Pages

Sunday, July 20, 2008

emule v0 49a v1.4.8.1 cracked Virus Alert!!!

File emule_v0_49a_v1.4.8.1_cracked.rar received on 07.20.2008 16:20:42 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
http://www.virustotal.com/analisis/bc73933a915a09814b465fe059602236
Result: 20/33 (60.61%)

Antivirus Version Last Update Result
AhnLab-V3 2008.7.17.0 2008.07.18 -
AntiVir 7.8.1.11 2008.07.20 Rkit/Agent.ajn.8
Authentium 5.1.0.4 2008.07.20 -
Avast 4.8.1195.0 2008.07.20 Win32:Adware-gen
AVG 8.0.0.130 2008.07.19 BackDoor.Generic9.ALQH
BitDefender 7.2 2008.07.20 -
CAT-QuickHeal 9.50 2008.07.18 Rootkit.Agent.ajn
ClamAV 0.93.1 2008.07.20 PUA.Game.Casino-1
DrWeb 4.44.0.09170 2008.07.20 -
eSafe 7.0.17.0 2008.07.20 Rootkit.Win32.Agent.
eTrust-Vet 31.6.5966 2008.07.18 -
Ewido 4.0 2008.07.20 Rootkit.Agent.ajn
F-Prot 4.4.4.56 2008.07.20 -
F-Secure 7.60.13501.0 2008.07.20 Rootkit.Win32.Agent.ajn
Fortinet 3.14.0.0 2008.07.20 W32/Agent.AJN!tr.rkit
GData 2.0.7306.1023 2008.07.20 Rootkit.Win32.Agent.ajn
Ikarus T3.1.1.34.0 2008.07.20 Virus.Rootkit.Win32.Agent.ajn
Kaspersky 7.0.0.125 2008.07.20 Rootkit.Win32.Agent.ajn
McAfee 5342 2008.07.18 -
Microsoft 1.3704 2008.07.20 -
NOD32v2 3282 2008.07.19 a variant of Win32/PTCasino
Norman 5.80.02 2008.07.18 W32/Rootkit.GUH
Panda 9.0.0.4 2008.07.20 Adware/GoodSearchNow
Prevx1 V2 2008.07.20 System Back Door
Rising 20.53.62.00 2008.07.20 -
Sophos 4.31.0 2008.07.20 -
Sunbelt 3.1.1536.1 2008.07.18 -
Symantec 10 2008.07.20 Hacktool.Rootkit
TheHacker 6.2.96.385 2008.07.19 Trojan/Agent.ajn
TrendMicro 8.700.0.1004 2008.07.18 -
VBA32 3.12.8.1 2008.07.20 Rootkit.Win32.Agent.ajn
VirusBuster 4.5.11.0 2008.07.19 -
Webwasher-Gateway 6.6.2 2008.07.20 Rootkit.Agent.ajn.8
Additional information
File size: 3411102 bytes
MD5...: 46d9fe7779137c2f8e7c8de68c777254
SHA1..: c7cf302c7767e2f5b9eb3a64286c7969e64d3ac1
SHA256: 7f6f05dc96c6f711ace173b91723f065d0ef4fb006e29f88f0eb388e709e3773
SHA512: eb79529e8d9fbb7721a79e4379e713e702454f3d87aaf8f4109da4c35ca67d38
8b9a0ae9ad72e6a1b039b3e2f45a90dc0e2020283051b9b0235630542639ab1e
PEiD..: -
PEInfo: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=16594E800016610846474FBE55CF7E00E1F39F03

Please submit to

Microsoft: http://support.microsoft.com/kb/921161/
Rising: http://sample.rising-global.com/webmail/upload_en.htm
McAfee ???
Spybot - Search & Destroy: ???
BitDefender: ???
AhnLab-V3: ???
DrWeb: ???
Comodo BOClean Anti-Malware 4.27 ??? (find nothing)
UnHackMe 4.8 Build 289 Beta ??? (find nothing)

How to get it away without installing another AV:
try but didn't found anything
Norman Malware Cleaner: Built 2008.07.07 http://download.norman.no/public/Norman_Malware_Cleaner.exe
or try: http://www.prevx.com/freescan.asp: http://pxnow.prevx.com/zeroL/PREVXCSIFREE.EXE
Symantec Online scan: http://security.symantec.com/sscv6/default.asp?langid=ge

Avast AV, Boot scan found under system config Rootkit during boot scan and removed it!

According to Prevx:
This executable program has a file size of 5,195,264 bytes, it is most frequently called 22_GUI_1.EXE in ed2k network: emule v0,49a v1.4.8.1 cracked.rar and is most frequently located in the %mai%\ folder.
This file is considered unsafe and is part of the malware group, BackDoor.Ntrootkit. It was first seen on Wednesday, May 7 2008. It has been seen frequently by 18 users in this section of the community. The file was first seen in SPAIN but has been seen in other locations, including The EUROPEAN UNION.
22_GUI_1.EXE has been seen to perform the following behavior:
- Can make outbound communication to other computers, IM chat rooms and other services using IRC protocols
22_GUI_1.EXE has been the subject of the following behavior:
- Deleted as a process from disk

2 comments:

Anonymous said...

Avast found this rootkit by bootup scan under sysprofile folder

Anonymous said...

UnhackMe does not find it!

Post a Comment