Исследование антивирусов 4

**Shu_b** · 28.08.2006, 16:04

Из раздела помощи:

Complete scanning result of "smss.exe", received in VirusTotal at 08.28.2006, 13:48:39 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.28.2006 HEUR/Trojan.Downloader
Authentium 4.93.8 08.25.2006 W32/Methodbod.gen
Avast 4.7.844.0 08.24.2006 no virus found
AVG 386 08.25.2006 no virus found
BitDefender 7.2 08.28.2006 Backdoor.MedBot.T
CAT-QuickHeal 8.00 08.26.2006 TrojanProxy.Horst.av
ClamAV devel-20060426 08.28.2006 no virus found
DrWeb 4.33 08.28.2006 Trojan.Popuper
eTrust-InoculateIT 23.72.108 08.27.2006 no virus found
eTrust-Vet 30.3.3045 08.28.2006 no virus found
Ewido 4.0 08.25.2006 no virus found
Fortinet 2.77.0.0 08.28.2006 W32/Horst.AV!tr
F-Prot 3.16f 08.25.2006 W32/Methodbod.gen
F-Prot4 4.2.1.29 08.26.2006 W32/Methodbod.gen
Ikarus 0.2.65.0 08.25.2006 no virus found
Kaspersky 4.0.2.24 08.28.2006 Trojan-Proxy.Win32.Horst.av
McAfee 4838 08.25.2006 no virus found
Microsoft 1.1560 08.27.2006 no virus found
NOD32v2 1.1728 08.28.2006 a variant of Win32/Medbot.BJ
Norman 5.90.23 08.28.2006 no virus found
Panda 9.0.0.4 08.27.2006 Suspicious file
Sophos 4.08.0 08.28.2006 no virus found
Symantec 8.0 08.28.2006 no virus found
TheHacker 5.9.8.201 08.28.2006 no virus found
UNA 1.83 08.28.2006 TrojanProxy.Win32.Horst.5AAE
VBA32 3.11.1 08.27.2006 no virus found
VirusBuster 4.3.7:9 08.27.2006 no virus found

Aditional Information
File size: 48640 bytes
MD5: 719b41f6e0d5b714db3c798b7c856c09
SHA1: 40ee797f1c81c0ff214c8ac8b21fd29d47751590
packers: UPX
packers: UPX

Complete scanning result of "nvsvcd.exe", received in VirusTotal at 08.28.2006, 13:48:34 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.28.2006 no virus found
Authentium 4.93.8 08.25.2006 no virus found
Avast 4.7.844.0 08.24.2006 no virus found
AVG 386 08.25.2006 no virus found
BitDefender 7.2 08.28.2006 Backdoor.MedBot.T
CAT-QuickHeal 8.00 08.26.2006 TrojanProxy.Horst.av
ClamAV devel-20060426 08.28.2006 no virus found
DrWeb 4.33 08.28.2006 Trojan.Spambot
eTrust-InoculateIT 23.72.108 08.27.2006 no virus found
eTrust-Vet 30.3.3045 08.28.2006 no virus found
Ewido 4.0 08.25.2006 no virus found
Fortinet 2.77.0.0 08.28.2006 no virus found
F-Prot 3.16f 08.25.2006 no virus found
F-Prot4 4.2.1.29 08.26.2006 no virus found
Ikarus 0.2.65.0 08.25.2006 no virus found
Kaspersky 4.0.2.24 08.28.2006 Trojan-Proxy.Win32.Horst.av
McAfee 4838 08.25.2006 no virus found
Microsoft 1.1560 08.27.2006 no virus found
NOD32v2 1.1728 08.28.2006 no virus found
Norman 5.90.23 08.28.2006 no virus found
Panda 9.0.0.4 08.27.2006 no virus found
Sophos 4.08.0 08.28.2006 no virus found
Symantec 8.0 08.28.2006 no virus found
TheHacker 5.9.8.201 08.28.2006 no virus found
UNA 1.83 08.28.2006 no virus found
VBA32 3.11.1 08.27.2006 no virus found
VirusBuster 4.3.7:9 08.27.2006 no virus found

Aditional Information
File size: 49152 bytes
MD5: 3dcf9028747a2366c6589a4dabf2e061
SHA1: 1b98315d2ebb4e680ce155b302cc725df97d2a13

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**MedvedD** · 29.08.2006, 11:50

На ноутбуке обнаружил

Complete scanning result of "DMSKSSRh.sys", received in VirusTotal at 08.29.2006, 09:06:29 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.29.2006 no virus found
Authentium 4.93.8 08.29.2006 is a security risk or a "backdoor" program
Avast 4.7.844.0 08.28.2006 no virus found
AVG 386 08.29.2006 no virus found
BitDefender 7.2 08.29.2006 no virus found
CAT-QuickHeal 8.00 08.26.2006 no virus found
ClamAV devel-20060426 08.29.2006 no virus found
DrWeb 4.33 08.29.2006 Trojan.NtRootKit.138
eTrust-InoculateIT 23.72.109 08.29.2006 no virus found
eTrust-Vet 30.3.3047 08.29.2006 no virus found
Ewido 4.0 08.25.2006 Backdoor.Genlot.DX
Fortinet 2.77.0.0 08.29.2006 PossibleThreat!03178
F-Prot 3.16f 08.25.2006 security risk or a "backdoor" program
F-Prot4 4.2.1.29 08.26.2006 Possibly a new unknown PE_Virus!Maximus
Ikarus 0.2.65.0 08.29.2006 no virus found
Kaspersky 4.0.2.24 08.29.2006 no virus found
McAfee 4839 08.28.2006 no virus found
Microsoft 1.1560 08.29.2006 no virus found
NOD32v2 1.1729 08.28.2006 no virus found
Norman 5.90.23 08.28.2006 no virus found
Panda 9.0.0.4 08.28.2006 no virus found
Sophos 4.08.0 08.29.2006 no virus found
Symantec 8.0 08.29.2006 no virus found
TheHacker 5.9.8.201 08.28.2006 no virus found
UNA 1.83 08.29.2006 no virus found
VBA32 3.11.1 08.28.2006 no virus found
VirusBuster 4.3.7:9 08.28.2006 no virus found

**Aswed** · 30.08.2006, 15:47

Complete scanning result of "hlaa2_6.exe", received in VirusTotal at 08.30.2006, 13:37:31 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.30.2006 no virus found
Authentium 4.93.8 08.30.2006 no virus found
Avast 4.7.844.0 08.30.2006 no virus found
AVG 386 08.30.2006 Adware Generic.ODQ
BitDefender 7.2 08.30.2006 no virus found
CAT-QuickHeal 8.00 08.29.2006 no virus found
ClamAV devel-20060426 08.30.2006 no virus found
DrWeb 4.33 08.30.2006 no virus found
eTrust-InoculateIT 23.72.110 08.30.2006 no virus found
eTrust-Vet 30.3.3049 08.30.2006 no virus found
Ewido 4.0 08.25.2006 no virus found
Fortinet 2.77.0.0 08.30.2006 no virus found
F-Prot 3.16f 08.29.2006 no virus found
F-Prot4 4.2.1.29 08.30.2006 no virus found
Ikarus 0.2.65.0 08.29.2006 no virus found
Kaspersky 4.0.2.24 08.30.2006 no virus found
McAfee 4840 08.29.2006 no virus found
Microsoft 1.1560 08.30.2006 no virus found
NOD32v2 1.1731 08.30.2006 no virus found
Norman 5.90.23 08.30.2006 no virus found
Panda 9.0.0.4 08.29.2006 no virus found
Sophos 4.09.0 08.30.2006 no virus found
Symantec 8.0 08.30.2006 no virus found
TheHacker 5.9.8.201 08.28.2006 no virus found
UNA 1.83 08.30.2006 no virus found
VBA32 3.11.1 08.29.2006 no virus found
VirusBuster 4.3.7:9 08.29.2006 no virus found

