Please do not visit the sites below. The data discussed here is for informational purposes only!
I was doing my normal malware searching rounds tonight and came across a file called ProdigyAntivirus.exe. The installer (ProdigyAntivirus.exe) drops 4 files inside of %windir% and is currently being hosted on a RapidShare account.
Session Summary:
# Result Protocol Host URL Body Caching
0 302 HTTP prodigy-antivirus.com /179
1 302 HTTP rapidshare.com /files/160002556/ProdigyAntivirus.ex[e]
2 200 HTTP rs317tl2.rapidshare.com/files/160002556/ProdigyAntivirus.ex[e]
Installing:
Files Dropped:
c:\windows\csrss.exe –> 6b4ec82b2ca24014a14a955d7f957eeb
c:\windows\alg.exe –> 8822188d4c681fc23804bbccb457136d
c:\windows\lsass.exe –> ee26d966411103783e6371543b843719
c:\windows\msinet.ocx –> 40d81470a19269d88bf44e766be7f84a
0 Responses to “Prodigy Antivirus – 5 files added – 1 domain added [Low Detection]”
Leave a Reply
You must login to post a comment.