probably unknown NewHeur_PE virus on Virus Radar

Anybody else seen this probably unknown NewHeur_PE virus on Virus Radar Or know what it is
It's aparently been spreading for about 7 hours only at the moment.
Any Info?

 

No, but it is quick

 

Wait till morning when all those without NOD32 check their emails....then it will really spike!!! ...maybe

 

Seems it is a new Bagle.GK
Good work ESET - another potentially bad situation averted thanks to Advanced Heuristics

 

good work ESET

 

Re: a variant of Win32/Bagle worm on Virus Radar

And another *big bump* in the radar that is no doubt related
- a heuristic detection of a Bagle variant...!!!

 

From Eset blog: http://www.eset.com/threat-center/blog/index.php

Excel Zero Day Exploit Reported…Have a bagle with it too

June 16th, 2006

It’s been a busy day in anti-virus land. There is a reported zero-day vulnerability in Microsoft Excel. Currently the exploit of the vulnerability comes in email as an attached Excel spreadsheet. When a user opens the spreadsheet the vulnerability is exploited and malicious software is downloaded. So far the malicious downloads have been proactively detected by the signatures and/or advanced heuristic capabilities of NOD32, so if you use NOD32 you are protected. Just for added security, and not to tempt fate, we recommend that you never open unsolicited attachments from anyone. If your best friend, your mom, or anyone you know sends you an attachment in email it is always good to verify that they meant to send it to you -BEFORE- you open it.
We have also been seeing a lot of Bagle activity. Take a look at www.virusradar.com. You will see that at the time of this writing the number one threat is Bagle.gk, and number two is “a variant of Win32/Bagle worm”. Why does one have a name and the other is just a variant? That’s heuristics at work for you. We have had a sample of the GK variant long enough to develop signatures for it and give it a name. The one titled “a variant of Win32/Bagle worm” is brand new. We didn’t have a signature for the specific worm, but the heuristics were smart enough to know that it was bad and that it was very similar to the other bagle worms. You may not have a signature for the exact bagle, but NOD32 is protecting you anyway. That is the point of heuristics. It is far better to black malicious software now and name it later than to wait until you have a name and clean it up later.
Currently in the number 5 position is “probably unknown NewHeur_PE virus”. This one isn’t like any bagle we’ve seen before, but we know it is nothing you want running on your PC. We’ll take a look at it later and give it a name, but for now we’ll just make sure it does not cause you any harm.
Have a happy, safe computing, weekend!
Randy Abrams
Director of Technical Education

 

Hi Sir_Carew, now in 2007 how many are infected? And do you know what to do if you just installed nod32 and find that you have the NewHeur_PE virus and your virus protection never noticed it? It is in a Locals temp cryptfg.exe file and I can't even find it to send it to eset samples and support! It is messing up my internet and e-mails and if I delete it I have trouble too. If you do, thanks...if you don't I'll keep looking. Anyway,
You too have a happy and safe computing weekend.
Suzie Kelly

 

You should be able to delete it using the on-demand scanner at least, or you might want to try the new ESS beta which has an option for automatic cleaning (www.eset.com/beta)

 

Answering to your previous thread, I made a Google search of cryptfg.exe and it seems that you'll need to post a Hijackthis log in a specialized forum (do not post it here, it's not allowed)
In the meantime, you could try the Castlecops' Malware Removal suggestions. I recommend you SUPERAntiSpyware and AVG Antispyware.

After you clean your computer, join Wilders and learn how to avoid such annoying headaches

 

Yes, I'm agreed with Marcos and also, restart Windows in safe mode and do a full scan to your hard drive and delete all infected and suspicious files using NOD32.
Cheers

 

Which reminds me, I gotta install NOD after a fresh XP install