I would try to share what I have learnt
Virus Found – Possible Threat “Trojan.Zlob” Undetected in many front line scanner
Once again I have stumbled upon a Possible threat (Trajan Downloader) which is not detected by big guns like Kaspersky / NOD32 (v2 and Beta v3) / Norton / BitDiffender.
| File run.exe received on 10.29.2007 11:56:59 (CET) | |||
| Antivirus | Version | Last Update | Result |
| AhnLab-V3 | 2007.10.27.0 | 2007.10.29 | - |
| AntiVir | 7.6.0.30 | 2007.10.29 | TR/Dldr.Zlob.dwf |
| Authentium | 4.93.8 | 2007.10.28 | - |
| Avast | 4.7.1074.0 | 2007.10.28 | Win32:Zlob-AFG |
| AVG | 7.5.0.503 | 2007.10.28 | Downloader.Zlob |
| BitDefender | 7.2 | 2007.10.29 | - |
| CAT-QuickHeal | 9.00 | 2007.10.26 | TrojanDownloader.Zlob.gen |
| ClamAV | 0.91.2 | 2007.10.29 | Trojan.Dropper-2557 |
| DrWeb | 4.44.0.09170 | 2007.10.29 | - |
| eSafe | 7.0.15.0 | 2007.10.28 | - |
| eTrust-Vet | 31.2.5250 | 2007.10.29 | - |
| Ewido | 4.0 | 2007.10.28 | - |
| FileAdvisor | 1 | 2007.10.29 | - |
| Fortinet | 3.11.0.0 | 2007.10.19 | - |
| F-Prot | 4.3.2.48 | 2007.10.29 | - |
| F-Secure | 6.70.13030.0 | 2007.10.29 | - |
| Ikarus | T3.1.1.12 | 2007.10.29 | - |
| Kaspersky | 7.0.0.125 | 2007.10.29 | - |
| McAfee | 5150 | 2007.10.26 | - |
| Microsoft | 1.2908 | 2007.10.29 | - |
| NOD32v2 | 2622 | 2007.10.28 | - |
| Norman | 5.80.02 | 2007.10.26 | - |
| Panda | 9.0.0.4 | 2007.10.28 | - |
| Prevx1 | V2 | 2007.10.29 | - |
| Rising | 19.47.02.00 | 2007.10.29 | Trojan.DL.Win32.Zlob.def |
| Sophos | 4.23.0 | 2007.10.29 | Troj/Zlobar-Fam |
| Sunbelt | 2.2.907.0 | 2007.10.27 | - |
| Symantec | 10 | 2007.10.29 | - |
| TheHacker | 6.2.9.110 | 2007.10.27 | - |
| VBA32 | 3.12.2.4 | 2007.10.28 | - |
| VirusBuster | 4.3.26:9 | 2007.10.28 | Trojan.DR.Zlob.Gen!Pac.32 |
| Webwasher-Gateway | 6.6.1 | 2007.10.29 | Trojan.Dldr.Zlob.dwf |
| Additional information | |||
| File size: 102415 bytes | |||
| MD5: aa6f7f7a2c7ee6b0981b9c0430370458 | |||
| SHA1: 720f1122e31665c445a8a32d3f4dee1513054e2d | |||
I am able to attach the file at Yahoo Mail which suggests that Norton scanner fails to detect the threat.
I am sending the infected files to NOD32 and Kaspersky as only this 2 allows non customers to send sample. In case of norton, there no service in which a non customer can send virus sample !!!
I will update the post when I get any reply from NOD32 or Kaspersky…
Update – (Oct 29, 2007 / IST 19:33 hours)
Its confirm from Kaspersky LAB, they have replied,
Hello.
New malicious software was found in the attached file. Trojan-Downloader.Win32.Zlob.dzz It’s detection will be included in the next update. Thank you for your help.
Please quote all when answering. Do not forget to include you registration data.
—————–
Regards,
Maslennikov Denis
Virus Analyst, Kaspersky Lab.Ph.: xxxxxx
E-mail: xxxxxx
http://www.kaspersky.com http://www.viruslist.com
Kaspersky is really quick and fast to act on the possible threat issue, however I am yet to receive any reply from NOD32 (ESET) !!!
Related posts:
- Virus Found – Possible Threat “Trojan downloader” Well again I come across to a threat which is detected by few AVS, this time including Kaspersky Scanner as...
- Virus Found – Possible Threat “Backdoor.Win32.Bifrose.bcb” As the title says !!! Its a trojanhorse or in simple words a spyware… Recently I stumbled upon a file...
- Apple OS X gets a Virus attack – P2P distributed iWork 09 comes with OSX.Trojan.iServices.A Trojan Horse And you thought MAC wont get an infection ? Intego, a leading security application developer for OS X platform just...
- Open MS Office 2007 Documents in Older Version of MS Office Microsoft office compatibility Pack is one of the Must install if you are running Microsoft Office Pririor to MS Office...
