See what we have here: unknown_file_$INSTDIR/SkyMonk.exe infected with PAK_Generic.001
See where it resides: http://www.virustotal.com/url-scan/report.html?id=2dc1aa59754d1414e08b910b75d2b130-1323276410
See the file scan results: http://www.virustotal.com/file-scan/report.html?id=0ca983e14180413f2173d7653a716e1bec144cd384ecd77560c8d55ba385f554-1323280198
Found to be suspicious here:
http://siteinspector.comodo.com/public/reports/754269
See: http://r.virscan.org/b42b1172ffe8f5047c4cb46a41671455
Here the scan was given clean:
Checking: -http://letitbit.net/skymonk_25436578_91.exe
Engine version: 5.0.2.3300
Total virus-finding records: 2892364
File size: 3.56 MB
File MD5: 50023ad4b9fcd92ec3432575b084cefa

-http://letitbit.net/skymonk_25436578_91.exe - archive NSIS

-http://letitbit.net/skymonk_25436578_91.exe/script.bin - Ok
-http://letitbit.net/skymonk_25436578_91.exe/\modern-header.bmp - Ok
-http://letitbit.net/skymonk_25436578_91.exe/\InstallOptions.dll - Ok
-http://letitbit.net/skymonk_25436578_91.exe/State - Ok
-http://letitbit.net/skymonk_25436578_91.exe/SkyMonk.exe packed by UPX

-http://letitbit.net/skymonk_25436578_91.exe/SkyMonk.exe - Ok
-http://letitbit.net/skymonk_25436578_91.exe/update.exe packed by UPX
-http://letitbit.net/skymonk_25436578_91.exe/update.exe - Ok
-http://letitbit.net/skymonk_25436578_91.exe/filter.dll packed by UPX
-http://letitbit.net/skymonk_25436578_91.exe/filter.dll - Ok
-http://letitbit.net/skymonk_25436578_91.exe/english.loc packed by UPX
-http://letitbit.net/skymonk_25436578_91.exe/english.loc - Ok
-http://letitbit.net/skymonk_25436578_91.exe/russian.loc packed by UPX
-http://letitbit.net/skymonk_25436578_91.exe/russian.loc - Ok
-http://letitbit.net/skymonk_25436578_91.exe/skymonk.dat - Ok
-http://letitbit.net/skymonk_25436578_91.exe/marker.exe packed by UPX
-http://letitbit.net/skymonk_25436578_91.exe/marker.exe - Ok
-http://letitbit.net/skymonk_25436578_91.exe/MailRuSputnik_rfrletitbit2_s_mpcln9514_lite.exe - Ok
-http://letitbit.net/skymonk_25436578_91.exe/\md5dll.dll packed by UPX
-http://letitbit.net/skymonk_25436578_91.exe/\md5dll.dll - Ok
-http://letitbit.net/skymonk_25436578_91.exe/\InetLoad.dll - Ok
-http://letitbit.net/skymonk_25436578_91.exe/\UserInfo.dll - Ok
-http://letitbit.net/skymonk_25436578_91.exe/\System.dll - Ok
-http://letitbit.net/skymonk_25436578_91.exe/\endownload.ini - Ok
-http://letitbit.net/skymonk_25436578_91.exe/\rudownload.ini - Ok
-http://letitbit.net/skymonk_25436578_91.exe/\ensetup.ini - Ok
-http://letitbit.net/skymonk_25436578_91.exe/___\rusetup.ini - Ok
-http://letitbit.net/skymonk_25436578_91.exe - Ok
Is that so, really?
See:
http://vscan.urlvoid.com/file/50023ad4b9fcd92ec3432575b084cefa/c2t5bW9uay0yNTQzNjU3OC05MS1leGU=/

polonus

Hi forum friends,

Always good to go back on your tracks and re-evaluate.
Polonus is getting older folks, :o
Here it was previously found to be clean in an earlier version some time ago, re: http://forum.avast.com/index.php?topic=88089.0

But according to this report: http://isthisfilesafe.net/md5/A22641A2A15CE6BA3AAB04774DD652F5_details.aspx
there is spyware like activity and trojan downloader activity…
See also analysis: http://xml.ssdsandbox.net/view/50023ad4b9fcd92ec3432575b084cefa
because of
1.- C:\DOCUME~1\Dave\LOCALS~1\Temp\nsaD.tmp
see explanation: http://www.prevx.com/filenames/X841050630301398688-X1/NSAD.TMP.html
2. - nsvB.tmp is found with generic PUP finds,
3. - nsaD.tmp\UserInfo.dll denotes a GEN PWS
4. - \modern-header.bmp. for security risk - downloader
5. - mutex {60EC43DF-7CB2-42d4-9873-7904458AA629} file disassembler mutex

Virus alerts:
CAT-QuickHeal: (Suspicious) - DNAScan
McAfee: New Win32.g4
TrendMicro-HouseCall: PAK_Generic.001
TrendMicro: PAK_Generic.001
Sophos: Sus/Behav-200
Finally we find:
6. - ----Class Name (CicMarshalWndClass) Window Name (CicMarshalWndIGB)
this characteristic for trojan like activity,

polonus