Aditional Information
File size: 285250 bytes
MD5: 1724b9f3ff238ff278c7d5d41b4893c5
SHA1: 807f1569c58b310c155d21fb26a6ef08fc44d232

**Shu_b** · 30.08.2006, 16:07

из темы: http://virusinfo.info/showthread.php?t=6128

Complete scanning result of "wupdmgr.exe", received in VirusTotal at 08.30.2006, 06:27:55 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.29.2006 no virus found
Authentium 4.93.8 08.30.2006 no virus found
Avast 4.7.844.0 08.28.2006 no virus found
AVG 386 08.29.2006 no virus found
BitDefender 7.2 08.30.2006 Dropped:Generic.Malware.dld!g.5D750B80
CAT-QuickHeal 8.00 08.29.2006 no virus found
ClamAV devel-20060426 08.29.2006 no virus found
DrWeb 4.33 08.29.2006 DLOADER.Trojan packed by BINARYRES
eTrust-InoculateIT 23.72.110 08.30.2006 no virus found
eTrust-Vet 30.3.3047 08.29.2006 no virus found
Ewido 4.0 08.25.2006 no virus found
Fortinet 2.77.0.0 08.30.2006 suspicious
F-Prot 3.16f 08.29.2006 no virus found
F-Prot4 4.2.1.29 08.30.2006 no virus found
Ikarus 0.2.65.0 08.29.2006 no virus found
Kaspersky 4.0.2.24 08.30.2006 no virus found
McAfee 4840 08.29.2006 no virus found
Microsoft 1.1560 08.30.2006 no virus found
NOD32v2 1.1730 08.29.2006 probably unknown NewHeur_PE virus
Norman 5.90.23 08.29.2006 no virus found
Panda 9.0.0.4 08.29.2006 Suspicious file
Sophos 4.08.0 08.30.2006 no virus found
Symantec 8.0 08.30.2006 no virus found
TheHacker 5.9.8.201 08.28.2006 no virus found
UNA 1.83 08.30.2006 no virus found
VBA32 3.11.1 08.29.2006 suspected of Downloader.Small.54
VirusBuster 4.3.7:9 08.29.2006 no virus found

Aditional Information
File size: 9728 bytes
MD5: 6b153a2e68857c7fb9a07bb5870e35c2
SHA1: ac1b74410911417138c9b0172608a8ce6352f570
packers: UPX

Complete scanning result of "vmmlog32.dll", received in VirusTotal at 08.30.2006, 06:32:33 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.29.2006 no virus found
Authentium 4.93.8 08.30.2006 no virus found
Avast 4.7.844.0 08.28.2006 no virus found
AVG 386 08.29.2006 no virus found
BitDefender 7.2 08.30.2006 no virus found
CAT-QuickHeal 8.00 08.29.2006 no virus found
ClamAV devel-20060426 08.29.2006 no virus found
DrWeb 4.33 08.29.2006 no virus found
eTrust-InoculateIT 23.72.110 08.30.2006 no virus found
eTrust-Vet 30.3.3047 08.29.2006 no virus found
Ewido 4.0 08.25.2006 no virus found
Fortinet 2.77.0.0 08.30.2006 no virus found
F-Prot 3.16f 08.29.2006 no virus found
F-Prot4 4.2.1.29 08.30.2006 no virus found
Ikarus 0.2.65.0 08.29.2006 no virus found
Kaspersky 4.0.2.24 08.30.2006 no virus found
McAfee 4840 08.29.2006 no virus found
Microsoft 1.1560 08.30.2006 no virus found
NOD32v2 1.1730 08.29.2006 no virus found
Norman 5.90.23 08.29.2006 no virus found
Panda 9.0.0.4 08.29.2006 Suspicious file
Sophos 4.08.0 08.30.2006 no virus found
Symantec 8.0 08.30.2006 no virus found
TheHacker 5.9.8.201 08.28.2006 no virus found
UNA 1.83 08.30.2006 no virus found
VBA32 3.11.1 08.29.2006 suspected of Downloader.Small.54
VirusBuster 4.3.7:9 08.29.2006 no virus found

Aditional Information
File size: 7680 bytes
MD5: 429f2269ee60864de5a893c3200061ad
SHA1: 75b0443030593728e5e782924c95fbca1e24415a

**Aswed** · 30.08.2006, 16:38

Любопытный результат:

Complete scanning result of "bs2_.exe", received in VirusTotal at 08.30.2006, 14:25:38 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.30.2006 no virus found
Authentium 4.93.8 08.30.2006 no virus found
Avast 4.7.844.0 08.30.2006 no virus found
AVG 386 08.30.2006 Downloader.Generic.LTW
BitDefender 7.2 08.30.2006 no virus found
CAT-QuickHeal 8.00 08.30.2006 no virus found
ClamAV devel-20060426 08.30.2006 no virus found
DrWeb 4.33 08.30.2006 no virus found
eTrust-InoculateIT 23.72.110 08.30.2006 no virus found
eTrust-Vet 30.3.3051 08.30.2006 no virus found
Ewido 4.0 08.25.2006 no virus found
Fortinet 2.77.0.0 08.30.2006 no virus found
F-Prot 3.16f 08.29.2006 no virus found
F-Prot4 4.2.1.29 08.30.2006 no virus found
Ikarus 0.2.65.0 08.29.2006 no virus found
Kaspersky 4.0.2.24 08.30.2006 no virus found
McAfee 4840 08.29.2006 no virus found
Microsoft 1.1560 08.30.2006 no virus found
NOD32v2 1.1731 08.30.2006 no virus found
Norman 5.90.23 08.30.2006 W32/DLoader.ALQE
Panda 9.0.0.4 08.29.2006 Suspicious file
Sophos 4.09.0 08.30.2006 no virus found
Symantec 8.0 08.30.2006 no virus found
TheHacker 5.9.8.201 08.28.2006 no virus found
UNA 1.83 08.30.2006 no virus found
VBA32 3.11.1 08.30.2006 no virus found
VirusBuster 4.3.7:9 08.29.2006 no virus found

Aditional Information
File size: 218360 bytes
MD5: e400719473a03af06e2420690523a9f9
SHA1: 54854a3e8403f207de0450bfa3c047b6757bbdfe
packers: MEW

Complete scanning result of "sysB.exe", received in VirusTotal at 08.30.2006, 14:26:05 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.30.2006 no virus found
Authentium 4.93.8 08.30.2006 no virus found
Avast 4.7.844.0 08.30.2006 no virus found
AVG 386 08.30.2006 Dropper.Agent.BII
BitDefender 7.2 08.30.2006 no virus found
CAT-QuickHeal 8.00 08.30.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 08.30.2006 no virus found
DrWeb 4.33 08.30.2006 no virus found
eTrust-InoculateIT 23.72.110 08.30.2006 no virus found
eTrust-Vet 30.3.3051 08.30.2006 no virus found
Ewido 4.0 08.25.2006 no virus found
Fortinet 2.77.0.0 08.30.2006 no virus found
F-Prot 3.16f 08.29.2006 no virus found
F-Prot4 4.2.1.29 08.30.2006 no virus found
Ikarus 0.2.65.0 08.29.2006 no virus found
Kaspersky 4.0.2.24 08.30.2006 no virus found
McAfee 4840 08.29.2006 no virus found
Microsoft 1.1560 08.30.2006 no virus found
NOD32v2 1.1731 08.30.2006 no virus found
Norman 5.90.23 08.30.2006 no virus found
Panda 9.0.0.4 08.29.2006 no virus found
Sophos 4.09.0 08.30.2006 no virus found
Symantec 8.0 08.30.2006 no virus found
TheHacker 5.9.8.201 08.28.2006 no virus found
UNA 1.83 08.30.2006 no virus found
VBA32 3.11.1 08.30.2006 no virus found
VirusBuster 4.3.7:9 08.29.2006 no virus found

Aditional Information
File size: 78620 bytes
MD5: a81de1647b572ee26a980eba1cd09791
SHA1: c5c97b7a6227902f467d681e93b1989b498e5720
packers: Petite

**MedvedD** · 01.09.2006, 14:21

http://forum.ixbt.com/topic.cgi?id=27:6845-32 Искал утилиты для починки флеш-драйва, нашёл это..

