« previous next »
Pages: [1]   Go Down

Author Topic: NOTE: TRO/ROOT KIT is still undetectable by all AV provider. you may be infected  (Read 7764 times)

0 Members and 1 Guest are viewing this topic.

Laura404

  • Guest
NOTE: TRO/ROOT KIT is still undetectable by all AV provider. you may be infected
« on: February 03, 2013, 02:49:11 PM »
Hello,

Many of you get infected with this trojan and don't even know about it...!

TRO/ROOT KIT is a malicious Trojan infection. There is a problem with this trojan TRO/ROOT KIT or Win32:Small-HUF [Trj] which in the last few weeks many people get - but no one know about the infection since the most AV provider dident even detect this one.

Some time ago AVAST has detect this trojan (but never could delete it), but right now AVAST not even detect the trojan.

Still today - Not even Kaspersky or Malwarebytes is able to detect this trojan!

symptoms and signs (no always) that you maybe have if this trojan is on your system : This trojan could make internet connection problems.

This TRO/ROOT KIT just come back again and again with its advanced techniques.

TRO/ROOT KIT is made to escape the detection so it is not surprising that you are hit by this nasty virus even though you have installed several antivirus software in your computer.

following files created by TRO/ROOT KIT:

%System%\SysWOW64\drivers\[RANDOM CHARACTERS].sys
Known virus sample:
C:\Windows\SysWOW64\drivers\mjvhhu.sys
C:\Windows\SysWOW64\drivers\tcoifh.sys
C:\Windows\SysWOW64\drivers\vqdtrh.sys
C:\Windows\SysWOW64\drivers\wayuia.sys
C:\Windows\SysWOW64\drivers\zedltn.sys
%Windows%\system32\[random].exe
%AppData%\[random].exe

Reg key:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WAYUIA\0000]
"Service"="wayuia"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="wayuia"
"Capabilities"=dword:00000000

And following registry entries are created:
HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions
HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings “WarnOnHTTPSToHTTPRedirect” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\[random]
HKEY_CLASSES_ROOT\CLSID\[random numbers]

 .registry:

 -------\Legacy_MJVHHU
 -------\Legacy_TCOIFH
 -------\Legacy_VQDTRH
 -------\Legacy_WAYUIA
 -------\Legacy_ZEDLTN
 -------\Service_mjvhhu
 -------\Service_tcoifh
 -------\Service_vqdtrh
 -------\Service_wayuia
 -------\Service_zedltn

Any help from AVAST team???

Thank you and best reagrds.

Laura
   
« Last Edit: February 03, 2013, 03:01:15 PM by Laura404 »
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37532
  • Not a avast user
Re: NOTE: TRO/ROOT KIT is still undetectable by all AV provider. you may be infected
« Reply #1 on: February 03, 2013, 03:36:17 PM »
Quote
but no one know about the infection since the most AV provider dident even detect this one.
then how do you know about it?

Quote
Any help from AVAST team???
are you infected?
do you need help removing this infection?

« Last Edit: February 03, 2013, 04:21:08 PM by Pondus »
Logged

Laura404

  • Guest
Re: NOTE: TRO/ROOT KIT is still undetectable by all AV provider. you may be infected
« Reply #2 on: February 03, 2013, 09:19:13 PM »
No, but many of my friends are infected with this trojan and searching for help.

It may be important for AVAST and other AV companies to detect this trojan as soon as possible.

You may search Bing Yahoo or Google and serch for "Legacy_WAYUIA" or "Win32:Small-HUF [Trj]" or TRO/ROOT KIT.

Thank you.

Laura
« Last Edit: February 03, 2013, 09:23:08 PM by Laura404 »
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37532
  • Not a avast user
Re: NOTE: TRO/ROOT KIT is still undetectable by all AV provider. you may be infected
« Reply #3 on: February 03, 2013, 09:23:25 PM »
If they need removal help they should follow this guide and attach the requsted logs
http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR


When done a removal expert will help.....and the help is free.  ;)


« Last Edit: February 03, 2013, 09:29:18 PM by Pondus »
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37532
  • Not a avast user
Re: NOTE: TRO/ROOT KIT is still undetectable by all AV provider. you may be infected
« Reply #4 on: February 03, 2013, 09:31:07 PM »
Quote
It may be important for AVAST and other AV companies to detect this trojan as soon as possible.
They will when they get a sample....do you have it?

Logged

Laura404

  • Guest
Re: NOTE: TRO/ROOT KIT is still undetectable by all AV provider. you may be infected
« Reply #5 on: February 04, 2013, 06:53:59 PM »
Sorry, I have no sample as I just deleted all treats from the computer.
Logged

Offline avast@@dvantage77.com

  • J.R. Guthrie - avast! Sales and Support Specialist
  • Avast Reseller
  • Advanced Poster
  • *
  • Posts: 736
  • the only avast! Distributor & Platinum Reseller
    • Advantage Micro Corporation
Re: NOTE: TRO/ROOT KIT is still undetectable by all AV provider. you may be infected
« Reply #6 on: February 05, 2013, 01:28:42 AM »
Please have 1 of your infected friends provide us with a sample.
Logged
Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"

iroc9555

  • Guest
Re: NOTE: TRO/ROOT KIT is still undetectable by all AV provider. you may be infected
« Reply #7 on: February 05, 2013, 02:50:51 AM »
Laura.

I do not know where you read that info about Win32:Small-HUF [Trj] not being detected by Avast! because Avast! has been detecting it long ago.

http://forum.avast.com/index.php?topic=46877.msg394211#msg394211

Even now Avast! can detect it in memory from other security programs when they are updated with an incripted file about it. See msmpeng.exe (Windows defender). 

http://forum.avast.com/index.php?topic=93275.msg742526#msg742526
« Last Edit: February 05, 2013, 03:03:24 AM by iroc9555 »
Logged

Laura404

  • Guest
Re: NOTE: TRO/ROOT KIT is still undetectable by all AV provider. you may be infected
« Reply #8 on: February 05, 2013, 03:29:40 PM »
iroc9555 < Who said AVAST has never detect this trojan?

You diden't read my posting!

However, AVAST can't detect TRO/ROOT KIT right now!
Logged

iroc9555

  • Guest
Re: NOTE: TRO/ROOT KIT is still undetectable by all AV provider. you may be infected
« Reply #9 on: February 06, 2013, 02:49:33 AM »
OK :-X

Quote from: Pondus on February 03, 2013, 09:23:25 PM
If they need removal help they should follow this guide and attach the requsted logs
http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR


When done a removal expert will help.....and the help is free.  ;)

Quote from: avast@ advantage77.com on February 05, 2013, 01:28:42 AM
Please have 1 of your infected friends provide us with a sample.
Logged
Pages: [1]   Go Up
« previous next »