Malekal's forum

[Malekal_morte]

Variante de WinAvX.exe/bolenja.exe/mustafx

Ouvre des alertes pour les rogues type Ultimate: Ultimate Defender, Ultimate Fixer, Ultimate Cleaner

HijackThis :

O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKUS\S-1-5-18\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'Default user')
O20 - AppInit_DLLs: cru629.dat

http://www.virustotal.com/analisis/3715 ... 4f945217a2

File braviax.exe received on 02.04.2008 23:12:09 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 14/32 (43.75%)

Antivirus Version Last Update Result
AhnLab-V3 2008.2.5.10 2008.02.04 -
AntiVir 7.6.0.62 2008.02.04 HEUR/Malware
Authentium 4.93.8 2008.02.04 -
Avast 4.7.1098.0 2008.02.04 -
AVG 7.5.0.516 2008.02.04 -
BitDefender 7.2 2008.02.04 Generic.Malware.Yd!dld!sp.730153C3
CAT-QuickHeal 9.00 2008.02.04 -
ClamAV 0.92 2008.02.04 -
DrWeb 4.44.0.09170 2008.02.04 DLOADER.Trojan
eSafe 7.0.15.0 2008.01.28 suspicious Trojan/Worm
eTrust-Vet 31.3.5509 2008.02.04 -
Ewido 4.0 2008.02.04 -
FileAdvisor 1 2008.02.04 -
Fortinet 3.14.0.0 2008.02.04 -
F-Prot 4.4.2.54 2008.02.04 -
F-Secure 6.70.13260.0 2008.02.04 W32/Malware
Ikarus T3.1.1.20 2008.02.04 -
Kaspersky 7.0.0.125 2008.02.04 -
McAfee 5222 2008.02.04 -
Microsoft 1.3204 2008.02.04 TrojanDownloader:Win32/Renos.gen!A
NOD32v2 2847 2008.02.04 probably unknown NewHeur_PE virus
Norman 5.80.02 2008.02.04 W32/Malware
Panda 9.0.0.4 2008.02.04 Suspicious file
Prevx1 V2 2008.02.04 Heuristic: Suspicious Browser Help Object
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.04 Mal/Emogen-G
Sunbelt 2.2.907.0 2008.02.02 -
Symantec 10 2008.02.04 Downloader.MisleadApp
TheHacker 6.2.9.208 2008.02.04 -
VBA32 3.12.6.0 2008.02.03 suspected of Win32.Trojan.Downloader (http://...)
VirusBuster 4.3.26:9 2008.02.04 -
Webwasher-Gateway 6.6.2 2008.02.04 Heuristic.Malware
Additional information
File size: 11264 bytes
MD5: 363579e9c5b05ce9332ca47bff01f3d0
SHA1: 007a6410ceba4bbce8d963386421835af60a6846
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers: UPX
packers: UPX, embedded

http://www.virustotal.com/analisis/3f79 ... 7cd73230b2

File cru629.dat received on 02.04.2008 23:12:32 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 8/32 (25%)

Antivirus Version Last Update Result
AhnLab-V3 2008.2.5.10 2008.02.04 -
AntiVir 7.6.0.62 2008.02.04 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2008.02.04 -
Avast 4.7.1098.0 2008.02.04 -
AVG 7.5.0.516 2008.02.04 -
BitDefender 7.2 2008.02.04 -
CAT-QuickHeal 9.00 2008.02.04 -
ClamAV 0.92 2008.02.04 -
DrWeb 4.44.0.09170 2008.02.04 Trojan.Proxy.1739
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5509 2008.02.04 -
Ewido 4.0 2008.02.04 -
FileAdvisor 1 2008.02.04 -
Fortinet 3.14.0.0 2008.02.04 -
F-Prot 4.4.2.54 2008.02.04 -
F-Secure 6.70.13260.0 2008.02.04 -
Ikarus T3.1.1.20 2008.02.04 -
Kaspersky 7.0.0.125 2008.02.04 -
McAfee 5222 2008.02.04 -
Microsoft 1.3204 2008.02.04 TrojanDownloader:Win32/Eldycow.gen!A
NOD32v2 2847 2008.02.04 -
Norman 5.80.02 2008.02.04 -
Panda 9.0.0.4 2008.02.04 Suspicious file
Prevx1 V2 2008.02.04 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.04 Mal/EncPk-BB
Sunbelt 2.2.907.0 2008.02.02 -
Symantec 10 2008.02.04 Trojan.Perfcoo
TheHacker 6.2.9.208 2008.02.04 -
VBA32 3.12.6.0 2008.02.03 suspected of Win32 Shadow DllHook Install
VirusBuster 4.3.26:9 2008.02.04 -
Webwasher-Gateway 6.6.2 2008.02.04 Trojan.Crypt.XPACK.Gen
Additional information
File size: 6144 bytes
MD5: fce16002366847ec75c7b313b583f72a
SHA1: 15d8fcbef1666cd5d79b20ce38ad05ea1ac3619a

