Исследование антивирусов 4

**WaterFish** · 04.10.2006, 10:04

Вчерашнее письмо.

Complete scanning result of "doc.zip", received in VirusTotal at 10.04.2006, 07:55:55 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.22 10.03.2006 Worm/Stration.C
Authentium 4.93.8 10.03.2006 W32/Warezov.gen!W32DL
Avast 4.7.892.0 10.03.2006 Win32:Warezov-HQ
AVG 386 10.03.2006 I-Worm/Stration
BitDefender 7.2 10.04.2006 Dropped:Win32.Stration.Gen@mm
CAT-QuickHeal 8.00 10.03.2006 I-Worm.Warezov.bu
ClamAV devel-20060426 10.04.2006 Worm.Stration.EU
DrWeb 4.33 10.03.2006 Win32.HLLM.Limar
eTrust-InoculateIT 23.73.13 10.04.2006 Win32/Stration.4gf!Worm
eTrust-Vet 30.3.3113 10.03.2006 Win32/Stration.CN
Ewido 4.0 10.04.2006 Worm.Warezov.bu
Fortinet 2.82.0.0 10.04.2006 W32/Stration.DR@mm
F-Prot 3.16f 10.03.2006 W32/Warezov.gen!W32DL
F-Prot4 4.2.1.29 10.02.2006 W32/Tricky-Malware-based!Maximus
Ikarus 0.2.65.0 10.03.2006 Packer.byDwing
Kaspersky 4.0.2.24 10.04.2006 Email-Worm.Win32.Warezov.bu
McAfee 4865 10.03.2006 W32/Stration.dr
Microsoft 1.1603 10.04.2006 Win32/Stration.gen!dr
NOD32v2 1.1788 10.03.2006 Win32/Stration.FL
Norman 5.90.23 10.03.2006 W32/Stration.PM
Panda 9.0.0.4 10.03.2006 W32/Spamta.EB.worm
Sophos 4.10.0 10.04.2006 W32/Stratio-AO
Symantec 8.0 10.04.2006 no virus found
TheHacker 6.0.1.091 10.04.2006 W32/Stration@MM
UNA 1.83 10.03.2006 no virus found
VBA32 3.11.1 10.03.2006 Email-Worm.Win32.Warezov.bu
VirusBuster 4.3.7:9 10.03.2006 Trojan.Opnis.Gen!Pac2

Aditional Information
File size: 131507 bytes
MD5: 8284c69db3330c122e46b6d66c19cb5b
SHA1: 8431d833b3889025e55cfb75c93ae568b65488db

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**Alexey P.** · 04.10.2006, 11:53

Complete scanning result of "Update-KB7031-x86.exe", received in VirusTotal at 10.04.2006, 09:43:07 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.22 10.04.2006 Worm/Stration.C
Authentium 4.93.8 10.03.2006 W32/Warezov.gen!W32DL
Avast 4.7.892.0 10.03.2006 no virus found
AVG 386 10.03.2006 I-Worm/Stration
BitDefender 7.2 10.04.2006 Win32.Worm.Stration.CC@mm
CAT-QuickHeal 8.00 10.03.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.04.2006 no virus found
eTrust-InoculateIT 23.73.13 10.04.2006 Win32/Stration.Variant!Worm
eTrust-Vet 30.3.3113 10.03.2006 Win32/Stration!generic
DrWeb 4.33 10.04.2006 Win32.HLLM.Limar
Ewido 4.0 10.04.2006 no virus found
Fortinet 2.82.0.0 10.04.2006 W32/Stration.DR@mm
F-Prot 3.16f 10.03.2006 W32/Warezov.gen!W32DL
F-Prot4 4.2.1.29 10.02.2006 W32/Tricky-Malware-based!Maximus
Ikarus 0.2.65.0 10.04.2006 Packer.byDwing
Kaspersky 4.0.2.24 10.04.2006 Email-Worm.Win32.Warezov.gen
McAfee 4865 10.03.2006 W32/Stration.dr
Microsoft 1.1603 10.04.2006 Win32/Stration.gen!dr
NOD32v2 1.1788 10.03.2006 a variant of Win32/Stration
Norman 5.80.02 10.03.2006 W32/Stration.gen@mm
Panda 9.0.0.4 10.03.2006 Suspicious file
Sophos 4.10.0 10.04.2006 W32/Stratio-AO
Symantec 8.0 10.04.2006 no virus found
TheHacker 6.0.1.091 10.04.2006 W32/Stration@MM
UNA 1.83 10.03.2006 no virus found
VBA32 3.11.1 10.03.2006 suspected of Worm.Warezov.5 (paranoid heuristics)
VirusBuster 4.3.7:9 10.03.2006 Trojan.Opnis.Gen!Pac2

Aditional Information
File size: 149422 bytes
MD5: 92b463742a398d1c1b2b2f43b58adb45
SHA1: 5b01de326250e061990d67a0f570e342de3690b7
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Decompressing Upack?.
* Display message box (Information) : Update successfully installed..
* File length: 149422 bytes.

[ Process/window information ]
* Creates an event called ZAEventEx.
* Creates an event called SGEventEx.
* Creates an event called MAEvent2Ex.
* Creates an event called NISEventEx.
* Creates an event called OPEventEx.
* Attempts to access service "vsmon".
* Creates an event called ActiveZA.
* Attempts to access service "SmcService".
* Creates an event called ActiveSG.
* Attempts to access service "wscsvc".
* Attempts to access service "SharedAccess".
* Attempts to access service "Symantec Core LC".
* Creates an event called ActiveNIS.
* Attempts to access service "OutpostFirewall".
* Creates an event called ActiveOP.
* Attempts to access service "MpfService".
* Creates an event called ActiveMA.
* Attempts to access service "WinRoute".

