Another viral sample (Nov 16)

Discussion in 'Anti-Virus' started by Virus Guy, Nov 16, 2011.

  1. Virus Guy

    Virus Guy Guest

    This sample is a bit old (about 48 hours).

    It came from a link in an spam. When I submitted it to VT yesterday, I
    think it ID'd by 30% of the AV packages. Password is "a" (no quotes).

    http://www.fileden.com/files/2008/7/19/2010382/UPDATEFL.ZIP

    PS: As of 6pm EST, virustotal seems to be down, or is very sluggish.
    This is one of the errors I was getting:

    ===============
    Bad Gateway
    The proxy server received an invalid response from an upstream server.
    ===============
     
    Virus Guy, Nov 16, 2011
    #1
    1. Advertisements

  2. Most likely one of the newer ZBot trojans.

    It creates:
    %appdata%\Ahmak\uvla.udi
    %appdata%\Atyd\utzed.exe
    HKCU\Software\Microsoft\Vakiev

    It opens and examines all your cookies and deletes some based upon its agenda.
     
    David H. Lipman, Nov 17, 2011
    #2
    1. Advertisements

  3. Also accesses the WAB of the current user.
     
    FromTheRafters, Nov 17, 2011
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.