# Форум на русском языке  > Аналитика  > Тестирование  >  Исследование антивирусов 6

## ALEX(XX)

> Сообщение от *Geser*  
> *В общем думал я думал как сделать более-менее объективную оценку антивирусов, и кое что придумал. Вот в эту тему прошу всех постить результаты проверки зверей которые были пойманы исключительно ручками. Т.е. которых не видел установленный на компютере антивирус. Так выборка будет по настоящему случайной.
> 
> Постить в эту тему результаты проверки файлов исключительно пойманных руками на компьютерах.
> 
> Не постить результаты проверки файлов найденных на других сайтах или в коллекциях. 
> Не постить результаты проверки файлов изначально найденных антивирусом.*


Продолжим в новой теме.
Предыдущий топик здесь. Результаты его в прикрепленном файле. Спасибо *Shu_b* за проделанную работу!

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Shu_b

t 12945


```
Файл C:\WINDOWS\system32\svchost.exe:exe.exe
 получен 2007.10.05 11:51:37 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.10.5.2	2007.10.05	-
AntiVir	7.6.0.20	2007.10.05	BDS/Hacdef.DM.29.B
Authentium	4.93.8	2007.10.04	-
Avast	4.7.1051.0	2007.10.04	-
AVG	7.5.0.488	2007.10.04	SHeur.RDQ
BitDefender	7.2	2007.10.05	BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal	9.00	2007.10.05	-
ClamAV	0.91.2	2007.10.05	-
DrWeb	4.44.0.09170	2007.10.05	BackDoor.Bolg.origin
eSafe	7.0.15.0	2007.10.04	suspicious Trojan/Worm
eTrust-Vet	31.2.5188	2007.10.05	-
Ewido	4.0	2007.10.04	-
FileAdvisor	1	2007.10.05	-
Fortinet	3.11.0.0	2007.10.05	-
F-Prot	4.3.2.48	2007.10.04	-
F-Secure	6.70.13030.0	2007.10.05	-
Ikarus	T3.1.1.12	2007.10.05	Trojan.Win32.Agent.alt
Kaspersky	7.0.0.125	2007.10.05	Heur.Trojan.Generic
McAfee	5134	2007.10.04	-
Microsoft	1.2803	2007.10.04	-
NOD32v2	2573	2007.10.05	-
Norman	5.80.02	2007.10.04	-
Panda	9.0.0.4	2007.10.05	-
Prevx1	V2	2007.10.05	Malware.Gen
Rising	19.43.40.00	2007.10.05	-
Sophos	4.22.0	2007.10.05	-
Sunbelt	2.2.907.0	2007.10.04	-
Symantec	10	2007.10.05	-
TheHacker	6.2.6.076	2007.10.03	-
VBA32	3.12.2.4	2007.10.03	-
VirusBuster	4.3.26:9	2007.10.04	-
Webwasher-Gateway	6.0.1	2007.10.05	Trojan.Hacdef.DM.29.B
Дополнительная информация
File size: 49664 bytes
MD5: 5e2729025d1e66b03917523ca61ab57b
SHA1: bb56fed36d82b830aef0d7d22b968fb8ecc76d31
packers: UPX
```

----------


## santy

айл exe-load.exe получен 2007.10.05 13:02:20 (CET)
Результат: 7/32 (21.88%)
Загрузка информации...

Антивирус     Версия     Обновление     Результат
AhnLab-V3    2007.10.5.2    2007.10.05    -
*AntiVir    7.6.0.20    2007.10.05    TR/Crypt.XPACK.Gen*
Authentium    4.93.8    2007.10.04    -
Avast    4.7.1051.0    2007.10.05    -
*AVG    7.5.0.488    2007.10.04    Downloader.Obfuskated*
BitDefender    7.2    2007.10.05    -
*CAT-QuickHeal    9.00    2007.10.05    (Suspicious) - DNAScan*
ClamAV    0.91.2    2007.10.05    -
*DrWeb    4.44.0.09170    2007.10.05    Trojan.Packed.147*
*eSafe    7.0.15.0    2007.10.04    Suspicious Trojan/Worm*
eTrust-Vet    31.2.5188    2007.10.05    -
Ewido    4.0    2007.10.05    -
FileAdvisor    1    2007.10.05    -
Fortinet    3.11.0.0    2007.10.05    -
F-Prot    4.3.2.48    2007.10.04    -
F-Secure    6.70.13030.0    2007.10.05    -
Ikarus    T3.1.1.12    2007.10.05    -
Kaspersky    7.0.0.125    2007.10.05    -
McAfee    5134    2007.10.04    -
Microsoft    1.2803    2007.10.04    -
*NOD32v2    2573    2007.10.05    probably unknown NewHeur_PE virus*
Norman    5.80.02    2007.10.05    -
Panda    9.0.0.4    2007.10.05    -
Prevx1    V2    2007.10.05    -
Rising    19.43.40.00    2007.10.05    -
Sophos    4.22.0    2007.10.05    -
Sunbelt    2.2.907.0    2007.10.04    -
Symantec    10    2007.10.05    -
TheHacker    6.2.6.076    2007.10.03    -
VBA32    3.12.2.4    2007.10.05    -
VirusBuster    4.3.26:9    2007.10.04    -
*Webwasher-Gateway    6.0.1    2007.10.05    Trojan.Crypt.XPACK.Gen*
Дополнительная информация
File size: 10240 bytes
MD5: f74074d45285c760690e80f5d6bce79d
SHA1: 4d1e26dc29bad232ce5ab107358bba231e3c2c74

----------


## Shu_b

t 12954



```
Файл file[1].exe получен 2007.10.05 13:24:07 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.10.5.2	2007.10.05	-
AntiVir	7.6.0.20	2007.10.05	-
Authentium	4.93.8	2007.10.04	-
Avast	4.7.1051.0	2007.10.05	-
AVG	7.5.0.488	2007.10.04	-
BitDefender	7.2	2007.10.05	-
CAT-QuickHeal	9.00	2007.10.05	(Suspicious) - DNAScan
ClamAV	0.91.2	2007.10.05	PUA.Packed.UPack-2
DrWeb	4.44.0.09170	2007.10.05	-
eSafe	7.0.15.0	2007.10.04	Suspicious Trojan/Worm
eTrust-Vet	31.2.5188	2007.10.05	-
Ewido	4.0	2007.10.05	-
FileAdvisor	1	2007.10.05	-
Fortinet	3.11.0.0	2007.10.05	-
F-Prot	4.3.2.48	2007.10.05	-
F-Secure	6.70.13030.0	2007.10.05	-
Ikarus	T3.1.1.12	2007.10.05	-
Kaspersky	7.0.0.125	2007.10.05	-
McAfee	5134	2007.10.04	-
Microsoft	1.2803	2007.10.04	-
NOD32v2	2573	2007.10.05	-
Norman	5.80.02	2007.10.05	W32/Suspicious_U.gen
Panda	9.0.0.4	2007.10.05	Suspicious file
Prevx1	V2	2007.10.05	-
Rising	19.43.40.00	2007.10.05	-
Sophos	4.22.0	2007.10.05	Mal/Packer
Sunbelt	2.2.907.0	2007.10.04	VIPRE.Suspicious
Symantec	10	2007.10.05	-
TheHacker	6.2.6.076	2007.10.03	W32/Behav-Heuristic-060
VBA32	3.12.2.4	2007.10.05	-
VirusBuster	4.3.26:9	2007.10.04	Packed/Upack
Webwasher-Gateway	6.0.1	2007.10.05	Win32.Malware.gen (suspicious)
Дополнительная информация
File size: 2437 bytes
MD5: 6e8d68709db9f0014053e8e3e312f808
SHA1: 2f4c51f8aaed7281bcf6dc839450b1b18b16bde4
packers: PE_Patch, UPack
```

 [ не зачет: file[1].exe_ - Этот файл повреждён.

----------


## Макcим

AhnLab-V3	2007.10.6.0	2007.10.05	-
AntiVir	7.6.0.20	2007.10.05	-
Authentium	4.93.8	2007.10.05	-
Avast	4.7.1051.0	2007.10.06	-
AVG	7.5.0.488	2007.10.06	-
BitDefender	7.2	2007.10.06	-
CAT-QuickHeal	9.00	2007.10.06	-
ClamAV	0.91.2	2007.10.06	-
DrWeb	4.44.0.09170	2007.10.06	-
eSafe	7.0.15.0	2007.10.04	-
eTrust-Vet	31.2.5190	2007.10.06	-
Ewido	4.0	2007.10.06	-
FileAdvisor	1	2007.10.06	-
Fortinet	3.11.0.0	2007.10.06	-
F-Prot	4.3.2.48	2007.10.05	-
F-Secure	6.70.13030.0	2007.10.06	-
Ikarus	T3.1.1.12	2007.10.06	-
Kaspersky	7.0.0.125	2007.10.06	-
McAfee	5135	2007.10.05	-
*Microsoft	1.2908	2007.10.06	TrojanDropper:Win32/Malf.gen*
NOD32v2	2575	2007.10.06	-
Norman	5.80.02	2007.10.05	-
Panda	9.0.0.4	2007.10.06	-
Prevx1	V2	2007.10.06	-
Rising	19.43.50.00	2007.10.06	-
Sophos	4.22.0	2007.10.06	-
*Sunbelt	2.2.907.0	2007.10.06	Trojan-Dropper.Win32.Malf.gen*
Symantec	10	2007.10.06	-
TheHacker	6.2.6.078	2007.10.06	-
VBA32	3.12.2.4	2007.10.05	-
VirusBuster	4.3.26:9	2007.10.06	-
Webwasher-Gateway	6.0.1	2007.10.05	-

Дополнительная информация
File size: 551424 bytes
MD5: 7743aa7c2f4f52e35732edaf1db27609
SHA1: 83cc85fb3257355bff7f9595c2b8a5f82006ea4c

----------


## santy

Файл h0i9xtmd.VVexe получен 2007.10.09 05:19:33 (CET)

Результат: 18/32 (56.25%)

Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3	2007.10.9.0	2007.10.08	-
*AntiVir	7.6.0.20	2007.10.08	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2007.10.08	-
Avast	4.7.1051.0	2007.10.08	-
*AVG	7.5.0.488	2007.10.08	Pakes_c.X*
*BitDefender	7.2	2007.10.09	Trojan.Spy.Wsnpoem.C*
*CAT-QuickHeal	9.00	2007.10.08	(Suspicious) - DNAScan*
*ClamAV	0.91.2	2007.10.09	Trojan.Gpcode*
*DrWeb	4.44.0.09170	2007.10.08	Trojan.Proxy.2071*
*eSafe	7.0.15.0	2007.10.08	Suspicious File*
eTrust-Vet	31.2.5197	2007.10.09	-
*Ewido	4.0	2007.10.08	Trojan.Zbot.d*
FileAdvisor	1	2007.10.09	-
*Fortinet	3.11.0.0	2007.10.09	W32/Agent.BRW!tr*
*F-Prot	4.3.2.48	2007.10.08	W32/Trojan.CDVP*
F-Secure	6.70.13030.0	2007.10.09	-
*Ikarus	T3.1.1.12	2007.10.09	Trojan-Spy.Win32.Zbot.x*
Kaspersky	7.0.0.125	2007.10.09	-
McAfee	5136	2007.10.08	-
Microsoft	1.2908	2007.10.08	-
*NOD32v2	2578	2007.10.08	Win32/Spy.Agent.NDM*
Norman	5.80.02	2007.10.08	-
*Panda	9.0.0.4	2007.10.08	Suspicious file*
Prevx1	V2	2007.10.09	-
Rising	19.44.10.00	2007.10.09	-
*Sophos	4.22.0	2007.10.09	Mal/Behav-066*
*Sunbelt	2.2.907.0	2007.10.08	VIPRE.Suspicious*
*Symantec	10	2007.10.09	Infostealer.Notos!gen*
*TheHacker	6.2.6.080	2007.10.09	Trojan/Spy.Zbot.aa*
VBA32	3.12.2.4	2007.10.08	-
VirusBuster	4.3.26:9	2007.10.08	-
*Webwasher-Gateway	6.0.1	2007.10.08	Trojan.Crypt.XPACK.Gen*
Дополнительная информация
File size: 42496 bytes
MD5: 6eb9d9e2be058222eecbfcf501b53b64
SHA1: 414c210a703b2bc6220df063da00df34fcc07843
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## PavelA

> t 12954
>  [ не зачет: file[1].exe_ - Этот файл повреждён.


У меня есть такой же в заначке. Достался с форума Касперского.
Интересно бы их сравнить.

*Добавлено через 3 часа 15 минут*



```
Файл avz00002.dta (c:\windows\system32\svchost.exe:ext.exe:$DATA)
получен 2007.10.09 12:21:12 (CET)Антивирус Версия Обновление Результат 
AhnLab-V3 2007.10.9.1 2007.10.09 - 
AntiVir 7.6.0.20 2007.10.09 TR/Hijack.Explor.320 
Authentium 4.93.8 2007.10.08 - 
Avast 4.7.1051.0 2007.10.08 - 
AVG 7.5.0.488 2007.10.09 SHeur.ROB 
BitDefender 7.2 2007.10.09 BehavesLike:Win32.ExplorerHijack 
CAT-QuickHeal 9.00 2007.10.08 - 
ClamAV 0.91.2 2007.10.09 - 
DrWeb 4.44.0.09170 2007.10.09 - 
eSafe 7.0.15.0 2007.10.08 suspicious Trojan/Worm 
eTrust-Vet 31.2.5198 2007.10.09 - 
Ewido 4.0 2007.10.08 - 
FileAdvisor 1 2007.10.09 - 
Fortinet 3.11.0.0 2007.10.09 - 
F-Prot 4.3.2.48 2007.10.08 - 
F-Secure 6.70.13030.0 2007.10.09 Trojan.Win32.Agent.bwn 
Ikarus T3.1.1.12 2007.10.09 Trojan.Win32.Agent.alt 
Kaspersky 7.0.0.125 2007.10.09 Trojan.Win32.Agent.bwn 
McAfee 5136 2007.10.08 - 
Microsoft 1.2908 2007.10.09 - 
NOD32v2 2579 2007.10.09 - 
Norman 5.80.02 2007.10.08 - 
Panda 9.0.0.4 2007.10.08 - 
Prevx1 V2 2007.10.09 Covert.Code 
Rising 19.44.12.00 2007.10.09 - 
Sophos 4.22.0 2007.10.09 - 
Sunbelt 2.2.907.0 2007.10.08 Win32.ExplorerHijack 
Symantec 10 2007.10.09 - 
TheHacker 6.2.6.080 2007.10.09 - 
VBA32 3.12.2.4 2007.10.08 - 
VirusBuster 4.3.26:9 2007.10.08 - 
Webwasher-Gateway 6.0.1 2007.10.09 Trojan.Hijack.Explor.320  
Дополнительная информация 
File size: 51712 bytes 
MD5: 1b350b46700a59d4da5fbd4b88d90443 
SHA1: 84961192eec0422722cfbc6d92eadffd6856d6b6 
packers: UPX 
packers: PE_Patch.UPX, UPX 
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=97F0749000009359CA4200EF473889005A54C50E
```

----------


## drongo

T-13027


```
Файл avz00001.dta получен 2007.10.09 12:28:32 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.10.9.1	2007.10.09	-
AntiVir	7.6.0.20	2007.10.09	-
Authentium	4.93.8	2007.10.08	Possibly a new variant of W32/Threat-HLLSI-based!Maximus
Avast	4.7.1051.0	2007.10.08	Win32:Iespy-H
AVG	7.5.0.488	2007.10.09	-
BitDefender	7.2	2007.10.09	-
CAT-QuickHeal	9.00	2007.10.08	-
ClamAV	0.91.2	2007.10.09	-
DrWeb	4.44.0.09170	2007.10.09	-
eSafe	7.0.15.0	2007.10.08	suspicious Trojan/Worm
eTrust-Vet	31.2.5198	2007.10.09	Win32/Ramerl!generic
Ewido	4.0	2007.10.08	-
FileAdvisor	1	2007.10.09	-
Fortinet	3.11.0.0	2007.10.09	-
F-Prot	4.3.2.48	2007.10.08	W32/Threat-HLLSI-based!Maximus
F-Secure	6.70.13030.0	2007.10.09	W32/Horst.gen33
Ikarus	T3.1.1.12	2007.10.09	Virus.Win32.Iespy.H
Kaspersky	7.0.0.125	2007.10.09	-
McAfee	5136	2007.10.08	Downloader-ASL
Microsoft	1.2908	2007.10.09	TrojanSpy:Win32/Lespy.gen
NOD32v2	2579	2007.10.09	a variant of Win32/Spy.Iespy
Norman	5.80.02	2007.10.09	W32/Horst.gen33
Panda	9.0.0.4	2007.10.08	-
Prevx1	V2	2007.10.09	-
Rising	19.44.12.00	2007.10.09	-
Sophos	4.22.0	2007.10.09	-
Sunbelt	2.2.907.0	2007.10.08	-
Symantec	10	2007.10.09	-
TheHacker	6.2.6.080	2007.10.09	-
VBA32	3.12.2.4	2007.10.08	-
VirusBuster	4.3.26:9	2007.10.08	Trojan.IESPy.Gen
Webwasher-Gateway	6.0.1	2007.10.09	Trojan.Downloader.Win32.Malware.gen (suspicious)
Дополнительная информация
File size: 7680 bytes
MD5: 97e28b394d7fc2c9ed24fba5c97c2e43
SHA1: 669f31a4c20be7afbb7a39a123d909964587544d
packers: UPX
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX
```



```
Файл avz00003.dta получен 2007.10.09 12:52:38 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.10.9.1	2007.10.09	-
AntiVir	7.6.0.20	2007.10.09	TR/Agent.BOZ.1
Authentium	4.93.8	2007.10.08	-
Avast	4.7.1051.0	2007.10.08	-
AVG	7.5.0.488	2007.10.09	Dropper.Agent.9.J
BitDefender	7.2	2007.10.09	-
CAT-QuickHeal	9.00	2007.10.08	-
ClamAV	0.91.2	2007.10.09	-
DrWeb	4.44.0.09170	2007.10.09	-
eSafe	7.0.15.0	2007.10.08	-
eTrust-Vet	31.2.5198	2007.10.09	-
Ewido	4.0	2007.10.09	-
FileAdvisor	1	2007.10.09	-
Fortinet	3.11.0.0	2007.10.09	-
F-Prot	4.3.2.48	2007.10.08	-
F-Secure	6.70.13030.0	2007.10.09	Trojan.Win32.Agent.boz
Ikarus	T3.1.1.12	2007.10.09	Trojan.Win32.Agent.asu
Kaspersky	7.0.0.125	2007.10.09	Trojan.Win32.Agent.boz
McAfee	5136	2007.10.08	-
Microsoft	1.2908	2007.10.09	-
NOD32v2	2579	2007.10.09	probably unknown NewHeur_PE virus
Norman	5.80.02	2007.10.09	-
Panda	9.0.0.4	2007.10.09	-
Prevx1	V2	2007.10.09	-
Rising	19.44.12.00	2007.10.09	-
Sophos	4.22.0	2007.10.09	-
Sunbelt	2.2.907.0	2007.10.08	-
Symantec	10	2007.10.09	-
TheHacker	6.2.6.080	2007.10.09	-
VBA32	3.12.2.4	2007.10.08	-
VirusBuster	4.3.26:9	2007.10.08	-
Webwasher-Gateway	6.0.1	2007.10.09	Trojan.Agent.BOZ.1
Дополнительная информация
File size: 33280 bytes
MD5: 7129569a56af2c875ce47117882a95cf
SHA1: 66963a92d273524b4200eeb4f280df9243ac74df
```

----------


## TANUKI

Файл spooldr.exe- получен 2007.10.09 14:37:55 (CET)

Антивирус 	Версия 	Обновление 	Результат

Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3	2007.10.9.1	2007.10.09	-
*AntiVir	7.6.0.20	2007.10.09	TR/Patched.AQ.12*
Authentium	4.93.8	2007.10.08	-
*Avast	4.7.1051.0	2007.10.08	Win32atched-BM
AVG	7.5.0.488	2007.10.09	Win32/Bagif
BitDefender	7.2	2007.10.09	Trojan.Starter.AEZ*
CAT-QuickHeal	9.00	2007.10.08	-
ClamAV	0.91.2	2007.10.09	-
*DrWeb	4.44.0.09170	2007.10.09	BackDoor.Groan*
eSafe	7.0.15.0	2007.10.08	-
*eTrust-Vet	31.2.5198	2007.10.09	Win32/UVSW.B*
Ewido	4.0	2007.10.09	-
FileAdvisor	1	2007.10.09	-
*Fortinet	3.11.0.0	2007.10.09	W32/Patched.AQ!tr*
F-Prot	4.3.2.48	2007.10.08	-
*F-Secure	6.70.13030.0	2007.10.09	Trojan.Win32.Patched.aq
Ikarus	T3.1.1.12	2007.10.09	Virus.Win32.Sploder.a
Kaspersky	7.0.0.125	2007.10.09	Trojan.Win32.Patched.aq*
McAfee	5136	2007.10.08	-
*Microsoft	1.2908	2007.10.09	Virus:Win32/Nuwar.B
NOD32v2	2580	2007.10.09	Win32/Nuwar.AU*
Norman	5.80.02	2007.10.09	-
Panda	9.0.0.4	2007.10.09	-
Prevx1	V2	2007.10.09	-
Rising	19.44.12.00	2007.10.09	-
Sophos	4.22.0	2007.10.09	-
*Sunbelt	2.2.907.0	2007.10.08	VIPRE.Suspicious
Symantec	10	2007.10.09	Trojan.Peacomm!inf*
TheHacker	6.2.6.080	2007.10.09	-
VBA32	3.12.2.4	2007.10.08	-
*VirusBuster	4.3.26:9	2007.10.08	Rootkit.KillAV.HL
Webwasher-Gateway	6.0.1	2007.10.09	Trojan.Patched.AQ.12*

----------------------------------------------------------------------

 Файл spooldr.exe- получен 2007.10.09 14:37:55 (CET)

Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3	2007.10.9.1	2007.10.09	-
*AntiVir	7.6.0.20	2007.10.09	WORM/Zhelatin.Gen*
Authentium	4.93.8	2007.10.08	-
Avast	4.7.1051.0	2007.10.08	-
*AVG	7.5.0.488	2007.10.09	Downloader.Tibs
BitDefender	7.2	2007.10.09	Trojan.Peed.ILR
CAT-QuickHeal	9.00	2007.10.08	(Suspicious) - DNAScan
ClamAV	0.91.2	2007.10.09	Trojan.Peed-17
DrWeb	4.44.0.09170	2007.10.09	Trojan.Packed.142
eSafe	7.0.15.0	2007.10.08	Win32.Zhelatin.ki*
eTrust-Vet	31.2.5198	2007.10.09	-
Ewido	4.0	2007.10.09	-
FileAdvisor	1	2007.10.09	-
*Fortinet	3.11.0.0	2007.10.09	W32/[email protected]*
F-Prot	4.3.2.48	2007.10.08	-
*F-Secure	6.70.13030.0	2007.10.09	Email-Worm.Win32.Zhelatin.ki
Ikarus	T3.1.1.12	2007.10.09	Trojan.Peed.ILR
Kaspersky	7.0.0.125	2007.10.09	Email-Worm.Win32.Zhelatin.ki*
McAfee	5136	2007.10.08	-
*Microsoft	1.2908	2007.10.09	Trojan:Win32/Tibs.EO
NOD32v2	2580	2007.10.09	Win32/Nuwar.Gen
Norman	5.80.02	2007.10.09	W32/Tibs.AWYO*
Panda	9.0.0.4	2007.10.09	-
Prevx1	V2	2007.10.09	-
Rising	19.44.12.00	2007.10.09	-
Sophos	4.22.0	2007.10.09	-
*Sunbelt	2.2.907.0	2007.10.08	Trojan-Dropper.Win32.Nuwar.gen!lds
Symantec	10	2007.10.09	Trojan.Packed.13
TheHacker	6.2.6.080	2007.10.09	W32/Zhelatin.gen*
VBA32	3.12.2.4	2007.10.08	-
*VirusBuster	4.3.26:9	2007.10.08	Trojan.Tibs.Gen!Pac.132
Webwasher-Gateway	6.0.1	2007.10.09	Worm.Zhelatin.Gen*

----------


## vaber

```
Файл installer.exe получен 2007.10.09 17:43:54 (CET)

Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2007.10.9.1	2007.10.09	-
AntiVir	7.6.0.20	2007.10.09	TR/Crypt.Morphine.Gen
Authentium	4.93.8	2007.10.08	-
Avast	4.7.1051.0	2007.10.08	-
AVG	7.5.0.488	2007.10.09	-
BitDefender	7.2	2007.10.09	-
CAT-QuickHeal	9.00	2007.10.09	(Suspicious) - DNAScan
ClamAV	0.91.2	2007.10.09	-
DrWeb	4.44.0.09170	2007.10.09	Trojan.Sentinel
eSafe	7.0.15.0	2007.10.08	Suspicious File
eTrust-Vet	31.2.5198	2007.10.09	-
Ewido	4.0	2007.10.09	-
FileAdvisor	1	2007.10.09	-
Fortinet	3.11.0.0	2007.10.09	-
F-Prot	4.3.2.48	2007.10.08	-
F-Secure	6.70.13030.0	2007.10.09	W32/BHO.QG
Ikarus	T3.1.1.12	2007.10.09	-
Kaspersky	7.0.0.125	2007.10.09	Heur.Trojan.Generic
McAfee	5136	2007.10.08	New Malware.bl
Microsoft	1.2908	2007.10.09	-
NOD32v2	2581	2007.10.09	-
Norman	5.80.02	2007.10.09	W32/BHO.QG
Panda	9.0.0.4	2007.10.09	-
Prevx1	V2	2007.10.09	-
Rising	19.44.12.00	2007.10.09	-
Sophos	4.22.0	2007.10.09	-
Sunbelt	2.2.907.0	2007.10.08	-
Symantec	10	2007.10.09	-
TheHacker	6.2.6.080	2007.10.09	-
VBA32	3.12.2.4	2007.10.08	-
VirusBuster	4.3.26:9	2007.10.09	-
Webwasher-Gateway	6.0.1	2007.10.09	Trojan.Crypt.Morphine.Gen
Дополнительная информация
File size: 147456 bytes
MD5: 0acd27b043664c5d239e40ecd5796b99
SHA1: 5345d1389e02f5491e54774d1d5f4e385625987f
packers: Morphine
```

----------


## V_Bond

ntos.exe из темы ..http://virusinfo.info/showthread.php...811#post140811


```
AhnLab-V3	2007.10.10.0	2007.10.09	-
AntiVir	7.6.0.20	2007.10.09	-
Authentium	4.93.8	2007.10.08	-
Avast	4.7.1051.0	2007.10.09	-
AVG	7.5.0.488	2007.10.09	-
BitDefender	7.2	2007.10.09	-
CAT-QuickHeal	9.00	2007.10.09	-
ClamAV	0.91.2	2007.10.09	-
DrWeb	4.44.0.09170	2007.10.09	Trojan.Fakealert.334
eSafe	7.0.15.0	2007.10.09	-
eTrust-Vet	31.2.5198	2007.10.09	-
Ewido	4.0	2007.10.09	-
FileAdvisor	1	2007.10.09	-
Fortinet	3.11.0.0	2007.10.09	-
F-Prot	4.3.2.48	2007.10.08	-
F-Secure	6.70.13030.0	2007.10.09	-
Ikarus	T3.1.1.12	2007.10.09	-
Kaspersky	7.0.0.125	2007.10.09	-
McAfee	5137	2007.10.09	-
Microsoft	1.2908	2007.10.09	-
NOD32v2	2581	2007.10.09	-
Norman	5.80.02	2007.10.09	-
Panda	9.0.0.4	2007.10.09	Suspicious file
Prevx1	V2	2007.10.09	-
Rising	19.44.12.00	2007.10.09	-
Sophos	4.22.0	2007.10.09	-
Sunbelt	2.2.907.0	2007.10.08	-
Symantec	10	2007.10.09	-
TheHacker	6.2.6.080	2007.10.09	-
VBA32	3.12.2.4	2007.10.08	Trojan.Fakealert.334
VirusBuster	4.3.26:9	2007.10.09	-
Webwasher-Gateway	6.0.1	2007.10.09	-
Дополнительная информация
File size: 2560 bytes
MD5: 8178ef302f7da6c19a81a90486266dc4
SHA1: 0481f7d1e39c0ab97871222ee39e8a1b2fc489a6
```

----------


## drongo

T=13035


```
Файл avz00005.dta получен 2007.10.09 23:03:27 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.10.10.0	2007.10.09	-
AntiVir	7.6.0.20	2007.10.09	-
Authentium	4.93.8	2007.10.09	-
Avast	4.7.1051.0	2007.10.09	-
AVG	7.5.0.488	2007.10.09	BHO.BMT
BitDefender	7.2	2007.10.09	Adware.Sagou.A
CAT-QuickHeal	9.00	2007.10.09	AdWare.BHO.gt (Not a Virus)
ClamAV	0.91.2	2007.10.09	-
DrWeb	4.44.0.09170	2007.10.09	Trojan.Cinco
eSafe	7.0.15.0	2007.10.09	-
eTrust-Vet	31.2.5198	2007.10.09	-
Ewido	4.0	2007.10.09	-
FileAdvisor	1	2007.10.09	-
Fortinet	3.11.0.0	2007.10.09	-
F-Prot	4.3.2.48	2007.10.09	-
F-Secure	6.70.13030.0	2007.10.09	-
Ikarus	T3.1.1.12	2007.10.09	-
Kaspersky	7.0.0.125	2007.10.09	not-a-virus:AdWare.Win32.BHO.hk
McAfee	5137	2007.10.09	-
Microsoft	1.2908	2007.10.09	-
NOD32v2	2581	2007.10.09	-
Norman	5.80.02	2007.10.09	-
Panda	9.0.0.4	2007.10.09	-
Prevx1	V2	2007.10.09	Heuristic: Suspicious File With Bad Parent Associations
Rising	19.44.12.00	2007.10.09	-
Sophos	4.22.0	2007.10.09	-
Sunbelt	2.2.907.0	2007.10.08	-
Symantec	10	2007.10.09	-
TheHacker	6.2.6.080	2007.10.09	-
VBA32	3.12.2.4	2007.10.08	-
VirusBuster	4.3.26:9	2007.10.09	-
Webwasher-Gateway	6.0.1	2007.10.09	-
Дополнительная информация
File size: 53248 bytes
MD5: 6697d065374174117a8d5507c88783b5
SHA1: 777617a6ab40a53e3bff3f4dc05d79aa84a622d0
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=BFD4BDE30010A6D5D05000AEF05A3800AB90E2E9
```



```
Файл avz00010.dta получен 2007.10.09 23:12:51 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.10.10.0	2007.10.09	-
AntiVir	7.6.0.20	2007.10.09	-
Authentium	4.93.8	2007.10.09	-
Avast	4.7.1051.0	2007.10.09	-
AVG	7.5.0.488	2007.10.09	-
BitDefender	7.2	2007.10.09	Adware.Sagou.A
CAT-QuickHeal	9.00	2007.10.09	-
ClamAV	0.91.2	2007.10.09	-
DrWeb	4.44.0.09170	2007.10.09	-
eSafe	7.0.15.0	2007.10.09	-
eTrust-Vet	31.2.5198	2007.10.09	-
Ewido	4.0	2007.10.09	-
FileAdvisor	1	2007.10.09	-
Fortinet	3.11.0.0	2007.10.09	-
F-Prot	4.3.2.48	2007.10.09	-
F-Secure	6.70.13030.0	2007.10.09	-
Ikarus	T3.1.1.12	2007.10.09	-
Kaspersky	7.0.0.125	2007.10.09	not-a-virus:AdWare.Win32.Zhongsou.m
McAfee	5137	2007.10.09	-
Microsoft	1.2908	2007.10.09	-
NOD32v2	2582	2007.10.09	-
Norman	5.80.02	2007.10.09	-
Panda	9.0.0.4	2007.10.09	-
Prevx1	V2	2007.10.09	TROJAN.AGENT.GEN
Rising	19.44.12.00	2007.10.09	-
Sophos	4.22.0	2007.10.09	-
Sunbelt	2.2.907.0	2007.10.08	-
Symantec	10	2007.10.09	-
TheHacker	6.2.6.080	2007.10.09	-
VBA32	3.12.2.4	2007.10.08	-
VirusBuster	4.3.26:9	2007.10.09	-
Webwasher-Gateway	6.0.1	2007.10.09	-
Дополнительная информация
File size: 118784 bytes
MD5: fdc2ccd8fd34483d88f09585fd9cf274
SHA1: 207ba59716ab7eabe565a42520f46c3ada5820fc
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=C5D42E3A0088AA99D07F013A89F2F800A92AFC0B
```



```
Файл avz00009.dta получен 2007.10.09 23:17:36 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.10.10.0	2007.10.09	-
AntiVir	7.6.0.20	2007.10.09	TR/Rootkit.Gen
Authentium	4.93.8	2007.10.09	-
Avast	4.7.1051.0	2007.10.09	Win32:Agent-KYE
AVG	7.5.0.488	2007.10.09	-
BitDefender	7.2	2007.10.09	-
CAT-QuickHeal	9.00	2007.10.09	-
ClamAV	0.91.2	2007.10.09	-
DrWeb	4.44.0.09170	2007.10.09	-
eSafe	7.0.15.0	2007.10.09	-
eTrust-Vet	31.2.5198	2007.10.09	-
Ewido	4.0	2007.10.09	-
FileAdvisor	1	2007.10.09	-
Fortinet	3.11.0.0	2007.10.09	-
F-Prot	4.3.2.48	2007.10.09	-
F-Secure	6.70.13030.0	2007.10.09	Trojan-Downloader.Win32.Hmir.bu
Ikarus	T3.1.1.12	2007.10.09	Trojan-Downloader.Win32.Agent.bbb
Kaspersky	7.0.0.125	2007.10.09	Trojan-Downloader.Win32.Hmir.bu
McAfee	5137	2007.10.09	-
Microsoft	1.2908	2007.10.09	Backdoor:WinNT/Farfli.B!sys
NOD32v2	2582	2007.10.09	a variant of Win32/Rootkit.Agent.NCK
Norman	5.80.02	2007.10.09	-
Panda	9.0.0.4	2007.10.09	-
Prevx1	V2	2007.10.09	-
Rising	19.44.12.00	2007.10.09	-
Sophos	4.22.0	2007.10.09	-
Sunbelt	2.2.907.0	2007.10.08	-
Symantec	10	2007.10.09	-
TheHacker	6.2.6.080	2007.10.09	-
VBA32	3.12.2.4	2007.10.08	-
VirusBuster	4.3.26:9	2007.10.09	-
Webwasher-Gateway	6.0.1	2007.10.09	Trojan.Rootkit.Gen
Дополнительная информация
File size: 22208 bytes
MD5: f4300abbb3a379e8e43b11ad54d0ed39
SHA1: 2e9fd820405c3480e7286350c20c090f09fea449
```



```
Файл avz00014.dta получен 2007.10.09 23:34:12 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.10.10.0	2007.10.09	-
AntiVir	7.6.0.20	2007.10.09	TR/Spy.Gen
Authentium	4.93.8	2007.10.09	-
Avast	4.7.1051.0	2007.10.09	Win32:Agent-JZN
AVG	7.5.0.488	2007.10.09	-
BitDefender	7.2	2007.10.09	-
CAT-QuickHeal	9.00	2007.10.09	-
ClamAV	0.91.2	2007.10.09	-
DrWeb	4.44.0.09170	2007.10.09	DLOADER.Trojan
eSafe	7.0.15.0	2007.10.09	-
eTrust-Vet	31.2.5198	2007.10.09	-
Ewido	4.0	2007.10.09	-
FileAdvisor	1	2007.10.09	-
Fortinet	3.11.0.0	2007.10.09	-
F-Prot	4.3.2.48	2007.10.09	-
F-Secure	6.70.13030.0	2007.10.09	Trojan-Downloader.Win32.Hmir.bu
Ikarus	T3.1.1.12	2007.10.09	Virus.Win32.Agent.JZN
Kaspersky	7.0.0.125	2007.10.09	Trojan-Downloader.Win32.Hmir.bu
McAfee	5137	2007.10.09	-
Microsoft	1.2908	2007.10.09	Backdoor:Win32/Farfli.B.dll
NOD32v2	2582	2007.10.09	a variant of Win32/TrojanDownloader.Agent.NPO
Norman	5.80.02	2007.10.09	-
Panda	9.0.0.4	2007.10.09	-
Prevx1	V2	2007.10.09	-
Rising	19.44.12.00	2007.10.09	-
Sophos	4.22.0	2007.10.09	Mal/Behav-063
Sunbelt	2.2.907.0	2007.10.08	-
Symantec	10	2007.10.09	-
TheHacker	6.2.6.080	2007.10.09	-
VBA32	3.12.2.4	2007.10.08	-
VirusBuster	4.3.26:9	2007.10.09	Trojan.DL.Agent.Gen.10
Webwasher-Gateway	6.0.1	2007.10.09	Trojan.Spy.Gen
Дополнительная информация
File size: 139264 bytes
MD5: cb2c900ee2e9879a93248793a4748132
SHA1: 65d48ba3420028595ab7e1a11cfe982d984b38d3
```



```
Файл avz00012.dta получен 2007.10.09 23:46:43 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.10.10.0	2007.10.09	-
AntiVir	7.6.0.20	2007.10.09	-
Authentium	4.93.8	2007.10.09	-
Avast	4.7.1051.0	2007.10.09	-
AVG	7.5.0.488	2007.10.09	-
BitDefender	7.2	2007.10.09	-
CAT-QuickHeal	9.00	2007.10.09	-
ClamAV	0.91.2	2007.10.09	-
DrWeb	4.44.0.09170	2007.10.09	-
eSafe	7.0.15.0	2007.10.09	-
eTrust-Vet	31.2.5198	2007.10.09	-
Ewido	4.0	2007.10.09	-
FileAdvisor	1	2007.10.09	-
Fortinet	3.11.0.0	2007.10.09	-
F-Prot	4.3.2.48	2007.10.09	-
F-Secure	6.70.13030.0	2007.10.09	-
Ikarus	T3.1.1.12	2007.10.09	-
Kaspersky	7.0.0.125	2007.10.09	Trojan.Win32.Inject.gr
McAfee	5137	2007.10.09	BackDoor-DMB.sys
Microsoft	1.2908	2007.10.09	-
NOD32v2	2582	2007.10.09	-
Norman	5.80.02	2007.10.09	-
Panda	9.0.0.4	2007.10.09	-
Prevx1	V2	2007.10.10	-
Rising	19.44.12.00	2007.10.09	-
Sophos	4.22.0	2007.10.09	-
Sunbelt	2.2.907.0	2007.10.08	-
Symantec	10	2007.10.09	-
TheHacker	6.2.6.080	2007.10.09	-
VBA32	3.12.2.4	2007.10.08	-
VirusBuster	4.3.26:9	2007.10.09	-
Webwasher-Gateway	6.0.1	2007.10.09	Win32.Malware.gen!88 (suspicious)
Дополнительная информация
File size: 173348 bytes
MD5: cc2eea05d38c579721f077a4d483e01a
SHA1: 59ec54992bbabf947086d3936c2e5329548e0fd9
```

----------


## vaber

```
Файл id3213.exe получен 2007.10.10 17:25:52 (CET)

Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2007.10.10.1	2007.10.10	-
AntiVir	7.6.0.20	2007.10.10	HEUR/Crypted
Authentium	4.93.8	2007.10.09	-
Avast	4.7.1051.0	2007.10.09	-
AVG	7.5.0.488	2007.10.10	-
BitDefender	7.2	2007.10.10	Trojan.Srizbi.T
CAT-QuickHeal	9.00	2007.10.10	-
ClamAV	0.91.2	2007.10.10	-
DrWeb	4.44.0.09170	2007.10.10	-
eSafe	7.0.15.0	2007.10.09	suspicious Trojan/Worm
eTrust-Vet	31.2.5201	2007.10.10	-
Ewido	4.0	2007.10.10	-
FileAdvisor	1	2007.10.10	-
Fortinet	3.11.0.0	2007.10.10	-
F-Prot	4.3.2.48	2007.10.09	-
F-Secure	6.70.13030.0	2007.10.10	-
Ikarus	T3.1.1.12	2007.10.10	-
Kaspersky	7.0.0.125	2007.10.10	-
McAfee	5137	2007.10.09	-
Microsoft	1.2908	2007.10.10	-
NOD32v2	2584	2007.10.10	-
Norman	5.80.02	2007.10.10	-
Panda	9.0.0.4	2007.10.10	-
Prevx1	V2	2007.10.10	-
Rising	19.44.22.00	2007.10.10	-
Sophos	4.22.0	2007.10.10	-
Sunbelt	2.2.907.0	2007.10.10	-
Symantec	10	2007.10.10	-
TheHacker	6.2.6.082	2007.10.10	-
VBA32	3.12.2.4	2007.10.10	-
VirusBuster	4.3.26:9	2007.10.10	-
Webwasher-Gateway	6.0.1	2007.10.10	Heuristic.Crypted
Дополнительная информация
File size: 115200 bytes
MD5: 5c8d412845400cab9133a7c44be53b0c
SHA1: 6135ea8d7c05c16cb64f94c2bd21f95bf0c6db86
packers: UPX
packers: PE_Patch.UPX, UPX
```

----------


## drongo

```
File avz00003.dta received on 10.11.2007 21:03:56 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.10.12.0	2007.10.11	-
AntiVir	7.6.0.20	2007.10.11	-
Authentium	4.93.8	2007.10.09	-
Avast	4.7.1051.0	2007.10.11	-
AVG	7.5.0.488	2007.10.11	-
BitDefender	7.2	2007.10.11	-
CAT-QuickHeal	9.00	2007.10.11	-
ClamAV	0.91.2	2007.10.11	-
DrWeb	4.44.0.09170	2007.10.11	-
eSafe	7.0.15.0	2007.10.10	suspicious Trojan/Worm
eTrust-Vet	31.2.5203	2007.10.11	-
Ewido	4.0	2007.10.11	-
FileAdvisor	1	2007.10.11	-
Fortinet	3.11.0.0	2007.10.11	-
F-Prot	4.3.2.48	2007.10.11	-
F-Secure	6.70.13030.0	2007.10.11	-
Ikarus	T3.1.1.12	2007.10.11	-
Kaspersky	7.0.0.125	2007.10.11	Trojan.Win32.Small.sk
McAfee	5139	2007.10.11	-
Microsoft	1.2908	2007.10.11	VirTool:Win32/Obfuscator.L
NOD32v2	2586	2007.10.11	-
Norman	5.80.02	2007.10.11	-
Panda	9.0.0.4	2007.10.11	-
Rising	19.44.32.00	2007.10.11	-
Sophos	4.22.0	2007.10.11	-
Sunbelt	2.2.907.0	2007.10.11	-
Symantec	10	2007.10.11	-
TheHacker	6.2.8.085	2007.10.11	-
VBA32	3.12.2.4	2007.10.11	-
VirusBuster	4.3.26:9	2007.10.11	-
Webwasher-Gateway	6.0.1	2007.10.11	Win32.UPXpacked.gen (suspicious)
Additional information
File size: 8192 bytes
MD5: 669d932908f2d100622b21827d17dbbe
SHA1: c049bfdb6d8204192a428d2fe910b2589e7a8d39
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX
```

----------


## Muzzle

C:\WINDOWS\System32\Iqxtqpq.dll





> AhnLab-V3	2007.10.12.0	2007.10.11	-
> *AntiVir	7.6.0.20	2007.10.11	TR/Agent.BRW.1*
> Authentium	4.93.8	2007.10.11	-
> Avast	4.7.1051.0	2007.10.11	-
> *AVG	7.5.0.488	2007.10.11	Generic8.CRO
> BitDefender	7.2	2007.10.12	Trojan.Inject.EM*
> CAT-QuickHeal	9.00	2007.10.11	-
> ClamAV	0.91.2	2007.10.11	-
> *DrWeb	4.44.0.09170	2007.10.12	Trojan.Inject.398
> ...

----------


## vaber

Гы


```
Файл word.exe получен 2007.10.12 18:36:12 (CET)

Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2007.10.12.1	2007.10.12	-
AntiVir	7.6.0.23	2007.10.12	-
Authentium	4.93.8	2007.10.12	-
Avast	4.7.1051.0	2007.10.11	-
AVG	7.5.0.488	2007.10.12	-
BitDefender	7.2	2007.10.12	-
CAT-QuickHeal	9.00	2007.10.12	-
ClamAV	0.91.2	2007.10.12	-
DrWeb	4.44.0.09170	2007.10.12	-
eSafe	7.0.15.0	2007.10.10	-
eTrust-Vet	31.2.5205	2007.10.12	-
Ewido	4.0	2007.10.12	-
FileAdvisor	1	2007.10.12	-
Fortinet	3.11.0.0	2007.10.12	-
F-Prot	4.3.2.48	2007.10.11	-
F-Secure	6.70.13030.0	2007.10.12	-
Ikarus	T3.1.1.12	2007.10.12	-
Kaspersky	7.0.0.125	2007.10.12	-
McAfee	5140	2007.10.12	-
Microsoft	1.2908	2007.10.12	-
NOD32v2	2589	2007.10.12	-
Norman	5.80.02	2007.10.12	-
Panda	9.0.0.4	2007.10.12	-
Prevx1	V2	2007.10.12	-
Rising	19.44.42.00	2007.10.12	-
Sophos	4.22.0	2007.10.12	-
Sunbelt	2.2.907.0	2007.10.11	-
Symantec	10	2007.10.12	-
TheHacker	6.2.8.087	2007.10.12	-
VBA32	3.12.2.4	2007.10.12	-
VirusBuster	4.3.26:9	2007.10.12	-
Webwasher-Gateway	6.0.1	2007.10.12	-
Дополнительная информация
File size: 24064 bytes
MD5: aded501eeeffcd1fd00905118f70512f
SHA1: a82ca93c9d7c13524920cfe7b68ae6c7d7794adc
```

----------


## mayas

File winupdsvs.exe received on 10.14.2007 17:53:30 (CET)

Antivirus;Version;Last Update;Result
*AntiVir;7.6.0.23;2007.10.13;HEUR/Crypted
CAT-QuickHeal;9.00;2007.10.13;(Suspicious) - DNAScan
DrWeb;4.44.0.09170;2007.10.14;Trojan.PWS.LDPinch.1  417
eSafe;7.0.15.0;2007.10.10;1155434060
Ikarus;T3.1.1.12;2007.10.14;Trojan-PWS.Win32.LdPinch.bpj
Kaspersky;7.0.0.125;2007.10.14;Heur.Trojan.Generic
Panda;9.0.0.4;2007.10.14;Suspicious file
Sophos;4.22.0;2007.10.14;Mal/Basine-C
Sunbelt;2.2.907.0;2007.10.13;VIPRE.Suspicious
Webwasher-Gateway;6.0.1;2007.10.13;Heuristic.Crypted*

Additional information
File size: 53732 bytes
MD5: ccd7c8c267b6ed1bfd015c62e20d56fa
SHA1: ffb4d3f42179aa87536163e4e794e2735e85368a
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## Surfer

Упало в забытый ящик на мыло.ру


```
Файл Update_Dealer.exe получен 2007.10.15 16:30:11 (CET)

AhnLab-V3	2007.10.16.0	2007.10.15	-
AntiVir	7.6.0.23	2007.10.15	-
Authentium	4.93.8	2007.10.14	-
Avast	4.7.1051.0	2007.10.14	-
AVG	7.5.0.488	2007.10.15	-
BitDefender	7.2	2007.10.15	BehavesLike:Win32.Malware
CAT-QuickHeal	9.00	2007.10.13	-
ClamAV	0.91.2	2007.10.14	-
DrWeb	4.44.0.09170	2007.10.15	-
eSafe	7.0.15.0	2007.10.10	-
eTrust-Vet	31.2.5207	2007.10.13	-
Ewido	4.0	2007.10.15	-
FileAdvisor	1	2007.10.15	-
Fortinet	3.11.0.0	2007.10.15	-
F-Prot	4.3.2.48	2007.10.15	-
F-Secure	6.70.13030.0	2007.10.15	-
Ikarus	T3.1.1.12	2007.10.15	-
Kaspersky	7.0.0.125	2007.10.15	Heur.Trojan.Generic
McAfee	5140	2007.10.12	-
Microsoft	1.2908	2007.10.15	-
NOD32v2	2591	2007.10.14	-
Norman	5.80.02	2007.10.15	-
Panda	9.0.0.4	2007.10.14	Suspicious file
Prevx1	V2	2007.10.15	-
Rising	19.45.02.00	2007.10.15	-
Sophos	4.22.0	2007.10.15	-
Sunbelt	2.2.907.0	2007.10.13	-
Symantec	10	2007.10.15	-
TheHacker	6.2.8.091	2007.10.15	-
VBA32	3.12.2.4	2007.10.15	-
VirusBuster	4.3.26:9	2007.10.14	-
Webwasher-Gateway	6.6.1	2007.10.15	-

Дополнительная информация
File size: 46641 bytes
MD5: 6753badb5360330caae68196c5a0f62b
SHA1: 31e19bba762c633bfc5a330097fccc4c444456cf
packers: PE_Patch
```

UPD
он же, но после запуска (во временной папке нашёл =)).
Проактивка каспера ловит что-то типа "passwords sending"



```
File svchost.exe received on 10.15.2007 17:11:04 (CET)

AhnLab-V3 2007.10.16.0 2007.10.15 - 
AntiVir 7.6.0.23 2007.10.15 HEUR/Crypted
Authentium 4.93.8 2007.10.14 - 
Avast 4.7.1051.0 2007.10.14 - 
AVG 7.5.0.488 2007.10.15 - 
BitDefender 7.2 2007.10.15 - 
CAT-QuickHeal 9.00 2007.10.13 - 
ClamAV 0.91.2 2007.10.14 - 
DrWeb 4.44.0.09170 2007.10.15 - 
eSafe 7.0.15.0 2007.10.10 - 
eTrust-Vet 31.2.5207 2007.10.13 - 
Ewido 4.0 2007.10.15 - 
FileAdvisor 1 2007.10.15 - 
Fortinet 3.11.0.0 2007.10.15 W32/Oporto.3076
F-Prot 4.3.2.48 2007.10.15 - 
F-Secure 6.70.13030.0 2007.10.15 - 
Ikarus T3.1.1.12 2007.10.15 Trojan-Spy.Win32.Agent.DI
Kaspersky 7.0.0.125 2007.10.15 - 
McAfee 5140 2007.10.12 - 
Microsoft 1.2908 2007.10.15 - 
NOD32v2 2591 2007.10.14 - 
Norman 5.80.02 2007.10.15 - 
Panda 9.0.0.4 2007.10.14 - 
Prevx1 V2 2007.10.15 - 
Rising 19.45.02.00 2007.10.15 - 
Sophos 4.22.0 2007.10.15 Mal/Basine-C
Sunbelt 2.2.907.0 2007.10.13 - 
Symantec 10 2007.10.15 - 
TheHacker 6.2.8.091 2007.10.15 - 
VBA32 3.12.2.4 2007.10.15 - 
VirusBuster 4.3.26:9 2007.10.14 - 
Webwasher-Gateway 6.6.1 2007.10.15 Heuristic.Crypted

Additional information 
File size: 42496 bytes 
MD5: 6ac6201be846ce6934bf89a70b7e8182 
SHA1: d21ac0a86ae5b2cd1b6a425189e2f90b0b837483 
packers: PE_Patch
```

----------


## Shu_b

t - 13236



```
File WinAvXX.exe received on 10.16.2007 07:36:16 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.10.16.1	2007.10.16	-
AntiVir	7.6.0.23	2007.10.15	TR/Crypt.ULPM.Gen
Authentium	4.93.8	2007.10.14	Possibly a new variant of W32/Fathom.3-based!Maximus
Avast	4.7.1051.0	2007.10.15	-
AVG	7.5.0.488	2007.10.15	-
BitDefender	7.2	2007.10.16	Trojan.Peed.JZ
CAT-QuickHeal	9.00	2007.10.15	-
ClamAV	0.91.2	2007.10.14	-
DrWeb	4.44.0.09170	2007.10.15	Trojan.Fakealert.357
eSafe	7.0.15.0	2007.10.15	suspicious Trojan/Worm
eTrust-Vet	31.2.5213	2007.10.15	-
Ewido	4.0	2007.10.15	-
FileAdvisor	1	2007.10.16	-
Fortinet	3.11.0.0	2007.10.16	-
F-Prot	4.3.2.48	2007.10.15	W32/Fathom.3-based!Maximus
F-Secure	6.70.13030.0	2007.10.16	-
Ikarus	T3.1.1.12	2007.10.16	-
Kaspersky	7.0.0.125	2007.10.16	-
McAfee	5141	2007.10.15	-
Microsoft	1.2908	2007.10.16	Trojan:Win32/SystemHijack.gen
NOD32v2	2592	2007.10.15	-
Norman	5.80.02	2007.10.15	-
Panda	9.0.0.4	2007.10.16	Suspicious file
Prevx1	V2	2007.10.16	-
Rising	19.45.10.00	2007.10.16	-
Sophos	4.22.0	2007.10.16	Mal/HckPk-A
Sunbelt	2.2.907.0	2007.10.16	-
Symantec	10	2007.10.16	-
TheHacker	6.2.8.091	2007.10.15	-
VBA32	3.12.2.4	2007.10.15	-
VirusBuster	4.3.26:9	2007.10.15	-
Webwasher-Gateway	6.6.1	2007.10.16	Trojan.Crypt.ULPM.Gen
Additional information
File size: 7680 bytes
```

----------


## santy

Файл zw0jzcrr.exe получен 2007.10.16 08:43:07 (CET)
Результат: 19/32 (59.38%)
Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3	2007.10.16.1	2007.10.16	-
*AntiVir	7.6.0.23	2007.10.16	HEUR/Malware*
*Authentium	4.93.8	2007.10.14	Possibly a new variant of W32/new-malware!Maximus*
Avast	4.7.1051.0	2007.10.15	-
*AVG	7.5.0.488	2007.10.15	Downloader.Generic6.KPH*
*BitDefender	7.2	2007.10.16	Generic.Malware.Bdld!!.ACF63F02*
*CAT-QuickHeal	9.00	2007.10.15	(Suspicious) - DNAScan*
ClamAV	0.91.2	2007.10.14	-
*DrWeb	4.44.0.09170	2007.10.15	Trojan.DownLoader.28665*
*eSafe	7.0.15.0	2007.10.15	suspicious Trojan/Worm*
eTrust-Vet	31.2.5213	2007.10.15	-
Ewido	4.0	2007.10.15	-
FileAdvisor	1	2007.10.16	-
Fortinet	3.11.0.0	2007.10.16	-
*F-Prot	4.3.2.48	2007.10.15	W32/Downloader-Sml-based!Maximus*
*F-Secure	6.70.13030.0	2007.10.16	Trojan-Downloader.Win32.Small.gbl*
*Ikarus	T3.1.1.12	2007.10.16	Trojan-Downloader.Win32.Small.gbl*
*Kaspersky	7.0.0.125	2007.10.16	Trojan-Downloader.Win32.Small.gbl*
McAfee	5141	2007.10.15	-
Microsoft	1.2908	2007.10.16	-
*NOD32v2	2592	2007.10.15	a variant of Win32/TrojanDownloader.Small.NWJ*
*Norman	5.80.02	2007.10.15	Harnig.gen1*
*Panda	9.0.0.4	2007.10.16	Suspicious file*
Prevx1	V2	2007.10.16	-
Rising	19.45.11.00	2007.10.16	-
*Sophos	4.22.0	2007.10.16	Mal/Behav-112*
*Sunbelt	2.2.907.0	2007.10.16	VIPRE.Suspicious*
Symantec	10	2007.10.16	-
TheHacker	6.2.8.091	2007.10.15	-
*VBA32	3.12.2.4	2007.10.15	Trojan.DownLoader.28665*
*VirusBuster	4.3.26:9	2007.10.15	Packed/FSG*
*Webwasher-Gateway	6.6.1	2007.10.16	Heuristic.Malware*
Дополнительная информация
File size: 1661 bytes
MD5: 2838f4233a78514921f231268a3d11a8
SHA1: f4ed349ad83099234f25bab0d4d43efcd8ce09c9
packers: FSG

----------


## santy

Файл lloh.exe получен 2007.10.17 05:57:21 (CET)
Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3	2007.10.17.0	2007.10.16	-
*AntiVir	7.6.0.23	2007.10.16	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2007.10.17	-
Avast	4.7.1051.0	2007.10.17	-
AVG	7.5.0.488	2007.10.16	-
BitDefender	7.2	2007.10.17	-
*CAT-QuickHeal	9.00	2007.10.16	(Suspicious) - DNAScan*
ClamAV	0.91.2	2007.10.16	-
DrWeb	4.44.0.09170	2007.10.17	-
*eSafe	7.0.15.0	2007.10.15	Suspicious File*
eTrust-Vet	31.2.5216	2007.10.17	-
Ewido	4.0	2007.10.16	-
FileAdvisor	1	2007.10.17	-
Fortinet	3.11.0.0	2007.10.17	-
F-Prot	4.3.2.48	2007.10.17	-
F-Secure	6.70.13030.0	2007.10.17	-
Ikarus	T3.1.1.12	2007.10.17	-
Kaspersky	7.0.0.125	2007.10.17	-
McAfee	5142	2007.10.16	-
Microsoft	1.2908	2007.10.16	-
NOD32v2	2596	2007.10.17	-
Norman	5.80.02	2007.10.16	-
*Panda	9.0.0.4	2007.10.16	Suspicious file*
Prevx1	V2	2007.10.17	-
Rising	19.45.20.00	2007.10.17	-
*Sophos	4.22.0	2007.10.17	Mal/Basine-C*
Sunbelt	2.2.907.0	2007.10.16	-
Symantec	10	2007.10.17	-
TheHacker	6.2.8.093	2007.10.16	-
VBA32	3.12.2.4	2007.10.16	-
VirusBuster	4.3.26:9	2007.10.16	-
*Webwasher-Gateway	6.6.1	2007.10.17	Trojan.Crypt.XPACK.Gen*
Дополнительная информация
File size: 34783 bytes
MD5: 6c2344a4f1e2ac6bb2f02f72d82f5494
SHA1: a91fbaae3ad33ab64a359fd7d6cc97142959a273
---
ВирЛаб ДрВеб ответил, что файл поврежден.

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## PavelA

Из раздела "Помогите":


```
Файл ip6fw.sys получен 2007.10.17 12:54:42 (CET)
Антивирус Версия Обновление Результат 
AhnLab-V3 2007.10.17.1 2007.10.17 Win-Trojan/Agent.7552 
AntiVir 7.6.0.23 2007.10.17 RKIT/Ntech.I 
Authentium 4.93.8 2007.10.17 W32/DL_small.FJ 
Avast 4.7.1051.0 2007.10.17 Win32:Agent-KIR 
AVG 7.5.0.488 2007.10.16 Downloader.Agent.OFN 
BitDefender 7.2 2007.10.17 Trojan.Rootkit.GDX 
CAT-QuickHeal 9.00 2007.10.16 TrojanDownloader.Agent.acl 
ClamAV 0.91.2 2007.10.16 Trojan.Downloader-6838 
DrWeb 4.44.0.09170 2007.10.17 BackDoor.Bulknet 
eSafe 7.0.15.0 2007.10.15 Win32.Agent.acl 
eTrust-Vet 31.2.5216 2007.10.17 Win32/Cutwail!generic 
Ewido 4.0 2007.10.17 Downloader.Agent.acl 
FileAdvisor 1 2007.10.17 High threat detected 
Fortinet 3.11.0.0 2007.10.17 W32/Pushu.ACL!tr 
F-Prot 4.3.2.48 2007.10.17 W32/DL_small.FJ 
F-Secure 6.70.13030.0 2007.10.17 Trojan-Downloader.Win32.Agent.acl 
Ikarus T3.1.1.12 2007.10.17 Trojan-Downloader.Win32.Agent.acl 
Kaspersky 7.0.0.125 2007.10.17 Trojan-Downloader.Win32.Agent.acl 
McAfee 5142 2007.10.16 Generic RootKit.a 
Microsoft 1.2908 2007.10.16 VirTool:WinNT/Cutwail.C 
NOD32v2 2597 2007.10.17 Win32/Rootkit.Agent.DP 
Norman 5.80.02 2007.10.16 W32/Agent.CPCD 
Panda 9.0.0.4 2007.10.16 Generic Trojan Prevx1 V2 2007.10.17 - 
Rising 19.45.22.00 2007.10.17 Trojan.DL.Win32.Agent.acl 
Sophos 4.22.0 2007.10.17 Troj/Pushu-Gen 
Sunbelt 2.2.907.0 2007.10.16 - 
Symantec 10 2007.10.17 - 
TheHacker 6.2.8.096 2007.10.17 Trojan/Downloader.Agent.acl 
VBA32 3.12.2.4 2007.10.17 Trojan-Downloader.Win32.Agent.acl 
VirusBuster 4.3.26:9 2007.10.16 Trojan.Pandex.H 
Webwasher-Gateway 6.6.1 2007.10.17 Rootkit.Ntech.I  
Дополнительная информация 
File size: 29056 bytes 
MD5: 281486d13a98744ace4c478e555e30b6 
SHA1: edc40db17b9e20ad51fde4cde684289591103c9f 
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=281486d13a98744ace4c478e555e30b6
```

----------


## PavelA

из раздела "Помогите"


```
Файл avz00001.dta (c:\windows\system32\svchost.exe:ext.exe:$DATA) получен 2007.10.18 11:43:10 (CET)
Антивирус Версия Обновление Результат 
AhnLab-V3 2007.10.18.0 2007.10.17 - 
AntiVir 7.6.0.23 2007.10.18 TR/Hijack.Explor.690 
Authentium 4.93.8 2007.10.17 - 
Avast 4.7.1051.0 2007.10.17 - 
AVG 7.5.0.488 2007.10.17 SHeur.TPX 
BitDefender 7.2 2007.10.18 BehavesLike:Win32.ExplorerHijack 
CAT-QuickHeal 9.00 2007.10.18 - 
ClamAV 0.91.2 2007.10.17 - 
DrWeb 4.44.0.09170 2007.10.18 - 
eSafe 7.0.15.0 2007.10.15 suspicious Trojan/Worm 
eTrust-Vet 31.2.5220 2007.10.18 - 
Ewido 4.0 2007.10.17 - 
FileAdvisor 1 2007.10.18 - 
Fortinet 3.11.0.0 2007.10.18 - 
F-Prot 4.3.2.48 2007.10.18 - 
F-Secure 6.70.13030.0 2007.10.18 - 
Ikarus T3.1.1.12 2007.10.18 BehavesLikeWin32.ExplorerHijack 
Kaspersky 7.0.0.125 2007.10.18 Heur.Trojan.Generic 
McAfee 5143 2007.10.17 - 
Microsoft 1.2908 2007.10.18 - 
NOD32v2 2599 2007.10.17 - 
Norman 5.80.02 2007.10.17 - 
Panda 9.0.0.4 2007.10.18 - 
Prevx1 V2 2007.10.18 - 
Rising 19.45.32.00 2007.10.18 - 
Sophos 4.22.0 2007.10.18 Mal/Behav-150 
Sunbelt 2.2.907.0 2007.10.18 - 
Symantec 10 2007.10.18 - 
TheHacker 6.2.9.097 2007.10.18 - 
VBA32 3.12.2.4 2007.10.17 - 
VirusBuster 4.3.26:9 2007.10.17 - 
Webwasher-Gateway 6.6.1 2007.10.18 Trojan.Hijack.Explor.690  
Дополнительная информация 
File size: 24064 bytes 
MD5: c8ab1a5d3abb777247e4a7ec8d7a77a6 
SHA1: 2eb66ec40c488056fad216e963c56adbd74a4d9e 
packers: UPX 
packers: UPX 
packers: PE_Patch.UPX, UPX
```

Интересно. что Икарус и Касперский на этот раз говорят по разному.

----------


## drongo

```
Файл avz00003.dta получен 2007.10.18 22:52:09 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.10.19.0	2007.10.18	-
AntiVir	7.6.0.27	2007.10.18	HEUR/Crypted
Authentium	4.93.8	2007.10.18	-
Avast	4.7.1051.0	2007.10.18	-
AVG	7.5.0.488	2007.10.18	-
BitDefender	7.2	2007.10.18	-
CAT-QuickHeal	9.00	2007.10.18	(Suspicious) - DNAScan
ClamAV	0.91.2	2007.10.17	PUA.Packed.UPack-2
DrWeb	4.44.0.09170	2007.10.18	-
eSafe	7.0.15.0	2007.10.15	Suspicious File
eTrust-Vet	31.2.5220	2007.10.18	-
Ewido	4.0	2007.10.18	-
FileAdvisor	1	2007.10.18	-
Fortinet	3.11.0.0	2007.10.18	-
F-Prot	4.3.2.48	2007.10.18	-
F-Secure	6.70.13030.0	2007.10.18	Trojan-PSW.Win32.LdPinch.dus
Ikarus	T3.1.1.12	2007.10.18	Trojan-Downloader.Win32.Zlob.and
Kaspersky	7.0.0.125	2007.10.18	Trojan-PSW.Win32.LdPinch.dus
McAfee	5144	2007.10.18	New Malware.aj
Microsoft	1.2908	2007.10.18	-
NOD32v2	2601	2007.10.18	-
Norman	5.80.02	2007.10.18	W32/Suspicious_U.gen
Panda	9.0.0.4	2007.10.18	Suspicious file
Prevx1	V2	2007.10.18	Malware.Gen
Rising	19.45.32.00	2007.10.18	-
Sophos	4.22.0	2007.10.18	Mal/Packer
Sunbelt	2.2.907.0	2007.10.18	VIPRE.Suspicious
Symantec	10	2007.10.18	-
TheHacker	6.2.9.097	2007.10.18	W32/Behav-Heuristic-060
VBA32	3.12.2.4	2007.10.17	-
VirusBuster	4.3.26:9	2007.10.18	Packed/Upack
Webwasher-Gateway	6.6.1	2007.10.18	Heuristic.Crypted
Дополнительная информация
File size: 19116 bytes
MD5: 85a290e78a75dc49ed2e8d0622b928cf
SHA1: 806b9b0966dc2ee60f96b8d99016348b0668b018
packers: UPack
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=7CCC0333ACB98B5F4A9200B35C3FEA0063A58C8B
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
```

----------


## TANUKI

Файл *C1AA5427d01* получен 2007.10.20 00:15:08 (CET)

AhnLab-V3 2007.10.20.0 2007.10.19 - 
AntiVir 7.6.0.27 2007.10.19 - 
Authentium 4.93.8 2007.10.19 - 
Avast 4.7.1051.0 2007.10.19 - 
AVG 7.5.0.488 2007.10.19 - 
BitDefender 7.2 2007.10.19 - 
CAT-QuickHeal 9.00 2007.10.19 - 
ClamAV 0.91.2 2007.10.17 - 
DrWeb 4.44.0.09170 2007.10.19 - 
eSafe 7.0.15.0 2007.10.15 - 
eTrust-Vet 31.2.5223 2007.10.19 - 
Ewido 4.0 2007.10.19 - 
FileAdvisor 1 2007.10.20 - 
Fortinet 3.11.0.0 2007.10.19 - 
F-Prot 4.3.2.48 2007.10.19 - 
*F-Secure 6.70.13030.0 2007.10.19 Trojan-Downloader.JS.Remora.w* 
Ikarus T3.1.1.12 2007.10.19 - 
*Kaspersky 7.0.0.125 2007.10.19 Trojan-Downloader.JS.Remora.w* 
McAfee 5145 2007.10.19 - 
Microsoft 1.2908 2007.10.20 - 
NOD32v2 2604 2007.10.19 - 
Norman 5.80.02 2007.10.19 - 
Panda 9.0.0.4 2007.10.19 - 
Prevx1 V2 2007.10.20 - 
Rising 19.45.42.00 2007.10.19 - 
Sophos 4.22.0 2007.10.19 - 
Sunbelt 2.2.907.0 2007.10.19 - 
Symantec 10 2007.10.19 - 
TheHacker 6.2.9.100 2007.10.19 - 
VBA32 3.12.2.4 2007.10.19 - 
VirusBuster 4.3.26:9 2007.10.19 -
Webwasher-Gateway 6.0.1 2007.10.19 -

----------


## NickGolovko

Файл avz00001.dta получен 2007.10.20 06:41:56 (CET)

Антивирус Версия Обновление Результат 
AhnLab-V3 2007.10.20.0 2007.10.19 - 
AntiVir 7.6.0.27 2007.10.19 - 
Authentium 4.93.8 2007.10.19 - 
Avast 4.7.1051.0 2007.10.19 - 
AVG 7.5.0.488 2007.10.19 - 
BitDefender 7.2 2007.10.20 - 
CAT-QuickHeal 9.00 2007.10.19 - 
ClamAV 0.91.2 2007.10.17 - 
DrWeb 4.44.0.09170 2007.10.19 - 
eSafe 7.0.15.0 2007.10.15 - 
eTrust-Vet 31.2.5225 2007.10.20 - 
Ewido 4.0 2007.10.19 - 
FileAdvisor 1 2007.10.20 - 
Fortinet 3.11.0.0 2007.10.19 - 
F-Prot 4.3.2.48 2007.10.19 - 
F-Secure 6.70.13030.0 2007.10.19 - 
Ikarus T3.1.1.12 2007.10.20 - 
Kaspersky 7.0.0.125 2007.10.20 - 
McAfee 5145 2007.10.19 - 
Microsoft 1.2908 2007.10.20 - 
NOD32v2 2604 2007.10.19 - 
Norman 5.80.02 2007.10.19 - 
Panda 9.0.0.4 2007.10.19 - 
Prevx1 V2 2007.10.20 - 
Rising 19.45.50.00 2007.10.20 - 
*Sophos 4.22.0 2007.10.19 Mal/Behav-010*
Sunbelt 2.2.907.0 2007.10.20 - 
Symantec 10 2007.10.20 - 
TheHacker 6.2.9.100 2007.10.19 - 
VBA32 3.12.2.4 2007.10.19 - 
VirusBuster 4.3.26:9 2007.10.19 - 
Webwasher-Gateway 6.6.1 2007.10.19 - 
Дополнительная информация 
File size: 15200 bytes 
MD5: 9834a1a1e24d85b0577ddabbe854bf13 
SHA1: 4488f20638e7ff873a09f730c477fc6b8c437735 

Теперь это Rootkit.Win32.Agent.lf

----------


## NickGolovko

File avz00001.dta received on 10.21.2007 05:57:46 (CET)

Antivirus Version Last Update Result 
*AhnLab-V3 2007.10.20.0 2007.10.19 Win-Trojan/Rootkit.17664 
AntiVir 7.6.0.27 2007.10.20 TR/Rootkit.Gen* 
Authentium 4.93.8 2007.10.20 - 
Avast 4.7.1051.0 2007.10.20 - 
AVG 7.5.0.488 2007.10.20 - 
*BitDefender 7.2 2007.10.21 Trojan.Conhook.CW* 
CAT-QuickHeal 9.00 2007.10.20 - 
ClamAV 0.91.2 2007.10.20 - 
*DrWeb 4.44.0.09170 2007.10.20 Trojan.Sentinel* 
eSafe 7.0.15.0 2007.10.15 - 
eTrust-Vet 31.2.5225 2007.10.20 - 
Ewido 4.0 2007.10.20 - 
FileAdvisor 1 2007.10.21 - 
Fortinet 3.11.0.0 2007.10.19 - 
F-Prot 4.3.2.48 2007.10.20 - 
F-Secure 6.70.13030.0 2007.10.19 - 
Ikarus T3.1.1.12 2007.10.21 - 
Kaspersky 7.0.0.125 2007.10.21 - 
McAfee 5145 2007.10.19 - 
Microsoft 1.2908 2007.10.21 - 
NOD32v2 2604 2007.10.19 - 
Norman 5.80.02 2007.10.19 - 
Panda 9.0.0.4 2007.10.20 - 
Prevx1 V2 2007.10.21 - 
Rising 19.45.61.00 2007.10.21 - 
Sophos 4.22.0 2007.10.21 - 
Sunbelt 2.2.907.0 2007.10.20 - 
Symantec 10 2007.10.21 - 
TheHacker 6.2.9.101 2007.10.20 - 
VBA32 3.12.2.4 2007.10.19 - 
VirusBuster 4.3.26:9 2007.10.20 - 
*Webwasher-Gateway 6.6.1 2007.10.20 Trojan.Rootkit.Gen* 
Additional information 
File size: 17664 bytes 
MD5: fc59e69c5810f26a1bc9c82520b053f2 
SHA1: 903901213bcc8a5166e116166f29d42003011d02

----------


## Brutal

File patch.exe received on 10.21.2007 10:37:57 (CET)

Antivirus	Version	Last Update	Result
AhnLab-V3	2007.10.20.0	2007.10.19	-
*AntiVir	7.6.0.27	2007.10.20	BDS/Agent.XN.21*
Authentium	4.93.8	2007.10.20	-
Avast	4.7.1051.0	2007.10.20	-
AVG	7.5.0.488	2007.10.20	-
*BitDefender	7.2	2007.10.21	Backdoor.Agent.XN
CAT-QuickHeal	9.00	2007.10.20	(Suspicious) - DNAScan*
ClamAV	0.91.2	2007.10.20	-
DrWeb	4.44.0.09170	2007.10.20	-
*eSafe	7.0.15.0	2007.10.15	Win32.Agent.xn*
eTrust-Vet	31.2.5225	2007.10.20	-
Ewido	4.0	2007.10.20	-
*FileAdvisor	1	2007.10.21	High threat detected
Fortinet	3.11.0.0	2007.10.19	PossibleThreat*
F-Prot	4.3.2.48	2007.10.20	-
*F-Secure	6.70.13030.0	2007.10.19	W32/Agent.AHEE
Ikarus	T3.1.1.12	2007.10.21	Trojan-PWS.Win32.Agent.BU*
Kaspersky	7.0.0.125	2007.10.21	-
McAfee	5145	2007.10.19	-
Microsoft	1.2908	2007.10.21	-
*NOD32v2	2604	2007.10.19	probably a variant of Win32/Agent
Norman	5.80.02	2007.10.19	W32/Agent.AHEE
Panda	9.0.0.4	2007.10.20	Generic Trojan*
Prevx1	V2	2007.10.21	-
Rising	19.45.61.00	2007.10.21	-
Sophos	4.22.0	2007.10.21	Mal/Packer
*Sunbelt	2.2.907.0	2007.10.20	Backdoor.Agent.XN
Symantec	10	2007.10.21	Backdoor.Trojan*
TheHacker	6.2.9.103	2007.10.21	-
VBA32	3.12.2.4	2007.10.19	-
*VirusBuster	4.3.26:9	2007.10.20	Packed/NSPack
Webwasher-Gateway	6.6.1	2007.10.20	Trojan.Agent.XN.21*


Приятель с ноутбуком приходил, вот такого зверька у него обнаружил.

PS. У меня вопрос по поводу сводной таблицы:
Pack/Crypt означает, что антивирус не смог распаковать егзешник?

----------


## XL

Почистил рабочую флэшку каспером, вот что не обнаружилось:




> Файл avz00005.dta получен 2007.10.21 21:29:42 (CET)
> 
> AhnLab-V3	2007.10.20.0	2007.10.19	-
> *AntiVir	7.6.0.27	2007.10.21	TR/Crypt.FKM.Gen*
> Authentium	4.93.8	2007.10.20	-
> *Avast	4.7.1051.0	2007.10.21	Win32:Goldun-KG*
> AVG	7.5.0.488	2007.10.21	-
> BitDefender	7.2	2007.10.21	-
> CAT-QuickHeal	9.00	2007.10.20	-
> ...





> Файл avz00006.dta получен 2007.10.21 21:30:16 (CET)
> 
> AhnLab-V3	2007.10.19.0	2007.10.18	-
> *AntiVir	7.6.0.27	2007.10.21	TR/Rootkit.Gen*
> Authentium	4.93.8	2007.10.20	-
> *Avast	4.7.1051.0	2007.10.21	Win32:Small-EPJ
> AVG	7.5.0.488	2007.10.21	BackDoor.Generic8.NOA*
> BitDefender	7.2	2007.10.21	-
> CAT-QuickHeal	9.00	2007.10.20	-
> ...


*Добавлено через 5 минут*

и еще: 




> Файл avz00013.dta получен 2007.10.21 21:33:51 (CET)
> AhnLab-V3	2007.10.20.0	2007.10.19	-
> *AntiVir	7.6.0.27	2007.10.21	HEUR/Malware*
> Authentium	4.93.8	2007.10.20	-
> *Avast	4.7.1051.0	2007.10.21	Win32:Warezov-CMI
> AVG	7.5.0.488	2007.10.21	I-Worm/Stration.DRV
> BitDefender	7.2	2007.10.21	[email protected]*
> CAT-QuickHeal	9.00	2007.10.20	-
> ClamAV	0.91.2	2007.10.21	-
> ...

----------


## santy

файл lloh.VVexe получен 2007.10.22 05:22:52 (CET)
(см. лог он 2007.10.17 там еще никем из основных АВ не определялся)
Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3	2007.10.20.0	2007.10.19	-
*AntiVir	7.6.0.27	2007.10.21	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2007.10.22	-
Avast	4.7.1051.0	2007.10.21	-
*AVG	7.5.0.488	2007.10.21	PSW.Ldpinch.QMC*
*BitDefender	7.2	2007.10.22	Trojan.PWS.LdPinch.DUP*
*CAT-QuickHeal	9.00	2007.10.20	TrojanPSW.LdPinch.dup*
ClamAV	0.91.2	2007.10.22	-
*DrWeb	4.44.0.09170	2007.10.21	Trojan.Spambot*
*eSafe	7.0.15.0	2007.10.21	Suspicious File*
eTrust-Vet	31.2.5225	2007.10.20	-
Ewido	4.0	2007.10.21	-
FileAdvisor	1	2007.10.22	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.3.2.48	2007.10.22	-
*F-Secure	6.70.13030.0	2007.10.22	Trojan-PSW.Win32.LdPinch.dup*
*Ikarus	T3.1.1.12	2007.10.21	Trojan-PWS.LDPinch.DUP*
*Kaspersky	7.0.0.125	2007.10.22	Trojan-PSW.Win32.LdPinch.dup*
McAfee	5145	2007.10.19	-
Microsoft	1.2908	2007.10.22	-
*NOD32v2	2605	2007.10.22	Win32/PSW.LdPinch.DUP*
Norman	5.80.02	2007.10.19	-
*Panda	9.0.0.4	2007.10.21	Suspicious file*
*Prevx1	V2	2007.10.22	Malware.Gen*
*Rising	19.45.62.00	2007.10.21	Trojan.PSW.Win32.LdPinch.dup*
*Sophos	4.22.0	2007.10.22	Mal/Basine-C*
*Sunbelt	2.2.907.0	2007.10.20	Trojan-PSW.Win32.LdPinch.dup*
Symantec	10	2007.10.22	-
TheHacker	6.2.9.103	2007.10.21	-
VBA32	3.12.2.4	2007.10.19	-
*VirusBuster	4.3.26:9	2007.10.21	Trojan.PWS.LdPinch.BZC*
*Webwasher-Gateway	6.6.1	2007.10.21	Trojan.Crypt.XPACK.Gen*
Дополнительная информация
File size: 34783 bytes
MD5: 6c2344a4f1e2ac6bb2f02f72d82f5494
SHA1: a91fbaae3ad33ab64a359fd7d6cc97142959a273

----------


## XL

Файл avz00001.dta получен 2007.10.22 23:23:43 (CET)



> *AhnLab-V3	2007.10.23.0	2007.10.22	Win-AppCare/Bho.73728.D*
> AntiVir	7.6.0.27	2007.10.22	-
> Authentium	4.93.8	2007.10.22	-
> *Avast	4.7.1051.0	2007.10.22	Win32:RuPorn*
> AVG	7.5.0.488	2007.10.22	-
> BitDefender	7.2	2007.10.22	-
> CAT-QuickHeal	9.00	2007.10.22	-
> ClamAV	0.91.2	2007.10.22	-
> DrWeb	4.44.0.09170	2007.10.22	-
> ...


*Добавлено через 3 минуты*

Файл avz00003.dta получен 2007.10.22 23:25:12 (CET)



> AhnLab-V3	2007.10.23.0	2007.10.22	-
> *AntiVir	7.6.0.27	2007.10.22	TR/Crypt.Morphine.Gen*
> Authentium	4.93.8	2007.10.22	-
> Avast	4.7.1051.0	2007.10.22	-
> AVG	7.5.0.488	2007.10.22	-
> BitDefender	7.2	2007.10.22	-
> CAT-QuickHeal	9.00	2007.10.22	-
> ClamAV	0.91.2	2007.10.22	-
> *DrWeb	4.44.0.09170	2007.10.22	Trojan.Sentinel
> ...

----------


## Deja Vu

Нашел написанный мною ... троянчик, даже скорее рекламный троян
Решил проверить ...
*File TSLogo.exe received on 10.23.2007 07:50:33 (CET)*



> Antivirus	Version	Last Update	Result
> AhnLab-V3	2007.10.23.0	2007.10.23	-
> AntiVir	7.6.0.27	2007.10.22	-
> Authentium	4.93.8	2007.10.22	-
> Avast	4.7.1051.0	2007.10.22	-
> AVG	7.5.0.488	2007.10.22	-
> BitDefender	7.2	2007.10.22	-
> CAT-QuickHeal	9.00	2007.10.22	-
> ClamAV	0.91.2	2007.10.23	-
> ...

----------


## NickGolovko

c:\windows\system32\csrss32.exe

Файл avz00002.dta получен 2007.10.23 12:02:00 (CET)
Антивирус Версия Обновление Результат 
AhnLab-V3 2007.10.23.0 2007.10.23 - 
*AntiVir 7.6.0.27 2007.10.23 HEUR/Malware 
Authentium 4.93.8 2007.10.22 Possibly a new variant of W32/SecRisk-ProcessPatcher-Sml-based!Maximus* 
Avast 4.7.1051.0 2007.10.22 - 
AVG 7.5.0.488 2007.10.22 - 
BitDefender 7.2 2007.10.23 - 
CAT-QuickHeal 9.00 2007.10.22 - 
ClamAV 0.91.2 2007.10.23 - 
DrWeb 4.44.0.09170 2007.10.23 - 
eSafe 7.0.15.0 2007.10.22 - 
eTrust-Vet 31.2.5233 2007.10.23 - 
Ewido 4.0 2007.10.22 - 
FileAdvisor 1 2007.10.23 - 
Fortinet 3.11.0.0 2007.10.19 - 
*F-Prot 4.3.2.48 2007.10.22 W32/SecRisk-ProcessPatcher-Sml-based!Maximus 
F-Secure 6.70.13030.0 2007.10.23 W32/Malware* 
Ikarus T3.1.1.12 2007.10.23 - 
Kaspersky 7.0.0.125 2007.10.23 - 
McAfee 5146 2007.10.22 - 
Microsoft 1.2908 2007.10.23 - 
NOD32v2 2609 2007.10.23 - 
*Norman 5.80.02 2007.10.22 W32/Malware 
Panda 9.0.0.4 2007.10.23 Suspicious file* 
Prevx1 V2 2007.10.23 - 
Rising 19.46.12.00 2007.10.23 - 
*Sophos 4.22.0 2007.10.23 Mal/Behav-010* 
Sunbelt 2.2.907.0 2007.10.20 - 
Symantec 10 2007.10.23 - 
TheHacker 6.2.9.105 2007.10.23 - 
VBA32 3.12.2.4 2007.10.22 - 
VirusBuster 4.3.26:9 2007.10.22 - 
*Webwasher-Gateway 6.0.1 2007.10.23 Heuristic.Malware* 
Дополнительная информация 
File size: 9216 bytes 
MD5: 57c9abc435269818e3983473b0c808bb 
SHA1: fbb1493cbed53cee443e5230c76da9645b087e6e 
norman sandbox: [ General information ]
***IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)*** 
File length: 9216 bytes.
[ Changes to registry ]
* Creates key \"HKLM\Software\Microsoft\Internet Explorer\Main\UsersPolicy\".
[ Security issues ]
* Modified OS kernel function code.
[ Process/window information ]
* Enumerates running processes.
* Modifies other process memory.
* Creates a remote thread.

----------


## XL

Файл mpgcodec4441.exe получен 2007.10.23 16:21:51 (CET)




> AhnLab-V3	2007.10.23.0	2007.10.23	-
> *AntiVir	7.6.0.27	2007.10.23	TR/Dldr.Zlob.NMO*
> Authentium	4.93.8	2007.10.22	-
> Avast	4.7.1051.0	2007.10.22	-
> *AVG	7.5.0.488	2007.10.23	Downloader.Zlob.KF*
> *BitDefender	7.2	2007.10.23	Trojan.Zlob.AQ*
> CAT-QuickHeal	9.00	2007.10.23	-
> ClamAV	0.91.2	2007.10.23	-
> DrWeb	4.44.0.09170	2007.10.23	-
> ...

----------


## Surfer

Файл finreal.exe получен 2007.10.23 16:49:18 (CET)




> Антивирус  	Версия  	Обновление  	Результат
> AhnLab-V3	2007.10.23.0	2007.10.23	Win-AppCare/Webmoner.618496
> AntiVir	7.6.0.27	2007.10.23	-
> Authentium	4.93.8	2007.10.22	-
> *Avast	4.7.1051.0	2007.10.22	Win32:Trojan-gen {Other}
> AVG	7.5.0.488	2007.10.23	Generic7.PAQ*
> BitDefender	7.2	2007.10.23	-
> *CAT-QuickHeal	9.00	2007.10.23	Hoax.WebMoner.bd (Not a Virus)*
> ClamAV	0.91.2	2007.10.23	-
> ...


Дополнительная информация
File size: 618496 bytes
MD5: 758acb4a461722d3f3bbf62f3a25844b
SHA1: 50e53b51faf3b2e4b9050b83c87b23a03bf8dc92
Bit9 info: http://fileadvisor.bit9.com/services...bbf62f3a25844b
packers: Aspack
packers: ASPack

----------


## PavelA

Это t1.dll из раздела "Помогите!" http://virusinfo.info/showthread.php?t=13455


```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.10.24.1	2007.10.24	-
AntiVir	7.6.0.27	2007.10.24	HEUR/Malware
Authentium	4.93.8	2007.10.23	-
Avast	4.7.1074.0	2007.10.23	-
AVG	7.5.0.488	2007.10.23	-
BitDefender	7.2	2007.10.24	-
CAT-QuickHeal	9.00	2007.10.23	-
ClamAV	0.91.2	2007.10.24	-
DrWeb	4.44.0.09170	2007.10.24	Trojan.Proxy.2355
eSafe	7.0.15.0	2007.10.22	suspicious Trojan/Worm
eTrust-Vet	31.2.5236	2007.10.24	-
Ewido	4.0	2007.10.23	-
FileAdvisor	1	2007.10.24	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.3.2.48	2007.10.23	-
F-Secure	6.70.13030.0	2007.10.24	-
Ikarus	T3.1.1.12	2007.10.24	Trojan-Downloader.Win32.Agent.but
Kaspersky	7.0.0.125	2007.10.24	-
McAfee	5147	2007.10.23	-
Microsoft	1.2908	2007.10.24	Trojan:Win32/Agent.ADA
NOD32v2	2612	2007.10.24	-
Norman	5.80.02	2007.10.23	-
Panda	9.0.0.4	2007.10.23	Suspicious file
Prevx1	V2	2007.10.24	Malware.Gen
Rising	19.46.21.00	2007.10.24	-
Sophos	4.22.0	2007.10.24	-
Sunbelt	2.2.907.0	2007.10.23	-
Symantec	10	2007.10.24	-
TheHacker	6.2.9.106	2007.10.24	-
VBA32	3.12.2.4	2007.10.22	suspected of Malware.Agent.123 (paranoid heuristics)
VirusBuster	4.3.26:9	2007.10.23	-

Дополнительная информация
File size: 110080 bytes
MD5: 4b5bd78dd08f76dc0fd8e887bd1ddd86
SHA1: 06fc5916a6d0adbb3896ec398a3738b9effac53e
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=D3A68A2300957376AE89018E6213F6002556DB2F
```

----------


## XL

Файл avz00007.dta получен 2007.10.24 21:07:28 (CET)




> AhnLab-V3	2007.10.25.0	2007.10.24	-
> *AntiVir	7.6.0.27	2007.10.24	TR/Small.62976*
> Authentium	4.93.8	2007.10.23	-
> Avast	4.7.1074.0	2007.10.23	-
> *AVG	7.5.0.488	2007.10.24	Proxy.TYV*
> BitDefender	7.2	2007.10.24	-
> CAT-QuickHeal	9.00	2007.10.23	-
> ClamAV	0.91.2	2007.10.24	-
> *DrWeb	4.44.0.09170	2007.10.24	DLOADER.Trojan
> ...


*Добавлено через 5 минут*

Файл avz00028.dta получен 2007.10.24 21:07:51 (CET)



> AhnLab-V3	2007.10.25.0	2007.10.24	-
> *AntiVir	7.6.0.27	2007.10.24	WORM/Zhelatin.Gen*
> Authentium	4.93.8	2007.10.23	-
> *Avast	4.7.1074.0	2007.10.23	Win32:Tibser
> AVG	7.5.0.488	2007.10.24	Downloader.Tibs
> BitDefender	7.2	2007.10.24	Trojan.Peed.IKO
> CAT-QuickHeal	9.00	2007.10.23	Win32.Email-Worm.Zhelatin.he
> ClamAV	0.91.2	2007.10.24	Trojan.Small-4122*
> *DrWeb	4.44.0.09170	2007.10.24	Trojan.Packed.142
> ...

----------


## santy

Файл rt25.exe получен 2007.10.25 06:03:25 (CET)
Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3	2007.10.25.0	2007.10.25	-
*AntiVir	7.6.0.27	2007.10.24	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2007.10.24	-
Avast	4.7.1074.0	2007.10.25	-
AVG	7.5.0.488	2007.10.24	-
*BitDefender	7.2	2007.10.25	Trojan.PWS.LdPinch.TDK*
*CAT-QuickHeal	9.00	2007.10.23	(Suspicious) - DNAScan*
ClamAV	0.91.2	2007.10.25	-
*DrWeb	4.44.0.09170	2007.10.24	Trojan.Packed.188*
*eSafe	7.0.15.0	2007.10.22	Suspicious File*
eTrust-Vet	31.2.5239	2007.10.25	-
Ewido	4.0	2007.10.24	-
FileAdvisor	1	2007.10.25	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.3.2.48	2007.10.24	-
F-Secure	6.70.13030.0	2007.10.25	-
Ikarus	T3.1.1.12	2007.10.25	-
Kaspersky	7.0.0.125	2007.10.25	-
McAfee	5148	2007.10.24	-
Microsoft	1.2908	2007.10.25	-
NOD32v2	2614	2007.10.24	-
Norman	5.80.02	2007.10.24	-
*Panda	9.0.0.4	2007.10.25	Suspicious file*
Prevx1	V2	2007.10.25	-
Rising	19.46.30.00	2007.10.25	-
*Sophos	4.22.0	2007.10.25	Mal/Basine-C*
Sunbelt	2.2.907.0	2007.10.24	-
Symantec	10	2007.10.25	-
TheHacker	6.2.9.106	2007.10.24	-
VBA32	3.12.2.4	2007.10.24	-
VirusBuster	4.3.26:9	2007.10.24	-
*Webwasher-Gateway	6.6.1	2007.10.25	Trojan.Crypt.XPACK.Gen*
Дополнительная информация
File size: 34956 bytes
MD5: 056cc3d4fb9beb59a181b7213141c801
SHA1: d48e44999b3d4048ca232311977b6548cab519a6

----------


## ISO

Antivirus	Version	Last Update	Result
AhnLab-V3	2007.10.25.0	2007.10.25	-
AntiVir	7.6.0.27	2007.10.25	-
Authentium	4.93.8	2007.10.24	-
Avast	4.7.1074.0	2007.10.25	-
AVG	7.5.0.488	2007.10.24	-
BitDefender	7.2	2007.10.25	-
CAT-QuickHeal	9.00	2007.10.25	-
ClamAV	0.91.2	2007.10.25	-
DrWeb	4.44.0.09170	2007.10.25	-
eSafe	7.0.15.0	2007.10.22	-
eTrust-Vet	31.2.5241	2007.10.25	-
*Ewido	4.0	2007.10.25	Worm.Fujacks.k*
FileAdvisor	1	2007.10.25	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.3.2.48	2007.10.25	-
*F-Secure	6.70.13030.0	2007.10.25	Trojan.JS.Redirector.c*
Ikarus	T3.1.1.12	2007.10.25	-
*Kaspersky	7.0.0.125	2007.10.25	Trojan.JS.Redirector.c*
McAfee	5148	2007.10.24	-
*Microsoft	1.2908	2007.10.25	Exploit:HTML/IframeRef.gen*
NOD32v2	2617	2007.10.25	-
Norman	5.80.02	2007.10.25	-
Panda	9.0.0.4	2007.10.25	-
Prevx1	V2	2007.10.25	-
Rising	19.46.31.00	2007.10.25	-
Sophos	4.22.0	2007.10.25	-
Sunbelt	2.2.907.0	2007.10.24	-
Symantec	10	2007.10.25	-
TheHacker	6.2.9.107	2007.10.25	-
VBA32	3.12.2.4	2007.10.24	-
VirusBuster	4.3.26:9	2007.10.24	-
Webwasher-Gateway	6.0.1	2007.10.25	-
Additional information
File size: 3891 bytes
MD5: be02920a94ab1384a85505144613e897
SHA1: 04e94af34205cf14883819c2a832549acb51ecc5

----------


## Surfer

File kqxgvfeu.exe received on 10.25.2007 16:34:22 (CET)




> Antivirus Version Last Update Result 
> AhnLab-V3 2007.10.25.0 2007.10.25 - 
> AntiVir 7.6.0.27 2007.10.25 - 
> Authentium 4.93.8 2007.10.24 - 
> *Avast 4.7.1074.0 2007.10.25 Win32helatin-ASX
> AVG 7.5.0.488 2007.10.24 Downloader.Generic6.AXL*
> BitDefender 7.2 2007.10.25 - 
> *CAT-QuickHeal 9.00 2007.10.25 I-Worm.Zhelatin.gn
> ClamAV 0.91.2 2007.10.25 Trojan.Small-3411
> ...


