Thread: Need help with my wife's laptop
View Single Post
Join Date: May 2007
Posts: 23
Reputation: kingt36 is an unknown quantity at this point 
Solved Threads: 0
kingt36 kingt36 is offline Offline
Newbie Poster

Re: Need help with my wife's laptop

 
0
  #6
Oct 10th, 2008
Sorry I took so long to respond, I've been out of town for work.

I've tried both of those sites. With Jotti's, when I uploaded a file I got a message stating, "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file" on all of the files in the Syste32 folder.

With virustotal, I'm getting, "0 bytes size received / Se ha recibido un archivo vacio."

I can't find the prun.exe file at that path.

For the xl00365.exe file I got the following:

VirusTotal

File xl00365.exe received on 10.11.2008 02:35:55 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 24/36 (66.67%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.10.10.1 2008.10.10 -
AntiVir 7.8.1.34 2008.10.10 TR/Agent.AGOL.98
Authentium 5.1.0.4 2008.10.11 -
Avast 4.8.1248.0 2008.10.10 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.10.10 -
BitDefender 7.2 2008.10.11 Trojan.Agent.AGOL
CAT-QuickHeal 9.50 2008.10.10 (Suspicious) - DNAScan
ClamAV 0.93.1 2008.10.10 Trojan.OnlineGames-1517
DrWeb 4.44.0.09170 2008.10.10 -
eSafe 7.0.17.0 2008.10.08 Suspicious File
eTrust-Vet 31.6.6141 2008.10.10 Win32/VMalum.EBHL
Ewido 4.0 2008.10.10 -
F-Prot 4.4.4.56 2008.10.10 -
F-Secure 8.0.14332.0 2008.10.11 W32/Packed/FSG_2.A
Fortinet 3.113.0.0 2008.10.10 W32/Small.DRU!tr.dldr
GData 19 2008.10.11 Trojan.Agent.AGOL
Ikarus T3.1.1.34.0 2008.10.11 Trojan.Agent.AGOL
K7AntiVirus 7.10.490 2008.10.10 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.10.11 -
McAfee 5403 2008.10.11 Generic.dx
Microsoft 1.4005 2008.10.11 -
NOD32 3513 2008.10.10 probably a variant of Win32/Nuwar
Norman 5.80.02 2008.10.10 W32/Packed_FSG.D
Panda 9.0.0.4 2008.10.10 Suspicious file
PCTools 4.4.2.0 2008.10.10 Packed/FSG
Prevx1 V2 2008.10.11 Cloaked Malware
Rising 20.65.42.00 2008.10.10 -
SecureWeb-Gateway 6.7.6 2008.10.10 Trojan.Agent.AGOL.98
Sophos 4.34.0 2008.10.11 Mal/Dorf-I
Sunbelt 3.1.1715.1 2008.10.11 Trojan.Agent.AGOL
Symantec 10 2008.10.11 Trojan.Peacomm.D
TheHacker 6.3.1.0.106 2008.10.10 -
TrendMicro 8.700.0.1004 2008.10.10 PAK_Generic.001
VBA32 3.12.8.6 2008.10.10 -
ViRobot 2008.10.10.1416 2008.10.10 -
VirusBuster 4.5.11.0 2008.10.10 Packed/FSG
Additional information
File size: 1825 bytes
MD5...: 38b452765fe3e0b527fd9dcc774a1cbc
SHA1..: 4d22b71b31dfc3cb4858a01621a2e336f0041802
SHA256: 7b84ed1cee5ef929b9651074b7300db5f8ac712c7d1e49035998062d0df5e633
SHA512: e68e1bf4981744cab0ec9b19b894161c042f4411818c87aadc8de8d9e0f0066a
6f95e51931a9a1b6a73f2b7fa636f82903d39ff4a481a3cbad4a5ea531357898
PEiD..: FSG v2.0 -> bart/xt
TrID..: File type identification
Win32 Executable Generic (67.9%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Targa bitmap (Original TGA Format) (0.0%)
MS Flight Simulator Aircraft Performance Info (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x400154
timedatestamp.....: 0x21475346 (Fri Sep 11 01:35:02 1987)
machinetype.......: 0x14c (I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0x3000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
0x4000 0x1000 0x521 7.54 77a8b3f8d3008cac0053c39040e5a86c

( 1 imports )
> KERNEL32.dll: LoadLibraryA, GetProcAddress

( 0 exports )

Prevx info: http://info.prevx.com/aboutprogramte...3E5900B79BCD14
packers (Kaspersky): FSG
packers (F-Prot): FSG
-----------------------------------------------------
Jottis


File: xl00365.exe
Status: INFECTED/MALWARE
MD5: 38b452765fe3e0b527fd9dcc774a1cbc
Packers detected: FSG

Scanner results
Scan taken on 11 Oct 2008 00:36:27 (GMT)
A-Squared Found nothing
AntiVir Found TR/Agent.AGOL.98
ArcaVir Found nothing
Avast Found Win32:Trojan-gen {Other}
AVG Antivirus Found nothing
BitDefender Found Trojan.Agent.AGOL
ClamAV Found Trojan.OnlineGames-1517
CPsecure Found Troj.Dropper.W32.Small.auj
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found Win32:Trojan-gen
Ikarus Found Trojan.Agent.AGOL
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found W32/Packed_FSG.D
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/Dorf-I
VirusBuster Found nothing
VBA32 Found nothing
Last edited by kingt36; Oct 10th, 2008 at 9:43 pm.
Reply With Quote