Исследование антивирусов 6

XL · 23.02.2008, 15:08

Вот такой улов:

Код:

Файл avz00015.dta получен 2008.02.23 12:22:26

AhnLab-V3	2008.2.22.0	2008.02.22	-
AntiVir	7.6.0.67	2008.02.22	TR/Agent.97792.1
Authentium	4.93.8	2008.02.23	-
Avast	4.7.1098.0	2008.02.22	Win32:Warezov-BYG
AVG	7.5.0.516	2008.02.22	Generic9.AAVW
BitDefender	7.2	2008.02.23	Generic.Malware.SFYBd.610E7661
CAT-QuickHeal	9.50	2008.02.22	-
ClamAV	0.92.1	2008.02.23	-
DrWeb	4.44.0.09170	2008.02.22	Trojan.Popuper.5062
eSafe	7.0.15.0	2008.02.21	suspicious Trojan/Worm
eTrust-Vet	31.3.5557	2008.02.23	-
Ewido	4.0	2008.02.22	-
FileAdvisor	1	2008.02.23	High threat detected
Fortinet	3.14.0.0	2008.02.23	-
F-Prot	4.4.2.54	2008.02.22	-
F-Secure	6.70.13260.0	2008.02.22	W32/Malware.BIAW
Ikarus	T3.1.1.20	2008.02.23	Virus.Win32.Warezov.BYG
Kaspersky	7.0.0.125	2008.02.23	-
McAfee	5236	2008.02.22	-
Microsoft	1.3204	2008.02.23	-
NOD32v2	2897	2008.02.22	-
Norman	5.80.02	2008.02.22	W32/Malware.BIAW
Panda	9.0.0.4	2008.02.22	-
Prevx1	V2	2008.02.23	Heuristic: Suspicious File With Outbound Communications
Rising	20.32.52.00	2008.02.23	-
Sophos	4.26.0	2008.02.23	-
Sunbelt	3.0.893.0	2008.02.23	-
Symantec	10	2008.02.23	Trojan.Zlob
TheHacker	6.2.9.227	2008.02.22	-
VBA32	3.12.6.1	2008.02.21	Trojan.Popuper.5062
VirusBuster	4.3.26:9	2008.02.22	-
Webwasher-Gateway	6.6.2	2008.02.23	Trojan.Agent.97792.1

File size: 97792 bytes
MD5: b3ac88d488a5b7555515f5d0c47a66d5
SHA1: 19666faabacbe7b657d65f7068c485f0fa4ef396
packers: PE_Patch.UPX, UPX

Код:

Файл avz00002.dta получен 2008.02.23 12:25:37 (CET)

AhnLab-V3	2008.2.22.0	2008.02.22	-
AntiVir	7.6.0.67	2008.02.22	TR/Crypt.XDR.Gen
Authentium	4.93.8	2008.02.23	-
Avast	4.7.1098.0	2008.02.22	-
AVG	7.5.0.516	2008.02.22	-
BitDefender	7.2	2008.02.23	-
CAT-QuickHeal	9.50	2008.02.22	-
ClamAV	0.92.1	2008.02.23	-
DrWeb	4.44.0.09170	2008.02.22	-
eSafe	7.0.15.0	2008.02.21	-
eTrust-Vet	31.3.5557	2008.02.23	-
Ewido	4.0	2008.02.23	-
FileAdvisor	1	2008.02.23	-
Fortinet	3.14.0.0	2008.02.23	-
F-Prot	4.4.2.54	2008.02.22	-
F-Secure	6.70.13260.0	2008.02.22	Suspicious:W32/Malware!Gemini
Ikarus	T3.1.1.20	2008.02.23	-
Kaspersky	7.0.0.125	2008.02.23	-
McAfee	5236	2008.02.22	-
Microsoft	1.3204	2008.02.23	-
NOD32v2	2897	2008.02.22	-
Norman	5.80.02	2008.02.22	-
Panda	9.0.0.4	2008.02.22	Suspicious file
Prevx1	V2	2008.02.23	-
Rising	20.32.52.00	2008.02.23	-
Sophos	4.26.0	2008.02.23	-
Sunbelt	3.0.893.0	2008.02.23	-
Symantec	10	2008.02.23	-
TheHacker	6.2.9.227	2008.02.22	-
VBA32	3.12.6.1	2008.02.21	suspected of Trojan-PSW.Pinch.35 (paranoid heuristics)
VirusBuster	4.3.26:9	2008.02.22	-
Webwasher-Gateway	6.6.2	2008.02.23	Trojan.Crypt.XDR.Gen
Дополнительная информация
File size: 30208 bytes
MD5: 4d96f1f1d99f6a07791d708a2993ef71
SHA1: 34217b2249dfb93816e53fc5df50645ae2b91759

Код:

Файл avz00002.dta получен 2008.02.23 12:30:03 (CET)

AhnLab-V3	2008.2.22.0	2008.02.22	-
AntiVir	7.6.0.67	2008.02.22	-
Authentium	4.93.8	2008.02.23	-
Avast	4.7.1098.0	2008.02.22	VBS:Malware-gen
AVG	7.5.0.516	2008.02.22	Worm/Small.2.D
BitDefender	7.2	2008.02.23	-
CAT-QuickHeal	9.50	2008.02.22	-
ClamAV	0.92.1	2008.02.23	-
DrWeb	4.44.0.09170	2008.02.22	Win32.HLLW.Autoruner
eSafe	7.0.15.0	2008.02.21	-
eTrust-Vet	31.3.5557	2008.02.23	INF/Liphew
Ewido	4.0	2008.02.23	Trojan.Delf.aws
FileAdvisor	1	2008.02.23	-
Fortinet	3.14.0.0	2008.02.23	-
F-Prot	4.4.2.54	2008.02.22	-
F-Secure	6.70.13260.0	2008.02.22	Autorun.NY
Ikarus	T3.1.1.20	2008.02.23	-
Kaspersky	7.0.0.125	2008.02.23	-
McAfee	5236	2008.02.22	Generic!atr
Microsoft	1.3204	2008.02.23	-
NOD32v2	2897	2008.02.22	Win32/Delf.AWS
Norman	5.80.02	2008.02.22	Autorun.NY
Panda	9.0.0.4	2008.02.22	-
Rising	20.32.52.00	2008.02.23	-
Sophos	4.26.0	2008.02.23	W32/SillyFDC-AV
Sunbelt	3.0.893.0	2008.02.23	-
Symantec	10	2008.02.23	-
TheHacker	6.2.9.227	2008.02.22	-
VBA32	3.12.6.1	2008.02.21	-
VirusBuster	4.3.26:9	2008.02.22	-
Webwasher-Gateway	6.6.2	2008.02.23	-
Дополнительная информация
File size: 186 bytes
MD5: 388cdce38219e26795c8df2e4b9a8a4c
SHA1: 0e72b83417eab223464533d1b749d4bd8a6caa13

Код:

Файл avz00013.dta получен 2008.02.23 12:29:40 (CET)

AhnLab-V3	2008.2.22.0	2008.02.22	-
AntiVir	7.6.0.67	2008.02.22	-
Authentium	4.93.8	2008.02.23	W32/Warezov.gen2!W32DL
Avast	4.7.1098.0	2008.02.22	Win32:Warezov-BYG
AVG	7.5.0.516	2008.02.22	-
BitDefender	7.2	2008.02.23	DeepScan:Generic.Malware.SFMYBd.9DB05417
CAT-QuickHeal	9.50	2008.02.22	-
ClamAV	0.92.1	2008.02.23	-
DrWeb	4.44.0.09170	2008.02.22	Trojan.Popuper.origin
eSafe	7.0.15.0	2008.02.21	suspicious Trojan/Worm
eTrust-Vet	31.3.5557	2008.02.23	-
Ewido	4.0	2008.02.23	-
FileAdvisor	1	2008.02.23	-
Fortinet	3.14.0.0	2008.02.23	-
F-Prot	4.4.2.54	2008.02.22	W32/Warezov.gen2!W32DL
Ikarus	T3.1.1.20	2008.02.23	-
Kaspersky	7.0.0.125	2008.02.23	-
McAfee	5236	2008.02.22	-
Microsoft	1.3204	2008.02.23	-
NOD32v2	2897	2008.02.22	-
Norman	5.80.02	2008.02.22	W32/Malware
Panda	9.0.0.4	2008.02.22	-
Prevx1	V2	2008.02.23	Heuristic: Suspicious File With Bad Child Associations
Rising	20.32.52.00	2008.02.23	-
Sophos	4.26.0	2008.02.23	-
Sunbelt	3.0.893.0	2008.02.23	-
Symantec	10	2008.02.23	-
TheHacker	6.2.9.227	2008.02.22	-
VBA32	3.12.6.1	2008.02.21	-
VirusBuster	4.3.26:9	2008.02.22	-
Webwasher-Gateway	6.6.2	2008.02.23	-
Дополнительная информация
File size: 157184 bytes
MD5: bb15f21db4b7ddac4324a4714ca61f04
SHA1: 67ceadd25f8cb6e9ee9b582e9cf86fe85eb975ab
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers: UPX
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX

Добавлено через 17 минут

Еще одна малварка, выуженная мной у пользователя на форуме нашего провайдера:

Код:

Файл avz00001.dta получен 2008.02.23 12:51:28 (CET)

AhnLab-V3	2008.2.22.0	2008.02.22	-
AntiVir	7.6.0.67	2008.02.22	-
Authentium	4.93.8	2008.02.23	-
Avast	4.7.1098.0	2008.02.22	-
AVG	7.5.0.516	2008.02.22	-
BitDefender	7.2	2008.02.23	-
CAT-QuickHeal	9.50	2008.02.22	-
ClamAV	0.92.1	2008.02.23	-
DrWeb	4.44.0.09170	2008.02.22	-
eSafe	7.0.15.0	2008.02.21	-
eTrust-Vet	31.3.5557	2008.02.23	Win32/Pripecs!generic
Ewido	4.0	2008.02.23	-
FileAdvisor	1	2008.02.23	-
Fortinet	3.14.0.0	2008.02.23	-
F-Prot	4.4.2.54	2008.02.22	W32/FakeAlert.E.gen!Eldorado
F-Secure	6.70.13260.0	2008.02.22	-
Ikarus	T3.1.1.20	2008.02.23	Virus.Win32.Agent.LTS
Kaspersky	7.0.0.125	2008.02.23	-
McAfee	5236	2008.02.22	-
Microsoft	1.3204	2008.02.23	Adware:Win32/SmitFraud
NOD32v2	2897	2008.02.22	-
Norman	5.80.02	2008.02.22	-
Panda	9.0.0.4	2008.02.23	-
Prevx1	V2	2008.02.23	Downloader.Zlob
Rising	20.32.52.00	2008.02.23	-
Sophos	4.26.0	2008.02.23	-
Sunbelt	3.0.893.0	2008.02.23	-
Symantec	10	2008.02.23	-
TheHacker	6.2.9.227	2008.02.22	-
VBA32	3.12.6.1	2008.02.21	suspected of Downloader.Zlob.8
VirusBuster	4.3.26:9	2008.02.22	-
Webwasher-Gateway	6.6.2	2008.02.23	-
Дополнительная информация
File size: 233472 bytes
MD5: a5744a05fbffae4a6d2b29c35dd0ceb4
SHA1: 4c9123993836e14124619adc803f7a9732a3e24b

