New Virus found, need help

Need help please,

http://www.uploading.com/files/BIRXOW2H/Virus_Sample.rar.html

This was the example of the Virus, it come from my country, Indonesia, and also it disturb all of Indonesian.
How Virus is working:
Show some message in the Start of Windows
It makes Main Folder(Folder that at the Drive) to be Hidden.
Makes some file that looks like folder, named “Folder”.scr, also create a Thumbs.com and Thumbs.db
What makes troublesome is it make my drive full…
I get the Example by remove the Hidden from Regedit.

I already submit it at virus@avast.com, but i don’t know… Is the Avast Database really updated so can clean this Virus?

And thanks for the help

tkhnoman

Hi tkhnoman,

You could use the Bitdefender or F-Secure online scanners to remove this one: both remove malware.

Complete scanning result of “Virus-Sample.rar”, received in VirusTotal at 03.27.2007, 12:49:57 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.3.27.0 03.27.2007 no virus found
AntiVir 7.3.1.44 03.27.2007 Worm/VB.bdy
Authentium 4.93.8 03.26.2007 could be a corrupted executable file
Avast 4.7.936.0 03.25.2007 no virus found
AVG 7.5.0.447 03.26.2007 no virus found
BitDefender 7.2 03.27.2007 Win32.VB.J
CAT-QuickHeal 9.00 03.26.2007 no virus found
ClamAV devel-20070312 03.27.2007 Worm.VB-117
DrWeb 4.33 03.27.2007 no virus found
eSafe 7.0.14.0 03.26.2007 no virus found
eTrust-Vet 30.6.3515 03.27.2007 no virus found
Ewido 4.0 03.27.2007 no virus found
FileAdvisor 1 03.27.2007 no virus found
Fortinet 2.85.0.0 03.27.2007 BackDoor.B!tr
F-Prot 4.3.1.45 03.26.2007 no virus found
F-Secure 6.70.13030.0 03.27.2007 Virus.Win32.VB.dg
Ikarus T3.1.1.3 03.27.2007 no virus found
Kaspersky 4.0.2.24 03.27.2007 Virus.Win32.VB.dg
McAfee 4992 03.26.2007 Generic BackDoor.b
Microsoft 1.2306 03.27.2007 no virus found
NOD32v2 2146 03.27.2007 Win32/VB.NGY
Norman 5.80.02 03.23.2007 no virus found
Panda 9.0.0.4 03.27.2007 no virus found
Prevx1 V2 03.27.2007 no virus found
Sophos 4.15.0 03.27.2007 no virus found
Sunbelt 2.2.907.0 03.24.2007 no virus found
Symantec 10 03.27.2007 no virus found
TheHacker 6.1.6.080 03.23.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.26.2007 no virus found
VirusBuster 4.3.7:9 03.26.2007 no virus found
Webwasher-Gateway 6.0.1 03.27.2007 Worm.VB.bdy

Thanks, i can get rid the virus with Kaspersky.

There is another problem, but this is maybe a simple problem that i don’t understand. When i open the Drive, it asking about where the Thumbs.com is located. How i can solve this “autorun” problem?

Thanks for the help

What drive are you talking about opening ?

There is obviously some remnant, probably a registry key (or start-up entry) that refers to the thumbs.com, so do a registry search for thumbs.com and check the start-up entries to see if there is anything there.

On-line scanning or you’ve installed Kaspersky in your computer?

There shouldn’t be any thumbs.com file to autoexecute, for sure.
Something seems to be left behind. Do you know how to manage Windows Registry?
If not, maybe you can ask someone to help you to clean the Registry.

I get rid the virus by installing the Kaspersky, but now i also little mad about this anti-virus. Made my computer lag.

Yes, i can manage Windows Registry. And thanks for the help, now the opening can go normally.

You need to fully uninstall Kaspersky before using avast again…

Search for thumbs.com in the registry then…

Hi tkhnoman,

If this thumbs.com cannot be removed, try the program killbox from here to get rid of it: http://www.killbox.net/help.html, also clean up your temp files using ATF cleaner: http://www.atribune.org/ccount/click.php?id=1 Read instructions to use it here: http://www.atribune.org/content/view/19/2/

polonus

According to VirusTotal, the latest update of avast! still cannot detect this malware. :frowning:

I like avast!, but the thought that the company will drag its feet if I should need help cleaning a new virus off my PC is putting me off. Until Alwil improves its policy regarding this issue, I’ll be sticking with the competition.