Trojan:Win32/FakePowav

Uploaded file to VirusTotal. Already Analyzed. 1/37 antivirus programs detected it as malicious, Microsoft OneCare.

 

I elected for the file to be Reanalyzed. This time 3/37. Wow, not bad. Probably not a FP ... Too bad Norton does not reconigze it. 

 

http://www.virustotal.com/analisis/63e865719b9e761b86942d61ce4fd532

 

Appearantly the big "bear", Symantec does move slowly in the winter =). 

 

I just really hope that Symantec bothers to include this in the definitions. Another file I submitted was deemed to be malicious; the link to the site was removed ... do not post links to malicious sites ... and everyone aggreed after I did some extensive testing within Sandboxie. However, its been so long ... =) ... 3 days as a matter of fact ... and I am just hoping that right now some SSR employee is adding that to the defs.

 

My tracking for this sample is

#10090727

 

ThreatExpert analysis coming soon! Stay posted! 

 

http://www.threatexpert.com/report.aspx?md5=fe6b29b732087ea22b6d1d943c4ffa97

 

Looking at the ThreatExpert Report, OneCare was able to discern deep into the actions of the program without even executing it. Too bad Bloodhound can't do that. OneCare was able to see that the file created scrmss.exe entry in %AppData%\. OneCare was also able to see that the file created was malicious. 

Message Edited by Tech0utsider on 12-03-2008 10:49 PM