Instalador de grabador de CD con regalito añadido
El instalador en cuestión, añade, además de instalar el grabador de CD’s, un troyano ADVANTAGE, que despues de desinstalar dicha instalación, queda vivo y coleando
Se controla tanto el instalador como el troyano instalado a partir del ELISTARA 24.32 de hoy
El preanalisis del instalador con el virustotal ofrece el siguiente informe
File name: Clone2CDDVDBurner.exe
Submission date: 2011-11-22 08:00:02 (UTC)
Current status: finished
Result: 27 /42 (64.3%)
VT Community
malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.11.21.00 2011.11.21 –
AntiVir 7.11.17.253 2011.11.22 ADSPY/Advantage.A.107
Antiy-AVL 2.0.3.7 2011.11.22 Trojan/win32.agent.gen
Avast 6.0.1289.0 2011.11.21 Win32:Relevant-P [PUP]
AVG 10.0.0.1190 2011.11.21 RelevantKnowledge
BitDefender 7.2 2011.11.22 Dropped:Spyware.Relevantknowledge.A
ByteHero 1.0.0.1 2011.11.14 –
ClamAV 0.97.3.0 2011.11.22 –
Commtouch 5.3.2.6 2011.11.22 –
Comodo 10781 2011.11.22 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.11.22 Adware.Relevant.67
Emsisoft 5.1.0.11 2011.11.22 AdWare.Win32.Advantage!IK
eSafe 7.0.17.0 2011.11.20 Win32.ADSPYAdvantage
eTrust-Vet 37.0.9580 2011.11.21 –
F-Prot 4.6.5.141 2011.11.22 –
F-Secure 9.0.16440.0 2011.11.21 Dropped:Spyware.Relevantknowledge.A
Fortinet 4.3.370.0 2011.11.22 Riskware/RK
GData 22 2011.11.22 Dropped:Spyware.Relevantknowledge.A
Ikarus T3.1.1.109.0 2011.11.22 AdWare.Win32.Advantage
Jiangmin 13.0.900 2011.11.16 –
K7AntiVirus 9.119.5508 2011.11.21 –
Kaspersky 9.0.0.837 2011.11.22 not-a-virus:WebToolbar.Win32.RK.cb
McAfee 5.400.0.1158 2011.11.22 Artemis!77A925C1DB93
McAfee-GW-Edition 2010.1D 2011.11.22 Artemis!77A925C1DB93
Microsoft 1.7801 2011.11.22 Adware:Win32/Advantage
NOD32 6649 2011.11.22 Win32/Adware.MarketScore.A
Norman 6.07.13 2011.11.21 W32/Obfuscated.OI
nProtect 2011-11-21.02 2011.11.21 –
Panda 10.0.3.5 2011.11.21 –
PCTools 8.0.0.5 2011.11.22 Adware.ADH
Prevx 3.0 2011.11.22 –
Rising 23.85.01.02 2011.11.22 Trojan.Win32.Generic.11E426C9
Sophos 4.71.0 2011.11.22 RelevantKnowledge
SUPERAntiSpyware 4.40.0.1006 2011.11.22 –
Symantec 20111.2.0.82 2011.11.22 Adware.ADH
TheHacker 6.7.0.1.346 2011.11.22 –
TrendMicro 9.500.0.1008 2011.11.22 TROJ_GEN.R47C2AQ
TrendMicro-HouseCall 9.500.0.1008 2011.11.22 TROJ_GEN.R47C2AQ
VBA32 3.12.16.4 2011.11.22 Adware.RK.ab
VIPRE 11114 2011.11.22 MeMedia.AdVantage
ViRobot 2011.11.22.4786 2011.11.22 –
VirusBuster 14.1.76.0 2011.11.21 –
Additional informationShow all
MD5 : 77a925c1db93595be78532343e8c3095
SHA1 : 061e5f20b053ed20fa3ba6410dc1aec5125ec658
