Author Topic: Undetected malware  (Read 4661 times)

0 Members and 1 Guest are viewing this topic.

Wonda

  • Guest
Undetected malware
« on: February 12, 2010, 05:46:09 PM »
I found some malware that avast! didn't detect.

It was named hp.exe
file version: 1.5.0.1
description: kworpdysdnthqrn
comments: delkjkkbdkxfygk

It was located at J:\WINDOWS\hawlett packard\hp.exe
and registered at HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
and also at HKLM\etc.

I assume  ;) it is not a HP product: 'hawlett packard' is not the correct spelling
and the description and comment don't look very professional.

It forces to be executed at system startup, probably in more copies and produces a series of error messages:
Access Violation Error
The proces cannot access the file because it is being used by another process.

I removed the file and all references in the registry, and didn't see more effects.

Somebody knows this virus/worm/horse?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89439
  • No support PMs thanks
Re: Undetected malware
« Reply #1 on: February 12, 2010, 06:11:14 PM »
What avast version are you using 4.8 or 5.0 ?

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Wonda

  • Guest
Re: Undetected malware
« Reply #2 on: February 12, 2010, 08:25:14 PM »
What avast version are you using 4.8 or 5.0 ?

I'm using version 4.8.1368, and that version is 'Already up to date'

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.

Good idea! This is the result:

http://www.virustotal.com/analisis/96909c99d6dbe5097b654715a611958dd6f6fdbdcdb28d3e4d06e0bc6e01b943-1266001455

It looks not completely harmless.......

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89439
  • No support PMs thanks
Re: Undetected malware
« Reply #3 on: February 12, 2010, 08:56:53 PM »
Yes, it looks highly suspect, though the majority of the detections are using heuristic detections, which are more prone to mis-detection.

Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and false positive/undetected malware in the subject.
 
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
 
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

Yes, it is up to date for avast 4.8, there is a rolling program update cycle to spread the load on the servers as 100 million plus avast users are updated.

-  Download avast 5.0.396 free antivirus - http://www.majorgeeks.com/download1968.html?2010-01-29
Whilst that one isn't the latest for version 5.0, once installed you should be able to do a manual program update from the User Interface (UI) to get 5.0.418 (only a small incremental update from .396).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33983
  • malware fighter
Re: Undetected malware
« Reply #4 on: February 12, 2010, 10:32:14 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Wonda

  • Guest
Re: Undetected malware
« Reply #5 on: February 13, 2010, 12:43:51 PM »
@DavidR

The undefined object has been uploaded from the chest; and I have avast 5.0.418 (quite different view, clearer UI). Thanks.

@polonus

I use SuperAntiSpyware frequently, but it only found tracking cookies ;)
"Advanced Malware Removal" is an interesting document, but lets a lot unexplained. >:(

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33983
  • malware fighter
Re: Undetected malware
« Reply #6 on: February 13, 2010, 01:31:12 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89439
  • No support PMs thanks
Re: Undetected malware
« Reply #7 on: February 13, 2010, 04:20:49 PM »
@DavidR

The undefined object has been uploaded from the chest; and I have avast 5.0.418 (quite different view, clearer UI). Thanks.
<snip>

No problem, glad I could help.

Yes the 5.0 UI is different, but as you say it is much clearer and easier to get to know and use it.

Welcome to the forums.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security