The other day I noticed that if I leave the system on standby a few hours, the antivirus (Kaspersky 6.0) detects something like this:
riskware not-a-virus:Monitor.Win32.Ardamax.24 File: C:WINDOWSsystem32SysExplorer.006
After which …
Process (PID 3356) tried to access Kaspersky Anti-Virus 6.0 process (PID 1492), BUT It has been blocked. This is Self-Defense monitoring, and you do not Need to do anything.
I am interested in this Ardamax and found something about it on the website BitDefender where it is presented as a low-spread virus and… of low risk .
Propagation: Mica
Discovered: 2006 May 09
Risk: Small
Size: 413 k
What the people at BitDefender mean by "low risk" of classifying it so I can't really understand, because Ardamax is a Trojan / Keylogger which hides quite well in the system while doing capture passwords (ICQ Pro, Skype, Windows Messenger, Google Talk, Yahoo Messenger, Miranda, QiP, etc). Use C successfully:Windowssystem32svhost.exe to access a protocol for sending data from the computer to the outside. Enough for me to pay enough attention to it.
Is the creation of a novel virus and is usually sent through a link in email:
"Hello ionut, here I put a program that I kept telling you about… I'll give you the IPs you have to put there, we'll talk on the net when you come in ... look for me http: // [REMOVED] /vladutz2006/client.zip “
Summit was that I got a virus antivirus archive downloaded from a torrent. Ingenious way to put a virus. Who did that who was convinced that anti-virus download an archive or not protected at all times has av. weak.
H:Key Kaspersky.Antivirus.2006.v6.0.0.303.Incl [11-Oct-2006]. RarelyKey Kaspersky.Antivirus.2006.v6.0.0.303.Incl [11-Oct-2006]Install.exe
For those "interested" the virus archives can still be found on: dosc.torrents.ro and www.demonoid.com.
