1. Submitted Symantec Security Response Automation: Tracking #10534272
AV def: Monday, April 06, 2009 r3
PTP def: Friday, April03, 200 r19
NTP def: Friday, March 13, 2009 r1
2. I don't want to clean it with a different product, that's not going to help Symantec get this file detected and cleaned. What tool from Symantec can I use to clean this? I've run the downadup cleanup tool and it found nothing, so I don't think it is conficker.
3. Virus Total Results
File 429363609.exe received on 04.06.2009 19:24:52 (CET)
Current status: finished
Result: 6/40 (15%)
Compact
Print results
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.04.06 -
AhnLab-V3 5.0.0.2 2009.04.06 -
AntiVir 7.9.0.138 2009.04.06 ADSPY/AdSpy.Gen
Antiy-AVL 2.0.3.1 2009.04.06 -
Authentium 5.1.2.4 2009.04.06 -
Avast 4.8.1335.0 2009.04.06 -
AVG 8.5.0.285 2009.04.06 Win32/Heur
BitDefender 7.2 2009.04.06 -
CAT-QuickHeal 10.00 2009.04.06 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.04.06 -
Comodo 1101 2009.04.06 -
DrWeb 4.44.0.09170 2009.04.06 -
eSafe 7.0.17.0 2009.04.06 -
eTrust-Vet 31.6.6435 2009.04.03 -
F-Prot 4.4.4.56 2009.04.05 -
F-Secure 8.0.14470.0 2009.04.06 -
Fortinet 3.117.0.0 2009.04.06 -
GData 19 2009.04.06 -
Ikarus T3.1.1.49.0 2009.04.06 -
K7AntiVirus 7.10.694 2009.04.06 -
Kaspersky 7.0.0.125 2009.04.06 -
McAfee 5576 2009.04.06 -
McAfee+Artemis 5576 2009.04.06 -
McAfee-GW-Edition 6.7.6 2009.04.06 Ad-Spyware.AdSpy.Gen
Microsoft 1.4502 2009.04.06 Program:Win32/Winwebsec
NOD32 3990 2009.04.06 -
Norman 6.00.06 2009.04.06 -
nProtect 2009.1.8.0 2009.04.06 -
Panda 10.0.0.14 2009.04.06 -
PCTools 4.4.2.0 2009.04.06 -
Prevx1 V2 2009.04.06 -
Rising 21.23.41.00 2009.04.03 -
Sophos 4.40.0 2009.04.06 Mal/FakeAV-AK
Sunbelt 3.2.1858.2 2009.04.06 -
Symantec 1.4.4.12 2009.04.06 -
TheHacker 6.3.4.0.302 2009.04.06 -
TrendMicro 8.700.0.1004 2009.04.06 -
VBA32 3.12.10.2 2009.04.06 -
ViRobot 2009.4.6.1680 2009.04.06 -
VirusBuster 4.6.5.0 2009.04.06 -
Additional information
File size: 340030 bytes
MD5...: 8dbc47ab69f61dda416734006c7dbe56
SHA1..: 09471e50e0442071d30d1a3d30b0891eeaf979f4
SHA256: a95268cfc59097d1a7fcfabc58de6909838e33454f994a8ae2a94d8ab20bfeda
SHA512: c8621f5e8104346b4b01c10a8ac277e9eead17e8723b450fc3b40d1a9d5c4e19
37d82f2e04abc05218d73d64fbe04710973b345dc4450bfe3804309915153eba
ssdeep: 6144:DWQ4D/2yc4iJ0LenTS9TG+KUmiCP/3SzkOcaA7LaNAYmlJDyiuBFbIHJi8:
yQUrcqeT2rKU9CX3SAFaAyuh5yiL
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x12be
timedatestamp.....: 0x42fc7812 (Fri Aug 12 10:21:06 2005)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x11b75 0x11c00 7.98 e2103ef5aac4f0fffcafeaf4bc1d1805
.data 0x13000 0x5255c 0x3cc00 7.97 0d15ff97a3d98db6d5286d7ad68a580b
.idata 0x66000 0x614 0x800 4.04 981d443ffc7e8c63ec720251d5aeb1be
.rsrc 0x67000 0x38000 0x3c00 4.67 c6370896933a2d66eca33181af55b5ef
( 3 imports )
> KERNEL32.DLL: IsBadCodePtr, ResetEvent, GetCommandLineA, SetHandleInformation, VirtualProtect, CloseHandle, GetMailslotInfo, SetProcessWorkingSetSize, GetDiskFreeSpaceExA, TerminateProcess, VirtualQuery, GetProfileStringA, Module32First, FindNextFileA, LCMapStringA, GetDevicePowerState, CreateFileW, WriteFile, OutputDebugStringA, CreateFileA, CreateMailslotA, SetConsoleCtrlHandler, GetCommMask, BuildCommDCBA
> ADVAPI32.DLL: ClearEventLogA, GetOldestEventLogRecord, CryptContextAddRef, GetMultipleTrusteeOperationA, GetAccessPermissionsForObjectW, OpenSCManagerA, CreateProcessAsUserA, CreateProcessAsUserW, CryptReleaseContext, LookupPrivilegeDisplayNameW, GetServiceKeyNameA, SetFileSecurityA, SetEntriesInAuditListA, CryptGetKeyParam, BuildSecurityDescriptorW, RegUnLoadKeyW, BackupEventLogW, AddAccessDeniedAce
> USER32.DLL: UnregisterClassW, UnregisterDeviceNotification, GetMenuContextHelpId, GetMessageTime, SendMessageCallbackA, TrackPopupMenu, ChangeDisplaySettingsExA, ChangeClipboardChain, DdeQueryNextServer, RegisterLogonProcess, DdeEnableCallback, LoadAcceleratorsA, GetWindowContextHelpId, DrawAnimatedRects, EnumDisplayMonitors