Author Topic: A new virus undetected by Avast : cv8j.exe and 6bgke.exe  (Read 7636 times)

0 Members and 1 Guest are viewing this topic.

Offline dboidin

  • Newbie
  • *
  • Posts: 2
A new virus undetected by Avast : cv8j.exe and 6bgke.exe
« on: July 20, 2009, 11:23:11 PM »
I don't know where I could say to Avast team but I found 2 new virus undetected by avast scanning ..
the only way to delete them is to launch a command shell and use dir /a:h and del /a:h /f
their name are:

6bgke.exe
del cv8j.exe

..don't forget to delete autorun.inf too !
see u!

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3061
Re: A new virus undetected by Avast : cv8j.exe and 6bgke.exe
« Reply #1 on: July 20, 2009, 11:28:15 PM »
Hello dboidin

Virus chest > user files > add files(browse files) > click email to avast icon.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31879
  • malware fighter
Re: A new virus undetected by Avast : cv8j.exe and 6bgke.exe
« Reply #2 on: July 20, 2009, 11:46:38 PM »
Hi dboidin,

Thanks for the heads up on this: http://www.prevx.com/filenames/2282358596152892616-X1/6BGKE.EXE.html
Use of FlashDisinfector was needed, download from here: http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe
For the malware cleansing in a later stadium avenger was brought in:
http://swandog46.geekstogo.com/avenger2/avenger.exe
Example of cleansing routine for this backdoor.rootkit (in polish): http://forum.pcformat.pl/thread-168888.html

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82206
  • No support PMs thanks
Re: A new virus undetected by Avast : cv8j.exe and 6bgke.exe
« Reply #3 on: July 20, 2009, 11:47:55 PM »
I don't know where I could say to Avast team but I found 2 new virus undetected by avast scanning ..
the only way to delete them is to launch a command shell and use dir /a:h and del /a:h /f
their name are:

6bgke.exe
del cv8j.exe

..don't forget to delete autorun.inf too !
see u!

It would have been nice if you could have sent the samples to avast.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive/undetected malware in the subject.
 
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
 
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

To help prevent autorun infections in the future:
1. Flash Drive Disinfector
Information and Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4793.541) UI-1.0.415/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: A new virus undetected by Avast : cv8j.exe and 6bgke.exe
« Reply #4 on: July 20, 2009, 11:55:20 PM »
wasn't there a heuristic warning about these files?

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31879
  • malware fighter
Re: A new virus undetected by Avast : cv8j.exe and 6bgke.exe
« Reply #5 on: July 21, 2009, 12:01:11 AM »
Hi Maxx_original,

Is this what you mean? 0 re:  http://www.prevx.com/avgraph/2/Avast.html
found as I googled for: 6bgke.exe

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: A new virus undetected by Avast : cv8j.exe and 6bgke.exe
« Reply #6 on: July 21, 2009, 09:24:16 AM »
these files are most probably related to Win32:Kavos and should be reported by the antirootkit module, that's why i asked..

Offline dboidin

  • Newbie
  • *
  • Posts: 2
Re: A new virus undetected by Avast : cv8j.exe and 6bgke.exe
« Reply #7 on: July 21, 2009, 09:29:29 AM »
Thank you very much for help !!! .. I found lot of info on pcformat forum !! .. I found hidden files in C:\WINDOWS\system32 that infected my computer each start .. hoping that time it will be ok with these virus !!

..I 'll try to send that shit sample to the Avast mail as soon as possible (when viruses will come back! I deleted them for the moment)

..it seems virus come back and stay on system with windows explorer, you have to relaunch explorer to delete them from system during use..

I have to specify that even with a boot scanning, Avast is completely blind with these viruses.. so be careful, if you can't show hidden files anymore, It could be these viruses !!

see u !! ;-)
« Last Edit: July 21, 2009, 09:32:47 AM by dboidin »