Author Topic: chat_with_savita.txt.vbs (Read 5169 times)

REDACTED · « **on:** October 11, 2014, 10:44:55 PM »

Hi all,
I recently encountered this virus on one of USB drives I use. I have attached the virus file herewith. Also, it went undetected when ran a scan with Avast Free Antivirus 2014.9.0.2021. The virus definitions are also up-to-date.
A forum: http://how-to-remove.us/chat_with_savita-txt-vbs/ mentions a detection rate of 2% of this virus.

Pondus · « **Reply #1 on:** October 11, 2014, 11:31:22 PM »

I guess MCShield will stop it ...... www.mcshield.net

all those detecting as Trojan.Vbs.UBF are using Bitdefender engine
https://www.virustotal.com/nb/file/d081c7d1ab2dafcab2bf440cb9faf22cef57265b369ec2afa64617cae2ba1454/analysis/1413063176/

REDACTED · « **Reply #2 on:** October 12, 2014, 09:55:38 AM »

Interesting. Monitoring.

Michael (alan1998) · « **Reply #3 on:** October 12, 2014, 01:20:34 PM »

Is this supposed to be some sort of VS Worm infection?

Pondus · « **Reply #4 on:** October 12, 2014, 03:29:16 PM »

Norman

===============================================================================
Hi,

File is encrypted and after decryption we didn't get any malicious activity. Virus total and other AV are detecting on the basis of encryption not on any malicious activity.

Thanks
=================================================================================

from F-secure after i told them what Norman said
=======================================================================================================
Hello,

Thank you for your clarification.

However we decided the detection will stay valid due to the content of the file which might be related to a malicious activity.

Best regards,
=============================================================================================================

Sophos and Avira added detection for it ......

REDACTED · « **Reply #5 on:** November 05, 2014, 03:24:20 PM »

I haven't seen any malicious activities by it on my system monitor, but the VBS file transfers itself to every drive plugged into the system and makes a copy of itself in all level 1 subfolders. I tried manually deleting it, and as expected no use. A clean format helps, but can not be permanent solution..
And funny to see some other anti-malware being mentioned on Avast official forum

Still, will try that..

REDACTED · « **Reply #6 on:** December 05, 2014, 06:13:32 PM »

Quote from: Pondus on October 11, 2014, 11:31:22 PM

I guess MCShield will stop it ...... www.mcshield.net

all those detecting as Trojan.Vbs.UBF are using Bitdefender engine
https://www.virustotal.com/nb/file/d081c7d1ab2dafcab2bf440cb9faf22cef57265b369ec2afa64617cae2ba1454/analysis/1413063176/

Sorry, no help using MCShield...

Pondus · « **Reply #7 on:** December 05, 2014, 07:07:46 PM »

two months later, only 13 detect, and half of them use Bitdefender engine
https://www.virustotal.com/nb/file/d081c7d1ab2dafcab2bf440cb9faf22cef57265b369ec2afa64617cae2ba1454/analysis/1417802288/

read my post above with info from Norman lab ......

Author Topic: chat_with_savita.txt.vbs (Read 5169 times)

REDACTED

chat_with_savita.txt.vbs

Pondus

Re: chat_with_savita.txt.vbs

REDACTED

Re: chat_with_savita.txt.vbs

Michael (alan1998)

Re: chat_with_savita.txt.vbs

Pondus

Re: chat_with_savita.txt.vbs

REDACTED

Re: chat_with_savita.txt.vbs

REDACTED

Re: chat_with_savita.txt.vbs

Pondus

Re: chat_with_savita.txt.vbs