Sample Submission

snnygrover
snnygrover
in Sample submission

I am uploading the sample you asked for in a .Zip file.


Password is infected.


Link to the topic is : http://forum.bitdefender.com/index.php?showtopic=5201


P.S.: the files MAGIC.exe and ALI.exe you have asked for are files of a program that i use. though i have included the files but i thought u should know.


Here is the SDFix report.


SDFix: Version 1.171


Run by Administrator on Tue 04/15/2008 at 09:57 PM


Microsoft Windows XP [Version 5.1.2600]


Running From: C:\sdfix


Checking Services :


Restoring Windows Registry Values


Restoring Windows Default Hosts File


Rebooting


Checking Files :


No Trojan Files Found


Removing Temp Files


ADS Check :


Final Check :


catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net


Rootkit scan 2008-04-15 22:00:48


Windows 5.1.2600 Service Pack 2, v.2096 FAT NTAPI


detected NTDLL code modification:


ZwClose


scanning hidden processes ...


scanning hidden services ...


scanning hidden autostart entries ...


scanning hidden files ...


scan completed successfully


hidden processes: 0


hidden services: 0


hidden files: 0


Remaining Services :


Authorized Application Key Export:


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]


"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:Remote Assistance"


"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"


"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"


"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"


"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:Remote Assistance"


Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip


Files with Hidden Attributes :


Finished!

/applications/core/interface/file/attachment.php?id=1886" data-fileid="1886" rel="">Desktop.zip

Comments

  • snnygrover
    snnygrover

    ALso my spyware doctor picks up the malware when it tries to change my registry as BACKDOOR.AGENT.ARK

  • Niels
    Niels

    Hello sunnygrover,


    Please update BitDefender and perform a deep scan. And post the scan report.


    After you have done that please go to start,my computer,double click on the icon of your hard disk,open the windows folder,tasks, delete everything that begins with At. After you have done that please make a new hijack this and combo fix log.


    Best regards


    Niels

All Time Leaders

Categories

Defenders of the month