|
Posted by Duh_OZ on January 19, 2007, 10:47 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Until tonight anyway.
hxxp://xxx.activexmediasource.com/download/setupmedia.1645.exe
Virus total has two vendors ID it, two others 'suspicious'
AntiVir 7.3.0.26 DR/Zlob.Gen
BitDefender 7.2 Trojan.Downloader.Zlob.AKJ
eSafe 7.0.14.0 suspicious Trojan/Worm
Fortinet 2.82.0.0 suspicious
|
|
Posted by David H. Lipman on January 19, 2007, 11:32 pm
If you were Registered and logged in, you could reply and use other advanced thread options
| Until tonight anyway.
|
| activexmediasource.com
|
Thanx. That's a new one.
Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com
Domain Name: ACTIVEXMEDIASOURCE.COM
Registrant:
vl ltd
Von Linstow (wm@sitekeymaker.com)
Dalbergsgade 7
Viborg
null,8800
DK
Tel. +045.26881927
Creation Date: 17-Jan-2007
Expiration Date: 17-Jan-2008
So is this one...
Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com
Domain Name: VIDEOACTIVEXSOFTWARE.COM
Registrant:
AXV
Ase Traving (at@activexvideo.com)
Figenvej 125
Nustved
null,4700
DK
Tel. +045.26468496
Creation Date: 17-Jan-2007
Expiration Date: 17-Jan-2008
videoactivexsoftware.com
[quote]Complete scanning result of "setupvax.exe", processed in VirusTotal at
01/20/2007 05:11:22
(CET).
[ file data ]
* name: setupvax.exe
* size: 60720
* md5.: 759b8fb8b9f0ede2f0689b7eec750a68
* sha1: ba9bd46ccefe625080eff11994c8805a93753f46
[ scan result ]
AntiVir 7.3.0.26/20070120 found [DR/Zlob.Gen]
BitDefender 7.2/20070120 found [Trojan.Zlob.IN]
eSafe 7.0.14.0/20070120 found [suspicious Trojan/Worm]
Fortinet 2.82.0.0/20070119 found [suspicious]
Prevx1 V2/20070120 found [Malicious]
[ notes ]
packers: UPX
packers: UPX, BINARYRES, BINARYRES
packers: UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=bca071748737
Right now there are MORE DNSChanger sites than ZLob installer sites. All owned
by the same
group and all registered through ESTDOMAINS INC
NOTE: The email addresses of the registered owners of the sites point to OTHER
sites as
well.
I have quite an extensive list of both active and closed sites. Email me and
I'll provide
it to you. I don't want to post it publicly.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
Posted by Art on January 20, 2007, 6:18 am
If you were Registered and logged in, you could reply and use other advanced thread options
>[quote]Complete scanning result of "setupvax.exe", processed in VirusTotal at
01/20/2007 05:11:22
>(CET).
>
>[ file data ]
>* name: setupvax.exe
>* size: 60720
>* md5.: 759b8fb8b9f0ede2f0689b7eec750a68
>* sha1: ba9bd46ccefe625080eff11994c8805a93753f46
>
>[ scan result ]
>AntiVir 7.3.0.26/20070120 found [DR/Zlob.Gen]
>BitDefender 7.2/20070120 found [Trojan.Zlob.IN]
>eSafe 7.0.14.0/20070120 found [suspicious Trojan/Worm]
>Fortinet 2.82.0.0/20070119 found [suspicious]
>Prevx1 V2/20070120 found [Malicious]
>
>[ notes ]
>packers: UPX
>packers: UPX, BINARYRES, BINARYRES
>packers: UPX
>Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=bca071748737
Here's a vt result on the file that's now up there:
******************************************
Complete scanning result of "setupmedia.1645.exe", received in
VirusTotal at 01.20.2007, 12:07:54 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.26 01.20.2007 DR/Zlob.Gen
Authentium 4.93.8 01.20.2007 no virus found
Avast 4.7.936.0 01.18.2007 no virus found
AVG 386 01.19.2007 no virus found
BitDefender 7.2 01.20.2007 no virus found
CAT-QuickHeal 9.00 01.20.2007 no virus found
ClamAV devel-20060426 01.20.2007 no virus found
DrWeb 4.33 01.20.2007 no virus found
eSafe 7.0.14.0 01.20.2007 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.118 01.20.2007 no virus found
eTrust-Vet 30.3.3336 01.19.2007 no virus found
Ewido 4.0 01.19.2007 no virus found
Fortinet 2.82.0.0 01.20.2007 suspicious
F-Prot 3.16f 01.20.2007 no virus found
F-Prot4 4.2.1.29 01.19.2007 no virus found
Ikarus T3.1.0.27 01.09.2007 no virus found
Kaspersky 4.0.2.24 01.20.2007 no virus found
McAfee 4943 01.19.2007 no virus found
Microsoft 1.1904 01.20.2007 no virus found
NOD32v2 1992 01.20.2007 no virus found
Norman 5.80.02 01.19.2007 no virus found
Panda 9.0.0.4 01.20.2007 no virus found
Prevx1 V2 01.20.2007 no virus found
Sophos 4.13.0 01.20.2007 no virus found
Sunbelt 2.2.907.0 01.12.2007 no virus found
TheHacker 6.0.3.151 01.19.2007 no virus found
UNA 1.83 01.19.2007 no virus found
VBA32 3.11.2 01.19.2007 no virus found
VirusBuster 4.3.19:9 01.20.2007 no virus found
Aditional Information
File size: 60745 bytes
MD5: a4641aea1f9e2e0e46ecaae7abaa801c
SHA1: 911d642c1c0d9d21ae872361d71e497c9b33b947
packers: UPX
packers: UPX, BINARYRES, BINARYRES
packers: UPX
******************************
Looks like another case of musical chairs. Note it's now a different
file and Bit Defender doesn't alert.
