new virus ntdetec1.exe

[Srinivasan]

The new virus ntdetec1.exe with autorun.inf file has spread from pendrive to hard disk also and avast home edition does not detect or remove it. The information was sent to avast support by email and waiting for a solution. Any suggestions to remove it?

[Lisandro]

Seems indeed a new virus. I did not find any entry searching the board for ntdetec1.exe keyword.
To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
Other possibility is JOTTI. VirusTotal and Jotti both have file size limits 10 and 15MB each.

[polonus]

Hi Srinivasan,

It is a virus, like a trojan dropper. You can succesfully remove it.
It spreads here via USB pen drives.
Removal:
Reboot to safe mode.
Probably hidden folders will not be seen on your system due to virus making registry changes.
Make appropriate registry changes as per: http://technodigits.wordpress.com/2007/05/13/show-hidden-files-and-folders-not-working/

Now hidden folders will be seen.

Then locate folder C:\ntdetec1

Delete folder.

Boot to normal mode
Run hijackthis and remove the registry entry for ntdetec1.exe

polonus

[Srinivasan]

Thanks Tech and Polonus.
Before I read Polonus's mail I ran Jotti and got the following result for the pen drive virus ntdetec1.exe
 
Scanner results
Scan taken on 11 Jan 2008 14:28:34 (GMT)
AntiVir    
Found DR/AutoHK.B, TR/AutoHK.B
ArcaVir    
Found nothing
Avast    
Found nothing
AVG Antivirus    
Found Dropper.Generic.TDB, Generic9.AGHB, Generic9.AGHC, Generic9.AGHD, Generic9.AGHF
BitDefender    
Found nothing
ClamAV    
Found nothing
CPsecure    
Found nothing
Dr.Web    
Found nothing
F-Prot Antivirus    
Found nothing
F-Secure Anti-Virus    
Found Trojan.Win32.AutoHK.b, Trojan.Win32.AutoHK.c, Trojan.Win32.AutoHK.d, Trojan.Win32.AutoHK.e
Fortinet    
Found nothing
Ikarus    
Found Trojan.Win32.AutoHK.b, Trojan.Win32.AutoHK.c, Trojan.Win32.AutoHK.d, Trojan.Win32.AutoHK.e
Kaspersky Anti-Virus    
Found Trojan.Win32.AutoHK.b, Trojan.Win32.AutoHK.c, Trojan.Win32.AutoHK.d, Trojan.Win32.AutoHK.e
NOD32    
Found nothing
Norman Virus Control    
Found nothing
Panda Antivirus    
Found nothing
Rising Antivirus    
Found nothing
Sophos Antivirus    
Found Mal/Generic-A
VirusBuster    
Found Trojan.AutoHK.A, Trojan.AutoHK.F, Trojan.AutoHK.B, Trojan.AutoHK.D, Trojan.AutoHK.E, Trojan.AutoHK.C
VBA32    
Found Trojan.Win32.AutoHK.e, Trojan.Win32.AutoHK.c, Trojan.Win32.AutoHK.d

Let me try the suggestion given by polonus.
Thanks again

[oldman]

This will help indentifing the malware since there is an autorun associated with it. This will show the mountpoints and the contents of the autoruns.

Please download and save it to your desktop.


QueryMountpoints


http://cid-32d8666f4048075b.skydrive.live.com/browse.aspx/Malware%20files

Plug in your usb device, double click the file you downloaded and post the results in your next reply.