**Winsent** · 04.10.2006, 23:26

Complete scanning result of "Agytin.scr", received in VirusTotal at 10.04.2006, 20:47:55 (CET).

Antivirus Version Update Result

AntiVir 7.2.0.22 10.04.2006 TR/PSW.LdPinch.axz
Authentium 4.93.8 10.03.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus
Avast 4.7.892.0 10.04.2006 no virus found
AVG 386 10.04.2006 no virus found
BitDefender 7.2 10.04.2006 DeepScan:Generic.PWStealer.91DD6EFA
CAT-QuickHeal 8.00 10.04.2006 W32.Brontok.Q
ClamAV devel-20060426 10.04.2006 no virus found
DrWeb 4.33 10.04.2006 Trojan.PWS.LDPinch.1196
eTrust-InoculateIT 23.73.13 10.04.2006 no virus found
eTrust-Vet 30.3.3114 10.04.2006 no virus found
Ewido 4.0 10.04.2006 Trojan.LdPinch.axz
Fortinet 2.82.0.0 10.04.2006 W32/LdPinch.AXZ!tr.pws
F-Prot 3.16f 10.03.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus
F-Prot4 4.2.1.29 10.04.2006 W32/HLLI-MewOrleans-based!Maximus
Ikarus 0.2.65.0 10.04.2006 no virus found
Kaspersky 4.0.2.24 10.04.2006 Trojan-PSW.Win32.LdPinch.axz
McAfee 4866 10.04.2006 no virus found
Microsoft 1.1603 10.04.2006 Win32/Ldpinch
NOD32v2 1.1789 10.04.2006 no virus found
Norman 5.90.23 10.04.2006 W32/Suspicious_M.gen
Panda 9.0.0.4 10.04.2006 Suspicious file
Sophos 4.10.0 10.04.2006 Mal/Packer
Symantec 8.0 10.04.2006 no virus found
TheHacker 6.0.1.091 10.04.2006 no virus found
UNA 1.83 10.04.2006 no virus found
VBA32 3.11.1 10.04.2006 Trojan-PSW.Win32.LdPinch.axz
VirusBuster 4.3.7:9 10.04.2006 no virus found

Aditional Information
File size: 48259 bytes
MD5: 2066d4c80d5c952357411c746d7ff66c
SHA1: 71aaf54e0412aa3e2e9e11c0c9792f784369b026
packers: MEW

**Exxx** · 05.10.2006, 16:19

Complete scanning result of "playercodec1079.exe", received in VirusTotal at 10.05.2006, 00:29:15 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.22 10.04.2006 TR/Drop.Zlob.acn
Authentium 4.93.8 10.04.2006 no virus found
Avast 4.7.892.0 10.04.2006 no virus found
AVG 386 10.04.2006 Downloader.Zlob.DEZ
BitDefender 7.2 10.04.2006 no virus found
CAT-QuickHeal 8.00 10.04.2006 no virus found
ClamAV devel-20060426 10.04.2006 no virus found
DrWeb 4.33 10.04.2006 no virus found
eTrust-InoculateIT 23.73.13 10.04.2006 no virus found
eTrust-Vet 30.3.3114 10.04.2006 no virus found
Ewido 4.0 10.04.2006 no virus found
Fortinet 2.82.0.0 10.04.2006 no virus found
F-Prot 3.16f 10.04.2006 no virus found
F-Prot4 4.2.1.29 10.04.2006 no virus found
Ikarus 0.2.65.0 10.04.2006 no virus found
Kaspersky 4.0.2.24 10.04.2006 no virus found
McAfee 4866 10.04.2006 no virus found
Microsoft 1.1603 10.04.2006 no virus found
NOD32v2 1.1790 10.04.2006 no virus found
Norman 5.90.23 10.04.2006 no virus found
Panda 9.0.0.4 10.04.2006 no virus found
Sophos 4.10.0 10.04.2006 no virus found
Symantec 8.0 10.04.2006 no virus found
TheHacker 6.0.1.091 10.04.2006 no virus found
UNA 1.83 10.04.2006 no virus found
VBA32 3.11.1 10.04.2006 no virus found
VirusBuster 4.3.7:9 10.04.2006 no virus found

Aditional Information
File size: 73055 bytes
MD5: 2b0329b23efcf409a5c604be7a9120e4
SHA1: 8080331f906431390c53a4e86fac0cb9279ea706

**Alex_Goodwin** · 06.10.2006, 16:44

STATUS: FINISHEDComplete scanning result of "__1056", received in VirusTotal at 10.06.2006, 14:34:20 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.25 10.06.2006 HEUR/Crypted
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.06.2006 no virus found
AVG 386 10.06.2006 PSW.Ldpinch.CGU
BitDefender 7.2 10.06.2006 no virus found
CAT-QuickHeal 8.00 10.06.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.06.2006 no virus found
DrWeb 4.33 10.06.2006 Trojan.PWS.LDPinch.1156
eTrust-InoculateIT 23.73.15 10.06.2006 no virus found
eTrust-Vet 30.3.3115 10.05.2006 no virus found
Ewido 4.0 10.06.2006 Trojan.LdPinch.axr
Fortinet 2.82.0.0 10.06.2006 W32/LdPinch.AXR!tr.pws
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.05.2006 no virus found
Ikarus 0.2.65.0 10.06.2006 no virus found
Kaspersky 4.0.2.24 10.06.2006 Trojan-PSW.Win32.LdPinch.axr
McAfee 4867 10.05.2006 no virus found
Microsoft 1.1603 10.06.2006 no virus found
NOD32v2 1.1793 10.06.2006 no virus found
Norman 5.90.23 10.06.2006 W32/Suspicious_M.gen
Panda 9.0.0.4 10.05.2006 Suspicious file
Sophos 4.10.0 10.05.2006 Mal/Packer
TheHacker 6.0.1.092 10.05.2006 Trojan/PSW.LdPinch.axr
UNA 1.83 10.05.2006 Trojan.PSW.Win32.LdPinch.7F46
VBA32 3.11.1 10.05.2006 suspected of Malware.Agent.26 (paranoid heuristics)
VirusBuster 4.3.7:9 10.05.2006 no virus found

Aditional Information
File size: 199099 bytes
MD5: b28a73ea5d14509f5cfc082e56603eb8
SHA1: 7fe74ca1f158c5e90904d52226a37b7cb1e5f7d4
packers: MEW

Пинч. Выловил мак Афи на работе. На вирустотале макафи его уже не взял. Базы?

**ISO** · 07.10.2006, 07:39

Судя по названию разработчик пинча, а некотыре антивирусы похоже с ним до сих пор не знакомы

Complete scanning result of "PinchBuilder.exe", received in VirusTotal at 10.07.2006, 05:29:31 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.25 10.06.2006 TR/PSW.LdPinch.aju
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.06.2006 Win32:Trojan-gen. {UPX!}
AVG 386 10.06.2006 PSW.Ldpinch.AVH
BitDefender 7.2 10.07.2006 Trojan.Pws.Ldpinch.AJU
CAT-QuickHeal 8.00 10.06.2006 no virus found
ClamAV devel-20060426 10.07.2006 no virus found
DrWeb 4.33 10.06.2006 Trojan.PWS.Banker.3909
eTrust-InoculateIT 23.73.16 10.07.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 no virus found
Ewido 4.0 10.06.2006 Trojan.LdPinch.aju
Fortinet 2.82.0.0 10.07.2006 W32/LdPinch.AJU!tr.pws
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.06.2006 no virus found
Ikarus 0.2.65.0 10.07.2006 no virus found
Kaspersky 4.0.2.24 10.07.2006 Trojan-PSW.Win32.LdPinch.aju
McAfee 4868 10.06.2006 no virus found
Microsoft 1.1603 10.07.2006 no virus found
NOD32v2 1.1794 10.06.2006 Win32/PSW.LdPinch.AJU
Norman 5.80.02 10.06.2006 W32/LdPinch.CZD
Panda 9.0.0.4 10.06.2006 Suspicious file
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.093 10.06.2006 no virus found
UNA 1.83 10.06.2006 Trojan.PSW.Win32.LdPinch.2FCF
VBA32 3.11.1 10.06.2006 Trojan-PSW.Win32.LdPinch.aju
VirusBuster 4.3.7:9 10.06.2006 Trojan.PWS.LdPinch.NJ

Aditional Information
File size: 246784 bytes
MD5: 94d2ace74c7e946a2985a48986acd8c6
SHA1: 977aeb78f714df76bd087e860e97547eb3579094
packers: UPX
packers: UPX
packers: UPX

**Sanja** · 07.10.2006, 17:19

Приполз по аське - ссылка от 170435134

STATUS: FINISHEDComplete scanning result of "lt.exe", received in VirusTotal at 10.07.2006, 15:12:59 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.25 10.06.2006 HEUR/Crypted
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.07.2006 no virus found
AVG 386 10.06.2006 no virus found
BitDefender 7.2 10.07.2006 DeepScan:Generic.Stration.EBB41240
CAT-QuickHeal 8.00 10.07.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.07.2006 no virus found
DrWeb 4.33 10.07.2006 Win32.HLLM.Limar
eTrust-InoculateIT 23.73.16 10.07.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 no virus found
Ewido 4.0 10.07.2006 Worm.Warezov.co
Fortinet 2.82.0.0 10.07.2006 W32/Warezov.CO@mm
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.06.2006 no virus found
Ikarus 0.2.65.0 10.07.2006 Packer.byDwing
Kaspersky 4.0.2.24 10.07.2006 Email-Worm.Win32.Warezov.co
McAfee 4868 10.06.2006 New Malware.n
Microsoft 1.1603 10.07.2006 no virus found
NOD32v2 1.1794 10.06.2006 a variant of Win32/Stration
Norman 5.80.02 10.06.2006 no virus found
Panda 9.0.0.4 10.06.2006 Suspicious file
Sophos 4.10.0 10.05.2006 Mal/Packer
TheHacker 6.0.1.093 10.06.2006 no virus found
UNA 1.83 10.06.2006 no virus found
VBA32 3.11.1 10.06.2006 no virus found
VirusBuster 4.3.7:9 10.06.2006 no virus found

**drongo** · 07.10.2006, 21:42

Complete scanning result of "a20.exe", received in VirusTotal at 10.07.2006, 19:28:27 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.25 10.06.2006 TR/Packed.CryptExe
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.07.2006 no virus found
AVG 386 10.07.2006 Win32/CryptExe
BitDefender 7.2 10.07.2006 GenPack:Generic.Sdbot.A0C70812
CAT-QuickHeal 8.00 10.07.2006 no virus found
ClamAV devel-20060426 10.07.2006 no virus found
DrWeb 4.33 10.07.2006 Win32.HLLW.MyBot
eTrust-InoculateIT 23.73.16 10.07.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 no virus found
Ewido 4.0 10.07.2006 Backdoor.SdBot.avd
Fortinet 2.82.0.0 10.07.2006 suspicious
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.06.2006 generic
Ikarus 0.2.65.0 10.07.2006 no virus found
Kaspersky 4.0.2.24 10.07.2006 no virus found
McAfee 4868 10.06.2006 no virus found
Microsoft 1.1603 10.07.2006 no virus found
NOD32v2 1.1794 10.06.2006 a variant of IRC/SdBot
Norman 5.80.02 10.06.2006 W32/Malware.BBT
Panda 9.0.0.4 10.07.2006 W32/Sdbot.IJN.worm
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.093 10.06.2006 no virus found
UNA 1.83 10.06.2006 no virus found
VBA32 3.11.1 10.06.2006 suspected of Backdoor.xBot.1 (paranoid heuristics)
VirusBuster 4.3.7:9 10.07.2006 Worm.SdBot.CVO

