http://www.505united.com/photo.php?photo=photo311.jpg
its slows clan with spybot and kaspercay anti virus..
but i dont want to run it??
i hate msn
http://www.505united.com/photo.php?photo=photo311.jpg
its slows clan with spybot and kaspercay anti virus..
but i dont want to run it??
i hate msn
Nutpants wrote:
> hxxp: // www.505united.com/ photo.php?photo=photo311.jpg
>
> its slows clan with spybot and kaspercay anti virus..
>
> but i dont want to run it??
Beware. The above link wants to download 'photo311.exe'
> i hate msn
If you are legitimate, why did you post a link to an executable file?
--
-bts
-Motorcycles defy gravity; cars just suck
> Nutpants wrote:
>
>> hxxp: // www.505united.com/ photo.php?photo=photo311.jpg
>>
>> its slows clan with spybot and kaspercay anti virus..
>>
>> but i dont want to run it??
>
> Beware. The above link wants to download 'photo311.exe'
>
>> i hate msn
>
> If you are legitimate, why did you post a link to an executable file?
>
i got the link from a girl i know and have been talking to on msn( gaim
really) anfd i got 5 of these from here while i was out.. i was hopeing
for pics.. but they are exe's and i dont want to run them.
i am just putting up what i got
and nothing i have found has told me that is is a virus or spyware..
but i really dont think it is a picture as WTF would she send it as a exe
or why would anyone..
i would really like to know what it is..
is there another way to get it checked?
i am on my 5th spyware checking program and all they finds are cookies
and have not reported anything else..
this is my first time in this newsgroup..
if i have dont wrong then i offer an apoligy
Nutpants
From: "Beauregard T. Shagnasty" <a.nony.mous@example.invalid>
| Nutpants wrote:
|
>> hxxp: // www.505united.com/ photo.php?photo=photo311.jpg
>>
>> its slows clan with spybot and kaspercay anti virus..
>>
>> but i dont want to run it??
|
| Beware. The above link wants to download 'photo311.exe'
|
>> i hate msn
|
| If you are legitimate, why did you post a link to an executable file?
|
It is part of a IRC-less BOTnet.
Much like...
hxxp://www.maxmax712.com/ photos.php? photo=photo211.jpg
hxxp://www.sam22.com/ photos.php? photo=photo211.jpg
Note the pattern in the three web sites.
Complete scanning result of "photo331.exe", processed in VirusTotal at 10/08/2006 22:29:11
(CET).
[ file data ]
* name: photo331.exe
* size: 140800
* md5.: cec49f3aeb1fa82dafdfdcc9db9b9222
* sha1: 449d1fe6339ff520103de253e4449d47059b6d83
[ scan result ]
AntiVir 7.2.0.25/20061006 found nothing
Authentium 4.93.8/20061006 found nothing
Avast 4.7.892.0/20061008 found [Win32:Agent-BNP]
AVG 386/20061007 found nothing
BitDefender 7.2/20061008 found nothing
CAT-QuickHeal 8.00/20061007 found [(Suspicious) - DNAScan]
ClamAV devel-20060426/20061008 found nothing
DrWeb 4.33/20061008 found nothing
eTrust-InoculateIT 23.73.16/20061007 found nothing
eTrust-Vet 30.3.3118/20061006 found nothing
Ewido 4.0/20061008 found nothing
F-Prot 3.16f/20061006 found nothing
F-Prot4 4.2.1.29/20061006 found nothing
Fortinet 2.82.0.0/20061008 found nothing
Ikarus 0.2.65.0/20061007 found nothing
Kaspersky 4.0.2.24/20061008 found nothing
McAfee 4868/20061006 found nothing
Microsoft 1.1603 /20061008 found nothing
NOD32v2 1.1794/20061006 found nothing
Norman 5.80.02/20061006 found nothing
Panda 9.0.0.4/20061008 found [Suspicious file]
Sophos 4.10.0/20061005 found nothing
TheHacker 6.0.1.094/20061008 found nothing
UNA 1.83/20061006 found nothing
VBA32 3.11.1/20061008 found nothing
VirusBuster 4.3.7:9/20061008 found nothing
[ notes ]
packers: ASProtect
packers: Aspack
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
From: "Nutpants" <nutpants@no-mail.com>
| i got the link from a girl i know and have been talking to on msn( gaim
| really) anfd i got 5 of these from here while i was out.. i was hopeing
| for pics.. but they are exe's and i dont want to run them.
