trojan TR/PSW.Nilage.hhl in lua51.dll
Posted: Wed Jul 07, 2010 1:50 am
yesterday my scanner (avira) found trojan TR/PSW.Nilage.hhl in lua51.dll.
I got my copy of micromacro from this site some weeks ago and never got a warning. everything works fine. I deleted the file and tried a new download from here. same result.
here is the log from virustotal.com
Datei micromacro.zip empfangen 2010.07.04 22:54:18 (UTC)
Status: Beendet
Ergebnis: 8/41 (19.51%)
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
a-squared 5.0.0.31 2010.07.04 Trojan-GameThief.Win32.Nilage!IK
AhnLab-V3 2010.07.03.00 2010.07.03 -
AntiVir 8.2.4.2 2010.07.04 -
Antiy-AVL 2.0.3.7 2010.07.02 -
Authentium 5.2.0.5 2010.07.04 -
Avast 4.8.1351.0 2010.07.04 -
Avast5 5.0.332.0 2010.07.04 -
AVG 9.0.0.836 2010.07.04 -
BitDefender 7.2 2010.07.05 Trojan.Generic.4318767
CAT-QuickHeal 11.00 2010.06.30 -
ClamAV 0.96.0.3-git 2010.07.04 -
Comodo 5318 2010.07.04 -
DrWeb 5.0.2.03300 2010.07.04 -
eSafe 7.0.17.0 2010.07.04 -
eTrust-Vet 36.1.7684 2010.07.03 -
F-Prot 4.6.1.107 2010.07.04 -
F-Secure 9.0.15370.0 2010.07.04 Trojan.Generic.4318767
Fortinet 4.1.133.0 2010.07.04 -
GData 21 2010.07.05 Trojan.Generic.4318767
Ikarus T3.1.1.84.0 2010.07.04 Trojan-GameThief.Win32.Nilage
Jiangmin 13.0.900 2010.07.03 -
Kaspersky 7.0.0.125 2010.07.04 Trojan-GameThief.Win32.Nilage.hhl
McAfee 5.400.0.1158 2010.07.05 -
McAfee-GW-Edition 2010.1 2010.07.04 -
Microsoft 1.5902 2010.07.03 -
NOD32 5251 2010.07.04 -
Norman 6.05.10 2010.07.04 -
nProtect 2010-07-04.02 2010.07.04 -
Panda 10.0.2.7 2010.07.04 -
PCTools 7.0.3.5 2010.07.02 -
Prevx 3.0 2010.07.05 -
Rising 22.54.04.04 2010.07.02 -
Sophos 4.54.0 2010.07.05 -
Sunbelt 6543 2010.07.04 -
Symantec 20101.1.0.89 2010.07.04 -
TheHacker 6.5.2.1.307 2010.07.04 -
TrendMicro 9.120.0.1004 2010.07.04 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.07.05 -
VBA32 3.12.12.5 2010.07.02 Trojan-GameThief.Win32.Nilage.hhl
ViRobot 2010.7.3.3920 2010.07.04 -
VirusBuster 5.0.27.0 2010.07.04 -
weitere Informationen
File size: 389994 bytes
MD5 : b3cf8137a930f903a346a0aa22a80838
SHA1 : f2f40799e85786611c61bc26bad232aeaa07f43c
SHA256: 475a58f138b1cd38ef4807b0891d1a202c6857663bcfec1897 d34f664c03b065
TrID : File type identification
ZIP compressed archive (99.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Symantec reputation: Suspicious.Insight
ssdeep: 6144:l6l2d8MV9fYpPOanQAQtp60EWV5Qp4gXRXexC7yCplExa wxVU5OeXTcQL+mI/wZ:l6lLc9QnfQtpRpdghexVC8xa+QO7w+zi
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch.UPX, UPX
packers (F-Prot): UPX
packers (Authentium): UPX
RDS : NSRL Reference Data Set
I really like this bot, but in this case I wont use it anymore.
I got my copy of micromacro from this site some weeks ago and never got a warning. everything works fine. I deleted the file and tried a new download from here. same result.
here is the log from virustotal.com
Datei micromacro.zip empfangen 2010.07.04 22:54:18 (UTC)
Status: Beendet
Ergebnis: 8/41 (19.51%)
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
a-squared 5.0.0.31 2010.07.04 Trojan-GameThief.Win32.Nilage!IK
AhnLab-V3 2010.07.03.00 2010.07.03 -
AntiVir 8.2.4.2 2010.07.04 -
Antiy-AVL 2.0.3.7 2010.07.02 -
Authentium 5.2.0.5 2010.07.04 -
Avast 4.8.1351.0 2010.07.04 -
Avast5 5.0.332.0 2010.07.04 -
AVG 9.0.0.836 2010.07.04 -
BitDefender 7.2 2010.07.05 Trojan.Generic.4318767
CAT-QuickHeal 11.00 2010.06.30 -
ClamAV 0.96.0.3-git 2010.07.04 -
Comodo 5318 2010.07.04 -
DrWeb 5.0.2.03300 2010.07.04 -
eSafe 7.0.17.0 2010.07.04 -
eTrust-Vet 36.1.7684 2010.07.03 -
F-Prot 4.6.1.107 2010.07.04 -
F-Secure 9.0.15370.0 2010.07.04 Trojan.Generic.4318767
Fortinet 4.1.133.0 2010.07.04 -
GData 21 2010.07.05 Trojan.Generic.4318767
Ikarus T3.1.1.84.0 2010.07.04 Trojan-GameThief.Win32.Nilage
Jiangmin 13.0.900 2010.07.03 -
Kaspersky 7.0.0.125 2010.07.04 Trojan-GameThief.Win32.Nilage.hhl
McAfee 5.400.0.1158 2010.07.05 -
McAfee-GW-Edition 2010.1 2010.07.04 -
Microsoft 1.5902 2010.07.03 -
NOD32 5251 2010.07.04 -
Norman 6.05.10 2010.07.04 -
nProtect 2010-07-04.02 2010.07.04 -
Panda 10.0.2.7 2010.07.04 -
PCTools 7.0.3.5 2010.07.02 -
Prevx 3.0 2010.07.05 -
Rising 22.54.04.04 2010.07.02 -
Sophos 4.54.0 2010.07.05 -
Sunbelt 6543 2010.07.04 -
Symantec 20101.1.0.89 2010.07.04 -
TheHacker 6.5.2.1.307 2010.07.04 -
TrendMicro 9.120.0.1004 2010.07.04 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.07.05 -
VBA32 3.12.12.5 2010.07.02 Trojan-GameThief.Win32.Nilage.hhl
ViRobot 2010.7.3.3920 2010.07.04 -
VirusBuster 5.0.27.0 2010.07.04 -
weitere Informationen
File size: 389994 bytes
MD5 : b3cf8137a930f903a346a0aa22a80838
SHA1 : f2f40799e85786611c61bc26bad232aeaa07f43c
SHA256: 475a58f138b1cd38ef4807b0891d1a202c6857663bcfec1897 d34f664c03b065
TrID : File type identification
ZIP compressed archive (99.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Symantec reputation: Suspicious.Insight
ssdeep: 6144:l6l2d8MV9fYpPOanQAQtp60EWV5Qp4gXRXexC7yCplExa wxVU5OeXTcQL+mI/wZ:l6lLc9QnfQtpRpdghexVC8xa+QO7w+zi
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch.UPX, UPX
packers (F-Prot): UPX
packers (Authentium): UPX
RDS : NSRL Reference Data Set
I really like this bot, but in this case I wont use it anymore.