Complete scanning result of "USBFlash_Controller_Reset_1.02.zi", received in VirusTotal at 09.01.2006, 12:02:06 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.11 09.01.2006 HEUR/Crypted
Authentium 4.93.8 08.31.2006 no virus found
Avast 4.7.844.0 08.31.2006 no virus found
AVG 386 08.31.2006 no virus found
BitDefender 7.2 08.31.2006 no virus found
CAT-QuickHeal 8.00 08.31.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 08.31.2006 no virus found
DrWeb 4.33 09.01.2006 MULDROP.PWS.Trojan
eTrust-InoculateIT 23.72.112 09.01.2006 no virus found
eTrust-Vet 30.3.3054 09.01.2006 no virus found
Ewido 4.0 09.01.2006 no virus found
Fortinet 2.77.0.0 08.31.2006 suspicious
F-Prot 3.16f 08.31.2006 no virus found
F-Prot4 4.2.1.29 08.31.2006 no virus found
Ikarus 0.2.65.0 08.31.2006 Backdoor.Win32.SdBot.AKU
Kaspersky 4.0.2.24 09.01.2006 no virus found
McAfee 4842 08.31.2006 no virus found
Microsoft 1.1560 09.01.2006 no virus found
NOD32v2 1.1734 08.31.2006 probably unknown NewHeur_PE virus
Norman 5.90.23 08.31.2006 no virus found
Panda 9.0.0.4 08.31.2006 no virus found
Sophos 4.09.0 09.01.2006 no virus found
Symantec 8.0 09.01.2006 no virus found
TheHacker 5.9.8.202 08.31.2006 no virus found
UNA 1.83 09.01.2006 Win32.CRYPT.virus
VBA32 3.11.1 08.31.2006 no virus found
VirusBuster 4.3.7:9 08.31.2006 no virus found

Aditional Information
File size: 124685 bytes
MD5: da434a798c2af51a4127e8bbae6427d3
SHA1: 174b76faacf2f549f2b83c36dc4c836f964d485e
packers: SVKProtector

**Alexey P.** · 02.09.2006, 19:53

Complete scanning result of "your1.exe", received in VirusTotal at 09.02.2006,
17:37:56 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.11 09.01.2006 HEUR/Crypted
Authentium 4.93.8 09.02.2006 no virus found
Avast 4.7.844.0 09.01.2006 Win32:Rbot-WX
AVG 386 09.01.2006 no virus found
BitDefender 7.2 09.02.2006 no virus found
CAT-QuickHeal 8.00 09.02.2006 no virus found
ClamAV devel-20060426 09.02.2006 no virus found
DrWeb 4.33 09.02.2006 Win32.HLLW.MyBot
eTrust-InoculateIT 23.72.113 09.01.2006 no virus found
eTrust-Vet 30.3.3056 09.01.2006 Win32/Rbot!generic
Ewido 4.0 09.02.2006 no virus found
Fortinet 2.77.0.0 09.02.2006 no virus found
F-Prot 3.16f 09.01.2006 no virus found
F-Prot4 4.2.1.29 09.01.2006 no virus found
Ikarus 0.2.65.0 09.01.2006 no virus found
Kaspersky 4.0.2.24 09.02.2006 no virus found
McAfee 4843 09.01.2006 no virus found
Microsoft 1.1560 09.02.2006 no virus found
NOD32v2 1.1736 09.02.2006 a variant of Win32/Rbot
Norman 5.90.23 09.01.2006 no virus found
Panda 9.0.0.4 09.02.2006 W32/Gaobot.OAG.worm
Sophos 4.09.0 09.02.2006 no virus found
Symantec 8.0 09.02.2006 no virus found
TheHacker 5.9.8.203 09.01.2006 no virus found
UNA 1.83 09.02.2006 no virus found
VBA32 3.11.1 09.01.2006 no virus found
VirusBuster 4.3.7:9 09.02.2006 no virus found

Aditional Information
File size: 115712 bytes
MD5: 9deef30dd599bd3b3be68c536ea88177
SHA1: 4ca18289ab2c73795d9fc4e18e5bfcef826348e2
packers: Aspack

**Зайцев Олег** · 02.09.2006, 23:31

Antivirus Version Update Result
AntiVir 7.1.1.11 09.01.2006 HEUR/Crypted
Authentium 4.93.8 09.02.2006 no virus found
Avast 4.7.844.0 09.01.2006 Win32:Murlo-F
AVG 386 09.01.2006 no virus found
BitDefender 7.2 09.02.2006 Backdoor.Small.CHH
CAT-QuickHeal 8.00 09.02.2006 no virus found
ClamAV devel-20060426 09.02.2006 no virus found
DrWeb 4.33 09.02.2006 BackDoor.Jink
eTrust-InoculateIT 23.72.113 09.01.2006 no virus found
eTrust-Vet 30.3.3056 09.01.2006 Win32/Fifibe!generic
Ewido 4.0 09.02.2006 no virus found
Fortinet 2.77.0.0 09.02.2006 suspicious
F-Prot 3.16f 09.01.2006 no virus found
F-Prot4 4.2.1.29 09.01.2006 no virus found
Ikarus 0.2.65.0 09.02.2006 no virus found
Kaspersky 4.0.2.24 09.02.2006 no virus found
McAfee 4843 09.01.2006 no virus found
Microsoft 1.1560 09.02.2006 no virus found
NOD32v2 1.1736 09.02.2006 a variant of Win32/Small.BB
Norman 5.90.23 09.01.2006 W32/Smalldoor.GON
Panda 9.0.0.4 09.02.2006 Trj/SrchSpy.N
Sophos 4.09.0 09.02.2006 no virus found
Symantec 8.0 09.02.2006 Backdoor.Trojan
TheHacker 5.9.8.203 09.01.2006 no virus found
UNA 1.83 09.02.2006 no virus found
VBA32 3.11.1 09.01.2006 no virus found
VirusBuster 4.3.7:9 09.02.2006 no virus found

образец прислан пользователем, так как заподозрен AVZ как Trojan-Downloader.Win32.Murlo.du

