Re: Anti-virus recommendations



From: "Jon Phipps" <jcphipps20@xxxxxxxxxxx>

| right now I am beta testing Windows One Care so my Norton AV Corp is on
| manual. Personally I dont like AV tools that make you pay them every year
| for a "subscription" heck you can go to the store and buy the tool for as
| much as the subscription price.


I just extracted a zoo to a folder, c:\1 and used the MS AV online scanner at
http://safety.live.com/site/en-US/default.htm and it found out 7 infectors in 11 files.

The following is the report after running an upadated Kaspersky scan...

AVPDOS32 Start 22-12-2005 10:53:37


Version 3.0 build 135
Last update: 22.12.2005, 166771 records.

Command line: /- /E /* /MD /MP /Y /Z- /W+=ScanReport.txt C:\1
Profile defdos32.prf (from 27.06.2001 02:00:00)

C:\1\BAG.HTM infected: Exploit.JS.CVE-2005-1790.h
C:\1\BAG.HTM deleted: Exploit.JS.CVE-2005-1790.h
C:\1\CMDINST.EXE archive: Inno
C:\1\CMDINST.EXE/data0001 packed: UPX
C:\1\CMDINST.EXE/data0001 infected: not-a-virus:AdWare.Win32.CommAd.a
C:\1\CMDINST.EXE/data0001 disinfection failed: not-a-virus:AdWare.Win32.CommAd.a
C:\1\CMDINST.EXE disinfection failed: not-a-virus:AdWare.Win32.CommAd.a
C:\1\COUNTRY.EXE packed: FSG
C:\1\COUNTRY.EXE infected: Trojan-Dropper.Win32.Raven
C:\1\COUNTRY.EXE deleted: Trojan-Dropper.Win32.Raven
C:\1\DH.DLL infected: Trojan-Clicker.Win32.Small.jf
C:\1\DH.DLL deleted: Trojan-Clicker.Win32.Small.jf
C:\1\DH9013.EXE archive: NSIS
C:\1\DH9013.EXE/data0002 infected: Trojan-Clicker.Win32.Small.jf
C:\1\DH9013.EXE/data0002 disinfection failed: Trojan-Clicker.Win32.Small.jf
C:\1\DH9013.EXE disinfection failed: Trojan-Clicker.Win32.Small.jf
C:\1\DRSMAR~1.EXE infected: Trojan-Downloader.Win32.Adload.l
C:\1\DRSMAR~1.EXE deleted: Trojan-Downloader.Win32.Adload.l
C:\1\FILLME~1.HTM infected: Exploit.JS.CVE-2005-1790.h
C:\1\FILLME~1.HTM deleted: Exploit.JS.CVE-2005-1790.h
C:\1\GETACC~1.CLA infected: Trojan-Downloader.Java.OpenConnection.aj
C:\1\GETACC~1.CLA deleted: Trojan-Downloader.Java.OpenConnection.aj
C:\1\IBM00001.DLL infected: Trojan-PSW.Win32.Sinowal.a
C:\1\IBM00001.DLL deleted: Trojan-PSW.Win32.Sinowal.a
C:\1\IBM00007.DLL infected: Trojan-PSW.Win32.Sinowal.a
C:\1\IBM00007.DLL deleted: Trojan-PSW.Win32.Sinowal.a
C:\1\INSTAL~1.CLA infected: Trojan-Downloader.Java.OpenConnection.aj
C:\1\INSTAL~1.CLA deleted: Trojan-Downloader.Java.OpenConnection.aj
C:\1\INSTAL~1.EXE infected: Trojan-Downloader.Win32.Qoologic.at
C:\1\INSTAL~1.EXE deleted: Trojan-Downloader.Win32.Qoologic.at
C:\1\IPQPSNI.DLL infected: Trojan-Downloader.Win32.Qoologic.ax
C:\1\IPQPSNI.DLL deleted: Trojan-Downloader.Win32.Qoologic.ax
C:\1\JAVA.JAR archive: ZIP
C:\1\JAVA.JAR/GetAccess.class infected: Trojan-Downloader.Java.OpenConnection.aj
C:\1\JAVA.JAR/GetAccess.class disinfection failed: Trojan-Downloader.Java.OpenConnection.aj
C:\1\JAVA.JAR disinfection failed: Trojan-Downloader.Java.OpenConnection.aj
C:\1\JVKVVDJ.EXE infected: Trojan-Downloader.Win32.Qoologic.ax
C:\1\JVKVVDJ.EXE deleted: Trojan-Downloader.Win32.Qoologic.ax
C:\1\KL.EXE packed: PE_Patch
C:\1\KL.EXE packed: NSPack
C:\1\KL.EXE infected: Trojan-Spy.Win32.Small.dg
C:\1\KL.EXE deleted: Trojan-Spy.Win32.Small.dg
C:\1\KMGMQ.DLL infected: Trojan-Downloader.Win32.Qoologic.ax
C:\1\KMGMQ.DLL deleted: Trojan-Downloader.Win32.Qoologic.ax
C:\1\LOAD.EXE packed: FSG
C:\1\LOAD.EXE infected: Trojan-Downloader.Win32.Small.cbx
C:\1\LOAD.EXE deleted: Trojan-Downloader.Win32.Small.cbx
C:\1\LOADER~1.JAR archive: ZIP
C:\1\LOADER~1.JAR/Matrix.class infected: Trojan-Downloader.Java.OpenStream.c
C:\1\LOADER~1.JAR/Matrix.class disinfection failed: Trojan-Downloader.Java.OpenStream.c
C:\1\LOADER~1.JAR disinfection failed: Trojan-Downloader.Java.OpenStream.c
C:\1\MSJCF.EXE packed: FSG
C:\1\MSJCF.EXE infected: Trojan-Dropper.Win32.Raven
C:\1\MSJCF.EXE deleted: Trojan-Dropper.Win32.Raven
C:\1\MSVCP.EXE packed: FSG
C:\1\MTE3ND~1.EXE packed: UPX
C:\1\MTE3ND~1.EXE infected: Trojan-Downloader.Win32.Small.buy
C:\1\MTE3ND~1.EXE deleted: Trojan-Downloader.Win32.Small.buy
C:\1\NUCLAB~1.DLL infected: Trojan-Spy.Win32.Goldun.ft
C:\1\NUCLAB~1.DLL deleted: Trojan-Spy.Win32.Goldun.ft
C:\1\PAYAQC.EXE infected: Trojan-Downloader.Win32.Qoologic.ax
C:\1\PAYAQC.EXE deleted: Trojan-Downloader.Win32.Qoologic.ax
C:\1\PAYTIME.EXE packed: FSG
C:\1\PAYTIME.EXE infected: Trojan.Win32.StartPage.adi
C:\1\PAYTIME.EXE deleted: Trojan.Win32.StartPage.adi
C:\1\SCMT16.EXE packed: FSG
C:\1\SCMT16.EXE infected: Trojan-Downloader.Win32.Small.cbx
C:\1\SCMT16.EXE deleted: Trojan-Downloader.Win32.Small.cbx
C:\1\SPLOIT.ANR infected: Exploit.HTML.Mht
C:\1\SPLOIT.ANR deleted: Exploit.HTML.Mht
C:\1\STUB_1~1.EXE packed: UPX
C:\1\STUB_1~1.EXE infected: Trojan-Downloader.Win32.TSUpdate.o
C:\1\STUB_1~1.EXE deleted: Trojan-Downloader.Win32.TSUpdate.o
C:\1\TIMESS~1.EXE infected: Trojan.Win32.StartPage.aw
C:\1\TIMESS~1.EXE deleted: Trojan.Win32.StartPage.aw
C:\1\TM18420.EXE infected: Trojan-Downloader.Win32.Qoologic.ax
C:\1\TM18420.EXE deleted: Trojan-Downloader.Win32.Qoologic.ax
C:\1\TM20666.EXE infected: Trojan-Downloader.Win32.Qoologic.ax
C:\1\TM20666.EXE deleted: Trojan-Downloader.Win32.Qoologic.ax
C:\1\TOOL2.EXE infected: Trojan-Clicker.Win32.Spywad.n
C:\1\TOOL2.EXE deleted: Trojan-Clicker.Win32.Spywad.n
C:\1\TOOL3.EXE infected: Packed.Win32.Klone.b
C:\1\TOOL3.EXE deleted: Packed.Win32.Klone.b
C:\1\TOOLBAR.EXE infected: Trojan-Downloader.Win32.Adload.j
C:\1\TOOLBAR.EXE deleted: Trojan-Downloader.Win32.Adload.j
C:\1\US.EXE packed: FSG
C:\1\US.EXE infected: Trojan-Spy.Win32.Goldun.ft
C:\1\US.EXE deleted: Trojan-Spy.Win32.Goldun.ft
C:\1\VGACTL.CPL infected: Trojan-Downloader.Win32.Qoologic.at
C:\1\VGACTL.CPL deleted: Trojan-Downloader.Win32.Qoologic.at
C:\1\WINSTALL.EXE infected: Trojan-Clicker.Win32.Spywad.n
C:\1\WINSTALL.EXE deleted: Trojan-Clicker.Win32.Spywad.n
C:\1\WUAUCLT.DLL infected: Trojan-Downloader.Win32.Qoologic.at
C:\1\WUAUCLT.DLL deleted: Trojan-Downloader.Win32.Qoologic.at
C:\1\X.CHM archive: CHM
C:\1\X.CHM/load.exe packed: FSG
C:\1\X.CHM/load.exe infected: Trojan-Downloader.Win32.Small.cbx
C:\1\X.CHM/load.exe disinfection failed: Trojan-Downloader.Win32.Small.cbx
C:\1\X.CHM disinfection failed: Trojan-Downloader.Win32.Small.cbx

Scan process completed.

Result for all objects:

Sector Objects : 0 Known viruses : 23
Files : 65 Virus bodies : 38
Folders : 1 Disinfected : 0
Archives : 5 Deleted : 33
Packed : 12 Warnings : 0
Suspicious : 0
Scan speed (Kb/sec) : 23 Corrupted : 0
Scan time : 00:02:05 I/O Errors : 0


Gee, I think Micropsoft missed a few ! :-)

Luckily I submitted them all to Microsoft Yesterday. Maybe in two weeks they'll have
signatutres available for the above.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.