Photo_13308.zip/Backdoor.Win32.SdBot.esy

Informations sur les arnaques et Virus sur MSN.
Malekal_morte
Messages : 116243
Inscription : 10 sept. 2005 13:57

Photo_13308.zip/Backdoor.Win32.SdBot.esy

par Malekal_morte »

Se propage par le fichier contenant le fichier Photo_13308.zip (se trouve dans %windir%) contenant le fichier Photo_13308.jpg-www.hotmail.com

Message de propagation :
looooook :p
loooooooooooool :D
omg check this out man this is funny
lol you got to see this

L'infection ajoute la ligne suivante sur HijackThis :
O4 - HKLM\..\Run: [secdrive.exe] C:\WINDOWS\pchealth\helpctr\binaries\secdrive.exe
Complete scanning result of "Photo_13308.jpg-www.hotmail.com", processed in VirusTotal at 06/30/2008 14:43:15 (CET).

[ file data ]
* name..: Photo_13308.jpg-www.hotmail.com
* size..: 139522
* md5...: edd92d9e9200e7d6c0215a705e45e294
* sha1..: f2cd9ab9e6f4ceb1883c06eb8499afc0cd432f6b
* peid..: EXE Shield v0.1b - v0.3b, v0.3 -> SMoKE

[ scan result ]
AhnLab-V3 2008.6.27.1/20080630 found nothing
AntiVir 7.8.0.59/20080630 found [Worm/SdBot.139522]
Authentium 5.1.0.4/20080629 found nothing
Avast 4.8.1195.0/20080628 found [Win32:IRCBot-AND]
AVG 7.5.0.516/20080630 found nothing
BitDefender 7.2/20080630 found nothing
CAT-QuickHeal 9.50/20080628 found nothing
ClamAV 0.93.1/20080630 found nothing
DrWeb 4.44.0.09170/20080630 found nothing
eSafe 7.0.17.0/20080629 found [Suspicious File]
eTrust-Vet 31.6.5914/20080630 found nothing
Ewido 4.0/20080627 found nothing
F-Prot 4.4.4.56/20080629 found nothing
F-Secure 7.60.13501.0/20080626 found nothing
Fortinet 3.14.0.0/20080630 found nothing
GData 2.0.7306.1023/20080630 found [Backdoor.Win32.SdBot.esy]
Ikarus T3.1.1.26.0/20080630 found [Virus.Win32.IRCBot.AND]
Kaspersky 7.0.0.125/20080630 found [Backdoor.Win32.SdBot.esy]
McAfee 5327/20080627 found nothing
Microsoft 1.3704/20080630 found [Worm:Win32/Neeris.O]
NOD32v2 3226/20080630 found [IRC/SdBot]
Norman 5.80.02/20080627 found nothing
Panda 9.0.0.4/20080629 found nothing
Prevx1 V2/20080630 found nothing
Rising 20.51.02.00/20080630 found nothing
Sophos 4.30.0/20080630 found [Mal/Packer]
Sunbelt 3.0.1176.1/20080626 found nothing
Symantec 10/20080630 found [W32.Spybot.Worm]
TheHacker 6.2.96.364/20080628 found nothing
TrendMicro 8.700.0.1004/20080630 found nothing
VBA32 3.12.6.8/20080630 found [Backdoor.Win32.SdBot.esy]
VirusBuster 4.5.11.0/20080630 found nothing
Webwasher-Gateway 6.6.2/20080630 found [Worm.SdBot.139522]

[ notes ]
packers (Avast): RLPack
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Evaluer le site malekal.com
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
Malekal_morte
Messages : 116243
Inscription : 10 sept. 2005 13:57

Re: Photo_13308.zip/Backdoor.Win32.SdBot.esy

par Malekal_morte »

Ajoutés en BDS/Xili.42496 et Worm/Autorun.ehf par Antivir.
Filename Result
euSp2.exe MALWARE

The file 'euSp2.exe' has been determined to be 'MALWARE'. Our analysts named the threat BDS/Xili.42496. The term "BDS/" denotes a Backdoor-Server program. Backdoor-Server programs are used to spy out, modify or delete data.Detection is added to our virus definition file (VDF) starting with version 7.00.05.26.

Filename Result
eSp1.exe MALWARE

The file 'eSp1.exe' has been determined to be 'MALWARE'. Our analysts named the threat Worm/Autorun.ehf. The term "WORM/" denotes a worm that is able to spread itself for instance over the Internet (using eMail, peer-to-peer networks, IRC networks etc.).Detection is added to our virus definition file (VDF) starting with version 7.00.05.26.


Scan des fichiers au lendemain :
Complete scanning result of "eSp1.exe", processed in VirusTotal at 07/01/2008 10:00:28 (CET).

