This virus is associated with a program i installed called FOLDER LOCK

heres the story

i was doing my normal daily scan with with BITDEFENDER when it discovered this

sccfg.sys

IT WAS UNABLe TO DELETE IT

clamwin doesnt even detect it

however i was able to rename it(using BD)

it disabled EVERYTHING

no tray icons, no programs can be accessed(except fire fox?)

so i did some research and uploaded it to virustotal.com

nothing detected it

then i did some more research and discovered THAT THIS IS A RECENT VIRUS, and was associated with FOLDER LOCK

but since BD already made it visible by renaming it , i simply DELETED it(couldn't access shredder)

THIS IS PRETTY DANGEROUS AND HARD TO FIND BECAUSE EVEN BITDEFENDER TOTAL 2009 could NOT DETECT IT

pardon for the double posting (sorry)

but i couldn't submit this to clamwin. i already deleted the virus.

IF anyone is BRAVE enough to download folder lock and get the virus themselves(which the virus is barely recognized by ANY anti virus at this time, except BD)
please report this.

*note

i think i might have triggered the rootkit/virus by renaming it. but 100% it is a virus no doubt. It was probably set to go off on a certain time but i must have triggered it by renaming it.

Antivirus software that doesn't detect files submitted to Jotti and VirusTotal will get a copy from the service. This might take a few days, however, so it's always faster to submit a file containing malware directly to an antivirus company.

It's unlikely you did anything wrong by renaming the virus. In fact, that's usually the best way to kill a virus that isn't detected by your antivirus software--if you can identify the virus file (which will probably be a new file or one with a strange name). The problem is, sometimes there are other files dropped on your computer with the virus, and they will reinfect the computer if the original virus file is deleted. This doesn't happen with every virus, but it is becoming more common.

F-Secure's Blacklight antiroot kit renames every rootkit file it finds, and then posts it in its log, so you can go to the location of the renamed file and delete it from your computer.

Regards,

it doesnt seem like it. Computers back to normal now. THIS root kit is smart! it disables you from launching applications even though they might be running in the background. BD already renamed the rootkit a night before, and now it disabled everything except firefox!

But i solved the problem. no other viruses were detected.

*also

cureit! seems to expire sometime in december! that means its not completely free. while scanning with cureit, look at "about" in the tabs and youll see it.




UPDATE: now i have read about the possiblity that this sccfg.sys file is actually nessesary for folder lock to run properly. This means it is harmless? I really need someone to analyze the file

UPDATE#2:http://www.threatexpert.com/files/sccfg.sys.html question solved. sorry about the waste of time.

ThreatExpert is a great place to upload a file for analysis. They can't handle very much except standard executable files, however.

It would be a shame if Dr. Web drops their free version of Cureit, but I can understand they might not want to give it away for free forever. They are a commercial company and have to make a profit. It's a great cleaner, however, and it would be hard to find another one that is so simple, small, comprehensive, and good. I guess we'll see what happens come December. Norman's Free malware cleaner is also good, but it's large, only updated about once a week, and they recommend you run it in Safe Mode.

Regards,

One last interesting thing. i reinstalled folder lock this time and then Threatfire alerted me. this took me to a link about folder lock and the sccfg.sys file IS part of a malicious group of files that folderlock automatically installed.

I guess this is debatable but for now, its out of my hands.

check out this link http://www.threatexpert.com/report.aspx?uid=e21a14ad-ad09-437f-8a72-90443ebb4dc8 http://www.threatexpert.com/report.aspx?uid=e21a14ad-ad09-437f-8a72-90443ebb4dc8



EDIT: ACTUALLY I FOUND OUT THAT CUREIT! IS FREE

look at this



i guess the expire date is actually the new release date. awesome