Art
http://home.epix.net/~artnpeg
|
|
Posted by David H. Lipman on January 20, 2007, 8:16 am
If you were Registered and logged in, you could reply and use other advanced thread options
| On Sat, 20 Jan 2007 04:32:58 GMT, "David H. Lipman"
|
>> [quote]Complete scanning result of "setupvax.exe", processed in VirusTotal at
01/20/2007
>> 05:11:22 (CET).
>>
>> [ file data ]
>> * name: setupvax.exe
>> * size: 60720
>> * md5.: 759b8fb8b9f0ede2f0689b7eec750a68
>> * sha1: ba9bd46ccefe625080eff11994c8805a93753f46
>>
>> [ scan result ]
>> AntiVir 7.3.0.26/20070120 found [DR/Zlob.Gen]
>> BitDefender 7.2/20070120 found [Trojan.Zlob.IN]
>> eSafe 7.0.14.0/20070120 found [suspicious Trojan/Worm]
>> Fortinet 2.82.0.0/20070119 found [suspicious]
>> Prevx1 V2/20070120 found [Malicious]
>>
>> [ notes ]
>> packers: UPX
>> packers: UPX, BINARYRES, BINARYRES
>> packers: UPX
>> Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=bca071748737
|
| Here's a vt result on the file that's now up there:
| ******************************************
| Complete scanning result of "setupmedia.1645.exe", received in
| VirusTotal at 01.20.2007, 12:07:54 (CET).
|
| Antivirus Version Update Result
| AntiVir 7.3.0.26 01.20.2007 DR/Zlob.Gen
| Authentium 4.93.8 01.20.2007 no virus found
| Avast 4.7.936.0 01.18.2007 no virus found
| AVG 386 01.19.2007 no virus found
| BitDefender 7.2 01.20.2007 no virus found
| CAT-QuickHeal 9.00 01.20.2007 no virus found
| ClamAV devel-20060426 01.20.2007 no virus found
| DrWeb 4.33 01.20.2007 no virus found
| eSafe 7.0.14.0 01.20.2007 suspicious Trojan/Worm
| eTrust-InoculateIT 23.73.118 01.20.2007 no virus found
| eTrust-Vet 30.3.3336 01.19.2007 no virus found
| Ewido 4.0 01.19.2007 no virus found
| Fortinet 2.82.0.0 01.20.2007 suspicious
| F-Prot 3.16f 01.20.2007 no virus found
| F-Prot4 4.2.1.29 01.19.2007 no virus found
| Ikarus T3.1.0.27 01.09.2007 no virus found
| Kaspersky 4.0.2.24 01.20.2007 no virus found
| McAfee 4943 01.19.2007 no virus found
| Microsoft 1.1904 01.20.2007 no virus found
| NOD32v2 1992 01.20.2007 no virus found
| Norman 5.80.02 01.19.2007 no virus found
| Panda 9.0.0.4 01.20.2007 no virus found
| Prevx1 V2 01.20.2007 no virus found
| Sophos 4.13.0 01.20.2007 no virus found
| Sunbelt 2.2.907.0 01.12.2007 no virus found
| TheHacker 6.0.3.151 01.19.2007 no virus found
| UNA 1.83 01.19.2007 no virus found
| VBA32 3.11.2 01.19.2007 no virus found
| VirusBuster 4.3.19:9 01.20.2007 no virus found
|
| Aditional Information
| File size: 60745 bytes
| MD5: a4641aea1f9e2e0e46ecaae7abaa801c
| SHA1: 911d642c1c0d9d21ae872361d71e497c9b33b947
| packers: UPX
| packers: UPX, BINARYRES, BINARYRES
| packers: UPX
| ******************************
| Looks like another case of musical chairs. Note it's now a different
| file and Bit Defender doesn't alert.
|
| Art
| http://home.epix.net/~artnpeg
That's been the motive of these guys. They are generating new ZLob variants on
an almost
daily basis. They are creating new web sites all the time. It is hard keeping
up with them
!
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
Posted by Ant on January 20, 2007, 10:11 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> packers: UPX, BINARYRES, BINARYRES
What is this BINARYRES packer? I can't find any description of it --
the only hits are from Virustotal scans.
Perhaps it's not an exe packer, but just indicates unusual resource
blocks in the file.
|
| Similar Threads | Posted | | Sorry Just get link | June 6, 2006, 3:30 am |
| Link | August 22, 2006, 6:04 am |
| Virus "link" in e-mail? | April 24, 2006, 5:12 pm |
| Kaspersky AVP- request for update file download link ... | October 29, 2005, 10:40 pm |
| Nice Microsoft link to sysinternals tools and more (no signin req) | March 23, 2007, 8:58 am |
| Venak and Avenak Trial Version Link (MPS Edition) | January 10, 2008, 3:15 am |
| IDNSERROR.COM and Troj/Zlob-QK | November 10, 2006, 6:49 pm |
| Zlob Trojan - Newbie on group - Help please! | April 13, 2006, 11:55 am |
| Troj/Zlob-ZG reported on my machine..... | February 22, 2007, 5:59 pm |
| difference vundo, zlob, renos | May 6, 2008, 9:20 am |
|
XML site map