TechTalkz.com Technology & Computer Troubleshooting Forums - View Single Post

07-11-2007, 11:44 PM

On Tue, 21 Aug 2007 12:30:36 -0400, "David W. Hodgins"
<dwhodgins@nomail.afraid.org> wrote:

>On Tue, 21 Aug 2007 10:05:53 -0400, Duh_OZ <ozzy.kopec@gmail.com> wrote:
>
>> Here's a munged one - remove the x's in the IP address if you care to
>> visit and see what malware is trying to make the rounds.
>
> From virustotal ...
>
>File applet.exe received on 08.21.2007 18:12:41 (CET)
>Current status: finished
>Result: 14/32 (43.75%)
> Compact
>Print results Antivirus Version Last Update Result
>AhnLab-V3 2007.8.22.0 2007.08.21 -
>AntiVir 7.4.1.62 2007.08.21 WORM/Zhelatin.Gen
>Authentium 4.93.8 2007.08.20 Possibly a new variant of W32/Fathom.1-based!Maximus
>Avast 4.7.1029.0 2007.08.20 -
>AVG 7.5.0.484 2007.08.20 Downloader.Tibs.7.D
>BitDefender 7.2 2007.08.21 -
>CAT-QuickHeal 9.00 2007.08.21 (Suspicious) - DNAScan
>ClamAV 0.91 2007.08.21 Fathom
>DrWeb 4.33 2007.08.21 Trojan.Packed.142
>eSafe 7.0.15.0 2007.08.20 Suspicious Trojan/Worm
>eTrust-Vet 31.1.5076 2007.08.21 Win32/Sintun.AC
>Ewido 4.0 2007.08.21 -
>FileAdvisor 1 2007.08.21 -
>Fortinet 2.91.0.0 2007.08.21 -
>F-Prot 4.3.2.48 2007.08.20 W32/Fathom.1-based!Maximus
>F-Secure 6.70.13030.0 2007.08.21 -
>Ikarus T3.1.1.12 2007.08.21 -
>Kaspersky 4.0.2.24 2007.08.21 -
>McAfee 5101 2007.08.20 -
>Microsoft 1.2803 2007.08.21 -
>NOD32v2 2473 2007.08.21 -
>Norman 5.80.02 2007.08.21 -
>Panda 9.0.0.4 2007.08.21 -
>Prevx1 V2 2007.08.21 -
>Rising 19.37.12.00 2007.08.21 -
>Sophos 4.20.0 2007.08.21 Mal/Dorf-E
>Sunbelt 2.2.907.0 2007.08.21 VIPRE.Suspicious
>Symantec 10 2007.08.21 Trojan.Packed.13
>TheHacker 6.1.8.171 2007.08.21 -
>VBA32 3.12.2.2 2007.08.21 MalwareScope.Worm.Nuwar-Glowa.1
>VirusBuster 4.3.26:9 2007.08.21 -
>Webwasher-Gateway 6.0.1 2007.08.21 Worm.Zhelatin.Gen
>Additional information
>File size: 114666 bytes
>MD5: fef238a7164d7a902e1285554e6d1708
>SHA1: c0c853edf099cce5f224e21de3ded0e40feb43dc
>Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that
>are deemed suspicious through heuristics.

From jotti ........
A-Squared Found nothing
AntiVir Found WORM/Zhelatin.Gen
ArcaVir Found Trojan.W32.Lager.Dr47
Avast Found Win32:Zhelatin-ANZ
AVG Antivirus Found Downloader.Tibs.7.D
BitDefender Found DeepScan:Generic.Malware.FMPH@mmign.B93F3761
ClamAV Found Fathom
CPsecure Found nothing
Dr.Web Found Trojan.Packed.142
F-Prot Found Possibly a new variant of W32/Fathom.2-based!Maximus
F-Secure Found nothing
Fortinet Found nothing
Kaspersky Found Email-Worm.Win32.Zhelatin.hc
NOD32 Found Win32/Nuwar.Gen
Norman Virus Control Found nothing
Panda Found nothing
Rising Antivirus Found nothing
Sophos Found Mal/Dorf-E
VirusBuster Found nothing
VBA32 Found MalwareScope.Worm.Nuwar-Glowa.1

