Attention Virus sur skyrock [Clos]

[Invité wizard42]

Je vient de recevoir un lien qui méne sur un fichier zip qui se trouve etre un virus

 

Une personne envoie se message:

 

"protégez votre profil contre le virus

 

ici :"

 

Fichier private-skyrock.zip reçu le 2007.10.11 23:36:29 (CET)

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2007.10.12.0 2007.10.11 -

AntiVir 7.6.0.20 2007.10.11 -

Authentium 4.93.8 2007.10.09 -

Avast 4.7.1051.0 2007.10.11 Win32:Zlob-ZZ

AVG 7.5.0.488 2007.10.11 -

BitDefender 7.2 2007.10.11 Dropped:Trojan.Zlob.BOP

CAT-QuickHeal 9.00 2007.10.11 W32.Zlob.C105

ClamAV 0.91.2 2007.10.11 Trojan.Dropper-2529

DrWeb 4.44.0.09170 2007.10.11 Trojan.Popuper.5008

eSafe 7.0.15.0 2007.10.10 -

eTrust-Vet 31.2.5203 2007.10.11 -

Ewido 4.0 2007.10.11 -

FileAdvisor 1 2007.10.11 -

Fortinet 3.11.0.0 2007.10.11 -

F-Prot 4.3.2.48 2007.10.11 -

F-Secure 6.70.13030.0 2007.10.11 -

Ikarus T3.1.1.12 2007.10.11 -

Kaspersky 7.0.0.125 2007.10.11 Trojan-Downloader.Win32.Zlob.diu

McAfee 5139 2007.10.11 -

Microsoft 1.2908 2007.10.11 -

NOD32v2 2586 2007.10.11 -

Norman 5.80.02 2007.10.11 -

Panda 9.0.0.4 2007.10.11 -

Prevx1 V2 2007.10.11 Malware.Gen

Rising 19.44.32.00 2007.10.11 Trojan.DL.Win32.Zlob.dbi

Sophos 4.22.0 2007.10.11 Troj/Zlobar-Fam

Sunbelt 2.2.907.0 2007.10.11 -

Symantec 10 2007.10.11 Trojan.Zlob

TheHacker 6.2.8.086 2007.10.11 -

VBA32 3.12.2.4 2007.10.11 -

VirusBuster 4.3.26:9 2007.10.11 -

Webwasher-Gateway 6.0.1 2007.10.11 -

 

Je l'lai envoyer a microsoft, avira , f secure

Modifié le 26 octobre 2007 par wizard42

[Invité wizard42]

Fichier private-skyrock.zip reçu le 2007.10.12 06:45:21 (CET)

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2007.10.12.0 2007.10.11 -

AntiVir 7.6.0.20 2007.10.11 -

Authentium 4.93.8 2007.10.12 -

Avast 4.7.1051.0 2007.10.11 Win32:Zlob-ZZ

AVG 7.5.0.488 2007.10.11 -

BitDefender 7.2 2007.10.12 Dropped:Trojan.Zlob.BOP

CAT-QuickHeal 9.00 2007.10.11 W32.Zlob.C105

ClamAV 0.91.2 2007.10.11 Trojan.Dropper-2529

DrWeb 4.44.0.09170 2007.10.12 Trojan.Popuper.5008

eSafe 7.0.15.0 2007.10.10 -

eTrust-Vet 31.2.5204 2007.10.12 -

Ewido 4.0 2007.10.11 -

FileAdvisor 1 2007.10.12 -

Fortinet 3.11.0.0 2007.10.11 -

F-Prot 4.3.2.48 2007.10.11 -

F-Secure 6.70.13030.0 2007.10.12 Trojan-Downloader.Win32.Zlob.diu

Ikarus T3.1.1.12 2007.10.12 -

Kaspersky 7.0.0.125 2007.10.12 Trojan-Downloader.Win32.Zlob.diu

McAfee 5139 2007.10.11 -

Microsoft 1.2908 2007.10.12 -

NOD32v2 2586 2007.10.11 -

Norman 5.80.02 2007.10.11 -

Panda 9.0.0.4 2007.10.11 -

Prevx1 V2 2007.10.12 Malware.Gen

Rising 19.44.40.00 2007.10.12 Trojan.DL.Win32.Zlob.dbi

Sophos 4.22.0 2007.10.12 Troj/Zlobar-Fam

Sunbelt 2.2.907.0 2007.10.11 -

Symantec 10 2007.10.12 Trojan.Zlob

TheHacker 6.2.8.086 2007.10.11 -

VBA32 3.12.2.4 2007.10.11 -

VirusBuster 4.3.26:9 2007.10.11 -

Webwasher-Gateway 6.0.1 2007.10.11 -

F secure le detecte ce matin

 

Jai recu sa ce matin de la part de microsoft

Hello. The Microsoft Malware Protection Center (MMPC) has finished analyzing submission ID 13204325 and the results are listed below. If the files were determined to be malware or potentially unwanted software, the results will identify the threat for each file submitted.

