I found a file on one of my systems and I am trying to understand its threat level.
One account (out of 4) began to pop-up an "Unknown Publisher - Do you want to run this file?" message for wmipvs.exe.
msconfig showed this file listed in the Startup tab for just 1 out of the 4 accounts. The file is located in c:\windows\system32.
SpyBot, AVG Spyware and CA Spyware and CA VirusScan do not recognize this file as a threat.
I have renamed the file to wmipvs.old to ensure it can't be run.
I uploaded the file to http://virusscan.jotti.org/ and received the results shown in the table below. My first question would be this: Why do different scanners show a different name for the same threat?
File: wmipvs.exe
Status: INFECTED/MALWARE
MD5: 135e4a9e8ad6e1c34314b45e23cd18c5
Packers detected: -
Bit9 reports: High threat detected (more info)
Scan taken on 05 Jan 2008 17:09:40 (GMT)
A-Squared Found nothing
AntiVir Found WORM/IrcBot.160768.1
ArcaVir Found nothing
Avast Found Win32:IRCBot-CFV
AVG Antivirus Found Obfustat.EJS
BitDefender Found Backdoor.IRCBot.ABEK
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found BackDoor.Oscar
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Backdoor.IRCBot.ABEK
Kaspersky Anti-Virus Found nothing
NOD32 Found a variant of Win32/Nugache
Norman Virus Control Found W32/Malware.ADIF
Panda Antivirus Found W32/Oscarbot.MT.worm
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
In addition, when I clicked on the (more info) link in the line that reads "Bit9 reports: High threat detected (more info)" it says the file name is index.html. What does that mean?
Search results by hash:MD5: 135e4a9e8ad6e1c34314b45e23cd18c5
File Information help »
File Name: index.html Description: Unknown
Version: Unknown MD5: 135e4a9e8ad6e1c34314b45e23cd18c5
Size: 157 KB SHA-1: de13836be7a8b964686e345adc92a975b8700a7e
Threat level
This file was analyzed on 9/28/2007 4:17:00 AM and multiple tests reported it as malicious.
File found in 1 package(s) from Honeypot 3:
Package name File name Operating system Language
File Collection index.html Unknown Unknown
Any enlightenment you can provide would be greatly appricated. Thanks!