| reply to elias
Re: [Hacked] DarkMailer? Sorry to hear about your GF's misfortune ! Most good AV/AT should be able to detect/remove this though. Hope she gets it sorted soon.
---------------------
DarkMailer is a super fast bulk email software that sends out at speeds greater than 500,000 emails per hour* on a dedicated mailing server. Dark Mailer has the capability to use Proxies and Relays and also to send directly.
»refwm.com/darkmailer/
»www.specialham.com/specialham/m_···1/tm.htm
Analysis of the DarkMailer etc SpamBot - »www.f-secure.com/weblog/archives···005.html
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks |
|
 SnowymIRC unix.ro UnderNetPremium
join:2003-04-05
Kailua, HI
kudos:5
 ·RoadRunner Cable
 ·Clearwire Wireless
| "Most good AV/AT should be able to detect/remove this though.
Next time you decide to post I wish you would do the community a favor & check your facts first. The OP is dealing with a compromise & needs facts, not Spannerism's.
Heres the facts regarding Jotti's detection of DarkMailer.
Service load: 0% 100%
File: dm.exe
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
MD5 be06575cccb6062ab5d45f47f3958c98
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing |
|
|
|
| SnowyOne
Next time you decide to post I wish you would do the community a favor & check your facts first, like i DID. Here's the facts about DarkMailer that i was talking about -
F-Secure seem to know all about DarkMailer for one, as i already mentioned + linked to. Here's a couple of others that do too, + have it in their defs !
»www.nod32usa.com/nod32-updates/u···980.html
»www.atshield.com/?r=features&pr=list
DarkMailer i've also seen listed as TrojanDropper.Win32
Re Jotti's " NON " detection of DarkMailer. Who did that Jotti's scan ? If it was you based on already having a sample, then why hadn't you sent it on to the AV/AT etc vendors by now, so it would have been detected ? If it wasn't you then who has the file + why are you posting on behalf of someone else ?
You can send it to me via a - »rapidshare.de/ - link, and i'll put it through my stuff and see what gets detected or not + post back with the info, which should be interesting !
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks |
|
 eliasPremium,VIP
join:2000-07-24
Miami, FL | reply to SpannerITWks
said by SpannerITWks:Sorry to hear about your GF's misfortune ! Most good AV/AT should be able to detect/remove this though. Hope she gets it sorted soon. Actually, in checking the Even Viewer, Symantec had updated itself with the latest definitions that very morning around 6am when she turned on her computer. It also seems that when the spammer tried installing it, Symantec identified dm.exe as a trojan and tried to quarantine it. I'm guessing the guy dismissed the pop-up messages and had it ignored or something.
The version they installed on her machine was older, like 1.36 or some such. It has several files with e-mail addresses along with a text file containing the outgoing message. The e-mail addresses were all @aol.com and were all in the L's. The message itself was a Suntrust phishing e-mail, trying to trick the user into providing their info at some site.
--
My Webmaster Gig | Crunching the Midnight Oil |
|
SnowymIRC unix.ro UnderNetPremium
join:2003-04-05
Kailua, HI
kudos:5 Reviews:
·RoadRunner Cable
·Clearwire Wireless
| Elias, I had no doubt you would succesfully sort through it all. The Symantec detection of dm.exe is interesting since it seems to be the only AV to do so.
STATUS: FINISHEDComplete scanning result of "dm.exe", received in VirusTotal at 06.22.2006, 18:12:29 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.15 06.22.2006 no virus found
Authentium 4.93.8 06.22.2006 no virus found
Avast 4.7.844.0 06.22.2006 no virus found
AVG 386 06.22.2006 no virus found
BitDefender 7.2 06.22.2006 no virus found
CAT-QuickHeal 8.00 06.22.2006 no virus found
ClamAV devel-20060426 06.22.2006 no virus found
DrWeb 4.33 06.22.2006 no virus found
eTrust-InoculateIT 23.72.46 06.22.2006 no virus found
eTrust-Vet 12.6.2270 06.22.2006 no virus found
Ewido 3.5 06.22.2006 no virus found
Fortinet 2.77.0.0 06.22.2006 suspicious
F-Prot 3.16f 06.21.2006 no virus found
Ikarus 0.2.65.0 06.22.2006 no virus found
Kaspersky 4.0.2.24 06.22.2006 no virus found
McAfee 4791 06.22.2006 no virus found
Microsoft 1.1481 06.22.2006 no virus found
NOD32v2 1.1615 06.22.2006 no virus found
Norman 5.90.21 06.22.2006 no virus found
Panda 9.0.0.4 06.22.2006 no virus found
Sophos 4.06.0 06.22.2006 no virus found
Symantec 8.0 06.22.2006 Infostealer
TheHacker 5.9.8.164 06.22.2006 no virus found
UNA 1.83 06.21.2006 no virus found
VBA32 3.11.0 06.21.2006 no virus found
VirusBuster 4.3.7:9 06.22.2006 no virus found
Aditional Information
File size: 709632 bytes
MD5: be06575cccb6062ab5d45f47f3958c98
SHA1: ee2d8c2b3da71682eac65a2821cb30af3dbf43cb |
|
eliasPremium,VIP
join:2000-07-24
Miami, FL | said by Snowy:Elias, I had no doubt you would succesfully sort through it all. The Symantec detection of dm.exe is interesting since it seems to be the only AV to do so. I'll try to post a log from SAV10.
--
My Webmaster Gig | Crunching the Midnight Oil |
|
