Re: New Virus Threat



From: "Joao Pinto" <Joao Pinto@xxxxxxxxxxxxxxxxxxxxxxxxx>

| Hi all
|
| There's a new virus that affects Windows Update. It turns Automatic Update
| in services.msc you can see it disables it. It also disables any version of
| Norton Anti-Virus.
|
| It creates a service called ##exmodul.exe that immediately connects to the
| internet sending thousands of infected mails. It has been identified as a
| trojan but it looks like a worm.
|
| It mutates from any number to another. I my case it started as 46exmodul.exe
| to 77exmodul.exe. The point is that this exploits a windows weakness and
| there's no tool to remove it from Norton or Windows Update and apparently
| neither Microsoft or Symantec knows about it.
|
| I have both Windows and Internet Security fully up-to-date.

A Kaspersky name...
http://www.viruslist.com/en/viruses/encyclopedia?virusid=120195

Have you submitted a sample to Virus Total ?

If you haven't....

Please submit a sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@xxxxxxxxxxxxxx?subject=SCAN

When you get the report, please post back the exact results.

The Kaspersky module of my Multi AV Scanning Tool could be used.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.