LiquidCowBoy
1 Copper

Re: Search Result Redirect/Hijacked Browser

G'day Kevin,

    Here's the results from the VirusTotal scan of dwm.exe. It didn't look so good, lots of red and 'trojan' 😕

File name:

dwm.exe

Submission date:

2011-07-19 13:28:05 (UTC)

Current status:

finished

Result:

26/ 43 (60.5%)

Antivirus Version         Last Update                Result

AhnLab-V3 2011.07.19.02 2011.07.19          Backdoor/Win32.Gbot

AntiVir        7.11.11.228 2011.07.19                  TR/Crypt.EPACK.Gen2

Antiy-AVL 2.0.3.7 2011.07.15 -

Avast        4.8.1351.0 2011.07.19 -

Avast5        5.0.677.0 2011.07.19                 Win32:Cycbot-HJ [Trj]

AVG                10.0.0.1190 2011.07.19                 BackDoor.Generic14.JBR

BitDefender 7.2 2011.07.19                                 Gen:Variant.Kazy.30967

CAT-QuickHeal 11.00 2011.07.19                 (Suspicious) - DNAScan

ClamAV        0.97.0.0 2011.07.19 -

Commtouch 5.3.2.6 2011.07.19 -

Comodo 9436 2011.07.19 -

DrWeb        5.0.2.03300 2011.07.19                 Trojan.DownLoader4.12898

Emsisoft 5.1.0.8 2011.07.19                         Trojan.Win32.Menti.hdsi!A2

eSafe        7.0.17.0 2011.07.19 -

eTrust-Vet 36.1.8452 2011.07.19                 Win32/FakeAlert.J!generic

F-Prot        4.6.2.117 2011.07.19 -

F-Secure 9.0.16440.0 2011.07.19                 Gen:Variant.Kazy.30967

Fortinet        4.2.257.0 2011.07.19                 W32/Kryptik.POT!tr

GData        22 2011.07.19                                 Gen:Variant.Kazy.30967

Ikarus        T3.1.1.104.0 2011.07.19 -

Jiangmin 13.0.900 2011.07.18                Trojan/Menti.dmq

K7AntiVirus 9.108.4919 2011.07.18 -

Kaspersky 9.0.0.837 2011.07.19                HEUR:Trojan.Win32.Generic

McAfee        5.400.0.1158 2011.07.19         BackDoor-EXI.gen.k

McAfee-GW-Edition 2010.1D 2011.07.19        BackDoor-EXI.gen.k

Microsoft 1.7000 2011.07.19                        Backdoor:Win32/Cycbot.B

NOD32        6307 2011.07.19                        a variant of Win32/Kryptik.QJC

Norman        6.07.10 2011.07.18 -

nProtect        2011-07-19.01 2011.07.19        Gen:Variant.Kazy.30967

Panda        10.0.3.5 2011.07.19                        Suspicious file

PCTools        8.0.0.5 2011.07.13 -

Prevx        3.0 2011.07.19 -

Rising        23.67.01.05 2011.07.19 -

Sophos        4.67.0 2011.07.19                        Troj/FakeAV-EFL

SUPERAntiSpyware 4.40.0.1006 2011.07.19 Trojan.Agent/Gen-Backdoor

Symantec 20111.1.0.186 2011.07.19        Trojan.Gen.2

TheHacker 6.7.0.1.257 2011.07.18 -

TrendMicro 9.200.0.1012 2011.07.19        BKDR_CYCBOT.SME3

TrendMicro-HouseCall 9.200.0.101 2011.07.19 BKDR_CYCBOT.SME3

VBA32       3.12.16.4 2011.07.19 -

VIPRE       9902 2011.07.19                        Trojan.Win32.Generic!BT

ViRobot        2011.7.19.4577 2011.07.19 -

VirusBuster 14.0.129.0 2011.07.18 -

Additional information

MD5   : 49d3eedb5421352e895ad43b24df23cd

SHA1  : 58870855aaff44297463683c4bfc3cf83009b17b

SHA256: c136596178ed53f8dd8c7c72ca280c964b95965fda7c1265950ca95fef9a59f2

As for the SystemLook, I downloaded it and hit run and was stopped by an error message "Script Required" thus no results. I tried both mirror sites and ended up with the same result.

Thanks =D

ryan

0 Kudos