Complete scanning result of "CartaoMusical.cmd", received in VirusTotal at 07.13.2006, 20:05:12 (CET). Antivirus Version Update Result AntiVir 6.35.0.21 07.13.2006 TR/Dldr.B.abn.6.C.1 Authentium 4.93.8 07.12.2006 no virus found Avast 4.7.844.0 07.12.2006 Win32:Banload-IR AVG 386 07.13.2006 Downloader.Generic2.ESC BitDefender 7.2 07.13.2006 BehavesLike:Trojan.Downloader CAT-QuickHeal 8.00 07.13.2006 (Suspicious) - DNAScan ClamAV devel-20060426 07.13.2006 no virus found DrWeb 4.33 07.13.2006 Trojan.DownLoader.8776 eTrust-InoculateIT 23.72.67 07.13.2006 no virus found eTrust-Vet 12.6.2296 07.13.2006 no virus found Ewido 4.0 07.13.2006 Downloader.Banload.adw Fortinet 2.77.0.0 07.13.2006 W32/Banload.ADW!tr.dldr F-Prot 3.16f 07.12.2006 no virus found F-Prot4 4.2.1.29 07.12.2006 no virus found Ikarus 0.2.65.0 07.13.2006 no virus found Kaspersky 4.0.2.24 07.13.2006 Trojan-Downloader.Win32.Banload.adw McAfee 4806 07.13.2006 no virus found Microsoft 1.1481 07.13.2006 no virus found NOD32v2 1.1658 07.13.2006 a variant of Win32/TrojanDownloader.Banload.ABN Norman 5.90.23 07.13.2006 W32/Downloader Panda 9.0.0.4 07.13.2006 Suspicious file Sophos 4.07.0 07.13.2006 no virus found Symantec 8.0 07.13.2006 no virus found TheHacker 5.9.8.174 07.13.2006 no virus found UNA 1.83 07.13.2006 no virus found VBA32 3.11.0 07.13.2006 Trojan-Downloader.Win32.Banload.adw VirusBuster 4.3.7:9 07.13.2006 no virus found Aditional Information File size: 44720 bytes MD5: 9c943bfed31dc611cd1a089236104e53 SHA1: 4d39ffb9a2284de78816a0009367f9d9925ca2cf packers: UPack Norman SandBox: [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * File length: 44720 bytes. [ Changes to filesystem ] * Creates file C:WINDOWSSYSTEM32Update. * Creates file C:WINDOWSSYSTEM32csrs.scr. * Deletes file C:WINDOWSSYSTEM32Update. [ Network services ] * Downloads file from http://cascalho.smtp.ru/GORDAO/csrs.jpg as C:WINDOWSSYSTEM32Update. [ Security issues ] * Starting downloaded file - potential security problem. [ Process/window information ] * Attemps to NULL C:WINDOWSSYSTEM32csrs.scr . VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.