Virtumonde and Adware keep returning despite all efforts.

Hello :)

Go to virustotal.com
Copy the following to the box next to "Browse" button:
C:\WINDOWS\choice.exe
Click on Send
Wait for the scan to end.

Go to virustotal.com
Copy the following to the box next to "Browse" button:
C:\WINDOWS\system32\symnppwa.dll
Click on Send
Wait for the scan to end.

Copy & Paste the scan results to here.

:bigthumb:
 
virustotal.com scans

VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines.


Select file : DistributeSSL

Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu:
News Hot news in the virus/antivirus sector.
Estadisticas Statistics of VirusTotal procesing.
Virustotal More info about Virustotal.


STATUS: FINISHEDComplete scanning result of "choice.exe", received in VirusTotal at 04.08.2007, 21:20:02 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.7.0 04.06.2007 no virus found
AntiVir 7.3.1.48 04.08.2007 no virus found
Authentium 4.93.8 04.06.2007 no virus found
Avast 4.7.936.0 04.08.2007 no virus found
AVG 7.5.0.447 04.08.2007 no virus found
BitDefender 7.2 04.08.2007 no virus found
CAT-QuickHeal 9.00 04.06.2007 no virus found
ClamAV devel-20070312 04.08.2007 no virus found
DrWeb 4.33 04.08.2007 no virus found
eSafe 7.0.15.0 04.08.2007 suspicious Trojan/Worm
eTrust-Vet 30.7.3549 04.06.2007 no virus found
Ewido 4.0 04.08.2007 no virus found
FileAdvisor 1 04.08.2007 no virus found
Fortinet 2.85.0.0 04.08.2007 suspicious
F-Prot 4.3.1.45 04.04.2007 no virus found
F-Secure 6.70.13030.0 04.08.2007 no virus found
Ikarus T3.1.1.3 04.08.2007 no virus found
Kaspersky 4.0.2.24 04.08.2007 no virus found
McAfee 5003 04.06.2007 no virus found
Microsoft 1.2405 04.08.2007 no virus found
NOD32v2 2173 04.07.2007 no virus found
Norman 5.80.02 04.05.2007 no virus found
Panda 9.0.0.4 04.08.2007 no virus found
Prevx1 V2 04.08.2007 no virus found
Sophos 4.16.0 04.06.2007 no virus found
Sunbelt 2.2.907.0 04.07.2007 no virus found
Symantec 10 04.08.2007 no virus found
TheHacker 6.1.6.085 04.04.2007 no virus found
VBA32 3.11.3 04.07.2007 no virus found
VirusBuster 4.3.7:9 04.08.2007 no virus found
Webwasher-Gateway 6.0.1 04.08.2007 no virus found


Aditional Information
File size: 21312 bytes
MD5: 2e5832d56dcc6dc7ecb1cbe9ea350b9b
SHA1: 0dfad92a2f9305ed8d46e374bf0bf36a554a9900
packers: UPX
packers: UPX
packers: UPX

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004-07:: e-mail info@virustotal.com


VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines.


Select file : DistributeSSL

Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu:
News Hot news in the virus/antivirus sector.
Estadisticas Statistics of VirusTotal procesing.
Virustotal More info about Virustotal.


STATUS: FINISHEDComplete scanning result of "symnppwa.dll", received in VirusTotal at 04.08.2007, 23:12:18 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.7.0 04.06.2007 no virus found
AntiVir 7.3.1.48 04.08.2007 no virus found
Authentium 4.93.8 04.08.2007 no virus found
Avast 4.7.936.0 04.08.2007 no virus found
AVG 7.5.0.447 04.08.2007 no virus found
BitDefender 7.2 04.08.2007 no virus found
CAT-QuickHeal 9.00 04.06.2007 no virus found
ClamAV devel-20070312 04.08.2007 no virus found
DrWeb 4.33 04.08.2007 no virus found
eSafe 7.0.15.0 04.08.2007 no virus found
eTrust-Vet 30.7.3549 04.06.2007 no virus found
Ewido 4.0 04.08.2007 no virus found
FileAdvisor 1 04.08.2007 no virus found
Fortinet 2.85.0.0 04.08.2007 no virus found
F-Prot 4.3.1.45 04.08.2007 no virus found
F-Secure 6.70.13030.0 04.08.2007 no virus found
Ikarus T3.1.1.3 04.08.2007 no virus found
Kaspersky 4.0.2.24 04.08.2007 no virus found
McAfee 5003 04.06.2007 no virus found
Microsoft 1.2405 04.08.2007 no virus found
NOD32v2 2173 04.07.2007 no virus found
Norman 5.80.02 04.05.2007 no virus found
Panda 9.0.0.4 04.08.2007 no virus found
Prevx1 V2 04.08.2007 no virus found
Sophos 4.16.0 04.06.2007 no virus found
Sunbelt 2.2.907.0 04.07.2007 no virus found
Symantec 10 04.08.2007 no virus found
TheHacker 6.1.6.085 04.04.2007 no virus found
VBA32 3.11.3 04.08.2007 no virus found
VirusBuster 4.3.7:9 04.08.2007 no virus found
Webwasher-Gateway 6.0.1 04.08.2007 no virus found


Aditional Information
File size: 185496 bytes
MD5: 886f984b906e21276e4681eb4450dbfb
SHA1: b41d99e70ebe88b9b9c67baadda3332dc2019afc

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004-07:: e-mail info@virustotal.com
 
Hello :)

Navigate to the C:\WINDOWS\system32\symnppwa.dll
rigth click the file.

What does it say on the Description, Copyright and version ?

:bigthumb:
 
SYMNPPWA.dll info

Copyright (c) 2007 Symantec Corporation.All
File Version: 2007.1.7.8
Description: SymNcoWA
Product Name: Norton Confidential
 
Question about esafe and Fortinet

My Virustotal scan of "choice.exe" found the following entries:

eSafe 7.0.15.0 04.08.2007 suspicious Trojan/Worm

Fortinet 2.85.0.0 04.08.2007 suspicious

Are these anything to worry about?
 
Hello :)

Are you using this Norton Confidential software?

The choice.exe, have you used the software named IE-Spyad lately?

:bigthumb:
 
Hello

I have recently purchased and installed Norton 360. I beleive that Norton Confidential might be part of the bundle or expansion pack which includes anti Spam as well.

As far as IE-Spyad is concerned, I don't beleive that I have used it and I'm not to sure what it is.
 
Ok good, that is Norton related then.

I've been doing some research about the choice.exe and it seems to have something to do with a setting the language or country. Migth be part of some game etc. I recommend that we leave it. If you want you can rename the file to eg. choice.bad and see if everything works correctly. Then you may restore the original name if something gives error.

How is the computer running now? any issues?

:bigthumb:
 
Everything seems ok for now.

I just ran a Spybot scan and everything seems ok. I guess that I should proceed with the previously posted cleaning/purging instructions posted. What about my previous question regarding:

"My Virustotal scan of "choice.exe" found the following entries:

eSafe 7.0.15.0 04.08.2007 suspicious Trojan/Worm

Fortinet 2.85.0.0 04.08.2007 suspicious"
 
Hello :)

It was that choice.exe that I was referring. I recommend that we leave it. If you want you can rename the file to eg. choice.bak and see if everything works correctly. Then you may restore the original name if something gives an error.

:bigthumb:
 
Renaming choice.exe

Hello,

I appologize for asking this stupid question.
If I were to rename choice.exe, would I do it like this "C:\Windows\Choice.bak" ? or would I rename the particular questionable entries eSafe and Fortinet only.
 
Hello :)

Yes, I meant that you may just manually rename the choice.exe to choice.bak

:bigthumb:
 
This topic has been archived.

If you need it re-opened, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.

Thank you Mr_JAk3.
 
You must log in or register to reply here.
Back
Top