Hi all
I m infected with Trojan Virtumonde, but my Avast! pro can t see this Adware.
I found and deleted this files, but virus came again and again…
What to do? whait adding this virus to signatures or change AV??? :-
Other AV s detect this Adware >:(
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject. Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.
"Trojans", and "Virtumonde" in particular, are best dealt with by
antiSPYWARE programs or by a "Specialty Tool" such as "Vundo Fix",
that was developed by antiSPYWARE Expert "ATribune" . In this
situation, should DEFINITELY follow the Advise of Frank by going to
www.atribune.org/content/view/24/2/ .
Should NOT expect an antiVIRUS program to detect and quarantine
every piece of malware coming through the phone lines .
And Virtumonde primarily gets on a computer because of an
out-of-date Java program .
They may not know they are infected by a Variant of Virtumond the avast virus database has a number of Virtumond signatures.
Any symptoms that are present would indicate infection though not what one. This is also why I don’t have only one application looking after security but take a multi-level/application approach to security, as indicated in my signature.
If I were continually getting infected in this way I would look to tighten my security to stop them getting established, getting out and limiting damage.
You might also consider proactive protection, in order to place files in the system folders and create registry entries you need permission. Prevention is much better and theoretically easier than cure.
Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.
Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.