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**rubin** · 27.02.2008, 16:34

Файл avz00006.dta получен 2008.02.27 14:25:40 (CET)

Код:

AhnLab-V3	2008.2.27.0	2008.02.27	Win-Trojan/Stresid.9728
AntiVir	7.6.0.67	2008.02.27	TR/Stresid.G
Authentium	4.93.8	2008.02.27	-
Avast	4.7.1098.0	2008.02.26	Win32:Trojan-gen {Other}
AVG	7.5.0.516	2008.02.27	PSW.Generic5.AZV
BitDefender	7.2	2008.02.27	Trojan.Stresid.G
CAT-QuickHeal	9.50	2008.02.26	-
ClamAV	0.92.1	2008.02.27	-
DrWeb	4.44.0.09170	2008.02.27	-
eSafe	7.0.15.0	2008.02.26	-
eTrust-Vet	31.3.5567	2008.02.27	Win32/Stresid.D
Ewido	4.0	2008.02.27	-
FileAdvisor	1	2008.02.27	-
Fortinet	3.14.0.0	2008.02.27	Agent.BF!tr.spy
F-Prot	4.4.2.54	2008.02.26	-
F-Secure	6.70.13260.0	2008.02.27	-
Ikarus	T3.1.1.20	2008.02.27	-
Kaspersky	7.0.0.125	2008.02.27	-
McAfee	5238	2008.02.26	Spy-Agent.bf.dldr
Microsoft	1.3301	2008.02.27	Trojan:Win32/Stresid.gen
NOD32v2	2905	2008.02.27	-
Norman	5.80.02	2008.02.26	-
Panda	9.0.0.4	2008.02.27	Trj/Agent.DPE
Prevx1	V2	2008.02.27	Generic.Malware
Rising	20.33.22.00	2008.02.27	-
Sophos	4.27.0	2008.02.27	-
Sunbelt	3.0.893.0	2008.02.23	Trojan.LinkOptimizer
Symantec	10	2008.02.27	Trojan.LinkOptimizer
TheHacker	6.2.9.229	2008.02.25	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.02.26	-
Webwasher-Gateway	6.6.2	2008.02.27	Trojan.Stresid.G

File size: 9728 bytes
MD5: e7bfcaf612251e76228c3c5f2abc7b0b
SHA1: 37047c3153179b69ae7134d2439c5d57faa59e20
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...A89E0067E2A30F

**rubin** · 28.02.2008, 21:16

virtumonde

Файл avz00003.dta получен 2008.02.28 19:00:01 (CET)

Код:

AhnLab-V3	2008.2.28.2	2008.02.28	-
AntiVir	7.6.0.67	2008.02.28	TR/Vundo.Gen
Authentium	4.93.8	2008.02.28	-
Avast	4.7.1098.0	2008.02.27	-
AVG	7.5.0.516	2008.02.28	-
BitDefender	7.2	2008.02.28	-
CAT-QuickHeal	9.50	2008.02.28	-
ClamAV	0.92.1	2008.02.28	-
DrWeb	4.44.0.09170	2008.02.28	-
eSafe	7.0.15.0	2008.02.28	-
eTrust-Vet	31.3.5571	2008.02.28	-
Ewido	4.0	2008.02.28	-
FileAdvisor	1	2008.02.28	-
Fortinet	3.14.0.0	2008.02.28	-
F-Prot	4.4.2.54	2008.02.27	W32/Virtumonde.G.gen!Eldorado
F-Secure	6.70.13260.0	2008.02.28	Vundo.gen58
Ikarus	T3.1.1.20	2008.02.28	-
Kaspersky	7.0.0.125	2008.02.28	-
McAfee	5241	2008.02.28	-
Microsoft	1.3301	2008.02.28	Trojan:Win32/Vundo.gen!A
NOD32v2	2909	2008.02.28	-
Norman	5.80.02	2008.02.28	Vundo.gen58
Panda	9.0.0.4	2008.02.27	-
Prevx1	V2	2008.02.28	Trojan.Vundo
Rising	20.33.32.00	2008.02.28	-
Sophos	4.27.0	2008.02.28	-
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.02.28	-
TheHacker	6.2.9.229	2008.02.25	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.02.28	Adware.Vundo.Gen!Pac.18
Webwasher-Gateway	6.6.2	2008.02.28	Trojan.Vundo.Gen

File size: 289280 bytes
MD5: bdaf285c8738d0081b1507b5b3bf6554
SHA1: 9ed3cec505fda56ba5d465a51f8bca2fa053fa57
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...A8F60090A9E7EF

**Shu_b** · 29.02.2008, 17:47

Февраль.
Жаль что мало результатов...

**strawser** · 01.03.2008, 13:58

File CuteFTP8_Keygen.exe received on 03.01.2008 11:52:30 (CET)
AhnLab-V3 2008.2.29.1 2008.02.29 -
AntiVir 7.6.0.73 2008.02.29 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2008.03.01 -
Avast 4.7.1098.0 2008.03.01 -
AVG 7.5.0.516 2008.02.29 -
BitDefender 7.2 2008.03.01 MemScan:Trojan.PWS.LDPinch.TJR
CAT-QuickHeal 9.50 2008.03.01 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.03.01 -
DrWeb 4.44.0.09170 2008.02.29 -
eSafe 7.0.15.0 2008.02.28 Suspicious File
eTrust-Vet 31.3.5574 2008.02.29 -
Ewido 4.0 2008.03.01 -
FileAdvisor 1 2008.03.01 -
Fortinet 3.14.0.0 2008.03.01 -
F-Prot 4.4.2.54 2008.02.29 -
F-Secure 6.70.13260.0 2008.03.01 W32/Malware
Ikarus T3.1.1.20 2008.03.01 BehavesLikeWin32.ProcessHijack
Kaspersky 7.0.0.125 2008.03.01 Trojan-PSW.Win32.Agent.zp
McAfee 5242 2008.02.29 -
Microsoft 1.3301 2008.03.01 -
NOD32v2 2913 2008.03.01 -
Norman 5.80.02 2008.02.29 W32/Malware
Panda 9.0.0.4 2008.03.01 Suspicious file
Prevx1 V2 2008.03.01 -
Rising 20.33.52.00 2008.03.01 -
Sophos 4.27.0 2008.03.01 -
Sunbelt 3.0.906.0 2008.02.28 -
Symantec 10 2008.03.01 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.2 2008.02.27 suspected of Embedded.MalwareScope.Trojan-PSW.Pinch.1
VirusBuster 4.3.26:9 2008.02.29 -
Webwasher-Gateway 6.6.2 2008.03.01 Trojan.Crypt.XPACK.Gen
Additional information
File size: 23040 bytes
MD5: fb8983a47983f4335790705ce98aa7c2
SHA1: 3e66bb78992e387ce6e49fd92ec64031eab36213
PEiD: -

File game.rar received on 03.01.2008 11:54:49 (CET)
AhnLab-V3 2008.2.29.1 2008.02.29 -
AntiVir 7.6.0.73 2008.02.29 -
Authentium 4.93.8 2008.03.01 -
Avast 4.7.1098.0 2008.03.01 -
AVG 7.5.0.516 2008.02.29 -
BitDefender 7.2 2008.03.01 -
CAT-QuickHeal 9.50 2008.03.01 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.03.01 -
DrWeb 4.44.0.09170 2008.02.29 -
eSafe 7.0.15.0 2008.02.28 Suspicious File
eTrust-Vet 31.3.5574 2008.02.29 -
Ewido 4.0 2008.03.01 -
FileAdvisor 1 2008.03.01 -
Fortinet 3.14.0.0 2008.03.01 -
F-Prot 4.4.2.54 2008.02.29 -
F-Secure 6.70.13260.0 2008.03.01 -
Ikarus T3.1.1.20 2008.03.01 -
Kaspersky 7.0.0.125 2008.03.01 Heur.Trojan.Generic
McAfee 5242 2008.02.29 -
Microsoft 1.3301 2008.03.01 -
NOD32v2 2913 2008.03.01 -
Norman 5.80.02 2008.02.29 -
Panda 9.0.0.4 2008.03.01 Suspicious file
Prevx1 V2 2008.03.01 Heuristic: Suspicious File With Covert Attributes
Rising 20.33.52.00 2008.03.01 -
Sophos 4.27.0 2008.03.01 Sus/DelpDldr-A
Sunbelt 3.0.906.0 2008.02.28 -
Symantec 10 2008.03.01 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.2 2008.02.27 suspected of Win32.Trojan-Downloader
VirusBuster 4.3.26:9 2008.02.29 -
Webwasher-Gateway 6.6.2 2008.03.01 Win32.Malware.gen#PECompact (suspicious)
Additional information
File size: 232572 bytes
MD5: 60a7fa716edd916d85b436d0987722d2
SHA1: 817910417fc937980872e7c64730d3c9fe4a8ac2
PEiD: -
packers: PecBundle, PECompact
packers: PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact
Prevx info: http://info.prevx.com/aboutprogramte...641C00620DE4E0

**rubin** · 01.03.2008, 23:00

C:\WINDOWS\system32\mssrv32.exe

Файл avz00002.dta получен 2008.03.01 15:08:31 (CET)

Код:

AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.02.29	DR/Delphi.Gen
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.01	-
AVG	7.5.0.516	2008.02.29	-
BitDefender	7.2	2008.03.01	-
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	0.92.1	2008.03.01	-
DrWeb	4.44.0.09170	2008.03.01	Trojan.PWS.LDPinch.1941
eSafe	7.0.15.0	2008.02.28	-
eTrust-Vet	31.3.5574	2008.02.29	-
Ewido	4.0	2008.03.01	-
FileAdvisor	1	2008.03.01	-
Fortinet	3.14.0.0	2008.03.01	-
F-Prot	4.4.2.54	2008.02.29	-
F-Secure	6.70.13260.0	2008.03.01	-
Ikarus	T3.1.1.20	2008.03.01	Virus.Win32.Zapchast.DA
Kaspersky	7.0.0.125	2008.03.01	-
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.01	VirTool:Win32/DelfInject.gen!AA
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.01	-
Prevx1	V2	2008.03.01	-
Rising	20.33.52.00	2008.03.01	Trojan.DL.Win32.Agent.bxw
Sophos	4.27.0	2008.03.01	Mal/EncPk-CM
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.01	-
TheHacker	6.2.9.229	2008.02.25	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.02.29	-
Webwasher-Gateway	6.6.2	2008.03.01	Trojan.Dropper.Delphi.Gen

File size: 32256 bytes
MD5: 2de32a43ad09d558c3ff0bd3ac093760
SHA1: 5772af34611ea4ab5536e27362b5ce91a723501a
PEiD: -

C:\WINDOWS\system32\WLCtrl32.dll
Файл avz00005.dta получен 2008.03.01 15:08:31 (CET)

Код:

AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.02.29	-
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.01	-
AVG	7.5.0.516	2008.02.29	-
BitDefender	7.2	2008.03.01	-
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	0.92.1	2008.03.01	-
DrWeb	4.44.0.09170	2008.03.01	-
eSafe	7.0.15.0	2008.02.28	-
eTrust-Vet	31.3.5574	2008.02.29	-
Ewido	4.0	2008.03.01	-
FileAdvisor	1	2008.03.01	-
Fortinet	3.14.0.0	2008.03.01	-
F-Prot	4.4.2.54	2008.02.29	-
F-Secure	6.70.13260.0	2008.03.01	-
Ikarus	T3.1.1.20	2008.03.01	-
Kaspersky	7.0.0.125	2008.03.01	-
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.01	TrojanDropper:Win32/Cutwail.Y
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.01	-
Prevx1	V2	2008.03.01	KAVKOP:Trojan-A
Rising	20.33.52.00	2008.03.01	-
Sophos	4.27.0	2008.03.01	-
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.01	-
TheHacker	6.2.9.229	2008.02.25	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.02.29	-
Webwasher-Gateway	6.6.2	2008.03.01	-

Дополнительная информация
File size: 11776 bytes
MD5: 31143dab862917c131d3216af7553448
SHA1: 2bc62f5a377171f5d4f2b4332e8e18f7bd33cd98
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...636300C0F15FC3

Добавлено через 5 часов 34 минуты

C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe

Файл avz00001.dta получен 2008.03.01 20:43:28 (CET)

Код:

AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.02.29	TR/Drop.Agent.snu
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.01	-
AVG	7.5.0.516	2008.03.01	-
BitDefender	7.2	2008.03.01	-
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	0.92.1	2008.03.01	-
DrWeb	4.44.0.09170	2008.03.01	-
eSafe	7.0.15.0	2008.02.28	-
eTrust-Vet	31.3.5574	2008.02.29	-
Ewido	4.0	2008.03.01	-
FileAdvisor	1	2008.03.01	-
Fortinet	3.14.0.0	2008.03.01	-
F-Prot	4.4.2.54	2008.03.01	-
F-Secure	6.70.13260.0	2008.03.01	-
Ikarus	T3.1.1.20	2008.03.01	-
Kaspersky	7.0.0.125	2008.03.01	-
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.01	-
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.01	-
Prevx1	V2	2008.03.01	-
Rising	20.33.52.00	2008.03.01	-
Sophos	4.27.0	2008.03.01	-
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.01	-
TheHacker	6.2.9.230	2008.03.01	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.02.29	-
Webwasher-Gateway	6.6.2	2008.03.01	Trojan.Drop.Agent.snu

File size: 27032 bytes
MD5: 9c88404d896787714e9b9a5f7a3c07b9
SHA1: f37c0ce3d0095dcb51be2c405b9111ade0dc3549
PEiD: -

Добавлено через 11 минут

Продолжаем пополнение

C:\Program Files\Common Files\System\ntsvc32k.exe

Файл avz00002.dta получен 2008.03.01 20:51:48 (CET)

Код:

AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.02.29	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.01	-
AVG	7.5.0.516	2008.03.01	-
BitDefender	7.2	2008.03.01	-
CAT-QuickHeal	9.50	2008.03.01	(Suspicious) - DNAScan
ClamAV	0.92.1	2008.03.01	-
DrWeb	4.44.0.09170	2008.03.01	-
eSafe	7.0.15.0	2008.02.28	-
eTrust-Vet	31.3.5574	2008.02.29	-
Ewido	4.0	2008.03.01	-
FileAdvisor	1	2008.03.01	-
Fortinet	3.14.0.0	2008.03.01	-
F-Prot	4.4.2.54	2008.03.01	-
F-Secure	6.70.13260.0	2008.03.01	Suspicious:W32/Malware!Gemini
Ikarus	T3.1.1.20	2008.03.01	Trojan.Crypt.XPACK
Kaspersky	7.0.0.125	2008.03.01	-
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.01	Trojan:Win32/Chksyn.gen!A
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.01	Suspicious file
Prevx1	V2	2008.03.01	Generic.Malware
Rising	20.33.52.00	2008.03.01	-
Sophos	4.27.0	2008.03.01	Mal/Generic-A
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.01	-
TheHacker	6.2.9.230	2008.03.01	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.02.29	-
Webwasher-Gateway	6.6.2	2008.03.01	Trojan.Crypt.XPACK.Gen

File size: 14032 bytes
MD5: dd701590a5745d4af33ff88e3f0ea02b
SHA1: 3c33f183e479c735b18cdf7feef80fce3401ee1b
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...D29400323D834C

C:\Program Files\Common Files\System\RDPsvc2.exe

Файл avz00004.dta получен 2008.03.01 20:52:06 (CET)

Код:

AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.02.29	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.01	-
AVG	7.5.0.516	2008.03.01	-
BitDefender	7.2	2008.03.01	-
CAT-QuickHeal	9.50	2008.03.01	(Suspicious) - DNAScan
ClamAV	0.92.1	2008.03.01	-
DrWeb	4.44.0.09170	2008.03.01	-
eSafe	7.0.15.0	2008.02.28	Suspicious File
eTrust-Vet	31.3.5574	2008.02.29	-
Ewido	4.0	2008.03.01	-
FileAdvisor	1	2008.03.01	-
Fortinet	3.14.0.0	2008.03.01	-
F-Prot	4.4.2.54	2008.03.01	-
F-Secure	6.70.13260.0	2008.03.01	Suspicious:W32/Malware!Gemini
Ikarus	T3.1.1.20	2008.03.01	Trojan.Crypt.XPACK
Kaspersky	7.0.0.125	2008.03.01	-
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.01	Trojan:Win32/Chksyn.gen!A
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.01	Suspicious file
Prevx1	V2	2008.03.01	Generic.Malware
Rising	20.33.52.00	2008.03.01	-
Sophos	4.27.0	2008.03.01	Mal/Generic-A
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.01	-
TheHacker	6.2.9.230	2008.03.01	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.02.29	-
Webwasher-Gateway	6.6.2	2008.03.01	Trojan.Crypt.XPACK.Gen

File size: 31728 bytes
MD5: 633272b631f9935df968f1dbce840667
SHA1: f5fe22583139085b8857adea7606f0c45604d7ff
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...376A00A69FD467

**rubin** · 02.03.2008, 20:33

t=18975

C:\WINDOWS\explorer.exe:whois2.jpg:$DATA
Файл avz00002.dta получен 2008.03.02 10:54:04 (CET)

Код:

AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.02.29	-
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.01	-
AVG	7.5.0.516	2008.03.01	-
BitDefender	7.2	2008.03.02	-
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	None	2008.03.01	-
DrWeb	4.44.0.09170	2008.03.01	-
eSafe	7.0.15.0	2008.02.28	suspicious Trojan/Worm
eTrust-Vet	31.3.5574	2008.02.29	-
Ewido	4.0	2008.03.02	-
FileAdvisor	1	2008.03.02	-
Fortinet	3.14.0.0	2008.03.02	-
F-Prot	4.4.2.54	2008.03.01	W32/Heuristic-MU2!Eldorado
F-Secure	6.70.13260.0	2008.03.01	-
Ikarus	T3.1.1.20	2008.03.02	-
Kaspersky	7.0.0.125	2008.03.02	-
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.02	-
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.01	-
Prevx1	V2	2008.03.02	-
Rising	20.33.52.00	2008.03.01	-
Sophos	4.27.0	2008.03.02	-
Sunbelt	3.0.906.0	2008.02.28	VIPRE.Suspicious
Symantec	10	2008.03.02	-
TheHacker	6.2.92.231	2008.03.02	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.03.02	-
Webwasher-Gateway	6.6.2	2008.03.02	Win32.Malware.dam (suspicious)

File size: 28319 bytes
MD5: d7bc1d1f3c55ef3c5823edd0b8855b3c
SHA1: c88c2091ce620e08340a3eaaae86a9cf0d8f5ad9
PEiD: -
packers: PE_Patch

Файл avz00010.dta получен 2008.03.02 10:55:15 (CET)
C:\WINDOWS\system32\consol.dll

Код:

AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.02.29	-
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.01	-
AVG	7.5.0.516	2008.03.01	-
BitDefender	7.2	2008.03.02	-
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	0.92.1	2008.03.01	-
DrWeb	4.44.0.09170	2008.03.01	-
eSafe	7.0.15.0	2008.02.28	suspicious Trojan/Worm
eTrust-Vet	31.3.5574	2008.02.29	Win32/Kvol!generic
Ewido	4.0	2008.03.02	-
FileAdvisor	1	2008.03.02	-
Fortinet	3.14.0.0	2008.03.02	-
F-Prot	4.4.2.54	2008.03.01	-
F-Secure	6.70.13260.0	2008.03.01	-
Ikarus	T3.1.1.20	2008.03.02	Virus.Trojan.Win32.Pakes.cdw
Kaspersky	7.0.0.125	2008.03.02	-
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.02	Trojan:Win32/Boaxxe.B
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.01	Suspicious file
Prevx1	V2	2008.03.02	Generic.Malware
Rising	20.33.52.00	2008.03.01	-
Sophos	4.27.0	2008.03.02	-
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.02	-
TheHacker	6.2.92.231	2008.03.02	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.03.02	-
Webwasher-Gateway	6.6.2	2008.03.02	-