 

This is the last e-mail the MMPC will send to this e-mail address concerning this submission ID.

 

Analyst comments:

=================

 

=================

 

Analysis summary:

=================

Total Files: 2

Clean: 0

Malware: 1

Malware Related: 0

Malware Container: 1

Potentially Unwanted Software: 0

Potentially Unwanted Software Container: 0

Postponed: 0

Not Yet Analyzed: 0

 

=================

 

Per-file summary:

=================

private-skyrock.exe | Malware: TrojanDownloader:Win32/Zlob

http://go.microsoft.com/fwlink/?linkid=956...%3aWin32%2fZlob

20071011_145826112_0_private_skyrock.zip | Malware Container

 

=================

 

Note: in the course of analyzing the files that you submitted, the MMPC decompresses the files in your submission, such as extracting files from archives or other containers. Subsequently you may see more files listed than you originally submitted.

 

Category Descriptions:

 

Clean

Files that do not appear to be malware or potentially unwanted software.

 

Malware

Files that appear to be known malware. Malware includes viruses, Trojans, worms, file infectors, etc.

 

Malware Related

Files that are not malicious by themselves and should not pose a threat by themselves.

 

Malware Container

Container files are archives, binders, etc. that contain files in the "malware" category. Note that they may also contain files in the "Clean" category.

 

Potentially Unwanted Software

Files that have been identified as potentially unwanted software. Potentially unwanted software includes dialers, adware, spyware, etc.

 

Potentially Unwanted Software Container

Container files are archives, binders, etc. that contain files in the "spyware" category. Note that they may also contain files in the "Clean" category.

 

Postponed and Auto-postponed

The file does not appear to be malware or potentially unwanted software, but more analysis is necessary to confirm the file is not malicious.

 

Not Yet Analyzed

The file will require further analysis to determine whether the file is malicious or not.

 

Latest versions of signatures for Forefront Client Security and Windows Defender are available at:

http://www.microsoft.com/security/portal/

 

Note: if you feel you have received this e-mail in error, please send mail to:

mailto:mpcabuse@microsoft.com.

 

Thank you for contacting the Microsoft Malware Protection Center

Donc normalement il sera detecté a la prochaine mise a jours

Modifié le 12 octobre 2007 par wizard42

[cafeolix]

Bonjour

 

que dire sinon... Merci

[Malekal_morte]

Salut,

 

As-tu contacté le service abuse de skyrock pour fermer le blog ?

[Invité wizard42]

Re

 

En fait c'est quelqu'un qui envoie le lien vers un autre site via les profils, j'ai essayé d'aller sur son profil mais sa me met introuvable

 

 

Avira m'a envoyé ce message:

Dear Sir or Madam,

 

Thank you for your email to Avira's virus lab.

Tracking number: INC00088790.

 

 

 

 

We received the following archive files:

 

 

 

File ID Filename Size (Byte) Result

1333070 private-skyrock.zip 62 KB OK

 

A listing of files contained inside archives alongside their results can be found below:

 

File ID Filename Size (Byte) Result

1333071 private-skyrock.exe 74.89 KB MALWARE

 

 

Please find a detailed report concerning each individual sample below:

 

Filename Result

private-skyrock.exe MALWARE

 

The file 'private-skyrock.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dldr.Zlob.cef. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.00.00.80.

