Controlado nuevo FAKE TOOL DISKREPAIR “cazado” por el sistema heuristico del ELISTARA
Lo integran 2 ejecutables y una DLL:
File name: YRUvoXXeDU.VIR.exe
Submission date: 2010-12-27 16:23:27 (UTC)
Current status: queued queued analysing finished
Result: 34/ 43 (79.1%)
VT Community
malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2010.12.27.01 2010.12.27 Packed/Win32.Krap
AntiVir 7.11.0.201 2010.12.27 TR/Agent.AO.205
Antiy-AVL 2.0.3.7 2010.12.27 Packed/Win32.Krap.gen
Avast 4.8.1351.0 2010.12.27 Win32:Zbot-MXD
Avast5 5.0.677.0 2010.12.27 Win32:Zbot-MXD
AVG 9.0.0.851 2010.12.27 Generic20.AWZW
BitDefender 7.2 2010.12.27 Gen:Variant.Kazy.6387
CAT-QuickHeal 11.00 2010.12.27 Traojan.FakeAV.gen
ClamAV 0.96.4.0 2010.12.27 –
Command 5.2.11.5 2010.12.27 –
Comodo 7206 2010.12.27 Heur.Suspicious
DrWeb 5.0.2.03300 2010.12.27 Trojan.DownLoader1.46827
Emsisoft 5.1.0.1 2010.12.27 Packed.Win32.Krap!IK
eSafe 7.0.17.0 2010.12.26 –
eTrust-Vet 36.1.8063 2010.12.27 –
F-Prot 4.6.2.117 2010.12.27 –
F-Secure 9.0.16160.0 2010.12.27 Gen:Variant.Kazy.6387
Fortinet 4.2.254.0 2010.12.27 W32/Krap.GAO!tr
GData 21 2010.12.27 Gen:Variant.Kazy.6387
Ikarus T3.1.1.90.0 2010.12.27 Packed.Win32.Krap
Jiangmin 13.0.900 2010.12.27 Packed.Krap.dtuy
K7AntiVirus 9.74.3361 2010.12.27 Riskware
Kaspersky 7.0.0.125 2010.12.27 Packed.Win32.Krap.ao
McAfee 5.400.0.1158 2010.12.27 Generic FakeAlert.am
McAfee-GW-Edition 2010.1C 2010.12.27 Generic FakeAlert.am
Microsoft 1.6402 2010.12.27 Trojan:Win32/FakeSysdef
NOD32 5736 2010.12.27 a variant of Win32/Kryptik.JCY
Norman 6.06.12 2010.12.24 W32/FakeSysdef.Q
nProtect 2010-12-27.01 2010.12.27 Trojan/W32.Krap.464384.K
Panda 10.0.2.7 2010.12.27 Trj/CI.A
PCTools 7.0.3.5 2010.12.27 Trojan.Gen
Prevx 3.0 2010.12.27 Medium Risk Malware
Rising 22.79.06.07 2010.12.27 Trojan.Win32.Generic.5254B0EE
Sophos 4.60.0 2010.12.27 Mal/FakeAV-EA
SUPERAntiSpyware 4.40.0.1006 2010.12.27 Trojan.Agent/Gen-FraudWare
Symantec 20101.3.0.103 2010.12.27 Trojan.Gen.2
TheHacker 6.7.0.1.106 2010.12.27 –
TrendMicro 9.120.0.1004 2010.12.27 TROJ_FAKEAL.SMEP
TrendMicro-HouseCall 9.120.0.1004 2010.12.27 TROJ_FAKEAL.SMEP
VBA32 3.12.14.2 2010.12.27 –
VIPRE 7846 2010.12.27 Trojan.Win32.Generic!SB.0
ViRobot 2010.12.27.4222 2010.12.27 –
VirusBuster 13.6.115.0 2010.12.27 –
Additional informationShow all
MD5 : 2491c81d62e20b3c2bfbce7a548ba560
SHA1 : 3709f9865dbcebcabdc6da7baba30f1a5788299a
File size : 464384 bytes
publisher….: MOSE software
copyright….: (c) MOSE Software.
