virus not found by Avast Netclient ed.

Hi!
We found a virus, not recognized by Avast, spread by usb drives.

We just studied its behavior and it seems to be working that way:

  • on pen drive there are: a folder called “Dazurna” (marked as a system folder, with recycle bin icon), a file called dwkh2.exe and an autorun.inf file;
  • autorun.inf runs an executable file (sladjepla.exe) into the Dazurna folder;
  • sladjepla.exe copies dwkh2.exe on C local drive, as esp.exe
  • esp.exe starts on user logon and remains active to replicate itself on a new pen drive
  • and so on…

esp.exe also shows an arab message on screen (in a green box) for a few seconds after windows logon.

sladjepla.exe is detected as a virus by:
Antivir (TR/Crypt.XPACK.Gen2)
AVG (Win32/Cryptor)
NOD32 (a variant of Win32/Peerfrag.GH)
TrendMicro (TROJ_PALEVO.SMAL)
and some other antivirus, but unfortunatly not by avast.

esp.exe is detected as a virus only by Jiangmin (Heur:Worm/Autorun) and Symantec (Suspicious.Insight).

Can I define these virus as a user-defined threat on Avast Netclient?
Will you release an updated VPS soon?

Thanks in advance.

Marco

you have to upload the files to the ftp server of avast

ftp://ftp.avast.com/incoming (please note that you will only have write access to the ftp site, not read, so you won’t be able to see even the item you uploaded).

zip the files and password protect it

send an email to virus@avast.com and give them the filename and password of the file

i guess that should be doing it

Hi Marco,

Are the netclients up to date with the latest VPS? How often do you run an update task?

Colin Q.
QueCentric LLC
avast! Gold Reseller

http://www.quecentric.com/