 

 

Alternatively you can see the analysis result here:

http://analysis.avira.com/samples/details....ncidentid=88790

 

An overview of all your submissions can be found here:

http://analysis.avira.com/samples/details....SCYVMdFHpTMX6Ih

 

 

We recommend to use our upload form for further submissions. In case the result is known it will be shown in realtime to you. Furthermore files which are considered to be false positive suspictions can only be submitted using this method. http://analysis.avira.com/samples/index.php?lang=en

 

Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com

 

Kind regards

Avira Virus Lab

 

---------------------------------------------

Avira GmbH

Lindauer Str. 21, D-88069 Tettnang, Germany

Phone: +49 (0) 7542-500 0

Fax: +49 (0) 7542-525 10

Internet: http://www.avira.com

 

CEO: Tjark Auerbach

Headquarter: Tettnang

Commercial register: AG Ulm HRB 630992

---------------------------------------------

[Invité wizard42]

Fichier private-skyrock.zip reçu le 2007.10.12 17:10:09 (CET)

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2007.10.12.1 2007.10.12 -

AntiVir 7.6.0.23 2007.10.12 TR/Dldr.Zlob.cef

Authentium 4.93.8 2007.10.12 -

Avast 4.7.1051.0 2007.10.11 Win32:Zlob-ZZ

AVG 7.5.0.488 2007.10.12 -

BitDefender 7.2 2007.10.12 Dropped:Trojan.Zlob.BOP

CAT-QuickHeal 9.00 2007.10.11 W32.Zlob.C105

ClamAV 0.91.2 2007.10.12 Trojan.Dropper-2529

DrWeb 4.44.0.09170 2007.10.12 Trojan.Popuper.5008

eSafe 7.0.15.0 2007.10.10 -

eTrust-Vet 31.2.5205 2007.10.12 -

Ewido 4.0 2007.10.12 -

FileAdvisor 1 2007.10.12 -

Fortinet 3.11.0.0 2007.10.12 W32/Zlobar.DIU!tr.dldr

F-Prot 4.3.2.48 2007.10.11 -

F-Secure 6.70.13030.0 2007.10.12 Trojan-Downloader.Win32.Zlob.diu

Ikarus T3.1.1.12 2007.10.12 -

Kaspersky 7.0.0.125 2007.10.12 Trojan-Downloader.Win32.Zlob.diu

McAfee 5139 2007.10.11 -

Microsoft 1.2908 2007.10.12 -

NOD32v2 2589 2007.10.12 Win32/TrojanDownloader.Zlob.BGT

Norman 5.80.02 2007.10.12 -

Panda 9.0.0.4 2007.10.12 -

Prevx1 V2 2007.10.12 Malware.Gen

Rising 19.44.42.00 2007.10.12 Trojan.DL.Win32.Zlob.dbi

Sophos 4.22.0 2007.10.12 Troj/Zlobar-Fam

Sunbelt 2.2.907.0 2007.10.11 -

Symantec 10 2007.10.12 Trojan.Zlob

TheHacker 6.2.8.087 2007.10.12 -

VBA32 3.12.2.4 2007.10.12 -

VirusBuster 4.3.26:9 2007.10.12 -

Webwasher-Gateway 6.0.1 2007.10.12 Trojan.Dldr.Zlob.cef

 

Antivir, Nod32, Fortinet et Webwasher-Gateway le detecte ce soir

 

Je les uploadé chez Norman et CA

Modifié le 12 octobre 2007 par wizard42

[Invité wizard42]

E mail de CA

 

Dear customer,

 

Thank you for using CA Security Advisor.

 

This is to notify you of the results of your submission, issue number

1117740. Please keep this issue number for future reference.

Please see below for the final results of our analysis of your file

submission.

 

We successfully received the following files:

 

FILE SIZE CONCLUSION

------------------------------------------------------------------------

private-skyrock.zip 63493 clean

------------------------------------------------------------------------

private-skyrock.exe 76691 malware

------------------------------------------------------------------------

 

 

 

This automated scanning service "Virtue" complements our regular

technical support service. It is not a replacement for it. For

technical support please visit http://www.ca.com/about/support.htm.

 

If you would like to comment on the quality of this automated service,

please send your suggestion to virtue.feedback@ca.com .

 

CA Security Advisor

 

------------------------------------------------------------------------

For the latest security advisories, including detailed analysis of the

latest vulnerabilities, viruses, trojans, worms and spyware, and for

complete information on how to protect yourself or your organization,

please visit

http://www.ca.com/securityadvisor

 

 

 

 

FILE

------------------------------------------------------------------------

private-skyrock.zip

------------------------------------------------------------------------

The PkWare Zip Archive file "private-skyrock.zip" has been determined

to be clean. For the results of files contained please see below.

 

 

 

FILE

------------------------------------------------------------------------

private-skyrock.exe

------------------------------------------------------------------------

The Windows PE (I386,EXE) file "private-skyrock.exe" has been

determined to be malicious.

 

Aliases reported by other AV products are listed here:

(Trojan.Zlob)

 

CA products address this malware as follows:

--------------------------------------------

CA Anti-Virus

We will inform you by email ASAP when we have a signature update

available providing detection.

