authentium 4.93.8 2007.11.01 -
Avast 4.7.1074.0 2007.11.02 -
AVG 7.5.0.503 2007.11.01 Generic7.UXW
BitDefender 7.2 2007.11.02 Packer.PEArmor.A
CAT-QuickHeal 9.00 2007.11.01 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.11.01 -
DrWeb 4.44.0.09170 2007.11.02 Win32.HLLW.Autoruner.791
eSafe 7.0.15.0 2007.10.28 Suspicious File
eTrust-Vet 31.2.5262 2007.11.02 -
Ewido 4.0 2007.11.01 -
FileAdvisor 1 2007.11.02 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.11.01 -
F-Secure 6.70.13030.0 2007.11.02 Virus.Win32.Virut.n
Ikarus T3.1.1.12 2007.11.02 Packed.Win32.Klone.af
Kaspersky 7.0.0.125 2007.11.02 Virus.Win32.Virut.n
McAfee 5154 2007.11.01 W32/Autorun.worm.h
Microsoft 1.2908 2007.11.02 -
NOD32v2 2633 2007.11.02 Win32/Packed.PEArmor.Gen
Norman 5.80.02 2007.11.02 W32/Kenfa.D
Panda 9.0.0.4 2007.11.02 Suspicious file
Prevx1 V2 2007.11.02 Heuristic: Suspicious File With Outbound Communications
Rising 20.16.41.00 2007.11.02 Worm.Win32.Agent.iqo
Sophos 4.23.0 2007.11.02 Mal/EncPk-U
Sunbelt 2.2.907.0 2007.10.31 VIPRE.Suspicious
Symantec 10 2007.11.02 W32.SillyDC
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.11.02 -
VirusBuster 4.3.26:9 2007.11.01 Packed/PE-Armor
Webwasher-Gateway 6.6.1 2007.11.02 Heuristic.Crypted
附加信息
File size: 141312 bytes
MD5: 60b85d6b0bc168ffbe61bd66570e1ac3
SHA1: df1dc0d18ddec29e0dde48fbb63fa53a1ed23ee4
packers: PE-Armor
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=EBBC765500936C07285002526F74DD000CD46DCD
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

it seems a real virus…

i’m done with the Virut detection update… now i must test it for false positives… expect the detection after this weekend… anyway - misak will take a look at this particular file and judge if it is a “standard” autorun malware or a Virut infected file…

Ok,just test it,I’m sure it is a virus.Because in my school,about 20 computer was infected.

I’ll wait to update your Avast4.7. Thanks&Good luck!

I have already updated the database of avast4.7,but your software still unable to kill the virus…more and more computers in my school have infected…worry about that…

someone spreaded the virus via flash disk probably… now i’m sure, that it isn’t Virut… i think, misak has made the detection, but it’s not yet released…

Well,Finally,after update the database today,your avast4.7 can catch the virut…

Any way, thanks ~~all your missionary…