Hi Guys
Few days ago i manually detected a threat in my system (i’m a bit of an expert at manual threat detection)…
i was able to disable the threat in the form of a “system32.exe” file residing in user/temp folders… and was set to run automatically on start up…
I was able to figure out where i got this, the threat was embedded in a certain software’s installer (Cracked ← yes i know… spare me me lessons on cracked stuff pls, but let’s stay in point )
Anyway i ran my virtual machine and monitored how this thing works… to name a few, it creates lots of registry entries, changes lots too, sets itself to autorun,disables task manager, as well as registry editor, etc etc… While I was not able to detect any outgoing connections from it, it was certainly doing something as it’s constantly munching about 10% on each CPU core (i have a quad)…
Here’s the weird part…
I ran this thru several AV programs, it was clean!
I ran it through virustotal, 0/43 = clean!
http://www.virustotal.com/file-scan/report.html?id=291a31be2b1f6e29167028058ad66a0b95e850de9d58f797597f11c3f5871870-1292314514
i ran it through comodo’s CAMAS, it wasnt able to detect any “suspicious” activities , not even registry values created etc (does camas actually work?), heck i was even able to detect it created a file “cccleaner.exe” in mydocuments folder, as a copy of itself mascarading as CCCLeaner
http://camas.comodo.com/cgi-bin/submit?file=291a31be2b1f6e29167028058ad66a0b95e850de9d58f797597f11c3f5871870
So question is, what’s this? a very new virus? not even the post paranoid HID settings can detect?
if you guys would like to take a wack at this file, you can get it from here (attached)
Thoughts on this would be much appreciated…
PS
I’m back w/ a fresh formatted system… this thing changed so much in my system, it’s a nightmware to change everything back … …
Attachment removed by Moderator please do not attach possible malware on the forum
-sorry for the attachments… umm link ok? for other interesed parties to look into this? i can upload somewhere