|
| i am just putting up what i got
| and nothing i have found has told me that is is a virus or spyware..
| but i really dont think it is a picture as WTF would she send it as a exe
| or why would anyone..
|
| i would really like to know what it is..
| is there another way to get it checked?
| i am on my 5th spyware checking program and all they finds are cookies
| and have not reported anything else..
|
| this is my first time in this newsgroup..
| if i have dont wrong then i offer an apoligy
|
| Nutpants
|
Basically the pseudo JPEG is being spammed on MSN Messenger and the like.
The URL is malicious. The code is certainly malicious. It is most likely a new
Backdoor.Licat variant. DO NOT RUN IT/THEM -- delete any/all ASAP.
Whenever posting a possibly malicious URL it is alsways BEST to obfuscate the URL by using
hxxp:// or h**p:// or some other means so the URL is not clickable.
It is stated in this News Group's FAQ in section #7. The FAQ is posted reguarly in this
News Groups and on the following web page... http://shplink.com/misc/FAQ.htm
---
7. Are there any posting restrictions, rules or guidelines?
---
We encourage you not to post HijackThis! logs here. HijackThis! logs
will most likely be ignored. Responses to logs or URLs posted on forums
may come from people with questionable credentials and expertise. The
possibility exists that the combination of such a powerful tool and
dubious advice will damage your system. You will be much safer and wiser
to seek analysis at an (expert) Web Forum that handles HijackThis! logs.
See Appendix 2 for a list.
Also, unless requested, do not post the URL where you suspect you
obtained your adware spyware malware / parasite infection.
Instead, alter the URL in some way so as to make it human-readable but
NOT clickable, such as "h**p://www.removethis.example.c*m".
Why? Unsuspecting or inexperienced lurkers might just click on the URL
and get unwittingly hijacked. Note that this request applies only to
suspect URLs, and is not meant to discourage the posting of information
about possibly rogue web sites. Please DO tell us about them; just do so
safely.
--------------------------------------------------------------------------------
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
In article <Xns985687E791681Nutpantshereorq@198.80.55.250>,
nutpants@no-mail.com says...
> i got the link from a girl i know and have been talking to on msn( gaim
> really) anfd i got 5 of these from here while i was out.. i was hopeing
> for pics.. but they are exe's and i dont want to run them.
>
>
>
This is how guys come down with the clap. So you got it from some girl
on a chat network. It's an old old story.
Do not post direct links to questionable sites or executable files. Yes
we all do dumb stuff sometimes.
--
James E. Morrow
Email to: jamesemorrow@email.com
Nutpants <nutpants@no-mail.com> wrote in
news:Xns9856822B77FBCNutpantshereorq@198.80.55.250 :
> http://www.505united.com/photo.php?photo=photo311.jpg
>
>
> its slows clan with spybot and kaspercay anti virus..
>
> but i dont want to run it??
Complete scanning result of "photo331.zip", processed in VirusTotal at
10/09/2006 00:20:24 (CET).
