Tag Archives: TDSS

Removed: _VOIDd.sys

Malware: C:\sand-box\install01.exe —————————————————————————————————————————- Removed: C:\WINDOWS\_VOIDtpdwqienbv\_VOIDd.sys —————————————————————————————————————————- After first reboot detected by UnHackMe: Item Name: _VOIDtpdwqienbv Author: Related File: C:\WINDOWS\_VOIDTPDWQIENBV\_VOIDD.SYS Type: Services detected by Partizan Item Name: _VOIDd.sys Author: Related File: \systemroot\system32\drivers\_VOIDbfjpaypdiv.sys Type: Services detected by Partizan Removal Results: Success Number of reboot: 1 —————————————————————————————————————————- Classification: Antivirus Version Last Update Result Kaspersky 7.0.0.125 2010.04.02 Trojan.Win32.Tdss.azxa McAfee…

Continue reading

Restored: PCI.SYS (The virus chooses a random driver for each infection)

Malware: C:\sand-box\1270595271.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.08 Trojan.Generic.3596524 Kaspersky 7.0.0.125 2010.04.08 Trojan.Win32.Tdss.baam Microsoft 1.5605 2010.04.08 Trojan:Win32/Alureon.CT NOD32 5009 2010.04.08 a variant of Win32/Kryptik.DNA —————————————————————————————————————————- Additional information File size: 83456 bytes MD5 : da805b061708e572d4c0af275549349d SHA1 : 3fc52e6bfb54f8d766066ba00ceb6a5499f2d527 SHA256: d95e1afacd03f36b74d3601aa3ce109f73bd9a3fc9bfe6822f41d88675c29311 —————————————————————————————————————————- Installation When the program is executed, it creates the…

Continue reading

Malware: 73_TDL3_24.02.2010_TDL3.27.exe

Malware: C:\sand-box\73_TDL3_24.02.2010_TDL3.27.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.02 Gen:Heur.Krypt.8 Kaspersky 7.0.0.125 2010.03.02 Trojan-GameThief.Win32.Magania.cwgq McAfee 5907 2010.03.01 DNSChanger.at Microsoft 1.5502 2010.03.02 Trojan:Win32/Alureon.CT NOD32 4909 2010.03.02 a variant of Win32/Kryptik.CPZ —————————————————————————————————————————- Additional information File size: 80896 bytes MD5   : 11f1560e6f0d5f85a18dfe99b4be1174 SHA1  : 71e071761c37d94647083508d6c6c413b0ba9246 SHA256: 8115dac8ce2f5e6edf66632c1a47b7e562359838db416079a02efe7abd5e6947 —————————————————————————————————————————- Installation When the program is executed, it creates the following…

Continue reading

Removed: setup_1904.exe

Malware: C:\sand-box\setup_1904.exe Removed: C:\Documents and Settings\Administrator\Local Settings\Temp\setup_1904.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.31 Rogue:W32/SecurityGuard.A Kaspersky 7.0.0.125 2010.03.31 Trojan.Win32.Tdss.azpf McAfee 5936 2010.03.30 DNSChanger.bf Microsoft 1.5605 2010.03.31 TrojanDownloader:Win32/FakeVimes NOD32 4986 2010.03.30 a variant of Win32/Kryptik.DHT —————————————————————————————————————————- Additional information File size: 201728 bytes MD5 : 6cb447d416e868f5840af78bb2d9fd30 SHA1 : 1167d155ffbb455353659f4fc30e162c876c0685 SHA256: d9ce036f6b25d812c16c3653a6b80d539491bfc30415e265e0f7f3d4752cba82 —————————————————————————————————————————- Installation When…