**Зайцев Олег** · 02.09.2006, 23:48

Antivirus Version Update Result
AntiVir 7.1.1.11 09.01.2006 HEUR/Crypted
Authentium 4.93.8 09.02.2006 no virus found
Avast 4.7.844.0 09.01.2006 no virus found
AVG 386 09.01.2006 no virus found
BitDefender 7.2 09.02.2006 no virus found
CAT-QuickHeal 8.00 09.02.2006 Backdoor.Sdbot.gen
ClamAV devel-20060426 09.02.2006 no virus found
DrWeb 4.33 09.02.2006 no virus found
eTrust-InoculateIT 23.72.113 09.01.2006 Win32/Cavitate.AB!Trojan
eTrust-Vet 30.3.3056 09.01.2006 Win32/Cavitate.AC
Ewido 4.0 09.02.2006 no virus found
Fortinet 2.77.0.0 09.02.2006 no virus found
F-Prot 3.16f 09.01.2006 no virus found
F-Prot4 4.2.1.29 09.01.2006 no virus found
Ikarus 0.2.65.0 09.02.2006 no virus found
Kaspersky 4.0.2.24 09.02.2006 no virus found
McAfee 4843 09.01.2006 Downloader-YO
Microsoft 1.1560 09.02.2006 no virus found
NOD32v2 1.1736 09.02.2006 a variant of Win32/TrojanDownloader.Murlo
Norman 5.90.23 09.01.2006 W32/Laok.A
Panda 9.0.0.4 09.02.2006 Trj/Downloader.KDH
Sophos 4.09.0 09.02.2006 no virus found
Symantec 8.0 09.02.2006 no virus found
TheHacker 5.9.8.203 09.01.2006 no virus found
UNA 1.83 09.02.2006 no virus found
VBA32 3.11.1 09.01.2006 no virus found
VirusBuster 4.3.7:9 09.02.2006 no virus found

Aditional Information
File size: 20992 bytes
MD5: 1b1f8eca1913f80e3d912ac597fab6a8
SHA1: 9bd720ed0ed4fcb629d320182bd987f2e5fd13fb
образец прислан пользователем, так как заподозрен AVZ как Trojan-Downloader.Win32.Murlo.du - изловлен на том-же ПК, что и образец из поста #100

**MOCT** · 03.09.2006, 12:11

Complete scanning result of "WebMoney.exe", received in VirusTotal at 09.03.2006, 09:28:05 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.11 09.01.2006 no virus found
Authentium 4.93.8 09.02.2006 no virus found
Avast 4.7.844.0 09.01.2006 Win32:Webmoner-J
AVG 386 09.01.2006 no virus found
BitDefender 7.2 09.03.2006 no virus found
CAT-QuickHeal 8.00 09.02.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 09.02.2006 no virus found
DrWeb 4.33 09.02.2006 no virus found
eTrust-InoculateIT 23.72.113 09.01.2006 no virus found
eTrust-Vet 30.3.3056 09.01.2006 no virus found
Ewido 4.0 09.02.2006 Dropper.Joiner.cb
Fortinet 2.77.0.0 09.02.2006 suspicious
F-Prot 3.16f 09.01.2006 no virus found
F-Prot4 4.2.1.29 09.01.2006 no virus found
Ikarus 0.2.65.0 09.02.2006 Trojan-Spy.Win32.Agent.mf
Kaspersky 4.0.2.24 09.03.2006 no virus found
McAfee 4843 09.01.2006 no virus found
Microsoft 1.1560 09.03.2006 no virus found
NOD32v2 1.1736 09.02.2006 a variant of Win32/TrojanDropper.Delf.UQ
Norman 5.90.23 09.01.2006 Suspicious_F.gen
Panda 9.0.0.4 09.02.2006 no virus found
Sophos 4.09.0 09.03.2006 no virus found
Symantec 8.0 09.03.2006 no virus found
TheHacker 5.9.8.203 09.01.2006 no virus found
UNA 1.83 09.02.2006 no virus found
VBA32 3.11.1 09.03.2006 suspected of Backdoor.Bifrose.52
VirusBuster 4.3.7:9 09.02.2006 no virus found

Aditional Information
File size: 50969 bytes
MD5: 75d63e6c81becb17ae8b1b572a427a69
SHA1: 3f20ee0914dc20989a2af0a97b3682b06a8c4d36
packers: FSG

внутри него вот такой файл:

Complete scanning result of "webmoney.1", received in VirusTotal at 09.03.2006, 10:08:44 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.11 09.01.2006 TR/Spy.Webmoner.AG
Authentium 4.93.8 09.02.2006 could be infected with an unknown virus
Avast 4.7.844.0 09.01.2006 no virus found
AVG 386 09.01.2006 no virus found
BitDefender 7.2 09.03.2006 BehavesLike:Win32.FileInfector
CAT-QuickHeal 8.00 09.02.2006 no virus found
ClamAV devel-20060426 09.02.2006 no virus found
DrWeb 4.33 09.03.2006 no virus found
eTrust-InoculateIT 23.72.113 09.01.2006 no virus found
eTrust-Vet 30.3.3056 09.01.2006 no virus found
Ewido 4.0 09.02.2006 no virus found
Fortinet 2.77.0.0 09.02.2006 no virus found
F-Prot 3.16f 09.01.2006 could be infected with an unknown virus
F-Prot4 4.2.1.29 09.01.2006 no virus found
Ikarus 0.2.65.0 09.02.2006 no virus found
Kaspersky 4.0.2.24 09.03.2006 no virus found
McAfee 4843 09.01.2006 no virus found
Microsoft 1.1560 09.03.2006 no virus found
NOD32v2 1.1736 09.02.2006 no virus found
Norman 5.90.23 09.01.2006 no virus found
Panda 9.0.0.4 09.02.2006 Suspicious file
Sophos 4.09.0 09.03.2006 no virus found
Symantec 8.0 09.03.2006 no virus found
TheHacker 5.9.8.203 09.01.2006 no virus found
UNA 1.83 09.02.2006 no virus found
VBA32 3.11.1 09.03.2006 no virus found
VirusBuster 4.3.7:9 09.02.2006 no virus found

Aditional Information
File size: 57856 bytes
MD5: 8d2d9140c36038505eca62b3ccedc9b8
SHA1: b1d7b7da25ab5ce2a613aefdb92a5fcfc1a65e26

Complete scanning result of "MD_joiner.exe", received in VirusTotal at 09.03.2006, 09:41:07 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.11 09.01.2006 HEUR/Crypted
Authentium 4.93.8 09.02.2006 no virus found
Avast 4.7.844.0 09.01.2006 no virus found
AVG 386 09.01.2006 no virus found
BitDefender 7.2 09.03.2006 no virus found
CAT-QuickHeal 8.00 09.02.2006 no virus found
ClamAV devel-20060426 09.02.2006 no virus found
DrWeb 4.33 09.03.2006 BACKDOOR.Trojan
eTrust-InoculateIT 23.72.113 09.01.2006 no virus found
eTrust-Vet 30.3.3056 09.01.2006 no virus found
Ewido 4.0 09.02.2006 no virus found
Fortinet 2.77.0.0 09.02.2006 suspicious
F-Prot 3.16f 09.01.2006 no virus found
F-Prot4 4.2.1.29 09.01.2006 no virus found
Ikarus 0.2.65.0 09.02.2006 no virus found
Kaspersky 4.0.2.24 09.03.2006 no virus found
McAfee 4843 09.01.2006 no virus found
Microsoft 1.1560 09.03.2006 no virus found
NOD32v2 1.1736 09.02.2006 no virus found
Norman 5.90.23 09.01.2006 no virus found
Panda 9.0.0.4 09.02.2006 no virus found
Sophos 4.09.0 09.03.2006 no virus found
Symantec 8.0 09.03.2006 no virus found
TheHacker 5.9.8.203 09.01.2006 no virus found
UNA 1.83 09.02.2006 Win32.CRYPT.virus
VBA32 3.11.1 09.03.2006 no virus found
VirusBuster 4.3.7:9 09.02.2006 no virus found

Aditional Information
File size: 208896 bytes
MD5: 4a95a9a857ab578879b343dd1da2fe69
SHA1: fc2e26daaadee53f623a2327b0fae5a7b3f4ed8c
packers: ExeStealth

