DRWEB - virus database update
Yesterday (a shame on my head) I caught a virus blocker. True, he was very kind - just showed porn in the middle of the screen and blocked the task manager.
I reboot into safe mode, I launch a fresh cureit (there was no time to search manually), I leave to celebrate DR to a friend. Dr.WEB did not find anything. I run regedit and in
find
I delete the registry entry, reboot, download fresh cureit again, poke it into this file - clean, 0 malicious objects. I give Kaspersky through the site check - detects malware there.
I decided to do a good deed - send a file with the virus through the https://vms.drweb.com/sendvirus/ page. To track the process entered his mail. Now, with an interval of about once an hour, they send a message about the next assignment of my application number:
I resent!
PS as I called this thing Kaspersky I can say in the evening how I will get home. If Dr.Web than please - I will write.
')
UPD: Dr.Web stopped writing to me, I hope they added it to the database. The first letter is at 22:24, the last is at 11:36, i.e. about 13 hours. From the last letter it is not clear what they did with this infection. The source file, unfortunately, is lost.
UPD2: http://www.securelist.com/en/search?VN=Trojan-Downloader.Win32.Piker.axr&sha1=c7f46a883544f02485652f65343d48202ca7dd6f - he.
UPD3: I managed to get the file out of Kaspersky. DrWeb now defines it as Trojan.Winlock.653. Messages like "the file you sent us, added to the database" never received, although I was waiting for it.
I reboot into safe mode, I launch a fresh cureit (there was no time to search manually), I leave to celebrate DR to a friend. Dr.WEB did not find anything. I run regedit and in
hklm\software\microsoft\windows\currentversion\runfind
c:\program files\plugin.exeI delete the registry entry, reboot, download fresh cureit again, poke it into this file - clean, 0 malicious objects. I give Kaspersky through the site check - detects malware there.
I decided to do a good deed - send a file with the virus through the https://vms.drweb.com/sendvirus/ page. To track the process entered his mail. Now, with an interval of about once an hour, they send a message about the next assignment of my application number:
Please include the line: [drweb.com #XYZQWER]. In the Subject field of all your correspondence on this topic. For this you can simply reply to this or any other letter on this topic. Thanks for your cooperation.And when I try to answer, I get a bluff:
Could not find a ticket with id XYZQWERAnd so already 11 hours.
I resent!
PS as I called this thing Kaspersky I can say in the evening how I will get home. If Dr.Web than please - I will write.
')
UPD: Dr.Web stopped writing to me, I hope they added it to the database. The first letter is at 22:24, the last is at 11:36, i.e. about 13 hours. From the last letter it is not clear what they did with this infection. The source file, unfortunately, is lost.
UPD2: http://www.securelist.com/en/search?VN=Trojan-Downloader.Win32.Piker.axr&sha1=c7f46a883544f02485652f65343d48202ca7dd6f - he.
UPD3: I managed to get the file out of Kaspersky. DrWeb now defines it as Trojan.Winlock.653. Messages like "the file you sent us, added to the database" never received, although I was waiting for it.
Source: https://habr.com/ru/post/79500/
All Articles