Art

07-11-2007, 11:44 PM	#4
Art Guest Posts: n/a	Re: Latest gimmick in malware dispersal? On Tue, 21 Aug 2007 12:30:36 -0400, "David W. Hodgins" <dwhodgins@nomail.afraid.org> wrote: >On Tue, 21 Aug 2007 10:05:53 -0400, Duh_OZ <ozzy.kopec@gmail.com> wrote: > >> Here's a munged one - remove the x's in the IP address if you care to >> visit and see what malware is trying to make the rounds. > > From virustotal ... > >File applet.exe received on 08.21.2007 18:12:41 (CET) >Current status: finished >Result: 14/32 (43.75%) > Compact >Print results Antivirus Version Last Update Result >AhnLab-V3 2007.8.22.0 2007.08.21 - >AntiVir 7.4.1.62 2007.08.21 WORM/Zhelatin.Gen >Authentium 4.93.8 2007.08.20 Possibly a new variant of W32/Fathom.1-based!Maximus >Avast 4.7.1029.0 2007.08.20 - >AVG 7.5.0.484 2007.08.20 Downloader.Tibs.7.D >BitDefender 7.2 2007.08.21 - >CAT-QuickHeal 9.00 2007.08.21 (Suspicious) - DNAScan >ClamAV 0.91 2007.08.21 Fathom >DrWeb 4.33 2007.08.21 Trojan.Packed.142 >eSafe 7.0.15.0 2007.08.20 Suspicious Trojan/Worm >eTrust-Vet 31.1.5076 2007.08.21 Win32/Sintun.AC >Ewido 4.0 2007.08.21 - >FileAdvisor 1 2007.08.21 - >Fortinet 2.91.0.0 2007.08.21 - >F-Prot 4.3.2.48 2007.08.20 W32/Fathom.1-based!Maximus >F-Secure 6.70.13030.0 2007.08.21 - >Ikarus T3.1.1.12 2007.08.21 - >Kaspersky 4.0.2.24 2007.08.21 - >McAfee 5101 2007.08.20 - >Microsoft 1.2803 2007.08.21 - >NOD32v2 2473 2007.08.21 - >Norman 5.80.02 2007.08.21 - >Panda 9.0.0.4 2007.08.21 - >Prevx1 V2 2007.08.21 - >Rising 19.37.12.00 2007.08.21 - >Sophos 4.20.0 2007.08.21 Mal/Dorf-E >Sunbelt 2.2.907.0 2007.08.21 VIPRE.Suspicious >Symantec 10 2007.08.21 Trojan.Packed.13 >TheHacker 6.1.8.171 2007.08.21 - >VBA32 3.12.2.2 2007.08.21 MalwareScope.Worm.Nuwar-Glowa.1 >VirusBuster 4.3.26:9 2007.08.21 - >Webwasher-Gateway 6.0.1 2007.08.21 Worm.Zhelatin.Gen >Additional information >File size: 114666 bytes >MD5: fef238a7164d7a902e1285554e6d1708 >SHA1: c0c853edf099cce5f224e21de3ded0e40feb43dc >Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that >are deemed suspicious through heuristics. From jotti ........ A-Squared Found nothing AntiVir Found WORM/Zhelatin.Gen ArcaVir Found Trojan.W32.Lager.Dr47 Avast Found Win32:Zhelatin-ANZ AVG Antivirus Found Downloader.Tibs.7.D BitDefender Found DeepScan:Generic.Malware.FMPH@mmign.B93F3761 ClamAV Found Fathom CPsecure Found nothing Dr.Web Found Trojan.Packed.142 F-Prot Found Possibly a new variant of W32/Fathom.2-based!Maximus F-Secure Found nothing Fortinet Found nothing Kaspersky Found Email-Worm.Win32.Zhelatin.hc NOD32 Found Win32/Nuwar.Gen Norman Virus Control Found nothing Panda Found nothing Rising Antivirus Found nothing Sophos Found Mal/Dorf-E VirusBuster Found nothing VBA32 Found MalwareScope.Worm.Nuwar-Glowa.1 Art