File size : 1727618 bytes
publisher….: Excellent Technology Exchange
copyright….: n/a
product……:
description..: Artisan CD/DVD Burner Setup
__________
Los dos ficheros que deja instalados y que son propiamente el malware Avantage ofreces estos informes:
File name: AdVantageSetup.exe
Submission date: 2011-11-22 10:18:05 (UTC)
Current status: finished
Result: 27 /43 (62.8%)
VT Community
malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.11.21.00 2011.11.21 Win-Adware/Advantage.174080
AntiVir 7.11.17.254 2011.11.22 –
Antiy-AVL 2.0.3.7 2011.11.22 Trojan/Win32.KillFiles.gen
Avast 6.0.1289.0 2011.11.22 Win32:PUP-gen [PUP]
AVG 10.0.0.1190 2011.11.21 –
BitDefender 7.2 2011.11.22 Gen:Adware.Heur.kq0@Ryqokeai
ByteHero 1.0.0.1 2011.11.14 Trojan.Malware.Win32.xPack.m
CAT-QuickHeal 12.00 2011.11.22 –
ClamAV 0.97.3.0 2011.11.22 –
Commtouch 5.3.2.6 2011.11.22 W32/Adware.ADGJ
Comodo 10781 2011.11.22 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.11.22 Adware.SaveNow.144
Emsisoft 5.1.0.11 2011.11.22 Adware.Advantage!IK
eSafe 7.0.17.0 2011.11.20 Win32.ADSPYAdSpy
eTrust-Vet 37.0.9581 2011.11.22 –
F-Prot 4.6.5.141 2011.11.22 W32/Adware.ADGJ
F-Secure 9.0.16440.0 2011.11.22 Adware:W32/AdVantage
Fortinet 4.3.370.0 2011.11.22 –
GData 22 2011.11.22 Gen:Adware.Heur.kq0@Ryqokeai
Ikarus T3.1.1.109.0 2011.11.22 not-a-virus:Adware.Advantage
Jiangmin 13.0.900 2011.11.22 Adware/AdSpy.n
K7AntiVirus 9.119.5508 2011.11.21 Trojan
Kaspersky 9.0.0.837 2011.11.22 –
McAfee 5.400.0.1158 2011.11.22 Generic PUP.x
McAfee-GW-Edition 2010.1D 2011.11.22 Generic PUP.x
Microsoft 1.7801 2011.11.22 Adware:Win32/Advantage
NOD32 6649 2011.11.22 Win32/Adware.WhenU.SaveNow
Norman 6.07.13 2011.11.21 –
nProtect 2011-11-22.01 2011.11.22 –
Panda 10.0.3.5 2011.11.21 Generic Malware
PCTools 8.0.0.5 2011.11.22 –
Prevx 3.0 2011.11.22 Medium Risk Malware
Rising 23.85.01.02 2011.11.22 Trojan.Win32.Generic.125E6524
Sophos 4.71.0 2011.11.22 –
SUPERAntiSpyware 4.40.0.1006 2011.11.22 –
Symantec 20111.2.0.82 2011.11.22 WS.Reputation.1
TheHacker 6.7.0.1.346 2011.11.22 –
TrendMicro 9.500.0.1008 2011.11.22 –
TrendMicro-HouseCall 9.500.0.1008 2011.11.22 –
VBA32 3.12.16.4 2011.11.22 Win32.Adware.WhenU.SaveNow
VIPRE 11114 2011.11.22 NetAdware
ViRobot 2011.11.22.4787 2011.11.22 –
VirusBuster 14.1.76.0 2011.11.21 Adware.Advantage!D96gOSSdwZE
Additional informationShow all
MD5 : 8b3d9438c733fbbede4fe518d9aee309
SHA1 : dcee5c602e55bc27ac9918d76dd7375e64df18e1
File size : 174080 bytes
publisher….: AdVantage
copyright….: (c) 2007 AdVantage. All rights reserved.
