Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Wyrmrider finds his first virus

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts
View previous topic :: View next topic  
Author Message
wyrmrider
Warrior Addict


Joined: 25 Jun 2004
Last Visit: 17 Jan 2009
Posts: 730

PostPosted: Fri Oct 07, 2005 6:11 am    Post subject: Wyrmrider finds his first virus Reply with quote

----- Original Message -----
From: "AntiVir PersonalEdition Support-Team" <virus_malware @ antivir-pe.de>
To: <wyrmrider
Sent: Friday, October 07, 2005 3:28 AM
Subject: Re: Upload einer verdaechtigen Datei (Call #561016)


Dear Sirs,

Thank you for your recent inquiry.

We found a new virus in the attachment you have sent us.
The signature will be integrated in one of our next updates.

We thank you for your assistance.
--
Mit freundlichen Grüßen | Sincerely

i.A. Herr K. Müller
Customer Support

AntiVir PersonalProducts GmbH
Anschrift: Lina-Ammon-Str. 19a
D-90471 Nürnberg | Germany
http://www.antivir-pe.de
http://www.free-av.de
____________________________________________________________________________
__________
nobody else caught it, and I almost deleted it from quarantine but I was suspicious eventhough it was caught by heuristics set on high


This is a report processed by VirusTotal on 10/04/2005 at 17:00:44 (CET)
after scanning the file "275372BB.034" file.

Antivirus Version Update Result
AntiVir 6.32.0.6 10.04.2005 Heuristic/Virus.Win32 antivir heuristics set
on high flagged it
Avast 4.6.695.0 09.30.2005 no virus found
AVG 718 09.29.2005 no virus found
Avira 6.32.0.6 10.04.2005 Heuristic/Virus.Win32
BitDefender 7.2 10.04.2005 no virus found
CAT-QuickHeal 8.00 10.04.2005 (Suspicious) - DNAScan
ClamAV devel-20050917 10.04.2005 no virus found
DrWeb 4.32b 10.02.2005 no virus found
eTrust-Iris 7.1.194.0 10.03.2005 no virus found
eTrust-Vet 11.9.1.0 10.04.2005 no virus found
Fortinet 2.48.0.0 10.04.2005 no virus found
F-Prot 3.16c 10.04.2005 no virus found
Ikarus 0.2.59.0 10.04.2005 no virus found
Kaspersky 4.0.2.24 10.04.2005 no virus found
McAfee 4595 10.03.2005 no virus found
NOD32v2 1.1240 10.03.2005 no virus found
Norman 5.70.10 10.04.2005 no virus found
Panda 8.02.00 10.04.2005 no virus found
Sophos 3.98.0 10.04.2005 no virus found
Symantec 8.0 10.03.2005 no virus found
TheHacker 5.8.2.117 10.03.2005 no virus found
VBA32 3.10.4 10.02.2005 no virus found
Back to top
View user's profile Send private message
paperghost
Site Admin


Joined: 28 Aug 2004
Last Visit: 20 Feb 2012
Posts: 2048
Location: On a ROFLcopter

PostPosted: Fri Oct 07, 2005 6:32 am    Post subject: Reply with quote

Heheh well done!

Question is, are they gonna name it after you Laughing
Back to top
View user's profile Send private message
MadameX
Site Admin


Joined: 12 Jul 2004
Last Visit: 27 Apr 2008
Posts: 1438

PostPosted: Fri Oct 07, 2005 10:02 am    Post subject: Reply with quote

way to go, wrmrider! Dancing
_________________
CARMA
Back to top
View user's profile Send private message Visit poster's website
wyrmrider
Warrior Addict


Joined: 25 Jun 2004
Last Visit: 17 Jan 2009
Posts: 730

PostPosted: Sat Oct 08, 2005 7:21 pm    Post subject: Thanks for the support- and a surprise Reply with quote

a little update

I rescaned with Virustotal today and still no others pick up whatever virus we found

I then on line scanned with Bit Defender with Heuristics On
and found--- I posted a FYI in the Sunbelt forum


[Scan Results]
Line00000000 = "C:\WINDOWS\Downloaded Installations\{96CE8F39-1668-4FE3-B005-A7B1BC316B61}\Sunbelt CounterSpy.msi=>(Embedded CAB)=>sunasinstallhelper.exe Suspected of: BehavesLike:Win32.AV-Killer"

Heuristics were on
I discovered a new virus which Antivir Heruistics detected. After a virustotal scan showed no other AV's detecting I was scanning with several other engines with settings set on high

lucky I turn off auto fixing on the first pass with these heuristic programs

any other Av's have a reputation as being good with heuristics?
I'll try them against the Wyrmrider Smile virus
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 30 Oct 2014
Posts: 9982
Location: Yorkshire

PostPosted: Sat Oct 08, 2005 11:42 pm    Post subject: Reply with quote

Pity it wasn't a worm Wyrm'sWorm has a nice ring to it.

