Possible un-detected adaware/spyware

Rich43

Rich43

Rich43

Associate
Joined
2 Nov 2005
Posts
931
Location
Leicester
I have a two files in C:\Windows.. they are update.exe and update1.exe.

Ive been trying to work out what virus/adaware it is... NOD32 (supposed to be best antivirus on the planet) finds nothing!

I am going to give you a download link to the file but DO NOT OPEN OR RUN THE .EXE INSIDE!!!!!! but you can extract it and use it to help me find out what it is.
Here is the link: http://www.richieward.com/junk/update.zip

Put the file through your anti-virus and spyware applications for me :)
Submit it to your anti-virus vendor if you wish.
 
Last edited:
ZoneAlarm (Pro) detects nothing

I don't know if this website is helpful but it lists update1.exe as a trojan:

Site Above said:
C:\WINDOWS\system32\update1.exe = Virus "Trojan-PSW.Win32.WOW.da"
Click to expand...

Sunbelt CounterSpy lists info on Trojan-PSW.Win32.WOW.da
Sunbelt CounterSpy said:
Type Malware
Type Description Malware ("malicious software") consists of software with clearly malicious, hostile, or harmful functionality or behavior and that is used to compromise and endanger individual PCs as well as entire networks.
Category Trojan
Category Description Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.
Level High
Level Description High risks are typically installed without user interaction through security exploits, and can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer.
Advice Type Remove
File Traces
muma.exe
Click to expand...

Sophos Antivirus lists the following information:
309ix5g.gif
 
Last edited:
If ever you find a suspect file on your system, point your browser to http://virusscan.jotti.org/ where you can upload said file and have it scanned by upto 15 AntiVirus'.

The only one that detected anything seems to be VBA32 (http://www.anti-virus.by/en/), although it does say it's using 'paranoid heuristics' which could cause it to provide a false positive.

Scan taken on 01 Jan 2007 13:41:28 (GMT)
VBA32: Found Backdoor.Hupigon.6 (paranoid heuristics) (probable variant)
Click to expand...
A quick search on 'Hupigon' provides some info on viruslist; http://www.viruslist.com/en/viruses/encyclopedia?virusid=44430
 
This is a very serious matter if the latest virus protection does not get this.. help me to get this in the latest virus definitions.. im a nod32 user but you guys use different protection.

Btw.. you have all told me that it is various different viruses.. this mounts up to some confusion.. how do i get rid of this thing?
 
Last edited:
sometimes when dealing with unknown .exe files,
it's useful to open them in an ascii editor.

doing this with this file reveals the text string "themida"
(as identified earlier by ns400r)

I'd imagine this was used to obscure the contents from the AV companies, who would be trying to work out what it does.


.
 
You must log in or register to reply here.
Back
Top Bottom