PDA

View Full Version : New virus - VERY DANGEROUS!

zilla1126
July 14th, 2005, 01:06 PM
Nod32 does not know what it is, but sees it as a "Unknown win32 virus" and it still stops it. This virus replaces nearly ALL of the exe files on a machine with virus inefected files. Most AV products do not detect it; McAfee discovered it yesterday.


This ended up on three machines yesterday at a client of mine; I had not
been out in quite a while (he is incredibly cheap) so all his stuff was
out of date or broken. His Norton AV would not have caught it anyway.



FYI:

AntiVir 6.31.0.9 07.14.2005 W32/Stanit
AVG 718 07.14.2005 Win32/Gaelicum.A
Avira 6.31.0.9 07.14.2005 W32/Stanit
BitDefender 7.0 07.14.2005 no virus found
CAT-QuickHeal 7.03 07.14.2005 no virus found
ClamAV devel-20050501 07.14.2005 no virus found
DrWeb 4.32b 07.14.2005 Win32.Gael.3666
eTrust-Iris 7.1.194.0 07.13.2005 no virus found
eTrust-Vet 11.9.1.0 07.14.2005 no virus found
Fortinet 2.36.0.0 07.14.2005 suspicious
F-Prot 3.16c 07.14.2005 could be infected with an unknown virus
Ikarus 2.32 07.14.2005 no virus found
Kaspersky 4.0.2.24 07.14.2005 Virus.Win32.Tenga.a
McAfee 4535 07.14.2005 W32/Gael
NOD32v2 1.1168 07.14.2005 probably unknown WIN32 virus
Norman 5.70.10 07.14.2005 no virus found
Panda 8.02.00 07.14.2005 no virus found
Sybari 7.5.1314 07.14.2005 W32/Gael
Symantec 8.0 07.13.2005 no virus found
TheHacker 5.8.2.070 07.13.2005 no virus found
VBA32 3.10.4 07.14.2005 no virus found
Brian N
July 14th, 2005, 01:40 PM
Well atleast NOD's heuristics stops it untill they add it to the signature db :)
If you can, send it to Eset for analysis.
Stan999
July 14th, 2005, 01:45 PM
{QUOTE-> Well atleast NOD's heuristics stops it untill they add it to the signature db :)
If you can, send it to Eset for analysis. <-QUOTE}

Good to have that zero-hour protection.:)
JimIT
July 14th, 2005, 02:08 PM
I believe SARC is on this and have ID'd it as win32.licum.

At any rate, it appears they have a def:

Here (http://www.sarc.com/avcenter/venc/data/w32.licum.html)
JoCool
July 22nd, 2005, 07:18 AM
Cannot nowhere find anything about that. Was this Version knwon by ESET ?
Happy Bytes
July 22nd, 2005, 07:31 AM
Here... Read this ;D
JoCool
July 22nd, 2005, 07:47 AM
{QUOTE-> Here... Read this ;D <-QUOTE}

Ok, thanks.

And you this ;D http://www.zdnet.de/news/security/0,39023046,39135132,00.htm

btw. It's called NEWS from the Yellows ;D
Happy Bytes
July 22nd, 2005, 07:52 AM
Ich verstehe kein Wort was Du mir versuchst in Englisch zu erzaehlen ;D
Also nochmal - was ist los? ;D
Brian N
July 22nd, 2005, 09:07 AM
{QUOTE-> Here... Read this ;D <-QUOTE}
Very detailed description indeed 8)
Happy Bytes
July 22nd, 2005, 09:51 AM
{QUOTE-> Very detailed description indeed 8) <-QUOTE}

Says who? ;D
Happy Bytes
July 22nd, 2005, 09:58 AM
There's always some background information and "educational" stuff in my virus descriptions. So basicly you can read them even if you are not infected ::) ;D

Example here - a trojan downloader description spammed 2 days ago:
http://www.eset.com/msgs/vidloq.htm
Brian N
July 22nd, 2005, 10:00 AM
{QUOTE-> Says who? ;D <-QUOTE}
Says me. I didn't understand a word of it, so it must be detailed :) j/k
hin123
July 23rd, 2005, 06:27 AM
{QUOTE-> There's always some background information and "educational" stuff in my virus descriptions. So basicly you can read them even if you are not infected ::) ;D

Example here - a trojan downloader description spammed 2 days ago:
http://www.eset.com/msgs/vidloq.htm <-QUOTE}
The title of that page is "Win32/Mytob.DQ" ;D
It is the same for Win32.Mydoom.BI, Win95/Tenrobot.B and Win32/Tenga.A :D