Infected with new and unknown virus

Discussion in 'malware problems & news' started by bazz, Feb 7, 2007.

Thread Status:
Not open for further replies.
  1. bazz

    bazz Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    38
    I opened some file and now al my mp3's got infected :|
    They changed into mp3.exe with an virus. The problem is that only 2 AVscanners detect it.
    Virustotal results

    ~Online virus scan results removed. Send any samples to the respective antivirus vendors. Ron~

    Can someone help me?
     
    Last edited by a moderator: Feb 7, 2007
  2. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Have you used all of the available free online scanner programs? Which ones detected it?
     
  3. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
  4. divedog

    divedog Registered Member

    Joined:
    Jun 7, 2004
    Posts:
    265
    Location:
    Seabeck WA
    Do you have any unusual processes running in task manager? When you uploaded to virus total what were the names given to the infected file.
     
  5. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    Have a look at this thread here:
    https://www.wilderssecurity.com/showthread.php?t=164403

    Use them to your advantage.
     
  6. bazz

    bazz Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    38
    Unusual Tasks:
    { i can't see them because it's blocked}
    Mcafee named it : Trojan.Vbot
    VBA32: Possible variant of o_O? By paranoid heuristics

    But there is another problem.
    The virus changed!
    First: It changed all my mp3s to mp3.exe with the virus (~340KB)
    Today: It changed all my mp3s to mp3.zip with another virus (~214 KB)

    Strange..... I sended the first sample to Dr.Web but i didn't get an answer yet
    UPDATE: The second file of 214 KB is detected by
    Kasperky:
    Found Virus.Win32.Fontra.c

    and by VBA32 (again)
    Found Trojan-Dropper.VB.24 (paranoid heuristics) (probable variant)
    Maybe it also changes tomorrow :(
     
  7. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Try to uninstall your AV and use Kaspersky trial version... disable SystemRestore, set scan setting to high, in settings, tick "spywares, adwares..." and "riskware", update Kaspersky and scan in SafeMode
    http://www.kaspersky.com/trials
     
  8. bazz

    bazz Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    38
  9. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
  10. bazz

    bazz Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    38
    Me neither until i found it on a Usenet group
     
  11. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    checked it out.. some old skool thing, not sure about how old the signatures are and prob not going to work because it probably hasn't got a good enough disinfection routine... may end up deleting all your *.mp3's... if it even detects it :doubt:
     
  12. bazz

    bazz Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    38
    I tried fixing it now on my way.
    By opening Dtaskmanager and killing the processes and then delete them.
    (That's the brain antivirus :p) I think it worked (i cleaned up a bit in Safe Mode)
    Your Brain Antivirus Detects 100% (lol)
     
  13. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    bazz, you could try sending that file to ESET also. See what they say. ;)
     
  14. bazz

    bazz Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    38
    Already did ;) didn't get answer yet :(
     
  15. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Also, get imput from the Norman or Sunbelt sandboxes :)
     
  16. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    Here is some information on the actual virus:

    http://secunia.com/virus_information/29032/fontra/


    And here is some information from Sophos on the bot that is more than likely on your computer also:

     
    Last edited: Feb 8, 2007
Loading...
Thread Status:
Not open for further replies.