**MOCT** · 03.09.2006, 12:12

Complete scanning result of "ya_v_pionerske_.jpeg_.exe", received in VirusTotal at 09.03.2006, 09:31:52 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.11 09.01.2006 HEUR/Crypted
Authentium 4.93.8 09.02.2006 Possibly a new variant of W32/Threat-HLLAV-based!Maximus
Avast 4.7.844.0 09.01.2006 no virus found
AVG 386 09.01.2006 no virus found
BitDefender 7.2 09.03.2006 no virus found
CAT-QuickHeal 8.00 09.02.2006 no virus found
ClamAV devel-20060426 09.02.2006 no virus found
DrWeb 4.33 09.03.2006 Trojan.MulDrop.1161
eTrust-InoculateIT 23.72.113 09.01.2006 no virus found
eTrust-Vet 30.3.3056 09.01.2006 no virus found
Ewido 4.0 09.02.2006 no virus found
Fortinet 2.77.0.0 09.02.2006 no virus found
F-Prot 3.16f 09.01.2006 Possibly a new variant of W32/Threat-HLLAV-based!Maximus
F-Prot4 4.2.1.29 09.01.2006 W32/Threat-HLLAV-based!Maximus
Ikarus 0.2.65.0 09.02.2006 no virus found
Kaspersky 4.0.2.24 09.03.2006 no virus found
McAfee 4843 09.01.2006 no virus found
Microsoft 1.1560 09.03.2006 no virus found
NOD32v2 1.1736 09.02.2006 a variant of Win32/TrojanDropper.Joiner.AJ
Norman 5.90.23 09.01.2006 no virus found
Panda 9.0.0.4 09.02.2006 Suspicious file
Sophos 4.09.0 09.03.2006 no virus found
Symantec 8.0 09.03.2006 no virus found
TheHacker 5.9.8.203 09.01.2006 no virus found
UNA 1.83 09.02.2006 no virus found
VBA32 3.11.1 09.03.2006 no virus found
VirusBuster 4.3.7:9 09.02.2006 no virus found

Aditional Information
File size: 197632 bytes
MD5: 7da39c33941a3b4e010274e82d481288
SHA1: bc66de0d1e784144eb512be4ae212fdba912b0b6
packers: Aspack

p.s. представители AV могут обращаться за образцами

**MOCT** · 03.09.2006, 12:13

Complete scanning result of "icqz.2", received in VirusTotal at 09.03.2006, 09:34:17 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.11 09.01.2006 HEUR/Malware
Authentium 4.93.8 09.02.2006 no virus found
Avast 4.7.844.0 09.01.2006 Win32:Trojan-gen. {Other}
AVG 386 09.01.2006 no virus found
BitDefender 7.2 09.03.2006 Trojan.Pws.Ldpinch.IZ
CAT-QuickHeal 8.00 09.02.2006 no virus found
ClamAV devel-20060426 09.02.2006 no virus found
DrWeb 4.33 09.03.2006 Trojan.PWS.LDPinch.751
eTrust-InoculateIT 23.72.113 09.01.2006 no virus found
eTrust-Vet 30.3.3056 09.01.2006 no virus found
Ewido 4.0 09.02.2006 Trojan.LdPinch
Fortinet 2.77.0.0 09.02.2006 KeyHook
F-Prot 3.16f 09.01.2006 no virus found
F-Prot4 4.2.1.29 09.01.2006 no virus found
Ikarus 0.2.65.0 09.02.2006 no virus found
Kaspersky 4.0.2.24 09.03.2006 no virus found
McAfee 4843 09.01.2006 potentially unwanted program KeyHook
Microsoft 1.1560 09.03.2006 no virus found
NOD32v2 1.1736 09.02.2006 a variant of Win32/PSW.LdPinch
Norman 5.90.23 09.01.2006 no virus found
Panda 9.0.0.4 09.02.2006 no virus found
Sophos 4.09.0 09.03.2006 no virus found
Symantec 8.0 09.03.2006 no virus found
TheHacker 5.9.8.203 09.01.2006 no virus found
UNA 1.83 09.02.2006 no virus found
VBA32 3.11.1 09.03.2006 Trojan.PWS.LDPinch.751
VirusBuster 4.3.7:9 09.02.2006 no virus found

Aditional Information
File size: 3584 bytes
MD5: 85a62c067c01ff386b5b2b933b6c1a5a
SHA1: c6fcc7ef4f35fd601363adbd5c5bfd993651e654

Complete scanning result of "resapi.1", received in VirusTotal at 09.03.2006, 09:37:36 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.11 09.01.2006 TR/PSW.Ziew.4
Authentium 4.93.8 09.02.2006 no virus found
Avast 4.7.844.0 09.01.2006 no virus found
AVG 386 09.01.2006 no virus found
BitDefender 7.2 09.03.2006 no virus found
CAT-QuickHeal 8.00 09.02.2006 no virus found
ClamAV devel-20060426 09.02.2006 no virus found
DrWeb 4.33 09.03.2006 no virus found
eTrust-InoculateIT 23.72.113 09.01.2006 no virus found
eTrust-Vet 30.3.3056 09.01.2006 no virus found
Ewido 4.0 09.02.2006 no virus found
Fortinet 2.77.0.0 09.02.2006 no virus found
F-Prot 3.16f 09.01.2006 no virus found
F-Prot4 4.2.1.29 09.01.2006 no virus found
Ikarus 0.2.65.0 09.02.2006 no virus found
Kaspersky 4.0.2.24 09.03.2006 no virus found
McAfee 4843 09.01.2006 no virus found
Microsoft 1.1560 09.03.2006 no virus found
NOD32v2 1.1736 09.02.2006 no virus found
Norman 5.90.23 09.01.2006 no virus found
Panda 9.0.0.4 09.02.2006 Suspicious file
Sophos 4.09.0 09.03.2006 no virus found
Symantec 8.0 09.03.2006 no virus found
TheHacker 5.9.8.203 09.01.2006 no virus found
UNA 1.83 09.02.2006 no virus found
VBA32 3.11.1 09.03.2006 suspected of Trojan-PSW.Delf.2
VirusBuster 4.3.7:9 09.02.2006 no virus found

Aditional Information
File size: 70880 bytes
MD5: 5cabe0847b96b363db7cd79a597a8abc
SHA1: a2d0cc7a7070a2e593fb1c660caa2a45dc7e2782
packers: UPX

**Nike** · 03.09.2006, 13:44

по аське послали линк как на прогу для спама.

Complete scanning result of "instamess2.exe", received in VirusTotal at 09.03.2006, 11:39:41 (CET).
Antivirus Version Update Result
AntiVir 7.1.1.11 09.01.2006 no virus found
Authentium 4.93.8 09.02.2006 no virus found
Avast 4.7.844.0 09.01.2006 no virus found
AVG 386 09.01.2006 no virus found
BitDefender 7.2 09.03.2006 no virus found
CAT-QuickHeal 8.00 09.02.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 09.02.2006 no virus found
DrWeb n - no virus found
eTrust-InoculateIT 23.72.113 09.01.2006 no virus found
eTrust-Vet 30.3.3056 09.01.2006 no virus found
Ewido 4.0 09.02.2006 Dropper.Prodex.11.b
Fortinet 2.77.0.0 09.02.2006 suspicious
F-Prot 3.16f 09.01.2006 no virus found
F-Prot4 4.2.1.29 09.01.2006 no virus found
Ikarus 0.2.65.0 09.02.2006 no virus found
Kaspersky 4.0.2.24 09.03.2006 no virus found
McAfee 4843 09.01.2006 no virus found
Microsoft 1.1560 09.03.2006 no virus found
NOD32v2 1.1736 09.02.2006 a variant of Win32/PSW.LdPinch
Norman 5.90.23 09.01.2006 W32/Malware
Panda 9.0.0.4 09.02.2006 Suspicious file
Sophos 4.09.0 09.03.2006 no virus found
Symantec 8.0 09.03.2006 no virus found
TheHacker 5.9.8.203 09.01.2006 no virus found
UNA 1.83 09.02.2006 no virus found
VBA32 3.11.1 09.03.2006 Dropper.Trojan.PSW.LdPinch
VirusBuster 4.3.7:9 09.02.2006 no virus found

Aditional Information
File size: 414683 bytes
MD5: e06ddf51bfc66f6a33de71f6e745de18
SHA1: a23dd8925e3199a8302a48b0482d8fd97299024f
Norman SandBox:
[ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Creating several executable files on hard-drive.
* File length: 414683 bytes.

[ Changes to filesystem ]
* Creates file x.exe.
* Creates file y.exe.
* Creates file C: empole320.

[ Process/window information ]
* Attemps to open x.exe NULL.
* Attemps to open y.exe NULL.
* Attempts to access service "".
* Attempts to access service "AVWUpSrv".
* Attempts to access service "NOD32krn".
* Attempts to access service "Ahnlab task Scheduler".
* Attempts to access service "alerter".
* Attempts to access service "AlertManger".
* Attempts to access service "AVExch32Service".
* Attempts to access service "avg7alrt".
* Attempts to access service "avg7updsvc".
* Attempts to access service "AvgCore".
* Attempts to access service "AvgFsh".
* Attempts to access service "AvgServ".
* Attempts to access service "avpcc".
* Attempts to access service "AVUPDService".
* Attempts to access service "AvxIni".
* Attempts to access service "awhost32".
* Attempts to access service "backweb client - 4476822".
* Attempts to access service "BackWeb Client - 7681197".
* Attempts to access service "backweb client-4476822".
* Attempts to access service "ccEvtMgr".
* Attempts to access service "ccPwdSvc".
* Attempts to access service "ccSetMgr".
* Attempts to access service "ccSetMgr.exe".
* Attempts to access service "DefWatch".
* Attempts to access service "dvpapi".
* Attempts to access service "dvpinit".
* Attempts to access service "fsbwsys".
* Attempts to access service "fsdfwd".
* Attempts to access service "F-Secure Gatekeeper Handler Starter".
* Attempts to access service "FSMA".
* Attempts to access service "KAVMonitorService".
* Attempts to access service "kavsvc".
* Attempts to access service "KLBLMain".

**Зайцев Олег** · 05.09.2006, 17:34

STATUS: FINISHEDComplete scanning result of "main.exe", received in VirusTotal at 09.05.2006, 15:13:07 (CET).
Antivirus Version Update Result
AntiVir 7.1.1.11 09.05.2006 HEUR/Crypted
Authentium 4.93.8 09.03.2006 no virus found
Avast 4.7.844.0 09.04.2006 no virus found
AVG 386 09.04.2006 no virus found
BitDefender 7.2 09.05.2006 DeepScan:Generic.Dialer.9192775C
CAT-QuickHeal 8.00 09.04.2006 no virus found
ClamAV devel-20060426 09.05.2006 no virus found
DrWeb 4.33 09.05.2006 no virus found
eTrust-InoculateIT 23.72.115 09.04.2006 no virus found
eTrust-Vet 30.3.3063 09.05.2006 no virus found
Ewido 4.0 09.05.2006 no virus found
Fortinet 2.77.0.0 09.04.2006 suspicious
F-Prot 3.16f 09.04.2006 no virus found
F-Prot4 4.2.1.29 09.04.2006 no virus found
Ikarus 0.2.65.0 09.05.2006 no virus found
Kaspersky 4.0.2.24 09.05.2006 no virus found
McAfee 4844 09.04.2006 no virus found
Microsoft 1.1560 09.03.2006 no virus found
NOD32v2 1.1739 09.04.2006 no virus found
Norman 5.90.23 09.04.2006 no virus found
Panda 9.0.0.4 09.04.2006 Suspicious file
Sophos 4.09.0 09.05.2006 no virus found
Symantec 8.0 09.05.2006 no virus found
TheHacker 5.9.8.204 09.04.2006 no virus found
UNA 1.83 09.05.2006 no virus found
VBA32 3.11.1 09.04.2006 suspected of Trojan-Dropper.Agent.55
VirusBuster 4.3.7:9 09.05.2006 no virus found

Aditional Information
File size: 47616 bytes
MD5: f5c661cc0428119d9e76cb709c105f13
SHA1: e6d17eee0d5002629aa33a24eaea9d568f59e6b7
packers: UPX

На самом деле это троян, типа Pinch-а. Создает swf файл - его запуск приводит к отображению чьей-то голой задницы

тем временем пароли уходят злоумышленнику...

**Alex_Goodwin** · 05.09.2006, 17:52

Пришло по аське:
Внимание, СЕНСАЦИЯ!!! Секс Курниковой с охранниками,
съемка скрытой камерой - впервые в Интернете.
хттп://skijimramov.cz

Далее ссылка на скринсейвер.

orgi_kurnikova.scr
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 a792a79d5bbf50ddae389669b2e345f3
Packers detected: UPX
Scanner results
AntiVir Found Heuristic/Crypted (probable variant)
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan-PSW.Win32.LdPinch.awn
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found Trojan-Dropper.Agent.55 (probable variant)

STATUS: FINISHEDComplete scanning result of "__1056", received in VirusTotal at 09.05.2006, 15:37:50 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.11 09.05.2006 HEUR/Crypted
Authentium 4.93.8 09.03.2006 no virus found
Avast 4.7.844.0 09.04.2006 no virus found
AVG 386 09.04.2006 no virus found
BitDefender 7.2 09.05.2006 no virus found
CAT-QuickHeal 8.00 09.05.2006 no virus found
ClamAV devel-20060426 09.05.2006 no virus found
DrWeb 4.33 09.05.2006 Trojan.PWS.LDPinch.1130
eTrust-InoculateIT 23.72.115 09.04.2006 no virus found
eTrust-Vet 30.3.3063 09.05.2006 no virus found
Ewido 4.0 09.05.2006 no virus found
Fortinet 2.77.0.0 09.04.2006 suspicious
F-Prot 3.16f 09.04.2006 no virus found
F-Prot4 4.2.1.29 09.04.2006 Possibly a new unknown PE_Virus!Maximus
Ikarus 0.2.65.0 09.05.2006 no virus found
Kaspersky 4.0.2.24 09.05.2006 Trojan-PSW.Win32.LdPinch.awn
McAfee 4844 09.04.2006 no virus found
Microsoft 1.1560 09.03.2006 no virus found
NOD32v2 1.1739 09.04.2006 no virus found
Norman 5.90.23 09.04.2006 no virus found
Panda 9.0.0.4 09.04.2006 Suspicious file
Sophos 4.09.0 09.05.2006 no virus found
Symantec 8.0 09.05.2006 no virus found
TheHacker 5.9.8.204 09.04.2006 Posible_Worm322
UNA 1.83 09.05.2006 no virus found
VBA32 3.11.1 09.04.2006 suspected of Trojan-Dropper.Agent.55
VirusBuster 4.3.7:9 09.05.2006 no virus found

Aditional Information
File size: 54272 bytes
MD5: a792a79d5bbf50ddae389669b2e345f3
SHA1: e4d1d9fe375e7111449a442440acad3f21ee40bf
packers: UPX

Странно, что доктор на джотти не нашел, а на вирус тотале нашел. Базы разные/скорость обновления?

**Shu_b** · 05.09.2006, 23:30

Complete scanning result of "sysaudio.exe", received in VirusTotal at 09.05.2006, 21:13:10 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.11 09.05.2006 TR/Small.GO.1
Authentium 4.93.8 09.03.2006 no virus found
Avast 4.7.844.0 09.04.2006 no virus found
AVG 386 09.05.2006 no virus found
BitDefender 7.2 09.05.2006 Trojan.Win32.Small.GO
CAT-QuickHeal 8.00 09.05.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 09.05.2006 no virus found
DrWeb 4.33 09.05.2006 BACKDOOR.Trojan
eTrust-InoculateIT 23.72.115 09.04.2006 no virus found
eTrust-Vet 30.3.3063 09.05.2006 no virus found
Ewido 4.0 09.05.2006 no virus found
Fortinet 2.77.0.0 09.04.2006 no virus found
F-Prot 3.16f 09.04.2006 no virus found
F-Prot4 4.2.1.29 09.04.2006 no virus found
Ikarus 0.2.65.0 09.05.2006 no virus found
Kaspersky 4.0.2.24 09.05.2006 Trojan.Win32.Small.go
McAfee 4845 09.05.2006 Generic Keylogger.f
Microsoft 1.1560 09.05.2006 no virus found
NOD32v2 1.1740 09.05.2006 no virus found
Norman 5.90.23 09.05.2006 no virus found
Panda 9.0.0.4 09.05.2006 Trj/Small.QU
Sophos 4.09.0 09.05.2006 no virus found
Symantec 8.0 09.05.2006 Trojan Horse
TheHacker 5.9.8.204 09.04.2006 no virus found
UNA 1.83 09.05.2006 no virus found
VBA32 3.11.1 09.05.2006 Trojan.Win32.Small.go
VirusBuster 4.3.7:9 09.05.2006 no virus found

Aditional Information
File size: 174080 bytes
MD5: 5cac47e0b901d8eb80f49a32e4b7b6fd
SHA1: 52f7e7355e26021a6a636786b7ba8a5ee3a7e61a
packers: Aspack

ps: Файл сохранён как sysaudio_44fdd030d940b.zip
Размер файла 164691
MD5 e1b149839105214f044d9513ab71d631

**Nike** · 06.09.2006, 02:09

Опять разнообразные викусики предлогают посмотреть их фотки.

Antivirus Version Update Result
AntiVir 7.1.1.11 09.05.2006 HEUR/Malware
Authentium 4.93.8 09.05.2006 no virus found
Avast 4.7.844.0 09.04.2006 no virus found
AVG 386 09.05.2006 no virus found
BitDefender 7.2 09.05.2006 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 8.00 09.05.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 09.05.2006 no virus found
DrWeb 4.33 09.05.2006 no virus found
eTrust-InoculateIT 23.72.117 09.05.2006 no virus found
eTrust-Vet 30.3.3063 09.05.2006 Win32/Areses
Ewido 4.0 09.05.2006 no virus found
Fortinet 2.77.0.0 09.04.2006 suspicious
F-Prot 3.16f 09.05.2006 no virus found
F-Prot4 4.2.1.29 09.05.2006 no virus found
Ikarus 0.2.65.0 09.05.2006 no virus found
Kaspersky 4.0.2.24 09.05.2006 no virus found
McAfee 4845 09.05.2006 New Malware.n
Microsoft 1.1560 09.05.2006 no virus found
NOD32v2 1.1740 09.05.2006 a variant of Win32/TrojanDownloader.Delf.AJD
Norman 5.90.23 09.05.2006 W32/Downloader
Panda 9.0.0.4 09.05.2006 Suspicious file
Sophos 4.09.0 09.05.2006 no virus found
Symantec 8.0 09.05.2006 no virus found
TheHacker 5.9.8.204 09.04.2006 no virus found
UNA 1.83 09.05.2006 no virus found
VBA32 3.11.1 09.05.2006 no virus found
VirusBuster 4.3.7:9 09.05.2006 no virus found

Aditional Information
File size: 10713 bytes
MD5: e26d357f83fccd692b018b257abf6b0d
SHA1: eefa825e88616f4efc04a09ce1fb2dd12a9a8621
packers: UPack
Norman SandBox:
[ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* **Locates window "NULL [class AVP.AlertDialog]" on desktop.
* File length: 10713 bytes.

[ Changes to filesystem ]
* Creates file C:WINDOWSTEMPcsrss.exe.

[ Changes to registry ]
* Sets value "m"="m" in key "HKCUSoftwareMicrosoftWindows".

[ Network services ]
* Looks for an Internet connection.
* Opens URL: hттp://rikoger.com/lonus/1/1.exe.

[ Security issues ]
* Starting downloaded file - potential security problem.

[ Process/window information ]
* Modifies other process memory.
* Attemps to open C:WINDOWSTEMPcsrss.exe NULL.

Complete scanning result of "1.exe", received in VirusTotal at 09.06.2006, 00:01:41 (CET).
Antivirus Version Update Result
AntiVir 7.1.1.11 09.05.2006 HEUR/Crypted
Authentium 4.93.8 09.05.2006 no virus found
Avast 4.7.844.0 09.04.2006 no virus found
AVG 386 09.05.2006 no virus found
BitDefender 7.2 09.05.2006 no virus found
CAT-QuickHeal 8.00 09.05.2006 no virus found
ClamAV devel-20060426 09.05.2006 no virus found
DrWeb 4.33 09.05.2006 no virus found
eTrust-InoculateIT 23.72.117 09.05.2006 no virus found
eTrust-Vet 30.3.3063 09.05.2006 no virus found
Ewido 4.0 09.05.2006 no virus found
Fortinet 2.77.0.0 09.04.2006 suspicious
F-Prot 3.16f 09.05.2006 no virus found
F-Prot4 4.2.1.29 09.05.2006 no virus found
Ikarus 0.2.65.0 09.05.2006 no virus found
Kaspersky 4.0.2.24 09.05.2006 no virus found
McAfee 4845 09.05.2006 no virus found
Microsoft 1.1560 09.05.2006 Win32/Ldpinch
NOD32v2 1.1740 09.05.2006 no virus found
Norman 5.90.23 09.05.2006 no virus found
Panda 9.0.0.4 09.05.2006 Suspicious file
Sophos 4.09.0 09.05.2006 no virus found
Symantec 8.0 09.05.2006 no virus found
TheHacker 5.9.8.204 09.04.2006 no virus found
UNA 1.83 09.05.2006 no virus found
VBA32 3.11.1 09.05.2006 suspected of Trojan-Dropper.Agent.55
VirusBuster 4.3.7:9 09.05.2006 no virus found

Aditional Information
File size: 23552 bytes
MD5: 1d27b25be4ea6b3319b9490e83665585
SHA1: 4caa00ec15dbb04f704cc99424eb63a2c2a5b3ca
packers: UPX

результат странноватый..

**MOCT** · 06.09.2006, 14:11

новый Scano. обратите внимание - разные антивирусы знают либо начинку, либо оболочку. и лишь единицы детектируют оба файла.

