NUEVA VARIANTE DE VIRUS NO CONTROLADO QUE ESTA PROPAGANDOSE

[msc hotline sat]

Hemos recibido muestras de nueva variante de un Backdoor CSL ya controlado por McAfee, pero que otra variante con el mismo tamaño y con los mismos efectos, infecta muchos ficheros que pasan desapercibidos por el antivirus, por lo que, aparte de enviar muestra a McAfee para su control em proximos DAT, hemos realizado nueva version de la utilidad que ya habiamos hecho para la version basica qie controlabamos y eliminabamos con el ELIBDCSL.EXE para ya controlarlo y eliminarlo:



---v1.1--- (15 de Julio del 2005) (Para Muestra con nueva variante)



Ya puede descargarse esta utilidad para pruebas de evaluacion en el foro de zonavirus, desde:



http://www.zonavirus.com/datos/descargas/178/ELIBDCSLEXE.asp



la cual recomendamos utilizar mientras no se disponga de su control a través del antivirus.



saludos



ms, 15-07-2005

[msc hotline sat]

A titulo de informacion, copio el informe del sandbox de Norman, quienes tampoco controlan aun este virus, y a quienes tambien les hemos enviado muestra para su control:


[quote="Sanbdbox de Norman"]
Norman Scanner Engine 5.83. 2

Sandbox 05.83, dated 20/05-2005



Your message ID (for later reference): 20050715-302



apica32.exe : Not detected by sandbox (Signature: NO_VIRUS)

[ General information ]

* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.

* File length: 11406 bytes.



[ Changes to registry ]

* Creates key "HKCR\CLSID\{7FFEFEDE-6777-777F-EFED-F67777777FFE}".

* Creates key "HKCR\CLSID\{7FFEFEDE-6777-777F-EFED-F67777777FFE}\Ìý".

* Sets value "default"="Class" in key "HKCR\CLSID\{7FFEFEDE-6777-777F-EFED-F67777777FFE}\Ìý".

* Creates key "HKCR\CLSID\{33333FBE-A93B-3733-33FB-BA93B6373333}".

* Creates key "HKCR\CLSID\{33333FBE-A93B-3733-33FB-BA93B6373333}\LocalServer32".

* Sets value "default"="c:\sample.exe" in key "HKCR\CLSID\{33333FBE-A93B-3733-33FB-BA93B6373333}\LocalServer32".

* Creates key "HKCR\CLSID\{7FFEFEDE-6777-777F-EFED-F67777777FFE}\Data".

* Sets value "default"="" in key "HKCR\CLSID\{7FFEFEDE-6777-777F-EFED-F67777777FFE}\Data".

* Creates value "sample.exe"="c:\sample.exe /s" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices".

* Creates key "HKCR\CLSID\{FEDEF677-7777-FEFE-EF67-77777FFEFEDE}".

* Creates key "HKCR\CLSID\{FEDEF677-7777-FEFE-EF67-77777FFEFEDE}\Ìý".

* Sets value "default"="Class" in key "HKCR\CLSID\{FEDEF677-7777-FEFE-EF67-77777FFEFEDE}\Ìý".

* Creates key "HKCR\CLSID\{3FBEBA93-6373-333F-EBA9-B63733333FBE}".

* Creates key "HKCR\CLSID\{3FBEBA93-6373-333F-EBA9-B63733333FBE}\LocalServer32".

* Sets value "default"="c:\sample.exe" in key "HKCR\CLSID\{3FBEBA93-6373-333F-EBA9-B63733333FBE}\LocalServer32".

* Creates key "HKCR\CLSID\{77777FFE-EDEF-7777-77FF-FEDEF6777777}".

* Creates key "HKCR\CLSID\{77777FFE-EDEF-7777-77FF-FEDEF6777777}\Ìý".

* Sets value "default"="Class" in key "HKCR\CLSID\{77777FFE-EDEF-7777-77FF-FEDEF6777777}\Ìý".

* Creates key "HKCR\CLSID\{B6373333-FBEB-93B6-7333-3FBEBA93B637}".

* Creates key "HKCR\CLSID\{B6373333-FBEB-93B6-7333-3FBEBA93B637}\LocalServer32".

* Sets value "default"=""C:\SAMPLE.EXE"" in key "HKCR\CLSID\{B6373333-FBEB-93B6-7333-3FBEBA93B637}\LocalServer32".

* Creates key "HKCR\CLSID\{FFEFEDEF-7777-77FF-FEDE-67777777FFEF}".

* Creates key "HKCR\CLSID\{FFEFEDEF-7777-77FF-FEDE-67777777FFEF}\Data".

* Sets value "default"="" in key "HKCR\CLSID\{FFEFEDEF-7777-77FF-FEDE-67777777FFEF}\Data".

* Creates key "HKCR\CLSID\{FEFEDEF6-7777-7FFE-EDEF-7777777FFEFE}".

* Creates key "HKCR\CLSID\{FEFEDEF6-7777-7FFE-EDEF-7777777FFEFE}\Data".

* Sets value "default"="" in key "HKCR\CLSID\{FEFEDEF6-7777-7FFE-EDEF-7777777FFEFE}\Data".

* Creates key "HKCR\CLSID\{FFEDEF67-7777-FFEF-DEF6-777777FFEFED}".

* Creates key "HKCR\CLSID\{FFEDEF67-7777-FFEF-DEF6-777777FFEFED}\Data".

* Sets value "default"="" in key "HKCR\CLSID\{FFEDEF67-7777-FFEF-DEF6-777777FFEFED}\Data".

* Creates key "HKCR\CLSID\{FEDEF677-7777-FEFE-EF67-77777FFEFEDE}\Data".

* Sets value "default"="" in key "HKCR\CLSID\{FEDEF677-7777-FEFE-EF67-77777FFEFEDE}\Data".

* Creates key "HKCR\CLSID\{FFEF6777-777F-EFED-F677-7777FFEFEDEF}".

* Creates key "HKCR\CLSID\{FFEF6777-777F-EFED-F677-7777FFEFEDEF}\Data".

* Sets value "default"="" in key "HKCR\CLSID\{FFEF6777-777F-EFED-F677-7777FFEFEDEF}\Data".

* Creates key "HKCR\CLSID\{FEF67777-77FF-FEDE-6777-777FFEFEDEF6}".

* Creates key "HKCR\CLSID\{FEF67777-77FF-FEDE-6777-777FFEFEDEF6}\Data".

* Sets value "default"="" in key "HKCR\CLSID\{FEF67777-77FF-FEDE-6777-777FFEFEDEF6}\Data".

* Creates key "HKCR\CLSID\{FF677777-7FFE-EDEF-7777-77FFEFEDEF67}".

* Creates key "HKCR\CLSID\{FF677777-7FFE-EDEF-7777-77FFEFEDEF67}\Data".

* Sets value "default"="" in key "HKCR\CLSID\{FF677777-7FFE-EDEF-7777-77FFEFEDEF67}\Data".

* Creates key "HKCR\CLSID\{F6777777-FFEF-DEF6-7777-7FFEFEDEF677}".

* Creates key "HKCR\CLSID\{F6777777-FFEF-DEF6-7777-7FFEFEDEF677}\Data".

* Sets value "default"="" in key "HKCR\CLSID\{F6777777-FFEF-DEF6-7777-7FFEFEDEF677}\Data".

* Creates key "HKCR\CLSID\{77777777-FEFE-EF67-7777-FFEFEDEF6777}".



[ Process/window information ]

* Will automatically restart after boot (I'll be back...).

* Creates an event called __ServiceEvent.





(C) 2004 Norman ASA. All Rights Reserved.

The material presented is distributed by Norman ASA as an information source only.



Sent by sat@satinfo.es to sandbox.

Received 15.July 2005 at 10.13 - processed 15.July 2005 at 10.14.
[/quote]

Todo lo cual se restaura con la utilidad ELIBDCSL.EXE desde v 1.1



saludos



ms, 15-07-2005