New Virus?

New Virus?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
New Virus? Eugene Taylor 07-06-2005
---> Re: New Virus? David H. Lipman07-06-2005
| ---> Re: New Virus? Eugene Taylor07-06-2005
| | ---> Re: New Virus? David H. Lipman07-06-2005
| | ---> Re: New Virus? Eugene Taylor07-06-2005
| | |--> Re: New Virus? David H. Lipman07-06-2005
| | `--> Re: New Virus? David H. Lipman07-06-2005
| | `--> Re: New Virus? David H. Lipman07-06-2005
| |--> Re: New Virus? Eugene Taylor07-07-2005
| `--> Re: New Virus? David H. Lipman07-07-2005
Posted by Eugene Taylor on July 6, 2005, 11:22 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I have been infected with a couple of programs called rnaapp2.exe and
noadsense.exe I cannot find anything on google about them. The load into
registry and run at startup. I have had a devil of a time getting rid of
them. I finally found that they add a task to task scheduler to run about
every hour or so. I also installed zonealarm and caught it going to the
following ip address 70.80.195.77:6667 I am running norton anti virus
corporate edition, and microsoft antispyware. I finally had to run hijack
this and manually edit the registry. I have copies of the executables if
anyone wants to analyze.



Posted by David H. Lipman on July 6, 2005, 11:46 am
If you were  Registered and logged in, you could reply and use other advanced thread options

| I have been infected with a couple of programs called rnaapp2.exe and
| noadsense.exe I cannot find anything on google about them. The load into
| registry and run at startup. I have had a devil of a time getting rid of
| them. I finally found that they add a task to task scheduler to run about
| every hour or so. I also installed zonealarm and caught it going to the
| following ip address 70.80.195.77:6667 I am running norton anti virus
| corporate edition, and microsoft antispyware. I finally had to run hijack
| this and manually edit the registry. I have copies of the executables if
| anyone wants to analyze.
|

I will accept both for analysis.

Please send them both in a password protected ZIP file.
Please include the password you used to zip them with.

Results will be posted back into this thread.

Just remove ~nospam~ from the posted email address or
David_H_Lipman~nospam~@Yahoo.Com

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by Eugene Taylor on July 6, 2005, 12:07 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>
> | I have been infected with a couple of programs called rnaapp2.exe and
> | noadsense.exe I cannot find anything on google about them. The load into
> | registry and run at startup. I have had a devil of a time getting rid of
> | them. I finally found that they add a task to task scheduler to run
about
> | every hour or so. I also installed zonealarm and caught it going to the
> | following ip address 70.80.195.77:6667 I am running norton anti virus
> | corporate edition, and microsoft antispyware. I finally had to run
hijack
> | this and manually edit the registry. I have copies of the executables if
> | anyone wants to analyze.
> |
>
> I will accept both for analysis.
>
> Please send them both in a password protected ZIP file.
> Please include the password you used to zip them with.
>
> Results will be posted back into this thread.
>
> Just remove ~nospam~ from the posted email address or
David_H_Lipman~nospam~@Yahoo.Com
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>

Thanks they are on the way!



Posted by David H. Lipman on July 6, 2005, 12:49 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| Thanks they are on the way!
|
"noadsense.exe"

AntiVir 6.31.0.7 07.06.2005 no virus found
AVG 718 07.04.2005 no virus found
Avira 6.31.0.7 07.06.2005 no virus found
BitDefender 7.0 07.06.2005 Backdoor.SDBot.32E72B11
ClamAV devel-20050501 07.06.2005 no virus found
DrWeb 4.32b 07.06.2005 no virus found
eTrust-Iris 7.1.194.0 07.05.2005 Win32/SdBot.47283!Worm
eTrust-Vet 11.9.1.0 07.06.2005 Win32.Slinbot.AIM
Fortinet 2.36.0.0 07.06.2005 suspicious
Ikarus 2.32 07.06.2005 Backdoor.Win32.Ciadoor.N
Kaspersky 4.0.2.24 07.06.2005 Backdoor.Win32.SdBot.gen
McAfee 4529 07.06.2005 no virus found
NOD32v2 1.1161 07.04.2005 a variant of IRC/SdBot
Norman 5.70.10 07.05.2005 W32/Suspicious_M.gen
Panda 8.02.00 07.06.2005 W32/Gaobot.gen.worm
Sophos SAVCLI32 3.94.0 W32/Sdbot-Fam
Sybari 7.5.1314 07.06.2005 Backdoor.Win32.SdBot.gen
Symantec 8.0 07.05.2005 no virus found
Trend Sysclean PF 717 WORM_SDBOT.GEN
TheHacker 5.8.2.066 07.05.2005 no virus found
VBA32 3.10.4 07.06.2005 no virus found

"rnaapp2.exe"

AntiVir 6.31.0.7 07.06.2005 no virus found
AVG 718 07.04.2005 BackDoor.G-Spot.F
Avira 6.31.0.7 07.06.2005 no virus found
BitDefender 7.0 07.06.2005 Backdoor.G.Spot.2.0
ClamAV devel-20050501 07.06.2005 no virus found
DrWeb 4.32b 07.06.2005 no virus found
eTrust-Iris 7.1.194.0 07.05.2005 no virus found
eTrust-Vet 11.9.1.0 07.06.2005 no virus found
Fortinet 2.36.0.0 07.06.2005 suspicious
Ikarus 2.32 07.06.2005 IM-Worm.Win32.Sumom.C
Kaspersky 4.0.2.24 07.06.2005 Backdoor.Win32.G_Spot.20
McAfee 4529 07.06.2005 no virus found
NOD32v2 1.1161 07.04.2005 Win32/G_Spot.20
Norman 5.70.10 07.05.2005 W32/Suspicious_M.gen
Panda 8.02.00 07.06.2005 no virus found
Sophos SAVCLI32 3.94.0 Troj/Bdoor-AAG
Sybari 7.5.1314 07.06.2005 Backdoor.Win32.G_Spot.20
Symantec 8.0 07.05.2005 no virus found
Trend Sysclean PF 717 no virus found
TheHacker 5.8.2.066 07.05.2005 no virus found
VBA32 3.10.4 07.06.2005 no virus found

Both files were submitted to McAfee/AVERT
rnaapp2.exe was submitted to Trend Micro

Most of this report was obtained via submission to Virus Total
http://www.virustotal.com/flash/index_en.html

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by Eugene Taylor on July 6, 2005, 12:54 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Thanks, scary I was relying on a single anti-virus program
>
> | Thanks they are on the way!
> |
> "noadsense.exe"
>
> AntiVir 6.31.0.7 07.06.2005 no virus found
> AVG 718 07.04.2005 no virus found
> Avira 6.31.0.7 07.06.2005 no virus found
> BitDefender 7.0 07.06.2005 Backdoor.SDBot.32E72B11
> ClamAV devel-20050501 07.06.2005 no virus found
> DrWeb 4.32b 07.06.2005 no virus found
> eTrust-Iris 7.1.194.0 07.05.2005 Win32/SdBot.47283!Worm
> eTrust-Vet 11.9.1.0 07.06.2005 Win32.Slinbot.AIM
> Fortinet 2.36.0.0 07.06.2005 suspicious
> Ikarus 2.32 07.06.2005 Backdoor.Win32.Ciadoor.N
> Kaspersky 4.0.2.24 07.06.2005 Backdoor.Win32.SdBot.gen
> McAfee 4529 07.06.2005 no virus found
> NOD32v2 1.1161 07.04.2005 a variant of IRC/SdBot
> Norman 5.70.10 07.05.2005 W32/Suspicious_M.gen
> Panda 8.02.00 07.06.2005 W32/Gaobot.gen.worm
> Sophos SAVCLI32 3.94.0 W32/Sdbot-Fam
> Sybari 7.5.1314 07.06.2005 Backdoor.Win32.SdBot.gen
> Symantec 8.0 07.05.2005 no virus found
> Trend Sysclean PF 717 WORM_SDBOT.GEN
> TheHacker 5.8.2.066 07.05.2005 no virus found
> VBA32 3.10.4 07.06.2005 no virus found
>
> "rnaapp2.exe"
>
> AntiVir 6.31.0.7 07.06.2005 no virus found
> AVG 718 07.04.2005 BackDoor.G-Spot.F
> Avira 6.31.0.7 07.06.2005 no virus found
> BitDefender 7.0 07.06.2005 Backdoor.G.Spot.2.0
> ClamAV devel-20050501 07.06.2005 no virus found
> DrWeb 4.32b 07.06.2005 no virus found
> eTrust-Iris 7.1.194.0 07.05.2005 no virus found
> eTrust-Vet 11.9.1.0 07.06.2005 no virus found
> Fortinet 2.36.0.0 07.06.2005 suspicious
> Ikarus 2.32 07.06.2005 IM-Worm.Win32.Sumom.C
> Kaspersky 4.0.2.24 07.06.2005 Backdoor.Win32.G_Spot.20
> McAfee 4529 07.06.2005 no virus found
> NOD32v2 1.1161 07.04.2005 Win32/G_Spot.20
> Norman 5.70.10 07.05.2005 W32/Suspicious_M.gen
> Panda 8.02.00 07.06.2005 no virus found
> Sophos SAVCLI32 3.94.0 Troj/Bdoor-AAG
> Sybari 7.5.1314 07.06.2005 Backdoor.Win32.G_Spot.20
> Symantec 8.0 07.05.2005 no virus found
> Trend Sysclean PF 717 no virus found
> TheHacker 5.8.2.066 07.05.2005 no virus found
> VBA32 3.10.4 07.06.2005 no virus found
>
> Both files were submitted to McAfee/AVERT
> rnaapp2.exe was submitted to Trend Micro
>
> Most of this report was obtained via submission to Virus Total
> http://www.virustotal.com/flash/index_en.html
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>



Similar ThreadsPosted
HELP: Virus is preventing me from installing anti virus software!! January 11, 2007, 2:17 am
I have a virus that uses "anti virus software" downloads as a cover up March 24, 2007, 1:40 pm
I have a worm or virus that does not allow me to go to ANY anti-virus website January 28, 2006, 10:29 pm
Caught a Virus: Virus:Trj/Shutdown.Z -- need advice June 13, 2007, 12:59 am
Vundo fix not finding vundo virus - windows tool deletes virus May 14, 2008, 2:06 pm
Does anybody know what virus i've got? July 5, 2005, 8:23 am
virus July 19, 2005, 12:20 pm
Virus help August 8, 2005, 10:34 am
Virus Help August 13, 2005, 8:00 am
A virus? August 26, 2005, 10:01 am

The site map in XML format XML site map

Contact Us | Privacy Policy