File size: 88064 bytes
MD5: 4fbabeff1bfe366c916cf00ca29eb640
SHA1: 4a02ef50600b89bef0ac8ad5c7caf520a7fd5d85
PEiD: -
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramte...F7F500BBBB980C

Файл avz00006.dta получен 2008.03.02 10:57:20 (CET)
C:\WINDOWS\explorer.exe:crawler1.jpg:$DATA

Код:

AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.02.29	-
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.01	-
AVG	7.5.0.516	2008.03.01	-
BitDefender	7.2	2008.03.02	-
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	0.92.1	2008.03.01	-
DrWeb	4.44.0.09170	2008.03.01	-
eSafe	7.0.15.0	2008.02.28	suspicious Trojan/Worm
eTrust-Vet	31.3.5574	2008.02.29	-
Ewido	4.0	2008.03.02	-
FileAdvisor	1	2008.03.02	-
Fortinet	3.14.0.0	2008.03.02	-
F-Prot	4.4.2.54	2008.03.01	-
F-Secure	6.70.13260.0	2008.03.01	-
Ikarus	T3.1.1.20	2008.03.02	-
Kaspersky	7.0.0.125	2008.03.02	-
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.02	-
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.01	Suspicious file
Prevx1	V2	2008.03.02	Heuristic: Suspicious File With Mass Email Capabilities
Rising	20.33.52.00	2008.03.01	-
Sophos	4.27.0	2008.03.02	-
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.02	-
TheHacker	6.2.92.231	2008.03.02	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.03.02	-
Webwasher-Gateway	6.6.2	2008.03.02	-

File size: 96256 bytes
MD5: c9262818fe4434d000747266303a3c74
SHA1: 6272819b4a1c6044c33091ac449e5c80170af1d4
PEiD: -
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramte...80750081EE0D07

Добавлено через 7 часов 19 минут

C:\Program Files\NetProject\sbmntr.exe

Файл avz00002.dta получен 2008.03.02 18:24:40 (CET)

Код:

AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.03.02	-
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.02	Win32:Zlob-AGV
AVG	7.5.0.516	2008.03.01	-
BitDefender	7.2	2008.03.02	-
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	0.92.1	2008.03.02	-
DrWeb	4.44.0.09170	2008.03.02	-
eSafe	7.0.15.0	2008.02.28	suspicious Trojan/Worm
eTrust-Vet	31.3.5574	2008.02.29	Win32/Crushpy!generic
Ewido	4.0	2008.03.02	-
FileAdvisor	1	2008.03.02	-
Fortinet	3.14.0.0	2008.03.02	-
F-Prot	4.4.2.54	2008.03.01	-
F-Secure	6.70.13260.0	2008.03.01	-
Ikarus	T3.1.1.20	2008.03.02	Trojan.Zlob.2
Kaspersky	7.0.0.125	2008.03.02	-
McAfee	5242	2008.02.29	Puper
Microsoft	1.3301	2008.03.02	TrojanDownloader:Win32/Zlob.gen!AS
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.02	Suspicious file
Prevx1	V2	2008.03.02	Trojan.Popuper
Rising	20.33.62.00	2008.03.02	-
Sophos	4.27.0	2008.03.02	-
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.02	-
TheHacker	6.2.92.231	2008.03.02	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.03.02	Trojan.DL.Zlob.Gen.34
Webwasher-Gateway	6.6.2	2008.03.02	-

File size: 19456 bytes
MD5: 786195fe521229ee428856017b63aaf3
SHA1: cf3bcc4e2e6b8dc9300d4fed5018b6ec9b69442f
PEiD: UPX 2.93 - 3.00 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers: UPX
packers: embedded, UPX_LZMA
Prevx info: http://info.prevx.com/aboutprogramte...B03000C9A1649B

C:\Program Files\NetProject\sbsm.exe
Файл avz00003.dta получен 2008.03.02 18:24:45 (CET)

Код:

AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.03.02	-
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.02	Win32:Zlob-AGV
AVG	7.5.0.516	2008.03.01	Downloader.Zlob.AAH
BitDefender	7.2	2008.03.02	-
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	0.92.1	2008.03.02	-
DrWeb	4.44.0.09170	2008.03.02	-
eSafe	7.0.15.0	2008.02.28	-
eTrust-Vet	31.3.5574	2008.02.29	Win32/Crushpy!generic
Ewido	4.0	2008.03.02	-
FileAdvisor	1	2008.03.02	-
Fortinet	3.14.0.0	2008.03.02	-
F-Prot	4.4.2.54	2008.03.01	W32/Nilage.gen!GSA
F-Secure	6.70.13260.0	2008.03.01	-
Ikarus	T3.1.1.20	2008.03.02	Virus.Win32.Zlob.AGV
Kaspersky	7.0.0.125	2008.03.02	-
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.02	TrojanDownloader:Win32/Zlob.gen!AU
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.02	-
Prevx1	V2	2008.03.02	Downloader.Zlob.AAH
Rising	20.33.62.00	2008.03.02	-
Sophos	4.27.0	2008.03.02	-
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.02	-
TheHacker	6.2.92.231	2008.03.02	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.03.02	Trojan.DL.Zlob.Gen.34
Webwasher-Gateway	6.6.2	2008.03.02	-

File size: 7168 bytes
MD5: d5080c753fc432c953253fdf177c47f1
SHA1: 348838430ec86c187d75c12341d5afe36fa9bcb3
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...EF4E003AAA3D50

C:\Program Files\Helper\1204389949.dll
Файл avz00004.dta получен 2008.03.02 18:24:50 (CET)

Код:

AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.03.02	TR/Downloader.Gen
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.02	-
AVG	7.5.0.516	2008.03.01	-
BitDefender	7.2	2008.03.02	Trojan.Downloader.Zlob.ABMP
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	0.92.1	2008.03.02	-
DrWeb	4.44.0.09170	2008.03.02	-
eSafe	7.0.15.0	2008.02.28	suspicious Trojan/Worm
eTrust-Vet	31.3.5574	2008.02.29	-
Ewido	4.0	2008.03.02	-
FileAdvisor	1	2008.03.02	-
Fortinet	3.14.0.0	2008.03.02	-
F-Prot	4.4.2.54	2008.03.01	-
F-Secure	6.70.13260.0	2008.03.01	-
Ikarus	T3.1.1.20	2008.03.02	Trojan-Downloader
Kaspersky	7.0.0.125	2008.03.02	-
McAfee	5242	2008.02.29	Puper.dll
Microsoft	1.3301	2008.03.02	BrowserModifier:Win32/E404
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.02	-
Prevx1	V2	2008.03.02	TROJAN.DA.DLL
Rising	20.33.62.00	2008.03.02	-
Sophos	4.27.0	2008.03.02	-
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.02	-
TheHacker	6.2.92.231	2008.03.02	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.03.02	-
Webwasher-Gateway	6.6.2	2008.03.02	Trojan.Downloader.Gen

File size: 12800 bytes
MD5: 49046bfdf2d145519da86272dacb31c6
SHA1: 6b4d637f63dce4e558cb2b967626bdeff1d3b2af
PEiD: -
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramte...A8C5003F2C68D3

**drongo** · 03.03.2008, 16:57

t=18497

Код:

 File avz00019.dta received on 03.03.2008 14:47:37 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 14/32 (43.75%)

Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2008.2.29.1	2008.03.03	Dropper/Downloader.23552.AB
AntiVir	7.6.0.73	2008.03.03	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.03.02	-
Avast	4.7.1098.0	2008.03.02	Win32:Delf-IFY
AVG	7.5.0.516	2008.03.03	Win32/PolyCrypt
BitDefender	7.2	2008.03.03	Packer.Malware.FriCryptor.B
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	0.92.1	2008.03.03	-
DrWeb	4.44.0.09170	2008.03.03	-
eSafe	7.0.15.0	2008.02.28	Suspicious File
eTrust-Vet	31.3.5582	2008.03.03	-
Ewido	4.0	2008.03.03	-
FileAdvisor	1	2008.03.03	-
Fortinet	3.14.0.0	2008.03.03	-
F-Prot	4.4.2.54	2008.03.02	W32/Dropper.ITS
F-Secure	6.70.13260.0	2008.03.03	PolyCrypt.F
Ikarus	T3.1.1.20	2008.03.03	Trojan.Win32.Pakes.bod
Kaspersky	7.0.0.125	2008.03.03	Heur.Trojan.Generic
McAfee	5242	2008.02.29	New Malware.cn
Microsoft	1.3301	2008.03.03	-
NOD32v2	2917	2008.03.03	-
Norman	5.80.02	2008.02.29	PolyCrypt.F
Panda	9.0.0.4	2008.03.02	-
Prevx1	V2	2008.03.03	-
Rising	20.34.02.00	2008.03.03	-
Sophos	4.27.0	2008.03.03	Mal/Basine-C
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.03	-
TheHacker	6.2.92.231	2008.03.02	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.03.02	-
Webwasher-Gateway	6.6.2	2008.03.03	Trojan.Crypt.XPACK.Gen
Additional information
File size: 23552 bytes
MD5: 7b1e68660309bb255ad7f0dbc29a70b5
SHA1: 281ada06492035a47c36bc74fd8cb7363de4a3cd
PEiD: -

XL · 03.03.2008, 19:41

Желатин новой волны

Файл e-card.rar получен 2008.03.03 17:28:20 (CET)

