Исследование антивирусов 7

**DefesT** · 24.05.2010, 12:48

Файл mms.jar получен 2010.05.24 08:33:57 (UTC)
Результат: 8/41 (19.52%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.23.00 2010.05.22 -
AntiVir 8.2.1.242 2010.05.23 JAVA/Smmer.5994
Antiy-AVL 2.0.3.7 2010.05.24 Trojan/J2ME.Smmer
Authentium 5.2.0.5 2010.05.23 -
Avast 4.8.1351.0 2010.05.23 -
Avast5 5.0.332.0 2010.05.23 -
AVG 9.0.0.787 2010.05.23 Java/SMS.J
BitDefender 7.2 2010.05.24 -
CAT-QuickHeal 10.00 2010.05.24 -
ClamAV 0.96.0.3-git 2010.05.22 -
Comodo 4930 2010.05.24 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.05.24 Java.SMSSend.177
eSafe 7.0.17.0 2010.05.23 -
eTrust-Vet 35.2.7506 2010.05.24 -
F-Prot 4.6.0.103 2010.05.23 -
F-Secure 9.0.15370.0 2010.05.24 Riskware:Java/SmsSend.Gen!A
Fortinet 4.1.133.0 2010.05.23 -
GData 21 2010.05.24 -
Ikarus T3.1.1.84.0 2010.05.24 Trojan-SMS
Jiangmin 13.0.900 2010.05.22 -
Kaspersky 7.0.0.125 2010.05.24 Trojan-SMS.J2ME.Smmer.a
McAfee 5.400.0.1158 2010.05.24 -
McAfee-GW-Edition 2010.1 2010.05.23 -
Microsoft 1.5802 2010.05.24 -
NOD32 5139 2010.05.23 -
Norman 6.04.12 2010.05.23 -
nProtect 2010-05-23.01 2010.05.23 -
Panda 10.0.2.7 2010.05.23 -
PCTools 7.0.3.5 2010.05.24 -
Prevx 3.0 2010.05.24 -
Rising 22.49.00.03 2010.05.24 -
Sophos 4.53.0 2010.05.24 -
Sunbelt 6346 2010.05.24 -
Symantec 20101.1.0.89 2010.05.24 -
TheHacker 6.5.2.0.286 2010.05.24 -
TrendMicro 9.120.0.1004 2010.05.24 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.24 -
VBA32 3.12.12.5 2010.05.22 -
ViRobot 2010.5.20.2326 2010.05.24 -
VirusBuster 5.0.27.0 2010.05.23 -

Дополнительная информация
File size: 17493 bytes
MD5...: b4c114850d73db941c695b9d35cf4f29
SHA1..: 3b64e52f05f9bcbf51e7bb3366d65d1815cb9319
SHA256: 37dd628f6c9d53181c9002fe8bdc5026685811ff2bff5f3116 d36dc335847ae9
http://www.virustotal.com/ru/analisi...ae9-1274690037

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**Юльча** · 25.05.2010, 15:08

Файл video-plugin.45046.exe получен 2010.05.25 11:00:38 (UTC)
Результат: 14/40 (35%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.25.00 2010.05.25 -
AntiVir 8.2.1.242 2010.05.25 -
Antiy-AVL 2.0.3.7 2010.05.25 -
Authentium 5.2.0.5 2010.05.25 W32/FakeAlert.5!Maximus
Avast 4.8.1351.0 2010.05.25 -
Avast5 5.0.332.0 2010.05.25 -
AVG 9.0.0.787 2010.05.25 -
BitDefender 7.2 2010.05.25 Trojan.Renos.PGL
CAT-QuickHeal 10.00 2010.05.25 -
ClamAV 0.96.0.3-git 2010.05.25 -
Comodo 4939 2010.05.25 -
DrWeb 5.0.2.03300 2010.05.25 Trojan.DownLoad1.60983
eSafe 7.0.17.0 2010.05.24 -
eTrust-Vet 35.2.7508 2010.05.25 Win32/FakeCodec.C!generic
F-Prot 4.6.0.103 2010.05.24 W32/FakeAlert.5!Maximus
F-Secure 9.0.15370.0 2010.05.25 Suspicious:W32/Malware!Gemini
Fortinet 4.1.133.0 2010.05.23 -
GData 21 2010.05.25 Trojan.Renos.PGL
Ikarus T3.1.1.84.0 2010.05.25 -
Jiangmin 13.0.900 2010.05.24 -
Kaspersky 7.0.0.125 2010.05.25 -
McAfee 5.400.0.1158 2010.05.25 Downloader-CEW.b
McAfee-GW-Edition 2010.1 2010.05.25 -
Microsoft 1.5802 2010.05.25 -
NOD32 5143 2010.05.25 Win32/TrojanDownloader.FakeAlert.AYQ
Norman 6.04.12 2010.05.25 -
nProtect 2010-05-25.01 2010.05.25 -
Panda 10.0.2.7 2010.05.25 Suspicious file
PCTools 7.0.3.5 2010.05.25 -
Rising 22.49.01.04 2010.05.25 Trojan.Win32.Generic.52062772
Sophos 4.53.0 2010.05.25 Mal/FakeAV-CX
Sunbelt 6352 2010.05.25 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.05.25 -
TheHacker 6.5.2.0.287 2010.05.25 -
TrendMicro 9.120.0.1004 2010.05.25 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.25 -
VBA32 3.12.12.5 2010.05.25 -
ViRobot 2010.5.20.2326 2010.05.25 -
VirusBuster 5.0.27.0 2010.05.24 Trojan.Codecpack.Gen.6

http://www.virustotal.com/ru/analisi...37b-1274785238

**Юльча** · 27.05.2010, 14:34

Файл 0.005320158428112287.exe получен 2010.05.27 10:30:04 (UTC)
Результат: 4/40 (10%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.27.00 2010.05.27 -
AntiVir 8.2.1.242 2010.05.27 -
Antiy-AVL 2.0.3.7 2010.05.26 -
Authentium 5.2.0.5 2010.05.27 -
Avast 4.8.1351.0 2010.05.27 Win32:Crypt-GMW
Avast5 5.0.332.0 2010.05.27 Win32:Crypt-GMW
AVG 9.0.0.787 2010.05.27 -
BitDefender 7.2 2010.05.27 -
CAT-QuickHeal 10.00 2010.05.27 -
ClamAV 0.96.0.3-git 2010.05.27 -
Comodo 4942 2010.05.25 -
DrWeb 5.0.2.03300 2010.05.27 Trojan.DownLoad1.60799
eSafe 7.0.17.0 2010.05.26 -
eTrust-Vet 35.2.7513 2010.05.27 -
F-Prot 4.6.0.103 2010.05.26 -
F-Secure 9.0.15370.0 2010.05.27 -
Fortinet 4.1.133.0 2010.05.26 -
GData 21 2010.05.27 Win32:Crypt-GMW
Ikarus T3.1.1.84.0 2010.05.27 -
Jiangmin 13.0.900 2010.05.24 -
Kaspersky 7.0.0.125 2010.05.27 -
McAfee 5.400.0.1158 2010.05.27 -
McAfee-GW-Edition 2010.1 2010.05.27 -
Microsoft 1.5802 2010.05.27 -
NOD32 5149 2010.05.27 -
Norman 6.04.12 2010.05.26 -
nProtect 2010-05-27.01 2010.05.27 -
Panda 10.0.2.7 2010.05.26 -
PCTools 7.0.3.5 2010.05.27 -
Rising 22.49.03.04 2010.05.27 -
Sophos 4.53.0 2010.05.27 -
Sunbelt 6363 2010.05.27 -
Symantec 20101.1.0.89 2010.05.27 -
TheHacker 6.5.2.0.287 2010.05.25 -
TrendMicro 9.120.0.1004 2010.05.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.27 -
VBA32 3.12.12.5 2010.05.26 -
ViRobot 2010.5.20.2326 2010.05.27 -
VirusBuster 5.0.27.0 2010.05.26 -

http://www.virustotal.com/ru/analisi...cee-1274956204

**Shu_b** · 28.05.2010, 09:47

t-79536
File stWpaE7.exe received on 2010.05.28 05:44:32 (UTC)

Код:

Antivirus	Version	Last Update	Result
a-squared	4.5.0.50	2010.05.10	-
AhnLab-V3	2010.05.28.00	2010.05.28	-
AntiVir	8.2.1.242	2010.05.27	-
Antiy-AVL	2.0.3.7	2010.05.26	-
Authentium	5.2.0.5	2010.05.28	-
Avast	4.8.1351.0	2010.05.27	-
Avast5	5.0.332.0	2010.05.27	-
AVG	9.0.0.787	2010.05.27	-
BitDefender	7.2	2010.05.28	-
CAT-QuickHeal	10.00	2010.05.28	(Suspicious) - DNAScan
ClamAV	0.96.0.3-git	2010.05.28	-
Comodo	4942	2010.05.25	-
DrWeb	5.0.2.03300	2010.05.28	Trojan.Packed.20325
eSafe	7.0.17.0	2010.05.27	-
eTrust-Vet	35.2.7515	2010.05.27	-
F-Prot	4.6.0.103	2010.05.28	-
F-Secure	9.0.15370.0	2010.05.28	-
Fortinet	4.1.133.0	2010.05.26	-
GData	21	2010.05.28	-
Ikarus	T3.1.1.84.0	2010.05.28	-
Jiangmin	13.0.900	2010.05.27	-
Kaspersky	7.0.0.125	2010.05.28	-
McAfee	5.400.0.1158	2010.05.28	-
McAfee-GW-Edition	2010.1	2010.05.27	-
Microsoft	1.5802	2010.05.28	Trojan:Win32/Meredrop
NOD32	5151	2010.05.27	-
Norman	6.04.12	2010.05.27	-
nProtect	2010-05-27.03	2010.05.27	-
Panda	10.0.2.7	2010.05.27	-
PCTools	7.0.3.5	2010.05.28	-
Prevx	3.0	2010.05.28	Medium Risk Malware
Rising	22.49.04.01	2010.05.28	-
Sophos	4.53.0	2010.05.28	-
Sunbelt	6367	2010.05.28	-
Symantec	20101.1.0.89	2010.05.28	-
TheHacker	6.5.2.0.288	2010.05.27	-
TrendMicro	9.120.0.1004	2010.05.28	-
TrendMicro-HouseCall	9.120.0.1004	2010.05.28	-
VBA32	3.12.12.5	2010.05.27	-
ViRobot	2010.5.20.2326	2010.05.28	-
VirusBuster	5.0.27.0	2010.05.27	-

Additional information
File size: 100864 bytes
MD5...: 63896d67aa1026e7e4e94b6b38acf743

**Vadim_SVN** · 28.05.2010, 14:25

Файл svhost.exe получен 2010.05.28 09:47:05 (UTC)
Результат: 9/41 (21.96%)

Код:

a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.28.00 2010.05.28 -
AntiVir 8.2.1.242 2010.05.28 -
Antiy-AVL 2.0.3.7 2010.05.26 -
Authentium 5.2.0.5 2010.05.28 -
Avast 4.8.1351.0 2010.05.28 -
Avast5 5.0.332.0 2010.05.28 Win32:SuspBehav-C
AVG 9.0.0.787 2010.05.27 -
BitDefender 7.2 2010.05.28 -
CAT-QuickHeal 10.00 2010.05.28 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.28 -
Comodo 4942 2010.05.25 -
DrWeb 5.0.2.03300 2010.05.28 Trojan.Winlock.1765
eSafe 7.0.17.0 2010.05.27 -
eTrust-Vet 35.2.7516 2010.05.28 -
F-Prot 4.6.0.103 2010.05.28 -
F-Secure 9.0.15370.0 2010.05.28 Suspicious:W32/Malware!Gemini
Fortinet 4.1.133.0 2010.05.26 -
GData 21 2010.05.28 -
Ikarus T3.1.1.84.0 2010.05.28 -
Jiangmin 13.0.900 2010.05.28 -
Kaspersky 7.0.0.125 2010.05.28 Trojan-Ransom.Win32.PinkBlocker.blk
McAfee 5.400.0.1158 2010.05.28 -
McAfee-GW-Edition 2010.1 2010.05.28 Artemis!BE43FF336A01
Microsoft 1.5802 2010.05.28 -
NOD32 5152 2010.05.28 -
Norman 6.04.12 2010.05.27 -
nProtect 2010-05-27.03 2010.05.27 -
Panda 10.0.2.7 2010.05.27 Suspicious file
PCTools 7.0.3.5 2010.05.28 -
Prevx 3.0 2010.05.28 -
Rising 22.49.04.04 2010.05.28 -
Sophos 4.53.0 2010.05.28 Sus/UnkPack-C
Sunbelt 6368 2010.05.28 -
Symantec 20101.1.0.89 2010.05.28 -
TheHacker 6.5.2.0.288 2010.05.27 -
TrendMicro 9.120.0.1004 2010.05.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.28 -
VBA32 3.12.12.5 2010.05.28 Trojan.Win32.Waledac.42
ViRobot 2010.5.20.2326 2010.05.28 -
VirusBuster 5.0.27.0 2010.05.27 -

Дополнительная информация
File size: 380416 bytes
MD5...: be43ff336a0176b9976c8b44a66753d6

http://www.virustotal.com/ru/analisi...bd4-1275040025

**valho** · 31.05.2010, 14:32

Сделал человеку фотографию на паспорт дома, записал на флешку, сестра сходила в фотостудию. Оттуда уже принесла и это при том что у флешки был заблокирован autorun.inf

File jwgkvsq.vmx received on 2010.05.31 10:17:54 (UTC)
Current status: Finished
Result: 32/33 (96.97%)

a-squared 5.0.0.26 2010.05.31 Net-Worm.Win32.Kido!IK
AntiVir 8.2.1.242 2010.05.31 Worm/Conficker.AG
Antiy-AVL 2.0.3.7 2010.05.31 -
Authentium 5.2.0.5 2010.05.31 W32/Conficker!Generic
Avast 4.8.1351.0 2010.05.30 Win32:Confi
Avast5 5.0.332.0 2010.05.30 Win32:Confi
BitDefender 7.2 2010.05.31 Win32.Worm.Downadup.Gen
CAT-QuickHeal 10.00 2010.05.31 Worm.Conficker.b
ClamAV 0.96.0.3-git 2010.05.30 Worm.Kido-61
Comodo 4959 2010.05.31 Worm.Win32.Conficker.AG0
eSafe 7.0.17.0 2010.05.30 Win32.Conficker.worm
eTrust-Vet 35.2.7521 2010.05.31 Win32/Conficker
F-Prot 4.6.0.103 2010.05.31 W32/Conficker!Generic
Fortinet 4.1.133.0 2010.05.30 W32/Conficker.IH!worm.im
GData 21 2010.05.31 Win32.Worm.Downadup.Gen
Ikarus T3.1.1.84.0 2010.05.31 Net-Worm.Win32.Kido
Jiangmin 13.0.900 2010.05.30 Worm/Kido.jm
Kaspersky 7.0.0.125 2010.05.31 Net-Worm.Win32.Kido.ih
McAfee 5.400.0.1158 2010.05.31 W32/Conficker.worm.gen.a
McAfee-GW-Edition 2010.1 2010.05.31 W32/Conficker.worm.gen.a
Microsoft 1.5802 2010.05.31 Worm:Win32/Conficker.B
NOD32 5157 2010.05.31 a variant of Win32/Conficker.AA
nProtect 2010-05-31.01 2010.05.31 Worm/W32.Kido.169822
Panda 10.0.2.7 2010.05.30 W32/Conficker.C.worm
PCTools 7.0.3.5 2010.05.31 Trojan.Conficker
Prevx 3.0 2010.05.31 Medium Risk Malware
Rising 22.50.00.04 2010.05.31 Trojan.Win32.Generic.51F828F1
Sophos 4.53.0 2010.05.31 Mal/Conficker-A
TheHacker 6.5.2.0.290 2010.05.30 W32/Kido.ih
TrendMicro 9.120.0.1004 2010.05.31 WORM_DOWNAD.AD
VBA32 3.12.12.5 2010.05.29 Worm.Win32.kido.105
ViRobot 2010.5.20.2326 2010.05.28 Worm.Win32.Conficker.169822
VirusBuster 5.0.27.0 2010.05.30 Worm.Kido.KE

Additional information
File size: 169822 bytes
MD5...: acf4da36e762084070f8138a43144759
SHA1..: 2f00848973f6abaa5a31647a19c0da6053a3e4c5
SHA256: 71608b749d8e3d8736975a26151d529ddee99d92f97640ab36 927f91e1846282
ssdeep: 3072:+/5E60KXnXhddhoqAtULVMtpJW+PIeii72sxPzhO8k6YWsC8VTd/ThWlA0J
RkFX+:U5p0KdDtLKtpJFILroPzhO71+I1FWu0f
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x43cb
timedatestamp.....: 0x4495b5bb (Sun Jun 18 20:21:15 2006)
machinetype.......: 0x14c (I386)

**gjf** · 31.05.2010, 17:36

File _TEMP.exe received on 2010.05.31 09:31:26 (UTC)
Result: 0/41 (0.00%)

a-squared 5.0.0.26 2010.05.31 -
AhnLab-V3 2010.05.30.00 2010.05.29 -
AntiVir 8.2.1.242 2010.05.31 -
Antiy-AVL 2.0.3.7 2010.05.31 -
Authentium 5.2.0.5 2010.05.31 -
Avast 4.8.1351.0 2010.05.30 -
Avast5 5.0.332.0 2010.05.30 -
AVG 9.0.0.787 2010.05.31 -
BitDefender 7.2 2010.05.31 -
CAT-QuickHeal 10.00 2010.05.31 -
ClamAV 0.96.0.3-git 2010.05.30 -
Comodo 4959 2010.05.31 -
DrWeb 5.0.2.03300 2010.05.31 -
eSafe 7.0.17.0 2010.05.30 -
eTrust-Vet 35.2.7521 2010.05.31 -
F-Prot 4.6.0.103 2010.05.31 -
F-Secure 9.0.15370.0 2010.05.31 -
Fortinet 4.1.133.0 2010.05.30 -
GData 21 2010.05.31 -
Ikarus T3.1.1.84.0 2010.05.31 -
Jiangmin 13.0.900 2010.05.30 -
Kaspersky 7.0.0.125 2010.05.31 -
McAfee 5.400.0.1158 2010.05.31 -
McAfee-GW-Edition 2010.1 2010.05.31 -
Microsoft 1.5802 2010.05.31 -
NOD32 5157 2010.05.31 -
Norman 6.04.12 2010.05.31 -
nProtect 2010-05-31.01 2010.05.31 -
Panda 10.0.2.7 2010.05.30 -
PCTools 7.0.3.5 2010.05.31 -
Prevx 3.0 2010.05.31 -
Rising 22.50.00.04 2010.05.31 -
Sophos 4.53.0 2010.05.31 -
Sunbelt 6380 2010.05.31 -
Symantec 20101.1.0.89 2010.05.31 -
TheHacker 6.5.2.0.290 2010.05.30 -
TrendMicro 9.120.0.1004 2010.05.31 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.31 -
VBA32 3.12.12.5 2010.05.29 -
ViRobot 2010.5.20.2326 2010.05.28 -
VirusBuster 5.0.27.0 2010.05.30 -

http://www.virustotal.com/analisis/4...c6b-1275298286
P.S. ~Temp.exe = Trojan.MSIL.Agent.lc

Добавлено через 2 часа 25 минут

ZBot2:
File load.exe received on 2010.05.31 13:33:28 (UTC)
Result: 8/41 (19.52%)

a-squared 5.0.0.26 2010.05.31 Backdoor.Win32.Bifrose!IK
AhnLab-V3 2010.05.30.00 2010.05.29 -
AntiVir 8.2.1.242 2010.05.31 -
Antiy-AVL 2.0.3.7 2010.05.31 -
Authentium 5.2.0.5 2010.05.31 -
Avast 4.8.1351.0 2010.05.30 -
Avast5 5.0.332.0 2010.05.30 -
AVG 9.0.0.787 2010.05.31 -
BitDefender 7.2 2010.05.31 -
CAT-QuickHeal 10.00 2010.05.31 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.31 -
Comodo 4959 2010.05.31 -
DrWeb 5.0.2.03300 2010.05.31 -
eSafe 7.0.17.0 2010.05.30 -
eTrust-Vet 35.2.7521 2010.05.31 -
F-Prot 4.6.0.103 2010.05.31 -
F-Secure 9.0.15370.0 2010.05.31 -
Fortinet 4.1.133.0 2010.05.30 -
GData 21 2010.05.31 -
Ikarus T3.1.1.84.0 2010.05.31 Backdoor.Win32.Bifrose
Jiangmin 13.0.900 2010.05.30 -
Kaspersky 7.0.0.125 2010.05.31 -
McAfee 5.400.0.1158 2010.05.31 BackDoor-CEP.gen.cb
McAfee-GW-Edition 2010.1 2010.05.31 Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Do wnloader.B
Microsoft 1.5802 2010.05.31 VirTool:Win32/VBInject.gen!CI
NOD32 5157 2010.05.31 -
Norman 6.04.12 2010.05.31 -
nProtect 2010-05-31.01 2010.05.31 -
Panda 10.0.2.7 2010.05.30 Bck/Bifrost.gen
PCTools 7.0.3.5 2010.05.31 -
Prevx 3.0 2010.05.31 High Risk Cloaked Malware
Rising 22.50.00.04 2010.05.31 -
Sophos 4.53.0 2010.05.31 -
Sunbelt 6381 2010.05.31 -
Symantec 20101.1.0.89 2010.05.31 -
TheHacker 6.5.2.0.290 2010.05.30 -
TrendMicro 9.120.0.1004 2010.05.31 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.31 -
VBA32 3.12.12.5 2010.05.31 -
ViRobot 2010.5.31.2331 2010.05.31 -
VirusBuster 5.0.27.0 2010.05.30 -

http://www.virustotal.com/analisis/7...cb1-1275312808

**gjf** · 02.06.2010, 00:10

TDL3 - суточной давности дроппер.
File setup.exe received on 2010.06.01 20:07:22 (UTC)
Result: 4/41 (9.76%)

a-squared5.0.0.262010.06.01-
AhnLab-V32010.06.01.012010.06.01-
AntiVir8.2.1.2422010.06.01-
Antiy-AVL2.0.3.72010.06.01-
Authentium5.2.0.52010.06.01-
Avast4.8.1351.02010.06.01-
Avast55.0.332.02010.06.01-
AVG9.0.0.7872010.06.01-
BitDefender7.22010.06.01-
CAT-QuickHeal10.002010.06.01-
ClamAV0.96.0.3-git2010.06.01-
Comodo49772010.06.01Heur.Packed.Unknown
DrWeb5.0.2.033002010.06.01-
eSafe7.0.17.02010.06.01-
eTrust-Vet35.2.75232010.06.01-
F-Prot4.6.0.1032010.06.01-
F-Secure9.0.15370.02010.06.01-
Fortinet4.1.133.02010.06.01-
GData212010.06.01-
IkarusT3.1.1.84.02010.06.01-
Jiangmin13.0.9002010.05.31-
Kaspersky7.0.0.1252010.06.01-
McAfee5.400.0.11582010.06.01-
McAfee-GW-Edition2010.12010.06.01
Heuristic.LooksLike.Trojan.Backdoor.Agent.I
Microsoft1.58022010.06.01-
NOD3251642010.06.01-
Norman6.04.122010.06.01-
nProtect2010-06-01.022010.06.01-
Panda10.0.2.72010.06.01-
PCTools7.0.3.52010.06.01-
Prevx3.02010.06.01Medium Risk Malware
Rising22.50.01.032010.06.01-
Sophos4.53.02010.06.01Mal/TDSSPack-Y
Sunbelt63872010.06.01-
Symantec20101.1.0.892010.06.01-
TheHacker6.5.2.0.2912010.06.01-
TrendMicro9.120.0.10042010.06.01-
TrendMicro-HouseCall9.120.0.10042010.06.01-
VBA323.12.12.52010.06.01-
ViRobot2010.6.1.23332010.06.01-
VirusBuster5.0.27.02010.06.01-

http://www.virustotal.com/analisis/2...b6d-1275422842

**ISO** · 04.06.2010, 10:57

Мой KIS опять не знаком с этой гадостью.
File csrss.exe received on 2010.06.04 06:46:45 (UTC)
Result: 21/41 (51.22%)

Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.06.04 -
AhnLab-V3 2010.06.04.00 2010.06.03 -
AntiVir 8.2.2.4 2010.06.03 TR/ATRAPS.Gen2
Antiy-AVL 2.0.3.7 2010.06.02 -
Authentium 5.2.0.5 2010.06.04 W32/Rimecud.I.gen!Eldorado
Avast 4.8.1351.0 2010.06.03 -
Avast5 5.0.332.0 2010.06.03 Win32:SuspBehav-C
AVG 9.0.0.787 2010.06.04 Cryptic.IJ
BitDefender 7.2 2010.06.04 Gen:Variant.Rimecud.2
CAT-QuickHeal 10.00 2010.06.04 Worm.Palevo
ClamAV 0.96.0.3-git 2010.06.04 -
Comodo 4981 2010.06.04 TrojWare.Win32.Cryp_Palevo5
DrWeb 5.0.2.03300 2010.06.04 Trojan.Packed.20312
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7527 2010.06.03 -
F-Prot 4.6.0.103 2010.06.03 W32/Rimecud.I.gen!Eldorado
F-Secure 9.0.15370.0 2010.06.04 Gen:Variant.Rimecud.2
Fortinet 4.1.133.0 2010.06.03 -
GData 21 2010.06.04 Gen:Variant.Rimecud.2
Ikarus T3.1.1.84.0 2010.06.04 -
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 Artemis!A6536E001908
Microsoft 1.5802 2010.06.04 -
NOD32 5170 2010.06.03 a variant of Win32/Peerfrag.HD
Norman 6.04.12 2010.06.03 -
nProtect 2010-06-03.01 2010.06.03 Gen:Variant.Rimecud.2
Panda 10.0.2.7 2010.06.03 Suspicious file
PCTools 7.0.3.5 2010.06.04 Malware.Pilleuz
Prevx 3.0 2010.06.04 -
Rising 22.50.04.01 2010.06.04 -
Sophos 4.53.0 2010.06.04 -
Sunbelt 6403 2010.06.04 Packed.Win32.Crum (v)
Symantec 20101.1.0.89 2010.06.04 W32.Pilleuz!gen5
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.04 Mal_Palevo5
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 Mal_Palevo5
VBA32 3.12.12.5 2010.06.03 BScope.Trojan.MTA.0230
ViRobot 2010.6.4.2336 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.03 -

Additional information
File size: 141824 bytes
MD5...: a6536e001908e4bb243c3b4e85dcd169
SHA1..: 2c3f13c0d0227f8e830fccfde5d6f010dbf88fff
SHA256: f87df4c3d49dd0e44630381f5a98c0853d7343c43de31094d0 94190ee069ec2d
ssdeep: 3072:bUA1SZQBWQednQjOfZnn8vyn1fbEvxLysmsYSsgMm6mFq :b11DS11EksYS

**ALEX(XX)** · 04.06.2010, 20:08

"Улов"
Файл porno-incest-zrelye-zhenschiny_pa получен 2010.06.04 15:42:04 (UTC)

Код:

Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	-
AhnLab-V3	2010.06.04.02	2010.06.04	-
AntiVir	8.2.2.6	2010.06.04	-
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	HTML:Script-inf
Avast5	5.0.332.0	2010.06.04	HTML:Script-inf
AVG	9.0.0.787	2010.06.04	-
BitDefender	7.2	2010.06.04	-
CAT-QuickHeal	10.00	2010.06.04	-
ClamAV	0.96.0.3-git	2010.06.04	-
Comodo	4984	2010.06.04	-
DrWeb	5.0.2.03300	2010.06.04	-
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	-
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	-
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	HTML:Script-inf
Ikarus	T3.1.1.84.0	2010.06.04	-
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	-
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	-
NOD32	5172	2010.06.04	-
Norman	6.04.12	2010.06.04	-
nProtect	2010-06-04.01	2010.06.04	-
Panda	10.0.2.7	2010.06.04	-
PCTools	7.0.3.5	2010.06.04	-
Prevx	3.0	2010.06.04	-
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	-
Sunbelt	6405	2010.06.04	-
Symantec	20101.1.0.89	2010.06.04	-
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	-
VBA32	3.12.12.5	2010.06.04	-
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File&nbsp;size: 26773 bytes
MD5&nbsp;&nbsp;&nbsp;: 6a6a7c160b7d82dfb458779dbfeb379a
SHA1&nbsp;&nbsp;: d25c03d21a4dbbcac922da3d65539b99ae3536f2
SHA256: 9fd352c5a6d2acfe57c8184113b2fe243c7303834e631f4ad5c298085c2353ca
TrID&nbsp;&nbsp;: File type identification<br>HyperText Markup Language (100.0%)
ssdeep: 384:UkhHQYsqLeDcxJT7Xo2IVHzBOPQVPdaPGDKpMy/nlJJfbr24/i9tolCKW7QWm0J:UkhHsqLeDcfT82uFThUbrX+olCL75m0J
sigcheck: publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
PEiD&nbsp;&nbsp;: -
RDS&nbsp;&nbsp;&nbsp;: NSRL Reference Data Set<br>-

Файл jdpkXFS.exe получен 2010.06.04 15:42:33 (UTC)

Код:

Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	Trojan.Win32.Meredrop.A!A2
AhnLab-V3	2010.06.04.02	2010.06.04	-
AntiVir	8.2.2.6	2010.06.04	TR/Meredrop.A.10097
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	Win32:Rootkit-gen
Avast5	5.0.332.0	2010.06.04	Win32:Rootkit-gen
AVG	9.0.0.787	2010.06.04	SHeur3.ZZZ
BitDefender	7.2	2010.06.04	-
CAT-QuickHeal	10.00	2010.06.04	(Suspicious) - DNAScan
ClamAV	0.96.0.3-git	2010.06.04	-
Comodo	4984	2010.06.04	UnclassifiedMalware
DrWeb	5.0.2.03300	2010.06.04	Trojan.Packed.20320
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	-
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	-
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	Win32:Rootkit-gen 
Ikarus	T3.1.1.84.0	2010.06.04	-
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	-
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	Trojan:Win32/Meredrop
NOD32	5172	2010.06.04	Win32/Spy.Shiz.NBD
Norman	6.04.12	2010.06.04	-
nProtect	2010-06-04.01	2010.06.04	-
Panda	10.0.2.7	2010.06.04	Generic Malware
PCTools	7.0.3.5	2010.06.04	-
Prevx	3.0	2010.06.04	Medium Risk Malware
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	-
Sunbelt	6405	2010.06.04	Trojan.Win32.Generic!BT
Symantec	20101.1.0.89	2010.06.04	-
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	-
VBA32	3.12.12.5	2010.06.04	Win32.Spy.Shiz.NBD
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File size: 95232 bytes
MD5...: 60461eab0f3830660d660cc0d81ea605
SHA1..: 987176733844a08c282078e617ba916c1fa4043d
SHA256: f6a2df0b7214934f9ecda9e324faddb68afac775cde4e8e7ee58e683d591f470
ssdeep: 1536:M1S6ssPcBOeiY9PXNWen/ycAFlP7JE9dWW670ISC0W+3CML+2ssTTmle:M1<br>SLOeZ18e/X2lP7JcWWzISCkSAie<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x16a0<br>timedatestamp.....: 0x343f7e00 (Sat Oct 11 13:24:16 1997)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name        viradd    virsiz   rawdsiz  ntrpy  md5<br>.text       0x1000    0x52da    0x5400   7.58  494c135b90b12369c37c8b57fa715381<br>.data       0x7000    0xf810    0xfa00   7.38  5935f2309984ab57a4dda823cede9dd2<br>.idata     0x17000     0x4ab     0x600   4.05  04fc78daff8355191d10b900ec97fefb<br>.rsrc      0x18000    0x19a0    0x1a00   5.78  181203eafe0908823d482840a504445f<br>.reloc     0x1a000      0xce     0x200   3.16  a360412cd1e858c80b1fd295c8789b55<br><br>( 2 imports )  <br>&gt; KERNEL32.dll: GetStartupInfoA, GetModuleHandleA, GetProcAddress, GetTickCount, FatalAppExitA, GetTempFileNameA, GetLogicalDrives, RemoveDirectoryW, GetCurrentThreadId, GetModuleFileNameW, FileTimeToLocalFileTime, MoveFileW, ExitProcess, ExitThread, CreateSemaphoreA, FileTimeToSystemTime, GetCurrentDirectoryA, CreateNamedPipeW, OpenMutexA, GetFileAttributesW, FindAtomA, SetCurrentDirectoryA, GlobalAlloc<br>&gt; USER32.dll: WaitMessage, DialogBoxIndirectParamA, TrackPopupMenu, SetDlgItemTextW, GetKeyboardLayout, PeekMessageA, InsertMenuItemA, GetMessageW, CreateWindowExW, GetKeyState, SetCapture, GetClassInfoW, GetClassLongW, wsprintfA, IsDlgButtonChecked, ShowCursor, CheckRadioButton, LockWindowUpdate, GetDlgItemInt<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (38.3%)<br>Win32 Dynamic Link Library (generic) (34.1%)<br>Win16/32 Executable Delphi generic (9.3%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%)
&lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=283F1722006047E0740D01689A325E0037E45040' target='_blank'&gt;http://info.prevx.com/aboutprogramtext.asp?PX5=283F1722006047E0740D01689A325E0037E45040&lt;/a&gt;
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:<br>publisher....: Pgovgj Xgjlps Ixtryw<br>copyright....: Ywrywbp Xzilnrf Ruwzcjh<br>product......: Pwmwsws<br>description..: Vqoqtv Cxipn<br>original name: n/a<br>internal name: n/a<br>file version.: 9.5.0.9<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Файл 50f4b730-5243791e получен 2010.06.04 15:42:10 (UTC)

Код:

Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	Trojan-Downloader.Java.Agent!IK
AhnLab-V3	2010.06.04.02	2010.06.04	-
AntiVir	8.2.2.6	2010.06.04	-
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	Java:Djewers-H
Avast5	5.0.332.0	2010.06.04	Java:Djewers-H
AVG	9.0.0.787	2010.06.04	-
BitDefender	7.2	2010.06.04	-
CAT-QuickHeal	10.00	2010.06.04	-
ClamAV	0.96.0.3-git	2010.06.04	-
Comodo	4984	2010.06.04	-
DrWeb	5.0.2.03300	2010.06.04	-
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	Java/SillyDl.HJW
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	-
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	Java:Djewers-H 
Ikarus	T3.1.1.84.0	2010.06.04	Trojan-Downloader.Java.Agent
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	-
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	-
NOD32	5172	2010.06.04	-
Norman	6.04.12	2010.06.04	-
nProtect	2010-06-04.01	2010.06.04	-
Panda	10.0.2.7	2010.06.04	-
PCTools	7.0.3.5	2010.06.04	-
Prevx	3.0	2010.06.04	-
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	-
Sunbelt	6405	2010.06.04	Trojan-Downloader.Java.Agent.bk (v)
Symantec	20101.1.0.89	2010.06.04	-
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	-
VBA32	3.12.12.5	2010.06.04	-
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File size: 7917 bytes
MD5...: 38b48c672a3e45988b5a59e457d74181
SHA1..: a84bf350369d7547de0e4d235683a7fa30220df1
SHA256: 991abd8b4b2e913335e0211ee1686a07561172f2a2bd2e4b020fd1ec8f3a87d7
ssdeep: 192:apVYRxkKEFOrzOr2pj2C3okf4XmOi5ReU7tWAmloz:apVYRfEFdSCC3okf+i<br>2Emloz<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Unknown!
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Файл 6BkLj93.exe получен 2010.06.04 15:42:42 (UTC)

Код:

Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	Trojan.Win32.Meredrop.A!A2
AhnLab-V3	2010.06.04.02	2010.06.04	-
AntiVir	8.2.2.6	2010.06.04	TR/Meredrop.A.10097
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	Win32:Rootkit-gen
Avast5	5.0.332.0	2010.06.04	Win32:Rootkit-gen
AVG	9.0.0.787	2010.06.04	SHeur3.ZZZ
BitDefender	7.2	2010.06.04	-
CAT-QuickHeal	10.00	2010.06.04	(Suspicious) - DNAScan
ClamAV	0.96.0.3-git	2010.06.04	-
Comodo	4984	2010.06.04	UnclassifiedMalware
DrWeb	5.0.2.03300	2010.06.04	Trojan.Packed.20320
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	-
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	-
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	Win32:Rootkit-gen 
Ikarus	T3.1.1.84.0	2010.06.04	-
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	-
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	Trojan:Win32/Meredrop
NOD32	5172	2010.06.04	Win32/Spy.Shiz.NBD
Norman	6.04.12	2010.06.04	-
nProtect	2010-06-04.01	2010.06.04	-
Panda	10.0.2.7	2010.06.04	Generic Malware
PCTools	7.0.3.5	2010.06.04	-
Prevx	3.0	2010.06.04	Medium Risk Malware
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	-
Sunbelt	6405	2010.06.04	Trojan.Win32.Generic!BT
Symantec	20101.1.0.89	2010.06.04	-
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	-
VBA32	3.12.12.5	2010.06.04	Win32.Spy.Shiz.NBD
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File size: 95232 bytes
MD5...: 60461eab0f3830660d660cc0d81ea605
SHA1..: 987176733844a08c282078e617ba916c1fa4043d
SHA256: f6a2df0b7214934f9ecda9e324faddb68afac775cde4e8e7ee58e683d591f470
ssdeep: 1536:M1S6ssPcBOeiY9PXNWen/ycAFlP7JE9dWW670ISC0W+3CML+2ssTTmle:M1<br>SLOeZ18e/X2lP7JcWWzISCkSAie<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x16a0<br>timedatestamp.....: 0x343f7e00 (Sat Oct 11 13:24:16 1997)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name        viradd    virsiz   rawdsiz  ntrpy  md5<br>.text       0x1000    0x52da    0x5400   7.58  494c135b90b12369c37c8b57fa715381<br>.data       0x7000    0xf810    0xfa00   7.38  5935f2309984ab57a4dda823cede9dd2<br>.idata     0x17000     0x4ab     0x600   4.05  04fc78daff8355191d10b900ec97fefb<br>.rsrc      0x18000    0x19a0    0x1a00   5.78  181203eafe0908823d482840a504445f<br>.reloc     0x1a000      0xce     0x200   3.16  a360412cd1e858c80b1fd295c8789b55<br><br>( 2 imports )  <br>&gt; KERNEL32.dll: GetStartupInfoA, GetModuleHandleA, GetProcAddress, GetTickCount, FatalAppExitA, GetTempFileNameA, GetLogicalDrives, RemoveDirectoryW, GetCurrentThreadId, GetModuleFileNameW, FileTimeToLocalFileTime, MoveFileW, ExitProcess, ExitThread, CreateSemaphoreA, FileTimeToSystemTime, GetCurrentDirectoryA, CreateNamedPipeW, OpenMutexA, GetFileAttributesW, FindAtomA, SetCurrentDirectoryA, GlobalAlloc<br>&gt; USER32.dll: WaitMessage, DialogBoxIndirectParamA, TrackPopupMenu, SetDlgItemTextW, GetKeyboardLayout, PeekMessageA, InsertMenuItemA, GetMessageW, CreateWindowExW, GetKeyState, SetCapture, GetClassInfoW, GetClassLongW, wsprintfA, IsDlgButtonChecked, ShowCursor, CheckRadioButton, LockWindowUpdate, GetDlgItemInt<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
trid..: Win32 Executable Generic (38.3%)<br>Win32 Dynamic Link Library (generic) (34.1%)<br>Win16/32 Executable Delphi generic (9.3%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%)
pdfid.: -
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:<br>publisher....: Pgovgj Xgjlps Ixtryw<br>copyright....: Ywrywbp Xzilnrf Ruwzcjh<br>product......: Pwmwsws<br>description..: Vqoqtv Cxipn<br>original name: n/a<br>internal name: n/a<br>file version.: 9.5.0.9<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
&lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=283F1722006047E0740D01689A325E0037E45040' target='_blank'&gt;http://info.prevx.com/aboutprogramtext.asp?PX5=283F1722006047E0740D01689A325E0037E45040&lt;/a&gt;

Файл HkdfkjX.class получен 2010.06.04 15:42:46 (UTC)

Код:

Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	-
AhnLab-V3	2010.06.04.02	2010.06.04	-
AntiVir	8.2.2.6	2010.06.04	-
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	Java:Djewers-H
Avast5	5.0.332.0	2010.06.04	Java:Djewers-H
AVG	9.0.0.787	2010.06.04	-
BitDefender	7.2	2010.06.04	-
CAT-QuickHeal	10.00	2010.06.04	-
ClamAV	0.96.0.3-git	2010.06.04	-
Comodo	4984	2010.06.04	-
DrWeb	5.0.2.03300	2010.06.04	-
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	-
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	-
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	Java:Djewers-H 
Ikarus	T3.1.1.84.0	2010.06.04	-
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	-
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	-
NOD32	5172	2010.06.04	-
Norman	6.04.12	2010.06.04	-
nProtect	2010-06-04.01	2010.06.04	-
Panda	10.0.2.7	2010.06.04	-
PCTools	7.0.3.5	2010.06.04	-
Prevx	3.0	2010.06.04	-
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	Mal/JavaDldr-B
Sunbelt	6405	2010.06.04	-
Symantec	20101.1.0.89	2010.06.04	-
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	-
VBA32	3.12.12.5	2010.06.04	-
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File size: 5624 bytes
MD5...: 91255e4e3bc74188f1484179405225c9
SHA1..: 9f59fca1ff4219b45acfd715005f39b67eaf119b
SHA256: 7d191aad484697fec3060ba7cbb3b0588134d302aa74a6f9415491665ca98921
ssdeep: 96:W7FlYEkuSyZjYVpMpTgrVpK4KcBxRgtuz5WM1kApgS0:WlnZcygrZKclgtudW<br>0kApgS0<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Java Bytecode (60.0%)<br>Mac OS X Universal Binary executable (40.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Файл KHdfsdeX.class получен 2010.06.04 15:46:26 (UTC)

Код:

Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	-
AhnLab-V3	2010.06.04.02	2010.06.04	-
AntiVir	8.2.2.6	2010.06.04	-
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	Java:Djewers-E
Avast5	5.0.332.0	2010.06.04	Java:Djewers-E
AVG	9.0.0.787	2010.06.04	-
BitDefender	7.2	2010.06.04	-
CAT-QuickHeal	10.00	2010.06.04	-
ClamAV	0.96.0.3-git	2010.06.04	-
Comodo	4984	2010.06.04	-
DrWeb	5.0.2.03300	2010.06.04	-
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	-
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	-
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	Java:Djewers-E 
Ikarus	T3.1.1.84.0	2010.06.04	-
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	-
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	-
NOD32	5172	2010.06.04	-
Norman	6.04.12	2010.06.04	-
nProtect	2010-06-04.01	2010.06.04	-
Panda	10.0.2.7	2010.06.04	-
PCTools	7.0.3.5	2010.06.04	-
Prevx	3.0	2010.06.04	-
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	Mal/JavaDldr-B
Sunbelt	6405	2010.06.04	-
Symantec	20101.1.0.89	2010.06.04	-
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	-
VBA32	3.12.12.5	2010.06.04	-
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File&nbsp;size: 7491 bytes
MD5&nbsp;&nbsp;&nbsp;: e73234098eaae758219a109403978ea2
SHA1&nbsp;&nbsp;: 20836967becbfd1f38a018cc5c5de2516b5463ee
SHA256: 2afc7199f3b048b621f4a673ed1150b21f7048de2d3586b8870c73b73e3d2657
TrID&nbsp;&nbsp;: File type identification<br>Java Bytecode (60.0%)<br>Mac OS X Universal Binary executable (40.0%)
ssdeep: 96:t6PZl4kTiDXIzMEFQVwBXeo16NZD2DUDUHIzseszUy0oA7vQLpVDUUU6DUUUKJuV:SZlPTGwBuoysbzU+LpxMkMrM87SE
sigcheck: publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
PEiD&nbsp;&nbsp;: -
RDS&nbsp;&nbsp;&nbsp;: NSRL Reference Data Set<br>-

Файл AppletX.class получен 2010.06.04 15:43:03 (UTC)

Код:

Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	Trojan.Java.ClassLoader!IK
AhnLab-V3	2010.06.04.02	2010.06.04	-
AntiVir	8.2.2.6	2010.06.04	-
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	Java:Agent-B
Avast5	5.0.332.0	2010.06.04	Java:Agent-B
AVG	9.0.0.787	2010.06.04	Java/Downloader.U
BitDefender	7.2	2010.06.04	-
CAT-QuickHeal	10.00	2010.06.04	-
ClamAV	0.96.0.3-git	2010.06.04	Exploit.JS-7
Comodo	4984	2010.06.04	-
DrWeb	5.0.2.03300	2010.06.04	Exploit.Java.1
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	-
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	-
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	Java:Agent-B 
Ikarus	T3.1.1.84.0	2010.06.04	Trojan.Java.ClassLoader
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	-
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	Trojan:Java/Classloader.S
NOD32	5172	2010.06.04	a variant of Java/TrojanDownloader.OpenStream.NAJ
Norman	6.04.12	2010.06.04	-
nProtect	2010-06-04.01	2010.06.04	-
Panda	10.0.2.7	2010.06.04	-
PCTools	7.0.3.5	2010.06.04	Trojan.Generic
Prevx	3.0	2010.06.04	-
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	Sus/ClassLdr-A
Sunbelt	6405	2010.06.04	-
Symantec	20101.1.0.89	2010.06.04	Trojan Horse
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	JAVA_DLOAD.YT
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	JAVA_DLOAD.YT
VBA32	3.12.12.5	2010.06.04	Exploit.Java.1
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File size: 5254 bytes
MD5...: 5103f06af294aa364dd6049c1b217c83
SHA1..: a32c61706e1ec3c947799e8356d8ae6336758fde
SHA256: 05000e29f191047292ae2e625df5580c6dbfb8957cf1d7dd167e79cd00b443af
ssdeep: 96:CilE7Pql5lov5//9Q7PEeLkC4Vx8P/lwCywJGwL/rpGNd9KlK62SYeL:yDql5<br>M5/67PE0kC4X8P9wCyP49AhUL<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Java Bytecode (60.0%)<br>Mac OS X Universal Binary executable (40.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Файл LoaderX.class получен 2010.06.04 15:44:41 (UTC)

Код:

Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	Trojan-Downloader.Java.Agent!IK
AhnLab-V3	2010.06.04.02	2010.06.04	-
AntiVir	8.2.2.6	2010.06.04	-
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	Java:Agent-B
Avast5	5.0.332.0	2010.06.04	Java:Agent-B
AVG	9.0.0.787	2010.06.04	-
BitDefender	7.2	2010.06.04	-
CAT-QuickHeal	10.00	2010.06.04	-
ClamAV	0.96.0.3-git	2010.06.04	-
Comodo	4984	2010.06.04	-
DrWeb	5.0.2.03300	2010.06.04	Exploit.Java.2
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	-
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	-
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	Java:Agent-B 
Ikarus	T3.1.1.84.0	2010.06.04	Trojan-Downloader.Java.Agent
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	-
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	Exploit:Java/CVE-2008-5353.C
NOD32	5172	2010.06.04	a variant of Java/TrojanDownloader.Agent.NBE
Norman	6.04.12	2010.06.04	JAVA/ByteVerify.B
nProtect	2010-06-04.01	2010.06.04	-
Panda	10.0.2.7	2010.06.04	-
PCTools	7.0.3.5	2010.06.04	Trojan.Generic
Prevx	3.0	2010.06.04	-
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	Sus/ClassLdr-A
Sunbelt	6405	2010.06.04	-
Symantec	20101.1.0.89	2010.06.04	Trojan Horse
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	JAVA_DLOAD.YT
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	JAVA_DLOAD.YT
VBA32	3.12.12.5	2010.06.04	Exploit.Java.2
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File size: 3743 bytes
MD5...: 59b358987b10355b6818f2fa8b5851d5
SHA1..: 8bfdb8f0be7674fed30a8d836bc73594cdcec3b9
SHA256: 9a9c78dbb951285845f03aa99366203df854e06fe7c5e614a6fde02159fc1ca4
ssdeep: 96:EcwFl+E3C4Vx8Pjlov5//9Q7qqTxwnSupzu7eYhB:Enl7C4X8PjM5/67zxwS1<br>7F/<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Java Bytecode (60.0%)<br>Mac OS X Universal Binary executable (40.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Byodsadc.class получен 2010.06.04 15:44:44 (UTC)

