egqayakasd.exe real bad malware

[Guest]

[xrpezio]

I want alert all guys about to download "web media player" (link google sponsorized) 'cause it install an invisible application named egqayakasd.exe in temporary folder. I can see this malware trojan activity only with COMODO FIREWALL. I CANT find with explorer.exe in all my computer: it was invisible at all !!!!!!! also antivirus wich i had installed cant see this trojan.
 you can see in those page other comments about this malware.
http://www.clubic.com/telecharger-fiche19624-web-media-player.html
http://www.tuttoblog.com/internetecomputer/Attenzione_a_www-web-mediaplayer-com_contiene_numerosi_spyware_Ecco_quello_vero/
 
xrpezio

[~cat~]

.
http://www.clubic.com/telecharger-fiche19624-web-media-player.html
http://www.tuttoblog.com/internetecomputer/Attenzione_a_www-web-mediaplayer-com_contiene_numerosi_spyware_Ecco_quello_vero/
 
xrpezio

Translated to English links:
http://64.233.179.104/translate_c?u=http%3A%2F%2Fwww.tuttoblog.com%2Finternetecomputer%2FAttenzione_a_www-web-mediaplayer-com_contiene_numerosi_spyware_Ecco_quello_vero%2F&langpair=it%7Cen&hl=en&ie=UTF8

http://64.233.179.104/translate_c?u=http%3A%2F%2Fwww.clubic.com%2Ftelecharger-fiche19624-web-media-player.html&langpair=fr%7Cen&hl=en&ie=UTF8

More..
"Infected with WebMediaPlayer?"
http://64.233.179.104/translate_c?hl=en&langpair=fr%7Cen&u=http://www.paretologic.com/resources/definitions.aspx%3Flid%3DEN%26remove%3DWebMediaPlayer

VirusTotal:

File webmediaplayer_setup.exe received on 11.24.2007 11:17:10 (CET)
Antivirus   Version   Last Update   Result
AhnLab-V3   2007.11.24.0   2007.11.23   -
AntiVir   7.6.0.34   2007.11.23   -
Authentium   4.93.8   2007.11.21   -
Avast   4.7.1074.0   2007.11.23   -
AVG   7.5.0.503   2007.11.23   -
BitDefender   7.2   2007.11.24   Adware.Navipromo.BZE
CAT-QuickHeal   9.00   2007.11.24   -
ClamAV   0.91.2   2007.11.24   -
DrWeb   4.44.0.09170   2007.11.23   -
eSafe   7.0.15.0   2007.11.21   suspicious Trojan/Worm
eTrust-Vet   31.3.5318   2007.11.23   -
Ewido   4.0   2007.11.23   -
FileAdvisor   1   2007.11.24   -
Fortinet   3.14.0.0   2007.11.24   -
F-Prot   4.4.2.54   2007.11.23   -
F-Secure   6.70.13030.0   2007.11.23   -
Ikarus   T3.1.1.12   2007.11.24   -
Kaspersky   7.0.0.125   2007.11.21   -
McAfee   5170   2007.11.23   -
Microsoft   1.3007   2007.11.24   -
NOD32v2   2683   2007.11.24   -
Norman   5.80.02   2007.11.23   -
Panda   9.0.0.4   2007.11.23   Suspicious file
Prevx1   V2   2007.11.24   -
Rising   20.19.51.00   2007.11.24   Dropper.Win32.Agent.cjm
Sophos   4.23.0   2007.11.24   Mal/Heuri-E
Sunbelt   2.2.907.0   2007.11.24   -
Symantec   10   2007.11.24   -
TheHacker   6.2.9.140   2007.11.24   -
VBA32   3.12.2.5   2007.11.23   -
VirusBuster   4.3.26:9   2007.11.23   -
Webwasher-Gateway   6.0.1   2007.11.24   Worm.Win32.ModifiedUPX.gen!84 (suspicious)
Additional information
File size: 1513020 bytes
MD5: a0bb93cd356d3781a17a60f933dd9451
SHA1: 0d5864c3ed32e8e6b436bfdd93113bd97c54a8c2
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX, PE_Patch

I'm submitting it to our lab for analysis..

[Tags:]