Well done Wyrmrider, nice catch.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Nick
Site Admin


Joined: 27 Feb 2004
Last Visit: 21 Sep 2014
Posts: 3913
Location: California

PostPosted: Sun Oct 09, 2005 4:28 am    Post subject: Reply with quote

Give NOD32 a shot at it. It has good heuristics. There is a free trial you can use:
http://www.nod32.com/download/trial.htm

You can also upload it to Jotti and let a whole range of scanners take a crack at it
http://virusscan.jotti.org/


Last edited by Nick on Sun Oct 09, 2005 12:01 pm; edited 1 time in total
Back to top
View user's profile Send private message
wyrmrider
Warrior Addict


Joined: 25 Jun 2004
Last Visit: 17 Jan 2009
Posts: 730

PostPosted: Sun Oct 09, 2005 9:44 am    Post subject: Jotti's malware scan 2.99-TRANSITION_TO_3.00 Reply with quote

I'll try nod32 thanks Nick - one of the few I've never tried Smile
Wyrms' Worm- I love it

AntiVir
Found Heuristic/Virus.Win32 (probable variant)
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing

leave no turn unstoned
Back to top
View user's profile Send private message
wyrmrider
Warrior Addict


Joined: 25 Jun 2004
Last Visit: 17 Jan 2009
Posts: 730

PostPosted: Sun Oct 09, 2005 10:24 am    Post subject: NOD 32 results- Bit Defender Results Reply with quote

Disabled antivir guard
I had bit-defender on machine so updated and ran "online scan"
no hits
then
installed NOD-W98 version
Updated to latest NOD definitions
advanced heuristics were enabled
Scanned the infected file only
no detection


will do a complete system scan later today
I have to get some work done in the next two hours then will start scan with all the options cranked up
as they say- should do this every so often

found memory usage high after exiting NOD32 W98 version
cacheman brought it down

EDIT Sunday 6PM California time
Complete SCan with NOD32 everything turned on
only found Steve Gibson's DCOMbob.exe as a Win32/Exploit.DcomRpc.A Trojan

File: DCOMbob.exe
Status:
INFECTED/MALWARE
MD5 7554c5e1b98b0e7f21016f957fbf6e84
Packers detected:
UPX
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found Trojan.Exploit.Dcomrpc.A
ClamAV
Found nothing
Dr.Web
Found Exploit.DCom.32
F-Prot Antivirus
Found nothing
Fortinet
Found W32/DcomScan.A-tr
Kaspersky Anti-Virus
Found nothing
NOD32
Found Win32/Exploit.DComRpc.A
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found Exploit.Win32.DComRpc.A

I'll have to check this out, Really doubt that Gibson's software has a trojan

Wilders has a FP thread from 2002 about a FP, but MDS is different than mine
I posted to NOD forum at Wilders

I think this is a good example of the need to run on-demand scans as well as your regular installed AV over the years I'v found several this way. No luck getting Kaspersky to be reliable on THIS machine
Back to top
View user's profile Send private message
wyrmrider
Warrior Addict


Joined: 25 Jun 2004
Last Visit: 17 Jan 2009
Posts: 730

PostPosted: Mon Oct 10, 2005 6:17 am    Post subject: TR Bravis Reply with quote

We found a new virus in the attachment you have sent us (TR.Bravis).
The signature will be integrated in one of our next updates

E-Mail today from Antivir
Back to top
View user's profile Send private message
wyrmrider
Warrior Addict


Joined: 25 Jun 2004
Last Visit: 17 Jan 2009
Posts: 730

PostPosted: Sun Oct 16, 2005 8:25 pm    Post subject: file which ANTIVIR thinks has a virus Reply with quote

275372BB.034 = C:\PROGRAM FILES\FBM SOFTWARE\INSTALLERS\ZEROSPYWARE_SETUP3.02.0036.0004PART1.TMP

Bitdefender and NOD32 think file is truncated
possible as this is a tmp file
still under investigation
will submit to FBM for analysis
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group