BannerPortlet

Blogs

Recently our HoneyPot has collected a virus sample which sends challenging message to any antivirus software.

"[Sab0tagE] : The Next Level

Your computer has been SABOTAGEd.

Where is your AntiVirus when you need one?

You talk of times of peace for all,

And then prepare for war.

Remember! Even you win the rat race, you are still a rat!

Silver FoX – Lampung Underground"

Once the system is infected with this kind of virus (it is detected as W32. DownloadWinsLnr.Trojan by Bkav), Windows directory will be locked. Users cannot access this folder any more, and even antivirus software cannot detect the hidden virus if set in User mode.

Actually, the technique which DownloadWinsLnr uses is quite simple. It only needs to set permisison on Windows directory, denying all accesses to this directory, which allows the virus to perform all the above actions.

However, the virus creator, while giving such challenging messages, cannot anticipate that Kernel mode is not controlled  by permission setting. And most of  high-profile antivirus softwares have a module working at Kernel level. Thus, once virus signature is regconized, antivirus software will easily remove it from the system, but windows directory still can not be normally  accsessed. If you encounter this situation, you can use this tool to bring your system back to normal operation.

Download fix tool

CanhDK

Malware Researcher

Leave a Reply

Name (required)
Mail (hidden) (required)
Website
Text to Identify
Reload-Capcha
CAPTCHA Code *

Popup Date Time Portlet

Blogs Aggregator

Blog Category Portlet

Categories

Store Portlet

Archives

Vote Baby Portlet