following is the malware spreading through usb drives.
h–p://rapidshare.com/files/451777265/autorun.rar
it hides all the folders in the usb drive and makes them invisible.
it also creates shortcuts having same names and icons of the folders
which it hid.
shortcuts have path to the attached file which is placed in the
“Recycler” Folder created in the usb drive.
it is undetected by avast free edition latest version.
Please remove the file share link this isn’t s malware distribution forum. Send the sample directly to avast as you have no control over who might download it or what they might do with it.
Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
Or
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.
Edit, numbers going down on VT scan, 5/40:
http://www.virustotal.com/file-scan/report.html?id=17c17e12abf2cdb498c13de25965acf237690835a488c96fcaa584ac0c2f4419-1299699800
Not really.....as two of the detecting engines AVG / Symantec did not scan on second run ;)
DavidR, I have seen here people posting links to malware which is undetected, before.
I thought it is not against the rules here… Still if mods think its unsafe, they can edit my post.
I have already submitted the samples both via chest and email.
this malware is giving problems to number of my colleagues, who are using Avast installed by me on their PCs.
Now they are frequently coming to me to recover their hidden files from USB.
Hope it resolves soon…
What has been done before, doesn’t make it right, even munging up the URL so it isn’t active doesn’t take a rocket scientist to work out and this is a publicly available forum. We have no control over who downloads it or what they do with it.
The Moderators are also avast developers so they aren’t necessarily going to see it and remove it.
So it is up to all of us posting to protect others by sending samples directly to avast and not making undetected malware available through file sharing sites. Making it available on a file sharing site won’t help avast get it any sooner.
In stead of a file sharing site the link could be given directly to site where the original malware resides/resided (never a live link for obvious reasons).
Norton Safe Web and unmasked parasites also show where they find/found the malware via direct malware links, malware domain sites give the malware, and the virustotal and other info that come with it, and what av solutions detect and do not detect. If people go there and click they run the same risks.
Well always report via sending samples to avast also, perfectly OK, but also post back here as detection does not follow, else we are unaware of this and we cannot easily evaluate how good or how bad avast detection really is. I’d rather have that right out in the open. Users that want to use undetected malware for malicious purposes have other sources than av forum links, I assume,
Even giving the URL to where the malware resides puts others at risk.
Should we follow the poor practices of other sites, I think not. If you have a malware sample send them directly to avast, not via a file share or the origination site (that information can and should be included with your submission).
Of course they have other sources, but why should we give them another, it has to be about protecting others.
It is already in the open, nothing is being hidden, just that we aren’t showing links to the sample, but VT.
After reporting, there is avast detection for what you reported, it would be nice to change the subject of your first posting into “undetected malware SOLVED”, this is also encouraging to the new users of the avast av-solution and a proof of the fact that avast is getting better and better all of the time. Glad you could help towards that goal,
