PDA

View Full Version : HELP!,, how to open a vexe file


aniluv
2009-05-18, 07:46
i think my usb file was demage by a virus, the antivirus give an option: "rename" i click, but i still can't open it , it appers as a vexe file
aniluv
2009-05-18, 07:52
by the way, my english sucks so please be patient
tashi
2009-05-18, 08:54
Hello,

i think my usb file was demage by a virus, the antivirus give an option: "rename" i click, but i still can't open it , it appers as a vexe file

If the file is infected you don't want to try to open it. :)
aniluv
2009-05-18, 15:35
I guess it's infected because I scanned the file at virustotal.com and this were the results
Motor antivirus Versión Última actualización Resultado
a-squared 4.0.0.101 2009.05.18 Trojan-Dropper.Win32.Flystud!IK
AhnLab-V3 5.0.0.2 2009.05.18 Win-Trojan/Dropper.1244127
AntiVir 7.9.0.168 2009.05.17 Worm/Autorun.ehw
Antiy-AVL 2.0.3.1 2009.05.15 Worm/Win32.AutoRun
Authentium 5.1.2.4 2009.05.17 W32/Nuj.A.gen!Eldorado
Avast 4.8.1335.0 2009.05.17 Win32:Trojan-gen {Other}
AVG 8.5.0.336 2009.05.17 -
BitDefender 7.2 2009.05.18 Trojan.Generic.1496582
CAT-QuickHeal 10.00 2009.05.15 Worm.AutoRun.ehw
ClamAV 0.94.1 2009.05.16 Trojan.Downloader-53377
Comodo 1157 2009.05.08 TrojWare.Win32.TrojanClicker.Flyst.~O
DrWeb 5.0.0.12182 2009.05.18 Win32.HLLW.Autoruner.2602
eSafe 7.0.17.0 2009.05.17 Win32.WormAutorun.Eh
eTrust-Vet 31.6.6508 2009.05.16 Win32/SillyAutorun.AOX
F-Prot 4.4.4.56 2009.05.17 W32/Nuj.A.gen!Eldorado
F-Secure 8.0.14470.0 2009.05.16 Worm.Win32.AutoRun.ehw
Fortinet 3.117.0.0 2009.05.18 W32/AutoRun.EHW!worm
GData 19 2009.05.18 Trojan.Generic.1496582
Ikarus T3.1.1.49.0 2009.05.18 -
K7AntiVirus 7.10.737 2009.05.16 Trojan.Win32.AutoRun.KOI
Kaspersky 7.0.0.125 2009.05.18 Worm.Win32.AutoRun.ehw
McAfee 5618 2009.05.17 W32/Autorun.worm.dp
McAfee+Artemis 5618 2009.05.17 W32/Autorun.worm.dp
McAfee-GW-Edition 6.7.6 2009.05.18 Worm.Autorun.ehw
Microsoft 1.4602 2009.05.17 Worm:Win32/Autorun.DM
NOD32 4081 2009.05.17 Win32/FlyStudio.NDX
Norman 6.01.05 2009.05.16 -
nProtect 2009.1.8.0 2009.05.17 -
Panda 10.0.0.14 2009.05.17 W32/Autorun.ARY
PCTools 4.4.2.0 2009.05.17 Worm.AutoRun
Prevx 3.0 2009.05.18 High Risk Cloaked Malware
Rising 21.30.00.00 2009.05.18 Worm.Win32.Autorun.exj
Sophos 4.41.0 2009.05.17 Mal/UnkPack-Fam
Sunbelt 3.2.1858.2 2009.05.17 -
Symantec 1.4.4.12 2009.05.18 Trojan.Dropper
TheHacker 6.3.4.1.326 2009.05.18 W32/AutoRun.ehw
TrendMicro 8.950.0.1092 2009.05.18 -
VBA32 3.12.10.5 2009.05.18 Trojan.HLLW.Erun.507
ViRobot 2009.5.18.1738 2009.05.18 Trojan.Win32.PSWLineage.896474
Información adicional
Tamano archivo: 1244127 bytes
MD5...: 0b01fac5cd79a977f8090f3054c21702
SHA1..: 0ce8d9dd77881fe94031717633fb5068e5d4acb8
SHA256: fa12de7db138080b3f4d4e25bc6a152d07e918af8673aec2ea063979ef1554cc
SHA512: c456b52df211b6b649009287cca2650f59047dff1e6ae285bbeddd3bf2070671
d7cd613f1ea828514dedff1e79ac2d43457e14fde49fea19404d270c43e174e0
ssdeep: 24576:+vQhg41N5L+s79FIY4ponf0e56xh3liEKKO7AynQedLSEgG:+vQ/gq9FOC
0esxh1i/ldQ2GEx
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 EXE PECompact compressed (generic) (40.9%)
Win32 Executable MS Visual C++ (generic) (37.1%)
Win32 Executable Generic (8.4%)
Win32 Dynamic Link Library (generic) (7.4%)
Clipper DOS Executable (1.9%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3831
timedatestamp.....: 0x26b54a (Fri Jan 30 08:39:38 1970)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5000 0x5000 6.52 a77f422c8d8d0346de1e7080d2abc38c
.rdata 0x6000 0x1000 0x1000 3.56 c3a429c9401d144a06bbf6c66f26e739
.data 0x7000 0x2000 0x2000 2.86 391dfe9979de8fe0fe40df3f14303242
.data 0x9000 0x19000 0x19000 5.83 8f07794fc20fa096a48f4412e1b72cbb
.rsrc 0x22000 0x5000 0x5000 3.31 f489f0c9f2bc84f2f10ca6b98bc88c4b

( 2 imports )
> KERNEL32.dll: GetProcAddress, LoadLibraryA, CloseHandle, WriteFile, CreateDirectoryA, GetTempPathA, ReadFile, SetFilePointer, CreateFileA, GetModuleFileNameA, GetStringTypeA, LCMapStringW, LCMapStringA, HeapAlloc, HeapFree, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, RtlUnwind, GetCPInfo, GetACP, GetOEMCP, MultiByteToWideChar, GetStringTypeW
> USER32.dll: MessageBoxA, wsprintfA

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
http://info.prevx.com/aboutprogramtext.asp?PX5=64980D0CDF7DC42FFB1812F847D54F00AAB1A873


* the thing is I NEED the file,, i would rather lost my computer than lost the file,, can you help me, please?
tashi
2009-05-18, 17:26
Hello,

In order for one of our volunteer analysts to advise you when available, please follow the procedure in this sticky to produce a HJT log.

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start a new topic and copy paste the log into it.

Regards. :)