# Форум на русском языке  > Аналитика  > Тестирование  >  Исследование антивирусов 7

## Shu_b

> Сообщение от *Geser*  
> *В общем думал я думал как сделать более-менее объективную оценку антивирусов, и кое что придумал. Вот в эту тему прошу всех постить результаты проверки зверей которые были пойманы исключительно ручками. Т.е. которых не видел установленный на компютере антивирус. Так выборка будет по настоящему случайной.
> 
> Постить в эту тему результаты проверки файлов исключительно пойманных руками на компьютерах.
> 
> Не постить результаты проверки файлов найденных на других сайтах или в коллекциях. 
> Не постить результаты проверки файлов изначально найденных антивирусом.*


Продолжим в новой теме.

*Добавлено через 4 часа 40 минут*

Для затравки:	

```
File svchost.exe:ext.exe:$DATA received on 11.05.2008 12:03:13 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.5.3	2008.11.05	-
AntiVir	7.9.0.10	2008.11.05	TR/Crypt.U.Gen
Authentium	5.1.0.4	2008.11.04	-
Avast	4.8.1248.0	2008.11.04	Win32:Agent-ABKC
AVG	8.0.0.161	2008.11.05	-
BitDefender	7.2	2008.11.05	Trojan.Rootkit.Agent.NFS
CAT-QuickHeal	9.50	2008.11.04	Win32.Backdoor.Tofsee.F.3
ClamAV	0.94.1	2008.11.05	-
DrWeb	4.44.0.09170	2008.11.05	-
eSafe	7.0.17.0	2008.11.04	Suspicious File
eTrust-Vet	31.6.6190	2008.11.05	-
Ewido	4.0	2008.11.04	-
F-Prot	4.4.4.56	2008.11.04	-
F-Secure	8.0.14332.0	2008.11.05	-
Fortinet	3.117.0.0	2008.11.05	-
GData	19	2008.11.05	Trojan.Rootkit.Agent.NFS
Ikarus	T3.1.1.45.0	2008.11.05	Virus.Win32.Agent.ABKC
K7AntiVirus	7.10.516	2008.11.04	-
Kaspersky	7.0.0.125	2008.11.05	-
McAfee	5424	2008.11.04	New Malware.bm
Microsoft	1.4005	2008.11.05	-
NOD32	3585	2008.11.05	-
Norman	5.80.02	2008.11.04	-
Panda	9.0.0.4	2008.11.05	-
PCTools	4.4.2.0	2008.11.04	-
Prevx1	V2	2008.11.05	-
Rising	21.02.22.00	2008.11.05	Win32.Virut.GEN
SecureWeb-Gateway	6.7.6	2008.11.05	Trojan.Crypt.U.Gen
Sophos	4.35.0	2008.11.05	-
Sunbelt	3.1.1783.2	2008.11.05	-
Symantec	10	2008.11.05	-
TheHacker	6.3.1.1.140	2008.11.05	-
TrendMicro	8.700.0.1004	2008.11.05	PAK_Generic.001
VBA32	3.12.8.9	2008.11.05	-
ViRobot	2008.11.5.1453	2008.11.05	-
VirusBuster	4.5.11.0	2008.11.04	-
Additional information
File size: 39936 bytes
```

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Hanson

Файл avz00002.dta(C:\WINDOWS\system32\tvsm.dll) получен 2008.11.06 13:54:41 (CET)
Текущий статус:закончено
Результат: 1/36 (2.78%)



> Антивирус  	Версия  	Обновление  	Результат
> AhnLab-V3	2008.11.5.3	2008.11.06	-
> AntiVir	7.9.0.26	2008.11.06	-
> Authentium	5.1.0.4	2008.11.06	-
> Avast	4.8.1248.0	2008.11.05	-
> AVG	8.0.0.161	2008.11.06	-
> BitDefender	7.2	2008.11.06	-
> CAT-QuickHeal	9.50	2008.11.04	-
> ClamAV	0.94.1	2008.11.06	-
> ...


может и ложняк,но вот ответ каспера



> avz00002.dta - Trojan-Ransom.Win32.BHO.a
> 
> This file is already detected. Please update your antivirus bases.


*Добавлено через 8 минут*

Файл avz00009.dta получен 2008.11.06 14:01:20 (CET)
(C:\windows\services.exe)
Текущий статус:  закончено 
Результат: 15/36 (41.67%)



> Антивирус  	Версия  	Обновление  	Результат
> AhnLab-V3	2008.11.5.3	2008.11.06	-
> *AntiVir	7.9.0.26	2008.11.06	Worm/Joleee.CA*
> Authentium	5.1.0.4	2008.11.06	-
> *Avast	4.8.1248.0	2008.11.05	Win32:Fabot
> AVG	8.0.0.161	2008.11.06	Downloader.Generic_r.BG
> BitDefender	7.2	2008.11.06	Trojan.Spammer.Tedroo.AT
> CAT-QuickHeal	9.50	2008.11.04	(Suspicious) - DNAScan*
> ClamAV	0.94.1	2008.11.06	-
> ...

----------


## ISO

Порно информер - надстройка в IE.


```
Файл trdlib.dll получен 2008.11.07 01:20:05 (CET)
Результат: 6/36 (16.67%)
Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3	2008.11.7.1	2008.11.06	Win-Trojan/Hexzone.352256
AntiVir	7.9.0.26	2008.11.07	-
Authentium	5.1.0.4	2008.11.06	-
Avast	4.8.1248.0	2008.11.06	-
AVG	8.0.0.161	2008.11.07	-
BitDefender	7.2	2008.11.07	-
CAT-QuickHeal	9.50	2008.11.04	TrojanRansom.Hexzone.abq
ClamAV	0.94.1	2008.11.07	-
DrWeb	4.44.0.09170	2008.11.07	Trojan.Blackmailer.244
eSafe	7.0.17.0	2008.11.06	-
eTrust-Vet	31.6.6195	2008.11.06	-
Ewido	4.0	2008.11.06	-
F-Prot	4.4.4.56	2008.11.06	-
F-Secure	8.0.14332.0	2008.11.06	-
Fortinet	3.117.0.0	2008.11.06	-
GData	19	2008.11.07	-
Ikarus	T3.1.1.45.0	2008.11.06	-
K7AntiVirus	7.10.518	2008.11.06	-
Kaspersky	7.0.0.125	2008.11.07	-
McAfee	5426	2008.11.06	-
Microsoft	1.4104	2008.11.07	Trojan:Win32/Hexzone.A!dll
NOD32	3592	2008.11.06	Win32/Hexzone.I
Norman	5.80.02	2008.11.06	-
Panda	9.0.0.4	2008.11.06	-
PCTools	4.4.2.0	2008.11.06	-
Prevx1	V2	2008.11.07	Fraudulent Security Program
Rising	21.02.32.00	2008.11.06	-
SecureWeb-Gateway	6.7.6	2008.11.06	-
Sophos	4.35.0	2008.11.07	-
Sunbelt	3.1.1783.2	2008.11.05	-
Symantec	10	2008.11.07	-
TheHacker	6.3.1.1.143	2008.11.07	-
TrendMicro	8.700.0.1004	2008.11.06	-
VBA32	3.12.8.9	2008.11.06	-
ViRobot	2008.11.6.1455	2008.11.06	-
VirusBuster	4.5.11.0	2008.11.06	-
Дополнительная информация
File size: 352256 bytes
MD5...: 9d175e378ad55e55c2637c4ded6d749e
SHA1..: 21da44fc2dd8541188d3a21ba4b0875b69edd6ac
SHA256: 6e85aceb0b90726d1032ed98ccfdc3508010936a7a621822d20c068264b6935d
SHA512: 1151b5faadc673f55281c275f0fdd34753025bed1e660b67c9b473143559c469
673b61f87fdae496cc99aa7c5af0982e5a5020354d10b8287569d3826a580300
PEiD..: -
```

----------


## Hanson

Файл csrss5.dll получен 2008.11.11 10:28:26 (CET)
Текущий статус:закончено
Результат: 12/36 (33.34%)



> Антивирус  	Версия  	Обновление  	Результат
> AhnLab-V3	2008.11.11.0	2008.11.10	-
> *AntiVir	7.9.0.29	2008.11.11	TR/Agent.rnn*
> Authentium	5.1.0.4	2008.11.11	-
> *Avast	4.8.1248.0	2008.11.10	Win32:Trojan-gen {Other}*
> AVG	8.0.0.161	2008.11.11	-
> *BitDefender	7.2	2008.11.11	Trojan.Generic.752223*
> CAT-QuickHeal	9.50	2008.11.11	-
> ClamAV	0.94.1	2008.11.11	-
> ...

----------


## Hanson

Файл *winctrl32.dll* получен 2008.11.12 09:56:22 (CET)
Текущий статус: закончено
Результат: 12/36 (33.33%)



> Антивирус 	Версия 	Обновление 	Результат
> AhnLab-V3 	2008.11.11.2 	2008.11.12 	-
> *AntiVir 	7.9.0.31 	2008.11.12 	TR/Dropper.Gen*
> Authentium 	5.1.0.4 	2008.11.12 	-
> *Avast 	4.8.1248.0 	2008.11.11 	Win32:Trojan-gen {Other}*
> *AVG 	8.0.0.161 	2008.11.11 	Win32/Heur
> BitDefender 	7.2 	2008.11.12 	Trojan.Dropper.Kobcka.Gen.1*
> CAT-QuickHeal 	9.50 	2008.11.12 	-
> ClamAV 	0.94.1 	2008.11.12 	-
> ...

----------


## kvit

```
Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3 	2008.11.13.2 	2008.11.13 	-
AntiVir 	7.9.0.31 	2008.11.13 	-
Authentium 	5.1.0.4 	2008.11.12 	-
Avast 	4.8.1248.0 	2008.11.12 	-
BitDefender 	7.2 	2008.11.13 	BehavesLike:Trojan.ShellObject
CAT-QuickHeal 	9.50 	2008.11.12 	-
ClamAV 	0.94.1 	2008.11.13 	-
DrWeb 	4.44.0.09170 	2008.11.13 	-
eSafe 	7.0.17.0 	2008.11.12 	-
eTrust-Vet 	31.6.6204 	2008.11.11 	-
Ewido 	4.0 	2008.11.12 	-
F-Prot 	4.4.4.56 	2008.11.12 	-
Fortinet 	3.117.0.0 	2008.11.13 	-
GData 	19 	2008.11.13 	-
Ikarus 	T3.1.1.45.0 	2008.11.13 	-
K7AntiVirus 	7.10.523 	2008.11.12 	-
Kaspersky 	7.0.0.125 	2008.11.13 	Trojan-Spy.Win32.Agent.evf
McAfee 	5432 	2008.11.13 	-
Microsoft 	1.4104 	2008.11.13 	-
NOD32 	3608 	2008.11.13 	-
Norman 	5.80.02 	2008.11.12 	-
Panda 	9.0.0.4 	2008.11.12 	Suspicious file
PCTools 	4.4.2.0 	2008.11.13 	-
Rising 	21.03.22.00 	2008.11.12 	-
SecureWeb-Gateway 	6.7.6 	2008.11.13 	-
Sophos 	4.35.0 	2008.11.13 	-
Sunbelt 	3.1.1785.2 	2008.11.11 	-
Symantec 	10 	2008.11.13 	-
TheHacker 	6.3.1.1.151 	2008.11.13 	-
TrendMicro 	8.700.0.1004 	2008.11.13 	-
VBA32 	3.12.8.9 	2008.11.12 	-
ViRobot 	2008.11.13.1464 	2008.11.13 	-
VirusBuster 	4.5.11.0 	2008.11.12 	-
Дополнительная информация
File size: 24064 bytes
MD5...: 58d3976c41012ebf512eecd22bb782b3
SHA1..: b2bfa3e3ca372f11f4c21df10565a9214e4cd141
SHA256: baf8f3ec9e95df5e367a5c0267a3f097f8da9ee9d8b1b914aab7cbc338b27b8e
SHA512: 9ebef0bbcc74f72933fcf560803b51b7d6ff23c3bc2a70d0e980e6de93dd008a
33e914b72def62a9b3cac455068dd745cf31cdd9c7de8a566e51a6507206899b
PEiD..: -
```

*Добавлено через 1 минуту*



```
Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3 	2008.11.13.0 	2008.11.13 	-
AntiVir 	7.9.0.31 	2008.11.13 	-
Authentium 	5.1.0.4 	2008.11.12 	-
Avast 	4.8.1248.0 	2008.11.12 	-
AVG 	8.0.0.199 	2008.11.12 	-
BitDefender 	7.2 	2008.11.13 	-
CAT-QuickHeal 	9.50 	2008.11.12 	-
ClamAV 	0.94.1 	2008.11.13 	-
DrWeb 	4.44.0.09170 	2008.11.13 	-
eSafe 	7.0.17.0 	2008.11.12 	-
eTrust-Vet 	31.6.6208 	2008.11.13 	-
Ewido 	4.0 	2008.11.12 	-
F-Prot 	4.4.4.56 	2008.11.12 	-
F-Secure 	8.0.14332.0 	2008.11.13 	Trojan-Spy.Win32.Agent.evj
Fortinet 	3.117.0.0 	2008.11.13 	-
GData 	19 	2008.11.13 	-
Ikarus 	T3.1.1.45.0 	2008.11.13 	-
K7AntiVirus 	7.10.523 	2008.11.12 	-
Kaspersky 	7.0.0.125 	2008.11.13 	Trojan-Spy.Win32.Agent.evj
McAfee 	5432 	2008.11.13 	-
Microsoft 	1.4104 	2008.11.13 	-
NOD32 	3608 	2008.11.13 	-
Norman 	5.80.02 	2008.11.12 	-
Panda 	9.0.0.4 	2008.11.12 	Suspicious file
PCTools 	4.4.2.0 	2008.11.13 	-
Prevx1 	V2 	2008.11.13 	-
Rising 	21.03.22.00 	2008.11.12 	-
SecureWeb-Gateway 	6.7.6 	2008.11.13 	-
Sophos 	4.35.0 	2008.11.13 	-
Sunbelt 	3.1.1785.2 	2008.11.11 	Virus.Win32.Agent.AJ (vf)
Symantec 	10 	2008.11.13 	-
TheHacker 	6.3.1.1.151 	2008.11.13 	-
TrendMicro 	8.700.0.1004 	2008.11.13 	-
VBA32 	3.12.8.9 	2008.11.12 	-
ViRobot 	2008.11.13.1464 	2008.11.13 	-
VirusBuster 	4.5.11.0 	2008.11.12 	-
Дополнительная информация
File size: 20480 bytes
MD5...: 9b9bc66a0b0de6fc3b3c24a8e98f2059
SHA1..: 33560b84a929114cbfcfbd91a6dce94edfc062ed
SHA256: b141c2cb4da0857eb5823e503802b4a680a4594a0fdde2a8ceba636cc6dfcb7d
SHA512: b59d52a798ada47efdfa54214d0f28ff554752c529fc505490b1ccc24ef04298
a32129994fd8c9f546beb2992c65a9fcda49b52d79b5b3200d9041351e63c968
PEiD..: -
```

*Добавлено через 1 минуту*



```
Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3 	2008.11.13.2 	2008.11.13 	-
AntiVir 	7.9.0.31 	2008.11.13 	TR/Crypt.XPACK.Gen
Authentium 	5.1.0.4 	2008.11.12 	W32/Ristix.A
Avast 	4.8.1248.0 	2008.11.12 	-
AVG 	8.0.0.199 	2008.11.12 	Win32/Heur
BitDefender 	7.2 	2008.11.13 	-
CAT-QuickHeal 	9.50 	2008.11.12 	-
ClamAV 	0.94.1 	2008.11.13 	-
DrWeb 	4.44.0.09170 	2008.11.13 	-
eSafe 	7.0.17.0 	2008.11.12 	-
eTrust-Vet 	31.6.6204 	2008.11.11 	-
Ewido 	4.0 	2008.11.12 	-
F-Prot 	4.4.4.56 	2008.11.12 	W32/Zbot.I.gen!Eldorado
F-Secure 	8.0.14332.0 	2008.11.13 	Worm.Win32.AutoRun.sff
Fortinet 	3.117.0.0 	2008.11.13 	-
GData 	19 	2008.11.13 	-
Ikarus 	T3.1.1.45.0 	2008.11.13 	Worm.Win32.AutoRun
K7AntiVirus 	7.10.523 	2008.11.12 	-
Kaspersky 	7.0.0.125 	2008.11.13 	Worm.Win32.AutoRun.sff
McAfee 	5432 	2008.11.13 	-
Microsoft 	1.4104 	2008.11.13 	Trojan:Win32/AgentBypass.gen!K
NOD32 	3608 	2008.11.13 	-
Norman 	5.80.02 	2008.11.12 	-
Panda 	9.0.0.4 	2008.11.12 	Suspicious file
PCTools 	4.4.2.0 	2008.11.13 	-
Prevx1 	V2 	2008.11.13 	-
Rising 	21.03.30.00 	2008.11.13 	-
SecureWeb-Gateway 	6.7.6 	2008.11.13 	Trojan.Crypt.XPACK.Gen
Sophos 	4.35.0 	2008.11.13 	-
Sunbelt 	3.1.1785.2 	2008.11.11 	-
Symantec 	10 	2008.11.13 	-
TheHacker 	6.3.1.1.151 	2008.11.13 	-
TrendMicro 	8.700.0.1004 	2008.11.13 	PAK_Generic.001
VBA32 	3.12.8.9 	2008.11.12 	Trojan.Autorun.gen
ViRobot 	2008.11.13.1464 	2008.11.13 	-
VirusBuster 	4.5.11.0 	2008.11.12 	-
Дополнительная информация
File size: 24770 bytes
MD5...: 0d3335954da589c4fefdf544f6696fcf
SHA1..: cbd67db5092407a32457a2f8cd17ef51f1908849
SHA256: 8fc81c6c9414346256d2d4edce75f653061b438e2c068bef3c8153ea4e5eb0ff
SHA512: c1125f47fc9c4268acca3e6e7f3574647b6f13e92cd5f4d1794e10f0ac45597c
4378a374185796ad43b45aa5e13e4f1c518ae3fd220fa3a1a39c1e5236ccd63a
PEiD..: -
```

*Добавлено через 5 минут*

и еще плюс один который вообще ни один антивирус не нашел...
тот который никто не находил:



> Ваш запрос был проанализирован. Запись о новом вирусе добавлена в базу.
> Вирус: Trojan.Blackmailer.291.

----------


## ISO

File clips01505.scr received on 11.13.2008 09:53:16 (CET)
Result: 11/36 (30.56%)



```
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2008.11.13.2	2008.11.13	-
AntiVir	7.9.0.31	2008.11.13	DR/Delphi.Gen
Authentium	5.1.0.4	2008.11.12	-
Avast	4.8.1248.0	2008.11.12	-
AVG	8.0.0.199	2008.11.12	Win32/Heur
BitDefender	7.2	2008.11.13	Trojan.Dropper.LdPinch.AO
CAT-QuickHeal	9.50	2008.11.12	TrojanPSW.LdPinch.abkf
ClamAV	0.94.1	2008.11.13	-
DrWeb	4.44.0.09170	2008.11.13	-
eSafe	7.0.17.0	2008.11.12	-
eTrust-Vet	31.6.6204	2008.11.11	-
Ewido	4.0	2008.11.12	-
F-Prot	4.4.4.56	2008.11.12	-
F-Secure	8.0.14332.0	2008.11.13	-
Fortinet	3.117.0.0	2008.11.13	-
GData	19	2008.11.13	Trojan.Dropper.LdPinch.AO
Ikarus	T3.1.1.45.0	2008.11.13	Downloader.Delphi
K7AntiVirus	7.10.523	2008.11.12	-
Kaspersky	7.0.0.125	2008.11.13	-
McAfee	5432	2008.11.13	-
Microsoft	1.4104	2008.11.13	-
NOD32	3609	2008.11.13	a variant of Win32/Injector.DT
Norman	5.80.02	2008.11.12	-
Panda	9.0.0.4	2008.11.12	-
PCTools	4.4.2.0	2008.11.13	-
Prevx1	V2	2008.11.13	-
Rising	21.03.30.00	2008.11.13	-
SecureWeb-Gateway	6.7.6	2008.11.13	Trojan.Dropper.Delphi.Gen
Sophos	4.35.0	2008.11.13	Troj/Merein-Gen
Sunbelt	3.1.1785.2	2008.11.11	Trojan-PSW.Win32.OnLineGames.AFLB (vf)
Symantec	10	2008.11.13	-
TheHacker	6.3.1.1.151	2008.11.13	-
TrendMicro	8.700.0.1004	2008.11.13	-
VBA32	3.12.8.9	2008.11.12	Malware-Cryptor.Win32.Xip
ViRobot	2008.11.13.1464	2008.11.13	-
VirusBuster	4.5.11.0	2008.11.12	-
```

Additional information
File size: 327680 bytes
MD5...: c0b52e992067fc43c7ac10cbabd0ee71
SHA1..: c57057305d14886dc6b9d236e7e69b29568ae04e
SHA256: 2f8ce5806dae02a5b76fb74c4e6e248178ae2caba458186336  d5ec1b9dc28084
SHA512: ead5c5f730793eb113c1a09f2fee8c4adda19d09e85959fdbd  a5c61d3b17b1ab
1b3d26d45534475edb67eb2e085203a7586999d5408441a525  1d88228fccbd0c

----------


## ISO

Файл virusscan.jotti.com из архива, скачанного по ссылке из этой темы http://virusinfo.info/showthread.php?t=33974
File 1.exe received on 11.17.2008 04:26:24 (CET)
Result: 9/35 (25.72%)



```
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2008.11.14.3	2008.11.17	-
AntiVir	7.9.0.31	2008.11.16	DR/Delphi.Gen
Authentium	5.1.0.4	2008.11.17	-
Avast	4.8.1281.0	2008.11.16	-
AVG	8.0.0.199	2008.11.16	-
BitDefender	7.2	2008.11.17	Trojan.Dropper.LdPinch.AO
CAT-QuickHeal	10.00	2008.11.15	-
ClamAV	0.94.1	2008.11.17	-
DrWeb	4.44.0.09170	2008.11.17	-
eSafe	7.0.17.0	2008.11.16	Suspicious File
eTrust-Vet	31.6.6210	2008.11.14	-
Ewido	4.0	2008.11.16	-
F-Prot	4.4.4.56	2008.11.16	-
F-Secure	8.0.14332.0	2008.11.17	Suspicious:W32/Malware!Gemini
Fortinet	3.117.0.0	2008.11.15	-
GData	19	2008.11.17	Trojan.Dropper.LdPinch.AO
Ikarus	T3.1.1.45.0	2008.11.17	AdWare.SoftLayer
K7AntiVirus	7.10.526	2008.11.15	-
Kaspersky	7.0.0.125	2008.11.17	-
McAfee	5436	2008.11.16	-
Microsoft	1.4104	2008.11.17	-
NOD32	3615	2008.11.15	-
Norman	5.80.02	2008.11.14	-
Panda	9.0.0.4	2008.11.16	Suspicious file
PCTools	4.4.2.0	2008.11.16	-
Rising	21.03.42.00	2008.11.14	-
SecureWeb-Gateway	6.7.6	2008.11.16	Trojan.Dropper.Delphi.Gen
Sophos	4.35.0	2008.11.17	-
Sunbelt	3.1.1801.2	2008.11.14	-
Symantec	10	2008.11.17	-
TheHacker	6.3.1.1.155	2008.11.15	-
TrendMicro	8.700.0.1004	2008.11.14	PAK_Generic.001
VBA32	3.12.8.9	2008.11.16	-
ViRobot	2008.11.17.1471	2008.11.17	-
VirusBuster	4.5.11.0	2008.11.16	-
```

Additional information
File size: 62976 bytes
MD5...: de69f09bc4d9365ddb519f7f14ba2d2e
SHA1..: a42d6fc76deb5bb39e4a6c8dbb9633885852622a
SHA256: 3a7930377eb4098d371827ba2c71892414afe9c7914b2fea36  cfe01767cfa738
SHA512: 9db02bdd920d39c8feed03f281101111945665b7fb4a01c650  e9fb694aa0a9da
d0fdbd3ec173280ef4f38c5252fa9ef37631cefd554214d272  aa42ba3fa908ad
PEiD..: UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification
Win32 Executable Generic (67.8%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
VXD Driver (0.2%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x422300
timedatestamp.....: 0x491ba782 (Thu Nov 13 04:05:22 200 :Cool: 
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x13000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x14000 0xf000 0xf000 7.98 1d00a1d0110c03fdcec46aaeee5c6102
.rsrc 0x23000 0x1000 0x400 2.87 3053439ba625a5a3f1e0b8e29556614f

( 3 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> crtdll.dll: _rmdir
> shlwapi.dll: PathAddBackslashA

( 0 exports )
packers (F-Prot): embedded, UPX_LZMA
packers (Kaspersky): UPX

----------


## Shu_b

File wupdate.exe received on 11.18.2008 07:57:55 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.18.0	2008.11.18	-
AntiVir	7.9.0.31	2008.11.17	HEUR/Crypted
Authentium	5.1.0.4	2008.11.18	-
Avast	4.8.1281.0	2008.11.17	-
AVG	8.0.0.199	2008.11.17	SHeur.CHGW
BitDefender	7.2	2008.11.18	-
CAT-QuickHeal	10.00	2008.11.17	(Suspicious) - DNAScan
ClamAV	0.94.1	2008.11.18	-
DrWeb	4.44.0.09170	2008.11.18	-
eSafe	7.0.17.0	2008.11.17	-
eTrust-Vet	31.6.6210	2008.11.14	-
Ewido	4.0	2008.11.17	-
F-Prot	4.4.4.56	2008.11.17	-
F-Secure	8.0.14332.0	2008.11.18	-
Fortinet	3.117.0.0	2008.11.18	-
GData	19	2008.11.18	-
Ikarus	T3.1.1.45.0	2008.11.18	Trojan.Crypt.ASPM
K7AntiVirus	7.10.526	2008.11.15	-
Kaspersky	7.0.0.125	2008.11.18	-
McAfee	5437	2008.11.17	-
Microsoft	1.4104	2008.11.17	Backdoor:Win32/Rbot.gen
NOD32	3620	2008.11.18	-
Norman	5.80.02	2008.11.17	-
Panda	9.0.0.4	2008.11.17	Suspicious file
PCTools	4.4.2.0	2008.11.17	-
Prevx1	V2	2008.11.18	-
Rising	21.04.10.00	2008.11.18	-
SecureWeb-Gateway	6.7.6	2008.11.18	Heuristic.Crypted
Sophos	4.35.0	2008.11.18	-
Sunbelt	3.1.1801.2	2008.11.14	-
Symantec	10	2008.11.18	-
TheHacker	6.3.1.1.157	2008.11.18	-
TrendMicro	8.700.0.1004	2008.11.18	-
VBA32	3.12.8.9	2008.11.17	-
ViRobot	2008.11.18.1473	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.17	-
Additional information
File size: 794624 bytes
```

*Добавлено через 6 часов 13 минут*

File ttuwj.sys received on 11.18.2008 14:11:55 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.18.2	2008.11.18	-
AntiVir	7.9.0.31	2008.11.18	TR/Rootkit.Gen
Authentium	5.1.0.4	2008.11.18	-
Avast	4.8.1281.0	2008.11.17	Win32:Rootkit-gen
AVG	8.0.0.199	2008.11.17	-
BitDefender	7.2	2008.11.18	-
CAT-QuickHeal	10.00	2008.11.18	-
ClamAV	0.94.1	2008.11.18	-
DrWeb	4.44.0.09170	2008.11.18	-
eSafe	7.0.17.0	2008.11.17	-
eTrust-Vet	31.6.6209	2008.11.14	-
Ewido	4.0	2008.11.18	-
F-Prot	4.4.4.56	2008.11.17	-
F-Secure	8.0.14332.0	2008.11.18	-
Fortinet	3.117.0.0	2008.11.18	-
GData	19	2008.11.18	Win32:Rootkit-gen
Ikarus	T3.1.1.45.0	2008.11.18	Backdoor.WinNT.Rustock
K7AntiVirus	7.10.526	2008.11.15	-
Kaspersky	7.0.0.125	2008.11.18	-
McAfee	5437	2008.11.17	-
Microsoft	1.4104	2008.11.17	Backdoor:WinNT/Rustock.H
NOD32	3621	2008.11.18	-
Norman	5.80.02	2008.11.18	W32/Rootkit.TFO
Panda	9.0.0.4	2008.11.17	Generic Malware
PCTools	4.4.2.0	2008.11.18	-
Prevx1	V2	2008.11.18	-
Rising	21.04.12.00	2008.11.18	-
SecureWeb-Gateway	6.7.6	2008.11.18	Trojan.Rootkit.Gen
Sophos	4.35.0	2008.11.18	-
Sunbelt	3.1.1801.2	2008.11.14	Trojan-GameThief.Win32.OnLineGames.TPC (vf)
Symantec	10	2008.11.18	-
TheHacker	6.3.1.1.157	2008.11.18	-
TrendMicro	8.700.0.1004	2008.11.18	-
VBA32	3.12.8.9	2008.11.17	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.17	-
```

Additional information
File size: 47104 bytes
MD5...: f39ed4922db5a0017a02f0dadfaac20a

*Добавлено через 33 минуты*

File wm9dap.dll received on 11.18.2008 14:32:37 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.18.2	2008.11.18	Win32/Bagle.worm.73728.F
AntiVir	7.9.0.31	2008.11.18	-
Authentium	5.1.0.4	2008.11.18	W32/Bongler-based!Maximus
Avast	4.8.1281.0	2008.11.17	Win32:Trojan-gen {Other}
AVG	8.0.0.199	2008.11.17	-
BitDefender	7.2	2008.11.18	Win32.Worm.Bagle.ZLT
CAT-QuickHeal	10.00	2008.11.18	-
ClamAV	0.94.1	2008.11.18	-
DrWeb	4.44.0.09170	2008.11.18	-
eSafe	7.0.17.0	2008.11.17	-
eTrust-Vet	31.6.6210	2008.11.14	-
Ewido	4.0	2008.11.18	-
F-Prot	4.4.4.56	2008.11.17	W32/Bongler-based!Maximus
F-Secure	8.0.14332.0	2008.11.18	-
Fortinet	3.117.0.0	2008.11.18	-
GData	19	2008.11.18	Win32.Worm.Bagle.ZLT
Ikarus	T3.1.1.45.0	2008.11.18	-
K7AntiVirus	7.10.526	2008.11.15	-
Kaspersky	7.0.0.125	2008.11.18	-
McAfee	5437	2008.11.17	-
Microsoft	1.4104	2008.11.17	-
NOD32	3621	2008.11.18	-
Norman	5.80.02	2008.11.18	-
Panda	9.0.0.4	2008.11.17	-
PCTools	4.4.2.0	2008.11.18	-
Prevx1	V2	2008.11.18	-
Rising	21.04.12.00	2008.11.18	-
SecureWeb-Gateway	6.7.6	2008.11.18	-
Sophos	4.35.0	2008.11.18	-
Sunbelt	3.1.1801.2	2008.11.14	-
Symantec	10	2008.11.18	-
TheHacker	6.3.1.1.157	2008.11.18	-
TrendMicro	8.700.0.1004	2008.11.18	-
VBA32	3.12.8.9	2008.11.18	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.17	-
```

Additional information
File size: 73728 bytes

*Добавлено через 5 минут*

File antiviruspro2009.exe received on 11.18.2008 14:43:59 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.18.2	2008.11.18	Win-Trojan/FakeAv.597323
AntiVir	7.9.0.31	2008.11.18	TR/Fakealert.HO
Authentium	5.1.0.4	2008.11.18	-
Avast	4.8.1281.0	2008.11.17	-
AVG	8.0.0.199	2008.11.17	Downloader.Zlob.AGXV
BitDefender	7.2	2008.11.18	-
CAT-QuickHeal	10.00	2008.11.18	-
ClamAV	0.94.1	2008.11.18	Trojan.FakeAV-17
DrWeb	4.44.0.09170	2008.11.18	-
eSafe	7.0.17.0	2008.11.17	-
eTrust-Vet	31.6.6209	2008.11.14	-
Ewido	4.0	2008.11.18	-
F-Prot	4.4.4.56	2008.11.17	-
F-Secure	8.0.14332.0	2008.11.18	-
Fortinet	3.117.0.0	2008.11.18	-
GData	19	2008.11.18	-
Ikarus	T3.1.1.45.0	2008.11.18	Trojan-Clicker.Win32.Klik
K7AntiVirus	7.10.526	2008.11.15	-
Kaspersky	7.0.0.125	2008.11.18	-
McAfee	5437	2008.11.17	Generic FakeAlert.d
Microsoft	1.4104	2008.11.17	Trojan:Win32/FakeRean
NOD32	3621	2008.11.18	a variant of Win32/TrojanDownloader.FakeAlert.FP
Norman	5.80.02	2008.11.18	-
Panda	9.0.0.4	2008.11.17	-
PCTools	4.4.2.0	2008.11.18	-
Prevx1	V2	2008.11.18	Malicious Software
Rising	21.04.12.00	2008.11.18	-
SecureWeb-Gateway	6.7.6	2008.11.18	Trojan.Fakealert.HO
Sophos	4.35.0	2008.11.18	Mal/Generic-A
Sunbelt	3.1.1801.2	2008.11.14	-
Symantec	10	2008.11.18	-
TheHacker	6.3.1.1.157	2008.11.18	-
TrendMicro	8.700.0.1004	2008.11.18	-
VBA32	3.12.8.9	2008.11.18	Trojan.Win32.FraudPack.gtt
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.17	-
```

Additional information
File size: 597323 bytes

----------


## Shu_b

File mschco.exe received on 11.19.2008 11:21:50 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.18.2	2008.11.19	-
AntiVir	7.9.0.34	2008.11.19	TR/ATRAPS.Gen
Authentium	5.1.0.4	2008.11.18	-
Avast	4.8.1281.0	2008.11.18	-
AVG	8.0.0.199	2008.11.19	Generic12.OIV
BitDefender	7.2	2008.11.19	BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal	10.00	2008.11.19	-
ClamAV	0.94.1	2008.11.19	-
DrWeb	4.44.0.09170	2008.11.19	-
eSafe	7.0.17.0	2008.11.18	-
eTrust-Vet	31.6.6217	2008.11.19	-
Ewido	4.0	2008.11.18	-
F-Prot	4.4.4.56	2008.11.18	-
F-Secure	8.0.14332.0	2008.11.19	W32/Malware
Fortinet	3.117.0.0	2008.11.19	-
GData	19	2008.11.19	BehavesLike:Win32.ExplorerHijack
Ikarus	T3.1.1.45.0	2008.11.19	Trojan-Dropper.Agent
K7AntiVirus	7.10.527	2008.11.18	-
Kaspersky	7.0.0.125	2008.11.19	Heur.Trojan.Generic
McAfee	5438	2008.11.18	-
Microsoft	1.4104	2008.11.19	-
NOD32	3623	2008.11.18	-
Norman	5.80.02	2008.11.18	W32/Malware
Panda	9.0.0.4	2008.11.19	Suspicious file
PCTools	4.4.2.0	2008.11.18	-
Prevx1	V2	2008.11.19	-
Rising	21.04.22.00	2008.11.19	-
SecureWeb-Gateway	6.7.6	2008.11.19	Trojan.ATRAPS.Gen
Sophos	4.35.0	2008.11.19	Mal/Behav-204
Sunbelt	3.1.1801.2	2008.11.14	-
Symantec	10	2008.11.19	-
TheHacker	6.3.1.1.158	2008.11.19	-
TrendMicro	8.700.0.1004	2008.11.19	-
VBA32	3.12.8.9	2008.11.18	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.18	-
```

Additional information
File size: 66560 bytes
MD5...: 07cf2d63869c7dd52e464e36cdece5ee

*Добавлено через 2 часа 40 минут*

File Client_gerda.exe received on 11.19.2008 14:12:39 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.18.2	2008.11.19	-
AntiVir	7.9.0.34	2008.11.19	-
Authentium	5.1.0.4	2008.11.18	-
Avast	4.8.1281.0	2008.11.18	-
AVG	8.0.0.199	2008.11.19	-
BitDefender	7.2	2008.11.19	-
CAT-QuickHeal	10.00	2008.11.19	-
ClamAV	0.94.1	2008.11.19	-
DrWeb	4.44.0.09170	2008.11.19	-
eSafe	7.0.17.0	2008.11.18	-
eTrust-Vet	31.6.6217	2008.11.19	-
Ewido	4.0	2008.11.18	-
F-Prot	4.4.4.56	2008.11.18	-
F-Secure	8.0.14332.0	2008.11.19	-
Fortinet	3.117.0.0	2008.11.19	-
GData	19	2008.11.19	-
Ikarus	T3.1.1.45.0	2008.11.19	-
K7AntiVirus	7.10.527	2008.11.18	-
Kaspersky	7.0.0.125	2008.11.19	-
McAfee	5438	2008.11.18	-
Microsoft	1.4104	2008.11.19	-
NOD32	3624	2008.11.19	a variant of Win32/Packed.Themida
Norman	5.80.02	2008.11.18	-
Panda	9.0.0.4	2008.11.19	-
PCTools	4.4.2.0	2008.11.19	-
Prevx1	V2	2008.11.19	-
Rising	21.04.22.00	2008.11.19	-
SecureWeb-Gateway	6.7.6	2008.11.19	Win32.EPO.gen (suspicious)
Sophos	4.35.0	2008.11.19	Sus/UnkPacker
Sunbelt	3.1.1801.2	2008.11.14	-
Symantec	10	2008.11.19	-
TheHacker	6.3.1.1.158	2008.11.19	-
TrendMicro	8.700.0.1004	2008.11.19	-
VBA32	3.12.8.9	2008.11.18	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.18	-
```

Additional information
File size: 2816512 bytes

*Добавлено через 8 минут*

File services.exe received on 11.19.2008 14:22:18 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.18.2	2008.11.19	-
AntiVir	7.9.0.34	2008.11.19	-
Authentium	5.1.0.4	2008.11.18	-
Avast	4.8.1281.0	2008.11.18	-
AVG	8.0.0.199	2008.11.19	Downloader.Generic_r.BT
BitDefender	7.2	2008.11.19	-
CAT-QuickHeal	10.00	2008.11.19	(Suspicious) - DNAScan
ClamAV	0.94.1	2008.11.19	-
DrWeb	4.44.0.09170	2008.11.19	-
eSafe	7.0.17.0	2008.11.18	-
eTrust-Vet	31.6.6217	2008.11.19	-
Ewido	4.0	2008.11.18	-
F-Prot	4.4.4.56	2008.11.18	-
F-Secure	8.0.14332.0	2008.11.19	-
Fortinet	3.117.0.0	2008.11.19	-
GData	19	2008.11.19	-
Ikarus	T3.1.1.45.0	2008.11.19	-
K7AntiVirus	7.10.527	2008.11.18	-
Kaspersky	7.0.0.125	2008.11.19	-
McAfee	5438	2008.11.18	-
Microsoft	1.4104	2008.11.19	-
NOD32	3624	2008.11.19	probably a variant of Win32/Kryptik.BJ
Norman	5.80.02	2008.11.18	-
Panda	9.0.0.4	2008.11.19	-
PCTools	4.4.2.0	2008.11.19	-
Prevx1	V2	2008.11.19	-
Rising	21.04.22.00	2008.11.19	-
SecureWeb-Gateway	6.7.6	2008.11.19	Trojan.LooksLike.Agent
Sophos	4.35.0	2008.11.19	-
Sunbelt	3.1.1801.2	2008.11.14	-
Symantec	10	2008.11.19	-
TheHacker	6.3.1.1.158	2008.11.19	-
TrendMicro	8.700.0.1004	2008.11.19	-
VBA32	3.12.8.9	2008.11.18	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.18	-
```

Additional information
File size: 43520 bytes
MD5...: f8250fd02168d36d7ecb6c6ba1429f45

----------


## Shu_b

File rs32net.exe received on 11.20.2008 11:48:48 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.20.3	2008.11.20	-
AntiVir	7.9.0.34	2008.11.20	TR/Dropper.Gen
Authentium	5.1.0.4	2008.11.20	-
Avast	4.8.1281.0	2008.11.19	-
AVG	8.0.0.199	2008.11.19	-
BitDefender	7.2	2008.11.20	-
CAT-QuickHeal	10.00	2008.11.20	-
ClamAV	0.94.1	2008.11.20	-
DrWeb	4.44.0.09170	2008.11.20	-
eSafe	7.0.17.0	2008.11.19	-
eTrust-Vet	31.6.6219	2008.11.20	-
Ewido	4.0	2008.11.19	-
F-Prot	4.4.4.56	2008.11.20	-
F-Secure	8.0.14332.0	2008.11.20	-
Fortinet	3.117.0.0	2008.11.20	-
GData	19	2008.11.20	-
Ikarus	T3.1.1.45.0	2008.11.20	-
K7AntiVirus	7.10.528	2008.11.19	-
Kaspersky	7.0.0.125	2008.11.20	-
McAfee	5439	2008.11.19	-
Microsoft	1.4104	2008.11.20	TrojanDropper:Win32/Cutwail.AL
NOD32	3626	2008.11.19	-
Norman	5.80.02	2008.11.19	-
Panda	9.0.0.4	2008.11.20	-
PCTools	4.4.2.0	2008.11.19	-
Prevx1	V2	2008.11.20	Malicious Software
Rising	21.04.32.00	2008.11.20	-
SecureWeb-Gateway	6.7.6	2008.11.20	Trojan.Dropper.Gen
Sophos	4.35.0	2008.11.20	Troj/Bravo-I
Sunbelt	3.1.1801.2	2008.11.14	-
Symantec	10	2008.11.20	-
TheHacker	6.3.1.1.159	2008.11.19	-
TrendMicro	8.700.0.1004	2008.11.20	-
VBA32	3.12.8.9	2008.11.19	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.19	-
```

Additional information
File size: 22528 bytes
MD5...: 5e14eee58af9bf39dd2c35177dd4fd97

*Добавлено через 21 минуту*

File RQRSPOVS.sys received on 11.20.2008 12:11:22 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.20.3	2008.11.20	-
AntiVir	7.9.0.34	2008.11.20	-
Authentium	5.1.0.4	2008.11.20	-
Avast	4.8.1281.0	2008.11.19	-
AVG	8.0.0.199	2008.11.19	-
BitDefender	7.2	2008.11.20	-
CAT-QuickHeal	10.00	2008.11.20	-
ClamAV	0.94.1	2008.11.20	-
DrWeb	4.44.0.09170	2008.11.20	-
eSafe	7.0.17.0	2008.11.19	-
eTrust-Vet	31.6.6219	2008.11.20	-
Ewido	4.0	2008.11.19	-
F-Prot	4.4.4.56	2008.11.20	-
F-Secure	8.0.14332.0	2008.11.20	-
Fortinet	3.117.0.0	2008.11.20	-
GData	19	2008.11.20	-
Ikarus	T3.1.1.45.0	2008.11.20	-
K7AntiVirus	7.10.528	2008.11.19	-
Kaspersky	7.0.0.125	2008.11.20	-
McAfee	5439	2008.11.19	-
Microsoft	1.4104	2008.11.20	-
NOD32	3627	2008.11.20	-
Norman	5.80.02	2008.11.19	-
Panda	9.0.0.4	2008.11.20	-
PCTools	4.4.2.0	2008.11.19	-
Prevx1	V2	2008.11.20	-
Rising	21.04.32.00	2008.11.20	-
SecureWeb-Gateway	6.7.6	2008.11.20	Trojan.LooksLike.Rootkit
Sophos	4.35.0	2008.11.20	-
Sunbelt	3.1.1801.2	2008.11.14	-
Symantec	10	2008.11.20	-
TheHacker	6.3.1.1.159	2008.11.19	-
TrendMicro	8.700.0.1004	2008.11.20	Cryp_Xed-3
VBA32	3.12.8.9	2008.11.19	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.19	-
```

Additional information
File size: 176640 bytes
MD5...: 7de9a3c67dc9c95275d594662bb7c993

*Добавлено через 15 минут*

File Microsoft Common\svchost.exe received on 11.20.2008 12:26:54 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.20.3	2008.11.20	-
AntiVir	7.9.0.34	2008.11.20	-
Authentium	5.1.0.4	2008.11.20	-
Avast	4.8.1281.0	2008.11.19	-
AVG	8.0.0.199	2008.11.19	SHeur2.CKX
BitDefender	7.2	2008.11.20	-
CAT-QuickHeal	10.00	2008.11.20	(Suspicious) - DNAScan
ClamAV	0.94.1	2008.11.20	-
DrWeb	4.44.0.09170	2008.11.20	-
eSafe	7.0.17.0	2008.11.19	-
eTrust-Vet	31.6.6219	2008.11.20	-
Ewido	4.0	2008.11.19	-
F-Prot	4.4.4.56	2008.11.20	-
F-Secure	8.0.14332.0	2008.11.20	W32/Zbot.BDS
Fortinet	3.117.0.0	2008.11.20	-
GData	19	2008.11.20	-
Ikarus	T3.1.1.45.0	2008.11.20	Trojan.Win32.AgentBypass
K7AntiVirus	7.10.528	2008.11.19	-
Kaspersky	7.0.0.125	2008.11.20	-
McAfee	5439	2008.11.19	-
Microsoft	1.4104	2008.11.20	Trojan:Win32/AgentBypass.gen!K
NOD32	3627	2008.11.20	-
Norman	5.80.02	2008.11.19	W32/Zbot.BDS
Panda	9.0.0.4	2008.11.20	-
PCTools	4.4.2.0	2008.11.19	-
Prevx1	V2	2008.11.20	-
Rising	21.04.32.00	2008.11.20	Worm.Win32.Agent.aaj
SecureWeb-Gateway	6.7.6	2008.11.20	Win32.NewMalware.HM!27136!4
Sophos	4.35.0	2008.11.20	-
Sunbelt	3.1.1801.2	2008.11.14	-
Symantec	10	2008.11.20	-
TheHacker	6.3.1.1.159	2008.11.19	-
TrendMicro	8.700.0.1004	2008.11.20	PAK_Generic.001
VBA32	3.12.8.9	2008.11.19	Worm.Win32.AutoRun.rjn
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.19	-
```

Additional information
File size: 27136 bytes

----------


## Phoenix

Предыдущая проверка кем-то на тотале была с результатом 10/36 от 12.11.2008.
Медленно реагируют господа аналитики...  :Angry: 

Файл mzlcjb.exe получен 2008.11.21 07:39:36 (CET)


```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.11.21.0	2008.11.20	-
AntiVir	7.9.0.34	2008.11.20	TR/Autoit.420098
Authentium	5.1.0.4	2008.11.20	-
Avast	4.8.1281.0	2008.11.20	Win32:Rootkit-gen
AVG	8.0.0.199	2008.11.20	Worm/Autoit.FOX
BitDefender	7.2	2008.11.21	-
CAT-QuickHeal	10.00	2008.11.21	-
ClamAV	0.94.1	2008.11.21	-
DrWeb	4.44.0.09170	2008.11.20	-
eSafe	7.0.17.0	2008.11.19	Win32.Autoit.fj
eTrust-Vet	31.6.6220	2008.11.21	-
Ewido	4.0	2008.11.20	-
F-Prot	4.4.4.56	2008.11.21	-
F-Secure	8.0.14332.0	2008.11.21	Trojan.Win32.Autoit.fj
Fortinet	3.117.0.0	2008.11.21	W32/Autoit.FJ!tr
GData	19	2008.11.21	Win32:Rootkit-gen
Ikarus	T3.1.1.45.0	2008.11.21	Trojan.Win32.Autoit.dt
K7AntiVirus	7.10.529	2008.11.20	-
Kaspersky	7.0.0.125	2008.11.21	Trojan.Win32.Autoit.fj
McAfee	5440	2008.11.20	-
Microsoft	1.4104	2008.11.21	Trojan:Win32/Meredrop
NOD32	3629	2008.11.21	-
Norman	5.80.02	2008.11.20	W32/Agent.JIIR
Panda	9.0.0.4	2008.11.20	W32/Sohanat.AS.worm
PCTools	4.4.2.0	2008.11.20	-
Prevx1	V2	2008.11.21	-
Rising	21.04.40.00	2008.11.21	-
SecureWeb-Gateway	6.7.6	2008.11.21	Trojan.Autoit.420098
Sophos	4.35.0	2008.11.20	Sus/Behav-1011
Sunbelt	3.1.1801.2	2008.11.14	-
Symantec	10	2008.11.21	W32.Harakit
TheHacker	6.3.1.1.159	2008.11.19	Trojan/Autoit.gs
TrendMicro	8.700.0.1004	2008.11.21	-
VBA32	3.12.8.9	2008.11.20	Trojan.Win32.Autoit.fj
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.20	Trojan.Autoit.ED
```

Дополнительная информация
File size: 420614 bytes
MD5...: 12a2b1e6075df82adb55b0091d0fb3f8
SHA1..: 2a73bbfe558ef5f7c7fecb991513598456d5609b
SHA256: c950a445c37e58538b1c64b28397b425d521eb2dacc73bd62e  9cb6a4e31eca76
SHA512: 4b36f77d26a396579fd1872171372f446dba448ea682cee6db  03614e8ea78d71<br>a47d33e7df9c34152d6cdc79f00be271  cf1d55a3cf706b54882bac8b383eb721
PEiD..: -
TrID..: File type identification<br>UPX compressed Win32 Executable (39.5%)<br>Win32 EXE Yoda's Crypter (34.3%)<br>Win32 Executable Generic (11.0%)<br>Win32 Dynamic Link Library (generic) (9.8%)<br>Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x490490<br>timedatestamp.....: 0x4850e379 (Thu Jun 12 08:51:05 200 :Cool: <br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0x58000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x59000 0x38000 0x37800 7.93 c8cb0c68e090a662ba2868cc32095c1b<br>.rsrc 0x91000 0x1000 0x600 3.31 d013d2373cc18dfe81eb1acfaa18d88b<br><br>( 13 imports ) <br>&gt; KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br>&gt; ADVAPI32.dll: RegCloseKey<br>&gt; COMCTL32.dll: ImageList_Create<br>&gt; comdlg32.dll: GetSaveFileNameW<br>&gt; GDI32.dll: LineTo<br>&gt; MPR.dll: WNetUseConnectionW<br>&gt; ole32.dll: CoInitialize<br>&gt; OLEAUT32.dll: -<br>&gt; SHELL32.dll: DragFinish<br>&gt; USER32.dll: GetDC<br>&gt; VERSION.dll: VerQueryValueW<br>&gt; WINMM.dll: timeGetTime<br>&gt; WSOCK32.dll: -<br><br>( 0 exports ) <br>
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX

----------


## Shu_b

File msansspc.dll received on 11.21.2008 08:39:34 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.21.0	2008.11.20	-
AntiVir	7.9.0.34	2008.11.20	-
Authentium	5.1.0.4	2008.11.20	-
Avast	4.8.1281.0	2008.11.20	-
AVG	8.0.0.199	2008.11.20	-
BitDefender	7.2	2008.11.21	-
CAT-QuickHeal	10.00	2008.11.21	-
ClamAV	0.94.1	2008.11.21	-
DrWeb	4.44.0.09170	2008.11.20	Trojan.Inject.4675
eSafe	7.0.17.0	2008.11.19	Suspicious File
eTrust-Vet	31.6.6219	2008.11.20	-
Ewido	4.0	2008.11.20	-
F-Prot	4.4.4.56	2008.11.21	-
F-Secure	8.0.14332.0	2008.11.21	-
Fortinet	3.117.0.0	2008.11.21	-
GData	19	2008.11.21	-
Ikarus	T3.1.1.45.0	2008.11.21	-
K7AntiVirus	7.10.529	2008.11.20	-
Kaspersky	7.0.0.125	2008.11.21	Backdoor.Win32.Small.gsc
McAfee	5440	2008.11.20	-
Microsoft	1.4104	2008.11.21	-
NOD32	3629	2008.11.21	-
Norman	5.80.02	2008.11.20	-
Panda	9.0.0.4	2008.11.20	-
PCTools	4.4.2.0	2008.11.20	-
Prevx1	V2	2008.11.21	-
Rising	21.04.40.00	2008.11.21	Trojan.Win32.Undef.tap
SecureWeb-Gateway	6.7.6	2008.11.21	-
Sophos	4.35.0	2008.11.20	-
Sunbelt	3.1.1801.2	2008.11.14	-
Symantec	10	2008.11.21	-
TheHacker	6.3.1.1.159	2008.11.19	-
TrendMicro	8.700.0.1004	2008.11.21	-
VBA32	3.12.8.9	2008.11.20	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.20	-
```

Additional information
File size: 28160 bytes
MD5...: f0f3bf172996b2ae0dd399b7119f94a1

*Добавлено через 1 минуту*

File ie567.dll received on 11.21.2008 08:53:15 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.21.0	2008.11.20	-
AntiVir	7.9.0.34	2008.11.21	-
Authentium	5.1.0.4	2008.11.20	W32/Heuristic-KPP!Eldorado
Avast	4.8.1281.0	2008.11.20	-
AVG	8.0.0.199	2008.11.20	-
BitDefender	7.2	2008.11.21	-
CAT-QuickHeal	10.00	2008.11.21	Win32.TrojanSpy.Hitpop.gen!C.6
ClamAV	0.94.1	2008.11.21	-
DrWeb	4.44.0.09170	2008.11.21	-
eSafe	7.0.17.0	2008.11.19	-
eTrust-Vet	31.6.6220	2008.11.21	-
Ewido	4.0	2008.11.20	-
F-Prot	4.4.4.56	2008.11.21	W32/Heuristic-KPP!Eldorado
F-Secure	8.0.14332.0	2008.11.21	-
Fortinet	3.117.0.0	2008.11.21	-
GData	19	2008.11.21	-
Ikarus	T3.1.1.45.0	2008.11.21	-
K7AntiVirus	7.10.529	2008.11.20	-
Kaspersky	7.0.0.125	2008.11.21	-
McAfee	5440	2008.11.20	-
Microsoft	1.4104	2008.11.21	-
NOD32	3629	2008.11.21	-
Norman	5.80.02	2008.11.20	W32/Malware.EJQN
Panda	9.0.0.4	2008.11.20	Suspicious file
PCTools	4.4.2.0	2008.11.20	-
Prevx1	V2	2008.11.21	Worm
Rising	21.04.40.00	2008.11.21	AdWare.Win32.Mnless.aof
SecureWeb-Gateway	6.7.6	2008.11.21	-
Sophos	4.35.0	2008.11.20	Mal/Behav-304
Sunbelt	3.1.1823.2	2008.11.21	-
Symantec	10	2008.11.21	-
TheHacker	6.3.1.1.159	2008.11.19	-
TrendMicro	8.700.0.1004	2008.11.21	-
VBA32	3.12.8.9	2008.11.20	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.20	-
```

Additional information
File size: 46592 bytes

*Добавлено через 7 минут*

File qyklib.dll received on 11.21.2008 09:05:51 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.21.0	2008.11.20	-
AntiVir	7.9.0.34	2008.11.21	-
Authentium	5.1.0.4	2008.11.20	-
Avast	4.8.1281.0	2008.11.20	-
AVG	8.0.0.199	2008.11.20	-
BitDefender	7.2	2008.11.21	-
CAT-QuickHeal	10.00	2008.11.21	-
ClamAV	0.94.1	2008.11.21	-
DrWeb	4.44.0.09170	2008.11.21	Trojan.Virtumod.852
eSafe	7.0.17.0	2008.11.19	-
eTrust-Vet	31.6.6220	2008.11.21	-
Ewido	4.0	2008.11.20	-
F-Prot	4.4.4.56	2008.11.21	-
F-Secure	8.0.14332.0	2008.11.21	Trojan-Downloader.Win32.BHO.zt
Fortinet	3.117.0.0	2008.11.21	-
GData	19	2008.11.21	-
Ikarus	T3.1.1.45.0	2008.11.21	-
K7AntiVirus	7.10.529	2008.11.20	-
Kaspersky	7.0.0.125	2008.11.21	Trojan-Downloader.Win32.BHO.zt
McAfee	5440	2008.11.20	-
Microsoft	1.4104	2008.11.21	-
NOD32	3629	2008.11.21	-
Norman	5.80.02	2008.11.20	-
Panda	9.0.0.4	2008.11.20	-
PCTools	4.4.2.0	2008.11.20	-
Prevx1	V2	2008.11.21	-
Rising	21.04.40.00	2008.11.21	-
SecureWeb-Gateway	6.7.6	2008.11.21	-
Sophos	4.35.0	2008.11.20	-
Sunbelt	3.1.1823.2	2008.11.21	-
Symantec	10	2008.11.21	-
TheHacker	6.3.1.1.159	2008.11.19	-
TrendMicro	8.700.0.1004	2008.11.21	-
VBA32	3.12.8.9	2008.11.20	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.20	-
```

Additional information
File size: 330240 bytes
MD5...: 3ef71d8bb7020a5b2850fe47d5a62a49

*Добавлено через 3 минуты*

File avz00003.dta received on 11.21.2008 09:06:51 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.21.0	2008.11.20	-
AntiVir	7.9.0.34	2008.11.21	-
Authentium	5.1.0.4	2008.11.20	-
Avast	4.8.1281.0	2008.11.20	-
AVG	8.0.0.199	2008.11.20	Win32/Heur
BitDefender	7.2	2008.11.21	-
CAT-QuickHeal	10.00	2008.11.21	(Suspicious) - DNAScan
ClamAV	0.94.1	2008.11.21	-
DrWeb	4.44.0.09170	2008.11.21	-
eSafe	7.0.17.0	2008.11.19	Suspicious File
eTrust-Vet	31.6.6220	2008.11.21	-
Ewido	4.0	2008.11.20	-
F-Prot	4.4.4.56	2008.11.21	-
F-Secure	8.0.14332.0	2008.11.21	Trojan.Win32.Agent.aouk
Fortinet	3.117.0.0	2008.11.21	-
GData	19	2008.11.21	-
Ikarus	T3.1.1.45.0	2008.11.21	Backdoor.Win32.Momibot
K7AntiVirus	7.10.529	2008.11.20	-
Kaspersky	7.0.0.125	2008.11.21	Trojan.Win32.Agent.aouk
McAfee	5440	2008.11.20	-
Microsoft	1.4104	2008.11.21	Backdoor:Win32/Momibot.gen!B
NOD32	3629	2008.11.21	-
Norman	5.80.02	2008.11.20	-
Panda	9.0.0.4	2008.11.20	-
PCTools	4.4.2.0	2008.11.20	-
Prevx1	V2	2008.11.21	-
Rising	21.04.40.00	2008.11.21	-
SecureWeb-Gateway	6.7.6	2008.11.21	-
Sophos	4.35.0	2008.11.20	-
Sunbelt	3.1.1823.2	2008.11.21	-
Symantec	10	2008.11.21	-
TheHacker	6.3.1.1.159	2008.11.19	-
TrendMicro	8.700.0.1004	2008.11.21	-
VBA32	3.12.8.9	2008.11.20	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.20	-
```

Additional information
File size: 42496 bytes

*Добавлено через 9 минут*

File msvcrt48.dll received on 11.21.2008 09:16:54 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.21.0	2008.11.20	-
AntiVir	7.9.0.34	2008.11.21	-
Authentium	5.1.0.4	2008.11.20	-
Avast	4.8.1281.0	2008.11.20	-
AVG	8.0.0.199	2008.11.20	PSW.Agent.WGY
BitDefender	7.2	2008.11.21	-
CAT-QuickHeal	10.00	2008.11.21	-
ClamAV	0.94.1	2008.11.21	-
DrWeb	4.44.0.09170	2008.11.21	-
eSafe	7.0.17.0	2008.11.19	-
eTrust-Vet	31.6.6220	2008.11.21	-
Ewido	4.0	2008.11.20	-
F-Prot	4.4.4.56	2008.11.21	-
F-Secure	8.0.14332.0	2008.11.21	Trojan-Spy.Win32.Agent.eyl
Fortinet	3.117.0.0	2008.11.21	Spy/Agent
GData	19	2008.11.21	-
Ikarus	T3.1.1.45.0	2008.11.21	-
K7AntiVirus	7.10.529	2008.11.20	-
Kaspersky	7.0.0.125	2008.11.21	Trojan-Spy.Win32.Agent.eyl
McAfee	5440	2008.11.20	-
Microsoft	1.4104	2008.11.21	-
NOD32	3629	2008.11.21	-
Norman	5.80.02	2008.11.20	-
Panda	9.0.0.4	2008.11.20	Suspicious file
PCTools	4.4.2.0	2008.11.20	-
Prevx1	V2	2008.11.21	-
Rising	21.04.40.00	2008.11.21	-
SecureWeb-Gateway	6.7.6	2008.11.21	-
Sophos	4.35.0	2008.11.20	-
Sunbelt	3.1.1823.2	2008.11.21	-
Symantec	10	2008.11.21	-
TheHacker	6.3.1.1.159	2008.11.19	-
TrendMicro	8.700.0.1004	2008.11.21	-
VBA32	3.12.8.9	2008.11.20	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.20	-
```

Additional information
File size: 20480 bytes

*Добавлено через 1 минуту*

File msconfig.exe received on 11.21.2008 09:17:48 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.21.0	2008.11.20	-
AntiVir	7.9.0.34	2008.11.21	TR/Dropper.Gen
Authentium	5.1.0.4	2008.11.20	-
Avast	4.8.1281.0	2008.11.20	-
AVG	8.0.0.199	2008.11.20	-
BitDefender	7.2	2008.11.21	-
CAT-QuickHeal	10.00	2008.11.21	TrojanDropper.Agent.zaq
ClamAV	0.94.1	2008.11.21	-
DrWeb	4.44.0.09170	2008.11.21	-
eSafe	7.0.17.0	2008.11.19	-
eTrust-Vet	31.6.6219	2008.11.20	-
Ewido	4.0	2008.11.20	-
F-Prot	4.4.4.56	2008.11.21	-
F-Secure	8.0.14332.0	2008.11.21	Trojan-Dropper.Win32.Agent.zxz
Fortinet	3.117.0.0	2008.11.21	-
GData	19	2008.11.21	-
Ikarus	T3.1.1.45.0	2008.11.21	-
K7AntiVirus	7.10.529	2008.11.20	-
Kaspersky	7.0.0.125	2008.11.21	Trojan-Dropper.Win32.Agent.zxz
McAfee	5440	2008.11.20	-
Microsoft	1.4104	2008.11.21	-
NOD32	3629	2008.11.21	-
Norman	5.80.02	2008.11.20	-
Panda	9.0.0.4	2008.11.20	Suspicious file
PCTools	4.4.2.0	2008.11.20	-
Prevx1	V2	2008.11.21	-
Rising	21.04.40.00	2008.11.21	-
SecureWeb-Gateway	6.7.6	2008.11.21	Trojan.Dropper.Gen
Sophos	4.35.0	2008.11.20	-
Sunbelt	3.1.1823.2	2008.11.21	-
Symantec	10	2008.11.21	-
TheHacker	6.3.1.1.159	2008.11.19	-
TrendMicro	8.700.0.1004	2008.11.21	-
VBA32	3.12.8.9	2008.11.20	Trojan-Dropper.Win32.Agent.zaq
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.20	-
```

Additional information
File size: 25088 bytes

*Добавлено через 20 минут*

File 1.tmp received on 11.21.2008 09:40:18 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.21.0	2008.11.21	-
AntiVir	7.9.0.34	2008.11.21	-
Authentium	5.1.0.4	2008.11.20	-
Avast	4.8.1281.0	2008.11.20	-
AVG	8.0.0.199	2008.11.20	-
BitDefender	7.2	2008.11.21	-
CAT-QuickHeal	10.00	2008.11.21	-
ClamAV	0.94.1	2008.11.21	-
DrWeb	4.44.0.09170	2008.11.21	Trojan.EmailSpy.origin
eSafe	7.0.17.0	2008.11.19	-
eTrust-Vet	31.6.6220	2008.11.21	-
Ewido	4.0	2008.11.20	-
F-Prot	4.4.4.56	2008.11.21	-
F-Secure	8.0.14332.0	2008.11.21	-
Fortinet	3.117.0.0	2008.11.21	-
GData	19	2008.11.21	-
Ikarus	T3.1.1.45.0	2008.11.21	Trojan-PWS.Win32.LdPinch
K7AntiVirus	7.10.529	2008.11.20	-
Kaspersky	7.0.0.125	2008.11.21	-
McAfee	5440	2008.11.20	-
Microsoft	1.4104	2008.11.21	-
NOD32	3629	2008.11.21	-
Norman	5.80.02	2008.11.20	-
Panda	9.0.0.4	2008.11.20	-
PCTools	4.4.2.0	2008.11.20	-
Prevx1	V2	2008.11.21	-
Rising	21.04.40.00	2008.11.21	-
SecureWeb-Gateway	6.7.6	2008.11.21	-
Sophos	4.35.0	2008.11.20	-
Sunbelt	3.1.1823.2	2008.11.21	-
Symantec	10	2008.11.21	-
TheHacker	6.3.1.1.159	2008.11.19	-
TrendMicro	8.700.0.1004	2008.11.21	-
VBA32	3.12.8.9	2008.11.20	suspected of Email-Worm.Bagle.2 (paranoid heuristics)
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.20	-
```

Additional information
File size: 17408 bytes

*Добавлено через 2 часа 29 минут*

File twext.exe received on 11.21.2008 12:10:31 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.21.0	2008.11.21	-
AntiVir	7.9.0.34	2008.11.21	-
Authentium	5.1.0.4	2008.11.20	-
Avast	4.8.1281.0	2008.11.20	Win32:Rootkit-gen
AVG	8.0.0.199	2008.11.20	Win32/Heur
BitDefender	7.2	2008.11.21	-
CAT-QuickHeal	10.00	2008.11.21	-
ClamAV	0.94.1	2008.11.21	-
DrWeb	4.44.0.09170	2008.11.21	-
eSafe	7.0.17.0	2008.11.19	-
eTrust-Vet	31.6.6221	2008.11.21	-
Ewido	4.0	2008.11.20	-
F-Prot	4.4.4.56	2008.11.21	W32/Tibs.AA.gen!Eldorado
F-Secure	8.0.14332.0	2008.11.21	-
Fortinet	3.117.0.0	2008.11.21	-
GData	19	2008.11.21	Win32:Rootkit-gen
Ikarus	T3.1.1.45.0	2008.11.21	-
K7AntiVirus	7.10.529	2008.11.20	-
Kaspersky	7.0.0.125	2008.11.21	-
McAfee	5440	2008.11.20	PWS-Zbot.gen.c
McAfee+Artemis	5440	2008.11.20	PWS-Zbot.gen.c
Microsoft	1.4104	2008.11.21	-
NOD32	3629	2008.11.21	-
Norman	5.80.02	2008.11.20	W32/Malware.EMMQ
Panda	9.0.0.4	2008.11.20	Suspicious file
PCTools	4.4.2.0	2008.11.20	-
Prevx1	V2	2008.11.21	-
Rising	21.04.42.00	2008.11.21	-
SecureWeb-Gateway	6.7.6	2008.11.21	-
Sophos	4.35.0	2008.11.21	-
Sunbelt	3.1.1823.2	2008.11.21	-
Symantec	10	2008.11.21	-
TheHacker	6.3.1.1.159	2008.11.19	-
TrendMicro	8.700.0.1004	2008.11.21	-
VBA32	3.12.8.9	2008.11.20	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.20	-
```

Additional information
File size: 180224 bytes
MD5...: 76cd24722cdae9e4d955d8c5f76577d9

----------


## Shu_b

File MyCentriaInfoBar.dll received on 11.24.2008 07:30:28 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.21.0	2008.11.24	-
AntiVir	7.9.0.35	2008.11.23	-
Authentium	5.1.0.4	2008.11.24	-
Avast	4.8.1281.0	2008.11.23	-
AVG	8.0.0.199	2008.11.23	Generic.BK
BitDefender	7.2	2008.11.24	-
CAT-QuickHeal	10.00	2008.11.24	-
ClamAV	0.94.1	2008.11.24	-
DrWeb	4.44.0.09170	2008.11.24	-
eSafe	7.0.17.0	2008.11.23	-
eTrust-Vet	31.6.6222	2008.11.22	-
Ewido	4.0	2008.11.23	-
F-Prot	4.4.4.56	2008.11.24	-
F-Secure	8.0.14332.0	2008.11.24	-
Fortinet	3.117.0.0	2008.11.23	-
GData	19	2008.11.24	-
Ikarus	T3.1.1.45.0	2008.11.24	-
K7AntiVirus	7.10.531	2008.11.22	-
Kaspersky	7.0.0.125	2008.11.24	-
McAfee	5443	2008.11.23	-
McAfee+Artemis	5443	2008.11.23	-
Microsoft	1.4104	2008.11.24	-
NOD32	3633	2008.11.24	a variant of Win32/Adware.Mycentria.AA
Norman	5.80.02	2008.11.22	-
Panda	9.0.0.4	2008.11.23	-
PCTools	4.4.2.0	2008.11.23	-
Prevx1	V2	2008.11.24	-
Rising	21.05.00.00	2008.11.24	-
SecureWeb-Gateway	6.7.6	2008.11.23	Worm.Win32.Malware.gen (suspicious)
Sophos	4.35.0	2008.11.24	-
Sunbelt	3.1.1823.2	2008.11.22	VIPRE.Suspicious
Symantec	10	2008.11.24	-
TheHacker	6.3.1.1.160	2008.11.23	-
TrendMicro	8.700.0.1004	2008.11.24	-
VBA32	3.12.8.9	2008.11.23	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.23	-
```

Additional information
File size: 677888 bytes
MD5...: 2865574dfa36fe62154efe8f35ef58c8

*Добавлено через 1 минуту*

File qlylib.dll received on 11.24.2008 07:30:07 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.21.0	2008.11.24	-
AntiVir	7.9.0.35	2008.11.23	-
Authentium	5.1.0.4	2008.11.24	-
Avast	4.8.1281.0	2008.11.23	-
AVG	8.0.0.199	2008.11.23	-
BitDefender	7.2	2008.11.24	-
CAT-QuickHeal	10.00	2008.11.24	-
ClamAV	0.94.1	2008.11.24	-
DrWeb	4.44.0.09170	2008.11.24	Trojan.Blackmailer.origin
eSafe	7.0.17.0	2008.11.23	-
eTrust-Vet	31.6.6221	2008.11.21	-
Ewido	4.0	2008.11.23	-
F-Prot	4.4.4.56	2008.11.24	-
F-Secure	8.0.14332.0	2008.11.24	Trojan-Ransom.Win32.Hexzone.gfz
Fortinet	3.117.0.0	2008.11.23	-
GData	19	2008.11.24	-
Ikarus	T3.1.1.45.0	2008.11.24	-
K7AntiVirus	7.10.531	2008.11.22	-
Kaspersky	7.0.0.125	2008.11.24	Trojan-Ransom.Win32.Hexzone.gfz
McAfee	5443	2008.11.23	-
McAfee+Artemis	5443	2008.11.23	-
Microsoft	1.4104	2008.11.24	-
NOD32	3633	2008.11.24	-
Norman	5.80.02	2008.11.22	-
Panda	9.0.0.4	2008.11.23	-
PCTools	4.4.2.0	2008.11.23	-
Prevx1	V2	2008.11.24	-
Rising	21.05.00.00	2008.11.24	-
SecureWeb-Gateway	6.7.6	2008.11.23	-
Sophos	4.35.0	2008.11.24	-
Sunbelt	3.1.1823.2	2008.11.22	-
Symantec	10	2008.11.24	-
TheHacker	6.3.1.1.160	2008.11.23	-
TrendMicro	8.700.0.1004	2008.11.24	-
VBA32	3.12.8.9	2008.11.23	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.23	-
```

Additional information
File size: 318976 bytes
MD5...: 1ea079abbcc15c884c25ee73f41e4b77

*Добавлено через 1 час 0 минут*

File csrcs.exe received on 11.24.2008 10:12:28 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.21.0	2008.11.24	-
AntiVir	7.9.0.35	2008.11.24	TR/Autoit.FN
Authentium	5.1.0.4	2008.11.24	-
Avast	4.8.1281.0	2008.11.23	-
AVG	8.0.0.199	2008.11.23	-
BitDefender	7.2	2008.11.24	-
CAT-QuickHeal	10.00	2008.11.24	-
ClamAV	0.94.1	2008.11.24	-
DrWeb	4.44.0.09170	2008.11.24	Win32.HLLW.Autoruner.3438
eSafe	7.0.17.0	2008.11.23	Suspicious File
eTrust-Vet	31.6.6225	2008.11.24	-
Ewido	4.0	2008.11.23	-
F-Prot	4.4.4.56	2008.11.24	-
F-Secure	8.0.14332.0	2008.11.24	Trojan.Win32.Autoit.fn
Fortinet	3.117.0.0	2008.11.24	-
GData	19	2008.11.24	-
Ikarus	T3.1.1.45.0	2008.11.24	Trojan.Win32.Autoit.dt
K7AntiVirus	7.10.531	2008.11.22	-
Kaspersky	7.0.0.125	2008.11.24	Trojan.Win32.Autoit.fn
McAfee	5443	2008.11.23	-
McAfee+Artemis	5443	2008.11.23	-
Microsoft	1.4104	2008.11.24	-
NOD32	3634	2008.11.24	-
Norman	5.80.02	2008.11.22	W32/Agent.JIIR
Panda	9.0.0.4	2008.11.23	-
PCTools	4.4.2.0	2008.11.23	-
Prevx1	V2	2008.11.24	-
Rising	21.05.00.00	2008.11.24	-
SecureWeb-Gateway	6.7.6	2008.11.24	Trojan.Autoit.FN
Sophos	4.35.0	2008.11.24	Sus/Behav-1011
Sunbelt	3.1.1823.2	2008.11.22	-
Symantec	10	2008.11.24	-
TheHacker	6.3.1.1.161	2008.11.24	Trojan/Autoit.gs
TrendMicro	8.700.0.1004	2008.11.24	-
VBA32	3.12.8.9	2008.11.23	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.23	-
```

Additional information
File size: 420170 bytes
MD5...: 6c34e59430cbe53274744841c5edb554

----------


## Hanson

File *twext.exe* received on 11.25.2008 07:14:53 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 14/37 (37.84%)




> Antivirus  	Version  	Last Update  	Result
> AhnLab-V3	2008.11.24.3	2008.11.25	-
> AntiVir	7.9.0.35	2008.11.24	-
> Authentium	5.1.0.4	2008.11.24	-
> *Avast	4.8.1281.0	2008.11.24	Win32:Rootkit-gen
> AVG	8.0.0.199	2008.11.24	Agent.AMGG*
> BitDefender	7.2	2008.11.25	-
> CAT-QuickHeal	10.00	2008.11.25	-
> ClamAV	0.94.1	2008.11.25	-
> ...

----------


## Shu_b

File dezubebo.dll received on 11.25.2008 12:10:38 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.24.3	2008.11.25	-
AntiVir	7.9.0.35	2008.11.25	-
Authentium	5.1.0.4	2008.11.25	-
Avast	4.8.1281.0	2008.11.24	-
AVG	8.0.0.199	2008.11.24	-
BitDefender	7.2	2008.11.25	-
CAT-QuickHeal	10.00	2008.11.25	-
ClamAV	0.94.1	2008.11.25	-
DrWeb	4.44.0.09170	2008.11.25	-
eSafe	7.0.17.0	2008.11.24	Suspicious File
eTrust-Vet	31.6.6227	2008.11.25	-
Ewido	4.0	2008.11.24	-
F-Prot	4.4.4.56	2008.11.24	-
F-Secure	8.0.14332.0	2008.11.25	-
Fortinet	3.117.0.0	2008.11.25	-
GData	19	2008.11.25	-
Ikarus	T3.1.1.45.0	2008.11.25	-
K7AntiVirus	7.10.532	2008.11.24	-
Kaspersky	7.0.0.125	2008.11.25	-
McAfee	5444	2008.11.24	-
McAfee+Artemis	5444	2008.11.24	-
Microsoft	1.4104	2008.11.25	-
Norman	5.80.02	2008.11.25	-
Panda	9.0.0.4	2008.11.24	Suspicious file
PCTools	4.4.2.0	2008.11.24	-
Prevx1	V2	2008.11.25	Malicious Software
Rising	21.05.12.00	2008.11.25	Trojan.Win32.VUNDO.bug
SecureWeb-Gateway	6.7.6	2008.11.25	Win32.Malware.gen!92 (suspicious)
Sophos	4.35.0	2008.11.25	Troj/Virtum-Gen
Sunbelt	3.1.1823.2	2008.11.22	-
Symantec	10	2008.11.25	-
TheHacker	6.3.1.1.162	2008.11.25	-
TrendMicro	8.700.0.1004	2008.11.25	-
VBA32	3.12.8.9	2008.11.24	-
ViRobot	2008.11.25.1485	2008.11.25	-
VirusBuster	4.5.11.0	2008.11.24	-
```

Additional information
File size: 93238 bytes
MD5...: 61607392528b27274c81bbaacfc10f50

*Добавлено через 2 минуты*

File junefare.dll vakumene.dll vebimayo.dll received on 11.25.2008 12:10:23 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.24.3	2008.11.25	-
AntiVir	7.9.0.35	2008.11.25	-
Authentium	5.1.0.4	2008.11.25	-
Avast	4.8.1281.0	2008.11.24	-
AVG	8.0.0.199	2008.11.24	-
BitDefender	7.2	2008.11.25	-
CAT-QuickHeal	10.00	2008.11.25	-
ClamAV	0.94.1	2008.11.25	-
DrWeb	4.44.0.09170	2008.11.25	-
eSafe	7.0.17.0	2008.11.24	Suspicious File
eTrust-Vet	31.6.6227	2008.11.25	-
Ewido	4.0	2008.11.24	-
F-Prot	4.4.4.56	2008.11.24	-
F-Secure	8.0.14332.0	2008.11.25	-
Fortinet	3.117.0.0	2008.11.25	-
GData	19	2008.11.25	-
Ikarus	T3.1.1.45.0	2008.11.25	-
K7AntiVirus	7.10.532	2008.11.24	-
Kaspersky	7.0.0.125	2008.11.25	-
McAfee	5444	2008.11.24	-
McAfee+Artemis	5444	2008.11.24	-
Microsoft	1.4104	2008.11.25	TrojanDownloader:Win32/Agent.F
NOD32	3638	2008.11.25	a variant of Win32/Adware.Virtumonde.NDI
Norman	5.80.02	2008.11.25	-
Panda	9.0.0.4	2008.11.24	-
PCTools	4.4.2.0	2008.11.24	-
Prevx1	V2	2008.11.25	-
Rising	21.05.12.00	2008.11.25	Trojan.Win32.VUNDO.btg
SecureWeb-Gateway	6.7.6	2008.11.25	Win32.Malware.gen!92 (suspicious)
Sophos	4.35.0	2008.11.25	-
Sunbelt	3.1.1823.2	2008.11.22	-
Symantec	10	2008.11.25	-
TheHacker	6.3.1.1.162	2008.11.25	-
TrendMicro	8.700.0.1004	2008.11.25	-
VBA32	3.12.8.9	2008.11.24	-
ViRobot	2008.11.25.1485	2008.11.25	-
VirusBuster	4.5.11.0	2008.11.24	-
```

Additional information
File size: 59444 bytes
MD5...: 2c96bf8d899b877939ea04f2f750d449
SHA1..: 10fe62be640628edb4ac661902213bb0cde922be

*Добавлено через 1 минуту*

File winsys2.exe received on 11.25.2008 12:18:26 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.24.3	2008.11.25	-
AntiVir	7.9.0.35	2008.11.25	-
Authentium	5.1.0.4	2008.11.25	-
Avast	4.8.1281.0	2008.11.24	-
AVG	8.0.0.199	2008.11.24	-
BitDefender	7.2	2008.11.25	-
CAT-QuickHeal	10.00	2008.11.25	-
ClamAV	0.94.1	2008.11.25	-
DrWeb	4.44.0.09170	2008.11.25	-
eSafe	7.0.17.0	2008.11.24	-
eTrust-Vet	31.6.6227	2008.11.25	-
Ewido	4.0	2008.11.24	-
F-Prot	4.4.4.56	2008.11.24	-
F-Secure	8.0.14332.0	2008.11.25	-
Fortinet	3.117.0.0	2008.11.25	-
GData	19	2008.11.25	-
Ikarus	T3.1.1.45.0	2008.11.25	-
K7AntiVirus	7.10.532	2008.11.24	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2008.11.25	-
McAfee	5444	2008.11.24	-
McAfee+Artemis	5444	2008.11.24	-
Microsoft	1.4104	2008.11.25	-
NOD32	3638	2008.11.25	-
Norman	5.80.02	2008.11.25	-
Panda	9.0.0.4	2008.11.24	Trj/Agent.ISR
PCTools	4.4.2.0	2008.11.24	-
Prevx1	V2	2008.11.25	-
Rising	21.05.12.00	2008.11.25	-
SecureWeb-Gateway	6.7.6	2008.11.25	-
Sophos	4.35.0	2008.11.25	-
Sunbelt	3.1.1823.2	2008.11.22	-
Symantec	10	2008.11.25	-
TheHacker	6.3.1.1.162	2008.11.25	-
TrendMicro	8.700.0.1004	2008.11.25	-
VBA32	None	2008.11.24	-
ViRobot	2008.11.25.1485	2008.11.25	-
VirusBuster	4.5.11.0	2008.11.24	-
```

Additional information
File size: 208896 bytes
MD5...: daee383586db76671c43a83c04e51283

*Добавлено через 2 минуты*

File kdsqm.exe received on 11.25.2008 12:17:28 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.24.3	2008.11.25	-
AntiVir	7.9.0.35	2008.11.25	-
Authentium	5.1.0.4	2008.11.25	W32/Sinowal-based!Maximus
Avast	4.8.1281.0	2008.11.24	Win32:FaDrop
AVG	8.0.0.199	2008.11.24	-
BitDefender	7.2	2008.11.25	-
CAT-QuickHeal	10.00	2008.11.25	(Suspicious) - DNAScan
ClamAV	0.94.1	2008.11.25	-
DrWeb	4.44.0.09170	2008.11.25	-
eSafe	7.0.17.0	2008.11.24	Suspicious File
eTrust-Vet	31.6.6227	2008.11.25	-
Ewido	4.0	2008.11.24	-
F-Prot	4.4.4.56	2008.11.24	W32/Sinowal-based!Maximus
F-Secure	8.0.14332.0	2008.11.25	Suspicious:W32/Malware!Gemini
Fortinet	3.117.0.0	2008.11.25	-
GData	19	2008.11.25	Win32:FaDrop
Ikarus	T3.1.1.45.0	2008.11.25	Trojan.Win32.Alureon
K7AntiVirus	7.10.532	2008.11.24	-
Kaspersky	7.0.0.125	2008.11.25	-
McAfee	5444	2008.11.24	-
McAfee+Artemis	5444	2008.11.24	Generic!Artemis
Microsoft	1.4104	2008.11.25	Trojan:Win32/Alureon.gen
NOD32	3638	2008.11.25	a variant of Win32/Kryptik.BT
Norman	5.80.02	2008.11.25	-
Panda	9.0.0.4	2008.11.24	-
PCTools	4.4.2.0	2008.11.24	-
Prevx1	V2	2008.11.25	-
Rising	21.05.12.00	2008.11.25	-
SecureWeb-Gateway	6.7.6	2008.11.25	-
Sophos	4.35.0	2008.11.25	-
Sunbelt	3.1.1823.2	2008.11.22	-
Symantec	10	2008.11.25	-
TheHacker	6.3.1.1.162	2008.11.25	-
TrendMicro	8.700.0.1004	2008.11.25	-
VBA32	3.12.8.9	2008.11.24	-
ViRobot	2008.11.25.1485	2008.11.25	-
VirusBuster	4.5.11.0	2008.11.24	-
```

Additional information
File size: 75264 bytes
MD5...: 2401ac0314d0dfbbae8b74eae98e1b3f

*Добавлено через 11 минут*

File bodozanu.dll received on 11.25.2008 12:38:52 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.24.3	2008.11.25	-
AntiVir	7.9.0.35	2008.11.25	-
Authentium	5.1.0.4	2008.11.25	-
Avast	4.8.1281.0	2008.11.24	Win32:Trojan-gen {Other}
AVG	8.0.0.199	2008.11.24	Generic11.BERB
BitDefender	7.2	2008.11.25	Trojan.Vundo.FSY
CAT-QuickHeal	10.00	2008.11.25	-
ClamAV	0.94.1	2008.11.25	Trojan.Spy-55283
DrWeb	4.44.0.09170	2008.11.25	Trojan.Virtumod.585
eSafe	7.0.17.0	2008.11.24	Suspicious File
eTrust-Vet	31.6.6227	2008.11.25	-
Ewido	4.0	2008.11.25	-
F-Prot	4.4.4.56	2008.11.24	W32/Virtumonde.AG.gen!Eldorado
F-Secure	8.0.14332.0	2008.11.25	-
Fortinet	3.117.0.0	2008.11.25	-
GData	19	2008.11.25	Trojan.Vundo.FSY
Ikarus	T3.1.1.45.0	2008.11.25	Trojan.Vundo.FSY
K7AntiVirus	7.10.532	2008.11.24	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2008.11.25	-
McAfee	5444	2008.11.24	-
McAfee+Artemis	5444	2008.11.24	-
Microsoft	1.4104	2008.11.25	Trojan:Win32/Vundo.KAM
NOD32	3638	2008.11.25	a variant of Win32/Adware.Virtumonde.NCG
Norman	5.80.02	2008.11.25	W32/Virtumonde.ABGK
Panda	9.0.0.4	2008.11.24	-
PCTools	4.4.2.0	2008.11.24	-
Prevx1	V2	2008.11.25	-
Rising	21.05.12.00	2008.11.25	Trojan.Win32.Undef.rjb
SecureWeb-Gateway	6.7.6	2008.11.25	Win32.Malware.gen!92 (suspicious)
Sophos	4.35.0	2008.11.25	Troj/BHO-HG
Sunbelt	3.1.1823.2	2008.11.22	-
Symantec	10	2008.11.25	Trojan.Vundo
TheHacker	6.3.1.1.162	2008.11.25	-
TrendMicro	8.700.0.1004	2008.11.25	-
VBA32	3.12.8.9	2008.11.24	-
ViRobot	2008.11.25.1485	2008.11.25	Trojan.Win32.PSWIGames.59392.I
VirusBuster	4.5.11.0	2008.11.24	-
```

Additional information
File size: 59392 bytes

----------


## senyak

Файл fun_21243 получен 2008.11.25 16:33:08 (CET)
Текущий статус:    закончено 
Результат: 5/37 (13.52%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.11.24.3	2008.11.25	-
> AntiVir	7.9.0.35	2008.11.25	-
> Authentium	5.1.0.4	2008.11.25	-
> Avast	4.8.1281.0	2008.11.24	-
> *AVG	8.0.0.199	2008.11.25	Crypt.AUA*
> BitDefender	7.2	2008.11.25	-
> CAT-QuickHeal	10.00	2008.11.25	-
> ClamAV	0.94.1	2008.11.25	-
> ...


Дополнительная информация
File size: 77824 bytes
MD5...: 42c1ae4d7b30882c6ba0bddb7b3f44f3
SHA1..: b18e5f4e85faba16c556f79a55c7765f5406fbaa
SHA256: 9869cc465979cf5ea529443d647ad56880ca8cce715f8b5bd7  5943e5d56dbf78
SHA512: 040544eb767f3520c21c75a9e151fef389ff5f169295fdec42  5fb8ef07e35e11
f54c01a54f63bac82fe46a7dd4e092db5524a871fc9ae29ae9  5039ed46fc33a0
ssdeep: 1536:tbDP3wktXejTL6b4VWL5hU9QMpqrB3RatglP+fDcValMn  d:tX3wktujTLkY
WLjKJpaB3ItglgwVaKd
PEiD..: -

----------


## Shu_b

File adsl.exe received on 11.26.2008 08:15:16 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.24.3	2008.11.26	Win-Trojan/Avkiller.17920
AntiVir	7.9.0.35	2008.11.26	-
Authentium	5.1.0.4	2008.11.25	-
Avast	4.8.1281.0	2008.11.25	-
AVG	8.0.0.199	2008.11.25	-
BitDefender	7.2	2008.11.26	-
CAT-QuickHeal	10.00	2008.11.26	-
ClamAV	0.94.1	2008.11.26	-
DrWeb	4.44.0.09170	2008.11.26	MULDROP.Trojan
eSafe	7.0.17.0	2008.11.25	Suspicious File
eTrust-Vet	31.6.6228	2008.11.26	-
Ewido	4.0	2008.11.25	-
F-Prot	4.4.4.56	2008.11.25	-
F-Secure	8.0.14332.0	2008.11.26	Suspicious:W32/Malware!Gemini
Fortinet	3.117.0.0	2008.11.25	-
GData	19	2008.11.26	-
Ikarus	T3.1.1.45.0	2008.11.26	Trojan.Win32.KillAV.ko
K7AntiVirus	7.10.533	2008.11.25	-
Kaspersky	7.0.0.125	2008.11.26	-
McAfee	5445	2008.11.25	-
McAfee+Artemis	5445	2008.11.25	-
Microsoft	1.4104	2008.11.26	-
NOD32	3641	2008.11.26	-
Norman	5.80.02	2008.11.25	-
Panda	9.0.0.4	2008.11.25	Suspicious file
PCTools	4.4.2.0	2008.11.25	-
Prevx1	V2	2008.11.26	-
Rising	21.05.12.00	2008.11.25	-
SecureWeb-Gateway	6.7.6	2008.11.25	-
Sophos	4.35.0	2008.11.25	-
Sunbelt	3.1.1830.2	2008.11.26	-
Symantec	10	2008.11.26	-
TheHacker	6.3.1.1.163	2008.11.25	-
TrendMicro	8.700.0.1004	2008.11.26	PAK_Generic.001
VBA32	3.12.8.9	2008.11.26	Trojan.Win32.KillAV.ko
ViRobot	2008.11.26.1486	2008.11.26	-
VirusBuster	4.5.11.0	2008.11.25	-
```

Additional information
File size: 10240 bytes
MD5...: bab9b4a25a879bd14909df4b21bcda48

*Добавлено через 2 часа 56 минут*

File lsass.exe received on 11.26.2008 11:09:13 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.24.3	2008.11.26	-
AntiVir	7.9.0.35	2008.11.26	-
Authentium	5.1.0.4	2008.11.26	-
Avast	4.8.1281.0	2008.11.25	-
AVG	8.0.0.199	2008.11.25	-
BitDefender	7.2	2008.11.26	-
CAT-QuickHeal	10.00	2008.11.26	-
ClamAV	0.94.1	2008.11.26	-
DrWeb	4.44.0.09170	2008.11.26	-
eSafe	7.0.17.0	2008.11.25	Suspicious File
eTrust-Vet	31.6.6228	2008.11.26	-
Ewido	4.0	2008.11.25	-
F-Prot	4.4.4.56	2008.11.25	-
F-Secure	8.0.14332.0	2008.11.26	-
Fortinet	3.117.0.0	2008.11.26	-
GData	19	2008.11.26	-
Ikarus	T3.1.1.45.0	2008.11.26	Trojan.Win32.Autoit.dt
K7AntiVirus	7.10.533	2008.11.25	-
Kaspersky	7.0.0.125	2008.11.26	-
McAfee	5445	2008.11.25	-
McAfee+Artemis	5445	2008.11.25	-
Microsoft	1.4104	2008.11.26	-
NOD32	3641	2008.11.26	-
Norman	5.80.02	2008.11.25	W32/Agent.JIIR
Panda	9.0.0.4	2008.11.25	W32/Autoit.AB
PCTools	4.4.2.0	2008.11.25	-
Prevx1	V2	2008.11.26	-
Rising	21.05.20.00	2008.11.26	-
SecureWeb-Gateway	6.7.6	2008.11.26	-
Sophos	4.35.0	2008.11.26	Sus/Behav-1011
Sunbelt	3.1.1830.2	2008.11.26	-
Symantec	10	2008.11.26	-
TheHacker	6.3.1.1.163	2008.11.25	-
TrendMicro	8.700.0.1004	2008.11.26	-
VBA32	3.12.8.9	2008.11.26	-
ViRobot	2008.11.26.1486	2008.11.26	-
VirusBuster	4.5.11.0	2008.11.25	-
```

Additional information
File size: 249172 bytes
MD5...: 0a19525f0fdae4376a586f77bf5fcb4d

*Добавлено через 2 часа 29 минут*

File vmi386.sys received on 11.26.2008 13:36:01 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.24.3	2008.11.26	Win-Trojan/Pakes.26784
AntiVir	7.9.0.35	2008.11.26	-
Authentium	5.1.0.4	2008.11.26	-
Avast	4.8.1281.0	2008.11.25	Win32:Trojan-gen {Other}
AVG	8.0.0.199	2008.11.26	Generic12.HRL
BitDefender	7.2	2008.11.26	-
CAT-QuickHeal	10.00	2008.11.26	-
ClamAV	0.94.1	2008.11.26	-
DrWeb	4.44.0.09170	2008.11.26	Trojan.Packed.1228
eSafe	7.0.17.0	2008.11.25	-
eTrust-Vet	31.6.6228	2008.11.26	-
Ewido	4.0	2008.11.26	-
F-Prot	4.4.4.56	2008.11.25	-
F-Secure	8.0.14332.0	2008.11.26	-
Fortinet	3.117.0.0	2008.11.26	-
GData	19	2008.11.26	Win32:Trojan-gen {Other}
Ikarus	T3.1.1.45.0	2008.11.26	-
K7AntiVirus	7.10.533	2008.11.25	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2008.11.26	-
McAfee	5445	2008.11.25	-
McAfee+Artemis	5445	2008.11.25	Generic!Artemis
Microsoft	1.4104	2008.11.26	-
NOD32	3642	2008.11.26	Win32/Agent.AMBG
Norman	5.80.02	2008.11.26	-
Panda	9.0.0.4	2008.11.25	-
PCTools	4.4.2.0	2008.11.26	-
Prevx1	V2	2008.11.26	-
Rising	21.05.22.00	2008.11.26	-
SecureWeb-Gateway	6.7.6	2008.11.26	-
Sophos	4.35.0	2008.11.26	-
Sunbelt	3.1.1830.2	2008.11.26	-
Symantec	10	2008.11.26	Trojan.Dropper
TheHacker	6.3.1.1.163	2008.11.25	-
TrendMicro	8.700.0.1004	2008.11.26	-
VBA32	3.12.8.9	2008.11.26	-
ViRobot	2008.11.26.1487	2008.11.26	Trojan.Win32.Pakes.26784
VirusBuster	4.5.11.0	2008.11.25	-
```

Additional information
File size: 26784 bytes
MD5...: 3006e4d347c5bb5767dab0a99ddeb68f

----------


## Hanson

Файл *winlogon_exe_* получен 2008.11.26 13:56:09 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 9/37 (24.33%)



> Антивирус  	Версия  	Обновление  	Результат
> AhnLab-V3	2008.11.24.3	2008.11.26	-
> *AntiVir	7.9.0.35	2008.11.26	DR/Delphi.Gen*
> Authentium	5.1.0.4	2008.11.26	-
> *Avast	4.8.1281.0	2008.11.26	Win32elf-LMN
> AVG	8.0.0.199	2008.11.26	SHeur2.DTA
> BitDefender	7.2	2008.11.26	Trojan.Dropper.LdPinch.AO*
> CAT-QuickHeal	10.00	2008.11.26	-
> ClamAV	0.94.1	2008.11.26	-
> ...

----------


## Shu_b

File icq5e.dll received on 11.27.2008 07:40:25 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.27.1	2008.11.27	-
AntiVir	7.9.0.35	2008.11.26	-
Authentium	5.1.0.4	2008.11.27	-
Avast	4.8.1281.0	2008.11.27	-
AVG	8.0.0.199	2008.11.27	-
BitDefender	7.2	2008.11.27	-
CAT-QuickHeal	10.00	2008.11.27	-
ClamAV	0.94.1	2008.11.27	-
DrWeb	4.44.0.09170	2008.11.27	-
eSafe	7.0.17.0	2008.11.25	-
eTrust-Vet	31.6.6231	2008.11.27	-
Ewido	4.0	2008.11.26	-
F-Prot	4.4.4.56	2008.11.26	-
F-Secure	8.0.14332.0	2008.11.27	Trojan-Downloader.Win32.Agent.arut
Fortinet	3.117.0.0	2008.11.27	-
GData	19	2008.11.27	-
Ikarus	T3.1.1.45.0	2008.11.27	-
K7AntiVirus	7.10.534	2008.11.26	-
Kaspersky	7.0.0.125	2008.11.27	Trojan-Downloader.Win32.Agent.arut
McAfee	5446	2008.11.26	-
McAfee+Artemis	5446	2008.11.26	-
Microsoft	1.4104	2008.11.27	-
NOD32	3644	2008.11.26	-
Norman	5.80.02	2008.11.26	-
Panda	9.0.0.4	2008.11.27	Suspicious file
PCTools	4.4.2.0	2008.11.26	-
Prevx1	V2	2008.11.27	-
Rising	21.05.30.00	2008.11.27	-
SecureWeb-Gateway	6.7.6	2008.11.26	-
Sophos	4.35.0	2008.11.27	-
Sunbelt	3.1.1830.2	2008.11.26	-
Symantec	10	2008.11.27	-
TheHacker	6.3.1.1.164	2008.11.27	-
TrendMicro	8.700.0.1004	2008.11.27	-
VBA32	3.12.8.9	2008.11.26	-
ViRobot	2008.11.27.1488	2008.11.27	-
VirusBuster	4.5.11.0	2008.11.26	-
```

Additional information
File size: 110592 bytes
MD5...: 0ab70f09b36cd6c329f68f3ff06ec5d5

*Добавлено через 7 часов 53 минуты*

[cut] -false alarm

*Добавлено через 1 минуту*

File msvcrt48.dll received on 11.27.2008 15:37:38 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.27.4	2008.11.27	-
AntiVir	7.9.0.35	2008.11.27	-
Authentium	5.1.0.4	2008.11.27	-
Avast	4.8.1281.0	2008.11.27	-
AVG	8.0.0.199	2008.11.27	PSW.Agent.WGY
BitDefender	7.2	2008.11.27	-
CAT-QuickHeal	10.00	2008.11.27	-
ClamAV	0.94.1	2008.11.27	-
DrWeb	4.44.0.09170	2008.11.27	Trojan.PWS.Webmonier.115
eSafe	7.0.17.0	2008.11.27	-
eTrust-Vet	31.6.6233	2008.11.27	-
Ewido	4.0	2008.11.27	-
F-Prot	4.4.4.56	2008.11.27	-
F-Secure	8.0.14332.0	2008.11.27	Trojan-Spy.Win32.Agent.eyl
Fortinet	3.117.0.0	2008.11.27	Spy/Agent
GData	19	2008.11.27	-
Ikarus	T3.1.1.45.0	2008.11.27	-
K7AntiVirus	7.10.536	2008.11.27	-
Kaspersky	7.0.0.125	2008.11.27	Trojan-Spy.Win32.Agent.eyl
McAfee	5446	2008.11.26	-
McAfee+Artemis	5446	2008.11.26	-
Microsoft	1.4104	2008.11.27	-
NOD32	3645	2008.11.27	-
Norman	5.80.02	2008.11.26	-
Panda	9.0.0.4	2008.11.27	Suspicious file
PCTools	4.4.2.0	2008.11.27	-
Prevx1	V2	2008.11.27	-
Rising	21.05.32.00	2008.11.27	-
SecureWeb-Gateway	6.7.6	2008.11.27	-
Sophos	4.35.0	2008.11.27	-
Sunbelt	3.1.1832.2	2008.11.27	-
Symantec	10	2008.11.27	-
TheHacker	6.3.1.1.164	2008.11.27	-
TrendMicro	8.700.0.1004	2008.11.27	-
VBA32	3.12.8.9	2008.11.27	-
ViRobot	2008.11.27.1489	2008.11.27	-
VirusBuster	4.5.11.0	2008.11.26	-
```

Additional information
File size: 20480 bytes
MD5...: 55d308f64c57e382583eb18757abd535

*Добавлено через 2 минуты*

File fskahuipymcphgo.sys received on 11.27.2008 15:39:36 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.27.4	2008.11.27	-
AntiVir	7.9.0.35	2008.11.27	TR/Rootkit.Gen
Authentium	5.1.0.4	2008.11.27	-
Avast	4.8.1281.0	2008.11.27	Win32:Rootkit-gen
AVG	8.0.0.199	2008.11.27	DDoS.K
BitDefender	7.2	2008.11.27	-
CAT-QuickHeal	10.00	2008.11.27	-
ClamAV	0.94.1	2008.11.27	-
DrWeb	4.44.0.09170	2008.11.27	-
eSafe	7.0.17.0	2008.11.27	-
eTrust-Vet	31.6.6233	2008.11.27	-
Ewido	4.0	2008.11.27	-
F-Prot	4.4.4.56	2008.11.27	-
F-Secure	8.0.14332.0	2008.11.27	-
Fortinet	3.117.0.0	2008.11.27	-
GData	19	2008.11.27	Win32:Rootkit-gen
Ikarus	T3.1.1.45.0	2008.11.27	Backdoor.WinNT.Rustock
K7AntiVirus	7.10.536	2008.11.27	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2008.11.27	-
McAfee	5446	2008.11.26	-
McAfee+Artemis	5446	2008.11.26	Generic!Artemis
Microsoft	1.4104	2008.11.27	Backdoor:WinNT/Rustock.H
NOD32	3645	2008.11.27	-
Norman	5.80.02	2008.11.26	W32/Rootkit.WKA
Panda	9.0.0.4	2008.11.27	-
PCTools	4.4.2.0	2008.11.27	-
Prevx1	V2	2008.11.27	-
Rising	21.05.32.00	2008.11.27	-
SecureWeb-Gateway	6.7.6	2008.11.27	Trojan.Rootkit.Gen
Sophos	4.35.0	2008.11.27	-
Sunbelt	3.1.1832.2	2008.11.27	-
Symantec	10	2008.11.27	-
TheHacker	6.3.1.1.164	2008.11.27	-
TrendMicro	8.700.0.1004	2008.11.27	-
VBA32	3.12.8.9	2008.11.27	-
ViRobot	2008.11.27.1489	2008.11.27	-
VirusBuster	4.5.11.0	2008.11.26	-
```

Additional information
File size: 30848 bytes
MD5...: b0709f0e1517f9a7bf964761c2e47493

----------


## zorro84

Файл ntos.exe получен 2008.11.26 06:16:33 (CET)
Текущий статус: закончено
Результат: 11/37 (29.73%)



```
Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3 	2008.11.24.3 	2008.11.26 	-
AntiVir 	7.9.0.35 	2008.11.25 	DR/Delphi.Gen
Authentium 	5.1.0.4 	2008.11.25 	-
Avast 	4.8.1281.0 	2008.11.25 	Win32:Delf-LMN
AVG 	8.0.0.199 	2008.11.25 	Win32/Heur
BitDefender 	7.2 	2008.11.26 	Trojan.Dropper.LdPinch.AO
CAT-QuickHeal 	10.00 	2008.11.25 	-
ClamAV 	0.94.1 	2008.11.26 	-
DrWeb 	4.44.0.09170 	2008.11.26 	Trojan.PWS.Panda.17
eSafe 	7.0.17.0 	2008.11.25 	-
eTrust-Vet 	31.6.6228 	2008.11.26 	-
Ewido 	4.0 	2008.11.25 	-
F-Prot 	4.4.4.56 	2008.11.25 	-
F-Secure 	8.0.14332.0 	2008.11.26 	Trojan.Win32.Agent.aqpj
Fortinet 	3.117.0.0 	2008.11.25 	-
GData 	19 	2008.11.26 	Trojan.Dropper.LdPinch.AO
Ikarus 	T3.1.1.45.0 	2008.11.26 	Trojan-Dropper.LdPinch
K7AntiVirus 	7.10.533 	2008.11.25 	-
Kaspersky 	7.0.0.125 	2008.11.26 	Trojan.Win32.Agent.aqpj
McAfee 	5445 	2008.11.25 	-
McAfee+Artemis 	5445 	2008.11.25 	-
Microsoft 	1.4104 	2008.11.26 	-
NOD32 	3641 	2008.11.26 	-
Norman 	5.80.02 	2008.11.25 	-
Panda 	9.0.0.4 	2008.11.25 	-
PCTools 	4.4.2.0 	2008.11.25 	-
Prevx1 	V2 	2008.11.26 	-
Rising 	21.05.12.00 	2008.11.25 	-
SecureWeb-Gateway 	6.7.6 	2008.11.25 	Trojan.Dropper.Delphi.Gen
Sophos 	4.35.0 	2008.11.25 	-
Sunbelt 	3.1.1823.2 	2008.11.22 	-
Symantec 	10 	2008.11.26 	Infostealer
TheHacker 	6.3.1.1.163 	2008.11.25 	-
TrendMicro 	8.700.0.1004 	2008.11.26 	-
VBA32 	3.12.8.9 	2008.11.26 	-
ViRobot 	2008.11.26.1486 	2008.11.26 	-
VirusBuster 	4.5.11.0 	2008.11.25 	-
```

Дополнительная информация
File size: 699392 bytes
MD5...: d48bc81b3ad1acd0b4416ddefe1eea09
SHA1..: 51009421c683bad2a2eb6d7dee324c806632cd67

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Shu_b

File msansspc.dll received on 11.28.2008 06:05:23 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.27.4	2008.11.28	-
AntiVir	7.9.0.35	2008.11.27	TR/Agent.aqkz
Authentium	5.1.0.4	2008.11.28	-
Avast	4.8.1281.0	2008.11.27	Win32:Trojan-gen {Other}
AVG	8.0.0.199	2008.11.27	Agent.AMYR
BitDefender	7.2	2008.11.28	-
CAT-QuickHeal	10.00	2008.11.28	Trojan.Agent.aqkz
ClamAV	0.94.1	2008.11.28	-
DrWeb	4.44.0.09170	2008.11.28	Trojan.Botnetlog.1
eSafe	7.0.17.0	2008.11.27	Suspicious File
eTrust-Vet	31.6.6233	2008.11.27	-
Ewido	4.0	2008.11.27	-
F-Prot	4.4.4.56	2008.11.27	-
F-Secure	8.0.14332.0	2008.11.28	-
Fortinet	3.117.0.0	2008.11.27	-
GData	19	2008.11.28	Win32:Trojan-gen {Other}
Ikarus	T3.1.1.45.0	2008.11.28	-
K7AntiVirus	7.10.536	2008.11.27	-
Kaspersky	7.0.0.125	2008.11.28	-
McAfee	5447	2008.11.27	-
McAfee+Artemis	5447	2008.11.27	-
Microsoft	1.4104	2008.11.28	-
NOD32	3647	2008.11.27	-
Norman	5.80.02	2008.11.27	-
Panda	9.0.0.4	2008.11.28	-
PCTools	4.4.2.0	2008.11.27	-
Prevx1	V2	2008.11.28	-
Rising	21.05.40.00	2008.11.28	Trojan.Win32.Undef.tff
SecureWeb-Gateway	6.7.6	2008.11.27	Trojan.Agent.aqkz
Sophos	4.36.0	2008.11.28	-
Sunbelt	3.1.1832.2	2008.11.27	-
Symantec	10	2008.11.28	-
TheHacker	6.3.1.1.166	2008.11.28	-
TrendMicro	8.700.0.1004	2008.11.27	-
VBA32	3.12.8.9	2008.11.27	-
ViRobot	2008.11.27.1489	2008.11.27	-
VirusBuster	4.5.11.0	2008.11.27	-
```

Additional information
File size: 27648 bytes
MD5...: de110803efec6c70e69016f51ed23832

*Добавлено через 1 час 57 минут*

File mdm.exe received on 11.28.2008 08:58:31 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.27.4	2008.11.28	-
AntiVir	7.9.0.35	2008.11.28	-
Authentium	5.1.0.4	2008.11.28	-
Avast	4.8.1281.0	2008.11.27	-
AVG	8.0.0.199	2008.11.27	SHeur2.DRQ
BitDefender	7.2	2008.11.28	-
CAT-QuickHeal	10.00	2008.11.28	Backdoor.IRCBot.gqg
ClamAV	0.94.1	2008.11.28	-
DrWeb	4.44.0.09170	2008.11.28	BackDoor.IRC.Rxbot.26
eSafe	7.0.17.0	2008.11.27	-
eTrust-Vet	31.6.6233	2008.11.27	-
Ewido	4.0	2008.11.27	-
F-Prot	4.4.4.56	2008.11.27	-
Fortinet	3.117.0.0	2008.11.27	W32/IRCBot.GQG!tr.bdr
GData	19	2008.11.28	-
Ikarus	T3.1.1.45.0	2008.11.28	-
K7AntiVirus	7.10.536	2008.11.27	Backdoor.Win32.IRCBot.gqg
Kaspersky	7.0.0.125	2008.11.28	Backdoor.Win32.IRCBot.gqg
McAfee	5447	2008.11.27	-
McAfee+Artemis	5447	2008.11.27	-
Microsoft	1.4104	2008.11.28	-
NOD32	3647	2008.11.27	-
Norman	5.80.02	2008.11.27	-
Panda	9.0.0.4	2008.11.28	-
PCTools	4.4.2.0	2008.11.27	-
Prevx1	V2	2008.11.28	-
Rising	21.05.40.00	2008.11.28	-
SecureWeb-Gateway	6.7.6	2008.11.28	-
Sophos	4.36.0	2008.11.28	-
Sunbelt	3.1.1832.2	2008.11.27	-
Symantec	10	2008.11.28	-
TheHacker	6.3.1.1.166	2008.11.28	-
TrendMicro	8.700.0.1004	2008.11.28	WORM_MAINBOT.MCL
VBA32	3.12.8.9	2008.11.27	-
ViRobot	2008.11.28.1490	2008.11.28	-
VirusBuster	4.5.11.0	2008.11.27	-
```

Additional information
File size: 35840 bytes
MD5...: dbf6bdddfbe8bb6035e9ae885cbf5d04

----------


## Numb

Из раздела "Помогите!":
Файл avz00002.dta получен 2008.11.28 11:06:47 (CET)
(оригинальное имя - C:\Program Files\Microsoft Common\svchost.exe) 


```
AhnLab-V3	2008.11.27.4	2008.11.28	-
AntiVir	7.9.0.35	2008.11.28	-
Authentium	5.1.0.4	2008.11.28	-
Avast	4.8.1281.0	2008.11.27	-
AVG	8.0.0.199	2008.11.27	Win32/Cryptor
BitDefender	7.2	2008.11.28	-
CAT-QuickHeal	10.00	2008.11.28	(Suspicious) - DNAScan
ClamAV	0.94.1	2008.11.28	-
DrWeb	4.44.0.09170	2008.11.28	-
eSafe	7.0.17.0	2008.11.27	-
eTrust-Vet	31.6.6234	2008.11.28	-
Ewido	4.0	2008.11.27	-
F-Prot	4.4.4.56	2008.11.27	-
F-Secure	8.0.14332.0	2008.11.28	-
Fortinet	3.117.0.0	2008.11.28	-
GData	19	2008.11.28	-
Ikarus	T3.1.1.45.0	2008.11.28	-
K7AntiVirus	7.10.536	2008.11.27	-
Kaspersky	7.0.0.125	2008.11.28	-
McAfee	5447	2008.11.27	-
McAfee+Artemis	5447	2008.11.27	-
Microsoft	1.4104	2008.11.28	TrojanDropper:Win32/Emold.C
NOD32	3647	2008.11.27	-
Norman	5.80.02	2008.11.27	-
Panda	9.0.0.4	2008.11.28	-
PCTools	4.4.2.0	2008.11.27	-
Prevx1	V2	2008.11.28	-
Rising	21.05.40.00	2008.11.28	-
SecureWeb-Gateway	6.7.6	2008.11.28	-
Sophos	4.36.0	2008.11.28	Mal/EncPk-GH
Sunbelt	3.1.1832.2	2008.11.27	-
Symantec	10	2008.11.28	-
TheHacker	6.3.1.1.166	2008.11.28	-
TrendMicro	8.700.0.1004	2008.11.28	PAK_Generic.001
VBA32	3.12.8.9	2008.11.27	suspected of Unknown.Win32Virus
ViRobot	2008.11.28.1490	2008.11.28	-
VirusBuster	4.5.11.0	2008.11.27	Worm.Autorun.Gen!Pac.14
```

Дополнительная информация
File size: 28672 bytes
MD5...: b5446b4263b5c3f443bd19f6860bf157
SHA1..: 4e590b3d85ef4e3624915ed8eb28e0aa698ff312

Файл avz00009.dta получен 2008.11.28 11:10:25 (CET)
(оригинальное имя - c:\windows\system32\msmsg.exe)


```
AhnLab-V3	2008.11.28.2	2008.11.28	-
AntiVir	7.9.0.35	2008.11.28	TR/ATRAPS.Gen
Authentium	5.1.0.4	2008.11.28	-
Avast	4.8.1281.0	2008.11.27	-
AVG	8.0.0.199	2008.11.27	-
BitDefender	7.2	2008.11.28	-
CAT-QuickHeal	10.00	2008.11.28	-
ClamAV	0.94.1	2008.11.28	-
DrWeb	4.44.0.09170	2008.11.28	-
eSafe	7.0.17.0	2008.11.27	Suspicious File
eTrust-Vet	31.6.6234	2008.11.28	-
Ewido	4.0	2008.11.27	-
F-Prot	4.4.4.56	2008.11.27	-
F-Secure	8.0.14332.0	2008.11.28	-
Fortinet	3.117.0.0	2008.11.28	-
GData	19	2008.11.28	-
Ikarus	T3.1.1.45.0	2008.11.28	-
K7AntiVirus	7.10.536	2008.11.27	-
Kaspersky	7.0.0.125	2008.11.28	-
McAfee	5447	2008.11.27	-
McAfee+Artemis	5447	2008.11.27	-
Microsoft	1.4104	2008.11.28	Trojan:Win32/Anomaly.gen!A
NOD32	3647	2008.11.27	-
Norman	5.80.02	2008.11.27	-
Panda	9.0.0.4	2008.11.28	-
PCTools	4.4.2.0	2008.11.27	-
Prevx1	V2	2008.11.28	-
Rising	21.05.40.00	2008.11.28	Packer.RyCrypt
SecureWeb-Gateway	6.7.6	2008.11.28	Trojan.ATRAPS.Gen
Sophos	4.36.0	2008.11.28	-
Sunbelt	3.1.1832.2	2008.11.27	-
Symantec	10	2008.11.28	-
TheHacker	6.3.1.1.166	2008.11.28	-
TrendMicro	8.700.0.1004	2008.11.28	Possible_Virus
VBA32	3.12.8.9	2008.11.27	-
ViRobot	2008.11.28.1490	2008.11.28	-
VirusBuster	4.5.11.0	2008.11.27	-
```

Дополнительная информация
File size: 52224 bytes
MD5...: 8e7aa93d943c5022bedeeb7fc3444764
SHA1..: 4a8c3528f304dd96a7884feb7c32908c5e619f91

----------


## Shu_b

File fccyaXqn.dll received on 11.28.2008 13:46:49 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.28.2	2008.11.28	-
AntiVir	7.9.0.36	2008.11.28	-
Authentium	5.1.0.4	2008.11.28	-
Avast	4.8.1281.0	2008.11.27	-
AVG	8.0.0.199	2008.11.27	Vundo.AT
BitDefender	7.2	2008.11.28	Trojan.Vundo.FXR
CAT-QuickHeal	10.00	2008.11.28	-
ClamAV	0.94.1	2008.11.28	-
DrWeb	4.44.0.09170	2008.11.28	-
eSafe	7.0.17.0	2008.11.27	-
eTrust-Vet	31.6.6234	2008.11.28	-
Ewido	4.0	2008.11.28	-
F-Prot	4.4.4.56	2008.11.27	-
Fortinet	3.117.0.0	2008.11.28	-
GData	19	2008.11.28	Trojan.Vundo.FXR
Ikarus	T3.1.1.45.0	2008.11.28	-
K7AntiVirus	7.10.536	2008.11.27	-
Kaspersky	7.0.0.125	2008.11.28	-
McAfee	5447	2008.11.27	-
McAfee+Artemis	5447	2008.11.27	-
Microsoft	1.4104	2008.11.28	Trojan:Win32/Vundo.gen!R
NOD32	3648	2008.11.28	a variant of Win32/Adware.Virtumonde.NDK
Norman	5.80.02	2008.11.28	-
Panda	9.0.0.4	2008.11.28	-
PCTools	4.4.2.0	2008.11.27	-
Prevx1	V2	2008.11.28	-
Rising	21.05.42.00	2008.11.28	-
SecureWeb-Gateway	6.7.6	2008.11.28	Riskware.LooksLike.Fraud.An
Sophos	4.36.0	2008.11.28	-
Sunbelt	3.1.1832.2	2008.11.27	-
Symantec	10	2008.11.28	Packed.Generic.201
TheHacker	6.3.1.1.166	2008.11.28	-
TrendMicro	8.700.0.1004	2008.11.28	-
VBA32	3.12.8.9	2008.11.28	-
ViRobot	2008.11.28.1491	2008.11.28	-
VirusBuster	4.5.11.0	2008.11.27	-
```

Additional information
File size: 246272 bytes
MD5...: 89088dcede745e1f6cb169207ab58fce


File cBSifEvT.dll received on 11.28.2008 13:50:33 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.11.28.2	2008.11.28	-
AntiVir	7.9.0.36	2008.11.28	TR/Vundo.fxr.84
Authentium	5.1.0.4	2008.11.28	-
Avast	4.8.1281.0	2008.11.27	-
AVG	8.0.0.199	2008.11.27	Vundo.AT
BitDefender	7.2	2008.11.28	Trojan.Vundo.FXR
CAT-QuickHeal	10.00	2008.11.28	Win32.Trojan.Vundo.gen!R.3
ClamAV	0.94.1	2008.11.28	-
DrWeb	4.44.0.09170	2008.11.28	Trojan.Siggen.630
eSafe	7.0.17.0	2008.11.27	-
eTrust-Vet	31.6.6234	2008.11.28	-
Ewido	4.0	2008.11.28	-
F-Prot	4.4.4.56	2008.11.27	-
F-Secure	8.0.14332.0	2008.11.28	Trojan:W32/Vundo.BV
Fortinet	3.117.0.0	2008.11.28	PossibleThreat
GData	19	2008.11.28	Trojan.Vundo.FXR
Ikarus	T3.1.1.45.0	2008.11.28	Trojan.Win32.Monder
K7AntiVirus	7.10.536	2008.11.27	-
Kaspersky	7.0.0.125	2008.11.28	-
McAfee	5447	2008.11.27	-
McAfee+Artemis	5447	2008.11.27	Generic!Artemis
Microsoft	1.4104	2008.11.28	Trojan:Win32/Vundo.gen!R
NOD32	3648	2008.11.28	a variant of Win32/Adware.Virtumonde.NDI
Norman	5.80.02	2008.11.28	-
Panda	9.0.0.4	2008.11.28	-
PCTools	4.4.2.0	2008.11.27	-
Prevx1	V2	2008.11.28	-
Rising	21.05.42.00	2008.11.28	-
SecureWeb-Gateway	6.7.6	2008.11.28	Trojan.Vundo.fxr.84
Sophos	4.36.0	2008.11.28	-
Sunbelt	3.1.1832.2	2008.11.27	-
Symantec	10	2008.11.28	Packed.Generic.201
TheHacker	6.3.1.1.166	2008.11.28	-
TrendMicro	8.700.0.1004	2008.11.28	PAK_Generic.001
VBA32	3.12.8.9	2008.11.28	-
ViRobot	2008.11.28.1491	2008.11.28	-
VirusBuster	4.5.11.0	2008.11.27	-
```

Additional information
File size: 37888 bytes
MD5...: 394ce94ae80941b3676eebcc76668561

----------


## Синауридзе Александр

Файл DUpL.exe получен 2008.11.30 01:17:20 (CET)




> AhnLab-V3 2008.11.28.2 2008.11.29 - 
> AntiVir 7.9.0.36 2008.11.29 - 
> Authentium 5.1.0.4 2008.11.29 - 
> Avast 4.8.1281.0 2008.11.29 - 
> AVG 8.0.0.199 2008.11.29 - 
> *BitDefender 7.2 2008.11.30 Trojan.Generic.694784* 
> CAT-QuickHeal 10.00 2008.11.29 - 
> ClamAV 0.94.1 2008.11.29 - 
> DrWeb 4.44.0.09170 2008.11.29 - 
> ...


Дополнительная информация 
File size: 12081 bytes 
MD5...: 0bffe2fb6a7f610fae8914a09bcd2987 
SHA1..: 4a656493a7d0b3f5c3c920ffe58bbc309cbba3d9 
SHA256: 53785632a8650bc766b606ca540c7f97a50d8187de5239233a  0e5089271961e4 
SHA512: 91bdb0623927bbec83e536cd36b8245e4faafc423f78460c74  0864d98a6c774d
0b535d01546b853b496de83c6ac4d4972cb5d678a9f2fcc40e  932bfcd1d519cd

ssdeep: 192:xQRwiZPCP3xGFFkNugr9fUWcTTuU7vWjZqprZvMb6R+Acg  MFSLFBmA:W103x
NuQ8WOTR7OIh6gbLj

PEiD..: - 
TrID..: File type identification
Win16/32 Executable Delphi generic (34.0%)
Generic Win/DOS Executable (32.9%)
DOS Executable Generic (32.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4090a0
timedatestamp.....: 0x47ec6ca2 (Fri Mar 28 03:57:22 200 :Cool: 
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.rdata 0x1000 0x1c41 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x3000 0x4fce 0x2200 7.97 ea7fd029f38a484f214183b938deeffb
.data_ 0x8000 0x1000 0xa00 7.90 88931dcced08016e4ef86ca25f7716e1
.icode 0x9000 0x350 0x400 0.00 d41d8cd98f00b204e9800998ecf8427e
.icode 0xa000 0x2f3 0x400 0.00 d41d8cd98f00b204e9800998ecf8427e

( 0 imports ) 

( 0 exports ) 

CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=0bffe2fb6a7f610fae8914a09bcd2987' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=0bffe2fb6a7f610fae8914a09bcd2987</a>

*Добавлено через 4 минуты*

Файл sxkW.exe получен 2008.11.30 01:30:35 (CET)




> AhnLab-V3 2008.11.28.2 2008.11.29 - 
> *AntiVir 7.9.0.36 2008.11.29 TR/Crypt.XPACK.Gen* 
> Authentium 5.1.0.4 2008.11.30 - 
> Avast 4.8.1281.0 2008.11.29 - 
> *AVG 8.0.0.199 2008.11.29 Win32/Heur* 
> BitDefender 7.2 2008.11.30 - 
> CAT-QuickHeal 10.00 2008.11.29 - 
> ClamAV 0.94.1 2008.11.29 - 
> DrWeb 4.44.0.09170 2008.11.29 - 
> ...


Дополнительная информация 
File size: 14208 bytes 
MD5...: f356940144bbc710d7e57cbf2af36157 
SHA1..: 36baafce982c7cfa0ca7617f3909d537936a10b6 
SHA256: c64ddc5e2a7ddb9064cd8819db102db117ec57130ebe985315  798b4101017599 
SHA512: 1092fd043a1e6e52371a0ca19545f481fda144369cfc8433b0  7f8a8d968851e5
57bb10cac2e6b6b4418c3a5978b3d247671ecd0af5aef59024  df830b66ad1ed7

ssdeep: 384:KcUIcPPOZdRxe2ri1nqAiiMs3t4S2LTNLy:KcUIU+HrGii  H367LR

PEiD..: - 
TrID..: File type identification
Win16/32 Executable Delphi generic (34.0%)
Generic Win/DOS Executable (32.9%)
DOS Executable Generic (32.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4090dc
timedatestamp.....: 0x47c10656 (Sun Feb 24 05:53:26 200 :Cool: 
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.code 0x1000 0x1b24 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.share 0x3000 0x47db 0x2200 7.93 de390b5b79bc2344f57f0a4bea25aebb
.rsrc 0x8000 0x1000 0xa00 7.60 005b62737adabeac198f7d9663c09c29
.masm 0x9000 0x392 0x400 7.21 f469f31688506a1d5934baeddf0a428b
.data_ 0xa000 0x363 0x400 4.77 80b5ab88155861b55a37a077c8c6df10

( 1 imports ) 
> user32.dll: GrayStringA, LoadKeyboardLayoutW, EnumDisplaySettingsExW, SetWindowsHookExA, CreateDialogIndirectParamA

( 0 exports ) 

CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f356940144bbc710d7e57cbf2af36157' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f356940144bbc710d7e57cbf2af36157</a>

*Добавлено через 2 часа 48 минут*




> Здравствуйте,
> 
> sxkW.exe_ - Email-Worm.Win32.Zhelatin.aia
> 
> Детектирование файла будет добавлено в следующее обновление.
> 
> Пожалуйста, при ответе включайте переписку целиком.
> Ответ актуален для последних баз с источников обновлений.
> 
> ...

----------


## Shu_b

итого

----------


## Shu_b

File nttest.sys received on 12.01.2008 15:38:12 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.1.3	2008.12.01	-
AntiVir	7.9.0.36	2008.12.01	-
Authentium	5.1.0.4	2008.12.01	-
Avast	4.8.1281.0	2008.12.01	-
AVG	8.0.0.199	2008.12.01	-
BitDefender	7.2	2008.12.01	-
CAT-QuickHeal	10.00	2008.12.01	-
ClamAV	0.94.1	2008.12.01	-
DrWeb	4.44.0.09170	2008.12.01	-
eSafe	7.0.17.0	2008.11.30	-
eTrust-Vet	31.6.6234	2008.11.28	-
Ewido	4.0	2008.12.01	-
F-Prot	4.4.4.56	2008.11.30	-
F-Secure	8.0.14332.0	2008.12.01	-
Fortinet	3.117.0.0	2008.11.30	-
GData	19	2008.12.01	-
Ikarus	T3.1.1.45.0	2008.12.01	-
K7AntiVirus	7.10.539	2008.12.01	-
Kaspersky	7.0.0.125	2008.12.01	-
McAfee	5450	2008.11.30	-
McAfee+Artemis	5450	2008.11.30	-
Microsoft	1.4104	2008.12.01	-
NOD32	3653	2008.12.01	Win32/SpamTool.Agent.NBF
Norman	5.80.02	2008.12.01	-
Panda	9.0.0.4	2008.12.01	-
PCTools	4.4.2.0	2008.12.01	-
Prevx1	V2	2008.12.01	-
Rising	21.06.02.00	2008.12.01	-
SecureWeb-Gateway	6.7.6	2008.12.01	-
Sophos	4.36.0	2008.12.01	-
Sunbelt	3.1.1832.2	2008.12.01	-
Symantec	10	2008.12.01	-
TheHacker	6.3.1.1.169	2008.11.29	-
TrendMicro	8.700.0.1004	2008.12.01	-
VBA32	3.12.8.9	2008.12.01	-
ViRobot	2008.12.1.1494	2008.12.01	-
VirusBuster	4.5.11.0	2008.11.30	-
```

Additional information
File size: 33280 bytes
MD5...: ff07e4d14fcef9dabd1685ddf67d0974

----------


## Shu_b

File explorer.ex_ received on 12.02.2008 07:38:15 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.2.0	2008.12.02	-
AntiVir	7.9.0.36	2008.12.01	-
Authentium	5.1.0.4	2008.12.02	-
Avast	4.8.1281.0	2008.12.01	-
AVG	8.0.0.199	2008.12.02	Win32/Small.DO
BitDefender	7.2	2008.12.02	Trojan.Inject.HP
CAT-QuickHeal	10.00	2008.12.02	-
ClamAV	0.94.1	2008.12.02	-
DrWeb	4.44.0.09170	2008.12.02	-
eSafe	7.0.17.0	2008.11.30	-
eTrust-Vet	31.6.6238	2008.12.02	-
Ewido	4.0	2008.12.01	-
F-Prot	4.4.4.56	2008.12.01	-
F-Secure	8.0.14332.0	2008.12.02	W32/Afgan.C
Fortinet	3.117.0.0	2008.12.02	-
GData	19	2008.12.02	Trojan.Inject.HP
Ikarus	T3.1.1.45.0	2008.12.02	-
K7AntiVirus	7.10.539	2008.12.01	-
Kaspersky	7.0.0.125	2008.12.02	Heur.Infector
McAfee	5451	2008.12.01	-
McAfee+Artemis	5451	2008.12.01	-
Microsoft	1.4104	2008.12.02	-
NOD32	3656	2008.12.02	a variant of Win32/Afgan
Norman	5.80.02	2008.12.01	W32/Afgan.C
Panda	9.0.0.4	2008.12.02	-
PCTools	4.4.2.0	2008.12.01	-
Prevx1	V2	2008.12.02	-
Rising	21.06.10.00	2008.12.02	-
SecureWeb-Gateway	6.7.6	2008.12.01	Win32.Malware.gen!84 (suspicious)
Sophos	4.36.0	2008.12.02	-
Sunbelt	3.1.1832.2	2008.12.01	-
Symantec	10	2008.12.02	-
TheHacker	6.3.1.2.171	2008.12.02	-
TrendMicro	8.700.0.1004	2008.12.02	-
VBA32	3.12.8.9	2008.12.01	-
ViRobot	2008.12.2.1495	2008.12.02	-
VirusBuster	4.5.11.0	2008.12.01	-
```

Additional information
File size: 1056768 bytes
MD5...: bdefbce8919f5b8dffe487942140fa11

*Добавлено через 59 минут*

File ethxttap.sys ethsqcxl.sys received on 12.02.2008 09:13:38 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.2.0	2008.12.02	-
AntiVir	7.9.0.36	2008.12.02	TR/Rootkit.Gen
Authentium	5.1.0.4	2008.12.02	-
Avast	4.8.1281.0	2008.12.01	-
AVG	8.0.0.199	2008.12.02	Win32/Rustock.G
BitDefender	7.2	2008.12.02	-
CAT-QuickHeal	10.00	2008.12.02	-
ClamAV	0.94.1	2008.12.02	-
DrWeb	4.44.0.09170	2008.12.02	-
eSafe	7.0.17.0	2008.11.30	-
eTrust-Vet	31.6.6238	2008.12.02	-
Ewido	4.0	2008.12.01	-
F-Prot	4.4.4.56	2008.12.01	-
F-Secure	8.0.14332.0	2008.12.02	-
Fortinet	3.117.0.0	2008.12.02	-
GData	19	2008.12.02	-
Ikarus	T3.1.1.45.0	2008.12.02	-
K7AntiVirus	7.10.539	2008.12.01	-
Kaspersky	7.0.0.125	2008.12.02	-
McAfee	5451	2008.12.01	-
McAfee+Artemis	5451	2008.12.01	-
Microsoft	1.4104	2008.12.02	Spammer:Win32/Rlsloup.B
NOD32	3656	2008.12.02	-
Norman	5.80.02	2008.12.01	-
Panda	9.0.0.4	2008.12.02	-
PCTools	4.4.2.0	2008.12.01	-
Prevx1	V2	2008.12.02	-
Rising	21.06.10.00	2008.12.02	-
SecureWeb-Gateway	6.7.6	2008.12.02	Trojan.Rootkit.Gen
Sophos	4.36.0	2008.12.02	-
Sunbelt	3.1.1832.2	2008.12.01	-
Symantec	10	2008.12.02	-
TheHacker	6.3.1.2.171	2008.12.02	-
TrendMicro	8.700.0.1004	2008.12.02	-
VBA32	3.12.8.9	2008.12.01	-
ViRobot	2008.12.2.1495	2008.12.02	-
VirusBuster	4.5.11.0	2008.12.01	-
```

Additional information
File size: 135232 bytes
MD5...: 2690ad3b314f9e94d47356171889af67

----------


## Hanson

Файл *avz00003.dta(vmnetx86.sys)* получен 2008.12.02 09:13:08 (CET)
Текущий статус:закончено
Результат: 5/37 (13.52%)



> Антивирус  	Версия  	Обновление  	Результат
> AhnLab-V3	2008.12.2.0	2008.12.02	-
> AntiVir	7.9.0.36	2008.12.02	-
> Authentium	5.1.0.4	2008.12.02	-
> Avast	4.8.1281.0	2008.12.01	-
> AVG	8.0.0.199	2008.12.02	-
> BitDefender	7.2	2008.12.02	-
> CAT-QuickHeal	10.00	2008.12.02	-
> ClamAV	0.94.1	2008.12.02	-
> ...


ответ Каспера, через 2 часа после отправки файла



> Здравствуйте,
> 
> avz00003.dta - Rootkit.Win32.KernelBot.dn
> 
> Детектирование файла будет добавлено в следующее обновление.


др веб ответил через 4 часа,


> Trojan.NtRootKit.2400


больше никто пока неответил

----------


## Shu_b

File Microsoft Common\wuauclt.exe received on 12.02.2008 12:41:26 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.2.2	2008.12.02	-
AntiVir	7.9.0.36	2008.12.02	-
Authentium	5.1.0.4	2008.12.02	-
Avast	4.8.1281.0	2008.12.01	-
AVG	8.0.0.199	2008.12.02	Win32/Heur
BitDefender	7.2	2008.12.02	Trojan.Generic.1023521
CAT-QuickHeal	10.00	2008.12.02	(Suspicious) - DNAScan
ClamAV	0.94.1	2008.12.02	-
DrWeb	4.44.0.09170	2008.12.02	-
eSafe	7.0.17.0	2008.11.30	Suspicious File
eTrust-Vet	31.6.6238	2008.12.02	-
Ewido	4.0	2008.12.01	-
F-Prot	4.4.4.56	2008.12.01	-
Fortinet	3.117.0.0	2008.12.02	-
GData	19	2008.12.02	Trojan.Generic.1023521
Ikarus	T3.1.1.45.0	2008.12.02	-
K7AntiVirus	7.10.539	2008.12.01	-
Kaspersky	7.0.0.125	2008.12.02	-
McAfee	5451	2008.12.01	New Malware.ix
McAfee+Artemis	5451	2008.12.01	New Malware.ix
Microsoft	1.4104	2008.12.02	-
NOD32	3657	2008.12.02	-
Norman	5.80.02	2008.12.01	-
Panda	9.0.0.4	2008.12.02	-
PCTools	4.4.2.0	2008.12.01	-
Rising	21.06.12.00	2008.12.02	-
SecureWeb-Gateway	6.7.6	2008.12.02	Virus.Win32.FileInfector.gen (suspicious)
Sophos	4.36.0	2008.12.02	Mal/EncPk-FC
Sunbelt	3.1.1832.2	2008.12.01	-
Symantec	10	2008.12.02	-
TheHacker	6.3.1.2.171	2008.12.02	-
TrendMicro	8.700.0.1004	2008.12.02	-
VBA32	3.12.8.9	2008.12.01	suspected of Malware-Cryptor.Win32.General.3
ViRobot	2008.12.2.1496	2008.12.02	-
VirusBuster	4.5.11.0	2008.12.01	-
```

Additional information
File size: 24576 bytes
MD5...: 23801a0d48390720d217adba2fe6f9fc

*Добавлено через 50 минут*

File kdmpq.exe received on 12.02.2008 13:24:41 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.2.2	2008.12.02	-
AntiVir	7.9.0.36	2008.12.02	-
Authentium	5.1.0.4	2008.12.02	W32/Sinowal-based!Maximus
Avast	4.8.1281.0	2008.12.01	Win32:FaDrop
AVG	8.0.0.199	2008.12.02	-
BitDefender	7.2	2008.12.02	-
CAT-QuickHeal	10.00	2008.12.02	(Suspicious) - DNAScan
ClamAV	0.94.1	2008.12.02	-
DrWeb	4.44.0.09170	2008.12.02	-
eSafe	7.0.17.0	2008.11.30	Suspicious File
eTrust-Vet	31.6.6238	2008.12.02	-
Ewido	4.0	2008.12.01	-
F-Prot	4.4.4.56	2008.12.01	W32/Sinowal-based!Maximus
F-Secure	8.0.14332.0	2008.12.02	Suspicious:W32/Malware!Gemini
Fortinet	3.117.0.0	2008.12.02	-
GData	19	2008.12.02	Win32:FaDrop
Ikarus	T3.1.1.45.0	2008.12.02	-
K7AntiVirus	7.10.539	2008.12.01	-
Kaspersky	7.0.0.125	2008.12.02	-
McAfee	5451	2008.12.01	-
McAfee+Artemis	5451	2008.12.01	-
Microsoft	1.4104	2008.12.02	Trojan:Win32/Alureon.gen
NOD32	3657	2008.12.02	a variant of Win32/Kryptik.BT
Norman	5.80.02	2008.12.01	-
Panda	9.0.0.4	2008.12.02	-
PCTools	4.4.2.0	2008.12.01	-
Prevx1	V2	2008.12.02	-
Rising	21.06.12.00	2008.12.02	-
SecureWeb-Gateway	6.7.6	2008.12.02	-
Sophos	4.36.0	2008.12.02	-
Sunbelt	3.1.1832.2	2008.12.01	-
Symantec	10	2008.12.02	-
TheHacker	6.3.1.2.171	2008.12.02	-
TrendMicro	8.700.0.1004	2008.12.02	-
VBA32	3.12.8.9	2008.12.01	-
ViRobot	2008.12.2.1496	2008.12.02	-
VirusBuster	4.5.11.0	2008.12.01	-
```

Additional information
File size: 76800 bytes
MD5...: 41b8e54b145f0b509870b2c91756d5b7

*Добавлено через 32 минуты*

File autorun.inf\sgucjl.exe received on 12.02.2008 14:02:45 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.2.2	2008.12.02	-
AntiVir	7.9.0.36	2008.12.02	-
Authentium	5.1.0.4	2008.12.02	-
Avast	4.8.1281.0	2008.12.01	Win32:Trojan-gen {Other}
AVG	8.0.0.199	2008.12.02	-
BitDefender	7.2	2008.12.02	-
CAT-QuickHeal	10.00	2008.12.02	-
ClamAV	0.94.1	2008.12.02	-
DrWeb	4.44.0.09170	2008.12.02	-
eSafe	7.0.17.0	2008.11.30	Suspicious File
eTrust-Vet	31.6.6238	2008.12.02	-
Ewido	4.0	2008.12.01	-
F-Prot	4.4.4.56	2008.12.01	-
F-Secure	8.0.14332.0	2008.12.02	-
Fortinet	3.117.0.0	2008.12.02	-
GData	19	2008.12.02	Win32:Trojan-gen {Other}
Ikarus	T3.1.1.45.0	2008.12.02	-
K7AntiVirus	7.10.539	2008.12.01	-
Kaspersky	7.0.0.125	2008.12.02	-
McAfee	5451	2008.12.01	-
McAfee+Artemis	5451	2008.12.01	-
Microsoft	1.4104	2008.12.02	-
NOD32	3657	2008.12.02	Win32/Packed.Autoit.Gen
Norman	5.80.02	2008.12.01	-
Panda	9.0.0.4	2008.12.02	-
PCTools	4.4.2.0	2008.12.02	-
Prevx1	V2	2008.12.02	-
Rising	21.06.12.00	2008.12.02	-
SecureWeb-Gateway	6.7.6	2008.12.02	-
Sophos	4.36.0	2008.12.02	-
Sunbelt	3.1.1832.2	2008.12.01	-
Symantec	10	2008.12.02	-
TheHacker	6.3.1.2.171	2008.12.02	-
TrendMicro	8.700.0.1004	2008.12.02	-
VBA32	3.12.8.9	2008.12.01	-
ViRobot	2008.12.2.1496	2008.12.02	-
VirusBuster	4.5.11.0	2008.12.01	-
```

Additional information
File size: 484488 bytes
MD5...: 11ba1cec8e6f3c7a6d064f0c53bc4510

*Добавлено через 5 минут*

File kavo0.dll received on 12.02.2008 14:06:32 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.2.2	2008.12.02	-
AntiVir	7.9.0.36	2008.12.02	-
Authentium	5.1.0.4	2008.12.02	-
Avast	4.8.1281.0	2008.12.01	-
AVG	8.0.0.199	2008.12.02	Win32/Heur
BitDefender	7.2	2008.12.02	-
CAT-QuickHeal	10.00	2008.12.02	-
ClamAV	0.94.1	2008.12.02	-
DrWeb	4.44.0.09170	2008.12.02	-
eSafe	7.0.17.0	2008.11.30	Suspicious File
eTrust-Vet	31.6.6238	2008.12.02	-
Ewido	4.0	2008.12.02	-
F-Prot	4.4.4.56	2008.12.01	-
F-Secure	8.0.14332.0	2008.12.02	-
Fortinet	3.117.0.0	2008.12.02	-
GData	19	2008.12.02	Packer.Malware.NSAnti.1
Ikarus	T3.1.1.45.0	2008.12.02	-
K7AntiVirus	7.10.539	2008.12.01	-
Kaspersky	7.0.0.125	2008.12.02	-
McAfee	5451	2008.12.01	-
McAfee+Artemis	5451	2008.12.01	Generic!Artemis
Microsoft	1.4104	2008.12.02	PWS:Win32/Frethog.D
NOD32	3657	2008.12.02	-
Norman	5.80.02	2008.12.01	-
Panda	9.0.0.4	2008.12.02	Suspicious file
PCTools	4.4.2.0	2008.12.02	-
Prevx1	V2	2008.12.02	-
Rising	21.06.12.00	2008.12.02	-
SecureWeb-Gateway	6.7.6	2008.12.02	Virus.Win32.FileInfector.gen!84 (suspicious)
Sophos	4.36.0	2008.12.02	Troj/Virtum-Gen
Sunbelt	3.1.1832.2	2008.12.01	-
Symantec	10	2008.12.02	-
TheHacker	6.3.1.2.171	2008.12.02	-
TrendMicro	8.700.0.1004	2008.12.02	-
VBA32	3.12.8.9	2008.12.01	-
ViRobot	2008.12.2.1496	2008.12.02	-
VirusBuster	4.5.11.0	2008.12.01	-
```

Additional information
File size: 147456 bytes
MD5...: e3cefe9cf6bf9400fec3912a24dfae7b


File autorun.inf \eeqt.exe received on 12.02.2008 14:06:45 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.2.2	2008.12.02	-
AntiVir	7.9.0.36	2008.12.02	-
Authentium	5.1.0.4	2008.12.02	-
Avast	4.8.1281.0	2008.12.01	-
AVG	8.0.0.199	2008.12.02	PSW.OnlineGames_r.K
BitDefender	7.2	2008.12.02	-
CAT-QuickHeal	10.00	2008.12.02	(Suspicious) - DNAScan
ClamAV	0.94.1	2008.12.02	-
DrWeb	4.44.0.09170	2008.12.02	-
eSafe	7.0.17.0	2008.11.30	Suspicious File
eTrust-Vet	31.6.6238	2008.12.02	-
Ewido	4.0	2008.12.02	-
F-Prot	4.4.4.56	2008.12.01	-
Fortinet	3.117.0.0	2008.12.02	-
GData	19	2008.12.02	Packer.Malware.NSAnti.1
Ikarus	T3.1.1.45.0	2008.12.02	-
K7AntiVirus	7.10.539	2008.12.01	-
Kaspersky	7.0.0.125	2008.12.02	-
McAfee	5451	2008.12.01	New Malware.bx
McAfee+Artemis	5451	2008.12.01	New Malware.bx
Microsoft	1.4104	2008.12.02	PWS:Win32/Frethog.AJ
NOD32	3657	2008.12.02	-
Norman	5.80.02	2008.12.01	-
Panda	9.0.0.4	2008.12.02	-
PCTools	4.4.2.0	2008.12.02	-
Prevx1	V2	2008.12.02	-
Rising	21.06.12.00	2008.12.02	-
SecureWeb-Gateway	6.7.6	2008.12.02	Trojan.Crypt.LooksLike.XPACK
Sophos	4.36.0	2008.12.02	-
Sunbelt	3.1.1832.2	2008.12.01	-
Symantec	10	2008.12.02	-
TheHacker	6.3.1.2.171	2008.12.02	-
TrendMicro	8.700.0.1004	2008.12.02	-
VBA32	3.12.8.9	2008.12.01	-
ViRobot	2008.12.2.1496	2008.12.02	-
VirusBuster	4.5.11.0	2008.12.01	-
```

Additional information
File size: 109788 bytes
MD5...: fc7f4c670fad604211bf890a70365d6b

----------


## Shu_b

File \Temp\init.exe received on 12.05.2008 12:01:28 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.5.0	2008.12.05	-
AntiVir	7.9.0.41	2008.12.05	-
Authentium	5.1.0.4	2008.12.05	-
Avast	4.8.1281.0	2008.12.04	Win32:Fabot
AVG	8.0.0.199	2008.12.05	-
BitDefender	7.2	2008.12.05	-
CAT-QuickHeal	10.00	2008.12.05	(Suspicious) - DNAScan
ClamAV	0.94.1	2008.12.05	-
Comodo	682	2008.12.04	-
DrWeb	4.44.0.09170	2008.12.05	-
eSafe	7.0.17.0	2008.12.04	-
eTrust-Vet	31.6.6243	2008.12.04	-
Ewido	4.0	2008.12.04	-
F-Prot	4.4.4.56	2008.12.04	-
F-Secure	8.0.14332.0	2008.12.05	-
Fortinet	3.117.0.0	2008.12.05	-
GData	19	2008.12.05	Win32:Fabot
Ikarus	T3.1.1.45.0	2008.12.05	-
K7AntiVirus	7.10.543	2008.12.04	-
Kaspersky	7.0.0.125	2008.12.05	-
McAfee	5454	2008.12.04	-
McAfee+Artemis	5454	2008.12.04	-
Microsoft	1.4205	2008.12.05	-
NOD32	3666	2008.12.05	-
Norman	5.80.02	2008.12.04	-
Panda	9.0.0.4	2008.12.04	-
PCTools	4.4.2.0	2008.12.04	-
Prevx1	V2	2008.12.05	-
Rising	21.06.42.00	2008.12.05	-
SecureWeb-Gateway	6.7.6	2008.12.05	-
Sophos	4.36.0	2008.12.05	-
Sunbelt	3.1.1832.2	2008.12.01	-
Symantec	10	2008.12.05	-
TheHacker	6.3.1.2.176	2008.12.05	-
TrendMicro	8.700.0.1004	2008.12.05	-
VBA32	3.12.8.10	2008.12.05	-
ViRobot	2008.12.5.1502	2008.12.05	-
VirusBuster	4.5.11.0	2008.12.04	-
```

Additional information
File size: 36864 bytes
MD5...: 592ee0ae2fce5633e5b37186453e79b1

*Добавлено через 1 минуту*

File services.exe received on 12.05.2008 12:04:15 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.5.0	2008.12.05	-
AntiVir	7.9.0.41	2008.12.05	TR/Drop.SQH.31
Authentium	5.1.0.4	2008.12.05	-
Avast	4.8.1281.0	2008.12.04	Win32:Fabot
AVG	8.0.0.199	2008.12.05	-
BitDefender	7.2	2008.12.05	Trojan.Dropper.SQH
CAT-QuickHeal	10.00	2008.12.05	(Suspicious) - DNAScan
ClamAV	0.94.1	2008.12.05	-
Comodo	682	2008.12.04	-
DrWeb	4.44.0.09170	2008.12.05	-
eSafe	7.0.17.0	2008.12.04	-
eTrust-Vet	31.6.6243	2008.12.04	-
Ewido	4.0	2008.12.04	-
F-Prot	4.4.4.56	2008.12.04	-
F-Secure	8.0.14332.0	2008.12.05	-
Fortinet	3.117.0.0	2008.12.05	-
GData	19	2008.12.05	Trojan.Dropper.SQH
Ikarus	T3.1.1.45.0	2008.12.05	-
K7AntiVirus	7.10.543	2008.12.04	-
Kaspersky	7.0.0.125	2008.12.05	-
McAfee	5454	2008.12.04	-
McAfee+Artemis	5454	2008.12.04	-
Microsoft	1.4205	2008.12.05	-
NOD32	3666	2008.12.05	-
Norman	5.80.02	2008.12.04	-
Panda	9.0.0.4	2008.12.04	-
PCTools	4.4.2.0	2008.12.04	-
Prevx1	V2	2008.12.05	-
Rising	21.06.42.00	2008.12.05	-
SecureWeb-Gateway	6.7.6	2008.12.05	Trojan.Drop.SQH.31
Sophos	4.36.0	2008.12.05	-
Sunbelt	3.1.1832.2	2008.12.01	-
Symantec	10	2008.12.05	-
TheHacker	6.3.1.2.176	2008.12.05	-
TrendMicro	8.700.0.1004	2008.12.05	-
VBA32	3.12.8.10	2008.12.05	-
ViRobot	2008.12.5.1502	2008.12.05	-
VirusBuster	4.5.11.0	2008.12.04	-
```

Additional information
File size: 43008 bytes
MD5...: dc03a966df53d8bba045895a11a18957

*Добавлено через 1 час 52 минуты*

File runsql.exe svzip.exe received on 12.05.2008 13:49:29 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.5.0	2008.12.05	-
AntiVir	7.9.0.41	2008.12.05	TR/Dropper.Gen
Authentium	5.1.0.4	2008.12.05	-
Avast	4.8.1281.0	2008.12.04	Win32:Lighty-I
AVG	8.0.0.199	2008.12.05	Win32/Heur
BitDefender	7.2	2008.12.05	-
CAT-QuickHeal	10.00	2008.12.05	-
ClamAV	0.94.1	2008.12.05	-
Comodo	682	2008.12.04	-
DrWeb	4.44.0.09170	2008.12.05	-
eSafe	7.0.17.0	2008.12.04	-
eTrust-Vet	31.6.6243	2008.12.04	-
Ewido	4.0	2008.12.05	-
F-Prot	4.4.4.56	2008.12.04	-
F-Secure	8.0.14332.0	2008.12.05	-
Fortinet	3.117.0.0	2008.12.05	-
GData	19	2008.12.05	Win32:Lighty-I
Ikarus	T3.1.1.45.0	2008.12.05	-
K7AntiVirus	7.10.543	2008.12.04	-
Kaspersky	7.0.0.125	2008.12.05	-
McAfee	5454	2008.12.04	Olmarik
McAfee+Artemis	5454	2008.12.04	Olmarik
Microsoft	1.4205	2008.12.05	TrojanDownloader:Win32/Renos.FJ
NOD32	3666	2008.12.05	a variant of Win32/Kryptik.CM
Norman	5.80.02	2008.12.05	-
Panda	9.0.0.4	2008.12.05	-
PCTools	4.4.2.0	2008.12.05	-
Prevx1	V2	2008.12.05	Cloaked Malware
Rising	21.06.43.00	2008.12.05	-
SecureWeb-Gateway	6.7.6	2008.12.05	Trojan.Dropper.Gen
Sophos	4.36.0	2008.12.05	-
Sunbelt	3.1.1832.2	2008.12.01	-
Symantec	10	2008.12.05	Trojan.Fakeavalert
TheHacker	6.3.1.2.176	2008.12.05	-
TrendMicro	8.700.0.1004	2008.12.05	-
VBA32	3.12.8.10	2008.12.05	-
ViRobot	2008.12.5.1502	2008.12.05	-
VirusBuster	4.5.11.0	2008.12.04	Trojan.FakeAlert.Gen!Pac.3
```

Additional information
File size: 279040 bytes
MD5...: 979c3771126466704cc8ca49bb8bd4ec

----------


## Groft

Файл tmp1.tmp получен 2008.12.07 21:13:51 (CET)
Текущий статус:    закончено 
Результат: 9/38 (23.69%) 
 Форматированные 
Печать результатов  

```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.12.6.0	2008.12.06	-
AntiVir	7.9.0.42	2008.12.07	-
Authentium	5.1.0.4	2008.12.06	-
Avast	4.8.1281.0	2008.12.06	Win32:Trojan-gen {Other}
AVG	8.0.0.199	2008.12.06	Downloader.Generic7.AXDR
BitDefender	7.2	2008.12.07	Trojan.Downloader.ConHook.BK
CAT-QuickHeal	10.00	2008.12.06	TrojanDownloader.Cavitate.e
ClamAV	0.94.1	2008.12.07	-
Comodo	698	2008.12.06	-
DrWeb	4.44.0.09170	2008.12.07	-
eSafe	7.0.17.0	2008.12.07	-
eTrust-Vet	31.6.6246	2008.12.05	-
Ewido	4.0	2008.12.07	-
F-Prot	4.4.4.56	2008.12.04	-
F-Secure	8.0.14332.0	2008.12.07	-
Fortinet	3.117.0.0	2008.12.07	-
GData	19	2008.12.07	Trojan.Downloader.ConHook.BK
Ikarus	T3.1.1.45.0	2008.12.07	Trojan-Downloader.Win32.Injecter
K7AntiVirus	7.10.547	2008.12.06	-
Kaspersky	7.0.0.125	2008.12.07	-
McAfee	5456	2008.12.06	-
McAfee+Artemis	5456	2008.12.06	-
Microsoft	1.4205	2008.12.07	TrojanDownloader:Win32/Cavitate.gen!E
NOD32	3668	2008.12.06	probably a variant of Win32/TrojanDownloader.Agent.NXY
Norman	5.80.02	2008.12.05	-
Panda	9.0.0.4	2008.12.07	-
PCTools	4.4.2.0	2008.12.06	-
Prevx1	V2	2008.12.07	-
Rising	21.06.62.00	2008.12.07	-
SecureWeb-Gateway	6.7.6	2008.12.07	-
Sophos	4.36.0	2008.12.07	-
Sunbelt	3.1.1832.2	2008.12.01	-
Symantec	10	2008.12.07	-
TheHacker	6.3.1.2.179	2008.12.06	-
TrendMicro	8.700.0.1004	2008.12.05	-
VBA32	3.12.8.10	2008.12.07	suspected of Downloader.Small.48
ViRobot	2008.12.6.1504	2008.12.06	-
VirusBuster	4.5.11.0	2008.12.05	-
```

Дополнительная информация
File size: 34304 bytes
MD5...: d7688fb077e20b86aa73754a52521038
http://www.virustotal.com/ru/analisi...817575ac7b18ce

----------


## ISO

Очередной порноинформер
File glwlib.dll received on 12.08.2008 16:31:07 (CET)
        Result: 7/38 (18.43%)



```
Antivirus             Version             Last Update             Result                 AhnLab-V32008.12.6.02008.12.06-
AntiVir7.9.0.422008.12.08-
Authentium5.1.0.42008.12.08-
Avast4.8.1281.02008.12.08Win32:Hexzone-U
AVG8.0.0.1992008.12.07Adload_r.FF
BitDefender7.22008.12.07-
CAT-QuickHeal10.002008.12.08-
ClamAV0.94.12008.12.07-
Comodo7082008.12.08-
DrWeb4.44.0.091702008.12.07Trojan.Blackmailer.origine
Safe7.0.17.02008.12.08-
eTrust-
Vet31.6.62462008.12.05-
Ewido4.02008.12.07-
F-Prot4.4.4.562008.12.04-
F-Secure8.0.14332.02008.12.08Trojan-Ransom.Win32.Hexzone.giz
Fortinet3.117.0.02008.12.07-
GData192008.12.07Win32:Hexzone-U
IkarusT3.1.1.45.02008.12.08Trojan-Ransom.Win32.Hexzone
K7AntiVirus7.10.5482008.12.08-
Kaspersky7.0.0.1252008.12.07Trojan-Ransom.Win32.Hexzone.giz
McAfee54562008.12.06-
McAfee+Artemis54562008.12.06-
Microsoft1.42052008.12.08-
NOD3236702008.12.08-
Norman5.80.022008.12.05-
Panda9.0.0.42008.12.07-
PCTools4.4.2.02008.12.08-
Prevx1V22008.12.08-
Rising21.06.62.002008.12.07-
SecureWeb-
Gateway6.7.62008.12.08-
Sophos4.36.02008.12.07-
Sunbelt3.1.1832.22008.12.01-
Symantec102008.12.07-
TheHacker6.3.1.2.1792008.12.06-
TrendMicro8.700.0.10042008.12.08-
VBA323.12.8.102008.12.07-
ViRobot2008.12.6.15042008.12.06-
VirusBuster4.5.11.02008.12.08-
```

File conmgr.exe received on 12.09.2008 05:44:27 (CET)
Result: 16/38 (42.11%)


```
Antivirus  	Version  	Last Update  	Result
AhnLab-V3	2008.12.8.1	2008.12.09	-
AntiVir	7.9.0.43	2008.12.08	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.12.08	-
Avast	4.8.1281.0	2008.12.08	Win32:Trojan-gen {Other}
AVG	8.0.0.199	2008.12.08	-
BitDefender	7.2	2008.12.09	Packer.Krunchy.B
CAT-QuickHeal	10.00	2008.12.09	(Suspicious) - DNAScan
ClamAV	0.94.1	2008.12.09	-
Comodo	711	2008.12.08	-
DrWeb	4.44.0.09170	2008.12.09	-
eSafe	7.0.17.0	2008.12.08	-
eTrust-Vet	31.6.6246	2008.12.05	-
Ewido	4.0	2008.12.08	-
F-Prot	4.4.4.56	2008.12.08	-
F-Secure	8.0.14332.0	2008.12.09	W32/Packed_Krunchy.A
Fortinet	3.117.0.0	2008.12.09	PossibleThreat
GData	19	2008.12.09	Packer.Krunchy.B
Ikarus	T3.1.1.45.0	2008.12.08	Packer.Krunchy.B
K7AntiVirus	7.10.548	2008.12.08	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2008.12.09	-
McAfee	5458	2008.12.08	Generic.dx
McAfee+Artemis	5458	2008.12.09	Generic.dx
Microsoft	1.4205	2008.12.09	-
NOD32	3674	2008.12.09	-
Norman	5.80.02	2008.12.08	W32/Packed_Krunchy.A
Panda	9.0.0.4	2008.12.08	Generic Trojan
PCTools	4.4.2.0	2008.12.08	-
Prevx1	V2	2008.12.09	-
Rising	21.07.02.00	2008.12.08	-
SecureWeb-Gateway	6.7.6	2008.12.09	Trojan.Crypt.XPACK.Gen
Sophos	4.36.0	2008.12.09	Mal/Generic-A
Sunbelt	3.1.1832.2	2008.12.01	VIPRE.Suspicious
Symantec	10	2008.12.09	-
TheHacker	6.3.1.2.180	2008.12.09	-
TrendMicro	8.700.0.1004	2008.12.08	-
VBA32	3.12.8.10	2008.12.09	-
ViRobot	2008.12.9.1507	2008.12.09	-
VirusBuster	4.5.11.0	2008.12.08	-
```

----------


## ALEX(XX)

File rxzwug.exe received on 12.09.2008 08:29:07 (CET)



```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.8.1	2008.12.09	-
AntiVir	7.9.0.43	2008.12.08	TR/Autoit.FN
Authentium	5.1.0.4	2008.12.08	-
Avast	4.8.1281.0	2008.12.08	Win32:Trojan-gen {Other}
AVG	8.0.0.199	2008.12.08	-
BitDefender	7.2	2008.12.09	Trojan.Generic.1175909
CAT-QuickHeal	10.00	2008.12.09	Trojan.Agent.arqp
ClamAV	0.94.1	2008.12.09	Worm.Autorun-1793
Comodo	713	2008.12.09	-
DrWeb	4.44.0.09170	2008.12.09	-
eSafe	7.0.17.0	2008.12.08	Suspicious File
eTrust-Vet	31.6.6246	2008.12.05	-
Ewido	4.0	2008.12.08	-
F-Prot	4.4.4.56	2008.12.08	-
F-Secure	8.0.14332.0	2008.12.09	Trojan.Win32.Autoit.fn
Fortinet	3.117.0.0	2008.12.09	-
GData	19	2008.12.09	Trojan.Generic.1175909
Ikarus	T3.1.1.45.0	2008.12.08	Trojan.Win32.Autoit.dt
K7AntiVirus	7.10.548	2008.12.08	-
Kaspersky	7.0.0.125	2008.12.09	Trojan.Win32.Autoit.fn
McAfee	5458	2008.12.08	W32/Autorun.worm.zf.gen
McAfee+Artemis	5458	2008.12.09	W32/Autorun.worm.zf.gen
Microsoft	1.4205	2008.12.09	Worm:AutoIt/Renocide.gen!A
NOD32	3675	2008.12.09	Win32/Packed.Autoit.Gen
Norman	5.80.02	2008.12.08	W32/Agent.JIIR
Panda	9.0.0.4	2008.12.08	W32/Autoit.AB
PCTools	4.4.2.0	2008.12.08	-
Prevx1	V2	2008.12.09	-
Rising	21.07.02.00	2008.12.08	-
SecureWeb-Gateway	6.7.6	2008.12.09	Trojan.Autoit.FN
Sophos	4.36.0	2008.12.09	Sus/Behav-1011
Sunbelt	3.1.1832.2	2008.12.01	-
Symantec	10	2008.12.09	-
TheHacker	6.3.1.2.180	2008.12.09	Trojan/Autoit.gs
TrendMicro	8.700.0.1004	2008.12.09	-
VBA32	3.12.8.10	2008.12.09	-
ViRobot	2008.12.9.1507	2008.12.09	-
VirusBuster	4.5.11.0	2008.12.08	-

Additional information
File size: 420320 bytes
MD5...: 0a41d1c04d74329667594d85b054542f
SHA1..: 1b4b46d5804812f3a921e06a4179bd46e05e586a
SHA256: 4bcfb65ca251580266878b92a1c4c01063e765bc5ded930fa19d7c3dc053c577
SHA512: 88f041a876d13ae04e24e3960e8947eeb898f4c3e59cfabcf1a9efc2f79f9d80<BR>ce6554009b497f7c88318c8ab0977f0aaacd28ccf95ff19c6a6598313aa894a5<BR>
ssdeep: 12288:mnNhuBoY8SorxgmA+nlvVluyVsMDCTHEs9K:mPatCg7EP8yqMDOkgK<BR>
PEiD..: -
TrID..: File type identification<BR>UPX compressed Win32 Executable (39.5%)<BR>Win32 EXE Yoda's Crypter (34.3%)<BR>Win32 Executable Generic (11.0%)<BR>Win32 Dynamic Link Library (generic) (9.8%)<BR>Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x490490<BR>timedatestamp.....: 0x4850e379 (Thu Jun 12 08:51:05 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name        viradd    virsiz   rawdsiz  ntrpy  md5<BR>UPX0        0x1000   0x58000       0x0   0.00  d41d8cd98f00b204e9800998ecf8427e<BR>UPX1       0x59000   0x38000   0x37800   7.93  c8cb0c68e090a662ba2868cc32095c1b<BR>.rsrc      0x91000    0x1000     0x600   3.31  d013d2373cc18dfe81eb1acfaa18d88b<BR><BR>( 13 imports )  <BR>&gt; KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<BR>&gt; ADVAPI32.dll: RegCloseKey<BR>&gt; COMCTL32.dll: ImageList_Create<BR>&gt; comdlg32.dll: GetSaveFileNameW<BR>&gt; GDI32.dll: LineTo<BR>&gt; MPR.dll: WNetUseConnectionW<BR>&gt; ole32.dll: CoInitialize<BR>&gt; OLEAUT32.dll: -<BR>&gt; SHELL32.dll: DragFinish<BR>&gt; USER32.dll: GetDC<BR>&gt; VERSION.dll: VerQueryValueW<BR>&gt; WINMM.dll: timeGetTime<BR>&gt; WSOCK32.dll: -<BR><BR>( 0 exports ) <BR>
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
```

*Добавлено через 7 минут*

Файл autorun.inf получен 2008.12.09 08:59:40 (CET)



```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.12.8.1	2008.12.09	-
AntiVir	7.9.0.43	2008.12.09	-
Authentium	5.1.0.4	2008.12.08	-
Avast	4.8.1281.0	2008.12.08	-
AVG	8.0.0.199	2008.12.08	Worm/AutoRun
BitDefender	7.2	2008.12.09	-
CAT-QuickHeal	10.00	2008.12.09	-
ClamAV	0.94.1	2008.12.09	Worm.Autorun-1792
Comodo	713	2008.12.09	-
DrWeb	4.44.0.09170	2008.12.09	-
eSafe	7.0.17.0	2008.12.08	-
eTrust-Vet	31.6.6246	2008.12.05	INF/SillyAutorun
Ewido	4.0	2008.12.08	-
F-Prot	4.4.4.56	2008.12.08	-
F-Secure	8.0.14332.0	2008.12.09	BAT/AutoRun.AE
Fortinet	3.117.0.0	2008.12.09	-
GData	19	2008.12.09	-
Ikarus	T3.1.1.45.0	2008.12.08	-
K7AntiVirus	7.10.548	2008.12.08	-
Kaspersky	7.0.0.125	2008.12.09	-
McAfee	5458	2008.12.08	-
McAfee+Artemis	5458	2008.12.09	-
Microsoft	1.4205	2008.12.09	-
NOD32	3675	2008.12.09	INF/Autorun.gen
Norman	5.80.02	2008.12.08	BAT/AutoRun.AE
Panda	9.0.0.4	2008.12.08	-
PCTools	4.4.2.0	2008.12.08	-
Prevx1	V2	2008.12.09	-
Rising	21.07.02.00	2008.12.08	-
SecureWeb-Gateway	6.7.6	2008.12.09	-
Sophos	4.36.0	2008.12.09	W32/Yahlov-A
Sunbelt	3.1.1832.2	2008.12.01	INF.Autorun (v)
Symantec	10	2008.12.09	-
TheHacker	6.3.1.2.180	2008.12.09	-
TrendMicro	8.700.0.1004	2008.12.09	Mal_Otorun1
VBA32	3.12.8.10	2008.12.09	-
ViRobot	2008.12.9.1507	2008.12.09	-
VirusBuster	4.5.11.0	2008.12.08	INF.Autorun.Gen

Дополнительная информация
File size: 329 bytes
MD5...: 75f1ea0c347a2181a360a9304678379c
SHA1..: 24bcea875b855efcaf7d17b8b794506cd1ad9140
SHA256: 7be18c48eb4bcb971925d33d98804acd233d507950044a037bfebfd32757ae76
SHA512: 72c49d94e3d7c2a7ab8cc7556b18c7dac4636934d182d61f132f97cabef75fdf<BR>2dd92b30eda731db98895c366ddf8db2cdde149088fdb4cc4e60098dd5e81ff8<BR>
ssdeep: 6:ic5hu37Kxg7oQq0TMvc3WA8ziQDG243Dqea8XWVLXJZJggTwZew7n:i2uLKm7P<BR>Mvc3WA8zfGDKLlggcQw7<BR>
PEiD..: -
TrID..: File type identification<BR>Unknown!
PEInfo: -
```

----------


## Shu_b

File ntos.exe received on 12.10.2008 12:28:27 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.10.2	2008.12.10	-
AntiVir	7.9.0.43	2008.12.10	-
Authentium	5.1.0.4	2008.12.10	-
Avast	4.8.1281.0	2008.12.10	Win32:Lighty-J
AVG	8.0.0.199	2008.12.09	SHeur2.FKG
BitDefender	7.2	2008.12.10	Packer.Malware.Lighty.E
CAT-QuickHeal	10.00	2008.12.10	-
ClamAV	0.94.1	2008.12.10	-
Comodo	718	2008.12.10	-
DrWeb	4.44.0.09170	2008.12.10	-
eSafe	7.0.17.0	2008.12.09	Suspicious File
eTrust-Vet	31.6.6253	2008.12.10	-
Ewido	4.0	2008.12.09	-
F-Prot	4.4.4.56	2008.12.10	-
F-Secure	8.0.14332.0	2008.12.10	-
Fortinet	3.117.0.0	2008.12.10	-
GData	19	2008.12.10	Packer.Malware.Lighty.E
Ikarus	T3.1.1.45.0	2008.12.10	Packer.Malware.Lighty
K7AntiVirus	7.10.549	2008.12.09	-
Kaspersky	7.0.0.125	2008.12.10	-
McAfee	5459	2008.12.09	-
McAfee+Artemis	5459	2008.12.09	-
Microsoft	1.4205	2008.12.10	TrojanSpy:Win32/Zbot.gen!C
NOD32	3681	2008.12.10	-
Norman	5.80.02	2008.12.09	-
Panda	9.0.0.4	2008.12.09	-
PCTools	4.4.2.0	2008.12.09	-
Prevx1	V2	2008.12.10	-
Rising	21.07.22.00	2008.12.10	-
SecureWeb-Gateway	6.7.6	2008.12.10	-
Sophos	4.36.0	2008.12.10	Mal/EncPk-EQ
Sunbelt	3.2.1801.2	2008.12.10	-
Symantec	10	2008.12.10	Trojan.Fakeavalert
TheHacker	6.3.1.2.182	2008.12.10	-
TrendMicro	8.700.0.1004	2008.12.10	-
VBA32	3.12.8.10	2008.12.09	-
ViRobot	2008.12.10.1511	2008.12.10	-
VirusBuster	4.5.11.0	2008.12.09	-
```

Additional information
File size: 177664 bytes
MD5...: faa00352c59d47f98ddfb742f563480d

*Добавлено через 16 минут*

File twext.exe received on 12.10.2008 12:50:56 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.10.2	2008.12.10	-
AntiVir	7.9.0.43	2008.12.10	-
Authentium	5.1.0.4	2008.12.10	-
Avast	4.8.1281.0	2008.12.10	Win32:Zbot-AVH
AVG	8.0.0.199	2008.12.10	-
BitDefender	7.2	2008.12.10	-
CAT-QuickHeal	10.00	2008.12.10	-
ClamAV	0.94.1	2008.12.10	-
Comodo	718	2008.12.10	-
DrWeb	4.44.0.09170	2008.12.10	Trojan.PWS.Panda.31
eSafe	7.0.17.0	2008.12.09	-
eTrust-Vet	31.6.6252	2008.12.09	-
Ewido	4.0	2008.12.09	-
F-Prot	4.4.4.56	2008.12.10	-
F-Secure	8.0.14332.0	2008.12.10	Trojan-Spy.Win32.Zbot.hrc
Fortinet	3.117.0.0	2008.12.10	-
GData	19	2008.12.10	Win32:Zbot-AVH
Ikarus	T3.1.1.45.0	2008.12.10	Trojan-Spy.Win32.Zbot
K7AntiVirus	7.10.549	2008.12.09	-
Kaspersky	7.0.0.125	2008.12.10	Trojan-Spy.Win32.Zbot.hrc
McAfee	5459	2008.12.09	-
McAfee+Artemis	5459	2008.12.09	Generic!Artemis
Microsoft	1.4205	2008.12.10	-
NOD32	3681	2008.12.10	-
Norman	5.80.02	2008.12.09	W32/Malware.EQSW
Panda	9.0.0.4	2008.12.09	-
PCTools	4.4.2.0	2008.12.10	-
Prevx1	V2	2008.12.10	-
Rising	21.07.22.00	2008.12.10	-
SecureWeb-Gateway	6.7.6	2008.12.10	-
Sophos	4.36.0	2008.12.10	-
Sunbelt	3.2.1801.2	2008.12.10	-
Symantec	10	2008.12.10	-
TheHacker	6.3.1.2.182	2008.12.10	-
TrendMicro	8.700.0.1004	2008.12.10	-
VBA32	3.12.8.10	2008.12.09	Trojan-Spy.Win32.Zbot.hme
ViRobot	2008.12.10.1511	2008.12.10	-
VirusBuster	4.5.11.0	2008.12.09	-
```

Additional information
File size: 588288 bytes
MD5...: 6c6802f0928c25ec068fc8cf33c4c9ba

*Добавлено через 1 час 28 минут*

File msqpdxmqltoity.sys received on 12.10.2008 13:47:55 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.10.2	2008.12.10	-
AntiVir	7.9.0.43	2008.12.10	-
Authentium	5.1.0.4	2008.12.10	-
Avast	4.8.1281.0	2008.12.10	-
AVG	8.0.0.199	2008.12.10	-
BitDefender	7.2	2008.12.10	-
CAT-QuickHeal	10.00	2008.12.10	-
ClamAV	0.94.1	2008.12.10	-
Comodo	718	2008.12.10	-
DrWeb	4.44.0.09170	2008.12.10	-
eSafe	7.0.17.0	2008.12.09	Suspicious File
eTrust-Vet	31.6.6253	2008.12.10	-
Ewido	4.0	2008.12.10	-
F-Prot	4.4.4.56	2008.12.10	-
F-Secure	8.0.14332.0	2008.12.10	-
Fortinet	3.117.0.0	2008.12.10	-
GData	19	2008.12.10	-
Ikarus	T3.1.1.45.0	2008.12.10	-
K7AntiVirus	7.10.549	2008.12.09	-
Kaspersky	7.0.0.125	2008.12.10	-
McAfee	5459	2008.12.09	-
McAfee+Artemis	5459	2008.12.09	-
Microsoft	1.4205	2008.12.10	-
NOD32	3681	2008.12.10	-
Norman	5.80.02	2008.12.09	-
Panda	9.0.0.4	2008.12.09	-
PCTools	4.4.2.0	2008.12.10	-
Prevx1	V2	2008.12.10	Malicious Software
Rising	21.07.22.00	2008.12.10	-
SecureWeb-Gateway	6.7.6	2008.12.10	-
Sophos	4.36.0	2008.12.10	-
Sunbelt	3.2.1801.2	2008.12.10	-
Symantec	10	2008.12.10	-
TheHacker	6.3.1.2.182	2008.12.10	-
TrendMicro	8.700.0.1004	2008.12.10	-
VBA32	3.12.8.10	2008.12.09	-
ViRobot	2008.12.10.1511	2008.12.10	-
VirusBuster	4.5.11.0	2008.12.09	-
```

Additional information
File size: 62464 bytes
MD5...: 7d0c76addaa22a5cb5b3407d5a78b211

*Добавлено через 32 минуты*

File nttest.sys received on 12.10.2008 14:49:14 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.10.2	2008.12.10	-
AntiVir	7.9.0.43	2008.12.10	TR/Spy.Agent.sad
Authentium	5.1.0.4	2008.12.10	-
Avast	4.8.1281.0	2008.12.10	Win32:Rootkit-gen
AVG	8.0.0.199	2008.12.10	-
BitDefender	7.2	2008.12.10	-
CAT-QuickHeal	10.00	2008.12.10	-
ClamAV	0.94.1	2008.12.10	-
Comodo	718	2008.12.10	-
DrWeb	4.44.0.09170	2008.12.10	-
eSafe	7.0.17.0	2008.12.10	-
eTrust-Vet	31.6.6253	2008.12.10	-
Ewido	4.0	2008.12.10	-
F-Prot	4.4.4.56	2008.12.10	-
Fortinet	3.117.0.0	2008.12.10	-
GData	19	2008.12.10	Win32:Rootkit-gen
Ikarus	T3.1.1.45.0	2008.12.10	-
K7AntiVirus	7.10.550	2008.12.10	-
Kaspersky	7.0.0.125	2008.12.10	Rootkit.Win32.Agent.fiy
McAfee	5459	2008.12.09	-
McAfee+Artemis	5459	2008.12.09	-
Microsoft	1.4205	2008.12.10	-
NOD32	3681	2008.12.10	-
Norman	5.80.02	2008.12.10	-
Panda	9.0.0.4	2008.12.09	-
PCTools	4.4.2.0	2008.12.10	-
Prevx1	V2	2008.12.10	-
Rising	21.07.22.00	2008.12.10	-
SecureWeb-Gateway	6.7.6	2008.12.10	Trojan.Spy.Agent.sad
Sophos	4.36.0	2008.12.10	-
Sunbelt	3.2.1801.2	2008.12.10	-
Symantec	10	2008.12.10	-
TheHacker	6.3.1.2.182	2008.12.10	-
TrendMicro	8.700.0.1004	2008.12.10	-
VBA32	3.12.8.10	2008.12.09	-
ViRobot	2008.12.10.1511	2008.12.10	-
VirusBuster	4.5.11.0	2008.12.09	-
```

Additional information
File size: 33792 bytes
MD5...: ecaa2fbb9a7ea227cce882ffe31351b4

----------


## PavelA

Тема:http://virusinfo.info/showthread.php?t=35469

Src=\??\C:\WINDOWS\system32\drivers\ethvfbgq.sys

Файл bcqr00004.dta получен 2008.12.10 16:01:05 (CET)

```
Антивирус Версия Обновление Результат 
AhnLab-V3 2008.12.10.2 2008.12.10 Win-Trojan/Agent.137792 
AntiVir 7.9.0.43 2008.12.10 TR/Rootkit.Gen 
Authentium 5.1.0.4 2008.12.10 - 
Avast 4.8.1281.0 2008.12.10 - 
AVG 8.0.0.199 2008.12.10 Win32/Rustock.G 
BitDefender 7.2 2008.12.10 - 
CAT-QuickHeal 10.00 2008.12.10 Rootkit.Agent.epv 
ClamAV 0.94.1 2008.12.10 - 
Comodo 718 2008.12.10 - 
DrWeb 4.44.0.09170 2008.12.10 - 
eSafe 7.0.17.0 2008.12.10 - 
eTrust-Vet 31.6.6253 2008.12.10 - 
Ewido 4.0 2008.12.10 - 
F-Prot 4.4.4.56 2008.12.10 - 
F-Secure 8.0.14332.0 2008.12.10 - 
Fortinet 3.117.0.0 2008.12.10 - 
GData 19 2008.12.10 - 
Ikarus T3.1.1.45.0 2008.12.10 - 
K7AntiVirus 7.10.550 2008.12.10 - 
Kaspersky 7.0.0.125 2008.12.10 - 
McAfee 5459 2008.12.09 - 
McAfee+Artemis 5459 
Microsoft 1.4205 2008.12.10 Spammer:Win32/Rlsloup.B 
NOD32 3682 2008.12.10 - 
Norman 5.80.02 2008.12.10 - 
Panda 9.0.0.4 2008.12.09 - 
PCTools 4.4.2.0 2008.12.10 - 
Prevx1 V2 2008.12.10 - 
Rising 21.07.22.00 2008.12.10 - 
SecureWeb-Gateway 6.7.6 2008.12.10 Trojan.Rootkit.Gen 
Sophos 4.36.0 2008.12.10 - 
Sunbelt 3.2.1801.2 2008.12.10 - 
Symantec 10 2008.12.10 - 
TheHacker 6.3.1.2.182 2008.12.10 - 
TrendMicro 8.700.0.1004 2008.12.10 - 
VBA32 3.12.8.10 2008.12.09 Rootkit.Win32.Agent.epv 
ViRobot 2008.12.10.1511 2008.12.10 Trojan.Win32.RT-Agent.137792 
VirusBuster 4.5.11.0 2008.12.10
```

Фалса или действительно Русток пожаловал в "Помогите!"

----------


## Синауридзе Александр

Файл angel.exe получен 2008.12.11 19:21:58 (CET)




> AhnLab-V3 2008.12.12.0 2008.12.11 - 
> AntiVir 7.9.0.43 2008.12.11 - 
> Authentium 5.1.0.4 2008.12.11 - 
> Avast 4.8.1281.0 2008.12.10 - 
> AVG 8.0.0.199 2008.12.11 - 
> BitDefender 7.2 2008.12.11 - 
> CAT-QuickHeal 10.00 2008.12.11 - 
> ClamAV 0.94.1 2008.12.11 - 
> Comodo 733 2008.12.11 - 
> ...


Дополнительная информация 
File size: 747008 bytes 
MD5...: c0a16d7987903267becffbf82f82a99b

----------


## AlexGOMEL

Файл AVZ00002.DTA получен *2008.09.22* 06:21:59 (CET)

moderated by Shu_b: Сентябрьское исследование неинтересно.

----------


## ISO

File adsldpcx.exe received on 12.15.2008 11:33:52 (CET)


```
AhnLab-V3	2008.12.12.2	2008.12.15	-
AntiVir	7.9.0.45	2008.12.15	-
Authentium	5.1.0.4	2008.12.14	-
Avast	4.8.1281.0	2008.12.14	-
AVG	8.0.0.199	2008.12.14	-
BitDefender	7.2	2008.12.15	-
CAT-QuickHeal	10.00	2008.12.15	-
ClamAV	0.94.1	2008.12.15	-
Comodo	754	2008.12.14	-
DrWeb	4.44.0.09170	2008.12.15	-
eSafe	7.0.17.0	2008.12.14	Suspicious File
eTrust-Vet	31.6.6258	2008.12.12	-
Ewido	4.0	2008.12.14	-
F-Prot	4.4.4.56	2008.12.14	-
F-Secure	8.0.14332.0	2008.12.15	-
Fortinet	3.117.0.0	2008.12.14	-
GData	19	2008.12.15	-
Ikarus	T3.1.1.45.0	2008.12.15	Trojan-Clicker.Win32.Klik
K7AntiVirus	7.10.553	2008.12.13	-
Kaspersky	7.0.0.125	2008.12.15	-
McAfee	5464	2008.12.14	Generic FakeAlert.f
McAfee+Artemis	5464	2008.12.14	Generic FakeAlert.f
Microsoft	1.4205	2008.12.15	VirTool:Win32/Obfuscator.DO
NOD32	3691	2008.12.14	-
Norman	5.80.02	2008.12.12	-
Panda	9.0.0.4	2008.12.14	-
PCTools	4.4.2.0	2008.12.14	-
Prevx1	V2	2008.12.15	Cloaked Malware
Rising	21.08.01.00	2008.12.15	-
SecureWeb-Gateway	6.7.6	2008.12.15	-
Sophos	4.36.0	2008.12.15	Mal/EncPk-EQ
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.15	Trojan.Fakeavalert
TheHacker	6.3.1.4.188	2008.12.14	-
TrendMicro	8.700.0.1004	2008.12.15	-
VBA32	3.12.8.10	2008.12.14	-
ViRobot	2008.12.15.1518	2008.12.15	-
VirusBuster	4.5.11.0	2008.12.14	Trojan.FakeAlert.Gen!Pac.3
```

File wndutl32.dll received on 12.15.2008 11:46:11 (CET)


```
Antivirus  	Version  	Last Update  	Result
AhnLab-V3	2008.12.12.2	2008.12.15	-
AntiVir	7.9.0.45	2008.12.15	-
Authentium	5.1.0.4	2008.12.14	-
Avast	4.8.1281.0	2008.12.14	-
AVG	8.0.0.199	2008.12.14	-
BitDefender	7.2	2008.12.15	Packer.Malware.Lighty.F
CAT-QuickHeal	10.00	2008.12.15	-
ClamAV	0.94.1	2008.12.15	-
Comodo	754	2008.12.14	-
DrWeb	4.44.0.09170	2008.12.15	-
eSafe	7.0.17.0	2008.12.14	Suspicious File
eTrust-Vet	31.6.6261	2008.12.15	-
Ewido	4.0	2008.12.14	-
F-Prot	4.4.4.56	2008.12.14	-
F-Secure	8.0.14332.0	2008.12.15	-
Fortinet	3.117.0.0	2008.12.14	-
GData	19	2008.12.15	Packer.Malware.Lighty.F
Ikarus	T3.1.1.45.0	2008.12.15	Trojan-Clicker.Win32.Klik
K7AntiVirus	7.10.553	2008.12.13	-
Kaspersky	7.0.0.125	2008.12.15	-
McAfee	5464	2008.12.14	-
McAfee+Artemis	5464	2008.12.14	-
Microsoft	1.4205	2008.12.15	TrojanDownloader:Win32/Renos
NOD32	3691	2008.12.14	-
Norman	5.80.02	2008.12.12	-
Panda	9.0.0.4	2008.12.14	-
PCTools	4.4.2.0	2008.12.14	-
Prevx1	V2	2008.12.15	Malicious Software
Rising	21.08.01.00	2008.12.15	-
SecureWeb-Gateway	6.7.6	2008.12.15	-
Sophos	4.36.0	2008.12.15	Mal/EncPk-EQ
Sunbelt	3.2.1801.2	2008.12.10	-
Symantec	10	2008.12.15	Trojan.Fakeavalert
TheHacker	6.3.1.4.188	2008.12.14	-
TrendMicro	8.700.0.1004	2008.12.15	-
VBA32	3.12.8.10	2008.12.14	-
ViRobot	2008.12.15.1518	2008.12.15	-
VirusBuster	4.5.11.0	2008.12.14	Trojan.FakeAlert.Gen!Pac.3
```

File a.exe received on 12.15.2008 11:50:48 (CET)


```
AhnLab-V3	2008.12.12.2	2008.12.15	-
AntiVir	7.9.0.45	2008.12.15	TR/Dropper.Gen
Authentium	5.1.0.4	2008.12.14	-
Avast	4.8.1281.0	2008.12.15	-
AVG	8.0.0.199	2008.12.14	-
BitDefender	7.2	2008.12.15	-
CAT-QuickHeal	10.00	2008.12.15	-
ClamAV	0.94.1	2008.12.15	-
Comodo	754	2008.12.14	-
DrWeb	4.44.0.09170	2008.12.15	-
eSafe	7.0.17.0	2008.12.14	Suspicious File
eTrust-Vet	31.6.6261	2008.12.15	-
Ewido	4.0	2008.12.14	-
F-Prot	4.4.4.56	2008.12.14	-
F-Secure	8.0.14332.0	2008.12.15	-
Fortinet	3.117.0.0	2008.12.14	-
GData	19	2008.12.15	-
Ikarus	T3.1.1.45.0	2008.12.15	Trojan-Clicker.Win32.Klik
K7AntiVirus	7.10.553	2008.12.13	-
Kaspersky	7.0.0.125	2008.12.15	-
McAfee	5464	2008.12.14	Generic FakeAlert.f
McAfee+Artemis	5464	2008.12.14	Generic FakeAlert.f
Microsoft	1.4205	2008.12.15	TrojanDropper:Win32/Rooter.B
NOD32	3691	2008.12.14	-
Norman	5.80.02	2008.12.12	-
Panda	9.0.0.4	2008.12.14	-
PCTools	4.4.2.0	2008.12.14	-
Prevx1	V2	2008.12.15	Malicious Software
Rising	21.08.01.00	2008.12.15	-
SecureWeb-Gateway	6.7.6	2008.12.15	Trojan.Dropper.Gen
Sophos	4.36.0	2008.12.15	Mal/EncPk-EQ
Sunbelt	3.2.1801.2	2008.12.10	-
Symantec	10	2008.12.15	Trojan.Fakeavalert
TheHacker	6.3.1.4.188	2008.12.14	-
TrendMicro	8.700.0.1004	2008.12.15	-
VBA32	3.12.8.10	2008.12.14	-
ViRobot	2008.12.15.1518	2008.12.15	-
VirusBuster	4.5.11.0	2008.12.14	-
```

----------


## PavelA

Тема:http://virusinfo.info/showthread.php?t=35666
Ответ из ЛК: smss.exe_ - Trojan-Downloader.Win32.Small.ahfw (свежий)

Файл avz00002.dta получен 2008.12.15 10:22:32 (CET)

```
Антивирус Версия Обновление Результат 
AhnLab-V3 2008.12.12.2 2008.12.15 - 
AntiVir 7.9.0.45 2008.12.15 TR/Crypt.XPACK.Gen 
Authentium 5.1.0.4 2008.12.14 W32/Heuristic-210!Eldorado 
Avast 4.8.1281.0 2008.12.14 - 
AVG 8.0.0.199 2008.12.14 Win32/Heur 
BitDefender 7.2 2008.12.15 - 
CAT-QuickHeal 10.00 2008.12.15 - 
ClamAV 0.94.1 2008.12.15 Trojan.Delf-6581 
Comodo 754 2008.12.14 - 
DrWeb 4.44.0.09170 2008.12.15 - 
eSafe 7.0.17.0 2008.12.14 Suspicious File 
eTrust-Vet 31.6.6258 2008.12.12 - 
Ewido 4.0 2008.12.14 - 
F-Prot 4.4.4.56 2008.12.14 W32/Heuristic-210!Eldorado 
F-Secure 8.0.14332.0 2008.12.15 Suspicious:W32/Malware!Gemini 
Fortinet 3.117.0.0 2008.12.14 - 
GData 19 2008.12.15 - 
Ikarus T3.1.1.45.0 2008.12.15 - 
K7AntiVirus 7.10.553 2008.12.13 - 
Kaspersky 7.0.0.125 2008.12.15 - 
McAfee 5464 2008.12.14 New Malware.ac 
McAfee+Artemis 5464 2008.12.14 New Malware.ac 
Microsoft 1.4205 2008.12.15 TrojanDownloader:Win32/VB.EE 
NOD32 3691 2008.12.14 probably unknown NewHeur_PE 
Norman 5.80.02 2008.12.12 - 
Panda 9.0.0.4 2008.12.14 Suspicious file 
PCTools 4.4.2.0 2008.12.14 - 
Prevx1 V2 2008.12.15 Malicious Software 
Rising 21.08.01.00 2008.12.15 - 
SecureWeb-Gateway 6.7.6 2008.12.15 Trojan.Crypt.XPACK.Gen 
Sophos 4.36.0 2008.12.15 Mal/EncPk-EW 
Sunbelt 3.2.1801.2 2008.12.11 - 
Symantec 10 2008.12.15 - 
TheHacker 6.3.1.4.188 2008.12.14 - 
TrendMicro 8.700.0.1004 2008.12.15 - 
VBA32 3.12.8.10 2008.12.14 - 
ViRobot 2008.12.15.1517 2008.12.15 - 
VirusBuster 4.5.11.0 2008.12.14 -
```

Дополнительная информация 
File size: 13312 bytes 
MD5...: 64fabb64d37b0fa3d6852b6a2bd9fed1

----------


## Pili

Src=C:\WINDOWS\system32\spool32.exe
Файл avz00001.dta получен 2008.12.15 16:50:28 (CET)


```
AhnLab-V3	2008.12.15.3	2008.12.15	-
AntiVir	7.9.0.45	2008.12.15	-
Authentium	5.1.0.4	2008.12.14	-
Avast	4.8.1281.0	2008.12.15	Win32:Oliga
AVG	8.0.0.199	2008.12.15	SHeur2.FKM
BitDefender	7.2	2008.12.15	-
CAT-QuickHeal	10.00	2008.12.15	(Suspicious) - DNAScan
ClamAV	0.94.1	2008.12.15	-
Comodo	754	2008.12.14	-
DrWeb	4.44.0.09170	2008.12.15	-
eSafe	7.0.17.0	2008.12.15	Suspicious File
eTrust-Vet	31.6.6261	2008.12.15	-
Ewido	4.0	2008.12.15	-
F-Prot	4.4.4.56	2008.12.14	-
F-Secure	8.0.14332.0	2008.12.15	Trojan.Win32.Monder.aaxz
Fortinet	3.117.0.0	2008.12.14	suspicious
GData	19	2008.12.15	Win32:Oliga
Ikarus	T3.1.1.45.0	2008.12.15	-
K7AntiVirus	7.10.553	2008.12.13	-
Kaspersky	7.0.0.125	2008.12.15	Trojan.Win32.Monder.aaxz
McAfee	5464	2008.12.14	New Malware.bx
McAfee+Artemis	5464	2008.12.14	New Malware.bx
Microsoft	1.4205	2008.12.15	-
NOD32	3692	2008.12.15	-
Norman	5.80.02	2008.12.12	W32/Vundo.FQN
Panda	9.0.0.4	2008.12.15	Suspicious file
PCTools	4.4.2.0	2008.12.15	-
Prevx1	V2	2008.12.15	-
Rising	21.08.02.00	2008.12.15	-
SecureWeb-Gateway	6.7.6	2008.12.15	Win32.Malware.gen (suspicious)
Sophos	4.36.0	2008.12.15	Mal/EncPk-FS
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.15	-
TheHacker	6.3.1.4.188	2008.12.14	-
TrendMicro	8.700.0.1004	2008.12.15	PAK_Generic.001
VBA32	3.12.8.10	2008.12.15	-
ViRobot	2008.12.15.1518	2008.12.15	-
VirusBuster	4.5.11.0	2008.12.15	-
```

Дополнительная информация
File size: 140127 bytes
MD5...: e69dd9605856b2ee189e7ab3be0bc83d

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Shu_b

File sdllib.dll received on 12.16.2008 08:58:38 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.16.2	2008.12.16	-
AntiVir	7.9.0.45	2008.12.15	-
Authentium	5.1.0.4	2008.12.16	-
Avast	4.8.1281.0	2008.12.15	Win32:Hexzone-U
AVG	8.0.0.199	2008.12.15	Adload_r.FF
BitDefender	7.2	2008.12.16	-
CAT-QuickHeal	10.00	2008.12.16	-
ClamAV	0.94.1	2008.12.16	-
Comodo	760	2008.12.15	-
DrWeb	4.44.0.09170	2008.12.16	Trojan.Blackmailer.origin
eSafe	7.0.17.0	2008.12.15	-
eTrust-Vet	31.6.6262	2008.12.16	-
Ewido	4.0	2008.12.15	-
F-Prot	4.4.4.56	2008.12.15	W32/Hexzone.B.gen!Eldorado
F-Secure	8.0.14332.0	2008.12.16	-
Fortinet	3.117.0.0	2008.12.16	-
GData	19	2008.12.16	Win32:Hexzone-U
Ikarus	T3.1.1.45.0	2008.12.16	Trojan-Ransom.Win32.Hexzone
K7AntiVirus	7.10.554	2008.12.15	-
Kaspersky	7.0.0.125	2008.12.16	-
McAfee	5465	2008.12.15	-
McAfee+Artemis	5465	2008.12.15	-
Microsoft	1.4205	2008.12.16	-
NOD32	3694	2008.12.15	-
Norman	5.80.02	2008.12.15	-
Panda	9.0.0.4	2008.12.15	-
PCTools	4.4.2.0	2008.12.15	-
Prevx1	V2	2008.12.16	-
Rising	21.08.11.00	2008.12.16	-
SecureWeb-Gateway	6.7.6	2008.12.15	-
Sophos	4.36.0	2008.12.16	-
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.16	-
TheHacker	6.3.1.4.189	2008.12.16	-
TrendMicro	8.700.0.1004	2008.12.16	-
VBA32	3.12.8.10	2008.12.15	-
ViRobot	2008.12.16.1520	2008.12.16	-
VirusBuster	4.5.11.0	2008.12.15	-
```

Additional information
File size: 316928 bytes
MD5...: 1263fba1d0e14cdabeb3ba4b5796792c

*Добавлено через 2 минуты*

Src=c:\windows\system32\drivers\winlogon.exe
File winlogon.exe received on 12.16.2008 08:52:59 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.16.2	2008.12.16	Win32/IRCBot.worm.variant
AntiVir	7.9.0.45	2008.12.15	-
Authentium	5.1.0.4	2008.12.16	W32/Backdoor2.DGZN
Avast	4.8.1281.0	2008.12.15	-
AVG	8.0.0.199	2008.12.15	Win32/Heur
BitDefender	7.2	2008.12.16	DeepScan:Generic.Sdbot.936847E5
CAT-QuickHeal	10.00	2008.12.16	Backdoor.SdBot.ifq
ClamAV	0.94.1	2008.12.16	Trojan.SdBot-9776
Comodo	760	2008.12.15	-
DrWeb	4.44.0.09170	2008.12.16	-
eSafe	7.0.17.0	2008.12.15	-
eTrust-Vet	31.6.6262	2008.12.16	-
Ewido	4.0	2008.12.15	-
F-Prot	4.4.4.56	2008.12.15	W32/Backdoor2.DGZN
F-Secure	8.0.14332.0	2008.12.16	Suspicious:W32/Malware!Gemini
Fortinet	3.117.0.0	2008.12.16	-
GData	19	2008.12.16	DeepScan:Generic.Sdbot.936847E5
Ikarus	T3.1.1.45.0	2008.12.16	-
K7AntiVirus	7.10.554	2008.12.15	-
Kaspersky	7.0.0.125	2008.12.16	-
McAfee	5465	2008.12.15	New Poly Win32
McAfee+Artemis	5465	2008.12.15	New Poly Win32
Microsoft	1.4205	2008.12.16	Exploit:Win32/Lsass.gen
NOD32	3694	2008.12.15	probably a variant of Win32/Packed.Themida
Norman	5.80.02	2008.12.15	-
Panda	9.0.0.4	2008.12.15	Suspicious file
PCTools	4.4.2.0	2008.12.15	-
Prevx1	V2	2008.12.16	-
Rising	21.08.11.00	2008.12.16	-
SecureWeb-Gateway	6.7.6	2008.12.15	Win32.Malware.gen!84 (suspicious)
Sophos	4.36.0	2008.12.16	Sus/UnkPacker
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.16	-
TheHacker	6.3.1.4.189	2008.12.16	-
TrendMicro	8.700.0.1004	2008.12.16	-
VBA32	3.12.8.10	2008.12.15	-
ViRobot	2008.12.16.1520	2008.12.16	Backdoor.Win32.IRCBot.709632
VirusBuster	4.5.11.0	2008.12.15	Backdoor.SdBot.ACTL
```

Additional information
File size: 709632 bytes
MD5...: 3e1923216a98a3624ae0d311293bd47e

*Добавлено через 17 минут*

File rs32net.exe received on 12.16.2008 09:13:38 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.16.2	2008.12.16	-
AntiVir	7.9.0.45	2008.12.15	TR/Dropper.Gen
Authentium	5.1.0.4	2008.12.16	-
Avast	4.8.1281.0	2008.12.15	-
AVG	8.0.0.199	2008.12.15	-
BitDefender	7.2	2008.12.16	-
CAT-QuickHeal	10.00	2008.12.16	-
ClamAV	0.94.1	2008.12.16	-
Comodo	760	2008.12.15	-
DrWeb	4.44.0.09170	2008.12.16	-
eSafe	7.0.17.0	2008.12.15	-
eTrust-Vet	31.6.6262	2008.12.16	-
Ewido	4.0	2008.12.15	-
F-Prot	4.4.4.56	2008.12.15	-
F-Secure	8.0.14332.0	2008.12.16	Trojan.Win32.Agent.avhd
Fortinet	3.117.0.0	2008.12.16	-
GData	19	2008.12.16	-
Ikarus	T3.1.1.45.0	2008.12.16	Trojan.Win32.Agent
K7AntiVirus	7.10.554	2008.12.15	-
Kaspersky	7.0.0.125	2008.12.16	Trojan.Win32.Agent.avhd
McAfee	5465	2008.12.15	-
McAfee+Artemis	5465	2008.12.15	Generic!Artemis
Microsoft	1.4205	2008.12.16	-
NOD32	3694	2008.12.15	-
Norman	5.80.02	2008.12.15	-
Panda	9.0.0.4	2008.12.15	-
PCTools	4.4.2.0	2008.12.15	-
Prevx1	V2	2008.12.16	Cloaked Malware
Rising	21.08.11.00	2008.12.16	-
SecureWeb-Gateway	6.7.6	2008.12.15	Trojan.Dropper.Gen
Sophos	4.36.0	2008.12.16	-
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.16	-
TheHacker	6.3.1.4.189	2008.12.16	Trojan/Agent.avhd
TrendMicro	8.700.0.1004	2008.12.16	-
VBA32	3.12.8.10	2008.12.15	Malware-Cryptor.Win32.Kefir
ViRobot	2008.12.16.1520	2008.12.16	-
VirusBuster	4.5.11.0	2008.12.15	Trojan.DR.Protector.A
```

Additional information
File size: 22528 bytes
MD5...: 7e19ef46397d95497f30432cda342046

*Добавлено через 7 минут*

File ~tmpc.exe received on 12.16.2008 09:13:08 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.16.2	2008.12.16	-
AntiVir	7.9.0.45	2008.12.15	-
Authentium	5.1.0.4	2008.12.16	-
Avast	4.8.1281.0	2008.12.15	-
AVG	8.0.0.199	2008.12.15	Win32/Cryptor
BitDefender	7.2	2008.12.16	-
CAT-QuickHeal	10.00	2008.12.16	TrojanDownloader.Agent.gen
ClamAV	0.94.1	2008.12.16	-
Comodo	760	2008.12.15	TrojWare.Win32.Trojan.Agent.~
DrWeb	4.44.0.09170	2008.12.16	-
eSafe	7.0.17.0	2008.12.15	-
eTrust-Vet	31.6.6262	2008.12.16	-
Ewido	4.0	2008.12.15	-
F-Prot	4.4.4.56	2008.12.15	-
F-Secure	8.0.14332.0	2008.12.16	-
Fortinet	3.117.0.0	2008.12.16	-
GData	19	2008.12.16	-
Ikarus	T3.1.1.45.0	2008.12.16	-
K7AntiVirus	7.10.554	2008.12.15	-
Kaspersky	7.0.0.125	2008.12.16	Trojan.Win32.FraudPack.hws
McAfee	5465	2008.12.15	-
McAfee+Artemis	5465	2008.12.15	-
Microsoft	1.4205	2008.12.16	TrojanDownloader:Win32/Renos.FM
NOD32	3694	2008.12.15	a variant of Win32/Kryptik.CU
Norman	5.80.02	2008.12.15	-
Panda	9.0.0.4	2008.12.15	-
PCTools	4.4.2.0	2008.12.15	-
Prevx1	V2	2008.12.16	Malware Downloader
Rising	21.08.11.00	2008.12.16	-
SecureWeb-Gateway	6.7.6	2008.12.15	Trojan.LooksLike.Proxy
Sophos	4.36.0	2008.12.16	-
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.16	Trojan Horse
TheHacker	6.3.1.4.189	2008.12.16	-
TrendMicro	8.700.0.1004	2008.12.16	-
VBA32	3.12.8.10	2008.12.15	-
ViRobot	2008.12.16.1520	2008.12.16	-
VirusBuster	4.5.11.0	2008.12.15	-
```

Additional information
File size: 81920 bytes
MD5...: edeea2b8b2a6e9de437cf05e4039bbbe

*Добавлено через 1 минуту*

File ~tmpb.exe received on 12.16.2008 09:12:41 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.16.2	2008.12.16	-
AntiVir	7.9.0.45	2008.12.15	TR/FraudPack.huv
Authentium	5.1.0.4	2008.12.16	-
Avast	4.8.1281.0	2008.12.15	-
AVG	8.0.0.199	2008.12.15	Win32/Cryptor
BitDefender	7.2	2008.12.16	-
CAT-QuickHeal	10.00	2008.12.16	TrojanDownloader.Agent.gen
ClamAV	0.94.1	2008.12.16	-
Comodo	760	2008.12.15	-
DrWeb	4.44.0.09170	2008.12.16	-
eSafe	7.0.17.0	2008.12.15	-
eTrust-Vet	31.6.6262	2008.12.16	-
Ewido	4.0	2008.12.15	-
F-Prot	4.4.4.56	2008.12.14	-
F-Secure	8.0.14332.0	2008.12.16	-
Fortinet	3.117.0.0	2008.12.16	-
GData	19	2008.12.16	-
Ikarus	T3.1.1.45.0	2008.12.16	-
K7AntiVirus	7.10.554	2008.12.15	-
Kaspersky	7.0.0.125	2008.12.16	Trojan.Win32.FraudPack.hvz
McAfee	5465	2008.12.15	-
McAfee+Artemis	5465	2008.12.15	-
Microsoft	1.4205	2008.12.16	TrojanDownloader:Win32/Renos.DZ
NOD32	3694	2008.12.15	a variant of Win32/Kryptik.CU
Norman	5.80.02	2008.12.15	-
Panda	9.0.0.4	2008.12.15	-
PCTools	4.4.2.0	2008.12.15	-
Prevx1	V2	2008.12.16	-
Rising	21.08.11.00	2008.12.16	-
SecureWeb-Gateway	6.7.6	2008.12.15	Trojan.FraudPack.huv
Sophos	4.36.0	2008.12.16	-
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.16	Downloader
TheHacker	6.3.1.4.189	2008.12.16	-
TrendMicro	8.700.0.1004	2008.12.16	-
VBA32	3.12.8.10	2008.12.15	-
ViRobot	2008.12.16.1520	2008.12.16	-
VirusBuster	4.5.11.0	2008.12.15	-
```

Additional information
File size: 86020 bytes
MD5...: 047f6fce96752b7d991c4cc178936a7a

*Добавлено через 2 минуты*

File userinit.exe received on 12.16.2008 09:12:11 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.16.2	2008.12.16	-
AntiVir	7.9.0.45	2008.12.15	-
Authentium	5.1.0.4	2008.12.16	-
Avast	4.8.1281.0	2008.12.15	-
AVG	8.0.0.199	2008.12.15	-
BitDefender	7.2	2008.12.16	-
CAT-QuickHeal	10.00	2008.12.16	-
ClamAV	0.94.1	2008.12.16	-
Comodo	760	2008.12.15	-
DrWeb	4.44.0.09170	2008.12.16	-
eSafe	7.0.17.0	2008.12.15	Suspicious File
eTrust-Vet	31.6.6262	2008.12.16	-
Ewido	4.0	2008.12.15	-
F-Prot	4.4.4.56	2008.12.15	-
F-Secure	8.0.14332.0	2008.12.16	-
Fortinet	3.117.0.0	2008.12.16	-
GData	19	2008.12.16	-
Ikarus	T3.1.1.45.0	2008.12.16	-
K7AntiVirus	7.10.554	2008.12.15	-
Kaspersky	7.0.0.125	2008.12.16	-
McAfee	5465	2008.12.15	-
McAfee+Artemis	5465	2008.12.15	-
Microsoft	1.4205	2008.12.16	-
NOD32	3694	2008.12.15	-
Norman	5.80.02	2008.12.15	-
Panda	9.0.0.4	2008.12.15	-
PCTools	4.4.2.0	2008.12.15	-
Prevx1	V2	2008.12.16	Cloaked Malware
Rising	21.08.11.00	2008.12.16	-
SecureWeb-Gateway	6.7.6	2008.12.15	-
Sophos	4.36.0	2008.12.16	-
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.16	-
TheHacker	6.3.1.4.189	2008.12.16	-
TrendMicro	8.700.0.1004	2008.12.16	-
VBA32	3.12.8.10	2008.12.15	suspected of Malware-Cryptor.Win32.General.4
ViRobot	2008.12.16.1520	2008.12.16	-
VirusBuster	4.5.11.0	2008.12.15	-
```

Additional information
File size: 32768 bytes
MD5...: d57614424f0b8ce32c238195eece7586

*Добавлено через 1 минуту*

File svchost.exe received on 12.16.2008 09:11:53 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.16.2	2008.12.16	-
AntiVir	7.9.0.45	2008.12.15	-
Authentium	5.1.0.4	2008.12.16	-
Avast	4.8.1281.0	2008.12.15	-
AVG	8.0.0.199	2008.12.15	-
BitDefender	7.2	2008.12.16	-
CAT-QuickHeal	10.00	2008.12.16	-
ClamAV	0.94.1	2008.12.16	-
Comodo	760	2008.12.15	-
DrWeb	4.44.0.09170	2008.12.16	-
eSafe	7.0.17.0	2008.12.15	Suspicious File
eTrust-Vet	31.6.6262	2008.12.16	-
Ewido	4.0	2008.12.15	-
F-Prot	4.4.4.56	2008.12.15	-
F-Secure	8.0.14332.0	2008.12.16	-
Fortinet	3.117.0.0	2008.12.16	-
GData	19	2008.12.16	-
Ikarus	T3.1.1.45.0	2008.12.16	-
K7AntiVirus	7.10.554	2008.12.15	-
Kaspersky	7.0.0.125	2008.12.16	P2P-Worm.Win32.Agent.hw
McAfee	5465	2008.12.15	-
McAfee+Artemis	5465	2008.12.15	-
Microsoft	1.4205	2008.12.16	-
NOD32	3694	2008.12.15	-
Norman	5.80.02	2008.12.15	-
Panda	9.0.0.4	2008.12.15	-
PCTools	4.4.2.0	2008.12.15	-
Prevx1	V2	2008.12.16	Cloaked Malware
Rising	21.08.11.00	2008.12.16	-
SecureWeb-Gateway	6.7.6	2008.12.15	-
Sophos	4.36.0	2008.12.16	-
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.16	-
TheHacker	6.3.1.4.189	2008.12.16	-
TrendMicro	8.700.0.1004	2008.12.16	-
VBA32	3.12.8.10	2008.12.15	suspected of Malware-Cryptor.Win32.General.3
ViRobot	2008.12.16.1520	2008.12.16	-
VirusBuster	4.5.11.0	2008.12.15	-
```

Additional information
File size: 31744 bytes
MD5...: 9c8adb9f7f66f0a88ca866b993f42c22

*Добавлено через 1 минуту*

File ntndis.exe received on 12.16.2008 09:10:23 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.16.2	2008.12.16	-
AntiVir	7.9.0.45	2008.12.15	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.12.16	W32/LdPinch.N.gen!Eldorado
Avast	4.8.1281.0	2008.12.15	-
AVG	8.0.0.199	2008.12.15	Worm/AutoRun.CL
BitDefender	7.2	2008.12.16	GenPack:Backdoor.SDBot.DETV
CAT-QuickHeal	10.00	2008.12.16	-
ClamAV	0.94.1	2008.12.16	-
Comodo	760	2008.12.15	-
DrWeb	4.44.0.09170	2008.12.16	-
eSafe	7.0.17.0	2008.12.15	Suspicious File
eTrust-Vet	31.6.6262	2008.12.16	-
Ewido	4.0	2008.12.15	-
F-Prot	4.4.4.56	2008.12.14	W32/LdPinch.N.gen!Eldorado
F-Secure	8.0.14332.0	2008.12.16	Suspicious:W32/Malware!Gemini
Fortinet	3.117.0.0	2008.12.16	suspicious
GData	19	2008.12.16	GenPack:Backdoor.SDBot.DETV
Ikarus	T3.1.1.45.0	2008.12.16	-
K7AntiVirus	7.10.554	2008.12.15	-
Kaspersky	7.0.0.125	2008.12.16	-
McAfee	5465	2008.12.15	-
McAfee+Artemis	5465	2008.12.15	-
Microsoft	1.4205	2008.12.16	-
NOD32	3694	2008.12.15	-
Norman	5.80.02	2008.12.15	-
Panda	9.0.0.4	2008.12.15	-
PCTools	4.4.2.0	2008.12.15	-
Prevx1	V2	2008.12.16	-
Rising	21.08.11.00	2008.12.16	-
SecureWeb-Gateway	6.7.6	2008.12.15	Trojan.Crypt.XPACK.Gen
Sophos	4.36.0	2008.12.16	Mal/Basine-C
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.16	-
TheHacker	6.3.1.4.189	2008.12.16	-
TrendMicro	8.700.0.1004	2008.12.16	-
VBA32	3.12.8.10	2008.12.15	-
ViRobot	2008.12.16.1520	2008.12.16	-
VirusBuster	4.5.11.0	2008.12.15	-
```

Additional information
File size: 40107 bytes
MD5...: 70ca8199611e79ed9b1422e0df83f628

----------


## Shu_b

File KB908665.exe received on 12.17.2008 15:21:39 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.17.3	2008.12.17	-
AntiVir	7.9.0.45	2008.12.17	TR/Dropper.Gen
Authentium	5.1.0.4	2008.12.17	-
Avast	4.8.1281.0	2008.12.17	Win32:Trojan-gen {Other}
AVG	8.0.0.199	2008.12.17	Win32/Heur
BitDefender	7.2	2008.12.17	Trojan.Dropper.Kobcka.FE
CAT-QuickHeal	10.00	2008.12.17	-
ClamAV	0.94.1	2008.12.17	-
Comodo	771	2008.12.17	-
DrWeb	4.44.0.09170	2008.12.17	-
eSafe	7.0.17.0	2008.12.16	-
eTrust-Vet	31.6.6265	2008.12.17	-
Ewido	4.0	2008.12.17	-
F-Prot	4.4.4.56	2008.12.17	-
F-Secure	8.0.14332.0	2008.12.17	-
Fortinet	3.117.0.0	2008.12.17	-
GData	19	2008.12.17	Trojan.Dropper.Kobcka.FE
Ikarus	T3.1.1.45.0	2008.12.17	-
K7AntiVirus	7.10.556	2008.12.17	-
Kaspersky	7.0.0.125	2008.12.17	-
McAfee	5466	2008.12.16	-
McAfee+Artemis	5466	2008.12.16	Generic!Artemis
Microsoft	1.4205	2008.12.17	-
NOD32	3698	2008.12.17	a variant of Win32/Wigon
Norman	5.80.02	2008.12.16	-
Panda	9.0.0.4	2008.12.17	-
PCTools	4.4.2.0	2008.12.17	-
Prevx1	V2	2008.12.17	-
Rising	21.08.22.00	2008.12.17	-
SecureWeb-Gateway	6.7.6	2008.12.17	Trojan.Dropper.Gen
Sophos	4.37.0	2008.12.17	-
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.17	-
TheHacker	6.3.1.4.189	2008.12.16	-
TrendMicro	8.700.0.1004	2008.12.17	-
VBA32	3.12.8.10	2008.12.16	-
ViRobot	2008.12.17.1523	2008.12.17	-
VirusBuster	4.5.11.0	2008.12.16	-
```

Additional information
File size: 14848 bytes
MD5...: 9d874acad44489cbf918882a696e9ff4

----------


## Pili

Файл services.exe получен 2008.12.18 08:11:07 (CET)



```
AhnLab-V3	2008.12.17.3	2008.12.18	-
AntiVir	7.9.0.45	2008.12.17	TR/Dropper.Gen
Authentium	5.1.0.4	2008.12.18	-
Avast	4.8.1281.0	2008.12.17	Win32:Crypt-DGD
AVG	8.0.0.199	2008.12.17	BackDoor.Generic_r.EA
BitDefender	7.2	2008.12.18	Trojan.Spammer.Tedroo.AV
CAT-QuickHeal	10.00	2008.12.18	(Suspicious) - DNAScan
ClamAV	0.94.1	2008.12.18	-
Comodo	771	2008.12.17	-
DrWeb	4.44.0.09170	2008.12.17	-
eSafe	7.0.17.0	2008.12.17	-
eTrust-Vet	31.6.6266	2008.12.18	-
Ewido	4.0	2008.12.17	-
F-Prot	4.4.4.56	2008.12.17	-
F-Secure	8.0.14332.0	2008.12.18	-
Fortinet	3.117.0.0	2008.12.18	-
GData	19	2008.12.18	Win32:Crypt-DGD
Ikarus	T3.1.1.45.0	2008.12.18	-
K7AntiVirus	7.10.556	2008.12.17	-
Kaspersky	7.0.0.125	2008.12.18	-
McAfee	5467	2008.12.17	-
McAfee+Artemis	5467	2008.12.17	-
Microsoft	1.4205	2008.12.18	-
NOD32	3700	2008.12.17	a variant of Win32/Injector.DO
Norman	5.80.02	2008.12.17	-
Panda	9.0.0.4	2008.12.18	-
PCTools	4.4.2.0	2008.12.17	-
Prevx1	V2	2008.12.18	-
Rising	21.08.30.00	2008.12.18	-
SecureWeb-Gateway	6.7.6	2008.12.17	Trojan.Dropper.Gen
Sophos	4.37.0	2008.12.18	-
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.18	-
TheHacker	6.3.1.4.191	2008.12.17	-
TrendMicro	8.700.0.1004	2008.12.18	-
VBA32	3.12.8.10	2008.12.17	-
ViRobot	2008.12.18.1524	2008.12.18	-
VirusBuster	4.5.11.0	2008.12.17	-
```

Дополнительная информация
File size: 42496 bytes
MD5...: d059090e5fd545e21eaf6f4f0971555e

----------


## Shu_b

File rs32net.exe received on 12.18.2008 08:32:15 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.17.3	2008.12.18	-
AntiVir	7.9.0.45	2008.12.17	TR/Dropper.Gen
Authentium	5.1.0.4	2008.12.18	-
Avast	4.8.1281.0	2008.12.17	-
AVG	8.0.0.199	2008.12.17	-
BitDefender	7.2	2008.12.18	-
CAT-QuickHeal	10.00	2008.12.18	-
ClamAV	0.94.1	2008.12.18	-
Comodo	771	2008.12.17	-
DrWeb	4.44.0.09170	2008.12.17	-
eSafe	7.0.17.0	2008.12.17	-
eTrust-Vet	31.6.6266	2008.12.18	-
Ewido	4.0	2008.12.17	-
F-Prot	4.4.4.56	2008.12.17	-
F-Secure	8.0.14332.0	2008.12.18	-
Fortinet	3.117.0.0	2008.12.18	-
GData	19	2008.12.18	-
Ikarus	T3.1.1.45.0	2008.12.18	-
K7AntiVirus	7.10.556	2008.12.17	-
Kaspersky	7.0.0.125	2008.12.18	-
McAfee	5467	2008.12.17	-
McAfee+Artemis	5467	2008.12.17	-
Microsoft	1.4205	2008.12.18	-
NOD32	3700	2008.12.17	-
Norman	5.80.02	2008.12.17	-
Panda	9.0.0.4	2008.12.17	-
PCTools	4.4.2.0	2008.12.17	-
Prevx1	V2	2008.12.18	Cloaked Malware
Rising	21.08.30.00	2008.12.18	-
SecureWeb-Gateway	6.7.6	2008.12.18	Trojan.Dropper.Gen
Sophos	4.37.0	2008.12.18	-
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.18	-
TheHacker	6.3.1.4.191	2008.12.17	-
TrendMicro	8.700.0.1004	2008.12.18	-
VBA32	3.12.8.10	2008.12.17	-
ViRobot	2008.12.18.1524	2008.12.18	-
VirusBuster	4.5.11.0	2008.12.17	-
```

Additional information
File size: 22528 bytes
MD5...: 3f57bfc5720636570e8d6aebac6f207b

*Добавлено через 1 минуту*

File vqolquurbqr.dll received on 12.18.2008 08:28:36 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.17.3	2008.12.18	-
AntiVir	7.9.0.45	2008.12.17	-
Authentium	5.1.0.4	2008.12.18	-
Avast	4.8.1281.0	2008.12.17	-
AVG	8.0.0.199	2008.12.17	-
BitDefender	7.2	2008.12.18	-
CAT-QuickHeal	10.00	2008.12.18	-
ClamAV	0.94.1	2008.12.18	-
Comodo	771	2008.12.17	-
DrWeb	4.44.0.09170	2008.12.17	-
eSafe	7.0.17.0	2008.12.17	-
eTrust-Vet	31.6.6266	2008.12.18	-
Ewido	4.0	2008.12.17	-
F-Prot	4.4.4.56	2008.12.17	-
F-Secure	8.0.14332.0	2008.12.18	-
Fortinet	3.117.0.0	2008.12.18	-
GData	19	2008.12.18	-
Ikarus	T3.1.1.45.0	2008.12.18	-
K7AntiVirus	7.10.556	2008.12.17	-
Kaspersky	7.0.0.125	2008.12.18	-
McAfee	5467	2008.12.17	-
McAfee+Artemis	5467	2008.12.17	-
Microsoft	1.4205	2008.12.18	-
NOD32	3700	2008.12.17	-
Norman	5.80.02	2008.12.17	-
Panda	9.0.0.4	2008.12.17	-
PCTools	4.4.2.0	2008.12.17	-
Prevx1	V2	2008.12.18	-
Rising	21.08.30.00	2008.12.18	-
SecureWeb-Gateway	6.7.6	2008.12.18	-
Sophos	4.37.0	2008.12.18	-
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.18	-
TheHacker	6.3.1.4.191	2008.12.17	-
TrendMicro	8.700.0.1004	2008.12.18	-
VBA32	3.12.8.10	2008.12.17	-
ViRobot	2008.12.18.1524	2008.12.18	-
VirusBuster	4.5.11.0	2008.12.17	-
```

Additional information
File size: 384512 bytes
MD5...: 552c752e717efcd9bda0e75e59195c10

*Добавлено через 1 минуту*

File winhelp32.exe received on 12.18.2008 08:22:44 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.17.3	2008.12.18	-
AntiVir	7.9.0.45	2008.12.17	-
Authentium	5.1.0.4	2008.12.18	W32/NaviPromo.B.gen!Eldorado
Avast	4.8.1281.0	2008.12.17	-
AVG	8.0.0.199	2008.12.17	-
BitDefender	7.2	2008.12.18	-
CAT-QuickHeal	10.00	2008.12.18	(Suspicious) - DNAScan
ClamAV	0.94.1	2008.12.18	-
Comodo	771	2008.12.17	-
DrWeb	4.44.0.09170	2008.12.17	-
eSafe	7.0.17.0	2008.12.17	Suspicious File
eTrust-Vet	31.6.6266	2008.12.18	-
Ewido	4.0	2008.12.17	-
F-Prot	4.4.4.56	2008.12.17	W32/NaviPromo.B.gen!Eldorado
F-Secure	8.0.14332.0	2008.12.18	Trojan-Dropper.Win32.Agent.abph
Fortinet	3.117.0.0	2008.12.18	W32/Agent.ABPH!tr
GData	19	2008.12.18	-
Ikarus	T3.1.1.45.0	2008.12.18	Trojan-Dropper.Agent
K7AntiVirus	7.10.556	2008.12.17	-
Kaspersky	7.0.0.125	2008.12.18	Trojan-Dropper.Win32.Agent.abph
McAfee	5467	2008.12.17	-
McAfee+Artemis	5467	2008.12.17	-
Microsoft	1.4205	2008.12.18	-
NOD32	3700	2008.12.17	-
Norman	5.80.02	2008.12.17	-
Panda	9.0.0.4	2008.12.18	Suspicious file
PCTools	4.4.2.0	2008.12.17	-
Prevx1	V2	2008.12.18	-
Rising	21.08.30.00	2008.12.18	-
SecureWeb-Gateway	6.7.6	2008.12.18	-
Sophos	4.37.0	2008.12.18	-
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.18	-
TheHacker	6.3.1.4.191	2008.12.17	-
TrendMicro	8.700.0.1004	2008.12.18	-
VBA32	3.12.8.10	2008.12.17	-
ViRobot	2008.12.18.1524	2008.12.18	-
VirusBuster	4.5.11.0	2008.12.17	-
```

Additional information
File size: 359944 bytes

*Добавлено через 2 минуты*

File tdll.dll received on 12.18.2008 08:22:30 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.17.3	2008.12.18	-
AntiVir	7.9.0.45	2008.12.17	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.12.18	-
Avast	4.8.1281.0	2008.12.17	Win32:Trojan-gen {Other}
AVG	8.0.0.199	2008.12.17	-
BitDefender	7.2	2008.12.18	Trojan.Inject.IA
CAT-QuickHeal	10.00	2008.12.18	-
ClamAV	0.94.1	2008.12.18	-
Comodo	771	2008.12.17	-
DrWeb	4.44.0.09170	2008.12.17	-
eSafe	7.0.17.0	2008.12.17	Suspicious File
eTrust-Vet	31.6.6266	2008.12.18	-
Ewido	4.0	2008.12.17	-
F-Prot	4.4.4.56	2008.12.17	-
F-Secure	8.0.14332.0	2008.12.18	Trojan.Win32.Inject.lmo
Fortinet	3.117.0.0	2008.12.18	-
GData	19	2008.12.18	Trojan.Inject.IA
Ikarus	T3.1.1.45.0	2008.12.18	Spammer
K7AntiVirus	7.10.556	2008.12.17	-
Kaspersky	7.0.0.125	2008.12.18	Trojan.Win32.Inject.lmo
McAfee	5467	2008.12.17	-
McAfee+Artemis	5467	2008.12.17	-
Microsoft	1.4205	2008.12.18	Spammer:Win32/Cutwail.gen!B
NOD32	3700	2008.12.17	-
Norman	5.80.02	2008.12.17	-
Panda	9.0.0.4	2008.12.18	-
PCTools	4.4.2.0	2008.12.17	-
Prevx1	V2	2008.12.18	-
Rising	21.08.30.00	2008.12.18	-
SecureWeb-Gateway	6.7.6	2008.12.18	Trojan.Crypt.XPACK.Gen
Sophos	4.37.0	2008.12.18	-
Sunbelt	3.2.1801.2	2008.12.11	-
TheHacker	6.3.1.4.191	2008.12.17	-
TrendMicro	8.700.0.1004	2008.12.18	-
VBA32	3.12.8.10	2008.12.17	-
ViRobot	2008.12.18.1524	2008.12.18	-
VirusBuster	4.5.11.0	2008.12.17	-
```

Additional information
File size: 67194 bytes
MD5...: d3a053084671cb4eb145b248aab4e7a3

