Here is the result of the scan of the mpn.exe file from
http://virusscan.jotti.org/It seems that Avast doesn't see the Trojan... :'(
File: mpn.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 d1f468970418e8c55e20ad188bc9ee6b
Packers detected:
-
Scanner results
Scan taken on 05 Apr 2007 09:42:56 (GMT)
AntiVir Found BDS/VanBot.BW
ArcaVir Found Trojan.Vanbot.Bw
Avast Found nothingAVG Antivirus Found Win32/CryptExe
BitDefender Found Backdoor.VanBot.AP
ClamAV Found Trojan.SdBot-5302
Dr.Web Found BackDoor.IRC.Sdbot.1207
F-Prot Antivirus Found W32/Backdoor.AKSA
F-Secure Anti-Virus Found Backdoor.Win32.VanBot.bh
Fortinet Found W32/Delbot.W!worm
Kaspersky Anti-Virus Found Backdoor.Win32.VanBot.bh
NOD32 Found Win32/Rinbot.W
Norman Virus Control Found nothing
Panda Antivirus Found W32/Rinbot.gen.worm
Rising Antivirus Found Backdoor.Mybot.yvz
VirusBuster Found Backdoor.Vanbot.Gen!Pac
VBA32 Found Trojan.Win32.Rinbot.W
The VirusTotal test does not look better...
Antivirus Version Update Result
AhnLab-V3 2007.4.5.0 04.05.2007 Win32/IRCBot.worm.213504.D
AntiVir 7.3.1.48 04.05.2007 BDS/VanBot.BW
Authentium 4.93.8 04.04.2007 W32/Backdoor.AKSA
Avast 4.7.936.0 04.04.2007 no virus foundAVG 7.5.0.447 04.04.2007 Win32/CryptExe
BitDefender 7.2 04.05.2007 Backdoor.VanBot.AP
CAT-QuickHeal 9.00 04.04.2007 no virus found
ClamAV devel-20070312 04.05.2007 Trojan.SdBot-5302
DrWeb 4.33 04.05.2007 BackDoor.IRC.Sdbot.1207
eSafe 7.0.15.0 04.04.2007 Win32.VanBot.bw
eTrust-Vet 30.7.3544 04.05.2007 Win32/Nirbot.AF
Ewido 4.0 04.04.2007 Backdoor.VanBot.bw
FileAdvisor 1 04.05.2007 no virus found
Fortinet 2.85.0.0 04.05.2007 W32/Delbot.W!worm
F-Prot 4.3.1.45 04.04.2007 W32/Backdoor.AKSA
F-Secure 6.70.13030.0 04.05.2007 Backdoor.Win32.VanBot.bh
Ikarus T3.1.1.3 04.05.2007 Backdoor.Win32.VanBot.bh
Kaspersky 4.0.2.24 04.05.2007 Backdoor.Win32.VanBot.bh
McAfee 5001 04.04.2007 W32/Nirbot.worm
Microsoft 1.2405 04.05.2007 no virus found
NOD32v2 2168 04.04.2007 Win32/Rinbot.W
Norman 5.80.02 04.05.2007 no virus found
Panda 9.0.0.4 04.05.2007 W32/Rinbot.gen.worm
Prevx1 V2 04.05.2007 Covert.Sys.Exec
Sophos 4.16.0 03.30.2007 W32/Delbot-W
Sunbelt 2.2.907.0 04.03.2007 no virus found
No autorun.exe available at home. I'll check it on my workplace.
Some more information. I found the U.exe file on my daughter's Win2k computer (protected ? by Avast Home). Furthermore, I found a M.exe file that made Avast react!!!
Here is the log file:
5/04/2007 11:19:31 Sandrine 552 Sign of "Win32:Agent-DDN [Trj]" has been found in "C:\Documents and Settings\Sandrine\Local Settings\Temporary Internet Files\Content.IE5\LBQOLI8D\m[1].exe\[CExe]" file.
5/04/2007 11:21:53 Sandrine 552 Sign of "Win32:Agent-DDN [Trj]" has been found in "C:\m.exe\[CExe]" file.
5/04/2007 11:43:45 Sandrine 552 Sign of "Win32:Agent-DDN [Trj]" has been found in "C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\41234567\m[1].exe\[CExe]" file.
5/04/2007 11:43:57 Sandrine 552 Sign of "Win32:Agent-DDN [Trj]" has been found in "C:\m.exe\[CExe]" file.
I'll have to format that computer as I notice a very high trafic on my router.
My very own computer @home is safe: I don't leave Linux Fedora
These were the fresh news from the day.
PS:
http://www.mphsknights.com/ looks like a cool place. But I've never been in the US.