warning not detected by NOD32 !!!

had my system tottaly trashed by this nasty little bugger
http://securityresponse.symantec.com/avcenter/venc/data/w32.axon.html

Also Known As: W32/Riaz [McAfee], Win32.HLLP.Xenon [Kaspersky]

i had my nod with recent upgrade scan the file before i opened it
it said it was clean
and i trusted that cause nod has saved my ass several times also against new undefined viruses

it infected all exe files and totally screwed my entire system

reinstalled windows 7 times now¨
each time with power off min 5 min and a total format of c: drive

but it hides somewhere and stays resident somewhere ?

had to abonden my main 80gn hd and put and old 6gb in which im using right now

since nod doesnt upgrade virus database in weekend new viruses are just released late friday night and will infect and spread the whole weekend without a cure from nod

nod has been my favorite for a long time
but if this behavior continues i might find a better AV

Kaspersky upgraded against this bugger friday
symantic and mcfee saturday
nod32 ?? whenever it suits them ?

 

Sorry I have to correct you here.
Nod does indeed update over weekends, if need be.
The virus you mentioned is a cat 1 threat and will not cause an emergency update, and as far as i can see, Symantec has not made an update for this threat.
There will be an IU later today, and this virus will be covered by LU on may 12. ( Probably before with this worm invasion at late )

 

hmm

i wait in anger then
cause this bugger totally ****ed up my hardrive

i had to find an old 6gb drive and install xp on it

cause i coulndt remove that nasty bugger

it attacks all exe files and also ntoskrnl.exe until theres no uninfected exe files left

btw i downloaded the virus of P2P prog emule
it was camuflaced as an interesting file
i scanned it with NOD32 and it said the file was clean so i clicked it
and my nightmare began
the archive i downloaded was a zip 82 kb in size
ï maybe had the "honour" of being one of the first infected on the emule network
cause when i downloaded that archive from that guy he was the only one who had it
when i checked back later
apr 1 hour
over 200 ppl had downloaded it
unfortunatly that guy had a standard emule username and since i wasnt suspicius i dint write his ip adr down

i did online scan with bitdefender but it coundt find it, my Nod32 coundt find it
i downloaded kasperspy demo which was suppose to find it but i wasnt able do do an virus database update with it and the build in db was dated late 2003

i dunno where that virus is hidden
but i shut computer off for 5 min and formatted c:
and reinstalled xp many times
but i was somehow still infected

looking forward to a working upgrade soon
cause i want my old system back
but im not putting my old infected hd back until im 100% sure theres a working cure
and that it wont trash my backup hd also ?

btw in also danish

btw what UI and LU means ?
on the other hand i just wanna know when NOD will be able to remove this bugger ?

 

Hi Crow or should i say "Hej"
Sorry you are having problems.
IU means intelligent update and are released daily(or almost) and you have to manually download them. LU means Liveupdate and is NAVs autoupdater.
Normally out on Wedensdays, but there has been several LUs weekly at late, due to the increased virus/worm activity.
Hope some of the otheres here can help you.
Strange that you cant get rid of the virus, even with a format c

 

Hello Madsen DK

This concerns me. I'm not familar with the techy lingo here, but if it's crashing TheCrow's system, it sounds pretty bad to me. I get the impression your saying this threat is minimal (cat 1)? You also state that Symantec (Norton AV?) has not made an update yet for this threat. I hope this is NOT how NOD32 determines if a threat warrants an update (based on what Symantec does)! I used to run Norton, and it stinks. If NOD wants to lead the industry in AV technology, they certainly don't want to base their decisions on what other companies (and in this case an inferior one, in my opinion) are doing.

By the way, I also get the impression that McAffee and Kaspersky already know about this one.

 

Hi D & C.
I was only pointing to Symantecs writeup cos Crow had linked to them, and no i dont think that the Nod staff are relying at Symantec in when to issue an update
But fact remains that at present this virus is a low threat and not fast spreading.
I think that Crow has been one of the unlucky ones to get this virus.

 

Hi
formatting your drive will not always remove all "nasties" from it,a "quick format" only overwrites existing data to make it appear empty(data can still be recovered using various software:-so obviously it is still there!)if you want to remove all data from a hd the best way to do so is to "write test" using one of the hd installation discs which can be downloaded from most hd manufacturers web sites

 

what i did was first turn my power of for 5 min
(should erase the bugger from memory)
then i booted from windows xp cd and installed xp again doing a FULL format

i did that many times but still the virus infection was in ?

maybe cause it hiddes somewhere else ?
(i have 5 partitions on that hd and it might be able to infect the newly installed windows from another partition or hide in bootblock or what ever ?)

