45265.exe

Ballfrog · Aug 22, 2005

PLease anyone help me...

I got the following link on MSN: LMAO! You've got to see this!
www.warezddls.com/download.php?type=movies&id=1916

Stupid me clicked on it and it downloaded 45265.EXE
After that it started sending itself to all my contacts on msn that
were online. It also stops me from accessing symantec and other anti
virus websites. It stops me from opening task manager or regedit (it
opens but is closed straight away).

I'm in the final weeks of my dissertation and hope someone can explain
to me what this is, because i can't find anything on the net about it.

I used TM Houysecall and it found the following viruses:
html_coolweb.a
java_bytever.a

Can this cause the problems??

PLease let me know as soon as possible

David H. Lipman · Aug 22, 2005

From: "Ballfrog" <[email protected]>

| PLease anyone help me...
|
| I got the following link on MSN: LMAO! You've got to see this!
| www.warezddls.com/download.php?type=movies&id=1916
|
| Stupid me clicked on it and it downloaded 45265.EXE
| After that it started sending itself to all my contacts on msn that
| were online. It also stops me from accessing symantec and other anti
| virus websites. It stops me from opening task manager or regedit (it
| opens but is closed straight away).
|
| I'm in the final weeks of my dissertation and hope someone can explain
| to me what this is, because i can't find anything on the net about it.
|
| I used TM Houysecall and it found the following viruses:
| html_coolweb.a
| java_bytever.a
|
| Can this cause the problems??
|
| PLease let me know as soon as possible

Maybe "html_coolweb.a" and "java_bytever.a" are associated with this but maybe not.
Sophos calls this the "W32/Chode-F"

The following Multi AV scanner utility has modules for; Sophos, Trend Micro and McAfee.

Start with the Sophos module...

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *

Art · Aug 22, 2005

PLease anyone help me...

I got the following link on MSN: LMAO! You've got to see this!
www.warezddls.com/download.php?type=movies&id=1916

Stupid me clicked on it and it downloaded 45265.EXE

Stupid you is right!! Never post links to malware, for one thing.

After that it started sending itself to all my contacts on msn that
were online. It also stops me from accessing symantec and other anti
virus websites. It stops me from opening task manager or regedit (it
opens but is closed straight away).

I'm in the final weeks of my dissertation and hope someone can explain
to me what this is, because i can't find anything on the net about it.

I used TM Houysecall and it found the following viruses:
html_coolweb.a
java_bytever.a

Can this cause the problems??

PLease let me know as soon as possible

Here's what scanners at Virus Total find on the file:

Antivirus Version Update Result

AntiVir 6.31.1.0 08.22.2005 BDS/VBbot.I.12
Avast 4.6.695.0 08.22.2005 no virus found
AVG 718 08.22.2005 no virus found
Avira 6.31.1.0 08.22.2005 BDS/VBbot.I.12
BitDefender 7.0 08.22.2005 no virus found
CAT-QuickHeal 7.03 08.22.2005 Backdoor.VBbot.i
ClamAV devel-20050725 08.22.2005 no virus found
DrWeb 4.32b 08.22.2005 no virus found
eTrust-Iris 7.1.194.0 08.21.2005 no virus found
eTrust-Vet 11.9.1.0 08.22.2005 no virus found
Fortinet 2.41.0.0 08.21.2005 W32/VBbot.I-bdr
F-Prot 3.16c 08.22.2005 no virus found
Ikarus 0.2.59.0 08.22.2005 Trojan-Spy.Win32.Bancos.JU
Kaspersky 4.0.2.24 08.22.2005 Backdoor.Win32.VBbot.i
McAfee 4564 08.22.2005 no virus found
NOD32v2 1.1199 08.22.2005 Win32/VBbot.I
Norman 5.70.10 08.18.2005 no virus found
Panda 8.02.00 08.22.2005 Bck/Botmail.E
Sophos 3.96.0 08.22.2005 W32/Chode-F
Sybari 7.5.1314 08.22.2005 Backdoor.Win32.VBbot.i
Symantec 8.0 08.21.2005 no virus found
TheHacker 5.8.2.092 08.22.2005 no virus found
VBA32 3.10.4 08.22.2005 Backdoor.Win32.VBbot.i

Purchase Kaspersky antivirus (KAV). Maybe it will bail you out.

Art

http://home.epix.net/~artnpeg

badgolferman · Aug 22, 2005

Art, 8/22/2005, 12:35:29 PM,

Stupid you is right!! Never post links to malware, for one thing.

Here's what scanners at Virus Total find on the file:

Antivirus Version Update Result

AntiVir 6.31.1.0 08.22.2005 BDS/VBbot.I.12
Avast 4.6.695.0 08.22.2005 no virus found
AVG 718 08.22.2005 no virus found
Avira 6.31.1.0 08.22.2005 BDS/VBbot.I.12
BitDefender 7.0 08.22.2005 no virus found
CAT-QuickHeal 7.03 08.22.2005 Backdoor.VBbot.i
ClamAV devel-20050725 08.22.2005 no virus found
DrWeb 4.32b 08.22.2005 no virus found
eTrust-Iris 7.1.194.0 08.21.2005 no virus found
eTrust-Vet 11.9.1.0 08.22.2005 no virus found
Fortinet 2.41.0.0 08.21.2005 W32/VBbot.I-bdr
F-Prot 3.16c 08.22.2005 no virus found
Ikarus 0.2.59.0 08.22.2005 Trojan-Spy.Win32.Bancos.JU
Kaspersky 4.0.2.24 08.22.2005 Backdoor.Win32.VBbot.i
McAfee 4564 08.22.2005 no virus found
NOD32v2 1.1199 08.22.2005 Win32/VBbot.I
Norman 5.70.10 08.18.2005 no virus found
Panda 8.02.00 08.22.2005 Bck/Botmail.E
Sophos 3.96.0 08.22.2005 W32/Chode-F
Sybari 7.5.1314 08.22.2005 Backdoor.Win32.VBbot.i
Symantec 8.0 08.21.2005 no virus found
TheHacker 5.8.2.092 08.22.2005 no virus found
VBA32 3.10.4 08.22.2005 Backdoor.Win32.VBbot.i

Purchase Kaspersky antivirus (KAV). Maybe it will bail you out.

Art

Or use Free AntiVir.

Do you have all these virus checkers on your system? How do you check
malware?

Art · Aug 22, 2005

Or use Free AntiVir.

It often cannot handle disinfections. It's nowhere as good as KAV.

Do you have all these virus checkers on your system?

Nope. I uploaded the file to Virus Total.

Art

http://home.epix.net/~artnpeg

45265.exe

Ballfrog

David H. Lipman

Art

badgolferman

Art