New virus (price.cpl - Bagle varient) and current Virus-Total results

New virus (price.cpl - Bagle varient) and current Virus-Total results
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Anti-Virus Software    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
New virus (price.cpl - Bagle varient) and current Virus-Total results Virus Guy 09-12-2005
Posted by Virus Guy on September 12, 2005, 10:47 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

This came in via e-mail today. Got past Symantec Corporate AV running
on our server.

I ran this through Virus Total earlier today (about 8-10 hours ago)
and I think only 6 AV programs identified it. Many more are doing so
now.

The file (price2.zip) was attached to an e-mail with no subject. The
file unzips to price.cpl (a control panel extension) with a time-stamp
of Tuesday Sept 13 12:24:24 am. size = 14340 bytes.

The only interesting bit of readable text inside it is "open
\gfgdgfddfgdfgwe.exe".

Anyways, here are the virus total results. I'll check again in a week
and see how the various vendors are doing with this one.

---------------

Scanned Sept 12 / 10pm EST:

BitDefender 7.0 09.02.2005 no virus found
CAT-QuickHeal 8.00 09.12.2005 no virus found
eTrust-Iris 7.1.194.0 09.13.2005 no virus found
eTrust-Vet 11.9.1.0 09.12.2005 no virus found
Ikarus 0.2.59.0 09.12.2005 no virus found
McAfee 4579 09.12.2005 no virus found
VBA32 3.10.4 09.12.2005 no virus found
The Cleaner v3843 09.12.2005 no virus found
Fortinet 2.41.0.0 09.07.2005 suspicious


ClamAV devel-20050725 09.13.2005 Worm.Bagle.BB-gen
DrWeb 4.32b 09.12.2005 Win32.HLLM.Beagle.12288
AntiVir 6.31.1.0 09.12.2005 DR/Bagle.P
Avast 4.6.695.0 09.12.2005 Win32:Mitglieder-BK
AVG 718 09.12.2005 I-Worm/Bagle.EQ
Avira 6.31.1.0 09.12.2005 DR/Bagle.P
F-Prot 3.16c 09.13.2005 security risk named W32/Mitglieder.FB
Kaspersky 4.0.2.24 09.13.2005 Email-Worm.Win32.Bagle.cs
NOD32v2 1.1214 09.12.2005 Win32/Bagle.BI
Norman 5.70.10 09.12.2005 W32/Bagle.CS
Panda 8.02.00 09.12.2005 W32/Bagle.EK.worm
Sophos 3.97.0 09.13.2005 Troj/Dropper-BC
Symantec 8.0 09.13.2005 Trojan.Tooso.N
TheHacker 5.8.2.105 09.12.2005 W32/Bagle.cs


Posted by Gabriele Neukam on September 13, 2005, 5:14 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On that special day, Virus Guy, (Virus@Guy.com) said...

> I ran this through Virus Total earlier today (about 8-10 hours ago)
> and I think only 6 AV programs identified it. Many more are doing so
> now.

Already identified as Bagle-Downloader. See
> http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BAGLE.CZ
> http://www.f-secure.com/weblog/


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de


--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.


