Avast! is 1 of them to detect the new varient of ramnit malware…I saw this new varient at work…so i uploaded to VT to see who got it…
this is called protection where it counts!! 
ramnit is nasty malware…
Keep it up avast virus lab!! great job done here!! ;D
Here you see the scanning for it: htxp://community.trendmicro.com/tmicro/attachments/tmicro/malware/11577/2/a2scan_120726-203456.txt
icyifxqm.exe detected: Virus.Win32.Ramnit! RAMNIT is a virus in the same family as Virut, Sality and virtob. It attacks mainly executable files and infects those with the extensions .exe, .dll and .html - Once a computer has been infected with RAMNIT, there may be no way to remove it, and the computer may have to be re-formatted, see: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~Ramnit-D/detailed-analysis.aspx
polonus
I really think that this is far-fetched,if you got this virus early,you will able to remove it.
The following script is added to .htm and .html files:
#DISABLE SCRIPT -<script Language=VBScript>This goes only for experts. At BlackHat Conference 2012 they will introduced what is called "File Disinfection Framework: Striking Back at Polymorphic Viruses."
"File Disinfection Framework: Striking Back at Polymorphic Viruses." The research was presented by Reversing Labs. They presented an open source cross-platform x86-x64 library that enables its user to unpack, disinfect, and build PE32/PE32+ files. The framework also has an x86 emulator written from scratch, which supports multiple processes in parallel windows object such as handles, mutex, and environment. It also provides tools that can aid in writing disinfection routines such as automatic binary profiling with search for the presence and location of the virus stub.
Features:
1)Static analysis functionality that has the ability to view, modify and build on-the-fly PE32/PE32+ files, fields and tables. A large number of embedded decompression routines is included along with systems that dynamically define static structures and build polymorphic decrypters
2)Highly advanced PE32/PE32+ file validation and repair functionality that completely solves the issues brought up by our last year’s BlackHat presentation titled “Constant insecurity: Things you didn’t know about PE file format”. These functions accurately detect and identify all purposely-malformed PE files that break current security tools or evade detection. In addition, if the file is damaged (as usually happens during virus infections) and deemed repairable, it is automatically repaired to maximize the number of remediated files.
3)Integrated hash database functionality that helps to resolved the otherwise unsolvable problem of reverting function name hashes back to their original names. This custom database is easily extended to add even more libraries and functions to its known hash lists.
4)A truly unique x86 emulator written from scratch that supports the following Windows features
5)User can call standard Windows APIs inside the context of an emulated process. For example the user can dynamically create a new DLL file inside the virtual file system and load it into the context of an emulated process by calling LoadLibrary equivalent. Every emulated API is exposed to the user and therefore usable with the option of hooking any API one or more times.
6)Specific functionally designed to disinfect files infected with polymorphic viruses such as Virut and Sality with examples that show its use
7)Tools to aid in writing disinfection routines such as automatic binary profiling with search for the presence and location of the virus stub.
8)Much more,i just wanted to describe the thought process behind it.
ALL CREDITS GO TO REVERSING LABS
Hi Left123,
Thanks for your contribution. So they are developing new ways to disinfect. In an initial stage I reckon DrWebCureIt may give good results,
polonus
The arms race continue…
what will the bad guys do next
Hi Pondus,
Don’t worry, Pondus, malversants will think of something. The game is not over yet.
It is an ongoing battle and we are in the trenches.
So wear your avast Network- and Webshield.
polonus