*Добавлено через 1 минуту*

File vmmreg32.dll received on 12.18.2008 08:22:13 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.17.3	2008.12.18	-
AntiVir	7.9.0.45	2008.12.17	TR/Drop.Agent.abph
Authentium	5.1.0.4	2008.12.18	-
Avast	4.8.1281.0	2008.12.17	-
AVG	8.0.0.199	2008.12.17	-
BitDefender	7.2	2008.12.18	-
CAT-QuickHeal	10.00	2008.12.18	-
ClamAV	0.94.1	2008.12.18	-
Comodo	771	2008.12.17	-
DrWeb	4.44.0.09170	2008.12.17	-
eSafe	7.0.17.0	2008.12.17	Suspicious File
eTrust-Vet	31.6.6266	2008.12.18	-
Ewido	4.0	2008.12.17	-
F-Prot	4.4.4.56	2008.12.17	-
F-Secure	8.0.14332.0	2008.12.18	Trojan-Dropper.Win32.Agent.abph
Fortinet	3.117.0.0	2008.12.18	W32/Agent.ABPH!tr
GData	19	2008.12.18	-
Ikarus	T3.1.1.45.0	2008.12.18	Trojan-Dropper.Agent
K7AntiVirus	7.10.556	2008.12.17	-
Kaspersky	7.0.0.125	2008.12.18	Trojan-Dropper.Win32.Agent.abph
McAfee	5467	2008.12.17	-
McAfee+Artemis	5467	2008.12.17	-
Microsoft	1.4205	2008.12.18	-
NOD32	3700	2008.12.17	-
Norman	5.80.02	2008.12.17	-
Panda	9.0.0.4	2008.12.17	Suspicious file
PCTools	4.4.2.0	2008.12.17	-
Prevx1	V2	2008.12.18	-
Rising	21.08.30.00	2008.12.18	-
SecureWeb-Gateway	6.7.6	2008.12.18	Trojan.Drop.Agent.abph
Sophos	4.37.0	2008.12.18	-
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.18	-
TheHacker	6.3.1.4.191	2008.12.17	-
TrendMicro	8.700.0.1004	2008.12.18	-
VBA32	3.12.8.10	2008.12.17	-
ViRobot	2008.12.18.1524	2008.12.18	-
VirusBuster	4.5.11.0	2008.12.17	-
```

Additional information
File size: 219144 bytes
MD5...: 0f06783162341a6f3fe0fba25f310215

*Добавлено через 1 минуту*

File vmi386.sys received on 12.18.2008 08:21:22 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.17.3	2008.12.18	-
AntiVir	7.9.0.45	2008.12.17	TR/Dropper.Gen
Authentium	5.1.0.4	2008.12.18	-
Avast	4.8.1281.0	2008.12.17	Win32:Trojan-gen {Other}
AVG	8.0.0.199	2008.12.17	-
BitDefender	7.2	2008.12.18	-
CAT-QuickHeal	10.00	2008.12.18	-
ClamAV	0.94.1	2008.12.18	-
Comodo	771	2008.12.17	-
DrWeb	4.44.0.09170	2008.12.17	Trojan.Packed.1228
eSafe	7.0.17.0	2008.12.17	-
eTrust-Vet	31.6.6266	2008.12.18	-
Ewido	4.0	2008.12.17	-
F-Prot	4.4.4.56	2008.12.17	-
F-Secure	8.0.14332.0	2008.12.18	Trojan.Win32.Pakes.mfj
Fortinet	3.117.0.0	2008.12.18	-
GData	19	2008.12.18	Win32:Trojan-gen {Other}
Ikarus	T3.1.1.45.0	2008.12.18	Trojan.Win32.Pakes
K7AntiVirus	7.10.556	2008.12.17	-
Kaspersky	7.0.0.125	2008.12.18	Trojan.Win32.Pakes.mfj
McAfee	5467	2008.12.17	-
McAfee+Artemis	5467	2008.12.17	Generic!Artemis
Microsoft	1.4205	2008.12.18	-
NOD32	3700	2008.12.17	-
Norman	5.80.02	2008.12.17	-
Panda	9.0.0.4	2008.12.18	-
PCTools	4.4.2.0	2008.12.17	-
Prevx1	V2	2008.12.18	Malicious Software
Rising	21.08.30.00	2008.12.18	-
SecureWeb-Gateway	6.7.6	2008.12.18	Trojan.Dropper.Gen
Sophos	4.37.0	2008.12.18	-
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.18	-
TheHacker	6.3.1.4.191	2008.12.17	-
TrendMicro	8.700.0.1004	2008.12.18	-
VBA32	3.12.8.10	2008.12.17	-
ViRobot	2008.12.18.1524	2008.12.18	-
VirusBuster	4.5.11.0	2008.12.17	-
```

Additional information
File size: 72736 bytes
MD5...: 09e2f34eb7b0872159ba3fe16b23145f

*Добавлено через 1 минуту*

File VIDEO.sys received on 12.18.2008 08:21:58 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.17.3	2008.12.18	-
AntiVir	7.9.0.45	2008.12.17	TR/PSW.Agent.lii
Authentium	5.1.0.4	2008.12.18	-
Avast	4.8.1281.0	2008.12.17	-
AVG	8.0.0.199	2008.12.17	-
BitDefender	7.2	2008.12.18	-
CAT-QuickHeal	10.00	2008.12.18	-
ClamAV	0.94.1	2008.12.18	-
Comodo	771	2008.12.17	-
DrWeb	4.44.0.09170	2008.12.17	-
eSafe	7.0.17.0	2008.12.17	-
eTrust-Vet	31.6.6266	2008.12.18	-
Ewido	4.0	2008.12.17	-
F-Prot	4.4.4.56	2008.12.17	-
F-Secure	8.0.14332.0	2008.12.18	Trojan-PSW.Win32.Agent.lii
Fortinet	3.117.0.0	2008.12.18	W32/Agent.LII!tr.pws
GData	19	2008.12.18	-
Ikarus	T3.1.1.45.0	2008.12.18	Trojan-PWS.Win32.Agent
K7AntiVirus	7.10.556	2008.12.17	-
Kaspersky	7.0.0.125	2008.12.18	Trojan-PSW.Win32.Agent.lii
McAfee	5467	2008.12.17	-
McAfee+Artemis	5467	2008.12.17	-
Microsoft	1.4205	2008.12.18	-
NOD32	3700	2008.12.17	-
Norman	5.80.02	2008.12.17	-
Panda	9.0.0.4	2008.12.18	-
PCTools	4.4.2.0	2008.12.17	-
Prevx1	V2	2008.12.18	-
Rising	21.08.30.00	2008.12.18	-
SecureWeb-Gateway	6.7.6	2008.12.18	Trojan.PSW.Agent.lii
Sophos	4.37.0	2008.12.18	-
Sunbelt	3.2.1801.2	2008.12.10	-
Symantec	10	2008.12.18	-
TheHacker	6.3.1.4.191	2008.12.17	-
TrendMicro	8.700.0.1004	2008.12.18	-
VBA32	3.12.8.10	2008.12.17	-
ViRobot	2008.12.18.1524	2008.12.18	-
VirusBuster	4.5.11.0	2008.12.17	-
```

Additional information
File size: 28416 bytes
MD5...: f41dde69903b4a1279e8e52308f41339

----------


## Shu_b

File disc32.dll received on 12.19.2008 08:24:01 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.19.0	2008.12.19	-
AntiVir	7.9.0.45	2008.12.19	-
Authentium	5.1.0.4	2008.12.18	W32/Heuristic-VFM!Eldorado
Avast	4.8.1281.0	2008.12.18	-
AVG	8.0.0.199	2008.12.18	-
BitDefender	7.2	2008.12.19	-
CAT-QuickHeal	10.00	2008.12.19	-
ClamAV	0.94.1	2008.12.18	-
Comodo	780	2008.12.19	-
DrWeb	4.44.0.09170	2008.12.18	-
eSafe	7.0.17.0	2008.12.18	Suspicious File
eTrust-Vet	31.6.6268	2008.12.18	-
Ewido	4.0	2008.12.18	-
F-Prot	4.4.4.56	2008.12.18	W32/Heuristic-VFM!Eldorado
F-Secure	8.0.14332.0	2008.12.19	Worm.Win32.AutoRun.uwl
Fortinet	3.117.0.0	2008.12.19	-
GData	19	2008.12.19	-
Ikarus	T3.1.1.45.0	2008.12.19	Backdoor.Win32.Bandok
K7AntiVirus	7.10.557	2008.12.18	-
Kaspersky	7.0.0.125	2008.12.19	Worm.Win32.AutoRun.uwl
McAfee	5468	2008.12.18	-
McAfee+Artemis	5468	2008.12.18	-
Microsoft	1.4205	2008.12.19	-
NOD32	3704	2008.12.18	-
Norman	5.80.02	2008.12.18	-
Panda	9.0.0.4	2008.12.19	-
PCTools	4.4.2.0	2008.12.18	-
Prevx1	V2	2008.12.19	-
Rising	21.08.40.00	2008.12.19	-
SecureWeb-Gateway	6.7.6	2008.12.19	Win32.Malware.gen#UPX (suspicious)
Sophos	4.37.0	2008.12.19	-
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.19	-
TheHacker	6.3.1.4.191	2008.12.17	-
TrendMicro	8.700.0.1004	2008.12.19	-
VBA32	3.12.8.10	2008.12.18	-
ViRobot	2008.12.18.1526	2008.12.19	-
VirusBuster	4.5.11.0	2008.12.18	-
```

Additional information
File size: 14336 bytes
MD5...: c93c8279540aed5051d85b94d95b855d

*Добавлено через 2 минуты*

File winlogon.exe received on 12.19.2008 08:50:29 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.19.0	2008.12.19	-
AntiVir	7.9.0.45	2008.12.19	-
Authentium	5.1.0.4	2008.12.18	-
Avast	4.8.1281.0	2008.12.18	-
AVG	8.0.0.199	2008.12.18	-
BitDefender	7.2	2008.12.19	-
CAT-QuickHeal	10.00	2008.12.19	-
ClamAV	0.94.1	2008.12.18	-
Comodo	780	2008.12.19	-
DrWeb	4.44.0.09170	2008.12.18	-
eSafe	7.0.17.0	2008.12.18	-
eTrust-Vet	31.6.6268	2008.12.18	-
Ewido	4.0	2008.12.18	-
F-Prot	4.4.4.56	2008.12.18	-
F-Secure	8.0.14332.0	2008.12.19	-
Fortinet	3.117.0.0	2008.12.19	-
GData	19	2008.12.19	-
Ikarus	T3.1.1.45.0	2008.12.19	-
K7AntiVirus	7.10.557	2008.12.18	-
Kaspersky	7.0.0.125	2008.12.19	Trojan-Proxy.Win32.Delf.ki
McAfee	5468	2008.12.18	New Malware.gr
McAfee+Artemis	5468	2008.12.18	New Malware.gr
Microsoft	1.4205	2008.12.19	-
NOD32	3704	2008.12.18	-
Norman	5.80.02	2008.12.18	-
Panda	9.0.0.4	2008.12.19	Suspicious file
PCTools	4.4.2.0	2008.12.18	-
Prevx1	V2	2008.12.19	Malicious Software
Rising	21.08.40.00	2008.12.19	-
SecureWeb-Gateway	6.7.6	2008.12.19	-
Sophos	4.37.0	2008.12.19	-
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.19	-
TheHacker	6.3.1.4.191	2008.12.17	-
TrendMicro	8.700.0.1004	2008.12.19	-
VBA32	3.12.8.10	2008.12.18	-
ViRobot	2008.12.18.1526	2008.12.19	-
VirusBuster	4.5.11.0	2008.12.18	-
```

Additional information
File size: 712704 bytes
MD5...: dcac5a14860babc1d3ed514b73467a68

*Добавлено через 2 минуты*

File xxyxVlJd.dll received on 12.19.2008 09:04:13 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.19.0	2008.12.19	-
AntiVir	7.9.0.45	2008.12.19	TR/Vundo.Gen.6.23
Authentium	5.1.0.4	2008.12.18	-
Avast	4.8.1281.0	2008.12.18	-
AVG	8.0.0.199	2008.12.18	Vundo.CK
BitDefender	7.2	2008.12.19	Trojan.Vundo.Gen.6
CAT-QuickHeal	10.00	2008.12.19	-
ClamAV	0.94.1	2008.12.18	-
Comodo	780	2008.12.19	-
DrWeb	4.44.0.09170	2008.12.18	Trojan.Virtumod.855
eSafe	7.0.17.0	2008.12.18	-
eTrust-Vet	31.6.6268	2008.12.18	Win32/Vundo!generic
Ewido	4.0	2008.12.18	-
F-Prot	4.4.4.56	2008.12.18	W32/Virtumonde.AC.gen!Eldorado
F-Secure	8.0.14332.0	2008.12.19	Trojan:W32/Vundo.EL
Fortinet	3.117.0.0	2008.12.19	-
GData	19	2008.12.19	Trojan.Vundo.Gen.6
Ikarus	T3.1.1.45.0	2008.12.19	-
K7AntiVirus	7.10.557	2008.12.18	-
Kaspersky	7.0.0.125	2008.12.19	-
McAfee	5468	2008.12.18	-
McAfee+Artemis	5468	2008.12.18	-
Microsoft	1.4205	2008.12.19	Trojan:Win32/Vundo.gen!R
NOD32	3704	2008.12.18	Win32/Adware.Virtumonde.FP
Norman	5.80.02	2008.12.18	-
Panda	9.0.0.4	2008.12.19	-
PCTools	4.4.2.0	2008.12.18	-
Prevx1	V2	2008.12.19	-
Rising	21.08.41.00	2008.12.19	Trojan.Win32.VUNDO.cbw
SecureWeb-Gateway	6.7.6	2008.12.19	Trojan.Vundo.Gen.6.23
Sophos	4.37.0	2008.12.19	-
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.19	Packed.Generic.203
TheHacker	6.3.1.4.191	2008.12.17	-
TrendMicro	8.700.0.1004	2008.12.19	-
VBA32	3.12.8.10	2008.12.18	-
ViRobot	2008.12.18.1526	2008.12.19	-
VirusBuster	4.5.11.0	2008.12.18	-
```

Additional information
File size: 235520 bytes
MD5...: 0970f7b9d3927f6b93c8ceb1312a00f8

*Добавлено через 2 минуты*

File winscenter.exe received on 12.19.2008 09:22:23 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.19.0	2008.12.19	-
AntiVir	7.9.0.45	2008.12.19	-
Authentium	5.1.0.4	2008.12.18	-
Avast	4.8.1281.0	2008.12.18	-
AVG	8.0.0.199	2008.12.18	Win32/Cryptor
BitDefender	7.2	2008.12.19	-
CAT-QuickHeal	10.00	2008.12.19	(Suspicious) - DNAScan
ClamAV	0.94.1	2008.12.18	-
Comodo	780	2008.12.19	-
DrWeb	4.44.0.09170	2008.12.18	-
eSafe	7.0.17.0	2008.12.18	-
eTrust-Vet	31.6.6268	2008.12.18	-
Ewido	4.0	2008.12.18	-
F-Prot	4.4.4.56	2008.12.18	-
F-Secure	8.0.14332.0	2008.12.19	-
Fortinet	3.117.0.0	2008.12.19	-
GData	19	2008.12.19	-
Ikarus	T3.1.1.45.0	2008.12.19	Rootkit.Win32.TDSS
K7AntiVirus	7.10.557	2008.12.18	-
Kaspersky	7.0.0.125	2008.12.19	-
McAfee	5468	2008.12.18	-
McAfee+Artemis	5468	2008.12.18	Generic!Artemis
Microsoft	1.4205	2008.12.19	-
NOD32	3704	2008.12.18	-
Norman	5.80.02	2008.12.18	-
Panda	9.0.0.4	2008.12.19	-
PCTools	4.4.2.0	2008.12.18	-
Prevx1	V2	2008.12.19	Malicious Software
Rising	21.08.41.00	2008.12.19	-
SecureWeb-Gateway	6.7.6	2008.12.19	-
Sophos	4.37.0	2008.12.19	Mal/EncPk-CZ
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.19	-
TheHacker	6.3.1.4.191	2008.12.17	-
TrendMicro	8.700.0.1004	2008.12.19	TROJ_FAKEAV.AEA
VBA32	3.12.8.10	2008.12.18	-
ViRobot	2008.12.18.1526	2008.12.19	-
VirusBuster	4.5.11.0	2008.12.18	-
```

Additional information
File size: 384512 bytes
MD5...: a69de673a56ee3c21f40f3775ea05842

*Добавлено через 5 минут*

File kqozsbo.sys received on 12.19.2008 09:48:59 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.19.0	2008.12.19	-
AntiVir	7.9.0.45	2008.12.19	TR/Rootkit.Gen
Authentium	5.1.0.4	2008.12.18	-
Avast	4.8.1281.0	2008.12.18	Win32:Rootkit-gen
AVG	8.0.0.199	2008.12.18	DDoS.K
BitDefender	7.2	2008.12.19	-
CAT-QuickHeal	10.00	2008.12.19	-
ClamAV	0.94.1	2008.12.18	-
Comodo	780	2008.12.19	-
DrWeb	4.44.0.09170	2008.12.19	-
eSafe	7.0.17.0	2008.12.18	-
eTrust-Vet	31.6.6268	2008.12.18	-
Ewido	4.0	2008.12.18	-
F-Prot	4.4.4.56	2008.12.18	-
F-Secure	8.0.14332.0	2008.12.19	-
Fortinet	3.117.0.0	2008.12.19	-
GData	19	2008.12.19	Win32:Rootkit-gen
Ikarus	T3.1.1.45.0	2008.12.19	-
K7AntiVirus	7.10.557	2008.12.18	-
Kaspersky	7.0.0.125	2008.12.19	-
McAfee	5468	2008.12.18	-
McAfee+Artemis	5468	2008.12.18	-
Microsoft	1.4205	2008.12.19	Backdoor:WinNT/Rustock.H
NOD32	3704	2008.12.18	-
Norman	5.80.02	2008.12.18	-
Panda	9.0.0.4	2008.12.19	-
PCTools	4.4.2.0	2008.12.18	-
Prevx1	V2	2008.12.19	-
Rising	21.08.41.00	2008.12.19	-
SecureWeb-Gateway	6.7.6	2008.12.19	Trojan.Rootkit.Gen
Sophos	4.37.0	2008.12.19	-
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.19	-
TheHacker	6.3.1.4.191	2008.12.17	-
TrendMicro	8.700.0.1004	2008.12.19	-
VBA32	3.12.8.10	2008.12.18	-
ViRobot	2008.12.18.1526	2008.12.19	-
VirusBuster	4.5.11.0	2008.12.18	-
```

Additional information
File size: 30848 bytes
MD5...: 78f59cf8d0d936d24a3b5af5c16114e5

----------


## Shu_b

из свежеприсланного (t=36108)

File tpszxyd.sys received on 12.22.2008 15:17:37 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.22.0	2008.12.22	-
AntiVir	7.9.0.45	2008.12.22	-
Authentium	5.1.0.4	2008.12.22	-
Avast	4.8.1281.0	2008.12.21	Win32:Refpron-C
AVG	8.0.0.199	2008.12.22	Agent.4.E
BitDefender	7.2	2008.12.22	-
CAT-QuickHeal	10.00	2008.12.22	-
ClamAV	0.94.1	2008.12.22	-
Comodo	793	2008.12.21	-
DrWeb	4.44.0.09170	2008.12.22	-
eSafe	7.0.17.0	2008.12.21	-
eTrust-Vet	31.6.6271	2008.12.20	-
Ewido	4.0	2008.12.22	-
F-Prot	4.4.4.56	2008.12.22	-
F-Secure	8.0.14332.0	2008.12.22	Suspicious:W32/DVBBS.c!Gemini
Fortinet	3.117.0.0	2008.12.22	-
GData	19	2008.12.22	Win32:Refpron-C
Ikarus	T3.1.1.45.0	2008.12.22	Virus.Win32.DNSChanger.XR
K7AntiVirus	7.10.562	2008.12.22	-
Kaspersky	7.0.0.125	2008.12.22	-
McAfee	5471	2008.12.21	-
McAfee+Artemis	5471	2008.12.21	-
Microsoft	1.4205	2008.12.22	Backdoor:Win32/Refpron.I
NOD32	3710	2008.12.22	-
Norman	5.80.02	2008.12.22	-
Panda	9.0.0.4	2008.12.21	-
PCTools	4.4.2.0	2008.12.22	-
Prevx1	V2	2008.12.22	Cloaked Malware
Rising	21.09.02.00	2008.12.22	-
SecureWeb-Gateway	6.7.6	2008.12.22	-
Sophos	4.37.0	2008.12.22	-
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.22	-
TheHacker	6.3.1.4.195	2008.12.20	-
TrendMicro	8.700.0.1004	2008.12.22	TROJ_REFPRON.E
VBA32	3.12.8.10	2008.12.21	-
ViRobot	2008.12.22.1530	2008.12.22	-
VirusBuster	4.5.11.0	2008.12.21	-
```

Additional information
File size: 263168 bytes
MD5...: dd69d2f9d2d1709c286cb5fa6ef0ca8f


File system32\reminst\smss.exe received on 12.22.2008 15:17:50 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.22.0	2008.12.22	-
AntiVir	7.9.0.45	2008.12.22	HEUR/Malware
Authentium	5.1.0.4	2008.12.22	-
Avast	4.8.1281.0	2008.12.21	-
AVG	8.0.0.199	2008.12.22	-
BitDefender	7.2	2008.12.22	DeepScan:Generic.Malware.dld!!.98AD12A5
CAT-QuickHeal	10.00	2008.12.22	Win32.Backdoor.PcClient.ZA.3
ClamAV	0.94.1	2008.12.22	-
Comodo	793	2008.12.21	-
DrWeb	4.44.0.09170	2008.12.22	-
eSafe	7.0.17.0	2008.12.21	Suspicious File
eTrust-Vet	31.6.6271	2008.12.20	-
Ewido	4.0	2008.12.22	-
F-Prot	4.4.4.56	2008.12.22	-
F-Secure	8.0.14332.0	2008.12.22	-
Fortinet	3.117.0.0	2008.12.22	-
GData	19	2008.12.22	DeepScan:Generic.Malware.dld!!.98AD12A5
Ikarus	T3.1.1.45.0	2008.12.22	-
K7AntiVirus	7.10.562	2008.12.22	-
Kaspersky	7.0.0.125	2008.12.22	-
McAfee	5471	2008.12.21	New Malware.ac
McAfee+Artemis	5471	2008.12.21	Generic!Artemis
Microsoft	1.4205	2008.12.22	-
NOD32	3710	2008.12.22	-
Norman	5.80.02	2008.12.22	-
Panda	9.0.0.4	2008.12.21	Suspicious file
PCTools	4.4.2.0	2008.12.22	-
Prevx1	V2	2008.12.22	-
Rising	21.09.02.00	2008.12.22	-
SecureWeb-Gateway	6.7.6	2008.12.22	Heuristic.Malware
Sophos	4.37.0	2008.12.22	Sus/Behav-1005
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.22	Downloader
TheHacker	6.3.1.4.195	2008.12.20	-
TrendMicro	8.700.0.1004	2008.12.22	PAK_Generic.001
VBA32	3.12.8.10	2008.12.21	-
ViRobot	2008.12.22.1530	2008.12.22	-
VirusBuster	4.5.11.0	2008.12.21	-
```

Additional information
File size: 6144 bytes
MD5...: 282e012b74885150185048920b5f4f51


File system32\reminst\csrss.exe received on 12.22.2008 15:23:51 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.22.0	2008.12.22	-
AntiVir	7.9.0.45	2008.12.22	-
Authentium	5.1.0.4	2008.12.22	W32/new-malware!Maximus
Avast	4.8.1281.0	2008.12.21	-
AVG	8.0.0.199	2008.12.22	-
BitDefender	7.2	2008.12.22	-
CAT-QuickHeal	10.00	2008.12.22	Trojan.Siveras.e
ClamAV	0.94.1	2008.12.22	-
Comodo	793	2008.12.21	-
DrWeb	4.44.0.09170	2008.12.22	Trojan.DownLoad.25792
eSafe	7.0.17.0	2008.12.21	Suspicious File
eTrust-Vet	31.6.6271	2008.12.20	-
Ewido	4.0	2008.12.22	-
F-Prot	4.4.4.56	2008.12.22	W32/new-malware!Maximus
F-Secure	8.0.14332.0	2008.12.22	-
Fortinet	3.117.0.0	2008.12.22	-
GData	19	2008.12.22	-
Ikarus	T3.1.1.45.0	2008.12.22	Trojan.Buzus.iij
K7AntiVirus	7.10.562	2008.12.22	-
Kaspersky	7.0.0.125	2008.12.22	-
McAfee	5471	2008.12.21	-
McAfee+Artemis	5471	2008.12.21	-
Microsoft	1.4205	2008.12.22	Exploit:Win32/Siveras.E
NOD32	3710	2008.12.22	-
Norman	5.80.02	2008.12.22	-
Panda	9.0.0.4	2008.12.21	Suspicious file
PCTools	4.4.2.0	2008.12.22	-
Prevx1	V2	2008.12.22	-
Rising	21.09.02.00	2008.12.22	-
SecureWeb-Gateway	6.7.6	2008.12.22	Trojan.Downloader.Win32.Malware.gen (suspicious)
Sophos	4.37.0	2008.12.22	-
Sunbelt	3.2.1801.2	2008.12.11	VIPRE.Suspicious
Symantec	10	2008.12.22	-
TheHacker	6.3.1.4.195	2008.12.20	-
TrendMicro	8.700.0.1004	2008.12.22	PAK_Generic.001
VBA32	3.12.8.10	2008.12.21	-
ViRobot	2008.12.22.1530	2008.12.22	-
VirusBuster	4.5.11.0	2008.12.21	-
```

Additional information
File size: 43520 bytes
MD5...: f7fcc33c6cf1ae3d006f9f5e41929f71


File temp\0002.exe received on 12.22.2008 15:18:02 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.22.0	2008.12.22	-
AntiVir	7.9.0.45	2008.12.22	TR/ATRAPS.Gen
Authentium	5.1.0.4	2008.12.22	-
Avast	4.8.1281.0	2008.12.21	-
AVG	8.0.0.199	2008.12.22	Dropper.Bravix
BitDefender	7.2	2008.12.22	-
CAT-QuickHeal	10.00	2008.12.22	Win32.PWS.Gamania.gen!D.8
ClamAV	0.94.1	2008.12.22	-
Comodo	793	2008.12.21	-
DrWeb	4.44.0.09170	2008.12.22	-
eSafe	7.0.17.0	2008.12.21	-
eTrust-Vet	31.6.6271	2008.12.20	-
Ewido	4.0	2008.12.22	-
F-Prot	4.4.4.56	2008.12.22	-
F-Secure	8.0.14332.0	2008.12.22	Suspicious:W32/Malware!Gemini
Fortinet	3.117.0.0	2008.12.22	-
GData	19	2008.12.22	-
Ikarus	T3.1.1.45.0	2008.12.22	-
K7AntiVirus	7.10.562	2008.12.22	-
Kaspersky	7.0.0.125	2008.12.22	-
McAfee	5471	2008.12.21	-
McAfee+Artemis	5471	2008.12.21	-
Microsoft	1.4205	2008.12.22	Trojan:Win32/Adpclient
NOD32	3710	2008.12.22	-
Norman	5.80.02	2008.12.22	-
Panda	9.0.0.4	2008.12.21	Suspicious file
PCTools	4.4.2.0	2008.12.22	-
Prevx1	V2	2008.12.22	-
Rising	21.09.02.00	2008.12.22	-
SecureWeb-Gateway	6.7.6	2008.12.22	Trojan.ATRAPS.Gen
Sophos	4.37.0	2008.12.22	Troj/Sacom-Gen
Sunbelt	3.2.1801.2	2008.12.11	-
Symantec	10	2008.12.22	-
TheHacker	6.3.1.4.195	2008.12.20	-
TrendMicro	8.700.0.1004	2008.12.22	-
VBA32	3.12.8.10	2008.12.21	suspected of Win32 Shadow Driver Install
ViRobot	2008.12.22.1530	2008.12.22	-
VirusBuster	4.5.11.0	2008.12.21	-
```

Additional information
File size: 60928 bytes
MD5...: 35cd63388a75d9369b241eb19901f02b

----------


## kvit

пришло сегодня по icq



```
Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2008.12.22.0	2008.12.23	Win-Trojan/LdPinch.41984.AH
AntiVir	7.9.0.45	2008.12.22	TR/Spy.Gen
Authentium	5.1.0.4	2008.12.23	W32/LdPinch.A.gen!Eldorado
Avast	4.8.1281.0	2008.12.23	Win32:LdPinch-CYW
AVG	8.0.0.199	2008.12.22	PSW.Ldpinch.OLX
BitDefender	7.2	2008.12.23	Trojan.PWS.LdPinch.TPC
CAT-QuickHeal	10.00	2008.12.23	-
ClamAV	0.94.1	2008.12.22	Trojan.LdPinch-1592
Comodo	800	2008.12.22	TrojWare.Win32.PSW.Ldpinch.~TE
DrWeb	4.44.0.09170	2008.12.22	Trojan.PWS.LDPinch.4182
eSafe	7.0.17.0	2008.12.21	-
eTrust-Vet	31.6.6271	2008.12.20	Win32/Yurist.DD
Ewido	4.0	2008.12.22	Trojan.LdPinch.cdz
F-Prot	4.4.4.56	2008.12.22	W32/LdPinch.A.gen!Eldorado
F-Secure	8.0.14332.0	2008.12.23	Trojan-PSW.Win32.LdPinch.dis
Fortinet	3.117.0.0	2008.12.23	W32/LdPinch.BYX!tr.pws
GData	19	2008.12.23	Trojan.PWS.LdPinch.TPC
Ikarus	T3.1.1.45.0	2008.12.23	Trojan-PWS.Win32.LdPinch
K7AntiVirus	7.10.562	2008.12.22	Trojan-PSW.Win32.LdPinch.cds
Kaspersky	7.0.0.125	2008.12.23	Trojan-PSW.Win32.LdPinch.dis
McAfee	5472	2008.12.22	-
McAfee+Artemis	5472	2008.12.22	Generic!Artemis
Microsoft	1.4205	2008.12.22	PWS:Win32/Ldpinch.gen
NOD32	3712	2008.12.22	a variant of Win32/PSW.LdPinch.NEL
Norman	5.80.02	2008.12.22	LdPinch.gen1
Panda	9.0.0.4	2008.12.22	Trj/Ldpinch.APF
PCTools	4.4.2.0	2008.12.22	Trojan.PWS.LdPinch.CCL
Prevx1	V2	2008.12.23	Malicious Software
Rising	21.09.10.00	2008.12.23	Trojan.PSW.Win32.LdPinch.cds
SecureWeb-Gateway	6.7.6	2008.12.22	Trojan.Spy.Gen
Sophos	4.37.0	2008.12.23	Troj/LDPinch-RG
Sunbelt	3.2.1809.2	2008.12.22	BehavesLike.Win32.Malware (v)
Symantec	10	2008.12.23	Infostealer.Ldpinch
TheHacker	6.3.1.4.195	2008.12.20	-
TrendMicro	8.700.0.1004	2008.12.23	TROJ_LDPINCH.BB
VBA32	3.12.8.10	2008.12.22	Trojan.Win32.Agent.tpa
ViRobot	2008.12.23.1531	2008.12.23	Trojan.Win32.PSWLdPinch.41984.F
VirusBuster	4.5.11.0	2008.12.22	Trojan.PWS.LdPinch.CCL
```

----------


## Shu_b

File userinit.exe received on 12.23.2008 07:06:54 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.22.0	2008.12.23	-
AntiVir	7.9.0.45	2008.12.22	TR/Spy.ZBot.DAB.2
Authentium	5.1.0.4	2008.12.23	-
Avast	4.8.1281.0	2008.12.23	-
AVG	8.0.0.199	2008.12.22	SHeur2.GNW
BitDefender	7.2	2008.12.23	-
CAT-QuickHeal	10.00	2008.12.23	-
ClamAV	0.94.1	2008.12.22	-
Comodo	800	2008.12.22	-
DrWeb	4.44.0.09170	2008.12.22	-
eSafe	7.0.17.0	2008.12.21	Suspicious File
eTrust-Vet	31.6.6274	2008.12.22	-
Ewido	4.0	2008.12.22	-
F-Prot	4.4.4.56	2008.12.22	-
F-Secure	8.0.14332.0	2008.12.23	-
Fortinet	3.117.0.0	2008.12.23	-
GData	19	2008.12.23	-
Ikarus	T3.1.1.45.0	2008.12.23	-
K7AntiVirus	7.10.562	2008.12.22	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2008.12.23	-
McAfee	5472	2008.12.22	-
McAfee+Artemis	5472	2008.12.22	Generic!Artemis
Microsoft	1.4205	2008.12.22	VirTool:Win32/Obfuscator.CW
NOD32	3712	2008.12.22	a variant of Win32/Kryptik.DK
Norman	5.80.02	2008.12.22	-
Panda	9.0.0.4	2008.12.22	-
PCTools	4.4.2.0	2008.12.22	-
Rising	21.09.10.00	2008.12.23	-
SecureWeb-Gateway	6.7.6	2008.12.23	-
Sophos	4.37.0	2008.12.23	-
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.23	Infostealer
TheHacker	6.3.1.4.195	2008.12.20	-
TrendMicro	8.700.0.1004	2008.12.23	-
VBA32	3.12.8.10	2008.12.22	suspected of Malware-Cryptor.Win32.General.4
ViRobot	2008.12.23.1531	2008.12.23	-
VirusBuster	4.5.11.0	2008.12.22	-
```

Additional information
File size: 74240 bytes
MD5...: 18789d6b2155e4755feb98b5629babb7
SHA1..: 1e76a4b48299639cd6e2794ef4717876d66f0055

*Добавлено через 1 минуту*

File im.exe received on 12.23.2008 07:14:51 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.22.0	2008.12.23	-
AntiVir	7.9.0.45	2008.12.22	TR/Crypt.CFI.Gen
Authentium	5.1.0.4	2008.12.23	W32/VB-Backdoor-PSVR-based!Maximus
Avast	4.8.1281.0	2008.12.23	-
AVG	8.0.0.199	2008.12.22	-
BitDefender	7.2	2008.12.23	-
CAT-QuickHeal	10.00	2008.12.23	-
ClamAV	0.94.1	2008.12.22	-
Comodo	800	2008.12.22	-
DrWeb	4.44.0.09170	2008.12.22	-
eSafe	7.0.17.0	2008.12.21	-
eTrust-Vet	31.6.6271	2008.12.20	-
Ewido	4.0	2008.12.22	-
F-Prot	4.4.4.56	2008.12.22	W32/VB-Backdoor-PSVR-based!Maximus
F-Secure	8.0.14332.0	2008.12.23	-
Fortinet	3.117.0.0	2008.12.23	-
GData	19	2008.12.23	-
Ikarus	T3.1.1.45.0	2008.12.23	not-a-virus:AdTool.Win32.VB.a
K7AntiVirus	7.10.562	2008.12.22	-
Kaspersky	7.0.0.125	2008.12.23	-
McAfee	5472	2008.12.22	-
McAfee+Artemis	5472	2008.12.22	Generic!Artemis
Microsoft	1.4205	2008.12.22	-
NOD32	3712	2008.12.22	-
Norman	5.80.02	2008.12.22	-
Panda	9.0.0.4	2008.12.22	-
PCTools	4.4.2.0	2008.12.22	-
Prevx1	V2	2008.12.23	-
Rising	21.09.10.00	2008.12.23	-
SecureWeb-Gateway	6.7.6	2008.12.23	Trojan.Crypt.CFI.Gen
Sophos	4.37.0	2008.12.23	-
Sunbelt	3.2.1809.2	2008.12.22	Backdoor.Win32.VB.PSVR!cobra (v)
Symantec	10	2008.12.23	-
TheHacker	6.3.1.4.195	2008.12.20	-
TrendMicro	8.700.0.1004	2008.12.23	-
VBA32	3.12.8.10	2008.12.22	-
ViRobot	2008.12.23.1531	2008.12.23	-
VirusBuster	4.5.11.0	2008.12.22	-
```

Additional information
File size: 98304 bytes
MD5...: 26f25a5a029d118623f039398b1f7dee

*Добавлено через 2 минуты*

File twext.exe received on 12.23.2008 07:19:11 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.22.0	2008.12.23	-
AntiVir	7.9.0.45	2008.12.22	-
Authentium	5.1.0.4	2008.12.23	-
Avast	4.8.1281.0	2008.12.23	Win32:Zbot-AVH
AVG	8.0.0.199	2008.12.22	-
BitDefender	7.2	2008.12.23	-
CAT-QuickHeal	10.00	2008.12.23	-
ClamAV	0.94.1	2008.12.22	-
Comodo	800	2008.12.22	-
DrWeb	4.44.0.09170	2008.12.22	-
eSafe	7.0.17.0	2008.12.21	-
eTrust-Vet	31.6.6274	2008.12.22	-
Ewido	4.0	2008.12.22	-
F-Prot	4.4.4.56	2008.12.22	-
F-Secure	8.0.14332.0	2008.12.23	Trojan-Spy.Win32.Zbot.imd
Fortinet	3.117.0.0	2008.12.23	-
GData	19	2008.12.23	Win32:Zbot-AVH
Ikarus	T3.1.1.45.0	2008.12.23	-
K7AntiVirus	7.10.562	2008.12.22	-
Kaspersky	7.0.0.125	2008.12.23	Trojan-Spy.Win32.Zbot.imd
McAfee	5472	2008.12.22	-
McAfee+Artemis	5472	2008.12.22	-
Microsoft	1.4205	2008.12.22	TrojanSpy:Win32/Zbot.gen!C
NOD32	3712	2008.12.22	a variant of Win32/Kryptik.DB
Norman	5.80.02	2008.12.22	-
Panda	9.0.0.4	2008.12.22	-
PCTools	4.4.2.0	2008.12.22	-
Prevx1	V2	2008.12.23	-
Rising	21.09.10.00	2008.12.23	-
SecureWeb-Gateway	6.7.6	2008.12.23	-
Sophos	4.37.0	2008.12.23	Mal/Zbot-H
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.23	-
TheHacker	6.3.1.4.195	2008.12.20	-
TrendMicro	8.700.0.1004	2008.12.23	-
VBA32	3.12.8.10	2008.12.22	-
ViRobot	2008.12.23.1531	2008.12.23	-
VirusBuster	4.5.11.0	2008.12.22	TrojanSpy.ZBot.Gen!Pac.6
```

Additional information
File size: 575488 bytes
MD5...: e1b79b469184ff37468af1e427500c4b

*Добавлено через 52 секунды*

File PrivateContent.exe received on 12.23.2008 07:21:43 (CET)


```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.12.22.0	2008.12.23	-
AntiVir	7.9.0.45	2008.12.22	-
Authentium	5.1.0.4	2008.12.23	-
Avast	4.8.1281.0	2008.12.23	-
AVG	8.0.0.199	2008.12.22	-
BitDefender	7.2	2008.12.23	-
CAT-QuickHeal	10.00	2008.12.23	-
ClamAV	0.94.1	2008.12.22	-
Comodo	800	2008.12.22	-
DrWeb	4.44.0.09170	2008.12.22	-
eSafe	7.0.17.0	2008.12.21	-
eTrust-Vet	31.6.6274	2008.12.22	-
Ewido	4.0	2008.12.22	-
F-Prot	4.4.4.56	2008.12.22	-
F-Secure	8.0.14332.0	2008.12.23	AdWare.Win32.Cinmus.aiyf
Fortinet	3.117.0.0	2008.12.23	-
GData	19	2008.12.23	-
Ikarus	T3.1.1.45.0	2008.12.23	-
K7AntiVirus	7.10.562	2008.12.22	-
Kaspersky	7.0.0.125	2008.12.23	not-a-virus:AdWare.Win32.Cinmus.aiyf
McAfee	5472	2008.12.22	-
McAfee+Artemis	5472	2008.12.22	-
Microsoft	1.4205	2008.12.22	-
NOD32	3712	2008.12.22	-
Norman	5.80.02	2008.12.22	-
Panda	9.0.0.4	2008.12.22	-
PCTools	4.4.2.0	2008.12.22	-
Prevx1	V2	2008.12.23	-
Rising	21.09.10.00	2008.12.23	-
SecureWeb-Gateway	6.7.6	2008.12.23	-
Sophos	4.37.0	2008.12.23	-
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.23	-
TheHacker	6.3.1.4.195	2008.12.20	-
TrendMicro	8.700.0.1004	2008.12.23	-
VBA32	3.12.8.10	2008.12.22	-
ViRobot	2008.12.23.1531	2008.12.23	-
VirusBuster	4.5.11.0	2008.12.22	-
```

Additional information
File size: 88576 bytes
MD5...: 1bbde9abaf1f459143de6844db9ed624

----------


## senyak

Файл 49c4f4f6.eml получен 2008.12.23 15:30:54 (CET)
Текущий статус:   закончено 
Результат: 4/38 (10.53%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.12.22.0	2008.12.23	-
> *AntiVir	7.9.0.45	2008.12.23	HEUR/HTML.Malware*
> Authentium	5.1.0.4	2008.12.23	-
> Avast	4.8.1281.0	2008.12.23	-
> AVG	8.0.0.199	2008.12.22	-
> BitDefender	7.2	2008.12.23	-
> CAT-QuickHeal	10.00	2008.12.23	-
> *ClamAV	0.94.1	2008.12.23	Phishing.Heuristics.Email.SpoofedDomain*
> ...


Дополнительная информация
File size: 4113 bytes
MD5...: 35ab57faa44d9691baa991c2dec704f6
SHA1..: 8753bb9d81121ab07dfbc996c00ca51f838271de
SHA256: 78c274d4bc6fd7998184ee30ebccbb6448872cc9cfccd79bc9  0b8723f639d1d4
SHA512: ca7edaf312f97c7edfd443706d39c00c5fc4deea77a2ca86e0  297a5a61e712c6
55bd2a6ccfc1c4735aa66001e07fa915f71ea860e5c739ec77  149afdcbb6f23d
ssdeep: 48:SC/Ji2tmsNBxAM3T7WpL5AjNux0219IXMyxM8OX/1UKtjDUpICUAixkKHJktv
AnH:F5xF3G5uNux021yMDqEBN9gXq2EQLk
PEiD..: -
TrID..: File type identification
E-Mail message (Var. 1) (100.0%)
PEInfo: -
packers (F-Prot): qp

----------


## Shu_b

File qwe received on 12.24.2008 09:05:31 (CET)


```
Antivirus	Version	Last Update	Result
a-squared	4.0.0.73	2008.12.24	-
AhnLab-V3	2008.12.22.0	2008.12.24	-
AntiVir	7.9.0.45	2008.12.24	TR/Dropper.Gen
Authentium	5.1.0.4	2008.12.24	-
Avast	4.8.1281.0	2008.12.23	-
AVG	8.0.0.199	2008.12.23	-
BitDefender	7.2	2008.12.24	-
CAT-QuickHeal	10.00	2008.12.24	-
ClamAV	0.94.1	2008.12.24	-
Comodo	804	2008.12.23	-
DrWeb	4.44.0.09170	2008.12.24	-
eSafe	7.0.17.0	2008.12.23	-
eTrust-Vet	31.6.6276	2008.12.24	-
Ewido	4.0	2008.12.23	-
F-Prot	4.4.4.56	2008.12.24	-
F-Secure	8.0.14332.0	2008.12.24	-
Fortinet	3.117.0.0	2008.12.24	-
GData	19	2008.12.24	-
Ikarus	T3.1.1.45.0	2008.12.24	-
K7AntiVirus	7.10.563	2008.12.23	-
Kaspersky	7.0.0.125	2008.12.24	-
McAfee	5473	2008.12.23	-
McAfee+Artemis	5473	2008.12.23	-
Microsoft	1.4205	2008.12.24	-
NOD32	3715	2008.12.24	-
Norman	5.80.02	2008.12.23	-
Panda	9.0.0.4	2008.12.23	-
PCTools	4.4.2.0	2008.12.23	-
Prevx1	V2	2008.12.24	Cloaked Malware
Rising	21.09.21.00	2008.12.24	-
SecureWeb-Gateway	6.7.6	2008.12.24	Trojan.Dropper.Gen
Sophos	4.37.0	2008.12.24	-
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.24	-
TheHacker	6.3.1.4.199	2008.12.23	-
TrendMicro	8.700.0.1004	2008.12.24	-
VBA32	3.12.8.10	2008.12.23	-
ViRobot	2008.12.24.1533	2008.12.24	-
VirusBuster	4.5.11.0	2008.12.23	-
```

Additional information
File size: 22528 bytes
MD5...: 5ad1dc609b765c81a895a1fd42040b73

----------


## ALEX(XX)

File 3.exe received on 12.24.2008 10:33:03 (CET)



```
Antivirus	Version	Last Update	Result
a-squared	4.0.0.73	2008.12.24	Trojan-PWS.Win32.QQPass!IK
AhnLab-V3	2008.12.22.0	2008.12.24	Packed/Upack
AntiVir	7.9.0.45	2008.12.24	TR/ATRAPS.Gen
Authentium	5.1.0.4	2008.12.24	W32/Heuristic-210!Eldorado
Avast	4.8.1281.0	2008.12.23	-
AVG	8.0.0.199	2008.12.23	-
BitDefender	7.2	2008.12.24	-
CAT-QuickHeal	10.00	2008.12.24	(Suspicious) - DNAScan
ClamAV	0.94.1	2008.12.24	-
Comodo	804	2008.12.23	-
DrWeb	4.44.0.09170	2008.12.24	-
eSafe	7.0.17.0	2008.12.23	-
eTrust-Vet	31.6.6276	2008.12.24	-
Ewido	4.0	2008.12.23	-
F-Prot	4.4.4.56	2008.12.24	W32/Heuristic-210!Eldorado
F-Secure	8.0.14332.0	2008.12.24	W32/Packed_Upack.A
Fortinet	3.117.0.0	2008.12.24	-
GData	19	2008.12.24	-
Ikarus	T3.1.1.45.0	2008.12.24	Trojan-PWS.Win32.QQPass
K7AntiVirus	7.10.563	2008.12.23	-
Kaspersky	7.0.0.125	2008.12.24	-
McAfee	5473	2008.12.23	New Malware.aj
McAfee+Artemis	5473	2008.12.23	New Malware.n
Microsoft	1.4205	2008.12.24	PWS:Win32/QQpass.AA
NOD32	3715	2008.12.24	a variant of Win32/PSW.Delf.NMX
Norman	5.80.02	2008.12.23	W32/Packed_Upack.A
Panda	9.0.0.4	2008.12.23	Suspicious file
PCTools	4.4.2.0	2008.12.23	Packed/Upack
Prevx1	V2	2008.12.24	-
Rising	21.09.22.00	2008.12.24	Trojan.Win32.QQFish.w
SecureWeb-Gateway	6.7.6	2008.12.24	Trojan.ATRAPS.Gen
Sophos	4.37.0	2008.12.24	Sus/ComPack-C
Sunbelt	3.2.1809.2	2008.12.22	VIPRE.Suspicious
Symantec	10	2008.12.24	-
TheHacker	6.3.1.4.199	2008.12.23	W32/Behav-Heuristic-060
TrendMicro	8.700.0.1004	2008.12.24	PAK_Generic.006
VBA32	3.12.8.10	2008.12.23	Trojan-PSW.Win32.QQPass.efy
ViRobot	2008.12.24.1533	2008.12.24	-
VirusBuster	4.5.11.0	2008.12.23	Packed/Upack

Additional information
File size: 48360 bytes
MD5...: 98ce99bb088c252d7d084f87ed2a500c
SHA1..: 70d9bcdefc0e1a23efea874a46e4d80800daf32a
SHA256: d6f414e798bde608b368d0c41aff41737c9b641b4b9a802fd717e1d2864fb9b6
SHA512: 8f0b0281c7e4614e31a345a428ae2e3764ef48c2306fea4f94e658645f695d44<BR>13588dc16e2ad43974bf6ec9cdbc0e61644fe1bd5ec3260074570b3725098957<BR>
ssdeep: 768:uMVvp3w/gocWsGh+V4Aq4cEM/9UyIdkqezAS3COSec2KGr0LjVot0g62KRQY<BR>:uMVvp3w/ghWbkq4NMiy6o6ic2KGrAotm<BR>
PEiD..: -
TrID..: File type identification<BR>DOS Executable Generic (100.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x261018<BR>timedatestamp.....: 0x2611b0be (Thu Mar 29 06:52:46 1990)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name        viradd    virsiz   rawdsiz  ntrpy  md5<BR>PS          0x1000   0x69000     0x1f0   5.43  ce40f9782f141f111303501525d8de5e<BR>_Y_        0x6a000   0x13000    0xbae8   7.87  38e69c9cd23df97d12da107e6d2f4a34<BR>__         0x7d000    0x1000     0x1f0   5.43  ce40f9782f141f111303501525d8de5e<BR><BR>( 0 imports )  <BR><BR>( 0 exports ) <BR>
packers (Authentium): UPack
packers (Kaspersky): PE_Patch, UPack
packers (F-Prot): UPack
```

File 0001.exe received on 12.24.2008 10:34:51 (CET)



```
Antivirus	Version	Last Update	Result
a-squared	4.0.0.73	2008.12.24	Backdoor.Bifrose!IK
AhnLab-V3	2008.12.22.0	2008.12.24	-
AntiVir	7.9.0.45	2008.12.24	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.12.24	-
Avast	4.8.1281.0	2008.12.23	-
AVG	8.0.0.199	2008.12.23	Win32/Heur
BitDefender	7.2	2008.12.24	Trojan.Rincux.AW
CAT-QuickHeal	10.00	2008.12.24	(Suspicious) - DNAScan
ClamAV	0.94.1	2008.12.24	-
Comodo	804	2008.12.23	-
DrWeb	4.44.0.09170	2008.12.24	-
eSafe	7.0.17.0	2008.12.23	Suspicious File
eTrust-Vet	31.6.6276	2008.12.24	-
Ewido	4.0	2008.12.23	-
F-Prot	4.4.4.56	2008.12.24	-
F-Secure	8.0.14332.0	2008.12.24	Suspicious:W32/Malware!Gemini
Fortinet	3.117.0.0	2008.12.24	-
GData	19	2008.12.24	Trojan.Rincux.AW
Ikarus	T3.1.1.45.0	2008.12.24	Backdoor.Bifrose
K7AntiVirus	7.10.563	2008.12.23	-
Kaspersky	7.0.0.125	2008.12.24	-
McAfee	5473	2008.12.23	-
McAfee+Artemis	5473	2008.12.23	Generic!Artemis
Microsoft	1.4205	2008.12.24	Trojan:Win32/Agent
NOD32	3715	2008.12.24	-
Norman	5.80.02	2008.12.23	-
Panda	9.0.0.4	2008.12.23	-
PCTools	4.4.2.0	2008.12.23	-
Prevx1	V2	2008.12.24	-
Rising	21.09.22.00	2008.12.24	Backdoor.Win32.DDOS.ev
SecureWeb-Gateway	6.7.6	2008.12.24	Trojan.Crypt.XPACK.Gen
Sophos	4.37.0	2008.12.24	-
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.24	-
TheHacker	6.3.1.4.199	2008.12.23	-
TrendMicro	8.700.0.1004	2008.12.24	-
VBA32	3.12.8.10	2008.12.23	-
ViRobot	2008.12.24.1533	2008.12.24	-
VirusBuster	4.5.11.0	2008.12.23	-

Additional information
File size: 21396 bytes
MD5...: bde49df3cbcf4d06f3a4c245bbae2f0e
SHA1..: 59102419014279f1c39ba91fc2f066aa9a5a7e98
SHA256: e0e3c3d8a1bfee5b907965b2b3616a730e57e79f5b4008ba522ed03afa43b195
SHA512: 282a98a79b5cf7b0f1b0ab6168d51c535115d0a0b4f3bdea9d2914157077f143<BR>eb8d27ad5477f5643a43e2aa493dbca7887bc8e2f2465c6c218e9bb2ea737acd<BR>
ssdeep: 384:XSz2AJknpV5ILyJwhgP8wFYDcV9Vq6EHXnnnnXVmnXXnXXnXXn8MxR8YbcXn<BR>nnnC:XUJkn7TJwhP8aV5nXsXXXXXXrVYnX3nC<BR>
PEiD..: -
TrID..: File type identification<BR>Generic Win/DOS Executable (49.8%)<BR>DOS Executable Generic (49.7%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)<BR>Targa bitmap (Original TGA Format) (0.1%)<BR>MS Flight Simulator Aircraft Performance Info (0.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x4032d6<BR>timedatestamp.....: 0x373898 (Wed Feb 11 21:16:08 1970)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name        viradd    virsiz   rawdsiz  ntrpy  md5<BR>.text       0x1000    0x2502    0x2600   7.98  6799f3ee1ab99e18a67368b0d8d49822<BR>.rdata      0x4000     0xdba     0xe00   7.97  a5db486c5ed67dba7d0af1d89855f069<BR>.data       0x5000   0x3ce04     0x600   7.95  a01c8037745cacc4261ee87e144f8865<BR>.sdffqw    0x42000    0x1594    0x1594   6.77  1cae004626695a37382f7a9f915895e7<BR><BR>( 1 imports )  <BR>&gt; KERNEL32.dll: ExitProcess, Beep<BR><BR>( 0 exports ) <BR>
ThreatExpert info: <A href="http://www.threatexpert.com/report.aspx?md5=bde49df3cbcf4d06f3a4c245bbae2f0e" target="_blank">http://www.threatexpert.com/report.aspx?md5=bde49df3cbcf4d06f3a4c245bbae2f0e</A>
```

----------


## senyak

Файл InstallAVv_880294.exe получен 2008.12.24 14:52:32 (CET)
Текущий статус:   закончено 
Результат: 5/39 (12.83%)



```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.73	2008.12.24	-
AhnLab-V3	2008.12.25.0	2008.12.24	-
AntiVir	7.9.0.45	2008.12.24	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.12.24	-
Avast	4.8.1281.0	2008.12.24	-
AVG	8.0.0.199	2008.12.24	-
BitDefender	7.2	2008.12.24	-
CAT-QuickHeal	10.00	2008.12.24	-
ClamAV	0.94.1	2008.12.24	-
Comodo	809	2008.12.24	-
DrWeb	4.44.0.09170	2008.12.24	-
eSafe	7.0.17.0	2008.12.23	-
eTrust-Vet	31.6.6276	2008.12.24	-
Ewido	4.0	2008.12.24	-
F-Prot	4.4.4.56	2008.12.24	-
F-Secure	8.0.14332.0	2008.12.24	Trojan-Downloader.Win32.FraudLoad.vepo
Fortinet	3.117.0.0	2008.12.24	-
GData	19	2008.12.24	-
Ikarus	T3.1.1.45.0	2008.12.24	-
K7AntiVirus	7.10.564	2008.12.24	-
Kaspersky	7.0.0.125	2008.12.24	Trojan-Downloader.Win32.FraudLoad.vepo
McAfee	5473	2008.12.23	-
McAfee+Artemis	5473	2008.12.23	-
Microsoft	1.4205	2008.12.24	-
NOD32	3716	2008.12.24	-
Norman	5.80.02	2008.12.23	-
Panda	9.0.0.4	2008.12.24	-
PCTools	4.4.2.0	2008.12.24	-
Prevx1	V2	2008.12.24	Fraudulent Security Program
Rising	21.09.22.00	2008.12.24	-
SecureWeb-Gateway	6.7.6	2008.12.24	Trojan.Crypt.XPACK.Gen
Sophos	4.37.0	2008.12.24	-
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.24	-
TheHacker	6.3.1.4.199	2008.12.23	-
TrendMicro	8.700.0.1004	2008.12.24	-
VBA32	3.12.8.10	2008.12.23	-
ViRobot	2008.12.24.1534	2008.12.24	-
VirusBuster	4.5.11.0	2008.12.24	-
```

Дополнительная информация
File size: 126976 bytes
MD5...: b486518c2aeda4c0dcdbaca4a061bd1e
SHA1..: 77f72f5feb2d1be02049197fb331fcf7e00da8e3
SHA256: 5a21d6f8f556f688e8829ff1c03c08a370aa15febe7174bd44  b35ddc2a10021b
SHA512: 7f293e0150ff4e95a1fd872dd31bf8f57b74fdd0fa47632e0b  8f6945bd373767
497b8d8ee32eb0b5c7219b92261f7525c46d6190aa57be78c3  abe03b0defec77
ssdeep: 1536:rGMf78rLmBMWP4pNm6EaFOk4xuqFIxMIelYu8ksYANGgV  9waPgO:rqLm1x3
kyKfNGs9waP
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
PEInfo: PE Structure information

*Добавлено через 10 часов 19 минут*

Файл 013 получен 2008.12.25 01:26:40 (CET)
Текущий статус:   закончено 
Результат: 4/39 (10.26%)




> Антивирус	Версия	Обновление	Результат
> a-squared	4.0.0.73	2008.12.24	-
> AhnLab-V3	2008.12.25.0	2008.12.25	-
> AntiVir	7.9.0.45	2008.12.24	-
> Authentium	5.1.0.4	2008.12.24	-
> Avast	4.8.1281.0	2008.12.24	-
> AVG	8.0.0.199	2008.12.24	-
> BitDefender	7.2	2008.12.25	-
> CAT-QuickHeal	10.00	2008.12.24	-
> ...


Дополнительная информация
File size: 123392 bytes
MD5...: b66b6ee78cb727fb2e006ff70ae29c2c
SHA1..: 48c47d6b404b0dfd4b28d1d259b7ad213d2d19b7
SHA256: 919ca217f10841f9850f81ddcd66ab5825c6ccbdda9c4d08c3  83e647df5257cb
SHA512: 9db0b6ba0976cee4ac11153440a8f6bba46fdb0349473fd1bd  fbc6f98ae1e6cf
622db784a50e09a4dc65a7030161f52207c4d1732c4814c92a  3b107ad0cdac66
ssdeep: 3072:sXJbIA7dlf/CKmusfsJXflHji57VPJT45Oeakm2Wm8UgQ:sPlfifsZflDW7
VPJUYeC27g
PEiD..: -



Файл 123 получен 2008.12.25 01:28:31 (CET)
Текущий статус:   закончено 
Результат: 3/39 (7.7%)




> Антивирус	Версия	Обновление	Результат
> a-squared	4.0.0.73	2008.12.24	-
> AhnLab-V3	2008.12.25.0	2008.12.25	-
> *AntiVir	7.9.0.45	2008.12.24	HEUR/HTML.Malware*
> Authentium	5.1.0.4	2008.12.24	-
> Avast	4.8.1281.0	2008.12.24	-
> AVG	8.0.0.199	2008.12.24	-
> BitDefender	7.2	2008.12.25	-
> CAT-QuickHeal	10.00	2008.12.24	-
> ...


Дополнительная информация
File size: 6337 bytes
MD5...: 811a08c39ec469f69d5fe5707ca75e06
SHA1..: c00815cf1d42cb23f0ab00083df697a46c83bd86
SHA256: 43663188b7bed172bbd04c39d4c16d8b1a7de354c08a97be84  0d47ef2d004d22
SHA512: 9afc18ae38b4719b769f72e391f7a5b8fbc182cbab3eb802b0  ba68cb19b3ce27
146a7bd0f3d91541021d5f771b903ea2f4f1cf75d4444326ad  2cbbf3d0833107
ssdeep: 192:53yPKA6lw/RPTmeX+RJcOR3aS0MCk4sSAq1:/lgIDcOR3aFrbSy
PEiD..: -
TrID..: File type identification
GZipped File (100.0%)
PEInfo: -
packers (F-Prot): packed

----------


## Shu_b

File ethtuhbi.sys received on 12.25.2008 10:55:13 (CET)


```
Antivirus	Version	Last Update	Result
a-squared	4.0.0.73	2008.12.25	-
AhnLab-V3	2008.12.25.0	2008.12.25	-
AntiVir	7.9.0.45	2008.12.24	-
Authentium	5.1.0.4	2008.12.25	W32/SpamAgent.B.gen!Eldorado
Avast	4.8.1281.0	2008.12.24	-
AVG	8.0.0.199	2008.12.24	-
BitDefender	7.2	2008.12.25	-
CAT-QuickHeal	10.00	2008.12.24	-
ClamAV	0.94.1	2008.12.24	-
Comodo	811	2008.12.25	-
DrWeb	4.44.0.09170	2008.12.25	-
eSafe	7.0.17.0	2008.12.24	-
eTrust-Vet	31.6.6276	2008.12.24	-
Ewido	4.0	2008.12.24	-
F-Prot	4.4.4.56	2008.12.24	W32/SpamAgent.B.gen!Eldorado
F-Secure	8.0.14332.0	2008.12.25	-
Fortinet	3.117.0.0	2008.12.25	-
GData	19	2008.12.25	-
Ikarus	T3.1.1.45.0	2008.12.25	-
K7AntiVirus	7.10.564	2008.12.24	-
Kaspersky	7.0.0.125	2008.12.25	-
McAfee	5474	2008.12.24	-
McAfee+Artemis	5474	2008.12.24	-
Microsoft	1.4205	2008.12.25	Spammer:Win32/Rlsloup.B
NOD32	3716	2008.12.24	-
Norman	5.80.02	2008.12.24	-
Panda	9.0.0.4	2008.12.24	-
PCTools	4.4.2.0	2008.12.24	-
Prevx1	V2	2008.12.25	-
Rising	21.09.32.00	2008.12.25	-
SecureWeb-Gateway	6.7.6	2008.12.24	Win32.LooksLike.NewMalware
Sophos	4.37.0	2008.12.25	-
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.25	-
TheHacker	6.3.1.4.199	2008.12.23	-
TrendMicro	8.700.0.1004	2008.12.25	-
VBA32	3.12.8.10	2008.12.24	-
ViRobot	2008.12.24.1534	2008.12.24	-
VirusBuster	4.5.11.0	2008.12.24	-
```

Additional information
File size: 135616 bytes
MD5...: 16b0de9de1433d3be401c72d128d02ab

----------


## PavelA

Из http://virusinfo.info/showthread.php?t=36231
Файл avz00003.dta (c:\windows\system32\iasapi.dll) получен 2008.12.26 14:43:06 (CET)Антивирус Версия Обновление Результат


```
 
a-squared 4.0.0.73 2008.12.26 Virus.Win32.Dialer.1313!IK 
AhnLab-V3 2008.12.25.0 2008.12.26 - 
AntiVir 7.9.0.45 2008.12.25 - 
Authentium 5.1.0.4 2008.12.25 W32/Heuristic-KPP!Eldorado 
Avast 4.8.1281.0 2008.12.26 - 
AVG 8.0.0.199 2008.12.25 - 
BitDefender 7.2 2008.12.26 - 
CAT-QuickHeal 10.00 2008.12.26 - 
ClamAV 0.94.1 2008.12.26 - 
Comodo 819 2008.12.26 - 
DrWeb 4.44.0.09170 2008.12.26 - 
eSafe 7.0.17.0 2008.12.24 - 
eTrust-Vet 31.6.6276 2008.12.24 - 
Ewido 4.0 2008.12.26 - 
F-Prot 4.4.4.56 2008.12.24 W32/Heuristic-KPP!Eldorado
F-Secure 8.0.14332.0 2008.12.26 - 
Fortinet 3.117.0.0 2008.12.26 - 
GData 19 2008.12.26 - 
Ikarus T3.1.1.45.0 2008.12.26 Virus.Win32.Dialer.1313 
K7AntiVirus 7.10.567 2008.12.26 - 
Kaspersky 7.0.0.125 2008.12.26 - 
McAfee 5474 2008.12.24 - 
McAfee+Artemis 5474 2008.12.24 - 
Microsoft 1.4205 2008.12.26 - 
NOD32 3718 2008.12.26 - 
Norman 5.80.02 2008.12.26 - 
Panda 9.0.0.4 2008.12.26 Suspicious file 
PCTools 4.4.2.0 2008.12.26 - 
Prevx1 V2 2008.12.26 - 
Rising 21.09.42.00 2008.12.26 Backdoor.Win32.Drwolf.sp 
SecureWeb-Gateway 6.7.6 2008.12.25 - 
Sophos 4.37.0 2008.12.26 - 
Sunbelt 3.2.1809.2 2008.12.22 - 
Symantec 10 2008.12.26 - 
TheHacker 6.3.1.4.199 2008.12.23 - 
TrendMicro 8.700.0.1004 2008.12.26 - 
VBA32 3.12.8.10 2008.12.25 - 
ViRobot 2008.12.26.1536 2008.12.26 - 
VirusBuster 4.5.11.0 2008.12.25 -
```

----------


## senyak

Файл spyprotector_install.exe получен 2008.12.27 20:19:25 (CET)
Текущий статус:    закончено 
Результат: 8/39 (20.52%)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.73	2008.12.27	Trojan.Win32.FakePowav!IK
AhnLab-V3	2008.12.25.0	2008.12.27	-
AntiVir	7.9.0.45	2008.12.27	-
Authentium	5.1.0.4	2008.12.27	-
Avast	4.8.1281.0	2008.12.27	-
AVG	8.0.0.199	2008.12.26	-
BitDefender	7.2	2008.12.27	-
CAT-QuickHeal	10.00	2008.12.27	-
ClamAV	0.94.1	2008.12.27	-
Comodo	826	2008.12.27	-
DrWeb	4.44.0.09170	2008.12.27	-
eSafe	7.0.17.0	2008.12.24	-
eTrust-Vet	31.6.6276	2008.12.24	-
Ewido	4.0	2008.12.27	-
F-Prot	4.4.4.56	2008.12.26	-
F-Secure	8.0.14332.0	2008.12.27	-
Fortinet	3.117.0.0	2008.12.27	-
GData	19	2008.12.27	-
Ikarus	T3.1.1.45.0	2008.12.27	Trojan.Win32.FakePowav
K7AntiVirus	7.10.568	2008.12.27	-
Kaspersky	7.0.0.125	2008.12.27	Trojan-Downloader.Win32.FraudLoad.veuz
McAfee	5476	2008.12.27	-
McAfee+Artemis	5476	2008.12.27	Generic!Artemis
Microsoft	1.4205	2008.12.27	Trojan:Win32/FakePowav
NOD32	3719	2008.12.27	-
Norman	5.80.02	2008.12.26	-
Panda	9.0.0.4	2008.12.27	Suspicious file
PCTools	4.4.2.0	2008.12.27	-
Prevx1	V2	2008.12.27	-
Rising	21.09.52.00	2008.12.27	-
SecureWeb-Gateway	6.7.6	2008.12.27	-
Sophos	4.37.0	2008.12.27	-
Sunbelt	3.2.1809.2	2008.12.22	SpyProtector
Symantec	10	2008.12.27	-
TheHacker	6.3.1.4.200	2008.12.26	-
TrendMicro	8.700.0.1004	2008.12.26	-
VBA32	3.12.8.10	2008.12.27	suspected of Win32.Trojan.Downloader (http://...)
ViRobot	2008.12.26.1536	2008.12.26	-
VirusBuster	4.5.11.0	2008.12.27	-
```

Дополнительная информация
File size: 40960 bytes
MD5...: 40679e7b2a24ce3d77c03cab6825afd3
SHA1..: 6d69883bbe07c5299d4bb451fde1b15e2043e089
SHA256: 0cbaa8bd54a9e128b0d9ca8abc97625c6bfbfd6bbe00125976  89786e7083900e
SHA512: 48d855acff787c54e3dedd8a5039d71358e925fac61dbbc701  b62c66c997c1bc
c7681e86baa50745ded62fe83ddbaacd15b6811f2814b2b76d  a7ac548894887b
ssdeep: 384:Xd9gNeB1Gn3yRdYlr9EWvwsbsGmlBDAQ0F21xulpdGagoe  raMDUdlCy:s4B1
G3Yd2r9F490F21xOpUZollC
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

----------


## PavelA

userinit.exe вот такой попался в  "Помогите!"


```
Антивирус Версия Обновление Результат 
a-squared 4.0.0.73 2008.12.30 - 
AhnLab-V3 2008.12.30.2 2008.12.30 - 
AntiVir 7.9.0.45 2008.12.30 TR/Crypt.FKM.Gen 
Authentium 5.1.0.4 2008.12.29 - 
Avast 4.8.1281.0 2008.12.29 - 
AVG 8.0.0.199 2008.12.29 - 
BitDefender 7.2 2008.12.30 DeepScan:Generic.Malware.FPB.E71D9A1E 
CAT-QuickHeal 10.00 2008.12.30 (Suspicious) - DNAScan 
ClamAV 0.94.1 2008.12.30 - 
Comodo 837 2008.12.29 - 
DrWeb 4.44.0.09170 2008.12.30 - 
eSafe 7.0.17.0 2008.12.28 Suspicious File 
eTrust-Vet 31.6.6281 2008.12.29 - 
Ewido 4.0 2008.12.30 - 
F-Prot 4.4.4.56 2008.12.29 - 
F-Secure 8.0.14470.0 2008.12.30 - 
Fortinet 3.117.0.0 2008.12.30 - 
GData 19 2008.12.30 DeepScan:Generic.Malware.FPB.E71D9A1E 
Ikarus T3.1.1.45.0 2008.12.30 - 
K7AntiVirus 7.10.569 2008.12.29 - 
Kaspersky 7.0.0.125 2008.12.30 - 
McAfee 5478 2008.12.29 - 
McAfee+Artemis 5478 2008.12.29 - 
Microsoft 1.4205 2008.12.30 - 
NOD32 3722 2008.12.29 - 
Norman 5.80.02 2008.12.29 - 
Panda 9.0.0.4 2008.12.29 - 
PCTools 4.4.2.0 2008.12.29 Packed/Execryptor 
Prevx1 V2 2008.12.30 - 
Rising 21.10.12.00 2008.12.30 - 
SecureWeb-Gateway 6.7.6 2008.12.30 Trojan.Crypt.FKM.Gen 
Sophos 4.37.0 2008.12.30 - 
Sunbelt 3.2.1809.2 2008.12.22 - 
Symantec 10 2008.12.30 - 
TheHacker 6.3.1.4.202 2008.12.30 - 
TrendMicro 8.700.0.1004 2008.12.30 - 
VBA32 3.12.8.10 2008.12.30 BScope.Trojan-PSW.OnlineGames 
ViRobot 2008.12.30.1540 2008.12.30 - 
VirusBuster 4.5.11.0 2008.12.29 Packed
```

----------


## Shu_b

File msqpdxymrdbbml.sys received on 12.31.2008 10:50:27 (CET)


```
Antivirus	Version	Last Update	Result
a-squared	4.0.0.73	2008.12.31	-
AhnLab-V3	2008.12.31.0	2008.12.31	-
AntiVir	7.9.0.45	2008.12.31	-
Authentium	5.1.0.4	2008.12.30	-
Avast	4.8.1281.0	2008.12.30	-
AVG	8.0.0.199	2008.12.30	-
BitDefender	7.2	2008.12.31	-
CAT-QuickHeal	10.00	2008.12.31	-
ClamAV	0.94.1	2008.12.31	-
Comodo	851	2008.12.31	-
DrWeb	4.44.0.09170	2008.12.31	-
eSafe	7.0.17.0	2008.12.30	Suspicious File
eTrust-Vet	31.6.6284	2008.12.31	-
Ewido	4.0	2008.12.30	-
F-Prot	4.4.4.56	2008.12.30	-
F-Secure	8.0.14470.0	2008.12.31	-
Fortinet	3.117.0.0	2008.12.31	-
GData	19	2008.12.31	-
Ikarus	T3.1.1.45.0	2008.12.31	-
K7AntiVirus	7.10.571	2008.12.30	-
Kaspersky	7.0.0.125	2008.12.31	Trojan.Win32.Pakes.mmb
McAfee	5479	2008.12.30	-
McAfee+Artemis	5479	2008.12.30	-
Microsoft	1.4205	2008.12.31	Trojan:WinNT/Alureon.C
NOD32	3725	2008.12.31	-
Norman	5.80.02	2008.12.30	-
Panda	9.0.0.4	2008.12.30	-
PCTools	4.4.2.0	2008.12.30	-
Prevx1	V2	2008.12.31	-
Rising	21.10.22.00	2008.12.31	-
SecureWeb-Gateway	6.7.6	2008.12.31	Trojan.LooksLike.Agent
Sophos	4.37.0	2008.12.31	-
Sunbelt	3.2.1809.2	2008.12.22	-
Symantec	10	2008.12.31	-
TheHacker	6.3.1.4.202	2008.12.30	-
TrendMicro	8.700.0.1004	2008.12.31	-
VBA32	3.12.8.10	2008.12.30	-
ViRobot	2008.12.30.1540	2008.12.31	-
VirusBuster	4.5.11.0	2008.12.30	-
```

Additional information
File size: 71680 bytes
MD5...: 22bab406e1d25cb3dd45480e96cd3dd7

*Добавлено через 2 минуты*

File twex.exe received on 12.31.2008 10:58:38 (CET)


```
Antivirus	Version	Last Update	Result
a-squared	4.0.0.73	2008.12.31	-
AhnLab-V3	2008.12.31.0	2008.12.31	-
AntiVir	7.9.0.45	2008.12.31	-
Authentium	5.1.0.4	2008.12.30	-
Avast	4.8.1281.0	2008.12.30	-
AVG	8.0.0.199	2008.12.30	Win32/Cryptor
BitDefender	7.2	2008.12.31	-
CAT-QuickHeal	10.00	2008.12.31	-
ClamAV	0.94.1	2008.12.31	-
Comodo	851	2008.12.31	-
DrWeb	4.44.0.09170	2008.12.31	-
eTrust-Vet	31.6.6284	2008.12.31	-
Ewido	4.0	2008.12.30	-
F-Prot	4.4.4.56	2008.12.30	-
F-Secure	8.0.14470.0	2008.12.31	-
Fortinet	3.117.0.0	2008.12.31	-
GData	19	2008.12.31	-
Ikarus	T3.1.1.45.0	2008.12.31	-
K7AntiVirus	7.10.571	2008.12.30	-
Kaspersky	7.0.0.125	2008.12.31	Trojan-Spy.Win32.Zbot.jbq
McAfee	5479	2008.12.30	-
McAfee+Artemis	5479	2008.12.30	-
Microsoft	1.4205	2008.12.31	Trojan:Win32/Zbot.BX
NOD32	3725	2008.12.31	-
Norman	5.80.02	2008.12.30	W32/Malware.EXHS
Panda	9.0.0.4	2008.12.30	-
PCTools	4.4.2.0	2008.12.30	-
Prevx1	V2	2008.12.31	-
Rising	21.10.22.00	2008.12.31	-
SecureWeb-Gateway	6.7.6	2008.12.31	-
Sophos	4.37.0	2008.12.31	-
Sunbelt	3.2.1809.2	2008.12.22	RiskTool.Win32.ProcessPatcher.Nor!cobra (v)
Symantec	10	2008.12.31	Infostealer.Banker.C
TheHacker	6.3.1.4.202	2008.12.30	-
TrendMicro	8.700.0.1004	2008.12.31	-
VBA32	3.12.8.10	2008.12.30	Trojan-Spy.Win32.Zbot.iva
ViRobot	2008.12.30.1540	2008.12.31	-
VirusBuster	4.5.11.0	2008.12.30	-
```

Additional information
File size: 313344 bytes
MD5...: 0f01dcbbbf388a636a6126aa27a7eefd

----------


## senyak

Файл keymaker.exe получен 2008.12.31 12:14:14 (CET)
Текущий статус:  закончено 
Результат: 19/38 (50%)



> Антивирус	Версия	Обновление	Результат
> *a-squared	4.0.0.73	2008.12.31	Trojan.Crypt!IK*
> AhnLab-V3	2008.12.31.0	2008.12.31	-
> *AntiVir	7.9.0.45	2008.12.31	TR/PCK.Black.A.1550*
> Authentium	5.1.0.4	2008.12.30	-
> *Avast	4.8.1281.0	2008.12.30	Win32:Trojan-gen {Other}
> AVG	8.0.0.199	2008.12.31	Win32/Themida
> BitDefender	7.2	2008.12.31	Trojan.Packed.45180*
> CAT-QuickHeal	10.00	2008.12.31	-
> ...


Дополнительная информация
File size: 3548672 bytes
MD5...: 3af1caa3206f513a77da611090f40aaf
SHA1..: 118e9d68783914b1c43514b1e9ea1f4b47c3a2de
SHA256: 910aefe6873d1927c88a5ab5a325112c69365031793d063aa1  1c2482081bd801
SHA512: e7ce86335b5d601273b21af12102531846463be3fe69e996ca  3d5f14254db4f6
d65edddb4a98b89af63cac122b1eb20d87be7f83b3f5eef977  7d3d9f98d1a1de
ssdeep: 98304:7IHZSbtE2IikOAY9Q5BzxYWZlV+tG5JhiyTcrBb5p:UH  ZSy2Ii/9ABNV+t
Gp89b5p
PEiD..: -

----------


## Shu_b

итого за декабрь:

----------


## senyak

Файл Patch_AML_v472_b30400.exe получен 2009.01.02 04:09:50 (CET)
Текущий статус:   закончено 
Результат: 14/38 (36.85%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.0.0.73	2008.12.31	-
> AhnLab-V3	2008.12.31.0	2009.01.01	-
> AntiVir	7.9.0.45	2009.01.01	-
> *Authentium	5.1.0.4	2009.01.01	W32/Heuristic-210!Eldorado
> Avast	4.8.1281.0	2009.01.01	Win32:Adware-gen*
> AVG	8.0.0.199	2008.12.31	-
> BitDefender	7.2	2009.01.02	-
> *CAT-QuickHeal	10.00	2009.01.02	(Suspicious) - DNAScan*
> ...


Дополнительная информация
File size: 411648 bytes
MD5...: f0cfc6ddbcf829cbeae1e1978e0d7d50
SHA1..: 8f1f1727c1481ac551409972bd7bb2c236fd77ff
SHA256: fecb0a5defe81c65665af042ce058786e49aaa3ee3de7388fa  24196947ed1808
SHA512: 61c15d34efa6c62979978af2518c1596a258ae0d683bc1e4fb  0822d8e1f92265
69f439427be517587854d51808f0389006cdb23eeb192c1e0f  8064884f4e9246
ssdeep: 12288:TZwCT33yW+yimmz2gXFo6nmNtTirdMwEoQK:twCDyW+W  42WeTEdMw3d
PEiD..: ASProtect v1.23 RC1

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## antanta

bobmid.exe , выловлен 30-го декабря прошлого года.




> Антивирус    Версия    Обновление    Результат
> *a-squared    4.0.0.73    2009.01.03    MemScanTrojan.Downloader.JKFL!IK*
> AhnLab-V3    2008.12.31.0    2009.01.02    -
> *AntiVir    7.9.0.45    2009.01.02    HEUR/Crypted*
> *Authentium    5.1.0.4    2009.01.02    W32/Heuristic-THX!Eldorado*
> *Avast    4.8.1281.0    2009.01.03    Win32:Trojan-gen {Other}*
> AVG    8.0.0.199    2009.01.02    -
> BitDefender    7.2    2009.01.03    -
> *CAT-QuickHeal    10.00    2009.01.03    (Suspicious) - DNAScan*
> ...


ЗЫ: А что делать с файлами, которые 99,99 % зловреды, и при этом никем не определяются? Каждый час их закидывать на virustotal, чтобы увидеть, кто первым в базы занес?  :Smiley:

----------


## senyak

Файл autorun21 получен 2009.01.03 14:25:56 (CET)
Текущий статус:     закончено 
Результат: 19/36 (52.78%)



> Антивирус	Версия	Обновление	Результат
> *a-squared	4.0.0.73	2009.01.03	Worm.Win32.AutoRun!IK*
> AhnLab-V3	2008.12.31.0	2009.01.03	-
> *AntiVir	7.9.0.45	2009.01.02	TR/Autorun.LD
> Authentium	5.1.0.4	2009.01.03	IS/Autorun
> Avast	4.8.1281.0	2009.01.03	Win32:AutoRun-HL*
> AVG	8.0.0.199	2009.01.02	-
> *BitDefender	7.2	2009.01.03	Trojan.Autorun.LD*
> CAT-QuickHeal	10.00	2009.01.03	-
> ...


Дополнительная информация
File size: 315 bytes
MD5...: 57a9674adaea24a4a7d9d33b77438141
SHA1..: d9730e3b9c8322cfd3d758c455a169c4d8ce8324
SHA256: 43e8a337f8aa86644f21d8c9f80ca5ff9a2240756037f86a39  7b43255167f0eb
SHA512: b3a5c92f240231da4796b30b4e9399487d19ef5cb64d28ac48  6a6098e55c0d91
980369f31665b59f5c9ed58404372dae655e25b49853f600f3  6828e08192d8b4
ssdeep: 6:e1KhiDqsrV6q0TMWcWuFH6voq6swZ1wZewWcWuFHHeCyry :borred: wNyMRIw3wQwRne

----------


## antanta

Файл TXPlatform.exe получен 2009.01.03 17:29:29 (CET)
Текущий статус:   закончено 
Результат: 12/38 (31.58%)




> Антивирус	Версия	Обновление	Результат
> a-squared	4.0.0.73	2009.01.03	-
> *AhnLab-V3	2008.12.31.0	2009.01.03	Win32/MalPackedB.suspicious
> AntiVir	7.9.0.45	2009.01.02	TR/Crypt.XPACK.Gen*
> Authentium	5.1.0.4	2009.01.03	-
> *Avast	4.8.1281.0	2009.01.03	Win32:Adware-gen
> AVG	8.0.0.199	2009.01.02	Win32/Heur*
> *BitDefender	7.2	2009.01.03	Backdoor.Hupigon.AYGZ*
> CAT-QuickHeal	10.00	2009.01.03	-
> ...


*Добавлено через 6 минут*

Файл LBXQFASTABPDN.EXE получен 2009.01.03 17:38:55 (CET)
Текущий статус:    закончено 
Результат: 15/38 (39.48%)




> Антивирус	Версия	Обновление	Результат
> *a-squared	4.0.0.73	2008.12.31	Virus.Win32.Agent.OQV!IK*
> AhnLab-V3	2008.12.31.0	2009.01.03	-
> *AntiVir	7.9.0.45	2009.01.02	TR/Crypt.CFI.Gen*
> Authentium	5.1.0.4	2009.01.03	-
> *Avast	4.8.1281.0	2009.01.03	Win32:Agent-OQV
> AVG	8.0.0.199	2008.12.31	Generic3.AFDC*
> *BitDefender	7.2	2009.01.03	Dropped:Adware.AdMoke.FA*
> CAT-QuickHeal	10.00	2009.01.03	-
> ...


*Добавлено через 2 часа 28 минут*

Встречаем братца.



> Файл LBXQFASTABPDN.EXE получен 2009.01.03 17:38:55 (CET)
> Текущий статус: закончено 
> Результат: 15/38 (39.47%)
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> *a-squared	4.0.0.73	2008.12.31	Virus.Win32.Agent.OQV!IK*
> AhnLab-V3	2008.12.31.0	2009.01.03	-
> *AntiVir	7.9.0.45	2009.01.02	TR/Crypt.CFI.Gen*
> Authentium	5.1.0.4	2009.01.03	-
> ...


*Добавлено через 51 минуту*

Обратите внимание, Касперкому ведом сей упаковшик... Я фшоке




> Файл zyndle081223.exe получен 2009.01.03 20:52:41 (CET)
> Текущий статус:    закончено 
> Результат: 31/38 (81.58%) 
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> *a-squared	4.0.0.73	2009.01.03	Backdoor.Rbot!IK*
> AhnLab-V3	2008.12.31.0	2009.01.03	-
> *AntiVir	7.9.0.45	2009.01.02	TR/Dropper.Gen
> Authentium	5.1.0.4	2009.01.03	W32/Heuristic-210!Eldorado
> ...


*Добавлено через 11 минут*

Groft, извини, критика была не от тебя :-)

----------


## senyak

Файл 123 получен 2009.01.04 02:53:26 (CET)
Текущий статус:    закончено 
Результат: 4/38 (10.53%)



> Антивирус	Версия	Обновление	Результат
> *a-squared	4.0.0.73	2009.01.03	Trojan-SMS!IK*
> AhnLab-V3	2008.12.31.0	2009.01.03	-
> AntiVir	7.9.0.45	2009.01.03	-
> Authentium	5.1.0.4	2009.01.03	-
> Avast	4.8.1281.0	2009.01.03	-
> AVG	8.0.0.199	2009.01.03	-
> BitDefender	7.2	2009.01.04	-
> CAT-QuickHeal	10.00	2009.01.03	-
> ...


Дополнительная информация
File size: 2724 bytes
MD5...: fc1e1f0611b0f5b240696fd6aa8e805c
SHA1..: f57c1be1b01ed68b7c61865c81cefd7ab95c7182
SHA256: d5e338df336e02149a1ba376ebc1e2091e4a05c9c9f470a2e1  152582ee092dd1
SHA512: 1984fa19f4bb5a709338c86c948c9447bf15621b408105bdbf  be54951ebd6609
1732b611afff2b7daa7cce1dcda9ad4ab0927e91bc793f5f78  bc60812734e75d
ssdeep: 48:BiLvqFZ84Sx8scqQOT/gIzANMJvyfHS+b9NpBcpf/9e3oUMH:BiWR/xOc8ANk
Qy+bFBcpfFqJMH
PEiD..: -

----------


## antanta

Не спать! Косить!



> Файл zU.exe получен 2009.01.04 09:05:49 (CET)
> 
> 
> ```
> Антивирус Версия Обновление Результат 
> a-squared 4.0.0.73 2009.01.03 Trojan-Clicker.Win32.Klik!IK 
> AhnLab-V3 2008.12.31.0 2009.01.03 Win-Trojan/Fakeav.9728 
> AntiVir 7.9.0.45 2009.01.03 TR/Fakealert.ane.44 
> Authentium 5.1.0.4 2009.01.03 - 
> ...


*Добавлено через 4 минуты*

Продолжимс. 



> Файл runsql.exe получен 2009.01.04 09:13:48 (CET)
> 
> 
> ```
> Антивирус Версия Обновление Результат 
> a-squared 4.0.0.73 2009.01.03 Trojan-Clicker.Win32.Klik!IK 
> AhnLab-V3 2008.12.31.0 2009.01.03 Win-Trojan/Fakeav.9728 
> AntiVir 7.9.0.45 2009.01.03 TR/Dropper.Gen 
> Authentium 5.1.0.4 2009.01.03 - 
> ...

----------


## kvit

```
a-squared	4.0.0.73	2009.01.03	Win32.SuspectCrc!IK
AhnLab-V3	2008.12.31.0	2009.01.03	-
AntiVir	7.9.0.45	2009.01.03	TR/Crypt.XDR.Gen
Authentium	5.1.0.4	2009.01.03	-
Avast	4.8.1281.0	2009.01.03	Win32:Trojan-gen {Other}
AVG	8.0.0.199	2009.01.03	Generic12.AIDL
BitDefender	7.2	2009.01.04	Dropped:Trojan.Generic.1267262
CAT-QuickHeal	10.00	2009.01.03	-
ClamAV	0.94.1	2009.01.04	-
Comodo	869	2009.01.03	-
DrWeb	4.44.0.09170	2009.01.04	Trojan.MulDrop.29356
eTrust-Vet	31.6.6289	2009.01.02	-
Ewido	4.0	2008.12.31	-
F-Prot	4.4.4.56	2009.01.03	-
F-Secure	8.0.14470.0	2009.01.04	-
Fortinet	3.117.0.0	2009.01.04	PossibleThreat
GData	19	2009.01.04	Dropped:Trojan.Generic.1267262
Ikarus	T3.1.1.45.0	2009.01.03	Win32.SuspectCrc
K7AntiVirus	7.10.575	2009.01.03	-
Kaspersky	7.0.0.125	2009.01.04	Trojan.Win32.VB.ihj
McAfee	5483	2009.01.03	-
McAfee+Artemis	5483	2009.01.03	Generic!Artemis
Microsoft	1.4205	2009.01.04	-
NOD32	3734	2009.01.03	a variant of Win32/Injector.GL
Norman	5.80.02	2009.01.02	W32/Smalltroj.KBEI
Panda	9.0.0.4	2009.01.03	Suspicious file
PCTools	4.4.2.0	2009.01.03	-
Prevx1	V2	2009.01.04	-
Rising	21.10.62.00	2009.01.04	-
SecureWeb-Gateway	6.7.6	2009.01.03	Trojan.Crypt.XDR.Gen
Sophos	4.37.0	2009.01.04	Sus/Behav-1018
Sunbelt	3.2.1809.2	2008.12.22	BehavesLike.Win32.Malware (v)
Symantec	10	2009.01.04	-
TheHacker	6.3.1.4.204	2009.01.02	-
TrendMicro	8.700.0.1004	2009.01.04	-
VBA32	3.12.8.10	2009.01.03	-
ViRobot	2009.1.3.1541	2009.01.03	-
VirusBuster	4.5.11.0	2009.01.03	-
```

Дополнительная информация
File size: 792256 bytes
MD5...: a19d9ce5f4c3e1cb58a5b828b125afa6
SHA1..: 9947b55d8bfae5033ae7c7b8b01e36d2d6dda6cf
SHA256: 9aa6df47bf19f8ac113acb4caa0dcc5f18444671f702a20b20  34af97a5d59069
SHA512: fc2bd9e8c527f9f6c4e8fb34803fee36363e1036a320631ccf  0d739f496480a4
7f621ac4de1d46c09427141b65f76370d00365b9042f63e92d  623a9961dc01d4

----------


## Aleksandra

Файл *tLBq.exe* получен 2009.01.06 19:27:13 (CET)




> *a-squared     4.0.0.73     2009.01.06     Trojan-Spy.Win32.Zbot.djy!IK
> AhnLab-V3     2009.1.6.3     2009.01.06     Win32/IRCBot.worm.variant
> AntiVir     7.9.0.45     2009.01.06     TR/Crypt.XPACK.Gen
> Authentium     5.1.0.4     2009.01.05     W32/Trojan2.CKMB
> Avast     4.8.1281.0     2009.01.06     Win32bot-AIO
> AVG     8.0.0.199     2009.01.06     Win32/Heur
> BitDefender     7.2     2009.01.06     Trojan.Wsnpoem.K*
> CAT-QuickHeal     10.00     2009.01.06     -
> *ClamAV     0.94.1     2009.01.06     Trojan.Zbot-1823*
> ...


Дополнительная информация
File size: 49624 bytes
MD5...: bc1432c0b30fc6fb41ca94ce116a9dc6

----------


## Black Angel

Файл key.EXE получен 2009.01.09 14:35:56 (CET)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.73	2009.01.09	Tool.DOS.SimulatedVirus.B!IK
AhnLab-V3	2009.1.9.2	2009.01.09	-
AntiVir	7.9.0.45	2009.01.09	SPR/Fake.CscSimX
Authentium	5.1.0.4	2009.01.08	-
Avast	4.8.1281.0	2009.01.08	-
AVG	8.0.0.229	2009.01.09	DOS.Generic_c.J
BitDefender	7.2	2009.01.09	Application.Viremul.B
CAT-QuickHeal	10.00	2009.01.09	-
ClamAV	0.94.1	2009.01.09	DOS.Simulated.Virus
Comodo	895	2009.01.08	Application.SimulatedVir
DrWeb	4.44.0.09170	2009.01.09	Tool.VirEmul
eSafe	7.0.17.0	2009.01.08	Dos.4907
eTrust-Vet	31.6.6299	2009.01.09	-
F-Prot	4.4.4.56	2009.01.08	-
F-Secure	8.0.14470.0	2009.01.09	-
Fortinet	3.117.0.0	2009.01.09	Misc/Simulated
GData	19	2009.01.09	Application.Viremul.B
Ikarus	T3.1.1.45.0	2009.01.09	Tool.DOS.SimulatedVirus.B
K7AntiVirus	7.10.584	2009.01.09	-
Kaspersky	7.0.0.125	2009.01.09	-
McAfee	5489	2009.01.08	potentially unwanted program Simulated Virus
McAfee+Artemis	5489	2009.01.08	potentially unwanted program Simulated Virus
Microsoft	1.4205	2009.01.09	Tool:DOS/SimulatedVirus.B
NOD32	3754	2009.01.09	SimulatedVir
Norman	5.99.02	2009.01.09	-
Panda	9.4.3.3	2009.01.09	Lepe.2818
PCTools	4.4.2.0	2009.01.09	-
Prevx1	V2	2009.01.09	Malicious Software
Rising	21.11.42.00	2009.01.09	-
SecureWeb-Gateway	6.7.6	2009.01.09	Riskware.Fake.CscSimX
Sophos	4.37.0	2009.01.09	-
Sunbelt	3.2.1831.2	2009.01.09	-
Symantec	10	2009.01.09	-
TheHacker	6.3.1.4.214	2009.01.09	-
TrendMicro	8.700.0.1004	2009.01.09	-
VBA32	3.12.8.10	2009.01.08	-
ViRobot	2009.1.9.1552	2009.01.09	-
VirusBuster	4.5.11.0	2009.01.08	-
```

Дополнительная информация
File size: 2818 bytes
MD5...: 9435eae54f53fb1e7517b2dbad8e4caf

*Добавлено через 10 минут*

Файл hosts.EXE получен 2009.01.09 14:45:13 (CET)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.73	2009.01.09	Tool.DOS.SimulatedVirus.A!IK
AhnLab-V3	2009.1.9.2	2009.01.09	-
AntiVir	7.9.0.54	2009.01.09	-
Authentium	5.1.0.4	2009.01.08	Intended_Virus!e2da
Avast	4.8.1281.0	2009.01.08	-
AVG	8.0.0.229	2009.01.09	DOS.Generic_c.R
BitDefender	7.2	2009.01.09	Application.Dropper.A
CAT-QuickHeal	10.00	2009.01.09	-
ClamAV	0.94.1	2009.01.09	DOS.Simulated.Virus
Comodo	895	2009.01.08	Application.SimulatedVir
DrWeb	4.44.0.09170	2009.01.09	Tool.VirEmul
eSafe	7.0.17.0	2009.01.08	Dos.Balooch
eTrust-Vet	31.6.6300	2009.01.09	-
F-Prot	4.4.4.56	2009.01.08	Intended_Virus!e2da
Fortinet	3.117.0.0	2009.01.09	W32/Music
GData	19	2009.01.09	Application.Dropper.A
Ikarus	T3.1.1.45.0	2009.01.09	Tool.DOS.SimulatedVirus.A
K7AntiVirus	7.10.584	2009.01.09	-
Kaspersky	7.0.0.125	2009.01.09	-
McAfee	5489	2009.01.08	potentially unwanted program Simulated Virus
McAfee+Artemis	5489	2009.01.08	potentially unwanted program Simulated Virus
Microsoft	1.4205	2009.01.09	Tool:DOS/SimulatedVirus.A
NOD32	3754	2009.01.09	SimulatedVir
Panda	9.4.3.3	2009.01.09	-
PCTools	4.4.2.0	2009.01.09	-
Rising	21.11.42.00	2009.01.09	-
SecureWeb-Gateway	6.7.6	2009.01.09	-
Sophos	4.37.0	2009.01.09	Junk/Music sim
Sunbelt	3.2.1831.2	2009.01.09	-
Symantec	10	2009.01.09	-
TheHacker	6.3.1.4.214	2009.01.09	-
TrendMicro	8.700.0.1004	2009.01.09	-
VBA32	3.12.8.10	2009.01.08	-
ViRobot	2009.1.9.1552	2009.01.09	-
VirusBuster	4.5.11.0	2009.01.08	-
```

Дополнительная информация
File size: 2974 bytes
MD5...: c7c76758a017faf547d006691fdf575d

----------


## DABbID

Файл innounp.exe получен 2009.01.12 17:19:17 (CET)
Текущий статус:    закончено 
Результат: 25/37 (67.57%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.0.0.73	2009.01.12	Virus.Win32.Trojan!IK
> AhnLab-V3	2009.1.10.0	2009.01.12	Packed/Upack
> AntiVir	7.9.0.54	2009.01.12	-
> Authentium	5.1.0.4	2009.01.12	W32/Heuristic-210!Eldorado
> Avast	4.8.1281.0	2009.01.12	Win32:Trojan-gen {Other}
> AVG	8.0.0.229	2009.01.12	Generic10.XFN
> BitDefender	7.2	2009.01.12	-
> CAT-QuickHeal	10.00	2009.01.12	(Suspicious) - DNAScan
> ...

----------


## senyak

Файл autorun.rar получен 2009.01.12 20:04:59 (CET)
Текущий статус:    закончено 
Результат: 5/38 (13.16%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.0.0.73	2009.01.12	-
> AhnLab-V3	2009.1.10.0	2009.01.12	-
> AntiVir	7.9.0.54	2009.01.12	-
> Authentium	5.1.0.4	2009.01.12	-
> Avast	4.8.1281.0	2009.01.12	-
> AVG	8.0.0.229	2009.01.12	-
> BitDefender	7.2	2009.01.12	-
> CAT-QuickHeal	10.00	2009.01.12	-
> ...


Дополнительная информация
File size: 29663 bytes
MD5...: 21b0f00ae0d46d52c88a78b542f4bfa5
SHA1..: 0cc575c1fddd6796b9809c4ae438082ed0064357
SHA256: 2f09ce46b26377de1b6b8d46d524ed561ce05d7e3a8295781e  e003ec779b48ae
SHA512: a43e74319726e8522c718a33cea595ff3c5007cf03ca254020  0e2f80e46a78ad
a3ab495154a6a30fca62d4f1db5731b4afb6b6a7bb4626db98  e92cb1fbad144f
ssdeep: 768:bT0GDmiHNP4bwGjUcfazYSRzH6qIUBCl+m:30imiHNP4kG  jYN5aqIUBCl+m
PEiD..: -
TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)
PEInfo: -
packers (F-Prot): Unicode

----------


## IgorKr

Файл setup.exe получен 2009.01.13 15:37:30 (CET)
Текущий статус:   закончено 
Результат: 9/38 (23.69%)




> a-squared	4.0.0.73	2009.01.13	-
> AhnLab-V3	2009.1.13.3	2009.01.13	-
> AntiVir	7.9.0.54	2009.01.13	-
> Authentium	5.1.0.4	2009.01.13	-
> Avast	4.8.1281.0	2009.01.13	-
> *AVG	8.0.0.229	2009.01.13	SHeur2.KOR.dropper*
> *BitDefender	7.2	2009.01.13	Trojan.Vundo.GGF*
> CAT-QuickHeal	10.00	2009.01.12	-
> ClamAV	0.94.1	2009.01.13	-
> ...

----------


## ZhIV

Файл csrcs-.exe получен 2009.01.14 05:23:20 (CET)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.73	2009.01.14	Trojan.Win32.Autoit.dt!IK
AhnLab-V3	2009.1.13.3	2009.01.14	Win-Trojan/Midgare.229888.B
AntiVir	7.9.0.54	2009.01.13	TR/Autoit.fi.420388
Authentium	5.1.0.4	2009.01.13	W32/Trojan2.FKMP
Avast	4.8.1281.0	2009.01.13	Win32:Trojan-gen {Other}
AVG	8.0.0.229	2009.01.13	Worm/Autoit.LYM
BitDefender	7.2	2009.01.14	Trojan.Generic.1175909
CAT-QuickHeal	10.00	2009.01.12	TrojanDownloader.Small.agrv
ClamAV	0.94.1	2009.01.13	Worm.Autorun-1793
Comodo	927	2009.01.13	-
DrWeb	4.44.0.09170	2009.01.13	-
eSafe	7.0.17.0	2009.01.13	Suspicious File
eTrust-Vet	31.6.6306	2009.01.13	-
F-Prot	4.4.4.56	2009.01.13	W32/Trojan2.FKMP
F-Secure	8.0.14470.0	2009.01.14	Trojan.Win32.Autoit.fi
Fortinet	3.117.0.0	2009.01.14	-
GData	19	2009.01.14	Trojan.Generic.1175909
Ikarus	T3.1.1.45.0	2009.01.14	Trojan.Win32.Autoit.dt
K7AntiVirus	7.10.584	2009.01.09	Trojan.Win32.Midgare.rdk
Kaspersky	7.0.0.125	2009.01.14	Trojan.Win32.Autoit.fi
McAfee	5494	2009.01.13	W32/Autorun.worm.zf.gen
McAfee+Artemis	5494	2009.01.13	W32/Autorun.worm.zf.gen
Microsoft	1.4205	2009.01.13	Worm:AutoIt/Renocide.gen!A
NOD32	3763	2009.01.13	Win32/Packed.Autoit.Gen
Norman	5.93.01	2009.01.13	W32/Agent.JIIR
Panda	9.5.1.2	2009.01.13	W32/Autoit.Z
PCTools	4.4.2.0	2009.01.13	-
Prevx1	V2	2009.01.14	-
Rising	21.12.20.00	2009.01.14	-
SecureWeb-Gateway	6.7.6	2009.01.13	Trojan.Autoit.fi.420388
Sophos	4.37.0	2009.01.13	Sus/Behav-1011
Sunbelt	3.2.1831.2	2009.01.09	-
Symantec	10	2009.01.14	W32.Harakit
TheHacker	6.3.1.4.219	2009.01.14	Trojan/Autoit.gs
TrendMicro	8.700.0.1004	2009.01.14	WORM_AUTORUN.HP
VBA32	3.12.8.10	2009.01.13	-
ViRobot	2009.1.14.1557	2009.01.14	-
VirusBuster	4.5.11.0	2009.01.13	-
```

Дополнительная информация
File size: 420360 bytes
MD5...: e297074d0a30c50ef6d227a362261685
SHA1..: 851d5403686594bd1752ef827aaed440f88e983e
SHA256: 6736a1ef071073c2e949168573730f33cca14a3f6d4a5848c4  d9d4f1d647adca
SHA512: 827dbb1bd64e3c1fa731d8b890bf17f555ba68138818ecb796  a95bf65cef601b<BR>9446996bd519a25421871d0b397c458c  0d95ca4d3126dc05ef85813563f648c9<BR>
ssdeep: 12288:tnNhuBoY8SorxgmA+nlvVl/2RSHOJGBaObFR4U:tPatCg7EPt2SOEoOQU<BR>
PEiD..: -

*Добавлено через 8 минут*

Файл autorun.inf получен 2009.01.14 05:29:51 (CET)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.73	2009.01.14	-
AhnLab-V3	2009.1.13.3	2009.01.14	-
AntiVir	7.9.0.54	2009.01.13	-
Authentium	5.1.0.4	2009.01.13	-
Avast	4.8.1281.0	2009.01.13	-
AVG	8.0.0.229	2009.01.13	Worm/AutoRun
BitDefender	7.2	2009.01.14	Trojan.AutorunINF.Gen
CAT-QuickHeal	10.00	2009.01.12	-
ClamAV	0.94.1	2009.01.13	Worm.Autorun-1792
Comodo	927	2009.01.13	-
DrWeb	4.44.0.09170	2009.01.13	-
eSafe	7.0.17.0	2009.01.13	-
eTrust-Vet	31.6.6306	2009.01.13	INF/Frethog
F-Prot	4.4.4.56	2009.01.13	-
F-Secure	8.0.14470.0	2009.01.14	BAT/AutoRun.AE
Fortinet	3.117.0.0	2009.01.14	-
GData	19	2009.01.14	Trojan.AutorunINF.Gen
Ikarus	T3.1.1.45.0	2009.01.14	-
K7AntiVirus	7.10.584	2009.01.09	-
Kaspersky	7.0.0.125	2009.01.14	-
McAfee	5494	2009.01.13	-
McAfee+Artemis	5494	2009.01.13	-
Microsoft	1.4205	2009.01.13	-
NOD32	3763	2009.01.13	-
Norman	5.93.01	2009.01.13	BAT/AutoRun.AE
Panda	9.5.1.2	2009.01.13	-
PCTools	4.4.2.0	2009.01.13	-
Prevx1	V2	2009.01.14	-
Rising	21.12.20.00	2009.01.14	-
SecureWeb-Gateway	6.7.6	2009.01.13	-
Sophos	4.37.0	2009.01.14	W32/Yahlov-A
Sunbelt	3.2.1831.2	2009.01.09	INF.Autorun (v)
Symantec	10	2009.01.14	-
TheHacker	6.3.1.4.219	2009.01.14	-
TrendMicro	8.700.0.1004	2009.01.14	-
VBA32	3.12.8.10	2009.01.13	-
ViRobot	2009.1.14.1557	2009.01.14	-
VirusBuster	4.5.11.0	2009.01.13	INF.Autorun.Gen
```

Дополнительная информация
File size: 473 bytes
MD5...: 6ed92792d0051fbc0a84d6aea3a8970a
SHA1..: 688d1291f9a62e37bbc2c716526deb5969467094
SHA256: e8ee51ea254861ff70bd860ee1c9b8c5cb5cf27480cd66be19  9e83ddeaebdeb2
SHA512: 9dc6de65f9f55e2a9e35fcf549f2cfbce0f755b78cbcb9f3b4  211b0de0360948<BR>1aaa2a2e50e2baef309c8165ac04abca  755a61aa0a8d182ebdf1e67073914b74<BR>
ssdeep: 12 :borred: bgpDMbuRuuPM5BXiheTmNXq4izKswQwMDzrMRi:6F0ud4Bkqm3  SwQV04<BR>
PEiD..: -
TrID..: File type identification<BR>Unknown!
PEInfo: -

----------


## OSSP2008

Файл Virus.Win32.Parite.d получен 2009.01.14 10:50:22 (CET)
Текущий статус:  закончено 
Результат: *31/38* (81.58%)




> *a-squared	4.0.0.73	2009.01.14	Backdoor.Rbot!IK*
> AhnLab-V3	2009.1.13.3	2009.01.14	-
> *AntiVir	7.9.0.54	2009.01.13	W32/Parite
> Authentium	5.1.0.4	2009.01.13	W32/Parite.D
> Avast	4.8.1281.0	2009.01.13	Win32arite
> AVG	8.0.0.229	2009.01.13	BackDoor.RBot.EL
> BitDefender	7.2	2009.01.14	Win32.Parite.D
> CAT-QuickHeal	10.00	2009.01.14	(Suspicious) - DNAScan
> ClamAV	0.94.1	2009.01.14	W32.Parite.B
> ...

----------


## ZhIV

File autorun.exe received on 01.15.2009 04:56:27 (CET)



> Antivirus	Version	Last Update	Result
> *a-squared	4.0.0.73	2009.01.15	Trojan-PWS.Legmir!IK*
> AhnLab-V3	2009.1.15.0	2009.01.14	-
> *AntiVir	7.9.0.54	2009.01.14	CC/UKMalw.LB
> Authentium	5.1.0.4	2009.01.14	W32/Trojan.BWKV*
> Avast	4.8.1281.0	2009.01.14	-
> *AVG	8.0.0.229	2009.01.14	Generic12.PHK*
> BitDefender	7.2	2009.01.15	-
> CAT-QuickHeal	10.00	2009.01.15	-
> ...


Additional information
File size: 61440 bytes
MD5...: 9a667611eb788402ccadd829e29a4184
SHA1..: 1b28150e07c4da97c7f343f63acf8a468a5f3733
SHA256: 4849c6b6f0575b511cbdda7ae3cbb6d88520b7093db32d5279  1c022d2526aa32
SHA512: 6efc167db4174c8cb31041b4c6dbf07edd7691e1b4855748c8  24d9e566633daa<BR>c1d5c8ba06f9ea2373f9c6711aff67ee  adf6056094b99e8bf577a23d35ed8fb3<BR>
ssdeep: 768:nsj44SFkaaLPP+GizfclAzfvy1NQ/zY09OiJos/yQ:U44xeGYnzfvy1NQGio<BR>s7<BR>
PEiD..: Armadillo v1.71

----------


## Hanson

Файл autorun.inf



> Файл avz00001.dta получен 2009.01.15 12:06:46 (CET)
> Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
> Результат: 19/39 (48.72%)
> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.73	2009.01.15	Trojan.Autorun.TE!IK*
> AhnLab-V3	2009.1.15.0	2009.01.15	-
> AntiVir	7.9.0.54	2009.01.15	-
> Authentium	5.1.0.4	2009.01.14	-
> *Avast	4.8.1281.0	2009.01.14	BV:AutoRun-G
> ...


*Добавлено через 2 часа 9 минут*

Файл twex_exe получен 2009.01.15 14:17:59 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 19/39 (48.72%)



> Антивирус 	Версия 	Обновление 	Результат
> a-squared	4.0.0.73	2009.01.15	-
> *AhnLab-V3	2009.1.15.0	2009.01.15	Win32/IRCBot.worm.variant*
> AntiVir	7.9.0.54	2009.01.15	-
> Authentium	5.1.0.4	2009.01.14	-
> *Avast	4.8.1281.0	2009.01.14	Win32bot-AVH
> AVG	8.0.0.229	2009.01.15	Generic12.WWQ
> BitDefender	7.2	2009.01.15	Backdoor.Bot.68054*
> CAT-QuickHeal	10.00	2009.01.15	-
> ...


*Добавлено через 1 минуту*

Файл pe044_sys получен 2009.01.15 14:15:44 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 12/39 (30.77%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.73	2009.01.15	Virus.Win32.Agent.VGV!IK*
> AhnLab-V3	2009.1.15.0	2009.01.15	-
> AntiVir	7.9.0.54	2009.01.15	-
> Authentium	5.1.0.4	2009.01.14	-
> *Avast	4.8.1281.0	2009.01.14	Win32:Agent-VGV
> AVG	8.0.0.229	2009.01.15	BackDoor.Ntrootkit.AM
> BitDefender	7.2	2009.01.15	Trojan.Dropper.SFO*
> CAT-QuickHeal	10.00	2009.01.15	-
> ...

----------


## senyak

Файл A0010364.exe получен 2009.01.15 19:57:03 (CET)
Текущий статус:    закончено 
Результат: 18/38 (47.37%)



> Антивирус	Версия	Обновление	Результат
> *a-squared	4.0.0.73	2009.01.15	Virus.Win32.Trojan!IK*
> AhnLab-V3	2009.1.15.0	2009.01.15	-
> *AntiVir	7.9.0.54	2009.01.15	Worm/SdBot.IW*
> Authentium	5.1.0.4	2009.01.15	-
> *Avast	4.8.1281.0	2009.01.15	Win32:Trojan-gen {Other}*
> AVG	8.0.0.229	2009.01.15	-
> *BitDefender	7.2	2009.01.15	Backdoor.Bot.8454*
> CAT-QuickHeal	10.00	2009.01.15	-
> ...


File size: 3081895 bytes
MD5...: 72a571e7fc21d88228d44fdc59dc5c6d
SHA1..: c30951ece7962e9791bb5860981d71065a8a7051
SHA256: 9b3b3d7eccfc1207889a2923270f570d53d38236ac261139ea  6bc87b30c11b53
SHA512: 057d006d4a61f46d397f45271b1dedc073e0763bbb2d78d33b  dfb80fb31e8f66
eeb1d6fd8e0e10ab0cbe806f6f602196b5e8a1850dbabd0eb9  1291fabc429c1b
ssdeep: 49152:xZYrlj+PSaHxZPiefYmLeV9Ia0Uvpz0y43s7HC3dACmZ  fEPXbFqIpZ:e95
MLPiiYs2B0yI3UHC32CmJEDEI7
PEiD..: -



Файл imcast.exe получен 2009.01.15 20:07:37 (CET)
Текущий статус:    закончено 
Результат: 17/39 (43.59%)



> Антивирус	Версия	Обновление	Результат
> *a-squared	4.0.0.73	2009.01.15	Virus.Win32.Trojan!IK*
> AhnLab-V3	2009.1.15.0	2009.01.15	-
> *AntiVir	7.9.0.54	2009.01.15	Worm/SdBot.IW*
> Authentium	5.1.0.4	2009.01.15	-
> *Avast	4.8.1281.0	2009.01.15	Win32:Trojan-gen {Other}*
> AVG	8.0.0.229	2009.01.15	-
> *BitDefender	7.2	2009.01.15	Backdoor.Bot.8454*
> CAT-QuickHeal	10.00	2009.01.15	-
> ...


Дополнительная информация
File size: 2084864 bytes
MD5...: b43ddd1591bb03fdcaa6db6a4b5def3e
SHA1..: 021edd86872c4212f1774b8fa4132a441da70255
SHA256: 694b76a4d42b814107e990de7abc84771c69fa5142e0ffd500  1aa3a5d3f2c89f
SHA512: 3f76391a4732cc372875f540ab1456782015e06a7c8e6b4d83  f1f1de72b39754
96c9bc36f3127cd3e867ed0e3b64e4fe14cadb08f4181f8d62  e5cc46a4b4378a
ssdeep: 24576:qUXiFqZWuBMdWHwbAcXx1XqYsZ63bl7fPcD9lehwhmbT  sOsbK7vn4VNdjl
6QppDM:7sFu6pXx160I1CUNrbM0oNlCVGT
PEiD..: Armadillo v1.71

----------


## ISO

File autochk.dll received on 01.16.2009 03:29:33 (CET)
Result: 10/39 (25.65%)



```
Antivirus  	Version  	Last Update  	Result
a-squared	4.0.0.73	2009.01.16	-
AhnLab-V3	2009.1.15.0	2009.01.15	-
AntiVir	7.9.0.55	2009.01.15	TR/Spy.Gen
Authentium	5.1.0.4	2009.01.15	-
Avast	4.8.1281.0	2009.01.15	Win32:Spyware-gen
AVG	8.0.0.229	2009.01.15	-
BitDefender	7.2	2009.01.16	Trojan.Generic.1275934
CAT-QuickHeal	10.00	2009.01.15	-
ClamAV	0.94.1	2009.01.15	-
Comodo	932	2009.01.15	-
DrWeb	4.44.0.09170	2009.01.15	-
eSafe	7.0.17.0	2009.01.15	-
eTrust-Vet	31.6.6309	2009.01.15	-
F-Prot	4.4.4.56	2009.01.15	-
F-Secure	8.0.14470.0	2009.01.16	-
Fortinet	3.117.0.0	2009.01.15	-
GData	19	2009.01.16	Trojan.Generic.1275934
Ikarus	T3.1.1.45.0	2009.01.16	-
K7AntiVirus	7.10.584	2009.01.09	-
Kaspersky	7.0.0.125	2009.01.16	-
McAfee	5496	2009.01.15	-
McAfee+Artemis	5496	2009.01.15	-
Microsoft	1.4205	2009.01.16	-
NOD32	3769	2009.01.15	-
Norman	5.93.01	2009.01.15	W32/Malware.EVEF
nProtect	2009.1.8.0	2009.01.16	Trojan.Generic.1275934
Panda	9.5.1.2	2009.01.15	Generic Trojan
PCTools	4.4.2.0	2009.01.15	-
Prevx1	V2	2009.01.16	Worm
Rising	21.12.32.00	2009.01.15	-
SecureWeb-Gateway	6.7.6	2009.01.16	Trojan.Spy.Gen
Sophos	4.37.0	2009.01.16	-
Sunbelt	3.2.1835.2	2009.01.16	-
Symantec	10	2009.01.16	-
TheHacker	6.3.1.4.220	2009.01.14	-
TrendMicro	8.700.0.1004	2009.01.15	TSPY_AGENT.ZZR
VBA32	3.12.8.10	2009.01.14	-
ViRobot	2009.1.15.1560	2009.01.15	-
VirusBuster	4.5.11.0	2009.01.15	-
```

Additional information
File size: 16384 bytes
MD5...: 864b2ab9501c5be2a824d5863e139ed8
SHA1..: 0ddcac074bc254b97ab0dbbf0bdef1bd799b128c
SHA256: 8e8258a7249614ac9838df5ceadde908463eda2ce22278b8b6  a2b6b0c85bef22
SHA512: 75b8ffe8172aa29a664ec1bf0b309132f4254541d9c4d2a1c5  48ce8ae462784b
892a2279ea6e973d102c49501b51e17a732a8799d650bdb166  7270f93116cbfa
ssdeep: 384:8hqiM6cZM19GxfyT/UiSc7XSLdpZKvBpZVB5Y+T:uNKIUiSPLdXcBDVB

----------


## senyak

Файл smspodmenka.jar получен 2009.01.16 16:01:13 (CET)
Текущий статус:    закончено 
Результат: 10/39 (25.65%)



> Антивирус	Версия	Обновление	Результат
> *a-squared	4.0.0.73	2009.01.16	Trojan-SMS.J2ME.Swapi!IK*
> AhnLab-V3	2009.1.15.0	2009.01.16	-
> AntiVir	7.9.0.55	2009.01.16	-
> Authentium	5.1.0.4	2009.01.16	-
> *Avast	4.8.1281.0	2009.01.16	Other:Malware-gen*
> AVG	8.0.0.229	2009.01.16	-
> BitDefender	7.2	2009.01.16	-
> CAT-QuickHeal	10.00	2009.01.16	-
> ...


Дополнительная информация
File size: 4293 bytes
MD5...: 8c04cde53fbf4c00ed53c0ad3fd0d3e7
SHA1..: 8a802bb7b53c2e5353c5ec490ab963c423b85e97
SHA256: 7391c65fa3d89fa33f75933b6f4790982a2340719ca35a5f86  cfd56b33555b93
SHA512: aafdfadad9e826c723f911760f5ae8bf661b24bcc11d455d55  c224a84b86daab
9b0a44745f9a0ddf81b8088e2761158d9eca27f72abb629f05  8f4991c500b89e
ssdeep: 96:gcFXq9sIgtFSf9rph6w2TXX4qbvtmH+0vv/hXUhSi1YJ:gcFXEskH2TYAvIXn
/hINO
PEiD..: -

----------


## kvit

Еще один 	Trojan-SMS.J2ME.Swapi.c


```
Антивирус  	Версия  	Обновление  	Результат
a-squared	4.0.0.73	2009.01.18	-
AhnLab-V3	2009.1.15.0	2009.01.17	-
AntiVir	7.9.0.57	2009.01.17	-
Authentium	5.1.0.4	2009.01.17	-
Avast	4.8.1281.0	2009.01.16	Other:Malware-gen
AVG	8.0.0.229	2009.01.17	-
BitDefender	7.2	2009.01.18	-
CAT-QuickHeal	10.00	2009.01.17	-
ClamAV	0.94.1	2009.01.18	-
Comodo	935	2009.01.18	-
DrWeb	4.44.0.09170	2009.01.18	-
eSafe	7.0.17.0	2009.01.15	-
eTrust-Vet	31.6.6312	2009.01.17	-
F-Prot	4.4.4.56	2009.01.17	-
F-Secure	8.0.14470.0	2009.01.18	Trojan-SMS.J2ME.Swapi.c
Fortinet	3.117.0.0	2009.01.15	-
GData	19	2009.01.18	Other:Malware-gen
Ikarus	T3.1.1.45.0	2009.01.18	-
K7AntiVirus	7.10.594	2009.01.17	-
Kaspersky	7.0.0.125	2009.01.18	Trojan-SMS.J2ME.Swapi.c
McAfee	5498	2009.01.17	-
McAfee+Artemis	5498	2009.01.17	-
Microsoft	1.4205	2009.01.18	Trojan:Java/Swapi.C
NOD32	3774	2009.01.17	-
Norman	5.93.01	2009.01.16	-
nProtect	2009.1.8.0	2009.01.16	-
Panda	9.5.1.2	2009.01.18	-
PCTools	4.4.2.0	2009.01.18	-
Prevx1	V2	2009.01.18	-
Rising	21.12.62.00	2009.01.18	-
SecureWeb-Gateway	6.7.6	2009.01.17	-
Sophos	4.37.0	2009.01.18	-
Sunbelt	3.2.1835.2	2009.01.16	-
Symantec	10	2009.01.18	-
TheHacker	6.3.1.5.222	2009.01.17	-
TrendMicro	8.700.0.1004	2009.01.16	-
VBA32	3.12.8.10	2009.01.17	-
ViRobot	2009.1.17.1563	2009.01.17	-
VirusBuster	4.5.11.0	2009.01.17	-
```

*Дополнительная информация*
File size: 270636 bytes
MD5...: 92155ab7dffbdbb37a2169d5636d1bb9
SHA1..: da0552b3bdd38e6387d1b5d683a1575accfb51f7
SHA256: 7d3045aa6ad2cf61c62be16f77e2b4f0a94d0540788f3a2e91  53bda802323b13
SHA512: 48b1a85bdc78cd0d8c3510293b0f7d9c566468b2e32d1bc59b  0625136bbcefcb
0aed2771a7cd51c3a545bad1211b180a00fd9278e0c07c8f36  888edab34a59d5
ssdeep: 6144:QTNF0BUjiQAIqDSwI6vI3/IRKyXWXDLeNLU29JCZEvVBuNN4y7WLbUz1:Qx
F0BUjVAIqDSP6K/E2DKNAJEvKNN4y1
PEiD..: -
TrID..: File type identification
ZIP compressed archive (99.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: -
packers (Kaspersky): PE_Patch

----------


## ISO

File *sieft.jar* received on 01.18.2009 17:25:24 (CET)
Result: 4/39 (10.26%)


```
Antivirus  	Version  	Last Update  	Result
a-squared	4.0.0.73	2009.01.18	-
AhnLab-V3	2009.1.15.0	2009.01.17	-
AntiVir	7.9.0.57	2009.01.18	-
Authentium	5.1.0.4	2009.01.17	-
Avast	4.8.1281.0	2009.01.16	-
AVG	8.0.0.229	2009.01.18	-
BitDefender	7.2	2009.01.18	-
CAT-QuickHeal	10.00	2009.01.17	-
ClamAV	0.94.1	2009.01.18	-
Comodo	935	2009.01.18	-
DrWeb	4.44.0.09170	2009.01.18	Java.SMSSend.16
eSafe	7.0.17.0	2009.01.18	-
eTrust-Vet	31.6.6312	2009.01.17	-
F-Prot	4.4.4.56	2009.01.17	-
F-Secure	8.0.14470.0	2009.01.18	Trojan-SMS.J2ME.Swapi.e
Fortinet	3.117.0.0	2009.01.15	-
GData	19	2009.01.18	-
Ikarus	T3.1.1.45.0	2009.01.18	-
K7AntiVirus	7.10.594	2009.01.17	-
Kaspersky	7.0.0.125	2009.01.18	Trojan-SMS.J2ME.Swapi.e
McAfee	5499	2009.01.18	-
McAfee+Artemis	5499	2009.01.18	-
Microsoft	1.4205	2009.01.18	Trojan:Java/Swapi.D
NOD32	3774	2009.01.17	-
Norman	5.93.01	2009.01.16	-
nProtect	2009.1.8.0	2009.01.16	-
Panda	9.5.1.2	2009.01.18	-
PCTools	4.4.2.0	2009.01.18	-
Prevx1	V2	2009.01.18	-
Rising	21.12.62.00	2009.01.18	-
SecureWeb-Gateway	6.7.6	2009.01.18	-
Sophos	4.37.0	2009.01.18	-
Sunbelt	3.2.1835.2	2009.01.16	-
Symantec	10	2009.01.18	-
TheHacker	6.3.1.5.222	2009.01.17	-
TrendMicro	8.700.0.1004	2009.01.16	-
VBA32	3.12.8.10	2009.01.18	-
ViRobot	2009.1.17.1563	2009.01.17	-
VirusBuster	4.5.11.0	2009.01.18	-
```

Additional information
File size: 7344 bytes
MD5...: fb0b4fbc04537f62e9db46798b5812b5
SHA1..: b592881a2aa87954a609440cc66c7a459231abfb
SHA256: 88b12b0f7609f2aa10a1196ad98d54fb394fa7b5a86d2bc122  b746a7ac7da2a4
SHA512: c50fc2ab50edb4b99e695b17220443569f2a2934b94a425eaf  38c03b4f2b2daf
2690e824040a98510baa0c53adffee208492450134f61f50aa  fadc017d942d2a
ssdeep: 192:/n15HNaf6Kbz/jCU1JHaIWbTWcMv5c+BPiGlXSsArz:/n1yf6Qz/jCULHaIK
TzYKQ3LQ
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)

File *icq_2oo9.jar* received on 01.18.2009 17:19:41 (CET)
Result: 9/39 (23.08%)


```
Antivirus  	Version  	Last Update  	Result
a-squared	4.0.0.73	2009.01.18	Trojan-SMS.J2ME.Swapi!IK
AhnLab-V3	2009.1.15.0	2009.01.17	-
AntiVir	7.9.0.57	2009.01.18	-
Authentium	5.1.0.4	2009.01.17	-
Avast	4.8.1281.0	2009.01.16	Other:Malware-gen
AVG	8.0.0.229	2009.01.18	-
BitDefender	7.2	2009.01.18	-
CAT-QuickHeal	10.00	2009.01.17	-
ClamAV	0.94.1	2009.01.18	-
Comodo	935	2009.01.18	TrojWare.J2ME.SMS.Swapi.c
DrWeb	4.44.0.09170	2009.01.18	Java.SMSSend.1
eSafe	7.0.17.0	2009.01.18	Suspicious File
eTrust-Vet	31.6.6312	2009.01.17	-
F-Prot	4.4.4.56	2009.01.17	-
F-Secure	8.0.14470.0	2009.01.18	Trojan-SMS.J2ME.Swapi.c
Fortinet	3.117.0.0	2009.01.15	-
GData	19	2009.01.18	Other:Malware-gen
Ikarus	T3.1.1.45.0	2009.01.18	Trojan-SMS.J2ME.Swapi
K7AntiVirus	7.10.594	2009.01.17	-
Kaspersky	7.0.0.125	2009.01.18	-
McAfee	5499	2009.01.18	-
McAfee+Artemis	5499	2009.01.18	-
Microsoft	None	2009.01.18	-
NOD32	3774	2009.01.17	-
Norman	5.93.01	2009.01.16	-
nProtect	2009.1.8.0	2009.01.16	-
Panda	9.5.1.2	2009.01.18	-
PCTools	4.4.2.0	2009.01.18	-
Prevx1	V2	2009.01.18	Cloaked Malware
Rising	21.12.62.00	2009.01.18	-
SecureWeb-Gateway	6.7.6	2009.01.18	-
Sophos	4.37.0	2009.01.18	-
Sunbelt	3.2.1835.2	2009.01.16	-
Symantec	10	2009.01.18	-
TheHacker	6.3.1.5.222	2009.01.17	-
TrendMicro	8.700.0.1004	2009.01.16	-
VBA32	3.12.8.10	2009.01.18	-
ViRobot	2009.1.17.1563	2009.01.17	-
VirusBuster	4.5.11.0	2009.01.18	-
```

Additional information
File size: 399289 bytes
MD5...: 02d11fb4aeeeb3af16fe0e6df959dc5d
SHA1..: b5db56bd7c5f0f80d58df7a5a8396c84666ba656
SHA256: 6546fcb34c4b82fb3d0c3417ea6a8bde4c97c4ec536410e950  914dd91e4b5433
SHA512: a54785e8f65986cf24464706dccba4030a0abce0884eb0290d  8f8ef37e63b77f
0a18eb94ec9037b70ca14b03ade4ecec6e04d7efe56270a24c  31dbf1d7323869
ssdeep: 12288:QxF0BUjVAIqDSP6K/E2DKNAJEvKNN4yWfUzoCgICAOKWKH8OA:83jVAItC
Kc2DVqvKDWBICzKWKHo
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Hanson

Файл twext.exe получен 2009.01.19 14:06:45 (CET)
Текущий статус: 
Результат: 10/39 (25.65%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.73	2009.01.19	-
> *AhnLab-V3	2009.1.15.0	2009.01.19	Win-Trojan/Zbot.60416*
> AntiVir	7.9.0.57	2009.01.19	-
> Authentium	5.1.0.4	2009.01.18	-
> *Avast	4.8.1281.0	2009.01.18	Win32bot-AXP
> AVG	8.0.0.229	2009.01.19	Win32/Cryptor
> BitDefender	7.2	2009.01.19	MemScan:Trojan.Spy.ZBot.MK*
> CAT-QuickHeal	10.00	2009.01.19	-
> ...

----------


## senyak

Файл dwr получен 2009.01.20 08:10:59 (CET)
Текущий статус:   закончено 
Результат: 9/39 (23.08%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.0.0.73	2009.01.20	-
> AhnLab-V3	2009.1.20.1	2009.01.20	-
> *AntiVir	7.9.0.57	2009.01.19	EXP/Pidief.IM.1*
> Authentium	5.1.0.4	2009.01.19	-
> *Avast	4.8.1281.0	2009.01.19	JSdfka-AD*
> AVG	8.0.0.229	2009.01.20	-
> *BitDefender	7.2	2009.01.20	Exploit.PDF-JS.Gen.C03*
> CAT-QuickHeal	10.00	2009.01.20	-
> ...


Дополнительная информация
File size: 3531 bytes
MD5...: d4f84d9711c10c0ac8f995fbe4586f1c
SHA1..: a37d910fbc6a89300ed417e5f7ad4c93a61e67f4
SHA256: 8b679f236ece2e417a9923355eaf072d55211dea2cd3e2d7b9  1e8a40a84f6f2c
SHA512: a87bc4131b376dd79bef14e0a3c8ecb08e0dcf2f91e6ab9032  f6f5276251f1da
dcb88eef49e2b713040ccd7bb9ec248b1c52e02de2c8029bd4  d69d77707535aa
ssdeep: 96:rDg51rRORkqkrYyrKeH6yDQ18lORWC4CQX69XPz9V1YmOjr  t1cKOUNrcGvhLM
iKh:f+1rROqqkrYkKeH6yDQm0QCNLiHrt/C
PEiD..: -

----------


## Hanson

Файл mycentrialinstall_exe получен 2009.01.20 09:03:23 (CET)
Текущий статус: 
Результат: 2/38 (5.27%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.73	2009.01.20	-
> AhnLab-V3	5.0.0.2	2009.01.20	-
> AntiVir	7.9.0.57	2009.01.19	-
> Authentium	5.1.0.4	2009.01.19	-
> Avast	4.8.1281.0	2009.01.19	-
> AVG	8.0.0.229	2009.01.20	-
> BitDefender	7.2	2009.01.20	-
> CAT-QuickHeal	10.00	2009.01.20	-
> ...

----------


## senyak

Пришло по Скайпу 

Файл Appetite.exe получен 2009.01.20 13:05:32 (CET)
Текущий статус:    закончено 
Результат: 7/39 (17.95%)
Антивирус	Версия	Обновление	Результат



> a-squared	4.0.0.73	2009.01.20	-
> AhnLab-V3	5.0.0.2	2009.01.20	-
> AntiVir	7.9.0.57	2009.01.20	-
> Authentium	5.1.0.4	2009.01.19	-
> Avast	4.8.1281.0	2009.01.20	-
> *AVG	8.0.0.229	2009.01.20	VB.GCS*
> BitDefender	7.2	2009.01.20	-
> CAT-QuickHeal	10.00	2009.01.20	-
> ClamAV	0.94.1	2009.01.19	-
> ...


Дополнительная информация
File size: 94808 bytes
MD5...: 8db69261d86a6153088d5b8c90af781b
SHA1..: 66d37e63695aaa6c40357e92603ab0243d8dc566
SHA256: d69e5e385dd8df2ff1129d14646d490a0e53ae15dc0d061269  ce7c981c8fe0bf
SHA512: 91bf5dfe55a593f9b56a4ef34e4ab6ab2fbf957d9028daa6f9  eeca1eeb66c98f
69ba8ac2a95129c1a0829bfd253924399af97ab8656bd82635  b24b786213fcc6
ssdeep: 1536 :Stick Out Tongue: YwF9WD05appBix2t3Gmb9p2bYABto8uvvZe8gMiibdqZKKRawp  lK:QwF96
L+5mhoivxx5Ik
PEiD..: -

----------


## AlexGOMEL

Файл nppr.dll получен 2009.01.22 09:24:51 (CET)



> Антивирус	Версия	Обновление	Результат
> *a-squared	4.0.0.73	2009.01.22	Backdoor.Win32.Bifrose!IK
> AhnLab-V3	2009.1.22.2	2009.01.22	Win-Trojan/Mailfinder.17408
> AntiVir	7.9.0.57	2009.01.22	TR/Vundo.Gen*
> Authentium	5.1.0.4	2009.01.22	-
> Avast	4.8.1281.0	2009.01.21	-
> *AVG	8.0.0.229	2009.01.22	Win32/Heur
> BitDefender	7.2	2009.01.22	MemScan:Trojan.MailFinder.B*
> CAT-QuickHeal	10.00	2009.01.22	-
> ...


Дополнительная информация
File size: 17408 bytes
MD5...: d88540b8d78ec22660b6372d26b6d81f
SHA1..: be18d8f8d8ff020e8c1c982b1f4b07271693dc8f

_nppr.dll - Trojan-Mailfinder.Win32.Agent.xu
 Детектирование файлов будет добавлено в следующее обновление._

----------


## senyak

Файл autorun2.inf.tmp получен 2009.01.22 18 :20: 26 (CET)
Текущий статус:   закончено 
Результат: 23/39 (58.98%)



> Антивирус	Версия	Обновление	Результат
> *a-squared	4.0.0.73	2009.01.22	Worm.Win32.AutoRun!IK*
> AhnLab-V3	5.0.0.2	2009.01.22	-
> *AntiVir	7.9.0.57	2009.01.22	TR/Spy.179*
> Authentium	5.1.0.4	2009.01.22	-
> *Avast	4.8.1281.0	2009.01.22	VBS:Malware-gen
> AVG	8.0.0.229	2009.01.22	Worm/Small.2.D*
> BitDefender	7.2	2009.01.22	-
> CAT-QuickHeal	10.00	2009.01.22	-
> ...


Дополнительная информация
File size: 186 bytes
MD5...: 388cdce38219e26795c8df2e4b9a8a4c
SHA1..: 0e72b83417eab223464533d1b749d4bd8a6caa13
SHA256: 29eecdb0b3889f3fd97795e770d38455e8af0ca84119dda8e0  09a123aa527d9b
SHA512: 8912302845a77e2d19d0306acdefa1bd55666004eb6240f1d4  7fceef2ebccf11
02fceaf5564de89499106ee03514e6c9ffb82805faaf54be0a  9e5f304be0b5b7
ssdeep: 3:00nwLFQRMeLVSNdYRUNDVNdoYAFxFQRMeLVSNeNSFSpoYAFx  FQRMeLVSN0QFQR
MA:jwLqRtsNdYRUDndFYqRtsN0S+YqRtsNA
PEiD..: -
TrID..: File type identification
Generic INI configuration (100.0%)
PEInfo: -

----------


## Hanson

Файл wxilib.dll получен 2009.01.23 09:11:41 (CET)
Результат: 6/39 (15.39%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.73	2009.01.23	Trojan-Ransom!IK*
> AhnLab-V3	5.0.0.2	2009.01.23	-
> AntiVir	7.9.0.60	2009.01.22	-
> Authentium	5.1.0.4	2009.01.22	-
> Avast	4.8.1281.0	2009.01.22	-
> *AVG	8.0.0.229	2009.01.22	Adload_r.GK*
> BitDefender	7.2	2009.01.23	-
> CAT-QuickHeal	10.00	2009.01.23	-
> ...


Дополнительная информация
File size: 323584 bytes
MD5...: 5fb85cc01066e45fd1e1dded6a4e8a4e
SHA1..: 5e2bc3102447e3db75b811d1830da7330223d164
SHA256: 9d13fef337a7570d3fcc356b2b2438934fc2e003eac63292c8  22c3953839c267
SHA512: 98894c6f53eefae13892408f743048496c5b869b31ca0f8cf6  aff6d95a1f3f05
89f39e874944dab19173e3fa552cc143e4c48f3ca5117822b4  133e3ebd064091
ssdeep: 6144:Esf4gitY5tecWw4cQuLmQbgvPx8eRCnJI9yt+QDMZ:Jck  4cQuLYNRdkHgZ
PEiD..: -
TrID..: File type identification
DirectShow filter (77.7%)
Win32 Executable MS Visual C++ (generic) (14.5%)
Win32 Executable Generic (3.2%)
Win32 Dynamic Link Library (generic) (2.9%)
Generic Win/DOS Executable (0.7%)

----------


## senyak

Файл live.gif получен 2009.01.23 12:03:01 (CET)
Текущий статус:    закончено 
Результат: 7/39 (17.95%)



> Антивирус	Версия	Обновление	Результат
> *a-squared	4.0.0.73	2009.01.23	Trojan.HTML.IFrame!IK*
> AhnLab-V3	5.0.0.2	2009.01.23	-
> *AntiVir	7.9.0.60	2009.01.23	HTML/IFrame.AC*
> Authentium	5.1.0.4	2009.01.22	-
> Avast	4.8.1281.0	2009.01.22	-
> AVG	8.0.0.229	2009.01.23	-
> BitDefender	7.2	2009.01.23	-
> CAT-QuickHeal	10.00	2009.01.23	-
> ...


Дополнительная информация
File size: 282 bytes
MD5...: 69e43b1eefc2eae2870fefb39f5f272b
SHA1..: b5af47e88ebab99931ab86d31a77257a185e524e
SHA256: 464346e40a005818953b52b6bf1e06873c5dfec37268f3b791  9599cd247ee2f3
SHA512: f3807844bf286659463fa930538c686a169206ec4882099c95  cea10bca792535
cf4abd96bf285ee8f14222c8f8ff52cb6252e8eafdded00c47  fcbf67cd677292
ssdeep: 3:+FUhXCHTaVXGLSMy8d3WRbKxhsRcOq94IK:f0UqSva3WR26R  cOq9O
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

----------


## PavelA

м.б. и ложное срабатывание. Это из раздела "Помогите!"
http://virusinfo.info/showthread.php?t=38257
Файл avz00002.dta получен 2009.01.26 13:30:50 (CET)



```
Антивирус Версия Обновление Результат 
a-squared 4.0.0.73 2009.01.26 - 
AhnLab-V3 5.0.0.2 2009.01.26 - 
AntiVir 7.9.0.60 2009.01.26 TR/ATRAPS.Gen 
Authentium 5.1.0.4 2009.01.26 - 
Avast 4.8.1281.0 2009.01.25 - 
AVG 8.0.0.229 2009.01.26 - 
BitDefender 7.2 2009.01.26 - 
CAT-QuickHeal 10.00 2009.01.24 - 
ClamAV 0.94.1 2009.01.26 - 
Comodo 947 2009.01.26 - 
DrWeb 4.44.0.09170 2009.01.26 - 
eSafe 7.0.17.0 2009.01.25 Suspicious File 
eTrust-Vet 31.6.6325 2009.01.24 - 
F-Prot 4.4.4.56 2009.01.25 - 
F-Secure 8.0.14470.0 2009.01.26 - 
Fortinet 3.117.0.0 2009.01.25 - 
GData 19 2009.01.26 - 
Ikarus T3.1.1.45.0 2009.01.26 - 
K7AntiVirus 7.10.604 2009.01.24 - 
Kaspersky 7.0.0.125 2009.01.26 - 
McAfee 5506 2009.01.25 - 
McAfee+Artemis 5506 2009.01.25 - 
Microsoft 1.4205 2009.01.26 - 
NOD32 3800 2009.01.26 - 
Norman 5.93.01 2009.01.26 - 
nProtect 2009.1.8.0 2009.01.26 - 
Panda 9.5.1.2 2009.01.26 - 
PCTools 4.4.2.0 2009.01.26 - 
Prevx1 V2 2009.01.26 - 
Rising 21.13.42.00 2009.01.23 - 
SecureWeb-Gateway 6.7.6 2009.01.26 Trojan.ATRAPS.Gen 
Sophos 4.37.0 2009.01.26 - 
Sunbelt 3.2.1835.2 2009.01.16 - 
Symantec 10 2009.01.26 - 
TheHacker 6.3.1.5.229 2009.01.26 - 
TrendMicro 8.700.0.1004 2009.01.26 PAK_Generic.005 
VBA32 3.12.8.11 2009.01.25 - 
ViRobot 2009.1.23.1577 2009.01.26 - 
VirusBuster 4.5.11.0 2009.01.25
```

Ответ из ЛК:
*dpsec.dll - Trojan.Win32.Agent.bkzf*

New malicious software was found in this file. It's detection will be included in the next
update. Thank you for your help.

----------


## senyak

Взятс флешки:

Файл abra.rar получен 2009.01.26 14:59:23 (CET)
Текущий статус:     закончено 
Результат: 9/39 (23.08%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.0.0.73	2009.01.26	-
> AhnLab-V3	5.0.0.2	2009.01.26	-
> AntiVir	7.9.0.60	2009.01.26	-
> Authentium	5.1.0.4	2009.01.26	-
> Avast	4.8.1281.0	2009.01.25	-
> *AVG	8.0.0.229	2009.01.26	Worm/Generic_c.ZW*
> BitDefender	7.2	2009.01.26	-
> CAT-QuickHeal	10.00	2009.01.24	-
> ...


Дополнительная информация
File size: 29608 bytes
MD5...: 46f649a4c561471e7cbeedfe9dbb10b2
SHA1..: 09df0fa0262dff115077e4bc4361655ccee7b7d0
SHA256: df7293082038452ffe2a296c5c1233be7b663593508eb35be5  2e614b3278bf19
SHA512: 2a800c48e78f1a18b93d0e3845e8bf45dd8803de7c4afa2337  757a63ad6ef3b0
43c0dbd77e86e935679e5e6ca0ac0ec76df501c6b8d7185fff  de5e3167ea4067
ssdeep: 768:/FUNB0x1o8t9jYSyvjIPKANjWApF45nfd5FOQ1s:/F241z9sSyvjFAnC7OQ1
s
PEiD..: -



Файл jwgkvsq.rar получен 2009.01.26 15:00:46 (CET)
Текущий статус:    закончено 
Результат: 25/38 (65.79%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.0.0.73	2009.01.26	-
> AhnLab-V3	5.0.0.2	2009.01.26	-
> *AntiVir	7.9.0.60	2009.01.26	TR/Dropper.Gen*
> *Authentium	5.1.0.4	2009.01.26	W32/Conficker!Generic
> Avast	4.8.1281.0	2009.01.25	Win32:Confi
> AVG	8.0.0.229	2009.01.26	Worm/Downadup
> BitDefender	7.2	2009.01.26	Win32.Worm.Downadup.Gen
> CAT-QuickHeal	10.00	2009.01.24	Win32.Net-Worm.Kido.ih.3.Pack*
> ...


Дополнительная информация
File size: 165435 bytes
MD5...: b5a2bab57981404e060648216b7caacd
SHA1..: 24282bad6ac22ec6c94226d996889b3c6e476358
SHA256: 19c4ec91003fff14926b4d8361fe05e849e84a0c84a5039fb2  cf16a8bfb129a1
SHA512: 2be9023460c6fee0672c066da6072548afb299ad397c77bbff  70ee6a7577fdf1
3dbb69e531cdcfd1ff3b5244471debbb1f7f9d95828dee4ab5  cac8ccaf8b6734
ssdeep: 3072:Fvi4ICn/ofGEiUkWmvFGJzxLlLiq5r+2MQIkI43Z6mbbV01G71IdK9IKm:  N
LIlGbUkWaFAzhB5r+sGiZ9PK07+dK94
PEiD..: -

----------


## senyak

Файл in.php получен 2009.01.27 19:47:31 (CET)
Текущий статус:    закончено 
Результат: 5/39 (12.83%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.0.0.73	2009.01.27	-
> AhnLab-V3	5.0.0.2	2009.01.26	-
> *AntiVir	7.9.0.60	2009.01.27	HTML/Crypted.Gen*
> Authentium	5.1.0.4	2009.01.26	-
> *Avast	4.8.1281.0	2009.01.27	HTML:Iframe-inf*
> AVG	8.0.0.229	2009.01.27	-
> BitDefender	7.2	2009.01.27	-
> CAT-QuickHeal	10.00	2009.01.27	-
> ...


Дополнительная информация
File size: 688 bytes
MD5...: ce5ffb0f7e75b8c95e4946e1c3e158a1
SHA1..: 4817bfaabe6257c5b52d167ab9fbdc91d40e0fb5
SHA256: 2ce9061a786ca298d981e379e8bf31f7963fac79c2a9403872  0d6d805572e2f7
SHA512: 99ca4098b21c01cdc669dda0f702726e3af1301444758c2392  fc68d8b9721337
bd92562791a5ef75df09d822b0f3c0249d32d5c9938ec669ef  b993a0a62e45ba
ssdeep: 12:SumxKSAMGA7/N5DnMqIdzmx1jYxwGlQAMsMm16ByyVkJ1MIOne0Mnzc:+K5M1
/N5TMkLGl7Mo8yA6M5epzc
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

----------


## IgorKr

Файл quxnlq.exe получен 2009.01.28 15:29:42 (CET)
Текущий статус: закончено 
Результат: 6/39 (15.38%)




> a-squared	4.0.0.93	2009.01.28	-
> AhnLab-V3	5.0.0.2	2009.01.28	-
> AntiVir	7.9.0.60	2009.01.28	-
> Authentium	5.1.0.4	2009.01.27	-
> Avast	4.8.1281.0	2009.01.27	-
> AVG	8.0.0.229	2009.01.28	-
> BitDefender	7.2	2009.01.28	-
> CAT-QuickHeal	10.00	2009.01.28	-
> ClamAV	0.94.1	2009.01.28	-
> ...


Дополнительная информация
File size: 501424 bytes
MD5...: dcd0e884d36909288085ce5713c410fd
SHA1..: 6abccc198c5c356b1b8e7fa9329702ebff8d97df
SHA256: a1b0273e24ca316d14824e6dfe4a287962ac042e4a63ae5742  a22a09672a7e5e
SHA512: e2f8e660cba9703bf5bf37983f3786b5e81187243dfb73db9b  862ff877e1e48e
85944de877ae6dd87e8c2d1677c1d621bed53f39229d2c580b  d3faba4b7bd014
ssdeep: 12288:knNhuBoY8SorxgmA+nlvVlOArQ4fbaue4pZ1Ib:kPatC  g7EPgArxRN1E
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x95590
timedatestamp.....: 0x4850e379 (Thu Jun 12 08:51:05 200 :Cool: 
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x5d000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x5e000 0x38000 0x37800 7.93 d154032dbbbf17f077b9dac50ab63eb4
.rsrc 0x96000 0x6000 0x5c00 4.96 d31158dea4acce887d13d324b967072d

( 13 imports ) 
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: RegCloseKey
> COMCTL32.dll: ImageList_Create
> comdlg32.dll: GetSaveFileNameW
> GDI32.dll: LineTo
> MPR.dll: WNetUseConnectionW
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHELL32.dll: DragFinish
> USER32.dll: GetDC
> VERSION.dll: VerQueryValueW
> WINMM.dll: timeGetTime
> WSOCK32.dll: -

( 0 exports ) 
packers (F-Prot): UPX
packers (Kaspersky): PE_Patch.UPX, UPX

----------


## VirCode

свеженькое

Файл love.vbs получен 2009.01.29 06:43:44 (CET)
Текущий статус:    закончено 
Результат: 7/39 (17.95%)




> a-squared	4.0.0.93	2009.01.29	-
> AhnLab-V3	5.0.0.2	2009.01.29	-
> AntiVir	           7.9.0.60	2009.01.28	-
> *Authentium	5.1.0.4	2009.01.28	Heuristic-31*
> Avast	           4.8.1281.0	2009.01.28	-
> AVG       	8.0.0.229	2009.01.28	-
> BitDefender	7.2	2009.01.29	-
> CAT-QuickHeal	10.00	2009.01.29	-
> ClamAV	            0.94.1	2009.01.29	-
> ...


_Дополнительная информация
File size: 506 bytes
MD5...: 3fb2ac62c5cfa24f3c0b887c32af1d20
SHA1..: 41ec916821796c9c36fa14d774276238aa9ea075
SHA256: d1f5829f92146e9d7f1d367b4d3663970a696b84b796f712c1  bfd439c557bc5c
SHA512: 00238bc820e2725eee1a2e2af42816e32f386d9546000cfa79  5d8b4f3b02f1b2
e82f118ff2bda6b39551cfd345140fe23e8d3518b3ef029931  2edd1c85235375
ssdeep: 12:/ycPdtJWQONslam6ufesRAyt6BmSv2T1rGqTF8hnMv:/yEJWQONslaFAesRAY
yxs1rGA8hnc
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
_

----------


## AlexGOMEL

Файл avz00001.dta получен 2009.01.29 07:43:43 (CET)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.0.0.93	2009.01.29	-
> AhnLab-V3	5.0.0.2	2009.01.29	-
> *AntiVir	7.9.0.60	2009.01.28	TR/Dropper.Gen*
> Authentium	5.1.0.4	2009.01.28	-
> Avast	4.8.1281.0	2009.01.28	-
> AVG	8.0.0.229	2009.01.28	-
> BitDefender	7.2	2009.01.29	-
> CAT-QuickHeal	10.00	2009.01.29	-
> ...

----------


## PavelA

из темы http://virusinfo.info/showthread.php?t=38468
Файл с десктопа. Детект весьма странный.


```
Антивирус Версия Обновление Результат 
a-squared 4.0.0.93 2009.01.29 - 
AhnLab-V3 5.0.0.2 2009.01.29 - 
AntiVir 7.9.0.60 2009.01.29 - 
Authentium 5.1.0.4 2009.01.28 - 
Avast 4.8.1281.0 2009.01.28 - 
AVG 8.0.0.229 2009.01.29 - 
BitDefender 7.2 2009.01.29 - 
CAT-QuickHeal 10.00 2009.01.29 (Suspicious) - DNAScan 
ClamAV 0.94.1 2009.01.29 - 
Comodo 952 2009.01.29 - 
DrWeb 4.44.0.09170 2009.01.29 - 
eSafe 7.0.17.0 2009.01.29 Win32.TrojanFakeAle 
eTrust-Vet 31.6.6334 2009.01.29 - 
F-Prot 4.4.4.56 2009.01.28 - 
F-Secure 8.0.14470.0 2009.01.29 - 
Fortinet 3.117.0.0 2009.01.29 - 
GData 19 2009.01.29 - 
Ikarus T3.1.1.45.0 2009.01.29 - 
K7AntiVirus 7.10.609 2009.01.29 - 
Kaspersky 7.0.0.125 2009.01.29 - 
McAfee 5509 2009.01.28 - 
McAfee+Artemis 5509 2009.01.28 - 
Microsoft 1.4205 2009.01.29 - 
NOD32 3811 2009.01.29 a variant of Win32/Kryptik.GA 
Norman 6.00.02 2009.01.29 - 
nProtect 2009.1.8.0 2009.01.29 - 
Panda 9.5.1.2 2009.01.29 - 
PCTools 4.4.2.0 2009.01.29 - 
Prevx1 V2 2009.01.29 - 
Rising 21.13.42.00 2009.01.23 Trojan.Clicker.Win32.Undef.gj 
SecureWeb-Gateway 6.7.6 2009.01.29 Ad-Spyware.LooksLike.Dm 
Sophos 4.38.0 2009.01.29 Troj/FakeAle-LE 
Sunbelt 3.2.1835.2 2009.01.16 - 
Symantec 10 2009.01.29 - 
TheHacker 6.3.1.5.232 2009.01.29 - 
TrendMicro 8.700.0.1004 2009.01.29 - 
VBA32 3.12.8.11 2009.01.29 - 
ViRobot 2009.1.29.1580 2009.01.29 - 
VirusBuster 4.5.11.0 2009.01.28 -
```

----------


## Winsent

*a-squared	4.0.0.93	2009.01.31	Downloader.Delphi!IK*
AhnLab-V3	5.0.0.2	2009.01.31	-
*AntiVir	7.9.0.60	2009.01.30	DR/Delphi.Gen*
Authentium	5.1.0.4	2009.01.31	-
Avast	4.8.1281.0	2009.01.30	-
*AVG	8.0.0.229	2009.01.30	Win32/Heur
BitDefender	7.2	2009.01.31	Gen:Trojan.Heur.Dropper.2*
CAT-QuickHeal	10.00	2009.01.31	-
ClamAV	0.94.1	2009.01.31	-
Comodo	955	2009.01.31	-
DrWeb	4.44.0.09170	2009.01.31	-
eSafe	7.0.17.0	2009.01.29	-
eTrust-Vet	31.6.6335	2009.01.29	-
F-Prot	4.4.4.56	2009.01.31	-
F-Secure	8.0.14470.0	2009.01.31	-
Fortinet	3.117.0.0	2009.01.31	-
*GData	19	2009.01.31	Gen:Trojan.Heur.Dropper.2
Ikarus	T3.1.1.45.0	2009.01.31	Downloader.Delphi*
K7AntiVirus	7.10.612	2009.01.31	-
Kaspersky	7.0.0.125	2009.01.31	-
*McAfee	5512	2009.01.31	New Malware.bx*
*McAfee+Artemis	5512	2009.01.31	New Malware.bx
Microsoft	1.4306	2009.01.31	TrojanDropper:Win32/Delf.CI*
NOD32	3815	2009.01.31	-
Norman	6.00.02	2009.01.31	-
nProtect	2009.1.8.0	2009.01.30	-
Panda	9.5.1.2	2009.01.31	-
PCTools	4.4.2.0	2009.01.31	-
Prevx1	V2	2009.01.31	-
Rising	21.13.42.00	2009.01.23	-
*SecureWeb-Gateway	6.7.6	2009.01.30	Trojan.Dropper.Delphi.Gen
Sophos	4.38.0	2009.01.31	Sus/Dropper-R*
Sunbelt	3.2.1835.2	2009.01.16	-
Symantec	10	2009.01.31	-
TheHacker	6.3.1.5.241	2009.01.31	-
*TrendMicro	8.700.0.1004	2009.01.30	PAK_Generic.001
VBA32	3.12.8.12	2009.01.30	Backdoor.Win32.UltimateDefender.nf*
ViRobot	2009.1.31.1583	2009.01.31	-
VirusBuster	4.5.11.0	2009.01.31	-

Дополнительная информация
File size: 144398 bytes
MD5...: 0a44662b643f0119508bdd68893c2971
SHA1..: d84f79a6028434adb7d2063f7756309229e9c4d2
SHA256: ca7a9b12b4d0b38a3598d23799257c8ab3fc4bac3fff8a7bf7  d311481e22e678
SHA512: 971dc0af8e4c7e0299fe5c37455d37721e96f9b28eb16a147f  fc2123003dfcbf
0a3a7ba66e3da7363e6adeba8a74d6ae312ece216bd47490c9  c3786607f9e47c
ssdeep: 3072:GyfJ9kGj2OGxbodTxyZdW/YrSmnM0KKH0zv:GyfJSG95d1wGIMS+v
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2b000
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x4000 0x3b1b 6.53 f7f6bdc124092be88cde3b74f5cd6f79
DATA 0x5000 0x1000 0xbc 4.23 71120066cc96af28429e3d91dadd84d9
BSS 0x6000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x7000 0x1000 0x5d9 4.32 ed346d7d259470b93b4f6229afa802ff
.tls 0x8000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x9000 0x2000 0x13 2.46 231ec597a238bf6a2b7189bb5ece7901
.rsrc 0xb000 0x1e5ec 0x1e600 7.81 47d7e28603a24c21c27321ebe8241704
WCALab 0x2a000 0x1000 0x40 4.40 1fc047478ccb43109160076f79c2a7e0
.Sunzer 0x2b000 0x200 0x200 6.70 a95ad18642ed68535afde26bea1db5a8

( 7 imports ) 
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, GetThreadLocale, GetStartupInfoA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
> user32.dll: GetKeyboardType, MessageBoxA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> oleaut32.dll: SysFreeString, SysReAllocStringLen
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> kernel32.dll: WriteFile, VirtualFree, VirtualAlloc, SizeofResource, SetFilePointer, SetEndOfFile, ReadFile, LockResource, LoadResource, GetTempPathA, FreeResource, FindResourceA, DeleteFileA, CreateFileA, CopyFileA, CloseHandle
> shell32.dll: ShellExecuteA

( 0 exports )

----------


## VirCode

даунлодер

Файл kexek__1_.exe получен 2009.02.03 05:18:10 (CET)
Текущий статус:   закончено 
Результат: 9/39 (23.08%)




> Антивирус	Версия	Обновление	Результат
> a-squared	4.0.0.93	2009.02.03	-
> AhnLab-V3	5.0.0.2	2009.02.03	-
> *AntiVir	7.9.0.71	2009.02.02	TR/Hijacker.Gen*
> Authentium	5.1.0.4	2009.02.02	-
> Avast	           4.8.1281.0	2009.02.03	-
> AVG	           8.0.0.229	2009.02.02	-
> *BitDefender	7.2	2009.02.03	BehavesLike:Win32.ExplorerHijack*
> CAT-QuickHeal	10.00	2009.02.02	-
> ...


Дополнительная информация
File size: 20480 bytes
MD5...: 1b3db5bcea84a7cdd0c7e8a7a4a38e1e
SHA1..: bb4d92f9e60c17ce092e7cbf053c7f5fabfc3aa5
SHA256: 182df22543c7b3c5daf181747b4070ecd787a31126333df811  3ae92b99ded605
SHA512: 69543af1499e39eeb25d98033097f0444b3529d1bd7b8962fd  4992479d150a77
bee71e88131e1a635abc256504a3ece639b0c06a06eab860d7  429e5015de5236
ssdeep: 384:rEuUMAr6N08l/ij7m+1Ir9EIBJPVIl6f/iGVAL/gseoJkw4KizbgIyj:rE9M
VNhl/ija+1I557qcnf6/gs7Fu
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information

----------


## Shu_b

итого по январю:

----------


## VirCode

Файл opendoor.exe получен 2009.02.05 11:02:26 (CET)
Текущий статус:   закончено 
Результат: 15/39 (38.47%)




> Антивирус	Версия	Обновление	Результат
> a-squared	4.0.0.93	2009.02.05	-
> AhnLab-V3	5.0.0.2	2009.02.05	-
> *AntiVir	7.9.0.74	2009.02.05	TR/Crypt.XPACK.Gen*
> Authentium	5.1.0.4	2009.02.04	-
> *Avast	4.8.1281.0	2009.02.04	Win32:IRCBot-AHP*
> *AVG	           8.0.0.229	2009.02.04	Win32/CryptExe
> BitDefender	7.2	2009.02.05	DeepScan:Generic.Malware.SFP!]g.70407C30*
> *CAT-QuickHeal	10.00	2009.02.05	(Suspicious) - DNAScan*
> ...


Дополнительная информация
File size: 264809 bytes
MD5...: aa477b7ead71870d05f24ff402236181
SHA1..: 775434f81642842f028cf6302ce4f0e821bdb868
SHA256: 3ff5e0f892747b66eede74bb32e53e37cdb88a47e3dafacf1e  4a7237a9439674
SHA512: 360d1c28ec7e2fa9c0ab202549e34fb0e8c7d465f555520a64  38412ebfd5b7c3
e602d35a70b2096f7f54333f7edfeabd4f39c41b9a431e9838  546244506c5b71
ssdeep: 6144:qAWvJasnJtNTR3Rp5RbCoC3igwmfDeZJz8kOXVN2mHNmd  :qXMevJpXCoDkf
DeZOtemtC
PEiD..: EXECryptor 2.2.4 -> Strongbit/SoftComplete Development (h1)

----------


## rubin

```
a-squared	4.0.0.93	2009.02.07	-
AhnLab-V3	5.0.0.2	2009.02.07	-
AntiVir	7.9.0.76	2009.02.07	-
Authentium	5.1.0.4	2009.02.07	-
Avast	4.8.1335.0	2009.02.07	-
AVG	8.0.0.229	2009.02.07	-
BitDefender	7.2	2009.02.07	-
CAT-QuickHeal	10.00	2009.02.07	Win32.Backdoor.Poison.gen!A.2
ClamAV	0.94.1	2009.02.07	-
Comodo	969	2009.02.07	-
DrWeb	4.44.0.09170	2009.02.07	Trojan.DownLoad.29400
eSafe	7.0.17.0	2009.02.05	-
eTrust-Vet	31.6.6346	2009.02.07	-
F-Prot	4.4.4.56	2009.02.07	-
F-Secure	8.0.14470.0	2009.02.07	-
Fortinet	3.117.0.0	2009.02.07	-
GData	19	2009.02.07	-
Ikarus	T3.1.1.45.0	2009.02.07	-
K7AntiVirus	7.10.623	2009.02.07	-
Kaspersky	7.0.0.125	2009.02.07	-
McAfee	5518	2009.02.07	-
McAfee+Artemis	5519	2009.02.07	-
Microsoft	1.4306	2009.02.06	-
NOD32	3836	2009.02.07	-
Norman	6.00.02	2009.02.06	-
nProtect	2009.1.8.0	2009.02.07	-
Panda	9.5.1.2	2009.02.07	-
PCTools	4.4.2.0	2009.02.07	-
Prevx1	V2	2009.02.07	-
Rising	21.15.50.00	2009.02.07	-
SecureWeb-Gateway	6.7.6	2009.02.07	-
Sophos	4.38.0	2009.02.07	-
Sunbelt	3.2.1847.2	2009.02.07	-
Symantec	10	2009.02.07	-
TheHacker	6.3.1.5.248	2009.02.07	-
TrendMicro	8.700.0.1004	2009.02.06	-
VBA32	3.12.8.12	2009.02.05	-
ViRobot	2009.2.6.1594	2009.02.06	-
VirusBuster	4.5.11.0	2009.02.07	-
```

File size: 8704 bytes
MD5...: 73b5806e6c07701f7e49f4bb836da2c4
SHA1..: 8ba13fb2d1f19da34846217fb90e43e558a26837

*Добавлено через 1 час 50 минут*



```
a-squared	4.0.0.93	2009.02.07	-
AhnLab-V3	5.0.0.2	2009.02.07	-
AntiVir	7.9.0.76	2009.02.07	TR/Crypt.ZPACK.Gen
Authentium	5.1.0.4	2009.02.07	-
Avast	4.8.1335.0	2009.02.07	Win32:Falder
AVG	8.0.0.229	2009.02.07	FakeAlert.FS
BitDefender	7.2	2009.02.07	Backdoor.Bot.78382
CAT-QuickHeal	10.00	2009.02.07	-
ClamAV	0.94.1	2009.02.07	-
Comodo	969	2009.02.07	-
DrWeb	4.44.0.09170	2009.02.07	-
eSafe	7.0.17.0	2009.02.05	-
eTrust-Vet	31.6.6346	2009.02.07	-
F-Prot	4.4.4.56	2009.02.07	-
F-Secure	8.0.14470.0	2009.02.07	-
Fortinet	3.117.0.0	2009.02.07	-
GData	19	2009.02.07	Backdoor.Bot.78382
Ikarus	T3.1.1.45.0	2009.02.07	-
K7AntiVirus	7.10.623	2009.02.07	Trojan.Win32.Malware.4
Kaspersky	7.0.0.125	2009.02.07	-
McAfee	5518	2009.02.07	-
McAfee+Artemis	5519	2009.02.07	-
Microsoft	1.4306	2009.02.06	TrojanSpy:Win32/Zbot.gen!C
NOD32	3836	2009.02.07	a variant of Win32/Kryptik.FN
Norman	6.00.02	2009.02.06	-
nProtect	2009.1.8.0	2009.02.07	Backdoor/W32.IRCBot.190976
Panda	9.5.1.2	2009.02.07	-
PCTools	4.4.2.0	2009.02.07	-
Prevx1	V2	2009.02.07	-
Rising	21.15.50.00	2009.02.07	Trojan.Clicker.Win32.Undef.gj
SecureWeb-Gateway	6.7.6	2009.02.07	Trojan.Crypt.ZPACK.Gen
Sophos	4.38.0	2009.02.07	-
Sunbelt	3.2.1847.2	2009.02.06	-
Symantec	10	2009.02.07	Suspicious.MH690.A
TheHacker	6.3.1.5.248	2009.02.07	-
TrendMicro	8.700.0.1004	2009.02.06	-
VBA32	3.12.8.12	2009.02.05	Malware-Cryptor.Win32.Stit
ViRobot	2009.2.6.1594	2009.02.06	-
VirusBuster	4.5.11.0	2009.02.07	-
```

File size: 236544 bytes
MD5...: b119d620244c55d0c7d56a0a25841c3f
SHA1..: c07a6839fbfd8604aac7b98d24db4e9140e0ef54

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## rerrreers

Файл 4 получен 2009.02.08 10:17:14 (CET)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.93	2009.02.08	-
AhnLab-V3	5.0.0.2	2009.02.07	-
AntiVir	7.9.0.76	2009.02.07	-
Authentium	5.1.0.4	2009.02.07	-
Avast	4.8.1335.0	2009.02.07	-
AVG	8.0.0.229	2009.02.07	-
CAT-QuickHeal	10.00	2009.02.07	-
ClamAV	0.94.1	2009.02.08	-
Comodo	971	2009.02.08	-
DrWeb	4.44.0.09170	2009.02.08	-
eSafe	7.0.17.0	2009.02.05	-
eTrust-Vet	31.6.6346	2009.02.07	-
F-Prot	4.4.4.56	2009.02.07	-
F-Secure	8.0.14470.0	2009.02.08	Worm.Win32.AutoRun.exp
Fortinet	3.117.0.0	2009.02.08	-
GData	19	2009.02.08	-
Ikarus	T3.1.1.45.0	2009.02.08	-
K7AntiVirus	7.10.623	2009.02.07	-
Kaspersky	7.0.0.125	2009.02.08	Worm.Win32.AutoRun.exp
McAfee	5518	2009.02.07	-
McAfee+Artemis	5519	2009.02.07	-
Microsoft	1.4306	2009.02.08	-
NOD32	3836	2009.02.07	-
Norman	6.00.02	2009.02.06	-
Panda	9.5.1.2	2009.02.07	-
PCTools	4.4.2.0	2009.02.07	-
Prevx1	V2	2009.02.08	-
Rising	21.15.50.00	2009.02.07	-
SecureWeb-Gateway	6.7.6	2009.02.08	-
Sophos	4.38.0	2009.02.08	-
Sunbelt	3.2.1847.2	2009.02.07	-
Symantec	10	2009.02.08	-
TheHacker	6.3.1.5.249	2009.02.08	-
TrendMicro	8.700.0.1004	2009.02.06	-
VBA32	3.12.8.12	2009.02.08	-
ViRobot	2009.2.6.1594	2009.02.06	-
VirusBuster	4.5.11.0	2009.02.07	-
```

Дополнительная информация
File size: 98304 bytes
MD5...: 27f048a961b537fb71fd15e92f4a349d
SHA1..: fb12944bde475175f565765bec16fd4071376c86
SHA256: f198a5f9f4a1d4c9cd555e3bcf095c0fd187afe52cd90669fe  184d72955a5bb7

----------


## PavelA

Из http://virusinfo.info/showthread.php?t=39643 
'C:\WINDOWS\Fonts\CtmRes.dll'



```
Антивирус Версия Обновление Результат 
a-squared 4.0.0.93 2009.02.13 BehavesLike!IK 
AhnLab-V3 5.0.0.2 2009.02.13 Win-Trojan/Agent.10240.VO 
AntiVir 7.9.0.76 2009.02.13 TR/Hijacker.Gen 
Authentium 5.1.0.4 2009.02.13 W32/Heuristic-KPP!Eldorado 
Avast 4.8.1335.0 2009.02.12 Win32:Spyware-gen 
AVG 8.0.0.237 2009.02.13 PSW.Generic6.BASJ 
BitDefender 7.2 2009.02.13 Trojan.Agent.12433 
CAT-QuickHeal 10.00 2009.02.13 - 
ClamAV 0.94.1 2009.02.13 - 
Comodo 976 2009.02.13 - 
DrWeb 4.44.0.09170 2009.02.13 - 
eSafe 7.0.17.0 2009.02.12 - 
eTrust-Vet 31.6.6356 2009.02.13 Win32/Gamepass.YN 
F-Prot 4.4.4.56 2009.02.13 W32/Heuristic-KPP!Eldorado 
F-Secure 8.0.14470.0 2009.02.13 - 
Fortinet 3.117.0.0 2009.02.13 - 
GData 19 2009.02.13 Trojan.Agent.12433 
Ikarus T3.1.1.45.0 2009.02.13 BehavesLike 
K7AntiVirus 7.10.628 2009.02.12 Trojan.Win32.Malware.1 
Kaspersky 7.0.0.125 2009.02.13 - 
McAfee 5524 2009.02.12 Generic.dx 
McAfee+Artemis 5524 2009.02.12 Generic.dx 
Microsoft 1.4306 2009.02.13 Trojan:Win32/Comotor.A!dll 
NOD32 3850 2009.02.13 Win32/Spy.Agent.NLK 
Norman 6.00.02 2009.02.12 W32/Malware.FHAS 
nProtect 2009.1.8.0 2009.02.13 Trojan/W32.Agent.10240.CR 
Panda 10.0.0.10 2009.02.12 Generic Trojan 
PCTools 4.4.2.0 2009.02.12 - 
Prevx1 V2 2009.02.13 - 
Rising 21.16.42.00 2009.02.13 Trojan.Win32.Nodef.aoq 
SecureWeb-Gateway 6.7.6 2009.02.13 Trojan.Hijacker.Gen 
Sophos 4.38.0 2009.02.13 - 
Sunbelt 3.2.1851.2 2009.02.12 Trojan-PSW.OnlineGames 
Symantec 10 2009.02.13 - 
TheHacker 6.3.1.9.255 2009.02.13 - 
TrendMicro 8.700.0.1004 2009.02.13 TROJ_VUNDO.MCL 
VBA32 3.12.8.12 2009.02.13 Win32.Spy.Agent.NLK 
ViRobot 2009.2.13.1605 2009.02.13 - 
VirusBuster 4.5.11.0 2009.02.12 -
```

----------


## Surfer

File valentine.exe received on 02.17.2009 14:08:40 (CET)




> a-squared 4.0.0.93 2009.02.17 - 
> AhnLab-V3 5.0.0.2 2009.02.17 - 
> AntiVir 7.9.0.79 2009.02.17 - 
> Authentium 5.1.0.4 2009.02.17 - 
> Avast 4.8.1335.0 2009.02.16 - 
> *AVG 8.0.0.237 2009.02.17 Injector.CD
> BitDefender 7.2 2009.02.17 Trojan.Waledac.Gen.1*
> CAT-QuickHeal 10.00 2009.02.17 - 
> ClamAV 0.94.1 2009.02.17 - 
> ...


File size: 410972 bytes 
MD5...: a7cd8f13ae9e4f903b524e12a743d759

----------


## Erekle

> Файл Your_Dad_Has_Shit_Fetish_Too.PIF получен 2009.02.17 13:41:51 (CET)
> Результат: *4/39* (10.26%)
> 
> a-squared 4.0.0.93 2009.02.17 - 
> AhnLab-V3 5.0.0.2 2009.02.17 - 
> AntiVir 7.9.0.79 2009.02.17 - 
> Authentium 5.1.0.4 2009.02.17 - 
> Avast 4.8.1335.0 2009.02.16 - 
> AVG 8.0.0.237 2009.02.17 - 
> ...





> Файл perce.jpg.exe [perce.jpg] получен 2009.02.17 10:10:15 (CET)
> Результат: *5/39* (12.82%)
> 
> a-squared 4.0.0.93 2009.02.17 - 
> AhnLab-V3 5.0.0.2 2009.02.17 - 
> AntiVir 7.9.0.79 2009.02.17 - 
> Authentium 5.1.0.4 2009.02.16 - 
> Avast 4.8.1335.0 2009.02.16 - 
> AVG 8.0.0.237 2009.02.16 - 
> ...





> Файл viewtubesoftware.40012.exe [systeminit.exe]
>  получен 2009.02.17 08:48:12 (CET)
> Результат: *6/39* (15.38%)
> 
> a-squared 4.0.0.93 2009.02.17 - 
> AhnLab-V3 5.0.0.2 2009.02.17 - 
> AntiVir 7.9.0.79 2009.02.16 - 
> Authentium 5.1.0.4 2009.02.16 - 
> Avast 4.8.1335.0 2009.02.16 - 
> ...





> Файл setup_200002.exe получен 2009.02.17 17:22:47 (CET)
> Результат: *8/39* (20.51%)
> 
> a-squared 4.0.0.93 2009.02.17 - 
> AhnLab-V3 5.0.0.2 2009.02.17 - 
> *AntiVir 7.9.0.79 2009.02.17 TR/Dropper.Gen* 
> Authentium 5.1.0.4 2009.02.17 - 
> Avast 4.8.1335.0 2009.02.16 - 
> AVG 8.0.0.237 2009.02.17 - 
> ...





> Файл msxml71.dll получен 2009.02.17 18:04:11 (CET)
> Результат: *4/39* (10.26%)
> 
> a-squared 4.0.0.93 2009.02.17 - 
> AhnLab-V3 2009.2.17.2 2009.02.17 - 
> AntiVir 7.9.0.83 2009.02.17 - 
> Authentium 5.1.0.4 2009.02.17 - 
> Avast 4.8.1335.0 2009.02.16 - 
> AVG 8.0.0.237 2009.02.17 - 
> ...





> Файл item.gif получен 2009.02.17 18:42:17 (CET)
> Результат: *7/39* (17.95%)
> 
> a-squared 4.0.0.93 2009.02.17 - 
> AhnLab-V3 5.0.0.2 2009.02.17 - 
> *AntiVir 7.9.0.83 2009.02.17 TR/Crypt.XPACK.Gen* 
> Authentium 5.1.0.4 2009.02.17 - 
> Avast 4.8.1335.0 2009.02.16 - 
> AVG 8.0.0.237 2009.02.17 - 
> ...


.

----------


## Shu_b

2 *Erekle* Просьба публиковать полные результаты, в данном виде подсчитываться не будет.

----------


## MedvedD

Файл twex.exe получен 2009.02.19 13:19:04 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО 


Результат: 9/39 (23.08%)




```
Антивирус Версия Обновление Результат 
a-squared 4.0.0.93 2009.02.19 - 
AhnLab-V3 2009.2.19.0 2009.02.19 - 
AntiVir 7.9.0.83 2009.02.19 TR/Dropper.Gen 
Authentium 5.1.0.4 2009.02.19 - 
Avast 4.8.1335.0 2009.02.18 Win32:Rootkit-gen 
AVG 8.0.0.237 2009.02.19 - 
BitDefender 7.2 2009.02.19 - 
CAT-QuickHeal 10.00 2009.02.19 - 
ClamAV 0.94.1 2009.02.18 - 
Comodo 983 2009.02.18 - 
DrWeb 4.44.0.09170 2009.02.19 - 
eSafe 7.0.17.0 2009.02.18 - 
eTrust-Vet 31.6.6365 2009.02.19 - 
F-Prot 4.4.4.56 2009.02.19 - 
F-Secure 8.0.14470.0 2009.02.19 Trojan-Spy.Win32.Zbot.myr 
Fortinet 3.117.0.0 2009.02.18 - 
GData 19 2009.02.19 Win32:Rootkit-gen  
Ikarus T3.1.1.45.0 2009.02.19 - 
K7AntiVirus 7.10.630 2009.02.18 - 
Kaspersky 7.0.0.125 2009.02.19 Trojan-Spy.Win32.Zbot.myr 
McAfee 5529 2009.02.17 - 
McAfee+Artemis 5529 2009.02.17 - 
Microsoft 1.4306 2009.02.19 PWS:Win32/Zbot.gen!R 
NOD32 3867 2009.02.19 a variant of Win32/Kryptik.HK 
Norman 6.00.06 2009.02.19 - 
nProtect 2009.1.8.0 2009.02.19 - 
Panda 10.0.0.10 2009.02.19 - 
PCTools 4.4.2.0 2009.02.19 - 
Prevx1 V2 2009.02.19 - 
Rising 21.17.32.00 2009.02.19 - 
SecureWeb-Gateway 6.7.6 2009.02.19 Trojan.Dropper.Gen 
Sophos 4.38.0 2009.02.19 Mal/FakeVirPk-A 
Sunbelt 3.2.1855.2 2009.02.17 - 
Symantec 10 2009.02.19 - 
TheHacker 6.3.2.2.259 2009.02.18 - 
TrendMicro 8.700.0.1004 2009.02.19 - 
VBA32 3.12.10.0 2009.02.18 - 
ViRobot 2009.2.19.1615 2009.02.19 - 
VirusBuster 4.5.11.0 2009.02.18 -
```

Дополнительная информация 
File size: 246784 bytes 
MD5...: f937d9c8257c392c015b246841ba0a5f 
SHA1..: 8035a03788bd26b3dfc441de1bdff6cf5821e5bd 
SHA256: d0df8dbebef10a1f654a26bccd37794b71d679eca8bc844048  af0b8ef367eb53 
SHA512: 0067615c7a88b0a5a36b8a83a0430f8f4b50b11be722a08ebf  dd8e04c37b4d01
c578ed0c50e3802b9730402326333979212c061d8935a777fd  83a1c8f993b461 
ssdeep: 6144:rtx/p89ofXaK6+GPUWv57VQyS2eidu/f6Z5T6tXpqb03+dW:bs8Xr6dPU0p
VQy0i2c5e5pqA3+dW

PEiD..: - 
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%) 
PEInfo: PE Structure information

----------


## Black_N

Файл hgGYRKCU.dll получен 2009.02.20 11:46:33 (CET)
Текущий статус: закончено 
Результат: 10/39 (25.64%)



```
a-squared	-		Trojan.Win32.Monderd!IK
AhnLab-V3	-	
AntiVir	-	-	TR/Vundo.Gen
Authentium	-	
Avast	-	
AVG	-		Win32/Heur
BitDefender	-		Gen:Trojan.Heur.544453
CAT-QuickHeal	-	
ClamAV	-	
Comodo	-	
DrWeb	-	
eSafe	-	
eTrust-Vet	-	
F-Prot	-	
F-Secure	-	
Fortinet	-	
GData	-	-	Gen:Trojan.Heur.544453
Ikarus	-	-	Trojan.Win32.Monderd
K7AntiVirus	-	
Kaspersky	-	
McAfee	-	
McAfee+Artemis	-	
Microsoft	-	
NOD32	-	
Norman	-	
nProtect	-		Gen:Trojan.Heur.544453
Panda	-	
PCTools	-	
Prevx1	-	
Rising	-	
SecureWeb-Gateway	-		Trojan.Vundo.Gen
Sophos	-		Sus/Behav-278
Sunbelt	-	
Symantec	-	
TheHacker	-	
TrendMicro	-
VBA32	-	
ViRobot	-	
VirusBuster	-		Trojan.Vundo.Gen!Pac.27
```

Дополнительная информация
MD5: 47973e69abb4b32062a2a367ee60ce41
SHA1: a977c327d27046fec739aa0292980481331ca7f9
SHA256: 213db95223818a0f83dcbab445440ac1b42575d5a1f692ef32  cd162be3dd6a96
SHA512: 007ac7b4b85b824ee2b3a9c9d328775894bc8fcb5c6fc2151c  bda738fdd0b598ef1d1e3fa5b6c89d9598214ff4bc7406e917  db409539784f76c63ec4647797cf

*Добавлено через 6 минут*

Файл tuvSIaWQ.dll получен 2009.02.19 04 :20: 12 (CET)
Текущий статус: закончено 
Результат: 8/39 (20.51%)



```
a-squared	-         Virus.Trojan.Win32.Monderb!IK
AhnLab-V3	-	
AntiVir	-		
Authentium	-	
Avast	-		
AVG	-		
BitDefender	-	
CAT-QuickHeal	-	
ClamAV	-		
Comodo	-		
DrWeb	-		
eSafe	-		Suspicious File
eTrust-Vet	-	
F-Prot	-	
F-Secure	-	
Fortinet	-	
GData	-	
Ikarus	-		Virus.Trojan.Win32.Monderb
K7AntiVirus	-	
Kaspersky	-		Trojan.Win32.Monderb.ajwo
McAfee	-	
McAfee+Artemis	-		Generic!Artemis
Microsoft	-		Trojan:Win32/Vundo.IB
NOD32	-		probably a variant of Win32/Genetik
Norman	-	
nProtect	-
Panda	-	
PCTools	-	
Prevx1	-	          Medium Risk Malware
Rising	-	
SecureWeb-Gateway	-	
Sophos	-	
Sunbelt	-	
Symantec	-	
TheHacker	-	
TrendMicro	-	
VBA32	-	
ViRobot	-	
VirusBuster	-
```

Дополнительная информация
MD5: 95caec91223f69e6a9f975e790991193
SHA1: 8fd087515830a1337a22acb586bd04d2d242c9bf
SHA256: 5665f4e4a701955aec1fdd441694352c995dc66d2ec0513a82  0baede04da578c
SHA512: ab2df72bce7550dd90273d8f68a59691eb5cab539d4d0a8476  bd2487998d756b6b2613ccc6a0800cff61aaf8bfc9fa95d528  3c68888a4fdd1867889cdf9fcec4

*Добавлено через 22 минуты*

Файл cogad.rar получен 2009.02.20 12:27:51 (CET)
Текущий статус: закончено 
Результат: 20/38 (52.63%)



```
a-squared	4.0.0.93	2009.02.20	Virus.Win32.Trojan!IK
AhnLab-V3	2009.2.20.1	2009.02.20	-
AntiVir	7.9.0.85	2009.02.20	TR/Downloader.Gen
Authentium	5.1.0.4	2009.02.20	W32/Downloader.F.gen!Eldorado
Avast	4.8.1335.0	2009.02.19	Win32:Trojan-gen {Other}
AVG	8.0.0.237	2009.02.19	Downloader.Generic8.WRK
CAT-QuickHeal	10.00	2009.02.20	Trojan.Agent.bprt
ClamAV	0.94.1	2009.02.20	-
Comodo	983	2009.02.19	-
DrWeb	4.44.0.09170	2009.02.20	-
eSafe	7.0.17.0	2009.02.19	Suspicious File
eTrust-Vet	31.6.6367	2009.02.20	-
F-Prot	4.4.4.56	2009.02.19	W32/Downloader.F.gen!Eldorado
F-Secure	8.0.14470.0	2009.02.20	-
Fortinet	3.117.0.0	2009.02.20	PossibleThreat
GData	19	2009.02.20	Trojan.Generic.1439744
Ikarus	T3.1.1.45.0	2009.02.20	Virus.Win32.Trojan
K7AntiVirus	7.10.637	2009.02.19	-
Kaspersky	7.0.0.125	2009.02.20	-
McAfee	5530	2009.02.19	-
McAfee+Artemis	5530	2009.02.19	Generic!Artemis
Microsoft	1.4306	2009.02.20	-
NOD32	3871	2009.02.20	a variant of Win32/TrojanDownloader.Agent.OOL
Norman	6.00.06	2009.02.19	-
nProtect	2009.1.8.0	2009.02.20	-
Panda	10.0.0.10	2009.02.20	Trj/Agent.LFV
PCTools	4.4.2.0	2009.02.19	-
Prevx1	V2	2009.02.20	Medium Risk Malware
Rising	21.17.42.00	2009.02.20	Trojan.DL.Win32.Undef.dgw
SecureWeb-Gateway	6.7.6	2009.02.20	Trojan.Downloader.Gen
Sophos	4.38.0	2009.02.20	-
Sunbelt	3.2.1855.2	2009.02.17	-
Symantec	10	2009.02.20	Downloader
TheHacker	6.3.2.3.261	2009.02.20	-
TrendMicro	8.700.0.1004	2009.02.20	PAK_Generic.001
VBA32	3.12.10.0	2009.02.20	suspected of Win32.Trojan-Downloader
ViRobot	2009.2.20.1617	2009.02.20	-
VirusBuster	4.5.11.0	2009.02.19	-
```

Дополнительная информация
File size: 55470 bytes
MD5...: ba0c365728ed71a6a90c2a2d13c31ccb
SHA1..: 12df2bff630a26191620dca9a706fcc0da6f70f5
SHA256: 9f65f32ad7ef24259d6841e101e7edc797c5c823a9a31b7d40  d0ef6214135ffa
SHA512: 67c142b82c5c7cb4204d6ececb5e32ba75b50084eb0e9e5c2f  9b32d53795a70c
324aad076743dd4d90778f96a4deab41592be3e6280293c826  2023768a67d3f6
ssdeep: 768:eSmyjYXfNU4F0x4NBRWZwDKeexgJfDd527cxkYXEyMiSXg  fM7wtfX3wyTt5h
fdRc:UXfaxCS8K5mGZyMF+XXffpeJShgAA
PEiD..: -
TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)
PEInfo: -
packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramte...BD16005A660868

----------


## senyak

Файл icqreger.jar получен 2009.02.21 21:47:26 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 2/38 (5.27%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.93	2009.02.21	-
> AhnLab-V3	2009.2.21.0	2009.02.21	-
> AntiVir	7.9.0.87	2009.02.21	-
> Authentium	5.1.0.4	2009.02.21	-
> Avast	4.8.1335.0	2009.02.20	-
> AVG	8.0.0.237	2009.02.21	-
> BitDefender	7.2	2009.02.21	-
> CAT-QuickHeal	10.00	2009.02.20	-
> ...


Дополнительная информация
File size: 2319 bytes
MD5...: 3aa72f8238be00d96aaeb2e9a04850d5
SHA1..: 3d31080d089e4bdf7e85a9b83f1e9f7eb006abd6
SHA256: b4e80f0156b32306d3f8ec736255d0164f8344f50a2b325d87  24a483add0cfbe
SHA512: e5afedd1bd32171a3b26db4acf649ddb55ba2bd576c0c0179d  d6d1f08adf3f4e
ce20b4ac223bd0d929e5d587f5c6c1ddd7899ca351482903a3  2d103c49256d9f
ssdeep: 48:gFD4VrTnHOCmmJwLnDTVWDkcRMxQGGzbkMxl/G:gFsTHmX3SRuGfkMxlO
PEiD..: -
TrID..: File type identification
Adobe PhotoShop Brush (50.0%)
BONK lossless/lossy audio compressor (49.9%)
PEInfo: -



Файл odnoklassniki.jar получен 2009.02.21 21:47:36 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 9/38 (23.69%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.93	2009.02.21	Trojan-SMS!IK*
> AhnLab-V3	2009.2.21.0	2009.02.21	-
> AntiVir	7.9.0.87	2009.02.21	-
> *Authentium	5.1.0.4	2009.02.21	Java/Smarm.B*
> Avast	4.8.1335.0	2009.02.20	-
> AVG	8.0.0.237	2009.02.21	-
> BitDefender	7.2	2009.02.21	-
> CAT-QuickHeal	10.00	2009.02.20	-
> ...


Дополнительная информация
File size: 2322 bytes
MD5...: a38c0f6753f626a0c26225a0b23f59f7
SHA1..: 934907d4e85a3cc0268e9a90045da5357b56a5f7
SHA256: 344d56b51ecfcb7a3a80353ef8ddd89a1f35ccf59035c96c40  27c635019bf2c1
SHA512: bea05d0f6d69a8cc141d24c4ab83c48825b91bed36e001e74f  51c6110b260115
a9f0aff73cc578a2430b6d554c08fabce810273b537b3a23f1  e5f87e7cca9477
ssdeep: 48:+ETujh7rTnHOCmmJwLnDTjKWDkcRMxQGGzbkMxftjj:2THm  X3vTRuGfkMxVjj
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: -

----------


## OSSP2008

Файл 11 получен 2009.02.22 08:13:16 (CET)
Текущий статус:    закончено 
Результат: *6/39* (15.39%)



```
a-squared	4.0.0.93	2009.02.22	-
AhnLab-V3	2009.2.21.0	2009.02.22	-
AntiVir	7.9.0.87	2009.02.21	-
Authentium	5.1.0.4	2009.02.21	-
Avast	4.8.1335.0	2009.02.22	HTML:IFrame-CM
AVG	8.0.0.237	2009.02.21	-
BitDefender	7.2	2009.02.22	-
CAT-QuickHeal	10.00	2009.02.20	-
ClamAV	0.94.1	2009.02.22	-
Comodo	983	2009.02.20	-
DrWeb	4.44.0.09170	2009.02.22	-
eSafe	7.0.17.0	2009.02.19	-
eTrust-Vet	31.6.6368	2009.02.20	-
F-Prot	4.4.4.56	2009.02.21	-
F-Secure	8.0.14470.0	2009.02.22	Trojan-Downloader.JS.Iframe.ahs
Fortinet	3.117.0.0	2009.02.21	-
GData	19	2009.02.22	HTML:IFrame-CM 
Ikarus	T3.1.1.45.0	2009.02.22	-
K7AntiVirus	7.10.639	2009.02.21	-
Kaspersky	7.0.0.125	2009.02.22	Trojan-Downloader.JS.Iframe.ahs
McAfee	5532	2009.02.21	-
McAfee+Artemis	5532	2009.02.21	-
Microsoft	1.4306	2009.02.22	-
NOD32	3875	2009.02.21	-
Norman	6.00.06	2009.02.20	-
nProtect	2009.1.8.0	2009.02.22	-
Panda	10.0.0.10	2009.02.21	-
PCTools	4.4.2.0	2009.02.21	-
Prevx1	V2	2009.02.22	-
Rising	21.17.61.00	2009.02.22	-
SecureWeb-Gateway	6.7.6	2009.02.22	-
Sophos	4.39.0	2009.02.22	Mal/ObfJS-A
Sunbelt	3.2.1855.2	2009.02.17	-
Symantec	10	2009.02.22	-
TheHacker	6.3.2.4.263	2009.02.21	Trojan/Downloader.vbs
TrendMicro	8.700.0.1004	2009.02.20	-
VBA32	3.12.10.0	2009.02.22	-
ViRobot	2009.2.20.1617	2009.02.20	-
VirusBuster	4.5.11.0	2009.02.21	-
```

----------


## senyak

Файл avz00001.dta получен 2009.02.22 23:25:23 (CET)
Текущий статус: закончено
Результат: 18/39 (46.15%)



> Антивирус 	Версия 	Обновление 	Результат
> *a-squared 	4.0.0.93 	2009.02.22 	Trojan-Dialer!IK*
> AhnLab-V3 	2009.2.21.0 	2009.02.22 	-
> *AntiVir 	7.9.0.87 	2009.02.22 	TR/ATRAPS.Gen*
> Authentium 	5.1.0.4 	2009.02.22 	-
> *Avast 	4.8.1335.0 	2009.02.22 	Win32elf-LWM
> AVG 	8.0.0.237 	2009.02.22 	Dropper.Generic.AIGP
> BitDefender 	7.2 	2009.02.22 	Trojan.Generic.1444572*
> CAT-QuickHeal 	10.00 	2009.02.22 	-
> ...


Дополнительная информация
File size: 26156 bytes
MD5...: 26109da7e10e9ede0313655956ce151e
SHA1..: 16e8d4438f288e9b9d1694013d54d7b294d6284a
SHA256: b5d86daf7e32fe7fd3ce2dbce420a710c15376ed23a7032553  28e5ac0465706a
SHA512: 62e21113cca31c45ffbd18c210380064a6a8b37b8b0fe6e4b2  bb2cbf68d0dd79
679e0f8bfc00aa9829bd3a47bb4b4b5716a81eb94b7318cfab  88c67604926f69
ssdeep: 768 :Stick Out Tongue: ARkOT1fzNNc1DICjBO89i2GQ87aPWMELHTW0YRDjyzO :Stick Out Tongue: wNoj11GQ87abEL
ir9OK
PEiD..: BobSoft Mini Delphi -> BoB / BobSoft

----------


## IgorKr

Файл Lingvo_x3_patch.exe получен 2009.02.23 19:06:10 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 10/39 (25.65%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.93	2009.02.23	*Trojan.Win32.Bepiv!IK*
> AhnLab-V3	2009.2.24.0	2009.02.23	-
> AntiVir	7.9.0.88	2009.02.23	*TR/Drop.RKit.CM*
> Authentium	5.1.0.4	2009.02.23	-
> Avast	4.8.1335.0	2009.02.23	-
> AVG	8.0.0.237	2009.02.23	*Downloader.Generic_r.DA*
> BitDefender	7.2	2009.02.23	-
> CAT-QuickHeal	10.00	2009.02.22	*(Suspicious) - DNAScan*
> ...


Дополнительная информация
File size: 438272 bytes
MD5...: cc83b516ac3ccfb306e3648cea8a6a8c
SHA1..: f1f1714eedb60c68bc50852275a2b7e4f3af47b1
SHA256: 1183f96dad037bc2de303763543c0bebd691554032fe029745  714222a084540f
SHA512: ff73169fa5ab1ca094ee410f8a5b1b3698a459a7435bf6772b  4bd1e7c3a2442c
245870e8b11ede570cbaf300071460b8f397e9e108ef4dbe04  11f33f10146507
ssdeep: 6144:q6zETtQNyhbTDO3megK5p5cH48oUJeahU4wR6uuWksrO:  q5TiNqfNegK5a4
8nphUpRduWj
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4b033b
timedatestamp.....: 0x49a10222 (Sun Feb 22 07:43:30 2009)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x121b2 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x14000 0xfa8c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x24000 0x39a4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x28000 0x3fc80 0x2a000 6.32 2980c4e7005734cd9466ca7cef30e611
.vmp0 0x68000 0x10528 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.vmp1 0x79000 0x409d0 0x40a00 7.95 0feaeff7b8c0164b8c3858afea6dd358
.reloc 0xba000 0xb4 0x200 1.99 d18a5216916884b2e72de427e2d01b81

( 9 imports )
> KERNEL32.dll: GlobalLock
> USER32.dll: LoadCursorA
> ADVAPI32.dll: RegEnumKeyExA
> ole32.dll: CoTaskMemRealloc
> OLEAUT32.dll: -
> GDI32.dll: GetStockObject
> ntdll.dll: RtlFreeHeap
> KERNEL32.dll: LoadLibraryA, VirtualProtect, GetModuleFileNameA, ExitProcess
> USER32.dll: MessageBoxA

( 0 exports )

----------


## MedvedD

Файл .vbe получен 2009.02.24 13:17:15 (CET)

Результат: 29/39 (74.36%)


```
Антивирус Версия Обновление Результат 
a-squared 4.0.0.93 2009.02.24 Virus.VBS.Agent.ah!IK 
AhnLab-V3 2009.2.24.0 2009.02.24 VBS/Autorun 
AntiVir 7.9.0.88 2009.02.24 VBS/Autorun.AL 
Authentium 5.1.0.4 2009.02.24 VBS/Agent.F 
Avast 4.8.1335.0 2009.02.23 VBS:Agent-BD 
AVG 8.0.0.237 2009.02.24 VBS/Worm.G 
BitDefender 7.2 2009.02.24 VBS.Autorun.AAB 
CAT-QuickHeal 10.00 2009.02.22 VBS/Autorun.S 
ClamAV 0.94.1 2009.02.24 - 
Comodo 984 2009.02.20 - 
DrWeb 4.44.0.09170 2009.02.24 VBS.Autoruner.6 
eSafe 7.0.17.0 2009.02.19 - 
eTrust-Vet 31.6.6369 2009.02.23 VBS/SillyAutorunScript.B 
F-Prot 4.4.4.56 2009.02.24 VBS/Agent.F 
F-Secure 8.0.14470.0 2009.02.24 Virus.VBS.AutoRun.ai 
Fortinet 3.117.0.0 2009.02.24 VBS/Autorun.KH!tr 
GData 19 2009.02.24 VBS.Autorun.AAB 
Ikarus T3.1.1.45.0 2009.02.24 Virus.VBS.Agent.ah 
K7AntiVirus 7.10.639 2009.02.21 Trojan.VBS.Agent.ah 
Kaspersky 7.0.0.125 2009.02.24 Virus.VBS.AutoRun.ai 
McAfee 5534 2009.02.23 W32/Autorun.worm.al 
McAfee+Artemis 5534 2009.02.23 W32/Autorun.worm.al 
Microsoft 1.4306 2009.02.24 Worm:VBS/Radier.B 
NOD32 3885 2009.02.24 VBS/AutoRun.AI 
Norman 6.00.06 2009.02.23 VBS/AutoRun.G 
nProtect 2009.1.8.0 2009.02.24 - 
Panda 10.0.0.10 2009.02.23 W32/Autorun.JF.worm 
PCTools 4.4.2.0 2009.02.24 - 
Prevx1 V2 2009.02.24 - 
Rising 21.18.12.00 2009.02.24 Worm.Script.VBS.Agent.x 
SecureWeb-Gateway 6.7.6 2009.02.24 Script.Autorun.AL 
Sophos 4.39.0 2009.02.24 VBS/Autorun-AO 
Sunbelt 3.2.1856.2 2009.02.24 - 
Symantec 10 2009.02.24 VBS.Runauto 
TheHacker 6.3.2.5.264 2009.02.24 - 
TrendMicro 8.700.0.1004 2009.02.24 VBS_OBFUS.B 
VBA32 3.12.10.0 2009.02.24 - 
ViRobot 2009.2.24.1621 2009.02.24 VBS.Agent.10000.E 
VirusBuster 4.5.11.0 2009.02.24 -
```

Дополнительная информация 
File size: 10000 bytes 
MD5...: 618ddd5fd5de4ba032a5c65d2a2d5e23 
SHA1..: 42b258b70edf8ef01845a05757c44faebf1164c4 
SHA256: b1e86b762b90dd0503a31ea3861f4ea081d957bc46edad2017  06d59de90adfcc 
SHA512: 5ad7f9be2421929212812271e31e391c43d8dacc5917c03545  ec660c7d79719f
a3247463cad2a773c92be530bd0b4e526c3daf5be3e91e94e8  e62c9271c02868 
ssdeep: 192:HFXMPP5ZI5WjGscmERS9hCMKjzMe5G1cYPhrtrvFGxqcLe  Pjw0:lXMP7gWas
p06hCMKce5G1c6vE3L+E0

PEiD..: - 
TrID..: File type identification
Unknown! 
PEInfo: -

*Добавлено через 2 минуты*

Файл xou32.exe получен 2009.02.24 12:59:19 (CET)

Результат: 30/39 (76.93%)




```
Антивирус Версия Обновление Результат 
a-squared 4.0.0.93 2009.02.24 Backdoor.Hamweq.B!IK 
AhnLab-V3 2009.2.24.0 2009.02.24 Win-Trojan/Agent.13824.FE 
AntiVir 7.9.0.88 2009.02.24 TR/Crypt.XPACK.Gen 
Authentium 5.1.0.4 2009.02.24 W32/OnlineGames.AJ.gen!Eldorado 
Avast 4.8.1335.0 2009.02.23 Win32:Agent-XKO 
AVG 8.0.0.237 2009.02.24 Worm/Generic.IEV 
BitDefender 7.2 2009.02.24 Backdoor.IRC.ZGE 
CAT-QuickHeal 10.00 2009.02.22 (Suspicious) - DNAScan 
ClamAV 0.94.1 2009.02.24 PUA.Packed.NPack-2 
Comodo 984 2009.02.20 - 
DrWeb 4.44.0.09170 2009.02.24 BackDoor.IRC.Flood.8 
eSafe 7.0.17.0 2009.02.19 Suspicious File 
eTrust-Vet 31.6.6369 2009.02.23 Win32/Hamweq.AE 
F-Prot 4.4.4.56 2009.02.24 W32/OnlineGames.AJ.gen!Eldorado 
F-Secure 8.0.14470.0 2009.02.24 W32/Packed_Nspack.A 
Fortinet 3.117.0.0 2009.02.24 - 
GData 19 2009.02.24 Backdoor.IRC.ZGE 
Ikarus T3.1.1.45.0 2009.02.24 Backdoor.Hamweq.B 
K7AntiVirus 7.10.639 2009.02.21 IRC-Worm.Win32.Small 
Kaspersky 7.0.0.125 2009.02.24 Heur.Invader 
McAfee 5534 2009.02.23 - 
McAfee+Artemis 5534 2009.02.23 - 
Microsoft 1.4306 2009.02.24 Worm:Win32/Hamweq.A 
NOD32 3884 2009.02.24 a variant of Win32/AutoRun.KS 
Norman 6.00.06 2009.02.23 W32/Packed_Nspack.A 
nProtect 2009.1.8.0 2009.02.24 Worm/W32.Small.10752 
Panda 10.0.0.10 2009.02.23 - 
PCTools 4.4.2.0 2009.02.24 Packed/NSPack 
Prevx1 V2 2009.02.24 - 
Rising 21.18.12.00 2009.02.24 Trojan.DL.Win32.Undef.cgz 
SecureWeb-Gateway 6.7.6 2009.02.24 Trojan.Crypt.XPACK.Gen 
Sophos 4.39.0 2009.02.24 Mal/Packer 
Sunbelt 3.2.1856.2 2009.02.24 - 
Symantec 10 2009.02.24 Backdoor.Trojan 
TheHacker 6.3.2.5.264 2009.02.24 W32/Behav-Heuristic-063 
TrendMicro 8.700.0.1004 2009.02.24 PAK_Generic.005 
VBA32 3.12.10.0 2009.02.24 - 
ViRobot 2009.2.24.1621 2009.02.24 - 
VirusBuster 4.5.11.0 2009.02.24 Packed/NSPack
```

Дополнительная информация 
File size: 10731 bytes 
MD5...: 82f6a9cfccafcaf882c514685c2bfdd4 
SHA1..: 361edb5984471de00b697f6fddcd803f2032d6eb 
SHA256: fe2d8627ebd1ce740f5b21bc9aef03d97b0d80144f80b36c8d  f48a182e64c931 
SHA512: 2b3f636d78d79e4015f0a543e086c6bf60db83c66a290439a4  ac4a36d7d766eb
fc30d9fa8d4b88fc876ca868abb22278b7a4c72cb08121054c  db2380c11d36f8 
ssdeep: 192:SRx87Oq4W3l0vdV+hBzAAgca2qmWZ6GpTMHs86YS8y2NqQ  7Busi4poOrNO:S
+F2vD2tkyqTMqMHs86S7IFsRpPx

PEiD..: NsPacK V3.7 -> LiuXingPing 
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40a18f
timedatestamp.....: 0x4858fcdc (Wed Jun 18 12:17:32 200 :Cool: 
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.nsp0 0x1000 0x9000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.nsp1 0xa000 0x3000 0x2600 7.83 b3605257808fc5ef2999e1084efb447d
.nsp2 0xd000 0x910 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 2 imports ) 
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.DLL: OpenProcessToken

( 0 exports ) 

packers (Kaspersky): NSPack, UPX 
packers (Avast): NsPack, UPX

----------


## Black_N

Файл vcard.ex_ получен 2009.02.20 14:03:42 (CET)
Текущий статус: закончено 
*Результат: 8/39 (20.51%)*
 Форматированные 
Печать результатов  

```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.93	2009.02.20	-
AhnLab-V3	2009.2.20.1	2009.02.20	-
AntiVir	7.9.0.85	2009.02.20	-
Authentium	5.1.0.4	2009.02.20	-
Avast	4.8.1335.0	2009.02.19	-
AVG	8.0.0.237	2009.02.20	-
BitDefender	7.2	2009.02.20	Trojan.Waledac.Gen.1
CAT-QuickHeal	10.00	2009.02.20	(Suspicious) - DNAScan
ClamAV	0.94.1	2009.02.20	-
Comodo	984	2009.02.19	-
DrWeb	4.44.0.09170	2009.02.20	-
eSafe	7.0.17.0	2009.02.19	-
eTrust-Vet	31.6.6367	2009.02.20	-
F-Prot	4.4.4.56	2009.02.19	-
F-Secure	8.0.14470.0	2009.02.20	-
Fortinet	3.117.0.0	2009.02.20	W32/Waledac.E!worm
GData	19	2009.02.20	Trojan.Waledac.Gen.1
Ikarus	T3.1.1.45.0	2009.02.20	-
K7AntiVirus	7.10.637	2009.02.19	-
Kaspersky	7.0.0.125	2009.02.20	-
McAfee	5530	2009.02.19	-
McAfee+Artemis	5530	2009.02.19	-
Microsoft	1.4306	2009.02.20	VirTool:Win32/Obfuscator.ES
NOD32	3873	2009.02.20	a variant of Win32/Kryptik.HU
Norman	6.00.06	2009.02.20	-
nProtect	2009.1.8.0	2009.02.20	-
Panda	10.0.0.10	2009.02.20	-
PCTools	4.4.2.0	2009.02.20	-
Prevx1	V2	2009.02.20	-
Rising	21.17.42.00	2009.02.20	-
SecureWeb-Gateway	6.7.6	2009.02.20	-
Sophos	4.38.0	2009.02.20	Sus/Waled-A
Sunbelt	3.2.1855.2	2009.02.17	-
Symantec	10	2009.02.20	-
TheHacker	6.3.2.3.261	2009.02.20	-
TrendMicro	8.700.0.1004	2009.02.20	-
VBA32	3.12.10.0	2009.02.20	-
ViRobot	2009.2.20.1617	2009.02.20	-
VirusBuster	4.5.11.0	2009.02.19	Trojan.Waledac.Gen!Pac.6
```

Дополнительная информация
File size: 408064 bytes
MD5...: 4b5440e08003a7d1f6efc6e4b6f9b10e
SHA1..: c7a848c609a15b3ea94103add93dd6cc8036ff1e
SHA256: 9cacb8698a526dc147e4952055b4ad53dce02803c89f79a225  6c8121a10cfe3f
SHA512: 392bd1c14e5b60fffc79d118e8133b2d967d72d3e189ca77d0  a3e212f1640df3
11b3112baca0233b04e249882f6d43b13a3b1bf5a183ab2f24  5ca069c010aeda
ssdeep: 6144:BTDCraastM+CscSjbqSup7Pc35VXY8omhDmEVBoK5xiXe  +Yt+MO7QYrnxDD
tMDy:NDXBwscSjJd5VzocDmEboKfC7++MD81
PEiD..: -
TrID..: File type identification
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40115f
timedatestamp.....: 0x41673756 (Sat Oct 09 00:56:54 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x62a70 0x62a00 8.00 d6678902db73cc613f88a75cd6cf2cd5
.data 0x64000 0x8f1e8 0x800 7.67 e8c34bf9c1816736ddb19df62e9ff161
.rsrc 0xf4000 0x36c 0x400 2.93 9df9f88b500e11a642ce36c0a6739e17

( 3 imports ) 
> KERNEL32.dll: GetLinguistLangSize, GlobalAlloc, GetStartupInfoA, VirtualProtect, EnumCalendarInfoExW, lstrcpyW, NlsGetCacheUpdateCount
> ADVAPI32.dll: RegDeleteValueA, LsaOpenSecret, AddAccessDeniedObjectAce, GetUserNameA, ElfChangeNotify
> ole32.dll: CoGetClassVersion, HDC_UserSize, CoRevokeMallocSpy

( 0 exports )

----------


## Rampant

File Win.rar received on 02.25.2009 11:48:22 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED 
Result: 12/38 (31.58%)



> *a-squared 4.0.0.93 2009.02.25 Virus.Win32.CIH!IK* 
> AhnLab-V3 2009.2.24.0 2009.02.25 - 
> *AntiVir 7.9.0.88 2009.02.25 W95/CIH* 
> Authentium 5.1.0.4 2009.02.25 - 
> *AVG 8.0.0.237 2009.02.25 Win32/Small 
> BitDefender 7.2 2009.02.25 Trojan.Generic.977964* 
> CAT-QuickHeal 10.00 2009.02.25 - 
> ClamAV 0.94.1 2009.02.25 - 
> Comodo 983 2009.02.20 - 
> ...


Additional information 
File size: 14775 bytes 
MD5...: 54747ae6d1b52feaec9a2a5b36b90ee5 
SHA1..: 5ee9fcf3e593ab33c7496f2666edb686a507209f 
SHA256: 868214f8c387218ef4219587d956e5172b9e4b481038e2a16c  93f1a471b8f637 
SHA512: a4ba5999e37635b2ada6f7552ff32b9702ed905e578b1a4448  2907e974273fc0
3a5a84076e838807928bc7f84173e3f07337f0bb6663168bbb  2ac79a62c8dc85 
ssdeep: 384:/MVI6qkBnTPlJSssgBu4l79iQHtIVxrhCJy66eeuRwG:t6qRssg  Btw7rhCJy
9et

PEiD..: - 
TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%) 
PEInfo: - 
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=AB57B766307FBFBC769C00406  5FA440098B03A84' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=AB57B766307FBFBC769C00406  5FA440098B03A84</a>

----------


## Pili

Файл gaopdxbqppkowb.sys получен 2009.02.26 06:00:14 (CET)
Результат: 4/39 (10.26%)


```
Антивирус  	Версия  	Обновление  	Результат
a-squared	4.0.0.93	2009.02.26	-
AhnLab-V3	2009.2.26.0	2009.02.25	-
AntiVir	7.9.0.88	2009.02.25	-
Authentium	5.1.0.4	2009.02.25	-
Avast	4.8.1335.0	2009.02.25	-
AVG	8.0.0.237	2009.02.25	-
BitDefender	7.2	2009.02.26	-
CAT-QuickHeal	10.00	2009.02.26	-
ClamAV	0.94.1	2009.02.25	-
Comodo	986	2009.02.20	-
DrWeb	4.44.0.09170	2009.02.26	-
eSafe	7.0.17.0	2009.02.25	Suspicious File
eTrust-Vet	31.6.6375	2009.02.26	-
F-Prot	4.4.4.56	2009.02.25	-
F-Secure	8.0.14470.0	2009.02.26	-
Fortinet	3.117.0.0	2009.02.26	-
GData	19	2009.02.26	-
Ikarus	T3.1.1.45.0	2009.02.26	-
K7AntiVirus	7.10.647	2009.02.25	-
Kaspersky	7.0.0.125	2009.02.26	-
McAfee	5536	2009.02.25	-
McAfee+Artemis	5536	2009.02.25	-
Microsoft	1.4306	2009.02.26	Trojan:WinNT/Alureon.C
NOD32	3890	2009.02.26	-
Norman	6.00.06	2009.02.25	-
nProtect	2009.1.8.0	2009.02.26	-
Panda	10.0.0.10	2009.02.26	-
PCTools	4.4.2.0	2009.02.25	-
Prevx1	V2	2009.02.26	High Risk Cloaked Malware
Rising	21.18.30.00	2009.02.26	-
SecureWeb-Gateway	6.0.0	2009.02.25	Trojan.LooksLike.Vundo
Sophos	4.39.0	2009.02.26	-
Sunbelt	3.2.1858.2	2009.02.25	-
Symantec	10	2009.02.26	-
TheHacker	6.3.2.5.265	2009.02.25	-
TrendMicro	8.700.0.1004	2009.02.26	-
VBA32	3.12.10.0	2009.02.26	-
ViRobot	2009.2.26.1624	2009.02.26	-
VirusBuster	4.5.11.0	2009.02.25	-
```

File size: 80896 bytes
MD5...: 6f3ea55a9a8aeab4ec760b351c587a6d
SHA1..: f7086188bf3b135cbef3627ecb06d6f3346ee51c
SHA256: 8f647076c77fddd2137349b51babd16abf8112b19852a7f78a  89dd74c895bd34
SHA512: 7a59a748d06851c9260f2f68324495497651169feedf3ec540  ebb35a961ab8b3
2621b36cf2666681f8c68af6154a801f325a9108144d26e9ea  f93e3f36b09c9c
ssdeep: 1536 :borred: SH3MjRNOWb9zwuFkoHevrE1jM0R7aOSPV1QL4lP+SQIaOSpZ45  I :borred: mMF9z
TSkeMA0Ro10yfQQSkq

----------


## Black_N

Файл kodecs_Ukrainu.rar получен 2009.02.26 14:29:42 (CET)
Текущий статус:    закончено 
*Результат: 5/38 (13.16%)* 



```
a-squared	4.0.0.93	2009.02.26	-
AntiVir	7.9.0.93	2009.02.26	-
Authentium	5.1.0.4	2009.02.26	-
Avast	4.8.1335.0	2009.02.25	-
AVG	8.0.0.237	2009.02.26	-
BitDefender	7.2	2009.02.26	-
CAT-QuickHeal	10.00	2009.02.26	-
ClamAV	0.94.1	2009.02.26	-
Comodo	986	2009.02.20	-
DrWeb	4.44.0.09170	2009.02.26	-
eSafe	7.0.17.0	2009.02.25	Suspicious File
eTrust-Vet	31.6.6375	2009.02.26	-
F-Prot	4.4.4.56	2009.02.25	-
F-Secure	8.0.14470.0	2009.02.26	-
Fortinet	3.117.0.0	2009.02.26	-
GData	19	2009.02.26	-
Ikarus	T3.1.1.45.0	2009.02.26	-
K7AntiVirus	7.10.647	2009.02.25	Trojan.Win32.Malware.4
Kaspersky	7.0.0.125	2009.02.26	-
McAfee	5536	2009.02.25	-
McAfee+Artemis	5536	2009.02.25	-
Microsoft	1.4306	2009.02.26	VirTool:Win32/Obfuscator.C
NOD32	3890	2009.02.26	-
Norman	6.00.06	None..	-
nProtect	2009.1.8.0	2009.02.26	-
Panda	10.0.0.10	2009.02.26	-
PCTools	4.4.2.0	2009.02.26	-
Prevx1	V2	2009.02.26	-
Rising	21.18.32.00	2009.02.26	-
SecureWeb-Gateway	6.0.0	2009.02.26	-
Sophos	4.39.0	2009.02.26	-
Sunbelt	3.2.1858.2	2009.02.25	-
Symantec	10	2009.02.26	Trojan Horse
TheHacker	6.3.2.5.265	2009.02.25	Aplicacion/GoldFake.d
TrendMicro	8.700.0.1004	2009.02.26	-
VBA32	3.12.10.0	2009.02.26	-
ViRobot	2009.2.26.1625	2009.02.26	-
VirusBuster	4.5.11.0	2009.02.25	-
```

Дополнительная информация
File size: 2276506 bytes
MD5...: 0a1b6bf0a16363874fccefe447d22b57
SHA1..: 6f6d11abee5d67cca85b11becf8fec4b3ae95b6b
SHA256: 06af3d8826f076fa82138c6e052ee05bc0d82e3fe52e5b1b21  4e0e6947ccfa37
SHA512: c1d044ae238ee43744765c9772da6a142ac30f28c23a6c8fb8  6ce0c527fa091b
4080fd702e485c6bd11f9223c4e98c4262debdbbe2fdd3d7b1  0617b5c264e2d7
ssdeep: 49152:um/++8qocMAHZiCEw9yre2LKD3VToUGa13TfOxfF99nhOBXoqeGC6  3:umk
qo0HZiChqea/6TG9j293
PEiD..: -
TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)
PEInfo: -
packers (Kaspersky): UPX
packers (F-Prot): UPX

----------


## Kuzz

Файл KB908199.exe получен 2009.02.27 08:53:42 (CET)
Текущий статус:  закончено 
Результат: 31/39 (79.49%)



```
a-squared	4.0.0.101	2009.02.27	Riskware.Win32.DelfInject!IK
AhnLab-V3	5.0.0.2	2009.02.26	Win-Trojan/Agent2.22528.E
AntiVir	7.9.0.98	2009.02.27	TR/Agent2.dsj
Authentium	5.1.0.4	2009.02.27	-
Avast	4.8.1335.0	2009.02.26	Win32:Trojan-gen {Other}
AVG	8.0.0.237	2009.02.26	Dropper.Generic.AIAA
BitDefender	7.2	2009.02.27	Trojan.Generic.1442776
CAT-QuickHeal	10.00	2009.02.27	Trojan.Agent2.dsj
ClamAV	0.94.1	2009.02.27	-
Comodo	986	2009.02.20	-
DrWeb	4.44.0.09170	2009.02.27	Trojan.DownLoad.26770
eSafe	7.0.17.0	2009.02.26	Win32.GenericDropper
eTrust-Vet	31.6.6376	2009.02.27	Win32/VMalum.ESMV
F-Prot	4.4.4.56	2009.02.26	-
F-Secure	8.0.14470.0	2009.02.27	Trojan.Win32.Agent2.dsj
Fortinet	3.117.0.0	2009.02.27	W32/Dropper.DF!tr
GData	19	2009.02.27	Trojan.Generic.1442776
Ikarus	T3.1.1.45.0	2009.02.27	VirTool.Win32.DelfInject
K7AntiVirus	7.10.648	2009.02.26	Trojan.Win32.Malware.4
Kaspersky	7.0.0.125	2009.02.27	Trojan.Win32.Agent2.dsj
McAfee	5537	2009.02.26	Generic Dropper.df
McAfee+Artemis	5537	2009.02.26	Generic!Artemis
Microsoft	1.4306	2009.02.27	VirTool:Win32/DelfInject.gen!X
NOD32	3893	2009.02.26	Win32/TrojanDownloader.FakeAlert.VK
Norman	6.00.06	2009.02.26	W32/Agent.LRSQ
nProtect	2009.1.8.0	2009.02.27	Trojan/W32.Inject.22528.L
Panda	10.0.0.10	2009.02.26	Trj/Zlob.KH
PCTools	4.4.2.0	2009.02.26	-
Prevx1	V2	2009.02.27	Medium Risk Malware
Rising	21.18.41.00	2009.02.27	Backdoor.Win32.Delf.dqz
SecureWeb-Gateway	6.0.0	2009.02.27	Trojan.Agent2.dsj
Sophos	4.39.0	2009.02.27	-
Sunbelt	3.2.1858.2	2009.02.26	Trojan.Win32.Agent2.dsj
Symantec	10	2009.02.27	Trojan Horse
TheHacker	6.3.2.5.266	2009.02.26	Trojan/Agent2.dsj
TrendMicro	8.700.0.1004	2009.02.27	PAK_Generic.001
VBA32	3.12.10.1	2009.02.26	Trojan.Win32.Agent2.dsj
ViRobot	2009.2.27.1626	2009.02.27	-
VirusBuster	4.5.11.0	2009.02.26	-
```

Дополнительная информация
File size: 22528 bytes
MD5...: de1ecdd0a9423086b8ecd04684041992
SHA1..: e7ab5a480a92efb6d7e14551b72294ce45f90006
SHA256: 3fe8d4e3982e70fd84c59e19fc8994cb8b4520b67e964089ce  bc46d3c4631cb2
SHA512: 5383ccbff810a61eead388d113ef1c00c1873fced37315c255  b8b98d457c0b83
97b3afa07d231040f3831cccd03d4bc3ed8012b214e536a134  7228ce6c311e2d
ssdeep: 384:VjvfIDAtPsU5shLRSyQYWV5aPcIuPQHtiaM9bgjsfAGPzU  gaPfg99vTrrjQF
f:VjHIDAx3ShJWVcPZuvaMSjsdzpkf29LG
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

ЗЫ. При таком детекте оно еще живет и распространяется...


Файл vksaver-install.exe получен 2009.02.27 08:53:52 (CET)
Текущий статус:  закончено 
Результат: 6/39 (15.39%)


```
a-squared	4.0.0.101	2009.02.27	-
AhnLab-V3	5.0.0.2	2009.02.26	-
AntiVir	7.9.0.98	2009.02.27	-
Authentium	5.1.0.4	2009.02.27	-
Avast	4.8.1335.0	2009.02.26	-
AVG	8.0.0.237	2009.02.26	-
BitDefender	7.2	2009.02.27	-
CAT-QuickHeal	10.00	2009.02.27	-
ClamAV	0.94.1	2009.02.27	-
Comodo	986	2009.02.20	-
DrWeb	4.44.0.09170	2009.02.27	Trojan.Sniff
eSafe	7.0.17.0	2009.02.26	Win32.Malware
eTrust-Vet	31.6.6376	2009.02.27	-
F-Prot	4.4.4.56	2009.02.26	-
F-Secure	8.0.14470.0	2009.02.27	W32/Malware
Fortinet	3.117.0.0	2009.02.27	-
GData	19	2009.02.27	-
Ikarus	T3.1.1.45.0	2009.02.27	-
K7AntiVirus	7.10.648	2009.02.26	-
Kaspersky	7.0.0.125	2009.02.27	-
McAfee	5537	2009.02.26	-
McAfee+Artemis	5537	2009.02.26	-
Microsoft	1.4306	2009.02.27	-
NOD32	3893	2009.02.26	-
Norman	6.00.06	2009.02.26	Malware.FSDH
nProtect	2009.1.8.0	2009.02.27	-
Panda	10.0.0.10	2009.02.26	Suspicious file
PCTools	4.4.2.0	2009.02.26	-
Prevx1	V2	2009.02.27	High Risk Worm
Rising	21.18.41.00	2009.02.27	-
SecureWeb-Gateway	6.0.0	2009.02.27	-
Sophos	4.39.0	2009.02.27	-
Sunbelt	3.2.1858.2	2009.02.26	-
Symantec	10	2009.02.27	-
TheHacker	6.3.2.5.266	2009.02.26	-
TrendMicro	8.700.0.1004	2009.02.27	-
VBA32	3.12.10.1	2009.02.26	-
ViRobot	2009.2.27.1626	2009.02.27	-
VirusBuster	4.5.11.0	2009.02.26	-
```

File size: 66531 bytes
MD5...: 3676e816fd8c788a0b11af17f4283d63
SHA1..: f41a46c76c34496397310ff44dd106b9389773f8
SHA256: ef19269c9e89cd6f66427e32aa436f68e80e408f9889c96206  3b289e69a1aa12
SHA512: 17470c8c18b057fc95cd002cf5526f57460e228eec7565e722  27d1343a9fe4b1
e7d7c5c2f49724e9fc58227c386e61759ec170bbc5cd937c3a  46eb2332843998
ssdeep: 1536:GxY+TZkz1GxGTff7MbS0DymJevLPcw+YbCcpq/GM5+VFPeFGAcIHn+YbCcO
:8YL0xqfjyDymJevLPcw+YbjK0CzH+YbA

----------


## senyak

Файл discounts.exe получен 2009.03.01 14:24:04 (CET)
Текущий статус: закончено
Результат: 9/39 (23.08%)




> Антивирус 	Версия 	Обновление 	Результат
> a-squared 	4.0.0.101 	2009.03.01 	-
> AhnLab-V3 	5.0.0.2 	2009.02.27 	-
> *AntiVir 	7.9.0.98 	2009.02.28 	TR/Crypt.XPACK.Gen*
> Authentium 	5.1.0.4 	2009.02.28 	-
> Avast 	4.8.1335.0 	2009.02.28 	-
> AVG 	8.0.0.237 	2009.03.01 	Injector.CD
> *BitDefender 	7.2 	2009.03.01 	Trojan.Waledac.Gen.1
> CAT-QuickHeal 	10.00 	2009.02.28 	(Suspicious) - DNAScan*
> ...


Дополнительная информация
File size: 411648 bytes
MD5...: 1b5faec7a955766316d3e8c099457a53
SHA1..: 178e4d7f23d2f0d3579a2aa4929b524bace1438b
SHA256: 83519a803f1878decf9fe60789442fa72f0c7b99b50ecd1b6e  630a1a414f27b2
SHA512: 7e8c77632e628f76de9816eeb96247664d27fd660e749e2f42  3a8d49e42fbd3b
b1c2bf83510a6d9d75cc0610b4083583affc54ff87c04acef7  3734ab73ba194b
ssdeep: 12288:FYF/n+QQvfJKpz20MaEBdsl4VXBmhztJ6mpXJZ:FYFWopz20MaEy4b  mh/5
J



Файл 1 получен 2009.03.01 14:56:33 (CET)
Текущий статус: закончено
Результат: 7/39 (17.95%)



> Антивирус 	Версия 	Обновление 	Результат
> a-squared 	4.0.0.101 	2009.03.01 	-
> AhnLab-V3 	5.0.0.2 	2009.02.27 	-
> *AntiVir 	7.9.0.98 	2009.02.28 	HEUR/HTML.Malware
> Authentium 	5.1.0.4 	2009.02.28 	HTML/IFrame
> Avast 	4.8.1335.0 	2009.02.28 	HTML:Iframe-inf*
> AVG 	8.0.0.237 	2009.03.01 	-
> BitDefender 	7.2 	2009.03.01 	-
> CAT-QuickHeal 	10.00 	2009.02.28 	-
> ...


Дополнительная информация
File size: 1265 bytes
MD5...: 488be25987c46d729ec66213fa824812
SHA1..: 167124ad9842834c026cf89ce3667604cd654cca
SHA256: 9a768aa8de55ced8c0dd03a147ffaaa514d693153b3b6bc95f  2d71bf2f81ba2a
SHA512: 5cfee238316004c028095b8e07d8e1ce0a7df0f44962482f64  d2d961d435071b
76bbd83833f71c3cd861e9435829a49db19934220c4e8a9635  770edbd5a47386
ssdeep: 24:WGuU2CMyEAAKmi6L8FL2tlLxCRQQW9KFoX0MlXlvi6Lxd8P  p:8VqEAAK6L8FL
2t7CjWFNlVLxda
PEiD..: -
TrID..: File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
PEInfo: -

----------


## Winsent

Complete scanning result of "jimm.jar", processed in VirusTotal at 03/03/2009 07:45:49 (CET).

[ file data ]
* name..: jimm.jar
* size..: 185922
* md5...: da9131225d5822f9d73cb61da5d9af22
* sha1..: 389dc780cb0250ee30d4c8698f29fe952faf0fe7
* peid..: -

[ scan result ]


```
a-squared 4.0.0.101/20090303 found nothing
AhnLab-V3 5.0.0.2/20090227 found nothing
AntiVir 7.9.0.98/20090302 found nothing
Authentium 5.1.0.4/20090303 found nothing
Avast 4.8.1335.0/20090302 found nothing
AVG 8.0.0.237/20090303 found nothing
BitDefender 7.2/20090303 found nothing
CAT-QuickHeal 10.00/20090303 found nothing
ClamAV 0.94.1/20090303 found nothing
Comodo 986/20090220 found nothing
DrWeb 4.44.0.09170/20090303 found nothing
eSafe 7.0.17.0/20090302 found nothing
eTrust-Vet 31.6.6381/20090303 found nothing
F-Prot 4.4.4.56/20090302 found nothing
F-Secure 8.0.14470.0/20090303 found [RiskTool.J2ME.SMSreg.b]
Fortinet 3.117.0.0/20090303 found nothing
GData 19/20090303 found nothing
Ikarus T3.1.1.45.0/20090303 found nothing
K7AntiVirus 7.10.654/20090302 found nothing
Kaspersky 7.0.0.125/20090303 found [not-a-virus:RiskTool.J2ME.SMSreg.b]
McAfee 5541/20090302 found nothing
McAfee+Artemis 5541/20090302 found nothing
Microsoft 1.4306/20090302 found nothing
NOD32 3902/20090302 found nothing
Norman 6.00.06/20090302 found nothing
nProtect 2009.1.8.0/20090303 found nothing
Panda 10.0.0.10/20090302 found nothing
PCTools 4.4.2.0/20090302 found nothing
Prevx1 V2/20090303 found nothing
Rising 21.19.10.00/20090303 found nothing
SecureWeb-Gateway 6.7.6/20090303 found nothing
Sophos 4.39.0/20090303 found nothing
Sunbelt 3.2.1858.2/20090302 found nothing
Symantec 10/20090303 found nothing
TheHacker 6.3.2.6.269/20090302 found nothing
TrendMicro 8.700.0.1004/20090303 found nothing
VBA32 3.12.10.1/20090303 found nothing
ViRobot 2009.3.3.1631/20090303 found nothing
VirusBuster 4.5.11.0/20090302 found nothing
```

----------


## Black_N

Файл 3.exe получен 2009.03.03 10:38:25 (CET)
Текущий статус:    закончено 
*Результат: 2/39 (5.13%)*
Цитата:



> a-squared	4.0.0.101	2009.03.03	-
> AhnLab-V3	5.0.0.2	2009.02.27	-
> AntiVir	7.9.0.98	2009.03.03	-
> Authentium	5.1.0.4	2009.03.03	-
> Avast	4.8.1335.0	2009.03.02	-
> AVG	8.0.0.237	2009.03.03	-
> BitDefender	7.2	2009.03.03	-
> CAT-QuickHeal	10.00	2009.03.03	-
> ClamAV	0.94.1	2009.03.03	-
> ...


Дополнительная информация
File size: 11735191 bytes
MD5...: 579ee530d8d6bd3cf7beb13aeec5fe30
SHA1..: 92bc0cc76e7c43a8a4afb1afd3bb6ccd8445c53c
SHA256: f46e372751155b25d15d89e6b9d8edfcb2cf864c2cee680a8e  f27edc19db3d67
SHA512: e4186e5d3819ee1d1f8e1033737de778acff22443e2a1e9f20  f38909edbd98d3
6d7bd98b18eea78a183e292b2fe147a36d1955d1cb47cb5c1d  d4fc6b91eb8dae
ssdeep: 196608:FTLWeZd0IULK/TJFDFSSvQRPAdtPwmm1BPli4ahhjKlgX3TNAJeR:oeZd
0E/TJdF1oRPAdRmr/ahhjigX3yJK
PEiD..: Armadillo v1.71
TrID..: File type identification
Win64 Executable Generic (54.6%)
Win32 Executable MS Visual C++ (generic) (24.0%)
Windows Screen Saver (8.3%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x173a6
timedatestamp.....: 0x47d6fa36 (Tue Mar 11 21:31:34 200 :Cool: 
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2e906 0x2f000 6.60 9ba09777227435273354d46c8470fbd3
.rdata 0x30000 0x842e 0x9000 4.58 ec25192b7421c9cc51f1a1283f96b143
.data 0x39000 0x9d08 0x6000 2.68 e4b5677a176f441e4836113962ecddba
.rsrc 0x43000 0x9998 0xa000 4.75 91c466c33a8b81107d6d20fbb56fd1da

( 8 imports ) 
> KERNEL32.dll: WritePrivateProfileStringA, GetProcessVersion, SizeofResource, GetCPInfo, GetOEMCP, RtlUnwind, ExitProcess, TerminateProcess, HeapFree, HeapAlloc, RaiseException, GetTimeZoneInformation, GetSystemTime, GetLocalTime, HeapReAlloc, SetEnvironmentVariableA, SetCurrentDirectoryA, GetStartupInfoA, GetCommandLineA, GetACP, HeapSize, LCMapStringA, LCMapStringW, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, VirtualFree, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, CompareStringA, CompareStringW, GetFileType, SetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, GlobalFlags, SetErrorMode, TlsGetValue, GetProfileStringA, LocalReAlloc, TlsSetValue, GlobalReAlloc, TlsFree, GlobalHandle, TlsAlloc, LocalAlloc, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, SetFileTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetFileTime, MulDiv, SetLastError, FreeLibrary, GetVersion, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GetModuleHandleA, GlobalUnlock, GlobalFree, LockResource, FindResourceA, LoadResource, GlobalLock, GlobalAlloc, GlobalDeleteAtom, GetCurrentThread, GetCurrentThreadId, lstrcmpiA, LoadLibraryA, GetProcAddress, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, WriteFile, GetCurrentProcess, DuplicateHandle, lstrcmpA, FileTimeToSystemTime, MultiByteToWideChar, WideCharToMultiByte, InterlockedDecrement, CreateDirectoryA, MoveFileA, SetVolumeLabelA, GetDriveTypeA, GetCurrentDirectoryA, GetFileSize, GetDiskFreeSpaceA, FormatMessageA, LocalFree, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, lstrlenA, CreateProcessA, GetLastError, GetExitCodeProcess, GetTempPathA, GetModuleFileNameA, RemoveDirectoryA, SetFileAttributesA, DeleteFileA, InterlockedIncrement, FindNextFileA, CreateFileA, SetFilePointer, ReadFile, CloseHandle, GetFullPathNameA, lstrcpynA, GetVolumeInformationA, GetFileAttributesA, lstrcpyA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, HeapCreate
> USER32.dll: ScreenToClient, AdjustWindowRectEx, GetSysColor, MapWindowPoints, UpdateWindow, ClientToScreen, GetWindowDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, LoadStringA, GetClassNameA, PtInRect, GetSysColorBrush, InflateRect, DestroyMenu, InvalidateRect, WinHelpA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, CreateWindowExA, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, RemovePropA, DefWindowProcA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, GetWindow, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, CopyRect, GetDC, ReleaseDC, EndDialog, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetNextDlgTabItem, GetMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, GetCursorPos, SetWindowsHookExA, GetLastActivePopup, UnhookWindowsHookEx, GetParent, SetFocus, IsWindowEnabled, ShowWindow, SetWindowPos, SetWindowLongA, GetDlgCtrlID, GetWindowTextLengthA, GetWindowTextA, SetWindowTextA, GetWindowLongA, IsDialogMessageA, SendDlgItemMessageA, GetDlgItem, CharUpperA, IsWindow, PostQuitMessage, UnregisterClassA, HideCaret, ShowCaret, CharToOemBuffA, OemToCharBuffA, wsprintfA, MsgWaitForMultipleObjects, TranslateMessage, DispatchMessageA, MessageBoxA, GetTopWindow, RegisterWindowMessageA, GetCapture, EnableWindow, LoadCursorA, SetCursor, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, PostMessageA, LoadIconA, SendMessageA, PeekMessageA, IsWindowUnicode, CharNextA, DefDlgProcA, DrawFocusRect, ExcludeUpdateRgn, GetFocus
> GDI32.dll: SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, IntersectClipRect, DeleteObject, GetDeviceCaps, CreateSolidBrush, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, SetBkMode, GetStockObject, SelectObject, RestoreDC, SaveDC, DeleteDC, GetObjectA, SetBkColor, SetTextColor, GetClipBox, PatBlt, CreateDIBitmap, GetTextExtentPointA, BitBlt, CreateCompatibleDC, CreateBitmap
> comdlg32.dll: GetFileTitleA
> WINSPOOL.DRV: DocumentPropertiesA, ClosePrinter, OpenPrinterA
> ADVAPI32.dll: RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegSetValueExA
> SHELL32.dll: SHFileOperationA
> COMCTL32.dll: -

( 0 exports ) 
packers (F-Prot): ZIP

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Erekle

> Файл ConfDriver.exe получен 2009.03.06 00:09:46 (CET)
> Результат: *17/39* (43.59%)
> 
> a-squared 4.0.0.101 2009.03.05 - 
> *AhnLab-V3 5.0.0.2 2009.02.27 Win-Trojan/Buzus.29184.AK* 
> AntiVir 7.9.0.100 2009.03.05 - 
> Authentium 5.1.0.4 2009.03.05 - 
> Avast 4.8.1335.0 2009.03.05 - 
> *AVG 8.0.0.237 2009.03.05 Generic12.ASUT 
> ...


Дополнительная информация 
File size: 29184 bytes 
MD5...: 1a5f91554aad217185271b3414e10dcd 
SHA1..: d6989ce427e0ff4e723cb11fa09f42147a2b347d 
SHA256: 5febb6cef268db2c9c9ad227587f79dae1825a9d2db381afce  b1ff98add214fe
___________________________

(*eTrust* - хорошо сказал  :Smiley:  )

----------


## vlad179

Файл avz00001.dta получен 2009.03.06 11:06:59 (CET)

Результат: 4/38 (10.53%)



```
Антивирус Версия Обновление Результат 
a-squared 4.0.0.101 2009.03.06 - 
AhnLab-V3 5.0.0.2 2009.02.27 - 
AntiVir 7.9.0.105 2009.03.06 - 
Authentium 5.1.0.4 2009.03.06 - 
Avast 4.8.1335.0 2009.03.05 - 
AVG 8.0.0.237 2009.03.05 Adload_r.HT 
BitDefender 7.2 2009.03.06 - 
CAT-QuickHeal 10.00 2009.03.06 - 
ClamAV 0.94.1 2009.03.06 - 
Comodo 1027 2009.03.05 - 
DrWeb 4.44.0.09170 2009.03.06 - 
eSafe 7.0.17.0 2009.03.05 - 
eTrust-Vet 31.6.6384 2009.03.05 - 
F-Prot 4.4.4.56 2009.03.05 W32/Hexzone.B.gen!Eldorado 
F-Secure 8.0.14470.0 2009.03.06 Trojan-Downloader.Win32.Agent.bjtm 
Fortinet 3.117.0.0 2009.03.06 - 
GData 19 2009.03.06 - 
Ikarus T3.1.1.45.0 2009.03.06 - 
K7AntiVirus 7.10.659 2009.03.05 - 
Kaspersky 7.0.0.125 2009.03.06 Trojan-Downloader.Win32.Agent.bjtm 
McAfee 5544 2009.03.05 - 
McAfee+Artemis 5544 2009.03.05 - 
Microsoft 1.4405 2009.03.06 - 
NOD32 3912 2009.03.06 - 
Norman 6.00.06 2009.03.05 - 
nProtect 2009.1.8.0 2009.03.06 - 
Panda 10.0.0.10 2009.03.05 - 
PCTools 4.4.2.0 2009.03.05 - 
Prevx1 V2 2009.03.06 - 
Rising 21.19.42.00 2009.03.06 - 
SecureWeb-Gateway 6.7.6 2009.03.06 - 
Sophos 4.39.0 2009.03.06 - 
Sunbelt 3.2.1858.2 2009.03.06 - 
Symantec 10 2009.03.06 - 
TheHacker 6.3.2.7.273 2009.03.06 - 
TrendMicro 8.700.0.1004 2009.03.05 - 
ViRobot 2009.3.6.1637 2009.03.06 - 
VirusBuster 4.5.11.0 2009.03.05 -
```

Дополнительная информация 
File size: 509952 bytes 
MD5...: 46e1e2567163dca639a3eea51399423c 
SHA1..: a8c1b02c5d373cbe33dc13519e4a68a1db1d7bb6 
SHA256: 6e2135bdeaeeccb22b1cb7857362980e90f50e225dac599355  e2f47557fce12e 
SHA512: 4df4bf98b91ff024737143a08863144d588dbb0395c989ba07  af24218d2f39eb
077f058691b23fb20931d9601e2ff61eb9b6a03d73d1493aef  0b7a83a9d31957 
ssdeep: 12288 :Lipsrsealed: H7t3DuI5p1LTVS9c2UIm98ODaPQUPKj1BO5RQEDHM1dDG :Lipsrsealed: bt3yKp1LTV
KcgfYPj1BAR57MXi

----------


## senyak

Файл ______________.exe получен 2009.03.09 20:13:40 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 15/39 (38.47%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.03.09	Trojan-PWS.Win32.VKont!IK*
> AhnLab-V3	5.0.0.2	2009.02.27	-
> *AntiVir	7.9.0.107	2009.03.09	TR/PSW.VKont.A*
> Authentium	5.1.0.4	2009.03.09	-
> *Avast	4.8.1335.0	2009.03.09	Win32:Trojan-gen {Other}
> AVG	8.0.0.237	2009.03.09	PSW.Generic6.BBIK
> BitDefender	7.2	2009.03.09	Trojan.Generic.1406945
> CAT-QuickHeal	10.00	2009.03.09	TrojanPSW.VKont.a*
> ...


Дополнительная информация
File size: 813568 bytes
MD5...: 85740a68e38e51807b1fd4f9190378e3
SHA1..: 995f5fd65a8c9ac8be5aa324e9b35fc51f5f0591
SHA256: 062fc5d9ac296d44223a5ef1b39f2ba9c2f9c12511e84a993d  bbf3e3fa7838eb
SHA512: 071696ae10178453a8825bc61e97cb7e617641238d1d391020  12aaf4a7949c12
a7345277494a821cdcee05d77d29d2aa2e137e88cad2b5aed3  73f16899d6cddf
ssdeep: 12288:R/jDEG2cYpCXUm6AJGAh6QkkkmRKcjRula43e:pnSDCXOLik4K1p  3
PEiD..: BobSoft Mini Delphi -> BoB / BobSoft

----------


## ISO

File ximr.pif received on 03.11.2009 11:10:09 (CET)
Result: 6/39 (15.39%)



```
Antivirus     Version     Last Update     Result
a-squared    4.0.0.101    2009.03.11    -
AhnLab-V3    5.0.0.2    2009.03.11    -
AntiVir    7.9.0.109    2009.03.11    Worm/Autorun.esq
Authentium    5.1.0.4    2009.03.10    -
Avast    4.8.1335.0    2009.03.10    -
AVG    8.0.0.237    2009.03.10    -
BitDefender    7.2    2009.03.11    -
CAT-QuickHeal    10.00    2009.03.11    Worm.AutoRun.upf
ClamAV    0.94.1    2009.03.11    -
Comodo    1046    2009.03.10    Unclassified Malware
DrWeb    4.44.0.09170    2009.03.11    -
eSafe    7.0.17.0    2009.03.11    Win32.Worm.AutoRun.u
eTrust-Vet    31.6.6388    2009.03.09    -
F-Prot    4.4.4.56    2009.03.10    -
F-Secure    8.0.14470.0    2009.03.11    -
Fortinet    3.117.0.0    2009.03.11    -
GData    19    2009.03.11    -
Ikarus    T3.1.1.45.0    2009.03.11    -
K7AntiVirus    7.10.665    2009.03.10    -
Kaspersky    7.0.0.125    2009.03.11    -
McAfee    5549    2009.03.10    -
McAfee+Artemis    5549    2009.03.10    -
Microsoft    1.4405    2009.03.11    -
NOD32    3925    2009.03.11    -
Norman    6.00.06    2009.03.10    -
nProtect    2009.1.8.0    2009.03.11    -
Panda    10.0.0.10    2009.03.10    -
PCTools    4.4.2.0    2009.03.10    -
Prevx1    V2    2009.03.11    -
Rising    21.20.22.00    2009.03.11    -
SecureWeb-Gateway    6.7.6    2009.03.11    Worm.Autorun.esq
Sophos    4.39.0    2009.03.11    -
Sunbelt    3.2.1858.2    2009.03.10    -
Symantec    1.4.4.12    2009.03.11    -
TheHacker    6.3.3.0.278    2009.03.11    W32/AutoRun.esq
TrendMicro    8.700.0.1004    2009.03.11    -
VBA32    3.12.10.1    2009.03.11    -
ViRobot    2009.3.11.1645    2009.03.11    -
VirusBuster    4.5.11.0    2009.03.10    -
```

Additional information
File size: 97791 bytes
MD5...: df7ebd547e890c70d0e802454168b346
SHA1..: 4e6f4197ee2563ed06946c6016d4fac1082ed1fe
SHA256: dfa991a20f3c184292e2eb3500ebfa3466bcaa06ae0d84e893  3df9f18c7302f1
SHA512: 182a46b08005b3a7ac4f9a1738d52ad6c667721472a86a989f  f2c305c952d027
25cd75c39cc2e2f93c9aefb9709c3b7919a06bc3cec4b22417  9d5061bc1962f7
ssdeep: 1536:YEwOnbNQKLjWDyy1o5RepJUEbooPRrKKRSq6Hn:Y2NQKP  WDyDRepJltZrpR
SfH
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information

----------


## GeorgeS

А график за февраль будет опубликован?

----------


## ike

Поддерживаю GeorgeS по данному вопросу. Каждый день захожу, смотрю не появился ли график за февраль.

----------


## IgorKr

Файл DrShark_cracked.exe получен 2009.03.11 14:31:44 (CET)
Текущий статус: закончено 
Результат: 9/39 (23.08%)




> a-squared	-	-	-
> AhnLab-V3	-	-	-
> *AntiVir	-	-	TR/Drop.RKit.CM*
> Authentium	-	-	-
> Avast	-	-	-
> *AVG	-	-	Downloader.Generic_r.DA*
> BitDefender	-	-	-
> *CAT-QuickHeal	-	-	(Suspicious) - DNAScan*
> ClamAV	-	-	-
> ...


Дополнительная информация
MD5: 7b60db539c761b2babd2d15f2b49f525
SHA1: b3bc4af1e0b5cf052012d3b109b41f642721db3f
SHA256: 375072eab89a611d7f82be38d4ba7b2c7aa366cb5f7fcb5d15  5a1b3f4b36f1a4
SHA512: 212aa4fd7ebc996d09a8339f207af2b6665325ea91fb4b264c  f887e14c9dc32460dce745dbb37a99b13a8ae20436a41c13ab  f1273db322b4aa1f1f729beb5afb

*Добавлено через 13 минут*

Файл mouth_drillers_keygen.exe получен 2009.03.11 00:40:20 (CET)
Текущий статус: закончено 
Результат: 11/39 (28.21%)




> *a-squared	4.0.0.101	2009.03.10	Trojan.Win32.Bepiv!IK*
> AhnLab-V3	5.0.0.2	2009.03.10	-
> *AntiVir	7.9.0.107	2009.03.10	TR/Drop.RKit.CM*
> Authentium	5.1.0.4	2009.03.10	-
> Avast	4.8.1335.0	2009.03.10	-
> *AVG	8.0.0.237	2009.03.10	Downloader.Generic_r.DA*
> BitDefender	7.2	2009.03.11	-
> *CAT-QuickHeal	10.00	2009.03.10	(Suspicious) - DNAScan*
> ClamAV	0.94.1	2009.03.10	-
> ...


Tamano archivo: 423936 bytes
MD5...: 3d085efeb45e1235dd20f32fef05d9f5
SHA1..: fa10896649a0ec80b206b0fc63b5be17ee9ff868
SHA256: 4f89a1911484c61caf4af3412cbcf9abdb052a55bf8e307412  4fadbb20bff7e6
SHA512: cbd6179648adc70143f34e08160a0d9cefb97bca9a9f770231  75b8ba4d1bdff5
280fa19dd5d56c2d6e4f833347fa91b8c3131b29e5d5edabff  2563ab9d225d98
ssdeep: 6144:yKkVQxrxKG9cUxMNuFFg0SRDA8k0PO5lTjJ8+nb/xznFl:BfxrxKG9cUxem
r2k0PKl3J8+bZzT
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x78516
timedatestamp.....: 0x49b35db2 (Sun Mar 08 05:54:58 2009)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x12192 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x14000 0xfa8c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x24000 0x39a4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x28000 0x3a480 0x2a000 4.11 2bee61ed43584c597a888b692b42b04a
.vmp0 0x63000 0x10944 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.vmp1 0x74000 0x3d074 0x3d200 7.95 057bdd7375ca355e49aad0d903075749
.reloc 0xb2000 0x98 0x200 1.91 7ce32232fd37f057468080eaef446b63

( 9 imports ) 
> KERNEL32.dll: GlobalLock
> USER32.dll: LoadCursorA
> ADVAPI32.dll: RegEnumKeyExA
> ole32.dll: CoTaskMemRealloc
> OLEAUT32.dll: -
> GDI32.dll: GetStockObject
> ntdll.dll: RtlFreeHeap
> KERNEL32.dll: LoadLibraryA, VirtualProtect, GetModuleFileNameA, ExitProcess
> USER32.dll: MessageBoxA

( 0 exports )

----------


## Rampant

File Putty.zip received on 03.13.2009 15:08:55 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED 
Result: 23/39 (58.98%)



> *a-squared 4.0.0.101 2009.03.13 Backdoor.Win32.Bifrose!IK* 
> AhnLab-V3 5.0.0.2 2009.03.13 - 
> *AntiVir 7.9.0.114 2009.03.13 BDS/Bifrose.abwo* 
> *Authentium 5.1.0.4 2009.03.13 W32/Backdoor2.DEIA* 
> Avast 4.8.1335.0 2009.03.12 - 
> AVG 8.0.0.237 2009.03.13 - 
> BitDefender 7.2 2009.03.13 - 
> *CAT-QuickHeal 10.00 2009.03.13 Backdoor.Bifrose.afuq* 
> ClamAV 0.94.1 2009.03.13 - 
> ...


File size: 217658 bytes 
MD5...: dbe5288e7b022eddfcefa03bb16705ce 
SHA1..: ee7fac7ae06f8a9b034c33dfae94bb99793c625e 
SHA256: ae4ec7685d1471a9f905bb984c9c055c7845fee539ff1369af  112a6c90f8967a 
SHA512: 882b308a46b36b79cdfdda9d4e267946adfe91bf3dcbf6fd72  79a6d7092c4819
448871475167d3d97969d84e79573366b67a61a9e5567222b5  0cfd9ec816082d 
ssdeep: 6144:5fIcYuyczDuxxuoATKgC9u1CH2hulI6Z6VLW4nxFZ2zzV  7r:xIcYuRDuxkF
TKteC2q8LWMv61
 PEiD..: - 
TrID..: File type identification
ZIP compressed archive (100.0%)

*Добавлено через 3 часа 6 минут*

File zar80.zip received on 03.13.2009 18:12:44 (CET)
Current status: Loading ... queued waiting scanning finished 
Result: 19/39 (48.72%)



> *a-squared 4.0.0.101 2009.03.13 Trojan.Win32.Agent!IK* 
> AhnLab-V3 5.0.0.2 2009.03.13 - 
> *AntiVir 7.9.0.114 2009.03.13 TR/AvKill.Y* 
> Authentium 5.1.0.4 2009.03.13 - 
> *Avast 4.8.1335.0 2009.03.12 Win32:AVKill-425* 
> AVG 8.0.0.237 2009.03.13 - 
> *BitDefender 7.2 2009.03.13 Trojan.Avkill.Y* 
> CAT-QuickHeal 10.00 2009.03.13 - 
> ClamAV 0.94.1 2009.03.13 - 
> ...


File size: 2234580 bytes 
MD5...: e1a120608f1737a2d9709caab14d9795 
SHA1..: 3ae600e731fcf40aaedd0c552104cb39d6c5282c 
SHA256: 270fece47b622b770dc74fd722af1a3ac3604795d3183ae850  a410adabffa50e 
SHA512: cffeb948a5677660d53b9409f6d59f9a5ba19234b14d266d65  6ad00f02b682d6
54cc10db2235a677579bc3acb85e0fb3a7d22548977465f538  11c79277ffa117 
ssdeep: 49152:G8P85o+2Hf23YbH4im7dGfcLcMWO0Hoh31nkVXZWk4ZS  vTC:Ge3HQYjrm7
duc990HohlnkVXZWH7

PEiD..: - 
TrID..: File type identification
ZIP compressed archive (100.0%) 
PEInfo: - 
packers (Kaspersky): Armadillo, WScript 
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=221491A80896B6071B0119D37  DDB5A005C35FA30' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=221491A80896B6071B0119D37  DDB5A005C35FA30</a> 
packers (F-Prot): ZIP, Unicode

----------


## IgorKr

Файл crack__2009__DrShark_.exe получен 2009.03.13 20:56:53 (CET)
Текущий статус:   закончено 
Результат: 4/39 (10.26%)




> a-squared	4.0.0.101	2009.03.13	-
> AhnLab-V3	5.0.0.2	2009.03.13	-
> AntiVir	7.9.0.114	2009.03.13	-
> Authentium	5.1.0.4	2009.03.13	-
> Avast	4.8.1335.0	2009.03.12	-
> *AVG	8.0.0.237	2009.03.13	SHeur2.VMT*
> BitDefender	7.2	2009.03.13	-
> CAT-QuickHeal	10.00	2009.03.13	-
> ClamAV	0.94.1	2009.03.13	-
> ...


Дополнительная информация
File size: 1574912 bytes
MD5...: 7368a35455b8df682be1bd6c928bf48f
SHA1..: f3f2ea8ca366d5bbf8052d2d5d483b8605ce1928
SHA256: d9c46f5f8f4c5e9406caf41cccf8358ceac58ab59f35bc3f70  99e531d90d3f60
SHA512: 492152ed9099ad766bacef7cc499175b4b0e60f680583c33d1  1ed808bb9a6289
adfb57d3ca75ca10de28c9928cc500943b8d31f9200f533dde  12555200d3445b
ssdeep: 24576:95oKLBZpodfxzOWNAhsTjFf7+j62IVPPT5A5khFNVVhB  XQsyIBo/XM/Kgu
4zG:96KlAdfVQG/V+ORPPFUkNVl5E8/KH
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d3c
timedatestamp.....: 0x3e800062 (Tue Mar 25 07:08:18 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8f74 0x9000 6.62 912623f777d72e09b3e33e3eb3b92ecc
.data 0xa000 0x1bec 0x400 4.25 b67e6b028734fe3692a3080d8ebfe3b1
.rsrc 0xc000 0x176eb4 0x177000 7.98 786e08e1e3a8cd10c31f94c7de1ffa9b

( 6 imports )
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GlobalFree, GlobalUnlock, GlobalLock, GetProcAddress, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalAlloc
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports )
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=2192E52A0B541BD1F001039F5  4E7B4000423A3DF' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=2192E52A0B541BD1F001039F5  4E7B4000423A3DF</a>
packers (F-Prot): CAB

*Добавлено через 14 минут*

Файл setup.exe получен 2009.03.13 21:04:12 (CET)
Текущий статус:    закончено 
Результат: 2/39 (5.13%)




> a-squared	4.0.0.101	2009.03.13	-
> AhnLab-V3	5.0.0.2	2009.03.13	-
> AntiVir	7.9.0.114	2009.03.13	-
> Authentium	5.1.0.4	2009.03.13	-
> Avast	4.8.1335.0	2009.03.13	-
> AVG	8.0.0.237	2009.03.13	-
> BitDefender	7.2	2009.03.13	-
> CAT-QuickHeal	10.00	2009.03.13	-
> ClamAV	0.94.1	2009.03.13	-
> ...


Дополнительная информация
File size: 566784 bytes
MD5...: 3405f8153c3703fd5fe0f114182fb786
SHA1..: d84d93c5f10e36fa1fc92a9da4e404bf2c8bd9bd
SHA256: c74c967fc49bc52827256076443794e69c92c94ca566816554  58b9f2e28547dc
SHA512: 6c79fbcf5cc7d658614f9dacfafecd61b8f6d450f1c6f343a6  55b85b08046e1c
9169940ade3141cd11ab27f470b9994b5093a2f1690305e8a2  e4abc798b13cb9
ssdeep: 12288:9rQgZtTZtiRTmAndgcPxAR+Wnutrno5Hg/7SvTT3it:9CRTmqJ6R+WK2gu
rT3it
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d3c
timedatestamp.....: 0x3e800062 (Tue Mar 25 07:08:18 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8f74 0x9000 6.62 912623f777d72e09b3e33e3eb3b92ecc
.data 0xa000 0x1bec 0x400 4.25 b67e6b028734fe3692a3080d8ebfe3b1
.rsrc 0xc000 0x80d34 0x80e00 7.89 3e3af9bf02f5254927dd49dd93f800ba

( 6 imports ) 
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GlobalFree, GlobalUnlock, GlobalLock, GetProcAddress, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalAlloc
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports ) 
packers (F-Prot): CAB

*Добавлено через 4 минуты*

Файл DrShark_Genuine_Licence.exe получен 2009.03.13 21:07:16 (CET)
Текущий статус:   закончено 
Результат: 2/39 (5.13%)




> a-squared	4.0.0.101	2009.03.13	-
> AhnLab-V3	5.0.0.2	2009.03.13	-
> AntiVir	7.9.0.114	2009.03.13	-
> Authentium	5.1.0.4	2009.03.13	-
> Avast	4.8.1335.0	2009.03.13	-
> AVG	8.0.0.237	2009.03.13	-
> BitDefender	7.2	2009.03.13	-
> CAT-QuickHeal	10.00	2009.03.13	-
> ClamAV	0.94.1	2009.03.13	-
> ...


Дополнительная информация
File size: 1672704 bytes
MD5...: 6c105d240371a1ea5d36f755e1aff12a
SHA1..: e97e50e9d266d4de297ede4cc09a443813f18d5d
SHA256: 33fd00af172d3042be85e65eebf3d1d8155eb1eaf860523c43  a9928647c4d26b
SHA512: a47186e2d2a46611d859851998c9949c4f9ff404013460be06  55d8c80018fcd6
d6ca9ddbea1381f7e431a3c548d178f721ac280c5293420a0d  210c3769a15c00
ssdeep: 49152 :Lipsrsealed: bfNT8+u/TN1CQ08cTJ8IR42YU/ZuYZHFJCu5HZLE :Lipsrsealed: bfppc28C742YmIE
Y
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d3c
timedatestamp.....: 0x3e800062 (Tue Mar 25 07:08:18 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8f74 0x9000 6.62 912623f777d72e09b3e33e3eb3b92ecc
.data 0xa000 0x1bec 0x400 4.25 b67e6b028734fe3692a3080d8ebfe3b1
.rsrc 0xc000 0x18edf8 0x18ee00 7.99 f42b03ac3ca5c83e9ef260eb47be032e

( 6 imports ) 
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GlobalFree, GlobalUnlock, GlobalLock, GetProcAddress, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalAlloc
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports ) 
packers (F-Prot): CAB

----------


## IgorKr

Файл __2008___DrShark_.exe получен 2009.03.16 22:27:07 (CET)
Текущий статус:    закончено 
Результат: 2/39 (5.13%)




> a-squared	4.0.0.101	2009.03.16	-
> AhnLab-V3	5.0.0.2	2009.03.16	-
> AntiVir	7.9.0.116	2009.03.16	-
> Authentium	5.1.0.4	2009.03.16	-
> Avast	4.8.1335.0	2009.03.16	-
> AVG	8.0.0.237	2009.03.16	-
> BitDefender	7.2	2009.03.16	-
> CAT-QuickHeal	10.00	2009.03.16	-
> ClamAV	0.94.1	2009.03.16	-
> ...


Дополнительная информация
File size: 566784 bytes
MD5...: aab7c653e1fba61444586e0852542b1a
SHA1..: 6199f548571059a9cef109ec5cf60077c9257e9b
SHA256: 46cb057568bb775e396f8da92462b3d8a767a638afccaf5d3a  01fd011c66e33a
SHA512: dc140248202164d22ffb01268c4625827a668ec2c4ff41c39a  47b5b0bb0c5efd
1f8b0e72f1aa0079ee09f665a9ea2b1474e521eef3d4656154  6a523e8c2bbbea
ssdeep: 12288 :Cheesy: r+gZtTZtARTmAndgcPxAR+Wnutrno5Hg/7SvT :Cheesy: eRTmqJ6R+WK2gur
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d3c
timedatestamp.....: 0x3e800062 (Tue Mar 25 07:08:18 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8f74 0x9000 6.62 912623f777d72e09b3e33e3eb3b92ecc
.data 0xa000 0x1bec 0x400 4.25 b67e6b028734fe3692a3080d8ebfe3b1
.rsrc 0xc000 0x80d34 0x80e00 7.89 afdf07fc94a111c9a955e17d487dc861

( 6 imports ) 
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GlobalFree, GlobalUnlock, GlobalLock, GetProcAddress, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalAlloc
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports ) 
packers (F-Prot): CAB

*Добавлено через 5 минут*

Файл ScreenSavers_DrShark_.exe получен 2009.03.16 22:33:16 (CET)
Текущий статус:   закончено 
Результат: 16/38 (42.11%)




> a-squared	4.0.0.101	2009.03.16	-
> AhnLab-V3	5.0.0.2	2009.03.16	-
> AntiVir	7.9.0.116	2009.03.16	-
> Authentium	5.1.0.4	2009.03.16	-
> *Avast	4.8.1335.0	2009.03.16	Win32:Trojan-gen {Other}
> AVG	8.0.0.237	2009.03.16	Downloader.Generic8.YCV
> BitDefender	7.2	2009.03.16	MemScan:Trojan.Generic.1465213*
> CAT-QuickHeal	10.00	2009.03.16	-
> ClamAV	0.94.1	2009.03.16	-
> ...


Дополнительная информация
File size: 1435136 bytes
MD5...: 5faec4b43d7aa5a72a001c0a64859779
SHA1..: 91ef6d83f894bde1312de147e7fa6b68da9d2b61
SHA256: 842858a38b7d3e54f1a45b3a9559cefb93c5c5473b069a31be  23deaaf48afbc7
SHA512: 04f6ab696ee0f4b5d95ef82c34a28f70018817f46e24f1e2e2  ebf5d984964598
92e2524f1c06e0738fddfe538280d064173015769a2a44d2eb  4d804e934644f1
ssdeep: 24576:6yoDHoBlcCfUwwPgdwrI80POSzRlJ7UIe+p0JvT6zD+V  jVa53h6R:6jDHo
Blcq/wPZ8/bJ75uT6z6ih6
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d3c
timedatestamp.....: 0x3e800062 (Tue Mar 25 07:08:18 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8f74 0x9000 6.62 912623f777d72e09b3e33e3eb3b92ecc
.data 0xa000 0x1bec 0x400 4.25 b67e6b028734fe3692a3080d8ebfe3b1
.rsrc 0xc000 0x154c38 0x154e00 7.97 42fb972561cb463a3103f935f376ab48

( 6 imports ) 
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GlobalFree, GlobalUnlock, GlobalLock, GetProcAddress, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalAlloc
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports ) 
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=E6D7359B50835C05900000A22  47B7B009C91D684' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=E6D7359B50835C05900000A22  47B7B009C91D684</a>
packers (Kaspersky): PE_Patch.UPX, UPX, Edit
packers (F-Prot): CAB, RAR

*Добавлено через 11 минут*

Файл _ver_5.00.0__10.02.2009___DrShark получен 2009.03.16 22:46:02 (CET)
Текущий статус:    закончено 
Результат: 2/39 (5.13%)




> a-squared	4.0.0.101	2009.03.16	-
> AhnLab-V3	5.0.0.2	2009.03.16	-
> AntiVir	7.9.0.116	2009.03.16	-
> Authentium	5.1.0.4	2009.03.16	-
> Avast	4.8.1335.0	2009.03.16	-
> AVG	8.0.0.237	2009.03.16	-
> BitDefender	7.2	2009.03.16	-
> CAT-QuickHeal	10.00	2009.03.16	-
> ClamAV	0.94.1	2009.03.16	-
> ...


Дополнительная информация
File size: 2033664 bytes
MD5...: 91cf31d90d899030daf81729cf5b4a94
SHA1..: e3758b60a2cfc3ade6109ea72058a9d89d61763d
SHA256: 6ac9627a497b70c1ac9f544b82a5384106d1e28bda6bc50d32  c4fef2bce7a575
SHA512: 2d50a37a0c596a27634f54f0aa8e2815f320702323e8184854  938589cab6493b
360210a97d2c8c25a6fc87fc9b6f4e2e16723f8f8245e185cc  880ce4cd13cd29
ssdeep: 49152:Q3tCX51cJFzPELRzEDS0iv9fFWkdIekgJ8EM7:Q3tSIF  byRaMwkdIouE
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d3c
timedatestamp.....: 0x3e800062 (Tue Mar 25 07:08:18 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8f74 0x9000 6.62 912623f777d72e09b3e33e3eb3b92ecc
.data 0xa000 0x1bec 0x400 4.25 b67e6b028734fe3692a3080d8ebfe3b1
.rsrc 0xc000 0x1e6ec4 0x1e7000 7.99 daa581e9aec8b8636492f29e94dadccd

( 6 imports ) 
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GlobalFree, GlobalUnlock, GlobalLock, GetProcAddress, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalAlloc
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports ) 
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=3190B3A700D2FFF4704F012DD  DE82A0032D1F3A5' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=3190B3A700D2FFF4704F012DD  DE82A0032D1F3A5</a>
packers (F-Prot): CAB

----------


## Hanson

Файл avz00001.dta (twex.exe) получен 2009.03.17 09:31:37 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 10/39 (25.65%)


```
Антивирус  	Версия  	Обновление  	Результат
a-squared	4.0.0.101	2009.03.17	-
AhnLab-V3	5.0.0.2	2009.03.16	-
AntiVir	7.9.0.116	2009.03.17	TR/Dropper.Gen
Authentium	5.1.0.4	2009.03.17	-
Avast	4.8.1335.0	2009.03.16	Win32:Rootkit-gen
AVG	8.0.0.237	2009.03.16	-
BitDefender	7.2	2009.03.17	-
CAT-QuickHeal	10.00	2009.03.17	(Suspicious) - DNAScan
ClamAV	0.94.1	2009.03.17	-
Comodo	1060	2009.03.16	-
DrWeb	4.44.0.09170	2009.03.17	Trojan.PWS.Panda.106
eSafe	7.0.17.0	2009.03.15	-
eTrust-Vet	31.6.6388	2009.03.09	-
F-Prot	4.4.4.56	2009.03.16	-
F-Secure	8.0.14470.0	2009.03.17	Trojan-Spy.Win32.Zbot.pox
Fortinet	3.117.0.0	2009.03.17	-
GData	19	2009.03.17	Win32:Rootkit-gen
Ikarus	T3.1.1.45.0	2009.03.17	-
K7AntiVirus	7.10.673	2009.03.16	-
Kaspersky	7.0.0.125	2009.03.17	Trojan-Spy.Win32.Zbot.pox
McAfee	5555	2009.03.16	-
McAfee+Artemis	5555	2009.03.16	-
McAfee-GW-Edition	6.7.6	2009.03.17	Trojan.Dropper.Gen
Microsoft	1.4405	2009.03.17	PWS:Win32/Zbot.gen!R
NOD32	3941	2009.03.17	-
Norman	6.00.06	2009.03.16	-
nProtect	2009.1.8.0	2009.03.17	-
Panda	10.0.0.10	2009.03.16	-
PCTools	4.4.2.0	2009.03.16	-
Prevx1	V2	2009.03.17	-
Rising	21.21.11.00	2009.03.17	-
Sophos	4.39.0	2009.03.17	-
Sunbelt	3.2.1858.2	2009.03.17	-
Symantec	1.4.4.12	2009.03.17	-
TheHacker	6.3.3.0.283	2009.03.16	-
TrendMicro	8.700.0.1004	2009.03.17	-
VBA32	3.12.10.1	2009.03.16	Trojan-Spy.Win32.Zbot
ViRobot	2009.3.17.1651	2009.03.17	-
VirusBuster	4.6.5.0	2009.03.16	-
```

*Добавлено через 2 минуты*

Файл avz00002.dta (uvsync.sys)получен 2009.03.17 09:32:35 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 16/39 (41.03%)


```
Антивирус  	Версия  	Обновление  	Результат
a-squared	4.0.0.101	2009.03.17	Backdoor.Win32.Haxdoor!IK
AhnLab-V3	5.0.0.2	2009.03.16	-
AntiVir	7.9.0.116	2009.03.17	-
Authentium	5.1.0.4	2009.03.17	-
Avast	4.8.1335.0	2009.03.16	-
AVG	8.0.0.237	2009.03.16	PSW.Generic7.LS
BitDefender	7.2	2009.03.17	Trojan.Spy.Goldun.NCN
CAT-QuickHeal	10.00	2009.03.17	-
ClamAV	0.94.1	2009.03.17	-
Comodo	1060	2009.03.16	-
DrWeb	4.44.0.09170	2009.03.17	-
eSafe	7.0.17.0	2009.03.15	-
eTrust-Vet	31.6.6388	2009.03.09	Win32/ProcHide!generic
F-Prot	4.4.4.56	2009.03.16	-
F-Secure	8.0.14470.0	2009.03.17	Trojan-Spy.Win32.Goldun.bwi
Fortinet	3.117.0.0	2009.03.17	-
GData	19	2009.03.17	Trojan.Spy.Goldun.NCN
Ikarus	T3.1.1.45.0	2009.03.17	Backdoor.Win32.Haxdoor
K7AntiVirus	7.10.673	2009.03.16	-
Kaspersky	7.0.0.125	2009.03.17	Trojan-Spy.Win32.Goldun.bwi
McAfee	5555	2009.03.16	-
McAfee+Artemis	5555	2009.03.16	Generic!Artemis
McAfee-GW-Edition	6.7.6	2009.03.17	-
Microsoft	1.4405	2009.03.17	Backdoor:Win32/Haxdoor
NOD32	3941	2009.03.17	-
Norman	6.00.06	2009.03.16	-
nProtect	2009.1.8.0	2009.03.17	-
Panda	10.0.0.10	2009.03.16	Trj/CI.A
PCTools	4.4.2.0	2009.03.16	-
Prevx1	V2	2009.03.17	Medium Risk Malware
Rising	21.21.11.00	2009.03.17	RootKit.Win32.Agent.epu
Sophos	4.39.0	2009.03.17	-
Sunbelt	3.2.1858.2	2009.03.17	Goldun.Fam
Symantec	1.4.4.12	2009.03.17	-
TheHacker	6.3.3.0.283	2009.03.16	Trojan/Spy.Goldun.bwi
TrendMicro	8.700.0.1004	2009.03.17	-
VBA32	3.12.10.1	2009.03.16	suspected of Rootkit.Agent.10 (paranoid heuristics)
ViRobot	2009.3.17.1651	2009.03.17	-
VirusBuster	4.6.5.0	2009.03.16	-
```

----------


## Surfer

Файл contact.exe получен 2009.03.19 10:06:14 (CET)
Результат: 5/39 (12.83%)



```
a-squared	4.0.0.101	2009.03.19	-
AhnLab-V3	5.0.0.2	2009.03.19	-
AntiVir	7.9.0.120	2009.03.18	-
Authentium	5.1.2.4	2009.03.18	-
Avast	4.8.1335.0	2009.03.18	-
AVG	8.5.0.283	2009.03.19	-
BitDefender	7.2	2009.03.19	-
CAT-QuickHeal	10.00	2009.03.19	-
ClamAV	0.94.1	2009.03.19	-
Comodo	1066	2009.03.18	-
DrWeb	4.44.0.09170	2009.03.19	-
eSafe	7.0.17.0	2009.03.18	-
eTrust-Vet	31.6.6388	2009.03.09	-
F-Prot	4.4.4.56	2009.03.18	-
F-Secure	8.0.14470.0	2009.03.19	-
Fortinet	3.117.0.0	2009.03.19	-
GData	19	2009.03.19	-
Ikarus	T3.1.1.48.0	2009.03.19	-
K7AntiVirus	7.10.674	2009.03.17	-
Kaspersky	7.0.0.125	2009.03.19	-
McAfee	5557	2009.03.18	-
McAfee+Artemis	5557	2009.03.18	-
McAfee-GW-Edition	6.7.6	2009.03.18	Worm.LooksLike.Rbot
Microsoft	1.4502	2009.03.19	Trojan:Win32/Waledac.gen!A
NOD32	3947	2009.03.19	-
Norman	6.00.06	2009.03.18	Waledac.AJ
nProtect	2009.1.8.0	2009.03.19	-
Panda	10.0.0.10	2009.03.18	-
PCTools	4.4.2.0	2009.03.18	-
Prevx1	V2	2009.03.19	High Risk Cloaked Malware
Rising	21.21.31.00	2009.03.19	-
Sophos	4.39.0	2009.03.19	-
Sunbelt	3.2.1858.2	2009.03.19	-
Symantec	1.4.4.12	2009.03.19	-
TheHacker	6.3.3.0.285	2009.03.19	-
TrendMicro	8.700.0.1004	2009.03.19	-
VBA32	3.12.10.1	2009.03.18	suspected of Malware-Cryptor.Win32.General.4
ViRobot	2009.3.19.1655	2009.03.19	-
VirusBuster	4.6.5.0	2009.03.18	-
```

http://www.virustotal.com/ru/analisi...e2e0036e71f71b

----------


## senyak

Файл ygv.exe получен 2009.03.19 21:35:32 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 8/38 (21.06%)




> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.03.19	-
> AhnLab-V3	5.0.0.2	2009.03.19	-
> *AntiVir	7.9.0.120	2009.03.19	TR/Crypt.XPACK.Gen*
> Authentium	5.1.2.4	2009.03.19	-
> Avast	4.8.1335.0	2009.03.19	-
> AVG	8.5.0.283	2009.03.19	-
> BitDefender	7.2	2009.03.19	-
> *CAT-QuickHeal	10.00	2009.03.19	(Suspicious) - DNAScan*
> ...


Дополнительная информация
File size: 24064 bytes
MD5...: ae0cc33da9fa4e39f02f278ce70b0533
SHA1..: ae53e2ca0c1df0106b7138a22e1d3a3a158a9ae0
SHA256: 3436e7c3052bef71146e9e68cc8479a46669c7b9d24e6e42a6  a6e7910c161ece
SHA512: 8d1e3739d65a3a6d18b485eb4a0125316a1635ff49a6169cf1  146fd66052f8ae
a98a124e859b63a32af9b8238cc9802dea969d0985c0dfeea2  ea702ba52f1f45
ssdeep: 384:2lIZq4A+4UMa9UVxVYCUP3Dq89HPsr8vh9tAwotXuPdI9P  w+nXGN:2lsafaa
VwTPT39HPsgp9tSteK9tnXY
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)

----------


## ZhIV

Файл eawnxi.exe получен 2009.03.23 06:18:40 (CET)

```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.03.23	-
AhnLab-V3	5.0.0.2	2009.03.22	-
AntiVir	7.9.0.120	2009.03.22	Worm/Autorun.esq
Authentium	5.1.2.4	2009.03.23	-
Avast	4.8.1335.0	2009.03.23	-
AVG	8.5.0.283	2009.03.22	-
BitDefender	7.2	2009.03.23	-
CAT-QuickHeal	10.00	2009.03.23	-
ClamAV	0.94.1	2009.03.23	-
Comodo	1080	2009.03.22	Unclassified Malware
DrWeb	4.44.0.09170	2009.03.23	-
eSafe	7.0.17.0	2009.03.19	Win32.Worm.AutoRun.u
eTrust-Vet	31.6.6409	2009.03.20	-
F-Prot	4.4.4.56	2009.03.23	-
F-Secure	8.0.14470.0	2009.03.23	-
Fortinet	3.117.0.0	2009.03.22	-
GData	19	2009.03.23	-
Ikarus	T3.1.1.48.0	2009.03.23	-
K7AntiVirus	7.10.678	2009.03.21	-
Kaspersky	7.0.0.125	2009.03.23	-
McAfee	5561	2009.03.22	-
McAfee+Artemis	5561	2009.03.22	-
McAfee-GW-Edition	6.7.6	2009.03.22	Worm.Autorun.esq
Microsoft	1.4502	2009.03.22	-
NOD32	3953	2009.03.21	-
Norman	6.00.06	2009.03.20	-
nProtect	2009.1.8.0	2009.03.23	-
Panda	10.0.0.10	2009.03.22	-
PCTools	4.4.2.0	2009.03.22	-
Prevx1	V2	2009.03.23	-
Rising	21.22.00.00	2009.03.23	-
Sophos	4.39.0	2009.03.23	-
Sunbelt	3.2.1858.2	2009.03.22	-
Symantec	1.4.4.12	2009.03.23	-
TheHacker	6.3.3.4.287	2009.03.23	W32/AutoRun.esq
TrendMicro	8.700.0.1004	2009.03.23	-
VBA32	3.12.10.1	2009.03.23	-
ViRobot	2009.3.23.1659	2009.03.23	-
VirusBuster	4.6.5.0	2009.03.22	-
```

Дополнительная информация
File size: 97791 bytes
MD5...: df7ebd547e890c70d0e802454168b346
SHA1..: 4e6f4197ee2563ed06946c6016d4fac1082ed1fe
SHA256: dfa991a20f3c184292e2eb3500ebfa3466bcaa06ae0d84e893  3df9f18c7302f1
SHA512: 182a46b08005b3a7ac4f9a1738d52ad6c667721472a86a989f  f2c305c952d027<BR>25cd75c39cc2e2f93c9aefb9709c3b79  19a06bc3cec4b224179d5061bc1962f7
ssdeep: 1536:YEwOnbNQKLjWDyy1o5RepJUEbooPRrKKRSq6Hn:Y2NQKP  WDyDRepJltZrpR<BR>SfH<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (53.1%)<BR>Windows Screen Saver (18.4%)<BR>Win32 Executable Generic (12.0%)<BR>Win32 Dynamic Link Library (generic) (10.6%)<BR>Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information

----------


## berkut_v

File ___8_____________1.xls (ж_8 бюджет1.xls) received on 03.24.2009 10:13:05 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED 


Result: 2/39 (5.13%)



```
Antivirus Version Last Update Result 
a-squared 4.0.0.101 2009.03.24 - 
AhnLab-V3 5.0.0.2 2009.03.24 - 
AntiVir 7.9.0.120 2009.03.24 EXP/Office.Dropper.Gen 
Authentium 5.1.2.4 2009.03.23 - 
Avast 4.8.1335.0 2009.03.23 - 
AVG 8.5.0.283 2009.03.23 - 
BitDefender 7.2 2009.03.24 - 
CAT-QuickHeal 10.00 2009.03.24 - 
ClamAV 0.94.1 2009.03.24 - 
Comodo 1082 2009.03.23 - 
DrWeb 4.44.0.09170 2009.03.24 - 
eSafe 7.0.17.0 2009.03.23 - 
eTrust-Vet 31.6.6414 2009.03.24 - 
F-Prot 4.4.4.56 2009.03.23 - 
F-Secure 8.0.14470.0 2009.03.24 - 
Fortinet 3.117.0.0 2009.03.24 - 
GData 19 2009.03.24 - 
Ikarus T3.1.1.48.0 2009.03.24 - 
K7AntiVirus 7.10.679 2009.03.23 - 
Kaspersky 7.0.0.125 2009.03.24 - 
McAfee 5562 2009.03.23 - 
McAfee+Artemis 5562 2009.03.23 - 
McAfee-GW-Edition 6.7.6 2009.03.24 Exploit.Office.Dropper.Gen 
Microsoft 1.4502 2009.03.24 - 
NOD32 3956 2009.03.24 - 
Norman 6.00.06 2009.03.23 - 
nProtect 2009.1.8.0 2009.03.24 - 
Panda 10.0.0.10 2009.03.24 - 
PCTools 4.4.2.0 2009.03.23 - 
Prevx1 V2 2009.03.24 - 
Rising 21.22.12.00 2009.03.24 - 
Sophos 4.39.0 2009.03.24 - 
Sunbelt 3.2.1858.2 2009.03.23 - 
Symantec 1.4.4.12 2009.03.24 - 
TheHacker 6.3.3.4.288 2009.03.24 - 
TrendMicro 8.700.0.1004 2009.03.24 - 
VBA32 3.12.10.1 2009.03.23 - 
ViRobot 2009.3.23.1660 2009.03.24 - 
VirusBuster 4.6.5.0 2009.03.23 -
```

Additional information 
File size: 110080 bytes 
MD5...: 3460754ac443f614434225ab8a3fbe38 
SHA1..: 2800ec7a931893109f0f28bc1ae00d89081f46cd 
SHA256: d1c1ed8f6325dc0b52ed4a663c844ae667aa4a5d79e3119efc  3945e91d4f8509 
SHA512: 9322c48ef644b6f1f8e5350bf732678691ecfb04c457cb688d  a7b894379b2b37
59c8b8466e2befd717a32e7c987931f2a1927a6179413f701d  c7c7e9829b72e9 
ssdeep: 768:CxTdfKsdNGTtLtV4mzX2c3TWh7JvGMdl12q9Cr1JPdd49Z  A7F7TK+BT0EbDu
Vg:+hvGbP3TWt1Gw1j9Cp3

PEiD..: - 
TrID..: File type identification
Microsoft Excel sheet (78.9%)
Generic OLE2 / Multistream Compound File (21.0%)

*Добавлено через 3 часа 54 минуты*

в предыдущем отлове только 16 антивирусов отлавливали
File macyjf.exe received on 03.24.2009 14:13:29 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED 
Result: 33/40 (82.5%)



```
Antivirus Version Last Update Result 
a-squared 4.0.0.101 2009.03.24 Trojan.Win32.Autoit!IK 
AhnLab-V3 5.0.0.2 2009.03.24 Win-Trojan/Midgare.236544 
AntiVir 7.9.0.120 2009.03.24 TR/Onlinegames.A3 
Antiy-AVL 2.0.3.1 2009.03.24 - 
Authentium 5.1.2.4 2009.03.23 W32/Trojan3.AIQ 
Avast 4.8.1335.0 2009.03.23 Win32:Agent-AEEP 
AVG 8.5.0.283 2009.03.23 Worm/Autoit.LQN 
BitDefender 7.2 2009.03.24 Worm.Generic.41831 
CAT-QuickHeal 10.00 2009.03.24 Backdoor.Agent.adzv 
ClamAV 0.94.1 2009.03.24 Trojan.Autoit-72 
Comodo 1082 2009.03.23 TrojWare.Win32.Trojan.Agent.Gen 
DrWeb 4.44.0.09170 2009.03.24 Win32.HLLW.Autoruner.6013 
eSafe 7.0.17.0 2009.03.23 Win32.Autorun.worm.z 
eTrust-Vet 31.6.6414 2009.03.24 - 
F-Prot 4.4.4.56 2009.03.23 W32/Trojan3.AIQ 
F-Secure 8.0.14470.0 2009.03.24 Trojan.Win32.Agent2.efp 
Fortinet 3.117.0.0 2009.03.24 W32/Autorun.ZF!worm 
GData 19 2009.03.24 Worm.Generic.41831 
Ikarus T3.1.1.48.0 2009.03.24 Trojan.Win32.Autoit 
K7AntiVirus 7.10.679 2009.03.23 Trojan.Win32.Midgare.roo 
Kaspersky 7.0.0.125 2009.03.24 Trojan.Win32.Agent2.efp 
McAfee 5562 2009.03.23 W32/Autorun.worm.n 
McAfee+Artemis 5562 2009.03.23 W32/Autorun.worm.n 
McAfee-GW-Edition 6.7.6 2009.03.24 Trojan.Onlinegames.A3 
Microsoft 1.4502 2009.03.24 Worm:AutoIt/Renocide.gen!B 
NOD32 3957 2009.03.24 Win32/Packed.Autoit.Gen 
Norman 6.00.06 2009.03.23 W32/Smalltroj.LCYY 
nProtect 2009.1.8.0 2009.03.24 - 
Panda 10.0.0.10 2009.03.24 Trj/Agent.LPX 
PCTools 4.4.2.0 2009.03.24 - 
Prevx1 V2 2009.03.24 High Risk System Back Door 
Rising 21.22.12.00 2009.03.24 - 
Sophos 4.39.0 2009.03.24 Mal/Generic-A 
Sunbelt 3.2.1858.2 2009.03.23 - 
Symantec 1.4.4.12 2009.03.24 W32.Harakit 
TheHacker 6.3.3.4.288 2009.03.24 Trojan/Midgare.rvm 
TrendMicro 8.700.0.1004 2009.03.24 WORM_AUTORUN.HOZ 
VBA32 3.12.10.1 2009.03.23 Trojan.Autoit.gen 
ViRobot 2009.3.24.1661 2009.03.24 Trojan.Win32.Klone.345416.B 
VirusBuster 4.6.5.0 2009.03.23 -
```

Additional information 
File size: 345416 bytes 
MD5...: a68fed9bb2efde1ff0dca8dedff7a736 
SHA1..: f45a20db3894e39cedc1c8d211f48acb39889bff 
SHA256: 8e2d845d7cb056a05d1e10d2de82632fbeb2fb96edda7298d2  4e899d53ff1163 
SHA512: 5de48df6e28a5033080a42c27c88db8c9f28051fb9fddabcfb  1f85f4f0522bdb
86c86b8c21ccea289fb586a9df20a2823aedf460862594f508  9e8cc6e9d386f0 
ssdeep: 6144 :Lipsrsealed: jk1EHI7OyXfOe5JnVZFrv7p4TKcw5TCDx+a62foC0ji61D48js  o :Lipsrsealed: jGjPO
evnllBcCMfAC0j88Yo

PEiD..: - 
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x90ed0
timedatestamp.....: 0x4850e379 (Thu Jun 12 08:51:05 200 :Cool: 
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x57000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x58000 0x3a000 0x39200 7.92 e5dd1823a0945d13b9b1eafb53f1cd15
.rsrc 0x92000 0x1000 0x600 3.17 46fa8faf2149b0d50b1dadb772597c8c

( 13 imports ) 
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: RegCloseKey
> COMCTL32.dll: ImageList_Create
> comdlg32.dll: GetSaveFileNameW
> GDI32.dll: LineTo
> MPR.dll: WNetUseConnectionW
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHELL32.dll: DragFinish
> USER32.dll: GetDC
> VERSION.dll: VerQueryValueW
> WINMM.dll: timeGetTime
> WSOCK32.dll: -

( 0 exports ) 

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=38FE752C48FF656A45B10527A  ABF3E00D8D6AEF3' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=38FE752C48FF656A45B10527A  ABF3E00D8D6AEF3</a>

----------


## rxx

File autorun.inf received on 03.25.2009 16:28:29 (CET)
Current status:    finished 
Result: 18/39 (46.16%)


```
Antivirus Version	Last Update	Result
a-squared	-	-	Worm.Win32.Conficker!IK
AhnLab-V3	-	-	-
AntiVir	-	-	-
Antiy-AVL	-	-	-
Authentium	-	-	-
Avast	-	-	-
AVG	-	-	Worm/Generic_c.ZW
BitDefender	-	-	Worm.Autorun.VHG
CAT-QuickHeal	-	-	-
ClamAV	-	-	Worm.Autorun-1838
Comodo	-	-	Worm.Win32.AutoRun.etg
DrWeb	-	-	Win32.HLLW.Shadow
eSafe	-	-	-
eTrust-Vet	-	-	INF/Conficker
F-Prot	-	-	-
F-Secure	-	-	Worm:W32/Downaduprun.A
Fortinet	-	-	-
GData	-	-	Worm.Autorun.VHG
Ikarus	-	-	Worm.Win32.Conficker
K7AntiVirus	-	-	-
Kaspersky	-	-	-
McAfee	-	-	-
McAfee+Artemis	-	-	-
McAfee-GW-Edition	-	-	-
Microsoft	-	-	Worm:Win32/Conficker.B!inf
NOD32	-	-	INF/Conficker
Norman	-	-	-
nProtect	-	-	-
Panda	-	-	-
PCTools	-	-	-
Prevx1	-	-	-
Rising	-	-	-
Sophos	-	-	Mal/ConfInf-A
Sunbelt	-	-	INF.Autorun (v)
Symantec	-	-	W32.Downadup!autorun
TheHacker	-	-	W32/Conficker.autorunL
TrendMicro	-	-	TROJ_DOWNAD.AF
VBA32	-	-	Trojan.Autorun.gen
ViRobot	-	-	-
VirusBuster	-	-	INF.Conficker.F
```

Additional information
File size: 59306 bytes
MD5...: 060dc978741e7ff27686ca8885802623
SHA1..: 4e32ff1cf3243ce56ff278cc0924b601784463d1
SHA256: 4202574ee60beb13a329f4ba6f6bc55a6e3cfbdfccab929f50  024603d9cde020
SHA512: 6665cf3425448730ae8cf04d1d46b20ff088a915a912ed4061  136f44639dc10e
a469d38e636281f11850630cf92de41ba946bba2a0a4ef2266  cc5408dc587599
ssdeep: 1536:IS+zcVPpjrVmdmwGvp1kGEJ5V7hAUJcFc00LZ:+g9plmW  8PD2Gc2Z
PEiD..: -
TrID..: File type identification
Text - UTF-16 (LE) encoded (66.6%)
MP3 audio (33.3%)
PEInfo: -
RDS...: NSRL Reference Data Set
-
packers (F-Prot): Unicode

----------


## serjel

Файл A0045214.exe получен 2009.03.27 16:50:19 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО 


Результат: 8/39 (20.52%)




```
Антивирус Версия Обновление Результат 
a-squared 4.0.0.101 2009.03.27 - 
AhnLab-V3 5.0.0.2 2009.03.27 - 
AntiVir 7.9.0.129 2009.03.27 - 
Antiy-AVL 2.0.3.1 2009.03.27 - 
Authentium 5.1.2.4 2009.03.27 - 
Avast 4.8.1335.0 2009.03.26 - 
AVG 8.5.0.283 2009.03.27 - 
BitDefender 7.2 2009.03.27 - 
CAT-QuickHeal 10.00 2009.03.26 - 
ClamAV 0.94.1 2009.03.27 - 
Comodo 1086 2009.03.27 ApplicUnsaf.Win32.AdWare.Mycentria.~A 
DrWeb 4.44.0.09170 2009.03.27 Trojan.Mycentria.22 
eSafe 7.0.17.0 2009.03.26 Win32.Banker 
eTrust-Vet 31.6.6420 2009.03.27 - 
F-Prot 4.4.4.56 2009.03.27 - 
F-Secure 8.0.14470.0 2009.03.27 - 
Fortinet 3.117.0.0 2009.03.27 - 
GData 19 2009.03.27 - 
Ikarus T3.1.1.48.0 2009.03.27 - 
K7AntiVirus 7.10.683 2009.03.27 - 
Kaspersky 7.0.0.125 2009.03.27 - 
McAfee 5565 2009.03.26 potentially unwanted program Generic PUP 
McAfee+Artemis 5565 2009.03.26 potentially unwanted program Generic PUP 
McAfee-GW-Edition 6.7.6 2009.03.27 - 
Microsoft 1.4502 2009.03.27 - 
NOD32 3969 2009.03.27 Win32/Adware.Mycentria 
Norman 6.00.06 2009.03.27 - 
nProtect 2009.1.8.0 2009.03.27 - 
Panda 10.0.0.10 2009.03.27 - 
PCTools 4.4.2.0 2009.03.27 - 
Prevx1 V2 2009.03.27 Medium Risk Malware 
Rising 21.22.42.00 2009.03.27 - 
Sophos 4.40.0 2009.03.27 - 
Sunbelt 3.2.1858.2 2009.03.26 - 
Symantec 1.4.4.12 2009.03.27 - 
TheHacker 6.3.3.7.292 2009.03.26 - 
TrendMicro 8.700.0.1004 2009.03.27 - 
VBA32 3.12.10.1 2009.03.26 Win32.Adware.Mycentria 
ViRobot 2009.3.27.1666 2009.03.27 -
```

Дополнительная информация 
File size: 55586 bytes 
MD5...: 9f5bc21ebdc08e169168124221f5deab 
SHA1..: 8f9cda38451f1903a8e3da4ba8ff15927f8fc878 
SHA256: 611c6a838934f4312796f88721657c0bc46595aefbced64e4c  00c604b04d3536 
SHA512: 891f619bab571926629c8e07d508da34c27227e41dc0a62cda  cbaa9099e1da6f
9ff077ddad236592add893474cb7c878e033a6f80a26c30db9  e6eb2171069859 
ssdeep: 1536:FKDqJvz2xyM40DSmJAqAELVigPvtMOUheOs4d:FKDAfCD  SmJPAI0uP0eOBd

PEiD..: - 
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x315d
timedatestamp.....: 0x460e79c3 (Sat Mar 31 15:09:55 2007)
machinetype.......: 0x14c (I386)

----------


## Kuzz

Файл avz00025.dta получен 2009.03.30 12:22:02 (CET)
Текущий статус: закончено
Результат: 15/40 (37.5%)


```
a-squared 4.0.0.101 2009.03.30 Riskware.AdWare.Mywebsearch!IK 
AhnLab-V3 5.0.0.2 2009.03.30 - 
AntiVir 7.9.0.129 2009.03.30 - 
Antiy-AVL 2.0.3.1 2009.03.30 AdTool/Win32.MyWebSearch 
Authentium 5.1.2.4 2009.03.29 W32/HackTool.BAC 
Avast 4.8.1335.0 2009.03.29 - 
AVG 8.5.0.285 2009.03.29 - 
BitDefender 7.2 2009.03.30 - 
CAT-QuickHeal 10.00 2009.03.30 - 
ClamAV 0.94.1 2009.03.29 - 
Comodo 1089 2009.03.29 ApplicUnwnt.Win32.Toolbar.MyWebSearch 
DrWeb 4.44.0.09170 2009.03.30 - 
eSafe 7.0.17.0 2009.03.27 - 
eTrust-Vet 31.6.6424 2009.03.30 - 
F-Prot 4.4.4.56 2009.03.29 W32/HackTool.BAC 
F-Secure 8.0.14470.0 2009.03.30 - 
Fortinet 3.117.0.0 2009.03.30 W32/MyWebSearch 
GData 19 2009.03.30 - 
Ikarus T3.1.1.48.0 2009.03.30 not-a-virus:AdWare.Mywebsearch 
K7AntiVirus 7.10.684 2009.03.28 not-a-virus:AdTool.Win32.MyWebSearch.az 
Kaspersky 7.0.0.125 2009.03.30 - 
McAfee 5568 2009.03.29 potentially unwanted program MWS 
McAfee+Artemis 5568 2009.03.29 potentially unwanted program MWS 
McAfee-GW-Edition 6.7.6 2009.03.30 - 
Microsoft 1.4502 2009.03.30 - 
NOD32 3974 2009.03.30 Win32/Toolbar.MyWebSearch 
Norman 6.00.06 2009.03.27 - 
nProtect 2009.1.8.0 2009.03.30 Trojan-Clicker/W32.Toolbar.57344.B 
Panda 10.0.0.10 2009.03.29 Application/MyWebSearch 
PCTools 4.4.2.0 2009.03.29 - 
Prevx1 V2 2009.03.30 - 
Rising 21.23.03.00 2009.03.30 - 
Sophos 4.40.0 2009.03.30 - 
Sunbelt 3.2.1858.2 2009.03.29 - 
Symantec 1.4.4.12 2009.03.30 - 
TheHacker 6.3.3.9.296 2009.03.30 Adware/MyWebSearch.az 
TrendMicro 8.700.0.1004 2009.03.30 - 
VBA32 3.12.10.1 2009.03.29 - 
ViRobot 2009.3.30.1668 2009.03.30 Adware.AskBar.To.57344 
VirusBuster 4.6.5.0 2009.03.30 -
```

Дополнительная информация 
File size: 57344 bytes 
MD5...: 30e4c0a012ae80e8479523a8d9a3217f 
SHA1..: f5e602af05e25de625fd401f9492a66659ea20b7 
SHA256: 23b4fd1592eed3c2d06877fa909ed13985e0d3ca76db856cb2  16a1ec6af4c5cd 
SHA512: cd9e775e448c78bc370d4d208a6383308f596d01409d0909c0  cbfb34fe9adf2b
410764d3e9c245001d013581f97335edc70c1fb7c090c5e1c0  11d4e6342e52ca 
ssdeep: 768:iARygQiAOPjVbMVcEFjZW4ed44RO2/9IXH+jMF0MjaN5lJJwr6imhAlw:iAR
ygQAj+VcMd2VLMHON53Jw+imhAl

PEiD..: -

----------


## ZhIV

Файл avz00001.dta получен 2009.03.31 08:16:17 (CET)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.03.31	Packer.Krunchy!IK
AhnLab-V3	5.0.0.2	2009.03.31	-
AntiVir	7.9.0.129	2009.03.30	TR/Drop.Agent.akxp
Antiy-AVL	2.0.3.1	2009.03.30	-
Authentium	5.1.2.4	2009.03.30	W32/Heuristic-210!Eldorado
Avast	4.8.1335.0	2009.03.30	-
AVG	8.5.0.285	2009.03.30	SHeur2.YCD
BitDefender	7.2	2009.03.31	Packer.Krunchy.B
CAT-QuickHeal	10.00	2009.03.30	TrojanDropper.Agent.akxp
ClamAV	0.94.1	2009.03.31	-
Comodo	1090	2009.03.30	-
DrWeb	4.44.0.09170	2009.03.31	-
eSafe	7.0.17.0	2009.03.27	Suspicious File
eTrust-Vet	31.6.6425	2009.03.30	-
F-Prot	4.4.4.56	2009.03.30	W32/Heuristic-210!Eldorado
F-Secure	8.0.14470.0	2009.03.31	Trojan-Dropper.Win32.Agent.akxp
Fortinet	3.117.0.0	2009.03.31	PossibleThreat
GData	19	2009.03.31	Packer.Krunchy.B
Ikarus	T3.1.1.49.0	2009.03.31	Packer.Krunchy
K7AntiVirus	7.10.685	2009.03.30	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2009.03.31	Trojan-Dropper.Win32.Agent.akxp
McAfee	5569	2009.03.30	-
McAfee+Artemis	5569	2009.03.30	Generic!Artemis
McAfee-GW-Edition	6.7.6	2009.03.30	Trojan.Drop.Agent.akxp
Microsoft	1.4502	2009.03.31	Trojan:Win32/Meredrop
NOD32	3976	2009.03.30	Win32/IRCBot.AMC
Norman	6.00.06	2009.03.30	W32/Spybot.gen6
nProtect	2009.1.8.0	2009.03.31	-
Panda	10.0.0.10	2009.03.30	Generic Malware
PCTools	4.4.2.0	2009.03.30	Packed/FRBR
Prevx1	V2	2009.03.31	High Risk Worm
Rising	21.23.10.00	2009.03.31	Trojan.DL.Win32.Nodef.gd
Sophos	4.40.0	2009.03.31	-
Sunbelt	3.2.1858.2	2009.03.31	-
Symantec	1.4.4.12	2009.03.31	-
TheHacker	6.3.3.9.296	2009.03.30	Trojan/Dropper.Agent.akxp
TrendMicro	8.700.0.1004	2009.03.30	WORM_SPYBOT.AUM
VBA32	3.12.10.1	2009.03.29	-
ViRobot	2009.3.30.1668	2009.03.31	-
VirusBuster	4.6.5.0	2009.03.30	Packed/FRBR
```

Дополнительная информация
File size: 23552 bytes
MD5...: 202a1c4c061a09929398bce42001997f
SHA1..: 3a53f384a7f5d17ba01d018ba752b9b025577946
SHA256: a36da5ac32bd8f724dbecf1ecc302d397e1ff471c7a826eaa1  afb54bdcb4aa12
SHA512: adf0e7664b5117c5f410962f2a0dc2720ef5c05a8a2486f610  31a0575f85f3b2<BR>11b7a0ce3a1c2ba97373f4a0f562c7f3  a187b23966b2ba0c09b5dde3df78f5ce
ssdeep: 384:A0s9TUQHU43B5NKdnBEb4lW4vs3Zd7vuEMt1WSltv7Ekhl  SrFZjYHp7myKYb<BR>wXcE:A0OTUQP3nNzcxYBSlWXYtmVY0sx  Yp3h/<BR>
PEiD..: -

----------


## ZhIV

Файл ekfsgs.exe получен 2009.04.01 03:31:06 (CET)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.04.01	Trojan.Win32.Autoit!IK
AhnLab-V3	5.0.0.2	2009.03.31	Win-Trojan/Midgare.236544
AntiVir	7.9.0.129	2009.03.31	TR/Onlinegames.A3
Antiy-AVL	2.0.3.1	2009.03.31	Trojan/Win32.Agent2
Authentium	5.1.2.4	2009.03.31	W32/Trojan3.AIQ
Avast	4.8.1335.0	2009.03.31	Win32:Agent-AEEP
AVG	8.5.0.285	2009.03.31	Agent2.CK
BitDefender	7.2	2009.04.01	Trojan.Heur.AutoIT.1
CAT-QuickHeal	10.00	2009.03.31	Backdoor.Agent.adzv
ClamAV	0.94.1	2009.03.31	Trojan.Autoit-72
Comodo	1092	2009.03.31	-
DrWeb	4.44.0.09170	2009.04.01	-
eSafe	7.0.17.0	2009.03.31	Suspicious File
eTrust-Vet	31.6.6427	2009.03.31	-
F-Prot	4.4.4.56	2009.03.31	W32/Trojan3.AIQ
F-Secure	8.0.14470.0	2009.04.01	Trojan.Win32.Agent2.efp
Fortinet	3.117.0.0	2009.04.01	W32/Autorun.HOZ!worm
GData	19	2009.04.01	Trojan.Heur.AutoIT.1
Ikarus	T3.1.1.49.0	2009.04.01	Trojan.Win32.Autoit
K7AntiVirus	7.10.687	2009.03.31	Trojan.Win32.Midgare.roo
Kaspersky	7.0.0.125	2009.04.01	Trojan.Win32.Agent2.efp
McAfee	5570	2009.03.31	W32/Autorun.worm.n
McAfee+Artemis	5570	2009.03.31	W32/Autorun.worm.n
McAfee-GW-Edition	6.7.6	2009.03.31	Trojan.Onlinegames.A3
Microsoft	1.4502	2009.04.01	-
NOD32	3978	2009.03.31	Win32/Packed.Autoit.Gen
Norman	6.00.06	2009.03.31	W32/Smalltroj.LCYY
nProtect	2009.1.8.0	2009.03.31	Trojan/W32.Agent2.336590
Panda	10.0.0.14	2009.03.31	Trj/Agent.LPX
PCTools	4.4.2.0	2009.03.31	-
Prevx1	V2	2009.04.01	-
Rising	21.23.12.00	2009.03.31	-
Sophos	4.40.0	2009.03.31	-
Sunbelt	3.2.1858.2	2009.04.01	-
Symantec	1.4.4.12	2009.04.01	Infostealer
TheHacker	6.3.3.9.298	2009.04.01	Trojan/Midgare.rvm
TrendMicro	8.700.0.1004	2009.03.31	WORM_AUTORUN.HOZ
VBA32	3.12.10.1	2009.03.31	Trojan.Autoit.gen
ViRobot	2009.3.31.1669	2009.03.31	-
VirusBuster	4.6.5.0	2009.03.31	Trojan.Autoit.MB
```

Дополнительная информация
File size: 336590 bytes
MD5...: aaf6347999670bd093b5c81c89589d6e
SHA1..: e8e8b5b6f7955d003f502cacefeb74c20706b443
SHA256: 025487b75ca057d42034b02bfb28ee474ac8274771fdb0896c  ee3c3267c94d87
SHA512: 97a81f82249245a1c3460d52afea26d346999ee5edafb7a778  12e28603c82675<BR>67ca4eb3120c07541d8094856fc6ec7c  b6e03926149ec0e4ae2ef074c234c849
ssdeep: 6144:Ijk1EHI7OyXfOe5JnVZFrv7p4TKcw5TCg5FUq0F4h/4k:IjGjPOevnllBcC<BR>5FX02h/4k<BR>
PEiD..: -

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Surfer

Файл save.exe получен 2009.04.01 10:05:23 (CET)
Результат: 6/39 (15.39%)



```
a-squared	4.0.0.101	2009.04.01	-
AhnLab-V3	5.0.0.2	2009.04.01	-
AntiVir	7.9.0.129	2009.04.01	-
Antiy-AVL	2.0.3.1	2009.04.01	-
Authentium	5.1.2.4	2009.03.31	-
Avast	4.8.1335.0	2009.03.31	-
AVG	8.5.0.285	2009.03.31	Win32/Cryptor
BitDefender	7.2	2009.04.01	-
CAT-QuickHeal	10.00	2009.04.01	-
ClamAV	0.94.1	2009.04.01	-
Comodo	1092	2009.03.31	-
eSafe	7.0.17.0	2009.03.31	-
eTrust-Vet	31.6.6427	2009.03.31	-
F-Prot	4.4.4.56	2009.03.31	-
F-Secure	8.0.14470.0	2009.04.01	-
Fortinet	3.117.0.0	2009.04.01	W32/PackWaledac.C
GData	19	2009.04.01	-
Ikarus	T3.1.1.49.0	2009.04.01	-
K7AntiVirus	7.10.687	2009.03.31	-
Kaspersky	7.0.0.125	2009.04.01	-
McAfee	5570	2009.03.31	New Malware.bx
McAfee+Artemis	5570	2009.03.31	New Malware.bx
McAfee-GW-Edition	6.7.6	2009.04.01	-
Microsoft	1.4502	2009.04.01	Trojan:Win32/Waledac.gen!A
NOD32	3979	2009.03.31	a variant of Win32/Kryptik.LP
Norman	6.00.06	2009.03.31	-
nProtect	2009.1.8.0	2009.04.01	-
Panda	10.0.0.14	2009.03.31	-
PCTools	4.4.2.0	2009.03.31	-
Prevx1	V2	2009.04.01	-
Rising	21.23.20.00	2009.04.01	-
Sophos	4.40.0	2009.04.01	-
Sunbelt	3.2.1858.2	2009.04.01	-
Symantec	1.4.4.12	2009.04.01	-
TheHacker	6.3.4.0.298	2009.04.01	-
TrendMicro	8.700.0.1004	2009.04.01	-
VBA32	3.12.10.1	2009.03.31	-
ViRobot	2009.3.31.1670	2009.04.01	-
VirusBuster	4.6.5.0	2009.03.31	-
```

http://www.virustotal.com/ru/analisi...c9551622f17a18

----------


## Shu_b

итого за февраль - март

----------


## GeorgeS

http://www.virustotal.com/ru/analisi...ff7620ad200542

Результат: 9/39 (23.08%)
 Форматированные 
Печать результатов  Антивирус	Версия	Обновление	Результат
a-squared	-	-	Exploit.Office!IK
AhnLab-V3	-	-	-
AntiVir	-	-	EXP/Office.G
Antiy-AVL	-	-	-
Authentium	-	-	-
Avast	-	-	-
AVG	-	-	-
BitDefender	-	-	-
CAT-QuickHeal	-	-	-
ClamAV	-	-	-
Comodo	-	-	-
DrWeb	-	-	-
eSafe	-	-	-
eTrust-Vet	-	-	-
F-Prot	-	-	-
F-Secure	-	-	-
Fortinet	-	-	-
GData	-	-	-
Ikarus	-	-	Exploit.Office
K7AntiVirus	-	-	-
Kaspersky	-	-	-
McAfee	-	-	Exploit-1Table.b
McAfee+Artemis	-	-	Exploit-1Table.b
McAfee-GW-Edition	-	-	Exploit.Office.G
Microsoft	-	-	-
NOD32	-	-	-
Norman	-	-	ShellCode.B
nProtect	-	-	-
Panda	-	-	-
PCTools	-	-	-
Prevx1	-	-	-
Rising	-	-	-
Sophos	-	-	Troj/MalDoc-Fam
Sunbelt	-	-	-
Symantec	-	-	-
TheHacker	-	-	-
TrendMicro	-	-	-
VBA32	-	-	suspected of Exploit.Signature
ViRobot	-	-	-
Дополнительная информация
MD5: 96f47ab44b5ddad96531c03c50be8350
SHA1: 25612c5f85b93280e72b30940d56b8b31f6b8413
SHA256: 2f71a19178e7b09d49d87b12f7a5013bab49896ddb811bb08b  b6353ba3857e76
SHA512: 8143524c328cf0c0c254f378ca59a3115e19162becaa0d7de8  d4b3ab1c1c11530e8fd0598cbbc9c7ba9f2c5c89f362d6e29c  13c617553c63e4501ea0565905fb





> *Просьба публиковать полные результаты, в данном виде (неизвестно когда выполненная) подсчитываться не будет.*


Файл ______________________.doc получен 2009.03.28 19:37:05 (CET)
Добавил. Извиняюсь только начинаю слать. На компьютере стоят NOD32 BE 4 и Касперский СОС - оба соотв-но файл не приняли за вирус.

----------


## ZhIV

Файл actxprxy.dll получен 2009.04.07 04:42:28 (CET)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.04.07	Trojan-Downloader.Win32.Small!IK
AhnLab-V3	5.0.0.2	2009.04.06	-
AntiVir	7.9.0.138	2009.04.06	-
Antiy-AVL	2.0.3.1	2009.04.06	-
Authentium	5.1.2.4	2009.04.07	W32/Backdoor2.DWJU
Avast	4.8.1335.0	2009.04.06	Win32:Patched-JQ
AVG	8.5.0.285	2009.04.07	Win32/Patched.AC
BitDefender	7.2	2009.04.07	Trojan.Generic.1251266
CAT-QuickHeal	10.00	2009.04.06	TrojanDownloader.Small.ap
ClamAV	0.94.1	2009.04.06	-
Comodo	1101	2009.04.06	-
DrWeb	4.44.0.09170	2009.04.07	-
eSafe	7.0.17.0	2009.04.06	Win32.ActxHck.a
eTrust-Vet	31.6.6440	2009.04.07	-
F-Prot	4.4.4.56	2009.04.07	W32/Backdoor2.DWJU
F-Secure	8.0.14470.0	2009.04.07	-
Fortinet	3.117.0.0	2009.04.07	W32/ActxHck.A!tr
GData	19	2009.04.07	Trojan.Generic.1251266
Ikarus	T3.1.1.49.0	2009.04.07	Trojan-Downloader.Win32.Small
K7AntiVirus	7.10.694	2009.04.06	Trojan.Win32.Malware
Kaspersky	7.0.0.125	2009.04.07	-
McAfee	5576	2009.04.06	Generic.dx
McAfee+Artemis	5576	2009.04.06	Generic.dx
McAfee-GW-Edition	6.7.6	2009.04.06	-
Microsoft	1.4502	2009.04.07	-
NOD32	3990	2009.04.06	-
Norman	6.00.06	2009.04.06	W32/Downloader.UHH
nProtect	2009.1.8.0	2009.04.07	-
Panda	10.0.0.14	2009.04.06	Trj/CI.A
PCTools	4.4.2.0	2009.04.06	-
Prevx1	V2	2009.04.07	-
Rising	21.23.41.00	2009.04.03	Win32.Agent.bs
Sophos	4.40.0	2009.04.07	Troj/ActxHck-A
Sunbelt	3.2.1858.2	2009.04.06	Trojan.1
Symantec	1.4.4.12	2009.04.07	-
TheHacker	6.3.4.0.303	2009.04.07	-
TrendMicro	8.700.0.1004	2009.04.06	-
VBA32	3.12.10.2	2009.04.07	-
ViRobot	2009.4.6.1680	2009.04.06	-
VirusBuster	4.6.5.0	2009.04.06	Backdoor.Agent.IPDH

```

Дополнительная информация
File size: 98304 bytes
MD5...: 0b1213e1023872091024aaeae85de230
SHA1..: f23a4cb5478b3f0064f6aff171dd0d7791b0ee9f
SHA256: 0d9e22d5dc99e4c02d96441dbbb92e4767c965133250e3fb2c  ac850226578d1c
SHA512: a44228486f404dd69c2e3c6fa9f474f40b104d55d16d06b293  bd76123df93a40<BR>de08f167a35cf3b3317e88c1fe016dc9  3c1e52f86649be9d7228b59ea90d1e19
ssdeep: 1536:9ayC3Uhcf6vpvM6c9ZCwjkLwwLS+OikWVyBzo78:h5jcD  wv+7ikJBzog<BR>
PEiD..: -

*Добавлено через 9 минут*

Файл A06_1_.exe получен 2009.04.07 05:02:06 (CET)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.04.07	Generic.Onlinegames!IK
AhnLab-V3	5.0.0.2	2009.04.06	-
AntiVir	7.9.0.138	2009.04.06	TR/Crypt.XDR.Gen
Antiy-AVL	2.0.3.1	2009.04.06	-
Authentium	5.1.2.4	2009.04.07	W32/OnlineGames.CA.gen!Eldorado
Avast	4.8.1335.0	2009.04.06	Win32:Agent-ACMH
AVG	8.5.0.285	2009.04.07	Downloader.Zlob_r.FK
BitDefender	7.2	2009.04.07	Generic.Onlinegames.14.3AB5EF82
CAT-QuickHeal	10.00	2009.04.06	-
ClamAV	0.94.1	2009.04.06	-
Comodo	1101	2009.04.06	-
DrWeb	4.44.0.09170	2009.04.07	-
eSafe	7.0.17.0	2009.04.06	Suspicious File
eTrust-Vet	31.6.6440	2009.04.07	Win32/Gamepass!generic
F-Prot	4.4.4.56	2009.04.07	W32/OnlineGames.CA.gen!Eldorado
F-Secure	8.0.14470.0	2009.04.07	Trojan-GameThief.Win32.Magania.aydy
Fortinet	3.117.0.0	2009.04.07	SPY/LdPinch
GData	19	2009.04.07	Generic.Onlinegames.14.3AB5EF82
Ikarus	T3.1.1.49.0	2009.04.07	Generic.Onlinegames
K7AntiVirus	7.10.694	2009.04.06	Trojan-PSW.Win32.Magania.aydy
Kaspersky	7.0.0.125	2009.04.07	Trojan-GameThief.Win32.Magania.aydy
McAfee	5576	2009.04.06	Generic Dropper.eb
McAfee+Artemis	5576	2009.04.06	Generic Dropper.eb
McAfee-GW-Edition	6.7.6	2009.04.06	Trojan.Crypt.XDR.Gen
Microsoft	1.4502	2009.04.07	PWS:Win32/Ldpinch.BY
NOD32	3990	2009.04.06	probably a variant of Win32/PSW.OnLineGames.NRD
Norman	6.00.06	2009.04.06	-
nProtect	2009.1.8.0	2009.04.07	-
Panda	10.0.0.14	2009.04.06	Trj/Lineage.BZE
PCTools	4.4.2.0	2009.04.06	-
Prevx1	V2	2009.04.07	Medium Risk Malware Dropper
Rising	21.23.41.00	2009.04.03	-
Sophos	4.40.0	2009.04.07	Troj/LdPinch-SE
Sunbelt	3.2.1858.2	2009.04.06	Trojan-GameThief.Win32.Magania.aydy
Symantec	1.4.4.12	2009.04.07	Infostealer.Gampass
TheHacker	6.3.4.0.303	2009.04.07	Trojan/Magania.aydy
TrendMicro	8.700.0.1004	2009.04.06	Possible_Movly-1
VBA32	3.12.10.2	2009.04.07	Trojan-GameThief.Win32.Magania.aydy
ViRobot	2009.4.6.1680	2009.04.06	-
VirusBuster	4.6.5.0	2009.04.06	Trojan.DR.OnlineGames.Gen.118
```

Дополнительная информация
File size: 22142 bytes
MD5...: bda8924fbf125a97a1830ba60a6516f2
SHA1..: 7db492eae22ea8200f631ffa8561709d009b2221
SHA256: 32d44eb218461fafb2b36b1eb3d95231d4f7e7ac972f479614  937921096706ac
SHA512: 042118f5566def5e807b5c07dab7d90e449fb834dafeef6451  7b0c4e3380435d<BR>9f737b2622489be93cc513db13fd06f8  ad2d9bf7118d10b4f5a9fcbcf2763f45
ssdeep: 384:cMQDBcN/8OPwR2fES1EIRjO6p4ym0kWOzx+lsoQb414I54x1:vQDON//PwRL<BR>SeIVp4F0TOzAlsoQbiqH<BR>
PEiD..: UPX 2.90 [LZMA] -&gt; Markus Oberhumer, Laszlo Molnar &amp; John Reiser

*Добавлено через 10 минут*

Файл D51_1_.exe получен 2009.04.07 05:14:18 (CET)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.04.07	-
AhnLab-V3	5.0.0.2	2009.04.06	Dropper/Agent.15360.I
AntiVir	7.9.0.138	2009.04.06	TR/Drop.Zena.A
Antiy-AVL	2.0.3.1	2009.04.06	-
Authentium	5.1.2.4	2009.04.07	W32/Dropper.AGQO
Avast	4.8.1335.0	2009.04.06	-
AVG	8.5.0.285	2009.04.07	PSW.OnlineGames.BGHS
BitDefender	7.2	2009.04.07	Dropped:Trojan.Generic.1459536
CAT-QuickHeal	10.00	2009.04.06	TrojanDropper.Agent.zje
ClamAV	0.94.1	2009.04.06	-
Comodo	1101	2009.04.06	-
DrWeb	4.44.0.09170	2009.04.07	-
eSafe	7.0.17.0	2009.04.06	-
eTrust-Vet	31.6.6440	2009.04.07	-
F-Prot	4.4.4.56	2009.04.07	W32/Dropper.AGQO
F-Secure	8.0.14470.0	2009.04.07	Trojan-Dropper.Win32.Agent.zje
Fortinet	3.117.0.0	2009.04.07	-
GData	19	2009.04.07	Dropped:Trojan.Generic.1459536
Ikarus	T3.1.1.49.0	2009.04.07	-
K7AntiVirus	7.10.694	2009.04.06	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2009.04.07	Trojan-Dropper.Win32.Agent.zje
McAfee	5576	2009.04.06	-
McAfee+Artemis	5576	2009.04.06	-
McAfee-GW-Edition	6.7.6	2009.04.06	Trojan.Drop.Zena.A
Microsoft	1.4502	2009.04.07	Exploit:Win32/Siveras.E
NOD32	3991	2009.04.07	Win32/TrojanDropper.Agent.ZJE
Norman	6.00.06	2009.04.06	W32/Agent.LTIS.dropper
nProtect	2009.1.8.0	2009.04.07	Trojan-Dropper/W32.Agent.15360.G
Panda	10.0.0.14	2009.04.06	-
PCTools	4.4.2.0	2009.04.06	-
Prevx1	V2	2009.04.07	-
Rising	21.24.10.00	2009.04.07	Trojan.Win32.Undef.soe
Sophos	4.40.0	2009.04.07	Mal/Behav-112
Sunbelt	3.2.1858.2	2009.04.06	-
Symantec	1.4.4.12	2009.04.07	-
TheHacker	6.3.4.0.303	2009.04.07	Trojan/Dropper.Agent.zje
TrendMicro	8.700.0.1004	2009.04.06	PAK_Generic.001
VBA32	3.12.10.2	2009.04.07	Trojan-Dropper.Win32.Agent.zje
ViRobot	2009.4.6.1680	2009.04.06	Trojan.Win32.Agent.15360.AW
VirusBuster	4.6.5.0	2009.04.06	Trojan.DR.Agent.GCWR
```

Дополнительная информация
File size: 15360 bytes
MD5...: 60ed6c46181c2df285719f541ef3dc07
SHA1..: a9fbc6fb501b28d668878e9c61797bcea536d788
SHA256: 632b17dd78ddbff3d587ee47e3b8ae3d6c7750382049fec13c  2e05d148624106
SHA512: 0eb800bba9aa29ad72d7f4390e6ba875d0001978d224ba28c0  0a703d9ad0dabd<BR>74579026e47218bd7d021a3662854318  42d62c7cfa6a587311ae58dec3681735
ssdeep: 384:20Rs1LvqfARgiQGtMFgi+ZxKQ3b8zBXs:200LSfRiQLgi+  ZH86<BR>
PEiD..: Armadillo v1.71

*Добавлено через 4 минуты*

Файл oleadp.dll получен 2009.04.07 05:15:01 (CET)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.04.07	Trojan-Dropper.Agent!IK
AhnLab-V3	5.0.0.2	2009.04.06	-
AntiVir	7.9.0.138	2009.04.06	TR/Small.bbp
Antiy-AVL	2.0.3.1	2009.04.06	Trojan/Win32.Agent
Authentium	5.1.2.4	2009.04.07	W32/Downldr2.FHII
Avast	4.8.1335.0	2009.04.06	Win32:Trojan-gen {Other}
AVG	8.5.0.285	2009.04.07	Downloader.Agent.AQQU
BitDefender	7.2	2009.04.07	Trojan.Generic.1602684
CAT-QuickHeal	10.00	2009.04.06	TrojanDownloader.Agent.atpy
ClamAV	0.94.1	2009.04.06	Trojan.Downloader-62080
Comodo	1101	2009.04.06	TrojWare.Win32.TrojanDownloader.Agent.~AGW
DrWeb	4.44.0.09170	2009.04.07	DLOADER.Trojan
eSafe	7.0.17.0	2009.04.06	Win32.TRSmall.bbp
eTrust-Vet	31.6.6440	2009.04.07	Win32/SillyDl.GMQ
F-Prot	4.4.4.56	2009.04.07	W32/Downldr2.FHII
F-Secure	8.0.14470.0	2009.04.07	Trojan-Downloader.Win32.Agent.atpy
Fortinet	3.117.0.0	2009.04.07	W32/Agent.ATPY!tr.dldr
GData	19	2009.04.07	Trojan.Generic.1602684
Ikarus	T3.1.1.49.0	2009.04.07	Trojan-Dropper.Agent
K7AntiVirus	7.10.694	2009.04.06	Trojan-Downloader.Win32.Agent.atpy
Kaspersky	7.0.0.125	2009.04.07	Trojan-Downloader.Win32.Agent.atpy
McAfee	5576	2009.04.06	Generic Downloader.x
McAfee+Artemis	5576	2009.04.06	Generic Downloader.x
McAfee-GW-Edition	6.7.6	2009.04.06	Trojan.Small.bbp
Microsoft	1.4502	2009.04.07	TrojanDownloader:Win32/Agent.YD
NOD32	3991	2009.04.07	Win32/Agent.ONC
Norman	6.00.06	2009.04.06	W32/Agent.LUMN
nProtect	2009.1.8.0	2009.04.07	Trojan-Downloader/W32.Agent.22016.AY
Panda	10.0.0.14	2009.04.06	Trj/Downloader.MDW
PCTools	4.4.2.0	2009.04.06	Trojan-Downloader.Agent!sd6
Prevx1	V2	2009.04.07	High Risk Worm
Rising	21.24.10.00	2009.04.07	Trojan.Win32.Undef.vbf
Sophos	4.40.0	2009.04.07	-
Sunbelt	3.2.1858.2	2009.04.06	Trojan-Downloader.Win32.Agent.atpy
Symantec	1.4.4.12	2009.04.07	Trojan Horse
TheHacker	6.3.4.0.303	2009.04.07	Trojan/Downloader.Agent.atpy
TrendMicro	8.700.0.1004	2009.04.06	-
VBA32	3.12.10.2	2009.04.07	Win32.Agent.ONC
ViRobot	2009.4.6.1680	2009.04.06	-
VirusBuster	4.6.5.0	2009.04.06	Trojan.DL.Agent.IQPW

```

Дополнительная информация
File size: 22016 bytes
MD5...: 9ec06018e2a05e3851386959fde7aa91
SHA1..: a9fb4c9fcd54c2c13f1be33a40a242717998fc3f
SHA256: 88ab242f80ed5cfc01de25ec6d77fdc79ae2fc28a6d271d653  884757c34f872c
SHA512: ffaf5ed79d443eeb6f1406d6cf4d691a55744c2e63cfdb4bff  e92feee719fdf0<BR>5382f2c15c08fd69c81c56caaa48b55d  a2aa6c0a443bd841d6bec8b74edc5b80
ssdeep: 384:6tNZ/z4wmn8caDy8D/QW4YqPnEKzwFbL4HPx21VyHPWvyWNdaeI:6tNZ/z49<BR>kDo9xEiTHPgUH0J4e<BR>
PEiD..: Armadillo v1.xx - v2.xx

*Добавлено через 1 минуту*

Файл D9C002DD.dll получен 2009.04.07 05 :20: 07 (CET)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.04.07	Generic.Onlinegames!IK
AhnLab-V3	5.0.0.2	2009.04.06	-
AntiVir	7.9.0.138	2009.04.06	TR/Spy.Gen
Antiy-AVL	2.0.3.1	2009.04.06	-
Authentium	5.1.2.4	2009.04.07	W32/OnlineGames.CA.gen!Eldorado
Avast	4.8.1335.0	2009.04.06	Win32:Agent-ACMH
AVG	8.5.0.285	2009.04.07	PSW.OnlineGames3.ARG
BitDefender	7.2	2009.04.07	Generic.Onlinegames.14.8518F76E
CAT-QuickHeal	10.00	2009.04.06	-
ClamAV	0.94.1	2009.04.06	-
Comodo	1101	2009.04.06	-
DrWeb	4.44.0.09170	2009.04.07	-
eSafe	7.0.17.0	2009.04.06	Win32.TRSpy
eTrust-Vet	31.6.6440	2009.04.07	Win32/Gamepass!generic
F-Prot	4.4.4.56	2009.04.07	W32/OnlineGames.CA.gen!Eldorado
F-Secure	8.0.14470.0	2009.04.07	Trojan-GameThief.Win32.Magania.ayej
Fortinet	3.117.0.0	2009.04.07	W32/OnlineGames.MIG!tr.pws
GData	19	2009.04.07	Generic.Onlinegames.14.8518F76E
Ikarus	T3.1.1.49.0	2009.04.07	Generic.Onlinegames
K7AntiVirus	7.10.694	2009.04.06	Trojan-PSW.Win32.Magania.ayej
Kaspersky	7.0.0.125	2009.04.07	Trojan-GameThief.Win32.Magania.ayej
McAfee	5576	2009.04.06	-
McAfee+Artemis	5576	2009.04.06	Generic!Artemis
McAfee-GW-Edition	6.7.6	2009.04.06	Trojan.Spy.Gen
Microsoft	1.4502	2009.04.07	PWS:Win32/OnLineGames.CP
NOD32	3991	2009.04.07	probably a variant of Win32/PSW.OnLineGames.NRD
Norman	6.00.06	2009.04.06	-
nProtect	2009.1.8.0	2009.04.07	-
Panda	10.0.0.14	2009.04.06	-
Prevx1	V2	2009.04.07	High Risk Fraudulent Security Program
Rising	21.24.10.00	2009.04.07	Trojan.PSW.Win32.Undef.bcn
Sophos	4.40.0	2009.04.07	Troj/LdPinch-SE
Sunbelt	3.2.1858.2	2009.04.06	-
Symantec	1.4.4.12	2009.04.07	Infostealer.Gampass
TheHacker	6.3.4.0.303	2009.04.07	Trojan/Magania.ayej
TrendMicro	8.700.0.1004	2009.04.06	Mal_OLGM-23
VBA32	3.12.10.2	2009.04.07	Malware-Dropper.Win32.Inject.gen
ViRobot	2009.4.6.1680	2009.04.06	-
VirusBuster	4.6.5.0	2009.04.06	-
```

Дополнительная информация
File size: 220262 bytes
MD5...: bf332508508a665c2f9c71b855291772
SHA1..: a43d9b9185594c43475214295c096a7872f07a69
SHA256: 7654c35f26bbae3bf8ff8673e243c351ac3dd7641efecc28d8  ea38e4fe63eaf6
SHA512: 282bc26860d1a497e2eed982e3cadaa1cd16995c6a247d5c3c  054146a1c2cfba<BR>c0f4dd78617799ad362b2290ec182d27  9f715ae6380e3bf3e29b9452f8585f22
ssdeep: 192:MeUH36HA2Y+Y8tG1Eaag1b3DgngOzqryaD3kzGQ6dA30nY  YsG/OBLa09R+UJ<BR>n:Mec36TQEaa+8gO2dAKvd2pG/OBD3Tn<BR>
PEiD..: -

*Добавлено через 5 минут*

Файл MB29kg.EXE получен 2009.04.07 05:26:48 (CET)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.04.07	Backdoor.Win32.Agobot!IK
AhnLab-V3	5.0.0.2	2009.04.06	-
AntiVir	7.9.0.138	2009.04.06	-
Antiy-AVL	2.0.3.1	2009.04.06	-
Authentium	5.1.2.4	2009.04.07	W32/Heuristic-210!Eldorado
Avast	4.8.1335.0	2009.04.06	-
AVG	8.5.0.285	2009.04.07	-
BitDefender	7.2	2009.04.07	-
CAT-QuickHeal	10.00	2009.04.06	(Suspicious) - DNAScan
ClamAV	0.94.1	2009.04.06	-
Comodo	1101	2009.04.06	-
DrWeb	4.44.0.09170	2009.04.07	-
eSafe	7.0.17.0	2009.04.06	Suspicious File
eTrust-Vet	31.6.6440	2009.04.07	-
F-Prot	4.4.4.56	2009.04.07	W32/Heuristic-210!Eldorado
F-Secure	8.0.14470.0	2009.04.07	-
Fortinet	3.117.0.0	2009.04.07	-
GData	19	2009.04.07	-
Ikarus	T3.1.1.49.0	2009.04.07	Backdoor.Win32.Agobot
K7AntiVirus	7.10.694	2009.04.06	-
Kaspersky	7.0.0.125	2009.04.07	-
McAfee	5576	2009.04.06	-
McAfee+Artemis	5576	2009.04.06	-
McAfee-GW-Edition	6.7.6	2009.04.06	-
Microsoft	1.4502	2009.04.07	-
NOD32	3991	2009.04.07	-
Norman	6.00.06	2009.04.06	-
nProtect	2009.1.8.0	2009.04.07	-
Panda	10.0.0.14	2009.04.06	-
PCTools	4.4.2.0	2009.04.06	-
Prevx1	V2	2009.04.07	-
Rising	21.24.10.00	2009.04.07	-
Sophos	4.40.0	2009.04.07	Sus/ComPack-C
Sunbelt	3.2.1858.2	2009.04.06	VIPRE.Suspicious
Symantec	1.4.4.12	2009.04.07	-
TheHacker	6.3.4.0.303	2009.04.07	W32/Behav-Heuristic-066
TrendMicro	8.700.0.1004	2009.04.06	PAK_Generic.001
VBA32	3.12.10.2	2009.04.07	-
ViRobot	2009.4.6.1680	2009.04.06	-
VirusBuster	4.6.5.0	2009.04.06	-
```

Дополнительная информация
File size: 33280 bytes
MD5...: e971a74fff55c8a03b442e347418ca44
SHA1..: 2e0aa84614aff0841821503388f4c7626a27cb56
SHA256: b88153e71f4f6d5f64e7273c6368535c7fe2133c03562f1d17  5c29f21c07cd4b
SHA512: 13bc982455bc910a1f64e529ccdb611630f6be9d1dbbecdf71  56dd0f6ad7f8e5<BR>3d610abcdba89c9f04916ece68d9d5fc  0ea6eeea8c0c096d25dd9bbf481b8681
ssdeep: 768 :Shocked: 1H+8TAC5TcP0P8lypWkcVXJgqUdsuQVLjq+UumnBrjVIJ8oNDv  x :Shocked: 1PTb0l<BR>G8XJgoVPjqBrjVIHDvx<BR>
PEiD..: -

*Добавлено через 1 час 39 минут*

Файл Dc1.dll получен 2009.04.07 07:02:45 (CET)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.04.07	Trojan.Horse.Pws.Ldpinch.DQY!IK
AhnLab-V3	5.0.0.2	2009.04.06	Win-Trojan/LdPinch.26112.BW
AntiVir	7.9.0.138	2009.04.06	-
Antiy-AVL	2.0.3.1	2009.04.06	-
Authentium	5.1.2.4	2009.04.07	W32/Trojan.BPOL
Avast	4.8.1335.0	2009.04.06	-
AVG	8.5.0.285	2009.04.07	-
BitDefender	7.2	2009.04.07	Trojan.Horse.Pws.Ldpinch.DQY
CAT-QuickHeal	10.00	2009.04.06	-
ClamAV	0.94.1	2009.04.07	Trojan.PWS.LdPinch.DQY
Comodo	1101	2009.04.06	Unclassified Malware
DrWeb	4.44.0.09170	2009.04.07	-
eSafe	7.0.17.0	2009.04.06	Suspicious File
eTrust-Vet	31.6.6440	2009.04.07	Win32/VMalum.ABBN
F-Prot	4.4.4.56	2009.04.07	W32/Trojan.BPOL
F-Secure	8.0.14470.0	2009.04.07	-
Fortinet	3.117.0.0	2009.04.07	PossibleThreat
GData	19	2009.04.07	Trojan.Horse.Pws.Ldpinch.DQY
Ikarus	T3.1.1.49.0	2009.04.07	Trojan.Horse.Pws.Ldpinch.DQY
K7AntiVirus	7.10.694	2009.04.06	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2009.04.07	-
McAfee	5576	2009.04.06	Generic.dx
McAfee+Artemis	5576	2009.04.06	Generic.dx
McAfee-GW-Edition	6.7.6	2009.04.06	-
Microsoft	1.4502	2009.04.07	-
NOD32	3991	2009.04.07	-
Norman	6.00.06	2009.04.06	W32/LdPinch.IYH
nProtect	2009.1.8.0	2009.04.07	Trojan-PWS/W32.LdPinch.26112.C
Panda	10.0.0.14	2009.04.06	-
PCTools	4.4.2.0	2009.04.06	Trojan.Agent.DXEG
Prevx1	V2	2009.04.07	High Risk Information Stealer
Rising	21.24.10.00	2009.04.07	Trojan.PSW.Win32.LdPinch.rat
Sophos	4.40.0	2009.04.07	-
Sunbelt	3.2.1858.2	2009.04.06	Trojan.Horse.Pws.Ldpinch.DQY
Symantec	1.4.4.12	2009.04.07	Infostealer
TheHacker	6.3.4.0.303	2009.04.07	-
TrendMicro	8.700.0.1004	2009.04.07	PAK_Generic.001
VBA32	3.12.10.2	2009.04.07	-
ViRobot	2009.4.7.1681	2009.04.07	-
VirusBuster	4.6.5.0	2009.04.06	Trojan.Agent.DXEG
```

Дополнительная информация
File size: 26112 bytes
MD5...: 32f93c22f79f6658721e82e55f31006a
SHA1..: bbcd66ac2e2298f06d245c0c6ba6fa5ac7cb0857
SHA256: bdfa01e0831c33b13b39bf8fb810bb2b401f703cccb9f5a590  ae89b74af9973f
SHA512: 3de27ce23db3fa0bf6bb0363fe2bc3d52d6df9c728456f8496  cfc8f83eb9a7c8<BR>e5b14d8a964bfcfacf008b3d9f81a381  7f75d08ca249e891b1886e00246bfd20
ssdeep: 384:vZmwHCvIsmQsp3dLTouFEVimS6LTswyuYjNTlcZSGhOFXS  b9n7:vZmVveQsZ<BR>dvxIi/biAFCbp<BR>
PEiD..: -

----------


## Kuzz

Файл avz00001.dta получен 2009.04.08 14:10:46 (CET)
Текущий статус: закончено
Результат: 8/40 (20%)


```
Антивирус 	Версия 	Обновление 	Результат
a-squared	4.0.0.101	2009.04.08	-
AhnLab-V3	5.0.0.2	2009.04.08	-
AntiVir	7.9.0.138	2009.04.08	-
Antiy-AVL	2.0.3.1	2009.04.08	Backdoor/Win32.KeyStart
Authentium	5.1.2.4	2009.04.08	W32/Damaged_File.gen!Eldorado
Avast	4.8.1335.0	2009.04.07	-
AVG	8.5.0.285	2009.04.08	-
BitDefender	7.2	2009.04.08	-
CAT-QuickHeal	10.00	2009.04.08	-
ClamAV	0.94.1	2009.04.08	-
Comodo	1105	2009.04.08	-
DrWeb	4.44.0.09170	2009.04.08	Trojan.DownLoad.31797
eSafe	7.0.17.0	2009.04.07	Suspicious File
eTrust-Vet	31.6.6444	2009.04.08	-
F-Prot	4.4.4.56	2009.04.08	W32/Damaged_File.gen!Eldorado
F-Secure	8.0.14470.0	2009.04.08	-
Fortinet	3.117.0.0	2009.04.08	-
GData	19	2009.04.08	-
Ikarus	T3.1.1.49.0	2009.04.08	-
K7AntiVirus	7.10.695	2009.04.07	-
Kaspersky	7.0.0.125	2009.04.08	-
McAfee	5577	2009.04.07	-
McAfee+Artemis	5577	2009.04.07	-
McAfee-GW-Edition	6.7.6	2009.04.08	Win32.Malware.dam (suspicious)
Microsoft	1.4502	2009.04.08	-
NOD32	3994	2009.04.07	-
Norman	6.00.06	2009.04.08	-
nProtect	2009.1.8.0	2009.04.08	-
Panda	10.0.0.14	2009.04.07	-
PCTools	4.4.2.0	2009.04.07	-
Prevx1	V2	2009.04.08	-
Rising	21.24.22.00	2009.04.08	-
Sophos	4.40.0	2009.04.08	-
Sunbelt	3.2.1858.2	2009.04.08	VIPRE.Suspicious
Symantec	1.4.4.12	2009.04.08	Suspicious.MH690.A
TheHacker	6.3.4.0.303	2009.04.08	-
TrendMicro	8.700.0.1004	2009.04.08	-
VBA32	3.12.10.2	2009.04.08	-
ViRobot	2009.4.7.1684	2009.04.08	-
VirusBuster	4.6.5.0	2009.04.07	-
```

Дополнительная информация
File size: 70722 bytes
MD5...: 88b7e71e3f16a3b1951af96a4fcd0a3b
SHA1..: 78ce49106664b3f0423d6352c26947a496dbe72b
SHA256: 62c390e08ab7168b88eb9701a72d26bb0fe67e47ca9a7aaf3a  612be1d5bcf102
SHA512: f75b65fd88017a4b0b92ffbdb58005dc071c660f88e49a9a89  4902ca455226d1
9d7a6292da7ed63aaddab8758f8d2678b348be9cdf0c1ecc83  4b0baaa9413986
ssdeep: 1536:Q6ybwt5R4uxGUex9IElFoEyPo0JF4W7R2ltXD+LKibO:C  bwtL4uwbxCStyv
FRglUE
PEiD..: -

*Добавлено через 3 минуты*

Файл avz00002.dta получен 2009.04.08 14:10:55 (CET)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.04.08	Trojan-Spy.Finanz.J!IK
AhnLab-V3	5.0.0.2	2009.04.08	-
AntiVir	7.9.0.138	2009.04.08	TR/Dldr.Age.orh.1.A
Antiy-AVL	2.0.3.1	2009.04.08	-
Authentium	5.1.2.4	2009.04.08	-
Avast	4.8.1335.0	2009.04.07	-
AVG	8.5.0.285	2009.04.08	-
BitDefender	7.2	2009.04.08	-
CAT-QuickHeal	10.00	2009.04.08	-
ClamAV	0.94.1	2009.04.08	-
Comodo	1105	2009.04.08	-
DrWeb	4.44.0.09170	2009.04.08	-
eSafe	7.0.17.0	2009.04.07	Suspicious File
eTrust-Vet	31.6.6444	2009.04.08	-
F-Prot	4.4.4.56	2009.04.08	-
F-Secure	8.0.14470.0	2009.04.08	-
Fortinet	3.117.0.0	2009.04.08	-
GData	19	2009.04.08	-
Ikarus	T3.1.1.49.0	2009.04.08	Trojan-Spy.Finanz.J
K7AntiVirus	7.10.695	2009.04.07	-
Kaspersky	7.0.0.125	2009.04.08	-
McAfee	5577	2009.04.07	Downloader-BAR
McAfee+Artemis	5577	2009.04.07	Generic!Artemis
McAfee-GW-Edition	6.7.6	2009.04.08	Trojan.Dldr.Age.orh.1.A
Microsoft	1.4502	2009.04.08	TrojanDownloader:Win32/Slupim.B
NOD32	3994	2009.04.07	-
Norman	6.00.06	2009.04.08	-
nProtect	2009.1.8.0	2009.04.08	-
Panda	10.0.0.14	2009.04.07	-
PCTools	4.4.2.0	2009.04.07	-
Prevx1	V2	2009.04.08	Medium Risk Malware
Rising	21.24.22.00	2009.04.08	-
Sophos	4.40.0	2009.04.08	Mal/Generic-A
Sunbelt	3.2.1858.2	2009.04.08	-
Symantec	1.4.4.12	2009.04.08	Downloader
TheHacker	6.3.4.0.303	2009.04.08	-
TrendMicro	8.700.0.1004	2009.04.08	PAK_Generic.001
VBA32	3.12.10.2	2009.04.08	-
ViRobot	2009.4.7.1684	2009.04.08	-
VirusBuster	4.6.5.0	2009.04.07	-
```

Дополнительная информация
File size: 33280 bytes
MD5...: 9e1715c7898a8cd97a162711886989dc
SHA1..: 7777b0cc0bc5894aba0bbcf7bb76f501e58056dd
SHA256: 20adffebe69bf64ea0ec708335a357ff423258733bead565cc  6489277beadfa7
SHA512: add645ddc6629446aab0313f6a4587a9887479be830e0417e3  ddabcf3dd6f606<br>9ffd3c395c79e45e418f77df42344afe  f13895311ff7dcf17b8fcdc331a7a090
ssdeep: 768:MghekVD4bDLwkXL621bClvRt+ki4Xl5i/2AQxyBr:MWHVcbfjLh1bIptni4X<br>Li/2H<br>
PEiD..: -

*Добавлено через 2 минуты*

Файл avz00008.dta получен 2009.04.08 14:13:43 (CET)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.04.08	-
AhnLab-V3	5.0.0.2	2009.04.08	-
AntiVir	7.9.0.138	2009.04.08	HEUR/Malware
Antiy-AVL	2.0.3.1	2009.04.08	-
Authentium	5.1.2.4	2009.04.08	-
Avast	4.8.1335.0	2009.04.07	-
AVG	8.5.0.285	2009.04.08	-
BitDefender	7.2	2009.04.08	BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal	10.00	2009.04.08	-
ClamAV	0.94.1	2009.04.08	-
Comodo	1105	2009.04.08	-
DrWeb	4.44.0.09170	2009.04.08	-
eSafe	7.0.17.0	2009.04.07	Suspicious File
eTrust-Vet	31.6.6444	2009.04.08	-
F-Prot	4.4.4.56	2009.04.08	-
F-Secure	8.0.14470.0	2009.04.08	-
Fortinet	3.117.0.0	2009.04.08	-
GData	19	2009.04.08	BehavesLike:Win32.ExplorerHijack
Ikarus	T3.1.1.49.0	2009.04.08	-
K7AntiVirus	7.10.695	2009.04.07	-
Kaspersky	7.0.0.125	2009.04.08	Heur.Trojan.Generic
McAfee	5577	2009.04.07	-
McAfee+Artemis	5577	2009.04.07	-
McAfee-GW-Edition	6.7.6	2009.04.08	Heuristic.Malware
Microsoft	1.4502	2009.04.08	-
NOD32	3994	2009.04.07	-
Norman	6.00.06	2009.04.08	-
nProtect	2009.1.8.0	2009.04.08	-
Panda	10.0.0.14	2009.04.07	-
PCTools	4.4.2.0	2009.04.07	-
Prevx1	V2	2009.04.08	High Risk Cloaked Malware
Rising	21.24.22.00	2009.04.08	-
Sophos	4.40.0	2009.04.08	-
Sunbelt	3.2.1858.2	2009.04.08	-
Symantec	1.4.4.12	2009.04.08	-
TheHacker	6.3.4.0.303	2009.04.08	-
TrendMicro	8.700.0.1004	2009.04.08	PAK_Generic.001
VBA32	3.12.10.2	2009.04.08	-
ViRobot	2009.4.7.1684	2009.04.08	-
VirusBuster	4.6.5.0	2009.04.07	-
```

Дополнительная информация
File size: 61952 bytes
MD5...: 6dc3e5662cfc21669bb56bc99ff80060
SHA1..: f054eade47d031d80e5dd2737442a014cf157433
SHA256: f63f22ed4d5ac8e7c6db26b17aeb8f7cb4c5994de1ba486757  7bd63fdd5b0926
SHA512: 2b86681ef5cf71553da6a5834ad815f72fae38ed38fd691151  d4c79d7f6ab3fe<br>ebf79e7834c4902dc08d00ede69f7701  9366dd7d22e8a1626897bf24bf18e11a
ssdeep: 1536:NBEb/fUusufovK9D0OJkncY3tzQuAPRjCenGkolgRA:NBEb/suNQA6nxt/A<br>pjCkXJu<br>
PEiD..: UPX 2.90 [LZMA] -&gt; Markus Oberhumer, Laszlo Molnar &amp; John Reiser

----------


## senyak

Файл __________.jar.jar получен 2009.04.08 17:25:21 (CET)
Текущий статус: закончено
Результат: 8/40 (20.00%)



> Результат: 8/40 (20%)
> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.04.08	Trojan-SMS!IK*
> AhnLab-V3	5.0.0.2	2009.04.08	-
> *AntiVir	7.9.0.138	2009.04.08	JAVA/SMS.Konov.e
> Antiy-AVL	2.0.3.1	2009.04.08	Trojan/J2ME.Konov*
> Authentium	5.1.2.4	2009.04.08	-
> Avast	4.8.1335.0	2009.04.08	-
> AVG	8.5.0.285	2009.04.08	-
> ...


Дополнительная информация
File size: 2366 bytes
MD5...: bef6ca276e3cef380b163c22a119e14c
SHA1..: 6b81c2d01e9fe4dfded625e12be770d7bbdf952c
SHA256: 934fb9228051fa17ae23c39e614f636402f87f2b1bb886a997  381a0964e2f475
SHA512: a217a183c5952e164e93045db0c03c5d26dfa25481b174a87c  491bd835b155fa
64deb241673056fe5c14dc070666130c214d00b97bd499e26e  e8b0be91f4e92c
ssdeep: 48:51FTQo0tOURs9y3VeiTEzrTnHOCmmJwLnDfTBEm7 :Lipsrsealed: FTiOURs9qVeiT6THmX3
J
PEiD..: -
TrID..: File type identification
Java Archive (78.2%)
ZIP compressed archive (21.5%)
Sybase iAnywhere database files (0.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: -
RDS...: NSRL Reference Data Set
-

----------


## senyak

Файл system32.vbs получен 2009.04.11 02:04:48 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 16/40 (40%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.04.11	Trojan.VBS.KillFiles!IK*
> AhnLab-V3	5.0.0.2	2009.04.10	-
> *AntiVir	7.9.0.138	2009.04.10	VBS/KillFiles.U
> Antiy-AVL	2.0.3.1	2009.04.10	Trojan/VBS.Disabler
> Authentium	5.1.2.4	2009.04.10	VBS/KillFil.U
> Avast	4.8.1335.0	2009.04.10	VBSjuka-A
> AVG	8.5.0.285	2009.04.10	VBS/Agent*
> BitDefender	7.2	2009.04.11	-
> ...


Дополнительная информация
File size: 7554 bytes
MD5...: f990e831063777c40c6826eb49824986
SHA1..: cb901d7c022d02078cf76f319f5519e41cbd75ed
SHA256: fcac063882593e4809163985420da76021f8e4fe45a036b879  b5f708bedeca8d
SHA512: 79a3bd8dd8d4c3e83202755b844b0b7d14d76911572dba7cba  ce3dcf131e2dd2
28f1a45243e5c5263332062b9456d114392f823287c23a60fa  708d2de5ae0b1b
ssdeep: 96:unqEsuV2EsV2EFb2GRdU6MtMoas4rYiHn7feAYIc6CMlBz/fNIDIS5deIHyyG
Kq3:uH2/2IUNm4UqgMF0CHztc/0QJF
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
RDS...: NSRL Reference Data Set




Файл Datren.com получен 2009.04.11 02:07:53 (CET)
Текущий статус: Закончено 
Результат: 11/39 (28.21%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.04.11	Trojan.BAT.KillFiles!IK*
> AhnLab-V3	5.0.0.2	2009.04.10	-
> *AntiVir	7.9.0.138	2009.04.10	BDS/Killfiles.FW
> Antiy-AVL	2.0.3.1	2009.04.10	Trojan/BAT.KillFiles*
> Authentium	5.1.2.4	2009.04.10	-
> Avast	4.8.1335.0	2009.04.10	-
> AVG	8.5.0.285	2009.04.10	-
> BitDefender	7.2	2009.04.11	-
> ...

----------


## senyak

Файл codec.exe получен 2009.04.11 20:26:58 (CET)
Текущий статус: Закончено



> Результат: 14/40 (35%)
> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.04.11	-
> AhnLab-V3	5.0.0.2	2009.04.11	-
> *AntiVir	7.9.0.138	2009.04.11	TR/Dldr.Agent.bqxq*
> Antiy-AVL	2.0.3.1	2009.04.11	-
> Authentium	5.1.2.4	2009.04.11	-
> Avast	4.8.1335.0	2009.04.10	-
> *AVG	8.5.0.285	2009.04.11	Win32/Heur
> ...


Дополнительная информация
File size: 106499 bytes
MD5...: 8aaa3a771b8d223ad587875dac6c82ac
SHA1..: 48416374c9f692b355ad50bd7ee7c41d866f1e7b
SHA256: 6d6368088c1f2e028342ddbf2409f2cf094b3e5ecedb3c4f59  e13fd70c6c2b89
SHA512: a52dc8e212d714a3304adeeb7f8538afc1209a9796cd17e7cd  d5e31b1443ccc6
c07816f893eb3effad1d8976ffa9453e743bb4d1b6ca259569  8b0c2dbcceda50
ssdeep: 3072:j7EE/Iufd4dhGH2Ha3sFVsmT9IN/ai9X3kuy:j7E+fdxyssLBYM
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

*Добавлено через 6 часов 3 минуты*

Файл _________________________________ получен 2009.04.12 01:51:12 (CET)
Текущий статус: Закончено
Результат: 17/40 (42.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.04.12	Trojan-Clicker.JS.Agent.h!IK*
> AhnLab-V3	5.0.0.2	2009.04.11	-
> *AntiVir	7.9.0.138	2009.04.11	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.1	2009.04.11	-
> Authentium	5.1.2.4	2009.04.11	-
> *Avast	4.8.1335.0	2009.04.11	HTML:Iframe-inf
> AVG	8.5.0.285	2009.04.11	JS/Downloader.Agen*t
> BitDefender	7.2	2009.04.12	-
> ...


Дополнительная информация
File size: 1731 bytes
MD5...: e7d92c8f8fa5b347dd1cf068501e0eea
SHA1..: 623912671069117568d20b850b3424f46f83063a
SHA256: edc7fe75ef8392fad84b256e6145b7eba31017a32eab01f5b3  26ea288c523b6c
SHA512: b6b2a2fd237b0e6f5123aed7b0ffd3e343b9918d936cc76424  ece6ffa143c3e0
924c634f5eaf5c0d1e423cfeb25cd22ecce68f1f90b7eccd2a  0e475761be18f5
ssdeep: 48:f+LVIrRo7kB+swHyfMI3/nWlBY08rMWFQ+ez:fG8R/nkyL3PWMMWwz
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
RDS...: NSRL Reference Data Set

----------


## vlad179

Файл a получен 2009.04.12 05:51:23 (CET)

Результат: 11/40 (27.5%) 
 Форматированные 
Печать результатов  

```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.04.12 Trojan-Downloader.JS.Psyme.cv!IK
AhnLab-V3	5.0.0.2	2009.04.11	-
AntiVir	7.9.0.138	2009.04.11	HTML/Crypted.Gen
Antiy-AVL	2.0.3.1	2009.04.12	-
Authentium	5.1.2.4	2009.04.11	-
Avast	4.8.1335.0	2009.04.11	-
AVG	8.5.0.285	2009.04.11	JS/Downloader.Agent
BitDefender	7.2	2009.04.12	-
CAT-QuickHeal	10.00	2009.04.10	-
ClamAV	0.94.1	2009.04.12	-
Comodo	1110	2009.04.11	-
DrWeb	4.44.0.09170	2009.04.11	VBS.Psyme.377
eSafe	7.0.17.0	2009.04.07	-
eTrust-Vet	31.6.6450	2009.04.11	-
F-Prot	4.4.4.56	2009.04.11	-
F-Secure	8.0.14470.0	2009.04.11	Trojan-Downloader.JS.Iframe.arf
Fortinet	3.117.0.0	2009.04.11	-
GData	19	2009.04.12	-
Ikarus	T3.1.1.49.0	2009.04.12	Trojan-Downloader.JS.Psyme.cv
K7AntiVirus	7.10.700	2009.04.11	-
Kaspersky	7.0.0.125	2009.04.12	Trojan-Downloader.JS.Iframe.arf
McAfee	5581	2009.04.11	JS/Wonka
McAfee+Artemis	5581	2009.04.11	JS/Wonka
McAfee-GW-Edition	6.7.6	2009.04.11	Heuristic.Script.Crypted
Microsoft	1.4502	2009.04.11	-
NOD32	4002	2009.04.11	-
Norman	6.00.06	2009.04.09	-
nProtect	2009.1.8.0	2009.04.12	-
Panda	10.0.0.14	2009.04.11	-
PCTools	4.4.2.0	2009.04.08	-
Prevx1	V2	2009.04.12	-
Rising	21.24.60.00	2009.04.12	-
Sophos	4.40.0	2009.04.12	-
Sunbelt	3.2.1858.2	2009.04.11	Trojan-Clicker.HTML.IFrame.gen (v)
Symantec	1.4.4.12	2009.04.12	-
TheHacker	6.3.4.0.305	2009.04.11	-
TrendMicro	8.700.0.1004	2009.04.10	-
VBA32	3.12.10.2	2009.04.12	-
ViRobot	2009.4.10.1688	2009.04.10	-
VirusBuster	4.6.5.0	2009.04.11	-
```

File size: 1549 bytes
MD5...: 7f4e8243134674c085a634ac5e55f99a
SHA1..: 2e45e93b83d33f93dc8bc1842f8f64647925be23
SHA256: ef507f7328beb544db81d52935d982c67099a6874c39bfafaf  10acedebbe50e3
SHA512: 571344b99bb358b4cbbbc11480c5702143bbd54f2e580beda3  e8586f157cae4e
ad0fe3c6d05b3141b7c52e96127ff70d2df7d53e1fef6e815c  f435d347150bea
ssdeep: 24:gcWnHtnI0dNbeYh5zox64JWTXBU7Me49kCqvzocc7TvQ3pp  nEGWYWSjhHQG1Q
/NV:gc4IaxeepoLWTXB09LozX4U7YHX1QlVj
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
RDS...: NSRL Reference Data Set

----------


## ISO

Прислали ссылку в ICQ 



> Привет!Новый Jimm c новыми функциями и уменьшенным потреблением 
> траффика.


File Jimm_aspro_FIX.jar received on 04.13.2009 17:57:20 (CET)




```
Antivirus 	Version 	Last Update 	Result
a-squared	4.0.0.101	2009.04.13	Riskware.RiskTool.J2ME!IK
AhnLab-V3	5.0.0.2	2009.04.13	-
AntiVir	7.9.0.138	2009.04.13	-
Antiy-AVL	2.0.3.1	2009.04.13	-
Authentium	5.1.2.4	2009.04.13	-
Avast	4.8.1335.0	2009.04.13	-
AVG	8.5.0.285	2009.04.13	-
BitDefender	7.2	2009.04.13	-
CAT-QuickHeal	10.00	2009.04.13	-
ClamAV	0.94.1	2009.04.13	-
Comodo	1112	2009.04.13	-
DrWeb	4.44.0.09170	2009.04.13	-
eSafe	7.0.17.0	2009.04.13	-
eTrust-Vet	31.6.6453	2009.04.13	-
F-Prot	4.4.4.56	2009.04.11	-
F-Secure	8.0.14470.0	2009.04.13	RiskTool.J2ME.SMSreg.b
Fortinet	3.117.0.0	2009.04.13	-
GData	19	2009.04.13	-
Ikarus	T3.1.1.49.0	2009.04.13	not-a-virus:RiskTool.J2ME
K7AntiVirus	7.10.700	2009.04.11	-
Kaspersky	7.0.0.125	2009.04.13	not-a-virus:RiskTool.J2ME.SMSreg.b
McAfee	5583	2009.04.13	-
McAfee+Artemis	5583	2009.04.13	-
McAfee-GW-Edition	6.7.6	2009.04.13	-
Microsoft	1.4502	2009.04.13	-
NOD32	4004	2009.04.13	-
Norman	6.00.06	2009.04.13	-
nProtect	2009.1.8.0	2009.04.13	-
Panda	10.0.0.14	2009.04.13	-
PCTools	4.4.2.0	2009.04.08	-
Prevx1	V2	2009.04.13	-
Rising	21.25.04.00	2009.04.13	-
Sophos	4.40.0	2009.04.13	-
Sunbelt	3.2.1858.2	2009.04.12	-
Symantec	1.4.4.12	2009.04.13	-
TheHacker	6.3.4.0.306	2009.04.12	-
TrendMicro	8.700.0.1004	2009.04.13	-
VBA32	3.12.10.2	2009.04.12	-
ViRobot	2009.4.13.1690	2009.04.13	-
VirusBuster	4.6.5.0	2009.04.12	-
```

Additional information
File size: 115340 bytes
MD5...: 363e6ac5d28abd06ac0bd7c4c1b80eb9
SHA1..: 3e42a10bd76253b3ac8c8b60aadff65489311c4a
SHA256: 313529b483e47b9f3cf6e49503fc9abba0b4f94f675b6d9a82  ac24511783ef1f
SHA512: 0c1697a5000ce5941b15090564d62abfd500c363363edf70fa  02df20ce2f5767
5c4f886b1635fd0381195f54a7df88fe17162bf99695374f8e  3a1e58f3a6abca
ssdeep: 1536:0zETyjVPxLgXLYECpYJX6ihRwZUMwnImJzAWZ6pPI65lq  l2turtVLG36uM5
Dw3OW:NEikXQqih6ZUxnpJM26FlqwwvLGe5057
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
PEInfo: -
RDS...: NSRL Reference Data Set

А теперь ещё и предложение скачать DrWeb для мобильного телефона. :Smiley: 

 File DrWeb.jar received on 04.13.2009 18:30:16 (CET)




```
Antivirus 	Version 	Last Update 	Result
a-squared	4.0.0.101	2009.04.13	Trojan-SMS!IK
AhnLab-V3	5.0.0.2	2009.04.13	-
AntiVir	7.9.0.138	2009.04.13	JAVA/SMS.Smaram.C
Antiy-AVL	2.0.3.1	2009.04.13	-
Authentium	5.1.2.4	2009.04.13	-
Avast	4.8.1335.0	2009.04.13	Other:Malware-gen
AVG	8.5.0.285	2009.04.13	-
BitDefender	7.2	2009.04.13	-
CAT-QuickHeal	10.00	2009.04.13	-
ClamAV	0.94.1	2009.04.13	-
Comodo	1112	2009.04.13	-
DrWeb	4.44.0.09170	2009.04.13	Java.SMSSend.5
eSafe	7.0.17.0	2009.04.13	-
eTrust-Vet	31.6.6453	2009.04.13	-
F-Prot	4.4.4.56	2009.04.13	-
F-Secure	8.0.14470.0	2009.04.13	Trojan-SMS.J2ME.Smarm.c
Fortinet	3.117.0.0	2009.04.13	-
GData	19	2009.04.13	Other:Malware-gen
Ikarus	T3.1.1.49.0	2009.04.13	Trojan-SMS
K7AntiVirus	7.10.700	2009.04.11	-
Kaspersky	7.0.0.125	2009.04.13	Trojan-SMS.J2ME.Smarm.c
McAfee	5583	2009.04.13	-
McAfee+Artemis	5583	2009.04.13	-
McAfee-GW-Edition	6.7.6	2009.04.13	Java.SMS.Smaram.C
Microsoft	1.4502	2009.04.13	-
NOD32	4004	2009.04.13	-
Norman	6.00.06	2009.04.13	-
nProtect	2009.1.8.0	2009.04.13	-
Panda	10.0.0.14	2009.04.13	-
PCTools	4.4.2.0	2009.04.08	-
Prevx1	V2	2009.04.13	High Risk Cloaked Malware
Rising	21.25.04.00	2009.04.13	-
Sophos	4.40.0	2009.04.13	-
Sunbelt	3.2.1858.2	2009.04.12	-
Symantec	1.4.4.12	2009.04.13	-
TheHacker	6.3.4.0.306	2009.04.12	-
TrendMicro	8.700.0.1004	2009.04.13	-
VBA32	3.12.10.2	2009.04.12	-
ViRobot	2009.4.13.1690	2009.04.13	-
VirusBuster	4.6.5.0	2009.04.12	-
```

Additional information
File size: 106796 bytes
MD5...: 8ba96aa0b0d72cd433e6716522cf03f9
SHA1..: 35a2670378c8c93adbbe9f53beaae73d0f0a0316
SHA256: 42201f0de9e0157ef05cf891c814ce9364706f8d05e518e937  34eb18d6499c0a
SHA512: c0f2463a41c81a5befaacf3130dfd26b6c7ac27f09abc4cfd1  163300eafaf5d8
31a20d72ab0ec6194e5e0b27236448ba83413062b206c308aa  9ce29f5eaa14eb
ssdeep: 1536:opV51puBccBcaBcEBcSBccBch4BcdWBchABc9uBchIBc7  U:V1blblRD5jxQ
U
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: -
RDS...: NSRL Reference Data Set

----------


## senyak

Файл jimm.jar получен 2009.04.14 13:44:53 (CET)
Текущий статус: закончено
Результат: 9/40 (22.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.04.14	Trojan-SMS!IK*
> AhnLab-V3	5.0.0.2	2009.04.14	-
> *AntiVir	7.9.0.138	2009.04.14	JAVA/SMS.Konov.e
> Antiy-AVL	2.0.3.1	2009.04.14	Trojan/J2ME.Konov*
> Authentium	5.1.2.4	2009.04.14	-
> Avast	4.8.1335.0	2009.04.13	-
> AVG	8.5.0.285	2009.04.14	-
> BitDefender	7.2	2009.04.14	-
> ...


Дополнительная информация
File size: 122288 bytes
MD5...: 85ad202dc5f11d4112fbb8a3b7e2d41a
SHA1..: 63973875559fa56608c33cb076931b0191c2f803
SHA256: cb3e4f6b10b6a6a0cc24ac7a2c8d85049a17b2921c2c41095c  fd77b8931742dc
SHA512: 54eb4f94831464c7094ff814025e55e26ecf41ff9c4754216e  54469c3979cab1
bf59204688a0ad571edde3574715cf39d7b9f6618cf6454565  9561faecf0cd30
ssdeep: 3072:WXb2OSN/AAdIHggYmoahfEY8EwO9CDVJeDLHSOQ4u31lifHZ:Wr2NN/VIAr
xUFZcJUL3Glih
PEiD..: -
TrID..: File type identification
Java Archive (78.2%)
ZIP compressed archive (21.5%)
Sybase iAnywhere database files (0.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: -
RDS...: NSRL Reference Data Set

*Добавлено через 1 час 11 минут*

Файл servises.exe получен 2009.04.14 15:03:46 (CET)
Текущий статус: закончено
Результат: 6/40 (15%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.04.14	-
> AhnLab-V3	5.0.0.2	2009.04.14	-
> AntiVir	7.9.0.138	2009.04.14	-
> Antiy-AVL	2.0.3.1	2009.04.14	-
> Authentium	5.1.2.4	2009.04.14	-
> Avast	4.8.1335.0	2009.04.14	-
> AVG	8.5.0.285	2009.04.14	-
> BitDefender	7.2	2009.04.14	-
> ...


Дополнительная информация
File size: 46080 bytes
MD5...: e672ffffe0affb7d6f04669dde24f606
SHA1..: e78332688cfa8a62ec9811eaef67f995ad0b1410
SHA256: 855c5b31d7461dd6aad9bd5cd8b6d7d589f524a76daba96794  75aaa7a498d00d
SHA512: cbbdf166091a4a71c4585a52eaa9322c209103e95ada66ccf0  e71eefd95c0a54
9106dcfa78f83de1bf5f754cd11dfeff0a7b68ee838b15c961  745ea903ea7bae
ssdeep: 768:biaOvljgyncACeMCqwbcTXEOIrxHvz6n53sYdHYIIFbkrU  rZih6dT:9Oviyn
cAzLcXEOk6nZ/HYnlkiNZ
PEiD..: -
TrID..: File type identification
Windows Screen Saver (37.1%)
Win32 Executable Generic (24.1%)
Win32 Dynamic Link Library (generic) (21.4%)
Clipper DOS Executable (5.7%)
Generic Win/DOS Executable (5.6%)
PEInfo: PE Structure information

----------


## VirCode

пинчеподобная малварь

File ghost.exe received on 04.14.2009 17:25:45 (CET)
Current status:   finished 
Result: 6/40 (15%)




> Antivirus	Version	Last Update	Result
> *a-squared	4.0.0.101	2009.04.14	Riskware.Win32.VBInject!IK*
> AhnLab-V3	5.0.0.2	2009.04.14	-
> AntiVir	7.9.0.138	2009.04.14	-
> Antiy-AVL	2.0.3.1	2009.04.14	-
> Authentium	5.1.2.4	2009.04.14	-
> Avast	4.8.1335.0	2009.04.14	-
> AVG	8.5.0.285	2009.04.14	-
> BitDefender	7.2	2009.04.14	-
> ...


Additional information
File size: 230565 bytes
MD5...: 762d7e4a2361107cf0c189c6f672f3cf
SHA1..: 0995f54b4a4a5c2843b020181485e122a23daa9f
SHA256: 8dfa1ee325c77a9cdb88b1a3315c761f030c66988db5ed2cb1  8cbe3b0fc448cb
SHA512: 93067dd4ad8cf1367a281a576c2775fa766b7b373878f741c4  e8200fd0f0ab47
6f541395f605433b4ee7f66235a8f82f164b0f987ba9f54bc3  978bb0da075293

----------


## senyak

Файл xvidDecoder59.exe получен 2009.04.14 22:39:46 (CET)
Текущий статус: закончено
Результат: 15/40 (37.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.04.14	Trojan-Dropper.Agent!IK*
> AhnLab-V3	5.0.0.2	2009.04.14	-
> *AntiVir	7.9.0.143	2009.04.14	TR/Drop.Agent.amer*
> Antiy-AVL	2.0.3.1	2009.04.14	-
> Authentium	5.1.2.4	2009.04.14	-
> *Avast	4.8.1335.0	2009.04.14	Win32:Trojan-gen {Other}*
> AVG	8.5.0.285	2009.04.14	-
> BitDefender	7.2	2009.04.14	-
> ...


Дополнительная информация
File size: 74752 bytes
MD5...: 272e019cfb9bc49fe2187943e53a0c61
SHA1..: bdba188df500921fa9f91b044ac92830564052eb
SHA256: a629deefac8e0ab884da43e231950ac9f19df5961766729477  103e03e93ac51d
SHA512: 1959909f8ea3af74d818fc734f8f5edc239cd86c2bcb61728b  94c38ceb6173e5
30243ff328f82963ccfd1d57589f11b76699102f2e8370a51f  de8e90d789707f
ssdeep: 1536:W7XDQ6Ch22bqaKNOlzX7g9PUOUukwZ7gU47S0o/S0:W7XDC222XNOlX7WUG
eUSm/
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

----------


## senyak

Файл setup.exe получен 2009.04.15 14:24:56 (CET)
Текущий статус: закончено
Результат: 13/39 (33.34%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.04.15	Trojan.Win32.Vaklik!IK*
> AhnLab-V3	5.0.0.2	2009.04.15	-
> *AntiVir	7.9.0.143	2009.04.15	ADSPY/AdSpy.Gen*
> Antiy-AVL	2.0.3.1	2009.04.15	-
> *Authentium	5.1.2.4	2009.04.14	W32/FakeAlert.4!Generic*
> Avast	4.8.1335.0	2009.04.15	-
> AVG	8.5.0.287	2009.04.15	-
> BitDefender	7.2	2009.04.15	-
> ...


Дополнительная информация
File size: 87563 bytes
MD5...: 57d1a8388bcba89b1a7a4a030cd6b679
SHA1..: a25489f4a740a0f3b6e02108d4dc616fa62a4047
SHA256: 2f4f31670dbc10adb9ed615186a7820eca63a7d07d7950e104  be2e4e9d3a2060
SHA512: f52e9c1f7fcb6f3415b60610fc172c9a3285b797740a41fa69  e3fb2493212e1d
919b39f0d30bde57c4ac5b18591825e2b87b4141607b2b0563  3ddfc7cefa00e6
ssdeep: 1536:Bm7ZLr4Nf5vi68DCf87v9CS/Pl4+5I9/EPm:6ZLUfgeExt+b9n
PEiD..: -
TrID..: File type identification
Win16/32 Executable Delphi generic (25.1%)
Clipper DOS Executable (24.5%)
Generic Win/DOS Executable (24.3%)
DOS Executable Generic (24.2%)
Lumena CEL bitmap (0.7%)
PEInfo: PE Structure information

*Добавлено через 1 час 59 минут*

Файл video_codec.exe получен 2009.04.15 16:25:01 (CET)
Текущий статус: закончено
Результат: 12/40 (30%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.04.15	Trojan-Downloader.Win32.FakeRean!IK
> AhnLab-V3	5.0.0.2	2009.04.15	Win-Trojan/FakeRean.107523
> AntiVir	7.9.0.143	2009.04.15	TR/Dldr.FakeRean*
> Antiy-AVL	2.0.3.1	2009.04.15	-
> Authentium	5.1.2.4	2009.04.14	-
> Avast	4.8.1335.0	2009.04.15	-
> *AVG	8.5.0.287	2009.04.15	Win32/Heur*
> BitDefender	7.2	2009.04.15	-
> ...


Дополнительная информация
File size: 107523 bytes
MD5...: e8a4b719b606ddc9623cd1415a33625d
SHA1..: 2370e692013ec4765c2a32680f97e7b3c9d0b7d9
SHA256: 717703c1811e29a4b8770eae8508fab16ce0a179ab061292d6  cff803a2921f50
SHA512: 89376c98177b063990f4e13131236fcc494a72c722a70719f7  09d1abfe9a4dc6
9346253293397c5c06a4f9c10826e8ca18e67d82f850bc04dd  f112b0e7d9f176
ssdeep: 3072:lGU3tTPLNNit6nTrkWwSXosoFOjSjdH6SibHyi9X3kua:  NVLDiSPkSXossl
6Sirp8
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

----------


## ISO

File Wprotected.exe received on 04.16.2009 04:37:31 (CET)



```
Antivirus 	Version 	Last Update 	Result
a-squared	4.0.0.101	2009.04.16	-
AhnLab-V3	5.0.0.2	2009.04.15	-
AntiVir	7.9.0.143	2009.04.15	TR/ATRAPS.Gen
Antiy-AVL	2.0.3.1	2009.04.16	-
Authentium	5.1.2.4	2009.04.16	-
Avast	4.8.1335.0	2009.04.15	-
AVG	8.5.0.287	2009.04.16	Generic3.RFF
CAT-QuickHeal	10.00	2009.04.15	-
ClamAV	0.94.1	2009.04.16	-
Comodo	1115	2009.04.15	-
DrWeb	4.44.0.09170	2009.04.16	-
eSafe	7.0.17.0	2009.04.13	Suspicious File
eTrust-Vet	31.6.6455	2009.04.14	-
F-Prot	4.4.4.56	2009.04.15	-
F-Secure	8.0.14470.0	2009.04.16	-
Fortinet	3.117.0.0	2009.04.15	-
GData	19	2009.04.16	-
Ikarus	T3.1.1.49.0	2009.04.16	-
K7AntiVirus	7.10.704	2009.04.15	-
Kaspersky	7.0.0.125	2009.04.16	Heur.Trojan.Generic
McAfee	5585	2009.04.15	-
McAfee+Artemis	5585	2009.04.15	-
McAfee-GW-Edition	6.7.6	2009.04.15	Trojan.ATRAPS.Gen
Microsoft	1.4502	2009.04.15	Trojan:Win32/SystemHijack.gen
NOD32	4012	2009.04.16	probably unknown NewHeur_PE
Norman	6.00.06	2009.04.15	-
nProtect	2009.1.8.0	2009.04.15	-
Panda	10.0.0.14	2009.04.15	Suspicious file
PCTools	4.4.2.0	2009.04.15	-
Prevx1	V2	2009.04.16	-
Rising	21.25.24.00	2009.04.15	-
Sophos	4.40.0	2009.04.16	Sus/Behav-1014
Sunbelt	3.2.1858.2	2009.04.15	BehavesLike.Win32.Malware (v)
Symantec	1.4.4.12	2009.04.16	-
TheHacker	6.3.4.0.309	2009.04.16	-
TrendMicro	8.700.0.1004	2009.04.15	PAK_Generic.001
VBA32	3.12.10.2	2009.04.12	suspected of Win32 Shadow AutoStart Install
ViRobot	2009.4.16.1695	2009.04.16	-
VirusBuster	4.6.5.0	2009.04.15	-
```

Additional information
File size: 64000 bytes
MD5...: 312b8d1bc674ccd1b86bffb7b27e3771
SHA1..: 0b06ea20887624f1cc49c35dbd7ab68452d6df7e
SHA256: 5d6cda2a61c0038063f2b2277cae80586548f9b615c40f2354  0b3d158b088f4f
SHA512: 05ebca1faa22354de5b8c3a78ce05fb0d97eae325cbe461197  2c622a3ca98109
fcc878a650ad51caa3233056f3d52e2d17f6d8c1b8cda1f8e8  28239287fb0374
ssdeep: 1536:AfxgkH+AuBTEBostwhrxV/wz4DcINWRc1Lu3BV/oKirx7SfuaF:AfVH+A2E
BvmoycIMc1L8V/oZx7Yl
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (38.5%)
Win32 EXE Yoda's Crypter (33.4%)
Win32 Executable Generic (10.7%)
Win32 Dynamic Link Library (generic) (9.5%)
Win16/32 Executable Delphi generic (2.6%)
PEInfo: PE Structure information

----------


## Kuzz

Файл avz00006.dta (STTRUTNL.sys) получен 2009.04.16 15:37:18 (CET)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.04.16	Trojan.Generic!IK
AhnLab-V3	5.0.0.2	2009.04.16	-
AntiVir	7.9.0.143	2009.04.16	TR/Rootkit.Gen
Antiy-AVL	2.0.3.1	2009.04.16	-
Authentium	5.1.2.4	2009.04.16	-
Avast	4.8.1335.0	2009.04.16	Win32:TrPack
AVG	8.5.0.287	2009.04.16	-
BitDefender	7.2	2009.04.16	Trojan.Generic.1222859
CAT-QuickHeal	10.00	2009.04.16	-
ClamAV	0.94.1	2009.04.16	-
Comodo	1116	2009.04.16	-
DrWeb	4.44.0.09170	2009.04.16	Trojan.Sentinel.based
eSafe	7.0.17.0	2009.04.13	-
eTrust-Vet	31.6.6455	2009.04.14	-
F-Prot	4.4.4.56	2009.04.15	-
F-Secure	8.0.14470.0	2009.04.16	-
Fortinet	3.117.0.0	2009.04.16	-
GData	19	2009.04.16	Trojan.Generic.1222859
Ikarus	T3.1.1.49.0	2009.04.16	Trojan.Generic
K7AntiVirus	7.10.704	2009.04.15	Trojan.Win32.Malware
Kaspersky	7.0.0.125	2009.04.16	-
McAfee	5585	2009.04.15	Generic.dx
McAfee+Artemis	5585	2009.04.15	Generic.dx
McAfee-GW-Edition	6.7.6	2009.04.16	Trojan.Rootkit.Gen
Microsoft	1.4502	2009.04.16	Spammer:WinNT/Srizbi.A
NOD32	4013	2009.04.16	probably a variant of Win32/Agent
Norman	6.00.06	2009.04.15	-
nProtect	2009.1.8.0	2009.04.16	-
Panda	10.0.0.14	2009.04.15	-
PCTools	4.4.2.0	2009.04.15	-
Prevx1	V2	2009.04.16	High Risk Worm
Rising	21.25.34.00	2009.04.16	-
Sophos	4.40.0	2009.04.16	-
Sunbelt	3.2.1858.2	2009.04.15	Trojan.1
Symantec	1.4.4.12	2009.04.16	Trojan Horse
TheHacker	6.3.4.0.309	2009.04.16	-
TrendMicro	8.700.0.1004	2009.04.16	Cryp_Xed-3
VBA32	3.12.10.2	2009.04.12	-
ViRobot	2009.4.16.1696	2009.04.16	-
VirusBuster	4.6.5.0	2009.04.15	-
```

Дополнительная информация
File size: 178176 bytes
MD5...: e065942dc96c43974d0fd186ee394547
SHA1..: c174be06ef497d2ac4b825f2cd4bed2ee87c867d
SHA256: 89b7d26e004e4f1636e1c782e335782127563edc4953a2d38b  436541c76abea1
SHA512: 9f9fc92b4ff91f01489883ac51540ee80bdb8bec3a5d01af07  639f9626a46644<br>c59bf3aa21d7853a527fb244a18a3894  c39e4cdb584de9fe9f438a041724b2c1
ssdeep: 3072:13tjwmwSwqwh37+Es01KirzMVZYIsRmd8saVWKgRiR8QM  hsti4k0bp:ttjw<br>mwSwqwx7qziruZERmdjakhRia2is<br>
PEiD..: -
TrID..: File type identification<br>Generic Win/DOS Executable (49.5%)

----------


## senyak

Файл video_codec.exe получен 2009.04.18 11:24:10 (CET)
Текущий статус: закончено
Результат: 8/40 (20%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.04.18	-
> AhnLab-V3	5.0.0.2	2009.04.17	-
> AntiVir	7.9.0.143	2009.04.17	-
> Antiy-AVL	2.0.3.1	2009.04.17	-
> Authentium	5.1.2.4	2009.04.18	-
> Avast	4.8.1335.0	2009.04.17	-
> *AVG	8.5.0.287	2009.04.17	Win32/Heur*
> BitDefender	7.2	2009.04.18	-
> ...


Дополнительная информация
File size: 107011 bytes
MD5...: ae9a600288c2e2dafb6ec141474848fd
SHA1..: 9a462156de7de53dcc29aac7dcba5a6a72ed0e3f
SHA256: b0245819ae02d0bc6e18cdff07f566a3d84e3f6fa8d7c9639d  fd332f2d7d60b1
SHA512: 53fb5b3086b1334df157f97b9301af2347c6d578d6e6550d3b  4db70fc85b152b
dc7a96a1fad285fe76b535fb2efd06777cbede5a7ed9e460f7  425d38040abbed
ssdeep: 1536 :Cheesy: mPkZ+A1yrdEN2uTJQP/F0TfkUDR0GZFalMS0vSVzTotKgrKCVcdTX3kua:
O8yrDuTD5DikFxvSVzUtkCi9X3kua
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

----------


## senyak

Файл setup.exe получен 2009.04.19 10:44:11 (CET)
Текущий статус: закончено
Результат: 14/40 (35%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.04.19	-
> AhnLab-V3	5.0.0.2	2009.04.18	-
> *AntiVir	7.9.0.148	2009.04.18	ADSPY/AdSpy.Gen*
> Antiy-AVL	2.0.3.1	2009.04.17	-
> *Authentium	5.1.2.4	2009.04.19	W32/FakeAlert.4!Generic*
> Avast	4.8.1335.0	2009.04.18	-
> *AVG	8.5.0.287	2009.04.18	Generic13.ZPK*
> BitDefender	7.2	2009.04.19	-
> ...


Дополнительная информация
File size: 87563 bytes
MD5...: 68276c5eb83d83ff0ca43f15c42169b9
SHA1..: 7f72ecb858db67d9732e0575f9bb9eb1f4763587
SHA256: 5756f736a6dce21554a7e982d5082ea1e8a842b6d24f6a97a0  824774926b8947
SHA512: a141f92b6e948486aa1fe69d2941a777b5c77741e29e4dc069  b79be01208aac6
c89f52bd139adb3af7f9e57b6c694777412ae163b82242860e  ac01a3d5c5dc1a
ssdeep: 768:KstIpKba9LXoY2IehhyNHYEk7NuP6XscqyFaqDldNQUWmy/EPA :lol: IgUXpeOH
lgS6XFXFVQUxy/EPA
PEiD..: -
TrID..: File type identification
Win16/32 Executable Delphi generic (25.1%)
Clipper DOS Executable (24.5%)
Generic Win/DOS Executable (24.3%)
DOS Executable Generic (24.2%)
Lumena CEL bitmap (0.7%)
PEInfo: PE Structure information

*Добавлено через 50 минут*

Файл setup___.exe получен 2009.04.19 11:13:51 (CET)
Текущий статус: закончено
Результат: 8/40 (20%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.04.19	-
> AhnLab-V3	5.0.0.2	2009.04.18	-
> *AntiVir	7.9.0.148	2009.04.18	ADSPY/AdSpy.Gen*
> Antiy-AVL	2.0.3.1	2009.04.17	-
> *Authentium	5.1.2.4	2009.04.19	W32/FakeAlert.4!Generic*
> Avast	4.8.1335.0	2009.04.18	-
> AVG	8.5.0.287	2009.04.18	-
> BitDefender	7.2	2009.04.19	-
> ...


Дополнительная информация
File size: 115712 bytes
MD5...: 93d5add0142d172e41ccfc80b61a0300
SHA1..: 9bfae9fa2341a2b3a0839741516eafc07a6fd879
SHA256: 7f3dfd6a37518543a8a3617df529cd83cf75e3b78e32d68792  71465b3f2f1d94
SHA512: c857f552d045051119ff94c196d52d74281d32c0244a7388e7  9e50c6d7fbdb56
fe74e2321af4dffd87d6c8f5562d3a48ae02db1792fac3095e  cd627b7f15dc28
ssdeep: 1536:CMWhZNa/O9OAKc72dwVfvOebxfWV+FHbQA+ym/EPd:NWhZs/GOLWYAOeb0V
cQ9
PEiD..: -
TrID..: File type identification
Win16/32 Executable Delphi generic (25.1%)
Clipper DOS Executable (24.5%)
Generic Win/DOS Executable (24.3%)
DOS Executable Generic (24.2%)
Lumena CEL bitmap (0.7%)
PEInfo: PE Structure information

*Добавлено через 2 часа 10 минут*

Файл video_codec.exe получен 2009.04.19 13:44:34 (CET)
Текущий статус: закончено
Результат: 15/40 (37.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.04.19	Trojan-Dropper.Agent!IK*
> AhnLab-V3	5.0.0.2	2009.04.18	-
> *AntiVir	7.9.0.148	2009.04.18	TR/Dldr.Agent.broo*
> Antiy-AVL	2.0.3.1	2009.04.17	-
> Authentium	5.1.2.4	2009.04.19	-
> Avast	4.8.1335.0	2009.04.18	-
> *AVG	8.5.0.287	2009.04.18	Win32/Heur*
> BitDefender	7.2	2009.04.19	-
> ...


Дополнительная информация
File size: 107011 bytes
MD5...: ae9a600288c2e2dafb6ec141474848fd
SHA1..: 9a462156de7de53dcc29aac7dcba5a6a72ed0e3f
SHA256: b0245819ae02d0bc6e18cdff07f566a3d84e3f6fa8d7c9639d  fd332f2d7d60b1
SHA512: 53fb5b3086b1334df157f97b9301af2347c6d578d6e6550d3b  4db70fc85b152b
dc7a96a1fad285fe76b535fb2efd06777cbede5a7ed9e460f7  425d38040abbed
ssdeep: 1536 :Cheesy: mPkZ+A1yrdEN2uTJQP/F0TfkUDR0GZFalMS0vSVzTotKgrKCVcdTX3kua:
O8yrDuTD5DikFxvSVzUtkCi9X3kua
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

----------


## Winsent

Файл index.htm получен 2009.04.19 18:50:42 (CET)
Антивирус Версия Обновление Результат



```
a-squared 4.0.0.101 2009.04.19 Exploit.JS.Agent!IK
AhnLab-V3 5.0.0.2 2009.04.19 -
AntiVir 7.9.0.148 2009.04.19 -
Antiy-AVL 2.0.3.1 2009.04.17 -
Authentium 5.1.2.4 2009.04.19 -
Avast 4.8.1335.0 2009.04.19 -
AVG 8.5.0.287 2009.04.18 JS/Obfuscated
BitDefender 7.2 2009.04.19 -
CAT-QuickHeal 10.00 2009.04.18 -
ClamAV 0.94.1 2009.04.19 -
Comodo 1121 2009.04.19 -
DrWeb 4.44.0.09170 2009.04.19 Trojan.DownLoad.35036
eSafe 7.0.17.0 2009.04.19 -
eTrust-Vet 31.6.6455 2009.04.14 -
F-Prot 4.4.4.56 2009.04.19 -
F-Secure 8.0.14470.0 2009.04.19 Exploit.JS.Agent.agc
Fortinet 3.117.0.0 2009.04.19 -
GData 19 2009.04.19 -
Ikarus T3.1.1.49.0 2009.04.19 Exploit.JS.Agent
K7AntiVirus 7.10.707 2009.04.17 -
Kaspersky 7.0.0.125 2009.04.19 Exploit.JS.Agent.agc
McAfee 5589 2009.04.19 -
McAfee+Artemis 5589 2009.04.19 -
McAfee-GW-Edition 6.7.6 2009.04.19 -
Microsoft 1.4502 2009.04.19 -
NOD32 4019 2009.04.18 -
Norman 6.00.06 2009.04.17 -
nProtect 2009.1.8.0 2009.04.19 -
Panda 10.0.0.14 2009.04.19 -
PCTools 4.4.2.0 2009.04.17 -
Prevx1 V2 2009.04.19 -
Rising 21.25.62.00 2009.04.19 -
Sophos 4.40.0 2009.04.19 -
Sunbelt 3.2.1858.2 2009.04.18 -
Symantec 1.4.4.12 2009.04.19 -
TheHacker 6.3.4.0.309 2009.04.16 -
TrendMicro 8.700.0.1004 2009.04.17 -
VBA32 3.12.10.2 2009.04.12 -
ViRobot 2009.4.18.1685 2009.04.18 -
VirusBuster 4.6.5.0 2009.04.19 -
```

Дополнительная информация
File size: 2206 bytes
MD5...: 3ec737affc1e52191c39a2d9dbfc5f34
SHA1..: 1fc64055c758b32a5f06f5e709f2bac1e188f186
SHA256: c13cf6ff8dd7130098be76874d2438fce13c921161a054b1e1  ea73fbc4e0b95f
SHA512: fa7f4e5378020a8c34bb334bc11ffdf440a31617dac93c1bb3  d4c8033ba0cbe6<BR>e539c49b958479daa8a4552fe016815a  7adcd02ff8ec5d01ace6db5c63d81593
ssdeep: 48:rtERaCpNIU1jVAxlnn09cE4MOd/aIdPKv2dNAiS6f:ryRaHWV456cqOdNdSv+<BR>As<BR>
PEiD..: -
TrID..: File type identification<BR>HyperText Markup Language (100.0%)
PEInfo: -
RDS...: NSRL Reference Data Set<BR>-

----------


## senyak

Файл s03_07s_2_1_.pdf получен 2009.04.23 22:50:44 (CET)
Текущий статус: закончено
Результат: 12/40 (30%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.04.23	Exploit.Pidief!IK*
> AhnLab-V3	5.0.0.2	2009.04.23	-
> AntiVir	7.9.0.148	2009.04.23	-
> Antiy-AVL	2.0.3.1	2009.04.23	-
> Authentium	5.1.2.4	2009.04.22	-
> *Avast	4.8.1335.0	2009.04.22	JSdfka-DW*
> AVG	8.5.0.287	2009.04.22	-
> *BitDefender	7.2	2009.04.23	Exploit.PDF-JS.Gen*
> ...


Дополнительная информация
File size: 10806 bytes
MD5...: 8f0ac81b308dc52ecba8e299589498b2
SHA1..: 9bf02acb8e20cecc855ac3df53e924afbc97d425
SHA256: edc2305841f21376708eff0bf01d6a62ced10404b3500c747b  21daabccc70da9
SHA512: 05c672a06123fef205c51772313bc7b6c1bb859bf237de1e9b  1a5121cd67ed5f
814439dc3c90d2eddd0a714ac26cafa23280b685b5d48b0de8  b8b0e6e82436cb
ssdeep: 192 :Lipsrsealed: LFMlMOLp6WL5M39LCVGKWH/SFW/z/xR1sZuYCcNDAHHzxJk8eDmRRdP3k4F
ATY :Lipsrsealed: L6lMOLp6WL5s9LCcKWH/SFW/z/xR1+g
PEiD..: -
TrID..: File type identification
Adobe Portable Document Format (100.0%)
PEInfo: -

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## senyak

Файл video_codec.exe получен 2009.04.24 13:08:58 (CET)
Текущий статус: закончено
Результат: 10/40 (25.00%)



> Антивирус 	Версия 	Обновление 	Результат
> a-squared 	4.0.0.101 	2009.04.24 	-
> AhnLab-V3 	5.0.0.2 	2009.04.24 	-
> AntiVir 	7.9.0.155 	2009.04.24 	-
> Antiy-AVL 	2.0.3.1 	2009.04.24 	-
> Authentium 	5.1.2.4 	2009.04.23 	-
> Avast 	4.8.1335.0 	2009.04.23 	-
> AVG 	8.5.0.287 	2009.04.24 	-
> BitDefender 	7.2 	2009.04.24 	-
> ...


Дополнительная информация
File size: 107523 bytes
MD5...: 39d20241b9bc148475d70f62f66ecfd7
SHA1..: bf6d44b3bf03b6b3ed84246a0e6f5b0566354a16
SHA256: 0b1295c62587f275f4edf4de82dbd71c932afe0960d8794a0c  ea6145003598b1
SHA512: 7f4ed2337776e9a273fd82f46e647b58ee9473e70fdbd1109f  2bfda92a16b860
2d94ff41d12155e9215189269b868a6a9e42287b51157b48c5  3121c6e347a6a7
ssdeep: 1536:AEDwfiBbmC1CcrUu12cbMCDXPacgsacCzRkvj/bDIgcXTVcdTX3kua:i6Bb
hpzBacWzRiQgcXTi9X3kua
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

----------


## ISO

File vzlomicq.jar received on 04.24.2009 15:10:39 (CET)



```
Antivirus 	Version 	Last Update 	Result
a-squared	4.0.0.101	2009.04.24	-
AhnLab-V3	5.0.0.2	2009.04.24	-
AntiVir	7.9.0.155	2009.04.24	-
Antiy-AVL	2.0.3.1	2009.04.24	-
Authentium	5.1.2.4	2009.04.23	-
Avast	4.8.1335.0	2009.04.23	-
AVG	8.5.0.287	2009.04.24	-
BitDefender	7.2	2009.04.24	-
CAT-QuickHeal	10.00	2009.04.23	-
ClamAV	0.94.1	2009.04.24	-
Comodo	1130	2009.04.23	-
DrWeb	4.44.0.09170	2009.04.24	-
eSafe	7.0.17.0	2009.04.23	-
eTrust-Vet	31.6.6474	2009.04.24	-
F-Prot	4.4.4.56	2009.04.23	-
F-Secure	8.0.14470.0	2009.04.24	Trojan-SMS.J2ME.Boxer.j
Fortinet	3.117.0.0	2009.04.24	-
GData	19	2009.04.24	-
Ikarus	T3.1.1.49.0	2009.04.24	-
K7AntiVirus	7.10.714	2009.04.23	-
Kaspersky	7.0.0.125	2009.04.24	Trojan-SMS.J2ME.Boxer.j
McAfee	5594	2009.04.23	-
McAfee+Artemis	5594	2009.04.23	-
McAfee-GW-Edition	6.7.6	2009.04.24	-
Microsoft	1.4602	2009.04.24	-
NOD32	4033	2009.04.24	-
Norman	6.00.06	2009.04.24	-
nProtect	2009.1.8.0	2009.04.24	-
Panda	10.0.0.14	2009.04.23	-
PCTools	4.4.2.0	2009.04.24	-
Prevx1	3.0	2009.04.24	-
Rising	21.26.44.00	2009.04.24	-
Sophos	4.41.0	2009.04.24	-
Sunbelt	3.2.1858.2	2009.04.24	-
Symantec	1.4.4.12	2009.04.24	-
TheHacker	6.3.4.0.313	2009.04.24	-
TrendMicro	8.700.0.1004	2009.04.24	-
VBA32	3.12.10.3	2009.04.24	-
ViRobot	2009.4.24.1708	2009.04.24	-
VirusBuster	4.6.5.0	2009.04.23	-
```

Additional information
File size: 41008 bytes
MD5...: 2b57b6e284232f5a7cad1a30b40853d8
SHA1..: e2578e15fe799dc1369a66f5568b7a0e94556e42
SHA256: 987c3f26446192385d1c9fae1dd75e0643df461b1c0f9950ab  0c27e563c9d308
SHA512: 2a08ba32fa4edd43963f40aedde4c14a4721769a6ab170e023  869686cce43056
d7428c4679516ff95d97e758b77b258fc827e14b08f054450e  9d1e43fc255c93
ssdeep: 768:VFR/YDi/fSK1+15Opu07rGR/fSK1+q0ucL71u/MfKJ+ :Stick Out Tongue: yDC3VpuYr23UuQu
USJ+
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

----------


## senyak

Файл Jimm2009.jar получен 2009.04.25 23:52:10 (CET)
Текущий статус: закончено
Результат: 8/40 (20%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.04.25	Trojan-SMS!IK*
> AhnLab-V3	5.0.0.2	2009.04.24	-
> AntiVir	7.9.0.156	2009.04.25	-
> Antiy-AVL	2.0.3.1	2009.04.24	-
> Authentium	5.1.2.4	2009.04.25	-
> *Avast	4.8.1335.0	2009.04.25	Other:Malware-gen*
> AVG	8.5.0.287	2009.04.25	-
> BitDefender	7.2	2009.04.25	-
> ...


Дополнительная информация
File size: 135729 bytes
MD5...: 474815affb2614459241a04bab355400
SHA1..: a1c56600e9259931f5bf42b40bb78f9693c051b0
SHA256: e0abc06bbb2d05f43d9d20edd7c28aa75b8e0920c13ded05a7  41bf408db9c8d1
SHA512: 22339b7d8075f34bf6eda253337bb1f6d8d89c4908a0df19f8  62860696e3618a
5d73750898324e601f37238a21e6a08de7f8763600907cf62a  c76848dfcfd950
ssdeep: 3072:EYzNg2B5XHj04ANArHJ+ga5h90VX0KgblXQcjkVtr4wk7  gr9:RzNRB5lAir
p+garRKOdljkVd4wkM9
PEiD..: -
TrID..: File type identification
Java Archive (78.2%)
ZIP compressed archive (21.5%)
Sybase iAnywhere database files (0.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

----------


## senyak

Файл 155.exe получен 2009.04.26 16:09:05 (CET)
Текущий статус: закончено
Результат: 15/40 (37.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.04.26	Trojan-Downloader.Win32.FakeRean!IK*
> AhnLab-V3	5.0.0.2	2009.04.26	-
> *AntiVir	7.9.0.156	2009.04.25	TR/Dldr.FakeRean.8*
> Antiy-AVL	2.0.3.1	2009.04.24	-
> Authentium	5.1.2.4	2009.04.25	-
> Avast	4.8.1335.0	2009.04.25	-
> *AVG	8.5.0.287	2009.04.26	SHeur2.ACOF*
> BitDefender	7.2	2009.04.26	-
> ...


Дополнительная информация
File size: 106499 bytes
MD5...: 90bc10c2e27279f1171426be4968beaa
SHA1..: f8cd86872ddcc6ee4ee946405579f2ccc612e559
SHA256: b80760fc7c37e00cce5a5990fa2423cc29b6004bfba7b55972  8e1e35fb897632
SHA512: 085ebeaa1051a3ff2c196990809895e2080134a1ffc73026b1  55aebda3042d1f
505df6ea04fa6300a7b665936578f0af2bddef7d50e8cab747  eaf5b8c7604180
ssdeep: 3072:3KgVYEOBwBg9v9gPWFrYacEY2F3MsWi9X3kua:hgwBg96  PWtYb2JMst8
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

*Добавлено через 2 часа 24 минуты*

Файл pcdefender.exe получен 2009.04.26 18:36:50 (CET)
Текущий статус: закончено
Результат: 13/40 (32.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.04.26	Trojan.Win32.FakeRean!IK*
> AhnLab-V3	5.0.0.2	2009.04.26	-
> *AntiVir	7.9.0.156	2009.04.25	TR/FakeRean.A.17*
> Antiy-AVL	2.0.3.1	2009.04.24	-
> Authentium	5.1.2.4	2009.04.25	-
> Avast	4.8.1335.0	2009.04.25	-
> AVG	8.5.0.287	2009.04.26	-
> BitDefender	7.2	2009.04.26	-
> ...


Дополнительная информация
File size: 1020928 bytes
MD5...: 08280b54a22b124ef52965cf732180d0
SHA1..: c31a08633bf6a02a24b012a7ce83cc45c1dc356d
SHA256: 30dc2847f20c75bbc3919a919d9f00f31dad3d3b3de9ace102  1968e1f238c714
SHA512: 27bfc73dda102d17770266e1d72c960023852283c9d563b0ce  866a0d45332e4d
a89f161f8ce99848affc993621fa9d299b959e1195625833a4  6dda42b99c653a
ssdeep: 24576:CYEKBEDsECxgLV0cjdqcp96jiImn5uuSDvyRAvNgGn90  Jsqp:rEKBEDBC8
0cjdq7mYuW2ONgA9vM
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information



Файл ieocx.dll получен 2009.04.26 18:36:09 (CET)
Текущий статус: закончено
Результат: 20/40 (50%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.04.26	Trojan.Win32.Agent2!IK*
> AhnLab-V3	5.0.0.2	2009.04.26	-
> *AntiVir	7.9.0.156	2009.04.25	TR/Crypt.XPACK.Gen*
> Antiy-AVL	2.0.3.1	2009.04.24	-
> Authentium	5.1.2.4	2009.04.25	-
> Avast	4.8.1335.0	2009.04.25	-
> *AVG	8.5.0.287	2009.04.26	Agent2.EZY
> BitDefender	7.2	2009.04.26	Trojan.Fakeav.KQ
> ...


Дополнительная информация
File size: 28160 bytes
MD5...: bb59857d621940181937b736e98bbcd0
SHA1..: 80dd23cc95ae35b09bba0d7be3715ea6a5edcc3b
SHA256: f710f2d4f4fb558a9521e2a90fc3c703d03cc224736061802e  b9f1c002b71e4a
SHA512: ad4a722ff8a1639021ebdde57a748fa2389ef1ed8c29ae926c  9e628d74fd615c
3f5d59e2089925099405eaa4071aee065cd2a1e4be40be681e  74b8fe15d03f65
ssdeep: 384:lImQDP/17oTxjRW/2jjQXk69cKxPYSiTniYvwZcwx9l9+Wu3XXANHiWNbbvv
4Q:l5QDPdWHQ+QXfxPtUIRv+WunqBx
PEiD..: -
TrID..: File type identification
DirectShow filter (58.0%)
Windows OCX File (35.5%)
Win32 Executable Generic (2.4%)
Win32 Dynamic Link Library (generic) (2.1%)
Clipper DOS Executable (0.5%)
PEInfo: PE Structure information

*Добавлено через 4 часа 58 минут*

Файл download получен 2009.04.26 23:28:54 (CET)
Текущий статус: закончено
Результат: 10/40 (25%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.04.26	Trojan.Fakeav!IK*
> AhnLab-V3	5.0.0.2	2009.04.26	-
> *AntiVir	7.9.0.156	2009.04.26	TR/Kryptik.MR*
> Antiy-AVL	2.0.3.1	2009.04.24	-
> *Authentium	5.1.2.4	2009.04.26	W32/FakeAlert.4!Generic
> Avast	4.8.1335.0	2009.04.26	Win32:FakeAlert-BD*
> AVG	8.5.0.287	2009.04.26	-
> BitDefender	7.2	2009.04.26	-
> ...


Дополнительная информация
File size: 89638 bytes
MD5...: d68ab489f124a2fe836f5ea642c93c99
SHA1..: 0e720277af1226f0e4941e92dd1fb39b2dd83b93
SHA256: 66c6695af158848574c6e3f3836ba22649b5355c5c71c68fc9  f0bf3f4affbb0c
SHA512: 8791f62f69dd57067d6489136ab25adeef90bbf853b47243c6  6cc9dfcd3ac788
36be60fedca5e46fcce498f8a79f739370bfd538d7c9234d03  ccc9d892ad187a
ssdeep: 1536:TgNJH7D4isFjNItCWNCRK4xnSdWGGxcTKKwYFzHZuCyoh  mJUJLEY5qXX0:T
GsZiIWBSRGGxZYHL2UJLLIXX0
PEiD..: -
TrID..: File type identification
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information



Файл vir получен 2009.04.26 23:29:04 (CET)
Текущий статус: закончено
Результат: 13/40 (32.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.04.26	Trojan-Downloader.HTML.Agent!IK
> AhnLab-V3	5.0.0.2	2009.04.26	HTML/Agent
> AntiVir	7.9.0.156	2009.04.26	HTML/Agent.OV
> Antiy-AVL	2.0.3.1	2009.04.24	Trojan/HTML.Agent
> Authentium	5.1.2.4	2009.04.26	-*
> Avast	4.8.1335.0	2009.04.26	-
> AVG	8.5.0.287	2009.04.26	-
> BitDefender	7.2	2009.04.26	-
> ...


Дополнительная информация
File size: 15562 bytes
MD5...: 8a94c3da97fd8b73e284969028f4be0d
SHA1..: d441321c49a47af1a8fa77b2f6955641019cf117
SHA256: 7031a4a537dd304499014ed34c6f97c513c88815a24508d1f0  a4ff28f2e2b0bb
SHA512: cbd5892f304617cbf71fda0b98c859c156b0ccd862915e82ee  53f54c8509fa56
70bc62fd5d9e3440120481371d16c268f787edc240b13d3d94  e54987fb60a711
ssdeep: 192:eXhkmYLqkAt0+XjRUfXJPjJCdZg3UXRGEUdM87h/j8ybiBN+eMOb:EfY21KK
jRUfXJ7JCvg3dX64/j8yYMA
PEiD..: -
TrID..: File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

----------


## Black_N

Файл autorun.rar получен 2009.04.27 12:09:54 (CET)
Текущий статус:   закончено 
Результат: 8/40 (20%) 


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.04.27	-
AhnLab-V3	5.0.0.2	2009.04.27	-
AntiVir	7.9.0.156	2009.04.27	-
Antiy-AVL	2.0.3.1	2009.04.27	-
Authentium	5.1.2.4	2009.04.26	-
Avast	4.8.1335.0	2009.04.26	-
AVG	8.5.0.287	2009.04.27	Worm/AutoRun.FC
BitDefender	7.2	2009.04.27	Worm.AutoRun.VCS
CAT-QuickHeal	10.00	2009.04.27	-
ClamAV	0.94.1	2009.04.27	-
Comodo	1137	2009.04.27	-
DrWeb	4.44.0.09170	2009.04.27	-
eSafe	7.0.17.0	2009.04.23	-
eTrust-Vet	31.6.6478	2009.04.27	-
F-Prot	4.4.4.56	2009.04.26	-
F-Secure	8.0.14470.0	2009.04.27	Worm.Win32.AutoRun.dpz
Fortinet	3.117.0.0	2009.04.27	-
GData	19	2009.04.27	Worm.AutoRun.VCS
Ikarus	T3.1.1.49.0	2009.04.27	-
K7AntiVirus	7.10.716	2009.04.25	-
Kaspersky	7.0.0.125	2009.04.27	Worm.Win32.AutoRun.dpz
McAfee	5597	2009.04.26	-
McAfee+Artemis	5597	2009.04.26	-
McAfee-GW-Edition	6.7.6	2009.04.27	-
Microsoft	1.4602	2009.04.27	-
NOD32	4036	2009.04.27	-
Norman	6.00.06	2009.04.24	BAT/Autorun.BJ
nProtect	2009.1.8.0	2009.04.27	-
Panda	10.0.0.14	2009.04.26	-
PCTools	4.4.2.0	2009.04.26	-
Prevx1	3.0	2009.04.27	-
Rising	21.27.02.00	2009.04.27	-
Sophos	4.41.0	2009.04.27	Sus/AutoInf-A
Sunbelt	3.2.1858.2	2009.04.24	-
Symantec	1.4.4.12	2009.04.27	-
TheHacker	6.3.4.1.315	2009.04.27	-
TrendMicro	8.700.0.1004	2009.04.27	Mal_Otorun1
VBA32	3.12.10.3	2009.04.27	-
ViRobot	2009.4.27.1710	2009.04.27	-
VirusBuster	4.6.5.0	2009.04.26	-
```

Дополнительная информация
File size: 729 bytes
MD5...: 4be3bda460cfb5172fca6498f8da69ad
SHA1..: de6b2180e1bab3c60a4a1281d925ebca74da6de1
SHA256: 60711b85644eb86e6494d6b0bf28d94678be121245ad58cd64  4d19abd8a9e9ec
SHA512: 6aea7f3eb91bc9cf3175075bab987da72c729d505d7cafc9c6  fa60f5e7d0965e
a5ae70d93fc6ba8fc06059a8777f546756007746a8bb786fc3  336bae7181792d
ssdeep: 6:uFtrIlSP743+RsRc4AsBejbTOt0AaCWtrIlSP743+RsRc4As  BejbapG:grIlSY
Euc7XTOSAaCyrIlSYEuc7XapG
PEiD..: -
TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

----------


## senyak

Файл movie1.wmv.exe получен 2009.04.27 15:32:11 (CET)
Текущий статус: закончено
Результат: 8/40 (20%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.04.27	Trojan.Win32.Stuh!IK*
> AhnLab-V3	5.0.0.2	2009.04.27	-
> AntiVir	7.9.0.156	2009.04.27	-
> Antiy-AVL	2.0.3.1	2009.04.27	-
> Authentium	5.1.2.4	2009.04.26	-
> Avast	4.8.1335.0	2009.04.26	-
> AVG	8.5.0.287	2009.04.27	-
> *BitDefender	7.2	2009.04.27	Gen:Trojan.Heur.4024DB8989
> ...


Дополнительная информация
File size: 67072 bytes
MD5...: bc891c196583e49c6029dea9859b883d
SHA1..: 0d3da7e89144a4970149a9a2bb0179ad2894266c
SHA256: 7780c3f34e3b4357af9f8d82ed5d4a8a4e423d05c29a228cd7  c1a127b48d9f54
SHA512: fa49b991a3dd96b451b7a5912a708088c31a173834441a76d5  7930de2b0ba721
a4ae142e41de87984b30cd1f236ae703760a6bafb67f5ec1e1  8692e83342316a
ssdeep: 1536:/18Jj2Zo0qAI6bszZkZBwG5Ivs8GxNR93bkB:/6qFqAqZOBIvs8GxNYB
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.5%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

----------


## DefesT

Файл _.exe получен 2009.04.29 13:16:17 (CET)
Текущий статус: закончено
Результат: 30/40 (75%)



> Антивирус Версия Обновление Результат 
> *a-squared 4.0.0.101 2009.04.29 Backdoor.Win32.Momibot.B!IK 
> AhnLab-V3 5.0.0.2 2009.04.29 Win32/IRCBot.worm.variant 
> AntiVir 7.9.0.156 2009.04.29 TR/Crypt.XPACK.Gen 
> Antiy-AVL 2.0.3.1 2009.04.29 Backdoor/Win32.IRCBot 
> Authentium 5.1.2.4 2009.04.27 W32/Backdoor2.BVDC 
> Avast 4.8.1335.0 2009.04.28 Win32:Trojan-gen {Other} 
> AVG 8.5.0.287 2009.04.29 Win32/Heur 
> BitDefender 7.2 2009.04.29 Backdoor.Bot.36556 
> ...


File size: 41931 bytes 
MD5...: d3d7c438f2de554e75bf22d295e55d9e 
SHA1..: 9b107ac67b0d6c80af9cedf2a9200ddf8a0663a8 
SHA256: 56a0d491a97e276901ff8c9566b47df6bcac046ba34565738d  b499146d7f6eb6 
SHA512: 7cbdf22ea2ab87fa101001c1bfa80c19fc8dd62cd29703d865  26f24005fe1482
16b17a4a68f45203de9c9bb6ebad09f464f5bf2c807eb7207a  0c441d7157a699 
ssdeep: 768:YNBAbBES44peWayMRB0Sw6ghEPt37tlvOUkz:YNK+QxatR  Bkhh4t37tYt

PEiD..: - 
TrID..: File type identification
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) 
PEInfo: PE Structure information

----------


## senyak

Файл Jimm2009.jar получен 2009.04.30 18:34:12 (CET)
Текущий статус: закончено
Результат: 8/40 (20%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.04.30	Trojan-SMS!IK*
> AhnLab-V3	5.0.0.2	2009.04.30	-
> AntiVir	7.9.0.160	2009.04.30	-
> Antiy-AVL	2.0.3.1	2009.04.30	-
> Authentium	5.1.2.4	2009.04.30	-
> *Avast	4.8.1335.0	2009.04.29	Other:Malware-gen*
> AVG	8.5.0.327	2009.04.30	-
> BitDefender	7.2	2009.04.30	-
> ...


Дополнительная информация
File size: 7874 bytes
MD5...: 8dada49451035846fd31fa9ec67c5038
SHA1..: 5d2f866754854a6904df7c72d0dc3e5100febd70
SHA256: 64a4aeb3d435a8da69ac249e88d91334a9f00337b31168cec6  835c52a33ea8fc
SHA512: 4e70a49e1a6069dcd026d065995449dd547ed03dca9c6e3fee  7e140f44abbb66
c4cb0ccb15e65159d066f49dbf7028b326c989f96ccbd0fbfc  ba2f92fc7da04e
ssdeep: 96:h+1K/qPUumSkE3E1Z/I09Da01l+gmkyTt6Hk8nTCxerY/6K0YnK2u98NOrtky
0Cb:h2Uu3kSwS0tKg9E05T/8cw2kOrR0ezCM
PEiD..: -
TrID..: File type identification
Java Archive (78.2%)
ZIP compressed archive (21.5%)
Sybase iAnywhere database files (0.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

----------


## VV2006

Файл *tmp365.exe* получен 2009.04.30 23:13:12 (CET)
Текущий статус:    закончено 
Результат: 4/40 (10%)




> *Антивирус	Версия	Обновление	Результат*
> a-squared	4.0.0.101	2009.04.30	-
> AhnLab-V3	5.0.0.2	2009.04.30	-
> AntiVir	7.9.0.160	2009.04.30	-
> Antiy-AVL	2.0.3.1	2009.04.30	-
> Authentium	5.1.2.4	2009.04.30	-
> Avast	4.8.1335.0	2009.04.30	-
> AVG	8.5.0.327	2009.04.30	-
> BitDefender	7.2	2009.04.30	-
> ...


Дополнительная информация
File size: 2048 bytes
MD5...: c9c24b342801c98feaed015dfddc16a8
SHA1..: a3a3cfd82c9f1e60a10cec6900e684c0b8b99ab1
SHA256: ff8a6894eb43ec6ffede240f4fabcedf3adce42a8657294f06  bfd1c792f9e00b
SHA512: a7173020aa75d1e72ea529f9ce10b81855a9faaeedbefec2db  5e78002248e11d
92949186787333aa450745e3297550b82fc664800deca27fc4  0bead5345bf379
ssdeep: 24:QuiUO0FrK076kA6hzco105tK2GtubRxpoAMoBG/oRidJnrlIA:QW/FrKkrhzc
c0TK2cIgAMoBzidtl
PEiD..: -
TrID..: File type identification
DOS Executable Generic (97.9%)
VXD Driver (1.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.3%)
MS Flight Simulator Aircraft Performance Info (0.1%)
PEInfo: PE Structure information

*Добавлено через 26 минут*

Файл *lsaass.exe* получен 2009.04.30 23:51:12 (CET)
Текущий статус:    закончено 
Результат: 6/40 (15%) 




> *Печать результатов  Антивирус	Версия	Обновление	Результат*
> a-squared	4.0.0.101	2009.04.30	-
> AhnLab-V3	5.0.0.2	2009.04.30	-
> *AntiVir	7.9.0.160	2009.04.30	TR/Crypt.XPACK.Gen*
> Antiy-AVL	2.0.3.1	2009.04.30	-
> Authentium	5.1.2.4	2009.04.30	-
> Avast	4.8.1335.0	2009.04.30	-
> *AVG	8.5.0.327	2009.04.30	Win32/Heur*
> BitDefender	7.2	2009.04.30	-
> ...


Дополнительная информация
File size: 101376 bytes
MD5...: c11a76b7d9707f4220d148be109d6d2b
SHA1..: 3f389ac110fbcd000fedc3b14922fecb8a9dd6f3
SHA256: ae2f9b8a9735fcff48d5221f9596880ef0fa77eb4926506fe5  eee6b368841eba
SHA512: 8fc1ed8c3a6ebd578594dc4d204c949ea160baf21424ea0af9  8bb8cc67d77dd5
27d631fe4283271134944104d49897edd0f895f52c32c18b94  d2013e0ff58ad5
ssdeep: 1536:5A8Zo2MM8JerRoED6AAHeq7iX+4n78EnvF/beFShXT4Hd6:5A8Zo66eNocK
eq7q+24ExBV4H0
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)

----------


## HATTIFNATTOR

Файл crypts.dll получен 2009.04.30 23:59:26 (CET)
Результат: 35/40 (87.5%)




> Антивирус 	Версия 	Обновление 	Результат
> *a-squared	4.0.0.101	2009.04.30	Trojan-Spy.Finanz.J!IK*
> *AhnLab-V3	5.0.0.2	2009.04.30	Win-Trojan/Agent.33280.MG*
> *AntiVir	7.9.0.160	2009.04.30	TR/Dldr.Agent.brlc.3*
> *Antiy-AVL	2.0.3.1	2009.04.30	Trojan/Win32.Agent*
> Authentium	5.1.2.4	2009.04.30	-
> *Avast	4.8.1335.0	2009.04.30	Win32:Trojan-gen {Other}*
> *AVG	8.5.0.327	2009.04.30	Agent_r.MV*
> *BitDefender	7.2	2009.04.30	Trojan.Downloader.Slupim.C*
> ...


Дополнительная информация
File size: 33280 bytes
MD5...: ea8c70ac2ff23713c5455141ca750f28
SHA1..: 62224a78264846ed4ea117e323ff5bb5dcf77a55
SHA256: 3eb79950586e71f6e7ac8c8c8da2a68d4ae26b82f7d6b7aad7  2c3c8d0d125616
SHA512: 827e248f9d746f128f719e933d0abdc82600bb13bab164a66a  0531259591780c
95eed32086f8a961a7832b542cd6a8a5c8d8ca4b4892e8832e  8816cecde5e756
ssdeep: 768 :borred: /SHks/SxqI62F79KLS5hacmBT/UHpAQmj :borred: k/gFX7CSXeBT/UJ
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)

*Добавлено через 3 минуты*

Файл U.exe получен 2009.05.01 00:00:03 (CET)
Результат: 26/40 (65%)




> Антивирус 	Версия 	Обновление 	Результат
> *a-squared	4.0.0.101	2009.04.30	Win32.SuspectCrc!IK*
> *AhnLab-V3	5.0.0.2	2009.04.30	Win-Trojan/Xema.variant*
> *AntiVir	7.9.0.160	2009.04.30	TR/Downloader.Gen*
> Antiy-AVL	2.0.3.1	2009.04.30	-
> Authentium	5.1.2.4	2009.04.30	-
> *Avast	4.8.1335.0	2009.04.30	Win32:Trojan-gen {Other}*
> AVG	8.5.0.327	2009.04.30	-
> *BitDefender	7.2	2009.04.30	Generic.Malware.dld!!.698C481F*
> ...


Дополнительная информация
File size: 4608 bytes
MD5...: f96af7d7090bfb45a4aba8099cfe1985
SHA1..: e5a66f39a4c7795d414e906db7929701e7ef6fe2
SHA256: 153cd0ceb92e87c05e44d02785f070c022862106c2f6fda03e  07f875f3f966e0
SHA512: 98e468256f0e815ab8529f1bfcdf49e9662081a507e45abf61  35676e996d56eb
17a295c886ae42a8cdc61c3463305a0f5ab9732af8b9f1256d  a4a546733b9700
ssdeep: 48:itRpTSBQPamMmVXgmcolPhAra4A+gQ7T9cSeJY8JTauylFo  B:eRkBkampVXvV
r4RgO8yly
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)

*Добавлено через 2 минуты*

Файл digiwet.dll получен 2009.04.30 23:59:44 (CET)
Результат: 12/40 (30%)




> Антивирус 	Версия 	Обновление 	Результат
> *a-squared	4.0.0.101	2009.04.30	Trojan-Dropper!IK*
> AhnLab-V3	5.0.0.2	2009.04.30	-
> *AntiVir	7.9.0.160	2009.04.30	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.1	2009.04.30	-
> Authentium	5.1.2.4	2009.04.30	-
> Avast	4.8.1335.0	2009.04.30	-
> AVG	8.5.0.327	2009.04.30	-
> BitDefender	7.2	2009.04.30	-
> ...


Дополнительная информация
File size: 18432 bytes
MD5...: 382108200ebd027335d4c73bba8c63f7
SHA1..: f858b0ae761c594ac7fe7a31a9cb499392a788ae
SHA256: 93a7a0613953e3dbc9f6ef4176a6483af68a5e7fbc406e112c  31967069c13615
SHA512: feb28eb121dcea4a7a812f270eceb7301670c7199d10f9ae5b  e342c41e609165
d961166e56d4a70638d4d16f29a762b3ad40175a7add43b38b  783673c1220d9f
ssdeep: 384:9hI2mlCRh59pLxwqnr5nzNL1qfD/yhcd2AOnUd:yQR9pLWqpmjI62AOUd
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

----------


## senyak

Файл SMS_Hide.jar получен 2009.05.01 12:36:35 (CET)
Текущий статус: закончено
Результат: 11/40 (27.50%)



> Антивирус 	Версия 	Обновление 	Результат
> *a-squared 	4.0.0.101 	2009.05.01 	Trojan-SMS!IK*
> AhnLab-V3 	5.0.0.2 	2009.05.01 	-
> *AntiVir 	7.9.0.160 	2009.04.30 	JAVA/SMS.Konov.e
> Antiy-AVL 	2.0.3.1 	2009.04.30 	Trojan/J2ME.Konov*
> Authentium 	5.1.2.4 	2009.04.30 	-
> *Avast 	4.8.1335.0 	2009.04.30 	Other:Malware-gen*
> AVG 	8.5.0.327 	2009.05.01 	-
> BitDefender 	7.2 	2009.05.01 	-
> ...


Дополнительная информация
File size: 122291 bytes
MD5...: 2933ade77c653c3ca7e64a675708219b
SHA1..: f4fa3646cb436a03c2073d7898679d5f9417704b
SHA256: 6d5f47f62268ec4b909d112935a626167d16cce1ad80fc5a5b  84bb74370b52a5
SHA512: 68b819441bf58ac4824f02e81c032f090d414f7272dd8d8a5e  24e1b7edfb8e05
6614f59fac8e2f5c2a595ab6396a48744b783f5758971d97d3  0ec6b5cd91fbce
ssdeep: 3072:WXb2OSN/AAdIHggYmoahfEY8EwO9CDVJeDLHSOQ4u31lifHY:Wr2NN/VIAr
xUFZcJUL3Glig
PEiD..: -
TrID..: File type identification
Java Archive (78.2%)
ZIP compressed archive (21.5%)
Sybase iAnywhere database files (0.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

*Добавлено через 10 часов 12 минут*

Файл bin.exe получен 2009.05.01 22:45:59 (CET)
Текущий статус: закончено
Результат: 27/40 (67.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.01	Trojan-Spy.Win32.Zbot!IK*
> AhnLab-V3	5.0.0.2	2009.05.01	-
> *AntiVir	7.9.0.160	2009.04.30	TR/Crypt.ZPACK.Gen
> Antiy-AVL	2.0.3.1	2009.04.30	Trojan/Win32.Zbot*
> Authentium	5.1.2.4	2009.05.01	-
> Avast	4.8.1335.0	2009.05.01	-
> *AVG	8.5.0.327	2009.05.01	Pakes.AP
> BitDefender	7.2	2009.05.01	Trojan.Spy.Zbot.SO*
> ...


Дополнительная информация
File size: 67072 bytes
MD5...: 4b19e74a48b73345abf32f17fbd12a2e
SHA1..: 7db29871775cc28a77e7951b1fcb02a24bef8d7b
SHA256: 2b95839131dcb499c467dddf25fb354cec575e9bd09300eca8  0064b1cb3f59d7
SHA512: ab774c5b4a39b0adae28184e5cfd3fabc1f263c562766a2262  4a3bede558548f
0776e6b88d75e2ee2512eb35a433003c544f0e2ae260b2c106  a2f3b0aeb0c5a0
ssdeep: 1536:M9Dq4iB7FgjCExMakuaAwWKl10UqQkbiSmm7:MDqJB7Cj  Q7uot9AiSmm
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information




Файл nfcleaner.exe получен 2009.05.01 22:46:44 (CET)
Текущий статус: закончено
Результат: 17/37 (45.95%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.01	Trojan.ATRAPS!IK*
> AhnLab-V3	5.0.0.2	2009.05.01	-
> *AntiVir	7.9.0.160	2009.04.30	TR/ATRAPS.Gen*
> Antiy-AVL	2.0.3.1	2009.04.30	-
> *Authentium	5.1.2.4	2009.05.01	W32/Threat-HLLSI-based!Maximus*
> Avast	4.8.1335.0	2009.05.01	-
> *AVG	8.5.0.327	2009.05.01	Generic13.AHEM
> BitDefender	7.2	2009.05.01	Trojan.Generic.1581605*
> ...


Дополнительная информация
File size: 2560 bytes
MD5...: 3013b4de92989282c43a59ad0e36f882
SHA1..: d1166ebe039429003bbedbb6af704a8b0f8468d6
SHA256: d5491c2e9879add6c8b403d15f31489d3680ec08cc069fea1b  b41d58a618fb0c
SHA512: e599a01503954d8f3c7e0e9024cd5666d6917c751a0e9a9319  1b48de8942833f
e89b95d048046f27800b8fe6dd480a3c3d6920363f9344e4fa  d20f86b85af0d3
ssdeep: 24:etGSlJuMY1xOdz0stvKF+CYHcm+zK5gusZbS/g2s0V9giK3iJj:6zuPstSF+7
8nmsZbaVESJ
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information




Файл bot.exe получен 2009.05.01 22:48:44 (CET)
Текущий статус: закончено
Результат: 17/40 (42.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.01	Trojan-Spy.Win32.Zbot!IK*
> AhnLab-V3	5.0.0.2	2009.05.01	-
> *AntiVir	7.9.0.160	2009.04.30	TR/Crypt.ZPACK.Gen*
> Antiy-AVL	2.0.3.1	2009.04.30	-
> Authentium	5.1.2.4	2009.05.01	-
> Avast	4.8.1335.0	2009.05.01	-
> AVG	8.5.0.327	2009.05.01	-
> *BitDefender	7.2	2009.05.01	Trojan.Spy.Zbot.SO
> ...


Дополнительная информация
File size: 62976 bytes
MD5...: a62f8ef298ff7b3e59334851d91a9920
SHA1..: bf7ece79a10a4bfc1c13d9319410ec8f6978d86b
SHA256: 2fb37c1f4b40d72477f806ecb635cfa9071180625d4e89ed39  21c4cbf14608d3
SHA512: 80263c1e72edfdddf07b44ecb825fefd58103d346ddb87d13b  4e0f1500304fe9
762319f67041ec777de53f1d04b5ba50154b9b6f6551ff79e6  8affcb69255548
ssdeep: 1536:jw/Kf+6HyEq5vhiKH7eGpbe29YmUi1AV0/uE+Zv:jwz6Sv5HqCl6Piqwy
PEiD..: -
TrID..: File type identification
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information




Файл kkk.exe получен 2009.05.01 22:55:20 (CET)
Текущий статус: закончено
Результат: 14/40 (35%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.01	Trojan-Spy.Win32.Zbot!IK*
> AhnLab-V3	5.0.0.2	2009.05.01	-
> AntiVir	7.9.0.160	2009.04.30	-
> Antiy-AVL	2.0.3.1	2009.04.30	-
> Authentium	5.1.2.4	2009.05.01	-
> Avast	4.8.1335.0	2009.05.01	-
> *AVG	8.5.0.327	2009.05.01	Win32/Sality*
> BitDefender	7.2	2009.05.01	-
> ...


Дополнительная информация
File size: 76288 bytes
MD5...: e38ad6e71e8e7ce7afe9e0e6ac8d0c14
SHA1..: 82e5aa6f675d9077f55544e511fac56601d6702f
SHA256: 99daac0e5483e59606e8f8a81c167e74db203b1e3698b24c7c  d26350ce4b6263
SHA512: 948a34dd40ffe235bd5759467bb39c66bf30f21c25ec615b0d  566e9d8f158497
0e98c8c05cf978047334784913e337ffd7cf6f759a153f113b  1ac2ff1fada0f9
ssdeep: 1536:qjy3BWXifxGe4qm5QnOkm8B6yav6mBVjzxu+fXo:qjoKJ  e4qxOoGbnjznf
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.2%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.6%)
DOS Executable Generic (13.6%)
VXD Driver (0.2%)
PEInfo: PE Structure information



Файл setup.exe получен 2009.05.01 22:56:31 (CET)
Текущий статус: закончено
Результат: 15/40 (37.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.01	Virus.Win32.Virtumonde!IK*
> AhnLab-V3	5.0.0.2	2009.05.01	-
> *AntiVir	7.9.0.160	2009.04.30	TR/Vundo.Gen*
> Antiy-AVL	2.0.3.1	2009.04.30	-
> *Authentium	5.1.2.4	2009.05.01	W32/Virtumonde.BA2.gen!Eldorado
> Avast	4.8.1335.0	2009.05.01	Win32:Vuku*
> AVG	8.5.0.327	2009.05.01	-
> *BitDefender	7.2	2009.05.01	Trojan.Vundo.GMM
> ...


Дополнительная информация
File size: 49152 bytes
MD5...: e9ae5322f4efe4d983033e781ea0f2bd
SHA1..: 4721ef5e7292c1eb1d4bf01c267a151162373d6c
SHA256: f650c8b4ed071f2cec87c54456c94f1cd010c1a7ef4bd557f0  438402a6071919
SHA512: e9a2d20ab8e3d6dc149bc6884c72c513b993ef83355d1fc9c4  ada94b6f6f9db5
b8173dac0929a9ca38e8680ddb5440adbcca326ac878350d06  318b0263914395
ssdeep: 768:h2dLc6tBh3ik9b5p6PEVZFIliYcdx7gJ+gOt8pNbWxS9nJ/5AmnDTkKj887c
:IdAG3L9b5ksZFIJcfgJ+gOtSF9nJhNn8
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.5%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information



Файл InstallerWF.exe получен 2009.05.01 23:02:25 (CET)
Текущий статус: закончено
Результат: 17/40 (42.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.01	Riskware.FraudTool.Win32.Agent!IK
> AhnLab-V3	5.0.0.2	2009.05.01	Win-Trojan/Fakeav.476672
> AntiVir	7.9.0.160	2009.04.30	HEUR/Malware*
> Antiy-AVL	2.0.3.1	2009.04.30	-
> Authentium	5.1.2.4	2009.05.01	-
> Avast	4.8.1335.0	2009.05.01	-
> *AVG	8.5.0.327	2009.05.01	Fake_AntiSpyware.CAY*
> BitDefender	7.2	2009.05.01	-
> ...


Дополнительная информация
File size: 476672 bytes
MD5...: 4d74eb4466c51e55f7b49135bc36e64d
SHA1..: 98c848067f747cae57ce3d9808a72960111149df
SHA256: 8cd24775d77640c55d4f18f39c180cede801c955195793398c  de3f05b6b9b74d
SHA512: 574e05d35512a1a6fc4756756187f5f6a7c565f1df1edd1bce  5de2d21d6ad95a
8ac695f754dd9033269441eeb5c90f1bddb94db8a4f548bdbd  f740dbfcf420d4
ssdeep: 6144 :Stick Out Tongue: xUBUx496pw/w7WhrAw260xJO9EXCMY+pI+ZCPIJ7bLHvX1Td5VfI6ANYf7
eY :Stick Out Tongue: xmZ9GwoaAwimW1kIl1dnaNE
PEiD..: Armadillo v1.71
TrID..: File type identification
DirectShow filter (66.6%)
InstallShield setup (14.2%)
Win32 Executable MS Visual C++ (generic) (12.4%)
Win32 Executable Generic (2.8%)
Win32 Dynamic Link Library (generic) (2.5%)
PEInfo: PE Structure information

----------


## Danilka

File VKPHOTO.zip received on 05.03.2009 14:44:25 (CET)
Current status: finished 

Result: 1/40 (2.50%)



> Antivirus Version Last Update Result 
> a-squared 4.0.0.101 2009.05.03 - 
> AhnLab-V3 5.0.0.2 2009.05.01 - 
> AntiVir 7.9.0.160 2009.05.02 - 
> Antiy-AVL 2.0.3.1 2009.04.30 - 
> Authentium 5.1.2.4 2009.05.02 - 
> Avast 4.8.1335.0 2009.05.02 - 
> AVG 8.5.0.327 2009.05.02 - 
> BitDefender 7.2 2009.05.03 - 
> ...


- 
Additional information 
File size: 26326 bytes 
MD5...: a4009234c0576c7f9b84478293cf7a25 
SHA1..: 1c8dadac3cde0d028248884b2ea26c91b01286d7 
SHA256: a90144a84cc07119ae75b6ab73640ecd1b8a8851bfa4d73868  2ab0d6a5693c7c 
SHA512: bc687a401f132e9998c06677b26063fed38d6699a9f723f18c  5e22f04c634183
84998afbf5707a19d3dfa667a8292358f5148049230c5cf11a  8242696719fe3f 
ssdeep: 384:a1YrcTdD91NSYHoDDPSbSj6p7LRYRnxUt8Mczv7YUsHa6d  eCbQ1xWdg6zBkE
vkZ4:f0NCiFe+83oa6RbldgShX9Ju6je37qBZ

PEiD..: - 
TrID..: File type identification
ZIP compressed archive (100.0%) 
PEInfo: - 
PDFiD.: - 
RDS...: NSRL Reference Data Set 

Самый свежий зловред. Блокирует доступ к сайту ВКонтакте- требует денег  :Smiley:

----------


## senyak

Файл install.exe получен 2009.05.03 19:26:02 (CET)
Текущий статус: закончено
Результат: 7/41 (17.08%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.05.03	-
> AhnLab-V3	5.0.0.2	2009.05.03	-
> *AntiVir	7.9.0.160	2009.05.03	TR/Crypt.ZPACK.Gen*
> Antiy-AVL	2.0.3.1	2009.04.30	-
> Authentium	5.1.2.4	2009.05.02	-
> Avast	4.8.1335.0	2009.05.02	-
> AVG	8.5.0.327	2009.05.02	-
> BitDefender	7.2	2009.05.03	-
> ...


Дополнительная информация
File size: 40448 bytes
MD5...: 4c1b4ebdc4656f10b0e56292b80282ef
SHA1..: 3922912862ddc19926d94207ac23c79bad392663
SHA256: 53cd33f23068a33f52a67d157c1399fa401d93cb0dc945805a  93f9c8c75a222c
SHA512: e6a5fe9e83fdc69ff3054e69d60822392f79c2b37b5612cc80  cb56c1d9be9778
eef34aafd561a6cf600af1e94657355a38e8bc00143b663173  34d95a84241ef5
ssdeep: 768:KyO6VkQxbvjahvSMtoBO/iUGdgycbZ5JplPLMq2zQ+Ec+o+tG84YuH:KXAv2
VSMWkpGdabZ5ZLMhOfG8DuH
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information




Файл Setup.exe получен 2009.05.03 19:25:58 (CET)
Текущий статус: закончено
Результат: 20/41 (48.79%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.03	Trojan-Downloader!IK*
> AhnLab-V3	5.0.0.2	2009.05.03	-
> *AntiVir	7.9.0.160	2009.05.03	TR/Downloader.Gen*
> Antiy-AVL	2.0.3.1	2009.04.30	-
> Authentium	5.1.2.4	2009.05.02	-
> Avast	4.8.1335.0	2009.05.02	-
> *AVG	8.5.0.327	2009.05.02	Generic13.AHLG*
> BitDefender	7.2	2009.05.03	-
> ...


Дополнительная информация
File size: 14336 bytes
MD5...: a2198612e7ab988105c71b02d547b1a7
SHA1..: aad1754e1d4aca982bffeeb104e64e83231d525b
SHA256: 1f6cfea38649d7abb8328851051be6240bc182b9c6d697c4e8  21a90daaab4ddf
SHA512: 9b17d355c4196e89992de7c3755a0f4af42b6648912778f1ff  38ac9691b32612
539bd311d80b6991a919078b01e0159e8248aa50872e7b6f52  9c9b0cc0d619f0
ssdeep: 192:VkVjNJpbjilCYCEG+FnBzq5u6jyVyrgityJ2Tjo+a/Z9oC/wl/T70najEwmP
khYh:VgJpalCJ+F9oGs6UvaR9oCopTgarZ
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information




Файл system.exe получен 2009.05.03 19:26:59 (CET)
Текущий статус: закончено
Результат: 7/41 (17.08%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.05.03	-
> AhnLab-V3	5.0.0.2	2009.05.03	-
> AntiVir	7.9.0.160	2009.05.03	-
> Antiy-AVL	2.0.3.1	2009.04.30	-
> *Authentium	5.1.2.4	2009.05.02	W32/Damaged_File.gen!Eldorado*
> Avast	4.8.1335.0	2009.05.02	-
> *AVG	8.5.0.327	2009.05.02	Pakes.AP*
> BitDefender	7.2	2009.05.03	-
> ...


Дополнительная информация
File size: 49848 bytes
MD5...: 16d59f2a78e738034ff9a7bf296359ea
SHA1..: 8b74d1d1b7466b8d536e6d9db1ba2b941b977319
SHA256: 0383bf4983a094c1ac10dc86e24cf6dcbd35191832bd074137  574ddea6ec8d07
SHA512: 021b8c992d345b2c38612945299078f8d17f472b3ddf2c9917  597920ccbc90c0
4f135193a499d20b5a7a7786cdc99304065332d2ca1e0acf13  a4618d3f0d88e7
ssdeep: 1536:zl/5eY1Yl/Zgm81O+O06rf/gkSVWQoQeQ:zl/UsVwU6rnhqTYQ
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information




Файл ldr.exe получен 2009.05.03 19:28:37 (CET)
Текущий статус: закончено
Результат: 15/40 (37.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.03	Virus.Win32.CeeInject!IK*
> AhnLab-V3	5.0.0.2	2009.05.03	-
> *AntiVir	7.9.0.160	2009.05.03	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.1	2009.04.30	-
> Authentium	5.1.2.4	2009.05.02	-
> *Avast	4.8.1335.0	2009.05.02	Win32:Trojan-gen {Other}*
> AVG	8.5.0.327	2009.05.02	-
> BitDefender	7.2	2009.05.03	-
> ...


Дополнительная информация
File size: 86918 bytes
MD5...: 457e8131c1477aa8924370f538613750
SHA1..: b5b23b6001d1a9b26fca7f410647b785cadeb455
SHA256: 4d45e62dd6a5d3ddbe8c7530f4763fa0c7c6709f1616562a9f  cd19e1d7e6b67a
SHA512: ecdcdbb61fa6f328098078ec92aee57cabc301f9fd44cf0ccb  18edda7f568373
77068c5300caa89e514665932d79be7af3a7974534819cb2e6  f677e214c2fb60
ssdeep: 1536:kTMd1RxoXIy7GArumt2XNndrC+c+XvITrcbT77GLwAt+T  EMirsaSiw:kgbx
Cv7Zt29ndmxavI/So+TEMiAmw
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information




Файл codec2.exe получен 2009.05.03 19:37:05 (CET)
Текущий статус: закончено
Результат: 6/40 (15%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.05.03	-
> AhnLab-V3	5.0.0.2	2009.05.03	-
> *AntiVir	7.9.0.160	2009.05.03	TR/Crypt.XPACK.Gen*
> Antiy-AVL	2.0.3.1	2009.04.30	-
> Authentium	5.1.2.4	2009.05.02	-
> Avast	4.8.1335.0	2009.05.02	-
> *AVG	8.5.0.327	2009.05.02	FakeAlert.KH*
> BitDefender	7.2	2009.05.03	-
> ...


Дополнительная информация
File size: 104963 bytes
MD5...: a1fcc7c54c16f6297eb02c45ae8086ce
SHA1..: 690759435a0b5c29051b09a677b529c1dd83c19f
SHA256: 4a5b293336c250c956866fffe4106d88a3a36e739e0fe53832  d92b68f3ad1ff7
SHA512: 1c3b87e1a71517b68ed68659a359efe2f4971a160b1ef357b9  429724cfc4e5fd
83531c9569600459155b42654fb7a4fc2c8769312b14a8cf8b  5be43ea824e2e0
ssdeep: 3072:830EyeLSq9888OP487vRZ3Wwrl6qXxVFi9X3kux:8EEye  LSq9kYhvhrcqhg
P
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information




Файл flash_player_plugin.exe получен 2009.05.03 19:45:53 (CET)
Текущий статус: закончено
Результат: 8/41 (19.52%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.05.03	-
> AhnLab-V3	5.0.0.2	2009.05.03	-
> AntiVir	7.9.0.160	2009.05.03	-
> Antiy-AVL	2.0.3.1	2009.04.30	-
> Authentium	5.1.2.4	2009.05.02	-
> Avast	4.8.1335.0	2009.05.02	-
> AVG	8.5.0.327	2009.05.02	-
> BitDefender	7.2	2009.05.03	-
> ...


Дополнительная информация
File size: 2611530 bytes
MD5...: b46836e16eea554751749d72353874f2
SHA1..: 282d2c1814716094908693e9386755ecd563ba7d
SHA256: 4bbe425b8cbe522fa51938e3fb99cd1677b8c26840aa5eb215  b4c62779ac182e
SHA512: fce49971ca3063d762572e05cd64de21c879cfaf49c46aa44d  a36075c9a1c13b
01b8b50b11519f8922d94dc3733cf24dfe9fbf2bb60da61544  cdd1cb880ce964
ssdeep: 49152:rg9nlxbXw9yv2jLPzBP8gsLZSDDYRIEHy97+1JFCGLvE  cTIMMdY17L:0nl
acqLZlslSfYRriCUQvx/yY1X
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

----------


## senyak

Файл pin.exe получен 2009.05.04 22:43:33 (CET)
Текущий статус: закончено
Результат: 11/40 (27.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.04	Riskware.Win32.Injector!IK*
> AhnLab-V3	5.0.0.2	2009.05.04	-
> *AntiVir	7.9.0.160	2009.05.04	TR/Crypt.ZPACK.Gen*
> Antiy-AVL	2.0.3.1	2009.04.30	-
> Authentium	5.1.2.4	2009.05.04	-
> Avast	4.8.1335.0	2009.05.04	-
> AVG	8.5.0.327	2009.05.04	-
> BitDefender	7.2	2009.05.04	-
> ...


Дополнительная информация
File size: 23040 bytes
MD5...: 10c4520d4709ce361e1588af4f84b34e
SHA1..: 96f35bb961472f8339b1d7284c6b50d08c93d2a5
SHA256: 2dc356bec30f721e95884a729ccdc05be0eacdef3f02f7ffee  81f9913fcf76e7
SHA512: f04bd7ff25789af76ac95c9425c80df104039e48477b5e5383  14983eef82a16d
55e9565ca34516fe93d96f2fc61dbe4cc22e270bc5ada7c6f6  8aeb9dd228d74c
ssdeep: 384:kGFMiucajR9d6ksK6i6FhRr1G0XvWELkGL+bK3WbnjHihz  xzrtF:n/ajXd6p
i6Fh91GemhuYibzr
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information




Файл ftp1.exe получен 2009.05.04 18:24:37 (CET)
Текущий статус: закончено
Результат: 14/40 (35.00%)



> Антивирус 	Версия 	Обновление 	Результат
> a-squared 	- 	- 	-
> AhnLab-V3 	- 	- 	-
> *AntiVir 	- 	- 	TR/Crypt.XPACK.Gen*
> Antiy-AVL 	- 	- 	-
> Authentium 	- 	- 	-
> Avast 	- 	- 	-
> *AVG 	- 	- 	PSW.OnlineGames.2.AE*
> BitDefender 	- 	- 	-
> ...


Дополнительная информация
MD5: e8eb17836fc7fc0493089b0d7ad0f193
SHA1: 6d21999322c81432b2f6cc977773cb440f5177fc
SHA256: 7bf00804acd6ef97914c92d1571e9b5f4139b950f106e97f54  ee5c3d1906c7b3
SHA512: 734ae937e1b1599b88e38061cc1b0dc7f211848f6278895355  ddc6bee5777535c2ade6dfc86c64297fe47413cf6bc9d11af2  403bdc12ffca8e8df9090482ee48




Файл softwarefortubeview.40009.exe получен 2009.05.04 22:45:46 (CET)
Текущий статус: закончено
Результат: 11/40 (27.5%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.05.04	-
> AhnLab-V3	5.0.0.2	2009.05.04	-
> *AntiVir	7.9.0.160	2009.05.04	TR/Dldr.Small.jqz*
> Antiy-AVL	2.0.3.1	2009.04.30	-
> Authentium	5.1.2.4	2009.05.04	-
> Avast	4.8.1335.0	2009.05.04	-
> AVG	8.5.0.327	2009.05.04	-
> BitDefender	7.2	2009.05.04	-
> ...


Дополнительная информация
File size: 65536 bytes
MD5...: b179b7959a87bd316d7f7f11a993e037
SHA1..: 3a7b15756dcf89d01cb4d820fce737f227cbd96e
SHA256: 47440e21022224e0f69c552ece431be950dfd18b025a89cccf  c96716f947a426
SHA512: dcd6241ccd34f24cf7e857bc85992ad8d5266b2ffa298303b2  bf9b88589de048
0ae3dcca40841585f7d1e28c7a144da4fc7f800762dd560658  a852ef15fd4d43
ssdeep: 1536:1yv7lgZtUNgVEfNc38+TqdcfNYJSRX1l:YWtHTqdcfawX  P
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ 5.0 (81.5%)
Win32 Dynamic Link Library (generic) (10.1%)
Win16/32 Executable Delphi generic (2.7%)
Generic Win/DOS Executable (2.6%)
DOS Executable Generic (2.6%)
PEInfo: PE Structure information

----------


## HATTIFNATTOR

Файл wpv571240197317.exe получен 2009.05.05 11:00:41 (CET)



Результат: 20/40 (50%)



```
  
a-squared 4.0.0.101 2009.05.05 Trojan.Crypt!IK 
AhnLab-V3 5.0.0.2 2009.05.05 - 
AntiVir 7.9.0.160 2009.05.05 TR/Crypt.XPACK.Gen 
Antiy-AVL 2.0.3.1 2009.05.05 Backdoor/Win32.Agent 
Authentium 5.1.2.4 2009.05.04 - 
Avast 4.8.1335.0 2009.05.04 Win32:Trojan-gen {Other} 
AVG 8.5.0.327 2009.05.04 Downloader.Zlob_r.FF 
BitDefender 7.2 2009.05.05 - 
CAT-QuickHeal 10.00 2009.05.05 - 
ClamAV 0.94.1 2009.05.05 - 
Comodo 1149 2009.05.03 - 
DrWeb 4.44.0.09170 2009.05.05 Trojan.MulDrop.31446 
eSafe 7.0.17.0 2009.05.03 Win32.TRCrypt.XPACK 
eTrust-Vet 31.6.6489 2009.05.05 - 
F-Prot 4.4.4.56 2009.05.04 - 
F-Secure 8.0.14470.0 2009.05.05 Backdoor.Win32.Agent.agaf 
Fortinet 3.117.0.0 2009.05.05 W32/Agent.AGAF!tr.bdr 
GData 19 2009.05.05 Win32:Trojan-gen {Other} 
Ikarus T3.1.1.49.0 2009.05.05 Trojan.Crypt 
K7AntiVirus 7.10.723 2009.05.04 Trojan.Win32.Malware.1 
Kaspersky 7.0.0.125 2009.05.05 Backdoor.Win32.Agent.agaf 
McAfee 5605 2009.05.04 - 
McAfee+Artemis 5605 2009.05.04 Artemis!F453AB4773F3 
McAfee-GW-Edition 6.7.6 2009.05.05 Trojan.Crypt.XPACK.Gen 
Microsoft 1.4602 2009.05.05 - 
NOD32 4052 2009.05.04 Win32/Rootkit.Agent.NIA 
Norman 6.01.05 2009.05.04 - 
nProtect 2009.1.8.0 2009.05.04 Trojan/W32.Agent.105984.X 
Panda 10.0.0.14 2009.05.04 - 
PCTools 4.4.2.0 2009.05.03 - 
Prevx1 3.0 2009.05.05 - 
Rising 21.28.11.00 2009.05.05 - 
Sophos 4.41.0 2009.05.05 - 
Sunbelt 3.2.1858.2 2009.05.05 - 
Symantec 1.4.4.12 2009.05.05 Downloader 
TheHacker 6.3.4.1.318 2009.05.04 Backdoor/Agent.agaf 
TrendMicro 8.950.0.1092 2009.05.05 - 
VBA32 3.12.10.4 2009.05.04 Win32.Rootkit.Agent.NIA 
ViRobot 2009.5.4.1719 2009.05.04 - 
VirusBuster 4.6.5.0 2009.05.04 -
```

Дополнительная информация 
File size: 105984 bytes 
MD5...: f453ab4773f3b7aac719318f2e05c38c 
SHA1..: f538b7db9d0b13ea4574c7ee70c34ff5b7e23dbc 
SHA256: 423c5974da2efa4f90a9349a2c0f0d7da1726597f03997da37  ab96591ab3dbf2 
SHA512: d2e6a89ec85613d958d56ff8c60ff78f6d5b0992bc0a710185  19d60e191e2a9a
1307b28d9435688e48f9de5a8e38f6f6e6e7194861a1ff9ad4  2e0f66f83df907 
ssdeep: 3072:ow4IlAxR+t9id/snk6UpsBNM59S/1YHYlemgcTf:l4FcKd/sk6UpsBNM9SK
HYleGb

PEiD..: - 
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

*Добавлено через 47 минут*

Файл IEHistory.exe получен 2009.05.05 11:41:19 (CET)


```
 

Антивирус Версия Обновление Результат 
a-squared 4.0.0.101 2009.05.05 Riskware.AdWare.Win32.AdBar!IK 
AhnLab-V3 5.0.0.2 2009.05.05 - 
AntiVir 7.9.0.160 2009.05.05 ADSPY/AdBar.V 
Antiy-AVL 2.0.3.1 2009.05.05 AdWare/Win32.AdBar 
Authentium 5.1.2.4 2009.05.04 - 
Avast 4.8.1335.0 2009.05.04 - 
AVG 8.5.0.327 2009.05.04 - 
BitDefender 7.2 2009.05.05 - 
CAT-QuickHeal 10.00 2009.05.05 Backdoor.Hupigon.gavq 
ClamAV 0.94.1 2009.05.05 - 
Comodo 1149 2009.05.03 ApplicUnwnt.Win32.Adware.AdBar.v 
DrWeb 5.0.0.12182 2009.05.05 - 
eSafe 7.0.17.0 2009.05.03 - 
eTrust-Vet 31.6.6489 2009.05.05 - 
F-Prot 4.4.4.56 2009.05.04 - 
F-Secure 8.0.14470.0 2009.05.05 AdWare.Win32.AdBar.v 
Fortinet 3.117.0.0 2009.05.05 - 
GData 19 2009.05.05 - 
Ikarus T3.1.1.49.0 2009.05.05 not-a-virus:AdWare.Win32.AdBar 
K7AntiVirus 7.10.723 2009.05.04 Non-Virus: 
Kaspersky 7.0.0.125 2009.05.05 not-a-virus:AdWare.Win32.AdBar.v 
McAfee 5605 2009.05.04 - 
McAfee+Artemis 5605 2009.05.04 - 
McAfee-GW-Edition 6.7.6 2009.05.05 Ad-Spyware.AdBar.V 
Microsoft 1.4602 2009.05.05 - 
NOD32 4053 2009.05.05 - 
Norman 6.01.05 2009.05.04 - 
nProtect 2009.1.8.0 2009.05.04 - 
Panda 10.0.0.14 2009.05.04 Suspicious file 
PCTools 4.4.2.0 2009.05.03 Adware.Adbar!ct 
Prevx1 3.0 2009.05.05 Medium Risk Malware 
Rising 21.28.11.00 2009.05.05 - 
Sophos 4.41.0 2009.05.05 - 
Sunbelt 3.2.1858.2 2009.05.05 AdWare.Win32.AdBar.v 
Symantec 1.4.4.12 2009.05.05 - 
TheHacker 6.3.4.1.318 2009.05.04 Adware/AdBar.v 
TrendMicro 8.950.0.1092 2009.05.05 - 
VBA32 3.12.10.4 2009.05.05 AdWare.Win32.AdBar.v 
ViRobot 2009.5.4.1719 2009.05.04 - 
VirusBuster 4.6.5.0 2009.05.04 -
```

Дополнительная информация 
File size: 402944 bytes 
MD5...: a23cf014b14407addcbd9ca3dde44dc2 
SHA1..: ae924f52da1fcec8f37acda14f4c2d3756c2e70f 
SHA256: 6954c89828f6a0e7d4718776fe2eeaea105fb24064c21bb401  c08b1b8b618d3e 
SHA512: 3891e2dbde73929ac85026fd505aa842218cbd77c956fbfc1a  6e161d87bfe2c8
cac8e6a82afb76d66ebbe31e4257682bb659987e8864fe3953  b5e5fab2ccef5a 
ssdeep: 6144:a5phFy2Re/UNfbRuUOcO67ZX7VAnE5e6UJ44FQM6W2dkbcK17Qk+RjR:gyP
0tuU7/N7VAnb6q4CQMO2bcuc

PEiD..: ASPack v2.12 
TrID..: File type identification
ASPack compressed Win32 Executable (generic) (90.1%)
Win32 Executable Generic (5.7%)
Win16/32 Executable Delphi generic (1.3%)
Generic Win/DOS Executable (1.3%)
DOS Executable Generic (1.3%)

*Добавлено через 7 минут*

Файл index_2_.htm получен 2009.05.05 12:03:20 (CET)


```
a-squared 4.0.0.101 2009.05.05 Exploit.JS.Agent!IK 
AhnLab-V3 5.0.0.2 2009.05.05 - 
AntiVir 7.9.0.160 2009.05.05 - 
Antiy-AVL 2.0.3.1 2009.05.05 - 
Authentium 5.1.2.4 2009.05.04 - 
Avast 4.8.1335.0 2009.05.04 - 
AVG 8.5.0.327 2009.05.04 JS/Obfuscated 
BitDefender 7.2 2009.05.05 Trojan.JS.PYZ 
CAT-QuickHeal 10.00 2009.05.05 - 
ClamAV 0.94.1 2009.05.05 - 
Comodo 1149 2009.05.03 - 
DrWeb 5.0.0.12182 2009.05.05 Trojan.DownLoad.35036 
eSafe 7.0.17.0 2009.05.03 - 
eTrust-Vet 31.6.6489 2009.05.05 - 
F-Prot 4.4.4.56 2009.05.04 - 
F-Secure 8.0.14470.0 2009.05.05 Exploit.JS.Agent.agc 
Fortinet 3.117.0.0 2009.05.05 - 
GData 19 2009.05.05 Trojan.JS.PYZ 
Ikarus T3.1.1.49.0 2009.05.05 Exploit.JS.Agent 
K7AntiVirus 7.10.723 2009.05.04 - 
Kaspersky 7.0.0.125 2009.05.05 Exploit.JS.Agent.agc 
McAfee 5605 2009.05.04 JS/Exploit-Iframe 
McAfee+Artemis 5605 2009.05.04 JS/Exploit-Iframe 
McAfee-GW-Edition 6.7.6 2009.05.05 - 
Microsoft 1.4602 2009.05.05 - 
NOD32 4053 2009.05.05 JS/Exploit.Agent.AGC 
Norman 6.01.05 2009.05.04 - 
nProtect 2009.1.8.0 2009.05.04 - 
Panda 10.0.0.14 2009.05.04 - 
PCTools 4.4.2.0 2009.05.03 - 
Prevx1 3.0 2009.05.05 - 
Rising 21.28.12.00 2009.05.05 - 
Sophos 4.41.0 2009.05.05 Troj/JSRedir-P 
Sunbelt 3.2.1858.2 2009.05.05 - 
Symantec 1.4.4.12 2009.05.05 - 
TheHacker 6.3.4.1.318 2009.05.04 - 
TrendMicro 8.950.0.1092 2009.05.05 - 
VBA32 3.12.10.4 2009.05.05 - 
ViRobot 2009.5.4.1719 2009.05.04 - 
VirusBuster 4.6.5.0 2009.05.04 JS.Shellcode.AD 
```

Дополнительная информация 
File size: 5004 bytes 
MD5...: 913adb46aefc5d2c5d66819a1ae9bbae 
SHA1..: 59ad636b3c6042194f72f5c7699711b58e7df13b 
SHA256: 15b61a4a5dda5186f3de7fd25ce22a3ad89d8b84f421e7e7e0  954d36af9b9a49 
SHA512: dc00f1d7a41440e3b047acb3df59e68805856520702eed5256  a90bdfc889a5b6
fe192b2e606409e2a77d39a0beab49138171776ff8d1044204  31927d06429b3e 
ssdeep: 96:9Wxz1ClDlJDk9zRxAQdxKDHdDzd+a77EFnDoSA01IQEjcDz  i1jDzmr+A01i9z
9dx :Stick Out Tongue: PYrxHqZsa/+z1+c2K+IWNhqdMoX8aLx

PEiD..: - 
TrID..: File type identification
HyperText Markup Language (100.0%)

----------


## Vagon

```
File avz00009.dta received on 05.05.2009 19:41:24 (CET)
Результат: 2/39 (5.13%)
Antivirus    Version    Last Update    Result
a-squared    4.0.0.101    2009.05.05    -
AhnLab-V3    5.0.0.2    2009.05.05    -
AntiVir    7.9.0.160    2009.05.05    SPR/HookDLL.208896
Antiy-AVL    2.0.3.1    2009.05.05    -
Authentium    5.1.2.4    2009.05.04    -
Avast    4.8.1335.0    2009.05.05    -
AVG    8.5.0.327    2009.05.05    -
BitDefender    7.2    2009.05.05    -
CAT-QuickHeal    10.00    2009.05.05    -
ClamAV    0.94.1    2009.05.05    -
Comodo    1151    2009.05.05    -
DrWeb    5.0.0.12182    2009.05.05    -
eSafe    7.0.17.0    2009.05.05    -
eTrust-Vet    31.6.6490    2009.05.05    -
F-Prot    4.4.4.56    2009.05.04    -
F-Secure    8.0.14470.0    2009.05.05    -
Fortinet    3.117.0.0    2009.05.05    -
GData    19    2009.05.05    -
Ikarus    T3.1.1.49.0    2009.05.05    -
K7AntiVirus    7.10.723    2009.05.05    -
Kaspersky    7.0.0.125    2009.05.05    -
McAfee    5606    2009.05.05    -
McAfee-GW-Edition    6.7.6    2009.05.05    Riskware.HookDLL.208896
Microsoft    1.4602    2009.05.05    -
NOD32    4054    2009.05.05    -
Norman    6.01.05    2009.05.05    -
nProtect    2009.1.8.0    2009.05.04    -
Panda    10.0.0.14    2009.05.05    -
PCTools    4.4.2.0    2009.05.05    -
Prevx1    3.0    2009.05.05    -
Rising    21.28.12.00    2009.05.05    -
Sophos    4.41.0    2009.05.05    -
Sunbelt    3.2.1858.2    2009.05.05    -
Symantec    1.4.4.12    2009.05.05    -
TheHacker    6.3.4.1.319    2009.05.05    -
TrendMicro    8.950.0.1092    2009.05.05    -
VBA32    3.12.10.4    2009.05.05    -
ViRobot    2009.5.4.1719    2009.05.04    -
VirusBuster    4.6.5.0    2009.05.05    -
```

*Additional information*
*File size:* 208896 bytes
*MD5...: f3b78092035bcdce3c921a7f23b448a0*


```
File avz00010.dta received on 05.05.2009 19:57:20 (CET)
Результат: 2/41 (4.88%)
Antivirus    Version    Last Update    Result
a-squared    4.0.0.101    2009.05.05    -
AhnLab-V3    5.0.0.2    2009.05.05    -
AntiVir    7.9.0.160    2009.05.05    SPR/HookDLL.126976
Antiy-AVL    2.0.3.1    2009.05.05    -
Authentium    5.1.2.4    2009.05.04    -
Avast    4.8.1335.0    2009.05.05    -
AVG    8.5.0.327    2009.05.05    -
BitDefender    7.2    2009.05.05    -
CAT-QuickHeal    10.00    2009.05.05    -
ClamAV    0.94.1    2009.05.05    -
Comodo    1151    2009.05.05    -
DrWeb    5.0.0.12182    2009.05.05    -
eSafe    7.0.17.0    2009.05.05    -
eTrust-Vet    31.6.6490    2009.05.05    -
F-Prot    4.4.4.56    2009.05.04    -
F-Secure    8.0.14470.0    2009.05.05    -
Fortinet    3.117.0.0    2009.05.05    -
GData    19    2009.05.05    -
Ikarus    T3.1.1.49.0    2009.05.05    -
K7AntiVirus    7.10.723    2009.05.05    -
Kaspersky    7.0.0.125    2009.05.05    -
McAfee    5606    2009.05.05    -
McAfee+Artemis    5606    2009.05.05    -
McAfee-GW-Edition    6.7.6    2009.05.05    Riskware.HookDLL.126976
Microsoft    1.4602    2009.05.05    -
NOD32    4054    2009.05.05    -
Norman    6.01.05    2009.05.05    -
nProtect    2009.1.8.0    2009.05.04    -
Panda    10.0.0.14    2009.05.05    -
PCTools    4.4.2.0    2009.05.05    -
Prevx1    3.0    2009.05.05    -
Prevx1    V2    2009.05.05    -
Rising    21.28.12.00    2009.05.05    -
Sophos    4.41.0    2009.05.05    -
Sunbelt    3.2.1858.2    2009.05.05    -
Symantec    1.4.4.12    2009.05.05    -
TheHacker    6.3.4.1.319    2009.05.05    -
TrendMicro    8.950.0.1092    2009.05.05    -
VBA32    3.12.10.4    2009.05.05    -
ViRobot    2009.5.4.1719    2009.05.04    -
VirusBuster    4.6.5.0    2009.05.05    -
```

*Additional information*
*File size:* 126976 bytes
*MD5...: 70d70dd835987e81608c5c00fd2bde0e*

----------


## senyak

Файл pdf.pdf получен 2009.05.06 14:12:05 (CET)
Текущий статус: закончено
Результат: 13/40 (32.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.06	Exploit.Pidief!IK
> AhnLab-V3	5.0.0.2	2009.05.06	Win-Trojan/Exploit-PDF
> AntiVir	7.9.0.160	2009.05.06	EXP/Pidief.JQ.1*
> Antiy-AVL	2.0.3.1	2009.05.06	-
> Authentium	5.1.2.4	2009.05.06	-
> *Avast	4.8.1335.0	2009.05.05	JSdfka-EO*
> AVG	8.5.0.327	2009.05.06	-
> *BitDefender	7.2	2009.05.06	Exploit.PDF-JS.Gen*
> ...


Дополнительная информация
File size: 3545 bytes
MD5...: 97ee138c7dfcef3ded79cad5d8ab7a19
SHA1..: 53cd4251f4f2eb40fe64bae2d5dc5dd465b97c1a
SHA256: 8c793875755a5f1049f4ed771665904942af93edd5e539746d  98601d90ac3685
SHA512: 41bca5ebd70199ed725d0609b68bf38b481615266e16a046b6  ebed0df38680f2
b05b71b4104f2b93cef812b90c040e0e2a6a628f901bdd1db4  5fe81d2effae6a
ssdeep: 48:C1CfEwyx0UJlNm5FZpbJ35AZ6tHqDPsmXmzfXYukplRBVXQ  IrrpyLSB0xjhnC
las:C1C8wbH9eZ6o2zTkLVXQIHo2BAhyoI
PEiD..: -
TrID..: File type identification
Adobe Portable Document Format (100.0%)
PEInfo: -




Файл load.exe получен 2009.05.06 14:12:13 (CET)
Текущий статус: закончено
Результат: 5/40 (12.5%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.05.06	-
> AhnLab-V3	5.0.0.2	2009.05.06	-
> AntiVir	7.9.0.160	2009.05.06	-
> Antiy-AVL	2.0.3.1	2009.05.06	-
> Authentium	5.1.2.4	2009.05.06	-
> Avast	4.8.1335.0	2009.05.05	-
> AVG	8.5.0.327	2009.05.06	-
> BitDefender	7.2	2009.05.06	-
> ...


Дополнительная информация
File size: 26772 bytes
MD5...: 31574861d817c70bf5ceb69b200767d0
SHA1..: 694cf7ad38ed5100a9b14b502053a9874597ff67
SHA256: f7c5d0e3f4b08b011baa8490292784f265ea8efe1fface4b4c  515a6be28e9243
SHA512: 755b4ee59838ca271194ed45626284f54bb140e43ce218e542  cd19c4398586c7
f97411672920b88c745b2e46fb9b60254628070f3c98fec4c2  e99e68dd72a753
ssdeep: 768:nHGgh1uLmWN60X/fySKQE4VfAME0bYISI:H51QXEQvftAI
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information




Файл file.exe получен 2009.05.06 14:12:17 (CET)
Текущий статус: закончено
Результат: 19/40 (47.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.06	Trojan.Win32.Sudiet!IK
> AhnLab-V3	5.0.0.2	2009.05.06	Win-Trojan/Xema.variant
> AntiVir	7.9.0.160	2009.05.06	TR/Crypt.ZPACK.Gen*
> Antiy-AVL	2.0.3.1	2009.05.06	-
> Authentium	5.1.2.4	2009.05.06	-
> Avast	4.8.1335.0	2009.05.05	-
> *AVG	8.5.0.327	2009.05.06	Win32/Cryptor*
> BitDefender	7.2	2009.05.06	-
> ...


Дополнительная информация
File size: 28672 bytes
MD5...: c58a98b33e9f37b34b3ef470d66f0a24
SHA1..: 455e1da8a1ec060cb4a08ef1e06c11f2befbea95
SHA256: 20854ee0394727dddae0ba602e093b265ca606db9ddba3afd1  49cb703241e2e9
SHA512: 223358026762e5adada5592cd1349f036fddb7c5d858c490bc  bcb2521d1465d4
913d91c94fc8863c35cf2b8d64314dc1701bd49e6748b2f36a  6a206a9a5fb662
ssdeep: 384:I4/yyuK3wbd+azS95IaHKdep2Gw6IRQaZqxAIERGjACU8aRNHXRgT  w67fPei
GhnS:I4/3IaHKdep2GnaQjROGjA28GPPeiGh
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information




Файл index1.gif получен 2009.05.06 14:13:13 (CET)
Текущий статус: закончено
Результат: 8/40 (20%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.06	Downloader.Agent!IK*
> AhnLab-V3	5.0.0.2	2009.05.06	-
> AntiVir	7.9.0.160	2009.05.06	-
> Antiy-AVL	2.0.3.1	2009.05.06	-
> Authentium	5.1.2.4	2009.05.06	-
> Avast	4.8.1335.0	2009.05.05	-
> AVG	8.5.0.327	2009.05.06	-
> BitDefender	7.2	2009.05.06	-
> ...


Дополнительная информация
File size: 49152 bytes
MD5...: 4b3b344b8a793e2eb6420ae4b68a0c54
SHA1..: b0e7005adfd8d2892d833e5b971e8dd49700040f
SHA256: c28485f328e04d89e066c667c28eb907e7412f19f8af304d99  3bfff3d10d9c12
SHA512: 7638fcc47bcabb67a76ae487dd9303d873ca366a7a1add61e4  2fee58466af510
76d05f76f6355caf0c39f8d8457b01ce880da1b718d5458cca  3c91da83698d82
ssdeep: 768:AEwLyHho9S6r+YJhEkqB7ajoCuzdXO+HLeyvg0DT8yYh1c  M:AFLyBUUpam4+
rN4IbM
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information




 Файл install_flash_player.exe получен 2009.05.06 14:21:46 (CET)
Текущий статус: закончено
Результат: 12/41 (29.27%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.06	Trojan.Crypt!IK*
> AhnLab-V3	5.0.0.2	2009.05.06	-
> *AntiVir	7.9.0.160	2009.05.06	TR/Crypt.CFI.Gen*
> Antiy-AVL	2.0.3.1	2009.05.06	-
> Authentium	5.1.2.4	2009.05.06	-
> Avast	4.8.1335.0	2009.05.05	-
> *AVG	8.5.0.327	2009.05.06	Dropper.Generic.AMVV*
> BitDefender	7.2	2009.05.06	-
> ...


Дополнительная информация
File size: 57344 bytes
MD5...: 0d90722c01cbc3429cf1db5cd58763de
SHA1..: 80acadce4fd15dd8d5ce3119d8891b4a2a655382
SHA256: 972354c6262b20a566358c2dda9d41df2654c7cc371a1ae166  e17c73f24e6950
SHA512: 110c0e8a9138a9aa15d63270a6e9fe4097b23d33621e748e3f  9b334c99ae1336
68771383b088e042dd1c525b93b2877b7439b68d6655f246ce  2c82fcfd0ffe84
ssdeep: 768:lpHJOMpTNpsPAjhIw7LCSUA/Wx5GjEOOOOOO4JNby:lpHJOMpTncq+9Shen7
eDy
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information




Файл InternetAntivirusPro.exe получен 2009.05.06 14:23:23 (CET)
Текущий статус: закончено
Результат: 17/40 (42.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.06	Riskware.FraudTool.Win32.InternetAntivirusPro!IK*
> AhnLab-V3	5.0.0.2	2009.05.06	-
> *AntiVir	7.9.0.160	2009.05.06	TR/InternetAntivirus.A.40
> Antiy-AVL	2.0.3.1	2009.05.06	FraudTool/Win32.InternetAntivirusPro*
> Authentium	5.1.2.4	2009.05.06	-
> Avast	4.8.1335.0	2009.05.05	-
> AVG	8.5.0.327	2009.05.06	-
> BitDefender	7.2	2009.05.06	-
> ...


Дополнительная информация
File size: 2214033 bytes
MD5...: d0529fc533ba22a63f97a14d28de5bb5
SHA1..: 2e376a5225d309804420dedecbc86c72dc2a2f10
SHA256: c2d430a4158f6949c5a6238a31921252c32817699e119d3353  1cdbe2b028a218
SHA512: d3636f10207eb788dc8f38098d6ae6b7443f64b3b089df5f90  ed32f28bf45d9e
d854d4d91d9fa76821c00e831b5ebefa0d448da4de5bb36312  26bc16c9e3f34b
ssdeep: 49152:v2Bin+Y/UmIXLEfhGboZPk/5xq8BgFu25eYMuLB6kL0tE9:uBIJUgfoo12
0TFu2eYMuL30G9
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

----------


## senyak

Файл zastavka.jar получен 2009.05.07 21:03:37 (CET)
Текущий статус: закончено
Результат: 7/39 (17.95%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.07	Trojan-SMS!IK*
> AhnLab-V3	5.0.0.2	2009.05.07	-
> *AntiVir	7.9.0.160	2009.05.07	JAVA/Boxer.1
> Antiy-AVL	2.0.3.1	2009.05.07	Trojan/J2ME.Boxer*
> Authentium	5.1.2.4	2009.05.07	-
> Avast	4.8.1335.0	2009.05.06	-
> AVG	8.5.0.327	2009.05.07	-
> BitDefender	7.2	2009.05.07	-
> ...


Дополнительная информация
File size: 17397 bytes
MD5...: 57017cb484cb0d1902ebe8206d3a48ae
SHA1..: 7a45e7fb067451ccf44ebe1c2252ef6eed84d883
SHA256: 0a20d9ac653f484a4e2c57e5a0461c1caaad63f921fbb66adf  c464e45491fb0a
SHA512: 3bd42600f76662ca76f8c5778b638d7ec87436ffe46702c1f8  b5f286f93f47ed
b3216f666b7e6f177320800d33e4cde3fedea882a5a8d23e7e  50af213df30194
ssdeep: 384:8s0IersSps4lz7I9Xg5nwiYxRtOM9XzSkC/SZtPB66/:8BY94lz7IlgFoOrk
tp66/
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

----------


## senyak

Файл install.exe получен 2009.05.08 10:15:55 (CET)
Текущий статус: закончено
Результат: 20/40 (50%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.05.08	*Riskware.FraudTool.Win32.SystemSecurity!IK*
> AhnLab-V3	5.0.0.2	2009.05.08	-
> *AntiVir	7.9.0.160	2009.05.08	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.1	2009.05.08	-
> *Authentium	5.1.2.4	2009.05.07	W32/FakeAlert.4!Generic
> Avast	4.8.1335.0	2009.05.07	Win32:FakeAlert-BD
> AVG	8.5.0.327	2009.05.07	FakeAlert.KH
> BitDefender	7.2	2009.05.08	Gen:Trojan.Heur.B1827D2859
> ...


Дополнительная информация
File size: 458548 bytes
MD5...: a02678f7c3a6777e6ab5231b36eb46da
SHA1..: 11c44290044ea33f8aa69acb405fcb7b8991f8bd
SHA256: 1ec758c3e86b63bd19ac2dbb2fc7ebc77a02b6986b78521645  424f770b471d7a
SHA512: bded3c662f5c41bfd50d51279184777d8c703834d004fa697b  28e236bef2c906
691aef775c74440363fe16867b36653d981a7adf24c283de7b  f64128c11cfb6e
ssdeep: 6144:KyOLAaUkLm7kyNHwvkT4XQGAuvlEROQE0aDGV8cJidAlx  flwy1jlEe2xlB7
xJiNN:KDAeMXcFNXvloZpodATTvO7xguj5Xy
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

----------


## Torvic99

Файл pdf.pdf получен 2009.05.08 10:57:00 (CET)



> Антивирус    Версия    Обновление    Результат
> *a-squared    4.0.0.101    2009.05.08    Exploit.Pidief!IK
> AhnLab-V3    5.0.0.2    2009.05.08    Win-Trojan/Exploit-PDF
> AntiVir    7.9.0.160    2009.05.08    EXP/Pidief.JQ.1*
> Antiy-AVL    2.0.3.1    2009.05.08    -
> Authentium    5.1.2.4    2009.05.07    -
> *Avast    4.8.1335.0    2009.05.07    JSdfka-EO*
> AVG    8.5.0.327    2009.05.07    -
> *BitDefender    7.2    2009.05.08    Exploit.PDF-JS.Gen*
> ...


Дополнительная информация
File size: 3545 bytes
MD5...: 97ee138c7dfcef3ded79cad5d8ab7a19
SHA1..: 53cd4251f4f2eb40fe64bae2d5dc5dd465b97c1a
SHA256: 8c793875755a5f1049f4ed771665904942af93edd5e539746d  98601d90ac3685
SHA512: 41bca5ebd70199ed725d0609b68bf38b481615266e16a046b6  ebed0df38680f2<br>b05b71b4104f2b93cef812b90c040e0e  2a6a628f901bdd1db45fe81d2effae6a
ssdeep: 48:C1CfEwyx0UJlNm5FZpbJ35AZ6tHqDPsmXmzfXYukplRBVXQ  IrrpyLSB0xjhnC<br>las:C1C8wbH9eZ6o2zTkLVXQIHo2BAhy  oI<br>
PEiD..: -
TrID..: File type identification<br>Adobe Portable Document Format (100.0%)
PEInfo: -
PDFiD.: PDF Header: %PDF-1.4<br>obj               15<br>endobj            15<br>stream            2<br>endstream         2<br>xref              1<br>trailer           1<br>startxref         1<br>/Page             1<br>/Encrypt          0<br>/ObjStm           0<br>/JS               1<br>/JavaScript       2<br>/AA               0<br>/OpenAction       0<br>/JBIG2Decode      0<br>
RDS...: NSRL Reference Data Set<br>-

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## senyak

Файл tj.htm получен 2009.05.11 11:14:13 (CET)
Текущий статус: закончено
Результат: 4/40 (10%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.05.11	-
> AhnLab-V3	5.0.0.2	2009.05.11	-
> *AntiVir	7.9.0.166	2009.05.11	HTML/Infected.WebPage.Gen*
> Antiy-AVL	2.0.3.1	2009.05.11	-
> Authentium	5.1.2.4	2009.05.10	-
> Avast	4.8.1335.0	2009.05.10	-
> AVG	8.5.0.327	2009.05.11	-
> BitDefender	7.2	2009.05.11	-
> ...


Дополнительная информация
File size: 245 bytes
MD5...: b9fdde6b1e1ba6eb225a0e65d7b40215
SHA1..: 92c8a1835abc0c37c1b7d9f832836529e1f5345b
SHA256: 644fa5e148b0a9f51a6f42fdadbe6025dc3738c6579d872fd1  80f0948e090779
SHA512: fb36042c084f104f201279f1184699cdf76970e0c7bc4d401b  a1a6087aa7c833
d1abb3734afe797d513d5a45268eb58a99cdad27a62ac4e80c  7e5e14e375ed16
ssdeep: 6:SW/CIQlQoRJM179Ur6pMI74+AUKIqnzRw74AsVAqnzRy:SWgQZJpM  IXS1nzacD
nzA
PEiD..: -
TrID..: File type identification
file seems to be plain text/ASCII (0.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set




Файл klr-id.txt получен 2009.05.11 11:16:42 (CET)
Текущий статус: закончено
Результат: 14/40 (35%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.11	Trojan.PHPInfo.A!IK
> AhnLab-V3	5.0.0.2	2009.05.11	PHP/HackTool
> AntiVir	7.9.0.166	2009.05.11	SPR/PHP.ID*
> Antiy-AVL	2.0.3.1	2009.05.11	-
> Authentium	5.1.2.4	2009.05.10	-
> *Avast	4.8.1335.0	2009.05.10	PHP:PHPInfo-A
> AVG	8.5.0.327	2009.05.11	PHP/BackDoor.H*
> BitDefender	7.2	2009.05.11	-
> ...


Дополнительная информация
File size: 1356 bytes
MD5...: 3a07e6a32c3ec7f811959c3c6207fb57
SHA1..: 6923355be4717ad01b3d2e181ae6076d05ab3d32
SHA256: cff9ddc62aff0eaa03d91c028995258f2df378329e67b06964  be0b8544421bdb
SHA512: 065449c094ed04208beeed61f60fa9708acafc7f2e24c63451  f0b6ceafc79cd4
8903043e8b92278becddadf5bf68342e83dc8a157757c4de86  da81996105ef33
ssdeep: 24:2sUftFfvsFh4/vZXOHvSpQvxVu6f2ik6Hev96itzmWN7A3BrSwu5d/dDMuOT:
2sgFnsFeZwSpQvxw6+56ixmc7A3BrLuM
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set




Файл 1.pdf получен 2009.05.11 11:18:47 (CET)
Текущий статус: закончено
Результат: 15/40 (37.5%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.05.11	-
> AhnLab-V3	5.0.0.2	2009.05.11	-
> *AntiVir	7.9.0.166	2009.05.11	HTML/Shellcode.Gen
> Antiy-AVL	2.0.3.1	2009.05.11	Exploit/Win32.Pidief*
> Authentium	5.1.2.4	2009.05.10	-
> *Avast	4.8.1335.0	2009.05.10	JS:Pdfka-FS*
> AVG	8.5.0.327	2009.05.11	-
> *BitDefender	7.2	2009.05.11	Exploit.PDF-JS.Gen*
> ...


Дополнительная информация
File size: 2913 bytes
MD5...: 8ec93dd5f15b4f2db875e391c98becd0
SHA1..: 15dc9947202cbf2937d5f390a4d60b510dee31e1
SHA256: 6878de79605b08a39a2d6f2bec2c81a0817e878cf1b46d284a  859e1c49466889
SHA512: 6998a745047f3190b750769a99261adfc6408d385280aa061f  2dde0cc6f48ed5
e343f6ba54a6ed454c8ab927a06f9842a73755662c073eb67d  4e8b6a33872b86
ssdeep: 48:PxWHhydEWXe4F/Gd5A+1T6PFLVsY0kn0+HAPPJ1GFvuHupPJHIg9M9/6cnGub
Z:Z+QdEs25RcFLVsYLwJ1TOLHNe9/6c5bZ
PEiD..: -
TrID..: File type identification
Adobe Portable Document Format (100.0%)
PEInfo: -




Файл windoss.css получен 2009.05.11 11:19:04 (CET)
Текущий статус: закончено
Результат: 27/40 (67.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.11	Trojan.Win32.AntiAV!IK
> AhnLab-V3	5.0.0.2	2009.05.11	Win-Trojan/Geral.37888
> AntiVir	7.9.0.166	2009.05.11	TR/Killav.PN*
> Antiy-AVL	2.0.3.1	2009.05.11	-
> Authentium	5.1.2.4	2009.05.10	-
> *Avast	4.8.1335.0	2009.05.10	Win32:Rootkit-gen
> AVG	8.5.0.327	2009.05.11	Agent_r.NO
> BitDefender	7.2	2009.05.11	Gen:Trojan.Heur.2015746F6F
> ...


Дополнительная информация
File size: 40456 bytes
MD5...: aacaf09a426ded3436f69575ef1c1c63
SHA1..: b4e9f63ecbdc369fcd198f162e87208ac35aa586
SHA256: 06fd36fe4e3479d3093225762c98f360989652f96b1d3ff551  55da2044ae4de8
SHA512: 87872b6ab4c4d7d0b6b9faee8234c9832347f09eb77ea749a1  0b2a4386e13b3a
bbd8e98cf57f181d9a46924b7422d9a172a6711e7c53499103  5aad6cd699198c
ssdeep: 768:s5IBDzRjGThvSP72rfN1UrPGuGo+A7GYLnQD/QkyYzUg9xtR+ys8p3gINHBs
0w0M:s2BDzSSPENWKnQ71QnPUg9TVlg0q
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information




Файл ci28.swf получен 2009.05.11 11:16:45 (CET)
Текущий статус: закончено
Результат: 13/40 (32.50%)



> Антивирус 	Версия 	Обновление 	Результат
> a-squared 	4.0.0.101 	2009.05.11 	-
> *AhnLab-V3 	5.0.0.2 	2009.05.11 	Win-Trojan/Exploit-SWF.Gen
> AntiVir 	7.9.0.166 	2009.05.11 	EXP/Flash.Gen*
> Antiy-AVL 	2.0.3.1 	2009.05.11 	-
> *Authentium 	5.1.2.4 	2009.05.10 	SWF/Downloader.F!Camelot
> Avast 	4.8.1335.0 	2009.05.10 	SWF:CVE-2007-0071*
> AVG 	8.5.0.327 	2009.05.11 	-
> *BitDefender 	7.2 	2009.05.11 	Exploit.SWF.Gen*
> ...


Дополнительная информация
File size: 1528 bytes
MD5...: 72a92a87da2bae3d8805a8915f8547d4
SHA1..: dc62f7f3002b9a7000a0f362f4b61717cd201c4b
SHA256: 5501e0a5ced50b5a9f36f6041e8896a7e8b2e241855cc079b5  7b4ae8a44212c4
SHA512: 069668a92912e2b8a585c64768c52de7432ac2d37ddbc23ddd  91745c3ed1f4f3
22715366d97ac280dbc9727eb3545f80a33d031761c8949ca1  5454a4ce7ab6d6
ssdeep: 24:hu1vLU3PL7JyRMxnPFUqc4QZt7N+UtWT/fgPHvTWgBBnJFhzOnfCSH/P/t9tm
Lah:l7I6Cqut7NxtWLfIL7lhzO6SnV9ELW
PEiD..: -
TrID..: File type identification
Macromedia Flash Player Compressed Movie (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (Kaspersky): Swf2Swc




Файл install.exe получен 2009.05.11 11:26:35 (CET)
Текущий статус: закончено
Результат: 10/40 (25%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.05.11	-
> AhnLab-V3	5.0.0.2	2009.05.11	-
> AntiVir	7.9.0.166	2009.05.11	-
> Antiy-AVL	2.0.3.1	2009.05.11	-
> Authentium	5.1.2.4	2009.05.10	-
> *Avast	4.8.1335.0	2009.05.10	Win32:FakeAlert-BD*
> AVG	8.5.0.327	2009.05.11	-
> *BitDefender	7.2	2009.05.11	Gen:Trojan.Heur.C1827D2859
> ...


ополнительная информация
File size: 469817 bytes
MD5...: 91ea20c532d87000481492d80a2787b7
SHA1..: df9af4173acdf82d25b34625d1f2a7f494c2fc5b
SHA256: 93ae7b72564181511965ccc2b58ad9c918d4a8e34aeacb004b  1d23b23b5e2dda
SHA512: 020e64ad58c98d5613665eb3bafa5b231f2dd483cb3a25b541  97641c01f41770
a638955d0fd5bd1c87c1e7fc281f167ca7d50d0e7d342f9506  236f1200338db1
ssdeep: 12288:PNdNrF8lC/8A4Dsdj+qAXBEitfpo3ODf7Jdouj5Xv:/NrL/h4DszAR5Yef
7fHj5v
PEiD..: -
TrID..: File type identification
Windows Screen Saver (39.4%)
Win32 Executable Generic (25.6%)
Win32 Dynamic Link Library (generic) (22.8%)
Generic Win/DOS Executable (6.0%)
DOS Executable Generic (6.0%)
PEInfo: PE Structure information




Файл setupxv.exe получен 2009.05.11 11:27:22 (CET)
Текущий статус: закончено
Результат: 14/40 (35%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.05.11	-
> AhnLab-V3	5.0.0.2	2009.05.11	-
> *AntiVir	7.9.0.166	2009.05.11	DR/FraudTool.AntiSpywareBot.CB*
> Antiy-AVL	2.0.3.1	2009.05.11	-
> Authentium	5.1.2.4	2009.05.10	-
> Avast	4.8.1335.0	2009.05.10	-
> AVG	8.5.0.327	2009.05.11	-
> *BitDefender	7.2	2009.05.11	Spyware.1636*
> ...


Дополнительная информация
File size: 1593248 bytes
MD5...: 3cf301b5305e136a35a5ebd00da5ac34
SHA1..: 563ac6a3b686214f694923c3a1d575c55fb19357
SHA256: 9028e78d09567870788282a8ba7b58f85cc6b0151ef42194cf  4880af9a297d84
SHA512: 9499b254ec68a7189f428c480ccbeb04fd625bdc42557f7c47  15e828bad65d3a
e0fb903b2e2d44a45109a4bd12c8bd3a84905307fc45da8934  a7c3215aeca5ca
ssdeep: 24576:a74CEUtxKyMKVr1Xep8rAguYtPgEzadNPE4zk6bvsy//s4/UzeMq9pWRaD
XBr3T2:a7n1CuO2r7uEO3E+f/s4/AWdBWqo
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification
UPX compressed Win32 Executable (43.8%)
Win32 EXE Yoda's Crypter (38.1%)
Win32 Executable Generic (12.2%)
Generic Win/DOS Executable (2.8%)
DOS Executable Generic (2.8%)
PEInfo: PE Structure information

*Добавлено через 1 час 57 минут*

Файл ss.exe получен 2009.05.11 13:06:10 (CET)
Текущий статус: закончено
Результат: 14/40 (35%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.11	Backdoor.Win32.Inject!IK*
> AhnLab-V3	5.0.0.2	2009.05.11	-
> *AntiVir	7.9.0.166	2009.05.11	TR/Dropper.Gen
> Antiy-AVL	2.0.3.1	2009.05.11	Trojan/Win32.Magania*
> Authentium	5.1.2.4	2009.05.10	-
> Avast	4.8.1335.0	2009.05.10	-
> AVG	8.5.0.327	2009.05.11	-
> BitDefender	7.2	2009.05.11	-
> ...


Дополнительная информация
File size: 190283 bytes
MD5...: 544a56b30c34bab1d72c71e82405233f
SHA1..: 8f5385b24f53786c84509fde8952b266d27f6149
SHA256: bc6159defa4116e20ebec047df62c3cc1b43102377e17ac317  99bb20237849d3
SHA512: 0da38bd9902bbd435337ad81539e1312b4d75e2146349faf50  1511da6e4966a6
4b5b57cf7e58e6a821edf9c4a5e5e711ecd36ae2fcb97734d7  c38464b8f73b82
ssdeep: 3072:mNgmY3/c+HfJgmgZXCSon9xaT9xCBw0I6rsi9HtrG5JfQyMuLs8KIKmnl  YA
jAx6P:Y2/VfYSS3psw0I67tKnlMuLs8e0j5Hmg
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
PEInfo: PE Structure information




Файл name.jar получен 2009.05.11 13:25:02 (CET)
Текущий статус: закончено
Результат: 8/40 (20%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.11	Trojan-SMS!IK*
> AhnLab-V3	5.0.0.2	2009.05.11	-
> *AntiVir	7.9.0.166	2009.05.11	JAVA/SMS.Boxer.C
> Antiy-AVL	2.0.3.1	2009.05.11	Trojan/J2ME.Boxer*
> Authentium	5.1.2.4	2009.05.10	-
> Avast	4.8.1335.0	2009.05.10	-
> AVG	8.5.0.327	2009.05.11	-
> BitDefender	7.2	2009.05.11	-
> ...


Дополнительная информация
File size: 210640 bytes
MD5...: cbc8ca6c9d097f41a2970412f46fd805
SHA1..: 0022d1c71d9f7fee4291985d366c23eb729cc369
SHA256: 342ae7f129614c6324ed98fc66e94ad6756a99c5fc98194eaa  d3af88afff99ac
SHA512: 0d132e20994fc71afcae3b18ca5e31200a640fbf037c06fa09  a9dd8772e0739d
41e5afee5123abba3997f3923083d20b1fade9775c42dc7f83  9316be86a8e06f
ssdeep: 3072:gCh9ERJudsMFlYUhTKOmeAkCeHeHXxdB/vTXNyw1z4xwMpjyUgXiEgo5hj2
uPdrd:gCsnutOOm5l/wOzwgB5B2ulop1ouPS
PEiD..: -
TrID..: File type identification
Java Archive (78.2%)
ZIP compressed archive (21.5%)
Sybase iAnywhere database files (0.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

----------


## Black_N

Файл foto12.rar получен 2009.05.12 22:38:53 (CET)
Текущий статус:   закончено 
*Результат: 19/40 (47.5%)* 
 Форматированные 



> Антивирус	Версия	Обновление	Результат
> a-squared	4.0.0.101	2009.05.12	-
> AhnLab-V3	5.0.0.2	2009.05.12	-
> *AntiVir	7.9.0.166	2009.05.12	TR/Crypt.XPACK.Gen*
> *Antiy-AVL	2.0.3.1	2009.05.12	Trojan/Win32.Buzus*
> Authentium	5.1.2.4	2009.05.12	-
> *Avast	4.8.1335.0	2009.05.12	Win32:Trojan-gen {Other}*
> AVG	8.5.0.327	2009.05.12	-
> BitDefender	7.2	2009.05.12	-
> ...


Дополнительная информация
File size: 32222 bytes
MD5...: eca4fa57358116b1c1d142c7bf96ea1a
SHA1..: 01f2e5cb2a46eeaa72a1d3d3aeb34ab1dcd1d12c
SHA256: 405798eebfacd89950ea9f9d3d5fb02c89f22376126550fd33  694dc0fc617433
SHA512: 9b419979879cd719d26830f2d94fdbc0744170780e7bb86b0c  266d1643f9c4fc
dcb76a7bdfa1481e94deb85e867ee3f3ec5903c9c580015af8  cf75aea11ffff8
ssdeep: 768:/qHX1Ldi3P+V6t7l3PvhLWnHElXCuuB2inyrcOZA9eAj:iHlLeP  Pt7BPJLWn
ruhiG29eAj
PEiD..: -
TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=439FD42900B406FCB64A00D64  7A405008E4D6CAD' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=439FD42900B406FCB64A00D64  7A405008E4D6CAD</a>

----------


## Surfer

Файл cino.exe получен 2009.05.13 07:27:17 (CET)
Результат: 4/39 (10.26%)




> *a-squared 	4.0.0.101 	2009.05.13 	BehavesLike!IK*
> AhnLab-V3 	5.0.0.2 	2009.05.13 	-
> AntiVir 	7.9.0.166 	2009.05.12 	-
> Antiy-AVL 	2.0.3.1 	2009.05.12 	-
> Authentium 	5.1.2.4 	2009.05.13 	-
> Avast 	4.8.1335.0 	2009.05.12 	-
> AVG 	8.5.0.327 	2009.05.12 	-
> *BitDefender 	7.2 	2009.05.13 	BehavesLike:Win32.Backdoor*
> CAT-QuickHeal 	10.00 	2009.05.13 	-
> ...


[hr]
Файл KJBy.exe получен 2009.05.13 07:27:15 (CET)
Результат: 6/40 (15.00%)




> a-squared 	4.0.0.101 	2009.05.13 	-
> AhnLab-V3 	5.0.0.2 	2009.05.13 	-
> *AntiVir 	7.9.0.166 	2009.05.12 	TR/Crypt.XPACK.Gen*
> Antiy-AVL 	2.0.3.1 	2009.05.12 	-
> Authentium 	5.1.2.4 	2009.05.13 	-
> Avast 	4.8.1335.0 	2009.05.12 	-
> AVG 	8.5.0.327 	2009.05.12 	-
> BitDefender 	7.2 	2009.05.13 	-
> *CAT-QuickHeal 	10.00 	2009.05.13 	(Suspicious) - DNAScan*
> ...

----------


## senyak

Файл Jimm2009.jar получен 2009.05.20 14 :20: 05 (CET)
Текущий статус: закончено
Результат: 10/40 (25%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.20	Trojan-SMS!IK*
> AhnLab-V3	5.0.0.2	2009.05.20	-
> AntiVir	7.9.0.168	2009.05.20	-
> *Antiy-AVL	2.0.3.1	2009.05.20	Trojan/J2ME.Swapi*
> Authentium	5.1.2.4	2009.05.19	-
> *Avast	4.8.1335.0	2009.05.19	Other:Malware-gen
> AVG	8.5.0.336	2009.05.20	Java/Swapi*
> BitDefender	7.2	2009.05.20	-
> ...


Дополнительная информация
File size: 135727 bytes
MD5...: 847b555a716a79e9d13ffbee11886fda
SHA1..: 68093505115ee5e546f94ccf533753058d9ba106
SHA256: a1b8af6c3580886ae0aaedfcc417aaa99a95736f9e613519bb  b9f0bdd90fef98
SHA512: 4668e4dde6a2ad57ba9cf177a7094175fc5641de5f356a81c3  261acfec4b0fd0
65e5190f385b5327c3b8331c3253e249d7df816eeb15180aa6  dbde74caf8b362
ssdeep: 3072:EYzNg2B5XHj04ANArHJ+ga5h90VX0KgblXQcjkVtr4wk7  fjrA:RzNRB5lAi
rp+garRKOdljkVd4wkDPA
PEiD..: -
TrID..: File type identification
Java Archive (78.2%)
ZIP compressed archive (21.5%)
Sybase iAnywhere database files (0.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set





Файл Anon_SMS.jar получен 2009.05.20 14 :20: 12 (CET)
Текущий статус: закончено
Результат: 14/40 (35%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.20	Trojan-SMS!IK*
> AhnLab-V3	5.0.0.2	2009.05.20	-
> *AntiVir	7.9.0.168	2009.05.20	JAVA/SMS.Konov.e
> Antiy-AVL	2.0.3.1	2009.05.20	Trojan/J2ME.Konov*
> Authentium	5.1.2.4	2009.05.19	-
> *Avast	4.8.1335.0	2009.05.19	Other:Malware-gen
> AVG	8.5.0.336	2009.05.20	Java/SMS.A*
> BitDefender	7.2	2009.05.20	-
> ...


Дополнительная информация
File size: 2370 bytes
MD5...: 7b72a43b3c46b0070b9e3c2e210c02e6
SHA1..: 727cb63b4586e31430ba79081bb1d8ad389f61eb
SHA256: b0c224c1dbbf29ddbc3be13a40acad567105e4652f9885ab8a  d596c9ba851e17
SHA512: 98b4d5e244e333c02f76b37bb3063887fc87eb880c39b56c58  e34eb219c30659
1454833155e4e249919e27dc1d85563e40936cf5cdc404bf93  0593c1680d6b4c
ssdeep: 48:51FTQo0tOURs9y3VeiTEzrTnHOCmmJwLnDf0eZGz :Lipsrsealed: FTiOURs9qVeiT6THmX3
9ZGz
PEiD..: -
TrID..: File type identification
Java Archive (78.2%)
ZIP compressed archive (21.5%)
Sybase iAnywhere database files (0.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

----------


## Black_N

Файл Tinstall.rar получен 2009.05.21 14:50:31 (CET)
Текущий статус:   закончено 
*Результат: 3/40 (7.5%)* 




> Печать результатов  Антивирус	Версия	Обновление	Результат
> a-squared	4.0.0.101	2009.05.21	-
> AhnLab-V3	5.0.0.2	2009.05.21	-
> AntiVir	7.9.0.168	2009.05.21	-
> Antiy-AVL	2.0.3.1	2009.05.21	-
> Authentium	5.1.2.4	2009.05.20	-
> Avast	4.8.1335.0	2009.05.20	-
> AVG	8.5.0.339	2009.05.21	-
> BitDefender	7.2	2009.05.21	-
> ...


Дополнительная информация
File size: 13774 bytes
MD5...: 64551334cbef11183bb98a7c00ebda27
SHA1..: f2da6532b2657e8e1563d1e9157f1bdada9ff335
SHA256: 77bfb014a11656ffd832122a19d5d15593f0e57d37fbc12db8  0f48ee874457ee
SHA512: 9040f381731cb41a68890dd80790dc3fe2193f478096f95c18  fb1af9799e6a8d
48773eaca21f924d7e2b7e39a90e7a34a45f1e9cc6c659f0e3  bd898df233ded9
ssdeep: 384:Gb7aS4IgtruycAU+YPb/s2MnSCnXDG4/AwgLiyG+2v:eeSsVrcAU+YP2nvTZ
gLC
PEiD..: -
TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=9A9737B700EADB61443C00DB9  87BBD00AE99F0F7' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=9A9737B700EADB61443C00DB9  87BBD00AE99F0F7</a>
packers (Kaspersky): ASPack
packers (F-Prot): Aspack

----------


## senyak

Файл clips01505.zip получен 2009.05.23 15:43:56 (UTC)
Текущий статус: закончено
Результат: 8/40 (20%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.23	Trojan-Dropper.Win32.Wlord!IK*
> AhnLab-V3	5.0.0.2	2009.05.23	-
> *AntiVir	7.9.0.168	2009.05.23	DR/Delphi.Gen*
> Antiy-AVL	2.0.3.1	2009.05.22	-
> Authentium	5.1.2.4	2009.05.22	-
> Avast	4.8.1335.0	2009.05.23	-
> AVG	8.5.0.339	2009.05.23	-
> *BitDefender	7.2	2009.05.23	Gen:Trojan.Heur.41C13E0B4A*
> ...


Дополнительная информация
File size: 196280 bytes
MD5...: e094072a35288f8757aef805ae97a322
SHA1..: 6fe9a394211a44f604a34b0025796cf7e0ebd716
SHA256: f45ed9dd261d720aeada27bd2befec9e3c489106d5de20a384  f846332d20f775
SHA512: 319527d80c8b34a65b3757524d131fafcb40fc7c1bf419e957  5204e49c41acd6
bf344e98116976978ae3724ae0345d5db0c9a5fed74d88f8a3  27b3c204daa05c
ssdeep: 3072:EX7Tu5mqLPx+VC49WdvJOjiBTnh6DciK/2A4AYVwhYq8xV39Iucx51SRYm9
u:MTuxLPx+MuqJOjiBbEDBK+A48hp8xbE3
PEiD..: -
TrID..: File type identification
ZIP compressed archive (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

----------


## senyak

Файл nazvanie.jar получен 2009.05.25 09:36:12 (UTC)
Текущий статус: закончено
Результат: 11/39 (28.21%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.25	Trojan-SMS!IK*
> AhnLab-V3	5.0.0.2	2009.05.25	-
> *AntiVir	7.9.0.168	2009.05.25	JAVA/Boxer.1
> Antiy-AVL	2.0.3.1	2009.05.25	Trojan/J2ME.Boxer*
> Authentium	5.1.2.4	2009.05.24	-
> *Avast	4.8.1335.0	2009.05.24	Other:Malware-gen*
> AVG	8.5.0.339	2009.05.24	-
> BitDefender	7.2	2009.05.25	-
> ...


Дополнительная информация
File size: 17383 bytes
MD5...: dc617d7a363fb020e7eeb102a9362b9a
SHA1..: ce5f7557876c5dd89a556dc670340cb4aad54df6
SHA256: 2b8cc58e9228189f91e40fba7d25f80ada0887247b62ea22a2  3c1ef4a9c3fcd6
SHA512: 9f8ecbe803ccaf53ad504139de2a22c1773aae9f5979fb9988  b9784e98a10803
b735342cfc6ec994e457f2113256abd9fb8efd86e03406a679  0ec5956b2a6b21
ssdeep: 384:kj0werUSps4uz+Y9Xg5nwiYxRtOM9XzSkC/SZtPBJB5tFOk5b:kAA94uz+Yl
gFoOrktpX5POk5b
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

*Добавлено через 1 час 59 минут*

Файл JimmBest.jar получен 2009.05.25 11:37:03 (UTC)
Текущий статус: закончено
Результат: 4/40 (10%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.25	Trojan-SMS!IK*
> AhnLab-V3	5.0.0.2	2009.05.25	-
> AntiVir	7.9.0.168	2009.05.25	-
> Antiy-AVL	2.0.3.1	2009.05.25	-
> Authentium	5.1.2.4	2009.05.25	-
> Avast	4.8.1335.0	2009.05.24	-
> AVG	8.5.0.339	2009.05.25	-
> BitDefender	7.2	2009.05.25	-
> ...


Дополнительная информация
File size: 4577 bytes
MD5...: 81cf852bd04aa272b359a013d369063b
SHA1..: ccc5533f188b892c28b9668f58e4bc60619ae660
SHA256: 7efff33d0745bd4e62339c40b75838aa6bb38b4cc245051761  078bbe23bd4306
ssdeep: 96:sFTiOURs9qVeiTofJd1xfOrEepznEWN7OdErQKL/2gde:sZ5UdeiTofFtsfGW
SgtC
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

----------


## senyak

Понеслась :)

Файл 0.pdf получен 2009.05.27 19:54:20 (UTC)
Текущий статус: закончено
Результат: 13/40 (32.5%)




> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.27	Exploit.PDF-JS!IK*
> AhnLab-V3	5.0.0.2	2009.05.27	-
> *AntiVir	7.9.0.168	2009.05.27	HEUR/HTML.Malware*
> Antiy-AVL	2.0.3.1	2009.05.27	-
> *Authentium	5.1.2.4	2009.05.27	PDF/Obfusc.B!Camelot
> Avast	4.8.1335.0	2009.05.27	JS:Packed-BC
> AVG	8.5.0.339	2009.05.27	Exploit.PDF
> BitDefender	7.2	2009.05.27	Exploit.PDF-JS.Gen*
> ...


Дополнительная информация
File size: 42693 bytes
MD5...: 7b49bb03b7bd72047edde2c06fe4e341
SHA1..: 9fa29089fb206b1362e5740b6399f076cb7cfb4e
SHA256: 400022caa022ab94ee215079411973157421444ccf05c117d3  d2593e320265c0
SHA512: 7d9c6d8152f205351ba5638928598a61361924efa37f3d3777  b1fc10b4238891
4c183d1dd641ab6782961e3c988ab10ae0a82e04805bce253c  154053f9119bfa
ssdeep: 768:6l43YiOEH1ZTAu3fxZLdzyN/egXVuhYmQRQ+2AWJ/gvQht:sDkG4yN/eIyYd
RO
PEiD..: -
TrID..: File type identification
Adobe Portable Document Format (50.0%)
MATLAB program (50.0%)
PEInfo: -




Файл 0.swf получен 2009.05.27 19:54:34 (UTC)
Текущий статус: закончено
Результат: 8/40 (20%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.27	Exploit.SWF!IK*
> AhnLab-V3	5.0.0.2	2009.05.27	-
> AntiVir	7.9.0.168	2009.05.27	-
> Antiy-AVL	2.0.3.1	2009.05.27	-
> *Authentium	5.1.2.4	2009.05.27	SWF/Obfusc.A!Camelot*
> Avast	4.8.1335.0	2009.05.27	-
> AVG	8.5.0.339	2009.05.27	-
> *BitDefender	7.2	2009.05.27	Exploit.SWF.Gen*
> ...


Дополнительная информация
File size: 16621 bytes
MD5...: cfc5c0c52972344850dac981c56305a5
SHA1..: b109d84c82231823b9c7e76f790cd4a93894c204
SHA256: 67ec13a5cd1c66e369782ee160435953ddade9b65de972d254  f387b32f72f7a3
SHA512: 026f33d8a5b9bade43529261df84902acb4270ed750d26a54e  3965b9cc7003b1
935da1b9efa4dacc8e97b32b38a7eaeb202d26ed2a69fcb1a6  d7d4922857eb57
ssdeep: 384:4MUXmD/Cokm1coEe8OYildFcZNlzh6dWh7lQacxpRRgD/9MKQb5:4r0Cmyo3
8OYiljOlwdW/QN7w1Mn
PEiD..: -
TrID..: File type identification
Macromedia Flash Player Compressed Movie (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (Kaspersky): Swf2Swc




Файл 23.exe получен 2009.05.27 20:01:18 (UTC)
Текущий статус: закончено
Результат: 17/40 (42.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.27	Trojan.Win32.Alureon!IK
> AhnLab-V3	5.0.0.2	2009.05.27	Dropper/Rootkit.98816
> AntiVir	7.9.0.168	2009.05.27	TR/Drop.Alureon.qxh*
> Antiy-AVL	2.0.3.1	2009.05.27	-
> Authentium	5.1.2.4	2009.05.27	-
> *Avast	4.8.1335.0	2009.05.27	Win32:Rootkit-gen
> AVG	8.5.0.339	2009.05.27	Agent_r.NU*
> BitDefender	7.2	2009.05.27	-
> ...


Дополнительная информация
File size: 98816 bytes
MD5...: 8cf2cd55c2fe1b0d2550262b1fc0366f
SHA1..: 8671aa2c7dd2cf6ab6e0f5191a386565521310f9
SHA256: 2880181b8c04890b0d5fd23a95f8fac7cc72a933b55bab4335  8db88d03b0b929
ssdeep: 3072:IRJVhV7P5fjmAaHws/VfvCaINQ9DaGSXNiA2g7u:GJVhV7eHwcCaIe9D7St
v7u
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)




Файл 52hxw.exe получен 2009.05.27 20:04:04 (UTC)
Текущий статус: закончено
Результат: 15/40 (37.5%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.05.27	-
> AhnLab-V3	5.0.0.2	2009.05.27	-
> *AntiVir	7.9.0.168	2009.05.27	ADSPY/Baidu.2*
> Antiy-AVL	2.0.3.1	2009.05.27	-
> Authentium	5.1.2.4	2009.05.27	-
> Avast	4.8.1335.0	2009.05.27	-
> *AVG	8.5.0.339	2009.05.27	Generic3.BKW*
> BitDefender	7.2	2009.05.27	-
> ...


Дополнительная информация
File size: 2708296 bytes
MD5...: 86cab3dc8b9189339f43ab6a2b590d74
SHA1..: 91db4e00aa6068b7042e8bd8dae5ff748f6c642d
SHA256: 17f5ee18c777c489a1ebf1c9a94a7a9aeea21f891667bf3e6a  cfacfce4c5a20b
ssdeep: 49152:A3GAVjO+oXyg7fBZ5NVG8OtqcxnrAZldIvmDdih5XUXj  JLdpRszF74UDgD
jYczd0:IGZ/XpfBZ5TwFAZL1Jg5EzJLNszwhddO
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)




Файл aa1.exe получен 2009.05.27 20:05:26 (UTC)
Текущий статус: закончено
Результат: 27/39 (69.24%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.27	Trojan-PWS.Win32.LdPinch!IK*
> AhnLab-V3	5.0.0.2	2009.05.27	-
> *AntiVir	7.9.0.168	2009.05.27	TR/Crypt.XDR.Gen*
> Antiy-AVL	2.0.3.1	2009.05.27	-
> *Authentium	5.1.2.4	2009.05.27	W32/OnlineGames.CA.gen!Eldorado
> Avast	4.8.1335.0	2009.05.27	Win32:Agent-ACMH
> AVG	8.5.0.339	2009.05.27	PSW.OnlineGames3.EXT
> BitDefender	7.2	2009.05.27	Generic.Onlinegames.14.1C082D5E
> ...


Дополнительная информация
File size: 28267 bytes
MD5...: 4e4cbc72bca5ac242dc88cec079f4d59
SHA1..: 74c22fa962ffcc80eb61666292a8281a0e1265af
SHA256: 9958022e05c985c24a7487e2efb1eb8d121ea439d1f60c5518  f22d80394a4953
SHA512: 4124b859bf5f3f1107a1e1aa11ef4761c6b25a6890fb06da3f  374d06897b88b8
39015f17207b757515bc2344bff950e0b369b43fdab2bcff0b  e2637575118f52
ssdeep: 768:b4TnwnQ6v4vsoCm6F15wk9vyQ3FZ3Vq1X:MTnSULCVd99a  wVqh
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)




Файл abb.txt получен 2009.05.27 20:16:10 (UTC)
Текущий статус: закончено
Результат: 7/39 (17.95%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.27	Win32.SuspectCrc!IK*
> AhnLab-V3	5.0.0.2	2009.05.27	-
> AntiVir	7.9.0.168	2009.05.27	-
> Antiy-AVL	2.0.3.1	2009.05.27	-
> *Authentium	5.1.2.4	2009.05.27	W32/FakeAlert.AY.gen!Eldorado*
> Avast	4.8.1335.0	2009.05.27	-
> *AVG	8.5.0.339	2009.05.27	SHeur2.AIAO*
> BitDefender	7.2	2009.05.27	-
> ...


Дополнительная информация
File size: 40449 bytes
MD5...: 294d022a2c97342c24dbcc98527adc27
SHA1..: 32aa72f46a3b3a4ae0709eabed8f6d1994632c79
SHA256: 452e31c95952af674501a0519e63741568a1a3ba6267abc559  b461812d761b70
ssdeep: 384:AGvBwrzjKh7lMPmtaUcyOBWR7+1HIwivSBJ2GB+hnGSAIE  fUmWpHlDYjNsju
gPNF:Arrw7lQmthftuHIfvCJ2K0TKPili41
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)




Файл Freemasons_featuring_Amanda_Wilso получен 2009.05.27 20:30:51 (UTC)
Текущий статус: закончено
Результат: 4/39 (10.26%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.05.27	-
> AhnLab-V3	5.0.0.2	2009.05.27	-
> *AntiVir	7.9.0.168	2009.05.27	HEUR/HTML.Malware*
> Antiy-AVL	2.0.3.1	2009.05.27	-
> Authentium	5.1.2.4	2009.05.27	-
> *Avast	4.8.1335.0	2009.05.27	JS:Agent-CK*
> AVG	8.5.0.339	2009.05.27	-
> BitDefender	7.2	2009.05.27	-
> ...


Дополнительная информация
File size: 40841 bytes
MD5...: abb461d7af45c80afe27842cfdf809c5
SHA1..: be34553f4e622e180ac546940c6a243befc1bf65
SHA256: 671aaf1b94e5a01a08a9b67c616d139c10a697cb8b4223b08a  63305cd6b9b007
ssdeep: 384:qv+yBJ7zLFzufO1tC3OSCEZdSdm6ZvjLdjtEE8O:szuo
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set




Файл foto332.rar получен 2009.05.27 20:30:41 (UTC)
Текущий статус: закончено
Результат: 2/39 (5.13%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.05.27	-
> AhnLab-V3	5.0.0.2	2009.05.27	-
> AntiVir	7.9.0.168	2009.05.27	-
> Antiy-AVL	2.0.3.1	2009.05.27	-
> Authentium	5.1.2.4	2009.05.27	-
> Avast	4.8.1335.0	2009.05.27	-
> AVG	8.5.0.339	2009.05.27	-
> BitDefender	7.2	2009.05.27	-
> ...


Дополнительная информация
File size: 114919 bytes
MD5...: 2dd6802e5b8cf81010cd02c59df36cc4
SHA1..: 3753eeb7b4517312b132176317aaf386ee91dd25
SHA256: cc2af806d41fd66670cf9365db6adb0789739ae16b82e553f6  ed3ab5a1d5ece1
ssdeep: 3072:a3eRwHJ2TuqsO8XwEpaHJJakhbSi8GXtiHge9D69Vvdom  cjNYW:4+vKqIwA
aHJEE8Ge29szjWW
PEiD..: -
TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set




Файл fx29id2.txt получен 2009.05.27 20:35:19 (UTC)
Текущий статус: закончено
Результат: 4/40 (10%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.27	PHP.Backdoor.AR!IK*
> AhnLab-V3	5.0.0.2	2009.05.27	-
> *AntiVir	7.9.0.168	2009.05.27	PHP/BackDoor.AR*
> Antiy-AVL	2.0.3.1	2009.05.27	-
> Authentium	5.1.2.4	2009.05.27	-
> Avast	4.8.1335.0	2009.05.27	-
> AVG	8.5.0.339	2009.05.27	-
> BitDefender	7.2	2009.05.27	-
> ...


Дополнительная информация
File size: 2162 bytes
MD5...: 8dcad47f3e32e7dc1aee59167e67c601
SHA1..: 90cc34ac169204c4243028f4725565328b4c37e9
SHA256: dc66f84ed821c8a9c4afda5c5af6d137b54f33a0f95b668bec  a49b039b62c4d7
ssdeep: 48:jVpwFwKyUsmlcAXixgTil+aykydBrMJYjBBNpBf0UVK6fbO  LhpPR7:jVpVedi
Fs7el7
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set




Файл id.txt получен 2009.05.27 20:37:58 (UTC)
Текущий статус: закончено
Результат: 15/40 (37.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.27	Win32.SuspectCrc!IK
> AhnLab-V3	5.0.0.2	2009.05.27	HTML/Phpinfo
> AntiVir	7.9.0.168	2009.05.27	SPR/PHP.ID*
> Antiy-AVL	2.0.3.1	2009.05.27	-
> Authentium	5.1.2.4	2009.05.27	-
> *Avast	4.8.1335.0	2009.05.27	PHP:PHPInfo-A
> AVG	8.5.0.339	2009.05.27	PHP/BackDoor.H
> BitDefender	7.2	2009.05.27	Trojan.Script.55118*
> ...


Дополнительная информация
File size: 1356 bytes
MD5...: 5713ce15eed4cef6c86465a44de708ae
SHA1..: c21003aca5348cc07f37e3d200a4872da4bf8f42
SHA256: ed7c645b31ca5f074f615410d2a7a8f01674e715c0774cd6b3  d2aa5e52387a32
ssdeep: 24:2sUftFfvsFh4/vZXOHvSpQvyVu6f2ik6Hev96it//omWN7A3BrSwu5d/dDMuO
H:2sgFnsFeZwSpQvyw6+56immc7A3BrLuw
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set




Файл install.exe получен 2009.05.27 20:45:48 (UTC)
Текущий статус: закончено
Результат: 5/40 (12.5%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.05.27	-
> AhnLab-V3	5.0.0.2	2009.05.27	-
> *AntiVir	7.9.0.168	2009.05.27	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.1	2009.05.27	-
> Authentium	5.1.2.4	2009.05.27	-
> Avast	4.8.1335.0	2009.05.27	-
> AVG	8.5.0.339	2009.05.27	-
> BitDefender	7.2	2009.05.27	-
> ...


Дополнительная информация
File size: 490804 bytes
MD5...: 2b8d61bd8871cc3f86b213d9fecd9fa5
SHA1..: b5fbe334f5f3f8e292f130cde2cfbd2ce42af580
SHA256: 33941eac3e46f32731f6567a27a91b53e5c51c23376430e74f  725bd042402c87
ssdeep: 12288:fkxfm4UQZlEH7CbDDU7funegP/au6m77iy:4+H7CbDDU7megnau6m773
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)




Файл porn-tube.avi.exe получен 2009.05.27 20:46:39 (UTC)
Текущий статус: закончено
Результат: 26/40 (65%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.27	Riskware.FraudTool.Win32.PrivacyCenter!IK*
> AhnLab-V3	5.0.0.2	2009.05.27	-
> *AntiVir	7.9.0.168	2009.05.27	DR/FakeAlert.RZ
> Antiy-AVL	2.0.3.1	2009.05.27	FraudTool/Win32.PrivacyCenter*
> Authentium	5.1.2.4	2009.05.27	-
> *Avast	4.8.1335.0	2009.05.27	Win32:Adware-gen
> AVG	8.5.0.339	2009.05.27	Generic4.EFU
> BitDefender	7.2	2009.05.27	Trojan.FakeAlert.BDR*
> ...


Дополнительная информация
File size: 1984945 bytes
MD5...: 99d8fdcb581c11b5b5439b99caf423d6
SHA1..: 85372148766cda6c2aa3192a7fac018c536442b8
SHA256: f96e16540f3dbc815b5894076f80a894b4012dcd23743c4e35  559bb9798f6d13
ssdeep: 49152:SfLtxlzvBV2Ag/96v7fD+dHANE8i1JFCGLvEcTIMMdY17V:4xLV2Ag/Uv7
fDPNERUQvx/yY1J
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)




Файл update__.exe получен 2009.05.27 20:52:10 (UTC)
Текущий статус: закончено
Результат: 20/40 (50%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.27	P2P-Worm.Win32.Palevo!IK
> AhnLab-V3	5.0.0.2	2009.05.27	Win32/Palevo.worm.184360
> AntiVir	7.9.0.168	2009.05.27	Worm/Palevo.eiw*
> Antiy-AVL	2.0.3.1	2009.05.27	-
> Authentium	5.1.2.4	2009.05.27	-
> Avast	4.8.1335.0	2009.05.27	-
> AVG	8.5.0.339	2009.05.27	-
> *BitDefender	7.2	2009.05.27	Gen:Trojan.Heur.B0857A2F5E*
> ...


Дополнительная информация
File size: 184360 bytes
MD5...: 752c997a56b0b126de6eac328d5f4c29
SHA1..: 55ae0761338115f8f2bbfff681efd3cd7956e1e9
SHA256: eb6312bd3a633c4dc29bd3c6a8ed818034da1f9b619ef71e0b  eb549c4560dea8
ssdeep: 3072:7ptVr6si1kEZ2dcaIxHhVVmKMCqUGgOKn52eGM:77VmEk  2yX5so52eB
PEiD..: -
TrID..: File type identification
Win32 Executable Microsoft Visual Basic 6 (90.9%)
Win32 Executable Generic (6.1%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)




Файл test.txt получен 2009.05.27 20:52:02 (UTC)
Текущий статус: закончено
Результат: 16/40 (40%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.27	Backdoor.PHP.Small.o!IK
> AhnLab-V3	5.0.0.2	2009.05.27	HTML/Xema
> AntiVir	7.9.0.168	2009.05.27	BDS/PHP.ali.1*
> Antiy-AVL	2.0.3.1	2009.05.27	-
> Authentium	5.1.2.4	2009.05.27	-
> Avast	4.8.1335.0	2009.05.27	-
> *AVG	8.5.0.339	2009.05.27	BackDoor.Generic_c.BTI
> BitDefender	7.2	2009.05.27	Backdoor.PHP.ALI*
> ...


Дополнительная информация
File size: 1165 bytes
MD5...: f1a9b4e4b207cd38641061e1b72d4775
SHA1..: 33c02179e53c19e00897fb0c63501acc0a2233e8
SHA256: 0b3eef46d7111939962db133d2e75530fbb7946d92a33195ca  6b7f2e1affe43a
ssdeep: 24:kwauoGPmXvuH6dcFTGPmXvuH6dc4H6dcZ1Mpn6+YvKsLKPX  VwuHENNTh:bBoC
gMQsCgMQfQu1M5XW0SNl
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set




Файл registrycleanerdoktor.exe получен 2009.05.27 20:53:04 (UTC)
Текущий статус: закончено
Результат: 5/40 (12.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.0.0.101	2009.05.27	Downloader.FraudLoad!IK*
> AhnLab-V3	5.0.0.2	2009.05.27	-
> *AntiVir	7.9.0.168	2009.05.27	DR/FraudLoad.umy*
> Antiy-AVL	2.0.3.1	2009.05.27	-
> Authentium	5.1.2.4	2009.05.27	-
> Avast	4.8.1335.0	2009.05.27	-
> AVG	8.5.0.339	2009.05.27	-
> BitDefender	7.2	2009.05.27	-
> ...


Дополнительная информация
File size: 2690520 bytes
MD5...: 1d8cf463c1cfddc8692cf7d163af0cf8
SHA1..: 47fa03934acb51a0dfb50771926f94dfb80e4cf4
SHA256: 82b5ec3f2d01ea50a421d1b8c479fc710138377dd1317a3023  f331f6d07f9bc6
ssdeep: 49152:h2LKzU5cqDuf6j1eyqmPKpFMOHh61Qn1NFuVmgsH0cKa  lGM9q2h66M8MMr
:kWzUTu7yhPo1oiFu4gM0ElGM9l76Y
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)


Фух, все

----------


## Shu_b

Апрель - Май. Что присылали, то и видим  :Wink:

----------


## ALEX(XX)

Сегодня с утра выловил на одной рабочей станции. Зараза практически полностью нульсовая, о чём красноречиво говорит вирустотал. Это *Лжеантивирус*

Файл pcdefender.exe получен 2009.06.02 06:59:34 (UTC)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.06.02	-
AhnLab-V3	5.0.0.2	2009.06.02	-
AntiVir	7.9.0.180	2009.06.01	-
Antiy-AVL	2.0.3.1	2009.06.02	-
Authentium	5.1.2.4	2009.06.02	-
Avast	4.8.1335.0	2009.06.01	-
AVG	8.5.0.339	2009.06.01	-
BitDefender	7.2	2009.06.02	-
CAT-QuickHeal	10.00	2009.06.01	(Suspicious) - DNAScan
ClamAV	0.94.1	2009.06.02	-
Comodo	1232	2009.06.02	-
DrWeb	5.0.0.12182	2009.05.29	-
eSafe	7.0.17.0	2009.06.01	Suspicious File
F-Prot	4.4.4.56	2009.06.02	-
F-Secure	8.0.14470.0	2009.06.02	-
Fortinet	3.117.0.0	2009.06.02	-
GData	19	2009.06.02	-
Ikarus	T3.1.1.57.0	2009.06.02	-
K7AntiVirus	7.10.749	2009.05.29	-
Kaspersky	7.0.0.125	2009.06.02	-
McAfee	5633	2009.06.01	FakeAlert-CM
McAfee+Artemis	5633	2009.06.01	FakeAlert-CM
McAfee-GW-Edition	6.7.6	2009.05.29	Trojan.LooksLike.Dropper
Microsoft	1.4701	2009.06.02	Trojan:Win32/FakeRean
NOD32	4121	2009.06.02	-
Norman	6.01.05	2009.06.01	-
nProtect	2009.1.8.0	2009.06.02	-
Panda	10.0.0.14	2009.06.01	-
PCTools	4.4.2.0	2009.06.01	-
Prevx	3.0	2009.06.02	Medium Risk Malware
Rising	21.32.11.00	2009.06.02	-
Sophos	4.42.0	2009.06.02	-
Sunbelt	3.2.1858.2	2009.06.02	FraudTool.Win32.RogueSecurity (v)
Symantec	1.4.4.12	2009.06.02	-
TheHacker	6.3.4.3.335	2009.06.01	-
TrendMicro	8.950.0.1092	2009.06.02	-
VBA32	3.12.10.6	2009.06.02	-
ViRobot	2009.6.2.1764	2009.06.02	-
VirusBuster	4.6.5.0	2009.06.01	-
```

Дополнительная информация
File size: 1022976 bytes
MD5...: a1d662f2d031c7d717c94a9b214c35a6
SHA1..: 2e66d58955b2e79a9deef54bff91f4ca10d2fc02
SHA256: d275db28bb974a9efaf6a75245a0e0b7a911e75171029be540  fa877b2d9f0a7d
ssdeep: -<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x131c<BR>timedatestamp.....: 0x44cbedc2 (Sat Jul 29 23:22:42 2006)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>0x1000 0x31275 0x31400 7.98 d29cdbeea790849b73f9f8d28e41db28<BR>.data 0x33000 0xf2309 0xc3400 7.98 75a68078a30499fcd58983d45fc334ef<BR>.idata 0x126000 0x160 0x400 1.57 f279fb28c54087e0d2fb2cad16272365<BR>.rsrc 0x127000 0x45bc 0x4800 6.08 df394f8265ba158a267016f61360aff3<BR>.reloc 0x12c000 0x2cd000 0x400 0.19 9c710e752669be110de5ca6a1bfa8588<BR><BR>( 1 imports ) <BR>&gt; kernel32.dll: SetStdHandle, GetModuleHandleA, HeapAlloc, GetCommandLineW, Sleep, GetACP, VirtualProtect, ExitProcess, GetOEMCP, SetConsoleCP, GetStartupInfoA<BR><BR>( 0 exports ) <BR>
PDFiD.: -
RDS...: NSRL Reference Data Set<BR>-
Prevx info: &lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=7FAA6687002AE18F9C080FCDA  EAE2D008F8F81FA' target='_blank'&gt;http://info.prevx.com/aboutprogramte...81FA&lt;/a&gt;

----------


## Shu_b

Файл sysdate.exe получен 2009.06.02 07:06:47 (UTC)



```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.06.02	Trojan.Win32.DNSChanger!IK
AhnLab-V3	5.0.0.2	2009.06.02	-
AntiVir	7.9.0.180	2009.06.01	TR/Crypt.XPACK.Gen
Antiy-AVL	2.0.3.1	2009.06.02	-
Authentium	5.1.2.4	2009.06.02	-
Avast	4.8.1335.0	2009.06.01	Win32:Trojan-gen {Other}
AVG	8.5.0.339	2009.06.01	Win32/Heur
BitDefender	7.2	2009.06.02	-
CAT-QuickHeal	10.00	2009.06.01	(Suspicious) - DNAScan
ClamAV	0.94.1	2009.06.02	-
Comodo	1232	2009.06.02	-
DrWeb	5.0.0.12182	2009.05.29	-
eSafe	7.0.17.0	2009.06.01	Win32.TRCrypt.XPACK
F-Prot	4.4.4.56	2009.06.02	-
F-Secure	8.0.14470.0	2009.06.02	-
Fortinet	3.117.0.0	2009.06.02	-
GData	19	2009.06.02	Win32:Trojan-gen {Other}
Ikarus	T3.1.1.57.0	2009.06.02	-
K7AntiVirus	7.10.749	2009.05.29	-
Kaspersky	7.0.0.125	2009.06.02	-
McAfee	5633	2009.06.01	-
McAfee+Artemis	5633	2009.06.01	-
McAfee-GW-Edition	6.7.6	2009.05.29	Trojan.Crypt.XPACK.Gen
Microsoft	1.4701	2009.06.02	-
NOD32	4121	2009.06.02	a variant of Win32/Kryptik.QB
Norman	6.01.05	2009.06.01	-
nProtect	2009.1.8.0	2009.06.02	-
Panda	10.0.0.14	2009.06.01	-
PCTools	4.4.2.0	2009.06.01	-
Prevx	3.0	2009.06.02	High Risk Cloaked Malware
Rising	21.32.11.00	2009.06.02	Packer.Win32.UnkPacker.a [Suspicious]
Sophos	4.42.0	2009.06.02	-
Sunbelt	3.2.1858.2	2009.06.02	-
Symantec	1.4.4.12	2009.06.02	Trojan Horse
TheHacker	6.3.4.3.335	2009.06.01	-
TrendMicro	8.950.0.1092	2009.06.02	PAK_Generic.001
VBA32	3.12.10.6	2009.06.02	-
ViRobot	2009.6.2.1764	2009.06.02	-
VirusBuster	4.6.5.0	2009.06.01	-
```

Дополнительная информация
File size: 139264 bytes
MD5...: 98d3d45974892a4a1b13c1e6767f868a


Файл tempo-4778671.tmp получен 2009.06.02 07:15:34 (UTC)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.06.02	-
AhnLab-V3	5.0.0.2	2009.06.02	-
AntiVir	7.9.0.180	2009.06.01	-
Antiy-AVL	2.0.3.1	2009.06.02	-
Authentium	5.1.2.4	2009.06.02	-
Avast	4.8.1335.0	2009.06.01	-
AVG	8.5.0.339	2009.06.01	-
BitDefender	7.2	2009.06.02	-
CAT-QuickHeal	10.00	2009.06.01	-
ClamAV	0.94.1	2009.06.02	-
Comodo	1232	2009.06.02	-
DrWeb	5.0.0.12182	2009.05.29	-
eSafe	7.0.17.0	2009.06.01	-
eTrust-Vet	31.6.6534	2009.06.02	-
F-Prot	4.4.4.56	2009.06.02	-
F-Secure	8.0.14470.0	2009.06.02	-
Fortinet	3.117.0.0	2009.06.02	-
GData	19	2009.06.02	-
Ikarus	T3.1.1.57.0	2009.06.02	-
K7AntiVirus	7.10.749	2009.05.29	-
Kaspersky	7.0.0.125	2009.06.02	-
McAfee	5633	2009.06.01	Generic Dropper.cx
McAfee+Artemis	5633	2009.06.01	Generic Dropper.cx
McAfee-GW-Edition	6.7.6	2009.05.29	Trojan.Dldr.LooksLike.CodecPack
Microsoft	1.4701	2009.06.02	-
NOD32	4121	2009.06.02	-
Norman	6.01.05	2009.06.01	-
nProtect	2009.1.8.0	2009.06.02	-
Panda	10.0.0.14	2009.06.01	-
PCTools	4.4.2.0	2009.06.01	-
Prevx	3.0	2009.06.02	Medium Risk Malware
Rising	21.32.11.00	2009.06.02	-
Sophos	4.42.0	2009.06.02	Mal/EncPk-HW
Sunbelt	3.2.1858.2	2009.06.02	-
Symantec	1.4.4.12	2009.06.02	-
TheHacker	6.3.4.3.335	2009.06.01	-
TrendMicro	8.950.0.1092	2009.06.02	-
VBA32	3.12.10.6	2009.06.02	-
ViRobot	2009.6.2.1764	2009.06.02	-
```

Дополнительная информация
File size: 114692 bytes
MD5...: 3c79a3c1be05e1691440dba10adea21d

----------


## ALEX(XX)

Файл avz00009.dta получен 2009.06.02 10:01:34 (UTC)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.06.02	Trojan-Dropper.Agent!IK
AhnLab-V3	5.0.0.2	2009.06.02	-
AntiVir	7.9.0.180	2009.06.02	-
Antiy-AVL	2.0.3.1	2009.06.02	-
Authentium	5.1.2.4	2009.06.02	-
Avast	4.8.1335.0	2009.06.01	Win32:Rootkit-gen
AVG	8.5.0.339	2009.06.01	-
BitDefender	7.2	2009.06.02	-
CAT-QuickHeal	10.00	2009.06.02	-
ClamAV	0.94.1	2009.06.02	-
Comodo	1232	2009.06.02	-
DrWeb	5.0.0.12182	2009.06.02	-
eSafe	7.0.17.0	2009.06.01	-
eTrust-Vet	31.6.6535	2009.06.02	-
F-Prot	4.4.4.56	2009.06.02	-
F-Secure	8.0.14470.0	2009.06.02	-
Fortinet	3.117.0.0	2009.06.02	-
GData	19	2009.06.02	Win32:Rootkit-gen 
Ikarus	T3.1.1.57.0	2009.06.02	-
K7AntiVirus	7.10.749	2009.05.29	-
Kaspersky	7.0.0.125	2009.06.02	-
McAfee	5633	2009.06.01	-
McAfee+Artemis	5633	2009.06.01	Artemis!7D1F4957340B
McAfee-GW-Edition	6.7.6	2009.05.29	-
Microsoft	1.4701	2009.06.02	-
NOD32	4122	2009.06.02	Win32/Delf.OIJ
Norman	6.01.05	2009.06.01	-
nProtect	2009.1.8.0	2009.06.02	-
Panda	10.0.0.14	2009.06.01	-
PCTools	4.4.2.0	2009.06.01	-
Prevx	3.0	2009.06.02	Medium Risk Malware
Rising	21.32.12.00	2009.06.02	-
Sophos	4.42.0	2009.06.02	-
Sunbelt	3.2.1858.2	2009.06.02	-
Symantec	1.4.4.12	2009.06.02	-
TheHacker	6.3.4.3.335	2009.06.01	-
TrendMicro	8.950.0.1092	2009.06.02	-
VBA32	3.12.10.6	2009.06.02	Win32.Delf.OIJ
ViRobot	2009.6.2.1764	2009.06.02	-
VirusBuster	4.6.5.0	2009.06.01	-
```

урожайный день...

----------


## Shu_b

File kb78415.dll received on 2009.06.02 12:25:06 (UTC)


```
Antivirus	Version	Last Update	Result
a-squared	4.0.0.101	2009.06.02	Trojan.Win32.FakeXPA!IK
AhnLab-V3	5.0.0.2	2009.06.02	-
AntiVir	7.9.0.180	2009.06.02	TR/Crypt.XPACK.Gen
Antiy-AVL	2.0.3.1	2009.06.02	-
Authentium	5.1.2.4	2009.06.02	-
Avast	4.8.1335.0	2009.06.01	-
AVG	8.5.0.339	2009.06.02	-
BitDefender	7.2	2009.06.02	-
CAT-QuickHeal	10.00	2009.06.02	-
ClamAV	0.94.1	2009.06.02	-
Comodo	1233	2009.06.02	-
DrWeb	5.0.0.12182	2009.06.02	-
eSafe	7.0.17.0	2009.06.01	-
eTrust-Vet	31.6.6535	2009.06.02	-
F-Prot	4.4.4.56	2009.06.02	-
F-Secure	8.0.14470.0	2009.06.02	-
Fortinet	3.117.0.0	2009.06.02	-
GData	19	2009.06.02	-
Ikarus	T3.1.1.57.0	2009.06.02	-
K7AntiVirus	7.10.749	2009.05.29	-
Kaspersky	7.0.0.125	2009.06.02	-
McAfee	5633	2009.06.01	-
McAfee+Artemis	5633	2009.06.01	-
McAfee-GW-Edition	6.7.6	2009.05.29	Trojan.Crypt.XPACK.Gen
Microsoft	1.4701	2009.06.02	-
NOD32	4122	2009.06.02	-
Norman	6.01.05	2009.06.01	-
nProtect	2009.1.8.0	2009.06.02	-
Panda	10.0.0.14	2009.06.01	-
PCTools	4.4.2.0	2009.06.02	-
Prevx	3.0	2009.06.02	-
Rising	21.32.13.00	2009.06.02	Packer.Win32.Mian007.a
Sophos	4.42.0	2009.06.02	-
Sunbelt	3.2.1858.2	2009.06.02	-
Symantec	1.4.4.12	2009.06.02	-
TheHacker	6.3.4.3.335	2009.06.01	-
TrendMicro	8.950.0.1092	2009.06.02	-
VBA32	3.12.10.6	2009.06.02	-
ViRobot	2009.6.2.1765	2009.06.02	-
VirusBuster	4.6.5.0	2009.06.01	-
```

Additional information
File size: 22528 bytes
MD5...: bd73b5d9578bea5e4a2a863538e508e6


File kb78415.exe received on 2009.06.02 12:25:10 (UTC)


```
Antivirus	Version	Last Update	Result
a-squared	4.0.0.101	2009.06.02	Trojan-Spy.Win32.Banbra!IK
AhnLab-V3	5.0.0.2	2009.06.02	-
AntiVir	7.9.0.180	2009.06.02	TR/Crypt.XPACK.Gen
Antiy-AVL	2.0.3.1	2009.06.02	-
Authentium	5.1.2.4	2009.06.02	-
Avast	4.8.1335.0	2009.06.01	-
AVG	8.5.0.339	2009.06.02	-
BitDefender	7.2	2009.06.02	-
CAT-QuickHeal	10.00	2009.06.02	-
ClamAV	0.94.1	2009.06.02	-
Comodo	1233	2009.06.02	-
DrWeb	5.0.0.12182	2009.06.02	-
eSafe	7.0.17.0	2009.06.01	-
eTrust-Vet	31.6.6535	2009.06.02	-
F-Prot	4.4.4.56	2009.06.02	-
F-Secure	8.0.14470.0	2009.06.02	-
Fortinet	3.117.0.0	2009.06.02	-
GData	19	2009.06.02	-
Ikarus	T3.1.1.57.0	2009.06.02	-
K7AntiVirus	7.10.749	2009.05.29	-
Kaspersky	7.0.0.125	2009.06.02	-
McAfee	5633	2009.06.01	-
McAfee+Artemis	5633	2009.06.01	Artemis!25B799D2FFF3
McAfee-GW-Edition	6.7.6	2009.05.29	Trojan.Crypt.XPACK.Gen
Microsoft	1.4701	2009.06.02	-
NOD32	4122	2009.06.02	-
Norman	6.01.05	2009.06.01	-
nProtect	2009.1.8.0	2009.06.02	-
Panda	10.0.0.14	2009.06.01	-
PCTools	4.4.2.0	2009.06.02	-
Prevx	3.0	2009.06.02	High Risk Worm
Rising	21.32.13.00	2009.06.02	Packer.Win32.Mian007.a
Sophos	4.42.0	2009.06.02	Mal/Generic-A
Sunbelt	3.2.1858.2	2009.06.02	-
Symantec	1.4.4.12	2009.06.02	-
TheHacker	6.3.4.3.335	2009.06.01	-
TrendMicro	8.950.0.1092	2009.06.02	-
VBA32	3.12.10.6	2009.06.02	-
ViRobot	2009.6.2.1765	2009.06.02	-
VirusBuster	4.6.5.0	2009.06.01	-
```

Additional information
File size: 59904 bytes
MD5...: 25b799d2fff302caf44e81fb1527a39b

----------


## senyak

Файл foto25.gif получен 2009.06.02 20:25:32 (UTC)
Текущий статус: закончено
Результат: 7/40 (17.5%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.0.0.101	2009.06.02	-
> AhnLab-V3	5.0.0.2	2009.06.02	-
> *AntiVir	7.9.0.180	2009.06.02	HEUR/Crypted.E*
> Antiy-AVL	2.0.3.1	2009.06.02	-
> Authentium	5.1.2.4	2009.06.02	-
> Avast	4.8.1335.0	2009.06.01	-
> *AVG	8.5.0.339	2009.06.02	Win32/Heur*
> BitDefender	7.2	2009.06.02	-
> ...


Дополнительная информация
File size: 242688 bytes
MD5...: b7a14b281aa2317a43f5913c0298839e
SHA1..: 5c8a8caed91c640860bca54cb71e10f89bd3411b
SHA256: 46b7ce26146f8a4eff7694b527dc8a30290b5105863ce6e28f  96f6a343b5c5a2
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.3%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)

----------


## mseryoga

Файл imerto.exe получен 2009.06.03 17:37:31 (UTC)



> Антивирус    Версия    Обновление    Результат
> a-squared    4.0.0.101    2009.06.03    -
> *AhnLab-V3    5.0.0.2    2009.06.03    Dropper/Xema.22016.AH*
> AntiVir    7.9.0.180    2009.06.03    -
> Antiy-AVL    2.0.3.1    2009.06.03    -
> Authentium    5.1.2.4    2009.06.03    -
> Avast    4.8.1335.0    2009.06.02    -
> AVG    8.5.0.339    2009.06.03    -
> *BitDefender    7.2    2009.06.03    MemScan:Trojan.Generic.1857123*
> ...


Дополнительная информация
File size: 24576 bytes
MD5...: 0ef0a1b5a4c2cb6fea48483cad3f0edd
SHA1..: ab56b3797530e36eb67fda5189572575bd5fa42b
SHA256: b1bf3dab51354160ddc559c6112bdf9728c33e1bd250cbf38e  b8de78d221a5ce
ssdeep: -
PEiD..: UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xe070
timedatestamp.....: 0x498d2b24 (Sat Feb 07 06:33:08 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x9000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xa000 0x5000 0x4e00 7.84 65b70b6ce4e628e9ffd2a6fd4e11a932
.rsrc 0xf000 0x1000 0x1000 4.03 0b9a77dac0dd72b3f540ad5b92609895

( 7 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> COMCTL32.dll: InitCommonControls
> GDI32.dll: SetBkColor
> MSVCRT.dll: memset
> OLE32.dll: CoInitialize
> SHELL32.dll: ShellExecuteExA
> USER32.dll: IsChild

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (Kaspersky): UPX
packers (F-Prot): UPX_LZMA

----------


## ZhIV

Файл comres.dll получен 2009.06.04 07 :20: 12 (UTC)


> Антивирус	Версия	Обновление	Результат
> a-squared	4.0.0.101	2009.06.04	Generic.Onlinegames!IK
> AhnLab-V3	5.0.0.2	2009.06.04	-
> AntiVir	7.9.0.180	2009.06.04	TR/Hijacker.Gen
> Antiy-AVL	2.0.3.1	2009.06.03	-
> Authentium	5.1.2.4	2009.06.03	W32/OnlineGames.CA.gen!Eldorado
> Avast	4.8.1335.0	2009.06.03	Win32:Agent-ACMH
> AVG	8.5.0.339	2009.06.03	PSW.Generic7.KYC
> BitDefender	7.2	2009.06.04	Generic.Onlinegames.14.07458B75
> ...


Дополнительная информация
File size: 226916 bytes
MD5...: c8d58868be435f7a807c3521de699586
SHA1..: b5d06fce40afcf5c5518083fa9e1be4b12229227
SHA256: 830ed03990bf4689b8c66d23de82b9d9bf1d9047092d56d6e1  b649c1034217a1
ssdeep: -<BR>
PEiD..: -

----------


## vlad179

Свежая зараза, с утра толком никто не знал, сейчас есть подтверждение от Касперского Trojan.JS.Agent.ahl

all.js 2009.06.06 06:11:51 (UTC)




> a-squared	4.0.0.101	2009.06.04	-
> AhnLab-V3	5.0.0.2	2009.06.05	-
> AntiVir	7.9.0.180	2009.06.05	*HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.1	2009.06.05	-
> Authentium	5.1.2.4	2009.06.05	-
> Avast	4.8.1335.0	2009.06.05	-
> AVG	8.5.0.339	2009.06.05	-
> BitDefender	7.2	2009.06.06	-
> CAT-QuickHeal	10.00	2009.06.05	-
> ...


File size: 5402 bytes
MD5...: 03702f59c147f4f05889837693ea6734
SHA1..: e7ebe562cef9d0ad8a2a6d8293e6521cdcbe3515
SHA256: 8d2243f889bf9a457928e431fc9a03f7544d941ff63c914d02  6fae26fbf1574b
ssdeep: -<br>
PEiD..: -
TrID..: File type identification<br>file seems to be plain text/ASCII (0.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-

----------


## Black Angel

Файл lsasss.exe получен 2009.06.07 14:23:42 (UTC)
Результат: 4/38 (10.53%)



> Антивирус    Версия    Обновление    Результат
> a-squared    4.0.0.101    2009.06.04    -
> AhnLab-V3    5.0.0.2    2009.06.07    -
> AntiVir    7.9.0.180    2009.06.06    -
> Antiy-AVL    2.0.3.1    2009.06.05    -
> Authentium    5.1.2.4    2009.06.06    -
> Avast    4.8.1335.0    2009.06.06    -
> AVG    8.5.0.339    2009.06.07    -
> BitDefender    7.2    2009.06.07    -
> ...

----------


## senyak

Файл codec.exe получен 2009.06.09 04:32:51 (UTC)
Текущий статус: закончено
Результат: 12/39 (30.77%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.18	2009.06.09	-
> AhnLab-V3	5.0.0.2	2009.06.08	-
> AntiVir	7.9.0.180	2009.06.08	-
> Antiy-AVL	2.0.3.1	2009.06.08	-
> Authentium	5.1.2.4	2009.06.08	-
> Avast	4.8.1335.0	2009.06.08	-
> *AVG	8.5.0.339	2009.06.08	SHeur2.AKFZ
> BitDefender	7.2	2009.06.09	Gen:Trojan.Heur.6025DA8FFE
> ...


Дополнительная информация
File size: 109571 bytes
MD5...: 6f518582e2159c94d9eb755878191c5a
SHA1..: 900488b5473f84df5885e201bf2445e7dfc9a926
SHA256: 3cbadaf4d3ab86349460a35eaab5c3a096494aef06d56c5427  0c546fa430c462
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)




Файл install.48108.exe получен 2009.06.09 04:33:46 (UTC)
Текущий статус: закончено
Результат: 17/40 (42.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.18	2009.06.09	Trojan-Downloader.Win32.CodecPack!IK*
> AhnLab-V3	5.0.0.2	2009.06.08	-
> *AntiVir	7.9.0.180	2009.06.08	TR/Dldr.CodecPack.hza.15
> Antiy-AVL	2.0.3.1	2009.06.08	Trojan/Win32.CodecPack*
> Authentium	5.1.2.4	2009.06.08	-
> Avast	4.8.1335.0	2009.06.08	-
> *AVG	8.5.0.339	2009.06.08	Downloader.Zlob.ANDE*
> BitDefender	7.2	2009.06.09	-
> ...


Дополнительная информация
File size: 96253 bytes
MD5...: 53d1428bfcd60491aa9421cdb0b8b5cd
SHA1..: 8e33282c77a6f1ce5882335b7298958140c5a79c
SHA256: 30cad740bb15d3834eca7b65acc5d39611480d698aa50c8dfb  e296ad578ea80e
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)




Файл softwarefortubeview.45013.exe получен 2009.06.09 04:39:17 (UTC)
Текущий статус: закончено
Результат: 7/40 (17.5%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.18	2009.06.09	-
> AhnLab-V3	5.0.0.2	2009.06.08	-
> AntiVir	7.9.0.180	2009.06.08	-
> Antiy-AVL	2.0.3.1	2009.06.08	-
> Authentium	5.1.2.4	2009.06.08	-
> Avast	4.8.1335.0	2009.06.08	-
> *AVG	8.5.0.339	2009.06.08	Generic13.BECY*
> BitDefender	7.2	2009.06.09	-
> ...


Дополнительная информация
File size: 80073 bytes
MD5...: 465502cf982f73cc36fcb489fe842db8
SHA1..: 6de7c78be853ef4962e4df29e7eaf799c866cd97
SHA256: e8f4d8bd8ee4f75c36d99c8a2ae12d5130ea5c2e1a1531e984  cefcc874c8b6af
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)




Файл tmp62.exe получен 2009.06.09 04:39:25 (UTC)
Текущий статус: закончено
Результат: 12/40 (30%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.18	2009.06.09	Trojan.Win32.Tdss!IK
> AhnLab-V3	5.0.0.2	2009.06.08	-
> *AntiVir	7.9.0.180	2009.06.08	SPR/Tool.Obfuscator.ET.5*
> Antiy-AVL	2.0.3.1	2009.06.08	-
> Authentium	5.1.2.4	2009.06.08	-
> Avast	4.8.1335.0	2009.06.08	-
> *AVG	8.5.0.339	2009.06.08	Injector.EH*
> BitDefender	7.2	2009.06.09	-
> ...


Дополнительная информация
File size: 91648 bytes
MD5...: 8210f79ebbb7fb95ca735b8a25b164f1
SHA1..: b4b3bd927efe143f117b2afbb084d4958932b4de
SHA256: a958cac8bb97344b1153582cfbb6b54746b6f0ce7762a71063  2c3d1708201fe9
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)




Файл pcdef.exe получен 2009.06.09 04:41:40 (UTC)
Текущий статус: закончено
Результат: 11/40 (27.5%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.18	2009.06.09	-
> AhnLab-V3	5.0.0.2	2009.06.08	-
> AntiVir	7.9.0.180	2009.06.08	-
> Antiy-AVL	2.0.3.1	2009.06.08	-
> Authentium	5.1.2.4	2009.06.08	-
> Avast	4.8.1335.0	2009.06.08	-
> AVG	8.5.0.339	2009.06.08	-
> BitDefender	7.2	2009.06.09	-
> ...


Дополнительная информация
File size: 1022976 bytes
MD5...: 30a043aacec88b00e78686c239961661
SHA1..: 1ed15d677d19ab9c7a4244f767bf9b0b973b7ce7
SHA256: b9be93c3c37292cc26207a155f413118be21ccecfd3a517727  62056196d2dced
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

----------


## VirCode

Файл page.html получен 2009.06.09 08:19:58 (UTC)
Текущий статус: закончено 
Результат: 10/40 (25.00%)



```
Антивирус	Версия	Обновление	Результат
a-squared	4.5.0.18	2009.06.09	Trojan-Downloader.JS.Psyme.cv!IK*
AhnLab-V3	5.0.0.2	2009.06.09	-
AntiVir	7.9.0.180	2009.06.08	-
Antiy-AVL	2.0.3.1	2009.06.08	-
Authentium	5.1.2.4	2009.06.08	-
Avast	4.8.1335.0	2009.06.08	JS:Redirector-Q
AVG	8.5.0.339	2009.06.08	JS/Downloader.Agent
BitDefender	7.2	2009.06.09	-
CAT-QuickHeal	10.00	2009.06.09	-
ClamAV	0.94.1	2009.06.09	-
Comodo	1291	2009.06.09	-
DrWeb	5.0.0.12182	2009.06.09	VBS.Psyme.377
eSafe	7.0.17.0	2009.06.07	-
eTrust-Vet	31.6.6548	2009.06.08	-
F-Prot	4.4.4.56	2009.06.08	-
F-Secure	8.0.14470.0	2009.06.09	-
Fortinet	3.117.0.0	2009.06.08	-
GData	19	2009.06.09	JS:Redirector-Q 
Ikarus	T3.1.1.59.0	2009.06.09	-
K7AntiVirus	7.10.757	2009.06.08	-
Kaspersky	7.0.0.125	2009.06.09	-
McAfee	5640	2009.06.08	JS/Wonka
McAfee+Artemis	5640	2009.06.08	JS/Wonka
McAfee-GW-Edition	6.7.6	2009.06.09	Exploit.HTML.Shellcode.gen (suspicious)
Microsoft	1.4701	2009.06.09	-
NOD32	4139	2009.06.08	-
Norman	6.01.09	2009.06.08	-
nProtect	2009.1.8.0	2009.06.09	-
Panda	10.0.0.14	2009.06.09	-
PCTools	4.4.2.0	2009.06.06	-
Prevx	3.0	2009.06.09	-
Rising	21.33.11.00	2009.06.09	Hack.Exploit.Script.JS.ShellCode.k
Sophos	4.42.0	2009.06.09	Mal/ObfJS-H
Sunbelt	3.2.1858.2	2009.06.09	-
Symantec	1.4.4.12	2009.06.09	-
TheHacker	6.3.4.3.342	2009.06.08	-
TrendMicro	8.950.0.1092	2009.06.09	-
VBA32	3.12.10.6	2009.06.08	-
ViRobot	2009.6.9.1774	2009.06.09	-
VirusBuster	4.6.5.0	2009.06.08	-
```

Дополнительная информация
File size: 100859 bytes
MD5   : 6b1cdd41e6bef098c4fd3cd6e88403e7
SHA1  : 09249ae71fbab37cc59a6bd218f9380347ea89c3
SHA256: 694d8a6a88440ffb0f692bc211e60374c6bed8cbd8322d06e7  c271845304ab7b
TrID  : File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
ssdeep: -
PEiD  : -
RDS   : NSRL Reference Data Set

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## valho

На компьютере нет антивируса, но вирус, как проверил, ловился всеми почти кроме Ikarus. Это... значит пойман руками?
C:\windows\system32\explorer.exe

File EXPLORER.EXE received on 2009.06.09 09:57:27 (UTC)
Current status:Finished
Result: 39/40 (97.5%)

*a-squared 4.5.0.18 - Virus.Win32.VB.bu!IK
AhnLab-V3	5.0.0.2 - Win-Trojan/KorGameHack.36864.B*
A*ntiVir 7.9.0.180 - W32/VB.BU
Antiy-AVL 2.0.3.1	 - Virus/Win32.VB
Authentium	5.1.2.4 - W32/Legendmir.CTS
Avast	 4.8.1335.0 - Win32:detnat-AX
AVG 8.5.0.339 - Generic2.FRK
BitDefender	7.2 - Trojan.PWS.OnlineGames.WJP
CAT-QuickHeal 10.00 - Worm.VB.bu
ClamAV 0.94.1 - Trojan.VB-420
Comodo 1291 - Worm.Win32.VB.NHZ
DrWeb 5.0.0.12182 - BackDoor.Generic.1451
eSafe	 7.0.17.0 - Virus.Win32.VB.bu
eTrust-Vet	31.6.6549 - Win32/Jampork.D
F-Prot 4.4.4.56 - W32/Legendmir.CTS
F-Secure 8.0.14470.0 - Virus.Win32.VB.bu
Fortinet 3.117.0.0 - W32/VB.BU!tr
GData 19 - Trojan.PWS.OnlineGames.WJP*
IkarusT3.1.1.59.0 -
*K7AntiVirus	7.10.757 - Worm.Win32.VB
Kaspersky 7.0.0.125 - Virus.Win32.VB.bu
McAfee 5640 - Generic PWS.g
McAfee+Artemis 5640 - Generic PWS.g
McAfee-GW-Edition 6.7.6 - Win32.VB.BU
Microsoft 1.4701 - Virus:Win32/VB.BU
NOD32 4140 - Win32/VB.NHZ
Norman 6.01.09 - W32/VBTroj.DVG
nProtect 2009.1.8.0 - Trojan/W32.Agent.36864.R
Panda 10.0.0.14 - Trj/Gamania.HL
PCTools 4.4.2.0 - Worm.AutoRun.J
Prevx	3.0 - Medium Risk Malware
Rising	 21.33.12.00 - Trojan.Win32.VB.zrd
Sophos 4.42.0 - Troj/Gampass-A
Sunbelt 3.2.1858.2 - Infostealer.Lineage
Symantec 1.4.4.12 - Infostealer.Lineage
TheHacker 6.3.4.3.342 - Trojan/VB.atv
TrendMicro	8.950.0.1092 - WORM_VB.DVP
VBA32 3.12.10.6 - Win32.VB.NHZ
ViRobot 2009.6.9.1774 - Trojan.Win32.PSWKGame.36864
VirusBuster	4.6.5.0 - Worm.AutoRun.J
*
Additional information
File size: 36864 bytes
MD5...: 1eb40158ddee938b5e40af9e66c3e1b7
SHA1..: 651768e6150e44ba75759ea0a3e9e5ac2bbd16f8
SHA256: ad6e57c05bcdd11afde9d328fbff56cbdcdf27de70adf02791  2689d7744906e1

TrID..: File type identification
Win32 Executable Microsoft Visual Basic 6 (86.2%)
Win32 Executable Generic (5.8%)
Win32 Dynamic Link Library (generic) (5.1%)
Generic Win/DOS Executable (1.3%)
DOS Executable Generic (1.3%)

P.S. Такое творится в новом, самом большом роддоме в Европе который рядом со мной построили


[moderated]


> Т.е. которых не видел установленный на компютере антивирус.


Это не относится к тестированию антивирусов, это разгильдяйство...

----------


## valho

> Последний раз редактировалось Shu_b; Сегодня в 12:12  Причина: вне зачёта...


Вах  :Smiley:  
Хорошо что тут есть сподвижники, а то там куда иногда хожу одни неадекваты

----------


## senyak

Файл Jimm2009.jar получен 2009.06.12 19:30:29 (UTC)
Текущий статус: закончено
Результат: 10/39 (25.65%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.18	2009.06.12	-
> AhnLab-V3	5.0.0.2	2009.06.12	-
> AntiVir	7.9.0.187	2009.06.12	-
> *Antiy-AVL	2.0.3.1	2009.06.12	Trojan/J2ME.Swapi*
> Authentium	5.1.2.4	2009.06.12	-
> *Avast	4.8.1335.0	2009.06.12	Other:Malware-gen
> AVG	8.5.0.339	2009.06.12	Java/Swapi*
> BitDefender	7.2	2009.06.12	-
> ...


Дополнительная информация
File size: 135727 bytes
MD5...: 7d79377f1762699a9ca742b9228c47fc
SHA1..: 104f318995681d842b2967f866375bbe93db9b03
SHA256: bdb3d1dd263064aa54790372927077abaf131f5e45cb003b1a  d7a7b919d32d76
ssdeep: -
PEiD..: -
TrID..: File type identification
Java Archive (78.2%)
ZIP compressed archive (21.5%)
Sybase iAnywhere database files (0.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set



Файл nazvanie.jar получен 2009.06.12 19:26:44 (UTC)
Текущий статус: закончено
Результат: 13/39 (33.34%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.18	2009.06.12	-
> AhnLab-V3	5.0.0.2	2009.06.12	-
> *AntiVir	7.9.0.187	2009.06.12	JAVA/Boxer.1
> Antiy-AVL	2.0.3.1	2009.06.12	Trojan/J2ME.Boxer*
> Authentium	5.1.2.4	2009.06.12	-
> *Avast	4.8.1335.0	2009.06.12	Other:Malware-gen
> AVG	8.5.0.339	2009.06.12	Java/SMS.C*
> BitDefender	7.2	2009.06.12	-
> ...


Дополнительная информация
File size: 17383 bytes
MD5...: dc617d7a363fb020e7eeb102a9362b9a
SHA1..: ce5f7557876c5dd89a556dc670340cb4aad54df6
SHA256: 2b8cc58e9228189f91e40fba7d25f80ada0887247b62ea22a2  3c1ef4a9c3fcd6
ssdeep: -
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

----------


## ISO

Прислали в ICQ с просьбой познакомиться и если есть желание сразу фотку посмотреть. Мой KIS промолчал, базы от 14.06.2009, вижу что за 15.06 уже детект есть.
File foto.jar received on 2009.06.15 03:53:24 (UTC)
Result: 7/39 (17.95%)



```
Antivirus 	Version 	Last Update 	Result

a-squared	4.5.0.18	2009.06.15	-
AhnLab-V3	5.0.0.2	2009.06.14	-
AntiVir	7.9.0.187	2009.06.14	-
Antiy-AVL	2.0.3.1	2009.06.12	Trojan/J2ME.Boxer
Authentium	5.1.2.4	2009.06.14	-
Avast	4.8.1335.0	2009.06.14	-
AVG	8.5.0.339	2009.06.14	Java/SMS.B
BitDefender	7.2	2009.06.15	-
CAT-QuickHeal	10.00	2009.06.15	-
ClamAV	0.94.1	2009.06.15	-
Comodo	1331	2009.06.15	TrojWare.J2ME.SMS.Boxer.g
DrWeb	5.0.0.12182	2009.06.15	Java.SMSSend.36
eSafe	7.0.17.0	2009.06.11	-
eTrust-Vet	31.6.6556	2009.06.12	-
F-Prot	4.4.4.56	2009.06.14	-
F-Secure	8.0.14470.0	2009.06.15	Trojan-SMS.J2ME.Boxer.g
Fortinet	3.117.0.0	2009.06.15	-
GData	19	2009.06.15	-
Ikarus	T3.1.1.59.0	2009.06.15	Trojan-SMS
K7AntiVirus	7.10.762	2009.06.12	-
Kaspersky	7.0.0.125	2009.06.15	Trojan-SMS.J2ME.Boxer.g
McAfee	5646	2009.06.14	-
McAfee+Artemis	5646	2009.06.14	-
Microsoft	1.4701	2009.06.14	-
NOD32	4153	2009.06.14	-
Norman	6.01.09	2009.06.12	-
nProtect	2009.1.8.0	2009.06.14	-
Panda	10.0.0.14	2009.06.14	-
PCTools	4.4.2.0	2009.06.12	-
Prevx	3.0	2009.06.15	-
Rising	21.34.00.00	2009.06.15	-
Sophos	4.42.0	2009.06.15	-
Sunbelt	3.2.1858.2	2009.06.14	-
Symantec	1.4.4.12	2009.06.15	-
TheHacker	6.3.4.3.345	2009.06.13	-
TrendMicro	8.950.0.1092	2009.06.15	-
VBA32	3.12.10.7	2009.06.14	-
ViRobot	2009.6.15.1786	2009.06.15	-
VirusBuster	4.6.5.0	2009.06.14	-
```

Additional information
File size: 15921 bytes
MD5...: a377419041614e0042d0d27cfc3dd54c
SHA1..: f3fc9cbf527b4f48ec62954a36a27591cee4f5a6
SHA256: c0377103f1454c29a0e381d9d7b338dfd47fda0e705c33bd75  4b5864e313f15b
ssdeep: -
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

----------


## Kuzz

Файл jimm_2010.jar получен 2009.06.15 11:50:57 (UTC)


```
Антивирус  Версия  Обновление  Результат

  a-squared  4.5.0.18  2009.06.15  -
  AhnLab-V3  5.0.0.2  2009.06.15  -
  AntiVir  7.9.0.187  2009.06.15  JAVA/SMS.Konov.J
  Antiy-AVL  2.0.3.1  2009.06.15  Trojan/J2ME.Konov
  Authentium  5.1.2.4  2009.06.14  -
  Avast  4.8.1335.0  2009.06.14  -
  AVG  8.5.0.339  2009.06.15  -
  BitDefender  7.2  2009.06.15  -
  CAT-QuickHeal  10.00  2009.06.15  -
  ClamAV  0.94.1  2009.06.15  -
  Comodo  1335  2009.06.15  -
  DrWeb  5.0.0.12182  2009.06.15  -
  eSafe  7.0.17.0  2009.06.11  -
  eTrust-Vet  31.6.6556  2009.06.12  -
  F-Prot  4.4.4.56  2009.06.14  -
  F-Secure  8.0.14470.0  2009.06.15  Trojan-SMS.J2ME.Konov.j
  Fortinet  3.117.0.0  2009.06.15  -
  GData  19  2009.06.15  -
  Ikarus  T3.1.1.59.0  2009.06.15  Trojan-SMS
  Jiangmin  11.0.706  2009.06.15  -
  K7AntiVirus  7.10.762  2009.06.12  -
  Kaspersky  7.0.0.125  2009.06.15  Trojan-SMS.J2ME.Konov.j
  McAfee  5646  2009.06.14  -
  McAfee+Artemis  5646  2009.06.14  -
  McAfee-GW-Edition  6.7.6  2009.06.15  Java.SMS.Konov.J
  Microsoft  1.4701  2009.06.15  -
  NOD32  4154  2009.06.15  -
  Norman  6.01.09  2009.06.12  -
  nProtect  2009.1.8.0  2009.06.15  -
  Panda  10.0.0.14  2009.06.14  -
  PCTools  4.4.2.0  2009.06.12  -
  Prevx  3.0  2009.06.15  -
  Rising  21.34.03.00  2009.06.15  -
  Sophos  4.42.0  2009.06.15  -
  Sunbelt  3.2.1858.2  2009.06.14  -
  Symantec  1.4.4.12  2009.06.15  -
  TheHacker  6.3.4.3.345  2009.06.13  -
  TrendMicro  8.950.0.1092  2009.06.15  -
  VBA32  3.12.10.7  2009.06.14  -
  ViRobot  2009.6.15.1787  2009.06.15  -
```

  Дополнительная информация
  File size: 4559 bytes
  MD5...: 3f8f3882c10fed6214761516477234bd
  SHA1..: b962085f5636b89d014aa117cefc8f410719766e
  SHA256: c378f380bb5ad7fdf1666311e32a8c3a83d00667b1cff14d50  6d7ad1c1be71a3
  ssdeep: -<BR>
  PEiD..: -
  TrID..: File type identification<BR>Java Archive (78.3%)<BR>ZIP compressed archive (21.6%)
  PEInfo: -
  PDFiD.: -
  RDS...: NSRL Reference Data Set<BR>-

----------


## senyak

Файл foto32.scr получен 2009.06.15 18:13:29 (UTC)
Текущий статус: закончено
Результат: 8/40 (20%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.18	2009.06.15	-
> AhnLab-V3	5.0.0.2	2009.06.15	-
> AntiVir	7.9.0.187	2009.06.15	-
> Antiy-AVL	2.0.3.1	2009.06.15	-
> Authentium	5.1.2.4	2009.06.15	-
> Avast	4.8.1335.0	2009.06.15	-
> *AVG	8.5.0.339	2009.06.15	Win32/Cryptor*
> BitDefender	7.2	2009.06.15	-
> ...


Дополнительная информация
File size: 130560 bytes
MD5...: 169e0a8ff6f8b45867895920175ff750
SHA1..: c0a41237b693ebb1932374e9da2d80fb8386549e
SHA256: 2b1120be498560d7670b20227f7b8b8269c7343c83b5052e01  1d17be50b58840
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.3%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)

----------


## PavelA

"История болезни" - http://virusinfo.info/showthread.php?t=47970
*C:\WINDOWS\system32\drivers\jcnpuznxjmabh.sys*
Файл avz00002.dta получен 2009.06.16 08:52:44 (UTC)



> Антивирус Версия Обновление Результат 
> *a-squared 4.5.0.18 2009.06.16 Backdoor.Winnt!IK* 
> AhnLab-V3 5.0.0.2 2009.06.16 - 
> AntiVir 7.9.0.187 2009.06.16 - 
> Antiy-AVL 2.0.3.1 2009.06.15 - 
> Authentium 5.1.2.4 2009.06.15 - 
> Avast 4.8.1335.0 2009.06.15 - 
> AVG 8.5.0.339 2009.06.15 - 
> BitDefender 7.2 2009.06.16 - 
> ...

----------


## ISO

Сидел у пользователя в автозагрузке, KIS молчал и лишь изредка что то шептала проактивка, правда сетевой экран стоял на "Разрешать всё")))

 File ______.exe received on 2009.06.16 10:26:13 (UTC)



```
Antivirus 	Version 	Last Update 	Result

a-squared	4.5.0.18	2009.06.16	Trojan-Dropper.Cutwail!IK
AhnLab-V3	5.0.0.2	2009.06.16	Win-Trojan/Downloader.21090.B
AntiVir	7.9.0.187	2009.06.16	TR/Drop.Cutwail.EI
Antiy-AVL	2.0.3.1	2009.06.16	-
Authentium	5.1.2.4	2009.06.15	-
Avast	4.8.1335.0	2009.06.15	-
AVG	8.5.0.339	2009.06.15	Win32/Cryptor
BitDefender	7.2	2009.06.16	Trojan.Dropper.Cutwail.EI
CAT-QuickHeal	10.00	2009.06.16	-
ClamAV	0.94.1	2009.06.16	-
Comodo	1341	2009.06.16	-
DrWeb	5.0.0.12182	2009.06.16	-
eSafe	7.0.17.0	2009.06.15	-
eTrust-Vet	31.6.6560	2009.06.15	-
F-Prot	4.4.4.56	2009.06.15	-
F-Secure	8.0.14470.0	2009.06.16	-
Fortinet	3.117.0.0	2009.06.16	-
GData	19	2009.06.16	Trojan.Dropper.Cutwail.EI
Ikarus	T3.1.1.59.0	2009.06.16	Trojan-Dropper.Cutwail
Jiangmin	11.0.706	2009.06.16	-
K7AntiVirus	7.10.762	2009.06.12	-
Kaspersky	7.0.0.125	2009.06.16	-
McAfee	5647	2009.06.15	Cutwail
McAfee+Artemis	5647	2009.06.15	Cutwail
McAfee-GW-Edition	6.7.6	2009.06.16	Trojan.Drop.Cutwail.EI
Microsoft	1.4701	2009.06.16	TrojanDownloader:Win32/Cutwail.AI
NOD32	4158	2009.06.16	a variant of Win32/Wigon.LC
Norman	6.01.09	2009.06.15	-
nProtect	2009.1.8.0	2009.06.16	Trojan/W32.Agent.21090.B
Panda	10.0.0.14	2009.06.16	-
PCTools	4.4.2.0	2009.06.12	-
Prevx	3.0	2009.06.16	Medium Risk Malware
Rising	21.34.11.00	2009.06.16	-
Sophos	4.42.0	2009.06.16	Mal/Generic-A
Sunbelt	3.2.1858.2	2009.06.16	-
Symantec	1.4.4.12	2009.06.16	-
TheHacker	6.3.4.3.345	2009.06.15	-
TrendMicro	8.950.0.1094	2009.06.16	-
VBA32	3.12.10.7	2009.06.16	-
ViRobot	2009.6.16.1789	2009.06.16	-
VirusBuster	4.6.5.0	2009.06.15	-
```

Additional information
File size: 21090 bytes
MD5...: 6d3589c7dc8968123c8c6127ff7af184
SHA1..: 85cb6467212ab1cf8e663053ea8b3ad05d17a633
SHA256: a78e1cb2de5a48ab9ddc89f30b949efa0b05255558b7c75717  9e5eff178ba8ce
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10d4
timedatestamp.....: 0x4a32c5a3 (Fri Jun 12 21:16:19 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7d6 0x7da 6.22 b2ea1bb19a9e7a910a937c3538e65190
.data 0x2000 0x4c4 0x4c6 4.71 c704989cf0d5b5927788a65f2198dcbc
.rsrc 0x3000 0x4260 0x4262 7.98 7aafd7651f89f01bc9e36fed04684272

( 2 imports )
> KERNEL32.dll: CloseHandle, CreateFileA, ExitProcess, GetModuleFileNameA, GetModuleHandleA, GetSystemInfo, GetVersionExA, LocalAlloc, ReadFile, Sleep
> USER32.dll: BeginPaint, BlockInput, CharLowerA, CharUpperA, CloseWindowStation, CreateDialogParamA, CreateWindowExA, DefWindowProcA, DispatchMessageA, EndDialog, EndPaint, FindWindowA, FlashWindow, GetAsyncKeyState, GetClassInfoExA, GetMessageA, GetProcessWindowStation, GetTopWindow, MessageBoxA, OpenWindowStationA, RegisterWindowMessageA, SetDlgItemInt, SetFocus, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set


А это видимо один из файлов, которые он уже накачал на комп (сидел во временной папке пользователя)
 File BN3.tmp received on 2009.06.16 10:26:41 (UTC)



```
Antivirus 	Version 	Last Update 	Result

a-squared	4.5.0.18	2009.06.16	Trojan-Dropper.Kobcka!IK
AhnLab-V3	5.0.0.2	2009.06.16	Win-Trojan/Agent.32629
AntiVir	7.9.0.187	2009.06.16	TR/Drop.Cutwail.DF
Antiy-AVL	2.0.3.1	2009.06.16	-
Authentium	5.1.2.4	2009.06.15	-
Avast	4.8.1335.0	2009.06.15	Win32:Cutwail-T
AVG	8.5.0.339	2009.06.15	Win32/Cryptor
BitDefender	7.2	2009.06.16	Trojan.Dropper.Cutwail.DF
CAT-QuickHeal	10.00	2009.06.16	-
ClamAV	0.94.1	2009.06.16	-
Comodo	1341	2009.06.16	-
DrWeb	5.0.0.12182	2009.06.16	Trojan.DownLoad.38459
eSafe	7.0.17.0	2009.06.15	-
eTrust-Vet	31.6.6560	2009.06.15	-
F-Prot	4.4.4.56	2009.06.15	-
F-Secure	8.0.14470.0	2009.06.16	-
Fortinet	3.117.0.0	2009.06.16	-
GData	19	2009.06.16	Trojan.Dropper.Cutwail.DF
Ikarus	T3.1.1.59.0	2009.06.16	Trojan-Dropper.Kobcka
Jiangmin	11.0.706	2009.06.16	-
K7AntiVirus	7.10.762	2009.06.12	-
Kaspersky	7.0.0.125	2009.06.16	-
McAfee	5647	2009.06.15	Cutwail
McAfee+Artemis	5647	2009.06.15	Cutwail
McAfee-GW-Edition	6.7.6	2009.06.16	Win32.NewMalware.HF
Microsoft	1.4701	2009.06.16	-
NOD32	4158	2009.06.16	a variant of Win32/Wigon.LC
Norman	6.01.09	2009.06.15	-
nProtect	2009.1.8.0	2009.06.16	Trojan/W32.Agent.32629
Panda	10.0.0.14	2009.06.16	-
PCTools	4.4.2.0	2009.06.12	-
Prevx	3.0	2009.06.16	High Risk Cloaked Malware
Rising	21.34.11.00	2009.06.16	-
Sophos	4.42.0	2009.06.16	Mal/Generic-A
Sunbelt	3.2.1858.2	2009.06.16	-
Symantec	1.4.4.12	2009.06.16	-
TheHacker	6.3.4.3.345	2009.06.15	-
TrendMicro	8.950.0.1094	2009.06.16	-
VBA32	3.12.10.7	2009.06.16	-
ViRobot	2009.6.16.1789	2009.06.16	-
```

Additional information
File size: 32629 bytes
MD5...: 1b4fbaed15a32ef6c2907a1f916373c4
SHA1..: 0374f78bfebf09b6ae9ddc8f9673241c44493fe8
SHA256: fc497c3f409af5d63340c82a4e58ac3e6f653be8b50aad5494  b20c890499122b
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10d4
timedatestamp.....: 0x4a2e5aff (Tue Jun 09 12:52:15 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x76a 0x76e 6.27 e3bf8a4721be2fc8406165504b4ae02b
.data 0x2000 0x43e 0x440 4.57 029bb8a75438155af08de3b36a7ab371
.rsrc 0x3000 0x6f78 0x6f75 7.99 cc41339d8c9cd636097379d17d548acf

( 2 imports )
> KERNEL32.dll: GetModuleHandleA, GetSystemInfo, GetVersionExA, LocalAlloc, Sleep, ExitProcess
> USER32.dll: BeginPaint, BlockInput, CharLowerA, CharUpperA, CloseWindowStation, CreateDialogParamA, CreateWindowExA, DispatchMessageA, EndDialog, EndPaint, FindWindowA, FlashWindow, GetAsyncKeyState, GetClassInfoExA, GetProcessWindowStation, GetTopWindow, MessageBoxA, OpenWindowStationA, RegisterWindowMessageA, SetDlgItemInt, SetFocus, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-

----------


## Kuzz

> А это видимо один из файлов, которые он уже накачал на комп (сидел во временной папке пользователя)


Скорее защитно-нагрузочный модуль этого же троя...




```
Файл 8358902Anonim_SMS.jar получен 2009.06.16 17:21:39 (UTC)
Антивирус	Версия	Обновление	Результат

a-squared	4.5.0.18	2009.06.16	-
AhnLab-V3	5.0.0.2	2009.06.16	-
AntiVir	7.9.0.187	2009.06.16	-
Antiy-AVL	2.0.3.1	2009.06.16	-
Authentium	5.1.2.4	2009.06.16	-
Avast	4.8.1335.0	2009.06.15	-
AVG	8.5.0.339	2009.06.16	-
BitDefender	7.2	2009.06.16	-
CAT-QuickHeal	10.00	2009.06.16	-
ClamAV	0.94.1	2009.06.16	-
Comodo	1341	2009.06.16	-
DrWeb	5.0.0.12182	2009.06.16	-
eSafe	7.0.17.0	2009.06.16	-
eTrust-Vet	31.6.6563	2009.06.16	-
F-Prot	4.4.4.56	2009.06.15	-
F-Secure	8.0.14470.0	2009.06.16	Trojan-SMS.J2ME.Swapi.e
Fortinet	3.117.0.0	2009.06.16	-
GData	19	2009.06.16	-
Ikarus	T3.1.1.59.0	2009.06.16	Trojan-SMS
Jiangmin	11.0.706	2009.06.16	-
K7AntiVirus	7.10.765	2009.06.16	-
Kaspersky	7.0.0.125	2009.06.16	Trojan-SMS.J2ME.Swapi.e
McAfee	5648	2009.06.16	-
McAfee+Artemis	5648	2009.06.16	-
McAfee-GW-Edition	6.7.6	2009.06.16	-
Microsoft	1.4701	2009.06.16	Trojan:Java/Swapi.D
NOD32	4160	2009.06.16	-
Norman	6.01.09	2009.06.16	-
nProtect	2009.1.8.0	2009.06.16	-
Panda	10.0.0.14	2009.06.16	-
PCTools	4.4.2.0	2009.06.12	-
Prevx	3.0	2009.06.16	-
Rising	21.34.13.00	2009.06.16	-
Sophos	4.42.0	2009.06.16	-
Sunbelt	3.2.1858.2	2009.06.16	-
Symantec	1.4.4.12	2009.06.16	-
TheHacker	6.3.4.3.345	2009.06.15	-
TrendMicro	8.950.0.1094	2009.06.16	-
VBA32	3.12.10.7	2009.06.16	-
ViRobot	2009.6.16.1789	2009.06.16	-
VirusBuster	4.6.5.0	2009.06.16	-
```

Дополнительная информация
File size: 2611 bytes
MD5...: 09a1965eb43cda5da481f457247e749f
SHA1..: d7bf7fc7735e5a84e63319c330adb94814fd71eb
SHA256: 8d92b41a86a05c52b2392f6e0a39b7c3e77d22ee4443b56c53  8552beea25618d
ssdeep: -<br>
PEiD..: -
TrID..: File type identification<br>Java Archive (78.3%)<br>ZIP compressed archive (21.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-

ЗЫ. Как уже достали эти смс-трои..

----------


## senyak

Файл 111 получен 2009.06.17 07:38:58 (UTC)
Текущий статус: закончено
Результат: 8/41 (19.52%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.18	2009.06.17	Virus.JS.Decdec.A!IK*
> AhnLab-V3	5.0.0.2	2009.06.17	-
> *AntiVir	7.9.0.187	2009.06.17	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.1	2009.06.16	-
> Authentium	5.1.2.4	2009.06.16	-
> Avast	4.8.1335.0	2009.06.16	-
> AVG	8.5.0.339	2009.06.17	-
> BitDefender	7.2	2009.06.17	-
> ...


Дополнительная информация
File size: 1415 bytes
MD5...: 96d22822880e75d8eefe4928302a5f51
SHA1..: 4c059e1c637636822ae99a882f54bd9c30d859d8
SHA256: 96f3a2f941e946bb0df563a7cc74817dff7c92e2c9f0f990d2  e21bfad382eebd
ssdeep: -
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

----------


## PavelA

Сегодняшний улов:
Src=C:\windows\system32\drivers\MSIVXjgvuhkorridxb  npytpedckukvxibtwwg.sys

Файл avz00002.dta получен 2009.06.17 10:29:11 (UTC)



> Антивирус Версия Обновление Результат 
> *a-squared 4.5.0.18 2009.06.17 Trojan.WinNT!IK* 
> AhnLab-V3 5.0.0.2 2009.06.17 - 
> AntiVir 7.9.0.187 2009.06.17 - 
> Antiy-AVL 2.0.3.1 2009.06.17 - 
> Authentium 5.1.2.4 2009.06.16 - 
> *Avast 4.8.1335.0 2009.06.16 Win32:Alureon-BS* 
> AVG 8.5.0.339 2009.06.17 - 
> BitDefender 7.2 2009.06.17 - 
> ...

----------


## ISO

Сидел в автозагрузке и устанавливал соединение с ip 78.129.158.88
File winamp1.exe received on 2009.06.17 10:47:43 (UTC)




```
Antivirus 	Version 	Last Update 	Result

a-squared	4.5.0.18	2009.06.17	Virus.Worm.Win32.AutoRun!IK
AhnLab-V3	5.0.0.2	2009.06.17	-
AntiVir	7.9.0.187	2009.06.17	Worm/Autorun.apui
Antiy-AVL	2.0.3.1	2009.06.17	-
Authentium	5.1.2.4	2009.06.16	-
Avast	4.8.1335.0	2009.06.16	-
AVG	8.5.0.339	2009.06.17	Worm/Generic.ABYX
BitDefender	7.2	2009.06.17	-
CAT-QuickHeal	10.00	2009.06.17	Worm.AutoRun.apui
ClamAV	0.94.1	2009.06.17	-
Comodo	1349	2009.06.17	-
DrWeb	5.0.0.12182	2009.06.17	Trojan.MulDrop.31990
eSafe	7.0.17.0	2009.06.16	-
eTrust-Vet	31.6.6564	2009.06.17	-
F-Prot	4.4.4.56	2009.06.16	-
Fortinet	3.117.0.0	2009.06.17	W32/AutoRun.APUI!worm
GData	19	2009.06.17	-
Ikarus	T3.1.1.59.0	2009.06.17	Virus.Worm.Win32.AutoRun
Jiangmin	11.0.706	2009.06.17	-
K7AntiVirus	7.10.765	2009.06.16	-
Kaspersky	7.0.0.125	2009.06.17	Worm.Win32.AutoRun.apui
McAfee	5648	2009.06.16	-
McAfee+Artemis	5648	2009.06.16	Artemis!0B988853939D
McAfee-GW-Edition	6.7.6	2009.06.17	Worm.Autorun.apui
Microsoft	1.4701	2009.06.17	-
NOD32	4162	2009.06.17	a variant of Win32/Injector.QJ
Norman	6.01.09	2009.06.16	-
nProtect	2009.1.8.0	2009.06.17	-
Panda	10.0.0.14	2009.06.16	Suspicious file
PCTools	4.4.2.0	2009.06.12	-
Prevx	3.0	2009.06.17	Email High Risk Worm
Rising	21.34.23.00	2009.06.17	-
Sophos	4.42.0	2009.06.17	-
Sunbelt	3.2.1858.2	2009.06.17	-
Symantec	1.4.4.12	2009.06.17	-
TheHacker	6.3.4.3.347	2009.06.17	-
TrendMicro	8.950.0.1094	2009.06.17	-
VBA32	3.12.10.7	2009.06.17	-
ViRobot	2009.6.17.1792	2009.06.17	-
VirusBuster	4.6.5.0	2009.06.16	-
```

Additional information
File size: 163880 bytes
MD5...: 0b988853939d6c5f8c96fb902e76b9f6
SHA1..: 547283cc8048c8fb11106b4bbc4097bf605804d1
SHA256: 2c23a6661783d7c77dae7ca939018f838c3ca5745e8882e548  a11cbe3c9373b2
ssdeep: 3072:BN87KddemDnj6+x6KhkqzhvABKHXDLYaIO+PWzOM :lol: 87K7FD2QGK3lIA
PEiD..: -
TrID..: File type identification
Win32 Executable Microsoft Visual Basic 6 (90.9%)
Win32 Executable Generic (6.1%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1618
timedatestamp.....: 0x4a1f9bc1 (Fri May 29 08:24:33 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xebec 0xf000 5.47 350af5f7907d11a42a44315d2f81b0a8
.data 0x10000 0x50c 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x11000 0x16e89 0x17000 7.23 3c6ba12817cc927e204c80b3cb1930cb

( 1 imports )
> MSVBVM60.DLL: __vbaVarSub, _CIcos, _adj_fptan, __vbaVarMove, __vbaAryMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, -, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaSetSystemError, __vbaRecDestruct, __vbaHresultCheckObj, __vbaVargVarCopy, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, -, _CIsin, -, __vbaErase, -, __vbaVarZero, __vbaChkstk, -, __vbaFileClose, __vbaGenerateBoundsError, __vbaStrCmp, __vbaPutOwner3, __vbaAryConstruct2, -, __vbaI2I4, DllFunctionCall, -, __vbaLbound, __vbaRedimPreserve, _adj_fpatan, __vbaFixstrConstruct, __vbaRedim, __vbaRecUniToAnsi, __vbaUI1I2, _CIsqrt, __vbaExceptHandler, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, -, __vbaInStrVar, __vbaUbound, __vbaStrVarVal, __vbaGetOwner3, __vbaVarCat, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, __vbaVar2Vec, -, -, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, -, __vbaI4Str, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaI4Var, __vbaVarCmpEq, __vbaAryLock, __vbaVarDup, __vbaStrToAnsi, __vbaAryVarVarg, __vbaFpI4, __vbaVarCopy, -, _CIatan, __vbaAryCopy, __vbaStrMove, __vbaStrVarCopy, -, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeObj, __vbaI4ErrVar, __vbaFreeStr

( 0 exports )
PDFiD.: -

----------


## senyak

Файл AgentSetup.exe получен 2009.06.17 13:52:41 (UTC)
Текущий статус: закончено
Результат: 7/41 (17.07%)



> Антивирус 	Версия 	Обновление 	Результат
> a-squared 	4.5.0.18 	2009.06.17 	-
> AhnLab-V3 	5.0.0.2 	2009.06.17 	-
> AntiVir 	7.9.0.187 	2009.06.17 	-
> Antiy-AVL 	2.0.3.1 	2009.06.17 	-
> Authentium 	5.1.2.4 	2009.06.16 	-
> Avast 	4.8.1335.0 	2009.06.16 	-
> *AVG 	8.5.0.339 	2009.06.17 	Downloader.Agent2.DFN*
> BitDefender 	7.2 	2009.06.17 	-
> ...


Дополнительная информация
File size: 1747415 bytes
MD5   : e1e9a39388aab756728fc714afebb6d2
SHA1  : d40d69b0c77685fba67bfc421181691967abc758
SHA256: 1aa26e8015a9f73b18011ec389d7db133576dd774be291a469  921351066f6bf0
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x30CB
timedatestamp.....: 0x498A480F (Thu Feb 5 02:59:43 2009)
machinetype.......: 0x14C (Intel I386)

----------


## valho

File InfinityOptimizer_Install.exe received on 2009.06.17 19:53:26 (UTC)
Current status: Finished
Result: 0/41 (0%)




> a-squared	4.5.0.18	2009.06.17	-
> AhnLab-V3	5.0.0.2	2009.06.17	-
> AntiVir	7.9.0.187	2009.06.17	-
> Antiy-AVL	2.0.3.1	2009.06.17	-
> Authentium	5.1.2.4	2009.06.17	-
> Avast	4.8.1335.0	2009.06.17	-
> AVG	8.5.0.339	2009.06.17	-
> BitDefender	7.2	2009.06.17	-
> CAT-QuickHeal	10.00	2009.06.17	-
> ...


Additional information
File size: 9342397 bytes
MD5...: e67b1b23a53f3fbfd035cea9978730d1
SHA1..: 87cd1babf3da178ad3cc820df6d194f566981f7c
SHA256: 8b8fbe2770a4897dcb4a2c0271c1fac590500c8a86231168e2  1f206b515f040b
ssdeep: 196608:7+QX7Fc/XeNXJ056S4V0GURIbTxSReyEus8:7+hedSy0PkTgdh
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
packers (Kaspersky): ASPack
RDS   : NSRL Reference Data Set
-

----------


## Torvic99

Вчера поймал, нод отреагировал эвристикой. касперский уже знает



> Файл codec.exe получен 2009.06.18 06:29:18 (UTC)
> Антивирус            Версия            Обновление            Результат 
> *a-squared 4.5.0.18 2009.06.18 Trojan-Downloader.Win32.FakeRean!IK*
> AhnLab-V3 5.0.0.2 2009.06.17-
> *AntiVir 7.9.0.187 2009.06.17 TR/Drop.Agent.sca*
> Antiy-AVL 2.0.3.1 2009.06.17-
> Authentium 5.1.2.4 2009.06.17-
> *Avast 4.8.1335.0 2009.06.17 Win32:Trojan-gen {Other}*
> *AVG 8.5.0.339 2009.06.17 Generic13.BIIQ*
> ...

----------


## PavelA

Src=C:\Documents and Settings\user\Application Data\sdra64.exe из "Помогите"




> Антивирус Версия Обновление Результат 
> a-squared 4.5.0.18 2009.06.18 - 
> AhnLab-V3 5.0.0.2 2009.06.18 - 
> *AntiVir 7.9.0.191 2009.06.18 TR/Dropper.Gen* 
> Antiy-AVL 2.0.3.1 2009.06.18 - 
> Authentium 5.1.2.4 2009.06.17 - 
> *Avast 4.8.1335.0 2009.06.17 Win32:Walivun 
> AVG 8.5.0.339 2009.06.17 Injector.EG 
> BitDefender 7.2 2009.06.18 Gen:Trojan.Heur.Hype.A097686868 
> ...


Странно сегодня ВТ работает. Сканер Касперского куда-то делся.

*Добавлено через 5 часов 30 минут*

Src=C:\WINDOWS\system32\browsew.dll из "Помогите"





> *a-squared 4.5.0.18 2009.06.18 Trojan-Dropper.Delf!IK* 
> AhnLab-V3 5.0.0.2 2009.06.18 - 
> *AntiVir 7.9.0.191 2009.06.18 DR/Delphi.Gen* 
> Antiy-AVL 2.0.3.1 2009.06.18 - 
> *Authentium 5.1.2.4 2009.06.18 W32/Delf.G.gen!Eldorado 
> Avast 4.8.1335.0 2009.06.17 Win32:Rootkit-gen 
> AVG 8.5.0.339 2009.06.18 Dropper.Rozena* 
> BitDefender 7.2 2009.06.18 - 
> CAT-QuickHeal 10.00 2009.06.18 - 
> ...

----------


## Kuzz

Файл foto20.scr получен 2009.06.18 15:35:54 (UTC)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.5.0.18	2009.06.18	-
AhnLab-V3	5.0.0.2	2009.06.18	-
AntiVir	7.9.0.191	2009.06.18	-
Antiy-AVL	2.0.3.1	2009.06.18	-
Authentium	5.1.2.4	2009.06.18	-
Avast	4.8.1335.0	2009.06.17	-
AVG	8.5.0.339	2009.06.18	-
BitDefender	7.2	2009.06.18	-
CAT-QuickHeal	10.00	2009.06.18	-
ClamAV	0.94.1	2009.06.18	-
Comodo	1364	2009.06.18	-
DrWeb	5.0.0.12182	2009.06.18	Trojan.Packed.2480
eSafe	7.0.17.0	2009.06.18	-
eTrust-Vet	31.6.6567	2009.06.18	-
F-Prot	4.4.4.56	2009.06.17	-
F-Secure	8.0.14470.0	2009.06.18	-
Fortinet	3.117.0.0	2009.06.18	-
GData	19	2009.06.18	-
Ikarus	T3.1.1.59.0	2009.06.18	-
Jiangmin	11.0.706	2009.06.18	-
K7AntiVirus	7.10.766	2009.06.17	-
Kaspersky	7.0.0.125	2009.06.18	-
McAfee	5649	2009.06.17	-
McAfee+Artemis	5649	2009.06.17	-
McAfee-GW-Edition	6.7.6	2009.06.18	Win32.Malware.gen (suspicious)
Microsoft	1.4701	2009.06.18	VirTool:Win32/Obfuscator.FL
NOD32	4167	2009.06.18	-
Norman	6.01.09	2009.06.18	-
nProtect	2009.1.8.0	2009.06.18	-
Panda	10.0.0.14	2009.06.18	-
PCTools	4.4.2.0	2009.06.17	-
Prevx	3.0	2009.06.18	-
Rising	21.34.34.00	2009.06.18	-
Sophos	4.42.0	2009.06.18	-
Sunbelt	3.2.1858.2	2009.06.18	-
Symantec	1.4.4.12	2009.06.18	-
TheHacker	6.3.4.3.348	2009.06.17	-
TrendMicro	8.950.0.1094	2009.06.18	-
VBA32	3.12.10.7	2009.06.18	Malware-Cryptor.Win32.Vals.3
ViRobot	2009.6.18.1794	2009.06.18	-
VirusBuster	4.6.5.0	2009.06.18	-
```

Дополнительная информация
File size: 224768 bytes
MD5...: 28777e565ee8ea3e6f023d1c18afcf3f
SHA1..: 09b292f2948b81cb20c2f3f0591cf6e4928edf48
SHA256: bfab24d3610cfc7bb6413f83ffb0e0c8e5a94d6e04b1531039  0520108dada898
ssdeep: 6144:Ck+1qk930Yd3f3WfwG7HywYWfVeSsh3T5m:Ck+P3+fwo/HVezh3T5m<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (38.3%)<br>Win32 Dynamic Link Library (generic) (34.1%)<br>Win16/32 Executable Delphi generic (9.3%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1000<br>timedatestamp.....: 0x48554930 (Sun Jun 15 16:54:08 200 :Cool: <br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x35000 0x35000 5.90 52154a290c0de9a4aeda8ab0f191bea7<br>.rdata 0x36000 0x1000 0x200 1.15 3d4c2b6aa8cdafebcbe808bd480f6c0f<br>.data 0x37000 0x1000 0x400 2.65 fbd44e8819bde55b78ec5e9e3a229c38<br>.rsrc 0x38000 0x36000 0x1400 3.81 2971fd64c858af83ad92968515511bce<br><br>( 1 imports ) <br>&gt; kernel32.dll: GetProcAddress, LoadLibraryA<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-

----------


## senyak

Файл Jimm2009.jar получен 2009.06.18 19:41:08 (UTC)
Текущий статус: закончено
Результат: 10/41 (24.4%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.18	2009.06.18	-
> AhnLab-V3	5.0.0.2	2009.06.18	-
> AntiVir	7.9.0.191	2009.06.18	-
> *Antiy-AVL	2.0.3.1	2009.06.18	Trojan/J2ME.Swapi*
> Authentium	5.1.2.4	2009.06.18	-
> *Avast	4.8.1335.0	2009.06.18	Other:Malware-gen
> AVG	8.5.0.339	2009.06.18	Java/Swapi*
> BitDefender	7.2	2009.06.18	-
> ...


Дополнительная информация
File size: 135729 bytes
MD5...: 474815affb2614459241a04bab355400
SHA1..: a1c56600e9259931f5bf42b40bb78f9693c051b0
SHA256: e0abc06bbb2d05f43d9d20edd7c28aa75b8e0920c13ded05a7  41bf408db9c8d1
ssdeep: 3072:EYzNg2B5XHj04ANArHJ+ga5h90VX0KgblXQcjkVtr4wk7  gr9:RzNRB5lAir
p+garRKOdljkVd4wkM9
PEiD..: -
TrID..: File type identification
Java Archive (78.2%)
ZIP compressed archive (21.5%)
Sybase iAnywhere database files (0.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

----------


## valho

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\G1Q9SRO7\dakxxly[1].txt
После заражения блокируют IP 

File op.php received on 2009.06.19 08:20 :20 (UTC)
Current status:finished
Result: 21/41 (51.22%)




> *a-squared	4.5.0.18	2009.06.19	Trojan.Crypt!IK*
> AhnLab-V3	5.0.0.2	2009.06.19	-
> *AntiVir	7.9.0.191	2009.06.19	TR/Crypt.ZPACK.Gen*
> Antiy-AVL	2.0.3.1	2009.06.18	-
> Authentium	5.1.2.4	2009.06.19	-
> *Avast	4.8.1335.0	2009.06.18	Win32:Crypt-EKF*
> AVG	8.5.0.339	2009.06.18	-
> BitDefender	7.2	2009.06.19	-
> *CAT-QuickHeal	10.00	2009.06.19	(Suspicious) - DNAScan*
> ...


Additional information
File size: 10752 bytes
MD5...: 87bf948b9ec456b83942056a41748a12
SHA1..: 84c4eb5a7d392f5d642eae9f7c86539637154d9a
SHA256: ec644ee2163e735eb998f8769362f1513ce0d2b914a8a6dcb4  73e5470669d177
ssdeep: 192:biUVPNuluNtn73hwMHb/HyK5XhGYxsoqp:btPNuluNtnD2aDH3hGO0p
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x160d
timedatestamp.....: 0x4a34cff0 (Sun Jun 14 10:24:48 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8c0 0xa00 6.00 e7be871cceb9b48f97ada18eef6984bc
.rdata 0x2000 0x1c4 0x200 4.11 81f2061221431ad5f0743f356b0951b6
.data 0x3000 0x236d4 0x1600 7.11 dbf6a8f35a7d93f32a1d446dfa9f1cb1
.rsrc 0x27000 0x318 0x400 2.61 e369ef3a7e454143572e4e85b736b25b

( 1 imports )
> KERNEL32.dll: ExitProcess, GetLastError, CloseHandle, WriteFile, CreateFileA, GetTempPathA, GetTickCount, HeapFree, GetProcAddress, HeapAlloc, GetProcessHeap

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: http://www.threatexpert.com/report.a...42056a41748a12

----------


## senyak

File load.exe received on 2009.06.20 09:26:37 (UTC)
Current status: finished
Result: 7/40 (17.50%)



> Antivirus 	Version 	Last Update 	Result
> *a-squared 	4.5.0.18 	2009.06.20 	Backdoor.Win32.Beastdoor!IK*
> AhnLab-V3 	5.0.0.2 	2009.06.19 	-
> AntiVir 	7.9.0.193 	2009.06.19 	-
> Antiy-AVL 	2.0.3.1 	2009.06.19 	-
> *Authentium 	5.1.2.4 	2009.06.19 	W32/Zbot.I.gen!Eldorado*
> Avast 	4.8.1335.0 	2009.06.19 	-
> *AVG 	8.5.0.339 	2009.06.20 	Downloader.Agent*
> BitDefender 	7.2 	2009.06.20 	-
> ...


Additional information
File size: 96794 bytes
MD5   : 9cbc5aaae324ef7fba035c5e70f2468c
SHA1  : 1ed3e701e094675d7cae1cbecee499d721797071
SHA256: be6f2a0f2d9267302c79834ff35a01771415a945f15e4002ff  32eb5d5383a058
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10E2
timedatestamp.....: 0x4A1AD26C (Mon May 25 19:16:28 2009)
machinetype.......: 0x14C (Intel I386)

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## VirCode

"Русик" для macromedia dreamweaver. После этого пришлось сменить антивирус

Файл RUS_8.0.1.exe получен 2009.06.20 19:43:27 (UTC)
Текущий статус:   закончено 
Результат: 27/41 (65.86%)




> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.18	2009.06.20	-
> *AhnLab-V3	5.0.0.2	2009.06.20	Packed/Upack
> AntiVir	7.9.0.193	2009.06.20	TR/Spy.Gampass.KZ*
> Antiy-AVL	2.0.3.1	2009.06.19	-
> *Authentium	5.1.2.4	2009.06.20	W32/Heuristic-210!Eldorado*
> Avast	4.8.1335.0	2009.06.20	-
> *AVG	8.5.0.339	2009.06.20	Suspicion: unknown virus
> BitDefender	7.2	2009.06.20	Trojan.Generic.1580847
> ...


Дополнительная информация
File size: 811360 bytes
MD5...: 1a1e8346ca51f607a4219a26b169b62e
SHA1..: 66a8be7acd5b833ae6d5d0d533fb4e21c9ab2c91
SHA256: 0f36e8c330157f9be881d1b85a34e6f6289ae010b746291568  03e4237031d0e6
ssdeep: 12288:/z1h7GqSWnNUzz+eQ0+LamYZ9gIA3+zl+Q0b38wnB0e2uppZzd3  Lj55HN3
H:/X7kqeQ+m09RzlSbznB0ypHbHN3
PEiD..: -
TrID..: File type identification
DOS Executable Generic (100.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1018
timedatestamp.....: 0x4011b0be (Fri Jan 23 23:39:42 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
PS 0x1000 0x34000 0x1f0 5.32 ec36b2de9b4d1ba7f6ecb3ad216dceeb
@DD 0x35000 0x1c000 0x1446c 7.51 9e7fbf904c98163998e872f6ee25440a
[email protected] 0x51000 0x1000 0x1f0 5.32 ec36b2de9b4d1ba7f6ecb3ad216dceeb

( 0 imports ) 

( 0 exports ) 
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (Kaspersky): PE_Patch, UPack, UPack
packers (F-Prot): RAR, UPack
packers (Authentium): UPack, UPack, UPack, UPack

P.S это не фолс не пакер.

----------


## Hanson

свеженький СМС вымогатель
*Файл dkjtk получен 2009.06.22 08:39:26 (UTC)*



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.18	2009.06.22	-
> AhnLab-V3	5.0.0.2	2009.06.22	-
> AntiVir	7.9.0.193	2009.06.22	-
> Antiy-AVL	2.0.3.1	2009.06.22	-
> Authentium	5.1.2.4	2009.06.22	-
> Avast	4.8.1335.0	2009.06.21	-
> AVG	8.5.0.339	2009.06.22	-
> BitDefender	7.2	2009.06.22	-
> ...


Дополнительная информация
File size: 23552 bytes
MD5...: 3200c3c408604c9c917769a36809c729
SHA1..: 91a632ac9c02a1bf64d93e6ddf5af364948dc4f6
SHA256: fab66f6fe6076176d1d035b9be99ea914cbb11033317d46d12  616a11f2445f44

*Добавлено через 3 часа 18 минут*

*

Файл rdl12.exe получен 2009.06.22 11:54:00 (UTC)
Результат: 11/41 (26.83%)*



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.18	2009.06.22	Virus.Win32.Parite!IK
> AhnLab-V3	5.0.0.2	2009.06.22	Win-Trojan/Xema.variant*
> AntiVir	7.9.0.193	2009.06.22	-
> Antiy-AVL	2.0.3.1	2009.06.22	-
> Authentium	5.1.2.4	2009.06.22	-
> *Avast	4.8.1335.0	2009.06.21	Win32:Trojan-gen {Other}
> AVG	8.5.0.339	2009.06.22	BackDoor.Generic11.WFJ*
> BitDefender	7.2	2009.06.22	-
> ...


*Добавлено через 2 минуты*

*Файл svchost.exe получен 2009.06.22 11:55:48 (UTC)
Результат: 9/41 (21.96%)*



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.18	2009.06.22	Worm.Win32.Downloader!IK*
> AhnLab-V3	5.0.0.2	2009.06.22	-
> AntiVir	7.9.0.193	2009.06.22	-
> Antiy-AVL	2.0.3.1	2009.06.22	-
> Authentium	5.1.2.4	2009.06.22	-
> Avast	4.8.1335.0	2009.06.21	-
> AVG	8.5.0.339	2009.06.22	-
> BitDefender	7.2	2009.06.22	-
> ...

----------


## ISO

Вот прислали в аську:



> Запрос авторизации
> ураа!! мы xaker`s хакнули контакт! вот скачать прога, для накрутки рейтинга: depositfiles.com/files/vpoqk95gk
> в  день нельзя накручивать больше 35 ГОЛОСО


File vkonreit.exe received on 2009.06.23 06:14:57 (UTC)



```
Antivirus 	Version 	Last Update 	Result
a-squared	4.5.0.18	2009.06.23	Trojan-Spy.Win32.Banker!IK
AhnLab-V3	5.0.0.2	2009.06.23	Win-Trojan/Vkont.677376
AntiVir	7.9.0.193	2009.06.22	TR/ATRAPS.Gen
Antiy-AVL	2.0.3.1	2009.06.23	Trojan/Win32.VKont.gen
Authentium	5.1.2.4	2009.06.23	W32/Trojan2.GYJC
Avast	4.8.1335.0	2009.06.22	Win32:Trojan-gen {Other}
AVG	8.5.0.339	2009.06.22	PSW.Generic7.GEB
BitDefender	7.2	2009.06.23	-
CAT-QuickHeal	10.00	2009.06.22	Trojan.Agent.ATV
ClamAV	0.94.1	2009.06.23	Trojan.Spy-62164
Comodo	1396	2009.06.23	-
DrWeb	5.0.0.12182	2009.06.23	Trojan.PWS.Vkontakte.8
eSafe	7.0.17.0	2009.06.22	-
eTrust-Vet	31.6.6573	2009.06.22	-
F-Prot	4.4.4.56	2009.06.22	W32/Trojan2.GYJC
F-Secure	8.0.14470.0	2009.06.23	Trojan-PSW.Win32.VKont.m
Fortinet	3.117.0.0	2009.06.23	-
GData	19	2009.06.23	Win32:Trojan-gen {Other}
Ikarus	T3.1.1.59.0	2009.06.23	Trojan-Spy.Win32.Banker
Jiangmin	11.0.706	2009.06.23	-
K7AntiVirus	7.10.768	2009.06.19	-
Kaspersky	7.0.0.125	2009.06.23	Trojan-PSW.Win32.VKont.m
McAfee	5654	2009.06.22	-
McAfee+Artemis	5654	2009.06.22	-
McAfee-GW-Edition	6.7.6	2009.06.23	Trojan.ATRAPS.Gen
Microsoft	1.4803	2009.06.23	-
NOD32	4179	2009.06.22	-
Norman	6.01.09	2009.06.22	W32/Atraps.HJJ
nProtect	2009.1.8.0	2009.06.23	Trojan-PWS/W32.VKont.677376
Panda	10.0.0.16	2009.06.23	-
PCTools	4.4.2.0	2009.06.22	-
Prevx	3.0	2009.06.23	Medium Risk Malware
Rising	21.35.10.00	2009.06.23	-
Sophos	4.42.0	2009.06.23	Sus/Behav-269
Sunbelt	3.2.1858.2	2009.06.23	-
Symantec	1.4.4.12	2009.06.23	-
TheHacker	6.3.4.3.351	2009.06.22	Trojan/PSW.VKont.m
TrendMicro	8.950.0.1094	2009.06.23	TSPY_VKONT.E
VBA32	3.12.10.7	2009.06.23	Trojan-PSW.Win32.VKont.m
ViRobot	2009.6.22.1799	2009.06.23	-
VirusBuster	4.6.5.0	2009.06.22	-
```

Additional information
File size: 677376 bytes
MD5...: 705d7f707ccb390063b7f244d6005fa8
SHA1..: 446fdf510c4339f8b5a69695da7b734d81a9209f
SHA256: 95e3ae6c86eccc82f39ca1d19806dcf4a7c648a498bbb2914d  cdd73fd2fd6b19
ssdeep: 12288:4ZB2FfbNQDw2Af3sstFxPCmygDlZbKOpz+CaRcDbQkh0  9:4ZoFbilA3sst
GWBoOpzPDfhW
PEiD..: BobSoft Mini Delphi -> BoB / BobSoft

----------


## PavelA

Src=C:\Windows\system32\drivers\SKYNEThpxfbtsp.sys из "Помогите!"
Файл avz00001.dta получен 2009.06.23 07:02:04 (UTC)



> Антивирус Версия Обновление Результат 
> a-squared 4.5.0.18 2009.06.23 - 
> AhnLab-V3 5.0.0.2 2009.06.23 - 
> AntiVir 7.9.0.193 2009.06.23 - 
> Antiy-AVL 2.0.3.1 2009.06.23 - 
> Authentium 5.1.2.4 2009.06.23 - 
> *Avast 4.8.1335.0 2009.06.22 Win32:Alureon-BV* 
> AVG 8.5.0.339 2009.06.22 - 
> BitDefender 7.2 2009.06.23 - 
> ...

----------


## altai-online

Файл foto15.scr получен 2009.06.24 07:08:13 (UTC)



```
a-squared	4.5.0.18	2009.06.24	-
AhnLab-V3	5.0.0.2	2009.06.24	-
AntiVir	7.9.0.193	2009.06.23	-
Antiy-AVL	2.0.3.1	2009.06.24	-
Authentium	5.1.2.4	2009.06.24	-
Avast	4.8.1335.0	2009.06.23	-
AVG	8.5.0.339	2009.06.23	Win32/Heur
BitDefender	7.2	2009.06.24	-
CAT-QuickHeal	10.00	2009.06.22	-
ClamAV	0.94.1	2009.06.24	-
Comodo	1404	2009.06.24	-
DrWeb	5.0.0.12182	2009.06.23	Trojan.Packed.2480
eSafe	7.0.17.0	2009.06.23	-
eTrust-Vet	31.6.6575	2009.06.23	-
F-Prot	4.4.4.56	2009.06.23	-
F-Secure	8.0.14470.0	2009.06.24	-
Fortinet	3.117.0.0	2009.06.24	-
GData	19	2009.06.24	-
Ikarus	T3.1.1.59.0	2009.06.24	-
Jiangmin	11.0.706	2009.06.24	-
K7AntiVirus	7.10.768	2009.06.19	-
Kaspersky	7.0.0.125	2009.06.24	-
McAfee	5655	2009.06.23	-
McAfee+Artemis	5655	2009.06.23	Artemis!F747D59BE5EA
McAfee-GW-Edition	6.7.6	2009.06.23	Win32.Malware.gen (suspicious)
Microsoft	1.4803	2009.06.24	VirTool:Win32/Obfuscator.FL
NOD32	4182	2009.06.24	-
Norman	6.01.09	2009.06.23	-
nProtect	2009.1.8.0	2009.06.24	-
Panda	10.0.0.16	2009.06.24	-
PCTools	4.4.2.0	2009.06.22	-
Prevx	3.0	2009.06.24	High Risk Worm
Rising	21.35.20.00	2009.06.24	-
Sophos	4.42.0	2009.06.24	-
Sunbelt	3.2.1858.2	2009.06.23	-
Symantec	1.4.4.12	2009.06.24	-
TheHacker	6.3.4.3.352	2009.06.24	-
TrendMicro	8.950.0.1094	2009.06.24	-
VBA32	3.12.10.7	2009.06.24	Malware-Cryptor.Win32.Vals.3
ViRobot	2009.6.24.1801	2009.06.24	-
VirusBuster	4.6.5.0	2009.06.23	-
```

Дополнительная информация
File size: 269824 bytes
MD5...: f747d59be5ea95ab14fecc279010def4
SHA1..: f2cfd28ada99699a06dd03ef1a8bcc1e01247d7d
SHA256: bc49f23de1ef792d94ab41ebc5454307febecc64ec9ab84602  629c5260b012a4

----------


## valho

File setup.exe received on 2009.06.25 22:14:49 (UTC)
Current status: Finished
Result: 2/41 (4.88%)



> A-squared	4.5.0.18	2009.06.25	-
> AhnLab-V3	5.0.0.2	2009.06.25	-
> AntiVir	7.9.0.196	2009.06.25	-
> *Antiy-AVL	2.0.3.1	2009.06.25	- Packed/Win32.Klone.gen*
> Authentium	5.1.2.4	2009.06.25	-
> Avast	4.8.1335.0	2009.06.25	-
> AVG	8.5.0.339	2009.06.25	-
> BitDefender	7.2	2009.06.26	-
> CAT-QuickHeal	10.00	2009.06.25	-
> ...


File size: 2388480 bytes
MD5...: 2683f1e64c2b3e2eab30e01682459390
SHA1..: ff6d2dbbe669384f907f0bfe930c6ca6961473c6
SHA256: 1effd9aa5a74caf1c692c86915a54c74ae465c9426292ffdcf  2b06bbb1f452ab
ssdeep: 49152:j28mp97c9878rOa/kDDCDIMJ1Hzc9vUYxNFTlMlcam:K8mn7c987Q1/kvo
hTc9M+NDP
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)

PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x9a58
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
ThreatExpert info: http://www.threatexpert.com/report.a...30e01682459390

*Добавлено через 11 минут*

File nutilities.dll received on 2009.06.25 22:35:15 (UTC)
Current status: Finished
Result: 6/41 (14.64%)



> A-squared	4.5.0.18	2009.06.25	-
> *AhnLab-V3	5.0.0.2	2009.06.25 - Win-Trojan/Horse.131072*
> AntiVir	7.9.0.196	2009.06.25	-
> *Antiy-AVL	2.0.3.1	2009.06.25	- Packed/Win32.Klone.gen*
> Authentium	5.1.2.4	2009.06.25	-
> Avast	4.8.1335.0	2009.06.25	-
> AVG	8.5.0.339	2009.06.25	-
> BitDefender	7.2	2009.06.26	-
> CAT-QuickHeal	10.00	2009.06.25	-
> ...


Additional information
File size: 131072 bytes
MD5...: 8b8464d090d814566269d9bb3fa8dde3
SHA1..: 1476ccb4e616b58bfc316d513478b58cfc05d781
SHA256: 5fcb4a705b0db55e499bfc019ef56a7a390b8758fef61bbd53  0929e5a86e16c7
ssdeep: 3072:yX5ZZ2q5P6DHruXy5beeUX0QzZ+vMwP0PyQ56183:CLZ2  q56ruXy5bfQ/X6
18
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1210
timedatestamp.....: 0x42f31902 (Fri Aug 05 07:45:06 2005)
machinetype.......: 0x14c (I386)
ThreatExpert info: http://www.threatexpert.com/report.a...69d9bb3fa8dde3

*Добавлено через 24 минуты*

File noadware.exe received on 2009.06.25 22:58:06 (UTC)
Current status: Finished
Result: 6/41 (14.64%)



> A-squared	4.5.0.18	2009.06.25	-
> AhnLab-V3	5.0.0.2	2009.06.25	-
> AntiVir	7.9.0.196	2009.06.25	-
> *Antiy-AVL	2.0.3.1	2009.06.25	- Packed/Win32.Klone.gen*
> Authentium	5.1.2.4	2009.06.25	-
> Avast	4.8.1335.0	2009.06.25	-
> AVG	8.5.0.339	2009.06.25	-
> BitDefender	7.2	2009.06.26	-
> CAT-QuickHeal	10.00	2009.06.25	-
> ...


File size: 2465376 bytes
MD5...: 56316159e4d93e570d878bddd7ab8ce2
SHA1..: 83d4f2296d9dbd2a036ea1d96bc716e2964e4314
SHA256: 2ec01a76368d7e3d3fce1029e92f9729a2dee1b6d5e267cb5b  d5519f2c062e3a
ssdeep: 49152:u26NFj6aYPVq3PNeppnuh2EmHi69Heeq4AztBoQ8VfBk  +rSao:3i16aHNk
ugS69+evVVfa
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x9a58
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
ThreatExpert info: http://www.threatexpert.com/report.a...878bddd7ab8ce2

Хм... нашёл, про это всё, тему в помогите за 2006 год http://virusinfo.info/showthread.php?t=4971

----------


## VirCode

Файл update_797.pdf получен 2009.06.30 12:44:26 (UTC)
Текущий статус:    закончено 
Результат: 12/41 (29.27%)




> Антивирус	Версия	Обновление	Результат
> *a-squared	4.5.0.18	2009.06.30	Exploit.Win32.Pdfjsc!IK*
> AhnLab-V3	5.0.0.2	2009.06.30	-
> *AntiVir	7.9.0.199	2009.06.30	HEUR/HTML.Malware*
> Antiy-AVL	2.0.3.1	2009.06.30	-
> Authentium	5.1.2.4	2009.06.29	-
> *Avast	4.8.1335.0	2009.06.29	JS:Pdfka-GF*
> AVG	8.5.0.339	2009.06.30	-
> BitDefender	7.2	2009.06.30	-
> ...


Дополнительная информация
File size: 30842 bytes
MD5...: d661ec98b930cd0d5284fb624cf4be97
SHA1..: f8b6b387b3122e034e946dff67be3dcb488046d7
SHA256: d850a7128d08bd8351037f98cf82eec75d32b4cff55f3bc631  21d3c3a2433c90
ssdeep: 768:oUxY3RIV48c1fzaHuCVINqlVU+UzX+2wY4LghEMczlZsQR  44bx0YKDabTd:U
CMvq0j+7YjEfZJy4bx0R6d
PEiD..: -
TrID..: File type identification
Adobe Portable Document Format (50.0%)
MATLAB program (50.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

----------


## valho

File x-file-MJacksonsKiller.exe received on 2009.07.02 02:15:47 (UTC)
Current status: Finished
Result: 19/41 (46.35%)



> *a-squared	4.5.0.18	2009.07.02	Trojan-Spy.Zeus!IK*
> AhnLab-V3	5.0.0.2	2009.07.01	-
> *AntiVir	7.9.0.199	2009.07.01	TR/Spy.ZBot.VG.1*
> Antiy-AVL	2.0.3.1	2009.07.02	-
> *Authentium	5.1.2.4	2009.07.01	W32/Heuristic-CO3!Eldorado*
> Avast	4.8.1335.0	2009.07.01	-
> *AVG	8.5.0.386	2009.07.01	Generic13.BRQM*
> *BitDefender	7.2	2009.07.02	Trojan.Spy.ZBot.VG*
> CAT-QuickHeal	10.00	2009.07.01	-
> ...


File size: 88576 bytes
MD5...: 0418e1fad04ca45e0353ac319f6594ab
SHA1..: 6ca7a11b240f05b7fcf449732f3309a063b2172c
SHA256: 80528a4868d561e4b29d12272a0aead18c161116893fdab2d3  0835ca40388ebe
ssdeep: 1536 :Cheesy: eR58K47q8xqBpu1tVbWl9dTCPRT8RzcRS1TQ2wGGMVjEOLChmI  u62v3anF
hnUJz:6R+NLxqBw1zWlcuf1PPVjghQ62CnFhnC
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PDFiD.: -
RDS...: NSRL Reference Data Set
ThreatExpert info: http://www.threatexpert.com/report.a...53ac319f6594ab
Мдя, подленько как то...

----------


## Surfer

Файл foto35.scr получен 2009.07.05 13:34:00 (UTC)
Результат: 6/41 (14.64%)




> *a-squared	4.5.0.18	2009.07.05	Trojan-Dropper.Win32.Wlord!IK*
> AhnLab-V3	5.0.0.2	2009.07.05	-
> *AntiVir	7.9.0.204	2009.07.03	DR/Delphi.Gen*
> Antiy-AVL	2.0.3.1	2009.07.03	-
> Authentium	5.1.2.4	2009.07.04	-
> Avast	4.8.1335.0	2009.07.04	-
> AVG	8.5.0.386	2009.07.05	-
> BitDefender	7.2	2009.07.05	-
> *CAT-QuickHeal	10.00	2009.07.03	Win32.VirTool.DelfInject.gen!AM.8*
> ...


http://www.virustotal.com/ru/analisi...15a-1246800840

----------


## senyak

Файл JimmPrO.jar получен 2009.07.07 13:39:57 (UTC)
Текущий статус: закончено
Результат: 8/41 (19.52%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.18	2009.07.07	-
> AhnLab-V3	5.0.0.2	2009.07.07	-
> *AntiVir	7.9.0.204	2009.07.07	JAVA/SMS.Konov.J
> Antiy-AVL	2.0.3.1	2009.07.07	Trojan/J2ME.Konov*
> Authentium	5.1.2.4	2009.07.07	-
> Avast	4.8.1335.0	2009.07.06	-
> AVG	8.5.0.386	2009.07.07	-
> BitDefender	7.2	2009.07.07	-
> ...


Дополнительная информация
File size: 4577 bytes
MD5...: 4c149e6f307c5a3cdda87aa9cc7d87f6
SHA1..: 2235086b212826dd0d678bb0f0d57f77e17ebc84
SHA256: 83a3ec1dae7a8aaab333930d26fd415a70c08fa597049e6c2a  2551380ebb7232
ssdeep: 96:sFTiOURs9qVeiTSK9kRRJd1xfOrEepznEWN7OdErQKL/2gfe:sZ5UdeiTSiiF
tsfGWSgt0
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

----------


## antanta

```
Антивирус Версия Обновление Результат 
a-squared 4.5.0.18 2009.07.08 - 
AhnLab-V3 5.0.0.2 2009.07.08 - 
AntiVir 7.9.0.204 2009.07.08 W32/Almanahe.B 
Antiy-AVL 2.0.3.1 2009.07.08 - 
Authentium 5.1.2.4 2009.07.08 - 
Avast 4.8.1335.0 2009.07.07 - 
AVG 8.5.0.386 2009.07.08 - 
BitDefender 7.2 2009.07.08 Win32.Almanahe.K.Dam 
CAT-QuickHeal 10.00 2009.07.08 - 
ClamAV 0.94.1 2009.07.08 - 
Comodo 1578 2009.07.08 - 
DrWeb 5.0.0.12182 2009.07.08 - 
eSafe 7.0.17.0 2009.07.07 - 
eTrust-Vet 31.6.6602 2009.07.08 - 
F-Prot 4.4.4.56 2009.07.07 - 
F-Secure 8.0.14470.0 2009.07.08 - 
Fortinet 3.117.0.0 2009.07.03 - 
GData 19 2009.07.08 Win32.Almanahe.K.Dam 
Ikarus T3.1.1.64.0 2009.07.08 - 
Jiangmin 11.0.706 2009.07.08 - 
K7AntiVirus 7.10.786 2009.07.07 - 
Kaspersky 7.0.0.125 2009.07.08 - 
McAfee 5669 2009.07.07 - 
McAfee+Artemis 5669 2009.07.07 - 
McAfee-GW-Edition 6.8.5 2009.07.08 Win32.Almanahe.B 
Microsoft 1.4803 2009.07.08 - 
NOD32 4223 2009.07.08 - 
Norman 6.01.09 2009.07.07 - 
nProtect 2009.1.8.0 2009.07.08 - 
Panda 10.0.0.14 2009.07.07 - 
PCTools 4.4.2.0 2009.07.07 - 
Prevx 3.0 2009.07.08 - 
Rising 21.37.22.00 2009.07.08 - 
Sophos 4.43.0 2009.07.08 - 
Sunbelt 3.2.1858.2 2009.07.08 - 
Symantec 1.4.4.12 2009.07.08 - 
TheHacker 6.3.4.3.363 2009.07.08 - 
TrendMicro 8.950.0.1094 2009.07.08 - 
VBA32 3.12.10.7 2009.07.08 - 
ViRobot 2009.7.8.1823 2009.07.08 - 
VirusBuster 4.6.5.0 2009.07.07 -
```

Дополнительная информация 
File size: 157184 bytes 
MD5...: 840830b0a6574dfda83a78a2fdaab991 
SHA1..: 8ec2582692c6d30a427e320798d20ffa5ffb718f

*Добавлено через 6 минут*

Одноименная DLL вообще никем не детектится. Щаз в вирлаб отправлю обоих.

*Добавлено через 40 минут*

Еще один. Несмотря на название, внутри у него нет привычных секци и прочая.

Файл autorun.inf получен 2009.07.08 12:02:49 (UTC)
Текущий статус: закончено 
Результат: 22/40 (55%) 

Форматированные 

Печать результатов 



```
Антивирус Версия Обновление Результат 
a-squared 4.5.0.18 2009.07.08 Worm.Win32.Conficker!IK 
AhnLab-V3 5.0.0.2 2009.07.08 - 
AntiVir 7.9.0.204 2009.07.08 - 
Antiy-AVL 2.0.3.1 2009.07.08 - 
Authentium 5.1.2.4 2009.07.08 JS/AutoRun 
Avast 4.8.1335.0 2009.07.07 BV:AutoRun-S 
AVG 8.5.0.386 2009.07.08 Worm/Generic_c.ZW 
BitDefender 7.2 2009.07.08 Worm.Autorun.VHG 
CAT-QuickHeal 10.00 2009.07.08 - 
ClamAV 0.94.1 2009.07.08 Worm.Autorun-1838 
Comodo 1578 2009.07.08 Worm.Win32.AutoRun.etg 
DrWeb 5.0.0.12182 2009.07.08 Win32.HLLW.Shadow 
eSafe 7.0.17.0 2009.07.07 - 
eTrust-Vet 31.6.6602 2009.07.08 INF/Conficker 
F-Prot 4.4.4.56 2009.07.07 JS/AutoRun 
Fortinet 3.117.0.0 2009.07.03 - 
GData 19 2009.07.08 Worm.Autorun.VHG 
Ikarus T3.1.1.64.0 2009.07.08 Worm.Win32.Conficker 
Jiangmin 11.0.706 2009.07.08 - 
K7AntiVirus 7.10.786 2009.07.07 - 
Kaspersky 7.0.0.125 2009.07.08 - 
McAfee 5669 2009.07.07 - 
McAfee+Artemis 5669 2009.07.07 - 
McAfee-GW-Edition 6.8.5 2009.07.08 - 
Microsoft 1.4803 2009.07.08 Worm:Win32/Conficker.B!inf 
NOD32 4224 2009.07.08 INF/Conficker 
Norman 6.01.09 2009.07.07 - 
nProtect 2009.1.8.0 2009.07.08 - 
Panda 10.0.0.14 2009.07.07 W32/Conficker.C.worm 
PCTools 4.4.2.0 2009.07.08 - 
Prevx 3.0 2009.07.08 - 
Rising 21.37.23.00 2009.07.08 - 
Sophos 4.43.0 2009.07.08 Mal/ConfInf-A 
Sunbelt 3.2.1858.2 2009.07.08 INF.Autorun (v) 
Symantec 1.4.4.12 2009.07.08 W32.Downadup!autorun 
TheHacker 6.3.4.3.363 2009.07.08 W32/Conficker.autorunL 
TrendMicro 8.950.0.1094 2009.07.08 TROJ_DOWNAD.AF 
VBA32 3.12.10.7 2009.07.08 Trojan.Autorun.gen 
ViRobot 2009.7.8.1824 2009.07.08 - 
VirusBuster 4.6.5.0 2009.07.07 INF.Conficker.F 
```

Дополнительная информация 
File size: 59306 bytes 
MD5...: 060dc978741e7ff27686ca8885802623 
SHA1..: 4e32ff1cf3243ce56ff278cc0924b601784463d1 
SHA256: 4202574ee60beb13a329f4ba6f6bc55a6e3cfbdfccab929f50  024603d9cde020 
ssdeep: 1536:IS+zcVPpjrVmdmwGvp1kGEJ5V7hAUJcFc00LZ:+g9plmW  8PD2Gc2Z
PEiD..: - 
TrID..: File type identification
Text - UTF-16 (LE) encoded (66.6%)
MP3 audio (33.3%) 
PEInfo: - 
PDFiD.: - 
RDS...: NSRL Reference Data Set
- 
packers (F-Prot): Unicode 
packers (Authentium): Unicode

*Добавлено через 57 минут*

Странно. По поводу *Win32.Almanahe* c вирлаба ЛК пришел такой вот ответ:



> Здравствуйте,
> mail.exe_, zmail.dll
> Вредоносный код в файлах не обнаружен.





> RE: Re: [--Obscene--] Re: вирь [KLAN-25043727] [KLAN-25045485] [KLAN-25050003] [KLAN-25204047] [KLAN-25262127] [KLAN-27791285] [KLAN-29591337] [KLAN-32489729] [KLAN-33179613] [KLAN-33251659] [KLAN-35858789]


Вероятно, не следует включать в статистику?

*Добавлено через 3 минуты*




> Последний раз редактировалось Shu_b; Сегодня в 15:31 Причина: третий удалён, дубль первого


 На ВТ проверялись разные файлы, с различными результатами. Извините, перепутал. Вероятно, уже не важно.

----------


## AlexGOMEL

Файл Dllcache.exe получен 2009.07.08 16:08:54 (UTC)

```
Антивирус	Версия	Обновление	Результат
a-squared	4.5.0.18	2009.07.08	Riskware.Win32.Injector!IK
AhnLab-V3	5.0.0.2	2009.07.08	Win-Trojan/Agent.71680.CP
AntiVir	7.9.0.204	2009.07.08	-
Antiy-AVL	2.0.3.1	2009.07.08	Backdoor/Win32.IRCBot.gen
Authentium	5.1.2.4	2009.07.08	-
Avast	4.8.1335.0	2009.07.07	Win32:Inject-SW
AVG	8.5.0.386	2009.07.08	SHeur2.ANUC
BitDefender	7.2	2009.07.08	-
CAT-QuickHeal	10.00	2009.07.08	Backdoor.IRCBot.lav
ClamAV	0.94.1	2009.07.08	-
Comodo	1578	2009.07.08	-
DrWeb	5.0.0.12182	2009.07.08	Win32.HLLW.Druck.5
eSafe	7.0.17.0	2009.07.08	Suspicious File
eTrust-Vet	31.6.6602	2009.07.08	-
F-Prot	4.4.4.56	2009.07.07	-
F-Secure	8.0.14470.0	2009.07.08	Backdoor.Win32.IRCBot.lav
Fortinet	3.117.0.0	2009.07.03	-
GData	19	2009.07.08	Win32:Inject-SW 
Ikarus	T3.1.1.64.0	2009.07.08	VirTool.Win32.Injector
Jiangmin	11.0.706	2009.07.08	-
K7AntiVirus	7.10.787	2009.07.08	-
Kaspersky	7.0.0.125	2009.07.08	Backdoor.Win32.IRCBot.lav
McAfee	5669	2009.07.07	BackDoor-DOQ.gen.e
McAfee+Artemis	5669	2009.07.07	BackDoor-DOQ.gen.e
McAfee-GW-Edition	6.8.5	2009.07.08	Heuristic.LooksLike.Win32.NewMalware.H
Microsoft	1.4803	2009.07.08	VirTool:Win32/Injector.gen!B
NOD32	4224	2009.07.08	Win32/IRCBot.AMC
Norman	6.01.09	2009.07.07	-
nProtect	2009.1.8.0	2009.07.08	Backdoor/W32.IRCBot.71680.H
Panda	10.0.0.14	2009.07.08	-
PCTools	4.4.2.0	2009.07.08	-
Prevx	3.0	2009.07.08	-
Rising	21.37.24.00	2009.07.08	Trojan.Win32.Nodef.kka
Sophos	4.43.0	2009.07.08	Mal/Behav-243
Sunbelt	3.2.1858.2	2009.07.08	-
Symantec	1.4.4.12	2009.07.08	-
TheHacker	6.3.4.3.363	2009.07.08	-
TrendMicro	8.950.0.1094	2009.07.08	PAK_Generic.001
VBA32	3.12.10.7	2009.07.08	Backdoor.Win32.IRCBot.lav
ViRobot	2009.7.8.1824	2009.07.08	Backdoor.Win32.IRCBot.71680.F
VirusBuster	4.6.5.0	2009.07.08	Trojan.Inject.Gen.5

```

Дополнительная информация
File size: 71680 bytes
MD5...: 002895ff98187a3cc21b7c67a9a0943e

----------


## Sneer

Файл acleditf.exe получен 2009.07.08 17:10:09 (UTC)
Текущий статус:   закончено 
Результат: 13/41 (31.71%)



```
Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.08 -
AhnLab-V3 5.0.0.2 2009.07.08 -
AntiVir 7.9.0.204 2009.07.08 -
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.07 -
AVG 8.5.0.386 2009.07.08 Agent_r.NQ
BitDefender 7.2 2009.07.08 Gen:Trojan.Heur.Hype.2010EFEFEF
CAT-QuickHeal 10.00 2009.07.08 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.07.08 -
Comodo 1578 2009.07.08 -
DrWeb 5.0.0.12182 2009.07.08 Trojan.Packed.2463
eSafe 7.0.17.0 2009.07.08 Suspicious File
eTrust-Vet 31.6.6604 2009.07.08 -
F-Prot 4.4.4.56 2009.07.07 -
F-Secure 8.0.14470.0 2009.07.08 -
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.08 Gen:Trojan.Heur.Hype.2010EFEFEF
Ikarus T3.1.1.64.0 2009.07.08 -
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5670 2009.07.08 FakeAlert-DA
McAfee+Artemis 5670 2009.07.08 FakeAlert-DA
McAfee-GW-Edition 6.8.5 2009.07.08 -
Microsoft 1.4803 2009.07.08 Trojan:Win32/Ositki.A
NOD32 4224 2009.07.08 a variant of Win32/Kryptik.QL
Norman 6.01.09 2009.07.08 -
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.08 -
PCTools 4.4.2.0 2009.07.08 -
Prevx 3.0 2009.07.08 -
Rising 21.37.24.00 2009.07.08 -
Sophos 4.43.0 2009.07.08 Mal/EncPk-IF
Sunbelt 3.2.1858.2 2009.07.08 -
Symantec 1.4.4.12 2009.07.08 Packed.Generic.218
TheHacker 6.3.4.3.363 2009.07.08 -
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.08 Malware-Cryptor.Win32.Argin
ViRobot 2009.7.8.1824 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.08 -
```

Дополнительная информация
File size: 40448 bytes
MD5...: 7da01b2fe2679ca3fe98c9780e749179
SHA1..: 1b5696e7d3dd5ecb86a17d84a232f1280bddab3d
SHA256: a4bd80501a350520cbf7557191760727342ef309d1b7d29c9e  0487d609b7409a
ssdeep: 768:RFg6kNqifwvEpde2IvP2e0chZMHPtEipedK3AoTkCmw/rpviHtUVin+eCYI5
CH5T:fgPjwvEpo2OP2ekPfAdK3RrwHtgin+ej
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)



Файл nopmulti4.exe получен 2009.07.08 17:19:49 (UTC)
Текущий статус:    закончено 
Результат: 25/41 (60.98%)



```
Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.08 Trojan.Win32.Winwebsec!IK
AhnLab-V3 5.0.0.2 2009.07.08 Win-Trojan/Clicker.311296.C
AntiVir 7.9.0.204 2009.07.08 TR/Clicker.23
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 W32/FakeAlert.AZ2.gen!Eldorado
Avast 4.8.1335.0 2009.07.08 Win32:Trojan-gen {Other}
AVG 8.5.0.386 2009.07.08 Clicker.ZIS
BitDefender 7.2 2009.07.08 Trojan.Generic.1930179
CAT-QuickHeal 10.00 2009.07.08 TrojanClicker.Klik
ClamAV 0.94.1 2009.07.08 -
Comodo 1578 2009.07.08 -
DrWeb 5.0.0.12182 2009.07.08 Trojan.Packed.2463
eSafe 7.0.17.0 2009.07.08 -
eTrust-Vet 31.6.6604 2009.07.08 -
F-Prot 4.4.4.56 2009.07.08 W32/FakeAlert.AZ2.gen!Eldorado
F-Secure 8.0.14470.0 2009.07.08 Trojan-Downloader:W32/Fakerean.gen!A
Fortinet 3.117.0.0 2009.07.03 Adware/AdClicker
GData 19 2009.07.08 Trojan.Generic.1930179
Ikarus T3.1.1.64.0 2009.07.08 Trojan.Win32.Winwebsec
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5670 2009.07.08 Adclicker-HB
McAfee+Artemis 5670 2009.07.08 Adclicker-HB
McAfee-GW-Edition 6.8.5 2009.07.08 Heuristic.BehavesLike.Backdoor.C
Microsoft 1.4803 2009.07.08 TrojanClicker:Win32/Klik
NOD32 4224 2009.07.08 a variant of Win32/Kryptik.PU
Norman 6.01.09 2009.07.08 -
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.08 Trj/CI.A
PCTools 4.4.2.0 2009.07.08 -
Prevx 3.0 2009.07.08 -
Rising 21.37.24.00 2009.07.08 -
Sophos 4.43.0 2009.07.08 Mal/EncPk-IF
Sunbelt 3.2.1858.2 2009.07.08 Packer.Lighty.Gen (v)
Symantec 1.4.4.12 2009.07.08 Trojan Horse
TheHacker 6.3.4.3.363 2009.07.08 -
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.08 Malware-Cryptor.Win32.Emo
ViRobot 2009.7.8.1824 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.08 Trojan.CL.Klik.NP
```

Дополнительная информация
File size: 311296 bytes
MD5...: 8fa9aa822ba5e60aaefe1821ecdecc04
SHA1..: 8c201a254b1d5397c48deea52afb68501d4dea54
SHA256: c32908d14b460621cc7493a789ea02753ebeec71876655099a  4fe2e34b758a27
ssdeep: 6144:bqeU7o3L24Kujej5ADrYjLGXigP67WbZj/sY1gcgsDHjHL/F9B0KY5n:bnQ
o7UZqXiGkWbx/91gFMHTL/Ff0KY5n
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)



Файл 100.tmp получен 2009.07.08 17:22:51 (UTC)
Текущий статус:    закончено 
Результат: 13/40 (32.5%)



```
Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.08 -
AhnLab-V3 5.0.0.2 2009.07.08 -
AntiVir 7.9.0.204 2009.07.08 -
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.08 -
AVG 8.5.0.386 2009.07.08 FakeAlert.KO
BitDefender 7.2 2009.07.08 -
CAT-QuickHeal 10.00 2009.07.08 -
ClamAV 0.94.1 2009.07.08 -
Comodo 1578 2009.07.08 UnclassifiedMalware
DrWeb 5.0.0.12182 2009.07.08 -
eSafe 7.0.17.0 2009.07.08 Suspicious File
eTrust-Vet 31.6.6604 2009.07.08 Win32/AMalum.ZZYFU
F-Prot 4.4.4.56 2009.07.08 -
F-Secure 8.0.14470.0 2009.07.08 Trojan-Downloader:W32/Fakerean.gen!A
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.08 -
Ikarus T3.1.1.64.0 2009.07.08 -
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5670 2009.07.08 Generic PWS!hv.ao
McAfee+Artemis 5670 2009.07.08 Artemis!D3137DE98400
McAfee-GW-Edition 6.8.5 2009.07.08 Heuristic.BehavesLike.Packed.J
Microsoft 1.4803 2009.07.08 -
NOD32 4224 2009.07.08 -
Norman 6.01.09 2009.07.08 -
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.08 Suspicious file
Prevx 3.0 2009.07.08 Medium Risk Malware
Rising 21.37.24.00 2009.07.08 -
Sophos 4.43.0 2009.07.08 -
Sunbelt 3.2.1858.2 2009.07.08 VIPRE.Suspicious
Symantec 1.4.4.12 2009.07.08 Packed.Generic.233
TheHacker 6.3.4.3.363 2009.07.08 Trojan/Dropper.Microjoin.gqh
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.08 -
ViRobot 2009.7.8.1824 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.08 -
```

Дополнительная информация
File size: 589824 bytes
MD5...: d3137de98400fc46ff5173611233d5fd
SHA1..: 6b4d0bc7ff083519db8ce696ee929e032e552c47
SHA256: 58e6bc2e80eccc98baa4a4d55c042e2725b129b14580f125bf  4097a4130bac45
ssdeep: 12288:6Ei+Kmau7RKmEf6o621a89PFXlgt3syui78yQve0fTki  LVza:6Rbu7da6s
aYPFXlgh7uQ8yX0fDa
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)


Файл 28.tmp получен 2009.07.08 17:29:35 (UTC)
Текущий статус:  закончено 
Результат: 15/40 (37.5%)



```
Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.08 -
AhnLab-V3 5.0.0.2 2009.07.08 Dropper/Microjoin.1670144.B
AntiVir 7.9.0.204 2009.07.08 -
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.08 -
AVG 8.5.0.386 2009.07.08 FakeAlert.KO
BitDefender 7.2 2009.07.08 Trojan.Generic.2009297
CAT-QuickHeal 10.00 2009.07.08 -
ClamAV 0.94.1 2009.07.08 -
Comodo 1578 2009.07.08 -
DrWeb 5.0.0.12182 2009.07.08 Trojan.MulDrop.1161
eSafe 7.0.17.0 2009.07.08 Suspicious File
eTrust-Vet 31.6.6604 2009.07.08 Win32/AMalum.ZZXXP
F-Prot 4.4.4.56 2009.07.08 -
F-Secure 8.0.14470.0 2009.07.08 Trojan-Downloader:W32/Fakerean.gen!A
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.08 Trojan.Generic.2009297
Ikarus T3.1.1.64.0 2009.07.08 -
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5670 2009.07.08 -
McAfee+Artemis 5670 2009.07.08 Artemis!F53A88674B65
McAfee-GW-Edition 6.8.5 2009.07.08 Heuristic.LooksLike.Trojan.Crypt.I
Microsoft 1.4803 2009.07.08 -
NOD32 4224 2009.07.08 -
Norman 6.01.09 2009.07.08 W32/Renos.dam
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.08 Suspicious file
PCTools 4.4.2.0 2009.07.08 -
Rising 21.37.24.00 2009.07.08 Trojan.Clicker.Win32.Undef.ki
Sophos 4.43.0 2009.07.08 -
Sunbelt 3.2.1858.2 2009.07.08 Bulk Trojan
Symantec 1.4.4.12 2009.07.08 Packed.Generic.233
TheHacker 6.3.4.3.363 2009.07.08 -
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.08 -
ViRobot 2009.7.8.1824 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.08 -
```

Дополнительная информация
File size: 1474560 bytes
MD5...: f53a88674b65ef469670f9ef2b1656e6
SHA1..: a7bb16a3c943654b847d34ab847b0f58ce473e36
SHA256: f40be5f61b8dd0e0c8a844727695c3bc74aec5772407ea2116  21d1a5fd148f3d
ssdeep: 24576:cmJlz/UViFiakkUS1ANO86PT3upvrapo0UXPrKWbbmqmnpD5v9axMkQf/c
d76Gb:cmP/UQi7kUIcf6jGvr6GuWWqkNQ4fUdz
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)


Файл 39.tmp получен 2009.07.08 17:35:30 (UTC)
Текущий статус:    закончено 
Результат: 12/41 (29.27%)


```
Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.08 -
AhnLab-V3 5.0.0.2 2009.07.08 -
AntiVir 7.9.0.204 2009.07.08 -
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.08 -
AVG 8.5.0.386 2009.07.08 -
BitDefender 7.2 2009.07.08 -
CAT-QuickHeal 10.00 2009.07.08 -
ClamAV 0.94.1 2009.07.08 -
Comodo 1578 2009.07.08 -
DrWeb 5.0.0.12182 2009.07.08 -
eSafe 7.0.17.0 2009.07.08 Win32.VirToolObfusca
eTrust-Vet 31.6.6604 2009.07.08 Win32/AntiVirus2008.Y
F-Prot 4.4.4.56 2009.07.08 -
F-Secure 8.0.14470.0 2009.07.08 -
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.08 -
Ikarus T3.1.1.64.0 2009.07.08 -
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5670 2009.07.08 -
McAfee+Artemis 5670 2009.07.08 Artemis!0DFC51CA6D30
McAfee-GW-Edition 6.8.5 2009.07.08 Heuristic.LooksLike.Win32.NewMalware.A
Microsoft 1.4803 2009.07.08 Trojan:Win32/Winwebsec
NOD32 4224 2009.07.08 -
Norman 6.01.09 2009.07.08 DLoader.QOPA
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.08 Suspicious file
PCTools 4.4.2.0 2009.07.08 -
Prevx 3.0 2009.07.08 Medium Risk Malware
Rising 21.37.24.00 2009.07.08 -
Sophos 4.43.0 2009.07.08 Mal/EncPk-IV
Sunbelt 3.2.1858.2 2009.07.08 FraudTool.Win32.RogueSecurity (v)
Symantec 1.4.4.12 2009.07.08 Packed.Generic.233
TheHacker 6.3.4.3.363 2009.07.08 Trojan/Dropper.Agent.atmg
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.08 -
ViRobot 2009.7.8.1824 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.08 -
```

Дополнительная информация
File size: 55480 bytes
MD5...: 0dfc51ca6d30728e6b5d7ad152c2c30c
SHA1..: e2a69ec84164617ebc2eecc31846eb1bff9d01cc
SHA256: 5fb522accb22eb65513b4db838edd12d8d8b65af64f4b60cb3  9cdcaeaa215688
ssdeep: 1536:U2B1GVN5qtGuDurTpuRTJzGqiiqO/1TovfWQ:gVutvur12hGqizOt0vfWQ
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)


Файл 3C.tmp получен 2009.07.08 17:44:48 (UTC)
Текущий статус:    закончено 
Результат: 7/41 (17.08%)



```
Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.08 -
AhnLab-V3 5.0.0.2 2009.07.08 -
AntiVir 7.9.0.204 2009.07.08 -
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.08 -
AVG 8.5.0.386 2009.07.08 Generic13.BILN
BitDefender 7.2 2009.07.08 -
CAT-QuickHeal 10.00 2009.07.08 -
ClamAV 0.94.1 2009.07.08 -
Comodo 1578 2009.07.08 -
DrWeb 5.0.0.12182 2009.07.08 -
eSafe 7.0.17.0 2009.07.08 -
eTrust-Vet 31.6.6604 2009.07.08 -
F-Prot 4.4.4.56 2009.07.08 -
F-Secure 8.0.14470.0 2009.07.08 Suspicious:W32/Malware!Gemini
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.08 -
Ikarus T3.1.1.64.0 2009.07.08 -
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5670 2009.07.08 -
McAfee+Artemis 5670 2009.07.08 Artemis!7C2902AD16F6
McAfee-GW-Edition 6.8.5 2009.07.08 -
Microsoft 1.4803 2009.07.08 -
NOD32 4224 2009.07.08 -
Norman 6.01.09 2009.07.08 DLoader.QOPA
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.08 Suspicious file
PCTools 4.4.2.0 2009.07.08 -
Prevx 3.0 2009.07.08 -
Rising 21.37.24.00 2009.07.08 -
Sophos 4.43.0 2009.07.08 -
Sunbelt 3.2.1858.2 2009.07.08 -
Symantec 1.4.4.12 2009.07.08 Packed.Generic.233
TheHacker 6.3.4.3.363 2009.07.08 Trojan/Dropper.Microjoin.grm
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.08 -
ViRobot 2009.7.8.1824 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.08 -
```

Дополнительная информация
File size: 614400 bytes
MD5...: 7c2902ad16f6fc76e816609a2b59291d
SHA1..: ed1370d74f92e0d038c0924aa05cce5d33c9a74a
SHA256: 999ec2242d099477ca0b0eefa0700777f578352095988280d6  ebdc0a320d10e1
ssdeep: 12288:sP9lzkA+P93kMry7JCa15Ud4z/vixnym5Prwr+zF8JkO:sVkD5kx15aa/v
gNJr5zAB
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)



Файл 38.tmp получен 2009.07.08 17:41:51 (UTC)
Текущий статус:    закончено 
Результат: 9/40 (22.5%)



```
Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.08 -
AhnLab-V3 5.0.0.2 2009.07.08 Dropper/Microjoin.2626560
AntiVir 7.9.0.204 2009.07.08 -
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.08 -
AVG 8.5.0.386 2009.07.08 SHeur2.ALNO
BitDefender 7.2 2009.07.08 -
CAT-QuickHeal 10.00 2009.07.08 -
ClamAV 0.94.1 2009.07.08 Trojan.Dropper-19904
Comodo 1578 2009.07.08 -
DrWeb 5.0.0.12182 2009.07.08 -
eSafe 7.0.17.0 2009.07.08 Win32.TRCrypt.XPACK
eTrust-Vet 31.6.6604 2009.07.08 -
F-Prot 4.4.4.56 2009.07.08 -
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.08 -
Ikarus T3.1.1.64.0 2009.07.08 -
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5670 2009.07.08 -
McAfee+Artemis 5670 2009.07.08 Artemis!ED5D6DAD09AC
McAfee-GW-Edition 6.8.5 2009.07.08 -
Microsoft 1.4803 2009.07.08 -
NOD32 4224 2009.07.08 -
Norman 6.01.09 2009.07.08 DLoader.QOPA
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.08 Suspicious file
PCTools 4.4.2.0 2009.07.08 -
Prevx 3.0 2009.07.08 -
Rising 21.37.24.00 2009.07.08 -
Sophos 4.43.0 2009.07.08 -
Sunbelt 3.2.1858.2 2009.07.08 -
Symantec 1.4.4.12 2009.07.08 Packed.Generic.233
TheHacker 6.3.4.3.363 2009.07.08 Trojan/Dropper.Microjoin.grj
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.08 -
ViRobot 2009.7.8.1824 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.08 -
```

Дополнительная информация
File size: 2335760 bytes
MD5...: ed5d6dad09ac0453007b767d66871c71
SHA1..: d8e3f0fdfb601de1650b5c0d8b6adf3891d9e53d
SHA256: cb859efb2e6faaaea969ee89f1af197bd5ce9eac521da7c5e3  9ccc50ea656fd8
ssdeep: 49152:378KTBi1cLaFo4eaZNS31dGh/uoQ2BW4mHD1QTbt0irjQVznlC8XEV:37V
sUxmwoQzbD1QPtprjQ1480V
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)



Файл 32.tmp получен 2009.07.08 17:49:26 (UTC)
Текущий статус:   закончено 
Результат: 8/41 (19.52%)



```
Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.08 -
AhnLab-V3 5.0.0.2 2009.07.08 -
AntiVir 7.9.0.204 2009.07.08 -
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.08 -
AVG 8.5.0.386 2009.07.08 FakeAlert.KO
BitDefender 7.2 2009.07.08 -
CAT-QuickHeal 10.00 2009.07.08 -
ClamAV 0.94.1 2009.07.08 -
Comodo 1578 2009.07.08 UnclassifiedMalware
DrWeb 5.0.0.12182 2009.07.08 -
eSafe 7.0.17.0 2009.07.08 -
eTrust-Vet 31.6.6604 2009.07.08 Win32/AMalum.ZZVJP
F-Prot 4.4.4.56 2009.07.08 -
F-Secure 8.0.14470.0 2009.07.08 Trojan-Downloader:W32/Fakerean.gen!A
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.08 -
Ikarus T3.1.1.64.0 2009.07.08 -
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5670 2009.07.08 Generic PWS!hv.ao
McAfee+Artemis 5670 2009.07.08 Artemis!473025A9DF16
McAfee-GW-Edition 6.8.5 2009.07.08 -
Microsoft 1.4803 2009.07.08 -
NOD32 4224 2009.07.08 -
Norman 6.01.09 2009.07.08 -
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.08 -
PCTools 4.4.2.0 2009.07.08 -
Prevx 3.0 2009.07.08 Medium Risk Malware
Rising 21.37.24.00 2009.07.08 -
Sophos 4.43.0 2009.07.08 -
Sunbelt 3.2.1858.2 2009.07.08 -
Symantec 1.4.4.12 2009.07.08 Packed.Generic.218
TheHacker 6.3.4.3.363 2009.07.08 -
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.08 -
ViRobot 2009.7.8.1824 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.08 -
```

Дополнительная информация
File size: 507904 bytes
MD5...: 473025a9df16200353512782738f0ac6
SHA1..: 4c92ec23b44d2e53c2862322652f5aac005dd26e
SHA256: 81f9360a34ca121c7f0511547ecc50b769250aab83b748406e  868a4b1e0a08b0
ssdeep: 12288:FSd/O4dESGEQDy9n9sEL9SxA/fpF8V4sNP6bJccREf:YtOfTE8yLsEL9SG
w40AcIK
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)


Файл 29.tmp получен 2009.07.08 17:48:53 (UTC)
Текущий статус:  закончено 
Результат: 17/40 (42.5%)



```
Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.08 Virus.Win32.Trojan!IK
AhnLab-V3 5.0.0.2 2009.07.08 -
AntiVir 7.9.0.204 2009.07.08 -
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.08 Win32:Trojan-gen {Other}
AVG 8.5.0.386 2009.07.08 SHeur2.AKYM
BitDefender 7.2 2009.07.08 -
CAT-QuickHeal 10.00 2009.07.08 -
ClamAV 0.94.1 2009.07.08 -
Comodo 1578 2009.07.08 -
DrWeb 5.0.0.12182 2009.07.08 -
eSafe 7.0.17.0 2009.07.08 Win32.Packed
eTrust-Vet 31.6.6604 2009.07.08 -
F-Prot 4.4.4.56 2009.07.08 -
F-Secure 8.0.14470.0 2009.07.08 -
Fortinet 3.117.0.0 2009.07.03 PossibleThreat
GData 19 2009.07.08 Win32:Trojan-gen {Other}
Ikarus T3.1.1.64.0 2009.07.08 Virus.Win32.Trojan
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5670 2009.07.08 FakeAlert-DA
McAfee+Artemis 5670 2009.07.08 FakeAlert-DA
McAfee-GW-Edition 6.8.5 2009.07.08 -
Microsoft 1.4803 2009.07.08 TrojanDropper:Win32/Microjoin.gen!B
NOD32 4224 2009.07.08 a variant of Win32/Kryptik.SM
Norman 6.01.09 2009.07.08 DLoader.QOPA
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.08 Generic Trojan
PCTools 4.4.2.0 2009.07.08 -
Rising 21.37.24.00 2009.07.08 -
Sophos 4.43.0 2009.07.08 Perfect Keylogger
Sunbelt 3.2.1858.2 2009.07.08 VIPRE.Suspicious
Symantec 1.4.4.12 2009.07.08 Packed.Generic.233
TheHacker 6.3.4.3.363 2009.07.08 -
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.08 BScope.Dropper.Gen.17
ViRobot 2009.7.8.1824 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.08 -
```

Дополнительная информация
File size: 1675264 bytes
MD5...: 7aa8ad673f88d85abd2fac999d05a924
SHA1..: 3c91e0b4ff9962835d6d9e222471489be6aeead1
SHA256: 4bdef2b9f2e1cb3eab132f01941b656fb12ba3116d94f9b729  03e33078a47839
ssdeep: 49152:CafYip3diRY4e46g4klh9twVsM5UPqxZgH:pAoERY4ee  44rcUPqx
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

----------


## VirCode

Предложили скачать флеш плеер

Файл install_flash_player._exe получен 2009.07.09 03:17:07 (UTC)




> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.18	2009.07.09	-
> AhnLab-V3	5.0.0.2	2009.07.08	-
> AntiVir	7.9.0.204	2009.07.08	-
> Antiy-AVL	2.0.3.1	2009.07.08	-
> Authentium	5.1.2.4	2009.07.08	-
> Avast	4.8.1335.0	2009.07.08	-
> AVG	8.5.0.386	2009.07.09	-
> BitDefender	7.2	2009.07.09	-
> ...



Дополнительная информация
File size: 33280 bytes
MD5...: 2542af8813cfd5513966fc529c38065e
SHA1..: b84d5ece478c47848b1feb57a760efc5ad607772
SHA256: 37e88827d450cf335c8d690215e6f41ae0c66a470c5bd61cd4  90481bc36e67a3
ssdeep: 384:v3zu83Dcet5Svtk/UU5JJO7nyjGWGvOIfZ/AL23hgqwDvWi:v3623DSvtksG<br>PAnySBOkR623ADO<br>
PEiD..: -


http://www.virustotal.com/ru/analisi...7a3-1247109427

----------


## senyak

Файл 429.exe получен 2009.07.09 17:21:39 (UTC)
Текущий статус: закончено
Результат: 16/41 (39.03%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.18	2009.07.09	Backdoor.Win32.VanBot!IK*
> AhnLab-V3	5.0.0.2	2009.07.09	-
> *AntiVir	7.9.0.204	2009.07.09	TR/Buzus.bltq
> Antiy-AVL	2.0.3.1	2009.07.09	Trojan/Win32.Buzus.gen*
> Authentium	5.1.2.4	2009.07.09	-
> Avast	4.8.1335.0	2009.07.08	-
> AVG	8.5.0.386	2009.07.09	-
> BitDefender	7.2	2009.07.09	-
> ...


Дополнительная информация
File size: 136704 bytes
MD5...: 810a4666f83266ad3249758aa9073a11
SHA1..: f8fa1b3871214e0e4715b9a7ca9e137d0e90eb1f
SHA256: 4b85473175639e5c3e4c88bf373e2ca704af96098f531d084d  890986bd273efd
ssdeep: 1536:vJDk2qAifOf8RFYOhRDgxvjNHjlQqdzNE6bLC/NbA/uu7HlXMI6AEyDXr5b
+0:txlf8R/hRD85k6ilbA7lHXPDZp
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information




Файл 677.exe получен 2009.07.09 17:27:59 (UTC)
Текущий статус: закончено
Результат: 9/41 (21.96%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.18	2009.07.09	Backdoor.Win32.VanBot!IK*
> AhnLab-V3	5.0.0.2	2009.07.09	-
> AntiVir	7.9.0.204	2009.07.09	-
> Antiy-AVL	2.0.3.1	2009.07.09	-
> Authentium	5.1.2.4	2009.07.09	-
> Avast	4.8.1335.0	2009.07.08	-
> AVG	8.5.0.386	2009.07.09	-
> BitDefender	7.2	2009.07.09	-
> ...


Дополнительная информация
File size: 136704 bytes
MD5...: 854cc73a4bb31a327252b6c3920aacc5
SHA1..: ef9a3f94aa0cd98c4ff9294622c6d8178f94c0fe
SHA256: f27125662774bc97582520f4c3001a9e86aa8e2cc5012b6e8a  0a1ca66ebeb063
ssdeep: 3072:8Qvmv9mYSJ3qw5YHqj0G8mOWzOTPUyeKINN9W8a0+KkQ:  7UmYu3l6bpT89l
E2
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information




Файл rdlC.tmp.exe получен 2009.07.09 17:28:06 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.2%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.18	2009.07.09	Worm.Win32.Downloader!IK*
> AhnLab-V3	5.0.0.2	2009.07.09	-
> AntiVir	7.9.0.204	2009.07.09	-
> Antiy-AVL	2.0.3.1	2009.07.09	-
> Authentium	5.1.2.4	2009.07.09	-
> Avast	4.8.1335.0	2009.07.08	-
> AVG	8.5.0.386	2009.07.09	-
> BitDefender	7.2	2009.07.09	-
> ...


Дополнительная информация
File size: 41984 bytes
MD5...: 9425e83b7f3adfbbc1306ddf7e8acc36
SHA1..: 7d80a79c8d9cfb89a81e1247b701b64318c5a186
SHA256: 233afea1a9c7508b340087f3bdfd8ab931fdf97b2418606c2a  5ac143c981f327
ssdeep: 768:GVYU6SpQtuk+xWHUYtoDYN41zjgi93oSjrXC5ZDItRUBK:  S6OQLZHUYtiYu1
fDxjbC5ZaUk
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

----------


## antanta

Уже не знаю, что и думать... Вот результат проверки на ВТ:



> Файл com.run получен 2009.07.10 1746 (UTC)
> Текущий статус:    закончено 
> Результат: 15/40 (37.5%) 
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.18	2009.07.10	HackTool.Win32.Patcher.A!IK
> AhnLab-V3	5.0.0.2	2009.07.10	-
> AntiVir	7.9.0.204	2009.07.10	TR/Agent.azpm.19
> Antiy-AVL	2.0.3.1	2009.07.10	Backdoor/Win32.Small.gen
> ...


 Вот ответ от вирлаба ЛК:




> > > Hello,
> > > com.run,
> > > dp1.fne,
> > > eAPI.fne,
> > > krnln,
> > > og.dll,
> > > og.EDT,
> > > RegEx.fnr,
> > > shell.fne,
> ...


Причем, усомнясь в покуда любимом KIS, установил некую другую софтину. Настройки поставил, правда, параноидальные, ругается на этот зоопарк (и другие коллекции) почем зря. Я бы и не вспомнил про них, если бы не новый аверь.
 Решил позакидывать на ВТ... В последнее время постоянно возникают подобные ситуации: Нахожу явно левые файлы, с подозрительными названиями, атрибутами. Выключение их  из автозапуска (в широком смысле) приводит машину в нормальное рабочее состояние. Далее следует проверка на ВТ, отправка в ЛК. Итог - выше. Что это? Все кругом понтовщики, как семантек, и параноики? Один кис - д'артаньян?
 Откуда такая дружная реакция у остальных аверей? 



> Файл shell.fne получен 2009.07.10 17:46:43 (UTC)
> Текущий статус:   закончено 
> Результат: 21/41 (51.22%) 
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.18	2009.07.10	Trojan.Peed!IK
> AhnLab-V3	5.0.0.2	2009.07.10	Win-Trojan/Xema.variant
> AntiVir	7.9.0.204	2009.07.10	TR/Peed.A.689
> Antiy-AVL	2.0.3.1	2009.07.10	-
> ...


 Я понимаю, что отсутствие ложных срабатываний - большой плюс, но "миллионы мух не могут ошибаться... в НЕМ что-то есть"  :Smiley:

----------


## senyak

Файл PrivateContent.exe получен 2009.07.11 19:05:21 (UTC)
Текущий статус: закончено
Результат: 8/41 (19.52%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.18	2009.07.11	Trojan.Fake!IK*
> AhnLab-V3	5.0.0.2	2009.07.11	-
> *AntiVir	7.9.0.204	2009.07.11	TR/Fake.GoogleBar.2*
> Antiy-AVL	2.0.3.1	2009.07.10	-
> Authentium	5.1.2.4	2009.07.11	-
> Avast	4.8.1335.0	2009.07.10	-
> AVG	8.5.0.387	2009.07.11	-
> BitDefender	7.2	2009.07.11	-
> ...


Дополнительная информация
File size: 99328 bytes
MD5...: 0eee7a49d5f4c29337f87a33a8507260
SHA1..: f6abfebf4b40d82ceb3fe0e62b6c3914edb2b8b4
SHA256: 34428d6f832b2ecf708af8e663910518fd71f9f7266fa948f6  c6ed6a00c76dd2
ssdeep: 1536:lW/AsM5bATFbok+qi7CcUUcMVdJivWoHzdqDc8iA08qeJkb2v:xuT  sXUBaM
WoH3zAqeJkG
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

----------


## senyak

Файл foto.jar получен 2009.07.12 16:50:55 (UTC)
Текущий статус: закончено
Результат: 18/40 (45%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.18	2009.07.12	-
> AhnLab-V3	5.0.0.2	2009.07.11	-
> *AntiVir	7.9.0.204	2009.07.11	JAVA/Boxer.1
> Antiy-AVL	2.0.3.1	2009.07.10	Trojan/J2ME.Boxer*
> Authentium	5.1.2.4	2009.07.11	-
> *Avast	4.8.1335.0	2009.07.11	Other:Malware-gen
> AVG	8.5.0.387	2009.07.12	Java/SMS.C*
> BitDefender	7.2	2009.07.12	-
> ...


Дополнительная информация
File size: 8287 bytes
MD5...: 0f4b74ce4f097a9bbc02349a2f1f4ce2
SHA1..: 78de1813fbe54937022758d83aef05a6f69af58d
SHA256: 4e40f2080bdb0e67f16935a23bdcfde6f23d340c96bd1cf9c7  67cf96cc40ae93
ssdeep: 192:3AJ08neaMUeV1/EaaflyW2bZAgxK2WRpmPM49Vr3RGyB6fvK55F4313oE:3I
08errDClyW2ugxiKPM4z4xvY5I13oE
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...e93-1247417455

----------


## valho

File Light.WebMoney_Generator_1.1.0.exе received on 2009.07.13 07:35:10 (UTC)
Current status: Finished
Result: 23/41 (56.1%)



> a-squared	4.5.0.18	2009.07.13	-
> *AhnLab-V3	5.0.0.2	2009.07.13	Packed/Upack*
> *AntiVir	7.9.0.204	2009.07.13	TR/Crypt.XPACK.Gen*
> Antiy-AVL	2.0.3.1	2009.07.10	-
> *Authentium	5.1.2.4	2009.07.12	W32/Virut.AI!Generic*
> *Avast	4.8.1335.0	2009.07.12	Win32:LdPinch-CT*
> *AVG	8.5.0.387	2009.07.12	Suspicion: unknown virus*
> BitDefender	7.2	2009.07.13	-
> *CAT-QuickHeal	10.00	2009.07.10	(Suspicious) - DNAScan*
> ...


Additional information
File size: 337972 bytes
MD5...: dc2537c892419abb8ee5afdfdc66f1d4
SHA1..: bc52dbd8675dfc5f9b83edc5ae38861dda2d24ca
SHA256: a698c41738bee77172ef899f54bf751d0f18d389f0b7697f0a  65e81b06e2fac6
ssdeep: 6144:IzLtV8Ou+gg0T4B6tUNDGzcyzYQB2LwB4Ia7fOv0eDE0g  bn1sNBA/LIl5LX
:81eUwtUAzcyzYDLwB4IaSXUCLA8
PEiD..: -
TrID..: File type identification
DOS Executable Generic (100.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1030
timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970)
machinetype.......: 0x14c (I386)

----------


## Surfer

File SecureZIP.12.2.exe received on 2009.07.16 15:43:22 (UTC)
Result: 13/41 (31.71%)




> *a-squared	4.5.0.24	2009.07.16	Trojan.Win32.Alureon!IK*
> AhnLab-V3	5.0.0.2	2009.07.16	-
> *AntiVir	7.9.0.215	2009.07.16	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2009.07.16	-
> Authentium	5.1.2.4	2009.07.16	-
> *Avast	4.8.1335.0	2009.07.16	NSIS:Fasec-AR*
> AVG	8.5.0.387	2009.07.16	-
> BitDefender	7.2	2009.07.16	-
> CAT-QuickHeal	10.00	2009.07.16	-
> ...


http://www.virustotal.com/analisis/f...1bd-1247759002

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## ALEX(XX)

File sdra64.exe received on 2009.07.16 17:41:52 (UTC)

```
Antivirus	Version	Last Update	Result
a-squared	4.5.0.24	2009.07.16	-
AhnLab-V3	5.0.0.2	2009.07.16	-
AntiVir	7.9.0.220	2009.07.16	TR/Crypt.ZPACK.Gen
Antiy-AVL	2.0.3.7	2009.07.16	-
Authentium	5.1.2.4	2009.07.16	-
Avast	4.8.1335.0	2009.07.16	Win32:MalOb-A
AVG	8.5.0.387	2009.07.16	Win32/Cryptor
BitDefender	7.2	2009.07.16	Gen:Trojan.Heur.Hype.90A35C5C5C
CAT-QuickHeal	10.00	2009.07.16	-
ClamAV	0.94.1	2009.07.16	-
Comodo	1672	2009.07.16	-
DrWeb	5.0.0.12182	2009.07.16	-
eSafe	7.0.17.0	2009.07.16	-
eTrust-Vet	31.6.6617	2009.07.15	-
F-Prot	4.4.4.56	2009.07.16	-
F-Secure	8.0.14470.0	2009.07.16	Trojan-Spy.Win32.Zbot.gen
Fortinet	3.120.0.0	2009.07.16	-
GData	19	2009.07.16	Gen:Trojan.Heur.Hype.90A35C5C5C
Ikarus	T3.1.1.64.0	2009.07.16	-
Jiangmin	11.0.800	2009.07.16	-
K7AntiVirus	7.10.794	2009.07.16	Trojan-Spy.Win32.Zbot.gen
Kaspersky	7.0.0.125	2009.07.16	Trojan-Spy.Win32.Zbot.gen
McAfee	5678	2009.07.16	-
McAfee+Artemis	5678	2009.07.16	-
McAfee-GW-Edition	6.8.5	2009.07.16	Trojan.Crypt.ZPACK.Gen
Microsoft	1.4803	2009.07.16	PWS:Win32/Zbot.gen!R
NOD32	4250	2009.07.16	a variant of Win32/Kryptik.TL
Norman	6.01.09	2009.07.16	W32/Zbot.ESV
nProtect	2009.1.8.0	2009.07.16	-
Panda	10.0.0.14	2009.07.16	-
PCTools	4.4.2.0	2009.07.16	-
Prevx	3.0	2009.07.16	-
Rising	21.38.34.00	2009.07.16	-
Sophos	4.43.0	2009.07.16	Mal/Zbot-O
Sunbelt	3.2.1858.2	2009.07.16	Trojan-Spy.Win32.Zbot.gen (v)
Symantec	1.4.4.12	2009.07.16	Packed.Generic.232
TheHacker	6.3.4.3.368	2009.07.15	-
TrendMicro	8.950.0.1094	2009.07.16	-
VBA32	3.12.10.8	2009.07.15	-
ViRobot	2009.7.16.1839	2009.07.16	-
VirusBuster	4.6.5.0	2009.07.16	-
```



```
Additional information
File size: 156160 bytes
MD5...: f7cd54f260e52fb08dc7f38db11bb34a
SHA1..: 99c40ae7bdaa1d287178a6bb713281d543369a54
SHA256: 748ac452367616eb940189dee2caba47d7030f3ebf4151972a55da6b309d462e
ssdeep: 3072:VMrS7qraRKxp/0mrAu6hwImYKmAJOIN39+wYC6LdiBxrBQv4naihOvE25:S<BR>MKxWmrAthwIU7OINt+QNxr+7vEi<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x8787<BR>timedatestamp.....: 0x48defc33 (Sun Sep 28 03:38:27 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xea70 0xec00 7.27 b197c185c06657282ce7f4e6a071c866<BR>.rdata 0x10000 0x13a8 0x1400 5.63 55a5cbaae3794760187605f491e46a6d<BR>.data 0x12000 0x40af 0x200 2.23 aad0214b1ece39af48ce1dfb9d061b14<BR><BR>( 4 imports ) <BR>&gt; ADVAPI32.dll: StartServiceCtrlDispatcherW, RegEnumKeyExA, GetAuditedPermissionsFromAclA, RegGetKeySecurity, FreeSid, InitiateSystemShutdownA, CryptContextAddRef, SetNamedSecurityInfoExW, GetCurrentHwProfileW, LookupAccountSidA, LookupAccountNameW, RegLoadKeyW, RegisterEventSourceW, BuildTrusteeWithSidW, DuplicateTokenEx, RegSaveKeyW, QueryServiceConfigA, CryptCreateHash, LookupAccountNameA, GetMultipleTrusteeA, SetFileSecurityW, CloseServiceHandle, MakeAbsoluteSD, CryptAcquireContextA, AccessCheck, RegSetKeySecurity, AccessCheckAndAuditAlarmW, RegOpenKeyExW, GetSecurityDescriptorLength, LookupSecurityDescriptorPartsW, ConvertSecurityDescriptorToAccessA, RegConnectRegistryA, SetAclInformation, OpenEventLogW, GetFileSecurityA, RegCloseKey, RegQueryValueExA, RegQueryMultipleValuesW, RegDeleteKeyA, SetNamedSecurityInfoExA<BR>&gt; KERNEL32.dll: GetProcessHeap, GetDefaultCommConfigA, GetProcessShutdownParameters, Module32Next, Thread32Next, lstrcmp, GetTempPathW, LCMapStringW, ConvertDefaultLocale, GetThreadContext, ReadConsoleInputA, TransmitCommChar, GetCPInfoExW, LocalAlloc, SetTapeParameters, SetThreadPriorityBoost, SetThreadContext, GetFileAttributesA, WaitNamedPipeA, FillConsoleOutputCharacterW, SetComputerNameW, CreateIoCompletionPort, CompareFileTime, PeekNamedPipe, FindResourceExW, CreateWaitableTimerA, CreateFileA, MoveFileW, LocalFree, GetPrivateProfileStructA, FatalAppExitW, OpenWaitableTimerA, EraseTape, WaitForSingleObjectEx, WaitForSingleObject, WriteFile, EnumDateFormatsExW, FoldStringA, VirtualProtect, VirtualAlloc<BR>&gt; SHLWAPI.dll: PathIsUNCW, SHRegDuplicateHKey, SHDeleteEmptyKeyW, SHIsLowMemoryMachine, SHAutoComplete, StrStrA, UrlUnescapeW, PathCanonicalizeA, UrlGetLocationA, PathAddExtensionA, PathIsSameRootA, PathMatchSpecW, StrChrA, SHRegEnumUSKeyA, PathAddExtensionW, PathFindSuffixArrayW, SHGetThreadRef, PathFileExistsA, PathGetCharTypeA, PathGetCharTypeW, StrSpnA, PathFindExtensionA, PathUndecorateA, SHRegSetUSValueA, PathParseIconLocationW, UrlCombineA, wnsprintfA, PathIsUNCServerA, IntlStrEqWorkerA, SHRegQueryInfoUSKeyW, PathMakeSystemFolderW, PathRenameExtensionA, UrlUnescapeA, SHRegGetBoolUSValueA, SHCopyKeyW, PathCombineA, PathGetDriveNumberW, PathIsDirectoryW, SHRegEnumUSKeyW, SHRegEnumUSValueA, PathCommonPrefixA, SHRegDeleteUSValueA, StrRChrIW, PathGetArgsA, StrPBrkA, PathFindExtensionW, UrlEscapeW, PathIsUNCServerShareA, PathBuildRootA, PathIsDirectoryEmptyA, PathMakeSystemFolderA, PathIsContentTypeW, PathIsRelativeA<BR>&gt; ole32.dll: UtGetDvtd16Info, OleRegGetUserType, CoUnmarshalHresult, OleNoteObjectVisible, OleGetAutoConvert, OleQueryCreateFromData, OleMetafilePictFromIconAndLabel, OleConvertIStorageToOLESTREAM, CoInitialize, OleGetClipboard, StringFromIID, CoQueryReleaseObject, StgGetIFillLockBytesOnFile, CoQueryClientBlanket, OleIsCurrentClipboard, CoTaskMemFree, OleConvertOLESTREAMToIStorageEx, CoDosDateTimeToFileTime, CoFreeAllLibraries, OleCreateFromData, OleIsRunning, OleQueryLinkFromData, CreateDataCache, SetConvertStg, CoGetCurrentLogicalThreadId, CoMarshalHresult, OleSetClipboard, OleLoad, ProgIDFromCLSID, OleCreateLinkFromData, CoGetCurrentProcess, CoGetObject<BR><BR>( 0 exports ) <BR>
PDFiD.: -
RDS...: NSRL Reference Data Set<BR>-
```

----------


## Surfer

Файл uwpifur.html получен 2009.07.17 13:29:43 (UTC)
Результат: 3/41 (7.32%)




> a-squared	4.5.0.24	2009.07.17	-
> AhnLab-V3	5.0.0.2	2009.07.17	-
> AntiVir	7.9.0.220	2009.07.17	-
> Antiy-AVL	2.0.3.7	2009.07.17	-
> Authentium	5.1.2.4	2009.07.17	-
> *Avast	4.8.1335.0	2009.07.16	HTML:IFrame-IE*
> AVG	8.5.0.387	2009.07.17	-
> BitDefender	7.2	2009.07.17	-
> CAT-QuickHeal	10.00	2009.07.17	-
> ...


http://www.virustotal.com/ru/analisi...f63-1247837383

----------


## valho

File foto18.scr received on 2009.07.17 17:30:58 (UTC)
Current status: finished
Result: 9/40 (22.50%)



> *a-squared 	4.5.0.24 	2009.07.17 	Trojan.Win32.FakeXPA!IK*
> AhnLab-V3 	5.0.0.2 	2009.07.17 	-
> AntiVir 	7.9.0.220 	2009.07.17 	-
> Antiy-AVL 	2.0.3.7 	2009.07.17 	-
> Authentium 	5.1.2.4 	2009.07.17 	-
> Avast 	4.8.1335.0 	2009.07.17 	-
> AVG 	8.5.0.387 	2009.07.17 	-
> BitDefender 	7.2 	2009.07.17 	-
> CAT-QuickHeal 	10.00 	2009.07.17 	-
> ...


Additional information
File size: 196608 bytes
MD5   : 0bb14fb2f38777f6b64b60dc8f1978ce
SHA1  : 4be7e0e8a3a5753b75cf1a2cec9c17a8595469bf
SHA256: 6be4d1588541bc4a1826b1a52d3046ea6ad2e720a8b1a93c81  e97b793d09c8f1
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1187
timedatestamp.....: 0x373ADC16 (Thu May 13 16:05:10 1999)
machinetype.......: 0x14C (Intel I386)
http://info.prevx.com/aboutprogramte...52F7004167BEF2

----------


## valho

File gsmlokator_nokia.jad received on 2009.07.18 20:43:03 (UTC)
Current status: finished
Result: 0/41 (0%)



> a-squared	4.5.0.24	2009.07.18	-
> AhnLab-V3	5.0.0.2	2009.07.18	-
> AntiVir	7.9.0.220	2009.07.17	-
> Antiy-AVL	2.0.3.7	2009.07.17	-
> Authentium	5.1.2.4	2009.07.18	-
> Avast	4.8.1335.0	2009.07.18	-
> AVG	8.5.0.387	2009.07.18	-
> BitDefender	7.2	2009.07.18	-
> CAT-QuickHeal	10.00	2009.07.17	-
> ...


Additional information
File size: 394 bytes
MD5...: f4b911f5a6922dfa86cbad1b5751f5d5
SHA1..: 2534a0e3ba2750adf82b47fbc10158e153a1859c
SHA256: a2bfeed9aa5962f32a4171436cee7ba6b58a86972636f7fca9  ca64a9859ca6b6
ssdeep: 6:1KItJtf9FyuF35rB9oU+KMIgzB9ovXe2nkfSUu9VtUqYoESl  eOdaivv:1Tt/ff
xp5tX+KVSMX+u9VOFMleOfvv
PEiD..: -
TrID..: File type identification
Java Manifest (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
 :Sad:

----------


## VirCode

Нашёл на работе в папке %USERPROFILE%

 Файл User.exe получен 2009.07.21 09:00:24 (UTC)




> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.24	2009.07.21	-
> *AhnLab-V3	5.0.0.2	2009.07.21	Win-Trojan/Downloader.39424.CQ*
> AntiVir	7.9.0.222	2009.07.21	-
> Antiy-AVL	2.0.3.7	2009.07.17	-
> Authentium	5.1.2.4	2009.07.21	-
> Avast	4.8.1335.0	2009.07.20	-
> *AVG	8.5.0.387	2009.07.20	Downloader.Generic8.BCXT*
> BitDefender	7.2	2009.07.21	-
> ...


File size: 39424 bytes
MD5...: e17a03336c1db4cfa0f83a1de511efe7
SHA1..: 4de1074c88cb6fb3f432dd2cbf2884100d2ad6a9
SHA256: 0d88e03db04dec4e457506c6ff60e9ff666c0770d723ec36d5  6d75be1b0ecb00
ssdeep: 768:b4doDtuG3FBR8GXMz5Fi/XzdqAjSomBg:b4uJuG3/R8GXkFlAjSoM
PEiD..: -
TrID..: File type identification
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

P.S: http://camas.comodo.com/cgi-bin/subm...6d75be1b0ecb00

----------


## valho

File syschost.exe received on 2009.07.22 04:43:54 (UTC)
Current status: finished
Result: 4/41 (9.76%)



> *a-squared	4.5.0.24	2009.07.22	Trojan-Dropper.Agent!IK*
> AhnLab-V3	5.0.0.2	2009.07.21	-
> AntiVir	7.9.0.222	2009.07.21	-
> Antiy-AVL	2.0.3.7	2009.07.22	-
> Authentium	5.1.2.4	2009.07.22	-
> Avast	4.8.1335.0	2009.07.21	-
> AVG	8.5.0.387	2009.07.21	-
> BitDefender	7.2	2009.07.22	-
> CAT-QuickHeal	10.00	2009.07.21	-
> ...


dditional information
File size: 18432 bytes
MD5...: c5640feb5a62af27c4ae0efdf75c54c1
SHA1..: 421a9c1fe8bb604dee24f4a85c40695c8ef03f59
SHA256: eae88ba28b1c86e776a37f163c264b4b230b7788155ddf782a  487b50733a59f8
ssdeep: 384:fy+x6lI2M/1EJRPjTlm1sxsB8bdhzoZlV73kYkheTj3w4:ff6JRI1sqche70
zheJ
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (38.5%)
Win32 EXE Yoda's Crypter (33.4%)
Win32 Executable Generic (10.7%)
Win32 Dynamic Link Library (generic) (9.5%)
Win16/32 Executable Delphi generic (2.6%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xfda0
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

File explopep.exe received on 2009.07.22 04:44:21 (UTC)
Current status: finished
Result: 2/41 (4.88%)



> a-squared	4.5.0.24	2009.07.22	-
> AhnLab-V3	5.0.0.2	2009.07.21	-
> AntiVir	7.9.0.222	2009.07.21	-
> Antiy-AVL	2.0.3.7	2009.07.22	-
> Authentium	5.1.2.4	2009.07.22	-
> Avast	4.8.1335.0	2009.07.21	-
> AVG	8.5.0.387	2009.07.21	-
> BitDefender	7.2	2009.07.22	-
> CAT-QuickHeal	10.00	2009.07.21	-
> ...


Additional information
File size: 19968 bytes
MD5...: 7be149ee77fa31b3f8bab455937ac76f
SHA1..: 1b226b0ef31388ebe23421ec566dc14e2d57aa6e
SHA256: 9b05fb900ef5744cded0a53ed024fdb5b79becfdd6b03c9a71  c7b1a8c7151348
ssdeep: 384:Pd916tjMZUcCdOSMIOu5TFpTJ1jMBtdfir81LGDYVpmzl8  :P/1cjeU0AOu5x
r5M/daOJ0
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (38.5%)
Win32 EXE Yoda's Crypter (33.4%)
Win32 Executable Generic (10.7%)
Win32 Dynamic Link Library (generic) (9.5%)
Win16/32 Executable Delphi generic (2.6%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x112d0
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

----------


## valho

File WindoFixSetup.exe received on 2009.07.23 02:33:50 (UTC)
Current status: finished
Result: 0/40 (0%)



> a-squared	4.5.0.24	2009.07.23	-
> AhnLab-V3	5.0.0.2	2009.07.22	-
> AntiVir	7.9.0.222	2009.07.22	-
> Antiy-AVL	2.0.3.7	2009.07.22	-
> Authentium	5.1.2.4	2009.07.23	-
> Avast	4.8.1335.0	2009.07.22	-
> AVG	8.5.0.387	2009.07.22	-
> BitDefender	7.2	2009.07.23	-
> CAT-QuickHeal	10.00	2009.07.22	-
> ...


File size: 1192959 bytes
MD5...: 12a351a1efce6b76bab9f66e41f8343b
SHA1..: 4215e12971ef73057f0354a0b2abbeadaeb51251
SHA256: 6f74cc72c14659467ede114873cb8d8ee53295f5f87af19e3c  4d456c3d628aac
ssdeep: 24576:v2U3grE9z9ZWn9HGpYVViu60r0otygrOeWKgXsxtiCn1  tN8YaXag:v2w2E
99cntGpYVVH6O0oRHkcXJbhaV
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x9a58
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
 :Sad: 

*Добавлено через 31 минуту*

Файл RegDefense.exe получен 2009.07.23 02:54:49 (UTC)
Результат: 1/41 (2.44%)



> a-squared	4.5.0.24	2009.07.23	-
> AhnLab-V3	5.0.0.2	2009.07.22	-
> AntiVir	7.9.0.222	2009.07.22	-
> Antiy-AVL	2.0.3.7	2009.07.22	-
> Authentium	5.1.2.4	2009.07.23	-
> Avast	4.8.1335.0	2009.07.22	-
> AVG	8.5.0.387	2009.07.22	-
> BitDefender	7.2	2009.07.23	-
> CAT-QuickHeal	10.00	2009.07.22	-
> ...


File size: 2018352 bytes
MD5...: e172a33b36458384f2422f2b4c65c2fb
SHA1..: 2f6a891b2fca21f6e03c318e88306e03eef3bc83
SHA256: c23ef87124181107bba9b0a9a2d6891839511d2bf3626342e0  fdd8f195ef237c
ssdeep: 49152:pIAJPWQJKWDW+BRxj+v2HDHkPrKQhzVGRXEVF8qMXf:p  rJP3KWDlBCvUHs
rKQDMUVF8qe
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (63.0%)
Win32 Executable MS Visual C++ (generic) (27.7%)
Win32 Executable Generic (6.2%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x323c
timedatestamp.....: 0x49a05a1a (Sat Feb 21 19:46:34 2009)
machinetype.......: 0x14c (I386)

----------


## ALEX(XX)

Свяжак
Файл avz00007.dta получен 2009.07.23 09:34:03 (UTC)


```
Антивирус    Версия    Обновление    Результат
a-squared    4.5.0.24    2009.07.23    -
AhnLab-V3    5.0.0.2    2009.07.23    -
AntiVir    7.9.0.228    2009.07.23    TR/Dropper.Gen
Antiy-AVL    2.0.3.7    2009.07.23    -
Authentium    5.1.2.4    2009.07.23    -
Avast    4.8.1335.0    2009.07.22    -
AVG    8.5.0.387    2009.07.22    -
BitDefender    7.2    2009.07.23    -
CAT-QuickHeal    10.00    2009.07.23    (Suspicious) - DNAScan
ClamAV    0.94.1    2009.07.23    -
Comodo    1741    2009.07.23    -
DrWeb    5.0.0.12182    2009.07.23    -
eSafe    7.0.17.0    2009.07.21    -
eTrust-Vet    31.6.6634    2009.07.22    -
F-Prot    4.4.4.56    2009.07.22    -
F-Secure    8.0.14470.0    2009.07.23    -
Fortinet    3.120.0.0    2009.07.23    -
GData    19    2009.07.23    -
Ikarus    T3.1.1.64.0    2009.07.23    -
Jiangmin    11.0.800    2009.07.23    -
K7AntiVirus    7.10.799    2009.07.22    -
Kaspersky    7.0.0.125    2009.07.23    -
McAfee    5684    2009.07.22    FakeAlert-DZ
McAfee+Artemis    5684    2009.07.22    FakeAlert-DZ
McAfee-GW-Edition    6.8.5    2009.07.23    Trojan.Dropper.Gen
Norman    6.01.09    2009.07.22    -
nProtect    2009.1.8.0    2009.07.23    -
Panda    10.0.0.14    2009.07.22    -
PCTools    4.4.2.0    2009.07.22    -
Prevx    3.0    2009.07.23    -
Rising    21.39.32.00    2009.07.23    Unknown Win32 Virus
Sophos    4.44.0    2009.07.23    -
Sunbelt    3.2.1858.2    2009.07.22    -
Symantec    1.4.4.12    2009.07.23    -
TheHacker    6.3.4.3.372    2009.07.23    -
TrendMicro    8.950.0.1094    2009.07.23    -
VBA32    3.12.10.9    2009.07.23    -
ViRobot    2009.7.23.1849    2009.07.23    -
VirusBuster    4.6.5.0    2009.07.22    -
```



```
Дополнительная информация
File size: 742482 bytes
MD5...: 42893aa9d384edcbc1a9ca032f3ab490
SHA1..: bdd61934d7515b7a0096bcf293bf6cfab5cf8f3d
SHA256: a3620607e76385d0e2b3c8ad570a3622954df3b76ca96772450f1f3d36cc4759
ssdeep: 12288:QTC1mFBuXfXQ9sHc7rmfTwl0IbZfKrVxNIok51r6Jm:Qe1lpc7rmfT0b8B<br>Aam<br>
PEiD..: -
TrID..: File type identification<br>Generic Win/DOS Executable (49.9%)<br>DOS Executable Generic (49.8%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xb2388<br>timedatestamp.....: 0x470a9cb6 (Mon Oct 08 21:10:14 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name        viradd    virsiz   rawdsiz  ntrpy  md5<br>.text       0x1000  0x15d000   0xb3e00   7.21  75112b42922338fd2df30e5a9ab440b7<br>.data     0x15e000    0x1000     0x200   0.00  bf619eac0cdf3f68d496ea9344137e8b<br>.rdata    0x15f000    0x1000     0xc00   4.80  e2fa41bfcd45e3b2d083bea433814491<br>.rsrc     0x160000    0x1000     0x400   3.02  e10879d0fd2c52238d8d79e944ed807c<br><br>( 2 imports )  <br>&gt; KERNEL32.DLL: GetModuleFileNameA, InterlockedIncrement, GetCurrentProcess, GetSystemTimeAsFileTime, GetModuleFileNameW, InterlockedCompareExchange, LoadLibraryA, VirtualAlloc, GetProcAddress, GetProcAddress, HeapDestroy, GetProcessHeap, HeapDestroy, UnhandledExceptionFilter, DisableThreadLibraryCalls, GetModuleHandleA, GetTickCount, GetProcAddress, HeapDestroy, InterlockedDecrement, GetModuleFileNameA, EnterCriticalSection, InterlockedIncrement, lstrcmpiW, GetModuleFileNameW, InterlockedExchange, LocalFree, EnterCriticalSection, LoadLibraryA, GetModuleFileNameA, EnterCriticalSection, HeapFree, QueryPerformanceCounter, CloseHandle, LeaveCriticalSection, lstrlenA, GetModuleHandleW, lstrlenA, LocalFree, Sleep, EnterCriticalSection, CreateEventW, HeapFree, CreateFileW, HeapDestroy, GetModuleFileNameW, lstrcmpiW, QueryPerformanceCounter, UnhandledExceptionFilter, SetLastError, UnhandledExceptionFilter, ReadFile, GetTickCount<br>&gt; USER32.DLL: BeginPaint, EndPaint, PostQuitMessage, MessageBoxW, SendMessageW, KillTimer, DialogBoxParamW, SetForegroundWindow, GetDesktopWindow, GetWindowLongW, SetDlgItemTextW, DispatchMessageW, BeginPaint, GetDlgItem, EndDialog, DefWindowProcW, CreateWindowExW, DialogBoxParamW, GetSysColor, SetTimer, IsWindow, DialogBoxParamW, IsDlgButtonChecked, KillTimer, GetDesktopWindow, SetWindowLongW, PostQuitMessage, EnableWindow, SetWindowPos, GetDC, KillTimer, SetDlgItemTextW, SetWindowPos, ReleaseDC, ReleaseDC, PostQuitMessage, CreateWindowExW, LoadCursorW, GetClientRect, GetSysColor, SetWindowLongW, TranslateMessage, SendDlgItemMessageW, GetDesktopWindow, wsprintfA, GetDesktopWindow, SetCursor, GetFocus, LoadIconW, InvalidateRect, TranslateMessage, LoadStringW, SetTimer, PostQuitMessage, BeginPaint<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
```

*Добавлено через 8 минут*

Файл avz00006.dta получен 2009.07.23 09:43:29 (UTC)


```
Антивирус	Версия	Обновление	Результат
a-squared	4.5.0.24	2009.07.23	Email-Worm.Win32.Iksmas!IK
AhnLab-V3	5.0.0.2	2009.07.23	-
AntiVir	7.9.0.228	2009.07.23	-
Antiy-AVL	2.0.3.7	2009.07.23	-
Authentium	5.1.2.4	2009.07.23	-
Avast	4.8.1335.0	2009.07.22	-
AVG	8.5.0.387	2009.07.23	PSW.Generic7.SFW
BitDefender	7.2	2009.07.23	-
CAT-QuickHeal	10.00	2009.07.23	(Suspicious) - DNAScan
ClamAV	0.94.1	2009.07.23	-
Comodo	1741	2009.07.23	-
DrWeb	5.0.0.12182	2009.07.23	Trojan.Spambot.4331
eSafe	7.0.17.0	2009.07.21	-
eTrust-Vet	31.6.6634	2009.07.22	-
F-Prot	4.4.4.56	2009.07.22	-
F-Secure	8.0.14470.0	2009.07.23	Email-Worm.Win32.Iksmas.dgr
Fortinet	3.120.0.0	2009.07.23	W32/[email protected]
GData	19	2009.07.23	-
Ikarus	T3.1.1.64.0	2009.07.23	Email-Worm.Win32.Iksmas
Jiangmin	11.0.800	2009.07.23	-
K7AntiVirus	7.10.799	2009.07.22	-
Kaspersky	7.0.0.125	2009.07.23	Email-Worm.Win32.Iksmas.dgr
McAfee	5684	2009.07.22	-
McAfee+Artemis	5684	2009.07.22	Artemis!7329B2096B15
McAfee-GW-Edition	6.8.5	2009.07.23	Heuristic.BehavesLike.Win32.Packed.I
Microsoft	1.4903	2009.07.23	Trojan:Win32/Waledac.gen!A
NOD32	4269	2009.07.23	a variant of Win32/Waledac.KA
Norman	6.01.09	2009.07.22	-
nProtect	2009.1.8.0	2009.07.23	-
Panda	10.0.0.14	2009.07.22	Trj/CI.A
PCTools	4.4.2.0	2009.07.22	-
Prevx	3.0	2009.07.23	Medium Risk Malware
Rising	21.39.32.00	2009.07.23	Unknown Win32 Virus
Sophos	4.44.0	2009.07.23	Mal/WaledPak-H
Sunbelt	3.2.1858.2	2009.07.22	Email-Worm.Win32.Waledac.Gen (v)
Symantec	1.4.4.12	2009.07.23	-
TheHacker	6.3.4.3.372	2009.07.23	-
TrendMicro	8.950.0.1094	2009.07.23	-
VBA32	3.12.10.9	2009.07.23	-
ViRobot	2009.7.23.1849	2009.07.23	-
VirusBuster	4.6.5.0	2009.07.22	-
```



```
Дополнительная информация
File size: 498688 bytes
MD5...: 7329b2096b156842c7bd576b1918ec58
SHA1..: 56a6d2634f2759b425e3cc20c0c51bedd1664aac
SHA256: 8f5c16bc2b368cc4dbea79a7a84151b454f9a8dc7405e615af585b9883f9e2ff
ssdeep: 12288:0qy5DTAlioxxYRr5BeQPbd4kJqG1TskXiIedH:0qG3AlioxEfPbd4kJqwM<br>bd<br>
PEiD..: -
TrID..: File type identification<br>Generic Win/DOS Executable (49.9%)<br>DOS Executable Generic (49.8%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x76804<br>timedatestamp.....: 0x435eac41 (Tue Oct 25 22:05:53 2005)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name        viradd    virsiz   rawdsiz  ntrpy  md5<br>.text       0x1000   0xf3000   0x78600   7.22  ef8c82cbc04d20d825f48695fae1836f<br>.data      0xf4000    0x1000     0x200   0.00  bf619eac0cdf3f68d496ea9344137e8b<br>.rdata     0xf5000    0x1000     0xc00   4.49  f17d28d20a8d830c8416c375a6cf939d<br>.rsrc      0xf6000    0x1000     0x400   2.98  f060e5acc6c09b946f5c69aacf27f77c<br><br>( 2 imports )  <br>&gt; KERNEL32.DLL: LocalFree, InterlockedExchange, GetCurrentProcessId, MultiByteToWideChar, GetProcAddress, GetCurrentThreadId, MultiByteToWideChar, GetModuleHandleA, InterlockedExchange, SetLastError, LeaveCriticalSection, QueryPerformanceCounter, Sleep, HeapFree, InterlockedCompareExchange, HeapFree, GetTickCount, GetProcessHeap, FreeLibrary, DisableThreadLibraryCalls, UnhandledExceptionFilter, LocalFree, ReadFile, GetCurrentProcessId, GetModuleFileNameW, GetCurrentProcessId, UnhandledExceptionFilter, ReadFile, UnhandledExceptionFilter, FreeLibrary, GetProcAddress, LoadLibraryW, GetCurrentProcessId, GetCurrentProcessId, GetProcAddress, HeapDestroy, GetModuleFileNameA, VirtualAlloc, InterlockedIncrement, CreateFileW, VirtualAlloc, LoadLibraryA, HeapFree, LocalFree, UnhandledExceptionFilter, HeapFree, LoadLibraryW, LoadLibraryA, LocalFree, GetTickCount<br>&gt; USER32.DLL: LoadIconW, SetTimer, LoadStringW, KillTimer, DestroyWindow, PostQuitMessage, DestroyWindow, DialogBoxParamW, SetFocus, wsprintfA, SendDlgItemMessageW, ReleaseDC, GetFocus, GetParent, PostMessageW, ReleaseDC, IsDlgButtonChecked, InvalidateRect, SetWindowLongW, SetCursor, CreateWindowExW, GetSystemMetrics, PostQuitMessage, SetWindowTextW, SetForegroundWindow, EndDialog, LoadStringW, InvalidateRect, SetDlgItemTextW, GetWindowLongW, CreateWindowExW, SetTimer, IsWindow, wsprintfA, InvalidateRect, SetWindowLongW, PostQuitMessage, MessageBoxW, IsDlgButtonChecked, SendMessageW, LoadIconW, CharNextW, GetDlgItem, IsDlgButtonChecked, EnableWindow, SetForegroundWindow, EndPaint, SetCursor, TranslateMessage, GetWindowRect, IsWindow<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Prevx info: &lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=AB6C3551001E40DA9C0E07ABED62FE00BBFD3571' target='_blank'&gt;http://info.prevx.com/aboutprogramtext.asp?PX5=AB6C3551001E40DA9C0E07ABED62FE00BBFD3571&lt;/a&gt;
```

----------


## senyak

Файл PrivateContent.exe получен 2009.07.26 08:58:44 (UTC)
Текущий статус: закончено
Результат: 10/41 (24.4%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.07.26	Trojan.Fake!IK*
> AhnLab-V3	5.0.0.2	2009.07.26	-
> *AntiVir	7.9.0.228	2009.07.24	TR/Fake.GoogleBar.2*
> Antiy-AVL	2.0.3.7	2009.07.24	-
> Authentium	5.1.2.4	2009.07.25	-
> Avast	4.8.1335.0	2009.07.25	-
> AVG	8.5.0.387	2009.07.25	-
> BitDefender	7.2	2009.07.26	-
> ...


Дополнительная информация
File size: 99328 bytes
MD5...: 1aa4a28552d9cf24878c85914c3442e8
SHA1..: 68a542ea170bd52759aee48acd8ae68682328ac6
SHA256: c4e9963578075ee1b00d95bcc8a49496925183385dbb92e2dc  8fe0bd3ce0367a
ssdeep: 1536:B86UAPypaYOwPxWEMGwCcUTcDVsKdwfXpmydqjcfAp0dp  v44H4YE:B86NhY
1mXUIRXwfXpmWYpgQl1
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information


http://www.virustotal.com/ru/analisi...67a-1248598724

----------


## senyak

Файл flash_player.exe получен 2009.07.28 18:37:35 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.2%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.07.28	Trojan-Dropper!IK*
> AhnLab-V3	5.0.0.2	2009.07.28	-
> *AntiVir	7.9.0.234	2009.07.28	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2009.07.28	-
> Authentium	5.1.2.4	2009.07.28	-
> Avast	4.8.1335.0	2009.07.28	-
> AVG	8.5.0.387	2009.07.28	-
> BitDefender	7.2	2009.07.28	-
> ...


Дополнительная информация
File size: 12373 bytes
MD5...: 2ece81a4431ed7908b0a088031ad3551
SHA1..: 686c75e6f401504f9f0522f04d848656ab603e1d
SHA256: 71738d8f7a8b0ee857f5dc8b89cc257f69ab4839ab59e1a30a  787cf8135784c0
ssdeep: 48:yg0wSiS3XYViUS0FeB12j2ifdv8/9kSfSWtLdBFlwyCZXuClm0mZZNHJn/+K:
U3i2IoGq12j2n1kSHtdBwsCI0SH5l
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...4c0-1248806255

----------


## Shu_b

промежуточные итоги народного тестирования июнь-июль:

----------


## Torvic99

Файл qip.jar получен 2009.07.31 11:13:40 (UTC)
                 Текущий статус:             Загрузка ...             в очереди             ожидание             проверка             закончено             НЕ НАЙДЕНО             ОСТАНОВЛЕНО         
                 Результат: 2/41 (4.88%)



> a-squared 4.5.0.24 2009.07.31-
> AhnLab-V3 5.0.0.2 2009.07.30-
> AntiVir 7.9.0.236 2009.07.31-
> Antiy-AVL 2.0.3.7 2009.07.31-
> Authentium 5.1.2.4 2009.07.31-
> Avast 4.8.1335.0 2009.07.30-
> AVG 8.5.0.406 2009.07.31-
> BitDefender 7.2 2009.07.31-
> CAT-QuickHeal 10.00 2009.07.30-
> ...

----------


## mseryoga

Файл vk-client-new.5.exe получен 2009.08.01 07:11:37 (UTC)




> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.24	2009.07.31	-
> AhnLab-V3	5.0.0.2	2009.07.31	-
> AntiVir	7.9.0.238	2009.07.31	-
> Antiy-AVL	2.0.3.7	2009.07.31	-
> Authentium	5.1.2.4	2009.07.31	-
> Avast	4.8.1335.0	2009.07.31	-
> AVG	8.5.0.406	2009.07.31	-
> BitDefender	7.2	2009.08.01	-
> ...


Дополнительная информация
File size: 23040 bytes
MD5...: e536c9d9ceec3b8686d35dc002f1f976
SHA1..: 2b1277b00cb41748c798e341b26c346bc3c80256
SHA256: 0a8c25a01f68082edac235e5f70fac1a7d7a3dfecec42c3824  a3acc2f234ba1e
ssdeep: 384:VKhR1HopZov4tbrJFgFbMmRwoZVBN/ka2QlyT:w5opbJiFz9TN/50<
PEiD..: -

----------


## senyak

Файл foto.jar получен 2009.08.02 10:21:13 (UTC)
Текущий статус: закончено
Результат: 10/41 (24.4%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.02	Trojan-SMS!IK*
> AhnLab-V3	5.0.0.2	2009.08.01	-
> AntiVir	7.9.0.238	2009.07.31	-
> *Antiy-AVL	2.0.3.7	2009.07.31	Trojan/J2ME.Konov*
> Authentium	5.1.2.4	2009.08.01	-
> *Avast	4.8.1335.0	2009.08.01	Other:Malware-gen*
> AVG	8.5.0.406	2009.08.02	-
> BitDefender	7.2	2009.08.02	-
> ...


Дополнительная информация
File size: 2662 bytes
MD5...: f153398fceceb5f26e840576d658e907
SHA1..: ea0b174e210c239264a3db9afc4dc0c9c4eb38ca
SHA256: f8637e1353b8339a8bd0da652ed23b67ee322f5d8c3eb60274  c83156daa53748
ssdeep: 48:91FTQo0tOURs9y3VeiTExPW387mjiAlqAxBCSZyU8/scU6p7dKNZ4w :Cheesy: FTiOU
Rs9qVeiTUDycSZJn6ZdkZL
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...748-1249208473

----------


## valho

File index_1_.htm received on 2009.08.02 17:44:10 (UTC)
Current status: finished
Result: 7/40 (17.50%)



> a-squared 	4.5.0.24 	2009.08.02 	-
> AhnLab-V3 	5.0.0.2 	2009.08.01 	-
> *AntiVir 	7.9.0.238 	2009.08.02 	HTML/Crypted.Gen*
> Antiy-AVL 	2.0.3.7 	2009.07.31 	-
> Authentium 	5.1.2.4 	2009.08.02 	-
> *Avast 	4.8.1335.0 	2009.08.01 	JS:Obfuscated-CV*
> *AVG 	8.5.0.406 	2009.08.02 	JS/Downloader.Agent*
> BitDefender 	7.2 	2009.08.02 	-
> CAT-QuickHeal 	10.00 	2009.07.30 	-
> ...


Additional information
File size: 6501 bytes
MD5   : c8bcdb732ed5e73d802e4404b7771e10
SHA1  : 51c76ed7f908255032f9ee0c4ca06d139b1e5e82
SHA256: d9a8404ae35297ea45d514f2502b6ca777dab88d8dbf58ccb7  165689ab016ebf
TrID  : File type identification
Unknown!
ssdeep: 192:bWkW3PFo3XtifBBILnfi98Ci+2XBt9PDgN/:b/so3nLK98C8Dw
PEiD  : -
RDS   : NSRL Reference Data Set
-

----------


## valho

Эт всё от контакта

File sms-vkontakte received on 2009.08.03 11:21:09 (UTC)
Current status: finished
Result: 5/41 (12.2%)



> *a-squared	4.5.0.24	2009.08.03	Riskware.JS.Obfuscator!IK*
> AhnLab-V3	5.0.0.2	2009.08.01	-
> *AntiVir	7.9.0.238	2009.08.03	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.03	-
> Authentium	5.1.2.4	2009.08.02	-
> Avast	4.8.1335.0	2009.08.02	-
> AVG	8.5.0.406	2009.08.03	-
> BitDefender	7.2	2009.08.03	-
> CAT-QuickHeal	10.00	2009.08.03	-
> ...


Additional information
File size: 710 bytes
MD5...: 44493a2e5f0b3f40d78af23706e90f0e
SHA1..: 462bc9a61c5d6ad12d289c2ebbb68cdeb24d1f7a
SHA256: fff61030becae6d994f10e91d66754f133397596c6551da28e  eeab8546fead0b
ssdeep: 12:X7jtNDxAqk0+qK0WEzqtjSow/EKEsN0YlE7guu5lJeinga05jwWT3wdVl:XPD
k0+qzWe2SoOdEa+7fuIin42XP
PEiD..: -
TrID..: File type identification
GZipped File (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (F-Prot): packed

File 549a6be38aae63e8913bd1d43b14d83a received on 2009.08.03 11:34:44 (UTC)
Current status: finished
Result: 3/41 (7.32%)



> a-squared	4.5.0.24	2009.08.03	-
> AhnLab-V3	5.0.0.2	2009.08.01	-
> *AntiVir	7.9.0.238	2009.08.03	HTML/Psyme.Gen*
> Antiy-AVL	2.0.3.7	2009.08.03	-
> Authentium	5.1.2.4	2009.08.02	-
> Avast	4.8.1335.0	2009.08.02	-
> AVG	8.5.0.406	2009.08.03	-
> BitDefender	7.2	2009.08.03	-
> CAT-QuickHeal	10.00	2009.08.03	-
> ...


Additional information
File size: 4072 bytes
MD5...: 549a6be38aae63e8913bd1d43b14d83a
SHA1..: 528fa966c136cd0f411227e20e09d08d2fe50893
SHA256: 323db2eb646c0b54669bd4dd2ecc48f0814464af3665a99e97  1ef2e5c453fe42
ssdeep: 96:e1M1M8Cs2Ot4LkWyC5cCJcCiw1x2TGQtqswWF7DG:kmMp9k  W35JJJHgf7DG
PEiD..: -
TrID..: File type identification
Text - UTF-16 (LE) encoded (64.4%)
MP3 audio (32.2%)
Lumena CEL bitmap (2.0%)
Corel Photo Paint (1.3%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (F-Prot): Unicode

File e712330a93f5cf725ea0c6bc4c52375b received on 2009.08.03 11:34:56 (UTC)
Current status: finished
Result: 5/41 (12.2%)



> Antivirus  	Version  	Last Update  	Result
> a-squared	4.5.0.24	2009.08.03	-
> AhnLab-V3	5.0.0.2	2009.08.01	-
> *AntiVir	7.9.0.238	2009.08.03	HTML/Infected.WebPage.Gen*
> Antiy-AVL	2.0.3.7	2009.08.03	-
> Authentium	5.1.2.4	2009.08.02	-
> *Avast	4.8.1335.0	2009.08.02	HTML:Iframe-inf*
> AVG	8.5.0.406	2009.08.03	-
> BitDefender	7.2	2009.08.03	-
> ...


Additional information
File size: 188 bytes
MD5...: e712330a93f5cf725ea0c6bc4c52375b
SHA1..: 05fbff8903000d1deda96d01614cff5916e0bd99
SHA256: 3d7b276f53d1f676ebaa54da1e475bb445815b0055a2db329f  9aa2bbf4479173
ssdeep: 3:Q4giyYFI+MKXyR+plM1yClMAlW/LXCn/lFMbCn/lFIcpAYlHlBvohalhluWlgT
:QdiLMKXyR+lM1yCWAlWWncun4cp9CsB8
PEiD..: -
TrID..: File type identification
Text - UTF-16 (LE) encoded (66.6%)
MP3 audio (33.3%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (F-Prot): Unicode

Файл MW2bl2ow.exe.part получен 2009.08.03 11:39:35 (UTC)
Текущий статус: Закончено
Результат: 7/41 (17.08%)



> a-squared	4.5.0.24	2009.08.03	-
> AhnLab-V3	5.0.0.2	2009.08.01	-
> *AntiVir	7.9.0.238	2009.08.03	TR/Dldr.Banload.zdt*
> Antiy-AVL	2.0.3.7	2009.08.03	-
> *Authentium	5.1.2.4	2009.08.02	W32/Downldr2.GAZE*
> Avast	4.8.1335.0	2009.08.02	-
> AVG	8.5.0.406	2009.08.03	-
> BitDefender	7.2	2009.08.03	-
> CAT-QuickHeal	10.00	2009.08.03	-
> ...


Дополнительная информация
File size: 102200 bytes
MD5...: 244dc79fd7fe3eafc2570c58a16a1663
SHA1..: 97b927b350e485adf400956620c85476973cf1dd
SHA256: 634f850fcf1c58c008101fd2075eb6ea7ae843df508904a361  5e7a3770eb3a4c
ssdeep: 1536:5YNQ+cdiUBjyWgp0oNmFqXmOWRDOib6aqkSZZZ3EPGGul  5tzZWOLyfDy4cD
2IDMv:5yUBjy5OFvOWRDbbNUEPozbwDyNyID9e
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x21d00
timedatestamp.....: 0x44e24a66 (Tue Aug 15 22:27:50 2006)
machinetype.......: 0x14c (I386)

File reiting.exe received on 2009.08.03 11:45:01 (UTC)
Current status: finished
Result: 35/41 (85.37%)



> *a-squared	4.5.0.24	2009.08.03	Trojan.Win32.Qhost!IK*
> AhnLab-V3	5.0.0.2	2009.08.01	-
> *AntiVir	7.9.0.238	2009.08.03	TR/Qhost.lmb*
> *Antiy-AVL	2.0.3.7	2009.08.03	Trojan/Win32.Qhost.gen*
> *Authentium	5.1.2.4	2009.08.02	W32/Trojan2.HKKZ*
> *Avast	4.8.1335.0	2009.08.02	Win32:Trojan-gen {Other}*
> *AVG	8.5.0.406	2009.08.03	Generic13.AHII*
> *BitDefender	7.2	2009.08.03	Trojan.Generic.1910797*
> *CAT-QuickHeal	10.00	2009.08.03	Trojan.Qhost.lmb*
> ...


Additional information
File size: 19968 bytes
MD5...: 280619caade6d10b81fe8c5657dd6bdd
SHA1..: 6d00a4af9c39b7c5cb5cbaceb2b363cc6fcd1392
SHA256: b290b5c559729fd65e80dfd1063ded37958fc0ccaa7b6442af  ae0f38127601ae
ssdeep: 384:Iw4VGlwmBBO1IfXxZxyNVyTI7Uhy150stdRIyMaNJawcud  oD7Uvm7P:rmmBI
IfDcVj15v3jFnbcuyD7UM
PEiD..: UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification
Win32 Executable Generic (67.8%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
VXD Driver (0.2%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xe360
timedatestamp.....: 0x49f46a61 (Sun Apr 26 14:06:25 2009)
machinetype.......: 0x14c (I386)
http://info.prevx.com/aboutprogramte...5101008711BF73

----------


## senyak

Файл avz00001.dta получен 2009.08.03 13:31:49 (UTC)
Текущий статус: закончено
Результат: 10/41 (24.4%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.08.03	-
> AhnLab-V3	5.0.0.2	2009.08.01	-
> *AntiVir	7.9.0.238	2009.08.03	TR/Buzus.brhg*
> Antiy-AVL	2.0.3.7	2009.08.03	-
> Authentium	5.1.2.4	2009.08.02	-
> Avast	4.8.1335.0	2009.08.02	-
> AVG	8.5.0.406	2009.08.03	-
> BitDefender	7.2	2009.08.03	-
> ...


Дополнительная информация
File size: 124928 bytes
MD5...: efb23688c0132d7fea66bcb79ad7e383
SHA1..: 1ac8bb94919d7319260313994f8d7edf6298d4a7
SHA256: 8c87381aff84664d84eb160e2c1db4ff96ce620299cebd1e1b  566eb15a146456
ssdeep: 1536:SIoXVBOlxvrSXsxhcXw+NeRqk3WZFfPMCVUli9FlH/FzZ9bKG8TIKnY56OU
MhyHr:oXzXBNEeZFXMto9FlHXxKG8TIipHKP
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...456-1249306309




Файл avz00002.dta получен 2009.08.03 13:32:20 (UTC)
Текущий статус: закончено
Результат: 13/41 (31.71%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.03	Net-Worm.Win32.Kolab!IK*
> AhnLab-V3	5.0.0.2	2009.08.01	-
> AntiVir	7.9.0.238	2009.08.03	-
> Antiy-AVL	2.0.3.7	2009.08.03	-
> Authentium	5.1.2.4	2009.08.02	-
> Avast	4.8.1335.0	2009.08.02	-
> *AVG	8.5.0.406	2009.08.03	Injector.FF*
> BitDefender	7.2	2009.08.03	-
> ...


Дополнительная информация
File size: 84992 bytes
MD5...: 8e10307f9b4879a45b86ddda9ab74884
SHA1..: 8f4c38ba2059a87cdcf5ff7e5027dbffa1b01c8c
SHA256: aa531a0162ff09b4219259988a81a684e0b8c3523159a97c9d  828ceb4f7bc31b
ssdeep: 1536:C+YDy1fv/pHysT4II5UgVM7b9jA3UHvdNZMmcOr2MXlG:CnyhvBywPgVM7b
FqyVNZME1XlG
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...31b-1249306340

----------


## senyak

Файл load.exe получен 2009.08.04 20:04:22 (UTC)
Текущий статус: закончено
Результат: 4/41 (9.76%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.08.04	-
> AhnLab-V3	5.0.0.2	2009.08.04	-
> AntiVir	7.9.0.240	2009.08.04	-
> Antiy-AVL	2.0.3.7	2009.08.04	-
> Authentium	5.1.2.4	2009.08.04	-
> Avast	4.8.1335.0	2009.08.04	-
> AVG	8.5.0.406	2009.08.04	-
> BitDefender	7.2	2009.08.04	-
> ...


Дополнительная информация
File size: 19456 bytes
MD5...: 3a96e2c81dfe1e59bb805e0496fe4469
SHA1..: 70e8c60a07752d4c68f37f832e08f84d1c33d491
SHA256: f5a40dbe7b81c5b5d703481d6169f4cec5edaf3c7a40d1b23d  a528f4100d103d
ssdeep: 384:1C5Km3pW2PFV9JKAQjfiKQYXnH22wtEWZCF:1C5KmZhrKz  jaDQUy
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.2%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.6%)
DOS Executable Generic (13.6%)
VXD Driver (0.2%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...03d-1249416262




Файл pdf.pdf получен 2009.08.04 20:04:46 (UTC)
Текущий статус: закончено
Результат: 7/41 (17.08%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.08.04	-
> AhnLab-V3	5.0.0.2	2009.08.04	-
> AntiVir	7.9.0.240	2009.08.04	-
> Antiy-AVL	2.0.3.7	2009.08.04	-
> Authentium	5.1.2.4	2009.08.04	-
> *Avast	4.8.1335.0	2009.08.04	JS:Pdfka-MM*
> AVG	8.5.0.406	2009.08.04	-
> BitDefender	7.2	2009.08.04	-
> ...


Дополнительная информация
File size: 2959 bytes
MD5...: 737579946352e88a6cb5d54ec102f566
SHA1..: 6853889e94b032db748edd5861b68d75258e30a2
SHA256: cfe1749cf2954e45c84bf75dd2fea339555b259d78bb542d51  2299cbe50bc260
ssdeep: 48:FuENYPNRgS+K5vkwzjYHSDTqG3LMlUJ7IAOBvod0rLNvSOC  hWAdXYCOzZzEDN
Kf6:cENY1RgNK5swzz+G3wOJ8tpod+qOChdD
PEiD..: -
TrID..: File type identification
Adobe Portable Document Format (100.0%)
PEInfo: -

http://www.virustotal.com/ru/analisi...260-1249416286

----------


## senyak

Файл update.exe получен 2009.08.06 10:00:53 (UTC)
Текущий статус: закончено
Результат: 22/41 (53.66%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.06	Trojan-Downloader.Win32.Bredolab!IK
> AhnLab-V3	5.0.0.2	2009.08.06	Win-Trojan/Downloader.30208.BX
> AntiVir	7.9.0.240	2009.08.06	BDS/Zdoogu.FA
> Antiy-AVL	2.0.3.7	2009.08.05	Backdoor/Win32.Zdoogu.gen*
> Authentium	5.1.2.4	2009.08.06	-
> Avast	4.8.1335.0	2009.08.06	-
> *AVG	8.5.0.406	2009.08.06	SHeur2.AUGF*
> BitDefender	7.2	2009.08.06	-
> ...


Дополнительная информация

File size: 30208 bytes
MD5...: 424760b62b811166b318e1200734be32
SHA1..: d1e2f80afdcd407eba63943cca789d3be075a484
SHA256: 6b4e3937cca31eca5b1b724ac27eccdd9a62f273b1f4668ceb  e909a9da36eb90
ssdeep: 384:91+mSCAkKT0W8kVuAxNVtqfUVas0cW/87GD+XECSQSuuQQYcMsmhCSd4jdeg
bRe/:98/rRbtq9QWk7GDz30QYJBGjjbpG5
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...b90-1249552853





Файл xpdeluxe.exe получен 2009.08.06 10:01:34 (UTC)
Текущий статус: закончено
Результат: 24/41 (58.54%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.06	Trojan.Win32.FakeRean!IK
> AhnLab-V3	5.0.0.2	2009.08.06	Win-Trojan/FakeAlert.1225728
> AntiVir	7.9.0.240	2009.08.06	TR/FakeRean.A.45*
> Antiy-AVL	2.0.3.7	2009.08.05	-
> Authentium	5.1.2.4	2009.08.06	-
> *Avast	4.8.1335.0	2009.08.06	Win32:Fraudo*
> AVG	8.5.0.406	2009.08.06	-
> BitDefender	7.2	2009.08.06	-
> ...


Дополнительная информация
File size: 1225728 bytes
MD5...: 307e6d02ed26ff516827c6469401456e
SHA1..: 2b04ca909c2f862b8c730f4ff89be4edaa3a5673
SHA256: f1234e05df628d43db8b41e92b4ceac19a1bd9996ced88ab94  c7383d7772ea09
ssdeep: 24576:0kZ67bkLe3HCGB5agRMvvsknKfqLYC1WEFNIcypeWWqx  apxRd1+0:V67bY
4sgRKTnAXWNPdD
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...a09-1249552894

*Добавлено через 28 минут*

Только что у себя выцепил эти два файлика. Чет хотели мне наделать

Файл avz00001.dta получен 2009.08.06 10:15:14 (UTC)
Текущий статус: закончено
Результат: 11/41 (26.83%)



> Антивирус 	Версия 	Обновление 	Результат
> *a-squared 	4.5.0.24 	2009.08.06 	Trojan.Win32.Refroso!IK*
> AhnLab-V3 	5.0.0.2 	2009.08.06 	-
> AntiVir 	7.9.0.240 	2009.08.06 	-
> *Antiy-AVL 	2.0.3.7 	2009.08.05 	Trojan/Win32.Refroso.gen*
> Authentium 	5.1.2.4 	2009.08.06 	-
> Avast 	4.8.1335.0 	2009.08.06 	-
> AVG 	8.5.0.406 	2009.08.06 	Generic14.PPK
> BitDefender 	7.2 	2009.08.06 	-
> ...


Дополнительная информация

File size: 300032 bytes
MD5   : 4ff8880dc2ff94dd6d04e16b18d7c073
SHA1  : 294a06c988efc569a4165e56e6092a765f8c2c4c
SHA256: a88eda6dd4c1096bacd6ecc1170e4a71349b6f94e66b23ac6b  ce7d25ed5905e6
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x439A
timedatestamp.....: 0x4A6FBC08 (Wed Jul 29 05:03:36 2009)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x357E 0x3600 5.76 6eaaccffcc4851eee5cf1357ee38bba1
.rdata 0x5000 0x8BA 0xA00 4.74 cf673cbdc6fd492858e8da108b3743da
.data 0x6000 0xB74 0x800 6.12 9cf3a4d11527acea903610620162d3e2
.rsrc 0x7000 0x44780 0x44800 7.78 f8e0f63f93948b8b5eed39e6a0a3886f

http://www.virustotal.com/ru/analisi...5e6-1249553714





Файл 85.rar получен 2009.08.06 10:34:49 (UTC)
Текущий статус: закончено
Результат: 9/41 (21.96%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.06	Spammer!IK*
> AhnLab-V3	5.0.0.2	2009.08.06	-
> AntiVir	7.9.0.240	2009.08.06	-
> Antiy-AVL	2.0.3.7	2009.08.05	-
> Authentium	5.1.2.4	2009.08.06	-
> Avast	4.8.1335.0	2009.08.06	-
> *AVG	8.5.0.406	2009.08.06	SHeur2.AUTZ*
> BitDefender	7.2	2009.08.06	-
> ...


Дополнительная информация

File size: 45501 bytes
MD5...: 51cec740816a99f5cd1171243f74f9ae
SHA1..: cd1c8244cee634d88f6d274130aeaa604af4d059
SHA256: 92e71c4abb60c51bd5e197148d22512a3fcc83e87eade49958  784c4ff3b1315d
ssdeep: 768:az2T5ey7hQKBauUNuOkPnkUu6M6aNvoVpgRwVmHuG3Tqc/KiLUO/10VAQ987
yw04:K2IIouOSkUudwVORbTjj7LU616AD7304
PEiD..: -
TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...15d-1249554889

*Добавлено через 4 часа 26 минут*

Еще какая-то гадость сидела в папке Windows 

Файл tapi.nfo получен 2009.08.06 15:00:28 (UTC)
Текущий статус: закончено
Результат: 14/41 (34.15%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.06	Trojan-Downloader.Win32.Small!IK*
> AhnLab-V3	5.0.0.2	2009.08.06	-
> *AntiVir	7.9.0.240	2009.08.06	TR/Dldr.Small.alyr*
> Antiy-AVL	2.0.3.7	2009.08.05	-
> Authentium	5.1.2.4	2009.08.06	-
> Avast	4.8.1335.0	2009.08.06	-
> *AVG	8.5.0.406	2009.08.06	Downloader.Generic8.BFZA*
> BitDefender	7.2	2009.08.06	-
> ...


Дополнительная информация
File size: 24576 bytes
MD5...: aed17b841272d835657a5c32f18e7046
SHA1..: c02cbfa8887016e74bb46dcafae238b4a5b7764a
SHA256: a704cf809922c83764c9575520237b746bca99dc373a908156  9515b158823f6a
ssdeep: 384:5JtXqCog7f+9A31rhs+OgQN0On16SZTXkGT5:/QCV7W9Q5hs+uyO16Irp
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (67.8%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
VXD Driver (0.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...f6a-1249570828

*Добавлено через 7 часов 16 минут*

Файл VK.exe получен 2009.08.06 22:18:58 (UTC)
Текущий статус: закончено
Результат: 11/41 (26.83%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.06	Trojan.BAT.Agent!IK*
> AhnLab-V3	5.0.0.2	2009.08.06	-
> AntiVir	7.9.0.240	2009.08.06	-
> Antiy-AVL	2.0.3.7	2009.08.05	-
> Authentium	5.1.2.4	2009.08.06	-
> Avast	4.8.1335.0	2009.08.06	-
> AVG	8.5.0.406	2009.08.06	-
> BitDefender	7.2	2009.08.07	-
> ...


Дополнительная информация
File size: 19968 bytes
MD5...: 55555d8215040c839dcfc2dc1f6da85e
SHA1..: facd21a1be7ac500d2b46826b5fdbaf137f9de3b
SHA256: bd2776b7e17307c480158cfed0c0c3e58a131e7fe78bacfc10  938f2541429f9c
ssdeep: 384:4I38pS558OMoXvzRpKAQ9iJs3s/C20qEMu5OcZvjMaNJawcudoD7URm7P:4I
LpMSTQ9G1xhENBFnbcuyD7UW
PEiD..: UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification
Win32 Executable Generic (67.8%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
VXD Driver (0.2%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...f9c-1249597138

----------


## valho

File 2b04b15c6dc0c9edef7465ed1bf017e1. received on 2009.08.06 23:27:21 (UTC)
Current status: finished
Result: 1/41 (2.44%)



> a-squared	4.5.0.24	2009.08.06	-
> AhnLab-V3	5.0.0.2	2009.08.06	-
> AntiVir	7.9.0.240	2009.08.06	-
> Antiy-AVL	2.0.3.7	2009.08.05	-
> Authentium	5.1.2.4	2009.08.06	-
> Avast	4.8.1335.0	2009.08.06	-
> AVG	8.5.0.406	2009.08.06	-
> BitDefender	7.2	2009.08.07	-
> CAT-QuickHeal	10.00	2009.08.06	-
> ...


Additional information
File size: 13248 bytes
MD5...: ea0f2de6ce677356786b3a67cb2596a9
SHA1..: 9e6c4a136c0eb9baebb52e55503a333af899a456
SHA256: 95401cfba6b4c34d077d3b8d90ff651f3f7a2b76a09bd5b033  37f66654243379
ssdeep: 192:ojs8orZws8oZs8oXs8orL7qWdrkjXE/p4b0jxQ8Oe8DKpHpeMlbaKWoC2Z:o
jYuYZYXYruE/iAje8Oe8DoIszWoHZ
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

File ajfv8x0.gif received on 2009.08.06 23:27:33 (UTC)
Current status: finished
Result: 10/41 (24.4%)



> *a-squared	4.5.0.24	2009.08.06	Trojan-Downloader.JS.Small!IK*
> AhnLab-V3	5.0.0.2	2009.08.06	-
> AntiVir	7.9.0.240	2009.08.06	-
> *Antiy-AVL	2.0.3.7	2009.08.05	Trojan/JS.Agent*
> Authentium	5.1.2.4	2009.08.06	-
> *Avast	4.8.1335.0	2009.08.06	JS:Redirector-N*
> AVG	8.5.0.406	2009.08.06	-
> *BitDefender	7.2	2009.08.07	Trojan.Downloader.JS.Small.NBJ*
> CAT-QuickHeal	10.00	2009.08.06	-
> ...


Additional information
File size: 935 bytes
MD5...: d99614b0195a1e3491090d66ea6a6a20
SHA1..: 1224e11dfc4f88a71111605f1d2386df252bb8ee
SHA256: f3effcf48ba88e820ee32682a1fd346e8512b77977064561a8  4c0bb2c757e5cd
ssdeep: 24:xQdgdz/FsjtsbJYgIdrLujRRq62fmFn6RxNRQ5f:tt2tsbJudrLujRR0f  en6b
Nmp
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

File allgood.html received on 2009.08.06 23:27:39 (UTC)
Current status: finished
Result: 1/41 (2.44%)



> a-squared	4.5.0.24	2009.08.06	-
> AhnLab-V3	5.0.0.2	2009.08.06	-
> AntiVir	7.9.0.240	2009.08.06	-
> Antiy-AVL	2.0.3.7	2009.08.05	-
> Authentium	5.1.2.4	2009.08.06	-
> Avast	4.8.1335.0	2009.08.06	-
> AVG	8.5.0.406	2009.08.06	-
> BitDefender	7.2	2009.08.07	-
> CAT-QuickHeal	10.00	2009.08.06	-
> ...


Additional information
File size: 1881 bytes
MD5...: a4be19704907b0c1c733697eb0553016
SHA1..: d57376f8a1110ab96a6e903341a82fff9f00bc8c
SHA256: d72cc17350fe4c78b37dfeb02b30ea39a22e6a3e505429ccff  435fc6fc549d97
ssdeep: 24:Wug+5+VXnI2879tLyIlfFu+8MRFnGplUl81qJjPGDbHpWFn  GplUl81qJjPGhy
9sH:Ng+5WT8/RJFGpWu0RuXQFGpWu0RuVgLi
PEiD..: -
TrID..: File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

File conf.php received on 2009.08.06 23:27:44 (UTC)
Current status: finished
Result: 1/41 (2.44%)



> a-squared	4.5.0.24	2009.08.06	-
> AhnLab-V3	5.0.0.2	2009.08.06	-
> AntiVir	7.9.0.240	2009.08.06	-
> Antiy-AVL	2.0.3.7	2009.08.05	-
> Authentium	5.1.2.4	2009.08.06	-
> Avast	4.8.1335.0	2009.08.06	-
> AVG	8.5.0.406	2009.08.06	-
> BitDefender	7.2	2009.08.07	-
> CAT-QuickHeal	10.00	2009.08.06	-
> ...


Additional information
File size: 14305 bytes
MD5...: 139f99f9b013e39a0d58d073ffb138df
SHA1..: a3d140357b66fe49be8088b47dde917752dc7fed
SHA256: d1c1dfa510a42d745137e27641eb3558edfaf741f7a8f8434d  b44c848d5c6b6d
ssdeep: 192://RIcQYaPAc4G8ycHmFHZjPg0H7QHYJHelEHDHMYcm0rexpHbgtT  9K911ZxF
AwOR:+xocf8yfDj4J5KvCns1PLjMmySWdOwFR
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

*Добавлено через 14 минут*

File 12345 received on 2009.08.06 23:42:55 (UTC)
Current status: finished
Result: 7/41 (17.08%)



> a-squared	4.5.0.24	2009.08.06	-
> AhnLab-V3	5.0.0.2	2009.08.06	-
> *AntiVir	7.9.0.240	2009.08.06	HTML/Infected.WebPage.Gen*
> Antiy-AVL	2.0.3.7	2009.08.05	-
> Authentium	5.1.2.4	2009.08.06	-
> Avast	4.8.1335.0	2009.08.06	-
> AVG	8.5.0.406	2009.08.06	-
> *BitDefender	7.2	2009.08.07	Trojan.JS.IFrame.ACM*
> CAT-QuickHeal	10.00	2009.08.06	-
> ...


Additional information
File size: 3576 bytes
MD5...: fd392a21cf8fa9ed0ebbd5a1780394ef
SHA1..: 7f1eda3a1d5e7ee511ec0d12583ce486eaf18cb9
SHA256: 29ad52546255df0264f9697470de50bdb81ee5d9b5f41e2f4b  93aef8009f15b5
ssdeep: 96:TsjE0GkRv1DMrA1B//Bu/tSJCmWVj7kI4:TPw4xma8
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

File 54321 received on 2009.08.06 23:43:02 (UTC)
Current status: finished
Result: 22/41 (53.66%)



> *a-squared	4.5.0.24	2009.08.06	Trojan-Downloader.JS.Psyme!IK*
> AhnLab-V3	5.0.0.2	2009.08.06	-
> *AntiVir	7.9.0.240	2009.08.06	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.05	-
> Authentium	5.1.2.4	2009.08.06	-
> *Avast	4.8.1335.0	2009.08.06	HTML:IFrame-BN*
> *AVG	8.5.0.406	2009.08.06	HTML/Framer*
> *BitDefender	7.2	2009.08.07	Trojan.JS.IFrame.ACM*
> CAT-QuickHeal	10.00	2009.08.06	-
> ...


Additional information
File size: 4869 bytes
MD5...: 1d937f1928fd7baa18ed30945411c7d7
SHA1..: 63b27b4ecade032625c0dba3719e51d14c8258d7
SHA256: ec65f4c6875add70548464d1e15a1e4721617fd6ced4609cbe  21ffe581251082
ssdeep: 96:62XlGH9VXADsKtoBf1q3qSxTwo85QSBOpxoRvPArh5ItUV4  CPwUo9KjM28nG6
4Cs:9XlGdVw1tqf1q3qSxTw3OpxoRgrh5CCD
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

File test.html received on 2009.08.06 23:43:09 (UTC)
Current status: finished
Result: 2/41 (4.88%)



> a-squared	4.5.0.24	2009.08.06	-
> AhnLab-V3	5.0.0.2	2009.08.06	-
> *AntiVir	7.9.0.240	2009.08.06	JS/Dldr.Agent.njv*
> Antiy-AVL	2.0.3.7	2009.08.05	-
> Authentium	5.1.2.4	2009.08.06	-
> Avast	4.8.1335.0	2009.08.06	-
> AVG	8.5.0.406	2009.08.06	-
> BitDefender	7.2	2009.08.07	-
> CAT-QuickHeal	10.00	2009.08.06	-
> ...


Additional information
File size: 3138 bytes
MD5...: 9f67e572e494317269489ce607a4e064
SHA1..: befc2278ab801f562e14e0739834a07091571e9a
SHA256: 494f44e540afee905d4fb7721f9002e23c1984e2075fef8cfc  107f68a2775b5a
ssdeep: 48:09WdkX3R1sBqhMkSyNAdIcG6WF6WDyO3xyL3jBXItSnSlya  6L:4+O3/q1te6W
F6W+O3xyBXItSnSlya6L
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Shu_b

File avz00006.dta received on 2009.08.07 11:04:57 (UTC)


```
Antivirus	Version	Last Update	Result
a-squared	4.5.0.24	2009.08.07	-
AhnLab-V3	5.0.0.2	2009.08.07	-
AntiVir	7.9.0.246	2009.08.07	-
Antiy-AVL	2.0.3.7	2009.08.07	-
Authentium	5.1.2.4	2009.08.07	-
Avast	4.8.1335.0	2009.08.06	-
AVG	8.5.0.406	2009.08.07	-
BitDefender	7.2	2009.08.07	-
CAT-QuickHeal	10.00	2009.08.07	-
ClamAV	0.94.1	2009.08.07	-
Comodo	1896	2009.08.07	-
DrWeb	5.0.0.12182	2009.08.07	-
eSafe	7.0.17.0	2009.08.06	-
eTrust-Vet	31.6.6662	2009.08.06	-
F-Prot	4.4.4.56	2009.08.07	-
F-Secure	8.0.14470.0	2009.08.07	-
Fortinet	3.120.0.0	2009.08.07	-
GData	19	2009.08.07	-
Ikarus	T3.1.1.64.0	2009.08.07	-
Jiangmin	11.0.800	2009.08.07	-
K7AntiVirus	7.10.812	2009.08.06	-
Kaspersky	7.0.0.125	2009.08.07	-
McAfee	5700	2009.08.06	-
McAfee+Artemis	5700	2009.08.06	-
McAfee-GW-Edition	6.8.5	2009.08.07	-
Microsoft	1.4903	2009.08.07	-
NOD32	4314	2009.08.07	a variant of Win32/LockScreen.AY
Norman	6.01.09	2009.08.07	-
nProtect	2009.1.8.0	2009.08.07	-
Panda	10.0.0.14	2009.08.06	-
PCTools	4.4.2.0	2009.08.06	-
Prevx	3.0	2009.08.07	-
Rising	21.41.43.00	2009.08.07	-
Sophos	4.44.0	2009.08.07	-
Sunbelt	3.2.1858.2	2009.08.07	-
Symantec	1.4.4.12	2009.08.07	-
TheHacker	6.3.4.3.377	2009.08.05	-
TrendMicro	8.950.0.1094	2009.08.07	-
VBA32	3.12.10.9	2009.08.07	-
ViRobot	2009.8.7.1873	2009.08.07	-
VirusBuster	4.6.5.0	2009.08.06	-
```

Additional information
File&nbsp;size: 406528 bytes
MD5&nbsp;&nbsp;&nbsp;: 2a5e2bf462b0b00cb1700b3072b4d9ee

----------


## valho

File n_1_.pdf received on 2009.08.07 12:05:50 (UTC)
Current status: finished
Result: 5/41 (12.2%)



> a-squared	4.5.0.24	2009.08.07	-
> AhnLab-V3	5.0.0.2	2009.08.07	-
> AntiVir	7.9.0.246	2009.08.07	-
> Antiy-AVL	2.0.3.7	2009.08.07	-
> Authentium	5.1.2.4	2009.08.07	-
> *Avast	4.8.1335.0	2009.08.06	JS:Packed-BV*
> AVG	8.5.0.406	2009.08.07	-
> *BitDefender	7.2	2009.08.07	JS.Obfuscated.Gen*
> CAT-QuickHeal	10.00	2009.08.07	-
> ...


Additional information
File size: 16260 bytes
MD5...: 9d06e3dc3645d0ba8dee44717fd64e51
SHA1..: 13ccefd919c56a3b95b9b06e661ca7445ae03abc
SHA256: b48a0523f311a5916ab5df67d7a5d04d199ebc0b650daf4e4c  2c9fe654365045
ssdeep: 384:jDJz4ULMxLYwa/7SOe9Q9nDeKC+spv/vtzdp5Ls4KdyMQx/Q0r6ySWeG:jDp
/uA/7SNyiKOVtr0mp
PEiD..: -
TrID..: File type identification
Adobe Portable Document Format (100.0%)
PEInfo: -
PDFiD.: PDF Header: %PDF-1.3
obj 6
endobj 6
stream 1
endstream 1
xref 1
trailer 1
startxref 1
/Page 1
/Encrypt 0
/ObjStm 0
/JS 1(1)
/JavaScript 1(1)
/AA 0
/OpenAction 1(1)
/AcroForm 0
/JBIG2Decode 0
/RichMedia 0
RDS...: NSRL Reference Data Set

File n_1_.htm received on 2009.08.07 12:13:29 (UTC)
Current status: finished
Result: 4/41 (9.76%)



> *a-squared	4.5.0.24	2009.08.07	Virus.JS.Packed.H!IK*
> AhnLab-V3	5.0.0.2	2009.08.07	-
> AntiVir	7.9.0.246	2009.08.07	-
> Antiy-AVL	2.0.3.7	2009.08.07	-
> Authentium	5.1.2.4	2009.08.07	-
> *Avast	4.8.1335.0	2009.08.06	JS:Packed-BV*
> AVG	8.5.0.406	2009.08.07	-
> BitDefender	7.2	2009.08.07	-
> CAT-QuickHeal	10.00	2009.08.07	-
> ...


Additional information
File size: 6215 bytes
MD5...: f1132074ccdb2675e8dab3d7895e3c60
SHA1..: 8cb4f528bd92ca25a1a155f5e8fdbe405dec1483
SHA256: 3e4a5abd5c2f9be75c437d8e1dae491d7b47f278ff0e20d6f9  842fe13a81f37a
ssdeep: 192:FD+ADJwIt6c+E6eq1bTBcYxkQxw6Q6rWOGgnDyFNx:FWcJ  6eq1SMtBBD4x
PEiD..: -
TrID..: File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
Украли название каталогов на диске D:\ 
:(

*Добавлено через 9 минут*

File in_1_.htm received on 2009.08.07 12:27:06 (UTC)
Current status: finished
Result: 4/41 (9.76%)



> *a-squared	4.5.0.24	2009.08.07	Virus.HTML.Framer!IK*
> AhnLab-V3	5.0.0.2	2009.08.07	-
> AntiVir	7.9.0.246	2009.08.07	-
> Antiy-AVL	2.0.3.7	2009.08.07	-
> Authentium	5.1.2.4	2009.08.07	-
> *Avast	4.8.1335.0	2009.08.06	HTML:Framer-inf*
> AVG	8.5.0.406	2009.08.07	-
> BitDefender	7.2	2009.08.07	-
> CAT-QuickHeal	10.00	2009.08.07	-
> ...


Additional information
File size: 93 bytes
MD5...: 34997809a927cdd2cc6061582e4bfe23
SHA1..: 336df54878b4f3af5f1b9a04358be62a9679c30b
SHA256: b4e3bbcd31a96c663404122645ad3b2879c9527708099a80b6  ac0ab763aa50ab
ssdeep: 3:qVZLE5jFHUi9hXGLZCLJuWK+cRH7ZVWA90Nu:qzLE5x0i9Bq  89LdyjWAB
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

*Добавлено через 3 минуты*

File n_1_ received on 2009.08.07 12:30:59 (UTC)
Current status: finished
Result: 2/41 (4.88%)



> a-squared	4.5.0.24	2009.08.07	-
> AhnLab-V3	5.0.0.2	2009.08.07	-
> AntiVir	7.9.0.246	2009.08.07	-
> Antiy-AVL	2.0.3.7	2009.08.07	-
> Authentium	5.1.2.4	2009.08.07	-
> *Avast	4.8.1335.0	2009.08.06	JS:Packed-BV*
> AVG	8.5.0.406	2009.08.07	-
> BitDefender	7.2	2009.08.07	-
> CAT-QuickHeal	10.00	2009.08.07	-
> ...


Additional information
File size: 12434 bytes
MD5...: b04b01b871be8643d6e1b7f2c75bda80
SHA1..: aaac83703200b68e4dfb70df834d6bd14c38314f
SHA256: 701320a039bd1ef1eaf7a7ff265d82678e099360fcefc5df09  c15dcd77cdc01b
ssdeep: 192:Jd60GqodVWSRRB/AgKEnybY2hRdVoWXMqbcYtPX24ZUFTc00IPTNArKtAZ:z
60no7RB7ybxqWBfzUSfAsr
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

----------


## valho

File PivimMiniInstall.exe received on 2009.08.08 11:20:56 (UTC)
Current status: finished
Result: 2/41 (4.88%)



> a-squared	4.5.0.24	2009.08.08	-
> AhnLab-V3	5.0.0.2	2009.08.07	-
> AntiVir	7.9.0.248	2009.08.07	-
> Antiy-AVL	2.0.3.7	2009.08.07	-
> Authentium	5.1.2.4	2009.08.07	-
> Avast	4.8.1335.0	2009.08.07	-
> AVG	8.5.0.406	2009.08.08	-
> BitDefender	7.2	2009.08.08	-
> CAT-QuickHeal	10.00	2009.08.08	-
> ...


Additional information
File size: 285696 bytes
MD5...: 38fbad70a6610a2555db2e4b1d2c34d5
SHA1..: ae9d919fe57d0588813c8a9252e4a4f93db3b7cd
SHA256: e5e189dcfc0e0f15b117ad30a702aa50b3d1cd8e8a229dbb19  7bdb9289081186
ssdeep: 6144:MsdFcFYy8XbFxrokvId2175zeeXrS4fEo:MpojvIdO5ze  eXrSF
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (38.5%)
Win32 EXE Yoda's Crypter (33.4%)
Win32 Executable Generic (10.7%)
Win32 Dynamic Link Library (generic) (9.5%)
Win16/32 Executable Delphi generic (2.6%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xa6ff0
timedatestamp.....: 0x49c2133f (Thu Mar 19 09:41:19 2009)
machinetype.......: 0x14c (I386)

----------


## valho

File casino.php received on 2009.08.09 18:54:41 (UTC)
Current status: finished
Result: 8/41 (19.52%)



> a-squared	4.5.0.24	2009.08.09	-
> AhnLab-V3	5.0.0.2	2009.08.08	-
> *AntiVir	7.9.0.248	2009.08.09	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.07	-
> Authentium	5.1.2.4	2009.08.09	-
> *Avast	4.8.1335.0	2009.08.08	HTML:IFrame-EZ*
> *AVG	8.5.0.406	2009.08.09	HTML/Framer.CB*
> *BitDefender	7.2	2009.08.09	Trojan.Script.126261*
> CAT-QuickHeal	10.00	2009.08.08	-
> ...


Additional information
File size: 29885 bytes
MD5...: 50283ac504205087e663d6024cda6df4
SHA1..: da8c3e7722d12978779954a9dc107acc2751e1be
SHA256: caa5980b1e0640cad0fc57774bee4501b5116a6a01bfb5abb0  318603a658a9fa
ssdeep: 384:rmHZmKqnZYHbajzX1iJwxoYJwxoYJwxoYJwxoYJwxoYJwx  oYJwxoYJwxoiHr
HrHS:+v70MJwNJwNJwNJwNJwNJwNJwNJww
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File 1.html received on 2009.08.09 18:59:28 (UTC)
Current status: finished
Result: 1/41 (2.44%)



> a-squared	4.5.0.24	2009.08.09	-
> AhnLab-V3	5.0.0.2	2009.08.08	-
> AntiVir	7.9.0.248	2009.08.09	-
> Antiy-AVL	2.0.3.7	2009.08.07	-
> Authentium	5.1.2.4	2009.08.09	-
> Avast	4.8.1335.0	2009.08.08	-
> AVG	8.5.0.406	2009.08.09	-
> BitDefender	7.2	2009.08.09	-
> CAT-QuickHeal	10.00	2009.08.08	-
> ...


Additional information
File size: 1942 bytes
MD5...: 4e0e2219f32f202d4f6f1eb8a4ce9b11
SHA1..: 4a12305f5f3ac3545e771a03b64682386878e90f
SHA256: 31b32a91999b9b837711901630aa07a8a0214bd592b17f5f46  d0e777bc30962c
ssdeep: 48:RHYFyTFqohgiesr1uJpFyTFqohgiesr1uJ6:ZeycohgieYe  ycohgieYj
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File conf.php received on 2009.08.09 18:59:40 (UTC)
Current status: finished
Result: 5/39 (12.83%)



> a-squared	4.5.0.24	2009.08.09	-
> AhnLab-V3	5.0.0.2	2009.08.08	-
> *AntiVir	7.9.0.248	2009.08.09	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.07	-
> Authentium	5.1.2.4	2009.08.09	-
> *Avast	4.8.1335.0	2009.08.08	HTML:IFrame-EZ*
> *AVG	8.5.0.406	2009.08.09	HTML/Framer.CB*
> BitDefender	7.2	2009.08.09	-
> CAT-QuickHeal	10.00	2009.08.08	-
> ...


Additional information
File size: 17836 bytes
MD5...: 9f614e7433e13297008c37ec09051f62
SHA1..: 315631097c8fbe500da2eebee546fec7c6686ca0
SHA256: df9bb5cd00f2de548d416ac68ee750a73d9d8ba0a00b00f34b  9b053d5d132d54
ssdeep: 384:+xocf8yfDj4J5KvCns1PLjMmySKHrHrHrHG/9:96EMKRmySb
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File curl.php received on 2009.08.09 18:59:49 (UTC)
Current status: finished
Result: 8/39 (20.52%)



> a-squared	4.5.0.24	2009.08.09	-
> AhnLab-V3	5.0.0.2	2009.08.08	-
> *AntiVir	7.9.0.248	2009.08.09	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.07	-
> Authentium	5.1.2.4	2009.08.09	-
> *Avast	4.8.1335.0	2009.08.08	HTML:IFrame-EZ*
> *AVG	8.5.0.406	2009.08.09	HTML/Framer.CB*
> *BitDefender	7.2	2009.08.09	Trojan.Script.126261*
> CAT-QuickHeal	10.00	2009.08.08	-
> ...


Additional information
File size: 21797 bytes
MD5...: 9c1b1a22c8a692448359d1aff61bd266
SHA1..: 4b30f35ae51ea02901f060a585a09344d952a550
SHA256: 4cfcf9b7a1e4be09d92456401219dbd4a20f941bab84a4a6da  3c2673d6148bd6
ssdeep: 384:UV0+s0POFmg2jlUrjQJwxoYJwxoYJwxoYJwxoYJwxoYJwx  oiHrHrHrHG/9:U
a+XPVgelUrjQJwNJwNJwNJwNJwNJww
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File ftp_check.php received on 2009.08.09 18:59:59 (UTC)
Current status: finished
Result: 5/41 (12.2%)



> a-squared	4.5.0.24	2009.08.09	-
> AhnLab-V3	5.0.0.2	2009.08.08	-
> *AntiVir	7.9.0.248	2009.08.09	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.07	-
> Authentium	5.1.2.4	2009.08.09	-
> *Avast	4.8.1335.0	2009.08.08	HTML:IFrame-EZ*
> *AVG	8.5.0.406	2009.08.09	HTML/Framer.CB*
> BitDefender	7.2	2009.08.09	-
> CAT-QuickHeal	10.00	2009.08.08	-
> ...


Additional information
File size: 28016 bytes
MD5...: 9eeda8948b52b6e48d8610ac41736d54
SHA1..: 12c1d0a3a4bb06153addc3012c807a5c9d71cba4
SHA256: 6d4f7ea888ddde90627fe9f0f44ccaf3464918dfd732d8acdd  19bfa91ad442a5
ssdeep: 768:96EM/MTXkafbXBKVB5Vws628VvxTFTeGP:ZGa7oVCs8Vv9YGP
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File googleanalyticsru.html received on 2009.08.09 19:00:02 (UTC)
Current status: finished
Result: 9/41 (21.96%)



> a-squared	4.5.0.24	2009.08.09	-
> AhnLab-V3	5.0.0.2	2009.08.08	-
> *AntiVir	7.9.0.248	2009.08.09	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.07	-
> Authentium	5.1.2.4	2009.08.09	-
> *Avast	4.8.1335.0	2009.08.08	HTML:IFrame-FX*
> *AVG	8.5.0.406	2009.08.09	HTML/Framer.CB*
> *BitDefender	7.2	2009.08.09	Trojan.Script.126261*
> CAT-QuickHeal	10.00	2009.08.08	-
> ...


Additional information
File size: 22133 bytes
MD5...: 3ebbac23c4b0d221a24375cd06f198c9
SHA1..: eaf7dfb84f3b9aecb44f74dd2c9a1756c8498d7c
SHA256: 25af917f917e2e2dcfc804c4eb66df727a59fade299005a2d0  aea903e33ac165
ssdeep: 384:MAFVrJwxoYJwxoYJwxoYJwxoYJwxoYJwxoYJwxoYJwxoiH  rHrHrHG/9:MA3J
wNJwNJwNJwNJwNJwNJwNJww
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File hifili2.php received on 2009.08.09 19:00:07 (UTC)
Current status: finished
Result: 12/41 (29.27%)



> *a-squared	4.5.0.24	2009.08.09	Backdoor.PHP.Agent!IK*
> AhnLab-V3	5.0.0.2	2009.08.08	-
> *AntiVir	7.9.0.248	2009.08.09	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.07	-
> Authentium	5.1.2.4	2009.08.09	-
> *Avast	4.8.1335.0	2009.08.08	HTML:IFrame-EZ*
> *AVG	8.5.0.406	2009.08.09	HTML/Framer.CB*
> *BitDefender	7.2	2009.08.09	Trojan.Script.126261*
> CAT-QuickHeal	10.00	2009.08.08	-
> ...


Additional information
File size: 23714 bytes
MD5...: 5f3fed663b64b6e091531346bb2a7288
SHA1..: fd83a01ae3cb58aa641ac19d58a4aea35d58a9bf
SHA256: 30ab1d0506dd8709cc9e396f1f9eb8fe8a93e637a1d275b46e  07340fe7c473f4
ssdeep: 384:PSiO/Orp8oAzMmuOizOFmg2jlUrjQJwxoYJwxoYJwxoYJwxoYJwxoYJ  wxoYJ
wxoo:PSiO/Orp8oAzMmuOiz/gelUrjQJwNJwc
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File htaccess.php received on 2009.08.09 19:00:12 (UTC)
Current status: finished
Result: 1/41 (2.44%)



> a-squared	4.5.0.24	2009.08.09	-
> AhnLab-V3	5.0.0.2	2009.08.08	-
> AntiVir	7.9.0.248	2009.08.09	-
> Antiy-AVL	2.0.3.7	2009.08.07	-
> Authentium	5.1.2.4	2009.08.09	-
> Avast	4.8.1335.0	2009.08.08	-
> *AVG	8.5.0.406	2009.08.09	PHP/BackDoor.AB*
> BitDefender	7.2	2009.08.09	-
> CAT-QuickHeal	10.00	2009.08.08	-
> ...


Additional information
File size: 83140 bytes
MD5...: 09ce93f06e2733c1d842f8a7c67c0d55
SHA1..: f3513a7fa2da02733f59898dd4e0795b3e477c9c
SHA256: dd7c327feab97b169c10179e24de0990264bc3755e9aad5505  2c4546b1c2d376
ssdeep: 1536:jQfl4ORQGmsPzCjvw9J6Ux+0PA6r4TRDVlpu9:jQfKWFm  O+UxntEFBvu9
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File rinder1.php received on 2009.08.09 19:00:15 (UTC)
Current status: finished
Result: 12/41 (29.27%)



> *a-squared	4.5.0.24	2009.08.09	Backdoor.PHP.Agent!IK*
> AhnLab-V3	5.0.0.2	2009.08.08	-
> *AntiVir	7.9.0.248	2009.08.09	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.07	-
> Authentium	5.1.2.4	2009.08.09	-
> *Avast	4.8.1335.0	2009.08.08	HTML:IFrame-EZ*
> *AVG	8.5.0.406	2009.08.09	HTML/Framer.CB*
> *BitDefender	7.2	2009.08.09	Trojan.Script.126261*
> CAT-QuickHeal	10.00	2009.08.08	-
> ...


Additional information
File size: 23714 bytes
MD5...: 4a7e5314dbcee1200cf71c07292ab9a3
SHA1..: a5e2361fa137dcb495e1ceb8e86ba7c6dd497f51
SHA256: 4ee1c83d4a0487a71ecf1b18d9d3840a8292fcc9ee96b2d81b  94d38e302cbb4c
ssdeep: 384:sSiO/Orp8oAzMRuOizOFAg2jlUrjQJwxoYJwxoYJwxoYJwxoYJwxoYJ  wxoYJ
wxoo:sSiO/Orp8oAzMRuOizNgelUrjQJwNJwc
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File under.html received on 2009.08.09 19:00:19 (UTC)
Current status: finished
Result: 8/41 (19.52%)



> a-squared	4.5.0.24	2009.08.09	-
> AhnLab-V3	5.0.0.2	2009.08.08	-
> *AntiVir	7.9.0.248	2009.08.09	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.07	-
> Authentium	5.1.2.4	2009.08.09	-
> *Avast	4.8.1335.0	2009.08.08	HTML:IFrame-EZ*
> *AVG	8.5.0.406	2009.08.09	HTML/Framer.CB*
> *BitDefender	7.2	2009.08.09	Trojan.Script.174722*
> CAT-QuickHeal	10.00	2009.08.08	-
> ...


Additional information
File size: 16462 bytes
MD5...: f18c2899ef00796700c25ff3b6f64edd
SHA1..: bf4e0d7fa04501cba06875d669c24a783abc48ea
SHA256: 6bf30cb1259cd717bf24d08547c1f57a9073450462bbc5c6a1  511359f7558e65
ssdeep: 192:ND4eCWIv1sNl5NwkpRigrjAsKQR9wQR9MU2AJPd8N1kUu8  N1kUpIieYj:Nce
CWIdsNl5ukD923AJFHrHG9
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File xxx.php received on 2009.08.09 19:00:22 (UTC)
Current status: finished
Result: 9/40 (22.5%)



> a-squared	4.5.0.24	2009.08.09	-
> AhnLab-V3	5.0.0.2	2009.08.08	-
> *AntiVir	7.9.0.248	2009.08.09	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.07	-
> Authentium	5.1.2.4	2009.08.09	-
> *Avast	4.8.1335.0	2009.08.08	HTML:IFrame-EZ*
> *AVG	8.5.0.406	2009.08.09	HTML/Framer.CB*
> *BitDefender	7.2	2009.08.09	Trojan.Script.126261*
> CAT-QuickHeal	10.00	2009.08.08	-
> ...


Additional information
File size: 18745 bytes
MD5...: 8116498557c4fcbee23caf7a3ffecd2f
SHA1..: b20d6a102780bccfb73e6b9967aa88412fd53b18
SHA256: cf3eda1e00e4eba9145c3171c4cd290a19c859cbb771cd38e8  e2e57b8bd99dfa
ssdeep: 384:TsJwxoYJwxoYJwxoYJwxoYJwxoYJwxoYJwxoiHrHrHrHG/9:TsJwNJwNJwNJ
wNJwNJwNJww
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File zenis2e.php received on 2009.08.09 19:00:25 (UTC)
Current status: finished
Result: 12/40 (30%)



> *a-squared	4.5.0.24	2009.08.09	Backdoor.PHP.Agent!IK*
> AhnLab-V3	5.0.0.2	2009.08.08	-
> *AntiVir	7.9.0.248	2009.08.09	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.07	-
> Authentium	5.1.2.4	2009.08.09	-
> *Avast	4.8.1335.0	2009.08.08	HTML:IFrame-EZ*
> *AVG	8.5.0.406	2009.08.09	HTML/Framer.CB*
> *BitDefender	7.2	2009.08.09	Trojan.Script.126261*
> CAT-QuickHeal	10.00	2009.08.08	-
> ...


Additional information
File size: 23714 bytes
MD5...: dcc13ba35e4ec2161d588a8dead05311
SHA1..: 179d0a5cc95104d6754f380cfc4a244b2dcde23b
SHA256: 77884187d53097f0e5c726dbb191aa3f9b92faf3b512d4213d  eadbf199f06552
ssdeep: 384:SSiO/Orp8oAzMeuOizOFRg2jlUrjQJwxoYJwxoYJwxoYJwxoYJwxoYJ  wxoYJ
wxoo:SSiO/Orp8oAzMeuOizUgelUrjQJwNJwc
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

----------


## valho

Это не ложное срабатывание
File boxedrecipes received on 2009.08.10 19:34:23 (UTC)
Current status: finished
Result: 2/41 (4.88%)



> a-squared	4.5.0.24	2009.08.10	-
> AhnLab-V3	5.0.0.2	2009.08.10	-
> *AntiVir	7.9.0.248	2009.08.10	HEUR/HTML.Malware*
> Antiy-AVL	2.0.3.7	2009.08.10	-
> Authentium	5.1.2.4	2009.08.09	-
> Avast	4.8.1335.0	2009.08.10	-
> AVG	8.5.0.406	2009.08.10	-
> BitDefender	7.2	2009.08.10	-
> CAT-QuickHeal	10.00	2009.08.10	-
> ...


Additional information
File size: 9527 bytes
MD5...: f956120e95bf42c42b30ff52ef82def9
SHA1..: 69f7ee5e68d74cb87a4e32dd0aabec25f228b9a4
SHA256: 203296b914bbe04ccf39084daae0d6e6e44722639e942f4521  bff73dccd5cf4c
ssdeep: 192:iLzV3Jpi3dSN01S0KdLnz0h5E15+fO/C+iRC+JdS1xGy2:iN3XiNonz9KfOK
9EodS1UV
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

----------


## senyak

Файл VK.rar получен 2009.08.10 21:04:35 (UTC)
Текущий статус: закончено
Результат: 13/40 (32.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.10	Trojan.BAT.Agent!IK*
> AhnLab-V3	5.0.0.2	2009.08.10	-
> AntiVir	7.9.0.248	2009.08.10	-
> Antiy-AVL	2.0.3.7	2009.08.10	-
> Authentium	5.1.2.4	2009.08.10	-
> Avast	4.8.1335.0	2009.08.10	-
> AVG	8.5.0.406	2009.08.10	-
> BitDefender	7.2	2009.08.10	-
> ...


Дополнительная информация
File size: 17114 bytes
MD5...: a5ac97253bab1e3986992b68ade2d3bd
SHA1..: f670f88a6f47259145db659d8cc16dfeeedaebb0
SHA256: b45f71cd1ffa30bf4a7947433121cc2bfdcc54ee717aa0dfb6  85910423ba2ac4
ssdeep: 384:E0GzagWk8MiWhCiIi5C8zdoiStaHdgvLRZotKyxs4JizlU  PJoG0sz:E0DgWk
8Mv8ydoil9gv9oKyHxxoFsz
PEiD..: -
TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (Kaspersky): UPX
packers (F-Prot): embedded, UPX_LZMA

http://www.virustotal.com/ru/analisi...ac4-1249938275

----------


## ALEX(XX)

очередное пандо
Файл sdra64.exe получен 2009.08.11 06:08:31 (UTC)


```
Антивирус    Версия    Обновление    Результат
a-squared    4.5.0.24    2009.08.11    -
AhnLab-V3    5.0.0.2    2009.08.11    -
AntiVir    7.9.0.248    2009.08.10    TR/Dropper.Gen
Antiy-AVL    2.0.3.7    2009.08.11    -
Authentium    5.1.2.4    2009.08.11    -
Avast    4.8.1335.0    2009.08.10    -
AVG    8.5.0.406    2009.08.10    FakeAlert.LW
BitDefender    7.2    2009.08.11    -
CAT-QuickHeal    10.00    2009.08.11    -
ClamAV    0.94.1    2009.08.10    -
Comodo    1938    2009.08.11    -
DrWeb    5.0.0.12182    2009.08.11    -
eSafe    7.0.17.0    2009.08.10    -
eTrust-Vet    31.6.6670    2009.08.10    -
F-Prot    4.4.4.56    2009.08.10    -
F-Secure    8.0.14470.0    2009.08.10    -
Fortinet    3.120.0.0    2009.08.11    -
GData    19    2009.08.11    -
Ikarus    T3.1.1.64.0    2009.08.11    -
Jiangmin    11.0.800    2009.08.10    -
K7AntiVirus    7.10.815    2009.08.10    -
Kaspersky    7.0.0.125    2009.08.11    Trojan-Spy.Win32.Zbot.aacg
McAfee    5705    2009.08.10    -
McAfee+Artemis    5705    2009.08.10    -
McAfee-GW-Edition    6.8.5    2009.08.10    Trojan.Dropper.Gen
Microsoft    1.4903    2009.08.10    PWS:Win32/Zbot.PG
NOD32    4324    2009.08.11    -
Norman    6.01.09    2009.08.10    -
nProtect    2009.1.8.0    2009.08.11    -
Panda    10.0.0.14    2009.08.10    -
PCTools    4.4.2.0    2009.08.10    -
Prevx    3.0    2009.08.11    -
Rising    21.42.10.00    2009.08.11    Unknown Win32 Virus
Sophos    4.44.0    2009.08.11    Mal/BredoPk-B
Sunbelt    3.2.1858.2    2009.08.11    Trojan-Downloader.Win32.Bredolab.x (v)
Symantec    1.4.4.12    2009.08.11    -
TheHacker    6.3.4.3.380    2009.08.11    -
TrendMicro    8.950.0.1094    2009.08.11    -
VBA32    3.12.10.9    2009.08.10    -
ViRobot    2009.8.11.1878    2009.08.11    -
VirusBuster    4.6.5.0    2009.08.10    -

Дополнительная информация
File&nbsp;size: 458752 bytes
MD5&nbsp;&nbsp;&nbsp;: a0edc08552c1a53ac3d0932e102f80c4
SHA1&nbsp;&nbsp;: 0b16a02f43a472cd2d547b548a94f9c4e8ef0ac9
SHA256: ec84d000e490df3301f07a0176b281e0878187a0748da47f037309d9980ff143
PEInfo: PE Structure information<br>    <br>    ( base data )<br>    entrypointaddress.: 0x172D2<br>    timedatestamp.....: 0x487D2B3C (Wed Jul 16 00:57:00 2008)<br>    machinetype.......: 0x14C (Intel I386)<br>    <br>    ( 3 sections )<br>    name viradd virsiz rawdsiz ntrpy md5<br>    .text 0x1000 0x19000 0x18E00 5.94 d2ddd11b5a13ce478a1a2e7843aac8f2<br>.rdata 0x1A000 0x1000 0xE00 4.90 0d4d1e52b63a4b3025bb8d424c87cdf2<br>.rsrc 0x1B000 0x1000 0x400 2.71 654901af9774ee40de8b8f213a508432<br>    <br>    ( 2 imports )<br>    <br>&gt; kernel32.dll: VirtualProtect, GetVersionExA, GetModuleFileNameA, FreeLibrary, CreateThread, lstrcmpiW, DeleteCriticalSection, VirtualAlloc, InitializeCriticalSection, GetModuleHandleA, SetLastError, InterlockedExchange, InterlockedIncrement, CreateThread, QueryPerformanceCounter, LoadLibraryA, InitializeCriticalSection, CreateThread, VirtualProtect, DeleteCriticalSection, GetModuleFileNameA, InterlockedDecrement, VirtualProtect, Sleep, GetModuleHandleW, VirtualProtect, LoadLibraryW, CloseHandle, EnterCriticalSection, QueryPerformanceCounter, UnhandledExceptionFilter, GetCurrentThreadId, CreateThread, HeapFree, EnterCriticalSection, CreateFileW, HeapAlloc, CreateThread, MultiByteToWideChar, HeapAlloc, DeleteCriticalSection, GetLastError, GetCurrentThreadId, GetModuleHandleW, InterlockedIncrement, GetModuleHandleA, SetLastError, InterlockedExchange, UnhandledExceptionFilter, EnterCriticalSection, VirtualAlloc, VirtualProtect, GetTickCount, CreateEventW, HeapFree, lstrcmpiW, GetSystemTimeAsFileTime, SetLastError, GetSystemTimeAsFileTime, HeapFree, HeapFree, LoadLibraryA<br>&gt; user32.dll: CreateWindowExW, SendDlgItemMessageW, PostQuitMessage, LoadCursorW, DispatchMessageW, wsprintfA, EndDialog, SendDlgItemMessageW, ShowWindow, LoadIconW, GetWindowLongW, GetWindowLongW, GetClientRect, BeginPaint, LoadStringW, SetWindowLongW, LoadStringW, ReleaseDC, PostMessageW, IsWindow, EndPaint, SetTimer, CreateWindowExW, SetForegroundWindow, SendMessageW, SetWindowTextW, wsprintfA, LoadIconW, CreateWindowExW, SetWindowLongW, LoadIconW, GetFocus, LoadCursorW, ShowWindow, SetWindowPos, SetForegroundWindow, EndPaint, DispatchMessageW, GetParent, LoadStringW, DispatchMessageW, LoadCursorW, SendMessageW, EnableWindow, SetCursor, SetWindowPos, GetDesktopWindow, GetWindowLongW, SetWindowTextW, InvalidateRect, GetFocus, CharNextW, CreateWindowExW, DefWindowProcW, CharNextW, GetSysColor, GetFocus, DefWindowProcW, GetDC, SendDlgItemMessageW, CharNextW, CreateWindowExW, GetSystemMetrics, SendDlgItemMessageW, MessageBoxW, DestroyWindow, PostMessageW, TranslateMessage, SetForegroundWindow, PeekMessageW<br>    <br>    ( 0 exports )<br>    
TrID&nbsp;&nbsp;: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 6144:HQUUvgSyiklE7v0jOyRhr9+r2Q+cfwWGb8ByDQ7NsOdPNleJd:HEEiT0jOyRhZmTlUDANsnJd
PEiD&nbsp;&nbsp;: -
RDS&nbsp;&nbsp;&nbsp;: NSRL Reference Data Set<br>-
```

----------


## senyak

Это все было в моем сельсовете  :Shocked:  Это все там и осталось  :Cheesy: 

Файл avz00001.dta получен 2009.08.11 12:07:41 (UTC)
Текущий статус: закончено
Результат: 14/41 (34.15%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.08.11	-
> AhnLab-V3	5.0.0.2	2009.08.11	-
> *AntiVir	7.9.0.248	2009.08.11	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2009.08.11	-
> Authentium	5.1.2.4	2009.08.11	-
> Avast	4.8.1335.0	2009.08.10	-
> AVG	8.5.0.406	2009.08.11	-
> *BitDefender	7.2	2009.08.11	Trojan.FakeAv.OT*
> ...


Дополнительная информация
File size: 708666 bytes
MD5...: e29f12b00cb94f48a507a8f41ee20391
SHA1..: cdcfb115b7dfb354368bb4e3948c9823ded07298
SHA256: f960a5f8b86fd357e0a44ae685bae08ae9d3ebd8a3f9bec560  4fcc81a7d3f146
ssdeep: 12288:shmExIsZ79wE7PUo/uP+isheAbp0S1e7ACuQH6ZbESJU98v7:NE2qSuplp
0S1et3GbzCw7
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...146-1249992461




Файл avz00002.dta получен 2009.08.11 12:07:33 (UTC)
Текущий статус: закончено
Результат: 23/41 (56.1%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.11	Gen.Win32!IK*
> AhnLab-V3	5.0.0.2	2009.08.11	-
> *AntiVir	7.9.0.248	2009.08.11	TR/Crypt.ZPACK.Gen*
> Antiy-AVL	2.0.3.7	2009.08.11	-
> Authentium	5.1.2.4	2009.08.11	-
> *Avast	4.8.1335.0	2009.08.10	Win32:Sality
> AVG	8.5.0.406	2009.08.11	Win32/Heur
> BitDefender	7.2	2009.08.11	Gen:Win32.Sality.Dam
> ...


Дополнительная информация
File size: 110592 bytes
MD5...: 9c90148ade85235638250dbc2b94fa82
SHA1..: 56de25ebaab6d07dcffb56d77ea0b8e91f5396d2
SHA256: 9bd75793523ce079eeb854306c1689d4729ebb467b5f369f80  5828848a07315b
ssdeep: 3072:YrIz4tSbwoF1j5xC8CDz+DLM4zSxcnJiHdwCt0v2F1mtZ  W:YrQwo1khDCDL
M4zfnU2M0eCrW
PEiD..: -
TrID..: File type identification
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...15b-1249992453




Файл avz.exe получен 2009.08.11 12:07:40 (UTC)
Текущий статус: закончено
Результат: 17/41 (41.47%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.11	Virus.Win32.Virut!IK*
> AhnLab-V3	5.0.0.2	2009.08.11	-
> *AntiVir	7.9.0.248	2009.08.11	W32/Virut.Gen*
> Antiy-AVL	2.0.3.7	2009.08.11	-
> Authentium	5.1.2.4	2009.08.11	-
> *Avast	4.8.1335.0	2009.08.10	Win32:Vitro
> AVG	8.5.0.406	2009.08.11	Win32/Virut*
> BitDefender	7.2	2009.08.11	-
> ...


Дополнительная информация
File size: 756736 bytes
MD5...: ac841553c785139c05f0c9729d1083e1
SHA1..: f83688de87f96ae4f243a64a238bf8e19b4cad3d
SHA256: 0030935072726e61d403a4d71c2da3e1400bd73691c267544d  67ebcfdca23e31
ssdeep: 12288:SiOpgP8Dom/fzLqUP9XoW7VypyI6L9QQp+nE16ZQmReJ7LBiXW9fB5N:SP
pg0ksfN9XH7kpQpMA6ZteJRio5N
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...e31-1249992460




Файл avz00012.dta получен 2009.08.11 12:12:37 (UTC)
Текущий статус: закончено
Результат: 8/41 (19.52%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.11	Trojan.Win32.Smardf!IK*
> AhnLab-V3	5.0.0.2	2009.08.11	-
> *AntiVir	7.9.0.248	2009.08.11	DR/Delphi.Gen*
> Antiy-AVL	2.0.3.7	2009.08.11	-
> Authentium	5.1.2.4	2009.08.11	-
> Avast	4.8.1335.0	2009.08.10	-
> AVG	8.5.0.406	2009.08.11	-
> BitDefender	7.2	2009.08.11	-
> ...


Дополнительная информация
File size: 124416 bytes
MD5...: 33508d9ebc8cf3c04dc2b310027f28a5
SHA1..: 6416dfb7bdf8588b2f3b1c58be098b345cc7a048
SHA256: faf58e0a62a38e9f2cd77811d9a5806fd2e69099f38bca8b6f  f137c660144530
ssdeep: 1536:wIq+E53FXSNRPV+w8hcqLNhrgIvNSFC/6MIvcg9BkQmwTvaDTfNWtHiG7E9
6RXUg :Stick Out Tongue: aFCNRPV+wycOSFNmwTvaDUHFELS9xcC
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...530-1249992757

----------


## valho

File ey.js received on 2009.08.12 02:51:17 (UTC)
Current status: finished
Result: 13/41 (31.71%)



> a-squared	4.5.0.24	2009.08.12	-
> AhnLab-V3	5.0.0.2	2009.08.11	-
> *AntiVir	7.9.1.0	2009.08.11	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.11	-
> Authentium	5.1.2.4	2009.08.12	-
> *Avast	4.8.1335.0	2009.08.11	JS:Redirector-H7*
> AVG	8.5.0.406	2009.08.12	-
> BitDefender	7.2	2009.08.12	-
> CAT-QuickHeal	10.00	2009.08.11	-
> ...


Additional information
File size: 2766 bytes
MD5...: d963565b1dbb10b354a309df74603292
SHA1..: 449a8352f21257d8cefec9f974a7dd10fa2c94b4
SHA256: fc53ffb981ce44a55a08dd6c7b5d5ac996335dc0a5bca6fb52  1517f4e2653a5d
ssdeep: 48:qHfHB0VrKxHhSWHzbHNjRHg9BHJhPHIHlHGHwT5s68/rW4lkal:8vB0EBhSAz
jNjhg9xJh/6dQw9s68/HCy
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File glupoe.htm received on 2009.08.12 02:51:29 (UTC)
Current status: finished
Result: 11/41 (26.83%)



> a-squared	4.5.0.24	2009.08.12	-
> AhnLab-V3	5.0.0.2	2009.08.11	-
> *AntiVir	7.9.1.0	2009.08.11	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.11	-
> Authentium	5.1.2.4	2009.08.12	-
> *Avast	4.8.1335.0	2009.08.11	HTML:IFrame-FG*
> *AVG	8.5.0.406	2009.08.12	JS/Downloader.Agent*
> BitDefender	7.2	2009.08.12	-
> CAT-QuickHeal	10.00	2009.08.11	-
> ...


Additional information
File size: 979 bytes
MD5...: 808d85bc894ccb50e10139649d2a7151
SHA1..: c1c43e0ebcd5a4fb0b23ffb9ea96c5471fb40742
SHA256: 6d14ca48ff0b9ca3da13832c1102f11341fbb18f32ec34c7af  e5c1876e399738
ssdeep: 12:COeqJmrL9vBCYJU4X9qPf9QBLEHL+REkPwIHMU80Wk5XWvr  RH8SojLZVIcsvg
b:CmC9vBF1X9of9oLN520Wk5cenP8Yb
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File gmail.htm received on 2009.08.12 02:51:33 (UTC)
Current status: finished
Result: 3/41 (7.32%)



> a-squared	4.5.0.24	2009.08.12	-
> AhnLab-V3	5.0.0.2	2009.08.11	-
> AntiVir	7.9.1.0	2009.08.11	-
> Antiy-AVL	2.0.3.7	2009.08.11	-
> Authentium	5.1.2.4	2009.08.12	-
> Avast	4.8.1335.0	2009.08.11	-
> AVG	8.5.0.406	2009.08.12	-
> *BitDefender	7.2	2009.08.12	Trojan.Script.10715*
> CAT-QuickHeal	10.00	2009.08.11	-
> ...


Additional information
File size: 5110 bytes
MD5...: 752f9cd890981a8d92e4c019bd6246c0
SHA1..: f114c9c85141d830a96bdaf057acfa4058df3e32
SHA256: bf3a1392053c57b41d87d5f077fff883b5dc485d312d5743f4  ba32e0d0fe1f12
ssdeep: 96:VJzGJRYHX6SKwbZF11xZbOZwMDKPWUfKyAKjZpaVkOUPBfK  yAKjZpaVYScF8:
VZSYHX6SKOjOSWVGjZpuU8GjZpacF8
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File pechal-naya.htm received on 2009.08.12 02:52:37 (UTC)
Current status: finished
Result: 10/41 (24.4%)



> a-squared	4.5.0.24	2009.08.12	-
> AhnLab-V3	5.0.0.2	2009.08.11	-
> *AntiVir	7.9.1.0	2009.08.11	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.11	-
> Authentium	5.1.2.4	2009.08.12	-
> *Avast	4.8.1335.0	2009.08.11	HTML:IFrame-FG*
> *AVG	8.5.0.406	2009.08.12	JS/Downloader.Agent*
> BitDefender	7.2	2009.08.12	-
> CAT-QuickHeal	10.00	2009.08.11	-
> ...


Additional information
File size: 1581 bytes
MD5...: afa0df5f240682c62f54c84fe6323754
SHA1..: 08b2b4957d5d7cf9c5aa40d7a059a1d2325a7cf9
SHA256: 117f3cf08a6c4a632fb6b27e4ff4aca92f29bfeb33569cdca9  0e7fd4395e137f
ssdeep: 24:CNRRdnEtLyGVyNERRFNVRRPRRCN3RRPVB0i4YnjN3wd6CC8  R90Wk5cenFE8Yb
:glRGVcEXVbM3fV3CT90Wk5cenFs
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File TSepey.htm received on 2009.08.12 02:53:14 (UTC)
Current status: finished
Result: 14/41 (34.15%)



> a-squared	4.5.0.24	2009.08.12	-
> AhnLab-V3	5.0.0.2	2009.08.11	-
> *AntiVir	7.9.1.0	2009.08.11	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.11	-
> Authentium	5.1.2.4	2009.08.12	-
> *Avast	4.8.1335.0	2009.08.11	HTML:IFrame-FG*
> *AVG	8.5.0.406	2009.08.12	JS/Downloader.Agent*
> *BitDefender	7.2	2009.08.12	Trojan.IFrame.DD*
> CAT-QuickHeal	10.00	2009.08.11	-
> ...


Additional information
File size: 819 bytes
MD5...: 4ff723787eec5a99c47891d480c4439c
SHA1..: 2c5742b1e6186333012c0b8a85446aee240ce18d
SHA256: 1e0c3fee9ea45036ace417b5922678e9999b145b1a0fdd4f53  932734951281ed
ssdeep: 12:3wEJsXbotYoCpXm8BX4YmUSHWWYmHi7mM+JwmLdqIvmmewn  pCXu080Wk5XWvr
RHS:niX0KX4x2M5p9eHXG0Wk5cenyYb
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File usage.php received on 2009.08.12 02:53:21 (UTC)
Current status: finished
Result: 3/40 (7.5%)



> a-squared	4.5.0.24	2009.08.12	-
> AhnLab-V3	5.0.0.2	2009.08.11	-
> AntiVir	7.9.1.0	2009.08.11	-
> *Antiy-AVL	2.0.3.7	2009.08.11	Trojan/Linux.Prl*
> Authentium	5.1.2.4	2009.08.12	-
> Avast	4.8.1335.0	2009.08.11	-
> AVG	8.5.0.406	2009.08.12	-
> BitDefender	7.2	2009.08.12	-
> CAT-QuickHeal	10.00	2009.08.11	-
> ...


Additional information
File size: 31634 bytes
MD5...: e0d4b54d790d14f82e9516860a1998bf
SHA1..: bc6557beff41f4f56008520a542aa4295ecf3a5f
SHA256: d082812e6c9ef66bd1bd9f7cf45483a9a990c5782bc96e5c0c  0f6b373fbeb1bb
ssdeep: 768:TPUB30rcBMf5ko00FvLicmc5rCtBsDm8FUhcRleaC44otb  :TUd0gGvFvLiC5
rCXsDmg1RleXTC
PEiD..: -
TrID..: File type identification
ELF Executable and Linkable format (generic) (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File vnyat.htm received on 2009.08.12 02:53:24 (UTC)
Current status: finished
Result: 13/41 (31.71%)



> a-squared	4.5.0.24	2009.08.12	-
> AhnLab-V3	5.0.0.2	2009.08.11	-
> *AntiVir	7.9.1.0	2009.08.11	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.11	-
> Authentium	5.1.2.4	2009.08.12	-
> *Avast	4.8.1335.0	2009.08.11	HTML:IFrame-FG*
> *AVG	8.5.0.406	2009.08.12	JS/Downloader.Agent*
> BitDefender	7.2	2009.08.12	-
> CAT-QuickHeal	10.00	2009.08.11	-
> ...


Additional information
File size: 2655 bytes
MD5...: c0834d65c23ca005ab9263d908dc4d6c
SHA1..: c74dce0106b6d40ab8256c85cfa35de6edb3be1e
SHA256: b7099557ba119e10338367a488a08c208693e44d400f66d5e6  0ce7ee2b217d26
ssdeep: 48:glRGVcEXVbM37lN33eWnnzp3+t+60Wk5ceneS:FcwWnzsmp  neS
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

*Добавлено через 1 час 18 минут*

File install.exe received on 2009.08.12 04:20:48 (UTC)
Current status: finished
Result: 5/41 (12.2%)



> a-squared	4.5.0.24	2009.08.12	-
> AhnLab-V3	5.0.0.2	2009.08.11	-
> AntiVir	7.9.1.0	2009.08.11	-
> Antiy-AVL	2.0.3.7	2009.08.12	-
> Authentium	5.1.2.4	2009.08.12	-
> Avast	4.8.1335.0	2009.08.11	-
> *AVG	8.5.0.406	2009.08.12	Downloader.Generic8.BEKZ*
> BitDefender	7.2	2009.08.12	-
> CAT-QuickHeal	10.00	2009.08.12	-
> ...


Additional information
File size: 534773 bytes
MD5...: 9ce4cc68d579428db7670ec9d69d780a
SHA1..: b19191c6e64fb599523014a50b18fc1adf668cc4
SHA256: c998f4989f9820415fdc77cfc82717d684d78d8f2c509d4678  fbd5d6c9150f69
ssdeep: 12288:zeTfTY/bO18VVhckZzyDaI0J9fMAJsyIKBnNzlEXSst1:ArKOOV3ckZm+  p
EAdIKBNzlsSw
PEiD..: BobSoft Mini Delphi -> BoB / BobSoft
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x6b834
timedatestamp.....: 0x4a5caa12 (Tue Jul 14 15:53:54 2009)
machinetype.......: 0x14c (I386)
Prevx info: http://info.prevx.com/aboutprogramte...512700976D7FF5

----------


## byrik

Файл CORELDRW.EXE получен 2009.08.12 06:18:26 (UTC)
Текущий статус: закончено
Результат: 24/41 (58.54%)



> Антивирус 	Версия 	Обновление 	Результат
> *a-squared 	4.5.0.24 	2009.08.12 	Virus.Win32.Virut!IK*
> AhnLab-V3 	5.0.0.2 	2009.08.11 	-
> *AntiVir 	7.9.1.0 	2009.08.11 	W32/Virut.Gen*
> Antiy-AVL 	2.0.3.7 	2009.08.12 	-
> *Authentium 	5.1.2.4 	2009.08.12 	W32/Virut.AI!Generic*
> Avast 	4.8.1335.0 	2009.08.11 	-
> *AVG 	8.5.0.406 	2009.08.12 	Win32/Virut*
> *BitDefender 	7.2 	2009.08.12 	Win32.Virtob.Gen.12*
> ...


Дополнительная информация
File size: 217088 bytes
MD5   : a15c187553cfe51c326d350690db2e04
SHA1  : a1c0255cc7f19e91d4ea68bf3d922a66616aec45
SHA256: 27174347e1fbca38576f979135cd18212767f7d2cce5aa988d  38c368b4ae4c9d
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x534D
timedatestamp.....: 0x3FCED9B6 (Thu Dec 4 07:52:38 2003)
machinetype.......: 0x14C (Intel I386)

----------


## ISO

Файл new1.exe получен 2009.08.12 07:01:39 (UTC)
Результат: 21/41 (51.22%)



```
Антивирус 	Версия 	Обновление 	Результат
a-squared	4.5.0.24	2009.08.12	P2P-Worm.Win32.Palevo!IK
AhnLab-V3	5.0.0.2	2009.08.11	Win-Trojan/Buzus.37376.AD
AntiVir	7.9.1.0	2009.08.11	-
Antiy-AVL	2.0.3.7	2009.08.12	Trojan/Win32.Buzus.gen
Authentium	5.1.2.4	2009.08.12	W32/Palevo.A.gen!Eldorado
Avast	4.8.1335.0	2009.08.11	Win32:Delf-MKW
AVG	8.5.0.406	2009.08.12	-
BitDefender	7.2	2009.08.12	Backdoor.IRCBot.ACTN
CAT-QuickHeal	10.00	2009.08.12	-
ClamAV	0.94.1	2009.08.12	-
Comodo	1951	2009.08.12	TrojWare.Win32.Trojan.Delf.~T
DrWeb	5.0.0.12182	2009.08.12	Trojan.Flood.22022
eSafe	7.0.17.0	2009.08.11	Win32.TrjBuzus.Ha
eTrust-Vet	31.6.6672	2009.08.11	-
F-Prot	4.4.4.56	2009.08.11	W32/Palevo.A.gen!Eldorado
F-Secure	8.0.14470.0	2009.08.12	-
Fortinet	3.120.0.0	2009.08.12	PossibleThreat
GData	19	2009.08.12	Backdoor.IRCBot.ACTN
Ikarus	T3.1.1.64.0	2009.08.12	P2P-Worm.Win32.Palevo
Jiangmin	11.0.800	2009.08.12	-
K7AntiVirus	7.10.816	2009.08.11	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2009.08.12	-
McAfee	5706	2009.08.11	-
McAfee+Artemis	5706	2009.08.11	-
McAfee-GW-Edition	6.8.5	2009.08.11	-
Microsoft	1.4903	2009.08.12	Worm:Win32/Hamweq.A
NOD32	4327	2009.08.11	a variant of Win32/Injector.VW
Norman	6.01.09	2009.08.11	-
nProtect	2009.1.8.0	2009.08.12	Trojan/W32.Agent.37376.DG
Panda	10.0.0.14	2009.08.11	Trj/Buzus.HA
PCTools	4.4.2.0	2009.08.11	-
Prevx	3.0	2009.08.12	-
Rising	21.42.20.00	2009.08.12	Worm.Win32.DownLoader.ic
Sophos	4.44.0	2009.08.12	-
Sunbelt	3.2.1858.2	2009.08.12	-
Symantec	1.4.4.12	2009.08.12	Suspicious.MH690.A
TheHacker	6.3.4.3.381	2009.08.11	-
TrendMicro	8.950.0.1094	2009.08.12	-
VBA32	3.12.10.9	2009.08.12	Trojan.Win32.Buzus.brxz
ViRobot	2009.8.12.1880	2009.08.12	-
VirusBuster	4.6.5.0	2009.08.11	-
```

Дополнительная информация
File size: 37376 bytes
MD5...: d52d7b632dec3a89bc96a91b506dfa7e
SHA1..: 0f8b0b0258548ee0b04fd2e6fa516abf1f3ca5b3
SHA256: 2f31696cd9938d12b3cd436828faa5499790fed4d535158eb9  0e6a71dea0a4d4
ssdeep: 384:jqyuzDkUySFy8yoXVbft55r74rr7JPy+DQtlawEAzyvvZQ  tdogXr+giT2p2B
azXw:jAM8yoXV7T5rM4Gw5yvvEj7mPBazXw3
PEiD..: -

 Файл svchos.exe получен 2009.08.12 07:11:18 (UTC)
Текущий статус: закончено
Результат: 20/40 (50.00%)



```
Антивирус 	Версия 	Обновление 	Результат
a-squared 	4.5.0.24 	2009.08.12 	Trojan.Win32.Refroso!IK
AhnLab-V3 	5.0.0.2 	2009.08.11 	-
AntiVir 	7.9.1.0 	2009.08.11 	-
Antiy-AVL 	2.0.3.7 	2009.08.12 	Worm/Win32.Carrier.gen
Authentium 	5.1.2.4 	2009.08.12 	W32/Injector.J.gen!Eldorado
Avast 	4.8.1335.0 	2009.08.11 	Win32:PoisonIvy-IT
AVG 	8.5.0.406 	2009.08.12 	Generic14.PND
BitDefender 	7.2 	2009.08.12 	-
CAT-QuickHeal 	10.00 	2009.08.12 	-
ClamAV 	0.94.1 	2009.08.12 	-
Comodo 	1951 	2009.08.12 	-
DrWeb 	5.0.0.12182 	2009.08.12 	Trojan.MulDrop.30762
eSafe 	7.0.17.0 	2009.08.11 	-
eTrust-Vet 	31.6.6672 	2009.08.11 	-
F-Prot 	4.4.4.56 	2009.08.11 	W32/Injector.J.gen!Eldorado
F-Secure 	8.0.14470.0 	2009.08.12 	-
Fortinet 	3.120.0.0 	2009.08.12 	PossibleThreat
GData 	19 	2009.08.12 	Win32:PoisonIvy-IT
Ikarus 	T3.1.1.64.0 	2009.08.12 	Trojan.Win32.Refroso
Jiangmin 	11.0.800 	2009.08.12 	Trojan/Refroso.eh
K7AntiVirus 	7.10.816 	2009.08.11 	Trojan.Win32.Malware.1
Kaspersky 	7.0.0.125 	2009.08.12 	-
McAfee 	5706 	2009.08.11 	Backdoor-EBM
McAfee+Artemis 	5706 	2009.08.11 	Backdoor-EBM
McAfee-GW-Edition 	6.8.5 	2009.08.11 	-
Microsoft 	1.4903 	2009.08.12 	VirTool:Win32/Injector.gen!AC
NOD32 	4327 	2009.08.11 	probably a variant of Win32/Injector.VD
Norman 	6.01.09 	2009.08.11 	-
nProtect 	2009.1.8.0 	2009.08.12 	-
Panda 	10.0.0.14 	2009.08.11 	Generic Malware
PCTools 	4.4.2.0 	2009.08.11 	-
Rising 	21.42.20.00 	2009.08.12 	-
Sophos 	4.44.0 	2009.08.12 	-
Sunbelt 	3.2.1858.2 	2009.08.12 	-
Symantec 	1.4.4.12 	2009.08.12 	-
TheHacker 	6.3.4.3.381 	2009.08.11 	-
TrendMicro 	8.950.0.1094 	2009.08.12 	Cryp_Neb-2
VBA32 	3.12.10.9 	2009.08.12 	Trojan.Win32.Refroso.btv
ViRobot 	2009.8.12.1880 	2009.08.12 	Trojan.Win32.Downloader.26624.ED
VirusBuster 	4.6.5.0 	2009.08.11 	-
```

Дополнительная информация
File size: 68608 bytes
MD5   : 2329293297b6b593981e12b4877fe167
SHA1  : 009fc124ae022b41b3d0ba92a64c039ffbfb8be1
SHA256: 9f555faa47a4452529402049514296212ae498a2583dc7cb1a  a953e04e441008
PEInfo: PE Structure information


 Файл djdgfjdjd.exe получен 2009.08.12 07:15:19 (UTC)
Текущий статус: 
Результат: 3/41 (7.32%)




```
Антивирус 	Версия 	Обновление 	Результат
a-squared	4.5.0.24	2009.08.12	-
AhnLab-V3	5.0.0.2	2009.08.11	-
AntiVir	7.9.1.0	2009.08.11	-
Antiy-AVL	2.0.3.7	2009.08.12	-
Authentium	5.1.2.4	2009.08.12	-
Avast	4.8.1335.0	2009.08.11	-
AVG	8.5.0.406	2009.08.12	-
BitDefender	7.2	2009.08.12	-
CAT-QuickHeal	10.00	2009.08.12	Trojan.Agent.ATV
ClamAV	0.94.1	2009.08.12	-
Comodo	1951	2009.08.12	-
DrWeb	5.0.0.12182	2009.08.12	-
eSafe	7.0.17.0	2009.08.11	Suspicious File
eTrust-Vet	31.6.6672	2009.08.11	-
F-Prot	4.4.4.56	2009.08.11	-
F-Secure	8.0.14470.0	2009.08.12	-
Fortinet	3.120.0.0	2009.08.12	-
GData	19	2009.08.12	-
Ikarus	T3.1.1.64.0	2009.08.12	-
Jiangmin	11.0.800	2009.08.12	-
K7AntiVirus	7.10.816	2009.08.11	-
Kaspersky	7.0.0.125	2009.08.12	-
McAfee	5706	2009.08.11	-
McAfee+Artemis	5706	2009.08.11	Suspect-29!1CE551A37CBC
McAfee-GW-Edition	6.8.5	2009.08.11	-
Microsoft	1.4903	2009.08.12	-
NOD32	4327	2009.08.11	-
Norman	6.01.09	2009.08.11	-
nProtect	2009.1.8.0	2009.08.12	-
Panda	10.0.0.14	2009.08.11	-
PCTools	4.4.2.0	2009.08.11	-
Prevx	3.0	2009.08.12	-
Rising	21.42.21.00	2009.08.12	-
Sophos	4.44.0	2009.08.12	-
Sunbelt	3.2.1858.2	2009.08.12	-
Symantec	1.4.4.12	2009.08.12	-
TheHacker	6.3.4.3.381	2009.08.11	-
TrendMicro	8.950.0.1094	2009.08.12	-
VBA32	3.12.10.9	2009.08.12	-
ViRobot	2009.8.12.1880	2009.08.12	-
VirusBuster	4.6.5.0	2009.08.11	-
```

Дополнительная информация
File size: 32768 bytes
MD5...: 1ce551a37cbc38a1c151b014cc526bc6
SHA1..: 4b1299a4e892764be130ed56e1fbcc2edb797188
SHA256: 79eaa20b688609ce419d3411f07c5d6e1c675d80cfffdeed3a  cc3598423ed230
ssdeep: 768:C52qyKxcia7J37AepFr7RYt4zFWfbMIFCET18AM:e2qyK6  nJ3TpvWzt7p8AM
PEiD..: -

----------


## Kuzz

Файл sdra64.exe получен 2009.08.12 11:36:21 (UTC)
Антивирус	Версия	Обновление	Результат


```
a-squared	4.5.0.24	2009.08.12	-
AhnLab-V3	5.0.0.2	2009.08.12	Win-Trojan/Zbot.90624.D
AntiVir	7.9.1.0	2009.08.12	TR/Crypt.ZPACK.Gen
Antiy-AVL	2.0.3.7	2009.08.12	Trojan/Win32.Bancos.gen
Authentium	5.1.2.4	2009.08.12	-
Avast	4.8.1335.0	2009.08.11	Win32:Wali
AVG	8.5.0.406	2009.08.12	Win32/Cryptor
BitDefender	7.2	2009.08.12	-
CAT-QuickHeal	10.00	2009.08.12	TrojanBanker.Bancos.ezp
ClamAV	0.94.1	2009.08.12	-
Comodo	1953	2009.08.12	-
DrWeb	5.0.0.12182	2009.08.12	Trojan.PWS.Panda.122
eSafe	7.0.17.0	2009.08.11	-
eTrust-Vet	31.6.6673	2009.08.12	-
F-Prot	4.4.4.56	2009.08.11	-
F-Secure	8.0.14470.0	2009.08.12	-
Fortinet	3.120.0.0	2009.08.12	-
GData	19	2009.08.12	Win32:Wali
Ikarus	T3.1.1.64.0	2009.08.12	-
Jiangmin	11.0.800	2009.08.12	-
K7AntiVirus	7.10.816	2009.08.11	Trojan-Banker.Win32.Bancos.ezp
Kaspersky	7.0.0.125	2009.08.12	-
McAfee	5706	2009.08.11	-
McAfee+Artemis	5706	2009.08.11	Suspect-29!662BCDC96EE8
McAfee-GW-Edition	6.8.5	2009.08.12	Trojan.Crypt.ZPACK.Gen
Microsoft	1.4903	2009.08.12	PWS:Win32/Zbot.gen!R
NOD32	4328	2009.08.12	Win32/Spy.Zbot.TY
Norman	6.01.09	2009.08.11	-
nProtect	2009.1.8.0	2009.08.12	-
Panda	10.0.0.14	2009.08.11	-
PCTools	4.4.2.0	2009.08.11	-
Prevx	3.0	2009.08.12	-
Rising	21.42.23.00	2009.08.12	-
Sophos	4.44.0	2009.08.12	-
Sunbelt	3.2.1858.2	2009.08.12	Trojan-Downloader.Tibs.gen (v)
Symantec	1.4.4.12	2009.08.12	Packed.Generic.232
TheHacker	6.3.4.3.381	2009.08.11	-
TrendMicro	8.950.0.1094	2009.08.12	-
VBA32	3.12.10.9	2009.08.12	Trojan-Banker.Win32.Bancos.ezp
ViRobot	2009.8.12.1881	2009.08.12	-
VirusBuster	4.6.5.0	2009.08.11	-
```

Дополнительная информация
File size: 283136 bytes
MD5...: 662bcdc96ee813d04c7e6fb08534f079
SHA1..: 9c33adfdfcb435e46192c8823ae64170deb6c338
SHA256: f02ea121555317f95bd3dcccef51176b6ba4641314593d9b88  9f50528ced8f17
ssdeep: 6144:SNp5OsvTSj21dL7J3egClQBq0cP6amj+aLWxM8VSwtpHz  N9DM:+OceO06Bn<br>amjcxMAtpTNdM<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (53.1%)<br>Windows Screen Saver (18.4%)<br>Win32 Executable Generic (12.0%)<br>Win32 Dynamic Link Library (generic) (10.6%)<br>Generic Win/DOS Executable (2.8%)

----------


## senyak

Файл avz00003.dta получен 2009.08.12 15:43:13 (UTC)
Текущий статус: закончено
Результат: 15/41 (36.59%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.08.12	-
> *AhnLab-V3	5.0.0.2	2009.08.12	Win-Trojan/SpamMailer.27525*
> AntiVir	7.9.1.0	2009.08.12	-
> Antiy-AVL	2.0.3.7	2009.08.12	-
> Authentium	5.1.2.4	2009.08.12	-
> *Avast	4.8.1335.0	2009.08.12	Win32:Trojan-gen {Other}
> AVG	8.5.0.406	2009.08.12	Win32/Heur*
> BitDefender	7.2	2009.08.12	-
> ...


Дополнительная информация
File size: 27525 bytes
MD5...: cb074f6549dadd76904adcb6f509024c
SHA1..: 484a209b1c3e43d27d2089713fa34167a8f67510
SHA256: 469c7ce301e82a12c8736480b2dea062cc2c28756b37be73e6  7caa56460ddea7
ssdeep: 384:/0sk4SQSkBwgyn9MdwjFZ6CrcSdFWj3dAW4hd2NgMyOb2rg8kk//+fQceVFb
RgnO:/0sqR/jFZ1rPCrdvNgM4wkefQhbRgTp8
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...ea7-1250091793



Файл jrsfzxgd.exe получен 2009.08.12 16:15:51 (UTC)
Текущий статус: закончено
Результат: 25/41 (60.98%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.12	Trojan-Proxy.Win32.Verind!IK
> AhnLab-V3	5.0.0.2	2009.08.12	Win-Trojan/amGfauxhsX.5120
> AntiVir	7.9.1.0	2009.08.12	BDS/Backdoor.Gen*
> Antiy-AVL	2.0.3.7	2009.08.12	-
> *Authentium	5.1.2.4	2009.08.12	W32/Trojan-Sml-SDCW!Eldorado*
> Avast	4.8.1335.0	2009.08.12	-
> *AVG	8.5.0.406	2009.08.12	Generic13.CADV
> BitDefender	7.2	2009.08.12	Gen:Trojan.Heur.PT.amGfaK!uLCl
> ...


Дополнительная информация
File size: 5120 bytes
MD5...: 0c87865d034ab936b0be86532f5b4300
SHA1..: 69b3b452008de61d4cb08e43d999d2e52e90dc3f
SHA256: eb4f25b6c964065da80fe52d805d6723dfcd7a7474ebb4bfaf  a5baa9995ad2b0
ssdeep: 96:QQXJ8vfYA2/NU3az+pKM+kYgXMHP1AfEheKCR:9uIA2nz+8MxnaWfeeP
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification
Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...2b0-1250093751

----------


## valho

File i.php received on 2009.08.13 11:38:44 (UTC)
Current status: finished
Result: 6/41 (14.64%)



> a-squared	4.5.0.24	2009.08.13	-
> AhnLab-V3	5.0.0.2	2009.08.12	-
> *AntiVir	7.9.1.1	2009.08.13	EXP/SWF.28992*
> Antiy-AVL	2.0.3.7	2009.08.13	-
> Authentium	5.1.2.4	2009.08.13	-
> *Avast	4.8.1335.0	2009.08.12	SWFownloader-G*
> AVG	8.5.0.406	2009.08.13	-
> BitDefender	7.2	2009.08.13	-
> CAT-QuickHeal	10.00	2009.08.13	-
> ...


Additional information
File size: 8235 bytes
MD5...: 8fc7f1182c56f9508ae27fdfd1b7f0cc
SHA1..: 403fa78b76444d091fecfb910f72a79d36ed290d
SHA256: 1f72afd5b2093d0eb198415d11f1408b434a213d0c874cbeb5  df5e4e18302c60
ssdeep: 192:e4rET07JrqSTMiK0MqnFcf37sLRHr2C0cT7ZgR33Oz/tgUYwKEK+v2X/jwN:
ewasrqIg016oLRHrn7ZRtk62vcN
PEiD..: -
TrID..: File type identification
GZipped File (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (F-Prot): packed

*Добавлено через 44 минуты*

джоинер
File RJoiner_private.exe received on 2009.08.13 12:31:33 (UTC)
Current status: finished
Result: 27/41 (65.86%)



> *a-squared	4.5.0.24	2009.08.13	Trojan.MulDrop!IK*
> *AhnLab-V3	5.0.0.2	2009.08.13	Win-Trojan/Xema.variant*
> *AntiVir	7.9.1.1	2009.08.13	SPR/Tool.MultiDrop*
> Antiy-AVL	2.0.3.7	2009.08.13	-
> *Authentium	5.1.2.4	2009.08.13	W32/Dropper.EIT*
> *Avast	4.8.1335.0	2009.08.12	Win32:Tiny-NX*
> *AVG	8.5.0.406	2009.08.13	Dropper.Generic.AIJY*
> *BitDefender	7.2	2009.08.13	Trojan.Generic.199723*
> CAT-QuickHeal	10.00	2009.08.13	-
> ...


Additional information
File size: 588303 bytes
MD5...: 7f2a61a3c87402f7d3d18f8564051cd7
SHA1..: e17016f2cee2c688259e8a58687399987110518f
SHA256: 817279550d79e52b18af29b25fce85bbc4bb57fbea1c61fd94  adc5ec9b253877
ssdeep: 6144:320hO6kwpKJe+nqRv6BcWTUvZnpW0FW5VuYtX0G3ouODX  xAQR5uC4z3u:32
XgwSQoZnpTFWLuYyG8DXhRUC4Lu
PEiD..: Armadillo v1.71
TrID..: File type identification
Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x276c
timedatestamp.....: 0x45aa46c1 (Sun Jan 14 15:05:37 2007)
machinetype.......: 0x14c (I386)
Prevx info: http://info.prevx.com/aboutprogramte...683B00DE66270C

----------


## senyak

Опять сельсовет

Файл advapi3.dll получен 2009.08.13 13:35:56 (UTC)
Текущий статус: закончено
Результат: 14/41 (34.15%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.13	Trojan.Win32.Smardf!IK*
> AhnLab-V3	5.0.0.2	2009.08.13	-
> *AntiVir	7.9.1.1	2009.08.13	DR/Delphi.Gen*
> Antiy-AVL	2.0.3.7	2009.08.13	-
> Authentium	5.1.2.4	2009.08.13	-
> Avast	4.8.1335.0	2009.08.12	-
> AVG	8.5.0.406	2009.08.13	-
> BitDefender	7.2	2009.08.13	-
> ...


Дополнительная информация
File size: 124416 bytes
MD5...: 33508d9ebc8cf3c04dc2b310027f28a5
SHA1..: 6416dfb7bdf8588b2f3b1c58be098b345cc7a048
SHA256: faf58e0a62a38e9f2cd77811d9a5806fd2e69099f38bca8b6f  f137c660144530
ssdeep: 1536:wIq+E53FXSNRPV+w8hcqLNhrgIvNSFC/6MIvcg9BkQmwTvaDTfNWtHiG7E9
6RXUg :Stick Out Tongue: aFCNRPV+wycOSFNmwTvaDUHFELS9xcC
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...530-1250170556




Файл eng_1_.htm получен 2009.08.13 13:43:21 (UTC)
Текущий статус: закончено
Результат: 10/41 (24.4%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.08.13	-
> AhnLab-V3	5.0.0.2	2009.08.13	-
> *AntiVir	7.9.1.1	2009.08.13	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.13	-
> Authentium	5.1.2.4	2009.08.13	-
> *Avast	4.8.1335.0	2009.08.12	JSacked-AL*
> AVG	8.5.0.406	2009.08.13	-
> BitDefender	7.2	2009.08.13	-
> ...


Дополнительная информация
File size: 6470 bytes
MD5...: c2fb62a36f5f24c948b04abf6859844c
SHA1..: d2190eeff2f6d12a467c4c26ebb2e5c5568a817c
SHA256: 06f5f5ec59ab5cf89f42697f798ab978b2e6534dcbe47faf86  c9453dec22fb22
ssdeep: 192:EnQCHz9CJ5NrZjkjDmPTC9iJoNA+p8qVdd:af9CJ5N9lPx  2G+p8c
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...b22-1250171001




Файл ntfs.sys.000 получен 2009.08.13 14:25:56 (UTC)
Текущий статус: закончено
Результат: 8/41 (19.52%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.08.13	-
> AhnLab-V3	5.0.0.2	2009.08.13	-
> *AntiVir	7.9.1.1	2009.08.13	RKIT/Kobcka.Patched.A*
> Antiy-AVL	2.0.3.7	2009.08.13	-
> Authentium	5.1.2.4	2009.08.13	-
> Avast	4.8.1335.0	2009.08.12	-
> *AVG	8.5.0.406	2009.08.13	Rootkit-Pakes.M
> BitDefender	7.2	2009.08.13	Rootkit.Kobcka.Patched.A*
> ...


Дополнительная информация
File size: 619200 bytes
MD5...: 93913fec6578aecc929563dab3e5e428
SHA1..: c90fd4bbb015884b90ce927c24558f8714ae1857
SHA256: b6ab9a961f1d0a473e4b73ea60dd65fa4fcf4d2fe5672f02f4  419792b4f32748
ssdeep: 6144:FYvlJCuNJ3Loj+sr/rwFSrS8yXtiwOxHzlxFR0Pd4s3BSCx4PTaQrkvH0jp
d7cXR:yJCC+H+SO8gdoEBRSCyba8PjkX4VU
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...748-1250173556




Файл ScbData.exe получен 2009.08.13 14:29:39 (UTC)
Текущий статус: закончено
Результат: 30/41 (73.18%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.13	Backdoor.Win32.Hupigon!IK
> AhnLab-V3	5.0.0.2	2009.08.13	Win-Trojan/Hupigon.502784.Y
> AntiVir	7.9.1.1	2009.08.13	BDS/Hupigon.MY.19*
> Antiy-AVL	2.0.3.7	2009.08.13	-
> *Authentium	5.1.2.4	2009.08.13	W32/Agent.GMB*
> Avast	4.8.1335.0	2009.08.12	-
> *AVG	8.5.0.406	2009.08.13	Win32/Heur
> BitDefender	7.2	2009.08.13	Backdoor.Hupigon.MY
> ...


Дополнительная информация
File size: 502784 bytes
MD5...: 6d192a0924d1565097c9e0ef068031cf
SHA1..: cb225bedacd6d1b614a1557209e144563216d818
SHA256: 7bd1d8a97253193c2f73cfff4777622d126330104b755e2f07  230b19ea490546
ssdeep: 6144:tO0eBeuipeiuhPlS1Ew5EUOKQ71Yk29Lu7W1Q55HiD+th  m+grcqHEXIkwqJ
6wUvC:tO0eBEpe91li5wDos7WGSQAJ9HEw64v
PEiD..: NSPack 3.x -> Liu Xing Ping
TrID..: File type identification
Win32 EXE Yoda's Crypter (56.8%)
Win32 Executable Generic (18.2%)
Win32 Dynamic Link Library (generic) (16.2%)
Generic Win/DOS Executable (4.2%)
DOS Executable Generic (4.2%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...546-1250173779




Файл win_1_.jpg получен 2009.08.13 14:45:05 (UTC)
Текущий статус: закончено
Результат: 17/40 (42.5%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.13	Exploit.Win32.DirektShow!IK*
> AhnLab-V3	5.0.0.2	2009.08.13	-
> *AntiVir	7.9.1.1	2009.08.13	EXP/DirektShow.A
> Antiy-AVL	2.0.3.7	2009.08.13	Exploit/Win32.DirektShow
> Authentium	5.1.2.4	2009.08.13	DirektShow.A*
> Avast	4.8.1335.0	2009.08.12	-
> AVG	8.5.0.406	2009.08.13	-
> BitDefender	7.2	2009.08.13	-
> ...


Дополнительная информация
File size: 63 bytes
MD5...: c26a70a02442035a7836c1f6d0a50bf0
SHA1..: 3f36e6c0deb823d0497c8c91f957c52b1de8addb
SHA256: a58e3a42daf56fa95d67a157b9c699e43e89e254bcc717ff04  d9d19d1ffb40b4
ssdeep: 3:/5ltfRJLn:/7bln
PEiD..: -
TrID..: File type identification
Adobe PhotoShop Brush (49.3%)
BONK lossless/lossy audio compressor (49.3%)
Sybase iAnywhere database files (0.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.3%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

http://www.virustotal.com/ru/analisi...0b4-1250174705

----------


## valho

Посмотрел пару ссылок которые были на твиттере закодированные BASE64
File body received on 2009.08.15 13:17:06 (UTC)
Current status: finished
Result: 5/41 (12.2%)



> a-squared	4.5.0.24	2009.08.15	-
> AhnLab-V3	5.0.0.2	2009.08.15	-
> AntiVir	7.9.1.1	2009.08.14	-
> Antiy-AVL	2.0.3.7	2009.08.14	-
> *Authentium	5.1.2.4	2009.08.14	W32/Heuristic-KPP!Eldorado*
> Avast	4.8.1335.0	2009.08.14	-
> AVG	8.5.0.406	2009.08.15	-
> BitDefender	7.2	2009.08.15	-
> CAT-QuickHeal	10.00	2009.08.13	-
> ...


Additional information
File size: 178792 bytes
MD5...: 1a81e69e65b75f8b9e72e94c6f86a52b
SHA1..: 41b6344da04df875368eb5f87e10c00df8e1ccbb
SHA256: 2d4af620b5ec07325927b78431835466575b72c4a616049ff5  8e2cef6e3091b7
ssdeep: 3072:ok2t51Sf3Y+O/8qkaQ7NuASq6fknbxqpQXUG3ijtCi95C2lbbISaCXkCtsF
dy:oH50PY+OkqkP7RYknbxJUG3ijx95hdUw
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (Kaspersky): MIME.Broken, PE_Patch.UPX, UPX
packers (Authentium): base64, UPX
packers (F-Prot): base64, UPX

File body received on 2009.08.15 13:25:48 (UTC)
Current status: finished
Result: 4/41 (9.76%)



> a-squared	4.5.0.24	2009.08.15	-
> AhnLab-V3	5.0.0.2	2009.08.15	-
> AntiVir	7.9.1.1	2009.08.14	-
> Antiy-AVL	2.0.3.7	2009.08.14	-
> *Authentium	5.1.2.4	2009.08.14	W32/EmailRisk.A!Camelot*
> Avast	4.8.1335.0	2009.08.14	-
> AVG	8.5.0.406	2009.08.15	-
> BitDefender	7.2	2009.08.15	-
> CAT-QuickHeal	10.00	2009.08.13	-
> ...


Additional information
File size: 180064 bytes
MD5...: a5051a6e5365bdc4dd8267e62d3e2902
SHA1..: 441a4a1e35582b7822e00ec88b453f4df6ace3ef
SHA256: 11f3b7d0ec11e9ea44f4d8a81860d9a5d63d38a95ee677044f  20e0fcb52f8218
ssdeep: 3072:VTRPvNxJSWmo5SfI7NwQSWNAQ19wCQsBiYk+zYLrztb7D  49huV1U81QQ:H9
l7eqAQ19NFiYk+zYdOs3B1Z
PEiD..: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
packers (Kaspersky): MIME.Broken, MPRESS, PE_Patch.UPX, UPX
packers (F-Prot): base64, UPX
packers (Authentium): base64

----------


## senyak

Файл Book_4310.exe получен 2009.08.15 15:29:54 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.2%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.15	Trojan-Downloader.Adload!IK*
> AhnLab-V3	5.0.0.2	2009.08.15	-
> *AntiVir	7.9.1.1	2009.08.14	ADSPY/AdSpy.Gen*
> Antiy-AVL	2.0.3.7	2009.08.14	-
> Authentium	5.1.2.4	2009.08.14	-
> Avast	4.8.1335.0	2009.08.14	-
> AVG	8.5.0.406	2009.08.15	-
> BitDefender	7.2	2009.08.15	-
> ...


Дополнительная информация
File size: 2839109 bytes
MD5...: 8f009d05aaca2a4ac75084b7b57ffada
SHA1..: 4d51d689cf000b433979723828241563737d8833
SHA256: b612c33016c3cf543f666137056b4eec784d6a03d8a5ad7d6f  4d48505a1b0494
ssdeep: 49152:jkBxIqMYEU9xgiczfxqBMcTUV+FQ1oXoi3O8FZE++PPI  o0E3TfkT9Dvg2e
5E+B7F:gBxgxU9xSzfxqicTY++yXz3LFYPP4T5Y
PEiD..: ASProtect v1.23 RC1
TrID..: File type identification
Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...494-1250350194

----------


## 9073

А где можно статистику посмотреть?

----------


## valho

File l.phpfxe received on 2009.08.15 20:27:59 (UTC)
Current status: finished
Result: 4/41 (9.76%)



> a-squared	4.5.0.24	2009.08.15	-
> AhnLab-V3	5.0.0.2	2009.08.15	-
> *AntiVir	7.9.1.1	2009.08.14	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.14	-
> Authentium	5.1.2.4	2009.08.15	-
> *Avast	4.8.1335.0	2009.08.14	JS:Pdfka-KR*
> AVG	8.5.0.406	2009.08.15	-
> BitDefender	7.2	2009.08.15	-
> CAT-QuickHeal	10.00	2009.08.13	-
> ...


Additional information
File size: 6338 bytes
MD5...: 6493f1bd8bad9ead58475a903fb0acbd
SHA1..: cceeda2aa8d80e10ea82a20e128f69ed7cba35f9
SHA256: cc7685a8bf3dd1c7b296b780a8f95a137b9349e2f28966c433  ddbbe856ca8cc0
ssdeep: 192:0HpcC/qyYfyljhW2hhouZH0cbdnVTrwW11zTAkk:4pcCSyYfyljhlfoa  H0cb
dnVTrwWjvxk
PEiD..: -
TrID..: File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

*Добавлено через 6 часов 2 минуты*

2 Порно-баннера
File mediamodule.wsf received on 2009.08.16 02:17:55 (UTC)
Current status: finished
Result: 0/41 (0%)



> a-squared	4.5.0.24	2009.08.15	-
> AhnLab-V3	5.0.0.2	2009.08.15	-
> AntiVir	7.9.1.1	2009.08.14	-
> Antiy-AVL	2.0.3.7	2009.08.14	-
> Authentium	5.1.2.4	2009.08.15	-
> Avast	4.8.1335.0	2009.08.15	-
> AVG	8.5.0.406	2009.08.15	-
> BitDefender	7.2	2009.08.16	-
> CAT-QuickHeal	10.00	2009.08.13	-
> ...


Additional information
File size: 163339 bytes
MD5...: 38a583d21abe894867e4e04ec2412f45
SHA1..: a4a547c80482d147117c10bc5e07c5191cd9923f
SHA256: a80402d559067c18d6c55a192eba5275154af7b380324c3c16  746da21ea07274
ssdeep: 3072:lJ436MPJeN8g/PVk+gS0vONH15XoYWJzRo+ZbPWDz/z/MtsMeKXURF7LlFw
RTJd:l67JeKp+gS0vONH15XoYWJ9zbWzDOsMV
PEiD..: -
TrID..: File type identification
Generic XML (ASCII) (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File msmedia.dll received on 2009.08.16 02:32:11 (UTC)
Current status: finished
Result: 6/41 (14.64%)



> a-squared	4.5.0.24	2009.08.15	-
> AhnLab-V3	5.0.0.2	2009.08.15	-
> *AntiVir	7.9.1.1	2009.08.14	TR/BHO.cnd.11*
> Antiy-AVL	2.0.3.7	2009.08.14	-
> Authentium	5.1.2.4	2009.08.15	-
> Avast	4.8.1335.0	2009.08.15	-
> AVG	8.5.0.406	2009.08.15	-
> BitDefender	7.2	2009.08.16	-
> *CAT-QuickHeal	10.00	2009.08.13	Trojan.BHO.xxx*
> ...


Additional information
File size: 12800 bytes
MD5...: 9b38d561fe668ab63e0235bb68376264
SHA1..: 04ed2910439896bc09e5c7faf664354db91eccb1
SHA256: cbee213f302d4f0a84d7649e26e0fe06335ea083b594f66775  2936ad1ca3ac16
ssdeep: 192:Ib0eptbbmhWFxl2s4+i2MLjcW6hxhMKQABdX/:IIefbbGWrgs4+i2MLD6hMK
ddv
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x268c
timedatestamp.....: 0x4a867db7 (Sat Aug 15 09:19:51 2009)
machinetype.......: 0x14c (I386)
Prevx info: http://info.prevx.com/aboutprogramte...C74800DB7C31AF

File datafeeder.wsf received on 2009.08.16 02:19:25 (UTC)
Current status: finished
Result: 4/41 (9.76%)



> a-squared	4.5.0.24	2009.08.15	-
> AhnLab-V3	5.0.0.2	2009.08.15	-
> AntiVir	7.9.1.1	2009.08.14	-
> Antiy-AVL	2.0.3.7	2009.08.14	-
> Authentium	5.1.2.4	2009.08.15	-
> *Avast	4.8.1335.0	2009.08.15	JS:XmlPack-C*
> AVG	8.5.0.406	2009.08.15	-
> BitDefender	7.2	2009.08.16	-
> CAT-QuickHeal	10.00	2009.08.13	-
> ...


Additional information
File size: 105923 bytes
MD5...: fb046d8b30f072e14c2be00bf02ce751
SHA1..: 8f1bbc3f5a11c831d15f3cebacfeaf5f08e1ee49
SHA256: 46cbdd5d1679fa2da5baf46e7c7d4e5d57db32622ca3055d22  e1d83b204758ab
ssdeep: 1536:n0x4jNBhowEwLXIEb8NDHe6qGUMO28uB60QbOC:n00dWD  e
PEiD..: -
TrID..: File type identification
file seems to be plain text/ASCII (0.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File bpfeed.dll received on 2009.08.16 02:32:08 (UTC)
Current status: finished
Result: 29/41 (70.73%)



> a-squared 	4.5.0.24 	2009.08.15 	*Trojan.Win32.BHO!IK*
> AhnLab-V3 	5.0.0.2 	2009.08.15 	*Win-Trojan/Bho.12288.K*
> AntiVir 	7.9.1.1 	2009.08.14 *	TR/BHO.cnd.11*
> Antiy-AVL 	2.0.3.7 	2009.08.14 	*Trojan/Win32.BHO.gen*
> Authentium 	5.1.2.4 	2009.08.15 	-
> Avast 	4.8.1335.0 	2009.08.15 	*Win32:Trojan-gen {Other}*
> AVG 	8.5.0.406 	2009.08.15 	*Generic13.AVZX*
> BitDefender 	7.2 	2009.08.16 	*Trojan.Generic.IS.591961*
> CAT-QuickHeal 	10.00 	2009.08.13 	*Trojan.BHO.suf*
> ...


Additional information
File size: 12288 bytes
MD5   : f86854e5edd2f2a4eb730d1e59bd3154
SHA1  : bf2329a0f7f8de8b5632851852d52f155c091f35
SHA256: 5ff9068b7af8ddbdc2802ac1da44e95d5891e19834e8915c4e  36cbfbb9bc94fb
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2515
timedatestamp.....: 0x4A0D3014 (Fri May 15 11:04:20 2009)
machinetype.......: 0x14C (Intel I386)
Prevx Info: http://info.prevx.com/aboutprogramte...2D4500FBF1DE36

----------


## senyak

Файл D6513f8c3.exe получен 2009.08.18 09:15:26 (UTC)
Текущий статус: закончено
Результат: 17/41 (41.47%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.18	Trojan-Downloader.Win32.Bredolab!IK
> AhnLab-V3	5.0.0.2	2009.08.18	Win-Trojan/Bredolab.37888.D*
> AntiVir	7.9.1.1	2009.08.18	-
> Antiy-AVL	2.0.3.7	2009.08.18	-
> *Authentium	5.1.2.4	2009.08.18	W32/Bredolab.H*
> Avast	4.8.1335.0	2009.08.17	-
> *AVG	8.5.0.406	2009.08.18	Injector.FG*
> *BitDefender	7.2	2009.08.18	Trojan.Downloader.Bredolab.U*
> ...


Дополнительная информация
File size: 37888 bytes
MD5...: 0f94ecc9f6d7f6b95f9f2ef03064322b
SHA1..: 47406ca931d2f11f97c7f324893256ce44dcb694
SHA256: 757b2224a172d66a7f701771445b778a0bdb83b07689e9e542  32268ba34523ee
ssdeep: 768 :lol: wMA6Qfjjk1rtfWxMm3xP1mETgHZUx84bTZAjSLy63:dZujkpWx  xP19+ZEZ
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...3ee-1250586926

*Добавлено через 10 часов 29 минут*

Файл foto20.scr получен 2009.08.18 19:45:10 (UTC)
Текущий статус: закончено
Результат: 15/41 (36.59%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.18	Riskware.Win32.Injector!IK*
> AhnLab-V3	5.0.0.2	2009.08.18	-
> *AntiVir	7.9.1.3	2009.08.18	DR/Delphi.Gen*
> Antiy-AVL	2.0.3.7	2009.08.18	-
> Authentium	5.1.2.4	2009.08.18	-
> *Avast	4.8.1335.0	2009.08.17	Win32:Trojan-gen {Other}
> AVG	8.5.0.406	2009.08.18	Dropper.Agent.NXB*
> BitDefender	7.2	2009.08.18	-
> ...


Дополнительная информация
File size: 255488 bytes
MD5...: dde1a0399b8bc55b12e82d3ff4fc2639
SHA1..: 6951a2e208d5d9cffdea80a0d80069df43f084a4
SHA256: 639588febe1c84896d20506be659a3e34db2254d89171f934b  fe52740b6fd26a
ssdeep: 6144:nkwVMPJO3WKxzwo6wy6G/EmCGWYogcavy5qSGDN8TwYUJIZs62d:neSjNwN
wtdmCGrZy5DTMJIZsjd
PEiD..: BobSoft Mini Delphi -> BoB / BobSoft
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...26a-1250624710

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## valho

File qip.exe received on 2009.08.18 20:05:57 (UTC)
Current status: finished
Result: 16/41 (39.03%)



> *a-squared	4.5.0.24	2009.08.18	Virus.Win32.Induc!IK*
> AhnLab-V3	5.0.0.2	2009.08.18	-
> *AntiVir	7.9.1.3	2009.08.18	W32/Induc.A*
> *Antiy-AVL	2.0.3.7	2009.08.18	Virus/Win32.Induc*
> Authentium	5.1.2.4	2009.08.18	-
> Avast	4.8.1335.0	2009.08.17	-
> AVG	8.5.0.406	2009.08.18	-
> BitDefender	7.2	2009.08.18	-
> CAT-QuickHeal	10.00	2009.08.18	-
> ...


Additional information
File size: 3281408 bytes
MD5...: 8b47125b2ccadcddd45ed8dd53c7dcf2
SHA1..: 9f6c4aff36669b591905180dd2e5c5706ae29edb
SHA256: 3a99d3df2b1461456c1962c00b3f831c795d427d6475a6b92f  145c3aafc1f2cc
ssdeep: 49152:63/FrwrF+ORrT8XkirH2cAk2bhDNzgb4yz8UGDsTDy1/Qzf9am:63Nrwx+
orT8XktZk2bDzLPVDZ1/Q9
PEiD..: -
TrID..: File type identification
InstallShield setup (37.7%)
Win32 EXE PECompact compressed (generic) (36.4%)
Win32 Executable Delphi generic (12.8%)
Win32 Executable Generic (7.4%)
Win16/32 Executable Delphi generic (1.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2951b8
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

Prevx info: http://info.prevx.com/aboutprogramte...18C4007D4D7751

----------


## senyak

Файл Avira-Key-FinderV2.00.exe получен 2009.08.19 20:32:39 (UTC)
Текущий статус: закончено
Результат: 17/41 (41.47%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.19	Trojan-Dropper.Win32.Hupigon!IK*
> AhnLab-V3	5.0.0.2	2009.08.19	-
> *AntiVir	7.9.1.3	2009.08.19	BDS/Bifrose.fqs.2
> Antiy-AVL	2.0.3.7	2009.08.18	Backdoor/Win32.Bifrose.gen*
> Authentium	5.1.2.4	2009.08.19	-
> Avast	4.8.1335.0	2009.08.19	-
> *AVG	8.5.0.406	2009.08.19	Agent.4.AP*
> BitDefender	7.2	2009.08.19	-
> ...


Дополнительная информация
File size: 253304 bytes
MD5...: 84420b71249baef0d642dc1384cbd2bb
SHA1..: 0f845978132c80998bffc2c54ab759daa93336f9
SHA256: 5baca7bc80efb19bb87ea517bf07dfdd6687ab8a35bb0567bc  89ce848a72a115
ssdeep: 3072:uwxVMhOC/dTDbq91+mno3t4QZQ3rVbpMgAITNzYpvGUJ9ROfr7w4lh+vC9Y
zDOCj:uTfFDbRnOTrVbpMQTQbUz7ww+6nF3k
PEiD..: -
TrID..: File type identification
WinRAR Self Extracting archive (96.2%)
Win32 Executable Generic (1.5%)
Win32 Dynamic Link Library (generic) (1.4%)
Generic Win/DOS Executable (0.3%)
DOS Executable Generic (0.3%)
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...115-1250713959

*Добавлено через 1 час 49 минут*

Файл VK_golosa_v3.8.bat получен 2009.08.19 22:02:36 (UTC)
Текущий статус: закончено
Результат: 15/41 (36.59%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.19	Trojan.BAT.Qhost!IK
> AhnLab-V3	5.0.0.2	2009.08.19	BAT/Vkhost*
> AntiVir	7.9.1.3	2009.08.19	-
> *Antiy-AVL	2.0.3.7	2009.08.18	Trojan/BAT.Qhost*
> Authentium	5.1.2.4	2009.08.19	-
> Avast	4.8.1335.0	2009.08.19	-
> AVG	8.5.0.406	2009.08.19	Hosts
> *BitDefender	7.2	2009.08.19	Trojan.Script.155885*
> ...


Дополнительная информация
File size: 13610 bytes
MD5...: adc8fd6a2ae4e11c749445bf4bf94b7d
SHA1..: 9c88c0acb43d9126d38c98b58e356c6d698b7a3b
SHA256: a9da4d47a8b9dbd36e89bd241876cccb3861d22e092e7144aa  36d96dc151b698
ssdeep: 384:QQ705SlCsVmvNocg9CJi+xJ22z+HgDRqcxjuXoKJD44fYp  M5UtzU0B1Y3DQa
QVSz:QQ705SlCsVmvNocg9CJi+xJ22z+HgDRu
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...698-1250719356

----------


## senyak

Файл Rat.exe получен 2009.08.20 17:16:49 (UTC)
Текущий статус: закончено
Результат: 8/41 (19.51%)



> Антивирус 	Версия 	Обновление 	Результат
> *a-squared 	4.5.0.24 	2009.08.20 	Riskware.Win32.Vbinder!IK*
> AhnLab-V3 	5.0.0.2 	2009.08.20 	-
> AntiVir 	7.9.1.3 	2009.08.20 	-
> Antiy-AVL 	2.0.3.7 	2009.08.20 	-
> Authentium 	5.1.2.4 	2009.08.19 	-
> *Avast 	4.8.1335.0 	2009.08.20 	Win32:VB-NBM*
> AVG 	8.5.0.406 	2009.08.20 	-
> *BitDefender 	7.2 	2009.08.20 	Gen:[email protected]*
> ...


Дополнительная информация
File size: 86016 bytes
MD5   : 95412a6164bc854d1390cd796ef0fb60
SHA1  : 1ebf27edb2e4aa54dbc0c2f4201ffee530da5136
SHA256: 041c5b0f7e25a66f9312199aefbc74f73a5380eca8f1eab01f  ece461fa6b84be
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10E4
timedatestamp.....: 0x4A85A8AC (Fri Aug 14 20:10:52 2009)
machinetype.......: 0x14C (Intel I386)

http://www.virustotal.com/ru/analisi...4be-1250788609




Файл StartServ.exe получен 2009.08.20 17:17:10 (UTC)
Текущий статус: закончено
Результат: 9/41 (21.95%)



> Антивирус 	Версия 	Обновление 	Результат
> *a-squared 	4.5.0.24 	2009.08.20 	Riskware.Win32.Vbinder!IK*
> AhnLab-V3 	5.0.0.2 	2009.08.20 	-
> AntiVir 	7.9.1.3 	2009.08.20 	-
> Antiy-AVL 	2.0.3.7 	2009.08.20 	-
> Authentium 	5.1.2.4 	2009.08.19 	-
> *Avast 	4.8.1335.0 	2009.08.20 	Win32:VB-NBM*
> AVG 	8.5.0.406 	2009.08.20 	-
> *BitDefender 	7.2 	2009.08.20 	Gen:[email protected]*
> ...


Дополнительная информация
File size: 217088 bytes
MD5   : 79aec5d1f68efcc305c8448be8cd5865
SHA1  : bf98d92dee1ac5bbb5982a9e2384977c90c108e0
SHA256: fd2d42c44eb4493b20ea47366111bd20d33200bec4d99b262a  ff75633f32da85
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10E4
timedatestamp.....: 0x4A84EE6B (Fri Aug 14 06:56:11 2009)
machinetype.......: 0x14C (Intel I386)

http://www.virustotal.com/ru/analisi...a85-1250788630

----------


## valho

File vk.exe received on 2009.08.23 00:26:29 (UTC)
Current status: finished
Result: 7/41 (17.08%)



> *a-squared	4.5.0.24	2009.08.22	Trojan.Win32.Buzus!IK*
> AhnLab-V3	5.0.0.2	2009.08.21	-
> *AntiVir	7.9.1.3	2009.08.21	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2009.08.21	-
> Authentium	5.1.2.4	2009.08.22	-
> Avast	4.8.1335.0	2009.08.22	-
> AVG	8.5.0.406	2009.08.22	-
> BitDefender	7.2	2009.08.23	-
> CAT-QuickHeal	10.00	2009.08.22	-
> ...


Additional information
File size: 36699 bytes
MD5...: a1ff39154e384a4466b26273310eab8d
SHA1..: e4cdd4bc80c9a0a2d9d5f7dc03eb74f98695cc6a
SHA256: 7b0f5b716119791ae83b02eb945758976b8695f5362a5ad2de  8c2c7979d07cfa
ssdeep: 768:CVKpOHT9gseyDHlWZMnJGy9+4t7eh/tp0u+4:3ZMo6wB+4
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1088
timedatestamp.....: 0x4a8f3350 (Fri Aug 21 23:52:48 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x28b8 0x3000 4.49 bcd95f1c4d4b3a41c16358d27468375e
.data 0x4000 0x3c4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x5000 0x1000 0x1000 1.99 ea62b9a1b5caef3b58665c8382eac421

( 1 imports )
> MSVBVM60.DLL: -, DllFunctionCall, __vbaExceptHandler, -, -, -, ProcCallEngine, -, -, -, -, -

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-

----------


## valho

File VashBonus.exe received on 2009.08.24 22:41:28 (UTC)
Current status: finished
Result: 27/41 (65.86%)



> *a-squared	4.5.0.24	2009.08.24	Trojan-Banker.Win32.Banker!IK*
> AhnLab-V3	5.0.0.2	2009.08.24	-
> *AntiVir	7.9.1.3	2009.08.24	TR/Click.Delf.bzo*
> Antiy-AVL	2.0.3.7	2009.08.24	-
> Authentium	5.1.2.4	2009.08.24	-
> *Avast	4.8.1335.0	2009.08.24	Win32:Trojan-gen {Other}*
> *AVG	8.5.0.406	2009.08.24	Clicker.XBG*
> *BitDefender	7.2	2009.08.25	Trojan.Generic.1691387*
> *CAT-QuickHeal	10.00	2009.08.24	TrojanClicker.Delf.bzo*
> ...


Additional information
File size: 1675264 bytes
MD5...: cb75124399057819a8262fda0bcabd8b
SHA1..: 2dbc57848ba77c5b329b7c18a0949d38673421fa
SHA256: 38b30ed40e6c28326b641dbdda9f246b705a4b5790f8d6a6e3  677d4c320fee51
ssdeep: 24576:D2DMNBZzRTYHcagijozx7uC29IbnxHxLRhzMoYRuYW5e  NOtvsBxMl1yGsz
O:qD47zne2LbnL9hYRWlVl1yp
PEiD..: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Borland Delphi 7 (44.7%)
Win32 Executable Borland Delphi 5 (30.1%)
Win32 Executable Borland Delphi 6 (17.5%)
InstallShield setup (2.8%)
Win32 EXE PECompact compressed (generic) (2.7%)
http://info.prevx.com/aboutprogramte...2727003263DAC7

File ___________.exe received on 2009.08.24 22:42:35 (UTC)
Current status: finished
Result: 9/40 (22.5%)



> AhnLab-V3	5.0.0.2	2009.08.24	-
> *AntiVir	7.9.1.3	2009.08.24	TR/Click.Delf.cjk*
> Antiy-AVL	2.0.3.7	2009.08.24	-
> Authentium	5.1.2.4	2009.08.24	-
> *Avast	4.8.1335.0	2009.08.24	Win32:Trojan-gen {Other}*
> AVG	8.5.0.406	2009.08.24	-
> BitDefender	7.2	2009.08.25	-
> CAT-QuickHeal	10.00	2009.08.24	-
> ClamAV	0.94.1	2009.08.24	-
> ...


Additional information
File size: 1477632 bytes
MD5...: b39ad8ee0da88e83c1e1b5f85ccdc9f0
SHA1..: f84b6815ea403d9216bb3e89e8fcf4dfd01fe32c
SHA256: 5da01f0ac9dfa37fdbd068881690e3648e9e369c8a0fedb9d4  e5e7dd0fac8944
ssdeep: 24576:6eGfgyN4sHBN+Wp5Ccl1NH12YRuYW5eNOtvsBxMl1yGs  zd0:6lV3Tp/jnR
WlVl1yp
PEiD..: -
RDS...: NSRL Reference Data Set
-
trid..: Win32 Executable Borland Delphi 7 (46.0%)
Win32 Executable Borland Delphi 5 (31.0%)
Win32 Executable Borland Delphi 6 (18.0%)
Win32 EXE PECompact compressed (generic) (2.8%)
Win32 Executable Delphi generic (1.0%)
pdfid.: -

File _________________.exe received on 2009.08.24 22:43:49 (UTC)
Current status: finished
Result: 11/40 (27.5%)



> *a-squared	4.5.0.24	2009.08.24	Trojan-PWS.Win32.QQShou!IK*
> AhnLab-V3	5.0.0.2	2009.08.24	-
> *AntiVir	7.9.1.3	2009.08.24	TR/Click.Delf.cjk*
> Antiy-AVL	2.0.3.7	2009.08.24	-
> Authentium	5.1.2.4	2009.08.24	-
> *Avast	4.8.1335.0	2009.08.24	Win32:Trojan-gen {Other}*
> BitDefender	7.2	2009.08.25	-
> CAT-QuickHeal	10.00	2009.08.24	-
> *ClamAV	0.94.1	2009.08.24	Trojan.Clicker-3215*
> ...


Additional information
File size: 1477632 bytes
MD5...: c9e7ffcdfd8fa4729f00e4b0536fa20c
SHA1..: a6210e795e67f5961323567505e2a8a82962ab93
SHA256: 64c549fba0f71e50f704938f47a56cb7a157d35384ebd32acc  51cac057f8162c
ssdeep: 24576:yeGfgyNEgHBN+OpFCct1dmSeYRuYW5eNOtvsBxMl1yGs  zdG:ylVvrpLP/R
WlVl1yp
PEiD..: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Borland Delphi 7 (46.0%)
Win32 Executable Borland Delphi 5 (31.0%)
Win32 Executable Borland Delphi 6 (18.0%)
Win32 EXE PECompact compressed (generic) (2.8%)
Win32 Executable Delphi generic (1.0%)

----------


## senyak

Файл 7.exe получен 2009.08.26 19:40:04 (UTC)
Текущий статус: закончено
Результат: 19/41 (46.35%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.26	Trojan.Win32.Buzus!IK*
> AhnLab-V3	5.0.0.2	2009.08.26	-
> *AntiVir	7.9.1.7	2009.08.26	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2009.08.24	-
> Authentium	5.1.2.4	2009.08.26	-
> *Avast	4.8.1335.0	2009.08.26	Win32:Trojan-gen {Other}
> AVG	8.5.0.406	2009.08.26	Dropper.Generic.AVLF*
> BitDefender	7.2	2009.08.26	-
> ...


Дополнительная информация
File size: 52566 bytes
MD5...: 8fca69cce58103a86a2b7e2a7378b389
SHA1..: b5f646a551221aa3aa5cc16f4a0dba337a4d0bdf
SHA256: 355967a7bf77b77675b65e7555b92a3d1f66570c0a4b4b146a  e7605df640e8a7
ssdeep: 768:nzK1epOHT9gseyDHKWVm1JkHbRmVMd+4P8dwkaNBPFEiLA  Vj+HkEev/I6peh
Ctyz:nzoVmD0SMddVuisJRQCt4c2
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1088
timedatestamp.....: 0x4a907686 (Sat Aug 22 22:51:50 2009)
machinetype.......: 0x14c (I386)

http://www.virustotal.com/ru/analisi...8a7-1251315604




Файл all.exe получен 2009.08.26 19:42:22 (UTC)
Текущий статус: закончено
Результат: 9/41 (21.96%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.26	PWS.Win32!IK*
> AhnLab-V3	5.0.0.2	2009.08.26	-
> AntiVir	7.9.1.7	2009.08.26	-
> Antiy-AVL	2.0.3.7	2009.08.24	-
> Authentium	5.1.2.4	2009.08.26	-
> Avast	4.8.1335.0	2009.08.26	-
> AVG	8.5.0.406	2009.08.26	-
> BitDefender	7.2	2009.08.26	-
> ...


Дополнительная информация
File size: 72192 bytes
MD5...: 2d25a86d5a536e708604394da279c0a7
SHA1..: a3f4aa0be22f8a16391b824a5c480f42a0f30607
SHA256: 04aab242f10876f8e9db8dcfc0202943bc1c1ec1c2faea613d  0414b08768d1e0
ssdeep: 1536:NbIyj9FbfT9v/61FKfe+9CKYtSkk7CFkzdTDTk/GO:Rjj9FDT92KfeyC7tS
kkGmYb
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...1e0-1251315742




Файл exactSitDummy.pdf получен 2009.08.26 19:44:08 (UTC)
Текущий статус: закончено
Результат: 10/40 (25%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.26	Exploit.Win32.Pidief!IK*
> AhnLab-V3	5.0.0.2	2009.08.26	-
> *AntiVir	7.9.1.7	2009.08.26	HTML/Malicious.PDF.Gen*
> Antiy-AVL	2.0.3.7	2009.08.24	-
> Authentium	5.1.2.4	2009.08.26	-
> Avast	4.8.1335.0	2009.08.26	-
> AVG	8.5.0.406	2009.08.26	-
> *BitDefender	7.2	2009.08.26	Trojan.Agent.ANKZ*
> ...


Дополнительная информация
File size: 83493 bytes
MD5...: ee3bc6ce4af34ea523824607ca17cba7
SHA1..: fc2ed41d7512a73c8b6d59a3c80e186e5a08f3eb
SHA256: 45baf4ac46fa750235ab7595a76a16b71331a82a48e6f4c1de  156db244f91a36
ssdeep: 1536:L6CGwZb/dcU3oJcE5QO7BLMCHhmsOlYs7B1QXxDjfRutH5LAS/FGfg4vH1B
MXyzo:vGab/dclmE5QO7BL/HhBOT7B4xxutZLj
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...a36-1251315848




Файл gsb.exe получен 2009.08.26 19:45:08 (UTC)
Текущий статус: закончено
Результат: 6/41 (14.64%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.08.26	-
> AhnLab-V3	5.0.0.2	2009.08.26	-
> AntiVir	7.9.1.7	2009.08.26	-
> Antiy-AVL	2.0.3.7	2009.08.24	-
> Authentium	5.1.2.4	2009.08.26	-
> Avast	4.8.1335.0	2009.08.26	-
> AVG	8.5.0.406	2009.08.26	-
> BitDefender	7.2	2009.08.26	-
> ...


Дополнительная информация
File size: 114688 bytes
MD5...: 5c09c73b1af0f606b1874e90c6eec656
SHA1..: 93a0adf4cc9fd3b283f580d2938db9e91d2d1ec9
SHA256: 013f5e4d231f7159ec179122e446ffe72050f26b0a1acc557c  02b894066a6821
ssdeep: 3072:lHzMU0sV0P3oJfFnPLVxLGnGEQk8nrwCVIrZ:lTMUlVo3  o9FxtGddUwCo
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...821-1251315908




Файл installer.1.exe получен 2009.08.26 19:49:49 (UTC)
Текущий статус: закончено
Результат: 16/41 (39.03%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.26	Trojan.Win32.FakePlus!IK*
> AhnLab-V3	5.0.0.2	2009.08.26	-
> AntiVir	7.9.1.7	2009.08.26	-
> Antiy-AVL	2.0.3.7	2009.08.24	-
> Authentium	5.1.2.4	2009.08.26	-
> Avast	4.8.1335.0	2009.08.26	-
> AVG	8.5.0.406	2009.08.26	-
> *BitDefender	7.2	2009.08.26	Gen:[email protected]*
> ...


Дополнительная информация
File size: 94720 bytes
MD5...: 1d8eed6ee8462fd0caed73f988fdbb66
SHA1..: 9fb1efdba7f8085ad931a9f1787f0210606493f3
SHA256: 0463b01266d68388575e9da77a83089d25897b58478105486f  0cb7faa72f2e3c
ssdeep: 1536:gy3z6J1ZPVJJtRZkNJBrbhFjUZeT00DuzTIwPgJaEQqOX  MkNN/cjscchq/e
:gy3z6xrLRZQJB34ZfbISgJfcMegAh+
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...e3c-1251316189




Файл uniblue_registry_booster_2009_new получен 2009.08.26 19:50:39 (UTC)
Текущий статус: закончено
Результат: 17/41 (41.47%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.26	Trojan-Downloader.Win32.Small!IK*
> AhnLab-V3	5.0.0.2	2009.08.26	-
> AntiVir	7.9.1.7	2009.08.26	-
> *Antiy-AVL	2.0.3.7	2009.08.24	Trojan/Win32.Small.gen*
> Authentium	5.1.2.4	2009.08.26	-
> *Avast	4.8.1335.0	2009.08.26	Win32:Trojan-gen {Other}*
> AVG	8.5.0.406	2009.08.26	-
> BitDefender	7.2	2009.08.26	-
> ...


Дополнительная информация
File size: 253259 bytes
MD5...: cad6e4b2953b044dc53aabca17c5eab6
SHA1..: 6480f708fe1ee0990d563f59f88e300f305e56fa
SHA256: 6f5d5d51ddb434c14ce2fc12782e3e548077e9db091012dccd  1961cfabc1e546
ssdeep: 6144:fjODTivf263n4bCZAehIsGYlgBG8M7Lq8GsQOX3Tu/Be:fjODTivF9GzlVM
KeS4
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...546-1251316239

----------


## valho

File Alexa.9.0.0.28.exe received on 2009.08.27 06:54:51 (UTC)
Current status: finished
Result: 1/41 (2.44%)



> a-squared	4.5.0.24	2009.08.27	-
> AhnLab-V3	5.0.0.2	2009.08.26	-
> AntiVir	7.9.1.7	2009.08.26	-
> Antiy-AVL	2.0.3.7	2009.08.24	-
> Authentium	5.1.2.4	2009.08.27	-
> Avast	4.8.1335.0	2009.08.26	-
> AVG	8.5.0.406	2009.08.26	-
> BitDefender	7.2	2009.08.27	-
> CAT-QuickHeal	10.00	2009.08.25	-
> ...


File size: 473424 bytes
MD5...: ef6913c139b938c864387b92d2fd965c
SHA1..: 3e5b784b9366ed4bdef54460d54b8772bd11e557
SHA256: 3803d3426d93cd6a9a05cbfc6370ddddaace86c0aa96fc5fd0  c665d294fb5ed4
ssdeep: 12288:HOqdOJPJ1RNnwFt2WThEDnwebsjc8Senqppjgl3N:HOq  YLNCUk+Dnwe5E6
c
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3542
timedatestamp.....: 0x4980b534 (Wed Jan 28 19:42:44 2009)
machinetype.......: 0x14c (I386)
http://www.threatexpert.com/report.a...387b92d2fd965c

*Добавлено через 4 часа 14 минут*

Плагин для миранды. Cтранно, но локально авира ничего не находит
File VKontakte.dll received on 2009.08.27 10:38:37 (UTC)
Current status: finished
Result: 27/41 (65.86%)



> *a-squared	4.5.0.24	2009.08.27	Virus.Win32.Induc!IK*
> AhnLab-V3	5.0.0.2	2009.08.26	-
> *AntiVir	7.9.1.7	2009.08.27	W32/Induc.A*
> Antiy-AVL	2.0.3.7	2009.08.24	-
> *Authentium	5.1.2.4	2009.08.27	W32/Induc.A*
> *Avast	4.8.1335.0	2009.08.26	Win32:Induc*
> *AVG	8.5.0.406	2009.08.26	Win32/Induc*
> *BitDefender	7.2	2009.08.27	Win32.Induc.A*
> *CAT-QuickHeal	10.00	2009.08.27	W32.Induc.A*
> ...


Additional information
File size: 321024 bytes
MD5...: 533ac1c1f63fe1460d11e785f809488f
SHA1..: e2535befac10b421c1cbf54f3e32e06f6f51aaf4
SHA256: f6c9b6a6877b2152b015ed21af945d20d2f213995ce8d1c4cc  d84fd666de2ce8
ssdeep: 6144:cWOV9GP8GiikQNtubfhaYnIBEIN7I8sy+Wkvx+q+:UV9G  P8GitQNtubfkwI
dp1Gvp+
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3e5c0
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
pdfid.: -
trid..: Miranda IM plugin (59.0%)
Win32 Executable Generic (23.8%)
Win16/32 Executable Delphi generic (5.8%)
Generic Win/DOS Executable (5.6%)
DOS Executable Generic (5.6%)

*Добавлено через 4 часа 40 минут*

File surname.html received on 2009.08.27 15:38:31 (UTC)
Current status: finished
Result: 3/41 (7.32%)



> a-squared	4.5.0.24	2009.08.27	-
> AhnLab-V3	5.0.0.2	2009.08.27	-
> *AntiVir	7.9.1.7	2009.08.27	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.08.24	-
> Authentium	5.1.2.4	2009.08.27	-
> Avast	4.8.1335.0	2009.08.26	-
> AVG	8.5.0.406	2009.08.27	-
> BitDefender	7.2	2009.08.27	-
> CAT-QuickHeal	10.00	2009.08.27	-
> ...


Additional information
File size: 2781 bytes
MD5...: 86bf006591552e19818da9c9ef676759
SHA1..: a7940f128fa92eb1c68c82a638f858767ed27759
SHA256: 8385fda69dd213a11b27451fc8d21a0421220f5dd271cdd924  701ffaaa54bae9
ssdeep: 48:q003Cvew6MYcp3xyJylGZFBXItSnSlya6+m03WzhFkSYcm0  38oFkSYc3003Bx
bOP:q0ew6MYQ3xyJtXItSnSlya6BVqSYnoqn
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
trid..: Unknown!
pdfid.: -
packers (F-Prot): doc_write, unescape

File m.php received on 2009.08.27 15:43:38 (UTC)
Current status: finished
Result: 11/41 (26.83%)



> a-squared	4.5.0.24	2009.08.27	-
> AhnLab-V3	5.0.0.2	2009.08.27	-
> *AntiVir	7.9.1.7	2009.08.27	HTML/Malicious.ActiveX.Gen*
> Antiy-AVL	2.0.3.7	2009.08.24	-
> Authentium	5.1.2.4	2009.08.27	-
> *Avast	4.8.1335.0	2009.08.26	VBS:Obfuscated-gen*
> AVG	8.5.0.406	2009.08.27	-
> *BitDefender	7.2	2009.08.27	Exploit.ADODB.Stream.HF*
> CAT-QuickHeal	10.00	2009.08.27	-
> ...


Additional information
File size: 795 bytes
MD5...: 1dfc59b7f0a0ef356dff1089322749d0
SHA1..: 9543b7bb05a21c66598f009db281f04beffcc91e
SHA256: 5c78f62f078fbe2fe0bc1275bdb89fbfef088c119a61bc189a  d482665bf90843
ssdeep: 24:jEiZ8WupeQ3Zavj8lMeUdOmiW3wW3eMB854bSl7SMvIaYb:  4iZIeQ3Z2QEdOl
83pBc4eN2
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!


File off received on 2009.08.27 15:43:46 (UTC)
Current status: finished
Result: 25/41 (60.98%)



> *a-squared	4.5.0.24	2009.08.27	JS.Bofra.A.1!IK*
> AhnLab-V3	5.0.0.2	2009.08.27	-
> *AntiVir	7.9.1.7	2009.08.27	JS/Bofra.A.1*
> Antiy-AVL	2.0.3.7	2009.08.24	-
> *Authentium	5.1.2.4	2009.08.27	JS/OWCref.A*
> *Avast	4.8.1335.0	2009.08.26	JS:CVE-2009-1136-E*
> *AVG	8.5.0.406	2009.08.27	JS/Pakes*
> *BitDefender	7.2	2009.08.27	Exploit.JS.CVE-2009-1136.A*
> CAT-QuickHeal	10.00	2009.08.27	-
> ...


Additional information
File size: 1674 bytes
MD5...: a983cf2e82a10d26af5f24d6881c9ae0
SHA1..: 8c469abab31932d62e6675a08129f23d5a6ba9d1
SHA256: b8febdd17231e09412ee360e58382b954ec8e3d9ab0ccd71ef  67dad072ff423a
ssdeep: 48:5PT6EtqJEbffMNfAg3EafUV/bVVIweWEWhWSWEWvA+1Pf:5b6E84fSfANV/4w
ezuNr3+J
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: HyperText Markup Language (100.0%)

----------


## senyak

Файл vcard.exe получен 2009.08.30 15:51:20 (UTC)
Текущий статус: закончено
Результат: 9/41 (21.96%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.30	Trojan-Downloader.Delf.OAQ!IK*
> AhnLab-V3	5.0.0.2	2009.08.29	-
> *AntiVir	7.9.1.7	2009.08.30	DR/Delphi.Gen*
> Antiy-AVL	2.0.3.7	2009.08.24	-
> Authentium	5.1.2.4	2009.08.30	-
> Avast	4.8.1335.0	2009.08.29	-
> AVG	8.5.0.406	2009.08.30	-
> BitDefender	7.2	2009.08.30	-
> ...


Дополнительная информация
File size: 211968 bytes
MD5...: db37dafa1c40ab66a8a639988172b3f5
SHA1..: b9ace1f2339389141ff657970f82bab445b44f96
SHA256: 2b0fa407d68336e665d52f47928db03f8e19eb45603448cbc4  82b39c84f7153d
ssdeep: 6144:3CeEOdiBDYcd/0EbOGcWqkOYbMfHUtRl1:ldiFCIbc6PKaRl
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...53d-1251647480

*Добавлено через 8 часов 40 минут*

Файл foto.jar получен 2009.08.31 00:29:06 (UTC)
Текущий статус: закончено
Результат: 18/41 (43.91%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.08.31	-
> AhnLab-V3	5.0.0.2	2009.08.29	-
> *AntiVir	7.9.1.7	2009.08.30	JAVA/Boxer.1
> Antiy-AVL	2.0.3.7	2009.08.24	Trojan/J2ME.Boxer*
> Authentium	5.1.2.4	2009.08.30	-
> *Avast	4.8.1335.0	2009.08.30	Other:Malware-gen
> AVG	8.5.0.406	2009.08.30	Java/SMS.C*
> BitDefender	7.2	2009.08.31	-
> ...


Дополнительная информация
File size: 8289 bytes
MD5...: 65b5820fa761ae7597274a7427997331
SHA1..: 78c8e48f670bf6c9a0bc04a90a73dd492968030f
SHA256: 64ea349002e8507d78546b8c5a10541e119f9a1ecd78eea736  4afcef7ec8ab97
ssdeep: 192:3AJ08neaMUeV1/EaaflyW2bZAgxK2WRpmPM49Vr3RGyB6fvK55C313IO:3I0
8errDClyW2ugxiKPM4z4xvY5813IO
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...b97-1251678546

----------


## Torvic99

Файл Jimm8.jar получен 2009.08.31 05:43:38 (UTC)
Текущий статус: *закончено*
Результат: 18/41 (43.91%)



> Антивирус 	Версия 	Обновление 	Результат
> a-squared 4.5.0.24 2009.08.31-
> AhnLab-V3 5.0.0.2 2009.08.29-
> *AntiVir 7.9.1.7 2009.08.30 JAVA/Boxer.1
> Antiy-AVL 2.0.3.7 2009.08.24 Trojan/J2ME.Boxer*
> Authentium 5.1.2.4 2009.08.30-
> *Avast 4.8.1335.0 2009.08.30 Other:Malware-gen*
> *AVG 8.5.0.406 2009.08.30 Java/SMS.C*
> BitDefender 7.2 2009.08.31-
> ...

----------


## senyak

Пришло по Скайпу

Файл 12.scr получен 2009.08.31 20:47:17 (UTC)
Текущий статус: закончено
Результат: 13/41 (31.71%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.08.31	-
> AhnLab-V3	5.0.0.2	2009.08.31	-
> *AntiVir	7.9.1.7	2009.08.31	TR/Refroso.how
> Antiy-AVL	2.0.3.7	2009.08.31	Trojan/Win32.Refroso.gen*
> Authentium	5.1.2.4	2009.08.31	-
> *Avast	4.8.1335.0	2009.08.31	Win32:Crypt-EXO
> AVG	8.5.0.406	2009.08.31	BackDoor.Generic11.ALJF*
> BitDefender	7.2	2009.08.31	-
> ...


Дополнительная информация
File size: 87583 bytes
MD5...: e810623136b5a5f514ca72f87a8b1aa7
SHA1..: a5b97f9ca915e71b2526c7d82fcb41e6d3a45980
SHA256: a2b906f2d8dc347571c0ff95ed14844fada2d4b1229fc0bb71  819be244c528c3
ssdeep: 1536:fnpbxGuLbc9UZyXiGHD3hYQwbtY9WpSgoFei6cvwGvgDF  1HbBcrX:lxG4bc
9nBDGQmy4pIFhvmbB4X
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...8c3-1251751637

*Добавлено через 30 минут*

Файл .exe получен 2009.08.31 21:05:10 (UTC)
Текущий статус: закончено
Результат: 15/41 (36.59%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.31	Trojan.Win32.Alureon!IK*
> AhnLab-V3	5.0.0.2	2009.08.31	-
> AntiVir	7.9.1.7	2009.08.31	-
> Antiy-AVL	2.0.3.7	2009.08.31	-
> Authentium	5.1.2.4	2009.08.31	-
> Avast	4.8.1335.0	2009.08.31	-
> *AVG	8.5.0.406	2009.08.31	Downloader.Zlob.AOJD*
> BitDefender	7.2	2009.08.31	-
> ...


Дополнительная информация
File size: 58368 bytes
MD5...: 256dda5eedf1f4738919b81b433fd052
SHA1..: 6cd7f553f1a5cfc33075c27ee9cbfab3d079e21f
SHA256: 46ba473a5edddbfed3b1422e4cbcbcba42d94cc4c88bb83f0c  9398d58f704195
ssdeep: 1536:rH83u/9Vosa+z0IOrmUzbGL6RHP5orgTWLj:rHPVZaRrTIQv5orga
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...195-1251752710




Файл FlashInstallNew.exe получен 2009.08.31 21:05:32 (UTC)
Текущий статус: закончено
Результат: 20/41 (48.79%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.31	Trojan.CryptRedol!IK*
> AhnLab-V3	5.0.0.2	2009.08.31	-
> *AntiVir	7.9.1.7	2009.08.31	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2009.08.31	-
> Authentium	5.1.2.4	2009.08.31	-
> *Avast	4.8.1335.0	2009.08.31	NSIS:Fasec-AR
> AVG	8.5.0.406	2009.08.31	Downloader.Zlob.AOJD.dropper*
> BitDefender	7.2	2009.08.31	-
> ...


Дополнительная информация
File size: 112552 bytes
MD5...: ea943f76584da8cd6c6466aaa05f2a96
SHA1..: 3403508368688de1bc0f91d6a7859485d73ce657
SHA256: 335c8b7d1f9b13720f7be0036596e645e09f009d4ae48073b1  c8449b58717492
ssdeep: 3072:SuG5qit9D0w6RLFqlZjQYk4Y+t1FdskzBQlT9:s5qiXYw  KEldRkb2yk1ah
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...492-1251752732




Файл FlashPlayer.exe получен 2009.08.31 21:12:05 (UTC)
Текущий статус: закончено
Результат: 14/41 (34.15%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.31	Trojan.CryptRedol!IK*
> AhnLab-V3	5.0.0.2	2009.08.31	-
> *AntiVir	7.9.1.7	2009.08.31	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2009.08.31	-
> Authentium	5.1.2.4	2009.08.31	-
> Avast	4.8.1335.0	2009.08.31	-
> *AVG	8.5.0.406	2009.08.31	Downloader.Zlob.AOJD.dropper*
> BitDefender	7.2	2009.08.31	-
> ...


Дополнительная информация
File size: 112583 bytes
MD5...: 8338d0122df678104d255eed398cd60b
SHA1..: f8be022019ee4a41d7c0620964d25ba244a6de8c
SHA256: 06a7c17813c8eb26b173bf09f03ebf48bcc2f4e53ea1eb46af  d685ad3125ca6a
ssdeep: 1536:SdvTMGa+Zq4z/Fz08zDnr38aRZ+dUmw6RLFq6tf7oAv3vWeKj5xvVDZkHwl
j4jQk:SuG5qit9D0w6RLFqQMMVuXj2jQXNG
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...a6a-1251753125




Файл Muvexer.exe получен 2009.08.31 21 :20: 57 (UTC)
Текущий статус: закончено
Результат: 13/41 (31.71%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.31	Trojan.Win32.Alureon!IK*
> AhnLab-V3	5.0.0.2	2009.08.31	-
> AntiVir	7.9.1.7	2009.08.31	-
> Antiy-AVL	2.0.3.7	2009.08.31	-
> Authentium	5.1.2.4	2009.08.31	-
> Avast	4.8.1335.0	2009.08.31	-
> *AVG	8.5.0.406	2009.08.31	Downloader.Zlob.AOJD*
> BitDefender	7.2	2009.08.31	-
> ...


Дополнительная информация
File size: 58368 bytes
MD5...: abedece8ac7625841d9f07efce136080
SHA1..: 9fe219023f4727c7dd8928c8f894574c304b21e1
SHA256: 3bdd6365566200abf9e8b0831c40c035be392ad5c95c00c3fd  1d2f51f47e9012
ssdeep: 1536:5u83u/9Vosa+z0IOrmUzbGL6RHP5orgTWLj:5uPVZaRrTIQv5orga
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...012-1251753657





Файл setup.exe получен 2009.08.31 21:21:10 (UTC)
Текущий статус: закончено
Результат: 6/41 (14.64%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.31	Trojan.Win32.FakeSmoke!IK*
> AhnLab-V3	5.0.0.2	2009.08.31	-
> AntiVir	7.9.1.7	2009.08.31	-
> Antiy-AVL	2.0.3.7	2009.08.31	-
> Authentium	5.1.2.4	2009.08.31	-
> Avast	4.8.1335.0	2009.08.31	-
> AVG	8.5.0.406	2009.08.31	-
> BitDefender	7.2	2009.08.31	-
> ...


Дополнительная информация
File size: 48423 bytes
MD5...: 304060fed9a8ba6b0128a999d7c53d58
SHA1..: a6016940a91e177ddd6c9c9e3d82546c5a8fa55f
SHA256: 12324e82e76d51af8185468332f89f76ae216b3da72a1ad42f  3a9c8437388012
ssdeep: 768:oxA4Wh/2IzpNX1UivMf6FBtCX9uTFg4Ro3MZeUZo/XQziYFAC/ljdDW3T:yA
ffdZfMX9Um4Ro9b/Xki0AQZpqT
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...012-1251753670





Файл setup2.exe получен 2009.08.31 21:29:08 (UTC)
Текущий статус: закончено
Результат: 7/41 (17.08%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.31	Trojan.Win32.FakeSmoke!IK*
> AhnLab-V3	5.0.0.2	2009.08.31	-
> AntiVir	7.9.1.7	2009.08.31	-
> Antiy-AVL	2.0.3.7	2009.08.31	-
> Authentium	5.1.2.4	2009.08.31	-
> Avast	4.8.1335.0	2009.08.31	-
> AVG	8.5.0.406	2009.08.31	-
> BitDefender	7.2	2009.08.31	-
> ...


Дополнительная информация
File size: 48418 bytes
MD5...: e7c199f3a60b8b62092e9e8244e41d12
SHA1..: fd866b6043798a0d804de89558607ec38d68bf85
SHA256: dfbb32733acfa262bee4a6f4586174f7cf40bb23abac2e729c  2b9711b0c46d08
ssdeep: 768:oxA4Wh/2IzpNX1UivMf6FBtCX9uTFg4Ro3MZeUZo/X5RSpdt/ZGbHSG2tIXV
/p+:yAffdZfMX9Um4Ro9b/X5RSpd/GLlXx+
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...d08-1251754148




Файл TestCodec.exe получен 2009.08.31 21:30:32 (UTC)
Текущий статус: закончено
Результат: 12/37 (32.44%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.08.31	Trojan.CryptRedol!IK*
> AhnLab-V3	5.0.0.2	2009.08.31	-
> Antiy-AVL	2.0.3.7	2009.08.31	-
> Authentium	5.1.2.4	2009.08.31	-
> Avast	4.8.1335.0	2009.08.31	-
> AVG	8.5.0.406	2009.08.31	-
> BitDefender	7.2	2009.08.31	-
> CAT-QuickHeal	10.00	2009.08.31	-
> ...


Дополнительная информация
File size: 112580 bytes
MD5...: d40e4119af2c0f5d8e1feb45d816877d
SHA1..: d8de16598c872562943ed2a788da190ad80abb61
SHA256: 638b7c2747b0036548db062624f5ba7c12c99f4185818999cb  daf7353da749b8
ssdeep: 1536:SdvTMGa+Zq4z/Fz08zDnr38aRZ+dUmw6RLFqz7oAv3vWeKj5xvVDZkHwlj4
jQNpH:SuG5qit9D0w6RLFqzMMVuXj2jQXNt
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...9b8-1251754232

----------


## Surfer

> a-squared	4.5.0.24	2009.09.02	-
> AhnLab-V3	5.0.0.2	2009.09.01	-
> *AntiVir	7.9.1.7	2009.09.01	HTML/Malicious.PDF.Gen*
> Antiy-AVL	2.0.3.7	2009.09.01	-
> Authentium	5.1.2.4	2009.09.02	-
> *Avast	4.8.1335.0	2009.09.01	JSdfka-NV*
> AVG	8.5.0.406	2009.09.02	-
> *BitDefender	7.2	2009.09.02	Exploit.PDF-JS.Gen*
> CAT-QuickHeal	10.00	2009.09.02	-
> ...


http://www.virustotal.com/analisis/1...16f-1251869858

*Добавлено через 4 минуты*




> a-squared	4.5.0.24	2009.09.02	-
> AhnLab-V3	5.0.0.2	2009.09.01	-
> AntiVir	7.9.1.7	2009.09.01	-
> Antiy-AVL	2.0.3.7	2009.09.01	-
> Authentium	5.1.2.4	2009.09.02	-
> Avast	4.8.1335.0	2009.09.01	-
> AVG	8.5.0.406	2009.09.02	-
> BitDefender	7.2	2009.09.02	-
> CAT-QuickHeal	10.00	2009.09.02	-
> ...


http://www.virustotal.com/analisis/c...4ff-1251870309

----------


## valho

File 9_Bathtub-spEEd.exe received on 2009.09.02 06:03:11 (UTC)
Current status: finished
Result: 19/40 (47.5%)



> AhnLab-V3	5.0.0.2	2009.09.01	-
> AntiVir	7.9.1.7	2009.09.01	-
> Antiy-AVL	2.0.3.7	2009.09.01	-
> *Authentium	5.1.2.4	2009.09.02	W32/Heuristic-KPP!Eldorado*
> *Avast	4.8.1335.0	2009.09.01	Win32:Agent-AFKW*
> AVG	8.5.0.406	2009.09.02	-
> *BitDefender	7.2	2009.09.02	Trojan.Generic.925973*
> CAT-QuickHeal	10.00	2009.09.02	-
> *ClamAV	0.94.1	2009.09.01	Trojan.Armin*
> ...


Additional information
File size: 225769 bytes
MD5...: f48b609d82feac766d25312ad181ef66
SHA1..: 8f41b71a0ed4fe77c96b1af40426440c3b881c50
SHA256: 8e224a4eb37006839db4b0e7430281ae432f909fc144e0a724  502a040bc57455
ssdeep: 6144:ohe1YdOivqyVMmNQUxp8epIhlek3VaRPyQsF2LulJqsM:  D1wOiyEQUxKCEV
FIBy2LK8sM
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x20850
timedatestamp.....: 0x3ec35042 (Thu May 15 08:30:58 2003)
machinetype.......: 0x14c (I386)

----------


## OSSP2008

:Cheesy: 
Файл administrator_doubleclick_1_.txt получен 2009.09.07 13:02:45 (UTC)
Текущий статус:    закончено 
*Результат: 1/41 (2.44%)*




> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.24	2009.09.07	-
> AhnLab-V3	5.0.0.2	2009.09.05	-
> AntiVir	7.9.1.8	2009.09.07	-
> Antiy-AVL	2.0.3.7	2009.09.07	-
> Authentium	5.1.2.4	2009.09.07	-
> Avast	4.8.1351.0	2009.09.07	-
> AVG	8.5.0.409	2009.09.07	-
> BitDefender	7.2	2009.09.07	-
> ...


Дополнительная информация
File size: 123 bytes
MD5...: aad0ef1c092503609f8a0c6181a2969f
SHA1..: a6d27b3887fe74c6e62bd3da2e00906fe04eccaf
SHA256: f4acbeaa7944e9daf221fb74bfb5881408fc09b1f1095c9f8b  10b97dd1a3719d
ssdeep: 3:AYREQN+ZR5qBR/quyfZaGJMBDXv7YfdL6M/WVFvmXSvvn:A8EHv51ucNYeHefv
mXSvv
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!

*Добавлено через 3 минуты*

Файл alsrvn.exe получен 2009.09.07 13:06:45 (UTC)
Текущий статус:    закончено 
*Результат: 25/41 (60.98%)*




> Антивирус	Версия	Обновление	Результат
> *a-squared	4.5.0.24	2009.09.07	Trojan-PWS.Win32.Lmir.mw!IK
> AhnLab-V3	5.0.0.2	2009.09.05	Win-Trojan/Xema.variant
> AntiVir	7.9.1.8	2009.09.07	BDS/Delf.SG.4*
> Antiy-AVL	2.0.3.7	2009.09.07	-
> Authentium	5.1.2.4	2009.09.07	-
> *Avast	4.8.1351.0	2009.09.07	Win32:Trojan-gen {Other}
> AVG	8.5.0.409	2009.09.07	BackDoor.Generic11.ABPG
> BitDefender	7.2	2009.09.07	Trojan.Generic.IS.573392
> ...

----------


## valho

File blank.gif received on 2009.09.08 13:12:39 (UTC)
Current status: finished 
Result: 9/41 (21.96%)



> a-squared	4.5.0.24	2009.09.08	-
> AhnLab-V3	5.0.0.2	2009.09.08	-
> *AntiVir	7.9.1.12	2009.09.08	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.09.08	-
> Authentium	5.1.2.4	2009.09.08	-
> Avast	4.8.1351.0	2009.09.07	-
> AVG	8.5.0.409	2009.09.08	-
> BitDefender	7.2	2009.09.08	-
> CAT-QuickHeal	10.00	2009.09.08	-
> ...


Additional information
File size: 4009 bytes
MD5...: 4b4508afaf30f9389552e1a2e81538c5
SHA1..: 4a9c90b4a087023fd119700448f7df31936459a8
SHA256: 3c190a48c626f862c6d99e44010d5b8069e9469081bb014125  e4b05face8e5fb
ssdeep: 96:NbKCZmPwX1t14qu52oTwmYSNWw6zB2Anz9PqNZAVkb:ZpmY  CquQmwuooAODb
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: GZipped File (100.0%)
packers (F-Prot): packed

----------


## Black_N

Файл 25b1d33efa9939f544bac5add473f93a получен 2009.09.01 22:00:23 (UTC)
Текущий статус: закончено 
Результат: 20/41 (48.78%)



> *a-squared	4.5.0.24	2009.09.01	Downloader.TMAagent!IK*
> AhnLab-V3	5.0.0.2	2009.09.01	-
> AntiVir	7.9.1.7	2009.09.01	-
> *Antiy-AVL	2.0.3.7	2009.09.01	Trojan/Win32.FlyStudio.gen*
> *Authentium	5.1.2.4	2009.09.01	W32/Heuristic-DRX!Eldorado*
> Avast	4.8.1335.0	2009.09.01	-
> *AVG	8.5.0.406	2009.09.01	PSW.Generic7.GTK*
> BitDefender	7.2	2009.09.01	-
> *CAT-QuickHeal	10.00	2009.09.01	Trojan.Agent.IRC
> ...


Дополнительная информация
File size: 1840140 bytes
MD5   : 25b1d33efa9939f544bac5add473f93a
SHA1  : 75af58fdf7bbf2bea6cb21f3beccc73fd74ce376
SHA256: 11f9b7aba67c1ac28f5090dd44aa2bc34d9f6bdcd283459324  42efcee81d0a93
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x4911701E (Wed Nov 5 11:06:22 200 :Cool: 
machinetype.......: 0x14C (Intel I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0x50000 0x21000 8.00 d1fb9d38397b2a31eaab845932b993c0
0x51000 0x13000 0x8200 8.00 64822ae0abc4fbba2039e04da098679a
0x64000 0xA000 0xE00 7.95 23d312d13be95b5680c27897b3732dc5
.rsrc 0x6E000 0x19000 0x6000 7.84 1a29dfd09d8e140067c8e96c37c9679a
.data 0x87000 0x4D000 0x4C400 7.89 edac89f7ac62e65595f57fad9c7b655e
.adata 0xD4000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 10 imports )

> advapi32.dll: RegSetValueExW
> comctl32.dll: InitCommonControlsEx
> gdi32.dll: SetBkMode
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA, RaiseException
> ole32.dll: CoTaskMemFree
> oleaut32.dll: -, VariantChangeTypeEx
> shell32.dll: ShellExecuteExW
> shlwapi.dll: PathFindExtensionW
> urlmon.dll: CreateURLMoniker
> user32.dll: SystemParametersInfoW

( 0 exports )
TrID  : File type identification
-
ssdeep: 49152:/uUZcNGnM7GLyHPbUHGjwU6C5Z3fwP+ESb:GUZWGMyUbzjwvCT3  fwP+B
Prevx Info: http://info.prevx.com/aboutprogramte...1B0200DFDC0B03
PEiD  : -
packers (Kaspersky): PE_Patch, ASProtect
packers (F-Prot): XORCrypt
packers (Authentium): XORCrypt
RDS   : NSRL Reference Data Set

----------


## senyak

File tmasrv.exe received on 2009.09.09 15:43:49 (UTC)
Current status: finished
Result: 7/41 (17.07%)



> Antivirus 	Version 	Last Update 	Result
> *a-squared 	4.5.0.24 	2009.09.09 	Gen.AdWare!IK*
> AhnLab-V3 	5.0.0.2 	2009.09.09 	-
> *AntiVir 	7.9.1.12 	2009.09.09 	TR/Spy.1182720*
> Antiy-AVL 	2.0.3.7 	2009.09.09 	-
> Authentium 	5.1.2.4 	2009.09.08 	-
> Avast 	4.8.1351.0 	2009.09.09 	-
> AVG 	8.5.0.409 	2009.09.09 	-
> BitDefender 	7.2 	2009.09.09 	-
> ...


Additional information
File size: 1182720 bytes
MD5   : 4d1b295b7a4bfe65ffd7748f9140ab4f
SHA1  : 0ac4b4129d4f44974e73c6a153edb4ba3192702f
SHA256: 01ec2a6db3937fc3c8e118eb7c1d69148f4086aed8f246ef5c  b3cc0fa02a1c3b
PEInfo: PE Structure information

http://www.virustotal.com/analisis/0...c3b-1252511029

----------


## ZhIV

File twbhml.exe received on 2009.09.11 02:34:56 (UTC)



> Antivirus	Version	Last Update	Result
> *a-squared	4.5.0.24	2009.09.11	Worm.Win32.AutoRun!IK*
> AhnLab-V3	5.0.0.2	2009.09.11	-
> *AntiVir	7.9.1.14	2009.09.10	TR/Onlinegames.A3*
> Antiy-AVL	2.0.3.7	2009.09.10	-
> Authentium	5.1.2.4	2009.09.11	-
> *Avast	4.8.1351.0	2009.09.10	AutoIt:Balero-A2*
> AVG	8.5.0.412	2009.09.10	-
> *BitDefender	7.2	2009.09.11	Gen:Trojan.Heur.AutoIT.BmNfbWsWXthk
> ...


Additional information
File size: 445760 bytes
MD5...: d53dc66e910333b580d9ec0d6e745358
SHA1..: 7045defeb210fa154d9f090b916b2aed4f3ce677
SHA256: 673bbf53bb86886b35bfb28263ae053ffee972e31b018cc5b3  3e0604061f8788
ssdeep: 6144:xjk1EHI7OyXfOe5JnVZFrv7p4TKcw5TCWHkENpEMOq15Q  kzM6dhb7S6onH:<BR>xjGjPOevnllBcCFfNpj15rrhzCH<BR>
PEiD..: -

----------


## ISO

Файл *9h2b.dll*  получен 2009.09.14 01:03:27 (UTC)
Результат: 15/41 (36.59%)        



> Антивирус     Версия     Обновление     Результат
> *a-squared    4.5.0.24    2009.09.14    AdWare.Win32.Rugo!IK*
> AhnLab-V3    5.0.0.2    2009.09.13    -
> AntiVir    7.9.1.14    2009.09.11    -
> Antiy-AVL    2.0.3.7    2009.09.11    -
> *Authentium    5.1.2.4    2009.09.13    W32/Rugu.A.gen!Eldorado*
> Avast    4.8.1351.0    2009.09.13    -
> AVG    8.5.0.412    2009.09.13    -
> *BitDefender    7.2    2009.09.14    Gen:[email protected]*
> ...


Дополнительная информация
File size: 65536 bytes
MD5...: 847b5800ff5163bda73bb6bec1e7b5b8
SHA1..: 6ead425b2f602a62399b6c3c77dec7ca9d64bbf5
SHA256: 1902a5730af67e7a85a8b53282f7a3eb8ce59bf68ecb6159e9  532a1cc6171dae
ssdeep: 768:w11sDtrZb1eNYwBmVCJHS7C2Mj7KTuqFXL7qTp0tIOiq/kl/:w11sD9AVACV
7KTxN+ytviq/kl/

Файл *advcount01.exe* получен 2009.09.14 01:09:04 (UTC)



> Антивирус 	Версия 	Обновление 	Результат
> *a-squared	4.5.0.24	2009.09.14	Gen.Trojan!IK*
> AhnLab-V3	5.0.0.2	2009.09.13	-
> *AntiVir	7.9.1.14	2009.09.11	TR/Spy.31552.3*
> Antiy-AVL	2.0.3.7	2009.09.11	-
> *Authentium	5.1.2.4	2009.09.13	W32/Downloader.M.gen!Eldorado
> Avast	4.8.1351.0	2009.09.13	Win32:Trojan-gen {Other}
> AVG	8.5.0.412	2009.09.13	Clicker.ABHP
> BitDefender	7.2	2009.09.14	Gen:Trojan.Heur.by1brjqzgdkbC*
> ...


Дополнительная информация
File size: 31552 bytes
MD5...: 9df4238044b5b12e7dfaffdd324da003
SHA1..: c87cae25053204dcf22be2fe054bca5f5ce1758e
SHA256: 9a0fd50cb262f92b930749dcd29ee58c2b937956d5be07fadb  7ec74e04d06059
ssdeep: 768:ECEp27peulkm7EdbrV4YqChJ9RnLxeha5hFJiX:ECEA7/7EdbrrhvQWU


 Файл *mywcc090908.dll* получен 2009.09.14 01:11:49 (UTC)



> Антивирус 	Версия 	Обновление 	Результат
> *a-squared	4.5.0.24	2009.09.14	Trojan-Spy.Win32.Hitpop!IK*
> AhnLab-V3	5.0.0.2	2009.09.13	-
> *AntiVir	7.9.1.14	2009.09.11	TR/Crypt.ZPACK.Gen*
> Antiy-AVL	2.0.3.7	2009.09.11	-
> Authentium	5.1.2.4	2009.09.13	-
> *Avast	4.8.1351.0	2009.09.13	Win32ogrobot*
> AVG	8.5.0.412	2009.09.13	-
> *BitDefender	7.2	2009.09.14	Gen:[email protected]@HZf*
> ...


Дополнительная информация
File size: 23552 bytes
MD5...: c9ff79150f6b09dec26e013b3a2049ac
SHA1..: 957bd2c5bbfc13e9c7a3c893956d3a882d22415b
SHA256: acad8ddc5482d9d1851920497a84e0c0cc6835b37f38faefb3  8d7ff1a63f34ae
ssdeep: 384:exocmnxzuSKaNrEd7z/Day4Jh5Xn54mMIqv2vRfvXpgCOtEu2QBYwTHaHVNc
:gornxz97w9Wywhf542pffGCAEuW8H2
PEiD..: -
PEInfo: PE Structure information


 File *bc2b.bmp* received on 2009.09.14 03:28:02 (UTC)



> Antivirus 	Version 	Last Update 	Result
> *a-squared	4.5.0.24	2009.09.14	AdWare.Bdsearch!IK*
> AhnLab-V3	5.0.0.2	2009.09.13	-
> *AntiVir	7.9.1.14	2009.09.11	TR/Agent.49152*
> Antiy-AVL	2.0.3.7	2009.09.11	-
> *Authentium	5.1.2.4	2009.09.13	W32/AdAgent.I.gen!Eldorado
> Avast	4.8.1351.0	2009.09.13	Win32:Agent-GRW*
> AVG	8.5.0.412	2009.09.13	-
> *BitDefender	7.2	2009.09.14	Gen:[email protected]
> ...


Additional information
File size: 512000 bytes
MD5...: 908d37e1a8444d448785d832d37de983
SHA1..: 2a91e9bb791229e9663f78b8ce03e9925e23455c
SHA256: ea9c37dd1882c7b8e336fcd96a70a2b285d24f0d8b35f6f1b7  53b5df919d129d
ssdeep: 12288:oc51+pq4+DOU3WLfWP0J1DBAbd0iF1YqDN+DdMbZ3lNN  TBFtpUdt4cZ9+q
2CV2SQ:oecpq4LjWPC1D+h0iFiqDN+DdMbZ3lN

 Файл* exxplorer.exe* получен 2009.09.14 03:39:23 (UTC)



> Антивирус 	Версия 	Обновление 	Результат
> *a-squared	4.5.0.24	2009.09.14	Trojan-PWS.Win32.LdPinch!IK*
> AhnLab-V3	5.0.0.2	2009.09.13	-
> AntiVir	7.9.1.14	2009.09.11	-
> Antiy-AVL	2.0.3.7	2009.09.14	-
> Authentium	5.1.2.4	2009.09.13	-
> Avast	4.8.1351.0	2009.09.13	-
> AVG	8.5.0.412	2009.09.13	-
> BitDefender	7.2	2009.09.14	-
> ...


Дополнительная информация
File size: 25600 bytes
MD5...: 8267450fe86b82ba30b9e0adf83a0d00
SHA1..: 36f6df163761a424737b2e154b9cc431a51db297
SHA256: 0dbf156ae4378d9900122870afec3a1003db606625abdb631e  1b809ae69c33e3
ssdeep: 768:C5dKrEI4lDpHlKLncbia9JtPP/vMtLaqp:C5gEI4bScbl9Hnv0D


 File *tmp.exe* received on 2009.09.14 03:42:28 (UTC)
Result: 5/41 (12.2%)



> Antivirus 	Version 	Last Update 	Result
> a-squared	4.5.0.24	2009.09.14	-
> AhnLab-V3	5.0.0.2	2009.09.13	-
> AntiVir	7.9.1.14	2009.09.11	-
> Antiy-AVL	2.0.3.7	2009.09.14	-
> Authentium	5.1.2.4	2009.09.13	-
> Avast	4.8.1351.0	2009.09.13	-
> AVG	8.5.0.412	2009.09.13	-
> BitDefender	7.2	2009.09.14	-
> ...


Additional information
File size: 36864 bytes
MD5...: 365ed9298ddffb076b0b4e770186e629
SHA1..: fb0c9de46a83d2d5af5300bc7d8f41ec8d9591c6
SHA256: 75c15f329c5169ba43eb12c19a81ab66f3dc97272fdc052470  f2a62608d488b4
ssdeep: 384 :Shocked: Hg+mUL2qW4cGmsyWPjwUmduLxMRBbGxPmMB+37aQswgaePb3zI  zsveCrbhI
MsJB:gQ4jC37a93bkQVyNVmHcGR5Li


 File *smbsrvce.dll* received on 2009.09.14 03:44:49 (UTC)
Result: 21/41 (51.22%)	



> Antivirus 	Version 	Last Update 	Result
> *a-squared	4.5.0.24	2009.09.14	Riskware.Win32.DelfInject!IK*
> AhnLab-V3	5.0.0.2	2009.09.13	-
> *AntiVir	7.9.1.14	2009.09.11	TR/Renaz.383488*
> Antiy-AVL	2.0.3.7	2009.09.14	-
> *Authentium	5.1.2.4	2009.09.13	W32/Heuristic-THX!Eldorado*
> Avast	4.8.1351.0	2009.09.13	-
> *AVG	8.5.0.412	2009.09.13	Win32/Themida
> BitDefender	7.2	2009.09.14	Trojan.Generic.2350449
> ...


Additional information
File size: 383488 bytes
MD5...: 2c4417c7e7a544d94eda2fc2643470b3
SHA1..: d2c91f95d6caab0ffbadbc089dbfb4558c55b6ae
SHA256: 05a077b7c7d8e5cae432c232c2f45a8d13b9d1057f910ec234  272ae80dbbd99f
ssdeep: 6144:Szu+4KFcie0rFEL98JXZJIxvsFz7mH0iyvjvmxAtVh4vi  P3ourY5Y6m1MUR
g5os3:SWSrFsoIQ7mH0NvmxAtjY5poPRuosn3


 File *P001.exe* received on 2009.09.14 03:52:15 (UTC)
Result: 18/41 (43.91%)	



> Antivirus 	Version 	Last Update 	Result
> *a-squared	4.5.0.24	2009.09.14	Trojan.Win32.VB!IK*
> AhnLab-V3	5.0.0.2	2009.09.13	-
> *AntiVir	7.9.1.14	2009.09.11	TR/Crypt.XPACK.Gen*
> Antiy-AVL	2.0.3.7	2009.09.14	-
> Authentium	5.1.2.4	2009.09.13	-
> *Avast	4.8.1351.0	2009.09.13	Win32:Trojan-gen {Other}*
> AVG	8.5.0.412	2009.09.13	-
> *BitDefender	7.2	2009.09.14	DeepScan:Generic.Malware.Yddld!.94C7730E
> ...


Additional information
File size: 9216 bytes
MD5...: 57d6beaceb3a43918a0521c2376ebe0e
SHA1..: e72747b043e1f08c8e8a846f4289a6f1aa3dfb6e
SHA256: a1f2443a179a33a3ed3e5cd03309fdf57fc3ea707558fc1fc5  7677e1c71e2e4b
ssdeep: 192:uQng+h2Vh2+FCEE/I/LSsUVAMlROuF3zRMEV :lol: ng+KBIEOIjhqlRl3dMEV


 File *J001.exe* received on 2009.09.14 03:52:04 (UTC)
Result: 21/41 (51.22%)	



> Antivirus 	Version 	Last Update 	Result
> *a-squared	4.5.0.24	2009.09.14	Trojan-Downloader.Win32.Apher!IK*
> AhnLab-V3	5.0.0.2	2009.09.13	-
> *AntiVir	7.9.1.14	2009.09.11	TR/Crypt.XPACK.Gen*
> Antiy-AVL	2.0.3.7	2009.09.14	-
> Authentium	5.1.2.4	2009.09.13	-
> *Avast	4.8.1351.0	2009.09.13	Win32:Trojan-gen {Other}*
> AVG	8.5.0.412	2009.09.13	-
> *BitDefender	7.2	2009.09.14	Trojan.Agent.ANLG
> ...


Additional information
File size: 36108 bytes
MD5...: 901f2768e9f2147c9c5ae2283ef1ec01
SHA1..: 144ddb517099edcff2312eed307c400ad9acefcd
SHA256: 7afac619038f4ee254085519d64c552f514a9b8bfe3771fbcf  5cad5e62a23a89
ssdeep: 384:2VL3mfc+lIxjgBtaLrYtAkWs8xlzMx4oR9XJH143MFf008  4TL8hVMxgVYJLW
Ldbb:2VEIpgBwa1143cp84fWVwLibaS


 File *a.exe* received on 2009.09.14 03:51:58 (UTC)
Result: 15/41 (36.59%)



> Antivirus 	Version 	Last Update 	Result
> *a-squared	4.5.0.24	2009.09.14	Trojan.Crypt!IK*
> AhnLab-V3	5.0.0.2	2009.09.13	-
> *AntiVir	7.9.1.14	2009.09.11	TR/Crypt.ZPACK.Gen*
> Antiy-AVL	2.0.3.7	2009.09.14	-
> *Authentium	5.1.2.4	2009.09.13	W32/Laglass!Generic*
> Avast	4.8.1351.0	2009.09.13	-
> *AVG	8.5.0.412	2009.09.13	Win32/Heur
> BitDefender	7.2	2009.09.14	Gen:[email protected]!f*
> ...


Additional information
File size: 44032 bytes
MD5...: 68d1e826a054eecd579672f3ce61b154
SHA1..: e08d14c28967718c904fd3d0f95c7956b3fbb6d2
SHA256: 8ea9ba653bcaf3c25e3a3e312411c953d34012b4370b31d4a8  df8afbe7f5007a
ssdeep: 768:YjB7GUo/QEhXzuKknGcTt+2pOoEBZaP8EDmx99WE/ns8MYLMsD3s/:EEhXCX
GcTdSaPxQnn3MYg
PEiD..: -


 File *H001.exe* received on 2009.09.14 03:51:51 (UTC)
Result: 28/41 (68.3%)	



> Antivirus 	Version 	Last Update 	Result
> *a-squared	4.5.0.24	2009.09.14	Backdoor.Win32.PcClient!IK*
> AhnLab-V3	5.0.0.2	2009.09.13	-
> *AntiVir	7.9.1.14	2009.09.11	DR/PcClient.Gen*
> Antiy-AVL	2.0.3.7	2009.09.14	-
> *Authentium	5.1.2.4	2009.09.13	W32/PcClient.F.gen!Eldorado
> Avast	4.8.1351.0	2009.09.13	Win32ownloader-AZY
> AVG	8.5.0.412	2009.09.13	BackDoor.PcClient.2.AM
> BitDefender	7.2	2009.09.14	Application.Generic.183484
> ...


Additional information
File size: 66790 bytes
MD5...: 98aca1cae8d25af488619628eeff1df8
SHA1..: cc2ecd4f8c0c3eded0789cf7d8c58615ab2a5180
SHA256: 73ae205e4e2be2d12cea39f9ae46a64c556b7b526d58b02b46  dec42c4c096baf
ssdeep: 1536:BtYB1En6567MiYYLi70dHcQNr6JOd3bKsLKoxLFagHgqo  km2bh5VrT3wLzn
 :Lipsrsealed: X6564iYYFd8QNrkcTWAiOh37s


 File *nqczps.hun* received on 2009.09.14 03:51:48 (UTC)
Result: 28/41 (68.3%)		



> Antivirus 	Version 	Last Update 	Result
> *a-squared	4.5.0.24	2009.09.14	Backdoor.Win32.PcClient!IK
> AhnLab-V3	5.0.0.2	2009.09.13	Win-Trojan/PcClient.87552.W
> AntiVir	7.9.1.14	2009.09.11	BDS/Pcclient.DH.4
> Antiy-AVL	2.0.3.7	2009.09.14	Backdoor/Win32.PcClient.gen
> Authentium	5.1.2.4	2009.09.13	W32/PcClient.D.gen!Eldorado
> Avast	4.8.1351.0	2009.09.13	Win32:Agent-MDR
> AVG	8.5.0.412	2009.09.13	BackDoor.PcClient.2.AR
> BitDefender	7.2	2009.09.14	Backdoor.Agent.ZWB*
> ...


Additional information
File size: 96904 bytes
MD5...: 78cd788ed6d28eae89dc66481e5fb93c
SHA1..: 19032e5baa816cad1e60f51359d1e1e935b97898
SHA256: c6d23b1a744c3dbba50a5f7e6587a8ed813bd84acb31c7b89a  26301c3d012692
ssdeep: 1536 :Lipsrsealed: tbF3cgewInBOQcuI/JvZXgL5ozg4AEdAOhr/ZnGUUgBoYZ4sd:dbFFBpCq
JvZX5RAE7GUUg7ZVd
PEiD..: -


 File *mnmsrvc.exe* received on 2009.09.14 03:51:44 (UTC)
Result: 11/41 (26.83%)	



> Antivirus 	Version 	Last Update 	Result
> *a-squared	4.5.0.24	2009.09.14	Trojan.Crypt!IK*
> AhnLab-V3	5.0.0.2	2009.09.13	-
> *AntiVir	7.9.1.14	2009.09.11	TR/Crypt.ZPACK.Gen*
> Antiy-AVL	2.0.3.7	2009.09.14	-
> Authentium	5.1.2.4	2009.09.13	-
> Avast	4.8.1351.0	2009.09.13	-
> AVG	8.5.0.412	2009.09.13	-
> BitDefender	7.2	2009.09.14	-
> ...


Additional information
File size: 181630 bytes
MD5...: c133a02b0f216803d0792de59bfc7dc4
SHA1..: 3d4b864e12314b4012cf1cd781b933575a71211c
SHA256: 2424e117b5d8ce14c3599455aba2be15e7325b77cd8101cf2d  0ae610cc7c0183
ssdeep: 3072:SxGnCdresK12bKnLSdu8ztcZVJoyXe9CVlu5Ohja3JSc+  :NDX1IuLsu8zQJ
oJCPuok3Jx+


 File *gashhk.dll* received on 2009.09.14 03:51:35 (UTC)
Result: 6/41 (14.64%)		



> Antivirus 	Version 	Last Update 	Result
> a-squared	4.5.0.24	2009.09.14	-
> AhnLab-V3	5.0.0.2	2009.09.13	-
> AntiVir	7.9.1.14	2009.09.11	-
> Antiy-AVL	2.0.3.7	2009.09.14	-
> *Authentium	5.1.2.4	2009.09.13	W32/Agent.CM.gen!Eldorado*
> Avast	4.8.1351.0	2009.09.13	-
> AVG	8.5.0.412	2009.09.13	-
> BitDefender	7.2	2009.09.14	-
> ...


Additional information
File size: 184320 bytes
MD5...: 3ea503ec0456b1cca181412388d642dd
SHA1..: cc18a7959c12ebfe569583ce2c84808d968d5e80
SHA256: e6f777ff6f3d3af8d835b33a20e0bbbc87e92b47739f42c7e6  5de4eb187ce1df
ssdeep: 3072:46+fkCU9C4uyjoIPJPDkravk1d8xdmT3nk4rEWw:466kr  C4uyjoIB4rOk1d
8xdMno


 File *tright.jpg* received on 2009.09.14 03:51:27 (UTC)
Result: 28/41 (68.3%)	



> Antivirus 	Version 	Last Update 	Result
> *a-squared	4.5.0.24	2009.09.14	Trojan-Downloader.Win32.Winical!IK
> AhnLab-V3	5.0.0.2	2009.09.13	Win-Trojan/Agent.212992.KF
> AntiVir	7.9.1.14	2009.09.11	TR/Agent.49152*
> Antiy-AVL	2.0.3.7	2009.09.14	-
> *Authentium	5.1.2.4	2009.09.13	W32/Downloader.B.gen!Eldorado
> Avast	4.8.1351.0	2009.09.13	Win32:Agent-GRW
> AVG	8.5.0.412	2009.09.13	Downloader.Generic8.BMWI
> BitDefender	7.2	2009.09.14	Application.Generic.206712
> ...


Additional information
File size: 212992 bytes
MD5...: aef5a45a4f1c61c319da9c5be64487c6
SHA1..: d6ea56276cbbea31a37b41d8f3040d6c288c1883
SHA256: 251d2e74c37215f6dacf4dbb1767cb9ed1cc0c6e5e805b005d  a4974de8125638
ssdeep: 3072:uAF6L5Za8AUQRfd0pGc/2KflUYrb1lPcOYhmvxmee3YQul0l2pFYxat:Io8
HQ30MLeXWmv83Y08t

----------


## Winsent

С зараженного оф. сайта download master




> Антивирус	Версия	Обновление	Результат
> 
> a-squared	4.5.0.24	2009.09.14	-
> AhnLab-V3	5.0.0.2	2009.09.14	-
> *AntiVir	7.9.1.14	2009.09.14	EXP/Pidief.fyc*
> Antiy-AVL	2.0.3.7	2009.09.14	-
> Authentium	5.1.2.4	2009.09.14	-
> Avast	4.8.1351.0	2009.09.14	-
> AVG	8.5.0.412	2009.09.14	-
> ...


Дополнительная информация
File size: 75722 bytes
MD5...: dfb9d0d15ddc165cbad1c1cfc105d12f
SHA1..: 5ed057f94d18d97c00d7f03bd1127d805806df39
SHA256: 2a35c7eccc7ef86ad39b30ac60070b57d2cc24873164378500  065967c834c929
ssdeep: 1536:k4zg8x3fNuekfNpLSSxABvhD321t/ez/H32koplSMCgf2Ii2GU :Lipsrsealed: JxPNuRf<BR>eSxAv5icDXieM7tf<BR>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<BR>-
pdfid.: PDF Header: %PDF-1.4<BR>obj 35<BR>endobj 35<BR>stream 18<BR>endstream 18<BR>xref 1<BR>trailer 1<BR>startxref 1<BR>/Page 1<BR>/Encrypt 0<BR>/ObjStm 0<BR>/JS 5<BR>/JavaScript 6<BR>/AA 0<BR>/OpenAction 0<BR>/JBIG2Decode 0<BR>
trid..: Adobe Portable Document Format (100.0%)


ps: Интересная штука. При попытке проверить ссылку _http://www.westbyte.com/dm/ у dr.web, в итоге проверяется  :Smiley:

----------


## valho

> С зараженного оф. сайта download master


Из самой проги тоже лезло много чего, так как они свою рекламу там пихают, чёт не стал разбираться как её блочить, удалил наф

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## senyak

Файл RaitingMaster3.jar получен 2009.09.17 22:19:50 (UTC)
Текущий статус: закончено
Результат: 14/41 (34.15%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.09.17	-
> AhnLab-V3	5.0.0.2	2009.09.17	-
> *AntiVir	7.9.1.19	2009.09.17	JAVA/SMS.Konov.e
> Antiy-AVL	2.0.3.7	2009.09.17	Trojan/J2ME.Konov*
> Authentium	5.1.2.4	2009.09.17	-
> *Avast	4.8.1351.0	2009.09.17	Other:Malware-gen
> AVG	8.5.0.412	2009.09.17	Java/SMS.A*
> BitDefender	7.2	2009.09.17	-
> ...


Дополнительная информация
File size: 2369 bytes
MD5...: 53beac59d8e5c928b0f2e7c41ab148ab
SHA1..: d8f112ad6079e8767c0725a5139402b9786c2ecf
SHA256: e5d639488a2b328e6747a29deacf5ccf0435c7d3c8090d44df  15262f317b7ab0
ssdeep: 48:51FTQo0tOURs9y3VeiTEzrTnHOCmmJwLnDfaS7EsvNf:XFT  iOURs9qVeiT6TH
mX3ixsvNf
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com./ru/analis...ab0-1253225990

----------


## senyak

Файл Jimmeconomy.jar получен 2009.09.18 21:12:37 (UTC)
Текущий статус: закончено
Результат: 11/41 (26.83%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.09.18	-
> AhnLab-V3	5.0.0.2	2009.09.18	-
> *AntiVir	7.9.1.19	2009.09.18	JAVA/SMS.J2ME.Kon.I
> Antiy-AVL	2.0.3.7	2009.09.18	Trojan/J2ME.Konov*
> Authentium	5.1.2.4	2009.09.18	-
> *Avast	4.8.1351.0	2009.09.18	Other:Malware-gen*
> AVG	8.5.0.412	2009.09.18	-
> BitDefender	7.2	2009.09.18	-
> ...


Дополнительная информация
File size: 165859 bytes
MD5...: 87a421743de577bfa70476675f49f0cf
SHA1..: 90d1ce8a35b46059187999ddd57555915d24c3a4
SHA256: c7c99d0fe868a1aa768331a354f8aca4d9cb875ea93bd47904  3e7212b9dd2619
ssdeep: 3072:O6br4V4QrVYwF3wz/5OGER8EBBucamPMZPAn9lSEZnO4vpkNwdYWPoldFPh
tio7:O6KbVwz/5OlW8gcamP8PAn6aO4vWNwd6
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...619-1253308357





Файл foto.jar получен 2009.09.18 21:21:32 (UTC)
Текущий статус: закончено
Результат: 19/41 (46.35%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.09.18	-
> AhnLab-V3	5.0.0.2	2009.09.18	-
> *AntiVir	7.9.1.19	2009.09.18	JAVA/Boxer.1
> Antiy-AVL	2.0.3.7	2009.09.18	Trojan/J2ME.Boxer*
> Authentium	5.1.2.4	2009.09.18	-
> *Avast	4.8.1351.0	2009.09.18	Other:Malware-gen
> AVG	8.5.0.412	2009.09.18	Java/SMS.C
> BitDefender	7.2	2009.09.18	Trojan.Java.SMSsend.A*
> ...


Дополнительная информация
File size: 19167 bytes
MD5...: e413385fa1d746556c0d4a9fb319bb8f
SHA1..: 1e660f1beabcd28e2fb9d5752309353165bca661
SHA256: 3e9eaec41e8b7ef9613eebb38828fad9eacb92632be281f0a4  c46d421158a5c8
ssdeep: 384:3I08errDClyW2ugxiKPM4z4khCLswpYmN9RGyqrCMpR0fA  70T13qh:39O8xF
PVz4jLRLNEaI4TZG
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...5c8-1253308892

----------


## Ingener

Файл dm3.exe получен 2009.09.19 00:40:41 (UTC)
Текущий статус: закончено 
Результат: 14/41 (34.15%)



> *a-squared	4.5.0.24	2009.09.19	Packed.Win32.Tdss!IK*
> AhnLab-V3	5.0.0.2	2009.09.18	-
> *AntiVir	7.9.1.19	2009.09.18	TR/PCK.Tdss.Z.1092*
> *Antiy-AVL	2.0.3.7	2009.09.18	Packed/Win32.TDSS*
> Authentium	5.1.2.4	2009.09.19	-
> Avast	4.8.1351.0	2009.09.18	-
> *AVG	8.5.0.412	2009.09.19	Packed.Monder*
> BitDefender	7.2	2009.09.19	-
> *CAT-QuickHeal	10.00	2009.09.18	(Suspicious) - DNAScan*
> ...


Дополнительная информация
File size: 93696 bytes
MD5   : 62018239edd702419737f0bead200df3
SHA1  : e5d2cadfc95a3d33bb9b11ccce2c89ab1172252f
SHA256: 27013813316360af9b86551743cb957a04e7bf7433777e3d6f  17073a9054310f
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x4AB0C1CC (Wed Sep 16 12:45:32 2009)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5C1C 0x5E00 7.86 b98b3371447c00d35a874e187c98a64a
.rdata 0x7000 0x598E 0x5A00 7.81 92879f4cdc4c2ec38ceaf931a615c6d1
.data 0xD000 0x532E 0x5400 7.89 1fd28ded16cc5df0f8f2cffe540039fb
.rsrc 0x13000 0x5B7E 0x5C00 7.78 a6795cc3b43abe84acb1bda3f59ae922
.reloc 0x19000 0x38 0x200 0.88 84460ef7710c08ff9b3686decd943135

( 5 imports )

> comdlg32.dll: CommDlgExtendedError, GetOpenFileNameW, LoadAlterBitmap, LoadAlterBitmap, PrintDlgA, ReplaceTextA, WantArrows, GetFileTitleW, dwOKSubclass, ChooseFontA, FindTextW, ReplaceTextA
> kernel32.dll: GetModuleHandleA, GetLocalTime, Beep, CreateFileW, VirtualFree, LoadLibraryA, VirtualProtect, MapViewOfFile, FileTimeToDosDateTime, SetEvent, GetLongPathNameA, VirtualAlloc, GetModuleHandleW, OpenJobObjectA, ExitThread
> msvcrt.dll: _mbstrlen, _ismbcupper, fread, _ltow, _ismbchira, wcstoul, [email protected]@Z, strncpy, _gcvt, wcscmp, [email protected]@[email protected]@@Z, atof, _rotr, fgetws, _y0, _winver, mktime, _wsystem, _wspawnle, isleadbyte, _wcsupr, memcpy
> opengl32.dll: glMatrixMode, glBlendFunc, glRasterPos2fv, glNormal3fv, glFogiv, glRasterPos3sv
> winmm.dll: wod32Message, mciGetDeviceIDW, mmioOpenW, joyConfigChanged, midiStreamRestart, midiOutGetErrorTextA, tid32Message, mciGetErrorStringA, midiInGetNumDevs, auxGetDevCapsW, waveInGetPosition

( 0 exports )
TrID  : File type identification
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.a...37f0bead200df3
ssdeep: 1536 :Lipsrsealed: 9odc8qz/fOqm6cuB+KFCeaM0x5uUBQj0/NCrOiJsMzGucxpaTtho7OuwcKxPx/ :Lipsrsealed: 9WWzItNK9F4ugQjiNCKiZcGgDhKL
Prevx Info: http://info.prevx.com/aboutprogramte...C2C200E8137474
PEiD  : -
RDS   : NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...10f-1253320841



Файл Install.exe получен 2009.09.19 02:00:17 (UTC)
Текущий статус:   закончено 
Результат: 10/41 (24.4%)



> a-squared	4.5.0.24	2009.09.19	-
> AhnLab-V3	5.0.0.2	2009.09.18	-
> AntiVir	7.9.1.19	2009.09.18	-
> Antiy-AVL	2.0.3.7	2009.09.18	-
> Authentium	5.1.2.4	2009.09.19	-
> Avast	4.8.1351.0	2009.09.18	-
> AVG	8.5.0.412	2009.09.19	-
> BitDefender	7.2	2009.09.19	-
> *CAT-QuickHeal	10.00	2009.09.18	(Suspicious) - DNAScan*
> ...


Дополнительная информация
File size: 200304 bytes
MD5...: 4680e921b4319339d98fdd3fa907a3df
SHA1..: 73cd5a5407649b2990351bc075824b1857c26cca
SHA256: db168ca50ccb5e6af699755ebae1032647f1ea59a5bc4b173a  be1d5c699af62a
ssdeep: 6144:KBLkRZYRQ351Dm3tJyzG1qeRUqtZV/YI7hyHJff:KLkPmdJlq6zZLYJ3
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7b61
timedatestamp.....: 0x4aa9446f (Thu Sep 10 18:24:47 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6dd7 0x6e00 7.97 10beaa5f98c6fc0a44460fcb0425023d
.rdata 0x8000 0x674 0x800 4.05 47e62302a0b7246c41a6a72da0daadff
.data 0x9000 0x33dc9 0x22a00 7.94 6a5ad95853c7a538cb65fded85245243
.rsrc 0x3d000 0x6436 0x6600 6.28 a949bf4f5442f202b47afa5877c6afae
.reloc 0x44000 0x8a 0x200 2.01 948c3ecb170e4a8e50568bfe3c55bde3

( 3 imports ) 
> KERNEL32.DLL: TerminateProcess, GetOEMCP, MapViewOfFile, GetStartupInfoA, LCMapStringA, GetModuleHandleA, lstrcmpW, GetACP, GetSystemTimeAsFileTime, MoveFileA, GetDriveTypeA, DisableThreadLibraryCalls, HeapAlloc, GetFullPathNameW, LocalFree, CreateFileA, FindNextFileA, LoadResource, VirtualProtect, EnumSystemLocalesA, VirtualQuery, SetThreadLocale, InterlockedExchange, GetModuleFileNameW, GetConsoleOutputCP, ExitProcess, SetLastError, SetUnhandledExceptionFilter, SetEvent, CreateThread, FreeEnvironmentStringsA, GetCurrentProcessId, Sleep, BeginUpdateResourceW, GetVersionExA, GetCommandLineA, WriteFile, SetConsoleCP, SetStdHandle, HeapCreate, VirtualAlloc, lstrcmpA, CopyFileW, InterlockedDecrement
> USER32.DLL: LoadCursorA, CharNextW, CallNextHookEx, PeekMessageA, BeginPaint, GetSubMenu, GetForegroundWindow, LoadCursorW, wsprintfA
> MSVCRT.DLL: [email protected]@Z, _cexit, __CxxFrameHandler, _CxxThrowException, [email protected]@[email protected], _initterm, __dllonexit, _lock

( 0 exports ) 
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Unknown Corporation
copyright....: (c) Unknown Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Unknown SC
original name: Unknown
internal name: Unknown.exe
file version.: 3.1.7.152
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=45163E8A70B73FF00EFB039EC  1B375007BD7FA9B' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=45163E8A70B73FF00EFB039EC  1B375007BD7FA9B</a>

http://www.virustotal.com/ru/analisi...62a-1253325617



Файл ms_powerpoint_png.jpg получен 2009.09.19 18:32:24 (UTC)
Текущий статус:     закончено   
Результат: 24/41 (58.54%) 



> a-squared	4.5.0.24	2009.09.19	Gen.Trojan!IK
> AhnLab-V3	5.0.0.2	2009.09.19	-
> *AntiVir	7.9.1.19	2009.09.18	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2009.09.18	-
> *Authentium	5.1.2.4	2009.09.19	W32/Heuristic-210!Eldorado*
> *Avast	4.8.1351.0	2009.09.18	Win32:Trojan-gen {Other}*
> *AVG	8.5.0.412	2009.09.19	SHeur2.BCOU*
> *BitDefender	7.2	2009.09.19	Gen:Trojan.Heur.PT.dqWabi3y3Yk*
> *CAT-QuickHeal	10.00	2009.09.19	Trojan.Agent.ATV*
> ...


