I found the shit in my flash memory in a doble subdirectory with a extrem long name, system hidden and with special permissions
dir -s -h ****************************----*** /s /d (the other system hidden exe files are a vaccination method for standard shit code) i found a file EmrVQMar0BHh9hKKJ9vG6gt5zm2slhPo.exe (118.784 Bytes)
and then another directory (system hidden) with other copy of the same exe file
Yet unhidden and not system file the avira antivir guard recognize hostil code (TR/VB.OEC) in this directory and executable and does not allow me to handle it .
Disabling the antivir guard, i was able to send the executable to the online virusscan.
I sent it to http://virusscan.jotti.org and surprise:
 | 2010-08-26 Found nothing |  | 2010-08-26 Trojan.VB.OEC |
 | 2010-08-26 Win32:Rootkit-gen |  | 2010-08-25 Trojan.Click |
 | 2010-08-26 Worm/VB.BCXM |  | 2010-08-26 Found nothing |
 | 2010-08-26 TR/VB.OEC |  | 2010-08-26 Win32/Injector.CPS |
 | 2010-08-26 Trojan.VB.OEC |  | 2010-08-25 W32/Brontok.EA.worm |
 | 2010-08-26 Found nothing |  | 2010-08-25 Trojan.DelfInjector.gen |
 | 2010-08-26 Found nothing |  | 2010-08-26 Mal/SillyFDC-G |
 | 2010-08-26 Found nothing |  | 2010-08-25 Trojan.VB.Schmidti |
 | 2010-08-26 Found nothing |  | 2010-08-26 Trojan.Injector.SPO |
 | 2010-08-26 Trojan.VB.OEC | ||
LibreOffice
Firefox
No comments:
Post a Comment