Can Some one Scan this File? [Might be Very Very Dangerous]

So I had a Message on Some Forums I went Telling me to download this as a test program (possibility a scam).

This is Suppose (According to the Message) Speed up a Program of mine.
I am not Sure about my Avast! Please Download it at your own Risk and Scan it Currently and Tell me what is that type and/or name of that virus.
Their is a chance some one is trying to hack me. PLEASE READ!!! it might be a port Scanner that can open your Router and Possibility Allow a hacker to hack you using SSHL

I want to make sure what/is it a virus? Please If it gives you a warning while extracting or downloading Tell me the type of Virus avast found And DO NEVER EVER Cancel just Click Remove or Heal.

Their is a hacker that sent me a program before a port scanner and hacked me through SSHL Posting my IP and an Open Port.
This is a File i found some one else sent me and possibility the same person as before So Be careful Download this File and Don’t Ignore avast , I want to make sure if its a virus or not and i know what type it is , if its a virus then i know that user who sent me must be the same hacker.

Thank you.

I need to make sure its a virus or not. and Yes again it Might be a Port Scanner THAT Can Send the hacker an Info about a Forwarded port on your Router So do never ever at any chance ignore avast.

Scan it carefully.

here is the File (NOTICE THIS 99% MIGHT BE A VIRUS (POSSIBLE A TROJAN DO NOT IGNORE AVAST)!!!) :

hXXp://www.mediafire.com/?cjmmztwhozy

Download at your own risk if you found a virus that is healed and/or Removed Record its name and/or Report it to me.


I would suggest that no one download that file !

Also, Scan or an administrator disable the link to malware.


Live one!

Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.10.02 Backdoor.Generic!IK
AhnLab-V3 5.0.0.2 2009.10.02 Win-Trojan/Xema.variant
AntiVir 7.9.1.27 2009.10.02 SPR/PSW.MailPassView.AG
Antiy-AVL 2.0.3.7 2009.10.02 -
Authentium 5.1.2.4 2009.10.02 W32/Trojan2.GXAC
Avast 4.8.1351.0 2009.10.02 -
AVG 8.5.0.412 2009.10.02 -
BitDefender 7.2 2009.10.02 Backdoor.Generic.168773
CAT-QuickHeal 10.00 2009.10.01 -
ClamAV 0.94.1 2009.10.02 Trojan.Agent-121207
Comodo 2491 2009.10.02 -
DrWeb 5.0.0.12182 2009.10.02 Tool.PassView.117
eSafe 7.0.17.0 2009.10.01 Suspicious File
eTrust-Vet 31.6.6773 2009.10.02 -
F-Prot 4.5.1.85 2009.10.02 W32/Trojan2.GXAC
F-Secure 8.0.14470.0 2009.10.02 Trojan-PSW:W32/GrayBird.ANR
Fortinet 3.120.0.0 2009.10.02 -
GData 19 2009.10.02 Backdoor.Generic.168773
Ikarus T3.1.1.72.0 2009.10.02 Backdoor.Generic
Jiangmin 11.0.800 2009.09.27 -
K7AntiVirus 7.10.858 2009.10.01 Trojan.Win32.Malware.4
Kaspersky 7.0.0.125 2009.10.02 -
McAfee 5758 2009.10.01 potentially unwanted program Generic PUP
McAfee+Artemis 5758 2009.10.01 potentially unwanted program Generic PUP
McAfee-GW-Edition 6.8.5 2009.10.02 Riskware.PSW.Messen.BG
Microsoft 1.5101 2009.10.02 -
NOD32 4476 2009.10.02 Win32/MPass.124
Norman 6.01.09 2009.10.02 W32/GrayBird.AJPF
nProtect 2009.1.8.0 2009.10.02 -
Panda 10.0.2.2 2009.10.01 Suspicious file
PCTools 4.4.2.0 2009.10.02 -
Prevx 3.0 2009.10.02 High Risk System Back Door
Rising 21.49.22.00 2009.09.30 -
Sophos 4.45.0 2009.10.02 Messen
Sunbelt 3.2.1858.2 2009.10.01 Trojan.Win32.Generic!BT
Symantec 1.4.4.12 2009.10.02 Backdoor.Graybird
TheHacker 6.5.0.2.026 2009.10.02 -
TrendMicro 8.950.0.1094 2009.10.02 BKDR_Generic.DIT
VBA32 3.12.10.11 2009.09.30 -
ViRobot 2009.10.2.1968 2009.10.02 -
VirusBuster 4.6.5.0 2009.10.02 -
Additional information
File size: 184363 bytes
MD5…: ea9d668b93cbed3561198cfdd9225a80

Avast 4.8.1351.0 2009.10.02 -

Hmmm… not caught by avast!, but then it is using an older version of the program, don’t know how that affects it.

