Click here to get back home

cannot find anything about this virus and how to delete it (SPR/YFlood.A.3)
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.security.virus    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
cannot find anything about this virus and how to delete it (SPR/YFlood.A.3) Massimo 03-11-2008
Posted by Dustin Cook on March 16, 2008, 2:16 pm
Please log in for more thread options
> Hello Dustin,
>
> On Sun, 16 Mar 2008 06:59:23 GMT, Dustin Cook
>
>>
>>> Hello David,
>>>
>>> On Thu, 13 Mar 2008 20:14:55 GMT, "David H. Lipman"
>>>
>>>>
>>>>
>>>>| Thank you very much Dave!
>>>>|
>>>>| Massimo
>>>>
>>>>YW. I await the Virus Total report.
>>>
>>> Wait no longer ;-)
>>>
>>> Here is the report I received from VirusTotal:
>>> --------------------------------------------------
>>> Complete scanning result of "prjChameleon.ocx", processed in
>>> VirusTotal at 03/16/2008 06:51:33 (CET).
>>>
>>> [ file data ]
>>> * name: prjChameleon.ocx
>>> * size: 98304
>>> * md5.: a97e15ae38c44b2f7adc2483c0fcd232
>>> * sha1: c374a51a73a33cb387acb0d3b31151729969aa90
>>> * peid..: -
>>>
>>> [ scan result ]
>>> AhnLab-V3 2008.3.15.0/20080314 found nothing
>>> AntiVir 7.6.0.73/20080314 found [SPR/YFlood.A.3]
>>> Authentium 4.93.8/20080314 found nothing
>>> Avast 4.7.1098.0/20080315 found nothing
>>> AVG 7.5.0.516/20080315 found nothing
>>> BitDefender 7.2/20080316 found nothing
>>> CAT-QuickHeal 9.50/20080314 found nothing
>>> ClamAV 0.92.1/20080315 found nothing
>>> DrWeb 4.44.0.09170/20080315 found nothing
>>> eSafe 7.0.15.0/20080309 found [Win32.Adload.a]
>>> eTrust-Vet 31.3.5616/20080314 found nothing
>>> Ewido 4.0/20080315 found nothing
>>> F-Prot 4.4.2.54/20080315 found nothing
>>> F-Secure 6.70.13260.0/20080314 found nothing
>>> FileAdvisor 1/20080316 found nothing
>>> Fortinet 3.14.0.0/20080316 found nothing
>>> Ikarus T3.1.1.20/20080316 found [Virus.Win32.Spyware]
>>> Kaspersky 7.0.0.125/20080316 found nothing
>>> McAfee 5252/20080314 found nothing
>>> Microsoft 1.3301/20080315 found nothing
>>> NOD32v2 2949/20080315 found nothing
>>> Norman 5.80.02/20080314 found nothing
>>> Panda 9.0.0.4/20080315 found nothing
>>> Prevx1 V2/20080316 found nothing
>>> Rising 20.35.51.00/20080315 found nothing
>>> Sophos 4.27.0/20080316 found nothing
>>> Sunbelt 3.0.963.0/20080314 found nothing
>>> Symantec 10/20080316 found nothing
>>> TheHacker 6.2.92.247/20080315 found nothing
>>> VBA32 3.12.6.2/20080313 found nothing
>>> VirusBuster 4.3.26:9/20080315 found nothing
>>> Webwasher-Gateway 6.6.2/20080314 found [Riskware.YFlood.A.3]
>>> ----------------------------------------------------
>>>
>>> My temporair (don't remember the right word in English) conclusion
>>> could be: no serious threat, as only a few scanners have any comment
>>> on this file. Now, when I asked in the Avira forum to comment on
this,
>>> I received a vague reply. The only concrete part of their answer was
>>> that only part of their names of threats figure in their virus
>>> database.
>>
>>I would tend to agree with the non serious threat it may pose.
>>If you'd like to send a sample along tho, I'll be happy to add it to
>>BugHunter and pass it along to other developers.
>>
> Thank you for your opinion.
> How exactly shall I send the file to you?

http://bughunter.it-mate.co.uk/MALWARE.TXT


Thank you for the sample.


--
Regards,
Dustin Cook - http://bughunter.it-mate.co.uk
BugHunter v2.2e AntiMalware Removal Utility


Posted by Massimo on March 15, 2008, 3:32 pm
Please log in for more thread options
 Hello David,

On Wed, 12 Mar 2008 20:40:28 GMT, "David H. Lipman"

>
>| Hello David,
>|
>| On Tue, 11 Mar 2008 21:19:14 GMT, "David H. Lipman"
>|
>>>
>>> < snip >
>>>
>>|> So I decided to do a first thorough scan with Avira after making the
>>|> necessary settings in the program and... it found a virus! In
>>|> C:\Windows\System32\prjChameleon.ocx it found a pattern of
>>|> SPR/YFlood.A.3.
>>|>
>>> < snip >
>>>
>>> Please submit a sample of "prjChameleon.ocx" to Virus Total --
>>> http://www.virustotal.com/flash/index_en.html
>>> The submission will then be tested against many different AV vendor's
scanners.
>>> That will give you an idea what it is and who recognizes it. In addition
Virus
>>> Total will provide the sample to all participating vendors.
>>>
>>> You can also submit a suspect, one at a time, via the following email URL...
>>> mailto:scan@virustotal.com?subject=SCAN
>>>
>| I wanted to follow your advice but there seems to be i little problem:
>| how do I submit this quarantined file? A short inquiry into Avira
>| Antivir program settings does not hint to a possibility to submit
>| quarantined files to other destinations then to Avira-boys themselves.
>|
>| Any advice?
>|
>>> When you get the report, please post back the exact results.
>|
>| Massimo
>
>It is an OCX file and is not executable.
>Temporarily disable AntiVir and restore the file. Then move the restored file
from its
>restored location to a different location (e.g; c:\ ) then submit the OCX file
to Virus
>Total's web page.
>
>Note the orginal, restored, location in case this is a False Positive.
>
>Then, re-enable AntiVir.

