Archive for the 'Ikarus' Category

SC2ALLin1.exe

Don’t be confused with the file SC2ALLin1.exe. According to the samples we received these days SC2ALLin1.exe is a maleware. We advice you remove SC2ALLin1.exe virus for safe use.
SC2ALLin1.exe sample submitted on 2010-08-12 and identified as a threat.
Alias:
Threat File:SC2ALLin1.exe
Submit time:2010-08-12
Excute time:3 min 8 sec
Level of Spread:6
Level of Threat:2
type:BDS/Hupigon
Filesize:12K Bytes
230K Bytes
12K Bytes
Files type
SC2ALLin1.exe is Windows exe file.
MD5:ocbONI5l6PEIrDMyPJB775qLt81jR17G

Latest Infected Maleware file report on 20100806

spkqapkq.exe; smd28md2.exe; cwki.exe; sysconfig32.exe; svostis.exe; svcspilt.dll; sigqwwoz.exe; rjuxel.exe; okuhosozi.dll; mhizua.exe; 63204.exe; tnajyc.exe; wpv901280736710.exe; wingxpyj.exe; wc936b.exe; msdrv32i.exe; cwki.exe; svostis.exe; sigqwwoz.exe; okokof.exe; nlyhub.exe; mhizua.exe; tss.exe; zsnkstm.exe; zce.exe; yahon.exe; woodouvon.exe; sewu.exe; scthost.exe; nodabc.exe; jdkqke.exe; hmxutil6x.exe; heloor.exe; collect7.cmd; alternative.exe; 9c09cc.exe; kill.bat; 78f5af.exe; zce.exe; woodouvon.exe; csrss.exe; wfc.exe; sewu.exe; pouhouj.exe; jdkqke.exe; heloor.exe; ezsharedsvchost.exe; vv7bb174.exe; ayojzp.exe;

Trojan-Downloader.Win32.Murlo.gwh

Trojan-Downloader.Win32.Murlo.gwh is one type of Trojan-Downloader.Win32 virus.
Threat Name: Trojan-Downloader.Win32.Murlo.gwh
Spread Method:
USB Disk
Instant Message(MSN,Gtalk,QQ etc.)
USB Disk
Threat type:Trojan-Downloader.Win32
Trojan-Downloader.Win32.Murlo.gwh first detected:2010-08-05
Virus file known is driver file *.sys written in C
File Size:280K Bytes.
Behavior:Unknow behavior
Level of Spread:6
Level of Threat:4
Reported Path:E:\Documents and Settings\[Users]\Local Settings\Temp\
MD5:6P118fAi1t826041y5KkfF0IlTXhsJuM
SHA1..:Yx4KG2i5M78O63V40Ys62nJq7cg5br7uH8TSOO5R

amping.exe

We received the file amping.exe samples these days. It’s a maleware file and we advise you remove amping.exe virus file. The file detected result is according to the amping.exe sample, not mean all the amping.exe is virus. You may send us the amping.exe sample for detect.
amping.exe sample submitted on 2010-07-29 and identified as a threat.
Alias:
Threat [...]

msyuv.dll

Don’t worry about the msyuv.dll virus file. Here is the whole description of the msyuv.dll file. It will tell you what is msyuv.dll and how to remove msyuv.dll virus file.
msyuv.dll sample submitted on 2010-07-25 and identified as a threat.
Alias:
Threat File:msyuv.dll
Submit time:2010-07-25
Excute time:9 min 43 sec
Level of Spread:4
Level of Threat:6
type:AntivirusXPPro
Filesize:71K Bytes
Files type
msyuv.dll is a A dynamic-link [...]

kristal.exe

kristal.exe was detected as maleware and is a trojan-backdoor according to the samples we received. Following is the description of the kristal.exe virus.
kristal.exe sample submitted on 2010-07-09 and identified as a threat.
Alias:
Threat File:kristal.exe
Submit time:2010-07-09
Excute time:5 min 20 sec
Level of Spread:1
Level of Threat:4
type:Win32:Rootkit
Filesize:32K Bytes
Files type
kristal.exe is Windows exe file.
MD5:GSR210hCk270I71P206nmhH1KowA3ul8

