I'm not sure if both of the files are malware, but the latter is surely something, if you take a look at the file analysis by the Anubis project. The files were scanned with Virustotal.
#1 where filename = album.exeAnalysis of the file
OnA|R!~Spumant@OnAIR.users.undernet.org MSG!#bucuresti
care vrea sa vada un album erotic al unei fete de 22 de ani din bucuresti ? romirc.com/site/filename
(Romanian - something about an erotic album of a 22-year old girl from bucharest)
#2 - where filename = Maria_Lena_YouTube_Video.avi.exe
Analysis of the file
maria19d!~maric@ACB173A2.ipt.aol.com NOTCCHAN!#cyprus
hi sou, me lene maria kai ime skyla!! an thes na me deis sto youtube video pou ekana me mia fili GYMNES pata edo ->
http://www.top10asians.com/filenameServerAnikiti19!anikiti@216.131.100.184 NOTCCHAN!#limassol
hi sou, me lene maria kai ime skyla!! an thes na me deis sto youtube video pou ekana me mia fili GYMNES pata edo -> http://www.top10asians.com/filenameServer
(the actual file that can be downloaded is without Server at the end - the language here is Greeklish [greek using latin characters], it says the file is a youtube video, pretends to be a porn video)
Important executables:
c:\program files\windows media player\wm player.exe
c:\windows\system32\Registry3311.exe
c:\windows\system\Full_Video_View.exe
c:\windows\system32\Uninstal.exe
The file #2 is added in the list Add/Remove programs of Windows as MyProduct
Removal program suggestion: Cwean antimalware package
No comments:
Post a Comment