A few days ago I noticed that if I leave the system in standby hours, the antivirus (Kaspersky 6.0) detects something like this:
riskware not-a-virus: Monitor.Win32.Ardamax.24 File: C: WINDOWSsystem32SysExplorer.006
Process (PID 3356) tried to access Kaspersky Anti-Virus 6.0 process (PID 1492), BUT It has been blocked. This is Self-Defense monitoring, and you do not Need to do anything.
I am interested in this Ardamax and found something about it on the website BitDefender which is presented as a small virus spread and ... low risk .
Discovered: 2006 May 09
What I understand by BitDefender as "low risk" for him rated so I can not really understand, because Ardamax is a Trojan / Keylogger that hides pretty well in making the system capture passwords (ICQ Pro, Skype, Windows Messenger, Google Talk, Yahoo Messenger, Miranda, QIP, etc). Used successfully C: Windowssystem32svhost.exe to access a protocol for sending data from the computer to the outside. Enough for me to give him enough attention.
Is the creation of a novel virus and is usually sent through a link in email:
"Hello ionut Here I have set the program that all I said ... I give you and IPs to be there alone put them on the net when you go .. look me up! http:// [REMOVED] / vladutz2006 / client.zip "
Summit was that I got a virus antivirus archive downloaded from a torrent. Ingenious way to put a virus. Who did that who was convinced that anti-virus download an archive or not protected at all times has av. weak.
H:Key Kaspersky.Antivirus.2006.v220.127.116.113.Incl [11-Oct-2006]. RarelyKey Kaspersky.Antivirus.2006.v18.104.22.1683.Incl [11-Oct-2006]Install.exe
For those "interested" archives viruses found and now: dosc.torrents.ro and www.demonoid.com.