Дополнительная информация
File size: 60798 bytes
MD5...: 45fb9f8733b3f0b26d38195b2c5ae54e
SHA1..: 7371eecafbaeefd0dc5f4dd5737f745586133f59
SHA256: 51eda4521b3ee9d6917832e4e04a4f58891867b8f7b0ade617  25fd124ba40f82
ssdeep: 1536:j4XzoOMJuMzHuME2D5R7JW/69wREdR7joR4:s3MjuME2FR7JuaeR4
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x15288
timedatestamp.....: 0x4aa7b104 (Wed Sep 09 13:43:32 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0xc7bc 0x8000 7.60 5bd95121239885613ca7790f80fae2c6
0xe000 0x41a8 0x2000 7.98 8195b2ab5878462b8b5ce34331a3b603
0x13000 0x1740 0x1000 7.24 5a5b0537443dc1b2b85b6f0f5a4fc9d9
.UPX 0x15000 0xd000 0x2d7e 7.96 faec9a63524945f25a0c41c67d8bbc79

( 1 imports ) 
> Kernel32.dll: LoadLibraryA, GetProcAddress

( 0 exports ) 
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 EXE Yoda's Crypter (56.9%)
Win32 Executable Generic (18.2%)
Win32 Dynamic Link Library (generic) (16.2%)
Generic Win/DOS Executable (4.2%)
DOS Executable Generic (4.2%)
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=45fb9f8733b3f0b26d38195b2c5ae54e' target='_blank'>http://www.threatexpert.com/report.aspx?md5=45fb9f8733b3f0b26d38195b2c5ae54e</a>
packers (F-Prot): YodaProt
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=C3C55D117EE4FC2DED180048A  C2C4700B3544303' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=C3C55D117EE4FC2DED180048A  C2C4700B3544303</a>
packers (Authentium): YodaProt
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

http://www.virustotal.com/ru/analisi...f82-1253385144

----------


## ZhIV

File bsersysguard.exe received on 2009.09.21 03:49:31 (UTC)



> Antivirus	Version	Last Update	Result
> *a-squared	4.5.0.24	2009.09.21	Trojan.Win32.VB!IK*
> AhnLab-V3	5.0.0.2	2009.09.19	-
> *AntiVir	7.9.1.19	2009.09.18	TR/VB.vrd*
> Antiy-AVL	2.0.3.7	2009.09.18	-
> Authentium	5.1.2.4	2009.09.20	-
> *Avast	4.8.1351.0	2009.09.20	Win32:Trojan-gen {Other}*
> AVG	8.5.0.412	2009.09.20	-
> BitDefender	7.2	2009.09.21	-
> ...


Additional information
File size: 272896 bytes
MD5...: c11856d9d1d199c94511a67a2ecf4b89
SHA1..: 6046cdc98a5e62592afe1da8f6f8d53ddb8c878b
SHA256: 634ee8ca209a184bcd59cb19bdd5133e2414c2fd6c1107c312  a781381cf8b566
ssdeep: 3072:YxlohsWvgZfsTdrH1sXoJVvCzigVQgtmZkkTGAdyERp6c  ZNGHyUt3+lIRBk<BR>zx2Ce:YPkUmVqzLftmZkAXj6+eU8Bk7B  +yhH0<BR>
PEiD..: -

----------


## senyak

Файл abflxy.pdf получен 2009.09.22 15:42:30 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.2%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.09.22	-
> AhnLab-V3	5.0.0.2	2009.09.22	-
> AntiVir	7.9.1.23	2009.09.22	-
> Antiy-AVL	2.0.3.7	2009.09.22	-
> Authentium	5.1.2.4	2009.09.21	-
> *Avast	4.8.1351.0	2009.09.21	JS:Pdfka-QK*
> AVG	8.5.0.412	2009.09.22	-
> BitDefender	7.2	2009.09.22	-
> ...


Дополнительная информация
File size: 15720 bytes
MD5...: f5a18cfad974b050a986c4f8fc009efa
SHA1..: 9d5cbe6b9ccaac36d5148ae3bf4fdf550987f084
SHA256: b0f6cd5ea1cdb9fbdb335b2448c0347e07d2ffcf0d1779af56  a6d466b41f4123
ssdeep: 384:4eH18/e/nhU7yL2x16w80vvbaPvDs4GS7CVoL7puJy7i/NRSE7at8YilWv:4
e9L0b8+vww43mVoMQiFsb
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...123-1253634150

----------


## senyak

Файл foto35.scr получен 2009.09.23 14:20:40 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.2%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.09.23	-
> AhnLab-V3	5.0.0.2	2009.09.23	-
> AntiVir	7.9.1.23	2009.09.23	-
> Antiy-AVL	2.0.3.7	2009.09.23	-
> Authentium	5.1.2.4	2009.09.23	-
> Avast	4.8.1351.0	2009.09.21	-
> AVG	8.5.0.412	2009.09.23	-
> *BitDefender	7.2	2009.09.23	Trojan.FakeAntivirus.Gen
> ...


Дополнительная информация
File size: 151040 bytes
MD5...: bcf940dfa991f737fe2414029a88a334
SHA1..: f3113c927560e1c83abaf921c2470a58c05421bc
SHA256: be7013ba7aeb4816fb20194a5db3ae6a4a2675df5273015902  990e944dd90f06
ssdeep: 1536:yZxDKrEp0179py+in9mnvOt+S44KdKqdIuH9Otxz+yjEL  8LdI/+7tJEE3V1
Ji5YD:yHuwpyDi9mKRqdZH9oU8CGtKKngYny
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...f06-1253715640

----------


## Ingener

Файл getexe.exe получен 2009.09.23 19:56:23 (UTC)
Текущий статус:   закончено 
Результат: 14/41 (34.15%)



> *a-squared	4.5.0.24	2009.09.23	Trojan.Win32.Tibs!IK*
> AhnLab-V3	5.0.0.2	2009.09.23	-
> *AntiVir	7.9.1.23	2009.09.23	TR/Crypt.ZPACK.Gen*
> Antiy-AVL	2.0.3.7	2009.09.23	-
> Authentium	5.1.2.4	2009.09.23	-
> Avast	4.8.1351.0	2009.09.23	-
> AVG	8.5.0.412	2009.09.23	-
> *BitDefender	7.2	2009.09.23	Application.Generic.218490*
> CAT-QuickHeal	10.00	2009.09.23	-
> ...


Дополнительная информация
File size: 23552 bytes
MD5...: df2cf3c5209b76dce33596331a96026a
SHA1..: e75382f0b32323f2b795bbe00d4dfadc4e90f4f5
SHA256: 8a1218da6bdb03427a9bf48a8f8015b47e1ce0ea7564c36094  53a0f712a68811
ssdeep: 384:vxGLu/EO5NCpN71uFbPcY3w/SX/oW+141irfionWzJ7ZYZXhKH60MkougbJf
:JtXU7x/SX/oD1Nmg8J7ZYrvldu8N
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x21e5
timedatestamp.....: 0x4aafc40e (Tue Sep 15 16:42:54 2009)
machinetype.......: 0x14c (I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4790 0x4800 6.53 3848902087579fc1478896509ae71176
.data 0x6000 0x1000 0x1000 5.67 537fcaf76706f116033f433191ec2385

( 1 imports ) 
> KERNEL32.DLL: GetFileSize, CloseHandle, AddAtomA, DeleteFileW, EndUpdateResourceW, VirtualProtect, ExitProcess, GetDiskFreeSpaceW, GetAtomNameW, GetDateFormatW, GetModuleHandleW

( 0 exports ) 
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (38.5%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=B1D25CB800B2B5705CEF0087B  933C800096EBB2D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=B1D25CB800B2B5705CEF0087B  933C800096EBB2D</a>
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=df2cf3c5209b76dce33596331a96026a' target='_blank'>http://www.threatexpert.com/report.aspx?md5=df2cf3c5209b76dce33596331a96026a</a>
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

http://www.virustotal.com/ru/analisi...811-1253735783



Файл manual.swf получен 2009.09.23 20:24:15 (UTC)
Текущий статус:   закончено 
Результат: 13/41 (31.71%)



> a-squared	4.5.0.24	2009.09.23	-
> AhnLab-V3	5.0.0.2	2009.09.23	-
> *AntiVir	7.9.1.23	2009.09.23	HTML/Malicious.Flash.Gen*
> Antiy-AVL	2.0.3.7	2009.09.23	-
> *Authentium	5.1.2.4	2009.09.23	SWF/MultiExploit.A!Camelot*
> *Avast	4.8.1351.0	2009.09.23	SWFownloader-E*
> AVG	8.5.0.412	2009.09.23	-
> *BitDefender	7.2	2009.09.23	Exploit.SWF.Shellcode.Gen*
> CAT-QuickHeal	10.00	2009.09.23	-
> ...


Дополнительная информация
File size: 10722 bytes
MD5...: 1ab0ec2298af8fe7d912119cd7cf5d2e
SHA1..: 921501ff470f7f984d2de4279d1fa19dcf171691
SHA256: 2671eb3a1f9ee04168d1b3d5e00fbe206fb2656395a068e8a4  e1269e91af8b1d
ssdeep: 192:mtPUT+KKIRPr4SI4W0GdMec+4TCCFUSOustDMS2EYZvgCc  9pCYGl6/ST5:Kq
NBxI4W0oomwOdI4i4CcvCYf/c5
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Macromedia Flash Player Compressed Movie (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (Kaspersky): Swf2Swc

http://www.virustotal.com/ru/analisi...b1d-1253737455



Файл default получен 2009.09.23 20:32:22 (UTC)
Текущий статус: закончено 
Результат: 3/41 (7.32%)



> a-squared	4.5.0.24	2009.09.23	-
> AhnLab-V3	5.0.0.2	2009.09.23	-
> AntiVir	7.9.1.23	2009.09.23	-
> Antiy-AVL	2.0.3.7	2009.09.23	-
> Authentium	5.1.2.4	2009.09.23	-
> Avast	4.8.1351.0	2009.09.23	-
> AVG	8.5.0.412	2009.09.23	-
> BitDefender	7.2	2009.09.23	-
> CAT-QuickHeal	10.00	2009.09.23	-
> ...


Дополнительная информация
File size: 9959 bytes
MD5   : d58ae9e6fb9d7b70babe828b1423d342
SHA1  : 8675dc340057d442a7274c20305c68e5bf586245
SHA256: afaa2967abc1fabc8ccaba68f44455523bea53a2246a118cfa  b6197380283323
TrID  : File type identification
file seems to be plain text/ASCII (0.0%)
ssdeep: 192:wnLTBnnZYazLIt+gei+IPnLXphB9jE8ow5X301Qq9lArA0  u:GvBnn3zckg1+o19xosXE1T9lV5
PEiD  : -
RDS   : NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...323-1253737942

----------


## senyak

Файл pdf.pdf получен 2009.09.23 17:15:30 (UTC)
Текущий статус: закончено
Результат: 8/41 (19.51%)



> Антивирус 	Версия 	Обновление 	Результат
> a-squared 	4.5.0.24 	2009.09.23 	-
> *AhnLab-V3 	5.0.0.2 	2009.09.23 	PDF/Exploit*
> AntiVir 	7.9.1.23 	2009.09.23 	-
> Antiy-AVL 	2.0.3.7 	2009.09.23 	-
> Authentium 	5.1.2.4 	2009.09.23 	-
> *Avast 	4.8.1351.0 	2009.09.21 	JS:Pdfka-QK*
> AVG 	8.5.0.412 	2009.09.23 	-
> *BitDefender 	7.2 	2009.09.23 	Exploit.PDF-JS.Gen*
> ...


Дополнительная информация
File size: 8078 bytes
MD5   : d20f1e05864e0653f083f313be161726
SHA1  : d52222405e91c04c9b8831cdf189e5645f18cc28
SHA256: 76739e8c0de9b39aa97bff7c1e333a91fd892dd24f6966fde4  31658d6bcc2f49
TrID  : File type identification
Adobe Portable Document Format (100.0%)
ssdeep: 192:f+1ROqrurXr+wIOJ4pvq/XkDqQ7e7Vd+sMQIfbThY0LP0wv43l0lgY85:W1ROqrsXr+wIOJ  t/UDv7oXdWThY0z0rf

http://www.virustotal.com/ru/analisi...f49-1253726130





Файл Install.exe получен 2009.09.23 17:15:47 (UTC)
Текущий статус: закончено
Результат: 17/40 (42.50%)



> Антивирус 	Версия 	Обновление 	Результат
> *a-squared 	4.5.0.24 	2009.09.23 	Trojan-Downloader.Win32.FakeRean!IK*
> AhnLab-V3 	5.0.0.2 	2009.09.23 	-
> *AntiVir 	7.9.1.23 	2009.09.23 	TR/Dldr.FakeRean.20*
> Antiy-AVL 	2.0.3.7 	2009.09.23 	-
> Authentium 	5.1.2.4 	2009.09.23 	-
> Avast 	4.8.1351.0 	2009.09.21 	-
> AVG 	8.5.0.412 	2009.09.23 	-
> *BitDefender 	7.2 	2009.09.23 	Trojan.Generic.CJ.YEQ
> ...


Дополнительная информация
File size: 159856 bytes
MD5   : 44271d7ca275f464420a071a69cef1fc
SHA1  : 0cfe8ebf6003648d706a9ac1cf385fef7cc97898
SHA256: 18f632a27934f2840f22b414dde814a309c3feb9a18bafdb88  136218bb62e875
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7CE7
timedatestamp.....: 0x44D93E06 (Wed Aug 9 03:44:38 2006)
machinetype.......: 0x14C (Intel I386)

http://www.virustotal.com/ru/analisi...875-1253726147

----------


## senyak

Файл DemO.rar получен 2009.09.25 08:27:57 (UTC)
Текущий статус: закончено
Результат: 16/41 (39.03%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.09.25	-
> AhnLab-V3	5.0.0.2	2009.09.24	-
> *AntiVir	7.9.1.25	2009.09.24	TR/Spy.47274
> Antiy-AVL	2.0.3.7	2009.09.25	Trojan/VBS.AntiAV*
> Authentium	5.1.2.4	2009.09.25	-
> Avast	4.8.1351.0	2009.09.24	-
> AVG	8.5.0.412	2009.09.24	-
> *BitDefender	7.2	2009.09.25	Gen:Trojan.Heur.cmHfrzDajqocA*
> ...


Дополнительная информация
File size: 157651 bytes
MD5...: 14c1fb3e623bb18c14fcfd616e3eeb3b
SHA1..: edf90e6a7b3b6ba28a79735a3e7203ed4cd22f92
SHA256: 21587e4fb74e285979f8a3c831ca53a136d58ea17ce482ee10  081e706889d543
ssdeep: 3072:6yeG0KdbEcioh5yeG0KdbEcioh9SASocDWc5hAL:6yIKd  bEcJTyIKdbEcJh
wA1gWc5hAL
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...543-1253867277

----------


## senyak

Файл setup.exe получен 2009.09.26 09:42:37 (UTC)
Текущий статус: закончено
Результат: 6/41 (14.63%)



> Антивирус 	Версия 	Обновление 	Результат
> *a-squared 	4.5.0.24 	2009.09.26 	Trojan.Win32.FakeSmoke!IK*
> AhnLab-V3 	5.0.0.2 	2009.09.26 	-
> AntiVir 	7.9.1.25 	2009.09.25 	-
> Antiy-AVL 	2.0.3.7 	2009.09.25 	-
> Authentium 	5.1.2.4 	2009.09.25 	-
> Avast 	4.8.1351.0 	2009.09.26 	-
> AVG 	8.5.0.412 	2009.09.26 	-
> BitDefender 	7.2 	2009.09.26 	-
> ...


Дополнительная информация
File size: 61815 bytes
MD5   : 4dd25c70ab098e13c24673a224c26a63
SHA1  : d815c88216a77e7e3f8c3116c8254acc0a4db78c
SHA256: 3c4cf20300efbbbae724ad3644432488f949f5756f6fff2141  2917ffe790b2c6
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...2c6-1253958157

*Добавлено через 6 часов 42 минуты*

Файл foto17.scr получен 2009.09.26 16:14:09 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.2%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.09.26	-
> AhnLab-V3	5.0.0.2	2009.09.26	-
> AntiVir	7.9.1.25	2009.09.25	-
> Antiy-AVL	2.0.3.7	2009.09.25	-
> Authentium	5.1.2.4	2009.09.25	-
> Avast	4.8.1351.0	2009.09.26	-
> AVG	8.5.0.412	2009.09.26	-
> BitDefender	7.2	2009.09.26	-
> ...


Дополнительная информация
File size: 151040 bytes
MD5...: e451a27c1a2ac70911cc45436c6fe42a
SHA1..: 5bb491db1d945cfe5060559dd107c1f0351d78b2
SHA256: 7e5bfc3e356c1daccb36242511bdcb1235200a49554b68141b  9ea03cd9cdce95
ssdeep: 3072 :Stick Out Tongue: nHLBRkgXetgOF22/kw/WwrQNaRp78CmdkKov8dPyTqhF :Stick Out Tongue: nHLBRkrtgrw/
rQkRXjjUd6e
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...e95-1253981649

----------


## Winsent

Файл foto35.scr получен 2009.09.26 18:09:36 (UTC)




> Антивирус    Версия    Обновление    Результат
> 
> a-squared    4.5.0.24    2009.09.26    -
> AhnLab-V3    5.0.0.2    2009.09.26    -
> AntiVir    7.9.1.25    2009.09.25    -
> Antiy-AVL    2.0.3.7    2009.09.25    -
> Authentium    5.1.2.4    2009.09.25    -
> Avast    4.8.1351.0    2009.09.26    -
> AVG    8.5.0.412    2009.09.26    -
> ...


Дополнительная информация
File size: 151040 bytes
MD5...: 858f85c78f459631ef96603d18a1fb72
SHA1..: b2ad393fa37838dbf3c7120af055b47f789beb25
SHA256: d20fcf234d37c5acdf4203409bbfe8a447bb4110c4b1a39838  235224b5ed8753
ssdeep: 3072:FCA5N/8h5LL5rLbon1ZNlxVTOZHQ0OWykzeKaU:/X8h5L5LoPTG/OOd<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10ee<br>timedatestamp.....: 0x494807bd (Tue Dec 16 19:55:41 200 :Cool: <br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>Coqp0msc 0x1000 0x9c0f 0x9e00 5.72 dfa09b1702ea343d7e306c100a744368<br>S9qC1feu 0xb000 0x2da 0x400 3.87 c4240ab126d56f92054f8343ada3a53c<br>QiGVS3Mm 0xc000 0x19405 0x19600 7.97 10d53d0d222f6dd663767eb2e3abfc89<br>.rsrc 0x26000 0x26000 0x1200 3.65 030f64094fede62a4d311a5b1d94e2ea<br><br>( 0 imports ) <br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Dynamic Link Library (generic) (55.3%)<br>Win16/32 Executable Delphi generic (15.1%)<br>Generic Win/DOS Executable (14.6%)<br>DOS Executable Generic (14.6%)<br>VXD Driver (0.2%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

----------


## senyak

Файл exploree.exe получен 2009.09.26 20:36:36 (UTC)
Текущий статус: закончено
Результат: 8/41 (19.52%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.09.26	-
> AhnLab-V3	5.0.0.2	2009.09.26	-
> AntiVir	7.9.1.25	2009.09.25	-
> Antiy-AVL	2.0.3.7	2009.09.25	-
> Authentium	5.1.2.4	2009.09.26	-
> Avast	4.8.1351.0	2009.09.26	-
> AVG	8.5.0.412	2009.09.26	-
> *BitDefender	7.2	2009.09.26	Trojan.CryptRedol.Gen.3*
> ...


Дополнительная информация
File size: 24576 bytes
MD5...: a0adcaeabe2415a991023d495e021649
SHA1..: dc5b2395e9dd887faca09eefba3a623595c6303d
SHA256: 266cbc2529b31b31eef604a01b7c9fffff8bc2745a6a4bfe25  2e6ab7c74f47c5
ssdeep: 384:jgbh4XWczy8DJIK/vRtpZqrpkiPfVfDPSaWhOElNSKlwYzMNQ6Fhr:22Gcz4
e3+kC+aW9lMRuMN
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...7c5-1253997396




Файл svvghost.exe получен 2009.09.26 20:37:50 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.2%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.09.26	-
> AhnLab-V3	5.0.0.2	2009.09.26	-
> AntiVir	7.9.1.25	2009.09.25	-
> Antiy-AVL	2.0.3.7	2009.09.25	-
> Authentium	5.1.2.4	2009.09.26	-
> Avast	4.8.1351.0	2009.09.26	-
> AVG	8.5.0.412	2009.09.26	-
> BitDefender	7.2	2009.09.26	-
> ...


Дополнительная информация
File size: 70144 bytes
MD5...: 999ca33934dff046cadb2bcf2b2c083f
SHA1..: 449419448ce9035ae0bc23874c14ca5aa633e123
SHA256: 052bad87c63fe3581a20af34cd4a634facef6411d83db91caf  125757553e0b0f
ssdeep: 1536:qwby+xZsj4/WkTf6KQsMdnBaRKz/B1TVMT8Uy2u6Vefe:qyTZsU/WkqBaQ1
U8U3BVeG
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...b0f-1253997470

----------


## senyak

Итак, едим дальше

Файл setup.exe получен 2009.09.27 22:46:33 (UTC)
Текущий статус: закончено
Результат: 4/41 (9.76%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.09.27	-
> AhnLab-V3	5.0.0.2	2009.09.26	-
> AntiVir	7.9.1.27	2009.09.28	-
> Antiy-AVL	2.0.3.7	2009.09.27	-
> Authentium	5.1.2.4	2009.09.27	-
> *Avast	4.8.1351.0	2009.09.27	Win32:MalOb-T*
> AVG	8.5.0.412	2009.09.27	-
> BitDefender	7.2	2009.09.28	-
> ...


Дополнительная информация
File size: 29184 bytes
MD5...: b7df3410748e02c94aa620a583ba4f3c
SHA1..: 9d3d55cdabbf130621eddd47b36b1c2d4e69a6f2
SHA256: dcd439bc7b6986100ee8cbf9b10ad16d8057025d03c91af3ea  3486ca5b8cba86
ssdeep: 384:XHVN4SGOJThoZIOMSWbW68fhOS6y8gj43HjB9v5isJ+fL2  eukfqkJ:X1KhzZ
RMhq68fhv7MjHhis0Xukh
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...a86-1254091593




Файл alex_359fab6b7b7c4da8dafedba92bfd получен 2009.09.27 22:51:26 (UTC)
Текущий статус: закончено
Результат: 6/41 (14.64%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.09.27	-
> AhnLab-V3	5.0.0.2	2009.09.26	-
> AntiVir	7.9.1.27	2009.09.28	-
> Antiy-AVL	2.0.3.7	2009.09.27	-
> Authentium	5.1.2.4	2009.09.27	-
> Avast	4.8.1351.0	2009.09.27	-
> AVG	8.5.0.412	2009.09.27	-
> BitDefender	7.2	2009.09.28	-
> ...


Дополнительная информация
File size: 48128 bytes
MD5...: 2d1da14cb7002228062482328aece505
SHA1..: fee148febfe28e01778a5410c6c1c5ba185a258a
SHA256: 21a8314e630f19d18322dcaa40628a86595985d839d2ff3711  fc34a02c421ef6
ssdeep: 768:S6wY7zaHIfoloEiz727w4DHvqj4RWc7yxQG/e/v1/g2HZNmyjDfH:Swpo694
zv/RWcest/v5NmWTH
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...ef6-1254091886




Файл Soft_252.exe получен 2009.09.27 22:53:52 (UTC)
Текущий статус: закончено
Результат: 10/41 (24.4%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.09.27	Trojan.Win32.FakeAV!IK*
> AhnLab-V3	5.0.0.2	2009.09.26	-
> *AntiVir	7.9.1.27	2009.09.28	TR/FakeXPA.A.734*
> Antiy-AVL	2.0.3.7	2009.09.27	-
> Authentium	5.1.2.4	2009.09.27	-
> Avast	4.8.1351.0	2009.09.27	-
> *AVG	8.5.0.412	2009.09.27	Generic14.BJCV*
> BitDefender	7.2	2009.09.28	-
> ...


Дополнительная информация
File size: 184832 bytes
MD5...: 0ec7e0825b52a7d49a59b3a020733d4e
SHA1..: f5b6c877a9b299994cf7df430bae84df4b5c2292
SHA256: f279107de90782021a5e87ad54f2d02bb6f9b04203f3bce2c4  b7eec20594daa6
ssdeep: 3072:1iYPYym8x9ATvD2+PXHLBBwJ+KlIn8xNxZxHn/GMpPOSt/fS4iTP:8wx9AT
b2QLwkKlOKOsPOS564A
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...aa6-1254092032




Файл update.exe получен 2009.09.27 22:52:36 (UTC)
Текущий статус: закончено
Результат: 4/41 (9.76%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.24	2009.09.27	-
> AhnLab-V3	5.0.0.2	2009.09.26	-
> AntiVir	7.9.1.27	2009.09.28	-
> Antiy-AVL	2.0.3.7	2009.09.27	-
> Authentium	5.1.2.4	2009.09.27	-
> Avast	4.8.1351.0	2009.09.27	-
> AVG	8.5.0.412	2009.09.27	-
> BitDefender	7.2	2009.09.28	-
> ...


Дополнительная информация
File size: 69632 bytes
MD5...: cd4d63aa9df325a973ae3038db79436a
SHA1..: 08a3d77d9547fab493eceb33d99da48fe4269295
SHA256: ea1442cb4818a228bdcb1cd98006ae31187696685a6ec62638  1973fc869551cc
ssdeep: 1536:nOyhNnGd+cQcNmApp/XWlxgLCV5Gw3JGpojrtM47Kp88eXAd:jG3NmApp/W
lxg6Ew5S8rtZ80Ad
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...1cc-1254091956




Файл your_exe.exe получен 2009.09.27 22:54:36 (UTC)
Текущий статус: закончено
Результат: 16/41 (39.03%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.24	2009.09.27	Trojan-Downloader.Win32.Harnig!IK*
> AhnLab-V3	5.0.0.2	2009.09.26	-
> *AntiVir	7.9.1.27	2009.09.28	TR/Crypt.XPACK.Gen*
> Antiy-AVL	2.0.3.7	2009.09.27	-
> Authentium	5.1.2.4	2009.09.27	-
> *Avast	4.8.1351.0	2009.09.27	Win32:Walivun*
> AVG	8.5.0.412	2009.09.27	-
> BitDefender	7.2	2009.09.28	-
> ...


Дополнительная информация
File size: 12800 bytes
MD5...: 4cc96065eb6a09a3fdca664b1f77805c
SHA1..: a73cbfc80fcaefbdf5fdb6c515dfbdb07a2f6068
SHA256: 68f6b5b091142d4c24779e4d245e7c6fdd2d6ffa8844072191  845f79bbc29a95
ssdeep: 384:3IQqVn6HBCS6O+wpnOrYAGU9s8ubvbS0l:4L6hCbJwphAb  7uv
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...a95-1254092076

----------


## valho

File hdd7.exe received on 2009.09.29 10:55:36 (UTC)
Current status: finished
Result: 14/41 (34.15%)



> a-squared 	4.5.0.24 	2009.09.29 	-
> AhnLab-V3 	5.0.0.2 	2009.09.29 	-
> *AntiVir 	7.9.1.27 	2009.09.29 	HEUR/Malware*
> Antiy-AVL 	2.0.3.7 	2009.09.29 	-
> Authentium 	5.1.2.4 	2009.09.29 	-
> Avast 	4.8.1351.0 	2009.09.28 	-
> *AVG 	8.5.0.412 	2009.09.29 	Agent.DD*
> *BitDefender 	7.2 	2009.09.29 	MemScan:Trojan.Krotten.B*
> *CAT-QuickHeal 	10.00 	2009.09.29 	(Suspicious) - DNAScan*
> ...


Additional information
File size: 33451 bytes
MD5   : b8eb1b852d4917006d204d1d4b7bf56a
SHA1  : 0cfbb0e36b5ee13423d0db8f3e19630c8c17e961
SHA256: 24ecfe3dee189a7603094646503e21cdf40a13ecce0ef8aa64  17ac7c6d9d14c4
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5B2D
timedatestamp.....: 0x40715C58 (Mon Apr 5 15:17:12 2004)
machinetype.......: 0x14C (Intel I386)

----------


## Erekle

Файл bcjhokdt_1_.png получен 2009.09.30 21:35:01 (UTC)
Результат: 9/41 (21.95%)



> a-squared 4.5.0.24 2009.09.30 - 
> AhnLab-V3 5.0.0.2 2009.09.30 - 
> *AntiVir 7.9.1.27 2009.09.30 HEUR/Crypted.E* 
> Antiy-AVL 2.0.3.7 2009.09.30 - 
> *Authentium 5.1.2.4 2009.09.30 W32/Damaged_File.gen!Eldorado* 
> Avast 4.8.1351.0 2009.09.30 - 
> *AVG 8.5.0.412 2009.09.30 Worm/Downadup* 
> BitDefender 7.2 2009.09.30 - 
> *CAT-QuickHeal 10.00 2009.09.30 (Suspicious) - DNAScan* 
> ...


Дополнительная информация 
File size: 26280 bytes 
MD5 : 51f57ced03783f80656104cad1b76806 
SHA1 : 791a074670e07ed2ffc8a77888ca214b32a45538 
SHA256: b5e3017218f85ec4224f2a4007bf73093b95c2b92448a99bbe  e8cce29ed4ea32 

http://www.virustotal.com/ru/analisi...a32-1254346501

(таких недоношенных было несколько, начиная с размера 2 кб. Во всех случаях результат такой же)
_______________

Файл jwgkvsq.vmx получен 2009.09.16 15:45:39 (UTC)
Результат: 39/41 (95.12%)



> *a-squared 4.5.0.24 2009.09.16 Net-Worm.Win32.Kido!IK* 
> *AhnLab-V3 5.0.0.2 2009.09.16 Win32/Conficker.worm.Gen* 
> *AntiVir 7.9.1.18 2009.09.16 TR/Dropper.Gen* 
> *Antiy-AVL 2.0.3.7 2009.09.16 Worm/Win32.Kido.gen* 
> *Authentium 5.1.2.4 2009.09.16 W32/Conficker!Generic* 
> *Avast 4.8.1351.0 2009.09.15 Win32:Rootkit-gen* 
> *AVG 8.5.0.412 2009.09.16 Worm/Downadup* 
> *BitDefender 7.2 2009.09.16 Application.Generic.204330* 
> *CAT-QuickHeal 10.00 2009.09.16 Win32.Net-Worm.Kido.ih.3.Pack* 
> ...


Дополнительная информация 
File size: 156520 bytes 
MD5 : b420138b88eda83a51fea5298f72864a 
SHA1 : 0e644fc39a287e6f020ede6d6c9dd708b1a871ba 
SHA256: 8fe51a999ce37b2d8996b7021223cbbcbd35f6e7b151766d6a  2ce4592f13fa3a 
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x18A10
timedatestamp.....: 0x4383FABD (Wed Nov 23 06:14:37 2005)
machinetype.......: 0x14C (Intel I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x5000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x6000 0x13000 0x12C00 7.80 0493f6c2743b9faa3098674b6fc4b0bc
UPX2 0x19000 0x1000 0x200 3.68 13eaee584ec79764c7625b66ea5dc07e
( 0 imports )
( 0 exports ) 
TrID : File type identification
UPX compressed Win32 Executable (38.5%)
Win32 EXE Yoda's Crypter (33.5%)
Win32 Executable Generic (10.7%)
Win32 Dynamic Link Library (generic) (9.5%)
Clipper DOS Executable (2.5%) 
ssdeep: 3072:w197n3Hrj6erceHy69fjcNUoQ+1Fcz755g:w11XruWL9f  jcN31Mt5g 
Prevx Info: http://info.prevx.com/aboutprogramte...12420087CAF4B4 
PEiD : - 
packers (Kaspersky): PE_Patch.UPX, UPX 
packers (F-Prot): UPX 
packers (Authentium): UPX 
RDS : NSRL Reference Data Set
- 

http://www.virustotal.com/ru/analisi...a3a-1253115939

_______________

Файл aaa.bin (autorun.inf) получен 2009.09.13 11:33:44 (UTC)
Результат: 24/41 (58.54%)



> *a-squared 4.5.0.24 2009.09.13 Worm.Win32.Conficker!IK* 
> AhnLab-V3 5.0.0.2 2009.09.13 - 
> *AntiVir 7.9.1.14 2009.09.11 TR/Autorun.59288* 
> Antiy-AVL 2.0.3.7 2009.09.11 - 
> Authentium 5.1.2.4 2009.09.12 - 
> *Avast 4.8.1351.0 2009.09.12 BV:AutoRun-S* 
> *AVG 8.5.0.412 2009.09.13 Worm/Generic_c.ZW* 
> *BitDefender 7.2 2009.09.13 Worm.Autorun.VHG* 
> CAT-QuickHeal 10.00 2009.09.12 - 
> ...


Дополнительная информация 
File size: 59288 bytes 
MD5 : 06d8fb2498d84cae5f96c281685b2e73 
SHA1 : 8d91ceca90353aa644a7ff538fd75f0906d24027 
SHA256: fc1ea07f84e1d19fecb1bb2bf7779729700817f4d7483b779e  8a567c3826c552 
TrID : File type identification
Text - UTF-16 (LE) encoded (66.6%)
MP3 audio (33.3%) 

http://www.virustotal.com/ru/analisi...552-1252841624

----------


## Shu_b

Очередные промежуточные итоги народного тестирования август-сентябрь:

----------


## senyak

Файл 335i.exe получен 2009.10.07 18:00:31 (UTC)
Текущий статус: закончено
Результат: 4/41 (9.76%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.41	2009.10.07	-
> AhnLab-V3	5.0.0.2	2009.10.07	-
> AntiVir	7.9.1.33	2009.10.07	-
> Antiy-AVL	2.0.3.7	2009.10.05	-
> *Authentium	5.1.2.4	2009.10.07	W32/Heuristic-CO2!Eldorado*
> Avast	4.8.1351.0	2009.10.07	-
> AVG	8.5.0.420	2009.10.04	-
> BitDefender	7.2	2009.10.07	-
> ...


Дополнительная информация
File size: 18719 bytes
MD5...: 5d39807ff1a214527e72bad58bed96a7
SHA1..: b7570ccf8585a883fc8d74a8c5325d6a3c1199d8
SHA256: 18c8ffbbef424d4ba1479934207cdd19ac0aa94b9b583615cd  e061ed93750994
ssdeep: 384:lRXdYOzLpWTFByV2q7G2iq4vxD6tOLDNshjSQpnjdZYK5Z  :LdTPpWTFBy232
gvxut8ehjSQF0Y
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...994-1254938431




Файл cash.exe получен 2009.10.07 18:00:46 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.2%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.41	2009.10.07	-
> AhnLab-V3	5.0.0.2	2009.10.07	-
> AntiVir	7.9.1.33	2009.10.07	-
> Antiy-AVL	2.0.3.7	2009.10.05	-
> Authentium	5.1.2.4	2009.10.07	-
> Avast	4.8.1351.0	2009.10.07	-
> AVG	8.5.0.420	2009.10.04	-
> BitDefender	7.2	2009.10.07	-
> ...


Дополнительная информация
File size: 8461 bytes
MD5...: 29cfa8608161ac24347cd83e23ef72c9
SHA1..: 91ff2074a642685f8085267211abb03ee32002d6
SHA256: afba36cb7d9892abec5bce9a86dc2284375138db95f2cf6902  5b718c88b2ad8a
ssdeep: 192:llu8Vli7Q979IRhkReomuh/girdcrHaMc4KgWzP8:NVoYI781bRczNc4KgWz
k
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...d8a-1254938446




Файл loader_ok.exe получен 2009.10.07 18:01:26 (UTC)
Текущий статус: закончено
Результат: 14/41 (34.15%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.41	2009.10.07	Trojan.Win32.Buzus!IK*
> AhnLab-V3	5.0.0.2	2009.10.07	-
> *AntiVir	7.9.1.33	2009.10.07	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2009.10.05	-
> Authentium	5.1.2.4	2009.10.07	-
> Avast	4.8.1351.0	2009.10.07	-
> AVG	8.5.0.420	2009.10.04	-
> *BitDefender	7.2	2009.10.07	Trojan.Generic.2506315*
> ...


Дополнительная информация
File size: 30376 bytes
MD5...: d2f6c8fd38d52e0a35feb8fa5458a1fb
SHA1..: 43a739689ba0924d8b07b9cb75622516ea1d0173
SHA256: 8917d305241eb3c6a09521b53fbaf16e455399c5d909763b24  d19bc847996e48
ssdeep: 384:3OWWMUJE8c7ocqpOHT9gseyyWHFhzXXA/YXFX6Y3/Vv124MFD+bJqFRGkwVM
L20:+o8cU3pOHT9gseyDHj13JGy9+4t70
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...e48-1254938486




Файл pool.exe получен 2009.10.07 18:04:32 (UTC)
Текущий статус: закончено
Результат: 8/41 (19.52%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.41	2009.10.07	-
> AhnLab-V3	5.0.0.2	2009.10.07	-
> *AntiVir	7.9.1.33	2009.10.07	HEUR/Crypted*
> Antiy-AVL	2.0.3.7	2009.10.05	-
> *Authentium	5.1.2.4	2009.10.07	W32/Damaged_File.gen!Eldorado*
> Avast	4.8.1351.0	2009.10.07	-
> AVG	8.5.0.420	2009.10.04	-
> BitDefender	7.2	2009.10.07	-
> ...


Дополнительная информация
File size: 43516 bytes
MD5...: b5ef2527f951dd23b7100ecae8977499
SHA1..: f240f517c00a22414a7fc6442eeeef5c7ae92e61
SHA256: f554faa19dbb5bd19265e5e5241668bbceb77c995aa46e865d  032fda69f823d9
ssdeep: 768:FzhxJerC5NCROFt5A7P3+I74cxjMRlNT+6STfpOlsI+bIe  U5ZHXeBc3Nq:Vc
0YO3WJM8YRf7SzpOTuIl36f
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...3d9-1254938672




Файл WebSetup_05.10.09.exe получен 2009.10.07 18:05:04 (UTC)
Текущий статус: закончено
Результат: 6/41 (14.63%)



> Антивирус 	Версия 	Обновление 	Результат
> a-squared 	4.5.0.41 	2009.10.07 	-
> AhnLab-V3 	5.0.0.2 	2009.10.07 	-
> AntiVir 	7.9.1.33 	2009.10.07 	-
> Antiy-AVL 	2.0.3.7 	2009.10.05 	-
> *Authentium 	5.1.2.4 	2009.10.07 	W32/Damaged_File.gen!Eldorado*
> Avast 	4.8.1351.0 	2009.10.07 	-
> AVG 	8.5.0.420 	2009.10.04 	-
> BitDefender 	7.2 	2009.10.07 	-
> ...


Дополнительная информация
File size: 62503 bytes
MD5   : d463af82d266d494901878db47194ed6
SHA1  : c58745d57ed3131d39b1ab67f23e8338e0ba97f8
SHA256: c48362749679ead6dc4274eeb10b939bde5ff7be7e661f42a4  56fb0c00db19e9
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...9e9-1254938704

----------


## Шапельский Александр

C:\WINNT\system32\drivers\rk_remover.sys
Файл rk_remover.sys получен 2009.09.21 12:41:19 (UTC)
                 Текущий статус:                 закончено   
 Результат: 19/41 (46.34%)



> Антивирус     Версия            Обновление  Результат
> *a-squared        4.5.0.24           2009.09.21      Gen.Rootkit!IK*
>   AhnLab-V3     5.0.0.2             2009.09.19      -
> *AntiVir             7.9.1.19           2009.09.21      TR/Crypt.XPACK.Gen*
>   Antiy-AVL      2.0.3.7             2009.09.21      -
>   Authentium       5.1.2.4             2009.09.21      -
> *Avast               4.8.1351.0       2009.09.20      Win32:Rootkit-gen
>   AVG                8.5.0.412         2009.09.21      Win32/Patched
>   BitDefender     7.2                   2009.09.21     Gen:[email protected]
> ...


Дополнительная информация   File size: 548352 bytes   MD5   : 7150d019e8a36511f7f5040fb4d5b91b   SHA1  : c6bb031bc88eecfec5587f3c7e2329a5e9aa877c   SHA256: 5688ab1b9fb7a2918478d0df02f94fc3a0aec1511b794c0b49  568d4ec1a7ae9b   PEInfo: PE Structure information
http://www.virustotal.com/ru/analisi...e9b-1253536879

----------


## valho

File Rave2ins.exe received on 2009.10.08 14:18:28 (UTC)
Current status: finished
Result: 5/41 (12.2%)



> *a-squared	4.5.0.41	2009.10.08	Trojan-Dropper!IK*
> AhnLab-V3	5.0.0.2	2009.10.08	-
> *AntiVir	7.9.1.35	2009.10.08	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2009.10.05	-
> Authentium	5.1.2.4	2009.10.08	-
> Avast	4.8.1351.0	2009.10.07	-
> AVG	8.5.0.420	2009.10.04	-
> BitDefender	7.2	2009.10.08	-
> CAT-QuickHeal	10.00	2009.10.08	-
> ...


Additional information
File size: 438272 bytes
MD5...: b7f9cf6c149415ce2af368969c69896e
SHA1..: ea16bd8cbcb2b5c713c9061f4130102eed0939c6
SHA256: 689d6c944747e9507cd43425d55bae0a886f08069d7bfa8e8c  72d97caa00f4c5
ssdeep: 6144:6jnYTVXWrMhME83+UU79HvuwYGtLO0rD6gWBcmRaaN56T  6cU1hJIG8:TpGr
M8iv9lYq9kR9lrq
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1070
timedatestamp.....: 0x39deb497 (Sat Oct 07 05:28:55 2000)
machinetype.......: 0x14c (I386)
http://info.prevx.com/aboutprogramte...9781009FC60FCF

----------


## senyak

Файл fotka.jar получен 2009.10.09 21:57:59 (UTC)
Текущий статус: закончено
Результат: 10/41 (24.4%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.41	2009.10.09	-
> AhnLab-V3	5.0.0.2	2009.10.09	-
> *AntiVir	7.9.1.35	2009.10.09	JAVA/SMS.J2ME.Age.D
> Antiy-AVL	2.0.3.7	2009.10.09	Trojan/J2ME.Agent*
> Authentium	5.1.2.4	2009.10.09	-
> Avast	4.8.1351.0	2009.10.09	-
> AVG	8.5.0.420	2009.10.04	-
> BitDefender	7.2	2009.10.09	-
> ...


Дополнительная информация
File size: 68433 bytes
MD5...: e554f42a409a271276a7d3979d1005ba
SHA1..: 85595d63cb0a8520f9ca94f4d1f2dec12cda002a
SHA256: 9e5d6eae0bdb601a2968426a6c8483d95aa2b00644fce24e0e  94cb5a4533a6db
ssdeep: 1536:Abx4kPpu0pEU3/4+vat5OATBgM4bPxhRL+ngk5NS+uxo/4qNpaW5MBC:I4k
Ppu0aU3/47O7BbPnRLf+iy4qNX8C
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...6db-1255125479

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## senyak

Файл foto19.scr получен 2009.10.11 16:16:35 (UTC)
Текущий статус: закончено
Результат: 7/41 (17.08%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.41	2009.10.11	-
> AhnLab-V3	5.0.0.2	2009.10.10	-
> AntiVir	7.9.1.35	2009.10.09	-
> Antiy-AVL	2.0.3.7	2009.10.10	-
> Authentium	5.1.2.4	2009.10.10	-
> Avast	4.8.1351.0	2009.10.11	-
> AVG	8.5.0.420	2009.10.04	-
> BitDefender	7.2	2009.10.11	-
> ...


Дополнительная информация
File size: 129024 bytes
MD5...: a80a1c4d7e963eba8be0dd26b957e82a
SHA1..: 7a69df7565f025dc67da0f96d23a9a5e057af014
SHA256: 409932c2ddaaae71291e7b217efe0e13737afda751caf772a3  a233fff8bd2e13
ssdeep: 3072 :Lipsrsealed: AMcJwSbbdCHrAplEhqOGdabf8/bLBz6OK:Q9JRbbdCHrAjEsjar8bZY
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...e13-1255277795

----------


## valho

File microsoft_09.exe received on 2009.10.12 05:04:35 (UTC)
Current status: finished
Result: 26/41 (63.42%)



> *a-squared	4.5.0.41	2009.10.12	Trojan.Win32.VBKrypt!IK*
> AhnLab-V3	5.0.0.2	2009.10.10	-
> *AntiVir	7.9.1.35	2009.10.09	TR/Dropper.Gen*
> *Antiy-AVL	2.0.3.7	2009.10.10	Trojan/Win32.VBKrypt.gen*
> *Authentium	5.1.2.4	2009.10.11	W32/Trojan2.ITIE*
> Avast	4.8.1351.0	2009.10.11	-
> *AVG	8.5.0.420	2009.10.04	BackDoor.Generic11.AQWT*
> *BitDefender	7.2	2009.10.12	Trojan.Generic.2451422*
> *CAT-QuickHeal	10.00	2009.10.10	Trojan.VBKrypt.m*
> ...


Additional information
File size: 237568 bytes
MD5...: 267ed1355b82d9154116f552c89662bc
SHA1..: 75ed9a24f3e90c597b29190e7762efc333f87646
SHA256: bb92636a210c31b599386bf50caadf2e5dc1706926469dfe98  d72eae213d0c76
ssdeep: 3072:nedwhZSPMlKICIwq2yNiNfgu+Sv4aDID015OZhln:edwh  YMoX9EiNfV4aUK
5UV
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x13d4
timedatestamp.....: 0x4aaa784a (Fri Sep 11 16:18:18 2009)
machinetype.......: 0x14c (I386)
http://www.virustotal.com/analisis/b...c76-1255323875
http://info.prevx.com/aboutprogramte...238F00A086C7B9

----------


## Winsent

> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.41	2009.10.12	-
> *AhnLab-V3	5.0.0.2	2009.10.12	PDF/Shellcode*
> AntiVir	7.9.1.35	2009.10.12	-
> Antiy-AVL	2.0.3.7	2009.10.12	-
> Authentium	5.1.2.4	2009.10.12	-
> *Avast	4.8.1351.0	2009.10.11	JSdfka-RV*
> AVG	8.5.0.420	2009.10.12	-
> *BitDefender	7.2	2009.10.12	Exploit.PDF-JS.Gen*
> ...


Дополнительная информация
File size: 7808 bytes
MD5...: 1449c9e39a4346ea521b2a372212fc15
SHA1..: b3e55a18f036d99e4a19903a0a9cb99ad758b597
SHA256: 3be60a2279c93679ab3e1fa96a59079f9dc81838c95fd4d78f  4da911f34e6527
ssdeep: 192:4eH18/e/nrJjNZkZL+OyqmVGrF/hDFwkxBZgRKzzgvLCYfTtt0mWtg:4eH18<BR>/e/nrJj7Cq9g/hDGcBGRAkLLtt/<BR>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<BR>-
pdfid.: PDF Header: %PDF-1.4<BR>obj 10<BR>endobj 10<BR>stream 2<BR>endstream 2<BR>xref 1<BR>trailer 1<BR>startxref 1<BR>/Page 1<BR>/Encrypt 0<BR>/ObjStm 0<BR>/JS 1<BR>/JavaScript 2<BR>/AA 0<BR>/OpenAction 0<BR>/JBIG2Decode 0<BR>
trid..: Adobe Portable Document Format (100.0%)
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>






> Антивирус	Версия	Обновление	Результат
> 
> a-squared	4.5.0.41	2009.10.12	-
> *AhnLab-V3	5.0.0.2	2009.10.12	PDF/Shellcode*
> AntiVir	7.9.1.35	2009.10.12	-
> Antiy-AVL	2.0.3.7	2009.10.12	-
> Authentium	5.1.2.4	2009.10.12	-
> *Avast	4.8.1351.0	2009.10.11	JSdfka-RV*
> AVG	8.5.0.420	2009.10.12	-
> ...


Дополнительная информация
File size: 7810 bytes
MD5...: b8de004857943f72a0675a602f40dcc5
SHA1..: fa45ee5a597bdc5541b09345d1b938559db34ee2
SHA256: 46c7350ed790e88fa60f2127aedf8d980add00c5ce84b6f75f  88b8666dbcb07e
ssdeep: 192:4eH18/e/nycXHq/tLy03rkYK3frHTkmzjSUfx5E/taRWtg:4eH18/e/nycXH<BR>q/x3QYOnfTx50taRWu<BR>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<BR>-
pdfid.: PDF Header: %PDF-1.4<BR>obj 10<BR>endobj 10<BR>stream 2<BR>endstream 2<BR>xref 1<BR>trailer 1<BR>startxref 1<BR>/Page 1<BR>/Encrypt 0<BR>/ObjStm 0<BR>/JS 1<BR>/JavaScript 2<BR>/AA 0<BR>/OpenAction 0<BR>/JBIG2Decode 0<BR>
trid..: Adobe Portable Document Format (100.0%)
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>






> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.41	2009.10.12	-
> *AhnLab-V3	5.0.0.2	2009.10.12	PDF/Shellcode*
> AntiVir	7.9.1.35	2009.10.12	-
> Antiy-AVL	2.0.3.7	2009.10.12	-
> Authentium	5.1.2.4	2009.10.12	-
> *Avast	4.8.1351.0	2009.10.11	JSdfka-RV*
> AVG	8.5.0.420	2009.10.12	-
> *BitDefender	7.2	2009.10.12	Exploit.PDF-JS.Gen*
> ...


Дополнительная информация
File size: 7698 bytes
MD5...: c04e45516464e83bdd396aa0318e269d
SHA1..: feef09133a61df0a7b4bf9dc7d5f133b65da7e11
SHA256: 9b0f9abf7b341a7f6cd8fb5ebcd093989f5d9e0b65aa161e74  9e7d2c167624a5
ssdeep: 192:4eH18/e/nyIWHrjng8+hW6OEYqtNqB3M2sjcTtGVPzWtg:4eH18/e/ny7Hrj<BR>QW6HYqjqi2sjcTtGtf<BR>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<BR>-
pdfid.: PDF Header: %PDF-1.4<BR>obj 10<BR>endobj 10<BR>stream 2<BR>endstream 2<BR>xref 1<BR>trailer 1<BR>startxref 1<BR>/Page 1<BR>/Encrypt 0<BR>/ObjStm 0<BR>/JS 1<BR>/JavaScript 2<BR>/AA 0<BR>/OpenAction 0<BR>/JBIG2Decode 0<BR>
trid..: Adobe Portable Document Format (100.0%)
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>

----------


## senyak

Файл ujfgxy.dat получен 2009.10.16 15:55:16 (UTC)
Текущий статус: закончено
Результат: 20/41 (48.79%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.41	2009.10.16	Trojan.Delf!IK
> AhnLab-V3	5.0.0.2	2009.10.16	Win-Trojan/Xema.18432.Z
> AntiVir	7.9.1.35	2009.10.16	TR/Delf.pgk*
> Antiy-AVL	2.0.3.7	2009.10.16	-
> Authentium	5.1.2.4	2009.10.16	-
> Avast	4.8.1351.0	2009.10.14	-
> *AVG	8.5.0.420	2009.10.16	Downloader.Generic_c.AUP
> BitDefender	7.2	2009.10.16	Trojan.Generic.2528919
> ...


Дополнительная информация
File size: 18432 bytes
MD5...: 64c317ccb40edce19d22aceb6787e22e
SHA1..: 4217013409f28245fb72be9cb52a364577074d9f
SHA256: 5b5db9308907c67bf12d35481ed06eeb6530255d36acf9b7a6  92734198560648
ssdeep: 384:UAFO6S4tmNev1Jg5t29kJPelH3rPQclzUls6HaUSkihAS8  jasv:UbH4tqeDs
JP43r9Ym6HUAjas
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...648-1255708516

----------


## senyak

Файл Webmoney.exe получен 2009.10.18 18:59:05 (UTC)
Текущий статус: закончено
Результат: 7/41 (17.08%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.41	2009.10.18	-
> AhnLab-V3	5.0.0.2	2009.10.17	-
> *AntiVir	7.9.1.35	2009.10.16	HEUR/HTML.Malware*
> Antiy-AVL	2.0.3.7	2009.10.16	-
> Authentium	5.1.2.4	2009.10.18	-
> Avast	4.8.1351.0	2009.10.17	-
> AVG	8.5.0.420	2009.10.18	-
> *BitDefender	7.2	2009.10.18	Trojan.Script.3101*
> ...


Дополнительная информация
File size: 1265614 bytes
MD5...: c28c63545000a22eee2a14d2826349b7
SHA1..: e5355bd3e8bdbd928957731ddaa65c5f601ec3bb
SHA256: 5044b2b41dfd69b0e6b01ace93172a24afac02614e8786776a  e27f8c1d503f50
ssdeep: 24576:/8KK55ACAVysKDDHCuoSuei6sZdmEWOlao5oEd8bKNrmY0GW:/8MjAsKDD
H+SuR6sWZss3K1mY7W
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...f50-1255892345

----------


## valho

Не поверил своим глазам когда встретил  :Smiley: 
Файл IsUninst.exe получен 2009.10.20 12:09:29 (UTC)
Текущий статус: закончено
Результат: 17/40 (42.50%)



> *a-squared 	4.5.0.41 	2009.10.20 	Trojan.Win9x.FlashKiller!IK*
> AhnLab-V3 	5.0.0.2 	2009.10.20 	-
> *AntiVir 	7.9.1.35 	2009.10.20 	TR/FlashKiller.C*
> Antiy-AVL 	2.0.3.7 	2009.10.20 	-
> Authentium 	5.1.2.4 	2009.10.20 	-
> *Avast 	4.8.1351.0 	2009.10.19 	Win32:CIH-C*
> AVG 	8.5.0.420 	2009.10.20 	-
> *BitDefender 	7.2 	2009.10.20 	Trojan.Generic.IS.559512*
> CAT-QuickHeal 	10.00 	2009.10.20 	-
> ...


Дополнительная информация
File size: 315904 bytes
MD5   : 65b2b4b83be0d4a0c29ec4815162be47
SHA1  : 89f7f8867fe1ba69df051fc736a425b3a8c6155a
SHA256: 3cf54a70a2f3be6c9a67cfeb2c14e823fa0e41ba7641f75372  566462a6eb8f91
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1AF40
timedatestamp.....: 0x34030D18 (Tue Aug 26 19:06:32 1997)
machinetype.......: 0x14C (Intel I386)

----------


## Surfer

File image.php received on 2009.10.21 10:44:16 (UTC)
Result: 1/41 (2.44%)




> a-squared 	4.5.0.41 	2009.10.21 	-
> AhnLab-V3 	5.0.0.2 	2009.10.20 	-
> AntiVir 	7.9.1.42 	2009.10.21 	-
> Antiy-AVL 	2.0.3.7 	2009.10.21 	-
> Authentium 	5.1.2.4 	2009.10.21 	-
> Avast 	4.8.1351.0 	2009.10.20 	-
> AVG 	8.5.0.420 	2009.10.20 	-
> BitDefender 	7.2 	2009.10.21 	-
> CAT-QuickHeal 	10.00 	2009.10.21 	-
> ...


http://www.virustotal.com/analisis/e...3cb-1256121856

----------


## ALEX(XX)

Файл JimmPremium.jar получен 2009.10.21 17:35:25 (UTC)



```
Антивирус	Версия	Обновление	Результат
a-squared	4.5.0.41	2009.10.21	-
AhnLab-V3	5.0.0.2	2009.10.21	-
AntiVir	7.9.1.42	2009.10.21	JAVA/SMS.J2ME.Kon.I
Antiy-AVL	2.0.3.7	2009.10.21	Trojan/J2ME.Konov
Authentium	5.1.2.4	2009.10.21	-
Avast	4.8.1351.0	2009.10.20	Other:Malware-gen
AVG	8.5.0.420	2009.10.20	-
BitDefender	7.2	2009.10.21	-
CAT-QuickHeal	10.00	2009.10.21	-
ClamAV	0.94.1	2009.10.21	-
Comodo	2680	2009.10.21	TrojWare.J2ME.SMS.Konov.i
DrWeb	5.0.0.12182	2009.10.21	Java.SMSSend.51
eSafe	7.0.17.0	2009.10.21	-
eTrust-Vet	35.1.7077	2009.10.21	Java/SMSTroj
F-Prot	4.5.1.85	2009.10.21	-
F-Secure	9.0.15300.0	2009.10.20	-
Fortinet	3.120.0.0	2009.10.21	-
GData	19	2009.10.21	Other:Malware-gen
Ikarus	T3.1.1.72.0	2009.10.21	Trojan-SMS
Jiangmin	11.0.800	2009.10.21	-
K7AntiVirus	7.10.876	2009.10.21	-
Kaspersky	7.0.0.125	2009.10.21	Trojan-SMS.J2ME.Konov.i
McAfee	5778	2009.10.21	-
McAfee+Artemis	5778	2009.10.21	-
McAfee-GW-Edition	6.8.5	2009.10.21	Java.SMS.J2ME.Kon.I
Microsoft	1.5101	2009.10.21	-
NOD32	4530	2009.10.21	J2ME/TrojanSMS.Konov.I
Norman	6.03.02	2009.10.21	-
nProtect	2009.1.8.0	2009.10.21	-
Panda	10.0.2.2	2009.10.20	-
PCTools	4.4.2.0	2009.10.19	-
Prevx	3.0	2009.10.21	-
Rising	21.52.24.00	2009.10.21	-
Sophos	4.46.0	2009.10.21	-
Sunbelt	3.2.1858.2	2009.10.21	-
Symantec	1.4.4.12	2009.10.21	Trojan Horse
TheHacker	6.5.0.2.049	2009.10.20	-
TrendMicro	8.950.0.1094	2009.10.21	-
VBA32	3.12.10.11	2009.10.20	Java.SMSSend.51
ViRobot	2009.10.21.1999	2009.10.21	-
VirusBuster	4.6.5.0	2009.10.21	-

Дополнительная информация
File size: 165863 bytes
MD5...: dde3f1a5801a53782170e98d09de6d82
SHA1..: c60062b8e19d0d16da1d04fc2e50d06755835c71
SHA256: a2c659a1d2e18a47202de8ba21a7cfe6c089fe448de54925cddda038d40329cb
ssdeep: 3072:O6br4V4QrVYwF3wz/5OGER8EBBucamPMZPAn9lSEZnO4vpkNwdYWPoldFPh<BR>tioah:O6KbVwz/5OlW8gcamP8PAn6aO4vWNwdF<BR>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
trid..: Java Archive (78.3%)<BR>ZIP compressed archive (21.6%)
```

----------


## Winsent

> Антивирус Версия Обновление Результат 
> 
> a-squared 4.5.0.41 2009.10.22 - 
> AhnLab-V3 5.0.0.2 2009.10.22 - 
> AntiVir 7.9.1.44 2009.10.22 - 
> Antiy-AVL 2.0.3.7 2009.10.22 - 
> *Authentium 5.1.2.4 2009.10.22 W32/FakeAlert.CO.gen!Eldorado* 
> Avast 4.8.1351.0 2009.10.21 - 
> AVG 8.5.0.423 2009.10.22 - 
> ...


Дополнительная информация 
File size: 80896 bytes 
MD5...: ed9c199c93477c3409bc59cf0406d990 
SHA1..: 17fc4d4c9a417f85b0d56946d0b410482b5271ce 
SHA256: b5eb7d5528efb6d097407018804f92cd391122189a8acfaf08  b557309511a1d6 
ssdeep: 768:ir7M+i+4s+rMZBXUeAqb5pk6wI/RDw4pVCugE1rUKZLQzr54+5DS/sIclVF1
/7EM:bwKe1g5e/sIcfH3iWejp2TDH

PEiD..: - 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x149e
timedatestamp.....: 0x45be331c (Mon Jan 29 17:47:08 2007)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.437b 0x1000 0x70ff 0x7200 1.39 c8b8d16bd9a5ccb28bec86d8f5516528
.db14 0x9000 0x16d1 0x1800 3.63 552d02418a8d8983529f50fe782bc237
.d1644 0xb000 0x6306e 0xa200 6.55 941f194ab102607226676de5f057e672
.h8hh 0x6f000 0x54c 0x600 3.24 5aa50c373db967e833d4aa85000203f4
.rsrc 0x70000 0x51b 0x600 4.25 6fb0ec0e9b273a2ca256e0880749da5e

( 3 imports ) 
> kernel32.dll: FormatMessageA, WriteFile, CopyFileExA, GlobalFree, DeleteFileA, GetFileTime, CompareStringA, HeapAlloc, FindClose, FlushFileBuffers, GetFileType, lstrlenA, ExitProcess, GetStdHandle, GetCommandLineA, HeapFree, OpenFile, ReadFile, CopyFileA, GetLastError
> user32.dll: CopyRect, DrawTextW, GetDlgItem, IsWindow, CopyImage, DrawIcon
> advapi32.dll: RegCreateKeyA, RegFlushKey, RegOpenKeyExW, RegGetKeySecurity, RegEnumKeyExA, RegDeleteKeyW

( 0 exports ) 

RDS...: NSRL Reference Data Set
- 
pdfid.: - 
trid..: Win32 Executable Generic (35.2%)
Win32 Dynamic Link Library (generic) (31.3%)
Win16/32 Executable Delphi generic (8.5%)
Clipper DOS Executable (8.3%)
Generic Win/DOS Executable (8.2%) 
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned






> Антивирус Версия Обновление Результат 
> 
> a-squared 4.5.0.41 2009.10.22 - 
> AhnLab-V3 5.0.0.2 2009.10.22 - 
> AntiVir 7.9.1.44 2009.10.22 - 
> Antiy-AVL 2.0.3.7 2009.10.22 - 
> *Authentium 5.1.2.4 2009.10.22 HTML/IFrame.A* 
> Avast 4.8.1351.0 2009.10.21 - 
> AVG 8.5.0.423 2009.10.22 - 
> ...


Дополнительная информация 
File size: 841 bytes 
MD5...: 0f22408b0bfc1be21b2454f6904cb733 
SHA1..: 609cccc6ace4e01a0bf42c47353c1c7a0a19a0df 
SHA256: 043309a626d6837f4539274e57645fdb67d4520a85dce77502  faf93580d32997 
ssdeep: 24:7Vt4ecUqYvDQlRHWvDQRHut4ecUhyiQrHt/rHtVrHjlMa:7ceGYvMRHWvsRHb
enMHtDHtRH6a

PEiD..: - 
PEInfo: - 
RDS...: NSRL Reference Data Set
- 
pdfid.: - 
trid..: Unknown! 
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

----------


## senyak

Файл updater.exe получен 2009.10.24 11:16:12 (UTC)
Текущий статус: закончено
Результат: 17/41 (41.47%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.41	2009.10.24	Trojan.Win32.Orsam!IK
> AhnLab-V3	5.0.0.2	2009.10.23	Dropper/Agent.1257984
> AntiVir	7.9.1.44	2009.10.23	HEUR/Malware*
> Antiy-AVL	2.0.3.7	2009.10.23	-
> Authentium	5.1.2.4	2009.10.24	-
> *Avast	4.8.1351.0	2009.10.24	Win32:Trojan-gen
> AVG	8.5.0.423	2009.10.24	Dropper.Agent.OGY
> BitDefender	7.2	2009.10.24	Trojan.Generic.2571298*
> ...


Дополнительная информация
File size: 1259639 bytes
MD5...: 3ebff9fe6b06071e16696b69a0e27302
SHA1..: 195219725c7ca4a0e51d6dcfde30cac89f76f1fb
SHA256: cd5444b675372d63b5dc2cc184d6375b46e52e1969346e4dd2  01b95fe3998b3d
ssdeep: 24576:6DBNF57Y08KGW5cKISXj4ySTK0SFewDg1jm0zoV+rKU1  mXWs:6DD7/crTK
RcOWs
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...b3d-1256382972

----------


## Winsent

> Антивирус Версия Обновление Результат 
> 
> a-squared 4.5.0.41 2009.10.25 - 
> AhnLab-V3 5.0.0.2 2009.10.23 - 
> AntiVir 7.9.1.44 2009.10.23 - 
> Antiy-AVL 2.0.3.7 2009.10.23 - 
> Authentium 5.1.2.4 2009.10.24 - 
> Avast 4.8.1351.0 2009.10.25 - 
> AVG 8.5.0.423 2009.10.24 - 
> ...


Дополнительная информация 
File size: 178688 bytes 
MD5...: 4e684c60f21cb796943d501a9cda67bd 
SHA1..: e23140c807acfad66cf378131d9ee7f200e691c9 
SHA256: 28085b0dccc3fbfa8fcb00180dc0be097333981e90cad8ff80  00f066bd3bd85d 
ssdeep: 3072:4d2kTgmIRRZgSoIEr5JngwCx9KF5Y5ufCwlWz2W:4d2og  mI+KErzgwCujY4
YiW

PEiD..: - 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x8066
timedatestamp.....: 0x4607087c (Sun Mar 25 23:40:44 2007)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x80d2 0x8200 2.54 62faec7af3191b4ba7de8060cb301630
DATA 0xa000 0x1707 0x1800 0.02 16feccaa941b4e9d554092507650501b
.edata 0xc000 0x16cc 0x1800 4.23 84db58bfa5f869f4fda0b53f04807ad4
.data 0xe000 0x402fc2 0x1d000 7.30 f550e4c35c4f468a42eaf3060a8744bf
.idata 0x411000 0x158b 0x1600 4.71 6a80ab80f6eacee96f81541b04062734
.init 0x413000 0x99 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rdata 0x414000 0xa18 0xc00 0.05 6b2cf1a0faa21ba31b10aaa25a895637
.rsrc 0x415000 0xe97 0x1000 5.74 253ea0c3c1fd10eb8267f0a5da9e62d3

( 0 imports ) 

( 0 exports ) 

RDS...: NSRL Reference Data Set
- 
pdfid.: - 
trid..: Win32 Executable Generic (35.2%)
Win32 Dynamic Link Library (generic) (31.3%)
Win16/32 Executable Delphi generic (8.5%)
Clipper DOS Executable (8.3%)
Generic Win/DOS Executable (8.2%) 
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=4e684c60f21cb796943d501a9cda67bd' target='_blank'>http://www.threatexpert.com/report.aspx?md5=4e684c60f21cb796943d501a9cda67bd</a> 
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=536B18B6009C2A51BA5802C5C  2752500E407FA74' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=536B18B6009C2A51BA5802C5C  2752500E407FA74</a>

----------


## Winsent

> Антивирус Версия Обновление Результат 
> 
> a-squared 4.5.0.41 2009.10.27 - 
> AhnLab-V3 5.0.0.2 2009.10.27 - 
> AntiVir 7.9.1.44 2009.10.27 - 
> Antiy-AVL 2.0.3.7 2009.10.27 - 
> Authentium 5.1.2.4 2009.10.27 - 
> Avast 4.8.1351.0 2009.10.27 - 
> AVG 8.5.0.423 2009.10.27 - 
> ...


Дополнительная информация 
File size: 195584 bytes 
MD5...: b4bef57c47b839983c1c693acfe056d3 
SHA1..: cb65d96409d7e677e15897abb15100c941246694 
SHA256: a5da97207835eb1d858fa1ed3cecef7ca187cf4c480cf5ec18  96f0fec6725dfb 
ssdeep: 3072:790QOcR+CBRz1nE5V4DLGjngEk7lX9jEkmx:79Ek+2U/4+Tghht

PEiD..: - 
PEInfo: PE Structure information

----------


## Torvic99

Файл foto.jar получен 2009.10.28 15:39:04 (UTC)
		 		Текущий статус: 			Загрузка ... 			в очереди 			ожидание 			проверка 			закончено 			НЕ НАЙДЕНО 			ОСТАНОВЛЕНО 		
		 		Результат: 13/41 (31.71%)




> Антивирус 			Версия 			Обновление 			Результат 		 		 	
> a-squared 4.5.0.412009.10.28-
> AhnLab-V3 5.0.0.22009.10.27-
> *AntiVir 7.9.1.442009.10.28JAVA/SMS.J2ME.Age.D
> Antiy-AVL 2.0.3.72009.10.27Trojan/J2ME.Agent*
> Authentium 5.1.2.42009.10.28-
> Avast 4.8.1351.02009.10.28-
> AVG 8.5.0.4232009.10.28-
> *BitDefender 7.22009.10.28Trojan.Generic.IS.610206*
> ...


Дополнительная информация 		 		 	
File size: 68433 bytes
MD5...: 5c894045acb56ff7f0cd9c81141f799f
SHA1..: 116efd2f51a4194b1eb4a7f2809894fdbfe6dd31
SHA256: 3efcf88915a0581a71d53b976020839c007bb1a817e20c3c76  3c1d9cf3fd7324
ssdeep: 1536:Abx4kPpu0pEU3/4+vat5OATBgM4bPxhRL+ngk5NS+uxo/4qNpaW5M/:I4kP
pu0aU3/47O7BbPnRLf+iy4qNXs
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set

----------


## snifer67

> *a-squared	4.5.0.41	2009.10.29	Riskware.Win32.VBInject!IK*
> AhnLab-V3	5.0.0.2	2009.10.29	-
> *AntiVir	7.9.1.50	2009.10.28	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2009.10.27	-
> Authentium	5.1.2.4	2009.10.28	-
> Avast	4.8.1351.0	2009.10.28	-
> AVG	8.5.0.423	2009.10.28	-
> BitDefender	7.2	2009.10.29	-
> CAT-QuickHeal	10.00	2009.10.29	-
> ...


Дополнительная информация
File size: 102400 bytes
MD5...: 50be99f9d77c6188aaab8bd4b0a17c53
SHA1..: 667161e4e77bb9a5d3aeb113f3d06ac3ea5e6067
SHA256: 9a3fc358d9b0c686df879a3c592d11997ca938256a1e30e69c  29cbdfc20c32fc
ssdeep: 3072:bw0cAoMKQmS2sOTrQzOWnpTt7Fd5fiWBk8:bwrQmSAMCW  FnfiWB
PEiD..: -
PEInfo: PE Structure information

----------


## valho

Это находится у учащихся института МИЭТ на ноутах, которые ходят на платные курсы по компьютерной грамотности, так что ль называется...
Файл 1111111.exe получен 2009.10.29 06:50:28 (UTC)
Текущий статус: закончено
Результат: 41/41 (100.00%)



> *a-squared 	4.5.0.41 	2009.10.29 	Trojan-Downloader.Win32.VB!IK
> AhnLab-V3 	5.0.0.2 	2009.10.29 	Win-Trojan/Xema.variant
> AntiVir 	7.9.1.50 	2009.10.28 	TR/Dldr.Au.15515591
> Antiy-AVL 	2.0.3.7 	2009.10.27 	Trojan/Win32.VB
> Authentium 	5.1.2.4 	2009.10.28 	W32/Autorun.BQ
> Avast 	4.8.1351.0 	2009.10.28 	Win32:Trojan-gen
> AVG 	8.5.0.423 	2009.10.28 	BackDoor.Ircbot.FIL
> BitDefender 	7.2 	2009.10.29 	Worm.Generic.80334
> CAT-QuickHeal 	10.00 	2009.10.29 	Worm.Regul.d
> ...


Дополнительная информация
File size: 1515591 bytes
MD5   : 5c4785dad152da6e1dd6a8b5055ce894
SHA1  : 23a28acc2a8cb4953c5633ef249bb63347386021
SHA256: 1b9a0b2b500f7bcec27c43f31e33a0e4b34deaf9006396d498  14a85a52e4688e
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x117A
timedatestamp.....: 0x59BFFA3 (Mon Dec 25 06:33:23 1972)
machinetype.......: 0x14C (Intel I386)
ThreatExpert: http://www.threatexpert.com/report.a...d6a8b5055ce894
ssdeep: 24576:cUas++rzskmM0YjWoddnVCY8mALt3E2jLyfx97iR3v+5  knoL+KOKQ+x:6p+rIij3nIyWt3E1fb7iHns+zE
Prevx Info: http://info.prevx.com/aboutprogramte...7C65001033E3A0
PEiD  : -
CWSandbox: http://research.sunbelt-software.com...d6a8b5055ce894
RDS   : NSRL Reference Data Set
-

----------


## snifer67

> a-squared	4.5.0.41	2009.10.30	-
> AhnLab-V3	5.0.0.2	2009.10.29	-
> AntiVir	7.9.1.50	2009.10.29	-
> Antiy-AVL	2.0.3.7	2009.10.27	-
> Authentium	5.1.2.4	2009.10.29	-
> Avast	4.8.1351.0	2009.10.29	-
> AVG	8.5.0.423	2009.10.29	-
> BitDefender	7.2	2009.10.30	-
> CAT-QuickHeal	10.00	2009.10.30	-
> ...


Дополнительная информация
File size: 171870 bytes
MD5...: 35c5a75dca3e76bbab6c9a9a2d131aa5
SHA1..: f3119d7f485da7cac8f3b51199fcf2345108dbcc
SHA256: d2c4f6cd8b45155761c89f6a7c597ee44163cc593fc802cd52  72eb8bd7107244
ssdeep: 3072:rSgivNIP4eDlJLоf4IoXRGKMN4VsFQJApVicWg70fZtDz  6ZKt0bOGW0:rSgs
sTJJkIMRKDWE0fZt6+EO8

----------


## senyak

Файл dhl_package_label_5dd96.exe получен 2009.10.30 11:49:37 (UTC)
Текущий статус: закончено
Результат: 31/41 (75.61%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.41	2009.10.30	Trojan.Win32.Bredolab!IK*
> AhnLab-V3	5.0.0.2	2009.10.30	-
> *AntiVir	7.9.1.50	2009.10.30	TR/Agent.W.727
> Antiy-AVL	2.0.3.7	2009.10.30	Packed/Win32.Krap.gen
> Authentium	5.1.2.4	2009.10.30	W32/Bredolab!Generic
> Avast	4.8.1351.0	2009.10.29	Win32:Bredolab-AP
> AVG	8.5.0.423	2009.10.30	Packed.Revolt
> BitDefender	7.2	2009.10.30	Trojan.Downloader.Bredolab.AZ*
> ...


Дополнительная информация
File size: 67584 bytes
MD5...: 4f1e553b74b7cb2c76f1f0d5fb79c0d5
SHA1..: dbf52159373e0648e3a46c6ebc4691e6b9175a47
SHA256: 76b389021785dd97d15b7146f9cacf521ca5e183519032fed4  933fdf0a644f97
ssdeep: 1536:nCotyPNBEmRjU12VYYL1t62f4fOPyG/O/9KAo+oSm8l6cDPK+VWq:nCagAm
Rj82VYYL1tf4fOP3y9Kp+Lm8lr
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...f97-1256903377




Файл dhl_package_label_99dce.exe получен 2009.10.30 11:49:41 (UTC)
Текущий статус: закончено
Результат: 31/41 (75.61%)
Антивирус  	Версия  	Обновление  	Результат



> *a-squared	4.5.0.41	2009.10.30	Virus.Win32.Bredolab!IK*
> AhnLab-V3	5.0.0.2	2009.10.30	-
> *AntiVir	7.9.1.50	2009.10.30	TR/PCK.Krap.W.1693
> Antiy-AVL	2.0.3.7	2009.10.30	Packed/Win32.Krap
> Authentium	5.1.2.4	2009.10.30	W32/Bredolab!Generic
> Avast	4.8.1351.0	2009.10.29	Win32:Bredolab-AP
> AVG	8.5.0.423	2009.10.30	Packed.Revolt
> BitDefender	7.2	2009.10.30	Trojan.Downloader.Bredolab.AZ
> CAT-QuickHeal	10.00	2009.10.30	Win32.Packed.Krap.w.4*
> ...


Дополнительная информация
File size: 66560 bytes
MD5...: aac50f2825ebaeea02b496c47775a192
SHA1..: df56689ae2df8f52fbee860789c2f29366e978c7
SHA256: bbf62d9ed9374538f5c4b410f7982dfb3927578e11af7f1097  985043d5e1e05e
ssdeep: 1536:VBr58f8Bk9hCuKMpGQ0jvOx0ij2c8v3rRjveQMAIVnRnb  :VhBkIqGQ0jvOx
kc8v3NmH7
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...05e-1256903381

----------


## Surfer

File foto20.scr received on 2009.10.30 22:06:43 (UTC)
Result: 6/41 (14.64%)




> a-squared	4.5.0.41	2009.10.30	-
> AhnLab-V3	5.0.0.2	2009.10.30	-
> AntiVir	7.9.1.53	2009.10.30	-
> Antiy-AVL	2.0.3.7	2009.10.30	-
> Authentium	5.1.2.4	2009.10.30	-
> Avast	4.8.1351.0	2009.10.30	-
> AVG	8.5.0.423	2009.10.30	-
> BitDefender	7.2	2009.10.30	-
> CAT-QuickHeal	10.00	2009.10.30	-
> ...


http://www.virustotal.com/analisis/c...589-1256940403

----------


## senyak

Файл avz00002.dta получен 2009.10.31 00:07:25 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.2%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.41	2009.10.30	Trojan.Rootkit!IK*
> AhnLab-V3	5.0.0.2	2009.10.30	-
> AntiVir	7.9.1.53	2009.10.30	-
> Antiy-AVL	2.0.3.7	2009.10.30	-
> Authentium	5.1.2.4	2009.10.30	-
> Avast	4.8.1351.0	2009.10.30	-
> AVG	8.5.0.423	2009.10.30	-
> BitDefender	7.2	2009.10.30	-
> ...


Дополнительная информация
File size: 67712 bytes
MD5...: 4f207be27704d0ea8f77064156cc8f98
SHA1..: bfd1b10238e6aa522c803a455ee4ca2b71480722
SHA256: 8b3b66db92855f8d86073c39bfd2bd7798318d69a4342d8edc  3645f0bf87cedc
ssdeep: 1536 :borred: ipuJj4H2eVCP+9L1ZMcLTF1mE5GCvHciBo2+5Ze+:wQJAVCP+9  BBTzLACP
ci+2Ge+
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...edc-1256947645




Файл avz00001.dta получен 2009.10.31 00:07:04 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.2%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.41	2009.10.30	-
> AhnLab-V3	5.0.0.2	2009.10.30	-
> AntiVir	7.9.1.53	2009.10.30	-
> Antiy-AVL	2.0.3.7	2009.10.30	-
> Authentium	5.1.2.4	2009.10.30	-
> Avast	4.8.1351.0	2009.10.30	-
> *AVG	8.5.0.423	2009.10.30	SHeur2.BORC*
> BitDefender	7.2	2009.10.30	-
> ...


Дополнительная информация
File size: 32000 bytes
MD5...: 9f1525d158ceb6c548e961f34e2b2c02
SHA1..: a4193b05bbead4eab9a8740b5a8aad58cb9d9502
SHA256: 68012733ee9fa5c86587d64c0626332d8065bc50b6220662d9  7e9c37ddb2fc11
ssdeep: 768:qM7L35+UpamFwYCTrS6BGZl/kxFMbhJLq9tN4aN/bEfVSbH4:BJ+NmFwPXS6
BGDOChFq97jVb4
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...c11-1256947624




Файл avz00003.dta получен 2009.10.31 00:08:46 (UTC)
Текущий статус: закончено
Результат: 13/41 (31.71%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.41	2009.10.30	Generic.Trojan.UserStartup!IK*
> AhnLab-V3	5.0.0.2	2009.10.30	-
> AntiVir	7.9.1.53	2009.10.30	-
> Antiy-AVL	2.0.3.7	2009.10.30	-
> Authentium	5.1.2.4	2009.10.30	-
> Avast	4.8.1351.0	2009.10.30	-
> AVG	8.5.0.423	2009.10.30	-
> *BitDefender	7.2	2009.10.30	BehavesLike:Trojan.UserStartup*
> ...


Дополнительная информация
File size: 96256 bytes
MD5...: 01df831c4ba88770e5ddd70787de12d1
SHA1..: 346e65cbd22e2485ef19d69694db5aaf79f37c1c
SHA256: 161602e97601d5426f82a613fe590b8669fd314faaf6514f46  a26a7e88ff6a94
ssdeep: 1536:02/DfwRA89E/+Ht0A3bLiXu+o87vYPawnmU+1uz9HQ2bxOCnbEkPJQH3gOt
0:02/DfwR19UUKuEaVnmHAHbvJQH3gOt0
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...a94-1256947726

----------


## Surfer

File Inst_156.exe received on 2009.10.31 21:23:49 (UTC)
Result: 4/41 (9.76%)




> a-squared	4.5.0.41	2009.10.31	-
> AhnLab-V3	5.0.0.2	2009.10.30	-
> AntiVir	7.9.1.53	2009.10.30	-
> Antiy-AVL	2.0.3.7	2009.10.30	-
> Authentium	5.1.2.4	2009.10.31	-
> Avast	4.8.1351.0	2009.10.30	-
> AVG	8.5.0.423	2009.10.31	-
> BitDefender	7.2	2009.10.31	-
> *CAT-QuickHeal	10.00	2009.10.31	Win32.Packed.Krap.ae.8*
> ...


http://www.virustotal.com/analisis/7...ff6-1257024229

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Surfer

File install.exe received on 2009.11.01 18:28:19 (UTC)
Result: 15/41 (36.59%)




> *a-squared	4.5.0.41	2009.11.01	Trojan.Win32.VkHost!IK*
> AhnLab-V3	5.0.0.2	2009.10.30	-
> AntiVir	7.9.1.53	2009.10.30	-
> *Antiy-AVL	2.0.3.7	2009.10.30	Trojan/Win32.Qhost.gen*
> *Authentium	5.1.2.4	2009.11.01	W32/Blocker-based!Maximus*
> Avast	4.8.1351.0	2009.11.01	-
> AVG	8.5.0.423	2009.11.01	-
> BitDefender	7.2	2009.11.01	-
> *CAT-QuickHeal	10.00	2009.10.31	Trojan.Qhost.maq*
> ...


http://www.virustotal.com/analisis/b...41b-1257100099

----------


## valho

File vk.exe received on 2009.11.03 08:00:58 (UTC)
Current status: finished
Result: 8/41 (19.52%)



> *a-squared	4.5.0.41	2009.11.03	Trojan.Win32.Sasfis!IK*
> AhnLab-V3	5.0.0.2	2009.11.03	-
> AntiVir	7.9.1.53	2009.11.02	-
> Antiy-AVL	2.0.3.7	2009.11.03	-
> Authentium	5.1.2.4	2009.11.03	-
> Avast	4.8.1351.0	2009.11.02	-
> AVG	8.5.0.423	2009.11.02	-
> BitDefender	7.2	2009.11.03	-
> CAT-QuickHeal	10.00	2009.11.03	-
> ...


Additional information
File size: 19456 bytes
MD5...: 9aa436cd507b043dd9ac90b710fabeb0
SHA1..: bf65a829b6ae3ee03b31fa4c9168b6a7dc4eb9eb
SHA256: dbe88069e0a4a42f05a04f3f8f200d25fd40b06b7e7049bfc0  6a9944822eacf2
ssdeep: 384:p3/odyIHGikuRMctgsSDJpUqh0U21Xi8/ONY15:p3gdyBikuRNtgRaq2UM/T
15
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x4aed92aa (Sun Nov 01 13:52:42 2009)
machinetype.......: 0x14c (I386)
http://info.prevx.com/aboutprogramte...2CEC0053653E38

----------


## senyak

Файл vkontakte_manager2010.exe получен 2009.11.03 13:48:55 (UTC)
Текущий статус: закончено
Результат: 22/41 (53.66%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.41	2009.11.03	Trojan.Win32.VkHost!IK*
> AhnLab-V3	5.0.0.2	2009.11.03	-
> *AntiVir	7.9.1.53	2009.11.03	TR/VKHost.DB*
> Antiy-AVL	2.0.3.7	2009.11.03	-
> *Authentium	5.1.2.4	2009.11.03	W32/Trojan2.JFCL
> Avast	4.8.1351.0	2009.11.03	Win32:Malware-gen
> AVG	8.5.0.423	2009.11.03	Generic14.CDJT
> BitDefender	7.2	2009.11.03	Trojan.Generic.2547041
> ...


Дополнительная информация
File size: 530432 bytes
MD5...: 55c58aaf178500f8a527342970f0ae22
SHA1..: 84f6fa879f990c2899596dd7d2b9518dae6f9e4e
SHA256: 9b11b03b1deb8896b05891c6f95fcdac170210f49000f11eea  26b4a6a733e80e
ssdeep: 12288 :Lipsrsealed: pFRzKzd8mk85o+Ldlft4JV2IML1+ISlfnK0BNzql :Lipsrsealed: LxpPp+LhOTMBTKi
o0
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...80e-1257256135

----------


## senyak

Файл mob17234-.jar получен 2009.11.05 10:14:52 (UTC)
Текущий статус: закончено
Результат: 8/40 (20%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.41	2009.11.05	-
> AhnLab-V3	5.0.0.2	2009.11.05	-
> AntiVir	7.9.1.53	2009.11.05	-
> *Antiy-AVL	2.0.3.7	2009.11.05	Trojan/J2ME.Small*
> Authentium	5.2.0.5	2009.11.05	-
> Avast	4.8.1351.0	2009.11.04	-
> AVG	8.5.0.423	2009.11.05	-
> BitDefender	7.2	2009.11.05	-
> ...


Дополнительная информация
File size: 62961 bytes
MD5...: 7c2d4071f468e32087865e36258e18e6
SHA1..: 5257e5d767109387d94986695932251f889a2124
SHA256: 7050e34f00cf5221de2cce9033c9c9c43624f54724c949c6f6  3729c6d6a87ace
ssdeep: 1536:/HUn/jroCXi/Wzo9QsY3rHVQ25Dx8ateXfTtse5Rx5En/:/HUn/jEpW0mrr
/l8at0fTts8E/
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...ace-1257416092

----------


## Ingener

Файл js.js получен 2009.11.06 19:33:14 (UTC)
Текущий статус: закончено 
Результат: 2/39 (5.13%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.41	2009.11.06	-
> AhnLab-V3	5.0.0.2	2009.11.06	-
> AntiVir	7.9.1.61	2009.11.06	-
> Antiy-AVL	2.0.3.7	2009.11.05	-
> Authentium	5.2.0.5	2009.11.06	-
> *Avast	4.8.1351.0	2009.11.06	JSownloader-FP*
> AVG	8.5.0.423	2009.11.06	-
> BitDefender	7.2	2009.11.06	-
> ...


Дополнительная информация
File size: 111998 bytes
MD5   : d6e69b215dab07e1abaa802d17f5ceb7
SHA1  : 8510482698fb69ecf71da9f4c19f167be67d9169
SHA256: 78b460592517c4848072e5543a928cfebea1c887c7243a93c7  3a7926ae345d90
TrID  : File type identification
Text - UTF-16 (LE) encoded (64.4%)
MP3 audio (32.2%)
Lumena CEL bitmap (2.0%)
Corel Photo Paint (1.3%)
ssdeep: 48:QTlNRguMhABbulVAk+7XqyTjywB9JWPalF6ZaTAW:QTHRgu  MhABbulVAk+L37rJWPUcW
PEiD  : -
packers (F-Prot): Unicode
RDS   : NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...d90-1257535994

***

Файл js1.js получен 2009.11.06 19:43:40 (UTC)
Текущий статус:    закончено 
Результат: 2/41 (4.88%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.41	2009.11.06	-
> AhnLab-V3	5.0.0.2	2009.11.06	-
> AntiVir	7.9.1.61	2009.11.06	-
> Antiy-AVL	2.0.3.7	2009.11.05	-
> Authentium	5.2.0.5	2009.11.06	-
> Avast	4.8.1351.0	2009.11.06	-
> AVG	8.5.0.423	2009.11.06	-
> BitDefender	7.2	2009.11.06	-
> ...


Дополнительная информация
File size: 10324 bytes
MD5...: cab54e26892be619844ae29fab641dad
SHA1..: 43e64dcf96b01463b37dd60cd6cf08b7327f81d8
SHA256: 2b6018e0f058f2aebfc16e0076f617b2912677d838648200d5  f6876ffaaa3142
ssdeep: 192:pTroHDaekg7wAb+Vf1kI5v6t6mn7RRTOkXOz6cvo:qHmq+  Vf1kIgaiKpo
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Text - UTF-16 (LE) encoded (64.4%)
MP3 audio (32.2%)
Lumena CEL bitmap (2.0%)
Corel Photo Paint (1.3%)
packers (F-Prot): Unicode

http://www.virustotal.com/ru/analisi...142-1257536620

***

Файл js2.js получен 2009.11.06 19:58:43 (UTC)
Текущий статус:    закончено 
Результат: 2/40 (5%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.41	2009.11.06	-
> AhnLab-V3	5.0.0.2	2009.11.06	-
> AntiVir	7.9.1.61	2009.11.06	-
> Antiy-AVL	2.0.3.7	2009.11.05	-
> *Authentium	5.2.0.5	2009.11.06	HTML/IFrame.A*
> Avast	4.8.1351.0	2009.11.06	-
> AVG	8.5.0.423	2009.11.06	-
> BitDefender	7.2	2009.11.06	-
> ...


Дополнительная информация
File size: 1528 bytes
MD5...: 1775dd417386e576ec3c0013acfa907b
SHA1..: 51855bd322f7b7b6abcfdf5b96a4b94f78365f4b
SHA256: 92027e9673aca92e6a60e8308bdd191a0687bea711375f87ae  a0a6e0af2f8997
ssdeep: 24:Q+6eNcNaxTjY+71+6BGb8e+6BS8eNaxThis+63de+6ce+6E  eBe:GCcNaxQa1z
I9zw9Nax1isz3EzdzFBe
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Text - UTF-16 (LE) encoded (64.4%)
MP3 audio (32.2%)
Lumena CEL bitmap (2.0%)
Corel Photo Paint (1.3%)
packers (Authentium): Unicode
packers (F-Prot): Unicode

http://www.virustotal.com/ru/analisi...997-1257537523

***

Файл js3.js получен 2009.11.06 20:06:29 (UTC)
Текущий статус:    закончено 
Результат: 3/40 (7.5%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.41	2009.11.06	-
> AhnLab-V3	5.0.0.2	2009.11.06	-
> AntiVir	7.9.1.61	2009.11.06	-
> Antiy-AVL	2.0.3.7	2009.11.05	-
> Authentium	5.2.0.5	2009.11.06	-
> Avast	4.8.1351.0	2009.11.06	-
> AVG	8.5.0.423	2009.11.06	-
> BitDefender	7.2	2009.11.06	-
> ...


Дополнительная информация
File size: 3490 bytes
MD5...: ddb045102d847adf5ef8bce8595d9156
SHA1..: a5b19db29f546870b16eb3702e4680a93e7ca7fa
SHA256: 63a2295aabbdeaca2143e5547b08282dfbfb9efcb5f140cab4  fd3d8399b2f104
ssdeep: 48:m++F/rGFgtWu3Z1LytWggtFu3gylXAiHTHdIlK5hG:Q/rGFgtWu3Z1LytTgtF
u3g2XbrdIlIG
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Text - UTF-16 (LE) encoded (64.4%)
MP3 audio (32.2%)
Lumena CEL bitmap (2.0%)
Corel Photo Paint (1.3%)
packers (F-Prot): Unicode, doc_write
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

http://www.virustotal.com/ru/analisi...104-1257537989

***

Файл js4.js получен 2009.11.06 20:11:39 (UTC)
Текущий статус:    закончено 
Результат: 18/40 (45%)



> Антивирус	Версия	Обновление	Результат
> *a-squared	4.5.0.41	2009.11.06	Virus.JS.Redirector!IK*
> AhnLab-V3	5.0.0.2	2009.11.06	-
> *AntiVir	7.9.1.61	2009.11.06	JS/Redirector.A*
> Antiy-AVL	2.0.3.7	2009.11.05	-
> Authentium	5.2.0.5	2009.11.06	-
> *Avast	4.8.1351.0	2009.11.06	JS:Redirector-B*
> *AVG	8.5.0.423	2009.11.06	Exploit*
> *BitDefender	7.2	2009.11.06	Trojan.Exploit.Phpbb.J*
> ...


Дополнительная информация
File size: 2352 bytes
MD5...: 1b647e9da6c557574bcea6ca0a97c2e0
SHA1..: 66698b6ec22da69d37ac04c1617c820f8d5e766d
SHA256: 6b4d8b4a6a6c6d62919bf00295da2fcee0ac62d2d55dda271c  daed8faedf4e6d
ssdeep: 24:S1HSSvmDWFoPEQq9M/HOFzM/HOFVM/mFCHwJcdt41ftgdWmkWN+dbcI:SISvS
Si/HOq/HOI/mD+Q0S7YI
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: HyperText Markup Language (100.0%)

http://www.virustotal.com/ru/analisi...e6d-1257538299

***

Файл js5.js получен 2009.11.06 20:24:56 (UTC)
Текущий статус:    закончено 
Результат: 1/40 (2.5%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.41	2009.11.06	-
> AhnLab-V3	5.0.0.2	2009.11.06	-
> AntiVir	7.9.1.61	2009.11.06	-
> Antiy-AVL	2.0.3.7	2009.11.05	-
> Authentium	5.2.0.5	2009.11.06	-
> Avast	4.8.1351.0	2009.11.06	-
> AVG	8.5.0.423	2009.11.06	-
> BitDefender	7.2	2009.11.06	-
> ...


Дополнительная информация
File size: 2772 bytes
MD5...: e4ed3193a9d923fca3962c9050dbaf36
SHA1..: c93df65b0dc5dc6148cf3a49ebf63029da7096e5
SHA256: c3978ea09ca81c971a40126587ee6db0020aef60e07cf9dd99  68fff49a206b07
ssdeep: 48:RWeWocjJ7BiAMsroehSXB5Bv7VpKFk1O86gZnD0rDKeeWY9  ylIt6knIIjS5yV
DSb:RWocN7Bib2oehSR5Xpou/6gZmDKHWY9A
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Text - UTF-16 (LE) encoded (64.4%)
MP3 audio (32.2%)
Lumena CEL bitmap (2.0%)
Corel Photo Paint (1.3%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): Unicode

http://www.virustotal.com/ru/analisi...b07-1257539096

----------


## senyak

Norton 2010 удалял все сонаром

Файл 1257414362.exe получен 2009.11.06 21:43:47 (UTC)
Текущий статус: закончено
Результат: 14/40 (35%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.41	2009.11.06	Trojan.Win32.Cosmu!IK*
> AhnLab-V3	5.0.0.2	2009.11.06	-
> *AntiVir	7.9.1.61	2009.11.06	TR/Vundo.Gen*
> Antiy-AVL	2.0.3.7	2009.11.05	-
> Authentium	5.2.0.5	2009.11.06	-
> *Avast	4.8.1351.0	2009.11.06	Win32:Alureon-DT*
> AVG	8.5.0.423	2009.11.06	-
> BitDefender	7.2	2009.11.06	-
> ...


Дополнительная информация
File size: 83968 bytes
MD5...: 6509243793f2b130741c7f85e45e74a1
SHA1..: 0dccca47ec90e8a7ee9c30ac169590324d158b57
SHA256: b2de013c196e89d1e99be4b2c13836c20743cd19fcb3dd4db1  4ce307611874d9
ssdeep: 1536:utJCYdTq9suoqTds9Zy5QV9hT9aEAHtAgGHPur6yB++fK  D6iRG3lU3:K07T
dBCV9+nAPSBBzJi
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...4d9-1257543827




Файл b0bah.exe получен 2009.11.06 21:44:34 (UTC)
Текущий статус: закончено
Результат: 13/41 (31.71%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.41	2009.11.06	Trojan.Win32.Bredolab!IK*
> AhnLab-V3	5.0.0.2	2009.11.06	-
> AntiVir	7.9.1.61	2009.11.06	-
> Antiy-AVL	2.0.3.7	2009.11.05	-
> Authentium	5.2.0.5	2009.11.06	-
> Avast	4.8.1351.0	2009.11.06	-
> *AVG	8.5.0.423	2009.11.06	Packed.Revolt
> BitDefender	7.2	2009.11.06	Trojan.Packed.Hiloti.Gen.3
> ...


Дополнительная информация
File size: 21504 bytes
MD5...: f544af61354e9f8ac75231887209e4a5
SHA1..: 6e9f4b765e9d1abbda59b28eb77bb94cf15bd097
SHA256: 1ccd694cbb46fb54b4f2396dcc79a389ae6aeb1398ab9d2213  3ae15447af6984
ssdeep: 384:abVmL4EqtBghHytlRxWptW7mSHckOIvdGzKIAuz4oA:aRU  4BeZOnx+tpSHcl
Ivdqxo
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...984-1257543874




Файл IAInstall.exe получен 2009.11.06 21:46:53 (UTC)
Текущий статус: закончено
Результат: 7/41 (17.08%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.41	2009.11.06	-
> AhnLab-V3	5.0.0.2	2009.11.06	-
> AntiVir	7.9.1.61	2009.11.06	-
> Antiy-AVL	2.0.3.7	2009.11.05	-
> Authentium	5.2.0.5	2009.11.06	-
> Avast	4.8.1351.0	2009.11.06	-
> AVG	8.5.0.423	2009.11.06	-
> BitDefender	7.2	2009.11.06	-
> ...


Дополнительная информация
File size: 32768 bytes
MD5...: 0111b0a6e33ff8ab21a8830688caf279
SHA1..: c8f362074741f4025fa1c6c17b98a73a66e1500d
SHA256: bce69cbf9d9aedb71a511581ec836dd0fa8707390698c9fe34  420a4c5b5ba388
ssdeep: 768:E9gFS5+RelDPiHFvidZlOPoi0GTtzfJ3PQK9Lno+kn:mgF  4+RODPsFqdEo1e
zfpHLno+
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...388-1257544013

----------


## Ingener

Файл js.js получен 2009.11.06 22:37:12 (UTC)
Текущий статус: закончено 
Результат: 1/40 (2.50%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.41	2009.11.06	-
> AhnLab-V3	5.0.0.2	2009.11.06	-
> AntiVir	7.9.1.61	2009.11.06	-
> Antiy-AVL	2.0.3.7	2009.11.05	-
> Authentium	5.2.0.5	2009.11.06	-
> Avast	4.8.1351.0	2009.11.06	-
> AVG	8.5.0.423	2009.11.06	-
> BitDefender	7.2	2009.11.06	-
> ...


Дополнительная информация
File size: 1398 bytes
MD5   : 4b1c3747aa5f0a53bdeaa47318252879
SHA1  : 0cef56c665c292110e7717744572669ec6034cb8
SHA256: 2b2ebb94c0520328c6be249875ebfb4b436c727dc0e6aee1e0  5a7ecb17d12d6c
TrID  : File type identification
Text - UTF-16 (LE) encoded (64.4%)
MP3 audio (32.2%)
Lumena CEL bitmap (2.0%)
Corel Photo Paint (1.3%)
ssdeep: 24:QEcvccLOPs8cycSP96cicSPZ6cicSPZ6cicSPZ6cicSPlTN  FoXfLzaYLRnFpPtVW:gUcD3S9vnSZvnSZvnSZvnSlTgv6YLDxO
PEiD  : -
packers (F-Prot): Unicode
RDS   : NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...d6c-1257547032

***

Файл js1.js получен 2009.11.06 23:10:42 (UTC)
Текущий статус:   закончено 
Результат: 1/40 (2.5%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.41	2009.11.06	-
> AhnLab-V3	5.0.0.2	2009.11.06	-
> AntiVir	7.9.1.61	2009.11.06	-
> Antiy-AVL	2.0.3.7	2009.11.05	-
> Authentium	5.2.0.5	2009.11.06	-
> Avast	4.8.1351.0	2009.11.06	-
> AVG	8.5.0.423	2009.11.06	-
> BitDefender	7.2	2009.11.06	-
> ...


Дополнительная информация
File size: 12724 bytes
MD5...: dbfa54d0b8edf8b22b8b434638327075
SHA1..: 2207770f3736d1827b64c540780765b06804a247
SHA256: 94f8a6bea882a34cb0b9fec579fa7e2de33600f8f732773cd2  d5f6ce4bec1c61
ssdeep: 384:1rwd1Xnlz1hKY9qFh7ptPMb+DThGNNblbru/CpwHP:qXnlz1hKY9qFtptPMb
+DoNNblbru/Cpo
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Text - UTF-16 (LE) encoded (64.4%)
MP3 audio (32.2%)
Lumena CEL bitmap (2.0%)
Corel Photo Paint (1.3%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): Unicode

http://www.virustotal.com/ru/analisi...c61-1257549042

***

Файл js2.js получен 2009.11.06 22:59:36 (UTC)
Текущий статус: закончено 
Результат: 2/40 (5.00%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.41	2009.11.06	-
> AhnLab-V3	5.0.0.2	2009.11.06	-
> AntiVir	7.9.1.61	2009.11.06	-
> Antiy-AVL	2.0.3.7	2009.11.05	-
> Authentium	5.2.0.5	2009.11.06	-
> *Avast	4.8.1351.0	2009.11.06	JSownloader-EG*
> AVG	8.5.0.423	2009.11.06	-
> BitDefender	7.2	2009.11.06	-
> ...


Дополнительная информация
File size: 2332 bytes
MD5   : 20eafb355c3853563c02876222232175
SHA1  : f76cb88c3fa74b02c92be35990123885fd37d93a
SHA256: 46bbf58bf828d01f8ea8ed93c61ecaa94c6c9e1e1347434c78  8b4ec75dba9500
TrID  : File type identification
Text - UTF-16 (LE) encoded (64.4%)
MP3 audio (32.2%)
Lumena CEL bitmap (2.0%)
Corel Photo Paint (1.3%)
ssdeep: 48:m+HM070oa090em0vj5o7yGxHHjQuKFCgsxI/DyN:5M070P090em0vj5oPj9oCgsx4DyN
PEiD  : -
packers (F-Prot): Unicode
RDS   : NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...500-1257548376

***

Файл js444.js получен 2009.11.06 23:04:19 (UTC)
Текущий статус:    закончено 
Результат: 6/40 (15%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.41	2009.11.06	-
> AhnLab-V3	5.0.0.2	2009.11.06	-
> *AntiVir	7.9.1.61	2009.11.06	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.11.05	-
> Authentium	5.2.0.5	2009.11.06	-
> *Avast	4.8.1351.0	2009.11.06	JSownloader-EL*
> AVG	8.5.0.423	2009.11.06	-
> BitDefender	7.2	2009.11.06	-
> ...


Дополнительная информация
File size: 30384 bytes
MD5...: a82ce59a4608fe261f67795dea92e84a
SHA1..: a6b824979a86e5534a5b3c6aa6d20ecd0ca234e5
SHA256: 4074714338634dfee095c1d4dac4f627e731b58a9a857c97c7  620a7a3d50863a
ssdeep: 384:JQXzFoxpEuZiFdhAS8sacLyhh6a1OTa1O4+a1DRSDUEdea  NoEZOeuvNeafGc
+g6N:fpntbAtBZoHlO
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Text - UTF-16 (LE) encoded (64.4%)
MP3 audio (32.2%)
Lumena CEL bitmap (2.0%)
Corel Photo Paint (1.3%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): Unicode

http://www.virustotal.com/ru/analisi...63a-1257548659

***

Файл js666.js получен 2009.11.06 23:29:41 (UTC)
Текущий статус:   закончено 
Результат: 5/40 (12.5%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.41	2009.11.06	-
> AhnLab-V3	5.0.0.2	2009.11.06	-
> AntiVir	7.9.1.61	2009.11.06	-
> Antiy-AVL	2.0.3.7	2009.11.05	-
> Authentium	5.2.0.5	2009.11.06	-
> *Avast	4.8.1351.0	2009.11.06	JSbfuscated-CV*
> AVG	8.5.0.423	2009.11.06	-
> BitDefender	7.2	2009.11.06	-
> ...


Дополнительная информация
File size: 39216 bytes
MD5...: cfb7b8ec44af54215e8f78d5c1ea795c
SHA1..: 1c90cd1fcdea14ffa146d5c8cd634739f7afcfb8
SHA256: 1ab3b8c06aa48d81c07a04536780409f3c792b393baaf27ee6  ed57bf43a89013
ssdeep: 384 :borred: TZUIK/OmOyOEO1OwOTosA4xd5X9JGTZUIK/loZLjHmopTFV:0JAcFVloZ3H
mopTFV
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Text - UTF-16 (LE) encoded (64.4%)
MP3 audio (32.2%)
Lumena CEL bitmap (2.0%)
Corel Photo Paint (1.3%)
packers (F-Prot): Unicode
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

http://www.virustotal.com/ru/analisi...013-1257550181

----------


## Surfer

File _______________.exe received on 2009.11.07 00:48:38 (UTC)
Result: 11/39 (28.21%)




> *a-squared	4.5.0.41	2009.11.06	Trojan-PWS.Win32.Agent!IK*
> AhnLab-V3	5.0.0.2	2009.11.06	-
> *AntiVir	7.9.1.61	2009.11.06	TR/PSW.Agent.Obj.1*
> *Antiy-AVL	2.0.3.7	2009.11.05	Trojan/Win32.Agent*
> Authentium	5.2.0.5	2009.11.06	-
> Avast	4.8.1351.0	2009.11.06	-
> AVG	8.5.0.423	2009.11.06	-
> BitDefender	7.2	2009.11.06	-
> CAT-QuickHeal	10.00	2009.11.06	-
> ...


http://www.virustotal.com/analisis/5...6bc-1257554918

----------


## ISO

File Russificator_.exe received on 2009.11.08 11:54:35 (UTC)
Result: 6/40 (15%)	


```
Antivirus 	Version 	Last Update 	Result
a-squared	4.5.0.41	2009.11.08	Riskware.Win32.Adload!IK
AhnLab-V3	5.0.0.2	2009.11.06	-
AntiVir	7.9.1.61	2009.11.06	ADSPY/AdSpy.Gen
Antiy-AVL	2.0.3.7	2009.11.05	-
Authentium	5.2.0.5	2009.11.08	-
Avast	4.8.1351.0	2009.11.08	-
AVG	8.5.0.423	2009.11.08	-
BitDefender	7.2	2009.11.08	-
CAT-QuickHeal	10.00	2009.11.07	-
ClamAV	0.94.1	2009.11.08	PUA.Packed.ASPack212
Comodo	2882	2009.11.08	-
DrWeb	5.0.0.12182	2009.11.08	Adware.FieryAds.22
eTrust-Vet	35.1.7108	2009.11.06	-
F-Prot	4.5.1.85	2009.11.07	-
F-Secure	9.0.15370.0	2009.11.04	-
Fortinet	3.120.0.0	2009.11.08	-
GData	19	2009.11.08	-
Ikarus	T3.1.1.74.0	2009.11.08	not-a-virus:Win32.Adload
Jiangmin	11.0.800	2009.11.08	-
K7AntiVirus	7.10.891	2009.11.07	-
Kaspersky	7.0.0.125	2009.11.08	-
McAfee	5795	2009.11.07	-
McAfee+Artemis	5795	2009.11.07	-
McAfee-GW-Edition	6.8.5	2009.11.08	Ad-Spyware.AdSpy.Gen
Microsoft	1.5202	2009.11.08	-
NOD32	4583	2009.11.08	-
Norman	6.03.02	2009.11.06	-
nProtect	2009.1.8.0	2009.11.08	-
Panda	10.0.2.2	2009.11.07	-
PCTools	7.0.3.5	2009.11.06	-
Prevx	3.0	2009.11.08	-
Rising	21.54.62.00	2009.11.08	-
Sophos	4.47.0	2009.11.08	-
Sunbelt	3.2.1858.2	2009.11.08	-
Symantec	1.4.4.12	2009.11.08	-
TheHacker	6.5.0.2.063	2009.11.06	-
TrendMicro	9.0.0.1003	2009.11.08	-
VBA32	3.12.10.11	2009.11.07	-
ViRobot	2009.11.6.2025	2009.11.06	-
VirusBuster	4.6.5.0	2009.11.07	-
```

Additional information
File size: 2819603 bytes
MD5...: 1afa622601b36afca6d24a7c91e2e557
SHA1..: 4559d4786a6d23e857ebd3227091542d5e802b93
SHA256: 2a539bfd1a1e4016a30c8e10245aab227917b121b378b819db  40e22fda668459
ssdeep: 49152:sIf7Tyw1RlwPMxasaf7/yN3zh/GfxYO635R8YCS07mZqL3ePCdHPqCIkgI
ysnMYW:sIf7Onea3jEdOu5Rlp6mZqDHHPfIxVs6
PEiD..: -
PEInfo: PE Structure information


File FieryAdsUninstall.exe received on 2009.11.08 13:24:03 (UTC)

Result: 10/40 (25%)



```
Antivirus 	Version 	Last Update 	Result
a-squared	4.5.0.41	2009.11.08	Riskware.AdWare.Win32.Agent!IK
AhnLab-V3	5.0.0.2	2009.11.06	-
AntiVir	7.9.1.61	2009.11.06	-
Antiy-AVL	2.0.3.7	2009.11.05	-
Authentium	5.2.0.5	2009.11.08	W32/FierAds.A.gen!Eldorado
Avast	4.8.1351.0	2009.11.08	-
AVG	8.5.0.423	2009.11.08	-
BitDefender	7.2	2009.11.08	Gen:Adware.Heur.KS0aQCcRTiFk
CAT-QuickHeal	10.00	2009.11.07	(Suspicious) - DNAScan
ClamAV	0.94.1	2009.11.08	PUA.Packed.ASPack212
Comodo	2884	2009.11.08	-
DrWeb	5.0.0.12182	2009.11.08	-
eTrust-Vet	35.1.7108	2009.11.06	-
F-Prot	4.5.1.85	2009.11.07	W32/FierAds.A.gen!Eldorado
F-Secure	9.0.15370.0	2009.11.04	Gen:Adware.Heur.KS0aQCcRTiFk
Fortinet	3.120.0.0	2009.11.08	-
GData	19	2009.11.08	Gen:Adware.Heur.KS0aQCcRTiFk
Ikarus	T3.1.1.74.0	2009.11.08	not-a-virus:AdWare.Win32.Agent
Jiangmin	11.0.800	2009.11.08	Backdoor/Huigezi.2007.awwq
K7AntiVirus	7.10.891	2009.11.07	-
Kaspersky	7.0.0.125	2009.11.08	-
McAfee	5795	2009.11.07	-
McAfee+Artemis	5795	2009.11.07	-
McAfee-GW-Edition	6.8.5	2009.11.08	-
Microsoft	1.5202	2009.11.08	-
NOD32	4583	2009.11.08	-
Norman	6.03.02	2009.11.06	-
nProtect	2009.1.8.0	2009.11.08	-
Panda	10.0.2.2	2009.11.08	-
PCTools	7.0.3.5	2009.11.06	-
Prevx	3.0	2009.11.08	-
Rising	21.54.62.00	2009.11.08	-
Sophos	4.47.0	2009.11.08	-
Sunbelt	3.2.1858.2	2009.11.08	-
Symantec	1.4.4.12	2009.11.08	-
TheHacker	6.5.0.2.063	2009.11.06	-
TrendMicro	9.0.0.1003	2009.11.08	-
VBA32	3.12.10.11	2009.11.07	-
ViRobot	2009.11.6.2025	2009.11.06	-
VirusBuster	4.6.5.0	2009.11.07	-
```

Additional information
File size: 590848 bytes
MD5...: a03df13fee80401a48d7164a8e2000cc
SHA1..: 6e7be761b392009b7be2d1a27ad90f63caeebcb9
SHA256: 85702ccd66086caed49c2e35f486487e8d9e1fab9d7d859411  3a76c4de0f276a
ssdeep: 12288 :Lipsrsealed: /g+thQ+XIHjwdIu11Tgg9Zq6xGJOpqZ1WYrt :Lipsrsealed: zXBXjdp1T40GkpFYrt
PEiD..: -
PEInfo: PE Structure information

----------


## Surfer

File setup.exe received on 2009.11.08 14:55:51 (UTC)

Result: 17/40 (42.5%)





> *a-squared	4.5.0.41	2009.11.08	Trojan.Win32.VkHost!IK*
> AhnLab-V3	5.0.0.2	2009.11.06	-
> AntiVir	7.9.1.61	2009.11.06	-
> *Antiy-AVL	2.0.3.7	2009.11.05	Trojan/Win32.Qhost.gen*
> *Authentium	5.2.0.5	2009.11.08	W32/Blocker-based!Maximus*
> Avast	4.8.1351.0	2009.11.08	-
> AVG	8.5.0.423	2009.11.08	-
> BitDefender	7.2	2009.11.08	-
> *CAT-QuickHeal	10.00	2009.11.07	Trojan.Qhost.maq*
> ...

----------


## Никита Соловьев

http://www.virustotal.com/ru/analisi...246-1257707934




> a-squared 4.5.0.41 2009.11.08 *Trojan-Spy.Win32.Vwealer!IK* 
> AhnLab-V3 5.0.0.2 2009.11.06 - 
> AntiVir 7.9.1.61 2009.11.08 - 
> Antiy-AVL 2.0.3.7 2009.11.05 - 
> Authentium 5.2.0.5 2009.11.08 - 
> Avast 4.8.1351.0 2009.11.08 - 
> AVG 8.5.0.423 2009.11.08 *SHeur2.BQIX* 
> BitDefender 7.2 2009.11.08 - 
> CAT-QuickHeal 10.00 2009.11.07 - 
> ...

----------


## senyak

Файл Opera.jar получен 2009.11.08 20:37:37 (UTC)
Текущий статус: закончено
Результат: 5/40 (12.5%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.41	2009.11.08	-
> AhnLab-V3	5.0.0.2	2009.11.06	-
> AntiVir	7.9.1.61	2009.11.08	-
> *Antiy-AVL	2.0.3.7	2009.11.05	Trojan/J2ME.Small*
> Authentium	5.2.0.5	2009.11.08	-
> Avast	4.8.1351.0	2009.11.08	-
> AVG	8.5.0.423	2009.11.08	-
> BitDefender	7.2	2009.11.08	-
> ...


Дополнительная информация
File size: 178617 bytes
MD5...: 94b145de58cacc2c79163479d6855d5e
SHA1..: 2935c1453e17448122863db495f2f53bd98b8e6e
SHA256: 1facb716b63338d57cdeb9d497bdc03431b2969c45e7564591  9a701fd44986b7
ssdeep: 3072:/HIrn/jEpW0mrr/l8at0fTts8Ern/jEpW0mrr/l8at0fTts8EKn/jEpW0mr
r/l8u:vuQIrvtop2LQIrvtop2WQIrvtop2/
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...6b7-1257712657

----------


## gjf

File install.exe received on 2009.10.27 23:27:50 (UTC)


```
Antivirus	Version	Last Update	Result
a-squared	4.5.0.41	2009.10.27	-
AhnLab-V3	5.0.0.2	2009.10.27	-
AntiVir	7.9.1.44	2009.10.27	-
Antiy-AVL	2.0.3.7	2009.10.27	-
Authentium	5.1.2.4	2009.10.27	W32/Downldr3.GJ
Avast	4.8.1351.0	2009.10.27	-
AVG	8.5.0.423	2009.10.27	-
BitDefender	7.2	2009.10.28	-
CAT-QuickHeal	10.00	2009.10.27	-
ClamAV	0.94.1	2009.10.27	-
Comodo	2751	2009.10.27	-
DrWeb	5.0.0.12182	2009.10.27	Trojan.DownLoad.51375
eTrust-Vet	35.1.7086	2009.10.27	-
F-Prot	4.5.1.85	2009.10.27	W32/Downldr3.GJ
F-Secure	9.0.15370.0	2009.10.27	-
Fortinet	3.120.0.0	2009.10.27	-
GData	19	2009.10.28	-
Ikarus	T3.1.1.72.0	2009.10.27	-
Jiangmin	11.0.800	2009.10.26	-
K7AntiVirus	7.10.881	2009.10.27	Trojan.Win32.Malware.4
Kaspersky	7.0.0.125	2009.10.28	-
McAfee	5784	2009.10.27	Generic Downloader.du
McAfee+Artemis	5784	2009.10.27	Generic Downloader.du
McAfee-GW-Edition	6.8.5	2009.10.27	Heuristic.LooksLike.Win32.NewMalware.J
Microsoft	1.5202	2009.10.27	-
NOD32	4549	2009.10.27	Win32/TrojanDownloader.Delf.PAN
Norman	6.03.02	2009.10.27	-
nProtect	2009.1.8.0	2009.10.27	-
Panda	10.0.2.2	2009.10.27	Trj/Downloader.WEX
PCTools	4.4.2.0	2009.10.19	-
Prevx	3.0	2009.10.28	Medium Risk Malware
Rising	21.53.13.00	2009.10.27	-
Sophos	4.46.0	2009.10.27	-
Sunbelt	3.2.1858.2	2009.10.27	-
Symantec	1.4.4.12	2009.10.27	-
TheHacker	6.5.0.2.055	2009.10.27	Trojan/Delf.pan
TrendMicro	8.950.0.1094	2009.10.27	-
VBA32	3.12.10.11	2009.10.27	-
ViRobot	2009.10.27.2007	2009.10.27	-
VirusBuster	4.6.5.0	2009.10.26	-
```

P.S. Файл скачался с одной из файлопомоек под видом установщика Штирлица 4. Интересно, что в ЛК он улетел ещё 4 ноября - всё не решаются.

----------


## Никита Соловьев

http://www.virustotal.com/ru/analisi...68e-1257795859




> *a-squared 4.5.0.41 2009.11.09 Backdoor.Bredavi!IK* 
> AhnLab-V3 5.0.0.2 2009.11.06 - 
> AntiVir 7.9.1.61 2009.11.09 - 
> Antiy-AVL 2.0.3.7 2009.11.09 - 
> Authentium 5.2.0.5 2009.11.09 - 
> Avast 4.8.1351.0 2009.11.09 - 
> AVG 8.5.0.423 2009.11.09 - 
> BitDefender 7.2 2009.11.09 - 
> CAT-QuickHeal 10.00 2009.11.09 - 
> ...

----------


## Shu_b

t-59841


```
File avz00003._ta received on 2009.11.10 13:55:46 (UTC)
Antivirus	Version	Last Update	Result
a-squared	4.5.0.41	2009.11.10	-
AhnLab-V3	5.0.0.2	2009.11.06	-
AntiVir	7.9.1.61	2009.11.10	-
Antiy-AVL	2.0.3.7	2009.11.10	-
Authentium	5.2.0.5	2009.11.10	-
Avast	4.8.1351.0	2009.11.10	-
AVG	8.5.0.423	2009.11.10	-
BitDefender	7.2	2009.11.10	-
CAT-QuickHeal	10.00	2009.11.10	-
ClamAV	0.94.1	2009.11.10	-
Comodo	2905	2009.11.10	-
DrWeb	5.0.0.12182	2009.11.10	Trojan.Winlock.341
eSafe	7.0.17.0	2009.11.10	-
eTrust-Vet	35.1.7113	2009.11.10	-
F-Prot	4.5.1.85	2009.11.10	-
F-Secure	9.0.15370.0	2009.11.09	-
Fortinet	3.120.0.0	2009.11.10	-
GData	19	2009.11.10	-
Ikarus	T3.1.1.74.0	2009.11.10	-
Jiangmin	11.0.800	2009.11.10	-
K7AntiVirus	7.10.892	2009.11.09	-
Kaspersky	7.0.0.125	2009.11.10	-
McAfee	5797	2009.11.09	-
McAfee+Artemis	5797	2009.11.09	-
McAfee-GW-Edition	6.8.5	2009.11.10	-
Microsoft	1.5202	2009.11.10	-
NOD32	4591	2009.11.10	Win32/LockScreen.CZ
Norman	6.03.02	2009.11.09	-
nProtect	2009.1.8.0	2009.11.10	-
Panda	10.0.2.2	2009.11.09	-
PCTools	7.0.3.5	2009.11.10	-
Prevx	3.0	2009.11.10	-
Rising	22.21.01.09	2009.11.10	-
Sophos	4.47.0	2009.11.10	-
Sunbelt	3.2.1858.2	2009.11.10	-
Symantec	1.4.4.12	2009.11.10	-
TheHacker	6.5.0.2.064	2009.11.09	-
TrendMicro	9.0.0.1003	2009.11.10	-
VBA32	3.12.10.11	2009.11.09	-
ViRobot	2009.11.10.2029	2009.11.10	-
VirusBuster	4.6.5.0	2009.11.09	-
```

Additional information
File size: 114688 bytes
MD5...: c06063a7028d3b68df9b295fc56cdfc8

----------


## Surfer

File ubiquity.html received on 2009.11.10 13:26:21 (UTC)
Result: 2/40 (5%)




> a-squared 4.5.0.41 2009.11.10 - 
> AhnLab-V3 5.0.0.2 2009.11.06 - 
> AntiVir 7.9.1.61 2009.11.10 - 
> Antiy-AVL 2.0.3.7 2009.11.10 - 
> Authentium 5.2.0.5 2009.11.10 - 
> Avast 4.8.1351.0 2009.11.10 - 
> AVG 8.5.0.423 2009.11.10 - 
> BitDefender 7.2 2009.11.10 - 
> CAT-QuickHeal 10.00 2009.11.10 - 
> ...


http://www.virustotal.com/analisis/0...232-1257859581

----------


## Ingener

Файл js1.js получен 2009.11.10 16:28:22 (UTC)
Текущий статус:    закончено 
Результат: 3/41 (7.32%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.41	2009.11.10	-
> AhnLab-V3	5.0.0.2	2009.11.06	-
> AntiVir	7.9.1.61	2009.11.10	-
> Antiy-AVL	2.0.3.7	2009.11.10	-
> Authentium	5.2.0.5	2009.11.10	-
> *Avast	4.8.1351.0	2009.11.10	JSownloader-GA*
> AVG	8.5.0.423	2009.11.10	-
> BitDefender	7.2	2009.11.10	-
> ...


Дополнительная информация
File size: 69660 bytes
MD5...: 20aed7a2762581ae62020ced22637084
SHA1..: c916636997009751cbc7144e50c61d6f39eac423
SHA256: e759be2694669b60de904976d57f05917cc85dba3d560a2f48  53a7db02aada90
ssdeep: 1536:UKBFJHL4SCch1feKPWkAh6VKDTe3nwedUw8/XrHpVFjZ9ESl+Er/jFkZggC
p6Sye:UKBFJHL4SCch1feKPWkAh6VKDTe3nweG
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Text - UTF-16 (LE) encoded (64.4%)
MP3 audio (32.2%)
Lumena CEL bitmap (2.0%)
Corel Photo Paint (1.3%)
packers (F-Prot): Unicode
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

http://www.virustotal.com/ru/analisi...a90-1257870502

***

Файл js2.js получен 2009.11.10 16:23:12 (UTC)
Текущий статус:    закончено 
Результат: 11/40 (27.5%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.41	2009.11.10	-
> AhnLab-V3	5.0.0.2	2009.11.06	-
> *AntiVir	7.9.1.61	2009.11.10	HTML/Rce.Gen*
> Antiy-AVL	2.0.3.7	2009.11.10	-
> Authentium	5.2.0.5	2009.11.10	-
> *Avast	4.8.1351.0	2009.11.10	VBS:SnapshotView-S*
> AVG	8.5.0.423	2009.11.10	-
> BitDefender	7.2	2009.11.10	-
> ...


Дополнительная информация
File size: 17861 bytes
MD5...: 59e2a9bada969b178479b68393baaac7
SHA1..: 73fbf2ccbdf3d27cbf0ae5e47e9f153565cd6d3e
SHA256: 2bfa8ad5673496e37b59ff111bb8d96d1e1c843bdb9222f5fa  ca959839a75c20
ssdeep: 384:qqbBA8DkXvzWpUVxSVGMZ9UBWFD33E1+6Jd7FyA7FT8Krq  ZQJltPApj7/6LL
2Fz:N+HXvzWpUzeGMMOD33VU8gltPAt/YL2J
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

http://www.virustotal.com/ru/analisi...c20-1257870192

***

Файл js3.js получен 2009.11.10 16:32:24 (UTC)
Текущий статус:   закончено 
Результат: 2/34 (5.89%)




> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.41	2009.11.10	-
> AhnLab-V3	5.0.0.2	2009.11.06	-
> AntiVir	7.9.1.61	2009.11.10	-
> Authentium	5.2.0.5	2009.11.10	-
> *Avast	4.8.1351.0	2009.11.10	JSownloader-GD*
> AVG	8.5.0.423	2009.11.10	-
> BitDefender	7.2	2009.11.10	-
> CAT-QuickHeal	10.00	2009.11.10	-
> ...


Дополнительная информация
File size: 111894 bytes
MD5...: 4fa418e79613dc9c29165140e541ce32
SHA1..: e13fa6b6af792b75b40875e8539223e9fe3f00ec
SHA256: 28acf26fe14b6133135d9b8d879fe6b43c92313a2a6fe960b7  7634fe45f75424
ssdeep: 384 :borred: nFsxoRsBdBRsL9BRsB9BRsN9BRsN9BRsXynyvWyd0x7pcto/obhyhhJKzE6
L :Lipsrsealed: 
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
trid..: Text - UTF-16 (LE) encoded (64.4%)
MP3 audio (32.2%)
Lumena CEL bitmap (2.0%)
Corel Photo Paint (1.3%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): Unicode, eval, unescape
pdfid.: -

http://www.virustotal.com/ru/analisi...424-1257870744

***

Файл js4.js получен 2009.11.10 16:42:33 (UTC)
Текущий статус:     закончено   
Результат: 1/40 (2.5%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.41	2009.11.10	-
> AhnLab-V3	5.0.0.2	2009.11.06	-
> AntiVir	7.9.1.61	2009.11.10	-
> Antiy-AVL	2.0.3.7	2009.11.10	-
> Authentium	5.2.0.5	2009.11.10	-
> Avast	4.8.1351.0	2009.11.10	-
> AVG	8.5.0.423	2009.11.10	-
> BitDefender	7.2	2009.11.10	-
> ...


Дополнительная информация
File size: 102270 bytes
MD5...: dd16df234e6c739c434a049b3b280b0b
SHA1..: 0d2c68608fa79ad99e4437d7e6f8f997802d2543
SHA256: ea21604c0f149f26d1dd9da5462efe3e3efcb43c696d35d16f  92211cfbca6ec8
ssdeep: 3072:B8L2MNljLY2UWIvzrZcLmrefWFZxwTD8bv+xciIR/FtjaszT5RkD80JFHD6
gjc2u:f
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Text - UTF-16 (LE) encoded (64.4%)
MP3 audio (32.2%)
Lumena CEL bitmap (2.0%)
Corel Photo Paint (1.3%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): Unicode

http://www.virustotal.com/ru/analisi...ec8-1257871353

----------


## vlad179

Достаточно свежий, прислали ссылку по почте

Файл document.scr получен 2009.11.11 05:32:31 (UTC)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.41	2009.11.11	-
> AhnLab-V3	5.0.0.2	2009.11.06	-
> AntiVir	7.9.1.61	2009.11.10	-
> Antiy-AVL	2.0.3.7	2009.11.11	-
> *Authentium	5.2.0.5	2009.11.11	W32/Sasfis.I*
> *Avast	4.8.1351.0	2009.11.10	Win32:Malware-gen*
> AVG	8.5.0.423	2009.11.11	-
> BitDefender	7.2	2009.11.11	-
> ...


Дополнительная информация
File&nbsp;size: 19456 bytes
MD5&nbsp;&nbsp;&nbsp;: fab42f51084482c14c10dc62fb5c76c3
SHA1&nbsp;&nbsp;: c2a6fb5a2e9296a6411a366849c0d349cbc9cb96
SHA256: b90aa150e25e38ff6d14f729e8f3257cd67a3825d073ace505  108c6177a13e5f
PEInfo: PE Structure information<br>	<br>	( base data )<br> entrypointaddress.: 0x10C0<br>	timedatestamp.....: 0x4AF4AB3E (Sat Nov 7 00:03:26 2009)<br>	machinetype.......: 0x14C (Intel I386)<br>	<br>	( 4 sections )<br>	name viradd virsiz rawdsiz ntrpy md5<br>	.text 0x1000 0x2798 0x2800 7.54 853b412f90425225863ac0e3b9b742f8<br>.data 0x4000 0x1D00 0x1E00 7.87 ea10ea9408f3399ef3d6ad0925cce952<br>.bss 0x6000 0x40 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0x7000 0x14 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b<br>	<br>	( 0 imports )<br>	<br>	<br>	( 0 exports )<br>
TrID&nbsp;&nbsp;: File type identification<br>Win16/32 Executable Delphi generic (33.9%)<br>Generic Win/DOS Executable (32.7%)<br>DOS Executable Generic (32.7%)<br>VXD Driver (0.5%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
ssdeep: 384:0PLXTfbnjvr3Rq2GyR++b3p8WTC9mLWzD5zc7BfN1EZMU:  GDB+YqKC9mLmG/1
PEiD&nbsp;&nbsp;: -
RDS&nbsp;&nbsp;&nbsp;: NSRL Reference Data Set<br>-

----------


## gjf

После того, как ребенок скачал кейген для регистрации игр Alawar и запустил его, в WINDOWS 7 появился файл c:\Windows\System32\drivers\etc\ntfs...\csrss.exe



```
File smona125796782882842122153 received on 2009.11.11 19:32:46 (UTC)
Antivirus	Version	Last Update	Result
a-squared	4.5.0.41	2009.11.10	Virus.Win32.Rbot!IK
AhnLab-V3	5.0.0.2	2009.11.06	-
AntiVir	7.9.1.61	2009.11.10	PCK/Obsidium
Antiy-AVL	2.0.3.7	2009.11.10	-
Authentium	5.2.0.5	2009.11.10	W32/[email protected]
Avast	4.8.1351.0	2009.11.10	-
AVG	8.5.0.423	2009.11.10	-
BitDefender	7.2	2009.11.10	Generic.Lineage.2A83EE54
CAT-QuickHeal	10.00	2009.11.10	-
ClamAV	0.94.1	2009.11.10	-
Comodo	2905	2009.11.10	Heur.Pck.Obsidium
DrWeb	5.0.0.12182	2009.11.10	-
eSafe	7.0.17.0	2009.11.10	Suspicious File
eTrust-Vet	35.1.7113	2009.11.10	-
F-Prot	4.5.1.85	2009.11.10	W32/[email protected]
F-Secure	9.0.15370.0	2009.11.09	Generic.Lineage.2A83EE54
Fortinet	3.120.0.0	2009.11.10	-
GData	19	2009.11.10	Generic.Lineage.2A83EE54
Ikarus	T3.1.1.74.0	2009.11.10	Virus.Win32.Rbot
Jiangmin	11.0.800	2009.11.10	-
K7AntiVirus	7.10.892	2009.11.09	-
Kaspersky	7.0.0.125	2009.11.10	-
McAfee	5797	2009.11.09	Packed-01!920F4D23D04A
McAfee+Artemis	5797	2009.11.09	Packed-01!920F4D23D04A
McAfee-GW-Edition	6.8.5	2009.11.10	Packer.Obsidium
Microsoft	1.5202	2009.11.10	-
NOD32	4592	2009.11.10	-
Norman	6.03.02	2009.11.09	-
nProtect	2009.1.8.0	2009.11.10	-
Panda	10.0.2.2	2009.11.09	-
PCTools	7.0.3.5	2009.11.10	-
Prevx	3.0	2009.11.11	-
Rising	22.21.01.09	2009.11.10	-
Sophos	4.47.0	2009.11.10	Sus/ComPack-C
Sunbelt	3.2.1858.2	2009.11.10	-
Symantec	1.4.4.12	2009.11.10	-
TheHacker	6.5.0.2.064	2009.11.09	-
TrendMicro	9.0.0.1003	2009.11.10	-
VBA32	3.12.10.11	2009.11.09	-
ViRobot	2009.11.10.2029	2009.11.10	-
VirusBuster	4.6.5.0	2009.11.09	-
```

Additional information
File&nbsp;size: 2168320 bytes
MD5&nbsp;&nbsp;&nbsp;: 920f4d23d04a7cccac2fa662f5d7e378
SHA1&nbsp;&nbsp;: f0bf57385000598f984e8b8b9760a28dd90da512
SHA256: efe1446525bc63e0d5d2b80810ddd4c81442ba98c74a24943d  a70d04b314f71c
PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0xB000<br> timedatestamp.....: 0x2A425E19 (Sat Jun 20 00:22:17 1992)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 5 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> 0x1000 0x1000 0x200 1.13 394b9f49ebd3d1ccb29e1adfdcace756<br>.rsrc 0x2000 0x7000 0x2CC7 6.95 fea078288bf5dd5570242212045185e5<br> 0x9000 0x1000 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b<br> 0xA000 0x1000 0x18 1.44 74f6e97d38267683097a1a529152afbc<br> 0xB000 0xC000 0xC000 7.98 d0e0cd79d583da2f75ef73b2ae29587a<br> <br> ( 2 imports )<br> <br>&gt; kernel32.dll: ExitProcess<br>&gt; user32.dll: MessageBoxA<br> <br> ( 0 exports )<br>
TrID&nbsp;&nbsp;: File type identification<br>Win32 Executable Generic (58.3%)<br>Win16/32 Executable Delphi generic (14.1%)<br>Generic Win/DOS Executable (13.7%)<br>DOS Executable Generic (13.6%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 49152:7nPbAVsVYAuXcXPeqDsUImz0OkgfJOxe26uY42AWpL4m  4rz:7nPbAmYA/Gc9Imzygsxh6uY42AWpLb4r
PEiD&nbsp;&nbsp;: -
packers&nbsp;(Kaspersky): Obsidium
RDS&nbsp;&nbsp;&nbsp;: NSRL Reference Data Set<br>-

----------


## zorro84

```
a-squared	4.5.0.41	2009.11.12	Trojan-Ransom!IK
AhnLab-V3	5.0.0.2	2009.11.12	-
AntiVir	7.9.1.65	2009.11.12	TR/Agent.314368
Antiy-AVL	2.0.3.7	2009.11.12	Trojan/Win32.PogBlock.gen
Authentium	5.2.0.5	2009.11.12	-
Avast	4.8.1351.0	2009.11.12	-
AVG	8.5.0.425	2009.11.12	SHeur2.BQNF
BitDefender	7.2	2009.11.12	-
CAT-QuickHeal	10.00	2009.11.12	-
ClamAV	0.94.1	2009.11.12	-
Comodo	2931	2009.11.12	-
DrWeb	5.0.0.12182	2009.11.12	Trojan.Winlock.313
eSafe	7.0.17.0	2009.11.11	-
eTrust-Vet	35.1.7117	2009.11.12	-
F-Prot	4.5.1.85	2009.11.12	-
F-Secure	9.0.15370.0	2009.11.11	-
Fortinet	3.120.0.0	2009.11.11	W32/PogBlock.DZ!tr
GData	19	2009.11.12	-
Ikarus	T3.1.1.74.0	2009.11.12	Trojan-Ransom
Jiangmin	11.0.800	2009.11.12	-
K7AntiVirus	7.10.894	2009.11.11	-
Kaspersky	7.0.0.125	2009.11.12	Trojan-Ransom.Win32.PogBlock.dz
McAfee	5800	2009.11.12	-
McAfee+Artemis	5800	2009.11.12	Artemis!36A90A29EE51
McAfee-GW-Edition	6.8.5	2009.11.12	Heuristic.BehavesLike.Win32.Suspicious.I
Microsoft	1.5202	2009.11.12	-
NOD32	4600	2009.11.12	Win32/LockScreen.CW
Norman	6.03.02	2009.11.11	W32/Malware.JUJX
nProtect	2009.1.8.0	2009.11.12	Trojan/W32.PogBlock.314368.B
Panda	10.0.2.2	2009.11.12	Trj/CI.A
PCTools	7.0.3.5	2009.11.12	-
Prevx	3.0	2009.11.12	-
Rising	22.21.03.09	2009.11.12	-
Sophos	4.47.0	2009.11.12	-
Sunbelt	3.2.1858.2	2009.11.12	-
Symantec	1.4.4.12	2009.11.12	-
TheHacker	6.5.0.2.066	2009.11.11	-
TrendMicro	9.0.0.1003	2009.11.12	-
VBA32	3.12.10.11	2009.11.11	-
ViRobot	2009.11.12.2033	2009.11.12	-
VirusBuster	4.6.5.0	2009.11.12	-
```

File size: 314368 bytes
MD5...: 36a90a29ee5179e1ef66d8b84c30ffe6
SHA1..: 099102dea15df9af983f4a7e256403067546229e
SHA256: 3a226a94a47bbbd1cb32cc906a896fd1e091489d09e9a66ba9  f46bc590284604
ssdeep: 6144:MhWqgRVlAr3NZysba2TBTl7yAOAkW5pW6ms:MhaQr3NZy  spTtl7yPW5

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Shu_b

File chknt32.exe received on 2009.11.13 04:59:03 (UTC)


```
Antivirus	Version	Last Update	Result
a-squared	4.5.0.41	2009.11.13	-
AhnLab-V3	5.0.0.2	2009.11.12	-
AntiVir	7.9.1.65	2009.11.12	TR/Dropper.Gen
Antiy-AVL	2.0.3.7	2009.11.13	-
Authentium	5.2.0.5	2009.11.13	-
Avast	4.8.1351.0	2009.11.12	-
AVG	8.5.0.425	2009.11.12	-
BitDefender	7.2	2009.11.13	-
CAT-QuickHeal	10.00	2009.11.12	-
ClamAV	0.94.1	2009.11.12	-
Comodo	2935	2009.11.13	-
DrWeb	5.0.0.12182	2009.11.13	-
eSafe	7.0.17.0	2009.11.12	-
eTrust-Vet	35.1.7118	2009.11.12	-
F-Prot	4.5.1.85	2009.11.12	-
F-Secure	9.0.15370.0	2009.11.11	-
Fortinet	3.120.0.0	2009.11.13	-
GData	19	2009.11.13	-
Ikarus	T3.1.1.74.0	2009.11.13	-
Jiangmin	11.0.800	2009.11.12	TrojanSpy.Zbot.srr
K7AntiVirus	7.10.894	2009.11.11	-
Kaspersky	7.0.0.125	2009.11.13	-
McAfee	5800	2009.11.12	-
McAfee+Artemis	5800	2009.11.12	-
McAfee-GW-Edition	6.8.5	2009.11.12	Trojan.Dropper.Gen
Microsoft	1.5202	2009.11.12	-
NOD32	4602	2009.11.13	-
Norman	6.03.02	2009.11.11	-
nProtect	2009.1.8.0	2009.11.13	-
Panda	10.0.2.2	2009.11.13	-
PCTools	7.0.3.5	2009.11.13	-
Prevx	3.0	2009.11.13	-
Rising	22.21.04.01	2009.11.13	-
Sophos	4.47.0	2009.11.13	-
Sunbelt	3.2.1858.2	2009.11.12	-
Symantec	1.4.4.12	2009.11.13	-
TheHacker	6.5.0.2.067	2009.11.12	-
TrendMicro	9.0.0.1003	2009.11.12	-
VBA32	3.12.10.11	2009.11.13	-
ViRobot	2009.11.13.2034	2009.11.13	-
VirusBuster	4.6.5.0	2009.11.12	-
```

Additional information
File size: 142082 bytes
MD5...: 360f03ee267b52ee1b5b41e5ff65c29e


File svchost.exe received on 2009.11.13 05:02:22 (UTC)


```
Antivirus	Version	Last Update	Result
a-squared	4.5.0.41	2009.11.10	-
AhnLab-V3	5.0.0.2	2009.11.06	-
AntiVir	7.9.1.61	2009.11.10	-
Antiy-AVL	2.0.3.7	2009.11.10	-
Authentium	5.2.0.5	2009.11.10	-
Avast	4.8.1351.0	2009.11.10	-
AVG	8.5.0.423	2009.11.10	-
BitDefender	7.2	2009.11.10	-
CAT-QuickHeal	10.00	2009.11.10	-
ClamAV	0.94.1	2009.11.10	-
Comodo	2905	2009.11.10	-
DrWeb	5.0.0.12182	2009.11.10	-
eSafe	7.0.17.0	2009.11.10	-
eTrust-Vet	35.1.7113	2009.11.10	-
F-Prot	4.5.1.85	2009.11.10	-
F-Secure	9.0.15370.0	2009.11.09	-
Fortinet	3.120.0.0	2009.11.10	-
GData	19	2009.11.10	-
Ikarus	T3.1.1.74.0	2009.11.10	-
Jiangmin	11.0.800	2009.11.10	-
K7AntiVirus	7.10.892	2009.11.09	-
Kaspersky	7.0.0.125	2009.11.10	-
McAfee	5797	2009.11.09	-
McAfee+Artemis	5797	2009.11.09	-
McAfee-GW-Edition	6.8.5	2009.11.10	-
Microsoft	1.5202	2009.11.10	-
NOD32	4592	2009.11.10	-
Norman	6.03.02	2009.11.09	-
nProtect	2009.1.8.0	2009.11.10	-
Panda	10.0.2.2	2009.11.09	-
PCTools	7.0.3.5	2009.11.10	-
Prevx	3.0	2009.11.13	-
Rising	22.21.01.09	2009.11.10	-
Sophos	4.47.0	2009.11.10	-
Sunbelt	3.2.1858.2	2009.11.10	-
Symantec	1.4.4.12	2009.11.10	-
TheHacker	6.5.0.2.064	2009.11.09	-
TrendMicro	9.0.0.1003	2009.11.10	-
VBA32	3.12.10.11	2009.11.09	-
ViRobot	2009.11.10.2029	2009.11.10	-
VirusBuster	4.6.5.0	2009.11.09	-
```

Additional information
File size: 460800 bytes
MD5...: 0e2325e8a7a2cc4c2d3964de4f6cc748

----------


## Surfer

File config.exe received on 2009.11.13 16:39:47 (UTC)
Result: 12/41 (29.27%)





> *a-squared	4.5.0.41	2009.11.13	Trojan.Win32.Qhost!IK*
> AhnLab-V3	5.0.0.2	2009.11.13	-
> AntiVir	7.9.1.65	2009.11.13	-
> Antiy-AVL	2.0.3.7	2009.11.13	-
> Authentium	5.2.0.5	2009.11.13	-
> Avast	4.8.1351.0	2009.11.13	-
> AVG	8.5.0.425	2009.11.13	-
> BitDefender	7.2	2009.11.13	-
> CAT-QuickHeal	10.00	2009.11.13	-
> ...


http://www.virustotal.com/analisis/7...abb-1258130387

----------


## gjf

Файло шлётся в письмах с текстовкой



> Dear Microsoft Customer,
> 
> Starting 12/11/2009 the Conficker worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected.
> 
> To counteract further spread we advise removing the infection using an antispyware program. We are supplying all effected Windows Users with a free system scan in order to clean any files infected by the virus.
> 
> Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.
> 
> Regards,
> ...




```
Antivirus 	Version 	Last Update 	Result
a-squared 	4.5.0.41 	2009.11.13 	-
AhnLab-V3 	5.0.0.2 	2009.11.13 	-
AntiVir 	7.9.1.65 	2009.11.13 	TR/Crypt.ZPACK.Gen
Antiy-AVL 	2.0.3.7 	2009.11.13 	-
Authentium 	5.2.0.5 	2009.11.13 	W32/Trojan3.BNG
Avast 	4.8.1351.0 	2009.11.13 	-
AVG 	8.5.0.425 	2009.11.13 	-
BitDefender 	7.2 	2009.11.13 	-
CAT-QuickHeal 	10.00 	2009.11.13 	(Suspicious) - DNAScan
ClamAV 	0.94.1 	2009.11.13 	-
Comodo 	2943 	2009.11.13 	-
DrWeb 	5.0.0.12182 	2009.11.13 	-
eSafe 	7.0.17.0 	2009.11.12 	Suspicious File
eTrust-Vet 	35.1.7119 	2009.11.13 	-
F-Prot 	4.5.1.85 	2009.11.13 	W32/Trojan3.BNG
F-Secure 	9.0.15370.0 	2009.11.11 	Suspicious:W32/Malware!Online
Fortinet 	3.120.0.0 	2009.11.13 	-
GData 	19 	2009.11.13 	-
Ikarus 	T3.1.1.74.0 	2009.11.13 	-
Jiangmin 	11.0.800 	2009.11.12 	-
K7AntiVirus 	7.10.896 	2009.11.13 	-
Kaspersky 	7.0.0.125 	2009.11.13 	-
McAfee 	5800 	2009.11.12 	-
McAfee+Artemis 	5800 	2009.11.12 	Artemis!74500712A6A8
McAfee-GW-Edition 	6.8.5 	2009.11.13 	Trojan.Crypt.ZPACK.Gen
Microsoft 	1.5202 	2009.11.13 	TrojanDownloader:Win32/Cutwail.gen!C
NOD32 	4604 	2009.11.13 	-
Norman 	6.03.02 	2009.11.13 	-
nProtect 	2009.1.8.0 	2009.11.13 	-
Panda 	10.0.2.2 	2009.11.13 	-
PCTools 	7.0.3.5 	2009.11.13 	-
Prevx 	3.0 	2009.11.13 	Medium Risk Malware
Rising 	22.21.04.09 	2009.11.13 	-
Sophos 	4.47.0 	2009.11.13 	Mal/FakeAV-AX
Sunbelt 	3.2.1858.2 	2009.11.12 	-
Symantec 	1.4.4.12 	2009.11.13 	-
TheHacker 	6.5.0.2.067 	2009.11.12 	-
TrendMicro 	9.0.0.1003 	2009.11.13 	-
VBA32 	3.12.10.11 	2009.11.13 	-
ViRobot 	2009.11.13.2035 	2009.11.13 	-
VirusBuster 	4.6.5.0 	2009.11.13 	-
```

Additional information
File size: 55296 bytes
MD5   : 74500712a6a8a4a5951b96b56edec45a
SHA1  : d01998acf475bce2c2bad9f87cef122d34749e1d
SHA256: 9a497aab1129e85baed8c101a04159770c81084698b81648d2  0215a6901ae364
PEInfo: PE Structure information

----------


## Никита Соловьев

http://www.virustotal.com/ru/analisi...86c-1258134499




> a-squared 4.5.0.41 2009.11.13 - 
> AhnLab-V3 5.0.0.2 2009.11.13 - 
> AntiVir 7.9.1.65 2009.11.13 - 
> Antiy-AVL 2.0.3.7 2009.11.13 - 
> Authentium 5.2.0.5 2009.11.13 - 
> Avast 4.8.1351.0 2009.11.13 - 
> AVG 8.5.0.425 2009.11.13 - 
> BitDefender 7.2 2009.11.13 - 
> *CAT-QuickHeal 10.00 2009.11.13 TrojanDropper.VB.mre*
> ...


http://www.virustotal.com/ru/analisi...e89-1258134678



> a-squared 4.5.0.41 2009.11.10 - 
> AhnLab-V3 5.0.0.2 2009.11.06 - 
> AntiVir 7.9.1.61 2009.11.10 - 
> Antiy-AVL 2.0.3.7 2009.11.10 - 
> Authentium 5.2.0.5 2009.11.10 - 
> Avast 4.8.1351.0 2009.11.10 - 
> AVG 8.5.0.423 2009.11.10 - 
> *BitDefender 7.2 2009.11.10 Gen:[email protected]* 
> CAT-QuickHeal 10.00 2009.11.10 - 
> ...

----------


## Никита Соловьев

http://www.virustotal.com/ru/analisi...f6f-1258229217




> a-squared 4.5.0.41 2009.11.14 - 
> AhnLab-V3 5.0.0.2 2009.11.13 - 
> AntiVir 7.9.1.65 2009.11.13 - 
> Antiy-AVL 2.0.3.7 2009.11.13 - 
> Authentium 5.2.0.5 2009.11.14 - 
> Avast 4.8.1351.0 2009.11.14 - 
> AVG 8.5.0.425 2009.11.14 - 
> BitDefender 7.2 2009.11.14 - 
> CAT-QuickHeal 10.00 2009.11.13 - 
> ...

----------


## senyak

Файл Book_1019.exe получен 2009.11.15 15:46:55 (UTC)
Текущий статус: закончено
Результат: 6/41 (14.64%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.41	2009.11.10	Trojan-Downloader.Adload!IK*
> AhnLab-V3	5.0.0.2	2009.11.06	-
> *AntiVir	7.9.1.61	2009.11.10	ADSPY/AdSpy.Gen*
> Antiy-AVL	2.0.3.7	2009.11.10	-
> Authentium	5.2.0.5	2009.11.10	-
> Avast	4.8.1351.0	2009.11.10	-
> AVG	8.5.0.423	2009.11.10	-
> BitDefender	7.2	2009.11.10	-
> ...


Дополнительная информация
File size: 2840636 bytes
MD5...: c242644ab2195e21c4e12db26d179791
SHA1..: 9a389131e813e78c0ca2ff231536e63e10d524b6
SHA256: 9d03bc6ab21defa3a08321ed3a6a72e7d6f45ee4252c4cbad2  317683e14b7553
ssdeep: 49152:jvuniWVf68YjB6MhLXNA3onW9FtdP2ZQlWnn4Br1i8qh  zRxYnVSvmYE8ej
jnMe6:S/Vf6RB6wLXNA3o8Fr+OW4pkhYnYvmqH
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...553-1258300015

----------


## ALEX(XX)

Файл opdux.exe получен 2009.11.16 12:15:42 (UTC)



```
Антивирус	Версия	Обновление	Результат
a-squared	4.5.0.41	2009.11.16	Trojan.Win32.Inhoo!IK
AhnLab-V3	5.0.0.2	2009.11.13	-
AntiVir	7.9.1.65	2009.11.16	TR/Crypt.XPACK.Gen
Antiy-AVL	2.0.3.7	2009.11.16	-
Authentium	5.2.0.5	2009.11.15	-
Avast	4.8.1351.0	2009.11.16	-
AVG	8.5.0.425	2009.11.16	-
BitDefender	7.2	2009.11.16	-
CAT-QuickHeal	10.00	2009.11.16	-
ClamAV	0.94.1	2009.11.15	-
Comodo	2957	2009.11.15	-
DrWeb	5.0.0.12182	2009.11.16	-
eSafe	7.0.17.0	2009.11.16	-
eTrust-Vet	35.1.7122	2009.11.16	-
F-Prot	4.5.1.85	2009.11.15	-
F-Secure	9.0.15370.0	2009.11.11	-
Fortinet	3.120.0.0	2009.11.16	-
GData	19	2009.11.16	-
Ikarus	T3.1.1.74.0	2009.11.16	Trojan.Win32.Inhoo
Jiangmin	11.0.800	2009.11.16	-
K7AntiVirus	7.10.896	2009.11.13	-
Kaspersky	7.0.0.125	2009.11.16	-
McAfee	5803	2009.11.15	-
McAfee+Artemis	5803	2009.11.15	Artemis!45861A208020
McAfee-GW-Edition	6.8.5	2009.11.16	Heuristic.LooksLike.Win32.SuspiciousPE.B
Microsoft	1.5202	2009.11.16	-
NOD32	4611	2009.11.16	-
Norman	6.03.02	2009.11.16	OnLineGames.KGCC
nProtect	2009.1.8.0	2009.11.16	Trojan-PWS/W32.WebGame.116522
Panda	10.0.2.2	2009.11.15	-
PCTools	7.0.3.5	2009.11.16	-
Prevx	3.0	2009.11.16	High Risk Cloaked Malware
Rising	22.22.00.08	2009.11.16	-
Sophos	4.47.0	2009.11.16	Mal/Taterf-A
Sunbelt	3.2.1858.2	2009.11.12	BehavesLike.Win32.Malware (v)
Symantec	1.4.4.12	2009.11.16	-
TheHacker	6.5.0.2.070	2009.11.14	-
TrendMicro	9.0.0.1003	2009.11.16	-
VBA32	3.12.10.11	2009.11.15	Trojan-PSW.Win32.OnlineGames.3
ViRobot	2009.11.16.2039	2009.11.16	-
VirusBuster	4.6.5.0	2009.11.15	-

Дополнительная информация
File size: 116522 bytes
MD5...: 45861a208020a1d229b0edd08d0e0728
SHA1..: 0816185e69fdc55028436e6ad61f5a0886af544b
SHA256: e3ff27178fa318e0a3d02a72f3e0c57b340e4ac15d6a3ee92cd58ba75104d313
ssdeep: 3072:pSI68HHJiSK8DxrAZfWtNvnDFslJ7gjZPFZLWA:pUK9rDxsZfWDDFs/7CdZ<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10df<br>timedatestamp.....: 0x4ae9205d (Thu Oct 29 04:55:57 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name        viradd    virsiz   rawdsiz  ntrpy  md5<br>.text       0x1000   0x1e000     0x69a   7.85  161cdb2fe51242369d2e1ad76108af32<br>.data      0x1f000   0x1a000   0x19e00   7.93  8a6df4b740fbc2532d922bfabd195250<br>.rsrc      0x39000    0x2000    0x1696   0.73  4d2293991318c4674c148474722c3b75<br>.reloc     0x3b000    0x4000     0x52a   0.08  4d4e2459bb10d0de2d080a7cba5a8524<br>vnpsg      0x3f000    0x1000     0x69a   0.00  d41d8cd98f00b204e9800998ecf8427e<br>           0x40000    0x3000       0x0   0.00  d41d8cd98f00b204e9800998ecf8427e<br><br>( 1 imports )  <br>&gt; KERNEL32.DLL: GetStartupInfoA, FlushFileBuffers, FlushInstructionCache, GetComputerNameExA, GetCommandLineA, GetModuleHandleA, LoadLibraryA, ExitProcess, GetCurrentProcessId, IsBadReadPtr<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
&lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=CF8A698C2ADF9E45C7D001C9F1596100BAD12C11' target='_blank'&gt;http://info.prevx.com/aboutprogramtext.asp?PX5=CF8A698C2ADF9E45C7D001C9F1596100BAD12C11&lt;/a&gt;
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
```

----------


## gjf

Судя по строкам в коде, некий "СМС-шпион от Martin Pesch"



```
Antivirus 	Version 	Last Update 	Result
a-squared 	4.5.0.41 	2009.11.16 	-
AhnLab-V3 	5.0.0.2 	2009.11.16 	-
AntiVir 	7.9.1.65 	2009.11.16 	-
Antiy-AVL 	2.0.3.7 	2009.11.16 	-
Authentium 	5.2.0.5 	2009.11.16 	-
Avast 	4.8.1351.0 	2009.11.16 	-
AVG 	8.5.0.425 	2009.11.16 	-
BitDefender 	7.2 	2009.11.16 	-
CAT-QuickHeal 	10.00 	2009.11.16 	-
ClamAV 	0.94.1 	2009.11.16 	-
Comodo 	2958 	2009.11.16 	-
DrWeb 	5.0.0.12182 	2009.11.16 	-
eSafe 	7.0.17.0 	2009.11.16 	-
eTrust-Vet 	35.1.7123 	2009.11.16 	-
F-Prot 	4.5.1.85 	2009.11.16 	-
F-Secure 	9.0.15370.0 	2009.11.11 	-
Fortinet 	3.120.0.0 	2009.11.16 	-
GData 	19 	2009.11.16 	-
Ikarus 	T3.1.1.74.0 	2009.11.16 	-
Jiangmin 	11.0.800 	2009.11.16 	-
K7AntiVirus 	7.10.897 	2009.11.16 	Trojan.Win32.Malware.1
Kaspersky 	7.0.0.125 	2009.11.16 	-
McAfee 	5804 	2009.11.16 	-
McAfee+Artemis 	5804 	2009.11.16 	-
McAfee-GW-Edition 	6.8.5 	2009.11.16 	-
Microsoft 	1.5202 	2009.11.16 	-
NOD32 	4613 	2009.11.16 	-
Norman 	6.03.02 	2009.11.16 	W32/Banker.C!genr
nProtect 	2009.1.8.0 	2009.11.16 	-
Panda 	10.0.2.2 	2009.11.16 	-
PCTools 	7.0.3.5 	2009.11.16 	-
Prevx 	3.0 	2009.11.16 	Medium Risk Malware
Rising 	22.22.00.08 	2009.11.16 	-
Sophos 	4.47.0 	2009.11.16 	-
Sunbelt 	3.2.1858.2 	2009.11.12 	-
Symantec 	1.4.4.12 	2009.11.16 	-
TheHacker 	6.5.0.2.071 	2009.11.16 	Trojan/Buzus.bjcf
TrendMicro 	9.0.0.1003 	2009.11.16 	-
VBA32 	3.12.10.11 	2009.11.15 	-
ViRobot 	2009.11.16.2039 	2009.11.16 	Trojan.Win32.Agent.2558416
VirusBuster 	4.6.5.0 	2009.11.16 	-
```

----------


## Viver

Пришло по почте



```
Антивирус	Версия	Обновление	Результат
a-squared	4.5.0.41	2009.11.17	Email-Worm.Win32.Alcaul!IK
AhnLab-V3	5.0.0.2	2009.11.16	-
AntiVir	7.9.1.65	2009.11.17	-
Antiy-AVL	2.0.3.7	2009.11.17	-
Authentium	5.2.0.5	2009.11.17	-
Avast	4.8.1351.0	2009.11.16	-
AVG	8.5.0.425	2009.11.17	-
BitDefender	7.2	2009.11.17	-
CAT-QuickHeal	10.00	2009.11.17	(Suspicious) - DNAScan
ClamAV	0.94.1	2009.11.17	-
Comodo	2964	2009.11.17	-
DrWeb	5.0.0.12182	2009.11.17	-
eSafe	7.0.17.0	2009.11.16	Win32.Email.Worm.alc
eTrust-Vet	35.1.7124	2009.11.17	-
F-Prot	4.5.1.85	2009.11.16	-
F-Secure	9.0.15370.0	2009.11.17	-
Fortinet	3.120.0.0	2009.11.16	-
GData	19	2009.11.17	-
Ikarus	T3.1.1.74.0	2009.11.17	Email-Worm.Win32.Alcaul
Jiangmin	11.0.800	2009.11.17	-
K7AntiVirus	7.10.897	2009.11.16	-
Kaspersky	7.0.0.125	2009.11.17	-
McAfee	5804	2009.11.16	-
McAfee+Artemis	5804	2009.11.16	-
McAfee-GW-Edition	6.8.5	2009.11.17	-
Microsoft	1.5202	2009.11.17	-
NOD32	4613	2009.11.16	-
Norman	6.03.02	2009.11.17	-
nProtect	2009.1.8.0	2009.11.17	-
Panda	10.0.2.2	2009.11.16	-
PCTools	7.0.3.5	2009.11.17	-
Prevx	3.0	2009.11.17	-
Rising	22.22.01.06	2009.11.17	-
Sophos	4.47.0	2009.11.17	-
Sunbelt	3.2.1858.2	2009.11.12	-
Symantec	1.4.4.12	2009.11.17	-
TheHacker	6.5.0.2.071	2009.11.16	-
TrendMicro	9.0.0.1003	2009.11.17	-
VBA32	3.12.10.11	2009.11.15	-
ViRobot	2009.11.17.2041	2009.11.17	-
VirusBuster	4.6.5.0	2009.11.16	-

Дополнительная информация
File&nbsp;size: 321252 bytes
MD5&nbsp;&nbsp;&nbsp;: 9495af761e931137c652aa23edfdb8b1
SHA1&nbsp;&nbsp;: a8834f74c885c899290b046a986f97ab4ffb2ace
SHA256: bc7b5102b4199b2ea4d1da14c719200122d46c159143e8c3e89026479ba9811b
PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0xA29A0<br> timedatestamp.....: 0x3EC86C8E (Mon May 19 07:33:02 2003)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 3 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> code 0x1000 0x67000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>text 0x68000 0x3B000 0x3AC00 7.92 d02a24ba5d833b9df533741aeaf5597d<br>.rsrc 0xA3000 0x7000 0x6A00 4.18 a691aeee67ecb4bd770132f10e1caa78<br> <br> ( 9 imports )<br> <br>&gt; advapi32.dll: RegCloseKey<br>&gt; comctl32.dll: -<br>&gt; comdlg32.dll: GetOpenFileNameA<br>&gt; gdi32.dll: PatBlt<br>&gt; kernel32.dll: LoadLibraryA, GetProcAddress, ExitProcess<br>&gt; ole32.dll: DoDragDrop<br>&gt; oleaut32.dll: -<br>&gt; shlwapi.dll: PathIsURLA<br>&gt; user32.dll: GetDC<br> <br> ( 0 exports )<br>
TrID&nbsp;&nbsp;: File type identification<br>56.9% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)<br>18.2% (.EXE) Win32 Executable Generic (8527/13/3)<br>16.2% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)<br>4.2% (.EXE) Generic Win/DOS Executable (2002/3)<br>4.2% (.EXE) DOS Executable Generic (2000/1)
ssdeep: 6144:HibqIVqfnbpbSdebCVIbY1/JaXxky4BPdlz05pL7ITJcm5DXN2MsQRjx:HIqIWnbhY2Y1/A14B7CpLSN2g9x
PEiD&nbsp;&nbsp;: UPX 2.90 [LZMA] -&gt; Markus Oberhumer, Laszlo Molnar &amp; John Reiser
packers&nbsp;(Kaspersky): UPX
packers&nbsp;(F-Prot): UPX
RDS&nbsp;&nbsp;&nbsp;: NSRL Reference Data Set<br>-
```

----------


## Surfer

File hot.html received on 2009.11.18 15:59:35 (UTC)
Result: 8/41 (19.52%)




> a-squared 4.5.0.41 2009.11.18 Trojan-Downloader.JS.Shadraem!IK 
> AhnLab-V3 5.0.0.2 2009.11.18 - 
> AntiVir 7.9.1.70 2009.11.18 HTML/Crypted.Gen 
> Antiy-AVL 2.0.3.7 2009.11.18 - 
> Authentium 5.2.0.5 2009.11.18 - 
> Avast 4.8.1351.0 2009.11.18 HTML:IFrame-KP 
> AVG 8.5.0.425 2009.11.18 - 
> BitDefender 7.2 2009.11.18 - 
> CAT-QuickHeal 10.00 2009.11.17 - 
> ...


http://www.virustotal.com/analisis/9...f7a-1258559975

----------


## ISO

File userlib.dll received on 2009.11.19 16:18:09 (UTC)
Result: 3/41 (7.32%)


```
Antivirus 	Version 	Last Update 	Result
a-squared	4.5.0.41	2009.11.19	-
AhnLab-V3	5.0.0.2	2009.11.19	-
AntiVir	7.9.1.72	2009.11.19	-
Antiy-AVL	2.0.3.7	2009.11.19	-
Authentium	5.2.0.5	2009.11.19	-
Avast	4.8.1351.0	2009.11.19	-
AVG	8.5.0.425	2009.11.19	-
BitDefender	7.2	2009.11.19	-
CAT-QuickHeal	10.00	2009.11.19	-
ClamAV	0.94.1	2009.11.19	-
Comodo	2979	2009.11.18	-
DrWeb	5.0.0.12182	2009.11.19	Trojan.Winlock.341
eSafe	7.0.17.0	2009.11.19	-
eTrust-Vet	35.1.7130	2009.11.19	-
F-Prot	4.5.1.85	2009.11.19	-
F-Secure	9.0.15370.0	2009.11.17	-
Fortinet	3.120.0.0	2009.11.19	-
GData	19	2009.11.19	-
Ikarus	T3.1.1.74.0	2009.11.19	-
Jiangmin	11.0.800	2009.11.19	-
K7AntiVirus	7.10.900	2009.11.19	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2009.11.19	-
McAfee	5806	2009.11.18	-
McAfee+Artemis	5806	2009.11.18	-
McAfee-GW-Edition	6.8.5	2009.11.19	-
Microsoft	1.5302	2009.11.19	-
NOD32	4622	2009.11.19	Win32/LockScreen.CZ
Norman	6.03.02	2009.11.19	-
nProtect	2009.1.8.0	2009.11.19	-
Panda	10.0.2.2	2009.11.18	-
PCTools	7.0.3.5	2009.11.19	-
Prevx	3.0	2009.11.19	-
Rising	22.22.03.09	2009.11.19	-
Sophos	4.47.0	2009.11.19	-
Sunbelt	3.2.1858.2	2009.11.19	-
Symantec	1.4.4.12	2009.11.19	-
TheHacker	6.5.0.2.073	2009.11.18	-
TrendMicro	9.0.0.1003	2009.11.19	-
VBA32	3.12.12.0	2009.11.19	-
ViRobot	2009.11.19.2045	2009.11.19	-
VirusBuster	5.0.21.0	2009.11.19	-
```

Additional information
File size: 114688 bytes
MD5...: c06063a7028d3b68df9b295fc56cdfc8
SHA1..: aed50512acf6ce6816e95f7892cd50fe51ca88e7
SHA256: a9d095bd1b6b25ea83483c71fcb650390929bd8a567a12f9c6  50303980dd6d1b
ssdeep: 1536:EEwtiCTKB56FSRxa0kGU7c+gV0Up33ZNgk8VSlpVS2tkB  :ofK36FSuXKNMV
sV3tk
PEiD..: -


 File pno0001.exe received on 2009.11.19 16:29:08 (UTC)
Result: 14/41 (34.15%)


```
Antivirus 	Version 	Last Update 	Result
a-squared	4.5.0.41	2009.11.19	Trojan.Win32.Pakes!A2
AhnLab-V3	5.0.0.2	2009.11.19	Win-Trojan/Pakes.97280
AntiVir	7.9.1.72	2009.11.19	-
Antiy-AVL	2.0.3.7	2009.11.19	-
Authentium	5.2.0.5	2009.11.19	-
Avast	4.8.1351.0	2009.11.19	-
AVG	8.5.0.425	2009.11.19	-
BitDefender	7.2	2009.11.19	-
CAT-QuickHeal	10.00	2009.11.19	Trojan.Agent.ATV
ClamAV	0.94.1	2009.11.19	-
Comodo	2979	2009.11.18	TrojWare.Win32.Trojan.Agent.~HDM
DrWeb	5.0.0.12182	2009.11.19	-
eSafe	7.0.17.0	2009.11.19	Win32.TRCrypt.XPACK
eTrust-Vet	35.1.7130	2009.11.19	-
F-Prot	4.5.1.85	2009.11.19	-
F-Secure	9.0.15370.0	2009.11.17	Suspicious:W32/Malware!Gemini
Fortinet	3.120.0.0	2009.11.19	-
GData	19	2009.11.19	-
Ikarus	T3.1.1.74.0	2009.11.19	-
Jiangmin	11.0.800	2009.11.19	-
K7AntiVirus	7.10.900	2009.11.19	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2009.11.19	-
McAfee	5806	2009.11.18	potentially unwanted program Kkrunchy Packed
McAfee+Artemis	5806	2009.11.18	potentially unwanted program Kkrunchy Packed
McAfee-GW-Edition	6.8.5	2009.11.19	Heuristic.LooksLike.Win32.Dropper.B
Microsoft	1.5302	2009.11.19	-
NOD32	4622	2009.11.19	-
Norman	6.03.02	2009.11.19	-
nProtect	2009.1.8.0	2009.11.19	-
Panda	10.0.2.2	2009.11.18	-
PCTools	7.0.3.5	2009.11.19	-
Prevx	3.0	2009.11.19	-
Rising	22.22.03.09	2009.11.19	Packer.Win32.Agent.GEN
Sophos	4.47.0	2009.11.19	-
Sunbelt	3.2.1858.2	2009.11.19	Trojan.Win32.Pakes
Symantec	1.4.4.12	2009.11.19	-
TheHacker	6.5.0.2.073	2009.11.18	Trojan/Pakes
TrendMicro	9.0.0.1003	2009.11.19	-
VBA32	3.12.12.0	2009.11.19	-
ViRobot	2009.11.19.2045	2009.11.19	Spyware.Pakes.97280
VirusBuster	5.0.21.0	2009.11.19	-
```

Additional information
File size: 97280 bytes
MD5...: 0630f5f61bbd95dd28c2558c7092bc07
SHA1..: 29413afbc3a5b5fb03de428a546235559e3170b5
SHA256: ac2192b740c57125067a29d2e0ea6d95b222543398188c5f67  bbf01157622685
ssdeep: 1536:1Y0Fv5UEX+k/uR61CxyT/k4ce044gWO9tCFkKE/K/plMCqisOARp6+RyhWL
fh:dFv5UEC6WJje044dytCFlqK/7MCsOAxD
PEiD..: -
PEInfo: PE Structure information

----------


## Surfer

File Supernatural_S05E10_Abandon_All_H received on 2009.11.20 10:19:02 (UTC)
Result: 12/41 (29.27%)




> *a-squared	4.5.0.41	2009.11.20	Riskware.Win32.Vbinder!IK*
> AhnLab-V3	5.0.0.2	2009.11.19	-
> AntiVir	7.9.1.72	2009.11.20	-
> Antiy-AVL	2.0.3.7	2009.11.20	-
> Authentium	5.2.0.5	2009.11.19	-
> Avast	4.8.1351.0	2009.11.20	-
> AVG	8.5.0.425	2009.11.20	-
> *BitDefender	7.2	2009.11.20	Gen:[email protected]*
> CAT-QuickHeal	10.00	2009.11.20	-
> ...


http://www.virustotal.com/analisis/d...671-1258712342

----------


## Surfer

File VKMaster.exe received on 2009.11.25 06:06:50 (UTC)
Result: 10/41 (24.4%)





> *a-squared	4.5.0.43	2009.11.25	Trojan.Win32.VkHost!IK*
> AhnLab-V3	5.0.0.2	2009.11.24	-
> AntiVir	7.9.1.70	2009.11.24	-
> *Antiy-AVL	2.0.3.7	2009.11.24	Trojan/Win32.VkHost*
> Authentium	5.2.0.5	2009.11.24	-
> Avast	4.8.1351.0	2009.11.24	-
> AVG	8.5.0.425	2009.11.24	-
> BitDefender	7.2	2009.11.25	-
> CAT-QuickHeal	10.00	2009.11.25	-
> ...


http://www.virustotal.com/analisis/0...c3e-1259129210

----------


## Ingener

Файл js1.js получен 2009.11.26 00:12:04 (UTC)
Текущий статус: закончено 
Результат: 4/41 (9.76%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.43	2009.11.25	-
> AhnLab-V3	5.0.0.2	2009.11.25	-
> *AntiVir	7.9.1.78	2009.11.25	JS/iFrame.ZP*
> Antiy-AVL	2.0.3.7	2009.11.25	-
> Authentium	5.2.0.5	2009.11.25	-
> *Avast	4.8.1351.0	2009.11.25	HTML:Iframe-inf*
> AVG	8.5.0.425	2009.11.25	-
> BitDefender	7.2	2009.11.26	-
> ...


Дополнительная информация
File size: 464 bytes
MD5   : c8d70b689752d07fb6b4129960565ea9
SHA1  : 54900c914e777bdfc465d28955979eddd539ef7c
SHA256: 73b0a813fab7c0f758e346994db022da4b2bfe7f7b81f21f69  87c2a477398d02
TrID  : File type identification
file seems to be plain text/ASCII (0.0%)
ssdeep: 12:SFBt5PBLU5M5vQnDzLMXFF91I193MLDIqJmWJcTrVMbu:SF  Bt5FU5CvmDWFF0XkD3SHVMq
PEiD  : -
RDS   : NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...d02-1259194324

***

Файл js2.js получен 2009.11.26 00 :20: 22 (UTC)
Текущий статус:    закончено 
Результат: 1/41 (2.44%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.43	2009.11.25	-
> AhnLab-V3	5.0.0.2	2009.11.25	-
> AntiVir	7.9.1.78	2009.11.25	-
> Antiy-AVL	2.0.3.7	2009.11.25	-
> Authentium	5.2.0.5	2009.11.25	-
> Avast	4.8.1351.0	2009.11.25	-
> AVG	8.5.0.425	2009.11.25	-
> BitDefender	7.2	2009.11.26	-
> ...


Дополнительная информация
File size: 972 bytes
MD5...: f93215e92417e29ec5be1f246399678d
SHA1..: d3a576835a39c82a2813532abc7dca8c27889c32
SHA256: 42fe4ef2a7a270c04bb93d136d37041d9d2fb4e92e8f26aa7f  9c11eed46b5f07
ssdeep: 24:QZFWLOPVGO8lP9T3lDaYLCKjMtd/5yfXk61M5:vLd9T3lGYLCKjMt94/kH
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Text - UTF-16 (LE) encoded (64.4%)
MP3 audio (32.2%)
Lumena CEL bitmap (2.0%)
Corel Photo Paint (1.3%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): Unicode

http://www.virustotal.com/ru/analisi...f07-1259194822

***

Файл js3.js получен 2009.11.26 00:23:56 (UTC)
Текущий статус:   закончено 
Результат: 6/41 (14.64%)



> Антивирус	Версия	Обновление	Результат
> *a-squared	4.5.0.43	2009.11.25	Generic.XPL.ADODB!IK*
> AhnLab-V3	5.0.0.2	2009.11.25	-
> AntiVir	7.9.1.78	2009.11.25	-
> Antiy-AVL	2.0.3.7	2009.11.25	-
> Authentium	5.2.0.5	2009.11.25	-
> Avast	4.8.1351.0	2009.11.25	-
> AVG	8.5.0.425	2009.11.25	-
> BitDefender	7.2	2009.11.26	-
> ...


Дополнительная информация
File size: 5100 bytes
MD5...: e31525943fdef580361a8ad018f71736
SHA1..: 2bf16f831abf05139815fa4d5cad7c275224aeae
SHA256: e097e355c51ae57845ba6c346c34bc4489baa0104f955f2a0f  c74a6686570e39
ssdeep: 96:0PANgC4OwWJrHa69caEiOHdMlBKgBg+4S:++43WJrHaocaE  ikMDp
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Unknown!

http://www.virustotal.com/ru/analisi...e39-1259195036

----------


## senyak

В VBA, DrWeb и  Symantec файл ушел

Файл tcwoa8mp.scr.part получен 2009.11.27 16:09:24 (UTC)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 8/41 (19.52%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.43	2009.11.26	-
> AhnLab-V3	5.0.0.2	2009.11.26	-
> *AntiVir	7.9.1.78	2009.11.26	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2009.11.26	-
> Authentium	5.2.0.5	2009.11.26	-
> Avast	4.8.1351.0	2009.11.26	-
> AVG	8.5.0.425	2009.11.26	-
> BitDefender	7.2	2009.11.26	-
> ...


Дополнительная информация
File size: 141312 bytes
MD5...: 2089ab41530c6394c60009f822228444
SHA1..: fbac52fe484d8752a30eeb41911966bf51a1ab76
SHA256: 3f36cf53d21c4e74ab3373f39eb859f5d885d197fbf348007d  79c23e5df116e2
ssdeep: 3072:i98xzIsP/3Dsv7TFMz9wbhH9QI7npj1jNz6N+00D:HznX3gjTFU9tILNz6N
+00D
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...6e2-1259338164

----------


## ISO

Файл fsuwdm.exe получен 2009.12.01 04:22:19 (UTC)
Текущий статус: закончено
Результат: 19/41 (46.34%)



> Антивирус 	Версия 	Обновление 	Результат
> *a-squared 	4.5.0.43 	2009.12.01 	Worm.Autorun!IK*
> AhnLab-V3 	5.0.0.2 	2009.12.01 	-
> *AntiVir 	7.9.1.88 	2009.11.30 	Worm/Autorun.esq*
> Antiy-AVL 	2.0.3.7 	2009.12.01 	-
> Authentium 	5.2.0.5 	2009.11.30 	-
> Avast 	4.8.1351.0 	2009.11.30 	-
> AVG 	8.5.0.426 	2009.12.01 	-
> *BitDefender 	7.2 	2009.12.01 	Trojan.Generic.IS.548711*
> ...


Дополнительная информация
File size: 101887 bytes
MD5   : fb9e6b5ecf70319a9265160366758d40
SHA1  : fad215f0578e1d1e7d8bc56947e2aec81db9aea8
SHA256: 29df2d237385b30f2152b7bfd5b8f138182b2874a0b278e9b4  ca24dbc5725a6d
PEInfo: PE Structure information

----------


## Shu_b

Очередные промежуточные итоги народного тестирования Октябрь-Ноябрь:

----------


## senyak

Пришел по скайпу

Файл DCS00006.scr получен 2009.12.02 11:13:26 (UTC)
Текущий статус: закончено
Результат: 10/41 (24.4%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.43	2009.12.02	Riskware.Win32.VBInject!IK*
> AhnLab-V3	5.0.0.2	2009.12.02	-
> *AntiVir	7.9.1.92	2009.12.02	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2009.12.02	-
> *Authentium	5.2.0.5	2009.12.02	W32/Trojan-Gypikon-based.DM2!Maximus*
> Avast	4.8.1351.0	2009.12.02	-
> *AVG	8.5.0.426	2009.12.02	BackDoor.Generic12.MNM*
> BitDefender	7.2	2009.12.02	-
> ...


Дополнительная информация
File size: 127853 bytes
MD5...: 53392b9a43e84ba983287a394d26fdee
SHA1..: 3b13ca048572602d8a572036fc3fb968949f0d3d
SHA256: df0088568531f9265eb3e56fdd546a42d66256d32788d2c66b  76230eee71137b
ssdeep: 3072:c8JzVjHbmp5JsZ1prgZWHJTJK5DcSXIeUSJU5MQyBDc2:  c8rmZETgZqJTJ9
cvuH2
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...37b-1259752406

----------


## Surfer

File setup.exe received on 2009.12.03 14:47:53 (UTC)
Result: 8/41 (19.52%)	





> a-squared	4.5.0.43	2009.12.03	-
> AhnLab-V3	5.0.0.2	2009.12.03	-
> AntiVir	7.9.1.92	2009.12.03	-
> Antiy-AVL	2.0.3.7	2009.12.03	-
> Authentium	5.2.0.5	2009.12.02	-
> Avast	4.8.1351.0	2009.12.03	-
> AVG	8.5.0.426	2009.12.03	-
> BitDefender	7.2	2009.12.03	-
> *CAT-QuickHeal	10.00	2009.12.03	Trojan.VkHost.is*
> ...


http://www.virustotal.com/analisis/b...db3-1259851673

----------


## senyak

Тонну такого борохла приходит по аси

Файл foto.jar получен 2009.12.04 13:28:05 (UTC)
Текущий статус: закончено
Результат: 17/41 (41.47%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.43	2009.12.04	-
> AhnLab-V3	5.0.0.2	2009.12.04	-
> *AntiVir	7.9.1.92	2009.12.04	JAVA/SMS.J2ME.Age.D
> Antiy-AVL	2.0.3.7	2009.12.04	Trojan/J2ME.Agent*
> Authentium	5.2.0.5	2009.12.02	-
> *Avast	4.8.1351.0	2009.12.03	Other:Malware-gen*
> AVG	8.5.0.426	2009.12.04	-
> *BitDefender	7.2	2009.12.04	Trojan.Generic.IS.610206*
> ...


Дополнительная информация
File size: 68433 bytes
MD5...: 99112e2a299041c0478e35384fa7753f
SHA1..: b3937b7e6df359b8763ba11df00005e3b7131c46
SHA256: 94271af5ee9b7db897856f421c74d4c879caf1bab091e10ea4  cf8448d32954f9
ssdeep: 1536:Abx4kPpu0pEU3/4+vat5OATBgM4bPxhRL+ngk5NS+uxo/4qNpaW5MH:I4kP
pu0aU3/47O7BbPnRLf+iy4qNXw
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...4f9-1259933285

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Surfer

File setup.exe received on 2009.12.05 21:55:40 (UTC)
Result: 8/41 (19.52%)




> a-squared 4.5.0.43 2009.12.05 - 
> AhnLab-V3 5.0.0.2 2009.12.05 - 
> AntiVir 7.9.1.92 2009.12.05 - 
> Antiy-AVL 2.0.3.7 2009.12.04 - 
> Authentium 5.2.0.5 2009.12.02 - 
> Avast 4.8.1351.0 2009.12.05 - 
> AVG 8.5.0.426 2009.12.05 - 
> BitDefender 7.2 2009.12.05 - 
> *CAT-QuickHeal 10.00 2009.12.05 Trojan.VkHost.is*
> ...


http://www.virustotal.com/analisis/e...6ad-1260050140

----------


## Ingener

Файл js1.js получен 2009.12.11 22:25:02 (UTC)
Текущий статус:  закончено 
Результат: 4/41 (9.76%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.43	2009.12.11	-
> AhnLab-V3	5.0.0.2	2009.12.11	-
> AntiVir	7.9.1.108	2009.12.11	-
> Antiy-AVL	2.0.3.7	2009.12.11	-
> Authentium	5.2.0.5	2009.12.02	-
> *Avast	4.8.1351.0	2009.12.11	HTML:IFrame-JZ*
> AVG	8.5.0.427	2009.12.11	-
> BitDefender	7.2	2009.12.11	-
> ...


http://www.virustotal.com/ru/analisi...d81-1260570302

***

Файл js2.js получен 2009.12.11 22:33:10 (UTC)
Текущий статус:  закончено 
Результат: 2/41 (4.88%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.43	2009.12.11	-
> AhnLab-V3	5.0.0.2	2009.12.11	-
> AntiVir	7.9.1.108	2009.12.11	-
> Antiy-AVL	2.0.3.7	2009.12.11	-
> Authentium	5.2.0.5	2009.12.02	-
> Avast	4.8.1351.0	2009.12.11	-
> AVG	8.5.0.427	2009.12.11	-
> BitDefender	7.2	2009.12.11	-
> ...


http://www.virustotal.com/ru/analisi...2af-1260570790

***

Файл js3.js получен 2009.12.11 22:35:13 (UTC)
Текущий статус:   закончено 
Результат: 8/41 (19.52%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.43	2009.12.11	-
> AhnLab-V3	5.0.0.2	2009.12.11	-
> *AntiVir	7.9.1.108	2009.12.11	HTML/Crypted.Gen*
> Antiy-AVL	2.0.3.7	2009.12.11	-
> Authentium	5.2.0.5	2009.12.02	-
> Avast	4.8.1351.0	2009.12.11	-
> *AVG	8.5.0.427	2009.12.11	JS/Downloader.Agent*
> BitDefender	7.2	2009.12.11	-
> ...


http://www.virustotal.com/ru/analisi...cee-1260570913

***

Файл js4.js получен 2009.12.11 22:52:48 (UTC)
Текущий статус: закончено 
Результат: 3/41 (7.32%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.43	2009.12.11	-
> AhnLab-V3	5.0.0.2	2009.12.11	-
> AntiVir	7.9.1.108	2009.12.11	-
> Antiy-AVL	2.0.3.7	2009.12.11	-
> Authentium	5.2.0.5	2009.12.02	-
> *Avast	4.8.1351.0	2009.12.11	HTML:IFrame-LE*
> AVG	8.5.0.427	2009.12.11	-
> BitDefender	7.2	2009.12.11	-
> ...


http://www.virustotal.com/ru/analisi...37f-1260571968

***

Файл js5.js получен 2009.12.11 22:56:35 (UTC)
Текущий статус:    закончено 
Результат: 2/41 (4.88%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.43	2009.12.11	-
> AhnLab-V3	5.0.0.2	2009.12.11	-
> AntiVir	7.9.1.108	2009.12.11	-
> Antiy-AVL	2.0.3.7	2009.12.11	-
> Authentium	5.2.0.5	2009.12.02	-
> Avast	4.8.1351.0	2009.12.11	-
> AVG	8.5.0.427	2009.12.11	-
> BitDefender	7.2	2009.12.11	-
> ...


http://www.virustotal.com/ru/analisi...489-1260572195

***

Файл js6.js получен 2009.12.11 23:04:22 (UTC)
Текущий статус:    закончено 
Результат: 3/41 (7.32%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.43	2009.12.11	-
> AhnLab-V3	5.0.0.2	2009.12.11	-
> AntiVir	7.9.1.108	2009.12.11	-
> Antiy-AVL	2.0.3.7	2009.12.11	-
> Authentium	5.2.0.5	2009.12.02	-
> *Avast	4.8.1351.0	2009.12.11	JSownloader-EN*
> AVG	8.5.0.427	2009.12.12	-
> BitDefender	7.2	2009.12.11	-
> ...


http://www.virustotal.com/ru/analisi...e13-1260572662

----------


## gjf

Файл qqiliq.zip получен 2009.12.12 09:53:21 (UTC)
Текущий статус: закончено
Результат: 8/41 (19.51%)




> Антивирус 	Версия 	Обновление 	Результат
> a-squared 	4.5.0.43 	2009.12.12 	-
> AhnLab-V3 	5.0.0.2 	2009.12.11 	-
> AntiVir 	7.9.1.108 	2009.12.11 	-
> Antiy-AVL 	2.0.3.7 	2009.12.11 	-
> Authentium 	5.2.0.5 	2009.12.02 	W32/Heuristic-CO2!Eldorado
> Avast 	4.8.1351.0 	2009.12.12 	-
> AVG 	8.5.0.427 	2009.12.12 	-
> BitDefender 	7.2 	2009.12.12 	-
> ...


http://www.virustotal.com/ru/analisi...34b-1260611601

----------


## valho

Файл instt.exe получен 2009.12.12 11:36:15 (UTC)
Текущий статус: закончено
Результат: 16/41 (39.03%)



> *a-squared	4.5.0.43	2009.12.12	Virus.Win32.Trojan!IK*
> *AhnLab-V3	5.0.0.2	2009.12.12	Win-Trojan/Xema.variant*
> *AntiVir	7.9.1.108	2009.12.11	HEUR/Malware*
> Antiy-AVL	2.0.3.7	2009.12.11	-
> Authentium	5.2.0.5	2009.12.02	-
> Avast	4.8.1351.0	2009.12.12	-
> *AVG	8.5.0.427	2009.12.12	Generic10.ACCQ*
> BitDefender	7.2	2009.12.12	-
> *CAT-QuickHeal	10.00	2009.12.12	Trojan.Clocsam.a*
> ...


Дополнительная информация
File size: 52187 bytes
MD5...: 40daf36d32b73dae2cccb78b597d69e4
SHA1..: cabce6308a4544da518f4af4b13c5b069e07c05f
SHA256: 0eeae9b7375caf1690300eeaebf9dc7443254fd6f3f5f51138  93e857ed0b961a
ssdeep: 768:4gP4gq7BH614yiFPk19JbMNDCviVYqahagE7SIjN/UDR22:N4D7U1qcjWNKi
+q8EusNq22
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2900
timedatestamp.....: 0x3db0fe7f (Sat Oct 19 06:41:03 2002)
machinetype.......: 0x14c (I386)

Файл pcinstalk.exe получен 2009.12.12 11:37:57 (UTC)
Текущий статус: закончено
Результат: 4/41 (9.76%)



> a-squared	4.5.0.43	2009.12.12	-
> AhnLab-V3	5.0.0.2	2009.12.12	-
> AntiVir	7.9.1.108	2009.12.11	-
> Antiy-AVL	2.0.3.7	2009.12.11	-
> Authentium	5.2.0.5	2009.12.02	-
> Avast	4.8.1351.0	2009.12.12	-
> AVG	8.5.0.427	2009.12.12	-
> BitDefender	7.2	2009.12.12	-
> CAT-QuickHeal	10.00	2009.12.12	-
> ...


Дополнительная информация
File size: 176517 bytes
MD5...: 00865807bad7e7e983191056d416481e
SHA1..: 236c97731c1b218fdcc1bdd7beac4abd3fb7f506
SHA256: 8e0d1e45cbb37a49872b4fbd6ff85f5184f23c5469547f8b00  8667f8f3e9ebd9
ssdeep: 3072:zBpB5GDAqF1OxdXiOnW/r8N1e0UGX8FJ6EhIcUvcPnaYHZMV2:3zG8nriOn
W/rGgGQJVI762V2
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x17de0
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

Файл rundlll.exe получен 2009.12.12 11:38:10 (UTC)
Текущий статус: закончено
Результат: 26/41 (63.42%)



> *a-squared	4.5.0.43	2009.12.12	Trojan.Win32.Krotten!IK*
> *AhnLab-V3	5.0.0.2	2009.12.12	Win-Trojan/Krotten.46995*
> *AntiVir	7.9.1.108	2009.12.11	HEUR/Malware*
> *Antiy-AVL	2.0.3.7	2009.12.11	Trojan/Win32.Agent.gen*
> *Authentium	5.2.0.5	2009.12.02	W32/Krotten.A*
> Avast	4.8.1351.0	2009.12.12	-
> *AVG	8.5.0.427	2009.12.12	Agent.DD*
> *BitDefender	7.2	2009.12.12	Trojan.Krotten.B*
> CAT-QuickHeal	10.00	2009.12.12	-
> ...


Дополнительная информация
File size: 66659 bytes
MD5...: 759aa37d2ad58da2ce731e72b5707111
SHA1..: 171688e4fc529c7da152baffac38fd72ba3287c4
SHA256: 894cc64ff898d5834e2256d5f1790c2052422f884d3f4be7ce  d166272e64600b
ssdeep: 768:4yKoNLsn4Jp9ZvRInygrpMoZN+WtOl08j7XEHCDwBLpZTP  CUvQSr72W:j/sn
4/OycxZN+MK7j8t9zQSr72W
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x37c7
timedatestamp.....: 0x40715c58 (Mon Apr 05 13:17:12 2004)
machinetype.......: 0x14c (I386)

Файл install_sms_cracker.exe получен 2009.12.12 11:55:28 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.2%)



> a-squared	4.5.0.43	2009.12.12	-
> AhnLab-V3	5.0.0.2	2009.12.12	-
> AntiVir	7.9.1.108	2009.12.11	-
> Antiy-AVL	2.0.3.7	2009.12.11	-
> Authentium	5.2.0.5	2009.12.02	-
> Avast	4.8.1351.0	2009.12.12	-
> AVG	8.5.0.427	2009.12.12	-
> BitDefender	7.2	2009.12.12	-
> CAT-QuickHeal	10.00	2009.12.12	-
> ...


Дополнительная информация
File size: 284245 bytes
MD5...: 2f2700812b6ea2da5e1ee6b8e97a91cf
SHA1..: 85f812277a16f78670b6536ace1e09b38b011f0a
SHA256: 822642479740fc9766ae403c55438890fbb6059a63d6c4af81  46d3fdac4df6bc
ssdeep: 6144:3zG8nriOnW/rGgG1gVI7LlR3ydyqEt/Ro5Lkau:j1DYrKgy7Llgdhuq58
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x17de0
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

----------


## senyak

Только что принес на флешке

Файл stvar.rar получен 2009.12.12 20:06:50 (UTC)
Текущий статус: закончено
Результат: 7/41 (17.08%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.43	2009.12.12	-
> AhnLab-V3	5.0.0.2	2009.12.12	-
> AntiVir	7.9.1.108	2009.12.11	-
> Antiy-AVL	2.0.3.7	2009.12.11	-
> Authentium	5.2.0.5	2009.12.02	-
> Avast	4.8.1351.0	2009.12.12	-
> AVG	8.5.0.427	2009.12.12	-
> BitDefender	7.2	2009.12.12	-
> ...

----------


## Surfer

Файл JimmTM.jar получен 2009.12.12 21:45:32 (UTC)
Результат: 5/41 (12.2%)





> a-squared	4.5.0.43	2009.12.12	-
> AhnLab-V3	5.0.0.2	2009.12.12	-
> AntiVir	7.9.1.108	2009.12.11	-
> *Antiy-AVL	2.0.3.7	2009.12.11	Trojan/J2ME.Jifake*
> Authentium	5.2.0.5	2009.12.02	-
> Avast	4.8.1351.0	2009.12.12	-
> AVG	8.5.0.427	2009.12.12	-
> BitDefender	7.2	2009.12.12	-
> CAT-QuickHeal	10.00	2009.12.12	-
> ...


http://www.virustotal.com/ru/analisi...930-1260654332

----------


## Winsent

Файл opr01G1G получен 2009.12.14 16:02:18 (UTC)

Результат: 3/41 (7.32%)




> Антивирус Версия Обновление Результат 
> 
> a-squared 4.5.0.43 2009.12.14 - 
> AhnLab-V3 5.0.0.2 2009.12.14 - 
> AntiVir 7.9.1.108 2009.12.14 - 
> *Antiy-AVL 2.0.3.7 2009.12.14 Trojan/JS.Pakes* 
> Authentium 5.2.0.5 2009.12.02 - 
> Avast 4.8.1351.0 2009.12.14 - 
> AVG 8.5.0.427 2009.12.14 - 
> ...


Дополнительная информация 
File size: 2256 bytes 
MD5...: cf09b399881f3ad2903efb9141fdbaf4 
SHA1..: 3addd8f24a5281b1f3a801355aa69fe843354262 
SHA256: 517250693929ee04e34e557bc6423e63516990cf9337d0d3ff  d7d8acfb93125c 
ssdeep: 48 :Lipsrsealed: +ciGOQgvpG+JNnfr18G9J/UsMQNY8QBCjoeQc6NrD6l02Dr/:dJVgvpTBj37
jMQC8TdQcmOjDr/

PEiD..: - 
PEInfo: - 
RDS...: NSRL Reference Data Set
- 
packers (F-Prot): packed

----------


## Dynamo_Kiev

> Очередные промежуточные итоги народного тестирования Октябрь-Ноябрь:


Ребят, сорри за оффтоп, а почему только *помесячные* результаты ? Разве не интересно было бы глянуть *за 3 месяца, за полгода, за год* ? Соори, если я не в теме, но все же.

----------


## valho

Кто то искусно склеил пару троянов с инсталером Nero Vision Express и залил на торрент
File EULA.exe received on 2009.12.16 19:04:27 (UTC)
Current status: Finished
Result: 19/41 (46.35%)



> *a-squared	4.5.0.43	2009.12.16	Trojan-Downloader.Nsis!IK*
> AhnLab-V3	5.0.0.2	2009.12.16	-
> *AntiVir	7.9.1.114	2009.12.16	DR/Agent.cd.108*
> Antiy-AVL	2.0.3.7	2009.12.16	-
> Authentium	5.2.0.5	2009.12.02	-
> Avast	4.8.1351.0	2009.12.16	-
> AVG	8.5.0.427	2009.12.16	-
> BitDefender	7.2	2009.12.16	-
> CAT-QuickHeal	10.00	2009.12.16	-
> ...


File size: 408399 bytes
MD5...: aa2a9ddd545dd4fd28b53cd3049afc88
SHA1..: b04b679b907dee9aa27861c861b27070c223f035
SHA256: cc6acbf9ea65fd86905a66261d8d4988f74fc8a7c0dc365595  4869e54eee716e
ssdeep: 6144:WTfFDbRnOTrAqmfc1FQvpDBKaUqKjbIPcmfcvQe1yUwmh  NYjB8syB0zfs8o
:U5ONmfBvpDRUqYbXmfRe0UwmhC8sVo
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x48cfc008 (Tue Sep 16 14:17:44 2008)
machinetype.......: 0x14c (I386)

File JDstart.exe received on 2009.12.16 19:07:52 (UTC)
Current status: finished
Result: 5/40 (12.5%)



> *a-squared	4.5.0.43	2009.12.16	Trojan-Downloader.Win32.Agent.NBD!A2*
> AhnLab-V3	5.0.0.2	2009.12.16	-
> AntiVir	7.9.1.114	2009.12.16	-
> Antiy-AVL	2.0.3.7	2009.12.16	-
> Authentium	5.2.0.5	2009.12.02	-
> Avast	4.8.1351.0	2009.12.16	-
> AVG	8.5.0.427	2009.12.16	-
> BitDefender	7.2	2009.12.16	-
> CAT-QuickHeal	10.00	2009.12.16	-
> ...


Additional information
File size: 174115 bytes
MD5...: ae1ff351f3e620d4e3c59aea4fe461f4
SHA1..: 2a0d6b40351d7625b0782e8039b44272f1a0751c
SHA256: f13e21019d1b1d82f5d0c59adfd4e2231faf1b4430f632f6f8  ccb1099f736a36
ssdeep: 3072:8YL0xqfjyDymJZiYSqovIzqyPo40BEglYtg5mgTtHj5L3  HiOZFQ:8oBtFqo
vIqyPo40BTlY+5PLHikFQ
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x30f1
timedatestamp.....: 0x494ce7e5 (Sat Dec 20 12:41:09 2008)
machinetype.......: 0x14c (I386)


File svvchst32.exe received on 2009.12.16 19:07:56 (UTC)
Current status: finished
Result: 16/40 (40%)



> *a-squared	4.5.0.43	2009.12.16	Trojan-Downloader.Nsis!IK*
> AhnLab-V3	5.0.0.2	2009.12.16	-
> AntiVir	7.9.1.114	2009.12.16	-
> Antiy-AVL	2.0.3.7	2009.12.16	-
> Authentium	5.2.0.5	2009.12.02	-
> Avast	4.8.1351.0	2009.12.16	-
> AVG	8.5.0.427	2009.12.16	-
> BitDefender	7.2	2009.12.16	-
> CAT-QuickHeal	10.00	2009.12.16	-
> ...


Additional information
File size: 174209 bytes
MD5...: 1416d03eead9e4ae6bfde4c8e5409f62
SHA1..: 48d2e6d163794462991b3a3b4dda443a48648763
SHA256: 5f7ba8f7a6d141bfa076fdf3ecd8e8d349e814ab1a75a34870  8a436a059e5b7b
ssdeep: 3072:8YL0xqfjyDymJZiYGovIzqyPo40BEglYtg5mgTtHj5L3H  iOZFf:8oBtJovI
qyPo40BTlY+5PLHikFf
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x30f1
timedatestamp.....: 0x494ce7e5 (Sat Dec 20 12:41:09 2008)
machinetype.......: 0x14c (I386)

----------


## Surfer

File photo3.scr received on 2009.12.19 15:58:12 (UTC)
Result: 4/41 (9.76%)




> a-squared	4.5.0.43	2009.12.19	-
> AhnLab-V3	5.0.0.2	2009.12.19	-
> AntiVir	7.9.1.114	2009.12.18	-
> Antiy-AVL	2.0.3.7	2009.12.18	-
> Authentium	5.2.0.5	2009.12.02	-
> Avast	4.8.1351.0	2009.12.18	-
> AVG	8.5.0.427	2009.12.19	-
> BitDefender	7.2	2009.12.19	-
> *CAT-QuickHeal	10.00	2009.12.19	Worm.Rimecud.A*
> ...


http://www.virustotal.com/analisis/b...368-1261238292

----------


## Никита Соловьев

http://www.virustotal.com/ru/analisi...622-1261340645




> a-squared 4.5.0.43 2009.12.20 - 
> AhnLab-V3 5.0.0.2 2009.12.19 - 
> AntiVir 7.9.1.114 2009.12.20 - 
> Antiy-AVL 2.0.3.7 2009.12.18 - 
> Authentium 5.2.0.5 2009.12.02 - 
> Avast 4.8.1351.0 2009.12.20 - 
> AVG 8.5.0.427 2009.12.20 - 
> BitDefender 7.2 2009.12.20 - 
> CAT-QuickHeal 10.00 2009.12.19 - 
> ...

----------


## Erekle

Файл avp.exe получен 2009.12.21 11:23:39 (UTC)
Результат: 10/41 (24.4%)



> a-squared 4.5.0.43 2009.12.21 - 
> AhnLab-V3 5.0.0.2 2009.12.21 - 
> *AntiVir 7.9.1.114 2009.12.21 TR/Crypt.FKM.Gen* 
> Antiy-AVL 2.0.3.7 2009.12.18 - 
> *Authentium 5.2.0.5 2009.12.02 W32/SysVenFak.A.gen!Eldorado* 
> Avast 4.8.1351.0 2009.12.20 - 
> AVG 8.5.0.427 2009.12.20 - 
> *BitDefender 7.2 2009.12.21 Gen:[email protected]* 
> CAT-QuickHeal 10.00 2009.12.21 - 
> ...


Дополнительная информация 
File size: 498688 bytes 
MD5...: 0272fcc5c8260c047cec8da1db60b881 
SHA1..: baec23f2236ccc8847c4abb656cfe3d7f7aeaa26 
SHA256: 3393226a4ae7dfcee063df8b13bea26456f58fee33657fa9e4  265da5d7f3007a 
ssdeep: 12288:SovPf+QvOZvrm0/ZtBlAnwshVMOcx0klPF5:Smz2Zvrm0rT9sjUx0kr5
...
sigcheck:
publisher....: Microsoft Corporation
copyright....: Copyright (c) Microsoft Corporation 2004
product......: Messenger
description..: 
original name: Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. 
and/or other countries.
internal name: msmsgs
file version.: 4.7.3000
comments.....: 
signers......: -
signing date.: -
verified.....: Unsigned

trid..: Win32 Executable Borland Delphi 7 (47.1%)
Win32 Executable Borland Delphi 5 (31.7%)
Win32 Executable Borland Delphi 6 (18.4%)
Win32 Executable Delphi generic (1.0%)
Win32 Executable Generic (0.6%) 

http://www.virustotal.com/ru/analisi...07a-1261394619

______________________________

Файл svchost.exe получен 2009.12.21 11:28:43 (UTC)
Результат: 10/40 (25%)



> a-squared 4.5.0.43 2009.12.21 - 
> AhnLab-V3 5.0.0.2 2009.12.21 - 
> *AntiVir 7.9.1.114 2009.12.21 HEUR/Crypted* 
> Antiy-AVL 2.0.3.7 2009.12.18 - 
> *Authentium 5.2.0.5 2009.12.02 W32/SysVenFak.A.gen!Eldorado* 
> Avast 4.8.1351.0 2009.12.21 - 
> AVG 8.5.0.427 2009.12.21 - 
> *BitDefender 7.2 2009.12.21 Gen:[email protected] 
> CAT-QuickHeal 10.00 2009.12.21 Win32.Backdoor.Coolvidoor.D.8* 
> ...


Дополнительная информация 
File size: 559104 bytes 
MD5...: e8a4198bcefa1e7c1309f99e70615421 
SHA1..: a796538c99e85a16e1f413e28e9865e46be27993 
SHA256: 3ff2baf5142eb09a41ba7206f9a4f591d27879ea42fe3db59b  ace9526ba775e4 
ssdeep: 12288:Bgbdu4n2ErFxgkpycNlR2XJiLH/9oEzcjVWjQXE:B+uCr7gk0qRIJy/9ov

http://www.virustotal.com/ru/analisi...5e4-1261394923

*Добавлено через 3 часа 22 минуты*

Файл siszyd32.exe получен 2009.12.21 14:09:30 (UTC)
Результат: 6/41 (14.63%)



> a-squared 4.5.0.43 2009.12.21 - 
> AhnLab-V3 5.0.0.2 2009.12.21 - 
> AntiVir 7.9.1.114 2009.12.21 - 
> Antiy-AVL 2.0.3.7 2009.12.18 - 
> Authentium 5.2.0.5 2009.12.02 - 
> Avast 4.8.1351.0 2009.12.21 - 
> AVG 8.5.0.427 2009.12.21 - 
> BitDefender 7.2 2009.12.21 - 
> *CAT-QuickHeal 10.00 2009.12.21 (Suspicious) - DNAScan* 
> ...


Дополнительная информация 
File size: 33792 bytes 
MD5   : fde00609d582831018cc4ac533f1cbba 
SHA1  : 79c1a76c3251e4da817c071bfc3cdec5d613780f 
SHA256: 3354bad9dfb50993d13f3989f081c9e4c4d1cc5aaa6dffc21a  53ba191adedc87 

http://www.virustotal.com/ru/analisi...c87-1261404570

----------


## paul-13

Файл 25151822.exe получен 2009.12.21 16:02:26 (UTC)
Результат: 19/41 (46.35%)



> *a-squared	4.5.0.43	2009.12.21	Trojan.Win32.FakeAV!IK*
> AhnLab-V3	5.0.0.2	2009.12.21	-
> *AntiVir	7.9.1.114	2009.12.21	TR/FraudPack.afaa*
> Antiy-AVL	2.0.3.7	2009.12.18	-
> *Authentium	5.2.0.5	2009.12.21	W32/FakeAlert.DX3.gen!Eldorado*
> Avast	4.8.1351.0	2009.12.21	-
> AVG	8.5.0.427	2009.12.21	-
> BitDefender	7.2	2009.12.21	-
> CAT-QuickHeal	10.00	2009.12.21	-
> ...


http://www.virustotal.com/ru/analisi...b9b-1261411346

*Добавлено через 4 часа 6 минут*

Файл photo7.scr получен 2009.12.21 21:10:48 (UTC)
Результат: 9/41 (21.95%)



> a-squared 	4.5.0.43 	2009.12.21 	-
> AhnLab-V3 	5.0.0.2 	2009.12.21 	-
> AntiVir 	7.9.1.122 	2009.12.21 	-
> Antiy-AVL 	2.0.3.7 	2009.12.18 	-
> Authentium 	5.2.0.5 	2009.12.21 	-
> Avast 	4.8.1351.0 	2009.12.21 	-
> AVG 	8.5.0.427 	2009.12.21 	-
> BitDefender 	7.2 	2009.12.21 	-
> *CAT-QuickHeal 	10.00 	2009.12.21 	Worm.Rimecud.A*
> ...


http://www.virustotal.com/ru/analisi...da3-1261429848

----------


## Surfer

File egaysuc.cn.htm received on 2009.12.22 13:32:30 (UTC)
Result: 10/41 (24.39%)





> *a-squared 	4.5.0.43 	2009.12.22 	Trojan.HTML.Fraud!IK*
> AhnLab-V3 	5.0.0.2 	2009.12.22 	-
> AntiVir 	7.9.1.122 	2009.12.22 	-
> *Antiy-AVL 	2.0.3.7 	2009.12.22 	Trojan/HTML.Fraud*
> *Authentium 	5.2.0.5 	2009.12.22 	JS/FakeAV.D*
> *Avast 	4.8.1351.0 	2009.12.22 	JS:FakeAV-CQ*
> AVG 	8.5.0.427 	2009.12.22 	-
> BitDefender 	7.2 	2009.12.22 	-
> CAT-QuickHeal 	10.00 	2009.12.22 	-
> ...


http://www.virustotal.com/analisis/2...d8f-1261488750

----------


## senyak

Файл vkontakte.exe получен 2009.12.25 10:46:45 (UTC)
Текущий статус: закончено
Результат: 15/41 (36.59%)




> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.43	2009.12.25	Trojan.Win32.Qhost!IK*
> AhnLab-V3	5.0.0.2	2009.12.24	-
> *AntiVir	7.9.1.122	2009.12.24	TR/Hosts.R*
> Antiy-AVL	2.0.3.7	2009.12.25	-
> Authentium	5.2.0.5	2009.12.25	-
> Avast	4.8.1351.0	2009.12.25	-
> AVG	8.5.0.430	2009.12.24	-
> *BitDefender	7.2	2009.12.25	Trojan.Generic.2865533*
> ...


Дополнительная информация
File size: 146926 bytes
MD5...: 56cf893c169595e1fe7f1ee39a76ea84
SHA1..: eff92fe2cd64bdcbb0205a3a44395bba7d7f9449
SHA256: 395e32c4751a5faf9aa38b0f225eb11a682844928a560420c7  8e1790dc0145c8
ssdeep: 3072:wBAp5XhKpN4eOyVTGfhEClj8jTk+0hzOuXwQDIW:nbXE9  OiTGfhEClq9Udw
Qx
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...5c8-1261738005

----------


## Surfer

File FlashDecoder.exe received on 2009.12.25 20:25:04 (UTC)
Result: 4/41 (9.76%)




> a-squared 4.5.0.43 2009.12.25 - 
> AhnLab-V3 5.0.0.2 2009.12.25 - 
> AntiVir 7.9.1.122 2009.12.24 - 
> Antiy-AVL 2.0.3.7 2009.12.25 - 
> Authentium 5.2.0.5 2009.12.25 - 
> *Avast 4.8.1351.0 2009.12.25 Win32:FakeAlert-FC*
> AVG 8.5.0.430 2009.12.25 - 
> BitDefender 7.2 2009.12.25 - 
> CAT-QuickHeal 10.00 2009.12.24 - 
> ...


http://www.virustotal.com/analisis/6...546-1261772704

File wpduyf.exe received on 2009.12.25 20:24:44 (UTC)
Result: 4/41 (9.76%)




> a-squared 4.5.0.43 2009.12.25 - 
> AhnLab-V3 5.0.0.2 2009.12.25 - 
> AntiVir 7.9.1.122 2009.12.24 - 
> Antiy-AVL 2.0.3.7 2009.12.25 - 
> Authentium 5.2.0.5 2009.12.25 - 
> Avast 4.8.1351.0 2009.12.25 - 
> AVG 8.5.0.430 2009.12.25 - 
> BitDefender 7.2 2009.12.25 - 
> CAT-QuickHeal 10.00 2009.12.24 - 
> ...


http://www.virustotal.com/analisis/d...82a-1261772684

File plugin.exe received on 2009.12.25 20:28:30 (UTC)
Result: 10/41 (24.4%)




> *a-squared 4.5.0.43 2009.12.25 Trojan.Crypt!IK*
> AhnLab-V3 5.0.0.2 2009.12.25 - 
> *AntiVir 7.9.1.122 2009.12.24 TR/Crypt.XPACK.Gen*
> Antiy-AVL 2.0.3.7 2009.12.25 - 
> Authentium 5.2.0.5 2009.12.25 - 
> Avast 4.8.1351.0 2009.12.25 - 
> AVG 8.5.0.430 2009.12.25 - 
> BitDefender 7.2 2009.12.25 - 
> *CAT-QuickHeal 10.00 2009.12.24 (Suspicious) - DNAScan*
> ...


http://www.virustotal.com/analisis/4...21f-1261772910

File 000 received on 2009.12.25 20:36:50 (UTC)
Result: 2/40 (5%)




> a-squared 4.5.0.43 2009.12.25 - 
> AhnLab-V3 5.0.0.2 2009.12.25 - 
> AntiVir 7.9.1.122 2009.12.24 - 
> Antiy-AVL 2.0.3.7 2009.12.25 - 
> Authentium 5.2.0.5 2009.12.25 - 
> *Avast 4.8.1351.0 2009.12.25 JS:Redirector-AQ*
> AVG 8.5.0.430 2009.12.25 - 
> BitDefender 7.2 2009.12.25 - 
> CAT-QuickHeal 10.00 2009.12.24 - 
> ...


http://www.virustotal.com/analisis/1...d79-1261773410

----------


## gjf

Новоупакованный староTDL3. Жаль только, что видят далеко не все.



> a-squared 	4.5.0.43 	2009.12.28 	-
> AhnLab-V3 	5.0.0.2 	2009.12.28 	-
> AntiVir 	7.9.1.122 	2009.12.28 	-
> Antiy-AVL 	2.0.3.7 	2009.12.28 	-
> Authentium 	5.2.0.5 	2009.12.28 	-
> Avast 	4.8.1351.0 	2009.12.27 	-
> AVG 	8.5.0.430 	2009.12.28 	-
> BitDefender 	7.2 	2009.12.28 	-
> CAT-QuickHeal 	10.00 	2009.12.28 	-
> ...


http://www.virustotal.com/analisis/9...9df-1262014768
и
http://www.virustotal.com/analisis/3...a72-1262016674

----------


## Шапельский Александр

Файл windows7addon.exe получен 2009.12.28 15:23:46 (UTC)
Текущий статус: закончено
Результат: 12/41 (29.27%)



> Антивирус      Версия           Обновление              Результат
> *a-squared     4.5.0.43           2009.12.28           Backdoor.Win32.SdBot!IK*
> AhnLab-V3     5.0.0.2            2009.12.28              -
> *AntiVir     7.9.1.122                 2009.12.28                                Worm/SdBot.80384.4*
> Antiy-AVL     2.0.3.7                 2009.12.28               -
> Authentium     5.2.0.5               2009.12.28            -
> Avast     4.8.1351.0                 2009.12.27                -
> AVG     8.5.0.430                      2009.12.28               -
> BitDefender     7.2                2009.12.28                 -
> ...


Дополнительная информация
File size: 80384 bytes
MD5   : 82a3ecbdd761bb8b9174d9b212070e14
SHA1  : f1fe4afd89e6d1bc2008df04a4bc4f2d47693ccb
SHA256: c8b446b2731e0db3e3e0cb2bd16f93ba2c9773538f5eef7bf1  85025216faf734
PEInfo: PE Structure information
http://www.virustotal.com/ru/analisi...734-1262013826

----------


## Surfer

File FlashDecoder.exe received on 2009.12.30 12:03:32 (UTC)
Result: 9/41 (21.96%)




> *a-squared 4.5.0.43 2009.12.30 Trojan-Dropper.Win32.Sirefef!IK*
> AhnLab-V3 5.0.0.2 2009.12.29 - 
> *AntiVir 7.9.1.122 2009.12.30 TR/Drop.Sirefef.B.24*
> Antiy-AVL 2.0.3.7 2009.12.30 - 
> Authentium 5.2.0.5 2009.12.30 - 
> Avast 4.8.1351.0 2009.12.30 - 
> AVG 8.5.0.430 2009.12.30 - 
> BitDefender 7.2 2009.12.30 - 
> CAT-QuickHeal 10.00 2009.12.30 - 
> ...


http://www.virustotal.com/analisis/a...f6c-1262174612

----------


## snifer67

Файл ruts.exe получен 2009.12.11 18:02:18 (UTC)
Текущий статус: закончено 
Результат: 35/41 (85.37%)



> *a-squared	4.5.0.43	2009.12.11	Trojan.Win32.Alureon!IK*
> AhnLab-V3	5.0.0.2	2009.12.11	-
> *AntiVir	7.9.1.108	2009.12.11	TR/Vundo.Gen
> Antiy-AVL	2.0.3.7	2009.12.11	Packed/Win32.Tdss.gen
> Authentium	5.2.0.5	2009.12.02	W32/Alureon.EVV
> Avast	4.8.1351.0	2009.12.11	Win32:Alureon-BT
> AVG	8.5.0.427	2009.12.11	Rootkit-Agent.DZ
> BitDefender	7.2	2009.12.11	Rootkit.30395
> CAT-QuickHeal	10.00	2009.12.11	Trojan.TDSS.z*
> ...


http://www.virustotal.com/ru/analisi...920-1260554538

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Юльча

Файл install_flash_player.exe получен 2009.12.31 16:25:06 (UTC)
Текущий статус: закончено
Результат: 7/40 (17.50%)




> Антивирус    Версия    Обновление    Результат
> a-squared    4.5.0.43    2009.12.31    -
> AhnLab-V3    5.0.0.2    2009.12.31    -
> AntiVir    7.9.1.122    2009.12.31    -
> Antiy-AVL    2.0.3.7    2009.12.31    -
> Authentium    5.2.0.5    2009.12.31    -
> Avast    4.8.1351.0    2009.12.31    -
> AVG    8.5.0.430    2009.12.31    -
> *BitDefender    7.2    2009.12.31    Gen:[email protected]
> ...


*Добавлено через 2 часа 9 минут*

Файл beograd_1_.exe получен 2010.01.02 19:04:37 (UTC)
Результат: 7/40 (17.5%)



> Антивирус 	Версия 	Обновление 	Результат
> a-squared	4.5.0.46	2010.01.02	-
> AhnLab-V3	5.0.0.2	2010.01.02	-
> AntiVir	7.9.1.122	2009.12.31	-
> Antiy-AVL	2.0.3.7	2009.12.31	-
> Authentium	5.2.0.5	2010.01.02	-
> Avast	4.8.1351.0	2010.01.02	-
> AVG	8.5.0.430	2010.01.02	-
> BitDefender	7.2	2010.01.02	-
> ...


http://www.virustotal.com/ru/analisi...090-1262459077

 Файл kuiC.tmp получен 2010.01.02 19:09:39 (UTC)
Результат: 5/40 (12.5%)




> Антивирус 	Версия 	Обновление 	Результат
> a-squared	4.5.0.46	2010.01.02	-
> AhnLab-V3	5.0.0.2	2010.01.02	-
> AntiVir	7.9.1.122	2009.12.31	-
> Antiy-AVL	2.0.3.7	2009.12.31	-
> Authentium	5.2.0.5	2010.01.02	-
> Avast	4.8.1351.0	2010.01.02	-
> *AVG	8.5.0.430	2010.01.02	SHeur2.CDPY*
> BitDefender	7.2	2010.01.02	-
> ...


http://www.virustotal.com/ru/analisi...03a-1262459379

----------


## paul-13

Файл feedback.php получен 2010.01.02 19:26:37 (UTC)
Результат: 9/40 (22.50%)



> *a-squared 	4.5.0.46 	2010.01.02 	Trojan.Win32.Agent2!IK*
> AhnLab-V3 	5.0.0.2 	2010.01.02 	-
> AntiVir 	7.9.1.122 	2009.12.31 	-
> Antiy-AVL 	2.0.3.7 	2009.12.31 	-
> Authentium 	5.2.0.5 	2010.01.02 	-
> Avast 	4.8.1351.0 	2010.01.02 	-
> AVG 	8.5.0.430 	2010.01.02 	-
> BitDefender 	7.2 	2010.01.02 	-
> CAT-QuickHeal 	10.00 	2010.01.02 	-
> ...


http://www.virustotal.com/ru/analisi...b7f-1262460397


Файл XXX_Video_095747.exe получен 2010.01.02 19:32:04 (UTC)
Результат: 23/40 (57.50%)



> a-squared 	4.5.0.46 	2010.01.02 	-
> AhnLab-V3 	5.0.0.2 	2010.01.02 	-
> *AntiVir 	7.9.1.122 	2009.12.31 	TR/Dropper.Gen*
> Antiy-AVL 	2.0.3.7 	2009.12.31 	-
> *Authentium 	5.2.0.5 	2010.01.02 	W32/FakeAlert.BI.gen!Eldorado*
> Avast 	4.8.1351.0 	2010.01.02 	-
> *AVG 	8.5.0.430 	2010.01.02 	Downloader.Zlob.AQMZ*
> *BitDefender 	7.2 	2010.01.02 	Trojan.Generic.IS.105645*
> *CAT-QuickHeal 	10.00 	2010.01.02 	Trojan.Shutdowner.ecc*
> ...


http://www.virustotal.com/ru/analisi...dbb-1262460724

----------


## Surfer

File podaroknewyear.exe received on 2010.01.02 17:31:07 (UTC)
Result: 4/40 (10%)




> a-squared 4.5.0.46 2010.01.02 - 
> AhnLab-V3 5.0.0.2 2010.01.02 - 
> AntiVir 7.9.1.122 2009.12.31 - 
> Antiy-AVL 2.0.3.7 2009.12.31 - 
> Authentium 5.2.0.5 2010.01.02 - 
> Avast 4.8.1351.0 2010.01.02 - 
> AVG 8.5.0.430 2010.01.02 - 
> BitDefender 7.2 2010.01.02 - 
> CAT-QuickHeal 10.00 2010.01.02 - 
> ...


http://www.virustotal.com/analisis/9...f6e-1262453467

----------


## gjf

Блокировщики с смс продолжают рулить.
Тянется отсюда: h__p://bestporn-video.com/xxx/download5/21/install_flash_player.exe
Итог:



> Антивирус 	Версия 	Обновление 	Результат
> a-squared 	4.5.0.46 	2010.01.02 	-
> AhnLab-V3 	5.0.0.2 	2010.01.02 	-
> AntiVir 	7.9.1.122 	2009.12.31 	-
> Antiy-AVL 	2.0.3.7 	2009.12.31 	-
> Authentium 	5.2.0.5 	2010.01.02 	-
> Avast 	4.8.1351.0 	2010.01.02 	-
> AVG 	8.5.0.430 	2010.01.02 	-
> BitDefender 	7.2 	2010.01.02 	Gen:[email protected]@XOic
> ...

----------


## ISO

Очередной порнобанер, самоудалился на следующий день, а эта dll осталась в каталоге TEMP пользователя.
Файл toaw.dll получен 2010.01.03 04:10:51 (UTC)
Текущий статус: закончено
Результат: 5/40 (12.50%)




> Антивирус 	Версия 	Обновление 	Результат
> a-squared 	4.5.0.46 	2010.01.02 	-
> AhnLab-V3 	5.0.0.2 	2010.01.02 	-
> AntiVir 	7.9.1.122 	2009.12.31 	-
> Antiy-AVL 	2.0.3.7 	2009.12.31 	-
> Authentium 	5.2.0.5 	2010.01.03 	-
> Avast 	4.8.1351.0 	2010.01.02 	-
> AVG 	8.5.0.430 	2010.01.02 	-
> BitDefender 	7.2 	2010.01.03 	-
> ...


Дополнительная информация
File size: 463872 bytes
MD5   : e56d412a3ff7c83ec7f37f67dfa92d6c
SHA1  : 1dbc452c6b5ee883e41d91392f6f23b17953727b
SHA256: 9fc3e1335514beb7a09c712af99e6b1e03424eb6f787837c00  329d8a9c7d8750
PEInfo: PE Structure information

----------


## Юльча

> Блокировщики с смс продолжают рулить.
> Тянется отсюда: h__p://bestporn-video.com/xxx/download5/21/install_flash_player.exe
> Итог:


ага, теперь *свежая версия*..  :Smiley: 
install_flash_player.exe
File size: 388608 bytes
MD5   : 904668de0386c27b188ae71e1be141cf

мой файлик (отчет чуть выше) был вытянут 31.12 тоже по этой ссылке  :Smiley: 
install_flash_player.exe
File size: 340992 bytes
MD5 : 57ac0446852e795b5a8e939c2b3f5dee


после установки появляется такой файл, цепляющийся к userinit:



> Файл kui1.tmp получен 2010.01.02 21:27:10 (UTC)
> Результат: 2/40 (5%)                                                              
> a-squared	4.5.0.46	2010.01.02	-
> AhnLab-V3	5.0.0.2	2010.01.02	-
> AntiVir	7.9.1.122	2009.12.31	-
> Antiy-AVL	2.0.3.7	2009.12.31	-
> Authentium	5.2.0.5	2010.01.02	-
> Avast	4.8.1351.0	2010.01.02	-
> AVG	8.5.0.430	2010.01.02	-
> ...


кстати, забавное лицензионное соглашение у этого "вируса", вылазящее при установке:



> Oплaтa пpoизвoдитcя пyтeм oтпpaвки двyx cмc cooбщeний нa нoмep 5155. Cтoимocть oднoгo cмc cooбщeния нa нoмep 5155 cocтoвляeт oт 30 дo 50 гpн., тoчнyю cтoимocть мoжнo yзнaть y oпepaтopa. Teкcт для oтпpaвки пepвoгo cмc cooбщeния yкaзaн в yвeдoмлeнии. Teкcт для oтпpaвки втopoгo cмc cooбщeния бyдeт yкaзaн в oтвeтнoм cмc
> cooбщeнии к пepвoмy cмc cooбщeнию.
> 
> Пoльзoвaтeль пoдтвepждaeт cвoe бeзoгoвopoчнoe coглacиe co вceми ycлoвиями, излoжeнными в нacтoящeм Пoльзoвaтeльcкoм coглaшeни c мoмeнтa нaжaтия кнoпки "Пpинимaю".                   .
> 
> B cлyчae ecли кaчecтвo oкaзывaeмoй Baм ycлyги Bac нe ycтpaивaeт, Bы мoжeтe oткaзaтьcя oт нee пo тeлeфoнy 0 800 501 371.


*Добавлено через 8 часов 45 минут*

и опять новая модификация
 Файл install_flash_player3.exe получен 2010.01.03 17:41:38 (UTC)
Результат: 7/39 (17.95%)




> Антивирус 	Версия 	Обновление 	Результат
> a-squared	4.5.0.46	2010.01.03	-
> AhnLab-V3	5.0.0.2	2010.01.02	-
> AntiVir	7.9.1.122	2009.12.31	-
> Antiy-AVL	2.0.3.7	2009.12.31	-
> Authentium	5.2.0.5	2010.01.03	-
> Avast	4.8.1351.0	2010.01.03	-
> AVG	8.5.0.430	2010.01.03	-
> *BitDefender	7.2	2010.01.03	Gen:[email protected]
> ...


http://www.virustotal.com/ru/analisi...74b-1262540498

----------


## paul-13

Файл crack.45155.exe получен 2010.01.03 18:07:46 (UTC)
Результат: 4/39 (10.26%)



> a-squared 	4.5.0.46 	2010.01.03 	-
> AhnLab-V3 	5.0.0.2 	2010.01.02 	-
> AntiVir 	7.9.1.122 	2009.12.31 	-
> Antiy-AVL 	2.0.3.7 	2009.12.31 	-
> Authentium 	5.2.0.5 	2010.01.03 	-
> Avast 	4.8.1351.0 	2010.01.03 	-
> AVG 	8.5.0.430 	2010.01.03 	-
> BitDefender 	7.2 	2010.01.03 	-
> *CAT-QuickHeal 	10.00 	2010.01.02 	Win32.Packed.Krap.ag.5*
> ...


http://www.virustotal.com/ru/analisi...98f-1262542066



Файл install.exe получен 2010.01.03 18:11:21 (UTC)
Результат: 9/40 (22.50%)



> a-squared 	4.5.0.46 	2010.01.03 	-
> AhnLab-V3 	5.0.0.2 	2010.01.02 	-
> *AntiVir 	7.9.1.122 	2009.12.31 	Worm/Koobface.bpy*
> Antiy-AVL 	2.0.3.7 	2009.12.31 	-
> Authentium 	5.2.0.5 	2010.01.03 	-
> Avast 	4.8.1351.0 	2010.01.03 	-
> AVG 	8.5.0.430 	2010.01.03 	-
> BitDefender 	7.2 	2010.01.03 	-
> CAT-QuickHeal 	10.00 	2010.01.02 	-
> ...


http://www.virustotal.com/ru/analisi...c01-1262542281

*Добавлено через 1 час 30 минут*

Файл photo7.scr получен 2010.01.03 19:21:58 (UTC)
Результат: 21/39 (53.85%)




> *a-squared 	4.5.0.46 	2010.01.03 	Trojan-Dropper.Win32.Smser!IK*
> AhnLab-V3 	5.0.0.2 	2010.01.02 	-
> *AntiVir 	7.9.1.122 	2009.12.31 	TR/Drop.SMSer.HS*
> Antiy-AVL 	2.0.3.7 	2009.12.31 	-
> Authentium 	5.2.0.5 	2010.01.03 	-
> Avast 	4.8.1351.0 	2010.01.03 	-
> *AVG 	8.5.0.430 	2010.01.03 	SHeur2.CAQK*
> BitDefender 	7.2 	2010.01.03 	-
> *CAT-QuickHeal 	10.00 	2010.01.02 	Worm.Rimecud.A*
> ...




http://www.virustotal.com/ru/analisi...da3-1262546518

Первый раз я проверил этот файл 26.12.2009 результат был чтото 16 из 39, создан файл 21.12.2009, нынче, через 8 дней - 21 из 39. Отличная оперативность!
Вот и доверяй после такого антивирусам.

