|
|
14-11-2007, 04:58 PM
|
#1 |
|
Guest
Posts: n/a
|
A new self-replicating Malware (Virus and Worm) attacks!!!
Dear Sir or Madam,
A new computer worm is attacking the computers around the world, the serious problem is the most of the anti viruses cannot detect & clean it... also the removal tool was not available on the Internet... other serious problem presents when some of current anti viruses detect this virus as other kind of virus (Worm 32 family) ... and usually these antivirus delete the whole infected file (exe & autorun.inf ... ext)... This virus infects computer, for instance by: - Infecting the local hard disk drivers & executable applications - Carrying himself on a removable medium such as a floppy disk, CD, or USB drive. - Sending himself over a local network or the Internet. This virus can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer. - Adding keys into Windows registry This virus is mixture between worms, virus and maybe Trojan; he is a self-replicating computer program, attaches itself to existing programs in the infected PC (modify files on a targeted computer). It confused with computer worms. He can spread itself to other computers without needing to be transferred as part of a host. And usually this mixture of a computer worm and virus may be a Trojan horse too... This virus blurring the line between viruses and worms (maybe Trojan too) actually it is self-replicating Malware. Description: Nobody sure yet about the name of this new virus... Saturday, November 03, 2007 I submitted the virus exe file to "Virustotal" (Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, Trojans, and all kinds of Malware detected by antivirus engines) and I got these results: Antivirus Result AVG Worm/Generic.DKD BitDefender Win32.Worm.P2P.VBT CAT-QuickHeal Worm.AutoRun.tk F-Secure Virus.Win32.AutoRun.tk Ikarus Win32.Worm.P2P.VBT Kaspersky Virus.Win32.AutoRun.tk Panda Suspicious file Sophos W32/Dawin-A VBA32 Virus.Win32.AutoRun.tk The manger antivirus engines give different name for this virus (Malware); I think that means two things: 1- There is no specific name of this virus 2- Each antivirus engine handles this virus in a different way. And does not detect the latest version of him (detects him as other kind of virus - Worm 32 family) Technical Details: When executed, the virus drops file / component (a copy of itself) "KB915865.exe" in all physical drives. That includes too all removable drives, such as flash disks. It creates the folder "\MSOCache \90000804-6000-11D3-8CFE-0150048383C9\" in drives it affects, and drops a copy of itself as "KB915865.exe" This folder is set to Hidden and System. \MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe Also it drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed. The said file contains the following strings: [AutoRun] open=.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe . shellexecute=.\MSOCache \90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe . shell\Open\command=.\MSOCache \90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe . shell=Open open=. This virus creates registry entries to enable its automatic execution at every system startup. Platform: This worm affects systems running on Windows 98, ME, NT, 2000, XP, and Server 2003. Solution: I wrote a specific removal tool for this virus (e-nil! Virus Cleaner), it is free and available on my blog: http://www.e-nil.com/blogs/?page_id=32 For more information or details please do not hesitation to contact me Best regards and have a nice day, Hani Simo |
|
|
14-11-2007, 06:32 PM
|
#2 |
|
Guest
Posts: n/a
|
Re: A new self-replicating Malware (Virus and Worm) attacks!!!
hanisimo wrote:
> Dear Sir or Madam, > > A new computer worm is attacking the computers around the world, the > serious problem is the most of the anti viruses cannot detect & clean > it... also the removal tool was not available on the Internet... other > serious problem presents when some of current anti viruses detect this > virus as other kind of virus (Worm 32 family) ... and usually these > antivirus delete the whole infected file (exe & autorun.inf ... ext)... (snip multipost) I responded to this in the other newsgroup to which you posted. Please don't multipost; it makes more work for everyone and will get you *less* help, not more. See this for why: http://en.wikipedia.org/wiki/Crossposting If you have forgotten where you posted or can't find your post, use Google Groups Advanced Search and search for your name. Malke -- Elephant Boy Computers www.elephantboycomputers.com "Don't Panic!" MS-MVP Windows - Shell/User |
|
|
|
18-11-2007, 01:41 PM
|
#3 |
|
Guest
Posts: n/a
|
Re: A new self-replicating Malware (Virus and Worm) attacks!!!
On Nov 14, 3:56 pm, Malke <notrea...@invalid.invalid> wrote:
> hanisimo wrote: > > Dear Sir or Madam, > > > A new computer worm is attacking the computers around the world, the > > serious problem is the most of the anti viruses cannot detect & clean > > it... also the removal tool was not available on the Internet... other > > serious problem presents when some of current anti viruses detect this > > virus as other kind of virus (Worm 32 family) ... and usually these > > antivirus delete the whole infected file (exe & autorun.inf ... ext)... > > (snip multipost) > > I responded to this in the other newsgroup to which you posted. Please > don't multipost; it makes more work for everyone and will get you *less* > help, not more. See this for why: > > http://en.wikipedia.org/wiki/Crossposting > > If you have forgotten where you posted or can't find your post, use > Google Groups Advanced Search and search for your name. > > Malke > -- > Elephant Boy Computerswww.elephantboycomputers.com > "Don't Panic!" > MS-MVP Windows - Shell/User Thanks Malke, I am very sorry for this "multipost" Hani |
|
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
