Important message for Vlk, Igor and the Avast team!

[Avastfan1]

Dear Avast Team,

I have sent you a file infected with a virus which disables and destroys Avast 5.0.507. The name of the file is 'wyskq6lt.exe' (I unsuccessfully renamed it to wyskq6lt.333.exe).

It completely destroyed Avast 5.0.507 and MBAM 1.45 on my friend's computer. I became suspicious when I inserted a USB stick into my computer from his and, whilst holding left shift down, noticed an 'autorun' file which pointed to wyskq6lt.exe.

This is really worrying and I am writing this message in the hope that Avast will be able to detect this virus in the future and help other users. That is, I hope they will not suffer the same fate as my friend. He was left with no other choice but to format his computer and reinstall everything. He lost a lot of valuable data.

- If you could kindly confirm Avast's receipt of the sample I sent that would be great.

- In addition, if you could kindly advise how I will know that wyskq6lt.exe in my chest has now been identified that would be much appreciated.

- Finally, if you could please briefly let me know whether wyskq6lt.exe is safe in the Avast chest, I would be very grateful.

Thank you and I hope that I have helped other Avast users. This is a particularly nasty virus and it would be terrible to see other people have to go through the agony which my friend had to go through.

Thank you and I look forward to your response.

Best regards,

Avastfan1

PS: I am bricking it that my system is infected and have started a separate thread here http://forum.avast.com/index.php?topic=58584.0;topicseen

[akama1]

wow deadly virus

[Avastfan1]

Absolutely! Hence the reason for this post.

Hope it will help other Avast users!

[k.u.r.t]

Thanks Avastfan,
I have notified our virus lab team. They shall look into this shortly. Have you sent the file to virus (at) avast (dot) com ?

[Milos]

Hello,
can you please, post here the virustotal report, to see the sha checksums to find it in our database.

Milos

[Avastfan1]

Hi Kurt and Milos,

Thank you for the prompt replies. When Avast finally recognised the file as Win32:Malware-gen, I selected the 'submit file to Avast' option and pressed ok. So I assume that the file has been submitted as I pressed the 'update program' button yesterday.

Can you please confirm receipt of the file? (wyskq6lt.exe)

I stupidly didn't print or save the virustotal report. However, I can confirm that around 20 of the other virus scanners listed on the page flagged it as a specific virus or a suspicious file. Unfortunately, neither Avast nor MBAM was one of them!

If you were happy to guide me (a novice!) safely through the extraction process and how to send it to you or rename it to .333 or whatever, so that my system wasn't compromised, I would of course be more than happy to work with the Avast team. In addition, I would like to help other Avast users not become by this nasty virus.

Thanks and look forward to hearing from you!

Avastfan1

[Milos]

Hello,
we received 54 "false positive" submisions of file from location "C:\wyskq6lt.exe", but this is detected as "Win32:Rootkit-gen [Rtk]" not "Win32:Malware-gen". And and some "malware" submisions, but I don't know how to identify the submit which is yours.

Milos

[Avastfan1]

Hi Milos,

Thank you for the reply. I am running Avast 5.0.507 with Virus def: 100416-0 and Avast has identified the file 'wyskq6lt.exe' in the chest as 'Win32:Malware-gen'.

Perhaps the file I sent is different? The location I sent it from was E:\ not C:\. Could you possibly check your submissions for E:\wyskq6lt.exe ?

Thank you!

Avasfan1

[Milos]

Hello,
there are 4 submisions form "[Chest] E:\wyskq6lt.exe" but none of them form avast! 5.0.507, all are from 5.0.462.

Milos

[Avastfan1]

Hi Milos,

I don't understand that then. I sent it yesterday. In addition, I just re-sent it from C:\suspect as I was trying to extract it to that directory, rename it and zip it up. However, Avast detected it and I made double sure that the option 'Sent to Avast' was checked before I pressed ok.

Perhaps you have received it now?

Regards,

Avastfan1

[Milos]

Hi,
in dialog you can only choose "type" (potential malware/false positive), checkBox "I know what I am doing", and some optional fields.

Milos

[Avastfan1]

Hi Milos,

I have done as you instructed.

I just realised that the file I sent was renamed to 'wyskq6lt.333.exe'. I must have unsuccessfully tried to rename it to .333.

Please confirm receipt of this file by Avast.

Kind regards,

Avastfan1

[mkis]

Hi Avastfan1

as I am not a member of avast team I can largely say what I want, without compromising the good name of avast
and firstly I want say that I mean no disrespect towards yrself or yr friend

Now for antivirus to run at optimal performance, computer itself must run at good performance level

let's say Java program is not updated and is not fault of user 
- I need fix PC wit Java could not update as required elevation as runonce task to install updates - special case
- elevation means that install must be run by overall administrator, which is hidden on Normal Mode desktop
- user has no comprehension of this issue, and first time for me too - I do this fixup tomorrow so still new to me
 
let's say PC still runs SP2, lets say Adobe reader is well out of date, let's say Flash Player is broken, and so on   

These kind of things makes very hard on antivirus to perform at optimal level and prevent infection on computer 
- regardless, avast does perform commendably even within these imperfect, 'broken' environments 

And on top of that no antivirus is 100%, and bear in mind also that malcreants are infinitely deceiving 

So it is not always the case that the antivirus is at fault - though this is not to defend avast under any possible argument

regards

Mark   

[Avastfan1]

Hi Mkis,

Thank you for your reply. No disrespect or offence taken at all. Quite the contrary actually. I agree with your response: prevention is always better than cure. An anti-virus programme will never detect malware and viruses with a 100% success rate.

Moreover, I do not believe the fault lies with Avast at all. Rather, I think the fault lies in my stupidity of not disabling the Autorun feature on my computer. Thank Christ I held down the left shift key out of habit.

I hope to God that this has spared my computer from infection! I am currently working with some of the Avast Forum experts to ensure my PC is free from infection.

I am a happy Avast user and in my five plus years of using the programme, I have never seen anything which would make me want to change.

Avast is a fine piece of software and, more importantly, the people behind the software and the user community make it my first choice.

To sum up, I hope that by submitting the file that Avast are able to specifically identify it and prevent further infections from the arseholes who make/write/program these nasty things.

Avastfan1

[mkis]