Complete scanning result of "pegadinhas.scr", received in VirusTotal at 06.21.2006, 16:58:19 (CET). Antivirus Version Update Result AntiVir 6.35.0.15 06.21.2006 no virus found Authentium 4.93.8 06.21.2006 no virus found Avast 4.7.844.0 06.21.2006 no virus found AVG 386 06.20.2006 no virus found BitDefender 7.2 06.21.2006 no virus found CAT-QuickHeal 8.00 06.21.2006 (Suspicious) - DNAScan ClamAV devel-20060426 06.21.2006 no virus found DrWeb 4.33 06.21.2006 no virus found eTrust-InoculateIT 23.72.45 06.21.2006 no virus found eTrust-Vet 12.6.2269 06.21.2006 no virus found Ewido 3.5 06.21.2006 Downloader.Dadobra.lw Fortinet 2.77.0.0 06.21.2006 no virus found F-Prot 3.16f 06.21.2006 no virus found Ikarus 0.2.65.0 06.21.2006 no virus found Kaspersky 4.0.2.24 06.21.2006 no virus found McAfee 4789 06.21.2006 no virus found Microsoft 1.1481 06.21.2006 no virus found NOD32v2 1.1612 06.21.2006 probably unknown NewHeur_PE virus Norman 5.90.21 06.21.2006 W32/Downloader Panda 9.0.0.4 06.21.2006 Suspicious file Sophos 4.06.0 06.21.2006 no virus found Symantec 8.0 06.21.2006 no virus found TheHacker 5.9.8.163 06.21.2006 no virus found UNA 1.83 06.21.2006 no virus found VBA32 3.11.0 06.20.2006 no virus found VirusBuster 4.3.7:9 06.20.2006 no virus found Aditional Information File size: 48896 bytes MD5: 3238d788d20bb7fca2f5b0bed2aa4db6 SHA1: 246d005483301aab0feef935b7396f3f54206182 Norman SandBox: [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * File might be compressed. * Decompressing Petite. * Creating several executable files on hard-drive. * File length: 48896 bytes. [ Changes to filesystem ] * Creates file C:windowsiexplore.exe. * Creates file C:windows egcleaner.exe. * Creates file C:windowsmsnmsgr.exe. [ Changes to registry ] * Creates value "Windows Host Process Cleaner"="c:windows egcleaner.exe" in key "HKLMSoftwareMicrosoftWindowsCurrentVersionRun". * Creates value "Windows Host Process Cleaner"="c:windowsmsnmsgr.exe" in key "HKCUSoftwareMicrosoftWindowsCurrentVersionRun". [ Network services ] * Downloads file from http://machinevirtual.com.sapo.pt/dados/dados1.dat as c:windowsiexplore.exe. * Downloads file from http://virtualmachine.com.sapo.pt/dados/dados1.dat as c:windowsiexplore.exe. * Downloads file from http://machinebooster.com.sapo.pt/dados/dados1.dat as c:windowsiexplore.exe. * Downloads file from http://tip5000ciclotron.com.sapo.pt/dados/dados1.dat as c:windowsiexplore.exe. * Downloads file from http://tecsatcomercio.com.sapo.pt/dados/dados1.dat as c:windowsiexplore.exe. * Downloads file from http://sitesvirtuais.com.sapo.pt/dados/svdados1.dat as c:windows egcleaner.exe. * Downloads file from http://madeiraslima.com.sapo.pt/dados/svdados1.dat as c:windows egcleaner.exe. * Downloads file from http://shoppings199.com.sapo.pt/dados/svdados1.dat as c:windows egcleaner.exe. * Downloads file from http://sotreqmaquinas.com.sapo.pt/dados/svdados1.dat as c:windows egcleaner.exe. * Downloads file from http://gauchavirtual.com.sapo.pt/dados/svdados1.dat as c:windows egcleaner.exe. * Downloads file from http://machinevirtual.com.sapo.pt/dados/dados1.da as c:windowsmsnmsgr.exe. VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.