Complete scanning result of "biquini.scr", received in VirusTotal at 08.07.2006, 14:34:30 (CET). Antivirus Version Update Result AntiVir 6.35.1.0 08.07.2006 no virus found Authentium 4.93.8 08.06.2006 no virus found Avast 4.7.844.0 08.04.2006 no virus found AVG 386 08.05.2006 no virus found BitDefender 7.2 08.07.2006 BehavesLike:Trojan.Downloader CAT-QuickHeal 8.00 08.07.2006 (Suspicious) - DNAScan ClamAV devel-20060426 08.06.2006 no virus found DrWeb 4.33 08.07.2006 no virus found eTrust-InoculateIT 23.72.88 08.06.2006 no virus found eTrust-Vet 12.6.2328 08.07.2006 no virus found Ewido 4.0 08.07.2006 no virus found Fortinet 2.77.0.0 08.07.2006 suspicious F-Prot 3.16f 08.06.2006 no virus found F-Prot4 4.2.1.29 08.06.2006 no virus found Ikarus 0.2.65.0 08.07.2006 no virus found Kaspersky 4.0.2.24 08.07.2006 no virus found McAfee 4822 08.04.2006 no virus found Microsoft 1.1508 08.04.2006 no virus found NOD32v2 1.1694 08.05.2006 probably a variant of Win32/TrojanDownloader.Delf.ACC Norman 5.90.23 08.07.2006 W32/Downloader Panda 9.0.0.4 08.07.2006 Trj/Banbra.CYS Sophos 4.08.0 08.07.2006 no virus found Symantec 8.0 08.07.2006 no virus found TheHacker 5.9.8.187 08.07.2006 no virus found UNA 1.83 08.04.2006 no virus found VBA32 3.11.0 08.07.2006 suspected of Trojan-Downloader.Agent.58 VirusBuster 4.3.7:9 08.06.2006 no virus found Aditional Information File size: 139964 bytes MD5: b5deba7b92452c4d7013caf1f59a9545 SHA1: 8a585eceff12b75ae1f9cebd8af790fc6788dacc packers: ACProtect Norman SandBox: [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * Anti debug/emulation code present. * File length: 139964 bytes. [ Changes to filesystem ] * Creates file C:Windowsmstray.exe. [ Network services ] * Downloads file from http://www.hvmdesign.com/files/logo_929.gif as c:Windowsmstray.exe. [ Security issues ] * Starting downloaded file - potential security problem. [ Process/window information ] * Enumerates running processes. * Enumerates running processes several parses.... * Attemps to NULL http://wanessafotolog.webhop.net/ . * Attemps to NULL c:Windowsmstray.exe . VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.