Aditional Information
File size: 77312 bytes
MD5: cd3e5ed0109a0060fcc7c62fcb69c6a7
SHA1: 9d12e44dffed9cae34a397909ecd452795b3e062
packers: EXECryptor

Complete scanning result of "kber.exe", received in VirusTotal at 10.07.2006, 19:43:22 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.25 10.06.2006 TR/Packed.CryptExe
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.07.2006 no virus found
AVG 386 10.07.2006 Win32/CryptExe
BitDefender 7.2 10.07.2006 no virus found
CAT-QuickHeal 8.00 10.07.2006 Backdoor.Sdbot.gen
ClamAV devel-20060426 10.07.2006 no virus found
DrWeb 4.33 10.07.2006 Win32.HLLW.MyBot
eTrust-InoculateIT 23.73.16 10.07.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 no virus found
Ewido 4.0 10.07.2006 no virus found
Fortinet 2.82.0.0 10.07.2006 suspicious
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.06.2006 no virus found
Ikarus 0.2.65.0 10.07.2006 no virus found
Kaspersky 4.0.2.24 10.07.2006 no virus found
McAfee 4868 10.06.2006 no virus found
Microsoft 1.1603 10.07.2006 no virus found
NOD32v2 1.1794 10.06.2006 no virus found
Norman 5.80.02 10.06.2006 no virus found
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.093 10.06.2006 no virus found
UNA 1.83 10.06.2006 no virus found
VBA32 3.11.1 10.06.2006 suspected of Backdoor.xBot.1 (paranoid heuristics)
VirusBuster 4.3.7:9 10.07.2006 Worm.SdBot.CVO

Aditional Information
File size: 128000 bytes
MD5: b8a540991466e3f35ca0370cf5d27a79
SHA1: 687c2c7be5da959b5169a7ddb4b6e1b2268cbb1b
packers: EXECryptor
Мост , из темы "тихий ужас" : кав пока ещё не детектит ,я им ещё раз послал

**Winsent** · 08.10.2006, 10:16

Complete scanning result of "fabrika_zvezd.exe", received in VirusTotal at 10.08.2006, 08:08:11 (CET).

Antivirus Version Update Result

AntiVir 7.2.0.25 10.06.2006 TR/Dldr.Small.dib.6
Authentium 4.93.8 10.06.2006 Possibly a new variant of W32/Downloader-Sml-based!Maximus
Avast 4.7.892.0 10.07.2006 Win32:Small-BSO
AVG 386 10.07.2006 Downloader.Harnig.AM
BitDefender 7.2 10.08.2006 DeepScan:Generic.Malware.dld!!g.AB061EF4
CAT-QuickHeal 8.00 10.07.2006 no virus found
ClamAV devel-20060426 10.08.2006 no virus found
DrWeb 4.33 10.07.2006 Trojan.DownLoader.13549
eTrust-InoculateIT 23.73.16 10.07.2006 Win32/SillyDL!Trojan
eTrust-Vet 30.3.3118 10.06.2006 Win32/Harnig!generic
Ewido 4.0 10.07.2006 no virus found
Fortinet 2.82.0.0 10.08.2006 W32/Harnig.CU!tr.dldr
F-Prot 3.16f 10.06.2006 Possibly a new variant of W32/Downloader-Sml-based!Maximus
F-Prot4 4.2.1.29 10.06.2006 W32/Downloader-Sml-based!Maximus
Ikarus 0.2.65.0 10.07.2006 no virus found
Kaspersky 4.0.2.24 10.08.2006 Trojan-Downloader.Win32.Harnig.cu
McAfee 4868 10.06.2006 no virus found
Microsoft 1.1603 10.08.2006 TrojanDownloader:Win32/Vxidl
NOD32v2 1.1794 10.06.2006 a variant of Win32/TrojanDownloader.Small.DIB
Norman 5.80.02 10.06.2006 W32/DLoader.gen2
Panda 9.0.0.4 10.07.2006 Suspicious file
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.093 10.06.2006 Trojan/Downloader.Tibs.gen
UNA 1.83 10.06.2006 no virus found
VBA32 3.11.1 10.08.2006 suspected of Trojan-Downloader.Win32.Small.dnt.1 (paranoid heuristics)
VirusBuster 4.3.7:9 10.07.2006 Trojan.DL.Harnig.Gen.3

Aditional Information
File size: 7680 bytes
MD5: 4b329eaeb9532e8d68520e032b8d01a0
SHA1: 0c379ff277cb878317e9155389a99f5d84526a4f
packers: UPX
packers: UPX
packers: UPX

