Downloader.VB.AXO

Downloader.VB.AXO
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Anti-Virus Software    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Downloader.VB.AXO Dennis 02-11-2008
Posted by Dennis on February 11, 2008, 3:03 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Saturday an AVG Free scan turned up the Downloader.VB.AXO trojan
horse in C:\Program Files\music_now\inetchk.exe. As far as I know, this
folder and file have been on my PC since I got it last August (it came
pre-installed with other HP software).

Googling turns up a few posts indicating this might be a false positive
from AVG.

Any thoughts?

--

Dennis

Posted by David H. Lipman on February 11, 2008, 5:10 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| On Saturday an AVG Free scan turned up the Downloader.VB.AXO trojan
| horse in C:\Program Files\music_now\inetchk.exe. As far as I know, this
| folder and file have been on my PC since I got it last August (it came
| pre-installed with other HP software).
|
| Googling turns up a few posts indicating this might be a false positive
| from AVG.
|
| Any thoughts?
|


Please submit a sample of "inetchk.exe" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition,
unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by Dennis on February 11, 2008, 5:50 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Mon, 11 Feb 2008 22:10:44 GMT, "David H. Lipman"

>When you get the report, please post back the exact results.

grisoft suggested I post a sample to http://virusscan.jotti.org/. Here
are their results...

>File: inetchk.exe
>Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore,
this file's scan results will not be stored in the database)
>MD5: 09b51f86b604affee200ee78c5c31290
>Packers detected: -
>Bit9 reports: No threat detected (more info)
>
>Scanner results
>Scan taken on 11 Feb 2008 21:46:11 (GMT)
>A-Squared Found nothing
>AntiVir Found TR/Click.HD
>ArcaVir Found nothing
>Avast Found Win32:Neptunia-KH
>AVG Antivirus Found Downloader.VB.AXO
>BitDefender Found nothing
>ClamAV Found nothing
>CPsecure Found nothing
>Dr.Web Found Trojan.Click.2093
>F-Prot Antivirus Found nothing
>F-Secure Anti-Virus Found nothing
>Fortinet Found nothing
>Ikarus Found Trojan.Click.2093
>Kaspersky Anti-Virus Found nothing
>NOD32 Found nothing
>Norman Virus Control Found nothing
>Panda Antivirus Found nothing
>Rising Antivirus Found nothing
>Sophos Antivirus Found nothing
>VirusBuster Found Trojan.CL.Agent.IJS
>VBA32 Found Trojan.Click.2093

It looks like they can't agree as to what it is, if anything.

Thanks.

--

Dennis

Posted by Dennis on February 11, 2008, 6:18 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Mon, 11 Feb 2008 23:03:02 GMT, "David H. Lipman"

>Anyway, based upon the high "hit" rate, I'd say this is NOT a False Positive.

I suspect the PC came with this. I wonder if grisoft just recently
updated their definitions to find this. I haven't downloaded anything in
the past 10 days that I can remember and the PC was clean the Saturday
before.

>Remove the Trojan by moving into the Virus Vault.

Done.

***

I haven't been able to find a description of this one so I don't know
what it is supposed to do. I'd like to know what to look for if anything
funny starts happening.

Thanks,

--

Dennis

Posted by David H. Lipman on February 11, 2008, 6:47 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| On Mon, 11 Feb 2008 23:03:02 GMT, "David H. Lipman"
|
>> Anyway, based upon the high "hit" rate, I'd say this is NOT a False Positive.
|
| I suspect the PC came with this. I wonder if grisoft just recently
| updated their definitions to find this. I haven't downloaded anything in
| the past 10 days that I can remember and the PC was clean the Saturday
| before.
|
>> Remove the Trojan by moving into the Virus Vault.
|
| Done.
|
| ***
|
| I haven't been able to find a description of this one so I don't know
| what it is supposed to do. I'd like to know what to look for if anything
| funny starts happening.
|
| Thanks,
|

To find that information, use the information obtained from Jotti.

Based upon the infector name and the anti virus vendor, check the vendor's
respective virus
libraries/encyclopedias.

BTW: The reason I stated to move this into the Virus Vault is becuase if this is
ebventually deemed to be a False Positive then it can be restored.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Similar ThreadsPosted
What do I do-- JS/Downloader March 6, 2008, 11:17 am
downloader.small.27.k August 11, 2005, 9:28 am
Trojan.downloader.BHO.req August 27, 2005, 8:54 pm
Downloader.Trojan December 7, 2005, 5:35 am
How to get rid of trojan downloader July 21, 2006, 10:02 pm
Downloader.Trojan August 25, 2006, 9:43 am
Downloader.Swizzor by AVG November 10, 2006, 1:36 pm
Help getting rid of downloader.mislead.app January 8, 2008, 6:36 pm
Downloader.AQW trojan removal March 17, 2006, 12:56 pm
'JS/Downloader.Agent' is it a threat? February 26, 2008, 6:58 am

The site map in XML format XML site map

Contact Us | Privacy Policy