[ file data ]
* name: eSp1.exe
* size: 42496
* md5.: a68edba3068eaccd5259662358d1b45e
* sha1: faf1a7bec504d99d4acd6a6eb6357a131c86e753
* peid..: BobSoft Mini Delphi -> BoB / BobSoft

[ scan result ]
AhnLab-V3 2008.7.1.0/20080701 found nothing
AntiVir 7.8.0.59/20080701 found [Worm/Autorun.ehf]
Authentium 5.1.0.4/20080701 found nothing
Avast 4.8.1195.0/20080630 found nothing
AVG 7.5.0.516/20080630 found [Worm/Generic.IJY]
BitDefender 7.2/20080701 found [Trojan.Agent.AIZX]
CAT-QuickHeal 9.50/20080630 found nothing
ClamAV 0.93.1/20080701 found nothing
DrWeb 4.44.0.09170/20080701 found [Trojan.Inject.3581]
eSafe 7.0.17.0/20080629 found nothing
eTrust-Vet 31.6.5916/20080701 found nothing
Ewido 4.0/20080627 found nothing
F-Prot 4.4.4.56/20080701 found nothing
F-Secure 7.60.13501.0/20080626 found nothing
Fortinet 3.14.0.0/20080701 found [PossibleThreat]
GData 2.0.7306.1023/20080701 found [Worm.Win32.AutoRun.ehf]
Ikarus T3.1.1.26/20080701 found [Worm.Win32.AutoRun.ehf]
Kaspersky 7.0.0.125/20080701 found [Worm.Win32.AutoRun.ehf]
McAfee 5328/20080630 found nothing
Microsoft 1.3704/20080701 found [VirTool:Win32/Injector.gen!D]
NOD32v2 3230/20080701 found [Win32/AutoRun.RB]
Norman 5.80.02/20080630 found nothing
Panda 9.0.0.4/20080701 found nothing
Prevx1 V2/20080701 found nothing
Rising 20.51.11.00/20080701 found nothing
Sophos 4.30.0/20080701 found nothing
Sunbelt 3.1.1509.1/20080701 found nothing
Symantec 10/20080701 found nothing
TheHacker 6.2.96.365/20080701 found nothing
TrendMicro 8.700.0.1004/20080701 found nothing
VBA32 3.12.6.8/20080630 found nothing
VirusBuster 4.5.11.0/20080630 found nothing
Webwasher-Gateway 6.6.2/20080701 found [Worm.Autorun.ehf]

Complete scanning result of "euSp2.exe", processed in VirusTotal at 07/01/2008 10:00:28 (CET).

[ file data ]
* name: euSp2.exe
* size: 42496
* md5.: 5f9103e4685d74e51bf22d7acd705445
* sha1: f194d2ef3dc750def679e13950f19569e300304c
* peid..: BobSoft Mini Delphi -> BoB / BobSoft

[ scan result ]
AhnLab-V3 2008.7.1.0/20080701 found nothing
AntiVir 7.8.0.59/20080701 found [BDS/Xili.42496]
Authentium 5.1.0.4/20080701 found nothing
Avast 4.8.1195.0/20080630 found nothing
AVG 7.5.0.516/20080630 found [Worm/Generic.IJY]
BitDefender 7.2/20080701 found [Trojan.Agent.AIZX]
CAT-QuickHeal 9.50/20080630 found nothing
ClamAV 0.93.1/20080701 found nothing
DrWeb 4.44.0.09170/20080701 found [Trojan.Inject.3581]
eSafe 7.0.17.0/20080629 found nothing
eTrust-Vet 31.6.5916/20080701 found nothing
Ewido 4.0/20080627 found nothing
F-Prot 4.4.4.56/20080701 found nothing
F-Secure 7.60.13501.0/20080626 found nothing
Fortinet 3.14.0.0/20080701 found [PossibleThreat]
GData 2.0.7306.1023/20080701 found [Worm.Win32.AutoRun.ehf]
Ikarus T3.1.1.26/20080701 found [Trojan.Agent.AIZX]
Kaspersky 7.0.0.125/20080701 found [Worm.Win32.AutoRun.ehf]
McAfee 5328/20080630 found nothing
Microsoft 1.3704/20080701 found [VirTool:Win32/Injector.gen!D]
NOD32v2 3230/20080701 found [Win32/AutoRun.RB]
Norman 5.80.02/20080630 found nothing
Panda 9.0.0.4/20080701 found nothing
Prevx1 V2/20080701 found [Worm]
Rising 20.51.11.00/20080701 found nothing
Sophos 4.30.0/20080701 found nothing
Sunbelt 3.1.1509.1/20080701 found nothing
Symantec 10/20080701 found [Trojan.Vundo]
TheHacker 6.2.96.365/20080701 found nothing
TrendMicro 8.700.0.1004/20080701 found nothing
VBA32 3.12.6.8/20080630 found nothing
VirusBuster 4.5.11.0/20080630 found nothing
Webwasher-Gateway 6.6.2/20080701 found [Trojan.Backdoor.Xili.42496]
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Evaluer le site malekal.com
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
Malekal_morte
Messages : 116243
Inscription : 10 sept. 2005 13:57

Re: Photo_13308.zip/Backdoor.Win32.SdBot.esy

par Malekal_morte »

Ajoutés par Antivir hier.
Please find a detailed report concerning each individual sample below:

Filename Result
eSp2.exe MALWARE

The file 'eSp2.exe' has been determined to be 'MALWARE'. Our analysts discovered that the file is a Trojan. In general this kind of programs contains harmful functionality called payload. Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename Result
euSp3.exe MALWARE

The file 'euSp3.exe' has been determined to be 'MALWARE'. Our analysts discovered that the file is a Trojan. In general this kind of programs contains harmful functionality called payload. Detection will be added to our virus definition file (VDF) with one of the next updates.
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Evaluer le site malekal.com
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
  • Sujets similaires
    Réponses
    Vues
    Dernier message

Revenir à « Vers/Virus MSN et arnaques sur MSN »