Mysterious New Virus / Spyware / Grayware

Strange but true,

Yesterday I happen to identify a new virus / spyware / grayware that is interestingly a mysterious stuff.  I suddenly suspected something fishy on my machine and the initial diagonosis using Trend Micro revealed Nothing.  I restarted my machine and there while the processes were being started saw a new process – “Beast.Exe” being initiated.

Tried looking for beast.exe in the location where the process was getting triggered for, result – Nill.

Trend Micro, Symantec and McAfee, seemingly the leading AV don’t have any signatures for it.  Interesting isn’t that?

Well the steps followed then were – 

1. Used sysinternals Process Explorer to identify the processes running – Beast.exe was indeed running
2. Location of Beast.exe was confirmed to be – C:DATAFILES, the entire tree being Hidden Directory and with misleading Folder Icons.
3. Beast.Exe not visible at the Location, though is present and to unveil that I used – Simple File Shredder that I use to wipe the data (that was not a smart move, that was interestingly accidental discovery)
4. Killed the Process using sysinternals Process Explorer 
5. Wiped the traces of Beast.exe from the reported folder using Simple File Shredder.

Symptoms and impacts are something that I didn’t actually make note of, but a slight research on goolgle reveals that the it impacts the Microsoft Office Files and corrupts them.  Though I was working on some Excel Sheets when the incident happened, luckily they were opened from Outlook and were residing in the “temp” folder.

As stated above, it was interesting to not find any definition from the three leading AV product companies.

Comments

  1. Kevin

    Hi Mayank..read the post and wondering if you have heard of this AV which is much better than Symtc, Mcfe, etc etc any day.

    Try out antivir.com for few days and without words you will notice the difference. Its Avira antivir. Free personal / home edition while professional for 30 days.

    I have been trying this since long and never came across any malware. Just a piece of recomm.

Comments are closed.