4 nuevas variantes del WORM KOOBFACE recibidas para analizar
Pasamos a añadir el control y eliminacion de 4 nuevas y diferentes variantes del KOOBFACE a partir de la version 23.60 del ELISTARA de hoy
File name:
btw_oko.dll
Submission date:
2011-07-11 06:58:34 (UTC)
Current status:
finished
Result:
29 /43 (67.4%)
VT Community
malware
Safety score: 0.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.07.11.01 2011.07.11 Win-Trojan/Koobface.144896
AntiVir 7.11.11.48 2011.07.11 TR/Drop.Koobface.J.52
Antiy-AVL 2.0.3.7 2011.07.11 –
Avast 4.8.1351.0 2011.07.10 Win32:Malware-gen
Avast5 5.0.677.0 2011.07.10 Win32:Malware-gen
AVG 10.0.0.1190 2011.07.10 Dropper.Generic2.CIG
BitDefender 7.2 2011.07.11 Trojan.Koobface.198
CAT-QuickHeal 11.00 2011.07.11 TrojanDropper.Koobface.j
ClamAV 0.97.0.0 2011.07.11 –
Commtouch 5.3.2.6 2011.07.10 W32/Koobface.M.gen!Eldorado
Comodo 9344 2011.07.11 –
DrWeb 5.0.2.03300 2011.07.11 –
Emsisoft 5.1.0.8 2011.07.11 Trojan-Dropper.Win32.Koobface!IK
eSafe 7.0.17.0 2011.07.07 –
eTrust-Vet 36.1.8434 2011.07.08 –
F-Prot 4.6.2.117 2011.07.10 W32/Koobface.M.gen!Eldorado
F-Secure 9.0.16440.0 2011.07.11 Trojan.Koobface.198
Fortinet 4.2.257.0 2011.07.11 –
GData 22 2011.07.11 Trojan.Koobface.198
Ikarus T3.1.1.104.0 2011.07.11 Trojan-Dropper.Win32.Koobface
Jiangmin 13.0.900 2011.07.10 –
K7AntiVirus 9.108.4891 2011.07.10 Riskware
Kaspersky 9.0.0.837 2011.07.11 UDS:DangerousObject.Multi.Generic
McAfee 5.400.0.1158 2011.07.11 Artemis!0598993AB6B3
McAfee-GW-Edition 2010.1D 2011.07.11 Artemis!0598993AB6B3
Microsoft 1.7000 2011.07.11 –
NOD32 6282 2011.07.11 probably a variant of Win32/Tinxy.BN
Norman 6.07.10 2011.07.10 Koobface.GRI
nProtect 2011-07-10.01 2011.07.10 –
Panda 10.0.3.5 2011.07.10 Generic Malware
PCTools 8.0.0.5 2011.07.11 Net-Worm.Koobface
Prevx 3.0 2011.07.11 Medium Risk Malware
Rising 23.65.04.03 2011.07.08 –
Sophos 4.67.0 2011.07.11 Mal/Koobface-C
SUPERAntiSpyware 4.40.0.1006 2011.07.11 Trojan.Agent/Gen-Koobface
Symantec 20111.1.0.186 2011.07.11 W32.Koobface!gen4
TheHacker 6.7.0.1.252 2011.07.11 –
TrendMicro 9.200.0.1012 2011.07.11 TROJ_GEN.R00E1GD
TrendMicro-HouseCall 9.200.0.1012 2011.07.11 TROJ_GEN.R00E1GD
VBA32 3.12.16.4 2011.07.11 –
VIPRE 9831 2011.07.11 Trojan.Win32.Generic!BT
ViRobot 2011.7.11.4561 2011.07.11 –
VirusBuster 14.0.117.0 2011.07.10 Trojan.DR.Koobface!x9fmNLQNCko
Additional information
MD5 : 0598993ab6b3af9964e024041e45c6fa
SHA1 : d50f7fc479e43deb32922f27d2f6c112dda4955e
File size : 144896 bytes
publisher….: Panda Software
copyright….: Copyright (C) 1992-2003
