Interesting scan results

this post was edited {image and url to site that contained trojan] removed as per the tos which states that no links to sites that contain malware can be posted
bigc
This file will activate NOD32 popup: http://



I downloaded the file and ran it through http://virusscan.jotti.dhs.org/ - as a zip file:

I then unzipped the file and ran each file:

One thing I find strange is the fact that NOD32 indicated that, on my desktop, IDeath.exe is the infected file but when run at joti by itself (exe), it finds nothing but running as a zip file it finds the trojan. Another concern was the fact there was a long delay. The download manager appeared before the warning. I could initiate the download prior to the popup warning.

 

Edited - It would be nice if someone could verify my findings - I don't like how NOD is behaving - it was slow to react to web download as well.


http://img45.exs.cx/img45/9220/virus7.png

 

That is possible. post the screen shot again and we will let an admin look at it later. if I did delete the image when I shouldnt have I appoligize. But I don't see much difference between the addy you had posted and the addy in the screen shot as they were the same

bigc

 

The SS had the url so someone might copy it

 

dumber things have happened, I don't think a wilders regular would do that but there are some pretty young newbies out there.

bigc

I do appologize for the trouble.

 

No trouble I was hoping for verification, to benifit the community.

 

I do want to thank you for your understanding and coopreation

bigc

 

1st Image – This screen shot shows IMON in action.

 

2nd Image – This screen shot shows a Right Click scan with Nod32 and it being detected.

 

3rd Image – This screen shot shows a scan at http://www.kaspersky.com/scanforvirus

 

4th Image – This screen shot shows AMON springing into action when I try to unzip the file.

 

5th Image – This screen shot shows a scan at http://virusscan.jotti.dhs.org/

 

I don't run a download manager, however the minute that I clicked on the link, IMON sprung into action...

Cheers

 

Now unzip it and scan the exe at jotti.

context scan of exe. but found trojan in the other exe (ideath) If you notice my first post it is gunB0t.exe that they show the trojan and the IDeath.exe shows clean. Is the jotti site flawed? It appears so.
Now do you see what I am saying?
Imon on my pc was slow to open. Firefox downloader opened before IMON. However, the first time, firefox downloaded an incomplete file. Zip could not be opened. I tried several times and Firefox would not download it properly unless I waited for IMON then clicked to ignore it.

http://img9.exs.cx/img9/7451/z110.jpg

 

6th Image confirms your findings, scanning the IDeath.exe file by itself (after AMON going beserk) at http://virusscan.jotti.dhs.org/ shows that no anti-virus program picks up the file. As to why I do not know.

 

7th Image shows some anti-virus programs picking up gunB0t.exe at http://virusscan.jotti.dhs.org/

 

IMON doesn't let me d/l it.

Time Module Object Name Virus Action User Info
11/1/2004 22:25:41 PM IMON archive ~~link snip~~ Win32/Spy.SCKeyLog.O trojan connection terminated

 

hehe, for kicks scan the one that is supposed to be clean. opps you already did. Thank you Blackspear for confirming. Perhaps I will notify jotti site.

Flyrfan, please be careful. This is a potentially dangerous file. I don't know your experience so I apologize if you know what you are doing

this is what can occur if you run the exe

 

It's nothing to do with Jotti, as you can right click on the individual file and have the same results...

I'll send off an email to Eset to see what the difference is...

Cheers

 

scans clean

 

results are not the same. Jottti does not see a trojan, with NOD32, unless it's in a zip file. NOD32 on demand will see IDeath.exe as the infected file. Jotti, using other scanners, sees the other file as the infected one.

 

Agreed, however, nor does any other Anti-Virus.

Cheers

 

Your screenshot does indeed show infected file (by exe scan - 7th image) but not with NOD.
same results as mine

flyrfan, it's scanning clean because the file is corrupt. It did not download complete.