AhnLab-V3 2008.2.29.1 2008.03.03 -
AntiVir 7.6.0.73 2008.03.03 Worm/Zhelatin.pc
Authentium 4.93.8 2008.03.02 -
Avast 4.7.1098.0 2008.03.02 -
AVG 7.5.0.516 2008.03.03 I-Worm/Nuwar.N
BitDefender 7.2 2008.03.03 Trojan.Peed.IWV
CAT-QuickHeal 9.50 2008.03.01 Win32.Email-Worm.Zhelatin.vg
ClamAV 0.92.1 2008.03.03 Trojan.Peed-130
DrWeb 4.44.0.09170 2008.03.03 Trojan.Packed.357
eSafe 7.0.15.0 2008.02.28 Suspicious File
eTrust-Vet 31.3.5582 2008.03.03 -
Ewido 4.0 2008.03.03 -
FileAdvisor 1 2008.03.03 -
Fortinet 3.14.0.0 2008.03.03 W32/PackTibs.M
F-Prot 4.4.2.54 2008.03.02 W32/Zhelatin.F.gen!Eldorado
F-Secure 6.70.13260.0 2008.03.03 Email-Worm.Win32.Zhelatin.vg
Ikarus T3.1.1.20 2008.03.03 Trojan.Peed.IWV
Kaspersky 7.0.0.125 2008.03.03 Email-Worm.Win32.Zhelatin.vg
McAfee 5242 2008.02.29 W32/Nuwar@MM
Microsoft 1.3301 2008.03.03 TrojanDropper:Win32/Nuwar.gen!B
NOD32v2 2917 2008.03.03 probably a variant of Win32/Nuwar.Gen
Norman 5.80.02 2008.02.29 -
Panda 9.0.0.4 2008.03.02 -
Prevx1 V2 2008.03.03 -
Rising 20.34.02.00 2008.03.03 Worm.Mail.Win32.Zhelatin.wqu
Sophos 4.27.0 2008.03.03 W32/Dorf-AX
Sunbelt 3.0.906.0 2008.02.28 -
TheHacker 6.2.92.231 2008.03.02 -
VBA32 3.12.6.2 2008.02.27 Email-Worm.Win32.Zhelatin.vg
VirusBuster 4.3.26:9 2008.03.03 Worm.DR.Zhelatin.Gen.4
Webwasher-Gateway 6.6.2 2008.03.03 Worm.Zhelatin.pc
Дополнительная информация
File size: 112204 bytes
MD5: 2da17496133f43e5d8255becbed11520
SHA1: 75791e54fff722d17366d3ce09e51a89ada06254

**ALEX(XX)** · 04.03.2008, 10:53

File kgxpltsrh_xplore_keygen.exe received on 03.04.2008 08:42:07 (CET)

Код:

Antivirus    Version    Last Update    Result
AhnLab-V3    2008.3.4.0    2008.03.03    -
AntiVir    7.6.0.73    2008.03.04    Worm/SdBot.21176.1
Authentium    4.93.8    2008.03.04    -
Avast    4.7.1098.0    2008.03.04    Win32:SdBot-5210
AVG    7.5.0.516    2008.03.03    IRC/BackDoor.SdBot3.BHV
BitDefender    7.2    2008.03.03    Win32.Worm.Sdbot.AS
CAT-QuickHeal    9.50    2008.03.03    (Suspicious) - DNAScan
ClamAV    0.92.1    2008.03.04    -
DrWeb    4.44.0.09170    2008.03.04    -
eSafe    7.0.15.0    2008.02.28    Suspicious File
eTrust-Vet    31.3.5585    2008.03.04    -
Ewido    4.0    2008.03.03    -
FileAdvisor    1    2008.03.04    -
Fortinet    3.14.0.0    2008.03.04    W32/SDBot.AS!worm
F-Prot    4.4.2.54    2008.03.03    W32/Heuristic-162!Eldorado
F-Secure    6.70.13260.0    2008.03.04    W32/SDBot.BIDF
Ikarus    T3.1.1.20    2008.03.04    P2P-Worm.Win32.SpyBot.gl
Kaspersky    7.0.0.125    2008.03.04    -
McAfee    5243    2008.03.03    W32/Sdbot.worm.gen.as
Microsoft    1.3301    2008.03.03    -
NOD32v2    2919    2008.03.04    -
Norman    5.80.02    2008.03.03    W32/SDBot.BIDF
Panda    9.0.0.4    2008.03.03    W32/Sdbot.LAR.worm
Prevx1    V2    2008.03.04    Generic.Malware
Rising    20.34.10.00    2008.03.04    -
Sophos    4.27.0    2008.03.04    Mal/Generic-A
Sunbelt    3.0.906.0    2008.02.28    -
Symantec    10    2008.03.04    -
TheHacker    6.2.92.232    2008.03.04    W32/SdBot.worm.gen
VBA32    3.12.6.2    2008.02.27    -
VirusBuster    4.3.26:9    2008.03.03    -
Webwasher-Gateway    6.6.2    2008.03.04    Worm.SdBot.21176.1

Additional informationFile size: 21176 bytesMD5: 5c7080f7cd3668801c44f677ca9f0621SHA1: fad19e7f07e3ba825d7014c7fa7ef3526aba8872PEiD: PECompact 2.xx (Slim Loader) --> BitSum Technologiespackers: PecBundle, PECompactpackers: PE_Patch.PECompact, PecBundle, PECompactPrevx info: http://info.prevx.com/aboutprogramte...C301006020C823

**rubin** · 04.03.2008, 15:03

mssrv32.exe

Код:

AhnLab-V3	2008.3.4.0	2008.03.04	-
AntiVir	7.6.0.73	2008.03.04	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.03.04	-
Avast	4.7.1098.0	2008.03.04	-
AVG	7.5.0.516	2008.03.03	Flooder.O
BitDefender	7.2	2008.03.04	-
CAT-QuickHeal	9.50	2008.03.03	-
ClamAV	0.92.1	2008.03.04	-
DrWeb	4.44.0.09170	2008.03.04	-
eSafe	7.0.15.0	2008.02.28	Suspicious File
eTrust-Vet	31.3.5585	2008.03.04	-
Ewido	4.0	2008.03.03	-
FileAdvisor	1	2008.03.04	-
Fortinet	3.14.0.0	2008.03.04	-
F-Prot	4.4.2.54	2008.03.03	-
F-Secure	6.70.13260.0	2008.03.04	-
Ikarus	T3.1.1.20	2008.03.04	-
Kaspersky	7.0.0.125	2008.03.04	Heur.Trojan.Generic
McAfee	5243	2008.03.03	-
Microsoft	1.3301	2008.03.03	-
NOD32v2	2920	2008.03.04	-
Norman	5.80.02	2008.03.03	-
Panda	9.0.0.4	2008.03.03	-
Prevx1	V2	2008.03.04	Heuristic: Suspicious Self Modifying EXE
Rising	20.34.12.00	2008.03.04	-
Sophos	4.27.0	2008.03.04	Mal/Basine-C
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.04	-
TheHacker	6.2.92.232	2008.03.04	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.03.03	-
Webwasher-Gateway	6.6.2	2008.03.04	Trojan.Crypt.XPACK.Gen

File size: 15872 bytes
MD5: b7ca5bcaf7ef79981343af80230c965c
SHA1: 1274e0f42b799a2b3d38678fd01de513917d6941
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...791E00A868A12F

**ALEX(XX)** · 04.03.2008, 22:50

File avz00001.dta received on 03.04.2008 20:40:54 (CET)

Код:

Antivirus    Version    Last Update    Result
AhnLab-V3    2008.3.4.0    2008.03.04    -
AntiVir    7.6.0.73    2008.03.04    TR/Dropper.Gen
Authentium    4.93.8    2008.03.04    -
Avast    4.7.1098.0    2008.03.04    -
AVG    7.5.0.516    2008.03.04    -
BitDefender    7.2    2008.03.04    -
CAT-QuickHeal    9.50    2008.03.04    -
ClamAV    0.92.1    2008.03.04    -
DrWeb    4.44.0.09170    2008.03.04    -
eSafe    7.0.15.0    2008.02.28    suspicious Trojan/Worm
eTrust-Vet    31.3.5587    2008.03.04    -
Ewido    4.0    2008.03.04    -
FileAdvisor    1    2008.03.04    -
Fortinet    3.14.0.0    2008.03.04    -
F-Prot    4.4.2.54    2008.03.04    -
F-Secure    6.70.13260.0    2008.03.04    W32/Smalltroj.CVQM
Ikarus    T3.1.1.20    2008.03.04    -
Kaspersky    7.0.0.125    2008.03.04    Trojan-Spy.Win32.Agent.ig
McAfee    5244    2008.03.04    -
Microsoft    1.3301    2008.03.04    -
NOD32v2    2921    2008.03.04    -
Norman    5.80.02    2008.03.04    W32/Smalltroj.CVQM
Panda    9.0.0.4    2008.03.04    -
Prevx1    V2    2008.03.04    Taz
Rising    20.34.12.00    2008.03.04    -
Sophos    4.27.0    2008.03.04    Sus/Dropper-A
Sunbelt    3.0.906.0    2008.02.28    -
Symantec    10    2008.03.04    -
TheHacker    6.2.92.233    2008.03.04    -
VBA32    3.12.6.2    2008.02.27    suspected of Embedded.Trojan.Proxy.2240
VirusBuster    4.3.26:9    2008.03.04    -
Webwasher-Gateway    6.6.2    2008.03.04    Trojan.Dropper.Gen

Additional information
File size: 17408 bytes
MD5: 8c7f5ddbac559e025c1fcb5298535e88
SHA1: fabd90ac6eac34d0700b68fb65036c3cda927dd8
PEiD: -
packers: embedded, UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramte...608E00014A63AF

**Karlson** · 05.03.2008, 09:45

Файл winfshs.exe получен 2008.03.04 15:50:44 (CET)
Текущий статус: закончено
Результат: 13/32 (40.62%)

Код:

АнтивирусВерсияОбновлениеРезультат
AhnLab-V32008.3.4.02008.03.04Win-Trojan/Xema.274944.B
AntiVir7.6.0.732008.03.04-
Authentium4.93.82008.03.02-
Avast4.7.1098.02008.03.02-
AVG7.5.0.5162008.03.04-
BitDefender7.22008.03.04-
CAT-QuickHeal9.502008.03.04-
ClamAV0.92.12008.03.04-
DrWeb4.44.0.091702008.03.04-
eSafe7.0.15.02008.02.28suspiciousTrojan/Worm
e-TrustVet31.3.55822008.03.03-
Ewido4.02008.03.04-
FileAdvisor12008.03.04-
Fortinet3.14.0.02008.03.03HackerTool/Evid
F-Prot4.4.2.542008.03.02-
F-Secure6.70.13260.02008.03.04W32/Malware.BNIW
IkarusT3.1.1.202008.03.04-
Kaspersky7.0.0.1252008.03.04-
McAfee52432008.03.03potentially unwanted program Tool-Evid
Microsoft1.33012008.03.03-
NOD32v229212008.03.04Win32/Tool.EvID4226
Norman5.80.022008.03.04W32/Malware.BNIW
Panda9.0.0.42008.03.02Suspicious file
Prevx1V22008.03.04Win32.Malware.gen
Rising20.34.12.002008.03.04-
Sophos4.27.02008.03.04EvID4226 Installer
Sunbelt3.0.906.02008.02.28-
Symantec102008.03.04Backdoor.Trojan
TheHacker6.2.92.2312008.03.02-
VBA323.12.6.22008.02.27-
VirusBuster4.3.26:92008.03.04RiskWare.DR.TCPIPPatcher.B
Webwasher-Gateway6.6.22008.03.04Riskware.Tool.EvID4226.A

