New Virus

Viruses and worms
1

Enter the signature of this new virus in the next update.
download virus link removed

Thank you for adding signature of this worm.

2

Disable that link, if you please.

3

At least make that link non-clickable,

The link redirects to: http://www.google.com/safebrowsing/diagnostic?site=www.liveinternet.ru
and writes

<a href='htxp://www.liveinternet*ru/click' target=_blank><img src=
'htxp://counter*yadro*ru/hit?t14.1;rhtXp%3A//files*etherway*ru/^6DB9B7;^^s1024*768*24;uhxtp%3A//files*e
therway*ru/6DB9B7;0.9084741002613943' alt='' title=
'LiveInternet: ^^ �������� ����� ���������� ��^^^^ 24 ����, ����������� �� 24 ���� � �� �������' border='0'
 width='88' height='31'></a> broken by me polonus - site links to torrent site: Файлообменная сеть Torrent | Интернет-провайдер «Etherway»

on the malware family: http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=80126

polonus

4

The link does not go to a infected website, but to a download site

have sendt sample to avast

VirusTotal - crnuizlatnu.exe - 20/41
http://www.virustotal.com/analisis/63f12009aa36bbc51e4abb721e0469b0b4a71b35ae7c6a88bdb02176ce702d1d-1274381920

5

one day later 6 more is detecting…but not avast… :cry:

VirusTotal - crnuizlatnu.exe - 26/41
http://www.virustotal.com/analisis/63f12009aa36bbc51e4abb721e0469b0b4a71b35ae7c6a88bdb02176ce702d1d-1274450230

6

Hi Pondus,

Here is the Prevx info: http://www.prevx.com/filenames/X235144054498474032-X1/CRNUIZLATNU.EXE.html
also known as:
http://www.prevx.com/filenames/1001164669768425085-X1/735.EXE.html
Read here about this autoinf.virus: http://forum.3dnews.ru/showthread.php?p=1814215

begin SearchRootkit(true, true); SetAVZGuardStatus(True); DeleteFile('K:\autorun.inf'); DeleteFile('K:\seka\crnuizlatnu.exe'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end,

polonus