----------


## ISO

File *plugin.exe* received on 2010.01.05 03:32:34 (UTC)




> Antivirus 	Version 	Last Update 	Result
> *a-squared	4.5.0.46	2010.01.05	Trojan-Downloader.Win32.Piker!IK*
> AhnLab-V3	5.0.0.2	2010.01.04	-
> AntiVir	7.9.1.122	2009.12.31	-
> Antiy-AVL	2.0.3.7	2010.01.04	-
> Authentium	5.2.0.5	2010.01.05	-
> Avast	4.8.1351.0	2010.01.04	-
> AVG	8.5.0.430	2010.01.04	-
> BitDefender	7.2	2010.01.05	-
> ...


Additional information
File size: 347648 bytes
MD5...: 9e9758b22db1a1c7412118347ddf490c
SHA1..: 521f671d5f1f073f92a2bef4bbac1c773c3a12b4
SHA256: a92cba05f2ed70b68da74a8197bffaa33e1ff822962075dcf1  73dcb6cfd97788
ssdeep: 6144:VGSaZRLVBdJavy68uDeGfM19ogji1qHaLnksjV+tfTOIS  kyHWj1q:9URLaq
uNU1TicHbsjV0LOFm
PEiD..: -
PEInfo: PE Structure information

Файл *Install_Flash-Player_build2x16.ex* получен 2010.01.05 04:51:31 (UTC)
Результат: 3/41 (7.32%)



> Антивирус 	Версия 	Обновление 	Результат
> a-squared	4.5.0.46	2010.01.05	-
> AhnLab-V3	5.0.0.2	2010.01.04	-
> AntiVir	7.9.1.122	2009.12.31	-
> Antiy-AVL	2.0.3.7	2010.01.04	-
> Authentium	5.2.0.5	2010.01.05	-
> Avast	4.8.1351.0	2010.01.04	-
> AVG	8.5.0.430	2010.01.04	-
> BitDefender	7.2	2010.01.05	-
> ...


Дополнительная информация
File size: 168448 bytes
MD5...: cb093544c597c59a7cd393e846125a47
SHA1..: 03be6f3041388822d6a34065e112852df2fbae82
SHA256: 01ed7aff223586987769ea4182641982ac6e72c0d51910e3ed  b15b2207d14274
ssdeep: 3072:uKoUyyqywcdvy6PuoQ922oKFt2JKsKMAiumH+UsO1eHC4  5:MUU4vvPu2Xst
WCmyO1Q
PEiD..: -

 Файл *avz00001.dta* получен 2010.01.05 04:59:40 (UTC)
Результат: 2/41 (4.88%)



> Антивирус 	Версия 	Обновление 	Результат
> a-squared	4.5.0.46	2010.01.05	-
> AhnLab-V3	5.0.0.2	2010.01.04	-
> AntiVir	7.9.1.122	2009.12.31	-
> Antiy-AVL	2.0.3.7	2010.01.04	-
> Authentium	5.2.0.5	2010.01.05	-
> Avast	4.8.1351.0	2010.01.04	-
> AVG	8.5.0.430	2010.01.04	-
> BitDefender	7.2	2010.01.05	-
> ...


Дополнительная информация
File size: 46080 bytes
MD5...: 79abb8fc6a0e78fc72d0b6bc1abdceab
SHA1..: 3ab4b77bd93bf5aa718c21ea7113c8c1af82f881
SHA256: 41b39b35160266c36eda08b6d7816da1d90760730c371ecbe8  6718e65a785f93
ssdeep: 768:wpuiG6ygePWzsxThzNj7LioD6fPPH6l1vA952Af:wsyQvz  Nnim6fPYG522
PEiD..: -
PEInfo: PE Structure information

 Файл* avz00002.dta* получен 2010.01.05 05:04:48 (UTC)

Результат: 6/41 (14.64%)




> Антивирус 	Версия 	Обновление 	Результат
> a-squared	4.5.0.46	2010.01.05	-
> AhnLab-V3	5.0.0.2	2010.01.04	-
> AntiVir	7.9.1.122	2009.12.31	-
> Antiy-AVL	2.0.3.7	2010.01.04	-
> Authentium	5.2.0.5	2010.01.05	-
> Avast	4.8.1351.0	2010.01.04	-
> AVG	8.5.0.430	2010.01.04	-
> BitDefender	7.2	2010.01.05	-
> ...


Дополнительная информация
File size: 62464 bytes
MD5...: d035ea0eb41a14d238a7fa7dda134023
SHA1..: 5b361ecacef1ac5f893a4cd3c282adf96e72946b
SHA256: e7296b188437bfb85db823908aacfad8bbeab935c6c7dea52d  431b07733e05d9
ssdeep: 768:tjSpg+WrAGap3aUV2lXi9frAvL+hoYSau396+AXbBpq97a  ltWmCr8LqVC:op
g4GknlMvL2u30+AXbBpq92DWmC4Ok

----------


## Шапельский Александр

Файл das86C.tmp получен 2009.12.21 11:08:50 (UTC)
                 Текущий статус:                 закончено   
 Результат: 8/41 (19.51%)



> a-squared     4.5.0.43     2009.12.21     -
> AhnLab-V3     5.0.0.2     2009.12.21     -
> AntiVir     7.9.1.114     2009.12.21     -
> Antiy-AVL     2.0.3.7     2009.12.18     -
> Authentium     5.2.0.5     2009.12.02     -
> Avast     4.8.1351.0     2009.12.20     -
> *AVG     8.5.0.427     2009.12.20     SHeur2.CAHH*
> BitDefender     7.2     2009.12.21     -
> CAT-QuickHeal     10.00     2009.12.21     -
> ...


Дополнительная информация
File size: 331776 bytes
MD5   : 9143813ebbd0db4a12e6d4ae413fcfd7
SHA1  : 73e4283e9bba882c2a3057e156786cdd22b6f8d7
SHA256: cd8c30a0c50c3a565df5a82bf3dc2c7f5efcd3cce0a88354c4  3d1c2c1bc65164

----------


## paul-13

Файл install.exe получен 2010.01.07 19:45:02 (UTC)
Результат: 14/41 (34.15%)



> *a-squared 	4.5.0.48 	2010.01.07 	Trojan.Win32.FakeAV!IK*
> AhnLab-V3 	5.0.0.2 	2010.01.07 	-
> AntiVir 	7.9.1.130 	2010.01.07 	-
> Antiy-AVL 	2.0.3.7 	2010.01.06 	-
> Authentium 	5.2.0.5 	2010.01.07 	-
> Avast 	4.8.1351.0 	2010.01.07 	-
> AVG 	8.5.0.430 	2010.01.04 	-
> BitDefender 	7.2 	2010.01.07 	-
> CAT-QuickHeal 	10.00 	2010.01.07 	-
> ...


http://www.virustotal.com/ru/analisi...448-1262893502


Файл setup.exe получен 2010.01.07 19:49:57 (UTC)
Результат: 10/41 (24.39%)



> a-squared 	4.5.0.48 	2010.01.07 	-
> AhnLab-V3 	5.0.0.2 	2010.01.07 	-
> AntiVir 	7.9.1.130 	2010.01.07 	-
> Antiy-AVL 	2.0.3.7 	2010.01.06 	-
> Authentium 	5.2.0.5 	2010.01.07 	-
> Avast 	4.8.1351.0 	2010.01.07 	-
> AVG 	8.5.0.430 	2010.01.04 	-
> *BitDefender 	7.2 	2010.01.07 	Gen:[email protected]*
> *CAT-QuickHeal 	10.00 	2010.01.07 	(Suspicious) - DNAScan*
> ...


http://www.virustotal.com/ru/analisi...a99-1262893797

----------


## Surfer

File foto.jar received on 2010.01.07 21:44:59 (UTC)
Result: 7/41 (17.08%)




> a-squared 4.5.0.48 2010.01.07 - 
> AhnLab-V3 5.0.0.2 2010.01.07 - 
> AntiVir 7.9.1.130 2010.01.07 - 
> *Antiy-AVL 2.0.3.7 2010.01.06 Trojan/J2ME.Jifake*
> Authentium 5.2.0.5 2010.01.07 - 
> Avast 4.8.1351.0 2010.01.07 - 
> AVG 8.5.0.430 2010.01.04 - 
> BitDefender 7.2 2010.01.07 - 
> CAT-QuickHeal 10.00 2010.01.07 - 
> ...


http://www.virustotal.com/analisis/b...803-1262900699

----------


## DefesT

File *Foto14526.exe* received on 2010.01.08 14:55:59 (UTC)
Result: *9*/41 (21.96%)



> Antivirus  	Version  	Last Update  	Result
> a-squared	4.5.0.48	2010.01.08	-
> *AhnLab-V3	5.0.0.2	2010.01.08	Win-Trojan/Agent.609280.G*
> AntiVir	7.9.1.130	2010.01.08	-
> Antiy-AVL	2.0.3.7	2010.01.08	-
> Authentium	5.2.0.5	2010.01.08	-
> Avast	4.8.1351.0	2010.01.07	-
> AVG	8.5.0.430	2010.01.04	-
> BitDefender	7.2	2010.01.08	-
> ...


Additional information
File size: 609280 bytes
MD5...: 2a5d7daa0c333b9cb2cfbee7633b312c
SHA1..: a4a804235b57a3f368299785bc06c9d9a0092356
SHA256: d72261fc8ca20623062ab84c961290a3fdd6eae2f33f387ad5  e48a3648f957de
http://www.virustotal.com/analisis/d...7de-1262962559

File *install_flash_player._exe* received on 2010.01.08 15:03:21 (UTC)
Result: *19*/41 (46.35%)



> Antivirus  	Version  	Last Update  	Result
> *a-squared	4.5.0.48	2010.01.08	Trojan-Dropper.Win32.Smser!IK*
> AhnLab-V3	5.0.0.2	2010.01.08	-
> *AntiVir	7.9.1.130	2010.01.08	TR/Drop.SMSer.IH.2*
> Antiy-AVL	2.0.3.7	2010.01.08	-
> Authentium	5.2.0.5	2010.01.08	-
> Avast	4.8.1351.0	2010.01.07	-
> AVG	8.5.0.430	2010.01.04	-
> *BitDefender	7.2	2010.01.08	Gen:[email protected]*
> ...


Additional information
File size: 361984 bytes
MD5...: daa85445810005853e21e577eed31135
SHA1..: a7e4ab7b73a0275a37518296474bff6c21439a84
SHA256: baab2c184e5558232e0c7b150c83e26977f4596b028265c0ab  abefafd9a84d85
http://www.virustotal.com/analisis/b...d85-1262963001

----------


## gjf

Однозначный смс-вымогатель под видом флешплеера. К с ожалению, из-за упаковки проигрывают все:



> Antivirus  	Version  	Last Update  	Result
> a-squared	4.5.0.48	2010.01.09	-
> AhnLab-V3	5.0.0.2	2010.01.09	-
> AntiVir	7.9.1.130	2010.01.08	-
> Antiy-AVL	2.0.3.7	2010.01.08	-
> Authentium	5.2.0.5	2010.01.09	-
> Avast	4.8.1351.0	2010.01.09	-
> AVG	8.5.0.430	2010.01.04	-
> BitDefender	7.2	2010.01.09	-
> ...

----------


## DefesT

File *plugin.exe* received on 2010.01.10 15:31:56 (UTC)
Result: *5*/41 (12.2%)



> Antivirus  	Version  	Last Update  	Result
> a-squared	4.5.0.48	2010.01.10	-
> AhnLab-V3	5.0.0.2	2010.01.10	-
> AntiVir	7.9.1.134	2010.01.10	-
> Antiy-AVL	2.0.3.7	2010.01.08	-
> Authentium	5.2.0.5	2010.01.09	-
> Avast	4.8.1351.0	2010.01.10	-
> AVG	8.5.0.430	2010.01.04	-
> BitDefender	7.2	2010.01.10	-
> ...


Additional information
File size: 312832 bytes
MD5...: 0a931b7fa20753364c2a5fed08eecbfc
SHA1..: 28838d59122df1035ccb87c2fe07001c25838b9a
SHA256: 3cc31eeb2d044a7e9cc4f02cb7d8e1ce158f286004886f5fcc  45655f2c99e536
http://www.virustotal.com/analisis/3...536-1263137516

File *1.exe* received on 2010.01.10 15:34:08 (UTC)
Result: *25*/41 (60.98%)



> Antivirus  	Version  	Last Update  	Result
> *a-squared	4.5.0.48	2010.01.10	Trojan-Dropper.Delf!IK*
> AhnLab-V3	5.0.0.2	2010.01.10	-
> *AntiVir	7.9.1.134	2010.01.10	TR/Crypt.U.Gen*
> Antiy-AVL	2.0.3.7	2010.01.08	-
> *Authentium	5.2.0.5	2010.01.09	W32/DelfDldr.B.gen!Eldorado*
> Avast	4.8.1351.0	2010.01.10	-
> *AVG	8.5.0.430	2010.01.04	Downloader.Rozena
> BitDefender	7.2	2010.01.10	Gen:[email protected]
> ...


Additional information
File size: 11840 bytes
MD5...: 26e236190315ceea4da14efc1cef8b33
SHA1..: 3f42582364479d865e5c60600f10ab6b845204a0
SHA256: 31760bc2b3002661a691054085b511a8d6a8ca4293c182ea85  d2b9572b9d79f3
http://www.virustotal.com/analisis/3...9f3-1263137648

File *hosts.exe* received on 2010.01.10 15:36:48 (UTC)
Result: *8*/41 (19.52%)



> Antivirus  	Version  	Last Update  	Result
> *a-squared	4.5.0.48	2010.01.10	Trojan-Dropper.Delf!IK*
> AhnLab-V3	5.0.0.2	2010.01.10	-
> AntiVir	7.9.1.134	2010.01.10	-
> Antiy-AVL	2.0.3.7	2010.01.08	-
> *Authentium	5.2.0.5	2010.01.09	W32/Blocker-based!Maximus*
> Avast	4.8.1351.0	2010.01.10	-
> AVG	8.5.0.430	2010.01.04	-
> BitDefender	7.2	2010.01.10	-
> ...


Additional information
File size: 88576 bytes
MD5...: b0d03e5e9a8f3234e898d589a70c0a0b
SHA1..: 4a75bc8a0a2f22f53845a97b257f05a788e5f723
SHA256: bfcdec87d542bb7546d7e6fd1433ffd6441702612e75bd32c5  139b5fd547ddcb
http://www.virustotal.com/analisis/b...dcb-1263137808

----------


## OSSP2008

Файл __________________.zip получен 2010.01.11 13:24:23 (UTC)
Текущий статус:    закончено 
Результат: 21/40 (52.5%)




> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.48	2010.01.11	-
> AhnLab-V3	5.0.0.2	2010.01.10	-
> AntiVir	7.9.1.134	2010.01.11	-
> Antiy-AVL	2.0.3.7	2010.01.11	-
> Authentium	5.2.0.5	2010.01.10	-
> Avast	4.8.1351.0	2010.01.10	AutoIt:Balero-A2
> AVG	9.0.0.725	2010.01.11	-
> BitDefender	7.2	2010.01.11	Gen:[email protected]
> ...


ополнительная информация
File size: 732403 bytes
MD5...: 717b41c22961137a0e2b297c3bde68ac
SHA1..: b43c0e47ae5582f3d6599019cc6f8f42b2a1ae8f
SHA256: 667a20a00790bd253de53569081900193f0f34aa5080f0835e  b69358cda1347b
ssdeep: 12288 :Lipsrsealed: aLI0m2crdwq8SzXzV4llsw5cEWcfOmzNIxPpBxa3uPaTswlTuj  vq/GS0C
otKdEZ:acyszV4zs352NIdpa3Cu/TKuGeotKKZ

http://www.virustotal.com/ru/analisi...47b-1263216263

----------


## paul-13

Файл flash-HQ-plugin.exe получен 2010.01.11 19:36:41 (UTC)
Результат: 2/41 (4.88%)



> a-squared	4.5.0.48	2010.01.11	-
> AhnLab-V3	5.0.0.2	2010.01.11	-
> AntiVir	7.9.1.134	2010.01.11	-
> Antiy-AVL	2.0.3.7	2010.01.11	-
> Authentium	5.2.0.5	2010.01.10	-
> Avast	4.8.1351.0	2010.01.11	-
> AVG	9.0.0.725	2010.01.11	-
> BitDefender	7.2	2010.01.11	-
> CAT-QuickHeal	10.00	2010.01.11	-
> ...


http://www.virustotal.com/ru/analisi...90b-1263238601

----------


## Юльча

Файл happy.jar получен 2010.01.13 07:40:18 (UTC)
Результат: 7/41 (17.07%)




> Антивирус 	Версия 	Обновление 	Результат
> a-squared 	4.5.0.48 	2010.01.13 	-
> AhnLab-V3 	5.0.0.2 	2010.01.12 	-
> *AntiVir 	7.9.1.134 	2010.01.12 	JAVA/SMS.J2ME.M
> Antiy-AVL 	2.0.3.7 	2010.01.12 	Trojan/J2ME.Small*
> Authentium 	5.2.0.5 	2010.01.12 	-
> Avast 	4.8.1351.0 	2010.01.12 	-
> AVG 	9.0.0.725 	2010.01.12 	-
> BitDefender 	7.2 	2010.01.13 	-
> ...


Дополнительная информация
File size: 29840 bytes
MD5   : 301a056faf31880ddf6bd9eb46543667

http://www.virustotal.com/ru/analisi...eb0-1263368418

----------


## senyak

Файл 1262956944.exe получен 2010.01.12 17:47:53 (UTC)
Текущий статус: закончено
Результат: 21/40 (52.50%)



> Антивирус 	Версия 	Обновление 	Результат
> *a-squared 	4.5.0.48 	2010.01.12 	Trojan.Win32.Tdss!IK*
> AhnLab-V3 	5.0.0.2 	2010.01.12 	-
> *AntiVir 	7.9.1.134 	2010.01.12 	TR/TDss.avgk
> Antiy-AVL 	2.0.3.7 	2010.01.12 	Trojan/Win32.Tdss.gen*
> Authentium 	5.2.0.5 	2010.01.12 	-
> Avast 	4.8.1351.0 	2010.01.11 	-
> AVG 	9.0.0.725 	2010.01.12 	-
> *BitDefender 	7.2 	2010.01.12 	Trojan.Tdss.AAI*
> ...


Дополнительная информация
File size: 62464 bytes
MD5   : 8b71395026f24da8f86c7eb8ae272b10
SHA1  : fe611ed3644549bb4618e0259a5e57cafa067712
SHA256: 336e1823ae6bf7a8f36a687ac27ae111616fcff8064c5c3ffc  0892813ad57eca
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x4B485D49 (Sat Jan 9 11:41:13 2010)
machinetype.......: 0x14C (Intel I386)

http://www.virustotal.com/ru/analisi...eca-1263318473

----------


## Юльча

Файл MediaCodec.exe получен 2010.01.13 09:19:06 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.20%)





> Печать результатов Печать результатов
> Антивирус 	Версия 	Обновление 	Результат
> a-squared 	4.5.0.48 	2010.01.13 	-
> AhnLab-V3 	5.0.0.2 	2010.01.12 	-
> *AntiVir 	7.9.1.134 	2010.01.12 	TR/Dropper.Gen*
> Antiy-AVL 	2.0.3.7 	2010.01.12 	-
> Authentium 	5.2.0.5 	2010.01.12 	-
> Avast 	4.8.1351.0 	2010.01.12 	-
> AVG 	9.0.0.725 	2010.01.12 	-
> ...


Дополнительная информация
File size: 249856 bytes
MD5   : 7197fccfd64217c2ec4d54f7dc429b85

http://www.virustotal.com/ru/analisi...475-1263374346

это был порнобанерок  :Smiley:

----------


## senyak

Пришел вконтакт. Скорей всего баннер или блочит винду

Файл foto.fee получен 2010.01.13 15:37:04 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.2%)



> Антивирус  	Версия  	Обновление  	Результат
> a-squared	4.5.0.48	2010.01.13	-
> AhnLab-V3	5.0.0.2	2010.01.13	-
> AntiVir	7.9.1.134	2010.01.13	-
> *Antiy-AVL	2.0.3.7	2010.01.12	Trojan/Win32.Scar.gen
> Authentium	5.2.0.5	2010.01.12	W32/Backdoor2.EWEM*
> Avast	4.8.1351.0	2010.01.13	-
> AVG	9.0.0.725	2010.01.13	-
> BitDefender	7.2	2010.01.13	-
> ...


Дополнительная информация
File size: 133632 bytes
MD5...: e1a5510b49b742a61fa441f042d30d92
SHA1..: dfea2b1c60cb2e94b7869ba84dfd82cd9f8099a9
SHA256: 981206c81914f231252f4987dce445a5727cab4ddcdddfb980  c21a3f08092e92
ssdeep: 1536:tQWLoQRXkE2jMq3GulH+WEI89HZGZzvh/4Tp8GMG0jCsCITUkaX+S9W:tt9
PIMTkH+95GZd4TeGMG0jCf+VUW
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...e92-1263397024

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Buldozer

Шпионская программа




> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.50	2010.01.15	-
> AhnLab-V3	5.0.0.2	2010.01.15	-
> AntiVir	7.9.1.142	2010.01.15	-
> Antiy-AVL	2.0.3.7	2010.01.12	-
> Authentium	5.2.0.5	2010.01.15	-
> Avast	4.8.1351.0	2010.01.15	-
> AVG	9.0.0.730	2010.01.15	-
> BitDefender	7.2	2010.01.15	-
> ...

----------


## paul-13

Файл setup17.exe получен 2010.01.16 15:47:06 (UTC)
Результат: 1/41 (2.44%)



> a-squared	4.5.0.50	2010.01.16	-
> AhnLab-V3	5.0.0.2	2010.01.16	-
> AntiVir	7.9.1.142	2010.01.16	-
> Antiy-AVL	2.0.3.7	2010.01.12	-
> Authentium	5.2.0.5	2010.01.16	-
> Avast	4.8.1351.0	2010.01.16	-
> AVG	9.0.0.730	2010.01.16	-
> BitDefender	7.2	2010.01.16	-
> CAT-QuickHeal	10.00	2010.01.16	-
> ...


http://www.virustotal.com/ru/analisi...e08-1263656826

----------


## DefesT

File *myfoto.exe* received on 2010.01.16 20:19:29 (UTC)
Result: *19*/41 (46.35%)



> Antivirus  	Version  	Last Update  	Result
> a-squared	4.5.0.50	2010.01.16	-
> AhnLab-V3	5.0.0.2	2010.01.16	-
> *AntiVir	7.9.1.142	2010.01.16	TR/Crypt.CFI.Gen*
> Antiy-AVL	2.0.3.7	2010.01.12	-
> *Authentium	5.2.0.5	2010.01.16	W32/Trojan-Gypikon-based.DM2!Maximus*
> Avast	4.8.1351.0	2010.01.16	-
> AVG	9.0.0.730	2010.01.16	-
> *BitDefender	7.2	2010.01.16	Gen:[email protected]!ic
> ...


Additional information
File size: *77824* bytes
MD5...: 2ba7ef2e3485a5ec9fb1b96ff8e42cc8
SHA1..: b7f6f5110da48efb6bd8f33848ba650da361ee84
SHA256: d21679c5b9ff4555cc276c3a856792d17ccf8393a1e24283fa  20f5a4f7f2f64d
http://www.virustotal.com/analisis/d...64d-1263673169

File *install_flash_player.exe* received on 2010.01.16 20:21:07 (UTC)
Result: *2*/41 (4.88%)



> Antivirus  	Version  	Last Update  	Result
> a-squared	4.5.0.50	2010.01.16	-
> AhnLab-V3	5.0.0.2	2010.01.16	-
> AntiVir	7.9.1.142	2010.01.16	-
> Antiy-AVL	2.0.3.7	2010.01.12	-
> Authentium	5.2.0.5	2010.01.16	-
> Avast	4.8.1351.0	2010.01.16	-
> AVG	9.0.0.730	2010.01.16	-
> BitDefender	7.2	2010.01.16	-
> ...


Additional information
File size: *446125* bytes
MD5...: c530a9067a4a8c589c9dd479f2f8c528
SHA1..: 9997c1563c4783b303a48161218d941fe3d5e962
SHA256: 159888bb4d73f5c5532f66af1a52f718fb8905ba248838cff9  61a04421a1dcdf
http://www.virustotal.com/analisis/1...cdf-1263673267

File *FreeVKGifts.exe* received on 2010.01.16 20:24:43 (UTC)
Result: *13*/39 (33.34%)



> Antivirus  	Version  	Last Update  	Result
> *a-squared	4.5.0.50	2010.01.16	Worm.Win32.SillyShareCopy!IK*
> AhnLab-V3	5.0.0.2	2010.01.16	-
> AntiVir	7.9.1.142	2010.01.16	-
> Antiy-AVL	2.0.3.7	2010.01.12	-
> Authentium	5.2.0.5	2010.01.16	-
> Avast	4.8.1351.0	2010.01.16	-
> AVG	9.0.0.730	2010.01.16	-
> *BitDefender	7.2	2010.01.16	Gen:[email protected]
> ...


Additional information
File size: *171008* bytes
MD5...: 0795313f75fdf8d27f0cc89ff2ea7a9a
SHA1..: 176951066cf76c95ae2ae40544bd9f124a9ad8a2
SHA256: 9108953fed28cf3f7bb6d768fa5c9a4aaabe434f95f5583994  56d1fe3ce07a8e
http://www.virustotal.com/analisis/9...a8e-1263673483

----------


## Юльча

Файл *plugin.exe* получен 2010.01.16 22:34:24 (UTC)
Результат: *9*/41 (21.96%)




> Антивирус 	Версия 	Обновление 	Результат
> *a-squared	4.5.0.50	2010.01.16	Trojan.Win32.LockScreen!IK*
> AhnLab-V3	5.0.0.2	2010.01.16	-
> AntiVir	7.9.1.142	2010.01.16	-
> Antiy-AVL	2.0.3.7	2010.01.12	-
> Authentium	5.2.0.5	2010.01.16	-
> Avast	4.8.1351.0	2010.01.16	-
> AVG	9.0.0.730	2010.01.16	-
> BitDefender	7.2	2010.01.16	-
> ...


смс-вымогатель на номер 2474



ЗЫ.
я смотрю генератора ответного кода под него нет: у каспера - нет вообще, а  предложенные коды дрвеба не срабатывают!

----------


## Winsent

Файл basic.js получен 2010.01.17 17:06:26 (UTC)
Результат: 6/41 (14.64%)




> Антивирус	Версия	Обновление	Результат
> 
> a-squared	4.5.0.50	2010.01.17	-
> AhnLab-V3	5.0.0.2	2010.01.16	-
> AntiVir	7.9.1.142	2010.01.17	-
> Antiy-AVL	2.0.3.7	2010.01.12	-
> *Authentium	5.2.0.5	2010.01.16	JS/Redir.AH*
> Avast	4.8.1351.0	2010.01.17	-
> AVG	9.0.0.730	2010.01.17	-
> ...


Дополнительная информация
File size: 1871 bytes
MD5...: c67ce2bc6f6d053d93901127af3d4da1
SHA1..: e8b05beb701f1e8b4ae5e930cee9a94e8a489b90
SHA256: d6821b63aea40e4c04d3649e1598cf2bb87ee15b78e4be931f  e7740cabb69f3f
ssdeep: 48:ctOvHK3hCBr7yTgzsHsRqk/o7wWRmZT40 :Cheesy: Br+TgGcrWe40<BR>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<BR>-
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
pdfid.: -
trid..: Unknown!

----------


## gjf

Файло шлётся ссылкой по асе...



> Antivirus  	Version  	Last Update  	Result
> a-squared	4.5.0.50	2010.01.18	IM-Worm.Win32.QiMiral!IK
> AhnLab-V3	5.0.0.2	2010.01.18	-
> AntiVir	7.9.1.142	2010.01.18	-
> Antiy-AVL	2.0.3.7	2010.01.18	-
> Authentium	5.2.0.5	2010.01.18	-
> Avast	4.8.1351.0	2010.01.18	-
> AVG	9.0.0.730	2010.01.18	-
> BitDefender	7.2	2010.01.18	-
> ...


http://www.virustotal.com/analisis/b...709-1263848626

----------


## ALEX(XX)

File kui2.tmp-e2fa922b-d21d-b211-9028- received on 2010.01.19 09:25:22 (UTC)



```
Antivirus	Version	Last Update	Result
a-squared	4.5.0.50	2010.01.19	Trojan-Ransom!IK
AhnLab-V3	5.0.0.2	2010.01.19	-
AntiVir	7.9.1.142	2010.01.18	TR/Ransom.PogBlock.RI
Antiy-AVL	2.0.3.7	2010.01.19	-
Authentium	5.2.0.5	2010.01.19	-
Avast	4.8.1351.0	2010.01.18	-
AVG	9.0.0.730	2010.01.18	Generic16.AECB
BitDefender	7.2	2010.01.19	Trojan.Generic.2990194
CAT-QuickHeal	10.00	2010.01.19	-
ClamAV	0.94.1	2010.01.19	-
Comodo	3634	2010.01.19	-
DrWeb	5.0.1.12222	2010.01.19	Trojan.Winlock.591
eSafe	7.0.17.0	2010.01.18	-
eTrust-Vet	35.2.7244	2010.01.18	-
F-Prot	4.5.1.85	2010.01.18	-
F-Secure	9.0.15370.0	2010.01.19	Trojan.Generic.2990194
Fortinet	4.0.14.0	2010.01.19	W32/PogBlock.RI!tr
GData	19	2010.01.19	Trojan.Generic.2990194
Ikarus	T3.1.1.80.0	2010.01.19	Trojan-Ransom
Jiangmin	13.0.900	2010.01.19	-
K7AntiVirus	7.10.950	2010.01.18	-
Kaspersky	7.0.0.125	2010.01.19	Trojan-Ransom.Win32.PogBlock.ri
McAfee	5865	2010.01.18	-
McAfee+Artemis	5865	2010.01.18	-
McAfee-GW-Edition	6.8.5	2010.01.19	Heuristic.BehavesLike.Win32.Suspicious.I
Microsoft	1.5302	2010.01.19	Trojan:Win32/Ransom.U
NOD32	4784	2010.01.18	a variant of Win32/LockScreen.FY
Norman	6.04.03	2010.01.18	-
nProtect	2009.1.8.0	2010.01.18	-
Panda	10.0.2.2	2010.01.18	Trj/CI.A
PCTools	7.0.3.5	2010.01.19	Trojan.Generic
Prevx	3.0	2010.01.19	-
Rising	22.31.01.04	2010.01.19	-
Sophos	4.49.0	2010.01.19	-
Sunbelt	3.2.1858.2	2010.01.19	-
Symantec	20091.2.0.41	2010.01.19	Trojan Horse
TheHacker	6.5.0.6.156	2010.01.19	-
TrendMicro	9.120.0.1004	2010.01.19	TROJ_RANSOM.GY
VBA32	3.12.12.1	2010.01.19	-
ViRobot	2010.1.19.2144	2010.01.19	-
VirusBuster	5.0.21.0	2010.01.18	-

Additional information
File size: 366080 bytes
MD5...: 11906989071a01c79fdaeeab2a87d41b
SHA1..: caa3fbb7933331620984983218d760c37cba6bbd
SHA256: 5820dfe90f6601acfe4e6767a7b1e5a20d8a9a4a67b1e2d554969020f17038da
ssdeep: 6144:nTR2p3PBkpEPmuxDADcozUn4uYH4hA6+b7TBLl7XAOsJebmPdSTte:TR2ZB<BR>CEPbkAwRuYYhA6+PTtl7X6eb+<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x21b53<BR>timedatestamp.....: 0x4b41ffb3 (Mon Jan 04 14:48:19 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x3d525 0x3d600 6.71 1b3e7d296599a3767a9165e51388c650<BR>.rdata 0x3f000 0xd38e 0xd400 6.50 2602468a94aad5f9136f75c02d4300e0<BR>.data 0x4d000 0x10864 0xe600 7.77 482214080c1cfc2d304b041eff66a15c<BR>.rsrc 0x5e000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b<BR><BR>( 7 imports ) <BR>&gt; KERNEL32.dll: GetLongPathNameW, SetFileApisToANSI, SystemTimeToFileTime, SetFileValidData, GetSystemTime, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, FindClose, MoveFileExW, GetCompressedFileSizeW, UnmapViewOfFile, SetFileShortNameW, FindNextFileW, GetFileAttributesExW, GetBinaryTypeW, GetShortPathNameW, GetFileSize, CreateFileA, CreateHardLinkW, GetModuleFileNameA, FlushFileBuffers, SetFilePointer, GetFileSizeEx, GetFileType, MoveFileW, SetEndOfFile, CancelIo, SetFilePointerEx, TerminateProcess, Sleep, CreateFileMappingW, GetQueuedCompletionStatus, PostQueuedCompletionStatus, FindFirstFileW, MoveFileWithProgressW, MapViewOfFile, FlushViewOfFile, GetProcAddress, LoadLibraryA, GetFileTime, GetTempFileNameW, CopyFileW, UnlockFileEx, GetFileInformationByHandle, GetFullPathNameW, WinExec, DeleteFileW, SearchPathA, GetShortPathNameA, DeleteFileA, GetFileAttributesW, GetSystemDirectoryW, WideCharToMultiByte, ReadFileScatter, SetFileAttributesW, ExitProcess, OpenFileMappingW, UnlockFile, MultiByteToWideChar, GetLastError, CreateMutexW, GetModuleHandleA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetLocaleInfoA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetSystemTimeAsFileTime, WriteFileEx, ReadFile, SetFileApisToOEM, GetModuleHandleW, GetModuleFileNameW, LockFile, WriteFileGather, ReadFileEx, SetFileTime, AreFileApisANSI, GetTickCount, CreateIoCompletionPort, SearchPathW, FindFirstFileExW, CloseHandle, WriteFile, CopyFileExW, CreateFileW, GetTempPathW, LockFileEx, ReplaceFileW, MapViewOfFileEx, GetCurrentProcessId, QueryPerformanceCounter, GetCommandLineW, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, SetHandleCount, GetConsoleMode, GetConsoleCP, HeapSize, HeapAlloc, HeapFree, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RaiseException, RtlUnwind, ExitThread, ResumeThread, CreateThread, GetVersionExA, GetProcessHeap, GetStartupInfoW, VirtualFree, VirtualAlloc, HeapReAlloc, HeapDestroy, HeapCreate, GetStdHandle, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage<BR>&gt; USER32.dll: GetClientRect, GetWindowDC, ReleaseDC, GetDesktopWindow, GetWindowRect, CreateWindowExW, DrawTextW, SetTimer, LoadCursorW, ShowWindow, UpdateWindow, GetDC, GetMessageW, TranslateMessage, DispatchMessageW, UnregisterClassW, DefWindowProcW, KillTimer, PostQuitMessage, BeginPaint, EndPaint<BR>&gt; GDI32.dll: SetBkMode, SetTextColor, CreateCompatibleBitmap, CreateCompatibleDC, BitBlt, GetDIBits, DeleteDC, CreatePen, SelectObject, CreateSolidBrush, Rectangle, DeleteObject, SetDIBitsToDevice, CreateFontW<BR>&gt; ADVAPI32.dll: RegQueryValueExW, RegOpenKeyExW, RegSetValueExW, RegCloseKey, SetFileSecurityW, RegCreateKeyExW<BR>&gt; SHELL32.dll: SHGetFolderPathA<BR>&gt; RPCRT4.dll: UuidCreate, RpcStringFreeW, UuidToStringW<BR>&gt; WININET.dll: InternetReadFile, HttpSendRequestW, HttpOpenRequestW, InternetConnectW, InternetOpenW, InternetCrackUrlW, InternetCloseHandle<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)
pdfid.: -
```

----------


## Юльча

Файл *Install_Digital-Access_v.9251.exe* получен 2010.01.19 17:58:48 (UTC)
Результат: *2*/41 (4.88%)




> Антивирус 	Версия 	Обновление 	Результат
> a-squared	4.5.0.50	2010.01.19	-
> AhnLab-V3	5.0.0.2	2010.01.19	-
> AntiVir	7.9.1.142	2010.01.19	-
> Antiy-AVL	2.0.3.7	2010.01.19	-
> Authentium	5.2.0.5	2010.01.19	-
> Avast	4.8.1351.0	2010.01.19	-
> AVG	9.0.0.730	2010.01.19	-
> BitDefender	7.2	2010.01.19	-
> ...

----------


## Nexus

File Piggy.zip received on 2010.01.19 20:02:52 (UTC)


```
Antivirus	Version	Last Update	Result
a-squared	4.5.0.50	2010.01.19	-
AhnLab-V3	5.0.0.2	2010.01.19	-
AntiVir	7.9.1.142	2010.01.19	Worm/QiMiral.Y
Antiy-AVL	2.0.3.7	2010.01.19	-
Authentium	5.2.0.5	2010.01.19	-
Avast	4.8.1351.0	2010.01.19	-
AVG	9.0.0.730	2010.01.19	-
BitDefender	7.2	2010.01.19	-
CAT-QuickHeal	10.00	2010.01.19	-
ClamAV	0.94.1	2010.01.19	-
Comodo	3638	2010.01.19	-
DrWeb	5.0.1.12222	2010.01.19	Win32.HLLW.Piggy
eSafe	7.0.17.0	2010.01.19	-
eTrust-Vet	35.2.7246	2010.01.19	-
F-Prot	4.5.1.85	2010.01.18	-
F-Secure	9.0.15370.0	2010.01.19	-
Fortinet	4.0.14.0	2010.01.19	-
GData	19	2010.01.19	-
Ikarus	T3.1.1.80.0	2010.01.19	IM-Worm.Win32.QiMiral
Jiangmin	13.0.900	2010.01.19	-
K7AntiVirus	7.10.950	2010.01.18	-
Kaspersky	7.0.0.125	2010.01.19	IM-Worm.Win32.QiMiral.y
McAfee	5866	2010.01.19	-
McAfee+Artemis	5866	2010.01.19	Artemis!1ED597E4D6A8
McAfee-GW-Edition	6.8.5	2010.01.19	Worm.QiMiral.Y
Microsoft	1.5302	2010.01.19	Trojan:Win32/Qimiral.A
NOD32	4787	2010.01.19	a variant of Win32/QiMiral.AA
Norman	6.04.03	2010.01.19	-
nProtect	2009.1.8.0	2010.01.19	-
Panda	10.0.2.2	2010.01.19	Trj/CI.A
PCTools	7.0.3.5	2010.01.19	-
Prevx	3.0	2010.01.19	High Risk Cloaked Malware
Rising	22.31.01.04	2010.01.19	Trojan.Spy.Banbra.pug
Sophos	4.49.0	2010.01.19	-
Sunbelt	3.2.1858.2	2010.01.19	-
Symantec	20091.2.0.41	2010.01.19	-
TheHacker	6.5.0.6.156	2010.01.19	-
TrendMicro	9.120.0.1004	2010.01.19	-
VBA32	3.12.12.1	2010.01.19	-
ViRobot	2010.1.19.2144	2010.01.19	-
VirusBuster	5.0.21.0	2010.01.19	-
```

Additional information
File size: 547054 bytes
MD5   : 72751c42070eb0567ba0baae232034f1
SHA1  : 7187059987cfc888a805522fbc850fda7fbb2100
SHA256: ef77549f34d17ce3feaf9891d9023ab26553e1e52b64479fed  a7ccbc6bd3322d
TrID  : File type identification<BR>ZIP compressed archive (100.0%)
ssdeep: 12288:pCxiq7wng735LcN7ayF4Qmr7FWTfUN8XNY/P:pCXw25LcUe4Qmr7FWbUIY/P
Prevx Info: <A href="http://info.prevx.com/aboutprogramtext.asp?PX5=C319B6BC001521C79EF817125  1FB330065334CE2" target="_blank">http://info.prevx.com/aboutprogramtext.asp?PX5=C319B6BC001521C79EF817125  1FB330065334CE2</A>
PEiD  : -
RDS   : NSRL Reference Data Set<BR>-

http://www.virustotal.com/analisis/e...22d-1263931372

*Добавлено через 10 часов 13 минут*

File Piggy.zip received on 2010.01.20 06:51:47 (UTC)


```
Antivirus	Version	Last Update	Result
a-squared	4.5.0.50	2010.01.20	-
AhnLab-V3	5.0.0.2	2010.01.19	-
AntiVir	7.9.1.142	2010.01.19	-
Antiy-AVL	2.0.3.7	2010.01.19	-
Authentium	5.2.0.5	2010.01.20	-
Avast	4.8.1351.0	2010.01.19	-
AVG	9.0.0.730	2010.01.19	-
BitDefender	7.2	2010.01.20	-
CAT-QuickHeal	10.00	2010.01.20	-
ClamAV	0.94.1	2010.01.20	-
Comodo	3642	2010.01.20	-
DrWeb	5.0.1.12222	2010.01.20	Win32.HLLW.Piggy
eSafe	7.0.17.0	2010.01.19	-
eTrust-Vet	35.2.7247	2010.01.20	-
F-Prot	4.5.1.85	2010.01.19	-
F-Secure	9.0.15370.0	2010.01.20	-
Fortinet	4.0.14.0	2010.01.20	-
GData	19	2010.01.20	-
Ikarus	T3.1.1.80.0	2010.01.20	-
Jiangmin	13.0.900	2010.01.20	-
K7AntiVirus	7.10.950	2010.01.18	-
Kaspersky	7.0.0.125	2010.01.20	IM-Worm.Win32.QiMiral.ab
McAfee	5866	2010.01.19	-
McAfee+Artemis	5866	2010.01.19	-
McAfee-GW-Edition	6.8.5	2010.01.20	-
Microsoft	1.5302	2010.01.20	Trojan:Win32/Qimiral.A
NOD32	4788	2010.01.20	a variant of Win32/QiMiral.AA
Norman	6.04.03	2010.01.19	-
nProtect	2009.1.8.0	2010.01.20	-
Panda	10.0.2.2	2010.01.19	Suspicious file
PCTools	7.0.3.5	2010.01.19	-
Prevx	3.0	2010.01.20	-
Rising	22.31.02.03	2010.01.20	Trojan.Spy.Banbra.pug
Sophos	4.49.0	2010.01.20	-
Sunbelt	3.2.1858.2	2010.01.20	-
Symantec	20091.2.0.41	2010.01.20	-
TheHacker	6.5.0.6.156	2010.01.20	-
TrendMicro	9.120.0.1004	2010.01.20	-
VBA32	3.12.12.1	2010.01.20	-
ViRobot	2010.1.20.2145	2010.01.20	-
VirusBuster	5.0.21.0	2010.01.19	-
```

Additional information
File size: 546704 bytes
MD5...: 6f827e286b6f9b6fa33b2972f108fbfc
SHA1..: 3a33b77e9b8c69e32a12d9311a832ab4be8f9301
SHA256: 26d6c9af1845eccf0be5ff615fc9267cbe2685fdd0cbda05f8  39cdb546cea6ef
ssdeep: 12288:hrzD3LCUk3tsNTMZ+ATht75ceglKFJuvE0ErLNWstHMW  :dn3GswUA72K7u<BR>vE0IWstMW<BR>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<BR>-
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
pdfid.: -
trid..: ZIP compressed archive (100.0%)

http://www.virustotal.com/analisis/2...6ef-1263970307

*Добавлено через 5 минут*

File Piggy.zip received on 2010.01.20 06:57:58 (UTC)


```
Antivirus	Version	Last Update	Result
a-squared	4.5.0.50	2010.01.20	-
AhnLab-V3	5.0.0.2	2010.01.19	-
AntiVir	7.9.1.142	2010.01.19	-
Antiy-AVL	2.0.3.7	2010.01.19	-
Authentium	5.2.0.5	2010.01.20	-
Avast	4.8.1351.0	2010.01.19	-
AVG	9.0.0.730	2010.01.19	-
BitDefender	7.2	2010.01.20	-
CAT-QuickHeal	10.00	2010.01.20	-
ClamAV	0.94.1	2010.01.20	-
Comodo	3642	2010.01.20	-
DrWeb	5.0.1.12222	2010.01.20	Win32.HLLW.Piggy
eSafe	7.0.17.0	2010.01.19	-
eTrust-Vet	35.2.7247	2010.01.20	-
F-Prot	4.5.1.85	2010.01.19	-
F-Secure	9.0.15370.0	2010.01.20	-
Fortinet	4.0.14.0	2010.01.20	-
GData	19	2010.01.20	-
Ikarus	T3.1.1.80.0	2010.01.20	IM-Worm.Win32.QiMiral
Jiangmin	13.0.900	2010.01.20	-
K7AntiVirus	7.10.950	2010.01.18	-
Kaspersky	7.0.0.125	2010.01.20	-
McAfee	5866	2010.01.19	-
McAfee+Artemis	5866	2010.01.19	Artemis!48C08A532382
McAfee-GW-Edition	6.8.5	2010.01.20	-
Microsoft	1.5302	2010.01.20	Trojan:Win32/Qimiral.A
NOD32	4788	2010.01.20	a variant of Win32/QiMiral.AA
Norman	6.04.03	2010.01.19	-
nProtect	2009.1.8.0	2010.01.20	-
Panda	10.0.2.2	2010.01.19	Trj/CI.A
PCTools	7.0.3.5	2010.01.19	-
Prevx	3.0	2010.01.20	-
Rising	22.31.02.03	2010.01.20	Trojan.Spy.Banbra.pug
Sophos	4.49.0	2010.01.20	Mal/Generic-A
Sunbelt	3.2.1858.2	2010.01.20	-
Symantec	20091.2.0.41	2010.01.20	-
TheHacker	6.5.0.6.156	2010.01.20	-
TrendMicro	9.120.0.1004	2010.01.20	-
VBA32	3.12.12.1	2010.01.20	IM-Worm.Win32.QiMiral
ViRobot	2010.1.20.2145	2010.01.20	-
VirusBuster	5.0.21.0	2010.01.19	-
```

Additional information
File size: 547111 bytes
MD5...: 5941c29888979fd37b5b7adcf5803289
SHA1..: b4d440cc0d6945d8454f4d683b55deb5bc07034d
SHA256: fbe6391ef24f8797e644fc7bab5ecd96721bef44fae854b1e1  55a0c271545fdd
ssdeep: 12288:zosHUpv457v8gNFnMdbcdZRIgUIgN63JNgLFVzZaGmFN  FuO:zos2QbJNld<BR>ZNJN8FV8luO<BR>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: ZIP compressed archive (100.0%)

http://www.virustotal.com/analisis/f...fdd-1263970678

*Добавлено через 11 минут*

File Piggy.zip received on 2010.01.20 07:08:29 (UTC)


```
Antivirus	Version	Last Update	Result
a-squared	4.5.0.50	2010.01.20	-
AhnLab-V3	5.0.0.2	2010.01.19	-
AntiVir	7.9.1.142	2010.01.19	-
Antiy-AVL	2.0.3.7	2010.01.19	-
Authentium	5.2.0.5	2010.01.20	-
Avast	4.8.1351.0	2010.01.19	-
AVG	9.0.0.730	2010.01.19	-
BitDefender	7.2	2010.01.20	-
CAT-QuickHeal	10.00	2010.01.20	-
ClamAV	0.94.1	2010.01.20	-
Comodo	3643	2010.01.20	-
DrWeb	5.0.1.12222	2010.01.20	Win32.HLLW.Piggy
eSafe	7.0.17.0	2010.01.19	-
eTrust-Vet	35.2.7247	2010.01.20	-
F-Prot	4.5.1.85	2010.01.19	-
F-Secure	9.0.15370.0	2010.01.20	-
Fortinet	4.0.14.0	2010.01.20	-
GData	19	2010.01.20	-
Ikarus	T3.1.1.80.0	2010.01.20	IM-Worm.Win32.QiMiral
Jiangmin	13.0.900	2010.01.20	-
K7AntiVirus	7.10.950	2010.01.18	-
Kaspersky	7.0.0.125	2010.01.20	IM-Worm.Win32.QiMiral.ac
McAfee	5866	2010.01.19	-
McAfee+Artemis	5866	2010.01.19	Artemis!2B330CB5C999
McAfee-GW-Edition	6.8.5	2010.01.20	-
Microsoft	1.5302	2010.01.20	Trojan:Win32/Qimiral.A
NOD32	4788	2010.01.20	a variant of Win32/QiMiral.AA
Norman	6.04.03	2010.01.19	-
nProtect	2009.1.8.0	2010.01.20	-
Panda	10.0.2.2	2010.01.19	Trj/CI.A
PCTools	7.0.3.5	2010.01.19	-
Prevx	3.0	2010.01.20	-
Rising	22.31.02.03	2010.01.20	Trojan.Spy.Banbra.pug
Sophos	4.49.0	2010.01.20	-
Sunbelt	3.2.1858.2	2010.01.20	-
Symantec	20091.2.0.41	2010.01.20	-
TheHacker	6.5.0.6.156	2010.01.20	-
TrendMicro	9.120.0.1004	2010.01.20	-
VBA32	3.12.12.1	2010.01.20	-
ViRobot	2010.1.20.2145	2010.01.20	-
VirusBuster	5.0.21.0	2010.01.19	-
```

Additional information
File size: 547544 bytes
MD5...: 7017cb717f216c054ba29b3fd6543297
SHA1..: 557c8a7fedda92ef6e5e95fd318753cf0d6e7727
SHA256: 91246861b0ef45171fd864e94ed2fc828d10e9e2bb6aba0059  c3c981a855af12
ssdeep: 12288:oxHFQJlSSVRUNCWASny5Z5kH2u5v4oQ2EgBEGq/ymPdosD08ExQi2:oxHF

http://www.virustotal.com/analisis/9...f12-1263971309

----------


## Юльча

Файл *000038.jpg.jar* получен 2010.01.20 07:06:19 (UTC)
Результат: *8*/41 (19.52%)





> Антивирус 	Версия 	Обновление 	Результат
> a-squared	4.5.0.50	2010.01.20	-
> AhnLab-V3	5.0.0.2	2010.01.19	-
> *AntiVir	7.9.1.142	2010.01.19	JAVA/SMS.J2ME.M
> Antiy-AVL	2.0.3.7	2010.01.19	Trojan/J2ME.Small*
> Authentium	5.2.0.5	2010.01.20	-
> Avast	4.8.1351.0	2010.01.19	-
> AVG	9.0.0.730	2010.01.19	-
> BitDefender	7.2	2010.01.20	-
> ...


Дополнительная информация
File size: 29849 bytes
MD5...: ba64b80b77b14576c3c0844e68ff7238

http://www.virustotal.com/ru/analisi...880-1263971179

----------


## Surfer

File game.jar received on 2010.01.20 14:57:20 (UTC)
Result: 7/41 (17.08%)




> a-squared	4.5.0.50	2010.01.20	-
> AhnLab-V3	5.0.0.2	2010.01.19	-
> AntiVir	7.9.1.142	2010.01.20	-
> *Antiy-AVL	2.0.3.7	2010.01.20	Trojan/J2ME.Jifake*
> Authentium	5.2.0.5	2010.01.20	-
> Avast	4.8.1351.0	2010.01.20	-
> AVG	9.0.0.730	2010.01.19	-
> BitDefender	7.2	2010.01.20	-
> CAT-QuickHeal	10.00	2010.01.20	-
> ...




http://www.virustotal.com/analisis/a...a8a-1263999440

----------


## Erekle

Файл es_chemgan.EXE получен 2010.01.20 21:14:06 (UTC)
Результат: 9/41 (21.96%)



> *a-squared 4.5.0.50 2010.01.20 Backdoor.Win32.Bifrose.caqd!A2* 
> AhnLab-V3 5.0.0.2 2010.01.20 - 
> AntiVir 7.9.1.146 2010.01.20 - 
> Antiy-AVL 2.0.3.7 2010.01.20 - 
> *Authentium 5.2.0.5 2010.01.20 W32/Joke.OA* 
> Avast 4.8.1351.0 2010.01.20 - 
> AVG 9.0.0.730 2010.01.19 - 
> BitDefender 7.2 2010.01.20 - 
> CAT-QuickHeal 10.00 2010.01.20 - 
> ...


http://www.virustotal.com/ru/analisi...dd6-1264022046

Файл mh.exe получен 2010.01.19 09:03:40 (UTC)
Результат: 21/41 (51.22%)



> *a-squared 4.5.0.50 2010.01.19 PWS.Win32!IK* 
> AhnLab-V3 5.0.0.2 2010.01.19 - 
> *AntiVir 7.9.1.142 2010.01.18 TR/Spy.118784.64* 
> Antiy-AVL 2.0.3.7 2010.01.19 - 
> Authentium 5.2.0.5 2010.01.19 - 
> Avast 4.8.1351.0 2010.01.18 - 
> *AVG 9.0.0.730 2010.01.18 Worm/Generic_c.AHU 
> BitDefender 7.2 2010.01.19 Gen:Trojan.Heur.Nsanti.hyWbeKQ0ZH* 
> CAT-QuickHeal 10.00 2010.01.19 - 
> ...


http://www.virustotal.com/ru/analisi...247-1263891820

Файл scrnrdr.exe получен 2010.01.09 08:10:21 (UTC)
Результат: 15/41 (36.59%)



> a-squared 4.5.0.48 2010.01.09 - 
> AhnLab-V3 5.0.0.2 2010.01.09 - 
> AntiVir 7.9.1.130 2010.01.08 - 
> *Antiy-AVL 2.0.3.7 2010.01.08 Trojan/Win32.Agent2.gen* 
> Authentium 5.2.0.5 2010.01.09 - 
> Avast 4.8.1351.0 2010.01.08 - 
> *AVG 8.5.0.430 2010.01.04 Agent.AXNF* 
> BitDefender 7.2 2010.01.09 - 
> CAT-QuickHeal 10.00 2010.01.09 - 
> ...


http://www.virustotal.com/ru/analisi...288-1263024621

----------


## Юльча

Файл *clips01505.scr* получен 2010.01.21 17:17:05 (UTC)
Результат: *9*/41 (21.95%)




> Антивирус 	Версия 	Обновление 	Результат
> *a-squared 	4.5.0.50 	2010.01.21 	Gen.Trojan!IK*
> AhnLab-V3 	5.0.0.2 	2010.01.21 	-
> *AntiVir 	7.9.1.146 	2010.01.21 	TR/Dropper.Gen*
> Antiy-AVL 	2.0.3.7 	2010.01.21 	-
> Authentium 	5.2.0.5 	2010.01.21 	-
> Avast 	4.8.1351.0 	2010.01.21 	-
> AVG 	9.0.0.730 	2010.01.21 	-
> *BitDefender 	7.2 	2010.01.21 	Gen:[email protected]!axieOu*
> ...



http://www.virustotal.com/ru/analisi...78b-1264094225

----------


## gjf

File asd3.tmp received on 2010.01.21 19:58:48 (UTC)
Current status: Loading ... finished 
Result: 5/41 (12.2%)



> Antivirus  	Version  	Last Update  	Result
> a-squared	4.5.0.50	2010.01.21	-
> AhnLab-V3	5.0.0.2	2010.01.21	-
> AntiVir	7.9.1.146	2010.01.21	-
> Antiy-AVL	2.0.3.7	2010.01.21	-
> Authentium	5.2.0.5	2010.01.21	-
> Avast	4.8.1351.0	2010.01.21	-
> AVG	9.0.0.730	2010.01.21	-
> BitDefender	7.2	2010.01.21	-
> ...


http://www.virustotal.com/analisis/b...5cb-1264103928

Печальна ситуация с пакованными вымогателями  :Sad:

----------


## Surfer

File foto.jar received on 2010.01.21 21:57:56 (UTC)
Result: 8/41 (19.52%)




> a-squared	4.5.0.50	2010.01.21	-
> AhnLab-V3	5.0.0.2	2010.01.21	-
> *AntiVir	7.9.1.146	2010.01.21	JAVA/SMS.J2ME.M*
> *Antiy-AVL	2.0.3.7	2010.01.21	Trojan/J2ME.Small*
> Authentium	5.2.0.5	2010.01.21	-
> Avast	4.8.1351.0	2010.01.21	-
> AVG	9.0.0.730	2010.01.21	-
> BitDefender	7.2	2010.01.21	-
> CAT-QuickHeal	10.00	2010.01.21	-
> ...


http://www.virustotal.com/analisis/3...9d0-1264111076

----------


## Юльча

> Файл *9cU3MR6.exe* получен 2010.01.23 12:17:21 (UTC)
> Результат: *6*/41 (14.64%)
> 
> 
> Антивирус 	Версия 	Обновление 	Результат
> a-squared	4.5.0.50	2010.01.23	-
> AhnLab-V3	5.0.0.2	2010.01.23	-
> AntiVir	7.9.1.146	2010.01.22	-
> Antiy-AVL	2.0.3.7	2010.01.22	-
> ...


это был один из трех файлов вируса, который кроме основного функционала меняет роуты и hosts чтобы заблокировать сайты антивирусников и даже вирусинфо.инфо  :Smiley:

----------


## senyak

Файл VK-Presents.exe получен 2010.01.24 10:37:46 (UTC)
Текущий статус: закончено
Результат: 21/41 (51.22%)



> Антивирус  	Версия  	Обновление  	Результат
> *a-squared	4.5.0.50	2010.01.24	Trojan.Win32.Scar!IK*
> AhnLab-V3	5.0.0.2	2010.01.23	-
> *AntiVir	7.9.1.146	2010.01.22	TR/Scar.bdyc
> Antiy-AVL	2.0.3.7	2010.01.22	Trojan/Win32.Scar.gen*
> Authentium	5.2.0.5	2010.01.23	-
> Avast	4.8.1351.0	2010.01.23	-
> *AVG	9.0.0.730	2010.01.24	unknown virus Win32/DH.AA54534F48
> BitDefender	7.2	2010.01.24	Trojan.Generic.IS.423258*
> ...


Дополнительная информация
File size: 311808 bytes
MD5...: 2817b3a429999d984b0b97f1ae10c650
SHA1..: 05bfcb2f4d2c2587eaab9ff2ebc62a16bbf26cea
SHA256: 5c61ce0a66ec1b44229d050aecae51efd4647fa6d0b8a32cfa  7ff51285544357
ssdeep: 6144 :Cheesy: +CiGeq5y3NBqaAKrqm4c9t2KSGkWg2iwjyIooo888888888888  W8888888
8888V :Cheesy: +C2BdVAKrAc9t2g9A888888888888WO
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...357-1264329466

----------


## Buldozer

Подозрительный файл




> a-squared	4.5.0.50	2010.01.25	-
> AhnLab-V3	5.0.0.2	2010.01.23	-
> AntiVir	7.9.1.150	2010.01.25	-
> Antiy-AVL	2.0.3.7	2010.01.22	-
> Authentium	5.2.0.5	2010.01.25	-
> Avast	4.8.1351.0	2010.01.25	-
> AVG	9.0.0.730	2010.01.25	-
> BitDefender	7.2	2010.01.25	-
> CAT-QuickHeal	10.00	2010.01.25	-
> ...


http://www.virustotal.com/ru/analisi...c1c-1264430622

----------


## ZhIV

File kijiu.exe received on 2010.01.28 03:25:05 (UTC)



> Antivirus	Version	Last Update	Result
> a-squared	4.5.0.50	2010.01.28	-
> AhnLab-V3	5.0.0.2	2010.01.27	-
> AntiVir	7.9.1.154	2010.01.27	-
> Antiy-AVL	2.0.3.7	2010.01.27	-
> *Authentium	5.2.0.5	2010.01.28	W32/Damaged_File.B.gen!Eldorado*
> Avast	4.8.1351.0	2010.01.28	-
> AVG	9.0.0.730	2010.01.27	-
> BitDefender	7.2	2010.01.28	-
> ...


Additional information
File size: 4096 bytes
MD5...: f0395e1cde2d138eac75e890a408ff88
SHA1..: 1ac3efe0456d59d369622dd536094c8c0ec0e00e
SHA256: 07ed951ea4f714dfa8d6ea0b07c6d897f6e69ef12dc849d647  4b8b0c1f8ffbfc
ssdeep: 48:a18V8MBaCEF9OoYVm54Mqh+xsi8Vc6vFL6icA5RqjzJvVF3  gy8wH5jBijUdzx<BR>I1H :Cheesy: 8MBIF9GLMqh+G/VVSjtfwY5liaxI1uI<BR>
PEiD..: -

----------


## Nexus

Все тот же Рэнсом в новом обличии, ответ ЛК внизу поста.

File plugin.exe received on 2010.01.28 09:16:26 (UTC)



> Antivirus	Version	Last Update	Result
> a-squared	4.5.0.50	2010.01.28	-
> AhnLab-V3	5.0.0.2	2010.01.28	-
> *AntiVir	7.9.1.154	2010.01.28	TR/Crypt.XPACK.Gen2*
> Antiy-AVL	2.0.3.7	2010.01.28	-
> Authentium	5.2.0.5	2010.01.28	-
> Avast	4.8.1351.0	2010.01.28	-
> AVG	9.0.0.730	2010.01.27	-
> BitDefender	7.2	2010.01.28	-
> ...


Additional information
File size: 380416 bytes
MD5...: dfb0d2770a558278c6024a490881dc5f
SHA1..: 428da92303bbbc13c6036508672a993eef28fbb6
SHA256: 2a8c022ba3db5e5511e490b4418980ed315080d9d937597ad4  b9b86487fafbd0

http://www.virustotal.com/analisis/2...bd0-1264670186

*Ответ с ЛК:*



> plugin.exe - Trojan-Ransom.Win32.PinkBlocker.jf
> 
> Детектирование файла будет добавлено в следующее обновление.

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## VirCode

валялась с 26 декабря

Файл bin.txt получен 2010.01.28 11:13:10 (UTC)
Текущий статус: закончено 
Результат: *6/40 (15%)*



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.50	2010.01.28	-
> AhnLab-V3	5.0.0.2	2010.01.28	-
> AntiVir	7.9.1.154	2010.01.28	-
> Antiy-AVL	2.0.3.7	2010.01.28	-
> Authentium	5.2.0.5	2010.01.28	-
> *Avast	4.8.1351.0	2010.01.28	PHP:Agent-I*
> AVG	9.0.0.730	2010.01.28	-
> BitDefender	7.2	2010.01.28	-
> ...


Дополнительная информация



> File size: 72081 bytes
> MD5...: b2acc7f28b6b6495bc8fa97dc0aef529
> SHA1..: 28ac8ca26c22bfb50b6330f1d62a31677094556f
> SHA256: ccd2604e9089479d18800d8cd1cc6c8ca13241ab0f58341c75  0920950f55ea78
> ssdeep: 1536:mLYpNWYKkxiEmnNjqs6ao0iGpqhwgi46LmUs92I5kGDIg  vLmtY5IcK:jmtI
> hzImUs9J5kxPD
> PEiD..: -
> PEInfo: -
> RDS...: NSRL Reference Data Set
> ...


VT

----------


## Юльча

Файл *New-Video-Addon.45266.exe* получен 2010.01.28 11:35:46 (UTC)
Результат: *10*/39 (25.65%)





> Антивирус 	Версия 	Обновление 	Результат
> a-squared	4.5.0.50	2010.01.28	-
> *AhnLab-V3	5.0.0.2	2010.01.28	Win-Trojan/Malware.66560.CC*
> AntiVir	7.9.1.154	2010.01.28	-
> Antiy-AVL	2.0.3.7	2010.01.28	-
> Authentium	5.2.0.5	2010.01.28	-
> Avast	4.8.1351.0	2010.01.28	-
> AVG	9.0.0.730	2010.01.28	-
> BitDefender	7.2	2010.01.28	-
> ...



http://www.virustotal.com/ru/analisi...846-1264678546

----------


## ZhIV

File ntfs_ext7.exe received on 2010.01.29 06:54:31 (UTC)



> Antivirus	Version	Last Update	Result
> a-squared	4.5.0.50	2010.01.29	-
> AhnLab-V3	5.0.0.2	2010.01.29	-
> *AntiVir	7.9.1.154	2010.01.28	TR/Crypt.XPACK.Gen2*
> Antiy-AVL	2.0.3.7	2010.01.28	-
> Authentium	5.2.0.5	2010.01.29	-
> Avast	4.8.1351.0	2010.01.29	-
> AVG	9.0.0.730	2010.01.28	-
> BitDefender	7.2	2010.01.29	-
> ...


Additional information
File size: 53248 bytes
MD5...: 2e2b9b3f8db2f1e8cfdfa5815d6c8d98
SHA1..: 3d8d02fd9ca1a4d3aa52f4a30b59099883198654
SHA256: 0edd85a92f1e3951b1b38e89b894b05f71c6c4fc3ec8448c74  7deb461d4bc152
ssdeep: 1536:iuZTYiZidvOiS3he/8p78S/Leg0j+wD+gJOxisY:zhVZ2Vu7fWp+gs0sY<BR>
PEiD..: -

----------


## Юльча

Файл *synsql.exe* получен 2010.01.29 07:53:31 (UTC)
Результат: *6/41* (14.64%)




> Антивирус 	Версия 	Обновление 	Результат
> a-squared	4.5.0.50	2010.01.29	-
> AhnLab-V3	5.0.0.2	2010.01.29	-
> *AntiVir	7.9.1.154	2010.01.28	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2010.01.28	-
> Authentium	5.2.0.5	2010.01.29	-
> Avast	4.8.1351.0	2010.01.29	-
> AVG	9.0.0.730	2010.01.28	-
> BitDefender	7.2	2010.01.29	-
> ...


Дополнительная информация
File size: 249856 bytes
MD5...: a73360f11530a090424b79852fab65db

sms-вымогатель yesporno

http://www.virustotal.com/ru/analisi...4fc-1264751611

*Добавлено через 45 минут*

а вот и инсталятор этого вируса и вариант его установки  :Smiley: 
(codepackage.exe детектится антивирусами аналогично synsql.exe)

----------


## kidiam

Файл Autorun.exe получен 2010.01.29 09:44:37 (UTC)




> a-squared	4.5.0.50	2010.01.29	Trojan-PWS.Legmir!IK
> AhnLab-V3	5.0.0.2	2010.01.29	-
> AntiVir	7.9.1.154	2010.01.29	-
> Antiy-AVL	2.0.3.7	2010.01.28	-
> Authentium	5.2.0.5	2010.01.29	W32/Trojan.BWKV
> Avast	4.8.1351.0	2010.01.29	-
> AVG	9.0.0.730	2010.01.28	-
> BitDefender	7.2	2010.01.29	Trojan.Generic.2843771
> CAT-QuickHeal	10.00	2010.01.29	Trojan.Agent.ATV
> ...


Дополнительная информация
File size: 61440 bytes
MD5...: 3a9bcde21a8d27f0c4b7f43615e0e821

http://www.virustotal.com/ru/analisi...653-1264758277

----------


## Surfer

File install.exe received on 2010.01.30 13:12:08 (UTC)
Result: 4/40 (10%)




> a-squared	4.5.0.50	2010.01.30	-
> AhnLab-V3	5.0.0.2	2010.01.30	-
> *AntiVir	7.9.1.154	2010.01.29	TR/Crypt.XPACK.Gen2*
> Antiy-AVL	2.0.3.7	2010.01.28	-
> Authentium	5.2.0.5	2010.01.30	-
> Avast	4.8.1351.0	2010.01.30	-
> AVG	9.0.0.730	2010.01.30	-
> BitDefender	7.2	2010.01.30	-
> CAT-QuickHeal	10.00	2010.01.30	-
> ...


http://www.virustotal.com/analisis/e...173-1264857128

----------


## Shu_b

Народное тестирование. Что прислали посчитали. Декабрь - Январь:

----------


## paul-13

Файл install.exe получен 2010.02.02 19:26:20 (UTC)
Результат: 3/40 (7.5%)



> a-squared	4.5.0.50	2010.02.02	-
> AhnLab-V3	5.0.0.2	2010.02.02	-
> AntiVir	7.9.1.156	2010.02.02	-
> Antiy-AVL	2.0.3.7	2010.02.02	-
> Authentium	5.2.0.5	2010.02.02	-
> Avast	4.8.1351.0	2010.02.02	-
> AVG	9.0.0.730	2010.02.02	-
> BitDefender	7.2	2010.02.02	-
> CAT-QuickHeal	10.00	2010.02.02	-
> ...


http://www.virustotal.com/ru/analisi...148-1265138780

----------


## Surfer

File megaporn_14mb.exe received on 2010.02.03 21:13:46 (UTC)
Result: 9/40 (22.5%)




> a-squared	4.5.0.50	2010.02.03	-
> AhnLab-V3	5.0.0.2	2010.02.03	-
> AntiVir	7.9.1.158	2010.02.03	-
> Antiy-AVL	2.0.3.7	2010.02.03	-
> Authentium	5.2.0.5	2010.02.03	-
> Avast	4.8.1351.0	2010.02.02	-
> AVG	9.0.0.730	2010.02.03	-
> BitDefender	7.2	2010.02.03	-
> *CAT-QuickHeal	10.00	2010.02.03	(Suspicious) - DNAScan*
> ...


http://www.virustotal.com/analisis/6...d34-1265231626

----------


## Юльча

Файл *searchLooked.jar* получен 2010.02.04 16:51:03 (UTC)
Результат: *4*/40 (10%)




> Антивирус 	Версия 	Обновление 	Результат
> a-squared	4.5.0.50	2010.02.04	-
> AhnLab-V3	5.0.0.2	2010.02.04	-
> AntiVir	7.9.1.158	2010.02.04	-
> Antiy-AVL	2.0.3.7	2010.02.04	-
> Authentium	5.2.0.5	2010.02.04	-
> Avast	4.8.1351.0	2010.02.02	-
> AVG	9.0.0.730	2010.02.04	-
> BitDefender	7.2	2010.02.04	-
> ...


VT

----------


## ZhIV

File syshaky.exe received on 2010.02.05 02:27:49 (UTC)



> Antivirus	Version	Last Update	Result
> a-squared	4.5.0.50	2010.02.05	-
> AhnLab-V3	5.0.0.2	2010.02.04	-
> *AntiVir	7.9.1.158	2010.02.04	WORM/Zhelatin.Gen*
> Antiy-AVL	2.0.3.7	2010.02.05	-
> *Authentium	5.2.0.5	2010.02.05	W32/StormWorm.C
> Avast	4.8.1351.0	2010.02.04	Win32:Tibser
> *AVG	9.0.0.730	2010.02.05	-
> *BitDefender	7.2	2010.02.05	Trojan.Peed.IKQ*
> ...


Additional information
File size: 6963 bytes
MD5...: 7bf54eb5b6b728ea4896b66d99a8c52a
SHA1..: abfc86eb6eaf4592dadf809036b9249886a55e85
SHA256: cd645782c084bab2d456f274c9bc78e60cb9b162859c1e36cb  81f8cde49aebb4
ssdeep: 192:ykdY3d1JGgGSBflZiONBXPiL9JGIebi19XQtJ:9abXHloM  XPir4b4Nu<BR>
PEiD..: -
PEInfo: -

*Добавлено через 2 минуты*

File syscnnn.exe received on 2010.02.05 02:29:32 (UTC)



> Antivirus	Version	Last Update	Result
> a-squared	4.5.0.50	2010.02.05	-
> AhnLab-V3	5.0.0.2	2010.02.04	-
> *AntiVir	7.9.1.158	2010.02.04	Worm/Storm.tcr*
> Antiy-AVL	2.0.3.7	2010.02.05	-
> *Authentium	5.2.0.5	2010.02.05	W32/StormWorm.C
> Avast	4.8.1351.0	2010.02.04	Win32:Tibser
> AVG	9.0.0.730	2010.02.05	Downloader.Tibs
> BitDefender	7.2	2010.02.05	Trojan.Peed.IJU
> ...


Additional information
File size: 6917 bytes
MD5...: 135845f8db73610bf6f09233707a8477
SHA1..: 81ff3cb23743a7cc2ce89e2f8d1468190ca0b90a
SHA256: aa004df746dadfc413b6f866476f4ff413a1082439a0f99c55  b265b15e6bec7f
ssdeep: 96:ykdIgHXc5R03O+i1G62xVmPOOdgLnWMFI4L1+iC8lci7/KIDXZGBtNWAJdmdc<BR>mvH:ykdfsYO//2qOnWM9EKclWAQWC<BR>
PEiD..: -
PEInfo: -

----------


## Nexus

File WinProtectionUpdateV_05000.exe received on 2010.02.06 14:45:31 (UTC)



> Antivirus	Version	Last Update	Result
> *a-squared	4.5.0.50	2010.02.06	Riskware.FraudTool.Win32.Agent!IK*
> AhnLab-V3	5.0.0.2	2010.02.06	-
> *AntiVir	7.9.1.158	2010.02.05	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2010.02.05	-
> Authentium	5.2.0.5	2010.02.05	-
> Avast	4.8.1351.0	2010.02.06	-
> *AVG	9.0.0.730	2010.02.06	Dropper.Generic.BPDZ*
> BitDefender	7.2	2010.02.06	-
> ...


Additional information
File size: 45568 bytes
MD5...: c5072f7bdfc795c59420b41ef6d778de
SHA1..: 6acedcd37ebe03d7da49e17bba2672f7599be685

http://www.virustotal.com/analisis/e...91c-1265467531

----------


## paul-13

Файл Install_Flash-Player-10_build9102 получен 2010.02.06 20:58:35 (UTC)
Результат: 5/39 (12.83%)



> a-squared	4.5.0.50	2010.02.06	-
> AhnLab-V3	5.0.0.2	2010.02.06	-
> AntiVir	7.9.1.158	2010.02.05	-
> Antiy-AVL	2.0.3.7	2010.02.05	-
> Authentium	5.2.0.5	2010.02.06	-
> Avast	4.8.1351.0	2010.02.06	-
> AVG	9.0.0.730	2010.02.06	-
> BitDefender	7.2	2010.02.06	-
> *CAT-QuickHeal	10.00	2010.02.06	(Suspicious) - DNAScan*
> ...


http://www.virustotal.com/ru/analisi...390-1265489915

----------


## senyak

Файл avz00001.dta получен 2010.02.06 23:18:10 (UTC)
Текущий статус: закончено
Результат: 12/40 (30.00%)



> Антивирус 	Версия 	Обновление 	Результат
> *a-squared 	4.5.0.50 	2010.02.06 	Riskware.Win32.VBInject!IK*
> AhnLab-V3 	5.0.0.2 	2010.02.06 	-
> *AntiVir 	7.9.1.158 	2010.02.05 	SPR/Tool.VBInject.DN.252*
> Antiy-AVL 	2.0.3.7 	2010.02.05 	-
> Authentium 	5.2.0.5 	2010.02.06 	-
> Avast 	4.8.1351.0 	2010.02.06 	-
> AVG 	9.0.0.730 	2010.02.06 	-
> BitDefender 	7.2 	2010.02.06 	-
> ...


Дополнительная информация
File size: 249856 bytes
MD5   : 10565e1661bb6af6380dfe04fe698d3c
SHA1  : 1f586f079cdb2a07d2742cf4fb19c9daf5361deb
SHA256: 07642ec0f294e7e498b31d47417298deb34bf2436a46dc6ece  bd80aa15962aa6
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...aa6-1265498290

----------


## paul-13

File update.vbe received on 2010.02.05 14:41:05 (UTC)
Result: 2/40 (5.00%)



> a-squared 	4.5.0.50 	2010.02.05 	-
> AhnLab-V3 	5.0.0.2 	2010.02.05 	-
> AntiVir 	7.9.1.158 	2010.02.05 	-
> Antiy-AVL 	2.0.3.7 	2010.02.05 	-
> Authentium 	5.2.0.5 	2010.02.05 	-
> Avast 	4.8.1351.0 	2010.02.04 	-
> AVG 	9.0.0.730 	2010.02.05 	-
> BitDefender 	7.2 	2010.02.05 	-
> CAT-QuickHeal 	10.00 	2010.02.05 	-
> ...


http://www.virustotal.com/analisis/9...5f3-1265380865

----------


## amcenter

Файл Install_Flash-Player-10_build9102 получен 2010.02.07 22:43:17 (UTC)
Текущий статус:    закончено 
Результат: 4/40 (10%)



> Антивирус	Версия	Обновление	Результат
> *a-squared	4.5.0.50	2010.02.07	Trojan.Win32.C2Lop!IK*
> AhnLab-V3	5.0.0.2	2010.02.06	-
> AntiVir	7.9.1.160	2010.02.07	-
> Antiy-AVL	2.0.3.7	2010.02.05	-
> Authentium	5.2.0.5	2010.02.07	-
> Avast	4.8.1351.0	2010.02.07	-
> *AVG	9.0.0.730	2010.02.07	Win32/Heur*
> BitDefender	7.2	2010.02.07	-
> ...


http://www.virustotal.com/ru/analisi...e67-1265582597

----------


## DefesT

File *vipava.exe* received on 2010.02.08 20:04:43 (UTC)
Result: *2*/40 (5%)



> Antivirus 	Version 	Last Update 	Result
> a-squared	4.5.0.50	2010.02.08	-
> AhnLab-V3	5.0.0.2	2010.02.08	-
> AntiVir	7.9.1.160	2010.02.08	-
> Antiy-AVL	2.0.3.7	2010.02.08	-
> Authentium	5.2.0.5	2010.02.08	-
> Avast	4.8.1351.0	2010.02.08	-
> AVG	9.0.0.730	2010.02.08	-
> BitDefender	7.2	2010.02.08	-
> ...


Additional information
File size: *110592* bytes
MD5...: 19bb7dee9d3e9f161db45681619f4c01
SHA1..: e0584823440563c13600c57af31155ad845646e3
SHA256: d210c57c0b6873d52ae4c05dee4bf425f2c0b94ecc5febd868  64db2de69e7c0a
http://www.virustotal.com/analisis/d...c0a-1265659483

----------


## amcenter

Файл Install_Flash-Player-10_build9102 получен 2010.02.08 23:51:57 (UTC)
Текущий статус:   закончено 
Результат: 2/39 (5.13%)




> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.50	2010.02.08	-
> AhnLab-V3	5.0.0.2	2010.02.08	-
> AntiVir	7.9.1.160	2010.02.08	-
> Antiy-AVL	2.0.3.7	2010.02.08	-
> Authentium	5.2.0.5	2010.02.08	-
> Avast	4.8.1351.0	2010.02.09	-
> AVG	9.0.0.730	2010.02.08	-
> BitDefender	7.2	2010.02.08	-
> ...


Дополнительная информация
File size: 130056 bytes
MD5...: 4e61b3f4218a2f332cc9f4796d983a0b
SHA1..: d802ff103059289d0f935c2c42651f5c59d5201e
SHA256: d3743c4c5bf62e4da29a2e8ee7d8147104f6ebc262247dbedb  79a0198f4d5d21
ssdeep: 3072 :borred: xgB4OM+Bu8d8j/uIpAXv2HOO4TuN3Q6dtS1oNRDuUlbg:C4Oh7d8j/v0I3
S1ojDuUls
http://www.virustotal.com/ru/analisi...d21-1265673117

----------


## amcenter

Файл Install_Flash-Player-10_build9102 получен 2010.02.09 22:41:53 (UTC)
Текущий статус:    закончено 
Результат: 3/40 (7.5%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.50	2010.02.09	-
> AhnLab-V3	5.0.0.2	2010.02.09	-
> AntiVir	7.9.1.160	2010.02.09	-
> Antiy-AVL	2.0.3.7	2010.02.09	-
> Authentium	5.2.0.5	2010.02.09	-
> Avast	4.8.1351.0	2010.02.09	-
> AVG	9.0.0.730	2010.02.09	-
> BitDefender	7.2	2010.02.09	-
> ...


Дополнительная информация
File size: 120840 bytes
MD5...: 2437608af6f497d938b2047a694a3c2a
SHA1..: 13b52069a60a6d76d3789f99f3652d4ddc11bd14
SHA256: 5916ba37fef2b2419bf3c72c315cb9aab5be3463050d84c976  bc789c216fe27a
ssdeep: 3072:Hz2m4PcsiVFrrSO57ANcB2upj7lCnNiX7vr1f:HzAPgFr  rSO5kNGx7lCNYB

http://www.virustotal.com/ru/analisi...27a-1265755313

----------


## Erekle

Файл CodecPackage [synsql.exe] получен 2010.02.01 16:55:37 (UTC)
Результат: 7/40 (17.50%)



> *a-squared 4.5.0.50 2010.02.01 Trojan-Ransom.Win32.PornoBlocker!IK* 
> AhnLab-V3 5.0.0.2 2010.02.01 - 
> *AntiVir 7.9.1.154 2010.02.01 TR/Dropper.Gen* 
> Antiy-AVL 2.0.3.7 2010.02.01 - 
> Authentium 5.2.0.5 2010.01.31 - 
> Avast 4.8.1351.0 2010.02.01 - 
> AVG 9.0.0.730 2010.02.01 - 
> BitDefender 7.2 2010.02.01 - 
> CAT-QuickHeal 10.00 2010.02.01 - 
> ...


Дополнительная информация 
File size: 237568 bytes 
MD5   : 5eecc2845b92695cc78512894ea288bb 
SHA1  : fe235bad7ae66e64c8679e7700e97bffbfb9e643 
SHA256: 2658452bd5c199f076b52377aeeedb63e2a519a9625448346b  38c0610d7f7e7e

http://www.virustotal.com/ru/analisi...e7e-1265043337
(я его второго числа, но забыл на флешке  :Huh:  )

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Chizh86

Файл MBX_BF0_3435C8.___.vir получен 2010.02.10 11:51:27 (UTC)

Результат: 4/41 (9.76%)


```
Антивирус  	Версия  	Обновление  	Результат
a-squared	4.5.0.50	2010.02.10	-
AhnLab-V3	5.0.0.2	2010.02.09	-
AntiVir	7.9.1.160	2010.02.10	-
Antiy-AVL	2.0.3.7	2010.02.09	-
Authentium	5.2.0.5	2010.02.10	W32/SuspPack.BM.gen!Eldorado
Avast	4.8.1351.0	2010.02.10	-
AVG	9.0.0.730	2010.02.10	-
BitDefender	7.2	2010.02.10	-
CAT-QuickHeal	10.00	2010.02.10	-
ClamAV	0.96.0.0-git	2010.02.10	-
Comodo	3886	2010.02.10	-
DrWeb	5.0.1.12222	2010.02.10	-
eSafe	7.0.17.0	2010.02.09	-
eTrust-Vet	35.2.7294	2010.02.10	-
F-Prot	4.5.1.85	2010.02.09	W32/SuspPack.BM.gen!Eldorado
F-Secure	9.0.15370.0	2010.02.10	-
Fortinet	4.0.14.0	2010.02.10	-
GData	19	2010.02.10	-
Ikarus	T3.1.1.80.0	2010.02.10	-
Jiangmin	13.0.900	2010.02.08	-
K7AntiVirus	7.10.969	2010.02.08	-
Kaspersky	7.0.0.125	2010.02.10	-
McAfee	5887	2010.02.09	-
McAfee+Artemis	5887	2010.02.09	-
McAfee-GW-Edition	6.8.5	2010.02.10	-
Microsoft	1.5406	2010.02.10	-
NOD32	4853	2010.02.10	-
Norman	6.04.03	2010.02.10	-
nProtect	2009.1.8.0	2010.02.10	-
Panda	10.0.2.2	2010.02.09	-
PCTools	7.0.3.5	2010.02.10	-
Prevx	3.0	2010.02.10	-
Rising	22.34.01.02	2010.02.10	-
Sophos	4.50.0	2010.02.10	-
Sunbelt	3.2.1858.2	2010.02.10	-
Symantec	20091.2.0.41	2010.02.10	Suspicious.Insight
TheHacker	6.5.1.1.186	2010.02.10	-
TrendMicro	9.120.0.1004	2010.02.10	-
VBA32	3.12.12.2	2010.02.09	-
ViRobot	2010.2.10.2180	2010.02.10	-
VirusBuster	5.0.21.0	2010.02.09	Backdoor.Agent.EHC!Dam
```

File size: 2048 bytes
MD5...: a0ed3c458f554df78ce80230ca6f2490
SHA1..: 1bbf0d9acda27bad3de80d8cacc08e1769db4eaf
SHA256: 073e0e20420d48190cd727301d664ba0b9c12c400bbfbc3408  4bb1103dc8c687
ssdeep: 6:idqGVg3F+X32QgzfkWl8/cWfmRRoQIXX0DkR:etGSGQgwi80Wu8QuX0Da

----------


## Surfer

File file.exe received on 2010.02.10 12:13:57 (UTC)
Result: 7/41 (17.08%)




> a-squared 4.5.0.50 2010.02.10 - 
> AhnLab-V3 5.0.0.2 2010.02.09 - 
> *AntiVir 7.9.1.160 2010.02.10 TR/Dropper.Gen*
> Antiy-AVL 2.0.3.7 2010.02.09 - 
> Authentium 5.2.0.5 2010.02.10 - 
> Avast 4.8.1351.0 2010.02.10 - 
> AVG 9.0.0.730 2010.02.10 - 
> BitDefender 7.2 2010.02.10 - 
> CAT-QuickHeal 10.00 2010.02.10 - 
> ...


http://www.virustotal.com/analisis/3...28e-1265804037

----------


## DefesT

File *exe.exe* received on 2010.02.10 16:05:14 (UTC)
Result: *13*/41 (31.71%)



> Antivirus 	Version 	Last Update 	Result
> a-squared	4.5.0.50	2010.02.10	-
> AhnLab-V3	5.0.0.2	2010.02.09	-
> *AntiVir	7.9.1.160	2010.02.10	TR/Agent.AN.809*
> Antiy-AVL	2.0.3.7	2010.02.09	-
> Authentium	5.2.0.5	2010.02.10	-
> Avast	4.8.1351.0	2010.02.10	-
> AVG	9.0.0.730	2010.02.10	-
> BitDefender	7.2	2010.02.10	-
> ...



Additional information
File size: *38400* bytes
MD5...: ed5d2cca083f86a8a2c622d04edd1204
SHA1..: 59e0df9814fbb501045236a8f81f0709e4c6dbc6
SHA256: 6ac89a32ee104363663f156f9893a932952305179b69f41797  8df0f00be02e45
http://www.virustotal.com/analisis/6...e45-1265817914

File *mur_clan_Elite_.exe* received on 2010.02.10 16:05:20 (UTC)
Result: *19*/41 (46.35%)



> Antivirus  	Version  	Last Update  	Result
> *a-squared	4.5.0.50	2010.02.10	Trojan.SuspectCRC!IK*
> AhnLab-V3	5.0.0.2	2010.02.09	-
> *AntiVir	7.9.1.160	2010.02.10	TR/PSW.Gamania.114*
> Antiy-AVL	2.0.3.7	2010.02.09	-
> Authentium	5.2.0.5	2010.02.10	-
> Avast	4.8.1351.0	2010.02.10	-
> *AVG	9.0.0.730	2010.02.10	PSW.Generic7.AVIW
> BitDefender	7.2	2010.02.10	Trojan.Generic.2527480
> ...



Additional information
File size: *114688* bytes
MD5...: 52b46b6b63314404edc00e2b648bb2a5
SHA1..: dd5b05d6b31d611fdfc629a4dac57e676fe86613
SHA256: 5a06a83afa5296b37a64181c84cf2fcf2a94d2250d5e193d26  06601e0bd33d47
http://www.virustotal.com/analisis/5...d47-1265817920

----------


## amcenter

Файл Install_Flash-Player-10_build9102 получен 2010.02.10 17:34:24 (UTC)
Текущий статус:    закончено 
Результат: 6/41 (14.64%)




> Антивирус	Версия	Обновление	Результат
> *a-squared	4.5.0.50	2010.02.10	Trojan.Win32.C2Lop!IK*
> AhnLab-V3	5.0.0.2	2010.02.09	-
> AntiVir	7.9.1.160	2010.02.10	-
> Antiy-AVL	2.0.3.7	2010.02.09	-
> Authentium	5.2.0.5	2010.02.10	-
> Avast	4.8.1351.0	2010.02.10	-
> AVG	9.0.0.730	2010.02.10	-
> BitDefender	7.2	2010.02.10	-
> ...


Дополнительная информация
File size: 105480 bytes
MD5...: 459743e7c52c19d8d52f0f2f99f74624
SHA1..: cc86addfdb3bc23d8751386c605f884f987b0298
SHA256: 8eed383d899897507f195cdadba9c233aa1098c0a3ec462c27  9774d4656298d3
ssdeep: 3072:y3j7abSTfwN5vX47E9jf01xU9i4LrQ6ows+i5km:y3KbS  DwNeA9yUU4LrQn
+iZ
http://www.virustotal.com/ru/analisi...8d3-1265823264

----------


## Юльча

Файл *kyglnn.exe* получен 2010.02.10 17:13:40 (UTC)
Результат: *3/41* (7.32%)




> Антивирус 	Версия 	Обновление 	Результат
> a-squared 	4.5.0.50 	2010.02.10 	-
> AhnLab-V3 	5.0.0.2 	2010.02.09 	-
> AntiVir 	7.9.1.160 	2010.02.10 	-
> Antiy-AVL 	2.0.3.7 	2010.02.09 	-
> Authentium 	5.2.0.5 	2010.02.10 	-
> Avast 	4.8.1351.0 	2010.02.10 	-
> AVG 	9.0.0.730 	2010.02.10 	-
> BitDefender 	7.2 	2010.02.10 	-
> ...


http://www.virustotal.com/ru/analisi...777-1265822020

----------


## amcenter

Файл Install_Flash-Player-10_build9102 получен 2010.02.11 17:37:04 (UTC)
Текущий статус:    закончено 
Результат: *6/41* (14.64%)



> Антивирус	Версия	Обновление	Результат
> *a-squared	4.5.0.50	2010.02.11	Trojan.Win32.C2Lop!IK*
> AhnLab-V3	5.0.0.2	2010.02.11	-
> AntiVir	7.9.1.160	2010.02.11	-
> Antiy-AVL	2.0.3.7	2010.02.11	-
> Authentium	5.2.0.5	2010.02.11	-
> Avast	4.8.1351.0	2010.02.11	-
> *AVG	9.0.0.730	2010.02.11	Win32/Heur*
> BitDefender	7.2	2010.02.11	-
> ...


Дополнительная информация
File size: 146952 bytes
MD5...: d13a8abd9c6d13071d20e4456d158ad9
SHA1..: ba63caa7fff497898f0c74be2ff0beb945a0ade4
SHA256: de954b7f626ff0f6f7b798cfd0910e9b37492f160b65a0d3be  bb5d54441ad15d
ssdeep: 3072:EyxpoPVkvpyLlrFDrP9pGQMtO7uFWm2FDu8Kzu1gD8JCP  3aKjf:EWpQlLHD
gQi4Fa8KuJCfB
http://www.virustotal.com/ru/analisi...15d-1265909824

----------


## gjf

http://www.virustotal.com/analisis/d...c98-1266053477


```
a-squared 	4.5.0.50 	2010.02.13 	-
AhnLab-V3 	5.0.0.2 	2010.02.12 	-
AntiVir 	7.9.1.160 	2010.02.12 	-
Antiy-AVL 	2.0.3.7 	2010.02.13 	-
Authentium 	5.2.0.5 	2010.02.13 	-
Avast 	4.8.1351.0 	2010.02.12 	-
AVG 	9.0.0.730 	2010.02.12 	SHeur2.CLFS
BitDefender 	7.2 	2010.02.13 	-
CAT-QuickHeal 	10.00 	2010.02.13 	(Suspicious) - DNAScan
ClamAV 	0.96.0.0-git 	2010.02.13 	-
Comodo 	3920 	2010.02.13 	-
DrWeb 	5.0.1.12222 	2010.02.13 	Trojan.Winlock.1077
eSafe 	7.0.17.0 	2010.02.11 	-
eTrust-Vet 	35.2.7300 	2010.02.12 	-
F-Prot 	4.5.1.85 	2010.02.12 	-
F-Secure 	9.0.15370.0 	2010.02.13 	-
Fortinet 	4.0.14.0 	2010.02.13 	-
GData 	19 	2010.02.13 	-
Ikarus 	T3.1.1.80.0 	2010.02.13 	-
Jiangmin 	13.0.900 	2010.02.08 	-
K7AntiVirus 	7.10.972 	2010.02.12 	-
Kaspersky 	7.0.0.125 	2010.02.13 	-
McAfee 	5890 	2010.02.12 	-
McAfee+Artemis 	5890 	2010.02.12 	-
McAfee-GW-Edition 	6.8.5 	2010.02.13 	-
Microsoft 	1.5406 	2010.02.13 	-
NOD32 	4862 	2010.02.12 	Win32/LockScreen.NV
Norman 	6.04.08 	2010.02.12 	-
nProtect 	2009.1.8.0 	2010.02.13 	-
Panda 	10.0.2.2 	2010.02.12 	-
PCTools 	7.0.3.5 	2010.02.13 	-
Prevx 	3.0 	2010.02.13 	-
Rising 	22.34.01.03 	2010.02.11 	Packer.Win32.UnkPacker.a
Sophos 	4.50.0 	2010.02.13 	Mal/FakeAV-AX
Sunbelt 	5675 	2010.02.13 	-
Symantec 	20091.2.0.41 	2010.02.13 	Suspicious.Insight
TheHacker 	6.5.1.4.191 	2010.02.13 	-
TrendMicro 	9.120.0.1004 	2010.02.13 	-
VBA32 	3.12.12.2 	2010.02.12 	-
ViRobot 	2010.2.13.2186 	2010.02.13 	-
VirusBuster 	5.0.21.0 	2010.02.12 	-
```

Additional information
File size: 176640 bytes
MD5   : fe0f194082169e86b281d7b404d4539c
SHA1  : f23d48e38f3e9c015057c575306be0be19862bff
SHA256: dd0d4cfdf2f87655ef087cb1c37c453f0ac53b30ad5d33d023  6b5072a7746c98

----------


## alex_555

Файл sfcfiles.dll получен 2010.02.15 17:24:57 (UTC)
Текущий статус:   закончено 
Результат: 10/39 (25.65%) 
 Форматированные 


```
Печать результатов  Антивирус	Версия	Обновление	Результат
a-squared	4.5.0.50	2010.02.15	Trojan-Dropper!IK
AhnLab-V3	5.0.0.2	2010.02.15	-
AntiVir	7.9.1.170	2010.02.15	TR/Dropper.Gen
Antiy-AVL	2.0.3.7	2010.02.15	-
Authentium	5.2.0.5	2010.02.15	-
Avast	4.8.1351.0	2010.02.15	-
AVG	9.0.0.730	2010.02.15	-
BitDefender	7.2	2010.02.15	-
CAT-QuickHeal	10.00	2010.02.15	-
ClamAV	0.96.0.0-git	2010.02.15	-
Comodo	3945	2010.02.15	TrojWare.Win32.Small.YBE
DrWeb	5.0.1.12222	2010.02.15	Trojan.WinSpy.570
eSafe	7.0.17.0	2010.02.15	-
eTrust-Vet	35.2.7303	2010.02.15	Win32/Sfcpatched.A
F-Prot	4.5.1.85	2010.02.15	-
Fortinet	4.0.14.0	2010.02.15	-
GData	19	2010.02.15	-
Ikarus	T3.1.1.80.0	2010.02.15	Trojan-Dropper
Jiangmin	13.0.900	2010.02.15	-
K7AntiVirus	7.10.972	2010.02.12	-
Kaspersky	7.0.0.125	2010.02.15	-
McAfee	5893	2010.02.15	-
McAfee+Artemis	5892	2010.02.14	Artemis!078B3E49C898
McAfee-GW-Edition	6.8.5	2010.02.15	Heuristic.LooksLike.Trojan.Dropper.S
Microsoft	1.5406	2010.02.15	-
NOD32	4868	2010.02.15	-
Norman	6.04.08	2010.02.15	-
nProtect	2009.1.8.0	2010.02.15	-
Panda	10.0.2.2	2010.02.14	-
PCTools	7.0.3.5	2010.02.15	-
Prevx	3.0	2010.02.15	-
Rising	22.34.01.03	2010.02.11	-
Sophos	4.50.0	2010.02.15	Mal/Generic-A
Sunbelt	5678	2010.02.15	-
TheHacker	6.5.1.4.194	2010.02.15	-
TrendMicro	9.120.0.1004	2010.02.15	-
VBA32	3.12.12.2	2010.02.15	BScope.Crex
ViRobot	2010.2.13.2186	2010.02.13	-
VirusBuster	5.0.21.0	2010.02.15	-
```

Дополнительная информация
File size: 973072 bytes
MD5...: 078b3e49c898bf068536459bbbc2e1eb
SHA1..: c82302a3ce6e8c0d40fafc47e2a7dcb2ca177050
SHA256: 5cc2f737c85c7740ffdb65290f6ba07c85db4d31aba584c042  7620735d3a6a01
ssdeep: 1536:kkyGyj81CN+Z0bqROz+Ecl/trA1CZaLHQ37wNoh8XfZY+zBtATPuB7wNC7M
YjhXz:2Gyj5MgqROi3l/trA1CZ4HG+Z3XZk
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3b44
timedatestamp.....: 0x4b70749d (Mon Feb 08 20:31:25 2010)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2daa 0x2e00 6.41 b01d47706cb3cff58f758aba281bdf21
.rdata 0x4000 0x5db 0x600 4.86 13a4a09ef68bdad98ed38cac6f5d0d6b
.data 0x5000 0x329d 0x200 0.26 14f61491ecd77e5c1844bbf9ef1f5b18
.reloc 0x9000 0x3f8 0x400 6.40 16cdda120f9d9696bd6fd9ac3aa829f7

( 2 imports ) 
> kernel32.dll: CloseHandle, CreateFileA, CreateProcessA, CreateThread, DeleteFileA, EnterCriticalSection, FormatMessageA, GetCommandLineA, GetCurrentThread, GetDateFormatA, GetEnvironmentVariableA, GetFileSize, GetProcAddress, GetProfileStringA, GetTickCount, GetVersionExW, GlobalAlloc, IsBadReadPtr, LoadLibraryA, LoadLibraryW, LocalAlloc, LocalReAlloc, LocalSize, MapViewOfFile, ReadFile, ResumeThread, Sleep, VirtualAlloc, WaitForSingleObject, lstrcmpA, lstrcmpiA, lstrlenA
> user32.dll: wsprintfA, BeginPaint, CallWindowProcW, CharNextA, DeleteMenu, EndDialog, EndPaint, GetClassInfoExW, GetCursorPos, GetDlgItem, GetFocus, GetKeyState, GetSystemMetrics, GetWindowRect, IsWindow, LoadCursorW, LoadMenuW, PaintDesktop, SendDlgItemMessageW, SetCapture, SetRect, SetTimer, SubtractRect, UnregisterHotKey

( 1 exports ) 
SfcGetFiles
RDS...: NSRL Reference Data Set


http://www.virustotal.com/ru/analisi...a01-1266254697

----------


## valho

Соседи купили два ноута acer в магазине, настройки предустановленные, никто ничего не делал. Было 1 + 18

File aJewelQuestSolitaire.exe received on 2010.02.17 19:18:22 (UTC)
Current status: finished
Result: 10/41 (24.4%)



> *a-squared	4.5.0.50	2010.02.17	Trojan.Win32.Agent!IK*
> AhnLab-V3	5.0.0.2	2010.02.17	-
> AntiVir	8.2.1.170	2010.02.17	-
> Antiy-AVL	2.0.3.7	2010.02.17	-
> *Authentium	5.2.0.5	2010.02.17	W32/Trojan2.MAER*
> Avast	4.8.1351.0	2010.02.17	-
> AVG	9.0.0.730	2010.02.17	-
> BitDefender	7.2	2010.02.17	-
> CAT-QuickHeal	10.00	2010.02.17	-
> ...


Additional information
File size: 1085440 bytes
MD5...: a6ba1c99beda774d17e6848a7c511897
SHA1..: 0ef2aeb4625bc9f69e8d2004bd8b66ef70ac81c8
SHA256: fcbb456487839fab6365e31b95ce00266ec2ada040d0d9e9a7  26fb4f5a96231b
ssdeep: 24576:psgJhxlRHVtaeGuwLV7y6MoEXd+hKN6mUWuJT:pJzljG  2dorhKN6mUbJT
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x132000
timedatestamp.....: 0x45397cbb (Sat Oct 21 01:49:47 2006)
machinetype.......: 0x14c (I386)

File Launch.exe received on 2010.02.17 19:18:55 (UTC)
Current status: finished
Result: 9/41 (21.96%)



> a-squared	4.5.0.50	2010.02.17	-
> AhnLab-V3	5.0.0.2	2010.02.17	-
> *AntiVir	8.2.1.170	2010.02.17	GAME/Downloader.Gen*
> Antiy-AVL	2.0.3.7	2010.02.17	-
> *Authentium	5.2.0.5	2010.02.17	W32/Launcher.A.gen!Eldorado*
> Avast	4.8.1351.0	2010.02.17	-
> AVG	9.0.0.730	2010.02.17	-
> BitDefender	7.2	2010.02.17	-
> *CAT-QuickHeal	10.00	2010.02.17	Trojan.Inject.kgp*
> ...


Additional information
File size: 745472 bytes
MD5...: a5817ba5f103784be6402e1c6dfb69c2
SHA1..: 201c5670bcc78c2ecdad36454eb1cb966af26711
SHA256: 109e69fabb4007dc5635b1a116c840ab732189f07c4a02e99f  80c5f218d61bc1
ssdeep: 12288:OJYu0cCcKtLszw0EVga2WMuCE97NNcHiujDgt5plQsxj  P+FQoFBOsD:rck
LJ79JqHiuwLVBdts
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x90000
timedatestamp.....: 0x467a9436 (Thu Jun 21 15:07:34 2007)
machinetype.......: 0x14c (I386)

----------


## Юльча

Файл *settings.exe* получен 2010.02.23 06:36:30 (UTC)
Результат: *9/41* (21.96%)





> Антивирус 	Версия 	Обновление 	Результат
> a-squared	4.5.0.50	2010.02.23	-
> AhnLab-V3	5.0.0.2	2010.02.23	-
> AntiVir	8.2.1.172	2010.02.22	-
> Antiy-AVL	2.0.3.7	2010.02.22	-
> Authentium	5.2.0.5	2010.02.23	-
> Avast	4.8.1351.0	2010.02.22	-
> *AVG	9.0.0.730	2010.02.22	Vundo.KN*
> BitDefender	7.2	2010.02.23	-
> ...


Дополнительная информация
File size: 79872 bytes
MD5...: 14842c51d06e61efe8b86d1ae431072d

http://www.virustotal.com/ru/analisi...87f-1266906990

----------


## OSSP2008

Файл* install_flash_player.rar* получен 2010.02.23 09:25:58 (UTC)
Текущий статус:    закончено 
Результат: *4/41 (9.76%)*




> a-squared	4.5.0.50	2010.02.23	-
> AhnLab-V3	5.0.0.2	2010.02.23	-
> AntiVir	8.2.1.172	2010.02.23	-
> Antiy-AVL	2.0.3.7	2010.02.23	-
> Authentium	5.2.0.5	2010.02.23	-
> Avast	4.8.1351.0	2010.02.22	-
> AVG	9.0.0.730	2010.02.22	-
> BitDefender	7.2	2010.02.23	-
> *CAT-QuickHeal	10.00	2010.02.23	(Suspicious) - DNAScan*
> ...


File size: 113469 bytes
MD5...: 517cf4cb2310be265ed1cca63cc2781b
SHA1..: d0eaa3055eebde5a7bd123239b9dc215f3345daa
SHA256: 8126e89581abb0cbef1d047becd0a69f0a26eac1191ba049fe  157272fe4c6e1d
ssdeep: 3072:h0/fm9Vt0zsd6bYxJ/J3qZav/BVky3mHKfd:hi+VtqkDtqOBVky3mHKF
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: RAR Archive (83.3%)
REALbasic Project (16.6%)

----------


## Korvelle

File inlove.exe received on 2010.02.23 19:30:52 (UTC)
Current status: finished
Result: 6/41 (14.63%)
Compact Compact
Print results Print results
Antivirus 	Version 	Last Update 	Result



> *a-squared 	4.5.0.50 	2010.02.23 	Trojan.Win32.VkHost!IK*
> AhnLab-V3 	5.0.0.2 	2010.02.23 	-
> AntiVir 	8.2.1.172 	2010.02.23 	-
> Antiy-AVL 	2.0.3.7 	2010.02.23 	-
> Authentium 	5.2.0.5 	2010.02.23 	-
> Avast 	4.8.1351.0 	2010.02.23 	-
> *AVG 	9.0.0.730 	2010.02.23 	unknown virus Win32/DH.AA54534F48*
> BitDefender 	7.2 	2010.02.23 	-
> CAT-QuickHeal 	10.00 	2010.02.23 	-
> ...


Additional information
File size: 517632 bytes
MD5   : 4fa977ea91faeb93df668d571fe6932f
SHA1  : 211d875e3649b5981fcc61a87f90c8d6cc76f170
SHA256: f28ec85366d5e60f9f119ba8077a4737ecfdf7d980aa3ede75  8f7c8610d2cb7f
PEInfo: PE Structure information

----------


## Юльча

Файл *tbvgdbjylq.exe* получен 2010.02.26 17:40:57 (UTC)
Результат: *9/41* (21.96%)




> Антивирус 	Версия 	Обновление 	Результат
> *a-squared	4.5.0.50	2010.02.26	Trojan.Win32.Oflica!IK*
> AhnLab-V3	5.0.0.2	2010.02.26	-
> AntiVir	8.2.1.176	2010.02.26	-
> Antiy-AVL	2.0.3.7	2010.02.26	-
> Authentium	5.2.0.5	2010.02.26	-
> *Avast	4.8.1351.0	2010.02.26	Win32ficla-E
> Avast5	5.0.332.0	2010.02.26	Win32ficla-E*
> AVG	9.0.0.730	2010.02.26	-
> ...


http://www.virustotal.com/ru/analisi...dee-1267206057

----------


## ISO

Был удивлён, когда KIS никак не отреагировал на эту гадость, лежащую в явном виде на флешке. 

 File *ms232.exe* received on 2010.02.27 07:43:47 (UTC)
Result: 24/42 (57.15%)
Antivirus 	Version 	Last Update 	Result	



> *a-squared	4.5.0.50	2010.02.27	Net-Worm.Win32.Kolab!IK*
> AhnLab-V3	5.0.0.2	2010.02.26	-
> *AntiVir	8.2.1.176	2010.02.26	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2010.02.26	-
> *Authentium	5.2.0.5	2010.02.27	W32/VBTrojan.Dropper.4!Maximus
> Avast	4.8.1351.0	2010.02.27	Win32:Malware-gen
> Avast5	5.0.332.0	2010.02.26	Win32:Malware-gen
> AVG	9.0.0.730	2010.02.26	Dropper.Generic.BQRL
> BitDefender	7.2	2010.02.27	Trojan.Generic.3147838
> ...


Additional information
File size: 135168 bytes
MD5...: 1b0cb68a15cfd2e134c42889c3d443b0
SHA1..: 3c97c6c0295b6b8d8fcaf370e1981fb6a7782232
SHA256: 320bbf50d9b9ab18731938d737f5b79ad9da7b205d966d641e  1ab94304e633c3

----------


## Erekle

Файл winesm32.exe получен 2010.03.01 12:04:20 (UTC)
Результат: 14/41 (34.15%)



> *a-squared 4.5.0.50 2010.03.01 Packed.Win32.Krap!IK* 
> AhnLab-V3 5.0.0.2 2010.02.28 - 
> AntiVir 8.2.1.176 2010.03.01 - 
> Antiy-AVL 2.0.3.7 2010.03.01 - 
> Authentium 5.2.0.5 2010.03.01 - 
> Avast 4.8.1351.0 2010.03.01 - 
> AVG 9.0.0.730 2010.02.28 - 
> BitDefender 7.2 2010.03.01 - 
> CAT-QuickHeal 10.00 2010.03.01 - 
> ...


http://www.virustotal.com/ru/analisi...e7a-1267445060

----------


## Korvelle

Фэйкалерт, просит слать смс.
Файл bradarsetup1.exe получен 2010.03.02 18:26:49 (UTC)
Антивирус	Версия	Обновление	Результат



> a-squared	4.5.0.50	2010.03.02	-
> AhnLab-V3	5.0.0.2	2010.03.02	-
> AntiVir	8.2.1.180	2010.03.02	-
> Antiy-AVL	2.0.3.7	2010.03.02	-
> Authentium	5.2.0.5	2010.03.02	-
> Avast	4.8.1351.0	2010.03.02	-
> Avast5	5.0.332.0	2010.03.02	-
> AVG	9.0.0.730	2010.03.02	-
> BitDefender	7.2	2010.03.02	-
> ...


Дополнительная информация
File size: 1058778 bytes
MD5...: 282c6696d02acdf8ab15c8f46ad38323
SHA1..: 47b6ef37be6a437f28b8ded1c7d4d67538e13ca9
SHA256: b4e88799a70744c64f8ed49cebbaff3557e95d69adb4df84b6  b9677aeec678d2
ssdeep: 24576:v2UENSHnjkVdhWaUO6Ipie0jUnoqvU4wmpmh38YaXag:  v2tYjKQaUa0ImS<br>caV<br>
PEiD..: -

----------


## DefesT

File *winlogon.exe* received on 2010.03.02 20:38:38 (UTC)
Result: *10*/42 (23.81%)



> Antivirus 	Version 	Last Update 	Result
> a-squared	4.5.0.50	2010.03.02	-
> AhnLab-V3	5.0.0.2	2010.03.02	-
> *AntiVir	8.2.1.180	2010.03.02	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2010.03.02	-
> Authentium	5.2.0.5	2010.03.02	-
> Avast	4.8.1351.0	2010.03.02	-
> Avast5	5.0.332.0	2010.03.02	-
> AVG	9.0.0.730	2010.03.02	-
> ...


Additional information
File size: *71140* bytes
MD5...: 65ba50906815d6b8565408dfe39c0e2e
SHA1..: 49fac2a11d2501abadb9a5fbffb2d40b10ef6007
SHA256: 3abbe03b160ce4d09ba4a9b077036b23700d81d7d9a52ab704  fa55584b3171d6
http://www.virustotal.com/analisis/3...1d6-1267562318

File *Podarok.exe* received on 2010.03.02 20:47:48 (UTC)
Result: *7*/42 (16.67%)



> Antivirus 	Version 	Last Update 	Result
> *a-squared	4.5.0.50	2010.03.02	Trojan-Dropper!IK*
> AhnLab-V3	5.0.0.2	2010.03.02	-
> *AntiVir	8.2.1.180	2010.03.02	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2010.03.02	-
> Authentium	5.2.0.5	2010.03.02	-
> Avast	4.8.1351.0	2010.03.02	-
> Avast5	5.0.332.0	2010.03.02	-
> AVG	9.0.0.730	2010.03.02	-
> ...


Additional information
File size: *114894* bytes
MD5...: 14c2fdb629004eebbcb941072dd0e224
SHA1..: c8784a7017b904437d383bfa9e5e71a05d32b3ad
SHA256: c658babff3efb790bc9ca4feeed3f9ca329cfd9a9c65e97375  e5466262d31661
http://www.virustotal.com/analisis/c...661-1267562868

----------


## Юльча

Файл *Setup_295.ex*e получен 2010.03.05 10:31:47 (UTC)
Результат: *7/42* (16.67%)




> Антивирус 	Версия 	Обновление 	Результат
> *a-squared 	4.5.0.50 	2010.03.05 	Trojan.Win32.FakeAV!IK*
> AhnLab-V3 	5.0.0.2 	2010.03.05 	-
> AntiVir 	8.2.1.180 	2010.03.05 	-
> Antiy-AVL 	2.0.3.7 	2010.03.05 	-
> Authentium 	5.2.0.5 	2010.03.05 	-
> Avast 	4.8.1351.0 	2010.03.04 	-
> Avast5 	5.0.332.0 	2010.03.04 	-
> AVG 	9.0.0.730 	2010.03.04 	-
> ...


http://www.virustotal.com/ru/analisi...454-1267785107

----------


## mayas

File update_flash_player.exe 
Current status:     finished   
Result: 4/42 (9.53%)


*a-squared	4.5.0.50	2010.03.05	Trojan-Ransom.Win32.PinkBlocker!IK*
AhnLab-V3	5.0.0.2	2010.03.05	-
AntiVir	8.2.1.180	2010.03.05	-
Antiy-AVL	2.0.3.7	2010.03.05	-
Authentium	5.2.0.5	2010.03.05	-
Avast	4.8.1351.0	2010.03.05	-
Avast5	5.0.332.0	2010.03.05	-
AVG	9.0.0.730	2010.03.05	-
BitDefender	7.2	2010.03.05	-
CAT-QuickHeal	10.00	2010.03.05	-
ClamAV	0.96.0.0-git	2010.03.05	-
Comodo	4091	2010.02.28	-
DrWeb	5.0.1.12222	2010.03.05	-
eSafe	7.0.17.0	2010.03.04	-
eTrust-Vet	35.2.7341	2010.03.05	-
F-Prot	4.5.1.85	2010.03.04	-
F-Secure	9.0.15370.0	2010.03.05	-
Fortinet	4.0.14.0	2010.03.04	-
GData	19	2010.03.05	-
*Ikarus	T3.1.1.80.0	2010.03.05	Trojan-Ransom.Win32.PinkBlocker*
Jiangmin	13.0.900	2010.03.05	-
K7AntiVirus	7.10.990	2010.03.04	-
Kaspersky	7.0.0.125	2010.03.05	-
McAfee	5910	2010.03.04	-
McAfee+Artemis	5910	2010.03.04	-
McAfee-GW-Edition	6.8.5	2010.03.05	-
Microsoft	1.5502	2010.03.05	-
*NOD32	4918	2010.03.05	probably a variant of Win32/LockScreen.OW*
Norman	6.04.08	2010.03.05	-
nProtect	2009.1.8.0	2010.03.05	-
Panda	10.0.2.2	2010.03.04	-
PCTools	7.0.3.5	2010.03.04	-
Prevx	3.0	2010.03.05	-
Rising	22.37.04.04	2010.03.05	-
Sophos	4.51.0	2010.03.05	-
Sunbelt	5758	2010.03.05	-
Symantec	20091.2.0.41	2010.03.05	Suspicious.Insight
TheHacker	6.5.1.7.221	2010.03.05	-
TrendMicro	9.120.0.1004	2010.03.05	-
VBA32	3.12.12.2	2010.03.05	-
ViRobot	2010.3.5.2214	2010.03.05	-
VirusBuster	5.0.27.0	2010.03.05	-

----------


## Torvic99

Файл plugin-flash.swf получен 2010.03.05 15:59:01 (UTC)
                 Текущий статус:             Загрузка ...             в очереди             ожидание             проверка             закончено             НЕ НАЙДЕНО             ОСТАНОВЛЕНО         
            Результат: 20/42 (47.62%)




> Антивирус             Версия             Обновление             Результат                    
> 
> *a-squared 4.5.0.50 2010.03.05-Exploit.SWF!IK
> AhnLab-V3 5.0.0.2 2010.03.05-Win-Trojan/Swf-exploit
> AntiVir 8.2.1.180 2010.03.05-SWF/Drop.Agent.E.10*
> Antiy-AVL 2.0.3.7 2010.03.05-
> *Authentium 5.2.0.5 2010.03.05-SWF/Obfusc.A!Camelot
> Avast 4.8.1351.0 2010.03.05-SWFownloader-F
> Avast5 5.0.332.0 2010.03.05-SWFownloader-F*
> ...

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Юльча

притащили на флешке в комплекте с запускающим автораном 
 Файл USBUtil.exe получен 2010.03.10 08:47:02 (UTC)
Результат: *12/42* (28.57%)




> Антивирус 	Версия 	Обновление 	Результат
> a-squared 	4.5.0.50 	2010.03.10 	-
> AhnLab-V3 	5.0.0.2 	2010.03.09 	-
> *AntiVir 	8.2.1.180 	2010.03.09 	TR/ATRAPS.Gen2*
> Antiy-AVL 	2.0.3.7 	2010.03.10 	-
> Authentium 	5.2.0.5 	2010.03.10 	-
> Avast 	4.8.1351.0 	2010.03.09 	-
> Avast5 	5.0.332.0 	2010.03.09 	-
> AVG 	9.0.0.787 	2010.03.09 	-
> ...


http://www.virustotal.com/ru/analisi...ede-1268210822

----------


## Юльча

Файл Book_2262.exe получен 2010.03.15 13:52:01 (UTC)
Результат: *10/42 (23.81%)*





> Антивирус 	Версия 	Обновление 	Результат
> *a-squared	4.5.0.50	2010.03.15	Trojan-Downloader.Win32.Adload!IK*
> AhnLab-V3	5.0.0.2	2010.03.15	-
> *AntiVir	8.2.1.180	2010.03.15	ADSPY/AdSpy.Gen*
> Antiy-AVL	2.0.3.7	2010.03.15	-
> Authentium	5.2.0.5	2010.03.15	-
> Avast	4.8.1351.0	2010.03.15	-
> Avast5	5.0.332.0	2010.03.15	-
> AVG	9.0.0.787	2010.03.15	-
> ...


*Добавлено через 1 минуту*

http://www.virustotal.com/ru/analisi...f13-1268661121

----------


## Юльча

Файл jjj.jar получен 2010.03.16 05:58:46 (UTC)
Результат: *13/42 (30.96%)*




> Антивирус 	Версия 	Обновление 	Результат
> *a-squared	4.5.0.50	2010.03.16	Trojan-Downloader.Java.Agent.ak!A2*
> AhnLab-V3	5.0.0.2	2010.03.16	-
> AntiVir	8.2.1.180	2010.03.15	-
> Antiy-AVL	2.0.3.7	2010.03.15	-
> Authentium	5.2.0.5	2010.03.16	-
> Avast	4.8.1351.0	2010.03.15	-
> Avast5	5.0.332.0	2010.03.15	-
> AVG	9.0.0.787	2010.03.15	-
> ...


http://www.virustotal.com/ru/analisi...ae4-1268719126

*Добавлено через 2 часа 5 минут*

подозрительный файл и есть основания полагать что это вирус.. 

Файл *HUFv.exe* получен 2010.03.16 07:38:31 (UTC)
Результат: *4/42 (9.53%)*



> Антивирус 	Версия 	Обновление 	Результат
> a-squared	4.5.0.50	2010.03.16	-
> AhnLab-V3	5.0.0.2	2010.03.16	-
> AntiVir	8.2.1.180	2010.03.15	-
> Antiy-AVL	2.0.3.7	2010.03.15	-
> Authentium	5.2.0.5	2010.03.16	-
> Avast	4.8.1351.0	2010.03.15	-
> Avast5	5.0.332.0	2010.03.15	-
> AVG	9.0.0.787	2010.03.15	-
> ...


http://www.virustotal.com/ru/analisi...596-1268725111


*Добавлено позже*
 не ошиблась, уже есть ответ от ЛК 
Проверенный файл:   *HUFv.exe*  - Инфицирован
*HUFv.exe* - инфицирован Trojan.Win32.Sasfis.ajhj

----------


## ISO

Якобы я спам рассылаю, "проверили" мои диски за 5 сек))) и нашли кучу бяки, попросили скачать вот это "лекрство"
Мой KIS опять молчит как рыба об лёд((( Придётся им отослать этого зверя.
File Setup_456.exe received on 2010.03.20 15:42:41 (UTC)
Result: 18/42 (42.86%)



> Antivirus 	Version 	Last Update 	Result
> *a-squared	4.5.0.50	2010.03.20	Gen.Trojan!IK*
> AhnLab-V3	5.0.0.2	2010.03.20	-
> AntiVir	8.2.1.196	2010.03.19	-
> Antiy-AVL	2.0.3.7	2010.03.19	-
> Authentium	5.2.0.5	2010.03.19	-
> Avast	4.8.1351.0	2010.03.20	-
> Avast5	5.0.332.0	2010.03.20	-
> *AVG	9.0.0.787	2010.03.20	Generic17.ICN
> ...


Additional information
File size: 220672 bytes
MD5...: 910cc0b36286f6550354e85de4872b20
SHA1..: e77c0d80cc4fd32e101931499d27a5ee86e8f371
SHA256: 1759e8ffa6b328fb43e31a7b5b57449f30836fe30ce5caf48b  88556e7b64fc96
ssdeep: 6144:K6j4W3ynIdPnvEVpSc7fWPPhoBYINRlGGkZ/O:AQPvo46qGN/8Z
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3e47
timedatestamp.....: 0x49d2f176 (Wed Apr 01 04:45:42 2009)
machinetype.......: 0x14c (I386)

----------


## han2er

Файл activation.exe получен 2010.03.20 16:42:48 (UTC)

Результат: 14/42 (33.34%)

Антивирус	Версия	Обновление	Результат
a-squared	4.5.0.50	2010.03.20	-
AhnLab-V3	5.0.0.2	2010.03.20	-
*AntiVir	8.2.1.196	2010.03.19	TR/Spy.26624.22*
Antiy-AVL	2.0.3.7	2010.03.19	-
Authentium	5.2.0.5	2010.03.19	-
Avast	4.8.1351.0	2010.03.20	-
Avast5	5.0.332.0	2010.03.20	-
*AVG	9.0.0.787	2010.03.20	Win32/Heur*
*BitDefender	7.2	2010.03.20	Gen:Trojan.Heur.GZ.bSWbbWT!L1h*
CAT-QuickHeal	10.00	2010.03.19	-
*ClamAV	0.96.0.0-git	2010.03.20	PUA.Packed.ASPack
Comodo	4330	2010.03.20	TrojWare.Win32.Trojan.Agent.Gen*
DrWeb	5.0.1.12222	2010.03.20	-
eSafe	7.0.17.0	2010.03.18	-
eTrust-Vet	35.2.7376	2010.03.19	-
F-Prot	4.5.1.85	2010.03.19	-
*F-Secure	9.0.15370.0	2010.03.20 Gen:Trojan.Heur.GZ.bSWbbWT!L1h*
Fortinet	4.0.14.0	2010.03.20	-
*GData	19	2010.03.20	Gen:Trojan.Heur.GZ.bSWbbWT!L1h*
Ikarus	T3.1.1.80.0	2010.03.20	-
Jiangmin	13.0.900	2010.03.20	-
K7AntiVirus	7.10.1002	2010.03.19	-
Kaspersky	7.0.0.125	2010.03.20	-
McAfee	5926	2010.03.20	-
*McAfee+Artemis	5926	2010.03.20	Artemis!95E01A2631D5*
*McAfee-GW-Edition	6.8.5	2010.03.20	Heuristic.LooksLike.Win32.Suspicious.B*
Microsoft	1.5605	2010.03.20	-
NOD32	4960	2010.03.20	-
Norman	6.04.09	2010.03.20	-
nProtect	2009.1.8.0	2010.03.20	-
Panda	10.0.2.2	2010.03.20	-
*PCTools	7.0.3.5	2010.03.20	Trojan.PWS
Prevx	3.0	2010.03.20	Medium Risk Malware
Rising	22.39.05.02	2010.03.20	Dropper.Win32.Undef.GEN
Sophos	4.51.0	2010.03.20	Mal/EncPk-GC*
Sunbelt	5990	2010.03.20	-
*Symantec	20091.2.0.41	2010.03.20	Trojan.PWS.QQPass*
TheHacker	6.5.2.0.241	2010.03.20	-
TrendMicro	9.120.0.1004	2010.03.20	-
VBA32	3.12.12.2	2010.03.19	-
ViRobot	2010.3.19.2236	2010.03.20	-
VirusBuster	5.0.27.0	2010.03.20	-

Дополнительная информация
File size: 26624 bytes
MD5...: 95e01a2631d51f50527708bee9d42f75
SHA1..: 1631c8558be2879939f92acce5d432ee5be05f44
SHA256: cf332684d679e848dd97ec4d852c748a76fe0fa97739dbccd4  92c610e0b20711
ssdeep: 768:2k+zy7R41kfxf0r/k4zJcLz0QJGjJxcLoI:Gzyjf8/diz0QJB<br>

----------


## Korvelle

Фэйкалерт заблокировал машину.
Файл 54527427.exe получен 2010.03.21 06:52:39 (UTC)
Текущий статус:   закончено 
Результат: 7/42 (16.67%) 
 Форматированные 



> Печать результатов  Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.50	2010.03.21	-
> AhnLab-V3	5.0.0.2	2010.03.20	-
> AntiVir	8.2.1.196	2010.03.19	-
> Antiy-AVL	2.0.3.7	2010.03.19	-
> Authentium	5.2.0.5	2010.03.21	-
> Avast	4.8.1351.0	2010.03.20	-
> Avast5	5.0.332.0	2010.03.20	-
> AVG	9.0.0.787	2010.03.20	-
> ...


Дополнительная информация
File size: 1040384 bytes
MD5...: 0c5271f5172892de1ba2853d117f4b1e
SHA1..: c3a944a5dac592c598538ba07276f6f020829dc7
SHA256: e54b1042d66f1c45c8612b8dafb01e30f3736842d00c519366  20452744444a8b
ssdeep: 24576:jIHXDIY8lUqtEo1PuWQKX1/DH59azCbpB5zq0dki99s+:E3kYjd8XJbpBh

----------


## Юльча

Файл 111 получен 2010.03.24 08:55:35 (UTC)
Результат: 10/42 (23.81%)





> Антивирус 	Версия 	Обновление 	Результат
> *a-squared	4.5.0.50	2010.03.24	Virus.Win32.Injector!IK*
> AhnLab-V3	5.0.0.2	2010.03.24	-
> AntiVir	8.2.1.196	2010.03.23	-
> Antiy-AVL	2.0.3.7	2010.03.24	-
> Authentium	5.2.0.5	2010.03.24	-
> Avast	4.8.1351.0	2010.03.23	-
> Avast5	5.0.332.0	2010.03.23	-
> AVG	9.0.0.787	2010.03.23	-
> ...

----------


## ISO

File uKvbEPtAuuFLQaG.dll received on 2010.03.26 15:13:05 (UTC)
Result: 13/42 (30.96%)



> Antivirus 	Version 	Last Update 	Result
> *a-squared	4.5.0.50	2010.03.26	Trojan-Ransom.Win32.Hexzone!IK*
> AhnLab-V3	5.0.0.2	2010.03.26	-
> *AntiVir	7.10.5.230	2010.03.26	TR/Ransom.20480*
> Antiy-AVL	2.0.3.7	2010.03.26	-
> Authentium	5.2.0.5	2010.03.26	-
> Avast	4.8.1351.0	2010.03.25	-
> Avast5	5.0.332.0	2010.03.25	-
> *AVG	9.0.0.787	2010.03.26	Ransom.B*
> ...


Additional information
File size: 19968 bytes
MD5...: 7c655f4cef28390e156b6d9d89d74be4
SHA1..: 2af1eb6ec10b0b9b5a2ae52c5aa88dbca65377a7
SHA256: 6d3b703510bea7b56a0ac5bec94f7f3b4918ce8123b3512989  e3ace5a3ce7d87
ssdeep: 384:c5m3QCvlOJKxVw/VES840AxYi1PgBBrx6yJXty6J:c51MlOnx81wSpJXtLJ
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4f87
timedatestamp.....: 0x4baa4cfb (Wed Mar 24 17:33:47 2010)
machinetype.......: 0x14c (I386)

 File termsrv.dll received on 2010.03.26 15:12:50 (UTC)
Result: 2/42 (4.77%)



> Antivirus 	Version 	Last Update 	Result
> a-squared	4.5.0.50	2010.03.26	-
> AhnLab-V3	5.0.0.2	2010.03.26	-
> AntiVir	7.10.5.230	2010.03.26	-
> Antiy-AVL	2.0.3.7	2010.03.26	-
> Authentium	5.2.0.5	2010.03.26	-
> Avast	4.8.1351.0	2010.03.25	-
> Avast5	5.0.332.0	2010.03.25	-
> AVG	9.0.0.787	2010.03.26	-
> ...


Additional information
File size: 215552 bytes
MD5...: a77219a971029dc2fb683e8513713803
SHA1..: 1c456520a7b7faf71900c71167038185f5a7d312
SHA256: 1eba9a909641e64e935090956b03182335d298cad78052cef3  b3f75691eb3f50
ssdeep: 3072 :Stick Out Tongue: tNuBp/YIDqobOlqVLBBjAg79G1T65ZF8p5LGvPEDRRQLUMPZU2GdH8CN  9u
iecd :Stick Out Tongue: tNuBSID4AVdVAWF8p5L2ECPZzCN1
PEiD..: -
PEInfo: PE Structure information

----------


## Юльча

Файл ff.exe получен 2010.03.26 16:13:06 (UTC)
Результат: 5/42 (11.91%)




> Антивирус 	Версия 	Обновление 	Результат
> a-squared	4.5.0.50	2010.03.26	-
> AhnLab-V3	5.0.0.2	2010.03.26	-
> AntiVir	7.10.5.230	2010.03.26	-
> Antiy-AVL	2.0.3.7	2010.03.26	-
> Authentium	5.2.0.5	2010.03.26	-
> Avast	4.8.1351.0	2010.03.25	-
> Avast5	5.0.332.0	2010.03.25	-
> *AVG	9.0.0.787	2010.03.26	unknown virus Win32/DH.CAFF82025D*
> ...


http://www.virustotal.com/ru/analisi...e49-1269619986

----------


## Vadim_SVN

Файл avz00001.dta получен 2010.04.01 11:07:30 (UTC)
Результат: *16/42* (38.1%)


```
a-squared 4.5.0.50 2010.04.01 Trojan.Win32.SuspectCRC!IK
AhnLab-V3 5.0.0.2 2010.03.31 -
AntiVir 7.10.6.13 2010.04.01 -
Antiy-AVL 2.0.3.7 2010.04.01 -
Authentium 5.2.0.5 2010.04.01 -
Avast 4.8.1351.0 2010.03.31 Win32:Rootkit-gen
Avast5 5.0.332.0 2010.03.31 Win32:Rootkit-gen
AVG 9.0.0.787 2010.04.01 SHeur3.LWD
BitDefender 7.2 2010.04.01 -
CAT-QuickHeal 10.00 2010.04.01 (Suspicious) - DNAScan
ClamAV 0.96.0.0-git 2010.04.01 -
Comodo 4461 2010.04.01 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.04.01 Trojan.Packed.19855
eSafe 7.0.17.0 2010.03.31 -
eTrust-Vet 35.2.7401 2010.04.01 -
F-Prot 4.5.1.85 2010.04.01 -
F-Secure 9.0.15370.0 2010.04.01 -
Fortinet 4.0.14.0 2010.04.01 PossibleThreat
GData 19 2010.04.01 Win32:Rootkit-gen
Ikarus T3.1.1.80.0 2010.04.01 Trojan.Win32.SuspectCRC
Jiangmin 13.0.900 2010.04.01 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.04.01 -
McAfee 5937 2010.03.31 -
McAfee+Artemis 5937 2010.03.31 -
McAfee-GW-Edition 6.8.5 2010.04.01 -
Microsoft 1.5605 2010.03.31 -
NOD32 4991 2010.04.01 Win32/Spy.Shiz.NAI
Norman 6.04.10 2010.03.31 -
nProtect 2009.1.8.0 2010.04.01 -
Panda 10.0.2.2 2010.04.01 Suspicious file
PCTools 7.0.3.5 2010.04.01 -
Prevx 3.0 2010.04.01 -
Rising 22.41.03.04 2010.04.01 Trojan.Win32.Generic.51FCAE35
Sophos 4.52.0 2010.04.01 -
Sunbelt 6124 2010.04.01 Trojan.Win32.Generic!SB.0
Symantec 20091.2.0.41 2010.04.01 Suspicious.Insight
TheHacker 6.5.2.0.248 2010.03.31 -
TrendMicro 9.120.0.1004 2010.04.01 -
VBA32 3.12.12.4 2010.04.01 Win32.Spy.Shiz.NAI
ViRobot 2010.4.1.2256 2010.04.01 -
VirusBuster 5.0.27.0 2010.04.01 -
```

http://www.virustotal.com/ru/analisi...858-1270120050

----------


## DefesT

File *patch.exe* received on 2010.04.01 16:46:36 (UTC)
Result: *10*/42 (23.81%)



> Antivirus 	Version 	Last Update 	Result
> a-squared	4.5.0.50	2010.04.01	-
> AhnLab-V3	5.0.0.2	2010.04.01	-
> *AntiVir	7.10.6.16	2010.04.01	TR/Rootkit.Gen*
> Antiy-AVL	2.0.3.7	2010.04.01	-
> Authentium	5.2.0.5	2010.04.01	-
> Avast	4.8.1351.0	2010.04.01	-
> Avast5	5.0.332.0	2010.04.01	-
> AVG	9.0.0.787	2010.04.01	-
> ...


Additional information
File size: *16896* bytes
MD5...: 174a637539cf5d031e007f69a8f04e61
SHA1..: f7bb6b1611a92362d2e76e19ef125e8cd5a0e486
SHA256: 95ee666f96c3929e9e430308f1d5d3210bab387efe12c1ff16  de8c536fb26b8a
http://www.virustotal.com/analisis/9...b8a-1270140396

File *_install.exe* received on 2010.04.01 16:48:00 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: *32*/42 (76.2%)



> Antivirus 	Version 	Last Update 	Result
> *a-squared	4.5.0.50	2010.04.01	Trojan-Downloader.Win32.PassAlert.r!IK*
> AhnLab-V3	5.0.0.2	2010.04.01	-
> *AntiVir	7.10.6.16	2010.04.01	HEUR/Crypted*
> *Antiy-AVL	2.0.3.7	2010.04.01	Trojan/Win32.heuristic
> Authentium	5.2.0.5	2010.04.01	W32/Heuristic-210!Eldorado
> Avast	4.8.1351.0	2010.04.01	Win32:Malware-gen
> Avast5	5.0.332.0	2010.04.01	Win32:Malware-gen*
> *AVG	9.0.0.787	2010.04.01	Generic15.CEYF
> ...


Additional information
File size: *2290* bytes
MD5...: 7c957776e1f1f18d80240f9c366fa7bb
SHA1..: f156ca0d2507fef7e080860ea38ecede574b6f52
SHA256: d3fd1d0b92787898d34836ec22bea675ddefb1ce5c6725576c  fc5df6d31a0ad3
http://www.virustotal.com/analisis/d...ad3-1270140480

----------


## AlexGOMEL

Файл netrazis.exe получен 2010.04.01 16:40:38 (UTC)
Текущий статус: закончено 
Результат: 9/42 (21.43%)
Антивирус	Версия	Обновление	Результат
a-squared	4.5.0.50	2010.04.01	-
AhnLab-V3	5.0.0.2	2010.04.01	-
AntiVir	7.10.6.16	2010.04.01	-
Antiy-AVL	2.0.3.7	2010.04.01	-
Authentium	5.2.0.5	2010.04.01	-
*Avast	4.8.1351.0	2010.04.01	Win32:MalOb-AI
Avast5	5.0.332.0	2010.04.01	Win32:MalOb-AI*
AVG	9.0.0.787	2010.04.01	-
BitDefender	7.2	2010.04.01	-
CAT-QuickHeal	10.00	2010.04.01	-
ClamAV	0.96.0.0-git	2010.04.01	-
Comodo	4461	2010.04.01	-
DrWeb	5.0.2.03300	2010.04.01	-
eSafe	7.0.17.0	2010.04.01	-
eTrust-Vet	35.2.7401	2010.04.01	-
F-Prot	4.5.1.85	2010.04.01	-
F-Secure	9.0.15370.0	2010.04.01	-
Fortinet	4.0.14.0	2010.04.01	-
GData	19	2010.04.01	Win32:MalOb-AI 
Ikarus	T3.1.1.80.0	2010.04.01	-
Jiangmin	13.0.900	2010.04.01	-
K7AntiVirus	7.10.1004	2010.03.22	-
Kaspersky	7.0.0.125	2010.04.01	-
*McAfee	5937	2010.03.31	W32/Palevo.gen.a
McAfee+Artemis	5937	2010.03.31	W32/Palevo.gen.a*
McAfee-GW-Edition	6.8.5	2010.04.01	-
Microsoft	1.5605	2010.03.31	-
*NOD32	4993	2010.04.01	a variant of Win32/Peerfrag.GR*
Norman	6.04.10	2010.04.01	-
nProtect	2009.1.8.0	2010.04.01	-
Panda	10.0.2.2	2010.04.01	-
PCTools	7.0.3.5	2010.04.01	-
*Prevx	3.0	2010.04.01	High Risk Cloaked Malware*
Rising	22.41.03.04	2010.04.01	-
Sophos	4.52.0	2010.04.01	-
Sunbelt	6124	2010.04.01	-
*Symantec	20091.2.0.41	2010.04.01	Suspicious.Insight*
TheHacker	6.5.2.0.249	2010.04.01	-
*TrendMicro	9.120.0.1004	2010.04.01	TROJ_BREDLAB.SMD*
VBA32	3.12.12.4	2010.04.01	-
ViRobot	2010.4.1.2256	2010.04.01	-
VirusBuster	5.0.27.0	2010.04.01	-

Дополнительная информация
File size: 108032 bytes
MD5   : dded5ca3e5d2899aeed5c54371866f38
SHA1  : dacc50134ea7a8e223c7d13c4304c10e6f4fb166
SHA256: 5a8847eb917eb16a00dbcd853048d1615a922a4284c209ec53  222859e88588ea

----------


## Shu_b

Народное тестирование. Что прислали - посчитали. Февраль - Март: 
(ну и вчерашние тоже прихватил)

----------


## senyak

Во какая гадость ломится в Скайп уже второй день

Файл Mario_Kolaricjpg.zip получен 2010.04.05 14:07:41 (UTC)
Текущий статус: закончено
Результат: 6/39 (15.38%)



> Антивирус 	Версия 	Обновление 	Результат
> a-squared 	4.5.0.50 	2010.04.05 	-
> AhnLab-V3 	5.0.0.2 	2010.04.05 	-
> *AntiVir 	7.10.6.24 	2010.04.03 	TR/Dropper.Gen*
> Antiy-AVL 	2.0.3.7 	2010.04.02 	-
> Authentium 	5.2.0.5 	2010.04.05 	-
> Avast 	4.8.1351.0 	2010.04.05 	-
> Avast5 	5.0.332.0 	2010.04.05 	-
> AVG 	9.0.0.787 	2010.04.05 	-
> ...


Дополнительная информация
File size: 40395 bytes
MD5   : af7d11e9bdab6e39b3b8530b7711de06
SHA1  : 7b1000a284ae08a7c810ec2a58930698b09428cb
SHA256: 1c1b7e719c01c36552a945c54c28dfd7532eece7e1c4151217  726dfa8fc256c3
TrID  : File type identification
ZIP compressed archive (100.0%)

http://www.virustotal.com/ru/analisi...6c3-1270476461

----------


## Юльча

Файл install_flash_player.exe получен 2010.04.06 05:18:42 (UTC)
Результат: 10/39 (25.65%)





> Антивирус 	Версия 	Обновление 	Результат
> *a-squared	4.5.0.50	2010.04.06	Trojan-Dropper.Win32.Sirefef!IK*
> AhnLab-V3	5.0.0.2	2010.04.05	-
> *AntiVir	7.10.6.25	2010.04.05	TR/Crypt.ZPACK.Gen*
> Antiy-AVL	2.0.3.7	2010.04.02	-
> Authentium	5.2.0.5	2010.04.06	-
> Avast	4.8.1351.0	2010.04.05	-
> Avast5	5.0.332.0	2010.04.05	-
> AVG	9.0.0.787	2010.04.05	-
> ...


http://www.virustotal.com/ru/analisi...ca1-1270531122

----------


## AlexGOMEL

> Файл avz00007.dta получен 2010.04.08 18:10:49 (UTC)Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.50	2010.04.08	-
> AhnLab-V3	5.0.0.2	2010.04.08	-
> AntiVir	7.10.6.49	2010.04.08	-
> Antiy-AVL	2.0.3.7	2010.04.08	-
> Authentium	5.2.0.5	2010.04.08	-
> Avast	4.8.1351.0	2010.04.08	-
> Avast5	5.0.332.0	2010.04.08	-
> AVG	9.0.0.787	2010.04.08	-
> ...


Два подозрения, но....

----------


## gjf

File TDSS.new.exe received on 2010.04.09 10:14:58 (UTC)
Result: 7/39 (17.95%)



> a-squared	4.5.0.50	2010.04.09	-
> AhnLab-V3	5.0.0.2	2010.04.09	-
> AntiVir	7.10.6.52	2010.04.09	-
> Antiy-AVL	2.0.3.7	2010.04.09	-
> Authentium	5.2.0.5	2010.04.09	-
> Avast	4.8.1351.0	2010.04.09	-
> Avast5	5.0.332.0	2010.04.09	-
> *AVG	9.0.0.787	2010.04.09	Win32/Heur*
> BitDefender	7.2	2010.04.09	-
> ...


http://www.virustotal.com/analisis/7...a68-1270808098

P.S. И это очень печально.

*Добавлено через 24 минуты*

File 3.safe received on 2010.04.09 10:40:56 (UTC)
Result: 7/39 (17.95%)



> *a-squared	4.5.0.50	2010.04.09	Trojan.Win32.Hiloti!IK*
> AhnLab-V3	5.0.0.2	2010.04.09	-
> AntiVir	7.10.6.52	2010.04.09	-
> Antiy-AVL	2.0.3.7	2010.04.09	-
> Authentium	5.2.0.5	2010.04.09	-
> Avast	4.8.1351.0	2010.04.09	-
> Avast5	5.0.332.0	2010.04.09	-
> AVG	9.0.0.787	2010.04.09	-
> BitDefender	7.2	2010.04.09	-
> ...


http://www.virustotal.com/analisis/a...a51-1270809656

Интересно, что даёт анпак того же файла:

File dump.safe received on 2010.04.09 10:44:08 (UTC)
Result: 11/39 (28.21%)



> *a-squared	4.5.0.50	2010.04.09	Trojan-Downloader.Win32.Mufanom!IK*
> AhnLab-V3	5.0.0.2	2010.04.09	-
> AntiVir	7.10.6.52	2010.04.09	-
> Antiy-AVL	2.0.3.7	2010.04.09	-
> *Authentium	5.2.0.5	2010.04.09	W32/Mufanom.A.gen!Eldorado*
> Avast	4.8.1351.0	2010.04.09	-
> Avast5	5.0.332.0	2010.04.09	-
> *AVG	9.0.0.787	2010.04.09	Generic17.GST*
> BitDefender	7.2	2010.04.09	-
> ...


*Добавлено через 1 час 36 минут*

Как только не называют Black Energy 2.1+! А некоторые - вообще никак не называют  :Smiley: 
File rootkit.ex1 received on 2010.04.09 12:19:39 (UTC)
Result: 26/39 (66.67%)



> *a-squared	4.5.0.50	2010.04.09	Trojan.SuspectCRC!IK*
> AhnLab-V3	5.0.0.2	2010.04.09	-
> *AntiVir	7.10.6.53	2010.04.09	TR/Obfuscated.GQ.10*
> *Antiy-AVL	2.0.3.7	2010.04.09	Trojan/Win32.Agent.gen*
> Authentium	5.2.0.5	2010.04.09	-
> *Avast	4.8.1351.0	2010.04.09	Win32bot-LYA*
> *Avast5	5.0.332.0	2010.04.09	Win32bot-LYA*
> *AVG	9.0.0.787	2010.04.09	Generic16.BYLT
> BitDefender	7.2	2010.04.09	Trojan.Generic.3256916
> ...


http://www.virustotal.com/analisis/5...4a0-1270815579

----------


## Surfer

File vk-__o______a.exe received on 2010.04.13 10:42:41 (UTC)
Result: 10/40 (25%)




> a-squared	4.5.0.50	2010.04.13	-
> AhnLab-V3	5.0.0.2	2010.04.12	-
> AntiVir	7.10.6.65	2010.04.13	-
> Antiy-AVL	2.0.3.7	2010.04.13	-
> Authentium	5.2.0.5	2010.04.12	-
> Avast	4.8.1351.0	2010.04.13	-
> Avast5	5.0.332.0	2010.04.13	-
> AVG	9.0.0.787	2010.04.13	-
> BitDefender	7.2	2010.04.13	-
> ...


http://www.virustotal.com/analisis/7...3e1-1271155361

----------


## zalman

Файл autorun.in получен 2010.04.14 03:54:13 (UTC)



> a-squared	4.5.0.50	2010.04.14	-
> AhnLab-V3	5.0.0.2	2010.04.13	-
> AntiVir	7.10.6.69	2010.04.13	TR/AutorunINF.633
> Antiy-AVL	2.0.3.7	2010.04.13	-
> Authentium	5.2.0.5	2010.04.14	-
> Avast	4.8.1351.0	2010.04.13	-
> Avast5	5.0.332.0	2010.04.13	-
> AVG	9.0.0.787	2010.04.14	-
> BitDefender	7.2	2010.04.14	Trojan.AutorunINF.Gen
> ...


http://www.virustotal.com/ru/analisi...cef-1271217253

*Добавлено через 5 минут*

айл autorun.i получен 2010.04.14 04:04:34 (UTC)
Результат: 12/40 (30%)




> a-squared	4.5.0.50	2010.04.14	-
> AhnLab-V3	5.0.0.2	2010.04.13	-
> AntiVir	7.10.6.69	2010.04.13	-
> Antiy-AVL	2.0.3.7	2010.04.13	-
> Authentium	5.2.0.5	2010.04.14	-
> Avast	4.8.1351.0	2010.04.13	BV:AutoRun-AK
> Avast5	5.0.332.0	2010.04.13	BV:AutoRun-AK
> AVG	9.0.0.787	2010.04.14	-
> BitDefender	7.2	2010.04.14	Trojan.AutorunINF.Gen
> ...


http://www.virustotal.com/ru/analisi...c6d-1271217874

----------


## Vadim_SVN

C:\Program Files\expdebug.exe висел дебагером к explorer.exe
В прикрытии шел подмененный userinit.exe на VT
Файл avz00001.dta получен 2010.04.16 12:29:57 (UTC)
Результат: *9/40* (22.5%)



```
Антивирус 	Версия 	Обновление 	Результат
a-squared 4.5.0.50 2010.04.16 Virus.Win32.Small!IK
AhnLab-V3	5.0.0.2 2010.04.16 -
AntiVir 7.10.6.113 2010.04.16 -
Antiy-AVL 2.0.3.7 2010.04.16 -
Authentium 5.2.0.5 2010.04.16 -
Avast 4.8.1351.0 2010.04.16 -
Avast5 5.0.332.0 2010.04.16 -
AVG 9.0.0.787 2010.04.16 -
BitDefender 7.2 2010.04.16 -
CAT-QuickHeal 10.00 2010.04.16 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.04.16 PUA.Packed.ASPack
Comodo 4614 2010.04.16 Heur.Packed.Unknown
DrWeb 5.0.2.03300 2010.04.16 -
eSafe 7.0.17.0 2010.04.15 -
eTrust-Vet 35.2.7429 2010.04.16 -
F-Prot 4.5.1.85 2010.04.16 -
F-Secure 9.0.15370.0 2010.04.16 Suspicious:W32/Malware!Gemini
Fortinet 4.0.14.0 2010.04.16 -
GData 19 2010.04.16 -
Ikarus T3.1.1.80.0 2010.04.16 Virus.Win32.Small
Jiangmin 13.0.900 2010.04.16 -
Kaspersky 7.0.0.125 2010.04.16 -
McAfee 5.400.0.1158 2010.04.16 -
McAfee-GW-Edition 6.8.5 2010.04.16 Heuristic.LooksLike.Win32.Suspicious.H
Microsoft 1.5605 2010.04.16 -
NOD32 5033 2010.04.16 -
Norman 6.04.11 2010.04.16 -
nProtect 2010-04-16.01 2010.04.16 -
Panda 10.0.2.7 2010.04.15 Suspicious file
PCTools 7.0.3.5 2010.04.16 -
Prevx 3.0 2010.04.16 High Risk Spyware
Rising 22.43.04.04 2010.04.16 -
Sophos 4.52.0 2010.04.16 -
Sunbelt 6183 2010.04.16 -
Symantec 20091.2.0.41 2010.04.16 -
TheHacker 6.5.2.0.262 2010.04.15 -
TrendMicro 9.120.0.1004 2010.04.15 -
VBA32 3.12.12.4 2010.04.15 -
ViRobot 2010.4.16.2280 2010.04.16 -
VirusBuster 5.0.27.0 2010.04.16 -
```

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Korvelle

Приходит по icq.

 File foto.jar received on 2010.04.17 13:35:26 (UTC)
Current status: Finished
Result: 5/40 (12.5%)



> Antivirus 	Version 	Last Update 	Result
> a-squared	4.5.0.50	2010.04.17	-
> AhnLab-V3	5.0.0.2	2010.04.16	-
> *AntiVir	7.10.6.115	2010.04.16	JAVA/Konov.O*
> Antiy-AVL	2.0.3.7	2010.04.16	-
> Authentium	5.2.0.5	2010.04.16	-
> Avast	4.8.1351.0	2010.04.17	-
> Avast5	5.0.332.0	2010.04.17	-
> AVG	9.0.0.787	2010.04.17	-
> ...

----------


## Юльча

Файл zbot.exe получен 2010.04.20 15:21:02 (UTC)
Результат: 8/41 (19.52%)





> Антивирус 	Версия 	Обновление 	Результат
> *a-squared	4.5.0.50	2010.04.20	PWS.Win32!IK*
> AhnLab-V3	5.0.0.2	2010.04.20	-
> *AntiVir	7.10.6.144	2010.04.20	TR/PSW.Zbot.75776.R*
> Antiy-AVL	2.0.3.7	2010.04.19	-
> Authentium	5.2.0.5	2010.04.20	-
> Avast	4.8.1351.0	2010.04.20	-
> Avast5	5.0.332.0	2010.04.20	-
> AVG	9.0.0.787	2010.04.20	-
> ...


http://www.virustotal.com/ru/analisi...fa0-1271776862

----------


## gjf

Нет повести печальнее на свете, чем повесть ТДЛа на планете....

File keygen.ex1 received on 2010.04.20 16:02:52 (UTC)
Result: 5/41 (12.2%)



> a-squared	4.5.0.50	2010.04.20	-
> AhnLab-V3	5.0.0.2	2010.04.20	-
> AntiVir	7.10.6.144	2010.04.20	-
> Antiy-AVL	2.0.3.7	2010.04.19	-
> Authentium	5.2.0.5	2010.04.20	-
> Avast	4.8.1351.0	2010.04.20	-
> Avast5	5.0.332.0	2010.04.20	-
> AVG	9.0.0.787	2010.04.20	-
> BitDefender	7.2	2010.04.20	-
> ...


http://www.virustotal.com/analisis/0...eb9-1271779372

----------


## Nexus

На одном из местных форумов раскидывали под видом безобидных программ.

File Tero.rar received on 2010.04.21 06:54:48 (UTC)



> a-squared	4.5.0.50	2010.04.21	-
> AhnLab-V3	5.0.0.2	2010.04.21	-
> *AntiVir	7.10.6.145	2010.04.20	TR/Agent.568320*
> Antiy-AVL	2.0.3.7	2010.04.21	-
> Authentium	5.2.0.5	2010.04.21	-
> Avast	4.8.1351.0	2010.04.20	-
> Avast5	5.0.332.0	2010.04.20	-
> AVG	9.0.0.787	2010.04.21	-
> BitDefender	7.2	2010.04.21	-
> ...


Additional information
File size: 215788 bytes
MD5...: c9e9104f6f3b7c727b2dd6b3167bab85

http://www.virustotal.com/analisis/6...f55-1271832888

File Setup.exe received on 2010.04.21 07:06:03 (UTC)



> a-squared	4.5.0.50	2010.04.21	-
> AhnLab-V3	5.0.0.2	2010.04.21	-
> *AntiVir	7.10.6.145	2010.04.20	TR/Agent.568320*
> Antiy-AVL	2.0.3.7	2010.04.21	-
> Authentium	5.2.0.5	2010.04.21	-
> Avast	4.8.1351.0	2010.04.20	-
> Avast5	5.0.332.0	2010.04.20	-
> AVG	9.0.0.787	2010.04.21	-
> BitDefender	7.2	2010.04.21	-
> ...


Additional information
File size: 568320 bytes
MD5...: b1215d5f68767171e467de018e3c5a18

http://www.virustotal.com/analisis/a...d6b-1271833563

----------


## Erekle

Файл F0CD0B3E00F90FD9F070022BB07F4400C0E4A1EC.exe  получен 2010.04.21 01:31:08 (UTC)
Результат: 6/40 (15.00%)



> a-squared 	4.5.0.50 	2010.04.21 	-
> AhnLab-V3 	5.0.0.2 	2010.04.20 	-
> AntiVir 	7.10.6.145 	2010.04.20 	-
> Antiy-AVL 	2.0.3.7 	2010.04.19 	-
> *Authentium 	5.2.0.5 	2010.04.20 	W32/Zegost.A.gen!Eldorado*
> Avast 	4.8.1351.0 	2010.04.20 	-
> Avast5 	5.0.332.0 	2010.04.20 	-
> AVG 	9.0.0.787 	2010.04.21 	-
> BitDefender 	7.2 	2010.04.21 	-
> ...


Дополнительная информация
File size: 192512 bytes
MD5   : 7184aa1a4c5bcb70ed7b9f03c4022643
SHA1  : 726613609b33f52fddd8c7c7cb54bc753d7947d0
SHA256: 678815d2253ff0a508146ed72684dce6645f860f4d323b8652  a08f327774ebb8
http://www.virustotal.com/ru/analisi...bb8-1271813468

Файл anitsvstart.vll получен 2010.04.20 11:03:07 (UTC)
Результат: 15/40 (37.50%)



> *a-squared 	4.5.0.50 	2010.04.20 	Win32.SuspectCrc!IK*
> AhnLab-V3 	5.0.0.2 	2010.04.20 	-
> *AntiVir 	7.10.6.142 	2010.04.20 	HEUR/Malware*
> Antiy-AVL 	2.0.3.7 	2010.04.19 	-
> Authentium 	5.2.0.5 	2010.04.20 	-
> Avast 	4.8.1351.0 	2010.04.19 	-
> Avast5 	5.0.332.0 	2010.04.19 	-
> AVG 	9.0.0.787 	2010.04.20 	-
> *BitDefender 	7.2 	2010.04.20 	DeepScan:Generic.Peed.A4838A1A*
> ...


Дополнительная информация
File size: 151576 bytes
MD5   : 077cfb5a729108364ac4e25d2741f603
SHA1  : 2b852569c73060f6ba1bbd45d4a7eb83e828e033
SHA256: 183c7469d2f6b0da959c16772ebc3c94b992e330adc67f4e91  8e7fa75e9beb46
http://www.virustotal.com/ru/analisi...b46-1271761387

Файл tcpz-x86d.sys- получен 2010.04.10 10:24:10 (UTC)
Результат: 17/39 (43.59%)



> *a-squared 	4.5.0.50 	2010.04.10 	Trojan-Dropper.Agent!IK*
> AhnLab-V3 	5.0.0.2 	2010.04.10 	-
> AntiVir 	7.10.6.55 	2010.04.09 	-
> *Antiy-AVL 	2.0.3.7 	2010.04.09 	Backdoor/Win32.Agent.gen*
> Authentium 	5.2.0.5 	2010.04.09 	-
> Avast 	4.8.1351.0 	2010.04.09 	-
> *Avast5 	5.0.332.0 	2010.04.09 	Win32:Tcpz-C
> AVG 	9.0.0.787 	2010.04.10 	BackDoor.Agent.ADTM*
> BitDefender 	7.2 	2010.04.10 	-
> ...


Дополнительная информация
File size: 12136 bytes
MD5   : 1d1e2ac3195b7d199337557ca9ab84cf
SHA1  : 1ac8d3db5647b3bcba39c3b48a647207d4651be7
SHA256: 04b2e94cb8b232b6ecd37604c234d812a086f2aa94f12578f2  55eacaa1d4fb8d
http://www.virustotal.com/ru/analisi...b8d-1270895050

Файл A16.exe получен 2010.04.21 13:38:54 (UTC)
Результат: 7/42 (16.67%)



> *a-squared	4.5.0.50	2010.04.21	Backdoor.Win32.SdBot!IK*
> AhnLab-V3	5.0.0.2	2010.04.21	-
> AntiVir	7.10.6.149	2010.04.21	-
> *Antiy-AVL	2.0.3.7	2010.04.21	Trojan/Win32.Agent.gen
> Authentium	5.2.0.5	2010.04.21	W32/Damaged_File.gen!Eldorado*
> Avast	4.8.1351.0	2010.04.21	-
> Avast5	5.0.332.0	2010.04.21	-
> *AVG	9.0.0.787	2010.04.21	SHeur3.SHH*
> BitDefender	7.2	2010.04.21	-
> ...


Дополнительная информация
File size: 90112 bytes
MD5...: 51d17c04411919860110dab16996f96a
SHA1..: 1e820785f7736841c8130f8574382be93e5a09d3
SHA256: 68079ce67e9cc5e0442d43c0be0cb2781eb75a71c3afbded9a  e16b6d361d7a22
http://www.virustotal.com/ru/analisi...a22-1271857134

Файл bbdydmz.vll получен 2010.04.20 12:12:54 (UTC)
Результат: 12/40 (30.00%)



> *a-squared 	4.5.0.50 	2010.04.20 	Backdoor.Win32.PcClient!IK*
> AhnLab-V3 	5.0.0.2 	2010.04.20 	-
> AntiVir 	7.10.6.142 	2010.04.20 	-
> Antiy-AVL 	2.0.3.7 	2010.04.19 	-
> Authentium 	5.2.0.5 	2010.04.20 	-
> *Avast 	4.8.1351.0 	2010.04.20 	Win32:Agent-EPC
> Avast5 	5.0.332.0 	2010.04.20 	Win32:Agent-EPC*
> AVG 	9.0.0.787 	2010.04.20 	-
> BitDefender 	7.2 	2010.04.20 	-
> ...


Дополнительная информация
File size: 103936 bytes
MD5   : 31a0613ef9e8a63bdd3d5d4528e6142c
SHA1  : 0299d263c94b7c3db8d0bd71833f965280b4b976
SHA256: c132415d1f6aeabd34763225efa746e2eddc87b863e1e53166  91be734f1dbca9
http://www.virustotal.com/ru/analisi...ca9-1271765574

Файл 700531.exe1 получен 2010.04.21 13:22:57 (UTC)
Результат: 20/40 (50.00%)



> *a-squared 	4.5.0.50 	2010.04.21 	Win32.SuspectCrc!IK*
> AhnLab-V3 	5.0.0.2 	2010.04.21 	-
> AntiVir 	7.10.6.149 	2010.04.21 	-
> *Antiy-AVL 	2.0.3.7 	2010.04.21 	Trojan/Win32.heuristic*
> Authentium 	5.2.0.5 	2010.04.21 	-
> Avast 	4.8.1351.0 	2010.04.21 	-
> Avast5 	5.0.332.0 	2010.04.21 	-
> *AVG 	9.0.0.787 	2010.04.21 	Win32/CryptExe
> BitDefender 	7.2 	2010.04.21 	DeepScan:Generic.Rincux2.1D125CC4
> ...


Дополнительная информация
File size: 292428 bytes
MD5   : 657dd12404df9afb9f520a22f831c2ae
SHA1  : e8f9273c4a941c8a8ddff4fa50551476944ec528
SHA256: 5c83f88730d4e6320be3d31d5f6dc339edd93d7e227551ff52  45a025491105f9
http://www.virustotal.com/ru/analisi...5f9-1271856177

Файл 5E68ED8600F01A5A2CF00089A30BB40055799196.exe  получен 2010.04.19 17:06:50 (UTC)
Результат: 1/40 (2.50%)



> a-squared 	4.5.0.50 	2010.04.19 	-
> AhnLab-V3 	5.0.0.2 	2010.04.19 	-
> AntiVir 	7.10.6.121 	2010.04.19 	-
> Antiy-AVL 	2.0.3.7 	2010.04.19 	-
> Authentium 	5.2.0.5 	2010.04.16 	-
> Avast 	4.8.1351.0 	2010.04.19 	-
> Avast5 	5.0.332.0 	2010.04.19 	-
> AVG 	9.0.0.787 	2010.04.19 	-
> BitDefender 	7.2 	2010.04.19 	-
> ...


Дополнительная информация
File size: 11264 bytes
MD5   : b0bafb22df88aee92941859d2f29a5d0
SHA1  : f508d9c94245ee791257036d52a57beebdfc9c0a
SHA256: 1dfb18b73ce42af605c1ea3aa44f4b5138bf382c6be9d6a060  a52d94e25d213d
http://www.virustotal.com/ru/analisi...13d-1271696810

----------


## amcenter

File CSLook.exe received on 2010.04.22 01:59:46 (UTC)
Result: *16/41* (39.03%)




> *a-squared	4.5.0.50	2010.04.22	Win32.Neshta!IK*
> AhnLab-V3	5.0.0.2	2010.04.22	-
> *AntiVir	7.10.6.169	2010.04.21	W32/Neshta.a*
> Antiy-AVL	2.0.3.7	2010.04.21	-
> Authentium	5.2.0.5	2010.04.22	-
> *Avast	4.8.1351.0	2010.04.21	Win32:Neshta*
> *Avast5	5.0.332.0	2010.04.21	Win32:Neshta*
> *AVG	9.0.0.787	2010.04.21	Win32/Neshta.A*
> BitDefender	7.2	2010.04.22	-
> ...


Additional information
File size: 4021248 bytes
MD5...: b0642d29c9ceac81c40fb5a2b21e9f03
SHA1..: 4b258daca65ebcf72980633871cc9030f2e5df7c
SHA256: 609814655edda2938c96c45d3504cfa33cce0b043bd251fd9b  b912d229ab3f02
ssdeep: 98304 :borred: yt5pBpppppppxqppqxqpqCppppppppppxpFpppppppBpCpp6qq  :E
PEiD..: -
http://www.virustotal.com/analisis/6...f02-1271901586

----------


## SyperVirus

MD5: 341c13c8f52bca5a6ffc1338b7ed851d

Антивирус Версия Обновление Результат 
a-squared 4.5.0.43 2009.12.25 - 
AhnLab-V3 5.0.0.2 2009.12.24 - 
AntiVir 7.9.1.122 2009.12.24 - 
Antiy-AVL 2.0.3.7 2009.12.25 - 
Authentium 5.2.0.5 2009.12.25 - 
Avast 4.8.1351.0 2009.12.25 - 
AVG 8.5.0.430 2009.12.25 - 
BitDefender 7.2 2009.12.25 - 
CAT-QuickHeal 10.00 2009.12.24 - 
ClamAV 0.94.1 2009.12.25 - 
Comodo 3363 2009.12.25 - 
DrWeb 5.0.1.12222 2009.12.25 - 
eSafe 7.0.17.0 2009.12.24 - 
eTrust-Vet 35.1.7197 2009.12.25 - 
F-Prot 4.5.1.85 2009.12.25 - 
F-Secure 9.0.15370.0 2009.12.25 - 
Fortinet 4.0.14.0 2009.12.25 - 
GData 19 2009.12.25 - 
Ikarus T3.1.1.79.0 2009.12.25 - 
Jiangmin 13.0.900 2009.12.25 - 
K7AntiVirus 7.10.929 2009.12.24 - 
Kaspersky 7.0.0.125 2009.12.25 - 
McAfee 5842 2009.12.24 - 
McAfee+Artemis 5842 2009.12.24 - 
McAfee-GW-Edition 6.8.5 2009.12.25 - 
Microsoft 1.5302 2009.12.25 - 
NOD32 4716 2009.12.25 - 
Norman 6.04.03 2009.12.24 - 
nProtect 2009.1.8.0 2009.12.24 - 
Panda 10.0.2.2 2009.12.15 - 
PCTools 7.0.3.5 2009.12.25 - 
Prevx 3.0 2009.12.25 - 
Rising 22.27.04.04 2009.12.25 - 
Sophos 4.49.0 2009.12.25 - 
Sunbelt 3.2.1858.2 2009.12.24 - 
Symantec 1.4.4.12 2009.12.25 - 
TheHacker 6.5.0.3.110 2009.12.24 - 
TrendMicro 9.120.0.1004 2009.12.25 PAK_Generic.001 
VBA32 3.12.12.0 2009.12.25 - 
ViRobot 2009.12.24.2107 2009.12.24 - 
VirusBuster 5.0.21.0 2009.12.25 -

----------


## Erekle

Файл 7CF7E372000A5AF206880399B31467009D1D8CC2.dll  _[acpi24.dll]_ получен 2010.04.21 09:53:27 (UTC)
Результат: 11/42 (26.19%)



> *a-squared 	4.5.0.50 	2010.04.21 	Trojan-Dropper.Agent!IK*
> AhnLab-V3 	5.0.0.2 	2010.04.21 	-
> AntiVir 	7.10.6.147 	2010.04.21 	-
> Antiy-AVL 	2.0.3.7 	2010.04.21 	-
> *Authentium 	5.2.0.5 	2010.04.21 	W32/Mepaow.A.gen!Eldorado*
> Avast 	4.8.1351.0 	2010.04.21 	-
> Avast5 	5.0.332.0 	2010.04.21 	-
> *AVG 	9.0.0.787 	2010.04.21 	Generic17.BDSX*
> BitDefender 	7.2 	2010.04.21 	-
> ...


Дополнительная информация
File size: 198144 bytes
MD5   : 75795790277268d6602a3e538254ac51
SHA1  : 845c198e7dda25bc03514b430e6694a673d0bcaa
SHA256: 0512d71364ad551deea89e94c39b15a7daf9c5a1b262be6fc0  429502d444e3e1
http://www.virustotal.com/ru/analisi...3e1-1271843607

*Добавлено через 5 часов 44 минуты*

Файл 14B603100023AF9EB033009761736100F2314A94.exe  получен 2010.04.21 09:52:53 (UTC)
Результат: 1/40 (2.50%)



> a-squared 	4.5.0.50 	2010.04.21 	-
> AhnLab-V3 	5.0.0.2 	2010.04.21 	-
> AntiVir 	7.10.6.147 	2010.04.21 	-
> Antiy-AVL 	2.0.3.7 	2010.04.21 	-
> Authentium 	5.2.0.5 	2010.04.21 	-
> Avast 	4.8.1351.0 	2010.04.21 	-
> Avast5 	5.0.332.0 	2010.04.21 	-
> AVG 	9.0.0.787 	2010.04.21 	-
> BitDefender 	7.2 	2010.04.21 	-
> ...


Дополнительная информация
File size: 45056 bytes
MD5   : 4c91f2dfc4e901cc1c97a2e8fd7aef52
SHA1  : b0e748429d8970d9bb12085381f831f82fc17e1d
SHA256: 55948827bb857828a7094c933009912551e0fbbf46b65782fa  dfd9cbef2d4f93
http://www.virustotal.com/ru/analisi...f93-1271843573

----------


## Korvelle

Знакомый вернул флэшку.
 File autorun.inf received on 2010.04.29 17 :20: 37 (UTC)
Result: 9/40 (22.5%)

Antivirus 	Version 	Last Update 	Result



> *a-squared	4.5.0.50	2010.04.29	Virus.Worm.AutoRun!IK*
> AhnLab-V3	2010.04.29.05	2010.04.29	-
> AntiVir	8.2.1.224	2010.04.29	-
> Antiy-AVL	2.0.3.7	2010.04.29	-
> Authentium	5.2.0.5	2010.04.29	-
> Avast	4.8.1351.0	2010.04.29	-
> Avast5	5.0.332.0	2010.04.29	-
> *AVG	9.0.0.787	2010.04.29	Worm/AutoRun*
> BitDefender	7.2	2010.04.29	-
> ...

----------


## gjf

Продолжение печальной повести - новый TDL3: дроппер:
Файл keygen.ex1 получен 2010.05.01 04:41:11 (UTC)
Текущий статус: закончено
Результат: 17/40 (42.50%)



> a-squared 	4.5.0.50 	2010.05.01 	-
> AhnLab-V3 	2010.05.01.00 	2010.05.01 	-
> *AntiVir 	8.2.1.224 	2010.04.30 	TR/Alureon.CT.1379*
> Antiy-AVL 	2.0.3.7 	2010.04.30 	-
> Authentium 	5.2.0.5 	2010.05.01 	-
> Avast 	4.8.1351.0 	2010.04.30 	-
> Avast5 	5.0.332.0 	2010.04.30 	-
> *AVG 	9.0.0.787 	2010.04.30 	Generic17.BMCX*
> BitDefender 	7.2 	2010.05.01 	-
> ...


http://www.virustotal.com/ru/analisi...5f5-1272688871

... и библа:

Файл tdlcmd.dll получен 2010.05.01 04:41:18 (UTC)
Текущий статус: закончено
Результат: 14/40 (35.00%)



> *a-squared 	4.5.0.50 	2010.05.01 	Virus.Win32.DNSChanger.VJ!IK*
> AhnLab-V3 	2010.05.01.00 	2010.05.01 	-
> *AntiVir 	8.2.1.224 	2010.04.30 	TR/Agent.8704.76*
> Antiy-AVL 	2.0.3.7 	2010.04.30 	-
> *Authentium 	5.2.0.5 	2010.05.01 	W32/AdAgent.Z.gen!Eldorado
> Avast 	4.8.1351.0 	2010.04.30 	Win32NSChanger-VJ
> Avast5 	5.0.332.0 	2010.04.30 	Win32NSChanger-VJ*
> AVG 	9.0.0.787 	2010.04.30 	-
> BitDefender 	7.2 	2010.05.01 	-
> ...


http://www.virustotal.com/ru/analisi...aab-1272688878

----------


## AlexGOMEL

Файл torta.exe получен 2010.05.06 09:26:04 (UTC)

Результат: 29/41 (70.74%)

Антивирус	Версия	Обновление	Результат
a-squared	4.5.0.50	2010.05.06	-
AhnLab-V3	2010.05.05.00	2010.05.05	*Win32/Palevo1.worm.Gen*
AntiVir	8.2.1.236	2010.05.06	*TR/Crypt.ZPACK.Gen*
Antiy-AVL	2.0.3.7	2010.05.06	-
Authentium	5.2.0.5	2010.05.06	*W32/Rimecud.A.gen!Eldorado*
Avast	4.8.1351.0	2010.05.05	*Win32:MalOb-AI*
Avast5	5.0.332.0	2010.05.05	*Win32:MalOb-AI*
AVG	9.0.0.787	2010.05.05	*Win32/Cryptor*
BitDefender	7.2	2010.05.06	*Gen:Heur.Krypt.24*
CAT-QuickHeal	10.00	2010.05.04	*Worm.Rimecud.A*
ClamAV	0.96.0.3-git	2010.05.06	-
Comodo	4778	2010.05.06	*TrojWare.Win32.P2P-Worm.Palevo.owp*
DrWeb	5.0.2.03300	2010.05.06	*Trojan.Packed.688*
eSafe	7.0.17.0	2010.05.05	-
eTrust-Vet	35.2.7470	2010.05.05	-
F-Prot	4.5.1.85	2010.05.06	*W32/Rimecud.A.gen!Eldorado*
F-Secure	9.0.15370.0	2010.05.06	*Worm:W32/Palevo.gen!M*
Fortinet	4.0.14.0	2010.05.05	*W32/Rimecud!tr*
GData	21	2010.05.06	*Gen:Heur.Krypt.24*
Ikarus	T3.1.1.84.0	2010.05.06	-
Jiangmin	13.0.900	2010.05.06	*Heur:Trojan/Pakes*
Kaspersky	7.0.0.125	2010.05.06	-
McAfee	5.400.0.1158	2010.05.06	*W32/Rimecud.gen.a*
McAfee-GW-Edition	2010.1	2010.05.06	*W32/Rimecud.gen.a*
Microsoft	1.5703	2010.05.05	*Worm:Win32/Rimecud.A*
NOD32	5090	2010.05.06	*a variant of Win32/Peerfrag.FU*
Norman	6.04.12	2010.05.06	-
nProtect	2010-05-06.02	2010.05.06	-
Panda	10.0.2.7	2010.05.05	*Trj/CI.A*
PCTools	7.0.3.5	2010.05.06	*Malware.Pilleuz*
Prevx	3.0	2010.05.06	*High Risk Cloaked Malware*
Rising	22.46.03.04	2010.05.06	-
Sophos	4.53.0	2010.05.06	*Mal/Rimecud-B*
Sunbelt	6265	2010.05.06	*Worm.Win32.Rimecud.c (v)*
Symantec	20091.2.0.41	2010.05.06	*W32.Pilleuz!gen1*
TheHacker	6.5.2.0.276	2010.05.06	*W32/Rimecud.gen*
TrendMicro	9.120.0.1004	2010.05.06	*WORM_PALEVO.SMEP*
TrendMicro-HouseCall	9.120.0.1004	2010.05.06	*WORM_PALEVO.SMEP*
VBA32	3.12.12.4	2010.05.06	*Malware-Cryptor.Win32.Inject.gen*
ViRobot	2010.5.4.2303	2010.05.06	-
VirusBuster	5.0.27.0	2010.05.05	-

Дополнительная информация
File size: 143360 bytes
MD5...: f96d4a9a7372421cf4cda22ed4f78f24

----------


## gjf

Новый буткит (тот, который с инфектором от TDL3). И пусть говорят, что старый  :Smiley:  Привожу один из вариантов, всего около десятка:
File 2d4f0001_1fc9fa66da8293c55e63e2a8  received on 2010.05.08 00:44:20 (UTC)
Result: 13/41 (31.71%)



> *a-squared	4.5.0.50	2010.05.07	Trojan-Downloader.Win32.Mebroot!IK*
> AhnLab-V3	2010.05.08.00	2010.05.07	-
> AntiVir	8.2.1.236	2010.05.07	-
> Antiy-AVL	2.0.3.7	2010.05.07	-
> Authentium	5.2.0.5	2010.05.07	-
> Avast	4.8.1351.0	2010.05.07	-
> Avast5	5.0.332.0	2010.05.07	-
> *AVG	9.0.0.787	2010.05.07	PSW.Sinowal.AZ
> BitDefender	7.2	2010.05.08	Gen:Variant.Sinowal.1*
> ...


http://www.virustotal.com/analisis/a...bbe-1273279460

----------


## polar_owl

Поймал здесь:http://virusinfo.info/showthread.php?t=77940
На момент "ловли" детектировался только VBA32 (по Киберу)
Файл 44a133dc6baefbbedb9ade16147405c0. получен 2010.05.10 14:09:45 
Результат: 5/41 (12.2%)



> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.50	2010.05.10	-
> AhnLab-V3	2010.05.09.00	2010.05.08	-
> AntiVir	8.2.1.236	2010.05.10	-
> Antiy-AVL	2.0.3.7	2010.05.10	-
> Authentium	5.2.0.5	2010.05.10	-
> Avast	4.8.1351.0	2010.05.10	-
> Avast5	5.0.332.0	2010.05.10	-
> AVG	9.0.0.787	2010.05.10	-
> ...


http://www.virustotal.com/ru/analisi...0fa-1273500585

----------


## gjf

Богов Олимпа надо уважать!  :Wink: 
File bot.exe received on 2010.05.13 08:04:51 (UTC)
Result: 19/41 (46.35%)



> a-squared	4.5.0.50	2010.05.10	-
> *AhnLab-V3	2010.05.13.01	2010.05.13	Trojan/Win32.CSon*
> AntiVir	8.2.1.242	2010.05.12	-
> Antiy-AVL	2.0.3.7	2010.05.13	-
> Authentium	5.2.0.5	2010.05.13	-
> Avast	4.8.1351.0	2010.05.13	-
> Avast5	5.0.332.0	2010.05.13	-
> *AVG	9.0.0.787	2010.05.13	SHeur3.WJS
> BitDefender	7.2	2010.05.13	Trojan.Generic.KD.11459*
> ...


http://www.virustotal.com/analisis/4...30b-1273737891

----------


## polar_owl

Поймал сегодня:http://virusinfo.info/showthread.php?t=78262
Ни один антивирус на ВТ на момент ловли не детектил. Ситуация на данный момент:

Файл avz00001.dta получен 2010.05.13 19:30:34 (UTC)
Результат: 1/41 (2.44%)


> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.50	2010.05.10	-
> AhnLab-V3	2010.05.13.01	2010.05.13	-
> AntiVir	8.2.1.242	2010.05.13	-
> Antiy-AVL	2.0.3.7	2010.05.13	-
> Authentium	5.2.0.5	2010.05.13	-
> Avast	4.8.1351.0	2010.05.13	-
> Avast5	5.0.332.0	2010.05.13	-
> AVG	9.0.0.787	2010.05.13	-
> ...

----------


## hton5

*File update_flash_player_x14.exe received on 2010.05.13 18:43:23 (UTC)*



```
a-squared;4.5.0.50;2010.05.10;Trojan-Ransom.Win32.PinkBlocker!IK
AhnLab-V3;2010.05.13.01;2010.05.13;-
AntiVir;8.2.1.242;2010.05.13;-
Antiy-AVL;2.0.3.7;2010.05.13;-
Authentium;5.2.0.5;2010.05.13;-
Avast;4.8.1351.0;2010.05.13;-
Avast5;5.0.332.0;2010.05.13;-
AVG;9.0.0.787;2010.05.13;-
BitDefender;7.2;2010.05.13;-
CAT-QuickHeal;10.00;2010.05.13;-
ClamAV;0.96.0.3-git;2010.05.13;-
Comodo;4833;2010.05.13;-
DrWeb;5.0.2.03300;2010.05.13;-
eSafe;7.0.17.0;2010.05.13;-
eTrust-Vet;35.2.7485;2010.05.13;-
F-Prot;4.5.1.85;2010.05.13;-
F-Secure;9.0.15370.0;2010.05.13;-
Fortinet;4.1.133.0;2010.05.13;-
GData;21;2010.05.13;-
Ikarus;T3.1.1.84.0;2010.05.13;Trojan-Ransom.Win32.PinkBlocker
Jiangmin;13.0.900;2010.05.13;Trojan/PinkBlocker.qs
Kaspersky;7.0.0.125;2010.05.13;-
McAfee;5.400.0.1158;2010.05.13;-
McAfee-GW-Edition;2010.1;2010.05.13;-
Microsoft;1.5703;2010.05.13;-
NOD32;5113;2010.05.13;a variant of Win32/LockScreen.SN
Norman;6.04.12;2010.05.13;-
nProtect;2010-05-13.01;2010.05.13;-
Panda;10.0.2.7;2010.05.13;-
PCTools;7.0.3.5;2010.05.13;-
Rising;22.47.03.04;2010.05.13;-
Sophos;4.53.0;2010.05.13;-
Sunbelt;6299;2010.05.13;-
Symantec;20101.1.0.89;2010.05.13;-
TheHacker;6.5.2.0.280;2010.05.13;-
TrendMicro;9.120.0.1004;2010.05.13;-
TrendMicro-HouseCall;9.120.0.1004;2010.05.13;-
VBA32;3.12.12.4;2010.05.13;-
ViRobot;2010.5.13.2314;2010.05.13;-
VirusBuster;5.0.27.0;2010.05.13;-
```

----------


## Шапельский Александр

Чистил ПК на работе. 


> G:\TAMBA\\\\\LAMBA.exe


Папка "TAMBA" находилась на флешке вместе с autorun.inf. Зловред прописывал csrss.exe (LAMBA.exe) в автозагрузку профиля пользователя с подменой диспетчера задач.
http://www.virustotal.com/ru/analisi...35f-1274166216



> a-squared	4.5.0.50	2010.05.10	-
> AhnLab-V3	2010.05.18.01	2010.05.18	-
> AntiVir	8.2.1.242	2010.05.17	-
> Antiy-AVL	2.0.3.7	2010.05.17	-
> *Authentium	5.2.0.5	2010.05.18	W32/Rimecud.I2.gen!Eldorado*
> Avast	4.8.1351.0	2010.05.17	-
> Avast5	5.0.332.0	2010.05.17	-
> *AVG	9.0.0.787	2010.05.17	Cryptic.GW
> BitDefender	7.2	2010.05.18	Gen:Variant.Rimecud.2
> ...

----------


## gjf

Новый старый способ распространения TDL3:



> SMTP and POP3 servers for _[email protected]_ mailbox are changed. Please carefully read the attached instructions before updating settings.
> 
> http://deleted/card.zip


File card.zip received on 2010.05.18 13:57:26 (UTC)
Result: 14/41 (34.15%)



> a-squared 	4.5.0.50 	2010.05.10 	-
> *AhnLab-V3 	2010.05.18.01 	2010.05.18 	Dropper/Win32.TDSS
> AntiVir 	8.2.1.242 	2010.05.18 	TR/Alureon.CT.1526*
> Antiy-AVL 	2.0.3.7 	2010.05.18 	-
> *Authentium 	5.2.0.5 	2010.05.18 	W32/Alureon.JHV*
> Avast 	4.8.1351.0 	2010.05.18 	-
> Avast5 	5.0.332.0 	2010.05.18 	-
> AVG 	9.0.0.787 	2010.05.18 	-
> BitDefender 	7.2 	2010.05.18 	-
> ...


http://www.virustotal.com/analisis/c...a40-1274191046

----------


## polar_owl

На работе выловил. Ничего его не брало, даже LiveCD. При запуске АВ - утилит комп просто завершал работу. Прописывается эта бяка в *AppInit_DLLs*. Собственно так и выловил. Файл имел название *t.dll* -- лежал в *system32*.

File 111.dll received on 2010.05.21 09:10:27 (UTC)
Результат: 9/41 (21.96%)



> Antivirus 	Version 	Last Update 	Result
> a-squared 	4.5.0.50 	2010.05.10 	-
> AhnLab-V3 	2010.05.21.00 	2010.05.20 	-
> AntiVir 	8.2.1.242 	2010.05.21 	-
> Antiy-AVL 	2.0.3.7 	2010.05.21 	-
> Authentium 	5.2.0.5 	2010.05.21 	-
> Avast 	4.8.1351.0 	2010.05.21 	-
> Avast5 	5.0.332.0 	2010.05.21 	-
> *AVG 	9.0.0.787 	2010.05.20 	Cryptic.SO*
> ...

----------


## DefesT

Файл *mms.jar* получен 2010.05.24 08:33:57 (UTC)
Результат: *8/41* (19.52%)



> Антивирус 	Версия 	Обновление 	Результат
> a-squared	4.5.0.50	2010.05.10	-
> AhnLab-V3	2010.05.23.00	2010.05.22	-
> AntiVir	8.2.1.242	2010.05.23	*JAVA/Smmer.5994*
> Antiy-AVL	2.0.3.7	2010.05.24	*Trojan/J2ME.Smmer*
> Authentium	5.2.0.5	2010.05.23	-
> Avast	4.8.1351.0	2010.05.23	-
> Avast5	5.0.332.0	2010.05.23	-
> AVG	9.0.0.787	2010.05.23	*Java/SMS.J*
> ...


Дополнительная информация
File size: *17493* bytes
MD5...: b4c114850d73db941c695b9d35cf4f29
SHA1..: 3b64e52f05f9bcbf51e7bb3366d65d1815cb9319
SHA256: 37dd628f6c9d53181c9002fe8bdc5026685811ff2bff5f3116  d36dc335847ae9
http://www.virustotal.com/ru/analisi...ae9-1274690037

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Юльча

Файл video-plugin.45046.exe получен 2010.05.25 11:00:38 (UTC)
Результат: 14/40 (35%)




> Антивирус 	Версия 	Обновление 	Результат
> a-squared	4.5.0.50	2010.05.10	-
> AhnLab-V3	2010.05.25.00	2010.05.25	-
> AntiVir	8.2.1.242	2010.05.25	-
> Antiy-AVL	2.0.3.7	2010.05.25	-
> *Authentium	5.2.0.5	2010.05.25	W32/FakeAlert.5!Maximus*
> Avast	4.8.1351.0	2010.05.25	-
> Avast5	5.0.332.0	2010.05.25	-
> AVG	9.0.0.787	2010.05.25	-
> ...


http://www.virustotal.com/ru/analisi...37b-1274785238

----------


## Юльча

Файл *0.005320158428112287.exe* получен 2010.05.27 10:30:04 (UTC)
Результат: *4/40 (10%)*





> Антивирус 	Версия 	Обновление 	Результат
> a-squared	4.5.0.50	2010.05.10	-
> AhnLab-V3	2010.05.27.00	2010.05.27	-
> AntiVir	8.2.1.242	2010.05.27	-
> Antiy-AVL	2.0.3.7	2010.05.26	-
> Authentium	5.2.0.5	2010.05.27	-
> *Avast	4.8.1351.0	2010.05.27	Win32:Crypt-GMW
> Avast5	5.0.332.0	2010.05.27	Win32:Crypt-GMW*
> AVG	9.0.0.787	2010.05.27	-
> ...


http://www.virustotal.com/ru/analisi...cee-1274956204

----------


## Shu_b

t-79536
File stWpaE7.exe received on 2010.05.28 05:44:32 (UTC)


```
Antivirus	Version	Last Update	Result
a-squared	4.5.0.50	2010.05.10	-
AhnLab-V3	2010.05.28.00	2010.05.28	-
AntiVir	8.2.1.242	2010.05.27	-
Antiy-AVL	2.0.3.7	2010.05.26	-
Authentium	5.2.0.5	2010.05.28	-
Avast	4.8.1351.0	2010.05.27	-
Avast5	5.0.332.0	2010.05.27	-
AVG	9.0.0.787	2010.05.27	-
BitDefender	7.2	2010.05.28	-
CAT-QuickHeal	10.00	2010.05.28	(Suspicious) - DNAScan
ClamAV	0.96.0.3-git	2010.05.28	-
Comodo	4942	2010.05.25	-
DrWeb	5.0.2.03300	2010.05.28	Trojan.Packed.20325
eSafe	7.0.17.0	2010.05.27	-
eTrust-Vet	35.2.7515	2010.05.27	-
F-Prot	4.6.0.103	2010.05.28	-
F-Secure	9.0.15370.0	2010.05.28	-
Fortinet	4.1.133.0	2010.05.26	-
GData	21	2010.05.28	-
Ikarus	T3.1.1.84.0	2010.05.28	-
Jiangmin	13.0.900	2010.05.27	-
Kaspersky	7.0.0.125	2010.05.28	-
McAfee	5.400.0.1158	2010.05.28	-
McAfee-GW-Edition	2010.1	2010.05.27	-
Microsoft	1.5802	2010.05.28	Trojan:Win32/Meredrop
NOD32	5151	2010.05.27	-
Norman	6.04.12	2010.05.27	-
nProtect	2010-05-27.03	2010.05.27	-
Panda	10.0.2.7	2010.05.27	-
PCTools	7.0.3.5	2010.05.28	-
Prevx	3.0	2010.05.28	Medium Risk Malware
Rising	22.49.04.01	2010.05.28	-
Sophos	4.53.0	2010.05.28	-
Sunbelt	6367	2010.05.28	-
Symantec	20101.1.0.89	2010.05.28	-
TheHacker	6.5.2.0.288	2010.05.27	-
TrendMicro	9.120.0.1004	2010.05.28	-
TrendMicro-HouseCall	9.120.0.1004	2010.05.28	-
VBA32	3.12.12.5	2010.05.27	-
ViRobot	2010.5.20.2326	2010.05.28	-
VirusBuster	5.0.27.0	2010.05.27	-
```

Additional information
File size: 100864 bytes
MD5...: 63896d67aa1026e7e4e94b6b38acf743

----------


## Vadim_SVN

Файл *svhost.exe* получен 2010.05.28 09:47:05 (UTC)
Результат:* 9/41* (21.96%)


```
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.28.00 2010.05.28 -
AntiVir 8.2.1.242 2010.05.28 -
Antiy-AVL 2.0.3.7 2010.05.26 -
Authentium 5.2.0.5 2010.05.28 -
Avast 4.8.1351.0 2010.05.28 -
Avast5 5.0.332.0 2010.05.28 Win32:SuspBehav-C
AVG 9.0.0.787 2010.05.27 -
BitDefender 7.2 2010.05.28 -
CAT-QuickHeal 10.00 2010.05.28 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.28 -
Comodo 4942 2010.05.25 -
DrWeb 5.0.2.03300 2010.05.28 Trojan.Winlock.1765
eSafe 7.0.17.0 2010.05.27 -
eTrust-Vet 35.2.7516 2010.05.28 -
F-Prot 4.6.0.103 2010.05.28 -
F-Secure 9.0.15370.0 2010.05.28 Suspicious:W32/Malware!Gemini
Fortinet 4.1.133.0 2010.05.26 -
GData 21 2010.05.28 -
Ikarus T3.1.1.84.0 2010.05.28 -
Jiangmin 13.0.900 2010.05.28 -
Kaspersky 7.0.0.125 2010.05.28 Trojan-Ransom.Win32.PinkBlocker.blk
McAfee 5.400.0.1158 2010.05.28 -
McAfee-GW-Edition 2010.1 2010.05.28 Artemis!BE43FF336A01
Microsoft 1.5802 2010.05.28 -
NOD32 5152 2010.05.28 -
Norman 6.04.12 2010.05.27 -
nProtect 2010-05-27.03 2010.05.27 -
Panda 10.0.2.7 2010.05.27 Suspicious file
PCTools 7.0.3.5 2010.05.28 -
Prevx 3.0 2010.05.28 -
Rising 22.49.04.04 2010.05.28 -
Sophos 4.53.0 2010.05.28 Sus/UnkPack-C
Sunbelt 6368 2010.05.28 -
Symantec 20101.1.0.89 2010.05.28 -
TheHacker 6.5.2.0.288 2010.05.27 -
TrendMicro 9.120.0.1004 2010.05.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.28 -
VBA32 3.12.12.5 2010.05.28 Trojan.Win32.Waledac.42
ViRobot 2010.5.20.2326 2010.05.28 -
VirusBuster 5.0.27.0 2010.05.27 -
```

Дополнительная информация
File size: *380416 bytes*
MD5...: be43ff336a0176b9976c8b44a66753d6

http://www.virustotal.com/ru/analisi...bd4-1275040025

----------


## valho

Сделал человеку фотографию на паспорт дома, записал на флешку, сестра сходила в фотостудию. Оттуда уже принесла и это при том что у флешки был заблокирован autorun.inf

File jwgkvsq.vmx received on 2010.05.31 10:17:54 (UTC)
Current status: Finished
Result: 32/33 (96.97%)



> *a-squared	5.0.0.26	2010.05.31	Net-Worm.Win32.Kido!IK*
> *AntiVir	8.2.1.242	2010.05.31	Worm/Conficker.AG*
> Antiy-AVL	2.0.3.7	2010.05.31	-
> *Authentium	5.2.0.5	2010.05.31	W32/Conficker!Generic*
> *Avast	4.8.1351.0	2010.05.30	Win32:Confi*
> *Avast5	5.0.332.0	2010.05.30	Win32:Confi*
> *BitDefender	7.2	2010.05.31	Win32.Worm.Downadup.Gen*
> *CAT-QuickHeal	10.00	2010.05.31	Worm.Conficker.b*
> *ClamAV	0.96.0.3-git	2010.05.30	Worm.Kido-61*
> ...


Additional information
File size: 169822 bytes
MD5...: acf4da36e762084070f8138a43144759
SHA1..: 2f00848973f6abaa5a31647a19c0da6053a3e4c5
SHA256: 71608b749d8e3d8736975a26151d529ddee99d92f97640ab36  927f91e1846282
ssdeep: 3072:+/5E60KXnXhddhoqAtULVMtpJW+PIeii72sxPzhO8k6YWsC8VTd/ThWlA0J
RkFX+:U5p0KdDtLKtpJFILroPzhO71+I1FWu0f
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x43cb
timedatestamp.....: 0x4495b5bb (Sun Jun 18 20:21:15 2006)
machinetype.......: 0x14c (I386)

----------


## gjf

File _TEMP.exe received on 2010.05.31 09:31:26 (UTC) 
Result: 0/41 (0.00%)



> a-squared 5.0.0.26 2010.05.31 - 
> AhnLab-V3 2010.05.30.00 2010.05.29 -   
> AntiVir 8.2.1.242 2010.05.31 -   
> Antiy-AVL 2.0.3.7 2010.05.31 -   
> Authentium 5.2.0.5 2010.05.31 -   
> Avast 4.8.1351.0 2010.05.30 -   
> Avast5 5.0.332.0 2010.05.30 -   
> AVG 9.0.0.787 2010.05.31 -   
> BitDefender 7.2 2010.05.31 -   
> ...


http://www.virustotal.com/analisis/4...c6b-1275298286
*P.S. ~Temp.exe = Trojan.MSIL.Agent.lc*

*Добавлено через 2 часа 25 минут*

ZBot2:
File load.exe received on 2010.05.31 13:33:28 (UTC)
Result: 8/41 (19.52%)



> *a-squared	5.0.0.26	2010.05.31	Backdoor.Win32.Bifrose!IK*
> AhnLab-V3	2010.05.30.00	2010.05.29	-
> AntiVir	8.2.1.242	2010.05.31	-
> Antiy-AVL	2.0.3.7	2010.05.31	-
> Authentium	5.2.0.5	2010.05.31	-
> Avast	4.8.1351.0	2010.05.30	-
> Avast5	5.0.332.0	2010.05.30	-
> AVG	9.0.0.787	2010.05.31	-
> BitDefender	7.2	2010.05.31	-
> ...


http://www.virustotal.com/analisis/7...cb1-1275312808

----------


## gjf

TDL3 - суточной давности дроппер.
File setup.exe received on 2010.06.01 20:07:22 (UTC)
Result: 4/41 (9.76%)



> a-squared5.0.0.262010.06.01-
> AhnLab-V32010.06.01.012010.06.01-
> AntiVir8.2.1.2422010.06.01-
> Antiy-AVL2.0.3.72010.06.01-
> Authentium5.2.0.52010.06.01-
> Avast4.8.1351.02010.06.01-
> Avast55.0.332.02010.06.01-
> AVG9.0.0.7872010.06.01-
> BitDefender7.22010.06.01-
> ...


http://www.virustotal.com/analisis/2...b6d-1275422842

----------


## ISO

Мой KIS опять не знаком с этой гадостью.
File *csrss.exe* received on 2010.06.04 06:46:45 (UTC)
Result: 21/41 (51.22%)




> Antivirus 	Version 	Last Update 	Result
> a-squared	5.0.0.26	2010.06.04	-
> AhnLab-V3	2010.06.04.00	2010.06.03	-
> *AntiVir	8.2.2.4	2010.06.03	TR/ATRAPS.Gen2*
> Antiy-AVL	2.0.3.7	2010.06.02	-
> *Authentium	5.2.0.5	2010.06.04	W32/Rimecud.I.gen!Eldorado*
> Avast	4.8.1351.0	2010.06.03	-
> *Avast5	5.0.332.0	2010.06.03	Win32:SuspBehav-C*
> *AVG	9.0.0.787	2010.06.04	Cryptic.IJ*
> ...


Additional information
File size: 141824 bytes
MD5...: a6536e001908e4bb243c3b4e85dcd169
SHA1..: 2c3f13c0d0227f8e830fccfde5d6f010dbf88fff
SHA256: f87df4c3d49dd0e44630381f5a98c0853d7343c43de31094d0  94190ee069ec2d
ssdeep: 3072:bUA1SZQBWQednQjOfZnn8vyn1fbEvxLysmsYSsgMm6mFq  :b11DS11EksYS

----------


## ALEX(XX)

"Улов"
Файл porno-incest-zrelye-zhenschiny_pa получен 2010.06.04 15:42:04 (UTC)


```
Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	-
AhnLab-V3	2010.06.04.02	2010.06.04	-
AntiVir	8.2.2.6	2010.06.04	-
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	HTML:Script-inf
Avast5	5.0.332.0	2010.06.04	HTML:Script-inf
AVG	9.0.0.787	2010.06.04	-
BitDefender	7.2	2010.06.04	-
CAT-QuickHeal	10.00	2010.06.04	-
ClamAV	0.96.0.3-git	2010.06.04	-
Comodo	4984	2010.06.04	-
DrWeb	5.0.2.03300	2010.06.04	-
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	-
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	-
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	HTML:Script-inf
Ikarus	T3.1.1.84.0	2010.06.04	-
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	-
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	-
NOD32	5172	2010.06.04	-
Norman	6.04.12	2010.06.04	-
nProtect	2010-06-04.01	2010.06.04	-
Panda	10.0.2.7	2010.06.04	-
PCTools	7.0.3.5	2010.06.04	-
Prevx	3.0	2010.06.04	-
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	-
Sunbelt	6405	2010.06.04	-
Symantec	20101.1.0.89	2010.06.04	-
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	-
VBA32	3.12.12.5	2010.06.04	-
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File&nbsp;size: 26773 bytes
MD5&nbsp;&nbsp;&nbsp;: 6a6a7c160b7d82dfb458779dbfeb379a
SHA1&nbsp;&nbsp;: d25c03d21a4dbbcac922da3d65539b99ae3536f2
SHA256: 9fd352c5a6d2acfe57c8184113b2fe243c7303834e631f4ad5c298085c2353ca
TrID&nbsp;&nbsp;: File type identification<br>HyperText Markup Language (100.0%)
ssdeep: 384:UkhHQYsqLeDcxJT7Xo2IVHzBOPQVPdaPGDKpMy/nlJJfbr24/i9tolCKW7QWm0J:UkhHsqLeDcfT82uFThUbrX+olCL75m0J
sigcheck: publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
PEiD&nbsp;&nbsp;: -
RDS&nbsp;&nbsp;&nbsp;: NSRL Reference Data Set<br>-
```

Файл jdpkXFS.exe получен 2010.06.04 15:42:33 (UTC)


```
Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	Trojan.Win32.Meredrop.A!A2
AhnLab-V3	2010.06.04.02	2010.06.04	-
AntiVir	8.2.2.6	2010.06.04	TR/Meredrop.A.10097
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	Win32:Rootkit-gen
Avast5	5.0.332.0	2010.06.04	Win32:Rootkit-gen
AVG	9.0.0.787	2010.06.04	SHeur3.ZZZ
BitDefender	7.2	2010.06.04	-
CAT-QuickHeal	10.00	2010.06.04	(Suspicious) - DNAScan
ClamAV	0.96.0.3-git	2010.06.04	-
Comodo	4984	2010.06.04	UnclassifiedMalware
DrWeb	5.0.2.03300	2010.06.04	Trojan.Packed.20320
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	-
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	-
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	Win32:Rootkit-gen 
Ikarus	T3.1.1.84.0	2010.06.04	-
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	-
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	Trojan:Win32/Meredrop
NOD32	5172	2010.06.04	Win32/Spy.Shiz.NBD
Norman	6.04.12	2010.06.04	-
nProtect	2010-06-04.01	2010.06.04	-
Panda	10.0.2.7	2010.06.04	Generic Malware
PCTools	7.0.3.5	2010.06.04	-
Prevx	3.0	2010.06.04	Medium Risk Malware
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	-
Sunbelt	6405	2010.06.04	Trojan.Win32.Generic!BT
Symantec	20101.1.0.89	2010.06.04	-
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	-
VBA32	3.12.12.5	2010.06.04	Win32.Spy.Shiz.NBD
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File size: 95232 bytes
MD5...: 60461eab0f3830660d660cc0d81ea605
SHA1..: 987176733844a08c282078e617ba916c1fa4043d
SHA256: f6a2df0b7214934f9ecda9e324faddb68afac775cde4e8e7ee58e683d591f470
ssdeep: 1536:M1S6ssPcBOeiY9PXNWen/ycAFlP7JE9dWW670ISC0W+3CML+2ssTTmle:M1<br>SLOeZ18e/X2lP7JcWWzISCkSAie<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x16a0<br>timedatestamp.....: 0x343f7e00 (Sat Oct 11 13:24:16 1997)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name        viradd    virsiz   rawdsiz  ntrpy  md5<br>.text       0x1000    0x52da    0x5400   7.58  494c135b90b12369c37c8b57fa715381<br>.data       0x7000    0xf810    0xfa00   7.38  5935f2309984ab57a4dda823cede9dd2<br>.idata     0x17000     0x4ab     0x600   4.05  04fc78daff8355191d10b900ec97fefb<br>.rsrc      0x18000    0x19a0    0x1a00   5.78  181203eafe0908823d482840a504445f<br>.reloc     0x1a000      0xce     0x200   3.16  a360412cd1e858c80b1fd295c8789b55<br><br>( 2 imports )  <br>&gt; KERNEL32.dll: GetStartupInfoA, GetModuleHandleA, GetProcAddress, GetTickCount, FatalAppExitA, GetTempFileNameA, GetLogicalDrives, RemoveDirectoryW, GetCurrentThreadId, GetModuleFileNameW, FileTimeToLocalFileTime, MoveFileW, ExitProcess, ExitThread, CreateSemaphoreA, FileTimeToSystemTime, GetCurrentDirectoryA, CreateNamedPipeW, OpenMutexA, GetFileAttributesW, FindAtomA, SetCurrentDirectoryA, GlobalAlloc<br>&gt; USER32.dll: WaitMessage, DialogBoxIndirectParamA, TrackPopupMenu, SetDlgItemTextW, GetKeyboardLayout, PeekMessageA, InsertMenuItemA, GetMessageW, CreateWindowExW, GetKeyState, SetCapture, GetClassInfoW, GetClassLongW, wsprintfA, IsDlgButtonChecked, ShowCursor, CheckRadioButton, LockWindowUpdate, GetDlgItemInt<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (38.3%)<br>Win32 Dynamic Link Library (generic) (34.1%)<br>Win16/32 Executable Delphi generic (9.3%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%)
&lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=283F1722006047E0740D01689A325E0037E45040' target='_blank'&gt;http://info.prevx.com/aboutprogramtext.asp?PX5=283F1722006047E0740D01689A325E0037E45040&lt;/a&gt;
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:<br>publisher....: Pgovgj Xgjlps Ixtryw<br>copyright....: Ywrywbp Xzilnrf Ruwzcjh<br>product......: Pwmwsws<br>description..: Vqoqtv Cxipn<br>original name: n/a<br>internal name: n/a<br>file version.: 9.5.0.9<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
```

Файл 50f4b730-5243791e получен 2010.06.04 15:42:10 (UTC)


```
Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	Trojan-Downloader.Java.Agent!IK
AhnLab-V3	2010.06.04.02	2010.06.04	-
AntiVir	8.2.2.6	2010.06.04	-
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	Java:Djewers-H
Avast5	5.0.332.0	2010.06.04	Java:Djewers-H
AVG	9.0.0.787	2010.06.04	-
BitDefender	7.2	2010.06.04	-
CAT-QuickHeal	10.00	2010.06.04	-
ClamAV	0.96.0.3-git	2010.06.04	-
Comodo	4984	2010.06.04	-
DrWeb	5.0.2.03300	2010.06.04	-
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	Java/SillyDl.HJW
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	-
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	Java:Djewers-H 
Ikarus	T3.1.1.84.0	2010.06.04	Trojan-Downloader.Java.Agent
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	-
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	-
NOD32	5172	2010.06.04	-
Norman	6.04.12	2010.06.04	-
nProtect	2010-06-04.01	2010.06.04	-
Panda	10.0.2.7	2010.06.04	-
PCTools	7.0.3.5	2010.06.04	-
Prevx	3.0	2010.06.04	-
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	-
Sunbelt	6405	2010.06.04	Trojan-Downloader.Java.Agent.bk (v)
Symantec	20101.1.0.89	2010.06.04	-
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	-
VBA32	3.12.12.5	2010.06.04	-
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File size: 7917 bytes
MD5...: 38b48c672a3e45988b5a59e457d74181
SHA1..: a84bf350369d7547de0e4d235683a7fa30220df1
SHA256: 991abd8b4b2e913335e0211ee1686a07561172f2a2bd2e4b020fd1ec8f3a87d7
ssdeep: 192:apVYRxkKEFOrzOr2pj2C3okf4XmOi5ReU7tWAmloz:apVYRfEFdSCC3okf+i<br>2Emloz<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Unknown!
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
```

Файл 6BkLj93.exe получен 2010.06.04 15:42:42 (UTC)


```
Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	Trojan.Win32.Meredrop.A!A2
AhnLab-V3	2010.06.04.02	2010.06.04	-
AntiVir	8.2.2.6	2010.06.04	TR/Meredrop.A.10097
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	Win32:Rootkit-gen
Avast5	5.0.332.0	2010.06.04	Win32:Rootkit-gen
AVG	9.0.0.787	2010.06.04	SHeur3.ZZZ
BitDefender	7.2	2010.06.04	-
CAT-QuickHeal	10.00	2010.06.04	(Suspicious) - DNAScan
ClamAV	0.96.0.3-git	2010.06.04	-
Comodo	4984	2010.06.04	UnclassifiedMalware
DrWeb	5.0.2.03300	2010.06.04	Trojan.Packed.20320
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	-
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	-
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	Win32:Rootkit-gen 
Ikarus	T3.1.1.84.0	2010.06.04	-
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	-
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	Trojan:Win32/Meredrop
NOD32	5172	2010.06.04	Win32/Spy.Shiz.NBD
Norman	6.04.12	2010.06.04	-
nProtect	2010-06-04.01	2010.06.04	-
Panda	10.0.2.7	2010.06.04	Generic Malware
PCTools	7.0.3.5	2010.06.04	-
Prevx	3.0	2010.06.04	Medium Risk Malware
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	-
Sunbelt	6405	2010.06.04	Trojan.Win32.Generic!BT
Symantec	20101.1.0.89	2010.06.04	-
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	-
VBA32	3.12.12.5	2010.06.04	Win32.Spy.Shiz.NBD
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File size: 95232 bytes
MD5...: 60461eab0f3830660d660cc0d81ea605
SHA1..: 987176733844a08c282078e617ba916c1fa4043d
SHA256: f6a2df0b7214934f9ecda9e324faddb68afac775cde4e8e7ee58e683d591f470
ssdeep: 1536:M1S6ssPcBOeiY9PXNWen/ycAFlP7JE9dWW670ISC0W+3CML+2ssTTmle:M1<br>SLOeZ18e/X2lP7JcWWzISCkSAie<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x16a0<br>timedatestamp.....: 0x343f7e00 (Sat Oct 11 13:24:16 1997)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name        viradd    virsiz   rawdsiz  ntrpy  md5<br>.text       0x1000    0x52da    0x5400   7.58  494c135b90b12369c37c8b57fa715381<br>.data       0x7000    0xf810    0xfa00   7.38  5935f2309984ab57a4dda823cede9dd2<br>.idata     0x17000     0x4ab     0x600   4.05  04fc78daff8355191d10b900ec97fefb<br>.rsrc      0x18000    0x19a0    0x1a00   5.78  181203eafe0908823d482840a504445f<br>.reloc     0x1a000      0xce     0x200   3.16  a360412cd1e858c80b1fd295c8789b55<br><br>( 2 imports )  <br>&gt; KERNEL32.dll: GetStartupInfoA, GetModuleHandleA, GetProcAddress, GetTickCount, FatalAppExitA, GetTempFileNameA, GetLogicalDrives, RemoveDirectoryW, GetCurrentThreadId, GetModuleFileNameW, FileTimeToLocalFileTime, MoveFileW, ExitProcess, ExitThread, CreateSemaphoreA, FileTimeToSystemTime, GetCurrentDirectoryA, CreateNamedPipeW, OpenMutexA, GetFileAttributesW, FindAtomA, SetCurrentDirectoryA, GlobalAlloc<br>&gt; USER32.dll: WaitMessage, DialogBoxIndirectParamA, TrackPopupMenu, SetDlgItemTextW, GetKeyboardLayout, PeekMessageA, InsertMenuItemA, GetMessageW, CreateWindowExW, GetKeyState, SetCapture, GetClassInfoW, GetClassLongW, wsprintfA, IsDlgButtonChecked, ShowCursor, CheckRadioButton, LockWindowUpdate, GetDlgItemInt<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
trid..: Win32 Executable Generic (38.3%)<br>Win32 Dynamic Link Library (generic) (34.1%)<br>Win16/32 Executable Delphi generic (9.3%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%)
pdfid.: -
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:<br>publisher....: Pgovgj Xgjlps Ixtryw<br>copyright....: Ywrywbp Xzilnrf Ruwzcjh<br>product......: Pwmwsws<br>description..: Vqoqtv Cxipn<br>original name: n/a<br>internal name: n/a<br>file version.: 9.5.0.9<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
&lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=283F1722006047E0740D01689A325E0037E45040' target='_blank'&gt;http://info.prevx.com/aboutprogramtext.asp?PX5=283F1722006047E0740D01689A325E0037E45040&lt;/a&gt;
```

Файл HkdfkjX.class получен 2010.06.04 15:42:46 (UTC)


```
Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	-
AhnLab-V3	2010.06.04.02	2010.06.04	-
AntiVir	8.2.2.6	2010.06.04	-
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	Java:Djewers-H
Avast5	5.0.332.0	2010.06.04	Java:Djewers-H
AVG	9.0.0.787	2010.06.04	-
BitDefender	7.2	2010.06.04	-
CAT-QuickHeal	10.00	2010.06.04	-
ClamAV	0.96.0.3-git	2010.06.04	-
Comodo	4984	2010.06.04	-
DrWeb	5.0.2.03300	2010.06.04	-
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	-
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	-
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	Java:Djewers-H 
Ikarus	T3.1.1.84.0	2010.06.04	-
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	-
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	-
NOD32	5172	2010.06.04	-
Norman	6.04.12	2010.06.04	-
nProtect	2010-06-04.01	2010.06.04	-
Panda	10.0.2.7	2010.06.04	-
PCTools	7.0.3.5	2010.06.04	-
Prevx	3.0	2010.06.04	-
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	Mal/JavaDldr-B
Sunbelt	6405	2010.06.04	-
Symantec	20101.1.0.89	2010.06.04	-
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	-
VBA32	3.12.12.5	2010.06.04	-
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File size: 5624 bytes
MD5...: 91255e4e3bc74188f1484179405225c9
SHA1..: 9f59fca1ff4219b45acfd715005f39b67eaf119b
SHA256: 7d191aad484697fec3060ba7cbb3b0588134d302aa74a6f9415491665ca98921
ssdeep: 96:W7FlYEkuSyZjYVpMpTgrVpK4KcBxRgtuz5WM1kApgS0:WlnZcygrZKclgtudW<br>0kApgS0<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Java Bytecode (60.0%)<br>Mac OS X Universal Binary executable (40.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
```

Файл KHdfsdeX.class получен 2010.06.04 15:46:26 (UTC)


```
Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	-
AhnLab-V3	2010.06.04.02	2010.06.04	-
AntiVir	8.2.2.6	2010.06.04	-
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	Java:Djewers-E
Avast5	5.0.332.0	2010.06.04	Java:Djewers-E
AVG	9.0.0.787	2010.06.04	-
BitDefender	7.2	2010.06.04	-
CAT-QuickHeal	10.00	2010.06.04	-
ClamAV	0.96.0.3-git	2010.06.04	-
Comodo	4984	2010.06.04	-
DrWeb	5.0.2.03300	2010.06.04	-
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	-
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	-
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	Java:Djewers-E 
Ikarus	T3.1.1.84.0	2010.06.04	-
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	-
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	-
NOD32	5172	2010.06.04	-
Norman	6.04.12	2010.06.04	-
nProtect	2010-06-04.01	2010.06.04	-
Panda	10.0.2.7	2010.06.04	-
PCTools	7.0.3.5	2010.06.04	-
Prevx	3.0	2010.06.04	-
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	Mal/JavaDldr-B
Sunbelt	6405	2010.06.04	-
Symantec	20101.1.0.89	2010.06.04	-
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	-
VBA32	3.12.12.5	2010.06.04	-
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File&nbsp;size: 7491 bytes
MD5&nbsp;&nbsp;&nbsp;: e73234098eaae758219a109403978ea2
SHA1&nbsp;&nbsp;: 20836967becbfd1f38a018cc5c5de2516b5463ee
SHA256: 2afc7199f3b048b621f4a673ed1150b21f7048de2d3586b8870c73b73e3d2657
TrID&nbsp;&nbsp;: File type identification<br>Java Bytecode (60.0%)<br>Mac OS X Universal Binary executable (40.0%)
ssdeep: 96:t6PZl4kTiDXIzMEFQVwBXeo16NZD2DUDUHIzseszUy0oA7vQLpVDUUU6DUUUKJuV:SZlPTGwBuoysbzU+LpxMkMrM87SE
sigcheck: publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
PEiD&nbsp;&nbsp;: -
RDS&nbsp;&nbsp;&nbsp;: NSRL Reference Data Set<br>-
```

Файл AppletX.class получен 2010.06.04 15:43:03 (UTC)


```
Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	Trojan.Java.ClassLoader!IK
AhnLab-V3	2010.06.04.02	2010.06.04	-
AntiVir	8.2.2.6	2010.06.04	-
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	Java:Agent-B
Avast5	5.0.332.0	2010.06.04	Java:Agent-B
AVG	9.0.0.787	2010.06.04	Java/Downloader.U
BitDefender	7.2	2010.06.04	-
CAT-QuickHeal	10.00	2010.06.04	-
ClamAV	0.96.0.3-git	2010.06.04	Exploit.JS-7
Comodo	4984	2010.06.04	-
DrWeb	5.0.2.03300	2010.06.04	Exploit.Java.1
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	-
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	-
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	Java:Agent-B 
Ikarus	T3.1.1.84.0	2010.06.04	Trojan.Java.ClassLoader
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	-
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	Trojan:Java/Classloader.S
NOD32	5172	2010.06.04	a variant of Java/TrojanDownloader.OpenStream.NAJ
Norman	6.04.12	2010.06.04	-
nProtect	2010-06-04.01	2010.06.04	-
Panda	10.0.2.7	2010.06.04	-
PCTools	7.0.3.5	2010.06.04	Trojan.Generic
Prevx	3.0	2010.06.04	-
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	Sus/ClassLdr-A
Sunbelt	6405	2010.06.04	-
Symantec	20101.1.0.89	2010.06.04	Trojan Horse
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	JAVA_DLOAD.YT
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	JAVA_DLOAD.YT
VBA32	3.12.12.5	2010.06.04	Exploit.Java.1
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File size: 5254 bytes
MD5...: 5103f06af294aa364dd6049c1b217c83
SHA1..: a32c61706e1ec3c947799e8356d8ae6336758fde
SHA256: 05000e29f191047292ae2e625df5580c6dbfb8957cf1d7dd167e79cd00b443af
ssdeep: 96:CilE7Pql5lov5//9Q7PEeLkC4Vx8P/lwCywJGwL/rpGNd9KlK62SYeL:yDql5<br>M5/67PE0kC4X8P9wCyP49AhUL<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Java Bytecode (60.0%)<br>Mac OS X Universal Binary executable (40.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
```

Файл LoaderX.class получен 2010.06.04 15:44:41 (UTC)


```
Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	Trojan-Downloader.Java.Agent!IK
AhnLab-V3	2010.06.04.02	2010.06.04	-
AntiVir	8.2.2.6	2010.06.04	-
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	Java:Agent-B
Avast5	5.0.332.0	2010.06.04	Java:Agent-B
AVG	9.0.0.787	2010.06.04	-
BitDefender	7.2	2010.06.04	-
CAT-QuickHeal	10.00	2010.06.04	-
ClamAV	0.96.0.3-git	2010.06.04	-
Comodo	4984	2010.06.04	-
DrWeb	5.0.2.03300	2010.06.04	Exploit.Java.2
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	-
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	-
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	Java:Agent-B 
Ikarus	T3.1.1.84.0	2010.06.04	Trojan-Downloader.Java.Agent
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	-
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	Exploit:Java/CVE-2008-5353.C
NOD32	5172	2010.06.04	a variant of Java/TrojanDownloader.Agent.NBE
Norman	6.04.12	2010.06.04	JAVA/ByteVerify.B
nProtect	2010-06-04.01	2010.06.04	-
Panda	10.0.2.7	2010.06.04	-
PCTools	7.0.3.5	2010.06.04	Trojan.Generic
Prevx	3.0	2010.06.04	-
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	Sus/ClassLdr-A
Sunbelt	6405	2010.06.04	-
Symantec	20101.1.0.89	2010.06.04	Trojan Horse
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	JAVA_DLOAD.YT
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	JAVA_DLOAD.YT
VBA32	3.12.12.5	2010.06.04	Exploit.Java.2
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File size: 3743 bytes
MD5...: 59b358987b10355b6818f2fa8b5851d5
SHA1..: 8bfdb8f0be7674fed30a8d836bc73594cdcec3b9
SHA256: 9a9c78dbb951285845f03aa99366203df854e06fe7c5e614a6fde02159fc1ca4
ssdeep: 96:EcwFl+E3C4Vx8Pjlov5//9Q7qqTxwnSupzu7eYhB:Enl7C4X8PjM5/67zxwS1<br>7F/<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Java Bytecode (60.0%)<br>Mac OS X Universal Binary executable (40.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
```

Byodsadc.class получен 2010.06.04 15:44:44 (UTC)



```
Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	Virus.Java.Djewers!IK
AhnLab-V3	2010.06.04.02	2010.06.04	-
AntiVir	8.2.2.6	2010.06.04	TR/Dldr.Java.Agent.BH.6
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	Java:Djewers-J
Avast5	5.0.332.0	2010.06.04	Java:Djewers-J
AVG	9.0.0.787	2010.06.04	-
BitDefender	7.2	2010.06.04	-
CAT-QuickHeal	10.00	2010.06.04	-
ClamAV	0.96.0.3-git	2010.06.04	-
Comodo	4984	2010.06.04	-
DrWeb	5.0.2.03300	2010.06.04	-
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	-
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	Exploit:Java/Agent.DIRE
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	Java:Djewers-J 
Ikarus	T3.1.1.84.0	2010.06.04	Virus.Java.Djewers
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	Trojan-Downloader.Java.Agent.bh
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	-
NOD32	5172	2010.06.04	a variant of Java/TrojanDownloader.Agent.NAX
Norman	6.04.12	2010.06.04	-
nProtect	2010-06-04.01	2010.06.04	-
Panda	10.0.2.7	2010.06.04	-
PCTools	7.0.3.5	2010.06.04	Downloader.Generic
Prevx	3.0	2010.06.04	-
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	Troj/ClsLdr-AA
Sunbelt	6405	2010.06.04	-
Symantec	20101.1.0.89	2010.06.04	Downloader
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	-
VBA32	3.12.12.5	2010.06.04	-
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File size: 2933 bytes
MD5...: 2c00e9fbbe72676c8060b7b9120fc750
SHA1..: 190e5a9d820b08abe2a95450ad4df2fa6edf0de5
SHA256: 83f291048284eab6186440542ebb86133e485558dcf49823ad67ba4b0246fe76
ssdeep: 48:6pvKdOEgPDG4nXl3NR/DDvJvtQF4xR5/TXd/d6nRKpF/Lwj8dGR6bJcYhMBfR<br>v7c:YKXgPD7ldRvvJvekzZtdGMVcYhKv2rX<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Java Bytecode (60.0%)<br>Mac OS X Universal Binary executable (40.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
```

*Добавлено через 4 минуты*

Файл mgdyfiqd.dll получен 2010.06.04 16:06:13 (UTC)


```
Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.04	-
AhnLab-V3	2010.06.04.02	2010.06.04	Malware/Win32.Generic
AntiVir	8.2.2.6	2010.06.04	-
Antiy-AVL	2.0.3.7	2010.06.04	-
Authentium	5.2.0.5	2010.06.04	-
Avast	4.8.1351.0	2010.06.04	Win32:Malware-gen
Avast5	5.0.332.0	2010.06.04	Win32:Malware-gen
AVG	9.0.0.787	2010.06.04	Pakes.FKP
BitDefender	7.2	2010.06.04	Trojan.Generic.4089896
CAT-QuickHeal	10.00	2010.06.04	-
ClamAV	0.96.0.3-git	2010.06.04	-
Comodo	4984	2010.06.04	UnclassifiedMalware
DrWeb	5.0.2.03300	2010.06.04	Trojan.Packed.20273
eSafe	7.0.17.0	2010.06.03	-
eTrust-Vet	35.2.7528	2010.06.04	-
F-Prot	4.6.0.103	2010.06.03	-
F-Secure	9.0.15370.0	2010.06.04	Trojan.Generic.4089896
Fortinet	4.1.133.0	2010.06.04	-
GData	21	2010.06.04	Trojan.Generic.4089896
Ikarus	T3.1.1.84.0	2010.06.04	-
Jiangmin	13.0.900	2010.06.04	-
Kaspersky	7.0.0.125	2010.06.04	-
McAfee	5.400.0.1158	2010.06.04	-
McAfee-GW-Edition	2010.1	2010.06.04	-
Microsoft	1.5802	2010.06.04	-
NOD32	5172	2010.06.04	a variant of Win32/Kryptik.ELC
Norman	6.04.12	2010.06.04	-
nProtect	2010-06-04.01	2010.06.04	Trojan.Generic.4089896
Panda	10.0.2.7	2010.06.04	Suspicious file
PCTools	7.0.3.5	2010.06.04	-
Prevx	3.0	2010.06.04	-
Rising	22.50.04.04	2010.06.04	-
Sophos	4.53.0	2010.06.04	-
Sunbelt	6405	2010.06.04	-
Symantec	20101.1.0.89	2010.06.04	-
TheHacker	6.5.2.0.292	2010.06.04	-
TrendMicro	9.120.0.1004	2010.06.04	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.04	-
VBA32	3.12.12.5	2010.06.04	Trojan.MTA.0424
ViRobot	2010.6.4.2337	2010.06.04	-
VirusBuster	5.0.27.0	2010.06.04	-

Дополнительная информация
File size: 40448 bytes
MD5...: 0f1341509dbf6c92b063a1853666e55c
SHA1..: 0c8a176b30b5d2d23bc4c9815acf884a400fbb7d
SHA256: 6d64c74469c4161120710fd2761a3db6e14b563e4c92c641b18a74796c71016d
ssdeep: 768:tTcwoB3xs9Mszzm75Rip/Vt4LX1ds6sfg0QN8ASr2:eB3xsxGviJ2UYZY2<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1550<br>timedatestamp.....: 0x304f3700 (Thu Sep 07 18:16:32 1995)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name        viradd    virsiz   rawdsiz  ntrpy  md5<br>.text       0x1000    0x29ea    0x2a00   7.24  ba3de342086e2761991c42a17822b857<br>.data       0x4000    0x3d48    0x3e00   7.27  1a37ac19bbfcd8f11d22fa0e3495c67d<br>.idata      0x8000     0x4bc     0x600   3.79  1224cf5c0daf575befd41b06bad51d29<br>.rsrc       0x9000    0x29d0    0x2a00   6.00  474b98ada983ceac7e5197ec8ed67369<br>.reloc      0xc000     0x142     0x200   4.71  7c0ff060fddc7eddd580624b4bfbc982<br><br>( 6 imports )  <br>&gt; KERNEL32.dll: Beep, GetProcessHeap, WaitForMultipleObjects, ConnectNamedPipe, LoadLibraryW, FileTimeToLocalFileTime, GetModuleHandleW, lstrcpyA, lstrcpyW, VirtualAlloc, GetShortPathNameW, CreateNamedPipeA, HeapCreate, lstrcmpi<br>&gt; USER32.dll: SetCursor, GetCursorPos, GetMenuStringW, MessageBoxA, DefWindowProcA, LoadCursorA, MessageBeep, DestroyCursor, wsprintfA, DeleteMenu, LoadImageW, SetWindowTextA, GetDesktopWindow, GetKeyboardLayout<br>&gt; GDI32.dll: GetBitmapBits, SetTextColor, CreateFontIndirectA, GetStockObject, SetBkColor<br>&gt; ADVAPI32.dll: RegEnumValueA, RegRestoreKeyA, RegEnumValueW<br>&gt; COMDLG32.dll: PrintDlgExA, ChooseFontW<br>&gt; SHELL32.dll: StrRChrIW<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win64 Executable Generic (79.3%)<br>Win32 Executable Generic (7.9%)<br>Win32 Dynamic Link Library (generic) (7.0%)<br>Win16/32 Executable Delphi generic (1.9%)<br>Generic Win/DOS Executable (1.8%)
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:<br>publisher....: Lqlpfm Iqxxwa Vyfps Dbxys<br>copyright....: Wshmgg Advjxcq Mwzipt Onurl<br>product......: Qsede Krxlxpq Suonur Kndrm<br>description..: Krgtgjl Hsqxvz<br>original name: n/a<br>internal name: n/a<br>file version.: 2.7.4.8<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
```

----------


## Nexus

Рассылают Вконтакте, свеженький.

File photo-057.exe received on 2010.06.05 10:57:54 (UTC)



> a-squared	5.0.0.26	2010.06.05	-
> AhnLab-V3	2010.06.05.00	2010.06.04	-
> AntiVir	8.2.2.6	2010.06.04	-
> Antiy-AVL	2.0.3.7	2010.06.04	-
> Authentium	5.2.0.5	2010.06.05	-
> Avast	4.8.1351.0	2010.06.05	-
> Avast5	5.0.332.0	2010.06.05	-
> AVG	9.0.0.787	2010.06.05	-
> BitDefender	7.2	2010.06.05	-
> ...


Additional information
File size: 823296 bytes
MD5   : 3cc0ff8334edd4a55b3ff2c1d873b92b

http://www.virustotal.com/analisis/6...591-1275735474

----------


## valho

File vip_porno_44808.avi.exe received on 2010.06.08 04:20:49 (UTC)
Current status: Finished
Result: 15/41 (36.59%)




> *a-squared	5.0.0.26	2010.06.08	Trojan-Ransom.Win32.PornoBlocker!IK*
> *AhnLab-V3	2010.06.08.00	2010.06.08	Trojan/Win32.PornoBlocker*
> *AntiVir	8.2.2.6	2010.06.07	TR/Ransom.PornoBlocker.VR.1*
> Antiy-AVL	2.0.3.7	2010.06.04	-
> Authentium	5.2.0.5	2010.06.08	-
> Avast	4.8.1351.0	2010.06.07	-
> Avast5	5.0.332.0	2010.06.07	-
> *AVG	9.0.0.787	2010.06.07	Generic18.CXR*
> BitDefender	7.2	2010.06.08	-
> ...


Additional information
File size: 266240 bytes
MD5...: b8af0ece0ab4c7acd4c1a52caa6a1587
SHA1..: 8aa549a91fb953d55a4fbc6080aa9f62b5bd4606
SHA256: 698bf974c7aff83e113f0c299aa09fcd8883095b752de0a1d5  191eaa8762c374
ssdeep: 6144:gY903Ds7HbqCnm5KnpDNUUoaGtnlK1wkmOMawiSqW:gl3  Ds77qYm5G+nknm
O1lW
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x37df4
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

----------


## Vadim_SVN

File mozilla.exe received on 2010.06.08 05:31:52 (UTC)
Current status: finished
*Result: 6/41 (14.63%)*


```
a-squared  5.0.0.26  2010.06.08  -
AhnLab-V3  2010.06.08.00  2010.06.08  -
AntiVir  8.2.2.6  2010.06.07  -
Antiy-AVL  2.0.3.7  2010.06.04  -
Authentium  5.2.0.5  2010.06.08  -
Avast  4.8.1351.0  2010.06.07  -
Avast5  5.0.332.0  2010.06.07  Win32:SuspBehav-C
AVG  9.0.0.787  2010.06.07  -
BitDefender  7.2  2010.06.08  -
CAT-QuickHeal  10.00  2010.06.08  (Suspicious) - DNAScan
ClamAV  0.96.0.3-git  2010.06.08  -
Comodo  5023  2010.06.08  -
DrWeb  5.0.2.03300  2010.06.08  Trojan.AdultBan.59
eSafe  7.0.17.0  2010.06.06  -
eTrust-Vet  36.1.7617  2010.06.07  -
F-Prot  4.6.0.103  2010.06.08  -
F-Secure  9.0.15370.0  2010.06.08  -
Fortinet  4.1.133.0  2010.06.06  -
GData  21  2010.06.08  -
Ikarus  T3.1.1.84.0  2010.06.08  -
Jiangmin  13.0.900  2010.06.07  -
Kaspersky  7.0.0.125  2010.06.08  Packed.Win32.Krap.gx
McAfee  5.400.0.1158  2010.06.08  -
McAfee-GW-Edition  2010.1  2010.06.07  -
Microsoft  1.5802  2010.06.08  -
NOD32  5180  2010.06.07  -
Norman  6.04.12  2010.06.07  -
nProtect  2010-06-07.01  2010.06.07  -
Panda  10.0.2.7  2010.06.07  -
PCTools  7.0.3.5  2010.06.08  -
Prevx  3.0  2010.06.08  -
Rising  22.51.01.03  2010.06.08  -
Sophos  4.53.0  2010.06.08  Sus/UnkPack-C
Sunbelt  6417  2010.06.08  -
Symantec  20101.1.0.89  2010.06.08  -
TheHacker  6.5.2.0.292  2010.06.04  -
TrendMicro  9.120.0.1004  2010.06.08  -
TrendMicro-HouseCall  9.120.0.1004  2010.06.08  -
VBA32  3.12.12.5  2010.06.07  Trojan.Win32.Waledac.42
ViRobot  2010.6.8.2342  2010.06.08  -
VirusBuster  5.0.27.0  2010.06.07  -
```

Additional information
File size: 389120 bytes
MD5   : 3873606fe0d593c2e85aaa011616069a


```
[HKEY_LOCAL_MACHINE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe, C:\\Program Files\\Common Files\\Mozilla\\mozilla.exe"

И еще вот такой ключик был:
[HKEY_LOCAL_MACHINE\Microsoft\Windows NT\CurrentVersion\winlogon ]
"shell"="Explorer.exe, C:\\Program Files\\Common Files\\Mozilla\\mozilla.exe"
```

http://www.virustotal.com/analisis/5...dc7-1275975112

*Добавлено через 10 часов 30 минут*

Еще порнобаннер (из той же серии, судя по всему)

File photoshop.exe received on 2010.06.08 16:05:06 (UTC)
*Result: 9/41 (21.96%)*



```
a-squared 5.0.0.26 2010.06.08 -
AhnLab-V3 2010.06.08.06 2010.06.08 -
AntiVir 8.2.2.6 2010.06.08 -
Antiy-AVL 2.0.3.7 2010.06.08 -
Authentium 5.2.0.5 2010.06.08 -
Avast 4.8.1351.0 2010.06.08 -
Avast5 5.0.332.0 2010.06.08 Win32:SuspBehav-C
AVG 9.0.0.787 2010.06.08 -
BitDefender 7.2 2010.06.08 -
CAT-QuickHeal 10.00 2010.06.08 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.06.08 -
Comodo 5029 2010.06.08 TrojWare.Win32.MalPack.~PKA1
DrWeb 5.0.2.03300 2010.06.08 Trojan.Packed.20343
eSafe 7.0.17.0 2010.06.06 -
eTrust-Vet 36.1.7618 2010.06.08 -
F-Prot 4.6.0.103 2010.06.08 -
F-Secure 9.0.15370.0 2010.06.08 -
Fortinet 4.1.133.0 2010.06.08 -
GData 21 2010.06.08 -
Ikarus T3.1.1.84.0 2010.06.08 -
Jiangmin 13.0.900 2010.06.08 -
Kaspersky 7.0.0.125 2010.06.08 Packed.Win32.Krap.gx
McAfee 5.400.0.1158 2010.06.08 -
McAfee-GW-Edition 2010.1 2010.06.08 Artemis!D0579AD09624
Microsoft 1.5802 2010.06.08 -
NOD32 5182 2010.06.08 -
Norman 6.04.12 2010.06.07 -
nProtect 2010-06-08.01 2010.06.08 -
Panda 10.0.2.7 2010.06.07 Suspicious file
PCTools 7.0.3.5 2010.06.08 -
Prevx 3.0 2010.06.08 -
Rising 22.51.01.04 2010.06.08 -
Sophos 4.53.0 2010.06.08 Sus/UnkPack-C
Sunbelt 6419 2010.06.08 -
Symantec 20101.1.0.89 2010.06.08 -
TheHacker 6.5.2.0.295 2010.06.08 -
TrendMicro 9.120.0.1004 2010.06.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.08 -
VBA32 3.12.12.5 2010.06.08 Malware-Cryptor.Win32.Limpopo
ViRobot 2010.6.8.2343 2010.06.08 -
VirusBuster 5.0.27.0 2010.06.08 -
```

Additional information
File size: 340480 bytes
MD5...: d0579ad09624a861589b5db71ddf5242

Болтался по пути:


```
C:\Program Files\Common files\Adobe Photoshop\
```

Анделитером нашел тамже батничек:


```
reg add "hkey_local_machine\software\microsoft\windows nt\currentversion\winlogon " /v shell /t reg_sz /d "Explorer.exe" /f
reg add "hkey_local_machine\software\microsoft\windows nt\currentversion\winlogon" /v shell /t reg_sz /d "Explorer.exe" /f
erase "C:\PROGRAM FILES\COMMON FILES\ADOBE PHOTOSHOP\trr.bat"
```

http://www.virustotal.com/analisis/0...6e1-1276013106

----------


## DefesT

File *foto15.scr* received on 2010.06.10 20:52:15 (UTC)
Result: *3*/*41* (7.32%)



> Antivirus 	Version 	Last Update 	Result
> a-squared	5.0.0.26	2010.06.10	-
> AhnLab-V3	2010.06.10.02	2010.06.10	-
> AntiVir	8.2.2.6	2010.06.10	-
> Antiy-AVL	2.0.3.7	2010.06.08	-
> Authentium	5.2.0.5	2010.06.10	-
> Avast	4.8.1351.0	2010.06.10	-
> Avast5	5.0.332.0	2010.06.10	-
> *AVG	9.0.0.787	2010.06.10	Cryptic.ACV*
> ...


Additional information
File size: *93264* bytes
MD5...: 726cf1ea7100954f3051587d9f2fce83
SHA1..: 0d37efa0e1ce3068c5b0580f115a98a17baf944b
SHA256: c8d883377c71bfd3aef60ebd67da85ba6469fd62c8ea2effae  d995e0e4004bca
http://www.virustotal.com/analisis/c...bca-1276203135

----------


## ALEX(XX)

Улов
Файл avz00001.dta получен 2010.06.11 05:58:07 (UTC)


```
Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.11	Backdoor.WinNT.Rustock!IK
AhnLab-V3	2010.06.11.00	2010.06.11	-
AntiVir	8.2.2.6	2010.06.10	TR/Crypt.ZPACK.Gen
Antiy-AVL	2.0.3.7	2010.06.11	-
Authentium	5.2.0.5	2010.06.11	-
Avast	4.8.1351.0	2010.06.10	-
Avast5	5.0.332.0	2010.06.10	-
AVG	9.0.0.787	2010.06.10	-
BitDefender	7.2	2010.06.11	-
CAT-QuickHeal	10.00	2010.06.11	-
ClamAV	0.96.0.3-git	2010.06.11	-
Comodo	5059	2010.06.11	-
DrWeb	5.0.2.03300	2010.06.11	-
eSafe	7.0.17.0	2010.06.10	-
eTrust-Vet	36.1.7627	2010.06.10	-
F-Prot	4.6.0.103	2010.06.11	-
F-Secure	9.0.15370.0	2010.06.11	-
Fortinet	4.1.133.0	2010.06.10	-
GData	21	2010.06.11	-
Ikarus	T3.1.1.84.0	2010.06.11	Backdoor.WinNT.Rustock
Jiangmin	13.0.900	2010.06.10	-
Kaspersky	7.0.0.125	2010.06.11	-
McAfee	5.400.0.1158	2010.06.11	-
McAfee-GW-Edition	2010.1	2010.06.10	Artemis!25802B50EC45
Microsoft	1.5802	2010.06.10	Backdoor:WinNT/Rustock.gen!B
NOD32	5188	2010.06.10	-
Norman	6.04.12	2010.06.10	-
nProtect	2010-06-10.01	2010.06.10	-
Panda	10.0.2.7	2010.06.10	-
PCTools	7.0.3.5	2010.06.11	-
Prevx	3.0	2010.06.11	-
Rising	22.51.04.01	2010.06.11	Trojan.Win32.Generic.52085284
Sophos	4.54.0	2010.06.11	Sus/UnkPack-C
Sunbelt	6433	2010.06.11	-
Symantec	20101.1.0.89	2010.06.11	-
TheHacker	6.5.2.0.297	2010.06.11	-
TrendMicro	9.120.0.1004	2010.06.11	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.11	-
VBA32	3.12.12.5	2010.06.10	OScope.Rootkit.Samidi
ViRobot	2010.6.10.3879	2010.06.10	-
VirusBuster	5.0.27.0	2010.06.10	-

Дополнительная информация
File size: 82304 bytes
MD5...: 25802b50ec45a8b7dbda384b3c21220f
SHA1..: 0bc52bb7b7b279afa3bea946b5108c86d7bfe1a9
SHA256: cb81a5fb08814b938f11f897b9a4346cf8c463b83785525aea5b58f2abc40204
ssdeep: 1536:JKO6e3zCMokd7ZFHEy5qCAMASaF25n+stFfbqsqaCftMBuCMzq5fHY6sLh3<BR>2Yu:JKOdGMb5MD2TvfesqdftMBLM2fHAR2Y<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x13050<BR>timedatestamp.....: 0x4c0ec28a (Tue Jun 08 22:22:02 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 6 sections )<BR>name        viradd    virsiz   rawdsiz  ntrpy  md5<BR>.text        0x300   0x13122   0x13180   7.36  bbdbea9fc85e936dd66fe6c7ba305f34<BR>.rdata     0x13480     0x459     0x480   5.28  76a40bd3d0b421094f95df52e5034b20<BR>.data      0x13900       0xe      0x80   0.00  f09f35a5637839458e462e6350ecbce4<BR>INIT       0x13980     0x188     0x200   4.10  d049f827186dfd9b204f6e0f9ac5683e<BR>.rsrc      0x13b80     0x328     0x380   3.14  aab3efebe20ecb4816a13f85cc37592a<BR>.reloc     0x13f00     0x280     0x280   4.32  307a90365c3fbbea837a3afebc2f6c06<BR><BR>( 2 imports )  <BR>&gt; HAL.dll: KeQueryPerformanceCounter<BR>&gt; ntoskrnl.exe: KeTickCount, KeInitializeEvent, KeGetCurrentThread, IoGetCurrentProcess, PsGetCurrentProcessId, memcpy, memset, PsGetVersion, KeInitializeMutex, MmQuerySystemSize, KeInitializeTimer, KeInitializeSpinLock<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
trid..: Win32 Executable Generic (68.0%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
pdfid.: -
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
```

Файл avz00002.dta получен 2010.06.11 05:58:10 (UTC)



```
Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.11	Backdoor.WinNT.Rustock!IK
AhnLab-V3	2010.06.11.00	2010.06.11	-
AntiVir	8.2.2.6	2010.06.10	TR/Crypt.ZPACK.Gen
Antiy-AVL	2.0.3.7	2010.06.11	-
Authentium	5.2.0.5	2010.06.11	-
Avast	4.8.1351.0	2010.06.10	-
Avast5	5.0.332.0	2010.06.10	-
AVG	9.0.0.787	2010.06.10	-
BitDefender	7.2	2010.06.11	-
CAT-QuickHeal	10.00	2010.06.11	-
ClamAV	0.96.0.3-git	2010.06.11	-
Comodo	5059	2010.06.11	-
DrWeb	5.0.2.03300	2010.06.11	-
eSafe	7.0.17.0	2010.06.10	-
eTrust-Vet	36.1.7627	2010.06.10	-
F-Prot	4.6.0.103	2010.06.11	-
F-Secure	9.0.15370.0	2010.06.11	-
Fortinet	4.1.133.0	2010.06.10	-
GData	21	2010.06.11	-
Ikarus	T3.1.1.84.0	2010.06.11	Backdoor.WinNT.Rustock
Jiangmin	13.0.900	2010.06.10	-
Kaspersky	7.0.0.125	2010.06.11	-
McAfee	5.400.0.1158	2010.06.11	-
McAfee-GW-Edition	2010.1	2010.06.10	Artemis!25802B50EC45
Microsoft	1.5802	2010.06.10	Backdoor:WinNT/Rustock.gen!B
NOD32	5188	2010.06.10	-
Norman	6.04.12	2010.06.10	-
nProtect	2010-06-10.01	2010.06.10	-
Panda	10.0.2.7	2010.06.10	-
PCTools	7.0.3.5	2010.06.11	-
Rising	22.51.04.01	2010.06.11	Trojan.Win32.Generic.52085284
Sophos	4.54.0	2010.06.11	Sus/UnkPack-C
Sunbelt	6433	2010.06.11	-
Symantec	20101.1.0.89	2010.06.11	-
TheHacker	6.5.2.0.297	2010.06.11	-
TrendMicro	9.120.0.1004	2010.06.11	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.11	-
VBA32	3.12.12.5	2010.06.10	OScope.Rootkit.Samidi
ViRobot	2010.6.10.3879	2010.06.10	-
VirusBuster	5.0.27.0	2010.06.10	-

Дополнительная информация
File size: 82304 bytes
MD5...: 25802b50ec45a8b7dbda384b3c21220f
SHA1..: 0bc52bb7b7b279afa3bea946b5108c86d7bfe1a9
SHA256: cb81a5fb08814b938f11f897b9a4346cf8c463b83785525aea5b58f2abc40204
ssdeep: 1536:JKO6e3zCMokd7ZFHEy5qCAMASaF25n+stFfbqsqaCftMBuCMzq5fHY6sLh3<BR>2Yu:JKOdGMb5MD2TvfesqdftMBLM2fHAR2Y<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x13050<BR>timedatestamp.....: 0x4c0ec28a (Tue Jun 08 22:22:02 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 6 sections )<BR>name        viradd    virsiz   rawdsiz  ntrpy  md5<BR>.text        0x300   0x13122   0x13180   7.36  bbdbea9fc85e936dd66fe6c7ba305f34<BR>.rdata     0x13480     0x459     0x480   5.28  76a40bd3d0b421094f95df52e5034b20<BR>.data      0x13900       0xe      0x80   0.00  f09f35a5637839458e462e6350ecbce4<BR>INIT       0x13980     0x188     0x200   4.10  d049f827186dfd9b204f6e0f9ac5683e<BR>.rsrc      0x13b80     0x328     0x380   3.14  aab3efebe20ecb4816a13f85cc37592a<BR>.reloc     0x13f00     0x280     0x280   4.32  307a90365c3fbbea837a3afebc2f6c06<BR><BR>( 2 imports )  <BR>&gt; HAL.dll: KeQueryPerformanceCounter<BR>&gt; ntoskrnl.exe: KeTickCount, KeInitializeEvent, KeGetCurrentThread, IoGetCurrentProcess, PsGetCurrentProcessId, memcpy, memset, PsGetVersion, KeInitializeMutex, MmQuerySystemSize, KeInitializeTimer, KeInitializeSpinLock<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
trid..: Win32 Executable Generic (68.0%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
pdfid.: -
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
```

Эта зараза меня [email protected]$%@#^ уже. Приводит к тому, что lsass грузит проц в дрова, тачка тупо не грузится дальше приветствия. Только в безопаске и БЕЗ СЕТИ!
4-я машина такая приходит. Зараза отлично работает, пока не прибиваешь его спутников. Приносят машину, всё ок. Прогоняешь куритом, тулом или АВЗ, прибиваешь явно видное, а после этого "солнышко". Машина в дровах

----------


## DefesT

File *Mail.Exe* received on 2010.06.11 20:06:49 (UTC)
Result: *26*/*41* (63.42%)



> Antivirus 	Version 	Last Update 	Result
> a-squared	5.0.0.26	2010.06.11	*Trojan-PWS.MSIL!IK*
> AhnLab-V3	2010.06.11.00	2010.06.11	-
> AntiVir	8.2.2.6	2010.06.11	*TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2010.06.11	*Trojan/MSIL.Dybalom.gen*
> Authentium	5.2.0.5	2010.06.11	-
> Avast	4.8.1351.0	2010.06.11	*Win32:Trojan-gen*
> Avast5	5.0.332.0	2010.06.11	*Win32:Trojan-gen*
> AVG	9.0.0.787	2010.06.11	*BackDoor.Generic12.BFSN*
> ...


Additional information
File size: *144817* bytes
MD5...: 8baaf0ad46497979cebc7ff48f46c619
SHA1..: 17f6e923f659bfeed35b106fc45ab2da63aaf608
SHA256: f5609e08c229dc2b8d84b11367f38dba160150bc23c9bf4a67  028ea5b24f2d59
http://www.virustotal.com/analisis/f...d59-1276286809

File *data.exe* received on 2010.06.11 20:14:02 (UTC)
Result: *13*/*40* (32.5%)



> Antivirus 	Version 	Last Update 	Result
> a-squared	5.0.0.26	2010.06.11	*Trojan-Downloader.Win32.Uloadis!IK*
> AhnLab-V3	2010.06.11.00	2010.06.11	-
> AntiVir	8.2.2.6	2010.06.11	*HEUR/Crypted*
> Antiy-AVL	2.0.3.7	2010.06.11	-
> Authentium	5.2.0.5	2010.06.11	-
> Avast	4.8.1351.0	2010.06.11	-
> Avast5	5.0.332.0	2010.06.11	-
> AVG	9.0.0.787	2010.06.11	-
> ...


Additional information
File size: *36864* bytes
MD5...: 9c65daa0a7e3f8c16bfa935f920178d3
SHA1..: b9e849780ab211f52a5744b9f04172880b332581
SHA256: 22e0375e9b3588d18966c6a6fe2e6a35da089f3cd834c569d9  1ccc8fb5d388d9
http://www.virustotal.com/analisis/2...8d9-1276287242

----------


## VV2006

Эротический баннер, достаточно глянуть в Far'e Version Info  :Smiley: 

Файл *WIMAMP.EXE* получен 2010.06.13 06:34:04 (UTC)
Текущий статус:    закончено 
Результат: 9/41 (21.96%) 



> Антивирус	Версия	Обновление	Результат
> *a-squared	5.0.0.26	2010.06.13	Trojan.Win32.Carmapic!IK*
> AhnLab-V3	2010.06.13.00	2010.06.12	-
> AntiVir	8.2.2.6	2010.06.11	-
> Antiy-AVL	2.0.3.7	2010.06.11	-
> Authentium	5.2.0.5	2010.06.12	-
> Avast	4.8.1351.0	2010.06.13	-
> Avast5	5.0.332.0	2010.06.13	-
> *AVG	9.0.0.787	2010.06.12	Cryptic.AED*
> ...


Дополнительная информация
File size: 393728 bytes
MD5...: bcdc4a1f137bfd229439ddd9c32904bf
SHA1..: 609c259fa7a150f7c2252dda76bd31befc8737ce
SHA256: 75e8c76a06c47241ce02c5e72ef59efc436884227c915c7126  5653a3c2b6f5eb
ssdeep: 12288:Vge8nYTOjaGmPfSxHHZmyeYzFAOhHNsW1:Ke8nxjIPfu  UyT2c1
PEiD..: -

----------


## amcenter

Файл install_flash_player.exe получен 2010.06.13 17:53:05 (UTC)
Текущий статус:    закончено 
Результат: *7/41* (17.08%)



> Антивирус	Версия	Обновление	Результат
> *a-squared	5.0.0.26	2010.06.13	Trojan.Win32.Ransom!IK*
> AhnLab-V3	2010.06.13.00	2010.06.12	-
> *AntiVir	8.2.2.6	2010.06.11	TR/Crypt.XDR.Gen*
> Antiy-AVL	2.0.3.7	2010.06.11	-
> Authentium	5.2.0.5	2010.06.13	-
> Avast	4.8.1351.0	2010.06.13	-
> Avast5	5.0.332.0	2010.06.13	-
> AVG	9.0.0.787	2010.06.13	-
> ...


File size: 169984 bytes
MD5...: 21fdc7fcfd7f3fc3e3f123c31a046f70
SHA1..: 1f3fa67d0a2b8dc20be7a3b6b6a36af7bdbfbd3c
SHA256: 498196c0456d4c4aa5b4c1f656598e7feb73edb3cf364e02cb  115daa1f535746
ssdeep: 3072:9OJU329k02butF7Soq2R8evKAQHJ804LJhTSeO1RsL+ka  ksC:9OJUGkut9l
x8eKHq04PTSeWg+kl

http://www.virustotal.com/ru/analisi...746-1276451585

----------


## Dandy

Файл vip_porno_78982_1_.avi.exe получен 2010.06.16 07:14:48 (UTC)

Результат: 7/41 (17.08%)



> Антивирус 	Версия 	Обновление 	Результат
> a-squared	5.0.0.26	2010.06.16	Trojan.Win32.Ransom!IK
> AhnLab-V3	2010.06.16.00	2010.06.16	-
> AntiVir	8.2.2.6	2010.06.15	-
> Antiy-AVL	2.0.3.7	2010.06.11	-
> Authentium	5.2.0.5	2010.06.16	-
> Avast	4.8.1351.0	2010.06.15	-
> Avast5	5.0.332.0	2010.06.15	-
> AVG	9.0.0.787	2010.06.15	-
> ...

----------


## kvalera

http://oko-kino.ru/load/brazilija_se...010/7-1-0-2525
Решил скачать с сайта футбол бразилия-кндр. В папке 
Temporary Internet Files образовался этот гад. Кстати, антивирус Ikarus по обнаружению  новых вирусов сейчас впереди планеты всей. Вот последний тест: http://www.virusbtn.com/vb100/rap-index.xml

Файл: HTML Document 7-1-0-2525

Результат: 2/ 43 (4.7%)




> Antivirus	Version	Last Update	Result
> a-squared	5.0.0.26	2010.06.16	*Virus.JS.Decdec!IK*
> AhnLab-V3	2010.06.16.07	2010.06.16	-
> AntiVir	8.2.2.6	2010.06.16	-
> Antiy-AVL	2.0.3.7	2010.06.11	-
> Authentium	5.2.0.5	2010.06.16	-
> Avast	4.8.1351.0	2010.06.16	-
> Avast5	5.0.332.0	2010.06.16	-
> AVG	9.0.0.787	2010.06.16	-
> ...

----------


## kyzya

инсталяха Call  of Duty Modern Warfare 2 

Файл setup.exe получен 2010.06.16 20:08:51 (UTC)
Результат: 11/41 (26.83%)

http://www.virustotal.com/ru/analisi...ab7-1276718931

Антивирус  	Версия  	Обновление  	Результат
a-squared	5.0.0.26	2010.06.16	-
AhnLab-V3	2010.06.16.07	2010.06.16	-
AntiVir	8.2.2.6	2010.06.16	*TR/Dropper.Gen*
Antiy-AVL	2.0.3.7	2010.06.11	-
Authentium	5.2.0.5	2010.06.16	-
Avast	4.8.1351.0	2010.06.16	*Win32:CabMod*
Avast5	5.0.332.0	2010.06.16	*Win32:CabMod*
AVG	9.0.0.787	2010.06.16	*Generic13.XHS*
BitDefender	7.2	2010.06.16	-
CAT-QuickHeal	10.00	2010.06.16	*Trojan.Agent.ATV*
ClamAV	0.96.0.3-git	2010.06.16	-
Comodo	5123	2010.06.16	*TrojWare.Win32.Agent.~WRAR*
DrWeb	5.0.2.03300	2010.06.16	*Trojan.Siggen.3310*
eSafe	7.0.17.0	2010.06.16	-
eTrust-Vet	36.1.7638	2010.06.16	-
F-Prot	4.6.0.103	2010.06.16	-
F-Secure	9.0.15370.0	2010.06.16	-
Fortinet	4.1.133.0	2010.06.16	-
GData	21	2010.06.16	*Win32:CabMod*
Ikarus	T3.1.1.84.0	2010.06.16	-
Jiangmin	13.0.900	2010.06.15	-
Kaspersky	7.0.0.125	2010.06.16	*Trojan.Win32.Chifrax.d*
McAfee	5.400.0.1158	2010.06.16	-
McAfee-GW-Edition	2010.1	2010.06.16	-
Microsoft	1.5802	2010.06.16	*Trojan:Win32/Comame*
NOD32	5202	2010.06.16	-
Norman	6.04.12	2010.06.16	-
nProtect	2010-06-16.01	2010.06.16	-
Panda	10.0.2.7	2010.06.16	-
PCTools	7.0.3.5	2010.06.16	-
Prevx	3.0	2010.06.16	-
Rising	22.51.06.01	2010.06.13	-
Sophos	4.54.0	2010.06.16	*Troj/BadCab-A*
Sunbelt	6456	2010.06.16	-
Symantec	20101.1.0.89	2010.06.16	-
TheHacker	6.5.2.0.299	2010.06.15	-
TrendMicro	9.120.0.1004	2010.06.16	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.16	-
VBA32	3.12.12.5	2010.06.16	-
ViRobot	2010.6.14.3884	2010.06.16	-
VirusBuster	5.0.27.0	2010.06.16	-

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## valho

так и не понял откуда это, вобщем рассылался спам

File wvovybqv.sys received on 2010.06.17 21:52:03 (UTC)
Current status: finished
Result: 4/41 (9.76%)



> *a-squared	5.0.0.26	2010.06.17	Trojan.Win32.Agent!IK*
> AhnLab-V3	2010.06.17.02	2010.06.17	-
> AntiVir	8.2.2.6	2010.06.17	-
> Antiy-AVL	2.0.3.7	2010.06.17	-
> Authentium	5.2.0.5	2010.06.17	-
> Avast	4.8.1351.0	2010.06.17	-
> Avast5	5.0.332.0	2010.06.17	-
> AVG	9.0.0.787	2010.06.17	-
> BitDefender	7.2	2010.06.17	-
> ...


File size: 54016 bytes
MD5...: e6d35f3aa51a65eb35c1f2340154a25e
SHA1..: aabbd57e20d2e7041f9e7abce6cfd8a53c366537
SHA256: 3da4f51682e7d42c5569f1fb1adc6295182962e36f748219e1  d0c8f2389ba516
ssdeep: 768:Bosx0q2ph6P2Jpz8ftoSUiJP7hYTCMrhwYKUzY4q:j076P  2Jpz8ftBUMPaCM
rhwY
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xc505
timedatestamp.....: 0x4a9ee5b5 (Wed Sep 02 21:37:57 2009)
machinetype.......: 0x14c (I386)
http://info.prevx.com/aboutprogramte...409400D9D04283

----------


## ALEX(XX)

Файл tevesm.exe получен 2010.06.18 11:33:39 (UTC)



```
Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.26	2010.06.18	-
AhnLab-V3	2010.06.18.01	2010.06.18	-
AntiVir	8.2.2.6	2010.06.18	-
Antiy-AVL	2.0.3.7	2010.06.18	-
Authentium	5.2.0.5	2010.06.18	-
Avast	4.8.1351.0	2010.06.18	-
Avast5	5.0.332.0	2010.06.18	-
AVG	9.0.0.787	2010.06.18	-
BitDefender	7.2	2010.06.18	-
CAT-QuickHeal	10.00	2010.06.18	-
ClamAV	0.96.0.3-git	2010.06.18	-
Comodo	5141	2010.06.18	Heur.Suspicious
DrWeb	5.0.2.03300	2010.06.18	-
eSafe	7.0.17.0	2010.06.17	-
eTrust-Vet	36.1.7646	2010.06.18	-
F-Prot	4.6.1.107	2010.06.17	-
F-Secure	9.0.15370.0	2010.06.18	-
Fortinet	4.1.133.0	2010.06.17	-
GData	21	2010.06.18	-
Ikarus	T3.1.1.84.0	2010.06.18	-
Jiangmin	13.0.900	2010.06.15	-
Kaspersky	7.0.0.125	2010.06.18	-
McAfee	5.400.0.1158	2010.06.18	-
McAfee-GW-Edition	2010.1	2010.06.18	-
Microsoft	1.5902	2010.06.18	-
NOD32	5206	2010.06.18	-
Norman	6.05.06	2010.06.17	-
nProtect	2010-06-18.01	2010.06.18	-
Panda	10.0.2.7	2010.06.18	-
PCTools	7.0.3.5	2010.06.18	-
Prevx	3.0	2010.06.18	-
Rising	22.52.04.04	2010.06.18	-
Sophos	4.54.0	2010.06.18	-
Sunbelt	6466	2010.06.18	-
Symantec	20101.1.0.89	2010.06.18	-
TheHacker	6.5.2.0.299	2010.06.17	-
TrendMicro	9.120.0.1004	2010.06.18	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.18	-
VBA32	3.12.12.5	2010.06.17	-
ViRobot	2010.6.14.3884	2010.06.18	-
VirusBuster	5.0.27.0	2010.06.17	-

Дополнительная информация
File size: 36864 bytes
MD5...: 09a8b44b855c1655266f69262dcf381c
SHA1..: dfb775e5a821c6bd93ef7d23738aa2a6b2036639
SHA256: 811aac9ef4f1618f4c63c8f9b199d23ecce5eb2b9388b53e1410066215bfd759
ssdeep: 768:fe6cp2fDl0qx3Xq2zUn2h/1lcBRAbds8fYNnmkUDNJwok5mW:fep2fhpxKX2<BR>xw6d1fcmkURDGmW<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1b470<BR>timedatestamp.....: 0x45281c31 (Sat Oct 07 21:29:21 2006)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name        viradd    virsiz   rawdsiz  ntrpy  md5<BR>UPX0        0x1000   0x12000       0x0   0.00  d41d8cd98f00b204e9800998ecf8427e<BR>UPX1       0x13000    0x9000    0x8600   7.95  5485a0223c5c9be90204414f6a53701d<BR>.rsrc      0x1c000    0x1000     0x600   3.48  e41e72f1570df29e4aff7824461ae72e<BR><BR>( 3 imports )  <BR>&gt; KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<BR>&gt; GDI32.DLL: BitBlt<BR>&gt; USER32.DLL: GetMenu<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable Generic (51.2%)<BR>Win16/32 Executable Delphi generic (12.4%)<BR>Clipper DOS Executable (12.1%)<BR>Generic Win/DOS Executable (12.0%)<BR>DOS Executable Generic (12.0%)
packers (Kaspersky): PE_Patch.UPX, UPX
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
packers (F-Prot): UPX
```

*Ваш запрос был проанализирован Автоматической Системой. Соответствующая запись добавлена в вирусную базу Dr.Web и будет доступна при следующем обновлении.
Угроза: Trojan.Oficla.38*

----------


## gjf

> никого не узнаёшь на этой фотке? :-D гг))
> http://**ya.ru/e/foto032.gif


Откроет и правда фотку. Может кто узнает?  :Wink: 
При этом создаёт и запускает svcgoost.exe:
File svcgoost.exe received on 2010.06.18 16:27:55 (UTC)
Result: 4/41 (9.76%)



> a-squared	5.0.0.26	2010.06.18	-
> AhnLab-V3	2010.06.18.05	2010.06.18	-
> AntiVir	8.2.2.6	2010.06.18	-
> Antiy-AVL	2.0.3.7	2010.06.18	-
> Authentium	5.2.0.5	2010.06.18	-
> Avast	4.8.1351.0	2010.06.18	-
> Avast5	5.0.332.0	2010.06.18	-
> AVG	9.0.0.787	2010.06.18	-
> BitDefender	7.2	2010.06.18	-
> ...


и exploree.exe:
File exploree.exe received on 2010.06.18 16:28:12 (UTC)
Result: 4/41 (9.76%)



> a-squared	5.0.0.26	2010.06.18	-
> AhnLab-V3	2010.06.18.05	2010.06.18	-
> AntiVir	8.2.2.6	2010.06.18	-
> Antiy-AVL	2.0.3.7	2010.06.18	-
> Authentium	5.2.0.5	2010.06.18	-
> Avast	4.8.1351.0	2010.06.18	-
> Avast5	5.0.332.0	2010.06.18	-
> AVG	9.0.0.787	2010.06.18	-
> BitDefender	7.2	2010.06.18	-
> ...


Ну и в хост добавляет:



> fsdgdfg57657
> 173.212.229.196 www.telebank.ru
> 194.8.250.102 www.vk.com
> 194.8.250.102 mail.ru
> 194.8.250.102 www.mail.ru
> 173.212.229.196 telebank.ru
> 194.8.250.102 www.vkontakte.ru
> 194.8.250.102 vk.com
> 194.8.250.102 www.odnoklassniki.ru
> ...


А вот что по дропперу-"фотке", собственно:
File foto032.scr received on 2010.06.18 16:17:07 (UTC)
Result: 4/41 (9.76%)



> a-squared 	5.0.0.26 	2010.06.18 	-
> AhnLab-V3 	2010.06.18.05 	2010.06.18 	-
> AntiVir 	8.2.2.6 	2010.06.18 	-
> Antiy-AVL 	2.0.3.7 	2010.06.18 	-
> Authentium 	5.2.0.5 	2010.06.18 	-
> Avast 	4.8.1351.0 	2010.06.18 	-
> Avast5 	5.0.332.0 	2010.06.18 	-
> AVG 	9.0.0.787 	2010.06.18 	-
> BitDefender 	7.2 	2010.06.18 	-
> ...


Всех поздравляю с пятницей!  :Wink:

----------


## Nexus

Прислали по почте под видом документа MS Word от какой-то компании  :Smiley: 

File UPSInvoice.exe received on 2010.06.21 15:48:41 (UTC)




> *a-squared	5.0.0.30	2010.06.21	Gen.Trojan!IK*
> AhnLab-V3	2010.06.21.02	2010.06.21	-
> *AntiVir	8.2.2.6	2010.06.21	TR/Crypt.XPACK.Gen2*
> Antiy-AVL	2.0.3.7	2010.06.18	-
> *Authentium	5.2.0.5	2010.06.21	W32/Oficla.H.gen!Eldorado*
> Avast	4.8.1351.0	2010.06.21	-
> Avast5	5.0.332.0	2010.06.21	-
> *AVG	9.0.0.787	2010.06.21	Win32/Heur*
> *BitDefender	7.2	2010.06.21	Gen:[email protected]*
> ...


Additional information
File size: 94720 bytes
MD5   : fa90d121985c65e18270f745182a73af

http://www.virustotal.com/analisis/f...931-1277135321

----------


## DefesT

Файл *foto.jar* получен 2010.06.24 11:50:23 (UTC)
Результат: *10*/*41* (24.4%)



> Антивирус 	Версия 	Обновление 	Результат
> *a-squared	5.0.0.30	2010.06.22	Trojan-SMS!IK*
> AhnLab-V3	2010.06.22.00	2010.06.22	-
> *AntiVir	8.2.2.6	2010.06.21	JAVA/Picong.A*
> *Antiy-AVL	2.0.3.7	2010.06.22	Trojan/J2ME.Picong*
> Authentium	5.2.0.5	2010.06.22	-
> Avast	4.8.1351.0	2010.06.21	-
> Avast5	5.0.332.0	2010.06.21	-
> AVG	9.0.0.787	2010.06.21	-
> ...


Дополнительная информация
File size: *10745* bytes
MD5...: 399f2c9880b34580f1d77df0b54aaa07
SHA1..: bd161763e01441d3184c5ee8f2ccbaf8b6e69faf
SHA256: d9abe97c19c02b2e5c22fe39094f9628f88c8789d08589bccb  7f59db88ab7b92
http://www.virustotal.com/ru/analisi...b92-1277380223

----------


## Vadim_SVN

Все тоже ... девки  :Smiley: 


```
File WinSecurity.exe received on 2010.06.25 07:50:54 (UTC)
Result: 4/41 (9.76%)

a-squared	5.0.0.30	2010.06.25	-
AhnLab-V3	2010.06.25.00	2010.06.25	-
AntiVir	8.2.4.2	2010.06.24	-
Antiy-AVL	2.0.3.7	2010.06.24	-
Authentium	5.2.0.5	2010.06.25	-
Avast	4.8.1351.0	2010.06.24	-
Avast5	5.0.332.0	2010.06.24	-
AVG	9.0.0.836	2010.06.24	-
BitDefender	7.2	2010.06.25	-
CAT-QuickHeal	10.00	2010.06.25	-
ClamAV	0.96.0.3-git	2010.06.24	-
Comodo	5212	2010.06.25	TrojWare.Win32.Trojan.Agent.Gen
DrWeb	5.0.2.03300	2010.06.25	Trojan.Hosts.507
eSafe	7.0.17.0	2010.06.24	-
eTrust-Vet	36.1.7665	2010.06.24	-
F-Prot	4.6.1.107	2010.06.24	-
F-Secure	9.0.15370.0	2010.06.25	-
Fortinet	4.1.133.0	2010.06.24	-
GData	21	2010.06.25	-
Ikarus	T3.1.1.84.0	2010.06.25	-
Jiangmin	13.0.900	2010.06.15	-
Kaspersky	7.0.0.125	2010.06.25	Trojan.Win32.Qhost.nkq
McAfee	5.400.0.1158	2010.06.25	-
McAfee-GW-Edition	2010.1	2010.06.25	-
Microsoft	1.5902	2010.06.25	-
NOD32	5227	2010.06.24	-
Norman	6.05.10	2010.06.24	-
nProtect	2010-06-24.01	2010.06.24	-
Panda	10.0.2.7	2010.06.24	-
PCTools	7.0.3.5	2010.06.25	-
Prevx	3.0	2010.06.25	-
Rising	22.53.04.03	2010.06.25	-
Sophos	4.54.0	2010.06.25	-
Sunbelt	6503	2010.06.25	Trojan.Win32.Generic.pak!cobra
Symantec	20101.1.0.89	2010.06.25	-
TheHacker	6.5.2.0.303	2010.06.24	-
TrendMicro	9.120.0.1004	2010.06.25	-
TrendMicro-HouseCall	9.120.0.1004	2010.06.25	-
VBA32	3.12.12.5	2010.06.24	-
ViRobot	2010.6.21.3896	2010.06.25	-
VirusBuster	5.0.27.0	2010.06.24	-
```

Additional information
File size: 86528 bytes
MD5...: 9d99cd3c55369e474434f76e1344e533

----------


## San(hez

Вот "ускоритель винды" =)


```
Файл Accelerate_windows_v.3.5.zip получен 2010.06.26 17:20:06 (UTC)
Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.30	2010.06.26	-
AhnLab-V3	2010.06.27.00	2010.06.26	-
AntiVir	8.2.4.2	2010.06.25	-
Antiy-AVL	2.0.3.7	2010.06.25	-
Authentium	5.2.0.5	2010.06.26	-
Avast	4.8.1351.0	2010.06.26	-
Avast5	5.0.332.0	2010.06.26	-
AVG	9.0.0.836	2010.06.26	-
BitDefender	7.2	2010.06.26	-
CAT-QuickHeal	10.00	2010.06.26	Trojan.VkHost.ob
ClamAV	0.96.0.3-git	2010.06.26	-
Comodo	5223	2010.06.26	Heur.Packed.Unknown
DrWeb	5.0.2.03300	2010.06.26	Trojan.Hosts.380
eSafe	7.0.17.0	2010.06.24	-
eTrust-Vet	36.1.7668	2010.06.25	-
F-Prot	4.6.1.107	2010.06.26	-
F-Secure	9.0.15370.0	2010.06.26	-
Fortinet	4.1.133.0	2010.06.26	-
GData	21	2010.06.26	-
Ikarus	T3.1.1.84.0	2010.06.26	-
Jiangmin	13.0.900	2010.06.25	Trojan/VkHost.eb
Kaspersky	7.0.0.125	2010.06.26	-
McAfee	5.400.0.1158	2010.06.26	-
McAfee-GW-Edition	2010.1	2010.06.25	Heuristic.BehavesLike.Exploit.CodeExec.NLOO
Microsoft	1.5902	2010.06.26	-
NOD32	5230	2010.06.26	a variant of Win32/Qhost.NXT
Norman	6.05.10	2010.06.26	W32/Malware
nProtect	2010-06-26.02	2010.06.26	-
Panda	10.0.2.7	2010.06.26	Trj/Downloader.MDW
PCTools	7.0.3.5	2010.06.26	-
Prevx	3.0	2010.06.26	-
Rising	22.53.04.05	2010.06.25	-
Sophos	4.54.0	2010.06.26	-
Sunbelt	6511	2010.06.26	-
Symantec	20101.1.0.89	2010.06.26	-
TheHacker	6.5.2.0.303	2010.06.25	-
TrendMicro	9.120.0.1004	2010.06.26	TROJ_QHOST.SME
TrendMicro-HouseCall	9.120.0.1004	2010.06.26	TROJ_QHOST.SME
VBA32	3.12.12.5	2010.06.25	Trojan.Horst.0317
ViRobot	2010.6.26.3907	2010.06.26	-
VirusBuster	5.0.27.0	2010.06.26	-
Дополнительная информация
File size: 209967 bytes
MD5...: f52e1dca944b5a46d740b180733f62e0
SHA1..: b5e5b4f1fbcd461e7a67a0ae8824a08ac0bab31b
SHA256: 706896ee9048b9947b3feed4e0dba87e72dae54ebafbf32d871ea215dc6628a9
ssdeep: 3072:09UGem3oVJSbc0giqy2DNG7pIvkVS4hsfyJ09bqCsuFvZZVF7Ak4DJFaHwR<br>KiS69:095DcSoHy3HqyoFvZZr4FAHMypDQRF<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Mozilla Firefox browser extension (66.6%)<br>ZIP compressed archive (33.3%)
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
```

----------


## Winsent

Файл flash_player.exe получен 2010.06.27 10:42:39 (UTC) 




> Антивирус Версия Обновление Результат 
> 
> a-squared 5.0.0.30 2010.06.27 - 
> AhnLab-V3 2010.06.27.00 2010.06.26 - 
> AntiVir 8.2.4.2 2010.06.25 - 
> Antiy-AVL 2.0.3.7 2010.06.25 - 
> Authentium 5.2.0.5 2010.06.26 - 
> Avast 4.8.1351.0 2010.06.26 - 
> *Avast5 5.0.332.0 2010.06.26 Win32:SuspBehav-D* 
> ...


Дополнительная информация 
File size: 134144 bytes 
MD5...: d386f2286c1907e69fa1b0eb8418cee9 
SHA1..: 7b93d1de44527af180278eec06f99aad547c049c 
SHA256: 9d70e30dc5dab8b21bb1133b16473623b35e0f5ba22a4f4f18  717bb30b9b628b 
ssdeep: 3072 :borred: jUP+Qlcxr2xNy6HUZNynHm8KbfpGeDo/M5JsNYFfP:dUmcp0jy5KVeU8E<BR> 
PEiD..: -



Файл set.exe получен 2010.06.27 10:45:58 (UTC)




> Антивирус Версия Обновление Результат 
> 
> a-squared 5.0.0.30 2010.06.22 - 
> AhnLab-V3 2010.06.22.00 2010.06.22 - 
> AntiVir 8.2.2.6 2010.06.21 - 
> Antiy-AVL 2.0.3.7 2010.06.22 - 
> Authentium 5.2.0.5 2010.06.22 - 
> Avast 4.8.1351.0 2010.06.21 - 
> Avast5 5.0.332.0 2010.06.21 - 
> ...


Дополнительная информация 
File size: 87040 bytes 
MD5...: 901c0a6a463e3f781f1952bd47e4d6a5 
SHA1..: 049ff6e16b24529dafd7523927a9a27f5f7f47e7 
SHA256: 97300b960d912a27a81b2d7af2359df7d6657f73a35d8a4b81  81e1d29eb0f0d7 
ssdeep: 1536:SRpQfCAK8SZ7DPt+Gb2YXmmBrP632JC2xuMkO/yndJfnSMzJ:6piCAKLDXZ<BR>mo632JC2ojO/yndNd9<BR> 
PEiD..: -

----------


## Юльча

Файл xxx_video_843.avi.exe получен 2010.06.29 23:18:36 (UTC)
Результат: 7/41 (17.07%)




> Антивирус 	Версия 	Обновление 	Результат
> *a-squared 	5.0.0.31 	2010.06.29 	Trojan-Ransom.Win32.PornoBlocker!IK*
> AhnLab-V3 	2010.06.30.00 	2010.06.30 	-
> AntiVir 	8.2.4.2 	2010.06.29 	-
> Antiy-AVL 	2.0.3.7 	2010.06.25 	-
> Authentium 	5.2.0.5 	2010.06.29 	-
> Avast 	4.8.1351.0 	2010.06.29 	-
> Avast5 	5.0.332.0 	2010.06.29 	-
> *AVG 	9.0.0.836 	2010.06.29 	LockScreen.M*
> ...


http://www.virustotal.com/ru/analisi...589-1277853516

----------


## DefesT

File update_flash_player_x70.exe received on 2010.06.30 19:10:50 (UTC)
Result: *3*/*40* (7.5%)



> Antivirus 	Version 	Last Update 	Result
> a-squared	5.0.0.31	2010.06.30	-
> AhnLab-V3	2010.06.30.07	2010.06.30	-
> AntiVir	8.2.4.2	2010.06.30	-
> Antiy-AVL	2.0.3.7	2010.06.30	-
> Authentium	5.2.0.5	2010.06.30	-
> Avast	4.8.1351.0	2010.06.30	-
> Avast5	5.0.332.0	2010.06.30	-
> AVG	9.0.0.836	2010.06.30	-
> ...


Additional information
File size: *206336* bytes
MD5...: 03e76077feb67818b7dede52189fc525
SHA1..: f95d8963e29fd639f05aeb90923145a5bcf5ac6d
SHA256: 4d48ce2cb1c9ebbd4bfa9a239eaa36f9be3c50a01985272e60  8fbc6e754dc70d
http://www.virustotal.com/analisis/4...70d-1277925050

----------


## ZhIV

File CMedia.dll received on 2010.07.02 04:13:02 (UTC)



> Antivirus	Version	Last Update	Result
> *a-squared	5.0.0.31	2010.07.02	AdWare.Win32.Adsubscribe!IK
> AhnLab-V3	2010.07.02.00	2010.07.02	Adware/Win32.FearAds
> AntiVir	8.2.4.2	2010.07.01	ADSPY/AdSpy.Gen*
> Antiy-AVL	2.0.3.7	2010.06.30	-
> *Authentium	5.2.0.5	2010.07.02	W32/AdSubscribe.A.gen!Eldorado
> Avast	4.8.1351.0	2010.07.01	Win32:Adware-gen
> Avast5	5.0.332.0	2010.07.01	Win32:Adware-gen
> AVG	9.0.0.836	2010.07.02	Generic4.AFAW
> ...


Additional information
File size: 749568 bytes
MD5...: 3a63bb5f18a5dbb[/QUOTE]051d1e2fd839ad304
SHA1..: 7e93bf10e5333f97f12f2aca42be0e24ccf97aca
SHA256: d7dacfe9decb64f1cf44ccde4ade557da5859e8b47bca79798  95d7e5fd1abb25
ssdeep: 12288:KMVnTAKP4Y03JhhYjO5INxTdnTCsyQP+LOm41q6xGJOp  qD2ze3vNSC4:Ks<BR>/4YshY6uN1dn+syHLOm4A0Gkp563vq<BR>

http://www.virustotal.com/analisis/d...b25-1278043982

File Uninstall.exe received on 2010.07.02 04:13:36 (UTC)



> Antivirus	Version	Last Update	Result
> *a-squared	5.0.0.31	2010.07.02	Riskware.Win32.Adload!IK*
> AhnLab-V3	2010.07.02.00	2010.07.02	-
> *AntiVir	8.2.4.2	2010.07.01	ADSPY/AdSpy.Gen
> *Antiy-AVL	2.0.3.7	2010.06.30	-
> *Authentium	5.2.0.5	2010.07.02	W32/AdSubscribe.B.gen!Eldorado
> *Avast	4.8.1351.0	2010.07.01	-
> Avast5	5.0.332.0	2010.07.01	-
> AVG	9.0.0.836	2010.07.02	-
> ...


Additional information
File size: 805376 bytes
MD5...: c10697b7a9ba17fa6d5948d774ff39d6
SHA1..: 4742539aa07205b994d0bcf58559b59e60f21530
SHA256: d3fb5b8180056968b45cd9d8a22104c1fb780c16a598800240  001a54b25ad913

http://www.virustotal.com/analisis/d...913-1278044016

----------


## polar_owl

sms-вымогатель. Поймал сегодня :Smiley: 
File *media.exe* received on 2010.07.02 02:32:31 (UTC)

Result: 15/40 (37.50%)



> *Antivirus 	Version 	Last Update 	Result*
> *a-squared 	5.0.0.31 	2010.07.02 	Gen.Trojan!IK*
> AhnLab-V3 	2010.07.02.00 	2010.07.02 	-
> *AntiVir 	8.2.4.2 	2010.07.01 	TR/Spy.410624.17*
> Antiy-AVL 	2.0.3.7 	2010.06.30 	-
> Authentium 	5.2.0.5 	2010.07.02 	-
> Avast 	4.8.1351.0 	2010.07.01 	-
> Avast5 	5.0.332.0 	2010.07.01 	-
> AVG 	9.0.0.836 	2010.07.02 	-
> ...


Ссылка:http://www.virustotal.com/analisis/3...9b6-1278037951

----------


## valho

Всякие блокеры винды и баннеры их много только упакованы по разному, внутри вот это, точнее они просто переименовываются из flash_player.exe:

File kasper_zaebal.exe received on 2010.07.05 13:05:19 (UTC)
Current status: finished
Result: 1/41 (2.44%)



> a-squared	5.0.0.31	2010.07.05	-
> AhnLab-V3	2010.07.03.00	2010.07.03	-
> AntiVir	8.2.4.2	2010.07.05	-
> Antiy-AVL	2.0.3.7	2010.07.02	-
> Authentium	5.2.0.5	2010.07.04	-
> Avast	4.8.1351.0	2010.07.05	-
> Avast5	5.0.332.0	2010.07.05	-
> AVG	9.0.0.836	2010.07.05	-
> BitDefender	7.2	2010.07.05	-
> ...


Additional information
File size: 95744 bytes
MD5...: 88479040dd0126e0b9bd764ba8bd4c43
SHA1..: 5f405ab52af61d9cbf528b0aa2c8bef9f4b4ed80
SHA256: 341c4bddb3032de44f73d35a08fc779b2785ea6c12bfca7384  7861835889b172
ssdeep: 1536:8JGlDUeQq8Nc/xrQ6mo3svzFzJn5Qn/yKNh+0ClNh40CsNdyukfPuz:n+Pq
88rLmYsvV55Qn/y3hQsNYFfPY
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x57ad
timedatestamp.....: 0x477540c5 (Fri Dec 28 18:30:29 2007)
machinetype.......: 0x14c (I386)

File kasper_zaebal.exe received on 2010.07.05 13:14:40 (UTC)
Current status: finished
Result: 3/41 (7.32%)



> a-squared	5.0.0.31	2010.07.05	-
> AhnLab-V3	2010.07.03.00	2010.07.03	-
> AntiVir	8.2.4.2	2010.07.05	-
> Antiy-AVL	2.0.3.7	2010.07.02	-
> Authentium	5.2.0.5	2010.07.04	-
> Avast	4.8.1351.0	2010.07.05	-
> Avast5	5.0.332.0	2010.07.05	-
> AVG	9.0.0.836	2010.07.05	-
> BitDefender	7.2	2010.07.05	-
> ...


Additional information
File size: 135680 bytes
MD5...: 3b0f9314eaead972d30f128b835bbdfe
SHA1..: 741f543698887d72099263221c958377434dd821
SHA256: 86297f92bbfc145907cb3c066e3b393fc5611334b1ebe478dd  aa2804548f668c
ssdeep: 3072:j4IN6EcOcpivWVrrxrQj/+0Y+uqu58u971eirvvDx02UsNYFfP:j4IN1cL8
e5drk+BpN5Z7xrvLioE
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7e87
timedatestamp.....: 0x4688e2fa (Mon Jul 02 11:35:22 2007)
machinetype.......: 0x14c (I386)

...  :Smiley:  ...

----------


## San(hez

Результаты =D
Файл Deform__Torgestvo_gertvi___75.exe получен 2010.07.06 16:47:38 (UTC)
Текущий статус: закончено 
Результат: 10/41 (24.4%)



```
Антивирус	Версия	Обновление	Результат
a-squared	5.0.0.31	2010.07.06	Hoax.Win32.ArchSMS!IK
AhnLab-V3	2010.07.06.00	2010.07.05	-
AntiVir	8.2.4.10	2010.07.06	-
Antiy-AVL	2.0.3.7	2010.07.06	Hoax/Win32.ArchSMS.gen
Authentium	5.2.0.5	2010.07.06	-
Avast	4.8.1351.0	2010.07.06	Win32:Malware-gen
Avast5	5.0.332.0	2010.07.06	Win32:Malware-gen
AVG	9.0.0.836	2010.07.06	-
BitDefender	7.2	2010.07.06	-
CAT-QuickHeal	11.00	2010.06.30	-
ClamAV	0.96.0.3-git	2010.07.06	-
Comodo	5338	2010.07.06	-
DrWeb	5.0.2.03300	2010.07.06	Tool.SMSSend.44
eSafe	7.0.17.0	2010.07.06	-
eTrust-Vet	36.1.7688	2010.07.06	-
F-Prot	4.6.1.107	2010.07.05	-
F-Secure	9.0.15370.0	2010.07.06	-
Fortinet	4.1.133.0	2010.07.04	-
GData	21	2010.07.06	Win32:Malware-gen
Ikarus	T3.1.1.84.0	2010.07.06	Hoax.Win32.ArchSMS
Jiangmin	13.0.900	2010.07.06	Hoax.ArchSMS.i
Kaspersky	7.0.0.125	2010.07.06	-
McAfee	5.400.0.1158	2010.07.06	-
McAfee-GW-Edition	2010.1	2010.07.05	-
Microsoft	1.5902	2010.07.06	-
NOD32	5256	2010.07.06	-
Norman	6.05.11	2010.07.06	-
nProtect	2010-07-06.01	2010.07.06	Joke/W32.ArchSMS.6218752
Panda	10.0.2.7	2010.07.06	Generic Malware
PCTools	7.0.3.5	2010.07.06	-
Prevx	3.0	2010.07.06	-
Rising	22.55.01.04	2010.07.06	-
Sophos	4.54.0	2010.07.06	-
Sunbelt	6550	2010.07.06	-
Symantec	20101.1.0.89	2010.07.06	-
TheHacker	6.5.2.1.308	2010.07.05	-
TrendMicro	9.120.0.1004	2010.07.06	-
TrendMicro-HouseCall	9.120.0.1004	2010.07.06	-
VBA32	3.12.12.5	2010.07.05	-
ViRobot	2010.6.29.3912	2010.07.06	-
VirusBuster	5.0.27.0	2010.07.06	-
```

Дополнительная информация
File size: 6218752 bytes
MD5...: 6db7479e91a59f874c41403311febcc1
SHA1..: 0e500612f7947771065c843af35e08f72ec13d83
SHA256: 83caf2e5bf01cf71f502c692784e4becfee8a76c0813ad4a63  f413e0256b14e1
ssdeep: 98304 :Cheesy: LDnoEjTlCZ0m8eLCz6vB1RvCF7nHVewr0NYq1QCC7oHOPNGbwQ  bSGEE/:
PzoAxCZ0Xzz6tKtQzNYlT2OPgqE
PEiD..: -

PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x7f908
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

----------


## olejah

Поймали сегодня - C:\WINDOWS\system32\lbfftlt.exe - Trojan-Dropper.Win32.Agent.cioj - http://virusinfo.info/showthread.php?t=82600




> Антивирус	Версия	Обновление	Результат
> a-squared	5.0.0.31	2010.07.06	-
> AhnLab-V3	2010.07.06.00	2010.07.05	-
> *AntiVir	8.2.4.10	2010.07.06	TR/Spy.61952.94*
> Antiy-AVL	2.0.3.7	2010.07.06	-
> Authentium	5.2.0.5	2010.07.06	-
> Avast	4.8.1351.0	2010.07.06	-
> Avast5	5.0.332.0	2010.07.06	-
> AVG	9.0.0.836	2010.07.06	-
> ...


http://virustotal.com/

----------


## AlexGOMEL

Искал инструкцию, а наткнулся на... 



> Файл teplovoypunkt-1278586887_611359.e получен 2010.07.08 11:27:15 (UTC)
> Антивирус Версия Обновление Результат 
> a-squared 5.0.0.31 2010.07.08 - 
> AhnLab-V3 2010.07.08.04 2010.07.08 - 
> AntiVir 8.2.4.10 2010.07.08 - 
> Antiy-AVL 2.0.3.7 2010.07.08 - 
> Authentium 5.2.0.5 2010.07.08 - 
> Avast 4.8.1351.0 2010.07.08 - 
> Avast5 5.0.332.0 2010.07.08 - 
> ...

----------


## olejah

Сегодня из помогите, файл - %system32%\3wO2bal.exe - детектируется KIS 2009=Зловред Backdoor.Win32.Shiz.gen, остальные реагируют так - 




> Антивирус	Версия	Обновление	Результат
> a-squared	5.0.0.31	2010.07.09	-
> AhnLab-V3	2010.07.09.00	2010.07.08	-
> AntiVir	8.2.4.10	2010.07.08	-
> Antiy-AVL	2.0.3.7	2010.07.08	-
> Authentium	5.2.0.5	2010.07.09	-
> Avast	4.8.1351.0	2010.07.08	-
> Avast5	5.0.332.0	2010.07.08	-
> AVG	9.0.0.836	2010.07.08	-
> ...


virustotal.com

*Добавлено через 7 минут*

Из той же темы, файл C:\WINDOWS\system32\4aa6a58b.exe, по KIS 2009=Зловред Trojan.Win32.Scar.cmqi, по вирустотал - 




> Антивирус	Версия	Обновление	Результат
> a-squared	5.0.0.31	2010.07.08	-
> *AhnLab-V3	2010.07.08.04	2010.07.08	Trojan/Win32.Scar*
> *AntiVir	8.2.4.10	2010.07.08	TR/Scar.cmqi*
> Antiy-AVL	2.0.3.7	2010.07.08	-
> Authentium	5.2.0.5	2010.07.08	-
> Avast	4.8.1351.0	2010.07.08	-
> Avast5	5.0.332.0	2010.07.08	-
> *AVG	9.0.0.836	2010.07.08	SHeur3.AHJV*
> ...


virustotal.com

*Добавлено через 2 часа 19 минут*

Ещё из Помогите - C:\WINDOWS\system32\6983df75.exe - *HEUR:Backdoor.Win32.Generic*




> Антивирус	Версия	Обновление	Результат
> a-squared	5.0.0.31	2010.07.09	-
> AhnLab-V3	2010.07.09.00	2010.07.08	-
> AntiVir	8.2.4.10	2010.07.08	-
> Antiy-AVL	2.0.3.7	2010.07.08	-
> Authentium	5.2.0.5	2010.07.09	-
> Avast	4.8.1351.0	2010.07.08	-
> Avast5	5.0.332.0	2010.07.08	-
> AVG	9.0.0.836	2010.07.08	-
> ...


virustotal.com

----------


## olejah

Очередной экземпляр из Помогите, файл C:\WINDOWS\system32\sv*с*h*о*st.exe, где *с* и *о* русские, Доктор Вэб сказал, что это *Зловред Trojan.Click.33545*, вирустотал - 




> Антивирус	Версия	Обновление	Результат
> a-squared	4.5.0.41	2009.10.15	-
> AhnLab-V3	5.0.0.2	2009.10.14	-
> AntiVir	7.9.1.35	2009.10.15	-
> Antiy-AVL	2.0.3.7	2009.10.15	-
> Authentium	5.1.2.4	2009.10.15	-
> Avast	4.8.1351.0	2009.10.14	-
> AVG	8.5.0.420	2009.10.15	-
> BitDefender	7.2	2009.10.15	-
> ...


virustotal.com

----------


## Юльча

Файл vip_porno_30373.avi.exe получен 2010.07.12 06:13:23 (UTC)
Результат: 15/41 (36.59%)





> *a-squared	5.0.0.31	2010.07.12	Trojan-Ransom.Win32.PornoBlocker!IK*
> AhnLab-V3	2010.07.10.00	2010.07.09	-
> AntiVir	8.2.4.10	2010.07.11	-
> Antiy-AVL	2.0.3.7	2010.07.09	-
> Authentium	5.2.0.5	2010.07.11	-
> *Avast	4.8.1351.0	2010.07.11	Win32:Delf-NMT
> Avast5	5.0.332.0	2010.07.11	Win32:Delf-NMT*
> AVG	9.0.0.836	2010.07.11	-
> *BitDefender	7.2	2010.07.12	Backdoor.Generic.401776*
> ...


virustotal.com

----------


## olejah

Очередная порция раздела Помогите - 

Файл c:\windows\system32\nssm.exe - 




> Антивирус	Версия	Обновление	Результат
> *a-squared	5.0.0.31	2010.07.13	Trojan-Dropper.Small!IK*
> AhnLab-V3	2010.07.13.01	2010.07.13	-
> AntiVir	8.2.4.10	2010.07.13	-
> Antiy-AVL	2.0.3.7	2010.07.12	-
> Authentium	5.2.0.5	2010.07.13	-
> Avast	4.8.1351.0	2010.07.13	-
> Avast5	5.0.332.0	2010.07.13	-
> AVG	9.0.0.836	2010.07.13	-
> ...


virustotal.com

Файл - c:\documents and settings\Администратор.e09f1fec3b0f47d\application data\netprotocol.exe - 




> Антивирус	Версия	Обновление	Результат
> a-squared	5.0.0.31	2010.07.14	-
> AhnLab-V3	2010.07.14.00	2010.07.13	-
> AntiVir	8.2.4.10	2010.07.13	-
> Antiy-AVL	2.0.3.7	2010.07.12	-
> Authentium	5.2.0.5	2010.07.14	-
> Avast	4.8.1351.0	2010.07.13	-
> Avast5	5.0.332.0	2010.07.13	-
> AVG	9.0.0.836	2010.07.13	-
> ...


virustotal.com/

Файл - c:\documents and settings\all users.windows\media\kasper_zaebal.exe - 




> Антивирус	Версия	Обновление	Результат
> a-squared	5.0.0.31	2010.07.12	-
> AhnLab-V3	2010.07.10.00	2010.07.09	-
> AntiVir	8.2.4.10	2010.07.12	-
> Antiy-AVL	2.0.3.7	2010.07.12	-
> Authentium	5.2.0.5	2010.07.11	-
> Avast	4.8.1351.0	2010.07.12	-
> *Avast5	5.0.332.0	2010.07.12	Win32:SuspBehav-D*
> AVG	9.0.0.836	2010.07.12	-
> ...


virustotal.com/

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## ISO

File ali.exe received on 2010.07.20 05:24:22 (UTC)




> Antivirus 	Version 	Last Update 	Result
> *a-squared	5.0.0.34	2010.07.20	Trojan-Downloader.Small!IK
> AhnLab-V3	2010.07.20.00	2010.07.19	Backdoor/Win32.Trup
> AntiVir	8.2.4.12	2010.07.19	TR/Dldr.Small.ardp
> Antiy-AVL	2.0.3.7	2010.07.15	Trojan/Win32.Small.gen*
> Authentium	5.2.0.5	2010.07.20	-
> *Avast	4.8.1351.0	2010.07.19	Win32:Trojan-gen
> Avast5	5.0.332.0	2010.07.19	Win32:Trojan-gen
> AVG	9.0.0.836	2010.07.19	Clicker.AIZI
> ...


Additional information
File size: 17920 bytes
MD5...: f2782d280ff4765299eb5aec472acfdb
SHA1..: d8a0e1d9cfe4897e9eab31adb19ad1d6324de002
SHA256: 35668de01833bc1099834772d4f1e4b729ffe633699b92783d  ba455c57af5a48
ssdeep: 384:UmP1u69a1AM4C0r1c7+RxBOsFt7QQ2xx1AIL3znvW/nlu4FtG:zArAM4Vr1c
7+zBOsFZQQ2xx3znvW/nlk
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3544
timedatestamp.....: 0x4bf10121 (Mon May 17 08:41:05 2010)
machinetype.......: 0x14c (I386)

----------


## jerkol

File _WTR4132.tmp.rar received on 2010.07.20 08:07:56 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 24/42 (57.15%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 81 and 116 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email: 	

Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2010.07.20.00	2010.07.19	-
AntiVir	8.2.4.12	2010.07.20	-
Antiy-AVL	2.0.3.7	2010.07.15	-
Authentium	5.2.0.5	2010.07.20	-
Avast	4.8.1351.0	2010.07.19	Win32:Malware-gen
Avast5	5.0.332.0	2010.07.19	Win32:Malware-gen
AVG	9.0.0.836	2010.07.19	Dropper.Generic2.YQQ
BitDefender	7.2	2010.07.20	Win32.Worm.Stuxnet.A
CAT-QuickHeal	11.00	2010.07.20	-
ClamAV	0.96.0.3-git	2010.07.20	Trojan.Stuxnet
Comodo	5483	2010.07.20	-
DrWeb	5.0.2.03300	2010.07.20	Trojan.Stuxnet.1
Emsisoft	5.0.0.34	2010.07.20	Trojan-Dropper.Win32.Stuxnet!IK
eSafe	7.0.17.0	2010.07.19	Win32.TRDrop.Stuxnet
eTrust-Vet	36.1.7723	2010.07.20	-
F-Prot	4.6.1.107	2010.07.19	-
F-Secure	9.0.15370.0	2010.07.20	Trojan-Dropper:W32/Stuxnet.A
Fortinet	4.1.143.0	2010.07.19	-
GData	21	2010.07.20	Win32.Worm.Stuxnet.A
Ikarus	T3.1.1.84.0	2010.07.20	Trojan-Dropper.Win32.Stuxnet
Jiangmin	13.0.900	2010.07.20	TrojanDropper.Stuxnet.a
Kaspersky	7.0.0.125	2010.07.20	Trojan-Dropper.Win32.Stuxnet.a
McAfee	5.400.0.1158	2010.07.20	Stuxnet
McAfee-GW-Edition	2010.1	2010.07.20	Artemis!D7BC75397629
Microsoft	1.6004	2010.07.20	TrojanDropper:Win32/Stuxnet.A
NOD32	5293	2010.07.19	a variant of Win32/Stuxnet.A
Norman	6.05.11	2010.07.19	W32/Suspicious_Gen2.BOYEK
nProtect	2010-07-20.01	2010.07.20	-
Panda	10.0.2.7	2010.07.19	Rootkit/TmpHider
PCTools	7.0.3.5	2010.07.20	Malware.Stuxnet
Prevx	3.0	2010.07.20	-
Rising	22.57.01.04	2010.07.20	-
Sophos	4.55.0	2010.07.20	-
Sunbelt	6605	2010.07.20	Trojan.Win32.Generic!BT
SUPERAntiSpyware	4.40.0.1006	2010.07.20	-
Symantec	20101.1.1.7	2010.07.20	-
TheHacker	6.5.2.1.320	2010.07.19	-
TrendMicro	9.120.0.1004	2010.07.20	WORM_STUXNET.SM
TrendMicro-HouseCall	9.120.0.1004	2010.07.20	WORM_STUXNET.SM
VBA32	3.12.12.6	2010.07.19	Trojan-Spy.0485
ViRobot	2010.6.21.3896	2010.07.20	-
VirusBuster	5.0.27.0	2010.07.19	-
Additional information
File size: 1018519 bytes
MD5...: 32d3e83f195e687c552f0ba9262d5f77
SHA1..: ad7840007d32370aa25198ced30ff6dd70320945
SHA256: 64ef4ef3413e593c8fe2ecc852a75f951c4f91c2d9a0bfd17a  68efc2b6ec8dae
ssdeep: 24576:+4v853A7ekORdOvVeHNqogJXbaoumuTw4Nh:+4v856xO  uvgNqZb1umuTw4
z
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: RAR Archive (83.3%)
REALbasic Project (16.6%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

----------


## olejah

Файл - C:\WINDOWS\system32\driqst.exe - новый зловред, *Backdoor.Win32.Shiz.ms*




> Антивирус	Версия	Обновление	Результат
> a-squared	5.0.0.34	2010.07.20	-
> AhnLab-V3	2010.07.20.00	2010.07.19	-
> AntiVir	8.2.4.12	2010.07.19	-
> Antiy-AVL	2.0.3.7	2010.07.15	-
> Authentium	5.2.0.5	2010.07.20	-
> Avast	4.8.1351.0	2010.07.19	-
> Avast5	5.0.332.0	2010.07.19	-
> AVG	9.0.0.836	2010.07.19	-
> ...


virustotal.com

----------


## olejah

Популярный в последнее время - \Documents and Settings\Username\Главное меню\Программы\Автозагрузка\wwwznv32.exe - 




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2010.07.24.01	2010.07.23	-
> AntiVir	8.2.4.26	2010.07.23	-
> Antiy-AVL	2.0.3.7	2010.07.23	-
> Authentium	5.2.0.5	2010.07.24	-
> *Avast	4.8.1351.0	2010.07.24	Win32:Crypt-GYS*
> *Avast5	5.0.332.0	2010.07.24	Win32:Crypt-GYS*
> AVG	9.0.0.851	2010.07.24	-
> *BitDefender	7.2	2010.07.24	Gen:Variant.Ursnif.19*
> ...


virustotal.com

----------


## valho

В одной школе нашёл, на стареньком компике, есть цифровая подпись, может из за того что упаковано molebox так выдаёт 
File GCLEAN.EXE received on 2010.07.27 10:24:42 (UTC)
Current status: finished
Result: 20/42 (47.62%)



> *AhnLab-V3 	2010.07.27.00 	2010.07.26 	Backdoor/Win32.Trojan*
> *AntiVir 	8.2.4.26 	2010.07.27 	BDS/Bot.95399*
> Antiy-AVL 	2.0.3.7 	2010.07.26 	-
> Authentium 	5.2.0.5 	2010.07.27 	-
> Avast 	4.8.1351.0 	2010.07.26 	-
> Avast5 	5.0.332.0 	2010.07.26 	-
> AVG 	9.0.0.851 	2010.07.27 	-
> *BitDefender 	7.2 	2010.07.27 	Backdoor.Bot.95399*
> *CAT-QuickHeal 	11.00 	2010.07.27 	Trojan.Agent.ATV*
> ...


Additional information
File size: 350784 bytes
MD5   : 40d6be49f665e7a00686f69f24602a2e
SHA1  : a6ff7b33b1c7122f748bdd56a0b3ab923baaad26
SHA256: 622ca0f8943800438b3a97efad9d72e784f4ee0b6a4c85e49d  31643e64e759c7
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x85B63
timedatestamp.....: 0x2A425E19 (Sat Jun 20 00:22:17 1992)
machinetype.......: 0x14C (Intel I386)
sigcheck: publisher....: ___ ___ _______-_______
copyright....: (C) 2006 ___ ___ _______-_______
product......: ______. _________ F1
description..: _______ ______ - _______ _______
original name: gclean.exe
internal name: ______-_______
file version.: 6.3.0.19
comments.....: n/a
signers......: NPP Garant-Service
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 2:27 AM 1/27/2006
verified.....: -
Prevx Info: http://info.prevx.com/aboutprogramte...6AF80076EAAC1B

----------


## grobik

C:\Documents and Settings\Username\Аpplication data\fuki.exe

Файл *fuki.exe* получен 2010.07.29 21:32:38 (UTC)

Результат: 8/42 (19.05%)



> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2010.07.29.00	2010.07.28	-
> *AntiVir	8.2.4.32	2010.07.29	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2010.07.29	-
> *Authentium	5.2.0.5	2010.07.29	W32/Trojan2.NABV*
> Avast	4.8.1351.0	2010.07.29	-
> Avast5	5.0.332.0	2010.07.29	-
> AVG	9.0.0.851	2010.07.29	-
> *BitDefender	7.2	2010.07.29	Gen:Variant.Koobface.1*
> ...


Дополнительная информация
File size: 166400 bytes
MD5...: e573040b8257f7d6b98adf47dddd6b02
SHA1..: 93f0d889b217625d67d3563541a92aaec633146b
SHA256: 0decedcda7378dca793c1d7e167df03e5d3051f2d2c071c4bc  9b84a088181d07

( base data )
entrypointaddress.: 0x11b0
timedatestamp.....: 0x3eabdc15 (Sun Apr 27 13:33:09 2003)
machinetype.......: 0x14c (I386)

sigcheck:
publisher....: VMware, Inc.
copyright....: Copyright (c) 1998-2008 VMware, Inc.
product......: VMware Workstation
description..: VMware Virtual Disk Manager
original name: vmware-vdiskmanager.exe
internal name: diskUtil
file version.: 6.5.1 build-126130
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
http://www.virustotal.com/ru/analisi...d07-1280439158

----------


## olejah

Совсем-совсем свежачок - *C:\WINDOWS\system32\sidebar32.exe*, Касперский добавил вчера - новый зловред, *Trojan-Spy.Win32.BZub.iad*. Последние два дня очень часто встречается в Помогите - 




> Антивирус	Версия	Обновление	Результат
> *AhnLab-V3	2010.07.30.00	2010.07.29	Spyware/Win32.BZub*
> *AntiVir	8.2.4.32	2010.07.30	TR/Spy.BZub.iad*
> Antiy-AVL	2.0.3.7	2010.07.30	-
> Authentium	5.2.0.5	2010.07.30	-
> Avast	4.8.1351.0	2010.07.30	-
> Avast5	5.0.332.0	2010.07.30	-
> AVG	9.0.0.851	2010.07.30	-
> BitDefender	7.2	2010.07.30	-
> ...


virustotal.com

----------


## Никита Соловьев

Файл avz00001.dta получен 2010.08.02 20:05:46 (UTC)Антивирус Версия Обновление Результат 



> AhnLab-V3 2010.08.01.00 2010.07.31 - 
> AntiVir 8.2.4.32 2010.08.02 *TR/Spy.98304.342* 
> Antiy-AVL 2.0.3.7 2010.08.02 - 
> Authentium 5.2.0.5 2010.08.02 - 
> Avast 4.8.1351.0 2010.08.02 *Win32:Rootkit-gen* 
> Avast5 5.0.332.0 2010.08.02 *Win32:Rootkit-gen* 
> AVG 9.0.0.851 2010.08.02 *SHeur3.AQXB* 
> BitDefender 7.2 2010.08.02 *Gen:[email protected]* 
> CAT-QuickHeal 11.00 2010.08.02 *(Suspicious) - DNAScan* 
> ...

----------


## Никита Соловьев

Сегодняшний

Файл avz00002.dta получен 2010.08.03 12:16:45 (UTC)Антивирус Версия Обновление Результат 



> AhnLab-V3 2010.08.03.00 2010.08.03 - 
> AntiVir 8.2.4.32 2010.08.03 - 
> Antiy-AVL 2.0.3.7 2010.08.03 - 
> Authentium 5.2.0.5 2010.08.03 - 
> Avast 4.8.1351.0 2010.08.03 - 
> Avast5 5.0.332.0 2010.08.03 - 
> AVG 9.0.0.851 2010.08.03 *SHeur3.AQZJ* 
> BitDefender 7.2 2010.08.03 - 
> CAT-QuickHeal 11.00 2010.08.03 - 
> ...

----------


## grobik

Файл *Reader.exe* получен 2010.08.03 22:18:08 (UTC)
Текущий статус: закончено 

Результат: 7/42 (16.67%)



> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2010.08.04.00	2010.08.03	-
> AntiVir	8.2.4.32	2010.08.03	-
> Antiy-AVL	2.0.3.7	2010.08.03	-
> *Authentium	5.2.0.5	2010.08.03	W32/Bredolab.GC*
> Avast	4.8.1351.0	2010.08.03	-
> Avast5	5.0.332.0	2010.08.03	-
> AVG	9.0.0.851	2010.08.03	-
> BitDefender	7.2	2010.08.03	-
> ...


File size: 21504 bytes
MD5...: 64149dde50077f83502bbf532966f69f
SHA1..: 29e8e72501cf4f8c779ec9698893bd946d29967b
SHA256: 025e6e8752194c34e1c3593c1f03f51479a4cb825fe7b02b79  cf15efe5b1d6b4
ssdeep: 384:scZZkDqx1uSQGT7UTw6AlT+WymHD9TRJSbIdMecgoq:fZk  DqLuSQw7UTyiWy
CVJS2Me3h

( base data )
entrypointaddress.: 0x1390
timedatestamp.....: 0x4bdc490c (Sat May 01 15:30:20 2010)
machinetype.......: 0x14c (I386)
http://www.virustotal.com/ru/analisi...6b4-1280873888

----------


## grobik

C:\Program Files\Common Files\Microsoft Shared\Help\1046\MicrosoftHelp.exe

Файл *MicrosoftHelp.exe* получен 2010.08.06 22:39:54 (UTC)

Результат: 8/42 (19.05%)



> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2010.08.07.00	2010.08.06	-
> AntiVir	8.2.4.34	2010.08.06	-
> Antiy-AVL	2.0.3.7	2010.08.06	-
> *Authentium	5.2.0.5	2010.08.06	W32/Katusha.C.gen!Eldorado*
> Avast	4.8.1351.0	2010.08.06	-
> Avast5	5.0.332.0	2010.08.06	-
> *AVG	9.0.0.851	2010.08.06	Cryptic.ATF*
> BitDefender	7.2	2010.08.07	-
> ...


File size: 163840 bytes
MD5...: a974c620a84ca66a2445581a996822c3
SHA1..: 8bc98d6392014e2b22632dcea0227c4209a98d73
SHA256: dbac0281507987694f6217d655396bb7503bb4ebd2d1d14061  5e84b5c979171d
ssdeep: 3072:81XmnVKXi9DvPSX0rJ4OpbQp1Fj8Zk3n7Qeokrcj0fy:R  9DvPSX0VtpRZic

( base data )
entrypointaddress.: 0x2b74
timedatestamp.....: 0x3c6c7ff8 (Fri Feb 15 03:26:48 2002)
machinetype.......: 0x14c (I386)
http://www.virustotal.com/ru/analisi...71d-1281134394

----------


## polar_owl

Поймал неделю назад у знакомого на компьютере. Жаловался, что при нажатии на ссылку на mail.ru его перенаправляет на порносайт.
Выложил результат проверки только сейчас, так как ждал вердикта аналитиков из Kaspersky или DrWeb. DrWeb только вчера его добавили. От Kaspersky, судя по Киберу, нет ответа с 20.07.
Зараза прописывается в *AppInit_DLLs*, имеет имя: *C:\WINDOWS\system32\sysintm.dll*

*Файл avz00001.dta получен 2010.08.07 17:42:54 (UTC)
Результат: 4/42 (9.53%)*



> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2010.08.07.00	2010.08.06	-
> AntiVir	8.2.4.34	2010.08.06	-
> Antiy-AVL	2.0.3.7	2010.08.06	-
> Authentium	5.2.0.5	2010.08.07	-
> Avast	4.8.1351.0	2010.08.07	-
> Avast5	5.0.332.0	2010.08.07	-
> AVG	9.0.0.851	2010.08.07	-
> BitDefender	7.2	2010.08.07	-
> ...


VirusTotal

----------


## Никита Соловьев

Новое из раздела "помогите"

Файл avz00001.dta получен 2010.08.07 21:49:55 (UTC)Антивирус Версия Обновление 


> Результат 
> AhnLab-V3 2010.08.08.00 2010.08.07 - 
> AntiVir 8.2.4.34 2010.08.07 - 
> Antiy-AVL 2.0.3.7 2010.08.06 - 
> Authentium 5.2.0.5 2010.08.07 - 
> Avast 4.8.1351.0 2010.08.07 - 
> Avast5 5.0.332.0 2010.08.07 - 
> AVG 9.0.0.851 2010.08.07 *SHeur3.ASBP* 
> BitDefender 7.2 2010.08.07 - 
> ...

----------


## DefesT

File *_.exe* received on 2010.08.10 00:12:29 (UTC)
Result: *17/42* (40.48%)



> Antivirus 	Version 	Last Update 	Result
> *AhnLab-V3	2010.08.10.00	2010.08.09	Malware/Win32.Generic*
> *AntiVir	8.2.4.34	2010.08.09	TR/Midgare.apwr*
> Antiy-AVL	2.0.3.7	2010.08.09	-
> Authentium	5.2.0.5	2010.08.09	-
> *Avast	4.8.1351.0	2010.08.09	Win32:Trojan-gen
> Avast5	5.0.332.0	2010.08.09	Win32:Trojan-gen*
> AVG	9.0.0.851	2010.08.09	-
> *BitDefender	7.2	2010.08.10	Trojan.Generic.KD.25631*
> ...


Additional information
File size: *619086* bytes
MD5...: e8297474f8754cf041f86c16f161cacc
SHA1..: 366e37fea9891de5d8575d04c5ef2100d381e068
SHA256: 2ba13174bffd065339e6c7cd825430fbaf8f602b44293eada9  0d2ba81f1792af
http://www.virustotal.com/analisis/2...2af-1281399149

File *flash_player.exe* received on 2010.08.10 00:12:37 (UTC)
Result: *3/42* (7.15%)	



> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3	2010.08.10.00	2010.08.09	-
> AntiVir	8.2.4.34	2010.08.09	-
> Antiy-AVL	2.0.3.7	2010.08.09	-
> Authentium	5.2.0.5	2010.08.09	-
> Avast	4.8.1351.0	2010.08.09	-
> Avast5	5.0.332.0	2010.08.09	-
> AVG	9.0.0.851	2010.08.09	-
> BitDefender	7.2	2010.08.10	-
> ...


Additional information
File size: *112448* bytes
MD5...: b7859c16428982587c5f4cf5f167180a
SHA1..: e17ab5180d752fc1596964068003b81437e8a265
SHA256: ebc49d82097a19c3e41aef6c75bb66379d8cf9ec84b8dae7bb  9ae8ccd12c2bb3
http://www.virustotal.com/analisis/e...bb3-1281399157

----------


## Никита Соловьев

*monoca32.exe*




> AhnLab-V3 2010.08.10.01 2010.08.10 *Win-Trojan/Xema.variant* 
> AntiVir 8.2.4.34 2010.08.10 - 
> Antiy-AVL 2.0.3.7 2010.08.10 - 
> Authentium 5.2.0.5 2010.08.10 - 
> Avast 4.8.1351.0 2010.08.10 *Win32:Crypt-HCS* 
> Avast5 5.0.332.0 2010.08.10 *Win32:Crypt-HCS* 
> AVG 9.0.0.851 2010.08.10 *Agent2.BCCT* 
> BitDefender 7.2 2010.08.10 *Trojan.Generic.4544889* 
> CAT-QuickHeal 11.00 2010.08.10 - 
> ...

----------


## Vadim_SVN

OSAM в столбцах написал, что это Userinit и паблишер BitDefender  :Smiley: 



```
File name: avz00001.dta
Submission date: 2010-08-12 08:11:44 (UTC)
Result: 5/ 41 (12.2%)

AhnLab-V3	2010.08.12.00	2010.08.11	-
AntiVir	8.2.4.34	2010.08.11	-
Antiy-AVL	2.0.3.7	2010.08.11	-
Authentium	5.2.0.5	2010.08.12	-
Avast	4.8.1351.0	2010.08.11	-
Avast5	5.0.332.0	2010.08.11	-
AVG	9.0.0.851	2010.08.11	-
BitDefender	7.2	2010.08.12	-
CAT-QuickHeal	11.00	2010.08.12	(Suspicious) - DNAScan
ClamAV	0.96.0.3-git	2010.08.12	-
Comodo	5714	2010.08.11	-
DrWeb	5.0.2.03300	2010.08.12	-
Emsisoft	5.0.0.37	2010.08.12	-
eSafe	7.0.17.0	2010.08.11	-
eTrust-Vet	36.1.7784	2010.08.12	-
F-Prot	4.6.1.107	2010.08.12	-
F-Secure	9.0.15370.0	2010.08.12	-
Fortinet	4.1.143.0	2010.08.11	-
GData	21	2010.08.12	-
Ikarus	T3.1.1.88.0	2010.08.12	-
Jiangmin	13.0.900	2010.08.12	-
Kaspersky	7.0.0.125	2010.08.12	-
McAfee	5.400.0.1158	2010.08.12	-
McAfee-GW-Edition	2010.1	2010.08.12	-
Microsoft	1.6004	2010.08.12	-
NOD32	5358	2010.08.11	a variant of Win32/Kryptik.FYA
Norman	6.05.11	2010.08.12	-
nProtect	2010-08-12.03	2010.08.12	-
Panda	10.0.2.7	2010.08.11	Suspicious file
PCTools	7.0.3.5	2010.08.12	-
Rising	22.60.03.01	2010.08.12	-
Sophos	4.56.0	2010.08.12	-
Sunbelt	6721	2010.08.12	-
SUPERAntiSpyware	4.40.0.1006	2010.08.12	-
Symantec	20101.1.1.7	2010.08.12	-
TheHacker	6.5.2.1.343	2010.08.11	-
TrendMicro	9.120.0.1004	2010.08.12	TSPY_LOGSKIE.SMF
TrendMicro-HouseCall	9.120.0.1004	2010.08.12	TSPY_LOGSKIE.SMF
VBA32	3.12.14.0	2010.08.11	-
ViRobot	2010.8.9.3978	2010.08.12	-
VirusBuster	5.0.27.0	2010.08.11	-

Additional information
MD5   : 9af33e507415daf1d7961523d162899c
SHA1  : 85e60304a851098c2cd654f4b4339f0c54baaa5b
SHA256: 2acab996ea2c7f5c96853ca2386ef80137a2d6c127c26dc0bd758e40f7d4a8a3
```



```
File name: avz00002.dta
Submission date: 2010-08-12 08:12:43 (UTC)
Result: 7/ 42 (16.7%)

AhnLab-V3	2010.08.12.00	2010.08.11	-
AntiVir	8.2.4.34	2010.08.11	-
Antiy-AVL	2.0.3.7	2010.08.11	-
Authentium	5.2.0.5	2010.08.12	-
Avast	4.8.1351.0	2010.08.11	-
Avast5	5.0.332.0	2010.08.11	-
AVG	9.0.0.851	2010.08.11	-
BitDefender	7.2	2010.08.12	-
CAT-QuickHeal	11.00	2010.08.12	(Suspicious) - DNAScan
ClamAV	0.96.0.3-git	2010.08.12	-
Comodo	5714	2010.08.11	TrojWare.Win32.Trojan.Agent.Gen
DrWeb	5.0.2.03300	2010.08.12	-
Emsisoft	5.0.0.37	2010.08.12	-
eSafe	7.0.17.0	2010.08.11	-
eTrust-Vet	36.1.7784	2010.08.12	-
F-Prot	4.6.1.107	2010.08.12	-
F-Secure	9.0.15370.0	2010.08.12	-
Fortinet	4.1.143.0	2010.08.11	-
GData	21	2010.08.12	-
Ikarus	T3.1.1.88.0	2010.08.12	-
Jiangmin	13.0.900	2010.08.12	-
Kaspersky	7.0.0.125	2010.08.12	-
McAfee	5.400.0.1158	2010.08.12	-
McAfee-GW-Edition	2010.1	2010.08.12	-
Microsoft	1.6004	2010.08.12	Trojan:Win32/Meredrop
NOD32	5358	2010.08.11	a variant of Win32/Kryptik.FYA
Norman	6.05.11	2010.08.12	-
nProtect	2010-08-12.03	2010.08.12	-
Panda	10.0.2.7	2010.08.11	Suspicious file
PCTools	7.0.3.5	2010.08.12	-
Prevx	3.0	2010.08.12	-
Rising	22.60.03.01	2010.08.12	-
Sophos	4.56.0	2010.08.12	-
Sunbelt	6721	2010.08.12	-
SUPERAntiSpyware	4.40.0.1006	2010.08.12	-
Symantec	20101.1.1.7	2010.08.12	-
TheHacker	6.5.2.1.343	2010.08.11	-
TrendMicro	9.120.0.1004	2010.08.12	TSPY_LOGSKIE.SMF
TrendMicro-HouseCall	9.120.0.1004	2010.08.12	TSPY_LOGSKIE.SMF
VBA32	3.12.14.0	2010.08.11	-
ViRobot	2010.8.9.3978	2010.08.12	-
VirusBuster	5.0.27.0	2010.08.11	-

Additional information
MD5   : ea368e1bf69a029e3433b354999e1c16
SHA1  : e8b74ee8584f63e4cc754297e7661d72de9e2298
SHA256: 07a1a9d51d74d0377c06140a2d8102507aa9071c37bac53d257799059e058f68
```

Сэмплы ушли Вебу и Касперу

*Добавлено через 2 часа 14 минут*

Уже проверены  :Smiley: 
Alexey Gashkin - Virus Monitoring Service Doctor Web Ltd.
avz00001.dta - Угроза: Trojan.PWS.Ibank.109
avz00002.dta - Угроза: BackDoor.Siggen.25748

----------


## Nexus

Выловил monoca32.exe

File name: 
avz00001.dta
Submission date: 
2010-08-15 10:38:10 (UTC)
Result: 
15/ 42 (35.7%)




> *AhnLab-V3	2010.08.15.01	2010.08.15	Win-Trojan/Bredolab.55808*
> AntiVir	8.2.4.34	2010.08.13	-
> Antiy-AVL	2.0.3.7	2010.08.11	-
> Authentium	5.2.0.5	2010.08.14	-
> *Avast	4.8.1351.0	2010.08.14	Win32:Crypt-HIB
> Avast5	5.0.332.0	2010.08.14	Win32:Crypt-HIB*
> AVG	9.0.0.851	2010.08.15	-
> *BitDefender	7.2	2010.08.15	Gen:Variant.Ursnif.20
> CAT-QuickHeal	11.00	2010.08.14	Win32.Packed.Krap.ao.7*
> ...

----------


## kvit

```
Antivirus	Version	Last Update	Result
AhnLab-V3	2010.08.16.02	2010.08.16	Malware/Win32.Generic
AntiVir	8.2.4.34	2010.08.16	-
Antiy-AVL	2.0.3.7	2010.08.16	-
Authentium	5.2.0.5	2010.08.16	W32/Infostealer.A!Maximus
Avast	4.8.1351.0	2010.08.15	-
Avast5	5.0.332.0	2010.08.15	-
AVG	9.0.0.851	2010.08.16	-
BitDefender	7.2	2010.08.16	DeepScan:Generic.Malware.FPPkTkg.7388E5A8
CAT-QuickHeal	11.00	2010.08.16	-
ClamAV	0.96.0.3-git	2010.08.16	-
Comodo	5758	2010.08.16	-
DrWeb	5.0.2.03300	2010.08.16	-
eSafe	7.0.17.0	2010.08.15	-
eTrust-Vet	36.1.7793	2010.08.16	-
F-Prot	4.6.1.107	2010.08.16	W32/Infostealer.A!Maximus
F-Secure	9.0.15370.0	2010.08.16	DeepScan:Generic.Malware.FPPkTkg.7388E5A8
Fortinet	4.1.143.0	2010.08.16	-
GData	21	2010.08.16	DeepScan:Generic.Malware.FPPkTkg.7388E5A8
Ikarus	T3.1.1.88.0	2010.08.16	Win32.SuspectCrc
Jiangmin	13.0.900	2010.08.16	-
Kaspersky	7.0.0.125	2010.08.16	-
McAfee	5.400.0.1158	2010.08.16	-
McAfee-GW-Edition	2010.1	2010.08.16	-
Microsoft	1.6004	2010.08.16	-
NOD32	5369	2010.08.16	-
Norman	6.05.11	2010.08.15	-
nProtect	2010-08-16.01	2010.08.16	-
Panda	10.0.2.7	2010.08.15	Suspicious file
PCTools	7.0.3.5	2010.08.16	-
Prevx	3.0	2010.08.16	-
Rising	22.61.00.04	2010.08.16	-
Sophos	4.56.0	2010.08.16	-
Sunbelt	6740	2010.08.16	Trojan.Win32.Generic!BT
SUPERAntiSpyware	4.40.0.1006	2010.08.16	-
Symantec	20101.1.1.7	2010.08.16	-
TheHacker	6.5.2.1.349	2010.08.16	-
TrendMicro	9.120.0.1004	2010.08.16	-
TrendMicro-HouseCall	9.120.0.1004	2010.08.16	-
VBA32	3.12.14.0	2010.08.13	-
ViRobot	2010.8.16.3990	2010.08.16	-
VirusBuster	5.0.27.0	2010.08.15	-
```



```
Additional informationShow all
MD5   : 058ebc415a27694b7cff3093cfaf2f4a
SHA1  : b0f3ccd65414853eb120b01e1ad7fbf25fc59690
SHA256: 41e19d03853208caec30a3c6c9bffa038e6b03f0a021b24bbac092dbdbff788c
```

----------


## grobik

File name: *nyik.exe*
Submission date: 2010-08-20 00:18:41 (UTC)
Current status: finished

Result: 9/ 41 (22.0%) 



> Antivirus	Version	Last Update	Result
> AhnLab-V3	2010.08.20.00	2010.08.19	-
> AntiVir	8.2.4.38	2010.08.19	-
> Antiy-AVL	2.0.3.7	2010.08.16	-
> *Authentium	5.2.0.5	2010.08.20	W32/Skintrim.1!Generic*
> Avast	4.8.1351.0	2010.08.19	-
> Avast5	5.0.332.0	2010.08.19	-
> AVG	9.0.0.851	2010.08.19	-
> BitDefender	7.2	2010.08.20	-
> ...


MD5   : af4c670a44086fb04d8bbd8d7cec3878
SHA1  : fd4e4077d2e17c7914a47e8a7bc63b4580aa8950
SHA256: 562992f1e18e5fb36f969ec9d1201449d6bdbe0c01a0e6aff6  8f30be699c5bf2
ssdeep: 3072:DFGKdZNPH53dJpakeOiZTdrk+C7riQtyXmiiuCYL31mf3  QCoGz:Nf5rpake1A7riQQ7nCY
zgvj

File size : 150528 bytes
First seen: 2010-08-20 00:18:41
Last seen : 2010-08-20 00:18:41
http://www.virustotal.com/file-scan/...bf2-1282263521

в автозапуске

----------


## polar_owl

Только что из Помогите.
*c:\windows\system32\40e38710.exe*, прописывается в *UserInit*
*avz00001.dta
Submission date: 2010-08-22 13:32:15 (UTC)
Current status: finished
Result: 4/ 42 (9.5%)*



> *Antivirus	Version	Last Update	Result*
> AhnLab-V3	2010.08.22.00	2010.08.21	-
> AntiVir	8.2.4.38	2010.08.20	-
> Antiy-AVL	2.0.3.7	2010.08.16	-
> Authentium	5.2.0.5	2010.08.22	-
> Avast	4.8.1351.0	2010.08.22	-
> Avast5	5.0.332.0	2010.08.22	-
> AVG	9.0.0.851	2010.08.22	-
> BitDefender	7.2	2010.08.22	-
> ...


VirusTotal

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## valho

Не было Ц.П.
File name: tftp.exe
Submission date: 2010-08-24 14:27:18 (UTC)
Current status:finished
Result: 7 /42 (16.7%)



> AhnLab-V3  	2010.08.24.00  	2010.08.23  	-
> AntiVir 	8.2.4.38 	2010.08.24 	-
> Antiy-AVL 	2.0.3.7 	2010.08.23 	-
> *Authentium 	5.2.0.5 	2010.08.24 	W32/Backdoor2.BIRB*
> Avast 	4.8.1351.0 	2010.08.23 	-
> Avast5 	5.0.332.0 	2010.08.23 	-
> AVG 	9.0.0.851 	2010.08.24 	-
> BitDefender 	7.2 	2010.08.24 	-
> CAT-QuickHeal 	11.00 	2010.08.24 	-
> ...


Additional information
Show all
MD5   : db3f663417baec4d8da89267a4a27df5
SHA1  : 943e17378e006babd80d8b480bbd4e00fe9a70bd
SHA256: f950a2885af8d280d3a3d15171fca25b022d011c5bfbe03f94  cb244116d54c5a
ssdeep: 3:WlWUqt/vll2sZ2vxrlYC8XvEXGl/nl/llakVFvlNl//vl7//llrllVlVJl/t1l9r:idqUsOxr[*lb*]lY1/E2ZnlqtW1
File size : 16896 bytes
First seen: 2007-03-28 23:38:55
Last seen : 2010-08-24 14:27:18
Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1000
timedatestamp....: 0x42DCB199 (Tue Jul 19 07:54:01 2005)
machinetype......: 0x14C (Intel I386)

----------


## olejah

Файл *C:\Documents and Settings\USERNAME\.exe* - 




> Antivirus	Version	Last Update	Result
> AhnLab-V3	2010.07.28.00	2010.07.27	-
> AntiVir	8.2.4.26	2010.07.27	-
> Antiy-AVL	2.0.3.7	2010.07.28	-
> Authentium	5.2.0.5	2010.07.28	-
> Avast	4.8.1351.0	2010.07.28	-
> Avast5	5.0.332.0	2010.07.28	-
> AVG	9.0.0.851	2010.07.27	-
> BitDefender	7.2	2010.07.28	-
> ...


virustotal.com




Файл - *C:\WINDOWS\system32\syschk32.exe* - 




> Antivirus	Version	Last Update	Result
> AhnLab-V3	2010.08.25.00	2010.08.24	-
> AntiVir	8.2.4.38	2010.08.24	-
> Antiy-AVL	2.0.3.7	2010.08.23	-
> Authentium	5.2.0.5	2010.08.25	-
> Avast	4.8.1351.0	2010.08.24	-
> Avast5	5.0.594.0	2010.08.24	-
> AVG	9.0.0.851	2010.08.24	-
> BitDefender	7.2	2010.08.25	-
> ...


virustotal.com

----------


## olejah

Наш новенький - *C:\Documents and Settings\Admin\Главное меню\Программы\Автозагрузка\sisgbi32.exe*, аналог monoca32, только, как я понял, круче - 




> Antivirus	Version	Last Update	Result
> AhnLab-V3	2010.08.26.00	2010.08.25	-
> AntiVir	8.2.4.38	2010.08.25	-
> Antiy-AVL	2.0.3.7	2010.08.23	-
> Authentium	5.2.0.5	2010.08.25	-
> Avast	4.8.1351.0	2010.08.25	-
> Avast5	5.0.594.0	2010.08.25	-
> AVG	9.0.0.851	2010.08.25	-
> BitDefender	7.2	2010.08.25	-
> ...


virustotal.com

----------


## Winsent

File name: aol.exe
Submission date: 2010-09-03 14:30:07 (UTC)
Current status: finished
Result: 17/ 43 (39.5%)

_Antivirus results_ 

AhnLab-V3 - 2010.09.03.01 - 2010.09.03 - Trojan/Win32.Zbot  
AntiVir - 8.2.4.50 - 2010.09.03 - - 
Antiy-AVL - 2.0.3.7 - 2010.09.03 - - 
Authentium - 5.2.0.5 - 2010.09.03 - - 
Avast - 4.8.1351.0 - 2010.09.03 - - 
Avast5 - 5.0.594.0 - 2010.09.03 - - 
AVG - 9.0.0.851 - 2010.09.03 - - 
BitDefender - 7.2 - 2010.09.03 - Trojan.Generic.KD.32733  
CAT-QuickHeal - 11.00 - 2010.09.03 - - 
ClamAV - 0.96.2.0-git - 2010.09.03 - - 
Comodo - 5956 - 2010.09.03 - - 
DrWeb - 5.0.2.03300 - 2010.09.03 - Trojan.PWS.Panda.387  
Emsisoft - 5.0.0.37 - 2010.09.03 - PWS.Win32!IK  
eSafe - 7.0.17.0 - 2010.09.01 - - 
eTrust-Vet - 36.1.7834 - 2010.09.03 - - 
F-Prot - 4.6.1.107 - 2010.09.01 - - 
F-Secure - 9.0.15370.0 - 2010.09.03 - Trojan.Generic.KD.32733  
Fortinet - 4.1.143.0 - 2010.09.03 - - 
GData - 21 - 2010.09.03 - Trojan.Generic.KD.32733  
Ikarus - T3.1.1.88.0 - 2010.09.03 - PWS.Win32  
Jiangmin - 13.0.900 - 2010.09.03 - - 
K7AntiVirus - 9.63.2424 - 2010.09.02 - - 
Kaspersky - 7.0.0.125 - 2010.09.03 - - 
McAfee - 5.400.0.1158 - 2010.09.03 - Artemis!F79B504BC7DB  
McAfee-GW-Edition - 2010.1B - 2010.09.03 - Artemis!F79B504BC7DB  
Microsoft - 1.6103 - 2010.09.03 - PWS:Win32/Zbot.gen!Y  
NOD32 - 5420 - 2010.09.03 - - 
Norman - 6.05.11 - 2010.09.03 - - 
nProtect - 2010-09-03.01 - 2010.09.03 - Trojan/W32.Agent.140288.CT  
Panda - 10.0.2.7 - 2010.09.03 - Trj/CI.A  
PCTools - 7.0.3.5 - 2010.09.03 - Trojan.Gen  
Prevx - 3.0 - 2010.09.03 - Medium Risk Malware  
Rising - 22.63.04.01 - 2010.09.03 - - 
Sophos - 4.57.0 - 2010.09.03 - Mal/Zbot-U  
Sunbelt - 6827 - 2010.09.03 - Trojan.Win32.Generic!SB.0  
SUPERAntiSpyware - 4.40.0.1006 - 2010.09.03 - - 
Symantec - 20101.1.1.7 - 2010.09.03 - Trojan.Gen  
TheHacker - 6.5.2.1.362 - 2010.09.03 - - 
TrendMicro - 9.120.0.1004 - 2010.09.03 - - 
TrendMicro-HouseCall - 9.120.0.1004 - 2010.09.03 - - 
VBA32 - 3.12.14.0 - 2010.09.03 - - 
ViRobot - 2010.8.31.4017 - 2010.09.03 - - 
VirusBuster - 12.64.15.0 - 2010.09.02 - - 

_File info:_ 
MD5: f79b504bc7db28605867c8d52c783bcd 
SHA1: 6d67ff3af691024200943a5e8ad86adfac1b2818 
SHA256: f3c9a0059de673be0b243801a2af110d0ea6bb8413380edbfa  7b5851fc77f7ad 
File size: 140288 bytes 
Scan date: 2010-09-03 14:30:07 (UTC)

----------


## olejah

Файл - *C:\WINDOWS\cfdrive32.exe*

Result: -  *7 /43 (16.3%)*




> Antivirus	Version	Last Update	Result
> AhnLab-V3	2010.09.05.00	2010.09.04	-
> AntiVir	8.2.4.50	2010.09.03	-
> Antiy-AVL	2.0.3.7	2010.09.03	-
> Authentium	5.2.0.5	2010.09.04	-
> Avast	4.8.1351.0	2010.09.05	-
> Avast5	5.0.594.0	2010.09.05	-
> *AVG	9.0.0.851	2010.09.05 -	Dropper.Small.GBQ*
> BitDefender	7.2	2010.09.05	-
> ...


virustotal.com

*Добавлено через 3 минуты*

Файл - *C:\WINDOWS\system32\msvmiode.exe*

*Result: 5 /43 (11.6%)*




> Antivirus	Version	Last Update	Result
> AhnLab-V3	2010.09.05.00	2010.09.04	-
> AntiVir	8.2.4.50	2010.09.03	-
> Antiy-AVL	2.0.3.7	2010.09.03	-
> Authentium	5.2.0.5	2010.09.04	-
> Avast	4.8.1351.0	2010.09.05	-
> Avast5	5.0.594.0	2010.09.05	-
> *AVG	9.0.0.851	2010.09.05 -	Dropper.Small.GCD*
> BitDefender	7.2	2010.09.05	-
> ...


virustotal.com

----------


## kyzya

чет забили на итоги!

----------


## VV2006

Расположение: C:\Windows\System32\0, дата: 03.08.2010, информация  о версии отсутствует.



> File name: 0
> Submission date: 2010-09-06 06:58:30 (UTC)
> *Result: 9 /43 (20.9%)* VT Community
> 
> AhnLab-V3	2010.09.05.00	2010.09.04	-
> AntiVir	8.2.4.50	2010.09.05	-
> *Antiy-AVL	2.0.3.7	2010.09.03	Packed/Win32.Krap.gen*
> Authentium	5.2.0.5	2010.09.06	-
> *Avast	4.8.1351.0	2010.09.05	Win32:Rootkit-gen*
> ...


*Добавлено через 8 минут*

Расположение:  C:\Windows\System32\@[, дата: 14.08.2010, информация о версии отсутствует.



> File name: @[
> Submission date: 2010-09-06 06:51:39 (UTC)
> *Result: 8 /43 (18.6%)* VT Community
> 
> AhnLab-V3	2010.09.05.00	2010.09.04	-
> AntiVir	8.2.4.50	2010.09.05	-
> Antiy-AVL	2.0.3.7	2010.09.03	-
> Authentium	5.2.0.5	2010.09.06	-
> *Avast	4.8.1351.0	2010.09.05	Win32:Rootkit-gen*
> ...

----------


## olejah

Файл - *C:\WINDOWS\system32\eusacf.exe*, прописывается в userinit, был выловлен в 911 - 

* 1 /43 (2.3%)*




> Antivirus	Version	Last Update	Result
> AhnLab-V3	2010.09.05.00	2010.09.04	-
> AntiVir	8.2.4.50	2010.09.03	-
> Antiy-AVL	2.0.3.7	2010.09.03	-
> Authentium	5.2.0.5	2010.09.04	-
> Avast	4.8.1351.0	2010.09.05	-
> Avast5	5.0.594.0	2010.09.05	-
> AVG	9.0.0.851	2010.09.05	-
> BitDefender	7.2	2010.09.05	-
> ...


virustotal.com

----------


## ISO

Вот такой вот подарок :Smiley: 
File name: 
*Podarok.exe*
Submission date: 
2010-09-09 06:30:50 (UTC)
Result: 
11/ 43 (25.6%)	



> Antivirus	Version	Last Update	Result
> AhnLab-V3	2010.09.09.00	2010.09.09	-
> AntiVir	8.2.4.50	2010.09.08	-
> Antiy-AVL	2.0.3.7	2010.09.09	-
> Authentium	5.2.0.5	2010.09.08	-
> *Avast	4.8.1351.0	2010.09.08	Win32:Malware-gen*
> *Avast5	5.0.594.0	2010.09.08	Win32:Malware-gen*
> *AVG	9.0.0.851	2010.09.08	Generic18.AIDN
> BitDefender	7.2	2010.09.09	Gen:[email protected]
> ...


Additional information
Show all 
MD5   : de6bf05cd2f0c0bf7d278f73913452cd
SHA1  : 7be1b3058fd58f2197bca694db54824d1528d5c6
SHA256: 9d49cfa9151b08f812cd7d9718ceb52fe9f0510896f2ef8593  6389ed6f54b255

----------


## olejah

Файл *C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe* - 

*5 /43 (11.6%)*




> AhnLab-V3	2010.09.08.02	2010.09.08	-
> AntiVir	8.2.4.50	2010.09.08	-
> Antiy-AVL	2.0.3.7	2010.09.08	-
> Authentium	5.2.0.5	2010.09.08	-
> Avast	4.8.1351.0	2010.09.08	-
> Avast5	5.0.594.0	2010.09.08	-
> AVG	9.0.0.851	2010.09.08	-
> BitDefender	7.2	2010.09.08	-
> CAT-QuickHeal	11.00	2010.09.08	-
> ...


virustotal.com

----------


## olejah

Файл - *C:\Documents and Settings\Yurez\Application Data\Dawa\gyhe.exe*

*3 /43 (7.0%)*




> Antivirus	Version	Last Update	Result
> AhnLab-V3	2010.09.12.00	2010.09.11	-
> AntiVir	8.2.4.50	2010.09.10	-
> Antiy-AVL	2.0.3.7	2010.09.12	-
> Authentium	5.2.0.5	2010.09.11	-
> Avast	4.8.1351.0	2010.09.11	-
> Avast5	5.0.594.0	2010.09.11	-
> AVG	9.0.0.851	2010.09.12	-
> *BitDefender	7.2	2010.09.12 -	Gen:Variant.Kazy.351*
> ...


virustotal.com

----------


## ISO

*aaax.exe*
Submission date:
2010-09-14 13:29:11 (UTC)
Result:
12/ 42 (28.6%)



> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3	2010.09.13.00	2010.09.13	-
> *AntiVir	8.2.4.52	2010.09.14	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2010.09.14	-
> *Authentium	5.2.0.5	2010.09.14	W32/Sality.C.gen!Eldorado*
> Avast	4.8.1351.0	2010.09.14	-
> Avast5	5.0.594.0	2010.09.14	-
> *AVG	9.0.0.851	2010.09.14	Win32/Sality.dropper*
> BitDefender	7.2	2010.09.14	-
> ...


Additional information
Show all
MD5   : f0768e5884fc208ffe808b951163ba0f
SHA1  : ffdc12d0d505247b9c33dbd7975fc6c718072c0c
SHA256: 8e874aaba072a531f135ff75cb422ddf1796386f9aa4c5b0aa  fde99859a4555d

Ссылка на другой файл, но результат такой же http://www.virustotal.com/file-scan/...78e-1284509311

----------


## grobik

File name: *46783848.exe*
Submission date: 2010-09-17 01:38:30 (UTC)
Current status: finished

Result: 5 /43 (11.6%)




> Antivirus	Version	Last Update	Result
> AhnLab-V3	2010.09.17.00	2010.09.16	-
> AntiVir	8.2.4.52	2010.09.16	-
> Antiy-AVL	2.0.3.7	2010.09.17	-
> Authentium	5.2.0.5	2010.09.17	-
> Avast	4.8.1351.0	2010.09.17	-
> Avast5	5.0.594.0	2010.09.17	-
> AVG	9.0.0.851	2010.09.16	-
> BitDefender	7.2	2010.09.17	-
> ...


MD5   : e5b1361486d00fdfe6634479451243d8
SHA1  : deba9fc19b4a1af4a36f7cd76f6ddc6e5172e589
SHA256: ed2f90b7865632f213489fc6c29696e206a5c4f5e82b813df2  fbc852d1da6db2

File size : 8253956 bytes
First seen: 2010-09-17 01:21:44
Last seen : 2010-09-17 02:14:57
http://www.virustotal.com/file-scan/...db2-1284689697

----------


## Vadim_SVN

File name: *avz00001.dta*
Submission date: 2010-09-20 08:55:28 (UTC)
Result: *4 /43 (9.3%)*



```
AhnLab-V3      2010.09.20.00      2010.09.20      -
AntiVir     8.2.4.58     2010.09.20     -
Antiy-AVL     2.0.3.7     2010.09.20     -
Authentium     5.2.0.5     2010.09.20     -
Avast     4.8.1351.0     2010.09.19     -
Avast5     5.0.594.0     2010.09.19     -
AVG     9.0.0.851     2010.09.19     -
BitDefender     7.2     2010.09.20     -
CAT-QuickHeal     11.00     2010.09.20     -
ClamAV     0.96.2.0-git     2010.09.20     -
Comodo     6138     2010.09.20     -
DrWeb     5.0.2.03300     2010.09.20     Trojan.WinSpy.935
Emsisoft     5.0.0.37     2010.09.20     -
eSafe     7.0.17.0     2010.09.17     -
eTrust-Vet     36.1.7862     2010.09.17     -
F-Prot     4.6.2.117     2010.09.19     -
F-Secure     9.0.15370.0     2010.09.20     -
Fortinet     4.1.143.0     2010.09.20     -
GData     21     2010.09.20     -
Ikarus     T3.1.1.88.0     2010.09.20     -
Jiangmin     13.0.900     2010.09.20     -
K7AntiVirus     9.63.2552     2010.09.18     -
Kaspersky     7.0.0.125     2010.09.20     -
McAfee     5.400.0.1158     2010.09.20     Artemis!B346F01B0FDC
McAfee-GW-Edition     2010.1C     2010.09.20     Artemis!B346F01B0FDC
Microsoft     1.6201     2010.09.20     -
NOD32     5462     2010.09.19     -
Norman     6.06.06     2010.09.19     -
nProtect     2010-09-20.02     2010.09.20     -
Panda     10.0.2.7     2010.09.19     -
PCTools     7.0.3.5     2010.09.20     -
Prevx     3.0     2010.09.20     -
Rising     22.66.00.01     2010.09.20     -
Sophos     4.57.0     2010.09.20     -
Sunbelt     6898     2010.09.20     -
SUPERAntiSpyware     4.40.0.1006     2010.09.20     -
Symantec     20101.1.1.7     2010.09.20     WS.Reputation.1
TheHacker     6.7.0.0.025     2010.09.20     -
TrendMicro     9.120.0.1004     2010.09.19     -
TrendMicro-HouseCall     9.120.0.1004     2010.09.20     -
VBA32     3.12.14.0     2010.09.20     -
ViRobot     2010.9.20.4051     2010.09.20     -
VirusBuster     12.65.14.0     2010.09.19     -
```

Additional information
MD5   : b346f01b0fdcecf5caf4530a947a6a3e
File size : 11264 bytes
Прописывается в HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro  l\Session Manager\AppCertDlls 
Обитает в C:\Program Files\Internet Explorer\setupapi.dll 
http://www.virustotal.com/file-scan/...079-1284972928

File name: *0.4412461684318797.exe*
Submission date: 2010-09-20 10:19:01 (UTC)
Result: *4 /42 (9.5%)*


```
AhnLab-V3      2010.09.20.00      2010.09.20      -
AntiVir     8.2.4.58     2010.09.20     -
Antiy-AVL     2.0.3.7     2010.09.20     -
Authentium     5.2.0.5     2010.09.20     -
Avast     4.8.1351.0     2010.09.19     -
Avast5     5.0.594.0     2010.09.19     -
AVG     9.0.0.851     2010.09.20     -
BitDefender     7.2     2010.09.20     -
CAT-QuickHeal     11.00     2010.09.20     -
ClamAV     0.96.2.0-git     2010.09.20     -
Comodo     6140     2010.09.20     -
DrWeb     5.0.2.03300     2010.09.20     Trojan.MulDrop1.44194
Emsisoft     5.0.0.37     2010.09.20     -
eSafe     7.0.17.0     2010.09.17     -
eTrust-Vet     36.1.7862     2010.09.17     -
F-Prot     4.6.2.117     2010.09.19     -
F-Secure     9.0.15370.0     2010.09.20     -
Fortinet     4.1.143.0     2010.09.20     -
GData     21     2010.09.20     -
Ikarus     T3.1.1.88.0     2010.09.20     -
Jiangmin     13.0.900     2010.09.20     -
K7AntiVirus     9.63.2552     2010.09.18     -
Kaspersky     7.0.0.125     2010.09.20     -
McAfee     5.400.0.1158     2010.09.20     Artemis!5AA44AB48913
McAfee-GW-Edition     2010.1C     2010.09.20     Artemis!5AA44AB48913
Microsoft     1.6201     2010.09.20     -
NOD32     5463     2010.09.20     -
Norman     6.06.06     2010.09.20     -
nProtect     2010-09-20.02     2010.09.20     -
Panda     10.0.2.7     2010.09.19     -
PCTools     7.0.3.5     2010.09.20     -
Prevx     3.0     2010.09.20     -
Rising     22.66.00.03     2010.09.20     -
Sophos     4.57.0     2010.09.20     -
SUPERAntiSpyware     4.40.0.1006     2010.09.20     -
Symantec     20101.1.1.7     2010.09.20     -
TheHacker     6.7.0.0.025     2010.09.20     -
TrendMicro     9.120.0.1004     2010.09.20     -
TrendMicro-HouseCall     9.120.0.1004     2010.09.20     -
VBA32     3.12.14.0     2010.09.20     BScope.Crex
ViRobot     2010.9.20.4051     2010.09.20     -
VirusBuster     12.65.14.0     2010.09.19     -
```

Additional information
MD5   : 5aa44ab48913e82572a428b1b14e9941
File size : 94792 bytes
http://www.virustotal.com/file-scan/...22d-1284977941

----------


## Никита Соловьев

new




> AhnLab-V3 2010.10.01.00 2010.09.30 - 
> AntiVir 7.10.12.92 2010.09.30 *TR/Spy.513024.20* 
> Antiy-AVL 2.0.3.7 2010.09.30 - 
> Authentium 5.2.0.5 2010.09.30 - 
> Avast 4.8.1351.0 2010.09.30 - 
> Avast5 5.0.594.0 2010.09.30 - 
> AVG 9.0.0.851 2010.09.30 - 
> BitDefender 7.2 2010.09.30 *Gen:[email protected]!h* 
> CAT-QuickHeal 11.00 2010.09.30 - 
> ...

----------


## ISO

File name:
prezidente.exe
Result:
18/ 43 (41.9%)



> Antivirus 	Version 	Last Update 	Result
> *AhnLab-V3	2010.11.02.00	2010.11.01	Win32/Palevo.worm.104960.CV*
> AntiVir	7.10.13.104	2010.11.02	-
> Antiy-AVL	2.0.3.7	2010.11.02	-
> *Authentium	5.2.0.5	2010.11.02	W32/SuspPack.CT.gen!Eldorado
> Avast	4.8.1351.0	2010.11.02	Win32:Crypt-HXJ
> Avast5	5.0.594.0	2010.11.02	Win32:Crypt-HXJ
> AVG	9.0.0.851	2010.11.02	Cryptic.BEB
> BitDefender	7.2	2010.11.02	Gen:Variant.Kazy.2381*
> ...


Additional information
Show all
MD5   : 7b3106352b39e89c90530c88bd988c9b
SHA1  : 0084583548833f9226c457f5fd1dfb8fc3675951
SHA256: 03aed9a2f086b375e63a3e7746c4e0195cdc39dba92db06ab1  bc655bb5ba90c3

----------


## Sonchus

services.exe
поймано из C:\WINDOWS\services.exe
File name: 
5F794DBB00F819FDA47200416C5FF600407A70C3.exe
Submission date: 
2010-11-10 13:23:02 (UTC)
Current status: 
finished
Result: 
5 /43 (11.6%)
Antivirus	Version	Last Update	Result
AhnLab-V3	2010.11.10.02	2010.11.10	-
AntiVir	7.10.13.201	2010.11.10	-
Antiy-AVL	2.0.3.7	2010.11.10	-
Authentium	5.2.0.5	2010.11.10	-
Avast	4.8.1351.0	2010.11.10	-
Avast5	5.0.594.0	2010.11.10	-
AVG	9.0.0.851	2010.11.10	Generic20.CD
BitDefender	7.2	2010.11.10	-
CAT-QuickHeal	11.00	2010.11.09	Win32.Backdoor.PoisonIvy.ay3
ClamAV	0.96.4.0	2010.11.10	-
Comodo	6674	2010.11.10	-
DrWeb	5.0.2.03300	2010.11.10	-
Emsisoft	5.0.0.50	2010.11.10	-
eSafe	7.0.17.0	2010.11.09	-
eTrust-Vet	36.1.7966	2010.11.10	-
F-Prot	4.6.2.117	2010.11.09	-
F-Secure	9.0.16160.0	2010.11.10	-
Fortinet	4.2.249.0	2010.11.10	-
GData	21	2010.11.10	-
Ikarus	T3.1.1.90.0	2010.11.10	-
Jiangmin	13.0.900	2010.11.10	-
K7AntiVirus	9.67.2940	2010.11.09	-
Kaspersky	7.0.0.125	2010.11.10	-
McAfee	5.400.0.1158	2010.11.10	-
McAfee-GW-Edition	2010.1C	2010.11.10	Heuristic.BehavesLike.Win32.Suspicious.D
Microsoft	1.6301	2010.11.10	Spammer:Win32/Tedroo.I
NOD32	5606	2010.11.10	-
Norman	6.06.10	2010.11.10	-
nProtect	2010-11-10.01	2010.11.10	-
Panda	10.0.2.7	2010.11.09	Adware/SecurityTool
PCTools	7.0.3.5	2010.11.10	-
Prevx	3.0	2010.11.10	-
Rising	22.73.02.06	2010.11.10	-
Sophos	4.59.0	2010.11.10	-
Sunbelt	7270	2010.11.10	-
SUPERAntiSpyware	4.40.0.1006	2010.11.10	-
Symantec	20101.2.0.161	2010.11.10	-
TheHacker	6.7.0.1.081	2010.11.10	-
TrendMicro	9.120.0.1004	2010.11.10	-
TrendMicro-HouseCall	9.120.0.1004	2010.11.10	-
VBA32	3.12.14.1	2010.11.09	-
ViRobot	2010.10.30.4121	2010.11.10	-
VirusBuster	12.72.5.0	2010.11.09	-
Additional information
Show all 
MD5   : bdac41e7090e56aceaef2b9d7330a40d
SHA1  : 401905ec1005c0a8d653d2973d9fb8c23a56386a
SHA256: 4dd48539837a40aeced0db52409fa4c044a2abc281f2c35369  c7a31a4fd64dcf

----------


## ISO

File name:
usrinit.exe
Submission date:
2010-11-13 07:36:28 (UTC)
Result:
28/ 43 (65.1%)
*Позавчера KIS ещё не знал эту гадость. На экране просьба отправить деньги на номер сотового билайн. Был дописан в реестре в в разделе HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon в строке Userinit*



> Antivirus 	Version 	Last Update 	Result
> *AhnLab-V3	2010.11.13.00	2010.11.12	Malware/Win32.Generic
> AntiVir	7.10.13.235	2010.11.12	TR/Dropper.Gen*
> Antiy-AVL	2.0.3.7	2010.11.13	-
> Authentium	5.2.0.5	2010.11.13	-
> *Avast	4.8.1351.0	2010.11.12	Win32:Malware-gen
> Avast5	5.0.594.0	2010.11.12	Win32:Malware-gen
> AVG	9.0.0.851	2010.11.12	Dropper.Generic2.BTBU
> BitDefender	7.2	2010.11.13	Trojan.Generic.KDV.62930*
> ...


Additional information
Show all
MD5   : 965ba42d98350532e4365f3fc4e7455e
SHA1  : 34eb0da8cabe535714e9f0112f99982969fc1516
SHA256: 2782073aa45e702c2cdc4f15f861df79611cb595922d40b042  4e2bb57b497eea

----------


## maksimog

Блин, думаю почему у меня ПК глючит, взял на потестить касперского...
Скорее всего в последний раз...




> File name:
> 000057721_FOUND.000.exe
> Submission date:
> 2010-04-05 03:53:08 (UTC)
> Current status:
> finished
> Result:
> 39 /42 (92.9%)
> 
> ...


*Добавлено через 3 часа 38 минут*

А это чудо пришло в письме, как подарок... 




> File name:
> 1.exe
> Submission date:
> 2010-11-15 08:03:00 (UTC)
> Current status:
> finished
> Result:
> 4 /43 (9.3%)
> 
> ...

----------


## olejah

Новенький блокиратор, пойман в Помогите - *C:\Documents and Settings\Администратор\wlock\wlock.exe*

File name: -wlock.exe-
Submission date: 2010-11-15 11:36:07 (UTC)
Current status: finished
Result: *3 /42 (7.1%)*




> Antivirus	Version	Last Update	Result
> AhnLab-V3	2010.11.15.05	2010.11.15	-
> AntiVir	7.10.13.240	2010.11.15	-
> Antiy-AVL	2.0.3.7	2010.11.15	-
> Authentium	5.2.0.5	2010.11.15	-
> Avast	4.8.1351.0	2010.11.15	-
> Avast5	5.0.594.0	2010.11.15	-
> AVG	9.0.0.851	2010.11.15	-
> BitDefender	7.2	2010.11.15	-
> ...


virustotal.com

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Nexus

*C:\WINDOWS\system32\rescue32.exe*

File name: 
avz00001.dta
Submission date: 
2010-11-16 16:21:26 (UTC)
Current status: 
finished
Result: 
3/ 43 (7.0%)




> Antivirus	Version	Last Update	Result
> AhnLab-V3	2010.11.16.00	2010.11.15	-
> AntiVir	7.10.14.11	2010.11.16	-
> Antiy-AVL	2.0.3.7	2010.11.16	-
> Avast	4.8.1351.0	2010.11.16	-
> Avast5	5.0.594.0	2010.11.16	-
> AVG	9.0.0.851	2010.11.16	-
> BitDefender	7.2	2010.11.16	-
> CAT-QuickHeal	11.00	2010.11.09	-
> ...

----------


## Nexus

File name: 
1.vbs
Submission date: 
2010-11-27 10:07:36 (UTC)
Current status: 
finished
Result: 
6/ 43 (14.0%)




> _Antivirus results_
> AhnLab-V3 - 2010.11.27.00 - 2010.11.26 - -
> AntiVir - 7.10.14.125 - 2010.11.26 - VBS/Toow.A.1 
> Antiy-AVL - 2.0.3.7 - 2010.11.27 - -
> Avast - 4.8.1351.0 - 2010.11.26 - -
> Avast5 - 5.0.594.0 - 2010.11.26 - -
> AVG - 9.0.0.851 - 2010.11.27 - -
> BitDefender - 7.2 - 2010.11.27 - -
> CAT-QuickHeal - 11.00 - 2010.11.26 - -
> ...


_File info:_
MD5: e3d1466d7635a989d09ff71bc3b8b16a
SHA1: 82c44cf239cb0f2c722342b51cc16a853680382f
SHA256: 71e5681c079048598dd305e228cf14dcff7d3a0817cdece0cd  1792ac7453f566
File size: 9885 bytes

----------


## Nexus

File name: 
firefox-update.exe
Submission date: 
2010-12-06 20:13:22 (UTC)
Current status: 
finished
Result: 
15/ 43 (34.9%)




> _Antivirus results_
> AhnLab-V3	2010.12.06.01	2010.12.06	Trojan/Win32.FakeAV
> AntiVir	7.10.14.201	2010.12.06	-
> Antiy-AVL	2.0.3.7	2010.12.06	-
> Avast	4.8.1351.0	2010.12.06	-
> Avast5	5.0.677.0	2010.12.06	-
> AVG	9.0.0.851	2010.12.06	-
> BitDefender	7.2	2010.12.06	Gen:Variant.Kazy.4874
> CAT-QuickHeal	11.00	2010.12.06	-
> ...


_File info:_
MD5   : 7f5defc7ee63dfea9232ce7490317b48
SHA1  : 7df97500f67ca9991745ac8518cd6f7980544e2e
SHA256: 29977b585c69db323caa89b834d1330a13cc502f76433ffc6a  ee30582e90855c

----------


## zorro84

Пойман через флешки

File name:
services.exe
Submission date:
2010-12-19 20:08:42 (UTC)
Result:
28/ 43 (65.1%)

Antivirus 	Version 	Last Update 	Result
*AhnLab-V3	2010.12.20.00	2010.12.19	Win-Trojan/Securisk*
*AntiVir	7.11.0.84	2010.12.19	TR/Agent.ayo.5*
Antiy-AVL	2.0.3.7	2010.12.19	-
*Avast	4.8.1351.0	2010.12.19	Win32:Malware-gen*
*Avast5	5.0.677.0	2010.12.19	Win32:Malware-gen*
*AVG	9.0.0.851	2010.12.19	Agent2.BSHM*
*BitDefender	7.2	2010.12.19	Trojan.Generic.5014159*
*CAT-QuickHeal	11.00	2010.12.19	Trojan.Agent.fpdl*
ClamAV	0.96.4.0	2010.12.19	-
Command	5.2.11.5	2010.12.19	-
*Comodo	7119	2010.12.19	UnclassifiedMalware*
*DrWeb	5.0.2.03300	2010.12.19	Win32.HLLW.Autoruner.29931*
*Emsisoft	5.1.0.1	2010.12.19	Trojan.Win32.Agent!IK*
eSafe	7.0.17.0	2010.12.19	-
eTrust-Vet	36.1.8048	2010.12.17	-
F-Prot	4.6.2.117	2010.12.19	-
*F-Secure	9.0.16160.0	2010.12.19	Trojan.Generic.5014159*
*Fortinet	4.2.254.0	2010.12.19	W32/Agent.FPDL!tr*
*GData	21	2010.12.19	Trojan.Generic.5014159*
*Ikarus	T3.1.1.90.0	2010.12.19	Trojan.Win32.Agent*
Jiangmin	13.0.900	2010.12.19	-
*K7AntiVirus	9.73.3286	2010.12.18	Trojan*
*Kaspersky	7.0.0.125	2010.12.19	Trojan.Win32.Agent.fpdl*
*McAfee	5.400.0.1158	2010.12.19	Artemis!63EDD8FC59B7*
*McAfee-GW-Edition	2010.1C	2010.12.19	Artemis!63EDD8FC59B7*
Microsoft	1.6402	2010.12.19	-
NOD32	5716	2010.12.19	-
Norman	6.06.12	2010.12.19	-
*nProtect	2010-12-19.01	2010.12.19	Trojan/W32.Agent.144896.CZ*
*Panda	10.0.2.7	2010.12.19	Trj/CI.A*
*PCTools	7.0.3.5	2010.12.19	Trojan.Gen*
Prevx	3.0	2010.12.19	-
*Rising	22.78.05.00	2010.12.19	Trojan.Win32.Generic.5236BE5F*
Sophos	4.60.0	2010.12.19	-
SUPERAntiSpyware	4.40.0.1006	2010.12.19	-
*Symantec	20101.3.0.103	2010.12.19	Trojan.Gen*
*TheHacker	6.7.0.1.101	2010.12.15	Trojan/Agent.fpdl*
*TrendMicro	9.120.0.1004	2010.12.19	TROJ_GEN.R74C3K9*
*TrendMicro-HouseCall	9.120.0.1004	2010.12.19	TROJ_GEN.R74C3K9*
*VBA32	3.12.14.2	2010.12.17	Trojan.Agent.fpdl*
*VIPRE	7722	2010.12.19	Trojan.Win32.Generic!BT*
ViRobot	2010.12.18.4208	2010.12.19	-
VirusBuster	13.6.102.0	2010.12.19	-

----------


## ISO

Очередной winlock, лежал в кеше IE +запись в userinit, shell + еще звери в system32
File name:
*flash_player[1].exe*
Submission date:
2010-12-23 03:40:53 (UTC)
Result:
6/ 43 (14.0%)




> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3	2010.12.23.01	2010.12.22	-
> AntiVir	7.11.0.144	2010.12.22	-
> Antiy-AVL	2.0.3.7	2010.12.23	-
> Avast	4.8.1351.0	2010.12.22	-
> Avast5	5.0.677.0	2010.12.22	-
> AVG	9.0.0.851	2010.12.23	-
> *BitDefender	7.2	2010.12.23	Trojan.Generic.5250379*
> CAT-QuickHeal	11.00	2010.12.22	-
> ...


Additional information
Show all
MD5   : ef685c8811dec5511cbd3071464f3f20
SHA1  : 5408acb14dc1375884bac4a12626c889ebcecf7f
SHA256: e5288888e1760116b72f63ca68827c94bfaf18d52ae38fe01e  e7ba4ec49fafa6
http://www.virustotal.com/file-scan/...fa6-1293075653

----------


## Nexus

File name: 
foto.exe
Submission date: 
2010-12-24 14:17:12 (UTC)
Current status: 
finished
Result: 
7/ 43 (16.3%)




> Antivirus	Version	Last update	Result
> AhnLab-V3	2010.12.24.00	2010.12.23	-
> AntiVir	7.11.0.174	2010.12.24	-
> Antiy-AVL	2.0.3.7	2010.12.24	-
> Avast	4.8.1351.0	2010.12.24	-
> Avast5	5.0.677.0	2010.12.24	-
> *AVG	9.0.0.851	2010.12.24	Hosts*
> BitDefender	7.2	2010.12.24	-
> CAT-QuickHeal	11.00	2010.12.24	-
> ...


MD5: 3b8d792a232de5f2aaa37bdc9418a08b
SHA1: 6c47bc0d019fa99c58c2c075f90690a0f288a019
SHA256: 419bb73aac5835e0f6ed61fa6aac96210e90f3ea3e01c7334e  aa669003c292ff
File size: 97913 bytes

----------


## Nvidia

File name:
srce.exe
Submission date:
2010-12-25 21:41:48 (UTC)
Current status:
queued queued (#1) analysing finished
Result:
11/ 43 (25.6%)




> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3	2010.12.26.00	2010.12.25	-
> AntiVir	7.11.0.177	2010.12.25	-
> Antiy-AVL	2.0.3.7	2010.12.25	-
> Avast	4.8.1351.0	2010.12.25	-
> Avast5	5.0.677.0	2010.12.25	-
> AVG	9.0.0.851	2010.12.25	-
> *BitDefender	7.2	2010.12.25	Trojan.Generic.KD.94098*
> CAT-QuickHeal	11.00	2010.12.25	-
> ...


MD5   : e6499e33e6c53a01ebea24eff643625e
SHA1  : 9b0d5753b4b5c7879ebd86c278e2097ad48476bc
SHA256: b23ae5717d9e777928cb84c85f79f7eacfa837ee619cf504aa  52df97cc218816

*Добавлено через 4 минуты*

File name:
image96523489.exe
Submission date:
2010-12-25 21:47:12 (UTC)
Current status:
queued (#1) queued (#1) analysing finished
Result:
10/ 41 (24.4%)




> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3	2010.12.26.00	2010.12.25	-
> AntiVir	7.11.0.177	2010.12.25	-
> Antiy-AVL	2.0.3.7	2010.12.25	-
> Avast	4.8.1351.0	2010.12.25	-
> Avast5	5.0.677.0	2010.12.25	-
> AVG	9.0.0.851	2010.12.25	-
> *BitDefender	7.2	2010.12.25	GenPack:Worm.FaceBlocker.B*
> CAT-QuickHeal	11.00	2010.12.25	-
> ...


MD5   : a65d7a1fda9ec0325195c5267699bd88
SHA1  : fbe6f92b43706c76aa11c94a95cab1f4f7d8ad4d
SHA256: aa985ebc69e695a1cc77b1a70ac74d21db131e034f84141a9d  695cb4fdee7d62

----------


## Nvidia

File name: unlock.exe
Submission date: 2011-01-06 17:33:46 (UTC)
Current status: finished
Result: 4 /43 (9.3%)



> Antivirus Version Last Update Result 
> AhnLab-V3 2011.01.06.01 2011.01.06 - 
> AntiVir 7.11.1.34 2011.01.05 - 
> Antiy-AVL 2.0.3.7 2011.01.06 - 
> Avast 4.8.1351.0 2011.01.06 - 
> Avast5 5.0.677.0 2011.01.06 - 
> AVG 9.0.0.851 2011.01.06 - 
> BitDefender 7.2 2011.01.06 - 
> CAT-QuickHeal 11.00 2011.01.06 - 
> ...


MD5   : a3db3989ea2268719fc7d5ff49b6b5ae 
SHA1  : 8aa872a068aff86350c635df7979d67161705f26 
SHA256: ef2fc41fe7de6e354b9ff208384a1573ea5ce4d4975862d9eb  07f86c3851ce4d

----------


## valho

File name: tam_vdali_za_rekoy.exe
Submission date: 2011-01-07 07:23:46 (UTC)
Current status: finished
Result: 5/ 42 (11.9%)



> AhnLab-V3	2011.01.07.00	2011.01.06	-
> AntiVir	7.11.1.35	2011.01.06	-
> Antiy-AVL	2.0.3.7	2011.01.07	-
> *Avast	4.8.1351.0	2011.01.06	Win32:FraudTool-SB*
> *Avast5	5.0.677.0	2011.01.06	Win32:PUP-gen*
> AVG	9.0.0.851	2011.01.07	-
> BitDefender	7.2	2011.01.07	-
> CAT-QuickHeal	11.00	2011.01.06	-
> ClamAV	0.96.4.0	2011.01.07	-
> ...


Additional information
MD5   : 26eaf5e434c6b4a577c4d0b8e6cbb6a1
SHA1  : a136ae5df8b10c6420d8150d1d1621c1423b8344
SHA256: 4f2f925774c0f9a043f48940cc5027e2b211b12d2213a90ae9  69c338377cd2a7
ssdeep: 196608:tj6bJXVuTs2aQ1FA/gOMg7pU3naNGm/Bwb:Qb1AkmA/X+fEwb
File size : 7948288 bytes

TrID:
UPX compressed Win32 Executable (43.8%)
Win32 EXE Yoda's Crypter (38.1%)
Win32 Executable Generic (12.2%)
Generic Win/DOS Executable (2.8%)
DOS Executable Generic (2.8%)

----------


## balu_1

Этот и следующий найдены в корне системного диска. КИС 2011 не видит в упор
File name: 
gakjob.pif
    Submission date: 
2011-01-07 15:45:08 (UTC)
    Result: 
12/                                  42 (28.6%)



> Antivirus      Version      Last Update      Result
> AhnLab-V3    2011.01.07.04    2011.01.07    -
> AntiVir    7.11.1.54    2011.01.07    TR/Dropper.Gen
> Antiy-AVL    2.0.3.7    2011.01.07    -
> Avast    4.8.1351.0    2011.01.07    -
> Avast5    5.0.677.0    2011.01.07    -
> AVG    9.0.0.851    2011.01.07    Win32/Sality.dropper
> BitDefender    7.2    2011.01.07    -
> CAT-QuickHeal    11.00    2011.01.07    (Suspicious) - DNAScan
> ...


MD5   : 3369dba29e2ecce70cd8faa436df8420
SHA1  : b047b308735639a685d22bd95c82d9991ec4d1a7
SHA256: 50260cf30be8747434c813d7cab3c0d2aa042c4ad1283dea6d  7b6f95ec815704

File name: 
autorun.inf
Submission date:
2011-01-07 15:36:23 (UTC)
Result:
17/ 42 (40.5%)



> AhnLab-V3    2011.01.07.04    2011.01.07    -
> AntiVir    7.11.1.54    2011.01.07    -
> Antiy-AVL    2.0.3.7    2011.01.07    -
> Avast    4.8.1351.0    2011.01.07    -
> Avast5    5.0.677.0    2011.01.07    INF:AutoRun-gen
> AVG    9.0.0.851    2011.01.07    Worm/AutoRun
> BitDefender    7.2    2011.01.07    Trojan.AutorunINF.Gen
> CAT-QuickHeal    11.00    2011.01.07    -
> ClamAV    0.96.4.0    2011.01.07    -
> ...


MD5   : eed81b63a8a21196462e987ee8b0adcd
SHA1  : bc629f46db30c58adace0f0542694ee99e3051cf
SHA256: 3256cd97b8574ce7d37c9fa2fc923b47e17e51f57cadd70e00  c068b8800112dc5ec815704

----------


## ISO

Очередной winlock, сидел в кеше IE, прописан был в параметре Shell куста реестра HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
File name:
*readme[1].exe*
Submission date:
2011-01-10 04:43:58 (UTC)
Result:
1/ 43 (2.3%)



> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3	2011.01.10.00	2011.01.09	-
> AntiVir	7.11.1.58	2011.01.09	-
> Antiy-AVL	2.0.3.7	2011.01.10	-
> Avast	4.8.1351.0	2011.01.09	-
> Avast5	5.0.677.0	2011.01.09	-
> AVG	9.0.0.851	2011.01.10	-
> BitDefender	7.2	2011.01.10	-
> CAT-QuickHeal	11.00	2011.01.09	-
> ...


Additional information
Show all
MD5   : b900d781b0146a8e771e60e7fe02495c
SHA1  : c6b9b47767653ac3132161628526320aa8a51493
SHA256: 0c2e852fdd4bb9f9ad7d16ab9d456af72afef8f442f659ac29  4a1eba6adfc56e
http://www.virustotal.com/file-scan/...56e-1294634638

----------


## Юльча

File name:xxx_video.exe
Submission date:2011-01-13 12:50:21 (UTC)
Result:*7/ 43 (16.3%)*




> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3	2011.01.13.00	2011.01.12	-
> AntiVir	7.11.1.116	2011.01.13	-
> Antiy-AVL	2.0.3.7	2011.01.13	-
> *Avast	4.8.1351.0	2011.01.13	Win32: LockScreen-O
> Avast5	5.0.677.0	2011.01.13	Win32: LockScreen-O*
> AVG	10.0.0.1190	2011.01.13	-
> BitDefender	7.2	2011.01.13	-
> CAT-QuickHeal	11.00	2011.01.13	-
> ...


report

----------


## Юльча

File name:wing.exe
Submission date:2011-01-13 22:43:44 (UTC)
Result:4 /43 (9.3%)




> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3 	2011.01.14.00 	2011.01.13 	-
> *AntiVir 	7.11.1.122 	2011.01.13 	Worm/Autorun.bzma*
> Antiy-AVL 	2.0.3.7 	2011.01.13 	-
> Avast 	4.8.1351.0 	2011.01.13 	-
> Avast5 	5.0.677.0 	2011.01.13 	-
> AVG 	10.0.0.1190 	2011.01.13 	-
> BitDefender 	7.2 	2011.01.13 	-
> CAT-QuickHeal 	11.00 	2011.01.13 	-
> ...


VT

----------


## ISO

Очередной блокиратор windows< на этот раз прописан был в реестре в параметре shell профиля пользователя. Грузился из кэша Opera.
xxx_video_41774.avi.exe
Submission date:
2011-01-17 15:09:16 (UTC)
Result:
2 /43 (4.7%)



> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3 	2011.01.16.00 	2011.01.16 	-
> AntiVir 	7.11.1.153 	2011.01.17 	-
> Antiy-AVL 	2.0.3.7 	2011.01.17 	-
> Avast 	4.8.1351.0 	2011.01.17 	-
> Avast5 	5.0.677.0 	2011.01.17 	-
> AVG 	10.0.0.1190 	2011.01.17 	-
> BitDefender 	7.2 	2011.01.17 	-
> CAT-QuickHeal 	11.00 	2011.01.17 	-
> ...


Additional information
Show all
MD5   : 42fcd8c9f0d04a9ff9f821a97640537e
SHA1  : e43c044fb8e456fccba6eeb9d436ff5d0d593c06
SHA256: 8241f904b3ec6c8b45211cf2226263ca73653a201eb4accb1e  b9455fe342f2bf
http://www.virustotal.com/file-scan/...2bf-1295276956

----------


## Юльча

File name: javaobe.jar
Submission date: 2011-01-18 07:56:57 (UTC)
Result: 3/ 43 (7.0%)




> Safety score: -  
> Compact Print results Antivirus Version Last Update Result 
> AhnLab-V3 2011.01.15.01 2011.01.15 - 
> AntiVir 7.11.1.163 2011.01.17 - 
> Antiy-AVL 2.0.3.7 2011.01.18 - 
> Avast 4.8.1351.0 2011.01.17 - 
> Avast5 5.0.677.0 2011.01.17 - 
> AVG 10.0.0.1190 2011.01.12 - 
> BitDefender 7.2 2011.01.18 - 
> ...


Additional informationShow all  
MD5   : dfb15e56a0f61c49ea298edef2b0aac7 
SHA1  : 9f570a76f1b8dd0ba86a1d9e36d80e53ec127c2d 



VT

----------


## 5ergi0

Очередной winlock, создает пару файлов в \windows - rundll.bat и nvcvc32.exe, в HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon меняет Shell на EXPLORER.EXE %WINDIR%\RUNDLL.BAT Номера телефонов - 3116 и 84444

File name: 
nvcvc32.exe
Submission date: 
2011-01-18 14:25:12 (UTC)
Current status: 
finished
Result: 
11 /43 (25.6%)




> Antivirus	Version	Last Update	Result
> *AhnLab-V3	2011.01.18.00	2011.01.17	Trojan/Win32.Zbot*
> AntiVir	7.11.1.170	2011.01.18	-
> Antiy-AVL	2.0.3.7	2011.01.18	-
> Avast	4.8.1351.0	2011.01.18	-
> Avast5	5.0.677.0	2011.01.18	-
> AVG	10.0.0.1190	2011.01.18	-
> *BitDefender	7.2	2011.01.18	Trojan.Generic.KDV.112122*
> CAT-QuickHeal	11.00	2011.01.18	-
> ...


Additional information

MD5   : 3b25de57f5baf962ded3b1f300f2a1c7
SHA1  : 7b86c12ee65224f0fb827306a9884b190efb81ca
SHA256: e485495c8a9e15deae56f78884706c7c30c881b485d0cd97b9  b2136d35b37e6d

VT

----------


## ISO

*0.701673132117444.exe*
Submission date:
2011-01-18 18:00:53 (UTC)

Result:
2 /43 (4.7%)



> Antivirus 	Version 	Last Update 	Result
> *AhnLab-V3 	2011.01.18.00 	2011.01.17 	Trojan/Win32.Zbot*
> AntiVir 	7.11.1.174 	2011.01.18 	-
> Antiy-AVL 	2.0.3.7 	2011.01.18 	-
> Avast 	4.8.1351.0 	2011.01.18 	-
> Avast5 	5.0.677.0 	2011.01.18 	-
> AVG 	10.0.0.1190 	2011.01.18 	-
> BitDefender 	7.2 	2011.01.18 	-
> CAT-QuickHeal 	11.00 	2011.01.18 	-
> ...


Additional information
Show all
MD5   : 86680943c428158604eeecc98f05bb09
SHA1  : 9a1bfc7f652c613598b53bbf8fd3650365b630d8
SHA256: 7746f6b7ae6fa7c9ee3476214f87aee481938c39641e651fa2  aeeb66bafbe287

File name:
0.4371517777213674.exe
Submission date:
2011-01-18 18:18:07 (UTC)
Result:
11/ 43 (25.6%)



> Antivirus 	Version 	Last Update 	Result
> *AhnLab-V3	2011.01.18.00	2011.01.17	Trojan/Win32.Zbot*
> AntiVir	7.11.1.174	2011.01.18	-
> Antiy-AVL	2.0.3.7	2011.01.18	-
> Avast	4.8.1351.0	2011.01.18	-
> Avast5	5.0.677.0	2011.01.18	-
> AVG	10.0.0.1190	2011.01.18	-
> *BitDefender	7.2	2011.01.18	Gen:Variant.Kazy.8575*
> CAT-QuickHeal	11.00	2011.01.18	-
> ...


Additional information
Show all
MD5   : 60ac4669d676ab648b4f3b5963014ebb
SHA1  : 95941db7c452bc8a46ed134b35bbe14856cca6bc
SHA256: a5002de8515dc0e11692a1d774cd89a5a824097bff36e7622c  5c243021fb4978

File name:
0.835926453763574.exe
Submission date:
2011-01-18 18:18:47 (UTC)
Result:
7/ 42 (16.7%)



> Antivirus 	Version 	Last Update 	Result
> *AhnLab-V3	2011.01.18.00	2011.01.17	Trojan/Win32.Zbot*
> AntiVir	7.11.1.174	2011.01.18	-
> Antiy-AVL	2.0.3.7	2011.01.18	-
> Avast	4.8.1351.0	2011.01.18	-
> Avast5	5.0.677.0	2011.01.18	-
> *AVG	10.0.0.1190	2011.01.18	unknown virus Win32/DH.CAFF82016F
> BitDefender	7.2	2011.01.18	Gen:Variant.Kazy.8575*
> CAT-QuickHeal	11.00	2011.01.18	-
> ...


Additional information
Show all
MD5   : 9cbdf91f71253fa9ff3ee2a465d8d136
SHA1  : 13e1739dc00ab9316d42ba65359196fda13caa87
SHA256: 07054ca47514a542d15e8843abab8fb77277089f9ae711f024  84a2f7f4578d66


File name:
0.8896806878863428.exe
Submission date:
2011-01-18 18:25:01 (UTC)
Result:
4/ 43 (9.3%)




> Antivirus 	Version 	Last Update 	Result
> *AhnLab-V3	2011.01.18.00	2011.01.17	Trojan/Win32.Zbot*
> AntiVir	7.11.1.174	2011.01.18	-
> Antiy-AVL	2.0.3.7	2011.01.18	-
> Avast	4.8.1351.0	2011.01.18	-
> Avast5	5.0.677.0	2011.01.18	-
> AVG	10.0.0.1190	2011.01.18	-
> *BitDefender	7.2	2011.01.18	Gen:Variant.Kazy.8581*
> CAT-QuickHeal	11.00	2011.01.18	-
> ...


Additional information
Show all
MD5   : 2e20a5ac8eeefa55b92f3ffb673c46e5
SHA1  : f690d1df62c5a555196c4cd9b9c16cc3ec5b8ef4
SHA256: 098401201c235b663071d95dc0f1d487e25d79cb7a2a6fb622  09683db4dd4bf1

----------


## amcenter

File name: system.exe
Submission date: 2011-01-21 17:02:15 (UTC)
Current status: finished
Result: 8 /43 (18.6%)



> Antivirus  	Version  	Last Update  	Result
> AhnLab-V3 	2011.01.18.00 	2011.01.17 	-
> AntiVir 	7.11.1.210 	2011.01.21 	-
> Antiy-AVL 	2.0.3.7 	2011.01.18 	-
> Avast 	4.8.1351.0 	2011.01.21 	-
> Avast5 	5.0.677.0 	2011.01.21 	-
> AVG 	10.0.0.1190 	2011.01.21 	-
> *BitDefender 	7.2 	2011.01.21 	Trojan.Generic.KD.114491*
> CAT-QuickHeal 	11.00 	2011.01.21 	-
> ...


http://www.virustotal.com/file-scan/...56f-1295629335

Анализ действий:
http://www.threatexpert.com/report.a...020ec7db12a1c3

----------


## Korvelle

Соц. сети это кладезь новых образцов.download_10285781-.zip.exe
    Submission date: 
2011-01-23 07:13:45 (UTC)
              Result: 
2/                                  43 (4.7%)
 Compact  


> Antivirus             Version             Last Update             Result              
> AhnLab-V32011.01.18.002011.01.17-
> AntiVir7.11.1.2162011.01.21-
> Antiy-AVL2.0.3.72011.01.18-
> Avast4.8.1351.02011.01.22-
> Avast55.0.677.02011.01.22-
> AVG10.0.0.11902011.01.23-
> BitDefender7.22011.01.23-
> CAT-QuickHeal11.002011.01.22-
> ...


                  Additional information
                                      Show all                 
                                                                                                                                                                                                                                                                                     MD5   : ec19535de1e6fdca70b978c199420b57 SHA1  : 7e79ddb7188fa629c5e2b1a420306c5b35ce8d84 SHA256: feb0d01e8aa1a9bfd010243425b70aebcaee642ccfb186a4f4  7499ed1f0124fd

----------


## Winsent

File name: avloader_2042-8_tty8.exe
Submission date: 2011-01-26 09:34:52 (UTC)
Current status: queued queued analysing finished
Result: 8/ 42 (19.0%)





> Compact Print results Antivirus Version Last Update Result 
> 
> AhnLab-V3 2011.01.18.00 2011.01.17 - 
> AntiVir 7.11.1.245 2011.01.25 - 
> Antiy-AVL 2.0.3.7 2011.01.26 - 
> Avast 4.8.1351.0 2011.01.25 - 
> Avast5 5.0.677.0 2011.01.25 - 
> AVG 10.0.0.1190 2011.01.26 - 
> *BitDefender 7.2 2011.01.26 Trojan.Generic.KD.117686* 
> ...

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## big_boss

File name: 
123242235.exe
Submission date: 
2011-01-31 12:48:29 (UTC)
Current status: 
finished
Result: 
7/ 43 (16.3%)	VT Community

not reviewed
 Safety score: - 




> Compact 
> Print results  Antivirus	Version	Last Update	Result
> AhnLab-V3	2011.01.27.01	2011.01.27	-
> AntiVir	7.11.2.37	2011.01.31	-
> Antiy-AVL	2.0.3.7	2011.01.28	-
> Avast	4.8.1351.0	2011.01.31	-
> Avast5	5.0.677.0	2011.01.31	-
> AVG	10.0.0.1190	2011.01.31	-
> BitDefender	7.2	2011.01.31	*Gen:Variant.Kazy.9799*
> ...

----------


## jurok04

SMS блокер, впервые был пойман 05.01.2011 -
сразу послан в ЛК лаб через helpdesk, 19.01.2011
вторичное заражение, отсылка в ЛК и Есет 
(после чего в течение 24 часов появился детект Есет). 
На сегодня (01.02.2011) ситуация такая:

File name: servercfg.exe
Submission date: 
2011-02-01 07:47:04 (UTC)
Current status: 
queued queued analysing finished
Result: 
30/ 43 (69.8%)






> Цитата:
> *AhnLab-V3 2011.01.27.01 2011.01.27 Trojan/Win32.Gen* 
> *AntiVir 7.11.2.39 2011.01.31 TR/Crypt.FKM.Gen* 
> Antiy-AVL 2.0.3.7 2011.01.28 - 
> *Avast 4.8.1351.0 2011.01.31 Win32:Malware-gen* 
> *Avast5 5.0.677.0 2011.01.31 Win32:Malware-gen* 
> AVG 10.0.0.1190 2011.02.01 - 
> *BitDefender 7.2 2011.02.01 Trojan.Generic.5358855* 
> CAT-QuickHeal 11.00 2011.02.01 - 
> ...


http://www.virustotal.com/file-scan/...529-1296546424

----------


## maksimog

Нашел на зараженном пк




> File name:
> pornoplayer.exe
> Submission date:
> 2011-02-05 17:35:46 (UTC)
> Current status:
> queued queued analysing finished
> Result:
> 2/ 43 (4.7%)
> 
> ...

----------


## Iron Monk

*ICQ Trojan & KeyLogger*



> File name: 
> MS_Helper.exe
> Submission date: 
> 2011-02-05 18:53:06 (UTC)
> Current status: 
> finished
> Result: 
> *18*/ 43 (41.9%)	VT Community
> 
> ...

----------


## maksimog

Пытался загрузится на каком то сайте




> File name:
> a409deaadc925c4386d12a379ae1cc79.malware
> Submission date:
> 2011-02-08 16:04:55 (UTC)
> Current status:
> finished
> Result:
> 6 /43 (14.0%)
> 
> ...

----------


## ZhIV

File name: 0.6532615156020773.exe
Submission date: 2011-02-09 13:16:56 (UTC)
Current status: finished
Result: 23 /43 (53.5%)




> _Antivirus results_
> AhnLab-V3 - 2011.02.06.00 - 2011.02.06 - Trojan/Win32.Zbot 
> AntiVir - 7.11.2.107 - 2011.02.09 - TR/Ransom.CP 
> Antiy-AVL - 2.0.3.7 - 2011.01.28 - -
> Avast - 4.8.1351.0 - 2011.02.09 - Win32:Malware-gen 
> Avast5 - 5.0.677.0 - 2011.02.09 - Win32:Malware-gen 
> AVG - 10.0.0.1190 - 2011.02.09 - -
> BitDefender - 7.2 - 2011.02.09 - Trojan.Generic.KDV.127318 
> CAT-QuickHeal - 11.00 - 2011.02.09 - -
> ...


File info:
MD5: 83eb7fc3be057ca452d66e54d5962f35
SHA1: d41f520c4b393e2763cc241021c49fa8486d77aa
SHA256: 6e2e7838b548370262dd78e45901fd570646990f16524fd1b5  72f4315d7d019b

----------


## Vadim_SVN

File name: 0.11796125916210298.exe
Date first seen:	2011-02-15 13:09:32 (UTC)
Result: *4 /43* (9.3%)



> *AhnLab-V3 	2011.02.14.02 	2011.02.14 	Trojan/Win32.Zbot*
> AntiVir 	7.11.3.93 	2011.02.15 	-
> Antiy-AVL 	2.0.3.7 	2011.02.15 	-
> Avast 	4.8.1351.0 	2011.02.16 	-
> Avast5 	5.0.677.0 	2011.02.16 	-
> AVG 	10.0.0.1190 	2011.02.16 	-
> BitDefender 	7.2 	2011.02.16 	-
> CAT-QuickHeal 	11.00 	2011.02.15 	-
> ClamAV 	0.96.4.0 	2011.02.16 	-
> ...


Additional information
Show all
MD5   : 9774f3c9e7a3ccca15b4286cb49d651d
SHA1  : 7e39ddade06bb41b76c939cf8bf802bf5eaca1a9
SHA256: 2b12b799fa3bbb882c11a94679140309f9e056057dd3ca71d8  6105566260df0d

http://www.virustotal.com/file-scan/...f0d-1297827462

Сэмпл разослан.
Ответ DrWeb: Угроза: Trojan.Winlock.2741

----------


## amcenter

File name: AntiSpyWareSetup.exe
Submission date:
2011-03-07 21:59:27 (UTC)
Current status:
 analysing finished
Result:
*5*/ 43 (11.6%)




> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3	2011.03.07.06	2011.03.07	-
> AntiVir	7.11.4.100	2011.03.07	-
> Antiy-AVL	2.0.3.7	2011.03.06	-
> Avast	4.8.1351.0	2011.03.07	-
> Avast5	5.0.677.0	2011.03.07	-
> AVG	10.0.0.1190	2011.03.07	-
> BitDefender	7.2	2011.03.07	-
> CAT-QuickHeal	11.00	2011.03.07	-
> ...



ThreatExpert стал халтурить с подробным анализом,
от Комодо и Анубиса дали правильные соответствующие заключения.

PS. Что за ерунда с размещением ссылок 


> Вы не можете размещать ссылки на другие сайты, изображения или видео, у вас пока недостаточно сообщений


, получается нужно флудить?

----------


## Korvelle

Мой agnitum не захотел определять. Оказалось, он не один такой.

*File name:* Nora Roberts - Angel Gabrielya_17258885-3217608.zip.exe
*Submission date:* 2011-03-13 20:46:56 (UTC)
*Current status:* finished
*Result:* 6/ 43 (14.0%)



> AhnLab-V3	2011.03.13.00	2011.03.12	-
> AntiVir	7.11.4.178	2011.03.13	TR/Crypt.XPACK.Gen3
> Antiy-AVL	2.0.3.7	2011.03.12	-
> Avast	4.8.1351.0	2011.03.13	-
> Avast5	5.0.677.0	2011.03.13	-
> AVG	10.0.0.1190	2011.03.13	-
> BitDefender	7.2	2011.03.13	Gen:Variant.Adware.SMSHoax.14
> CAT-QuickHeal	11.00	2011.03.13	-
> ClamAV	0.96.4.0	2011.03.13	-
> ...

----------


## Nexus

Выловил пару минут назад.
File name: 
avz00001.dta
Submission date: 
2011-03-19 07:40:12 (UTC)
Current status: 
finished
Result: 
7/ 43 (16.3%)




> AhnLab-V3	2011.03.19.00	2011.03.18	Trojan/Win32.FakeAV
> AntiVir	7.11.5.1	2011.03.18	-
> Antiy-AVL	2.0.3.7	2011.03.19	-
> Avast	4.8.1351.0	2011.03.18	-
> Avast5	5.0.677.0	2011.03.18	-
> AVG	10.0.0.1190	2011.03.18	-
> BitDefender	7.2	2011.03.19	-
> CAT-QuickHeal	11.00	2011.03.19	-
> ClamAV	0.96.4.0	2011.03.19	-
> ...


MD5   : 491ff648f66cce66581da477cebe920a
SHA1  : bd83923831e9a879d0923d034a91d0ab0bca7450

http://www.virustotal.com/file-scan/...0c-1300520412#

----------


## Korvelle

Странно что справляются с этим не все.

File name: Install_Flash-Player.exe
Submission date: 2011-03-19 08:10:24 (UTC)
Current status: finished
Result: 20 /42 (47.6%)




> Antivirus	Version	Last Update	Result
> AhnLab-V3	2011.03.19.00	2011.03.18	-
> AntiVir	7.11.5.1	2011.03.18	TR/ScreenLogger.A
> Antiy-AVL	2.0.3.7	2011.03.19	-
> Avast	4.8.1351.0	2011.03.18	Win32:Malware-gen
> Avast5	5.0.677.0	2011.03.18	Win32:Malware-gen
> AVG	10.0.0.1190	2011.03.18	Generic21.AOVJ
> BitDefender	7.2	2011.03.19	Trojan.Generic.KDV.156942
> CAT-QuickHeal	11.00	2011.03.19	-
> ...

----------


## 5ergi0

File name: 30E5392F00F8BBDBC0F800059F0FCD0025F7E997.dll
Submission date: 2011-03-21 10:02:08 (UTC)
Current status: finished
Result: 3 /41 (7.3%)




> _Antivirus results_ 
> AhnLab-V3 - 2011.03.21.01 - 2011.03.21 - - 
> AntiVir - 7.11.5.3 - 2011.03.21 - - 
> Antiy-AVL - 2.0.3.7 - 2011.03.20 - - 
> Avast - 4.8.1351.0 - 2011.03.20 - - 
> Avast5 - 5.0.677.0 - 2011.03.20 - - 
> AVG - 10.0.0.1190 - 2011.03.20 - - 
> BitDefender - 7.2 - 2011.03.21 - - 
> CAT-QuickHeal - 11.00 - 2011.03.21 - - 
> ...

----------


## ISO

Очередной банер на рабочем столе.
*29966592.EXE*
Submission date:
2011-03-22 04:09:34 (UTC)
Result:
11/ 43 (25.6%)



> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3	2011.03.22.01	2011.03.22	-
> AntiVir	7.11.5.21	2011.03.22	-
> Antiy-AVL	2.0.3.7	2011.03.22	-
> *Avast	4.8.1351.0	2011.03.22	Win32bot-MZQ
> Avast5	5.0.677.0	2011.03.22	Win32bot-MZQ*
> AVG	10.0.0.1190	2011.03.21	-
> *BitDefender	7.2	2011.03.22	Gen:Variant.Oficla.11*
> CAT-QuickHeal	11.00	2011.03.22	-
> ...


Additional information
Show all
MD5   : fdc223e81a4c60391f8b7422181aec0a
SHA1  : 146e82414ce508721fe63af6e2a6f374da034f21
http://www.virustotal.com/file-scan/...d21-1300766974

----------


## Vadim_SVN

На 25.03.2011
File name: WBVBZQC.DLL._BD09E6201922B14C02C8DA599E9B85B412E3D  CB6
Submission date: 2011-03-25 12:42:40 (UTC)
*Result: 3 /41 (7.3%)*




> Полное имя                  C:\WINDOWS\SYSTEM32\WBVBZQC.DLL
> Имя файла                   WBVBZQC.DLL
> Статус                      АКТИВНЫЙ ?ВИРУС? ВНЕДРЯЕМЫЙ ПОДОЗРИТЕЛЬНЫЙ DLL в автозапуске 
> Размер                      49152 байт
> Создан                      24.03.2011 в 20:40:10
> Изменен                     24.03.2011 в 20:40:10
> Тип файла                   32-х битный ИСПОЛНЯЕМЫЙ
> Цифр. подпись               проверка не производилась
> 
> ...




```
Antivirus 	Version 	Last Update 	Result
AhnLab-V3 	2011.03.25.01 	2011.03.25 	-
AntiVir 	7.11.5.70 	2011.03.25 	-
Antiy-AVL 	2.0.3.7 	2011.03.25 	-
Avast 	4.8.1351.0 	2011.03.25 	-
Avast5 	5.0.677.0 	2011.03.25 	-
AVG 	10.0.0.1190 	2011.03.25 	-
BitDefender 	7.2 	2011.03.25 	-
CAT-QuickHeal 	11.00 	2011.03.25 	-
ClamAV 	0.96.4.0 	2011.03.25 	-
Commtouch 	5.2.11.5 	2011.03.24 	-
Comodo 	8100 	2011.03.25 	-
DrWeb 	5.0.2.03300 	2011.03.25 	Trojan.Siggen.64625
eSafe 	7.0.17.0 	2011.03.24 	-
eTrust-Vet 	36.1.8235 	2011.03.25 	-
F-Prot 	4.6.2.117 	2011.03.24 	-
F-Secure 	9.0.16440.0 	2011.03.23 	-
Fortinet 	4.2.254.0 	2011.03.25 	-
GData 	21 	2011.03.25 	-
Ikarus 	T3.1.1.97.0 	2011.03.25 	-
Jiangmin 	13.0.900 	2011.03.25 	-
K7AntiVirus 	9.94.4211 	2011.03.25 	-
McAfee 	5.400.0.1158 	2011.03.25 	-
McAfee-GW-Edition 	2010.1C 	2011.03.25 	-
Microsoft 	1.6702 	2011.03.25 	-
NOD32 	5984 	2011.03.25 	-
Norman 	6.07.03 	2011.03.24 	-
nProtect 	2011-02-10.01 	2011.02.15 	-
Panda 	10.0.3.5 	2011.03.24 	Suspicious file
PCTools 	7.0.3.5 	2011.03.25 	-
Prevx 	3.0 	2011.03.25 	-
Rising 	23.50.04.06 	2011.03.25 	-
Sophos 	4.64.0 	2011.03.25 	-
SUPERAntiSpyware 	4.40.0.1006 	2011.03.25 	-
Symantec 	20101.3.0.103 	2011.03.25 	-
TheHacker 	6.7.0.1.156 	2011.03.24 	-
TrendMicro 	9.200.0.1012 	2011.03.25 	-
TrendMicro-HouseCall 	9.200.0.1012 	2011.03.25 	-
VBA32 	3.12.14.3 	2011.03.24 	-
VIPRE 	8814 	2011.03.25 	Trojan-Downloader.Win32.Vundo.hiy (v)
ViRobot 	2011.3.25.4376 	2011.03.25 	-
VirusBuster 	13.6.269.0 	2011.03.25 	-

Additional information
MD5   : 46efe97461bbc760d6c7e63434f860ae
SHA1  : bd09e6201922b14c02c8da599e9b85b412e3dcb6
SHA256: 5f7cda113ce3c7acc84b8229afb1a425b4301dd6190ba30c78d4d9794e7442a7
```

Сэмпл разослан.
На 28.03.2011:


```
File name: WBVBZQC.DLL._BD09E6201922B14C02C8DA599E9B85B412E3DCB6
Submission date: 2011-03-28 05:32:27 (UTC)
Result: 8/ 41 (19.5%)
```

----------


## ragalt

*File name:*
avz00001.dta (ex. C:\ProgramData\22CC6C32.exe)
*Submission date:*
2011-04-25 10:55:35 (UTC)
*Current status:*
finished
*Result:*
8/ 42 (19.0%)
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2011.04.25.02	2011.04.25	-
AntiVir	7.11.7.4	2011.04.25	-
Antiy-AVL	2.0.3.7	2011.04.25	-
Avast	4.8.1351.0	2011.04.24	-
*Avast5*	5.0.677.0	2011.04.25	Win32:Malware-gen
*AVG*	10.0.0.1190	2011.04.24	Generic22.STV
BitDefender	7.2	2011.04.25	-
CAT-QuickHeal	11.00	2011.04.24	-
ClamAV	0.97.0.0	2011.04.25	-
Commtouch	5.3.2.6	2011.04.25	-
*Comodo*	8468	2011.04.25	Heur.Suspicious
DrWeb	5.0.2.03300	2011.04.25	-
Emsisoft	5.1.0.5	2011.04.25	-
eSafe	7.0.17.0	2011.04.24	-
eTrust-Vet	36.1.8289	2011.04.25	-
F-Prot	4.6.2.117	2011.04.25	-
F-Secure	9.0.16440.0	2011.04.25	-
Fortinet	4.2.257.0	2011.04.25	-
GData	22	2011.04.25	-
Ikarus	T3.1.1.103.0	2011.04.25	-
Jiangmin	13.0.900	2011.04.24	-
K7AntiVirus	9.98.4458	2011.04.23	-
*Kaspersky	*9.0.0.837	2011.04.25	Trojan-Ransom.Win32.Agent.pv
McAfee	5.400.0.1158	2011.04.25	-
McAfee-GW-Edition	2010.1D	2011.04.24	-
Microsoft	1.6802	2011.04.25	-
NOD32	6068	2011.04.25	-
Norman	6.07.07	2011.04.25	-
*Panda	*10.0.3.5	2011.04.24	Suspicious file
PCTools	7.0.3.5	2011.04.21	-
Prevx	3.0	2011.04.25	-
Rising	23.54.06.06	2011.04.24	-
*Sophos	*4.64.0	2011.04.25	Mal/Generic-L
SUPERAntiSpyware	4.40.0.1006	2011.04.25	-
*Symantec	*20101.3.2.89	2011.04.25	Suspicious.Cloud
TheHacker	6.7.0.1.182	2011.04.24	-
TrendMicro	9.200.0.1012	2011.04.25	-
TrendMicro-HouseCall	9.200.0.1012	2011.04.25	-
VBA32	3.12.16.0	2011.04.22	-
*VIPRE	*9112	2011.04.25	Trojan.Win32.Generic!BT
ViRobot	2011.4.25.4427	2011.04.25	-
VirusBuster	13.6.319.2	2011.04.24	-

----------


## grobik

File name: *pack107_2112.exe*

Submission date: 2011-05-05 00:33:25 (UTC)
Current status: finished

Result: *2*/ 41 (*4.9%*)


AhnLab-V3	2011.05.05.00	2011.05.04	-
AntiVir	7.11.7.150	2011.05.04	-
Antiy-AVL	2.0.3.7	2011.05.05	-
Avast	4.8.1351.0	2011.05.04	-
Avast5	5.0.677.0	2011.05.04	-
AVG	10.0.0.1190	2011.05.04	-
BitDefender	7.2	2011.05.04	-
CAT-QuickHeal	11.00	2011.05.04	-
ClamAV	0.97.0.0	2011.05.04	-
Commtouch	5.3.2.6	2011.05.04	-
Comodo	8584	2011.05.05	-
DrWeb	5.0.2.03300	2011.05.05	-
eSafe	7.0.17.0	2011.05.04	-
eTrust-Vet	36.1.8307	2011.05.04	-
F-Prot	4.6.2.117	2011.05.04	-
F-Secure	9.0.16440.0	2011.05.04	-
*Fortinet*	4.2.257.0	2011.05.05	*W32/Injector.fam!tr*
GData	22	2011.05.05	-
Ikarus	T3.1.1.103.0	2011.05.05	-
Jiangmin	13.0.900	2011.05.03	-
K7AntiVirus	9.100.4563	2011.05.04	-
Kaspersky	9.0.0.837	2011.05.05	-
McAfee	5.400.0.1158	2011.05.05	-
McAfee-GW-Edition	2010.1D	2011.05.05	-
Microsoft	1.6802	2011.05.04	-
NOD32	6095	2011.05.05	-
Norman	6.07.07	2011.05.04	-
*Panda*	10.0.3.5	2011.05.04	*Suspicious file*
PCTools	7.0.3.5	2011.05.04	-
Prevx	3.0	2011.05.05	-
Rising	23.56.02.06	2011.05.04	-
Sophos	4.64.0	2011.05.05	-
SUPERAntiSpyware	4.40.0.1006	2011.05.05	-
Symantec	20101.3.2.89	2011.05.04	-
TheHacker	6.7.0.1.187	2011.05.03	-
TrendMicro	9.200.0.1012	2011.05.04	-
TrendMicro-HouseCall	9.200.0.1012	2011.05.05	-
VBA32	3.12.16.0	2011.05.04	-
VIPRE	9193	2011.05.04	-
ViRobot	2011.5.4.4446	2011.05.05	-
VirusBuster	13.6.336.0	2011.05.04	-

MD5   : 6ab4e45ea9436cfef7353dd5f558fa48
SHA1  : 70bd3957c5ef45e773ff8c2a2437601e3b0c9dfb
SHA256: a28967aeea711fb66f1b6ad6797a8224f095100c7757de351e  9107859931c702
ssdeep: 6144:cdz8D9j6LDKRajieMpgfdEiCATSxiqlo5CPIYfQbQKjFG  ep7:cVyjTbGfqATSM9CgFV
File size : 279552 bytes

First seen: 2011-05-05 00:33:25
Last seen : 2011-05-05 00:33:25

http://www.virustotal.com/file-scan/...702-1304555605

----------


## ragalt

*File name:*
virus
*Submission date:*
2011-05-08 09:22:40 (UTC)
*Current status:*
finished
*Result:*
*4/ 41 (9.8%)*
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2011.05.08.00	2011.05.07	-
AntiVir	7.11.7.176	2011.05.06	-
Antiy-AVL	2.0.3.7	2011.05.08	-
Avast	4.8.1351.0	2011.05.07	-
Avast5	5.0.677.0	2011.05.07	-
AVG	10.0.0.1190	2011.05.07	-
BitDefender	7.2	2011.05.08	Gen:Variant.Kazy.22259
CAT-QuickHeal	11.00	2011.05.08	-
ClamAV	0.97.0.0	2011.05.07	-
Commtouch	5.3.2.6	2011.05.07	-
Comodo	8623	2011.05.08	TrojWare.Win32.Trojan.Agent.Gen
DrWeb	5.0.2.03300	2011.05.08	-
eSafe	7.0.17.0	2011.05.05	-
eTrust-Vet	36.1.8312	2011.05.06	-
F-Prot	4.6.2.117	2011.05.08	-
F-Secure	9.0.16440.0	2011.05.08	Gen:Variant.Kazy.22259
Fortinet	4.2.257.0	2011.05.08	-
GData	22	2011.05.08	Gen:Variant.Kazy.22259
Ikarus	T3.1.1.103.0	2011.05.08	-
Jiangmin	13.0.900	2011.05.05	-
K7AntiVirus	9.102.4584	2011.05.06	-
Kaspersky	9.0.0.837	2011.05.08	-
McAfee	5.400.0.1158	2011.05.08	-
McAfee-GW-Edition	2010.1D	2011.05.07	-
Microsoft	1.6802	2011.05.08	-
NOD32	6103	2011.05.08	-
Norman	6.07.07	2011.05.07	-
Panda	10.0.3.5	2011.05.07	-
PCTools	7.0.3.5	2011.05.06	-
Prevx	3.0	2011.05.08	-
Rising	23.56.05.03	2011.05.07	-
Sophos	4.65.0	2011.05.08	-
SUPERAntiSpyware	4.40.0.1006	2011.05.08	-
Symantec	20101.3.2.89	2011.05.08	-
TheHacker	6.7.0.1.191	2011.05.08	-
TrendMicro	9.200.0.1012	2011.05.08	-
TrendMicro-HouseCall	9.200.0.1012	2011.05.08	-
VBA32	3.12.16.0	2011.05.08	-
VIPRE	9220	2011.05.08	-
ViRobot	2011.5.7.4450	2011.05.07	-
VirusBuster	13.6.342.0	2011.05.07	-
*Additional information*
MD5   : cf9d54b50fd05a33551229a6d8c60182
SHA1  : cd777dfc1b98fb3fb38896d7fdf5725dc75d2452
SHA256: 659d7a1ea3131339333493d2f6fe51374c49d9fbbbf28c3fb7  69855c4fd57934
ssdeep: 3072:bquGM723Pa6DKL1Wm5mFWp7GnCdEhB6uSDpKxfNyWbWK1  e8I01dMCMlz:bbl2/X2xWYmFW
Vh86uSDpgfNyWBtKCQ
File size : 196096 bytes
First seen: 2011-05-08 09:22:40
Last seen : 2011-05-08 09:22:40
TrID:
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
sigcheck:
publisher....: *Panda Security, S.L.*
copyright....: titmal
product......: Torpescence
description..: Norsk
original name: n/a
internal name: n/a
file version.: 5.1.7.2
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

http://www.virustotal.com/file-scan/...934-1304846560

----------


## Winsent

_Antivirus results_ 

AhnLab-V3 - 2011.05.23.00 - 2011.05.22 - Trojan/Win32.FakeAV  
AntiVir - 7.11.8.89 - 2011.05.21 - - 
Antiy-AVL - 2.0.3.7 - 2011.05.22 - - 
Avast - 4.8.1351.0 - 2011.05.22 - - 
Avast5 - 5.0.677.0 - 2011.05.22 - - 
AVG - 10.0.0.1190 - 2011.05.22 - - 
BitDefender - 7.2 - 2011.05.22 - - 
CAT-QuickHeal - 11.00 - 2011.05.22 - (Suspicious) - DNAScan  
ClamAV - 0.97.0.0 - 2011.05.22 - - 
Commtouch - 5.3.2.6 - 2011.05.22 - - 
Comodo - 8794 - 2011.05.22 - - 
DrWeb - 5.0.2.03300 - 2011.05.22 - - 
Emsisoft - 5.1.0.5 - 2011.05.22 - - 
eSafe - 7.0.17.0 - 2011.05.19 - - 
eTrust-Vet - 36.1.8339 - 2011.05.20 - - 
F-Prot - 4.6.2.117 - 2011.05.22 - - 
F-Secure - 9.0.16440.0 - 2011.05.22 - - 
Fortinet - 4.2.257.0 - 2011.05.22 - - 
GData - 22 - 2011.05.22 - - 
Ikarus - T3.1.1.104.0 - 2011.05.22 - - 
Jiangmin - 13.0.900 - 2011.05.22 - - 
K7AntiVirus - 9.103.4693 - 2011.05.20 - - 
Kaspersky - 9.0.0.837 - 2011.05.22 - - 
McAfee - 5.400.0.1158 - 2011.05.22 - - 
McAfee-GW-Edition - 2010.1D - 2011.05.21 - - 
Microsoft - 1.6903 - 2011.05.22 - - 
NOD32 - 6142 - 2011.05.22 - - 
Norman - 6.07.07 - 2011.05.22 - - 
nProtect - 2011-05-22.01 - 2011.05.22 - - 
Panda - 10.0.3.5 - 2011.05.22 - - 
PCTools - 7.0.3.5 - 2011.05.19 - - 
Prevx - 3.0 - 2011.05.22 - - 
Rising - 23.58.06.03 - 2011.05.22 - - 
Sophos - 4.65.0 - 2011.05.22 - - 
SUPERAntiSpyware - 4.40.0.1006 - 2011.05.22 - Trojan.Agent/Gen-FakeAV  
Symantec - 20111.1.0.186 - 2011.05.22 - - 
TheHacker - 6.7.0.1.202 - 2011.05.20 - - 
TrendMicro - 9.200.0.1012 - 2011.05.22 - - 
TrendMicro-HouseCall - 9.200.0.1012 - 2011.05.22 - - 
VBA32 - 3.12.16.0 - 2011.05.20 - - 
VIPRE - 9355 - 2011.05.22 - Trojan.Win32.Generic.pak!cobra  
ViRobot - 2011.5.21.4472 - 2011.05.22 - - 
VirusBuster - 13.6.367.0 - 2011.05.22 - - 

_File info:_ 
MD5: 0b316fb4ba1d367f629eacefc37a4fca 
SHA1: 1d7154e00ae0d1fb71147cbf428d6e43c73a1700 
SHA256: 88356f5066bc1e5a6d695de95e8aaee2bf35596bf85929abb5  c569e56ea340ce 
File size: 331776 bytes

----------


## Nexus

Очередной бесплатный подарок вконтакте...

File name: 
VkGift.exe
Submission date: 
2011-06-02 11:00:13 (UTC)
Current status: 
finished
Result: 
4 /42 (9.5%)




> _Antivirus results_
> AhnLab-V3 - 2011.06.02.01 - 2011.06.02 - -
> AntiVir - 7.11.8.245 - 2011.06.02 - -
> Antiy-AVL - 2.0.3.7 - 2011.06.02 - -
> Avast - 4.8.1351.0 - 2011.06.02 - -
> Avast5 - 5.0.677.0 - 2011.06.02 - -
> AVG - 10.0.0.1190 - 2011.06.02 - -
> BitDefender - 7.2 - 2011.06.02 - -
> CAT-QuickHeal - 11.00 - 2011.06.02 - -
> ...


_File info:_
MD5: 319e97f2b1a0286f4f0eef9324bf55a9
SHA1: 8254f2e248fb63a176734c0f9b898e557e94514a
SHA256: 6ecaa64e0190c509c92c98a99c11669d9c3f1a85e42efb03d9  7447cc3b96593a
File size: 388096 bytes
Scan date: 2011-06-02 11:00:13 (UTC)

----------


## Winsent

_Antivirus results_

AhnLab-V3 - 2011.06.11.00 - 2011.06.10 - -
AntiVir - 7.11.9.156 - 2011.06.10 - TR/Crypt.XPACK.Gen 
Antiy-AVL - 2.0.3.7 - 2011.06.10 - -
Avast - 4.8.1351.0 - 2011.06.10 - -
Avast5 - 5.0.677.0 - 2011.06.10 - -
AVG - 10.0.0.1190 - 2011.06.10 - -
BitDefender - 7.2 - 2011.06.10 - -
CAT-QuickHeal - 11.00 - 2011.06.10 - -
ClamAV - 0.97.0.0 - 2011.06.10 - -
Commtouch - 5.3.2.6 - 2011.06.10 - -
Comodo - 9016 - 2011.06.10 - -
DrWeb - 5.0.2.03300 - 2011.06.10 - -
eSafe - 7.0.17.0 - 2011.06.09 - -
eTrust-Vet - 36.1.8379 - 2011.06.10 - -
F-Prot - 4.6.2.117 - 2011.06.10 - -
F-Secure - 9.0.16440.0 - 2011.06.10 - -
Fortinet - 4.2.257.0 - 2011.06.10 - -
GData - 22 - 2011.06.10 - -
Ikarus - T3.1.1.104.0 - 2011.06.10 - -
Jiangmin - 13.0.900 - 2011.06.10 - -
K7AntiVirus - 9.106.4798 - 2011.06.10 - -
Kaspersky - 9.0.0.837 - 2011.06.10 - HEUR:Trojan.Win32.Generic 
McAfee - 5.400.0.1158 - 2011.06.10 - -
McAfee-GW-Edition - 2010.1D - 2011.06.10 - -
Microsoft - 1.6903 - 2011.06.10 - -
NOD32 - 6196 - 2011.06.10 - -
Norman - 6.07.10 - 2011.06.10 - -
nProtect - 2011-06-10.01 - 2011.06.10 - -
Panda - 10.0.3.5 - 2011.06.10 - Suspicious file 
PCTools - 7.0.3.5 - 2011.06.10 - -
Prevx - 3.0 - 2011.06.10 - -
Rising - 23.61.04.07 - 2011.06.10 - -
Sophos - 4.66.0 - 2011.06.10 - -
SUPERAntiSpyware - 4.40.0.1006 - 2011.06.10 - -
Symantec - 20111.1.0.186 - 2011.06.10 - -
TheHacker - 6.7.0.1.227 - 2011.06.10 - -
TrendMicro - 9.200.0.1012 - 2011.06.10 - -
TrendMicro-HouseCall - 9.200.0.1012 - 2011.06.10 - -
VBA32 - 3.12.16.1 - 2011.06.10 - -
VIPRE - 9542 - 2011.06.10 - -
ViRobot - 2011.6.10.4505 - 2011.06.10 - -
VirusBuster - 14.0.75.2 - 2011.06.10 - -



_File info:_

MD5: 80686a96fe1759ddaf1e7175dc08f642
SHA1: 0ea6ed4840940f84856aee2d1727edfc2c9aa40b
SHA256: 1371b9f3ac2e55a181cb2ab0c42ea2ad3c4280f0b686853079  3d6dd8e0dad8f1
File size: 88576 bytes
Scan date: 2011-06-10 17:29:03 (UTC)

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## 5ergi0

_Antivirus results_
AhnLab-V3 - 2011.06.20.00 - 2011.06.19 - -
AntiVir - 7.11.10.12 - 2011.06.17 - -
Antiy-AVL - 2.0.3.7 - 2011.06.19 - -
Avast - 4.8.1351.0 - 2011.06.19 - -
Avast5 - 5.0.677.0 - 2011.06.19 - -
AVG - 10.0.0.1190 - 2011.06.19 - -
BitDefender - 7.2 - 2011.06.19 - -
CAT-QuickHeal - 11.00 - 2011.06.19 - -
ClamAV - 0.97.0.0 - 2011.06.18 - -
Commtouch - 5.3.2.6 - 2011.06.19 - -
Comodo - 9119 - 2011.06.19 - -
DrWeb - 5.0.2.03300 - 2011.06.19 - -
eSafe - 7.0.17.0 - 2011.06.15 - -
eTrust-Vet - 36.1.8393 - 2011.06.17 - -
F-Prot - 4.6.2.117 - 2011.06.19 - -
F-Secure - 9.0.16440.0 - 2011.06.19 - -
Fortinet - 4.2.257.0 - 2011.06.19 - -
GData - 22 - 2011.06.19 - -
Ikarus - T3.1.1.104.0 - 2011.06.19 - -
Jiangmin - 13.0.900 - 2011.06.18 - -
K7AntiVirus - 9.106.4825 - 2011.06.18 - -
Kaspersky - 9.0.0.837 - 2011.06.19 - Trojan-Ransom.Win32.PornoAsset.acl 
McAfee - 5.400.0.1158 - 2011.06.19 - -
McAfee-GW-Edition - 2010.1D - 2011.06.19 - -
Microsoft - 1.6903 - 2011.06.13 - -
NOD32 - 6220 - 2011.06.19 - -
Norman - 6.07.10 - 2011.06.19 - -
nProtect - 2011-06-19.01 - 2011.06.19 - -
Panda - 10.0.3.5 - 2011.06.18 - -
PCTools - 7.0.3.5 - 2011.06.17 - -
Prevx - 3.0 - 2011.06.19 - -
Rising - 23.62.03.03 - 2011.06.17 - -
Sophos - 4.66.0 - 2011.06.19 - -
SUPERAntiSpyware - 4.40.0.1006 - 2011.06.19 - -
TheHacker - 6.7.0.1.233 - 2011.06.18 - -
TrendMicro - 9.200.0.1012 - 2011.06.19 - -
TrendMicro-HouseCall - 9.200.0.1012 - 2011.06.19 - -
VBA32 - 3.12.16.2 - 2011.06.17 - -
VIPRE - 9626 - 2011.06.19 - -
ViRobot - 2011.6.18.4521 - 2011.06.18 - -
VirusBuster - 14.0.85.1 - 2011.06.18 - -
_File info:_
MD5: b1213368877125ae61b0745302acd4b7
SHA1: 16a252f91813f909c31a562af54037846ddaec38
SHA256: 957192c694a5dd00cf04f2289b8d286952b25b1d668439a848  04a0ff1f552a9f
File size: 24576 bytes
Scan date: 2011-06-19 10:43:14 (UTC)

----------


## antanta

> File name: 
> sp.sys
> Submission date: 
> 2011-06-19 17:19:36 (UTC)
> Current status: 
> finished
> Result: 
> 6 /42 (14.3%)	VT Community
> 
> ...


"Информация к размышлению":
1) Файл был изготовлен осенью 2010 г.
2) Файл выкладывался только в закрытом разделе Symantecclub.ru для демонстрации убогости NIS (мог попасть также в закрытый раздел ВИ)
3) Весной сего года на него стал ругаться KIS
4) Сам NIS молчит до сих пор.
5) Файл, устанавливающий дров после простейшей модификации (добавления НОПов) перестает детектиться, что указывает на чисто сигнатурный детект.
6)  Это добро попало и к другим аверам или сработали их эвристики?

----------


## Nexus

Свежий сэмпл Cidox

File name: 
avz00002.dta
Submission date: 
2011-06-29 08:33:53 (UTC)
Current status: 
finished
Result: 
2/ 42 (4.8%)



> _Antivirus results_
> AhnLab-V3 - 2011.06.29.02 - 2011.06.29 - -
> AntiVir - 7.11.10.145 - 2011.06.29 - -
> Antiy-AVL - 2.0.3.7 - 2011.06.29 - -
> Avast - 4.8.1351.0 - 2011.06.28 - -
> Avast5 - 5.0.677.0 - 2011.06.28 - -
> AVG - 10.0.0.1190 - 2011.06.29 - -
> BitDefender - 7.2 - 2011.06.29 - -
> CAT-QuickHeal - 11.00 - 2011.06.29 - -
> ...


_File info:_
MD5: b4973b4048794ad6dc35b8d903747070
SHA1: dd57f26f4b10c33613fd7f4cbaa05ac92a856bd4
SHA256: 48f0a0ce88332e4da0fe03377b309872de4edf936ce2beeb62  8e083f1bebdc7e
File size: 53248 bytes

http://www.virustotal.com/file-scan/...7e-1309336433#

----------


## ZhIV

File name: 
новая папка.lnk
Submission date: 
2011-07-29 01:30:52 (UTC)
Current status: 
finished
Result: 
10/ 43 (23.3%)



> _Antivirus results_
> AhnLab-V3 - 2011.07.28.00 - 2011.07.27 - -
> AntiVir - 7.11.12.160 - 2011.07.28 - -
> Antiy-AVL - 2.0.3.7 - 2011.07.28 - -
> Avast - 4.8.1351.0 - 2011.07.28 - -
> Avast5 - 5.0.677.0 - 2011.07.28 - -
> AVG - 10.0.0.1190 - 2011.07.29 - -
> BitDefender - 7.2 - 2011.07.29 - -
> CAT-QuickHeal - 11.00 - 2011.07.28 - LNK.Exploit.Gen 
> ...


_File info:_
MD5: 9867f6f87f102f41beccbaafce2fefca
SHA1: 653c66d6880781c2a5e0ce80d9972b532933f087
SHA256: 56f7ddafa56e5e5a26b194b04166902b0ab6d08e17cbe009b6  87d23c90c9dde5
File size: 1471 bytes
Scan date: 2011-07-29 01:30:52 (UTC)

*Добавлено через 19 минут*

Вот еще нашел
File name: eBayShortcuts.exe
Submission date: 2011-07-29 01:55:37 (UTC)
Current status: finished
Result: 22/ 43 (51.2%)



> _Antivirus results_
> AhnLab-V3 - 2011.07.28.00 - 2011.07.27 - Win-Trojan/Yabector.89088.B 
> AntiVir - 7.11.12.160 - 2011.07.28 - -
> Antiy-AVL - 2.0.3.7 - 2011.07.28 - -
> Avast - 4.8.1351.0 - 2011.07.28 - Win32:Yabector-B [Adw] 
> Avast5 - 5.0.677.0 - 2011.07.28 - Win32:Yabector-B [Adw] 
> AVG - 10.0.0.1190 - 2011.07.29 - -
> BitDefender - 7.2 - 2011.07.29 - Adware.Yabector.B 
> CAT-QuickHeal - 11.00 - 2011.07.28 - TrojanClicker.Yabector.a 
> ...


_File info:_
MD5: 6b8ff268e9b1080f56af15db1403d6b2
SHA1: 8857bc6673aef22685a3cd98a089df242a2449b5
SHA256: b0a3337793cac2502732c547372e509305c56b60896c2bb6a2  1adf495bfaa097
File size: 89088 bytes
Scan date: 2011-07-29 01:55:37 (UTC)

----------


## ragalt

Новый, популярный нынче MBRLock, помнится раньше WinLockи выходили с такими именами)
*File name:*
video.avi.exe
*Submission date:*
2011-08-07 07:04:17 (UTC)
*Current status:*
finished
*Result:*
6/ 43 (14.0%)
Safety score: - 
Antivirus 	Version 	Last Update 	ResultAhnLab-V3	2011.08.06.00	2011.08.06	-
AntiVir	7.11.12.233	2011.08.05	DR/Delphi.Gen
Antiy-AVL	2.0.3.7	2011.08.06	-
Avast	4.8.1351.0	2011.08.06	-
Avast5	5.0.677.0	2011.08.06	-
AVG	10.0.0.1190	2011.08.07	-
BitDefender	7.2	2011.08.07	-
CAT-QuickHeal	11.00	2011.08.06	-
ClamAV	0.97.0.0	2011.08.06	-
Commtouch	5.3.2.6	2011.08.06	-
Comodo	9654	2011.08.06	-
DrWeb	5.0.2.03300	2011.08.06	-
Emsisoft	5.1.0.8	2011.08.07	-
eSafe	7.0.17.0	2011.08.04	-
eTrust-Vet	36.1.8486	2011.08.05	Win32/Swisyn.D!generic
F-Prot	4.6.2.117	2011.08.06	-
F-Secure	9.0.16440.0	2011.08.07	-
Fortinet	4.2.257.0	2011.08.07	W32/Injector.fam!tr
GData	22	2011.08.07	-
Ikarus	T3.1.1.104.0	2011.08.07	-
Jiangmin	13.0.900	2011.08.06	-
K7AntiVirus	9.109.4973	2011.08.02	-
Kaspersky	9.0.0.837	2011.08.07	UDS :Cheesy: angerousObject.Multi.Generic
McAfee	5.400.0.1158	2011.08.07	-
McAfee-GW-Edition	2010.1D	2011.08.07	-
Microsoft	1.7104	2011.08.07	VirTool:Win32/DelfInject.gen!BI
NOD32	6356	2011.08.07	-
Norman	6.07.10	2011.08.06	-
nProtect	2011-08-06.01	2011.08.06	-
Panda	10.0.3.5	2011.08.06	Suspicious file
PCTools	8.0.0.5	2011.08.07	-
Prevx	3.0	2011.08.07	-
Rising	23.69.03.03	2011.08.04	-
Sophos	4.67.0	2011.08.07	-
SUPERAntiSpyware	4.40.0.1006	2011.08.06	-
Symantec	20111.2.0.82	2011.08.07	-
TheHacker	6.7.0.1.272	2011.08.06	-
TrendMicro	9.200.0.1012	2011.08.07	-
TrendMicro-HouseCall	9.200.0.1012	2011.08.07	-
VBA32	3.12.16.4	2011.08.06	-
VIPRE	10092	2011.08.07	-
ViRobot	2011.8.6.4609	2011.08.06	-
VirusBuster	14.0.155.0	2011.08.06	-

*Additional information*

*MD5*   : 89767cf0dabe03853d39365ba56fab62
*SHA1*  : 59d32ba05db73c43943b93643d3428dbd4e95918
*SHA256*: bb67beda924e84eb44793d89ee4ace00badbb4147ac3471636  f6f97edc503ed8

VirusTotal

----------


## ZhIV

*File name:* flaapy_.exe
*Submission date:* 2011-10-06 02:06:49 (UTC)
*Current status:* finished
*Result:* 16 /43 (37.2%)




> *Antivirus    Version    Last Update    Result*
> AhnLab-V3    2011.10.05.00    2011.10.05    -
> *AntiVir    7.11.15.135    2011.10.05    TR/Pakes.qev
> Antiy-AVL    2.0.3.7    2011.10.06    Trojan/Win32.Pakes.gen*
> Avast    6.0.1289.0    2011.10.05    -
> *AVG    10.0.0.1190    2011.10.05    Generic24.CLFQ
> BitDefender    7.2    2011.10.06    Gen:Variant.Kazy.38253
> *ByteHero    1.0.0.1    2011.09.23    -
> CAT-QuickHeal    11.00    2011.10.05    -
> ...


*Additional information*
MD5   : b6a852b8b63c894087e569479b8f69cb
SHA1  : 1fcc0a700c8f5f89edb5b21e3c649be095f93313
SHA256: d513cae3f217d9f84561590851beffeb473962e1ed50af34df  b66c9275e76075
MD5   : b6a852b8b63c894087e569479b8f69cb
SHA1  : 1fcc0a700c8f5f89edb5b21e3c649be095f93313
SHA256: d513cae3f217d9f84561590851beffeb473962e1ed50af34df  b66c9275e76075

----------


## ragalt

Пришло на почту 


```
Return-path: <[email protected]>
Received: from [91.207.66.6] (port=49528 helo=host.inyur.net)
        by mx38.mail.ru with esmtp 
        id 1RDyvI-0001H2-00
        for [email protected]; Wed, 12 Oct 2011 17:32:40 +0400
Received-SPF: softfail (mx38.mail.ru: transitioning domain of mail.ru does not designate 91.207.66.6 as permitted sender) client-ip=91.207.66.6; [email protected]; helo=host.inyur.net;
X-Mru-BL: 0:0:1090
X-Mru-PTR: host.inyur.net
X-Mru-NR: 1
X-Mru-OF: FreeBSD (ethernet/modem)
X-Mru-RC: UA
Received: from [80.12.82.91] (helo=LPuteaux-156-15-100-91.w80-12.abo.wanadoo.fr)
        by host.inyur.net with esmtpa (Exim 4.74 (FreeBSD))
        (envelope-from <[email protected]>)
        id 1RDyvB-000BC4-Vt
        for [email protected]; Wed, 12 Oct 2011 16:32:39 +0300
Message-ID: <[email protected]>
From: =?koi8-r?B?9MHJzMHOxA==?= <[email protected]>
To: [email protected]
Subject: =?koi8-r?B?8M/Uz9Ag1yD0wcnMwc7ExQ==?=
Date: Wed, 12 Oct 2011 15:27:26 +0200
MIME-Version: 1.0
```




> В Таиланде уже второй месяц непрерывно идут дожди
> Синоптики прогнозируют их продолжение еще на длительный период.
> В приложении видео происходящего


*File name:*
Thailand.exe
Submission date:
2011-10-12 15:25:16 (UTC)
*Current status:*
finished
*Result:*
1/ 43 (2.3%)
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2011.10.12.00	2011.10.12	-
AntiVir	7.11.15.238	2011.10.12	-
Antiy-AVL	2.0.3.7	2011.10.12	-
Avast	6.0.1289.0	2011.10.12	-
AVG	10.0.0.1190	2011.10.07	-
BitDefender	7.2	2011.10.12	-
ByteHero	1.0.0.1	2011.09.23	-
CAT-QuickHeal	11.00	2011.10.12	-
ClamAV	0.97.0.0	2011.10.12	-
Commtouch	5.3.2.6	2011.10.12	-
Comodo	10431	2011.10.12	-
DrWeb	5.0.2.03300	2011.10.12	-
Emsisoft	5.1.0.11	2011.10.12	-
eSafe	7.0.17.0	2011.10.11	-
eTrust-Vet	36.1.8615	2011.10.12	-
F-Prot	4.6.5.141	2011.10.12	-
F-Secure	9.0.16440.0	2011.10.12	-
Fortinet	4.3.370.0	2011.10.12	-
GData	22	2011.10.12	-
Ikarus	T3.1.1.107.0	2011.10.12	-
Jiangmin	13.0.900	2011.10.12	-
K7AntiVirus	9.115.5267	2011.10.10	-
Kaspersky	9.0.0.837	2011.10.12	-
McAfee	5.400.0.1158	2011.10.12	-
McAfee-GW-Edition	2010.1D	2011.10.12	-
Microsoft	1.7702	2011.10.12	-
NOD32	6537	2011.10.12	-
Norman	6.07.11	2011.10.12	-
nProtect	2011-10-12.01	2011.10.12	-
Panda	10.0.3.5	2011.10.12	-
PCTools	8.0.0.5	2011.10.12	-
Prevx	3.0	2011.10.12	-
Rising	23.79.02.02	2011.10.12	-
Sophos	4.70.0	2011.10.12	-
SUPERAntiSpyware	4.40.0.1006	2011.10.12	Trojan.Agent/Gen-Zbot
Symantec	20111.2.0.82	2011.10.12	-
TheHacker	6.7.0.1.320	2011.10.11	-
TrendMicro	9.500.0.1008	2011.10.12	-
TrendMicro-HouseCall	9.500.0.1008	2011.10.12	-
VBA32	3.12.16.4	2011.10.12	-
VIPRE	10740	2011.10.12	-
ViRobot	2011.10.12.4715	2011.10.12	-
VirusBuster	14.1.7.0	2011.10.11	-

*Additional information*
MD5   : 71d6c8f58318b95277992dc54cceb0f4
SHA1  : c00e53921552ef24524a07a0f5822f030f057d5a
SHA256: 47f9ce63f4f0e266a4f999c08e3dde9be05116e86409b20b56  b8980dbcf0372e

*UPD:* Спустя ~12 часов после обнаружения и рассылки вендорам:
*Result:*
7 /43 (16.3%)
AhnLab-V3 	2011.10.12.02 	2011.10.12 	Trojan/Win32.Zbot
Comodo 	10437 	2011.10.13 	Heur.Suspicious
Emsisoft 	5.1.0.11 	2011.10.13 	Win32.Outbreak!IK
Ikarus 	T3.1.1.107.0 	2011.10.13 	Win32.Outbreak
Kaspersky 	9.0.0.837 	2011.10.13 	UDS :Cheesy: angerousObject.Multi.Generic
Microsoft 	1.7702 	2011.10.13 	PWS:Win32/Zbot.ADB
SUPERAntiSpyware 	4.40.0.1006 	2011.10.13 	Trojan.Agent/Gen-Zbot


*UPD 2:* И ещё спустя ~12 часов:
*Result:*
10/ 43 (23.3%)
Добавили:
BitDefender	7.2	2011.10.13	Trojan.Generic.KDV.377785
NOD32	6540	2011.10.13	Win32/PSW.Delf.OAL
TrendMicro-HouseCall	9.500.0.1008	2011.10.13	TROJ_UGMEME.H

----------


## ZhIV

File name: 
ndnbvdw.exe
Submission date: 
2011-11-10 04:11:52 (UTC)
Current status: 
finished
Result: 
4/ 43 (9.3%)
_Antivirus results_
AhnLab-V3 - 2011.11.09.00 - 2011.11.09 - -
AntiVir - 7.11.17.111 - 2011.11.09 - -
Antiy-AVL - 2.0.3.7 - 2011.11.09 - -
Avast - 6.0.1289.0 - 2011.11.09 - -
AVG - 10.0.0.1190 - 2011.11.09 - -
BitDefender - 7.2 - 2011.11.10 - -
ByteHero - 1.0.0.1 - 2011.11.04 - -
CAT-QuickHeal - 11.00 - 2011.11.10 - -
ClamAV - 0.97.3.0 - 2011.11.10 - -
Commtouch - 5.3.2.6 - 2011.11.10 - -
Comodo - 10728 - 2011.11.10 - -
DrWeb - 5.0.2.03300 - 2011.11.10 - -
Emsisoft - 5.1.0.11 - 2011.11.10 - -
eSafe - 7.0.17.0 - 2011.11.09 - -
eTrust-Vet - 36.1.8666 - 2011.11.09 - -
F-Prot - 4.6.5.141 - 2011.11.09 - -
F-Secure - 9.0.16440.0 - 2011.11.10 - -
Fortinet - 4.3.370.0 - 2011.11.10 - W32/Yakes.D!tr 
GData - 22 - 2011.11.10 - -
Ikarus - T3.1.1.109.0 - 2011.11.10 - -
Jiangmin - 13.0.900 - 2011.11.09 - -
K7AntiVirus - 9.119.5423 - 2011.11.09 - Trojan 
Kaspersky - 9.0.0.837 - 2011.11.10 - Trojan-Dropper.Win32.Injector.vbu 
McAfee - 5.400.0.1158 - 2011.11.10 - -
McAfee-GW-Edition - 2010.1D - 2011.11.09 - -
Microsoft - 1.7801 - 2011.11.09 - -
NOD32 - 6616 - 2011.11.10 - -
Norman - 6.07.13 - 2011.11.08 - -
nProtect - 2011-11-09.01 - 2011.11.09 - -
Panda - 10.0.3.5 - 2011.11.09 - -
PCTools - 8.0.0.5 - 2011.11.10 - -
Prevx - 3.0 - 2011.11.10 - -
Rising - 23.83.01.01 - 2011.11.08 - -
Sophos - 4.71.0 - 2011.11.09 - -
SUPERAntiSpyware - 4.40.0.1006 - 2011.11.10 - Trojan.Agent/Gen-MalPack 
Symantec - 20111.2.0.82 - 2011.11.10 - -
TheHacker - 6.7.0.1.341 - 2011.11.09 - -
TrendMicro - 9.500.0.1008 - 2011.11.10 - -
TrendMicro-HouseCall - 9.500.0.1008 - 2011.11.10 - -
VBA32 - 3.12.16.4 - 2011.11.09 - -
VIPRE - 11009 - 2011.11.10 - -
ViRobot - 2011.11.10.4765 - 2011.11.10 - -
VirusBuster - 14.1.55.1 - 2011.11.09 - -
_File info:_
MD5: e9ead48f014daade25744e6069e9ca6c
SHA1: 4df8a0ef977d077c0f9dc55417517da826d4482f
SHA256: 025ee553a25b98a1811838ebfb093d5f5c2e4025fcb02ba1d7  44b4fab838e1c1
File size: 207872 bytes
Scan date: 2011-11-10 04:11:52 (UTC)

----------


## Vadim_SVN

Предложили груз получить по почте  :Smiley: 



> Здравствуйте!
> транспортная компания: Автологистика
> номер накладной: 77468257
> дата: 2011.11.28
> Номер вашего заказ: 77468257
> Ваш заказ отгружен. Прикрепляю транспортную накладную к письму, она необходима для получения груза.
> После получения заказа, просим Вас подписать документы и отправить на наш почтовый адрес.
> Спасибо
> Вложения:
> Накладная.zip	50.5 КБ


Свежий, но чья-то проверка на ВТ уже была (под другим именем)  :Smiley: 

File name:
Накладная.exe.org
Submission date:
2011-12-04 04:42:45 (UTC)
*Result:
8/ 43 (18.6%)*

AhnLab-V3 	2011.12.03.00 	2011.12.03 	-
AntiVir 	7.11.18.204 	2011.12.02 	TR/Crypt.ULPM.Gen
Antiy-AVL 	2.0.3.7 	2011.12.04 	-
Avast 	6.0.1289.0 	2011.12.03 	-
AVG 	10.0.0.1190 	2011.12.03 	-
BitDefender 	7.2 	2011.12.04 	-
ByteHero 	1.0.0.1 	2011.11.29 	Trojan.Heur.Malware.Gen
CAT-QuickHeal 	12.00 	2011.12.03 	-
ClamAV 	0.97.3.0 	2011.12.04 	-
Commtouch 	5.3.2.6 	2011.12.03 	W32/Yakes.G4.gen!Eldorado
Comodo 	10831 	2011.12.04 	-
DrWeb 	5.0.2.03300 	2011.12.04 	-
Emsisoft 	5.1.0.11 	2011.12.04 	-
eSafe 	7.0.17.0 	2011.12.01 	-
eTrust-Vet 	37.0.9600 	2011.12.02 	-
F-Prot 	4.6.5.141 	2011.11.29 	W32/Yakes.G4.gen!Eldorado
F-Secure 	9.0.16440.0 	2011.12.04 	-
Fortinet 	4.3.388.0 	2011.12.04 	W32/Yakes.B!tr
GData 	22 	2011.12.04 	-
Ikarus 	T3.1.1.109.0 	2011.12.03 	-
Jiangmin 	13.0.900 	2011.12.03 	-
K7AntiVirus 	9.119.5589 	2011.12.03 	Riskware
Kaspersky 	9.0.0.837 	2011.12.04 	-
McAfee 	5.400.0.1158 	2011.12.04 	-
McAfee-GW-Edition 	2010.1D 	2011.12.03 	-
Microsoft 	1.7903 	2011.12.03 	-
NOD32 	6681 	2011.12.04 	-
Norman 	6.07.13 	2011.12.03 	W32/Kryptik.ATI
nProtect 	2011-12-03.01 	2011.12.03 	-
Panda 	10.0.3.5 	2011.12.03 	Suspicious file
PCTools 	8.0.0.5 	2011.12.04 	-
Prevx 	3.0 	2011.12.04 	-
Rising 	23.86.04.02 	2011.12.02 	-
Sophos 	4.71.0 	2011.12.04 	-
SUPERAntiSpyware 	4.40.0.1006 	2011.12.03 	-
Symantec 	20111.2.0.82 	2011.12.04 	-
TheHacker 	6.7.0.1.352 	2011.12.01 	-
TrendMicro 	9.500.0.1008 	2011.12.04 	-
TrendMicro-HouseCall 	9.500.0.1008 	2011.12.04 	-
VBA32 	3.12.16.4 	2011.12.03 	-
VIPRE 	11198 	2011.12.03 	-
ViRobot 	2011.12.3.4807 	2011.12.03 	-
VirusBuster 	14.1.98.0 	2011.12.03 	-

Additional information
MD5   : c607a4e05bd4509f7d16bc257bf93f58
SHA1  : a7022e33db19f6599132e9c1758bc178eff1c529
SHA256: 594edaabd23c8e8b22c10fe607472b9ab40153b9ffee0b0502  293b8ca2f93a81

nakl.jpg

Сэмпл разослан вендорам

----------


## Korvelle

Судя по новым зловредам, медиагет набрал популярность. Удивился детекту Вирусблокады.




> File name: 
> acdsee_23zip.exe
>     Submission date: 
> 2012-01-11 20:09:51 (UTC)
>     Current status: 
>                                                                                                                                                                                                                                        finished
>                   Result: 
> 10/                                  43 (23.3%)
> AhnLab-V3
> ...



Спустя 12 часов детект появился у Emisisoft и McAfee.



> Emsisoft	5.1.0.11	2012.01.12	Riskware.Downloader.Win32.MediaGet.AMN!A2
> McAfee	5.400.0.1158	2012.01.12	Artemis!A9BFA093E77F
> McAfee-GW-Edition	2010.1E	2012.01.12	Artemis!A9BFA093E77F

----------


## ICar

Господа специалисты!
Прошу Вас, просто напишите, какой из бесплатных антивирусов наилучший!
Заранее БЛАГОДАРЮ!

----------


## ZhIV

SHA256:	0ee188c0a1cb24e8b05ba5f6be29c68f5ce83d2acc0e85d9b8  936c5a809102b3
File name:	24kkk729347.exe
Detection ratio:	4 / 43
Analysis date:	 2012-03-11 03:12:35 UTC 




> Antivirus	Result	Update
> AhnLab-V3	-	20120310
> AntiVir	-	20120309
> Antiy-AVL	-	20120310
> Avast	-	20120310
> AVG	-	20120310
> BitDefender	-	20120311
> ByteHero	-	20120309
> CAT-QuickHeal	-	20120310
> ...

----------


## ZhIV

SHA256:    c5c0f4518d1ec5e857ca7258c3272015b07557643fd777f317  ab8b9b2b1f2e64
File name:    tes[1].ex
Detection ratio:    34 / 42
Analysis date:     2012-04-19 02:18:42 UTC



> *Antivirus    Result    Update
> *AhnLab-V3    Trojan/Win32.Jorik    20120418
> AntiVir    TR/Dropper.Gen    20120419
> Antiy-AVL    Trojan/Win32.Pincav.gen    20120418
> Avast    Win32ropper-KPG [Drp]    20120419
> AVG    Suspicion: unknown virus    20120418
> BitDefender    Gen:Variant.Zusy.1197    20120419
> ByteHero    Virus.Win32.Heur.p    20120417
> CAT-QuickHeal    Trojan.Pincav.cgw    20120418
> ...

----------


## zhenek_vilkov

> Господа специалисты!
> Прошу Вас, просто напишите, какой из бесплатных антивирусов наилучший!
> Заранее БЛАГОДАРЮ!


самый лучший из бесплатных - это comodo !!!
мои слова уже проверенны временем и тестами.

P.S. извините, что не в тему ! просто человек просил ответить  :Smiley:

----------


## ZhIV

SHA256:	c94710b9705a029535813128f0aef99f86df86a3d610bdea29  64ba47e6988b02
File name:	wpbt0.dll
Detection ratio:	11 / 42
Analysis date:	 2012-06-06 03:04:18 UTC ( 1 минута ago ) 




> More detailsAntivirus	Result	Update
> AhnLab-V3	-	20120605
> AntiVir	DR/Delphi.Gen	20120606
> Antiy-AVL	-	20120606
> Avast	-	20120605
> AVG	BackDoor.Generic15.BDRQ	20120606
> BitDefender	-	20120606
> ByteHero	-	20120531
> CAT-QuickHeal	-	20120605
> ...

----------


## Юльча

Сегодня попался зверек, прописавшись в AppInit_DLLs 

SHA256:    a14f3fa7031f992f2cc0ca52b4c20c28d7a697fc46c805497e  548bfa9a974b70
File name:    sajnbxj.dll
Detection ratio:    *10 / 41*
Analysis date:     2012-07-25 10:01:42 UTC ( 14 минут ago ) 


More details
Antivirus    Result    Update
AhnLab-V3    -    20120725
AntiVir    -    20120725
Antiy-AVL    -    20120725
Avast    -    20120725
AVG    -    20120725
BitDefender    -    20120725
ByteHero    -    20120723
CAT-QuickHeal    -    20120724
ClamAV    -    20120725
Commtouch    -    20120725
*Comodo    TrojWare.Win32.Kryptik.AGZD    20120725*
DrWeb    -    20120725
*Emsisoft    Trojan-Ransom.Win32.Cidox!IK    20120725*
eSafe    -    20120724
*ESET-NOD32    a variant of Win32/Kryptik.AIWZ    20120725*
F-Prot    -    20120724
F-Secure    -    20120725
*Fortinet    W32/Cidox.KIV!tr    20120725*
GData    -    20120725
*Ikarus    Trojan-Ransom.Win32.Cidox    20120725*
Jiangmin    -    20120725
K7AntiVirus    -    20120724
*Kaspersky    HEUR:Trojan.Win32.Generic    20120725*
McAfee    -    20120725
McAfee-GW-Edition    -    20120725
Microsoft    -    20120725
*Norman    W32/Vundo.BPUD    20120725*
nProtect    -    20120725
Panda    -    20120725
Rising    -    20120725
*Sophos    Troj/Virtum-Gen    20120725*
SUPERAntiSpyware    -    20120725
Symantec    -    20120725
TheHacker    -    20120724
TotalDefense    -    20120724
TrendMicro    -    20120725
TrendMicro-HouseCall    -    20120725
*VBA32    OScope.Trojan.Cidox.07    20120725
VIPRE    Trojan.Win32.Vundo.pb (v)    20120725*
ViRobot    -    20120725
VirusBuster    -    20120724


ссылка на вирустотал

----------


## Станислав Ивахненко

Я тоже извиняюсь, что не в тему. А теперь диаграмм с детектом не делают? Помнится как то были, любопытно было посмотреть

----------


## olejah

*Станислав Ивахненко*, пока нет, но планируем возобновить эту практику.

----------


## ZhIV

SHA256:	e388355f35cc87011996e9577427e9d94ef654a8f3b1f59e17  1cfbc99aded31f
File name:	ms.ex#
Detection ratio:	3 / 42
Analysis date:	 2012-08-15 05:35:27 UTC ( 32 минут ago )

More details
 Antivirus Result Update
AhnLab-V3	-	20120814
AntiVir	-	20120815
Antiy-AVL	-	20120815
Avast	-	20120814
AVG	-	20120814
BitDefender	-	20120815
ByteHero	-	20120814
*CAT-QuickHeal	(Suspicious) - DNAScan	20120814*
ClamAV	-	20120815
Commtouch	-	20120815
Comodo	-	20120814
DrWeb	-	20120815
Emsisoft	-	20120815
eSafe	-	20120814
ESET-NOD32	-	20120814
F-Prot	-	20120814
F-Secure	-	20120814
Fortinet	-	20120814
GData	-	20120815
Ikarus	-	20120815
Jiangmin	-	20120815
*K7AntiVirus	Spyware	20120814*
Kaspersky	-	20120815
McAfee	-	20120815
McAfee-GW-Edition	-	20120814
Microsoft	-	20120815
Norman	-	20120814
nProtect	-	20120814
Panda	-	20120814
PCTools	-	20120813
*Rising	Win32.Asim.a	20120815*
Sophos	-	20120815
SUPERAntiSpyware	-	20120815
Symantec	-	20120815
TheHacker	-	20120814
TotalDefense	-	20120814
TrendMicro	-	20120815
TrendMicro-HouseCall	-	20120815
VBA32	-	20120814
VIPRE	-	20120815
ViRobot	-	20120814
VirusBuster	-	20120814

Поймал через Opera
На вирустотал

Спустя ~24 часа
BitDefender	Trojan.Generic.KDV.697444	20120816
CAT-QuickHeal	(Suspicious) - DNAScan	20120814
Comodo	Heur.Suspicious	20120816
DrWeb	Trojan.Winlock.6234	20120816
Emsisoft	Trojan-Ransom.Win32.Gimemo!IK	20120816
ESET-NOD32	a variant of Win32/Injector.VEP	20120815
F-Secure	Trojan.Generic.KDV.697444	20120816
Fortinet	W32/Gimemo.AMOZ!tr	20120816
GData	Trojan.Generic.KDV.697444	20120816
Ikarus	Trojan-Ransom.Win32.Gimemo	20120816
K7AntiVirus	Spyware	20120815
Kaspersky	Trojan-Ransom.Win32.Gimemo.amoz	20120816
Rising	Win32.Asim.a	20120815
Sophos	Mal/EncPk-AFN	20120816
Symantec	Trojan.Gen	20120816
TrendMicro-HouseCall	TROJ_GEN.F47V0815

----------


## ZhIV

SHA256:	3489c02e5c12aa61b0097db0b2df37813dfe5c980839e1b284  7733fa0dbd07fb
File name:	0.08234835355581627.exe
Detection ratio:	5 / 43
Analysis date:	 2012-10-18 03:56:42 UTC ( 0 минут ago )



> Agnitum	-	20121017
> AhnLab-V3	-	20121017
> *AntiVir	TR/Dropper.Gen	20121017*
> Antiy-AVL	-	20121018
> Avast	-	20121017
> AVG	-	20121018
> BitDefender	-	20121017
> *ByteHero	Virus.Win32.Heur.p	20121016*
> CAT-QuickHeal	-	20121017
> ...

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## ASte

Мне тоже нравились эти диаграммы.. ИМХО это был один из немногих более-менее объективный метод оценки детекта "в условиях приближенных к реальным"..

----------


## Groft

> Мне тоже нравились эти диаграммы.. ИМХО это был один из немногих более-менее объективный метод оценки детекта "в условиях приближенных к реальным"..


Вы заблуждаетесь  :Smiley:

----------


## ZhIV

SHA256:	cb796a11b892af8459f4a4d8b61ce93553711b58748b22d580  edc44244aabaab
File name:	24FC2AE39CC.exe
Detection ratio:	2 / 46
Analysis date:	 2012-12-21 04:21:55 UTC




> Antivirus	Result	Update
> Agnitum	-	20121220
> AhnLab-V3	-	20121220
> AntiVir	-	20121221
> Antiy-AVL	-	20121220
> Avast	-	20121221
> AVG	-	20121221
> BitDefender	-	20121221
> ByteHero	-	20121212
> ...

----------


## Varrkan

> *Станислав Ивахненко*, пока нет, но планируем возобновить эту практику.


Всех с наступающим Новым Годом! Ждём новых тестов в новом году с диаграммами!!

----------


## Юльча

винлокер




> SHA256: 	561bdf15395e85e314845b6767e87fd81ca8c8cd848cd49b9f  ab5ebe1958b86b
> File name: 	svchosts.exe
> Detection ratio: 	*18 / 46*
> Analysis date: 	2013-01-02 07:29:06 UTC ( 0 минут ago )
> 
> Antivirus 	Result 	Update
> *Agnitum 	Trojan.Agent!zSTWslqgiSY 	20130101*
> AhnLab-V3 	- 	20130101
> *AntiVir 	TR/LockScreen.AO.165 	20130102*
> ...


в пятницу (до отсылки файла касперу) ситуация с этим же вирем была такая:




> SHA256: 	561bdf15395e85e314845b6767e87fd81ca8c8cd848cd49b9f  ab5ebe1958b86b
> File name: 	svchosts.exe
> Detection ratio: 	*1 / 46*
> Analysis date: 	2012-12-28 12:16:07 UTC ( 4 дней, 19 часов ago )
> 
> Antivirus 	Result 	Update
> Agnitum 	- 	20121227
> AhnLab-V3 	- 	20121228
> AntiVir 	- 	20121228
> ...


virustotal

----------


## ZhIV

> SHA256:	3ceeca4e88f4098021377ae870c24b36b96d7d2d8d8b8120a3  2bcdbada07ea95
> File name:	21173453.ex#
> Detection ratio:	 *8 / 46* 
> Analysis date:	 2013-04-08 05:41:29 UTC ( 1 day, 18 hours ago )
> 
> Agnitum 	 - 	 20130407 
>  AhnLab-V3 	 - 	 20130407 
>  AntiVir 	 - 	 20130408 
>  Antiy-AVL 	 - 	 20130408 
> ...


virustotal

----------


## ZhIV

SHA256:	1ce72ca52fb707ed15bbbfa1abc4d1174ed4d8b40a278513df  ca7ddd9fa36987
Имя файла:	1699852_.exe
Показатель выявления:	 13 / 44 
Дата анализа:	 2013-04-23 05:08:49 UTC (12 минут назад)




> * MicroWorld-eScan 	 Gen:Variant.Kazy.165667 	 20130423* 
>  nProtect 	 	 20130423 
> * CAT-QuickHeal 	 Trojan.Vundo.Gen 	 20130423* 
>  McAfee 	 	 20130423 
>  Malwarebytes 	 	 20130423 
>  K7AntiVirus 	 	 20130422 
>  K7GW 	 	 20130422 
>  TheHacker 	 	 20130422 
>  F-Prot 	 	 20130423 
> ...


virustotal

----------


## ZhIV

SHA256:	67dac7b33c120c24b79336f8ebddfbd0b4f86480dc2ad0b25b  63046af8d46efc
Имя файла:	dfcceaffdddad.ex#
Показатель выявления:	 10 / 46 
Дата анализа:	 2013-08-15 00:58:56 UTC (4 минут назад)



> Agnitum 	 	 20130814 
>  AhnLab-V3 	 	 20130814 
>  AntiVir 	 	 20130815 
>  Antiy-AVL 	 	 20130814 
>  Avast 	 	 20130815 
>  AVG 	 	 20130815 
> * BitDefender 	 Gen:Variant.Kazy.224444 	 20130815* 
>  ByteHero 	 	 20130814 
>  CAT-QuickHeal 	 	 20130814 
> ...

----------

