When I executed a file downloaded from Emule, it took some time and then I watch the Avast’s icon to change, and then Avast say that a process was taking it down. I answer not, but not avail… avast is gone and winupgro.exe is running… I send the file to http://virusscan.jotti.org that said this:
2009-10-29 Found nothing
2009-10-29 Found nothing
2009-10-29 Trojan-Downloader.Win32.Bagle!IK
A-Sqared: Trojan-Downloader.Win32.Bagle
Avast: Found nothing
Avg: Trojan-Downloader.Win32.Bagle.blj
Bitdefender: Found nothing
AntiVir: Found nothing
CLam-AV: Found nothing
CP Secure: Found nothing
Sophos: Sus/ComPack-C
DrWeb: Trojan.Siggen.10859
F-Prot: W32/Themida_Packed!Eldorado
Kaperskey: Trojan-Downloader.Win32.Bagle.blj
I’m a developer in Oreans Technologies and we have developed Themida to protect applications against cracking. We are receiving many complain from our clients saying that NOD32 reports their applications as potential thread (Win32/Packed.Themida)Themida tries to make a good job to protect applications against cracking. It’s not our fault that hackers use it to protect malware.
It is not an heuristic find. It is a real virus!!! Everytime I boot, Avast starts loading and then shuts down and winupgro.exe runs with 50% of CPU (one core). I can send you the file if you have interest.
Since this is definitely a Beagle infection, either do what Polonus said or Download Kaspersky Rescue Disk or Dr. Web CureIT from a non-infected computer and burn it onto a CD.
The Baglegui.com didn’t find anything. I wonder… Why Avast doesn’t detect anything? I found this forum http://forum.avast.com/index.php?topic=40749.0 that in in December 08 they had exactly the same problem that I have, and in the last messages they say that in June 09 still didn’t detect it!!! Why Avast doesn’t still detect almost one year later???
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.