Nasty undetected trojan/virus - ntos.exe

[|2shy|]

Hi! I've been using avast.home/free for quite sometime already and it has worked as expected for most of the time.

Just got infected today by a nasty one. The file is called ntos.exe and, after some googling, it seems that even if it's already old news, the little bugger has some new tricks up it's sleeve.

I already has able to get rid of it, after some googling and file juggling, but just thought to alert you has avast did not catch it.
I got suspicious after my backup firewall, the software one behind the main that's on my router, alerted me to some code injections attempts.
Only because of this early alerts from the firewall I has able to kill the bugger before it took over most of the machine, as avast did not suspected or alerted me for anything unusual.

Thanks for the attention, keep up the good work and, if you feel like it, just get a closer look at this old bugger in it's new clothes.

Note: If I'm on the wrong forum, please reallocate this post and accept my apologies. Tks.

[sanctuary24]

Did you send the suspicious file to Avast for analysis?

[|2shy|]

Did you send the suspicious file to Avast for analysis?

Nope. As it's not difficult to understand, my main concern was to kill the little bugger as fast as I could and before it could spread out of control inside my machine/LAN.
Like I already said, it's not a new problem but instead it looks like an old one with some new tricks up it's dirty sleeve.

And what made me post in here was the absolute lack of even a minimal alert from avast. I never doubted that it was a piece of malware as soon as I found it, right after the very 1st alert from my firewall. And that is the most curious part of it, as I always thought that the very 1st warning should came from the AV.

Just google it a bit and you know what I mean. "Results 1 - 10 of about 25,900 for ntos.exe"

[FreewheelinFrank]

The bad news is as with Morphine z-lob this trojan is now being repacked as regular as clockwork(names,file size etc) to evade detections & cleaning routines but yet still retaining its thoroughly unpleasent operative capabilities listed in the PDF research paper.

http://www.wilderssecurity.com/showthread.php?t=154844

as regular as clockwork...  In some cases, that's quite literally, because new variant emerge on the hour. Don't rely on any AV to catch them. You have to actively avoid these bad files. Don't open email attachments (unless you are 100% sure of the source), don't download files from the web (except from 100% trustworthy sites), and keep your system secure:

http://secunia.com/software_inspector/

[|2shy|]

Don't open email attachments (unless you are 100% sure of the source), don't download files from the web (except from 100% trustworthy sites), and keep your system secure.

Just for the sake of curiosity I don't remember having done any of those nasty things.
The only way, as I can recall, it can have entered in here was through java because mine was not fully updated. I missed one update. Nothing else did I wrong, as I can recall. Anyway, it was taken care of. At least for today

[DavidR]

Which is where the Secunia link comes in handy, keeping your system/security software up to date. It especially should find out of date JAVA versions as it uses JAVA to run the check (in firefox browser).