Additional information 
File size: 77562 bytes 
MD5: 10e0db132bfd94d8b64b33495d3af232 
SHA1: b2b6c43bcbd9e377a4bc3dd655241f28e5969bcf



```
:Z это смайл =)
```

----------


## Selmanuk

Файл realfoto.exe.5D5BEF92 получен 2007.10.26 09:14:32 (CET)Антивирус	Версия	Обновление	Результат
*AntiVir	7.6.0.27	2007.10.26	HEUR/Crypted
BitDefender	7.2	2007.10.26	DeepScan:Generic.Malware.Bdld!!.E1FB9853
CAT-QuickHeal	9.00	2007.10.25	(Suspicious) - DNAScan
DrWeb	4.44.0.09170	2007.10.26	Trojan.DownLoader.35934
eSafe	7.0.15.0	2007.10.22	-503605165
F-Secure	6.70.13030.0	2007.10.26	Harnig.gen1
Kaspersky	7.0.0.125	2007.10.26	Heur.Trojan.Generic
Microsoft	1.2908	2007.10.26	TrojanDownloader:Win32/Agent.WX
NOD32v2	2618	2007.10.26	probably a variant of Win32/TrojanDownloader.Small.DRU
Norman	5.80.02	2007.10.25	Harnig.gen1
Panda	9.0.0.4	2007.10.26	Suspicious file
Sophos	4.22.0	2007.10.26	Mal/Packer
Sunbelt	2.2.907.0	2007.10.26	VIPRE.Suspicious
Symantec	10	2007.10.26	Downloader
VirusBuster	4.3.26:9	2007.10.25	Packed/FSG
Webwasher-Gateway	6.6.1	2007.10.26	Heuristic.Crypted
*
Дополнительная информация
File size: 1861 bytes
MD5: 058a27b34937771c98f88a3d7675197f
SHA1: b2829f3bb9d0d56b9f1315a65ce384a8b343188b
packers: FSG
packers: FSG
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

*Добавлено через 7 минут*

Файл index_2_.htm.7FFFAE33 получен 2007.10.26 09:28:47 (CET)Антивирус	Версия	Обновление	Результат
*AntiVir	7.6.0.27	2007.10.26	HTML/Shellcode.Gen
Authentium	4.93.8	2007.10.25	JS/[email protected]
Avast	4.7.1074.0	2007.10.25	JS:IESlice
AVG	7.5.0.503	2007.10.25	JS/Downloader.Agent
BitDefender	7.2	2007.10.26	Trojan.Exploit.Js.Vmlfill.D
DrWeb	4.44.0.09170	2007.10.26	Trojan.DownLoader.35207
eSafe	7.0.15.0	2007.10.22	JS.Downld.Troj
Ewido	4.0	2007.10.25	Downloader.Agent.hq
F-Prot	4.3.2.48	2007.10.25	JS/[email protected]
F-Secure	6.70.13030.0	2007.10.26	JS/[email protected]
McAfee	5149	2007.10.25	JS/Exploit-BO.gen
Microsoft	1.2908	2007.10.26	TrojanDownloader:Win32/Small.gen!Z
Rising	19.46.40.00	2007.10.26	Trojan.DL.JS.Agent.lfo
Sophos	4.22.0	2007.10.26	Mal/JSShell-B
Symantec	10	2007.10.26	Downloader
TheHacker	6.2.9.107	2007.10.25	JS/IE.Exploit
VirusBuster	4.3.26:9	2007.10.25	JS.Psyme.DF
Webwasher-Gateway	6.6.1	2007.10.26	Script.Shellcode.Gen*

Дополнительная информация
File size: 7278 bytes
MD5: d402f0fa9fc74dda7b1516ad3ab3fa23
SHA1: a776ccd157021738474c929d7f641416bbb3a80b

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## drongo

```
Файл file.data получен 2007.10.26 12:28:16 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.10.26.0	2007.10.26	-
AntiVir	7.6.0.27	2007.10.26	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2007.10.25	-
Avast	4.7.1074.0	2007.10.25	-
AVG	7.5.0.503	2007.10.26	-
BitDefender	7.2	2007.10.26	DeepScan:Generic.LdPinch1.94613D58
CAT-QuickHeal	9.00	2007.10.25	(Suspicious) - DNAScan
ClamAV	0.91.2	2007.10.26	-
DrWeb	4.44.0.09170	2007.10.26	Trojan.PWS.LDPinch.1941
eSafe	7.0.15.0	2007.10.22	Suspicious File
eTrust-Vet	31.2.5241	2007.10.25	-
Ewido	4.0	2007.10.25	-
FileAdvisor	1	2007.10.26	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.3.2.48	2007.10.25	-
F-Secure	6.70.13030.0	2007.10.26	-
Ikarus	T3.1.1.12	2007.10.26	Backdoor.Win32.Prorat.19.i
Kaspersky	7.0.0.125	2007.10.26	Heur.Trojan.Generic
McAfee	5149	2007.10.25	PWS-LDPinch
Microsoft	1.2908	2007.10.26	PWS:Win32/Ldpinch.gen
NOD32v2	2619	2007.10.26	-
Norman	5.80.02	2007.10.26	-
Panda	9.0.0.4	2007.10.26	Suspicious file
Prevx1	V2	2007.10.26	Heuristic: Suspicious Self Modifying EXE
Rising	19.46.41.00	2007.10.26	-
Sophos	4.22.0	2007.10.26	Mal/Basine-C
Sunbelt	2.2.907.0	2007.10.26	VIPRE.Suspicious
Symantec	10	2007.10.26	-
TheHacker	6.2.9.107	2007.10.25	-
VBA32	3.12.2.4	2007.10.26	-
VirusBuster	4.3.26:9	2007.10.25	-
Webwasher-Gateway	6.6.1	2007.10.26	Trojan.Crypt.XPACK.Gen
Дополнительная информация
File size: 20480 bytes
MD5: 690d77cca6d20246e87803eafeb06bed
SHA1: d4eb6d05641b93aeaee52c834b7ef1f557afb677
packers: PecBundle, PECompact
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=3252C4BF008177B550CA00CE98E8FC00ECFFB33E
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
```

----------


## vaber

Файл nm_15_10_07_75_0.exe получен 2007.10.26 19 :20: 25 (CET)

Антивирус      Версия      Обновление      Результат
AhnLab-V3    2007.10.26.1    2007.10.26    -
AntiVir    7.6.0.30    2007.10.26    -
Authentium    4.93.8    2007.10.26    -
Avast    4.7.1074.0    2007.10.25    -
AVG    7.5.0.503    2007.10.26    -
*BitDefender    7.2    2007.10.26    BehavesLike:Win32.ExplorerHijack*
CAT-QuickHeal    9.00    2007.10.26    -
ClamAV    0.91.2    2007.10.26    -
DrWeb    4.44.0.09170    2007.10.26    -
*eSafe    7.0.15.0    2007.10.22    suspicious Trojan/Worm*
eTrust-Vet    31.2.5244    2007.10.26    -
Ewido    4.0    2007.10.26    -
FileAdvisor    1    2007.10.26    -
Fortinet    3.11.0.0    2007.10.19    -
F-Prot    4.3.2.48    2007.10.25    -
F-Secure    6.70.13030.0    2007.10.26    -
Ikarus    T3.1.1.12    2007.10.26    -
*Kaspersky    7.0.0.125    2007.10.26    Heur.Trojan.Generic*
McAfee    5150    2007.10.26    -
Microsoft    1.2908    2007.10.26    -
NOD32v2    2619    2007.10.26    -
Norman    5.80.02    2007.10.26    -
Panda    9.0.0.4    2007.10.26    -
Prevx1    V2    2007.10.26    -
Rising    19.46.42.00    2007.10.26    -
*Sophos    4.22.0    2007.10.26    Mal/Behav-150*
Sunbelt    2.2.907.0    2007.10.26    -
Symantec    10    2007.10.26    -
TheHacker    6.2.9.107    2007.10.25    -
VBA32    3.12.2.4    2007.10.26    -
VirusBuster    4.3.26:9    2007.10.26    -
Webwasher-Gateway    6.6.1    2007.10.26    -
Дополнительная информация
File size: 24064 bytes
MD5: c383ea5fb0ca6beb1d2a3f5bf13c5c79
SHA1: 7213a7a1ead53437e3eb1e69a755909889a9118d
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX


Файл rasta.exe получен 2007.10.26 20:30:18 (CET)

Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2007.10.26.1	2007.10.26	-
*AntiVir	7.6.0.30	2007.10.26	TR/Dropper.Gen*
Authentium	4.93.8	2007.10.26	-
Avast	4.7.1074.0	2007.10.25	-
AVG	7.5.0.503	2007.10.26	-
BitDefender	7.2	2007.10.26	-
CAT-QuickHeal	9.00	2007.10.26	-
ClamAV	0.91.2	2007.10.26	-
DrWeb	4.44.0.09170	2007.10.26	-
eSafe	7.0.15.0	2007.10.22	-
eTrust-Vet	31.2.5244	2007.10.26	-
Ewido	4.0	2007.10.26	-
FileAdvisor	1	2007.10.26	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.3.2.48	2007.10.26	-
F-Secure	6.70.13030.0	2007.10.26	-
Ikarus	T3.1.1.12	2007.10.26	-
Kaspersky	7.0.0.125	2007.10.26	-
McAfee	5150	2007.10.26	-
*Microsoft	1.2908	2007.10.26	TrojanDropper:Win32/Cutwail.A*
NOD32v2	2619	2007.10.26	-
Norman	5.80.02	2007.10.26	-
Panda	9.0.0.4	2007.10.26	-
Prevx1	V2	2007.10.26	-
Rising	19.46.42.00	2007.10.26	-
*Sophos	4.22.0	2007.10.26	Troj/Pushdo-Gen*
Sunbelt	2.2.907.0	2007.10.26	-
Symantec	10	2007.10.26	-
TheHacker	6.2.9.107	2007.10.25	-
VBA32	3.12.2.4	2007.10.26	-
VirusBuster	4.3.26:9	2007.10.26	-
*Webwasher-Gateway	6.6.1	2007.10.26	Trojan.Dropper.Gen*
Дополнительная информация
File size: 20992 bytes
MD5: 090ab214e9505df6e49f50e3294178c2
SHA1: 2ef710e630b9c7a1d4ff43fa7e3b32ea321acaca


Файл iesetup.exe получен 2007.10.26 20:48:15 (CET)

Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2007.10.27.0	2007.10.26	-
Authentium	4.93.8	2007.10.26	-
Avast	4.7.1074.0	2007.10.25	-
*AVG	7.5.0.503	2007.10.26	Adware Generic2.TTC*
BitDefender	7.2	2007.10.26	-
CAT-QuickHeal	9.00	2007.10.26	-
ClamAV	0.91.2	2007.10.26	-
DrWeb	4.44.0.09170	2007.10.26	-
eSafe	7.0.15.0	2007.10.22	-
eTrust-Vet	31.2.5244	2007.10.26	-
Ewido	4.0	2007.10.26	-
FileAdvisor	1	2007.10.26	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.3.2.48	2007.10.26	-
F-Secure	6.70.13030.0	2007.10.26	-
Ikarus	T3.1.1.12	2007.10.26	-
Kaspersky	7.0.0.125	2007.10.26	-
McAfee	5150	2007.10.26	-
Microsoft	1.2908	2007.10.26	-
NOD32v2	2619	2007.10.26	-
Norman	5.80.02	2007.10.26	-
Panda	9.0.0.4	2007.10.26	-
Prevx1	V2	2007.10.26	-
Rising	19.46.42.00	2007.10.26	-
Sophos	4.22.0	2007.10.26	-
Sunbelt	2.2.907.0	2007.10.26	-
Symantec	10	2007.10.26	-
TheHacker	6.2.9.107	2007.10.25	-
VBA32	3.12.2.4	2007.10.26	-
VirusBuster	4.3.26:9	2007.10.26	-
*Webwasher-Gateway	6.6.1	2007.10.26	Trojan.Drop.Agent.888*
Дополнительная информация
File size: 360502 bytes
MD5: 6a9e88cde02f6d97331249ce6427d4a9
SHA1: e23ae6e5553065afc09fe9d2fe0f195ff75dce37

----------


## NickGolovko

Файл avz00002.dta получен 2007.10.27 07:09:53 (CET)

Антивирус Версия Обновление Результат 
AhnLab-V3 2007.10.27.0 2007.10.26 - 
*AntiVir 7.6.0.30 2007.10.26 TR/Crypt.XPACK.Gen* 
Authentium 4.93.8 2007.10.26 - 
Avast 4.7.1074.0 2007.10.26 - 
AVG 7.5.0.503 2007.10.26 - 
BitDefender 7.2 2007.10.27 - 
*CAT-QuickHeal 9.00 2007.10.26 (Suspicious) - DNAScan* 
ClamAV 0.91.2 2007.10.27 - 
*DrWeb 4.44.0.09170 2007.10.26 Trojan.Spambot.2444* 
*eSafe 7.0.15.0 2007.10.22 Suspicious File* 
eTrust-Vet 31.2.5244 2007.10.26 - 
Ewido 4.0 2007.10.26 - 
FileAdvisor 1 2007.10.27 - 
Fortinet 3.11.0.0 2007.10.19 - 
F-Prot 4.3.2.48 2007.10.26 - 
F-Secure 6.70.13030.0 2007.10.26 - 
Ikarus T3.1.1.12 2007.10.27 - 
Kaspersky 7.0.0.125 2007.10.27 - 
McAfee 5150 2007.10.26 - 
Microsoft 1.2908 2007.10.27 - 
NOD32v2 2620 2007.10.27 - 
Norman 5.80.02 2007.10.26 - 
*Panda 9.0.0.4 2007.10.27 Suspicious file* 
Prevx1 V2 2007.10.27 - 
Rising 19.46.42.00 2007.10.26 - 
*Sophos 4.22.0 2007.10.27 Mal/Basine-C* 
Sunbelt 2.2.907.0 2007.10.27 - 
Symantec 10 2007.10.27 - 
TheHacker 6.2.9.107 2007.10.25 - 
*VBA32 3.12.2.4 2007.10.26 Trojan.Spambot.2444* 
VirusBuster 4.3.26:9 2007.10.26 - 
*Webwasher-Gateway 6.6.1 2007.10.27 Trojan.Crypt.XPACK.Gen* 
Дополнительная информация 
File size: 34774 bytes 
MD5: eaa7fd91e46a9be981f4ea10904dedf5 
SHA1: fac2d79fac98bd44cdb9d4403f9c65197ceae29e

----------


## TANUKI

Файл mails.exe получен 2007.10.28 21:17:42 (CET)


Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3	2007.10.27.0	2007.10.26	-
AntiVir	7.6.0.30	2007.10.26	-
Authentium	4.93.8	2007.10.28	-
Avast	4.7.1074.0	2007.10.28	-
AVG	7.5.0.503	2007.10.28	-
BitDefender	7.2	2007.10.28	-
CAT-QuickHeal	9.00	2007.10.26	-
ClamAV	0.91.2	2007.10.28	-
*DrWeb	4.44.0.09170	2007.10.28	Trojan.Packed.147*
eSafe	7.0.15.0	2007.10.28	-
eTrust-Vet	31.2.5244	2007.10.26	-
Ewido	4.0	2007.10.28	-
FileAdvisor	1	2007.10.28	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.3.2.48	2007.10.26	-
F-Secure	6.70.13030.0	2007.10.28	-
Ikarus	T3.1.1.12	2007.10.28	-
*Kaspersky	7.0.0.125	2007.10.28	Trojan-Dropper.Win32.Small.bbs*
McAfee	5150	2007.10.26	-
*Microsoft	1.2908	2007.10.28	Virus:Win32/Grum.G*
*NOD32v2	2621	2007.10.28	probably unknown NewHeur_PE virus*
Norman	5.80.02	2007.10.26	-
Panda	9.0.0.4	2007.10.28	-
Prevx1	V2	2007.10.28	-
Rising	19.46.61.00	2007.10.28	-
Sophos	4.23.0	2007.10.28	-
Sunbelt	2.2.907.0	2007.10.27	-
Symantec	10	2007.10.28	-
TheHacker	6.2.9.110	2007.10.27	-
VBA32	3.12.2.4	2007.10.28	-
VirusBuster	4.3.26:9	2007.10.28	-
Webwasher-Gateway	6.6.1	2007.10.28	-



 Файл 603-a.exe получен 2007.10.28 21:17:34 (CET)


Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3	2007.10.27.0	2007.10.26	-
AntiVir	7.6.0.30	2007.10.26	-
Authentium	4.93.8	2007.10.28	-
Avast	4.7.1074.0	2007.10.28	-
AVG	7.5.0.503	2007.10.28	-
*BitDefender	7.2	2007.10.28	Trojan.Proxy.Agent.AZP*
CAT-QuickHeal	9.00	2007.10.26	-
ClamAV	0.91.2	2007.10.28	-
DrWeb	4.44.0.09170	2007.10.28	-
eSafe	7.0.15.0	2007.10.28	-
eTrust-Vet	31.2.5244	2007.10.26	-
Ewido	4.0	2007.10.28	-
FileAdvisor	1	2007.10.28	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.3.2.48	2007.10.26	-
F-Secure	6.70.13030.0	2007.10.28	-
*Ikarus	T3.1.1.12	2007.10.28	Trojan.Win32.Agent.asu
Kaspersky	7.0.0.125	2007.10.28	Trojan-Dropper.Win32.Agent.ckh*
McAfee	5150	2007.10.26	-
Microsoft	1.2908	2007.10.28	-
NOD32v2	2621	2007.10.28	-
Norman	5.80.02	2007.10.26	-
Panda	9.0.0.4	2007.10.28	-
Prevx1	V2	2007.10.28	-
Rising	19.46.61.00	2007.10.28	-
Sophos	4.23.0	2007.10.28	-
Sunbelt	2.2.907.0	2007.10.27	-
Symantec	10	2007.10.28	-
TheHacker	6.2.9.110	2007.10.27	-
VBA32	3.12.2.4	2007.10.28	-
VirusBuster	4.3.26:9	2007.10.28	-
Webwasher-Gateway	6.6.1	2007.10.28	-

----------


## vaber

Файл u12_frk_abc123.exe получен 2007.10.28 22:48:33 (CET)

Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2007.10.27.0	2007.10.26	-
AntiVir	7.6.0.30	2007.10.28	-
Authentium	4.93.8	2007.10.28	-
Avast	4.7.1074.0	2007.10.28	-
AVG	7.5.0.503	2007.10.28	-
BitDefender	7.2	2007.10.28	-
CAT-QuickHeal	9.00	2007.10.26	-
ClamAV	0.91.2	2007.10.28	-
DrWeb	4.44.0.09170	2007.10.28	-
eSafe	7.0.15.0	2007.10.28	-
eTrust-Vet	31.2.5244	2007.10.26	-
Ewido	4.0	2007.10.28	-
FileAdvisor	1	2007.10.28	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.3.2.48	2007.10.26	-
F-Secure	6.70.13030.0	2007.10.28	-
*Ikarus	T3.1.1.12	2007.10.28	Trojan-Downloader.Win32.Small.evh*
Kaspersky	7.0.0.125	2007.10.28	-
McAfee	5150	2007.10.26	-
Microsoft	1.2908	2007.10.28	-
*NOD32v2	2622	2007.10.28	a variant of Win32/TrojanProxy.Xorpix.BS*
Norman	5.80.02	2007.10.26	-
Panda	9.0.0.4	2007.10.28	-
Prevx1	V2	2007.10.28	-
Rising	19.46.61.00	2007.10.28	-
Sophos	4.23.0	2007.10.28	-
Sunbelt	2.2.907.0	2007.10.27	-
*Symantec	10	2007.10.28	Backdoor.Eterok.C*
TheHacker	6.2.9.110	2007.10.27	-
VBA32	3.12.2.4	2007.10.28	-
VirusBuster	4.3.26:9	2007.10.28	-
Webwasher-Gateway	6.6.1	2007.10.28	-
Дополнительная информация
File size: 23040 bytes
MD5: 2c0157d1701d48c30fc10db4bcf8c9e3
SHA1: dcf27144f0bcf6b535c110ecb00c4aa25e184f7f

----------


## Brutal

В винсоксе у юзера нашел.

File t0.dll received on 10.30.2007 07:01:57 (CET)

*Antivirus  	Version  	Last Update  	Result*
AhnLab-V3	2007.10.30.0	2007.10.30	-
*AntiVir	7.6.0.30	2007.10.29	TR/Dldr.Agent.dda*
Authentium	4.93.8	2007.10.29	-
*Avast	4.7.1074.0	2007.10.29	Win32:Agent-LOO
AVG	7.5.0.503	2007.10.29	Generic8.HES*
*BitDefender	7.2	2007.10.30	Generic.Malware.Fdld.A516C50D*
CAT-QuickHeal	9.00	2007.10.29	-
ClamAV	0.91.2	2007.10.30	-
*DrWeb	4.44.0.09170	2007.10.30	Trojan.DownLoader.35253*
eSafe	7.0.15.0	2007.10.28	-
eTrust-Vet	31.2.5252	2007.10.30	-
Ewido	4.0	2007.10.29	-
FileAdvisor	1	2007.10.30	-
*Fortinet	3.11.0.0	2007.10.19	Heuri.E*
F-Prot	4.3.2.48	2007.10.29	-
*F-Secure	6.70.13030.0	2007.10.30	Trojan.Win32.Agent.bvn
Ikarus	T3.1.1.12	2007.10.30	Trojan-Downloader.Win32.Agent.but
Kaspersky	7.0.0.125	2007.10.30	Trojan.Win32.Agent.bvn*
McAfee	5151	2007.10.29	-
*Microsoft	1.2908	2007.10.30	Trojan:Win32/Agent.ADA
NOD32v2	2626	2007.10.30	Win32/TrojanDownloader.Agent.NSB*
Norman	5.80.02	2007.10.29	-
*Panda	9.0.0.4	2007.10.30	Suspicious file*
Prevx1	V2	2007.10.30	-
*Rising	19.47.10.00	2007.10.30	Trojan.Win32.Agent.bvn
Sophos	4.23.0	2007.10.30	Mal/Heuri-E
Sunbelt	2.2.907.0	2007.10.29	Trojan.Win32/Agent.ADA*
Symantec	10	2007.10.30	-
*TheHacker	6.2.9.110	2007.10.27	Trojan/Agent.bvn
VBA32	3.12.2.4	2007.10.28	Trojan.Win32.Agent.bvn*
VirusBuster	4.3.26:9	2007.10.29	-
*Webwasher-Gateway	6.6.1	2007.10.29	Trojan.Dldr.Agent.dda*

Additional information
File size: 30208 bytes
MD5: 0866b8b38b4b3b35cc4175161ca39f8f
SHA1: 3dfd5c6f2d232bc89a97feeb9ab2ab16cc1bb863
packers: UPX
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX

*Добавлено через 3 минуты*

Мне кто-нибудь ответит, что у вас означает пункт "Pack/Crypt" вот в этой диаграмме?:
http://virusinfo.info/attachment.php...8&d=1191562708

----------


## ISO

File patch.exe received on 10.30.2007 07:52:49 (CET)
Current status:    finished 
Result: 19/31 (61.3%) 
 Compact 
Print results  Antivirus	Version	Last Update	Result
AhnLab-V3	2007.10.30.0	2007.10.30	-
*AntiVir	7.6.0.30	2007.10.29	TR/PSW.OnlineGames.aci.113*
Authentium	4.93.8	2007.10.29	-
Avast	4.7.1074.0	2007.10.29	-
AVG	7.5.0.503	2007.10.29	-
*BitDefender	7.2	2007.10.30	Trojan.Pws.Onlinegames.ACI
CAT-QuickHeal	9.00	2007.10.29	TrojanPSW.OnLineGames.es
ClamAV	0.91.2	2007.10.30	PUA.Packed.UPack-2*
DrWeb	4.44.0.09170	2007.10.30	-
*eSafe	7.0.15.0	2007.10.28	Win32.OnLineGames.ac*
eTrust-Vet	31.2.5253	2007.10.30	-
Ewido	4.0	2007.10.29	-
*FileAdvisor	1	2007.10.30	High threat detected*
*Fortinet	3.11.0.0	2007.10.19	Patch.F!tr*
F-Prot	4.3.2.48	2007.10.29	-
*F-Secure	6.70.13030.0	2007.10.30	Trojan-PSW.Win32.OnLineGames.aci*
*Ikarus	T3.1.1.12	2007.10.30	Trojan-Downloader.Win32.Zlob.and
Kaspersky	7.0.0.125	2007.10.30	Trojan-PSW.Win32.OnLineGames.aci
McAfee	5151	2007.10.29	New Malware.aj
Microsoft	1.2908	2007.10.30	HackTool:Win32/Patch.A*
NOD32v2	2626	2007.10.30	-
*Norman	5.80.02	2007.10.29	W32/Suspicious_U.gen
Panda	9.0.0.4	2007.10.30	Trj/Lineage.BZE*
Prevx1	V2	2007.10.30	-
Rising	19.47.10.00	2007.10.30	-
*Sophos	4.23.0	2007.10.30	Troj/Patch-F
Sunbelt	2.2.907.0	2007.10.29	VIPRE.Suspicious*
Symantec	10	2007.10.30	-
*TheHacker	6.2.9.110	2007.10.27	Trojan/PSW.OnLineGames.aci
VBA32	3.12.2.4	2007.10.28	Trojan-PSW.Win32.OnLineGames.aci
VirusBuster	4.3.26:9	2007.10.29	Packed/Upack*
Additional information
File size: 8120 bytes
MD5: 2d5b60d000d7792ec504127c6ee238ff
SHA1: 593335fa2eddcbd5d69a981dd17d896a289a4455
Bit9 info: http://fileadvisor.bit9.com/services...04127c6ee238ff
packers: UPack
packers: PE_Patch

----------


## ZhIV

Файл setuprs1.rar получен 2007.10.31 02:42:40 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.10.31.0	2007.10.30	-
*AntiVir	7.6.0.30	2007.10.30	BDS/Hupigon.Gen*
Authentium	4.93.8	2007.10.30	-
Avast	4.7.1074.0	2007.10.30	-
AVG	7.5.0.503	2007.10.30	-
BitDefender	7.2	2007.10.31	-
*CAT-QuickHeal	9.00	2007.10.30	(Suspicious) - DNAScan*
ClamAV	0.91.2	2007.10.30	-
DrWeb	4.44.0.09170	2007.10.30	-
*eSafe	7.0.15.0	2007.10.28	suspicious Trojan/Worm*
eTrust-Vet	31.2.5253	2007.10.30	-
Ewido	4.0	2007.10.30	-
FileAdvisor	1	2007.10.31	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.3.2.48	2007.10.30	-
*F-Secure	6.70.13030.0	2007.10.31	W32/Delf.AECZ
Ikarus	T3.1.1.12	2007.10.31	Backdoor.Win32.Hupigon.MY*
Kaspersky	7.0.0.125	2007.10.31	-
*McAfee	5152	2007.10.30	Generic BackDoor*
Microsoft	1.2908	2007.10.31	-
NOD32v2	2627	2007.10.30	-
Norman	5.80.02	2007.10.30	-
Panda	9.0.0.4	2007.10.30	-
Prevx1	V2	2007.10.31	-
Rising	19.47.12.00	2007.10.30	-
*Sophos	4.23.0	2007.10.30	Mal/Packer*
Sunbelt	2.2.907.0	2007.10.31	-
Symantec	10	2007.10.31	-
*TheHacker	6.2.9.110	2007.10.27	W32/Behav-Heuristic-067*
VBA32	3.12.2.4	2007.10.28	-
*VirusBuster	4.3.26:9	2007.10.30	Packed/NSPack
Webwasher-Gateway	6.6.1	2007.10.31	Trojan.Hupigon.Gen*
Дополнительная информация
File size: 127648 bytes
MD5: ab66a9f07cfa012fb79e1543369a148e
SHA1: e4620b4eaf0af3d254b1ea5d96fde2d3a2b15adb
packers: NSPack, PE_Patch
packers: NSPack, NSPack

*Добавлено через 9 минут*

Файл mshost.exe получен 2007.10.31 02:58:57 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.10.31.0	2007.10.30	-
AntiVir	7.6.0.30	2007.10.30	-
Authentium	4.93.8	2007.10.30	-
Avast	4.7.1074.0	2007.10.30	-
AVG	7.5.0.503	2007.10.30	-
BitDefender	7.2	2007.10.31	-
CAT-QuickHeal	9.00	2007.10.30	-
ClamAV	0.91.2	2007.10.30	-
*DrWeb	4.44.0.09170	2007.10.30	Win32.HLLW.Autoruner.784
eSafe	7.0.15.0	2007.10.28	suspicious Trojan/Worm*
eTrust-Vet	31.2.5253	2007.10.30	-
Ewido	4.0	2007.10.30	-
FileAdvisor	1	2007.10.31	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.3.2.48	2007.10.30	-
*F-Secure	6.70.13030.0	2007.10.31	Virus.Win32.AutoRun.yy
Ikarus	T3.1.1.12	2007.10.31	Virus.Win32.AutoRun.yy
Kaspersky	7.0.0.125	2007.10.31	Virus.Win32.AutoRun.yy*
McAfee	5152	2007.10.30	-
Microsoft	1.2908	2007.10.31	-
NOD32v2	2627	2007.10.30	-
Norman	5.80.02	2007.10.30	-
*Panda	9.0.0.4	2007.10.30	Suspicious file
Prevx1	V2	2007.10.31	Heuristic: Suspicious File With Covert Attributes*
Rising	19.47.12.00	2007.10.30	-
Sophos	4.23.0	2007.10.30	-
Sunbelt	2.2.907.0	2007.10.31	-
Symantec	10	2007.10.31	-
TheHacker	6.2.9.110	2007.10.27	-
VBA32	3.12.2.4	2007.10.28	-
VirusBuster	4.3.26:9	2007.10.30	-
Webwasher-Gateway	6.6.1	2007.10.31	-
Дополнительная информация
File size: 192512 bytes
MD5: 4cc7c9d5bef15e7c62849cbceba6fe34
SHA1: f6e465264ef4e56aaafdb421e8a61e6522a1ad94
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.a...F92A00B1C6F298

----------


## drongo

BitAccelerator- меняет md5, но не суть.
можно посмотреть какие из лабораторий не торопятся следить за изменениями.


```
Файл BitAccelerator.dta получен 2007.10.31 17:37:43 (CET) 
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.10.31.1	2007.10.31	-
AntiVir	7.6.0.30	2007.10.31	-
Authentium	4.93.8	2007.10.30	-
Avast	4.7.1074.0	2007.10.31	-
AVG	7.5.0.503	2007.10.31	-
BitDefender	7.2	2007.10.31	Adware.BHO.WPW
CAT-QuickHeal	9.00	2007.10.31	-
ClamAV	0.91.2	2007.10.31	Adware.BHO-50
DrWeb	4.44.0.09170	2007.10.31	-
eSafe	7.0.15.0	2007.10.28	-
eTrust-Vet	31.2.5256	2007.10.31	-
Ewido	4.0	2007.10.31	-
FileAdvisor	1	2007.10.31	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.3.2.48	2007.10.30	-
F-Secure	6.70.13030.0	2007.10.31	-
Ikarus	T3.1.1.12	2007.10.31	Virus.Win32.AdWare
Kaspersky	7.0.0.125	2007.10.31	not-a-virus:AdWare.Win32.BHO.ic
McAfee	5152	2007.10.30	-
Microsoft	1.2908	2007.10.31	-
NOD32v2	2630	2007.10.31	-
Norman	5.80.02	2007.10.31	-
Panda	9.0.0.4	2007.10.31	-
Prevx1	V2	2007.10.31	-
Rising	19.47.21.00	2007.10.31	-
Sophos	4.23.0	2007.10.31	-
Sunbelt	2.2.907.0	2007.10.31	-
Symantec	10	2007.10.31	-
TheHacker	6.2.9.110	2007.10.27	-
VBA32	3.12.2.4	2007.10.28	-
VirusBuster	4.3.26:9	2007.10.31	-
Webwasher-Gateway	6.0.1	2007.10.31	-
Дополнительная информация
File size: 394124 bytes
MD5: 97209ee33ade0ba71326964ef8210364
SHA1: e93c7ccf12bf8b091be0084c689772abc494a84b
```

----------


## Kuzz

AhnLab-V3	2007.11.1.0	2007.10.31	-
*AntiVir	7.6.0.30	2007.10.31	TR/PSW.LdPinch.dkt*
Authentium	4.93.8	2007.10.31	-
Avast	4.7.1074.0	2007.10.31	-
*AVG	7.5.0.503	2007.10.31	Dropper.Delf.KM
BitDefender	7.2	2007.10.31	Trojan.Agent.AFLF
CAT-QuickHeal	9.00	2007.10.31	TrojanPSW.LdPinch.dkt
ClamAV	0.91.2	2007.10.31	Trojan.LdPinch-1029
DrWeb	4.44.0.09170	2007.10.31	Trojan.MulDrop.9120
eSafe	7.0.15.0	2007.10.28	Win32.LdPinch.dkt*
eTrust-Vet	31.2.5256	2007.10.31	-
Ewido	4.0	2007.10.31	-
FileAdvisor	1	2007.10.31	-
*Fortinet	3.11.0.0	2007.10.19	W32/LdPinch.DKT!tr.pws*
F-Prot	4.3.2.48	2007.10.31	-
*F-Secure	6.70.13030.0	2007.10.31	Trojan-PSW.Win32.LdPinch.dkt
Ikarus	T3.1.1.12	2007.10.31	Trojan.MulDrop.9120
Kaspersky	7.0.0.125	2007.10.31	Trojan-PSW.Win32.LdPinch.dkt*
McAfee	5152	2007.10.30	-
Microsoft	1.2908	2007.10.31	-
NOD32v2	2630	2007.10.31	-
Norman	5.80.02	2007.10.31	-
*Panda	9.0.0.4	2007.10.31	Trj/Ldpinch.WE*
Prevx1	V2	2007.10.31	-
*Rising	19.47.21.00	2007.10.31	Trojan.PSW.Win32.LdPinch.dkt*
Sophos	4.23.0	2007.10.31	-
Sunbelt	2.2.907.0	2007.10.31	-
Symantec	10	2007.10.31	-
*TheHacker	6.2.9.110	2007.10.27	Trojan/PSW.LdPinch.dkt*
*VBA32	3.12.2.4	2007.10.28	Trojan.MulDrop.9120
*VirusBuster	4.3.26:9	2007.10.31	-

----------


## XL

Очередная реинкарнация:




> Файл halloween.exe получен 2007.10.31 22:28:29 (CET)
> 
> AhnLab-V3	2007.11.1.0	2007.10.31	-
> *AntiVir	7.6.0.30	2007.10.31	WORM/Zhelatin.Gen
> Authentium	4.93.8	2007.10.31	W32/StormWorm.G*
> Avast	4.7.1074.0	2007.10.31	-
> *AVG	7.5.0.503	2007.10.31	Downloader.Tibs
> BitDefender	7.2	2007.10.31	Trojan.Peed.INN
> CAT-QuickHeal	9.00	2007.10.31	(Suspicious) - DNAScan
> ...

----------


## Shu_b

Итого за месяц.

----------


## Shu_b

о как... тема 13760

```
File mssrv32.exe received on 11.02.2007 13:54:37 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.11.2.1	2007.11.02	-
AntiVir	7.6.0.30	2007.11.02	TR/Dldr.Agent.ZAA
Authentium	4.93.8	2007.11.01	-
Avast	4.7.1074.0	2007.11.02	-
AVG	7.5.0.503	2007.11.02	-
BitDefender	7.2	2007.11.02	Trojan.PWS.LDPinch.TDD
CAT-QuickHeal	9.00	2007.11.02	-
ClamAV	0.91.2	2007.11.02	-
DrWeb	4.44.0.09170	2007.11.02	Trojan.Packed.194
eSafe	7.0.15.0	2007.10.28	-
eTrust-Vet	31.2.5262	2007.11.02	-
Ewido	4.0	2007.11.02	-
FileAdvisor	1	2007.11.02	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.4.2.54	2007.11.02	-
F-Secure	6.70.13030.0	2007.11.02	-
Ikarus	T3.1.1.12	2007.11.02	Virus.Win32.Zapchast.DA
Kaspersky	7.0.0.125	2007.11.02	-
McAfee	5154	2007.11.01	-
Microsoft	1.2908	2007.11.02	-
NOD32v2	2633	2007.11.02	Win32/PSW.LdPinch.NFO
Norman	5.80.02	2007.11.02	-
Panda	9.0.0.4	2007.11.02	-
Prevx1	V2	2007.11.02	Malware.Gen
Rising	20.16.42.00	2007.11.02	-
Sophos	4.23.0	2007.11.02	Mal/Dropper-T
Sunbelt	2.2.907.0	2007.10.31	Trojan.PWS.LDPinch.TDD
Symantec	10	2007.11.02	-
TheHacker	6.2.9.110	2007.10.27	-
VBA32	3.12.2.4	2007.11.02	Trojan.Win32.PSW.LdPinch.NFO
VirusBuster	4.3.26:9	2007.11.01	-
Additional information
File size: 32768 bytes
```

----------


## Макcим

Файл 2007-11-02.rar получен 2007.11.02 19:09:29 (CET)



> *AntiVir	7.6.0.30	2007.11.02	TR/Dldr.Stration.Gen
> Avast	4.7.1074.0	2007.11.02	Win32:Warezov-CRS
> AVG	7.5.0.503	2007.11.02	I-Worm/Stration.DJG
> BitDefender	7.2	2007.11.02	[email protected]
> CAT-QuickHeal	9.00	2007.11.02	I-Worm.Warezov.ny
> DrWeb	4.44.0.09170	2007.11.02	Win32.HLLM.Limar
> eSafe	7.0.15.0	2007.10.28	Win32.Stration.DB
> Ewido	4.0	2007.11.02	Worm.Warezov.zm
> Fortinet	3.11.0.0	2007.10.19	PossibleThreat
> ...


Дополнительная информация
File size: 381171 bytes
MD5: 2026564c39ddf422b71349f8b884c2e7
SHA1: b74dd2b0ffa6e2386bbf04356c5cd07370dba9d8
Sunbelt info: [email protected] is a mass mailing worm that carries an infected attachment and spreads by sending a copy of itself to every email address in the victim's computer.


Файл _install.exe.7FFFFFC3 получен 2007.11.02 20:37:42 (CET)



> *AntiVir	7.6.0.30	2007.11.02	WORM/Zhelatin.Gen
> Authentium	4.93.8	2007.11.02	W32/StormWorm.G
> Avast	4.7.1074.0	2007.11.02	Win32:Tibs-BLT
> AVG	7.5.0.503	2007.11.02	Downloader.Tibs.8.F
> BitDefender	7.2	2007.11.02	Trojan.Peed.INN
> CAT-QuickHeal	9.00	2007.11.02	(Suspicious) - DNAScan
> ClamAV	0.91.2	2007.11.02	Trojan.Peed-44
> DrWeb	4.44.0.09170	2007.11.02	Trojan.Packed.162
> eSafe	7.0.15.0	2007.10.28	Suspicious File
> ...


Дополнительная информация
File size: 113370 bytes
MD5: 14b25ba8a3e700f90eec3c0ab5a3ab49
SHA1: 57581352befdd5cc149b1744cca70bcf2eb5afc2


Файл 2007-11-02.rar получен 2007.11.02 20:49:46 (CET)



> *AntiVir	7.6.0.30	2007.11.02	ADSPY/NetAdware.AC.1
> Avast	4.7.1074.0	2007.11.02	Win32:Zlob-AFG
> AVG	7.5.0.503	2007.11.02	Downloader.Zlob.QSD
> BitDefender	7.2	2007.11.02	Adware.NetAdware.AA
> CAT-QuickHeal	9.00	2007.11.02	AdWare.Vapsup.kg (Not a Virus)
> eSafe	7.0.15.0	2007.10.28	suspicious Trojan/Worm
> Ikarus	T3.1.1.12	2007.11.02	AdWare.NetAdware.E
> NOD32v2	2634	2007.11.02	Win32/Adware.Agent.NHS
> Panda	9.0.0.4	2007.11.02	Suspicious file
> ...


Дополнительная информация
File size: 3510625 bytes
MD5: 4eb64cd05568968115dc795ee7541686
SHA1: 07e1fe2188fddb50fb5c90fe0af6c2fded282ab5
packers: UPX_LZMA
Prevx info: http://fileinfo.prevx.com/fileinfo.a...D658000E174DB6

----------


## Макcим

Файл IcqControl.dll получен 2007.11.03 11:20:52 (CET)



> *AntiVir	7.6.0.30	2007.11.02	HEUR/Crypted
> AVG	7.5.0.503	2007.11.02	BackDoor.Hupigon2.KNN
> eSafe	7.0.15.0	2007.10.28	Suspicious File
> FileAdvisor	1	2007.11.03	High threat detected
> Norman	5.80.02	2007.11.02	W32/Suspicious_N.gen
> Sophos	4.23.0	2007.11.03	Mal/Packer
> TheHacker	6.2.9.110	2007.10.27	W32/Behav-Heuristic-067
> Webwasher-Gateway	6.6.1	2007.11.02	Heuristic.Crypted*


Дополнительная информация
File size: 208384 bytes
MD5: f04f5b0359404bd3ac349a82465494e2
SHA1: a8916be5fd43f1d5e69df2cac38c0fcc7f628bf4
Bit9 info: http://fileadvisor.bit9.com/services...349a82465494e2
packers: NSPack, PE_Patch
packers: NSPack

*Добавлено через 13 минут*

Файл install_cr.exe получен 2007.11.03 11:28:51 (CET)



> *Avast	4.7.1074.0	2007.11.03	Win32:Zlob-AFG
> AVG	7.5.0.503	2007.11.02	Downloader.Zlob
> BitDefender	7.2	2007.11.03	Adware.NetAdware.AE*


Дополнительная информация
File size: 200131 bytes
MD5: 06ab52f74863c917f8402a06a2b51332
SHA1: 6278e5eb0aa4dc8543297ec4e5bb398e2e76ee95

*Добавлено через 46 минут*

Файл load.exe получен 2007.11.03 12:27:12 (CET)



> *AntiVir	7.6.0.30	2007.11.02	TR/Crypt.XPACK.Gen
> AVG	7.5.0.503	2007.11.02	SHeur.XIC
> CAT-QuickHeal	9.00	2007.11.02	(Suspicious) - DNAScan
> ClamAV	0.91.2	2007.11.03	PUA.Packed.UPack-2
> eSafe	7.0.15.0	2007.10.28	Suspicious File
> F-Prot	4.4.2.54	2007.11.02	W32/Heuristic-162!Eldorado
> F-Secure	6.70.13030.0	2007.11.02	Trojan-Dropper.Win32.Agent.clo
> Ikarus	T3.1.1.12	2007.11.03	Trojan-Downloader.Win32.Zlob.and
> Kaspersky	7.0.0.125	2007.11.03	Trojan-Dropper.Win32.Agent.clo
> ...


Дополнительная информация
File size: 46088 bytes
MD5: 59f41d310b88d924d2a113b939697499
SHA1: a4bd83f6707df4e58aade38ea8717a6cae3854d8
packers: UPack
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

*Добавлено через 2 часа 48 минут*

Файл gping_205.exe получен 2007.11.03 15:18:31 (CET)



> *AntiVir	7.6.0.30	2007.11.02	DR/MicroJoiner.Gen
> AVG	7.5.0.503	2007.11.03	Win32/PolyCrypt
> CAT-QuickHeal	9.00	2007.11.03	TrojanPSW.LdPinch.eap
> F-Secure	6.70.13030.0	2007.11.02	Trojan-PSW.Win32.LdPinch.eap
> Ikarus	T3.1.1.12	2007.11.03	Trojan-PWS.Win32.LdPinch.eap
> Kaspersky	7.0.0.125	2007.11.03	Trojan-PSW.Win32.LdPinch.eap
> Panda	9.0.0.4	2007.11.03	Suspicious file
> Webwasher-Gateway	6.6.1	2007.11.02	Trojan.MicroJoiner.Gen*


Дополнительная информация
File size: 1274368 bytes
MD5: 335ca696a5aa477cd8c87157cf40145c
SHA1: ed044a0c4a3a0b35b3068340eee930781dcf2aa8

----------


## 456

Файл bin1.exe получен 2007.11.04 06:49:29 (CET)
  Его firewall заблокировал .

AhnLab-V32007.11.3.02007.11.02-
*AntiVir7.6.0.302007.11.02  TR/Crypt.XPACK.Gen*
Authentium4.93.82007.11.03-
Avast4.7.1074.02007.11.03-
*AVG7.5.0.5032007.11.03Win32/PolyCryp*
tBitDefender7.22007.11.04-
*CAT-QuickHeal9.002007.11.03 TrojanPSW.LdPinch.eap*
ClamAV0.91.22007.11.04-
DrWeb4.44.0.091702007.11.03-
*eSafe7.0.15.02007.10.28  SuspiciousFile*
eTrust-Vet31.2.52642007.11.02-
Ewido4.02007.11.03-
FileAdvisor12007.11.04-
Fortinet3.11.0.02007.10.19-
F-Prot4.4.2.542007.11.03-
*F-Secure6.70.13030.02007.11.04  Trojan-PSW.Win32.LdPinch.eap
IkarusT3.1.1.122007.11.04 Trojan-PWS.Win32.LdPinch.eap
Kaspersky7.0.0.1252007.11.03 Trojan-PSW.Win32.LdPinch.eap*
McAfee51552007.11.02-
Microsoft1.29082007.11.03-
NOD32v2 2336 2007.11.03- 
Norman5.80.022007.11.02-
*Panda9.0.0.42007.11.03   Suspiciousfile*
*Prevx1V22007.11.04   Malware.Gen*
Rising20.16.60.002007.11.04-
*Sophos4.23.02007.11.04  Mal/Basine-C*
*Sunbelt2.2.907.02007.11.02  VIPRE.Suspicious*
Symantec102007.11.04-
TheHacker6.2.9.1102007.10.27-
VBA323.12.2.42007.11.03-
VirusBuster4.3.26:92007.11.03-
*Webwasher-Gateway6.6.12007.11.02  Trojan.Crypt.XPACK.Gen

*Дополнительная информация              File size: 55296 bytesMD5: 4958b414a1a16cd519c804ff2f5ca01cSHA1: c02bf69b3b7c7c463b87c47f445b749e55fc5f46

----------


## Макcим

Это *не* ложное срабатывание, файл на самом деле является malware, которое заподозрил только один антивирус. 

Файл 1.htm получен 2007.11.04 08:41:37 (CET)



> *Webwasher-Gateway	6.6.1	2007.11.02	JavaScript.CodeUnfolding.gen!High (suspicious)*


Дополнительная информация
File size: 2359 bytes
MD5: 3f438825635986942b14e5760bdaec3e
SHA1: d98b7554c75fb7bf43e394d32eab60e889486303

*Добавлено через 3 часа 36 минут*

Файл avz00008.dta получен 2007.11.04 12:35:35 (CET)



> *AntiVir	7.6.0.30	2007.11.02	HEUR/Malware
> Authentium	4.93.8	2007.11.03	Possibly a new variant of W32/new-malware!Maximus
> eSafe	7.0.15.0	2007.10.28	suspicious Trojan/Worm
> F-Prot	4.4.2.54	2007.11.03	W32/new-malware!Maximus
> Ikarus	T3.1.1.12	2007.11.04	Trojan-Spy.Win32.Agent.rb
> Panda	9.0.0.4	2007.11.04	Suspicious file
> Prevx1	V2	2007.11.04	Heuristic: Suspicious Browser Help Object
> Sophos	4.23.0	2007.11.04	Troj/Dowdec-Gen
> Sunbelt	2.2.907.0	2007.11.02	VIPRE.Suspicious
> ...


Дополнительная информация
File size: 12288 bytes
MD5: 89c1b7f8c76bc14d5ca6a6ba070372c2
SHA1: 3076d6e030a351194602c3cc7ad6dfe43644019a
packers: UPX
packers: UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.a...5AD100B7568A70
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## drongo

Касперский добавит в следуещее обновление под именем :  Backdoor.Win32.Kbot.ab



```
Файл avz00002.dta получен 2007.11.05 22:43:59 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.11.6.0	2007.11.05	-
AntiVir	7.6.0.30	2007.11.05	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2007.11.05	-
Avast	4.7.1074.0	2007.11.05	Win32:Small-HZL
AVG	7.5.0.503	2007.11.05	Downloader.Obfuskated
BitDefender	7.2	2007.11.05	Trojan.AVKiller.AW
CAT-QuickHeal	9.00	2007.11.05	(Suspicious) - DNAScan
ClamAV	0.91.2	2007.11.05	-
DrWeb	4.44.0.09170	2007.11.05	Trojan.MulDrop.8347
eSafe	7.0.15.0	2007.10.28	Suspicious File
eTrust-Vet	31.2.5264	2007.11.02	-
Ewido	4.0	2007.11.05	-
FileAdvisor	1	2007.11.05	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.4.2.54	2007.11.05	-
F-Secure	6.70.13030.0	2007.11.05	-
Ikarus	T3.1.1.12	2007.11.05	-
Kaspersky	7.0.0.125	2007.11.05	-
McAfee	5156	2007.11.05	Tcad-Crypted
Microsoft	1.2908	2007.11.05	TrojanDownloader:Win32/Small.gen!AAM
NOD32v2	2639	2007.11.05	-
Norman	5.80.02	2007.11.05	-
Panda	9.0.0.4	2007.11.05	Suspicious file
Prevx1	V2	2007.11.05	-
Rising	20.17.01.00	2007.11.05	Trojan.DL.Win32.Small.fyn
Sophos	4.23.0	2007.11.05	Mal/Basine-C
Sunbelt	2.2.907.0	2007.11.02	-
Symantec	10	2007.11.05	-
TheHacker	6.2.9.116	2007.11.05	-
VBA32	3.12.2.4	2007.11.05	-
VirusBuster	4.3.26:9	2007.11.05	Trojan.DR.Dirat.Gen
Webwasher-Gateway	6.0.1	2007.11.05	Trojan.Crypt.XPACK.Gen
Дополнительная информация
File size: 12788 bytes
MD5: 85f7cd6ffd231dce0d052884f6682d40
SHA1: 07fe747914cc7dfc0c9206055d33c65970c05295
```

----------


## Shu_b

t=13890


```
File csrss.exe received on 11.06.2007 08:14:44 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.11.6.1	2007.11.06	-
AntiVir	7.6.0.30	2007.11.05	HEUR/Crypted
Authentium	4.93.8	2007.11.05	-
Avast	4.7.1074.0	2007.11.05	-
AVG	7.5.0.503	2007.11.05	-
BitDefender	7.2	2007.11.06	Trojan.PWS.LDPinch.TDD
CAT-QuickHeal	9.00	2007.11.05	-
ClamAV	0.91.2	2007.11.06	-
DrWeb	4.44.0.09170	2007.11.05	-
eSafe	7.0.15.0	2007.10.28	-
eTrust-Vet	31.2.5270	2007.11.05	-
Ewido	4.0	2007.11.05	-
FileAdvisor	1	2007.11.06	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.4.2.54	2007.11.06	-
F-Secure	6.70.13030.0	2007.11.05	-
Ikarus	T3.1.1.12	2007.11.06	Virus.Win32.Zapchast.DA
Kaspersky	7.0.0.125	2007.11.06	-
McAfee	5156	2007.11.05	-
Microsoft	1.2908	2007.11.05	-
NOD32v2	2639	2007.11.06	-
Norman	5.80.02	2007.11.05	-
Panda	9.0.0.4	2007.11.06	-
Prevx1	V2	2007.11.06	-
Rising	20.17.02.00	2007.11.06	-
Sophos	4.23.0	2007.11.06	-
Sunbelt	2.2.907.0	2007.11.02	-
Symantec	10	2007.11.06	-
TheHacker	6.2.9.117	2007.11.06	-
VBA32	3.12.2.4	2007.11.06	-
VirusBuster	4.3.26:9	2007.11.05	-
Webwasher-Gateway	6.0.1	2007.11.05	Heuristic.Crypted
Additional information
File size: 20992 bytes
MD5: 62d7900b0e5f56a06b818a7443b7edbb
SHA1: eb9cc8432d26e57d9b53ba1a9d623194040df0a9
```

*Добавлено через 5 часов 6 минут*

t=13896


> File 
> syswin.exe ; msrpc.exe ; lsassv.exe ; AdobeGammaLoader.scr ; calc2.exe
>  received on 11.06.2007 13:16:58 (CET)
> Antivirus	Version	Last Update	Result
> AhnLab-V3	2007.11.6.1	2007.11.06	-
> AntiVir	7.6.0.30	2007.11.05	-
> Authentium	4.93.8	2007.11.05	-
> Avast	4.7.1074.0	2007.11.05	-
> AVG	7.5.0.503	2007.11.06	-
> ...


*Добавлено через 38 минут*

t=13895 



> File bindmod.dll received on 11.06.2007 13:43:50 (CET)
> Antivirus	Version	Last Update	Result
> AhnLab-V3	2007.11.6.1	2007.11.06	-
> *AntiVir	7.6.0.30	2007.11.05	TR/Zlob.Dll*
> Authentium	4.93.8	2007.11.05	-
> *Avast	4.7.1074.0	2007.11.05	Win32:Agent-LTS
> AVG	7.5.0.503	2007.11.06	Downloader.Zlob.QRV*
> BitDefender	7.2	2007.11.06	-
> CAT-QuickHeal	9.00	2007.11.05	-
> ...





> File advrepgpd.dll received on 11.06.2007 13:44:01 (CET)
> Antivirus	Version	Last Update	Result
> AhnLab-V3	2007.11.6.1	2007.11.06	-
> *AntiVir	7.6.0.30	2007.11.05	TR/BHO.Agent.258048*
> Authentium	4.93.8	2007.11.05	-
> Avast	4.7.1074.0	2007.11.05	-
> *AVG	7.5.0.503	2007.11.06	Downloader.Zlob.QRY
> BitDefender	7.2	2007.11.06	Adware.NetAdware.AB*
> CAT-QuickHeal	9.00	2007.11.05	-
> ...





> File hupsrv.dll received on 11.06.2007 13:43:38 (CET)
> Antivirus	Version	Last Update	Result
> AhnLab-V3	2007.11.6.1	2007.11.06	-
> *AntiVir	7.6.0.30	2007.11.05	ADSPY/VideoPlug.A.1*
> Authentium	4.93.8	2007.11.05	-
> Avast	4.7.1074.0	2007.11.05	-
> *AVG	7.5.0.503	2007.11.06	Downloader.Zlob.QRZ*
> BitDefender	7.2	2007.11.06	-
> CAT-QuickHeal	9.00	2007.11.05	-
> ...


какой интересный денёк...

*Добавлено через 2 минуты*

t=13894 [незачёт - Этот файл повреждён.]



> File SYSDRV1.EXE received on 11.06.2007 13:54:09 (CET)
> Antivirus	Version	Last Update	Result
> AhnLab-V3	2007.11.6.1	2007.11.06	-
> AntiVir	7.6.0.30	2007.11.05	-
> Authentium	4.93.8	2007.11.05	-
> *Avast	4.7.1074.0	2007.11.05	Win32:LdPinch-IG*
> AVG	7.5.0.503	2007.11.06	-
> *BitDefender	7.2	2007.11.06	Trojan.Pws.Ldpinch.AJA
> CAT-QuickHeal	9.00	2007.11.06	(Suspicious) - DNAScan*
> ...

----------


## Макcим

Файл index.php получен 2007.11.06 17:49:28 (CET)



> *AVG	7.5.0.503	2007.11.06	JS/Downloader.Agent
> Sophos	4.23.0	2007.11.06	Mal/ObfJS-M
> Webwasher-Gateway	6.0.1	2007.11.06	JavaScript.CodeUnfolding.gen!High (suspicious)*


Дополнительная информация
File size: 9369 bytes
MD5: ad197989915846adf2ece6ef4469a138
SHA1: 336fdd129e6228ce8eb15f4b737c3ee9e503262e

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Макcим

Файл syswqer.exe получен 2007.11.07 14:35:01 (CET)



> *AntiVir	7.6.0.34	2007.11.07	DR/Delphi.Gen
> AVG	7.5.0.503	2007.11.07	Obfustat.SYJ
> BitDefender	7.2	2007.11.07	Trojan.PWS.LDPinch.TDF
> DrWeb	4.44.0.09170	2007.11.07	Trojan.Packed.194
> eSafe	7.0.15.0	2007.11.06	Suspicious File
> FileAdvisor	1	2007.11.07	High threat detected
> Ikarus	T3.1.1.12	2007.11.07	Trojan-PWS.LDPinch.TDF
> Panda	9.0.0.4	2007.11.06	Generic Trojan
> Sophos	4.23.0	2007.11.07	Mal/Dropper-T
> ...


Дополнительная информация
File size: 58368 bytes
MD5: 2b3af9294ff4f88fc5b48c609c6a1fda
SHA1: 68d74a2b8d4cc9409ceaf42ad53361d7da48ad20
Bit9 info: http://fileadvisor.bit9.com/services...b48c609c6a1fda

----------


## XL

Файл dancer.exe получен 2007.11.08 14:37:06 



> AhnLab-V3	2007.11.9.0	2007.11.08	-
> *AntiVir	7.6.0.34	2007.11.08	WORM/Zhelatin.Gen*
> Authentium	4.93.8	2007.11.01	-
> Avast	4.7.1074.0	2007.11.08	-
> AVG	7.5.0.503	2007.11.08	-
> *BitDefender	7.2	2007.11.08	Trojan.Peed.INS
> CAT-QuickHeal	9.00	2007.11.08	(Suspicious) - DNAScan*
> ClamAV	0.91.2	2007.11.07	-
> *DrWeb	4.44.0.09170	2007.11.08	Trojan.Packed.209*
> ...


свежак. рулят generic сигнатуры и эвристика....

----------


## TANUKI

Файл 6143_1_.js получен 2007.11.09 02:56:01 (CET)

*AntiVir	7.6.0.34	2007.11.08	TR/Dldr.Agent.abi.1
F-Secure	6.70.13030.0	2007.11.09	Trojan-Downloader.JS.Agent.abi
Ikarus	T3.1.1.12	2007.11.09	Trojan-Downloader.JS.Agent.abi
Kaspersky	7.0.0.125	2007.11.09	Trojan-Downloader.JS.Agent.abi
Sunbelt	2.2.907.0	2007.11.08	Trojan-Downloader.Agent.abi.1
Symantec	10	2007.11.09	Downloader
Webwasher-Gateway	6.0.1	2007.11.09	Trojan.Dldr.Agent.abi.1*

File size: 2190 bytes
MD5: 58de1a946e120811eb7806847ba9fe85
SHA1: 435a47e933508564dc760049a16d6be7f2739983

*Добавлено через 24 минуты*

Файл lib_1_.exe получен 2007.11.09 02:56:54 (CET)

*AntiVir	7.6.0.34	2007.11.08	HEUR/Malware
AVG	7.5.0.503	2007.11.08	BackDoor.Generic8.AAAQ
CAT-QuickHeal	9.00	2007.11.08	(Suspicious) - DNAScan
ClamAV	0.91.2	2007.11.09	PUA.Packed.UPack-2
eSafe	7.0.15.0	2007.11.08	Suspicious File
F-Prot	4.4.2.54	2007.11.07	W32/Heuristic-162!Eldorado
Ikarus	T3.1.1.12	2007.11.09	Trojan-Downloader.Win32.Zlob.and
McAfee	5159	2007.11.08	New Malware.aj
NOD32v2	2647	2007.11.09	Win32/TrojanDropper.Agent.NGP
Norman	5.80.02	2007.11.08	W32/Zlob.ASKO
Panda	9.0.0.4	2007.11.09	Suspicious file
Sophos	4.23.0	2007.11.09	Mal/Packer
Sunbelt	2.2.907.0	2007.11.08	VIPRE.Suspicious
TheHacker	6.2.9.120	2007.11.08	W32/Behav-Heuristic-060
VBA32	3.12.2.4	2007.11.08	suspected of Trojan-PSW.Game.30 (paranoid heuristics)
VirusBuster	4.3.26:9	2007.11.08	Packed/Upack
Webwasher-Gateway	6.0.1	2007.11.09	Heuristic.Malware
*

Дополнительная информация
File size: 137904 bytes
MD5: 2016d135efbc5b7800b5bc1ad5462df9
SHA1: 5271bb6daca4a9914de5a3defeb148b6d8065a2a

*Добавлено через 43 минуты*

Файл userinit.exe получен 2007.11.09 03:45:05 (CET)

Антивирус 	Версия 	Обновление 	Результат
*AhnLab-V3	2007.11.9.0	2007.11.09	Win-Trojan/Agent.23552.DM
AntiVir	7.6.0.34	2007.11.08	TR/Dldr.Agent.blm.16
AVG	7.5.0.503	2007.11.08	Downloader.Agent.TIA
BitDefender	7.2	2007.11.09	Trojan.Downloader.Agent.YMX
DrWeb	4.44.0.09170	2007.11.08	Trojan.DownLoader.33566
Ewido	4.0	2007.11.08	Downloader.Agent.blm
F-Secure	6.70.13030.0	2007.11.09	Trojan-Downloader.Win32.Agent.blm
Ikarus	T3.1.1.12	2007.11.09	Trojan-Downloader.Win32.Agent.blm
Kaspersky	7.0.0.125	2007.11.09	Trojan-Downloader.Win32.Agent.blm
NOD32v2	2647	2007.11.09	Win32/TrojanDownloader.Agent.NRU
Norman	5.80.02	2007.11.08	W32/Agent.DAHY
Panda	9.0.0.4	2007.11.09	Suspicious file
Rising	20.17.32.00	2007.11.08	Trojan.DL.Win32.Agent.ydm
TheHacker	6.2.9.120	2007.11.08	Trojan/Downloader.Agent.blm
Webwasher-Gateway	6.0.1	2007.11.09	Trojan.Dldr.Agent.blm.16*

File size: 25088 bytes
MD5: de4ad604ac304d540354ae064cd4e692
SHA1: 1c3fce3275a279191d9bc8d66e6baa4bf06fd6d4

----------


## Макcим

Тема http://virusinfo.info/showthread.php?t=14005

Файл avz00006.dta получен 2007.11.09 08:13:10 (CET)



> *AntiVir	7.6.0.34	2007.11.08	TR/Crypt.XPACK.Gen
> AVG	7.5.0.503	2007.11.08	Downloader.Obfuskated
> CAT-QuickHeal	9.00	2007.11.08	TrojanProxy.Agent.qq
> DrWeb	4.44.0.09170	2007.11.08	Trojan.Packed.147
> eSafe	7.0.15.0	2007.11.08	Win32.Agent.qq
> F-Secure	6.70.13030.0	2007.11.09	Trojan-Proxy.Win32.Agent.qq
> Ikarus	T3.1.1.12	2007.11.09	Trojan-Proxy.Win32.Agent.qq
> Kaspersky	7.0.0.125	2007.11.09	Trojan-Proxy.Win32.Agent.qq
> Microsoft	1.3007	2007.11.09	Virus:Win32/Grum.E
> ...


File size: 32768 bytes
MD5: e23df3f7c0a8fb86087346d80ba14b88
SHA1: 9ea8e2936787211f1042b960a112585b7a256054
Prevx info: http://fileinfo.prevx.com/fileinfo.a...3D9400D4A87AED


Файл avz00003.dta получен 2007.11.09 08:12:34 (CET)



> *AntiVir	7.6.0.34	2007.11.08	TR/Crypt.XPACK.Gen
> AVG	7.5.0.503	2007.11.08	Dropper.Agent.9.J
> BitDefender	7.2	2007.11.09	Trojan.Proxy.Agent.AZP
> DrWeb	4.44.0.09170	2007.11.08	Trojan.Packed.147
> Ikarus	T3.1.1.12	2007.11.09	Trojan.Win32.Agent.asu
> NOD32v2	2647	2007.11.09	probably unknown NewHeur_PE virus
> Webwasher-Gateway	6.0.1	2007.11.09	Trojan.Crypt.XPACK.Gen*


Дополнительная информация
File size: 33280 bytes
MD5: 0b97adc7b6d7a850608ac1102c9bb180
SHA1: 77b06d0e8ed54318a1a6ba80b8fecab8b62912bb


Файл avz00002.dta получен 2007.11.09 08:12:18 (CET)



> *AntiVir	7.6.0.34	2007.11.08	TR/Crypt.XPACK.Gen
> AVG	7.5.0.503	2007.11.08	Dropper.Agent.9.J
> BitDefender	7.2	2007.11.09	Trojan.Proxy.Agent.AZP
> CAT-QuickHeal	9.00	2007.11.08	TrojanDropper.Agent.cjq
> ClamAV	0.91.2	2007.11.09	Trojan.Dropper-2814
> DrWeb	4.44.0.09170	2007.11.08	Trojan.Packed.147
> FileAdvisor	1	2007.11.09	High threat detected
> F-Secure	6.70.13030.0	2007.11.09	Trojan-Dropper.Win32.Agent.cjq
> Ikarus	T3.1.1.12	2007.11.09	Trojan.Win32.Agent.asu
> ...


Дополнительная информация
File size: 33280 bytes
MD5: 91687869e1f5fdf5fbff020db8541e67
SHA1: ecbf8797171027270fd8ceeb0e410dc84ede12d6
Bit9 info: http://fileadvisor.bit9.com/services...ff020db8541e67


Файл avz00001.dta получен 2007.11.09 08:11:59 (CET)



> *AntiVir	7.6.0.34	2007.11.08	TR/Crypt.XPACK.Gen
> AVG	7.5.0.503	2007.11.08	Dropper.Agent.9.J
> BitDefender	7.2	2007.11.09	Trojan.Proxy.Agent.AZP
> DrWeb	4.44.0.09170	2007.11.08	Trojan.Packed.147
> Ikarus	T3.1.1.12	2007.11.09	Trojan.Win32.Agent.asu
> NOD32v2	2647	2007.11.09	probably unknown NewHeur_PE virus
> Prevx1	V2	2007.11.09	Trojan.Nudos
> Webwasher-Gateway	6.0.1	2007.11.09	Trojan.Crypt.XPACK.Gen*


Дополнительная информация
File size: 33280 bytes
MD5: f0fe48b79151c39217e3c01030e63fe7
SHA1: 41ac5e903ce68636918400d21f07ad8ebe2a2bdf
Prevx info: http://fileinfo.prevx.com/fileinfo.a...CBC600D466C95E

*Добавлено через 6 часов 38 минут*

Файл Elektrichka.exe получен 2007.11.09 14:28:51 (CET)



> *AntiVir	7.6.0.34	2007.11.09	TR/PSW.LdPinch.bsj.113
> BitDefender	7.2	2007.11.09	MemScan:Trojan.PWS.LdPinch.BSJ
> CAT-QuickHeal	9.00	2007.11.09	(Suspicious) - DNAScan
> eTrust-Vet	31.2.5282	2007.11.09	Win32/Unknown
> F-Prot	4.4.2.54	2007.11.09	W32/Heuristic-162!Eldorado
> F-Secure	6.70.13030.0	2007.11.09	Trojan.Win32.Pakes.bos
> Ikarus	T3.1.1.12	2007.11.09	MemScanTrojan.Pws.LdPinch.BSJ
> Kaspersky	7.0.0.125	2007.11.09	Trojan.Win32.Pakes.bos
> Panda	9.0.0.4	2007.11.09	Suspicious file
> ...


Дополнительная информация
File size: 371712 bytes
MD5: 78abcfe77598501faaa3afb1b1d216a1
SHA1: 2328496d8a229146bae5e717eb744a38e5068bf3
packers: ASProtect
packers: PE_Patch, Aspack
packers: PE_Patch
Prevx info: http://fileinfo.prevx.com/fileinfo.a...AC1800CDEB05A5


Файл avz00001.dta получен 2007.11.09 14:45:46 (CET)



> *AntiVir	7.6.0.34	2007.11.09	TR/Crypt.XPACK.Gen
> Authentium	4.93.8	2007.11.09	Possibly a new variant of W32/Threat-HLLVL-based!Maximus
> AVG	7.5.0.503	2007.11.09	SHeur.YKL
> BitDefender	7.2	2007.11.09	MemScan:Trojan.Spy.Bancos.AAM
> CAT-QuickHeal	9.00	2007.11.09	TrojanSpy.Zbot.bu
> DrWeb	4.44.0.09170	2007.11.09	Trojan.Proxy.1824
> F-Prot	4.4.2.54	2007.11.09	W32/Threat-HLLVL-based!Maximus
> F-Secure	6.70.13030.0	2007.11.09	Trojan-Spy.Win32.Zbot.bu
> Ikarus	T3.1.1.12	2007.11.09	MemScanTrojan.Spy.Bancos.AAM
> ...


Дополнительная информация
File size: 239104 bytes
MD5: c081802b12c75c529a32e78d51bae9d7
SHA1: 42ee7db3e52e8b8b82f230e05ba1edc2d8551c3d
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.


Из темы http://forum.kaspersky.com/index.php?showtopic=52204

Файл avz00001.dta получен 2007.11.09 14:50:51 (CET)



> *DrWeb	4.44.0.09170	2007.11.09	Trojan.Ftpspy
> Panda	9.0.0.4	2007.11.09	Trj/FtpSpy.A*


Дополнительная информация
File size: 5632 bytes
MD5: ff570702b4b27e5ab974fc7bbb094abc
SHA1: d83c07509420f37040ae41fd2a0febfd83ddbf0c

----------


## ISO

File BitAccelerator.exe received on 11.10.2007 03:50:58 (CET)
Current status:    finished 
Result: 6/32 (18.75%) 
 Compact 
Print results  Antivirus	Version	Last Update	Result
AhnLab-V3	2007.11.10.0	2007.11.09	-
AntiVir	7.6.0.34	2007.11.09	-
Authentium	4.93.8	2007.11.09	-
Avast	4.7.1074.0	2007.11.09	-
AVG	7.5.0.503	2007.11.09	-
*BitDefender	7.2	2007.11.10	Adware.BHO.WPW*
CAT-QuickHeal	9.00	2007.11.09	-
*ClamAV	0.91.2	2007.11.10	Adware.BHO-50*
DrWeb	4.44.0.09170	2007.11.09	-
eSafe	7.0.15.0	2007.11.08	-
eTrust-Vet	31.2.5284	2007.11.09	-
Ewido	4.0	2007.11.09	-
FileAdvisor	1	2007.11.10	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.4.2.54	2007.11.09	-
F-Secure	6.70.13030.0	2007.11.09	-
*Ikarus	T3.1.1.12	2007.11.10	Virus.Win32.AdWare
Kaspersky	7.0.0.125	2007.11.10	not-a-virus:AdWare.Win32.BHO.ic*
McAfee	5160	2007.11.09	-
Microsoft	1.3007	2007.11.10	-
NOD32v2	2650	2007.11.09	-
Norman	5.80.02	2007.11.09	-
*Panda	9.0.0.4	2007.11.10	Adware/BHO.L*
Prevx1	V2	2007.11.10	-
Rising	20.17.42.00	2007.11.10	-
*Sophos	4.23.0	2007.11.09	BitAccelerator*
Sunbelt	2.2.907.0	2007.11.09	-
Symantec	10	2007.11.10	-
TheHacker	6.2.9.122	2007.11.09	-
VBA32	3.12.2.4	2007.11.08	-
VirusBuster	4.3.26:9	2007.11.09	-
Webwasher-Gateway	6.0.1	2007.11.10	-
Additional information
File size: 394128 bytes
MD5: 1697c99f32c75e42230094b9eec619ce
SHA1: e9f2a20f5c4a45e58076c29c99b38f68fa7ce3d1

----------


## Макcим

В будущем будет детектиться КАВом как *not-a-virus:AdWare.Win32.BHO.kj*

Файл avz00001.dta получен 2007.11.10 09:58:22 (CET)



> *Panda	9.0.0.4	2007.11.10	Suspicious file*


Дополнительная информация
File size: 399872 bytes
MD5: c0236e7c0a6f98545f9c5ac76b6c5962
SHA1: 1adef52d8190e7eef344c54d903e33ec6676f7b7

----------


## Макcим

Файл alaunch.cab получен 2007.11.11 09:46:22 (CET)



> *Avast	4.7.1074.0	2007.11.10	Win32:Adan-055
> AVG	7.5.0.503	2007.11.10	Adware Generic.CZP
> BitDefender	7.2	2007.11.11	Adware.Gamespy.B
> CAT-QuickHeal	9.00	2007.11.10	RiskWare.Downloader.SpyGame (Not a Virus)
> Ewido	4.0	2007.11.10	Not-A-Virus.Downloader.Win32.SpyGame
> Fortinet	3.11.0.0	2007.10.19	Download/Spygame
> F-Prot	4.4.2.54	2007.11.10	W32/Adware.PPN
> F-Secure	6.70.13030.0	2007.11.10	W32/DLoader.AKWR
> Ikarus	T3.1.1.12	2007.11.11	not-a-virus:Downloader.Win32.SpyGame
> ...


Дополнительная информация
File size: 65941 bytes
MD5: 3c48574cf159b50ad5b9f1d101b7ba1a
SHA1: fc6f13263be0e163364c8c33480911c447202999

*Добавлено через 7 часов 28 минут*

Будет детектиться КАВом в следущем обновлении как *not-a-virus:FraudTool.Win32.SmartAntiSpyware.b*

Файл setup.exe получен 2007.11.11 16:59:44 (CET)



> *AhnLab-V3	2007.11.10.0	2007.11.09	-
> AntiVir	7.6.0.34	2007.11.09	-
> Authentium	4.93.8	2007.11.10	-
> Avast	4.7.1074.0	2007.11.10	-
> AVG	7.5.0.503	2007.11.11	-
> BitDefender	7.2	2007.11.11	-
> CAT-QuickHeal	9.00	2007.11.10	-
> ClamAV	0.91.2	2007.11.11	-
> DrWeb	4.44.0.09170	2007.11.11	-
> ...


Дополнительная информация
File size: 391187 bytes
MD5: 6c126e36a73970b4fd841ff7dc45f372
SHA1: 66dc9501d808aeaa1c1ef7052c55c164afb77005
packers: RAR, Unicode

----------


## NickGolovko_

Забэкдоренная машина, поэтому не логинюсь.

Файл avz00001.dta получен 2007.11.12 10:35:07 (CET)
Антивирус Версия Обновление Результат 
*AhnLab-V3 2007.11.12.0 2007.11.12 Win-Trojan/Xema.variant 
AntiVir 7.6.0.34 2007.11.12 TR/Spy.Gen* 
Authentium 4.93.8 2007.11.10 - 
*Avast 4.7.1074.0 2007.11.11 Win32elf-EBR 
AVG 7.5.0.503 2007.11.11 BackDoor.Generic8.ZJB 
BitDefender 7.2 2007.11.12 Generic.Malware.FPYdPk.92F90C9A 
CAT-QuickHeal 9.00 2007.11.10 Backdoor.Delf.aws 
ClamAV 0.91.2 2007.11.12 Worm.Delf-63 
DrWeb 4.44.0.09170 2007.11.12 BackDoor.Kais 
eSafe 7.0.15.0 2007.11.08 Win32.Delf.aws 
eTrust-Vet 31.2.5289 2007.11.12 Win32/Liphew.G 
Ewido 4.0 2007.11.11 Backdoor.Delf.aws* 
FileAdvisor 1 2007.11.12 - 
*Fortinet 3.11.0.0 2007.10.19 W32/BackDoor.AWS!tr.bdr 
F-Prot 4.4.2.54 2007.11.10 W32/Agent.GWT 
F-Secure 6.70.13030.0 2007.11.12 Backdoor.Win32.Delf.aws 
Ikarus T3.1.1.12 2007.11.12 Backdoor.Win32.Hupigon.MY 
Kaspersky 7.0.0.125 2007.11.12 Backdoor.Win32.Delf.aws 
McAfee 5160 2007.11.09 Generic BackDoor 
Microsoft 1.3007 2007.11.12 Backdoor:Win32/Delf.XD 
NOD32v2 2652 2007.11.11 Win32/Delf.NFP 
Norman 5.80.02 2007.11.09 W32/Suspicious_N.gen 
Panda 9.0.0.4 2007.11.11 Trj/Banker.GWB* 
Prevx1 V2 2007.11.12 - 
*Rising 20.18.00.00 2007.11.12 Backdoor.RWX.2005.hx 
Sophos 4.23.0 2007.11.12 Mal/EncPk-E* 
Sunbelt 2.2.907.0 2007.11.09 - 
*Symantec 10 2007.11.12 Backdoor.Graybird 
TheHacker 6.2.9.124 2007.11.12 Backdoor/Delf.aws 
VBA32 3.12.2.4 2007.11.11 Backdoor.Win32.Delf.aws 
VirusBuster 4.3.26:9 2007.11.11 Packed/NSPack 
Webwasher-Gateway 6.0.1 2007.11.12 Trojan.Spy.Gen* 
Дополнительная информация 
File size: 280626 bytes 
MD5: ef5a3159b65df5085a7ea865cbbf3dbe 
SHA1: 11801ab92e9aeaa07f203f7642017d1adf4a8759 
packers: NsPack, NsPack 
packers: NSPack, NSPack

----------


## ISO

Провайдер сказал, что с данного компа идёт бешеный трафик, пришёл и увидел ужас сколько зверья, многое из них на вирустотале знают уже все, а вот некоторое ещё много кому не знакомо.

File xpdx.sys received on 11.12.2007 14:45:27 (CET)
Current status:   finished 
Result: 19/32 (59.38%) 
 Compact 
Print results  Antivirus	Version	Last Update	Result
*AhnLab-V3	2007.11.12.0	2007.11.12	Win-Trojan/Pakes.54218
AntiVir	7.6.0.34	2007.11.12	TR/Pakes.EL*
Authentium	4.93.8	2007.11.10	-
Avast	4.7.1074.0	2007.11.11	-
*AVG	7.5.0.503	2007.11.11	Obfustat.SUM*
BitDefender	7.2	2007.11.12	-
*CAT-QuickHeal	9.00	2007.11.12	Trojan.Pakes.el*
ClamAV	0.91.2	2007.11.12	-
*DrWeb	4.44.0.09170	2007.11.12	Trojan.Spambot.2478*
eSafe	7.0.15.0	2007.11.08	-
eTrust-Vet	31.2.5289	2007.11.12	-
Ewido	4.0	2007.11.12	-
FileAdvisor	1	2007.11.12	-
*Fortinet	3.11.0.0	2007.10.19	W32/RKRustok.A!tr
F-Prot	4.4.2.54	2007.11.10	W32/Trojan2.DGT
F-Secure	6.70.13030.0	2007.11.12	Trojan.Win32.Pakes.el
Ikarus	T3.1.1.12	2007.11.12	Trojan.Win32.Pakes.el
Kaspersky	7.0.0.125	2007.11.12	Trojan.Win32.Pakes.el
McAfee	5160	2007.11.09	Generic.dx
Microsoft	1.3007	2007.11.12	Backdoor:Win32/Rustock.gen!B
NOD32v2	2653	2007.11.12	Win32/Rustock.NCT*
Norman	5.80.02	2007.11.09	-
*Panda	9.0.0.4	2007.11.11	Rootkit/Spammer.ZX*
Prevx1	V2	2007.11.12	-
Rising	20.18.02.00	2007.11.12	-
*Sophos	4.23.0	2007.11.12	Mal/RKRustok-A
Sunbelt	2.2.907.0	2007.11.09	Backdoor.Rustock*
Symantec	10	2007.11.12	-
*TheHacker	6.2.9.124	2007.11.12	Trojan/Pakes.el
VBA32	3.12.2.4	2007.11.11	Trojan.Win32.Pakes.el*
VirusBuster	4.3.26:9	2007.11.11	-
*Webwasher-Gateway	6.0.1	2007.11.12	Trojan.Pakes.EL*
Additional information
File size: 54218 bytes
MD5: 366008a494dc2ab87c9d404e859f359d
SHA1: ba37b12c6a10df3a35f7d3808cf9c0f4f39c16b1
Sunbelt info: Backdoor.Rustock is a threat that acts as a hidden proxy and enables an attacker to send spam from the machine.

*Добавлено через 15 минут*

File bitw.exe received on 11.12.2007 14:56:09 (CET)
Current status:     finished 
Result: 17/32 (53.13%) 
 Compact 
Print results  Antivirus	Version	Last Update	Result
AhnLab-V3	2007.11.12.0	2007.11.12	-
*AntiVir	7.6.0.34	2007.11.12	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2007.11.10	-
Avast	4.7.1074.0	2007.11.11	-
*AVG	7.5.0.503	2007.11.11	Generic8.NEC*
BitDefender	7.2	2007.11.12	-
*CAT-QuickHeal	9.00	2007.11.12	Trojan.Agent.ccj
ClamAV	0.91.2	2007.11.12	Trojan.Agent-9002
DrWeb	4.44.0.09170	2007.11.12	Trojan.Packed.195
eSafe	7.0.15.0	2007.11.08	Win32.Agent.ccj*
eTrust-Vet	31.2.5289	2007.11.12	-
Ewido	4.0	2007.11.12	-
FileAdvisor	1	2007.11.12	-
*Fortinet	3.11.0.0	2007.10.19	Basine.C*
F-Prot	4.4.2.54	2007.11.10	-
*F-Secure	6.70.13030.0	2007.11.12	Trojan.Win32.Agent.ccj
Ikarus	T3.1.1.12	2007.11.12	Trojan.Win32.Agent.ccj
Kaspersky	7.0.0.125	2007.11.12	Trojan.Win32.Agent.ccj*
McAfee	5160	2007.11.09	-
Microsoft	1.3007	2007.11.12	-
*NOD32v2	2653	2007.11.12	Win32/PSW.Agent.NGT
Norman	5.80.02	2007.11.09	W32/Agent.CUWR
Panda	9.0.0.4	2007.11.11	Trj/Downloader.MDW*
Prevx1	V2	2007.11.12	-
Rising	20.18.02.00	2007.11.12	-
*Sophos	4.23.0	2007.11.12	Mal/Basine-C*
Sunbelt	2.2.907.0	2007.11.09	-
Symantec	10	2007.11.12	-
*TheHacker	6.2.9.124	2007.11.12	Trojan/Agent.ccj
VBA32	3.12.2.4	2007.11.11	Trojan.Win32.Agent.ccj*
VirusBuster	4.3.26:9	2007.11.11	-
*Webwasher-Gateway	6.0.1	2007.11.12	Trojan.Crypt.XPACK.Gen*
Additional information
File size: 34996 bytes
MD5: 44756a3999721a52824dfa08bac23667
SHA1: 7552fdf49871c8196869d74a5d8876d1b3107ce5

*Добавлено через 23 минуты*

File svshost.dll received on 11.12.2007 15:09:35 (CET)
Current status:    finished 
Result: 22/32 (68.75%) 
 Compact 
Print results  Antivirus	Version	Last Update	Result
*AhnLab-V3	2007.11.12.0	2007.11.12	Win-Trojan Downloader.2560.DC*
*AntiVir	7.6.0.34	2007.11.12	BDS/Small.ckm.2*
Authentium	4.93.8	2007.11.10	-
*Avast	4.7.1074.0	2007.11.11	Win32:Small-CHC
AVG	7.5.0.503	2007.11.11	BackDoor.Generic8.TVW*
BitDefender	7.2	2007.11.12	-
*CAT-QuickHeal	9.00	2007.11.12	Backdoor.Small.ckm*
ClamAV	0.91.2	2007.11.12	-
*DrWeb	4.44.0.09170	2007.11.12	Trojan.DownLoader.34918*
eSafe	7.0.15.0	2007.11.08	-
eTrust-Vet	31.2.5289	2007.11.12	-
*Ewido	4.0	2007.11.12	Backdoor.Small.ckm
FileAdvisor	1	2007.11.12	High threat detected
Fortinet	3.11.0.0	2007.10.19	W32/Small.CKM!tr.bdr
F-Prot	4.4.2.54	2007.11.10	W32/Backdoor.CAAF
F-Secure	6.70.13030.0	2007.11.12	Backdoor.Win32.Small.ckm
Ikarus	T3.1.1.12	2007.11.12	Backdoor.Win32.Small.ckm
Kaspersky	7.0.0.125	2007.11.12	Backdoor.Win32.Small.ckm
McAfee	5160	2007.11.09	PWS-LDPinch*
Microsoft	1.3007	2007.11.12	-
*NOD32v2	2653	2007.11.12	Win32/Small.CLQ*
Norman	5.80.02	2007.11.09	-
*Panda	9.0.0.4	2007.11.11	Bck/Agent.GWZ*
Prevx1	V2	2007.11.12	-
*Rising	20.18.02.00	2007.11.12	Backdoor.Win32.Small.ckm
Sophos	4.23.0	2007.11.12	Mal/Generic-A
Sunbelt	2.2.907.0	2007.11.09	Backdoor.Win32.Small.ckm*
Symantec	10	2007.11.12	-
*TheHacker	6.2.9.124	2007.11.12	Backdoor/Small.ckm
VBA32	3.12.2.4	2007.11.11	Backdoor.Win32.Small.ckm*
VirusBuster	4.3.26:9	2007.11.11	-
*Webwasher-Gateway	6.0.1	2007.11.12	Trojan.Small.ckm.2*
Additional information
File size: 2560 bytes
MD5: fe494cf81dafa9cde8dfe85231566aeb
SHA1: 372d71ff2f9a77b34ab0414b6ecbe4c8b650ca34
Bit9 info: http://fileadvisor.bit9.com/services...dfe85231566aeb

*Добавлено через 2 минуты*

File t0.dll received on 11.12.2007 15:09:26 (CET)
Current status:    finished 
Result: 20/32 (62.5%) 
 Compact 
Print results  Antivirus	Version	Last Update	Result
AhnLab-V3	2007.11.12.0	2007.11.12	-
*AntiVir	7.6.0.34	2007.11.12	TR/Dldr.Agent.dda*
Authentium	4.93.8	2007.11.10	-
*Avast	4.7.1074.0	2007.11.11	Win32:Agent-LOO
AVG	7.5.0.503	2007.11.11	Generic8.HES
BitDefender	7.2	2007.11.12	Generic.Malware.Fdld.A516C50D*
CAT-QuickHeal	9.00	2007.11.12	-
*ClamAV	0.91.2	2007.11.12	Trojan.Agent-8747
DrWeb	4.44.0.09170	2007.11.12	Trojan.DownLoader.35253*
eSafe	7.0.15.0	2007.11.08	-
*eTrust-Vet	31.2.5289	2007.11.12	Win32/Ralpsa.A*
Ewido	4.0	2007.11.12	-
FileAdvisor	1	2007.11.12	-
*Fortinet	3.11.0.0	2007.10.19	Heuri.E*
F-Prot	4.4.2.54	2007.11.10	-
*F-Secure	6.70.13030.0	2007.11.12	Trojan.Win32.Agent.bvn
Ikarus	T3.1.1.12	2007.11.12	Trojan-Downloader.Win32.Agent.but
Kaspersky	7.0.0.125	2007.11.12	Trojan.Win32.Agent.bvn*
McAfee	5160	2007.11.09	-
*Microsoft	1.3007	2007.11.12	Trojan:Win32/Agent.ADA
NOD32v2	2653	2007.11.12	Win32/TrojanDownloader.Agent.NSB*
Norman	5.80.02	2007.11.09	-
*Panda	9.0.0.4	2007.11.11	Suspicious file*
Prevx1	V2	2007.11.12	-
*Rising	20.18.02.00	2007.11.12	Trojan.Win32.Agent.bvn
Sophos	4.23.0	2007.11.12	Mal/Heuri-E
Sunbelt	2.2.907.0	2007.11.09	Trojan.Win32/Agent.ADA*
Symantec	10	2007.11.12	-
*TheHacker	6.2.9.124	2007.11.12	Trojan/Agent.bvn
VBA32	3.12.2.4	2007.11.11	Trojan.Win32.Agent.bvn*
VirusBuster	4.3.26:9	2007.11.11	-
*Webwasher-Gateway	6.0.1	2007.11.12	Trojan.Dldr.Agent.dda*
Additional information
File size: 30208 bytes
MD5: 0866b8b38b4b3b35cc4175161ca39f8f
SHA1: 3dfd5c6f2d232bc89a97feeb9ab2ab16cc1bb863
packers: UPX
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX

*Добавлено через 5 минут*

File wininet.exe received on 11.12.2007 15:35:16 (CET)
Current status:    finished 
Result: 12/32 (37.5%) 
 Compact 
Print results  Antivirus	Version	Last Update	Result
AhnLab-V3	2007.11.12.0	2007.11.12	-
*AntiVir	7.6.0.34	2007.11.12	DR/Delphi.Gen*
Authentium	4.93.8	2007.11.10	-
Avast	4.7.1074.0	2007.11.11	-
*AVG	7.5.0.503	2007.11.11	SHeur.TKA
BitDefender	7.2	2007.11.12	Trojan.PWS.LDPinch.TDF
CAT-QuickHeal	9.00	2007.11.12	Backdoor.Small.clh*
ClamAV	0.91.2	2007.11.12	-
*DrWeb	4.44.0.09170	2007.11.12	Trojan.Packed.194*
eSafe	7.0.15.0	2007.11.08	-
eTrust-Vet	31.2.5289	2007.11.12	-
Ewido	4.0	2007.11.12	-
FileAdvisor	1	2007.11.12	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.4.2.54	2007.11.10	-
*F-Secure	6.70.13030.0	2007.11.12	Backdoor.Win32.Small.clh
Ikarus	T3.1.1.12	2007.11.12	Trojan-PWS.LDPinch.TDF
Kaspersky	7.0.0.125	2007.11.12	Backdoor.Win32.Small.clh*
McAfee	5160	2007.11.09	-
Microsoft	1.3007	2007.11.12	-
NOD32v2	2653	2007.11.12	-
Norman	5.80.02	2007.11.09	-
*Panda	9.0.0.4	2007.11.11	Trj/Downloader.MDW*
Prevx1	V2	2007.11.12	-
Rising	20.18.02.00	2007.11.12	-
*Sophos	4.23.0	2007.11.12	Mal/Dropper-T*
Sunbelt	2.2.907.0	2007.11.09	-
Symantec	10	2007.11.12	-
TheHacker	6.2.9.124	2007.11.12	-
*VBA32	3.12.2.4	2007.11.11	Backdoor.Win32.Small.clh*
VirusBuster	4.3.26:9	2007.11.12	-
*Webwasher-Gateway	6.0.1	2007.11.12	Trojan.Delphi.Gen*
Additional information
File size: 23040 bytes
MD5: 71c7320afc1221ead1c548702e9975e9
SHA1: f3394fe1c2cc18f4c4d149c7deb478a085fcbc93

----------


## TANUKI

Файл DbEditor.exe получен 2007.11.13 03:48:00 (CET)

*Avast	4.7.1074.0	2007.11.12	Win32:Weed
AVG	7.5.0.503	2007.11.12	Win32/Tvido
BitDefender	7.2	2007.11.13	Win32.Tvido.A
ClamAV	0.91.2	2007.11.12	W32.Dwee-1
DrWeb	4.44.0.09170	2007.11.12	Win32.Dwee.3029
F-Secure	6.70.13030.0	2007.11.13	Virus.Win32.Tvido.a
Ikarus	T3.1.1.12	2007.11.13	Virus.Win32.Tvido.a
Kaspersky	7.0.0.125	2007.11.13	Virus.Win32.Tvido.a
Norman	5.80.02	2007.11.12	W32/NetworkWorm.BWC
Prevx1	V2	2007.11.13	GENERIC.MALWARE
Sunbelt	2.2.907.0	2007.11.13	VIPRE.Suspicious
VBA32	3.12.2.4	2007.11.11	Virus.Win32.Olm*

File size: 733696 bytes
MD5: b3b5eb8c143ed29238b30771709ad27b
SHA1: f9d5c911f3aa840695a101371e090bb393ebf9bb

П.С. Утверждается, что это белорусский вирус  :Smiley:

----------


## ISO

Прыгает на флешку вместе с файликом autorun.inf с заражённого системника, в системе в system32 есть ещё его близнецы под другими именами svshost.exe и tskmgr.exe.
File NTDETECT.EXE received on 11.13.2007 04:58:16 (CET)
Current status:    finished 
Result: 17/32 (53.13%) 
 Compact 
Print results  Antivirus	Version	Last Update	Result
AhnLab-V3	2007.11.13.0	2007.11.13	-
*AntiVir	7.6.0.34	2007.11.13	TR/PSW.Webmoner.T
Authentium	4.93.8	2007.11.13	Possibly a new variant of W32/Threat-SysVenFak-based!Maximus
Avast	4.7.1074.0	2007.11.12	Win32:Trojan-gen {Other}
AVG	7.5.0.503	2007.11.12	PSW.Generic5.MUQ
BitDefender	7.2	2007.11.13	BehavesLike:Win32.Malware*
CAT-QuickHeal	9.00	2007.11.12	-
ClamAV	0.91.2	2007.11.12	-
*DrWeb	4.44.0.09170	2007.11.12	Win32.HLLW.Money.4*
eSafe	7.0.15.0	2007.11.08	-
eTrust-Vet	31.2.5290	2007.11.12	-
*Ewido	4.0	2007.11.12	Trojan.WebMoner.t*
FileAdvisor	1	2007.11.13	-
*Fortinet	3.11.0.0	2007.10.19	W32/WebMoner.T!tr.pws
F-Prot	4.4.2.54	2007.11.13	W32/Threat-SysVenFak-based!Maximus
F-Secure	6.70.13030.0	2007.11.13	Trojan-PSW.Win32.WebMoner.t
Ikarus	T3.1.1.12	2007.11.13	Trojan-PWS.Win32.WebMoner.t
Kaspersky	7.0.0.125	2007.11.13	Trojan-PSW.Win32.WebMoner.t*
McAfee	5161	2007.11.12	-
Microsoft	1.3007	2007.11.12	-
NOD32v2	2653	2007.11.12	-
*Norman	5.80.02	2007.11.12	W32/Malware.ATTE
Panda	9.0.0.4	2007.11.13	Trj/WebMoner.AH*
Prevx1	V2	2007.11.13	-
*Rising	20.18.02.00	2007.11.12	Trojan.PSW.Win32.WebMoner.t*
Sophos	4.23.0	2007.11.13	-
Sunbelt	2.2.907.0	2007.11.13	-
Symantec	10	2007.11.13	-
TheHacker	6.2.9.124	2007.11.13	-
*VBA32	3.12.2.4	2007.11.11	Trojan-PSW.Win32.WebMoner.t*
VirusBuster	4.3.26:9	2007.11.12	-
*Webwasher-Gateway	6.0.1	2007.11.13	Trojan.PSW.Webmoner.T*
Additional information
File size: 555520 bytes
MD5: 4de4cb50b8f3e41e9a123aafcdece965
SHA1: 40f1ee09b497b5429bd9a63618bf66175d08b684

----------


## mayas

File setup.exe received on 11.15.2007 19:37:48 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.11.16.0	2007.11.15	-
*AntiVir	7.6.0.34	2007.11.15	Worm/Feebs.LQ*
Authentium	4.93.8	2007.11.15	-
Avast	4.7.1074.0	2007.11.14	-
_AVG	7.5.0.503	2007.11.15	Dropper.Generic.RVO_
BitDefender	7.2	2007.11.15	-
*CAT-QuickHeal	9.00	2007.11.15	Worm.Feebs.lq*
ClamAV	0.91.2	2007.11.15	-
DrWeb	4.44.0.09170	2007.11.15	-
_eSafe	7.0.15.0	2007.11.14	Suspicious File_
*eTrust-Vet	31.2.5297	2007.11.15	Win32/Feeb.CK*
Ewido	4.0	2007.11.15	-
FileAdvisor	1	2007.11.15	-
Fortinet	3.11.0.0	2007.10.19	-
*F-Prot	4.4.2.54	2007.11.14	W32/Heuristic-162!Eldorado*
*F-Secure	6.70.13030.0	2007.11.15	Worm.Win32.Feebs.lq
Ikarus	T3.1.1.12	2007.11.15	Worm.Win32.Feebs.lq
Kaspersky	7.0.0.125	2007.11.15	Worm.Win32.Feebs.lq*
McAfee	5164	2007.11.15	-
Microsoft	1.3007	2007.11.12	-
NOD32v2	2660	2007.11.15	-
_Norman	5.80.02	2007.11.15	W32/Suspicious_U.gen_
Panda	9.0.0.4	2007.11.15	-
Prevx1	V2	2007.11.15	-
Rising	20.18.31.00	2007.11.15	-
_Sophos	4.23.0	2007.11.15	Mal/Generic-A_
Sunbelt	2.2.907.0	2007.11.15	-
*Symantec	10	2007.11.15	Downloader*
*TheHacker	6.2.9.129	2007.11.15	W32/Feebs.lq*
*VBA32	3.12.2.5	2007.11.15	suspected of MalwareScope.Worm.Feebs.1 (paranoid heuristics)*
VirusBuster	4.3.26:9	2007.11.15	-
*Webwasher-Gateway	6.0.1	2007.11.15	Worm.Feebs.LQ*
Additional information
File size: 104448 bytes
MD5: a35a450fd2cb571706bcb88588ec297a
SHA1: 905845fdbfcec5158a209e052e9ef245f1b42704
packers: embedded, UPack

----------


## Макcим

Файл setup.exe получен 2007.11.17 09:46:11 (CET)


> *AVG	7.5.0.503	2007.11.17	Downloader.Zlob.LI
> BitDefender	7.2	2007.11.17	Trojan.Zlob.3.Gen
> ClamAV	0.91.2	2007.11.17	Trojan.Dropper-2529
> DrWeb	4.44.0.09170	2007.11.17	Trojan.Popuper.5033
> Kaspersky	7.0.0.125	2007.11.17	Trojan-Downloader.Win32.Zlob.ejb
> Microsoft	1.3007	2007.11.17	Trojan:Win32/Zlob.ZWC
> Prevx1	V2	2007.11.17	Generic.Dropper.xCodec*


Дополнительная информация
File size: 80637 bytes
MD5: 08787184519921376ae697f2be02c4d0
SHA1: 8a54d890603dd38d73be3a40d6fc131b6ad3ecb9
Prevx info: http://fileinfo.prevx.com/fileinfo.a...34E700EA581B4E


Файл vip.exe получен 2007.11.17 07:49:03 (CET)


> *AntiVir	7.6.0.34	2007.11.16	HEUR/Malware
> BitDefender	7.2	2007.11.17	Generic.Malware.P!Yd!dldPk!.876CD84A
> CAT-QuickHeal	9.00	2007.11.16	(Suspicious) - DNAScan
> DrWeb	4.44.0.09170	2007.11.16	Trojan.DownLoader.origin
> eSafe	7.0.15.0	2007.11.14	suspicious Trojan/Worm
> Ikarus	T3.1.1.12	2007.11.17	Packed.Win32.Klone.af
> McAfee	5165	2007.11.16	New Malware.u
> NOD32v2	2665	2007.11.17	probably unknown NewHeur_PE virus
> Norman	5.80.02	2007.11.16	W32/Suspicious_N.gen
> ...


