Complete scanning result of "orkut.scr", received in VirusTotal at 08.29.2006, 15:17:54 (CET). Antivirus Version Update Result AntiVir 6.35.1.3 08.29.2006 HEUR/Crypted.DNFLR Authentium 4.93.8 08.29.2006 no virus found Avast 4.7.844.0 08.28.2006 no virus found AVG 386 08.29.2006 Downloader.Delf.11.AW BitDefender 7.2 08.29.2006 no virus found CAT-QuickHeal 8.00 08.29.2006 (Suspicious) - DNAScan ClamAV devel-20060426 08.29.2006 no virus found DrWeb 4.33 08.29.2006 DLOADER.Trojan eTrust-InoculateIT 23.72.109 08.29.2006 no virus found eTrust-Vet 30.3.3047 08.29.2006 no virus found Ewido 4.0 08.25.2006 Downloader.Banload.vn Fortinet 2.77.0.0 08.29.2006 suspicious F-Prot 3.16f 08.25.2006 no virus found F-Prot4 4.2.1.29 08.26.2006 no virus found Ikarus 0.2.65.0 08.29.2006 Trojan-Downloader.Win32.Banload.X Kaspersky 4.0.2.24 08.29.2006 Trojan-Downloader.Win32.Adload.df McAfee 4839 08.28.2006 no virus found Microsoft 1.1560 08.29.2006 no virus found NOD32v2 1.1729 08.28.2006 a variant of Win32/TrojanDownloader.Dadobra.FX Norman 5.90.23 08.29.2006 W32/Downloader Panda 9.0.0.4 08.29.2006 Suspicious file Sophos 4.08.0 08.29.2006 no virus found Symantec 8.0 08.29.2006 no virus found TheHacker 5.9.8.201 08.28.2006 no virus found UNA 1.83 08.29.2006 no virus found VBA32 3.11.1 08.28.2006 suspected of Trojan-Downloader.Agent.58 VirusBuster 4.3.7:9 08.29.2006 no virus found Aditional Information File size: 126140 bytes MD5: 4690fddb7ad72584790ac7f3d84067f3 SHA1: 140d9914e00ab9ce825c591ff842322fe9ba2b08 packers: ACProtect Norman SandBox: [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * Anti debug/emulation code present. * Display message box (ACProtect) : Protected by unregistered ACProtect!. * File length: 126140 bytes. [ Changes to filesystem ] * Creates file C:windows empAlcxwdm24.exe. [ Network services ] * Downloads file from http://www.projeto_grande.kit.net/Fonte_Armando/twister.jpg as c:windows empAlcxwdm24.exe. [ Security issues ] * Starting downloaded file - potential security problem. [ Process/window information ] * Enumerates running processes. * Enumerates running processes several parses.... VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.