Info about ELF:ProcSuid [Trj]

hi!

I’m searching information about ELF:ProcSuid [Trj].

My avast! Home 4.7 detected one of my archives with this viruses yesterday.

Anyone can help me?

Thanks!!!

Hello rodrigoab! 8)
Can you prowide us with exact name which Avast gave to this beast.

Hi rodrigoab,

Maybe a Linux rootkit?

http://www.viruslist.com/en/viruses/encyclopedia?virusid=98414

This detection was just added 3 March 07.

Is avast! unable to move this to the chest?

avatar2005 … the name ELF:ProcSuid [Trj] was provide by de avast! and like mauserme said this viruses was added on 03/03/2007.

FreewheelinFrank … I found some viruses searching only for ProcSuid but my doubts is if these viruses are the same. Because I don’t know for how long this viruses stay in my system.

mauserme … yes … avast! detected and treated the file (I choose to delete the file).

Thanks all!!!

Just a tip. When possible, use move to chest. The chest is a secure area, the virus can’t hurt you from there. A file can always be deleted from the chest or restored after an investigation is made to ensure that it was really a virus/trogan and not a false positive.

Do you actually run Linux? If not, it’s nothing to worry about, except perhaps that you need to think about where the archive came from and why it should contain malware.

If you are running Linux, you are only in danger if you have opened and run the archive.

In April 06 Kaspersky announced it had developed a proof of concept virus that can infect both Windows and Linux

http://ccis.mc.duke.edu/modules/news/article.php?storyid=20

It had minimal capability but SANS predicted we may see more of this.

Hmmmm …

mauserme and FreewheelinFrank …

I will tell some important information (I should tell in the first post … sorry!).

The infected file was a Virtual Machine (.vmdk from WMWare). This VM run one Linux distribution (Kurunin 6.0 one of brazilian’s distribution based on Debian). When the avast! scan the file the VM was not running.

I’m working with this VM for long time before the virus appear on the database list, but not after 1 March 07. So I never executed the VM after 3 March 07.

I have another VM with linux but avast! don’t report anything.

I don’t think this virus is a false positive but the information about him is very limited.

Thanks !!!

Does the virtual machine file is being detected as infected by avast for Windows?
Or, avast for Linux detects infection on Linux files.
Strange, I have a Kubunto Virtual Machine that is not infected at all, neither scanned by Windows nor by internally with avast for Linux.

Hi Tech,

The avast! for windows detect the virus when I make my manual full scan (the VM was not running at this time).

I still believe that event is not a false positive, but it’s a very strange virus and situation.

I found only one reference for this virus in another antivirus at the same date (03-02-2007) ( http://www.antiviruslab.com/newentries.php?lang=gb ).

In both of cases there is no description about him.

Thanks !!!

So… it won’t be repaired by avast (as it is not a VRDBable file).
I see no other option then to start it again, making the VMware file…
Which is the size of the file (Gb)?

Avast! could repair the file but give two options: Delete the file or put in The Virus Chest.

I choose delete file. The size was 10GB.

I have another VM with Linux (but this is Kurumin 7.0) and the file until now is not infected.

This is not repair the file, but repair the infection: you’ll lose the file (or it will be sent to Chest or it will be deleted).
You won’t be able to use it anymore.