Дополнительная информация
File size: 21752 bytes
MD5: c59d448179d6c93cff1156930fe785f4
SHA1: 9f4314678df4e508df468c031325e32b5f2fce39
packers: NSPack, PE_Patch
packers: NSPack


Файл Downloader.exe получен 2007.11.17 07:48:58 (CET)


> *NOD32v2	2665	2007.11.17	a variant of Win32/BHO.NAT
> Prevx1	V2	2007.11.17	SPYWARE.BANKER.CPV
> Sophos	4.23.0	2007.11.17	Mal/Behav-112*


Дополнительная информация
File size: 28672 bytes
MD5: 8456eabd2c67871b50baecb6c442f1e6
SHA1: 85013163fbfe7003f47c55eb5f7e981d3670f8a6
Prevx info: http://fileinfo.prevx.com/fileinfo.a...E88F00D35F0C43


Файл load.exe получен 2007.11.17 07:33:58 (CET)


> *AntiVir	7.6.0.34	2007.11.16	TR/Spy.Bancos.aam.43
> AVG	7.5.0.503	2007.11.17	SHeur.ZRY
> BitDefender	7.2	2007.11.17	MemScan:Trojan.Spy.Bancos.AAM
> CAT-QuickHeal	9.00	2007.11.16	Backdoor.Hupigon.wgk
> eSafe	7.0.15.0	2007.11.14	Suspicious File
> F-Secure	6.70.13030.0	2007.11.16	Backdoor.Win32.Hupigon.wgk
> Ikarus	T3.1.1.12	2007.11.17	Trojan-Spy.Win32.Bancos.aam
> Kaspersky	7.0.0.125	2007.11.17	Backdoor.Win32.Hupigon.wgk
> Norman	5.80.02	2007.11.16	W32/Agent.DGQE
> ...


Дополнительная информация
File size: 42496 bytes
MD5: d2f651be01c553c5e49547749f9ab7d1
SHA1: 490b2edd810ccfb864e1243f15560fbf5dba5416
Prevx info: http://fileinfo.prevx.com/fileinfo.a...13400029304EC5

----------


## rubin

Все файлы получены 17.11.2007 в 20:15.
ssqqoon.dll - *not-a-virus:AdWare.Win32.Virtumonde.aqr*

*AntiVir 7.6.0.34 2007.11.16 ADSPY/Virtumond.afb
AVG 7.5.0.503 2007.11.17 BHO.CNT
eSafe 7.0.15.0 2007.11.14 Suspicious File
F-Secure 6.70.13030.0 2007.11.17 Vundo.gen42
NOD32v2 2665 2007.11.17 Win32/Adware.Virtumonde
Norman 5.80.02 2007.11.16 Vundo.gen42
Prevx1 V2 2007.11.17 SpywareQuake
Sunbelt 2.2.907.0 2007.11.17 Virtumonde
VirusBuster 4.3.26:9 2007.11.17 Adware.Vundo.V.Gen
Webwasher-Gateway 6.0.1 2007.11.16 Ad-Spyware.Virtumond.afb*

rspakidr.dll - *Trojan.Win32.BHO.xp*
*
AVG 7.5.0.503 2007.11.17 Lop
eSafe 7.0.15.0 2007.11.14 Suspicious File
McAfee 5165 2007.11.16 Vundo
Panda 9.0.0.4 2007.11.17 Suspicious file
VirusBuster 4.3.26:9 2007.11.17 Adware.Vundo.V.Gen
Webwasher-Gateway 6.0.1 2007.11.16 Win32.Malware.gen (suspicious)*

rjxhdalz.dll - *not-a-virus:AdWare.Win32.SecToolBar.o*
*
AntiVir 7.6.0.34 2007.11.16 TR/BHO.Agent.AW
AVG 7.5.0.503 2007.11.17 Obfustat.YUY
BitDefender 7.2 2007.11.17 Adware.Virtumonde.GHK
eSafe 7.0.15.0 2007.11.14 Suspicious File
NOD32v2 2665 2007.11.17 Win32/Adware.SecToolbar
Norman 5.80.02 2007.11.16 Vundo.gen50
Panda 9.0.0.4 2007.11.17 Adware/BestSellerAV
Prevx1 V2 2007.11.17 Trojan.Vundo*

ddaya.dll  - *not-a-virus:AdWare.Win32.Virtumonde.aqq*
*
AntiVir 7.6.0.34 2007.11.16 ADSPY/Virtumond.afa
AVG 7.5.0.503 2007.11.17 BHO.CNF
F-Secure 6.70.13030.0 2007.11.17 Vundo.gen49
NOD32v2 2665 2007.11.17 Win32/Adware.Virtumonde
Norman 5.80.02 2007.11.16 Vundo.gen49
Panda 9.0.0.4 2007.11.17 Spyware/Virtumonde
Prevx1 V2 2007.11.17 Rogue.Winfixer
VirusBuster 4.3.26:9 2007.11.17 Adware.Vundo.V.Gen
Webwasher-Gateway 6.0.1 2007.11.16 Ad-Spyware.Virtumond.afa
Symantec 10 2007.11.17 Trojan.Metajuan
VirusBuster 4.3.26:9 2007.11.17 Adware.Vundo.V.Gen
Webwasher-Gateway 6.0.1 2007.11.16 Trojan.BHO.Agent.AW*

----------


## rubin

C:\WINDOWS\TEMP\winlogon.exe

File avz00001.dta received on 11.19.2007 16:42:55 (CET)
Current status:    finished 
Result: 4/32 (12.5%) 

AhnLab-V3	2007.11.19.0	2007.11.19	-
AntiVir	           7.6.0.34	           2007.11.19	-
Authentium	4.93.8	           2007.11.19	-
Avast	           4.7.1074.0	2007.11.19	-
*AVG	           7.5.0.503	2007.11.19	Obfustat.ZYG*
BitDefender	7.2	           2007.11.19	-
CAT-QuickHeal	9.00	           2007.11.19	-
ClamAV	           0.91.2   	2007.11.19	-
*DrWeb	           4.44.0.09170	2007.11.19	Trojan.Packed.194*
eSafe	           7.0.15.0 	2007.11.14	-
eTrust-Vet	31.3.5308	2007.11.19	-
Ewido       	4.0	           2007.11.19	-
FileAdvisor	1	           2007.11.19	-
Fortinet	           3.11.0.0   	2007.11.19	-
F-Prot	           4.4.2.54  	2007.11.18	-
F-Secure	6.70.13030.0	2007.11.19	-
*Ikarus	           T3.1.1.12	2007.11.19	Virus.Win32.Zapchast.DA*
Kaspersky	7.0.0.125	2007.11.19	-
McAfee        	5165	           2007.11.16	-
Microsoft	1.3007	           2007.11.19	-
NOD32v2	2668          	2007.11.19	-
Norman	           5.80.02	           2007.11.19	-
Panda	           9.0.0.4	           2007.11.18	-
Prevx1	           V2	           2007.11.19	-
Rising	           20.19.00.00	2007.11.19	-
*Sophos	           4.23.0	           2007.11.19	Mal/Dropper-T*
Sunbelt	           2.2.907.0	2007.11.17	-
Symantec	10	           2007.11.19	-
TheHacker	6.2.9.133	2007.11.17	-
VBA32	           3.12.2.5 	2007.11.19	-
VirusBuster	4.3.26:9	2007.11.18	-
Webwasher-Gateway	6.0.1	2007.11.19	-
Additional information
File size: 43520 bytes
MD5: 6a44352812e6032ab81be334ddb8b5d7
SHA1: 1b8db08d55cb2dd5396204eeeae9c452c4235855

----------


## Shu_b

*Maxim, TANUKI, rubin*

Большая просьба не резать, и публиковать полный лог.
(очень трудно обрабатывать)

----------


## urbanangel

File Firefox_Setup_3.0_Beta_1.rar received on 11.20.2007 22:51:50 (CET)
Current status: finished
Result: 3/32 (9.38%) 	

Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2007.11.21.0	2007.11.20	-
AntiVir	7.6.0.34	2007.11.20	-
Authentium	4.93.8	2007.11.20	-
Avast	4.7.1074.0	2007.11.20	-
AVG	7.5.0.503	2007.11.20	-
BitDefender	7.2	2007.11.20	-
CAT-QuickHeal	9.00	2007.11.20	-
ClamAV	0.91.2	2007.11.20	-
*DrWeb	4.44.0.09170	2007.11.20	Trojan.MulDrop.9120*
eSafe	7.0.15.0	2007.11.14	-
eTrust-Vet	31.3.5312	2007.11.20	-
Ewido	4.0	2007.11.20	-
FileAdvisor	1	2007.11.20	-
Fortinet	3.11.0.0	2007.11.20	-
F-Prot	4.4.2.54	2007.11.19	-
F-Secure	6.70.13030.0	2007.11.20	-
Ikarus	T3.1.1.12	2007.11.20	-
Kaspersky	7.0.0.125	2007.11.20	-
McAfee	5167	2007.11.20	-
Microsoft	1.3007	2007.11.20	-
NOD32v2	2673	2007.11.20	-
Norman	5.80.02	2007.11.20	-
*Panda	9.0.0.4	2007.11.20	Suspicious file*
Prevx1	V2	2007.11.20	-
Rising	20.19.10.00	2007.11.20	-
Sophos	4.23.0	2007.11.20	-
Sunbelt	2.2.907.0	2007.11.20	-
Symantec	10	2007.11.20	-
TheHacker	6.2.9.135	2007.11.20	-
*VBA32	3.12.2.5	2007.11.20	Trojan.MulDrop.9120*
VirusBuster	4.3.26:9	2007.11.20	-
Webwasher-Gateway	6.0.1	2007.11.20	-
Additional information
File size: 6721731 bytes
MD5: d31848f71c6318613182766c46ff4de4
SHA1: b4826b751423dbd9a5ee0ed13210f3b1f1b9ae08
packers: PE_Patch, MewBundle, MEW

А вот, представляющая интерес выдержка из лога ESET Smart Security 3.0.563.0 на запуск этого инсталлятора

21.11.2007 0:46:25	Real-time file system protection	file	C:\DOCUME~1\Maxim\LOCALS~1\Temp\Setup.exe	*probably a variant of Win32/TrojanDropper.Agent.NGU trojan*	cleaned by deleting - quarantined	NT AUTHORITY\SYSTEM	Event occurred on a new file created by the application: C:\Downloads\Firefox_Setup_3.0_Beta_1\Firefox Setup 3.0 Beta 1.exe.

----------


## Shu_b

t=14256


```
File CProCtrl.sys received on 11.21.2007 06:19:13 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.11.21.0	2007.11.21	-
AntiVir	7.6.0.34	2007.11.20	-
Authentium	4.93.8	2007.11.21	-
Avast	4.7.1074.0	2007.11.20	-
AVG	7.5.0.503	2007.11.20	-
BitDefender	7.2	2007.11.21	-
CAT-QuickHeal	9.00	2007.11.20	-
ClamAV	0.91.2	2007.11.21	-
DrWeb	4.44.0.09170	2007.11.20	-
eSafe	7.0.15.0	2007.11.14	-
eTrust-Vet	31.3.5312	2007.11.20	-
Ewido	4.0	2007.11.20	-
FileAdvisor	1	2007.11.21	-
Fortinet	3.14.0.0	2007.11.21	-
F-Prot	4.4.2.54	2007.11.21	W32/Cinmus.E.gen!Eldorado
F-Secure	6.70.13030.0	2007.11.21	-
Ikarus	T3.1.1.12	2007.11.21	-
Kaspersky	7.0.0.125	2007.11.21	Rootkit.Win32.Agent.oy
McAfee	5167	2007.11.20	-
Microsoft	1.3007	2007.11.21	-
NOD32v2	2674	2007.11.21	-
Norman	5.80.02	2007.11.20	-
Panda	9.0.0.4	2007.11.21	-
Prevx1	V2	2007.11.21	-
Rising	20.19.12.00	2007.11.21	-
Sophos	4.23.0	2007.11.21	-
Sunbelt	2.2.907.0	2007.11.21	-
Symantec	10	2007.11.21	-
TheHacker	6.2.9.135	2007.11.20	-
VBA32	3.12.2.5	2007.11.20	-
VirusBuster	4.3.26:9	2007.11.20	-
Webwasher-Gateway	6.0.1	2007.11.21	-
Additional information
File size: 46080 bytes
MD5: 24a2d8c156acfadc224a71b900a3c6e0
SHA1: 375e69af3cb6b79d454c44ee9ab5989431553eef
```

t=14392


```
File ntos.exe received on 11.21.2007 06:14:17 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.11.21.0	2007.11.21	-
AntiVir	7.6.0.34	2007.11.20	-
Authentium	4.93.8	2007.11.21	-
Avast	4.7.1074.0	2007.11.20	-
AVG	7.5.0.503	2007.11.20	SHeur.ACHW
BitDefender	7.2	2007.11.21	-
CAT-QuickHeal	9.00	2007.11.20	-
ClamAV	0.91.2	2007.11.21	-
DrWeb	4.44.0.09170	2007.11.20	-
eSafe	7.0.15.0	2007.11.14	-
eTrust-Vet	31.3.5312	2007.11.20	-
Ewido	4.0	2007.11.20	-
FileAdvisor	1	2007.11.21	-
Fortinet	3.14.0.0	2007.11.21	-
F-Prot	4.4.2.54	2007.11.21	-
F-Secure	6.70.13030.0	2007.11.21	-
Ikarus	T3.1.1.12	2007.11.21	-
Kaspersky	7.0.0.125	2007.11.21	Trojan-Spy.Win32.Zbot.cz
McAfee	5167	2007.11.20	-
Microsoft	1.3007	2007.11.21	-
NOD32v2	2674	2007.11.21	-
Norman	5.80.02	2007.11.20	-
Panda	9.0.0.4	2007.11.21	Suspicious file
Prevx1	V2	2007.11.21	-
Rising	20.19.12.00	2007.11.21	-
Sophos	4.23.0	2007.11.21	-
Sunbelt	2.2.907.0	2007.11.21	-
Symantec	10	2007.11.21	-
TheHacker	6.2.9.135	2007.11.20	-
VBA32	3.12.2.5	2007.11.20	-
VirusBuster	4.3.26:9	2007.11.20	-
Webwasher-Gateway	6.0.1	2007.11.21	Win32.Malware.gen (suspicious)
Additional information
File size: 442880 bytes
MD5: 6bd9797f295b737b683dac169ff73169
SHA1: e3e10814e1a4784eb6e186db0b06259f3c415cec
```

----------


## rubin

t=14405


```
File avz00007.dta received on 11.21.2007 12:33:17 (CET)Antivirus	Version	Last Update	Result
AhnLab-V3	2007.11.21.1	2007.11.21	-
AntiVir	7.6.0.34	2007.11.21	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2007.11.21	-
Avast	4.7.1074.0	2007.11.20	-
AVG	7.5.0.503	2007.11.21	Crypt.F
BitDefender	7.2	2007.11.21	Trojan.AVKiller.AW
CAT-QuickHeal	9.00	2007.11.20	(Suspicious) - DNAScan
ClamAV	0.91.2	2007.11.21	-
DrWeb	4.44.0.09170	2007.11.21	Trojan.MulDrop.8347
eSafe	7.0.15.0	2007.11.14	Suspicious File
eTrust-Vet	31.3.5313	2007.11.21	-
Ewido	4.0	2007.11.20	-
FileAdvisor	1	2007.11.21	-
Fortinet	3.14.0.0	2007.11.21	-
F-Prot	4.4.2.54	2007.11.21	-
F-Secure	6.70.13030.0	2007.11.21	-
Ikarus	T3.1.1.12	2007.11.21	-
Kaspersky	7.0.0.125	2007.11.21	-
McAfee	5167	2007.11.20	Tcad-Crypted
Microsoft	1.3007	2007.11.21	TrojanDownloader:Win32/Small.gen!AAM
NOD32v2	2674	2007.11.21	-
Norman	5.80.02	2007.11.20	-
Panda	9.0.0.4	2007.11.21	Suspicious file
Prevx1	V2	2007.11.21	-
Rising	20.19.20.00	2007.11.21	Trojan.DL.Win32.Small.evl
Sophos	4.23.0	2007.11.21	Mal/Basine-C
Sunbelt	2.2.907.0	2007.11.21	-
Symantec	10	2007.11.21	-
TheHacker	6.2.9.135	2007.11.20	-
VBA32	3.12.2.5	2007.11.20	-
VirusBuster	4.3.26:9	2007.11.21	Trojan.DR.Dirat.Gen
Webwasher-Gateway	6.0.1	2007.11.21	Trojan.Crypt.XPACK.Gen

Additional information
File size: 12395 bytes
MD5: af63e4eb1ddba00377bf939fec099b6b
SHA1: d3efd43be9e2b0b8e32f4112099cac37ebd5f7c0
```



```
File avz00002.dta received on 11.21.2007 12:34:07 (CET)Antivirus	Version	Last Update	Result
AhnLab-V3	2007.11.21.1	2007.11.21	-
AntiVir	7.6.0.34	2007.11.21	-
Authentium	4.93.8	2007.11.21	-
Avast	4.7.1074.0	2007.11.20	-
AVG	7.5.0.503	2007.11.21	SHeur.ACTR
BitDefender	7.2	2007.11.21	-
CAT-QuickHeal	9.00	2007.11.20	-
ClamAV	0.91.2	2007.11.21	-
DrWeb	4.44.0.09170	2007.11.21	-
eSafe	7.0.15.0	2007.11.14	-
eTrust-Vet	31.3.5313	2007.11.21	-
Ewido	4.0	2007.11.20	-
FileAdvisor	1	2007.11.21	-
Fortinet	3.14.0.0	2007.11.21	-
F-Prot	4.4.2.54	2007.11.21	-
F-Secure	6.70.13030.0	2007.11.21	-
Ikarus	T3.1.1.12	2007.11.21	-
Kaspersky	7.0.0.125	2007.11.21	-
McAfee	5167	2007.11.20	-
Microsoft	1.3007	2007.11.21	Spammer:Win32/Tedroo.B
NOD32v2	2674	2007.11.21	Win32/TrojanProxy.Small.NBD
Norman	5.80.02	2007.11.20	-
Panda	9.0.0.4	2007.11.21	-
Prevx1	V2	2007.11.21	-
Rising	20.19.20.00	2007.11.21	-
Sophos	4.23.0	2007.11.21	-
Sunbelt	2.2.907.0	2007.11.21	-
Symantec	10	2007.11.21	-
TheHacker	6.2.9.135	2007.11.20	-
VBA32	3.12.2.5	2007.11.20	-
VirusBuster	4.3.26:9	2007.11.21	-
Webwasher-Gateway	6.0.1	2007.11.21	-

Additional information
File size: 32768 bytes
MD5: 8c10f9134e5a7d16aa5697de32c9d1d9
SHA1: abe50820c9b8353a6d71d180877a7f1075839f13
```

----------


## Selmanuk

Файл opr03U42.htm.7FFFAE33 получен 2007.11.27 12:17:23 (CET)Антивирус Версия Обновление Результат 
AhnLab-V3 2007.11.27.1 2007.11.27 - 
*AntiVir 7.6.0.34 2007.11.27 HEUR/Exploit.HTML* 
Authentium 4.93.8 2007.11.24 - 
Avast 4.7.1074.0 2007.11.27 - 
*AVG 7.5.0.503 2007.11.26 Downloader.Agent* 
BitDefender 7.2 2007.11.27 - 
CAT-QuickHeal 9.00 2007.11.27 - 
ClamAV 0.91.2 2007.11.27 - 
*DrWeb 4.44.0.09170 2007.11.27 Worm.Sifiliz* 
eSafe 7.0.15.0 2007.11.21 - 
eTrust-Vet 31.3.5329 2007.11.26 - 
Ewido 4.0 2007.11.26 - 
FileAdvisor 1 2007.11.27 - 
Fortinet 3.14.0.0 2007.11.27 - 
F-Prot 4.4.2.54 2007.11.27 - 
F-Secure 6.70.13030.0 2007.11.27 - 
Ikarus T3.1.1.12 2007.11.27 - 
Kaspersky 7.0.0.125 2007.11.27 - 
McAfee 5171 2007.11.26 - 
Microsoft 1.3007 2007.11.27 - 
NOD32v2 2687 2007.11.26 - 
Norman 5.80.02 2007.11.26 - 
Panda 9.0.0.4 2007.11.26 - 
Prevx1 V2 2007.11.27 - 
Rising 20.20.11.00 2007.11.27 - 
*Sophos 4.23.0 2007.11.27 Mal/ObfJS-R* 
Sunbelt 2.2.907.0 2007.11.27 - 
Symantec 10 2007.11.27 - 
TheHacker 6.2.9.142 2007.11.26 - 
VBA32 3.12.2.5 2007.11.27 - 
VirusBuster 4.3.26:9 2007.11.26 - 
*Webwasher-Gateway 6.0.1 2007.11.27 Heuristic.Exploit.HTML* 

Дополнительная информация 
File size: 32803 bytes 
MD5: 5021a06aa8e0848d140aa2b336e89aa8 
SHA1: db20d942fb98310a5b43d3cc2a035c07962e0aac

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Shu_b

Сегодня последний день ноября, а так как активность данной темы немного упала, то я подбиваю промежуточные итоги. Выкладываю два графика за прошедший месяц и сумму. Месячный итог забавным получился.... ;-)

----------


## DVi

Сумма - это второй, в котором стоит максимум 140?

----------


## Shu_b

> Сумма - это второй, в котором стоит максимум 140?


да, 65 + 58

----------


## Surfer

Жестокие пинчары пошли, никем не ловятся.

File illusion.exe received on 12.01.2007 15:41:05 (CET)
Result: 4/32 (12.5%)

AhnLab-V3 2007.12.1.0 2007.11.30 - 
AntiVir 7.6.0.34 2007.11.30 - 
Authentium 4.93.8 2007.12.01 - 
Avast 4.7.1074.0 2007.11.30 - 
AVG 7.5.0.503 2007.12.01 - 
BitDefender 7.2 2007.12.01 - 
CAT-QuickHeal 9.00 2007.12.01 - 
ClamAV 0.91.2 2007.12.01 - 
DrWeb 4.44.0.09170 2007.12.01 - 
eSafe 7.0.15.0 2007.11.29 - 
eTrust-Vet 31.3.5340 2007.11.30 - 
Ewido 4.0 2007.12.01 - 
FileAdvisor 1 2007.12.01 - 
Fortinet 3.14.0.0 2007.12.01 - 
F-Prot 4.4.2.54 2007.11.30 - 
F-Secure 6.70.13030.0 2007.11.30 - 
*Ikarus T3.1.1.12 2007.12.01 Virus.Win32.Zapchast.DA
Kaspersky 7.0.0.125 2007.12.01 Trojan.BAT.Runner.j*
McAfee 5175 2007.11.30 - 
Microsoft 1.3007 2007.12.01 - 
NOD32v2 2696 2007.11.30 - 
Norman 5.80.02 2007.11.30 - 
Panda 9.0.0.4 2007.12.01 - 
Prevx1 V2 2007.12.01 - 
*Rising 20.20.51.00 2007.12.01 Trojan.DL.Win32.Agent.bxw
Sophos 4.23.0 2007.12.01 Mal/Dropper-T*
Sunbelt 2.2.907.0 2007.12.01 - 
Symantec 10 2007.12.01 - 
TheHacker 6.2.9.146 2007.11.30 - 
VBA32 3.12.2.5 2007.12.01 - 
VirusBuster 4.3.26:9 2007.11.30 - 
Webwasher-Gateway 6.6.2 2007.12.01 - 
Additional information 
File size: 159843 bytes 
MD5: 1b4023097c4e527b5e2e465d026d68cc 
SHA1: 8bfd2cc1a1b4dbab31b15bc0581e6149c2cd1c29 
packers: RAR 

А вот он же, но в распакованом виде

File 1.exe received on 12.01.2007 15:46:00 (CET)
Result: 3/32 (9.38%)


Antivirus Version Last Update Result 
AhnLab-V3 2007.12.1.0 2007.11.30 - 
AntiVir 7.6.0.34 2007.11.30 - 
Authentium 4.93.8 2007.12.01 - 
Avast 4.7.1074.0 2007.11.30 - 
AVG 7.5.0.503 2007.12.01 - 
BitDefender 7.2 2007.12.01 - 
CAT-QuickHeal 9.00 2007.12.01 - 
ClamAV 0.91.2 2007.12.01 - 
DrWeb 4.44.0.09170 2007.12.01 - 
eSafe 7.0.15.0 2007.11.29 - 
eTrust-Vet 31.3.5340 2007.11.30 - 
Ewido 4.0 2007.12.01 - 
FileAdvisor 1 2007.12.01 - 
Fortinet 3.14.0.0 2007.12.01 - 
F-Prot 4.4.2.54 2007.11.30 - 
F-Secure 6.70.13030.0 2007.11.30 - 
*Ikarus T3.1.1.12 2007.12.01 Virus.Win32.Zapchast.DA*
Kaspersky 7.0.0.125 2007.12.01 - 
McAfee 5175 2007.11.30 - 
Microsoft 1.3007 2007.12.01 - 
NOD32v2 2696 2007.11.30 - 
Norman 5.80.02 2007.11.30 - 
Panda 9.0.0.4 2007.12.01 - 
Prevx1 V2 2007.12.01 - 
*Rising 20.20.51.00 2007.12.01 Trojan.DL.Win32.Agent.bxw
Sophos 4.23.0 2007.12.01 Mal/Dropper-T*
Sunbelt 2.2.907.0 2007.12.01 - 
Symantec 10 2007.12.01 - 
TheHacker 6.2.9.146 2007.11.30 - 
VBA32 3.12.2.5 2007.12.01 - 
VirusBuster 4.3.26:9 2007.11.30 - 
Webwasher-Gateway 6.6.2 2007.12.01 - 
Additional information 
File size: 28672 bytes 
MD5: 5564a7b0ec2c7012c64af96a87876491 
SHA1: 840a0c70f91e49b4a6edb5fcb1b8eb64e9fcdb87

----------


## Helgin

Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2007.12.1.0	2007.11.30	-
*AntiVir	7.6.0.34	2007.11.30	CC/UKMalw.LB
Authentium	4.93.8	2007.12.01	W32/Trojan.BWKV*
Avast	4.7.1074.0	2007.12.01	-
AVG	7.5.0.503	2007.12.01	-
BitDefender	7.2	2007.12.02	-
*CAT-QuickHeal	9.00	2007.12.01	Trojan.Soltek.kj*
ClamAV	0.91.2	2007.12.02	-
DrWeb	4.44.0.09170	2007.12.01	-
eSafe	7.0.15.0	2007.11.29	-
eTrust-Vet	31.3.5340	2007.11.30	-
*Ewido	4.0	2007.12.01	Trojan.Legmir*
FileAdvisor	1	2007.12.02	-
*Fortinet	3.14.0.0	2007.12.01	Generic.A!tr
F-Prot	4.4.2.54	2007.11.30	W32/Trojan.BWKV
F-Secure	6.70.13030.0	2007.11.30	W32/Malware.dam
Ikarus	T3.1.1.12	2007.12.02	Trojan-PWS.Legmir*
Kaspersky	7.0.0.125	2007.12.02	-
*McAfee	5175	2007.11.30	Generic Packed*
Microsoft	1.3007	2007.12.02	-
NOD32v2	2696	2007.11.30	-
*Norman	5.80.02	2007.11.30	W32/Malware.dam
Panda	9.0.0.4	2007.12.02	Generic Trojan
Prevx1	V2	2007.12.02	Generic.Malware*
Rising	20.20.52.00	2007.12.02	-
*Sophos	4.23.0	2007.12.01	Mal/Generic-A*
Sunbelt	2.2.907.0	2007.12.01	-
*Symantec	10	2007.12.02	Backdoor.EggDrop*
TheHacker	6.2.9.147	2007.12.01	-
*VBA32	3.12.2.5	2007.12.01	Trojan.PWS.Legmir*
VirusBuster	4.3.26:9	2007.12.01	-
*Webwasher-Gateway	6.6.2	2007.12.01	Virus.UKMalw.LB*
Дополнительная информация
File size: 61440 bytes
MD5: 9a667611eb788402ccadd829e29a4184
SHA1: 1b28150e07c4da97c7f343f63acf8a468a5f3733
Prevx info: http://fileinfo.prevx.com/fileinfo.a...ABFE00BD2000BF[/CODE]

----------


## Макcим

Из темы http://virusinfo.info/showthread.php?t=14788


> AhnLab-V3	2007.12.1.0	2007.11.30	-
> *AntiVir	7.6.0.34	2007.11.30	TR/Crypt.XPACK.Gen*
> Authentium	4.93.8	2007.12.01	-
> Avast	4.7.1074.0	2007.12.02	-
> AVG	7.5.0.503	2007.12.02	-
> BitDefender	7.2	2007.12.02	-
> CAT-QuickHeal	9.00	2007.12.01	-
> ClamAV	0.91.2	2007.12.02	-
> *DrWeb	4.44.0.09170	2007.12.02	Trojan.Packed.147*
> ...


Дополнительная информация
File size: 32768 bytes
MD5: ba6f53f0ccb15762068f41681d387761
SHA1: 5b4da53e8f918159c97f96f78971c430f6627dce

----------


## ssa555

Из темы http://virusinfo.info/showthread.php?t=14796




> Файл mssrv32.exe получен 2007.12.03 19:56:29 (CET)Антивирус Версия Обновление Результат 
> AhnLab-V3 2007.12.4.0 2007.12.03 - 
> *AntiVir 7.6.0.34 2007.12.03 TR/Dldr.Agent.fow* 
> Authentium 4.93.8 2007.12.03 - 
> Avast 4.7.1074.0 2007.12.03 - 
> *AVG 7.5.0.503 2007.12.03 Obfustat.ABFX* 
> BitDefender 7.2 2007.12.03 - 
> *CAT-QuickHeal 9.00 2007.12.03 TrojanDownloader.Agent.fow* 
> ClamAV 0.91.2 2007.12.03 - 
> ...

----------


## Shu_b

t - 14813


```
Antivirus       Version Last Update     Result
AhnLab-V3       2007.12.4.0     2007.12.03      -
AntiVir 7.6.0.34        2007.12.03      -
Authentium      4.93.8  2007.12.04      -
Avast   4.7.1074.0      2007.12.03      -
AVG     7.5.0.503       2007.12.04      -
BitDefender     7.2     2007.12.04      -
CAT-QuickHeal   9.00    2007.12.03      -
ClamAV  0.91.2  2007.12.04      -
DrWeb   4.44.0.09170    2007.12.03      -
eSafe   7.0.15.0        2007.12.03      Win32.Eterok.C
eTrust-Vet      31.3.5349       2007.12.04      -
Ewido   4.0     2007.12.03      -
FileAdvisor     1       2007.12.04      -
Fortinet        3.14.0.0        2007.12.04      -
F-Prot  4.4.2.54        2007.12.04      -
F-Secure        6.70.13030.0    2007.12.04      -
Ikarus  T3.1.1.12       2007.12.04      -
Kaspersky       7.0.0.125       2007.12.04      -
McAfee  5176    2007.12.03      -
Microsoft       1.3007  2007.12.03      -
NOD32v2 2699    2007.12.03      -
Norman  5.80.02 2007.12.03      -
Panda   9.0.0.4 2007.12.03      -
Prevx1  V2      2007.12.04      -
Rising  20.21.02.00     2007.12.03      -
Sophos  4.24.0  2007.12.04      -
Sunbelt 2.2.907.0       2007.12.01      -
Symantec        10      2007.12.04      Backdoor.Eterok.C
TheHacker       6.2.9.148       2007.12.03      -
VBA32   3.12.2.5        2007.12.03      -
VirusBuster     4.3.26:9        2007.12.03      -
Webwasher-Gateway       6.6.2   2007.12.03      -
Additional information
File size: 19968 bytes
```

t-14175


```
File _svchost.exe ( ie_updater.exe ) received on 12.04.2007 09:36:34 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.4.0	2007.12.03	Win-Trojan/Xema.variant
AntiVir	7.6.0.34	2007.12.04	-
Authentium	4.93.8	2007.12.04	-
Avast	4.7.1074.0	2007.12.03	Win32:Tiny-LJ
AVG	7.5.0.503	2007.12.04	Downloader.Generic6.WVT
BitDefender	7.2	2007.12.04	-
CAT-QuickHeal	9.00	2007.12.03	TrojanDownloader.Tiny.abz
ClamAV	0.91.2	2007.12.04	-
DrWeb	4.44.0.09170	2007.12.04	Trojan.DownLoader.origin
eSafe	7.0.15.0	2007.12.03	-
eTrust-Vet	31.3.5349	2007.12.04	-
Ewido	4.0	2007.12.03	-
FileAdvisor	1	2007.12.04	-
Fortinet	3.14.0.0	2007.12.04	-
F-Prot	4.4.2.54	2007.12.04	-
F-Secure	6.70.13030.0	2007.12.04	-
Ikarus	T3.1.1.12	2007.12.04	Virus.Win32.Tiny.LJ
Kaspersky	7.0.0.125	2007.12.04	-
McAfee	5176	2007.12.03	Generic Downloader.k
Microsoft	1.3007	2007.12.03	-
NOD32v2	2699	2007.12.03	Win32/TrojanDownloader.Tiny.NJ
Norman	5.80.02	2007.12.03	-
Panda	9.0.0.4	2007.12.03	Trj/Downloader.RLK
Prevx1	V2	2007.12.04	Heuristic: Suspicious File With Outbound Communications
Rising	20.21.10.00	2007.12.04	-
Sophos	4.24.0	2007.12.04	-
Sunbelt	2.2.907.0	2007.12.01	-
Symantec	10	2007.12.04	-
TheHacker	6.2.9.148	2007.12.03	-
VBA32	3.12.2.5	2007.12.03	-
VirusBuster	4.3.26:9	2007.12.03	-
Webwasher-Gateway	6.6.2	2007.12.04	-
Additional information
File size: 6144 bytes
MD5: a375f523505751cf04a34506315fd982
SHA1: 0b2eeee53b89ea666653ed5e770824d637d633ef
PEiD: -
packers: embedded
```

----------


## Ultima Weapon

File pskavs.zip received on 12.04.2007 12:09:29 (CET)
Current status: finished
Result: 6/32 (18.75%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 - - -
*AntiVir - - Frisk #2*
Authentium - - -
*Avast - - Win32:CTX*
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
*ClamAV - - Sirius.Annihilator.272*
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
*Ikarus - - Virus.Win32.CTX*
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
*Sophos - - W95/Whog-878b*
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
*Webwasher-Gateway - - Win32.Bumble*
Additional information
MD5: f20440d212d03abdb531eb3c99e1a47a

Добавлено через 8 минут

File Sample_3.zip received on 12.04.2007 12:57:39 (CET)
Current status: finished
Result: 21/32 (65.63%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2007.12.4.1 2007.12.04 -
*AntiVir 7.6.0.34 2007.12.04 TR/Crack.H.5*
Authentium 4.93.8 2007.12.04 -
*Avast 4.7.1074.0 2007.12.04 Win32ownloader-AS*
*AVG 7.5.0.503 2007.12.04 Downloader.Generic2.LKM*
*BitDefender 7.2 2007.12.04 Trojan.Crack.H*
*CAT-QuickHeal 9.00 2007.12.03 (Suspicious) - DNAScan*
ClamAV 0.91.2 2007.12.04 -
DrWeb 4.44.0.09170 2007.12.04 -
*eSafe 7.0.15.0 2007.12.03 Win32.Trojan*
eTrust-Vet 31.3.5349 2007.12.04 -
*Ewido 4.0 2007.12.04 Trojan.Crack.h*
FileAdvisor 1 2007.12.04 -
*Fortinet 3.14.0.0 2007.12.04 Crack.D!tr*
*F-Prot 4.4.2.54 2007.12.04 W32/Heuristic-162!Eldorado*
*F-Secure 6.70.13030.0 2007.12.04 W32/DLoader.ASHL*
*Ikarus T3.1.1.12 2007.12.04 Trojan-PWS.Win32.LdPinch.SX*
Kaspersky 7.0.0.125 2007.12.04 -
*McAfee 5176 2007.12.03 Downloader.gen.a*
Microsoft 1.3007 2007.12.03 -
*NOD32v2 2699 2007.12.03 probably a variant of Win32/Agent*
*Norman 5.80.02 2007.12.04 W32/DLoader.ASHL*
*Panda 9.0.0.4 2007.12.03 Suspicious file*
*Prevx1 V2 2007.12.04 Generic.Malware*
*Rising 20.21.10.00 2007.12.04 Hack.Win32.Dpatch.a*
*Sophos 4.24.0 2007.12.04 Troj/Crack-D*
*Sunbelt 2.2.907.0 2007.12.01 VIPRE.Suspicious*
*Symantec 10 2007.12.04 Trojan Horse*
TheHacker 6.2.9.148 2007.12.03 -
VBA32 3.12.2.5 2007.12.03 -
VirusBuster 4.3.26:9 2007.12.03 -
*Webwasher-Gateway 6.6.2 2007.12.04 Trojan.Crack.H.5*

Добавлено через 5 минут

File Trojan_1.zip received on 12.04.2007 13:03:24 (CET)
Current status: finished
Result: 20/32 (62.5%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2007.12.4.1 2007.12.04 -
*AntiVir 7.6.0.34 2007.12.04 TR/Crack.H.3*
Authentium 4.93.8 2007.12.04 -
*Avast 4.7.1074.0 2007.12.04 Win32ownloader-AS*
*AVG 7.5.0.503 2007.12.04 Downloader.Generic2.LKM*
*BitDefender 7.2 2007.12.04 Trojan.Crack.H*
*CAT-QuickHeal 9.00 2007.12.03 (Suspicious) - DNAScan*
ClamAV 0.91.2 2007.12.04 -
DrWeb 4.44.0.09170 2007.12.04 -
*eSafe 7.0.15.0 2007.12.03 Win32.Trojan*
eTrust-Vet 31.3.5349 2007.12.04 -
*Ewido 4.0 2007.12.04 Trojan.Crack.h*
FileAdvisor 1 2007.12.04 -
*Fortinet 3.14.0.0 2007.12.04 W32/Crack.D!tr*
*F-Prot 4.4.2.54 2007.12.04 W32/Heuristic-162!Eldorado*
*F-Secure 6.70.13030.0 2007.12.04 W32/DLoader.ASHL*
*Ikarus T3.1.1.12 2007.12.04 Trojan-PWS.Win32.LdPinch.SX*
Kaspersky 7.0.0.125 2007.12.04 -
*McAfee 5176 2007.12.03 Generic Downloader.z*
Microsoft 1.3007 2007.12.03 -
*NOD32v2 2699 2007.12.03 probably a variant of Win32/Agent*
*Norman 5.80.02 2007.12.04 W32/DLoader.ASHL*
*Panda 9.0.0.4 2007.12.03 Generic Trojan*
Prevx1 V2 2007.12.04 -
*Rising 20.21.10.00 2007.12.04 Hack.Win32.Dpatch.a*
*Sophos 4.24.0 2007.12.04 Troj/Crack-D*
*Sunbelt 2.2.907.0 2007.12.01 Trojan.Unclassified.gen*
*Symantec 10 2007.12.04 Trojan Horse*
TheHacker 6.2.9.148 2007.12.03 -
VBA32 3.12.2.5 2007.12.03 -
VirusBuster 4.3.26:9 2007.12.03 -
*Webwasher-Gateway 6.6.2 2007.12.04 Trojan.Crack.H.3*

Добавлено через 1 минуту

ile Trojan_Win_32_Agent.cro.zip received on 12.04.2007 11:15:37 (CET)
Current status: finished
Result: 26/32 (81.25%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 - - -
*AntiVir - - TR/Drop.Agent.cro*
*Authentium - - W32/Splendor.7116*
*Avast - - Win32:Agent-NMK*
*AVG - - Win32/Virut*
*BitDefender - - Trojan.Downloader.LoadAdv.XXA*
*CAT-QuickHeal - - Win32.Trojan.Pakes*
*ClamAV - - Trojan.Agent-9180*
*DrWeb - - Trojan.Packed.155*
*eSafe - - Win32.Agent.cro*
eTrust-Vet - - -
*Ewido - - Trojan.Agent.cro*
FileAdvisor - - -
*Fortinet - - W32/Agent.VD!tr*
*F-Prot - - W32/Backdoor.CARM*
*F-Secure - - Virus.Win32.Virut.av*
*Ikarus - - Trojan.Win32.Agent.cro*
*Kaspersky - - Trojan.Win32.Agent.cro*
*McAfee - - W32/Virut.gen.a*
*Microsoft - - Virus:Win32/Virut.AC*
*NOD32v2 - - Win32/TrojanDownloader.Agent.NSP*
*Norman - - DLoader.EBYE*
*Panda - - Trj/Agent.HCK*
Prevx1 - - -
*Rising - - Trojan.Win32.Mnless.zir*
*Sophos - - Mal/HckPk-A*
Sunbelt - - -
*Symantec - - W32.Virut.W*
TheHacker - - -
*VBA32 - - Trojan.Win32.Agent.cro*
*VirusBuster - - Adware.Vundo.V.Gen*
*Webwasher-Gateway - - Trojan.Drop.Agent.cro*


File crude.exe received on 12.05.2007 04:09:52 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 4/32 (12.5%)


AhnLab-V3    2007.12.5.0    2007.12.05    -
AntiVir    7.6.0.34    2007.12.04    -
Authentium    4.93.8    2007.12.05    -
Avast    4.7.1098.0    2007.12.05    -
AVG    7.5.0.503    2007.12.04    -
BitDefender    7.2    2007.12.05    -
CAT-QuickHeal    9.00    2007.12.04    -
ClamAV    0.91.2    2007.12.05    -
DrWeb    4.44.0.09170    2007.12.04    -
*eSafe    7.0.15.0    2007.12.04    suspicious Trojan/Worm*
eTrust-Vet    31.3.5352    2007.12.05    -
Ewido    4.0    2007.12.04    -
FileAdvisor    1    2007.12.05    -
Fortinet    3.14.0.0    2007.12.04    -
F-Prot    4.4.2.54    2007.12.05    -
F-Secure    6.70.13030.0    2007.12.05    -
Ikarus    T3.1.1.12    2007.12.05    -
Kaspersky    7.0.0.125    2007.12.05    -
McAfee    5177    2007.12.04    -
Microsoft    1.3007    2007.12.03    -
NOD32v2    2701    2007.12.05    -
Norman    5.80.02    2007.12.04    -
Panda    9.0.0.4    2007.12.04    -
*Prevx1    V2    2007.12.05    Generic.Malware*
Rising    20.21.12.00    2007.12.05    -
Sophos    4.24.0    2007.12.05    -
*Sunbelt    2.2.907.0    2007.12.05    VIPRE.Suspicious*
Symantec    10    2007.12.05    -
TheHacker    6.2.9.150    2007.12.05    -
VBA32    3.12.2.5    2007.12.04    -
VirusBuster    4.3.26:9    2007.12.04    -
*Webwasher-Gateway    6.6.2    2007.12.04    Win32.Malware.gen#UPX!92* (suspicious)

*Добавлено через 6 минут*

File noisybearcab_bin received on 07.23.2007 09:36:30 (CET)
Result: 20/30 (66.67%)
Antivirus     Version     Last Update     Result
AhnLab-V3    -    -    -
*AntiVir    -    -    Java/NoisyBear*
*Authentium    -    -    is a destructive program*
*Avast    -    -    JS:NoisyBear*
AVG    -    -    -
*BitDefender    -    -    Trojan.NoisyBear*
CAT-QuickHeal    -    -    -
*ClamAV    -    -    Java.Noisybear*
*DrWeb    -    -    Trojan.NoisyBear*
*eSafe    -    -    Drummer*
*eTrust-Vet    -    -    Java/Nosybea*
*Ewido    -    -    Trojan.NoisyBear*
FileAdvisor    -    -    -
*Fortinet    -    -    JAV/Noisybear!tr*
*F-Prot    -    -    Java/Trojan!217c*
*F-Secure    -    -    Java/NoisyBear.A*
*Ikarus    -    -    Trojan.NoisyBear*
Kaspersky    -    -    -
*McAfee    -    -    JV/g*
*Microsoft    -    -    Trojan:Java/Noisybear*
NOD32v2    -    -    -
Norman    -    -    -
*Panda    -    -    JV/NoisyBear*
*Sophos    -    -    Troj/NoisyBear*
Sunbelt    -    -    -
*Symantec    -    -    Trojan Horse*
TheHacker    -    -    -
VBA32    -    -    -
*VirusBuster    -    -    Java.NoisyBear*
*Webwasher-Gateway    -    -    Java.NoisyBear*

File emul.zip received on 12.03.2007 07:49:40 (CET)
Result: 16/32 (50%)
Antivirus     Version     Last Update     Result
AhnLab-V3    -    -    -
*AntiVir    -    -    TR/Hijack.Explor.4284*
Authentium    -    -    -
*Avast    -    -    Win32:Avtest*
*AVG    -    -    Downloader.Delf.LY*
*BitDefender    -    -    BehavesLike:Win32.ExplorerHijack*
CAT-QuickHeal    -    -    -
ClamAV    -    -    -
DrWeb    -    -    -
*eSafe    -    -    Win32.Delf.adw*
eTrust-Vet    -    -    -
Ewido    -    -    -
FileAdvisor    -    -    -
Fortinet    -    -    -
F-Prot    -    -    -
*F-Secure    -    -    W32/Downloader.AJC*
*Ikarus    -    -    BehavesLikeWin32.ExplorerHijack*
*Kaspersky    -    -    Heur.Invader*
McAfee    -    -    -
*Microsoft    -    -    TrojanDownloader:Win32/Delf*
*NOD32v2    -    -    probably unknown NewHeur_PE virus*
*Norman    -    -    W32/Downloader.AJC*
*Panda    -    -    Suspicious file*
*Prevx1    -    -    Generic.Malware*
Rising    -    -    -
Sophos    -    -    -
*Sunbelt    -    -    Win32.ExplorerHijack*
Symantec    -    -    -
TheHacker    -    -    -
*VBA32    -    -    suspected of Win32.Trojan.Downloader* (http://...)
VirusBuster    -    -    -
*Webwasher-Gateway    -    -    Trojan.Hijack.Explor.4284*


*Добавлено через 4 минуты*

File EvID4226.exe received on 12.04.2007 16:11:06 (CET)
Result: 15/32 (46.88%)
Antivirus     Version     Last Update     Result
AhnLab-V3    -    -    -
AntiVir    -    -    -
Authentium    -    -    -
Avast    -    -    -
*AVG    -    -    Potentially harmful program HackTool.AB*
*BitDefender    -    -    Application.Evid.M*
*CAT-QuickHeal    -    -    AdWare.Agent.bq (Not a Virus)*
ClamAV    -    -    -
DrWeb    -    -    -
*eSafe    -    -    suspicious Trojan/Worm*
eTrust-Vet    -    -    -
*Ewido    -    -    Not-A-Virus.Hacktool.EvID*
*FileAdvisor    -    -    High threat detected*
*Fortinet    -    -    HackerTool/Evid*
F-Prot    -    -    -
F-Secure    -    -    -
Ikarus    -    -    -
Kaspersky    -    -    -
*McAfee    -    -    potentially unwanted program Tool-Evid*
Microsoft    -    -    -
*NOD32v2    -    -    Win32/Tool.EvID4226*
Norman    -    -    -
*Panda    -    -    HackTool/EvID*
*Prevx1    -    -    Potentially harmful program HackTool.AB*
Rising    -    -    -
*Sophos    -    -    EvID4226*
*Sunbelt    -    -    Event ID 4226 Patcher*
Symantec    -    -    -
*TheHacker    -    -    Aplicacion/Tool.evid*
VBA32    -    -    -
VirusBuster    -    -    -
*Webwasher-Gateway    -    -    Riskware.Tool.EvID4226.A*

----------


## Ultima Weapon

File askBarSetup.zip received on 12.05.2007 08:29:00 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 4/32 (12.5%)

Antivirus Version Last Update Result
AhnLab-V3 2007.12.5.0 2007.12.05 -
AntiVir 7.6.0.34 2007.12.05 -
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 -
AVG 7.5.0.503 2007.12.04 -
BitDefender 7.2 2007.12.05 -
CAT-QuickHeal 9.00 2007.12.04 -
ClamAV 0.91.2 2007.12.05 -
DrWeb 4.44.0.09170 2007.12.04 -
eSafe 7.0.15.0 2007.12.04 -
eTrust-Vet 31.3.5352 2007.12.05 -
Ewido 4.0 2007.12.04 -
FileAdvisor 1 2007.12.05 -
Fortinet 3.14.0.0 2007.12.05 -
*F-Prot 4.4.2.54 2007.12.05 W32/Mywebsearch.I.gen!Eldorado*
F-Secure 6.70.13030.0 2007.12.05 -
Ikarus T3.1.1.12 2007.12.05 -
Kaspersky 7.0.0.125 2007.12.05 -
McAfee 5177 2007.12.04 -
Microsoft 1.3007 2007.12.05 -
*NOD32v2 2703 2007.12.05 a variant of Win32/AdInstaller*
Norman 5.80.02 2007.12.04 -
Panda 9.0.0.4 2007.12.04 -
*Prevx1 V2 2007.12.05 Heuristic: Suspicious Hijacker*
Rising 20.21.20.00 2007.12.05 -
Sophos 4.24.0 2007.12.05 -
Sunbelt 2.2.907.0 2007.12.05 -
Symantec 10 2007.12.05 -
TheHacker 6.2.9.150 2007.12.05 -
*VBA32 3.12.2.5 2007.12.04 suspected of Trojan-Dropper.Delf.36 (paranoid heuristics)*
VirusBuster 4.3.26:9 2007.12.04 -
Webwasher-Gateway 6.6.2 2007.12.05 -

*Добавлено через 8 минут*

File gen.exe received on 12.05.2007 08:37:09 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 4/32 (12.5%)


Antivirus Version Last Update Result
AhnLab-V3 2007.12.5.0 2007.12.05 -
AntiVir 7.6.0.34 2007.12.05 -
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 -
AVG 7.5.0.503 2007.12.04 -
BitDefender 7.2 2007.12.05 -
CAT-QuickHeal 9.00 2007.12.04 -
ClamAV 0.91.2 2007.12.05 -
DrWeb 4.44.0.09170 2007.12.04 -
*eSafe 7.0.15.0 2007.12.04 suspicious Trojan/Worm*
eTrust-Vet 31.3.5352 2007.12.05 -
Ewido 4.0 2007.12.04 -
FileAdvisor 1 2007.12.05 -
Fortinet 3.14.0.0 2007.12.05 -
F-Prot 4.4.2.54 2007.12.05 -
F-Secure 6.70.13030.0 2007.12.05 -
Ikarus T3.1.1.12 2007.12.05 -
Kaspersky 7.0.0.125 2007.12.05 -
McAfee 5177 2007.12.04 -
Microsoft 1.3007 2007.12.05 -
NOD32v2 2703 2007.12.05 -
Norman 5.80.02 2007.12.04 -
*Panda 9.0.0.4 2007.12.04 Suspicious file*
Prevx1 V2 2007.12.05 -
Rising 20.21.20.00 2007.12.05 -
Sophos 4.24.0 2007.12.05 -
*Sunbelt 2.2.907.0 2007.12.05 VIPRE.Suspicious*
Symantec 10 2007.12.05 -
TheHacker 6.2.9.150 2007.12.05 -
VBA32 3.12.2.5 2007.12.04 -
VirusBuster 4.3.26:9 2007.12.04 -
*Webwasher-Gateway 6.6.2 2007.12.05 Win32.Malware.gen#UPX!92 (suspicious)*

*Добавлено через 22 минуты*

File b.exe received on 12.05.2007 08:57:30 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 15/32 (46.88%)

Antivirus Version Last Update Result
AhnLab-V3 2007.12.5.0 2007.12.05 -
AntiVir 7.6.0.34 2007.12.05 -
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 -
*AVG 7.5.0.503 2007.12.04 Generic5.HNY*
BitDefender 7.2 2007.12.05 -
*CAT-QuickHeal 9.00 2007.12.04 (Suspicious) - DNAScan*
*ClamAV 0.91.2 2007.12.05 PUA.Packed.UPack-2*
DrWeb 4.44.0.09170 2007.12.04 -
*eSafe 7.0.15.0 2007.12.04 Suspicious File*
eTrust-Vet 31.3.5352 2007.12.05 -
Ewido 4.0 2007.12.04 -
*FileAdvisor 1 2007.12.05 High threat detected*
Fortinet 3.14.0.0 2007.12.05 -
*F-Prot 4.4.2.54 2007.12.05 W32/Heuristic-162!Eldorado*
F-Secure 6.70.13030.0 2007.12.05 -
*Ikarus T3.1.1.12 2007.12.05 Trojan-Downloader.Win32.Zlob.and*
Kaspersky 7.0.0.125 2007.12.05 -
*McAfee 5177 2007.12.04 New Malware.aj*
Microsoft 1.3007 2007.12.05 -
NOD32v2 2703 2007.12.05 -
*Norman 5.80.02 2007.12.04 W32/Suspicious_U.gen*
Panda 9.0.0.4 2007.12.04 -
*Prevx1 V2 2007.12.05 Generic.Malware*
Rising 20.21.20.00 2007.12.05 -
*Sophos 4.24.0 2007.12.05 Mal/Packer*
*Sunbelt 2.2.907.0 2007.12.05 VIPRE.Suspicious*
Symantec 10 2007.12.05 -
*TheHacker 6.2.9.150 2007.12.05 W32/Behav-Heuristic-060*
VBA32 3.12.2.5 2007.12.04 -
*VirusBuster 4.3.26:9 2007.12.04 Packed/Upack*
*Webwasher-Gateway 6.6.2 2007.12.05 Win32.Malware.gen (suspicious)*

*Добавлено через 22 минуты*

File c.exe received on 12.03.2007 16:35:59 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 4/32 (12.5%)


Antivirus Version Last Update Result
AhnLab-V3 - - -
*AntiVir - - ADSPY/LordPatch.A*
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
*eSafe - - suspicious Trojan/Worm*
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
*Prevx1 - - Heuristic: Suspicious File With Outbound Communications*
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
*Webwasher-Gateway - - Ad-Spyware.LordPatch.A*

*Добавлено через 27 минут*

File bab.exe received on 11.19.2007 08:12:20 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 2/32 (6.25%)


Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
*F-Secure - - W32/Malware.AQMG*
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
*Norman - - W32/Malware.AQMG*
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -

*Добавлено через 28 минут*

File ul.exe received on 12.01.2007 08:24:10 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 8/32 (25%)

Antivirus     Version     Last Update     Result
AhnLab-V3    -    -    -
*AntiVir    -    -    TR/Gendal.134656*
Authentium    -    -    -
Avast    -    -    -
*AVG    -    -    Generic7.FSV*
*BitDefender    -    -    Trojan.Generic.69247*
CAT-QuickHeal    -    -    -
ClamAV    -    -    -
DrWeb    -    -    -
eSafe    -    -    -
eTrust-Vet    -    -    -
Ewido    -    -    -
*FileAdvisor    -    -    High threat detected*
*Fortinet    -    -    W32/BBTN.A!tr*
F-Prot    -    -    -
F-Secure    -    -    -
*Ikarus    -    -    Trojan.Generic*
Kaspersky    -    -    -
McAfee    -    -    -
Microsoft    -    -    -
NOD32v2    -    -    -
Norman    -    -    -
Panda    -    -    -
*Prevx1    -    -    W32.MALWARE.GEN*
Rising    -    -    -
Sophos    -    -    -
Sunbelt    -    -    -
Symantec    -    -    -
TheHacker    -    -    -
VBA32    -    -    -
VirusBuster    -    -    -
*Webwasher-Gateway    -    -    Trojan.Gendal.134656*

*Добавлено через 10 минут*

File kayo.rar received on 12.05.2007 10:26:36 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 10/32 (31.25%)


Antivirus     Version     Last Update     Result
AhnLab-V3    2007.12.5.0    2007.12.05    -
AntiVir    7.6.0.34    2007.12.05    -
Authentium    4.93.8    2007.12.05    -
Avast    4.7.1098.0    2007.12.05    -
AVG    7.5.0.503    2007.12.04    -
*BitDefender    7.2    2007.12.05    Packer.Krunchy.A*
*CAT-QuickHeal    9.00    2007.12.04    (Suspicious) - DNAScan*
ClamAV    0.91.2    2007.12.05    -
DrWeb    4.44.0.09170    2007.12.04    -
*eSafe    7.0.15.0    2007.12.04    Suspicious File*
eTrust-Vet    31.3.5353    2007.12.05    -
Ewido    4.0    2007.12.04    -
FileAdvisor    1    2007.12.05    -
Fortinet    3.14.0.0    2007.12.05    -
*F-Prot    4.4.2.54    2007.12.05    W32/Heuristic-162!Eldorado*
F-Secure    6.70.13030.0    2007.12.05    -
*Ikarus    T3.1.1.12    2007.12.05    Packer.Krunchy.A*
Kaspersky    7.0.0.125    2007.12.05    -
McAfee    5177    2007.12.04    -
Microsoft    1.3007    2007.12.05    -
NOD32v2    2703    2007.12.05    -
Norman    5.80.02    2007.12.04    -
*Panda    9.0.0.4    2007.12.04    Suspicious file*
*Prevx1    V2    2007.12.05    Heuristic: Suspicious File With Covert* Attributes
Rising    20.21.20.00    2007.12.05    -
*Sophos    4.24.0    2007.12.05    Mal/EncPk-BP*
Sunbelt    2.2.907.0    2007.12.05    -
Symantec    10    2007.12.05    -
TheHacker    6.2.9.150    2007.12.05    -
VBA32    3.12.2.5    2007.12.04    -
*VirusBuster    4.3.26:9    2007.12.04    Packed/FRBR*
*Webwasher-Gateway    6.6.2    2007.12.05    Win32.Malware.gen* *(suspicious)*

*Добавлено через 4 минуты*

File chong.exe received on 11.14.2007 03:26:51 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 7/32 (21.88%)
Antivirus     Version     Last Update     Result
AhnLab-V3    -    -    -
AntiVir    -    -    -
Authentium    -    -    -
Avast    -    -    -
*AVG    -    -    Generic9.STX*
BitDefender    -    -    -
*CAT-QuickHeal    -    -    (Suspicious) - DNAScan*
ClamAV    -    -    -
DrWeb    -    -    -
*eSafe    -    -    Suspicious File*
eTrust-Vet    -    -    -
Ewido    -    -    -
FileAdvisor    -    -    -
Fortinet    -    -    -
F-Prot    -    -    -
*F-Secure    -    -    W32/Malware.AZKM*
Ikarus    -    -    -
Kaspersky    -    -    -
McAfee    -    -    -
Microsoft    -    -    -
NOD32v2    -    -    -
*Norman    -    -    W32/Malware.AZKM*
Panda    -    -    -
*Prevx1    -    -    Heuristic: Suspicious Self Modifying EXE*
Rising    -    -    -
Sophos    -    -    -
Sunbelt    -    -    -
Symantec    -    -    -
TheHacker    -    -    -
VBA32    -    -    -
VirusBuster    -    -    -
*Webwasher-Gateway    -    -    Win32.Malware.gen#PECompact* (suspicious)

*Добавлено через 52 секунды*

File maker.exe received on 11.21.2007 03:48:22 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 1/32 (3.13%)
Antivirus     Version     Last Update     Result
AhnLab-V3    -    -    -
AntiVir    -    -    -
Authentium    -    -    -
Avast    -    -    -
AVG    -    -    -
BitDefender    -    -    -
CAT-QuickHeal    -    -    -
ClamAV    -    -    -
DrWeb    -    -    -
eSafe    -    -    -
eTrust-Vet    -    -    -
Ewido    -    -    -
FileAdvisor    -    -    -
Fortinet    -    -    -
F-Prot    -    -    -
F-Secure    -    -    -
Ikarus    -    -    -
Kaspersky    -    -    -
McAfee    -    -    -
Microsoft    -    -    -
NOD32v2    -    -    -
Norman    -    -    -
Panda    -    -    -
Prevx1    -    -    -
Rising    -    -    -
Sophos    -    -    -
Sunbelt    -    -    -
Symantec    -    -    -
TheHacker    -    -    -
VBA32    -    -    -
VirusBuster    -    -    -
*Webwasher-Gateway    -    -    Win32.ModifiedUPX.gen!90 (suspicious)*

*Добавлено через 4 минуты*

File obra.exe received on 12.04.2007 20:25:35 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 8/32 (25%)
Antivirus     Version     Last Update     Result
AhnLab-V3    -    -    -
AntiVir    -    -    -
Authentium    -    -    -
Avast    -    -    -
AVG    -    -    -
BitDefender    -    -    -
*CAT-QuickHeal    -    -    (Suspicious) - DNAScan*
ClamAV    -    -    -
DrWeb    -    -    -
*eSafe    -    -    Suspicious File*
eTrust-Vet    -    -    -
Ewido    -    -    -
FileAdvisor    -    -    Low threat detected
Fortinet    -    -    -
F-Prot    -    -    -
F-Secure    -    -    -
*Ikarus    -    -    Trojan-PWS.Win32.LdPinch.bjx*
Kaspersky    -    -    -
McAfee    -    -    -
Microsoft    -    -    -
NOD32v2    -    -    -
Norman    -    -    -
*Panda    -    -    Suspicious file*
*Prevx1    -    -    Generic.Malware*
Rising    -    -    -
Sophos    -    -    -
*Sunbelt    -    -    VIPRE.Suspicious*
Symantec    -    -    -
TheHacker    -    -    -
VBA32    -    -    -
VirusBuster    -    -    -
*Webwasher-Gateway    -    -    Win32.Malware.gen#PECompact!92 (suspicious)*

*Добавлено через 1 минуту*

File mader.exe received on 11.10.2007 16:55:53 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 7/32 (21.88%)

Antivirus     Version     Last Update     Result
AhnLab-V3    -    -    -
AntiVir    -    -    -
Authentium    -    -    -
Avast    -    -    -
AVG    -    -    -
BitDefender    -    -    -
*CAT-QuickHeal    -    -    (Suspicious) - DNAScan*
ClamAV    -    -    -
DrWeb    -    -    -
*eSafe    -    -    SuspiciousR-Mytob3*
eTrust-Vet    -    -    -
Ewido    -    -    -
FileAdvisor    -    -    -
Fortinet    -    -    -
F-Prot    -    -    -
F-Secure    -    -    -
*Ikarus    -    -    Backdoor.Win32.IRCBot.az*
Kaspersky    -    -    -
McAfee    -    -    -
Microsoft    -    -    -
NOD32v2    -    -    -
Norman    -    -    -
*Panda    -    -    Suspicious file*
Prevx1    -    -    -
Rising    -    -    -
Sophos    -    -    -
Sunbelt    -    -    -
Symantec    -    -    -
*TheHacker    -    -    W32/Behav-Heuristic-065*
VBA32    -    -    -
*VirusBuster    -    -    Packed/MoleBox*
*Webwasher-Gateway    -    -    Win32.Malware.gen (suspicious)*
Additional information

----------


## Surfer

OMFG...

Ultima Weapon plz, post only real malware in this thread.

for example EvID4226.exe is not malware, it is only patch for tcp/ip for p2p networks...

%)

----------


## sergio342

Файл startdrv.exe получен 2007.12.05 18:42:02 (CET)
Был пойман эвристикой KIS7.125 как Troyan.Generic

Антивирус Версия Обновление Результат 
AhnLab-V3 2007.12.5.0 2007.12.05 - 
AntiVir 7.6.0.34 2007.12.05 - 
Authentium 4.93.8 2007.12.05 - 
Avast 4.7.1098.0 2007.12.05 - 
AVG 7.5.0.503 2007.12.05 - 
BitDefender 7.2 2007.12.05 - 
CAT-QuickHeal 9.00 2007.12.05 - 
ClamAV 0.91.2 2007.12.05 - 
DrWeb 4.44.0.09170 2007.12.05 - 
eSafe 7.0.15.0 2007.12.05 - 
eTrust-Vet 31.3.5352 2007.12.05 - 
Ewido 4.0 2007.12.05 - 
FileAdvisor 1 2007.12.05 - 
Fortinet 3.14.0.0 2007.12.05 - 
F-Prot 4.4.2.54 2007.12.05 - 
F-Secure 6.70.13030.0 2007.12.05 - 
Ikarus T3.1.1.12 2007.12.05 - 
*Kaspersky 7.0.0.125 2007.12.05 Trojan.Win32.Agent.dei* 
McAfee 5178 2007.12.05 - 
Microsoft 1.3007 2007.12.05 - 
NOD32v2 2704 2007.12.05 - 
Norman 5.80.02 2007.12.05 - 
Panda 9.0.0.4 2007.12.04 - 
Prevx1 V2 2007.12.05 - 
Rising 20.21.20.00 2007.12.05 - 
*Sophos 4.24.0 2007.12.05 Mal/Dropper-O* 
Sunbelt 2.2.907.0 2007.12.05 - 
Symantec 10 2007.12.05 - 
TheHacker 6.2.9.150 2007.12.05 - 
VBA32 3.12.2.5 2007.12.04 - 
VirusBuster 4.3.26:9 2007.12.05 - 
Webwasher-Gateway 6.6.2 2007.12.05 -

----------


## Ultima Weapon

File cmdow.zip received on 12.05.2007 20:09:17 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 13/32 (40.63%)


Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2007.12.6.0	2007.12.05	-
AntiVir	7.6.0.34	2007.12.05	-
Authentium	4.93.8	2007.12.05	-
Avast	4.7.1098.0	2007.12.05	-
*AVG	7.5.0.503	2007.12.05	Potentially harmful program HideExec.BD*
BitDefender	7.2	2007.12.05	-
*CAT-QuickHeal	9.00	2007.12.05	RiskTool.HideWindows (Not a Virus)*
ClamAV	0.91.2	2007.12.05	-
DrWeb	4.44.0.09170	2007.12.05	-
eSafe	7.0.15.0	2007.12.05	-
eTrust-Vet	31.3.5353	2007.12.05	-
Ewido	4.0	2007.12.05	-
FileAdvisor	1	2007.12.05	-
*Fortinet	3.14.0.0	2007.12.05	HackerTool/HideWindows
F-Prot	4.4.2.54	2007.12.05	W32/HackToolX.DY*
F-Secure	6.70.13030.0	2007.12.05	-
*Ikarus	T3.1.1.12	2007.12.05	not-a-virus:RiskTool.Win32.HideWindows*
*Kaspersky	7.0.0.125	2007.12.05	not-a-virus:RiskTool.Win32.HideWindows*
*McAfee	5178	2007.12.05	potentially unwanted program Tool-HideWindow*
Microsoft	1.3007	2007.12.05	-
*NOD32v2	2701	2007.12.05	Win32/CMDOW.143*
Norman	5.80.02	2007.12.05	-
*Panda	9.0.0.4	2007.12.04	Application/HideWindow.S*
Prevx1	V2	2007.12.05	-
Rising	20.21.20.00	2007.12.05	-
*Sophos	4.24.0	2007.12.05	HideWindow
Sunbelt	2.2.907.0	2007.12.05	Trojan.HideWindow*
Symantec	10	2007.12.05	-
*TheHacker	6.2.9.150	2007.12.05	Aplicacion/HideWindows*
VBA32	3.12.2.5	2007.12.04	-
VirusBuster	4.3.26:9	2007.12.05	-
*Webwasher-Gateway	6.6.2	2007.12.05	Riskware.HideWindows.I*

*Добавлено через 39 минут*

File avz_2200_2.cab received on 12.05.2007 20:47:22 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 15/32 (46.88%)


Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2007.12.6.0	2007.12.05	-
*AntiVir	7.6.0.34	2007.12.05	TR/Hijack.Explor.4284*
Authentium	4.93.8	2007.12.05	-
*Avast	4.7.1098.0	2007.12.05	Win32:Avtest
AVG	7.5.0.503	2007.12.05	Downloader.Delf.LY
BitDefender	7.2	2007.12.05	BehavesLike:Win32ExplorerHijack*
CAT-QuickHeal	9.00	2007.12.05	-
ClamAV	0.91.2	2007.12.05	-
*DrWeb	4.44.0.09170	2007.12.05	Trojan.MulDrop.9781
eSafe	7.0.15.0	2007.12.05	Win32.Delf.adw*
eTrust-Vet	31.3.5353	2007.12.05	-
Ewido	4.0	2007.12.05	-
FileAdvisor	1	2007.12.05	-
Fortinet	3.14.0.0	2007.12.05	-
F-Prot	4.4.2.54	2007.12.05	-
*F-Secure	6.70.13030.0	2007.12.05	W32/Downloader.AJC
Ikarus	T3.1.1.12	2007.12.05	BehavesLikeWin32.ExplorerHijack*
*Kaspersky	7.0.0.125	2007.12.05	Heur.Invader*
McAfee	5178	2007.12.05	-
*Microsoft	1.3007	2007.12.05	TrojanDownloader:Win32/Delf
NOD32v2	2704	2007.12.05	probably unknown NewHeur_PE virus*
Norman	5.80.02	2007.12.05	-
*Panda	9.0.0.4	2007.12.04	Suspicious file
Prevx1	V2	2007.12.05	Generic.Malware*
Rising	20.21.20.00	2007.12.05	-
Sophos	4.24.0	2007.12.05	-
Sunbelt	2.2.907.0	2007.12.05	-
Symantec	10	2007.12.05	-
TheHacker	6.2.9.150	2007.12.05	-
*VBA32	3.12.2.5	2007.12.04	suspected of Win32.Trojan.Downloader* (http://...)
VirusBuster	4.3.26:9	2007.12.05	-
*Webwasher-Gateway	6.6.2	2007.12.05	Trojan.Hijack.Explor.4284*

*Добавлено через 43 минуты*

File SSINSTALLER_124.zip received on 12.05.2007 21:24:16 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 8/32 (25%)


Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2007.12.6.0	2007.12.05	-
*AntiVir	7.6.0.34	2007.12.05	ADSPY/SafeSurf*
Authentium	4.93.8	2007.12.05	-
Avast	4.7.1098.0	2007.12.05	-
AVG	7.5.0.503	2007.12.05	-
*BitDefender	7.2	2007.12.05	Trojan.Generic.75414*
CAT-QuickHeal	9.00	2007.12.05	-
ClamAV	0.91.2	2007.12.05	-
DrWeb	4.44.0.09170	2007.12.05	-
eSafe	7.0.15.0	2007.12.05	-
eTrust-Vet	31.3.5353	2007.12.05	-
Ewido	4.0	2007.12.05	-
FileAdvisor	1	2007.12.05	-
*Fortinet	3.14.0.0	2007.12.05	Spy/SafeSurf*
F-Prot	4.4.2.54	2007.12.05	-
F-Secure	6.70.13030.0	2007.12.05	-
Ikarus	T3.1.1.12	2007.12.05	-
Kaspersky	7.0.0.125	2007.12.05	-
McAfee	5178	2007.12.05	-
Microsoft	1.3007	2007.12.05	-
NOD32v2	2704	2007.12.05	-
Norman	5.80.02	2007.12.05	-
*Panda	9.0.0.4	2007.12.05	Spyware/SafeSurf
Prevx1	V2	2007.12.05	Generic.Malware*
Rising	20.21.20.00	2007.12.05	-
Sophos	4.24.0	2007.12.05	-
*Sunbelt	2.2.907.0	2007.12.05	SafeSurfing*
Symantec	10	2007.12.05	-
TheHacker	6.2.9.151	2007.12.05	-
VBA32	3.12.2.5	2007.12.05	-
*VirusBuster	4.3.26:9	2007.12.05	Trojan.DL.Istbar.Gen.1*
*Webwasher-Gateway	6.6.2	2007.12.05	Ad-Spyware.SafeSurf*

*Добавлено через 8 часов 43 минуты*

File DLD.exe received on 11.21.2007 09:14:16 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 2/32 (6.25%)


Antivirus 	Version 	Last Update 	Result
AhnLab-V3	-	-	-
AntiVir	-	-	-
Authentium	-	-	-
Avast	-	-	-
AVG	-	-	-
BitDefender	-	-	-
CAT-QuickHeal	-	-	-
ClamAV	-	-	-
*DrWeb	-	-	BACKDOOR.Trojan*
eSafe	-	-	-
eTrust-Vet	-	-	-
Ewido	-	-	-
FileAdvisor	-	-	-
Fortinet	-	-	-
F-Prot	-	-	-
F-Secure	-	-	-
Ikarus	-	-	-
Kaspersky	-	-	-
McAfee	-	-	-
Microsoft	-	-	-
NOD32v2	-	-	-
Norman	-	-	-
Panda	-	-	-
*Prevx1	-	-	Heuristic: Suspicious Hijacker*
Rising	-	-	-
Sophos	-	-	-
Sunbelt	-	-	-
Symantec	-	-	-
TheHacker	-	-	-
VBA32	-	-	-
VirusBuster	-	-	-
Webwasher-Gateway	-	-	-

----------


## Shu_b

t-14879

```
File abcB812.tmp received on 12.06.2007 06:05:57 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.6.0	2007.12.06	-
AntiVir	7.6.0.34	2007.12.05	Worm/Ntech.W
Authentium	4.93.8	2007.12.05	-
Avast	4.7.1098.0	2007.12.05	-
AVG	7.5.0.503	2007.12.06	Downloader.Agent.14.C
BitDefender	7.2	2007.12.06	Trojan.Kobcka.BC
CAT-QuickHeal	9.00	2007.12.05	Trojan.Pakes.brf
ClamAV	0.91.2	2007.12.06	-
DrWeb	4.44.0.09170	2007.12.05	-
eSafe	7.0.15.0	2007.12.05	-
eTrust-Vet	31.3.5355	2007.12.05	-
Ewido	4.0	2007.12.05	-
FileAdvisor	1	2007.12.06	-
Fortinet	3.14.0.0	2007.12.06	-
F-Prot	4.4.2.54	2007.12.05	-
F-Secure	6.70.13030.0	2007.12.06	Trojan.Win32.Pakes.brf
Ikarus	T3.1.1.12	2007.12.06	Trojan.Win32.Pakes.brf
Kaspersky	7.0.0.125	2007.12.06	Trojan.Win32.Pakes.brf
McAfee	5178	2007.12.05	-
Microsoft	1.3007	2007.12.06	TrojanDropper:Win32/Cutwail.R
NOD32v2	2705	2007.12.05	Win32/Agent.NNK
Norman	5.80.02	2007.12.05	W32/Smalltroj.BOJA
Panda	9.0.0.4	2007.12.05	-
Prevx1	V2	2007.12.06	-
Rising	20.21.22.00	2007.12.06	-
Sophos	4.24.0	2007.12.06	-
Sunbelt	2.2.907.0	2007.12.05	-
Symantec	10	2007.12.06	-
TheHacker	6.2.9.151	2007.12.05	-
VBA32	3.12.2.5	2007.12.05	Trojan.Win32.Pakes.brf
VirusBuster	4.3.26:9	2007.12.05	Trojan.DR.Pandex.Gen.1
Webwasher-Gateway	6.6.2	2007.12.05	Worm.Ntech.W
Additional information
File size: 20480 bytes
```



```
File rt26.exe received on 12.06.2007 06:10:27 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.6.0	2007.12.06	-
AntiVir	7.6.0.34	2007.12.05	-
Authentium	4.93.8	2007.12.05	-
Avast	4.7.1098.0	2007.12.05	-
AVG	7.5.0.503	2007.12.06	-
BitDefender	7.2	2007.12.06	-
CAT-QuickHeal	9.00	2007.12.05	-
ClamAV	0.91.2	2007.12.06	-
DrWeb	4.44.0.09170	2007.12.05	-
eSafe	7.0.15.0	2007.12.05	-
eTrust-Vet	31.3.5355	2007.12.05	-
Ewido	4.0	2007.12.05	-
FileAdvisor	1	2007.12.06	-
Fortinet	3.14.0.0	2007.12.06	-
F-Prot	4.4.2.54	2007.12.05	-
F-Secure	6.70.13030.0	2007.12.06	-
Ikarus	T3.1.1.12	2007.12.06	Virus.Win32.Zapchast.DA
Kaspersky	7.0.0.125	2007.12.06	Trojan-PSW.Win32.LdPinch.ejl
McAfee	5178	2007.12.05	-
Microsoft	1.3007	2007.12.06	-
NOD32v2	2705	2007.12.05	-
Norman	5.80.02	2007.12.05	-
Panda	9.0.0.4	2007.12.05	-
Prevx1	V2	2007.12.06	-
Rising	20.21.22.00	2007.12.06	Trojan.DL.Win32.Agent.bxw
Sophos	4.24.0	2007.12.06	Mal/Dropper-T
Sunbelt	2.2.907.0	2007.12.05	-
Symantec	10	2007.12.06	-
TheHacker	6.2.9.151	2007.12.05	-
VBA32	3.12.2.5	2007.12.05	-
VirusBuster	4.3.26:9	2007.12.05	-
Webwasher-Gateway	6.6.2	2007.12.05	-
Additional information
File size: 52224 bytes
```

----------


## Ultima Weapon

File change.exe received on 12.06.2007 06:22:16 (CET)

Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2007.12.6.0	2007.12.06	-
AntiVir	7.6.0.34	2007.12.05	-
Authentium	4.93.8	2007.12.05	-
Avast	4.7.1098.0	2007.12.05	-
AVG	7.5.0.503	2007.12.06	-
BitDefender	7.2	2007.12.06	-
CAT-QuickHeal	9.00	2007.12.05	-
ClamAV	0.91.2	2007.12.06	-
DrWeb	4.44.0.09170	2007.12.05	-
eSafe	7.0.15.0	2007.12.05	suspicious Trojan/Worm
eTrust-Vet	31.3.5355	2007.12.05	-
Ewido	4.0	2007.12.05	-
FileAdvisor	1	2007.12.06	-
Fortinet	3.14.0.0	2007.12.06	-
F-Prot	4.4.2.54	2007.12.05	-
F-Secure	6.70.13030.0	2007.12.06	-
Ikarus	T3.1.1.12	2007.12.06	-
Kaspersky	7.0.0.125	2007.12.06	-
McAfee	5178	2007.12.05	-
Microsoft	1.3007	2007.12.06	-
NOD32v2	2705	2007.12.05	-
Norman	5.80.02	2007.12.05	-
Panda	9.0.0.4	2007.12.05	-
Prevx1	V2	2007.12.06	-
Rising	20.21.22.00	2007.12.06	-
Sophos	4.24.0	2007.12.06	-
Sunbelt	2.2.907.0	2007.12.05	VIPRE.Suspicious
Symantec	10	2007.12.06	-
TheHacker	6.2.9.151	2007.12.05	-
VBA32	3.12.2.5	2007.12.05	-
VirusBuster	4.3.26:9	2007.12.05	-
Webwasher-Gateway	6.6.2	2007.12.05	Win32.Malware.gen#UPX!92 (suspicious)

----------


## Shu_b

You do not know where to receive the report for the publication?
Look -

----------


## Ultima Weapon

File fi.exe received on 12.05.2007 06:59:45 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	-	-	-
AntiVir	-	-	-
Authentium	-	-	-
Avast	-	-	-
*AVG	-	-	KillAV.FF*
BitDefender	-	-	-
CAT-QuickHeal	-	-	-
ClamAV	-	-	-
DrWeb	-	-	-
*eSafe	-	-	suspicious Trojan/Worm*
eTrust-Vet	-	-	-
Ewido	-	-	-
FileAdvisor	-	-	-
*Fortinet	-	-	Spy/Agent*
F-Prot	-	-	-
F-Secure	-	-	-
Ikarus	-	-	-
Kaspersky	-	-	-
McAfee	-	-	-
Microsoft	-	-	-
NOD32v2	-	-	-
Norman	-	-	-
*Panda	-	-	Suspicious file*
Prevx1	-	-	-
Rising	-	-	-
Sophos	-	-	-
Sunbelt	-	-	-
Symantec	-	-	-
TheHacker	-	-	-
VBA32	-	-	-
VirusBuster	-	-	-
Webwasher-Gateway	-	-	-
Additional information
MD5: 239421fb8dde79a54e86bca3ef4868ac

----------


## rubin

Файл avz00001.dta получен 2007.12.06 19:38:20 (CET)


```
AhnLab-V3	2007.12.7.0	2007.12.06	Win-Trojan/Xema.variant
AntiVir	7.6.0.34	2007.12.06	TR/Dldr.Vb.ANF.104
Authentium	4.93.8	2007.12.05	W32/Downldr2.URL
Avast	4.7.1098.0	2007.12.05	-
AVG	7.5.0.503	2007.12.06	Downloader.Generic4.KWJ
BitDefender	7.2	2007.12.06	Trojan.Downloader.Vb.ANF
CAT-QuickHeal	9.00	2007.12.06	(Suspicious) - DNAScan
ClamAV	0.91.2	2007.12.06	PUA.Packed.Expressor
DrWeb	4.44.0.09170	2007.12.06	Trojan.DownLoader.15237
eSafe	7.0.15.0	2007.12.06	Suspicious File
eTrust-Vet	31.3.5356	2007.12.06	-
Ewido	4.0	2007.12.06	-
FileAdvisor	1	2007.12.06	High threat detected
Fortinet	3.14.0.0	2007.12.06	PossibleThreat
F-Prot	4.4.2.54	2007.12.05	W32/Downldr2.URL
F-Secure	6.70.13030.0	2007.12.06	-
Ikarus	T3.1.1.12	2007.12.06	Backdoor.Win32.Hupigon.mrv
Kaspersky	7.0.0.125	2007.12.06	-
McAfee	5179	2007.12.06	New Malware.dq
Microsoft	1.3007	2007.12.06	Worm:Win32/VB
NOD32v2	2707	2007.12.06	Win32/TrojanDownloader.VB.ANF
Norman	5.80.02	2007.12.06	-
Panda	9.0.0.4	2007.12.06	Trj/QQPass.QV
Prevx1	V2	2007.12.06	Heuristic: Suspicious File With Code Injection Technology
Rising	20.21.32.00	2007.12.06	Trojan.DL.VB.dpl
Sophos	4.24.0	2007.12.06	Mal/Behav-160
Sunbelt	2.2.907.0	2007.12.05	Trojan-Downloader.Vb.ANF
Symantec	10	2007.12.06	W32.SillyFDC
TheHacker	6.2.9.151	2007.12.05	-
VBA32	3.12.2.5	2007.12.05	Trojan-Downloader.Win32.VB.anf
VirusBuster	4.3.26:9	2007.12.06	Packed/eXPressor
Webwasher-Gateway	6.6.2	2007.12.06	Trojan.Dldr.Vb.ANF.104
```

Дополнительная информация
File size: 22044 bytes
MD5: 477f7953da0469d65efd95f84e4bb0dc
SHA1: 30f811ac2fc90ea2d59fa8d20e44fa11f8fa9c2b
PEiD: eXPressor v1.3 -&gt; CGSoftLabs (h)
Bit9 info: http://fileadvisor.bit9.com/services...fd95f84e4bb0dc
packers: Expressor
Prevx info: http://fileinfo.prevx.com/fileinfo.a...FA6C00093D066E

----------


## zorro84

Файл PICT0038470.zip получен 2007.12.07 05:47:24 (CET)
Результат: 8/32 (25%)

Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.12.7.0	2007.12.07	-
AntiVir	7.6.0.34	2007.12.06	-
Authentium	4.93.8	2007.12.06	-
Avast	4.7.1098.0	2007.12.06	-
*AVG	7.5.0.503	2007.12.07	Obfustat.AARZ*
*BitDefender	7.2	2007.12.07	Trojan.Downloader.Agent.YVP*
CAT-QuickHeal	9.00	2007.12.06	-
ClamAV	0.91.2	2007.12.07	-
*DrWeb	4.44.0.09170	2007.12.06	Trojan.MulDrop.9716*
eSafe	7.0.15.0	2007.12.06	-
eTrust-Vet	31.3.5358	2007.12.07	-
Ewido	4.0	2007.12.06	-
FileAdvisor	1	2007.12.07	-
Fortinet	3.14.0.0	2007.12.06	-
F-Prot	4.4.2.54	2007.12.06	-
*F-Secure	6.70.13030.0	2007.12.07	Trojan-PSW.Win32.LdPinch.eim*
Ikarus	T3.1.1.12	2007.12.07	-
*Kaspersky	7.0.0.125	2007.12.07	Trojan-PSW.Win32.LdPinch.eim*
McAfee	5179	2007.12.06	-
Microsoft	1.3007	2007.12.07	-
NOD32v2	2708	2007.12.07	-
*Norman	5.80.02	2007.12.06	W32/Malware.AHSU.dropper*
Panda	9.0.0.4	2007.12.06	-
Prevx1	V2	2007.12.07	-
Rising	20.21.32.00	2007.12.06	-
Sophos	4.24.0	2007.12.07	-
Sunbelt	2.2.907.0	2007.12.07	-
Symantec	10	2007.12.07	-
TheHacker	6.2.9.152	2007.12.07	-
*VBA32	3.12.2.5	2007.12.05	MalwareScope.Trojan-PSW.Pinch.1*
*VirusBuster	4.3.26:9	2007.12.06	Trojan.DR.LdPinch.CCL*
Webwasher-Gateway	6.6.2	2007.12.06	-

Дополнительная информация
File size: 92275 bytes
MD5: bfb62a7151a4aa1cb5aaeab569858e03
SHA1: fc3bbbce71e60d508c5577a70e37c8a505f25166

