New trojan

[Dinesh]

Hi, there's this new trojan which I found on a website.
Its filename is Bookmark.exe.
Strange is that only 22/40 anti malware engines were able to detect it.
Currently, I was trying Norton 360 beta 4 which has failed to detect it. :shock:
So far, this trojan has changed my IE8 homepage. Not sure what else it will do.

Here's the Virustotal link about the file analysis :
Virustotal. MD5: edc631287a36a3b91990ec4f90fd7dc2 Trojan.Pasta.dyq Generic.Malware.sp!.20613D67 Generic.Malware.sp!.20613D67


Edit: I ran a quick scan from Vipre AV and it has detected everything of this trojan.
Also, this trojan tried to execute itself and Vipre deteted it.

 

[Creer]

Hi, there's this new trojan which I found on a website.
Its filename is Bookmark.exe.
Strange is that only 22/40 anti malware engines were able to detect it.
Currently, I was trying Norton 360 beta 4 which has failed to detect it. :shock:
So far, this trojan has changed my IE8 homepage. Not sure what else it will do.

Here's the Virustotal link about the file analysis :
Virustotal. MD5: edc631287a36a3b91990ec4f90fd7dc2 Trojan.Pasta.dyq Generic.Malware.sp!.20613D67 Generic.Malware.sp!.20613D67


Edit: I ran a quick scan from Vipre AV and it has detected everything of this trojan.
Also, this trojan tried to execute itself and Vipre deteted it.
View attachment 35882

Yes you see now why AV never reach 100% in detection of new malware - this is also what I was talking about in this post: http://www.sevenforums.com/366139-post8.html

BTW. score 22/40 isn't so bad, what if you catch virus which was created few hours/weeks ago with AV detection rate equal... 0/40 or 4/39... like in this example: Virustotal. MD5: 5a34fd85bdac65d50a56a2c69228a726 Packed.Generic.187 VirTool:Win32/Obfuscator.EF High Risk Fraudulent Security Program

Your protection should start from first very important layer:
1. Prevention
then... detection and then cure.

 

[Dinesh]

Hi, there's this new trojan which I found on a website.
Its filename is Bookmark.exe.
Strange is that only 22/40 anti malware engines were able to detect it.
Currently, I was trying Norton 360 beta 4 which has failed to detect it. :shock:
So far, this trojan has changed my IE8 homepage. Not sure what else it will do.

Here's the Virustotal link about the file analysis :
Virustotal. MD5: edc631287a36a3b91990ec4f90fd7dc2 Trojan.Pasta.dyq Generic.Malware.sp!.20613D67 Generic.Malware.sp!.20613D67


Edit: I ran a quick scan from Vipre AV and it has detected everything of this trojan.
Also, this trojan tried to execute itself and Vipre deteted it.
View attachment 35882

Yes you see now why AV never reach 100% in detection of new malware - this is also what I was talking about in this post: http://www.sevenforums.com/366139-post8.html

BTW. score 22/40 isn't so bad, what if you catch virus which was created few hours/weeks ago with AV detection rate equal... 0/40 or 4/39... like in this example: Virustotal. MD5: 5a34fd85bdac65d50a56a2c69228a726 Packed.Generic.187 VirTool:Win32/Obfuscator.EF High Risk Fraudulent Security Program

Your protection should start from first very important layer:
1. Prevention
then... detection and then cure.

very well stated.

 

[jimbo45]

Hi, there's this new trojan which I found on a website.
Its filename is Bookmark.exe.
Strange is that only 22/40 anti malware engines were able to detect it.
Currently, I was trying Norton 360 beta 4 which has failed to detect it. :shock:
So far, this trojan has changed my IE8 homepage. Not sure what else it will do.

Here's the Virustotal link about the file analysis :
Virustotal. MD5: edc631287a36a3b91990ec4f90fd7dc2 Trojan.Pasta.dyq Generic.Malware.sp!.20613D67 Generic.Malware.sp!.20613D67


Edit: I ran a quick scan from Vipre AV and it has detected everything of this trojan.
Also, this trojan tried to execute itself and Vipre deteted it.
View attachment 35882

Hi there
How about publishing the website so this can either be Blacklisted or checked with other programs (or both) or even better to see if one's own computer is resistant against the infection.

Publishing that trojan xxxx can or cannot be detected isn't of any use to man or beast unless you can give some indications as to where and how the infection arose.

Some of the analyses on the Security forum are just like asking the question "How long is a piece of String".

Cheers
jimbo

 

[RichFrogg]

Dinesh,

Have you tried detecting it with MSE?

 

[Barman58]

Jimbo, Dinesh,

I would prefer if this was not posted in the open - no problem to send it via a PM but things in the open could cause problems to less experienced users

 

[Dinesh]

Jimbo, Dinesh,

I would prefer if this was not posted in the open - no problem to send it via a PM but things in the open could cause problems to less experienced users

I agree hence i didnt post the link in the forum.

@richfrogg:
I have tried scanning it with MSE and it didnt detect it.

 

[Crispy]

No Anti-Virus software out there is 100% full proof no matter what they say, its just to with sales.
Its just a endless cycle that will never end.

 

[z3r010]

Jimbo, Dinesh,

I would prefer if this was not posted in the open - no problem to send it via a PM but things in the open could cause problems to less experienced users

Just to make this completely clear - ANYBODY that posts a link to any form of Virus/malware will get an instant life ban on all our sites.

Where viruses etc are concerned we have a zero tolerance policy.

 

[Jacee]

This has now been re-named to Trojan.StartPage.SSSPP ... This is a 'start page' hijacking.

URL's are changed all the time so this infection could be just about anywhere the site owner doesn't keep up with good surveillance and security.