CastleCops® another new zlob variant

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

another new zlob variant

All -> FavForums -> Unknown Files

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

sjpritch25

1st Responder
Premium Member

Joined: Mar 31, 2005
Posts: 5163
Location: West Coast of Florida, USA

Posted: Tue Dec 18, 2007 12:56 am Post subject: another new zlob variant

File gnjsjc.dll received on 12.18.2007 01:43:57 (CET) Result: 0/32 (0%) Antivirus Version Last Update Result AhnLab-V3 2007.12.18.10 2007.12.17 - AntiVir 7.6.0.45 2007.12.17 - Authentium 4.93.8 2007.12.16 - Avast 4.7.1098.0 2007.12.17 - AVG 7.5.0.503 2007.12.17 - BitDefender 7.2 2007.12.18 - CAT-QuickHeal 9.00 2007.12.17 - ClamAV 0.91.2 2007.12.18 - DrWeb 4.44.0.09170 2007.12.17 - eSafe 7.0.15.0 2007.12.17 - eTrust-Vet 31.3.5382 2007.12.17 - Ewido 4.0 2007.12.17 - FileAdvisor 1 2007.12.18 - Fortinet 3.14.0.0 2007.12.18 - F-Prot 4.4.2.54 2007.12.17 - F-Secure 6.70.13030.0 2007.12.18 - Ikarus T3.1.1.15 2007.12.18 - Kaspersky 7.0.0.125 2007.12.18 - McAfee 5187 2007.12.17 - Microsoft 1.3109 2007.12.18 - NOD32v2 2728 2007.12.17 - Norman 5.80.02 2007.12.17 - Panda 9.0.0.4 2007.12.18 - Prevx1 V2 2007.12.18 - Rising 20.23.02.00 2007.12.17 - Sophos 4.24.0 2007.12.17 - Sunbelt 2.2.907.0 2007.12.18 - Symantec 10 2007.12.18 - TheHacker 6.2.9.162 2007.12.17 - VBA32 3.12.2.5 2007.12.17 - VirusBuster 4.3.26:9 2007.12.17 - Webwasher-Gateway 6.6.2 2007.12.17 - Additional information File size: 12800 bytes MD5: 5338b608d31a1a7d1955ff88ccdfcf7e SHA1: db4f066333f728149d038b23beec8f3e5b92c619 PEiD: - File findsiteonline.dll received on 12.18.2007 01:44:07 (CET) Result: 5/32 (15.63%) Antivirus Version Last Update Result AhnLab-V3 2007.12.18.10 2007.12.17 - AntiVir 7.6.0.45 2007.12.17 - Authentium 4.93.8 2007.12.16 - Avast 4.7.1098.0 2007.12.17 - AVG 7.5.0.503 2007.12.17 - BitDefender 7.2 2007.12.18 - CAT-QuickHeal 9.00 2007.12.17 - ClamAV 0.91.2 2007.12.18 - DrWeb 4.44.0.09170 2007.12.17 - eSafe 7.0.15.0 2007.12.17 Suspicious File eTrust-Vet 31.3.5382 2007.12.17 - Ewido 4.0 2007.12.17 - FileAdvisor 1 2007.12.18 - Fortinet 3.14.0.0 2007.12.18 - F-Prot 4.4.2.54 2007.12.17 - F-Secure 6.70.13030.0 2007.12.18 - Ikarus T3.1.1.15 2007.12.18 - Kaspersky 7.0.0.125 2007.12.18 - McAfee 5187 2007.12.17 - Microsoft 1.3109 2007.12.18 - NOD32v2 2728 2007.12.17 - Norman 5.80.02 2007.12.17 - Panda 9.0.0.4 2007.12.18 Suspicious file Prevx1 V2 2007.12.18 Heuristic: Suspicious Self Modifying File Rising 20.23.02.00 2007.12.17 - Sophos 4.24.0 2007.12.17 - Sunbelt 2.2.907.0 2007.12.18 VIPRE.Suspicious Symantec 10 2007.12.18 - TheHacker 6.2.9.162 2007.12.17 - VBA32 3.12.2.5 2007.12.17 - VirusBuster 4.3.26:9 2007.12.17 - Webwasher-Gateway 6.6.2 2007.12.17 Win32.Malware.gen (suspicious) Additional information File size: 15872 bytes MD5: 06558320a2ba03ede6ca276c1a895ea9 SHA1: 0ce49b2d71e10d06e3222b7b8537c589b8b38adc PEiD: PECompact 2.xx --> BitSum Technologies packers: PecBundle, PECompact packers: PE_Patch.PECompact, PecBundle, PECompact Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=6529924B00DAA44B3E01007ACC7F3000170F8CCD Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics. _________________ Microsoft Valuable Professional--Consumer Security 2007-2009 http://geekfox26.blogspot.com/

tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5879

Posted: Tue Dec 18, 2007 12:46 pm Post subject:

cjuvwa.dll was the only file in the .zip file, have you still got a copy of the other files? cjuvwa.dll with the same MD5 hash is already on the malware listserv /t210730-MD5_f57cfa2cf8ac7e9db2781be930b667ad_cjuvwa_dll.html _________________ Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender. Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx

sjpritch25

1st Responder
Premium Member

Joined: Mar 31, 2005
Posts: 5163
Location: West Coast of Florida, USA

Posted: Tue Dec 18, 2007 5:50 pm Post subject:

Sorry about, i uploaded the wrong zip file. _________________ Microsoft Valuable Professional--Consumer Security 2007-2009 http://geekfox26.blogspot.com/

tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5879

Posted: Tue Dec 18, 2007 9:01 pm Post subject:

I'll add the 2 files to the malware listserv. _________________ Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender. Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx

	All -> FavForums -> Unknown Files	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You cannot download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 127ppm 0.303s (0.045s) Making cybercriminals unhappy since 2002*