Complete scanning result of "cartao0342.scr", received in VirusTotal at 08.14.2006, 16:57:46 (CET). Antivirus Version Update Result AntiVir 6.35.1.0 08.14.2006 TR/Delphi.Downloader.Gen Authentium 4.93.8 08.13.2006 W32/Downloader.AEBR Avast 4.7.844.0 08.14.2006 no virus found AVG 386 08.14.2006 Downloader.Generic2.KLI BitDefender 7.2 08.14.2006 Trojan.Downloader.Delf.ACC CAT-QuickHeal 8.00 08.14.2006 no virus found ClamAV devel-20060426 08.14.2006 no virus found DrWeb 4.33 08.14.2006 no virus found eTrust-InoculateIT 23.72.94 08.14.2006 no virus found eTrust-Vet 30.3.3019 08.14.2006 no virus found Ewido 4.0 08.14.2006 no virus found Fortinet 2.77.0.0 08.13.2006 W32/Delf.ACC!tr.dldr F-Prot 3.16f 08.13.2006 security risk named W32/Downloader.AEBR F-Prot4 4.2.1.29 08.13.2006 W32/Downloader.AEBR Ikarus 0.2.65.0 08.14.2006 Trojan-Downloader.Win32.Banload.CX Kaspersky 4.0.2.24 08.14.2006 Trojan-Downloader.Win32.Delf.acc McAfee 4828 08.13.2006 no virus found Microsoft 1.1560 08.14.2006 no virus found NOD32v2 1.1705 08.14.2006 a variant of Win32/TrojanDownloader.Delf.ACC Norman 5.90.23 08.14.2006 W32/Downloader Panda 9.0.0.4 08.14.2006 Suspicious file Sophos 4.08.0 08.14.2006 no virus found Symantec 8.0 08.14.2006 no virus found TheHacker 5.9.8.192 08.14.2006 no virus found UNA 1.83 08.11.2006 no virus found VBA32 3.11.0 08.13.2006 Trojan-Downloader.Win32.Delf.acc VirusBuster 4.3.7:9 08.14.2006 no virus found Aditional Information File size: 44544 bytes MD5: 9316b70a366e0b866f3cfd750977f6cf SHA1: baa47261a4c79610fff5acd8c5816e02eb2daf33 Norman SandBox: [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * File length: 44544 bytes. [ Changes to filesystem ] * Creates file C:Windowslsass.exe. [ Network services ] * Downloads file from http://www.orkutlandia.mail333.com/cartao03423.scr as c:Windowslsass.exe. [ Security issues ] * Starting downloaded file - potential security problem. [ Process/window information ] * Attemps to NULL http://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fwww.orkut.com%2F . * Attemps to NULL c:Windowslsass.exe . VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.