Howdy Campers,
Part-1: *OR* How to build a weapon of mass distraction for $1.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Smifraud-C in c:\windows\system32\drivers\WMDrive.sys (189,952 bytes)
Windows XP-Prof SP3 + all critical updates to date
Firefox 3.05
SS&D 1.6.0.30, detection updates from 12 Dec 2008.
Scan Result from main prog scanner with fileset = "spyware check only" picked up the above. However, a second scan using the explorer shell extension "scan with spybot search & destroy" on the file in question reports "nothing found" for both Malware & Heuristic.
(I did the above twice & got same results).
Scanned with Symantec AV 10.0.1.1001 & defs from 15 Dec 2008 (rev. 4) ie "current as of today" reports nothing wrong with this file or with full system scan.
I uploaded it to http://www.kaspersky.com/scanforvirus and it declared it as clean as a president's conscience (ie "clean").
I have saved a copy of the file if you want it.
Part-2
~~~~~~
So I googled WMDrive.sys and found http://www.prevx.com/filenames/X2314...RIVE2ESYS.html. Yes, I'd like to see her with less clothes too (clipboard optional). Ahem - oh yeah....and they say it's from a prog called WinMount. And golly-gee, I installed WinMount today from http://www.winmount.com/down/WinMount_setup.exe(!). So I started to reinstall it - just to get a look at the files it dumps in my temp dir & among them is a file "_RegDLL.tmp" (3,584 bytes). Scanning that with the explorer shell SBS&D yields a positive for "Vario.Antivirus" under the heuristics section.
Once again, NAV and Kaspersky say it's clean as...err...that girl's clipboard (ie "clean").
Kept a copy too.
Big *sigh*...
What would you like me to do?
P.S. If I ramble, blame the drugs...