|
Posted by Lauren on July 11, 2007, 1:11 am
If you were Registered and logged in, you could reply and use other advanced thread options
Antivirus Version Update Result
AhnLab-V3 2007.7.11.1 07.11.2007 no virus found
AntiVir 7.4.0.39 07.10.2007 TR/VB.Yongfu
Authentium 4.93.8 07.10.2007 no virus found
Avast 4.7.997.0 07.11.2007 no virus found
AVG 7.5.0.476 07.10.2007 Worm/Delf.CRQ
BitDefender 7.2 07.11.2007 no virus found
CAT-QuickHeal 9.00 07.10.2007 (Suspicious) - DNAScan
ClamAV devel-20070416 07.11.2007 no virus found
DrWeb 4.33 07.11.2007 no virus found
eSafe 7.0.15.0 07.10.2007 suspicious Trojan/Worm
eTrust-Vet 30.8.3778 07.10.2007 no virus found
Ewido 4.0 07.10.2007 no virus found
FileAdvisor 1 07.11.2007 no virus found
Fortinet 2.91.0.0 07.11.2007 VBWorm.C
F-Prot 4.3.2.48 07.10.2007 no virus found
Ikarus T3.1.1.8 07.11.2007 Win32.SuspectCrc
Kaspersky 4.0.2.24 07.11.2007 Virus.Win32.AutoRun.cy
McAfee 5071 07.10.2007 no virus found
Microsoft 1.2704 07.11.2007 TrojanDownloader:Win32/Banload.DC
NOD32v2 2390 07.10.2007 no virus found
Norman 5.80.02 07.10.2007 no virus found
Panda 9.0.0.4 07.11.2007 Adware/SearchExplorer
Sophos 4.19.0 07.06.2007 Mal/VBWorm-C
Sunbelt 2.2.907.0 07.11.2007 no virus found
Symantec 10 07.11.2007 W32.SillyFDC
TheHacker 6.1.6.144 07.09.2007 no virus found
VBA32 3.12.0.2 07.10.2007 no virus found
VirusBuster 4.3.23:9 07.10.2007 no virus found
Webwasher-Gateway 6.0.1 07.11.2007 Trojan.VB.Yongfu
Aditional Information
File size: 15872 bytes
MD5: 103bd3254c4aa8786ed1545261238d8f
SHA1: d08d7572b4a471216fa92967180887f995831a6a
packers: UPX
packers: UPX
packers: UPX
>
> | My apologies if this is the wrong group. I recently bought a Lasonic
> | MP-02GY MP3 player from Fry's and have found it loads a program called
> | jjjha.exe which appears to be sending information whenever a google
> search
> | is done to a website in China. The device has an autorun inf which
> changes
> | the right click menu for the drive and runs an exe on the root of the
> | device. It loads a fake svchost file into Windows/inf and sets an
> autorun
> | key. The svchost then loads and reloads the jjjha.exe which monitors
> the
> | browser. Once you stop the svchost process it is not to bad to remove
> | everything. I don't know where something like this should be reported.
> |
> | Thanks
> | Lauren
> |
>
> Before it can be reported, jjjha.exe *must* be intentified. Then once it
> is identified as
> malware you should file a formal complaint with Fry's as well as the
> Attorney General of
> your state.
>
> The following is how you should go about identifying the file...
>
>
> Please submit a sample to Virus Total --
> http://www.virustotal.com/flash/index_en.html
> The submission will then be tested against many different AV vendor's
> scanners.
> That will give you an idea what it is and who recognizes it. In addition,
> unless told
> otherwise, Virus Total will provide the sample to all participating
> vendors.
>
> You can also submit a suspect, one at a time, via the following email
> URL...
> mailto:scan@virustotal.com?subject=SCAN
>
> When you get the report, please post back the exact results and use the
> report as proof of
> the malware infection.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
| 
XML site map