http://www.virustotal.com/analisis/0d8c ... 12eaf90081

File users32.dat received on 01.28.2008 14:12:31 (CET)
Current status: finished
Result: 16/31 (51.61%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - ADSPY/Sert.A
Authentium - - -
Avast - - Win32:Tibs-ADO
AVG - - Adware Generic2.AAMX
BitDefender - - -
CAT-QuickHeal - - AdWare.Agent.zo (Not a Virus)
ClamAV - - -
DrWeb - - Trojan.Click.5043
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - Adware/Agent
F-Prot - - -
F-Secure - - -
Ikarus - - not-a-virus:AdWare.Win32.Agent.zb
Kaspersky - - not-a-virus:AdWare.Win32.Agent.zo
McAfee - - -
Microsoft - - Trojan:Win32/Wantvi.F
NOD32v2 - - Win32/TrojanDownloader.Small.NZN
Norman - - W32/Agent.DYJS
Panda - - Adware/PurityScan
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
TheHacker - - Adware/Agent.zo
VBA32 - - AdWare.Win32.Agent.zo
VirusBuster - - -
Webwasher-Gateway - - Ad-Spyware.Sert.A
Additional information
MD5: cbd6b9158a0720ba4fbe05f8eccddc95
SHA1: 9a6a3a0a8619f6fb3e5f0e58e388fda3166fae53
SHA256: cce4e4ba184673b25d88c3adb3106099b99d434e69d87cc29a5ce4cc5080249a

[Malekal_morte]

Un petit Rootkit :

File Hsa31.sys received on 02.04.2008 23:33:24 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 18/32 (56.25%)

Antivirus Version Last Update Result
AhnLab-V3 2008.2.5.10 2008.02.04 Win-Trojan/Agent.25472
AntiVir 7.6.0.62 2008.02.04 Worm/Ntech.Z.4
Authentium 4.93.8 2008.02.04 -
Avast 4.7.1098.0 2008.02.04 -
AVG 7.5.0.516 2008.02.04 PSW.Generic5.AIDA
BitDefender 7.2 2008.02.04 Trojan.Downloader.Agent.ZAR
CAT-QuickHeal 9.00 2008.02.04 Worm.Ntech.sd
ClamAV 0.92 2008.02.04 -
DrWeb 4.44.0.09170 2008.02.04 Trojan.Rntm
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5511 2008.02.04 -
Ewido 4.0 2008.02.04 -
FileAdvisor 1 2008.02.04 -
Fortinet 3.14.0.0 2008.02.04 W32/Agent.ZAR!tr.dldr
F-Prot 4.4.2.54 2008.02.04 -
F-Secure 6.70.13260.0 2008.02.04 Trojan-Downloader.Win32.Agent.ici
Ikarus T3.1.1.20 2008.02.04 Trojan-Downloader.Agent.ZAR
Kaspersky 7.0.0.125 2008.02.04 Trojan-Downloader.Win32.Agent.ici
McAfee 5222 2008.02.04 Spy-Agent.bv
Microsoft 1.3204 2008.02.04 VirTool:WinNT/Cutwail.F
NOD32v2 2847 2008.02.04 Win32/Wigon.AV
Norman 5.80.02 2008.02.04 W32/Agent.EETK
Panda 9.0.0.4 2008.02.04 -
Prevx1 V2 2008.02.04 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.04 Troj/Pushu-Gen
Sunbelt 2.2.907.0 2008.02.02 -
Symantec 10 2008.02.04 Downloader
TheHacker 6.2.9.208 2008.02.04 -
VBA32 3.12.6.0 2008.02.03 -
VirusBuster 4.3.26:9 2008.02.04 Trojan.Wigon.Gen.2
Webwasher-Gateway 6.6.2 2008.02.04 Worm.Ntech.Z.4
Additional information
File size: 25472 bytes
MD5: 27cf4de99a65b5bf7d245d7a43e59fa0
SHA1: 52b6e3731ca4cc607a18485e096b658c50414af4
PEiD: -