----------


## santy

File ntos.exe received on 12.13.2007 07:05:07 (CET)
Result: 8/32 (25%)
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	-	-	-
*AntiVir	-	-	TR/Crypt.XPACK.Gen*
Authentium	-	-	-
Avast	-	-	-
*AVG	-	-	Pakes_c.GD*
*BitDefender	-	-	Trojan.Spy.Agent.NLL*
CAT-QuickHeal	-	-	-
ClamAV	-	-	-
*DrWeb	-	-	Trojan.Proxy.2071*
eSafe	-	-	-
eTrust-Vet	-	-	-
Ewido	-	-	-
FileAdvisor	-	-	-
Fortinet	-	-	-
F-Prot	-	-	-
F-Secure	-	-	-
Ikarus	-	-	-
Kaspersky	-	-	-
McAfee	-	-	-
Microsoft	-	-	-
NOD32v2	-	-	-
Norman	-	-	-
*Panda	-	-	Trj/Wsnpoem.NI*
Prevx1	-	-	-
Rising	-	-	-
Sophos	-	-	-
*Sunbelt	-	-	VIPRE.Suspicious*
Symantec	-	-	-
TheHacker	-	-	-
VBA32	-	-	-
*VirusBuster	-	-	TrojanSpy.ZBot.Gen!Pac.3*
*Webwasher-Gateway	-	-	Trojan.Crypt.XPACK.Gen*
Additional information
MD5: e46d907a7bc952e60910dec6c906d443

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Shu_b

другой ntos.exe



```
received on 12.11.2007 13:19:22 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	-	-	-
AntiVir	-	-	-
Authentium	-	-	-
Avast	-	-	-
AVG	-	-	-
BitDefender	-	-	-
CAT-QuickHeal	-	-	-
ClamAV	-	-	-
DrWeb	-	-	-
eSafe	-	-	-
eTrust-Vet	-	-	-
Ewido	-	-	-
FileAdvisor	-	-	-
Fortinet	-	-	-
F-Prot	-	-	-
F-Secure	-	-	-
Ikarus	-	-	-
Kaspersky	-	-	-
McAfee	-	-	-
Microsoft	-	-	-
NOD32v2	-	-	-
Norman	-	-	-
Panda	-	-	-
Prevx1	-	-	-
Rising	-	-	-
Sophos	-	-	-
Sunbelt	-	-	-
Symantec	-	-	Infostealer.Notos!gen
TheHacker	-	-	-
VBA32	-	-	-
VirusBuster	-	-	-
Webwasher-Gateway	-	-	Virus.Win32.FileInfector.gen (suspicious)
Additional information
MD5: ec43197aed08fa5ade6f3853341a96fe
```

прошло два дня...

```
received on 12.13.2007 08:54:08 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.13.10	2007.12.12	-
AntiVir	7.6.0.40	2007.12.13	TR/Rkit.WsnPoem
Authentium	4.93.8	2007.12.13	-
Avast	4.7.1098.0	2007.12.12	-
AVG	7.5.0.503	2007.12.12	Pakes_c.FU
BitDefender	7.2	2007.12.13	-
CAT-QuickHeal	9.00	2007.12.12	TrojanSpy.Zbot.ej
ClamAV	0.91.2	2007.12.12	-
DrWeb	4.44.0.09170	2007.12.12	-
eSafe	7.0.15.0	2007.12.12	-
eTrust-Vet	31.3.5373	2007.12.13	-
Ewido	4.0	2007.12.12	-
FileAdvisor	1	2007.12.13	-
Fortinet	3.14.0.0	2007.12.13	Spy/Zbot
F-Prot	4.4.2.54	2007.12.12	-
F-Secure	6.70.13030.0	2007.12.13	Trojan-Spy.Win32.Zbot.ej
Ikarus	T3.1.1.12	2007.12.13	Trojan-Spy.Win32.Zbot.ej
Kaspersky	7.0.0.125	2007.12.13	Trojan-Spy.Win32.Zbot.ej
McAfee	5184	2007.12.12	-
Microsoft	1.3007	2007.12.13	-
NOD32v2	2720	2007.12.12	-
Norman	5.80.02	2007.12.12	-
Panda	9.0.0.4	2007.12.12	Trj/Wsnpoem.NI
Prevx1	V2	2007.12.13	-
Rising	20.22.30.00	2007.12.13	-
Sophos	4.24.0	2007.12.13	-
Sunbelt	2.2.907.0	2007.12.13	-
Symantec	10	2007.12.13	Infostealer.Notos!gen
TheHacker	6.2.9.157	2007.12.12	Trojan/Spy.Zbot.ej
VBA32	3.12.2.5	2007.12.10	-
VirusBuster	4.3.26:9	2007.12.12	-
Webwasher-Gateway	6.6.2	2007.12.13	Trojan.Rkit.WsnPoem
Additional information
File size: 436224 bytes
MD5: ec43197aed08fa5ade6f3853341a96fe
```

----------


## Shu_b

эвона как бывает....



```
File avz00004.dta received on 12.12.2007 15:43:24 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	-	-	-
AntiVir	-	-	-
Authentium	-	-	-
Avast	-	-	-
AVG	-	-	-
BitDefender	-	-	-
CAT-QuickHeal	-	-	-
ClamAV	-	-	-
DrWeb	-	-	Trojan.PWS.Mailspy.origin
eSafe	-	-	-
eTrust-Vet	-	-	-
Ewido	-	-	-
FileAdvisor	-	-	-
Fortinet	-	-	-
F-Prot	-	-	-
F-Secure	-	-	-
Ikarus	-	-	-
Kaspersky	-	-	-
McAfee	-	-	-
Microsoft	-	-	-
NOD32v2	-	-	-
Norman	-	-	-
Panda	-	-	-
Prevx1	-	-	-
Rising	-	-	-
Sophos	-	-	-
Sunbelt	-	-	-
Symantec	-	-	-
TheHacker	-	-	-
VBA32	-	-	-
VirusBuster	-	-	-
Webwasher-Gateway	-	-	-
Additional information
MD5: dbdc82a265e16e784d0a4e97ce515e01
```

прошло два дня...

```
File avz00004.dta received on 12.14.2007 07:27:01 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.14.10	2007.12.13	-
AntiVir	7.6.0.45	2007.12.13	-
Authentium	4.93.8	2007.12.13	-
Avast	4.7.1098.0	2007.12.13	-
AVG	7.5.0.503	2007.12.13	-
BitDefender	7.2	2007.12.14	-
CAT-QuickHeal	9.00	2007.12.13	-
ClamAV	0.91.2	2007.12.13	-
DrWeb	4.44.0.09170	2007.12.13	Trojan.PWS.Mailspy.origin
eSafe	7.0.15.0	2007.12.13	-
eTrust-Vet	31.3.5374	2007.12.13	-
Ewido	4.0	2007.12.13	-
FileAdvisor	1	2007.12.14	-
Fortinet	3.14.0.0	2007.12.14	-
F-Prot	4.4.2.54	2007.12.13	-
F-Secure	6.70.13030.0	2007.12.14	-
Ikarus	T3.1.1.15	2007.12.14	-
Kaspersky	7.0.0.125	2007.12.14	Trojan-Proxy.Win32.Agent.ul
McAfee	5185	2007.12.13	-
Microsoft	1.3109	2007.12.14	-
NOD32v2	2722	2007.12.14	-
Norman	5.80.02	2007.12.13	-
Panda	9.0.0.4	2007.12.14	-
Prevx1	V2	2007.12.14	-
Rising	20.22.40.00	2007.12.14	-
Sophos	4.24.0	2007.12.14	-
Sunbelt	2.2.907.0	2007.12.14	-
Symantec	10	2007.12.14	-
TheHacker	6.2.9.159	2007.12.14	-
VBA32	3.12.2.5	2007.12.14	-
VirusBuster	4.3.26:9	2007.12.13	-
Webwasher-Gateway	6.6.2	2007.12.14	-
Additional information
File size: 241664 bytes
MD5: dbdc82a265e16e784d0a4e97ce515e01
SHA1: 9c990d0b3d3078fa4b40f8783ef431bad3429e54
PEiD: -
```

*Добавлено через 4 часа 21 минуту*

t-15259
Вроде пара, а детектируются совсем не одинаково... 


```
File vp7vmcia.exe received on 12.14.2007 11:43:10 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.14.11	2007.12.14	-
AntiVir	7.6.0.45	2007.12.14	-
Authentium	4.93.8	2007.12.13	-
Avast	4.7.1098.0	2007.12.13	Win32:Warezov-CLK
AVG	7.5.0.503	2007.12.13	I-Worm/Stration
BitDefender	7.2	2007.12.14	[email protected]
CAT-QuickHeal	9.00	2007.12.13	(Suspicious) - DNAScan
ClamAV	0.91.2	2007.12.14	-
DrWeb	4.44.0.09170	2007.12.14	Win32.HLLM.Limar
eSafe	7.0.15.0	2007.12.13	Suspicious File
eTrust-Vet	31.3.5375	2007.12.14	-
Ewido	4.0	2007.12.13	-
FileAdvisor	1	2007.12.14	-
Fortinet	3.14.0.0	2007.12.14	-
F-Prot	4.4.2.54	2007.12.13	W32/Heuristic-162!Eldorado
F-Secure	6.70.13030.0	2007.12.14	W32/Viking.EQ
Ikarus	T3.1.1.15	2007.12.14	Backdoor.Win32.Rbot.AJU
Kaspersky	7.0.0.125	2007.12.14	Email-Worm.Win32.Warezov.gen
McAfee	5185	2007.12.13	New Malware.n
Microsoft	1.3109	2007.12.14	-
NOD32v2	2722	2007.12.14	a variant of Win32/Stration.ABD
Norman	5.80.02	2007.12.13	W32/Suspicious_U.gen
Panda	9.0.0.4	2007.12.14	W32/Spamta.ADQ.worm
Prevx1	V2	2007.12.14	-
Rising	20.22.41.00	2007.12.14	Worm.Mail.Warezov.cj
Sophos	4.24.0	2007.12.14	Mal/EncPk-BW
Sunbelt	2.2.907.0	2007.12.14	VIPRE.Suspicious
Symantec	10	2007.12.14	-
TheHacker	6.2.9.159	2007.12.14	W32/Behav-Heuristic-060
VBA32	3.12.2.5	2007.12.14	-
VirusBuster	4.3.26:9	2007.12.13	Packed/Upack
Webwasher-Gateway	6.6.2	2007.12.14	Packer.UPACK
Additional information
File size: 93769 bytes
MD5: 34eff679d5d09d0e466dfb86d62f486f
SHA1: f1a3ebd40ae65a534ce9186b3490acedbe77fb18
PEiD: -
packers: PE_Patch, UPack
```



```
File vp7vmcia.dll received on 12.14.2007 11:43:21 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.14.11	2007.12.14	Win32/Stration.worm.Gen
AntiVir	7.6.0.45	2007.12.14	-
Authentium	4.93.8	2007.12.13	W32/Warezov.gen4
Avast	4.7.1098.0	2007.12.13	Win32:Warezov-CRX
AVG	7.5.0.503	2007.12.13	I-Worm/Stration
BitDefender	7.2	2007.12.14	Generic.Stration.BF196041
CAT-QuickHeal	9.00	2007.12.13	-
ClamAV	0.91.2	2007.12.14	-
DrWeb	4.44.0.09170	2007.12.14	Win32.HLLM.Limar
eSafe	7.0.15.0	2007.12.13	Suspicious File
eTrust-Vet	31.3.5375	2007.12.14	-
Ewido	4.0	2007.12.13	-
FileAdvisor	1	2007.12.14	-
Fortinet	3.14.0.0	2007.12.14	-
F-Prot	4.4.2.54	2007.12.13	W32/Warezov.gen4
F-Secure	6.70.13030.0	2007.12.14	-
Ikarus	T3.1.1.15	2007.12.14	-
Kaspersky	7.0.0.125	2007.12.14	-
McAfee	5185	2007.12.13	-
Microsoft	1.3109	2007.12.14	Trojan:Win32/Stration.F!dll
NOD32v2	2722	2007.12.14	-
Norman	5.80.02	2007.12.13	-
Panda	9.0.0.4	2007.12.14	-
Prevx1	V2	2007.12.14	-
Rising	20.22.41.00	2007.12.14	-
Sophos	4.24.0	2007.12.14	W32/Strati-Gen
Sunbelt	2.2.907.0	2007.12.14	-
Symantec	10	2007.12.14	-
TheHacker	6.2.9.159	2007.12.14	-
VBA32	3.12.2.5	2007.12.14	-
VirusBuster	4.3.26:9	2007.12.13	-
Webwasher-Gateway	6.6.2	2007.12.14	-
Additional information
File size: 118784 bytes
MD5: c46a64349de797bd24a689ee0b774af6
SHA1: e2683a98a513aabc92bf5a4a294d4be40586109a
PEiD: -
```

t-15272

```
File avz00004__1_._ta received on 12.14.2007 14:28:19 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.14.11	2007.12.14	-
AntiVir	7.6.0.45	2007.12.14	-
Authentium	4.93.8	2007.12.13	-
Avast	4.7.1098.0	2007.12.13	-
AVG	7.5.0.503	2007.12.14	-
BitDefender	7.2	2007.12.14	-
CAT-QuickHeal	9.00	2007.12.13	-
ClamAV	0.91.2	2007.12.14	-
DrWeb	4.44.0.09170	2007.12.14	Trojan.BhoSpy.origin
eSafe	7.0.15.0	2007.12.13	suspicious Trojan/Worm
eTrust-Vet	31.3.5375	2007.12.14	-
Ewido	4.0	2007.12.14	-
FileAdvisor	1	2007.12.14	-
Fortinet	3.14.0.0	2007.12.14	-
F-Prot	4.4.2.54	2007.12.13	-
F-Secure	6.70.13030.0	2007.12.14	-
Ikarus	T3.1.1.15	2007.12.14	Trojan.Win32.BHO.d
Kaspersky	7.0.0.125	2007.12.14	-
McAfee	5185	2007.12.13	-
Microsoft	1.3109	2007.12.14	Trojan:Win32/Adclicker.AO
NOD32v2	2723	2007.12.14	-
Norman	5.80.02	2007.12.13	-
Panda	9.0.0.4	2007.12.14	-
Prevx1	V2	2007.12.14	-
Rising	20.22.41.00	2007.12.14	-
Sophos	4.24.0	2007.12.14	-
Sunbelt	2.2.907.0	2007.12.14	-
Symantec	10	2007.12.14	Trojan.Adclicker
TheHacker	6.2.9.159	2007.12.14	-
VBA32	3.12.2.5	2007.12.14	-
VirusBuster	4.3.26:9	2007.12.13	-
Webwasher-Gateway	6.0.1	2007.12.14	-
Additional information
File size: 25600 bytes
MD5: bc4efbf73eafc728fe58fc2636c5b87a
SHA1: bd9e8c3a1ef447aa38d16746c3b47f95c14de725
PEiD: -
packers: UPX
```



```
File avz00005__1_._ta received on 12.14.2007 14:30:27 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.14.11	2007.12.14	-
AntiVir	7.6.0.45	2007.12.14	-
Authentium	4.93.8	2007.12.13	-
Avast	4.7.1098.0	2007.12.13	Win32:Trojan-gen {Other}
AVG	7.5.0.503	2007.12.14	-
BitDefender	7.2	2007.12.14	Trojan.Agent.AFJP
CAT-QuickHeal	9.00	2007.12.13	-
ClamAV	0.91.2	2007.12.14	-
DrWeb	4.44.0.09170	2007.12.14	Trojan.Inject.363
eSafe	7.0.15.0	2007.12.13	-
eTrust-Vet	31.3.5375	2007.12.14	-
Ewido	4.0	2007.12.14	-
FileAdvisor	1	2007.12.14	High threat detected
Fortinet	3.14.0.0	2007.12.14	-
F-Prot	4.4.2.54	2007.12.13	-
F-Secure	6.70.13030.0	2007.12.14	-
Ikarus	T3.1.1.15	2007.12.14	Virus.Win32.Trojan
Kaspersky	7.0.0.125	2007.12.14	-
McAfee	5185	2007.12.13	-
Microsoft	1.3109	2007.12.14	-
NOD32v2	2723	2007.12.14	-
Norman	5.80.02	2007.12.13	-
Panda	9.0.0.4	2007.12.14	Trj/Inject.O
Prevx1	V2	2007.12.14	-
Rising	20.22.41.00	2007.12.14	Trojan.Win32.Inject.dg
Sophos	4.24.0	2007.12.14	-
Sunbelt	2.2.907.0	2007.12.14	-
Symantec	10	2007.12.14	Trojan.Farfli
TheHacker	6.2.9.159	2007.12.14	-
VBA32	3.12.2.5	2007.12.14	-
VirusBuster	4.3.26:9	2007.12.13	-
Webwasher-Gateway	6.0.1	2007.12.14	-
Additional information
File size: 3072 bytes
MD5: 8651fab023f6fbd1b02428ce2889e9e4
```

----------


## rubin

Файл avz00001.dta получен 2007.12.16 16:11:03 (CET)


```
AhnLab-V3	2007.12.15.10	2007.12.14	-
AntiVir	7.6.0.45	2007.12.16	TR/Dldr.Delf.djm
Authentium	4.93.8	2007.12.16	-
Avast	4.7.1098.0	2007.12.16	-
AVG	7.5.0.503	2007.12.16	Downloader.Generic6.ZTJ
BitDefender	7.2	2007.12.16	-
CAT-QuickHeal	9.00	2007.12.15	-
ClamAV	0.91.2	2007.12.16	-
DrWeb	4.44.0.09170	2007.12.16	-
eSafe	7.0.15.0	2007.12.13	-
eTrust-Vet	31.3.5377	2007.12.15	-
Ewido	4.0	2007.12.16	-
FileAdvisor	1	2007.12.16	-
Fortinet	3.14.0.0	2007.12.16	-
F-Prot	4.4.2.54	2007.12.16	W32/Backdoor2.ATN
F-Secure	6.70.13030.0	2007.12.16	Trojan-Downloader.Win32.Delf.djm
Ikarus	T3.1.1.15	2007.12.16	Trojan-Downloader.Win32.Delf.djm
Kaspersky	7.0.0.125	2007.12.16	Trojan-Downloader.Win32.Delf.djm
McAfee	5186	2007.12.14	-
Microsoft	1.3109	2007.12.16	Trojan:Win32/Delflob.D
NOD32v2	2723	2007.12.14	Win32/Adware.IeDefender
Norman	5.80.02	2007.12.13	-
Panda	9.0.0.4	2007.12.16	Adware/VideoDecoder
Prevx1	V2	2007.12.16	-
Rising	20.22.41.00	2007.12.14	-
Sophos	4.24.0	2007.12.15	Mal/Emogen-N
Sunbelt	2.2.907.0	2007.12.15	-
Symantec	10	2007.12.15	-
TheHacker	6.2.9.160	2007.12.14	-
VBA32	3.12.2.5	2007.12.15	-
VirusBuster	4.3.26:9	2007.12.16	-
Webwasher-Gateway	6.6.2	2007.12.16	-

Дополнительная информация
File size: 222208 bytes
MD5: c7c05b733e1db6c2ee9d847b7296a0ab
SHA1: 368759f675f0066375e4fd0b45309ddde8afabc4
PEiD: ASPack v2.12 -&gt; Alexey Solodovnikov
packers: ASPack
```

----------


## Shu_b

t-15367

```
File svchost.exe received on 12.17.2007 06:13:11 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.17.10	2007.12.17	-
AntiVir	7.6.0.45	2007.12.16	TR/Rootkit.Gen
Authentium	4.93.8	2007.12.16	-
Avast	4.7.1098.0	2007.12.16	-
AVG	7.5.0.503	2007.12.16	-
BitDefender	7.2	2007.12.17	-
CAT-QuickHeal	9.00	2007.12.15	-
ClamAV	0.91.2	2007.12.17	-
DrWeb	4.44.0.09170	2007.12.16	BackDoor.PifPaf.origin
eSafe	7.0.15.0	2007.12.16	-
eTrust-Vet	31.3.5377	2007.12.15	Win32/Unknown
Ewido	4.0	2007.12.16	-
FileAdvisor	1	2007.12.17	-
Fortinet	3.14.0.0	2007.12.17	-
F-Prot	4.4.2.54	2007.12.17	-
F-Secure	6.70.13030.0	2007.12.17	Backdoor.Win32.IRCBot.avf
Ikarus	T3.1.1.15	2007.12.17	-
Kaspersky	7.0.0.125	2007.12.17	Backdoor.Win32.IRCBot.avf
McAfee	5186	2007.12.14	-
Microsoft	1.3109	2007.12.17	-
NOD32v2	2723	2007.12.14	-
Norman	5.80.02	2007.12.13	-
Panda	9.0.0.4	2007.12.16	Suspicious file
Prevx1	V2	2007.12.17	Heuristic: Suspicious Self Modifying File
Rising	20.22.41.00	2007.12.14	Backdoor.Win32.IRCbot.anh
Sophos	4.24.0	2007.12.16	Mal/Behav-059
Sunbelt	2.2.907.0	2007.12.15	-
Symantec	10	2007.12.15	-
TheHacker	6.2.9.160	2007.12.14	-
VBA32	3.12.2.5	2007.12.15	-
VirusBuster	4.3.26:9	2007.12.16	-
Webwasher-Gateway	6.6.2	2007.12.17	Trojan.Rootkit.Gen
Additional information
File size: 66560 bytes
MD5: 83ebab351e7a88e7b84863afc2b2e9fa
```

t-15357 кто знает руткита?

```
File vncbwxjt.dat received on 12.17.2007 08:21:30 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.17.10	2007.12.17	-
AntiVir	7.6.0.45	2007.12.17	TR/Rootkit.Gen
Authentium	4.93.8	2007.12.16	-
Avast	4.7.1098.0	2007.12.16	-
AVG	7.5.0.503	2007.12.16	-
BitDefender	7.2	2007.12.17	Trojan.Rootkit.Agent.NDW
CAT-QuickHeal	9.00	2007.12.15	Rootkit.Agent.ql
ClamAV	0.91.2	2007.12.17	-
DrWeb	4.44.0.09170	2007.12.16	Trojan.NtRootKit.511
eSafe	7.0.15.0	2007.12.16	-
eTrust-Vet	31.3.5377	2007.12.15	Win32/Kvol.Q
Ewido	4.0	2007.12.16	-
FileAdvisor	1	2007.12.17	-
Fortinet	3.14.0.0	2007.12.17	-
F-Prot	4.4.2.54	2007.12.17	W32/Rootkit.AHL
F-Secure	6.70.13030.0	2007.12.17	Rootkit.Win32.Agent.ql
Ikarus	T3.1.1.15	2007.12.17	Rootkit.Win32.Agent.ql
Kaspersky	7.0.0.125	2007.12.17	Rootkit.Win32.Agent.ql
McAfee	5186	2007.12.14	-
Microsoft	1.3109	2007.12.17	-
NOD32v2	2726	2007.12.17	-
Norman	5.80.02	2007.12.14	-
Panda	9.0.0.4	2007.12.16	-
Prevx1	V2	2007.12.17	Win32.Rootkit.Gen
Rising	20.23.00.00	2007.12.17	-
Sophos	4.24.0	2007.12.16	-
Sunbelt	2.2.907.0	2007.12.15	-
Symantec	10	2007.12.17	-
TheHacker	6.2.9.160	2007.12.14	-
VBA32	3.12.2.5	2007.12.15	-
VirusBuster	4.3.26:9	2007.12.16	Rootkit.Agent.XBM
Webwasher-Gateway	6.6.2	2007.12.17	Trojan.Rootkit.Gen
Additional information
File size: 19456 bytes
MD5: b0e801a834bd344fcb4c5f53fdf495a8
SHA1: ad7e31f0060490886ed0f2947080611c670c6764
```

*Добавлено через 2 часа 11 минут*

t-15251 Эвристик VBA радует, жаль что нечасто... 

```
File avz00001.dta received on 12.17.2007 08:34:05 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.17.10	2007.12.17	-
AntiVir	7.6.0.45	2007.12.17	-
Authentium	4.93.8	2007.12.16	-
Avast	4.7.1098.0	2007.12.16	-
AVG	7.5.0.503	2007.12.16	-
BitDefender	7.2	2007.12.17	-
CAT-QuickHeal	9.00	2007.12.15	-
ClamAV	0.91.2	2007.12.17	-
DrWeb	4.44.0.09170	2007.12.16	-
eSafe	7.0.15.0	2007.12.16	-
eTrust-Vet	31.3.5377	2007.12.15	-
Ewido	4.0	2007.12.16	-
FileAdvisor	1	2007.12.17	-
Fortinet	3.14.0.0	2007.12.17	-
F-Prot	4.4.2.54	2007.12.17	-
F-Secure	6.70.13030.0	2007.12.17	Trojan.Win32.Agent.dkf
Ikarus	T3.1.1.15	2007.12.17	-
Kaspersky	7.0.0.125	2007.12.17	Trojan.Win32.Agent.dkf
McAfee	5186	2007.12.14	-
Microsoft	1.3109	2007.12.17	-
NOD32v2	2726	2007.12.17	-
Norman	5.80.02	2007.12.14	-
Panda	9.0.0.4	2007.12.16	-
Prevx1	V2	2007.12.17	-
Rising	20.23.00.00	2007.12.17	-
Sophos	4.24.0	2007.12.16	-
Sunbelt	2.2.907.0	2007.12.15	-
Symantec	10	2007.12.17	-
TheHacker	6.2.9.160	2007.12.14	-
VBA32	3.12.2.5	2007.12.15	suspected of Trojan-Downloader.PassAlert.2
VirusBuster	4.3.26:9	2007.12.16	-
Webwasher-Gateway	6.6.2	2007.12.17	-
Additional information
File size: 17920 bytes
MD5: 521a3ba1db0ee2caa04b85ea0ab27390
```

т-15300 

```
File avz00010.dta received on 12.17.2007 09:10:51 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.14.11	2007.12.14	-
AntiVir	7.6.0.45	2007.12.17	TR/Dldr.Small.hdo.1
Authentium	4.93.8	2007.12.13	-
Avast	4.7.1098.0	2007.12.13	-
AVG	7.5.0.503	2007.12.13	-
BitDefender	7.2	2007.12.17	-
CAT-QuickHeal	9.00	2007.12.13	-
ClamAV	0.91.2	2007.12.14	-
DrWeb	4.44.0.09170	2007.12.14	-
eSafe	7.0.15.0	2007.12.13	-
eTrust-Vet	31.3.5382	2007.12.17	Win32/Chepvil!generic
Ewido	4.0	2007.12.14	-
FileAdvisor	1	2007.12.17	-
Fortinet	3.14.0.0	2007.12.14	-
F-Prot	4.4.2.54	2007.12.13	-
F-Secure	6.70.13030.0	2007.12.17	Trojan-Downloader.Win32.Small.hdo
Ikarus	T3.1.1.15	2007.12.14	-
Kaspersky	7.0.0.125	2007.12.17	Trojan-Downloader.Win32.Small.hdo
McAfee	5185	2007.12.13	-
Microsoft	1.3109	2007.12.14	-
NOD32v2	2726	2007.12.17	-
Norman	5.80.02	2007.12.14	W32/Malware
Panda	9.0.0.4	2007.12.14	-
Prevx1	V2	2007.12.17	-
Rising	20.22.41.00	2007.12.14	-
Sophos	4.24.0	2007.12.17	-
Sunbelt	2.2.907.0	2007.12.14	-
Symantec	10	2007.12.17	-
TheHacker	6.2.9.159	2007.12.14	-
VBA32	3.12.2.5	2007.12.14	-
VirusBuster	4.3.26:9	2007.12.13	-
Webwasher-Gateway	6.0.1	2007.12.17	Trojan.Dldr.Small.hdo.1
Additional information
File size: 8704 bytes
MD5: 6546cdedb878e65ff6274327d92309cd
```

----------


## rubin

Файл avz00001.dta получен 2007.12.18 12:43:29 (CET)


```
AhnLab-V3	2007.12.18.11	2007.12.18	Win-Trojan/Agent.677888
AntiVir	7.6.0.45	2007.12.18	-
Authentium	4.93.8	2007.12.18	-
Avast	4.7.1098.0	2007.12.17	-
AVG	7.5.0.503	2007.12.17	-
BitDefender	7.2	2007.12.18	BehavesLike:Trojan.ShellStartup
CAT-QuickHeal	9.00	2007.12.17	-
ClamAV	0.91.2	2007.12.18	-
DrWeb	4.44.0.09170	2007.12.18	-
eSafe	7.0.15.0	2007.12.17	-
eTrust-Vet	31.3.5385	2007.12.18	-
Ewido	4.0	2007.12.18	-
FileAdvisor	1	2007.12.18	-
Fortinet	3.14.0.0	2007.12.18	-
F-Prot	4.4.2.54	2007.12.18	-
F-Secure	6.70.13030.0	2007.12.18	-
Ikarus	T3.1.1.15	2007.12.18	BehavesLikeTrojan.ShellStartup
Kaspersky	7.0.0.125	2007.12.18	Trojan-Clicker.Win32.Agent.op
McAfee	5187	2007.12.17	-
Microsoft	1.3109	2007.12.18	-
NOD32v2	2729	2007.12.18	-
Norman	5.80.02	2007.12.17	-
Panda	9.0.0.4	2007.12.18	-
Prevx1	V2	2007.12.18	-
Rising	20.23.12.00	2007.12.18	-
Sophos	4.24.0	2007.12.18	-
Sunbelt	2.2.907.0	2007.12.18	-
Symantec	10	2007.12.18	-
TheHacker	6.2.9.162	2007.12.17	-
VBA32	3.12.2.5	2007.12.17	suspected of Embedded.Trojan.Win32.ViniX
VirusBuster	4.3.26:9	2007.12.17	-
Webwasher-Gateway	6.0.1	2007.12.18	-
```

Дополнительная информация
File size: 687616 bytes
MD5: 03c1bbbc57e9b85b448e36541cb9f46d
SHA1: 9d8206da74f1bde05946c7ee0a8c165df9b31eae
PEiD: Armadillo v1.71

----------


## Макcим

Файл avz00001.dta получен 2007.12.18 15:53:45 (CET)



> AhnLab-V3	2007.12.18.11	2007.12.18	-
> AntiVir	7.6.0.45	2007.12.18	TR/Crypt.XPACK.Gen
> Authentium	4.93.8	2007.12.18	-
> Avast	4.7.1098.0	2007.12.17	Win32:Kbot-D
> AVG	7.5.0.503	2007.12.17	SHeur.SHY
> BitDefender	7.2	2007.12.18	Trojan.AVKiller.AW
> CAT-QuickHeal	9.00	2007.12.17	(Suspicious) - DNAScan
> ClamAV	0.91.2	2007.12.18	-
> DrWeb	4.44.0.09170	2007.12.18	Trojan.MulDrop.8347
> ...


Дополнительная информация
File size: 12868 bytes
MD5: 9d537c85b5071a82695474ca45621822
SHA1: 9f6b2251125a4751f593ad693b564470839d48c5
PEiD: BlackEnergy DDoS Bot Crypter
Bit9 info: http://fileadvisor.bit9.com/services...5474ca45621822

----------


## rubin

\com\lsass.exe 
Файл avz00002.dta получен 2007.12.18 18:09:58 (CET)


```
AhnLab-V3	2007.12.19.10	2007.12.18	-
AntiVir	7.6.0.45	2007.12.18	TR/Agent.dzc.1
Authentium	4.93.8	2007.12.18	-
Avast	4.7.1098.0	2007.12.17	-
AVG	7.5.0.503	2007.12.17	Downloader.Agent.14.R
BitDefender	7.2	2007.12.18	Trojan.Pinx.A
CAT-QuickHeal	9.00	2007.12.18	-
ClamAV	0.91.2	2007.12.18	-
DrWeb	4.44.0.09170	2007.12.18	-
eSafe	7.0.15.0	2007.12.18	-
eTrust-Vet	31.3.5385	2007.12.18	-
Ewido	4.0	2007.12.18	-
FileAdvisor	1	2007.12.18	-
Fortinet	3.14.0.0	2007.12.18	-
F-Prot	4.4.2.54	2007.12.18	W32/BadBHO.A.gen!Eldorado
F-Secure	6.70.13030.0	2007.12.18	-
Ikarus	T3.1.1.15	2007.12.18	-
Kaspersky	7.0.0.125	2007.12.18	-
McAfee	5187	2007.12.17	W32/Fujacks
Microsoft	1.3109	2007.12.18	-
NOD32v2	2730	2007.12.18	-
Norman	5.80.02	2007.12.18	-
Panda	9.0.0.4	2007.12.18	Adware/BaiduBar
Prevx1	V2	2007.12.18	Heuristic: Suspicious File With Bad Child Associations
Rising	20.23.12.00	2007.12.18	Worm.Win32.DiskGen.ay
Sophos	4.24.0	2007.12.18	Mal/Packer
Sunbelt	2.2.907.0	2007.12.18	-
Symantec	10	2007.12.18	W32.Pagipef.I
TheHacker	6.2.9.163	2007.12.18	-
VBA32	3.12.2.5	2007.12.17	-
VirusBuster	4.3.26:9	2007.12.18	Packed/FSG
Webwasher-Gateway	6.6.2	2007.12.18	Trojan.Agent.dzc.1
```

Дополнительная информация
File size: 102400 bytes
MD5: 6d8280c2b3a8265efe330a50c7db8312
SHA1: c3e2a50cac6b58a7666c934420a381083a2ea899
PEiD: Armadillo v1.71
Prevx info: http://info.prevx.com/aboutprogramte...2EBE000ABE57DC

----------


## santy

File _msntsrv.exe_ received on 12.18.2007 22:24:34 (CET)
Result: 2/32 (6.25%)
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	-	-	-
AntiVir	-	-	-
Authentium	-	-	-
Avast	-	-	-
AVG	-	-	-
BitDefender	-	-	-
CAT-QuickHeal	-	-	-
ClamAV	-	-	-
DrWeb	-	-	-
*eSafe	-	-	Suspicious File*
eTrust-Vet	-	-	-
Ewido	-	-	-
FileAdvisor	-	-	-
Fortinet	-	-	-
F-Prot	-	-	-
F-Secure	-	-	-
Ikarus	-	-	-
Kaspersky	-	-	-
McAfee	-	-	-
Microsoft	-	-	-
*NOD32v2	-	-	a variant of Win32/Injector.F*
Norman	-	-	-
Panda	-	-	-
Prevx1	-	-	-
Rising	-	-	-
Sophos	-	-	-
Sunbelt	-	-	-
Symantec	-	-	-
TheHacker	-	-	-
VBA32	-	-	-
VirusBuster	-	-	-
Webwasher-Gateway	-	-	-
Additional information
MD5: 0c31e0783fda89f9f5daff4861fc1f86

----------


## rubin

t=15470
айл avz00002.dta получен 2007.12.19 19:07:31 (CET)


```
AhnLab-V3	2007.12.20.10	2007.12.19	-
AntiVir	7.6.0.45	2007.12.19	-
Authentium	4.93.8	2007.12.19	-
Avast	4.7.1098.0	2007.12.18	-
AVG	7.5.0.503	2007.12.19	-
BitDefender	7.2	2007.12.19	-
CAT-QuickHeal	9.00	2007.12.19	-
ClamAV	0.91.2	2007.12.19	-
DrWeb	4.44.0.09170	2007.12.19	-
eSafe	7.0.15.0	2007.12.19	-
eTrust-Vet	31.3.5386	2007.12.18	-
Ewido	4.0	2007.12.19	-
FileAdvisor	1	2007.12.19	-
Fortinet	3.14.0.0	2007.12.19	-
F-Prot	4.4.2.54	2007.12.18	-
F-Secure	6.70.13030.0	2007.12.19	-
Ikarus	T3.1.1.15	2007.12.19	-
Kaspersky	7.0.0.125	2007.12.19	SpamTool.Win32.Agent.ee
McAfee	5189	2007.12.19	-
Microsoft	1.3109	2007.12.19	-
NOD32v2	2734	2007.12.19	-
Norman	5.80.02	2007.12.19	-
Panda	9.0.0.4	2007.12.18	-
Prevx1	V2	2007.12.19	SystemPoser:Trojan-a
Rising	20.23.22.00	2007.12.19	-
Sophos	4.24.0	2007.12.19	-
Sunbelt	2.2.907.0	2007.12.19	-
Symantec	10	2007.12.19	-
TheHacker	6.2.9.165	2007.12.19	-
VBA32	3.12.2.5	2007.12.19	-
VirusBuster	4.3.26:9	2007.12.19	-
Webwasher-Gateway	6.6.2	2007.12.19	-
```

Дополнительная информация
File size: 33280 bytes
MD5: 182d10f02592b398575cb25bccc8ad8b
SHA1: e9eabd6d65b65a72056fdf9bd287333c17bd0495
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...F3520000CD71DE

----------


## XL

Файл ndisrd.sys получен 2007.12.19 19:45:21



```
AhnLab-V3	2007.12.20.10	2007.12.19	-
AntiVir	7.6.0.45	2007.12.19	TR/Dldr.Small.AQI.3
Authentium	4.93.8	2007.12.19	-
Avast	4.7.1098.0	2007.12.18	-
AVG	7.5.0.503	2007.12.19	Generic5.LQN
BitDefender	7.2	2007.12.19	Trojan.Generic.61039
CAT-QuickHeal	9.00	2007.12.19	-
ClamAV	0.91.2	2007.12.19	-
DrWeb	4.44.0.09170	2007.12.19	-
eSafe	7.0.15.0	2007.12.19	-
eTrust-Vet	31.3.5387	2007.12.19	-
Ewido	4.0	2007.12.19	Downloader.Small
FileAdvisor	1	2007.12.19	High threat detected
Fortinet	3.14.0.0	2007.12.19	W32/Small.AQI!tr
F-Prot	4.4.2.54	2007.12.18	W32/DownloaderX.UDM
F-Secure	6.70.13030.0	2007.12.19	W32/Smalltroj.LRX
Ikarus	T3.1.1.15	2007.12.19	-
Kaspersky	7.0.0.125	2007.12.19	-
McAfee	5189	2007.12.19	-
Microsoft	1.3109	2007.12.19	TrojanDownloader:Win32/Small
NOD32v2	2734	2007.12.19	-
Norman	5.80.02	2007.12.19	W32/Smalltroj.LRX
Panda	9.0.0.4	2007.12.18	-
Prevx1	V2	2007.12.19	-
Rising	20.23.22.00	2007.12.19	-
Sophos	4.24.0	2007.12.19	-
Sunbelt	2.2.907.0	2007.12.19	-
Symantec	10	2007.12.19	-
TheHacker	6.2.9.165	2007.12.19	-
VBA32	3.12.2.5	2007.12.19	-
VirusBuster	4.3.26:9	2007.12.19	-
Webwasher-Gateway	6.6.2	2007.12.19	Trojan.Dldr.Small.AQI.3

File size: 15338 bytes
MD5: 62d4ef02daab1e5a32a2dee911bbb8a2
```

----------


## Макcим

Файл avz00005.dta получен 2007.12.22 10:30:48 (CET)



> AhnLab-V3	2007.12.22.10	2007.12.21	*Win-Trojan/Conhook.121876.D
> AntiVir	7.6.0.46	2007.12.21	TR/Dldr.ConHook.Gen*
> Authentium	4.93.8	2007.12.21	-
> *Avast	4.7.1098.0	2007.12.21	Win32:Adware-gen
> AVG	7.5.0.503	2007.12.21	Adware Generic2.WJX
> BitDefender	7.2	2007.12.22	Trojan.Conhook.Y
> CAT-QuickHeal	9.00	2007.12.22	AdWare.BHO.nv (Not a Virus)
> ClamAV	0.91.2	2007.12.22	Adware.BHO-181
> DrWeb	4.44.0.09170	2007.12.21	Adware.Crew
> ...


Дополнительная информация
File size: 121876 bytes
MD5: a4693d78511723681930fb2fc144e1b6
SHA1: de04b3a37b95f3a16f556b74124c521856a8d563
PEiD: -
packers: Morphine
packers: Morphine
Prevx info: http://info.prevx.com/aboutprogramte...FEEF006D771E7E

----------


## Shu_b

t-15578


```
File jkklm.dll received on 12.24.2007 10:05:58 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.24.10	2007.12.24	-
AntiVir	7.6.0.46	2007.12.24	TR/Agent.316512
Authentium	4.93.8	2007.12.23	-
Avast	4.7.1098.0	2007.12.23	-
AVG	7.5.0.516	2007.12.23	BHO.CTB
BitDefender	7.2	2007.12.24	Trojan.Vundo.DRM
CAT-QuickHeal	9.00	2007.12.22	-
ClamAV	0.91.2	2007.12.24	-
DrWeb	4.44.0.09170	2007.12.24	-
eSafe	7.0.15.0	2007.12.23	-
eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.23	-
FileAdvisor	1	2007.12.24	-
Fortinet	3.14.0.0	2007.12.24	-
F-Prot	4.4.2.54	2007.12.23	W32/Virtumonde.G.gen!Eldorado
F-Secure	6.70.13030.0	2007.12.24	Vundo.gen49
Ikarus	T3.1.1.15	2007.12.24	Trojan.Vundo.DRM
Kaspersky	7.0.0.125	2007.12.24	-
McAfee	5191	2007.12.21	-
Microsoft	1.3109	2007.12.24	Trojan:Win32/Vundo.gen!A
NOD32v2	2744	2007.12.23	-
Norman	5.80.02	2007.12.21	Vundo.gen49
Panda	9.0.0.4	2007.12.23	Spyware/Vundo
Prevx1	V2	2007.12.24	Rogue Antispyware:All Strains-All Variants
Rising	20.24.00.00	2007.12.24	-
Sophos	4.24.0	2007.12.24	-
Sunbelt	2.2.907.0	2007.12.21	-
Symantec	10	2007.12.24	-
TheHacker	6.2.9.168	2007.12.22	-
VBA32	3.12.2.5	2007.12.22	-
VirusBuster	4.3.26:9	2007.12.23	Adware.Vundo.V.Gen
Webwasher-Gateway	6.6.2	2007.12.24	Trojan.Agent.316512
Additional information
File size: 316512 bytes
MD5: 03cb87e667cd31645b6f4256c4c6cbaa
```



```
File eotfkuyf.dll received on 12.24.2007 10:05:44 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.24.10	2007.12.24	-
AntiVir	7.6.0.46	2007.12.24	TR/Vundo.Gen
Authentium	4.93.8	2007.12.23	-
Avast	4.7.1098.0	2007.12.23	-
AVG	7.5.0.516	2007.12.23	Obfustat.ADEL
BitDefender	7.2	2007.12.24	-
CAT-QuickHeal	9.00	2007.12.22	-
ClamAV	0.91.2	2007.12.24	-
DrWeb	4.44.0.09170	2007.12.24	Trojan.Virtumod.251
eSafe	7.0.15.0	2007.12.23	Suspicious File
eTrust-Vet	31.3.5400	2007.12.24	Win32/Vundo.IX
Ewido	4.0	2007.12.23	-
FileAdvisor	1	2007.12.24	-
Fortinet	3.14.0.0	2007.12.24	-
F-Prot	4.4.2.54	2007.12.23	W32/Virtumonde.G.gen!Eldorado
F-Secure	6.70.13030.0	2007.12.24	-
Ikarus	T3.1.1.15	2007.12.24	-
Kaspersky	7.0.0.125	2007.12.24	-
McAfee	5191	2007.12.21	-
Microsoft	1.3109	2007.12.24	Trojan:Win32/Vundo.gen!A
NOD32v2	2744	2007.12.23	-
Norman	5.80.02	2007.12.21	-
Panda	9.0.0.4	2007.12.23	Spyware/Virtumonde
Prevx1	V2	2007.12.24	-
Rising	20.24.00.00	2007.12.24	-
Sophos	4.24.0	2007.12.24	Troj/Virtum-Gen
Sunbelt	2.2.907.0	2007.12.21	-
Symantec	10	2007.12.24	-
TheHacker	6.2.9.168	2007.12.22	Adware/SecToolBar.y
VBA32	3.12.2.5	2007.12.22	-
VirusBuster	4.3.26:9	2007.12.23	Adware.Vundo.V.Gen
Webwasher-Gateway	6.6.2	2007.12.24	Trojan.Vundo.Gen
Additional information
File size: 165472 bytes
MD5: 0e0691c9faf2a69a96d44ac24bb281c3
```

----------


## vlad179

Файл avz00001.dta получен 2007.12.24 12:00:39 (CET)

Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.12.24.10	2007.12.24	-
AntiVir	7.6.0.46	2007.12.24	*DR/Delphi.Gen*
Authentium	4.93.8	2007.12.23	-
Avast	4.7.1098.0	2007.12.24	-
AVG	7.5.0.516	2007.12.23	*Agent.MCC*
BitDefender	7.2	2007.12.24	*Trojan.PSW.LdPinch.AKX*
CAT-QuickHeal	9.00	2007.12.22	-
ClamAV	0.91.2	2007.12.24	-
DrWeb	4.44.0.09170	2007.12.24	-
eSafe	7.0.15.0	2007.12.23	-
eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.24	-
FileAdvisor	1	2007.12.24	-
Fortinet	3.14.0.0	2007.12.24	*W32/Dropper.DMW!tr*
F-Prot	4.4.2.54	2007.12.23	-
F-Secure	6.70.13030.0	2007.12.24	*Trojan.Win32.Agent.dmw*
Ikarus	T3.1.1.15	2007.12.24	*Virus.Win32.Zapchast.DA*
Kaspersky	7.0.0.125	2007.12.24	*Trojan.Win32.Agent.dmw*
McAfee	5191	2007.12.21	-
Microsoft	1.3109	2007.12.24	*VirTool:Win32/DelfInject.gen!AA*
NOD32v2	2745	2007.12.24	-
Norman	5.80.02	2007.12.24	*LdPinch.STT*
Panda	9.0.0.4	2007.12.23	-
Prevx1	V2	2007.12.24	-
Rising	20.24.01.00	2007.12.24	*Trojan.DL.Win32.Agent.bxw*
Sophos	4.24.0	2007.12.24	*Mal/Dropper-T*
Sunbelt	2.2.907.0	2007.12.21	-
TheHacker	6.2.9.168	2007.12.22	*Trojan/Agent.dmw*
VBA32	3.12.2.5	2007.12.22	-
VirusBuster	4.3.26:9	2007.12.23	-
Webwasher-Gateway	6.6.2	2007.12.24	*Trojan.Dropper.Delphi.Gen*

Дополнительная информация
File size: 42496 bytes
MD5: e52ef0b4afca6e89c1bb2abdeb59543c
SHA1: dc1bd5e85c38918777f928ac398642dee3d997bb
PEiD: -

----------


## strawser

File Keylog.zip received on 12.03.2007 14:14:43 (CET)
Current status:  finished 
Result: 26/32 (81.25%) 
Version	Last Update	Result
AhnLab-V3	-	-	-
*AntiVir	-	-	TR/SPY.KeyLogger.LF
Authentium	-	-	W32/Trojan.OGD
Avast	-	-	Win32:Keylogger-DO
AVG	-	-	PSW.Generic2.LFE
BitDefender	-	-	Trojan.Spy.Keylogger.LF*
CAT-QuickHeal	-	-	
ClamAV	-	-	-
DrWeb	-	-	-
*eSafe	-	-	Win32.Trojan
eTrust-Vet	-	-	Win32/VMalum.ANED
Ewido	-	-	Logger.KeyLogger.lf
FileAdvisor	-	-	High threat detected
Fortinet	-	-	Spy/KeyLogger
F-Prot	-	-	W32/Trojan.OGD
F-Secure	-	-	Trojan-Spy.Win32.KeyLogger.lf
Ikarus	-	-	Trojan-Spy.Win32.KeyLogger.lf
Kaspersky	-	-	Trojan-Spy.Win32.KeyLogger.lf
McAfee	-	-	Generic.do*
Microsoft	-	-	-
*NOD32v2	-	-	Win32/Spy.KeyLogger.LF
Norman	-	-	W32/Keylog.BAM
Panda	-	-	Trj/Keylog.LH*
Prevx1	-	-	-
*Rising	-	-	Trojan.Spy.KeyLogger.agx
Sophos	-	-	Mal/Generic-A
Sunbelt	-	-	Trojan-Spy.Win32.KeyLogger.lf
Symantec	-	-	Infostealer
TheHacker	-	-	Trojan/Spy.KeyLogger.lf
VBA32	-	-	Trojan-Spy.Win32.KeyLogger.lf
VirusBuster	-	-	TrojanSpy.KeyLogger.JX
Webwasher-Gateway	-	-	Trojan.SPY.KeyLogger.LF*

Additional information
MD5: 8935a514da0aac5d8828c4afa37a6c08


File Trojan_Spy_Banker_qez.rar received on 12.24.2007 15:38:13 (CET)
Current status:  finished 
Result: 6/32 (18.75%) 
 Compact 
Print results  Antivirus	Version	Last Update	Result
AhnLab-V3	-	-	-
AntiVir	-	-	-
Authentium	-	-	-
Avast	-	-	-
AVG	-	-	-
BitDefender	-	-	-
*CAT-QuickHeal	-	-	TrojanSpy.Banker.gez*
ClamAV	-	-	-
*DrWeb	-	-	Adware.MoneyGainer*
eSafe	-	-	-
eTrust-Vet	-	-	-
Ewido	-	-	-
FileAdvisor	-	-	-
Fortinet	-	-	-
*F-Prot	-	-	W32/Banker.BBZT*
F-Secure	-	-	-
*Ikarus	-	-	Trojan-Spy.Win32.Banker.gez*
Kaspersky	-	-	-
McAfee	-	-	-
Microsoft	-	-	-
NOD32v2	-	-	-
Norman	-	-	-
Panda	-	-	-
*Prevx1	-	-	Heuristic: Suspicious File With Bad Child Associations*
Rising	-	-	-
Sophos	-	-	-
Sunbelt	-	-	-
Symantec	-	-	-
TheHacker	-	-	-
*VBA32	-	-	Trojan-Spy.Win32.Banker.gez*
VirusBuster	-	-	-
Webwasher-Gateway	-	-	-
Additional information
MD5: b6aaf0e414282bd28a625f09e88d0e8c

*Mcafee ???*

Trojan_program_Rootkit.Win32.Agen received on 12.24.2007 15:43:58 (CET)
Current status:  finished 
Result: 24/32 (75%) 
 Antivirus	Version	Last Update	Result
AhnLab-V3	-	-	-
*AntiVir	-	-	TR/Crypt.XDR.Gen*
Authentium	-	-	-
*Avast	-	-	Win32:Trojan-gen {UPX}
AVG	-	-	Dropper.Agent.9.Q
BitDefender	-	-	Trojan.Srizbi.T
CAT-QuickHeal	-	-	Rootkit.Agent.ld*
ClamAV	-	-	-
*DrWeb	-	-	Trojan.NtRootKit.493
eSafe	-	-	Rootkit.Win32.Agent.*
eTrust-Vet	-	-	-
*Ewido	-	-	Rootkit.Agent.ld*
FileAdvisor	-	-	-
*Fortinet	-	-	W32/Agent.LD!tr.rkit
F-Prot	-	-	W32/Rootkit.AGQ
F-Secure	-	-	Rootkit.Win32.Agent.ld
Ikarus	-	-	Trojan.Srizbi.T
Kaspersky	-	-	Rootkit.Win32.Agent.ld*
McAfee	-	-	-
*Microsoft	-	-	Trojan:Win32/Agent
NOD32v2	-	-	probably a variant of Win32/Rootkit*
Norman	-	-	-
*Panda	-	-	Trj/Downloader.MDW
Prevx1	-	-	Generic.Malware
Rising	-	-	RootKit.Win32.Agent.ld
Sophos	-	-	Mal/Generic-A
Sunbelt	-	-	Trojan.Srizbi.T
Symantec	-	-	Trojan.Srizbi
TheHacker	-	-	Trojan/Agent.ld
VBA32	-	-	Rootkit.Win32.Agent.ld*
VirusBuster	-	-	-
*Webwasher-Gateway	-	-	Trojan.Crypt.XDR.Gen*
Additional information
MD5: 04d5a112d079eee44f7df7f3557a7c3f

----------


## drongo

```
Файл avz00001.dta получен 2007.12.24 23:19:03 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2007.12.25.10	2007.12.24	-
AntiVir	7.6.0.46	2007.12.24	TR/Hijacker.Gen
Authentium	4.93.8	2007.12.23	-
Avast	4.7.1098.0	2007.12.24	Win32:Small-IKB
AVG	7.5.0.516	2007.12.24	Downloader.Small.60.AO
BitDefender	7.2	2007.12.24	-
CAT-QuickHeal	9.00	2007.12.24	-
ClamAV	0.91.2	2007.12.24	-
DrWeb	4.44.0.09170	2007.12.24	-
eSafe	7.0.15.0	2007.12.24	suspicious Trojan/Worm
eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.24	-
FileAdvisor	1	2007.12.24	-
Fortinet	3.14.0.0	2007.12.24	-
F-Prot	4.4.2.54	2007.12.23	-
F-Secure	6.70.13030.0	2007.12.24	-
Ikarus	T3.1.1.15	2007.12.24	Virus.Win32.Small.IKB
Kaspersky	7.0.0.125	2007.12.24	-
McAfee	5192	2007.12.24	-
Microsoft	1.3109	2007.12.24	VirTool:Win32/Obfuscator!Mal
NOD32v2	2745	2007.12.24	-
Norman	5.80.02	2007.12.24	-
Panda	9.0.0.4	2007.12.24	-
Prevx1	V2	2007.12.24	-
Rising	20.24.02.00	2007.12.24	-
Sophos	4.24.0	2007.12.24	-
Sunbelt	2.2.907.0	2007.12.21	-
Symantec	10	2007.12.24	-
TheHacker	6.2.9.168	2007.12.22	-
VBA32	3.12.2.5	2007.12.24	-
VirusBuster	4.3.26:9	2007.12.24	-
Webwasher-Gateway	6.6.2	2007.12.24	Trojan.Hijacker.Gen
Дополнительная информация
File size: 8192 bytes
MD5: 71629f64d4a92d29d4e5932e17931a05
SHA1: 55d4c70ec497b15a7c49257a4f82d032b7b47938
PEiD: -
packers: UPX
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX
```

----------


## Shu_b

t=15629

```
File cssrss.exe received on 12.25.2007 06:20:01 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.25.10	2007.12.24	-
AntiVir	7.6.0.46	2007.12.24	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2007.12.24	-
Avast	4.7.1098.0	2007.12.24	-
AVG	7.5.0.516	2007.12.24	-
BitDefender	7.2	2007.12.25	-
CAT-QuickHeal	9.00	2007.12.25	-
ClamAV	0.91.2	2007.12.25	-
DrWeb	4.44.0.09170	2007.12.24	-
eSafe	7.0.15.0	2007.12.24	-
eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.24	-
FileAdvisor	1	2007.12.25	-
Fortinet	3.14.0.0	2007.12.25	-
F-Prot	4.4.2.54	2007.12.24	-
F-Secure	6.70.13030.0	2007.12.24	-
Ikarus	T3.1.1.15	2007.12.25	-
Kaspersky	7.0.0.125	2007.12.25	-
McAfee	5192	2007.12.24	-
Microsoft	1.3109	2007.12.25	-
NOD32v2	2746	2007.12.25	-
Norman	5.80.02	2007.12.24	-
Panda	9.0.0.4	2007.12.24	-
Prevx1	V2	2007.12.25	-
Rising	20.24.02.00	2007.12.24	-
Sophos	4.24.0	2007.12.24	-
Sunbelt	2.2.907.0	2007.12.21	-
Symantec	10	2007.12.25	-
TheHacker	6.2.9.168	2007.12.22	-
VBA32	3.12.2.5	2007.12.24	-
VirusBuster	4.3.26:9	2007.12.24	-
Webwasher-Gateway	6.6.2	2007.12.25	Trojan.Crypt.XPACK.Gen
Additional information
File size: 35840 bytes
MD5: 1c1e3c1e4109f5f9e15d147c91326c13
```

----------


## Shu_b

> File askBarSetup.zip received on 12.05.2007 08:34:36 (CET)


сегодня 25.12,  а не 5.12... :-(

*Добавлено через 1 час 36 минут*

t-15645

```
File user32.dat received on 12.25.2007 10:46:25 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.25.10	2007.12.24	-
AntiVir	7.6.0.46	2007.12.24	-
Authentium	4.93.8	2007.12.24	-
Avast	4.7.1098.0	2007.12.24	Win32:Tibs-ADO
AVG	7.5.0.516	2007.12.24	-
BitDefender	7.2	2007.12.25	-
CAT-QuickHeal	9.00	2007.12.25	-
ClamAV	0.91.2	2007.12.25	-
DrWeb	4.44.0.09170	2007.12.25	-
eSafe	7.0.15.0	2007.12.24	suspicious Trojan/Worm
eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.24	-
FileAdvisor	1	2007.12.25	-
Fortinet	3.14.0.0	2007.12.25	-
F-Prot	4.4.2.54	2007.12.24	-
F-Secure	6.70.13030.0	2007.12.24	-
Ikarus	T3.1.1.15	2007.12.25	Virus.Win32.Tibs.ADO
Kaspersky	7.0.0.125	2007.12.25	Trojan-Clicker.Win32.Agent.ph
McAfee	5192	2007.12.24	-
Microsoft	1.3109	2007.12.25	-
NOD32v2	2746	2007.12.25	-
Norman	5.80.02	2007.12.24	-
Panda	9.0.0.4	2007.12.24	-
Prevx1	V2	2007.12.25	Heuristic: Suspicious File With Bad Parent Associations
Rising	20.24.11.00	2007.12.25	-
Sophos	4.24.0	2007.12.25	-
Sunbelt	2.2.907.0	2007.12.21	-
Symantec	10	2007.12.25	-
TheHacker	6.2.9.168	2007.12.22	-
VBA32	3.12.2.5	2007.12.24	-
VirusBuster	4.3.26:9	2007.12.24	-
Webwasher-Gateway	6.6.2	2007.12.25	Win32.UPXpacked.gen (suspicious)
Additional information
File size: 6144 bytes
MD5: b7d2d09d310a8c86ff706b5b9b84593d
SHA1: 50c91dadee58fd8c7a7c7013e2178bb55dbeb0b0
PEiD: -
packers: UPX
```

----------


## strawser

> сегодня 25.12,  а не 5.12... :-(


Да,прошу прощения. Скопировал старый лог. Вот новый.Dr web уже знает этого зверя, а F-pot почему-то уже нет.

File askBarSetup.zip received on 12.25.2007 11:05:11 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.25.10	2007.12.24	-
AntiVir	7.6.0.46	2007.12.24	-
Authentium	4.93.8	2007.12.25	-
Avast	4.7.1098.0	2007.12.24	-
AVG	7.5.0.516	2007.12.24	-
BitDefender	7.2	2007.12.25	-
CAT-QuickHeal	9.00	2007.12.25	-
ClamAV	0.91.2	2007.12.25	-
*DrWeb	4.44.0.09170	2007.12.25	Adware.Msearch*
eSafe	7.0.15.0	2007.12.24	-
eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.24	-
FileAdvisor	1	2007.12.25	-
Fortinet	3.14.0.0	2007.12.25	-
F-Prot	4.4.2.54	2007.12.24	-
F-Secure	6.70.13030.0	2007.12.24	-
Ikarus	T3.1.1.15	2007.12.25	-
Kaspersky	7.0.0.125	2007.12.25	-
McAfee	5192	2007.12.24	-
Microsoft	1.3109	2007.12.25	-
*NOD32v2	2746	2007.12.25	a variant of Win32/AdInstaller*
Norman	5.80.02	2007.12.24	-
Panda	9.0.0.4	2007.12.24	-
*Prevx1	V2	2007.12.25	Heuristic: Suspicious Hijacker*
Rising	20.24.11.00	2007.12.25	-
Sophos	4.24.0	2007.12.25	-
Sunbelt	2.2.907.0	2007.12.21	-
Symantec	10	2007.12.25	-
TheHacker	6.2.9.168	2007.12.22	-
*VBA32	3.12.2.5	2007.12.24	suspected of Trojan-Dropper.Delf.36 (paranoid heuristics)*
VirusBuster	4.3.26:9	2007.12.24	-
Webwasher-Gateway	6.6.2	2007.12.25	-
Additional information
File size: 517576 bytes
MD5: 170996a490c22b2c1c77b89067280d9e
SHA1: a59d0e8b21b186a7f7c2f727456484a61be873ac
PEiD: -

----------


## Shu_b

> Вот новый.Dr web уже знает этого зверя {cut}


Это неизвестно, на вирустотале только недавно "отремонтировали" Drweb чтоб он adware показывал.

ps. если не трудно, зашлите по ссылке (в zip'e, с паролем virus) - http://virusinfo.info/upload_virus.php?tid=12941

----------


## rubin

vhosts.exe



```
AhnLab-V3	2007.12.25.10	2007.12.24	-
AntiVir	7.6.0.46	2007.12.25	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2007.12.25	-
Avast	4.7.1098.0	2007.12.24	-
AVG	7.5.0.516	2007.12.25	-
BitDefender	7.2	2007.12.25	-
CAT-QuickHeal	9.00	2007.12.25	-
ClamAV	0.91.2	2007.12.25	-
DrWeb	4.44.0.09170	2007.12.25	-
eSafe	7.0.15.0	2007.12.24	-
eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.25	-
FileAdvisor	1	2007.12.25	-
Fortinet	3.14.0.0	2007.12.25	-
F-Prot	4.4.2.54	2007.12.25	-
F-Secure	6.70.13030.0	2007.12.25	-
Ikarus	T3.1.1.15	2007.12.25	-
Kaspersky	7.0.0.125	2007.12.25	-
McAfee	5192	2007.12.24	-
Microsoft	1.3109	2007.12.25	-
NOD32v2	2747	2007.12.25	-
Norman	5.80.02	2007.12.24	-
Panda	9.0.0.4	2007.12.25	Suspicious file
Prevx1	V2	2007.12.25	-
Rising	20.24.12.00	2007.12.25	-
Sophos	4.24.0	2007.12.25	Mal/Basine-C
Sunbelt	2.2.907.0	2007.12.21	-
Symantec	10	2007.12.25	-
TheHacker	6.2.9.168	2007.12.22	-
VBA32	3.12.2.5	2007.12.24	-
VirusBuster	4.3.26:9	2007.12.24	-
Webwasher-Gateway	6.6.2	2007.12.25	Trojan.Crypt.XPACK.Gen
```

File size: 20480 bytes
MD5: 3f6a0b6f22e6b87ef817638789b46c0b
SHA1: ba8a1503089e8c0489b4beb52b160b11c05b15f4


avz00002.dta


```
AhnLab-V3	2007.12.25.10	2007.12.24	-
AntiVir	7.6.0.46	2007.12.25	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2007.12.25	-
Avast	4.7.1098.0	2007.12.24	-
AVG	7.5.0.516	2007.12.25	-
BitDefender	7.2	2007.12.25	-
CAT-QuickHeal	9.00	2007.12.25	-
ClamAV	0.91.2	2007.12.25	-
DrWeb	4.44.0.09170	2007.12.25	Trojan.Proxy.2240
eSafe	7.0.15.0	2007.12.24	-
eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.25	Downloader.Small.fah
FileAdvisor	1	2007.12.25	-
Fortinet	3.14.0.0	2007.12.25	-
F-Prot	4.4.2.54	2007.12.25	-
F-Secure	6.70.13030.0	2007.12.25	-
Ikarus	T3.1.1.15	2007.12.25	-
Kaspersky	7.0.0.125	2007.12.25	-
McAfee	5192	2007.12.24	-
Microsoft	1.3109	2007.12.25	-
NOD32v2	2747	2007.12.25	-
Norman	5.80.02	2007.12.24	-
Panda	9.0.0.4	2007.12.25	-
Prevx1	V2	2007.12.25	-
Rising	20.24.12.00	2007.12.25	-
Sophos	4.24.0	2007.12.25	-
Sunbelt	2.2.907.0	2007.12.21	VIPRE.Suspicious
Symantec	10	2007.12.25	-
TheHacker	6.2.9.168	2007.12.22	-
VBA32	3.12.2.5	2007.12.24	suspected of Trojan-PSW.Pinch.35 (paranoid heuristics)
VirusBuster	4.3.26:9	2007.12.24	-
Webwasher-Gateway	6.6.2	2007.12.25	Trojan.Crypt.XPACK.Gen
```

File size: 16896 bytes
MD5: f75864554cb100786170999c4dffc115
SHA1: 752d20a5a147e50b46dd69b76a80e94d05159be4

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## ALEX(XX)

File sysfope.exe received on 12.25.2007 18 :20: 39 (CET)

Antivirus;Version;Last Update;Result
AhnLab-V3;2007.12.25.10;2007.12.24;-
*AntiVir;7.6.0.46;2007.12.25;TR/Crypt.ULPM.Gen*
Authentium;4.93.8;2007.12.25;-
*Avast;4.7.1098.0;2007.12.25;Win32:Agent-PBQ*
AVG;7.5.0.516;2007.12.25;-
BitDefender;7.2;2007.12.25;-
*CAT-QuickHeal;9.00;2007.12.25;(Suspicious) - DNAScan*
ClamAV;0.91.2;2007.12.25;-
*DrWeb;4.44.0.09170;2007.12.25;Trojan.DownLoader.38  353*
*eSafe;7.0.15.0;2007.12.25;suspicious Trojan/Worm*
eTrust-Vet;31.3.5400;2007.12.24;-
Ewido;4.0;2007.12.25;-
FileAdvisor;1;2007.12.25;-
Fortinet;3.14.0.0;2007.12.25;-
*F-Prot;4.4.2.54;2007.12.25;W32/Heuristic-KPP!Eldorado*
F-Secure;6.70.13030.0;2007.12.25;-
Ikarus;T3.1.1.15;2007.12.25;-
*Kaspersky;7.0.0.125;2007.12.25;not-a-virus:AdWare.Win32.Agent.yz*
McAfee;5192;2007.12.24;-
*Microsoft;1.3109;2007.12.25;Trojan:Win32/AgentBypass.gen!K*
NOD32v2;2747;2007.12.25;-
Norman;5.80.02;2007.12.24;-
*Panda;9.0.0.4;2007.12.25;Suspicious file*
*Prevx1;V2;2007.12.25;Generic.Malware*
Rising;20.24.12.00;2007.12.25;-
Sophos;4.24.0;2007.12.25;-
*Sunbelt;2.2.907.0;2007.12.21;VIPRE.Suspicious*
Symantec;10;2007.12.25;-
TheHacker;6.2.9.168;2007.12.22;-
VBA32;3.12.2.5;2007.12.24;-
VirusBuster;4.3.26:9;2007.12.25;-
*Webwasher-Gateway;6.6.2;2007.12.25;Trojan.Crypt.ULPM.Gen*

Additional information
File size: 34049 bytes
MD5: 0639ebdcda125a88685314262d817f8a
SHA1: f3d51361257b93db898a8f819653081b7ce369cf
PEiD: RCryptor v1.5 --&gt; Vaska
packers: UPX
packers: UPX
packers: SuperCrypt, PE_Patch.UPX, UPX, UPX, PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramte...1844009E3A294A
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## ZhIV

Файл opr02TF4.htm получен 2007.12.26 04:02:54 (CET)

AhnLab-V3	2007.12.25.10	2007.12.24	-
AntiVir	7.6.0.46	2007.12.25	-
Authentium	4.93.8	2007.12.25	-
Avast	4.7.1098.0	2007.12.25	-
AVG	7.5.0.516	2007.12.25	-
BitDefender	7.2	2007.12.26	-
CAT-QuickHeal	9.00	2007.12.25	-
ClamAV	0.91.2	2007.12.26	-
*DrWeb	4.44.0.09170	2007.12.25	VBS.PackFor*
eSafe	7.0.15.0	2007.12.25	-
eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.25	-
FileAdvisor	1	2007.12.26	-
Fortinet	3.14.0.0	2007.12.26	-
F-Prot	4.4.2.54	2007.12.25	-
*F-Secure	6.70.13030.0	2007.12.26	DoS.JS.Dframe.n*
Ikarus	T3.1.1.15	2007.12.26	-
*Kaspersky	7.0.0.125	2007.12.26	DoS.JS.Dframe.n*
*McAfee	5192	2007.12.24	Exploit-IFrame
Microsoft	1.3109	2007.12.26	DoS:JS/Dframe.gen*
NOD32v2	2747	2007.12.25	-
Norman	5.80.02	2007.12.24	-
*Panda	9.0.0.4	2007.12.25	W32/Dowlod.A*
Prevx1	V2	2007.12.26	-
Rising	20.24.12.00	2007.12.25	-
*Sophos	4.24.0	2007.12.26	Troj/Pintadd-A*
Sunbelt	2.2.907.0	2007.12.21	-
Symantec	10	2007.12.26	-
TheHacker	6.2.9.168	2007.12.22	-
VBA32	3.12.2.5	2007.12.24	-
VirusBuster	4.3.26:9	2007.12.25	-
Webwasher-Gateway	6.6.2	2007.12.25	-
Дополнительная информация
File size: 35862 bytes
MD5: 4c03044564b1a19743b16341be25f583
SHA1: a0f5e06399f4899ec3e20cf086d232ead442e0c4
PEiD: -

Файл opr02TFK.htm получен 2007.12.26 04:08:36 (CET)
AhnLab-V3	2007.12.25.10	2007.12.24	-
AntiVir	7.6.0.46	2007.12.25	-
Authentium	4.93.8	2007.12.25	-
Avast	4.7.1098.0	2007.12.25	-
AVG	7.5.0.516	2007.12.25	-
BitDefender	7.2	2007.12.26	-
CAT-QuickHeal	9.00	2007.12.25	-
ClamAV	0.91.2	2007.12.26	-
*DrWeb	4.44.0.09170	2007.12.25	VBS.PackFor*
eSafe	7.0.15.0	2007.12.25	-
eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.25	-
FileAdvisor	1	2007.12.26	-
Fortinet	3.14.0.0	2007.12.26	-
F-Prot	4.4.2.54	2007.12.25	-
F-Secure	6.70.13030.0	2007.12.26	-
Ikarus	T3.1.1.15	2007.12.26	-
Kaspersky	7.0.0.125	2007.12.26	-
*McAfee	5192	2007.12.24	Exploit-IFrame*
Microsoft	1.3109	2007.12.26	-
NOD32v2	2747	2007.12.25	-
Norman	5.80.02	2007.12.24	-
Panda	9.0.0.4	2007.12.25	-
Prevx1	V2	2007.12.26	-
Rising	20.24.12.00	2007.12.25	-
*Sophos	4.24.0	2007.12.26	Troj/Pintadd-A*
Sunbelt	2.2.907.0	2007.12.21	-
Symantec	10	2007.12.26	-
TheHacker	6.2.9.168	2007.12.22	-
VBA32	3.12.2.5	2007.12.24	-
VirusBuster	4.3.26:9	2007.12.25	-
Webwasher-Gateway	6.6.2	2007.12.26	-
Дополнительная информация
File size: 67463 bytes
MD5: ec217fa712390258690ffa3ba97f41e4
SHA1: ce0b0e06cf70c2654ca0580b74ac627919acd327
PEiD: -

Файл opr02UM9.htm получен 2007.12.26 04:09:04 (CET)
AhnLab-V3	2007.12.25.10	2007.12.24	-
AntiVir	7.6.0.46	2007.12.25	-
Authentium	4.93.8	2007.12.25	-
Avast	4.7.1098.0	2007.12.25	-
AVG	7.5.0.516	2007.12.25	-
*BitDefender	7.2	2007.12.26	Trojan.Downloader.Js.Agent.KV*
CAT-QuickHeal	9.00	2007.12.25	-
ClamAV	0.91.2	2007.12.26	-
*DrWeb	4.44.0.09170	2007.12.25	Trojan.DownLoader.28150
eSafe	7.0.15.0	2007.12.25	JS.Iframe.cv
*eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.25	-
FileAdvisor	1	2007.12.26	-
Fortinet	3.14.0.0	2007.12.26	-
F-Prot	4.4.2.54	2007.12.25	-
*F-Secure	6.70.13030.0	2007.12.26	Trojan-Downloader.JS.Agent.kv
Ikarus	T3.1.1.15	2007.12.26	Trojan-Downloader.JS.Agent.kv
Kaspersky	7.0.0.125	2007.12.26	Trojan-Downloader.JS.Agent.kv
McAfee	5192	2007.12.24	Exploit-IFrame*
Microsoft	1.3109	2007.12.26	-
NOD32v2	2747	2007.12.25	-
Norman	5.80.02	2007.12.24	-
Panda	9.0.0.4	2007.12.25	-
Prevx1	V2	2007.12.26	-
Rising	20.24.12.00	2007.12.25	-
Sophos	4.24.0	2007.12.26	-
Sunbelt	2.2.907.0	2007.12.21	-
Symantec	10	2007.12.26	-
TheHacker	6.2.9.168	2007.12.22	-
VBA32	3.12.2.5	2007.12.24	-
VirusBuster	4.3.26:9	2007.12.25	-
Webwasher-Gateway	6.6.2	2007.12.26	-
Дополнительная информация
File size: 12753 bytes
MD5: 5e9f555d80e10568d2dc561d7033c6e2
SHA1: 10f2687c222d366086a8c236ac68ab67d7fb92bb
PEiD: -

Файл opr03KWH.htm получен 2007.12.26 04:09:18 (CET)
AhnLab-V3	2007.12.25.10	2007.12.24	-
*AntiVir	7.6.0.46	2007.12.25	HTML/Rce.Gen*
Authentium	4.93.8	2007.12.25	-
Avast	4.7.1098.0	2007.12.25	-
*AVG	7.5.0.516	2007.12.25	JS/Downloader.Agent
BitDefender	7.2	2007.12.26	Exploit.AdodbStream.J
*CAT-QuickHeal	9.00	2007.12.25	-
ClamAV	0.91.2	2007.12.26	-
*DrWeb	4.44.0.09170	2007.12.25	VBS.PackFor
*eSafe	7.0.15.0	2007.12.25	-
eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.25	-
FileAdvisor	1	2007.12.26	-
*Fortinet	3.14.0.0	2007.12.26	JS/WebAttacker!exploit*
F-Prot	4.4.2.54	2007.12.25	-
*F-Secure	6.70.13030.0	2007.12.26	JS/Laume.gen2
Ikarus	T3.1.1.15	2007.12.26	Trojan-Downloader.JS.Psyme.hu
*Kaspersky	7.0.0.125	2007.12.26	-
*McAfee	5192	2007.12.24	JS/Downloader-AUD
Microsoft	1.3109	2007.12.26	TrojanDownloader:JS/Psyme.gen
*NOD32v2	2747	2007.12.25	-
*Norman	5.80.02	2007.12.24	JS/Laume.gen2
*Panda	9.0.0.4	2007.12.25	-
Prevx1	V2	2007.12.26	-
Rising	20.24.12.00	2007.12.25	-
*Sophos	4.24.0	2007.12.26	Mal/ObfJS-A*
Sunbelt	2.2.907.0	2007.12.21	-
*Symantec	10	2007.12.26	Downloader
TheHacker	6.2.9.168	2007.12.22	Trojan/Downloader.vbs
*VBA32	3.12.2.5	2007.12.24	-
VirusBuster	4.3.26:9	2007.12.25	-
*Webwasher-Gateway	6.6.2	2007.12.26	Script.Rce.Gen*
Дополнительная информация
File size: 507 bytes
MD5: 969a819391719993899c36f0ab1b921f
SHA1: 0f9d6e1200e22427cc1b8d7f215e6cf8de6e36d5
PEiD: -
packers: Crypt.DCScript

*Добавлено через 4 минуты*

Файл opr03NVL.htm получен 2007.12.26 04:10:43 (CET)

AhnLab-V3	2007.12.25.10	2007.12.24	-
AntiVir	7.6.0.46	2007.12.25	-
Authentium	4.93.8	2007.12.25	-
Avast	4.7.1098.0	2007.12.25	-
AVG	7.5.0.516	2007.12.25	-
*BitDefender	7.2	2007.12.26	Trojan.Downloader.Js.Psyme.O*
CAT-QuickHeal	9.00	2007.12.25	-
*ClamAV	0.91.2	2007.12.26	JS.Small
DrWeb	4.44.0.09170	2007.12.25	VBS.Psyme.377
*eSafe	7.0.15.0	2007.12.25	-
eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.25	-
FileAdvisor	1	2007.12.26	-
*Fortinet	3.14.0.0	2007.12.26	JS/Inor.A!tr.dldr*
F-Prot	4.4.2.54	2007.12.25	-
*F-Secure	6.70.13030.0	2007.12.26	Trojan-Downloader.JS.Small.ih
Ikarus	T3.1.1.15	2007.12.26	Trojan-Downloader.JS.Inor.A
Kaspersky	7.0.0.125	2007.12.26	Trojan-Downloader.JS.Small.ih
McAfee	5192	2007.12.24	JS/Wonka
*Microsoft	1.3109	2007.12.26	-
NOD32v2	2747	2007.12.25	-
Norman	5.80.02	2007.12.24	-
Panda	9.0.0.4	2007.12.25	-
Prevx1	V2	2007.12.26	-
Rising	20.24.12.00	2007.12.25	-
*Sophos	4.24.0	2007.12.26	Mal/ObfJS-H
*Sunbelt	2.2.907.0	2007.12.21	-
Symantec	10	2007.12.26	-
TheHacker	6.2.9.168	2007.12.22	-
*VBA32	3.12.2.5	2007.12.24	Trojan-Downloader.JS.Psyme.cv*
VirusBuster	4.3.26:9	2007.12.25	-
Webwasher-Gateway	6.6.2	2007.12.26	-
Дополнительная информация
File size: 18502 bytes
MD5: d558d4e52ca3393ae521632262337912
SHA1: 032f4109040572877ab7a8d77f38cbafeb35b697
PEiD: -

----------


## strawser

> ps. если не трудно, зашлите по ссылке (в zip'e, с паролем virus) - http://virusinfo.info/upload_virus.php?tid=12941


Выслал.

*Добавлено через 21 минуту*

*symantec ??*

File 43.rar received on 12.26.2007 17:32:26 (CET)
 Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.27.10	2007.12.26	-
*AntiVir	7.6.0.46	2007.12.26	TR/Dldr.Agent.dow*
Authentium	4.93.8	2007.12.26	-
*Avast	4.7.1098.0	2007.12.26	Win32:Agent-MHD
AVG	7.5.0.516	2007.12.25	Agent.LOH
BitDefender	7.2	2007.12.26	Generic.NPop.84CDBBCB
CAT-QuickHeal	9.00	2007.12.25	Trojan.Agent.app
ClamAV	0.91.2	2007.12.26	Trojan.Downloader.Agent-1278
DrWeb	4.44.0.09170	2007.12.26	Trojan.DownLoader.36243
eSafe	7.0.15.0	2007.12.25	Win32.Agent.app*
eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.26	-
FileAdvisor	1	2007.12.26	-
*Fortinet	3.14.0.0	2007.12.26	W32/Agent.GBH!tr
F-Prot	4.4.2.54	2007.12.25	W32/VCtroj.A.gen!Eldorado
F-Secure	6.70.13030.0	2007.12.26	Trojan-Downloader.Win32.Agent.gbh*
*Ikarus	T3.1.1.15	2007.12.26	Trojan.Win32.Agent.app
Kaspersky	7.0.0.125	2007.12.26	Trojan-Downloader.Win32.Agent.gbh
McAfee	5192	2007.12.24	Generic Downloader.p
Microsoft	1.3109	2007.12.26	Trojan:Win32/Agent.APP
NOD32v2	2747	2007.12.25	Win32/Agent.NNA*
Norman	5.80.02	2007.12.26	-
*Panda	9.0.0.4	2007.12.25	Trj/Downloader.QKJ
Prevx1	V2	2007.12.26	SystemPoser:Trojan-b
Rising	20.24.21.00	2007.12.26	Trojan.DL.Win32.Agent.zkj*
Sophos	4.24.0	2007.12.26	-
*Sunbelt	2.2.907.0	2007.12.21	Trojan.Win32.Agent.app*
Symantec	10	2007.12.26	-
TheHacker	6.2.9.168	2007.12.22	-
*VBA32	3.12.2.5	2007.12.26	Trojan.Win32.Agent.app
VirusBuster	4.3.26:9	2007.12.26	Trojan.Gretus.Gen!Pac
Webwasher-Gateway	6.6.2	2007.12.26	Trojan.Dldr.Agent.dow*
Additional information
File size: 27469 bytes
MD5: 8a22d6c8a332be275d082e755fd7ae0c
SHA1: 956ab2106bb1fd18248429d9169a6433f1e52275
PEiD: -
packers: PecBundle, PECompact
packers: PE_Patch.PECompact, PecBundle, PECompact
Prevx info: http://info.prevx.com/aboutprogramte...355900D01AA827

File Trojan_DownloaderWMA.rar received on 12.26.2007 19:18:02 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.27.10	2007.12.26	-
AntiVir	7.6.0.46	2007.12.26	-
Authentium	4.93.8	2007.12.26	-
Avast	4.7.1098.0	2007.12.26	-
AVG	7.5.0.516	2007.12.26	-
BitDefender	7.2	2007.12.26	-
CAT-QuickHeal	9.00	2007.12.25	-
ClamAV	0.91.2	2007.12.26	-
DrWeb	4.44.0.09170	2007.12.26	-
eSafe	7.0.15.0	2007.12.26	-
eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.26	-
FileAdvisor	1	2007.12.26	-
Fortinet	3.14.0.0	2007.12.26	-
F-Prot	4.4.2.54	2007.12.25	-
*F-Secure	6.70.13030.0	2007.12.26	Trojan-Downloader.WMA.Wimad.l
Ikarus	T3.1.1.15	2007.12.26	Trojan-Downloader.WMA.Wimad.l
Kaspersky	7.0.0.125	2007.12.26	Trojan-Downloader.WMA.Wimad.l*
McAfee	5192	2007.12.24	-
Microsoft	1.3109	2007.12.26	-
NOD32v2	2747	2007.12.25	-
Norman	5.80.02	2007.12.26	-
Panda	9.0.0.4	2007.12.25	-
Prevx1	V2	2007.12.26	-
Rising	20.24.21.00	2007.12.26	-
Sophos	4.24.0	2007.12.26	-
Sunbelt	2.2.907.0	2007.12.21	-
Symantec	10	2007.12.26	-
TheHacker	6.2.9.168	2007.12.22	-
VBA32	3.12.2.5	2007.12.26	-
VirusBuster	4.3.26:9	2007.12.26	-
Webwasher-Gateway	6.6.2	2007.12.26	-
Additional information
File size: 333266 bytes
MD5: 3c9f2cfeb66f87e40aae6aba6fe0fd39
SHA1: 913429c10f23984dd014a049f507ec10e5b99cf4
PEiD: -

----------


## XL

Свежий шторм:



```
Файл happy-2008.exe получен 2007.12.26 19:54:10 (CET)

AhnLab-V3	2007.12.27.10	2007.12.26	-
AntiVir	7.6.0.46	2007.12.26	HEUR/Crypted
Authentium	4.93.8	2007.12.26	-
Avast	4.7.1098.0	2007.12.26	Win32:DNSChanger-HI
AVG	7.5.0.516	2007.12.26	-
BitDefender	7.2	2007.12.26	-
CAT-QuickHeal	9.00	2007.12.26	-
ClamAV	0.91.2	2007.12.26	-
DrWeb	4.44.0.09170	2007.12.26	-
eSafe	7.0.15.0	2007.12.26	-
eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.26	-
FileAdvisor	1	2007.12.26	-
Fortinet	3.14.0.0	2007.12.26	-
F-Prot	4.4.2.54	2007.12.25	-
F-Secure	6.70.13030.0	2007.12.26	-
Ikarus	T3.1.1.15	2007.12.26	-
Kaspersky	7.0.0.125	2007.12.26	-
McAfee	5193	2007.12.26	-
Microsoft	1.3109	2007.12.26	-
NOD32v2	2747	2007.12.25	-
Norman	5.80.02	2007.12.26	-
Panda	9.0.0.4	2007.12.25	-
Prevx1	V2	2007.12.26	Heuristic: Suspicious File With Bad Child Associations
Rising	20.24.21.00	2007.12.26	-
Sophos	4.24.0	2007.12.26	-
Sunbelt	2.2.907.0	2007.12.21	VIPRE.Suspicious
Symantec	10	2007.12.26	-
TheHacker	6.2.9.169	2007.12.26	-
VBA32	3.12.2.5	2007.12.26	-
VirusBuster	4.3.26:9	2007.12.26	-
Webwasher-Gateway	6.6.2	2007.12.26	Heuristic.Crypted
Дополнительная информация
File size: 152064 bytes
MD5: 5c1d151eb4bfc5bf29ed0a02059c08bc
SHA1: f09434c0562f35071844d2a9606f431682f52511
```

----------


## ALEX(XX)

File loader.exe received on 12.27.2007 2145 (CET)Antivirus Version Last Update Result 
AhnLab-V3 2007.12.28.10 2007.12.27 - 
AntiVir 7.6.0.46 2007.12.27 - 
Authentium 4.93.8 2007.12.27 - 
Avast 4.7.1098.0 2007.12.27 - 
*AVG 7.5.0.516 2007.12.27 Generic9.AIKU* 
*BitDefender 7.2 2007.12.27 Trojan.Agent.Small.SVO* 
CAT-QuickHeal 9.00 2007.12.27 - 
ClamAV 0.91.2 2007.12.27 - 
DrWeb 4.44.0.09170 2007.12.27 - 
eSafe 7.0.15.0 2007.12.27 - 
*eTrust-Vet 31.3.5406 2007.12.27 Win32/Chepvil!generic* 
Ewido 4.0 2007.12.27 - 
FileAdvisor 1 2007.12.27 - 
Fortinet 3.14.0.0 2007.12.27 - 
F-Prot 4.4.2.54 2007.12.26 - 
*F-Secure 6.70.13030.0 2007.12.27 W32/Malware* 
Ikarus T3.1.1.15 2007.12.27 - 
Kaspersky 7.0.0.125 2007.12.27 - 
McAfee 5194 2007.12.27 - 
Microsoft 1.3109 2007.12.27 - 
NOD32v2 2751 2007.12.27 - 
*Norman 5.80.02 2007.12.27 W32/Malware* 
Panda 9.0.0.4 2007.12.27 - 
Prevx1 V2 2007.12.27 - 
Rising 20.24.32.00 2007.12.27 - 
Sophos 4.24.0 2007.12.27 - 
Sunbelt 2.2.907.0 2007.12.27 - 
Symantec 10 2007.12.27 - 
TheHacker 6.2.9.172 2007.12.27 - 
VBA32 3.12.2.5 2007.12.26 - 
VirusBuster 4.3.26:9 2007.12.27 - 
Webwasher-Gateway 6.6.2 2007.12.27 - 

Additional information 
File size: 8704 bytes 
MD5: 4b4bfceb4b304e2823cae013c55cca97 
SHA1: db326f1ccef67ebeebb4aff07286190580e36113 
PEiD: - 
norman sandbox: [ General information ]&lt;br /&gt; * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.&lt;br /&gt; * File length: 8704 bytes.&lt;br /&gt;&lt;br /&gt; [ Process/window information ]&lt;br /&gt; * Attempts to access service \"McShield\".&lt;br /&gt; * Disables security related services.&lt;br /&gt;&lt;br /&gt;

*Добавлено через 10 часов 10 минут*

File winable.exe received on 12.28.2007 07:08:05 (CET)

Antivirus;Version;Last Update;Result
*AhnLab-V3;2007.12.28.11;2007.12.28;Win-Trojan/Agent.61440.DB*
*AntiVir;7.6.0.46;2007.12.27;BDS/StarDor.A*
Authentium;4.93.8;2007.12.28;-
*Avast;4.7.1098.0;2007.12.27;Win32:Adloader-KY*
AVG;7.5.0.516;2007.12.27;-
BitDefender;7.2;2007.12.28;-
*CAT-QuickHeal;9.00;2007.12.27;TrojanDownloader.bho.gll*
ClamAV;0.91.2;2007.12.27;-
*DrWeb;4.44.0.09170;2007.12.27;Trojan.Stars.origin*
eSafe;7.0.15.0;2007.12.27;-
eTrust-Vet;31.3.5407;2007.12.27;-
*Ewido;4.0;2007.12.27;Downloader.Adload.ni*
FileAdvisor;1;2007.12.28;-
Fortinet;3.14.0.0;2007.12.28;-
F-Prot;4.4.2.54;2007.12.28;-
F-Secure;6.70.13030.0;2007.12.28;-
Ikarus;T3.1.1.15;2007.12.28;-
Kaspersky;7.0.0.125;2007.12.28;-
McAfee;5194;2007.12.27;-
Microsoft;1.3109;2007.12.28;-
NOD32v2;2751;2007.12.27;-
Norman;5.80.02;2007.12.27;-
Panda;9.0.0.4;2007.12.27;-
Prevx1;V2;2007.12.28;-
*Rising;20.24.32.00;2007.12.27;Trojan.Win32.Agent.z  ug*
Sophos;4.24.0;2007.12.28;-
Sunbelt;2.2.907.0;2007.12.28;-
*Symantec;10;2007.12.28;Adware.MaxSearch*
TheHacker;6.2.9.172;2007.12.27;-
VBA32;3.12.2.5;2007.12.26;-
VirusBuster;4.3.26:9;2007.12.27;-
*Webwasher-Gateway;6.6.2;2007.12.28;Trojan.Backdoor.StarDor.A*

Additional information
File size: 61440 bytes
MD5: 4a7b083438836184abebec212920d695
SHA1: 922d42c3b759725bacef54c24b4da0b9b4bb3503
PEiD: -

*Добавлено через 3 часа 38 минут*

File VideoAccessCodecInstall.exe received on 12.28.2007 11:08:55 (CET)

Antivirus;Version;Last Update;Result
AhnLab-V3;2007.12.28.11;2007.12.28;-
*AntiVir;7.6.0.46;2007.12.28;TR/Dldr.Zlob*
Authentium;4.93.8;2007.12.28;-
Avast;4.7.1098.0;2007.12.27;-
*AVG;7.5.0.516;2007.12.27;Downloader.Zlob*
BitDefender;7.2;2007.12.28;-
*CAT-QuickHeal;9.00;2007.12.27;TrojanDownloader.Zlob.ge  n*
*ClamAV;0.91.2;2007.12.28;Trojan.Dropper-2557*
DrWeb;4.44.0.09170;2007.12.28;-
eSafe;7.0.15.0;2007.12.27;-
eTrust-Vet;31.3.5408;2007.12.28;-
Ewido;4.0;2007.12.27;-
FileAdvisor;1;2007.12.28;-
Fortinet;3.14.0.0;2007.12.28;-
F-Prot;4.4.2.54;2007.12.28;-
*F-Secure;6.70.13030.0;2007.12.28;Trojan-Downloader.Win32.Zlob.fns*
Ikarus;T3.1.1.15;2007.12.28;-
*Kaspersky;7.0.0.125;2007.12.28;Trojan-Downloader.Win32.Zlob.fns*
McAfee;5194;2007.12.27;-
*Microsoft;1.3109;2007.12.28;Trojan:Win32/Tibs.gen!lds*
NOD32v2;2752;2007.12.28;-
*Norman;5.80.02;2007.12.27;W32/Zlob.ARDM*
Panda;9.0.0.4;2007.12.27;-
Prevx1;V2;2007.12.28;-
Rising;20.24.41.00;2007.12.28;-
*Sophos;4.24.0;2007.12.28;Troj/Zlobar-Fam*
Sunbelt;2.2.907.0;2007.12.28;-
Symantec;10;2007.12.28;-
*TheHacker;6.2.9.172;2007.12.27;Trojan/Downloader.gen*
*VBA32;3.12.2.5;2007.12.26;MalwareScope.Worm.Nuwar-Glowa.1*
VirusBuster;4.3.26:9;2007.12.27;-
*Webwasher-Gateway;6.6.2;2007.12.28;Trojan.Dldr.Zlob*

Additional information
File size: 148200 bytes
MD5: 4a9828c1ef46b792f45d6358855ead27
SHA1: be7dcaed6ceb853078832d2dc6c80fc696f5bdcd
PEiD: -

----------


## rubin

эвона как бывает... temp/winlogon.exe


```
AhnLab-V3	2007.12.29.11	2007.12.29	-
AntiVir	7.6.0.46	2007.12.28	-
Authentium	4.93.8	2007.12.29	-
Avast	4.7.1098.0	2007.12.28	-
AVG	7.5.0.516	2007.12.28	SHeur.AJLM
BitDefender	7.2	2007.12.29	-
CAT-QuickHeal	9.00	2007.12.29	-
ClamAV	0.91.2	2007.12.29	-
DrWeb	4.44.0.09170	2007.12.29	-
eSafe	7.0.15.0	2007.12.27	-
eTrust-Vet	31.3.5412	2007.12.29	-
Ewido	4.0	2007.12.29	-
FileAdvisor	1	2007.12.29	-
Fortinet	3.14.0.0	2007.12.29	-
F-Prot	4.4.2.54	2007.12.28	-
F-Secure	6.70.13030.0	2007.12.28	-
Ikarus	T3.1.1.15	2007.12.29	-
Kaspersky	7.0.0.125	2007.12.29	-
McAfee	5195	2007.12.28	-
Microsoft	1.3109	2007.12.29	-
NOD32v2	2754	2007.12.28	-
Norman	5.80.02	2007.12.28	-
Panda	9.0.0.4	2007.12.28	-
Prevx1	V2	2007.12.29	-
Rising	20.24.52.00	2007.12.29	-
Sophos	4.24.0	2007.12.29	-
Sunbelt	2.2.907.0	2007.12.28	-
Symantec	10	2007.12.29	-
TheHacker	6.2.9.174	2007.12.28	-
VBA32	3.12.2.5	2007.12.29	-
VirusBuster	4.3.26:9	2007.12.28	-
Webwasher-Gateway	6.6.2	2007.12.28	-
```

Дополнительная информация
File size: 33280 bytes
MD5: 16ccf9650143c6746eb39ba09489d412
SHA1: 4080c60b5b983d93c822fa0cbc04d844a54ad969

----------


## Bratez

Complete scanning result of "avz00001.dta", processed in VirusTotal at 12/30/2007 12:02:21 (CET).

[ file data ]
* name: avz00001.dta
* size: 73742
* md5.: 179f70d07c604671de2741a531840e81
* sha1: 5e7827dd0db639fdada394bd1312972c530f541c
* peid..: -

[ scan result ]
 AhnLab-V3 2007.12.29.11/20071229 found nothing
*AntiVir 7.6.0.46/20071229 found [HEUR/Crypted]
*Authentium 4.93.8/20071229 found nothing
Avast 4.7.1098.0/20071229 found nothing
*AVG 7.5.0.516/20071229 found [DNSChanger.G]
BitDefender 7.2/20071230 found [Trojan.DNSChanger.RB]
CAT-QuickHeal 9.00/20071229 found [(Suspicious) - DNAScan]
*ClamAV 0.91.2/20071230 found nothing
DrWeb 4.44.0.09170/20071230 found nothing
eSafe 7.0.15.0/20071227 found nothing
eTrust-Vet 31.3.5412/20071229 found nothing
Ewido 4.0/20071229 found nothing
F-Prot 4.4.2.54/20071229 found nothing
F-Secure 6.70.13030.0/20071230 found nothing
FileAdvisor 1/20071230 found nothing
Fortinet 3.14.0.0/20071230 found nothing
*Ikarus T3.1.1.15/20071230 found [Trojan.DNSChanger.RB]
Kaspersky 7.0.0.125/20071230 found [Heur.Trojan.Generic]
*McAfee 5195/20071228 found nothing
*Microsoft 1.3109/20071230 found [Trojan:Win32/Alureon.gen!D]
NOD32v2 2755/20071229 found [Win32/TrojanDownloader.Zlob.BMQ]
*Norman 5.80.02/20071228 found nothing
Panda 9.0.0.4/20071230 found nothing
Prevx1 V2/20071230 found nothing
Rising 20.24.52.00/20071229 found nothing
Sophos 4.24.0/20071230 found nothing
Sunbelt 2.2.907.0/20071230 found nothing
Symantec 10/20071230 found nothing
TheHacker 6.2.9.175/20071229 found nothing
VBA32 3.12.2.5/20071229 found nothing
VirusBuster 4.3.26:9/20071229 found nothing
*Webwasher-Gateway 6.6.2/20071229 found [Heuristic.Crypted]
*

----------


## strawser

File websitetutorial.exe received on 12.30.2007 14:25:33 (CET)

Result: 4/32 (12.5%) 

Antivirus	Version	Last Update	Result
AhnLab-V3	2007.12.29.11	2007.12.29	-
AntiVir	7.6.0.46	2007.12.29	-
Authentium	4.93.8	2007.12.29	-
Avast	4.7.1098.0	2007.12.29	-
AVG	7.5.0.516	2007.12.30	-
BitDefender	7.2	2007.12.30	-
CAT-QuickHeal	9.00	2007.12.29	-
ClamAV	0.91.2	2007.12.30	-
DrWeb	4.44.0.09170	2007.12.30	-
*eSafe	7.0.15.0	2007.12.27	suspicious Trojan/Worm*
eTrust-Vet	31.3.5412	2007.12.29	-
Ewido	4.0	2007.12.30	-
FileAdvisor	1	2007.12.30	-
Fortinet	3.14.0.0	2007.12.30	-
F-Prot	4.4.2.54	2007.12.29	-
F-Secure	6.70.13030.0	2007.12.30	-
*Ikarus	T3.1.1.15	2007.12.30	Trojan-Downloader.Win32.Banload.eta*
Kaspersky	7.0.0.125	2007.12.30	-
McAfee	5195	2007.12.28	-
Microsoft	1.3109	2007.12.30	-
NOD32v2	2755	2007.12.29	-
*Norman	5.80.02	2007.12.28	W32/BHO.AMN*
Panda	9.0.0.4	2007.12.30	-
*Prevx1	V2	2007.12.30	Heuristic: Suspicious File With Outbound Communications*
Rising	20.24.52.00	2007.12.29	-
Sophos	4.24.0	2007.12.30	-
Sunbelt	2.2.907.0	2007.12.30	-
Symantec	10	2007.12.30	-
TheHacker	6.2.9.175	2007.12.29	-
VBA32	3.12.2.5	2007.12.29	-
VirusBuster	4.3.26:9	2007.12.29	-
Webwasher-Gateway	6.6.2	2007.12.29	-
Additional information
File size: 338164 bytes
MD5: 236882e4572d87562157798ed807eccf
SHA1: 4ade5312ae36fbc760cf4a73eae60ce099ac1209
PEiD: -
packers: UPX
packers: UPX
packers: UPX

----------


## Shu_b

Ну... подведём итоги... месяца.  :Smiley: 

edit: загружены более компактные картинки.

----------


## Surfer

Опять шторм, только криптованый.
Самое интересное что 8-ка каспера уже ловит его как желатин =\


Файл happy_2008.exe получен 2007.12.31 15:13:22 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО 
Результат: 12/32 (37.5%)

Антивирус Версия Обновление Результат 
AhnLab-V3 2008.1.1.10 2007.12.31 - 
*AntiVir 7.6.0.46 2007.12.31 TR/Crypt.XDR.Gen*
Authentium 4.93.8 2007.12.30 - 
*Avast 4.7.1098.0 2007.12.30 Win32helatin-ASX*
AVG 7.5.0.516 2007.12.31 - 
*BitDefender 7.2 2007.12.31 Trojan.Peed.IRS*
CAT-QuickHeal 9.00 2007.12.31 - 
ClamAV 0.91.2 2007.12.31 - 
*DrWeb 4.44.0.09170 2007.12.31 Trojan.Spambot.2559*
eSafe 7.0.15.0 2007.12.30 - 
eTrust-Vet 31.3.5417 2007.12.31 - 
Ewido 4.0 2007.12.31 - 
FileAdvisor 1 2007.12.31 - 
*Fortinet 3.14.0.0 2007.12.31 W32/[email protected]*
F-Prot 4.4.2.54 2007.12.31 - 
F-Secure 6.70.13030.0 2007.12.31 - 
Ikarus T3.1.1.15 2007.12.31 - 
Kaspersky 7.0.0.125 2007.12.31 - 
*McAfee 5195 2007.12.28 W32/[email protected]
Microsoft 1.3109 2007.12.31 Backdoor:WinNT/Nuwar.B!sys
NOD32v2 2758 2007.12.31 probably a variant of Win32/Nuwar*
Norman 5.80.02 2007.12.31 - 
*Panda 9.0.0.4 2007.12.31 Suspicious file*
*Prevx1 V2 2007.12.31 Stormy:Worm-All Variants*
Rising 20.24.52.00 2007.12.29 - 
*Sophos 4.24.0 2007.12.31 Mal/Dorf-H*
Sunbelt 2.2.907.0 2007.12.30 - 
Symantec 10 2007.12.31 - 
TheHacker 6.2.9.175 2007.12.29 - 
VBA32 3.12.2.5 2007.12.29 - 
VirusBuster 4.3.26:9 2007.12.31 - 
*Webwasher-Gateway 6.6.2 2007.12.31 Trojan.Crypt.XDR.Gen*
Дополнительная информация 
File size: 143873 bytes 
MD5: 30196db0c6df236d32307693feb4935e 
SHA1: bb34c478ab65a3418f333996568178fcdc7a6011 
PEiD: - 
Prevx info: http://info.prevx.com/aboutprogramte...E37E00B13961EF

----------


## mA_sat

Поставил Икарус себе, посмотреть как он работает


 Файл Mswtif.dll получен 2007.11.05 22:24:39 (CET)

Текущий статус: закончено
Результат: 3/31 (9.68%)
Форматированные Форматированные
Печать результатов Печать результатов
Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3 	- 	- 	-
AntiVir 	- 	- 	-
Authentium 	- 	- 	Possibly a new variant of W32/CodeCru-based!Maximus
Avast 	- 	- 	-
AVG 	- 	- 	-
BitDefender 	- 	- 	-
CAT-QuickHeal 	- 	- 	-
ClamAV 	- 	- 	-
DrWeb 	- 	- 	-
eSafe 	- 	- 	-
eTrust-Vet 	- 	- 	-
Ewido 	- 	- 	-
FileAdvisor 	- 	- 	-
Fortinet 	- 	- 	-
F-Prot 	- 	- 	W32/CodeCru-based!Maximus
F-Secure 	- 	- 	-
Ikarus 	- 	- 	Trojan-Spy.Win32.Agent.rb
Kaspersky 	- 	- 	-
McAfee 	- 	- 	-
Microsoft 	- 	- 	-
NOD32v2 	- 	- 	-
Norman 	- 	- 	-
Panda 	- 	- 	-
Rising 	- 	- 	-
Sophos 	- 	- 	-
Sunbelt 	- 	- 	-
Symantec 	- 	- 	-
TheHacker 	- 	- 	-
VBA32 	- 	- 	-
VirusBuster 	- 	- 	-
Webwasher-Gateway 	- 	- 	-
Дополнительная информация
MD5: 472f3ca7b2d92bd5b3c351e101fd5451

----------


## XL

Свежая сборка Storm:




> Файл happy_2008.rar получен 2008.01.01 14:46:59 (CET)
> 
> AhnLab-V3	2008.1.1.10	2007.12.31	-
> *AntiVir	7.6.0.46	2007.12.31	TR/Crypt.XDR.Gen*
> Authentium	4.93.8	2007.12.31	-
> *Avast	4.7.1098.0	2007.12.31	Win32helatin-ASX*
> AVG	7.5.0.516	2007.12.31	-
> *BitDefender	7.2	2008.01.01	Trojan.Agent.AGIU*
> CAT-QuickHeal	9.00	2007.12.31	-
> ...


Каспер только недавно начал детектить...базы пришлось вручную обновить.

----------


## Surfer

File ibho1.dll received on 01.01.2008 20:56:10 (CET)
Current status: finished

Result: 6/32 (18.75%)


Antivirus Version Last Update Result
AhnLab-V3 2008.1.1.10 2007.12.31 - 
AntiVir 7.6.0.46 2007.12.31 - 
Authentium 4.93.8 2007.12.31 - 
Avast 4.7.1098.0 2007.12.31 - 
AVG 7.5.0.516 2008.01.01 - 
*BitDefender 7.2 2008.01.01 Adware.Give4free.C*
CAT-QuickHeal 9.00 2007.12.31 - 
ClamAV 0.91.2 2008.01.01 - 
DrWeb 4.44.0.09170 2007.12.31 - 
eSafe 7.0.15.0 2008.01.01 - 
eTrust-Vet 31.3.5421 2008.01.01 - 
Ewido 4.0 2008.01.01 - 
FileAdvisor 1 2008.01.01 - 
Fortinet 3.14.0.0 2008.01.01 - 
F-Prot 4.4.2.54 2008.01.01 - 
F-Secure 6.70.13030.0 2008.01.01 - 
Ikarus T3.1.1.15 2008.01.01 - 
Kaspersky 7.0.0.125 2008.01.01 - 
*McAfee 5196 2007.12.31 potentially unwanted program Adware-Give4Free
Microsoft 1.3109 2008.01.01 Adware:Win32/Give4Free*
NOD32v2 2759 2008.01.01 - 
Norman 5.80.02 2007.12.31 - 
*Panda 9.0.0.4 2008.01.01 Generic Malware*
Prevx1 V2 2008.01.01 - 
Rising 20.24.52.00 2007.12.29 - 
Sophos 4.24.0 2008.01.01 - 
*Sunbelt 2.2.907.0 2007.12.30 Give4Free*
Symantec 10 2008.01.01 - 
TheHacker 6.2.9.176 2008.01.01 - 
VBA32 3.12.2.5 2007.12.31 - 
VirusBuster 4.3.26:9 2008.01.01 - 
*Webwasher-Gateway 6.6.2 2007.12.31 Trojan.Downloader.Win32.Malware.gen (suspicious)*

Additional information 
File size: 29696 bytes 
MD5: b2e0d43ac994b95839af87587a50d9dd 
SHA1: 8d49252eeafba8616c05e93274907e7c28ec9490 
PEiD: - 
packers: UPX 
packers: UPX 
packers: UPX

----------


## strawser

File Crack_Windows_XP.zip received on 01.02.2008 23:22:33 (CET)
Result: 11/32 (34.38%) 
 Antivirus	Version	Last Update	Result
AhnLab-V3	2008.1.3.10	2008.01.02	-
*AntiVir	7.6.0.46	2008.01.02	TR/Dropper.Gen*
Authentium	4.93.8	2008.01.02	-
*Avast	4.7.1098.0	2008.01.02	Win32:Agent-KXS
AVG	7.5.0.516	2008.01.02	Dropper.Agent.DQC
BitDefender	7.2	2008.01.02	Trojan.PWS.LdPinch.BSG*
CAT-QuickHeal	9.00	2008.01.02	-
ClamAV	0.91.2	2008.01.02	-
*DrWeb	4.44.0.09170	2008.01.02	Trojan.MulDrop.6269*
*eSafe	7.0.15.0	2008.01.02	Suspicious File*
eTrust-Vet	31.3.5424	2008.01.02	-
Ewido	4.0	2008.01.02	-
FileAdvisor	1	2008.01.02	-
Fortinet	3.14.0.0	2008.01.02	-
F-Prot	4.4.2.54	2008.01.02	-
*F-Secure	6.70.13030.0	2008.01.02	Trojan-Dropper.Win32.Agent.bib
Ikarus	T3.1.1.15	2008.01.02	Trojan-Dropper.Win32.Agent.bib
Kaspersky	7.0.0.125	2008.01.02	Trojan-Dropper.Win32.Agent.bib*
McAfee	5197	2008.01.02	-
Microsoft	1.3109	2008.01.02	-
NOD32v2	2761	2008.01.02	-
Norman	5.80.02	2008.01.02	-
*Panda	9.0.0.4	2008.01.02	Suspicious file*
Prevx1	V2	2008.01.02	-
Rising	20.25.22.00	2008.01.02	-
Sophos	4.24.0	2008.01.02	-
Sunbelt	2.2.907.0	2008.01.02	-
Symantec	10	2008.01.02	-
TheHacker	6.2.9.176	2008.01.01	-
VBA32	3.12.2.5	2008.01.02	-
VirusBuster	4.3.26:9	2008.01.02	-
*Webwasher-Gateway	6.6.2	2008.01.02	Trojan.Dropper.Gen*
Additional information
File size: 76817 bytes
MD5: 70d14dd0b905baf481453ff2001ee566
SHA1: 78fce6f9585cf29bcb8e033874e1378c14a1dbed
PEiD: -


File mvat.rar received on 01.02.2008 23:48:44 (CET)
Result: 15/32 (46.88%) 
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.1.3.10	2008.01.02	-
*AntiVir	7.6.0.46	2008.01.02	BDS/Pcclient.GV.183*
Authentium	4.93.8	2008.01.02	-
Avast	4.7.1098.0	2008.01.02	-
AVG	7.5.0.516	2008.01.02	-
*BitDefender	7.2	2008.01.02	Backdoor.Pcclient.GV
CAT-QuickHeal	9.00	2008.01.02	(Suspicious) - DNAScan*
ClamAV	0.91.2	2008.01.02	-
DrWeb	4.44.0.09170	2008.01.02	-
*eSafe	7.0.15.0	2008.01.02	suspicious Trojan/Worm*
eTrust-Vet	31.3.5424	2008.01.02	-
Ewido	4.0	2008.01.02	-
FileAdvisor	1	2008.01.02	-
*Fortinet	3.14.0.0	2008.01.02	PossibleThreat!024944
F-Prot	4.4.2.54	2008.01.02	W32/Heuristic-162!Eldorado*
F-Secure	6.70.13030.0	2008.01.02	-
*Ikarus	T3.1.1.15	2008.01.02	MalwareScope.Backdoor.Hupigon.3*
Kaspersky	7.0.0.125	2008.01.02	-
*McAfee	5197	2008.01.02	New Malware.aq*
Microsoft	1.3109	2008.01.02	-
NOD32v2	2761	2008.01.02	-
Norman	5.80.02	2008.01.02	-
*Panda	9.0.0.4	2008.01.02	Generic Malware
Prevx1	V2	2008.01.02	BACKDOOR.PCCLIENT.GV*
Rising	20.25.22.00	2008.01.02	-
*Sophos	4.24.0	2008.01.02	Mal/Packer*
Sunbelt	2.2.907.0	2008.01.02	-
*Symantec	10	2008.01.02	Backdoor.Trojan
TheHacker	6.2.9.176	2008.01.01	W32/Behav-Heuristic-063*
VBA32	3.12.2.5	2008.01.02	-
*VirusBuster	4.3.26:9	2008.01.02	Packed/NSPack
Webwasher-Gateway	6.6.2	2008.01.02	Trojan.Backdoor.Pcclient.GV.183*
Additional information
File size: 44114 bytes
MD5: 6ee63970d8f3523c80115cbd55eaba7b
SHA1: 57c81f393055eda6db89da9e97398081701e9382
PEiD: -
packers: NSPack, PE_Patch, UPX
packers: NSPack, UPX
Prevx info: http://info.prevx.com/aboutprogramte...81510018414621

File mail.ru.games.crack.rar received on 01.03.2008 00:15:36 (CET)
Result: 13/32 (40.63%) 
 Antivirus	Version	Last Update	Result
AhnLab-V3	2008.1.3.10	2008.01.02	-
AntiVir	7.6.0.46	2008.01.02	-
Authentium	4.93.8	2008.01.02	-
Avast	4.7.1098.0	2008.01.02	-
*AVG	7.5.0.516	2008.01.02	Generic5.MNE*
BitDefender	7.2	2008.01.02	-
*CAT-QuickHeal	9.00	2008.01.02	(Suspicious) - DNAScan
ClamAV	0.91.2	2008.01.02	PUA.Packed.UPack-2*
DrWeb	4.44.0.09170	2008.01.02	-
*eSafe	7.0.15.0	2008.01.02	Suspicious File*
eTrust-Vet	31.3.5424	2008.01.02	-
Ewido	4.0	2008.01.02	-
FileAdvisor	1	2008.01.03	-
Fortinet	3.14.0.0	2008.01.02	-
*F-Prot	4.4.2.54	2008.01.02	W32/Heuristic-162!Eldorado*
F-Secure	6.70.13030.0	2008.01.02	-
*Ikarus	T3.1.1.15	2008.01.02	Trojan.Keygen.Q*
Kaspersky	7.0.0.125	2008.01.02	-
*McAfee	5197	2008.01.02	New Malware.aj*
Microsoft	1.3109	2008.01.02	-
NOD32v2	2761	2008.01.02	-
Norman	5.80.02	2008.01.02	-
Panda	9.0.0.4	2008.01.02	-
*Prevx1	V2	2008.01.03	Generic.Malware*
Rising	20.25.22.00	2008.01.02	-
*Sophos	4.24.0	2008.01.02	Mal/Packer
Sunbelt	2.2.907.0	2008.01.02	VIPRE.Suspicious*
Symantec	10	2008.01.02	-
*TheHacker	6.2.9.176	2008.01.01	W32/Behav-Heuristic-060*
VBA32	3.12.2.5	2008.01.02	-
*VirusBuster	4.3.26:9	2008.01.02	Packed/Upack
Webwasher-Gateway	6.0.1	2008.01.02	Win32.Malware.gen* (suspicious)
Additional information
File size: 47431 bytes
MD5: 027e42801a8c06b052b246000d5d8181
SHA1: 84896e282662da0c99f10de258da036d217e1da4
PEiD: -
packers: UPack
packers: PE_Patch, UPack
Prevx info: http://info.prevx.com/aboutprogramte...DFB10012B9D722
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

File Backdoor-Controller.rar received on 01.03.2008 12:31:10 (CET)
Result: 16/32 (50%) 
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.1.3.10	2008.01.02	-
*AntiVir	7.6.0.46	2008.01.03	BDS/Prorat.ae.23
Authentium	4.93.8	2008.01.02	is a dropper for W32/Dropper.DFP
Avast	4.7.1098.0	2008.01.03	Win32dPinch-RV
AVG	7.5.0.516	2008.01.02	PSW.Ldpinch.DQX
BitDefender	7.2	2008.01.03	Trojan.Dropper.Agent.BBA*
CAT-QuickHeal	9.00	2008.01.02	-
*ClamAV	0.91.2	2008.01.03	Trojan.Dropper-118
DrWeb	4.44.0.09170	2008.01.03	Trojan.MulDrop.5406*
eSafe	7.0.15.0	2008.01.02	-
eTrust-Vet	31.3.5427	2008.01.03	-
Ewido	4.0	2008.01.02	-
FileAdvisor	1	2008.01.03	-
Fortinet	3.14.0.0	2008.01.03	-
*F-Prot	4.4.2.54	2008.01.02	W32/Dropper.DFP
F-Secure	6.70.13030.0	2008.01.03	Trojan-Dropper.Win32.Agent.bba*
*Ikarus	T3.1.1.15	2008.01.03	Trojan-Dropper.Win32.VB.FI
Kaspersky	7.0.0.125	2008.01.03	Trojan-Dropper.Win32.Agent.bba*
McAfee	5198	2008.01.03	-
Microsoft	1.3109	2008.01.03	-
*NOD32v2	2763	2008.01.03	Win32/TrojanDropper.Small.AQM*
Norman	5.80.02	2008.01.03	-
*Panda	9.0.0.4	2008.01.03	Suspicious file
Prevx1	V2	2008.01.03	Generic.Malware*
Rising	20.25.32.00	2008.01.03	-
Sophos	4.24.0	2008.01.03	-
Sunbelt	2.2.907.0	2008.01.03	-
Symantec	10	2008.01.03	-
TheHacker	6.2.9.178	2008.01.03	-
*VBA32	3.12.2.5	2008.01.02	Trojan-PSW.Win32.LdPinch.bka*
VirusBuster	4.3.26:9	2008.01.02	-
*Webwasher-Gateway	6.6.2	2008.01.03	Trojan.Backdoor.Prorat.ae.23*
Additional information
File size: 978065 bytes
MD5: 4bedef351df50464ee90711a1e2d380a
SHA1: 401e41aa223770086ed242053588dd62ab6b952b
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...36BD00ADC94FD9

Вначале только эвристики сработали,а потом Каспер подтвердил и довалил в базы этого зверя по имени Dr. Web Антивирус + Антиспам.rar. Только тот антивирус, которому вирус посвящен еще не детектит. 

File Dr._Web__________________________ received on 01.03.2008 20:52:13 (CET)
Result: 3/32 (9.38%) 
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.1.4.10	2008.01.03	-
AntiVir	7.6.0.46	2008.01.03	-
Authentium	4.93.8	2008.01.02	-
Avast	4.7.1098.0	2008.01.03	-
AVG	7.5.0.516	2008.01.03	-
BitDefender	7.2	2008.01.03	-
CAT-QuickHeal	9.00	2008.01.03	-
ClamAV	0.91.2	2008.01.03	-
DrWeb	4.44.0.09170	2008.01.03	-
eSafe	7.0.15.0	2008.01.03	-
eTrust-Vet	31.3.5427	2008.01.03	-
Ewido	4.0	2008.01.03	-
FileAdvisor	1	2008.01.03	-
Fortinet	3.14.0.0	2008.01.03	-
F-Prot	4.4.2.54	2008.01.02	-
F-Secure	6.70.13030.0	2008.01.03	-
Ikarus	T3.1.1.15	2008.01.03	-
*Kaspersky	7.0.0.125	2008.01.03	Trojan-Spy.Win32.Delf.avq*
McAfee	5199	2008.01.03	-
Microsoft	1.3109	2008.01.03	-
NOD32v2	2764	2008.01.03	-
Norman	5.80.02	2008.01.03	-
*Panda	9.0.0.4	2008.01.03	Suspicious file
Prevx1	V2	2008.01.03	Heuristic: Suspicious File With Mass Email Capabilities*
Rising	20.25.32.00	2008.01.03	-
Sophos	4.24.0	2008.01.03	-
Sunbelt	2.2.907.0	2008.01.03	-
Symantec	10	2008.01.03	-
TheHacker	6.2.9.178	2008.01.03	-
VBA32	3.12.2.5	2008.01.02	-
VirusBuster	4.3.26:9	2008.01.03	-
Webwasher-Gateway	6.6.2	2008.01.03	-
Additional information
File size: 1900647 bytes
MD5: 0b2b4248ced3112ce75eff9bb0052a13
SHA1: 71c7e7861a1b43cc41d3ad9f3dc564192ec694bc
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...EB8000D3CE854D

File _webfile.ru____________.exe.safe received on 01.03.2008 22:18:35 (CET)
Result: 22/32 (68.75%) 
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.1.4.10	2008.01.03	-
*AntiVir	7.6.0.46	2008.01.03	TR/Spy.Gen*
Authentium	4.93.8	2008.01.02	-
*Avast	4.7.1098.0	2008.01.03	Win32dPinch-BHU
AVG	7.5.0.516	2008.01.03	Dropper.Generic.PPQ
BitDefender	7.2	2008.01.03	Trojan.PWS.LDPinch.TDA
CAT-QuickHeal	9.00	2008.01.03	TrojanDropper.Agent.buo*
ClamAV	0.91.2	2008.01.03	-
*DrWeb	4.44.0.09170	2008.01.03	Trojan.MulDrop.8720
eSafe	7.0.15.0	2008.01.03	Win32.Agent.buo*
eTrust-Vet	31.3.5427	2008.01.03	-
Ewido	4.0	2008.01.03	-
FileAdvisor	1	2008.01.03	-
*Fortinet	3.14.0.0	2008.01.03	W32/Basine.BUO!tr
F-Prot	4.4.2.54	2008.01.02	W32/Trojan.CFPJ
F-Secure	6.70.13030.0	2008.01.03	Trojan-Dropper.Win32.Agent.buo
Ikarus	T3.1.1.15	2008.01.03	Trojan-Dropper.Win32.Small.bae
Kaspersky	7.0.0.125	2008.01.03	Trojan-Dropper.Win32.Agent.buo*
McAfee	5199	2008.01.03	-
Microsoft	1.3109	2008.01.03	-
*NOD32v2	2764	2008.01.03	probably a variant of Win32/TrojanDropper.Agent*
*Norman	5.80.02	2008.01.03	W32/Wow.CAV
Panda	9.0.0.4	2008.01.03	Trj/Downloader.MDW
Prevx1	V2	2008.01.03	Generic.Malware
Rising	20.25.32.00	2008.01.03	Dropper.Win32.Agent.buo
Sophos	4.24.0	2008.01.03	Mal/Basine-C*
Sunbelt	2.2.907.0	2008.01.03	-
*Symantec	10	2008.01.03	Infostealer.Notos!gen
TheHacker	6.2.9.178	2008.01.03	Trojan/Dropper.Agent.buo
VBA32	3.12.2.5	2008.01.02	Trojan-Dropper.Win32.Agent.buo*
VirusBuster	4.3.26:9	2008.01.03	-
*Webwasher-Gateway	6.6.2	2008.01.03	Trojan.Spy.Gen*
Additional information
File size: 627488 bytes
MD5: 011df53be509662db76f8d75b3948f41
SHA1: 10e42de52df7c7cfcdc6ad5884c2a857e11354b4
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...C83F001FBF7C10

File keygen__kaspersky_6.0_.exe.safe received on 01.03.2008 22:47:05 (CET)
Result: 19/32 (59.38%) 
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.1.4.10	2008.01.03	-
*AntiVir	7.6.0.46	2008.01.03	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2008.01.02	-
*Avast	4.7.1098.0	2008.01.03	Win32dPinch-NO
AVG	7.5.0.516	2008.01.03	PSW.Ldpinch.RGB
BitDefender	7.2	2008.01.03	MemScan:Trojan.PWS.LdPinch.BSG
CAT-QuickHeal	9.00	2008.01.03	Win32.Trojan-PSW.LdPinch.bgj3*
ClamAV	0.91.2	2008.01.03	-
*DrWeb	4.44.0.09170	2008.01.03	Trojan.PWS.LDPinch.1407
eSafe	7.0.15.0	2008.01.03	Suspicious File*
eTrust-Vet	31.3.5427	2008.01.03	-
Ewido	4.0	2008.01.03	-
FileAdvisor	1	2008.01.03	-
Fortinet	3.14.0.0	2008.01.03	-
*F-Prot	4.4.2.54	2008.01.02	W32/LdPinch.F.gen!Eldorado
F-Secure	6.70.13030.0	2008.01.03	Trojan-PSW.Win32.LdPinch.btw
Ikarus	T3.1.1.15	2008.01.03	Trojan-PWS.Win32.LdPinch.bmi
Kaspersky	7.0.0.125	2008.01.03	Trojan-PSW.Win32.LdPinch.btw*
McAfee	5199	2008.01.03	-
*Microsoft	1.3109	2008.01.03	Trojan:Win32/Anomaly.gen!A
NOD32v2	2764	2008.01.03	a variant of Win32/PSW.LdPinch.NCB*
Norman	5.80.02	2008.01.03	-
Panda	9.0.0.4	2008.01.03	-
Prevx1	V2	2008.01.03	-
*Rising	20.25.32.00	2008.01.03	Trojan.PSW.Win32.LdPinch.btw
Sophos	4.24.0	2008.01.03	Troj/LdPinch-PZ
Sunbelt	2.2.907.0	2008.01.03	Trojan-PWS.LdPinch.BSG
Symantec	10	2008.01.03	Infostealer*
TheHacker	6.2.9.178	2008.01.03	-
*VBA32	3.12.2.5	2008.01.02	MalwareScope.Trojan-PSW.Pinch.1*
VirusBuster	4.3.26:9	2008.01.03	-
*Webwasher-Gateway	6.6.2	2008.01.03	Trojan.Crypt.XPACK.Gen*
Additional information
File size: 32829 bytes
MD5: b4bd55ddbdda7f7fc6d7985a19421700
SHA1: c9cdcd832a776813e1b45cd890ff7a8883d3955f
PEiD: -
packers: RCryptor, PECompact
packers: PecBundle, PECompact

File AVP_Keygen_5.0.exe received on 01.04.2008 11:46:22 (CET)
Result: 16/32 (50%) 
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.1.4.11	2008.01.04	-
*AntiVir	7.6.0.46	2008.01.03	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2008.01.04	-
*Avast	4.7.1098.0	2008.01.03	Win32:Small-YL
AVG	7.5.0.516	2008.01.03	Packed.AverCrypt*
BitDefender	7.2	2008.01.04	-
*CAT-QuickHeal	9.00	2008.01.03	(Suspicious) - DNAScan*
ClamAV	0.91.2	2008.01.04	-
*DrWeb	4.44.0.09170	2008.01.03	Trojan.KeyLogger.195*
eSafe	7.0.15.0	2008.01.03	1760502504
eTrust-Vet	31.3.5430	2008.01.04	-
*Ewido	4.0	2008.01.03	Logger.Small.cw*
FileAdvisor	1	2008.01.04	-
Fortinet	3.14.0.0	2008.01.04	-
F-Prot	4.4.2.54	2008.01.04	-
*F-Secure	6.70.13030.0	2008.01.04	Trojan-Spy.Win32.Small.cw*
Ikarus	T3.1.1.15	2008.01.04	-
*Kaspersky	7.0.0.125	2008.01.04	Trojan-Spy.Win32.Small.cw*
McAfee	5199	2008.01.03	-
Microsoft	1.3109	2008.01.04	-
*NOD32v2	2764	2008.01.03	probably unknown NewHeur_PE* virus
Norman	5.80.02	2008.01.03	-
*Panda	9.0.0.4	2008.01.03	Suspicious file*
Prevx1	V2	2008.01.04	-
Rising	20.25.41.00	2008.01.04	-
*Sophos	4.24.0	2008.01.04	Mal/Basine-C
Sunbelt	2.2.907.0	2008.01.04	VIPRE.Suspicious
Symantec	10	2008.01.04	Infostealer*
TheHacker	6.2.9.180	2008.01.04	-
*VBA32	3.12.2.5	2008.01.02	suspected of Embedded.Trojan.Win32.Spy.Small.CW*
VirusBuster	4.3.26:9	2008.01.03	-
*Webwasher-Gateway	6.6.2	2008.01.04	Trojan.Crypt.XPACK.Gen*
Additional information
File size: 17920 bytes
MD5: d6420ad88e50a5f20fbbd87c0929fba0
SHA1: b3ca55bc190383e040656a78fe7e8082dc40b6ea
PEiD: AverCryptor 1.02 beta -> os1r1s
packers: PE-Crypt.PNH
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

File AMS_Enterprise_2.79.exe received on 01.04.2008 11:46:48 (CET)
Result: 16/32 (50%) 
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.1.4.11	2008.01.04	-
*AntiVir	7.6.0.46	2008.01.03	TR/Spy.Gen*
Authentium	4.93.8	2008.01.04	-
Avast	4.7.1098.0	2008.01.03	-
*AVG	7.5.0.516	2008.01.03	PSW.Ldpinch.RLT
BitDefender	7.2	2008.01.04	Trojan.PWS.LdPinch.TGA
CAT-QuickHeal	9.00	2008.01.03	TrojanPSW.LdPinch.cds*
ClamAV	0.91.2	2008.01.04	-
*DrWeb	4.44.0.09170	2008.01.03	Trojan.PWS.LDPinch.1941
eSafe	7.0.15.0	2008.01.03	Win32.LdPinch.cds*
eTrust-Vet	31.3.5430	2008.01.04	-
Ewido	4.0	2008.01.03	-
*FileAdvisor	1	2008.01.04	High threat detected*
Fortinet	3.14.0.0	2008.01.04	-
F-Prot	4.4.2.54	2008.01.04	-
*F-Secure	6.70.13030.0	2008.01.04	Trojan-PSW.Win32.LdPinch.cds
Ikarus	T3.1.1.15	2008.01.04	MalwareScope.Trojan-PWS.Pinch.1
Kaspersky	7.0.0.125	2008.01.04	Trojan-PSW.Win32.LdPinch.cds*
McAfee	5199	2008.01.03	-
Microsoft	1.3109	2008.01.04	-
NOD32v2	2764	2008.01.03	-
Norman	5.80.02	2008.01.03	-
Panda	9.0.0.4	2008.01.03	-
Prevx1	V2	2008.01.04	-
*Rising	20.25.41.00	2008.01.04	Trojan.PSW.Win32.LdPinch.cds
Sophos	4.24.0	2008.01.04	Mal/Basine-C
Sunbelt	2.2.907.0	2008.01.04	Trojan-Spy.Gen*
Symantec	10	2008.01.04	-
*TheHacker	6.2.9.180	2008.01.04	Trojan/PSW.LdPinch.cds
VBA32	3.12.2.5	2008.01.02	Trojan-PSW.Win32.LdPinch.cds*
VirusBuster	4.3.26:9	2008.01.03	-
*Webwasher-Gateway	6.6.2	2008.01.04	Trojan.Spy.Gen*
Additional information
File size: 42496 bytes
MD5: 2cb93a4a640c366add1d1177f0bec443
SHA1: cbf6b16d41f65b1ea0ebf74432a023abf15e528d
PEiD: -
Bit9 info: http://fileadvisor.bit9.com/services...1d1177f0bec443
packers: PE_Patch.FreeCryptor, FreeCryptor

File pinch3_Builder.rar received on 01.04.2008 12:21:55 (CET)
Result: 22/32 (68.75%) 
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.1.4.11	2008.01.04	-
*AntiVir	7.6.0.46	2008.01.04	TR/Crypt.XDR.Gen
Authentium	4.93.8	2008.01.04	W32/Trojan.ACMO
Avast	4.7.1098.0	2008.01.03	Win32dPinch-OR
AVG	7.5.0.516	2008.01.03	Dropper.Agent.EFM
BitDefender	7.2	2008.01.04	Trojan.PWS.LdPinch.TAI
CAT-QuickHeal	9.00	2008.01.03	(Suspicious) - DNAScan
ClamAV	0.91.2	2008.01.04	Trojan.Spy-295
DrWeb	4.44.0.09170	2008.01.03	Trojan.MulDrop.7648
eSafe	7.0.15.0	2008.01.03	Suspicious File*
eTrust-Vet	31.3.5430	2008.01.04	-
Ewido	4.0	2008.01.03	-
FileAdvisor	1	2008.01.04	-
Fortinet	3.14.0.0	2008.01.04	-
*F-Prot	4.4.2.54	2008.01.04	W32/Trojan2.CKZ
F-Secure	6.70.13030.0	2008.01.04	Trojan-Dropper.Win32.PeStaple.13
Ikarus	T3.1.1.15	2008.01.04	Trojan-Dropper.Win32.Agent.bgn
Kaspersky	7.0.0.125	2008.01.04	Trojan-Dropper.Win32.PeStaple.13*
McAfee	5199	2008.01.03	-
Microsoft	1.3109	2008.01.04	-
*NOD32v2	2765	2008.01.04	Win32/TrojanDropper.FriJoiner.NAA*
Norman	5.80.02	2008.01.03	-
*Panda	9.0.0.4	2008.01.03	Suspicious file
Prevx1	V2	2008.01.04	Heuristic: Suspicious Self Modifying EXE
Rising	20.25.42.00	2008.01.04	Dropper.Win32.Agent.bgn
Sophos	4.24.0	2008.01.04	Mal/Basine-C
Sunbelt	2.2.907.0	2008.01.04	VIPRE.Suspicious*
Symantec	10	2008.01.04	-
TheHacker	6.2.9.180	2008.01.04	-
*VBA32	3.12.2.5	2008.01.02	Trojan-Dropper.Win32.Agent.bgn
VirusBuster	4.3.26:9	2008.01.03	Trojan.DR.Webmoner.Gen.2
Webwasher-Gateway	6.6.2	2008.01.04	Trojan.Crypt.XDR.Gen*
Additional information
File size: 422425 bytes
MD5: e33df8b9e185b82fe16a25e33c799d25
SHA1: d107330b71da84f1a1ac4397fe4829941ccafb94
PEiD: -
packers: PecBundle, PECompact
packers: PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact
Prevx info: http://info.prevx.com/aboutprogramte...B164009BA2505A
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## strawser

File paroliki.exe.safe received on 01.04.2008 16:52:17 (CET)
Result: 15/32 (46.88%) 
 Antivirus	Version	Last Update	Result
AhnLab-V3	2008.1.4.11	2008.01.04	-
*AntiVir	7.6.0.46	2008.01.04	TR/PSW.LdPinch.eix*
Authentium	4.93.8	2008.01.04	-
*Avast	4.7.1098.0	2008.01.03	Win32dPinch-BJV
AVG	7.5.0.516	2008.01.04	PSW.Ldpinch.RZB*
BitDefender	7.2	2008.01.04	-
*CAT-QuickHeal	9.00	2008.01.04	TrojanPSW.LdPinch.eix*
ClamAV	0.91.2	2008.01.04	-
DrWeb	4.44.0.09170	2008.01.04	-
eSafe	7.0.15.0	2008.01.03	-
eTrust-Vet	31.3.5430	2008.01.04	-
Ewido	4.0	2008.01.04	-
*FileAdvisor	1	2008.01.04	High threat detected*
Fortinet	3.14.0.0	2008.01.04	-
*F-Prot	4.4.2.54	2008.01.04	W32/LdPinch.H.gen!Eldorado
F-Secure	6.70.13030.0	2008.01.04	Trojan-PSW.Win32.LdPinch.eix
Ikarus	T3.1.1.15	2008.01.04	Virus.Win32.LdPinch.BJV
Kaspersky	7.0.0.125	2008.01.04	Trojan-PSW.Win32.LdPinch.eix*
McAfee	5199	2008.01.03	-
Microsoft	1.3109	2008.01.04	-
NOD32v2	2765	2008.01.04	-
Norman	5.80.02	2008.01.04	-
*Panda	9.0.0.4	2008.01.03	Suspicious file*
Prevx1	V2	2008.01.04	-
Rising	20.25.42.00	2008.01.04	-
Sophos	4.24.0	2008.01.04	-
*Sunbelt	2.2.907.0	2008.01.04	VIPRE.Suspicious
Symantec	10	2008.01.04	Infostealer
TheHacker	6.2.9.180	2008.01.04	Trojan/PSW.LdPinch.eix
VBA32	3.12.2.5	2008.01.02	MalwareScope.Trojan-PSW.Pinch.1*
VirusBuster	4.3.26:9	2008.01.04	-
*Webwasher-Gateway	6.6.2	2008.01.04	Trojan.PSW.LdPinch.eix*
Additional information
File size: 31232 bytes
MD5: 70a709161375ec2f634b5371d966b663
SHA1: 716dc079cbf424ef8ee41b6d5f301e9d519eb9af
PEiD: -
Bit9 info: http://fileadvisor.bit9.com/services...4b5371d966b663
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

File __________________.rar received on 01.04.2008 17:09:46 (CET)
Result: 3/32 (9.38%) 
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.1.4.11	2008.01.04	-
AntiVir	7.6.0.46	2008.01.04	-
Authentium	4.93.8	2008.01.04	-
Avast	4.7.1098.0	2008.01.03	-
AVG	7.5.0.516	2008.01.04	-
BitDefender	7.2	2008.01.04	-
CAT-QuickHeal	9.00	2008.01.04	-
ClamAV	0.91.2	2008.01.04	-
*DrWeb	4.44.0.09170	2008.01.04	SCRIPT.Virus*
eSafe	7.0.15.0	2008.01.03	-
eTrust-Vet	31.3.5430	2008.01.04	-
Ewido	4.0	2008.01.04	-
FileAdvisor	1	2008.01.04	-
Fortinet	3.14.0.0	2008.01.04	-
F-Prot	4.4.2.54	2008.01.04	-
F-Secure	6.70.13030.0	2008.01.04	-
Ikarus	T3.1.1.15	2008.01.04	-
*Kaspersky	7.0.0.125	2008.01.04	Trojan.VBS.KillFiles.u*
McAfee	5199	2008.01.03	-
Microsoft	1.3109	2008.01.04	-
NOD32v2	2765	2008.01.04	-
Norman	5.80.02	2008.01.04	-
*Panda	9.0.0.4	2008.01.03	Suspicious file*
Prevx1	V2	2008.01.04	-
Rising	20.25.42.00	2008.01.04	-
Sophos	4.24.0	2008.01.04	-
Sunbelt	2.2.907.0	2008.01.04	-
Symantec	10	2008.01.04	-
TheHacker	6.2.9.180	2008.01.04	-
VBA32	3.12.2.5	2008.01.02	-
VirusBuster	4.3.26:9	2008.01.04	-
Webwasher-Gateway	6.6.2	2008.01.04	-
Additional information
File size: 1929 bytes
MD5: 8809ee20f31497ebec7796e40a314586
SHA1: 61e0b881ce3284a4ad154e47770f31e4f32e35ae
PEiD: -

File NewYear2008.scr.safe received on 01.04.2008 17:32:44 (CET)
Result: 18/32 (56.25%) 
Antivirus	Version	Last Update	Result
*AhnLab-V3	2008.1.4.11	2008.01.04	Win-Trojan/LdPinch.34287
AntiVir	7.6.0.46	2008.01.04	TR/Crypt.NSPM.Gen*
Authentium	4.93.8	2008.01.04	-
Avast	4.7.1098.0	2008.01.03	-
*AVG	7.5.0.516	2008.01.04	PSW.Ldpinch.QZF
BitDefender	7.2	2008.01.04	Trojan.PWS.Ldpinch.TEJ
CAT-QuickHeal	9.00	2008.01.04	(Suspicious) - DNAScan*
ClamAV	0.91.2	2008.01.04	-
*DrWeb	4.44.0.09170	2008.01.04	Trojan.PWS.LDPinch.1407*
*eSafe	7.0.15.0	2008.01.03	Suspicious File*
eTrust-Vet	31.3.5430	2008.01.04	-
Ewido	4.0	2008.01.04	-
FileAdvisor	1	2008.01.04	-
Fortinet	3.14.0.0	2008.01.04	-
F-Prot	4.4.2.54	2008.01.04	-
*F-Secure	6.70.13030.0	2008.01.04	Trojan-PSW.Win32.LdPinch.ecw
Ikarus	T3.1.1.15	2008.01.04	Trojan-PWS.Win32.LdPinch.ecw
Kaspersky	7.0.0.125	2008.01.04	Trojan-PSW.Win32.LdPinch.ecw*
McAfee	5200	2008.01.04	-
Microsoft	1.3109	2008.01.04	-
*NOD32v2	2765	2008.01.04	Win32/PSW.LdPinch.NCB
Norman	5.80.02	2008.01.04	W32/LdPinch.RUP*
Panda	9.0.0.4	2008.01.03	-
Prevx1	V2	2008.01.04	-
*Rising	20.25.42.00	2008.01.04	Trojan.DL.Win32.Small.etp
Sophos	4.24.0	2008.01.04	Mal/Basine-C
Sunbelt	2.2.907.0	2008.01.04	VIPRE.Suspicious
Symantec	10	2008.01.04	Infostealer*
TheHacker	6.2.9.180	2008.01.04	-
VBA32	3.12.2.5	2008.01.02	-
*VirusBuster	4.3.26:9	2008.01.04	Trojan.PWS.LdPinch.CGD
Webwasher-Gateway	6.6.2	2008.01.04	Trojan.Crypt.NSPM.Gen*
Additional information
File size: 34287 bytes
MD5: add4b1566e862412eb08921b6975e5c7
SHA1: 590895137004cc116c2bb340e01c9a701990295b
PEiD: -
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

File l2phx.rar received on 01.04.2008 18:06:56 (CET)
Result: 12/32 (37.5%) 
 Antivirus        Version	Last Update	Result
AhnLab-V3	2008.1.4.11	2008.01.04	-
*AntiVir	7.6.0.46	2008.01.04	TR/Crypt.XDR.Gen*
Authentium	4.93.8	2008.01.04	-
*Avast	4.7.1098.0	2008.01.03	Win32:Cardspy-B*
AVG	7.5.0.516	2008.01.04	-
*BitDefender	7.2	2008.01.04	DeepScan:Generic.FWB.324295B9*
CAT-QuickHeal	9.00	2008.01.04	-
ClamAV	0.91.2	2008.01.04	-
DrWeb	4.44.0.09170	2008.01.04	-
eSafe	7.0.15.0	2008.01.03	-
eTrust-Vet	31.3.5430	2008.01.04	-
Ewido	4.0	2008.01.04	-
FileAdvisor	1	2008.01.04	-
Fortinet	3.14.0.0	2008.01.04	-
F-Prot	4.4.2.54	2008.01.04	-
F-Secure	6.70.13030.0	2008.01.04	-
*Ikarus	T3.1.1.15	2008.01.04	Trojan.Win32.Delf.nf
Kaspersky	7.0.0.125	2008.01.04	Trojan-PSW.Win32.LdPinch.cds*
McAfee	5200	2008.01.04	-
Microsoft	1.3109	2008.01.04	-
NOD32v2	2765	2008.01.04	-
Norman	5.80.02	2008.01.04	-
*Panda	9.0.0.4	2008.01.03	Suspicious file
Prevx1	V2	2008.01.04	Heuristic: Suspicious Self Modifying File*
Rising	20.25.42.00	2008.01.04	-
*Sophos	4.24.0	2008.01.04	Mal/Behav-053
Sunbelt	2.2.907.0	2008.01.04	Backdoor.Delf.BF*
Symantec	10	2008.01.04	-
TheHacker	6.2.9.180	2008.01.04	-
*VBA32	3.12.2.5	2008.01.02	MalwareScope.Trojan-PSW.Pinch.1
VirusBuster	4.3.26:9	2008.01.04	Trojan.DR.Webmoner.Gen.2*
*Webwasher-Gateway	6.6.2	2008.01.04	Win32.NewMalware.CC!9728!4*
Additional information
File size: 588302 bytes
MD5: fc2912bfe501e1303698cfcd7071ef9a
SHA1: 1a3f0b835a179e8ee52b9392925154c95dd72834
PEiD: -
packers: NCode
Prevx info: http://info.prevx.com/aboutprogramte...988F00C89E16CF

----------


## ALEX(XX)

File Check.exe received on 01.05.2008 16:13:02 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.1.5.11 2008.01.05 -
*AntiVir 7.6.0.46 2008.01.04 TR/PSW.Wow.LQ*
Authentium 4.93.8 2008.01.04 -
Avast 4.7.1098.0 2008.01.04 -
AVG 7.5.0.516 2008.01.05 -
BitDefender 7.2 2008.01.05 -
CAT-QuickHeal 9.00 2008.01.05 -
ClamAV 0.91.2 2008.01.05 -
DrWeb 4.44.0.09170 2008.01.05 -
*eSafe 7.0.15.0 2008.01.03 Win32.WOW.lq*
eTrust-Vet 31.3.5432 2008.01.04 -
Ewido 4.0 2008.01.05 -
*FileAdvisor 1 2008.01.05 High threat detected*
*Fortinet 3.14.0.0 2008.01.05 W32/WOW.LQ!tr.pws*
F-Prot 4.4.2.54 2008.01.04 -
*F-Secure 6.70.13030.0 2008.01.04 W32/Wow.BHU*
*Ikarus T3.1.1.15 2008.01.05 Trojan-PWS.Win32.WOW.lq*
Kaspersky 7.0.0.125 2008.01.05 -
McAfee 5200 2008.01.04 -
Microsoft 1.3109 2008.01.05 -
NOD32v2 2766 2008.01.04 -
*Norman 5.80.02 2008.01.04 W32/Wow.BHU*
*Panda 9.0.0.4 2008.01.05 Trj/WoW.HV*
*Prevx1 V2 2008.01.05 Generic.Malware*
Rising 20.25.52.00 2008.01.05 -
*Sophos 4.24.0 2008.01.05 Mal/Generic-A*
*Sunbelt 2.2.907.0 2008.01.05 VIPRE.Suspicious*
*Symantec 10 2008.01.05 Trojan Horse*
*TheHacker 6.2.9.180 2008.01.04 Trojan/PSW.WOW.lq*
*VBA32 3.12.2.5 2008.01.02 Trojan-PSW.Win32.WOW.lq*
VirusBuster 4.3.26:9 2008.01.05 -
*Webwasher-Gateway 6.6.2 2008.01.04 Trojan.PSW.Wow.LQ*

Additional information
File size: 245760 bytes
MD5: 70abf6a1b03de09b581ed39c5196c6fa
SHA1: 027891795ce1316faf4754066691c14002392bad
PEiD: -
Bit9 info: http://fileadvisor.bit9.com/services...1ed39c5196c6fa
Prevx info: http://info.prevx.com/aboutprogramte...D867002B0784EF
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## rubin

mssrv32.exe получен 2008.01.06 11:56:33 (CET)


```
AhnLab-V3	2008.1.5.11	2008.01.05	-
AntiVir	7.6.0.46	2008.01.04	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.01.05	-
Avast	4.7.1098.0	2008.01.05	-
AVG	7.5.0.516	2008.01.05	Crypt.H
BitDefender	7.2	2008.01.06	-
CAT-QuickHeal	9.00	2008.01.05	-
ClamAV	0.91.2	2008.01.06	-
DrWeb	4.44.0.09170	2008.01.06	Trojan.DownLoader.35134
eSafe	7.0.15.0	2008.01.03	suspicious Trojan/Worm
eTrust-Vet	31.3.5432	2008.01.04	-
Ewido	4.0	2008.01.05	-
FileAdvisor	1	2008.01.06	-
Fortinet	3.14.0.0	2008.01.06	-
F-Prot	4.4.2.54	2008.01.05	-
F-Secure	6.70.13030.0	2008.01.05	-
Ikarus	T3.1.1.15	2008.01.06	-
Kaspersky	7.0.0.125	2008.01.06	-
McAfee	5200	2008.01.04	-
Microsoft	1.3109	2008.01.06	-
NOD32v2	2767	2008.01.06	-
Norman	5.80.02	2008.01.04	-
Panda	9.0.0.4	2008.01.05	-
Prevx1	V2	2008.01.06	Heuristic: Suspicious Self Modifying EXE
Rising	20.25.62.00	2008.01.06	-
Sophos	4.24.0	2008.01.06	-
Sunbelt	2.2.907.0	2008.01.05	-
Symantec	10	2008.01.06	-
TheHacker	6.2.9.181	2008.01.05	-
VBA32	3.12.2.5	2008.01.02	-
VirusBuster	4.3.26:9	2008.01.05	-
Webwasher-Gateway	6.6.2	2008.01.04	Trojan.Crypt.XPACK.Gen
```

File size: 14336 bytes
MD5: 96357a35c71162303038c815cb9e02a6
SHA1: fcb927ef0aef3b6e3aa8521c5a16f1ce5b2ba5c9
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...78FB00D2F59177

*Добавлено через 1 минуту*

ftpgrb[1].exe получен 2008.01.06 11:56:29 (CET)


```
AhnLab-V3	2008.1.5.11	2008.01.05	-
AntiVir	7.6.0.46	2008.01.04	-
Authentium	4.93.8	2008.01.05	-
Avast	4.7.1098.0	2008.01.05	-
AVG	7.5.0.516	2008.01.05	-
BitDefender	7.2	2008.01.06	-
CAT-QuickHeal	9.00	2008.01.05	-
ClamAV	0.91.2	2008.01.06	-
DrWeb	4.44.0.09170	2008.01.06	-
eSafe	7.0.15.0	2008.01.03	-
eTrust-Vet	31.3.5432	2008.01.04	-
Ewido	4.0	2008.01.05	-
FileAdvisor	1	2008.01.06	-
Fortinet	3.14.0.0	2008.01.06	-
F-Prot	4.4.2.54	2008.01.05	-
F-Secure	6.70.13030.0	2008.01.05	-
Ikarus	T3.1.1.15	2008.01.06	Trojan-Spy.Finanz.J
Kaspersky	7.0.0.125	2008.01.06	Trojan-PSW.Win32.Agent.vh
McAfee	5200	2008.01.04	-
Microsoft	1.3109	2008.01.06	-
NOD32v2	2767	2008.01.06	-
Norman	5.80.02	2008.01.04	-
Panda	9.0.0.4	2008.01.05	-
Prevx1	V2	2008.01.06	Heuristic: Suspicious Self Modifying File
Rising	20.25.62.00	2008.01.06	-
Sophos	4.24.0	2008.01.06	Mal/Behav-112
Sunbelt	2.2.907.0	2008.01.05	Trojan.Nethell.B
Symantec	10	2008.01.06	-
TheHacker	6.2.9.181	2008.01.05	-
VBA32	3.12.2.5	2008.01.02	-
VirusBuster	4.3.26:9	2008.01.05	-
Webwasher-Gateway	6.6.2	2008.01.04	-
```

File size: 16896 bytes
MD5: 5f587ef06b011a352f51c0fe67704d4b
SHA1: 8d5b1adaa59d352f2af549935936a0316f430361
PEiD: Armadillo v1.71
packers: UPX
Prevx info: http://info.prevx.com/aboutprogramte...0581002333697E

----------


## XL

вот такой малварный драйверочек поймал:




> Файл beep.sys получен 2008.01.06 18:46:14 (CET)
> 
> AhnLab-V3	2008.1.5.11	2008.01.05	-
> AntiVir	7.6.0.46	2008.01.06	-
> Authentium	4.93.8	2008.01.06	-
> Avast	4.7.1098.0	2008.01.06	-
> AVG	7.5.0.516	2008.01.06	-
> *BitDefender	7.2	2008.01.06	Generic.Zlob.96765D0B
> CAT-QuickHeal	9.00	2008.01.05	(Suspicious) - DNAScan*
> ...


описание зверька от symantec:
http://www.symantec.com/security_res...738-99&tabid=2

в списке завершаемых процессов улыбнуло:
avz.exe
cureit.exe

----------


## Surfer

delphi - for noobs =)

Antivirus Version Last Update Result 
AhnLab-V3 2008.1.8.10 2008.01.07 - 
*AntiVir 7.6.0.46 2008.01.07 TR/Delphi.Downloader.Gen
Authentium 4.93.8 2008.01.06 Possibly a new variant of W32/NewMalware-LSU-based!Maximus*
Avast 4.7.1098.0 2008.01.07 - 
*AVG 7.5.0.516 2008.01.07 Downloader.Generic6.ACOR*
BitDefender 7.2 2008.01.07 - 
CAT-QuickHeal 9.00 2008.01.07 - 
ClamAV 0.91.2 2008.01.07 - 
*DrWeb 4.44.0.09170 2008.01.07 DLOADER.Trojan*
eSafe 7.0.15.0 2008.01.06 - 
eTrust-Vet 31.3.5438 2008.01.07 - 
Ewido 4.0 2008.01.07 - 
FileAdvisor 1 2008.01.07 - 
Fortinet 3.14.0.0 2008.01.07 - 
*F-Prot 4.4.2.54 2008.01.06 W32/NewMalware-LSU-based!Maximus
F-Secure 6.70.13030.0 2008.01.07 W32/Downloader
Ikarus T3.1.1.15 2008.01.07 Trojan-Downloader.Win32.Delf.NC
Kaspersky 7.0.0.125 2008.01.07 Heur.Downloader*
McAfee 5201 2008.01.07 - 
*Microsoft 1.3109 2008.01.07 TrojanDownloader:Win32/Small.gen!X
NOD32v2 2771 2008.01.07 a variant of Win32/TrojanDownloader.Dadobra.FX
Norman 5.80.02 2008.01.07 W32/Downloader
Panda 9.0.0.4 2008.01.07 Suspicious file*
Prevx1 V2 2008.01.07 - 
Rising 20.26.02.00 2008.01.07 - 
*Sophos 4.24.0 2008.01.07 Mal/Heuri-E*
Sunbelt 2.2.907.0 2008.01.05 - 
Symantec 10 2008.01.07 - 
TheHacker 6.2.9.183 2008.01.07 - 
*VBA32 3.12.2.5 2008.01.07 suspected of Win32.Trojan.Downloader (http://...)* 
VirusBuster 4.3.26:9 2008.01.07 - 
*Webwasher-Gateway 6.6.2 2008.01.07 Trojan.Delphi.Downloader.Gen*
Additional information 
File size: 16896 bytes 
MD5: 10a20ab9b8e55fb3e5f3affdb94027ad 
SHA1: 4296f6f9ae3ff4b804ee4e35484ae2d7700af0a7 
PEiD: - 

http://www.virustotal.com/analisis/4...9807533a0b08f5

----------


## rubin

Файл 123456.exe получен 2008.01.07 20:28:42 (CET)


```
AhnLab-V3	-	-	Win-Trojan/Agent.100891
AntiVir	-	-	TR/Dldr.Agent.hbi
Authentium	-	-	-
Avast	-	-	-
AVG	-	-	Downloader.Agent.ZNH
BitDefender	-	-	-
CAT-QuickHeal	-	-	TrojanDownloader.Agent.hbi
ClamAV	-	-	-
DrWeb	-	-	-
eSafe	-	-	Suspicious File
eTrust-Vet	-	-	-
Ewido	-	-	-
FileAdvisor	-	-	-
Fortinet	-	-	W32/Fake.B!tr.dldr
F-Prot	-	-	-
F-Secure	-	-	Trojan-Downloader.Win32.Agent.hbi
Ikarus	-	-	Trojan-Downloader.Win32.Delf.cwv
Kaspersky	-	-	Trojan-Downloader.Win32.Agent.hbi
McAfee	-	-	Downloader.gen.a
Microsoft	-	-	Trojan:Win32/Delflob.I
NOD32v2	-	-	-
Norman	-	-	W32/Agent.DSTN
Panda	-	-	Suspicious file
Prevx1	-	-	-
Rising	-	-	-
Sophos	-	-	Mal/DelpDldr-E
Sunbelt	-	-	-
Symantec	-	-	-
TheHacker	-	-	Trojan/Downloader.Agent.hbi
VBA32	-	-	suspected of Win32.Trojan.Downloader
VirusBuster	-	-	-
Webwasher-Gateway	-	-	Trojan.Dldr.Agent.hbi
```

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Surfer

А вот то, что он давлоадит (моя мессага на предыдущей странице)

Antivirus  	Version  	Last Update  	Result
AhnLab-V3	2008.1.8.10	2008.01.07	-
*AntiVir	7.6.0.46	2008.01.07	TR/Spy.Banker.Gen*
Authentium	4.93.8	2008.01.06	-
Avast	4.7.1098.0	2008.01.07	-
*AVG	7.5.0.516	2008.01.07	PSW.Banker4.NOA*
BitDefender	7.2	2008.01.07	-
CAT-QuickHeal	9.00	2008.01.07	-
*ClamAV	0.91.2	2008.01.07	PUA.Packed.Themida*
DrWeb	4.44.0.09170	2008.01.07	-
eSafe	7.0.15.0	2008.01.06	-
eTrust-Vet	31.3.5438	2008.01.07	-
Ewido	4.0	2008.01.07	-
FileAdvisor	1	2008.01.07	-
Fortinet	3.14.0.0	2008.01.07	-
*F-Prot	4.4.2.54	2008.01.06	W32/Heuristic-162!Eldorado*
F-Secure	6.70.13030.0	2008.01.07	-
*Ikarus	T3.1.1.15	2008.01.07	BehavesLikeWin32.ExplorerHijack*
Kaspersky	7.0.0.125	2008.01.07	-
*McAfee	5201	2008.01.07	PWS-Banker.gen.aa*
Microsoft	1.3109	2008.01.07	-
NOD32v2	2772	2008.01.07	-
Norman	5.80.02	2008.01.07	-
Panda	9.0.0.4	2008.01.07	-
Prevx1	V2	2008.01.07	-
*Rising	20.26.02.00	2008.01.07	Trojan.Spy.Win32.Banbra.fax*
Sophos	4.24.0	2008.01.07	-
*Sunbelt	2.2.907.0	2008.01.05	VIPRE.Suspicious*
Symantec	10	2008.01.07	-
*TheHacker	6.2.9.183	2008.01.07	W32/Behav-Heuristic-064*
VBA32	3.12.2.5	2008.01.07	-
VirusBuster	4.3.26:9	2008.01.07	-
*Webwasher-Gateway	6.6.2	2008.01.07	Trojan.Spy.Banker.Gen*
Additional information
File size: 4295680 bytes
MD5: 22c206d7f1c4e50bbaa9baae0cbc3c3c
SHA1: 7d6cc46532445d3b19247d60607850b461dcb5b9
PEiD: Themida/WinLicense V1.8.0.2 + -> Oreans Technologies
packers: Themida

----------


## rubin

Файл G5-tmp_.exe получен 2008.01.07 20:52:55 (CET)



```
AhnLab-V3	2008.1.8.10	2008.01.07	-
AntiVir	7.6.0.46	2008.01.07	-
Authentium	4.93.8	2008.01.06	-
Avast	4.7.1098.0	2008.01.07	-
AVG	7.5.0.516	2008.01.07	-
BitDefender	7.2	2008.01.07	-
CAT-QuickHeal	9.00	2008.01.07	-
ClamAV	0.91.2	2008.01.07	-
DrWeb	4.44.0.09170	2008.01.07	-
eSafe	7.0.15.0	2008.01.06	suspicious Trojan/Worm
eTrust-Vet	31.3.5438	2008.01.07	Win32/Burgspill!generic
Ewido	4.0	2008.01.07	-
FileAdvisor	1	2008.01.07	-
Fortinet	3.14.0.0	2008.01.07	W32/Fake.B
F-Prot	4.4.2.54	2008.01.06	-
F-Secure	6.70.13030.0	2008.01.07	-
Ikarus	T3.1.1.15	2008.01.07	Trojan-Downloader.Win32.Delf.cwv
Kaspersky	7.0.0.125	2008.01.07	-
McAfee	5201	2008.01.07	-
Microsoft	1.3109	2008.01.07	Trojan:Win32/Delflob.I
NOD32v2	2772	2008.01.07	-
Norman	5.80.02	2008.01.07	-
Panda	9.0.0.4	2008.01.07	-
Prevx1	V2	2008.01.07	Heuristic: Suspicious Browser Help Object
Rising	20.26.02.00	2008.01.07	Trojan.Win32.Delf.yjs
Sophos	4.24.0	2008.01.07	Mal/Emogen-N
Sunbelt	2.2.907.0	2008.01.05	-
Symantec	10	2008.01.07	-
TheHacker	6.2.9.183	2008.01.07	-
VBA32	3.12.2.5	2008.01.07	-
VirusBuster	4.3.26:9	2008.01.07	-
Webwasher-Gateway	6.6.2	2008.01.07	-
```

Дополнительная информация
File size: 405504 bytes
MD5: 1688e57fbc18ee8141b76ed2c526c69d
SHA1: 6c48f3294fbe9c94e2c317dc0315601b8f547065

----------


## strawser

File Winamp_to_qip.rar received on 01.08.2008 00:11:37

AhnLab-V3	-	-	-
*AntiVir	-	-	TR/Crypt.XPACK.Gen*
Authentium	-	-	-
*Avast	-	-	Win32dPinch-TO*
AVG	-	-	-
BitDefender	-	-	-
*CAT-QuickHeal	-	-	(Suspicious) - DNAScan*
ClamAV	-	-	-
DrWeb	-	-	-
*eSafe	-	-	Suspicious File*
eTrust-Vet	-	-	-
Ewido	-	-	-
FileAdvisor	-	-	-
Fortinet	-	-	-
F-Prot	-	-	-
*F-Secure	-	-	Trojan-PSW.Win32.LdPinch.cqw
Ikarus	-	-	Backdoor.Win32.Rbot.aeu*
Kaspersky	-	-	-
*McAfee	-	-	New Malware.cj*
Microsoft	-	-	-
NOD32v2	-	-	-
Norman	-	-	-
Prevx1	-	-	-
Rising	-	-	-
Sophos	-	-	-
Sunbelt	-	-	-
Symantec	-	-	-
TheHacker	-	-	-
*VBA32	-	-	suspected of Trojan-PSW.Pinch.17 (paranoid heuristics)*
VirusBuster	-	-	-
*Webwasher-Gateway	-	-	Trojan.Crypt.XPACK.Gen*
Additional information
MD5: 0667260500933fd2b7687d8bfdc1da7d

File file______.r received on 01.08.2008 11:47:28
AhnLab-V3	2008.1.8.12	2008.01.08	-
AntiVir	7.6.0.46	2008.01.08	-
Authentium	4.93.8	2008.01.07	-
Avast	4.7.1098.0	2008.01.07	-
*AVG	7.5.0.516	2008.01.07	Generic5.CAD
BitDefender	7.2	2008.01.08	Trojan.Webmoner.O*
CAT-QuickHeal	9.00	2008.01.07	-
ClamAV	0.91.2	2008.01.08	-
*DrWeb	4.44.0.09170	2008.01.07	Joke.Finreal
eSafe	7.0.15.0	2008.01.06	Win32.Trojan*
eTrust-Vet	31.3.5441	2008.01.08	-
*Ewido	4.0	2008.01.07	Not-A-Virus.Hoax.Win32.WebMoner.t*
FileAdvisor	1	2008.01.08	-
*Fortinet	3.14.0.0	2008.01.08	Misc/WebMoner
F-Prot	4.4.2.54	2008.01.07	W32/Joke.OZ
F-Secure	6.70.13030.0	2008.01.08	not-virus:Hoax.Win32.WebMoner.t
Ikarus	T3.1.1.20	2008.01.08	not-a-virus:Hoax.Win32.WebMoner.t
Kaspersky	7.0.0.125	2008.01.08	not-virus:Hoax.Win32.WebMoner.t*
McAfee	5201	2008.01.07	-
Microsoft	1.3109	2008.01.08	-
NOD32v2	2774	2008.01.08	-
Norman	5.80.02	2008.01.07	-
*Panda	9.0.0.4	2008.01.07	Trj/Webmoner.O
Prevx1	V2	2008.01.08	Generic.Malware
Rising	20.26.12.00	2008.01.08	AdWare.Win32.WebMoner.t*
Sophos	4.24.0	2008.01.08	-
*Sunbelt	2.2.907.0	2008.01.08	Trojan.Webmoner.O
Symantec	10	2008.01.08	Trojan Horse*
TheHacker	6.2.9.183	2008.01.07	-
VBA32	3.12.2.5	2008.01.07	-
VirusBuster	4.3.26:9	2008.01.07	-
*Webwasher-Gateway	6.6.2	2008.01.08	Riskware.Hoax.Webmoner.T*
Additional information
File size: 610834 bytes
MD5: ba23ac427142d6d270737bc242fc06a2
SHA1: c24ac681c21db137e001601775c33fb3f7305bd0
PEiD: -
packers: ASPack
Prevx info: http://info.prevx.com/aboutprogramte...187D0086C0FEFE

----------


## ZhIV

Файл autorun.zip получен 2008.01.09 02:37:48 (CET)Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.1.9.10	2008.01.08	-
AntiVir	7.6.0.46	2008.01.08	-
Authentium	4.93.8	2008.01.07	-
Avast	4.7.1098.0	2008.01.08	-
AVG	7.5.0.516	2008.01.08	-
BitDefender	7.2	2008.01.09	-
CAT-QuickHeal	9.00	2008.01.07	-
ClamAV	0.91.2	2008.01.08	-
DrWeb	4.44.0.09170	2008.01.08	-
eSafe	7.0.15.0	2008.01.08	-
eTrust-Vet	31.3.5443	2008.01.09	-
Ewido	4.0	2008.01.08	-
FileAdvisor	1	2008.01.09	-
Fortinet	3.14.0.0	2008.01.08	-
F-Prot	4.4.2.54	2008.01.08	-
F-Secure	6.70.13030.0	2008.01.09	-
*Ikarus	T3.1.1.20	2008.01.09	Virus.Win32.Spyware*
Kaspersky	7.0.0.125	2008.01.09	-
McAfee	5202	2008.01.08	-
Microsoft	1.3109	2008.01.08	-
NOD32v2	2775	2008.01.08	-
Norman	5.80.02	2008.01.08	-
Panda	9.0.0.4	2008.01.08	-
Prevx1	V2	2008.01.09	-
Rising	20.26.12.00	2008.01.08	-
Sophos	4.24.0	2008.01.08	-
Sunbelt	2.2.907.0	2008.01.09	-
Symantec	10	2008.01.09	-
*TheHacker	6.2.9.184	2008.01.08	Trojan/Agent.ek*
VBA32	3.12.2.5	2008.01.07	-
VirusBuster	4.3.26:9	2008.01.08	-
*Webwasher-Gateway	6.6.2	2008.01.08	Riskware.AniSYS.A*

Дополнительная информация
File size: 343060 bytes
MD5: 0844ae3016bbf96b447ac3ec4bd82479
SHA1: baccb249f5557fcbd8928e61b084fc656222931a
PEiD: -

----------


## Синауридзе Александр

Файл key-gen.exe получен 2008.01.09 18:37:17 (CET)

AhnLab-V3 2008.1.10.10 2008.01.09 - 
AntiVir 7.6.0.46 2008.01.09 - 
Authentium 4.93.8 2008.01.09 - 
Avast 4.7.1098.0 2008.01.08 - 
AVG 7.5.0.516 2008.01.09 - 
*BitDefender 7.2 2008.01.09 Trojan.Silk.A* 
*CAT-QuickHeal 9.00 2008.01.07 (Suspicious) - DNAScan* 
ClamAV 0.91.2 2008.01.09 - 
*DrWeb 4.44.0.09170 2008.01.09 Trojan.PWS.Silk* 
*eSafe 7.0.15.0 2008.01.08 Suspicious File* 
eTrust-Vet 31.3.5444 2008.01.09 - 
*Ewido 4.0 2008.01.09 Trojan.Silk* 
FileAdvisor 1 2008.01.09 - 
*Fortinet 3.14.0.0 2008.01.09 Grayware* 
F-Prot 4.4.2.54 2008.01.08 - 
F-Secure 6.70.13030.0 2008.01.09 - 
*Ikarus T3.1.1.20 2008.01.09 Application.Keygen.Xpstyle.U* 
Kaspersky 7.0.0.125 2008.01.09 - 
McAfee 5203 2008.01.09 - 
Microsoft 1.3109 2008.01.09 - 
NOD32v2 2778 2008.01.09 - 
Norman 5.80.02 2008.01.09 - 
Panda 9.0.0.4 2008.01.08 - 
Prevx1 V2 2008.01.09 - 
Rising 20.26.21.00 2008.01.09 - 
Sophos 4.24.0 2008.01.09 - 
*Sunbelt 2.2.907.0 2008.01.09 VIPRE.Suspicious* 
Symantec 10 2008.01.09 - 
*TheHacker 6.2.9.184 2008.01.08 W32/Behav-Heuristic-066* 
*VBA32 3.12.2.5 2008.01.09 Trojan.PWS.Silk* 
VirusBuster 4.3.26:9 2008.01.09 - 
Webwasher-Gateway 6.6.2 2008.01.09 - 

Дополнительная информация 
File size: 125952 bytes 
MD5: 7d7ec5f3c596a32a057849630397d3e7 
SHA1: 46b8938210285b328c8a47238b725ea83625cad0 
PEiD: tElock 0.99c (Private ECLIPSE) -> tE! 
packers: PE_Patch 
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## rubin

t=16140 - srosa.sys

Файл avz00009.dta получен 2008.01.09 20:31:17 (CET)


```
AhnLab-V3	2008.1.10.10	2008.01.09	-
AntiVir	7.6.0.46	2008.01.09	TR/Rootkit.Gen
Authentium	4.93.8	2008.01.09	-
Avast	4.7.1098.0	2008.01.08	-
AVG	7.5.0.516	2008.01.09	I-Worm/Bagle.AEQ
BitDefender	7.2	2008.01.09	Trojan.Rootkit.Bagle.I
CAT-QuickHeal	9.00	2008.01.09	-
ClamAV	0.91.2	2008.01.09	-
DrWeb	4.44.0.09170	2008.01.09	Win32.HLLM.Beagle
eSafe	7.0.15.0	2008.01.08	-
eTrust-Vet	31.3.5444	2008.01.09	-
Ewido	4.0	2008.01.09	-
FileAdvisor	1	2008.01.09	-
Fortinet	3.14.0.0	2008.01.09	-
F-Prot	4.4.2.54	2008.01.09	-
F-Secure	6.70.13030.0	2008.01.09	-
Ikarus	T3.1.1.20	2008.01.09	Trojan.Rootkit.Bagle.G
Kaspersky	7.0.0.125	2008.01.09	-
McAfee	5203	2008.01.09	-
Microsoft	1.3109	2008.01.09	Trojan:WinNT/Bagle.gen
NOD32v2	2778	2008.01.09	Win32/Bagle.LK
Norman	5.80.02	2008.01.09	W32/Rootkit.BVY
Panda	9.0.0.4	2008.01.09	-
Prevx1	V2	2008.01.09	Heuristic: Suspicious File With Anti-Security Technology
Rising	20.26.21.00	2008.01.09	-
Sophos	4.24.0	2008.01.09	-
Sunbelt	2.2.907.0	2008.01.09	VIPRE.Suspicious
Symantec	10	2008.01.09	-
TheHacker	6.2.9.184	2008.01.08	-
VBA32	3.12.2.5	2008.01.09	-
VirusBuster	4.3.26:9	2008.01.09	-
Webwasher-Gateway	6.6.2	2008.01.09	Trojan.Rootkit.Gen
```

File size: 90806 bytes
MD5: b0e67e8bcc5c854b2c316693519b31ba
SHA1: 6312ba8a3c5b64020b0a63a419afa2a2de28d811
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...4D5200B10D9B6E
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## zigmund shulc

Файл advapi32.___ получен 2008.01.10 14:44:08 (CET)

Антивирус    Версия    Обновление    Результат
AhnLab-V3    2008.1.10.12    2008.01.10    -
*AntiVir    7.6.0.46    2008.01.10    TR/Patched.O.2*
Authentium    4.93.8    2008.01.09    -
Avast    4.7.1098.0    2008.01.09    -
AVG    7.5.0.516    2008.01.09    -
BitDefender    7.2    2008.01.10    -
CAT-QuickHeal    9.00    2008.01.10    -
*ClamAV    0.91.2    2008.01.10    Trojan.Patched*
DrWeb    4.44.0.09170    2008.01.10    -
eSafe    7.0.15.0    2008.01.09    -
eTrust-Vet    31.3.5446    2008.01.10    -
Ewido    4.0    2008.01.10    -
FileAdvisor    1    2008.01.10    -
Fortinet    3.14.0.0    2008.01.10    -
F-Prot    4.4.2.54    2008.01.09    -
F-Secure    6.70.13030.0    2008.01.10    -
*Ikarus    T3.1.1.20    2008.01.10    Trojan.Win32.Patched.o*
Kaspersky    7.0.0.125    2008.01.10    -
McAfee    5203    2008.01.09    -
Microsoft    1.3109    2008.01.10    -
NOD32v2    2780    2008.01.10    -
Norman    5.80.02    2008.01.10    -
Panda    9.0.0.4    2008.01.10    -
Prevx1    V2    2008.01.10    -
Rising    20.26.32.00    2008.01.10    -
Sophos    4.24.0    2008.01.10    -
Sunbelt    2.2.907.0    2008.01.10    -
Symantec    10    2008.01.10    -
TheHacker    6.2.9.185    2008.01.09    -
*VBA32    3.12.2.5    2008.01.10    Trojan.Win32.Patched.o*
VirusBuster    4.3.26:9    2008.01.09    -
*Webwasher-Gateway    6.6.2    2008.01.10    Trojan.Patched.O.2*

Дополнительная информация
File size: 699904 bytes
MD5: 08c16782a08e1aaaefecdd4dce461ee4
SHA1: b174a79c68cb23c6ed36941d5cbf390d09426fe7
PEiD: -

----------


## Синауридзе Александр

Файл autorun.rar получен 2008.01.10 14:59:00 (CET)

AhnLab-V3 2008.1.10.12 2008.01.10 - 
*AntiVir 7.6.0.46 2008.01.10 VBS/AutoRun.AL* 
Authentium 4.93.8 2008.01.09 - 
*Avast 4.7.1098.0 2008.01.09 VBS:Agent-BD* 
AVG 7.5.0.516 2008.01.09 - 
*BitDefender 7.2 2008.01.10 VBS.Worm.Runauto.E* 
*CAT-QuickHeal 9.00 2008.01.10 VBS/Autorun.S* 
ClamAV 0.91.2 2008.01.10 - 
DrWeb 4.44.0.09170 2008.01.10 - 
eSafe 7.0.15.0 2008.01.09 - 
eTrust-Vet 31.3.5446 2008.01.10 - 
Ewido 4.0 2008.01.10 - 
FileAdvisor 1 2008.01.10 - 
Fortinet 3.14.0.0 2008.01.10 - 
F-Prot 4.4.2.54 2008.01.09 - 
*F-Secure 6.70.13030.0 2008.01.10 Virus.VBS.Agent.ah* 
*Ikarus T3.1.1.20 2008.01.10 Virus.VBS.Agent.BD* 
*Kaspersky 7.0.0.125 2008.01.10 Virus.VBS.Agent.ah* 
*McAfee 5203 2008.01.09 W32/Autorun.worm.al* 
*Microsoft 1.3109 2008.01.10 Worm:VBS/Radier.A* 
*NOD32v2 2780 2008.01.10 VBS/AutoRun.B* 
Norman 5.80.02 2008.01.10 - 
*Panda 9.0.0.4 2008.01.10 W32/Autorun.JF.worm* 
Prevx1 V2 2008.01.10 - 
Rising 20.26.32.00 2008.01.10 - 
Sophos 4.24.0 2008.01.10 - 
Sunbelt 2.2.907.0 2008.01.10 - 
*Symantec 10 2008.01.10 VBS.Runauto* 
TheHacker 6.2.9.185 2008.01.09 - 
VBA32 3.12.2.5 2008.01.10 - 
VirusBuster 4.3.26:9 2008.01.09 - 
*Webwasher-Gateway 6.6.2 2008.01.10 Script.AutoRun.AL* 

Дополнительная информация 
File size: 4129 bytes 
MD5: 823f7b2facc3477fdb5772435e8d30fa 
SHA1: 28f3ad621d2d115ca37eba4c6a81b264a495694d 
PEiD: -

----------


## strawser

File BitAccelerator_2_.exe received on 01.11.2008 00:18:39

AhnLab-V3	2008.1.11.10	2008.01.10	-
AntiVir	7.6.0.46	2008.01.10	-
Authentium	4.93.8	2008.01.09	-
Avast	4.7.1098.0	2008.01.10	-
AVG	7.5.0.516	2008.01.10	-
*BitDefender	7.2	2008.01.10	Adware.BHO.WPW*
CAT-QuickHeal	9.00	2008.01.10	-
*ClamAV	0.91.2	2008.01.10	Adware.BHO-50
DrWeb	4.44.0.09170	2008.01.10	Adware.BitAcc
eSafe	7.0.15.0	2008.01.10	AdWare.Win32.BHO.ic*
eTrust-Vet	31.3.5446	2008.01.10	-
*Ewido	4.0	2008.01.10	Not-A-Virus.Adware.BHO*
FileAdvisor	1	2008.01.11	-
*Fortinet	3.14.0.0	2008.01.10	Adware/BHO*
F-Prot	4.4.2.54	2008.01.10	-
F-Secure	6.70.13030.0	2008.01.10	-
*Ikarus	T3.1.1.20	2008.01.10	Virus.Win32.AdWare
Kaspersky	7.0.0.125	2008.01.10	not-a-virus:AdWare.Win32.BHO.ic*
McAfee	5204	2008.01.10	-
Microsoft	1.3109	2008.01.10	-
NOD32v2	2782	2008.01.11	-
Norman	5.80.02	2008.01.10	-
Panda	9.0.0.4	2008.01.10	-
Prevx1	V2	2008.01.11	-
Rising	20.26.32.00	2008.01.10	-
Sophos	4.24.0	2008.01.10	-
Sunbelt	2.2.907.0	2008.01.10	-
Symantec	10	2008.01.10	-
TheHacker	6.2.9.185	2008.01.09	-
VBA32	3.12.2.5	2008.01.10	-
VirusBuster	4.3.26:9	2008.01.10	-
Webwasher-Gateway	6.6.2	2008.01.10	-
Additional information
File size: 394122 bytes
MD5: a959ddfab492d2591deb17b2dd3977bf
SHA1: 502645b13e698b39bd6e566968e60591cc96a6ef
PEiD: -

----------


## rubin

Интересный улов на форуме ЛК

Файл avz00002.dta получен 2008.01.11 16:35:22 (CET)



```
AhnLab-V3	2008.1.11.11	2008.01.11	-
AntiVir	7.6.0.46	2008.01.11	BDS/ProRat.Gen
Authentium	4.93.8	2008.01.11	-
Avast	4.7.1098.0	2008.01.10	Win32:Agent-ONW
AVG	7.5.0.516	2008.01.11	-
BitDefender	7.2	2008.01.11	-
CAT-QuickHeal	9.00	2008.01.10	-
ClamAV	0.91.2	2008.01.11	-
DrWeb	4.44.0.09170	2008.01.11	-
eSafe	7.0.15.0	2008.01.10	-
eTrust-Vet	31.3.5449	2008.01.11	-
Ewido	4.0	2008.01.11	-
FileAdvisor	1	2008.01.11	-
Fortinet	3.14.0.0	2008.01.11	-
F-Prot	4.4.2.54	2008.01.10	-
F-Secure	6.70.13030.0	2008.01.11	-
Ikarus	T3.1.1.20	2008.01.11	-
Kaspersky	7.0.0.125	2008.01.11	-
McAfee	5204	2008.01.10	BackDoor-AVW
Microsoft	1.3109	2008.01.11	-
NOD32v2	2783	2008.01.11	-
Norman	5.80.02	2008.01.11	-
Panda	9.0.0.4	2008.01.11	Suspicious file
Prevx1	V2	2008.01.11	Heuristic: Suspicious Self Modifying EXE
Rising	20.26.42.00	2008.01.11	-
Sophos	4.24.0	2008.01.11	-
Sunbelt	2.2.907.0	2008.01.11	VIPRE.Suspicious
Symantec	10	2008.01.11	-
TheHacker	6.2.9.186	2008.01.11	-
VBA32	3.12.2.5	2008.01.11	-
VirusBuster	4.3.26:9	2008.01.11	-
[b]Webwasher-Gateway	6.6.2	2008.01.11	Trojan.Backdoor.ProRat.Gen[b]
```

Файл avz00003.dta получен 2008.01.11 16:35:21 (CET)


```
AhnLab-V3	2008.1.11.11	2008.01.11	-
AntiVir	7.6.0.46	2008.01.11	-
Authentium	4.93.8	2008.01.11	-
Avast	4.7.1098.0	2008.01.10	Win32:Agent-OJX
AVG	7.5.0.516	2008.01.11	-
BitDefender	7.2	2008.01.11	-
CAT-QuickHeal	9.00	2008.01.10	-
ClamAV	0.91.2	2008.01.11	-
DrWeb	4.44.0.09170	2008.01.11	-
eSafe	7.0.15.0	2008.01.10	-
eTrust-Vet	31.3.5449	2008.01.11	-
Ewido	4.0	2008.01.11	-
FileAdvisor	1	2008.01.11	-
Fortinet	3.14.0.0	2008.01.11	-
F-Prot	4.4.2.54	2008.01.10	W32/Backdoor2.CTS
F-Secure	6.70.13030.0	2008.01.11	-
Ikarus	T3.1.1.20	2008.01.11	Virus.Win32.Agent.OJX
Kaspersky	7.0.0.125	2008.01.11	-
McAfee	5204	2008.01.10	-
Microsoft	1.3109	2008.01.11	-
NOD32v2	2783	2008.01.11	-
Norman	5.80.02	2008.01.11	-
Panda	9.0.0.4	2008.01.11	Suspicious file
Prevx1	V2	2008.01.11	Heuristic: Suspicious File With Covert Attributes
Rising	20.26.42.00	2008.01.11	-
Sophos	4.24.0	2008.01.11	-
Sunbelt	2.2.907.0	2008.01.11	-
Symantec	10	2008.01.11	-
TheHacker	6.2.9.186	2008.01.11	-
VBA32	3.12.2.5	2008.01.11	-
VirusBuster	4.3.26:9	2008.01.11	-
Webwasher-Gateway	6.6.2	2008.01.11	Virus.Win32.FileInfector.gen(suspicious)
```

File size: 903538 bytes
MD5: 6161ad4857bb7a2291ec1ddd49cdc8ec
SHA1: e41ccfecd6863c44ef8f8c71ecb9cb424ab673dc
PEiD: Armadillo 3.X-5.X -> Silicon Realms Toolworks
packers: Armadillo
Prevx info: http://info.prevx.com/aboutprogramte...89DF00CAADF521

----------


## strawser

WebMoney_Generator_f  received on 01.11.2008 21:28:41
AhnLab-V3	2008.1.12.10	2008.01.11	-
AntiVir	7.6.0.46	2008.01.11	-
Authentium	4.93.8	2008.01.11	-
*Avast	4.7.1098.0	2008.01.11	Win32dPinch-AWU*
AVG	7.5.0.516	2008.01.11	-
*BitDefender	7.2	2008.01.11	Trojan.Pws.Ldpinch.BEX*
CAT-QuickHeal	9.00	2008.01.11	-
ClamAV	0.91.2	2008.01.11	-
*DrWeb	4.44.0.09170	2008.01.11	Trojan.MulDrop.5888*
eSafe	7.0.15.0	2008.01.10	-
*eTrust-Vet	31.3.5449	2008.01.11*	-
Ewido	4.0	2008.01.11	-
FileAdvisor	1	2008.01.11	-
Fortinet	3.14.0.0	2008.01.11	-
F-Prot	4.4.2.54	2008.01.10	-
*F-Secure	6.70.13030.0	2008.01.11	Trojan-PSW.Win32.LdPinch.dbf*
Ikarus	T3.1.1.20	2008.01.11	-
*Kaspersky	7.0.0.125	2008.01.11	Trojan-PSW.Win32.LdPinch.dbf*
McAfee	5205	2008.01.11	-
Microsoft	1.3109	2008.01.11	-
NOD32v2	2784	2008.01.11	-
Norman	5.80.02	2008.01.11	-
Panda	9.0.0.4	2008.01.11	-
Prevx1	V2	2008.01.11	-
*Rising	20.26.42.00	2008.01.11	Trojan.PSW.Win32.LdPinch.bex*
Sophos	4.24.0	2008.01.11	-
Sunbelt	2.2.907.0	2008.01.11	-
Symantec	10	2008.01.11	-
TheHacker	6.2.9.186	2008.01.11	-
VBA32	3.12.2.5	2008.01.11	-
VirusBuster	4.3.26:9	2008.01.11	-
Webwasher-Gateway	6.6.2	2008.01.11	-
Additional information
File size: 52731 bytes
MD5: 539d6b35a795e8a44e77c063de6e52c1
SHA1: ecb59d55370c97a5309fa3385de0c08861c15c28
PEiD: -

----------


## ISO

File iexplore.exe received on 01.12.2008 06:21:29 (CET)
Current status:    finished 
Result: 10/32 (31.25%) 
 Compact 
Print results  Antivirus	Version	Last Update	Result
AhnLab-V3	2008.1.12.10	2008.01.11	-
AntiVir	7.6.0.46	2008.01.11	-
Authentium	4.93.8	2008.01.12	-
Avast	4.7.1098.0	2008.01.11	-
*AVG	7.5.0.516	2008.01.11	Generic_c.FSC*
BitDefender	7.2	2008.01.12	-
CAT-QuickHeal	9.00	2008.01.11	-
ClamAV	0.91.2	2008.01.11	-
*DrWeb	4.44.0.09170	2008.01.11	Trojan.PWS.GoldSpy*
eSafe	7.0.15.0	2008.01.10	-
*eTrust-Vet	31.3.5451	2008.01.11	Win32/Goesna
Ewido	4.0	2008.01.11	Trojan.GoldSpy
FileAdvisor	1	2008.01.12	High threat detected*
Fortinet	3.14.0.0	2008.01.12	-
F-Prot	4.4.2.54	2008.01.11	-
*F-Secure	6.70.13030.0	2008.01.11	Trojan.Win32.Patched.bd
Ikarus	T3.1.1.20	2008.01.12	Trojan.Win32.Patched.bd
Kaspersky	7.0.0.125	2008.01.12	Trojan.Win32.Patched.bd*
McAfee	5205	2008.01.11	-
Microsoft	1.3109	2008.01.12	-
NOD32v2	2785	2008.01.11	-
Norman	5.80.02	2008.01.11	-
Panda	9.0.0.4	2008.01.11	-
Prevx1	V2	2008.01.12	-
Rising	20.26.50.00	2008.01.12	-
Sophos	4.24.0	2008.01.12	-
Sunbelt	2.2.907.0	2008.01.12	-
Symantec	10	2008.01.12	-
TheHacker	6.2.9.186	2008.01.11	-
*VBA32	3.12.2.5	2008.01.12	Trojan.PWS.GoldSpy
VirusBuster	4.3.26:9	2008.01.11	Trojan.Patched.Q*
Webwasher-Gateway	6.6.2	2008.01.12	-
Additional information
File size: 93696 bytes
MD5: 152c5e55194eb516041a02f3086ff989
SHA1: c6a03832fb15011853cb4c2a27958732c69ef8d6
PEiD: -
Bit9 info: http://fileadvisor.bit9.com/services...1a02f3086ff989

----------


## strawser

File KeyboardLogger.exe received on 01.12.2008 12:25:12 (CET)
AhnLab-V3	2008.1.12.10	2008.01.11	-
AntiVir	7.6.0.46	2008.01.11	-
Authentium	4.93.8	2008.01.12	-
*Avast	4.7.1098.0	2008.01.11	Win32:Agent-VH*
AVG	7.5.0.516	2008.01.11	-
*BitDefender	7.2	2008.01.12	Trojan.Spy.Agent.JF*
CAT-QuickHeal	9.00	2008.01.12	-
ClamAV	0.91.2	2008.01.11	-
*DrWeb	4.44.0.09170	2008.01.12	Tool.KeyHook*
eSafe	7.0.15.0	2008.01.10	-
eTrust-Vet	31.3.5451	2008.01.11	-
Ewido	4.0	2008.01.11	-
FileAdvisor	1	2008.01.12	-
Fortinet	3.14.0.0	2008.01.12	-
F-Prot	4.4.2.54	2008.01.11	-
*F-Secure	6.70.13030.0	2008.01.11	Trojan-Spy.Win32.Agent.jf*
Ikarus	T3.1.1.20	2008.01.12	-
*Kaspersky	7.0.0.125	2008.01.12	Trojan-Spy.Win32.Agent.jf*
McAfee	5205	2008.01.11	-
Microsoft	1.3109	2008.01.12	-
NOD32v2	2785	2008.01.11	-
Norman	5.80.02	2008.01.11	-
Panda	9.0.0.4	2008.01.11	-
*Prevx1	V2	2008.01.12	Heuristic: Suspicious Self Modifying File
Rising	20.26.52.00	2008.01.12	Trojan.Spy.Win32.Agent.jf*
Sophos	4.24.0	2008.01.12	-
Sunbelt	2.2.907.0	2008.01.12	-
*Symantec	10	2008.01.12	Spyware.Fingerprints*
TheHacker	6.2.9.186	2008.01.11	-
VBA32	3.12.2.5	2008.01.12	-
VirusBuster	4.3.26:9	2008.01.11	-
Webwasher-Gateway	6.6.2	2008.01.12	-
Additional information
File size: 895418 bytes
MD5: bf281f00a236f674ae8f2c5f01de618f
SHA1: 4f65b8630ad9c87154f3d9e553fa76abeb57acdd
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...270B00FBEA7F08

----------


## ZhIV

Файл index_15_.htm получен 2008.01.14 04:08:41 (CET)Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.1.12.10	2008.01.11	-
*AntiVir	7.6.0.46	2008.01.13	HTML/Psyme.Gen*
Authentium	4.93.8	2008.01.13	-
Avast	4.7.1098.0	2008.01.14	-
*AVG	7.5.0.516	2008.01.13	JS/Downloader.Agent*
BitDefender	7.2	2008.01.14	-
CAT-QuickHeal	9.00	2008.01.12	-
ClamAV	0.91.2	2008.01.13	-
*DrWeb	4.44.0.09170	2008.01.13	VBS.PackFor*
eSafe	7.0.15.0	2008.01.13	-
eTrust-Vet	31.3.5451	2008.01.11	-
Ewido	4.0	2008.01.13	-
FileAdvisor	1	2008.01.14	-
Fortinet	3.14.0.0	2008.01.13	JS/Agent.E!tr
F-Prot	4.4.2.54	2008.01.13	-
*F-Secure	6.70.13030.0	2008.01.14	Trojan-Downloader.JS.IESlice.c
Ikarus	T3.1.1.20	2008.01.14	Trojan-Downloader.VBS.Psyme.fc
Kaspersky	7.0.0.125	2008.01.14	Trojan-Downloader.JS.IESlice.c
McAfee	5205	2008.01.11	JS/Downloader-AUD
Microsoft	1.3109	2008.01.14	TrojanDownloader:JS/Psyme.gen
*NOD32v2	2788	2008.01.13	-
*Norman	5.80.02	2008.01.11	JS/Laume.gen2*
Panda	9.0.0.4	2008.01.13	-
Prevx1	V2	2008.01.14	-
Rising	20.26.62.00	2008.01.13	-
*Sophos	4.24.0	2008.01.13	Mal/ObfJS-M*
Sunbelt	2.2.907.0	2008.01.12	-
Symantec	10	2008.01.14	-
*TheHacker	6.2.9.187	2008.01.13	Trojan/Downloader.vbs*
VBA32	3.12.2.5	2008.01.13	-
*VirusBuster	4.3.26:9	2008.01.13	JS.Psyme.DD.Gen
Webwasher-Gateway	6.6.2	2008.01.14	Script.Psyme.Gen
*
Дополнительная информация
File size: 10565 bytes
MD5: ba4f1ef173ff7ff945048273560058d6
SHA1: cf659d183b7eea37ce574acdd42557ea0985f1d2
PEiD: -
packers: Crypt.DCScript

----------


## Макcим

Файл setup1.exe получен 2008.01.15 19:08:05 (CET)



> AhnLab-V3	2008.1.16.10	2008.01.15	-
> AntiVir	7.6.0.48	2008.01.15	-
> Authentium	4.93.8	2008.01.13	-
> Avast	4.7.1098.0	2008.01.14	-
> AVG	7.5.0.516	2008.01.14	-
> BitDefender	7.2	2008.01.15	-
> CAT-QuickHeal	9.00	2008.01.15	-
> *ClamAV	0.91.2	2008.01.14	Adware.Fakealert-21*
> DrWeb	4.44.0.09170	2008.01.15	-
> ...