Complete scanning result of "New.hta.aq", received in VirusTotal at 09.06.2006, 11:51:25 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.11 09.06.2006 no virus found
Authentium 4.93.8 09.06.2006 no virus found
Avast 4.7.844.0 09.06.2006 no virus found
AVG 386 09.05.2006 no virus found
BitDefender 7.2 09.06.2006 [email protected]
CAT-QuickHeal 8.00 09.05.2006 no virus found
ClamAV devel-20060426 09.06.2006 Worm.Scano.AF-2
DrWeb 4.33 09.06.2006 Win32.HLLM.Perf
eTrust-InoculateIT 23.72.117 09.05.2006 no virus found
eTrust-Vet 30.3.3063 09.05.2006 no virus found
Ewido 4.0 09.05.2006 no virus found
Fortinet 2.77.0.0 09.06.2006 no virus found
F-Prot 3.16f 09.06.2006 no virus found
F-Prot4 4.2.1.29 09.06.2006 no virus found
Ikarus 0.2.65.0 09.06.2006 no virus found
Kaspersky 4.0.2.24 09.06.2006 no virus found
McAfee 4845 09.05.2006 no virus found
Microsoft 1.1560 09.06.2006 no virus found
NOD32v2 1.1740 09.05.2006 Win32/Scano.AO
Norman 5.90.23 09.06.2006 no virus found
Panda 9.0.0.4 09.05.2006 no virus found
Sophos 4.09.0 09.06.2006 W32/Bagle-GY
Symantec 8.0 09.06.2006 W32.Areses.Q!vbs
TheHacker 5.9.8.205 09.06.2006 no virus found
UNA 1.83 09.06.2006 no virus found
VBA32 3.11.1 09.05.2006 Email-Worm.Win32.Scano.e#6
VirusBuster 4.3.7:9 09.05.2006 no virus found

Aditional Information
File size: 68250 bytes
MD5: 2ba71d2c2a8cc8a7f7d368cde15604ea
SHA1: dbed05da8ee64054a77b7fcbe920f40d024d3f51

внутри него:
Complete scanning result of "tOT1Js.exe", received in VirusTotal at 09.06.2006, 12:04:48 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.11 09.06.2006 HEUR/Crypted
Authentium 4.93.8 09.06.2006 no virus found
Avast 4.7.844.0 09.06.2006 no virus found
AVG 386 09.05.2006 no virus found
BitDefender 7.2 09.06.2006 no virus found
CAT-QuickHeal 8.00 09.05.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 09.06.2006 Worm.Scano.AG
DrWeb 4.33 09.06.2006 Win32.HLLM.Perf.based
eTrust-InoculateIT 23.72.117 09.05.2006 no virus found
eTrust-Vet 30.3.3064 09.06.2006 no virus found
Ewido 4.0 09.05.2006 no virus found
Fortinet 2.77.0.0 09.06.2006 suspicious
F-Prot 3.16f 09.06.2006 no virus found
F-Prot4 4.2.1.29 09.06.2006 W32/Scano.gen!EEH
Ikarus 0.2.65.0 09.06.2006 no virus found
Kaspersky 4.0.2.24 09.06.2006 Email-Worm.Win32.Scano.aq
McAfee 4845 09.05.2006 no virus found
Microsoft 1.1560 09.06.2006 Win32/Scano.gen@mm
NOD32v2 1.1740 09.05.2006 a variant of Win32/Scano
Norman 5.90.23 09.06.2006 W32/Suspicious_U.gen
Panda 9.0.0.4 09.05.2006 Suspicious file
Sophos 4.09.0 09.06.2006 no virus found
Symantec 8.0 09.06.2006 no virus found
TheHacker 5.9.8.205 09.06.2006 no virus found
UNA 1.83 09.06.2006 no virus found
VBA32 3.11.1 09.05.2006 suspected of Trojan-Dropper.Agent.55
VirusBuster 4.3.7:9 09.05.2006 no virus found

Aditional Information
File size: 21264 bytes
MD5: 9602652056d29277beacdbe07e6ca77a
SHA1: 7c4b0de0ceec16065941e5208b449c4261862bde
packers: UPack

**Shu_b** · 07.09.2006, 10:37

http://virusinfo.info/showthread.php?t=6169

Complete scanning result of "pviever.exe", received in VirusTotal at 09.07.2006, 08:11:08 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.14 09.06.2006 no virus found
Authentium 4.93.8 09.07.2006 no virus found
Avast 4.7.844.0 09.06.2006 Win32:Delf-AMI
AVG 386 09.06.2006 no virus found
BitDefender 7.2 09.07.2006 no virus found
CAT-QuickHeal 8.00 09.05.2006 no virus found
ClamAV devel-20060426 09.07.2006 no virus found
DrWeb 4.33 09.06.2006 no virus found
eTrust-InoculateIT 23.72.118 09.07.2006 no virus found
eTrust-Vet 30.3.3064 09.06.2006 no virus found
Ewido 4.0 09.05.2006 Backdoor.Delf.co
Fortinet 2.77.0.0 09.07.2006 no virus found
F-Prot 3.16f 09.07.2006 no virus found
F-Prot4 4.2.1.29 09.07.2006 no virus found
Ikarus 0.2.65.0 09.06.2006 no virus found
Kaspersky 4.0.2.24 09.07.2006 no virus found
McAfee 4846 09.06.2006 potentially unwanted program Ptop
Microsoft 1.1560 09.07.2006 no virus found
NOD32v2 1.1742 09.06.2006 probably a variant of Win32/PornTool.Topor
Norman 5.90.23 09.06.2006 no virus found
Panda 9.0.0.4 09.07.2006 Suspicious file
Sophos 4.09.0 09.07.2006 no virus found
Symantec 8.0 09.07.2006 no virus found
TheHacker 5.9.8.206 09.07.2006 no virus found
UNA 1.83 09.06.2006 no virus found
VBA32 3.11.1 09.05.2006 suspected of Trojan-Clicker.Agent.35 (paranoid heuristics)
VirusBuster 4.3.7:9 09.06.2006 no virus found

Aditional Information
File size: 698368 bytes
MD5: cae352d5f45c474cc80ab7749a369ba7
SHA1: 27b426030ee7cfc4c6201f9ec3c89d04796430e9

**ALEX(XX)** · 07.09.2006, 18:27

STATUS: FINISHEDComplete scanning result of "pornmagpass_ver1.164.exe", received in VirusTotal at 09.07.2006, 14:51:30 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.14 09.07.2006 DR/Zlob.Gen
Authentium 4.93.8 09.07.2006 no virus found
Avast 4.7.844.0 09.06.2006 no virus found
AVG 386 09.06.2006 Downloader.Zlob.CI
BitDefender 7.2 09.07.2006 no virus found
CAT-QuickHeal 8.00 09.05.2006 no virus found
ClamAV devel-20060426 09.07.2006 no virus found
DrWeb 4.33 09.07.2006 no virus found
eTrust-InoculateIT 23.72.118 09.07.2006 no virus found
eTrust-Vet 30.3.3066 09.07.2006 no virus found
Ewido 4.0 09.05.2006 no virus found
Fortinet 2.77.0.0 09.07.2006 suspicious
F-Prot 3.16f 09.07.2006 no virus found
F-Prot4 4.2.1.29 09.07.2006 no virus found
Ikarus 0.2.65.0 09.07.2006 no virus found
Kaspersky 4.0.2.24 09.07.2006 no virus found
McAfee 4846 09.06.2006 no virus found
Microsoft 1.1560 09.07.2006 no virus found
NOD32v2 1.1743 09.07.2006 no virus found
Norman 5.90.23 09.07.2006 no virus found
Panda 9.0.0.4 09.07.2006 Suspicious file
Sophos 4.09.0 09.07.2006 no virus found
Symantec 8.0 09.07.2006 no virus found
TheHacker 5.9.8.206 09.07.2006 no virus found
UNA 1.83 09.06.2006 no virus found
VBA32 3.11.1 09.07.2006 no virus found
VirusBuster 4.3.7:9 09.06.2006 Trojan.DL.Zlob.YM.Gen

Aditional Information
File size: 97048 bytes
MD5: d025ec6f1c48e55bf7064c64d35fb20b
SHA1: 3a394352996fd5ce3efd6e84c1b884fa446ba532
packers: UPX

Исследование антивирусов 4

Опции темы

WebMoney троянцы:

Файлы из склеек вредоносных файлов:

Похожие темы

Исследование антивирусов 7

Исследование антивирусов 6

Исследование антивирусов 5

Исследование антивирусов 3

Исследование антивирусов 2

Ваши права в разделе