Continue reading

Removed: AtapiDrv.sys

Malware: C:\sand-box\load.exe Removed: C:\WINDOWS\system32\drivers\AtapiDrv.sys —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.04.01 Suspicious:W32/Malware!Gemini Kaspersky 7.0.0.125 2010.04.01 Trojan.Win32.Tdss.azvo McAfee 5937 2010.03.31 – Microsoft 1.5605 2010.03.31 – NOD32 4992 2010.04.01 a variant of Win32/Kryptik.DLH —————————————————————————————————————————- Additional information File size: 69120 bytes MD5 : 33157597db16fdfb9e5b47455bdd7a79 SHA1 : 5094366b2b31e81a0669148aa6df71d64beda573 SHA256: ab980e74feb1eb4ca9c60d7b4a7781f6e4c4cbfe0ab45124aaa479634a5042a9 —————————————————————————————————————————- Installation When the program is…

Continue reading

Restored: ATAPI.SYS

Malware: C:\sand-box\browser-player.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.26 Trojan.TDss.ABP Kaspersky 7.0.0.125 2010.03.26 Trojan.Win32.Tdss.ayhi McAfee 5931 2010.03.25 DNSChanger.as Microsoft 1.5605 2010.03.26 Trojan:Win32/Alureon.CT NOD32 4975 2010.03.25 a variant of Win32/Kryptik.DDG —————————————————————————————————————————- Additional information File size: 82432 bytes MD5   : c5d16aa2b08f1cc67df20011fc37d19f SHA1  : d1313bb9c67688bd093daf2d6a6160a35dd289eb SHA256: 5cd8b34b1dc1d486b9a31193aff9a209d7f91863a39312ea59e738d13715a90c —————————————————————————————————————————- Installation When the program is executed, it creates…

Continue reading

Restored: ATAPI.SYS

Malware: C:\sand-box\setup.exe Restored: C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.30 – Kaspersky 7.0.0.125 2010.03.30 Trojan-Dropper.Win32.TDSS.ah McAfee 5935 2010.03.29 – Microsoft 1.5605 2010.03.30 – NOD32 4983 2010.03.29 – —————————————————————————————————————————- Additional information File size: 158208 bytes MD5 : 97924335f34b0e8a0a1ffe4f00db5398 SHA1 : 33e2d222f55750d5c7c8649c7a3754df2b8db433 SHA256: 8733c2b617f23c4ef829521af3300a7f8d330ef86c11d5eb0041cfeee320b18d —————————————————————————————————————————- Installation When the program is executed, it creates…

Continue reading

Restored: atapi.sys

Malware: C:\sand-box\setup.exe Restored: C:\WINDOWS\system32\drivers\atapi.sys —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.18 Trojan.Generic.KD.4129 Kaspersky 7.0.0.125 2010.03.18 Packed.Win32.Krap.aq McAfee 5923 2010.03.17 – Microsoft 1.5605 2010.03.17 – NOD32 4953 2010.03.17 Win32/Olmarik.VE —————————————————————————————————————————- Additional information File size: 97792 bytes MD5 : d0e968377723f43aefafb39c7170d081 SHA1 : c503c38b0a1afe92750dda76cadaaaf16cefa297 SHA256: 5964a315894ed349c8a01844c33519023109c6ba477c9490e7518f8f38cdd5b2 —————————————————————————————————————————- Installation When the program is executed, it creates…

Continue reading

Malware: dm.exe

Malware: C:\sand-box\dm.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.15 Backdoor:W32/TDSS.EN Kaspersky 7.0.0.125 2010.03.15 Trojan.Win32.Tdss.ayec McAfee 5921 2010.03.15 – Microsoft 1.5502 2010.03.12 – NOD32 4946 2010.03.15 a variant of Win32/Kryptik.DAS —————————————————————————————————————————- Additional information File size: 78336 bytes MD5 : fc3b03ce1ff40076415e072dde8b66d0 SHA1 : 906b7ed6bc3377ca433d6e1c987f91e5a831be24 SHA256: e1f92c5f89f9d9be8e04a39605dfc126c922fb26207981301d6ddb3955d867c5 —————————————————————————————————————————- Installation When the program is executed, it…