FreewheelinFrank, you downloaded it?
Maybe an idea to send it to alwil…

Scan,

A wise choice you have made, most likely this is going to be the case in any situation where you encounted this kind of message

To modify your post, click ‘modify’ near the top right of it and disable the link (change http to hXXp)

-Scott-

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.

Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

Well all i know about this virus that it did appear before
I think its a port scanner , the last hacker who hacked me admitted that he used that program to forward a port of mine so he can get to me using Security Shell Tunneling.

Security shell tunneling = Enter ip adress + Enter a forwarded port of that ip adress’s owner’s router = bingo you are on that ip owner’s computer ;D

its said that the port scanner is not meant to be dangerous , but hackers use it to Forward a Port that Security Shell tunnel uses.
the port scanner Searches for port 22 and open it… This can be a security program Or can be used as harmeful.

Still i am sure i don’t have an SS protocol but still before he was able to hack me.
Sorry guys , but can some one tell them that and attach the file…
i can’t touch that thing but just tell them that info.

he just want to steal my pictures , last time he sent me a normal virus through SS Tunneling but I spied on him pretending to be some one else and asking him in a thread did he hack that person’s (which is me) and he said he couldn’t but he would if he could.

I don’t think (but i am not sure) that he can hack all you downloader’s computers because he probably only know my IP (I joined his forums/contacted him on yahoo) , he wouldn’t know the port is forwarded any ways but i am still not sure about this.

But Their is a chance avast creator’s put this on the Exceptions because this program is Safe for Them Thought they didn’t know the bad side of it that it can be a real trojan.

Some one deliver them this info (would posting the media fire link work?)

oh and does any one know if some one can steal my files using Security Shell tunneling?

Thnx.

here is his Message:

"The only emulator accelator and third party server user application is now available… You seem to be an active member scan. Enjoy

hxxp://www.mediafire.com/?cjmmztwhozy

Note: Do not distribute this is a private copy and yes its 100% free.

-Regards
Emu Accelator Team."

(Emu accelator is not any one’s forum and they don’t exist)

and can some one tell me how to Report him anonymously for hacking?

Hi Scan,

Make the live link in the above posting non-clickable like hxtp or wXw. Malicious software was hosted on one domain, e.g. interclick.com/.
Analysis and status as suspicious site for hXtp://www.mediafire.com/?cjmmztwhozy
http://wepawet.cs.ucsb.edu/view.php?hash=2bda3c6b12a04b60b7b6a78c9d08d821&t=1254504454&type=js

polonus

avira tell me that
server.exe is:spr/psw.mailpassview.ag i.e:security privacy risk
two days and i will send you removal of it if avast dont update their database

I did.

the avast updater sounds to be down.
i use manual update any ways.

but hopefully the fix this serious issue.

Oh and found out about mailpassive.

http://www.softpedia.com/get/Security/Decrypting-Decoding/Mail-PassView.shtml ← DO not download. Just Red the Review

Mailpassive is a useful if not safe , It says it collects user’s information and password’s for Recovery , if you want your user name and .
Sounds like a Cookies Stealer, either way he is Trying to access to my face book or yahoo mail (Luckly I don’t have a Face Book account ;)) since he always said he wanted to steal my Pictures.

never Download The Virus in the First Link (in the main post) please unless you are sure your avast/any other anti virus could know what it is Either way I found it.
PLEASE No body Downloads this.

I never downloaded it thought because I Knew it might be a virus just wanted to know what the hackers wants to do.

Sure, the download site is safe- anyway, I’m using Linux. 8)

I think they can get it from the hash if they really want it.

Not caught by Microsoft or Kaspersky either- they’re always missed by some Av’s, and it’s always different ones- you’re better off recognising a scam and steering clear.

the first analyses of it tell me that it is a visual basic trojan just an hour and may be i can understand its code
oh i forget it has a name inside “ftp.justfree.com” i will sacn to know what it is
i dont complete it yet so dont talk about me.

Some one look at this post please.
just posted it but i didn’t know how this forum does the posting

any ways please see this reply (sorry if i was late).

its Probably the hacker wants to say: “I have all your user names and passwords info now they are sent to my email Whenever I post Them”
and I forgot to say the hacker uses Linux , I know because I contacted him before while he was tricking me on downloading the File “For Testing if this works on windows” ~_~

Also see the results of this detailed analysis, http://anubis.iseclab.org/?action=result&task_id=17a846c41ce2b58846db42ad0a521040e&format=html.

