Tech Support Forum - View Single Post - js/psyme virus aftermath scan from activescan 2.0

kewlix · 09-22-2008, 01:16 PM

Here is my 3rd and final scan from virus Total free C:\WINDOWS\system32\wuauclt.exe

Additional information
File size: 155136 bytes
MD5...: a6b22f62b544cd118677ebbcf6dcc62b
SHA1..: 59cc9aedb9bb2b4292c1bff82fc833702de12bd8
SHA256: 2ee5d11c8206f6152d2da6df1f97d6a49c96363faad03b1707cb6e9eeb2442c0
SHA512: 2b225984116178cacdffc387dde393e52eb37855246f98266de6ce3e9f75158e
6fb7d2b06784222d6b56cb63331bf31ca8a7acae1f426b8d67c3163ccc187090
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100a335
timedatestamp.....: 0x3d6de0e1 (Thu Aug 29 08:52:49 2002)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xe614 0xe800 6.35 23b5784f99d18650ec1cf0bfe8a5c97d
.data 0x10000 0x1098 0x200 1.10 daac5105f85f7bb2e5083204a86c560e
.rsrc 0x12000 0x16f1e 0x17000 4.86 9dd74817de2041d8ec11cf4a8b8cb668

( 13 imports )
> msvcrt.dll: _vsnprintf, _ftol, memmove, _wsplitpath, _wtoi, __2@YAPAXI@Z, __CxxFrameHandler, _vsnwprintf, free, malloc, wcschr, _terminate@@YAXXZ, _except_handler3, _controlfp, __1type_info@@UAE@XZ, _onexit, __dllonexit, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, _CxxThrowException, __3@YAXPAX@Z
> KERNEL32.dll: EnterCriticalSection, GetCurrentThreadId, ExitProcess, SystemTimeToFileTime, GetLocalTime, lstrlenW, GetSystemDefaultLangID, CreateProcessW, GetSystemDirectoryW, GetProcAddress, InterlockedIncrement, LeaveCriticalSection, WaitForMultipleObjects, CreateThread, TryEnterCriticalSection, Sleep, CompareStringW, GetTimeFormatW, LocalFree, GetModuleHandleA, GetStartupInfoA, lstrlenA, CreateMutexW, CreateEventW, OpenEventW, RegisterWaitForSingleObject, SetEvent, WaitForSingleObject, ReleaseMutex, UnregisterWaitEx, FreeLibrary, DeleteCriticalSection, GetLastError, MultiByteToWideChar, GetCurrentProcessId, ProcessIdToSessionId, CloseHandle, SetLastError, GetSystemTime, InterlockedDecrement, FindFirstFileW, FindNextFileW, RemoveDirectoryW, FindClose, DeleteFileW, CreateDirectoryW, SetFileAttributesW, lstrcmpiW, GetFileAttributesW, VerSetConditionMask, VerifyVersionInfoW, GetCommandLineW, LoadLibraryA, ReadFile, GetFileSize, CreateFileW, InitializeCriticalSection, GetModuleHandleW, GetVersionExW, LoadLibraryExW, HeapFree, HeapAlloc, GetProcessHeap, WideCharToMultiByte, FileTimeToSystemTime, GetTickCount, GetCurrentProcess, MoveFileW, HeapReAlloc, SetEndOfFile, SetFilePointer, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, WriteFile, FormatMessageW, GetDateFormatW
> GDI32.dll: SetBkColor, GetCurrentObject, TextOutW, CreateSolidBrush, GetTextExtentPoint32W, BitBlt, CreateCompatibleDC, SetStretchBltMode, StretchBlt, DeleteDC, SetBkMode, SetTextColor, SelectObject, DeleteObject, GetStockObject, CreateFontIndirectW, GetObjectW
> USER32.dll: SetWindowTextW, IsWindow, GetDesktopWindow, CopyRect, OffsetRect, RemovePropW, EqualRect, DrawEdge, GetWindowLongW, UpdateWindow, IsDlgButtonChecked, CheckRadioButton, CheckDlgButton, SetPropW, DrawTextW, GetFocus, SetWindowLongW, GetCapture, ReleaseCapture, GetParent, GetClientRect, FillRect, SetCapture, SetCursor, ScreenToClient, PtInRect, CallWindowProcW, CreateCursor, InvalidateRect, DestroyCursor, SetRectEmpty, DestroyMenu, CreatePopupMenu, AppendMenuW, CreateWindowExW, ShowWindow, SetTimer, PeekMessageW, MsgWaitForMultipleObjectsEx, TranslateMessage, DispatchMessageW, DestroyWindow, PostQuitMessage, SetWindowsHookExW, DefWindowProcW, GetCursorPos, SetForegroundWindow, TrackPopupMenu, SetActiveWindow, SetFocus, DialogBoxParamW, KillTimer, LoadImageW, GetSystemMetrics, LoadStringW, LoadAcceleratorsW, SendMessageW, EndDialog, PostMessageW, LoadCursorW, RegisterClassExW, GetWindowTextLengthW, GetWindowTextW, GetPropW, CreateDialogParamW, BeginPaint, EndPaint, SetWindowPos, GetSystemMenu, EnableMenuItem, TranslateAcceleratorW, CallNextHookEx, GetDlgCtrlID, GetSysColor, GetSysColorBrush, MessageBoxW, GetWindowRect, MapWindowPoints, ReleaseDC, DrawFocusRect, EnableWindow, GetDC, GetDlgItem, GetKeyState
> SHELL32.dll: SHGetFolderPathW, ShellExecuteW, Shell_NotifyIconW
> ole32.dll: CoInitializeEx, CoUninitialize, CoCreateInstance
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -
> urlmon.dll: CreateURLMoniker
> COMCTL32.dll: InitCommonControlsEx
> WTSAPI32.dll: WTSFreeMemory, WTSQuerySessionInformationW
> ADVAPI32.dll: RegCreateKeyExW, RegCloseKey, RegQueryValueExA, RegOpenKeyExA, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetSecurityDescriptorOwner, QueryServiceStatus, CloseServiceHandle, OpenServiceW, OpenSCManagerW, RegOpenKeyExW, RegSetValueExW, RegQueryValueExW, RegOpenKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetNamedSecurityInfoW, GetSecurityDescriptorDacl
> SHLWAPI.dll: PathFindFileNameW, StrChrW, StrRChrW, PathIsRootW, PathIsUNCW, PathStripToRootW, PathIsRelativeW, StrStrW, StrToIntW
> ADVPACK.dll: ExtractFiles