product……: AdVantage Setup
description..: AdVantage Setup
original name: AdVantageSetup.exe
internal name: n/a
file version.: 6, 4, 2, 10201
_________
File name: rkverify.exe
Submission date: 2011-11-22 10:13:35 (UTC)
Current status: finished
Result: 21 /43 (48.8%)
VT Community
malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.11.21.00 2011.11.21 –
AntiVir 7.11.17.254 2011.11.22 –
Antiy-AVL 2.0.3.7 2011.11.22 –
Avast 6.0.1289.0 2011.11.22 Win32:Relevant-P [PUP]
AVG 10.0.0.1190 2011.11.21 RelevantKnowledge
BitDefender 7.2 2011.11.22 Dropped:Spyware.Relevantknowledge.A
ByteHero 1.0.0.1 2011.11.14 –
CAT-QuickHeal 12.00 2011.11.22 –
ClamAV 0.97.3.0 2011.11.22 –
Commtouch 5.3.2.6 2011.11.22 W32/MalwareF.BTCN
Comodo 10780 2011.11.18 –
DrWeb 5.0.2.03300 2011.11.22 Adware.Relevant.67
Emsisoft 5.1.0.11 2011.11.22 –
eSafe 7.0.17.0 2011.11.20 Win32.ADSPYAdSpy
eTrust-Vet 37.0.9581 2011.11.22 –
F-Prot 4.6.5.141 2011.11.22 W32/MalwareF.BTCN
F-Secure 9.0.16440.0 2011.11.22 Dropped:Spyware.Relevantknowledge.A
Fortinet 4.3.370.0 2011.11.22 Misc/Oss
GData 22 2011.11.22 Dropped:Spyware.Relevantknowledge.A
Ikarus T3.1.1.109.0 2011.11.22 –
Jiangmin 13.0.900 2011.11.22 DangerousObject.Multi.bxf
K7AntiVirus 9.119.5508 2011.11.21 –
Kaspersky 9.0.0.837 2011.11.22 –
McAfee 5.400.0.1158 2011.11.22 –
McAfee-GW-Edition 2010.1D 2011.11.22 –
Microsoft 1.7801 2011.11.22 –
NOD32 6649 2011.11.22 Win32/Adware.MarketScore.A
Norman 6.07.13 2011.11.21 W32/Obfuscated.OI
nProtect 2011-11-22.01 2011.11.22 Trojan-Clicker/W32.Relevant.275072
Panda 10.0.3.5 2011.11.21 Spyware/MarketScore
PCTools 8.0.0.5 2011.11.22 –
Prevx 3.0 2011.11.22 –
Rising 23.85.01.02 2011.11.22 Trojan.Win32.Generic.12520FEC
Sophos 4.71.0 2011.11.22 RelevantKnowledge
SUPERAntiSpyware 4.40.0.1006 2011.11.22 –
Symantec 20111.2.0.82 2011.11.22 –
TheHacker 6.7.0.1.346 2011.11.22 Trojan/Genome.rzve
TrendMicro 9.500.0.1008 2011.11.22 –
TrendMicro-HouseCall 9.500.0.1008 2011.11.22 –
VBA32 3.12.16.4 2011.11.22 Adware.MarketScore.a
VIPRE 11114 2011.11.22 Trojan.Win32.Generic!BT
ViRobot 2011.11.22.4787 2011.11.22 Adware.Relevant.275072
VirusBuster 14.1.76.0 2011.11.21 –
Additional informationShow all
MD5 : 020ce95075f8c93e6cc957953d7f4589
SHA1 : e192a200e36974b8e0637230a8cb5905090f7555
File size : 275072 bytes
publisher….: TMRG, INC.
copyright….: Copyright (C) 2007-2010
product……: rkverify
description..: rkverify
original name: rkverify.exe
internal name: rkverify
file version.: 0, 2, 3, 15
Todos los ficheros indicados son detectados y eliminados a partir del ELISTARA 24.32 de hoy
Dicha versión del ELISTARA 24.32 estará disponible en nuestra web a partir de las 19 h CEST de hoy
saludos
ms, 22/11/2011
NOTA: Los interesados en información sobre contrato de soporte Asistencia Tecnica de SATINFO y/o licencia de uso/actualizaciones de sus utilidades, contacten con info@satinfo.es
__________
Este blog no se hace responsable de las opiniones y comentarios de los textos en los que se cita la Fuente, ofreciendo su contenido solo para facilitar el acceso a la información del mismo.
Puedes seguir cualquier respuesta a esta entrada mediante el canal RSS 2.0. Los comentarios y los pings están cerrados.
Los comentarios están cerrados.