Исследование антивирусов 4

**Exxx** · 16.08.2006, 14:43

Complete scanning result of "1.exe", received in VirusTotal at 08.16.2006, 12:15:53 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.0 08.16.2006 SecurityPrivacyRisk/Hoax.Delf.L riskware
Authentium 4.93.8 08.15.2006 no virus found
Avast 4.7.844.0 08.15.2006 no virus found
AVG 386 08.15.2006 no virus found
BitDefender 7.2 08.16.2006 no virus found
CAT-QuickHeal 8.00 08.14.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 08.16.2006 no virus found
DrWeb 4.33 08.16.2006 no virus found
eTrust-InoculateIT 23.72.98 08.15.2006 no virus found
eTrust-Vet 30.3.3022 08.16.2006 no virus found
Ewido 4.0 08.16.2006 no virus found
Fortinet 2.77.0.0 08.16.2006 Misc/Delf
F-Prot 3.16f 08.15.2006 no virus found
F-Prot4 4.2.1.29 08.15.2006 no virus found
Ikarus 0.2.65.0 08.16.2006 no virus found
Kaspersky 4.0.2.24 08.16.2006 not-virus:Hoax.Win32.Delf.l
McAfee 4830 08.15.2006 no virus found
Microsoft 1.1508 08.16.2006 no virus found
NOD32v2 1.1709 08.16.2006 no virus found
Norman 5.90.23 08.15.2006 no virus found
Panda 9.0.0.4 08.15.2006 no virus found
Sophos 4.08.0 08.16.2006 no virus found
Symantec 8.0 08.16.2006 no virus found
TheHacker 5.9.8.192 08.14.2006 no virus found
UNA 1.83 08.15.2006 no virus found
VBA32 3.11.0 08.15.2006 no virus found
VirusBuster 4.3.7:9 08.15.2006 no virus found

Aditional Information
File size: 290816 bytes
MD5: ed220fc24547afbc7dcbd692f474b3bc
SHA1: c1cd2de5cc837200745e9ca8a561b7bfbcecc75f
packers: PecBundle, PECompact

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**Alexey P.** · 16.08.2006, 15:35

Complete scanning result of "xz.exe", received in VirusTotal at 08.16.2006, 12:27:06
(CET).

Antivirus Version Update Result
AntiVir 6.35.1.0 08.16.2006 TR/Hijack.Explor.443
Authentium 4.93.8 08.15.2006 no virus found
Avast 4.7.844.0 08.15.2006 Win32

ineage-234
AVG 386 08.15.2006 Worm/Delf.JH
BitDefender 7.2 08.16.2006 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 8.00 08.14.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 08.16.2006 no virus found
DrWeb 4.33 08.16.2006 Win32.HLLW.Gavir.8
eTrust-InoculateIT 23.72.98 08.15.2006 no virus found
eTrust-Vet 30.3.3022 08.16.2006 Win32/Lineage!generic
Ewido 4.0 08.16.2006 Trojan.Lineage.afk
Fortinet 2.77.0.0 08.16.2006 suspicious
F-Prot 3.16f 08.15.2006 no virus found
F-Prot4 4.2.1.29 08.15.2006 no virus found
Ikarus 0.2.65.0 08.16.2006 no virus found
Kaspersky 4.0.2.24 08.16.2006 no virus found
McAfee 4830 08.15.2006 W32/HLLP.Philis
Microsoft 1.1508 08.16.2006 no virus found
NOD32v2 1.1709 08.16.2006 a variant of Win32/Viking
Norman 5.90.23 08.15.2006 W32/Suspicious_U.gen
Panda 9.0.0.4 08.15.2006 Suspicious file
Sophos 4.08.0 08.16.2006 no virus found
Symantec 8.0 08.16.2006 W32.Looked.P
TheHacker 5.9.8.192 08.14.2006 no virus found
UNA 1.83 08.15.2006 no virus found
VBA32 3.11.0 08.15.2006 suspected of Trojan-PSW.Lineage.1
VirusBuster 4.3.7:9 08.15.2006 no virus found

Aditional Information
File size: 31688 bytes
MD5: 27976d7afd602d5eabffbd42ece71d20
SHA1: 8f7aa783d2d3b85699a348b1baf9e86efd86a75c
packers: UPack

**ISO** · 18.08.2006, 07:08

Complete scanning result of "zylomgamesplayer.dll", received in VirusTotal at 08.18.2006, 04:57:55 (CET).
Antivirus Version Update Result
AntiVir 6.35.1.0 08.17.2006 no virus found
Authentium 4.93.8 08.17.2006 no virus found
Avast 4.7.844.0 08.17.2006 no virus found
AVG 386 08.17.2006 no virus found
BitDefender 7.2 08.18.2006 no virus found
CAT-QuickHeal 8.00 08.17.2006 no virus found
ClamAV devel-20060426 08.18.2006 no virus found
DrWeb 4.33 08.17.2006 no virus found
eTrust-InoculateIT 23.72.100 08.17.2006 no virus found
eTrust-Vet 30.3.3024 08.17.2006 no virus found
Ewido 4.0 08.17.2006 no virus found
Fortinet 2.77.0.0 08.18.2006 no virus found
F-Prot 3.16f 08.17.2006 no virus found
F-Prot4 4.2.1.29 08.17.2006 no virus found
Ikarus 0.2.65.0 08.17.2006 no virus found
Kaspersky 4.0.2.24 08.18.2006 no virus found
McAfee 4831 08.17.2006 no virus found
Microsoft 1.1560 08.17.2006 no virus found
NOD32v2 1.1713 08.17.2006 no virus found
Norman 5.90.23 08.17.2006 no virus found
Panda 9.0.0.4 08.17.2006 no virus found
Sophos 4.08.0 08.17.2006 no virus found
Symantec 8.0 08.18.2006 no virus found
TheHacker 5.9.8.193 08.16.2006 no virus found
UNA 1.83 08.17.2006 Adware.Hotbar.1D84
VBA32 3.11.0 08.18.2006 Trojan.StartPage.1381
VirusBuster 4.3.7:9 08.17.2006 no virus found

Aditional Information
File size: 155648 bytes
MD5: dd952bcb596db2aa9af8bd89f77ce98f
SHA1: 778db18e17d5e03eb6b6c781255a77eefb70f1b0

