Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: !!WARNING!! the attached is a virus

  1. #1
    Blast From the Past
    Join Date
    Jan 2003
    Posts
    729

    !!WARNING!! the attached is a virus

    hey all you cyber fans out there... got a virus floating around

    in the zip its harmless... doesnt execute till you unzip and run the pif file inside
    had afew weird processes show up... avg EMAIL scanner shutdown... avg didnt detect a virus at all *and i just made a post saying i trusted AVG free to0*... guess this is irony at its best.

    i clicked it on purpose, i knew what i was getting into.


    if anyone has seen this before and can provide the community with info please share... im off to google to look up what i can now.
    work it harder, make it better, do it faster, makes us stronger

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi there hex~ !

    Please check out this site and bookmark it for future use

    I use it as a "first pass" as it scans a suspect with a variety of AVs and one hopes that their heuristics will give you a clue to what you are dealing with. Obviously this is very handy if you are dealing with a new variant?

    AntiVir : Found nothing
    ArcaVir : Found nothing
    Avast : Found nothing
    AVG Antivirus : Found nothing
    BitDefender : Found nothing
    ClamAV : Found nothing
    Dr.Web : Found Win32.HLLW.MyBot.based
    F-Prot Antivirus : Found nothing
    Fortinet : Found nothing
    Kaspersky Anti-Virus : Found Backdoor.Win32.SdBot.aad
    NOD32 : Found a variant of IRC/SdBot
    Norman Virus Control : Found W32/SDBot.AEJN
    UNA : Found nothing
    VirusBuster : Found nothing
    VBA32 : Found nothing

    There ya go

    Incidentally, I fed it the raw zip file. IIRC AVG doesn't handle .zips very well...........it catches the beast when you release it?

    EDIT: this is the site:

    http://virusscan.jotti.org/

    EDIT #2:

    EWIDO does not spot it either...............I have sent them the file..............I will work through the others today

  3. #3
    Senior Member
    Join Date
    Oct 2004
    Posts
    183
    McAfee found nothing either.

  4. #4
    Norton Internet Security Suite picked it up straight after i downloaded the .zip file.

    Gave me the option of Delete, Delete and Delete

    f2B

  5. #5
    Thats interesting now when you open it with winrar, under the "filetype" column it says "Shortcut to MS-Dos Program" rather than image file or similiar, oh and if anyone wants to play around with things like this, and don't have a spare machine, try using a program called deepfreeze, as soon as you reboot the PC any changes you have made to the HDD are reverted, including viruses.
    I\'m Dying To Find Out The Hard Way

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    There is another service out there called "virustotal"


    VirusTotal
    VirusTotal is a free file analisys service that works using several antivirus engines.


    Select file :

    Distribute
    SSL


    Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.
    Menu:

    * News Hot news in the virus/antivirus sector.
    * Estadisticas Statistics of VirusTotal procesing.
    * Virustotal More info about Virustotal.

    STATUS: FINISHED
    Complete scanning result of "picture005.zip", received in VirusTotal at 06.04.2006, 14:36:57 (CET).

    Antivirus Version Update Result
    AntiVir 6.34.1.37 06.03.2006 no virus found
    Authentium 4.93.8 06.02.2006 no virus found
    Avast 4.7.844.0 06.02.2006 no virus found
    AVG 386 06.02.2006 no virus found
    BitDefender 7.2 06.04.2006 no virus found
    CAT-QuickHeal 8.00 06.03.2006 (Suspicious) - DNAScan
    ClamAV devel-20060426 06.04.2006 no virus found
    DrWeb 4.33 06.04.2006 Win32.HLLW.MyBot.based
    eTrust-InoculateIT 23.72.26 06.03.2006 no virus found
    eTrust-Vet 12.6.2240 06.02.2006 no virus found
    Ewido 3.5 06.04.2006 Backdoor.SdBot.aad
    Fortinet 2.77.0.0 06.03.2006 no virus found
    F-Prot 3.16f 06.02.2006 no virus found
    Kaspersky 4.0.2.24 06.04.2006 Backdoor.Win32.SdBot.aad
    McAfee 4776 06.02.2006 no virus found
    Microsoft 1.1441 06.04.2006 no virus found
    NOD32v2 1.1577 06.04.2006 a variant of IRC/SdBot
    Norman 5.90.17 06.02.2006 W32/SDBot.AEJN
    Panda 9.0.0.4 06.04.2006 Suspicious file
    Sophos 4.05.0 06.03.2006 no virus found
    Symantec 8.0 06.04.2006 no virus found
    TheHacker 5.9.8.154 06.01.2006 no virus found
    UNA 1.83 06.02.2006 no virus found
    VBA32 3.11.0 06.04.2006 no virus found

    Aditional Information
    File size: 62509 bytes
    MD5: 8e59bcb3102cf4c2e61810282aaf480a
    SHA1: 48654fbaeb4a1c199f52b05afa9485a77c08f1a1
    VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
    > Go to: Home Contactar En Español
    www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info@virustotal.com

    Thanks to Soda_Popinski for reminding me................it is a Spanish site, so I did not think to include it.. mea culpa! mea maxima culpa!


    Nice to see EWIDO have it onboard since my last post?

  7. #7
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Hhmmm Trend Micro Internet 2006 didn't pick anything up either....
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  8. #8
    Dead Man Walking
    Join Date
    Jan 2003
    Posts
    810
    its been submited to trend micro

  9. #9
    Blast From the Past
    Join Date
    Jan 2003
    Posts
    729
    here is a printout of my virus vault in AVG this morning after i turned my computer on.

    i have about 14 new procs running... and you have to look at them closely becuase one will be...
    steam.exe *videogames*
    staem.exe *virus* <-- clever...

    im formatting and installing linux tonight anyway so im just gonna see what this thing does... time to run some netstat or ethereal


    what was funny... winrar did more to protect my system then AVG did at the time of infection
    when i downloaded the file i just double clicked the program inside and winrar said "warning stopping execution of potentialy dangerous software" or something along thoes lines... AVG didnt see a thing till i rebooted




    !!EDIT!!

    Stay off AIM when you are infected with this one... last night all my friends got messages from me saying "Hey man, download these sweet pics of me (picture005.zip)"

    turned on Gaim... friends havent noticed anything.
    work it harder, make it better, do it faster, makes us stronger

  10. #10
    Blast From the Past
    Join Date
    Jan 2003
    Posts
    729
    picture says it all
    work it harder, make it better, do it faster, makes us stronger

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •