Trojan.PWS.Bancos.142

From: Kayman (khkaminski_at_csloxinfo.com)
Date: 09/25/05 

Date: Sun, 25 Sep 2005 09:02:14 +0700

In order to resolve an "Installation Error 0x800A1391" error message
(Windows Update related), a [MVP] (in a different newsgroup) advised among
other things to access website http //www auditmypc com/freescan/prefcan asp
(I removed colon and dots on purpose) to check for malware (nothing was
found). I also downloaded 'monitor.vbs' but when trying to open
'monitor.vbs' the Norton AntiVirus Alert advised that a Malicious Script is
detected in file C:\Unzipped\patchmonitor[1]\monitor.vbs
Action recommended is to stop this script.

I further scanned my system with (updated) Ad-Aware v1.06r1, Spyware Doctor
v3.2, eScan Toolkit v4.40 (powered by Kaspersky), Norton AntiVirus2003 but
nothing was found.
I sent this file to VirusTotal and all their scanning engines did not find
anything either.
Then I scanned with (updated) BitDefender 8 Free Edition, Summary as
follows:-

C:\Unzipped\patchmonitor[1]\OSSMTP.dll Infected Trojan.PWS.Bancos.142
C:\Unzipped\patchmonitor[1]\OSSMTP.dll Disinfection failed
C:\Unzipped\patchmonitor[1]\OSSMTP.dll Moved

HijackThis didn't reveal anything suspicious either.

Could this be a false positive declaration? Is <auditpc> a 'safe reputable'
website and if so is it okay to run 'monitor.vbs considering the Norton
warning sign?

My system Information:-
Platform: OS Microsoft Win32 XPPro Version 5.12600 SP2 Build 2600
Processor: x86 Family 15 Model 3 Stepping 4 GenuineIntel ~2400Mhz, Pentium4
MSIE: Internet Explorer v6.00, Total Physical Memory 512MB
Microsoft .NET Framework 1.1 and Hotfix (KB886903)