o no~ avast can't detect the worm.but others can!

[locolyric]

why? avast can't detect the virus . but others software can do it....god ..... i have already with latest update..why still infect by virus ?

sad...and 

[Lisandro]

You're not helping us to help you that much...
Which is the virus name?
Which is the infected file and its path?
Which other 'software' you're talking about?
Which is your operational system, firewall... 

[CharleyO]

***

Welcome to the forums, locolyric.   

I have to agree with Tech ... very little information given = very little help given.   


***

[DavidR]

Sorry but we aren't clairvoyant so we will need more information, like what Tech asked for to try and help.

How do you know you are infected ?
What detected it ? and when/how ?

If you are not getting a virus warning that you believe is a new, undetected virus, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a new, undetected virus and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.

[polonus]

Hi locolyric,

Do not panic, it may be a false positive because you have two resident anti-virus programs running that are getting in each others' hair, or you have scanned with an online scanner that gives problems like Panda. Read the sticky in this forum what to do if a virus has been apparently found, and more than likely we can help you out

polonus

[locolyric]

i know i am not quite explain what happens with me . about the virus name . i don't know . it just create a exe same as the folder name.
i know it was the virus because my friend was run it unfortunely. and the virus will close all the anti virus application. when you want to enter the folder option. the explorer.exe will restart.

and you cannot run regedit and msconfig also.


my os is win XP.
and only use the avast software.i just test that virus at the others pc .

here are the virus files. thanks
actually it was a .exe files. but now it cannot be attach..so i rename it..
that virus won't effect before you double click it.

[locolyric]

o yes... actually it was not like virus .i think it was more like a worm.

additional information: the pc will running very slow .

[DavidR]

There is still too little to even take a stab at it.

Please try to give detailed answers this helps us.
How do you know you are infected - e.g. what was it called on your friends system ?
What detected it ? and when/how - what detected it on his system ?
What was the file name, where was it found example (C:\windows\system32\infected-file-name.xxx)?
This would at least allow for a google search on the infected/suspect file name and see if there is any known virus associated with it.

If you haven't already got this software (freeware), download, install, update and run it, Ewido Security Suite. It would probably be best to run it from safe mode. Once you have done that schedule a boot-time scan from within avast.

You could also try an on-line virus scanner.
Virus Scanners and other useful Links Security-Ops.eu.tt

[locolyric]

so sorry for i can't explain detail. when my friends pc infected.i found a xx.txt file show at c drive. my friend's pc same as me,win xp.
it similiar with brontok version..but it was not brontok.because there have no any information in"my pictures"
but when infected.the cpu usage keep running high .and with you double click the .exe file again. a ms dos box appear and write some thing like what show in brontok..

i already delete the file ..it was hard to told that what is that virus

[locolyric]

i using the Jotti online malware scanner.
here is the result
AntiVir                 Found Heuristic/Trojan.Downloader
(probable variant) 

BitDefender        Found BehavesLike:Trojan.RegistryDisabler (probable variant) 
Dr.Web               Found Win32.HLLM.Jowo 
NOD32                Found probably a variant of Win32/Pazetus 



Norman Virus Control  Found Sandbox: W32/Malware; [ General information ]

* **Locates window "` ` [class NULL]" on desktop.
* Creating several executable files on hard-drive.
* **Locates window "~Brontok~Log~ [class NULL]" on desktop.
* **Locates window "C:\WINDOWS\J6334922.EXE"" [class NULL]" on desktop.
* **Locates window "C:\WINDOWS\J6186422.EXE"" [class NULL]" on desktop.
* File length: 45120 bytes.

[ Changes to filesystem ]
* Creates directory C:\WINDOWS\ShellNew.
* Creates directory C:\WINDOWS\ShellNew\Spread.Mail.Bro.
* Creates directory C:\WINDOWS\ShellNew\Spread.Sent.Bro.
* Creates directory \dv6179820x.
* Creates file C:\WINDOWS\ShellNew\smss.exe.
* Creates file C:\WINDOWS\j6334922.exe.
* Creates file C:\WINDOWS\SYSTEM32\c_33492k.com.
* Creates file C:\WINDOWS\ShellNew\zh591798284y.exe.
* Creates file C:\WINDOWS\o4334927.exe.
* Creates file C:\WINDOWS\_default33492.pif.
* Creates file \dv6179820x\yesbron.com.
* Creates file C:\WINDOWS\j6186422.exe.
* Creates file C:\WINDOWS\SYSTEM32\c_18642k.com.
* Creates file C:\WINDOWS\o4186427.exe.
* Deletes file C:\WINDOWS\ShellNew\zh591798284y.exemsatr.bin.

[ Changes to registry ]
* Creates value "f2916Cur"=""C:\WINDOWS\ShellNew\zh591798284y.exe"" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
* Modifies value "Hidden"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced".
* Modifies value "HideFileExt"="
" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced".
* Sets value "ShowSuperHidden"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced".
* Creates key "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System".
* Sets value "DisableRegistryTools"="
" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System". 


=============================
VBA32  Found Worm.Win32.Pazetus.G 


i think it was pazetus ....cause two software name it

hope avast will add this virus defination into antivirus programs

[DavidR]

avast can only add it to the virus detections when they have a sample of it, which is why I suggested this.

If you are not getting a virus warning that you believe is a new, undetected virus, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a new, undetected virus and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.