ATTN: Avast Staff... Please Add this virus to your Detection Database

[mburris]

Currently working on a customer's PC that is infected with a virus avast isn't detecting....

the file is alg.exe

normally this file when located in windows\system32 is a valid file, in this case its in c:\windows\ and is very malicious...

here is the scan list from VirusTotal.com:

Code: [Select]

Antivirus Version Update Result
AntiVir 6.35.0.19     06.28.2006     Worm/Sdbot.59904.27
Authentium 4.93.8  06.28.2006     W32/Sdbot.TAF
Avast 4.7.844.0      06.28.2006     no virus found
AVG 386                  06.27.2006 I   RC/BackDoor.SdBot2.BMN
BitDefender 7.2       06.28.2006    Backdoor.SdBot.AAD
CAT-QuickHeal 8.00 06.28.2006 (Suspicious) - DNAScan
eTrust-InoculateIT 23.72.51 06.27.2006     Win32/Sdbot.8lp!Worm
eTrust-Vet 12.6.2279 06.28.2006 Win32/Petribot.SN
Ewido 3.5 06.28.2006 Backdoor.SdBot.aad
Fortinet 2.77.0.0 06.28.2006 W32/SDBot.AAD!tr.bdr
F-Prot 3.16f 06.28.2006 security risk named W32/Sdbot.TAF
Ikarus 0.2.65.0 06.28.2006 Backdoor.Win32.SdBot.AAD
Kaspersky 4.0.2.24 06.28.2006 Backdoor.Win32.SdBot.aad
McAfee 4794 06.27.2006 W32/Sdbot.worm.gen.as
Microsoft 1.1481 06.28.2006  no virus found
NOD32v2 1.1630 06.28.2006 a variant of IRC/SdBot
Norman 5.90.21 06.28.2006 W32/SDBot.ADFV
Panda 9.0.0.4 06.28.2006 W32/Sdbot.HGY.worm
Sophos 4.07.0 06.28.2006 W32/Tilebot-EU
Symantec 8.0 06.28.2006 W32.Spybot.Worm
TheHacker 5.9.8.166 06.28.2006  no virus found
UNA 1.83 06.28.2006 Backdoor.SdBot
VBA32 3.11.0 06.27.2006 Backdoor.Win32.SdBot.aad
VirusBuster 4.3.7:9 06.28.2006 Worm.SdBot.CGG

I have attached the virus file... a txt file extension has been added for uploading.

Thanks,
Matt

[DavidR]

Please don't put live viruses on the forums or link to them (please modify your post), send it to virus @ avast.com

If you are not getting a virus warning that you believe is a new, undetected virus  then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a new, undetected virus and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

[iwannet]

dont forget mine
put it into new VPS update
http://forum.avast.com/index.php?topic=22010.0

[DavidR]

I have no idea why you posted in this Topic started by mburris, if you wanted to bring attention to your post then that would be the place to do it. A post in that Topic would bump it to the top of the list, drawing direct attention to it. This way doesn't.

[iwannet]

Sorry Dave..
Sorry Mburris..

I remember my last succesfull request database, only few hours done by FIXER