Other > Viruses and worms

Contribution of a new undetectable virus for avast database

<< < (2/3) > >>

Hi gays

If you send a copy of the malware on Virustotal, avast lab soon will receive a copy
of the file uploaded sample.

Avast antivirus should detect this malware and remove it a few days from naw...


You may send malware file personally if you wish...
>>  Send FPs and suspicious files
  If avast! fails to detect a file or falsely detects a file as a malware, you may use any of these two methods:

Method 1
Use this method if the file(s) is already quarantined in avast! Virus Chest.
1  Double click avast! Antivirus desktop icon
2  From the avast! window, click  MAINTENANCE > Virus Chest
3  Select the file you wish to submit for analysis
4  Right click and select Submit to Virus Lab...

Method 2
This method requires a file compressing software like 7-Zip.
1  Locate the file(s) you wish to submit for analysis
2  Right click the file(s) and add it to an archive/compressed file
3  Enter a password, preferrably: virus
4  Log in to your e-mail client and attach the compressed file
5  If it is an FP, type this in the subject: False Positive
    If it is an undetected file, type in the subject: Undetected File
6  In the message body, type in the password
7  Send the file to :

--- Code: ---virus@avast.com
--- End code ---


If you need help with the malware removal please do the following:

>> Please download MCShield to your desktop.

[*] Double-click MCShield-Setup.exe and follow the prompts to install the program.
[*] Allow MCShieldUPD.exe to access the internet.
[*] If an update is found, it will download and install the latest update.
[*] Once MCShield has loaded (or manually start the MCShield. Right click on the blue round icon in system tray and click on Control Panel)
 click on Defaults to load defaults settings.

 >> Then put a checkmark in the checkbox for next options:

[0] Always show log file if malware has been faund
[0] Unhide files and folders on removable drivers

[*] click Save

[*] Connect all of the USB storage devices to the PC, one at a time, and wait a couple of seconds for scaning.
[*] Once it has finished, If malware has been faund it will produce a log report for you. [/list]

 >> Attach log reports back to topic.


>>  Run Malwarebytes and as needed OTS tool and attach logs here ...

@magna86....... about your Method 1

--- Quote ---Method 1
Use this method if the file(s) is already quarantined in avast! Virus Chest.
--- End quote ---
that usually means that avast detect it   ;)

unless you did it it manually like this

Moving files to the Virus Chest

This is a newer variant of a 2008 worm that goes by names as fox.exe, passwordfox.exe etc.
This threat file has an associated program:
The executable performs the following actions:

The process is packed and/or encrypted using a software packing process;
It is found on infected systems and resists interrogation by security products;
It uses rootkit techniques to try and hide its presence, interrogation or removal;
This process is a file infector which modifies program files to include a copy of the infection;
This process creates other processes on your system.
It includes file creation code which could be used to test for interception by security products;
It executes a process
The executable also performs the following actions:
It is been executed as a process that deletes a process from disk;
It is created as a process in your system;
It is registered as a Dynamic Link Library File (dll);
It is copied to multiple locations on the system;
It is being created by processes which appear to be checking for interception by security products;
It is terminated as a process;
It is being executed from temporary files;
The analysis of the binairies can be found here, based on the MD5 hash:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug
The just-in-time debugger setting is used in the malciious autorun features of the worm,

smss.exe is a spybot file, also found in Smitfraud BHO malware;
csrss.exe is a hidden service;
services.exe is a service also found in Kryptik malware;
lsass.exe is used for task manager simulation;

the outbound traffic is to here, see: -http://amada.abuse.ch/palevotracker.php?ipaddress=91 dot212dot135dot176, a malicious URL with badware with current attack events,



--- Code: ---Use this method if the file(s) is already quarantined in avast! Virus Chest.
--- End code ---

--- Quote ---that usually means that avast detect it
--- End quote ---

It's just Canned Speeches I use.  ;D
I have not much paid attention to the content...my fault  :D

Thank you all for your help!
I will report this dangerous threat

This happened to me a lot of virus and is first time I reported one of avast!
I'ma computer technician and am able to detect any virus hidden in a usb or visible manual so I knew that this was the virus.
Sometimes work faster than the same avast hehe
When I remove a virus so I first hehe
Well I'll see what I do with this discomfort
I turned the virus into the computer fucked
It seems that my internal router

Avast take out this router?
Avast virus eliminates the router?


[0] Message Index

[#] Next page

[*] Previous page

Go to full version