I tried to follow your advices but first could nont find back the
details of your advice. Later on I found them and now... my second
computer has lost its capacity of connecting to the internet and the
normal mesures to reconnect it do not succeed.
I'm so fed up with that piece of crap of a computer that i may take
some time to do the thing i promised.

So please be patient (as you asked me when the file to be uploaded to
www.virustotal will arrive)

Regards
Massimo

Posted by Massimo on March 16, 2008, 3:08 am
Please log in for more thread options
Hello David, (second answer)

wrote:

>Hello David,
>
>On Wed, 12 Mar 2008 20:40:28 GMT, "David H. Lipman"
>
>>
>>| Hello David,
>>|
>>| On Tue, 11 Mar 2008 21:19:14 GMT, "David H. Lipman"
>>|
>>>>
>>>> < snip >
>>>>
>>>|> So I decided to do a first thorough scan with Avira after making the
>>>|> necessary settings in the program and... it found a virus! In
>>>|> C:\Windows\System32\prjChameleon.ocx it found a pattern of
>>>|> SPR/YFlood.A.3.
>>>|>
>>>> < snip >
>>>>
>>>> Please submit a sample of "prjChameleon.ocx" to Virus Total --
>>>> http://www.virustotal.com/flash/index_en.html
>>>> The submission will then be tested against many different AV vendor's
scanners.
>>>> That will give you an idea what it is and who recognizes it. In addition
Virus
>>>> Total will provide the sample to all participating vendors.
>>>>
>>>> You can also submit a suspect, one at a time, via the following email URL...
>>>> mailto:scan@virustotal.com?subject=SCAN
>>>>
>>| I wanted to follow your advice but there seems to be i little problem:
>>| how do I submit this quarantined file? A short inquiry into Avira
>>| Antivir program settings does not hint to a possibility to submit
>>| quarantined files to other destinations then to Avira-boys themselves.
>>|
>>| Any advice?
>>|
>>>> When you get the report, please post back the exact results.
>>|
>>| Massimo
>>
>>It is an OCX file and is not executable.
>>Temporarily disable AntiVir and restore the file. Then move the restored file
from its
>>restored location to a different location (e.g; c:\ ) then submit the OCX
file to Virus
>>Total's web page.
>>
>>Note the orginal, restored, location in case this is a False Positive.
>>
>>Then, re-enable AntiVir.
>
>I tried to follow your advices but first could nont find back the
>details of your advice. Later on I found them and now... my second
>computer has lost its capacity of connecting to the internet and the
>normal mesures to reconnect it do not succeed.
>I'm so fed up with that piece of crap of a computer that i may take
>some time to do the thing i promised.
>
>So please be patient (as you asked me when the file to be uploaded to
>www.virustotal will arrive)
>
>Regards
>Massimo

Just as I expected, taking a look at the virus databases of the
avscanners other than Avira did not give any results.
- Webwasher Gateway: name not found in database
- Ikarus: database only accessible for users of their product
- eSafe: found what should heve been 3 hits, but the hits are nothing
but 3 names that are not clickable.

That's all. ;-)

Massimo

Posted by David H. Lipman on March 16, 2008, 8:36 am
Please log in for more thread options


|
| Just as I expected, taking a look at the virus databases of the
| avscanners other than Avira did not give any results.
| - Webwasher Gateway: name not found in database
| - Ikarus: database only accessible for users of their product
| - eSafe: found what should heve been 3 hits, but the hits are nothing
| but 3 names that are not clickable.
|
| That's all. ;-)
|
| Massimo

Well it was worth the effort and I believe the declaration was valid.

Send the file to Dustin. I know where he will provide the file such that it
WILL get better
recognition.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by Massimo on March 16, 2008, 9:18 pm
Please log in for more thread options
Hello,

On Sun, 16 Mar 2008 12:36:10 GMT, "David H. Lipman"

>
>
>|
>| Just as I expected, taking a look at the virus databases of the
>| avscanners other than Avira did not give any results.
>| - Webwasher Gateway: name not found in database
>| - Ikarus: database only accessible for users of their product
>| - eSafe: found what should heve been 3 hits, but the hits are nothing
>| but 3 names that are not clickable.
>|
>| That's all. ;-)
>|
>| Massimo
>
>Well it was worth the effort and I believe the declaration was valid.
>
>Send the file to Dustin. I know where he will provide the file such that it
WILL get better
>recognition.

All right David,

Massimo

Similar ThreadsPosted
PROGRAM Will not delete all way virus/ malware????? September 20, 2006, 11:38 pm
pc infected but cannot find the virus February 5, 2006, 11:35 am
unknown virus that delete zip and jpeg file June 12, 2007, 2:17 am
Trying to find info on virus / trojan attacks June 12, 2005, 9:42 pm
Is this a virus or something else? Disappearing folder named "system", then can't delete the parent June 6, 2006, 6:28 pm
How to find virus/worm/trojan on network client September 21, 2005, 8:29 pm
Can You Find Out Who I am? October 31, 2005, 4:27 pm
Cannot find IRN.exe March 22, 2007, 9:22 am
cannot delete trojan file July 6, 2005, 2:08 pm
Still getting Mail for delete Domain Name? February 24, 2006, 3:54 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap