win32/kriptik.EEDE Trojan - Avast wont detect, but ESET detects

system · 2015-11-19T09:34:12.000Z

Avast wont detect win32/kriptik.EEDE Trojan.
It hides everything from a pen, on a Hidden folder, and places a shortcut on the pen root to execute the virus.
It then starts trying to connect to to some wird website, and keeps using MSIEXEC.exe

It would be good to add this virus to Avast database…ASAP

Asyn · 2015-11-19T09:36:52.000Z

Attach your basic diagnostic logs. (MBAM, FRST and MCShield)
Instructions: https://forum.avast.com/index.php?topic=53253.0

system · 2015-11-19T09:51:28.000Z

ESETSmartInstaller@High as downloader log:
all ok

product=EOS

version=8

OnlineScannerApp.exe=1.0.0.1

EOSSerial=fd95cc3e3dada44db963e67b13bdf7b9

end=init

utc_time=2015-11-19 09:18:27

local_time=2015-11-19 09:18:27 (+0000, Hora padrão de GMT)

country=“Portugal”

osver=6.1.7601 NT Service Pack 1

Update Init
Update Download
Update Finalize
Updated modules version: 26797

product=EOS

version=8

OnlineScannerApp.exe=1.0.0.1

EOSSerial=fd95cc3e3dada44db963e67b13bdf7b9

end=updated

utc_time=2015-11-19 09:23:36

local_time=2015-11-19 09:23:36 (+0000, Hora padrão de GMT)

country=“Portugal”

osver=6.1.7601 NT Service Pack 1

product=EOS

version=8

OnlineScannerApp.exe=1.0.0.1

OnlineScanner.ocx=1.0.0.7777

api_version=3.1.1

EOSSerial=fd95cc3e3dada44db963e67b13bdf7b9

engine=26797

end=finished

remove_checked=true

archives_checked=true

unwanted_checked=true

unsafe_checked=true

antistealth_checked=true

utc_time=2015-11-19 09:24:51

local_time=2015-11-19 09:24:51 (+0000, Hora padrão de GMT)

country=“Portugal”

lang=1033

osver=6.1.7601 NT Service Pack 1

compatibility_mode_1=‘avast! Internet Security’

compatibility_mode=779 16777213 85 72 240291 212345581 0 0

compatibility_mode_1=‘’

compatibility_mode=5893 16776573 100 94 20304 200390141 0 0

scanned=229

found=1

cleaned=1

scan_time=74

sh=C0B5ECD893FBD02C89A734BA3DAEAF638944F3BB ft=1 fh=0cac54452678a7d4 vn=“a variant of Win32/Kryptik.EEDE trojan (cleaned by deleting - quarantined)” ac=C fn=“N:\Â {0F141985-E5C2-416F-8CDE-A22B59972322}.{1C28986F-D5E2-4DAE-9E72-8C410DFE6D27}”
ESETSmartInstaller@High as downloader log:
all ok

product=EOS

version=8

OnlineScannerApp.exe=1.0.0.1

EOSSerial=fd95cc3e3dada44db963e67b13bdf7b9

end=init

utc_time=2015-11-19 09:46:17

local_time=2015-11-19 09:46:17 (+0000, Hora padrão de GMT)

country=“Portugal”

osver=6.1.7601 NT Service Pack 1

system · 2015-11-19T09:59:40.000Z

Please see attachments.
Prints from an infected pen.

Eddy · 2015-11-19T10:02:25.000Z

avast recently added more detections for kryptic.
It can be the latest vps has the detection for it.

If this version is not (yet) detected, send a sample to avast.

Do not copy/paste logs, but attach them

Asyn · 2015-11-19T10:04:50.000Z

Eddy post:5:

If this version is not (yet) detected, send a sample to avast.

You can report it here: https://support.avast.com/support/tickets/new?form=3

Pondus · 2015-11-19T10:17:19.000Z

To clean your USB pen use MCShield. http://www.mcshield.net/

You find instructions for it in the guide Asyn posted link to

This log you must copy and paste or we can’t read it (a forum bug)

Announcements