- Download Kaspersky AntiVirus / Internet Security (v9.0) 2010 Offline update (ZIP) Kaspersky Lab have released a stand alone utility tool to download and store Kaspersky Internet / AntiVirus 9.0 updates (virus...
| Print article | This entry was posted by Choto Cheeta on October 29, 2007 at 11:22 am, and is filed under Computer, Security Software. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |
Loading ...
about 2 years ago
* Issue :-
Getting lot of porn websites poping up.
Getting lot of spyware popups.
Does your computer infected with Trojan.Vundo.
* Steps to Fix :-
* Start your comp in safe mode with networking.
* Go to the following location and look the following files if find those files Delete it..
C:\WINDOWS\pskt.ini
C:\WINDOWS\SYSTEM32\DNnVyyay.ini
C:\WINDOWS\SYSTEM32\DNnVyyay.ini2
C:\WINDOWS\system32\lTCfPqru.ini
C:\WINDOWS\SYSTEM32\lTCfPqru.ini2
C:\Documents and Settings\Alan Borson\Application Data\CURITY~1
C:\Documents and Settings\Alan Borson\Application Data\SMBOLS~1
C:\Documents and Settings\Alan Borson\Application Data\SSTEM~1
C:\Documents and Settings\Alan Borson\Application Data\WinIFixer.com
C:\Documents and Settings\Alan Borson\Application Data\WinTouch
C:\Documents and Settings\Alan Borson\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Alan Borson\My Documents\CROSOF~1.NET
C:\Documents and Settings\Alan Borson\My Documents\PPPATC~1
C:\Documents and Settings\Alan Borson\My Documents\PPPATC~1\?ppPatch\
C:\Documents and Settings\Alan Borson\My Documents\PPPATC~1\ati2evxx.exe
C:\Documents and Settings\Alan Borson\My Documents\STEM~1
C:\Documents and Settings\Alan Borson\My Documents\WNSXS~1
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Rabio
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\mbols~1
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Temporary
C:\Program Files\webhancer
C:\Program Files\webhancer\Programs\webhdll.dll
C:\Program Files\webhancer\Programs\whinstaller.exe
C:\WINDOWS\123messenger.per
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\default.htm
C:\WINDOWS\didduid.ini
C:\WINDOWS\licencia.txt
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\ntnut.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\saiemod.dll
C:\WINDOWS\secure32.html
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\start.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\SYSTEM32\bedcajcc.ini
C:\WINDOWS\system32\ccjacdeb.dll
C:\WINDOWS\SYSTEM32\DNnVyyay.ini
C:\WINDOWS\SYSTEM32\DNnVyyay.ini2
C:\WINDOWS\system32\fdwpscux.ini
C:\WINDOWS\system32\iqhhytgm.ini
C:\WINDOWS\SYSTEM32\lTCfPqru.ini
C:\WINDOWS\SYSTEM32\lTCfPqru.ini2
C:\WINDOWS\system32\mgtyhhqi.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\tvyknjtf.ini
C:\WINDOWS\system32\xucspwdf.dll
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
C:\WINDOWS\voiceip.dll
C:\WINDOWS\Web\default.htt
C:\WINDOWS\winsb.dll
“C:\WINDOWS\system32\yaywuuVn.dll”
C:\WINDOWS\system32\urqPfCTl.dll
C:\WINDOWS\system32\yaywuuVn.dll
C:\WINDOWS\system32\whameprt.dll
* yaywuuVn.dll — This file could be winlogon entry.
* So start > run> type regedit
* Take a backup of registry.
*HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify — check for that file or folder if you find so delete it.
* Search the file under registry also and delete it.
* Now you can look for
c:\program files\…..(any unwanted programs delete it).
* Now you can delete all Temp files and prefetch.
* Empty the recycle bin.
* Restart the computer in normal mode.
* Now try to access the IE check whether you find any poups.
* I hope you wont get any poups..if so let me Know..
i will guide to run some removal tool to fix it..
ValanBose
Vss Elite.
about 2 years ago
hi
about 2 years ago
Trojan Zlob\Trojan.Downloader :-
===============================
It may come in an email asking you to check out a movie file or it may seek to push its way to your computer from malicious websites. In both cases a ‘codec’ will be offered in the guise of helping you watch a streaming video, but instead of showing the movie it will install a stealthy Trojan Downloader in your computer. That is Zlob Trojan.
about 2 years ago
Trojan.Dropper – Its a virus,that could creat a base file under system32 location,whenever computer restarts the file will change and it drop the file in the same location.
about 2 years ago
thnx for the news
about 2 years ago
HO come u scan with alll the AV simltenously :O
about 2 years ago
Great…………….
Big guns are like….
about 2 years ago
lollzzzz.
about 2 years ago
Top paid AV fails………
surprised!!!!
about 2 years ago
really surprising to see ‘big guns’ failing…
about 2 years ago
The AVG is the best among them all ??