Trojan.VBS.Agent.ii

Trojan.VBS.Agent.ii
Threat Name: Trojan.VBS.Agent.ii
Spread Method:
Hacked Website
E-Mail
Threat type:Trojan.VBS
Trojan.VBS.Agent.ii first detected:2010-06-08
Virus file known is driver file *.sys written in C
File Size:217K Bytes.
Behavior:Usualy created by unsafe process
Level of Spread:5
Level of Threat:3
Reported Path:D:\Winnt\
MD5:04kmItHkh37h4p4fS101slRb8YNyEg18
SHA1..:KU67jcis5QX5V8U4UM34b6y32ho2M5L1lVBD6350

dighook.dll

Do you know what is dighook.dll and how to remove dighook.dll.
dighook.dll sample submitted on 2010-04-24 and identified as a threat.
Alias:
Threat File:dighook.dll
Submit time:2010-04-24
Excute time:1 min 55 sec
Level of Spread:5
Level of Threat:1
type:Win32.Virtob
Filesize:90K Bytes
Files type
dighook.dll is a A dynamic-link library,which acts as a shared library of functions.
MD5:7i2utpV6AvloxjsfwQi0CW8s0D45YK0M

0041.dll

0041.dll
0041.dll sample submitted on 2010-04-23 and identified as a threat.
Alias:
Threat File:0041.dll
Submit time:2010-04-23
Excute time:10 min 57 sec
Level of Spread:4
Level of Threat:5
type:TR/Crypt.CFI
Filesize:8K Bytes
18652K Bytes
1K Bytes
Files type
0041.dll is a A dynamic-link library,which acts as a shared library of functions.
MD5:npLwk4k4A45s5jwH12vou10Dq0H320nx

trojan.win32.monder.deuf

trojan.win32.monder.deuf
Threat Name: trojan.win32.monder.deuf
Spread Method:
Instant Message(MSN,Gtalk,QQ etc.)
External Storage Device (USB Device etc.)
Registry Value Creation
Threat type:trojan.win32
trojan.win32.monder.deuf first detected:2010-04-22
Virus file known is PE EXE file written in C++
File Size:122K Bytes.
Behavior:sends a request to IP address
Level of Spread:6
Level of Threat:4
Reported Path:
c:\windows\system32\juhiruma.dll
c:\windows\system32\giyesewu.dll
c:\windows\system32\fatenuva.dll
dalopije.dll
C:\Program Files\adc32.dll
c:\windows\system32\zawibavu.dll
c:\windows\system32\yutegeve.dll
c:\windows\system32\wonupago.dll
‘HKEY_LOCAL_MACHINE’,’Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad’,’hotanaduy
‘HKEY_LOCAL_MACHINE’,’Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad’,’huwokiyud
‘HKEY_LOCAL_MACHINE’,’Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad’,’selurosil
‘HKEY_LOCAL_MACHINE’,’Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad’,’siniyezij
‘HKEY_LOCAL_MACHINE’,’SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler’,’{13e72d96-dcf8-4b0c-adf9-bbf18a8a8573}
‘HKEY_LOCAL_MACHINE’,’SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler’,’{0a5bb9ce-70d9-4d46-af8d-821b3f343132}
‘HKEY_LOCAL_MACHINE’,’SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler’,’{cb8e52d6-b08d-4612-9869-ed3c1fa837c8}
‘HKEY_LOCAL_MACHINE’,’SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler’,’{79c589e5-02be-4dfb-a4f8-980f56c78e6b}
‘HKEY_LOCAL_MACHINE’,’Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad’,’hagabeyol
‘HKEY_LOCAL_MACHINE’,’Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad’,’yuhidadil
‘HKEY_LOCAL_MACHINE’,’Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad’,’zuteyinat
‘HKEY_LOCAL_MACHINE’,’Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad’,’rapagoset
‘HKEY_LOCAL_MACHINE’,’SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler’,’{fb0397f4-f276-490d-8ab4-88b8b90d3715}
‘HKEY_LOCAL_MACHINE’,’SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler’,’{a12a8a8b-68e4-49e0-a5ed-137a9f47c43a}
‘HKEY_LOCAL_MACHINE’,’SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler’,’{5613f67d-24f7-4b31-be67-57c1cd82fe22}
c:\windows\system32\hagebuzi.dll
‘HKEY_LOCAL_MACHINE’,’Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad’,’mufijaked
‘HKEY_LOCAL_MACHINE’,’Software\Microsoft\Windows\CurrentVersion\Run’,’bodufoleb
c:\windows\system32\dobafigi.dll
C:\WINDOWS\system32\vuwiyane.dll
C:\Program Files\svchost.exe
c:\windows\system32\gugadobe.dll
MD5:UtH20iEl280K7FR307oniJ1MpxC3vm8p
SHA1..:dcOOJ3m7QY0sWNyQDC773qMu82kS17A8l1wWrR7U