Malware Bytes Tells All, Or Does It?

[Pro]

I was unaware programs like iPK's file binder's connected remotely to another PC and dropped a file in your AppData > Roaming .

Scan's of the file:

<i>File Info</i><br>
<br>
Report date: 2011-10-09<br>
Scan Occured: <a href="http://my-avscan.com/result_time.php?t=s&w=MjI1NDQw"><img src="http://my-avscan.com/result_time.php?t=i&w=MjI1NDQw"></a><br>
Link to scan: <a href="http://my-avscan.com/result.php?scan=MjI1NDQw">my-avscan.com | Virus Scan Results for iPKsFileEditor.exe</a><br>
File name: <b>iPKsFileEditor.exe</b><br>
File size: 1370624 bytes<br>
MD5 Hash: 6c87a19078bc56d866347b3547b0a841<br>
SHA1 Hash: aa91469d7d1755982dad91329598f5e3c17ab176<br>
Detection rate: <span style="color: rgb(178, 34, 34">1 out of 35</span><br>
Status: <span style="color: rgb(178, 34, 34">INFECTED</span><br>
<br>
<i>Detections</i><br>
<br>
AVG - <span style="color: rgb(0, 128, 0);">Clean</span><br>
Acavir - <span style="color: rgb(0, 128, 0);">Clean</span><br>
Avast 5 -<span style="color: rgb(0, 128, 0);">Clean</span><br>
Avast -<span style="color: rgb(0, 128, 0);">Clean</span><br>
Avira -<span style="color: rgb(0, 128, 0);">Clean</span><br>
BitDefender -<span style="color: rgb(0, 128, 0);">Clean</span><br>
VirusBuster Internet Security -<span style="color: rgb(0, 128, 0);">Clean</span><br>
Clam Antivirus -<span style="color: rgb(0, 128, 0);">Clean</span><br>
COMODO Internet Security -<span style="color: rgb(0, 128, 0);">Clean</span><br>
DrWeb -<span style="color: rgb(0, 128, 0);">Clean</span><br>
eTrust-Vet -<span style="color: rgb(0, 128, 0);">Clean</span><br>
F-PROT Antivirus -<span style="color: rgb(0, 128, 0);">Clean</span><br>
F-Secure Internet Security -<span style="color: rgb(0, 128, 0);">Clean</span><br>
G Data -<span style="color: rgb(0, 128, 0);">Clean</span><br>
IKARUS Security-<span style="color: rgb(0, 128, 0);">Clean</span><br>
Kaspersky Antivirus -<span style="color: rgb(0, 128, 0);">Clean</span><br>
McAfee -<span style="color: rgb(0, 128, 0);">Clean</span><br>
MS Security Essentials -<span style="color: rgb(0, 128, 0);">Clean</span><br>
ESET NOD32 -<span style="color: rgb(0, 128, 0);">Clean</span><br>
Norman -<span style="color: rgb(0, 128, 0);">Clean</span><br>
Norton -<span style="color: rgb(0, 128, 0);">Clean</span><br>
Panda Security -<span style="color: rgb(0, 128, 0);">Clean</span><br>
A-Squared Security -<span style="color: rgb(0, 128, 0);">Clean</span><br>
Quick Heal Antivirus -<span style="color: rgb(0, 128, 0);">Clean</span><br>
Rising Antivirus -<span style="color: rgb(0, 128, 0);">Clean</span><br>
Solo Antivirus -<span style="color: rgb(0, 128, 0);">Clean</span><br>
Sophos -<span style="color: rgb(0, 128, 0);">Clean</span><br>
Trend Micro Internet Security -<span style="color: rgb(0, 128, 0);">Clean</span><br>
VBA32 Antivirus -<span style="color: rgb(0, 128, 0);">Clean</span><br>
Vexira Antivirus -<span style="color: rgb(0, 128, 0);">Clean</span><br>
Webroot Internet Security -<span style="color: rgb(0, 128, 0);">Clean</span><br>
Ad-Aware -<span style="color: rgb(0, 128, 0);">Clean</span><br>Zoner AntiVirus -<span style="color: rgb(178, 34, 34);">INFECTED [Dropper.Generic2.CCOX]</span><br>
AhnLab V3 Internet Security -<span style="color: rgb(0, 128, 0);">Clean</span><br>
BullGuard -<span style="color: rgb(0, 128, 0);">Clean</span><br><br>
<i>Scan report generated by<br>
<a href="http://my-avscan.com">My-AVScan.com</a></i>

and

http://www.virustotal.com/file-scan...c48ed22c93bd400386eb69684c883a2417-1318198252

 

[Nestea]

RE: Malware Bytes Tells All

Good find

Also could you PM me the 2k email list i bought again, deleted by accident >.<

 

[Michael_mybb_import10341]

RE: Malware Bytes Tells All

Using FileAve.com for the HWID...

 

[Pro]

RE: Malware Bytes Tells All

Using FileAve.com for the HWID...

Not accusing you of anything, I'm not experienced in this field, but some one who's a white hat should take a look at this. Whenever my AV picks something up, I always use caution.

 

[TheEpicDax]

RE: Malware Bytes Tells All

Using FileAve.com for the HWID...

Not accusing you of anything, I'm not experienced in this field, but some one who's a white hat should take a look at this. Whenever my AV picks something up, I always use caution.

I can take a look at it. Give me the file download link.

 

[Pro]

RE: Malware Bytes Tells All

Using FileAve.com for the HWID...

Not accusing you of anything, I'm not experienced in this field, but some one who's a white hat should take a look at this. Whenever my AV picks something up, I always use caution.

I can take a look at it. Give me the file download link.

http://runerevolution.net/showthread.php?tid=410

 

[Nestea]

pro can you send me those emails again..... your pm box is full

 

[Pro]

pro can you send me those emails again..... your pm box is full

Go on skype.

 

[.Judgement]

I'll decompile it, and see if there's any malicious functions.
However if he's using a simple ProcessorID HWID system then that is most likely tripping MalwareBytes. (as it's attempting to connect to a remote host without your knowledge)

 

[Michael_mybb_import10341]

I'll decompile it, and see if there's any malicious functions.
However if he's using a simple ProcessorID HWID system then that is most likely tripping MalwareBytes. (as it's attempting to connect to a remote host without your knowledge)

I can send you the source if you want.

 

[.Judgement]

Sure send it to me, although that won't prove much in the eyes of a skeptic.