Hi.

I sent this new rootkit-virus to VirusTotal .

VirusTotal report:

STATUS: FINISHED
Complete scanning result of "cmd.exe_vt100.zip", received in VirusTotal at 05.06.2006, 08:57:36 (CET).

Antivirus Version Update Result 
AntiVir 6.34.0.24 04.20.2006 Heuristic/Virus.Win32 
Avast 4.6.695.0 05.05.2006 Win32:Virtob 
AVG 386 05.05.2006  no virus found 
Avira 6.34.1.58 05.05.2006  no virus found 
BitDefender 7.2 05.06.2006 Win32.Virtob.Gen 
CAT-QuickHeal 8.00 05.05.2006 W95.TenRobot.B 
ClamAV devel-20060426 05.05.2006  no virus found 
DrWeb 4.33 05.05.2006  no virus found 
eTrust-InoculateIT 23.72.1 05.06.2006  no virus found 
eTrust-Vet 12.4.2194 05.04.2006  no virus found 
Ewido 3.5 05.05.2006  no virus found 
Fortinet 2.71.0.0 05.06.2006 suspicious 
F-Prot 3.16c 05.05.2006  no virus found 
Ikarus 0.2.65.0 05.05.2006  no virus found 
Kaspersky 4.0.2.24 05.06.2006 Type_Win32 
McAfee 4756 05.05.2006 New Win32 
Microsoft 1.1372 05.06.2006  no virus found 
NOD32v2 1.1523 05.05.2006  no virus found 
Norman 5.90.17 05.05.2006  no virus found 
Panda 9.0.0.4 05.05.2006  no virus found 
Sophos 4.05.0 05.06.2006  no virus found 
Symantec 8.0 05.06.2006  no virus found 
TheHacker 5.9.7.139 05.05.2006  no virus found 
UNA 1.83 05.05.2006 Win32.virus 
VBA32 3.11.0 05.05.2006  no virus found 


Aditional Information 
File size: 109061 bytes 
MD5: 1e0bed4a2c0c9d4bb11a8fb41ba07e8b 
SHA1: 4203774f2fc854364287a289104011d5a5cc2c38
STATUS: FINISHED
Complete scanning result of "vt100.zip", received in VirusTotal at 05.09.2006, 18:30:15 (CET).

Antivirus Version Update Result 
AntiVir 6.34.1.27 05.09.2006 Heuristic/Backdoor.Generic 
Avast 4.6.695.0 05.08.2006 Win32:Virtob 
AVG 386 05.09.2006  no virus found 
BitDefender 7.2 05.09.2006 Backdoor.VirtobVT.A 
CAT-QuickHeal 8.00 05.09.2006 W95.TenRobot.B 
ClamAV devel-20060426 05.09.2006  no virus found 
DrWeb 4.33 05.09.2006 BACKDOOR.Trojan 
eTrust-InoculateIT 23.72.3 05.09.2006  no virus found 
eTrust-Vet 12.4.2201 05.09.2006  no virus found 
Ewido 3.5 05.09.2006  no virus found 
Fortinet 2.76.0.0 05.09.2006 suspicious 
F-Prot 3.16c 05.09.2006  no virus found 
Ikarus 0.2.65.0 05.09.2006  no virus found 
Kaspersky 4.0.2.24 05.09.2006  no virus found 
McAfee 4758 05.09.2006 New Win32 
Microsoft 1.1372 05.09.2006  no virus found 
NOD32v2 1.1527 05.09.2006 probably unknown NewHeur_PE virus 
Norman 5.90.17 05.09.2006  no virus found 
Panda 9.0.0.4 05.09.2006 Suspicious file 
Sophos 4.05.0 05.09.2006  no virus found 
Symantec 8.0 05.09.2006  no virus found 
TheHacker 5.9.7.140 05.08.2006  no virus found 
UNA 1.83 05.06.2006 Win32.virus 
VBA32 3.11.0 05.08.2006  no virus found 


Aditional Information 
File size: 48436 bytes 
MD5: 42a18043fd9c04254a259124379740cc  

cmd_vt100.exe is infected windows cmd.exe file.
vt100.exe is proper virus-rootkit .

Here is the log from my program :
( this tool was created to detect and delete rootkits, hiden services and processes, hidden files and hidden registry keys. Another log samples: http://www.gmer.net/rootkits.php ).

GMER 1.0.10.9819 - http://www.gmer.net
Rootkit 2006-05-04 18:30:25
Windows 5.1.2600 Dodatek Service Pack 2


---- Processes - GMER 1.0.10 ----

Process  C:\WINDOWS\system32\VT100.EXE (*** hidden *** ) 3004 <-- ROOTKIT !!!
Library  C:\WINDOWS\system32\VT100.EXE (*** hidden *** ) @ C:\WINDOWS\system32\VT100.EXE [3004] 0x00400000 <-- ROOTKIT !!!

---- Registry - GMER 1.0.10 ----

Reg      \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@VT100 Emulator C:\WINDOWS\system32\VT100.EXE

---- Files - GMER 1.0.10 ----

File     C:\WINDOWS\system32\VT100.EXE

---- EOF - GMER 1.0.10 ---- 

As you can see, virus-rootkit hides its process, file, and registry key.
After start, vt100.exe infects almost all files on all possible disks.
Virus also send some data over network to the same ip address.

Here is another report written in polish:

http://www.gmer.net/vt100.exe.php

Regards