product……: Control Symantec Webroot Configuration Sweeper
description..: DirectCD Security Agent Driver NetDDE
original name: btw_oko.dll
internal name: btw_oko.dll
file version.: 4.49.39
___________
File name:
aokomon.dll
Submission date:
2011-07-11 07:15:48 (UTC)
Current status:
finished
Result:
33 /43 (76.7%)
VT Community
malware
Safety score: 0.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.07.11.01 2011.07.11 Win32/Koobface.worm.133632
AntiVir 7.11.11.48 2011.07.11 Worm/Koobface.gie
Antiy-AVL 2.0.3.7 2011.07.11 –
Avast 4.8.1351.0 2011.07.10 Win32:Malware-gen
Avast5 5.0.677.0 2011.07.10 Win32:Malware-gen
AVG 10.0.0.1190 2011.07.10 Worm/Koobface.AE
BitDefender 7.2 2011.07.11 Win32.Worm.Koobface.AQN
CAT-QuickHeal 11.00 2011.07.11 I-Worm.Koobface.gie
ClamAV 0.97.0.0 2011.07.11 –
Commtouch 5.3.2.6 2011.07.10 W32/MalwareF.ADMJJ
Comodo 9344 2011.07.11 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.07.11 –
Emsisoft 5.1.0.8 2011.07.11 Trojan-Dropper.Win32.Koobface!IK
eSafe 7.0.17.0 2011.07.07 Win32.Koobface.A
eTrust-Vet 36.1.8434 2011.07.08 –
F-Prot 4.6.2.117 2011.07.10 W32/MalwareF.ADMJJ
F-Secure 9.0.16440.0 2011.07.11 Win32.Worm.Koobface.AQN
Fortinet 4.2.257.0 2011.07.11 –
GData 22 2011.07.11 Win32.Worm.Koobface.AQN
Ikarus T3.1.1.104.0 2011.07.11 Trojan-Dropper.Win32.Koobface
Jiangmin 13.0.900 2011.07.10 Worm/Koobface.bfk
K7AntiVirus 9.108.4891 2011.07.10 Riskware
Kaspersky 9.0.0.837 2011.07.11 Net-Worm.Win32.Koobface.gie
McAfee 5.400.0.1158 2011.07.11 W32/Koobface.worm.as
McAfee-GW-Edition 2010.1D 2011.07.11 Generic.dx!rvh
Microsoft 1.7000 2011.07.11 TrojanDropper:Win32/Dunik!rts
NOD32 6282 2011.07.11 Win32/Tinxy.BJ
Norman 6.07.10 2011.07.10 Koobface.GRI
nProtect 2011-07-10.01 2011.07.10 –
Panda 10.0.3.5 2011.07.10 W32/Koobface.C.worm
PCTools 8.0.0.5 2011.07.11 Net-Worm.Koobface
Prevx 3.0 2011.07.11 –
Rising 23.65.04.03 2011.07.08 –
Sophos 4.67.0 2011.07.11 Mal/Koobface-C
SUPERAntiSpyware 4.40.0.1006 2011.07.11 Trojan.Agent/Gen-Koobface
Symantec 20111.1.0.186 2011.07.11 W32.Koobface
TheHacker 6.7.0.1.252 2011.07.11 –
TrendMicro 9.200.0.1012 2011.07.11 WORM_KOOBFACE.JK
TrendMicro-HouseCall 9.200.0.1012 2011.07.11 WORM_KOOBFACE.JK
VBA32 3.12.16.4 2011.07.11 Net-Worm.Win32.Koobface.gie
VIPRE 9831 2011.07.11 Trojan.Win32.Generic!BT
ViRobot 2011.7.11.4561 2011.07.11 –
VirusBuster 14.0.117.0 2011.07.10 Worm.Koobface!fR97y9vnB2M
Additional information
MD5 : b62490fb8ee7e1ab7c6717dd6dd9fa77
SHA1 : 53c64eb6d0f0d7ec532dcd1f7deed600a9a8a44a
File size : 133632 bytes
publisher….: PCTEL
copyright….: (c) PCTEL. All rights reserved.
