TIP: Click on subject to list as thread! ANSI
echo: alt-comp-anti-virus
to: ALL
from: DAVID H. LIPMAN
date: 2016-04-08 21:07:00
subject: Re: Just got a new viral-
On 4/7/2016 9:22 AM, Virus Guy wrote:
> This came in almost 3 hours ago:
>
>
https://www.virustotal.com/en/file/89e7c151213131873ecf2cd16ba6842e21c391201f94
94c8f574d56b75172963/analysis/1460034005/
>
> VT scan result 12/57
>
> AegisLab      Troj.W32.Gen.lJ4P
> Arcabit       Trojan.A
> Avast         Win32:Trojan-gen
> Baidu         Win32.Trojan.WisdomEyes.151026.9950.9957
> Ikarus        Win32.Outbreak
> Kaspersky     Backdoor.Win32.Androm.jkpi
> Malwarebytes  Backdoor.Bot
> McAfee-GW     BehavesLike.Win32.Sality.ch
> Qihoo-360     HEUR/QVM10.1.Malware.Gen
> Rising        PE:Malware.Obscure/Heur!1.9E03 [F]
> Sophos        Mal/Generic-S
> Tencent       Win32.Trojan.Inject.Auto
>
> Uploaded to uploadmalware.
>
> I'll mess around with it a little and see what else I can find out.
>
> Spam originated from 193.16.229.57 (poland).
>

There is a big difference between Sality and an Andromeda backdoor bot. 
  If it was truly Sality, all anti virus vendors would have that detection.

Most likely, it is an Andromeda/Gamarue trojan.


-- 
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp
--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.