CastleCops® navil toolbar

Need help? Click here to register for free! Absolutely zero advertisements on this site!

**$9736.22 of $21422.68**

Help CastleCops serve the community on new servers, Donate Here to reach our goal.

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Survey

Forum FAQ

Usergroups

Profile

Select FavForums

navil toolbar

All -> FavForums -> Unknown Files

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

nosirrah

Security Expert
Special Response Team

Joined: Apr 19, 2006
Posts: 6298
Location: USA

Posted: Fri Nov 10, 2006 3:21 pm Post subject: navil toolbar

I found this while looking up information in this thread : /t171447-Browser_hijack_by_navil_com.html . It appears to be a borderline toolbar but because there is evidence that some kind of exploit is being used to direct users to navil.com , I would consider this malware by default . The toolbar does not appear to be directly related to the redirect , not on my system at least . Link_Comp.ocx NavilToolbar.dll Setup.exe ToolbarInstaller.exe These four all scan clean . STATUS: FINISHEDComplete scanning result of "IFinst27.exe", received in VirusTotal at 11.10.2006, 15:37:40 (CET). Authentium 4.93.8 11.10.2006 W32/Downloader.AOLK Fortinet 2.82.0.0 11.10.2006 suspicious F-Prot 3.16f 11.10.2006 security risk named W32/Downloader.AOLK F-Prot4 4.2.1.29 11.09.2006 W32/Downloader.AOLK File: IFinst27.exe Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definitely accurate. Also, because of this, results of this scan will not be recorded in the database.) MD5 9c17bca3ef837bacded7e4299508e71d Packers detected: UPX F-Prot Antivirus Found W32/Downloader.AOLK STATUS: FINISHEDComplete scanning result of "NavilTB_Installer.exe", received in VirusTotal at 11.10.2006, 15:39:40 (CET). Authentium 4.93.8 11.10.2006 W32/Downloader.AOLK Fortinet 2.82.0.0 11.10.2006 suspicious F-Prot 3.16f 11.10.2006 security risk named W32/Downloader.AOLK F-Prot4 4.2.1.29 11.09.2006 W32/Downloader.AOLK File: NavilTB_Installer.exe Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definitely accurate. Also, because of this, results of this scan will not be recorded in the database.) MD5 e8ad84299c19ee67cc25e8185d0ad99b Packers detected: UPX F-Prot Antivirus Found W32/Downloader.AOLK I also found two GUIDs : B07610C1-1ADD-4264-BFFD-27364394406D 1A869745-C367-466C-82C9-F707EB969C8D ]

	All -> FavForums -> Unknown Files	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You cannot download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 123ppm 0.216s (0.044s) Making cybercriminals unhappy since 2002*