From: "Carel" <
[email protected]>
| Well the report came back from VirusTotal. Here it is. Thanks
|
| Virustotal
| Server response
|
| --------------------------------------------------------------------------------
|
| Results of a file scan
| This is a report processed by VirusTotal on 02/08/2006 at 22:02:27 (CET)
| after scanning the file "SGDB34.EXE" file.
| Antivirus Version ! Upda te Result
| AntiVir 6.33.0.81 02.08.2006 Heuristic/Backdoor.Generic
| Avast 4.6.695.0 02.07.2006 no virus found
| AVG 718 02.08.2006 no virus found
| Avira 6.33.0.81 02.08.2006 Heuristic/Backdoor.Generic
| BitDefender 7.2 02.08.2006 no virus found
| CAT-QuickHeal 8.00 02.08.2006 no virus found
| ClamAV devel-20060126 02.07.2006 no virus found
| DrWeb 4.33 02.08.2006 BACKDOOR.Trojan
| eTrust-InoculateIT 23.71.71 02.08.2006 no virus found
| eTrust-Vet 12.4.2071 02.08.2006 no virus found
| Ewido 3.5 02.07.2006 no virus found
| Fortinet 2.54.0.0 02.08.2006 no virus found
| F-Prot 3.16c 02.07.2006 no virus found
| Ikarus 0.2.59.0 02.08.2006 no virus found
| Kaspersky 4.0.2.24 02.08.2006 no virus found
| McAfee 4692 02.08.2006 no virus found
| NOD32v2 1.1400 02.08.2006 no virus found
| Norman 5.70.10 02.08.2006 no virus found
| Panda 9.0.0.4 02.08.2006 no virus found
| Sophos 4.02.0 02.08.2006 no virus found
| Symantec 8.0 02.08.2006 no virus found
| TheHacker 5.9.4.093 02.08.2006 no virus found
| UNA 1.83 02.08.2006 no virus found
| VBA32 3.10.5 02.08.2006 no virus found
|
OK thanx ! Only AntiVir/Avira (same AV engine) and DrWeb seem see that is a Backdoor
Trojan.
What I'd like you to do is re-name the file if possible, from; SGDB34.EXE to;
SGDB34.EXE.BAK
Then reboot the PC and submit it to Kaspersky. They are VERY quick to analyze the suspect
file and put out signatures for a given infector.
mailto:
[email protected]
The following is a Multi AV Scanning tool that contains AV scanners from; McAfee, Sophos,
Trend Micro and Kaspersky. None of which have to pre-exist on your PC. Even though none of
these are presently recognizing this suspect Backdoor Trojan, it would be a good idea to
scan the PC.
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.
http://www.ik-cs.com/multi-av.htm
* * * Please report back your results * * *