Дополнительная информацияFile size: 45568 bytes
MD5: a5e346828cd93262e9a9b4b874f29b89
SHA1: 4c1ba5e828f99edafcf5130e81020f09919d7fd4
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiserpackers: UPXpackers: UPXpackers: PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramte...DE0100A3785025

**rubin** · 05.03.2008, 23:01

Файл TheBestFebruary.zip получен 2008.03.05 19:35:11 (CET)

Код:

AhnLab-V3	2008.3.4.0	2008.03.05	-
AntiVir	7.6.0.73	2008.03.05	TR/Crypt.CFI.Gen
Authentium	4.93.8	2008.03.04	-
Avast	4.7.1098.0	2008.03.05	-
AVG	7.5.0.516	2008.03.05	Dropper.Joiner.2.AD
BitDefender	7.2	2008.03.05	-
CAT-QuickHeal	9.50	2008.03.05	(Suspicious) - DNAScan
ClamAV	0.92.1	2008.03.05	-
DrWeb	4.44.0.09170	2008.03.05	Trojan.PWS.LDPinch.3118
eSafe	7.0.15.0	2008.02.28	-
eTrust-Vet	31.3.5590	2008.03.05	-
Ewido	4.0	2008.03.05	-
FileAdvisor	1	2008.03.05	-
Fortinet	3.14.0.0	2008.03.05	-
F-Prot	4.4.2.54	2008.03.04	-
F-Secure	6.70.13260.0	2008.03.05	Trojan-PSW.Win32.LdPinch.rfj
Ikarus	T3.1.1.20	2008.03.05	Trojan.Crypt.CFI
Kaspersky	7.0.0.125	2008.03.05	Trojan-PSW.Win32.LdPinch.rfj
McAfee	5245	2008.03.05	-
Microsoft	1.3301	2008.03.05	-
NOD32v2	2923	2008.03.05	-
Norman	5.80.02	2008.03.05	-
Panda	9.0.0.4	2008.03.04	Suspicious file
Prevx1	V2	2008.03.05	-
Rising	20.34.22.00	2008.03.05	-
Sophos	4.27.0	2008.03.05	Sus/UnkPacker
Sunbelt	3.0.930.0	2008.03.05	-
Symantec	10	2008.03.05	-
TheHacker	6.2.92.233	2008.03.04	-
VBA32	3.12.6.2	2008.03.05	-
VirusBuster	4.3.26:9	2008.03.05	-
Webwasher-Gateway	6.6.2	2008.03.05	Trojan.Crypt.CFI.Gen

File size: 475978 bytes
MD5: a1d47f256cadc6bfbc567b67b38ecb79
SHA1: a16235f1e67ff6a4cc45f976332e97e87df12e6a
PEiD: -

Добавлено через 1 час 17 минут

t=19250
Файл avz00001.dta получен 2008.03.05 20:40:49 (CET)

Код:

AhnLab-V3	2008.3.4.0	2008.03.05	-
AntiVir	7.6.0.73	2008.03.05	WORM/Zhelatin.Gen
Authentium	4.93.8	2008.03.04	-
Avast	4.7.1098.0	2008.03.05	-
AVG	7.5.0.516	2008.03.05	I-Worm/Nuwar.N
BitDefender	7.2	2008.03.05	Trojan.Peed.JAN
CAT-QuickHeal	9.50	2008.03.05	Win32.Email-Worm.Zhelatin.uw4
ClamAV	0.92.1	2008.03.05	-
DrWeb	4.44.0.09170	2008.03.05	-
eSafe	7.0.15.0	2008.02.28	Suspicious File
eTrust-Vet	31.3.5590	2008.03.05	-
Ewido	4.0	2008.03.05	-
FileAdvisor	1	2008.03.05	-
Fortinet	3.14.0.0	2008.03.05	-
F-Prot	4.4.2.54	2008.03.04	-
F-Secure	6.70.13260.0	2008.03.05	Tibs.gen136
Ikarus	T3.1.1.20	2008.03.05	Worm.Zhelatin
Kaspersky	7.0.0.125	2008.03.05	Trojan-Downloader.Win32.Tibs.wa
McAfee	5245	2008.03.05	-
Microsoft	1.3301	2008.03.05	Trojan:Win32/Tibs.FS
NOD32v2	2924	2008.03.05	-
Norman	5.80.02	2008.03.05	Tibs.gen136
Panda	9.0.0.4	2008.03.05	-
Prevx1	V2	2008.03.05	-
Rising	20.34.22.00	2008.03.05	-
Sophos	4.27.0	2008.03.05	-
Sunbelt	3.0.930.0	2008.03.05	-
Symantec	10	2008.03.05	-
TheHacker	6.2.92.233	2008.03.04	-
VBA32	3.12.6.2	2008.03.05	-
VirusBuster	4.3.26:9	2008.03.05	Trojan.Tibs.Gen!Pac.G
Webwasher-Gateway	6.6.2	2008.03.05	Worm.Zhelatin.Gen

File size: 13450 bytes
MD5: d8eb97562b628c838eb4336f70c6c51c
SHA1: 8e63e57d7780754b90a476c99156a3ba74ed937d
PEiD: -

Файл avz00016.dta получен 2008.03.05 20:54:37 (CET)

Код:

AhnLab-V3	2008.3.4.0	2008.03.05	-
AntiVir	7.6.0.73	2008.03.05	-
Authentium	4.93.8	2008.03.04	-
Avast	4.7.1098.0	2008.03.05	-
AVG	7.5.0.516	2008.03.05	-
BitDefender	7.2	2008.03.05	-
CAT-QuickHeal	9.50	2008.03.05	-
ClamAV	0.92.1	2008.03.05	-
DrWeb	4.44.0.09170	2008.03.05	-
eSafe	7.0.15.0	2008.02.28	-
eTrust-Vet	31.3.5590	2008.03.05	Win32/Pripecs!generic
Ewido	4.0	2008.03.05	-
FileAdvisor	1	2008.03.05	-
Fortinet	3.14.0.0	2008.03.05	-
F-Prot	4.4.2.54	2008.03.04	W32/FakeAlert.E.gen!Eldorado
F-Secure	6.70.13260.0	2008.03.05	-
Ikarus	T3.1.1.20	2008.03.05	Virus.Win32.Agent.LTS
Kaspersky	7.0.0.125	2008.03.05	-
McAfee	5245	2008.03.05	-
Microsoft	1.3301	2008.03.05	-
NOD32v2	2923	2008.03.05	-
Norman	5.80.02	2008.03.05	-
Panda	9.0.0.4	2008.03.05	-
Prevx1	V2	2008.03.05	-
Rising	20.34.22.00	2008.03.05	-
Sophos	4.27.0	2008.03.05	-
Sunbelt	3.0.930.0	2008.03.05	-
Symantec	10	2008.03.05	-
TheHacker	6.2.92.233	2008.03.04	-
VBA32	3.12.6.2	2008.03.05	suspected of Downloader.Zlob.7
VirusBuster	4.3.26:9	2008.03.05	-
Webwasher-Gateway	6.6.2	2008.03.05	-

File size: 266240 bytes
MD5: 81e82a1a255628b9454143403f45f302
SHA1: 44156be097de5dbfdb311cfae6ffb3406d99d61f
PEiD: -

**pig** · 07.03.2008, 11:22

AVZ выдала подозрение на Brontok.

Файл avz00001.dta получен 2008.03.07 08:57:12 (CET)
Результат: 11/32 (34.38%)

Код:

Антивирус         Версия       Обновление Результат 
AhnLab-V3         2008.3.4.0   2008.03.07 Win32/Rontokbro.worm.81920
AntiVir           7.6.0.73     2008.03.07 TR/Crypt.CFI.Gen
Authentium        4.93.8       2008.03.07 -
Avast             4.7.1098.0   2008.03.06 Win32:Brontok
AVG               7.5.0.516    2008.03.06 I-Worm/Brontok.A
BitDefender       7.2          2008.03.07 Win32.Brontok.AP@mm
CAT-QuickHeal     9.50         2008.03.06 -
ClamAV            0.92.1       2008.03.07 Worm.Brontok.B
DrWeb             4.44.0.09170 2008.03.07 -
eSafe             7.0.15.0     2008.03.06 -
eTrust-Vet        31.3.5593    2008.03.06 -
Ewido             4.0          2008.03.06 Worm.Brontok.a
FileAdvisor       1            2008.03.07 -
Fortinet          3.14.0.0     2008.03.07 -
F-Prot            4.4.2.54     2008.03.07 W32/Brontok.C.gen!Eldorado
F-Secure          6.70.13260.0 2008.03.07 -
Ikarus            T3.1.1.20    2008.03.07 Email-Worm.Win32.Brontok.N
Kaspersky         7.0.0.125    2008.03.07 -
McAfee            5246         2008.03.06 -
Microsoft         1.3301       2008.03.06 -
NOD32v2           2928         2008.03.06 -
Norman            5.80.02      2008.03.06 -
Panda             9.0.0.4      2008.03.06 -
Prevx1            V2           2008.03.07 -
Rising            20.34.32.00  2008.03.06 Worm.Win32.Agent.yxh
Sophos            4.27.0       2008.03.07 -
Sunbelt           3.0.930.0    2008.03.05 -
Symantec          10           2008.03.07 -
TheHacker         6.2.92.235   2008.03.07 -
VBA32             3.12.6.2     2008.03.05 -
VirusBuster       4.3.26:9     2008.03.06 -
Webwasher-Gateway 6.6.2        2008.03.07 Trojan.Crypt.CFI.Gen

File size: 81920 bytes
MD5: 22ba17311630376b665361fdc93e9c52
SHA1: f6d27a594dff04a29f48dcab88573e9ec30d7a34
PEiD: -

P.S.

Код:

Файл сохранён как 080307_022500_virusinfo_cure_47d0fbdc3e8be.zip
Размер файла 149162
MD5 e563f379b8b783b012b6cd4817fe31e5

P.P.S. Ответ из вирус-лаба Dr.Web:

Ваш запрос был проанализирован. Это был разрушенный файл.

