New virus and old not virus

Viruses and worms
1

Virus - http://www.yvs.mak[blam]eevka.com/files/msntwbwu.exe.zip (4Kb)
Not virus - http://www.yvs.make[blem]evka.com/files/dmaster.zip (800Kb)

2

yvs,

Please don’t post links to viruses on the forum- email them to virus[at]avast.com in a password-protected zip file (don’t forget to include the password) or put the file in the ‘user files’ section of the chest and email it from there.

The same is true for suspected false positives.

3

Ok, files deleted.

Emailed at 28.08.2007. No results and no answers.

4

from Virustotal:

AhnLab-V3 2007.9.5.0 2007.09.05 -
AntiVir 7.6.0.5 2007.09.05 TR/PSW.LDPinch.TAW.379
Authentium 4.93.8 2007.09.05 -
Avast 4.7.1029.0 2007.09.05 -
AVG 7.5.0.485 2007.09.05 Win32/PolyCrypt
BitDefender 7.2 2007.09.05 Trojan.PWS.LDPinch.TAW
CAT-QuickHeal 9.00 2007.09.05 Trojan.PolyCrypt.d
ClamAV 0.91.2 2007.09.05 -
DrWeb 4.33 2007.09.05 Trojan.Packed.166
eSafe 7.0.15.0 2007.09.04 Win32.PolyCrypt.d
eTrust-Vet 31.1.5111 2007.09.05 -
Ewido 4.0 2007.09.05 -
FileAdvisor 1 2007.09.05 -
Fortinet 3.11.0.0 2007.09.05 W32/AvPak.D
F-Prot 4.3.2.48 2007.09.05 -
F-Secure 6.70.13030.0 2007.09.05 Packed.Win32.PolyCrypt.d
Ikarus T3.1.1.12 2007.09.05 Trojan-Downloader.Win32.Small.cyn
Kaspersky 4.0.2.24 2007.09.05 Packed.Win32.PolyCrypt.d
McAfee 5112 2007.09.04 -
Microsoft 1.2803 2007.09.05 TrojanDownloader:Win32/Small.CBA
NOD32v2 2507 2007.09.05 -
Norman 5.80.02 2007.09.05 -
Panda 9.0.0.4 2007.09.05 Trj/Downloader.MDW
Prevx1 V2 2007.09.05 -
Rising 19.39.22.00 2007.09.05 Packer.RyCrypt
Sophos 4.21.0 2007.09.05 Mal/Generic-A
Sunbelt 2.2.907.0 2007.09.05 Trojan-PWS.LDPinch.TAW
Symantec 10 2007.09.05 -
TheHacker 6.1.9.178 2007.09.05 Trojan/PolyCrypt.d
VBA32 3.12.2.3 2007.09.04 -
VirusBuster 4.3.26:9 2007.09.05 Trojan.DR.Cimuz.Gen.1
Webwasher-Gateway 6.0.1 2007.09.05 Trojan.PSW.LDPinch.TAW.379

Additional information
File size: 6289 bytes
MD5: 8bbc84ae1f621814793d14ff6fa59a18
SHA1: f70c8c56f48ed5caa6d43d9be67d8bf691dec35b
packers: RCrypt

Virus was detected with Comodo Firewall. Free scaner CureIt! (http://freedrweb.com/?lng=en) can found and kill this virus.

5

hmmm… i don’t know if it really is a good way to detect RCryptor 2.0 as a virus…

6

anyway… i’ll suggest this topic to user misak from virus analysts team :wink:

7

Hi,

file msntwbwu.exe is like dropper. It unpack many files to IE temp directory. Unpacked files are already detected by Avast as Win32:Agent.
Detection for msntwbwu.exe will be in next VPS update…

8

Tnx.