 

 

========================================================================

 

Il est pas détecté en compréssé

[Invité wizard42]

Il y a une 2éme personne qui ma envoyé ce lien, je lai signalé au webmaster de skyrock

[Invité wizard42]

Fichier private-skyrock.zip reçu le 2007.10.13 08:32:25 (CET)

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2007.10.13.1 2007.10.12 -

AntiVir 7.6.0.23 2007.10.12 TR/Dldr.Zlob.cef

Authentium 4.93.8 2007.10.13 -

Avast 4.7.1051.0 2007.10.11 Win32:Zlob-ZZ

AVG 7.5.0.488 2007.10.12 -

BitDefender 7.2 2007.10.13 Dropped:Trojan.Zlob.BOP

CAT-QuickHeal 9.00 2007.10.12 W32.Zlob.C105

ClamAV 0.91.2 2007.10.13 Trojan.Dropper-2529

DrWeb 4.44.0.09170 2007.10.12 Trojan.Popuper.5008

eSafe 7.0.15.0 2007.10.10 -

eTrust-Vet 31.2.5207 2007.10.13 -

Ewido 4.0 2007.10.12 -

FileAdvisor 1 2007.10.13 -

Fortinet 3.11.0.0 2007.10.13 W32/Zlobar.DIU!tr.dldr

F-Prot 4.3.2.48 2007.10.12 -

F-Secure 6.70.13030.0 2007.10.12 Trojan-Downloader.Win32.Zlob.diu

Ikarus T3.1.1.12 2007.10.13 -

Kaspersky 7.0.0.125 2007.10.13 Trojan-Downloader.Win32.Zlob.diu

McAfee 5140 2007.10.12 -

Microsoft 1.2908 2007.10.13 TrojanDownloader:Win32/Zlob

NOD32v2 2589 2007.10.12 Win32/TrojanDownloader.Zlob.BGT

Norman 5.80.02 2007.10.12 -

Panda 9.0.0.4 2007.10.12 -

Prevx1 V2 2007.10.13 Malware.Gen

Rising 19.44.51.00 2007.10.13 Trojan.DL.Win32.Zlob.dbi

Sophos 4.22.0 2007.10.13 Troj/Zlobar-Fam

Sunbelt 2.2.907.0 2007.10.13 -

Symantec 10 2007.10.13 Trojan.Zlob

TheHacker 6.2.8.088 2007.10.13 -

VBA32 3.12.2.4 2007.10.12 -

VirusBuster 4.3.26:9 2007.10.12 -

Webwasher-Gateway 6.0.1 2007.10.12 Trojan.Dldr.Zlob.cef

 

Microsoft en plus aujourdhui protége contre ce virus ^^

 

Envoyé a Authentium

 

Envoye a VBA 32 et Virus Buster aujourdhui

Modifié le 14 octobre 2007 par wizard42

[Invité wizard42]

E mail de CA

 

Dear customer,

 

Thank you for using CA Security Advisor.

 

This is to notify you of the results of your submission, issue number

1117740. Please keep this issue number for future reference.

 

With regards to the file "private-skyrock.exe" submitted by you on 13

Oct 01:33:25 (Australian Eastern Standard Time), we have added cure

instructions for Win32/Nuvens.PD to the signature files.

 

The Windows PE (I386,EXE) file "private-skyrock.exe" has been

determined to be malicious.

 

Aliases reported by other AV products are listed here:

(Trojan.Zlob)

 

CA products address this malware as follows:

--------------------------------------------

CA Anti-Virus

Engine Update version Last Update

31.2.0 31.2.5212 15 Oct

The signature update is currently undergoing testing and should be

available for download within 24 hours.

Once the signature file is ready, it can be downloaded from

http://www3.ca.com/support/vicdownload/

 

 

 

This automated scanning service "Virtue" complements our regular

technical support service. It is not a replacement for it. For

technical support please visit http://www.ca.com/about/support.htm.

 

If you would like to comment on the quality of this automated service,

please send your suggestion to virtue.feedback@ca.com .

 

CA Security Advisor

 

------------------------------------------------------------------------

For the latest security advisories, including detailed analysis of the

latest vulnerabilities, viruses, trojans, worms and spyware, and for

complete information on how to protect yourself or your organization,

please visit

http://www.ca.com/securityadvisor

 

Utilisateur de CA vous êtes protégé contre ce virus ^^