KASPERSKY ENGINE: Are you really protected? Think again!!!

[Kiran.dks]

My day with my computer went on smooth until the afternoon when my friend brought pen drive of stuff for burning a CD...

My Confidence: Never a virus infection to my lappy
My defence system:
Antivirus: AOL Activ Virus Shield (A free version of Kaspersky Antivirus)
Antispyware: Windows Defender + Spybot
Firewall: ZoneAlarm Pro

Friend: Hey..I have some stuff to burn on CD. Are you free this afternoon?
Me: Yep..2:00pm

So here we go...my friend lands up will a bag of CD's and a pen drive.

I insert the pen drive into USB slot. Autorun open's up a menu. I cancel it as usual so that I perform a full scan of the pen drive. But this time busy in conversation with my friend, I forget on-demand scanning of the pen drive.

I open "My Computer" and double click the "Removable drive".

Then I see that nothing happens. Let me try again... double click double click...
Now I landed up in surprise. Then alas! I see CPU utilization shoot up to max and system speed sluggish! Suddenly ZoneAlarm shoots up a message that xxxx wants to be added everytime computer starts. Second mistake, I clicked yes! Then I realized I have done something wrong! Sh!t..what the hell was I doing?..
I right click the removable drive and select Open.

The contents open up. I just glance through the contents and alas! I see hidden exe files with the same folder name. powerpoint.exe....songs.exe...etc.

Me to friend: Hey..what are these files? Did you put this in pen drive?
Friend: Nope...I dono what they are!!

I am screwed up! At the back of my mind what the hell is my antivirus doing? No warnings...nothing..

SERIES OF TROUBLES:

Then I right-click on taskbar to see running processes.... But "Task manager" greyed out!

Now...I knew..My system is INFECTED!

Friend: Whatz that man? Why is it greyed out?
Me: yep...now jus see "Folder Options" will not be missing. I go to Tools>..folder options gone!

I give a big smile...
Friend: So you are screwed up! Are you gonna format ur PC?

Hey..Hey...nope not at all. The word FORMAT is not in my dictionary!

Then the last thing to check.. "Start>Run> regedit

Windows shoots up: "Registry editing is disabled by the administrator"

Yep! I knew that!

Now I do all the process of restoring "Folder Options", enabling "Registry editing" and restoring "Task Manager".
I think most of us here know the process! So I am not gonna explain that. There are many threads already running!

I rebooted the system in "Safe mode" and started a full scan of the system using AOL Antivirus, Windows Defender Antispyware, and spybot! I know that Windows Defender and Spybot will never detect it because it is a Trojan Worm. But what happened to KASPERSKY ENGINE BASED ANTIVIRUS? It also showed zero infection!

I immediately run "HijackThis" and get a report of running process. I see scvhost.exe running in some strange named folder in "WINDOWS" directory!
There is the culprit!..
"My Computer">"Windows"> xxxx folder. I see a scvhost.exe, some other files and a mp3 file here!!

I opened mp3 file in WMP and hear a "Laughing sound...Hehahehahhahaha"

I knew that this is the sound that will be played if the worm creeps into my lappy's boot sector! That will be the FINAL SHOW DOWN OF THE WORM.

Now the real show begins! My Lappy Vs WORM

I downloaded "Avira AntiVir", uninstalled AOL Antivirus, and installed Avira.

SCAN...

Avira immediately shoots up! Win32.Agent.abt, scvhost.exe virus detected! I

I immediately choose "DELETE" and complete the scan!

Now is that the end of the story? I thought so.
BUT...

Why are the hidden files not showing up? I go to "Folder Options" and see that the option "Don't show hidden files" checked.

I check the option "Show Hidden files" and click Ok.

But I still see no hidden files. I go back to "Folder options" and see that it has automatically reset to "Don't show hidden files"!

I try many times but nothing works.
Start> Run>regedit

I navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced
and change the "Hidden" dword value to 1 and click "OK".

But no sign of hidden files. I again go to regedit and see that the value has changed back to 2!

That's not a good sign! Is the culprit still there? Avira has done it's part in removing some..but ...

then it's turn of avast!. I uninstalled Avira and installed avast! and performed a full scan.
The result: No infection found! But problem still there.

I am pretty sure that a culprit is still there causing not to show the hidden files. A script from "Kelly's Korner" for restoring the hidden files works, but it's temporary.

I am in process of sorting out this problem. Now downloaded "BitDefender" trial version. Let me have a go!

And if you think this is only faced by me...

Check this link form Kaspersky forum: http://forum.kaspersky.com/index.php...pic=32239&st=0

[anandk]

i think its been quite some time now, that aol no longer uses kaspersky but ca instead

[k@®thick]

AOL Activ Virus Shield is a discontinued product

[Kiran.dks]

Thanks for this update. I missed out this one.

But still the worm is a old one. Kaspersky engine has this vulnerability. Check this link: http://forum.kaspersky.com/index.php...pic=32239&st=0. A user has the same problem even though he was using KIS.

I think some how, this WORM gains access to Kaspersky engine and neutralizes it without warning.

[Lucky_star]

there is a worm which kaspersky identifies as win32.sohanad. and ssvchost.exe or something like that. If kaspersky isn't updated, then this virus easily enters the system and disables Kaspersky. After that, the antivirus becomes useless.

bitdefender won't be able to remove the microsoftpowerpoint.exe viru. It simply deletes the autorun file. try Nod32 trial instead. It will wipe out all the viruses easily.

