Downloader.VB.AXO

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
On Saturday an AVG Free scan turned up the Downloader.VB.AXO trojan
horse in C:\Program Files\music_now\inetchk.exe. As far as I know, this
folder and file have been on my PC since I got it last August (it came
pre-installed with other HP software).

Googling turns up a few posts indicating this might be a false positive
from AVG.

Any thoughts?

--

Dennis

Re: Downloader.VB.AXO


| On Saturday an AVG Free scan turned up the Downloader.VB.AXO trojan
| horse in C:\Program Files\music_now\inetchk.exe. As far as I know, this
| folder and file have been on my PC since I got it last August (it came
| pre-installed with other HP software).
|
| Googling turns up a few posts indicating this might be a false positive
| from AVG.
|
| Any thoughts?
|


Please submit a sample of "inetchk.exe" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it.  In addition,
unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Downloader.VB.AXO

On Mon, 11 Feb 2008 22:10:44 GMT, "David H. Lipman"

Quoted text here. Click to load it

grisoft suggested I post a sample to http://virusscan.jotti.org /. Here
are their results...

Quoted text here. Click to load it

It looks like they can't agree as to what it is, if anything.

Thanks.

--

Dennis

Re: Downloader.VB.AXO



Quoted text here. Click to load it
file's scan
Packers
|
| It looks like they can't agree as to what it is, if anything.
|
| Thanks.
|

Jotti's is a good alternative to Virus Total.
I rate Virus Total higher with NO offense meant towards Jordi.

There is no real naming convention in naming malware.  Very few anti virus
companies name
the same infector the same way and often when they do, the version is often
different
amongst the various vendors.  A good example would be a ZLob Trojan.  Several
vendors may
call it a ZLob Trojan but will show the version differently.

That is why the US Gov't. commissioned MITRE to come up with the Common Malware
Enumeration
(CME) list which cross references with high infection rates.  Often vendors will
append
CME-xxx to the name of the infector.  Inspect the below URL and you'll see just
how
differently the various vendors name the SAME infector.
http://cme.mitre.org/data/list.html

Anyway, based upon the high "hit" rate, I'd say this is NOT a False Positive.

Remove the Trojan by moving into the Virus Vault.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Downloader.VB.AXO

On Mon, 11 Feb 2008 23:03:02 GMT, "David H. Lipman"

Quoted text here. Click to load it

I suspect the PC came with this. I wonder if grisoft just recently
updated their definitions to find this. I haven't downloaded anything in
the past 10 days that I can remember and the PC was clean the Saturday
before.

Quoted text here. Click to load it

Done.

***

I haven't been able to find a description of this one so I don't know
what it is supposed to do. I'd like to know what to look for if anything
funny starts happening.

Thanks,

--

Dennis

Re: Downloader.VB.AXO


| On Mon, 11 Feb 2008 23:03:02 GMT, "David H. Lipman"
|
Quoted text here. Click to load it
|
| I suspect the PC came with this. I wonder if grisoft just recently
| updated their definitions to find this. I haven't downloaded anything in
| the past 10 days that I can remember and the PC was clean the Saturday
| before.
|
Quoted text here. Click to load it
|
| Done.
|
| ***
|
| I haven't been able to find a description of this one so I don't know
| what it is supposed to do. I'd like to know what to look for if anything
| funny starts happening.
|
| Thanks,
|

To find that information, use the information obtained from Jotti.

Based upon the infector name and the anti virus vendor, check the vendor's
respective virus
libraries/encyclopedias.

BTW:  The reason I stated to move this into the Virus Vault is becuase if this is
ebventually deemed to be a False Positive then it can be restored.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Downloader.VB.AXO

On Mon, 11 Feb 2008 23:47:38 GMT, "David H. Lipman"

Quoted text here. Click to load it

I just tried that. AVG doesn't have a listing for this trojan (maybe
it's too new). The only other vendor I could find with an encyclopedia
was Avira, and they didn't have their infector name either. Maybe I'll
try looking more tomorrow.

Thanks,

--

Dennis

Re: Downloader.VB.AXO

On Mon, 11 Feb 2008 23:03:02 GMT, "David H. Lipman"

Quoted text here. Click to load it

I sent inetchk.exe (zipped and password protected) to grisoft. They just
got back to me and said it was a false positive.

Thanks for your help...

--

Dennis

Re: Downloader.VB.AXO


| On Mon, 11 Feb 2008 23:03:02 GMT, "David H. Lipman"
|
Quoted text here. Click to load it
|
| I sent inetchk.exe (zipped and password protected) to grisoft. They just
| got back to me and said it was a false positive.
|
| Thanks for your help...
|

Arghhhhhhhh !

Thank for the update.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline