e-nil!... Latest Threats...

 

 

 

Announcement: Now the most of the anti viruses can detect & clean this virus:

  • Win32 AutoRun GV (Win32:AutoRun-GV)

  • Worm INET AA (WORM_INET.AA)

  • Worm SILLYFDC BN (WORM_SILLYFDC.BN)

  • TR / Crypt XDR Gen (Avira) (TR/Crypt.XDR.Gen)

  • Backdoor Win32 Difeqs gen (Microsoft) (Win32/Difeqs.gen)

  • Worm / Generic DKD (Worm/Generic.DKD)

  • Win32 Worm P2P VBT (Win32.Worm.P2P.VBT)

  • Worm AutoRun tk (Worm.AutoRun.tk)

  • Virus Win32 AutoRun tk (Virus.Win32.AutoRun.tk)

  • Win32 Worm P2P VBT (Win32.Worm.P2P.VBT)

  • Virus Win32 AutoRun tk (Virus.Win32.AutoRun.tk)

  • Suspicious file

  • W32 Dawin - A (W32/Dawin-A)

  • Virus Win32 AutoRun tk (Virus.Win32.AutoRun.tk)

I would like to recommend using these anti viruses instead e-nil! Virus Cleaner:

These anti viruses provide protection and facilities more than e-nil! Virus Cleaner…

 

A new self-replicating Malware (Virus and Worm) attacks!!!

Overview:

A new computer worm is attacking the computers around the world, the serious problem is the most of the anti viruses cannot detect & clean it… also the removal tool was not available on the Internet… other serious problem presents when some of current anti viruses detect this virus as other kind of virus (Worm 32 family) … and usually these antivirus delete the whole infected file (exe & autorun.inf … ext)…

 

This virus infects computer, for instance by:

  • Infecting the local hard disk drivers & executable applications

  • Carrying himself on a removable medium such as a floppy disk, CD, or USB drive.

  • Sending himself over a local network or the Internet. This virus can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer.

  • Adding keys into Windows registry

This virus is mixture between worms, virus and maybe Trojan; he is a self-replicating computer program, attaches itself to existing programs in the infected PC (modify files on a targeted computer). It confused with computer worms. He can spread itself to other computers without needing to be transferred as part of a host. And usually this mixture of a computer worm and virus may be a Trojan horse too…

 

This virus blurring the line between viruses and worms (maybe Trojan too) actually it is self-replicating Malware.

 

Description:

Nobody sure yet about the name of this new virus… Saturday, November 03, 2007 I submitted the virus exe file to “Virustotal” (Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, Trojans, and all kinds of Malware detected by antivirus engines) and I got these results (Antivirus / Result):

  • AVG Worm/Generic.DKD

  • BitDefender Win32.Worm.P2P.VBT

  • CAT-QuickHeal Worm.AutoRun.tk

  • F-Secure Virus.Win32.AutoRun.tk

  • Ikarus Win32.Worm.P2P.VBT

  • Kaspersky Virus.Win32.AutoRun.tk

  • Panda Suspicious file

  • Sophos W32/Dawin-A

  • VBA32 Virus.Win32.AutoRun.tk

The manger antivirus engines give different name for this virus (Malware); I think that means two things:

1- There is no specific name of this virus

2- Each antivirus engine handles this virus in a different way. And does not detect the latest version of him (detects him as other kind of virus - Worm 32 family)

 

Technical Details:

When executed, the virus drops file / component (a copy of itself) “KB915865.exe” in all physical drives. That includes too all removable drives, such as flash disks. It creates the folder “\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\” in drives it affects, and drops a copy of itself as “KB915865.exe” This folder is set to Hidden and System.

\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

Also it drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed. The said file contains the following strings:

[AutoRun]

open=.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe .

shellexecute=.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe .

shell\Open\command=.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe .

shell=Open

open=.

 

This virus creates registry entries to enable its automatic execution at every system startup.

 

Platform:

This worm affects systems running on Windows 98, ME, NT, 2000, XP, and Server 2003.

 

Solution (e-nil! Virus Cleaner):

I wrote a specific removal tool for this virus (e-nil! Virus Cleaner), it is free and available on my blog:

http://www.e-nil.com/blogs/ ; my removal tool clean this virus by:

  • Cleaning the infected file (without destroy of delete the infected file), it just removes the virus form the infected EXE file.

  • Cleaning the Windows register in the infected computer by Removing Auto Start Entry from the Registry

  • Deleting Malware created AUTORUN.INF

  • Deleting the Malware File and Folder

To find and remove this virus from your computer, all you have to do is press “Start Scanning”. You can interrupt the scan at any time by closing “e-nil! Virus Cleaner” Window.

If you are using any resident antivirus protection, it necessary to stop it for the runtime of this tool. Additionally, it is recommended to turn off the automated System Recovery (Windows Me/XP)… This tool should be run in Windows Safe Mode.

It is recommended not start any applications during this scanning – it may result in your system getting infected again.

Note: This program is just a remover for a limited number of viruses. For regular protection, use a full-featured antivirus. Be sure you also update your Windows system; otherwise the worm can come back very quickly!

Download e-nil! Virus Cleaner Please check for new version frequency…

Hani Simo

Programmer / Analyst

 

e-nil website is temporarily unavailable.

visit my blog!

 

We apologize for this inconvenience, but we are re-engineering our site in order to better serve our customers needs.

 

 

Check back with us soon!

 

In the meantime, if you need to get in touch with e-nil, please contact us by email info@e-nil.com

 

 Thanks for your visit