New Malware Samples for Andy Manchesta, Atribune, Derek and S!Ri

[Dieter]

Hi there

I was asked to do an upload here from http://forum.hijackthis.de/newreply.php?do=postreply&t=21990

Code:

C:\WINDOWS\iskd20q4u9.exe
Antivirus Version Update Result
AntiVir 7.3.1.38 03.02.2007  no virus found
Authentium 4.93.8 03.02.2007  no virus found
Avast 4.7.936.0 03.03.2007  no virus found
AVG 7.5.0.447 03.03.2007  no virus found
BitDefender 7.2 03.03.2007  no virus found
CAT-QuickHeal 9.00 03.02.2007  no virus found
ClamAV devel-20060426 03.03.2007  no virus found
DrWeb 4.33 03.03.2007 Win32.HLLM.Limar
eSafe 7.0.14.0 02.28.2007  no virus found
eTrust-Vet 30.6.3449 03.03.2007  no virus found
Ewido 4.0 03.03.2007  no virus found
FileAdvisor 1 03.03.2007  no virus found
Fortinet 2.85.0.0 03.03.2007  no virus found
F-Prot 4.3.1.45 03.03.2007  no virus found
F-Secure 6.70.13030.0 03.03.2007  no virus found
Ikarus T3.1.1.3 03.03.2007  no virus found
Kaspersky 4.0.2.24 03.03.2007  no virus found
McAfee 4975 03.02.2007  no virus found
Microsoft 1.2204 03.03.2007  no virus found
NOD32v2 2092 03.03.2007 Win32/Stration.XU
Norman 5.80.02 03.02.2007  no virus found
Panda 9.0.0.4 03.03.2007  no virus found
Prevx1 V2 03.03.2007  no virus found
Sophos 4.14.0 03.03.2007  no virus found
Sunbelt 2.2.907.0 03.01.2007  no virus found
Symantec 10 03.03.2007  no virus found
TheHacker 6.1.6.067 03.01.2007  no virus found
UNA 1.83 03.02.2007  no virus found
VBA32 3.11.2 03.03.2007 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.19:9 03.02.2007 no virus found


Aditional Information
File size: 45056 bytes
MD5: 5e8a358933ea02fc3d48861cad16d495
SHA1: a1d95673a1a522eca67a298135b0b8b610fbc408

n8k9730ic.dll
Antivirus Version Update Result
AntiVir 7.3.1.38 03.02.2007 WORM/Stration.Gen
Authentium 4.93.8 03.02.2007 Possibly a new variant of W32/Bongler-based
Avast 4.7.936.0 03.03.2007  no virus found
AVG 7.5.0.447 03.03.2007  no virus found
BitDefender 7.2 03.03.2007 Win32.Stration.Gen@mm
CAT-QuickHeal 9.00 03.02.2007  no virus found
ClamAV devel-20060426 03.03.2007  no virus found
DrWeb 4.33 03.03.2007 Win32.HLLM.Limar
eSafe 7.0.14.0 02.28.2007  no virus found
eTrust-Vet 30.6.3449 03.03.2007  no virus found
Ewido 4.0 03.03.2007  no virus found
FileAdvisor 1 03.03.2007  no virus found
Fortinet 2.85.0.0 03.03.2007  no virus found
F-Prot 4.3.1.45 03.03.2007 W32/Bongler-based
F-Secure 6.70.13030.0 03.03.2007  no virus found
Ikarus T3.1.1.3 03.03.2007 Email-Worm.Win32.Warezov.p
Kaspersky 4.0.2.24 03.03.2007  no virus found
McAfee 4975 03.02.2007  no virus found
Microsoft 1.2204 03.03.2007 Trojan:Win32/Stration.A!dll
NOD32v2 2092 03.03.2007 Win32/Stration.XU
Norman 5.80.02 03.02.2007  no virus found
Panda 9.0.0.4 03.03.2007  no virus found
Prevx1 V2 03.03.2007  no virus found
Sophos 4.14.0 03.03.2007  no virus found
Sunbelt 2.2.907.0 03.01.2007  no virus found
Symantec 10 03.03.2007 W32.Stration@mm
TheHacker 6.1.6.067 03.01.2007  no virus found
UNA 1.83 03.02.2007  no virus found
VBA32 3.11.2 03.03.2007 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.19:9 03.02.2007 no virus found


