Its this clean??

ShadownN · 03/05/2007, 18:39

well as the name thread says its this file clean... thanks

here its he scan but im not sure [img]text2schild.php?smilienummer=1&text=Still a noob ^^' border='0' alt='Still a noob ^^' />

Quote:

ESTADO: FINALIZADOEste es el resultado completo de analizar el archivo "Conquer_Partner.rar" que VirusTotal ha recibido el día 05.03.2007 a las 18:09:58 (CET).

Antivirus Version Actualización Resultado
AntiVir 7.3.1.38 05.03.2007 HEUR/Crypted
Authentium 4.93.8 04.03.2007* no ha encontrado virus
Avast 4.7.936.0 03.03.2007* no ha encontrado virus
AVG 7.5.0.447 05.03.2007* no ha encontrado virus
BitDefender 7.2 05.03.2007* no ha encontrado virus
CAT-QuickHeal 9.00 05.03.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 05.03.2007* no ha encontrado virus
DrWeb 4.33 05.03.2007* no ha encontrado virus
eSafe 7.0.14.0 05.03.2007 Win32.Polipos.sus
eTrust-Vet 30.6.3455 05.03.2007* no ha encontrado virus
Ewido 4.0 05.03.2007* no ha encontrado virus
FileAdvisor 1 05.03.2007* no ha encontrado virus
Fortinet 2.85.0.0 05.03.2007 suspicious
F-Prot 4.3.1.45 04.03.2007* no ha encontrado virus
F-Secure 6.70.13030.0 05.03.2007* no ha encontrado virus
Ikarus T3.1.1.3 05.03.2007 Trojan-Downloader.Win32.Agent.ala
Kaspersky 4.0.2.24 05.03.2007* no ha encontrado virus
McAfee 4975 02.03.2007* no ha encontrado virus
Microsoft 1.2204 05.03.2007* no ha encontrado virus
NOD32v2 2096 05.03.2007* no ha encontrado virus
Norman 5.80.02 05.03.2007* no ha encontrado virus
Panda 9.0.0.4 05.03.2007 Suspicious file
Prevx1 V2 05.03.2007* no ha encontrado virus
Sophos 4.14.0 03.03.2007* no ha encontrado virus
Sunbelt 2.2.907.0 01.03.2007 VIPRE.Suspicious
Symantec 10 05.03.2007* no ha encontrado virus
TheHacker 6.1.6.069 05.03.2007* no ha encontrado virus
UNA 1.83 02.03.2007* no ha encontrado virus
VBA32 3.11.2 03.03.2007* no ha encontrado virus
VirusBuster 4.3.19:9 05.03.2007 no ha encontrado virus

Información adicional
Tamaño archivo: 441155 bytes
MD5: ee9e4a321dcf03af40a71ba32013829e
SHA1: 9e5a773a7cb270fb8a5b3fd21f421ccf6546b06f
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

*Edit - Download Link removed by a1blaster*

Reelle · 03/05/2007, 18:47

Ich würd schon sagen meistens sind es immer so 2-3 engins die sagen es ist ein Trojaner, Virus etc drin,
aber die meisten engins sagen nunmal nein also...

Nein es ist keiner drin meiner meinung nach bzw das file ist "clean".

Auf eigene Gefahr

lg Reelle

ShadownN · 03/05/2007, 19:04

I dont speak german

S.A.L.O.M.O.N. · 03/05/2007, 19:14

its a trojan downloader , so it probably would download some trojan , but it have not to be , but its possible

Reelle · 03/05/2007, 19:20

kann natürlich sein, weiß net so genau bin jetzt nur mal von deinem scan ausgegangen...

//

that could be, i don't know i've only analysed your scan...

ShadownN · 03/05/2007, 19:22

jejejej lol thanks..i gonna need more scans....

L3r0y~J3nk1n$ · 03/05/2007, 20:16

This is the one posted by Childish which, according to the thread that was closed, no longer works. Why make a new thread about it?

ShadownN · 03/05/2007, 22:43

im gonna try on spanish server.... and let u know if its work

a1blaster · 03/06/2007, 00:35

Here's my scan of the files in your Conquer_Partner.rar>>>

tqProgram.exe>>>

Quote:

Complete scanning result of "tqProgram.exe", received in VirusTotal at 03.05.2007, 23:59:09 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.38 03.05.2007 HEUR/Crypted
Authentium 4.93.8 03.05.2007 no virus found
Avast 4.7.936.0 03.05.2007 no virus found
AVG 7.5.0.447 03.05.2007 no virus found
BitDefender 7.2 03.05.2007 no virus found
CAT-QuickHeal 9.00 03.05.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 03.05.2007 no virus found
DrWeb 4.33 03.05.2007 no virus found
eSafe 7.0.14.0 03.05.2007 Win32.Polipos.sus
eTrust-Vet 30.6.3455 03.05.2007 no virus found
Ewido 4.0 03.05.2007 no virus found
FileAdvisor 1 03.06.2007 no virus found
Fortinet 2.85.0.0 03.05.2007 suspicious
F-Prot 4.3.1.45 03.04.2007 no virus found
F-Secure 6.70.13030.0 03.05.2007 no virus found
Ikarus T3.1.1.3 03.05.2007 Trojan-Downloader.Win32.Agent.ala
Kaspersky 4.0.2.24 03.05.2007 no virus found
McAfee 4976 03.05.2007 no virus found
Microsoft 1.2204 03.05.2007 no virus found
NOD32v2 2097 03.05.2007 no virus found
Norman 5.80.02 03.05.2007 no virus found
Panda 9.0.0.4 03.05.2007 Suspicious file
Prevx1 V2 03.06.2007 no virus found
Sophos 4.15.0 03.05.2007 no virus found
Sunbelt 2.2.907.0 03.05.2007 VIPRE.Suspicious
Symantec 10 03.05.2007 no virus found
TheHacker 6.1.6.069 03.05.2007 no virus found
UNA 1.83 03.05.2007 no virus found
VBA32 3.11.2 03.05.2007 no virus found
VirusBuster 4.3.19:9 03.05.2007 no virus found

Aditional Information
File size: 118784 bytes
MD5: 0591ae32ee771c1ededed2c04e2db2e3
SHA1: 0b6ec44bb8d4bcd6dde9a1135a455c42433f6f50
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

ServerEmulator.exe>>>

Quote:

Complete scanning result of "ServerEmulator.exe", received in VirusTotal at 03.05.2007, 23:59:36 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.38 03.05.2007 no virus found
Authentium 4.93.8 03.05.2007 no virus found
Avast 4.7.936.0 03.05.2007 no virus found
AVG 7.5.0.447 03.05.2007 no virus found
BitDefender 7.2 03.05.2007 no virus found
CAT-QuickHeal 9.00 03.05.2007 no virus found
ClamAV devel-20060426 03.05.2007 no virus found
DrWeb 4.33 03.05.2007 no virus found
eSafe 7.0.14.0 03.05.2007 no virus found
eTrust-Vet 30.6.3455 03.05.2007 no virus found
Ewido 4.0 03.05.2007 no virus found
FileAdvisor 1 03.06.2007 no virus found
Fortinet 2.85.0.0 03.05.2007 no virus found
F-Prot 4.3.1.45 03.04.2007 no virus found
F-Secure 6.70.13030.0 03.05.2007 no virus found
Ikarus T3.1.1.3 03.05.2007 no virus found
Kaspersky 4.0.2.24 03.05.2007 no virus found
McAfee 4976 03.05.2007 no virus found
Microsoft 1.2204 03.05.2007 no virus found
NOD32v2 2097 03.05.2007 no virus found
Norman 5.80.02 03.05.2007 no virus found
Panda 9.0.0.4 03.05.2007 no virus found
Prevx1 V2 03.06.2007 no virus found
Sophos 4.15.0 03.05.2007 no virus found
Sunbelt 2.2.907.0 03.05.2007 no virus found
Symantec 10 03.05.2007 no virus found
TheHacker 6.1.6.069 03.05.2007 no virus found
UNA 1.83 03.05.2007 no virus found
VBA32 3.11.2 03.05.2007 no virus found
VirusBuster 4.3.19:9 03.05.2007 no virus found