Код:

Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	Virus.Java.Djewers!IK
AhnLab-V3	2010.06.04.02	2010.06.04	-
AntiVir	8.2.2.6	2010.06.04	TR/Dldr.Java.Agent.BH.6
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	Java:Djewers-J
Avast5	5.0.332.0	2010.06.04	Java:Djewers-J
AVG	9.0.0.787	2010.06.04	-
BitDefender	7.2	2010.06.04	-
CAT-QuickHeal	10.00	2010.06.04	-
ClamAV	0.96.0.3-git	2010.06.04	-
Comodo	4984	2010.06.04	-
DrWeb	5.0.2.03300	2010.06.04	-
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	-
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	Exploit:Java/Agent.DIRE
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	Java:Djewers-J 
Ikarus	T3.1.1.84.0	2010.06.04	Virus.Java.Djewers
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	Trojan-Downloader.Java.Agent.bh
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	-
NOD32	5172	2010.06.04	a variant of Java/TrojanDownloader.Agent.NAX
Norman	6.04.12	2010.06.04	-
nProtect	2010-06-04.01	2010.06.04	-
Panda	10.0.2.7	2010.06.04	-
PCTools	7.0.3.5	2010.06.04	Downloader.Generic
Prevx	3.0	2010.06.04	-
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	Troj/ClsLdr-AA
Sunbelt	6405	2010.06.04	-
Symantec	20101.1.0.89	2010.06.04	Downloader
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	-
VBA32	3.12.12.5	2010.06.04	-
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File size: 2933 bytes
MD5...: 2c00e9fbbe72676c8060b7b9120fc750
SHA1..: 190e5a9d820b08abe2a95450ad4df2fa6edf0de5
SHA256: 83f291048284eab6186440542ebb86133e485558dcf49823ad67ba4b0246fe76
ssdeep: 48:6pvKdOEgPDG4nXl3NR/DDvJvtQF4xR5/TXd/d6nRKpF/Lwj8dGR6bJcYhMBfR<br>v7c:YKXgPD7ldRvvJvekzZtdGMVcYhKv2rX<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Java Bytecode (60.0%)<br>Mac OS X Universal Binary executable (40.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Добавлено через 4 минуты

Файл mgdyfiqd.dll получен 2010.06.04 16:06:13 (UTC)

Код:

Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	-
AhnLab-V3	2010.06.04.02	2010.06.04	Malware/Win32.Generic
AntiVir	8.2.2.6	2010.06.04	-
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	Win32:Malware-gen
Avast5	5.0.332.0	2010.06.04	Win32:Malware-gen
AVG	9.0.0.787	2010.06.04	Pakes.FKP
BitDefender	7.2	2010.06.04	Trojan.Generic.4089896
CAT-QuickHeal	10.00	2010.06.04	-
ClamAV	0.96.0.3-git	2010.06.04	-
Comodo	4984	2010.06.04	UnclassifiedMalware
DrWeb	5.0.2.03300	2010.06.04	Trojan.Packed.20273
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	-
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	Trojan.Generic.4089896
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	Trojan.Generic.4089896
Ikarus	T3.1.1.84.0	2010.06.04	-
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	-
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	-
NOD32	5172	2010.06.04	a variant of Win32/Kryptik.ELC
Norman	6.04.12	2010.06.04	-
nProtect	2010-06-04.01	2010.06.04	Trojan.Generic.4089896
Panda	10.0.2.7	2010.06.04	Suspicious file
PCTools	7.0.3.5	2010.06.04	-
Prevx	3.0	2010.06.04	-
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	-
Sunbelt	6405	2010.06.04	-
Symantec	20101.1.0.89	2010.06.04	-
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	-
VBA32	3.12.12.5	2010.06.04	Trojan.MTA.0424
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File size: 40448 bytes
MD5...: 0f1341509dbf6c92b063a1853666e55c
SHA1..: 0c8a176b30b5d2d23bc4c9815acf884a400fbb7d
SHA256: 6d64c74469c4161120710fd2761a3db6e14b563e4c92c641b18a74796c71016d
ssdeep: 768:tTcwoB3xs9Mszzm75Rip/Vt4LX1ds6sfg0QN8ASr2:eB3xsxGviJ2UYZY2<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1550<br>timedatestamp.....: 0x304f3700 (Thu Sep 07 18:16:32 1995)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name        viradd    virsiz   rawdsiz  ntrpy  md5<br>.text       0x1000    0x29ea    0x2a00   7.24  ba3de342086e2761991c42a17822b857<br>.data       0x4000    0x3d48    0x3e00   7.27  1a37ac19bbfcd8f11d22fa0e3495c67d<br>.idata      0x8000     0x4bc     0x600   3.79  1224cf5c0daf575befd41b06bad51d29<br>.rsrc       0x9000    0x29d0    0x2a00   6.00  474b98ada983ceac7e5197ec8ed67369<br>.reloc      0xc000     0x142     0x200   4.71  7c0ff060fddc7eddd580624b4bfbc982<br><br>( 6 imports )  <br>&gt; KERNEL32.dll: Beep, GetProcessHeap, WaitForMultipleObjects, ConnectNamedPipe, LoadLibraryW, FileTimeToLocalFileTime, GetModuleHandleW, lstrcpyA, lstrcpyW, VirtualAlloc, GetShortPathNameW, CreateNamedPipeA, HeapCreate, lstrcmpi<br>&gt; USER32.dll: SetCursor, GetCursorPos, GetMenuStringW, MessageBoxA, DefWindowProcA, LoadCursorA, MessageBeep, DestroyCursor, wsprintfA, DeleteMenu, LoadImageW, SetWindowTextA, GetDesktopWindow, GetKeyboardLayout<br>&gt; GDI32.dll: GetBitmapBits, SetTextColor, CreateFontIndirectA, GetStockObject, SetBkColor<br>&gt; ADVAPI32.dll: RegEnumValueA, RegRestoreKeyA, RegEnumValueW<br>&gt; COMDLG32.dll: PrintDlgExA, ChooseFontW<br>&gt; SHELL32.dll: StrRChrIW<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win64 Executable Generic (79.3%)<br>Win32 Executable Generic (7.9%)<br>Win32 Dynamic Link Library (generic) (7.0%)<br>Win16/32 Executable Delphi generic (1.9%)<br>Generic Win/DOS Executable (1.8%)
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:<br>publisher....: Lqlpfm Iqxxwa Vyfps Dbxys<br>copyright....: Wshmgg Advjxcq Mwzipt Onurl<br>product......: Qsede Krxlxpq Suonur Kndrm<br>description..: Krgtgjl Hsqxvz<br>original name: n/a<br>internal name: n/a<br>file version.: 2.7.4.8<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

**Nexus** · 05.06.2010, 15:04

Рассылают Вконтакте, свеженький.

File photo-057.exe received on 2010.06.05 10:57:54 (UTC)

a-squared 5.0.0.26 2010.06.05 -
AhnLab-V3 2010.06.05.00 2010.06.04 -
AntiVir 8.2.2.6 2010.06.04 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.05 -
Avast 4.8.1351.0 2010.06.05 -
Avast5 5.0.332.0 2010.06.05 -
AVG 9.0.0.787 2010.06.05 -
BitDefender 7.2 2010.06.05 -
CAT-QuickHeal 10.00 2010.06.05 -
ClamAV 0.96.0.3-git 2010.06.05 -
Comodo 4994 2010.06.05 -
DrWeb 5.0.2.03300 2010.06.05 -
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.04 -
F-Secure 9.0.15370.0 2010.06.04 -
Fortinet 4.1.133.0 2010.06.05 -
GData 21 2010.06.05 -
Ikarus T3.1.1.84.0 2010.06.05 -
Jiangmin 13.0.900 2010.06.05 -
Kaspersky 7.0.0.125 2010.06.05 Trojan.Win32.Qhost.ngg
McAfee 5.400.0.1158 2010.06.05 -
McAfee-GW-Edition 2010.1 2010.06.05 -
Microsoft 1.5802 2010.06.05 -
NOD32 5173 2010.06.04 -
Norman 6.04.12 2010.06.05 -
nProtect 2010-06-05.01 2010.06.05 -
Panda 10.0.2.7 2010.06.05 Suspicious file
PCTools 7.0.3.5 2010.06.05 -
Prevx 3.0 2010.06.05 -
Rising 22.50.05.03 2010.06.05 -
Sophos 4.53.0 2010.06.05 -
Sunbelt 6409 2010.06.05 -
Symantec 20101.1.0.89 2010.06.05 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.05 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.05 -
VBA32 3.12.12.5 2010.06.04 -
ViRobot 2010.6.5.2339 2010.06.05 -

Additional information
File size: 823296 bytes
MD5 : 3cc0ff8334edd4a55b3ff2c1d873b92b

http://www.virustotal.com/analisis/6...591-1275735474

**valho** · 08.06.2010, 08:30

File vip_porno_44808.avi.exe received on 2010.06.08 04:20:49 (UTC)
Current status: Finished
Result: 15/41 (36.59%)

a-squared 5.0.0.26 2010.06.08 Trojan-Ransom.Win32.PornoBlocker!IK
AhnLab-V3 2010.06.08.00 2010.06.08 Trojan/Win32.PornoBlocker
AntiVir 8.2.2.6 2010.06.07 TR/Ransom.PornoBlocker.VR.1
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.08 -
Avast 4.8.1351.0 2010.06.07 -
Avast5 5.0.332.0 2010.06.07 -
AVG 9.0.0.787 2010.06.07 Generic18.CXR
BitDefender 7.2 2010.06.08 -
CAT-QuickHeal 10.00 2010.06.08 -
ClamAV 0.96.0.3-git 2010.06.08 -
Comodo 5022 2010.06.07 TrojWare.Win32.Magania.~AAF
DrWeb 5.0.2.03300 2010.06.08 Trojan.Winlock.1849
eSafe 7.0.17.0 2010.06.06 -
eTrust-Vet 36.1.7617 2010.06.07 -
F-Prot 4.6.0.103 2010.06.07 -
F-Secure 9.0.15370.0 2010.06.08 -
Fortinet 4.1.133.0 2010.06.06 -
GData 21 2010.06.08 -
Ikarus T3.1.1.84.0 2010.06.08 Trojan-Ransom.Win32.PornoBlocker
Jiangmin 13.0.900 2010.06.07 -
Kaspersky 7.0.0.125 2010.06.08 Trojan-Ransom.Win32.PornoBlocker.vr
McAfee 5.400.0.1158 2010.06.08 Suspect-1B!B8AF0ECE0AB4
McAfee-GW-Edition 2010.1 2010.06.07 Heuristic.BehavesLike.Win32.Trojan.H
Microsoft 1.5802 2010.06.08 -
NOD32 5180 2010.06.07 Win32/LockScreen.TV
Norman 6.04.12 2010.06.07 -
nProtect 2010-06-07.01 2010.06.07 -
Panda 10.0.2.7 2010.06.07 Suspicious file
PCTools 7.0.3.5 2010.06.08 -
Prevx 3.0 2010.06.08 High Risk Cloaked Malware
Rising 22.51.01.00 2010.06.08 -
Sophos 4.53.0 2010.06.08 Mal/Generic-L
Sunbelt 6417 2010.06.08 Backdoor.Win32.Hupigon (v)
Symantec 20101.1.0.89 2010.06.08 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.08 -
VBA32 3.12.12.5 2010.06.07 -
ViRobot 2010.6.8.2342 2010.06.08 -
VirusBuster 5.0.27.0 2010.06.07 -

Additional information
File size: 266240 bytes
MD5...: b8af0ece0ab4c7acd4c1a52caa6a1587
SHA1..: 8aa549a91fb953d55a4fbc6080aa9f62b5bd4606
SHA256: 698bf974c7aff83e113f0c299aa09fcd8883095b752de0a1d5 191eaa8762c374
ssdeep: 6144:gY903Ds7HbqCnm5KnpDNUUoaGtnlK1wkmOMawiSqW:gl3 Ds77qYm5G+nknm
O1lW
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x37df4
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

**Vadim_SVN** · 08.06.2010, 20:15

File mozilla.exe received on 2010.06.08 05:31:52 (UTC)
Current status: finished
Result: 6/41 (14.63%)

