Hello,

Many of you get infected with this trojan and don’t even know about it…!

TRO/ROOT KIT is a malicious Trojan infection. There is a problem with this trojan TRO/ROOT KIT or Win32:Small-HUF [Trj] which in the last few weeks many people get - but no one know about the infection since the most AV provider dident even detect this one.

Some time ago AVAST has detect this trojan (but never could delete it), but right now AVAST not even detect the trojan.

Still today - Not even Kaspersky or Malwarebytes is able to detect this trojan!

symptoms and signs (no always) that you maybe have if this trojan is on your system : This trojan could make internet connection problems.

This TRO/ROOT KIT just come back again and again with its advanced techniques.

TRO/ROOT KIT is made to escape the detection so it is not surprising that you are hit by this nasty virus even though you have installed several antivirus software in your computer.

following files created by TRO/ROOT KIT:

%System%\SysWOW64\drivers[RANDOM CHARACTERS].sys
Known virus sample:
C:\Windows\SysWOW64\drivers\mjvhhu.sys
C:\Windows\SysWOW64\drivers\tcoifh.sys
C:\Windows\SysWOW64\drivers\vqdtrh.sys
C:\Windows\SysWOW64\drivers\wayuia.sys
C:\Windows\SysWOW64\drivers\zedltn.sys
%Windows%\system32[random].exe
%AppData%[random].exe

Reg key:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WAYUIA\0000]
“Service”=“wayuia”
“Legacy”=dword:00000001
“ConfigFlags”=dword:00000000
“Class”=“LegacyDriver”
“ClassGUID”=“{8ECC055D-047F-11D1-A537-0000F8753ED1}”
“DeviceDesc”=“wayuia”
“Capabilities”=dword:00000000

And following registry entries are created:
HKEY_USERS.Default\Software\Microsoft\Internet Explorer\Approved Extensions
HKEY_USERS.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce[random]
HKEY_CLASSES_ROOT\CLSID[random numbers]

.registry:

-------\Legacy_MJVHHU
-------\Legacy_TCOIFH
-------\Legacy_VQDTRH
-------\Legacy_WAYUIA
-------\Legacy_ZEDLTN
-------\Service_mjvhhu
-------\Service_tcoifh
-------\Service_vqdtrh
-------\Service_wayuia
-------\Service_zedltn

Any help from AVAST team???

Thank you and best reagrds.

Laura

but no one know about the infection since the most AV provider dident even detect this one.

Any help from AVAST team???

No, but many of my friends are infected with this trojan and searching for help.

It may be important for AVAST and other AV companies to detect this trojan as soon as possible.

You may search Bing Yahoo or Google and serch for “Legacy_WAYUIA” or “Win32:Small-HUF [Trj]” or TRO/ROOT KIT.

Thank you.

Laura

If they need removal help they should follow this guide and attach the requsted logs
http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

When done a removal expert will help…and the help is free.

It may be important for AVAST and other AV companies to detect this trojan as soon as possible.

Sorry, I have no sample as I just deleted all treats from the computer.

Please have 1 of your infected friends provide us with a sample.

Laura.

I do not know where you read that info about Win32:Small-HUF [Trj] not being detected by Avast! because Avast! has been detecting it long ago.

http://forum.avast.com/index.php?topic=46877.msg394211#msg394211

Even now Avast! can detect it in memory from other security programs when they are updated with an incripted file about it. See msmpeng.exe (Windows defender).

http://forum.avast.com/index.php?topic=93275.msg742526#msg742526

iroc9555 < Who said AVAST has never detect this trojan?

You diden’t read my posting!

However, AVAST can’t detect TRO/ROOT KIT right now!

OK :-X