Smadav 2011 Rev. 8.5 dianggap mengandung Trojan

Smadav dianggap trojan oleh Avira

Smadav merupakan Antivirus khusus untuk menangani virus/Trojan/worm yang menyebar luas di Indonesia. Pihak Smadav sendiri menyarankan agar menggunakannya berdampingan dengan antivirus generik yang sudah umum dipakai.

Namun, bagaimana jika kemudian Smadav dianggap sebagai virus/Trojan itu sendiri?

Kejadian itu pernah menimpa Smadav versi 8.1.9 yang dianggap mengandung Trojan yang diberi kode TR/Antavmu.gyg menurut database Avira.

Agaknya, kejadian serupa juga berulang kembali untuk Smadav 8.5.

Kali ini Avira mendeteksi Smadav mengandung Trojan berkode BDS/Floder.hs.5. Trojan tersebut diberi kode berbeda dalam berbagai database antivirus, yaitu:

  • Kaspersky: Backdoor.Win32.Floder.hs
  • F-Secure: Backdoor.Win32.Floder.hs
  • Bitdefender: Trojan.Generic.KD.231000
  • AVG: SHeur3.CAUJ
  • Grisoft: SHeur3.CAUJ
  • Eset: Win32/AutoRun.KS worm
  • DrWeb: Win32.HLLW.Autoruner.50320

Trojan yang terdeteksi database Avira sejak 24 Mei 2011 itu merupakan tipe Backdoor Server dan memiliki kemampuan mendownload secara otomatis aplikasi berbahaya, mengubah data registry, dan memberi akses kontrol kepada pihak ketiga.

Sayangnya, sampai saat tulisan ini diturunkan pihak Smadav belum memberikan keterangan apapun mengenai hal itu melalui situsnya.

Spesifikasi BDS/Floder.hs.5

Virus:

BDS/Floder.hs.5

Date discovered:

24/05/2011

Type:

Backdoor Server

In the wild:

No

Reported Infections:

Medium

Distribution Potential:

Low

Damage Potential:

Medium

Static file:

Yes

File size:

35.658 Bytes

MD5 checksum:

2879731cc7ff6e6a1fb36cf93caaf00C

VDF version:

7.11.08.114 – Tuesday, May 24, 2011

IVDF version:

7.11.08.114 – Tuesday, May 24, 2011

General Method of propagation:
• No own spreading routine

Aliases:
• Kaspersky: Backdoor.Win32.Floder.hs
• F-Secure: Backdoor.Win32.Floder.hs
• Bitdefender: Trojan.Generic.KD.231000
• AVG: SHeur3.CAUJ
• Grisoft: SHeur3.CAUJ
• Eset: Win32/AutoRun.KS worm
• DrWeb: Win32.HLLW.Autoruner.50320

Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
• Windows Vista
• Windows Server 2008
• Windows 7

Side effects:
• Third party control
• Downloads malicious files
• Registry modification

Files It copies itself to the following location:
%recycle bin%\R-1-**********1013\acleaner.exe

It tries to download some files:

– The location is the following:
http://31.**********43/ng**********wk.exe
It is saved on the local hard drive under: %HOME%\dgjdd.exe Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too.

– The location is the following:
http://31.**********32/nw**********bu.exe
It is saved on the local hard drive under: %HOME%\Application Data\3D.tmp Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too. Detected as: TR/Dldr.FirNix.AD

– The location is the following:
http://91.**********40/d**********.exe
It is saved on the local hard drive under: %HOME%\Application Data\3E.tmp Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too.
Registry One of the following values is added in order to run the process after reboot:

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
• “Taskman”=”C:\RECYCLER\\R-1-**********1013\\acleaner.exe”

Injection

– It injects itself into a process.

Process name:
• Explorer.exe

File details

Programming language:
The malware program was written in MS Visual C++.

Iklan

3 Komentar

Filed under Berita, Indonesia

3 responses to “Smadav 2011 Rev. 8.5 dianggap mengandung Trojan

  1. iwank

    bingung gw ma smadav.. yg ver 8.6 juga dianggp berbahaya oleh kis 2012

  2. alhabsyie

    gak taulah.. bukannya kurang mencintai produk nasional.. kamera digital sangat dianjurkan untuk tidak terkoneksi dengan pc yang terinstal smadav

  3. waduh

    kemana nih ybs?

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s