Zitat
From: <[email protected]>
An: [mich]
Hello, thank you, all undetectable were detected.
I didn't detect eplugin.ocx ...
-- Best regards, Shvetsov Dmitry Virus analyst, Kaspersky Lab. e-mail: [email protected] e-mail: [email protected] http://www.kaspersky.com/
>> Hello.
>>
>> I'm sending you some sample of malware which has been found on a class
>> of PCs with strange behaviour using HijackThis, but weren't detected
>> neither by KAV nor by BD nor by F-Secure 2004 nor by McAfee VS 8.
>> I did some pre-analysis to differ between "true" malware and simple
>> dialers, hijackers etc.
>>
>> * cssweb.dll is a new version of the well known Spyware CSS Web Search.
>> * emsat_ver2.ocx s an older undetected variant of
>> TrojanClicker.Win32.Adpower.
>> * EPlugin.ocx seems to be a new variant of the hijacker/trojan
>> TrojanDownloader.Win32.Ladder.
>> * goworld.ocx is a new TrojanDownloader.
>> * P2ECOM.dll seems to be a variant of TrojanDownloader.Win32.Trimm
>> * xtrayinst.exe is a TrojanDownloader invoking ftp.exe to download some
>> non-existent / already removed files from the web.
Jep, ich kann's immer noch.
(Die restlichen 15 Files waren "nur" Dialer und simple Hijacker-Toolbars, die aber keine Schadfunktionen beinhalten.)
Merkt euch also bitte: Das ein Virenscanner etwas nicht erkennt, heißt nicht viel...
Dieser Beitrag wurde von Rika bearbeitet: 28. Juni 2004 - 09:39