A virus?

  • Thread starter Thread starter Rafal 'Raf256' Maj
  • Start date Start date
R

Rafal 'Raf256' Maj

Hi,
my firewall had detected change of Md5 for my email client (TheBat).
I didn't upgrade etc. this program lately, so it's either a virus or HDD
malfuncion (rather the first).



http://www.raf256.com/tmp/__virus_!!!.zip


in this .zip are 2 versions of thebat.exe (version 1.61, cracked[1])
the file *_org.zip is a backup of .exe, and the *_bad.zip - is a file that
was modiffied (not by me).

Can anyone check this files ? Is there anything suspicies in them?



[1] Yes, it's a shame, I'm going to buy oryginal soon.
 
Rafal 'Raf256' Maj said:
(e-mail address removed)

Both files differ in only 1 point, byte 1E82B9 has value 2E, and should
have 2C.

So after all it can be a HDD malfuncion I guess (or a virus randomly
demaging bit's in files?)
Click to expand...

Yes, I suppose.

Perhaps an AV scan is in order.
 
Hi,
my firewall had detected change of Md5 for my email client (TheBat).
I didn't upgrade etc. this program lately, so it's either a virus or HDD
malfuncion (rather the first).

http://www.raf256.com/tmp/__virus_!!!.zip


in this .zip are 2 versions of thebat.exe (version 1.61, cracked[1])
the file *_org.zip is a backup of .exe, and the *_bad.zip - is a file that
was modiffied (not by me).

Can anyone check this files ? Is there anything suspicies in them?
Click to expand...

You should never make suspect files publically available even when
clealy labled. Use a good av product or two, and if they don't alert
then send the suspect files to your vendors for analysis.

Having said that, and at the risk of encouraging this sort of thing, I
did d/l and scan the zip with three good av scannners. None alerted.
But that doesn't mean there isn't some new malware in the files.

One thing you might have done is to separate the files so that each is
less than 1 meg in size so they can be uploaded and scanned at single
file upload av scanning sites listed here:

http://www.claymania.com/anti-virus.html


Art
http://www.epix.net/~artnpeg
 
my firewall had detected change of Md5 for my email client (TheBat).
I didn't upgrade etc. this program lately, so it's either a virus or HDD malfuncion (rather the first).
Click to expand...

I haven't looked at your zip files, but I had a similar problem a
while ago. It turned out to be caused by having different versions
of the same dll in various directories. Which version would be used,
depended on which software was run first. I'm using the Agnitum
outpost firewall, and it kept reporting that my browser was a different
version. In my case, the culprit was mfc42.dll. I renamed all copies
of that file, changing the extension to .dlo, except the most recent,
which I moved to the %windir%\system directory. That cleared up the
problem on my system.

Regards, Dave Hodgins
 
Back
Top