I just kind of spent my evening dealing with this bloody virus. The first time I detected it was when RegRun noticed this winupdte.exe placing itself in the start-up programs again and again. I eventually caught some of the responsible files:
C:\WINDOWS\system32\winupdte\winupdte.exe(the file to be loaded at start-up){temp folder}\is.exe(one of the crap processes by Adbul Raheem which add the above one to start-up){temp folder}\output.exe(same){temp folder}\svhost.exe(same)
I don’t know if there are other files around.
I checked one of the file on Virus Total, here is the result. Only 5 antiviruses out of 41 detected it. Kaspersky called it “Trojan.Win32.Buzus.emdx”, the other detection names were Dropper.Generic2.UFN (AVG), Heuristic.LooksLike.Trojan.Chinky.B (Mc Afee), VirTool:Win32/VBInject.gen!BH (Microsoft), Suspicious file (lol) (Panda). So globally, it seems that only Kaspersky detected the file as a specific virus, the other tools detected it thanks to heuristic or generic detection. I sent the virus an hour ago to Avira, because that’s the anti-virus I use and I actually need a fix (oops :s). I don’t have the time to send it to other vendors, so if you’re willing to send it yourself or if you’re precisely an anti-virus maker looking for this Buzus, here it is (beware, all 4 exes in the 7-zip archive are very most likely infected), in a 7-zip encrypted archive (password: virus).
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.