Bd10 Undetected Files - Possible Trojans Etc

yeow
yeow
in Sample submission

Password: infected


Encryption: AES-256


Progam used: 7-zip


Hi,


In late Sep, I sent similar undetected files via BD10 quarantine folder. I don't think they were analysed, so I'm uploading the files here.


These uploaded files are from the same computer, which just got re-infected when same family member visited the same website - I suspect it started from installing some form of flash web streaming application (p2ptv.exe).


Thanks,


yeow

/applications/core/interface/file/attachment.php?id=3789" data-fileid="3789" rel="">BD10_Samples001.zip

/applications/core/interface/file/attachment.php?id=3790" data-fileid="3790" rel="">BD10_Samples002.zip

/applications/core/interface/file/attachment.php?id=3791" data-fileid="3791" rel="">BD10_Samples003.zip

Comments

  • yeow
    yeow
    edited November 2008

    Hi,


    On Fri 14 Nov, the same PC got reinfected again. Mostly same files were dropped & same startup entries in registry were made. Luckily the PC was not rebooted, so it was easier for me to remove infections (as not "active" yet).


    But I checked that BD10 still does not detect any of these files. I can understand that Oreans32.sys may be innocent 3rd party driver. But backupuser.exe & update_java.exe (etc) are very likely malware.


    If the above submitted files are corrupted or damaged, pls let me know & I will save/re-upload when PC gets re-infected once more.


    Rgds,


    yeow

All Time Leaders

Categories

Defenders of the month