Код:

a-squared  5.0.0.26  2010.06.08  -
AhnLab-V3  2010.06.08.00  2010.06.08  -
AntiVir  8.2.2.6  2010.06.07  -
Antiy-AVL  2.0.3.7  2010.06.04  -
Authentium  5.2.0.5  2010.06.08  -
Avast  4.8.1351.0  2010.06.07  -
Avast5  5.0.332.0  2010.06.07  Win32:SuspBehav-C
AVG  9.0.0.787  2010.06.07  -
BitDefender  7.2  2010.06.08  -
CAT-QuickHeal  10.00  2010.06.08  (Suspicious) - DNAScan
ClamAV  0.96.0.3-git  2010.06.08  -
Comodo  5023  2010.06.08  -
DrWeb  5.0.2.03300  2010.06.08  Trojan.AdultBan.59
eSafe  7.0.17.0  2010.06.06  -
eTrust-Vet  36.1.7617  2010.06.07  -
F-Prot  4.6.0.103  2010.06.08  -
F-Secure  9.0.15370.0  2010.06.08  -
Fortinet  4.1.133.0  2010.06.06  -
GData  21  2010.06.08  -
Ikarus  T3.1.1.84.0  2010.06.08  -
Jiangmin  13.0.900  2010.06.07  -
Kaspersky  7.0.0.125  2010.06.08  Packed.Win32.Krap.gx
McAfee  5.400.0.1158  2010.06.08  -
McAfee-GW-Edition  2010.1  2010.06.07  -
Microsoft  1.5802  2010.06.08  -
NOD32  5180  2010.06.07  -
Norman  6.04.12  2010.06.07  -
nProtect  2010-06-07.01  2010.06.07  -
Panda  10.0.2.7  2010.06.07  -
PCTools  7.0.3.5  2010.06.08  -
Prevx  3.0  2010.06.08  -
Rising  22.51.01.03  2010.06.08  -
Sophos  4.53.0  2010.06.08  Sus/UnkPack-C
Sunbelt  6417  2010.06.08  -
Symantec  20101.1.0.89  2010.06.08  -
TheHacker  6.5.2.0.292  2010.06.04  -
TrendMicro  9.120.0.1004  2010.06.08  -
TrendMicro-HouseCall  9.120.0.1004  2010.06.08  -
VBA32  3.12.12.5  2010.06.07  Trojan.Win32.Waledac.42
ViRobot  2010.6.8.2342  2010.06.08  -
VirusBuster  5.0.27.0  2010.06.07  -

Additional information
File size: 389120 bytes
MD5 : 3873606fe0d593c2e85aaa011616069a

Код:

[HKEY_LOCAL_MACHINE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe, C:\\Program Files\\Common Files\\Mozilla\\mozilla.exe"

И еще вот такой ключик был:
[HKEY_LOCAL_MACHINE\Microsoft\Windows NT\CurrentVersion\winlogon ]
"shell"="Explorer.exe, C:\\Program Files\\Common Files\\Mozilla\\mozilla.exe"

http://www.virustotal.com/analisis/5...dc7-1275975112

Добавлено через 10 часов 30 минут

Еще порнобаннер (из той же серии, судя по всему)

File photoshop.exe received on 2010.06.08 16:05:06 (UTC)
Result: 9/41 (21.96%)

Код:

a-squared 5.0.0.26 2010.06.08 -
AhnLab-V3 2010.06.08.06 2010.06.08 -
AntiVir 8.2.2.6 2010.06.08 -
Antiy-AVL 2.0.3.7 2010.06.08 -
Authentium 5.2.0.5 2010.06.08 -
Avast 4.8.1351.0 2010.06.08 -
Avast5 5.0.332.0 2010.06.08 Win32:SuspBehav-C
AVG 9.0.0.787 2010.06.08 -
BitDefender 7.2 2010.06.08 -
CAT-QuickHeal 10.00 2010.06.08 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.06.08 -
Comodo 5029 2010.06.08 TrojWare.Win32.MalPack.~PKA1
DrWeb 5.0.2.03300 2010.06.08 Trojan.Packed.20343
eSafe 7.0.17.0 2010.06.06 -
eTrust-Vet 36.1.7618 2010.06.08 -
F-Prot 4.6.0.103 2010.06.08 -
F-Secure 9.0.15370.0 2010.06.08 -
Fortinet 4.1.133.0 2010.06.08 -
GData 21 2010.06.08 -
Ikarus T3.1.1.84.0 2010.06.08 -
Jiangmin 13.0.900 2010.06.08 -
Kaspersky 7.0.0.125 2010.06.08 Packed.Win32.Krap.gx
McAfee 5.400.0.1158 2010.06.08 -
McAfee-GW-Edition 2010.1 2010.06.08 Artemis!D0579AD09624
Microsoft 1.5802 2010.06.08 -
NOD32 5182 2010.06.08 -
Norman 6.04.12 2010.06.07 -
nProtect 2010-06-08.01 2010.06.08 -
Panda 10.0.2.7 2010.06.07 Suspicious file
PCTools 7.0.3.5 2010.06.08 -
Prevx 3.0 2010.06.08 -
Rising 22.51.01.04 2010.06.08 -
Sophos 4.53.0 2010.06.08 Sus/UnkPack-C
Sunbelt 6419 2010.06.08 -
Symantec 20101.1.0.89 2010.06.08 -
TheHacker 6.5.2.0.295 2010.06.08 -
TrendMicro 9.120.0.1004 2010.06.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.08 -
VBA32 3.12.12.5 2010.06.08 Malware-Cryptor.Win32.Limpopo
ViRobot 2010.6.8.2343 2010.06.08 -
VirusBuster 5.0.27.0 2010.06.08 -

Additional information
File size: 340480 bytes
MD5...: d0579ad09624a861589b5db71ddf5242

Болтался по пути:

Код:

C:\Program Files\Common files\Adobe Photoshop\

Анделитером нашел тамже батничек:

Код:

reg add "hkey_local_machine\software\microsoft\windows nt\currentversion\winlogon " /v shell /t reg_sz /d "Explorer.exe" /f
reg add "hkey_local_machine\software\microsoft\windows nt\currentversion\winlogon" /v shell /t reg_sz /d "Explorer.exe" /f
erase "C:\PROGRAM FILES\COMMON FILES\ADOBE PHOTOSHOP\trr.bat"

http://www.virustotal.com/analisis/0...6e1-1276013106

**DefesT** · 11.06.2010, 00:58

File foto15.scr received on 2010.06.10 20:52:15 (UTC)
Result: 3/41 (7.32%)

Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.06.10 -
AhnLab-V3 2010.06.10.02 2010.06.10 -
AntiVir 8.2.2.6 2010.06.10 -
Antiy-AVL 2.0.3.7 2010.06.08 -
Authentium 5.2.0.5 2010.06.10 -
Avast 4.8.1351.0 2010.06.10 -
Avast5 5.0.332.0 2010.06.10 -
AVG 9.0.0.787 2010.06.10 Cryptic.ACV
BitDefender 7.2 2010.06.10 -
CAT-QuickHeal 10.00 2010.06.10 -
ClamAV 0.96.0.3-git 2010.06.10 -
Comodo 5054 2010.06.10 -
DrWeb 5.0.2.03300 2010.06.10 Trojan.MulDrop.54863
eSafe 7.0.17.0 2010.06.10 -
eTrust-Vet 36.1.7625 2010.06.10 -
F-Prot 4.6.0.103 2010.06.09 -
F-Secure 9.0.15370.0 2010.06.10 -
Fortinet 4.1.133.0 2010.06.10 -
GData 21 2010.06.10 -
Ikarus T3.1.1.84.0 2010.06.10 -
Jiangmin 13.0.900 2010.06.10 -
Kaspersky 7.0.0.125 2010.06.10 -
McAfee 5.400.0.1158 2010.06.10 -
McAfee-GW-Edition 2010.1 2010.06.10 -
Microsoft 1.5802 2010.06.10 -
NOD32 5188 2010.06.10 -
Norman 6.04.12 2010.06.10 -
nProtect 2010-06-10.01 2010.06.10 -
Panda 10.0.2.7 2010.06.10 -
PCTools 7.0.3.5 2010.06.10 -
Prevx 3.0 2010.06.10 -
Rising 22.51.03.05 2010.06.10 -
Sophos 4.54.0 2010.06.10 Mal/FakeAV-DS
Sunbelt 6431 2010.06.10 -
Symantec 20101.1.0.89 2010.06.10 -
TheHacker 6.5.2.0.296 2010.06.10 -
TrendMicro 9.120.0.1004 2010.06.10 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.10 -
VBA32 3.12.12.5 2010.06.10 -
ViRobot 2010.6.10.3879 2010.06.10 -
VirusBuster 5.0.27.0 2010.06.10 -

Additional information
File size: 93264 bytes
MD5...: 726cf1ea7100954f3051587d9f2fce83
SHA1..: 0d37efa0e1ce3068c5b0580f115a98a17baf944b
SHA256: c8d883377c71bfd3aef60ebd67da85ba6469fd62c8ea2effae d995e0e4004bca
http://www.virustotal.com/analisis/c...bca-1276203135

**ALEX(XX)** · 11.06.2010, 10:05

Улов
Файл avz00001.dta получен 2010.06.11 05:58:07 (UTC)

Код:

Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.11	Backdoor.WinNT.Rustock!IK
AhnLab-V3	2010.06.11.00	2010.06.11	-
AntiVir	8.2.2.6	2010.06.10	TR/Crypt.ZPACK.Gen
Antiy-AVL	2.0.3.7	2010.06.11	-
Authentium	5.2.0.5	2010.06.11	-
Avast	4.8.1351.0	2010.06.10	-
Avast5	5.0.332.0	2010.06.10	-
AVG	9.0.0.787	2010.06.10	-
BitDefender	7.2	2010.06.11	-
CAT-QuickHeal	10.00	2010.06.11	-
ClamAV	0.96.0.3-git	2010.06.11	-
Comodo	5059	2010.06.11	-
DrWeb	5.0.2.03300	2010.06.11	-
eSafe	7.0.17.0	2010.06.10	-
eTrust-Vet	36.1.7627	2010.06.10	-
F-Prot	4.6.0.103	2010.06.11	-
F-Secure	9.0.15370.0	2010.06.11	-
Fortinet	4.1.133.0	2010.06.10	-
GData	21	2010.06.11	-
Ikarus	T3.1.1.84.0	2010.06.11	Backdoor.WinNT.Rustock
Jiangmin	13.0.900	2010.06.10	-
Kaspersky	7.0.0.125	2010.06.11	-
McAfee	5.400.0.1158	2010.06.11	-
McAfee-GW-Edition	2010.1	2010.06.10	Artemis!25802B50EC45
Microsoft	1.5802	2010.06.10	Backdoor:WinNT/Rustock.gen!B
NOD32	5188	2010.06.10	-
Norman	6.04.12	2010.06.10	-
nProtect	2010-06-10.01	2010.06.10	-
Panda	10.0.2.7	2010.06.10	-
PCTools	7.0.3.5	2010.06.11	-
Prevx	3.0	2010.06.11	-
Rising	22.51.04.01	2010.06.11	Trojan.Win32.Generic.52085284
Sophos	4.54.0	2010.06.11	Sus/UnkPack-C
Sunbelt	6433	2010.06.11	-
Symantec	20101.1.0.89	2010.06.11	-
TheHacker	6.5.2.0.297	2010.06.11	-
TrendMicro	9.120.0.1004	2010.06.11	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.11	-
VBA32	3.12.12.5	2010.06.10	OScope.Rootkit.Samidi
ViRobot	2010.6.10.3879	2010.06.10	-
VirusBuster	5.0.27.0	2010.06.10	-

