Skip to main content




  • Customer

    Upload sample test:


    Attached BHO.dll, gathered from this thread:


    O2 - BHO: (no name) - {8F776B2A-72DF-40C1-BD69-EDB642A706D7} - C:\WINDOWS\system32\4LfGsn\BHO.dll


    Certainly malware related /adware related - Chinese origin.

    No scanners are detecting it yet.

    Aspack packed.




    Edit, it appears that I can only submit zip files (so we need to zip the files first)

    Is a password required (infected) or not? In this case I didn't use a password.

  • Customer

    FYI.. Avira and Kaspersky are now detecting it as: Trojan-Downloader.Win32.Agent.epu

  • Support

    Thanks Miekie,


    I lost my DSL connection last night (just as I was typing a reply here) and did not get it back fully until this afternoon.


    Yes, on the zip files and

    Yes, they should be password protection. Use the password: infected


    I did manage to get an email off to the Research team about this forum, but don't know if they have seen it yet.


    Thanks very much. I'll go ahead and FTP this one on in for them in case they missed it.


    And now, much catching up to do!


    I'm subscribed now to this entire forum so I'll be sure to give them a heads up each time something is uploaded here.


    You can just start a new topic and attach a file anytime you see one you think needs it.

  • Support

    Hi Mieke,


    Just to confirm they did get this and it is included in today's definitions update


    Family Id: 1006 Name: Win32.TrojanDownloader.Agent Category: Virus TAI:10

    Item Id: 64368 Value: File: C:\DOCUME~1\COMPAQ~1\MYDOCU~1\Malware\SUSPIC~3\Mikie BHO zip\BHO.dll


    I'll go ahead and remove attachment since it isn't need any more, but I'll leave the topic thread in tact (and I changed the title so it doesn't say *test* anymore, since we made it live )


    Thank you so much!


Please sign in to leave a comment.