23 July 2008

Trojan:Win32/Vundo.HT


based on own exerience
By infection:
- Computer startup takes more than 10 times longer (can be 1 - 2 Minutes) as before 20, 30 seconds
- Explorer.exe error by shut down Windows + mem address ... error cant read before windows can be shut down shown up.
- Internet speed slow down between 25 - 50 % depence. A download takes long till it reach ful speed, websites going slower open
- No other symptoms where found on this machine (Ads was not displayed maybe cause of a big windows host file + Hardware firewall in router + software firewall + resident Spy Boot Search and destroy

Scanner detected as of today:
Microsoft Live OnCare Version 2.5.2900.03 + updates from today 1.37.1028.0

Scanner tested and failed:
VBA Version Vba32 Windows/CL 3.12.8.1 / 2008.07.23 07:36 (Vba32.W) - (Product installed w/o resident shield, scan only)
Rising 20.54.22 + Updates from 2008-07-23 15:18 - (Product installed w/o resident shield, scan only)
Kaspersky online scan
Mc Afee online scan
Symantec online scan
Avast Antivirus Professional latest Version 4.8.1227 + Database from 23.07.2008 - (Product installed with resident shield)

It can not be the same Win32/Vundo.HT as written and reported here:
http://virscan.org/report/5eef7ac939a5b56864e17fd6e6692f6f.html an this:
http://www.virustotal.com/pt/analisis/c183084f5aa165e8bf6090b0ea772ab2

more this can be matching if Vundo is not exeprotected (almost with Armadillo founded) or have changed again: http://forum.malekal.com/viewtopic.php?f=62&t=11351

otherwise todays scan with Rising Antivirus, VBA32, Symantec and Kaspersky will found and show it. As well yesterdays scan with Norman_Malware_Cleaner ( Norman Malware Scanner Build 2008/07/07 23:58:09 Engine version 5.92.08 Nvbin.def Version 5.92.00) will already detect and found it. The file is (was) more than one week on disk.


Virus info

Advice: Scan Computer online using Windows LiveOnCare (See links collection to the left)

I just see Norman have updated Norman Malware Cleaner to: Build 2008/07/17 23:58:30 Version 5.93.01 Nvcbin.def Version: 5.93.00. Can give it a try:
http://download.norman.no/public/Norman_Malware_Cleaner.exe



Rising have a great support:
Please submit the file from the link below, then RISING Virus Lab will analyse further.
Link: http://sample.rising-global.com/webmail/upload_en.htm
RISING ANTIVIRUS - Lion-strong security
Free Download: http://download.rising-global.com/ Buy Now: http://buynow.rising-global.com/
Rising Website: http://www.rising-global.com/ Europe Website



Kaspersky maybe have support if you have a customer number and send it with a Europe Union IP or USA IP Address. I never again send them any Virus samples if I found a Virus with and from an Asian, Middle East or African IP to check for virus. They answer in an email that they can not found in the submited sample here THIS VIRUS: http://www.virustotal.com/de/analisis/948e937da2471d95f0852ae850eb7ae7
Datei engt32.dll empfangen/received 2008.07.08 03:09:01 (CET)Status: Beendet/finished
Ergebnis/result: 20/33 (60.61%)
and that I should send my customer number. Im not a virus reasearcher but I get a hate if get infected and the installed AntiVirus failed to protect especially from P2P downloads.
So you stay infected with Kaspersky with this parasite from year 2006 unless anyone send the sample again if possible with from a Country what they like to support them customers. I heared if send them sample Virus from Germany they need only 15 minutes until they update the database.

Addendum

Rising AntiVirus updates today Version 20.54.30 can found it now too.
http://go.rising.com.cn/download/transfer.asp?ver=setup

1 comments:

Post a Comment

We would appreciate if you as readers of our blog, show us some feedback by signing up to this site with Friend Connect.
This will encourage us to publish updates in the future.

Archive

Dentoo.info - Hosting - Offering seedboxes and seedbox solutions

Connect

MoDs - BRD Push 2 Check Projects News all on one Page
Subscribe to rss feed! Powered By Blogger Creative Commons —
 Attribution-Noncommercial-No Derivative Works 1.0 Generic
GFC Accessibly Test

Site Stats Public Google Analytics stats

We respect your privacy. Your email address will never be shared with others.

My IP Address