Re: Is this a security threat
- From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
- Date: Thu, 21 Dec 2006 19:10:50 -0500
From: "Liron" <Liron@xxxxxxxxxxxxxxxxxxxxxxxxx>
< snip >
| onto my computer.
| The name of the program that was offered to me in the dialog windows was
| DriveCleaner. The file which was detected by my antivirus program was
| installdrivecleanerstart.cab and was located in the Temporary Internet Files
Files are not are not "installed" in the temporary internet files (TIF) or Browser cache.
The files are cahed from accessing web sites.
DriveCleaner is malware. I jsut submitted an installer for it a little while ago. Nelow is
a Virus Total report for that installer. Your "un-named" anti virus software did its job.
Hopefully you didn't go ahead and believe this web site's bullsh!t and install DriveCleaner.
Dump the contents of your IE cache -
Start --> settings --> control panel --> Internet options --> delete files
Perform a complete scan of your computer uising your "un-named" anti virus software.
Complete scanning result of "installdrivecleanerstart.exe", processed in VirusTotal at
12/22/2006 00:07:55 (CET).
[ file data ]
* name: installdrivecleanerstart.exe
* size: 120528
* md5.: 653a71be0689341b2b1a452ee551cdbc
* sha1: c0e8339c219fa51ef56cf70ab31e55c37e4b83c9
[ scan result ]
AntiVir 188.8.131.52/20061221 found nothing
Authentium 4.93.8/20061221 found [Possibly a new variant of
Avast 4.7.892.0/20061221 found nothing
AVG 386/20061221 found nothing
BitDefender 7.2/20061221 found [Application.DriveCleaner.E]
CAT-QuickHeal 8.00/20061221 found nothing
ClamAV devel-20060426/20061221 found nothing
DrWeb 4.33/20061221 found [Trojan.DownLoader.13909]
eSafe 184.108.40.206/20061221 found [Win32.Agent.axb]
eTrust-InoculateIT 23.73.93/20061221 found nothing
eTrust-Vet 30.3.3268/20061221 found nothing
Ewido 4.0/20061221 found [Adware.DriveCleaner]
F-Prot 3.16f/20061221 found [Possibly a new variant of
F-Prot4 220.127.116.11/20061221 found [W32/Behavior:SelfStarterInternetTrojan!Maximus]
Fortinet 18.104.22.168/20061221 found [Misc/DriveCleaner]
Ikarus T22.214.171.124/20061221 found [Win32.SuspectCrc]
Kaspersky 126.96.36.199/20061221 found nothing
McAfee 4924/20061221 found [potentially unwanted program DriveCleaner]
Microsoft 1.1904/20061221 found nothing
NOD32v2 1934/20061221 found [a variant of Win32/Adware.WinFixer]
Norman 5.80.02/20061221 found nothing
Panda 188.8.131.52/20061221 found [Application/DriveCleaner]
Prevx1 V2/20061222 found [Rogue.Drive.Cleaner]
Sophos 4.12.0/20061221 found nothing
Sunbelt 2.2.907.0/20061218 found [Drivecleaner Inc (v)]
TheHacker 184.108.40.206/20061220 found nothing
UNA 1.83/20061221 found nothing
VBA32 3.11.1/20061221 found [Trojan.DownLoader.13909]
VirusBuster 4.3.19:9/20061221 found nothing
[ notes ]
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=7d6a39933965
- Prev by Date: Re: java/byte verify
- Next by Date: RE: How redundancy works in Win2003 PKI ?
- Previous by thread: Re: Enum only files/folders where explicit NTFS rights have been sette
- Next by thread: Re: 2 Questions re: Delegation of Control in Active Directory