Hi!
We found a virus, not recognized by Avast, spread by usb drives.
We just studied its behavior and it seems to be working that way:
- on pen drive there are: a folder called “Dazurna” (marked as a system folder, with recycle bin icon), a file called dwkh2.exe and an autorun.inf file;
- autorun.inf runs an executable file (sladjepla.exe) into the Dazurna folder;
- sladjepla.exe copies dwkh2.exe on C local drive, as esp.exe
- esp.exe starts on user logon and remains active to replicate itself on a new pen drive
- and so on…
esp.exe also shows an arab message on screen (in a green box) for a few seconds after windows logon.
sladjepla.exe is detected as a virus by:
Antivir (TR/Crypt.XPACK.Gen2)
AVG (Win32/Cryptor)
NOD32 (a variant of Win32/Peerfrag.GH)
TrendMicro (TROJ_PALEVO.SMAL)
and some other antivirus, but unfortunatly not by avast.
esp.exe is detected as a virus only by Jiangmin (Heur:Worm/Autorun) and Symantec (Suspicious.Insight).
Can I define these virus as a user-defined threat on Avast Netclient?
Will you release an updated VPS soon?
Thanks in advance.
Marco