View Full Version : BlackAngel.B detect by nod32?
proactivelover
June 15th, 2006, 02:25 PM
has this virus detect by nod32???
{QUOTE-> BlackAngel.B was discovered a few days ago and is distributed across MSN Messenger. It arrives in a message apparently sent by a contact of the user, i.e. from a trusted source, and includes an attachment “fantasma.exe”, that appears to be a video and displays the threatening text: “En el 1er día te espantas, en el 2º te desesperas, en el 3º buscas ayuda y en el 4º mueres”. (On the 1st day you will be scared, on the 2nd you will be desperate, on the 3rd day you will look for help and on the 4th day you die). <-QUOTE}
http://www.pandasoftware.com/about/press/viewNews.htm?noticia=7508&ver=21&pagina=&numprod=&entorno=&sitepanda=particulares
kjempen
June 15th, 2006, 09:12 PM
Can't say for sure if this is detected, but I did find the link that this "Instant Messaging worm" spreads: hxxp://galeon.com/videosdiverti2/fantasma.zip no longer works. So I guess the worm has stopped spreading?
Blackspear
June 15th, 2006, 09:31 PM
It is detected:
ALWIL - Win32:Trojan-gen. {UPX!}
CA InoculateIT - Win32/BlackAngel.05!Backdoor
CA VET - [undetected]
Doctor Web - BackDoor.BlackAngel.5
ESET - Win32/BlackAngel.05
Fortinet - W32/BlackAn.05!tr.bdr
Frisk Software - security risk named W32/Backdoor.DMA
GRISoft - BackDoor.Blackangel.B
H+BEDV - BDS/BlackAngel.05.2
IKARUS - Backdoor.Win32.BlackAngel.05
Kaspersky Lab - Backdoor.Win32.BlackAngel.05
McAfee - BackDoor-SA
Norman - W32/BlackAngel.0_5
Panda - Backdoor Program
Sophos - Troj/BlackAn
Symantec - Backdoor.Trojan
Trend Micro - BKDR_Generic
Cheers ;D
pykko
June 16th, 2006, 07:01 AM
I've scanned 2 variants of BlackAngel I have and NOD32 detects them. :)
But I've seen the title is BlacAngel.B. Which AV detects with this name ? ???
Blackspear
June 16th, 2006, 07:04 AM
{QUOTE-> Which AV detects with this name ? ??? <-QUOTE}GRISoft
Cheers ;D
pykko
June 16th, 2006, 07:20 AM
thx...i didn't noticed it. Grisoft is not usually in my view. ;D :P
ASpace
June 16th, 2006, 04:22 PM
{QUOTE-> thx...i didn't noticed it. Grisoft is not usually in my view. ;D :P <-QUOTE}
which is great . :) :) :)
proactivelover
June 21st, 2006, 02:40 PM
{QUOTE-> 6/21/2006.
Four days after infection, this worm modifies system configurations to prevent users from starting up the computer
The worm discreetly changes critical registry entries and disables system recovery services
The BlackAngel.B worm, discovered recently by PandaLabs and which has spread across Spanish-speaking countries, can modify the configuration of infected systems, preventing users from starting up their computers. On the fourth day after it has infected a computer, BlackAngel.B activates, commencing with a 10 second countdown. After this, and without users realizing, it changes critical Windows registry entries and disables the system recovery services. Finally, it shuts down the computer causing any unsaved documents to be lost. <-QUOTE}http://www.pandasoftware.com/about/press/viewNews.htm?noticia=7508&ver=21&pagina=&numprod=&entorno=&sitepanda=particulares
vBulletin® Copyright ©2000-2009, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2009, Wilders Security Forums