**MOCT** · 08.10.2006, 19:14

Complete scanning result of "avz00001.dta", received in VirusTotal at 10.08.2006, 17:11:17 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.25 10.06.2006 BDS/Iroffer.14b2.B
Authentium 4.93.8 10.06.2006 W32/Backdoor.HVJ
Avast 4.7.892.0 10.08.2006 Win32:Trojano-1333
AVG 386 10.07.2006 BackDoor.Generic.URF
BitDefender 7.2 10.08.2006 Backdoor.Irc.Elmer.A
CAT-QuickHeal 8.00 10.07.2006 no virus found
ClamAV devel-20060426 10.08.2006 no virus found
eTrust-InoculateIT 23.73.16 10.07.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 Win32/Identdhack.A
DrWeb 4.33 10.08.2006 BackDoor.IRC.Elmer
Ewido 4.0 10.08.2006 no virus found
Fortinet 2.82.0.0 10.08.2006 W32/CPB.A!tr.bdr
F-Prot 3.16f 10.06.2006 security risk named W32/Backdoor.HVJ
F-Prot4 4.2.1.29 10.06.2006 W32/Backdoor.HVJ
Ikarus 0.2.65.0 10.07.2006 Backdoor.Win32.Noer
Kaspersky 4.0.2.24 10.08.2006 no virus found
McAfee 4868 10.06.2006 BackDoor-CPB
Microsoft 1.1603 10.08.2006 no virus found
NOD32v2 1.1794 10.06.2006 no virus found
Norman 5.80.02 10.06.2006 no virus found
Panda 9.0.0.4 10.08.2006 Bck/Zapchast.BB
Sophos 4.10.0 10.05.2006 Troj/Bckdr-LBG
TheHacker 6.0.1.093 10.06.2006 Trojan/Small
UNA 1.83 10.06.2006 Backdoor.Noer.BFD9
VBA32 3.11.1 10.08.2006 BackDoor.Noer
VirusBuster 4.3.7:9 10.07.2006 no virus found

Aditional Information
File size: 11776 bytes
MD5: 80858f87275634946eed13b514222cdb
SHA1: 518d634a2bd8a7723638256ff66eaf3b7a06e755

**mvlab** · 09.10.2006, 11:06

Complete scanning result of "ied__1_._xe", received in VirusTotal at 10.09.2006, 08:49:50 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.25 10.09.2006 TR/Dldr.Medike.CT.2
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.08.2006 Win32:Mediket-D
AVG 386 10.07.2006 no virus found
BitDefender 7.2 10.08.2006 no virus found
CAT-QuickHeal 8.00 10.07.2006 no virus found
ClamAV devel-20060426 10.08.2006 no virus found
DrWeb 4.33 10.08.2006 Trojan.PWS.Vipgsm
eTrust-InoculateIT 23.73.16 10.07.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 no virus found
Ewido 4.0 10.08.2006 Downloader.Mediket.ct
Fortinet 2.82.0.0 10.09.2006 no virus found
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.06.2006 no virus found
Ikarus 0.2.65.0 10.07.2006 no virus found
Kaspersky 4.0.2.24 10.09.2006 no virus found
McAfee 4868 10.06.2006 no virus found
Microsoft 1.1603 10.09.2006 no virus found
NOD32v2 1.1794 10.06.2006 no virus found
Norman 5.80.02 10.06.2006 no virus found
Panda 9.0.0.4 10.08.2006 Suspicious file
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.094 10.08.2006 no virus found
UNA 1.83 10.06.2006 no virus found
VBA32 3.11.1 10.08.2006 suspected of Trojan-Downloader.Agent.149 (paranoid heuristics)
VirusBuster 4.3.7:9 10.08.2006 no virus found

Aditional Information
File size: 11264 bytes
MD5: 53adf27b79eab83d786cc2ae4d654b1c

**HATTIFNATTOR** · 09.10.2006, 23:35

* name: mediaview.cab
* size: 34082
* md5.: 106453777d793c91c5fdaedd7ca093b6
* sha1: 64f1dcb1de4729daebf4514d7bafba19dbb4aafc

[ scan result ]
AntiVir 7.2.0.25/20061009 found nothing
Authentium 4.93.8/20061006 found nothing
Avast 4.7.892.0/20061008 found [Win32:VB-MM]
AVG 386/20061007 found nothing
BitDefender 7.2/20061009 found nothing
CAT-QuickHeal 8.00/20061007 found nothing
ClamAV devel-20060426/20061009 found nothing
DrWeb 4.33/20061009 found nothing
eTrust-InoculateIT 23.73.16/20061007 found nothing
eTrust-Vet 30.3.3123/20061009 found nothing
Ewido 4.0/20061009 found nothing
F-Prot 3.16f/20061009 found nothing
F-Prot4 4.2.1.29/20061006 found nothing
Fortinet 2.82.0.0/20061009 found [Adware/MediaMotor]
Ikarus 0.2.65.0/20061009 found nothing
Kaspersky 4.0.2.24/20061009 found nothing
McAfee 4869/20061009 found [potentially unwanted program Adware-MediaMotor]
Microsoft 1.1603/20061009 found nothing
NOD32v2 1.1795/20061009 found nothing
Norman 5.80.02/20061009 found nothing
Panda 9.0.0.4/20061009 found nothing
Sophos 4.10.0/20061005 found nothing
TheHacker 6.0.1.094/20061008 found nothing
UNA 1.83/20061009 found nothing
VBA32 3.11.1/20061008 found [Dialer.EMSAT#1]
VirusBuster 4.3.7:9/20061009 found nothing

* name: 3138302D2D2D.exe
* size: 52600
* md5.: b68ed90f1032379972a2653688bf9617
* sha1: 9e147403b502ec6df535da0e05e8f556bb8fb993

