Hi,
One of the computers in my office got infected by Trojan:WinNT/Necurs. It installed a rootkit.
Hidden service: 501fe1599aea8c1.sys
File location C:\WINDOWS\System32\Drivers\501fe1599aea8c1.sys
As if that wasn’t bad enough, the virus also installed a fake anti virus product called Advanced PC Shield 2012, here’s what it looks like http://deletemalware.blogspot.com/2011/09/remove-advanced-pc-shield-2012.html
Comodo Antivirus didn’t detect this malware. Malwarebytes and some other tools won’t even run. TDSSKiller found suspicious service but was unable to cure it. I managed to find the dropper. The malicious system files was locked, however, I was able to make a copy of it using GMER. I don’t know how to send those files to you guys, so I attached them here. Archive password = infected
Please update your antivirus software. I do not want to run into this again. Thanks!!!
mod edit: removed malware file and submitted to comodo, thanks.