Ответ из вирлаба ЛК:

csrss.exe_ - Email-Worm.Win32.Brontok.bp

**rubin** · 07.03.2008, 22:19

t=19369

ntos.exe
Файл avz00001.dta получен 2008.03.07 20:10:39 (CET)

Код:

AhnLab-V3	2008.3.4.0	2008.03.07	-
AntiVir	7.6.0.73	2008.03.07	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.03.07	-
Avast	4.7.1098.0	2008.03.07	-
AVG	7.5.0.516	2008.03.07	-
BitDefender	7.2	2008.03.07	Trojan.Loader.J
CAT-QuickHeal	9.50	2008.03.07	-
ClamAV	0.92.1	2008.03.07	-
DrWeb	4.44.0.09170	2008.03.07	-
eSafe	7.0.15.0	2008.03.06	-
eTrust-Vet	31.3.5595	2008.03.07	-
Ewido	4.0	2008.03.07	-
FileAdvisor	1	2008.03.07	-
Fortinet	3.14.0.0	2008.03.07	-
F-Prot	4.4.2.54	2008.03.07	-
F-Secure	6.70.13260.0	2008.03.07	Suspicious:W32/Malware!Gemini
Ikarus	T3.1.1.20	2008.03.07	Trojan-Spy.Win32.Zbot.aft
Kaspersky	7.0.0.125	2008.03.07	-
McAfee	5247	2008.03.07	-
Microsoft	1.3301	2008.03.07	TrojanDownloader:Win32/Agent
NOD32v2	2930	2008.03.07	Win32/Spy.Agent.NFJ
Norman	5.80.02	2008.03.07	-
Panda	9.0.0.4	2008.03.06	Suspicious file
Prevx1	V2	2008.03.07	-
Rising	20.34.42.00	2008.03.07	-
Sophos	4.27.0	2008.03.07	-
Sunbelt	3.0.930.0	2008.03.05	-
TheHacker	6.2.92.236	2008.03.07	-
VBA32	3.12.6.2	2008.03.05	-
VirusBuster	4.3.26:9	2008.03.07	-
Webwasher-Gateway	6.6.2	2008.03.07	Trojan.Crypt.XPACK.Gen

base*.dll
Файл avz00004.dta получен 2008.03.07 20:10:40 (CET)

Код:

AhnLab-V3	2008.3.4.0	2008.03.07	-
AntiVir	7.6.0.73	2008.03.07	HEUR/Crypted
Authentium	4.93.8	2008.03.07	-
Avast	4.7.1098.0	2008.03.07	-
AVG	7.5.0.516	2008.03.07	-
BitDefender	7.2	2008.03.07	Trojan.Agent.AGKK
CAT-QuickHeal	9.50	2008.03.07	-
ClamAV	0.92.1	2008.03.07	-
DrWeb	4.44.0.09170	2008.03.07	-
eSafe	7.0.15.0	2008.03.06	-
eTrust-Vet	31.3.5595	2008.03.07	-
Ewido	4.0	2008.03.07	-
FileAdvisor	1	2008.03.07	-
Fortinet	3.14.0.0	2008.03.07	-
F-Prot	4.4.2.54	2008.03.07	-
F-Secure	6.70.13260.0	2008.03.07	-
Ikarus	T3.1.1.20	2008.03.07	-
Kaspersky	7.0.0.125	2008.03.07	-
McAfee	5247	2008.03.07	-
Microsoft	1.3301	2008.03.07	-
NOD32v2	2930	2008.03.07	-
Norman	5.80.02	2008.03.07	-
Panda	9.0.0.4	2008.03.06	Suspicious file
Prevx1	V2	2008.03.07	Generic.Malware
Rising	20.34.42.00	2008.03.07	-
Sophos	4.27.0	2008.03.07	-
Sunbelt	3.0.930.0	2008.03.05	-
TheHacker	6.2.92.236	2008.03.07	-
VBA32	3.12.6.2	2008.03.05	-
VirusBuster	4.3.26:9	2008.03.07	Trojan.DL.BServ.Gen
Webwasher-Gateway	6.6.2	2008.03.07	Heuristic.Crypted

File size: 24576 bytes
MD5: 73d9aebc5d241ba04fc5ffbac27cc365
SHA1: ddd1ed6f52ea9181217d4084a3e504cd3c794bbb
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...827A0054134F9C

**Karlson** · 10.03.2008, 12:38

Файл Install_exe.vir получен 2008.03.10 09:33:21 (CET)

Текущий статус: Загрузка ... закончено

Результат: 11/32 (34.38%)

Код:

Антивирус Версия Обновление Результат
AhnLab-V3 2008.3.4.0 2008.03.07 -
AntiVir 7.6.0.73 2008.03.10 TR/Crypt.XDR.Gen
Authentium 4.93.8 2008.03.07 -
Avast 4.7.1098.0 2008.03.09 Win32:LdPinch-BMA
AVG 7.5.0.516 2008.03.09 -
BitDefender 7.2 2008.03.10 Trojan.Peed.Gen
CAT-QuickHeal 9.50 2008.03.08 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.03.09 -
DrWeb 4.44.0.09170 2008.03.10 -
eSafe 7.0.15.0 2008.03.09 -
eTrust-Vet 31.3.5597 2008.03.07 -
Ewido 4.0 2008.03.09 -
FileAdvisor 1 2008.03.10 -
Fortinet 3.14.0.0 2008.03.10 W32/LdPinch.FVA!tr.pws
F-Prot 4.4.2.54 2008.03.09 -
F-Secure 6.70.13260.0 2008.03.10 Trojan-PSW.Win32.LdPinch.fva
Ikarus T3.1.1.20 2008.03.10 Virus.Win32.LdPinch.BMA
Kaspersky 7.0.0.125 2008.03.10 Trojan-PSW.Win32.LdPinch.fva
McAfee 5247 2008.03.07 -
Microsoft 1.3301 2008.03.07 -
NOD32v2 2933 2008.03.10 -
Norman 5.80.02 2008.03.07 -
Panda 9.0.0.4 2008.03.09 Suspicious file
Prevx1 V2 2008.03.10 -
Rising 20.35.00.00 2008.03.10 -
Sophos 4.27.0 2008.03.10 -
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.10 -
TheHacker 6.2.92.239 2008.03.09 -
VBA32 3.12.6.2 2008.03.05 MalwareScope.Trojan-PSW.Pinch.1
VirusBuster 4.3.26:9 2008.03.09 -
Webwasher-Gateway 6.6.2 2008.03.10 Trojan.Crypt.XDR.Gen

Дополнительная информация
File size: 44032 bytes
MD5: c43b2a91048e8bec446ae274077ff7e7
SHA1: d2831dc30541f06db92115fe3b9223edcf7a6808
PEiD: -

Добавлено через 24 минуты

отковырял при помощи IceSword, другими средствами не смог.
Файл 001.001 получен 2008.03.10 10:14:15 (CET)
Текущий статус: ка закончено
Результат: 8/32 (25%)

Код:

Антивирус   Версия Обновление Результат 
AhnLab-V3   2008.3.4.0 2008.03.07 - 
AntiVir 7.6.0.73  2008.03.10 TR/Drop.Agent.NBG 
Authentium 4.93.8  2008.03.07 - 
Avast 4.7.1098.0  2008.03.09 - 
AVG 7.5.0.516   2008.03.09 BackDoor.Ntrootkit.AC 
BitDefender 7.2  2008.03.10 - 
CAT-QuickHeal 9.50  2008.03.08 - 
ClamAV 0.92.1   2008.03.10 - 
DrWeb 4.44.0.09170  2008.03.10 - 
eSafe 7.0.15.0   2008.03.09 - 
eTrust-Vet 31.3.5597  2008.03.07 - 
Ewido 4.0   2008.03.09 - 
FileAdvisor 1   2008.03.10 - 
Fortinet 3.14.0.0  2008.03.10 - 
F-Prot 4.4.2.54  2008.03.09 - 
F-Secure 6.70.13260.0  2008.03.10 - 
Ikarus T3.1.1.20  2008.03.10 - 
Kaspersky 7.0.0.125  2008.03.10 - 
McAfee 5247   2008.03.07 - 
Microsoft 1.3301  2008.03.07 VirTool:WinNT/Cutwail.F 
NOD32v2 2933   2008.03.10 probably a variant of Win32/Wigon 
Norman 5.80.02   2008.03.07 - 
Panda 9.0.0.4   2008.03.09 - 
Prevx1 V2   2008.03.10 - 
Rising 20.35.00.00  2008.03.10 Trojan.Win32.Undef.dqm 
Sophos 4.27.0   2008.03.10 Mal/Generic-A 
Sunbelt 3.0.930.0  2008.03.05 - 
Symantec 10   2008.03.10 Trojan.Pandex 
TheHacker 6.2.92.239  2008.03.09 - 
VBA32 3.12.6.2   2008.03.05 - 
VirusBuster 4.3.26:9  2008.03.09 - 
Webwasher-Gateway 6.6.2 2008.03.10 Trojan.Drop.Agent.NBG

Дополнительная информация
File size: 26496 bytes
MD5: ad872a3dbeb7265cd3145292a4d8829c
SHA1: 950d2cee6d5f2159436d93ac8f50e7147c010cfe
PEiD: -

Добавлено через 5 минут

сплошные подозрения..