[ file data ]
* name: photo331.zip
* size: 135019
* md5.: 6d110e566f58d2869ddca7a1afa2de7f
* sha1: a279b420ddce94f5309f7cb4e69aed5323f3aec5
[ scan result ]
AntiVir 7.2.0.25/20061008 found nothing
Authentium 4.93.8/20061006 found nothing
Avast 4.7.892.0/20061008 found [Win32:Agent-BNP]
AVG 386/20061007 found nothing
BitDefender 7.2/20061008 found nothing
CAT-QuickHeal 8.00/20061007 found [(Suspicious) - DNAScan]
ClamAV devel-20060426/20061008 found nothing
DrWeb 4.33/20061008 found nothing
eTrust-InoculateIT 23.73.16/20061007 found nothing
eTrust-Vet 30.3.3118/20061006 found nothing
Ewido 4.0/20061008 found nothing
F-Prot 3.16f/20061006 found nothing
F-Prot4 4.2.1.29/20061006 found nothing
Fortinet 2.82.0.0/20061008 found nothing
Ikarus 0.2.65.0/20061007 found nothing
Kaspersky 4.0.2.24/20061008 found nothing
McAfee 4868/20061006 found nothing
Microsoft 1.1603/20061009 found nothing
NOD32v2 1.1794/20061006 found nothing
Norman 5.80.02/20061006 found nothing
Panda 9.0.0.4/20061008 found [Suspicious file]
Sophos 4.10.0/20061005 found nothing
TheHacker 6.0.1.094/20061008 found nothing
UNA 1.83/20061006 found nothing
VBA32 3.11.1/20061008 found nothing
VirusBuster 4.3.7:9/20061008 found nothing
[ notes ]
packers: ASProtect
packers: Aspack
--
--- A dyslexic man walks into a bra ---
David H. Lipman wrote:
> Avast 4.7.892.0/20061008 found [Win32:Agent-BNP]
I downloaded the original link Nutpants posted (photo311.jpg) and Avast
wouldn't let me, says, as you found, it is:
Win32:Agent-BNP [Trj]
> CAT-QuickHeal 8.00/20061007 found [(Suspicious) - DNAScan]
Amusing that only Avast! and this CAT-Quickheal recognize it. <g>
--
-bts
-Motorcycles defy gravity; cars just suck
From: "Beauregard T. Shagnasty" <a.nony.mous@example.invalid>
| David H. Lipman wrote:
|
>> Avast 4.7.892.0/20061008 found [Win32:Agent-BNP]
|
| I downloaded the original link Nutpants posted (photo311.jpg) and Avast
| wouldn't let me, says, as you found, it is:
| Win32:Agent-BNP [Trj]
|
>> CAT-QuickHeal 8.00/20061007 found [(Suspicious) - DNAScan]
|
| Amusing that only Avast! and this CAT-Quickheal recognize it. <g>
|
It is a new variant of Licat.
I say this because of the past files used in the BOTnet and the packers noted...
packers: ASProtect
packers: Aspack
Example from a previous IRC-less BOTnet site...
Complete scanning result of "photo211.pif", processed in VirusTotal at 10/09/2006 01:09:16
(CET).
[ file data ]
* name: photo211.pif
* size: 138752
* md5.: e1c08eb679817fa4c0a15b9e9c217e88
* sha1: abdcdce2450812213fcd7f61e842a6fdba0f3971
[ scan result ]
AntiVir 7.2.0.25/20061008 found [BDS/Licat.A]
Authentium 4.93.8/20061006 found nothing
Avast 4.7.892.0/20061008 found [Win32:Agent-BNP]
AVG 386/20061007 found nothing
BitDefender 7.2/20061008 found [Backdoor.Licat.A]
CAT-QuickHeal 8.00/20061007 found [(Suspicious) - DNAScan]
ClamAV devel-20060426/20061008 found nothing
DrWeb 4.33/20061008 found [Trojan.DownLoader.13876]
eTrust-InoculateIT 23.73.16/20061007 found nothing
eTrust-Vet 30.3.3118/20061006 found [Win32/Licat.G]
Ewido 4.0/20061008 found [Backdoor.MSNMaker.z]
F-Prot 3.16f/20061006 found nothing
F-Prot4 4.2.1.29/20061006 found nothing
Fortinet 2.82.0.0/20061008 found [W32/Dloader.AB!tr]
Ikarus 0.2.65.0/20061007 found nothing
Kaspersky 4.0.2.24/20061009 found [Backdoor.Win32.MSNMaker.z]
McAfee 4868/20061006 found nothing
Microsoft 1.1603/20061009 found nothing
NOD32v2 1.1794/20061006 found nothing
Norman 5.80.02/20061006 found nothing
Panda 9.0.0.4/20061008 found [Suspicious file]
Sophos 4.10.0/20061005 found nothing
TheHacker 6.0.1.094/20061008 found [Backdoor/MSNMaker.z]
UNA 1.83/20061006 found nothing
VBA32 3.11.1/20061008 found nothing
VirusBuster 4.3.7:9/20061008 found nothing
[ notes ]
packers: ASProtect
packers: Aspack
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
What the hell, download it. The pictures may be porno, and everyone
loves porno! Even for a few viruses.
David H. Lipman wrote:
> From: "Beauregard T. Shagnasty" <a.nony.mous@example.invalid>
>
> | David H. Lipman wrote:
> |
> >> Avast 4.7.892.0/20061008 found [Win32:Agent-BNP]
> |
> | I downloaded the original link Nutpants posted (photo311.jpg) and Avast
> | wouldn't let me, says, as you found, it is:
> | Win32:Agent-BNP [Trj]
> |
> >> CAT-QuickHeal 8.00/20061007 found [(Suspicious) - DNAScan]
> |
> | Amusing that only Avast! and this CAT-Quickheal recognize it. <g>
> |
>
> It is a new variant of Licat.
> I say this because of the past files used in the BOTnet and the packers noted...
>
> packers: ASProtect
> packers: Aspack
>
> Example from a previous IRC-less BOTnet site...
>
> Complete scanning result of "photo211.pif", processed in VirusTotal at 10/09/2006 01:09:16
> (CET).
>
> [ file data ]
> * name: photo211.pif
> * size: 138752
> * md5.: e1c08eb679817fa4c0a15b9e9c217e88
> * sha1: abdcdce2450812213fcd7f61e842a6fdba0f3971
>
> [ scan result ]
> AntiVir 7.2.0.25/20061008 found [BDS/Licat.A]
> Authentium 4.93.8/20061006 found nothing
> Avast 4.7.892.0/20061008 found [Win32:Agent-BNP]
> AVG 386/20061007 found nothing
> BitDefender 7.2/20061008 found [Backdoor.Licat.A]
> CAT-QuickHeal 8.00/20061007 found [(Suspicious) - DNAScan]
> ClamAV devel-20060426/20061008 found nothing
> DrWeb 4.33/20061008 found [Trojan.DownLoader.13876]
> eTrust-InoculateIT 23.73.16/20061007 found nothing
> eTrust-Vet 30.3.3118/20061006 found [Win32/Licat.G]
> Ewido 4.0/20061008 found [Backdoor.MSNMaker.z]
> F-Prot 3.16f/20061006 found nothing
> F-Prot4 4.2.1.29/20061006 found nothing
> Fortinet 2.82.0.0/20061008 found [W32/Dloader.AB!tr]
> Ikarus 0.2.65.0/20061007 found nothing
> Kaspersky 4.0.2.24/20061009 found [Backdoor.Win32.MSNMaker.z]
> McAfee 4868/20061006 found nothing
> Microsoft 1.1603/20061009 found nothing
> NOD32v2 1.1794/20061006 found nothing
> Norman 5.80.02/20061006 found nothing
> Panda 9.0.0.4/20061008 found [Suspicious file]
> Sophos 4.10.0/20061005 found nothing
> TheHacker 6.0.1.094/20061008 found [Backdoor/MSNMaker.z]
> UNA 1.83/20061006 found nothing
> VBA32 3.11.1/20061008 found nothing
> VirusBuster 4.3.7:9/20061008 found nothing
>
> [ notes ]
> packers: ASProtect
> packers: Aspack
>
>
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote