C:\Program Files\Winamp\winampa.exe - Win32/TrojanDropper.Agent.DGO virus
C:\Program Files\Winamp Remote\bin\OrbTray.exe - Win32/TrojanDropper.Agent.DGO virus

Winampa and Winamp remote I installed to allow myself to access my music from my wii etc. I never got this BEFORE I installed the winamp remote to allow access from my wii.

Hi!

I have got Winamp too and my ESS didn't detect the trojan. Test that files on www.virustotal.com and tell us results.

Scan Log
Version of virus signature database: 2758 (20071231)
Date: 31. 12. 2007 Time: 13:52:50
Scanned disks, folders and files: C:\Program Files\Winamp\
Number of scanned objects: 54
Number of threats found: 0
Time of completion: 13:52:51 Total scanning time: 1 sec (00:00:01)


:thumb:

{QUOTE-> Test that files on www.virustotal.com and tell us results. <-QUOTE}Our policy concerning the posting of those results.

Policy Regarding the Posting of Jotti/Virus Total Results (http://www.wilderssecurity.com/showthread.php?t=180057)

{QUOTE-> It is a policy here at Wilders Security Forums that scan results from services such as Jotti, Virus Total or similar services, should not be posted unless requested by a forum staff member. <-QUOTE}Bubba

{QUOTE-> C:\Program Files\Winamp\winampa.exe - Win32/TrojanDropper.Agent.DGO virus
C:\Program Files\Winamp Remote\bin\OrbTray.exe - Win32/TrojanDropper.Agent.DGO virus

Winampa and Winamp remote I installed to allow myself to access my music from my wii etc. I never got this BEFORE I installed the winamp remote to allow access from my wii. <-QUOTE}


I would generally ask you if you use the latest version but Winamp Remote is from the latest . I don't use Winamp but I just installed the latest Pro version from their site , got no alert from NOD32 . I use the latest signature 2758.

To my best knoledge, this is a new dropper for Virtumonde that comes with a file infector. NOD32 should be able to clean infected files.

{QUOTE-> To my best knoledge, this is a new dropper for Virtumonde that comes with a file infector. NOD32 should be able to clean infected files. <-QUOTE}
Virtumonde/Vundo infected by Virut? I've been seeing this lately.

{QUOTE-> infected by Virut? <-QUOTE}
Marcos didn't mention Virut. ::)

I know, but Virut is the most common file infector nowadays and it's infecting trojan downloaders/droppers.

Hmm, someone has got similar problem.

http://www.viry.cz/forum/viewtopic.php?t=51516


I have got the sample and I will try to run it.

:thumb:

{QUOTE->
I have got the sample and I will try to run it.
<-QUOTE}

If it's actually the dropper in question, it should drop Virtumonde along with another file that is responsible for infecting files run at startup, if I remember well.