Results 1 to 2 of 2

Thread: Re: Badboys or one foot in the door

Hybrid View

  1. 12-08-2006, 01:25 PM #1
    David H. Lipman Guest

    Re: Badboys or one foot in the door

    From: "Far Canal" <me@privacy.net>

    |
    | http://************/y94zrt
    |
    | "Two antispyware watchdogs are urging federal regulators to take action
    | against a music search Web site that they say is a front for malicious
    | software."
    |
    | Another example of Americans believing they own the Interweb.
    |

    Oh boy....

    Complete scanning result of "Fastmp3_Setup.exe", processed in VirusTotal at 12/08/2006
    19:35:43 (CET).

    [ file data ]
    * name: Fastmp3_Setup.exe
    * size: 14848
    * md5.: bd8f20bdcf001cf4d9c2db959a62ff0c
    * sha1: c98a1bc41a85d1c0d5044128cea59ec10872cded

    [ scan result ]
    AntiVir 7.2.0.49/20061208 found nothing
    Authentium 4.93.8/20061207 found nothing
    Avast 4.7.892.0/20061208 found nothing
    AVG 386/20061208 found nothing
    BitDefender 7.2/20061208 found [BehavesLike:Trojan.Downloader]
    CAT-QuickHeal 8.00/20061208 found nothing
    ClamAV devel-20060426/20061208 found nothing
    DrWeb 4.33/20061208 found [DLOADER.Trojan]
    eSafe 7.0.14.0/20061207 found nothing
    eTrust-InoculateIT 23.73.80/20061208 found nothing
    eTrust-Vet 30.3.3238/20061208 found nothing
    Ewido 4.0/20061208 found nothing
    F-Prot 3.16f/20061207 found nothing
    F-Prot4 4.2.1.29/20061207 found nothing
    Fortinet 2.82.0.0/20061208 found [suspicious]
    Ikarus T3.1.0.26/20061207 found nothing
    Kaspersky 4.0.2.24/20061208 found nothing
    McAfee 4914/20061208 found nothing
    Microsoft 1.1804/20061208 found nothing
    NOD32v2 1911/20061208 found [probably unknown NewHeur_PE virus]
    Norman 5.80.02/20061208 found [W32/Downloader]
    Panda 9.0.0.4/20061208 found [Suspicious file]
    Prevx1 V2/20061208 found nothing
    Sophos 4.12.0/20061208 found [Troj/Mondo-Gen]
    Sunbelt 2.2.907.0/20061130 found nothing
    TheHacker 6.0.3.130/20061206 found nothing
    UNA 1.83/20061208 found nothing
    VBA32 3.11.1/20061208 found [suspected of Trojan.Agent.79 (paranoid heuristics)]
    VirusBuster 4.3.15:9/20061208 found nothing

    [ notes ]
    norman sandbox: [ General information ]
    * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT
    IT (E.G. ZIP WITH PASSWORD)**.
    * File length: 14848 bytes.

    [ Changes to filesystem ]
    * Creates file C:\WINDOWS\SYSTEM32\2.exe.

    [ Network services ]
    * Downloads file from http://www.fastmp3search.com.ar/1.exe as
    C:\WINDOWS\SYSTEM32\2.exe.

    [ Security issues ]
    * Starting downloaded file - potential security problem.

    [ Process/window information ]
    * Attemps to Open C:\WINDOWS\SYSTEM32\2.exe C:\WINDOWS\SYSTEM32\.
    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm


    Reply With Quote Reply With Quote
  2. 12-08-2006, 05:14 PM #2
    David H. Lipman Guest

    Re: Badboys or one foot in the door

    From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>


    I apologize to this groups members for NOT obfuscating the URL in the Norman Sand Box part
    of the above report.

    Complete scanning result of "1.exe", processed in VirusTotal at 12/08/2006 23:13:21 (CET).

    [ file data ]
    * name: 1.exe
    * size: 82944
    * md5.: 117a29af978a980ce67ef261fb9e637b
    * sha1: 5f58fffc47e3de6cd89440c588a0b9b569a150e5

    [ scan result ]
    AntiVir 7.2.0.49/20061208 found nothing
    Authentium 4.93.8/20061208 found nothing
    Avast 4.7.892.0/20061208 found nothing
    AVG 386/20061208 found nothing
    BitDefender 7.2/20061208 found [Trojan.Downloader.Mondo.H]
    CAT-QuickHeal 8.00/20061208 found nothing
    ClamAV devel-20060426/20061208 found [Trojan.Downloader-92]
    DrWeb 4.33/20061208 found [Trojan.DownLoader.15706]
    eSafe 7.0.14.0/20061207 found nothing
    eTrust-InoculateIT 23.73.80/20061208 found nothing
    eTrust-Vet 30.3.3238/20061208 found nothing
    Ewido 4.0/20061208 found nothing
    F-Prot 3.16f/20061208 found nothing
    F-Prot4 4.2.1.29/20061207 found nothing
    Fortinet 2.82.0.0/20061208 found [Mondo!tr]
    Ikarus T3.1.0.26/20061207 found [Trojan.Win32.Agent.um]
    Kaspersky 4.0.2.24/20061208 found [Backdoor.Win32.Small.ml]
    McAfee 4914/20061208 found nothing
    Microsoft 1.1804/20061208 found nothing
    NOD32v2 1911/20061208 found [Win32/Agent.UY]
    Norman 5.80.02/20061208 found nothing
    Panda 9.0.0.4/20061208 found [Suspicious file]
    Prevx1 V2/20061208 found nothing
    Sophos 4.12.0/20061208 found [Troj/Mondo-Gen]
    Sunbelt 2.2.907.0/20061130 found nothing
    TheHacker 6.0.3.130/20061206 found nothing
    UNA 1.83/20061208 found nothing
    VBA32 3.11.1/20061208 found [suspected of Trojan-Downloader.IstBar.15]
    VirusBuster 4.3.15:9/20061208 found nothing

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm


    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules