Author Topic: j83uv.exe (Read 3767 times)

temper8 · « **on:** December 21, 2010, 02:50:38 AM »

Hi,
I purchased a brand new, sealed VERBATIM SDHC card. When I put it in my computer it had the files autorun.inf and j83uv.exe. I checked the net and got lots of virus hits for j83uv. I ran avast free over the exe file and got a virus hit. Is Verbatim selling virus from the factory?

Trent

Pondus · « **Reply #1 on:** December 21, 2010, 06:40:36 AM »

can you upload the file to www.virustotal.com and test it with 43 malware scanners
when you have the result, copy the url in the address bar and post it here so we can see the result

temper8 · « **Reply #2 on:** December 21, 2010, 08:11:27 AM »

File Scanner

Attention!

Kaspersky Anti-Virus has detected a virus in the file you have submitted.

Scanned file: j83uv.exe - Infected

j83uv.exe - infected by Trojan-GameThief.Win32.Magania.dmim

Statistics:
Known viruses:   4481040   Updated:   21-12-2010
File size (Kb):   126   Virus bodies:   1
Files:   1   Warnings:   0
Archives:   0   Suspicious:   0

temper8 · « **Reply #3 on:** December 21, 2010, 09:06:21 AM »

Complete scanning result of "j83uv.exe", processed in VirusTotal at 12/21/2010 08:54:23 (CET).

[ file data ]
* name..: j83uv.exe
* size..: 129024
* md5...: 475d851a33f809d1e690f08f6405f164
* sha1..: 831eeaf525386f3916ee854f6e18b61871d52fb4
* peid..: ASPack v2.12

[ scan result ]
AhnLab-V3   2010.12.20.06/20101220   found [Win-Trojan/Magania.129024.AF]
AntiVir   7.11.0.110/20101220   found [TR/Crypt.ASPM.Gen]
Antiy-AVL   2.0.3.7/20101221   found [Trojan/Win32.Magania.gen]
Avast   4.8.1351.0/20101220   found [Win32:Malware-gen]
Avast5   5.0.677.0/20101220   found [Win32:Malware-gen]
AVG   9.0.0.851/20101221   found [SHeur3.AIIW]
BitDefender   7.2/20101221   found [Trojan.Generic.4480924]
CAT-QuickHeal   11.00/20101221   found [Worm.AutoRun.hdn]
ClamAV   0.96.4.0/20101221   found [PUA.Packed.ASPack]
Command   5.2.11.5/20101221   found [W32/MalwareF.EFNC]
Comodo   7134/20101221   found [TrojWare.Win32.Trojan.Agent.Gen]
DrWeb   5.0.2.03300/20101221   found [Trojan.PWS.Gamania.27534]
Emsisoft   5.1.0.1/20101221   found [Trojan-GameThief.Win32.Magania!IK]
eSafe   7.0.17.0/20101219   found [Win32.PWSFrethog]
eTrust-Vet   36.1.8051/20101220   found [Win32/Frethog.HPJ]
F-Prot   4.6.2.117/20101220   found [W32/MalwareF.EFNC]
F-Secure   9.0.16160.0/20101221   found [Trojan.Generic.4480924]
Fortinet   4.2.254.0/20101219   found nothing
GData   21/20101221   found [Trojan.Generic.4480924]
Ikarus   T3.1.1.90.0/20101221   found [Trojan-GameThief.Win32.Magania]
Jiangmin   13.0.900/20101221   found [Trojan/PSW.Magania.anxw]
K7AntiVirus   9.73.3296/20101220   found [Password-Stealer]
Kaspersky   7.0.0.125/20101221   found [Trojan-GameThief.Win32.Magania.dmim]
McAfee   5.400.0.1158/20101221   found [PWS-Gamania.b!k]
McAfee-GW-Edition   2010.1C/20101220   found [PWS-Gamania.b!k]
Microsoft   1.6402/20101221   found [PWS:Win32/Frethog.gen!H]
NOD32   5719/20101220   found [probably a variant of Win32/PSW.OnLineGames.POG]
Norman   6.06.12/20101220   found [W32/Suspicious_Gen2.DMFDN]
nProtect   2010-12-21.01/20101221   found [Trojan/W32.Agent.129024.DM]
Panda   10.0.2.7/20101220   found [W32/Lineage.KDB]
PCTools   7.0.3.5/20101221   found [Trojan.Gen]
Prevx   3.0/20101221   found [Medium Risk Malware]
Rising   22.79.00.03/20101221   found [Trojan.Win32.Generic.521E9533]
Sophos   4.60.0/20101221   found [Mal/Taterf-B]
SUPERAntiSpyware   4.40.0.1006/20101221   found nothing
Symantec   20101.3.0.103/20101221   found [Trojan.Gen]
TheHacker   6.7.0.1.104/20101221   found [Trojan/Magania.dmim]
TrendMicro   9.120.0.1004/20101221   found [TROJ_GAMETHI.GSW]
TrendMicro-HouseCall   9.120.0.1004/20101221   found [TROJ_GAMETHI.GSW]
VBA32   3.12.14.2/20101220   found [BScope.Trojan-Dropper.Inject]
VIPRE   7742/20101221   found [BehavesLike.Win32.Malware.bse (vs)]
ViRobot   2010.12.20.4210/20101221   found [JS.S.Agent.129024]
VirusBuster   13.6.104.2/20101220   found [Trojan.Magania.Gen!Pac.3]

[ notes ]
packers (Antiy-AVL): ASPack 2.12
ClamAV PUA (Possibly Unwanted Application) detection:
While not necessarily malicious, the scanned file presents certain
characteristics which depending on the user policies and environment may
or may not configure a threat.
For full details see: http://www.clamav.net/support/faq/pua
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=475d851a33f809d1e690f08f6405f164
http://info.prevx.com/aboutprogramtext.asp?PX5=8BE471E7009EBB20F8F401B514E5E100ED3F5D2B

Pondus · « **Reply #4 on:** December 21, 2010, 02:53:30 PM »

it is easyer to read the VT result when posting the link
http://www.virustotal.com/file-scan/report.html?id=6f92d3a5dc7e7ecafa3e1b69ac83ee2186401c965e261f6edbc69ca7bda0cb62-1292918063

Quote

Is Verbatim selling virus from the factory?

From the VT scan result it sure looks as they are, you may send them a mail with a link to this
if they have good customer support you should get a new card......and maybe something extra for the trouble

argus · « **Reply #5 on:** December 21, 2010, 03:26:12 PM »

MCShield is a program that can protect you from any threat from removable media.

The program is relatively new, made by the AMF team MyCity forum (ASAP member)

MyCity Ambulance http://www.mycity.rs/Ambulanta/

You only need to install software on your computer and you can be sure that you will be protected.
Not only does the computer is protected, but USB flash drive or other memory card. will automatically be cleaned.

To me, this is the best program for this purpose that can be found on the net, and it is free.

More information and download at this link http://amf.mycity.rs/programs/mc/mcshield/

temper8 · « **Reply #6 on:** December 23, 2010, 09:18:18 PM »

Hi Pondus,

I had contacted verbatim. They suggest that the most reasonable explanation is that my machine was the source of infection. I did some further checking and there is no evidence of infection on any of the machines on my local network or removable storage media.

Quote

From the VT scan result it sure looks as they are, you may send them a mail with a link to this
if they have good customer support you should get a new card......and maybe something extra for the trouble

superhacker · « **Reply #7 on:** December 23, 2010, 09:25:27 PM »

Here mp3 players and memory sticks usually come with viruses from manufacturers

,But avast here

Pondus · « **Reply #8 on:** December 23, 2010, 09:28:01 PM »

Quote from: superhacker on December 23, 2010, 09:25:27 PM

Here mp3 players and memory sticks usually come with viruses from manufacturers ,But avast here

Meaning most of the products sold in Syria is pirate copy`s

CharleyO · « **Reply #9 on:** December 24, 2010, 12:55:49 AM »

***

It wouldn't be the first time a company sold or gave out infected USB drives.

http://ahtim.com/warning-hp-sends-virus-infected-usb-thumb-drive/

http://news.cnet.com/8301-27080_3-20005673-245.html

***

Author Topic: j83uv.exe (Read 3767 times)

temper8

j83uv.exe

Pondus

Re: j83uv.exe

temper8

Re: j83uv.exe

temper8

Re: j83uv.exe

Pondus

Re: j83uv.exe

argus

Re: j83uv.exe

temper8

Re: j83uv.exe

superhacker

Re: j83uv.exe

Pondus

Re: j83uv.exe

CharleyO

Re: j83uv.exe