Sunday, August 26, 2007

Malware alert in Patch for Net Transport (all Versions)

See Screenshot unpacked patch

The almost included and spreed patches for Net Tranport are confirmed to be Malware. Two different sources comes to the same result.
Unpack the protected exe patch it contents a trojan.
Patch 2.xx unknown till now.

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V32007.8.25.02007.08.24-
AntiVir7.4.1.632007.08.25-
Authentium4.93.82007.08.26-
Avast4.7.1029.02007.08.26-
AVG7.5.0.4842007.08.25Generic5.HAV
BitDefender7.22007.08.26-
CAT-QuickHeal9.002007.08.25(Suspicious) - DNAScan
ClamAV0.912007.08.26-
DrWeb4.332007.08.26-
eSafe7.0.15.02007.08.26Suspicious Trojan/Worm
eTrust-Vet31.1.50852007.08.24-
Ewido4.02007.08.26-
FileAdvisor12007.08.26-
Fortinet2.91.0.02007.08.26-
F-Prot4.3.2.482007.08.26-
F-Secure6.70.13030.02007.08.26-
IkarusT3.1.1.122007.08.26Trojan-Downloader.Win32.Zlob.and
Kaspersky4.0.2.242007.08.26-
McAfee51052007.08.24-
Microsoft1.28032007.08.26-
NOD32v224842007.08.25-
Norman5.80.022007.08.24-
Panda9.0.0.42007.08.26-
Prevx1V22007.08.26-
Rising19.37.62.002007.08.26-
Sophos4.21.02007.08.26-
Sunbelt2.2.907.02007.08.25VIPRE.Suspicious
Symantec102007.08.26-
TheHacker6.1.9.1732007.08.26-
VBA323.12.2.32007.08.26Trojan.Packed.49
VirusBuster4.3.26:92007.08.25-
Webwasher-Gateway6.0.12007.08.26Win32.Malware.gen (suspicious)
weitere Informationen
File size: 333824 bytes
MD5: c2ccd8db9cb1e19a4569f8451f086fc3
SHA1: 46fc08f3a677752d13651a17511af44a38144092
packers: embedded
packers: embedded
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
Ergebnis: 7/32 (21.88%)

Be aware it seems to be same as NOD32 patches

4 comments:

Anonymous said...

Patches by ' starzboy '
not only here, see winrar custom patch 1.3 ,...

Anonymous said...

http://www.google.com/search?q=starzboy+trojan
@ http://whois.domaintools.com/teamicu.org

Anonymous said...

AVG IS NOT@ .IN !?!

Anonymous said...

It doesn't looks likes it patch trojan into the target. execute it, remove patch, check result for callhomes reg dep. chk + ip/domains, remove
http://www1.zippyshare.com/v/3386126/patchUpACK.zip.html

Post a Comment