Author Topic: [help]Avast4.7 can't catch the virus called "msn.exe"!!  (Read 9136 times)

0 Members and 1 Guest are viewing this topic.

czh

  • Guest
[help]Avast4.7 can't catch the virus called "msn.exe"!!
« on: November 02, 2007, 06:26:11 AM »
I used to trust my Avast4.7 very much,but nowadays I don't know how to say. I found a virus called "msn.exe" has infected my computer for about 20 days. It coyies itself to every c:\ d:\ e:\ f:\  with the file autorun.inf,and add itself to the start-up menu(can't remove). When my computer link to the internet,it will open a unfriendly web at background,if you don't use some monitor software you can't find it. even worse,when you insert a Usb device It will be infected immediately.                           

I have sent the virus simple as the form you told us on your web site for more than 5 times with different e-mail accounts through the 2 weeks. but may be your company ignore all my letters. I'm so sad!! :'(

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: [help]Avast4.7 can't catch the virus called "msn.exe"!!
« Reply #1 on: November 02, 2007, 06:32:36 AM »
Hi welcome to the forum.

What is the full name and path of the file? Submit the file to www.virustotal.com and post the results here.

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: [help]Avast4.7 can't catch the virus called "msn.exe"!!
« Reply #2 on: November 02, 2007, 09:30:41 AM »
okaay, send the file to virus[at]avast[dot]com in password protected archive and fill in "for misak - autorun virus" as the subject...

czh

  • Guest
Re: [help]Avast4.7 can't catch the virus called "msn.exe"!!
« Reply #3 on: November 02, 2007, 11:31:41 AM »
well,I just finish my class. I have send the simple of "msn.exe" to virus@avast.com.
And the www.virustotal.com is on working , I'll report the result later.

czh

  • Guest
Re: [help]Avast4.7 can't catch the virus called "msn.exe"!!
« Reply #4 on: November 02, 2007, 11:37:33 AM »
The result is at:
http://www.virustotal.com/zh-cn/resultado.html?def57f901589ff557f2df78a1eb990f0
文件 msn.exe 接收于 2007.11.02 11:29:50 (CET)
当前状态: 正在读取 ... 队列中 等待中 扫描中 完成 未发现 停止


结果: 20/32 (62.5%)
正在读取服务器信息中...
您的文件所排队列位置: ___.
预计开始时间为 ___ 和 ___ 之间.
扫描完成前请勿关闭窗口.
目前针对您的文件所进行的扫描进程已停止, 我们将会在稍后恢复.
如果您的等候时间超过 5 分钟, 请重新发送文件.
您的文件目前正在被 VirusTotal 扫描中,
结果将会稍后完成时生成.
 格式化文本 打印结果 
您的文件已过期或不存在.
目前服务已停止, 您的文件将会稍后的未知时间内进行扫描 (位置: ).

您可以继续等待回应 (自动读取) 或者在下面的表单内输入您的电子邮件地址, 并按下 "获取", 当扫描完成时, 系统会自动给您发送电子邮件通知.
 Email: 
 

反病毒引擎 版本 最后更新 扫描结果
AhnLab-V3 2007.11.2.1 2007.11.02 -
AntiVir 7.6.0.30 2007.11.02 HEUR/Crypted
Authentium 4.93.8 2007.11.01 -
Avast 4.7.1074.0 2007.11.02 -
AVG 7.5.0.503 2007.11.01 Generic7.UXW
BitDefender 7.2 2007.11.02 Packer.PEArmor.A
CAT-QuickHeal 9.00 2007.11.01 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.11.01 -
DrWeb 4.44.0.09170 2007.11.02 Win32.HLLW.Autoruner.791
eSafe 7.0.15.0 2007.10.28 Suspicious File
eTrust-Vet 31.2.5262 2007.11.02 -
Ewido 4.0 2007.11.01 -
FileAdvisor 1 2007.11.02 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.11.01 -
F-Secure 6.70.13030.0 2007.11.02 Virus.Win32.Virut.n
Ikarus T3.1.1.12 2007.11.02 Packed.Win32.Klone.af
Kaspersky 7.0.0.125 2007.11.02 Virus.Win32.Virut.n
McAfee 5154 2007.11.01 W32/Autorun.worm.h
Microsoft 1.2908 2007.11.02 -
NOD32v2 2633 2007.11.02 Win32/Packed.PEArmor.Gen
Norman 5.80.02 2007.11.02 W32/Kenfa.D
Panda 9.0.0.4 2007.11.02 Suspicious file
Prevx1 V2 2007.11.02 Heuristic: Suspicious File With Outbound Communications
Rising 20.16.41.00 2007.11.02 Worm.Win32.Agent.iqo
Sophos 4.23.0 2007.11.02 Mal/EncPk-U
Sunbelt 2.2.907.0 2007.10.31 VIPRE.Suspicious
Symantec 10 2007.11.02 W32.SillyDC
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.11.02 -
VirusBuster 4.3.26:9 2007.11.01 Packed/PE-Armor
Webwasher-Gateway 6.6.1 2007.11.02 Heuristic.Crypted
附加信息
File size: 141312 bytes
MD5: 60b85d6b0bc168ffbe61bd66570e1ac3
SHA1: df1dc0d18ddec29e0dde48fbb63fa53a1ed23ee4
packers: PE-Armor
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=EBBC765500936C07285002526F74DD000CD46DCD
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.



it seems a real virus..
« Last Edit: November 02, 2007, 11:40:27 AM by czh »

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: [help]Avast4.7 can't catch the virus called "msn.exe"!!
« Reply #5 on: November 02, 2007, 11:43:57 AM »
i'm done with the Virut detection update.. now i must test it for false positives.. expect the detection after this weekend... anyway - misak will take a look at this particular file and judge if it is a "standard" autorun malware or a Virut infected file..

czh

  • Guest
Re: [help]Avast4.7 can't catch the virus called "msn.exe"!!
« Reply #6 on: November 02, 2007, 11:52:39 AM »
Ok,just test it,I'm sure it is a virus.Because in my school,about 20 computer was infected.

I'll wait to update your Avast4.7.         Thanks&Good luck!

czh

  • Guest
Re: [help]Avast4.7 can't catch the virus called "msn.exe"!!
« Reply #7 on: November 06, 2007, 02:58:43 PM »
I have already updated the database of avast4.7,but your software still unable to kill the virus....more and more computers in my school have infected.....worry about that....

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: [help]Avast4.7 can't catch the virus called "msn.exe"!!
« Reply #8 on: November 06, 2007, 03:19:36 PM »
someone spreaded the virus via flash disk probably... now i'm sure, that it isn't Virut... i think, misak has made the detection, but it's not yet released..

czh

  • Guest
Re: [help]Avast4.7 can't catch the virus called "msn.exe"!!
« Reply #9 on: November 08, 2007, 05:04:55 AM »
Well,Finally,after update the database today,your avast4.7 can catch the virut...

Any way, thanks ~~all your missionary... :D

« Last Edit: November 08, 2007, 05:06:51 AM by czh »