Pages

Wednesday, July 23, 2008

Trojan:Win32/Vundo.HT


based on own exerience
By infection:
- Computer startup takes more than 10 times longer (can be 1 - 2 Minutes) as before 20, 30 seconds
- Explorer.exe error by shut down Windows + mem address ... error cant read before windows can be shut down shown up.
- Internet speed slow down between 25 - 50 % depence. A download takes long till it reach ful speed, websites going slower open
- No other symptoms where found on this machine (Ads was not displayed maybe cause of a big windows host file + Hardware firewall in router + software firewall + resident Spy Boot Search and destroy

Scanner detected as of today:
Microsoft Live OnCare Version 2.5.2900.03 + updates from today 1.37.1028.0

Scanner tested and failed:
VBA Version Vba32 Windows/CL 3.12.8.1 / 2008.07.23 07:36 (Vba32.W) - (Product installed w/o resident shield, scan only)
Rising 20.54.22 + Updates from 2008-07-23 15:18 - (Product installed w/o resident shield, scan only)
Kaspersky online scan
Mc Afee online scan
Symantec online scan
Avast Antivirus Professional latest Version 4.8.1227 + Database from 23.07.2008 - (Product installed with resident shield)

It can not be the same Win32/Vundo.HT as written and reported here:
http://virscan.org/report/5eef7ac939a5b56864e17fd6e6692f6f.html an this:
http://www.virustotal.com/pt/analisis/c183084f5aa165e8bf6090b0ea772ab2

more this can be matching if Vundo is not exeprotected (almost with Armadillo founded) or have changed again: http://forum.malekal.com/viewtopic.php?f=62&t=11351

otherwise todays scan with Rising Antivirus, VBA32, Symantec and Kaspersky will found and show it. As well yesterdays scan with Norman_Malware_Cleaner ( Norman Malware Scanner Build 2008/07/07 23:58:09 Engine version 5.92.08 Nvbin.def Version 5.92.00) will already detect and found it. The file is (was) more than one week on disk.


Virus info

Advice: Scan Computer online using Windows LiveOnCare (See links collection to the left)

I just see Norman have updated Norman Malware Cleaner to: Build 2008/07/17 23:58:30 Version 5.93.01 Nvcbin.def Version: 5.93.00. Can give it a try:
http://download.norman.no/public/Norman_Malware_Cleaner.exe



Rising have a great support:
Please submit the file from the link below, then RISING Virus Lab will analyse further.
Link: http://sample.rising-global.com/webmail/upload_en.htm
RISING ANTIVIRUS - Lion-strong security
Free Download: http://download.rising-global.com/ Buy Now: http://buynow.rising-global.com/
Rising Website: http://www.rising-global.com/ Europe Website



Kaspersky maybe have support if you have a customer number and send it with a Europe Union IP or USA IP Address. I never again send them any Virus samples if I found a Virus with and from an Asian, Middle East or African IP to check for virus. They answer in an email that they can not found in the submited sample here THIS VIRUS: http://www.virustotal.com/de/analisis/948e937da2471d95f0852ae850eb7ae7
Datei engt32.dll empfangen/received 2008.07.08 03:09:01 (CET)Status: Beendet/finished
Ergebnis/result: 20/33 (60.61%)
and that I should send my customer number. Im not a virus reasearcher but I get a hate if get infected and the installed AntiVirus failed to protect especially from P2P downloads.
So you stay infected with Kaspersky with this parasite from year 2006 unless anyone send the sample again if possible with from a Country what they like to support them customers. I heared if send them sample Virus from Germany they need only 15 minutes until they update the database.

Addendum

Rising AntiVirus updates today Version 20.54.30 can found it now too.
http://go.rising.com.cn/download/transfer.asp?ver=setup

1 comment:

Anonymous said...

Rising company has just announced its latest personal version of antivirus software, firewalls and Kaka 6.0 tied up, free services to users worldwide, 2001, and shelled with 360 odd tiger Bitdefender cooperation with emasculated version of the antivirus software to deceive the domestic users.
It is learnt that the rising current strategy in order to free antivirus individuals engaged to challenge the free market, free of permanent, "Kaka rising 6.0", will be bundled free of charge for one year the "2008 version of antivirus software Rising" and "Rising Personal Firewall 2008 version "to a full-featured" Rising Kaka + + antivirus firewall "lineup out, and in both Chinese and English versions simultaneously issued at home and abroad.

Rising before has been a domestic personal antivirus market boss, once occupied over 80 percent market share. Kaspersky but in recent years with the odd tiger 360 free to launch six months, rising from taking part at the hands of users. In the cards Basi Ji put an end to China's free market strategy, the 360-odd tigers recently passed and BitDefender cooperative manner to push free strategy has been rising maintain a high degree of concern.

The accession to the free antivirus camp, rising free trial that the current model is the age of the Internet marketing methods, enabling users to "Xianchang after buying" approach to decide the final choice, very much in line with the interests of the broad masses of users, so odd tiger The practice understandable.

But Simon emphasized that the odd tiger, through "after cutting" the antivirus software to deceive customers, to seize the purpose of the market, which will be Internet users Biqi. Therefore, the rising house will be within the scope of the global free activities, jokingly called " Da Guizi crossed Weijun, "implied that the tiger is surprising," Wei Jun ", BitDefender is" Guizi. "

Rising Mao Yiding, vice president, the "rising 6.0 Kaka," the 2001 version bundled free antivirus software and firewall is the function of genuine products, such as rising Bitdefender invited foreign manufacturers, such as firewall module will contain the full-featured security 2001 also sets free of charge, users commonly accepted testing and choice, rather than cutting through the antivirus components to deceive users.

Mao Yiding reiterated that, since 1991 to enter the security area, the Rising has a solid technical foundation and the financial strength and full confidence and Bitdefender foreign manufacturers, such as carrying out fair and just competition, but also rising that the stadium should not be confined to China The mainland, but should be launched simultaneously in the global market competition.

The rising this counterattack, said 360 odd tiger, rising This has begun to show its "Hu called on the surprising response."

cnbeta

Post a Comment