A partir del ElistarA 29.22 de hoy pasamos a controlar dos nuevas variantes de este rootkit
Los preanalisis de viriustotal ofrecen estos informes:
MD5 d656d463aef7a5d8d594c2b250ea5b33
SHA1 40f46694b7bb2a2817d568549827fb59e560af56
File size 125.5 KB ( 128512 bytes )
SHA256: 4bcb5fed4645611d019c4b7b2e9df9fb3955d7307f24d0a7f8fe1856a6ffe90f
Nombre: JAKIMDINOMUW.EXE.Muestra EliStartPage v29.20
Detecciones: 22 / 50
Fecha de análisis: 2014-01-24 11:50:19 UTC ( hace 0 minutos )
0 1
Antivirus Resultado Actualización
AVG BackDoor.Generic18.JRY 20140124
Ad-Aware Trojan.GenericKD.1512152 20140124
AntiVir TR/Rogue.1512152 20140124
Avast Win32:Trojan-gen 20140124
BitDefender Trojan.GenericKD.1512152 20140124
Comodo UnclassifiedMalware 20140124
DrWeb BackDoor.Bulknet.1342 20140124
ESET-NOD32 Win32/Wigon.PI 20140124
Emsisoft Trojan.GenericKD.1512152 (B) 20140124
F-Secure Trojan.GenericKD.1512152 20140124
Fortinet W32/Pushdo.PI!tr.bdr 20140124
GData Trojan.GenericKD.1512152 20140124
Kaspersky Backdoor.Win32.Pushdo.riw 20140124
Kingsoft Win32.Hack.Pushdo.r.(kcloud) 20130829
McAfee Artemis!D656D463AEF7 20140124
McAfee-GW-Edition Artemis!D656D463AEF7 20140124
MicroWorld-eScan Trojan.GenericKD.1512152 20140124
Qihoo-360 Win32/Backdoor.988 20140122
Sophos Mal/Generic-S 20140124
Symantec Backdoor.Trojan 20140124
TrendMicro-HouseCall TROJ_GEN.R0CBH05AO14 20140124
nProtect Trojan.GenericKD.1512152 20140124
________
MD5 1aa14b2519c23329605a64fcc381a79b
SHA1 7bda0da09313916b2e06e8a5bbf761ca5b7a51a7
File size 87.0 KB ( 89088 bytes )
SHA256: 4b6deccf127423660ae1cf2c916f9271b6b78480d71417cd9a20e0e316639bb0
Nombre: LAXYKPILVOGU.EXE.Muestra EliStartPage v29.20
Detecciones: 22 / 49
Fecha de análisis: 2014-01-24 11:53:14 UTC ( hace 0 minutos )
0 7
Antivirus Resultado Actualización
Ad-Aware Trojan.GenericKD.1513399 20140124
AntiVir TR/Wigon.PH.12 20140124
Avast Win32:Cutwail-BY 20140124
BitDefender Trojan.GenericKD.1513399 20140124
Comodo UnclassifiedMalware 20140124
ESET-NOD32 Win32/Wigon.PH 20140124
Emsisoft Trojan.GenericKD.1513399 (B) 20140124
GData Trojan.GenericKD.1513399 20140124
Ikarus Trojan.Win32.Cutwail 20140124
Kaspersky Trojan.Win32.Cutwail.cig 20140124
Malwarebytes Spyware.Zbot 20140124
McAfee Artemis!1AA14B2519C2 20140124
McAfee-GW-Edition Artemis!1AA14B2519C2 20140124
MicroWorld-eScan Trojan.GenericKD.1513399 20140124
Microsoft TrojanDownloader:Win32/Cutwail 20140124
Norman Kryptik.CDGF 20140124
Qihoo-360 HEUR/Malware.QVM20.Gen 20140122
Sophos Mal/Generic-S 20140124
Symantec Backdoor.Trojan 20140124
TrendMicro BKDR_PUSHBOT.HY 20140124
TrendMicro-HouseCall BKDR_PUSHBOT.HY 20140124
nProtect Trojan.GenericKD.1513399 20140124
DIcha version del ElistarA 29.22 que los detecta y elimina, estará disponible en nuestra web a partir de las 15 h CEST de hoy
saludos
ms, 24-1-2014
Los preanalisis de viriustotal ofrecen estos informes:
MD5 d656d463aef7a5d8d594c2b250ea5b33
SHA1 40f46694b7bb2a2817d568549827fb59e560af56
File size 125.5 KB ( 128512 bytes )
SHA256: 4bcb5fed4645611d019c4b7b2e9df9fb3955d7307f24d0a7f8fe1856a6ffe90f
Nombre: JAKIMDINOMUW.EXE.Muestra EliStartPage v29.20
Detecciones: 22 / 50
Fecha de análisis: 2014-01-24 11:50:19 UTC ( hace 0 minutos )
0 1
Antivirus Resultado Actualización
AVG BackDoor.Generic18.JRY 20140124
Ad-Aware Trojan.GenericKD.1512152 20140124
AntiVir TR/Rogue.1512152 20140124
Avast Win32:Trojan-gen 20140124
BitDefender Trojan.GenericKD.1512152 20140124
Comodo UnclassifiedMalware 20140124
DrWeb BackDoor.Bulknet.1342 20140124
ESET-NOD32 Win32/Wigon.PI 20140124
Emsisoft Trojan.GenericKD.1512152 (B) 20140124
F-Secure Trojan.GenericKD.1512152 20140124
Fortinet W32/Pushdo.PI!tr.bdr 20140124
GData Trojan.GenericKD.1512152 20140124
Kaspersky Backdoor.Win32.Pushdo.riw 20140124
Kingsoft Win32.Hack.Pushdo.r.(kcloud) 20130829
McAfee Artemis!D656D463AEF7 20140124
McAfee-GW-Edition Artemis!D656D463AEF7 20140124
MicroWorld-eScan Trojan.GenericKD.1512152 20140124
Qihoo-360 Win32/Backdoor.988 20140122
Sophos Mal/Generic-S 20140124
Symantec Backdoor.Trojan 20140124
TrendMicro-HouseCall TROJ_GEN.R0CBH05AO14 20140124
nProtect Trojan.GenericKD.1512152 20140124
________
MD5 1aa14b2519c23329605a64fcc381a79b
SHA1 7bda0da09313916b2e06e8a5bbf761ca5b7a51a7
File size 87.0 KB ( 89088 bytes )
SHA256: 4b6deccf127423660ae1cf2c916f9271b6b78480d71417cd9a20e0e316639bb0
Nombre: LAXYKPILVOGU.EXE.Muestra EliStartPage v29.20
Detecciones: 22 / 49
Fecha de análisis: 2014-01-24 11:53:14 UTC ( hace 0 minutos )
0 7
Antivirus Resultado Actualización
Ad-Aware Trojan.GenericKD.1513399 20140124
AntiVir TR/Wigon.PH.12 20140124
Avast Win32:Cutwail-BY 20140124
BitDefender Trojan.GenericKD.1513399 20140124
Comodo UnclassifiedMalware 20140124
ESET-NOD32 Win32/Wigon.PH 20140124
Emsisoft Trojan.GenericKD.1513399 (B) 20140124
GData Trojan.GenericKD.1513399 20140124
Ikarus Trojan.Win32.Cutwail 20140124
Kaspersky Trojan.Win32.Cutwail.cig 20140124
Malwarebytes Spyware.Zbot 20140124
McAfee Artemis!1AA14B2519C2 20140124
McAfee-GW-Edition Artemis!1AA14B2519C2 20140124
MicroWorld-eScan Trojan.GenericKD.1513399 20140124
Microsoft TrojanDownloader:Win32/Cutwail 20140124
Norman Kryptik.CDGF 20140124
Qihoo-360 HEUR/Malware.QVM20.Gen 20140122
Sophos Mal/Generic-S 20140124
Symantec Backdoor.Trojan 20140124
TrendMicro BKDR_PUSHBOT.HY 20140124
TrendMicro-HouseCall BKDR_PUSHBOT.HY 20140124
nProtect Trojan.GenericKD.1513399 20140124
DIcha version del ElistarA 29.22 que los detecta y elimina, estará disponible en nuestra web a partir de las 15 h CEST de hoy
saludos
ms, 24-1-2014