Дополнительная информация
File size: 82304 bytes
MD5...: 25802b50ec45a8b7dbda384b3c21220f
SHA1..: 0bc52bb7b7b279afa3bea946b5108c86d7bfe1a9
SHA256: cb81a5fb08814b938f11f897b9a4346cf8c463b83785525aea5b58f2abc40204
ssdeep: 1536:JKO6e3zCMokd7ZFHEy5qCAMASaF25n+stFfbqsqaCftMBuCMzq5fHY6sLh3<BR>2Yu:JKOdGMb5MD2TvfesqdftMBLM2fHAR2Y<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x13050<BR>timedatestamp.....: 0x4c0ec28a (Tue Jun 08 22:22:02 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 6 sections )<BR>name        viradd    virsiz   rawdsiz  ntrpy  md5<BR>.text        0x300   0x13122   0x13180   7.36  bbdbea9fc85e936dd66fe6c7ba305f34<BR>.rdata     0x13480     0x459     0x480   5.28  76a40bd3d0b421094f95df52e5034b20<BR>.data      0x13900       0xe      0x80   0.00  f09f35a5637839458e462e6350ecbce4<BR>INIT       0x13980     0x188     0x200   4.10  d049f827186dfd9b204f6e0f9ac5683e<BR>.rsrc      0x13b80     0x328     0x380   3.14  aab3efebe20ecb4816a13f85cc37592a<BR>.reloc     0x13f00     0x280     0x280   4.32  307a90365c3fbbea837a3afebc2f6c06<BR><BR>( 2 imports )  <BR>&gt; HAL.dll: KeQueryPerformanceCounter<BR>&gt; ntoskrnl.exe: KeTickCount, KeInitializeEvent, KeGetCurrentThread, IoGetCurrentProcess, PsGetCurrentProcessId, memcpy, memset, PsGetVersion, KeInitializeMutex, MmQuerySystemSize, KeInitializeTimer, KeInitializeSpinLock<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
trid..: Win32 Executable Generic (68.0%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
pdfid.: -
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>

Файл avz00002.dta получен 2010.06.11 05:58:10 (UTC)

Код:

Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.11	Backdoor.WinNT.Rustock!IK
AhnLab-V3	2010.06.11.00	2010.06.11	-
AntiVir	8.2.2.6	2010.06.10	TR/Crypt.ZPACK.Gen
Antiy-AVL	2.0.3.7	2010.06.11	-
Authentium	5.2.0.5	2010.06.11	-
Avast	4.8.1351.0	2010.06.10	-
Avast5	5.0.332.0	2010.06.10	-
AVG	9.0.0.787	2010.06.10	-
BitDefender	7.2	2010.06.11	-
CAT-QuickHeal	10.00	2010.06.11	-
ClamAV	0.96.0.3-git	2010.06.11	-
Comodo	5059	2010.06.11	-
DrWeb	5.0.2.03300	2010.06.11	-
eSafe	7.0.17.0	2010.06.10	-
eTrust-Vet	36.1.7627	2010.06.10	-
F-Prot	4.6.0.103	2010.06.11	-
F-Secure	9.0.15370.0	2010.06.11	-
Fortinet	4.1.133.0	2010.06.10	-
GData	21	2010.06.11	-
Ikarus	T3.1.1.84.0	2010.06.11	Backdoor.WinNT.Rustock
Jiangmin	13.0.900	2010.06.10	-
Kaspersky	7.0.0.125	2010.06.11	-
McAfee	5.400.0.1158	2010.06.11	-
McAfee-GW-Edition	2010.1	2010.06.10	Artemis!25802B50EC45
Microsoft	1.5802	2010.06.10	Backdoor:WinNT/Rustock.gen!B
NOD32	5188	2010.06.10	-
Norman	6.04.12	2010.06.10	-
nProtect	2010-06-10.01	2010.06.10	-
Panda	10.0.2.7	2010.06.10	-
PCTools	7.0.3.5	2010.06.11	-
Rising	22.51.04.01	2010.06.11	Trojan.Win32.Generic.52085284
Sophos	4.54.0	2010.06.11	Sus/UnkPack-C
Sunbelt	6433	2010.06.11	-
Symantec	20101.1.0.89	2010.06.11	-
TheHacker	6.5.2.0.297	2010.06.11	-
TrendMicro	9.120.0.1004	2010.06.11	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.11	-
VBA32	3.12.12.5	2010.06.10	OScope.Rootkit.Samidi
ViRobot	2010.6.10.3879	2010.06.10	-
VirusBuster	5.0.27.0	2010.06.10	-

Дополнительная информация
File size: 82304 bytes
MD5...: 25802b50ec45a8b7dbda384b3c21220f
SHA1..: 0bc52bb7b7b279afa3bea946b5108c86d7bfe1a9
SHA256: cb81a5fb08814b938f11f897b9a4346cf8c463b83785525aea5b58f2abc40204
ssdeep: 1536:JKO6e3zCMokd7ZFHEy5qCAMASaF25n+stFfbqsqaCftMBuCMzq5fHY6sLh3<BR>2Yu:JKOdGMb5MD2TvfesqdftMBLM2fHAR2Y<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x13050<BR>timedatestamp.....: 0x4c0ec28a (Tue Jun 08 22:22:02 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 6 sections )<BR>name        viradd    virsiz   rawdsiz  ntrpy  md5<BR>.text        0x300   0x13122   0x13180   7.36  bbdbea9fc85e936dd66fe6c7ba305f34<BR>.rdata     0x13480     0x459     0x480   5.28  76a40bd3d0b421094f95df52e5034b20<BR>.data      0x13900       0xe      0x80   0.00  f09f35a5637839458e462e6350ecbce4<BR>INIT       0x13980     0x188     0x200   4.10  d049f827186dfd9b204f6e0f9ac5683e<BR>.rsrc      0x13b80     0x328     0x380   3.14  aab3efebe20ecb4816a13f85cc37592a<BR>.reloc     0x13f00     0x280     0x280   4.32  307a90365c3fbbea837a3afebc2f6c06<BR><BR>( 2 imports )  <BR>&gt; HAL.dll: KeQueryPerformanceCounter<BR>&gt; ntoskrnl.exe: KeTickCount, KeInitializeEvent, KeGetCurrentThread, IoGetCurrentProcess, PsGetCurrentProcessId, memcpy, memset, PsGetVersion, KeInitializeMutex, MmQuerySystemSize, KeInitializeTimer, KeInitializeSpinLock<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
trid..: Win32 Executable Generic (68.0%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
pdfid.: -
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99

Эта зараза меня !@$%@#^ уже. Приводит к тому, что lsass грузит проц в дрова, тачка тупо не грузится дальше приветствия. Только в безопаске и БЕЗ СЕТИ!
4-я машина такая приходит. Зараза отлично работает, пока не прибиваешь его спутников. Приносят машину, всё ок. Прогоняешь куритом, тулом или АВЗ, прибиваешь явно видное, а после этого "солнышко". Машина в дровах

**DefesT** · 12.06.2010, 00:21

File Mail.Exe received on 2010.06.11 20:06:49 (UTC)
Result: 26/41 (63.42%)

Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.06.11 Trojan-PWS.MSIL!IK
AhnLab-V3 2010.06.11.00 2010.06.11 -
AntiVir 8.2.2.6 2010.06.11 TR/Dropper.Gen
Antiy-AVL 2.0.3.7 2010.06.11 Trojan/MSIL.Dybalom.gen
Authentium 5.2.0.5 2010.06.11 -
Avast 4.8.1351.0 2010.06.11 Win32:Trojan-gen
Avast5 5.0.332.0 2010.06.11 Win32:Trojan-gen
AVG 9.0.0.787 2010.06.11 BackDoor.Generic12.BFSN
BitDefender 7.2 2010.06.11 Backdoor.Generic.319280
CAT-QuickHeal 10.00 2010.06.11 TrojanPSW.MSIL.Dybalom.ji
ClamAV 0.96.0.3-git 2010.06.11 Trojan.Spy-73879
Comodo 5059 2010.06.11 -
DrWeb 5.0.2.03300 2010.06.11 -
eSafe 7.0.17.0 2010.06.10 -
eTrust-Vet 36.1.7629 2010.06.11 -
F-Prot 4.6.0.103 2010.06.11 -
F-Secure 9.0.15370.0 2010.06.11 Backdoor.Generic.319280
Fortinet 4.1.133.0 2010.06.11 -
GData 21 2010.06.11 Backdoor.Generic.319280
Ikarus T3.1.1.84.0 2010.06.11 Trojan-PWS.MSIL
Jiangmin 13.0.900 2010.06.11 Trojan/PSW.MSIL.jb
Kaspersky 7.0.0.125 2010.06.11 -
McAfee 5.400.0.1158 2010.06.11 Generic MSIL.c
McAfee-GW-Edition 2010.1 2010.06.11 Generic MSIL.c
Microsoft 1.5802 2010.06.11 -
NOD32 5191 2010.06.11 a variant of MSIL/Injector.F
Norman 6.04.12 2010.06.11 W32/Obfuscated.N3!genr
nProtect 2010-06-11.01 2010.06.11 Backdoor.Generic.319280
Panda 10.0.2.7 2010.06.11 Suspicious file
PCTools 7.0.3.5 2010.06.11 Trojan-PSW.Generic
Prevx 3.0 2010.06.11 High Risk Cloaked Malware
Rising 22.51.04.04 2010.06.11 -
Sophos 4.54.0 2010.06.11 Mal/Exwamp-B
Sunbelt 6436 2010.06.11 -
Symantec 20101.1.0.89 2010.06.11 Infostealer
TheHacker 6.5.2.0.297 2010.06.11 Trojan/MSIL.Dybalom.ix
TrendMicro 9.120.0.1004 2010.06.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.11 -
VBA32 3.12.12.5 2010.06.11 Trojan-PSW.MSIL.Dybalom.ji
ViRobot 2010.6.11.3881 2010.06.11 -
VirusBuster 5.0.27.0 2010.06.11 Trojan.PWS.MSIL.LH

Additional information
File size: 144817 bytes
MD5...: 8baaf0ad46497979cebc7ff48f46c619
SHA1..: 17f6e923f659bfeed35b106fc45ab2da63aaf608
SHA256: f5609e08c229dc2b8d84b11367f38dba160150bc23c9bf4a67 028ea5b24f2d59
http://www.virustotal.com/analisis/f...d59-1276286809

File data.exe received on 2010.06.11 20:14:02 (UTC)
Result: 13/40 (32.5%)

Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.06.11 Trojan-Downloader.Win32.Uloadis!IK
AhnLab-V3 2010.06.11.00 2010.06.11 -
AntiVir 8.2.2.6 2010.06.11 HEUR/Crypted
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.11 -
Avast 4.8.1351.0 2010.06.11 -
Avast5 5.0.332.0 2010.06.11 -
AVG 9.0.0.787 2010.06.11 -
BitDefender 7.2 2010.06.11 -
CAT-QuickHeal 10.00 2010.06.11 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.06.11 -
Comodo 5059 2010.06.11 Heur.Packed.Unknown
DrWeb 5.0.2.03300 2010.06.11 Trojan.PWS.Webmonier.295
eSafe 7.0.17.0 2010.06.10 -
eTrust-Vet 36.1.7629 2010.06.11 -
F-Prot 4.6.0.103 2010.06.11 -
F-Secure 9.0.15370.0 2010.06.11 -
Fortinet 4.1.133.0 2010.06.11 -
GData 21 2010.06.11 -
Ikarus T3.1.1.84.0 2010.06.11 Trojan-Downloader.Win32.Uloadis
Jiangmin 13.0.900 2010.06.11 TrojanSpy.Webmoner.ub
Kaspersky 7.0.0.125 2010.06.11 -
McAfee 5.400.0.1158 2010.06.11 -
McAfee-GW-Edition 2010.1 2010.06.11 Artemis!9C65DAA0A7E3
Microsoft 1.5802 2010.06.11 PWS:Win32/Dipwit.B
NOD32 5191 2010.06.11 -
Norman 6.04.12 2010.06.11 -
nProtect 2010-06-11.01 2010.06.11 -
Panda 10.0.2.7 2010.06.11 -
PCTools 7.0.3.5 2010.06.11 -
Rising 22.51.04.04 2010.06.11 -
Sophos 4.54.0 2010.06.11 Sus/Behav-1018
Sunbelt 6436 2010.06.11 -
Symantec 20101.1.0.89 2010.06.11 -
TheHacker 6.5.2.0.297 2010.06.11 -
TrendMicro 9.120.0.1004 2010.06.11 Cryp_Xin2
TrendMicro-HouseCall 9.120.0.1004 2010.06.11 Cryp_Xin2
VBA32 3.12.12.5 2010.06.11 suspected of Embedded.Trojan-Spy.Win32.Wemon.lv
ViRobot 2010.6.11.3881 2010.06.11 -
VirusBuster 5.0.27.0 2010.06.11 -

Additional information
File size: 36864 bytes
MD5...: 9c65daa0a7e3f8c16bfa935f920178d3
SHA1..: b9e849780ab211f52a5744b9f04172880b332581
SHA256: 22e0375e9b3588d18966c6a6fe2e6a35da089f3cd834c569d9 1ccc8fb5d388d9
http://www.virustotal.com/analisis/2...8d9-1276287242

