New virus - VERY DANGEROUS!

zilla1126 · #1 July 14th, 2005, 01:06 PM

Nod32 does not know what it is, but sees it as a "Unknown win32 virus" and it still stops it. This virus replaces nearly ALL of the exe files on a machine with virus inefected files. Most AV products do not detect it; McAfee discovered it yesterday.

This ended up on three machines yesterday at a client of mine; I had not
been out in quite a while (he is incredibly cheap) so all his stuff was
out of date or broken. His Norton AV would not have caught it anyway.

FYI:

AntiVir 6.31.0.9 07.14.2005 W32/Stanit
AVG 718 07.14.2005 Win32/Gaelicum.A
Avira 6.31.0.9 07.14.2005 W32/Stanit
BitDefender 7.0 07.14.2005 no virus found
CAT-QuickHeal 7.03 07.14.2005 no virus found
ClamAV devel-20050501 07.14.2005 no virus found
DrWeb 4.32b 07.14.2005 Win32.Gael.3666
eTrust-Iris 7.1.194.0 07.13.2005 no virus found
eTrust-Vet 11.9.1.0 07.14.2005 no virus found
Fortinet 2.36.0.0 07.14.2005 suspicious
F-Prot 3.16c 07.14.2005 could be infected with an unknown virus
Ikarus 2.32 07.14.2005 no virus found
Kaspersky 4.0.2.24 07.14.2005 Virus.Win32.Tenga.a
McAfee 4535 07.14.2005 W32/Gael
NOD32v2 1.1168 07.14.2005 probably unknown WIN32 virus
Norman 5.70.10 07.14.2005 no virus found
Panda 8.02.00 07.14.2005 no virus found
Sybari 7.5.1314 07.14.2005 W32/Gael
Symantec 8.0 07.13.2005 no virus found
TheHacker 5.8.2.070 07.13.2005 no virus found
VBA32 3.10.4 07.14.2005 no virus found

Brian N · #2 July 14th, 2005, 01:40 PM

Well atleast NOD's heuristics stops it untill they add it to the signature db

If you can, send it to Eset for analysis.

Stan999 · #3 July 14th, 2005, 01:45 PM

Quote:

Originally Posted by Brian N

Well atleast NOD's heuristics stops it untill they add it to the signature db

If you can, send it to Eset for analysis.

Good to have that zero-hour protection.

JimIT · #4 July 14th, 2005, 02:08 PM

I believe SARC is on this and have ID'd it as win32.licum.

At any rate, it appears they have a def:

Here

JoCool · #5 July 22nd, 2005, 07:18 AM

Cannot nowhere find anything about that. Was this Version knwon by ESET ?

#6 July 22nd, 2005, 07:31 AM

Here... Read this

JoCool · #7 July 22nd, 2005, 07:47 AM

Quote:

Originally Posted by Happy Bytes

Here... Read this

Ok, thanks.

And you this

http://www.zdnet.de/news/security/0,...9135132,00.htm

btw. It's called NEWS from the Yellows

#8 July 22nd, 2005, 07:52 AM

Ich verstehe kein Wort was Du mir versuchst in Englisch zu erzaehlen

Also nochmal - was ist los?

Brian N · #9 July 22nd, 2005, 09:07 AM

Quote:

Originally Posted by Happy Bytes

Here... Read this

Very detailed description indeed

#10 July 22nd, 2005, 09:51 AM

Quote:

Originally Posted by Brian N

Very detailed description indeed

Says who?

#11 July 22nd, 2005, 09:58 AM

There's always some background information and "educational" stuff in my virus descriptions. So basicly you can read them even if you are not infected

Example here - a trojan downloader description spammed 2 days ago:
http://www.eset.com/msgs/vidloq.htm

Brian N · #12 July 22nd, 2005, 10:00 AM

Quote:

Originally Posted by Happy Bytes

Says who?

Says me. I didn't understand a word of it, so it must be detailed

j/k

hin123 · #13 July 23rd, 2005, 06:27 AM

Quote:

Originally Posted by Happy Bytes

There's always some background information and "educational" stuff in my virus descriptions. So basicly you can read them even if you are not infected

Example here - a trojan downloader description spammed 2 days ago:
http://www.eset.com/msgs/vidloq.htm

The title of that page is "Win32/Mytob.DQ"

It is the same for Win32.Mydoom.BI, Win95/Tenrobot.B and Win32/Tenga.A

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search