Subscribe to Virus Experts – We Make Your Digital Life Secured RSS FeedSubscribe to Virus Experts – We Make Your Digital Life SecuredComments FEED

Browse > Home /

New Version of “Ilomo (Ilomo!IK) Trojan” Not Detected From Most Of Protection Systems (Include Manual Removal)

July 8, 2009 by admin  
Filed under Removal Tips,Tools and Videos, Security News

1 Comment


Title: Ilomo
Type: Trojans
 Severity scale:image45 New Version of Ilomo (Ilomo!IK) Trojan Not Detected From Most Of Protection Systems (Include Manual Removal) (45 / 100)

a new version of  Ilomo trojan and its not detected yet, We upload the trojan file to virus total and got this report:

File service.exe received on 2009.07.08 00:49:38 (UTC)
Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.07.07 Trojan.Win32.Ilomo!IK
AhnLab-V3 5.0.0.2 2009.07.07 -
AntiVir 7.9.0.204 2009.07.07 -
Antiy-AVL 2.0.3.1 2009.07.07 -
Authentium 5.1.2.4 2009.07.07 -
Avast 4.8.1335.0 2009.07.07 -
AVG 8.5.0.386 2009.07.08 -
BitDefender 7.2 2009.07.08 -
CAT-QuickHeal 10.00 2009.07.07 (Suspicious) – DNAScan
ClamAV 0.94.1 2009.07.07 -
Comodo 1538 2009.07.02 -
DrWeb 5.0.0.12182 2009.07.08 -
eSafe 7.0.17.0 2009.07.07 -
eTrust-Vet 31.6.6602 2009.07.08 -
F-Prot 4.4.4.56 2009.07.07 -
F-Secure 8.0.14470.0 2009.07.08 -
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.08 -
Ikarus T3.1.1.64.0 2009.07.08 Trojan.Win32.Ilomo
Jiangmin 11.0.706 2009.07.07 -
K7AntiVirus 7.10.786 2009.07.07 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5669 2009.07.07 -
McAfee+Artemis 5669 2009.07.07 -
McAfee-GW-Edition 6.8.5 2009.07.07 -
Microsoft 1.4803 2009.07.07 -
NOD32 4222 2009.07.07 -
Norman 6.01.09 2009.07.07 -
nProtect 2009.1.8.0 2009.07.07 -
Panda 10.0.0.14 2009.07.07 -
PCTools 4.4.2.0 2009.07.07 -
Prevx 3.0 2009.07.08 -
Rising 21.37.14.00 2009.07.07 -
Sophos 4.43.0 2009.07.08 -
Sunbelt 3.2.1858.2 2009.07.07 -
Symantec 1.4.4.12 2009.07.08 -
TheHacker 6.3.4.3.363 2009.07.08 -
TrendMicro 8.950.0.1094 2009.07.07 -
VBA32 3.12.10.7 2009.07.08 -
ViRobot 2009.7.7.1822 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.07 -
Additional information
File size: 509440 bytes
MD5…: 806b6e935eaa8923427408be5b1e11bf
SHA1..: e640681e1704941cd8ca02bc93fc45905868f069
SHA256: 88901a193da2c24412e78d57be0df3e3a147a142d3b565e9be3f7563bf7db790
ssdeep: 12288:LIFZ7RSkZQTjLyP35ZKGdbFKNdBOER8×9HzogQy+:LIMkqTjM5jdbKt6Hx
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0×1f82
timedatestamp…..: 0×43517510 (Sat Oct 15 21:30:56 2005)
machinetype…….: 0×14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0×1000 0×27a8 0×2800 6.80 e24411d0d235db6a8e6edb6174eda970
.rdata 0×4000 0xc4a 0xe00 4.67 22f7a9b4c70d2946d76ecb83bad3bfee
.reloc 0×5000 0×6c160 0×6c200 8.00 eeea2f2f2b52b4dc9532237f9e7dcf1b
.bss 0×72000 0xc812 0xca00 6.57 7343c2addd9950b0be066b8251e804f2