[Faun]

Antivir rocks as a freeware and kicks even paid ones

[desiibond]

Forget about AVS, Kaspersky itself sunk me few weeks back. I downloaded a file from internet and Kaspersky didn't even run the on-access scan. Only once the system is infected, is said there is virus. hahaha. I know that. Now using McAfee ver 8. The old nice antivirus. Tried to download the same thing and McAfee 8 is not letting me to save the file.

[piyush gupta]

Wow what an explaination...my lappy vs worm

[gxsaurav]

I don't know about KAV engine but it sure is a CPU hog, slows down my Vista computer a lot, I don't care about RM usage but CPU use is high, it even scans files when i m copying from c to e drive

[Kiran.dks]

Quote:

Originally Posted by Lucky_star

there is a worm which kaspersky identifies as win32.sohanad. and ssvchost.exe or something like that. If kaspersky isn't updated, then this virus easily enters the system and disables Kaspersky. After that, the antivirus becomes useless.

bitdefender won't be able to remove the microsoftpowerpoint.exe viru. It simply deletes the autorun file. try Nod32 trial instead. It will wipe out all the viruses easily.

This happened to me on Sunday 31st September. Till then AOL was updated to 30th Sep definitions. I think AOL should have identified it. I am surprised too!

Quote:

Originally Posted by T159

Antivir rocks as a freeware and kicks even paid ones

Yep! I was using this for many months before I switched to AOL. Avira AntiVir is truly a good antivirus.

[786]

Then which AV to use its really confusing now, like I am now using KAV (trial though)

How about if I post a poll?

EDIT: Ok, thraed started Which AV with anti-spyware engine do u think is best?, think others will help

[Ethan_Hunt]

@Kiran: The exact same problem I faced a while back.Pen drive with virus is the rage now-a-days.If any friend of mine now even dares bring any Pen drive near to my PC I promptly ask him to get a DVD.This happened to me a while back when I was using NOD32 with complete updates.The darn thing did not detect the explorer.exe virus or torjan or whatever it was & it spread to 2 of my non-os partitions.Not sure what long-term effects they have but I have formatted my OS based partition recently so that takes care of one drive but am worried if the files haven't spread across to other drives folders as I have a lot of data which I am backing up.

I use Kaspersky Antivirus V7.0.0.120 with all latest updates.The joke is I wasn't able to detect this worm under windows.It was only when I started up Nero Burning Rom it detected some wierd files in my each HDD partitions.It was only when one of my friend's later told me that it's an explorer.exe worm which spread through thumb drives or external drives & would render my double click opening option disabled.Since then I am very cautious of these external drives.But I need an explanation as to why is this(thumb drive thing) becoming so widespread?

[Kiran.dks]

Quote:

Originally Posted by 786

Then which AV to use its really confusing now, like I am now using KAV (trial though)

How about if I post a poll?

EDIT: Ok, thraed started Which AV with anti-spyware engine do u think is best?, think others will help

Yep. I am surprised too that Kaspersky has this vulnerability. I hope they are working on this and lets hope they make the product better. I will forward links of such cases to Kapersky and see how they go about it.

Time being I would suggest you to stick to Avira AntiVir OR avast!. They are good old buddies.

One more important things I forget to mention...

I now have avast! Home edition installed. I scanned the same pen drive using avast!. I was not at all surprised that avast! found more than 100 virus infections in the pen drive!

[ax3]

WOW ........ whot an explaination .......


i think ...... none of all antivirus r HELPful ....... they just hog ur memory ... & when a new virus is around , u r screwed ........

Quote:

Friend: So you are screwed up! Are you gonna format ur PC?

Hey..Hey...nope not at all. The word FORMAT is not in my dictionary!

add FORMAT in ur dictionary!

[Kiran.dks]

Quote:

Originally Posted by ankitsagwekar

add FORMAT in ur dictionary!

Lol I knew someone will pick it up!
But I am not giving it up. Right now everything is good except the hidden files.
Btw, I was doing some changes, finally hidden files are visible by changing the DWORD value to 1. By doing so, one problem is left.
The selection in folder options now is none!
"Don't show hidden files & folders"
"Show hidden files & folders"

Both these options are unchecked now! But I am able to see the hidden files.
If I select any one of the option & click OK...then it switches back to "Don't Show hidden files"!

Some thing has gone crazy. Whether it's done by culprit or due to some registry access settings...i need to find out.

[piyush gupta]

^^Hmm registry....

where is vishallllllllllllllllllllllllllllllllll


post this at askvg.com

Quote:

Originally Posted by Kiran_tech_mania

Lol I knew someone will pick it up!
But I am not giving it up. Right now everything is good except the hidden files.
Btw, I was doing some changes, finally hidden files are visible by changing the DWORD value to 1. By doing so, one problem is left.
The selection in folder options now is none!
"Don't show hidden files & folders"
"Show hidden files & folders"

Both these options are unchecked now! But I am able to see the hidden files.
If I select any one of the option & click OK...then it switches back to "Don't Show hidden files"!

Some thing has gone crazy. Whether it's done by culprit or due to some registry access settings...i need to find out.

can somebody create tutorial for this so i also remove FORMAT word in my dictionary!


my pc get infected with virus i remove it but my network service stop working some time after logon

[The_Devil_Himself]

Why you guys hate\avoid formatting so much?It brings back life to your windows PC I mean windows slow down so much within just a few months of installation.

Avast+spybotS&D+ad adware+kerio personal firewall rocks for me.No problem whatsoever.

[SunnyChahal]

@ TDH-bhai files to sabhi ud jaati hai.
i mean my installed software and all that.
yup it livens up the PC but at some cost.

[Hackattack]

It's been over 1yr since i