[ scan result ]
AntiVir 7.2.0.25/20061009 found nothing
Authentium 4.93.8/20061006 found [Possibly a new variant of W32/VB-EMU:VB-Downloader-Minimi-based!Maximus]
Avast 4.7.892.0/20061008 found nothing
AVG 386/20061007 found nothing
BitDefender 7.2/20061009 found nothing
CAT-QuickHeal 8.00/20061007 found nothing
ClamAV devel-20060426/20061009 found [Trojan.Downloader.Adload-67]
DrWeb 4.33/20061009 found nothing
eTrust-InoculateIT 23.73.16/20061007 found nothing
eTrust-Vet 30.3.3123/20061009 found nothing
Ewido 4.0/20061009 found nothing
F-Prot 3.16f/20061009 found [Possibly a new variant of W32/VB-EMU:VB-Downloader-Minimi-based!Maximus]
F-Prot4 4.2.1.29/20061006 found [W32/VB-EMU:VB-Downloader-Minimi-based!Maximus]
Fortinet 2.82.0.0/20061009 found nothing
Ikarus 0.2.65.0/20061009 found nothing
Kaspersky 4.0.2.24/20061009 found nothing
McAfee 4869/20061009 found nothing
Microsoft 1.1603/20061009 found nothing
NOD32v2 1.1795/20061009 found [a variant of Win32/TrojanDownloader.Adload.NAN]
Norman 5.80.02/20061009 found nothing
Panda 9.0.0.4/20061009 found [Adware/ISearch]
Sophos 4.10.0/20061005 found nothing
TheHacker 6.0.1.094/20061008 found nothing
UNA 1.83/20061009 found nothing
VBA32 3.11.1/20061008 found nothing
VirusBuster 4.3.7:9/20061009 found nothing

**ISO** · 10.10.2006, 13:51

Пришло письмо такого содержания:

От кого:
Даша <[email protected]>
Привет. Я уже вернулась с отпуска. Если свободен в выходные давай встретимся, ок? Ещ тебе несколько фоток выслала, они в архиве, это то что с отпуска. ну короче, жду. пока.
Прикрепленные данные: на волнах.exe (application/octet-stream, 11K)

Complete scanning result of "_________.exe", received in VirusTotal at 10.10.2006, 11:41:30 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.25 10.09.2006 TR/Dldr.Delf.awg.2
Authentium 4.93.8 10.09.2006 no virus found
Avast 4.7.892.0 10.10.2006 Win32

elf-BNL
AVG 386 10.10.2006 Downloader.Generic2.NUB
BitDefender 7.2 10.10.2006 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 8.00 10.07.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.10.2006 Trojan.Downloader.Small-2298
DrWeb 4.33 10.10.2006 Trojan.DownLoader.12541
eTrust-InoculateIT 23.73.18 10.10.2006 no virus found
eTrust-Vet 30.3.3125 10.10.2006 Win32/Areses
Ewido 4.0 10.10.2006 Downloader.Delf.awg
Fortinet 2.82.0.0 10.10.2006 W32/Delf.AWG!tr.dldr
F-Prot 3.16f 10.09.2006 no virus found
F-Prot4 4.2.1.29 10.09.2006 no virus found
Ikarus 0.2.65.0 10.10.2006 Packer.byDwing
Kaspersky 4.0.2.24 10.10.2006 Trojan-Downloader.Win32.Delf.awg
McAfee 4869 10.09.2006 Downloader-AWA
Microsoft 1.1603 10.10.2006 no virus found
NOD32v2 1.1796 10.10.2006 a variant of Win32/TrojanDownloader.Delf.AJD
Norman 5.80.02 10.10.2006 W32/Downloader
Panda 9.0.0.4 10.09.2006 Trj/Downloader.KHM
Sophos 4.10.0 10.05.2006 Mal/Packer
TheHacker 6.0.1.094 10.08.2006 no virus found
UNA 1.83 10.09.2006 TrojanDownloader.Win32.Delf.CF270
VBA32 3.11.1 10.09.2006 Trojan-Downloader.Win32.Delf.awg
VirusBuster 4.3.7:9 10.09.2006 no virus found

Aditional Information
File size: 11146 bytes
MD5: 27a18bccc62f52472a1cbb146d655c74
SHA1: a4c38f6588550fcff430b1b1b5d66dc730a5e714
packers: Upack
packers: UPACK
packers: UPack
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* **Locates window "NULL [class AVP.AlertDialog]" on desktop.
* File length: 11146 bytes.

[ Changes to filesystem ]
* Creates file C:WINDOWSTEMPcsrss.exe.

[ Changes to registry ]
* Sets value "m"="m" in key "HKCUSoftwareMicrosoftWindows".

[ Network services ]
* Looks for an Internet connection.
* Opens URL: _http://rikoger.com/lonus/1/1.ехе

[ Security issues ]
* Starting downloaded file - potential security problem.

[ Process/window information ]
* Modifies other process memory.
* Attemps to open C:WINDOWSTEMPcsrss.exe NULL.

**Зайцев Олег** · 10.10.2006, 15:58

STATUS: FINISHEDComplete scanning result of "netcheck.exe", received in VirusTotal at 10.10.2006, 13:56:06 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.25 10.09.2006 HEUR/Crypted
Authentium 4.93.8 10.09.2006 no virus found
Avast 4.7.892.0 10.10.2006 no virus found
AVG 386 10.10.2006 May be infected by unknown virus .MPH
BitDefender 7.2 10.10.2006 no virus found
CAT-QuickHeal 8.00 10.07.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.10.2006 no virus found
eTrust-InoculateIT 23.73.18 10.10.2006 Win32/VstDoorDL.6vj!Trojan
eTrust-Vet 30.3.3125 10.10.2006 Win32/Chusk!generic
DrWeb 4.33 10.10.2006 Trojan.Inject.154
Ewido 4.0 10.10.2006 no virus found
Fortinet 2.82.0.0 10.10.2006 W32/NewThreat!Morphine
F-Prot 3.16f 10.09.2006 no virus found
F-Prot4 4.2.1.29 10.09.2006 generic
Ikarus 0.2.65.0 10.10.2006 no virus found
Kaspersky 4.0.2.24 10.10.2006 no virus found
McAfee 4869 10.09.2006 New Malware.h
Microsoft 1.1603 10.10.2006 no virus found
NOD32v2 1.1796 10.10.2006 probably a variant of Win32/TrojanDownloader.Delf.NHO
Norman 5.80.02 10.10.2006 no virus found
Panda 9.0.0.4 10.09.2006 Suspicious file
Sophos 4.10.0 10.05.2006 Troj/Daemoni-AP
TheHacker 6.0.1.094 10.08.2006 no virus found
UNA 1.83 10.09.2006 no virus found
VBA32 3.11.1 10.09.2006 Trojan-Downloader.Win32.Agent.ayf
VirusBuster 4.3.7:9 10.09.2006 no virus found