Aditional Information
File size: 57344 bytes
MD5: a1b35449ef0766afb2de47af88413bf7
SHA1: b2bb8105ab4187a85d3f77d4e76fedd9946cb2dc

File:  n8k9730ic.dll 
Status:  INFECTED/MALWARE
MD5  a1b35449ef0766afb2de47af88413bf7 
Packers detected:  -

Scan taken on 03 Mar 2007 13:25:32 (GMT) 
AntiVir  Found WORM/Stration.Gen 
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found Win32.Stration.Gen@mm 
ClamAV  Found nothing
Dr.Web  Found Win32.HLLM.Limar 
F-Prot Antivirus  Found Possibly a new variant of W32/Bongler-based 
F-Secure Anti-Virus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found Win32/Stration.XU 
Norman Virus Control  Found nothing
Panda Antivirus  Found nothing
VirusBuster  Found nothing
VBA32  Found MalwareScope.Worm.Warezov.1

i57ff9ieo.dll
Antivirus Version Update Result
AntiVir 7.3.1.38 03.02.2007 WORM/Stration.Gen
Authentium 4.93.8 03.02.2007 Possibly a new variant of W32/Bongler-based
Avast 4.7.936.0 03.03.2007  no virus found
AVG 7.5.0.447 03.03.2007  no virus found
BitDefender 7.2 03.03.2007 Win32.Stration.Gen@mm
CAT-QuickHeal 9.00 03.02.2007  no virus found
ClamAV devel-20060426 03.03.2007  no virus found
DrWeb 4.33 03.03.2007 Win32.HLLM.Limar
eSafe 7.0.14.0 02.28.2007  no virus found
eTrust-Vet 30.6.3449 03.03.2007  no virus found
Ewido 4.0 03.03.2007  no virus found
FileAdvisor 1 03.03.2007  no virus found
Fortinet 2.85.0.0 03.03.2007  no virus found
F-Prot 4.3.1.45 03.03.2007 W32/Bongler-based
F-Secure 6.70.13030.0 03.03.2007  no virus found
Ikarus T3.1.1.3 03.03.2007  no virus found
Kaspersky 4.0.2.24 03.03.2007  no virus found
McAfee 4975 03.02.2007  no virus found
Microsoft 1.2204 03.03.2007 Trojan:Win32/Stration.A!dll
NOD32v2 2092 03.03.2007 Win32/Stration.XU
Norman 5.80.02 03.02.2007  no virus found
Panda 9.0.0.4 03.03.2007  no virus found
Prevx1 V2 03.03.2007  no virus found
Sophos 4.14.0 03.03.2007  no virus found
Sunbelt 2.2.907.0 03.01.2007  no virus found
Symantec 10 03.03.2007 W32.Stration@mm
TheHacker 6.1.6.067 03.01.2007  no virus found
UNA 1.83 03.02.2007  no virus found
VBA32 3.11.2 03.03.2007 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.19:9 03.02.2007 no virus found


Aditional Information
File size: 65536 bytes
MD5: e0f9ee7f4f4521c04b9e56df7a8ef1cb
SHA1: e0b8c5bf7862b596d9a422fd3f9bf6f8d0ffad68

File:  i57ff9ieo.dll 
Status:  INFECTED/MALWARE 
MD5  e0f9ee7f4f4521c04b9e56df7a8ef1cb 
Packers detected:  -

Scan taken on 03 Mar 2007 13:28:58 (GMT) 
AntiVir  Found WORM/Stration.Gen 
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found Win32.Stration.Gen@mm 
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
F-Secure Anti-Virus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
Panda Antivirus  Found nothing
VirusBuster  Found nothing
VBA32  Found nothing

C:\WINDOWS\sscrs.exe
Antivirus Version Update Result
AntiVir 7.3.1.38 03.02.2007 WORM/Stration.Gen
Authentium 4.93.8 03.02.2007  no virus found
Avast 4.7.936.0 03.03.2007  no virus found
AVG 7.5.0.447 03.03.2007 I-Worm/Stration.CHA
BitDefender 7.2 03.03.2007 Win32.Stration.Gen@mm
CAT-QuickHeal 9.00 03.02.2007  no virus found
ClamAV devel-20060426 03.03.2007  no virus found
DrWeb 4.33 03.03.2007 Win32.HLLM.Limar
eSafe 7.0.14.0 02.28.2007 suspicious Trojan/Worm
eTrust-Vet 30.6.3449 03.03.2007  no virus found
Ewido 4.0 03.03.2007  no virus found
FileAdvisor 1 03.03.2007  no virus found
Fortinet 2.85.0.0 03.03.2007  no virus found
F-Prot 4.3.1.45 03.03.2007  no virus found
F-Secure 6.70.13030.0 03.03.2007  no virus found
Ikarus T3.1.1.3 03.03.2007  no virus found
Kaspersky 4.0.2.24 03.03.2007  no virus found
McAfee 4975 03.02.2007  no virus found
Microsoft 1.2204 03.03.2007  no virus found
NOD32v2 2092 03.03.2007 Win32/Stration.XU
Norman 5.80.02 03.02.2007  no virus found
Panda 9.0.0.4 03.03.2007  no virus found
Prevx1 V2 03.03.2007 Worm.Warezov.Gen
Sophos 4.14.0 03.03.2007  no virus found
Sunbelt 2.2.907.0 03.01.2007  no virus found
Symantec 10 03.03.2007  no virus found
TheHacker 6.1.6.067 03.01.2007  no virus found
UNA 1.83 03.02.2007  no virus found
VBA32 3.11.2 03.03.2007 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.19:9 03.02.2007 no virus found

File:  sscrs.exe 
Status:  INFECTED/MALWARE
MD5  af29a94815cc4001941f6a8271cfc701 
Packers detected:  PE_PATCH.UPX, UPX

Scan taken on 03 Mar 2007 13:40:46 (GMT) 
AntiVir  Found WORM/Stration.Gen 
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found I-Worm/Stration.CHA 
BitDefender  Found Win32.Stration.Gen@mm 
ClamAV  Found nothing
Dr.Web  Found Win32.HLLM.Limar 
F-Prot Antivirus  Found nothing
F-Secure Anti-Virus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found Win32/Stration.XU 
Norman Virus Control  Found nothing
Panda Antivirus  Found nothing
VirusBuster  Found nothing
VBA32  Found MalwareScope.Worm.Warezov.1

Thank you very much
/ Dieter

[attachment deleted by admin]

[Would you do all this for nothing?]

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware has become so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you. In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

The reason I run this site is to raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the paypal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running

To donate via paypal when the button doesn't appear or the link doesn't work: just go to www.paypal.com or your country's paypal log in page and chose send money and use help@thehedgehog.co.uk as recipient email address and select other service as the option. then follow prompts

[Information]

  
  Information
   Security & Protection Blog
   Prevention
   Using Autoruns
     System Restore
  Rss feeds
     Microsoft at Home
     MSRC
     Malware blog

Take the Kaspersky Challenge: See what your current antivirus is missing. Our free online virus scanner is a great way to find out if you have any viruses or spyware on your machine without having to uninstall your current antivirus software or install a new one.

Kaspersky Online Scanner

Most importantly, you can see what viruses your current antivirus software let slip through! Now works with ANY Java enabled browser