Today i have read that a lot of instances and mainly a lot of dutch citygovernments got infected with the Quervar.B virus.
What is the name Avast is detecting it on and IS avast actually detecting it?
this one…generic detection
looks like it, yet strange that there have been reportings that even today updated scanners didnt catch it until some new updates
the link i posted also states that the update for this virus was released at 9-8-2012 (d-m-y) and in the update colomn of your site it says in june
well…i guess there is more then one sample out there…and new arriving
must be
the disturbing thing tho is that the “XDocCrypt/Dorifel-virus” (as it is called in an article) is spread via a botnet that already had control over the computers where the infection started… but thats some whole other story (and malpractice i believe)
using a name search…her is a couple…see different MD5
http://www.threatexpert.com/report.aspx?md5=8a97c653a80cee157dea30e90ffc138f
http://www.threatexpert.com/report.aspx?md5=4152e824d0bc2c3443654c6aa21b5516
http://www.threatexpert.com/report.aspx?md5=1d7cd8789d40b2ecdfd7f25a8fba6285
Hi,
following sample : https://www.virustotal.com/file/4db33e065a74ca240850f451f73b14cf52e72ba487f7f367f29889b0a6ecb32b/analysis/
Analysis : http://blog.emsisoft.com/2012/08/09/dorifel-crypto-malware-paralyzes-dutch-companies-and-public-sector/
Decrypt tool : http://tmp.emsisoft.com/fw/decrypt_dorifel.zip and here http://dl.surfright.nl/decrypt_dorifel.exe Credits goes to Fabian Worsar and Erik Loman.
It comes from the “Citadel” botnet.
thnx for the replies
i am on a week leave started yesterday, but i can remotely login my net to test on a test machine this weekend or monday