Click here to get back home

cannot find anything about this virus and how to delete it (SPR/YFlood.A.3)
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.security.virus    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
cannot find anything about this virus and how to delete it (SPR/YFlood.A.3) Massimo 03-11-2008
Posted by Massimo on March 13, 2008, 7:02 am
Please log in for more thread options
 Hello Dave,

On Wed, 12 Mar 2008 20:40:28 GMT, "David H. Lipman"

>
[CUT]
>>>
>| I wanted to follow your advice but there seems to be i little problem:
>| how do I submit this quarantined file? A short inquiry into Avira
>| Antivir program settings does not hint to a possibility to submit
>| quarantined files to other destinations then to Avira-boys themselves.
>|
>| Any advice?
>|
>>> When you get the report, please post back the exact results.
>|
>| Massimo
>
>It is an OCX file and is not executable.
>Temporarily disable AntiVir and restore the file. Then move the restored file
from its
>restored location to a different location (e.g; c:\ ) then submit the OCX file
to Virus
>Total's web page.
>
>Note the orginal, restored, location in case this is a False Positive.
>
>Then, re-enable AntiVir.

Thank you very much Dave!

Massimo


Posted by David H. Lipman on March 13, 2008, 4:14 pm
Please log in for more thread options

| Thank you very much Dave!
|
| Massimo

YW. I await the Virus Total report.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by Massimo on March 16, 2008, 2:27 am
Please log in for more thread options
Hello David,

On Thu, 13 Mar 2008 20:14:55 GMT, "David H. Lipman"

>
>
>| Thank you very much Dave!
>|
>| Massimo
>
>YW. I await the Virus Total report.

Wait no longer ;-)

Here is the report I received from VirusTotal:
--------------------------------------------------
Complete scanning result of "prjChameleon.ocx", processed in
VirusTotal at 03/16/2008 06:51:33 (CET).

[ file data ]
* name: prjChameleon.ocx
* size: 98304
* md5.: a97e15ae38c44b2f7adc2483c0fcd232
* sha1: c374a51a73a33cb387acb0d3b31151729969aa90
* peid..: -

[ scan result ]
AhnLab-V3        2008.3.15.0/20080314        found nothing
AntiVir        7.6.0.73/20080314        found [SPR/YFlood.A.3]
Authentium        4.93.8/20080314        found nothing
Avast        4.7.1098.0/20080315        found nothing
AVG        7.5.0.516/20080315        found nothing
BitDefender        7.2/20080316        found nothing
CAT-QuickHeal        9.50/20080314        found nothing
ClamAV        0.92.1/20080315        found nothing
DrWeb        4.44.0.09170/20080315        found nothing
eSafe        7.0.15.0/20080309        found [Win32.Adload.a]
eTrust-Vet        31.3.5616/20080314        found nothing
Ewido        4.0/20080315        found nothing
F-Prot        4.4.2.54/20080315        found nothing
F-Secure        6.70.13260.0/20080314        found nothing
FileAdvisor        1/20080316        found nothing
Fortinet        3.14.0.0/20080316        found nothing
Ikarus        T3.1.1.20/20080316        found [Virus.Win32.Spyware]
Kaspersky        7.0.0.125/20080316        found nothing
McAfee        5252/20080314        found nothing
Microsoft        1.3301/20080315        found nothing
NOD32v2        2949/20080315        found nothing
Norman        5.80.02/20080314        found nothing
Panda        9.0.0.4/20080315        found nothing
Prevx1        V2/20080316        found nothing
Rising        20.35.51.00/20080315        found nothing
Sophos        4.27.0/20080316        found nothing
Sunbelt        3.0.963.0/20080314        found nothing
Symantec        10/20080316        found nothing
TheHacker        6.2.92.247/20080315        found nothing
VBA32        3.12.6.2/20080313        found nothing
VirusBuster        4.3.26:9/20080315        found nothing
Webwasher-Gateway        6.6.2/20080314        found [Riskware.YFlood.A.3]
----------------------------------------------------

My temporair (don't remember the right word in English) conclusion
could be: no serious threat, as only a few scanners have any comment
on this file. Now, when I asked in the Avira forum to comment on this,
I received a vague reply. The only concrete part of their answer was
that only part of their names of threats figure in their virus
database.

