new virus ntdetec1.exe

Viruses and worms
1

The new virus ntdetec1.exe with autorun.inf file has spread from pendrive to hard disk also and avast home edition does not detect or remove it. The information was sent to avast support by email and waiting for a solution. Any suggestions to remove it?

2

Seems indeed a new virus. I did not find any entry searching the board for ntdetec1.exe keyword.
To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
Other possibility is JOTTI. VirusTotal and Jotti both have file size limits 10 and 15MB each.

3

Hi Srinivasan,

It is a virus, like a trojan dropper. You can succesfully remove it.
It spreads here via USB pen drives.
Removal:
Reboot to safe mode.
Probably hidden folders will not be seen on your system due to virus making registry changes.
Make appropriate registry changes as per: http://technodigits.wordpress.com/2007/05/13/show-hidden-files-and-folders-not-working/

Now hidden folders will be seen.

Then locate folder C:\ntdetec1

Delete folder.

Boot to normal mode
Run hijackthis and remove the registry entry for ntdetec1.exe

polonus

4

Thanks Tech and Polonus.
Before I read Polonus’s mail I ran Jotti and got the following result for the pen drive virus ntdetec1.exe

Scanner results
Scan taken on 11 Jan 2008 14:28:34 (GMT)
AntiVir
Found DR/AutoHK.B, TR/AutoHK.B
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found Dropper.Generic.TDB, Generic9.AGHB, Generic9.AGHC, Generic9.AGHD, Generic9.AGHF
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found Trojan.Win32.AutoHK.b, Trojan.Win32.AutoHK.c, Trojan.Win32.AutoHK.d, Trojan.Win32.AutoHK.e
Fortinet
Found nothing
Ikarus
Found Trojan.Win32.AutoHK.b, Trojan.Win32.AutoHK.c, Trojan.Win32.AutoHK.d, Trojan.Win32.AutoHK.e
Kaspersky Anti-Virus
Found Trojan.Win32.AutoHK.b, Trojan.Win32.AutoHK.c, Trojan.Win32.AutoHK.d, Trojan.Win32.AutoHK.e
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found Mal/Generic-A
VirusBuster
Found Trojan.AutoHK.A, Trojan.AutoHK.F, Trojan.AutoHK.B, Trojan.AutoHK.D, Trojan.AutoHK.E, Trojan.AutoHK.C
VBA32
Found Trojan.Win32.AutoHK.e, Trojan.Win32.AutoHK.c, Trojan.Win32.AutoHK.d

Let me try the suggestion given by polonus.
Thanks again

5

This will help indentifing the malware since there is an autorun associated with it. This will show the mountpoints and the contents of the autoruns.

Please download and save it to your desktop.

QueryMountpoints

http://cid-32d8666f4048075b.skydrive.live.com/browse.aspx/Malware%20files

Plug in your usb device, double click the file you downloaded and post the results in your next reply.