aztec 0 Posted January 3, 2014 Report Share Posted January 3, 2014 Hi, Saw this on the World of Warcraft/Blizzard games forum yesterday: http://us.battle.net/wow/en/forum/topic/11041384892?page=1 Wondered if Emsi has been notified of this new malware, and has tried to mitigate it? Thanks. Quote Link to post Share on other sites
Elise 276 Posted January 3, 2014 Report Share Posted January 3, 2014 Yes, we are aware of it and detect/remove it. I can confirm the objects listed in the article you linked to are being created as stated: If you are concerned you have this malware and you have HijackFree, you can see the objects (Disker and/or Disker64) under the Autoruns tab. Quote Link to post Share on other sites
aztec 0 Posted January 3, 2014 Author Report Share Posted January 3, 2014 Thank you Elise for the quick reply and the good work. Quote Link to post Share on other sites
malware1 13 Posted January 4, 2014 Report Share Posted January 4, 2014 This file is undetected by Emsisoft: setup.exe - https://www.virustotal.com/en/file/09943ba819c2f70899dfa16d2930c65b4170989de9bf7de8b2cdaf15d137a7c1/analysis/1388832922/ Some other antivirus products with BitDefender engine detect it, but Emsisoft does not It drops WINDOW~1.EXE and WINDOW~1.EXE drops w_win.dll and w_64.DLL. WINDOW~1.EXE, w_win.dll, w_64.DLL - these files are detected. Quote Link to post Share on other sites
malware1 13 Posted January 4, 2014 Report Share Posted January 4, 2014 Another sample of this malware: setup.exe - https://www.virustotal.com/en/file/f05045f5e9badf1017d245a1977fa49c85183f0bc34aa4f1800c5c462b7c34eb/analysis/1388853235/ (undetected by Emsisoft) Dropped files: XB_010~1.EXE - https://www.virustotal.com/en/file/625060052f56063999793d944accb98b60dcb2411bdce005c8156e2e75cf2449/analysis/1388853290/ (detected by Emsisoft) w_64.DLL - https://www.virustotal.com/en/file/dd9ded59410d4e2a77f5154ac0548aa657078d398057924f596bb8901c964344/analysis/1388853314/ (undetected by Emsisoft) w_win.dll - https://www.virustotal.com/en/file/43eb4d54b1a8b204f41f2d67fe2563ad36ccd833325be4aab744d236e049ae56/analysis/1388853290/ (undetected by Emsisoft) I'll submit the undetected files. Quote Link to post Share on other sites
Elise 276 Posted January 4, 2014 Report Share Posted January 4, 2014 There are a number of variants, which is while some hashes are undetected. However trace detection is present for all dropped components. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.