htssv32.exe/Backdoor.Win32.SdBot.crw

par **Malekal_morte** » 04 févr. 2008 18:30

Variante de Backdoor.Win32.DsBot.mu/W0034_jpg.com

Ajoute les lignes suivantes sur HijackThis :

O4 - HKLM\..\Run: [htssv32.exe] C:\WINDOWS\htssv32.exe

Installe le Carlson Dialer : C:\Program Files\Common Files\Carlson

Scan du fichier :

File htssv32.exe received on 01.23.2008 18:37:33 (CET)
Current status: finished
Result: 21/32 (65.62%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - Worm/SdBot.31232.4
Authentium - - -
Avast - - Win32:IRCBot-BSX
AVG - - IRC/BackDoor.SdBot3.ZDQ
BitDefender - - Generic.Sdbot.C87C446E
CAT-QuickHeal - - Backdoor.SdBot.crw
ClamAV - - Trojan.SdBot-1767
DrWeb - - BackDoor.IRC.Sdbot.origin
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - W32/Busky.B.gen!Eldorado
F-Secure - - Backdoor.Win32.SdBot.crw
Ikarus - - Backdoor.Win32.SdBot.xd
Kaspersky - - Backdoor.Win32.SdBot.crw
McAfee - - New Malware.b
Microsoft - - Backdoor:Win32/Sdbot.gen!A
NOD32v2 - - probably a variant of IRC/SdBot
Norman - - W32/SDBot.BIGD
Panda - - Suspicious file
Prevx1 - - Backdoor.IRCBot.gen
Rising - - -
Sophos - - Mal/Emogen-G
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - suspected of Backdoor.xBot.1 (paranoid heuristics)
VirusBuster - - -
Webwasher-Gateway - - Worm.SdBot.31232.4
Additional information
MD5: 7744a3b9585332d4c6f26003a384d037
SHA1: c17cfd178775f515c9a000c86e6fc9e6740334b4
SHA256: 1e9c22ecdf1d345953875413a6a79d3dac1507b4dbe43ca95e93931b41753909
SHA512: 61cba320f4786086be667df5067cfe6d5d219b1583eff1f3d5a2ab8cdbd332c4 2b27f5f0673c324d021d26c69a7b804db09a312511c33b936deb5ef7a4c82552

Attention cette infection patche le fichier tcpip.sys qui est un driver légitime.

File tcpip.sys received on 02.04.2008 18:11:31 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 1/32 (3.13%)

Antivirus Version Last Update Result
AhnLab-V3 2008.2.4.10 2008.02.04 -
AntiVir 7.6.0.62 2008.02.04 -
Authentium 4.93.8 2008.02.04 -
Avast 4.7.1098.0 2008.02.03 -
AVG 7.5.0.516 2008.02.04 -
BitDefender 7.2 2008.02.04 -
CAT-QuickHeal 9.00 2008.02.04 -
ClamAV 0.92 2008.02.04 -
DrWeb 4.44.0.09170 2008.02.04 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5509 2008.02.04 -
Ewido 4.0 2008.02.04 -
FileAdvisor 1 2008.02.04 -
Fortinet 3.14.0.0 2008.02.04 -
F-Prot 4.4.2.54 2008.02.03 -
F-Secure 6.70.13260.0 2008.02.04 -
Ikarus T3.1.1.20 2008.02.04 Win32.SuspectCrc
Kaspersky 7.0.0.125 2008.02.04 -
McAfee 5221 2008.02.01 -
Microsoft 1.3204 2008.02.04 -
NOD32v2 2847 2008.02.04 -
Norman 5.80.02 2008.02.01 -
Panda 9.0.0.4 2008.02.04 -
Prevx1 V2 2008.02.04 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.04 -
Sunbelt 2.2.907.0 2008.02.02 -
Symantec 10 2008.02.04 -
TheHacker 6.2.9.208 2008.02.04 -
VBA32 3.12.6.0 2008.02.03 -
VirusBuster 4.3.26:9 2008.02.04 -
Webwasher-Gateway 6.6.2 2008.02.04 -
Additional information
File size: 359040 bytes
MD5: 3bb4b08619c111c7be8bda07aa0de6a2
SHA1: 1de616582af6a5c8ca562aa434923776a7820884