product……: MOE software
description..: mplayer
original name: mplayer
internal name: mplayer
file version.: 0.144
y el EXE complementario:
File name: xb2e04dqbJCCR.VIR.exe
Submission date: 2010-12-27 16:31:14 (UTC)
Current status: queued queued (#9) analysing finished
Result: 29/ 41 (70.7%)
VT Community
not reviewed
Safety score: –
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2010.12.27.01 2010.12.27 Packed/Win32.Krap
AntiVir 7.11.0.201 2010.12.27 TR/Agent.AO.223
Antiy-AVL 2.0.3.7 2010.12.27 –
Avast 4.8.1351.0 2010.12.27 Win32:Zbot-MXD
Avast5 5.0.677.0 2010.12.27 Win32:Zbot-MXD
AVG 9.0.0.851 2010.12.27 Generic20.AWZV
BitDefender 7.2 2010.12.27 Gen:Variant.Kazy.6387
CAT-QuickHeal 11.00 2010.12.27 Traojan.FakeAV.gen
ClamAV 0.96.4.0 2010.12.27 –
Command 5.2.11.5 2010.12.27 –
Comodo 7206 2010.12.27 TrojWare.Win32.Trojan.Agent.Gen
Emsisoft 5.1.0.1 2010.12.27 Trojan.Win32.FakeSysdef!IK
eTrust-Vet 36.1.8063 2010.12.27 –
F-Prot 4.6.2.117 2010.12.27 –
F-Secure 9.0.16160.0 2010.12.27 Gen:Variant.Kazy.6387
Fortinet 4.2.254.0 2010.12.27 W32/Krap.GAO!tr
GData 21 2010.12.27 Gen:Variant.Kazy.6387
Ikarus T3.1.1.90.0 2010.12.27 Trojan.Win32.FakeSysdef
Jiangmin 13.0.900 2010.12.27 –
K7AntiVirus 9.74.3361 2010.12.27 Riskware
Kaspersky 7.0.0.125 2010.12.27 Packed.Win32.Krap.ao
McAfee 5.400.0.1158 2010.12.27 Generic FakeAlert.am
McAfee-GW-Edition 2010.1C 2010.12.27 Generic FakeAlert.am
Microsoft 1.6402 2010.12.27 Trojan:Win32/FakeSysdef
NOD32 5736 2010.12.27 a variant of Win32/Kryptik.JCY
Norman 6.06.12 2010.12.24 W32/FakeSysdef.O
nProtect 2010-12-27.01 2010.12.27 Trojan/W32.Krap.378880.Q
Panda 10.0.2.7 2010.12.27 Trj/CI.A
PCTools 7.0.3.5 2010.12.27 –
Prevx 3.0 2010.12.27 Low Risk Adware
Rising 22.79.06.07 2010.12.27 Packer.Win32.Agent.bk
Sophos 4.60.0 2010.12.27 Mal/FakeAV-EA
SUPERAntiSpyware 4.40.0.1006 2010.12.27 Trojan.Agent/Gen-FakeSoft
Symantec 20101.3.0.103 2010.12.27 –
TheHacker 6.7.0.1.106 2010.12.27 –
TrendMicro 9.120.0.1004 2010.12.27 TROJ_FAKEAL.SMEP
TrendMicro-HouseCall 9.120.0.1004 2010.12.27 TROJ_FAKEAL.SMEP
VBA32 3.12.14.2 2010.12.27 –
VIPRE 7846 2010.12.27 Trojan.Win32.Generic.pak!cobra
ViRobot 2010.12.27.4222 2010.12.27 –
VirusBuster 13.6.115.0 2010.12.27 –
Additional informationShow all
MD5 : 28f10d91ef937b2bbb425a06cf85ceb0
SHA1 : 9362df3f53096d2ea671548a00ddd9a6d81397bf
File size : 378880 bytes
publisher….: Optimization Corporation
copyright….: (c) Optimization Software . All rights reserved.
