Web-Nexus defeats Microsoft and all Spyware programs

[Guest]

Hi,

It is really a shame that Web-Nexus is able to hide itself on Windows
operating system. A real security hole in Microsoft OS. I have 2 files that
participated in Web-Nexus 'work' on my computer as well as e-mail from them
with their uninstaller.
I can supply these files to Microsoft as well as send their email for
analysis.
I did supplied them to Ewido.
I also tracked this company (was originally called Qoologic and it has same
physical address in Bosnia) with the host in California.

It would be nice if Microsoft added 'supply file' feature to their Beta
tool...
If someone in Microsoft is interested in more details they can also look at
http://forums.spywareinfo.com/index...showtopic=57264&pid=330362&st=15&#entry330362

 

[Bill Sanderson]

If you want to zip your files up, password protect them with the password
"spyware" and send them to me, I can make sure Microsoft has access to them.
I'll pass on the URL you gave, as well.

Microsoft does have a process for collecting these samples. I don't have
any knowledge of what it is, but I can help out occasionally.

Use my posting email, but remove the last two dotted terms.

 

[Guest]

Thanks Bill,

Zips were sent.

I hope Microsoft will have cure soon for everybody affected.

 

[Bill Sanderson]

FWIW, in addition to passing these files on to Microsoft, I also submitted
two of them to virustotal (http://www.virustotal.com)

here's the result from one of the files:

You'll note that some of the "majors" - McAfee, Symantec, and AVG, are among
those not finding anything to be suspicious about. I didn't rename the file
to its original name--if it hadn't been detected, that would have been my
next step, but since some vendors did manage that....

I'll also submit this file to the beta for an antivirus product from the
same vendor as Microsoft Antispyware--they don't detect it either!
------------------------------------------------
This is a report processed by VirusTotal on 12/01/2005 at 01:18:14 (CET)
after scanning the file "pqwx.exeCommon_Startup" file.

Antivirus Version Update Result
AntiVir 6.32.0.6 11.30.2005 PCK/Morphine
Avast 4.6.695.0 11.29.2005 no virus found
AVG 718 11.29.2005 no virus found
Avira 6.32.0.6 11.30.2005 PCK/Morphine
BitDefender 7.2 12.01.2005 no virus found
CAT-QuickHeal 8.00 11.30.2005 (Suspicious) - DNAScan
ClamAV devel-20051108 11.29.2005 no virus found
DrWeb 4.33 11.30.2005 no virus found
eTrust-Iris 7.1.194.0 12.01.2005 Win32/Sdbot.228864!Worm
eTrust-Vet 11.9.1.0 11.30.2005 Win32.Qoologic.U
Fortinet 2.48.0.0 11.30.2005 PossibleThreat!01480
F-Prot 3.16c 11.30.2005 security risk named W32/Sdbot.CGU
Ikarus 0.2.59.0 11.30.2005 no virus found
Kaspersky 4.0.2.24 12.01.2005 no virus found
McAfee 4640 11.30.2005 no virus found
NOD32v2 1.1309 11.30.2005 a variant of Win32/TrojanDownloader.Qoologic
Norman 5.70.10 11.30.2005 W32/SDBot.VIG
Panda 8.02.00 11.30.2005 no virus found
Sophos 4.00.0 12.01.2005 no virus found
Symantec 8.0 12.01.2005 no virus found
TheHacker 5.9.1.046 11.29.2005 no virus found
VBA32 3.10.5 11.30.2005 Trojan-Downloader.Win32.Qoologic.ai