Hi forum friends,

Scanned this: http://vscan.urlvoid.com/analysis/11ea1cac1b6a156f34248849aa7907cb/dW5pcXVlLWV4ZQ==/
Only Emisift detects through this scan as Trojan.Win32.Spy2.LV.
Complete VT results: http://www.virustotal.com/file-scan/report.html?id=14edc7e17f0f54eb4c750ef54e79b7241b77094ffe6d39f2a7e6d5583dead4b0-1321766091 &
http://www.threatexpert.com/report.aspx?md5=11ea1cac1b6a156f34248849aa7907cb

Unique.exe packed by UPX, so this could be a FP heuristic find or is it real malware,
and it is a malware injector?

polonus

This could be virtool…while NOD32 detects a variant of Win32/Injector.KWT here, heuristic detection of a file injector - dangerous malware or misdetection of goodware?
Also interesting to read this: http://www.live-forensics.com/?p=143
Then there is this download given by live-forensics software release…-http://www.live-forensics.com/dl/Unique.zip
which download link has been given clean here: http://vscan.urlvoid.com/analysis/45afe86f634a10fdc9f9f64cc6b5655f/dW5pcXVlLXppcA==/

polonus

Malwarebytes detect it as Trojan.Darkeye

Hi Pondus,

Thanks for confirming this as malware. I would not have expected otherwise, because it is an illegal file download. Good MBAM detects it and hopefully cleans it. Else victims could use TDSS killer as an option tp remove it:
http://support.kaspersky.com/viruses/solutions?qid=208280684
This if TDSS killer can handle this variant, while there are quite a few variants going around. Else there are other specific ways for removal, but that is a speciality of the qualified removers like essexboy and oldman…

polonus