CastleCops® happy-2008.exe

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

happy-2008.exe

All -> FavForums -> Unknown Files

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

AlphaCentauri

SIRT Handler
Premium Member

Joined: Nov 20, 2003
Posts: 2899

Posted: Wed Dec 26, 2007 4:50 am Post subject: happy-2008.exe

Being distributed at uhavepostcard.com. Merry Christmas. Virus total Antivirus Version Last Update Result AhnLab-V3 2007.12.25.10 2007.12.24 - AntiVir 7.6.0.46 2007.12.25 GEN/PwdZIP Authentium 4.93.8 2007.12.25 - Avast 4.7.1098.0 2007.12.25 - AVG 7.5.0.516 2007.12.25 - BitDefender 7.2 2007.12.26 - CAT-QuickHeal 9.00 2007.12.25 - ClamAV 0.91.2 2007.12.26 - DrWeb 4.44.0.09170 2007.12.25 - eSafe 7.0.15.0 2007.12.25 - eTrust-Vet 31.3.5400 2007.12.24 - Ewido 4.0 2007.12.25 - FileAdvisor 1 2007.12.26 - Fortinet 3.14.0.0 2007.12.26 - F-Prot 4.4.2.54 2007.12.25 - F-Secure 6.70.13030.0 2007.12.26 - Ikarus T3.1.1.15 2007.12.26 - Kaspersky 7.0.0.125 2007.12.26 - McAfee 5192 2007.12.24 - Microsoft 1.3109 2007.12.26 - NOD32v2 2747 2007.12.25 error - password-protected file Norman 5.80.02 2007.12.24 - Panda 9.0.0.4 2007.12.25 - Prevx1 V2 2007.12.26 - Rising 20.24.12.00 2007.12.25 Suspicious.ZipPSW Sophos 4.24.0 2007.12.26 - Sunbelt 2.2.907.0 2007.12.21 - Symantec 10 2007.12.26 - TheHacker 6.2.9.168 2007.12.22 - VBA32 3.12.2.5 2007.12.24 - VirusBuster 4.3.26:9 2007.12.25 - Webwasher-Gateway 6.6.2 2007.12.26 Generic.PwdZIP Additional information File size: 161005 bytes MD5: 7c927901d16b228860af1bf9ad418577 SHA1: 7de7bce5d28dc7bf4a1da7c7e749c3bdc8c1ad7e PEiD: - Jotti: Scanner results Scan taken on 26 Dec 2007 04:43:07 (GMT) A-Squared Found nothing AntiVir Found GEN/PwdZIP ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found suspicious file (encrypted program in archive) F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found Suspicious.ZipPSW, Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing

tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5879

Posted: Wed Dec 26, 2007 1:16 pm Post subject:

eCard.scr is now well detected and happy-2008.exe has been put on the malware listserv. _________________ Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender. Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx

Evilcry

Trooper
Trooper

Joined: Aug 30, 2007
Posts: 11
Location: Italy

Posted: Wed Dec 26, 2007 5:04 pm Post subject:

I'm reversing it, appears to install a Rootkit, and can be detected by searching into /system32 folder, init_sys.config. Regards, Evilcry

	All -> FavForums -> Unknown Files	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You cannot download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 125ppm 0.473s (0.09s) Making cybercriminals unhappy since 2002*