Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


New, In The Wild, Highly Destructive

  • Please log in to reply
1 reply to this topic

#1 Diable


  • Members
  • 1 posts
  • Local time:12:31 AM

Posted 31 July 2008 - 08:58 AM

I am a technician for a nationwide, onsite system support & repair company and encountered this yesterday at a customer site. Following is a copy of what I already advised the other Techs, Kaspersky Labs, & Avert.

Iím advising everyone that today I encountered a new, in the wild, virus that is incredibly destructive. It is known to get past Symantec & Norton AV products, Iím unsure as to how others may fare against it as weíll never know who getís it, and who doesnít unless they have another PC available to them.

This what the client described to me:

ďThere was a window that popped up stating I was infected with lots of bad viruses, it wasnít from my Symantec Antivirus, it was different. Before I could close the window, or click on the buttons I started getting all kinds of popups from Internet Explorer, which I never had a problem with before. As I tried to close the popup windows, and the one telling me I was infected.. the computer rebooted and came up with this blue screenĒ

What I found:

The blue screen was reporting ďUNMOUNTABLE_BOOT_FILESYSTEMĒ. I tried every disk & tool in my arsenal and anything that was Windows XP based did not even see the hardware disk anymore. A Vista based recovery disk did see the hardware, and it did show a partition, however it threw quite a few read errors when trying to read the files on the partition. Open SUSE 11.0 also saw the hardware, and the partition. When I tried to mount it via the partition manager it reported that the volume was damaged and refused to mount it. I forced a mount with an ntfs file system and I was able to see the folders & files on the volume. Due to the damage to the file system I was unable to even try to find what, if any, files had been added recently so I was unable to get a sample of it to send to Kaspersky or Avert.

I booted the system recovery disk, thinking to do a re-format & re-install, and it did not see the disk stating there was no hard disk to install onto. IOW, the disk was hosed beyond repair (unless you wanted it reformatted for use by Linux)

I have reported it to Kaspersky labs and they are actively researching it. Itís real, itís out there, and itís horrendously nasty & destructive.

BC AdBot (Login to Remove)


#2 Galadriel


    Bleepin Elf

  • Malware Response Team
  • 2,755 posts
  • Gender:Female
  • Location:Missouri, USA
  • Local time:10:31 PM

Posted 31 July 2008 - 03:01 PM

Not to put a damper on this news or anything... but has this been verified? It could very well be that the infection just happened to access part of the disk that was already damaged... Unless there are repeat experiences, this cannot be taken as is. A lot of the info provided in this post, we deal with every day here. The aspect that's somewhat different, is the subsequent HDD failure. Whether or not this was caused by the malware, is yet to be determined, and people shouldn't jump to conclusions too hastily. There are many reasons why a disk just dies. And it appears as though this one might just have reached the end of its useful life.

Hope this puts things in perspective here.

It is known to get past Symantec & Norton AV products,

Is there anything that doesn't? :thumbsup:
I cemna prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel
'The avatar is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'

Phear teh ceiling cat, for he is roofkittehd! - Basement Cat

I'm a Bleeping Folder, are you? - Join BC in the fight against diseases - Click here
Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users