Avast found a few of these and put them in the chest, but it missed one in my Startup folder, so unfortunately the malware got to run after reboot. I noticed unusual CPU usage and kill the exe. Is there information on what this malware does? I need to know in order to plan for damage control.
Well this is “an oldie”,so to say. This backdoor trojan in various variants was first seen back in Jan 05 2010 with it’s activity peaking this month last year.
It is a high level threat that should be removed. A backdoor trojan comes including a backdoor allowing unauthorized access to the target’s computer. These backdoors tend to be invisible to average users…
very difficult…unless you upload your sample and have it analysed
there is no naming standard so another vendor have another name for it, so you will not find exact info just from the name
infact, if we search virustotal for a avast detection on that name we find this
so you see searching just from the name will not give you exact ifo on your sample, only analyze will
anyway why bother!
and if you suspect something is still in there, follow the guide i gave you, attach the logs and a removal expert will look inside for infections
Ok, thanks for the explanation. Actually I already decided to reinstall the OS, so I’m not that worried that it’s still there, but I am worried it got hold of my passwords, in which case I’ll need to change them all which is time consuming. Will Avast be able to analyze the file if I upload it?
Will Avast be able to analyze the file if I upload it?
yes, but they usually dont reply....and not with that kind of info
i guess when 100 000 samples goes true the lab every day they are more then busy
you can upload it to Threatexpert for a auto anlyze. http://www.threatexpert.com/submit.aspx
then you recive a link to the result in mail
the result is very tech…so unless you understand this stuff… :
Ok, I got the result from ThreatExpert, it’s interesting but didn’t provide much details on what the exe did to my harddrive or whether it logs key strokes. I’ll upload it to www.virustotal.com later this week, I already reinstalled OS and the exe is in old system’s Avast chest, I assume there’s no way to get it out from the chest without running Avast on the old system.