How to report a new Virus
Say for arguments sake, you reblog an article in support of Edward Snowden, and then 2 days later you get a cross platform virus. What would your suspicions be?
If you were ever to encounter a new virus, whom would you contact?
If you have a firmware or virus that survives with all hard drives removed, and is CROSS PLATFORM virus (yeah, that surprised me too) then report your virus to Kaspersky Labs:
3. Email Kaspersky at
So what was the first thing that happened?
I was surprised to find a cross platform virus, that survives multiple Linux and Windows installs.
It creates a secret X drive in Windows, with a windows 32 folder that you can’t delete. It even has public and photos in it – isn’t that cute.
It will remove the English keyboard option on a Windows 7 install. (This is just one of its random variations).
It opens browsers to Google and Microsoft, as well as Windows help menu and searches for 13, 133. Often with 5 browsers opening at a time, along with help files and windows search.
Most Linux distro’s hang. You get to watch leetspeak instead of a login prompt.
The Trinity rescue disk does boot – and reports some of what the virus does in Linux.
It also blocks keyboard usage, when in some text only environments. Which seems to link in with the lack of an English keyboard option when installing Windows 7.
It is not detected by any malware removal programmes (apart from ClamAV) so far. I’ll keep testing and see where we get.
6. Hiren’s Boot CD
Indications that you’re looking at something special
- Cross Platform infections (Linux and Windows)
- Infects even when all hard drives are removed
- Infects even when run on Live CD (eg Tails, Trinity) and operating just in RAM.
- Persistence – even without a hard drive.
I know that cross platform viruses are rare.
This is persistent… without any drives attached…
Guess my “Vote Snowden for President” motto may have done it.
Anyway, above are the contact details for new and interesting viruses, rootkits, bootkits and “Vote for Snowden” blogs.
Update, Hiren’s – Trinity and Ultimate CD all failed. All versions of linux were affected.
- Remove battery
- Remove power cord
- Remove physical RAM Memory – leave it out for 10 minutes to lose all settings.
- Replace with a new clean SSD.
- Insert RAM.
- Power on and Reinstall the Windows OS.
Suddenly she works again! Hirens and Trinity all work.
Memory persistence injected from the SSD. So even if you changed to a LIVE CD, the CMOS/ RAM held the malware as persistent infection. The critical step here is to remove the RAM from the laptop for 10 minutes – that is the critical step.
WOW, nice piece of malware coding. However, all hardware needs electricity. So by removing the CMOS, power and RAM – it powered off and lost its coding. No AV out there could detect the malware on the SSD (and I’ve run them all over the last week).
So guess it’s use a new SSD for now, until AV catches up with the malware.