Hi!

We just discovered the ADvAPI Trojan/Virus on a remote server I've been working on and traced it back to binary file downloads from a vendor we're working with. AdvApi was then used to remotely hack into our system. I have done similar binary download activities from my workstation, and have Kapersky Internet Security 7.0 installed on it.

I wasn't able to find anything related to this virus on your forum or help info. Does the current Kaperskyproduct installed on my workstation protect against this threat? What procedure can I perform to verify that this potential threat is managed?

With Appreciation,
Neo99

Some Googling and a check on viruslist.com (Kaspersky's encyclopedia listing each virus they detect, with details on most) reveals advapi.exe and related malware to be part of a backdoor (which is how you were hacked) called Netdevil. Neither "advapi" nor "netdevil" return results on viruslist.com, so it doesn't appear Kaspersky detects this as of yet. You can read more about it on Symantec's website, though; search for "netdevil".

EDIT: A bit more searching reveals that Kaspersky does indeed detect it but there are no details on it. Oddly, I couldn't get it to show up in a search from the main page.

If you still have a copy of advapi.exe on any of your systems, you can put it in a password-protected archive like ZIP or RAR with password "infected" (without quotes) and send it to newvirus@kaspersky.com as an attachment for analysis, along with a little note about why you're sending it in and the password.