**VV2006** · 13.06.2010, 10:56

Эротический баннер, достаточно глянуть в Far'e Version Info

Файл WIMAMP.EXE получен 2010.06.13 06:34:04 (UTC)
Текущий статус: закончено
Результат: 9/41 (21.96%)

Антивирус Версия Обновление Результат
a-squared 5.0.0.26 2010.06.13 Trojan.Win32.Carmapic!IK
AhnLab-V3 2010.06.13.00 2010.06.12 -
AntiVir 8.2.2.6 2010.06.11 -
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.12 -
Avast 4.8.1351.0 2010.06.13 -
Avast5 5.0.332.0 2010.06.13 -
AVG 9.0.0.787 2010.06.12 Cryptic.AED
BitDefender 7.2 2010.06.13 -
CAT-QuickHeal 10.00 2010.06.12 -
ClamAV 0.96.0.3-git 2010.06.13 -
Comodo 5083 2010.06.13 -
DrWeb 5.0.2.03300 2010.06.13 Trojan.AdultBan.79
eSafe 7.0.17.0 2010.06.10 -
eTrust-Vet 36.1.7629 2010.06.11 -
F-Prot 4.6.0.103 2010.06.12 -
F-Secure 9.0.15370.0 2010.06.12 -
Fortinet 4.1.133.0 2010.06.12 -
GData 21 2010.06.13 -
Ikarus T3.1.1.84.0 2010.06.13 Trojan.Win32.Carmapic
Jiangmin 13.0.900 2010.06.12 -
Kaspersky 7.0.0.125 2010.06.13 Trojan-Ransom.Win32.PinkBlocker.bpk
McAfee 5.400.0.1158 2010.06.13 -
McAfee-GW-Edition 2010.1 2010.06.12 Artemis!BCDC4A1F137B
Microsoft 1.5802 2010.06.13 Trojan:Win32/Carmapic.C
NOD32 5192 2010.06.12 -
Norman 6.04.12 None.. -
nProtect 2010-06-12.01 2010.06.12 -
Panda 10.0.2.7 2010.06.12 -
PCTools 7.0.3.5 2010.06.13 -
Prevx 3.0 2010.06.13 -
Rising 22.51.06.01 2010.06.13 -
Sophos 4.54.0 2010.06.13 Sus/UnkPack-C
Sunbelt 6442 2010.06.13 -
Symantec 20101.1.0.89 2010.06.13 -
TheHacker 6.5.2.0.298 2010.06.12 -
TrendMicro 9.120.0.1004 2010.06.12 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.13 -
VBA32 3.12.12.5 2010.06.11 Malware-Cryptor.Win32.Limpopo
ViRobot 2010.6.12.3882 2010.06.12 -
VirusBuster 5.0.27.0 2010.06.12 -

Дополнительная информация
File size: 393728 bytes
MD5...: bcdc4a1f137bfd229439ddd9c32904bf
SHA1..: 609c259fa7a150f7c2252dda76bd31befc8737ce
SHA256: 75e8c76a06c47241ce02c5e72ef59efc436884227c915c7126 5653a3c2b6f5eb
ssdeep: 12288:Vge8nYTOjaGmPfSxHHZmyeYzFAOhHNsW1:Ke8nxjIPfu UyT2c1
PEiD..: -

**amcenter** · 13.06.2010, 22:06

Файл install_flash_player.exe получен 2010.06.13 17:53:05 (UTC)
Текущий статус: закончено
Результат: 7/41 (17.08%)

Антивирус Версия Обновление Результат
a-squared 5.0.0.26 2010.06.13 Trojan.Win32.Ransom!IK
AhnLab-V3 2010.06.13.00 2010.06.12 -
AntiVir 8.2.2.6 2010.06.11 TR/Crypt.XDR.Gen
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.13 -
Avast 4.8.1351.0 2010.06.13 -
Avast5 5.0.332.0 2010.06.13 -
AVG 9.0.0.787 2010.06.13 -
BitDefender 7.2 2010.06.13 -
CAT-QuickHeal 10.00 2010.06.12 -
ClamAV 0.96.0.3-git 2010.06.13 Trojan.Aavirus-1
Comodo 5088 2010.06.13 Heur.Packed.Unknown
DrWeb 5.0.2.03300 2010.06.13 -
eSafe 7.0.17.0 2010.06.13 -
eTrust-Vet 36.1.7629 2010.06.11 -
F-Prot 4.6.0.103 2010.06.13 -
F-Secure 9.0.15370.0 2010.06.13 Suspicious:W32/Malware!Gemini
Fortinet 4.1.133.0 2010.06.13 -
GData 21 2010.06.13 -
Ikarus T3.1.1.84.0 2010.06.13 Trojan.Win32.Ransom
Jiangmin 13.0.900 2010.06.13 -
Kaspersky 7.0.0.125 2010.06.13 -
McAfee 5.400.0.1158 2010.06.13 -
McAfee-GW-Edition 2010.1 2010.06.12 -
Microsoft 1.5802 2010.06.13 -
NOD32 5193 2010.06.13 -
Norman 6.04.12 2010.06.13 -
nProtect 2010-06-12.01 2010.06.12 -
Panda 10.0.2.7 2010.06.13 -
PCTools 7.0.3.5 2010.06.13 -
Prevx 3.0 2010.06.13 Medium Risk Malware
Rising 22.51.06.01 2010.06.13 -
Sophos 4.54.0 2010.06.13 -
Sunbelt 6444 2010.06.13 -
Symantec 20101.1.0.89 2010.06.13 -
TheHacker 6.5.2.0.298 2010.06.12 -
TrendMicro 9.120.0.1004 2010.06.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.13 -
VBA32 3.12.12.5 2010.06.11 -
ViRobot 2010.6.12.3882 2010.06.13 -
VirusBuster 5.0.27.0 2010.06.13 -

File size: 169984 bytes
MD5...: 21fdc7fcfd7f3fc3e3f123c31a046f70
SHA1..: 1f3fa67d0a2b8dc20be7a3b6b6a36af7bdbfbd3c
SHA256: 498196c0456d4c4aa5b4c1f656598e7feb73edb3cf364e02cb 115daa1f535746
ssdeep: 3072:9OJU329k02butF7Soq2R8evKAQHJ804LJhTSeO1RsL+ka ksC:9OJUGkut9l
x8eKHq04PTSeWg+kl

http://www.virustotal.com/ru/analisi...746-1276451585

**Dandy** · 16.06.2010, 11:20

Файл vip_porno_78982_1_.avi.exe получен 2010.06.16 07:14:48 (UTC)

Результат: 7/41 (17.08%)

Антивирус Версия Обновление Результат
a-squared 5.0.0.26 2010.06.16 Trojan.Win32.Ransom!IK
AhnLab-V3 2010.06.16.00 2010.06.16 -
AntiVir 8.2.2.6 2010.06.15 -
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.16 -
Avast 4.8.1351.0 2010.06.15 -
Avast5 5.0.332.0 2010.06.15 -
AVG 9.0.0.787 2010.06.15 -
BitDefender 7.2 2010.06.16 -
CAT-QuickHeal 10.00 2010.06.16 -
ClamAV 0.96.0.3-git 2010.06.16 -
Comodo 5117 2010.06.16 -
DrWeb 5.0.2.03300 2010.06.16 -
eSafe 7.0.17.0 2010.06.15 -
eTrust-Vet 36.1.7636 2010.06.15 -
F-Prot 4.6.0.103 2010.06.15 -
F-Secure 9.0.15370.0 2010.06.16 -
Fortinet 4.1.133.0 2010.06.15 -
GData 21 2010.06.16 -
Ikarus T3.1.1.84.0 2010.06.16 Trojan.Win32.Ransom
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.16 -
McAfee 5.400.0.1158 2010.06.16 Suspect-1B!BB5D5E19370B
McAfee-GW-Edition 2010.1 2010.06.15 -
Microsoft 1.5802 2010.06.16 Trojan:Win32/Ransom.AQ
NOD32 5199 2010.06.15 a variant of Win32/LockScreen.TZ
Norman 6.04.12 2010.06.15 -
nProtect 2010-06-15.02 2010.06.15 -
Panda 10.0.2.7 2010.06.15 Trj/SMSlock.B
PCTools 7.0.3.5 2010.06.16 -
Prevx 3.0 2010.06.16 -
Rising 22.51.06.01 2010.06.13 -
Sophos 4.54.0 2010.06.16 -
Sunbelt 6453 2010.06.16 Backdoor.Win32.Hupigon (v)
Symantec 20101.1.0.89 2010.06.16 -
TheHacker 6.5.2.0.299 2010.06.15 -
TrendMicro 9.120.0.1004 2010.06.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.16 -
VBA32 3.12.12.5 2010.06.15 -
ViRobot 2010.6.14.3884 2010.06.16 -
VirusBuster 5.0.27.0 2010.06.15 -
Дополнительная информация
File size: 119296 bytes
MD5...: bb5d5e19370b00a7c8b9a65c5c8eaec5
SHA1..: 14b82dec4d1d9f688b97d73aa8353c13300ca4fa
SHA256: b911931bc1e2d930b28ca7c3bddb93a496177c59f4c61150b5 b7f253380c0d9c
ssdeep: 3072:natMJia4YT2boCUUArhqA2pNMs1bTcriuPCy:nU6ejoTb qA2pCs10iuP
PEiD..: -

**kvalera** · 16.06.2010, 18:35

http://oko-kino.ru/load/brazilija_se...010/7-1-0-2525
Решил скачать с сайта футбол бразилия-кндр. В папке
Temporary Internet Files образовался этот гад. Кстати, антивирус Ikarus по обнаружению новых вирусов сейчас впереди планеты всей. Вот последний тест: http://www.virusbtn.com/vb100/rap-index.xml

Файл: HTML Document 7-1-0-2525

Результат: 2/ 43 (4.7%)

Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.06.16 Virus.JS.Decdec!IK
AhnLab-V3 2010.06.16.07 2010.06.16 -
AntiVir 8.2.2.6 2010.06.16 -
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.16 -
Avast 4.8.1351.0 2010.06.16 -
Avast5 5.0.332.0 2010.06.16 -
AVG 9.0.0.787 2010.06.16 -
BitDefender 7.2 2010.06.16 -
CAT-QuickHeal 10.00 2010.06.16 -
ClamAV 0.96.0.3-git 2010.06.16 -
Comodo 5120 2010.06.16 -
DrWeb 5.0.2.03300 2010.06.16 -
eSafe 7.0.17.0 2010.06.16 -
eTrust-Vet 36.1.7638 2010.06.16 -
F-Prot 4.6.0.103 2010.06.16 -
F-Secure 9.0.15370.0 2010.06.16 -
Fortinet 4.1.133.0 2010.06.16 -
GData 21 2010.06.16 -
Ikarus T3.1.1.84.0 2010.06.16 Virus.JS.Decdec
Jiangmin 13.0.900 2010.06.15 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.06.16 -
McAfee 5.400.0.1158 2010.06.16 -
McAfee+Artemis 5937 2010.03.31 -
McAfee-GW-Edition 2010.1 2010.06.16 -
Microsoft 1.5802 2010.06.16 -
NOD32 5201 2010.06.16 -
Norman 6.04.12 2010.06.15 -
nProtect 2010-06-16.01 2010.06.16 -
Panda 10.0.2.7 2010.06.16 -
PCTools 7.0.3.5 2010.06.16 -
Prevx 3.0 2010.06.16 -
Rising 22.51.06.01 2010.06.13 -
Sophos 4.54.0 2010.06.16 -
Sunbelt 6454 2010.06.16 -
Symantec 20101.1.0.89 2010.06.16 -
TheHacker 6.5.2.0.299 2010.06.15 -
TrendMicro 9.120.0.1004 2010.06.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.16 -
VBA32 3.12.12.5 2010.06.16 -
ViRobot 2010.6.14.3884 2010.06.16 -
VirusBuster 5.0.27.0 2010.06.16 -

Исследование антивирусов 7

Опции темы

Похожие темы

Исследование антивирусов 6

Исследование антивирусов 5

Исследование антивирусов 4

Исследование антивирусов 3

Исследование антивирусов 2

Метки для этой темы

Ваши права в разделе