NewImage8.zip / Backdoor.Win32.IRCBot.exx

[Malekal_morte]

Se propage par le fichier contenant le fichier NewImage8.zip (se trouve dans %windir%) contenant le fichier NewImage008.JPG_www.facebook.scr

Message de propagation :

do you care if I upload this picture to my new profile?
have you seen the last picture I created with photoshop? I think I'm getting better every time!
I just found this wallpaper from the new Batman Movie, I think its just right for you!
You missed out on the party! It was pretty intense, just take a look!
This is seriously the DEFINITION OF SEXY, just take a peek! ;)
can I post this picture of you on my blog? Or would you get upset at me?

L'infection ajoute la ligne suivante sur HijackThis :

O4 - HKLM\..\Run: [Security Service DB] secservice.exe

Fichier 0x011.exe reçu le 2008.08.12 12:20:01 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 6/36 (16.67%)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.12.0 2008.08.12 -
AntiVir 7.8.1.19 2008.08.12 TR/Crypt.CFI.Gen
Authentium 5.1.0.4 2008.08.12 -
Avast 4.8.1195.0 2008.08.11 -
AVG 8.0.0.156 2008.08.12 Dropper.Generic.AAOD
BitDefender 7.2 2008.08.12 -
CAT-QuickHeal 9.50 2008.08.11 -
ClamAV 0.93.1 2008.08.12 -
DrWeb 4.44.0.09170 2008.08.12 Trojan.Inject.3698
eSafe 7.0.17.0 2008.08.11 -
eTrust-Vet 31.6.6027 2008.08.12 -
Ewido 4.0 2008.08.11 -
F-Prot 4.4.4.56 2008.08.12 -
F-Secure 7.60.13501.0 2008.08.12 -
Fortinet 3.14.0.0 2008.08.12 -
GData 2.0.7306.1023 2008.08.12 -
Ikarus T3.1.1.34.0 2008.08.12 -
K7AntiVirus 7.10.411 2008.08.11 -
Kaspersky 7.0.0.125 2008.08.12 -
McAfee 5358 2008.08.11 -
Microsoft 1.3807 2008.08.12 VirTool:Win32/DelfInject.gen!AF
NOD32v2 3348 2008.08.12 a variant of Win32/Injector.CC
Norman 5.80.02 2008.08.12 -
Panda 9.0.0.4 2008.08.12 -
PCTools 4.4.2.0 2008.08.11 -
Prevx1 V2 2008.08.12 -
Rising 20.57.12.00 2008.08.12 -
Sophos 4.32.0 2008.08.12 -
Sunbelt 3.1.1542.1 2008.08.12 -
Symantec 10 2008.08.12 -
TheHacker 6.2.96.396 2008.08.12 -
TrendMicro 8.700.0.1004 2008.08.12 -
VBA32 3.12.8.3 2008.08.11 -
ViRobot 2008.8.11.1331 2008.08.11 -
VirusBuster 4.5.11.0 2008.08.11 -
Webwasher-Gateway 6.6.2 2008.08.12 Trojan.Crypt.CFI.Gen
Information additionnelle
File size: 70144 bytes
MD5...: d61d8a6999de84a96f606dc8843b008a
SHA1..: a80d9f8e3c68fc33997312bffe0cd46dca82f218

[Malekal_morte]

Ajouté en Backdoor.Win32.IRCBot.exx par Kaspersky.

Hello,

0x011.exe_ - Backdoor.Win32.IRCBot.exx

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.