View Full Version : xp antivirus
dj.turkmaster
2008-09-01, 01:54
10 minutes ago i have downloaded a new variant of xp antivirus and is not detected by spybot neither antivir nor clamAV :( . But i can't send these files over gmail even though i have zipped and set a password to the zip file. It looks impossible for me to send the samples to spybot. I have tried to send other undetected samples before but i again wasn't able to :( Please advise.
Happy-Dude
2008-09-01, 06:15
Darn, this is pretty tough rogue malware. (Why the heck did you download the varient without reading user experiences first :sad: !!)
Alright, this is gonna take some major steps.
Follow http://forum.avast.com/index.php?topic=38157.msg319553#msg319553 for some info on removing it. There is a blog link that I posted there than has more manual remove things.
Also follow http://forum.avast.com/index.php?topic=38254.0 .
If you can, (I dunno if you can do it on Safer-Networking forums,) post a HiJackThis log.
Please do NOT post hjt logs in the Spybot forum, (http://forums.spybot.info/showthread.php?t=1266)
Post back ASAP. This new variant is really difficult for anti-malware to remove.
Hello Happy-Dude,
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
As you will see, we do not encourage members to apply fixes given to another user. ;) All help in the malware forum is provided one on one.
FYI, dj.turkmaster is collecting files for our detectives' attention.
Cheers.
dj.turkmaster
2008-09-01, 12:30
Happy-Dude:
I am also a hijackthis analyzer :) I didn't get infected I only have the sample.
Tashi:
When we discussed this xp antivirus malware in our forums we have seen that there are lots of variants of this malware. For example my friend has 3 samples and these are the virustotal results:
http://www.virustotal.com/tr/analisis/f3f4acaf7d85ae40d24028551e9ec507
http://www.virustotal.com/tr/analisis/6330ceb7fc47b8b38e0f55cf7215387d
http://www.virustotal.com/analisis/92fd3aeb80e0f3279c46e5b5e7eb807e
and this is the one which i have downloaded last night:
http://www.virustotal.com/tr/analisis/6111f145c4fed225fcdf86f9e76b86b1
Any advice of how i can send these samples to the detectives?
Hi dj.turkmaster,
But i can't send these files over gmail even though i have zipped and set a password to the zip file.
Is gmail preventing your sending the files, or is gmail not being accepted our end?
dj.turkmaster
2008-09-01, 18:25
Hi Tashi,
It gives an error saying "setup.zip contains an executable file. For security reasons gmail does not allow you to send this type of file"
As I have said before it is zipped and password protected and inside the zip there is an .exe file.
Hi there,
You don't have another email address you can use other than gmail? :)
dj.turkmaster
2008-09-01, 19:21
I only have gmail tashi. But now I have sent the mail by using my brother's hotmail adress. I didn't want to use his adress. Well whatever i have sent it. :) I also scanned the while at virustotal, virscan.org and jotti. Do you get samples from there and even if you get the samples, is sending the file directly to detections(at)spybot.info a better way?
Hello, :)
Vendors share certain lists, but a detective would be the best one to answer your question so I left a message for their attention.
Cheers.
dj.turkmaster
2008-09-01, 20:01
I only have gmail tashi. But now I have sent the mail by using my brother's hotmail adress. I didn't want to use his adress. Well whatever i have sent it. :) I also scanned the while at virustotal, virscan.org and jotti. Do you get samples from there and even if you get the samples, is sending the file directly to detections(at)spybot.info a better way?
while=file btw :D I dont know why i wrote like that :D
Well thanks for your help tashi. I think I will have to use my brother's mail adress for sending samples from now on.
Happy-Dude
2008-09-01, 22:31
Ah I understand now. Sorry about that, then ;) .