Found New Virus Varian Trojan Win32.VB.ypc is hidden in Keygen Invisible Browsing.

Search Engine to Find Software and Mp3

Polls

Newsflash

zoom

All Image is Thumbnail Size

Clik Image for Enlarge In Article

logoshareme

Sharing is Caring

angel-of-change-kaskus-ycab

Let's Be Part Of Little Change

Read Here....

Site Search

Supported By

This Site Member of AntiSpam-Crawlers

Disclaimer

Latest News

After I am download invisible browsing +keygen from my forum,post by other user forum. I scan this keygen with my Kapersky Internet Securty. It’s found no Virus or any macelenius program , even then I scan using Norton Antivirus 2010. so I execute the keygen,the virus hiding using information as Realtek Azalia Audio - Event Monitor.

But after execute the keygen Proactive defens alert me that the keygen create this list

18/11/2009 11:15:22 Denied: Code intrusion Realtek Azalia Audio - Event Monitor Code intrusion 18/11/2009 11:12:58 Realtek Azalia Audio - Event Monitor Placed in group Low Restricted High value of threat rating calculated heuristically

18/11/2009 11:13:01 Realtek Azalia Audio - Event Monitor Placed in group Trusted

18/11/2009 11:13:02 1.vbs Placed in group Low Restricted High value of threat rating calculated heuristically

18/11/2009 11:13:19 Realtek Azalia Audio - Event Monitor Placed in group Low Restricted High value of threat rating calculated heuristically

18/11/2009 11:13:37 Allowed: Code intrusion Realtek Azalia Audio - Event Monitor Code intrusion c:\documents and settings\mangthjik\local settings\temp\9jg05h2oe.exe Code intrusion

18/11/2009 11:13:41 Allowed: ThunderbirdSettings Realtek Azalia Audio - Event Monitor Read hklm\SOFTWARE\MOZILLA\MOZILLA FIREFOX ThunderbirdSettings

18/11/2009 11:13:41 Allowed: ThunderbirdSettings Realtek Azalia Audio - Event Monitor Read hklm\SOFTWARE\MOZILLA\MOZILLA FIREFOX\3.5.3 (EN-US)\MAIN ThunderbirdSettings

18/11/2009 11:13:44 Allowed: Cookies2 Realtek Azalia Audio - Event Monitor Create C:\DOCUMENTS AND SETTINGS\MANGTHJIK\COOKIES\INDEX.DAT Cookies2

18/11/2009 11:13:44 Allowed: History2 Realtek Azalia Audio - Event Monitor Create C:\DOCUMENTS AND SETTINGS\MANGTHJIK\LOCAL SETTINGS\HISTORY\HISTORY.IE5\INDEX.DAT History2

18/11/2009 11:13:45 Allowed: Using system program interfaces (DNS) Realtek Azalia Audio - Event Monitor Use DNS caching system for conversion alphadownload.net Using system program interfaces (DNS)

18/11/2009 11:13:58 Denied: Using system program interfaces (DNS) Realtek Azalia Audio - Event Monitor Use DNS caching system for conversion alphadownload.net Using system program interfaces (DNS)

Code intrusion

As seen in this log the keygen program copy it’s self as 9Jg05H2Oe.exe then read registry path for firefox and create cookies2 in internet explorer and after that the program trying connecting remote server at alphadowload.net .(* Don't go there Unless you know what are you doing )see… the Trojan trying contacting their host, may be want to download other virus.

When I try open alphadownload.net the page show this massage

**************

You are not allowed to view this!! By3!!

You have reached this page in error, please go to: http://www.freakwarez.com

**************

After that I send this virus sample to kaspersky lab virus at newvirus@kaspersky.com

Then to day at 19-11-09 , I get reply msg from Kaspersky Antivirus Lab

*************************************

Hello,

9Jg05H2Oe.exe_ - Trojan.Win32.VB.ypc

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.
The answer is relevant to the latest bases from update sources.

--
Best regards,
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

blog comments powered by Disqus

Tags:

Last Updated on Friday, 20 November 2009 16:09

Main Menu