Author Topic: New virus and old not virus (Read 5521 times)

yvs · « **on:** September 05, 2007, 05:32:26 PM »

Virus - http://www.yvs.mak[blam]eevka.com/files/msntwbwu.exe.zip (4Kb)
Not virus - http://www.yvs.make[blem]evka.com/files/dmaster.zip (800Kb)

FreewheelinFrank · « **Reply #1 on:** September 05, 2007, 05:55:14 PM »

yvs,

Please don't post links to viruses on the forum- email them to virus[at]avast.com in a password-protected zip file (don't forget to include the password) or put the file in the 'user files' section of the chest and email it from there.

The same is true for suspected false positives.

yvs · « **Reply #2 on:** September 05, 2007, 06:06:24 PM »

Quote from: FreewheelinFrank on September 05, 2007, 05:55:14 PM

Please don't post links to viruses

Ok, files deleted.

Quote from: FreewheelinFrank on September 05, 2007, 05:55:14 PM

email them to virus[at]avast.com

Emailed at 28.08.2007. No results and no answers.

yvs · « **Reply #3 on:** September 05, 2007, 07:23:40 PM »

from Virustotal:

------------------------------------------------------
AhnLab-V3 2007.9.5.0 2007.09.05 -
AntiVir 7.6.0.5 2007.09.05 TR/PSW.LDPinch.TAW.379
Authentium 4.93.8 2007.09.05 -
Avast 4.7.1029.0 2007.09.05 -
AVG 7.5.0.485 2007.09.05 Win32/PolyCrypt
BitDefender 7.2 2007.09.05 Trojan.PWS.LDPinch.TAW
CAT-QuickHeal 9.00 2007.09.05 Trojan.PolyCrypt.d
ClamAV 0.91.2 2007.09.05 -
DrWeb 4.33 2007.09.05 Trojan.Packed.166
eSafe 7.0.15.0 2007.09.04 Win32.PolyCrypt.d
eTrust-Vet 31.1.5111 2007.09.05 -
Ewido 4.0 2007.09.05 -
FileAdvisor 1 2007.09.05 -
Fortinet 3.11.0.0 2007.09.05 W32/AvPak.D
F-Prot 4.3.2.48 2007.09.05 -
F-Secure 6.70.13030.0 2007.09.05 Packed.Win32.PolyCrypt.d
Ikarus T3.1.1.12 2007.09.05 Trojan-Downloader.Win32.Small.cyn
Kaspersky 4.0.2.24 2007.09.05 Packed.Win32.PolyCrypt.d
McAfee 5112 2007.09.04 -
Microsoft 1.2803 2007.09.05 TrojanDownloader:Win32/Small.CBA
NOD32v2 2507 2007.09.05 -
Norman 5.80.02 2007.09.05 -
Panda 9.0.0.4 2007.09.05 Trj/Downloader.MDW
Prevx1 V2 2007.09.05 -
Rising 19.39.22.00 2007.09.05 Packer.RyCrypt
Sophos 4.21.0 2007.09.05 Mal/Generic-A
Sunbelt 2.2.907.0 2007.09.05 Trojan-PWS.LDPinch.TAW
Symantec 10 2007.09.05 -
TheHacker 6.1.9.178 2007.09.05 Trojan/PolyCrypt.d
VBA32 3.12.2.3 2007.09.04 -
VirusBuster 4.3.26:9 2007.09.05 Trojan.DR.Cimuz.Gen.1
Webwasher-Gateway 6.0.1 2007.09.05 Trojan.PSW.LDPinch.TAW.379

Additional information
File size: 6289 bytes
MD5: 8bbc84ae1f621814793d14ff6fa59a18
SHA1: f70c8c56f48ed5caa6d43d9be67d8bf691dec35b
packers: RCrypt
------------------------------------------------------

Virus was detected with Comodo Firewall. Free scaner CureIt! (http://freedrweb.com/?lng=en) can found and kill this virus.

Maxx_original · « **Reply #4 on:** September 05, 2007, 08:55:52 PM »

hmmm.. i don't know if it really is a good way to detect RCryptor 2.0 as a virus...

Maxx_original · « **Reply #5 on:** September 05, 2007, 11:03:32 PM »

anyway.. i'll suggest this topic to user misak from virus analysts team

misak · « **Reply #6 on:** September 06, 2007, 10:16:55 AM »

Hi,

file msntwbwu.exe is like dropper. It unpack many files to IE temp directory. Unpacked files are already detected by Avast as Win32:Agent.
Detection for msntwbwu.exe will be in next VPS update...

yvs · « **Reply #7 on:** September 06, 2007, 11:22:04 AM »

Quote from: misak on September 06, 2007, 10:16:55 AM

Detection for msntwbwu.exe will be in next VPS update...

Tnx.

Author Topic: New virus and old not virus (Read 5521 times)

yvs

New virus and old not virus

FreewheelinFrank

Re: New virus and old not virus

yvs

Re: New virus and old not virus

yvs

Re: New virus and old not virus

Maxx_original

Re: New virus and old not virus

Maxx_original

Re: New virus and old not virus

misak

Re: New virus and old not virus

yvs

Re: New virus and old not virus