• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Sign in to follow this  

zero day virus

Recommended Posts

andy2004    1

ok dunno if this is right place to post , probably not if so moderator please feel free to move. Want to give you guys the heads up. Tonight i switched on my machine after being out most of the day and mcafee firewall caught a file trying to access the internet. Anyway to cut a long story short i quarantined the file using mcafee virus scan and submitted it to mcafee. Turns out the DAT update for removing and detecting the virus only came out 2 hours ago today :| the name for it under mcafee is downloader-ash but its a new variant which was picked up today possibly to exploit the flaws which microsoft released tuesday patches for. Now like i say this one caught me totally off gaurd and i know for a fact ive not installed or downloaded anything just browsed normal sites i go to such as totalbf2 , neowin.net and msn also msdn. Please guys if you havnt then do so now and patch/update windows and update your anti virus

edit : this was what i submitted to avert labs

AVERT Labs - Beaverton

Current Scan Engine Version:4.4.00

Current DAT Version:4739

Thank you for your submission.

Analysis ID: 2304865

Name Findings Detection Type Extra

zhopaizdupla.exe current detection downloader-ash Trojan no

current detection [ zhopaizdupla.exe ]

The file received is infected and can be detected and removed with our current DAT files and engine. It is recommended that you update your DAT and engine files and scan your computer again. If you are not seeing this with the product you are using, please speak with technical support so that they can help you determine the cause of this discrepancy.

If you use the McAfee VirusScan Online or VirusScan Retail retail products, and do not have the Dat File Version specified, please send an e-mail to xxxxxxx@avertlabs.com to request an extra.dat for your product. You must include the Analysis ID number found in the subject line of this message to receive the extra.dat file.


McAfee AVERT tm

A division of McAfee, Inc

the original file which triggered my cause for concern was zhopaizdupla.exe and was found by mcafee firewall trying to access the internet from the C:\windows\system32 directory. I wouldnt normally rasie this but you have to understand my windows machine was fully patched, antivirus was up to date with 4738 and was not detected when i ran a weekly scan yesterday. I can only assume this somehow got onto my system before i updated windows yesterday afternoon

Share this post

Link to post
Share on other sites
theantidote    0

Looks like CWS to me but whatever.

Share this post

Link to post
Share on other sites
andy2004    1

well just picked this one up again and again mcafee failed to detect it. Im currently in contact with mcafee techs on this one. It would seem its a generic trojan downloader (still dont know how its getting onto my system) but mcafee sent me an extra dat file and its now being picked up correctly. Even the latest mcafee dat 4744 does not detect this. Only the extra dat file will. Mcafee analyzed the files i sent to them and the first one actually turned out to be downloader-ash. The latest infection i had was downloader-ARL. How these are getting onto the system i do not know as i can honestly say in the week since the first infection appeared all ive done is browse legitimate websites :( is there any way to rule out where this is coming from ? its only happening on 1 pc at the moment none of my other pc's at home have shown any signs of infection. The only sign that i get an infection has happened is when this file trys to access the internet and mcafee firewall alerts me.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.