« previous next »
Pages: [1]   Go Down

Author Topic: Virus not founb by avast server version 4.8  (Read 5669 times)

0 Members and 1 Guest are viewing this topic.

leondeoro

  • Guest
Virus not founb by avast server version 4.8
« on: September 22, 2010, 01:52:34 PM »
I have a Windows 2003 server  with avast server version 4.8 installed and uptodate. It deosn't detect a trojan that I have discover because each time a logon the programm SAFESRUF is run (I never install this soft). I stop the process and delete all the files in c:\windows\system 32\3com_dni\1\1\ including safesurf.exe and all the entry in windows registry. But after a logoff logon sequence the soft re appear. Avast doesn't detect it. Does any body have a solution ?
Logged

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2294
Re: Virus not founb by avast server version 4.8
« Reply #1 on: September 22, 2010, 03:50:29 PM »
Hello,
send us (virus@avast.com) the file(s) to analyze. You can use processMonitor (http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) to find which process creates it.

Milos
Logged

leondeoro

  • Guest
Re: Virus not founb by avast server version 4.8
« Reply #2 on: September 23, 2010, 08:59:38 AM »
The problem is that I don't have any infected files. No anti virus detect the Trojan. I have detected it because safesurf.exe is run on each logon and a windows appear with the lunch process of safesurf.exe
The exact description of this Trojan is http://www.viruslist.com/sp/weblog?weblogid=208187928 It includes all files and programs run. The problem is that it use only "Legal" progams that are not detected by any antivirus. According the ling above Kasperky calls it : Trojan-Clicker.Win32.FrusEfas I have used Kaspersky trial version but it didn't detect anything.
Please help.
Logged

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2294
Re: Virus not founb by avast server version 4.8
« Reply #3 on: September 23, 2010, 10:05:44 AM »
Try to use processMonitor to see what is causing the safesurf to run, or adding to registry for launching during logon.

Milos
Logged

mike-vancouver

  • Guest
Re: Virus not founb by avast server version 4.8
« Reply #4 on: November 20, 2010, 07:51:12 AM »
Milos,
Please send me e-mail, if you are still interested in copy of safe-surf virus files.

Just three days ago, I had same situation as described in original post.

It wasn't difficult to trace and remove, but it took over the server not allowing for any access to it from outside.

Avast found only some .tmp files created by that virus.

I created c:\program files\microsoft directory.

I have it saved.

Please let me know if you still need a copy for research.

ps. link to the Microsoft tool you posted earlier in this thread does not work.
could you please update it?
THX
Logged
Pages: [1]   Go Up
« previous next »