Дополнительная информация
File size: 2915899 bytes
MD5: 9e837dad6620adc8a8d524b3e522ef9e
SHA1: b8b5dd5edebcd492b0b896132818483d8a50fb2d
PEiD: -

----------


## XL

Свежий шторм на радость нашего borka и Виталига с антималваре (шучу... =) ):



```
Файл withlove.exe получен 2008.01.15 19:23:40 (CET)

AhnLab-V3	2008.1.16.10	2008.01.15	-
AntiVir	7.6.0.48	2008.01.15	-
Authentium	4.93.8	2008.01.13	-
Avast	4.7.1098.0	2008.01.14	-
AVG	7.5.0.516	2008.01.14	-
BitDefender	7.2	2008.01.15	-
CAT-QuickHeal	9.00	2008.01.15	-
ClamAV	0.91.2	2008.01.14	-
DrWeb	4.44.0.09170	2008.01.15	Trojan.MulDrop.6848
eSafe	7.0.15.0	2008.01.14	-
eTrust-Vet	31.3.5459	2008.01.15	-
Ewido	4.0	2008.01.15	-
FileAdvisor	1	2008.01.15	-
Fortinet	3.14.0.0	2008.01.15	-
F-Prot	4.4.2.54	2008.01.14	-
F-Secure	6.70.13030.0	2008.01.15	-
Ikarus	T3.1.1.20	2008.01.15	-
Kaspersky	7.0.0.125	2008.01.15	-
McAfee	5208	2008.01.15	-
Microsoft	1.3109	2008.01.15	-
NOD32v2	2793	2008.01.15	Win32/Nuwar.BH
Norman	5.80.02	2008.01.15	-
Panda	9.0.0.4	2008.01.14	-
Prevx1	V2	2008.01.15	-
Rising	20.27.12.00	2008.01.15	-
Sophos	4.24.0	2008.01.15	-
Sunbelt	2.2.907.0	2008.01.15	-
Symantec	10	2008.01.15	-
TheHacker	6.2.9.187	2008.01.13	-
VBA32	3.12.2.5	2008.01.13	-
VirusBuster	4.3.26:9	2008.01.15	-
Webwasher-Gateway	6.6.2	2008.01.15	Win32.Malware.gen!88 (suspicious)

Дополнительная информация
File size: 114688 bytes
MD5: 7f2c3608f1e282d858b360c7c47f8943
```

----------


## strawser

File SerialFix_For_All_NOD32.rar received on 01.15.2008 22:18:23 (CET)
AhnLab-V3	2008.1.16.10	2008.01.15	-
AntiVir	7.6.0.48	2008.01.15	-
Authentium	4.93.8	2008.01.13	-
Avast	4.7.1098.0	2008.01.14	-
AVG	7.5.0.516	2008.01.15	-
BitDefender	7.2	2008.01.15	-
CAT-QuickHeal	9.00	2008.01.15	-
ClamAV	0.91.2	2008.01.15	-
DrWeb	4.44.0.09170	2008.01.15	-
eSafe	7.0.15.0	2008.01.15	-
eTrust-Vet	31.3.5459	2008.01.15	-
Ewido	4.0	2008.01.15	-
FileAdvisor	1	2008.01.15	-
Fortinet	3.14.0.0	2008.01.15	-
F-Prot	4.4.2.54	2008.01.14	-
F-Secure	6.70.13030.0	2008.01.15	-
*Ikarus	T3.1.1.20	2008.01.15	Virus.Win32.Banker.CZJ
Kaspersky	7.0.0.125	2008.01.15	Trojan.Win32.Delf.ass*
McAfee	5208	2008.01.15	-
Microsoft	1.3109	2008.01.15	-
NOD32v2	2794	2008.01.15	-
Norman	5.80.02	2008.01.15	-
*Panda	9.0.0.4	2008.01.15	Suspicious file
Prevx1	V2	2008.01.15	Heuristic: Suspicious File With Mass Email Capabilities*
Rising	20.27.12.00	2008.01.15	-
Sophos	4.24.0	2008.01.15	-
Sunbelt	2.2.907.0	2008.01.15	-
Symantec	10	2008.01.15	-
TheHacker	6.2.9.187	2008.01.13	-
VBA32	3.12.2.5	2008.01.15	-
VirusBuster	4.3.26:9	2008.01.15	-
Webwasher-Gateway	6.6.2	2008.01.15	-
Additional information
File size: 275745 bytes
MD5: c51721f5c5c31ed502e38a9da70db9ca
SHA1: 362e736ef740d1b191ae8d888dd0ee903316c86d
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...B34E00C13D9E9F

----------


## Surfer

^^
File withlove.exe received on 01.16.2008 16:58:42 (CET)

Antivirus Version Last Update Result 
AhnLab-V3 2008.1.16.11 2008.01.16 - 
*AntiVir 7.6.0.48 2008.01.16 Worm/Zhelatin.AN.2* 
Authentium 4.93.8 2008.01.16 - 
Avast 4.7.1098.0 2008.01.16 - 
*AVG 7.5.0.516 2008.01.16 I-Worm/Nuwar.L 
BitDefender 7.2 2008.01.16 Trojan.Peed.ITB* 
CAT-QuickHeal 9.00 2008.01.16 - 
*ClamAV 0.91.2 2008.01.16 Trojan.Peed-89 
DrWeb 4.44.0.09170 2008.01.16 Trojan.MulDrop.10030* 
eSafe 7.0.15.0 2008.01.16 - 
*eTrust-Vet 31.3.5462 2008.01.16 Win32/Sintun.BB* 
Ewido 4.0 2008.01.16 - 
FileAdvisor 1 2008.01.16 - 
Fortinet 3.14.0.0 2008.01.16 - 
F-Prot 4.4.2.54 2008.01.15 - 
*F-Secure 6.70.13260.0 2008.01.16 Email-Worm.Win32.Zhelatin.se* 
Ikarus T3.1.1.20 2008.01.16 - 
*Kaspersky 7.0.0.125 2008.01.16 Email-Worm.Win32.Zhelatin.se* 
McAfee 5208 2008.01.15 - 
*Microsoft 1.3109 2008.01.16 TrojanDropper:Win32/Nuwar.gen!A 
NOD32v2 2798 2008.01.16 a variant of Win32/Nuwar* 
Norman 5.80.02 2008.01.16 - 
Panda 9.0.0.4 2008.01.15 - 
*Prevx1 V2 2008.01.16 Stormy:All Strains-All Variants* 
Rising 20.27.22.00 2008.01.16 - 
Sophos 4.24.0 2008.01.16 - 
Sunbelt 2.2.907.0 2008.01.15 - 
*Symantec 10 2008.01.16 Trojan.Peacomm.D* 
TheHacker 6.2.9.188 2008.01.16 - 
VBA32 3.12.2.5 2008.01.15 - 
*VirusBuster 4.3.26:9 2008.01.16 Trojan.DR.Zhelatin.AX.Gen 
Webwasher-Gateway 6.0.1 2008.01.16 Worm.Zhelatin.AN.2* 
Additional information 
File size: 114689 bytes 
MD5: 0229b208b448f22f4b7de72ab4dfc9ae 
SHA1: 6e50cef8cac34b6363131ca49cb0481bf8a97c22 
PEiD: - 
Prevx info: http://info.prevx.com/aboutprogramte...89EA00D109EDB5

----------


## vlad179

Файл avz00001.dta получен 2008.01.16 13:29:18 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.1.16.11	2008.01.16	-
AntiVir	7.6.0.48	2008.01.16	*TR/Crypt.NSPM.Gen*
Authentium	4.93.8	2008.01.16	-
Avast	4.7.1098.0	2008.01.16	-
AVG	7.5.0.516	2008.01.16	-
BitDefender	7.2	2008.01.16	-
CAT-QuickHeal	9.00	2008.01.16	*Win32.Packed.NSAnti.r*
ClamAV	0.91.2	2008.01.15	-
DrWeb	4.44.0.09170	2008.01.16	-
eSafe	7.0.15.0	2008.01.15	*suspicious Trojan/Worm*
eTrust-Vet	31.3.5462	2008.01.16	-
Ewido	4.0	2008.01.16	-
FileAdvisor	1	2008.01.16	-
Fortinet	3.14.0.0	2008.01.16	-
F-Prot	4.4.2.54	2008.01.15	-
F-Secure	6.70.13030.0	2008.01.16	-
Ikarus	T3.1.1.20	2008.01.16	-
Kaspersky	7.0.0.125	2008.01.16	-
McAfee	5208	2008.01.15	-
Microsoft	1.3109	2008.01.16	*VirTool:Win32/Obfuscator!Mal*
NOD32v2	2796	2008.01.16	-
Norman	5.80.02	2008.01.16	-
Panda	9.0.0.4	2008.01.15	*Suspicious file*
Prevx1	V2	2008.01.16	*Heuristic: Suspicious Self Modifying EXE*
Rising	20.27.22.00	2008.01.16	-
Sophos	4.24.0	2008.01.16	-
Sunbelt	2.2.907.0	2008.01.15	-
Symantec	10	2008.01.16	-
TheHacker	6.2.9.188	2008.01.16	-
VBA32	3.12.2.5	2008.01.15	-
VirusBuster	4.3.26:9	2008.01.15	-
Webwasher-Gateway	6.6.2	2008.01.16	*Trojan.Crypt.NSPM.Gen*

Дополнительная информация
File size: 104863 bytes
MD5: bbbc936f43617ea4b0ba786b662b605a
SHA1: cca159fc93ffee9e259b44cd51172b7af96097a0
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...2AEB00D7E4CF81

он же через 4 часа 

Файл avz00001.dta получен 2008.01.16 17:15:06 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.1.16.11	2008.01.16	-
AntiVir	7.6.0.48	2008.01.16	TR/Crypt.NSPM.Gen
Authentium	4.93.8	2008.01.16	-
Avast	4.7.1098.0	2008.01.16	-
AVG	7.5.0.516	2008.01.16	-
BitDefender	7.2	2008.01.16	Trojan.Dropper.OnlineGames.I
CAT-QuickHeal	9.00	2008.01.16	Win32.Packed.NSAnti.r
ClamAV	0.91.2	2008.01.16	-
DrWeb	4.44.0.09170	2008.01.16	Trojan.MulDrop.6474
eSafe	7.0.15.0	2008.01.16	suspicious Trojan/Worm
eTrust-Vet	31.3.5462	2008.01.16	-
Ewido	4.0	2008.01.16	-
FileAdvisor	1	2008.01.16	-
Fortinet	3.14.0.0	2008.01.16	-
F-Prot	4.4.2.54	2008.01.15	-
F-Secure	6.70.13260.0	2008.01.16	Worm.Win32.AutoRun.bur
Ikarus	T3.1.1.20	2008.01.16	-
Kaspersky	7.0.0.125	2008.01.16	Worm.Win32.AutoRun.bur
McAfee	5208	2008.01.15	-
Microsoft	1.3109	2008.01.16	VirTool:Win32/Obfuscator!Mal
NOD32v2	2798	2008.01.16	Win32/Pacex.Gen
Norman	5.80.02	2008.01.16	-
Panda	9.0.0.4	2008.01.15	Suspicious file
Prevx1	V2	2008.01.16	KAVKOP:Trojan-A
Rising	20.27.22.00	2008.01.16	-
Sophos	4.24.0	2008.01.16	-
Sunbelt	2.2.907.0	2008.01.15	-
Symantec	10	2008.01.16	W32.Gammima.AG
TheHacker	6.2.9.188	2008.01.16	-
VBA32	3.12.2.5	2008.01.15	-
VirusBuster	4.3.26:9	2008.01.16	-
Webwasher-Gateway	6.0.1	2008.01.16	Trojan.Crypt.NSPM.Gen

----------


## Гость форума

Антивирус;Версия;Обновление;Результат
AhnLab-V3;2008.1.16.11;2008.01.16;Win32/Dellboy.Gen
AntiVir;7.6.0.48;2008.01.16;TR/Proxy.Delf.CA
Authentium;4.93.8;2008.01.16;W32/Fujack.A - Packed
Avast;4.7.1098.0;2008.01.16;Win32 :Cheesy: elf-CKB
AVG;7.5.0.516;2008.01.16;Worm/Generic.AGX
BitDefender;7.2;2008.01.16;Win32.Worm.Fujacks.K
CAT-QuickHeal;9.00;2008.01.16;W32.Fujack.h
ClamAV;0.91.2;2008.01.16;Worm.Fujack-2
DrWeb;4.44.0.09170;2008.01.16;Win32.HLLW.Whboy
eSafe;7.0.15.0;2008.01.16;suspicious Trojan/Worm
eTrust-Vet;31.3.5462;2008.01.16;Win32/Emerleox.BM
Ewido;4.0;2008.01.16;Worm.Fujack.h
FileAdvisor;1;2008.01.16;-
Fortinet;3.14.0.0;2008.01.16;W32/Viking.AA
F-Prot;4.4.2.54;2008.01.15;W32/Fujack.A
F-Secure;6.70.13260.0;2008.01.16;W32/Fujack.P
Ikarus;T3.1.1.20;2008.01.16;Worm.Win32.Fujack.aa
Kaspersky;7.0.0.125;2008.01.16;Worm.Win32.Fujack.l
McAfee;5209;2008.01.16;W32/Fujacks.s
Microsoft;1.3109;2008.01.16;Virus:Win32/Fujacks.I
NOD32v2;2799;2008.01.16;Win32/Fujacks.T
Norman;5.80.02;2008.01.16;W32/Fujack.P
Panda;9.0.0.4;2008.01.15;W32/Radoppan.S
Prevx1;V2;2008.01.16;-
Rising;20.27.22.00;2008.01.16;Worm.Win32.Nimaya.e
Sophos;4.24.0;2008.01.16;W32/Fujacks-J
Sunbelt;2.2.907.0;2008.01.15;VIPRE.Suspicious
TheHacker;6.2.9.188;2008.01.16;W32/Fujacks.aa
VBA32;3.12.2.5;2008.01.15;Worm.Win32.Fujack.h
VirusBuster;4.3.26:9;2008.01.16;Win32.HLLP.WHBoy.A  E
Webwasher-Gateway;6.6.2;2008.01.16;Trojan.Proxy.Delf.CA

Дополнительная информация
File size: 68570 bytes
MD5: 000ac09f027e139b64b2cd0823c874fc
SHA1: 214c5a228ddedd9ee7405eb7b01766883d3dcf3a
PEiD: FSG v2.0 -&gt; bart/xt
packers: FSG
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## ZhIV

Файл index_1___1_.htm получен 2008.01.17 06:43:17 (CET)Антивирус	Версия	Обновление	Результат
*AhnLab-V3	2008.1.17.10	2008.01.16	HTML/Psyme
AntiVir	7.6.0.48	2008.01.16	HTML/Dldr.Agen.N.15
Authentium	4.93.8	2008.01.16	JS/Psyme.DV
*Avast	4.7.1098.0	2008.01.16	-
*AVG	7.5.0.516	2008.01.16	Exploit
BitDefender	7.2	2008.01.17	Trojan.Downloader.JS.FT*
CAT-QuickHeal	9.00	2008.01.16	-
*ClamAV	0.91.2	2008.01.17	JS.Psyme-16
DrWeb	4.44.0.09170	2008.01.16	Exploit.Bundle
eSafe	7.0.15.0	2008.01.16	JS.Psyme.ld*
eTrust-Vet	31.3.5464	2008.01.17	-
*Ewido	4.0	2008.01.16	Downloader.Psyme.mt*
FileAdvisor	1	2008.01.17	-
Fortinet	3.14.0.0	2008.01.17	-
*F-Prot	4.4.2.54	2008.01.16	JS/Psyme.DV
F-Secure	6.70.13260.0	2008.01.17	JS/Psyme.DV
Ikarus	T3.1.1.20	2008.01.17	Exploit.JS.Agent.au
Kaspersky	7.0.0.125	2008.01.17	Trojan-Downloader.JS.Psyme.kd
*McAfee	5209	2008.01.16	-
*Microsoft	1.3109	2008.01.17	Exploit:JS/MS06014.I
NOD32v2	2800	2008.01.17	HTML/Exploit.IESlice.NAC
*Norman	5.80.02	2008.01.16	-
Panda	9.0.0.4	2008.01.17	-
*Prevx1	V2	2008.01.17	TROJAN.DOWNLOADER.GEN
*Rising	20.27.22.00	2008.01.16	-
*Sophos	4.24.0	2008.01.17	Troj/Mulex-B
Sunbelt	2.2.907.0	2008.01.17	Trojan-Downloader.JS.FT
Symantec	10	2008.01.17	Downloader
*TheHacker	6.2.9.189	2008.01.17	-
VBA32	3.12.2.5	2008.01.15	-
VirusBuster	4.3.26:9	2008.01.16	-
*Webwasher-Gateway	6.6.2	2008.01.16	Script.Dldr.Agen.N.15*

Дополнительная информация
File size: 31743 bytes
MD5: 377a34067f2bf26159b4864dfff0156a
SHA1: f174a63950e113141924597b8a7ed6ea3734a50d
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...864D00FFF0156A

----------


## strawser

File ADSTechnologyInstall.exe received on 01.17.2008 22:29:45 (CET)
AhnLab-V3	2008.1.18.10	2008.01.17	-
*AntiVir	7.6.0.48	2008.01.17	DR/Agent.UJ*
Authentium	4.93.8	2008.01.17	-
Avast	4.7.1098.0	2008.01.17	-
AVG	7.5.0.516	2008.01.17	-
*BitDefender	7.2	2008.01.17	Adware.BHO.WQB*
CAT-QuickHeal	9.00	2008.01.17	-
ClamAV	0.91.2	2008.01.17	-
*DrWeb	4.44.0.09170	2008.01.17	Adware.AdsTech*
eSafe	7.0.15.0	2008.01.16	-
eTrust-Vet	31.3.5465	2008.01.17	-
Ewido	4.0	2008.01.17	-
FileAdvisor	1	2008.01.17	-
*Fortinet	3.14.0.0	2008.01.17	Adware/Agent*
F-Prot	4.4.2.54	2008.01.17	-
F-Secure	6.70.13260.0	2008.01.17	-
Ikarus	T3.1.1.20	2008.01.17	-
*Kaspersky	7.0.0.125	2008.01.17	not-a-virus:AdWare.Win32.Agent.uj*
McAfee	5210	2008.01.17	-
Microsoft	1.3109	2008.01.17	-
NOD32v2	2802	2008.01.17	-
Norman	5.80.02	2008.01.17	-
Panda	9.0.0.4	2008.01.17	-
*Prevx1	V2	2008.01.17	ADWARE.BHO.WQB*
Rising	20.27.31.00	2008.01.17	-
Sophos	4.24.0	2008.01.17	-
Sunbelt	2.2.907.0	2008.01.17	-
Symantec	10	2008.01.17	-
TheHacker	6.2.9.189	2008.01.17	-
*VBA32	3.12.2.5	2008.01.15	AdWare.Win32.Agent.uj*
VirusBuster	4.3.26:9	2008.01.17	-
*Webwasher-Gateway	6.6.2	2008.01.17	Trojan.Dropper.Agent.UJ*
Additional information
File size: 306285 bytes
MD5: 42271b63a8fec2ce41d8755a91560bbc
SHA1: 280e789fb0248a223aa2de16c923f568eb6b189a
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...5FAC007B978F0C

File setup.exe received on 01.19.2008 00:34:39 (CET)
AhnLab-V3	2008.1.19.10	2008.01.18	-
*AntiVir	7.6.0.48	2008.01.18	DR/FraudTool.SmartAntiSpyware.B*
Authentium	4.93.8	2008.01.17	-
*Avast	4.7.1098.0	2008.01.18	Win32:SmartAntiSpy*
AVG	7.5.0.516	2008.01.18	-
BitDefender	7.2	2008.01.19	-
CAT-QuickHeal	9.00	2008.01.18	-
*ClamAV	0.91.2	2008.01.18	Adware.Fakealert-25
DrWeb	4.44.0.09170	2008.01.18	Trojan.Fakealert.368*
eSafe	7.0.15.0	2008.01.16	-
eTrust-Vet	31.3.5470	2008.01.18	-
Ewido	4.0	2008.01.18	-
FileAdvisor	1	2008.01.19	-
*Fortinet	3.14.0.0	2008.01.18	Misc/SmartAntiSpyware*
F-Prot	4.4.2.54	2008.01.19	-
F-Secure	6.70.13260.0	2008.01.18	-
*Ikarus	T3.1.1.20	2008.01.18	not-a-virus:.FraudTool.Win32.SmartAntiSpyware.b
Kaspersky	7.0.0.125	2008.01.19	not-a-virus:FraudTool.Win32.SmartAntiSpyware.b*
McAfee	5211	2008.01.18	-
Microsoft	1.3109	2008.01.18	-
*NOD32v2	2806	2008.01.18	Win32/FraudTool.SmartAntiSpyware.B*
Norman	5.80.02	2008.01.18	-
*Panda	9.0.0.4	2008.01.18	Application/SmartAntiSpyware*
Prevx1	V2	2008.01.19	-
Rising	20.27.42.00	2008.01.18	-
Sophos	4.24.0	2008.01.18	-
*Sunbelt	2.2.907.0	2008.01.17	Trojan-Dropper.FraudTool.SmartAntiSpyware.B*
Symantec	10	2008.01.19	-
TheHacker	6.2.9.191	2008.01.18	-
VBA32	3.12.2.5	2008.01.15	-
VirusBuster	4.3.26:9	2008.01.18	-
*Webwasher-Gateway	6.6.2	2008.01.18	Trojan.Dropper.FraudTool.SmartAntiSpyware.B*
Additional information
File size: 391187 bytes
MD5: 6c126e36a73970b4fd841ff7dc45f372
SHA1: 66dc9501d808aeaa1c1ef7052c55c164afb77005
PEiD: -
packers: RAR, Unicode

----------


## Гость форума

=)

AhnLab-V3 2008.1.19.10 2008.01.18 - 
AntiVir 7.6.0.48 2008.01.20 - 
Authentium 4.93.8 2008.01.20 - 
Avast 4.7.1098.0 2008.01.20 - 
AVG 7.5.0.516 2008.01.19 - 
BitDefender 7.2 2008.01.20 - 
CAT-QuickHeal 9.00 2008.01.19 - 
ClamAV 0.91.2 2008.01.20 - 
*DrWeb 4.44.0.09170 2008.01.19 Trojan.DownLoader.43001*
eSafe 7.0.15.0 2008.01.16 - 
eTrust-Vet 31.3.5470 2008.01.18 - 
Ewido 4.0 2008.01.19 - 
FileAdvisor 1 2008.01.20 - 
Fortinet 3.14.0.0 2008.01.20 - 
F-Prot 4.4.2.54 2008.01.19 - 
F-Secure 6.70.13260.0 2008.01.19 - 
Ikarus T3.1.1.20 2008.01.20 - 
Kaspersky 7.0.0.125 2008.01.20 - 
McAfee 5211 2008.01.18 - 
Microsoft 1.3109 2008.01.20 - 
NOD32v2 2807 2008.01.19 - 
Norman 5.80.02 2008.01.18 - 
Panda 9.0.0.4 2008.01.19 - 
Prevx1 V2 2008.01.20 - 
Rising 20.27.61.00 2008.01.20 - 
Sophos 4.24.0 2008.01.20 - 
Sunbelt 2.2.907.0 2008.01.17 - 
Symantec 10 2008.01.20 - 
TheHacker 6.2.9.191 2008.01.19 - 
VBA32 3.12.2.5 2008.01.19 - 
VirusBuster 4.3.26:9 2008.01.20 - 
Webwasher-Gateway 6.6.2 2008.01.20 -

----------


## rubin

msindeo.dll 

Файл avz00002.dta получен 2008.01.21 08:37:50 (CET)


```
AntiVir	7.6.0.48	2008.01.21	TR/Crypt.ULPM.Gen
Authentium	4.93.8	2008.01.21	Possibly a new variant of W32/new-malware!Maximus
Avast	4.7.1098.0	2008.01.20	Win32:Neptunia-DP
AVG	7.5.0.516	2008.01.20	PSW.Generic5.AHAD
BitDefender	7.2	2008.01.21	-
CAT-QuickHeal	9.00	2008.01.19	-
ClamAV	0.91.2	2008.01.21	-
DrWeb	4.44.0.09170	2008.01.20	Trojan.PWS.GoldSpy
eSafe	7.0.15.0	2008.01.16	suspicious Trojan/Worm
eTrust-Vet	31.3.5475	2008.01.21	-
Ewido	4.0	2008.01.20	-
FileAdvisor	1	2008.01.21	-
Fortinet	3.14.0.0	2008.01.21	-
F-Prot	4.4.2.54	2008.01.21	W32/Goldun.A.gen!Eldorado
F-Secure	6.70.13260.0	2008.01.21	-
Ikarus	T3.1.1.20	2008.01.21	Trojan-Spy.Win32.Agent.rb
Kaspersky	7.0.0.125	2008.01.21	-
McAfee	5211	2008.01.18	-
Microsoft	1.3109	2008.01.21	-
NOD32v2	2809	2008.01.21	-
Norman	5.80.02	2008.01.20	-
Panda	9.0.0.4	2008.01.20	Suspicious file
Prevx1	V2	2008.01.21	Heuristic: Suspicious Browser Help Object
Rising	20.28.00.00	2008.01.21	-
Sophos	4.24.0	2008.01.21	Troj/Dowdec-Gen
Sunbelt	2.2.907.0	2008.01.17	VIPRE.Suspicious
Symantec	10	2008.01.21	-
TheHacker	6.2.9.191	2008.01.19	-
VBA32	3.12.2.5	2008.01.21	suspected of Downloader.Small.33
VirusBuster	4.3.26:9	2008.01.20	-
Webwasher-Gateway	6.6.2	2008.01.21	Trojan.Crypt.ULPM.Gen
```

File size: 12800 bytes
MD5: 28a6b93a4460134e2b037b3a866ccef3
SHA1: 8beb0a608d8f287bbc5ac0582f99cec80c2d5b52
PEiD: -
packers: UPX
packers: UPX
packers: UPX
Prevx info: http://info.prevx.com/aboutprogramte...7BFD00FEE53E2C
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## drongo

T-16724



```
Файл avz00008.dta получен 2008.01.21 16:48:26 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.1.22.10	2008.01.21	-
AntiVir	7.6.0.48	2008.01.21	DR/Delphi.Gen
Authentium	4.93.8	2008.01.21	-
Avast	4.7.1098.0	2008.01.20	-
AVG	7.5.0.516	2008.01.21	Delf.DID
BitDefender	7.2	2008.01.21	-
CAT-QuickHeal	9.00	2008.01.21	Trojan.Buzus.s
ClamAV	0.91.2	2008.01.21	-
DrWeb	4.44.0.09170	2008.01.21	-
eSafe	7.0.15.0	2008.01.16	-
eTrust-Vet	31.3.5475	2008.01.21	-
Ewido	4.0	2008.01.21	-
FileAdvisor	1	2008.01.21	-
Fortinet	3.14.0.0	2008.01.21	-
F-Prot	4.4.2.54	2008.01.21	W32/Trojan2.TAD
F-Secure	6.70.13260.0	2008.01.21	Zbot.Y
Ikarus	T3.1.1.20	2008.01.21	Trojan-Dropper.Win32.FriJoiner.cr
Kaspersky	7.0.0.125	2008.01.21	Heur.Trojan.Generic
McAfee	5211	2008.01.18	Spy-Agent.cj.gen.h
Microsoft	1.3109	2008.01.21	VirTool:Win32/DelfInject.gen!AC
NOD32v2	2811	2008.01.21	-
Norman	5.80.02	2008.01.21	Zbot.Y
Panda	9.0.0.4	2008.01.20	-
Prevx1	V2	2008.01.21	-
Rising	20.28.02.00	2008.01.21	Trojan.DL.Win32.Agent.bxw
Sophos	4.24.0	2008.01.21	-
Sunbelt	2.2.907.0	2008.01.17	-
Symantec	10	2008.01.21	Backdoor.Bifrose
TheHacker	6.2.9.191	2008.01.19	Trojan/Dropper.FriJoiner.cw
VBA32	3.12.2.5	2008.01.21	Trojan-Dropper.Win32.FriJoiner.cr
VirusBuster	4.3.26:9	2008.01.21	-
Webwasher-Gateway	6.6.2	2008.01.21	Trojan.Dropper.Delphi.Gen
Дополнительная информация
File size: 524288 bytes
MD5: 9f21f6ec4a7b395727fb704c2bdcc358
SHA1: f092943379c88e5c7d6eb9b43d644c7780cbaee7
PEiD: BobSoft Mini Delphi -&gt; BoB / BobSoft
```

----------


## ZhIV

Файл __.htm получен 2008.01.22 02:48:50 (CET)Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.1.22.10	2008.01.21	-
AntiVir	7.6.0.48	2008.01.21	-
Authentium	4.93.8	2008.01.21	-
Avast	4.7.1098.0	2008.01.21	-
AVG	7.5.0.516	2008.01.21	-
BitDefender	7.2	2008.01.22	-
CAT-QuickHeal	9.00	2008.01.21	-
*ClamAV	0.91.2	2008.01.22	JS.Small*
*DrWeb	4.44.0.09170	2008.01.21	VBS.Psyme.377*
eSafe	7.0.15.0	2008.01.16	-
eTrust-Vet	31.3.5475	2008.01.21	-
Ewido	4.0	2008.01.21	-
FileAdvisor	1	2008.01.22	-
Fortinet	3.14.0.0	2008.01.21	-
F-Prot	4.4.2.54	2008.01.21	-
F-Secure	6.70.13260.0	2008.01.22	-
*Ikarus	T3.1.1.20	2008.01.22	Trojan-Downloader.JS.Inor.A*
Kaspersky	7.0.0.125	2008.01.22	-
McAfee	5212	2008.01.21	-
*Microsoft	1.3109	2008.01.22	Exploit:HTML/IframeRef.gen*
NOD32v2	2812	2008.01.21	-
Norman	5.80.02	2008.01.21	-
Panda	9.0.0.4	2008.01.21	-
Prevx1	V2	2008.01.22	-
Rising	20.28.02.00	2008.01.21	-
*Sophos	4.24.0	2008.01.22	Mal/FunDF-A*
Sunbelt	2.2.907.0	2008.01.17	-
Symantec	10	2008.01.22	-
TheHacker	6.2.9.193	2008.01.22	-
*VBA32	3.12.2.5	2008.01.21	Trojan-Downloader.JS.Psyme.cv
VirusBuster	4.3.26:9	2008.01.21	JS.Psyme.AX
*Webwasher-Gateway	6.6.2	2008.01.21	-

Дополнительная информация
File size: 34951 bytes
MD5: c7072576f08e439a0ec84a0d8b3cd2cf
SHA1: b9954d4455b8f1671dfba1567185885ea22ef6ca
PEiD: -

----------


## asterrX

File onlinepatch.exe received on 01.22.2008 18:17:20 (CET)

Antivirus 	Version 	Last Update 	Result
AhnLab-V3 	2008.1.23.10 	2008.01.22 	-
*AntiVir 	7.6.0.48 	2008.01.22 	HEUR/Malware*
Authentium 	4.93.8 	2008.01.22 	-
Avast 	4.7.1098.0 	2008.01.22 	-
AVG 	7.5.0.516 	2008.01.22 	-
BitDefender 	7.2 	2008.01.22 	-
CAT-QuickHeal 	9.00 	2008.01.22 	-
ClamAV 	0.91.2 	2008.01.22 	-
DrWeb 	4.44.0.09170 	2008.01.22 	-
eSafe 	7.0.15.0 	2008.01.16 	-
eTrust-Vet 	31.3.5477 	2008.01.22 	-
Ewido 	4.0 	2008.01.22 	-
FileAdvisor 	1 	2008.01.22 	-
Fortinet 	3.14.0.0 	2008.01.22 	-
F-Prot 	4.4.2.54 	2008.01.21 	-
F-Secure 	6.70.13260.0 	2008.01.22 	-
Ikarus 	T3.1.1.20 	2008.01.22 	-
Kaspersky 	7.0.0.125 	2008.01.22 	-
McAfee 	5212 	2008.01.21 	-
Microsoft 	1.3109 	2008.01.22 	-
NOD32v2 	2815 	2008.01.22 	-
Norman 	5.80.02 	2008.01.22 	-
Panda 	9.0.0.4 	2008.01.21 	-
Prevx1 	V2 	2008.01.22 	-
Rising 	20.28.12.00 	2008.01.22 	-
*Sophos 	4.24.0 	2008.01.22 	Mal/Basine-C*
*Sunbelt 	2.2.907.0 	2008.01.17 	VIPRE.Suspicious*
Symantec 	10 	2008.01.22 	-
TheHacker 	6.2.9.194 	2008.01.22 	-
*VBA32 	3.12.2.5 	2008.01.21 	suspected of Trojan-PSW.Pinch.3 (paranoid heuristics)*
VirusBuster 	4.3.26:9 	2008.01.22 	-
*Webwasher-Gateway 	6.6.2 	2008.01.22 	Heuristic.Malware*

Additional information
File size: 133043 bytes
MD5: b962a4245c9267c0f9b7856722980952
SHA1: b1d2b6652b7c93b4ea0278ea2c992ec1647d63e0
PEiD: -
packers: Orien

----------


## Groft

AhnLab-V3	2008.1.23.10	2008.01.22	-
*AntiVir	7.6.0.48	2008.01.22	Worm/Ntech.AI*
Authentium	4.93.8	2008.01.22	-
Avast	4.7.1098.0	2008.01.22	-
*AVG	7.5.0.516	2008.01.22	SHeur.AOIK*
BitDefender	7.2	2008.01.22	-
CAT-QuickHeal	9.00	2008.01.22	-
ClamAV	0.91.2	2008.01.22	-
DrWeb	4.44.0.09170	2008.01.22	-
eSafe	7.0.15.0	2008.01.16	-
eTrust-Vet	31.3.5477	2008.01.22	-
Ewido	4.0	2008.01.22	-
FileAdvisor	1	2008.01.22	-
Fortinet	3.14.0.0	2008.01.22	-
F-Prot	4.4.2.54	2008.01.21	-
F-Secure	6.70.13260.0	2008.01.22	-
Ikarus	T3.1.1.20	2008.01.22	-
Kaspersky	7.0.0.125	2008.01.22	-
McAfee	5212	2008.01.21	-
*Microsoft	1.3109	2008.01.22	VirTool:WinNT/Cutwail.gen!B*
NOD32v2	2815	2008.01.22	-
Norman	5.80.02	2008.01.22	-
Panda	9.0.0.4	2008.01.21	-
Prevx1	V2	2008.01.22	-
Rising	20.28.12.00	2008.01.22	-
*Sophos	4.24.0	2008.01.22	Troj/Pushdo-Gen*
Sunbelt	2.2.907.0	2008.01.17	-
*Symantec	10	2008.01.22	Downloader*
TheHacker	6.2.9.194	2008.01.22	-
VBA32	3.12.2.5	2008.01.21	-
*VirusBuster	4.3.26:9	2008.01.22	Trojan.DR.Pandex.Gen.4
Webwasher-Gateway	6.6.2	2008.01.22	Worm.Ntech.AI*
Дополнительная информация
File size: 29184 bytes
MD5: 1ea4a43afdfdeb61c7386295d3c6f8e3
SHA1: 695e58b5aadb85a3467627d2515acc0b669b0372
PEiD: -

----------


## strawser

File SmilesQip_ICQ.exe received on 01.23.2008 00:11:33 (CET)

AhnLab-V3	2008.1.23.10	2008.01.22	-
*AntiVir	7.6.0.48	2008.01.22	HEUR/Crypted*
Authentium	4.93.8	2008.01.22	-
Avast	4.7.1098.0	2008.01.22	-
AVG	7.5.0.516	2008.01.22	-
BitDefender	7.2	2008.01.22	-
*CAT-QuickHeal	9.00	2008.01.22	TrojanPSW.LdPinch.fer*
ClamAV	0.91.2	2008.01.22	-
DrWeb	4.44.0.09170	2008.01.22	-
*eSafe	7.0.15.0	2008.01.16	Suspicious File*
eTrust-Vet	31.3.5477	2008.01.22	-
Ewido	4.0	2008.01.22	-
FileAdvisor	1	2008.01.23	-
Fortinet	3.14.0.0	2008.01.22	-
F-Prot	4.4.2.54	2008.01.22	-
*F-Secure	6.70.13260.0	2008.01.22	Trojan-PSW.Win32.LdPinch.fer*
Ikarus	T3.1.1.20	2008.01.22	-
*Kaspersky	7.0.0.125	2008.01.23	Trojan-PSW.Win32.LdPinch.fer*
McAfee	5213	2008.01.22	-
Microsoft	1.3109	2008.01.22	-
NOD32v2	2815	2008.01.22	-
Norman	5.80.02	2008.01.22	-
Panda	9.0.0.4	2008.01.22	-
Prevx1	V2	2008.01.23	-
Rising	20.28.12.00	2008.01.22	-
Sophos	4.24.0	2008.01.22	-
Sunbelt	2.2.907.0	2008.01.17	-
Symantec	10	2008.01.22	-
*TheHacker	6.2.9.194	2008.01.22	Trojan/PSW.LdPinch.fer*
VBA32	3.12.2.5	2008.01.21	-
VirusBuster	4.3.26:9	2008.01.22	-
*Webwasher-Gateway	6.6.2	2008.01.22	Heuristic.Crypted*
Additional information
File size: 78336 bytes
MD5: 524df7401bc599e6437b3b73fd7ce436
SHA1: 684b8133b66a98066181c05f18ce276982088118
PEiD: -

----------


## asterrX

Файл finreal.-exe получен 2008.01.15 19:05:06 (CET)

*AhnLab-V3 	2008.1.16.10 	2008.01.15 	Win-AppCare/Webmoner.618496*
AntiVir 	7.6.0.48 	2008.01.15 	-
Authentium 	4.93.8 	2008.01.13 	-
*Avast 	4.7.1098.0 	2008.01.14 	Win32:Trojan-gen {Other}*
*AVG 	7.5.0.516 	2008.01.14 	Generic7.PAQ*
BitDefender 	7.2 	2008.01.15 	-
*CAT-QuickHeal 	9.00 	2008.01.15 	Hoax.WebMoner.bd (Not a Virus)*
ClamAV 	0.91.2 	2008.01.14 	-
*DrWeb 	4.44.0.09170 	2008.01.15 	Joke.Finreal*
eSafe 	7.0.15.0 	2008.01.14 	-
eTrust-Vet 	31.3.5459 	2008.01.15 	-
*Ewido 	4.0 	2008.01.15 	Not-A-Virus.Hoax.Win32.WebMoner.bd*
*FileAdvisor 	1 	2008.01.15 	High threat detected*
*Fortinet 	3.14.0.0 	2008.01.15 	Misc/WebMoner*
F-Prot 	4.4.2.54 	2008.01.14 	-
*F-Secure 	6.70.13030.0 	2008.01.15 	not-virus:Hoax.Win32.WebMoner.bd*
*Ikarus 	T3.1.1.20 	2008.01.15 	not-a-virus:Hoax.Win32.WebMoner.bd*
*Kaspersky 	7.0.0.125 	2008.01.15 	not-virus:Hoax.Win32.WebMoner.bd*
McAfee 	5208 	2008.01.15 	-
Microsoft 	1.3109 	2008.01.15 	-
NOD32v2 	2793 	2008.01.15 	-
*Norman 	5.80.02 	2008.01.15 	W32/Webmoner.MI*
*Panda 	9.0.0.4 	2008.01.14 	Trj/Webmoner.O*
*Prevx1 	V2 	2008.01.15 	Generic.Malware*
*Rising 	20.27.12.00 	2008.01.15 	AdWare.Win32.WebMoner.bd*
Sophos 	4.24.0 	2008.01.15 	-
*Sunbelt 	2.2.907.0 	2008.01.15 	Hoax.Win32.WebMoner.bd*
Symantec 	10 	2008.01.15 	-
*TheHacker 	6.2.9.187 	2008.01.13 	Aplicacion/WebMoner.bd*
VBA32 	3.12.2.5 	2008.01.13 	-
VirusBuster 	4.3.26:9 	2008.01.15 	-
*Webwasher-Gateway 	6.6.2 	2008.01.15 	Riskware.Hoax.Webmoner.BD*

Дополнительная информация
File size: 618496 bytes
MD5: 758acb4a461722d3f3bbf62f3a25844b
SHA1: 50e53b51faf3b2e4b9050b83c87b23a03bf8dc92

----------


## rubin

ntos.exe
Файл avz00001.dta получен 2008.01.25 10:28:32 (CET)


```
AhnLab-V3	2008.1.25.11	2008.01.25	-
AntiVir	7.6.0.53	2008.01.25	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.01.25	-
Avast	4.7.1098.0	2008.01.25	-
AVG	7.5.0.516	2008.01.24	Pakes_c.KD
BitDefender	7.2	2008.01.25	Trojan.Spy.Agent.NNK
CAT-QuickHeal	9.00	2008.01.24	-
ClamAV	0.91.2	2008.01.25	-
DrWeb	4.44.0.09170	2008.01.25	-
eSafe	7.0.15.0	2008.01.16	Suspicious File
eTrust-Vet	31.3.5484	2008.01.25	-
Ewido	4.0	2008.01.24	-
FileAdvisor	1	2008.01.25	-
Fortinet	3.14.0.0	2008.01.25	-
F-Prot	4.4.2.54	2008.01.24	-
F-Secure	6.70.13260.0	2008.01.24	Suspicious:W32/Malware!Gemini
Ikarus	T3.1.1.20	2008.01.25	-
Kaspersky	7.0.0.125	2008.01.25	-
McAfee	5215	2008.01.24	-
Microsoft	1.3109	2008.01.25	-
NOD32v2	2821	2008.01.25	-
Norman	5.80.02	2008.01.24	-
Panda	9.0.0.4	2008.01.24	Suspicious file
Prevx1	V2	2008.01.25	-
Rising	20.28.41.00	2008.01.25	-
Sophos	4.25.0	2008.01.25	Mal/Behav-066
Sunbelt	2.2.907.0	2008.01.25	-
Symantec	10	2008.01.25	-
TheHacker	6.2.9.196	2008.01.23	-
VBA32	3.12.2.5	2008.01.21	-
VirusBuster	4.3.26:9	2008.01.24	-
Webwasher-Gateway	6.6.2	2008.01.25	Trojan.Crypt.XPACK.Gen
```

File size: 78848 bytes
MD5: 1bad09e84b67336ae4a13cfcc3bb3029
SHA1: e0abccd2c21948423521ee28048330fc8ed09f46
PEiD: -

*Добавлено через 3 часа 15 минут*

С того же пациента
Windows\TEMP\winlogon.exe

Файл avz00001.dta получен 2008.01.25 13:49:01 (CET)



```
AhnLab-V3	2008.1.25.11	2008.01.25	-
AntiVir	7.6.0.53	2008.01.25	DR/Delphi.Gen
Authentium	4.93.8	2008.01.25	-
Avast	4.7.1098.0	2008.01.25	-
AVG	7.5.0.516	2008.01.24	-
BitDefender	7.2	2008.01.25	Trojan.PSW.LdPinch.AKX
CAT-QuickHeal	9.00	2008.01.24	-
ClamAV	0.91.2	2008.01.25	-
DrWeb	4.44.0.09170	2008.01.25	Trojan.Packed.147
eSafe	7.0.15.0	2008.01.16	-
eTrust-Vet	31.3.5484	2008.01.25	-
Ewido	4.0	2008.01.24	-
FileAdvisor	1	2008.01.25	-
Fortinet	3.14.0.0	2008.01.25	-
F-Prot	4.4.2.54	2008.01.24	-
F-Secure	6.70.13260.0	2008.01.25	LdPinch.STT
Ikarus	T3.1.1.20	2008.01.25	Virus.Win32.Zapchast.DA
Kaspersky	7.0.0.125	2008.01.25	-
McAfee	5215	2008.01.24	-
Microsoft	1.3109	2008.01.25	VirTool:Win32/DelfInject.gen!AA
NOD32v2	2822	2008.01.25	a variant of Win32/Injector.J
Norman	5.80.02	2008.01.24	LdPinch.STT
Panda	9.0.0.4	2008.01.24	-
Prevx1	V2	2008.01.25	-
Rising	20.28.41.00	2008.01.25	Trojan.DL.Win32.Agent.bxw
Sophos	4.25.0	2008.01.25	Mal/Dropper-T
Sunbelt	2.2.907.0	2008.01.25	-
Symantec	10	2008.01.25	-
TheHacker	6.2.9.196	2008.01.23	-
VBA32	3.12.2.5	2008.01.21	-
VirusBuster	4.3.26:9	2008.01.24	-
Webwasher-Gateway	6.6.2	2008.01.25	Trojan.Dropper.Delphi.Gen
```

File size: 42496 bytes
MD5: 9209632936a12b31a8fc5db199aa3eb3
SHA1: a59a0cea1faf2e0ece0ebdfcc1cab3d5a86ca273
PEiD: -

----------


## strawser

File regger_icq__c__Isis.exe received on 01.25.2008 21:35:55 (CET)
*AhnLab-V3	2008.1.26.10	2008.01.25	Win-Trojan/LdPinch.46081
AntiVir	7.6.0.53	2008.01.25	DIAL/46081.A
Authentium	4.93.8	2008.01.25	is a security risk or a \"backdoor\" program
Avast	4.7.1098.0	2008.01.25	Win32dPinch-VQ
AVG	7.5.0.516	2008.01.25	PSW.Ldpinch.DNO
BitDefender	7.2	2008.01.25	Trojan.Pws.Ldpinch.BGZ*
CAT-QuickHeal	9.00	2008.01.24	-
*ClamAV	0.91.2	2008.01.25	Trojan.Spy-1724
DrWeb	4.44.0.09170	2008.01.25	Trojan.MulDrop.4895
eSafe	7.0.15.0	2008.01.16	Win32.LdPinch.bgz*
eTrust-Vet	31.3.5484	2008.01.25	-
*Ewido	4.0	2008.01.25	Trojan.LdPinch.bgz*
FileAdvisor	1	2008.01.25	-
*Fortinet	3.14.0.0	2008.01.25	W32/LdPinch.BGZ!tr.pws
F-Prot	4.4.2.54	2008.01.25	W32/PWS!82c1
F-Secure	6.70.13260.0	2008.01.25	W32/Dialer.BBGX
Ikarus	T3.1.1.20	2008.01.25	Trojan-PWS.Win32.LdPinch.bgz
Kaspersky	7.0.0.125	2008.01.25	Trojan-PSW.Win32.LdPinch.bgz*
McAfee	5215	2008.01.24	-
*Microsoft	1.3109	2008.01.25	TrojanDownloader:Win32/Agent.XE
NOD32v2	2823	2008.01.25	Win32/PSW.LdPinch.BHR
Norman	5.80.02	2008.01.24	W32/Dialer.BBGX
Panda	9.0.0.4	2008.01.25	Trj/Ldpinch.WE
Prevx1	V2	2008.01.25	Generic.Malware
Rising	20.28.41.00	2008.01.25	Trojan.PSW.Win32.LdPinch.bgz
Sophos	4.25.0	2008.01.25	Mal/Generic-A
Sunbelt	2.2.907.0	2008.01.25	Trojan-PWS.Win32.Ldpinch.gen
Symantec	10	2008.01.25	Infostealer
TheHacker	6.2.9.197	2008.01.25	Trojan/PSW.LdPinch.bgz
VBA32	3.12.2.5	2008.01.21	Trojan.MulDrop.4895*
VirusBuster	4.3.26:9	2008.01.25	-
*Webwasher-Gateway	6.6.2	2008.01.25	Dialer.46081.A*
Additional information
File size: 47105 bytes
MD5: 9f7756fa8b591ed7abca2f5553082d82
SHA1: 19a64786b3935af2a183b7249ddea8ce376e959d
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...659A008ED34480

File IcqFucker.zip received on 01.25.2008 22:19:50 (CET)
AhnLab-V3	2008.1.26.10	2008.01.25	-
*AntiVir	7.6.0.53	2008.01.25	TR/Drop.Tiny.M.22*
*Authentium	4.93.8	2008.01.25	is a dropper for W32/Dropper.DHK
Avast	4.7.1098.0	2008.01.25	Win32:JunkPoly
AVG	7.5.0.516	2008.01.25	Dropper.Generic.IWX
BitDefender	7.2	2008.01.25	Packer.Pohernah.A*
CAT-QuickHeal	9.00	2008.01.25	-
*ClamAV	0.91.2	2008.01.25	Trojan.Dropper-173
DrWeb	4.44.0.09170	2008.01.25	Trojan.MulDrop.5419
eSafe	7.0.15.0	2008.01.16	Win32.Tiny.m*
eTrust-Vet	31.3.5484	2008.01.25	-
*Ewido	4.0	2008.01.25	Dropper.Tiny.m*
FileAdvisor	1	2008.01.25	-
*Fortinet	3.14.0.0	2008.01.25	W32/Tiny.M!tr
F-Prot	4.4.2.54	2008.01.25	W32/Dropper.DHK
F-Secure	6.70.13260.0	2008.01.25	Trojan-Dropper.Win32.Tiny.m
Ikarus	T3.1.1.20	2008.01.25	Trojan-Dropper.Win32.Tiny.m
Kaspersky	7.0.0.125	2008.01.25	Trojan-Dropper.Win32.Tiny.m*
*McAfee	5215	2008.01.24	-
Microsoft	1.3109	2008.01.25	TrojanDropper:Win32/Small*
NOD32v2	2823	2008.01.25	-
*Norman	5.80.02	2008.01.24	PolyCrypt.F.dropper
Panda	9.0.0.4	2008.01.25	Generic Malware
Prevx1	V2	2008.01.25	Generic.Malware*
Rising	20.28.41.00	2008.01.25	-
*Sophos	4.25.0	2008.01.25	Mal/Basine-C
Sunbelt	2.2.907.0	2008.01.25	Trojan-Dropper.Win32.Tiny.m*
Symantec	10	2008.01.25	-
*TheHacker	6.2.9.197	2008.01.25	Trojan/Dropper.Tiny.m
VBA32	3.12.2.5	2008.01.21	Trojan.MulDrop.5038
VirusBuster	4.3.26:9	2008.01.25	Trojan.DR.Webmoner.Gen.2
Webwasher-Gateway	6.6.2	2008.01.25	Trojan.Drop.Tiny.M.22*
Additional information
File size: 385052 bytes
MD5: 9e87f7de3578576ff0e6f5c5d8499b36
SHA1: e22cca5909b78e0fb3e1bb56ea3e056f4cd69289
PEiD: -
packers: PE_Patch

File AntiICQ.exe received on 01.26.2008 22:04:18 (CET)
AhnLab-V3	2008.1.26.10	2008.01.25	-
AntiVir	7.6.0.53	2008.01.25	-
Authentium	4.93.8	2008.01.26	-
Avast	4.7.1098.0	2008.01.26	-
AVG	7.5.0.516	2008.01.26	-
BitDefender	7.2	2008.01.26	-
*CAT-QuickHeal	9.00	2008.01.25	TrojanPSW.Agent.xf*
ClamAV	0.91.2	2008.01.26	-
DrWeb	4.44.0.09170	2008.01.26	-
eSafe	7.0.15.0	2008.01.16	-
eTrust-Vet	31.3.5486	2008.01.26	-
Ewido	4.0	2008.01.26	-
FileAdvisor	1	2008.01.26	-
Fortinet	3.14.0.0	2008.01.26	-
F-Prot	4.4.2.54	2008.01.26	-
*F-Secure	6.70.13260.0	2008.01.26	Suspicious:W32/Malware!Gemini
Ikarus	T3.1.1.20	2008.01.26	Trojan-Proxy.Win32.Delf.av
Kaspersky	7.0.0.125	2008.01.26	Trojan-PSW.Win32.Agent.xh*
McAfee	5216	2008.01.26	-
Microsoft	1.3109	2008.01.26	-
NOD32v2	2824	2008.01.26	-
Norman	5.80.02	2008.01.24	-
Panda	9.0.0.4	2008.01.26	-
*Prevx1	V2	2008.01.26	Heuristic: Suspicious File With Mass Email Capabilities*
Rising	20.28.52.00	2008.01.26	-
Sophos	4.25.0	2008.01.26	-
Sunbelt	2.2.907.0	2008.01.25	-
Symantec	10	2008.01.26	-
TheHacker	6.2.9.199	2008.01.26	-
VBA32	3.12.2.5	2008.01.21	-
VirusBuster	4.3.26:9	2008.01.26	-
Webwasher-Gateway	6.6.2	2008.01.26	-
Additional information
File size: 1026560 bytes
MD5: ba20c555d0ec2e6e75edbcbd59ddab1e
SHA1: 7512ef3606faa50285f93788c1d743bb3614a0db
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...D65500E4B1B162

----------


## akok

ehevcwfq.dll



> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.1.26.10	2008.01.25	-
> AntiVir	7.6.0.53	2008.01.25	TR/Dldr.ConHook.Gen
> Authentium	4.93.8	2008.01.26	-
> Avast	4.7.1098.0	2008.01.26	Win32:TratBHO
> AVG	7.5.0.516	2008.01.26	Lop
> BitDefender	7.2	2008.01.26	-
> CAT-QuickHeal	9.00	2008.01.25	-
> ClamAV	0.91.2	2008.01.26	-
> ...


Дополнительная информация
File size: 78709 bytes
MD5: f379658bab738c81ddfd787493151848
SHA1: 2398a70e6bef0455ee5ce1b221334670896a321e
PEiD: -

----------


## asterrX

Файл ***.rar получен 2008.01.27 12:43:53 (CET)
Текущий статус: закончено
Результат: 8/32 (25.00%)




> Антивирус 	Версия 	Обновление 	Результат
> AhnLab-V3 	2008.1.26.10 	2008.01.25 	-
> *AntiVir 	7.6.0.53 	2008.01.25 	HEUR/Crypted*
> Authentium 	4.93.8 	2008.01.26 	-
> Avast 	4.7.1098.0 	2008.01.27 	-
> AVG 	7.5.0.516 	2008.01.26 	-
> *BitDefender 	7.2 	2008.01.27 	DeepScan:Generic.LdPinch1.9FBE2AFE*
> CAT-QuickHeal 	9.00 	2008.01.25 	-
> ClamAV 	0.91.2 	2008.01.27 	-
> ...

----------


## ZhIV

Файл index.htm получен 2008.01.29 01:53:46 (CET)Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.1.29.10	2008.01.28	-
*AntiVir	7.6.0.56	2008.01.28	HTML/Crypted.Gen
Authentium	4.93.8	2008.01.26	JS/IFrame.AC
*Avast	4.7.1098.0	2008.01.28	-
AVG	7.5.0.516	2008.01.28	-
BitDefender	7.2	2008.01.29	-
CAT-QuickHeal	9.00	2008.01.28	-
ClamAV	0.91.2	2008.01.28	-
*DrWeb	4.44.0.09170	2008.01.28	Trojan.DownLoader.42681
eSafe	7.0.15.0	2008.01.28	JS.Agent.ag*
eTrust-Vet	31.3.5493	2008.01.28	-
*Ewido	4.0	2008.01.29	Downloader.Iframe.u
*FileAdvisor	1	2008.01.29	-
Fortinet	3.14.0.0	2008.01.29	-
*F-Prot	4.4.2.54	2008.01.28	JS/IFrame.AC
F-Secure	6.70.13260.0	2008.01.29	JS/IFrame.AC
*Ikarus	T3.1.1.20	2008.01.29	-
*Kaspersky	7.0.0.125	2008.01.29	Trojan-Clicker.HTML.IFrame.fh
*McAfee	5217	2008.01.28	-
*Microsoft	1.3109	2008.01.28	Virus:JS/Decdec.A*
NOD32v2	2829	2008.01.28	-
Norman	5.80.02	2008.01.28	-
Panda	9.0.0.4	2008.01.28	-
Prevx1	V2	2008.01.29	-
Rising	20.29.01.00	2008.01.28	-
*Sophos	4.25.0	2008.01.29	Troj/Decdec-A*
Sunbelt	2.2.907.0	2008.01.29	-
Symantec	10	2008.01.29	-
TheHacker	6.2.9.201	2008.01.28	-
VBA32	3.12.2.5	2008.01.21	-
VirusBuster	4.3.26:9	2008.01.28	-
*Webwasher-Gateway	6.6.2	2008.01.28	Script.Crypted.Gen*

Дополнительная информация
File size: 24064 bytes
MD5: 5038d53ba18ea691b491a0b6bdb69350
SHA1: 822b787ac841e54afa32762e5c4329123be86b5f
PEiD: -

----------


## yu_mor

AhnLab-V3 2008.1.19.10 2008.01.18 - 
*AntiVir 7.6.0.48 2008.01.18 TR/Agent.58677* 
Authentium 4.93.8 2008.01.19 - 
*Avast 4.7.1098.0 2008.01.18 Win32:Trojan-gen {Other}* 
AVG 7.5.0.516 2008.01.18 - 
*BitDefender 7.2 2008.01.19 Trojan.Agent.BGX 
CAT-QuickHeal 9.00 2008.01.19 (Suspicious) - DNAScan 
*ClamAV 0.91.2 2008.01.18 - 
DrWeb 4.44.0.09170 2008.01.18 - 
*eSafe 7.0.15.0 2008.01.16 suspicious Trojan/Worm* 
eTrust-Vet 31.3.5470 2008.01.18 - 
Ewido 4.0 2008.01.18 - 
*FileAdvisor 1 2008.01.19 High threat detected 
Fortinet 3.14.0.0 2008.01.19 W32/Basine.C!tr 
*F-Prot 4.4.2.54 2008.01.19 - 
*F-Secure 6.70.13260.0 2008.01.18 W32/LdPinch.RGL 
Ikarus T3.1.1.20 2008.01.19 Trojan-PWS.Win32.LdPinch.boy 
*Kaspersky 7.0.0.125 2008.01.19 - 
McAfee 5211 2008.01.18 - 
Microsoft 1.3109 2008.01.18 - 
NOD32v2 2807 2008.01.19 - 
*Norman 5.80.02 2008.01.18 W32/LdPinch.RGL 
Panda 9.0.0.4 2008.01.18 Generic Malware 
Prevx1 V2 2008.01.19 Generic.Malware 
*Rising 20.27.42.00 2008.01.18 - 
*Sophos 4.24.0 2008.01.19 Mal/Basine-C 
Sunbelt 2.2.907.0 2008.01.17 VIPRE.Suspicious 
Symantec 10 2008.01.19 Bloodhound.W32.EP 
TheHacker 6.2.9.191 2008.01.18 W32/Behav-Heuristic-061 
*VBA32 3.12.2.5 2008.01.15 - 
*VirusBuster 4.3.26:9 2008.01.18 Trojan.Agent.VEO 
Webwasher-Gateway 6.6.2 2008.01.18 Trojan.Agent.58677*

----------


## rubin

error404.dll

Файл e404d.dll_ получен 2008.01.30 09:59:04 (CET)



```
AhnLab-V3	2008.1.30.11	2008.01.30	-
AntiVir	7.6.0.57	2008.01.30	-
Authentium	4.93.8	2008.01.30	-
Avast	4.7.1098.0	2008.01.30	Win32:Agent-PSR
AVG	7.5.0.516	2008.01.30	Agent.MOM
BitDefender	7.2	2008.01.30	-
CAT-QuickHeal	9.00	2008.01.29	-
ClamAV	0.91.2	2008.01.30	-
DrWeb	4.44.0.09170	2008.01.30	-
eSafe	7.0.15.0	2008.01.28	Suspicious File
eTrust-Vet	31.3.5497	2008.01.30	-
Ewido	4.0	2008.01.29	-
FileAdvisor	1	2008.01.30	-
Fortinet	3.14.0.0	2008.01.30	-
F-Prot	4.4.2.54	2008.01.29	-
F-Secure	6.70.13260.0	2008.01.30	-
Ikarus	T3.1.1.20	2008.01.29	Trojan-Clicker.Win32.Small.BG
Kaspersky	7.0.0.125	2008.01.30	-
McAfee	5218	2008.01.29	-
Microsoft	1.3109	2008.01.28	-
NOD32v2	2834	2008.01.30	a variant of Win32/Agent.NNU
Norman	5.80.02	2008.01.29	-
Panda	9.0.0.4	2008.01.29	-
Prevx1	V2	2008.01.30	E404Bho:Adware-b
Rising	20.29.21.00	2008.01.30	-
Sophos	4.25.0	2008.01.30	Mal/Heuri-E
Sunbelt	2.2.907.0	2008.01.30	VIPRE.Suspicious
Symantec	10	2008.01.30	Adware.Adpopup
TheHacker	6.2.9.201	2008.01.28	-
VBA32	3.12.2.6	2008.01.29	-
VirusBuster	4.3.26:9	2008.01.29	Adware.Agent.WYF
Webwasher-Gateway	6.6.2	2008.01.30	-
```

File size: 51712 bytes
MD5: 950f2c1c3839150587009e03948c50c2
SHA1: 6938e99b67d9945df8e79cc7213a40e9533a40d3
PEiD: PECompact 2.xx --> BitSum Technologies
packers: PECompact, PECompact
packers: PecBundle, PECompact
packers: PE_Patch.PECompact, PecBundle, PECompact
Prevx info: http://info.prevx.com/aboutprogramte...BE4D00730D69FF
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## sergio342

Файл system32.rar получен 2008.01.30 15:50:59 (CET)

AhnLab-V3 2008.1.31.10 2008.01.30 - 
*AntiVir 7.6.0.57 2008.01.30 TR/Crypt.XPACK.Gen* 
Authentium 4.93.8 2008.01.30 - 
*Avast 4.7.1098.0 2008.01.30 Win32:JunkPoly 
AVG 7.5.0.516 2008.01.30 Win32/PolyCrypt 
BitDefender 7.2 2008.01.30 DeepScan:Generic.LdPinch1.705481DA* 
CAT-QuickHeal 9.00 2008.01.29 - 
ClamAV 0.91.2 2008.01.30 - 
*DrWeb 4.44.0.09170 2008.01.30 Trojan.Packed.153 
eSafe 7.0.15.0 2008.01.28 Suspicious File* 
eTrust-Vet 31.3.5497 2008.01.30 - 
Ewido 4.0 2008.01.30 - 
FileAdvisor 1 2008.01.30 - 
Fortinet 3.14.0.0 2008.01.30 - 
F-Prot 4.4.2.54 2008.01.29 - 
F-Secure 6.70.13260.0 2008.01.30 - 
Ikarus T3.1.1.20 2008.01.30 - 
*Kaspersky 7.0.0.125 2008.01.30 Heur.Trojan.Generic 
McAfee 5218 2008.01.29 New Malware.bl* 
Microsoft 1.3109 2008.01.28 - 
NOD32v2 2836 2008.01.30 - 
Norman 5.80.02 2008.01.29 - 
*Panda 9.0.0.4 2008.01.29 Suspicious file 
Prevx1 V2 2008.01.30 Heuristic: Suspicious Code* 
Rising 20.29.22.00 2008.01.30 - 
*Sophos 4.25.0 2008.01.30 Mal/Basine-C 
Sunbelt 2.2.907.0 2008.01.30 VIPRE.Suspicious 
Symantec 10 2008.01.30 Bloodhound.Packed.31* 
TheHacker 6.2.9.201 2008.01.28 - 
VBA32 3.12.2.6 2008.01.29 - 
VirusBuster 4.3.26:9 2008.01.29 - 
*Webwasher-Gateway 6.6.2 2008.01.30 Trojan.Crypt.XPACK.Gen*

----------


## rubin

sanitardiska

Файл avz00003.dta получен 2008.01.30 17:42:08 (CET)



```
AhnLab-V3	2008.1.31.10	2008.01.30	-
AntiVir	7.6.0.59	2008.01.30	-
Authentium	4.93.8	2008.01.30	-
Avast	4.7.1098.0	2008.01.30	Win32:Adware-gen
AVG	7.5.0.516	2008.01.30	-
BitDefender	7.2	2008.01.30	-
CAT-QuickHeal	9.00	2008.01.29	-
ClamAV	0.91.2	2008.01.30	-
DrWeb	4.44.0.09170	2008.01.30	-
eSafe	7.0.15.0	2008.01.28	suspicious Trojan/Worm
eTrust-Vet	31.3.5497	2008.01.30	-
Ewido	4.0	2008.01.30	-
FileAdvisor	1	2008.01.30	High threat detected
Fortinet	3.14.0.0	2008.01.30	-
F-Prot	4.4.2.54	2008.01.29	-
F-Secure	6.70.13260.0	2008.01.30	-
Ikarus	T3.1.1.20	2008.01.30	Trojan-Downloader.Win32.QQHelper.vn
Kaspersky	7.0.0.125	2008.01.30	-
McAfee	5218	2008.01.29	-
Microsoft	1.3109	2008.01.28	-
NOD32v2	2836	2008.01.30	-
Norman	5.80.02	2008.01.29	-
Panda	9.0.0.4	2008.01.29	Application/PCDriveTool
Prevx1	V2	2008.01.30	-
Rising	20.29.22.00	2008.01.30	-
Sophos	4.25.0	2008.01.30	WinFixer
Sunbelt	2.2.907.0	2008.01.30	-
TheHacker	6.2.9.202	2008.01.30	-
VBA32	3.12.2.6	2008.01.29	-
VirusBuster	4.3.26:9	2008.01.30	-
Webwasher-Gateway	6.6.2	2008.01.30	Riskware.PCDriveTool
```

File size: 197632 bytes
MD5: dd8e0b4ad94243120439c49bc9813ef2
SHA1: 06c58004af8d75cd52114b13a086a75664a8f6eb
PEiD: -
Bit9 info: http://fileadvisor.bit9.com/services...39c49bc9813ef2
packers: UPX
packers: PE_Patch.UPX, UPX

----------


## ZhIV

Файл index.htm получен 2008.02.01 01:58:21 (CET)Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.2.1.10	2008.01.31	-
AntiVir	7.6.0.59	2008.01.31	-
Authentium	4.93.8	2008.01.31	-
Avast	4.7.1098.0	2008.02.01	-
AVG	7.5.0.516	2008.01.31	-
BitDefender	7.2	2008.02.01	-
CAT-QuickHeal	9.00	2008.01.30	-
ClamAV	0.92	2008.01.31	-
*DrWeb	4.44.0.09170	2008.01.31	Worm.Sifiliz*
eSafe	7.0.15.0	2008.01.28	-
eTrust-Vet	31.3.5501	2008.02.01	-
Ewido	4.0	2008.01.31	-
FileAdvisor	1	2008.02.01	-
Fortinet	3.14.0.0	2008.01.31	-
F-Prot	4.4.2.54	2008.01.30	-
*F-Secure	6.70.13260.0	2008.01.31	Trojan-Downloader.JS.Remora.bg
*Ikarus	T3.1.1.20	2008.02.01	-
*Kaspersky	7.0.0.125	2008.02.01	Trojan-Downloader.JS.Remora.bg
*McAfee	5220	2008.01.31	-
Microsoft	1.3109	2008.02.01	-
NOD32v2	2841	2008.02.01	-
Norman	5.80.02	2008.01.31	-
Panda	9.0.0.4	2008.01.31	-
Prevx1	V2	2008.02.01	-
Rising	20.29.22.00	2008.01.30	-
*Sophos	4.25.0	2008.01.31	Mal/ObfJS-R*
Sunbelt	2.2.907.0	2008.02.01	-
Symantec	10	2008.02.01	-
TheHacker	6.2.9.203	2008.01.30	-
VBA32	3.12.2.6	2008.01.31	-
VirusBuster	4.3.26:9	2008.01.31	-
Webwasher-Gateway	6.6.2	2008.02.01	-

Дополнительная информация
File size: 24033 bytes
MD5: 49ea90c5d9dec69efd4050b1c3b3346b
SHA1: 1fbe03de0685da4c9c617dfd226e2d4a2af9ad67
PEiD: -

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Vinni

http://www.virustotal.com/analisis/6...7210e515e0a04b
Зловред в NTFS-потоке (stream) svchost.exe:ext.exe

File d.exe received on 01.24.2008 20:52:44 (CET)
*Result: 8/31* (25.81%)


```
Antivirus 	Version 	Last Update 	Result
AhnLab-V3 	2008.1.25.10 	2008.01.24 	-
AntiVir 	7.6.0.48 	2008.01.24 	TR/Crypt.XPACK.Gen
Authentium 	4.93.8 	2008.01.24 	-
Avast 	4.7.1098.0 	2008.01.23 	-
AVG 	7.5.0.516 	2008.01.24 	-
BitDefender 	7.2 	2008.01.24 	BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 	9.00 	2008.01.24 	-
ClamAV 	0.91.2 	2008.01.24 	-
DrWeb 	4.44.0.09170 	2008.01.24 	-
eSafe 	7.0.15.0 	2008.01.16 	suspicious Trojan/Worm
eTrust-Vet 	31.3.5482 	2008.01.24 	-
Ewido 	4.0 	2008.01.24 	-
FileAdvisor 	1 	2008.01.24 	-
Fortinet 	3.14.0.0 	2008.01.24 	-
F-Prot 	4.4.2.54 	2008.01.24 	-
F-Secure 	6.70.13260.0 	2008.01.24 	-
Ikarus 	T3.1.1.20 	2008.01.24 	Virus.Win32.Obfuscated.BTM
Kaspersky 	7.0.0.125 	2008.01.24 	Heur.Trojan.Generic
McAfee 	5214 	2008.01.23 	-
Microsoft 	1.3109 	2008.01.24 	Trojan:Win32/Pugeju.A
NOD32v2 	2820 	2008.01.24 	-
Norman 	5.80.02 	2008.01.24 	-
Panda 	9.0.0.4 	2008.01.24 	-
Prevx1 	V2 	2008.01.24 	Covert.Code
Rising 	20.28.31.00 	2008.01.24 	-
Sophos 	4.24.0 	2008.01.24 	Mal/Behav-150
Sunbelt 	2.2.907.0 	2008.01.23 	-
Symantec 	10 	2008.01.24 	-
TheHacker 	6.2.9.196 	2008.01.23 	-
VBA32 	3.12.2.5 	2008.01.21 	-
VirusBuster 	4.3.26:9 	2008.01.24 	-
```

Additional information
File size: 51200 bytes
MD5: 71d7d37bcc9554229ef53624b1aa687e
SHA1: 7f49cf680a1b5375e104fe6a5b85cbb5f812f627
PEiD: -
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramte...20D200A1579A40

----------


## Shu_b

Январь

----------


## Синауридзе Александр

Файл menu.dll получен 2008.02.02 05:12:53 (CET)

AhnLab-V3 2008.2.2.10 2008.02.01 - 
AntiVir 7.6.0.61 2008.02.01 - 
*Authentium 4.93.8 2008.02.01 W32/Trojan.BPOL* 
*Avast 4.7.1098.0 2008.02.01 Win32:Horse-AA* 
AVG 7.5.0.516 2008.02.01 - 
*BitDefender 7.2 2008.02.02 Trojan.Horse.Pws.Ldpinch.DQY* 
CAT-QuickHeal 9.00 2008.02.01 - 
ClamAV 0.92 2008.02.02 - 
DrWeb 4.44.0.09170 2008.02.01 - 
eSafe 7.0.15.0 2008.01.28 - 
*eTrust-Vet 31.3.5504 2008.02.01 Win32/VMalum.ABBN* 
Ewido 4.0 2008.02.01 - 
*FileAdvisor 1 2008.02.02 High threat detected* 
Fortinet 3.14.0.0 2008.02.02 - 
*F-Prot 4.4.2.54 2008.02.01 W32/Trojan.BPOL* 
*F-Secure 6.70.13260.0 2008.02.01 W32/LdPinch.IYH* 
*Ikarus T3.1.1.20 2008.02.02 Trojan.Horse.Pws.Ldpinch.DQY* 
Kaspersky 7.0.0.125 2008.02.02 - 
McAfee 5221 2008.02.01 - 
Microsoft 1.3204 2008.02.02 - 
NOD32v2 2845 2008.02.02 - 
*Norman 5.80.02 2008.02.01 W32/LdPinch.IYH* 
*Panda 9.0.0.4 2008.02.01 Suspicious file* 
*Prevx1 V2 2008.02.02 Infostealer* 
*Rising 20.29.22.00 2008.01.30 Trojan.PSW.Win32.LdPinch.rat* 
Sophos 4.26.0 2008.02.02 - 
*Sunbelt 2.2.907.0 2008.02.02 Trojan.Horse.Pws.Ldpinch.DQY* 
*Symantec 10 2008.02.02 Infostealer* 
TheHacker 6.2.9.205 2008.02.01 - 
VBA32 3.12.6.0 2008.02.02 - 
VirusBuster 4.3.26:9 2008.02.01 - 
Webwasher-Gateway 6.6.2 2008.02.01 - 

Дополнительная информация 
File size: 26112 bytes 
MD5: 32f93c22f79f6658721e82e55f31006a 
SHA1: bbcd66ac2e2298f06d245c0c6ba6fa5ac7cb0857 
PEiD: - 
Bit9 info: http://fileadvisor.bit9.com/services...1e82e55f31006a 
packers: UPX 
Prevx info: http://info.prevx.com/aboutprogramte...A7FE0035C7E59B

----------


## Groft

Файл IPRTbox.exe получен 2008.02.05 00:04:37 (CET)
Текущий статус:    закончено 
Результат: 7/32 (21.88%) 
 Форматированные 
Печать результатов  Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.2.5.10	2008.02.04	-
AntiVir	7.6.0.62	2008.02.04	-
Authentium	4.93.8	2008.02.04	-
Avast	4.7.1098.0	2008.02.04	-
AVG	7.5.0.516	2008.02.04	-
BitDefender	7.2	2008.02.04	-
CAT-QuickHeal	9.00	2008.02.04	-
ClamAV	0.92	2008.02.04	-
DrWeb	4.44.0.09170	2008.02.04	-
eSafe	7.0.15.0	2008.01.28	-
eTrust-Vet	31.3.5511	2008.02.04	-
Ewido	4.0	2008.02.04	-
FileAdvisor	1	2008.02.05	-
Fortinet	3.14.0.0	2008.02.04	-
*F-Prot	4.4.2.54	2008.02.04	W32/Heuristic-162!Eldorado*
F-Secure	6.70.13260.0	2008.02.04	-
*Ikarus	T3.1.1.20	2008.02.04	Trojan-Downloader.Win32.Banload.kl*
Kaspersky	7.0.0.125	2008.02.04	-
McAfee	5222	2008.02.04	-
Microsoft	1.3204	2008.02.04	-
NOD32v2	2848	2008.02.04	-
Norman	5.80.02	2008.02.04	-
*Panda	9.0.0.4	2008.02.04	Suspicious file*
Prevx1	V2	2008.02.05	-
Rising	20.29.22.00	2008.01.30	-
*Sophos	4.26.0	2008.02.04	Sus/ComPack-C
Sunbelt	2.2.907.0	2008.02.02	VIPRE.Suspicious*
Symantec	10	2008.02.04	-
TheHacker	6.2.9.208	2008.02.04	-
*VBA32	3.12.6.0	2008.02.03	Trojan-PSW.Win32.LdPinch.bsj*
VirusBuster	4.3.26:9	2008.02.04	-
*Webwasher-Gateway	6.6.2	2008.02.04	Win32.Malware.gen* 

Файл ______________________________.ra получен 2008.02.05 00:08:14 (CET)
Текущий статус:    закончено 
Результат: 2/32 (6.25%) 
 Форматированные 
Печать результатов  Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.2.5.10	2008.02.04	-
AntiVir	7.6.0.62	2008.02.04	-
Authentium	4.93.8	2008.02.04	-
Avast	4.7.1098.0	2008.02.04	-
AVG	7.5.0.516	2008.02.04	-
BitDefender	7.2	2008.02.04	-
CAT-QuickHeal	9.00	2008.02.04	-
ClamAV	0.92	2008.02.04	-
DrWeb	4.44.0.09170	2008.02.04	-
eSafe	7.0.15.0	2008.01.28	-
eTrust-Vet	31.3.5511	2008.02.04	-
Ewido	4.0	2008.02.04	-
FileAdvisor	1	2008.02.05	-
Fortinet	3.14.0.0	2008.02.04	-
F-Prot	4.4.2.54	2008.02.04	-
F-Secure	6.70.13260.0	2008.02.04	-
Ikarus	T3.1.1.20	2008.02.04	-
Kaspersky	7.0.0.125	2008.02.04	-
McAfee	5222	2008.02.04	-
Microsoft	1.3204	2008.02.04	-
NOD32v2	2848	2008.02.04	-
Norman	5.80.02	2008.02.04	-
Panda	9.0.0.4	2008.02.04	-
Prevx1	V2	2008.02.05	-
Rising	20.29.22.00	2008.01.30	-
Sophos	4.26.0	2008.02.04	-
Sunbelt	2.2.907.0	2008.02.02	-
Symantec	10	2008.02.04	-
*TheHacker	6.2.9.208	2008.02.04	Trojan/Small.e
VBA32	3.12.6.0	2008.02.03	Trojan-Clicker.SWF.Small.e*
VirusBuster	4.3.26:9	2008.02.04	-
Webwasher-Gateway	6.6.2	2008.02.04	-

----------


## Макcим

Тема http://virusinfo.info/showthread.php?t=17687


```
Файл mssrv32.exe получен 2008.02.07 11:48:31 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.2.6.10	2008.02.05	-
AntiVir	7.6.0.62	2008.02.07	HEUR/Crypted
Authentium	4.93.8	2008.02.06	-
Avast	4.7.1098.0	2008.02.06	-
AVG	7.5.0.516	2008.02.06	Crypt.H
BitDefender	7.2	2008.02.07	-
CAT-QuickHeal	9.00	2008.02.04	-
ClamAV	0.92	2008.02.07	-
DrWeb	4.44.0.09170	2008.02.07	-
eSafe	7.0.15.0	2008.01.28	Suspicious File
eTrust-Vet	31.3.5518	2008.02.07	-
Ewido	4.0	2008.02.06	-
FileAdvisor	1	2008.02.07	-
Fortinet	3.14.0.0	2008.02.06	-
F-Prot	4.4.2.54	2008.02.06	-
F-Secure	6.70.13260.0	2008.02.07	-
Ikarus	T3.1.1.20	2008.02.07	-
Kaspersky	7.0.0.125	2008.02.07	-
McAfee	5224	2008.02.06	-
Microsoft	1.3204	2008.02.07	-
NOD32v2	2855	2008.02.07	-
Norman	5.80.02	2008.02.06	-
Panda	9.0.0.4	2008.02.07	-
Rising	20.29.22.00	2008.01.30	-
Sophos	4.26.0	2008.02.07	-
Sunbelt	2.2.907.0	2008.02.07	-
Symantec	10	2008.02.07	-
TheHacker	6.2.9.211	2008.02.06	-
VBA32	3.12.6.0	2008.02.07	-
VirusBuster	4.3.26:9	2008.02.06	-
Webwasher-Gateway	6.6.2	2008.02.07	Heuristic.Crypted
Дополнительная информация
File size: 16384 bytes
MD5: c5cfaaf9390bd8f7afdcfeff829ed7e5
SHA1: 013c2f14176db49505e93a84243027bfa597fd70
PEiD: -
```

----------


## rubin

Склеен к игрушке троянчик
Файл IQ-Test.exe получен 2008.02.07 14:54:57 (CET)



```
AhnLab-V3	2008.2.6.10	2008.02.05	-
AntiVir	7.6.0.62	2008.02.07	TR/Crypt.XDR.Gen
Authentium	4.93.8	2008.02.06	-
Avast	4.7.1098.0	2008.02.06	Win32:IRCBot-CNV
AVG	7.5.0.516	2008.02.06	Dropper.FreeJoiner.D
BitDefender	7.2	2008.02.07	DeepScan:Generic.Malware.Fdld!!.C033CF9B
CAT-QuickHeal	9.00	2008.02.04	-
ClamAV	0.92	2008.02.07	-
DrWeb	4.44.0.09170	2008.02.07	-
eSafe	7.0.15.0	2008.01.28	-
eTrust-Vet	31.3.5518	2008.02.07	-
Ewido	4.0	2008.02.07	-
FileAdvisor	1	2008.02.07	-
Fortinet	3.14.0.0	2008.02.07	-
F-Prot	4.4.2.54	2008.02.06	-
F-Secure	6.70.13260.0	2008.02.07	W32/Smalltroj.CQSR
Ikarus	T3.1.1.20	2008.02.07	-
Kaspersky	7.0.0.125	2008.02.07	Heur.Trojan.Generic
McAfee	5224	2008.02.06	-
Microsoft	1.3204	2008.02.07	-
NOD32v2	2855	2008.02.07	-
Norman	5.80.02	2008.02.06	W32/Smalltroj.CQSR
Panda	9.0.0.4	2008.02.07	Suspicious file
Prevx1	V2	2008.02.07	-
Rising	20.29.22.00	2008.01.30	-
Sophos	4.26.0	2008.02.07	Sus/Behav-1018
Sunbelt	2.2.907.0	2008.02.07	-
Symantec	10	2008.02.07	-
TheHacker	6.2.9.211	2008.02.06	-
VBA32	3.12.6.0	2008.02.07	-
VirusBuster	4.3.26:9	2008.02.07	-
Webwasher-Gateway	6.6.2	2008.02.07	Trojan.Crypt.XDR.Gen
```

File size: 1883754 bytes
MD5: f19c795419075e9a6f2100d795db5af2
SHA1: ea37994d7a08ea4b6b7362f7acff0e17ed660ce4
PEiD: -
packers: embedded

----------


## ZhIV

Файл exp_1_.htm получен 2008.02.08 04:09:24 (CET)Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.2.6.10	2008.02.05	-
AntiVir	7.6.0.62	2008.02.07	-
Authentium	4.93.8	2008.02.08	-
Avast	4.7.1098.0	2008.02.07	-
*AVG	7.5.0.516	2008.02.07	JS/Downloader.Agent
BitDefender	7.2	2008.02.08	Exploit.AdodbStream.J
*CAT-QuickHeal	9.00	2008.02.04	-
ClamAV	0.92	2008.02.08	-
*DrWeb	4.44.0.09170	2008.02.07	VBS.PackFor*
eSafe	7.0.15.0	2008.01.28	-
eTrust-Vet	31.3.5520	2008.02.07	-
Ewido	4.0	2008.02.07	-
FileAdvisor	1	2008.02.08	-
*Fortinet	3.14.0.0	2008.02.07	JS/WebAttacker!exploit*
F-Prot	4.4.2.54	2008.02.07	-
*F-Secure	6.70.13260.0	2008.02.08	JS/Laume.gen2
Ikarus	T3.1.1.20	2008.02.08	Trojan-Downloader.JS.Psyme.hu
Kaspersky	7.0.0.125	2008.02.08	Trojan-Downloader.JS.Iframe.as
McAfee	5225	2008.02.07	JS/Downloader-AUD
Microsoft	1.3204	2008.02.07	TrojanDownloader:JS/Psyme.gen
*NOD32v2	2857	2008.02.07	-
*Norman	5.80.02	2008.02.07	JS/Laume.gen2*
Panda	9.0.0.4	2008.02.07	-
Prevx1	V2	2008.02.08	-
Rising	20.29.22.00	2008.01.30	-
*Sophos	4.26.0	2008.02.07	Mal/ObfJS-A*
Sunbelt	2.2.907.0	2008.02.08	-
*Symantec	10	2008.02.08	Downloader
TheHacker	6.2.9.212	2008.02.07	Trojan/Downloader.vbs
*VBA32	3.12.6.0	2008.02.07	-
*VirusBuster	4.3.26:9	2008.02.07	JS.Agent.B
Webwasher-Gateway	6.6.2	2008.02.07	JS.WebAttacker.gen (suspicious)
*
Дополнительная информация
File size: 20097 bytes
MD5: 83bae86b7cae28d9f7b5c7be4817540d
SHA1: 99cb925ec8a31de1f95ed7128a57fe0e162e54d0
PEiD: -
packers: Crypt.DCScript

*Добавлено через 19 минут*

Файл index_25_.htm получен 2008.02.08 04:28:36 (CET)Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.2.6.10	2008.02.05	-
AntiVir	7.6.0.62	2008.02.07	-
*Authentium	4.93.8	2008.02.08	IRC/IESlice.B*
Avast	4.7.1098.0	2008.02.07	-
*AVG	7.5.0.516	2008.02.07	JS/Psyme
BitDefender	7.2	2008.02.08	Trojan.Js.Downloader.BDS
*CAT-QuickHeal	9.00	2008.02.04	-
*ClamAV	0.92	2008.02.08	JS.XorCrypt
DrWeb	4.44.0.09170	2008.02.07	VBS.Psyme.434
eSafe	7.0.15.0	2008.01.28	JS.MS06-006*
eTrust-Vet	31.3.5520	2008.02.07	-
Ewido	4.0	2008.02.07	-
FileAdvisor	1	2008.02.08	-
Fortinet	3.14.0.0	2008.02.07	-
F-Prot	4.4.2.54	2008.02.07	-
*F-Secure	6.70.13260.0	2008.02.08	Trojan-Downloader.JS.Agent.xp
Ikarus	T3.1.1.20	2008.02.08	Trojan-Downloader.JS.Agent.kd
Kaspersky	7.0.0.125	2008.02.08	Trojan-Downloader.JS.Agent.xp
McAfee	5225	2008.02.07	JS/Downloader-BCZ
*Microsoft	1.3204	2008.02.07	-
NOD32v2	2857	2008.02.07	-
Norman	5.80.02	2008.02.07	-
Panda	9.0.0.4	2008.02.07	-
Prevx1	V2	2008.02.08	-
Rising	20.29.22.00	2008.01.30	-
*Sophos	4.26.0	2008.02.07	Troj/JSXor-Gen*
Sunbelt	2.2.907.0	2008.02.08	-
*Symantec	10	2008.02.08	Downloader*
TheHacker	6.2.9.212	2008.02.07	-
VBA32	3.12.6.0	2008.02.07	-
VirusBuster	4.3.26:9	2008.02.07	-
*Webwasher-Gateway	6.6.2	2008.02.07	JavaScript.CodeUnfolding.gen!High (suspicious)
*
Дополнительная информация
File size: 28724 bytes
MD5: 34c529faa4b4d134712ccb5275678287
SHA1: fbb8ddad32173ced31c7aad4f2f3f81cbf90acb5
PEiD: -

Файл index_12_.htm получен 2008.02.08 04:28:12 (CET)Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.2.6.10	2008.02.05	-
*AntiVir	7.6.0.62	2008.02.07	HEUR/Exploit.HTML*
Authentium	4.93.8	2008.02.08	-
Avast	4.7.1098.0	2008.02.07	-
*AVG	7.5.0.516	2008.02.07	JS/Downloader.Agent
BitDefender	7.2	2008.02.08	Exploit.AdodbStream.J
*CAT-QuickHeal	9.00	2008.02.04	-
ClamAV	0.92	2008.02.08	-
*DrWeb	4.44.0.09170	2008.02.07	VBS.PackFor*
eSafe	7.0.15.0	2008.01.28	-
eTrust-Vet	31.3.5520	2008.02.07	-
Ewido	4.0	2008.02.07	-
FileAdvisor	1	2008.02.08	-
*Fortinet	3.14.0.0	2008.02.07	JS/WebAttacker!exploit*
F-Prot	4.4.2.54	2008.02.07	-
*F-Secure	6.70.13260.0	2008.02.08	JS/Laume.gen2
Ikarus	T3.1.1.20	2008.02.08	Trojan-Downloader.JS.Psyme.hu
Kaspersky	7.0.0.125	2008.02.08	Trojan-Downloader.JS.Psyme.wm
McAfee	5225	2008.02.07	JS/Downloader-AUD
Microsoft	1.3204	2008.02.07	TrojanDownloader:JS/Psyme.gen
*NOD32v2	2857	2008.02.07	-
*Norman	5.80.02	2008.02.07	JS/Laume.gen2*
Panda	9.0.0.4	2008.02.07	-
Prevx1	V2	2008.02.08	-
Rising	20.29.22.00	2008.01.30	-
*Sophos	4.26.0	2008.02.07	Mal/ObfJS-A*
Sunbelt	2.2.907.0	2008.02.08	-
*Symantec	10	2008.02.08	Downloader
TheHacker	6.2.9.212	2008.02.07	Trojan/Downloader.vbs
*VBA32	3.12.6.0	2008.02.07	-
*VirusBuster	4.3.26:9	2008.02.07	JS.Agent.B
Webwasher-Gateway	6.6.2	2008.02.07	Heuristic.Exploit.HTML
*
Дополнительная информация
File size: 3203 bytes
MD5: f97aff745b816bcf995b274ee55bc94c
SHA1: 42460eeb33e41c47ad0df4280bd369640009cee8
PEiD: -
packers: Crypt.DCScript

