See: http://wepawet.iseclab.org/view.php?hash=5eb4eadde424fe5688e2b5d555390d1f&t=1302863177&type=js
Accompanying Anubis report: http://anubis.iseclab.org/?action=result&task_id=1515c4ac8077b0984e59bda049041de35
found: Backdoor.Win32.IRCBot (Sig-Id:1524068)
Vscan: http://vscan.urlvoid.com/analysis/f9a3210b241c2235636bd65de16d76e5/d2luZG93c3VsdGltYXRlLWV4ZQ==/
virustotal: http://www.virustotal.com/file-scan/report.html?id=ce45d531d949d34bcb89cea27e7cc663d199f3ccd67371cca37ef98543b9b781-1302862440
ThreatExpert report: http://www.threatexpert.com/report.aspx?md5=f9a3210b241c2235636bd65de16d76e5

Should be added to detection,

polonus

In the mean time also detected as Backdoor.Poison, a remote access trojan which allows attackers unauthorized access to infected machines. Malware Type:TT_Backdoor, see: http://www.virustotal.com/file-scan/report.html?id=ce45d531d949d34bcb89cea27e7cc663d199f3ccd67371cca37ef98543b9b781-1302865054

polonus

EAM gets it.

Hi Asyn,

We are now at 7:
http://www.virustotal.com/file-scan/report.html?id=ce45d531d949d34bcb89cea27e7cc663d199f3ccd67371cca37ef98543b9b781-1302944821
Bitdefender flags it also now as Trojan.Generic.KD.190223, which also do F-secure and G-Data.
Nod32 has Win32/Delf.NVC,
But no avast detection for it so-far,
Here we stand at two detections:
http://vscan.urlvoid.com/analysis/f9a3210b241c2235636bd65de16d76e5/d2luZG93c3VsdGltYXRlLWV4ZQ==/
EAM as you reported and Ikarus

Two samples can be found here: http://forums.malwarebytes.org/index.php?showtopic=81916 provided by Eddy Cheung
member of the group malware hunters at MBAM forums - Attached file are to be be verified there.

polonus

Hi forum friends,

Avast has added protection against this now: http://www.virustotal.com/file-scan/report.html?id=ce45d531d949d34bcb89cea27e7cc663d199f3ccd67371cca37ef98543b9b781-1302968199

So I can change the topic title to [SOLVED] and we are protected,

polonus

D., thanks for the update…!
asyn