Avast WEBforum

Other => Viruses and worms => Topic started by: dboidin on July 20, 2009, 11:23:11 PM

Title: A new virus undetected by Avast : cv8j.exe and 6bgke.exe
Post by: dboidin on July 20, 2009, 11:23:11 PM
I don't know where I could say to Avast team but I found 2 new virus undetected by avast scanning ..
the only way to delete them is to launch a command shell and use dir /a:h and del /a:h /f
their name are:

6bgke.exe
del cv8j.exe

..don't forget to delete autorun.inf too !
see u!
Title: Re: A new virus undetected by Avast : cv8j.exe and 6bgke.exe
Post by: nmb on July 20, 2009, 11:28:15 PM
Hello dboidin

Virus chest > user files > add files(browse files) > click email to avast icon.
Title: Re: A new virus undetected by Avast : cv8j.exe and 6bgke.exe
Post by: polonus on July 20, 2009, 11:46:38 PM
Hi dboidin,

Thanks for the heads up on this: http://www.prevx.com/filenames/2282358596152892616-X1/6BGKE.EXE.html
Use of FlashDisinfector was needed, download from here: http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe
For the malware cleansing in a later stadium avenger was brought in:
http://swandog46.geekstogo.com/avenger2/avenger.exe
Example of cleansing routine for this backdoor.rootkit (in polish): http://forum.pcformat.pl/thread-168888.html

polonus
Title: Re: A new virus undetected by Avast : cv8j.exe and 6bgke.exe
Post by: DavidR on July 20, 2009, 11:47:55 PM
I don't know where I could say to Avast team but I found 2 new virus undetected by avast scanning ..
the only way to delete them is to launch a command shell and use dir /a:h and del /a:h /f
their name are:

6bgke.exe
del cv8j.exe

..don't forget to delete autorun.inf too !
see u!

It would have been nice if you could have sent the samples to avast.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive/undetected malware in the subject.
 
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
 
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

To help prevent autorun infections in the future:
1. Flash Drive Disinfector
Information and Download Flash_Disinfector.exe by sUBs from >here< (http://experi3nc3.wordpress.com/2007/05/10/flash-disinfector-by-subs/) and save it to your desktop.Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Title: Re: A new virus undetected by Avast : cv8j.exe and 6bgke.exe
Post by: Maxx_original on July 20, 2009, 11:55:20 PM
wasn't there a heuristic warning about these files?
Title: Re: A new virus undetected by Avast : cv8j.exe and 6bgke.exe
Post by: polonus on July 21, 2009, 12:01:11 AM
Hi Maxx_original,

Is this what you mean? 0 re:  http://www.prevx.com/avgraph/2/Avast.html
found as I googled for: 6bgke.exe

polonus
Title: Re: A new virus undetected by Avast : cv8j.exe and 6bgke.exe
Post by: Maxx_original on July 21, 2009, 09:24:16 AM
these files are most probably related to Win32:Kavos and should be reported by the antirootkit module, that's why i asked..
Title: Re: A new virus undetected by Avast : cv8j.exe and 6bgke.exe
Post by: dboidin on July 21, 2009, 09:29:29 AM
Thank you very much for help !!! .. I found lot of info on pcformat forum !! .. I found hidden files in C:\WINDOWS\system32 that infected my computer each start .. hoping that time it will be ok with these virus !!

..I 'll try to send that shit sample to the Avast mail as soon as possible (when viruses will come back! I deleted them for the moment)

..it seems virus come back and stay on system with windows explorer, you have to relaunch explorer to delete them from system during use..

I have to specify that even with a boot scanning, Avast is completely blind with these viruses.. so be careful, if you can't show hidden files anymore, It could be these viruses !!

see u !! ;-)