Posted by What's in a Name? on September 13, 2005, 6:56 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>
> This came in via e-mail today. Got past Symantec Corporate AV
> running on our server.
>
> I ran this through Virus Total earlier today (about 8-10 hours
> ago) and I think only 6 AV programs identified it. Many more are
> doing so now.
>
> The file (price2.zip) was attached to an e-mail with no subject.
> The file unzips to price.cpl (a control panel extension) with a
> time-stamp of Tuesday Sept 13 12:24:24 am. size = 14340 bytes.
>
> The only interesting bit of readable text inside it is "open
> \gfgdgfddfgdfgwe.exe".
>
> Anyways, here are the virus total results. I'll check again in a
> week and see how the various vendors are doing with this one.
>
> ---------------
>
> Scanned Sept 12 / 10pm EST:
>
> BitDefender 7.0 09.02.2005 no virus found
> CAT-QuickHeal 8.00 09.12.2005 no virus found
> eTrust-Iris 7.1.194.0 09.13.2005 no virus found
> eTrust-Vet 11.9.1.0 09.12.2005 no virus found
> Ikarus 0.2.59.0 09.12.2005 no virus found
> McAfee 4579 09.12.2005 no virus found
> VBA32 3.10.4 09.12.2005 no virus found
> The Cleaner v3843 09.12.2005 no virus found
> Fortinet 2.41.0.0 09.07.2005 suspicious
>
>
> ClamAV devel-20050725 09.13.2005 Worm.Bagle.BB-gen
> DrWeb 4.32b 09.12.2005 Win32.HLLM.Beagle.12288
> AntiVir 6.31.1.0 09.12.2005 DR/Bagle.P
> Avast 4.6.695.0 09.12.2005 Win32:Mitglieder-BK
> AVG 718 09.12.2005 I-Worm/Bagle.EQ
> Avira 6.31.1.0 09.12.2005 DR/Bagle.P
> F-Prot 3.16c 09.13.2005 security risk named W32/Mitglieder.FB
> Kaspersky 4.0.2.24 09.13.2005 Email-Worm.Win32.Bagle.cs
> NOD32v2 1.1214 09.12.2005 Win32/Bagle.BI
> Norman 5.70.10 09.12.2005 W32/Bagle.CS
> Panda 8.02.00 09.12.2005 W32/Bagle.EK.worm
> Sophos 3.97.0 09.13.2005 Troj/Dropper-BC
> Symantec 8.0 09.13.2005 Trojan.Tooso.N
> TheHacker 5.8.2.105 09.12.2005 W32/Bagle.cs

Hey Virus Guy-I would like to test one of my systems with a live
specimen.Have AVG/eTrust/Anti-Vir/BitDefender/ClamWin installed. Can
you send me a copy? maxpro4u@neoDOTrrDotcom(remove the DOTs).
-max
--
Playing Nice on Usenet:
http://oakroadsystems.com/genl/unice.htm#xpost
My Pages: http://home.neo.rr.com/manna4u/
http://home.neo.rr.com/manna4u/keepingclean.html
http://home.neo.rr.com/manna4u/virusprevention.html
http://home.neo.rr.com/manna4u/tools.html
Change nomail.afraid.org to yahoo.com to reply.
Registered Linux User #393236


Posted by Virus Guy on September 13, 2005, 9:35 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
What's in a Name? wrote:

> Hey Virus Guy-I would like to test one of my systems with a live
> specimen.Have AVG/eTrust/Anti-Vir/BitDefender/ClamWin installed.
> Can you send me a copy? maxpro4u@neoDOTrrDotcom(remove the DOTs).
> -max

Look for it.


Posted by What's in a Name? on September 14, 2005, 1:08 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

> What's in a Name? wrote:
>
>> Hey Virus Guy-I would like to test one of my systems with a live
>> specimen.Have AVG/eTrust/Anti-Vir/BitDefender/ClamWin installed.
>> Can you send me a copy? maxpro4u@neoDOTrrDotcom(remove the DOTs).
>> -max
>
> Look for it.

Thanks-On this system(win2000)with AVG/eTrust/AntiVir/Avast all
running as resident-AVG was the first to popup with warnings.
I am going to resend it to myself because I forgot I had set AVG to
move any password protected files to vault.
-max
--
Playing Nice on Usenet:
http://oakroadsystems.com/genl/unice.htm#xpost
My Pages: http://home.neo.rr.com/manna4u/
http://home.neo.rr.com/manna4u/keepingclean.html
http://home.neo.rr.com/manna4u/virusprevention.html
http://home.neo.rr.com/manna4u/tools.html
Change nomail.afraid.org to yahoo.com to reply.
Registered Linux User #393236


Similar ThreadsPosted
Price Virus and McAfee September 21, 2005, 6:31 pm
Forget price. Absolute best anti virus?? July 6, 2005, 12:47 am
best current anti virus software? June 15, 2006, 9:32 pm
www.virustotal.com July 22, 2006, 6:58 am
virustotal February 14, 2007, 10:53 am
Re: Virustotal August 11, 2008, 6:13 am
Can't access virustotal.net (?) November 25, 2005, 9:05 am
Are there other services like virustotal.com anywhere? February 7, 2006, 9:27 pm
FYI: Sunbelt has been added to VirusTotal December 2, 2006, 10:16 am
Virustotal and virusscan.jotti.org tied up! June 22, 2006, 11:39 am

The site map in XML format XML site map

Contact Us | Privacy Policy