[0] Archive type: RSRC
→ Object
[DETECTION] Contains recognition pattern of the SPR/PSW.Messen.BG program
→ Object
[DETECTION] Contains recognition pattern of the SPR/PSW.NetPass.ET program
→ Object
[DETECTION] Contains recognition pattern of the SPR/PSW.MailPassView.AG program
what avira say
and i run it on the virtual machine but WTF it give me a run time error check processes and start up and no thing change:it is a real run time error"

sorry i forget that the file on my system has the same md5 but somthing is wrong

Well its all a story.
Some one came to the Forum and Help me against some Trolls , at least he pretended to be.
He Sent me a program saying that he is a linux owner and want to test it on windows.

i downloaded this File , avg found its a virus
he then told me its a fake alert so i canceled avg and extracted that file.

(This Week not today found out it was a virus that opens ports)

after contacting him lots of times he admitted it was a real virus and said their is a program to help me get red of this.
he gave me a file but apparently he tricked me again. that was a genric virus , he told me to open it but it only worked on 64 Bit applications.

I then couldn’t open it. he told me to contact him the day later , then he said those weren’t virus , he said he pretended them to be so he can contact me more.
While contacting him in days , i found out ‘Trojan distructor’ detected by avg. I then asked him what is this?

he told me he sent me that through Security Shell Tunneling i asked him if he stole files and he said ‘no’ lots of times and i kept asking him for a while then he said he is blocking me.

Later i went to the Forums back , i pretended to be some one else and while he was laughing at me with his Friends when i kept asking him that question , i asked him as another person , did you steal his pictures and uploaded them?

he said he never did steal any thing from -My Original User name on those Forums-. i even pmed him he said he never toke any thing.

So it sounds like this virus works on 64 Bits on vista?.. I use XP and i was easily tricked and i am lucky.

Can some one Scan those 2 web sites:

http://www.theclaussens.net/gallery/...s/over9000.jpg
ClansMeet.Co.Cc

I think those 2 of his web sites.

don’t underestimate it.
Or maybe he (The hacker) failed to Compile the Right way.

he last time sent me a virus but it could only work on vista 64 Bit so it yeah i think it gave me “Cannot open on 32 Bit application” Some thing Notice that was the very first File he sent me when i started contacting him. Now That he Re-Sent me the File XP Version , then it might not work for you I guess…

what is your OS?

oh and like I said. It Will Send any Cookies that you would have.
Its a Virus that Steals Cookies meaning he can Figure out your user name and password Whenever you log in.

For more info , Google MailPassView , its a real program not a virus.
i bet the trojan some how send those to the hacker’s mail pass view.

Be sure to be safe while using avast.
But since you had the runtime error i don’t think it worked.

what is your OS (XP or vista) and 32 bit or 64 bit?

can some one please check those web sites for me (i don’t how) i mean scan:

http://www.theclaussens.net/gallery/...s/over9000.jpg
ClansMeet.Co.Cc

Hi Scan,

In this thread again it is demonstrated that you should (not) trust in the virtual world as you would in the real world and weren’t you told as a child to never take candy from strangers. Never trust anyone not even your own shadow online at first sight- it could be a scam, it could be a person that lures, it could be a troll and it could be a negative jealous person that want to harm you for the simple reason that he/she/it hates all of the world around him/her/it for no reason. There are people online that walk the white tiles and those that go mainly on the black ones, and would you know all that in advance? Life should have taught you that much.
“Now once bitten, twice shy”, as the proverb says You have learned your lesson. Good that you passed this experiece on to others, and I hope by doing this will have a positive outcome for people here on the forums. Thank you for sharing this experience with us,

polonus

i were told lol , but i don’t know what got into me
this incident helped me a lot but how ever i could have had it some way else easier >_>

Ok I feel Unsecured now. he has my IP Adress , what are the chances he could hack me with only that?
He knows my IP Adress and My ISP and the Country i live in.

could he hack me without giving me a trojan?
also did this File (The Virus) work on XP? if the Virus File (Previous File) couldn’t be opened because of Run-time Error (64 bit app).
I think the guy (The Cracker) is trying to Resend it , could it be possiable and this Virus works for Vista-only or XP-only?

Should I feel safe now or what.
i have Malware-bites , Super Antispyware , and Avira (Free Version).

Hi Scan,

Install Threatfire from here: http://www.threatfire.com/download/
on that machine, after you have changed your log on password with a good and sturdy longer one, also change the password of your modem (yes that can be changed, go to http://10.0.0.139)
then also download wwdc to close all these connections there: http://www.softpedia.com/progDownload/Windows-Worms-Doors-Cleaner-Download-107294.html
Use DropMyRights for apps when you do not have to download or upload something on your account and
use Firefox or Flock browser with the NoScript extension to prevent script from running from visiting a website. Then if your machine is no longer with compromised third party software running there, I wish the hacker loads of success to compromise you again,

pol