Re: Badboys or one foot in the door

David H. Lipman · 12-08-2006, 01:25 PM

From: "Far Canal" <me@privacy.net>

|
| http://************/y94zrt
|
| "Two antispyware watchdogs are urging federal regulators to take action
| against a music search Web site that they say is a front for malicious
| software."
|
| Another example of Americans believing they own the Interweb.
|

Oh boy....

Complete scanning result of "Fastmp3_Setup.exe", processed in VirusTotal at 12/08/2006
19:35:43 (CET).

[ file data ]
* name: Fastmp3_Setup.exe
* size: 14848
* md5.: bd8f20bdcf001cf4d9c2db959a62ff0c
* sha1: c98a1bc41a85d1c0d5044128cea59ec10872cded

[ scan result ]
AntiVir 7.2.0.49/20061208 found nothing
Authentium 4.93.8/20061207 found nothing
Avast 4.7.892.0/20061208 found nothing
AVG 386/20061208 found nothing
BitDefender 7.2/20061208 found [BehavesLike:Trojan.Downloader]
CAT-QuickHeal 8.00/20061208 found nothing
ClamAV devel-20060426/20061208 found nothing
DrWeb 4.33/20061208 found [DLOADER.Trojan]
eSafe 7.0.14.0/20061207 found nothing
eTrust-InoculateIT 23.73.80/20061208 found nothing
eTrust-Vet 30.3.3238/20061208 found nothing
Ewido 4.0/20061208 found nothing
F-Prot 3.16f/20061207 found nothing
F-Prot4 4.2.1.29/20061207 found nothing
Fortinet 2.82.0.0/20061208 found [suspicious]
Ikarus T3.1.0.26/20061207 found nothing
Kaspersky 4.0.2.24/20061208 found nothing
McAfee 4914/20061208 found nothing
Microsoft 1.1804/20061208 found nothing
NOD32v2 1911/20061208 found [probably unknown NewHeur_PE virus]
Norman 5.80.02/20061208 found [W32/Downloader]
Panda 9.0.0.4/20061208 found [Suspicious file]
Prevx1 V2/20061208 found nothing
Sophos 4.12.0/20061208 found [Troj/Mondo-Gen]
Sunbelt 2.2.907.0/20061130 found nothing
TheHacker 6.0.3.130/20061206 found nothing
UNA 1.83/20061208 found nothing
VBA32 3.11.1/20061208 found [suspected of Trojan.Agent.79 (paranoid heuristics)]
VirusBuster 4.3.15:9/20061208 found nothing

[ notes ]
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT
IT (E.G. ZIP WITH PASSWORD)**.
* File length: 14848 bytes.

[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM32\2.exe.

[ Network services ]
* Downloads file from http://www.fastmp3search.com.ar/1.exe as
C:\WINDOWS\SYSTEM32\2.exe.

[ Security issues ]
* Starting downloaded file - potential security problem.

[ Process/window information ]
* Attemps to Open C:\WINDOWS\SYSTEM32\2.exe C:\WINDOWS\SYSTEM32\.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Thread: Re: Badboys or one foot in the door

Thread Tools

Display

Threaded View

Re: Badboys or one foot in the door

Thread Information

Users Browsing this Thread

Posting Permissions