Undetected Samples

miekiemoes

Hi,

I've attached some undetected samples I found on a user's computer. (also undetected by most companies, not all)

I already sent a mail to your submisssion mailaddress, but post here anyway with the same samples since it appears to be a common issue lately on a lot of computers.

Small, but important note:

spool.exe also modifies the value UserInit under: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon to %Windir%\system32\drivers\spool.exe %Windir%\system32\userinit.exe

So this means, if the file gets deleted without restoring the UserInit value in the registry, user may not be able to log in anymore. (will go into a login-logoff loop)

/applications/core/interface/file/attachment.php?id=1362" data-fileid="1362" rel="">samples.zip

Regards,

Mieke

Cd-MaN

Signed and will be detected as:

Trojan.Agent.AGOG

Trojan.KillAV.NS

Trojan.Spy.Small.IT

Thank you for the samples.

Best regards.

miekiemoes

Thanks Cd-MaN