Continue reading

Malware: file.exe

Malware: file.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.15 Suspicious:W32/Malware!Gemini Kaspersky 7.0.0.125 2010.03.15 – McAfee 5920 2010.03.14 – Microsoft 1.5502 2010.03.12 – NOD32 4945 2010.03.15 a variant of Win32/Injector.BBG —————————————————————————————————————————- Additional information File size: 9728 bytes MD5 : 5910e59d592781cec3234abf57f8d000 SHA1 : 797a5b08ce2d5d8119d51d44ff16e14eaf2cba51 SHA256: 5c803a729fc41b2394209ab9e2d8d91113d0d543aeef74583d0868eb39fcd216 —————————————————————————————————————————- Installation When the program is executed, it…

Continue reading

Malware: update.exe

Malware: C:\sand-box\update.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.10 Gen:Heur.Krypt.8 Kaspersky 7.0.0.125 2010.03.10 – McAfee 5915 2010.03.09 DNSChanger.as Microsoft 1.5502 2010.03.10 Trojan:Win32/Alureon.CT NOD32 4930 2010.03.09 a variant of Win32/Kryptik.CVQ —————————————————————————————————————————- Additional information File size: 81920 bytes MD5 : e599256bb0c5860e946b206195895c94 SHA1 : 9ed4479945fda02d4f2e1c1a060ee50064d5d3bc SHA256: 9fe4eadee402faa21e3f8e4e33ea7a468c79307a83a21e2381a8955709d541c1 —————————————————————————————————————————- Installation When the program is executed, it…

Continue reading

Malware: setup.exe

Malware: C:\sand-box\setup.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.09 – Kaspersky 7.0.0.125 2010.03.09 – McAfee 5914 2010.03.08 DNSChanger.bb Microsoft 1.5502 2010.03.09 – NOD32 4927 2010.03.09 – —————————————————————————————————————————- Additional information File size: 133632 bytes MD5 : fb2bcd1211478df55a03a5fec5ba8906 SHA1 : 6c8ff5065c4be4e77abf7561cf731214a2d2c9b2 SHA256: a724fe0ef88064af7dbe26b29efd758aaccf21227275b3f91f7063b8c2f9b9a7 —————————————————————————————————————————- Installation When the program is executed, it creates the following…

Continue reading

Malware: auto.exe

Malware: C:\sand-box\auto.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.04 Gen:Heur.Krypt.8 Kaspersky 7.0.0.125 2010.03.04 – McAfee 5909 2010.03.03 DNSChanger.as Microsoft 1.5502 2010.03.04 Trojan:Win32/Alureon.CT NOD32 4913 2010.03.03 a variant of Win32/Kryptik.CPZ —————————————————————————————————————————- Additional information File size: 81408 bytes MD5 : 090d524dbae314bee4d7db36b26b0f66 SHA1 : 402dddc09ce824dc433de7b9b39762ee4ebca855 SHA256: c78064c4704ef5400b2c5b0a2d4a9ea2873b41ff880089381a6923fd2433df7d —————————————————————————————————————————- Installation When the program is executed, it…

Continue reading

Malware: ssl.exe

Malware: C:\sand-box\ssl.exe —————————————————————————————————————————- Classification: Antivirus Version Last Update Result F-Secure 9.0.15370.0 2010.03.05 Gen:Heur.Krypt.8 Kaspersky 7.0.0.125 2010.03.05 Trojan.Win32.Tdss.awwo McAfee 5910 2010.03.04 DNSChanger.as Microsoft 1.5502 2010.03.05 Trojan:Win32/Alureon.CT NOD32 4917 2010.03.05 a variant of Win32/Kryptik.CPZ —————————————————————————————————————————- Additional information File size: 81920 bytes MD5 : 31f17b209815a3aa8a952f24baf33c16 SHA1 : 6bfdd317b6e46cc3b7146e76eacbb8e69e0ba452 SHA256: 89a1ca7d3d9d73bd4607ef658e52ac5d30460f819a7fc5a8500fd4bdeeb7cfde —————————————————————————————————————————- Installation When the program is executed, it…

Continue reading