Photo13.zip / Worm.Win32.AutoRun.ehu

[Malekal_morte]

fichier Photo13.zip contenant le fichier newphoto0013.JPG-www.myspace.com

Message de propagation :

can I upload this photo to my blog? You look kind of funky in it...
do you mind if I add this picture to my new album?
how do we look together? I edited you into the pic right next to me
I won't get banned for posting this on myspace right?
OMG my new hair style is NUTS! I can't decide if I love it or hate it. What do you think?
I bet you haven't seen something this crazy in awhile, just look!

Ajoute la ligne suivante sur HijackThis :

O4 - HKLM\..\Run: [MSN Auto-Updater] msnaupdater.exe

Fichier euSp4f.exe reçu le 2008.07.03 07:18:27 (CET)
Situation actuelle: terminé
Résultat: 4/33 (12.12%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - Win32.HLLW.Autoruner.2296
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - VirTool.Win32.Injector.D
Kaspersky - - -
McAfee - - -
Microsoft - - VirTool:Win32/Injector.gen!D
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Malicious Software
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: e13e9ca41ff14aba24c1a2ac2889d5a2
SHA1: b3af4403e971a5da23d0085c71aadcd5e7bc6489

[Malekal_morte]

15 min après.. Kaspersky les a ajoutés :

Hello.
New malicious software was found in the attached file. Worm.Win32.AutoRun.eht, Worm.Win32.AutoRun.ehu
It's detection will be included in the next update. Thank you for your help.

Please quote all when answering. Do not forget to include you registration data.

[Malekal_morte]

Scan quelques après jours... :

Complete scanning result of "euSp4f.exe", processed in VirusTotal at 07/08/2008 01:22:24 (CET).

[ file data ]
* name..: euSp4f.exe
* size..: 42496
* md5...: e13e9ca41ff14aba24c1a2ac2889d5a2
* sha1..: b3af4403e971a5da23d0085c71aadcd5e7bc6489
* peid..: BobSoft Mini Delphi -> BoB / BobSoft

[ scan result ]
AhnLab-V3 2008.7.8.0/20080707 found nothing
AntiVir 7.8.0.64/20080707 found [Worm/Autorun.ehu]
Authentium 5.1.0.4/20080707 found nothing
Avast 4.8.1195.0/20080707 found [Win32:Trojan-gen {Other}]
AVG 7.5.0.516/20080707 found [Worm/Generic.IMW]
BitDefender 7.2/20080708 found [Trojan.Inject.IU]
CAT-QuickHeal 9.50/20080707 found [Worm.AutoRun.ehu]
ClamAV 0.93.1/20080708 found nothing
DrWeb 4.44.0.09170/20080707 found [Win32.HLLW.Autoruner.2296]
eSafe 7.0.17.0/20080707 found nothing
eTrust-Vet 31.6.5934/20080707 found nothing
Ewido 4.0/20080707 found nothing
F-Prot 4.4.4.56/20080707 found nothing
F-Secure 7.60.13501.0/20080703 found nothing
Fortinet 3.14.0.0/20080707 found [PossibleThreat]
GData 2.0.7306.1023/20080708 found [Worm.Win32.AutoRun.ehu]
Ikarus T3.1.1.26.0/20080707 found [VirTool.Win32.Injector.D]
Kaspersky 7.0.0.125/20080708 found [Worm.Win32.AutoRun.ehu]
McAfee 5333/20080707 found nothing
Microsoft 1.3704/20080708 found [Worm:Win32/Slenfbot.YX]
NOD32v2 3248/20080707 found [Win32/AutoRun.RM]
Norman 5.80.02/20080707 found nothing
Panda 9.0.0.4/20080708 found [Trj/Hosts.AE]
Prevx1 V2/20080708 found [Malicious Software]
Rising 20.51.60.00/20080706 found nothing
Sophos 4.31.0/20080707 found nothing
Sunbelt 3.1.1509.1/20080704 found nothing
Symantec 10/20080708 found [Trojan.Dropper]
TheHacker 6.2.96.374/20080707 found [W32/AutoRun.ehu]
TrendMicro 8.700.0.1004/20080707 found nothing
VBA32 3.12.6.8/20080707 found [Win32.HLLW.Autoruner.2296]
VirusBuster 4.5.11.0/20080707 found nothing
Webwasher-Gateway 6.6.2/20080707 found [Worm.Autorun.ehu