win32.Saburex.a

Lisandro · 2006-12-11T12:09:07.000Z

Haxior post:1:

Hello, first of all sorry for my bad English.

It’s ok, we can understand you

Haxior post:1:

My friends PC is infected whit it

Can your friends send an email with the infected files to: virus@avast.com
They can zip and password the files… Inform a link to this thread and the password used.
Thanks.

system · 2006-12-11T13:09:23.000Z

OK, we will do it.

EDIT: …they have allready cleared infected files whit KAV… i don’t know where from to get really infected files… because by me i don’t know which files are infected…

Lisandro · 2006-12-11T14:43:58.000Z

Haxior post:3:

I don’t know where from to get really infected files… because by me i don’t know which files are infected…

Why don’t you use Kaspersky for on-line full scanning and discover them?

system · 2006-12-11T15:27:39.000Z

i have just tried to do so as you said, but it dos not work… I get an ERROR… “some files are damaged” or somethink like that… i tried to some times, but result is the same… The scanner can not start…

Lisandro · 2006-12-11T18:53:33.000Z

I’m not sure that boot time scanning works on Vista (I think not yet).
But Kaspersky on-line should work… which files are missing?
Can you post a screenshot of the displayed error message?

system · 2006-12-11T19:15:05.000Z

http://img526.imageshack.us/img526/6152/kavbw7.th.jpg

system · 2006-12-12T15:00:26.000Z

so… have avast this virus allready in it’s database or not? :

…if not, why u can not work together whit KAV and exchange whit some info? or it is impossible?

DavidR · 2006-12-12T15:13:45.000Z

Do you really believe competing companies are going to share data, I think not.

The other problem is that there is no standard naming convention for virus naming so win32.Saburex.a could well be called something else by other AV companies, so a simple virus name search in a database isn’t going to confirm anything. It might not exist with that name but is detectable but called something else.

Like any zero day or undetected virus you can help by taking steps to limit the potential damage.

You might also consider proactive protection, in order to place files in the system folders and create registry entries you need permission. Prevention is much better and theoretically easier than cure.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.

system · 2006-12-13T13:07:12.000Z

Go to this thread and download the attachment

system · 2006-12-13T15:17:31.000Z

Thnx

system · 2007-01-06T10:23:16.000Z

Hello!
I had some troubles with this virus too.

[Quote]Can your friends send an email with the infected files to: virus@avast.com
[/quote]
I have already sent the file a week ago, still Avast does not see it as a virus, although the virus database had 2 or 3 updates.

More info about it may be found at http://www.bitdefender.com/VIRUS-1000098-en--Win32.Fidcop.A.html

PS: Very off-topic, but please someone answer me.
Is there a reason I can’t start a new thread on this board? Also I can’t see Search, Preferences and similar stuff, common in web forums. Thank you in advance.
Edit: after finding the preferences, I switched the theme used, and buttons for what I asked suddenly appeared. Interesting…

Best regards,
Arthur

system · 2007-01-07T05:45:52.000Z

Perhaps you should upload the file again to Avast. Also upload it to VirusTotal.

Lisandro · 2007-01-07T20:07:28.000Z

roentgen post:12:

I have already sent the file a week ago, still Avast does not see it as a virus, although the virus database had 2 or 3 updates.

avast! team!!!

system · 2007-01-08T13:09:11.000Z

If Avast needs more info just ask and I shall do my best.
The same if the file (ole16.dll) needs sending again.

Good luck,
Arthur

system · 2007-01-16T15:33:42.000Z

i sent file infected with saburex and “ole16.dll” to virus@avast.com… i don’t understand…this topic is open on 11 dec. and today avast antivirus still don’t see the virus… what are you doing???

DavidR · 2007-01-16T16:14:52.000Z

Was it sent in a zipped password protected attachment, if not it could have got detected and deleted on route, I would suggest adding it to the user files section of the chest and send it again from there if you didn’t do that previously as those sent from within the avast chest are filtered on receipt, that may get a higher priority than the 4000+ emails per day received at the virus @ avast.com email address.

Lisandro · 2007-01-16T16:17:14.000Z

Mojo47 post:16:

This topic is open on 11 dec. and today avast antivirus still don’t see the virus…

Please, improve detection… it’s a shame the time frame of this

system · 2007-01-17T23:02:10.000Z

The mail was sent on Mon, 15 Jan 2007 09:35:53, from: si1v...@yahoo.com , subject: W32/Saburex, in a zipped password protected attachment. The big number of mails received is not a reason to complain. Make a data base with e-mail address who sent real sample of virus and give them priority… like me

DavidR · 2007-01-17T23:25:59.000Z

Well if you like spam I suggest you leave your email address in your post, freely available to the email harvesters. The forum is publicly available so the email is there for any bot browsing the forums.

I’m not complaining about the large number, just showing a way to get filtered and hopefully gain a little priority.

system · 2007-01-17T23:31:37.000Z

thanks for your suggestion

Announcements