( 8 imports )
> WININET.dll: InternetGetConnectedState, InternetReadFile, InternetCrackUrlA, GopherCreateLocatorA, InternetSetStatusCallback, HttpSendRequestA, InternetQueryOptionA, HttpOpenRequestA, HttpSendRequestExA, FtpCreateDirectoryA, FtpRemoveDirectoryA, InternetCloseHandle, InternetQueryDataAvailable, InternetWriteFile, HttpEndRequestA, InternetCanonicalizeUrlA, HttpAddRequestHeadersA, HttpSendRequestW
> WS2_32.dll: -, -, -, -
> KERNEL32.dll: LoadLibraryA, GetDateFormatW, lstrcatW, VirtualAlloc, GetFileSize, CreateDirectoryW, LocalFree, GetTickCount, CreateFileW, GetProcAddress, GetTimeFormatW, Sleep, MultiByteToWideChar, GetLastError, GlobalFree, QueryPerformanceCounter, GetModuleHandleW, SetEndOfFile, GlobalAlloc, GlobalLock, lstrcmpW, GetProfileIntW, GetThreadLocale, GetCurrentProcessId, GetModuleHandleA
> USER32.dll: DefWindowProcW, LoadMenuW, UpdateWindow, DestroyWindow, MapWindowPoints, SetRectEmpty, GetClientRect, EnableWindow, GetSysColor, GetDesktopWindow, DeleteMenu, WinHelpW, PeekMessageW, GetDlgItemInt, RegisterClassExW, GetSubMenu, GetSystemMetrics, IsClipboardFormatAvailable, KillTimer, SetCapture, MessageBeep, EqualRect, DeferWindowPos, SetClassLongW, GetWindowLongW, GetDlgItem, GetWindow, SetTimer, MessageBoxW, SetCaretPos, PostQuitMessage, ModifyMenuW, InvalidateRect, EndPaint, IsWindow, GetMenuItemInfoW, SetWindowTextW, GetProcessDefaultLayout, PtInRect, DestroyMenu, GetWindowPlacement, FillRect, ShowCaret
> GDI32.dll: CreateBitmap, GetDIBits, Ellipse, SelectPalette, StretchBlt, SetROP2, EndDoc, PatBlt, GetTextExtentPoint32W, CreatePalette, SelectClipRgn, GetTextMetricsW, CreateCompatibleDC, RealizePalette, EnumFontFamiliesW, SetBkColor, SetBkMode, SetViewportOrgEx, GetPixel, Polyline, CreateICW
> COMDLG32.dll: ReplaceTextA
> ADVAPI32.dll: RegCloseKey
> OLEAUT32.dll: -, -, -, -, -

( 0 exports )
PDFiD.: -
RDS…: NSRL Reference Data Set
-
packers (Kaspersky): PE_Patch

Ilomo is a trojan that injects a malicious code into Internet Explorer in order to silently download from the Internet and execute arbitrary files. Some of them appear to be harmful and dangerous. Ilomo can get into the system while visiting some insecure web sites.


Ilomo Properties:

The file name of the trojan is “service.exe” .

• Connects itself to the internet
• Hides from the user
- The Trojan copy itself at “C:\Documents and Settings\”User”\Application Data”.
- The Trojan create start up record for its exe file (you can see it in MSCONFIG).
• Stays resident in background and run the iexplore.exe to reach the internet and download harmful software.


Manual Stop and Removal :

-  Run task manager and terminate the Trojan file “service.exe”

-  Go to “C:\Documents and Settings\(“Your User”)\Application Data” and delete “service.exe”

-  Go to start > Run > type “Msconfig”>choose Startup >uncheck “service.exe”>OK and restart your PC.

For any help just comment or contact us.


Tags: , , , , , ,

How To Remove Win32/Mabezat, Win32/Mabezat.A, Win32/Mabezat.B, Worm.Win32.Mabezat.b

July 5, 2009 by admin  
Filed under Removal Tips,Tools and Videos

12 Comments

virus spyware icon How To Remove Win32/Mabezat, Win32/Mabezat.A, Win32/Mabezat.B, Worm.Win32.Mabezat.b

Overview

This description is for a worm that is capable of spreading through removable devices and network shares.

The characteristics of this worm in regards to file names, folders created etc. will differ from one version to another. Hence, this is a general description.


Read more

Tags: , , , , , , , , , ,

How to Remove olhrwef.exe (Magania Trojan / Worm) Manually

June 30, 2009 by Rahulmg [Admin]  
Filed under Removal Tips,Tools and Videos

Leave a Comment

virus spyware icon How to Remove olhrwef.exe (Magania Trojan / Worm) Manually

The file olhrwef.exe is a complex virus file.. This file is commonly known as W32/Magania.BDYU Trojan,W32/AutoRun.EPN Worm, W32/OnLineGames.TBMA Trojan, W32/Taterf.B Worm, W32/Magania.AUUB Trojan, W32/Magania.AUDK Trojan, W32/Magania.ASNK Trojan

Read more

Tags: , , , , , , ,

Kaspersky Removal Tool (Updated Daily)

April 19, 2009 by admin  
Filed under Removal Tips,Tools and Videos

5 Comments

kvrt Kaspersky Removal Tool (Updated Daily)

Read more

Tags: , , , , , ,

8 Tools For Fighting And Removing Conficker,Downup, Downadup and Kido Virus

April 8, 2009 by admin  
Filed under Removal Tips,Tools and Videos

Leave a Comment

Conficker 8 Tools For Fighting And Removing Conficker,Downup, Downadup and Kido Virus Read more

Tags: , , , , , , , ,

« Previous Page