Author Topic: Brontok Wrm (Read 8538 times)

ronnie · « **on:** January 20, 2006, 01:56:46 PM »

Is there update for computer that being infected by Brontok new Version? This worm always make an exe file with 45Kb sizes. The previous Brontok Worm was make 42Kb file exe.

polonus · « **Reply #1 on:** January 20, 2006, 03:41:37 PM »

Hi Ronnie,

You mean this one?
http://www.sophos.com/virusinfo/analyses/w32brontokn.html

I have not the greenest if it is there. Update it to Jotti.de to be sure what AV-vendors have protection against it.

polonus

DavidR · « **Reply #2 on:** January 20, 2006, 03:58:13 PM »

There is a new Brontok detection in the latest VPS Update 20.01.2006 0603-4 , Win32:Brontok-F [Wrm], perhaps that is it. Jotti may confirm that providing the VPS is the latest.

ronnie · « **Reply #3 on:** January 21, 2006, 02:59:28 PM »

Guys thank you very much...

Regards,
Ronnie

DavidR · « **Reply #4 on:** January 21, 2006, 03:12:48 PM »

Did you have the file, if so does avast now detect it?

Welcome to the forums.

polonus · « **Reply #5 on:** January 21, 2006, 04:16:00 PM »

Hello to you, DavidR,

Our advice to the virus-ridden always is to upload their agony to Jotti, so the virus will eventualy be distributed to the AV-vendors for analyzing. With Dr.WEB's it takes a couple of hours after upload and the new signatures are up and away on their update servers You can upload from their upload site. As whispered KAV is even sharper and faster still.

Yours truly,

polonus

DavidR · « **Reply #6 on:** January 21, 2006, 04:28:11 PM »

Which is what both you and I said previously.
The reason for my question was to find out if avast does in fact detect this new varient, which hasn't been stated by ronnie.

ronnie · « **Reply #7 on:** January 24, 2006, 07:01:22 AM »

Hi David, Hi Polonus..

I've already update the VPS as your suggestion but still can not detect this virus. I already send the sample to support@avast.com.

I hope avast team can help me with this virus.

Many thanks for your support.

Best Regards,
Ronnie

DavidR · « **Reply #8 on:** January 24, 2006, 02:23:35 PM »

If you are not getting a virus warning that and you believe it is a new, undetected virus, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest. This is the section that directly deals with virus sample submissions which may speed up any action.

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a new, undetected virus and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

If you submit it to Jotti and it is still undetected by avast it will also be forwarded to them - Jotti - Multi engine on-line virus scanner

polonus · « **Reply #9 on:** January 24, 2006, 03:17:50 PM »

Hi Ronnie,

If you like some more in-browser safety, you can download the DrWeb pre-hyperlink scanner plug in, a minimal 10 KB plug-in for various browsers, with which you can scan the hyperlink in the search- or webpage before you decide to click there. If the Spider is green and all reads OK your can decide to use that hyperlink and click through, if the Spider is red you are alerted to a virus, trojan or other malicious node, and you are ill-advised to click that particular link. The pre-link scanner plug in scans all hyperlinks against the signatures on the update servers of DrWeb in St. Petersburg, that are refreshed every several hours.
Get this extra in-browser security plug-in here:
http://info.drweb.com/show/2653

All the best and surf safe,

polonus

CharleyO · « **Reply #10 on:** January 24, 2006, 07:25:32 PM »

***

Polonus,

Are you using that plug-in and does it work quickly?

***

polonus · « **Reply #11 on:** January 24, 2006, 10:49:38 PM »

Yes CharleyO to both questions, it is a minimal plug-in only to be installed inside an IE browser, or in Firefox, Flock or Opera.
It is fast, it returns the data in a seperate window if the Spider there is green and code en script reads OK, you can click the hyperlink because where you go is safe. Pre-clicking and getting the windows back from the St. Peterburg update server of Dr.Web is a quastion of seconds and the signatures your hyperlink data are checked against are only a couple of hours old at the utmost, second update rate behind Kaspersky's. I have this plug-in, my wife uses it, my uncle and aunt, I use it at work, and I know a lot of people here in the forum have it installed. They use it just as a second opinion, when they are send a suspicious link. If a virus or a trojan or a worm is there the Spider gets red, and the name of the malware is given.
In that case never click through on such a link or you are infected. Surf safe, CharleyO,

polonus

CharleyO · « **Reply #12 on:** January 25, 2006, 01:14:33 AM »

***

Thanks polonus ... it's downloaded and installed!

***

Marc57 · « **Reply #13 on:** January 25, 2006, 08:23:06 AM »

Good find, Thanks polonus.

ronnie · « **Reply #14 on:** January 27, 2006, 12:54:39 AM »

Thanks to Avast, with VPS 25-01-06 this virus can be remove...

Author Topic: Brontok Wrm (Read 8538 times)

ronnie

Brontok Wrm

polonus

Re: Brontok Wrm

DavidR

Re: Brontok Wrm

ronnie

Re: Brontok Wrm

DavidR

Re: Brontok Wrm

polonus

Re: Brontok Wrm

DavidR

Re: Brontok Wrm

ronnie

Re: Brontok Wrm

DavidR

Re: Brontok Wrm

polonus

Re: Brontok Wrm

CharleyO

Re: Brontok Wrm

polonus

Re: Brontok Wrm

CharleyO

Re: Brontok Wrm

Marc57

Re: Brontok Wrm

ronnie

Re: Brontok Wrm