Complete scanning result of "GERADOR_DE_CREDITOS.com", received in VirusTotal at 07.10.2006, 14:26:48 (CET). Antivirus Version Update Result AntiVir 6.35.0.21 07.10.2006 TR/Dldr.Banloa.HD.1 Authentium 4.93.8 07.07.2006 no virus found Avast 4.7.844.0 07.10.2006 no virus found AVG 386 07.07.2006 no virus found BitDefender 7.2 07.10.2006 BehavesLike:Trojan.Downloader CAT-QuickHeal 8.00 07.10.2006 (Suspicious) - DNAScan ClamAV devel-20060426 07.10.2006 no virus found DrWeb 4.33 07.10.2006 no virus found eTrust-InoculateIT 23.72.64 07.09.2006 no virus found eTrust-Vet 12.6.2293 07.10.2006 no virus found Ewido - 07.10.2006 Downloader.Delf.apx Fortinet 2.77.0.0 07.10.2006 W32/Delf.APX!tr.dldr F-Prot 3.16f 07.07.2006 no virus found F-Prot4 4.2.1.29 07.07.2006 no virus found Ikarus 0.2.65.0 07.07.2006 no virus found Kaspersky 4.0.2.24 07.10.2006 Trojan-Downloader.Win32.Delf.apx McAfee 4802 07.07.2006 no virus found Microsoft 1.1481 07.10.2006 no virus found NOD32v2 1.1651 07.08.2006 no virus found Norman 5.90.23 07.10.2006 W32/Downloader Panda 9.0.0.4 07.09.2006 Suspicious file Sophos 4.07.0 07.10.2006 no virus found Symantec 8.0 07.10.2006 no virus found TheHacker 5.9.8.171 07.10.2006 no virus found UNA 1.83 07.08.2006 TrojanDownloader.Win32.Delf VBA32 3.11.0 07.09.2006 Trojan-Downloader.Win32.Delf.apx VirusBuster 4.3.7:9 07.09.2006 no virus found Aditional Information File size: 188416 bytes MD5: 75660221ab6d3e5bc5e2a9ee3980dad0 SHA1: 91b55b463e1d6db868771c0837a4088419074b8e packers: TeLock Norman SandBox: [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * File length: 188416 bytes. [ Changes to filesystem ] * Creates file C:WINDOWSSYSTEM32Update. * Creates file C:WINDOWSSYSTEM32csrs.scr. * Deletes file C:WINDOWSSYSTEM32Update. [ Network services ] * Downloads file from http://ricmar2.freehostia.com/GERADOR_DE_CREDITOS.exe as C:WINDOWSSYSTEM32Update. [ Security issues ] * Starting downloaded file - potential security problem. [ Process/window information ] * Creates a mutex xuH3W3u8. * Creates an event called . * Attemps to NULL C:WINDOWSSYSTEM32csrs.scr . VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.