"David H. Lipman" <DLipman~nospam~@Verizon.Net> a écrit dans le message de
news:k0f6i.5459$UD2.651@trnddc05...
> From: "philippe" <coustaux-philippe@ns.wanadoo.fr>
>
> | Hi,
> |
> | I get, a program named mmlbbaffed.exe that start at system boot time.
> | This program seat in system32 and seems to manage a file named
> | mmlbbaffed.dat also in system32
> |
> | Both files are invisible to the explorer even when i set all options to
> see
> | everything :-(
> |
> | Does someone has an idea of what & where this program come from. Google
> was
> | not my friend in this case.
> |
> | Regards
>
>
> Please submit a sample of "mmlbbaffed.exe" to Virus Total --
> http://www.virustotal.com/flash/index_en.html
> The submission will then be tested against many different AV vendor's
> scanners.
> That will give you an idea what it is and who recognizes it. In addition,
> unless told
> otherwise, Virus Total will provide the sample to all participating
> vendors.
>
> You can also submit a suspect, one at a time, via the following email
> URL...
> mailto:scan@virustotal.com?subject=SCAN
>
> When you get the report, please post back the exact results.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
Thanks David,
I don't know this service but i submit the file. It's great.
My mmlbbaffed files seems to be not so clean and looks a Navipromo pest.
Here are the results :
Complete scanning result of "mmlbbaffed.exe", processed in VirusTotal at
05/27/2007 17:28:45 (CET).
[ file data ]
* name: mmlbbaffed.exe
* size: 357888
* md5.: 11e0ff65b307373b501a2fe7b5d6eefe
* sha1: b9519ba02ecaf6cd183a8ab04c1c71ac8a79b285
[ scan result ]
AhnLab-V3 2007.5.24.0/20070525 found nothing
AntiVir 7.4.0.27/20070525 found [HEUR/Malware]
Authentium 4.93.8/20070523 found nothing
Avast 4.7.997.0/20070527 found nothing
AVG 7.5.0.467/20070527 found nothing
BitDefender 7.2/20070527 found nothing
CAT-QuickHeal 9.00/20070526 found [(Suspicious) - DNAScan]
ClamAV devel-20070416/20070527 found nothing
DrWeb 4.33/20070526 found nothing
eSafe 7.0.15.0/20070524 found [Suspicious Trojan/Worm]
eTrust-Vet 30.7.3665/20070526 found nothing
Ewido 4.0/20070527 found nothing
F-Prot 4.3.2.48/20070525 found nothing
F-Secure 6.70.13030.0/20070527 found nothing
FileAdvisor 1/20070527 found nothing
Fortinet 2.85.0.0/20070527 found nothing
Ikarus T3.1.1.8/20070527 found [not-a-virus:AdWare.Win32.NaviPromo]
Kaspersky 4.0.2.24/20070527 found nothing
McAfee 5039/20070525 found nothing
Microsoft 1.2503/20070527 found nothing
NOD32v2 2292/20070525 found nothing
Norman 5.80.02/20070525 found nothing
Panda 9.0.0.4/20070527 found [Adware/NaviPromo]
Prevx1 V2/20070527 found nothing
Sophos 4.18.0/20070525 found nothing
Sunbelt 2.2.907.0/20070526 found [VIPRE.Suspicious]
Symantec 10/20070527 found [Trojan.Skintrim]
TheHacker 6.1.6.123/20070525 found nothing
VBA32 3.12.0/20070526 found nothing
VirusBuster 4.3.23:9/20070526 found nothing
Webwasher-Gateway 6.0.1/20070527 found [Heuristic.Malware]
[ notes ]
packers: PECOMPACT
packers: PecBundle, PECompact
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats
that are deemed suspicious through heuristics.
__________________________________________________
VirusTotal is a free service offered by Hispasec Sistemas. There are no
guarantees about the availability and continuity of this service. Do not
reply to this message. It has been generated by an automatic address that
will not handle any reply. Although the detection rate afforded by the use
of multiple antivirus engines is far superior to that offered by just one
product, these results DO NOT guarantee the harmlessness of a file.
Currently, there is not any solution that offers a 100% effectiveness rate
for detecting viruses and malware.
Reply With Quote