win32.Saburex.a

Viruses and worms
1

Hello, first of all sorry for my bad English.
Second, there is new virus, called win32.Saburex.a this virus “eats” *.exe, *.temp and *.dll files… My friends PC is infected whit it, and only 1 antivirus can find and remove that virus… I was wondering why Avast dos not have that virus in it’s database :cry: because i think that my PC is infected too… and i have no protection by your antivirus (Avast) …
I’m using Vista 6000 and can not install that antivirus that can remove that virus…

I hope you will take some time to look for that virus and make it removable by Avast.

2

It’s ok, we can understand you :wink:

Can your friends send an email with the infected files to: virus@avast.com
They can zip and password the files… Inform a link to this thread and the password used.
Thanks.

3

OK, we will do it.

EDIT: …they have allready cleared infected files whit KAV… i don’t know where from to get really infected files… because by me i don’t know which files are infected…

4

Why don’t you use Kaspersky for on-line full scanning and discover them?

5

i have just tried to do so as you said, but it dos not work… I get an ERROR… “some files are damaged” or somethink like that… i tried to some times, but result is the same… The scanner can not start… :cry:

6

I’m not sure that boot time scanning works on Vista (I think not yet).
But Kaspersky on-line should work… which files are missing?
Can you post a screenshot of the displayed error message?

7


http://img526.imageshack.us/img526/6152/kavbw7.th.jpg

8

so… have avast this virus allready in it’s database or not? ::slight_smile:

…if not, why u can not work together whit KAV and exchange whit some info? :slight_smile: or it is impossible?

9

Do you really believe competing companies are going to share data, I think not.

The other problem is that there is no standard naming convention for virus naming so win32.Saburex.a could well be called something else by other AV companies, so a simple virus name search in a database isn’t going to confirm anything. It might not exist with that name but is detectable but called something else.

Like any zero day or undetected virus you can help by taking steps to limit the potential damage.

You might also consider proactive protection, in order to place files in the system folders and create registry entries you need permission. Prevention is much better and theoretically easier than cure.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.

10

Go to this thread and download the attachment :wink:

11

Thnx :wink:

12

Hello!
I had some troubles with this virus too.

[Quote]Can your friends send an email with the infected files to: virus@avast.com
[/quote]
I have already sent the file a week ago, still Avast does not see it as a virus, although the virus database had 2 or 3 updates.

More info about it may be found at http://www.bitdefender.com/VIRUS-1000098-en--Win32.Fidcop.A.html

PS: Very off-topic, but please someone answer me.
Is there a reason I can’t start a new thread on this board? Also I can’t see Search, Preferences and similar stuff, common in web forums. Thank you in advance.
Edit: after finding the preferences, I switched the theme used, and buttons for what I asked suddenly appeared. Interesting…

Best regards,
Arthur

13

Perhaps you should upload the file again to Avast. Also upload it to VirusTotal.

14

avast! team!!! :frowning:

15

If Avast needs more info just ask and I shall do my best.
The same if the file (ole16.dll) needs sending again.

Good luck,
Arthur

16

i sent file infected with saburex and “ole16.dll” to virus@avast.com… i don’t understand…this topic is open on 11 dec. and today avast antivirus still don’t see the virus… what are you doing???

17

Was it sent in a zipped password protected attachment, if not it could have got detected and deleted on route, I would suggest adding it to the user files section of the chest and send it again from there if you didn’t do that previously as those sent from within the avast chest are filtered on receipt, that may get a higher priority than the 4000+ emails per day received at the virus @ avast.com email address.

18

Please, improve detection… it’s a shame the time frame of this :frowning:

19

The mail was sent on Mon, 15 Jan 2007 09:35:53, from: si1v...@yahoo.com , subject: W32/Saburex, in a zipped password protected attachment. The big number of mails received is not a reason to complain. Make a data base with e-mail address who sent real sample of virus and give them priority… like me :stuck_out_tongue:

20

Well if you like spam I suggest you leave your email address in your post, freely available to the email harvesters. The forum is publicly available so the email is there for any bot browsing the forums.

I’m not complaining about the large number, just showing a way to get filtered and hopefully gain a little priority.