a new virus or trj .but no antivirus software kill it yet

[starfox990]

This virus build a folder in "c:\program files\Microsoft\" It's name is Rundll32.exe or msdll.exe
In %windows%\ and %windows%\system32  folder ,build many .exe files. example :0sy.exe 1sy.exe realplay.exe  etc.
Until now ,No antivirus softwares can find and kill it .I try "Rising 2006""Kingsoft AV 2006""McAfee""Kaspaskee""KV2006" ,no one can find it .Its icons likes Excel Realplay ,but name is _logo1.exe 0sy.exe ^^^^
My English is not well .I am sorry about it .

[Lisandro]

Do you have infected files to send to analysis?
Send an email with the file (false positive or infected) to: virus@avast.com

You can use Alwil FTP server as a second way to transfer only big files. Upload them to ftp://ftp.avast.com/incoming (please, note that you won't have READ access to the ftp server, just write - so you won't even be able to see what you've just uploaded).

Thanks 

[FreewheelinFrank]

Hi starfox990,

I think you have a variant of the "Looked" worm, possibly Win32.Looked.AH, as all the symptoms fit, and it only emerged a few days ago:

http://sarc.com/avcenter/venc/data/w32.looked.ah.html

Removal is going to involve killing the malicious dll running in iexplorer.exe or explorer.exe, Dll.dll, and killing any malicious processes running. (You can do this with Process Explorer.) You will than have to delete any malicious registry entries, reboot and delete the malicious files.

http://www.sysinternals.com/Utilities/ProcessExplorer.html

If this is beyond your technical expertise, try running online scans by F-Secure and Trend Micro.

http://support.f-secure.com/enu/home/ols.shtml

http://housecall.trendmicro.com/

If the virus definition has not been added, it will be soon, so if it is not detected, try again a few days later.

Good luck!