product……: Optimization
description..: Optimization
original name: Optimization
internal name: Optimization
file version.: 10
y la DLL:
File name: XnVsvgjlmC.dll
Submission date: 2010-12-24 13:33:17 (UTC)
Current status: finished
Result: 24 /43 (55.8%)
VT Community
not reviewed
Safety score: –
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2010.12.24.00 2010.12.23 Packed/Win32.Krap
AntiVir 7.11.0.174 2010.12.24 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2010.12.24 Packed/Win32.Krap.gen
Avast 4.8.1351.0 2010.12.24 Win32:Zbot-MXD
Avast5 5.0.677.0 2010.12.24 Win32:Zbot-MXD
AVG 9.0.0.851 2010.12.24 Generic20.AWZX
BitDefender 7.2 2010.12.24 Gen:Variant.Kazy.6380
CAT-QuickHeal 11.00 2010.12.24 –
ClamAV 0.96.4.0 2010.12.24 –
Command 5.2.11.5 2010.12.24 –
Comodo 7172 2010.12.24 –
DrWeb 5.0.2.03300 2010.12.24 –
Emsisoft 5.1.0.1 2010.12.24 Trojan.Crypt!IK
eSafe 7.0.17.0 2010.12.22 –
eTrust-Vet 36.1.8059 2010.12.24 –
F-Prot 4.6.2.117 2010.12.24 –
F-Secure 9.0.16160.0 2010.12.24 Gen:Variant.Kazy.6380
Fortinet 4.2.254.0 2010.12.24 W32/Krap.GAO!tr
GData 21 2010.12.24 Gen:Variant.Kazy.6380
Ikarus T3.1.1.90.0 2010.12.24 Trojan.Crypt
Jiangmin 13.0.900 2010.12.24 –
K7AntiVirus 9.74.3335 2010.12.24 –
Kaspersky 7.0.0.125 2010.12.24 Packed.Win32.Krap.ao
McAfee 5.400.0.1158 2010.12.24 Generic FakeAlert.am
McAfee-GW-Edition 2010.1C 2010.12.24 Generic FakeAlert.am
Microsoft 1.6402 2010.12.24 –
NOD32 5729 2010.12.24 a variant of Win32/Kryptik.JCY
Norman 6.06.12 2010.12.24 W32/FakeSysdef.P
nProtect 2010-12-24.01 2010.12.24 Gen:Variant.Kazy.6380
Panda 10.0.2.7 2010.12.24 Trj/CI.A
PCTools 7.0.3.5 2010.12.24 –
Prevx 3.0 2010.12.24 –
Rising 22.79.03.04 2010.12.24 –
Sophos 4.60.0 2010.12.24 Mal/FakeAV-EA
SUPERAntiSpyware 4.40.0.1006 2010.12.24 Trojan.Agent/Gen-FakeSoft
Symantec 20101.3.0.103 2010.12.24 Suspicious.Cloud.5
TheHacker 6.7.0.1.104 2010.12.21 –
TrendMicro 9.120.0.1004 2010.12.24 TROJ_FAKEAL.SMEP
TrendMicro-HouseCall 9.120.0.1004 2010.12.24 TROJ_FAKEAL.SMEP
VBA32 3.12.14.2 2010.12.23 –
VIPRE 7802 2010.12.24 –
ViRobot 2010.12.24.4218 2010.12.24 –
VirusBuster 13.6.111.0 2010.12.24 –
Additional informationShow all
MD5 : e229eee527649b9bb6552a6f3a40410e
SHA1 : b323d24ef5374abe394830bf67840793d69c3bd0
File size : 420352 bytes
publisher….: MediaPlayer software
copyright….: (c) MediaPlayer Software.
product……: MediaPlayer software
description..: mediaplayer
original name: mediaplay
internal name: mediaplayer
file version.: 4747
Todos ellos ya son detectados y eliminados a partir de la version 22.27 del ELISTARA.EXE :
(27-12-2010 16:40:09 (GMT))
EliStartPage v22.27 (c)2010 S.G.H. / Satinfo S.L. (Actualizado el 24 de Diciembre del 2010)
————————————————–
Lista de Acciones (por Exploración):
Explorando “A:\”
A:\XB2E04DQBJCCR.VIR.EXE –> Eliminado, FakeTool.DiskRepair
A:\XNVSVGJLMC.DLL.VIR –> Eliminado, FakeTool.DiskRepair(dll)
A:\YRUVOXXEDU.VIR.EXE –> Eliminado, FakeTool.DiskRepair(dr)
La version 22.27 del ELISTARA.EXE ya está disponible en nuestra web.
saludos
ms, 27-2-2010
NOTA: Los interesados en información sobre contrato de soporte Asistencia Tecnica de SATINFO y/o licencia de uso/actualizaciones de sus utilidades, contacten con info@satinfo.es
__________
Este blog no se hace responsable de las opiniones y comentarios de los textos en los que se cita la Fuente, ofreciendo su contenido solo para facilitar el acceso a la información del mismo.
Puedes seguir cualquier respuesta a esta entrada mediante el canal RSS 2.0. Los comentarios y los pings están cerrados.
Siguenos
en facebook
Los comentarios están cerrados.