Reply to thread

Message: <blockquote data-quote="BLACKLIST_MEMBER" data-source="post: 8315515" data-attributes="member: 79414">Rootkit.TmpHider(new virus) - USB infecting without using autorun.inf fileModules of current malware were first time detected by "VirusBlokAda" (anti-virus.by) company specialists on the 17th of June, 2010 and were added to the anti-virus bases as Trojan-Spy.0485 and Malware-Cryptor.Win32.Inject.gen.2. During the analysis of malware there was revealed that it uses USB storage device for propagation. You should take into consideration that virus infects Operation System  in unusual way through vulnerability in processing lnk-files (without  usage of autorun.inf file). So you just have to open infected USB storage device using Microsoft  Explorer or any other file manager which can display icons (for i.e.  Total Commander) to infect your Operating System and allow execution of  the malware. Malware installs two drivers: mrxnet.sys and mrxcls.sys. They are used  to inject code into systems processes and hide malware itself. That's  the reason why you can't see malware files on the infected USB storage  device. We have added those drivers to anti-virus bases as Rootkit.TmpHider and SScope.Rookit.TmpHider.2. Note that both drivers are signed with digital signature of Realtek Semiconductor Corp. (<a href="http://www.realtek.com/" target="_blank">www.realtek.com</a>). Thus, current malware should be added to very dangerous category causes the risk of the virus epidemic at the current moment. After we have added a new recordes to the anti-virus bases we are admitting a lot of detections of Rootkit.TmpHider and SScope.Rookit.TmpHider.2 all over the world.src: anti-virus.by</blockquote>

Verification: Nawa warak dahaya keeyada? (Namaya wadi kireema dahaya)

Top Bottom