Jump to content


Photo

What exactly is this...


  • Please log in to reply
1 reply to this topic

#1 numblocke

numblocke

    Member

  • Full Member
  • Pip
  • 1 posts

Posted 17 February 2007 - 05:20 AM

Okay so i caught myself some pretty nasty viruses (had to use ewido, nod 32, ksky, vundofix, ad-aware, and process explorer to get em all) and the last one that i removed / noticed was a DLL being loaded into my explorer.exe process. naturally i couldn't do much without a reboot (i deleted its autorun string in my registry, and my startup (using ewido for the later) and after i rebooted I insta restarted explorer opened process explorer, suspended the .dll and copied it to my read only quarantine folder.

here is the file i was left with:
File information:
spujgcjr.dll
size: 116kb

the threadlist was pretty interesting, but ill let you guys decide on it... not my forte, i just program in delphi ><
link: http://www.speedysha.../532995952.html

#2 random/random

random/random

    Member

  • Security Colleague
  • Pip
  • 57 posts

Posted 17 February 2007 - 02:42 PM

Its vundo, jotti results:

AntiVir
Found ADSPY/Virtumonde.FT adware
ArcaVir
Found Adware.Virtumonde.Ft
Avast
Found Win32:Adware-gen.
AVG Antivirus
Found Generic.SKU
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found Trojan.Virtumod
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found not-a-virus:AdWare.Win32.Virtumonde.ft (4, 1, 400)
Fortinet
Found nothing
Kaspersky Anti-Virus
Found not-a-virus:AdWare.Win32.Virtumonde.ft
NOD32
Found Win32/Adware.Virtumonde.FT application
Norman Virus Control
Found W32/Virtumonde.TM
VirusBuster
Found Adware.Virtumonde.BL
VBA32
Found Adware.Virtumonde




Member of UNITE
Support SpywareInfo Forum - click the button