this is what it said when i submitted the file to kasperspy online scanner

Current object: Alcohol 120% v1.9.2.1705.zip

Alcohol 120% v1.9.2.1705.zip Archive: ZIP
Alcohol 120% v1.9.2.1705.zip/Alcohol 120% v1.9.2.1705.txt Ok
Alcohol 120% v1.9.2.1705.zip/Keygen.exe Packed: FSG
Alcohol 120% v1.9.2.1705.zip/Keygen.exe Infected: Win32.HLLP.Xenon

i was the first to download the file of this guy (probably the coder himself)
the guy who spread it was smart i think
cause that alcohol update was just released a few hours before that
and many would be looking for a keygen
i bet he has spread that virus
and many other files with difrent names aswell
so i surely wont say this virus is not a treat

i surely doesnt see this virus as an not impotant one
damn it trashed my system and was impossibel to get rid off

thats why i had to remove my main hd and is now on some old crappy 6gb hardrive

and the virus is spreading fast on P2P now
when i found out it was a virus about one hour after download i went to emule network again and saw 200 ppl now had it and its was friday
before i could issue a warning text my system crashed
i guess its very very well spread be now!


ps
dont gimme that
ohh u downloade warez u asked for it crap
doesnt go anyone any good anyway

 

a full format is only a quick format in reality:- a write test will take about 7hrs on a drive of the capacity of yours,but it does destroy all info and viruses etc on the drive it will also tell you if there is any other prob with the drive(it should in theory put the drive back to its "just bought" condition:-you have to then "format it" to use it:-its back in its raw state)

 

*lol*
i might have had the doubfull honuor of being the first to download this bugger of the coder himself probably

but he used a very interesting file to spread it in
and
within one hour 200 already had it
and mind u this was friday!
i wonder how many has this file by now ?
cause files get spread wafully fast on P2P
and those users who have either NOD32 and also Avast (im told it doesnt find it also)
will get infected and have their system trashed

i might installe emule on this hd and go see how will its spread be now

and im afraid the virus will be submitted to other files and spread via them

dont treat this virus as a low risk
casue its surely not
well ofcourse its not spreading like the agobot or sasser or similar
but once u have it in
and if ur AV doesnt know it
ur totally screwed

take my word for that !!!

 

If kaspersky detects it download the trial of kav(not demo)install on your 6gb hd update to current defs,set scanner to strongest options,install your 80gb drive as slave drive and scan it with kav:this should disinfect your new drive!

 

tnx alot

i just hope that it havent destroyed all my files
cause it managed to infect most of the exe files i had on it including so many windows files that the system would crash

but how it survived the many power off's and reinstalls i did is still a riddle to me ?

also symantic cathagorizes it as "difficult" to remove

i know quite alot on computers and safety casue ive had computers since the Amiga 500 days

and why i coulndt remove it is still a riddle to me

one virus sofar i coundt remove by a powershutdown adn a windows reinsatll

 

A soultion could be "Dont do p2p"
S´ry couldnt resist it

 

If you only did a soft format(not a write test)they may still be recoverable by "get data back" or something similar or failing that(depending on the value you place on the files!)there are companies that will recover the data for you,but it is quite expensive(they use similar techniques to the police to recover data from suspect pc's)

 

I also agree with Madsen if you want to stay safe dont do p2p

 

THATS NOT AN OPTION

problem was i trusted that NOD32 said the file was clean!

but maybe i should quarantine all files a few days to be sure

but ive tryed many AV's and until this ive considered NOD32 the safest ?

 

Hi thecrow!

Downlod updates manual, here is address http://downloads1.kaspersky-labs.com/updates/

izi

 

Well Crow, sites like Kazaa are often used as a launch platform for alot of new nasties, so regardless of what AV you are using, you will never be completly safe.

 

demo version will not disinfect his PC or update defs(no key file) needs to download trial version:-
http://www.kaspersky.co.uk/trials?chapter=146481750
Only prob(in my opinion) its kav5(not as good as 4.5 also my opinion!)
Added later 4.5 still available there!

 

Why you don't send the infected file to samples@nod32.com ?

 

cause i went to NOD32 website and coundt find an email addy to submit it to

tnx ill send it to them right away

 

Downloading warez, alleged keygens and using P2P is commonly known as one of the most high risk activities on the internet. Your experience just illustrates that. As Madsen says, if you insist on engaging in that activity, you'll find relying on an AV alone (any AV although I'd give KAV the edge over the others but still would not rely on it alone) will not provide sufficient protection against everything all the time.

If you're going to continue in that practice (which is a matter of choice and so it is an option) either learn how to tighten up your PC's security to the max or continue to be a lab rat for folks who look for (and count on) suckers willing to take their bait.

 

Hi,

Sorry to hear about your experience with this little bugger. Hmmm. I'm am somewhat dismayed that NOD32 missed this virus and the next question is why?

This just serves as more ammo for the protection I've added to my arsenal.

Anyway, to get rid of this go here and download this beta, add the new signatures, make yourself a bootable disc, install your old hard drive and
then scan with this bootable disc.

http://www.networkassociates.com/us/downloads/beta/cleanboot/

This works very nicely, I'm using the beta as I write this.

Take Care,

 

Nothing personal Steve1955 and Madsen, but that's a rediculous suggestion. Even better, why not suggest we all stay completely off the net. That way we wouldn't have to spend all this $$ on security software! I think a better solution is to make better security software! That's why we're here - to learn how to safely enjoy the net.

 

Sig - Now that's a suggestion I agree with. Keep on truckin!