Win32:Shipup-D [Trj]

Viruses and worms
1

When I plugged my friend’s flash disk, a warning appeared. This is in my log : Sign of "Win32:Shipup-D [Trj]"has been found in “F:\infrom.exe[NsPack]” file. Is it dangerous? Thanks…

2

A google search for infrom.exe returns many hits, this is just one of them, http://fileinfo.prevx.com/adware/qq971242362168-INFR25084937/INFROM.EXE.html as you will see there can be many different malware names associated with this file.

From what I gleaned about this and also searches for Win32:Shipup it is dangerous, trying to take control of your system and or installing a backdoor, etc.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 30 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.

3

When the warning occurred, i chose Delete so i can’t check it with VirusTotal :frowning:
Is there any way to check whether my computer is infected or not?

4

If it was found on your pen drive I doubt it gained access to your system.

But checking the above link (1. COVERT ANALYSIS OF: INFROM.EXE) or other can give information of other things that might be present or do a google search I mentioned.

Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate.

5

When I scanned the flash drive (I got the warning for Shipup-D by OnAccess scanner), I’ve got another trojan :
Sign of “Win32:Shipup-B [Trj]” has been found in “F:\ms.config\ldup.exe[NsPack]” file.
Sign of “Win32:Agent-CKJ [Trj]” has been found in “F\rm\ie.exe” file.

6

The chances of getting other malware on an already compromised pen drive is highly likely. Google searches for both these file names return many hits commonly malware.

http://fileinfo.prevx.com/spyware/qqad3642346158-LDUP17189274/LDUP.EXE.html
http://www.bleepingcomputer.com/startups/IE.EXE-7438.html

I would say your friends pen drive needs completely cleaned (extract essential data), format and install any software again, taking care not to load suspect software, exercise due care and research programs you/he is going to load.

7

Thanks for the information :slight_smile:

8

Your welcome, google is your friend ;D