I will take a look at the virusdatabases of the few other scanners
that have a comment on this file in order to elucidate what it does.

Any thoughts about it?

Regards,
Massimo

Posted by Dustin Cook on March 16, 2008, 2:59 am
Please log in for more thread options

> Hello David,
>
> On Thu, 13 Mar 2008 20:14:55 GMT, "David H. Lipman"
>
>>
>>
>>| Thank you very much Dave!
>>|
>>| Massimo
>>
>>YW. I await the Virus Total report.
>
> Wait no longer ;-)
>
> Here is the report I received from VirusTotal:
> --------------------------------------------------
> Complete scanning result of "prjChameleon.ocx", processed in
> VirusTotal at 03/16/2008 06:51:33 (CET).
>
> [ file data ]
> * name: prjChameleon.ocx
> * size: 98304
> * md5.: a97e15ae38c44b2f7adc2483c0fcd232
> * sha1: c374a51a73a33cb387acb0d3b31151729969aa90
> * peid..: -
>
> [ scan result ]
> AhnLab-V3 2008.3.15.0/20080314 found nothing
> AntiVir 7.6.0.73/20080314 found [SPR/YFlood.A.3]
> Authentium 4.93.8/20080314 found nothing
> Avast 4.7.1098.0/20080315 found nothing
> AVG 7.5.0.516/20080315 found nothing
> BitDefender 7.2/20080316 found nothing
> CAT-QuickHeal 9.50/20080314 found nothing
> ClamAV 0.92.1/20080315 found nothing
> DrWeb 4.44.0.09170/20080315 found nothing
> eSafe 7.0.15.0/20080309 found [Win32.Adload.a]
> eTrust-Vet 31.3.5616/20080314 found nothing
> Ewido 4.0/20080315 found nothing
> F-Prot 4.4.2.54/20080315 found nothing
> F-Secure 6.70.13260.0/20080314 found nothing
> FileAdvisor 1/20080316 found nothing
> Fortinet 3.14.0.0/20080316 found nothing
> Ikarus T3.1.1.20/20080316 found [Virus.Win32.Spyware]
> Kaspersky 7.0.0.125/20080316 found nothing
> McAfee 5252/20080314 found nothing
> Microsoft 1.3301/20080315 found nothing
> NOD32v2 2949/20080315 found nothing
> Norman 5.80.02/20080314 found nothing
> Panda 9.0.0.4/20080315 found nothing
> Prevx1 V2/20080316 found nothing
> Rising 20.35.51.00/20080315 found nothing
> Sophos 4.27.0/20080316 found nothing
> Sunbelt 3.0.963.0/20080314 found nothing
> Symantec 10/20080316 found nothing
> TheHacker 6.2.92.247/20080315 found nothing
> VBA32 3.12.6.2/20080313 found nothing
> VirusBuster 4.3.26:9/20080315 found nothing
> Webwasher-Gateway 6.6.2/20080314 found [Riskware.YFlood.A.3]
> ----------------------------------------------------
>
> My temporair (don't remember the right word in English) conclusion
> could be: no serious threat, as only a few scanners have any comment
> on this file. Now, when I asked in the Avira forum to comment on this,
> I received a vague reply. The only concrete part of their answer was
> that only part of their names of threats figure in their virus
> database.

I would tend to agree with the non serious threat it may pose.
If you'd like to send a sample along tho, I'll be happy to add it to
BugHunter and pass it along to other developers.