**ISO** · 18.08.2006, 08:14

Complete scanning result of "runner.exe", received in VirusTotal at 08.18.2006, 06:08:14 (CET).
Antivirus Version Update Result
AntiVir 6.35.1.0 08.17.2006 no virus found
Authentium 4.93.8 08.17.2006 no virus found
Avast 4.7.844.0 08.17.2006 Win32:Hiderun-B
AVG 386 08.17.2006 no virus found
BitDefender 7.2 08.18.2006 Trojan.HideRun.A
CAT-QuickHeal 8.00 08.17.2006 no virus found
ClamAV devel-20060426 08.18.2006 Virtool.HideRun.A
DrWeb 4.33 08.17.2006 Trojan.Hiderun
eTrust-InoculateIT 23.72.100 08.17.2006 no virus found
eTrust-Vet 30.3.3024 08.17.2006 no virus found
Ewido 4.0 08.17.2006 Backdoor.Hupigon.hk
Fortinet 2.77.0.0 08.18.2006 Misc/Hiderun
F-Prot 3.16f 08.17.2006 no virus found
F-Prot4 4.2.1.29 08.17.2006 no virus found
Ikarus 0.2.65.0 08.17.2006 no virus found
Kaspersky 4.0.2.24 08.18.2006 not-a-virus:RiskTool.Win32.HideRun
McAfee 4831 08.17.2006 potentially unwanted program HideRun
Microsoft 1.1560 08.17.2006 no virus found
NOD32v2 1.1713 08.17.2006 Win32/HideWindow
Norman 5.90.23 08.17.2006 no virus found
Panda 9.0.0.4 08.17.2006 Application/Hiderun.C
Sophos 4.08.0 08.17.2006 no virus found
Symantec 8.0 08.18.2006 no virus found
TheHacker 5.9.8.193 08.16.2006 Aplicacion_no_deseada
UNA 1.83 08.17.2006 no virus found
VBA32 3.11.0 08.18.2006 Trojan.Win32.Hidestart.b
VirusBuster 4.3.7:9 08.17.2006 VirTool.HideRun.C

Aditional Information
File size: 5632 bytes
MD5: 8c4169f18c508c2950dcfaef15fccd6f
SHA1: eb877ee506f58fe3c8b0a9e4aa2adacf5fca3031
packers: UPX

**ISO** · 18.08.2006, 08:26

Complete scanning result of "rsnvp.exe", received in VirusTotal at 08.18.2006, 06

31 (CET).
Antivirus Version Update Result
AntiVir 6.35.1.0 08.17.2006 BDS/ServU-524800.A
Authentium 4.93.8 08.17.2006 no virus found
Avast 4.7.844.0 08.17.2006 no virus found
AVG 386 08.17.2006 Potentially harmful program ServU.G
BitDefender 7.2 08.18.2006 Backdoor.Servu.BX
CAT-QuickHeal 8.00 08.17.2006 no virus found
ClamAV devel-20060426 08.18.2006 Trojan.Servu.1
DrWeb 4.33 08.17.2006 BackDoor.Servu.30
eTrust-InoculateIT 23.72.100 08.17.2006 Win32/IRCFlood!Trojan
eTrust-Vet 30.3.3024 08.17.2006 Win32/IRCFlood
Ewido 4.0 08.17.2006 no virus found
Fortinet 2.77.0.0 08.18.2006 W32/ServU!tr.bdr
F-Prot 3.16f 08.17.2006 no virus found
F-Prot4 4.2.1.29 08.17.2006 no virus found
Ikarus 0.2.65.0 08.17.2006 no virus found
Kaspersky 4.0.2.24 08.18.2006 not-a-virus:Server-FTP.Win32.Serv-U.3017
McAfee 4831 08.17.2006 potentially unwanted program ServU-Daemon
Microsoft 1.1560 08.17.2006 no virus found
NOD32v2 1.1713 08.17.2006 Win32/ServU.B
Norman 5.90.23 08.17.2006 W32/ServU.DD
Panda 9.0.0.4 08.17.2006 Application/ServUBased.A
Sophos 4.08.0 08.18.2006 Troj/ServU-Gen
Symantec 8.0 08.18.2006 no virus found
TheHacker 5.9.8.193 08.16.2006 Aplicacion/Riskware.FTP.Serv-U.3017
UNA 1.83 08.17.2006 Backdoor.ServU.6385
VBA32 3.11.0 08.18.2006 Trojan.Win32.ServU.C
VirusBuster 4.3.7:9 08.17.2006 Backdoor.ServU-based.B

Aditional Information
File size: 524800 bytes
MD5: 4967cdfec6708dd5d9115f8362e2d124
SHA1: 76ce8e7c9613a376d3f161f4c9f1f1c967c0a539
packers: UPX

**ISO** · 18.08.2006, 08:32

Complete scanning result of "WarezP2P_ADR.exe", received in VirusTotal at 08.18.2006, 06:29:08 (CET).
Antivirus Version Update Result
AntiVir 6.35.1.0 08.17.2006 TR/Dldr.NewD.A.11.A
Authentium 4.93.8 08.17.2006 no virus found
Avast 4.7.844.0 08.17.2006 Win32:Trojan-gen. {UPX!}
AVG 386 08.17.2006 no virus found
BitDefender 7.2 08.18.2006 no virus found
CAT-QuickHeal 8.00 08.17.2006 Downloader.Agent.h (Not a Virus)
ClamAV devel-20060426 08.18.2006 no virus found
DrWeb 4.33 08.17.2006 Trojan.DownLoader.10412
eTrust-InoculateIT 23.72.100 08.17.2006 no virus found
eTrust-Vet 30.3.3024 08.17.2006 no virus found
Ewido 4.0 08.17.2006 Downloader.Small
Fortinet 2.77.0.0 08.18.2006 Download/Agent
F-Prot 3.16f 08.17.2006 no virus found
F-Prot4 4.2.1.29 08.17.2006 no virus found
Ikarus 0.2.65.0 08.17.2006 no virus found
Kaspersky 4.0.2.24 08.18.2006 not-a-virus

ownloader.Win32.Agent.h
McAfee 4831 08.17.2006 potentially unwanted program NDotNet
Microsoft 1.1560 08.17.2006 no virus found
NOD32v2 1.1713 08.17.2006 no virus found
Norman 5.90.23 08.17.2006 W32/DLoader.ALMN
Panda 9.0.0.4 08.17.2006 no virus found
Sophos 4.08.0 08.18.2006 no virus found
Symantec 8.0 08.18.2006 Downloader.Trojan
TheHacker 5.9.8.193 08.16.2006 no virus found
UNA 1.83 08.17.2006 no virus found
VBA32 3.11.0 08.18.2006 Trojan.DownLoader.10412
VirusBuster 4.3.7:9 08.17.2006 no virus found