Aditional Information
File size: 768000 bytes
MD5: 5b52a04a8e92aea56a9128e4e358f837
SHA1: a43727d6d7dfcc0cc9f514c29a1b919efec8b39c

Copy from McAfee about Trojan-Downloader.Win32.Agent.ala>>>

Quote:

Overview -
Downloader establishes internet connections without user?s knowledge with the remote websites and downloads the malicious content in to the user system.

Aliases
Trojan-Downloader.Win32.Agent.ala (Kaspersky)
Trojan.DownLoader.3945 (Doctor Web)

Characteristics -

Downloaders are designed to pull files from a remote website and execute the files that have been downloaded.

It is trivial for the malware author to modify the Downloader to refer to a different website or web address. Therefore, it is not possible to guarantee which website and/or port is being communicated with.

Also, as the website being communicated with is normally controlled by the malware author, any files being downloaded can be remotely modified and the behaviour of these new binaries altered - possibly with every user infection.

Upon execution it makes internet connection in the background with ?[Removed].com? and downloads some files without user?s knowledge.

Following files are added:

ftuninst.exe (Detected as Adware-LinkMaker) ssec.exe (Detected as Loader-B) tfthot.exe (Detected as Adware-LinkMaker.dldr) gbe90qs.exe (Detected as Adware-LinkMaker.dldr) mptft.exe (Detected as Adware-LinkMaker) nr1rnqm8.exe ssn6tuu.exe (Detected as Adware-LinkMaker.dldr) x3cqp0.dll (Detected as Adware-LinkMaker)The following registry entries are added in order to run the trojan on the system startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft&#0 92;Windows\
CurrentVersion\Run "ftexc" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft&#0 92;Windows\
CurrentVersion\Run "Hhl7RfpJ"It adds the following Browser Helper Objects for the Interent Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft&#0 92;Windows\
CurrentVersion\Explorer\Browser Helper Objects\
{AE0ECC2F-0C33-494C-8B22-B57A7763027F} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft&#0 92;Windows\
CurrentVersion\Explorer\Browser Helper Objects\
{E5E2A3E7-00FE-4D31-A030-A10799DDCA66}Browser Helper Objects are executable files that are loaded when the browser is launched. They can perform various tasks, such as generating extra pop-up ads, monitoring page navigation, etc

It also adds the following registry entries

HKEY_CLASSES_ROOT\CLSID\
{AE0ECC2F-0C33-494C-8B22-B57A7763027F} HKEY_CLASSES_ROOT\CLSID\
{DA28E0DB-229C-4003-827E-96AE15AD90FB} HKEY_CLASSES_ROOT\Fseytdc.Ariaqudok HKEY_CLASSES_ROOT\Fseytdc.Ariaqudok.1 HKEY_CLASSES_ROOT\Fseytdc.Yvakt HKEY_CLASSES_ROOT\Fseytdc.Yvakt.1 HKEY_CLASSES_ROOT\Interface\
{34E97B51-AB15-419B-96D1-1B2469659004} HKEY_CLASSES_ROOT\TypeLib\
{1EA4DBF0-3C3B-11CF-810C-00AA00389B71} HKEY_CLASSES_ROOT\TypeLib\
{5769647E-6937-4390-BC5A-F5A986CAA1F2}

Symptoms -

Presence of aforementioned files and registry entries

Method of Infection -

Downloaders are not viruses, and as such do not themselves contain any method to replicate. However they may themselves be downloaded by other viruses and/or Trojans to be installed on the user's system.

Many of these additionally are mass spammed by the author to entice people into double-clicking on them.

Alternatively they may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the Downloader onto the user's system with no user interaction.

ShadownN · 03/06/2007, 02:11

lol so its bad tanks a1blaster ^^