Author Topic: Virus Avast doesn't find (Read 4092 times)

kyuuketsuki_kurai · « **on:** March 13, 2010, 06:32:16 PM »

There's a virus that locks you out of windows, that's going around in Russia. My father-in-law managed to get it (don't ask how), and Avast! did not pick it up. I have sent it to Avast, so they can put it in the next update.
The file involved is gftkcydl.exe, and it shows up on on Virustotal as having 5 detections.
It causes a very large red and white banner to show up and block most of the screen. This banner tells you to send an SMS to a number, which then charges you (reports claim it's about $10 a message), and send you the number to put in to unlock it. This will repeat itself everytime you restart until the virus is removed.
Housecall was able to remove it for me, so if you get it before it's put into Avast's definition, I'd recommend them.

essexboy · « **Reply #1 on:** March 13, 2010, 06:55:09 PM »

Definitely new I will visit the Kaspersky website to see what data they have Ta

Pondus · « **Reply #2 on:** March 13, 2010, 07:09:10 PM »

Think i found it
http://forum.kasperskyclub.ru/index.php?showtopic=15995

DavidR · « **Reply #3 on:** March 13, 2010, 07:39:26 PM »

This kind of ransom-ware isn't new, but the method does seem so.

There is no way I would send an SMS message, as for me that just gives them your mobile phone number and leaves you open to attack/fraudulent misuse on that too.

So what to do, I you aren't using hard disk imaging software, this is just another wakeup call to be able to restore your system in minutes from virtually any computer disaster, virus or otherwise. Make regular weekly drive images and do daily back-ups of your volatile data files.

If you fail to plan, then you plan to fail, a robust backup and recovery strategy can save your a**.

essexboy · « **Reply #4 on:** March 13, 2010, 07:56:02 PM »

Quote from: Pondus on March 13, 2010, 07:09:10 PM

Think i found it
http://forum.kasperskyclub.ru/index.php?showtopic=15995

I also found a reference in the closed forum and it was interesting reading - but at the moment it appears to be just two or three instances in Russia only

Onix · « **Reply #5 on:** March 14, 2010, 01:15:31 AM »

You can get a code for unlocking here:
Dr.Web unlock service
Kaspersky unlock service

kyuuketsuki_kurai · « **Reply #6 on:** March 16, 2010, 05:12:36 PM »

I didn't send an SMS, the info I posted was based on research from Russian sites. I tried a couple of those unlock codes, but none of them had worked on the system in question.
Also, it only unlocks the system until next reboot, and really isn't much of a solution.
The computer that was infected had 5 users, and 3 of them were infected. It appears to use shared profiles as a way to spread, and stores itself in the profiles' app data folder.
If a computer has some uninfected users, the virus is reasonably easy to get rid of by deleting the file in question while on an uninfected user.

superhacker · « **Reply #7 on:** March 16, 2010, 06:21:08 PM »

hips is also good,i think we should make keygens and cracks for those people"am kidding

Author Topic: Virus Avast doesn't find (Read 4092 times)

kyuuketsuki_kurai

Virus Avast doesn't find

essexboy

Re: Virus Avast doesn't find

Pondus

Re: Virus Avast doesn't find

DavidR

Re: Virus Avast doesn't find

essexboy

Re: Virus Avast doesn't find

Onix

Re: Virus Avast doesn't find

kyuuketsuki_kurai

Re: Virus Avast doesn't find

superhacker

re: