Forum: >>> Magnum BBS <<<

clamAV reporting

From moussa@21:1/5 to All on Mon Nov 8 15:58:47 2021

ps-2.kev009.com/ncr3xxx/pcfiles/Machines/32xx/3262/AUDIO.EXE: Win.Worm.Viking-2528 FOUND

??
--
Moussa

"People alike with a similar circumstances, tend to find each
others across space and time, given enough time in life, no
matter distance, language, race, colour and believes" (c) MEK
*** Do Not Copy, Duplicate or Use without my Permission ***

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From JWR@21:1/5 to moussa on Mon Nov 8 09:35:23 2021

On 08-11-2021 08:58, moussa wrote:

ps-2.kev009.com/ncr3xxx/pcfiles/Machines/32xx/3262/AUDIO.EXE: Win.Worm.Viking-2528 FOUND

??

Hi Moussa,

Supposing Audio.exe was built a long, long, long time before this worm came into the world, a 'false positive' is likely.

But it can't do much harm for Kevin to compare the file with older backups to look for any changes i.e. infections.

--
Jelte,
Admirer of the letter of IBM with blue Ishiki

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From moussa@21:1/5 to All on Wed Nov 10 09:34:31 2021

LibClamAV Warning: PNG: Unexpected early end-of-file. ps-2.kev009.com/ncr3xxx/pcfiles/Machines/32xx/3262/AUDIO.EXE: Win.Worm.Viking-2528 FOUND
ps-2.kev009.com/ohlandl/NIC/etmlan.zip: Win.Trojan.Bupt-2 FOUND ps-2.kev009.com/ohlandl/3513/External_PCMCIA_HDD.exe:
Win.Trojan.Agent-530259 FOUND ps-2.kev009.com/pccbbs/intellistation/e75z28us.exe:
Win.Trojan.Agent-1815490 FOUND ps-2.kev009.com/pccbbs/intellistation/e22z13us.exe:
Win.Trojan.Agent-428481 FOUND ps-2.kev009.com/pccbbs/intellistation/e78z14us.exe:
Win.Trojan.Agent-428481 FOUND ps-2.kev009.com/pccbbs/intellistation/e23z02us.exe:
Win.Trojan.Agent-421915 FOUND ps-2.kev009.com/pccbbs/intellistation/za3z49us.exe:
Win.Trojan.Agent-1862555 FOUND ps-2.kev009.com/pccbbs/intellistation/e78z39us.exe:
Win.Trojan.Agent-421898 FOUND ps-2.kev009.com/pccbbs/intellistation/e75z17us.exe:
Win.Trojan.Agent-421915 FOUND
ps-2.kev009.com/pccbbs/mobiles_pdf/7awv05ww.exe:
Win.Trojan.Agent-1460811 FOUND ps-2.kev009.com/pccbbs/commercial_desktop/za3z49us.exe: Win.Trojan.Agent-1862555 FOUND ps-2.kev009.com/pccbbs/commercial_desktop/d65z03us.exe:
Win.Worm.Viking-2528 FOUND ps-2.kev009.com/pccbbs/netvista_drivers/e7az21us.exe:
Win.Trojan.Agent-428820 FOUND ps-2.kev009.com/pccbbs/netvista_drivers/e78z36us.exe:
Win.Trojan.Agent-428779 FOUND
LibClamAV Warning: cli_scanicon: found 4 invalid icon entries of 4 total ps-2.kev009.com/pccbbs/misc/integrtd.exe: Win.Trojan.HeyChris-1 FOUND ps-2.kev009.com/pccbbs/pc_servers/26k9105w.exe: Win.Trojan.Cosmu-1095 FOUND ps-2.kev009.com/pccbbs/pc_servers/26k9107w.exe: Win.Trojan.Cosmu-1095 FOUND ps-2.kev009.com/pccbbs/pc_servers/26k9106w.exe: Win.Trojan.Cosmu-1095 FOUND ps-2.kev009.com/pccbbs/pc_servers/e7az33usa.exe: Win.Trojan.Agent-424054
FOUND
ps-2.kev009.com/pccbbs/pc_servers/e7at30a.exe: Win.Trojan.Agent-424054 FOUND ps-2.kev009.com/pccbbs/pc_servers/dsa101p.exe:
Win.Dropper.Gh0stRAT-9811469-0 FOUND ps-2.kev009.com/pccbbs/pc_servers/dsa100p.exe:
Win.Dropper.Gh0stRAT-9811469-0 FOUND
LibClamAV Warning: cli_scanicon: found 4 invalid icon entries of 4 total LibClamAV Warning: cli_scanicon: found 4 invalid icon entries of 4 total LibClamAV Warning: cli_scanicon: found 4 invalid icon entries of 4 total ps-2.kev009.com/pccbbs/aptiva/aptie4us.exe: Win.Trojan.Peed-422 FOUND ps-2.kev009.com/pccbbs/mobiles/7kcna4ww.exe: Win.Trojan.Agent-1460811 FOUND ps-2.kev009.com/pccbbs/mobiles/68wk01ww.exe: Win.Trojan.Agent-1460811 FOUND ps-2.kev009.com/pccbbs/mobiles/ltmd1gme.exe: Win.Trojan.Agent-5602801-0
FOUND
ps-2.kev009.com/pccbbs/mobiles/l1wln04us24.exe:
Win.Trojan.Agent-5467461-0 FOUND
ps-2.kev009.com/pccbbs/mobiles/tracpt2k.exe: Win.Trojan.Ramnit-6057 FOUND ps-2.kev009.com/pccbbs/mobiles/vftpad8m.exe: Win.Trojan.Downloader-19951
FOUND
ps-2.kev009.com/pccbbs/mobiles/65au07ww.exe: Win.Trojan.Ramnit-6552 FOUND ps-2.kev009.com/pccbbs/mobiles/ltmd1g98.exe: Win.Trojan.Agent-5602801-0
FOUND
ps-2.kev009.com/pccbbs/mobiles/ltmd1gnt.exe: Win.Trojan.Agent-5602801-0
FOUND
ps-2.kev009.com/pccbbs/mobiles/7avu21ww.exe: Win.Worm.Chir-916 FOUND ps-2.kev009.com/pccbbs/mobiles/l1wln02us24.exe:
Win.Trojan.Agent-5467461-0 FOUND
ps-2.kev009.com/pccbbs/mobiles/7avu12ww.exe: Win.Worm.Chir-916 FOUND ps-2.kev009.com/pccbbs/mobiles/78g405ww.exe: Win.Trojan.Ramnit-6056 FOUND ps-2.kev009.com/pccbbs/mobiles/1yg407ww.exe: Win.Trojan.Ramnit-6057 FOUND ps-2.kev009.com/pccbbs/mobiles/62wj05ww.exe: Win.Trojan.Agent-1460811 FOUND LibClamAV Warning: cli_scanicon: found 4 invalid icon entries of 4 total ps-2.kev009.com/pccbbs/mobiles/1yg409ww.exe: Win.Trojan.Ramnit-6057 FOUND ps-2.kev009.com/pccbbs/mobiles/63wj01ww.exe: Win.Trojan.Agent-1460811 FOUND ps-2.kev009.com/pccbbs/mobiles/l1wln05us24.exe: Win.Trojan.Agent-1460811
FOUND
ps-2.kev009.com/pccbbs/mobiles/7avu23ww.exe: Win.Worm.Chir-916 FOUND ps-2.kev009.com/pccbbs/mobiles/1yg411ww.exe: Win.Trojan.Ramnit-6057 FOUND ps-2.kev009.com/pccbbs/mobiles/l1wln03us24.exe: Win.Trojan.Agent-1460811
FOUND
ps-2.kev009.com/pccbbs/mobiles/7avu43ww.exe: Win.Worm.Chir-916 FOUND ps-2.kev009.com/pccbbs/mobiles/7awv05ww.exe: Win.Trojan.Agent-1460811 FOUND ps-2.kev009.com/pccbbs/mobiles/l1wln09us24.exe: Win.Trojan.Agent-1460811
FOUND
ps-2.kev009.com/pccbbs/mobiles/ltmd1gxp.exe: Win.Trojan.Agent-5602801-0
FOUND
ps-2.kev009.com/pccbbs/mobiles/1rg408us.exe: Win.Trojan.Ramnit-6057 FOUND ps-2.kev009.com/pccbbs/mobiles/75u702aw.exe: Win.Trojan.Agent-682923 FOUND ps-2.kev009.com/pccbbs/mobiles/68wl01ww.exe: Win.Trojan.Agent-1460811 FOUND ps-2.kev009.com/pccbbs/mobiles/7avu42ww.exe: Win.Worm.Chir-916 FOUND ps-2.kev009.com/pccbbs/mobiles/65av08ww.exe: Win.Trojan.Ramnit-6552 FOUND LibClamAV Warning: cli_scanicon: found 4 invalid icon entries of 4 total ps-2.kev009.com/pccbbs/options/pro_nt40.exe: Doc.Trojan.Wazzu-6 FOUND ps-2.kev009.com/pccbbs/options/q3kyb01us13.zip: Win.Trojan.Agent-354826
FOUND
ps-2.kev009.com/pccbbs/options/recovertool1gb_v1030.exe: Win.Trojan.Agent-1096954 FOUND
ps-2.kev009.com/pccbbs/options/q3kyb03us13.exe: Win.Trojan.Agent-354826
FOUND
LibClamAV Warning: cli_scanicon: found 4 invalid icon entries of 4 total LibClamAV Warning: cli_scanicon: found 4 invalid icon entries of 4 total ps-2.kev009.com/pccbbs/netvista/e75z28us.exe: Win.Trojan.Agent-1815490 FOUND ps-2.kev009.com/pccbbs/netvista/e78z14us.exe: Win.Trojan.Agent-428481 FOUND ps-2.kev009.com/pccbbs/netvista/e75z17us.exe: Win.Trojan.Agent-421915 FOUND LibClamAV Warning: cli_scanicon: found 4 invalid icon entries of 4 total

----------- SCAN SUMMARY -----------
Known viruses: 8574078
Engine version: 0.103.3
Scanned directories: 4835
Scanned files: 173409
Infected files: 61
Data scanned: 260806.00 MB
Data read: 213651.94 MB (ratio 1.22:1)
Time: 109320.057 sec (1822 m 0 s)
Start Date: 2021:11:08 12:42:36
End Date: 2021:11:09 19:04:36

--
Moussa

"People alike with a similar circumstances, tend to find each
others across space and time, given enough time in life, no
matter distance, language, race, colour and believes" (c) MEK
*** Do Not Copy, Duplicate or Use without my Permission ***

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From moussa@21:1/5 to JWR on Wed Nov 10 09:32:14 2021

On 8/11/21 4:35 pm, JWR wrote:

On 08-11-2021 08:58, moussa wrote:

ps-2.kev009.com/ncr3xxx/pcfiles/Machines/32xx/3262/AUDIO.EXE:
Win.Worm.Viking-2528 FOUND

??

Hi Moussa,

Supposing Audio.exe was built a long, long, long time before this worm
came into the world, a 'false positive' is likely.

But it can't do much harm for Kevin to compare the file with older
backups to look for any changes i.e. infections.

i have no doubt

maybe a list and a note??

--
Moussa

"People alike with a similar circumstances, tend to find each
others across space and time, given enough time in life, no
matter distance, language, race, colour and believes" (c) MEK
*** Do Not Copy, Duplicate or Use without my Permission ***

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Kevin Bowling@21:1/5 to moussa on Fri Nov 12 21:00:39 2021

On 11/9/21 18:34, moussa wrote:

LibClamAV Warning: PNG: Unexpected early end-of-file. ps-2.kev009.com/ncr3xxx/pcfiles/Machines/32xx/3262/AUDIO.EXE: Win.Worm.Viking-2528 FOUND
ps-2.kev009.com/ohlandl/NIC/etmlan.zip: Win.Trojan.Bupt-2 FOUND ps-2.kev009.com/ohlandl/3513/External_PCMCIA_HDD.exe:
Win.Trojan.Agent-530259 FOUND ps-2.kev009.com/pccbbs/intellistation/e75z28us.exe:
Win.Trojan.Agent-1815490 FOUND ps-2.kev009.com/pccbbs/intellistation/e22z13us.exe:
Win.Trojan.Agent-428481 FOUND ps-2.kev009.com/pccbbs/intellistation/e78z14us.exe:
Win.Trojan.Agent-428481 FOUND ps-2.kev009.com/pccbbs/intellistation/e23z02us.exe:
Win.Trojan.Agent-421915 FOUND ps-2.kev009.com/pccbbs/intellistation/za3z49us.exe:
Win.Trojan.Agent-1862555 FOUND ps-2.kev009.com/pccbbs/intellistation/e78z39us.exe:
Win.Trojan.Agent-421898 FOUND ps-2.kev009.com/pccbbs/intellistation/e75z17us.exe:
Win.Trojan.Agent-421915 FOUND ps-2.kev009.com/pccbbs/mobiles_pdf/7awv05ww.exe:
Win.Trojan.Agent-1460811 FOUND ps-2.kev009.com/pccbbs/commercial_desktop/za3z49us.exe: Win.Trojan.Agent-1862555 FOUND ps-2.kev009.com/pccbbs/commercial_desktop/d65z03us.exe:
Win.Worm.Viking-2528 FOUND ps-2.kev009.com/pccbbs/netvista_drivers/e7az21us.exe:
Win.Trojan.Agent-428820 FOUND ps-2.kev009.com/pccbbs/netvista_drivers/e78z36us.exe:
Win.Trojan.Agent-428779 FOUND
LibClamAV Warning: cli_scanicon: found 4 invalid icon entries of 4 total ps-2.kev009.com/pccbbs/misc/integrtd.exe: Win.Trojan.HeyChris-1 FOUND ps-2.kev009.com/pccbbs/pc_servers/26k9105w.exe: Win.Trojan.Cosmu-1095 FOUND ps-2.kev009.com/pccbbs/pc_servers/26k9107w.exe: Win.Trojan.Cosmu-1095 FOUND ps-2.kev009.com/pccbbs/pc_servers/26k9106w.exe: Win.Trojan.Cosmu-1095 FOUND ps-2.kev009.com/pccbbs/pc_servers/e7az33usa.exe: Win.Trojan.Agent-424054 FOUND
ps-2.kev009.com/pccbbs/pc_servers/e7at30a.exe: Win.Trojan.Agent-424054 FOUND ps-2.kev009.com/pccbbs/pc_servers/dsa101p.exe:
Win.Dropper.Gh0stRAT-9811469-0 FOUND ps-2.kev009.com/pccbbs/pc_servers/dsa100p.exe:
Win.Dropper.Gh0stRAT-9811469-0 FOUND
LibClamAV Warning: cli_scanicon: found 4 invalid icon entries of 4 total LibClamAV Warning: cli_scanicon: found 4 invalid icon entries of 4 total LibClamAV Warning: cli_scanicon: found 4 invalid icon entries of 4 total ps-2.kev009.com/pccbbs/aptiva/aptie4us.exe: Win.Trojan.Peed-422 FOUND ps-2.kev009.com/pccbbs/mobiles/7kcna4ww.exe: Win.Trojan.Agent-1460811 FOUND ps-2.kev009.com/pccbbs/mobiles/68wk01ww.exe: Win.Trojan.Agent-1460811 FOUND ps-2.kev009.com/pccbbs/mobiles/ltmd1gme.exe: Win.Trojan.Agent-5602801-0
FOUND
ps-2.kev009.com/pccbbs/mobiles/l1wln04us24.exe:
Win.Trojan.Agent-5467461-0 FOUND
ps-2.kev009.com/pccbbs/mobiles/tracpt2k.exe: Win.Trojan.Ramnit-6057 FOUND ps-2.kev009.com/pccbbs/mobiles/vftpad8m.exe: Win.Trojan.Downloader-19951 FOUND
ps-2.kev009.com/pccbbs/mobiles/65au07ww.exe: Win.Trojan.Ramnit-6552 FOUND ps-2.kev009.com/pccbbs/mobiles/ltmd1g98.exe: Win.Trojan.Agent-5602801-0
FOUND
ps-2.kev009.com/pccbbs/mobiles/ltmd1gnt.exe: Win.Trojan.Agent-5602801-0
FOUND
ps-2.kev009.com/pccbbs/mobiles/7avu21ww.exe: Win.Worm.Chir-916 FOUND ps-2.kev009.com/pccbbs/mobiles/l1wln02us24.exe:
Win.Trojan.Agent-5467461-0 FOUND
ps-2.kev009.com/pccbbs/mobiles/7avu12ww.exe: Win.Worm.Chir-916 FOUND ps-2.kev009.com/pccbbs/mobiles/78g405ww.exe: Win.Trojan.Ramnit-6056 FOUND ps-2.kev009.com/pccbbs/mobiles/1yg407ww.exe: Win.Trojan.Ramnit-6057 FOUND ps-2.kev009.com/pccbbs/mobiles/62wj05ww.exe: Win.Trojan.Agent-1460811 FOUND LibClamAV Warning: cli_scanicon: found 4 invalid icon entries of 4 total ps-2.kev009.com/pccbbs/mobiles/1yg409ww.exe: Win.Trojan.Ramnit-6057 FOUND ps-2.kev009.com/pccbbs/mobiles/63wj01ww.exe: Win.Trojan.Agent-1460811 FOUND ps-2.kev009.com/pccbbs/mobiles/l1wln05us24.exe: Win.Trojan.Agent-1460811 FOUND
ps-2.kev009.com/pccbbs/mobiles/7avu23ww.exe: Win.Worm.Chir-916 FOUND ps-2.kev009.com/pccbbs/mobiles/1yg411ww.exe: Win.Trojan.Ramnit-6057 FOUND ps-2.kev009.com/pccbbs/mobiles/l1wln03us24.exe: Win.Trojan.Agent-1460811 FOUND
ps-2.kev009.com/pccbbs/mobiles/7avu43ww.exe: Win.Worm.Chir-916 FOUND ps-2.kev009.com/pccbbs/mobiles/7awv05ww.exe: Win.Trojan.Agent-1460811 FOUND ps-2.kev009.com/pccbbs/mobiles/l1wln09us24.exe: Win.Trojan.Agent-1460811 FOUND
ps-2.kev009.com/pccbbs/mobiles/ltmd1gxp.exe: Win.Trojan.Agent-5602801-0
FOUND
ps-2.kev009.com/pccbbs/mobiles/1rg408us.exe: Win.Trojan.Ramnit-6057 FOUND ps-2.kev009.com/pccbbs/mobiles/75u702aw.exe: Win.Trojan.Agent-682923 FOUND ps-2.kev009.com/pccbbs/mobiles/68wl01ww.exe: Win.Trojan.Agent-1460811 FOUND ps-2.kev009.com/pccbbs/mobiles/7avu42ww.exe: Win.Worm.Chir-916 FOUND ps-2.kev009.com/pccbbs/mobiles/65av08ww.exe: Win.Trojan.Ramnit-6552 FOUND LibClamAV Warning: cli_scanicon: found 4 invalid icon entries of 4 total ps-2.kev009.com/pccbbs/options/pro_nt40.exe: Doc.Trojan.Wazzu-6 FOUND ps-2.kev009.com/pccbbs/options/q3kyb01us13.zip: Win.Trojan.Agent-354826
FOUND
ps-2.kev009.com/pccbbs/options/recovertool1gb_v1030.exe: Win.Trojan.Agent-1096954 FOUND ps-2.kev009.com/pccbbs/options/q3kyb03us13.exe: Win.Trojan.Agent-354826
FOUND
LibClamAV Warning: cli_scanicon: found 4 invalid icon entries of 4 total LibClamAV Warning: cli_scanicon: found 4 invalid icon entries of 4 total ps-2.kev009.com/pccbbs/netvista/e75z28us.exe: Win.Trojan.Agent-1815490 FOUND ps-2.kev009.com/pccbbs/netvista/e78z14us.exe: Win.Trojan.Agent-428481 FOUND ps-2.kev009.com/pccbbs/netvista/e75z17us.exe: Win.Trojan.Agent-421915 FOUND LibClamAV Warning: cli_scanicon: found 4 invalid icon entries of 4 total

----------- SCAN SUMMARY -----------
Known viruses: 8574078
Engine version: 0.103.3
Scanned directories: 4835
Scanned files: 173409
Infected files: 61
Data scanned: 260806.00 MB
Data read: 213651.94 MB (ratio 1.22:1)
Time: 109320.057 sec (1822 m 0 s)
Start Date: 2021:11:08 12:42:36
End Date: 2021:11:09 19:04:36

I don't have the inclination to do some binary analysis but that's what
would need to be done. Signature based scans like this have little
relevance then or now.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Bob Worm
  Fri Apr 26 15:47:21 2024
  from Wales, Uk via Telnet
- Bob Worm
  Fri Apr 26 10:09:36 2024
  from Wales, Uk via Telnet
- Bob Worm
  Fri Apr 26 08:24:20 2024
  from Wales, Uk via Telnet
- Bob Worm
  Fri Apr 26 06:40:30 2024
  from Wales, Uk via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	296
Nodes:	16 (2 / 14)
Uptime:	77:23:11
Calls:	6,658
Calls today:	4
Files:	12,203
Messages:	5,332,832
Posted today:	1

clamAV reporting

Who's Online

Recent Visitors

System Info