Jump to content

LSSetup fp ?


lurkingatu2
 Share

Recommended Posts

Mbam log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5516

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

1/13/2011 10:01:31 PM

mbam-log-2011-01-13 (22-01-17).txt

Scan type: Full scan (C:\|)

Objects scanned: 343128

Time elapsed: 1 hour(s), 39 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\SWSetup\LSSS\LSSetup.exe (Trojan.WinLock) -> No action taken.

virustotal

LSSetup.exe

Submission date: 2011-01-14 05:55:07 (UTC)

Current status: queued queued (#2) analysing finished

Result: 0/ 41 (0.0%)

VT Community

not reviewed

Safety score: -

Compact Print results Antivirus Version Last Update Result

AhnLab-V3 2011.01.14.00 2011.01.13 -

AntiVir 7.11.1.122 2011.01.13 -

Antiy-AVL 2.0.3.7 2011.01.14 -

Avast 4.8.1351.0 2011.01.13 -

Avast5 5.0.677.0 2011.01.13 -

AVG 10.0.0.1190 2011.01.14 -

BitDefender 7.2 2011.01.14 -

CAT-QuickHeal 11.00 2011.01.14 -

ClamAV 0.96.4.0 2011.01.14 -

Command 5.2.11.5 2011.01.14 -

Comodo 7385 2011.01.14 -

DrWeb 5.0.2.03300 2011.01.14 -

Emsisoft 5.1.0.1 2011.01.14 -

eSafe 7.0.17.0 2011.01.13 -

eTrust-Vet 36.1.8098 2011.01.13 -

F-Prot 4.6.2.117 2011.01.13 -

F-Secure 9.0.16160.0 2011.01.14 -

Fortinet 4.2.254.0 2011.01.13 -

GData 21 2011.01.14 -

Ikarus T3.1.1.97.0 2011.01.14 -

Jiangmin 13.0.900 2011.01.14 -

K7AntiVirus 9.75.3535 2011.01.13 -

Kaspersky 7.0.0.125 2011.01.14 -

McAfee 5.400.0.1158 2011.01.14 -

McAfee-GW-Edition 2010.1C 2011.01.14 -

NOD32 5785 2011.01.13 -

Norman 6.06.12 2011.01.13 -

nProtect 2011-01-13.01 2011.01.13 -

Panda 10.0.2.7 2011.01.13 -

PCTools 7.0.3.5 2011.01.14 -

Prevx 3.0 2011.01.14 -

Rising 22.82.04.00 2011.01.14 -

Sophos 4.61.0 2011.01.14 -

SUPERAntiSpyware 4.40.0.1006 2011.01.14 -

TheHacker 6.7.0.1.114 2011.01.13 -

TrendMicro 9.120.0.1004 2011.01.14 -

TrendMicro-HouseCall 9.120.0.1004 2011.01.14 -

VBA32 3.12.14.2 2011.01.13 -

VIPRE 8067 2011.01.14 -

ViRobot 2011.1.14.4253 2011.01.14 -

VirusBuster 13.6.144.0 2011.01.13 -

Additional informationShow all

MD5 : 3ebe572247b754634eae5c1a34dfa3eb

SHA1 : 8c78af53925cdd9ce661e6764525d68cc95c58be

SHA256: 316b070bc9b057ffae2772f1c10d9a8ebeefc9bc05ee5207b926cf27a9cc447e

ssdeep: 196608:m1BiG/zppkfG8KhF16hZQ8GDy3a+hMWKDqHeuwIqx1EAFG2CYU:mfbr/10qJuKQMW0oe

Wqx1RFG2CY

File size : 8929824 bytes

First seen: 2008-03-22 06:06:19

Last seen : 2011-01-14 05:55:07

TrID:

Win64 Executable Generic (59.6%)

Win32 Executable MS Visual C++ (generic) (26.2%)

Win32 Executable Generic (5.9%)

Win32 Dynamic Link Library (generic) (5.2%)

Generic Win/DOS Executable (1.3%)

sigcheck:

publisher....: LightScribe

copyright....: Copyright © 2007 Hewlett-Packard Develo

product......: LS_HSI

description..: LS_HSI

original name: Setup.exe

internal name: Setup

file version.: 1.12.33.

comments.....: n/a

signers......: Hewlett-Packard Company

VeriSign Class 3 Code Signing 2004 CA

Class 3 Public Primary Certification Authority

signing date.: 11:19 PM 2/26/2008

verified.....: -

PEiD: Armadillo v1.71

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x2996C

timedatestamp....: 0x4626BFD3 (Thu Apr 19 01:03:15 2007)

machinetype......: 0x14c (I386)

[[ 4 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x34252, 0x35000, 6.52, c9197aa9b527836ce29af10d2ddf924d

.rdata, 0x36000, 0x6D26, 0x7000, 4.77, bf4b45ddeeea5d7f1fb47b800a27cf48

.data, 0x3D000, 0x9D04, 0x6000, 3.14, 83c11175151189b2c495762e2f027778

.rsrc, 0x47000, 0x157EC, 0x16000, 7.54, 72a7b55ba74e3c1250a7af683373d5d2

[[ 10 import(s) ]]

VERSION.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA

SHELL32.dll: SHGetPathFromIDListA, ShellExecuteA, SHBrowseForFolderA, SHGetMalloc

COMCTL32.dll: -

KERNEL32.dll: DuplicateHandle, GetCurrentProcess, ExitProcess, WaitForSingleObject, CreateProcessA, lstrcpyA, GetWindowsDirectoryA, SetErrorMode, GetTempPathA, ExpandEnvironmentStringsA, lstrcmpA, lstrcmpiA, GetTickCount, GetExitCodeThread, CreateThread, CopyFileA, InterlockedIncrement, InterlockedDecrement, QueryPerformanceFrequency, CreateEventA, lstrcatA, GetTempFileNameA, CompareStringA, CompareStringW, GetVersionExA, SetFilePointer, SetFileAttributesA, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, FreeLibrary, GetProcAddress, LoadLibraryA, LockResource, LoadResource, SizeofResource, FindResourceA, GetSystemDefaultLCID, GlobalHandle, VerLanguageNameA, FormatMessageA, LocalFree, GetLocalTime, MoveFileA, SetCurrentDirectoryA, FindClose, FindNextFileA, CompareFileTime, FindFirstFileA, GetSystemTimeAsFileTime, GetSystemInfo, MulDiv, IsValidCodePage, GetVersion, FlushFileBuffers, SetEndOfFile, GetDiskFreeSpaceA, GetDriveTypeA, CreateDirectoryA, MapViewOfFile, GetCurrentThread, GetLocaleInfoA, GetFileType, GetStdHandle, GetThreadContext, GetEnvironmentStringsW, SetLastError, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetOEMCP, GetACP, GetCPInfo, SetUnhandledExceptionFilter, LCMapStringW, LCMapStringA, IsBadWritePtr, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentVariableA, TlsGetValue, TlsAlloc, TlsSetValue, GetCurrentThreadId, HeapSize, HeapReAlloc, GetCommandLineA, GetStartupInfoA, RaiseException, RtlUnwind, DeleteCriticalSection, InterlockedExchange, IsBadReadPtr, SystemTimeToFileTime, QueryPerformanceCounter, ResetEvent, SetEvent, GetShortPathNameA, VirtualProtect, VirtualQuery, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, TerminateProcess, GetModuleHandleA, SearchPathA, SetStdHandle, UnmapViewOfFile, lstrlenA, CreateFileA, GetFileSize, GlobalAlloc, CloseHandle, VirtualProtectEx, WriteProcessMemory, FlushInstructionCache, SetThreadContext, ResumeThread, DeleteFileA, Sleep, RemoveDirectoryA, IsDBCSLeadByte, GetFileAttributesA, GetProcessHeap, HeapAlloc, HeapFree, WriteFile, lstrcpynA, GetModuleFileNameA, lstrlenW, WideCharToMultiByte, MultiByteToWideChar, SetHandleCount, GetLastError, GlobalLock, ReadFile, GlobalUnlock, GlobalFree, GetEnvironmentStrings, CreateFileMappingA, GetStringTypeA, GetStringTypeW, IsBadCodePtr, GetExitCodeProcess

USER32.dll: GetDlgItemTextA, GetWindow, SetCursor, UpdateWindow, GetClassInfoA, CharUpperA, CharLowerBuffA, wvsprintfA, EnableWindow, GetParent, GetWindowTextLengthA, GetWindowTextA, MoveWindow, GetWindowPlacement, DrawIcon, DestroyIcon, GetDlgCtrlID, SetWindowTextA, FillRect, GetSysColor, GetSysColorBrush, SendMessageA, LoadStringA, GetSystemMetrics, SetRect, FindWindowA, IntersectRect, SubtractRect, IsWindow, DestroyWindow, CreateDialogParamA, CharNextA, MessageBoxA, WaitForInputIdle, GetWindowLongA, BeginPaint, EndPaint, SetWindowLongA, GetClientRect, ClientToScreen, SetWindowPos, GetWindowDC, EndDialog, GetDlgItem, ShowWindow, DialogBoxParamA, GetDesktopWindow, wsprintfA, MsgWaitForMultipleObjects, PeekMessageA, DefWindowProcA, PostMessageA, KillTimer, PostQuitMessage, SetTimer, LoadIconA, LoadCursorA, RegisterClassA, CreateWindowExA, GetMessageA, TranslateMessage, DispatchMessageA, GetDC, ReleaseDC, CharPrevA, ExitWindowsEx, SendDlgItemMessageA, GetWindowRect, IsDialogMessageA

GDI32.dll: CreateFontA, GetTextExtentPoint32A, SetBkMode, SetTextColor, GetObjectA, CreateFontIndirectA, CreateSolidBrush, CreateCompatibleDC, SelectObject, BitBlt, DeleteDC, DeleteObject, GetStockObject, GetSystemPaletteEntries, CreatePalette, GetDeviceCaps, SelectPalette, RealizePalette, CreateDIBitmap, TranslateCharsetInfo

ADVAPI32.dll: RegQueryValueA, RegOpenKeyA, FreeSid, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegEnumValueA, RegCreateKeyExA, RegSetValueExA, RegDeleteValueA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, AllocateAndInitializeSid, GetTokenInformation, OpenThreadToken, EqualSid

RPCRT4.dll: UuidCreate, RpcStringFreeA, UuidToStringA

ole32.dll: CoUninitialize, CoInitialize

OLEAUT32.dll: -, -, -, -, -, -, -

ExifTool:

file metadata

CharacterSet: Unicode

CodeSize: 217088

CompanyName: LightScribe

EntryPoint: 0x2996c

FileDescription: LS_HSI

FileFlagsMask: 0x003f

FileOS: Win32

FileSize: 8.5 MB

FileSubtype: 0

FileType: Win32 EXE

FileVersion: 1.12.33.

FileVersionNumber: 14.0.0.162

ImageVersion: 0.0

InitializedDataSize: 143360

InternalBuildNumber: 62562

InternalName: Setup

LanguageCode: English (U.S.)

LegalCopyright: Copyright © 2007 Hewlett-Packard Develo

LinkerVersion: 6.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 4.0

ObjectFileType: Dynamic link library

OriginalFilename: Setup.exe

PEType: PE32

ProductName: LS_HSI

ProductVersion: 1.12

ProductVersionNumber: 14.0.0.0

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 2007:04:19 03:03:15+02:00

UninitializedDataSize: 0

VT Community

thanks

:P

Link to post
Share on other sites

I had that same potential fp today along with a few others that seem to be related:

Files Infected:

c:\HP\BIN\msoffice\microsoft office activation assistant.exe (Trojan.WinLock) -> Quarantined and deleted successfully. ---What is this?

And...

c:\SwSetup\LSSS\LSSetup.exe (Trojan.WinLock) -> Quarantined and deleted successfully.

c:\SwSetup\MSdemo\setup.exe (Trojan.WinLock) -> Quarantined and deleted successfully.

c:\SwSetup\sp47423\LSSetup.exe (Trojan.WinLock) -> Quarantined and deleted successfully.

c:\SwSetup\sp48094\LSSetup.exe (Trojan.WinLock) -> Quarantined and deleted successfully.

c:\SwSetup\sp48792\LSSetup.exe (Trojan.WinLock) -> Quarantined and deleted successfully.

????

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.