2 replies to this topic

[cozofdeath]

If anyone can help out with this it would be awesome. The file was included with another executable in a .cab file. It is not detected by ZA (kaspersky) or spyware doctor. There is no readable ascii when I view it in a hex editor. Trying to disassemble it only causes errors (I'm guessing some unknown packer). Since I don't know much else to do and I don't have much experience with this stuff I hope someone here can help. Thanks

File Link:
http://rapidshare.com/users/HCQ9CK


Just Found...

In looking at the other file "VISACA~1.EXE", it looks like it downloads hxxp://palmtree.somee.com/sys32.exe(not working) and has something to do with wefmgr.exe. It has created a file "[Visa's].txt" in my root (C:\) directory. I've looked up info on the supposed author and different things that stand out in the hex dump and I've found dozens of sites this guy has been to posting to getting people to download different things from very shady sites.

[da_cash]

Scan taken on 10 May 2007 05:18:34 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found BackDoor.Generic4.VCV
BitDefender Found GenPack:Backdoor.Bifrose.ZTH
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Backdoor.Win32.Bifrose.aer
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found Packed/Upack
VBA32 Found nothing


so it is detected :]

[cozofdeath]

Awesome! Weird it wasn't picked up on my computer? Thank you.

Apparently I was one virus definition behind. I just updated today and it was found.