Файл stroimdom_1_.htm получен 2008.02.08 04:28:48 (CET)Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.2.6.10	2008.02.05	-
AntiVir	7.6.0.62	2008.02.07	-
Authentium	4.93.8	2008.02.08	-
Avast	4.7.1098.0	2008.02.07	-
*AVG	7.5.0.516	2008.02.07	Downloader.Agent*
BitDefender	7.2	2008.02.08	-
CAT-QuickHeal	9.00	2008.02.04	-
ClamAV	0.92	2008.02.08	-
*DrWeb	4.44.0.09170	2008.02.07	Worm.Sifiliz*
eSafe	7.0.15.0	2008.01.28	-
eTrust-Vet	31.3.5520	2008.02.07	-
Ewido	4.0	2008.02.07	-
FileAdvisor	1	2008.02.08	-
Fortinet	3.14.0.0	2008.02.07	-
F-Prot	4.4.2.54	2008.02.07	-
*F-Secure	6.70.13260.0	2008.02.08	Trojan-Downloader.JS.Remora.w
*Ikarus	T3.1.1.20	2008.02.08	-
*Kaspersky	7.0.0.125	2008.02.08	Trojan-Downloader.JS.Remora.w*
McAfee	5225	2008.02.07	-
Microsoft	1.3204	2008.02.07	-
NOD32v2	2857	2008.02.07	-
Norman	5.80.02	2008.02.07	-
Panda	9.0.0.4	2008.02.07	-
Prevx1	V2	2008.02.08	-
Rising	20.29.22.00	2008.01.30	-
*Sophos	4.26.0	2008.02.07	Mal/ObfJS-R*
Sunbelt	2.2.907.0	2008.02.08	-
TheHacker	6.2.9.212	2008.02.07	-
VBA32	3.12.6.0	2008.02.07	-
VirusBuster	4.3.26:9	2008.02.07	-
Webwasher-Gateway	6.6.2	2008.02.07	-

Дополнительная информация
File size: 18746 bytes
MD5: 460a06f4ebe4145585139e9feadf64db
SHA1: 3d5e6b32fa1cc343ea0e554222821e15dbff844c
PEiD: -
Скидывал похожий http://virusinfo.info/showpost.php?p...&postcount=181 но изменился у Каспера?  :Shocked:

----------


## strawser

File NOD32.patch.rar received on 02.08.2008 09:44:37 (CET)
AhnLab-V3	2008.2.6.10	2008.02.05	-
AntiVir	7.6.0.62	2008.02.08	-
Authentium	4.93.8	2008.02.08	-
Avast	4.7.1098.0	2008.02.07	-
AVG	7.5.0.516	2008.02.07	-
BitDefender	7.2	2008.02.08	-
CAT-QuickHeal	9.00	2008.02.04	-
ClamAV	0.92	2008.02.08	-
DrWeb	4.44.0.09170	2008.02.08	-
eSafe	7.0.15.0	2008.01.28	-
eTrust-Vet	31.3.5521	2008.02.08	-
Ewido	4.0	2008.02.07	-
FileAdvisor	1	2008.02.08	-
Fortinet	3.14.0.0	2008.02.08	-
F-Prot	4.4.2.54	2008.02.07	-
*F-Secure	6.70.13260.0	2008.02.08	Trojan.Win32.Delf.aym*
Ikarus	T3.1.1.20	2008.02.08	-
*Kaspersky	7.0.0.125	2008.02.08	Trojan.Win32.Delf.aym*
McAfee	5225	2008.02.07	-
Microsoft	1.3204	2008.02.07	-
NOD32v2	2857	2008.02.07	-
Norman	5.80.02	2008.02.07	-
*Panda	9.0.0.4	2008.02.07	Suspicious file
Prevx1	V2	2008.02.08	Heuristic: Suspicious File With Mass Email Capabilities*
Rising	20.29.22.00	2008.01.30	-
Sophos	4.26.0	2008.02.08	-
Sunbelt	2.2.907.0	2008.02.08	-
Symantec	10	2008.02.08	-
TheHacker	6.2.9.212	2008.02.07	-
VBA32	3.12.6.0	2008.02.07	-
VirusBuster	4.3.26:9	2008.02.07	-
Webwasher-Gateway	6.6.2	2008.02.08	-
Additional information
File size: 275308 bytes
MD5: 4d50ed5c1d0d9dd684e53d07e8e37f93
SHA1: e4ece7e90cb5b0eb472ad4dcc5809e290bde05ef
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...CC3B0006AAD80D

----------


## ALEX(XX)

File keygen.exe received on 02.08.2008 20:05:21 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.2.6.10 2008.02.05 -
*AntiVir 7.6.0.62 2008.02.08 HEUR/Crypted*
Authentium 4.93.8 2008.02.08 -
Avast 4.7.1098.0 2008.02.07 -
AVG 7.5.0.516 2008.02.08 -
*BitDefender 7.2 2008.02.08 DeepScan:Generic.PWStealer.A6978279*
*CAT-QuickHeal None 2008.02.08 (Suspicious) - DNAScan*
ClamAV 0.92 2008.02.08 -
DrWeb 4.44.0.09170 2008.02.08 -
*eSafe 7.0.15.0 2008.01.28 suspicious Trojan/Worm*
eTrust-Vet 31.3.5521 2008.02.08 -
Ewido 4.0 2008.02.08 -
FileAdvisor 1 2008.02.08 -
Fortinet 3.14.0.0 2008.02.08 -
*F-Prot 4.4.2.54 2008.02.08 W32/Heuristic-259!Eldorado*
*F-Secure 6.70.13260.0 2008.02.08 Suspicious:W32/Malware!Gemini*
*Ikarus T3.1.1.20 2008.02.08 Trojan-PWS.Win32.LdPinch.bna*
Kaspersky 7.0.0.125 2008.02.08 -
McAfee 5226 2008.02.08 -
Microsoft 1.3204 2008.02.08 -
*NOD32v2 2860 2008.02.08 Win32/PSW.LdPinch.BFP*
Norman 5.80.02 2008.02.08 -
*Panda 9.0.0.4 2008.02.08 Suspicious file*
Prevx1 V2 2008.02.08 -
Rising 20.29.22.00 2008.01.30 -
*Sophos 4.26.0 2008.02.08 Mal/Basine-C*
*Sunbelt 2.2.907.0 2008.02.08 Trojan-PWS.Pinch.gen (v)*
*Symantec 10 2008.02.08 Bloodhound.W32.EP*
TheHacker 6.2.9.212 2008.02.07 -
*VBA32 3.12.6.0 2008.02.07 MalwareScope.Trojan-PSW.Pinch.1*
VirusBuster 4.3.26:9 2008.02.08 -
*Webwasher-Gateway 6.6.2 2008.02.08 Heuristic.Crypted*

Additional information
File size: 39412 bytes
MD5: 7c4e30ad66723bdd1a4668e6e456d6c0
SHA1: bfc60d80dd6667110124833660fe3ffb6b5b7fd6
PEiD: UnoPiX 1.03-1.10 -&gt; BaGiE
packers: PE-Crypt.Unopix
packers: PE-Crypt.Unopix

----------


## ZhIV

Файл about.htm получен 2008.02.12 02:22:44 (CET)Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.2.12.10	2008.02.11	-
AntiVir	7.6.0.62	2008.02.11	-
Authentium	4.93.8	2008.02.11	-
Avast	4.7.1098.0	2008.02.11	-
AVG	7.5.0.516	2008.02.11	-
BitDefender	7.2	2008.02.12	-
CAT-QuickHeal	None	2008.02.11	-
ClamAV	0.92	2008.02.11	-
*DrWeb	4.44.0.09170	2008.02.11	VBS.PackFor*
eSafe	7.0.15.0	2008.02.11	-
eTrust-Vet	31.3.5529	2008.02.11	-
Ewido	4.0	2008.02.11	-
FileAdvisor	1	2008.02.12	-
Fortinet	3.14.0.0	2008.02.11	-
F-Prot	4.4.2.54	2008.02.11	-
*F-Secure	6.70.13260.0	2008.02.11	DoS.JS.Dframe.n*
Ikarus	T3.1.1.20	2008.02.12	-
*Kaspersky	7.0.0.125	2008.02.12	DoS.JS.Dframe.n
McAfee	5227	2008.02.11	Exploit-IFrame*
Microsoft	1.3204	2008.02.11	-
NOD32v2	2866	2008.02.11	-
Norman	5.80.02	2008.02.11	-
*Panda	9.0.0.4	2008.02.11	W32/Dowlod.A*
Prevx1	V2	2008.02.12	-
Rising	20.29.22.00	2008.01.30	-
*Sophos	4.26.0	2008.02.12	Troj/Pintadd-A*
Sunbelt	2.2.907.0	2008.02.09	-
Symantec	10	2008.02.12	-
TheHacker	6.2.9.217	2008.02.11	-
VBA32	3.12.6.0	2008.02.11	-
VirusBuster	4.3.26:9	2008.02.11	-
Webwasher-Gateway	6.6.2	2008.02.11	-

Дополнительная информация
File size: 27253 bytes
MD5: 1ebf12da5d67600b2dc441e8d9e96957
SHA1: da3092880c2752112399a5c5d0adbed9ac3f3793
PEiD: -

*Добавлено через 23 минуты*

Файл svc32_2.exe получен 2008.02.12 02:54:49 (CET)Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.2.12.10	2008.02.11	-
*AntiVir	7.6.0.62	2008.02.11	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2008.02.11	-
Avast	4.7.1098.0	2008.02.11	-
*AVG	7.5.0.516	2008.02.11	Generic9.ATZP*
BitDefender	7.2	2008.02.12	-
*CAT-QuickHeal	None	2008.02.11	TrojanDownloader.Agent.hvo
ClamAV	0.92	2008.02.11	Trojan.Downloader-21900
DrWeb	4.44.0.09170	2008.02.11	Trojan.Packed.147
*eSafe	7.0.15.0	2008.02.11	-
eTrust-Vet	31.3.5529	2008.02.11	-
*Ewido	4.0	2008.02.11	Downloader.Agent.hvo*
FileAdvisor	1	2008.02.12	-
Fortinet	3.14.0.0	2008.02.11	-
F-Prot	4.4.2.54	2008.02.11	-
*F-Secure	6.70.13260.0	2008.02.11	W32/Agent.EBCK*
Ikarus	T3.1.1.20	2008.02.12	-
*Kaspersky	7.0.0.125	2008.02.12	Trojan-Downloader.Win32.Agent.ivn
*McAfee	5227	2008.02.11	-
*Microsoft	1.3204	2008.02.11	TrojanDownloader:Win32/Chepvil.C
NOD32v2	2866	2008.02.11	Win32/TrojanDownloader.Tiny.NDC
Norman	5.80.02	2008.02.11	W32/Agent.EBCK
*Panda	9.0.0.4	2008.02.11	-
Prevx1	V2	2008.02.12	-
Rising	20.29.22.00	2008.01.30	-
Sophos	4.26.0	2008.02.12	-
Sunbelt	2.2.907.0	2008.02.12	-
Symantec	10	2008.02.12	-
TheHacker	6.2.9.217	2008.02.11	-
*VBA32	3.12.6.0	2008.02.11	Trojan-Downloader.Win32.Agent.hvo
VirusBuster	4.3.26:9	2008.02.11	Trojan.DL.Agent.CWOL
Webwasher-Gateway	6.6.2	2008.02.11	Trojan.Crypt.XPACK.Gen
*
Дополнительная информация
File size: 14297 bytes
MD5: 6711f411acb9a3e510a250295bc21a4e
SHA1: 77fae6ffc6448626d729f28ba7f0fb70fa53d354
PEiD: -

*Добавлено через 13 минут*

Файл x86emul.sys получен 2008.02.12 02:48:36 (CET)Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.2.12.10	2008.02.11	-
*AntiVir	7.6.0.62	2008.02.11	TR/Rootkit.Gen
Authentium	4.93.8	2008.02.11	W32/Goldun.gen3
Avast	4.7.1098.0	2008.02.11	Win32:Agent-RUC
AVG	7.5.0.516	2008.02.11	PSW.Generic5.AIAX*
BitDefender	7.2	2008.02.12	-
*CAT-QuickHeal	None	2008.02.11	Rootkit.Agent.xq*
ClamAV	0.92	2008.02.11	-
*DrWeb	4.44.0.09170	2008.02.11	Trojan.NtRootKit.765*
eSafe	7.0.15.0	2008.02.11	-
*eTrust-Vet	31.3.5529	2008.02.11	Win32/ProcHide!generic*
Ewido	4.0	2008.02.11	-
FileAdvisor	1	2008.02.12	-
*Fortinet	3.14.0.0	2008.02.11	W32/Haxdor.XQ!tr.rkit
F-Prot	4.4.2.54	2008.02.11	W32/Goldun.gen3
F-Secure	6.70.13260.0	2008.02.11	W32/Rootkit.CYJ
Ikarus	T3.1.1.20	2008.02.12	Rootkit.Win32.Agent.xq
Kaspersky	7.0.0.125	2008.02.12	Rootkit.Win32.Agent.xq
McAfee	5227	2008.02.11	Generic.dx
Microsoft	1.3204	2008.02.11	VirTool:WinNT/HideDrv.gen!A
NOD32v2	2866	2008.02.11	Win32/Spy.Goldun.NCL
Norman	5.80.02	2008.02.11	W32/Rootkit.CYJ
Panda	9.0.0.4	2008.02.11	Rootkit/Goldun.RP*
Prevx1	V2	2008.02.12	-
Rising	20.29.22.00	2008.01.30	-
*Sophos	4.26.0	2008.02.12	Troj/Haxdor-Gen*
Sunbelt	2.2.907.0	2008.02.12	-
Symantec	10	2008.02.12	-
TheHacker	6.2.9.217	2008.02.11	-
*VBA32	3.12.6.0	2008.02.11	Trojan.NtRootKit.765*
VirusBuster	4.3.26:9	2008.02.11	-
*Webwasher-Gateway	6.6.2	2008.02.11	Trojan.Rootkit.Gen*

Дополнительная информация
File size: 8512 bytes
MD5: 796ee2b24ea2621e25a61d4be3f20de7
SHA1: a68f203ada4b8e8ceabad88bb372aedf51983d79
PEiD: -

Файл admin.exe получен 2008.02.12 03:05:10 (CET)Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.2.12.10	2008.02.11	-
*AntiVir	7.6.0.62	2008.02.11	TR/Dldr.Tiny.ZZ*
Authentium	4.93.8	2008.02.11	-
Avast	4.7.1098.0	2008.02.11	-
*AVG	7.5.0.516	2008.02.11	Downloader.Small.BPL*
BitDefender	7.2	2008.02.12	-
*CAT-QuickHeal	None	2008.02.11	TrojanDownloader.Tiny.agv*
ClamAV	0.92	2008.02.11	-
*DrWeb	4.44.0.09170	2008.02.11	Trojan.DownLoader.46195*
eSafe	7.0.15.0	2008.02.11	-
eTrust-Vet	31.3.5529	2008.02.11	-
*Ewido	4.0	2008.02.11	Downloader.Tiny.agv*
FileAdvisor	1	2008.02.12	-
Fortinet	3.14.0.0	2008.02.11	-
F-Prot	4.4.2.54	2008.02.11	-
*F-Secure	6.70.13260.0	2008.02.11	W32/Tiny.COK
Ikarus	T3.1.1.20	2008.02.12	Trojan-Spy.Win32.Zbot.aft
Kaspersky	7.0.0.125	2008.02.12	Trojan-Downloader.Win32.Tiny.agv
*McAfee	5227	2008.02.11	-
Microsoft	1.3204	2008.02.11	-
*NOD32v2	2866	2008.02.11	Win32/TrojanDownloader.Tiny.NDD
Norman	5.80.02	2008.02.11	W32/Tiny.COK
Panda	9.0.0.4	2008.02.11	Trj/Downloader.SHV
Prevx1	V2	2008.02.12	Heuristic: Suspicious File With Bad Child Associations
*Rising	20.29.22.00	2008.01.30	-
*Sophos	4.26.0	2008.02.12	Mal/Generic-A
Sunbelt	2.2.907.0	2008.02.12	Trojan-Downloader.Tiny.ZZ
Symantec	10	2008.02.12	Downloader
*TheHacker	6.2.9.217	2008.02.11	-
*VBA32	3.12.6.0	2008.02.11	Trojan-Downloader.Win32.Tiny.agv
VirusBuster	4.3.26:9	2008.02.11	Trojan.DL.Tiny.UB
Webwasher-Gateway	6.6.2	2008.02.11	Trojan.Dldr.Tiny.ZZ
*
Дополнительная информация
File size: 6656 bytes
MD5: 3d44f3381da2e000ae7caa2a2ada4d07
SHA1: 8db54305d2f30bcda07e4f49f010b76e906b36f0
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...04AE002109C37D

----------


## NickGolovko

Файл avz00002.dta получен 2008.02.13 05:18:19 (CET)
Антивирус Версия Обновление Результат 
AhnLab-V3 2008.2.13.11 2008.02.13 - 
*AntiVir 7.6.0.65 2008.02.12 TR/Crypt.NSPM.Gen*
Authentium 4.93.8 2008.02.13 - 
Avast 4.7.1098.0 2008.02.12 - 
AVG 7.5.0.516 2008.02.12 - 
*BitDefender 7.2 2008.02.13 Packer.Malware.NSAnti.K* 
CAT-QuickHeal None 2008.02.12 - 
ClamAV 0.92 2008.02.12 - 
*DrWeb 4.44.0.09170 2008.02.12 modification of Win32.Besso 
eSafe 7.0.15.0 2008.02.11 suspicious Trojan/Worm* 
eTrust-Vet 31.3.5532 2008.02.12 - 
Ewido 4.0 2008.02.12 - 
FileAdvisor 1 2008.02.13 - 
Fortinet 3.14.0.0 2008.02.13 - 
F-Prot 4.4.2.54 2008.02.12 - 
F-Secure 6.70.13260.0 2008.02.13 - 
*Ikarus T3.1.1.20 2008.02.13 Packer.Malware.NSAnti.K* 
Kaspersky 7.0.0.125 2008.02.13 - 
McAfee 5228 2008.02.12 - 
*Microsoft 1.3204 2008.02.12 VirTool:Win32/Obfuscator.T 
NOD32v2 2870 2008.02.12 Win32/Pacex.Gen 
Norman 5.80.02 2008.02.12 W32/NSAnti.GGV 
Panda 9.0.0.4 2008.02.13 Suspicious file 
Prevx1 V2 2008.02.13 Heuristic: Suspicious Self Modifying EXE* 
Rising 20.29.22.00 2008.01.30 - 
*Sophos 4.26.0 2008.02.13 Mal/EncPk-CE* 
Sunbelt 2.2.907.0 2008.02.13 - 
Symantec 10 2008.02.13 - 
TheHacker 6.2.9.218 2008.02.12 - 
VBA32 3.12.6.0 2008.02.11 - 
VirusBuster 4.3.26:9 2008.02.12 - 
*Webwasher-Gateway 6.6.2 2008.02.12 Trojan.Crypt.NSPM.Gen* 
Дополнительная информация 
File size: 40960 bytes 
MD5: 194d05919c679b92511c74ab20dfa491 
SHA1: e9db2cd817fdd98b68cc404ce2998a3e96df8118 
PEiD: - 
Prevx info: http://info.prevx.com/aboutprogramte...CAB0004AED2E0A

----------


## Shu_b

t-17985


```
File avz00001.dta received on 02.13.2008 15:22:24 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.2.13.11	2008.02.13	-
AntiVir	7.6.0.65	2008.02.13	TR/Vundo.gc
Authentium	4.93.8	2008.02.13	-
Avast	4.7.1098.0	2008.02.13	-
AVG	7.5.0.516	2008.02.13	Generic9.BAKO
BitDefender	7.2	2008.02.13	Trojan.Vundo.Gen.2
CAT-QuickHeal	None	2008.02.13	-
ClamAV	0.92	2008.02.13	-
DrWeb	4.44.0.09170	2008.02.13	-
eSafe	7.0.15.0	2008.02.11	-
eTrust-Vet	31.3.5533	2008.02.13	-
Ewido	4.0	2008.02.13	-
FileAdvisor	1	2008.02.13	-
Fortinet	3.14.0.0	2008.02.13	-
F-Prot	4.4.2.54	2008.02.12	W32/Virtumonde.G.gen!Eldorado
F-Secure	6.70.13260.0	2008.02.13	Vundo.gen55
Ikarus	T3.1.1.20	2008.02.13	Trojan.Vundo.Gen.2
Kaspersky	7.0.0.125	2008.02.13	-
McAfee	5228	2008.02.12	-
Microsoft	1.3204	2008.02.13	-
NOD32v2	2871	2008.02.13	-
Norman	5.80.02	2008.02.12	Vundo.gen55
Panda	9.0.0.4	2008.02.13	-
Prevx1	V2	2008.02.13	Trojan.Vundo
Rising	20.31.10.00	2008.02.13	-
Sophos	4.26.0	2008.02.13	Troj/Virtum-Gen
Sunbelt	2.2.907.0	2008.02.13	-
Symantec	10	2008.02.13	-
TheHacker	6.2.9.218	2008.02.12	-
VBA32	3.12.6.0	2008.02.11	-
VirusBuster	4.3.26:9	2008.02.12	-
Webwasher-Gateway	6.6.2	2008.02.13	Trojan.Vundo.gc
Additional information
File size: 334336 bytes
```

----------


## ZhIV

Файл winAIdtEM.exe получен 2008.02.14 08:44:43 (CET)Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.2.14.11	2008.02.14	-
AntiVir	7.6.0.65	2008.02.14	-
Authentium	4.93.8	2008.02.14	-
Avast	4.7.1098.0	2008.02.13	-
AVG	7.5.0.516	2008.02.13	-
BitDefender	7.2	2008.02.14	-
CAT-QuickHeal	None	2008.02.13	-
ClamAV	0.92	2008.02.14	-
DrWeb	4.44.0.09170	2008.02.13	-
eSafe	7.0.15.0	2008.02.13	-
eTrust-Vet	31.3.5536	2008.02.14	-
Ewido	4.0	2008.02.13	-
FileAdvisor	1	2008.02.14	-
Fortinet	3.14.0.0	2008.02.14	-
F-Prot	4.4.2.54	2008.02.13	-
*F-Secure	6.70.13260.0	2008.02.14	Suspicious:W32/Malware!Gemini
*Ikarus	T3.1.1.20	2008.02.14	-
Kaspersky	7.0.0.125	2008.02.14	-
McAfee	5229	2008.02.13	-
*Microsoft	1.3204	2008.02.14	Trojan:Win32/Chksyn.gen!A*
NOD32v2	2873	2008.02.13	-
Norman	5.80.02	2008.02.13	-
Panda	9.0.0.4	2008.02.14	-
Prevx1	V2	2008.02.14	-
Rising	20.31.10.00	2008.02.13	-
Sophos	4.26.0	2008.02.14	-
Sunbelt	2.2.907.0	2008.02.14	-
Symantec	10	2008.02.14	-
TheHacker	6.2.9.219	2008.02.13	-
VBA32	3.12.6.1	2008.02.14	-
VirusBuster	4.3.26:9	2008.02.13	-
*Webwasher-Gateway	6.6.2	2008.02.14	Win32.Malware.gen (suspicious)
*
Дополнительная информация
File size: 7661 bytes
MD5: ad7865025a2723267e197d1ca237828f
SHA1: 496ea693d32877f24205569119ad9aea1ae91d2f
PEiD: -
packers: PE_Patch

Файл svc32_3.exe получен 2008.02.14 08:39:51 (CET)Антивирус	Версия	Обновление	Результат
*AhnLab-V3	2008.2.14.11	2008.02.14	Win-Trojan/Agent.506952
AntiVir	7.6.0.65	2008.02.14	TR/Dldr.Logsnif.1
*Authentium	4.93.8	2008.02.14	-
*Avast	4.7.1098.0	2008.02.13	Win32:BZub-KY*
AVG	7.5.0.516	2008.02.13	-
BitDefender	7.2	2008.02.14	-
*CAT-QuickHeal	None	2008.02.13	TrojanProxy.Small.it
ClamAV	0.92	2008.02.14	PUA.Packed.UPack-2
*DrWeb	4.44.0.09170	2008.02.13	-
eSafe	7.0.15.0	2008.02.13	Suspicious File
eTrust-Vet	31.3.5536	2008.02.14	-
Ewido	4.0	2008.02.13	-
FileAdvisor	1	2008.02.14	-
Fortinet	3.14.0.0	2008.02.14	-
*F-Prot	4.4.2.54	2008.02.13	W32/Heuristic-162!Eldorado
F-Secure	6.70.13260.0	2008.02.14	Suspicious:W32/Malware!Gemini
Ikarus	T3.1.1.20	2008.02.14	MalwareScope.Trojan-Spy.BZub.2
*Kaspersky	7.0.0.125	2008.02.14	-
*McAfee	5229	2008.02.13	Proxy-Agent.ai
Microsoft	1.3204	2008.02.14	Trojan:Win32/Dopip.A
*NOD32v2	2873	2008.02.13	-
*Norman	5.80.02	2008.02.13	W32/Suspicious_U.gen*
Panda	9.0.0.4	2008.02.14	-
Prevx1	V2	2008.02.14	-
Rising	20.31.10.00	2008.02.13	-
Sophos	4.26.0	2008.02.14	Mal/Packer
*Sunbelt	2.2.907.0	2008.02.14	VIPRE.Suspicious*
Symantec	10	2008.02.14	-
*TheHacker	6.2.9.219	2008.02.13	W32/Behav-Heuristic-060
VBA32	3.12.6.1	2008.02.14	MalwareScope.Trojan-Spy.BZub.2
VirusBuster	4.3.26:9	2008.02.13	Packed/Upack
Webwasher-Gateway	6.6.2	2008.02.14	Trojan.Dldr.Logsnif.1
*
Дополнительная информация
File size: 509500 bytes
MD5: 52310f521d47e08b2515df83d9a95446
SHA1: 5e760a864bfa3bc9f6ed50fbe6b68c97611dddeb
PEiD: -
packers: UPack
packers: PE_Patch, UPack
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Файл 12.exe получен 2008.02.14 08:28:44 (CET)Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.2.14.11	2008.02.14	-
*AntiVir	7.6.0.65	2008.02.14	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2008.02.14	-
Avast	4.7.1098.0	2008.02.13	-
*AVG	7.5.0.516	2008.02.13	Dropper.Agent.9.Q*
BitDefender	7.2	2008.02.14	-
*CAT-QuickHeal	None	2008.02.13	(Suspicious) - DNAScan*
ClamAV	0.92	2008.02.14	-
DrWeb	4.44.0.09170	2008.02.13	-
*eSafe	7.0.15.0	2008.02.13	Suspicious File*
eTrust-Vet	31.3.5536	2008.02.14	-
Ewido	4.0	2008.02.13	-
FileAdvisor	1	2008.02.14	-
Fortinet	3.14.0.0	2008.02.14	-
F-Prot	4.4.2.54	2008.02.13	-
F-Secure	6.70.13260.0	2008.02.14	-
Ikarus	T3.1.1.20	2008.02.14	-
Kaspersky	7.0.0.125	2008.02.14	-
McAfee	5229	2008.02.13	-
Microsoft	1.3204	2008.02.14	-
NOD32v2	2873	2008.02.13	-
Norman	5.80.02	2008.02.13	-
Panda	9.0.0.4	2008.02.14	-
Prevx1	V2	2008.02.14	-
Rising	20.31.10.00	2008.02.13	-
*Sophos	4.26.0	2008.02.14	Sus/UnkPacker
Sunbelt	2.2.907.0	2008.02.14	Trojan.Crypt.XPACK.Gen
*Symantec	10	2008.02.14	-
TheHacker	6.2.9.219	2008.02.13	-
VBA32	3.12.6.1	2008.02.14	-
VirusBuster	4.3.26:9	2008.02.13	-
*Webwasher-Gateway	6.6.2	2008.02.14	Trojan.Crypt.XPACK.Gen*

Дополнительная информация
File size: 159744 bytes
MD5: 7ab8773907e5f0ef5d9ceb338dc2b2f8
SHA1: 0ac46a74574f56f188543d16eac8be08b74bcbbd
PEiD: -

Файл 1.exe получен 2008.02.14 08:25:39 (CET)Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.2.14.11	2008.02.14	-
*AntiVir	7.6.0.65	2008.02.14	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2008.02.14	-
Avast	4.7.1098.0	2008.02.13	-
AVG	7.5.0.516	2008.02.13	-
*BitDefender	7.2	2008.02.14	Trojan.PWS.LdPinch.TGB
CAT-QuickHeal	None	2008.02.13	(Suspicious) - DNAScan
*ClamAV	0.92	2008.02.14	-
DrWeb	4.44.0.09170	2008.02.13	-
eSafe	7.0.15.0	2008.02.13	-
eTrust-Vet	31.3.5536	2008.02.14	-
Ewido	4.0	2008.02.13	-
FileAdvisor	1	2008.02.14	-
Fortinet	3.14.0.0	2008.02.14	-
F-Prot	4.4.2.54	2008.02.13	-
*F-Secure	6.70.13260.0	2008.02.14	Suspicious:W32/Malware!Gemini
Ikarus	T3.1.1.20	2008.02.14	Trojan-PWS.LDPinch.TGB
*Kaspersky	7.0.0.125	2008.02.14	-
McAfee	5229	2008.02.13	-
*Microsoft	1.3204	2008.02.14	PWS:Win32/Ldpinch*
NOD32v2	2873	2008.02.13	-
Norman	5.80.02	2008.02.13	-
Panda	9.0.0.4	2008.02.14	-
*Prevx1	V2	2008.02.14	Heuristic: Suspicious File With Outbound Communications
*Rising	20.31.10.00	2008.02.13	-
*Sophos	4.26.0	2008.02.14	Mal/TibsPak
Sunbelt	2.2.907.0	2008.02.14	Trojan-PWS.LdPinch.TGB
*Symantec	10	2008.02.14	-
TheHacker	6.2.9.219	2008.02.13	-
VBA32	3.12.6.1	2008.02.14	-
VirusBuster	4.3.26:9	2008.02.13	-
*Webwasher-Gateway	6.6.2	2008.02.14	Trojan.Crypt.XPACK.Gen*

Дополнительная информация
File size: 45056 bytes
MD5: 1ca8a8b2002437786c84c0688e3daf3d
SHA1: fc4eb32b7ddb15847dfeb6f041a8284532112811
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...2E0700FDC72907

Файл avz00001.dta получен 2008.02.14 08:15:40 (CET)Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.2.14.11	2008.02.14	-
*AntiVir	7.6.0.65	2008.02.13	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2008.02.14	-
*Avast	4.7.1098.0	2008.02.13	Win32:Trojan-gen {Other}
AVG	7.5.0.516	2008.02.13	Generic7.HNF
BitDefender	7.2	2008.02.14	Trojan.Spy.Agent.NEB
CAT-QuickHeal	None	2008.02.13	Trojan.PolyCrypt.d
*ClamAV	0.92	2008.02.14	-
*DrWeb	4.44.0.09170	2008.02.13	Trojan.Packed.170*
eSafe	7.0.15.0	2008.02.13	-
eTrust-Vet	31.3.5536	2008.02.14	-
Ewido	4.0	2008.02.13	-
FileAdvisor	1	2008.02.14	-
Fortinet	3.14.0.0	2008.02.14	-
*F-Prot	4.4.2.54	2008.02.13	W32/Trojan2.PT
F-Secure	6.70.13260.0	2008.02.14	Packed.Win32.PolyCrypt.d
Ikarus	T3.1.1.20	2008.02.14	Trojan-Downloader.Win32.Small.cyn
Kaspersky	7.0.0.125	2008.02.14	Packed.Win32.PolyCrypt.d
McAfee	5229	2008.02.13	PolyCrypt-Packed
Microsoft	1.3204	2008.02.14	VirTool:Win32/Obfuscator.O
NOD32v2	2873	2008.02.13	probably a variant of Win32/Obfuscated
*Norman	5.80.02	2008.02.13	-
Panda	9.0.0.4	2008.02.14	-
Prevx1	V2	2008.02.14	-
*Rising	20.31.10.00	2008.02.13	Trojan.Win32.PolyCrypt.d
Sophos	4.26.0	2008.02.14	Mal/Zbot-A
Sunbelt	2.2.907.0	2008.02.14	VIPRE.Suspicious
Symantec	10	2008.02.14	Infostealer.Notos!gen
TheHacker	6.2.9.219	2008.02.13	Trojan/PolyCrypt.d
VBA32	3.12.6.1	2008.02.14	Trojan.Packed.170
*VirusBuster	4.3.26:9	2008.02.13	-
*Webwasher-Gateway	6.6.2	2008.02.13	Trojan.Crypt.XPACK.Gen*

Дополнительная информация
File size: 294127 bytes
MD5: e417ab28f4824d656c8b7f75e097bbf4
SHA1: f34f6eae137e82025492b3345e6ba6165377a1fc
PEiD: -
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

----------


## rubin

Файл avz00002.dta получен 2008.02.15 13:06:30 (CET)
Текущий статус:    закончено 
Результат: 23/32 (71.88%)



```
AhnLab-V3	2008.2.15.11	2008.02.15	Win-Trojan/Agent.506952
AntiVir	7.6.0.65	2008.02.15	TR/Dldr.Logsnif.1
Authentium	4.93.8	2008.02.15	-
Avast	4.7.1098.0	2008.02.14	Win32:BZub-KY
AVG	7.5.0.516	2008.02.15	Downloader.Generic_c.KP
BitDefender	7.2	2008.02.15	Trojan.Agent.AGRM
CAT-QuickHeal	None	2008.02.14	TrojanProxy.Small.it
ClamAV	0.92.1	2008.02.15	PUA.Packed.UPack-2
DrWeb	4.44.0.09170	2008.02.15	Trojan.Roro
eSafe	7.0.15.0	2008.02.14	Suspicious File
eTrust-Vet	31.3.5539	2008.02.15	Win32/EtelPWS.A
Ewido	4.0	2008.02.15	-
FileAdvisor	1	2008.02.15	-
Fortinet	3.14.0.0	2008.02.15	-
F-Prot	4.4.2.54	2008.02.14	W32/Heuristic-162!Eldorado
F-Secure	6.70.13260.0	2008.02.15	W32/Agent.EDKM
Ikarus	T3.1.1.20	2008.02.15	MalwareScope.Trojan-Spy.BZub.2
Kaspersky	7.0.0.125	2008.02.15	-
McAfee	5230	2008.02.14	Proxy-Agent.ai
Microsoft	1.3204	2008.02.14	Trojan:Win32/Dopip.A
NOD32v2	2878	2008.02.15	Win32/Agent.NIV
Norman	5.80.02	2008.02.14	W32/Agent.EDKM
Panda	9.0.0.4	2008.02.15	-
Prevx1	V2	2008.02.15	-
Rising	20.31.30.00	2008.02.14	-
Sophos	4.26.0	2008.02.15	Mal/Packer
Sunbelt	2.2.907.0	2008.02.14	VIPRE.Suspicious
Symantec	10	2008.02.15	-
TheHacker	6.2.9.220	2008.02.14	W32/Behav-Heuristic-060
VBA32	3.12.6.1	2008.02.14	MalwareScope.Trojan-Spy.BZub.2
VirusBuster	4.3.26:9	2008.02.14	Packed/Upack
Webwasher-Gateway	6.6.2	2008.02.15	Trojan.Dldr.Logsnif.1
```

File size: 507000 bytes
MD5: a8fa6757b2136fbc730af466101ca952
SHA1: 60af3ae683be74765cc3aaf0fd5c58c63e18dea9
PEiD: -
packers: UPack
packers: PE_Patch, UPack
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.


Файл avz00003.dta получен 2008.02.15 13:06:14 (CET)
Текущий статус:    закончено 
Результат: 9/32 (28.13%)


```
AhnLab-V3	2008.2.15.11	2008.02.15	-
AntiVir	7.6.0.65	2008.02.15	TR/Drop.Age.A.32768
Authentium	4.93.8	2008.02.15	-
Avast	4.7.1098.0	2008.02.14	-
AVG	7.5.0.516	2008.02.15	SHeur.AKAG
BitDefender	7.2	2008.02.15	-
CAT-QuickHeal	None	2008.02.14	-
ClamAV	0.92.1	2008.02.15	-
DrWeb	4.44.0.09170	2008.02.15	Trojan.Packed.147
eSafe	7.0.15.0	2008.02.14	-
eTrust-Vet	31.3.5539	2008.02.15	-
Ewido	4.0	2008.02.15	-
FileAdvisor	1	2008.02.15	-
Fortinet	3.14.0.0	2008.02.15	-
F-Prot	4.4.2.54	2008.02.14	-
F-Secure	6.70.13260.0	2008.02.15	Suspicious:W32/Malware!Gemini
Ikarus	T3.1.1.20	2008.02.15	Trojan-Dropper.Age.A.32768
Kaspersky	7.0.0.125	2008.02.15	-
McAfee	5230	2008.02.14	-
Microsoft	1.3204	2008.02.14	-
NOD32v2	2878	2008.02.15	probably unknown NewHeur_PE virus
Norman	5.80.02	2008.02.14	-
Panda	9.0.0.4	2008.02.15	-
Prevx1	V2	2008.02.15	SystemPoser:Trojan-All Variants
Rising	20.31.30.00	2008.02.14	-
Sophos	4.26.0	2008.02.15	-
Sunbelt	2.2.907.0	2008.02.14	Trojan-Dropper.Age.A.3
Symantec	10	2008.02.15	-
TheHacker	6.2.9.220	2008.02.14	-
VBA32	3.12.6.1	2008.02.14	-
VirusBuster	4.3.26:9	2008.02.14	-
Webwasher-Gateway	6.6.2	2008.02.15	Trojan.Drop.Age.A.32768
```

File size: 32768 bytes
MD5: eedd12ecb28bfc652c39dc6c587e2f2a
SHA1: b15bec428350afcdf4e5f3d5e8fc94c687d56cca
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...0C290077399D8A

----------


## rubin

Файл SoftDll.dll получен 2008.02.16 19:08:58 (CET)



```
AhnLab-V3	2008.2.16.10	2008.02.15	-
AntiVir	7.6.0.67	2008.02.15	TR/Delphi.Downloader.Gen
Authentium	4.93.8	2008.02.15	-
Avast	4.7.1098.0	2008.02.15	-
AVG	7.5.0.516	2008.02.16	-
BitDefender	7.2	2008.02.16	Win32.Worm.Autoruner.BQ
CAT-QuickHeal	None	2008.02.16	-
ClamAV	0.92.1	2008.02.16	-
DrWeb	4.44.0.09170	2008.02.16	Win32.HLLW.Autoruner.279
eSafe	7.0.15.0	2008.02.14	-
eTrust-Vet	31.3.5541	2008.02.15	Win32/VMalum.JZV
Ewido	4.0	2008.02.16	-
FileAdvisor	1	2008.02.16	-
Fortinet	3.14.0.0	2008.02.16	Heuri.E
F-Prot	4.4.2.54	2008.02.15	-
F-Secure	6.70.13260.0	2008.02.15	-
Ikarus	T3.1.1.20	2008.02.16	MalwareScope.Worm.Viking.4
Kaspersky	7.0.0.125	2008.02.16	-
McAfee	5231	2008.02.15	PWS-OnlineGames.h
Microsoft	1.3204	2008.02.16	-
NOD32v2	2880	2008.02.15	-
Norman	5.80.02	2008.02.15	-
Panda	9.0.0.4	2008.02.16	Trj/QQPass.QV
Prevx1	V2	2008.02.16	Heuristic: Suspicious File With Bad Parent Associations
Rising	20.31.50.00	2008.02.16	Trojan.Win32.Agent.pox
Sophos	4.26.0	2008.02.16	Mal/Heuri-E
Sunbelt	2.2.907.0	2008.02.16	Worm.Win32.Autoruner.BQ
Symantec	10	2008.02.16	W32.SillyFDC
TheHacker	6.2.9.222	2008.02.16	-
VBA32	3.12.6.1	2008.02.14	Win32.HLLW.Autoruner.279
VirusBuster	4.3.26:9	2008.02.15	-
Webwasher-Gateway	6.6.2	2008.02.15	Trojan.Delphi.Downloader.Gen
```

File size: 29184 bytes
MD5: 9c1e6e500daac57c58fa103db572cb61
SHA1: 2b57f8c569ecf177aafe6662b8cc757c89da93df
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...CC55001A54505A

*Добавлено через 42 минуты*

c:\windows\system32\bim\svchost.exe
Файл avz00005.dta получен 2008.02.16 19:49:30 (CET)


```
AhnLab-V3	2008.2.16.10	2008.02.15	-
AntiVir	7.6.0.67	2008.02.15	TR/Delphi.Downloader.Gen
Authentium	4.93.8	2008.02.15	Possibly a new variant of W32/new-malware!Maximus
Avast	4.7.1098.0	2008.02.16	Win32:Delf-EQM
AVG	7.5.0.516	2008.02.16	-
BitDefender	7.2	2008.02.16	Dropped:Trojan.Proxy.Fackemo.A
CAT-QuickHeal	None	2008.02.16	(Suspicious) - DNAScan
ClamAV	0.92.1	2008.02.16	-
DrWeb	4.44.0.09170	2008.02.16	DLOADER.Trojan
eSafe	7.0.15.0	2008.02.14	suspicious Trojan/Worm
eTrust-Vet	31.3.5541	2008.02.15	-
Ewido	4.0	2008.02.16	-
FileAdvisor	1	2008.02.16	-
Fortinet	3.14.0.0	2008.02.16	-
F-Prot	4.4.2.54	2008.02.15	W32/Downloader.F.gen!Eldorado
F-Secure	6.70.13260.0	2008.02.15	Suspicious_F.gen.dropper
Ikarus	T3.1.1.20	2008.02.16	-
Kaspersky	7.0.0.125	2008.02.16	Heur.Trojan.Generic
McAfee	5231	2008.02.15	-
Microsoft	1.3204	2008.02.16	-
NOD32v2	2880	2008.02.15	-
Norman	5.80.02	2008.02.15	Suspicious_F.gen
Panda	9.0.0.4	2008.02.16	Suspicious file
Prevx1	V2	2008.02.16	-
Rising	20.31.50.00	2008.02.16	-
Sophos	4.26.0	2008.02.16	Mal/Packer
Sunbelt	2.2.907.0	2008.02.16	VIPRE.Suspicious
Symantec	10	2008.02.16	-
TheHacker	6.2.9.222	2008.02.16	-
VBA32	3.12.6.1	2008.02.14	-
VirusBuster	4.3.26:9	2008.02.15	Packed/FSG
Webwasher-Gateway	6.6.2	2008.02.15	Trojan.Delphi.Downloader.Gen
```

File size: 17257 bytes
MD5: 0e6741e9dafd2c3c1f96e64af0a9743e
SHA1: 95f71cf9f9e9f961381a6b6f6bd0e18450712fa8
PEiD: FSG v2.0 -> bart/xt
packers: FSG
packers: FSG
packers: FSG
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.



C:\WINDOWS\system32\sysfldr.dll
Файл avz00003.dta получен 2008.02.16 19:49:41 (CET)


```
AhnLab-V3	2008.2.16.10	2008.02.15	-
AntiVir	7.6.0.67	2008.02.15	BDS/Backdoor.Gen
Authentium	4.93.8	2008.02.15	-
Avast	4.7.1098.0	2008.02.16	-
AVG	7.5.0.516	2008.02.16	-
BitDefender	7.2	2008.02.16	Backdoor.SDBot.DFCV
CAT-QuickHeal	None	2008.02.16	-
ClamAV	0.92.1	2008.02.16	-
DrWeb	4.44.0.09170	2008.02.16	-
eSafe	7.0.15.0	2008.02.14	suspicious Trojan/Worm
eTrust-Vet	31.3.5541	2008.02.15	-
Ewido	4.0	2008.02.16	-
FileAdvisor	1	2008.02.16	-
Fortinet	3.14.0.0	2008.02.16	-
F-Prot	4.4.2.54	2008.02.15	-
F-Secure	6.70.13260.0	2008.02.15	-
Ikarus	T3.1.1.20	2008.02.16	Trojan-Proxy.Win32.Webber.U
Kaspersky	7.0.0.125	2008.02.16	-
McAfee	5231	2008.02.15	-
Microsoft	1.3204	2008.02.16	-
NOD32v2	2880	2008.02.15	-
Norman	5.80.02	2008.02.15	-
Panda	9.0.0.4	2008.02.16	Suspicious file
Prevx1	V2	2008.02.16	Lop.BG
Rising	20.31.50.00	2008.02.16	-
Sophos	4.26.0	2008.02.16	Mal/Emogen-G
Sunbelt	2.2.907.0	2008.02.16	-
Symantec	10	2008.02.16	-
TheHacker	6.2.9.222	2008.02.16	-
VBA32	3.12.6.1	2008.02.14	-
VirusBuster	4.3.26:9	2008.02.15	-
Webwasher-Gateway	6.6.2	2008.02.15	Trojan.Backdoor.Backdoor.Gen
```

File size: 14336 bytes
MD5: e284bd5036c382d0d4241c10aaedfed4
SHA1: 7f9faa655a73874fd2325588f5be9ea09d4547c9
PEiD: -
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramte...362500B40A2B8E

----------


## Синауридзе Александр

Файл BACKINF.TAB получен 2008.02.17 22:59:27 (CET)

AhnLab-V3 2008.2.16.10 2008.02.15 - 
AntiVir 7.6.0.67 2008.02.15 - 
Authentium 4.93.8 2008.02.17 - 
Avast 4.7.1098.0 2008.02.17 - 
AVG 7.5.0.516 2008.02.17 - 
*BitDefender 7.2 2008.02.17 Win32.Worm.VB.TB* 
CAT-QuickHeal None 2008.02.16 - 
ClamAV 0.92.1 2008.02.17 - 
*DrWeb 4.44.0.09170 2008.02.17 Win32.HLLW.Autoruner* 
eSafe 7.0.15.0 2008.02.17 - 
*eTrust-Vet 31.3.5541 2008.02.15 INF/Cacfu* 
Ewido 4.0 2008.02.17 - 
FileAdvisor 1 2008.02.17 - 
Fortinet 3.14.0.0 2008.02.17 - 
F-Prot 4.4.2.54 2008.02.17 - 
*F-Secure 6.70.13260.0 2008.02.17 BAT/Autorun.O* 
*Ikarus T3.1.1.20 2008.02.17 Worm.Win32.AutoRun.sb* 
*Kaspersky 7.0.0.125 2008.02.17 Worm.Win32.AutoRun.sb* 
McAfee 5231 2008.02.15 - 
Microsoft 1.3204 2008.02.17 - 
*NOD32v2 2881 2008.02.17 INF/Autorun* 
*Norman 5.80.02 2008.02.15 BAT/Autorun.O* 
*Panda 9.0.0.4 2008.02.17 Trj/Autorun.KZ* 
Prevx1 V2 2008.02.17 - 
Rising 20.31.50.00 2008.02.16 - 
*Sophos 4.26.0 2008.02.17 Mal/AutoInf-A* 
Sunbelt 2.2.907.0 2008.02.16 - 
Symantec 10 2008.02.17 - 
*TheHacker 6.2.9.222 2008.02.16 Trojan/Small.autorun* 
VBA32 3.12.6.1 2008.02.17 - 
VirusBuster 4.3.26:9 2008.02.17 - 
Webwasher-Gateway 6.6.2 2008.02.15 - 

Дополнительная информация 
File size: 99 bytes 
MD5: 9a69f8ac723c11800bb3ad8186f2ace2 
SHA1: 75f67392687644486c4550faf4e000ddbbb6738e 
PEiD: -

----------


## rubin

Файл avz00004.dta получен 2008.02.18 16:56:20 (CET)



```
AhnLab-V3	2008.2.18.0	2008.02.18	-
AntiVir	7.6.0.67	2008.02.18	-
Authentium	4.93.8	2008.02.17	-
Avast	4.7.1098.0	2008.02.18	-
AVG	7.5.0.516	2008.02.18	Spam
BitDefender	7.2	2008.02.18	Generic.Malware.dld!!.B10C0968
CAT-QuickHeal	9.50	2008.02.16	-
ClamAV	0.92.1	2008.02.18	-
DrWeb	4.44.0.09170	2008.02.18	-
eTrust-Vet	31.3.5546	2008.02.18	-
Ewido	4.0	2008.02.18	-
FileAdvisor	1	2008.02.18	-
Fortinet	3.14.0.0	2008.02.18	-
F-Prot	4.4.2.54	2008.02.17	-
F-Secure	6.70.13260.0	2008.02.18	-
Ikarus	T3.1.1.20	2008.02.18	-
Kaspersky	7.0.0.125	2008.02.18	-
McAfee	5231	2008.02.15	-
Microsoft	1.3204	2008.02.18	-
NOD32v2	2883	2008.02.18	-
Norman	5.80.02	2008.02.15	-
Panda	9.0.0.4	2008.02.17	Suspicious file
Rising	20.32.02.00	2008.02.18	-
Sophos	4.26.0	2008.02.18	-
Sunbelt	3.0.884.0	2008.02.18	-
Symantec	10	2008.02.18	-
TheHacker	6.2.9.222	2008.02.16	-
VBA32	3.12.6.1	2008.02.17	-
VirusBuster	4.3.26:9	2008.02.18	Trojan.DL.Wigon.Gen.6
Webwasher-Gateway	6.6.2	2008.02.18	-
```

File size: 7168 bytes
MD5: 04ddf6bc6c4d382a3a17fc946569634a
SHA1: 81411883f0b8b81f7d80eb26130a125d34cb05ca
PEiD: -


Файл avz00001.dta получен 2008.02.18 16:57:38 (CET)


```
AhnLab-V3	2008.2.18.0	2008.02.18	Win-Trojan/Agent.506952
AntiVir	7.6.0.67	2008.02.18	TR/Dldr.Logsnif.1
Authentium	4.93.8	2008.02.17	-
Avast	4.7.1098.0	2008.02.18	Win32:BZub-KY
AVG	7.5.0.516	2008.02.18	Downloader.Generic_c.MQ
BitDefender	7.2	2008.02.18	-
CAT-QuickHeal	9.50	2008.02.16	TrojanProxy.Small.it
ClamAV	0.92.1	2008.02.18	PUA.Packed.UPack-2
DrWeb	4.44.0.09170	2008.02.18	Trojan.Roro
eSafe	7.0.15.0	2008.02.17	Suspicious File
eTrust-Vet	31.3.5546	2008.02.18	-
Ewido	4.0	2008.02.18	-
FileAdvisor	1	2008.02.18	-
Fortinet	3.14.0.0	2008.02.18	-
F-Prot	4.4.2.54	2008.02.17	W32/Heuristic-162!Eldorado
F-Secure	6.70.13260.0	2008.02.18	Suspicious:W32/Malware!Gemini
Ikarus	T3.1.1.20	2008.02.18	MalwareScope.Trojan-Spy.BZub.2
Kaspersky	7.0.0.125	2008.02.18	-
McAfee	5231	2008.02.15	Proxy-Agent.ai
Microsoft	1.3204	2008.02.18	Trojan:Win32/Dopip.A
NOD32v2	2883	2008.02.18	-
Norman	5.80.02	2008.02.15	W32/Suspicious_U.gen
Panda	9.0.0.4	2008.02.17	-
Prevx1	V2	2008.02.18	-
Rising	20.32.02.00	2008.02.18	-
Sophos	4.26.0	2008.02.18	Mal/Packer
Sunbelt	3.0.884.0	2008.02.18	VIPRE.Suspicious
Symantec	10	2008.02.18	-
TheHacker	6.2.9.222	2008.02.16	W32/Behav-Heuristic-060
VBA32	3.12.6.1	2008.02.17	MalwareScope.Trojan-Spy.BZub.2
VirusBuster	4.3.26:9	2008.02.18	Packed/Upack
Webwasher-Gateway	6.6.2	2008.02.18	Trojan.Dldr.Logsnif.1
```

File size: 509512 bytes
MD5: 02a5bc893cbeee7561a9e778b812baa4
SHA1: cac73b45639bcb64f8973e06f77aa6c432251e8b
PEiD: -
packers: UPack
packers: PE_Patch, UPack

----------


## asterrX

Файл ***.exe получен 2008.02.18 20:33:18 (CET)


```
AhnLab-V3 	2008.2.18.0 	2008.02.18 	-
AntiVir 	7.6.0.67 	2008.02.18 	HEUR/Crypted
Authentium 	4.93.8 	2008.02.17 	-
Avast 	4.7.1098.0 	2008.02.18 	-
AVG 	7.5.0.516 	2008.02.18 	PSW.Ldpinch.11.AS
BitDefender 	7.2 	2008.02.18 	-
CAT-QuickHeal 	9.50 	2008.02.16 	(Suspicious) - DNAScan
ClamAV 	0.92.1 	2008.02.18 	-
DrWeb 	4.44.0.09170 	2008.02.18 	Trojan.PWS.LDPinch.1941
eSafe 	7.0.15.0 	2008.02.17 	-
eTrust-Vet 	31.3.5546 	2008.02.18 	-
Ewido 	4.0 	2008.02.18 	-
FileAdvisor 	1 	2008.02.18 	-
Fortinet 	3.14.0.0 	2008.02.18 	W32/Basine.C!tr.pws
F-Prot 	4.4.2.54 	2008.02.17 	-
F-Secure 	6.70.13260.0 	2008.02.18 	LdPinch.gen1
Ikarus 	T3.1.1.20 	2008.02.18 	-
Kaspersky 	7.0.0.125 	2008.02.18 	Trojan-PSW.Win32.LdPinch.fvf
McAfee 	5232 	2008.02.18 	-
Microsoft 	1.3204 	2008.02.18 	-
NOD32v2 	2883 	2008.02.18 	-
Norman 	5.80.02 	2008.02.15 	LdPinch.gen1
Panda 	9.0.0.4 	2008.02.17 	-
Prevx1 	V2 	2008.02.18 	Heuristic: Suspicious Self Modifying File
Rising 	20.32.02.00 	2008.02.18 	-
Sophos 	4.26.0 	2008.02.18 	Mal/Basine-C
Sunbelt 	3.0.884.0 	2008.02.18 	VIPRE.Suspicious
Symantec 	10 	2008.02.18 	-
TheHacker 	6.2.9.223 	2008.02.18 	-
VBA32 	3.12.6.1 	2008.02.17 	-
VirusBuster 	4.3.26:9 	2008.02.18 	-
Webwasher-Gateway 	6.6.2 	2008.02.18 	Heuristic.Crypted
```

----------


## Groft

Файл daemon.tools.pro.patch.rar получен 2008.02.19 00:25:22 (CET)
Текущий статус:    закончено 
Результат: 8/32 (25%) 
 Форматированные 
Печать результатов  Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.2.18.0	2008.02.18	-
*AntiVir	7.6.0.67	2008.02.18	HEUR/Crypted*
Authentium	4.93.8	2008.02.17	-
*Avast	4.7.1098.0	2008.02.18	Win32:Horse-BK*
AVG	7.5.0.516	2008.02.18	-
BitDefender	7.2	2008.02.18	-
CAT-QuickHeal	9.50	2008.02.18	-
ClamAV	0.92.1	2008.02.19	-
DrWeb	4.44.0.09170	2008.02.18	-
eSafe	7.0.15.0	2008.02.17	-
eTrust-Vet	31.3.5546	2008.02.18	-
Ewido	4.0	2008.02.18	-
FileAdvisor	1	2008.02.19	-
Fortinet	3.14.0.0	2008.02.18	-
F-Prot	4.4.2.54	2008.02.18	-
*F-Secure	6.70.13260.0	2008.02.18	W32/Malware.AVTN
Ikarus	T3.1.1.20	2008.02.18	Backdoor.Pigeon.6620*
Kaspersky	7.0.0.125	2008.02.19	-
McAfee	5232	2008.02.18	-
Microsoft	1.3204	2008.02.18	-
NOD32v2	2884	2008.02.18	-
Norman	5.80.02	2008.02.18	-
Panda	9.0.0.4	2008.02.18	-
*Prevx1	V2	2008.02.19	Heuristic: Suspicious Self Modifying EXE*
Rising	20.32.02.00	2008.02.18	-
Sophos	4.26.0	2008.02.18	-
Sunbelt	3.0.884.0	2008.02.18	-
*Symantec	10	2008.02.18	Trojan Horse*
TheHacker	6.2.9.223	2008.02.18	-
*VBA32	3.12.6.1	2008.02.17	Backdoor.Win32.Rbot.gnm*
VirusBuster	4.3.26:9	2008.02.18	-
*Webwasher-Gateway	6.6.2	2008.02.18	Heuristic.Crypted*
Дополнительная информация
File size: 609821 bytes
MD5: 38da4121a0daa01e09f2c500e58f6eda
SHA1: 115865d5e9b8cc89ae3099a6d047ceb0515e5444
PEiD: -
packers: PecBundle, PECompact
packers: PE_Patch.PECompact, PecBundle, PECompact
Prevx info: http://info.prevx.com/aboutprogramte...49080042E22203

----------


## XL

Вот такой улов:


```
Файл avz00015.dta получен 2008.02.23 12:22:26

AhnLab-V3	2008.2.22.0	2008.02.22	-
AntiVir	7.6.0.67	2008.02.22	TR/Agent.97792.1
Authentium	4.93.8	2008.02.23	-
Avast	4.7.1098.0	2008.02.22	Win32:Warezov-BYG
AVG	7.5.0.516	2008.02.22	Generic9.AAVW
BitDefender	7.2	2008.02.23	Generic.Malware.SFYBd.610E7661
CAT-QuickHeal	9.50	2008.02.22	-
ClamAV	0.92.1	2008.02.23	-
DrWeb	4.44.0.09170	2008.02.22	Trojan.Popuper.5062
eSafe	7.0.15.0	2008.02.21	suspicious Trojan/Worm
eTrust-Vet	31.3.5557	2008.02.23	-
Ewido	4.0	2008.02.22	-
FileAdvisor	1	2008.02.23	High threat detected
Fortinet	3.14.0.0	2008.02.23	-
F-Prot	4.4.2.54	2008.02.22	-
F-Secure	6.70.13260.0	2008.02.22	W32/Malware.BIAW
Ikarus	T3.1.1.20	2008.02.23	Virus.Win32.Warezov.BYG
Kaspersky	7.0.0.125	2008.02.23	-
McAfee	5236	2008.02.22	-
Microsoft	1.3204	2008.02.23	-
NOD32v2	2897	2008.02.22	-
Norman	5.80.02	2008.02.22	W32/Malware.BIAW
Panda	9.0.0.4	2008.02.22	-
Prevx1	V2	2008.02.23	Heuristic: Suspicious File With Outbound Communications
Rising	20.32.52.00	2008.02.23	-
Sophos	4.26.0	2008.02.23	-
Sunbelt	3.0.893.0	2008.02.23	-
Symantec	10	2008.02.23	Trojan.Zlob
TheHacker	6.2.9.227	2008.02.22	-
VBA32	3.12.6.1	2008.02.21	Trojan.Popuper.5062
VirusBuster	4.3.26:9	2008.02.22	-
Webwasher-Gateway	6.6.2	2008.02.23	Trojan.Agent.97792.1

File size: 97792 bytes
MD5: b3ac88d488a5b7555515f5d0c47a66d5
SHA1: 19666faabacbe7b657d65f7068c485f0fa4ef396
packers: PE_Patch.UPX, UPX
```



```
Файл avz00002.dta получен 2008.02.23 12:25:37 (CET)

AhnLab-V3	2008.2.22.0	2008.02.22	-
AntiVir	7.6.0.67	2008.02.22	TR/Crypt.XDR.Gen
Authentium	4.93.8	2008.02.23	-
Avast	4.7.1098.0	2008.02.22	-
AVG	7.5.0.516	2008.02.22	-
BitDefender	7.2	2008.02.23	-
CAT-QuickHeal	9.50	2008.02.22	-
ClamAV	0.92.1	2008.02.23	-
DrWeb	4.44.0.09170	2008.02.22	-
eSafe	7.0.15.0	2008.02.21	-
eTrust-Vet	31.3.5557	2008.02.23	-
Ewido	4.0	2008.02.23	-
FileAdvisor	1	2008.02.23	-
Fortinet	3.14.0.0	2008.02.23	-
F-Prot	4.4.2.54	2008.02.22	-
F-Secure	6.70.13260.0	2008.02.22	Suspicious:W32/Malware!Gemini
Ikarus	T3.1.1.20	2008.02.23	-
Kaspersky	7.0.0.125	2008.02.23	-
McAfee	5236	2008.02.22	-
Microsoft	1.3204	2008.02.23	-
NOD32v2	2897	2008.02.22	-
Norman	5.80.02	2008.02.22	-
Panda	9.0.0.4	2008.02.22	Suspicious file
Prevx1	V2	2008.02.23	-
Rising	20.32.52.00	2008.02.23	-
Sophos	4.26.0	2008.02.23	-
Sunbelt	3.0.893.0	2008.02.23	-
Symantec	10	2008.02.23	-
TheHacker	6.2.9.227	2008.02.22	-
VBA32	3.12.6.1	2008.02.21	suspected of Trojan-PSW.Pinch.35 (paranoid heuristics)
VirusBuster	4.3.26:9	2008.02.22	-
Webwasher-Gateway	6.6.2	2008.02.23	Trojan.Crypt.XDR.Gen
Дополнительная информация
File size: 30208 bytes
MD5: 4d96f1f1d99f6a07791d708a2993ef71
SHA1: 34217b2249dfb93816e53fc5df50645ae2b91759
```



```
Файл avz00002.dta получен 2008.02.23 12:30:03 (CET)

AhnLab-V3	2008.2.22.0	2008.02.22	-
AntiVir	7.6.0.67	2008.02.22	-
Authentium	4.93.8	2008.02.23	-
Avast	4.7.1098.0	2008.02.22	VBS:Malware-gen
AVG	7.5.0.516	2008.02.22	Worm/Small.2.D
BitDefender	7.2	2008.02.23	-
CAT-QuickHeal	9.50	2008.02.22	-
ClamAV	0.92.1	2008.02.23	-
DrWeb	4.44.0.09170	2008.02.22	Win32.HLLW.Autoruner
eSafe	7.0.15.0	2008.02.21	-
eTrust-Vet	31.3.5557	2008.02.23	INF/Liphew
Ewido	4.0	2008.02.23	Trojan.Delf.aws
FileAdvisor	1	2008.02.23	-
Fortinet	3.14.0.0	2008.02.23	-
F-Prot	4.4.2.54	2008.02.22	-
F-Secure	6.70.13260.0	2008.02.22	Autorun.NY
Ikarus	T3.1.1.20	2008.02.23	-
Kaspersky	7.0.0.125	2008.02.23	-
McAfee	5236	2008.02.22	Generic!atr
Microsoft	1.3204	2008.02.23	-
NOD32v2	2897	2008.02.22	Win32/Delf.AWS
Norman	5.80.02	2008.02.22	Autorun.NY
Panda	9.0.0.4	2008.02.22	-
Rising	20.32.52.00	2008.02.23	-
Sophos	4.26.0	2008.02.23	W32/SillyFDC-AV
Sunbelt	3.0.893.0	2008.02.23	-
Symantec	10	2008.02.23	-
TheHacker	6.2.9.227	2008.02.22	-
VBA32	3.12.6.1	2008.02.21	-
VirusBuster	4.3.26:9	2008.02.22	-
Webwasher-Gateway	6.6.2	2008.02.23	-
Дополнительная информация
File size: 186 bytes
MD5: 388cdce38219e26795c8df2e4b9a8a4c
SHA1: 0e72b83417eab223464533d1b749d4bd8a6caa13
```



```
Файл avz00013.dta получен 2008.02.23 12:29:40 (CET)

AhnLab-V3	2008.2.22.0	2008.02.22	-
AntiVir	7.6.0.67	2008.02.22	-
Authentium	4.93.8	2008.02.23	W32/Warezov.gen2!W32DL
Avast	4.7.1098.0	2008.02.22	Win32:Warezov-BYG
AVG	7.5.0.516	2008.02.22	-
BitDefender	7.2	2008.02.23	DeepScan:Generic.Malware.SFMYBd.9DB05417
CAT-QuickHeal	9.50	2008.02.22	-
ClamAV	0.92.1	2008.02.23	-
DrWeb	4.44.0.09170	2008.02.22	Trojan.Popuper.origin
eSafe	7.0.15.0	2008.02.21	suspicious Trojan/Worm
eTrust-Vet	31.3.5557	2008.02.23	-
Ewido	4.0	2008.02.23	-
FileAdvisor	1	2008.02.23	-
Fortinet	3.14.0.0	2008.02.23	-
F-Prot	4.4.2.54	2008.02.22	W32/Warezov.gen2!W32DL
Ikarus	T3.1.1.20	2008.02.23	-
Kaspersky	7.0.0.125	2008.02.23	-
McAfee	5236	2008.02.22	-
Microsoft	1.3204	2008.02.23	-
NOD32v2	2897	2008.02.22	-
Norman	5.80.02	2008.02.22	W32/Malware
Panda	9.0.0.4	2008.02.22	-
Prevx1	V2	2008.02.23	Heuristic: Suspicious File With Bad Child Associations
Rising	20.32.52.00	2008.02.23	-
Sophos	4.26.0	2008.02.23	-
Sunbelt	3.0.893.0	2008.02.23	-
Symantec	10	2008.02.23	-
TheHacker	6.2.9.227	2008.02.22	-
VBA32	3.12.6.1	2008.02.21	-
VirusBuster	4.3.26:9	2008.02.22	-
Webwasher-Gateway	6.6.2	2008.02.23	-
Дополнительная информация
File size: 157184 bytes
MD5: bb15f21db4b7ddac4324a4714ca61f04
SHA1: 67ceadd25f8cb6e9ee9b582e9cf86fe85eb975ab
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers: UPX
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX
```

*Добавлено через 17 минут*

Еще одна малварка, выуженная мной у пользователя на форуме нашего провайдера:



```
Файл avz00001.dta получен 2008.02.23 12:51:28 (CET)

AhnLab-V3	2008.2.22.0	2008.02.22	-
AntiVir	7.6.0.67	2008.02.22	-
Authentium	4.93.8	2008.02.23	-
Avast	4.7.1098.0	2008.02.22	-
AVG	7.5.0.516	2008.02.22	-
BitDefender	7.2	2008.02.23	-
CAT-QuickHeal	9.50	2008.02.22	-
ClamAV	0.92.1	2008.02.23	-
DrWeb	4.44.0.09170	2008.02.22	-
eSafe	7.0.15.0	2008.02.21	-
eTrust-Vet	31.3.5557	2008.02.23	Win32/Pripecs!generic
Ewido	4.0	2008.02.23	-
FileAdvisor	1	2008.02.23	-
Fortinet	3.14.0.0	2008.02.23	-
F-Prot	4.4.2.54	2008.02.22	W32/FakeAlert.E.gen!Eldorado
F-Secure	6.70.13260.0	2008.02.22	-
Ikarus	T3.1.1.20	2008.02.23	Virus.Win32.Agent.LTS
Kaspersky	7.0.0.125	2008.02.23	-
McAfee	5236	2008.02.22	-
Microsoft	1.3204	2008.02.23	Adware:Win32/SmitFraud
NOD32v2	2897	2008.02.22	-
Norman	5.80.02	2008.02.22	-
Panda	9.0.0.4	2008.02.23	-
Prevx1	V2	2008.02.23	Downloader.Zlob
Rising	20.32.52.00	2008.02.23	-
Sophos	4.26.0	2008.02.23	-
Sunbelt	3.0.893.0	2008.02.23	-
Symantec	10	2008.02.23	-
TheHacker	6.2.9.227	2008.02.22	-
VBA32	3.12.6.1	2008.02.21	suspected of Downloader.Zlob.8
VirusBuster	4.3.26:9	2008.02.22	-
Webwasher-Gateway	6.6.2	2008.02.23	-
Дополнительная информация
File size: 233472 bytes
MD5: a5744a05fbffae4a6d2b29c35dd0ceb4
SHA1: 4c9123993836e14124619adc803f7a9732a3e24b
```

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## rubin

Файл avz00006.dta получен 2008.02.27 14:25:40 (CET)


```
AhnLab-V3	2008.2.27.0	2008.02.27	Win-Trojan/Stresid.9728
AntiVir	7.6.0.67	2008.02.27	TR/Stresid.G
Authentium	4.93.8	2008.02.27	-
Avast	4.7.1098.0	2008.02.26	Win32:Trojan-gen {Other}
AVG	7.5.0.516	2008.02.27	PSW.Generic5.AZV
BitDefender	7.2	2008.02.27	Trojan.Stresid.G
CAT-QuickHeal	9.50	2008.02.26	-
ClamAV	0.92.1	2008.02.27	-
DrWeb	4.44.0.09170	2008.02.27	-
eSafe	7.0.15.0	2008.02.26	-
eTrust-Vet	31.3.5567	2008.02.27	Win32/Stresid.D
Ewido	4.0	2008.02.27	-
FileAdvisor	1	2008.02.27	-
Fortinet	3.14.0.0	2008.02.27	Agent.BF!tr.spy
F-Prot	4.4.2.54	2008.02.26	-
F-Secure	6.70.13260.0	2008.02.27	-
Ikarus	T3.1.1.20	2008.02.27	-
Kaspersky	7.0.0.125	2008.02.27	-
McAfee	5238	2008.02.26	Spy-Agent.bf.dldr
Microsoft	1.3301	2008.02.27	Trojan:Win32/Stresid.gen
NOD32v2	2905	2008.02.27	-
Norman	5.80.02	2008.02.26	-
Panda	9.0.0.4	2008.02.27	Trj/Agent.DPE
Prevx1	V2	2008.02.27	Generic.Malware
Rising	20.33.22.00	2008.02.27	-
Sophos	4.27.0	2008.02.27	-
Sunbelt	3.0.893.0	2008.02.23	Trojan.LinkOptimizer
Symantec	10	2008.02.27	Trojan.LinkOptimizer
TheHacker	6.2.9.229	2008.02.25	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.02.26	-
Webwasher-Gateway	6.6.2	2008.02.27	Trojan.Stresid.G
```

File size: 9728 bytes
MD5: e7bfcaf612251e76228c3c5f2abc7b0b
SHA1: 37047c3153179b69ae7134d2439c5d57faa59e20
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...A89E0067E2A30F

----------


## rubin

virtumonde

Файл avz00003.dta получен 2008.02.28 19:00:01 (CET)



```
AhnLab-V3	2008.2.28.2	2008.02.28	-
AntiVir	7.6.0.67	2008.02.28	TR/Vundo.Gen
Authentium	4.93.8	2008.02.28	-
Avast	4.7.1098.0	2008.02.27	-
AVG	7.5.0.516	2008.02.28	-
BitDefender	7.2	2008.02.28	-
CAT-QuickHeal	9.50	2008.02.28	-
ClamAV	0.92.1	2008.02.28	-
DrWeb	4.44.0.09170	2008.02.28	-
eSafe	7.0.15.0	2008.02.28	-
eTrust-Vet	31.3.5571	2008.02.28	-
Ewido	4.0	2008.02.28	-
FileAdvisor	1	2008.02.28	-
Fortinet	3.14.0.0	2008.02.28	-
F-Prot	4.4.2.54	2008.02.27	W32/Virtumonde.G.gen!Eldorado
F-Secure	6.70.13260.0	2008.02.28	Vundo.gen58
Ikarus	T3.1.1.20	2008.02.28	-
Kaspersky	7.0.0.125	2008.02.28	-
McAfee	5241	2008.02.28	-
Microsoft	1.3301	2008.02.28	Trojan:Win32/Vundo.gen!A
NOD32v2	2909	2008.02.28	-
Norman	5.80.02	2008.02.28	Vundo.gen58
Panda	9.0.0.4	2008.02.27	-
Prevx1	V2	2008.02.28	Trojan.Vundo
Rising	20.33.32.00	2008.02.28	-
Sophos	4.27.0	2008.02.28	-
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.02.28	-
TheHacker	6.2.9.229	2008.02.25	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.02.28	Adware.Vundo.Gen!Pac.18
Webwasher-Gateway	6.6.2	2008.02.28	Trojan.Vundo.Gen
```

File size: 289280 bytes
MD5: bdaf285c8738d0081b1507b5b3bf6554
SHA1: 9ed3cec505fda56ba5d465a51f8bca2fa053fa57
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...A8F60090A9E7EF

----------


## Shu_b

Февраль.
Жаль что мало результатов...

----------


## strawser

File CuteFTP8_Keygen.exe received on 03.01.2008 11:52:30 (CET)
AhnLab-V3	2008.2.29.1	2008.02.29	-
*AntiVir	7.6.0.73	2008.02.29	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.01	-
AVG	7.5.0.516	2008.02.29	-
*BitDefender	7.2	2008.03.01	MemScan:Trojan.PWS.LDPinch.TJR
CAT-QuickHeal	9.50	2008.03.01	(Suspicious) - DNAScan*
ClamAV	0.92.1	2008.03.01	-
DrWeb	4.44.0.09170	2008.02.29	-
*eSafe	7.0.15.0	2008.02.28	Suspicious File*
eTrust-Vet	31.3.5574	2008.02.29	-
Ewido	4.0	2008.03.01	-
FileAdvisor	1	2008.03.01	-
Fortinet	3.14.0.0	2008.03.01	-
F-Prot	4.4.2.54	2008.02.29	-
*F-Secure	6.70.13260.0	2008.03.01	W32/Malware
Ikarus	T3.1.1.20	2008.03.01	BehavesLikeWin32.ProcessHijack
Kaspersky	7.0.0.125	2008.03.01	Trojan-PSW.Win32.Agent.zp*
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.01	-
NOD32v2	2913	2008.03.01	-
*Norman	5.80.02	2008.02.29	W32/Malware
Panda	9.0.0.4	2008.03.01	Suspicious file*
Prevx1	V2	2008.03.01	-
Rising	20.33.52.00	2008.03.01	-
Sophos	4.27.0	2008.03.01	-
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.01	-
TheHacker	6.2.9.229	2008.02.25	-
*VBA32	3.12.6.2	2008.02.27	suspected of Embedded.MalwareScope.Trojan-PSW.Pinch.1*
VirusBuster	4.3.26:9	2008.02.29	-
*Webwasher-Gateway	6.6.2	2008.03.01	Trojan.Crypt.XPACK.Gen*
Additional information
File size: 23040 bytes
MD5: fb8983a47983f4335790705ce98aa7c2
SHA1: 3e66bb78992e387ce6e49fd92ec64031eab36213
PEiD: -

File game.rar received on 03.01.2008 11:54:49 (CET)
AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.02.29	-
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.01	-
AVG	7.5.0.516	2008.02.29	-
BitDefender	7.2	2008.03.01	-
*CAT-QuickHeal	9.50	2008.03.01	(Suspicious) - DNAScan*
ClamAV	0.92.1	2008.03.01	-
DrWeb	4.44.0.09170	2008.02.29	-
*eSafe	7.0.15.0	2008.02.28	Suspicious File*
eTrust-Vet	31.3.5574	2008.02.29	-
Ewido	4.0	2008.03.01	-
FileAdvisor	1	2008.03.01	-
Fortinet	3.14.0.0	2008.03.01	-
F-Prot	4.4.2.54	2008.02.29	-
F-Secure	6.70.13260.0	2008.03.01	-
Ikarus	T3.1.1.20	2008.03.01	-
*Kaspersky	7.0.0.125	2008.03.01	Heur.Trojan.Generic*
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.01	-
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
*Panda	9.0.0.4	2008.03.01	Suspicious file
Prevx1	V2	2008.03.01	Heuristic: Suspicious File With Covert* *Attributes*
Rising	20.33.52.00	2008.03.01	-
*Sophos	4.27.0	2008.03.01	Sus/DelpDldr-A*
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.01	-
TheHacker	6.2.9.229	2008.02.25	-
*VBA32	3.12.6.2	2008.02.27	suspected of Win32.Trojan-Downloader*
VirusBuster	4.3.26:9	2008.02.29	-
*Webwasher-Gateway	6.6.2	2008.03.01	Win32.Malware.gen#PECompact (suspicious)*
Additional information
File size: 232572 bytes
MD5: 60a7fa716edd916d85b436d0987722d2
SHA1: 817910417fc937980872e7c64730d3c9fe4a8ac2
PEiD: -
packers: PecBundle, PECompact
packers: PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact
Prevx info: http://info.prevx.com/aboutprogramte...641C00620DE4E0

----------


## rubin

C:\WINDOWS\system32\mssrv32.exe

Файл avz00002.dta получен 2008.03.01 15:08:31 (CET)



```
AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.02.29	DR/Delphi.Gen
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.01	-
AVG	7.5.0.516	2008.02.29	-
BitDefender	7.2	2008.03.01	-
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	0.92.1	2008.03.01	-
DrWeb	4.44.0.09170	2008.03.01	Trojan.PWS.LDPinch.1941
eSafe	7.0.15.0	2008.02.28	-
eTrust-Vet	31.3.5574	2008.02.29	-
Ewido	4.0	2008.03.01	-
FileAdvisor	1	2008.03.01	-
Fortinet	3.14.0.0	2008.03.01	-
F-Prot	4.4.2.54	2008.02.29	-
F-Secure	6.70.13260.0	2008.03.01	-
Ikarus	T3.1.1.20	2008.03.01	Virus.Win32.Zapchast.DA
Kaspersky	7.0.0.125	2008.03.01	-
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.01	VirTool:Win32/DelfInject.gen!AA
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.01	-
Prevx1	V2	2008.03.01	-
Rising	20.33.52.00	2008.03.01	Trojan.DL.Win32.Agent.bxw
Sophos	4.27.0	2008.03.01	Mal/EncPk-CM
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.01	-
TheHacker	6.2.9.229	2008.02.25	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.02.29	-
Webwasher-Gateway	6.6.2	2008.03.01	Trojan.Dropper.Delphi.Gen
```

File size: 32256 bytes
MD5: 2de32a43ad09d558c3ff0bd3ac093760
SHA1: 5772af34611ea4ab5536e27362b5ce91a723501a
PEiD: -


C:\WINDOWS\system32\WLCtrl32.dll
Файл avz00005.dta получен 2008.03.01 15:08:31 (CET)



```
AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.02.29	-
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.01	-
AVG	7.5.0.516	2008.02.29	-
BitDefender	7.2	2008.03.01	-
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	0.92.1	2008.03.01	-
DrWeb	4.44.0.09170	2008.03.01	-
eSafe	7.0.15.0	2008.02.28	-
eTrust-Vet	31.3.5574	2008.02.29	-
Ewido	4.0	2008.03.01	-
FileAdvisor	1	2008.03.01	-
Fortinet	3.14.0.0	2008.03.01	-
F-Prot	4.4.2.54	2008.02.29	-
F-Secure	6.70.13260.0	2008.03.01	-
Ikarus	T3.1.1.20	2008.03.01	-
Kaspersky	7.0.0.125	2008.03.01	-
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.01	TrojanDropper:Win32/Cutwail.Y
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.01	-
Prevx1	V2	2008.03.01	KAVKOP:Trojan-A
Rising	20.33.52.00	2008.03.01	-
Sophos	4.27.0	2008.03.01	-
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.01	-
TheHacker	6.2.9.229	2008.02.25	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.02.29	-
Webwasher-Gateway	6.6.2	2008.03.01	-
```

Дополнительная информация
File size: 11776 bytes
MD5: 31143dab862917c131d3216af7553448
SHA1: 2bc62f5a377171f5d4f2b4332e8e18f7bd33cd98
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...636300C0F15FC3

*Добавлено через 5 часов 34 минуты*

C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe

Файл avz00001.dta получен 2008.03.01 20:43:28 (CET)



```
AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.02.29	TR/Drop.Agent.snu
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.01	-
AVG	7.5.0.516	2008.03.01	-
BitDefender	7.2	2008.03.01	-
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	0.92.1	2008.03.01	-
DrWeb	4.44.0.09170	2008.03.01	-
eSafe	7.0.15.0	2008.02.28	-
eTrust-Vet	31.3.5574	2008.02.29	-
Ewido	4.0	2008.03.01	-
FileAdvisor	1	2008.03.01	-
Fortinet	3.14.0.0	2008.03.01	-
F-Prot	4.4.2.54	2008.03.01	-
F-Secure	6.70.13260.0	2008.03.01	-
Ikarus	T3.1.1.20	2008.03.01	-
Kaspersky	7.0.0.125	2008.03.01	-
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.01	-
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.01	-
Prevx1	V2	2008.03.01	-
Rising	20.33.52.00	2008.03.01	-
Sophos	4.27.0	2008.03.01	-
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.01	-
TheHacker	6.2.9.230	2008.03.01	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.02.29	-
Webwasher-Gateway	6.6.2	2008.03.01	Trojan.Drop.Agent.snu
```

File size: 27032 bytes
MD5: 9c88404d896787714e9b9a5f7a3c07b9
SHA1: f37c0ce3d0095dcb51be2c405b9111ade0dc3549
PEiD: -

*Добавлено через 11 минут*

Продолжаем пополнение  :Smiley: 

C:\Program Files\Common Files\System\ntsvc32k.exe

Файл avz00002.dta получен 2008.03.01 20:51:48 (CET)



```
AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.02.29	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.01	-
AVG	7.5.0.516	2008.03.01	-
BitDefender	7.2	2008.03.01	-
CAT-QuickHeal	9.50	2008.03.01	(Suspicious) - DNAScan
ClamAV	0.92.1	2008.03.01	-
DrWeb	4.44.0.09170	2008.03.01	-
eSafe	7.0.15.0	2008.02.28	-
eTrust-Vet	31.3.5574	2008.02.29	-
Ewido	4.0	2008.03.01	-
FileAdvisor	1	2008.03.01	-
Fortinet	3.14.0.0	2008.03.01	-
F-Prot	4.4.2.54	2008.03.01	-
F-Secure	6.70.13260.0	2008.03.01	Suspicious:W32/Malware!Gemini
Ikarus	T3.1.1.20	2008.03.01	Trojan.Crypt.XPACK
Kaspersky	7.0.0.125	2008.03.01	-
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.01	Trojan:Win32/Chksyn.gen!A
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.01	Suspicious file
Prevx1	V2	2008.03.01	Generic.Malware
Rising	20.33.52.00	2008.03.01	-
Sophos	4.27.0	2008.03.01	Mal/Generic-A
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.01	-
TheHacker	6.2.9.230	2008.03.01	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.02.29	-
Webwasher-Gateway	6.6.2	2008.03.01	Trojan.Crypt.XPACK.Gen
```

File size: 14032 bytes
MD5: dd701590a5745d4af33ff88e3f0ea02b
SHA1: 3c33f183e479c735b18cdf7feef80fce3401ee1b
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...D29400323D834C



C:\Program Files\Common Files\System\RDPsvc2.exe

Файл avz00004.dta получен 2008.03.01 20:52:06 (CET)



```
AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.02.29	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.01	-
AVG	7.5.0.516	2008.03.01	-
BitDefender	7.2	2008.03.01	-
CAT-QuickHeal	9.50	2008.03.01	(Suspicious) - DNAScan
ClamAV	0.92.1	2008.03.01	-
DrWeb	4.44.0.09170	2008.03.01	-
eSafe	7.0.15.0	2008.02.28	Suspicious File
eTrust-Vet	31.3.5574	2008.02.29	-
Ewido	4.0	2008.03.01	-
FileAdvisor	1	2008.03.01	-
Fortinet	3.14.0.0	2008.03.01	-
F-Prot	4.4.2.54	2008.03.01	-
F-Secure	6.70.13260.0	2008.03.01	Suspicious:W32/Malware!Gemini
Ikarus	T3.1.1.20	2008.03.01	Trojan.Crypt.XPACK
Kaspersky	7.0.0.125	2008.03.01	-
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.01	Trojan:Win32/Chksyn.gen!A
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.01	Suspicious file
Prevx1	V2	2008.03.01	Generic.Malware
Rising	20.33.52.00	2008.03.01	-
Sophos	4.27.0	2008.03.01	Mal/Generic-A
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.01	-
TheHacker	6.2.9.230	2008.03.01	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.02.29	-
Webwasher-Gateway	6.6.2	2008.03.01	Trojan.Crypt.XPACK.Gen
```

File size: 31728 bytes
MD5: 633272b631f9935df968f1dbce840667
SHA1: f5fe22583139085b8857adea7606f0c45604d7ff
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...376A00A69FD467

----------


## rubin

t=18975

C:\WINDOWS\explorer.exe:whois2.jpg:$DATA
Файл avz00002.dta получен 2008.03.02 10:54:04 (CET)


```
AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.02.29	-
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.01	-
AVG	7.5.0.516	2008.03.01	-
BitDefender	7.2	2008.03.02	-
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	None	2008.03.01	-
DrWeb	4.44.0.09170	2008.03.01	-
eSafe	7.0.15.0	2008.02.28	suspicious Trojan/Worm
eTrust-Vet	31.3.5574	2008.02.29	-
Ewido	4.0	2008.03.02	-
FileAdvisor	1	2008.03.02	-
Fortinet	3.14.0.0	2008.03.02	-
F-Prot	4.4.2.54	2008.03.01	W32/Heuristic-MU2!Eldorado
F-Secure	6.70.13260.0	2008.03.01	-
Ikarus	T3.1.1.20	2008.03.02	-
Kaspersky	7.0.0.125	2008.03.02	-
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.02	-
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.01	-
Prevx1	V2	2008.03.02	-
Rising	20.33.52.00	2008.03.01	-
Sophos	4.27.0	2008.03.02	-
Sunbelt	3.0.906.0	2008.02.28	VIPRE.Suspicious
Symantec	10	2008.03.02	-
TheHacker	6.2.92.231	2008.03.02	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.03.02	-
Webwasher-Gateway	6.6.2	2008.03.02	Win32.Malware.dam (suspicious)
```

File size: 28319 bytes
MD5: d7bc1d1f3c55ef3c5823edd0b8855b3c
SHA1: c88c2091ce620e08340a3eaaae86a9cf0d8f5ad9
PEiD: -
packers: PE_Patch


Файл avz00010.dta получен 2008.03.02 10:55:15 (CET)
C:\WINDOWS\system32\consol.dll



```
AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.02.29	-
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.01	-
AVG	7.5.0.516	2008.03.01	-
BitDefender	7.2	2008.03.02	-
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	0.92.1	2008.03.01	-
DrWeb	4.44.0.09170	2008.03.01	-
eSafe	7.0.15.0	2008.02.28	suspicious Trojan/Worm
eTrust-Vet	31.3.5574	2008.02.29	Win32/Kvol!generic
Ewido	4.0	2008.03.02	-
FileAdvisor	1	2008.03.02	-
Fortinet	3.14.0.0	2008.03.02	-
F-Prot	4.4.2.54	2008.03.01	-
F-Secure	6.70.13260.0	2008.03.01	-
Ikarus	T3.1.1.20	2008.03.02	Virus.Trojan.Win32.Pakes.cdw
Kaspersky	7.0.0.125	2008.03.02	-
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.02	Trojan:Win32/Boaxxe.B
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.01	Suspicious file
Prevx1	V2	2008.03.02	Generic.Malware
Rising	20.33.52.00	2008.03.01	-
Sophos	4.27.0	2008.03.02	-
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.02	-
TheHacker	6.2.92.231	2008.03.02	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.03.02	-
Webwasher-Gateway	6.6.2	2008.03.02	-
```

File size: 88064 bytes
MD5: 4fbabeff1bfe366c916cf00ca29eb640
SHA1: 4a02ef50600b89bef0ac8ad5c7caf520a7fd5d85
PEiD: -
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramte...F7F500BBBB980C


Файл avz00006.dta получен 2008.03.02 10:57:20 (CET)
C:\WINDOWS\explorer.exe:crawler1.jpg:$DATA



```
AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.02.29	-
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.01	-
AVG	7.5.0.516	2008.03.01	-
BitDefender	7.2	2008.03.02	-
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	0.92.1	2008.03.01	-
DrWeb	4.44.0.09170	2008.03.01	-
eSafe	7.0.15.0	2008.02.28	suspicious Trojan/Worm
eTrust-Vet	31.3.5574	2008.02.29	-
Ewido	4.0	2008.03.02	-
FileAdvisor	1	2008.03.02	-
Fortinet	3.14.0.0	2008.03.02	-
F-Prot	4.4.2.54	2008.03.01	-
F-Secure	6.70.13260.0	2008.03.01	-
Ikarus	T3.1.1.20	2008.03.02	-
Kaspersky	7.0.0.125	2008.03.02	-
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.02	-
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.01	Suspicious file
Prevx1	V2	2008.03.02	Heuristic: Suspicious File With Mass Email Capabilities
Rising	20.33.52.00	2008.03.01	-
Sophos	4.27.0	2008.03.02	-
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.02	-
TheHacker	6.2.92.231	2008.03.02	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.03.02	-
Webwasher-Gateway	6.6.2	2008.03.02	-
```

File size: 96256 bytes
MD5: c9262818fe4434d000747266303a3c74
SHA1: 6272819b4a1c6044c33091ac449e5c80170af1d4
PEiD: -
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramte...80750081EE0D07

*Добавлено через 7 часов 19 минут*

C:\Program Files\NetProject\sbmntr.exe

Файл avz00002.dta получен 2008.03.02 18:24:40 (CET)


```
AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.03.02	-
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.02	Win32:Zlob-AGV
AVG	7.5.0.516	2008.03.01	-
BitDefender	7.2	2008.03.02	-
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	0.92.1	2008.03.02	-
DrWeb	4.44.0.09170	2008.03.02	-
eSafe	7.0.15.0	2008.02.28	suspicious Trojan/Worm
eTrust-Vet	31.3.5574	2008.02.29	Win32/Crushpy!generic
Ewido	4.0	2008.03.02	-
FileAdvisor	1	2008.03.02	-
Fortinet	3.14.0.0	2008.03.02	-
F-Prot	4.4.2.54	2008.03.01	-
F-Secure	6.70.13260.0	2008.03.01	-
Ikarus	T3.1.1.20	2008.03.02	Trojan.Zlob.2
Kaspersky	7.0.0.125	2008.03.02	-
McAfee	5242	2008.02.29	Puper
Microsoft	1.3301	2008.03.02	TrojanDownloader:Win32/Zlob.gen!AS
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.02	Suspicious file
Prevx1	V2	2008.03.02	Trojan.Popuper
Rising	20.33.62.00	2008.03.02	-
Sophos	4.27.0	2008.03.02	-
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.02	-
TheHacker	6.2.92.231	2008.03.02	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.03.02	Trojan.DL.Zlob.Gen.34
Webwasher-Gateway	6.6.2	2008.03.02	-
```

File size: 19456 bytes
MD5: 786195fe521229ee428856017b63aaf3
SHA1: cf3bcc4e2e6b8dc9300d4fed5018b6ec9b69442f
PEiD: UPX 2.93 - 3.00 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers: UPX
packers: embedded, UPX_LZMA
Prevx info: http://info.prevx.com/aboutprogramte...B03000C9A1649B

C:\Program Files\NetProject\sbsm.exe
Файл avz00003.dta получен 2008.03.02 18:24:45 (CET)


```
AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.03.02	-
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.02	Win32:Zlob-AGV
AVG	7.5.0.516	2008.03.01	Downloader.Zlob.AAH
BitDefender	7.2	2008.03.02	-
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	0.92.1	2008.03.02	-
DrWeb	4.44.0.09170	2008.03.02	-
eSafe	7.0.15.0	2008.02.28	-
eTrust-Vet	31.3.5574	2008.02.29	Win32/Crushpy!generic
Ewido	4.0	2008.03.02	-
FileAdvisor	1	2008.03.02	-
Fortinet	3.14.0.0	2008.03.02	-
F-Prot	4.4.2.54	2008.03.01	W32/Nilage.gen!GSA
F-Secure	6.70.13260.0	2008.03.01	-
Ikarus	T3.1.1.20	2008.03.02	Virus.Win32.Zlob.AGV
Kaspersky	7.0.0.125	2008.03.02	-
McAfee	5242	2008.02.29	-
Microsoft	1.3301	2008.03.02	TrojanDownloader:Win32/Zlob.gen!AU
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.02	-
Prevx1	V2	2008.03.02	Downloader.Zlob.AAH
Rising	20.33.62.00	2008.03.02	-
Sophos	4.27.0	2008.03.02	-
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.02	-
TheHacker	6.2.92.231	2008.03.02	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.03.02	Trojan.DL.Zlob.Gen.34
Webwasher-Gateway	6.6.2	2008.03.02	-
```

File size: 7168 bytes
MD5: d5080c753fc432c953253fdf177c47f1
SHA1: 348838430ec86c187d75c12341d5afe36fa9bcb3
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...EF4E003AAA3D50


C:\Program Files\Helper\1204389949.dll
Файл avz00004.dta получен 2008.03.02 18:24:50 (CET)


```
AhnLab-V3	2008.2.29.1	2008.02.29	-
AntiVir	7.6.0.73	2008.03.02	TR/Downloader.Gen
Authentium	4.93.8	2008.03.01	-
Avast	4.7.1098.0	2008.03.02	-
AVG	7.5.0.516	2008.03.01	-
BitDefender	7.2	2008.03.02	Trojan.Downloader.Zlob.ABMP
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	0.92.1	2008.03.02	-
DrWeb	4.44.0.09170	2008.03.02	-
eSafe	7.0.15.0	2008.02.28	suspicious Trojan/Worm
eTrust-Vet	31.3.5574	2008.02.29	-
Ewido	4.0	2008.03.02	-
FileAdvisor	1	2008.03.02	-
Fortinet	3.14.0.0	2008.03.02	-
F-Prot	4.4.2.54	2008.03.01	-
F-Secure	6.70.13260.0	2008.03.01	-
Ikarus	T3.1.1.20	2008.03.02	Trojan-Downloader
Kaspersky	7.0.0.125	2008.03.02	-
McAfee	5242	2008.02.29	Puper.dll
Microsoft	1.3301	2008.03.02	BrowserModifier:Win32/E404
NOD32v2	2913	2008.03.01	-
Norman	5.80.02	2008.02.29	-
Panda	9.0.0.4	2008.03.02	-
Prevx1	V2	2008.03.02	TROJAN.DA.DLL
Rising	20.33.62.00	2008.03.02	-
Sophos	4.27.0	2008.03.02	-
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.02	-
TheHacker	6.2.92.231	2008.03.02	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.03.02	-
Webwasher-Gateway	6.6.2	2008.03.02	Trojan.Downloader.Gen
```

File size: 12800 bytes
MD5: 49046bfdf2d145519da86272dacb31c6
SHA1: 6b4d637f63dce4e558cb2b967626bdeff1d3b2af
PEiD: -
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramte...A8C5003F2C68D3

----------


## drongo

t=18497


```
 File avz00019.dta received on 03.03.2008 14:47:37 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 14/32 (43.75%)

Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2008.2.29.1	2008.03.03	Dropper/Downloader.23552.AB
AntiVir	7.6.0.73	2008.03.03	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.03.02	-
Avast	4.7.1098.0	2008.03.02	Win32:Delf-IFY
AVG	7.5.0.516	2008.03.03	Win32/PolyCrypt
BitDefender	7.2	2008.03.03	Packer.Malware.FriCryptor.B
CAT-QuickHeal	9.50	2008.03.01	-
ClamAV	0.92.1	2008.03.03	-
DrWeb	4.44.0.09170	2008.03.03	-
eSafe	7.0.15.0	2008.02.28	Suspicious File
eTrust-Vet	31.3.5582	2008.03.03	-
Ewido	4.0	2008.03.03	-
FileAdvisor	1	2008.03.03	-
Fortinet	3.14.0.0	2008.03.03	-
F-Prot	4.4.2.54	2008.03.02	W32/Dropper.ITS
F-Secure	6.70.13260.0	2008.03.03	PolyCrypt.F
Ikarus	T3.1.1.20	2008.03.03	Trojan.Win32.Pakes.bod
Kaspersky	7.0.0.125	2008.03.03	Heur.Trojan.Generic
McAfee	5242	2008.02.29	New Malware.cn
Microsoft	1.3301	2008.03.03	-
NOD32v2	2917	2008.03.03	-
Norman	5.80.02	2008.02.29	PolyCrypt.F
Panda	9.0.0.4	2008.03.02	-
Prevx1	V2	2008.03.03	-
Rising	20.34.02.00	2008.03.03	-
Sophos	4.27.0	2008.03.03	Mal/Basine-C
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.03	-
TheHacker	6.2.92.231	2008.03.02	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.03.02	-
Webwasher-Gateway	6.6.2	2008.03.03	Trojan.Crypt.XPACK.Gen
Additional information
File size: 23552 bytes
MD5: 7b1e68660309bb255ad7f0dbc29a70b5
SHA1: 281ada06492035a47c36bc74fd8cb7363de4a3cd
PEiD: -
```

----------


## XL

Желатин новой волны




> Файл e-card.rar получен 2008.03.03 17:28:20 (CET)
> 
> AhnLab-V3	2008.2.29.1	2008.03.03	-
> *AntiVir	7.6.0.73	2008.03.03	Worm/Zhelatin.pc*
> Authentium	4.93.8	2008.03.02	-
> Avast	4.7.1098.0	2008.03.02	-
> *AVG	7.5.0.516	2008.03.03	I-Worm/Nuwar.N
> BitDefender	7.2	2008.03.03	Trojan.Peed.IWV
> CAT-QuickHeal	9.50	2008.03.01	Win32.Email-Worm.Zhelatin.vg
> ...

