SDA wrote:
We are looking at an abnormal program named "winsupdater.exe" and we are
having trouble installing antispyware software on the infected computers,
and the antivirus is not detecting the malware.
We were able to disable it manual trough regedit, were it leaves a key entry
in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run named
"Microsoft Window Updater", but anyone knows if this is a new virus or
spyware?
Filenames are all but totally useless for diagnosing malware, spyware
_AND_ the normal operation of a system.
If you suspect the file may be some (new) undesirable thing, send
copies to your preferred antivirus (and possibly other "security")
product developers asking them for an analysis and to add detection and
removal if it turns out that it really is "undesirable" by their
standard.
To save you looking them up, here are the suspect file submission
addresses for the better known antivirus engine developers:
Authentium (Command Antivirus) <virus@authentium.com>
Computer Associates (US) <virus@ca.com>
Computer Associates (Vet/EZ) <ipevirus@vet.com.au>
DialogueScience (Dr. Web) <Antivir@dials.ru>
Eset (NOD32) <sample@nod32.com>
F-Secure Corp. <vsamples@f-secure.com>
Frisk Software (F-PROT) <viruslab@f-prot.com>
Grisoft (AVG) <virus@grisoft.cz>
H+BEDV (AntiVir, Vexira engine) <virus@antivir.de>
Kaspersky Labs <newvirus@kaspersky.com>
Network Associates (McAfee) <virus_research@nai.com>
(use a ZIP file with the password 'infected' without the quotes)
Norman (NVC) <analysis@norman.no>
Panda Software <labs@pandasoftware.com>
Sophos Plc. <samples@sophos.com>
Symantec (Norton) <avsubmit@symantec.com>
Trend Micro (PC-cillin) <virus_doctor@trendmicro.com>
(Trend may only accept files from users of its products)
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3267092