Le driver légitime beep.sys patché

File beep.sys received on 02.04.2008 23:29:04 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 8/32 (25%)

Antivirus Version Last Update Result
AhnLab-V3 2008.2.5.10 2008.02.04 -
AntiVir 7.6.0.62 2008.02.04 -
Authentium 4.93.8 2008.02.04 -
Avast 4.7.1098.0 2008.02.04 Win32:Agent-QNI
AVG 7.5.0.516 2008.02.04 BackDoor.Ntrootkit.X
BitDefender 7.2 2008.02.04 Generic.Malware.P!.A67ADB26
CAT-QuickHeal 9.00 2008.02.04 (Suspicious) - DNAScan
ClamAV 0.92 2008.02.04 -
DrWeb 4.44.0.09170 2008.02.04 Trojan.NtRootKit.775
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5511 2008.02.04 Win32/Eldycow!generic
Ewido 4.0 2008.02.04 -
FileAdvisor 1 2008.02.04 -
Fortinet 3.14.0.0 2008.02.04 -
F-Prot 4.4.2.54 2008.02.04 -
F-Secure 6.70.13260.0 2008.02.04 -
Ikarus T3.1.1.20 2008.02.04 -
Kaspersky 7.0.0.125 2008.02.04 -
McAfee 5222 2008.02.04 -
Microsoft 1.3204 2008.02.04 -
NOD32v2 2847 2008.02.04 -
Norman 5.80.02 2008.02.04 -
Panda 9.0.0.4 2008.02.04 -
Prevx1 V2 2008.02.04 Heuristic: Suspicious File With Anti-Security Technology
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.04 -
Sunbelt 2.2.907.0 2008.02.02 -
Symantec 10 2008.02.04 -
TheHacker 6.2.9.208 2008.02.04 -
VBA32 3.12.6.0 2008.02.03 -
VirusBuster 4.3.26:9 2008.02.04 -
Webwasher-Gateway 6.6.2 2008.02.04 Win32.Malware.gen!80 (suspicious)
Additional information
File size: 29184 bytes
MD5: a1413b2822ade828b69fe6151fb383e4
SHA1: 75151b1558321f443701a368569917b458ce3652

[Malekal_morte]

Hello,

beep.sys - not-a-virus:FraudTool.Win32.UltimateDefender.af

New potentially risk software was found in this file. It's detection will be
included in the next update. Thank you for your help.

Please quote all when answering.

_______

Hello,

braviax.exek - not-a-virus:FraudTool.Win32.UltimateDefender.af

New potentially risk software was found in this file. It's detection will be
included in the next update. Thank you for your help.

cru629.dat - Backdoor.Win32.Small.ctw

New malicious software was found in this file. It's detection will be included
in the next update. Thank you for your help.

[Malekal_morte]

Antivir :

Please find a detailed report concerning each individual sample below:
Filename Result
braviax.exe MALWARE

The file 'braviax.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Agent.11264.61. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.00.02.91. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: HEUR/Malware.
Filename Result
cru629.dat MALWARE

The file 'cru629.dat' has been determined to be 'MALWARE'. Our analysts named the threat TR/Crypt.XPACK.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.

The file 'beep.sys' has been determined to be 'MALWARE'. Our analysts named the threat TR/Agent.29184.25. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.00.02.91.

[Malekal_morte]

L'infection installe maintenant le rogue : Home Antivirus 2010

[Malekal_morte]

Installe le rogue : PC Antispyware 2010 maintenant.