No replies to this topic

[sho-dan]

Tested
PM and MBAM takes care of this one, Installing successful.exe will freeze Live test box . Force reboot only way to get out of it.

hxxp://goodboomer.com/successful.exe: Direct downloader

Quote

File successful.exe received on 01.17.2009 20:23:19 (CET)
Current status: finished
Result: 11/39 (28.21%)

Virustotal

Malwarebytes' Anti-Malware 1.33
Database version: 1663
Windows 5.1.2600 Service Pack 3

1/17/2009 2:17:16 PM
mbam-log-2009-01-17 (14-17-16).txt

Scan type: Quick Scan
Objects scanned: 46219
Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\new_drv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\new_drv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\new_drv (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ttool (Spyware.Passwords) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\9129837.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\new_drv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.