09-22-2008, 01:16 PM	#14 (permalink)
kewlix Registered User Join Date: Sep 2008 Posts: 27 OS: windows sp1	Re: js/psyme virus aftermath scan from activescan 2.0 Here is my 3rd and final scan from virus Total free C:\WINDOWS\system32\wuauclt.exe Additional information File size: 155136 bytes MD5...: a6b22f62b544cd118677ebbcf6dcc62b SHA1..: 59cc9aedb9bb2b4292c1bff82fc833702de12bd8 SHA256: 2ee5d11c8206f6152d2da6df1f97d6a49c96363faad03b1707cb6e9eeb2442c0 SHA512: 2b225984116178cacdffc387dde393e52eb37855246f98266de6ce3e9f75158e 6fb7d2b06784222d6b56cb63331bf31ca8a7acae1f426b8d67c3163ccc187090 PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x100a335 timedatestamp.....: 0x3d6de0e1 (Thu Aug 29 08:52:49 2002) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xe614 0xe800 6.35 23b5784f99d18650ec1cf0bfe8a5c97d .data 0x10000 0x1098 0x200 1.10 daac5105f85f7bb2e5083204a86c560e .rsrc 0x12000 0x16f1e 0x17000 4.86 9dd74817de2041d8ec11cf4a8b8cb668 ( 13 imports ) > msvcrt.dll: _vsnprintf, _ftol, memmove, _wsplitpath, _wtoi, __2@YAPAXI@Z, __CxxFrameHandler, _vsnwprintf, free, malloc, wcschr, _terminate@@YAXXZ, _except_handler3, _controlfp, __1type_info@@UAE@XZ, _onexit, __dllonexit, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, _CxxThrowException, __3@YAXPAX@Z > KERNEL32.dll: EnterCriticalSection, GetCurrentThreadId, ExitProcess, SystemTimeToFileTime, GetLocalTime, lstrlenW, GetSystemDefaultLangID, CreateProcessW, GetSystemDirectoryW, GetProcAddress, InterlockedIncrement, LeaveCriticalSection, WaitForMultipleObjects, CreateThread, TryEnterCriticalSection, Sleep, CompareStringW, GetTimeFormatW, LocalFree, GetModuleHandleA, GetStartupInfoA, lstrlenA, CreateMutexW, CreateEventW, OpenEventW, RegisterWaitForSingleObject, SetEvent, WaitForSingleObject, ReleaseMutex, UnregisterWaitEx, FreeLibrary, DeleteCriticalSection, GetLastError, MultiByteToWideChar, GetCurrentProcessId, ProcessIdToSessionId, CloseHandle, SetLastError, GetSystemTime, InterlockedDecrement, FindFirstFileW, FindNextFileW, RemoveDirectoryW, FindClose, DeleteFileW, CreateDirectoryW, SetFileAttributesW, lstrcmpiW, GetFileAttributesW, VerSetConditionMask, VerifyVersionInfoW, GetCommandLineW, LoadLibraryA, ReadFile, GetFileSize, CreateFileW, InitializeCriticalSection, GetModuleHandleW, GetVersionExW, LoadLibraryExW, HeapFree, HeapAlloc, GetProcessHeap, WideCharToMultiByte, FileTimeToSystemTime, GetTickCount, GetCurrentProcess, MoveFileW, HeapReAlloc, SetEndOfFile, SetFilePointer, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, WriteFile, FormatMessageW, GetDateFormatW > GDI32.dll: SetBkColor, GetCurrentObject, TextOutW, CreateSolidBrush, GetTextExtentPoint32W, BitBlt, CreateCompatibleDC, SetStretchBltMode, StretchBlt, DeleteDC, SetBkMode, SetTextColor, SelectObject, DeleteObject, GetStockObject, CreateFontIndirectW, GetObjectW > USER32.dll: SetWindowTextW, IsWindow, GetDesktopWindow, CopyRect, OffsetRect, RemovePropW, EqualRect, DrawEdge, GetWindowLongW, UpdateWindow, IsDlgButtonChecked, CheckRadioButton, CheckDlgButton, SetPropW, DrawTextW, GetFocus, SetWindowLongW, GetCapture, ReleaseCapture, GetParent, GetClientRect, FillRect, SetCapture, SetCursor, ScreenToClient, PtInRect, CallWindowProcW, CreateCursor, InvalidateRect, DestroyCursor, SetRectEmpty, DestroyMenu, CreatePopupMenu, AppendMenuW, CreateWindowExW, ShowWindow, SetTimer, PeekMessageW, MsgWaitForMultipleObjectsEx, TranslateMessage, DispatchMessageW, DestroyWindow, PostQuitMessage, SetWindowsHookExW, DefWindowProcW, GetCursorPos, SetForegroundWindow, TrackPopupMenu, SetActiveWindow, SetFocus, DialogBoxParamW, KillTimer, LoadImageW, GetSystemMetrics, LoadStringW, LoadAcceleratorsW, SendMessageW, EndDialog, PostMessageW, LoadCursorW, RegisterClassExW, GetWindowTextLengthW, GetWindowTextW, GetPropW, CreateDialogParamW, BeginPaint, EndPaint, SetWindowPos, GetSystemMenu, EnableMenuItem, TranslateAcceleratorW, CallNextHookEx, GetDlgCtrlID, GetSysColor, GetSysColorBrush, MessageBoxW, GetWindowRect, MapWindowPoints, ReleaseDC, DrawFocusRect, EnableWindow, GetDC, GetDlgItem, GetKeyState > SHELL32.dll: SHGetFolderPathW, ShellExecuteW, Shell_NotifyIconW > ole32.dll: CoInitializeEx, CoUninitialize, CoCreateInstance > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, - > urlmon.dll: CreateURLMoniker > COMCTL32.dll: InitCommonControlsEx > WTSAPI32.dll: WTSFreeMemory, WTSQuerySessionInformationW > ADVAPI32.dll: RegCreateKeyExW, RegCloseKey, RegQueryValueExA, RegOpenKeyExA, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetSecurityDescriptorOwner, QueryServiceStatus, CloseServiceHandle, OpenServiceW, OpenSCManagerW, RegOpenKeyExW, RegSetValueExW, RegQueryValueExW, RegOpenKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetNamedSecurityInfoW, GetSecurityDescriptorDacl > SHLWAPI.dll: PathFindFileNameW, StrChrW, StrRChrW, PathIsRootW, PathIsUNCW, PathStripToRootW, PathIsRelativeW, StrStrW, StrToIntW > ADVPACK.dll: ExtractFiles