Hello,

Recently I found some malware on my computer (with Windows XP sp3), undetected by any scanner I use. I have collected all information I could find on this webpage: [Edit: Link removed as the webpage contains a zipped virus file] with a description how I removed it.

Does anyone know more about this malware? What does it do and where does it come from?

Regards, Hanno.

(http://www.infoprac.nl/malware)

Hello hanno,

The FAQ for this forum. :)

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Infected Files. How To Submit. (http://forums.spybot.info/showthread.php?t=1699)

Best regards.

Hello tashi,

Many thanks for your fast reply.

I had read the instructions for submission, but didn't think they were appropiate for my message. After detection of the malware i have cleaned my computer as far as I could. There was no other option, I simply have to use my computer in a safe way. I have even thrown away the account in which the malware was active (it was bound to this account). All information I have is contained in the webpage I gave you and which you removed.

About publishing the virus file I had some hesitations, but I don't think it is in any way dangerous. Malware is only dangerous if it installs itself unattended. And no one has any advantange of this malware without a way to install it on some computer and rederecting the information it sends to his own computer. And perhaps the webpage contains some information useful for other people.

Best regards, Hanno

Hello hanno,

All information I have is contained in the webpage I gave you and which you removed.
I kept the URL in case our detectives wanted to take a look. :)


About publishing the virus file I had some hesitations, but I don't think it is in any way dangerous. Malware is only dangerous if it installs itself unattended. And no one has any advantange of this malware without a way to install it on some computer and rederecting the information it sends to his own computer. And perhaps the webpage contains some information useful for other people.


Some users are inquisitive. ;)

In the forum's sticky we have these guidelines.
If someone posts malware removal instructions in their own topic, "this worked for me", it will be removed, possibly without notice. Just so you know. :)
Please do not attach or link to infected files/URLS, if an analyst requests files s/he will give you a link to upload them.Members with infected computers post in this forum to be assisted by trained volunteer analysts so it isn't really the place for what you had in mind.

Best regards. :)

Hello tashi,

Again thanks for your fast reply.

For your information: I have also sent the data to Avira Antivir. They have classified the malware, disguised as "chkntfs.exe", as a Trojan and named it "TR/Spy.Carberp.EG". it will be soon added to their virus definition file with one of the next updates.

And sorry for posting this here where it not belongs. I thought it however of interest for you and could not find another suitable thread in this forum.

Best regards, Hanno.

For your information: I have also sent the data to Avira Antivir. They have classified the malware, disguised as "chkntfs.exe", as a Trojan and named it "TR/Spy.Carberp.EG". it will be soon added to their virus definition file with one of the next updates.

Good work. :bigthumb: