1 message in com.googlegroups.google-desktop-developerGoogle Desktop RSSReader Plug-(malware)| From | Sent On | Attachments |
|---|---|---|
| geraldwiecz | 27 Jun 2006 20:45 |
| Subject: | Google Desktop RSSReader Plug-(malware) |
|---|---|
| From: | geraldwiecz (gera...@gmail.com) |
| Date: | 06/27/2006 08:45:12 PM |
| List: | com.googlegroups.google-desktop-developer |
Anybody from Google check this stuff? I down loaded and installed this program twice, both times my security system alerted on installing malware: Covert.Sys.Exec Determination: Bad IS-IE32V.EXE AUTOMATED MALWARE PROFILE, ANALYSIS, REMOVAL AND SIGNATURE INFORMATION: DEFINITION OF: IS-IE32V.EXE
* Safety Rating: Known Malware, do not run * Malware Family: Part of Malware group - Covert Sys Exec * Determination: Automatically determined using Prevx1 centralized heuristics * Malware Form: EXPLOIT * Protection: Prevx1 will protect, disinfect, cleanup and remove IS-IE32V.EXE * Non Prevx Users: New users may cleanup and remove IS-IE32V.EXE for free using the regular Prevx1 download * First seen: Dec 23 2005 (GMT) * Last seen: Dec 23 2005 (GMT) * File Size: 663,040 bytes
MALWARE ASSESSMENT: PREVX 4 AXES OF EVIL METHODOLOGY 1. COVERT ANALYSIS OF: IS-IE32V.EXE
* File Names Used: 493 * Paths Used: 71 * Common File Name: IS-IE32V.EXE * Common Path: %WINDIR%\ * Vendor Information: No Vendor details specified * Product Information: Setup/Uninstall * IS-IE32V.EXE may use 493 or more path and file names, these are the most common: * 1 :%WINDIR%\IS-13B5V.EXE * 2 :%WINDIR%\IS-1RUHS.EXE * 3 :%WINDIR%\IS-32AP3.EXE * 4 :%WINDIR%\IS-3OUPJ.EXE * 5 :%WINDIR%\IS-3Q41V.EXE * 6 :%WINDIR%\IS-5650E.EXE * 7 :%WINDIR%\IS-5TNH3.EXE * 8 :%WINDIR%\IS-6158S.EXE * 9 :%WINDIR%\IS-69IPN.EXE * 10:%WINDIR%\IS-C87CK.EXE * File Name Structure: Normal * File and Path Structure: Suspicious, unusually high number of file and path combinations
2. RELATIONSHIP ANALYSIS OF: IS-IE32V.EXE
* Malicious Objects Created: None * Malicious Creators: None * Malware Run Keys: None * Self Persists: Yes, creates copies of itself * Antivirus Detection: No third party antivirus detection observed * Anti-Spyware Detection: No third party anti-spyware detection observed
3. ACTIVITY ANALYSIS OF: IS-IE32V.EXE
* The following behaviors have been observed for this object: * Deletes programs. * Invokes dll components. * Runs temporary programs. * Runs other programs.
4. PROPAGATION ANALYSIS OF: IS-IE32V.EXE
* Malware Group Propagation Rate: Moderate (spreading) * Malware Group: Covert Sys Exec * Copyright Prevx Limited 2005, 2006
Gerald