« previous next »
Pages: [1]   Go Down

Author Topic: New virus report  (Read 8251 times)

0 Members and 1 Guest are viewing this topic.

vl-sher

  • Guest
New virus report
« on: January 23, 2010, 09:31:20 PM »
Unfortunately I'm not able to find any special place to submit a file with potential virus. Pleas find it attached (zipped, the extension is changed to .txt) and see the result of competitors' analysis below:

Avast

5f378dce-4dea0cb9.zip/5f378dce-4dea0cb9/META-INF/MANIFEST.MF      clear
5f378dce-4dea0cb9.zip/5f378dce-4dea0cb9/myf/y/AppletX.class      clear
5f378dce-4dea0cb9.zip/5f378dce-4dea0cb9/myf/y/LoaderX.class      clear
5f378dce-4dea0cb9.zip/5f378dce-4dea0cb9/myf/y/PayloadX.class      clear
5f378dce-4dea0cb9.zip/5f378dce-4dea0cb9      clear
5f378dce-4dea0cb9.zip      clear
 
NOD32

C:\Documents and Settings\V.Sher\Desktop\Viruses\5f378dce-4dea0cb9.zip   multiple threats
C:\Documents and Settings\V.Sher\Desktop\Viruses\LoaderX.class   a variant of Java/TrojanDownloader.Agent.NAC trojan
C:\Documents and Settings\V.Sher\Desktop\Viruses\PayloadX.class   a variant of Java/TrojanDownloader.Agent.NAD trojan

Avira

25455757    MANIFEST.MF    21 Byte    CLEAN
25559843    AppletX.class    3.02 KB    UNDER ANALYSIS
25536570    LoaderX.class    2.42 KB    MALWARE
25536572    PayloadX.class    2.3 KB    CLEAN

DrWeb

5f378dce-4dea0cb9.zip - archive ZIP
>5f378dce-4dea0cb9.zip/5f378dce-4dea0cb9 - archive ZIP
>>5f378dce-4dea0cb9.zip/5f378dce-4dea0cb9/META-INF/MANIFEST.MF - Ok
>>5f378dce-4dea0cb9.zip/5f378dce-4dea0cb9/myf/y/AppletX.class infected with Java.Antiload
>>5f378dce-4dea0cb9.zip/5f378dce-4dea0cb9/myf/y/LoaderX.class infected with Java.Antiload
>>5f378dce-4dea0cb9.zip/5f378dce-4dea0cb9/myf/y/PayloadX.class infected with Java.Antiload

Kaspersky
 
5f378dce-4dea0cb9.zip/5f378dce-4dea0cb9/META-INF/MANIFEST.MF - OK
5f378dce-4dea0cb9.zip/5f378dce-4dea0cb9/myf/y/AppletX.class - OK
5f378dce-4dea0cb9.zip/5f378dce-4dea0cb9/myf/y/LoaderX.class - infected by Trojan-Downloader.Java.OpenStream.af
5f378dce-4dea0cb9.zip/5f378dce-4dea0cb9/myf/y/PayloadX.class - OK
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33923
  • malware fighter
Re: New virus report
« Reply #1 on: January 23, 2010, 11:39:36 PM »
Halio vl-sher

You got infected because your JAVA version was out of date and vulnerable. See the removal suggestions here: http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/resolved-hjt-threads/366992-trojan-removal-damaged-internet-help.html

Secure your third party software with the latest patches and updates via an online scan at http://secunia.com/vulnerability_scanning/online/


1. Run Threat Expert Memory Scanner: http://www.pctools.com/memory-scanner/download/
And give us a full log as an attached txt file...

2. Run Malwarebytes Anti-Malware from http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe

3. Run Superantispyware http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

4. Run a complete scan with free curing utility Dr.Web CureIt! http://www.freedrweb.com/download+cureit/

5. Install threat fire which will enhance your antivirus protection, www.threatfire.com/download

pozdrawiam,

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »