IMON - Heuristics Caught these files (.tmp file)

Capp · Mar 25, 2005

IMON caught these files while not being on a bad sight. I don't recall the url that these hit on...But I'm glad they were caught

C:\DOCUME~1\User\LOCALS~1\Temp\jar_cache32597.tmp
probably unknown NewHeur_PE virus quarantined - deleted

-and this one-

<Removed>/adv411/jar2.php?
probably unknown NewHeur_PE virus quarantined - connection terminated

Anybody seen these before?

Removed link to possible malware - Ron

JimIT · Mar 25, 2005

Capp said:

<removed>/adv41
probably unknown NewHeur_PE virus quarantined - connection terminated

Anybody seen these before?
Click to expand...

This is w32.bube.k.

Look out...

Removed link to possible malware - Ron

Marcos · Mar 25, 2005

Hi Capp,
please send all nqi and nqf files from quarantine (program files\eset\infected) to sample@eset.com for analysis.

Bubba · Mar 25, 2005

loader1.jar

AntiVir....Java/ClassLdr.I.2 (0.39 Sekunden)
Avast...JS:Gummy (1.53 Sekunden)
AVG....Antivirus Java/ByteVerify (0.57 Sekunden)
BitDefender....Java.Trojan.Exploit.Bytverify, Java.Trojan.Femad.A, Java.Trojan.Femad.B (0.93 Sekunden)
ClamAV....Trojan.Counter.Bytverify (0.60 Sekunden)
Dr.Web....Win32.Beavis.5632, Exploit.ByteVerify, Trojan.Femad (0.92 Sekunden)
F-Prot Antivirus....destructive program (0.82 Sekunden)
Fortinet W32/Bube.K (0.46 Sekunden)
Kaspersky Anti-Virus....Virus.Win32.Bube.k, Trojan.Java.Femad (1.01 Sekunden)
mks_vir....Trojan.Java.Femad, Trojan.Hooker (0.26 Sekunden)
NOD32....Win32/Bube.K (0.47 Sekunden)
Norman Virus Control Sandbox:....32/Malware; [ General information ]

* Creating several executable files on hard-drive.
* File length: 5632 bytes.

[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM\sample.exe.
* Creates file C:\WINDOWS\SYSTEM\msoffice.exe.
* Creates file .\commands.ini.

[ Changes to registry ]
* Creates value "WebRun"="C:\WINDOWS\SYSTEM\sample.exe" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
* Creates value "WebRun"="C:\WINDOWS\SYSTEM\sample.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
* Modifies value "FirewallDisableNotify"="" in key "HKLM\Software\Microsoft\Security Center".
* Modifies value "UpdatesDisableNotify"="" in key "HKLM\Software\Microsoft\Security Center".
* Modifies value "AntiVirusDisableNotify"="" in key "HKLM\Software\Microsoft\Security Center".
* Sets value "Cartman"="1 (11.41 Sekunden)
Click to expand...

Capp · Mar 25, 2005

OOps!!

I didn't mean to leave the full URL in there. I copied it from my Logs.

It wasn't a hyperlink though, but thanks for removing it.

I'll submit the quarantine today.

Thanks Guys!

Marcos · Mar 25, 2005

Given that it seems NOD32 already detects it by name, sending it for analysis is not necessary.

Log in or Sign up

IMON - Heuristics Caught these files (.tmp file)

Capp Registered Member

JimIT Registered Member

Marcos Eset Staff Account

Bubba Updates Team

Capp Registered Member

Marcos Eset Staff Account

Log in or Sign up

IMON - Heuristics Caught these files (.tmp file)

Capp Registered Member

JimIT Registered Member

Marcos Eset Staff Account

Bubba Updates Team

Capp Registered Member

Marcos Eset Staff Account

Useful Searches