Файл winfshs.exe получен 2008.03.10 10

51 (CET)
Текущий статус: закончено
Результат: 15/32 (46.88%)

Код:

Результат: 15/32 (46.88%)
Антивирус Версия Обновление Результат 
AhnLab-V3 2008.3.4.0 2008.03.07 Win-Trojan/Xema.274944.B 
AntiVir 7.6.0.73 2008.03.10 APPL/Tool.EvID4226.A 
Authentium 4.93.8 2008.03.07 - 
Avast 4.7.1098.0 2008.03.09 Win32:Trojan-gen {UPX} 
AVG 7.5.0.516 2008.03.09 - 
BitDefender 7.2 2008.03.10 - 
CAT-QuickHeal 9.50 2008.03.08 - 
ClamAV 0.92.1 2008.03.10 - 
DrWeb 4.44.0.09170 2008.03.10 - 
eSafe 7.0.15.0 2008.03.09 suspicious Trojan/Worm 
eTrust-Vet 31.3.5597 2008.03.07 - 
Ewido 4.0 2008.03.09 - 
FileAdvisor 1 2008.03.10 - 
Fortinet 3.14.0.0 2008.03.10 HackerTool/Evid 
F-Prot 4.4.2.54 2008.03.09 - 
F-Secure 6.70.13260.0 2008.03.10 W32/Malware.BNIW 
Ikarus T3.1.1.20 2008.03.10 - 
Kaspersky 7.0.0.125 2008.03.10 - 
McAfee 5247 2008.03.07 potentially unwanted program Tool-Evid 
Microsoft 1.3301 2008.03.07 - 
NOD32v2 2933 2008.03.10 Win32/Tool.EvID4226 
Norman 5.80.02 2008.03.07 W32/Malware.BNIW 
Panda 9.0.0.4 2008.03.09 Suspicious file 
Prevx1 V2 2008.03.10 Win32.Malware.gen 
Rising 20.35.00.00 2008.03.10 - 
Sophos 4.27.0 2008.03.10 EvID4226 Installer 
Sunbelt 3.0.930.0 2008.03.05 - 
Symantec 10 2008.03.10 Backdoor.Trojan 
TheHacker 6.2.92.239 2008.03.09 - 
VBA32 3.12.6.2 2008.03.05 - 
VirusBuster 4.3.26:9 2008.03.09 RiskWare.DR.TCPIPPatcher.B 
Webwasher-Gateway 6.6.2 2008.03.10 Riskware.Tool.EvID4226.A

Дополнительная информация
File size: 45568 bytes
MD5: a5e346828cd93262e9a9b4b874f29b89
SHA1: 4c1ba5e828f99edafcf5130e81020f09919d7fd4
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramte...DE0100A3785025

**Биомеханик** · 10.03.2008, 14:54

http://www.virustotal.com/analisis/8...1d02154468bea9

Код:

AhnLab-V3 2008.3.4.0 2008.03.10 - 
AntiVir 7.6.0.73 2008.03.10 - 
Authentium 4.93.8 2008.03.07 - 
Avast 4.7.1098.0 2008.03.09 - 
AVG 7.5.0.516 2008.03.09 - 
BitDefender 7.2 2008.03.10 - 
CAT-QuickHeal 9.50 2008.03.08 (Suspicious) - DNAScan 
ClamAV 0.92.1 2008.03.10 PUA.Packed.UPack-2 
eSafe 7.0.15.0 2008.03.09 Suspicious File 
eTrust-Vet 31.3.5597 2008.03.07 - 
Ewido 4.0 2008.03.09 - 
FileAdvisor 1 2008.03.10 - 
Fortinet 3.14.0.0 2008.03.10 - 
F-Prot 4.4.2.54 2008.03.09 W32/Heuristic-162!Eldorado 
F-Secure 6.70.13260.0 2008.03.10 - 
Ikarus T3.1.1.20 2008.03.10 Trojan-Downloader.Win32.Zlob.and 
Kaspersky 7.0.0.125 2008.03.10 - 
McAfee 5247 2008.03.07 - 
Microsoft 1.3301 2008.03.07 - 
NOD32v2 2934 2008.03.10 - 
Norman 5.80.02 2008.03.07 - 
Panda 9.0.0.4 2008.03.09 Suspicious file 
Prevx1 V2 2008.03.10 - 
Rising 20.35.02.00 2008.03.10 - 
Sophos 4.27.0 2008.03.10 Mal/Packer 
Sunbelt 3.0.930.0 2008.03.05 VIPRE.Suspicious 
Symantec 10 2008.03.10 - 
TheHacker 6.2.92.239 2008.03.09 W32/Behav-Heuristic-060 
VBA32 3.12.6.2 2008.03.05 - 
VirusBuster 4.3.26:9 2008.03.09 Packed/Upack 
Webwasher-Gateway 6.6.2 2008.03.10 Win32.Malware.gen (suspicious)

http://www.virustotal.com/analisis/b...daf9e760f8ff38

Код:

AhnLab-V3 2008.3.4.0 2008.03.10 - 
AntiVir 7.6.0.73 2008.03.10 - 
Authentium 4.93.8 2008.03.07 - 
Avast 4.7.1098.0 2008.03.09 - 
AVG 7.5.0.516 2008.03.09 - 
BitDefender 7.2 2008.03.10 - 
CAT-QuickHeal 9.50 2008.03.08 (Suspicious) - DNAScan 
ClamAV 0.92.1 2008.03.10 PUA.Packed.UPack-2 
DrWeb 4.44.0.09170 2008.03.10 - 
eTrust-Vet 31.3.5597 2008.03.07 - 
Ewido 4.0 2008.03.09 - 
FileAdvisor 1 2008.03.10 - 
Fortinet 3.14.0.0 2008.03.10 - 
F-Prot 4.4.2.54 2008.03.09 W32/Heuristic-162!Eldorado 
F-Secure 6.70.13260.0 2008.03.10 - 
Ikarus T3.1.1.20 2008.03.10 - 
Kaspersky 7.0.0.125 2008.03.10 - 
McAfee 5247 2008.03.07 New Malware.aj 
Microsoft 1.3301 2008.03.07 - 
NOD32v2 2934 2008.03.10 - 
Norman 5.80.02 2008.03.07 - 
Panda 9.0.0.4 2008.03.09 Suspicious file 
Prevx1 V2 2008.03.10 - 
Rising 20.35.02.00 2008.03.10 - 
Sophos 4.27.0 2008.03.10 Mal/Heuri-D 
Sunbelt 3.0.930.0 2008.03.05 VIPRE.Suspicious 
Symantec 10 2008.03.10 - 
TheHacker 6.2.92.239 2008.03.09 W32/Behav-Heuristic-060 
VBA32 3.12.6.2 2008.03.05 - 
VirusBuster 4.3.26:9 2008.03.09 Packed/Upack 
Webwasher-Gateway 6.6.2 2008.03.10 Win32.Malware.gen (suspicious)

**Karlson** · 12.03.2008, 10:02

setupapi.dll в папке IE

Файл avz00001.dta получен 2008.03.12 00:16:40 (CET)
Текущий статус: закончено
Результат: 7/32 (21.88%)

Код:

Антивирус Версия Обновление Результат 
AhnLab-V3 2008.3.12.0 2008.03.11 - 
AntiVir 7.6.0.73 2008.03.11 TR/Crypt.XPACK.Gen 
Authentium 4.93.8 2008.03.11 - 
Avast 4.7.1098.0 2008.03.11 Win32:Trojan-gen {Other} 
AVG 7.5.0.516 2008.03.11 Dropper.Delf.ABC 
BitDefender 7.2 2008.03.11 - 
CAT-QuickHeal 9.50 2008.03.10 - 
ClamAV 0.92.1 2008.03.11 - 
DrWeb 4.44.0.09170 2008.03.11 Trojan.Proxy.2240 
eSafe 7.0.15.0 2008.03.09 - 
eTrust-Vet 31.3.5607 2008.03.11 - 
Ewido 4.0 2008.03.11 Downloader.Small.fah 
FileAdvisor 1 2008.03.12 - 
Fortinet 3.14.0.0 2008.03.11 - 
F-Prot 4.4.2.54 2008.03.11 - 
F-Secure 6.70.13260.0 2008.03.11 - 
Ikarus T3.1.1.20 2008.03.11 - 
Kaspersky 7.0.0.125 2008.03.11 - 
McAfee 5249 2008.03.11 - 
Microsoft 1.3301 2008.03.10 - 
NOD32v2 2938 2008.03.11 - 
Norman 5.80.02 2008.03.11 - 
Panda 9.0.0.4 2008.03.11 - 
Prevx1 V2 2008.03.12 - 
Rising 20.35.12.00 2008.03.11 - 
Sophos 4.27.0 2008.03.11 - 
Sunbelt 3.0.930.0 2008.03.05 - 
Symantec 10 2008.03.11 - 
TheHacker 6.2.92.241 2008.03.11 - 
VBA32 3.12.6.2 2008.03.05 Trojan-Downloader.Win32.Agent.fny 
VirusBuster 4.3.26:9 2008.03.11 - 
Webwasher-Gateway 6.6.2 2008.03.11 Trojan.Crypt.XPACK.Gen

Дополнительная информация
File size: 22016 bytes
MD5: 27da7393c655677b7ee8348f35a759c0
SHA1: 8b7ad74791defa90c69c677c97d09c62f7b3942c
PEiD: -

**Kuzz** · 12.03.2008, 18:26

Код:

Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3	2008.3.12.0	2008.03.12	-
AntiVir	7.6.0.73	2008.03.12	-
Authentium	4.93.8	2008.03.11	-
Avast	4.7.1098.0	2008.03.11	-
AVG	7.5.0.516	2008.03.12	-
BitDefender	7.2	2008.03.12	-
CAT-QuickHeal	9.50	2008.03.10	(Suspicious) - DNAScan
ClamAV	0.92.1	2008.03.12	-
DrWeb	4.44.0.09170	2008.03.12	-
eSafe	7.0.15.0	2008.03.09	Suspicious File
eTrust-Vet	31.3.5608	2008.03.12	-
Ewido	4.0	2008.03.12	-
FileAdvisor	1	2008.03.12	-
Fortinet	3.14.0.0	2008.03.12	-
F-Prot	4.4.2.54	2008.03.11	-
F-Secure	6.70.13260.0	2008.03.12	Trojan-Downloader.Win32.Agent.lbg
Ikarus	T3.1.1.20	2008.03.12	-
Kaspersky	7.0.0.125	2008.03.12	Trojan-Downloader.Win32.Agent.lbg
McAfee	5249	2008.03.11	-
Microsoft	1.3301	2008.03.12	-
NOD32v2	2941	2008.03.12	-
Norman	5.80.02	2008.03.11	-
Panda	9.0.0.4	2008.03.12	-
Prevx1	V2	2008.03.12	-
Rising	20.35.22.00	2008.03.12	-
Sophos	4.27.0	2008.03.12	-
Sunbelt	3.0.930.0	2008.03.05	-
Symantec	10	2008.03.12	-
TheHacker	6.2.92.243	2008.03.12	-
VBA32	3.12.6.2	2008.03.05	-
VirusBuster	4.3.26:9	2008.03.12	Trojan.DL.Zlob.Gen!Pac.46
Webwasher-Gateway	6.6.2	2008.03.12	-
Дополнительная информация
File size: 62976 bytes
MD5: 44626092824a48ab50c3f7fb9fccfa69
SHA1: d0c908703cf0d039dcdf0f13219c812cf0483881

Исследование антивирусов 6

Опции темы

Похожие темы

Исследование антивирусов 7

Исследование антивирусов 5

Исследование антивирусов 4

Исследование антивирусов 3

Исследование антивирусов 2

Ваши права в разделе