Aditional Information
File size: 251904 bytes
MD5: 083be25c4d7ac7df450b34cc509e2088
SHA1: 6949121913fbf6dfb32524bfb9dfa9be99341b15
packers: UPX

**Alexey P.** · 21.08.2006, 02:24

Complete scanning result of "xz.exe", received in VirusTotal at 08.21.2006, 00:19:27
(CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.20.2006 HEUR/Crypted.DNFLR
Authentium 4.93.8 08.19.2006 no virus found
Avast 4.7.844.0 08.18.2006 Win32:Lineage-234
AVG 386 08.18.2006 no virus found
BitDefender 7.2 08.20.2006 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 8.00 08.18.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 08.20.2006 no virus found
DrWeb 4.33 08.20.2006 Win32.HLLW.Gavir.10
eTrust-InoculateIT 23.72.102 08.20.2006 no virus found
eTrust-Vet 30.3.3026 08.18.2006 Win32/Lineage!generic
Ewido 4.0 08.20.2006 no virus found
Fortinet 2.77.0.0 08.20.2006 suspicious
F-Prot 3.16f 08.18.2006 no virus found
F-Prot4 4.2.1.29 08.19.2006 no virus found
Ikarus 0.2.65.0 08.18.2006 no virus found
Kaspersky 4.0.2.24 08.21.2006 Worm.Win32.Viking.v
McAfee 4832 08.18.2006 no virus found
Microsoft 1.1560 08.17.2006 no virus found
NOD32v2 1.1716 08.20.2006 a variant of Win32/Viking
Norman 5.90.23 08.18.2006 W32/Suspicious_U.gen
Panda 9.0.0.4 08.20.2006 Suspicious file
Sophos 4.08.0 08.20.2006 no virus found
Symantec 8.0 08.20.2006 no virus found
TheHacker 5.9.8.195 08.18.2006 no virus found
UNA 1.83 08.18.2006 no virus found
VBA32 3.11.0 08.20.2006 suspected of Trojan-PSW.Lineage.1
VirusBuster 4.3.7:9 08.20.2006 no virus found

Aditional Information
File size: 32143 bytes
MD5: 241dcce0f63a704e895287d8793883cb
SHA1: e7bee0dbccb11ab1a3e695ff43d7edb91809fb2c
packers: UPack

**Синауридзе Александр** · 21.08.2006, 06:22

Complete scanning result of "1.txt", received in VirusTotal at 08.21.2006, 04:18:51 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.20.2006 Worm/Gaobot.177664.A
Authentium 4.93.8 08.19.2006 no virus found
Avast 4.7.844.0 08.18.2006 no virus found
AVG 386 08.18.2006 no virus found
BitDefender 7.2 08.21.2006 Dropped:Trojan.Winreg.Zapchast.A
CAT-QuickHeal 8.00 08.18.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 08.20.2006 no virus found
DrWeb 4.33 08.20.2006 Win32.HLLW.MyBot
eTrust-InoculateIT 23.72.102 08.20.2006 no virus found
eTrust-Vet 30.3.3026 08.18.2006 no virus found
Ewido 4.0 08.20.2006 Backdoor.Rbot
Fortinet 2.77.0.0 08.20.2006 W32/SpyBot.EQ!worm
F-Prot 3.16f 08.21.2006 no virus found
F-Prot4 4.2.1.29 08.21.2006 no virus found
Ikarus 0.2.65.0 08.18.2006 no virus found
Kaspersky 4.0.2.24 08.21.2006 Backdoor.Win32.Rbot.bgm
McAfee 4832 08.18.2006 no virus found
Microsoft 1.1560 08.17.2006 no virus found
NOD32v2 1.1716 08.20.2006 no virus found
Norman 5.90.23 08.18.2006 W32/Gaobot.HGP
Panda 9.0.0.4 08.20.2006 W32/Gaobot.NJE.worm
Sophos 4.08.0 08.21.2006 no virus found
Symantec 8.0 08.21.2006 no virus found
TheHacker 5.9.8.195 08.18.2006 no virus found
UNA 1.83 08.18.2006 no virus found
VBA32 3.11.0 08.20.2006 Win32.HLLW.MyBot
VirusBuster 4.3.7:9 08.20.2006 no virus found

Aditional Information
File size: 179200 bytes
MD5: 31cba1fe05ac42cc4c575eb5a500c79e
SHA1: b32a2144de810293356a4783cfd54846817d60f7
packers: Enigma

**MedvedD** · 21.08.2006, 09:59

STATUS: FINISHEDComplete scanning result of "oreans32.sys", received in VirusTotal at 08.21.2006, 07:49:46 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.20.2006 no virus found
Authentium 4.93.8 08.21.2006 no virus found
Avast 4.7.844.0 08.18.2006 no virus found
AVG 386 08.18.2006 no virus found
BitDefender 7.2 08.21.2006 no virus found
CAT-QuickHeal 8.00 08.18.2006 no virus found
ClamAV devel-20060426 08.20.2006 no virus found
DrWeb 4.33 08.20.2006 no virus found
eTrust-InoculateIT 23.72.102 08.20.2006 Win32/Rbot.EQS!SYS!Worm
eTrust-Vet 30.3.3026 08.18.2006 no virus found
Ewido 4.0 08.20.2006 no virus found
Fortinet 2.77.0.0 08.20.2006 no virus found
F-Prot 3.16f 08.21.2006 no virus found
F-Prot4 4.2.1.29 08.21.2006 no virus found
Ikarus 0.2.65.0 08.21.2006 no virus found
Kaspersky 4.0.2.24 08.21.2006 no virus found
McAfee 4832 08.18.2006 no virus found
Microsoft 1.1560 08.17.2006 no virus found
NOD32v2 1.1716 08.20.2006 no virus found
Norman 5.90.23 08.18.2006 no virus found
Panda 9.0.0.4 08.20.2006 no virus found
Sophos 4.08.0 08.21.2006 no virus found
Symantec 8.0 08.21.2006 no virus found
TheHacker 5.9.8.196 08.21.2006 no virus found
UNA 1.83 08.18.2006 no virus found
VBA32 3.11.0 08.20.2006 no virus found
VirusBuster 4.3.7:9 08.20.2006 no virus found

Aditional Information
File size: 33952 bytes
MD5: aad837bf3b475092fd515cd0842334e9
SHA1: 2f845acac30e40d5aea3ccf8d02f5226089366a5

PS: Ложный детект?

**MedvedD** · 22.08.2006, 17:26

Complete scanning result of "setup.exe", received in VirusTotal at 08.22.2006, 14:02:14 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.22.2006 HEUR/Trojan.Downloader
Authentium 4.93.8 08.22.2006 no virus found
Avast 4.7.844.0 08.21.2006 no virus found
AVG 386 08.22.2006 Proxy.ENM
BitDefender 7.2 08.22.2006 no virus found
CAT-QuickHeal 8.00 08.21.2006 no virus found
ClamAV devel-20060426 08.22.2006 no virus found
DrWeb 4.33 08.22.2006 Trojan.Spambot
eTrust-InoculateIT 23.72.103 08.22.2006 no virus found
eTrust-Vet 30.3.3034 08.22.2006 no virus found
Ewido 4.0 08.22.2006 no virus found
Fortinet 2.77.0.0 08.22.2006 no virus found
F-Prot 3.16f 08.22.2006 no virus found
F-Prot4 4.2.1.29 08.22.2006 no virus found
Ikarus 0.2.65.0 08.22.2006 no virus found
Kaspersky 4.0.2.24 08.22.2006 Trojan-Proxy.Win32.Horst.av
McAfee 4834 08.21.2006 no virus found
Microsoft 1.1560 08.22.2006 no virus found
NOD32v2 1.1718 08.21.2006 probably a variant of Win32/Medbot.BD
Norman 5.90.23 08.22.2006 no virus found
Panda 9.0.0.4 08.21.2006 Suspicious file
Sophos 4.08.0 08.22.2006 no virus found
Symantec 8.0 08.22.2006 no virus found
TheHacker 5.9.8.197 08.21.2006 no virus found
UNA 1.83 08.21.2006 no virus found
VBA32 3.11.0 08.21.2006 no virus found
VirusBuster 4.3.7:9 08.21.2006 no virus found

Aditional Information
File size: 49152 bytes
MD5: 7e462ae9a9f9da838645de6db1424e65
SHA1: ea2067d7928df51586fd106a51af7ae17859cdc4
packers: UPX

Образец надо ?
Всё-таки у НОД32 хорошая эвристика..

**Dandy** · 23.08.2006, 02:00

отловлен на почтовом шлюзе контент фильтром.

File: terror_uk.zip
Status:
INFECTED/MALWARE
MD5 0ca6132394bdb41e5001a46a5f944559
Packers detected:
-
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found BehavesLike:Trojan.Downloader (probable variant)
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found Sandbox: W32/Downloader;
[ General information ]* File length: 6686 bytes.
[ Changes to filesystem ]
* Creates file C:\TEMP\svclocal.exe.
[ Network services ]
* Downloads file from hXXp://comrost.com/tro/srvwinsock_exe as C:\TEMP\svclocal.exe.
[ Security issues ]
* Starting downloaded file - potential security problem.
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing

-----------------------

До virustotal не добраться... очередь в 300 душ...

**Dandy** · 23.08.2006, 02:02

Осторожно, ссылка по Норману - живая....

File: srvwinsock.rar
Status:
POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)
MD5 150bb8b25fc7144b1774a5d7081dc50d
Packers detected:
-
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found Embedded.Rootkit.Win32.Agent.n (probable variant)

**Зайцев Олег** · 23.08.2006, 09:32

файл mstask32.dll
AntiVir 6.35.1.3 08.22.2006 HEUR/Malware.FKMI
Authentium 4.93.8 08.22.2006 no virus found
Avast 4.7.844.0 08.21.2006 no virus found
AVG 386 08.22.2006 no virus found
BitDefender 7.2 08.23.2006 no virus found
CAT-QuickHeal 8.00 08.22.2006 no virus found
ClamAV devel-20060426 08.23.2006 no virus found
DrWeb 4.33 08.22.2006 no virus found
eTrust-InoculateIT 23.72.104 08.22.2006 no virus found
eTrust-Vet 30.3.3034 08.22.2006 no virus found
Ewido 4.0 08.22.2006 no virus found
Fortinet 2.77.0.0 08.23.2006 no virus found
F-Prot 3.16f 08.22.2006 no virus found
F-Prot4 4.2.1.29 08.22.2006 no virus found
Ikarus 0.2.65.0 08.23.2006 no virus found
Kaspersky 4.0.2.24 08.23.2006 no virus found
McAfee 4835 08.22.2006 no virus found
Microsoft 1.1560 08.23.2006 no virus found
NOD32v2 1.1720 08.22.2006 no virus found
Norman 5.90.23 08.22.2006 no virus found
Panda 9.0.0.4 08.22.2006 Suspicious file
Sophos 4.08.0 08.23.2006 no virus found
Symantec 8.0 08.23.2006 no virus found
TheHacker 5.9.8.198 08.23.2006 no virus found
UNA 1.83 08.22.2006 no virus found
VBA32 3.11.0 08.22.2006 no virus found
VirusBuster 4.3.7:9 08.22.2006 no virus found

Aditional Information
File size: 73728 bytes
MD5: 42156db9f905cab94477fdd1a21dcb13
SHA1: 0a47ad00fc9ad72bc95ca6d8cc27cb31d93ebee0
packers: Aspack

PS: Этот файл словлен антикейлоггером AVZ, внедряется во все GUI процессы + winlogon.exe, прописывается на автозапуск в Winlogon, активно сопротивляется удалению - имеет защиту от отложенного удаления и защищает свои ключи реестра.

**Dandy** · 23.08.2006, 09:52

[QUOTE=Синауридзе Александр]

Сообщение от Dandy

Осторожно, ссылка по Норману - живая....

Уже мертвая.

да нет, живая... _exe -> .exe (я заменил навсякий случай)
Ночной репорт virustotal:
============================
Complete scanning result of "terror_uk.zip", received in VirusTotal at 08.22.2006, 23:11:11 (CET).
Antivirus Version Update Result
AntiVir 6.35.1.3 08.22.2006 no virus found
Authentium 4.93.8 08.22.2006 no virus found
Avast 4.7.844.0 08.21.2006 no virus found
AVG 386 08.22.2006 no virus found
BitDefender 7.2 08.22.2006 no virus found
CAT-QuickHeal 8.00 08.22.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 08.23.2006 no virus found
DrWeb 4.33 08.22.2006 no virus found
eTrust-InoculateIT 23.72.104 08.22.2006 no virus found
eTrust-Vet 30.3.3034 08.22.2006 no virus found
Ewido 4.0 08.22.2006 no virus found
Fortinet 2.77.0.0 08.23.2006 suspicious
F-Prot 3.16f 08.22.2006 no virus found
F-Prot4 4.2.1.29 08.22.2006 no virus found
Ikarus 0.2.65.0 08.22.2006 no virus found
Kaspersky 4.0.2.24 08.23.2006 no virus found
McAfee 4835 08.22.2006 no virus found
Microsoft 1.1560 08.22.2006 no virus found
NOD32v2 1.1720 08.22.2006 probably a variant of Win32/Spy.Agent.FA
Norman 5.90.23 08.22.2006 no virus found
Panda 9.0.0.4 08.22.2006 no virus found
Sophos 4.08.0 08.22.2006 no virus found
Symantec 8.0 08.22.2006 no virus found
TheHacker 5.9.8.197 08.21.2006 no virus found
UNA 1.83 08.22.2006 no virus found
VBA32 3.11.0 08.22.2006 suspected of Embedded.Rootkit.Win32.Agent.n
VirusBuster 4.3.7:9 08.22.2006 no virus found

Aditional Information
File size: 23077 bytes
MD5: 150bb8b25fc7144b1774a5d7081dc50d
SHA1: b6bb3f75f6df00eddf25c5d536b3ca552f0e5bd5
============================

Complete scanning result of "srvwinsock.rar", received in VirusTotal at 08.22.2006, 23:43:21 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.22.2006 no virus found
Authentium 4.93.8 08.22.2006 no virus found
Avast 4.7.844.0 08.21.2006 no virus found
AVG 386 08.22.2006 no virus found
BitDefender 7.2 08.22.2006 no virus found
CAT-QuickHeal 8.00 08.22.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 08.23.2006 no virus found
DrWeb 4.33 08.22.2006 no virus found
eTrust-InoculateIT 23.72.104 08.22.2006 no virus found
eTrust-Vet 30.3.3034 08.22.2006 no virus found
Ewido 4.0 08.22.2006 no virus found
Fortinet 2.77.0.0 08.23.2006 suspicious
F-Prot 3.16f 08.22.2006 no virus found
F-Prot4 4.2.1.29 08.22.2006 no virus found
Ikarus 0.2.65.0 08.22.2006 no virus found
Kaspersky 4.0.2.24 08.23.2006 no virus found
McAfee 4835 08.22.2006 no virus found
Microsoft 1.1560 08.22.2006 no virus found
NOD32v2 1.1720 08.22.2006 probably a variant of Win32/Spy.Agent.FA
Norman 5.90.23 08.22.2006 no virus found
Panda 9.0.0.4 08.22.2006 no virus found
Sophos 4.08.0 08.22.2006 no virus found
Symantec 8.0 08.22.2006 no virus found
TheHacker 5.9.8.197 08.21.2006 no virus found
UNA 1.83 08.22.2006 no virus found
VBA32 3.11.0 08.22.2006 suspected of Embedded.Rootkit.Win32.Agent.n
VirusBuster 4.3.7:9 08.22.2006 no virus found

Aditional Information
File size: 23077 bytes
MD5: 150bb8b25fc7144b1774a5d7081dc50d
SHA1: b6bb3f75f6df00eddf25c5d536b3ca552f0e5bd5

**Alexey P.** · 23.08.2006, 16:15

Complete scanning result of "1.exe", received in VirusTotal at 08.23.2006, 14:01:48
(CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.23.2006 TR/Hijack.Explor.459
Authentium 4.93.8 08.22.2006 no virus found
Avast 4.7.844.0 08.23.2006 no virus found
AVG 386 08.22.2006 Generic.ZWI
BitDefender 7.2 08.23.2006 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 8.00 08.22.2006 no virus found
ClamAV devel-20060426 08.23.2006 no virus found
DrWeb 4.33 08.23.2006 DLOADER.Trojan
eTrust-InoculateIT 23.72.104 08.22.2006 no virus found
eTrust-Vet 30.3.3035 08.23.2006 no virus found
Ewido 4.0 08.23.2006 no virus found
Fortinet 2.77.0.0 08.23.2006 no virus found
F-Prot 3.16f 08.22.2006 no virus found
F-Prot4 4.2.1.29 08.22.2006 no virus found
Ikarus 0.2.65.0 08.23.2006 no virus found
Kaspersky 4.0.2.24 08.23.2006 no virus found
McAfee 4835 08.22.2006 no virus found
Microsoft 1.1560 08.23.2006 no virus found
NOD32v2 1.1721 08.23.2006 probably unknown NewHeur_PE virus
Norman 5.90.23 08.22.2006 W32/Malware
Panda 9.0.0.4 08.23.2006 Suspicious file
Sophos 4.08.0 08.23.2006 no virus found
Symantec 8.0 08.23.2006 no virus found
TheHacker 5.9.8.198 08.23.2006 no virus found
UNA 1.83 08.22.2006 no virus found
VBA32 3.11.0 08.22.2006 no virus found
VirusBuster 4.3.7:9 08.22.2006 no virus found

Aditional Information
File size: 54784 bytes
MD5: 0e2f3d660c51846629c1a7c20fea3596
SHA1: 61819652343b7007af4210a2b40ddea123b942c9
Norman SandBox:
[ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO
ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Accesses executable file from resource section.
* File length: 54784 bytes.

[ Changes to filesystem ]
* Creates file C:WINDOWSSYSTEM32msvcrt64.dll.

[ Changes to registry ]
* Sets value "PBRunFrom"="C:SAMPLE.EXE " in key
"HKCUSoftwareMicrosoftWindowsCurrentVersionInterne t
Settings".
* Sets value "msvcrt64.dll"="{000000-0000-000000" in key
"HKLMSoftwareMicrosoftWindowsCurrentVersionShellSe rviceObjectDelayLoad".
* Creates key "HKCRCLSID{000000-0000-000000InProcServer32".
* Sets value "default"="msvcrt64.dll" in key "HKCRCLSID{000000-0000-000000InProcServer32".
* Sets value "PBVersion"="1.1" in key "HKCUSoftwareMicrosoftWindowsCurrentVersionInterne t
Settings".
* Sets value "PBPRIMARYHOST"="http://208.66.195.89:1161/proxy/gate.php" in key
"HKCUSoftwareMicrosoftWindowsCurrentVersionInterne t
Settings".
* Sets value "PBSECONDARYHOST1"="127.0.0.1" in key
"HKCUSoftwareMicrosoftWindowsCurrentVersionInterne t
Settings".
* Sets value "PBSECONDARYHOST2"="127.0.0.1" in key
"HKCUSoftwareMicrosoftWindowsCurrentVersionInterne t
Settings".
* Sets value "PBSECONDARYHOST3"="127.0.0.1" in key
"HKCUSoftwareMicrosoftWindowsCurrentVersionInterne t
Settings".
* Sets value "PBSERVERPORT"="80" in key "HKCUSoftwareMicrosoftWindowsCurrentVersionInterne t
Settings".
* Sets value "PBSCRIPTPATH"="/proxy/gate.php" in key
"HKCUSoftwareMicrosoftWindowsCurrentVersionInterne t
Settings".
* Sets value "PBPROXYMODULEPATH"="/proxy/proxy.dll" in key
"HKCUSoftwareMicrosoftWindowsCurrentVersionInterne t
Settings".

[ Process/window information ]
* Enumerates running processes.
* Modifies other process memory.
* Creates a remote thread.

**Alexey P.** · 23.08.2006, 17:01

Complete scanning result of "spl.exe", received in VirusTotal at 08.23.2006, 14:31:50
(CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.23.2006 no virus found
Authentium 4.93.8 08.22.2006 no virus found
Avast 4.7.844.0 08.23.2006 no virus found
AVG 386 08.22.2006 no virus found
BitDefender 7.2 08.23.2006 no virus found
CAT-QuickHeal 8.00 08.22.2006 no virus found
ClamAV devel-20060426 08.23.2006 no virus found
DrWeb 4.33 08.23.2006 Trojan.Spambot
eTrust-InoculateIT 23.72.104 08.22.2006 Win32/Gnorug.E!Trojan
eTrust-Vet 30.3.3035 08.23.2006 Win32/Gnorug.J
Ewido 4.0 08.23.2006 no virus found
Fortinet 2.77.0.0 08.23.2006 W32/Small.79D1!tr.bdr
F-Prot 3.16f 08.22.2006 no virus found
F-Prot4 4.2.1.29 08.22.2006 no virus found
Ikarus 0.2.65.0 08.23.2006 no virus found
Kaspersky 4.0.2.24 08.23.2006 no virus found
McAfee 4835 08.22.2006 New Malware.am
Microsoft 1.1560 08.23.2006 no virus found
NOD32v2 1.1721 08.23.2006 a variant of Win32/TrojanProxy.Agent.KL
Norman 5.90.23 08.22.2006 no virus found
Panda 9.0.0.4 08.23.2006 Suspicious file
Sophos 4.08.0 08.23.2006 no virus found
Symantec 8.0 08.23.2006 no virus found
TheHacker 5.9.8.198 08.23.2006 no virus found
UNA 1.83 08.22.2006 no virus found
VBA32 3.11.0 08.22.2006 Trojan.Spambot
VirusBuster 4.3.7:9 08.22.2006 no virus found

Aditional Information
File size: 23552 bytes
MD5: b48ab4c096ab791c442a2642245e5412
SHA1: 89f71b888ce9d071d3dcf58de51b7bc79ca9c647

**Зайцев Олег** · 23.08.2006, 19:04

STATUS: FINISHEDComplete scanning result of "message.dat.bat", received in VirusTotal at 08.23.2006, 16:41:59 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.23.2006 no virus found
Authentium 4.93.8 08.22.2006 Possibly a new variant of W32/Threat-HLLIM-based!Maximus
Avast 4.7.844.0 08.23.2006 no virus found
AVG 386 08.22.2006 no virus found
BitDefender 7.2 08.23.2006 BehavesLike:Trojan.Downloader
CAT-QuickHeal 8.00 08.23.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 08.23.2006 no virus found
DrWeb 4.33 08.23.2006 Trojan.DownLoader.12295
eTrust-InoculateIT 23.72.104 08.22.2006 no virus found
eTrust-Vet 30.3.3035 08.23.2006 no virus found
Ewido 4.0 08.23.2006 no virus found
Fortinet 2.77.0.0 08.23.2006 no virus found
F-Prot 3.16f 08.22.2006 Possibly a new variant of W32/Threat-HLLIM-based!Maximus
F-Prot4 4.2.1.29 08.22.2006 W32/Threat-HLLIM-based!Maximus
Ikarus 0.2.65.0 08.23.2006 no virus found
Kaspersky 4.0.2.24 08.23.2006 no virus found
McAfee 4835 08.22.2006 no virus found
Microsoft 1.1560 08.23.2006 no virus found
NOD32v2 1.1721 08.23.2006 no virus found
Norman 5.90.23 08.23.2006 W32/Suspicious_M.gen
Panda 9.0.0.4 08.23.2006 Suspicious file
Sophos 4.08.0 08.23.2006 no virus found
Symantec 8.0 08.23.2006 no virus found
TheHacker 5.9.8.198 08.23.2006 no virus found
UNA 1.83 08.22.2006 no virus found
VBA32 3.11.0 08.22.2006 no virus found
VirusBuster 4.3.7:9 08.23.2006 Trojan.Opnis.Z

Aditional Information
File size: 85738 bytes
MD5: 7a44b326e90d03251af24e33826027ba
SHA1: e8433a905d8a82226ef483e6d3951664f3960756
packers: MEW

PS: Это на самом деле почтовый червяк в комбинации с trojan-downloader и трояном. Сие чудо 30 минут назад прилетело по почте...

**Shu_b** · 23.08.2006, 23:12

Очередная контрольная точка.

**MOCT** · 27.08.2006, 10:23

Complete scanning result of "untrojan.exe", received in VirusTotal at 08.27.2006, 08:04:03 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.26.2006 no virus found
Authentium 4.93.8 08.25.2006 no virus found
Avast 4.7.844.0 08.24.2006 no virus found
AVG 386 08.25.2006 no virus found
BitDefender 7.2 08.27.2006 Trojan.Small.FW
CAT-QuickHeal 8.00 08.26.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 08.26.2006 no virus found
DrWeb 4.33 08.26.2006 no virus found
eTrust-InoculateIT 23.72.107 08.25.2006 no virus found
eTrust-Vet 30.3.3039 08.25.2006 no virus found
Ewido 4.0 08.25.2006 Downloader.Banload.gm
Fortinet 2.77.0.0 08.27.2006 suspicious
F-Prot 3.16f 08.25.2006 no virus found
F-Prot4 4.2.1.29 08.26.2006 no virus found
Ikarus 0.2.65.0 08.25.2006 Backdoor.Win32.Bifrose.DF
Kaspersky 4.0.2.24 08.27.2006 no virus found
McAfee 4838 08.25.2006 no virus found
Microsoft 1.1560 08.27.2006 no virus found
NOD32v2 1.1727 08.26.2006 no virus found
Norman 5.90.23 08.25.2006 no virus found
Panda 9.0.0.4 08.26.2006 Suspicious file
Sophos 4.08.0 08.27.2006 no virus found
Symantec 8.0 08.27.2006 no virus found
TheHacker 5.9.8.200 08.25.2006 no virus found
UNA 1.83 08.27.2006 no virus found
VBA32 3.11.1 08.27.2006 no virus found
VirusBuster 4.3.7:9 08.26.2006 no virus found

Aditional Information
File size: 31585 bytes
MD5: 532889d1e83a24b08022bad72dd5c8af
SHA1: 7c29132cb4a3c6254198f553b2c08812fdef2f05
packers: Expr

Complete scanning result of "ripper.com.ru.exe", received in VirusTotal at 08.27.2006, 08:07:21 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.26.2006 no virus found
Authentium 4.93.8 08.25.2006 no virus found
Avast 4.7.844.0 08.24.2006 no virus found
AVG 386 08.25.2006 no virus found
BitDefender 7.2 08.27.2006 no virus found
CAT-QuickHeal 8.00 08.26.2006 no virus found
ClamAV devel-20060426 08.26.2006 no virus found
DrWeb 4.33 08.26.2006 no virus found
eTrust-InoculateIT 23.72.107 08.25.2006 no virus found
eTrust-Vet 30.3.3039 08.25.2006 no virus found
Ewido 4.0 08.25.2006 no virus found
Fortinet 2.77.0.0 08.27.2006 no virus found
F-Prot 3.16f 08.25.2006 no virus found
F-Prot4 4.2.1.29 08.26.2006 no virus found
Ikarus 0.2.65.0 08.25.2006 no virus found
Kaspersky 4.0.2.24 08.27.2006 no virus found
McAfee 4838 08.25.2006 no virus found
Microsoft 1.1560 08.27.2006 no virus found
NOD32v2 1.1727 08.26.2006 no virus found
Norman 5.90.23 08.25.2006 no virus found
Panda 9.0.0.4 08.26.2006 Suspicious file
Sophos 4.08.0 08.27.2006 no virus found
Symantec 8.0 08.27.2006 no virus found
TheHacker 5.9.8.200 08.25.2006 no virus found
UNA 1.83 08.27.2006 no virus found
VBA32 3.11.1 08.27.2006 no virus found
VirusBuster 4.3.7:9 08.26.2006 no virus found

Aditional Information
File size: 177664 bytes
MD5: 3b4b0d211aef6c807ba7ca1f13170a47
SHA1: 07294d071a8812d72e6cfc9fd14e13fcb9d04682
packers: UPX

Complete scanning result of "WM_trojan.exe", received in VirusTotal at 08.27.2006, 08:09:46 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.26.2006 no virus found
Authentium 4.93.8 08.25.2006 no virus found
Avast 4.7.844.0 08.24.2006 no virus found
AVG 386 08.25.2006 no virus found
BitDefender 7.2 08.27.2006 no virus found
CAT-QuickHeal 8.00 08.26.2006 no virus found
ClamAV devel-20060426 08.26.2006 no virus found
DrWeb 4.33 08.26.2006 BACKDOOR.Trojan
eTrust-InoculateIT 23.72.107 08.25.2006 Win32/Unknown!Trojan
eTrust-Vet 30.3.3039 08.25.2006 no virus found
Ewido 4.0 08.25.2006 no virus found
Fortinet 2.77.0.0 08.27.2006 no virus found
F-Prot 3.16f 08.25.2006 could be infected with an unknown virus
F-Prot4 4.2.1.29 08.26.2006 Possibly a new unknown PE_Virus!Maximus
Ikarus 0.2.65.0 08.25.2006 no virus found
Kaspersky 4.0.2.24 08.27.2006 no virus found
McAfee 4838 08.25.2006 no virus found
Microsoft 1.1560 08.27.2006 no virus found
NOD32v2 1.1727 08.26.2006 probably unknown NewHeur_PE virus
Norman 5.90.23 08.25.2006 no virus found
Panda 9.0.0.4 08.26.2006 Suspicious file
Sophos 4.08.0 08.27.2006 no virus found
Symantec 8.0 08.27.2006 no virus found
TheHacker 5.9.8.200 08.25.2006 no virus found
UNA 1.83 08.27.2006 no virus found
VBA32 3.11.1 08.27.2006 no virus found
VirusBuster 4.3.7:9 08.26.2006 no virus found

Aditional Information
File size: 176207 bytes
MD5: 71584a0231964342f083c251d82e9abe
SHA1: 12fc10f97c608f074bcd5ed4263b0593327dcb02

Complete scanning result of "WMZ_Trojan__.exe", received in VirusTotal at 08.27.2006, 08:13:15 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.26.2006 no virus found
Authentium 4.93.8 08.25.2006 no virus found
Avast 4.7.844.0 08.24.2006 no virus found
AVG 386 08.25.2006 no virus found
BitDefender 7.2 08.27.2006 no virus found
CAT-QuickHeal 8.00 08.26.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 08.26.2006 no virus found
DrWeb 4.33 08.26.2006 no virus found
eTrust-InoculateIT 23.72.107 08.25.2006 no virus found
eTrust-Vet 30.3.3039 08.25.2006 no virus found
Ewido 4.0 08.25.2006 no virus found
Fortinet 2.77.0.0 08.27.2006 no virus found
F-Prot 3.16f 08.25.2006 no virus found
F-Prot4 4.2.1.29 08.26.2006 no virus found
Ikarus 0.2.65.0 08.25.2006 no virus found
Kaspersky 4.0.2.24 08.27.2006 no virus found
McAfee 4838 08.25.2006 no virus found
Microsoft 1.1560 08.27.2006 no virus found
NOD32v2 1.1727 08.26.2006 no virus found
Norman 5.90.23 08.25.2006 W32/Suspicious_M.gen
Panda 9.0.0.4 08.26.2006 Suspicious file
Sophos 4.08.0 08.27.2006 no virus found
Symantec 8.0 08.27.2006 no virus found
TheHacker 5.9.8.200 08.25.2006 no virus found
UNA 1.83 08.27.2006 no virus found
VBA32 3.11.1 08.27.2006 no virus found
VirusBuster 4.3.7:9 08.26.2006 no virus found

Aditional Information
File size: 31230 bytes
MD5: cbe1af65f5e3c57ed1fbe6afd48270d0
SHA1: 1c5b5ba1df2396c8588a9bc3abc3b62832f24e67
packers: MEW

Complete scanning result of "Xinch_3.exe", received in VirusTotal at 08.27.2006, 08:15:32 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.26.2006 no virus found
Authentium 4.93.8 08.25.2006 no virus found
Avast 4.7.844.0 08.24.2006 Win32

dpinch-AH
AVG 386 08.25.2006 no virus found
BitDefender 7.2 08.27.2006 BehavesLike:Win32.AV-Killer
CAT-QuickHeal 8.00 08.26.2006 no virus found
ClamAV devel-20060426 08.26.2006 Trojan.PSW.PdPinch-2
DrWeb 4.33 08.26.2006 BACKDOOR.PWS.Trojan
eTrust-InoculateIT 23.72.107 08.25.2006 no virus found
eTrust-Vet 30.3.3039 08.25.2006 no virus found
Ewido 4.0 08.25.2006 no virus found
Fortinet 2.77.0.0 08.27.2006 suspicious
F-Prot 3.16f 08.25.2006 no virus found
F-Prot4 4.2.1.29 08.26.2006 Possibly a new unknown PE_Virus!Maximus
Ikarus 0.2.65.0 08.25.2006 no virus found
Kaspersky 4.0.2.24 08.27.2006 no virus found
McAfee 4838 08.25.2006 no virus found
Microsoft 1.1560 08.27.2006 no virus found
NOD32v2 1.1727 08.26.2006 a variant of Win32/PSW.LdPinch
Norman 5.90.23 08.25.2006 no virus found
Panda 9.0.0.4 08.26.2006 Suspicious file
Sophos 4.08.0 08.27.2006 Troj/LdPnch-Gen
Symantec 8.0 08.27.2006 no virus found
TheHacker 5.9.8.200 08.25.2006 no virus found
UNA 1.83 08.27.2006 no virus found
VBA32 3.11.1 08.27.2006 suspected of Backdoor.Prorat.8
VirusBuster 4.3.7:9 08.26.2006 no virus found

Aditional Information
File size: 22016 bytes
MD5: 9fdfa63d778618d21fbfa94588ef4986
SHA1: a9173c930c19a671273513a5567cc98c49846d0b

Complete scanning result of "Xinch_7.exe", received in VirusTotal at 08.27.2006, 08:19:42 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.26.2006 no virus found
Authentium 4.93.8 08.25.2006 no virus found
Avast 4.7.844.0 08.24.2006 no virus found
AVG 386 08.25.2006 no virus found
BitDefender 7.2 08.27.2006 no virus found
CAT-QuickHeal 8.00 08.26.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 08.26.2006 no virus found
DrWeb 4.33 08.26.2006 no virus found
eTrust-InoculateIT 23.72.107 08.25.2006 no virus found
eTrust-Vet 30.3.3039 08.25.2006 no virus found
Ewido 4.0 08.25.2006 no virus found
Fortinet 2.77.0.0 08.27.2006 suspicious
F-Prot 3.16f 08.25.2006 no virus found
F-Prot4 4.2.1.29 08.26.2006 no virus found
Ikarus 0.2.65.0 08.25.2006 no virus found
Kaspersky 4.0.2.24 08.27.2006 no virus found
McAfee 4838 08.25.2006 no virus found
Microsoft 1.1560 08.27.2006 no virus found
NOD32v2 1.1727 08.26.2006 no virus found
Norman 5.90.23 08.25.2006 no virus found
Panda 9.0.0.4 08.26.2006 Suspicious file
Sophos 4.08.0 08.27.2006 no virus found
Symantec 8.0 08.27.2006 no virus found
TheHacker 5.9.8.200 08.25.2006 no virus found
UNA 1.83 08.27.2006 Win32.CRYPT.virus
VBA32 3.11.1 08.27.2006 no virus found
VirusBuster 4.3.7:9 08.26.2006 no virus found

Aditional Information
File size: 121344 bytes
MD5: cd34ff98dd0ceed84cc678fc469763d6
SHA1: 532d6fc88d9f21fce6123d860da9a41e5ecacc16
packers: SVKProtector

**MOCT** · 27.08.2006, 10:31

Complete scanning result of "RapidSHareGen.exe", received in VirusTotal at 08.27.2006, 08:24:40 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.26.2006 HEUR/Crypted.Modified
Authentium 4.93.8 08.25.2006 no virus found
Avast 4.7.844.0 08.24.2006 no virus found
AVG 386 08.25.2006 no virus found
BitDefender 7.2 08.27.2006 Dropped:Trojan.PWS.LdPinch.PY
CAT-QuickHeal 8.00 08.26.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 08.26.2006 no virus found
DrWeb 4.33 08.26.2006 no virus found
eTrust-InoculateIT 23.72.107 08.25.2006 no virus found
eTrust-Vet 30.3.3039 08.25.2006 no virus found
Ewido 4.0 08.25.2006 no virus found
Fortinet 2.77.0.0 08.27.2006 suspicious
F-Prot 3.16f 08.25.2006 no virus found
F-Prot4 4.2.1.29 08.26.2006 no virus found
Ikarus 0.2.65.0 08.25.2006 Backdoor.Win32.Agobot.AFK
Kaspersky 4.0.2.24 08.27.2006 no virus found
McAfee 4838 08.25.2006 no virus found
Microsoft 1.1560 08.27.2006 no virus found
NOD32v2 1.1727 08.26.2006 no virus found
Norman 5.90.23 08.25.2006 no virus found
Panda 9.0.0.4 08.26.2006 Suspicious file
Sophos 4.08.0 08.27.2006 no virus found
Symantec 8.0 08.27.2006 no virus found
TheHacker 5.9.8.200 08.25.2006 no virus found
UNA 1.83 08.27.2006 no virus found
VBA32 3.11.1 08.27.2006 no virus found
VirusBuster 4.3.7:9 08.26.2006 no virus found

Aditional Information
File size: 197452 bytes
MD5: 993d8898a2b010fb6230b6974bd73b0b
SHA1: b114ac721bea84de689b3284521e549c65374191

еще один файл (keylog.exe) заподозрила только панда:
Panda 9.0.0.4 08.26.2006 Suspicious file

File size: 36864 bytes
MD5: a9048f07056ebb24a65b2df6e114fa5c
SHA1: 8cfa6c033477cfe1bd5afe17b90c72849a5431fe

Исследование антивирусов 4

Опции темы

что-то не дружат АВ с PSW-троянами

Похожие темы

Исследование антивирусов 7

Исследование антивирусов 6

Исследование антивирусов 5

Исследование антивирусов 3

Исследование антивирусов 2

Ваши права в разделе