Maybe a trojan ?

Hello,

i really don't know how this has happened...
i have nod32 v2.12.2, with the latest virus db.
i too have zonealarm 5.1 free, and two anti-spy programs (ad-aware and spybot).
when using my machine, zonealarm suddenly asked for permission to a program named "bla.exe"...
such a name alerted me, and the file location revealed something strange : "c:\bla.exe".
i answered no, to zonealarm question, of course...

strangely, after deleting the file, and removing this filename from zonealarm program list, it asked for it again a few minutes later...

today, everything is ok...

the file is 3114 bytes long, and hex view showed two file names : winampa.exe and bla.exe inside, and some specific internet functions calls...

nod32 did not detect this..
so i tried some on-line antivirus scanners, like trend, bit defender, and even kaspersky.

both trend and kaspersky alerted me about a trojan.

i sent the file to eset specific adress this week end, but i received no answer, and do not expect to receive any...

do some of you already encountered this trojan (a dropper ?)

thanks in advance

Aurélien

 

Hi Aurelien.

There's a thread on this subject over here,

http://www.broadbandreports.com/forum/remark,11909975~root=security~mode=flat


snowbound

 

thanks a lot for the link, snowbound.
that's exactly what i have on my machine...

 

Your Welcome.

As your sample was sent to Eset over the weekend, u may recieve an answer today.


snowbound