A virus?

  • Thread starter Rafal 'Raf256' Maj
  • Start date
R

Rafal 'Raf256' Maj

Hi,
my firewall had detected change of Md5 for my email client (TheBat).
I didn't upgrade etc. this program lately, so it's either a virus or HDD
malfuncion (rather the first).



http://www.raf256.com/tmp/__virus_!!!.zip


in this .zip are 2 versions of thebat.exe (version 1.61, cracked[1])
the file *_org.zip is a backup of .exe, and the *_bad.zip - is a file that
was modiffied (not by me).

Can anyone check this files ? Is there anything suspicies in them?



[1] Yes, it's a shame, I'm going to buy oryginal soon.
 
F

FromTheRafters

Rafal 'Raf256' Maj said:
(e-mail address removed)

Both files differ in only 1 point, byte 1E82B9 has value 2E, and should
have 2C.

So after all it can be a HDD malfuncion I guess (or a virus randomly
demaging bit's in files?)
Click to expand...

Yes, I suppose.

Perhaps an AV scan is in order.
 
N

null

Hi,
my firewall had detected change of Md5 for my email client (TheBat).
I didn't upgrade etc. this program lately, so it's either a virus or HDD
malfuncion (rather the first).

http://www.raf256.com/tmp/__virus_!!!.zip


in this .zip are 2 versions of thebat.exe (version 1.61, cracked[1])
the file *_org.zip is a backup of .exe, and the *_bad.zip - is a file that
was modiffied (not by me).

Can anyone check this files ? Is there anything suspicies in them?
Click to expand...

You should never make suspect files publically available even when
clealy labled. Use a good av product or two, and if they don't alert
then send the suspect files to your vendors for analysis.

Having said that, and at the risk of encouraging this sort of thing, I
did d/l and scan the zip with three good av scannners. None alerted.
But that doesn't mean there isn't some new malware in the files.

One thing you might have done is to separate the files so that each is
less than 1 meg in size so they can be uploaded and scanned at single
file upload av scanning sites listed here:

http://www.claymania.com/anti-virus.html


Art
http://www.epix.net/~artnpeg
 
D

David W. Hodgins

my firewall had detected change of Md5 for my email client (TheBat).
I didn't upgrade etc. this program lately, so it's either a virus or HDD malfuncion (rather the first).
Click to expand...

I haven't looked at your zip files, but I had a similar problem a
while ago. It turned out to be caused by having different versions
of the same dll in various directories. Which version would be used,
depended on which software was run first. I'm using the Agnitum
outpost firewall, and it kept reporting that my browser was a different
version. In my case, the culprit was mfc42.dll. I renamed all copies
of that file, changing the extension to .dlo, except the most recent,
which I moved to the %windir%\system directory. That cleared up the
problem on my system.

Regards, Dave Hodgins
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

New (?) virus being circulated via e-mail (Mytob or Mydoom) 4
Avast vs. AVG and Zip files 2
bad virus 106
Is NAV "Scan and Deliver" Fake? 9
Different packing = different scan results (remember Zlob posts?) 12
CryptoLocker virus 3
Possible virus discovery (in IE cache -> .hlp files) 8
Does this warning mean I am still infected (F secure) 1

Top