Skip to content


Trojan.Win32.Buzus.emdx

I just kind of spent my evening dealing with this bloody virus. The first time I detected it was when RegRun noticed this winupdte.exe placing itself in the start-up programs again and again. I eventually caught some of the responsible files:

  • C:\WINDOWS\system32\winupdte\winupdte.exe (the file to be loaded at start-up)
  • {temp folder}\is.exe (one of the crap processes by Adbul Raheem which add the above one to start-up)
  • {temp folder}\output.exe (same)
  • {temp folder}\svhost.exe (same)

I don’t know if there are other files around.

I checked one of the file on Virus Total, here is the result. Only 5 antiviruses out of 41 detected it. Kaspersky called it “Trojan.Win32.Buzus.emdx”, the other detection names were Dropper.Generic2.UFN (AVG), Heuristic.LooksLike.Trojan.Chinky.B (Mc Afee), VirTool:Win32/VBInject.gen!BH (Microsoft), Suspicious file (lol) (Panda). So globally, it seems that only Kaspersky detected the file as a specific virus, the other tools detected it thanks to heuristic or generic detection. I sent the virus an hour ago to Avira, because that’s the anti-virus I use and I actually need a fix (oops :s). I don’t have the time to send it to other vendors, so if you’re willing to send it yourself or if you’re precisely an anti-virus maker looking for this Buzus, here it is (beware, all 4 exes in the 7-zip archive are very most likely infected), in a 7-zip encrypted archive (password: virus).

Posted in security.


0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.

Please solve the CAPTCHA below in order to fight spamWordPress CAPTCHA