product……: Helper
description..: HotKey Extension DHCP Antivirus ThinkPad Support Driver Applet Optimization
original name: aokomon.dll
internal name: aokomon.dll
file version.: 8.84.10.38
________
File name:
certoko.dll
Submission date:
2011-07-11 07:08:39 (UTC)
Current status:
finished
Result:
35 /43 (81.4%)
VT Community
malware
Safety score: 0.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.07.11.01 2011.07.11 Win32/Koobface.worm.126464
AntiVir 7.11.11.48 2011.07.11 Worm/Koobface.ghe
Antiy-AVL 2.0.3.7 2011.07.11 –
Avast 4.8.1351.0 2011.07.10 Win32:Malware-gen
Avast5 5.0.677.0 2011.07.10 Win32:Malware-gen
AVG 10.0.0.1190 2011.07.10 Worm/Koobface.AE
BitDefender 7.2 2011.07.11 Win32.Worm.Koobface.AQF
CAT-QuickHeal 11.00 2011.07.11 I-Worm.Koobface.ghe
ClamAV 0.97.0.0 2011.07.11 –
Commtouch 5.3.2.6 2011.07.10 W32/Koobface.K.gen!Eldorado
Comodo 9344 2011.07.11 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.07.11 Win32.HLLW.Facebook.688
Emsisoft 5.1.0.8 2011.07.11 Trojan-Proxy.Win32.Koobface!IK
eSafe 7.0.17.0 2011.07.07 –
eTrust-Vet 36.1.8434 2011.07.08 Win32/Koobface.MF
F-Prot 4.6.2.117 2011.07.10 W32/Koobface.K.gen!Eldorado
F-Secure 9.0.16440.0 2011.07.11 Win32.Worm.Koobface.AQF
Fortinet 4.2.257.0 2011.07.11 –
GData 22 2011.07.11 Win32.Worm.Koobface.AQF
Ikarus T3.1.1.104.0 2011.07.11 Trojan-Proxy.Win32.Koobface
Jiangmin 13.0.900 2011.07.10 Worm/Koobface.ayb
K7AntiVirus 9.108.4891 2011.07.10 Riskware
Kaspersky 9.0.0.837 2011.07.11 Net-Worm.Win32.Koobface.ghe
McAfee 5.400.0.1158 2011.07.11 Generic.dx!rej
McAfee-GW-Edition 2010.1D 2011.07.11 Generic.dx!rej
Microsoft 1.7000 2011.07.11 TrojanProxy:Win32/Koobface.gen!L
NOD32 6282 2011.07.11 a variant of Win32/Tinxy.BN
Norman 6.07.10 2011.07.10 Koobface.GRI
nProtect 2011-07-10.01 2011.07.10 –
Panda 10.0.3.5 2011.07.10 Trj/CI.A
PCTools 8.0.0.5 2011.07.11 Downloader.Generic
Prevx 3.0 2011.07.11 High Risk Worm
Rising 23.65.04.03 2011.07.08 Trojan.Win32.Generic.11E78BA1
Sophos 4.67.0 2011.07.11 Mal/Koobface-C
SUPERAntiSpyware 4.40.0.1006 2011.07.11 Trojan.Agent/Gen-Koobface
Symantec 20111.1.0.186 2011.07.11 Downloader
TheHacker 6.7.0.1.252 2011.07.11 Trojan/Tinxy.bj
TrendMicro 9.200.0.1012 2011.07.11 –
TrendMicro-HouseCall 9.200.0.1012 2011.07.11 –
VBA32 3.12.16.4 2011.07.11 –
VIPRE 9831 2011.07.11 Trojan.Win32.Generic!BT
ViRobot 2011.7.11.4561 2011.07.11 Trojan.Win32.Koobface.126464
VirusBuster 14.0.117.0 2011.07.10 Worm.Koobface!c9No4tnHFA4
Additional information
MD5 : 185361ec2e643a9b1dfc65e3142678dc
SHA1 : f44c85b8499f8b94d9dcecfe49227cf115b940ba
File size : 126464 bytes
publisher….: Guillemot Corporation
copyright….: Copyright (C) 1994-1995
product……: Digital
description..: Utility Antivirus Symantec Canon Editor Icon CA
original name: certoko.dll
internal name: certoko.dll
file version.: 3.47
________
File name:
cfgormd.dll.vir
Submission date:
2011-07-11 07:46:18 (UTC)
Current status:
finished
Result:
31 /43 (72.1%)
VT Community
malware
Safety score: 0.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.07.11.01 2011.07.11 Win-Trojan/Avkill.163328
AntiVir 7.11.11.50 2011.07.11 TR/AvKill.GR
Antiy-AVL 2.0.3.7 2011.07.11 –
Avast 4.8.1351.0 2011.07.10 Win32:Malware-gen
Avast5 5.0.677.0 2011.07.10 Win32:Malware-gen
AVG 10.0.0.1190 2011.07.10 Worm/Koobface.AU
BitDefender 7.2 2011.07.11 Trojan.Koobface.213
CAT-QuickHeal 11.00 2011.07.11 TrojanProxy.Koobface.n
ClamAV 0.97.0.0 2011.07.11 –
Commtouch 5.3.2.6 2011.07.11 W32/Koobface.M.gen!Eldorado
Comodo 9344 2011.07.11 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.07.11 –
Emsisoft 5.1.0.8 2011.07.11 Virus.Worm.Koobface!IK
eSafe 7.0.17.0 2011.07.07 –
eTrust-Vet 36.1.8434 2011.07.08 –
F-Prot 4.6.2.117 2011.07.10 W32/Koobface.M.gen!Eldorado
F-Secure 9.0.16440.0 2011.07.11 Trojan.Koobface.213
Fortinet 4.2.257.0 2011.07.11 W32/Koobface.C
GData 22 2011.07.11 Trojan.Koobface.213
Ikarus T3.1.1.104.0 2011.07.11 Virus.Worm.Koobface
Jiangmin 13.0.900 2011.07.10 Trojan/AVKill.af
K7AntiVirus 9.108.4891 2011.07.10 Riskware
Kaspersky 9.0.0.837 2011.07.11 Trojan.Win32.AVKill.gr
McAfee 5.400.0.1158 2011.07.11 Artemis!6043FD585BF4
McAfee-GW-Edition 2010.1D 2011.07.11 Artemis!6043FD585BF4
Microsoft 1.7000 2011.07.11 –
NOD32 6282 2011.07.11 Win32/Tinxy.BN
Norman 6.07.10 2011.07.10 W32/Suspicious_Gen2.CODXC
nProtect 2011-07-10.01 2011.07.10 –
Panda 10.0.3.5 2011.07.10 Trj/AVKiller.AO
PCTools 8.0.0.5 2011.07.11 Net-Worm.Koobface
Prevx 3.0 2011.07.11 –
Rising 23.65.04.03 2011.07.08 –
Sophos 4.67.0 2011.07.11 Mal/Koobface-C
SUPERAntiSpyware 4.40.0.1006 2011.07.11 –
Symantec 20111.1.0.186 2011.07.11 W32.Koobface!gen4
TheHacker 6.7.0.1.252 2011.07.11 Trojan/AVKill.gr
TrendMicro 9.200.0.1012 2011.07.11 TROJ_GEN.R28E1H4
TrendMicro-HouseCall 9.200.0.1012 2011.07.11 TROJ_GEN.R28E1H4
VBA32 3.12.16.4 2011.07.11 Trojan.Win32.AVKill.gr
VIPRE 9831 2011.07.11 Trojan.Win32.Generic!BT
ViRobot 2011.7.11.4561 2011.07.11 –
VirusBuster 14.0.117.0 2011.07.10 –
Additional information
MD5 : 6043fd585bf40132f22dbf8eeb7c10af
SHA1 : 29a114bf6ea78b3d533cd694631082fe9519c457
File size : 163328 bytes
publisher….: Huawei Technologies Co., Ltd.
copyright….: Copyright (c) 1991-2002
product……: USB
description..: Manager Used Mode Instant Microsoft Driver Control
original name: cfgormd.dll
internal name: cfgormd.dll
file version.: 6.82
_________
Como comentario podemos decir que modifica el fichero HOSTS e impide acceder a casas antivirus, siendo regenerado maliciosamente por mas que se cambie, mientras no se elimine el malware.
Dicha version del ELISTARA 23.60 que los detecta y elimina, estará disponible en nuestra web a partir de las 19 h CEST de hoy
saludos
ms, 11-7-2011
NOTA: Los interesados en información sobre contrato de soporte Asistencia Tecnica de SATINFO y/o licencia de uso/actualizaciones de sus utilidades, contacten con info@satinfo.es
__________
Este blog no se hace responsable de las opiniones y comentarios de los textos en los que se cita la Fuente, ofreciendo su contenido solo para facilitar el acceso a la información del mismo.
Puedes seguir cualquier respuesta a esta entrada mediante el canal RSS 2.0. Los comentarios y los pings están cerrados.
Los comentarios están cerrados.