Aditional Information
File size: 9728 bytes
MD5: 38d234347926e53c9898353d6444ba95
SHA1: e36a8c83e59e46a44e2ac1c0762ac7a8f4737cdb
packers: Morphine, FSG

**Зайцев Олег** · 10.10.2006, 16:02

STATUS: FINISHEDComplete scanning result of "__1056", received in VirusTotal at 10.10.2006, 14:00:24 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.25 10.09.2006 DR/Radmin.J.10
Authentium 4.93.8 10.09.2006 no virus found
Avast 4.7.892.0 10.10.2006 Win32

elf-MK
AVG 386 10.10.2006 May be infected by unknown virus .MPH
BitDefender 7.2 10.10.2006 Dropped:Backdoor.Radmin.J
CAT-QuickHeal 8.00 10.07.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.10.2006 no virus found
DrWeb 4.33 10.10.2006 no virus found
eTrust-InoculateIT 23.73.18 10.10.2006 no virus found
eTrust-Vet 30.3.3125 10.10.2006 Win32/Badmin.O
Ewido 4.0 10.10.2006 no virus found
Fortinet 2.82.0.0 10.10.2006 suspicious
F-Prot 3.16f 10.09.2006 no virus found
F-Prot4 4.2.1.29 10.09.2006 no virus found
Ikarus 0.2.65.0 10.10.2006 no virus found
Kaspersky 4.0.2.24 10.10.2006 no virus found
McAfee 4869 10.09.2006 New Malware.h
Microsoft 1.1603 10.10.2006 no virus found
NOD32v2 1.1796 10.10.2006 a variant of Win32/Radmin.J
Norman 5.90.23 10.10.2006 no virus found
Panda 9.0.0.4 10.09.2006 Suspicious file
Sophos 4.10.0 10.05.2006 Mal/Packer
TheHacker 6.0.1.094 10.08.2006 no virus found
UNA 1.83 10.09.2006 no virus found
VBA32 3.11.1 10.09.2006 no virus found
VirusBuster 4.3.7:9 10.09.2006 no virus found

Aditional Information
File size: 245760 bytes
MD5: 09f1e84e2ad58dc0db562821de271d6a

**saicat** · 12.10.2006, 14:30

Вчера был найден вживую на компе клиента.

Complete scanning result of "rkgarwpi.exe", received in VirusTotal at 10.12.2006, 12:21:51 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.25 10.12.2006 BDS/Rustock.F
Authentium 4.93.8 10.12.2006 no virus found
Avast 4.7.892.0 10.11.2006 no virus found
AVG 386 10.11.2006 BackDoor.Generic3.LIH
BitDefender 7.2 10.12.2006 Backdoor.Rustock.F
CAT-QuickHeal 8.00 10.11.2006 Backdoor.Rustock.p
ClamAV devel-20060426 10.12.2006 no virus found
DrWeb 4.33 10.12.2006 Trojan.Spambot
eTrust-InoculateIT 23.73.20 10.11.2006 no virus found
eTrust-Vet 30.3.3129 10.12.2006 no virus found
Ewido 4.0 10.12.2006 no virus found
Fortinet 2.82.0.0 10.12.2006 W32/RUSTOCK.P!tr.bdr
F-Prot 3.16f 10.12.2006 no virus found
F-Prot4 4.2.1.29 10.12.2006 no virus found
Ikarus 0.2.65.0 10.12.2006 no virus found
Kaspersky 4.0.2.24 10.12.2006 no virus found
McAfee 4871 10.11.2006 no virus found
Microsoft 1.1603 10.12.2006 no virus found
NOD32v2 1.1799 10.12.2006 no virus found
Norman 5.80.02 10.12.2006 no virus found
Panda 9.0.0.4 10.11.2006 Suspicious file
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.096 10.11.2006 no virus found
UNA 1.83 10.11.2006 no virus found
VBA32 3.11.1 10.11.2006 suspected of Embedded.Trojan.Spambot
VirusBuster 4.3.7:9 10.11.2006 no virus found

Aditional Information
File size: 76288 bytes
MD5: f89acb8770cfeb029e1fb21c01564960
SHA1: eb5953ba20b8ee5e36ff9154e207eeb081455e8e

**Shu_b** · 12.10.2006, 23:16

Сумма

**ISO** · 13.10.2006, 11:14

пришла ссылка по аське, в результате такой итог:
Complete scanning result of "goodday_movi.exe", received in VirusTotal at 10.13.2006, 08:55:53 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.30 10.13.2006 HEUR/Crypted
Authentium 4.93.8 10.13.2006 no virus found
Avast 4.7.892.0 10.12.2006 no virus found
AVG 386 10.12.2006 no virus found
BitDefender 7.2 10.13.2006 DeepScan:Generic.Stration.5BAC4313
CAT-QuickHeal 8.00 10.12.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.12.2006 no virus found
DrWeb 4.33 10.13.2006 no virus found
eTrust-InoculateIT 23.73.21 10.12.2006 no virus found
eTrust-Vet 30.3.3131 10.13.2006 no virus found
Ewido 4.0 10.12.2006 no virus found
Fortinet 2.82.0.0 10.13.2006 W32/Warezov@mm
F-Prot 3.16f 10.12.2006 no virus found
F-Prot4 4.2.1.29 10.13.2006 no virus found
Ikarus 0.2.65.0 10.12.2006 Packer.byDwing
Kaspersky 4.0.2.24 10.13.2006 Email-Worm.Win32.Warezov.gen
McAfee 4872 10.12.2006 New Malware.n
Microsoft 1.1603 10.13.2006 no virus found
NOD32v2 1.1801 10.12.2006 a variant of Win32/Stration
Norman 5.90.23 10.12.2006 no virus found
Panda 9.0.0.4 10.12.2006 Suspicious file
Sophos 4.10.0 10.05.2006 Mal/Packer
TheHacker 6.0.1.096 10.11.2006 no virus found
UNA 1.83 10.12.2006 I-Worm.Warezov
VBA32 3.11.1 10.12.2006 no virus found
VirusBuster 4.3.7:9 10.12.2006 no virus found

Aditional Information
File size: 53070 bytes
MD5: 534c5bfd0ecb7f6bded1f3b3256a8219
SHA1: 33abe4dda038bbe8ca07b714b9d73a6c2358a9af

**Winsent** · 13.10.2006, 12:34

Complete scanning result of "fabrik.scr", received in VirusTotal at 10.13.2006, 10:26:27 (CET).

Antivirus Version Update Result

AntiVir 7.2.0.30 10.13.2006 HEUR/Crypted
Authentium 4.93.8 10.13.2006 could be a corrupted executable file
Avast 4.7.892.0 10.12.2006 no virus found
AVG 386 10.12.2006 no virus found
BitDefender 7.2 10.13.2006 no virus found
CAT-QuickHeal 8.00 10.12.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.12.2006 no virus found
DrWeb 4.33 10.13.2006 no virus found
eTrust-InoculateIT 23.73.21 10.12.2006 no virus found
eTrust-Vet 30.3.3131 10.13.2006 no virus found
Ewido 4.0 10.13.2006 no virus found
Fortinet 2.82.0.0 10.13.2006 suspicious
F-Prot 3.16f 10.12.2006 no virus found
F-Prot4 4.2.1.29 10.13.2006 no virus found
Ikarus 0.2.65.0 10.12.2006 no virus found
Kaspersky 4.0.2.24 10.13.2006 no virus found
McAfee 4872 10.12.2006 no virus found
Microsoft 1.1603 10.13.2006 no virus found
NOD32v2 1.1801 10.12.2006 no virus found
Norman 5.80.02 10.13.2006 no virus found
Panda 9.0.0.4 10.12.2006 no virus found
Sophos 4.10.0 10.13.2006 no virus found
TheHacker 6.0.1.096 10.11.2006 no virus found
UNA 1.83 10.12.2006 no virus found
VBA32 3.11.1 10.12.2006 no virus found
VirusBuster 4.3.7:9 10.12.2006 no virus found

Aditional Information
File size: 42030 bytes
MD5: 3e17ef909d9998ef8855f5e2b86e5e89
SHA1: 02c50f9c6f328e1aa5d0c4a9e3ba8c2714819975
packers: PecBundle, PECompact

PS: Очередной Pinch Trojan-PSW.Win32.LdPinch.azo по KAV

**Alexey P.** · 13.10.2006, 13:27

Complete scanning result of "net.exe", received in VirusTotal at 10.13.2006, 11

11
(CET).

Antivirus Version Update Result
AntiVir 7.2.0.30 10.13.2006 HEUR/Malware
Authentium 4.93.8 10.13.2006 no virus found
Avast 4.7.892.0 10.12.2006 Win32:SdBot-gen22
AVG 386 10.12.2006 no virus found
BitDefender 7.2 10.13.2006 Generic.Malware.SWX!N!g.98715918
CAT-QuickHeal 8.00 10.12.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.12.2006 no virus found
DrWeb 4.33 10.13.2006 WIN.WORM.Virus
eTrust-InoculateIT 23.73.21 10.12.2006 no virus found
eTrust-Vet 30.3.3131 10.13.2006 no virus found
Ewido 4.0 10.13.2006 no virus found
Fortinet 2.82.0.0 10.13.2006 suspicious
F-Prot 3.16f 10.12.2006 no virus found
F-Prot4 4.2.1.29 10.13.2006 no virus found
Ikarus 0.2.65.0 10.12.2006 no virus found
Kaspersky 4.0.2.24 10.13.2006 no virus found
McAfee 4872 10.12.2006 no virus found
Microsoft 1.1603 10.13.2006 no virus found
NOD32v2 1.1802 10.13.2006 probably unknown NewHeur_PE virus
Norman 5.80.02 10.13.2006 W32/Suspicious_U.gen
Panda 9.0.0.4 10.12.2006 Suspicious file
Sophos 4.10.0 10.13.2006 Exp/MS04011-A
TheHacker 6.0.1.097 10.13.2006 no virus found
UNA 1.83 10.12.2006 no virus found
VBA32 3.11.1 10.12.2006 no virus found
VirusBuster 4.3.7:9 10.12.2006 no virus found

Aditional Information
File size: 31648 bytes
MD5: ac2dfe3f750b20f903e13fc108621e0c
SHA1: dc4c7b40cbca40698e11b0b67364bebafd125b88
packers: Upack
packers: UPACK
packers: UPack

Исследование антивирусов 4

Опции темы

Похожие темы

Исследование антивирусов 7

Исследование антивирусов 6

Исследование антивирусов 5

Исследование антивирусов 3

Исследование антивирусов 2

Ваши права в разделе