Some people really believe their antivirus software is the best... Here's a proof that they're not. This malware (trojan) is packed with Themida, which most antivirus companies have not yet bothered to include in their blacklists. Not that I'm saying it's good to blacklist packers, but at times I really wonder if it's better than waiting for someone to use it, pack their malware and start spreading it.
Message: poze cu mine si filumete de sex cu mine http://zenzion.net/filename si pe cine intereseaza id meu sexyandreeeaaa pt cei care vor o noapte frt ieftin :) pt mai multe detali intrati pe id meu :) fac si masturbare prin web ce doriti voi :) http://zenzion.net/filename http://zenzion.net/filename http://zenzion.net/filename (language = romanian, filename = album.rar)
album.rar contained poze.exe, which I've sent to be analyzed using the Anubis project, here are the results.
The executable creates a connection with Undernet IRC Network, waiting for its creator to remotely control and abuse!
Main program: C:\Windows\system32\svhost.exe (the legit one Windows uses is svChost.exe)
I've tried to upload the program to the Kaspersky website, and guess what - it doesn't allow more than 1MB to be uploaded. The archive/executable were about 1.4MB.
Removal tool: Cwean antimalware package