my_70032.exe [md5:5b41fc]

mofunzone

File:	my_70032.exe
Status:	INFECTED/MALWARE
MD5:	5b41fc488236c3118605b779b6e1bc7b
Packers detected:	-
Bit9 reports:	File not found
Scanner results
Scan taken on 04 Sep 2007 05:35:11 (GMT)
A-Squared	Found  nothing
AntiVir	Found HEUR/Malware
ArcaVir	Found  nothing
Avast	Found Win32:Agent-JRJ
AVG Antivirus	Found  nothing
BitDefender	Found  nothing
ClamAV	Found  nothing
CPsecure	Found  nothing
Dr.Web	Found  nothing
F-Prot Antivirus	Found  nothing
F-Secure Anti-Virus	Found  nothing
Fortinet	Found  nothing
Kaspersky Anti-Virus	Found  nothing
NOD32	Found  nothing
Norman Virus Control	Found  nothing
Panda Antivirus	Found  nothing
Rising Antivirus	Found  nothing
Sophos Antivirus	Found Mal/Behav-125
VirusBuster	Found  nothing
VBA32	Found  nothing

1688388728

联网.

残缺的唯美

--> my_70032.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      A backup was created as '473bf1f5.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!

wanglaoban

virustotal.com

File my_70032.exe received on 09.04.2007 07:49:02 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.9.1.0 2007.09.03 -
AntiVir 7.4.1.66 2007.09.03 HEUR/Malware
Authentium 4.93.8 2007.09.04 -
Avast 4.7.1029.0 2007.09.03 Win32:Agent-JRJ
AVG 7.5.0.485 2007.09.03 -
BitDefender 7.2 2007.09.04 -
CAT-QuickHeal 9.00 2007.09.03 -
ClamAV 0.91.2 2007.09.04 -
DrWeb 4.33 2007.09.03 -
eSafe 7.0.15.0 2007.09.03 -
eTrust-Vet 31.1.5105 2007.09.03 -
Ewido 4.0 2007.09.03 -
FileAdvisor 1 2007.09.04 -
Fortinet 3.11.0.0 2007.09.04 -
F-Prot 4.3.2.48 2007.09.04 -
F-Secure 6.70.13030.0 2007.09.04 -
Ikarus T3.1.1.12 2007.09.04 Virus.Win32.QQHelper.BF
Kaspersky 4.0.2.24 2007.09.04 -
McAfee 5111 2007.09.03 -
Microsoft 1.2803 2007.09.04 TrojanDownloader:Win32/QQHelper.N
NOD32v2 2501 2007.09.03 -
Norman 5.80.02 2007.09.03 -
Panda 9.0.0.4 2007.09.04 Suspicious file
Prevx1 V2 2007.09.04 -
Rising 19.39.11.00 2007.09.04 -
Sophos 4.21.0 2007.09.04 Mal/Behav-125
Sunbelt 2.2.907.0 2007.08.31 -
Symantec 10 2007.09.04 -
TheHacker 6.1.9.177 2007.09.04 -
VBA32 3.12.2.3 2007.09.03 -
VirusBuster 4.3.26:9 2007.09.03 -
Webwasher-Gateway 6.0.1 2007.09.04 Heuristic.Malware

wanglaoban

log:

c:\documents and settings\user\desktop\my_70032.exe
%userprofile%\desktop\my_70032.exe
%windir%\system32\drivers\fss6aq.sys
%windir%\system32\gqr2t2p.dll
%windir%\system32\drivers\pi6q.sys
%homedrive%%homepath%\local settings\temporary internet files\content.ie5\s81se5tl\mminstall[1]
%homedrive%%homepath%\local settings\temp\tempaq
:HKLM\system\currentcontrolset\services\fss6aq\"setonce"=""
:HKLM\software\microsoft\ie4\"main"=""

delete them!

timhas266

Start of the scan: Tuesday, 4 September, 2007  18:55

Starting the file scan:

Begin scan in 'C:\Documents and Settings\tim\桌面\my_70032.rar'
C:\Documents and Settings\tim\桌面\my_70032.rar
  [0] Archive type: RAR
  --> my_70032.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      A backup was created as '473c3a22.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!

小邪邪

AVK报了

微点卫士

微点：
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\MY_70032.EXE
协议类型:TCP
本地地址:0.0.0.0
本地端口:3527
远端地址:58.211.7.25(江苏·苏州)
远端端口:80
木马名称:Trojan.Win32.Genetik.cal

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\SN0JEFMB\MMINSTALL[1]
是木马程序!
已成功阻止其运行,是否要删除此文件?
木马名称:Trojan.Win32.Genetik.cal

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TEMPAQ
是木马程序!
已成功阻止其运行,是否要删除此文件?
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\MY_70032.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TEMPAQ
是否删除木马程序及其衍生物?

uhthn2002

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Paranoia Database - 2759
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\my_70032.exe

C:\Documents and Settings\uhthn\Desktop\my_70032.exe - Suspicious of Trojan-Downloader.Small.2

1 Files scanned
0 Infected files found
1 Suspicious files found
0 Files cured
0 Files deleted