Comments on: Collateral Damage (continued) http://blogs.mcafee.com/mcafee-labs/collateral-damage-continued Tue, 29 Nov 2011 07:51:20 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Jason http://blogs.mcafee.com/mcafee-labs/collateral-damage-continued/comment-page-1#comment-24846 Jason Mon, 10 Aug 2009 03:08:25 +0000 http://www.labs.com/research/blog/?p=2166#comment-24846 We have a malicious program that originates with an autorun.inf and an exe that derives it's name from the user (i.e. Joe User.exe). The autorun also directs to shell32.dll. When infected, it runs the exact Windows Security Alert spoof in your screen shot. To date the only virus scanner I've found to identify it is F-prot, which identifies it as W32/VBTrojan.6!Maximus but doesn't clean it. Do you have something available to eradicate this? I have searched the past two days with no luck. We have a malicious program that originates with an autorun.inf and an exe that derives it’s name from the user (i.e. Joe User.exe). The autorun also directs to shell32.dll. When infected, it runs the exact Windows Security Alert spoof in your screen shot. To date the only virus scanner I’ve found to identify it is F-prot, which identifies it as W32/VBTrojan.6!Maximus but doesn’t clean it.

Do you have something available to eradicate this? I have searched the past two days with no luck.

]]>