Author Topic: 9uwR.exe  (Read 5454 times)

Offline comos1

  • Newbie
  • *
  • Posts: 3
9uwR.exe
« on: April 13, 2011, 05:46:38 AM »

Hi,

I was browsing Google's image search when some site appreared to drop a file to my computer, C:\Users\username\AppData\Local\Temp/9uwR.exe which attempted an outgoing connection to the net which i blocked with comodo. So far i havent been able to figure out how the file got through or what it actually is. Comodo didn't find any infections. I'm using windows vista/firefox 4/comodo internet security . Any help would be appriciated, thanks.
« Last Edit: April 13, 2011, 05:55:49 AM by comos1 »

Offline Ronny

  • Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13427
  • Volunteer Moderator
Re: 9uwR.exe
« Reply #1 on: April 13, 2011, 06:09:12 AM »
Do you still have this file on disk?
Can you upload it to www.virustotal.com to see what over AV's think of it?

Please also upload it on these, the first you can submit it as malware, the second generates a verdict.
http://www.comodo.com/home/internet-security/submit.php?
http://valkyrie.comodo.com/
Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline comos1

  • Newbie
  • *
  • Posts: 3
Re: 9uwR.exe
« Reply #2 on: April 13, 2011, 06:37:50 AM »
Thanks for replying Ronny. I did what you asked and got the following results

http://valkyrie.comodo.com/Result.aspx?sha1=5D3A8164DEB350EF8ADFF09DFFD9E5A854211741&&query=0&&filename=9uwR.exe

http://www.virustotal.com/file-scan/report.html?id=872a80662fc64778a4a6334ee9cda031984cdafd2032391494655ee402f5e3f6-1302692975

So apparently i need to get something disinfected/removed

How do you suggest me to go forward from here?

Thanks.
« Last Edit: April 13, 2011, 06:55:28 AM by comos1 »

Offline Ronny

  • Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13427
  • Volunteer Moderator
Re: 9uwR.exe
« Reply #3 on: April 13, 2011, 08:12:01 AM »
Well on it's own this looks like a dropper that tries to download 'real' malware.
As you blocked it's traffic out to the internet with the FW I think it wasn't able to download more bad stuff.

First of all you can verify you system with some second-opinion scanners
http://www.surfright.nl/en/hitmanpro
http://www.malwarebytes.org/

The infection for this thing will highly likely be the exe file you already detected.
You can copy it to a folder to save it so you can get it analyzed if needed later, best procedure is to password protect it in a .zip archive.

If you interested in a more details report of what this file does you can upload it here, it will create a nice report of it's findings http://anubis.iseclab.org/index.php

Depending on the rest of you setup we could evaluate further measures.
Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline comos1

  • Newbie
  • *
  • Posts: 3
Re: 9uwR.exe
« Reply #4 on: April 13, 2011, 09:57:00 AM »
Malwarebytes detected the file as a malware.packer but as you said I dont think it managed do any other harm. Some dodgy stuff in the anubis report though but i havent been able to detect any changes

http://anubis.iseclab.org/?action=result&task_id=11ef47930903dcc14997b0f335b4f8dec&format=html#id263571

Think I got off with a scare this time, thanks for your help!

Offline Ronny

  • Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13427
  • Volunteer Moderator
Re: 9uwR.exe
« Reply #5 on: April 13, 2011, 12:00:08 PM »
Yes it looks like the report shows it didn't cause any permanent changes, only tried to download the second stage of the malware which didn't work on your system.
Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline Boris 3

  • Comodo's Hero
  • *****
  • Posts: 1347
Re: 9uwR.exe
« Reply #6 on: April 13, 2011, 06:24:42 PM »
From now on, you could use Sandboxie on top of CIS to have an additionnal layer of security.

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11621
Re: 9uwR.exe
« Reply #7 on: April 14, 2011, 11:05:26 PM »
You might find some useful information in this article:
How to Stay Safe While Online

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek