Hello all together!
Time to say what kind of experiences I made with WIN32:Luder-F !!! I can tell you, it’s a real Luder!
This fu…ing virus did infect my hole system, Avast and nearly all programs on partition c:\ were infected by this bloody virus.
I tried to remove it with the help of Ad-Aware and Avast but without success, all EXE-files infected couldn’t be repaired, just deleted.
What I got to see, was messages about
WIN32:Luder-F
and something like
MatrixHasYou
in Ad-Aware!
Maybe, I once forgot to delete an EXE-file and so the virus could spread on my system! It didn’t came from e-mail, it was included in an EXE-file, I got from the internet.
More and more files were compromised. A lot of unknown EXE-files were generated in the TEMP-directory and some of them were included to run during start. I took Codestuff Starter application to remove those entries, but in the same moment I deleted them, the entries were re-added. If I disabled them, all those entries were doubled and activated!
Since even Avast got infected, telling me it’s changed and dangerous to start, more and more programs were unable to start at all. The system got heavy stress and I saw a lot of BSOD’s due to heavy load on the system. My system never got a BSOD so far.
After I realized that it’s nearly unable to clean my system, I decided to re-install an image from a couple of days ago.
Work could go on and I started to scan my system with Ad-Aware and Avast and I was astonished how this fu…ing virus worked and now I know why my system got heavy load and was stressed.
To me, it seems, the virus began to replicate alphabetically on my data-partition trying to find all kind of SCR- and EXE-files it could find, infected them and created a lot of *.t files in the same directory.
I have a 440GB data-drive with a lot of directories and files and a lot of exe-files as well and so I started to check all my directories, killing those *.t files which are hidden flagged and can’t be find with Windows search. Thankfully I used Servant Salamander which can select a multiple of *.t files.
All EXE-files infected so far are useless! If I delete them and that stuff goes into the RecycleBin, Avast yells for infection with a WIN32:Luder-F virus, so I have to delete those EXE-files with the Shift-key.
My ISO-files, my image and my TrueCrypt-archives are not infected. Also, 16-bit EXE-files from MS-DOS or Windows do not get infected, just Win32 application files EXE and SCR.
I have learnt, that surfing in the Internet is fun but running EXE-files from unknown sources, even if you have an up-to-date AntiVirus-scanner and firewall and all known OS-updates and AntiSpyware program is no guarantee not to be infected with any kind of unknown bloody virus.
For me the solution is to use virtualization for the Internet asap. If it’s infected, it gets deleted, I will take the backup and continue.
I have the impression that this virus, which is very destructive, is not the WIN32:Luder-F, even if Avast reports it. Maybe another variant. I haven’t find an antivirus-program to cure the exe-files.
Best regards,
Marc