Complete scanning result of "Juliana.Cmd", received in VirusTotal at 09.11.2006, 14:53:39 (CET). Antivirus Version Update Result AntiVir 7.1.1.16 09.11.2006 TR/Delphi.Downloader.Gen Authentium 4.93.8 09.11.2006 Possibly a new variant of W32/Threat-IKNP-based!Maximus Avast 4.7.844.0 09.08.2006 no virus found AVG 386 09.11.2006 Downloader.Generic2.OCL BitDefender 7.2 09.11.2006 GenPack:Trojan.Downloader.Delf.ZH CAT-QuickHeal 8.00 09.11.2006 (Suspicious) - DNAScan ClamAV devel-20060426 09.11.2006 no virus found DrWeb 4.33 09.11.2006 no virus found eTrust-InoculateIT 23.72.121 09.10.2006 no virus found eTrust-Vet 30.3.3071 09.11.2006 no virus found Ewido 4.0 09.11.2006 Downloader.Banload.xm Fortinet 2.77.0.0 09.10.2006 W32/Banload.XM!tr.dldr F-Prot 3.16f 09.11.2006 Possibly a new variant of W32/Threat-IKNP-based!Maximus F-Prot4 4.2.1.29 09.11.2006 W32/Threat-IKNP-based!Maximus Ikarus 0.2.65.0 09.08.2006 Backdoor.Win32.PcClient.GV Kaspersky 4.0.2.24 09.11.2006 Trojan-Downloader.Win32.Banload.xm McAfee 4848 09.08.2006 no virus found Microsoft 1.1560 09.11.2006 no virus found NOD32v2 1.1749 09.11.2006 Win32/TrojanDownloader.Banload.NIB Norman 5.90.23 09.11.2006 W32/Downloader Panda 9.0.0.4 09.10.2006 Suspicious file Sophos 4.09.0 09.11.2006 no virus found Symantec 8.0 09.11.2006 no virus found TheHacker 5.9.8.209 09.11.2006 no virus found UNA 1.83 09.11.2006 no virus found VBA32 3.11.1 09.11.2006 Trojan-Downloader.Win32.Banload.xm VirusBuster 4.3.7:9 09.11.2006 no virus found Aditional Information File size: 48640 bytes MD5: cd4f77944d8368cc2bd4cbf66e42e899 SHA1: 0479238bc5ed2bdbf093ff7fa1fed84d5bdb251a packers: Packed Norman SandBox: [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * **Locates window "cmrss.exe [class NULL]" on desktop. * **Locates window "msbcs.exe [class NULL]" on desktop. * **Locates window "msnmsg.exe [class NULL]" on desktop. * File length: 48640 bytes. [ Changes to filesystem ] * Creates file C:msconfg.exe. [ Network services ] * Downloads file from http://modulonovo.ubbihp.com.br/junio.js as c:msconfg.exe. [ Security issues ] * Starting downloaded file - potential security problem. VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.