The Latest in IT Security

Challenging message to antivirus softwares

03
Aug
2011

Recently our HoneyPot has collected a virus sample which sends challenging message to any antivirus software.

“[Sab0tagE] : The Next Level
Your computer has been SABOTAGEd.
Where is your AntiVirus when you need one?
You talk of times of peace for all,
And then prepare for war.
Remember! Even you win the rat race, you are still a rat!
Silver FoX – Lampung Underground”

Once the system is infected with this kind of virus (it is detected as W32. DownloadWinsLnr.Trojan by Bkav), Windows directory will be locked. Users cannot access this folder any more, and even antivirus software cannot detect the hidden virus if set in User mode.

Actually, the technique which DownloadWinsLnr uses is quite simple. It only needs to set permisison on Windows directory, denying all accesses to this directory, which allows the virus to perform all the above actions.

However, the virus creator, while giving such challenging messages, cannot anticipate that Kernel mode is not controlled by permission setting. And most of high-profile antivirus softwares have a module working at Kernel level. Thus, once virus signature is regconized, antivirus software will easily remove it from the system, but windows directory still can not be normally accsessed. If you encounter this situation, you can use this tool to bring your system back to normal operation.

Download fix tool

CanhDK

Malware Researcher

Leave a reply


Categories

SATURDAY, OCTOBER 31, 2020
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments