locked
Win32/VMalum CK2K RRS feed

  • Question

  •  

    Hi All,

     

    Thanks to a collegue with an USB Stick I received a virus with an autorun.inf file which tries to open taskmon.exe

    On Vista you get an question if you want to open it, so I thought I wasn't infected.

    Onecare couldn't find a virus so I thought I wasn't infected thanks to Vista.

     

    Suddenly I received a lot of Spam from the maildelevery service and stuff like that in my hotmail mailbox, so I wasn't so sure I wasn't infected.

     

    So after some problems with the USB-Stick, I plugged my usb stick (the infected one) in my XP machine with Etrust Antivirus. He told me right-a-way that I was infected with the Win32/Vmalum virus. Directly deleted the autorun.inf (again did this already on Vista) and the Taskmon.exe was already here (Vista couldn't find it, even if hidden files etc was enabled)

     

    Now I'm not so sure I'm safe with onecare !!

     

     

     

     

    Wednesday, May 14, 2008 11:03 AM

Answers

  •  Paul-NL wrote:

    << SNIP >>

     

    So after some problems with the USB-Stick, I plugged my usb stick (the infected one) in my XP machine with Etrust Antivirus. He told me right-a-way that I was infected with the Win32/Vmalum virus. Directly deleted the autorun.inf (again did this already on Vista) and the Taskmon.exe was already here (Vista couldn't find it, even if hidden files etc was enabled)

     

    The notification you received from CA eTrust is a generic "might be a virus" detection using heuristic techniques that may not be accurate, The only way to be certain is to submit the affected files for examination as CA suggested in their description.

     

    Win32/Malum (or Win32/VMalum) may be reported when eTrust Antivirus uses advanced techniques to generically detect a worm or trojan that affects the Win32 platform.

    http://ca.com/securityadvisor/virusinfo/virus.aspx?id=41829

     

    Though it's possible that this is a new type of infection that neither CA nor OneCare have yet included in their signature based detections, it's just as possible it's a "false positive" or bad detection.

     

    OneCareBear

     

    < EDIT >

    I see that Monty beat me to the punch with the link for the MS Anti-Malware submission Portal. That's great because these forums are being painfully flaky today.

    Wednesday, May 14, 2008 6:21 PM
    Moderator

All replies

  • Hey Paul

     

     

    Can you go to  www.microsoft.com/security/portal and submit the file(autorun.inf)(its quite simple process and it takes just uploading the files).

    1. Goto www.microsoft.com/security/portal

    2. Click on "Submit a Sample"

    3. Fill in all the fields

    4. After submitting sample it wil generate the submissionID. Can you email me that so that I can follow up. You can mail me at montyj@microsoft.com

    Please let me know if you face any problem and I will be more than happy to help you out.

     

    Monty Jain[MSFT] montyj@microsoft.com

     

     

    Wednesday, May 14, 2008 6:11 PM
  •  Paul-NL wrote:

    << SNIP >>

     

    So after some problems with the USB-Stick, I plugged my usb stick (the infected one) in my XP machine with Etrust Antivirus. He told me right-a-way that I was infected with the Win32/Vmalum virus. Directly deleted the autorun.inf (again did this already on Vista) and the Taskmon.exe was already here (Vista couldn't find it, even if hidden files etc was enabled)

     

    The notification you received from CA eTrust is a generic "might be a virus" detection using heuristic techniques that may not be accurate, The only way to be certain is to submit the affected files for examination as CA suggested in their description.

     

    Win32/Malum (or Win32/VMalum) may be reported when eTrust Antivirus uses advanced techniques to generically detect a worm or trojan that affects the Win32 platform.

    http://ca.com/securityadvisor/virusinfo/virus.aspx?id=41829

     

    Though it's possible that this is a new type of infection that neither CA nor OneCare have yet included in their signature based detections, it's just as possible it's a "false positive" or bad detection.

     

    OneCareBear

     

    < EDIT >

    I see that Monty beat me to the punch with the link for the MS Anti-Malware submission Portal. That's great because these forums are being painfully flaky today.

    Wednesday, May 14, 2008 6:21 PM
    Moderator