--
Regards,
Dustin Cook - http://bughunter.it-mate.co.uk
BugHunter v2.2e AntiMalware Removal Utility


Posted by Massimo on March 16, 2008, 3:02 am
Please log in for more thread options
Hello Dustin,

On Sun, 16 Mar 2008 06:59:23 GMT, Dustin Cook

>
>> Hello David,
>>
>> On Thu, 13 Mar 2008 20:14:55 GMT, "David H. Lipman"
>>
>>>
>>>
>>>| Thank you very much Dave!
>>>|
>>>| Massimo
>>>
>>>YW. I await the Virus Total report.
>>
>> Wait no longer ;-)
>>
>> Here is the report I received from VirusTotal:
>> --------------------------------------------------
>> Complete scanning result of "prjChameleon.ocx", processed in
>> VirusTotal at 03/16/2008 06:51:33 (CET).
>>
>> [ file data ]
>> * name: prjChameleon.ocx
>> * size: 98304
>> * md5.: a97e15ae38c44b2f7adc2483c0fcd232
>> * sha1: c374a51a73a33cb387acb0d3b31151729969aa90
>> * peid..: -
>>
>> [ scan result ]
>> AhnLab-V3 2008.3.15.0/20080314 found nothing
>> AntiVir 7.6.0.73/20080314 found [SPR/YFlood.A.3]
>> Authentium 4.93.8/20080314 found nothing
>> Avast 4.7.1098.0/20080315 found nothing
>> AVG 7.5.0.516/20080315 found nothing
>> BitDefender 7.2/20080316 found nothing
>> CAT-QuickHeal 9.50/20080314 found nothing
>> ClamAV 0.92.1/20080315 found nothing
>> DrWeb 4.44.0.09170/20080315 found nothing
>> eSafe 7.0.15.0/20080309 found [Win32.Adload.a]
>> eTrust-Vet 31.3.5616/20080314 found nothing
>> Ewido 4.0/20080315 found nothing
>> F-Prot 4.4.2.54/20080315 found nothing
>> F-Secure 6.70.13260.0/20080314 found nothing
>> FileAdvisor 1/20080316 found nothing
>> Fortinet 3.14.0.0/20080316 found nothing
>> Ikarus T3.1.1.20/20080316 found [Virus.Win32.Spyware]
>> Kaspersky 7.0.0.125/20080316 found nothing
>> McAfee 5252/20080314 found nothing
>> Microsoft 1.3301/20080315 found nothing
>> NOD32v2 2949/20080315 found nothing
>> Norman 5.80.02/20080314 found nothing
>> Panda 9.0.0.4/20080315 found nothing
>> Prevx1 V2/20080316 found nothing
>> Rising 20.35.51.00/20080315 found nothing
>> Sophos 4.27.0/20080316 found nothing
>> Sunbelt 3.0.963.0/20080314 found nothing
>> Symantec 10/20080316 found nothing
>> TheHacker 6.2.92.247/20080315 found nothing
>> VBA32 3.12.6.2/20080313 found nothing
>> VirusBuster 4.3.26:9/20080315 found nothing
>> Webwasher-Gateway 6.6.2/20080314 found [Riskware.YFlood.A.3]
>> ----------------------------------------------------
>>
>> My temporair (don't remember the right word in English) conclusion
>> could be: no serious threat, as only a few scanners have any comment
>> on this file. Now, when I asked in the Avira forum to comment on this,
>> I received a vague reply. The only concrete part of their answer was
>> that only part of their names of threats figure in their virus
>> database.
>
>I would tend to agree with the non serious threat it may pose.
>If you'd like to send a sample along tho, I'll be happy to add it to
>BugHunter and pass it along to other developers.
>
Thank you for your opinion.
How exactly shall I send the file to you?

Massimo

Similar ThreadsPosted
PROGRAM Will not delete all way virus/ malware????? September 20, 2006, 11:38 pm
pc infected but cannot find the virus February 5, 2006, 11:35 am
unknown virus that delete zip and jpeg file June 12, 2007, 2:17 am
Trying to find info on virus / trojan attacks June 12, 2005, 9:42 pm
Is this a virus or something else? Disappearing folder named "system", then can't delete the parent June 6, 2006, 6:28 pm
How to find virus/worm/trojan on network client September 21, 2005, 8:29 pm
Can You Find Out Who I am? October 31, 2005, 4:27 pm
Cannot find IRN.exe March 22, 2007, 9:22 am
cannot delete trojan file July 6, 2005, 2:08 pm
Still getting Mail for delete Domain Name? February 24, 2006, 3:54 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap