Trojan recycle_bin.exe not immediately detected

Avast Free Antivirus / Premium Security
1

File name: recycle_bin.exe

Test Results:

Avast 4.6 Home VPS 0609-3 free edition allowed recycle_bin.exe to run, but alerted about infected files being copied around the system.

AVG Free 7.1.375 reacted immediately I copied recycle_bin.exe over. I tried to run it, but couldn’t.

WARNING THIS IS A TROJAN WILL MAKE YOUR PC A ZOMBIE
removed
Archive password: virus

2

Hi darkultra,

Please don’t post links to malware. You can send the suspect file to:

virus at avast.com (Substitute @ for ‘at’)

This is a report processed by VirusTotal on 03/05/2006 at 13:21:31 (CET) after scanning the file “recycle_bin.exe” file.

Antivirus Version Update Result
AntiVir 6.33.1.53 03.04.2006 no virus found
Avast 4.6.695.0 03.03.2006 no virus found
AVG 718 03.03.2006 Dropper.Agent.ZV
Avira 6.33.1.53 03.04.2006 no virus found
BitDefender 7.2 03.05.2006 BehavesLike:Trojan.Downloader
CAT-QuickHeal 8.00 03.04.2006 no virus found
ClamAV devel-20060126 03.05.2006 no virus found
DrWeb 4.33 03.04.2006 Trojan.MulDrop.3065
eTrust-InoculateIT 23.71.93 03.04.2006 no virus found
eTrust-Vet 12.4.2104 03.03.2006 no virus found
Ewido 3.5 03.04.2006 Dropper.Agent.vx
Fortinet 2.71.0.0 03.05.2006 suspicious
F-Prot 3.16c 03.03.2006 no virus found
Ikarus 0.2.59.0 03.03.2006 no virus found
Kaspersky 4.0.2.24 03.05.2006 Trojan-Dropper.Win32.Agent.vx
McAfee 4710 03.03.2006 MultiDropper-OB
NOD32v2 1.1430 03.04.2006 Win32/TrojanDropper.Agent.VX
Norman 5.70.10 03.03.2006 no virus found
Panda 9.0.0.4 03.05.2006 Suspicious file
Sophos 4.03.0 03.04.2006 no virus found
Symantec 8.0 03.05.2006 no virus found
TheHacker 5.9.5.106 03.04.2006 no virus found
UNA 1.83 03.02.2006 no virus found
VBA32 3.10.5 03.03.2006 Trojan-Dropper.Win32.Agent.vx

For better protection: avast! and Ewido!

3

Welcome to the forums, darkultra. :slight_smile:

If you are running 2 resident anti-virus programs on the same computer, then you have a greater risk of infection on that computer. In this case, 2 is not better than one … because the 2 will conflict with each other causing less protection than just one and more chance of infection.

4

Bump!

This still isn’t detected!!!

5

:slight_smile: Hi all :

 Seems Darkultra's "VPS : 0609-3 " & "Virus Total's
 "4.6.695 " are NOT the latest VPS. 0614-1 and 4.6.763 !?
6

Very good point Spiritsongs, I must admit that when I upload samples to Jotti or VirusTotal I don’t check and see if they are using the latest VPS or version, I have always assumed that they would be the latest. It is certainly something to watch. It would be different for us to check Jotti as it uses the Linux version of avast and that doesn’t have the same version numbering.

I know they don’t update immediately, but I thought it would be much quicker than that, 4.6.695 is quite old, so I wonder what the actual VPS is that is being used.