Author Topic: a new folder.exe virus is there... not detected by latest avast, avg or kav  (Read 5014 times)

Offline amit2411

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
a virus of 277 kilobytes has infectd my pc... please help.
it makes its copy in each folder and names itself accord to parent folder..

location is in d,e,f drives... c is nt infected..

task manager cant be opened..
not detected by latest avast, avg or kav

what to do?????

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive/undetected malware in the subject.
 
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
 
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.

As for the task manager issue, that is likely to be a change of the file associations for it or some sort of intercept. Do a search for taskmgr.exe (c:\windows\system32 folder in my XP Pro) and copy that to the c:\ folder, now rename it taskmgr1.exe. Now try executing that, hopefully it won't be intercepted.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline amit2411

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
28 antivir programmes detect a virus in it.. but not our AVAST.. WHY??????? ??? ???

accord to online scan on link-
http://www.virustotal.com/analisis/84483c6349bf73380977c49dc52da125


File DBMS.exe received on 03.03.2009 12:07:44 (CET)
Current status: finished

Result: 28/39 (71.79%)
 Compact Print results 
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.03 Worm.Win32.AutoIt!IK
AhnLab-V3 5.0.0.2 2009.02.27 Win32/Sohanad.worm.368327
AntiVir 7.9.0.98 2009.03.03 Worm/Sohaned.BP
Authentium 5.1.0.4 2009.03.03 W32/Trojan3.XB
Avast 4.8.1335.0 2009.03.02 -
AVG 8.0.0.237 2009.03.03 -
BitDefender 7.2 2009.03.03 Win32.Worm.Sohanat.BP
CAT-QuickHeal 10.00 2009.03.03 Worm.AutoIt.ch
ClamAV 0.94.1 2009.03.03 Worm.Autorun-1782
Comodo 1017 2009.03.03 -
DrWeb 4.44.0.09170 2009.03.03 -
eSafe 7.0.17.0 2009.03.02 Suspicious File
eTrust-Vet 31.6.6381 2009.03.03 Win32/Yahlover.EV
F-Prot 4.4.4.56 2009.03.02 W32/Trojan3.XB
F-Secure 8.0.14470.0 2009.03.03 Worm.Win32.AutoIt.ch
Fortinet 3.117.0.0 2009.03.03 -
GData 19 2009.03.03 Win32.Worm.Sohanat.BP
Ikarus T3.1.1.45.0 2009.03.03 Worm.Win32.AutoIt
K7AntiVirus 7.10.654 2009.03.02 Worm.Win32.Sohanad
Kaspersky 7.0.0.125 2009.03.03 Worm.Win32.AutoIt.ch
McAfee 5541 2009.03.02 W32/YahLover.worm.gen
McAfee+Artemis 5541 2009.03.02 W32/YahLover.worm.gen
Microsoft 1.4306 2009.03.03 Worm:AutoIt/Sohanad.AQ
NOD32 3904 2009.03.03 Win32/Autoit.FJ
Norman 6.00.06 2009.03.02 BAT/Suspicious.A
nProtect 2009.1.8.0 2009.03.03 -
Panda 10.0.0.10 2009.03.02 Trj/CI.A
PCTools 4.4.2.0 2009.03.02 Worm.AutoIt.dn
Prevx1 V2 2009.03.03 -
Rising 21.19.11.00 2009.03.03 Trojan.DL.Win32.Undef.cqz
SecureWeb-Gateway 6.7.6 2009.03.03 Worm.Sohaned.BP
Sophos 4.39.0 2009.03.03 -
Sunbelt 3.2.1858.2 2009.03.02 -
Symantec 10 2009.03.03 W32.Imaut.E
TheHacker 6.3.2.6.269 2009.03.02 -
TrendMicro 8.700.0.1004 2009.03.03 WORM_AUTORUN.DCB
VBA32 3.12.10.1 2009.03.03 Trojan-Downloader.Autoit.gen
ViRobot 2009.3.3.1632 2009.03.03 Worm.Win32.AutoIt.265927
VirusBuster 4.5.11.0 2009.03.02 -
Additional information
File size: 283648 bytes
MD5...: 0780e3873de84b10c669eeecf852d6fc
SHA1..: dcfabda68201f7d6938ba12ff5c3950cac1c0689
SHA256: 3ee887c2bcf3dd775ac522846ad6e4a1e1e25556bb5c65449d8e06c97acf7bd6
SHA512: d805ea417d0719b717df84b73909b6c90463d4032a0e1b72f43e4aaf6f6037d4
26290f5261ab05c6865abea49be46525b6f3e43f7f87296fc9359707eb3265df
ssdeep: 6144:8YZTNk3D6LyUXwLLk+cR3qh0GQ43VJRD0ew+/UO85:8SNC80I+cR3R03Vse
uO85
 
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x97cb0
timedatestamp.....: 0xa0a0a0a0L (invalid)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x5f000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x60000 0x38000 0x38000 7.93 37d7f8d0a10c996a7c736fe612e109d3
.rsrc 0x98000 0xd000 0xd000 4.38 9138f68f875b3b1a48797b7da7a798a0

( 13 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: RegCloseKey
> COMCTL32.dll: ImageList_Create
> comdlg32.dll: GetSaveFileNameW
> GDI32.dll: LineTo
> MPR.dll: WNetUseConnectionW
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHELL32.dll: DragFinish
> USER32.dll: GetDC
> VERSION.dll: VerQueryValueW
> WINMM.dll: timeGetTime
> WSOCK32.dll: -

( 0 exports )
 
packers (Kaspersky): PE_Patch.UPX, UPX


 ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.


Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.
 
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
 
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20119
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now