Trojan.BAT.Shutdown.l

Discussion in 'malware problems & news' started by mango, Jun 6, 2006.

Thread Status:
Not open for further replies.
  1. mango

    mango Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    82
    wondering about this one,

    is this just a onetime script that deactivates programs at startup?

    A "friend" sent me this one disguised as "keepass" software.

    since i trusted him i clicked on it, but noticed straight away that this was somekind of bat program. (the dos screen popped up)

    Nod32, spysweeper, snoopfree or outpost spyware did anything.

    so i ran it at virustotal.com and Ikarus,VBA32 detected it as Trojan.BAT.Shutdown.l

    panda detected it as suspicious.

    and yes, on next startup several programs didnt start, nod32,outlook,intel proset (luckily) and some others
     
  2. wormvirus

    wormvirus Registered Member

    Joined:
    May 24, 2005
    Posts:
    17
    Location:
    Beijing,China
    why not do a %systemroot% scan in safe model? :D
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Can you please send a copy to samples @ eset.sk

    Cheers :D
     
  4. wormvirus

    wormvirus Registered Member

    Joined:
    May 24, 2005
    Posts:
    17
    Location:
    Beijing,China
    samples @ eset.sk ?? what a unusual e-mail add......................................
     
  5. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    if you send the sample to this address Eset will be able to analyse it and include detection in NOD32 if necessary.

    if you have problems emailing it, try zipping it up (eg with WinZip) and password protecting the file - password should be "infected" (without the quotation marks)
     
  6. mango

    mango Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    82
    dont have the file anymore. Talked to the guy, and it was just a file he dl and renamed.

    as for scanning, its difficult when those that detected it doesnt have online scan.

    anyways, it worked pretty good. 1 click and every security program etc was removed from startup.
     
Thread Status:
Not open for further replies.