New Malware

Crem
Crem
in Malware talk

Here is new malwares appeared in my computer. Pass unrar : infected

/applications/core/interface/file/attachment.php?id=962" data-fileid="962" rel="">New_Malware.rar

Comments

  • s4u
    s4u

    Please look here


    http://forum.bitdefender.com/index.php?showtopic=84

  • vlad
    vlad

    It's a VB worm. Signed it; thanks for the sample.


    To remove it:


    - from task manager (or better yet, Process Explorer) kill the process System.exe. ATTN: do NOT kill the System process, but System.exe;


    - delete (or scan with BD after an update and instruct it to delete detected files):


    c:\windows\config\system.exe


    c:\windows\config\svchost.exe (NOT the one in system32!)


    c:\config\system.exe


    - on ALL drives (ie. C:, D:, etc.):


    [drive]:\recycled\info.exe


    - if the file autorun.inf in the root of the drives contains the string info.exe, also delete it.


    - note that the files may be hidden; the best option would probably to update your BD and allow it to delete all infected files detected as Win32.Worm.VB.NPM.

All Time Leaders

Categories

Defenders of the month