----------


## ALEX(XX)

File kgxpltsrh_xplore_keygen.exe received on 03.04.2008 08:42:07 (CET) 



```
Antivirus    Version    Last Update    Result
AhnLab-V3    2008.3.4.0    2008.03.03    -
AntiVir    7.6.0.73    2008.03.04    Worm/SdBot.21176.1
Authentium    4.93.8    2008.03.04    -
Avast    4.7.1098.0    2008.03.04    Win32:SdBot-5210
AVG    7.5.0.516    2008.03.03    IRC/BackDoor.SdBot3.BHV
BitDefender    7.2    2008.03.03    Win32.Worm.Sdbot.AS
CAT-QuickHeal    9.50    2008.03.03    (Suspicious) - DNAScan
ClamAV    0.92.1    2008.03.04    -
DrWeb    4.44.0.09170    2008.03.04    -
eSafe    7.0.15.0    2008.02.28    Suspicious File
eTrust-Vet    31.3.5585    2008.03.04    -
Ewido    4.0    2008.03.03    -
FileAdvisor    1    2008.03.04    -
Fortinet    3.14.0.0    2008.03.04    W32/SDBot.AS!worm
F-Prot    4.4.2.54    2008.03.03    W32/Heuristic-162!Eldorado
F-Secure    6.70.13260.0    2008.03.04    W32/SDBot.BIDF
Ikarus    T3.1.1.20    2008.03.04    P2P-Worm.Win32.SpyBot.gl
Kaspersky    7.0.0.125    2008.03.04    -
McAfee    5243    2008.03.03    W32/Sdbot.worm.gen.as
Microsoft    1.3301    2008.03.03    -
NOD32v2    2919    2008.03.04    -
Norman    5.80.02    2008.03.03    W32/SDBot.BIDF
Panda    9.0.0.4    2008.03.03    W32/Sdbot.LAR.worm
Prevx1    V2    2008.03.04    Generic.Malware
Rising    20.34.10.00    2008.03.04    -
Sophos    4.27.0    2008.03.04    Mal/Generic-A
Sunbelt    3.0.906.0    2008.02.28    -
Symantec    10    2008.03.04    -
TheHacker    6.2.92.232    2008.03.04    W32/SdBot.worm.gen
VBA32    3.12.6.2    2008.02.27    -
VirusBuster    4.3.26:9    2008.03.03    -
Webwasher-Gateway    6.6.2    2008.03.04    Worm.SdBot.21176.1
```

Additional informationFile size: 21176 bytesMD5: 5c7080f7cd3668801c44f677ca9f0621SHA1: fad19e7f07e3ba825d7014c7fa7ef3526aba8872PEiD: PECompact 2.xx (Slim Loader) --&gt; BitSum Technologiespackers: PecBundle, PECompactpackers: PE_Patch.PECompact, PecBundle, PECompactPrevx info: http://info.prevx.com/aboutprogramte...C301006020C823

----------


## rubin

mssrv32.exe



```
AhnLab-V3	2008.3.4.0	2008.03.04	-
AntiVir	7.6.0.73	2008.03.04	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.03.04	-
Avast	4.7.1098.0	2008.03.04	-
AVG	7.5.0.516	2008.03.03	Flooder.O
BitDefender	7.2	2008.03.04	-
CAT-QuickHeal	9.50	2008.03.03	-
ClamAV	0.92.1	2008.03.04	-
DrWeb	4.44.0.09170	2008.03.04	-
eSafe	7.0.15.0	2008.02.28	Suspicious File
eTrust-Vet	31.3.5585	2008.03.04	-
Ewido	4.0	2008.03.03	-
FileAdvisor	1	2008.03.04	-
Fortinet	3.14.0.0	2008.03.04	-
F-Prot	4.4.2.54	2008.03.03	-
F-Secure	6.70.13260.0	2008.03.04	-
Ikarus	T3.1.1.20	2008.03.04	-
Kaspersky	7.0.0.125	2008.03.04	Heur.Trojan.Generic
McAfee	5243	2008.03.03	-
Microsoft	1.3301	2008.03.03	-
NOD32v2	2920	2008.03.04	-
Norman	5.80.02	2008.03.03	-
Panda	9.0.0.4	2008.03.03	-
Prevx1	V2	2008.03.04	Heuristic: Suspicious Self Modifying EXE
Rising	20.34.12.00	2008.03.04	-
Sophos	4.27.0	2008.03.04	Mal/Basine-C
Sunbelt	3.0.906.0	2008.02.28	-
Symantec	10	2008.03.04	-
TheHacker	6.2.92.232	2008.03.04	-
VBA32	3.12.6.2	2008.02.27	-
VirusBuster	4.3.26:9	2008.03.03	-
Webwasher-Gateway	6.6.2	2008.03.04	Trojan.Crypt.XPACK.Gen
```

File size: 15872 bytes
MD5: b7ca5bcaf7ef79981343af80230c965c
SHA1: 1274e0f42b799a2b3d38678fd01de513917d6941
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...791E00A868A12F

----------


## ALEX(XX)

File avz00001.dta received on 03.04.2008 20:40:54 (CET)



```
Antivirus    Version    Last Update    Result
AhnLab-V3    2008.3.4.0    2008.03.04    -
AntiVir    7.6.0.73    2008.03.04    TR/Dropper.Gen
Authentium    4.93.8    2008.03.04    -
Avast    4.7.1098.0    2008.03.04    -
AVG    7.5.0.516    2008.03.04    -
BitDefender    7.2    2008.03.04    -
CAT-QuickHeal    9.50    2008.03.04    -
ClamAV    0.92.1    2008.03.04    -
DrWeb    4.44.0.09170    2008.03.04    -
eSafe    7.0.15.0    2008.02.28    suspicious Trojan/Worm
eTrust-Vet    31.3.5587    2008.03.04    -
Ewido    4.0    2008.03.04    -
FileAdvisor    1    2008.03.04    -
Fortinet    3.14.0.0    2008.03.04    -
F-Prot    4.4.2.54    2008.03.04    -
F-Secure    6.70.13260.0    2008.03.04    W32/Smalltroj.CVQM
Ikarus    T3.1.1.20    2008.03.04    -
Kaspersky    7.0.0.125    2008.03.04    Trojan-Spy.Win32.Agent.ig
McAfee    5244    2008.03.04    -
Microsoft    1.3301    2008.03.04    -
NOD32v2    2921    2008.03.04    -
Norman    5.80.02    2008.03.04    W32/Smalltroj.CVQM
Panda    9.0.0.4    2008.03.04    -
Prevx1    V2    2008.03.04    Taz
Rising    20.34.12.00    2008.03.04    -
Sophos    4.27.0    2008.03.04    Sus/Dropper-A
Sunbelt    3.0.906.0    2008.02.28    -
Symantec    10    2008.03.04    -
TheHacker    6.2.92.233    2008.03.04    -
VBA32    3.12.6.2    2008.02.27    suspected of Embedded.Trojan.Proxy.2240
VirusBuster    4.3.26:9    2008.03.04    -
Webwasher-Gateway    6.6.2    2008.03.04    Trojan.Dropper.Gen
```

Additional information
File size: 17408 bytes
MD5: 8c7f5ddbac559e025c1fcb5298535e88
SHA1: fabd90ac6eac34d0700b68fb65036c3cda927dd8
PEiD: -
packers: embedded, UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramte...608E00014A63AF

----------


## Karlson

Файл winfshs.exe получен 2008.03.04 15:50:44 (CET)
Текущий статус: закончено 
Результат: 13/32 (40.62%)




```
АнтивирусВерсияОбновлениеРезультат
AhnLab-V32008.3.4.02008.03.04Win-Trojan/Xema.274944.B
AntiVir7.6.0.732008.03.04-
Authentium4.93.82008.03.02-
Avast4.7.1098.02008.03.02-
AVG7.5.0.5162008.03.04-
BitDefender7.22008.03.04-
CAT-QuickHeal9.502008.03.04-
ClamAV0.92.12008.03.04-
DrWeb4.44.0.091702008.03.04-
eSafe7.0.15.02008.02.28suspiciousTrojan/Worm
e-TrustVet31.3.55822008.03.03-
Ewido4.02008.03.04-
FileAdvisor12008.03.04-
Fortinet3.14.0.02008.03.03HackerTool/Evid
F-Prot4.4.2.542008.03.02-
F-Secure6.70.13260.02008.03.04W32/Malware.BNIW
IkarusT3.1.1.202008.03.04-
Kaspersky7.0.0.1252008.03.04-
McAfee52432008.03.03potentially unwanted program Tool-Evid
Microsoft1.33012008.03.03-
NOD32v229212008.03.04Win32/Tool.EvID4226
Norman5.80.022008.03.04W32/Malware.BNIW
Panda9.0.0.42008.03.02Suspicious file
Prevx1V22008.03.04Win32.Malware.gen
Rising20.34.12.002008.03.04-
Sophos4.27.02008.03.04EvID4226 Installer
Sunbelt3.0.906.02008.02.28-
Symantec102008.03.04Backdoor.Trojan
TheHacker6.2.92.2312008.03.02-
VBA323.12.6.22008.02.27-
VirusBuster4.3.26:92008.03.04RiskWare.DR.TCPIPPatcher.B
Webwasher-Gateway6.6.22008.03.04Riskware.Tool.EvID4226.A
```

Дополнительная информацияFile size: 45568 bytes
MD5: a5e346828cd93262e9a9b4b874f29b89
SHA1: 4c1ba5e828f99edafcf5130e81020f09919d7fd4
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiserpackers: UPXpackers: UPXpackers: PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramte...DE0100A3785025

----------


## rubin

Файл TheBestFebruary.zip получен 2008.03.05 19:35:11 (CET)



```
AhnLab-V3	2008.3.4.0	2008.03.05	-
AntiVir	7.6.0.73	2008.03.05	TR/Crypt.CFI.Gen
Authentium	4.93.8	2008.03.04	-
Avast	4.7.1098.0	2008.03.05	-
AVG	7.5.0.516	2008.03.05	Dropper.Joiner.2.AD
BitDefender	7.2	2008.03.05	-
CAT-QuickHeal	9.50	2008.03.05	(Suspicious) - DNAScan
ClamAV	0.92.1	2008.03.05	-
DrWeb	4.44.0.09170	2008.03.05	Trojan.PWS.LDPinch.3118
eSafe	7.0.15.0	2008.02.28	-
eTrust-Vet	31.3.5590	2008.03.05	-
Ewido	4.0	2008.03.05	-
FileAdvisor	1	2008.03.05	-
Fortinet	3.14.0.0	2008.03.05	-
F-Prot	4.4.2.54	2008.03.04	-
F-Secure	6.70.13260.0	2008.03.05	Trojan-PSW.Win32.LdPinch.rfj
Ikarus	T3.1.1.20	2008.03.05	Trojan.Crypt.CFI
Kaspersky	7.0.0.125	2008.03.05	Trojan-PSW.Win32.LdPinch.rfj
McAfee	5245	2008.03.05	-
Microsoft	1.3301	2008.03.05	-
NOD32v2	2923	2008.03.05	-
Norman	5.80.02	2008.03.05	-
Panda	9.0.0.4	2008.03.04	Suspicious file
Prevx1	V2	2008.03.05	-
Rising	20.34.22.00	2008.03.05	-
Sophos	4.27.0	2008.03.05	Sus/UnkPacker
Sunbelt	3.0.930.0	2008.03.05	-
Symantec	10	2008.03.05	-
TheHacker	6.2.92.233	2008.03.04	-
VBA32	3.12.6.2	2008.03.05	-
VirusBuster	4.3.26:9	2008.03.05	-
Webwasher-Gateway	6.6.2	2008.03.05	Trojan.Crypt.CFI.Gen
```

File size: 475978 bytes
MD5: a1d47f256cadc6bfbc567b67b38ecb79
SHA1: a16235f1e67ff6a4cc45f976332e97e87df12e6a
PEiD: -

*Добавлено через 1 час 17 минут*

t=19250
Файл avz00001.dta получен 2008.03.05 20:40:49 (CET)


```
AhnLab-V3	2008.3.4.0	2008.03.05	-
AntiVir	7.6.0.73	2008.03.05	WORM/Zhelatin.Gen
Authentium	4.93.8	2008.03.04	-
Avast	4.7.1098.0	2008.03.05	-
AVG	7.5.0.516	2008.03.05	I-Worm/Nuwar.N
BitDefender	7.2	2008.03.05	Trojan.Peed.JAN
CAT-QuickHeal	9.50	2008.03.05	Win32.Email-Worm.Zhelatin.uw4
ClamAV	0.92.1	2008.03.05	-
DrWeb	4.44.0.09170	2008.03.05	-
eSafe	7.0.15.0	2008.02.28	Suspicious File
eTrust-Vet	31.3.5590	2008.03.05	-
Ewido	4.0	2008.03.05	-
FileAdvisor	1	2008.03.05	-
Fortinet	3.14.0.0	2008.03.05	-
F-Prot	4.4.2.54	2008.03.04	-
F-Secure	6.70.13260.0	2008.03.05	Tibs.gen136
Ikarus	T3.1.1.20	2008.03.05	Worm.Zhelatin
Kaspersky	7.0.0.125	2008.03.05	Trojan-Downloader.Win32.Tibs.wa
McAfee	5245	2008.03.05	-
Microsoft	1.3301	2008.03.05	Trojan:Win32/Tibs.FS
NOD32v2	2924	2008.03.05	-
Norman	5.80.02	2008.03.05	Tibs.gen136
Panda	9.0.0.4	2008.03.05	-
Prevx1	V2	2008.03.05	-
Rising	20.34.22.00	2008.03.05	-
Sophos	4.27.0	2008.03.05	-
Sunbelt	3.0.930.0	2008.03.05	-
Symantec	10	2008.03.05	-
TheHacker	6.2.92.233	2008.03.04	-
VBA32	3.12.6.2	2008.03.05	-
VirusBuster	4.3.26:9	2008.03.05	Trojan.Tibs.Gen!Pac.G
Webwasher-Gateway	6.6.2	2008.03.05	Worm.Zhelatin.Gen
```

File size: 13450 bytes
MD5: d8eb97562b628c838eb4336f70c6c51c
SHA1: 8e63e57d7780754b90a476c99156a3ba74ed937d
PEiD: -


Файл avz00016.dta получен 2008.03.05 20:54:37 (CET)



```
AhnLab-V3	2008.3.4.0	2008.03.05	-
AntiVir	7.6.0.73	2008.03.05	-
Authentium	4.93.8	2008.03.04	-
Avast	4.7.1098.0	2008.03.05	-
AVG	7.5.0.516	2008.03.05	-
BitDefender	7.2	2008.03.05	-
CAT-QuickHeal	9.50	2008.03.05	-
ClamAV	0.92.1	2008.03.05	-
DrWeb	4.44.0.09170	2008.03.05	-
eSafe	7.0.15.0	2008.02.28	-
eTrust-Vet	31.3.5590	2008.03.05	Win32/Pripecs!generic
Ewido	4.0	2008.03.05	-
FileAdvisor	1	2008.03.05	-
Fortinet	3.14.0.0	2008.03.05	-
F-Prot	4.4.2.54	2008.03.04	W32/FakeAlert.E.gen!Eldorado
F-Secure	6.70.13260.0	2008.03.05	-
Ikarus	T3.1.1.20	2008.03.05	Virus.Win32.Agent.LTS
Kaspersky	7.0.0.125	2008.03.05	-
McAfee	5245	2008.03.05	-
Microsoft	1.3301	2008.03.05	-
NOD32v2	2923	2008.03.05	-
Norman	5.80.02	2008.03.05	-
Panda	9.0.0.4	2008.03.05	-
Prevx1	V2	2008.03.05	-
Rising	20.34.22.00	2008.03.05	-
Sophos	4.27.0	2008.03.05	-
Sunbelt	3.0.930.0	2008.03.05	-
Symantec	10	2008.03.05	-
TheHacker	6.2.92.233	2008.03.04	-
VBA32	3.12.6.2	2008.03.05	suspected of Downloader.Zlob.7
VirusBuster	4.3.26:9	2008.03.05	-
Webwasher-Gateway	6.6.2	2008.03.05	-
```

File size: 266240 bytes
MD5: 81e82a1a255628b9454143403f45f302
SHA1: 44156be097de5dbfdb311cfae6ffb3406d99d61f
PEiD: -

----------


## pig

AVZ выдала подозрение на Brontok.

Файл avz00001.dta получен 2008.03.07 08:57:12 (CET)
Результат: *11/32* (34.38%)



```
Антивирус         Версия       Обновление Результат 
AhnLab-V3         2008.3.4.0   2008.03.07 Win32/Rontokbro.worm.81920
AntiVir           7.6.0.73     2008.03.07 TR/Crypt.CFI.Gen
Authentium        4.93.8       2008.03.07 -
Avast             4.7.1098.0   2008.03.06 Win32:Brontok
AVG               7.5.0.516    2008.03.06 I-Worm/Brontok.A
BitDefender       7.2          2008.03.07 [email protected]
CAT-QuickHeal     9.50         2008.03.06 -
ClamAV            0.92.1       2008.03.07 Worm.Brontok.B
DrWeb             4.44.0.09170 2008.03.07 -
eSafe             7.0.15.0     2008.03.06 -
eTrust-Vet        31.3.5593    2008.03.06 -
Ewido             4.0          2008.03.06 Worm.Brontok.a
FileAdvisor       1            2008.03.07 -
Fortinet          3.14.0.0     2008.03.07 -
F-Prot            4.4.2.54     2008.03.07 W32/Brontok.C.gen!Eldorado
F-Secure          6.70.13260.0 2008.03.07 -
Ikarus            T3.1.1.20    2008.03.07 Email-Worm.Win32.Brontok.N
Kaspersky         7.0.0.125    2008.03.07 -
McAfee            5246         2008.03.06 -
Microsoft         1.3301       2008.03.06 -
NOD32v2           2928         2008.03.06 -
Norman            5.80.02      2008.03.06 -
Panda             9.0.0.4      2008.03.06 -
Prevx1            V2           2008.03.07 -
Rising            20.34.32.00  2008.03.06 Worm.Win32.Agent.yxh
Sophos            4.27.0       2008.03.07 -
Sunbelt           3.0.930.0    2008.03.05 -
Symantec          10           2008.03.07 -
TheHacker         6.2.92.235   2008.03.07 -
VBA32             3.12.6.2     2008.03.05 -
VirusBuster       4.3.26:9     2008.03.06 -
Webwasher-Gateway 6.6.2        2008.03.07 Trojan.Crypt.CFI.Gen
```

File size: 81920 bytes
MD5: 22ba17311630376b665361fdc93e9c52
SHA1: f6d27a594dff04a29f48dcab88573e9ec30d7a34
PEiD: -

P.S.


```
Файл сохранён как 080307_022500_virusinfo_cure_47d0fbdc3e8be.zip
Размер файла 149162
MD5 e563f379b8b783b012b6cd4817fe31e5
```

P.P.S. Ответ из вирус-лаба Dr.Web:



> Ваш запрос был проанализирован. Это был разрушенный файл.


Ответ из вирлаба ЛК:



> csrss.exe_ - Email-Worm.Win32.Brontok.bp

----------


## rubin

t=19369

ntos.exe
Файл avz00001.dta получен 2008.03.07 20:10:39 (CET)


```
AhnLab-V3	2008.3.4.0	2008.03.07	-
AntiVir	7.6.0.73	2008.03.07	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.03.07	-
Avast	4.7.1098.0	2008.03.07	-
AVG	7.5.0.516	2008.03.07	-
BitDefender	7.2	2008.03.07	Trojan.Loader.J
CAT-QuickHeal	9.50	2008.03.07	-
ClamAV	0.92.1	2008.03.07	-
DrWeb	4.44.0.09170	2008.03.07	-
eSafe	7.0.15.0	2008.03.06	-
eTrust-Vet	31.3.5595	2008.03.07	-
Ewido	4.0	2008.03.07	-
FileAdvisor	1	2008.03.07	-
Fortinet	3.14.0.0	2008.03.07	-
F-Prot	4.4.2.54	2008.03.07	-
F-Secure	6.70.13260.0	2008.03.07	Suspicious:W32/Malware!Gemini
Ikarus	T3.1.1.20	2008.03.07	Trojan-Spy.Win32.Zbot.aft
Kaspersky	7.0.0.125	2008.03.07	-
McAfee	5247	2008.03.07	-
Microsoft	1.3301	2008.03.07	TrojanDownloader:Win32/Agent
NOD32v2	2930	2008.03.07	Win32/Spy.Agent.NFJ
Norman	5.80.02	2008.03.07	-
Panda	9.0.0.4	2008.03.06	Suspicious file
Prevx1	V2	2008.03.07	-
Rising	20.34.42.00	2008.03.07	-
Sophos	4.27.0	2008.03.07	-
Sunbelt	3.0.930.0	2008.03.05	-
TheHacker	6.2.92.236	2008.03.07	-
VBA32	3.12.6.2	2008.03.05	-
VirusBuster	4.3.26:9	2008.03.07	-
Webwasher-Gateway	6.6.2	2008.03.07	Trojan.Crypt.XPACK.Gen
```


base*.dll
Файл avz00004.dta получен 2008.03.07 20:10:40 (CET)


```
AhnLab-V3	2008.3.4.0	2008.03.07	-
AntiVir	7.6.0.73	2008.03.07	HEUR/Crypted
Authentium	4.93.8	2008.03.07	-
Avast	4.7.1098.0	2008.03.07	-
AVG	7.5.0.516	2008.03.07	-
BitDefender	7.2	2008.03.07	Trojan.Agent.AGKK
CAT-QuickHeal	9.50	2008.03.07	-
ClamAV	0.92.1	2008.03.07	-
DrWeb	4.44.0.09170	2008.03.07	-
eSafe	7.0.15.0	2008.03.06	-
eTrust-Vet	31.3.5595	2008.03.07	-
Ewido	4.0	2008.03.07	-
FileAdvisor	1	2008.03.07	-
Fortinet	3.14.0.0	2008.03.07	-
F-Prot	4.4.2.54	2008.03.07	-
F-Secure	6.70.13260.0	2008.03.07	-
Ikarus	T3.1.1.20	2008.03.07	-
Kaspersky	7.0.0.125	2008.03.07	-
McAfee	5247	2008.03.07	-
Microsoft	1.3301	2008.03.07	-
NOD32v2	2930	2008.03.07	-
Norman	5.80.02	2008.03.07	-
Panda	9.0.0.4	2008.03.06	Suspicious file
Prevx1	V2	2008.03.07	Generic.Malware
Rising	20.34.42.00	2008.03.07	-
Sophos	4.27.0	2008.03.07	-
Sunbelt	3.0.930.0	2008.03.05	-
TheHacker	6.2.92.236	2008.03.07	-
VBA32	3.12.6.2	2008.03.05	-
VirusBuster	4.3.26:9	2008.03.07	Trojan.DL.BServ.Gen
Webwasher-Gateway	6.6.2	2008.03.07	Heuristic.Crypted
```

File size: 24576 bytes
MD5: 73d9aebc5d241ba04fc5ffbac27cc365
SHA1: ddd1ed6f52ea9181217d4084a3e504cd3c794bbb
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...827A0054134F9C

----------


## Karlson

Файл *Install_exe.vir* получен *2008.03.10 09:33:21 (CET)*

Текущий статус: Загрузка ... *закончено*



Результат: *11**/32 (34.38%)* 


```
Антивирус Версия Обновление Результат
AhnLab-V3 2008.3.4.0 2008.03.07 -
AntiVir 7.6.0.73 2008.03.10 TR/Crypt.XDR.Gen
Authentium 4.93.8 2008.03.07 -
Avast 4.7.1098.0 2008.03.09 Win32:LdPinch-BMA
AVG 7.5.0.516 2008.03.09 -
BitDefender 7.2 2008.03.10 Trojan.Peed.Gen
CAT-QuickHeal 9.50 2008.03.08 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.03.09 -
DrWeb 4.44.0.09170 2008.03.10 -
eSafe 7.0.15.0 2008.03.09 -
eTrust-Vet 31.3.5597 2008.03.07 -
Ewido 4.0 2008.03.09 -
FileAdvisor 1 2008.03.10 -
Fortinet 3.14.0.0 2008.03.10 W32/LdPinch.FVA!tr.pws
F-Prot 4.4.2.54 2008.03.09 -
F-Secure 6.70.13260.0 2008.03.10 Trojan-PSW.Win32.LdPinch.fva
Ikarus T3.1.1.20 2008.03.10 Virus.Win32.LdPinch.BMA
Kaspersky 7.0.0.125 2008.03.10 Trojan-PSW.Win32.LdPinch.fva
McAfee 5247 2008.03.07 -
Microsoft 1.3301 2008.03.07 -
NOD32v2 2933 2008.03.10 -
Norman 5.80.02 2008.03.07 -
Panda 9.0.0.4 2008.03.09 Suspicious file
Prevx1 V2 2008.03.10 -
Rising 20.35.00.00 2008.03.10 -
Sophos 4.27.0 2008.03.10 -
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.10 -
TheHacker 6.2.92.239 2008.03.09 -
VBA32 3.12.6.2 2008.03.05 MalwareScope.Trojan-PSW.Pinch.1
VirusBuster 4.3.26:9 2008.03.09 -
Webwasher-Gateway 6.6.2 2008.03.10 Trojan.Crypt.XDR.Gen
```

Дополнительная информация
File size: 44032 bytes
MD5: c43b2a91048e8bec446ae274077ff7e7
SHA1: d2831dc30541f06db92115fe3b9223edcf7a6808
PEiD: -

*Добавлено через 24 минуты*

отковырял при помощи IceSword, другими средствами не смог.
Файл 001.001 получен 2008.03.10 10:14:15 (CET)
Текущий статус: ка закончено 
Результат: 8/32 (25%)



```
Антивирус   Версия Обновление Результат 
AhnLab-V3   2008.3.4.0 2008.03.07 - 
AntiVir 7.6.0.73  2008.03.10 TR/Drop.Agent.NBG 
Authentium 4.93.8  2008.03.07 - 
Avast 4.7.1098.0  2008.03.09 - 
AVG 7.5.0.516   2008.03.09 BackDoor.Ntrootkit.AC 
BitDefender 7.2  2008.03.10 - 
CAT-QuickHeal 9.50  2008.03.08 - 
ClamAV 0.92.1   2008.03.10 - 
DrWeb 4.44.0.09170  2008.03.10 - 
eSafe 7.0.15.0   2008.03.09 - 
eTrust-Vet 31.3.5597  2008.03.07 - 
Ewido 4.0   2008.03.09 - 
FileAdvisor 1   2008.03.10 - 
Fortinet 3.14.0.0  2008.03.10 - 
F-Prot 4.4.2.54  2008.03.09 - 
F-Secure 6.70.13260.0  2008.03.10 - 
Ikarus T3.1.1.20  2008.03.10 - 
Kaspersky 7.0.0.125  2008.03.10 - 
McAfee 5247   2008.03.07 - 
Microsoft 1.3301  2008.03.07 VirTool:WinNT/Cutwail.F 
NOD32v2 2933   2008.03.10 probably a variant of Win32/Wigon 
Norman 5.80.02   2008.03.07 - 
Panda 9.0.0.4   2008.03.09 - 
Prevx1 V2   2008.03.10 - 
Rising 20.35.00.00  2008.03.10 Trojan.Win32.Undef.dqm 
Sophos 4.27.0   2008.03.10 Mal/Generic-A 
Sunbelt 3.0.930.0  2008.03.05 - 
Symantec 10   2008.03.10 Trojan.Pandex 
TheHacker 6.2.92.239  2008.03.09 - 
VBA32 3.12.6.2   2008.03.05 - 
VirusBuster 4.3.26:9  2008.03.09 - 
Webwasher-Gateway 6.6.2 2008.03.10 Trojan.Drop.Agent.NBG
```

Дополнительная информация 
File size: 26496 bytes 
MD5: ad872a3dbeb7265cd3145292a4d8829c 
SHA1: 950d2cee6d5f2159436d93ac8f50e7147c010cfe 
PEiD: -

*Добавлено через 5 минут*

сплошные подозрения..

Файл winfshs.exe получен 2008.03.10 10 :20: 51 (CET)
Текущий статус: закончено
Результат: 15/32 (46.88%)


```
Результат: 15/32 (46.88%)
Антивирус Версия Обновление Результат 
AhnLab-V3 2008.3.4.0 2008.03.07 Win-Trojan/Xema.274944.B 
AntiVir 7.6.0.73 2008.03.10 APPL/Tool.EvID4226.A 
Authentium 4.93.8 2008.03.07 - 
Avast 4.7.1098.0 2008.03.09 Win32:Trojan-gen {UPX} 
AVG 7.5.0.516 2008.03.09 - 
BitDefender 7.2 2008.03.10 - 
CAT-QuickHeal 9.50 2008.03.08 - 
ClamAV 0.92.1 2008.03.10 - 
DrWeb 4.44.0.09170 2008.03.10 - 
eSafe 7.0.15.0 2008.03.09 suspicious Trojan/Worm 
eTrust-Vet 31.3.5597 2008.03.07 - 
Ewido 4.0 2008.03.09 - 
FileAdvisor 1 2008.03.10 - 
Fortinet 3.14.0.0 2008.03.10 HackerTool/Evid 
F-Prot 4.4.2.54 2008.03.09 - 
F-Secure 6.70.13260.0 2008.03.10 W32/Malware.BNIW 
Ikarus T3.1.1.20 2008.03.10 - 
Kaspersky 7.0.0.125 2008.03.10 - 
McAfee 5247 2008.03.07 potentially unwanted program Tool-Evid 
Microsoft 1.3301 2008.03.07 - 
NOD32v2 2933 2008.03.10 Win32/Tool.EvID4226 
Norman 5.80.02 2008.03.07 W32/Malware.BNIW 
Panda 9.0.0.4 2008.03.09 Suspicious file 
Prevx1 V2 2008.03.10 Win32.Malware.gen 
Rising 20.35.00.00 2008.03.10 - 
Sophos 4.27.0 2008.03.10 EvID4226 Installer 
Sunbelt 3.0.930.0 2008.03.05 - 
Symantec 10 2008.03.10 Backdoor.Trojan 
TheHacker 6.2.92.239 2008.03.09 - 
VBA32 3.12.6.2 2008.03.05 - 
VirusBuster 4.3.26:9 2008.03.09 RiskWare.DR.TCPIPPatcher.B 
Webwasher-Gateway 6.6.2 2008.03.10 Riskware.Tool.EvID4226.A 

```

Дополнительная информация 
File size: 45568 bytes 
MD5: a5e346828cd93262e9a9b4b874f29b89 
SHA1: 4c1ba5e828f99edafcf5130e81020f09919d7fd4 
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser 
packers: UPX 
packers: UPX 
packers: PE_Patch.UPX, UPX 
Prevx info: http://info.prevx.com/aboutprogramte...DE0100A3785025

----------


## Биомеханик

http://www.virustotal.com/analisis/8...1d02154468bea9


```
AhnLab-V3 2008.3.4.0 2008.03.10 - 
AntiVir 7.6.0.73 2008.03.10 - 
Authentium 4.93.8 2008.03.07 - 
Avast 4.7.1098.0 2008.03.09 - 
AVG 7.5.0.516 2008.03.09 - 
BitDefender 7.2 2008.03.10 - 
CAT-QuickHeal 9.50 2008.03.08 (Suspicious) - DNAScan 
ClamAV 0.92.1 2008.03.10 PUA.Packed.UPack-2 
eSafe 7.0.15.0 2008.03.09 Suspicious File 
eTrust-Vet 31.3.5597 2008.03.07 - 
Ewido 4.0 2008.03.09 - 
FileAdvisor 1 2008.03.10 - 
Fortinet 3.14.0.0 2008.03.10 - 
F-Prot 4.4.2.54 2008.03.09 W32/Heuristic-162!Eldorado 
F-Secure 6.70.13260.0 2008.03.10 - 
Ikarus T3.1.1.20 2008.03.10 Trojan-Downloader.Win32.Zlob.and 
Kaspersky 7.0.0.125 2008.03.10 - 
McAfee 5247 2008.03.07 - 
Microsoft 1.3301 2008.03.07 - 
NOD32v2 2934 2008.03.10 - 
Norman 5.80.02 2008.03.07 - 
Panda 9.0.0.4 2008.03.09 Suspicious file 
Prevx1 V2 2008.03.10 - 
Rising 20.35.02.00 2008.03.10 - 
Sophos 4.27.0 2008.03.10 Mal/Packer 
Sunbelt 3.0.930.0 2008.03.05 VIPRE.Suspicious 
Symantec 10 2008.03.10 - 
TheHacker 6.2.92.239 2008.03.09 W32/Behav-Heuristic-060 
VBA32 3.12.6.2 2008.03.05 - 
VirusBuster 4.3.26:9 2008.03.09 Packed/Upack 
Webwasher-Gateway 6.6.2 2008.03.10 Win32.Malware.gen (suspicious)
```

http://www.virustotal.com/analisis/b...daf9e760f8ff38


```
AhnLab-V3 2008.3.4.0 2008.03.10 - 
AntiVir 7.6.0.73 2008.03.10 - 
Authentium 4.93.8 2008.03.07 - 
Avast 4.7.1098.0 2008.03.09 - 
AVG 7.5.0.516 2008.03.09 - 
BitDefender 7.2 2008.03.10 - 
CAT-QuickHeal 9.50 2008.03.08 (Suspicious) - DNAScan 
ClamAV 0.92.1 2008.03.10 PUA.Packed.UPack-2 
DrWeb 4.44.0.09170 2008.03.10 - 
eTrust-Vet 31.3.5597 2008.03.07 - 
Ewido 4.0 2008.03.09 - 
FileAdvisor 1 2008.03.10 - 
Fortinet 3.14.0.0 2008.03.10 - 
F-Prot 4.4.2.54 2008.03.09 W32/Heuristic-162!Eldorado 
F-Secure 6.70.13260.0 2008.03.10 - 
Ikarus T3.1.1.20 2008.03.10 - 
Kaspersky 7.0.0.125 2008.03.10 - 
McAfee 5247 2008.03.07 New Malware.aj 
Microsoft 1.3301 2008.03.07 - 
NOD32v2 2934 2008.03.10 - 
Norman 5.80.02 2008.03.07 - 
Panda 9.0.0.4 2008.03.09 Suspicious file 
Prevx1 V2 2008.03.10 - 
Rising 20.35.02.00 2008.03.10 - 
Sophos 4.27.0 2008.03.10 Mal/Heuri-D 
Sunbelt 3.0.930.0 2008.03.05 VIPRE.Suspicious 
Symantec 10 2008.03.10 - 
TheHacker 6.2.92.239 2008.03.09 W32/Behav-Heuristic-060 
VBA32 3.12.6.2 2008.03.05 - 
VirusBuster 4.3.26:9 2008.03.09 Packed/Upack 
Webwasher-Gateway 6.6.2 2008.03.10 Win32.Malware.gen (suspicious)
```

----------


## Karlson

setupapi.dll в папке IE


Файл avz00001.dta получен 2008.03.12 00:16:40 (CET)
Текущий статус: закончено
Результат: 7/32 (21.88%)


```
Антивирус Версия Обновление Результат 
AhnLab-V3 2008.3.12.0 2008.03.11 - 
AntiVir 7.6.0.73 2008.03.11 TR/Crypt.XPACK.Gen 
Authentium 4.93.8 2008.03.11 - 
Avast 4.7.1098.0 2008.03.11 Win32:Trojan-gen {Other} 
AVG 7.5.0.516 2008.03.11 Dropper.Delf.ABC 
BitDefender 7.2 2008.03.11 - 
CAT-QuickHeal 9.50 2008.03.10 - 
ClamAV 0.92.1 2008.03.11 - 
DrWeb 4.44.0.09170 2008.03.11 Trojan.Proxy.2240 
eSafe 7.0.15.0 2008.03.09 - 
eTrust-Vet 31.3.5607 2008.03.11 - 
Ewido 4.0 2008.03.11 Downloader.Small.fah 
FileAdvisor 1 2008.03.12 - 
Fortinet 3.14.0.0 2008.03.11 - 
F-Prot 4.4.2.54 2008.03.11 - 
F-Secure 6.70.13260.0 2008.03.11 - 
Ikarus T3.1.1.20 2008.03.11 - 
Kaspersky 7.0.0.125 2008.03.11 - 
McAfee 5249 2008.03.11 - 
Microsoft 1.3301 2008.03.10 - 
NOD32v2 2938 2008.03.11 - 
Norman 5.80.02 2008.03.11 - 
Panda 9.0.0.4 2008.03.11 - 
Prevx1 V2 2008.03.12 - 
Rising 20.35.12.00 2008.03.11 - 
Sophos 4.27.0 2008.03.11 - 
Sunbelt 3.0.930.0 2008.03.05 - 
Symantec 10 2008.03.11 - 
TheHacker 6.2.92.241 2008.03.11 - 
VBA32 3.12.6.2 2008.03.05 Trojan-Downloader.Win32.Agent.fny 
VirusBuster 4.3.26:9 2008.03.11 - 
Webwasher-Gateway 6.6.2 2008.03.11 Trojan.Crypt.XPACK.Gen
```


Дополнительная информация 
File size: 22016 bytes 
MD5: 27da7393c655677b7ee8348f35a759c0 
SHA1: 8b7ad74791defa90c69c677c97d09c62f7b3942c 
PEiD: -

----------


## Kuzz

```
Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3	2008.3.12.0	2008.03.12	-
AntiVir	7.6.0.73	2008.03.12	-
Authentium	4.93.8	2008.03.11	-
Avast	4.7.1098.0	2008.03.11	-
AVG	7.5.0.516	2008.03.12	-
BitDefender	7.2	2008.03.12	-
CAT-QuickHeal	9.50	2008.03.10	(Suspicious) - DNAScan
ClamAV	0.92.1	2008.03.12	-
DrWeb	4.44.0.09170	2008.03.12	-
eSafe	7.0.15.0	2008.03.09	Suspicious File
eTrust-Vet	31.3.5608	2008.03.12	-
Ewido	4.0	2008.03.12	-
FileAdvisor	1	2008.03.12	-
Fortinet	3.14.0.0	2008.03.12	-
F-Prot	4.4.2.54	2008.03.11	-
F-Secure	6.70.13260.0	2008.03.12	Trojan-Downloader.Win32.Agent.lbg
Ikarus	T3.1.1.20	2008.03.12	-
Kaspersky	7.0.0.125	2008.03.12	Trojan-Downloader.Win32.Agent.lbg
McAfee	5249	2008.03.11	-
Microsoft	1.3301	2008.03.12	-
NOD32v2	2941	2008.03.12	-
Norman	5.80.02	2008.03.11	-
Panda	9.0.0.4	2008.03.12	-
Prevx1	V2	2008.03.12	-
Rising	20.35.22.00	2008.03.12	-
Sophos	4.27.0	2008.03.12	-
Sunbelt	3.0.930.0	2008.03.05	-
Symantec	10	2008.03.12	-
TheHacker	6.2.92.243	2008.03.12	-
VBA32	3.12.6.2	2008.03.05	-
VirusBuster	4.3.26:9	2008.03.12	Trojan.DL.Zlob.Gen!Pac.46
Webwasher-Gateway	6.6.2	2008.03.12	-
Дополнительная информация
File size: 62976 bytes
MD5: 44626092824a48ab50c3f7fb9fccfa69
SHA1: d0c908703cf0d039dcdf0f13219c812cf0483881
```

----------


## XL

Файл avz00001.dta (base***.dll) получен 2008.03.12 20:25:57 (CET)



```
AhnLab-V3	2008.3.12.0	2008.03.12	-
AntiVir	7.6.0.73	2008.03.12	HEUR/Crypted
Authentium	4.93.8	2008.03.11	-
Avast	4.7.1098.0	2008.03.11	-
AVG	7.5.0.516	2008.03.12	Agent.QGD
BitDefender	7.2	2008.03.12	Trojan.Agent.AGKK
CAT-QuickHeal	9.50	2008.03.12	Trojan.Agent.fxp
ClamAV	None	2008.03.12	-
DrWeb	4.44.0.09170	2008.03.12	-
eSafe	7.0.15.0	2008.03.09	-
eTrust-Vet	31.3.5608	2008.03.12	-
Ewido	4.0	2008.03.12	-
FileAdvisor	1	2008.03.12	-
Fortinet	3.14.0.0	2008.03.12	-
F-Prot	4.4.2.54	2008.03.11	-
F-Secure	6.70.13260.0	2008.03.12	-
Ikarus	T3.1.1.20	2008.03.12	Trojan.Agent.AGKK
Kaspersky	7.0.0.125	2008.03.12	-
McAfee	5249	2008.03.11	-
Microsoft	1.3301	2008.03.12	Trojan:Win32/Agent.ADH
NOD32v2	2942	2008.03.12	-
Norman	5.80.02	2008.03.12	-
Panda	9.0.0.4	2008.03.12	Suspicious file
Prevx1	V2	2008.03.12	Trojan.DoS.Win32.Opdos
Rising	20.35.22.00	2008.03.12	-
Sophos	4.27.0	2008.03.12	-
Sunbelt	3.0.930.0	2008.03.05	-
Symantec	10	2008.03.12	-
TheHacker	6.2.92.243	2008.03.12	-
VBA32	3.12.6.2	2008.03.05	-
VirusBuster	4.3.26:9	2008.03.12	Trojan.DL.BServ.Gen
Webwasher-Gateway	6.6.2	2008.03.12	Heuristic.Crypted
Дополнительная информация
File size: 24576 bytes
MD5: becadce37a1376c69e76ffc1254b42cc
SHA1: a5ccfe229f1e9a6f88261f875bbcdbc4df3ff7d6
```

скрипт Ric'а отработал по зверю без нареканий. Спасибо!

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## wise-wistful

Файл avz00001.dta получен 2008.03.16 11:45:00 (CET)


```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.3.15.0	2008.03.14	-
AntiVir	7.6.0.73	2008.03.14	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.03.14	-
Avast	4.7.1098.0	2008.03.16	-
AVG	7.5.0.516	2008.03.15	Generic10.AUV
BitDefender	7.2	2008.03.16	-
CAT-QuickHeal	9.50	2008.03.14	-
ClamAV	0.92.1	2008.03.16	-
DrWeb	4.44.0.09170	2008.03.15	Trojan.Bsod
eSafe	7.0.15.0	2008.03.09	Suspicious File
eTrust-Vet	31.3.5616	2008.03.14	-
Ewido	4.0	2008.03.15	-
F-Prot	4.4.2.54	2008.03.15	-
F-Secure	6.70.13260.0	2008.03.14	-
FileAdvisor	1	2008.03.16	-
Fortinet	3.14.0.0	2008.03.16	-
Ikarus	T3.1.1.20	2008.03.16	Trojan.Crypt.XPACK
Kaspersky	7.0.0.125	2008.03.16	-
McAfee	5252	2008.03.14	-
Microsoft	1.3301	2008.03.16	-
NOD32v2	2949	2008.03.15	-
Norman	5.80.02	2008.03.14	W32/Smalltroj.DITU
Panda	9.0.0.4	2008.03.15	-
Prevx1	V2	2008.03.16	-
Rising	20.35.61.00	2008.03.16	-
Sophos	4.27.0	2008.03.16	-
Sunbelt	3.0.963.0	2008.03.14	-
Symantec	10	2008.03.16	-
TheHacker	6.2.92.247	2008.03.15	-
VBA32	3.12.6.2	2008.03.13	suspected of Trojan-PSW.Pinch.35 (paranoid heuristics)
VirusBuster	4.3.26:9	2008.03.15	-
Webwasher-Gateway	6.6.2	2008.03.14	Trojan.Crypt.XPACK.Gen
```

Дополнительная информация
File size: 15872 bytes
MD5: 48bd6013ca851b809a144d3f937d91d9
SHA1: a212538f1d4f9828babeb0fb0bc84b8608ff8150
PEiD: -

----------


## wise-wistful

Файл avz00001.dta получен 2008.03.17 12:27:30 (CET)


```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.3.17.1	2008.03.17	-
AntiVir	7.6.0.73	2008.03.17	-
Authentium	4.93.8	2008.03.14	-
Avast	4.7.1098.0	2008.03.16	Win32:Small-JPM
AVG	7.5.0.516	2008.03.16	-
BitDefender	7.2	2008.03.17	-
CAT-QuickHeal	9.50	2008.03.14	-
ClamAV	0.92.1	2008.03.17	-
DrWeb	4.44.0.09170	2008.03.17	-
eSafe	7.0.15.0	2008.03.09	suspicious Trojan/Worm
eTrust-Vet	31.3.5621	2008.03.17	-
Ewido	4.0	2008.03.16	-
F-Prot	4.4.2.54	2008.03.16	W32/Downloader.F.gen!Eldorado
F-Secure	6.70.13260.0	2008.03.17	-
FileAdvisor	1	2008.03.17	-
Fortinet	3.14.0.0	2008.03.17	-
Ikarus	T3.1.1.20	2008.03.17	Trojan-Spy
Kaspersky	7.0.0.125	2008.03.17	-
McAfee	5252	2008.03.14	-
Microsoft	1.3301	2008.03.16	-
NOD32v2	2952	2008.03.17	-
Norman	5.80.02	2008.03.17	-
Panda	9.0.0.4	2008.03.16	-
Rising	20.36.02.00	2008.03.17	-
Sophos	4.27.0	2008.03.17	Sus/Dropper-A
Sunbelt	3.0.963.0	2008.03.14	-
Symantec	10	2008.03.17	-
TheHacker	6.2.92.247	2008.03.15	-
VBA32	3.12.6.2	2008.03.16	Trojan-Downloader.Win32.Agent.ktg
VirusBuster	4.3.26:9	2008.03.16	-
Webwasher-Gateway	6.6.2	2008.03.17	-
```

Дополнительная информация
File size: 40960 bytes
MD5: 4ab1fea4cf5d2cce81a79f1b6ba1432f
SHA1: 09b463e051dc93b6c62ccbe98d0adda7b885df4f
PEiD: UPX 2.93 - 3.00 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers: UPX
packers: UPX_LZMA

----------


## Numb

Файл avz00001.dta получен 2008.03.17 15:47:04 (CET)
Оригинальное имя - C:\WINDOWS\svchost.exe


```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.3.18.0	2008.03.17	-
AntiVir	7.6.0.73	2008.03.17	-
Authentium	4.93.8	2008.03.14	-
Avast	4.7.1098.0	2008.03.16	-
AVG	7.5.0.516	2008.03.17	-
BitDefender	7.2	2008.03.17	BehavesLike:Trojan.StartPage
CAT-QuickHeal	9.50	2008.03.14	-
ClamAV	0.92.1	2008.03.17	-
DrWeb	4.44.0.09170	2008.03.17	Trojan.StartPage.origin
eSafe	7.0.15.0	2008.03.09	-
eTrust-Vet	31.3.5621	2008.03.17	-
Ewido	4.0	2008.03.17	-
F-Prot	4.4.2.54	2008.03.16	W32/StartPage.A.gen!Eldorado
F-Secure	6.70.13260.0	2008.03.17	W32/Malware
FileAdvisor	1	2008.03.17	-
Fortinet	3.14.0.0	2008.03.17	-
Ikarus	T3.1.1.20	2008.03.17	Trojan-Spy.Win32.Delf.gd
Kaspersky	7.0.0.125	2008.03.17	Heur.StartPage
McAfee	5252	2008.03.14	Generic StartPage
Microsoft	1.3301	2008.03.16	-
NOD32v2	2953	2008.03.17	a variant of Win32/StartPage
Norman	5.80.02	2008.03.17	W32/Malware
Panda	9.0.0.4	2008.03.16	Suspicious file
Prevx1	V2	2008.03.17	-
Rising	20.36.02.00	2008.03.17	-
Sophos	4.27.0	2008.03.17	Mal/DownLdr-O
Sunbelt	3.0.963.0	2008.03.14	-
Symantec	10	2008.03.17	Adware.MainSearch
TheHacker	6.2.92.247	2008.03.15	Trojan/StartPageAI
VBA32	3.12.6.2	2008.03.16	-
VirusBuster	4.3.26:9	2008.03.17	-
Webwasher-Gateway	6.6.2	2008.03.17	-
```

Дополнительная информация
File size: 25600 bytes
MD5: 48b2151f6a39851c34d27fe0b613013d
SHA1: 27f5adc91af9c278291289982b2bc3bedb3d7572
PEiD: -

----------


## PavelA

из раздела "Помогите!"
Файл avz00001.dta получен 2008.03.18 10:58:40 (CET)Антивирус Версия Обновление Результат 
AhnLab-V3 2008.3.18.1 2008.03.18 - 
AntiVir 7.6.0.73 2008.03.18 - 
Authentium 4.93.8 2008.03.18 *Possibly a new variant of W32/Swizzor-based!Maximus* 
Avast 4.7.1098.0 2008.03.18 - 
AVG 7.5.0.516 2008.03.17 - 
BitDefender 7.2 2008.03.18 - 
CAT-QuickHeal 9.50 2008.03.14 (Suspicious) - *DNAScan* 
ClamAV 0.92.1 2008.03.18 - 
DrWeb 4.44.0.09170 2008.03.18 - 
eSafe 7.0.15.0 2008.03.09 - 
eTrust-Vet 31.3.5623 2008.03.17 - 
Ewido 4.0 2008.03.17 - 
FileAdvisor 1 2008.03.18 - 
Fortinet 3.14.0.0 2008.03.17 - 
F-Prot 4.4.2.54 2008.03.18 *W32/Swizzor-based!Maximus* 
F-Secure 6.70.13260.0 2008.03.18 *Trojan-Downloader.Win32.Agent.lkt* 
Ikarus T3.1.1.20 2008.03.18 - 
Kaspersky 7.0.0.125 2008.03.18 *Trojan-Downloader.Win32.Agent.lkt* 
McAfee 5253 2008.03.17 - 
Microsoft 1.3301 2008.03.18 - 
NOD32v2 2954 2008.03.18 - 
Norman 5.80.02 2008.03.17 - 
Panda 9.0.0.4 2008.03.17 - 
Prevx1 V2 2008.03.18 - 
Rising 20.36.10.00 2008.03.18 - 
Sophos 4.27.0 2008.03.18 - 
Sunbelt 3.0.978.0 2008.03.18 - 
Symantec 10 2008.03.18 - 
TheHacker 6.2.92.248 2008.03.17 - 
VBA32 3.12.6.3 2008.03.17 - 
VirusBuster 4.3.26:9 2008.03.17 *Trojan.DL.Swizzor.Gen!Pac.2* 
Webwasher-Gateway 6.6.2 2008.03.18 - 

Дополнительная информация 
File size: 489984 bytes 
MD5: c64df13b4e78f58fa8791b26118884cf 
SHA1: b59f0a0c9bfa6d0dbca7aa751e1e0c843e78b930 
PEiD: Armadillo v1.71

----------


## Биомеханик

Ещё парочку.



> [ file data ]
> * name: avz00071.rar
> * size: 299027
> * md5.: 2faa9b85ac14c75efa1ef78c5eb6c526
> * sha1: eb1ed479da4a6655e4d0c92f919e2ff146fb08d4
> * peid..: -
> 
> [ scan result ]
> AhnLab-V3 2008.3.18.1/20080318 found nothing
> ...





> [ file data ]
> * name: avz00001.rar
> * size: 28320
> * md5.: f9ee56154b883084b091e316c23d05ea
> * sha1: 05caca99a2320bf33c6b365672cbf6d7ad1a9d27
> * peid..: -
> 
> [ scan result ]
> AhnLab-V3 2008.3.18.1/20080318 found nothing
> ...





> [ file data ]
> * name: avz00013.rar
> * size: 86221
> * md5.: 823057474ef1e51121b455dd34851685
> * sha1: 445d87aef77633ca4f07886b527b23d1d93e2f1e
> * peid..: -
> 
> [ scan result ]
> AhnLab-V3 2008.3.18.1/20080318 found nothing
> ...





> [ file data ]
> * name: avz00005.rar
> * size: 13804
> * md5.: 152087726706f38791a898abe16d2eff
> * sha1: 951eae296253f0f631741f51cd0c4318844050b1
> * peid..: -
> 
> [ scan result ]
> AhnLab-V3 2008.3.18.1/20080318 found nothing
> ...





> [ file data ]
> * name: avz00017.rar
> * size: 86079
> * md5.: b38d52437c8a02e9188418860ac3b1cb
> * sha1: b9aeaf15847b34399570518606ea7ad9358d659f
> * peid..: -
> 
> [ scan result ]
> AhnLab-V3 2008.3.18.1/20080318 found nothing
> ...





> [ file data ]
> * name: avz00002.rar
> * size: 40959
> * md5.: 4e299868bf1e56329fb5f6524041fe87
> * sha1: 683b42223eb46c7cbb6a4cfdf367a91a9ee7df1a
> * peid..: -
> 
> [ scan result ]
> AhnLab-V3 2008.3.18.1/20080318 found nothing
> ...





> [ file data ]
> * name: avz00006.rar
> * size: 145044
> * md5.: d1d51615f8918b24a174eca57d3c7f6d
> * sha1: a6d17d5d444bba7f4785eaa5d045d8776dd8539e
> * peid..: -
> 
> [ scan result ]
> AhnLab-V3 2008.3.18.1/20080318 found nothing
> ...


*Добавлено через 59 минут*

Ещё




> [ file data ]
> * name: avz00016.rar
> * size: 8507
> * md5.: 853f9fdd79ba1857586417ce2ca60e3b
> * sha1: 86693daa8c1c664ae50da177aab7487463af236c
> * peid..: -
> 
> [ scan result ]
> AhnLab-V3 2008.3.18.1/20080318 found nothing
> ...







> [ file data ]
> * name: avz00010.rar
> * size: 12477
> * md5.: ac601de0dd58a7e21b939bb30c0f0f36
> * sha1: 7cac0d5048bd06bc6822b1d927164452d67d95c0
> * peid..: -
> 
> [ scan result ]
> AhnLab-V3 2008.3.18.1/20080318 found nothing
> ...




*Добавлено через 2 часа 27 минут*

И ещё

Complete scanning result of "avz00019.rar", processed in VirusTotal at 03/18/2008 13:50:21 (CET).




> [ file data ]
> * name: avz00019.rar
> * size: 7888
> * md5.: e4f5b71c1d3b6a60b3bce13fe5600614
> * sha1: 6efb19c3eb1c4f61825267f2fd0d97ac7d550c26
> * peid..: -
> 
> [ scan result ]
>  AhnLab-V3      2008.3.18.1/20080318    found nothing
> ...





> Complete scanning result of "avz00182.rar", processed in VirusTotal at 03/18/2008 13:39:32 (CET).
> 
> [ file data ]
> * name: avz00182.rar
> * size: 3138
> * md5.: e43cedfda049055fe7c68fab4867b2ae
> * sha1: e54903d251194fa330cf73ee09352bcc78fd90b2
> * peid..: -
> 
> ...


*Добавлено через 57 минут*

Antivirus Version Last Update Result 
AhnLab-V3 2008.3.18.1 2008.03.18 - 
AntiVir 7.6.0.75 2008.03.18 TR/Crypt.XPACK.Gen 
Authentium 4.93.8 2008.03.18 - 
Avast 4.7.1098.0 2008.03.18 - 
AVG 7.5.0.516 2008.03.18 - 
BitDefender 7.2 2008.03.18 MemScan:Trojan.Spy.Wsnpoem.AK 
CAT-QuickHeal 9.50 2008.03.14 (Suspicious) - DNAScan 
ClamAV 0.92.1 2008.03.18 Trojan.Crypted-13 
DrWeb 4.44.0.09170 2008.03.18 - 
eSafe 7.0.15.0 2008.03.18 - 
eTrust-Vet 31.3.5623 2008.03.17 - 
Ewido 4.0 2008.03.18 - 
F-Prot 4.4.2.54 2008.03.18 - 
F-Secure 6.70.13260.0 2008.03.18 Trojan-Spy.Win32.Zbot.amj 
FileAdvisor 1 2008.03.18 - 
Fortinet 3.14.0.0 2008.03.17 - 
Ikarus T3.1.1.20 2008.03.18 - 
Kaspersky 7.0.0.125 2008.03.18 Trojan-Spy.Win32.Zbot.amj 
McAfee 5254 2008.03.18 - 
Microsoft 1.3301 2008.03.18 - 
NOD32v2 2957 2008.03.18 - 
Norman 5.80.02 2008.03.18 - 
Panda 9.0.0.4 2008.03.17 - 
Rising 20.36.12.00 2008.03.18 - 
Sophos 4.27.0 2008.03.18 Mal/Zbot-A 
Sunbelt 3.0.978.0 2008.03.18 - 
Symantec 10 2008.03.18 Infostealer.Notos!gen 
TheHacker 6.2.92.248 2008.03.17 - 
VBA32 3.12.6.3 2008.03.17 Trojan-Spy.Win32.Bancos.aam 
VirusBuster 4.3.26:9 2008.03.18 - 
Webwasher-Gateway 6.6.2 2008.03.18 Trojan.Crypt.XPACK.Gen 
Additional information 
File size: 396548 bytes 
MD5: 98c0f6602b85a9de339a4cfd7b256494 
SHA1: e7aeefe603d05359c3497421acc83644557575ad 
PEiD: -

*Добавлено через 1 минуту*

Antivirus Version Last Update Result 
AhnLab-V3 2008.3.18.1 2008.03.18 - 
AntiVir 7.6.0.75 2008.03.18 TR/Pakes.cif 
Authentium 4.93.8 2008.03.18 - 
Avast 4.7.1098.0 2008.03.18 - 
AVG 7.5.0.516 2008.03.18 SHeur.AXVA 
BitDefender 7.2 2008.03.18 Trojan.Srizbi.BP 
CAT-QuickHeal 9.50 2008.03.14 Trojan.Pakes.cif 
ClamAV 0.92.1 2008.03.18 - 
DrWeb 4.44.0.09170 2008.03.18 Trojan.Sentinel 
eSafe 7.0.15.0 2008.03.18 Win32.Pakes.cif 
eTrust-Vet 31.3.5623 2008.03.17 - 
Ewido 4.0 2008.03.18 - 
F-Prot 4.4.2.54 2008.03.18 - 
F-Secure 6.70.13260.0 2008.03.18 Trojan.Win32.Pakes.cif 
FileAdvisor 1 2008.03.18 - 
Fortinet 3.14.0.0 2008.03.17 W32/Pakes.CIF!tr 
Ikarus T3.1.1.20 2008.03.18 Virus.Trojan.Win32.Pakes.cif 
Kaspersky 7.0.0.125 2008.03.18 Trojan.Win32.Pakes.cif 
McAfee 5254 2008.03.18 - 
Microsoft 1.3301 2008.03.18 - 
NOD32v2 2957 2008.03.18 - 
Norman 5.80.02 2008.03.18 - 
Panda 9.0.0.4 2008.03.17 - 
Prevx1 V2 2008.03.18 Trojan.DoS.Win32.Opdos 
Rising 20.36.12.00 2008.03.18 - 
Sophos 4.27.0 2008.03.18 Mal/EncPk-CK 
Sunbelt 3.0.978.0 2008.03.18 - 
Symantec 10 2008.03.18 Trojan.Srizbi 
TheHacker 6.2.92.248 2008.03.17 Trojan/Pakes.cif 
VBA32 3.12.6.3 2008.03.17 Trojan.Win32.Pakes.cif 
VirusBuster 4.3.26:9 2008.03.18 - 
Webwasher-Gateway 6.6.2 2008.03.18 Trojan.Pakes.cif 
Additional information 
File size: 134511 bytes 
MD5: 1de80de6156c7b23534182100538f909 
SHA1: dba416dd67c4d8692dfe0ff78a354842df4be71b 
PEiD: - 
Prevx info: http://info.prevx.com/aboutprogramte...6CC300AC9DABA2

*Добавлено через 1 минуту*

Antivirus Version Last Update Result 
AhnLab-V3 2008.3.18.1 2008.03.18 - 
AntiVir 7.6.0.75 2008.03.18 TR/Agent.hqy 
Authentium 4.93.8 2008.03.18 - 
Avast 4.7.1098.0 2008.03.18 - 
AVG 7.5.0.516 2008.03.18 Agent.QWY 
BitDefender 7.2 2008.03.18 Trojan.Agent.AHGT 
CAT-QuickHeal 9.50 2008.03.14 - 
ClamAV 0.92.1 2008.03.18 - 
DrWeb 4.44.0.09170 2008.03.18 - 
eSafe 7.0.15.0 2008.03.18 Win32.Agent.hqy 
eTrust-Vet 31.3.5623 2008.03.17 - 
Ewido 4.0 2008.03.18 - 
F-Prot 4.4.2.54 2008.03.18 - 
F-Secure 6.70.13260.0 2008.03.18 Trojan.Win32.Agent.hqy 
FileAdvisor 1 2008.03.18 - 
Fortinet 3.14.0.0 2008.03.17 W32/Agent.HQY!tr 
Ikarus T3.1.1.20 2008.03.18 Virus.Trojan.Win32.Agent.hqy 
Kaspersky 7.0.0.125 2008.03.18 Trojan.Win32.Agent.hqy 
McAfee 5254 2008.03.18 - 
Microsoft 1.3301 2008.03.18 Virus:Win32/Grum.G 
NOD32v2 2957 2008.03.18 - 
Norman 5.80.02 2008.03.18 - 
Panda 9.0.0.4 2008.03.17 - 
Prevx1 V2 2008.03.18 Generic.Malware 
Rising 20.36.12.00 2008.03.18 - 
Sophos 4.27.0 2008.03.18 Mal/Generic-A 
Sunbelt 3.0.978.0 2008.03.18 - 
Symantec 10 2008.03.18 - 
TheHacker 6.2.92.248 2008.03.17 Trojan/Agent.hqy 
VBA32 3.12.6.3 2008.03.17 Trojan.Win32.Agent.hqy 
VirusBuster 4.3.26:9 2008.03.18 - 
Webwasher-Gateway 6.6.2 2008.03.18 Trojan.Agent.hqy 
Additional information 
File size: 85201 bytes 
MD5: 84f702e646f156dfa72693969854a2e6 
SHA1: c701003ad2f6be1ff82520a0f76454389c50d96f 
PEiD: - 
Prevx info: http://info.prevx.com/aboutprogramte...E96C0034848D54

----------


## ialnik

Файл a3g3.bat-1 получен 2008.03.14 21:10:07 (CET)
Антивирус	Версия	Обновление	Результат
*AhnLab-V3	2008.3.15.0	2008.03.14	Win-Trojan/MalPacked.Gen*
*AntiVir	7.6.0.73	2008.03.14	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2008.03.14	-
Avast	4.7.1098.0	2008.03.13	-
*AVG	7.5.0.516	2008.03.14	PSW.OnlineGames.AGWA*
*BitDefender	7.2	2008.03.14	Packer.Malware.NSAnti.R*
*CAT-QuickHeal	9.50	2008.03.14	Win32.Packed.NSAnti.r*
ClamAV	0.92.1	2008.03.14	-
*DrWeb	4.44.0.09170	2008.03.14	Trojan.MulDrop.6474*
*eSafe	7.0.15.0	2008.03.09	Win32.OnLineGames.te*
eTrust-Vet	31.3.5614	2008.03.14	-
Ewido	4.0	2008.03.14	-
FileAdvisor	1	2008.03.14	-
*Fortinet	3.14.0.0	2008.03.14	LegMir.K!tr.pws*
F-Prot	4.4.2.54	2008.03.13	-
*F-Secure	6.70.13260.0	2008.03.14	Trojan-PSW.Win32.OnLineGames.teh*
*Ikarus	T3.1.1.20	2008.03.14	Packer.Malware.NSAnti.R*
*Kaspersky	7.0.0.125	2008.03.14	Trojan-PSW.Win32.OnLineGames.teh*
*McAfee	5252	2008.03.14	PWS-LegMir.gen.k
Microsoft	1.3301	2008.03.14	VirTool:Win32/Obfuscator.T
NOD32v2	2948	2008.03.14	Win32/PSW.OnLineGames.NLI
Norman	5.80.02	2008.03.14	W32/NSAnti.GWN
Panda	9.0.0.4	2008.03.13	W32/Autorun.LD.worm
Prevx1	V2	2008.03.14	KAVKOP:Trojan-A
Rising	20.35.42.00	2008.03.14	Packer.Win32.Mian007.a
Sophos	4.27.0	2008.03.14	Mal/Behav-164*
Sunbelt	3.0.963.0	2008.03.14	-
*Symantec	10	2008.03.14	W32.Gammima.AG
TheHacker	6.2.92.245	2008.03.14	Trojan/OnlineGames.gen
VBA32	3.12.6.2	2008.03.13	Trojan-PSW.Win32.OnLineGames.teh
VirusBuster	4.3.26:9	2008.03.14	Trojan.Lineage.Gen!Pac.3
Webwasher-Gateway	6.6.2	2008.03.14	Trojan.Crypt.XPACK.Gen*

Дополнительная информация
Tamano archivo: 107849 bytes
MD5: 023098022530c4fa3d7a96204e24b9ac
SHA1: 6b8af2c1dc60b06bdaaa48adc4e505595532311e
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...A3A7005BAE302E

----------


## yu_mor

Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.3.20.2	2008.03.20	-
AntiVir	7.6.0.75	2008.03.20	-
Authentium	4.93.8	2008.03.20	-
Avast	4.7.1098.0	2008.03.20	-
AVG	7.5.0.516	2008.03.20	-
BitDefender	7.2	2008.03.20	-
CAT-QuickHeal	9.50	2008.03.20	-
*ClamAV	0.92.1	2008.03.20	Trojan.Downloader-24586
DrWeb	4.44.0.09170	2008.03.20	Trojan.Packed.140
eSafe	7.0.15.0	2008.03.18	Suspicious File*
eTrust-Vet	31.3.5629	2008.03.20	-
Ewido	4.0	2008.03.20	-
F-Prot	4.4.2.54	2008.03.19	-
*F-Secure	6.70.13260.0	2008.03.20	Suspicious:W32/Malware!Gemini*
FileAdvisor	1	2008.03.20	-
Fortinet	3.14.0.0	2008.03.20	-
Ikarus	T3.1.1.20	2008.03.20	-
Kaspersky	7.0.0.125	2008.03.20	-
McAfee	5255	2008.03.20	-
Microsoft	1.3301	2008.03.20	-
NOD32v2	2963	2008.03.20	-
Norman	5.80.02	2008.03.20	-
*Panda	9.0.0.4	2008.03.20	Suspicious file*
Prevx1	V2	2008.03.20	Prevx Database Unreachable
Rising	20.36.32.00	2008.03.20	-
Sophos	4.27.0	2008.03.20	-
Sunbelt	3.0.978.0	2008.03.18	-
Symantec	10	2008.03.20	-
TheHacker	6.2.92.250	2008.03.19	-
VBA32	3.12.6.3	2008.03.17	-
VirusBuster	4.3.26:9	2008.03.19	-
*Webwasher-Gateway	6.6.2	2008.03.20	Win32.Malware.gen (suspicious)*
Дополнительная информация
File size: 34210 bytes
MD5: ee046d391d121f4759c0742fe7f6a521
SHA1: 05d063e02f25c6c681d86f5ebf634e74b85ddfe1
PEiD: -
packers: PE_Patch

----------


## Numb

Из темы http://virusinfo.info/showthread.php?t=20241
оригинальное имя - %userprofile%\Local Settings\Temp\sv32_4.exe


```
Файл avz00001.dta получен 2008.03.21 15:16:46 (CET)

Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.3.20.2	2008.03.21	Win-Trojan/Agent.506952
AntiVir	7.6.0.75	2008.03.20	TR/Dldr.Logsnif.1
Authentium	4.93.8	2008.03.20	-
Avast	4.7.1098.0	2008.03.21	Win32:BZub-KY
AVG	7.5.0.516	2008.03.21	-
BitDefender	7.2	2008.03.21	-
CAT-QuickHeal	9.50	2008.03.20	TrojanProxy.Small.it
ClamAV	0.92.1	2008.03.21	PUA.Packed.UPack-2
DrWeb	4.44.0.09170	2008.03.21	-
eSafe	7.0.15.0	2008.03.18	Suspicious File
eTrust-Vet	31.3.5631	2008.03.21	-
Ewido	4.0	2008.03.21	-
F-Prot	4.4.2.54	2008.03.20	W32/Heuristic-162!Eldorado
F-Secure	6.70.13260.0	2008.03.21	Suspicious:W32/Malware!Gemini
FileAdvisor	1	2008.03.21	-
Fortinet	3.14.0.0	2008.03.21	-
Ikarus	T3.1.1.20	2008.03.21	MalwareScope.Trojan-Spy.BZub.2
Kaspersky	7.0.0.125	2008.03.21	-
McAfee	5256	2008.03.20	Proxy-Agent.ai
Microsoft	1.3301	2008.03.21	Trojan:Win32/Dopip.A
NOD32v2	2966	2008.03.21	-
Norman	5.80.02	2008.03.20	W32/Suspicious_U.gen
Panda	9.0.0.4	2008.03.20	-
Prevx1	V2	2008.03.21	-
Rising	20.36.42.00	2008.03.21	-
Sophos	4.27.0	2008.03.21	Mal/Packer
Sunbelt	3.0.978.0	2008.03.18	VIPRE.Suspicious
Symantec	10	2008.03.21	-
TheHacker	6.2.92.250	2008.03.19	W32/Behav-Heuristic-060
VBA32	3.12.6.3	2008.03.21	MalwareScope.Trojan-Spy.BZub.2
VirusBuster	4.3.26:9	2008.03.20	Packed/Upack
Webwasher-Gateway	6.6.2	2008.03.21	Trojan.Dldr.Logsnif.1
Дополнительная информация
File size: 509728 bytes
MD5: 07f51b0f791844c530e34587c24810ac
SHA1: a815cd0859ed4a3e49988dfc9b41d6e650a016ae
PEiD: -
packers: UPack
packers: PE_Patch, UPack
```

----------


## ISO

Очередной "патч" icq.
File Patch_1.0.34.2.exe received on 03.22.2008 17:01:22 (CET)
Current status:    finished 
Result: 8/32 (25%) 
 Compact 
Print results  Antivirus	Version	Last Update	Result
AhnLab-V3	2008.3.22.1	2008.03.21	-
*AntiVir	7.6.0.75	2008.03.21	HEUR/Crypted*
Authentium	4.93.8	2008.03.22	-
Avast	4.7.1098.0	2008.03.22	-
AVG	7.5.0.516	2008.03.21	-
*BitDefender	7.2	2008.03.22	Trojan.PWS.Agent.SBY*
CAT-QuickHeal	9.50	2008.03.21	-
ClamAV	None	2008.03.22	-
*DrWeb	4.44.0.09170	2008.03.22	Trojan.PWS.LDPinch.1941*
eSafe	7.0.15.0	2008.03.18	-
eTrust-Vet	31.3.5633	2008.03.21	-
Ewido	4.0	2008.03.22	-
F-Prot	4.4.2.54	2008.03.22	-
*F-Secure	6.70.13260.0	2008.03.21	Suspicious:W32/Malware!Gemini*
FileAdvisor	1	2008.03.22	-
Fortinet	3.14.0.0	2008.03.21	-
Ikarus	T3.1.1.20	2008.03.22	-
*Kaspersky	7.0.0.125	2008.03.22	Trojan-PSW.Win32.LdPinch.ghw*
McAfee	5257	2008.03.21	-
Microsoft	1.3301	2008.03.22	-
NOD32v2	2967	2008.03.21	-
Norman	5.80.02	2008.03.20	-
Panda	9.0.0.4	2008.03.22	-
*Prevx1	V2	2008.03.22	Heuristic: Suspicious Self Modifying File*
Rising	20.36.42.00	2008.03.21	-
*Sophos	4.27.0	2008.03.22	Mal/Basine-C*
Sunbelt	3.0.978.0	2008.03.18	-
Symantec	10	2008.03.22	-
TheHacker	6.2.92.250	2008.03.19	-
VBA32	3.12.6.3	2008.03.21	-
VirusBuster	4.3.26:9	2008.03.21	-
*Webwasher-Gateway	6.6.2	2008.03.22	Heuristic.Crypted*
Additional information
File size: 53248 bytes
MD5: 2b6e216358d18d8f6d1656624375ecc9
SHA1: 4afaf0a4ddbe1547714c61afdc2d7b75b3f83259
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...B18800A04CE3B1

----------


## Kuzz

```
Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3 	2008.3.22.1 	2008.03.21 	-
AntiVir 	7.6.0.75 	2008.03.22 	-
Authentium 	4.93.8 	2008.03.22 	-
Avast 	4.7.1098.0 	2008.03.22 	-
AVG 	7.5.0.516 	2008.03.22 	-
BitDefender 	7.2 	2008.03.22 	-
CAT-QuickHeal 	9.50 	2008.03.21 	-
ClamAV 	0.92.1 	2008.03.22 	-
DrWeb 	4.44.0.09170 	2008.03.22 	-
eSafe 	7.0.15.0 	2008.03.18 	-
eTrust-Vet 	31.3.5633 	2008.03.21 	-
Ewido 	4.0 	2008.03.22 	-
FileAdvisor 	1 	2008.03.22 	-
Fortinet 	3.14.0.0 	2008.03.22 	-
F-Prot 	4.4.2.54 	2008.03.22 	-
F-Secure 	6.70.13260.0 	2008.03.21 	-
Ikarus 	T3.1.1.20 	2008.03.22 	-
Kaspersky 	7.0.0.125 	2008.03.22 	-
McAfee 	5257 	2008.03.21 	-
Microsoft 	1.3301 	2008.03.22 	-
NOD32v2 	2967 	2008.03.21 	-
Norman 	5.80.02 	2008.03.20 	-
Panda 	9.0.0.4 	2008.03.22 	-
Prevx1 	V2 	2008.03.22 	-
Rising 	20.36.60.00 	2008.03.22 	-
Sophos 	4.27.0 	2008.03.22 	Mal/VB-F
Sunbelt 	3.0.978.0 	2008.03.18 	-
Symantec 	10 	2008.03.22 	-
TheHacker 	6.2.92.252 	2008.03.22 	-
VBA32 	3.12.6.3 	2008.03.21 	-
VirusBuster 	4.3.26:9 	2008.03.22 	-
Webwasher-Gateway 	6.6.2 	2008.03.22 	-
```

Дополнительная информация
File size: 86016 bytes
MD5: 5f6f25ea590825bebf0c8ef36a5667c7
SHA1: 584e17e56f917419fd6524b07f64ea3be3b00baf
PEiD: -

ЗЫ. 22.03.2008 (в тот-же день) мне ответили:
*Kaspersky 	7.0.0.125 	2008.03.23 	Trojan.Win32.VB.cjs*

----------


## drongo

*T=20311*



```
Файл avz00002.dta получен 2008.03.23 16:46:46 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.3.22.1	2008.03.21	-
AntiVir	7.6.0.75	2008.03.22	TR/Dldr.Swizzor.Gen
Authentium	4.93.8	2008.03.22	Possibly a new variant of W32/Swizzor-based!Maximus
Avast	4.7.1098.0	2008.03.23	-
AVG	7.5.0.516	2008.03.22	Downloader.Swizzor
BitDefender	7.2	2008.03.23	-
CAT-QuickHeal	9.50	2008.03.21	-
ClamAV	0.92.1	2008.03.23	-
DrWeb	4.44.0.09170	2008.03.23	-
eSafe	7.0.15.0	2008.03.18	-
eTrust-Vet	31.3.5633	2008.03.21	-
Ewido	4.0	2008.03.23	-
F-Prot	4.4.2.54	2008.03.22	W32/Swizzor-based!Maximus
F-Secure	6.70.13260.0	2008.03.21	-
FileAdvisor	1	2008.03.23	-
Fortinet	3.14.0.0	2008.03.23	-
Ikarus	T3.1.1.20	2008.03.23	-
Kaspersky	7.0.0.125	2008.03.23	-
McAfee	5257	2008.03.21	-
Microsoft	1.3301	2008.03.23	-
NOD32v2	2967	2008.03.21	-
Norman	5.80.02	2008.03.20	-
Panda	9.0.0.4	2008.03.23	Suspicious file
Prevx1	V2	2008.03.23	-
Rising	20.36.62.00	2008.03.23	-
Sophos	4.27.0	2008.03.23	Mal/Swizzor-C
Sunbelt	3.0.978.0	2008.03.18	-
Symantec	10	2008.03.23	-
TheHacker	6.2.92.252	2008.03.22	-
VBA32	3.12.6.3	2008.03.21	-
VirusBuster	4.3.26:9	2008.03.22	-
Webwasher-Gateway	6.6.2	2008.03.23	Trojan.Dldr.Swizzor.Gen
Дополнительная информация
File size: 249344 bytes
MD5: 1fbc511d0e0fca1f6202b0d6052965d2
SHA1: 5902b9921ad2698d3e8ea4f11a71072e8df43f39
PEiD: Armadillo v1.71
```

----------


## Kuzz

```
Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2008.3.26.0	2008.03.27	-
AntiVir	7.6.0.75	2008.03.27	-
Authentium	4.93.8	2008.03.27	-
Avast	4.7.1098.0	2008.03.27	-
AVG	7.5.0.516	2008.03.27	Downloader.Zlob.12.P
BitDefender	7.2	2008.03.27	-
CAT-QuickHeal	9.50	2008.03.26	-
ClamAV	0.92.1	2008.03.27	Trojan.Dropper-2529
DrWeb	4.44.0.09170	2008.03.27	-
eSafe	7.0.15.0	2008.03.18	-
eTrust-Vet	31.3.5648	2008.03.27	-
Ewido	4.0	2008.03.27	-
F-Prot	4.4.2.54	2008.03.27	-
F-Secure	6.70.13260.0	2008.03.27	-
FileAdvisor	1	2008.03.27	-
Fortinet	3.14.0.0	2008.03.27	-
Ikarus	T3.1.1.20	2008.03.27	-
Kaspersky	7.0.0.125	2008.03.27	-
McAfee	5260	2008.03.26	-
Microsoft	1.3301	2008.03.27	-
NOD32v2	2978	2008.03.27	Win32/TrojanDownloader.Zlob.BSK
Norman	5.80.02	2008.03.26	-
Panda	9.0.0.4	2008.03.26	-
Prevx1	V2	2008.03.27	-
Rising	20.37.32.00	2008.03.27	-
Sophos	4.27.0	2008.03.27	-
Sunbelt	3.0.978.0	2008.03.18	-
Symantec	10	2008.03.27	-
TheHacker	6.2.92.256	2008.03.27	-
VBA32	3.12.6.3	2008.03.25	suspected of Downloader.Zlob.3
VirusBuster	4.3.26:9	2008.03.27	-
Webwasher-Gateway	6.6.2	2008.03.27	-
Дополнительная информация
File size: 79105 bytes
MD5: 1be640dd5ef61c26011f1cfe70789ad0
SHA1: cc5df9085fae1b4b7a6513043accdbe85bc783d7
PEiD: -
```



```
Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2008.3.26.0	2008.03.27	-
AntiVir	7.6.0.75	2008.03.27	DR/Delphi.Gen
Authentium	4.93.8	2008.03.27	W32/Dropper.LAZ
Avast	4.7.1098.0	2008.03.27	-
AVG	7.5.0.516	2008.03.27	Dropper.Delf.5.AN
BitDefender	7.2	2008.03.27	Trojan.Delf.Inject.H
CAT-QuickHeal	9.50	2008.03.26	-
ClamAV	0.92.1	2008.03.27	-
DrWeb	4.44.0.09170	2008.03.27	-
eSafe	7.0.15.0	2008.03.18	-
eTrust-Vet	31.3.5648	2008.03.27	-
Ewido	4.0	2008.03.27	-
F-Prot	4.4.2.54	2008.03.27	W32/Trojan2.AFNQ
F-Secure	6.70.13260.0	2008.03.27	Smalldrp.gen4
FileAdvisor	1	2008.03.27	-
Fortinet	3.14.0.0	2008.03.27	Dropper.AV!tr
Ikarus	T3.1.1.20	2008.03.27	Virus.Win32.Zapchast.DA
Kaspersky	7.0.0.125	2008.03.27	Trojan-Downloader.Win32.Injecter.kc
McAfee	5260	2008.03.26	Generic Dropper.av
Microsoft	1.3301	2008.03.27	-
NOD32v2	2978	2008.03.27	Win32/TrojanDownloader.Small.OAY
Norman	5.80.02	2008.03.26	Smalldrp.gen4
Panda	9.0.0.4	2008.03.26	-
Prevx1	V2	2008.03.27	-
Rising	20.37.32.00	2008.03.27	Trojan.DL.Win32.Agent.bxw
Sophos	4.27.0	2008.03.27	Mal/Dropper-T
Sunbelt	3.0.978.0	2008.03.18	-
Symantec	10	2008.03.27	-
TheHacker	6.2.92.256	2008.03.27	-
VBA32	3.12.6.3	2008.03.25	-
VirusBuster	4.3.26:9	2008.03.27	-
Webwasher-Gateway	6.6.2	2008.03.27	Trojan.Dropper.Delphi.Gen
Дополнительная информация
File size: 24064 bytes
MD5: 252d25ff311d0f45c3d07ab16d4516bc
SHA1: f75556e3e74ed49927dcd58d97c4791a3b302220
PEiD: -
```

----------


## Karlson

Файл sv32_1.exe получен 2008.03.27 15:49:55 (CET)
Текущий статус: закончено 

Результат: 6/32 (18.75%)



```
АнтивирусВерсияОбновлениеРезультат
AhnLab-V32008.3.26.02008.03.27-
AntiVir7.6.0.752008.03.27TR/Drop.Agent.kla
Authentium4.93.82008.03.27-
Avast4.7.1098.02008.03.26-
AVG7.5.0.5162008.03.27SHeur.AWTZ
BitDefender7.22008.03.27-
CAT-QuickHeal9.502008.03.26(Suspicious) - DNAScan
ClamAV0.92.12008.03.27-
DrWeb4.44.0.091702008.03.27-
eSafe7.0.15.02008.03.18Suspicious File
eTrust-Vet31.3.56482008.03.27-
Ewido4.02008.03.27-
F-Prot4.4.2.542008.03.27-
F-Secure6.70.13260.02008.03.27-
FileAdvisor12008.03.27-
Fortinet3.14.0.02008.03.27-
IkarusT3.1.1.202008.03.27-
Kaspersky7.0.0.1252008.03.27-
McAfee52602008.03.26-
Microsoft1.33012008.03.27-
NOD32v229782008.03.27-
Norman5.80.022008.03.26-
Panda9.0.0.42008.03.26-
Prevx1V22008.03.27-
Rising20.37.32.002008.03.27-
Sophos4.27.02008.03.27Mal/EncPk-CK
Sunbelt3.0.978.02008.03.18-
Symantec102008.03.27-
TheHacker6.2.92.2562008.03.27-
VBA323.12.6.32008.03.25-
VirusBuster4.3.26:92008.03.26-
Webwasher-Gateway6.6.22008.03.27Trojan.Drop.Agent.kla
```

Дополнительная информацияFile size: 147456 bytes
MD5: c0893091514363d0fb03550eb2931ff8
SHA1: 5a3ed6420489687b8d65e3c27336bd34f76cb7f7
PEiD: -

----------


## Биомеханик

AhnLab-V3 2008.3.26.0 2008.03.27 - 
*AntiVir 7.6.0.75 2008.03.27 PCK/UPACK* 
Authentium 4.93.8 2008.03.27 - 
Avast 4.7.1098.0 2008.03.27 - 
AVG 7.5.0.516 2008.03.27 - 
*BitDefender 7.2 2008.03.27 MemScan:Trojan.PWS.LDPinch.TJR 
CAT-QuickHeal 9.50 2008.03.26 (Suspicious) - DNAScan 
ClamAV 0.92.1 2008.03.27 PUA.Packed.UPack-2* 
DrWeb 4.44.0.09170 2008.03.27 - 
*eSafe 7.0.15.0 2008.03.18 Suspicious File* 
eTrust-Vet 31.3.5648 2008.03.27 - 
Ewido 4.0 2008.03.27 - 
FileAdvisor 1 2008.03.27 - 
Fortinet 3.14.0.0 2008.03.27 - 
*F-Prot 4.4.2.54 2008.03.27 W32/Heuristic-162!Eldorado 
F-Secure 6.70.13260.0 2008.03.27 Suspicious:W32/Malware!Gemini* 
Ikarus T3.1.1.20 2008.03.27 - 
Kaspersky 7.0.0.125 2008.03.27 - 
*McAfee 5261 2008.03.27 New Malware.aj 
Microsoft 1.3301 2008.03.27 Trojan:Win32/Alureon.gen!H* 
NOD32v2 2979 2008.03.27 - 
*Norman 5.80.02 2008.03.26 W32/Suspicious_U.gen 
Panda 9.0.0.4 2008.03.26 Suspicious file* 
Prevx1 V2 2008.03.27 - 
Rising 20.37.32.00 2008.03.27 - 
*Sophos 4.27.0 2008.03.27 Mal/Packer 
Sunbelt 3.0.978.0 2008.03.18 VIPRE.Suspicious* 
Symantec 10 2008.03.27 - 
*TheHacker 6.2.92.256 2008.03.27 W32/Behav-Heuristic-060* 
VBA32 3.12.6.3 2008.03.25 - 
*VirusBuster 4.3.26:9 2008.03.27 Packed/Upack 
Webwasher-Gateway 6.6.2 2008.03.27 Packer.UPACK* 
Additional information 
File size: 100000 bytes 
MD5: cd7b6d2574dbca18c7b383c820dcf947 
SHA1: 1df2ebc3b70660f1ef531f1883d6582c38ad6798 
PEiD: Upack V0.37 -> Dwing 
packers: UPack 
packers: PE_Patch, UPack 

Antivirus Version Last Update Result 
AhnLab-V3 2008.3.26.0 2008.03.27 - 
AntiVir 7.6.0.75 2008.03.27 - 
Authentium 4.93.8 2008.03.27 - 
*Avast 4.7.1098.0 2008.03.27 Win32:Vasor 
AVG 7.5.0.516 2008.03.27 Worm/Vasor 
BitDefender 7.2 2008.03.27 Win32.Worm.Vasor.C* 
CAT-QuickHeal 9.50 2008.03.26 - 
*ClamAV 0.92.1 2008.03.27 W32.Vasor 
DrWeb 4.44.0.09170 2008.03.27 Win32.Jakky* 
eSafe 7.0.15.0 2008.03.18 - 
eTrust-Vet 31.3.5648 2008.03.27 - 
Ewido 4.0 2008.03.27 - 
F-Prot 4.4.2.54 2008.03.27 - 
F-Secure 6.70.13260.0 2008.03.27 - 
FileAdvisor 1 2008.03.27 - 
Fortinet 3.14.0.0 2008.03.27 - 
Ikarus T3.1.1.20 2008.03.27 - 
Kaspersky 7.0.0.125 2008.03.27 - 
McAfee 5261 2008.03.27 - 
Microsoft 1.3301 2008.03.27 - 
NOD32v2 2979 2008.03.27 - 
Norman 5.80.02 2008.03.26 - 
Panda 9.0.0.4 2008.03.26 - 
Prevx1 V2 2008.03.27 - 
Rising 20.37.32.00 2008.03.27 - 
Sophos 4.27.0 2008.03.27 - 
Sunbelt 3.0.978.0 2008.03.18 - 
Symantec 10 2008.03.27 - 
TheHacker 6.2.92.256 2008.03.27 - 
VBA32 3.12.6.3 2008.03.25 - 
VirusBuster 4.3.26:9 2008.03.27 - 
Webwasher-Gateway 6.6.2 2008.03.27 -

----------


## Shu_b

Подобьём март.

----------


## Surfer

File video.exe received on 03.31.2008 14:55:32 (CET)

Result: 13/31 (41.94%)

*AhnLab-V3 2008.3.29.0 2008.03.31 Win-Trojan/Downloader.62976.L*
AntiVir 7.6.0.78 2008.03.31 - 
Authentium 4.93.8 2008.03.30 - 
Avast 4.7.1098.0 2008.03.30 - 
*AVG 7.5.0.516 2008.03.31 Agent.RLT
BitDefender 7.2 2008.03.31 Trojan.Downloader.JJSB*
CAT-QuickHeal 9.50 2008.03.28 - 
*ClamAV 0.92.1 2008.03.31 Trojan.Downloader-27278
DrWeb 4.44.0.09170 2008.03.31 Trojan.DownLoader.50204
eSafe 7.0.15.0 2008.03.30 Suspicious File
eTrust-Vet 31.3.5658 2008.03.31 Win32/Collet.Z*
Ewido 4.0 2008.03.31 - 
F-Prot 4.4.2.54 2008.03.30 - 
*F-Secure 6.70.13260.0 2008.03.31 Suspicious:W32/Malware!Gemini*
FileAdvisor 1 2008.03.31 - 
*Fortinet 3.14.0.0 2008.03.31 W32/PolyZlob!tr.dldr*
Ikarus T3.1.1.20 2008.03.31 - 
Kaspersky 7.0.0.125 2008.03.31 - 
McAfee 5262 2008.03.28 - 
*Microsoft 1.3301 2008.03.31 TrojanDownloader:Win32/Cbeplay.B*
*NOD32v2 2986 2008.03.31 Win32/Agent.ETH*
Norman 5.80.02 2008.03.28 - 
Panda 9.0.0.4 2008.03.31 - 
Rising 20.38.01.00 2008.03.31 - 
Sophos 4.28.0 2008.03.31 Troj/Tibs-UE
Sunbelt 3.0.978.0 2008.03.18 - 
Symantec 10 2008.03.31 - 
TheHacker 6.2.92.259 2008.03.30 - 
VBA32 3.12.6.3 2008.03.25 - 
*VirusBuster 4.3.26:9 2008.03.31 Trojan.DL.Zlob.Gen!Pac.46*
Webwasher-Gateway 6.6.2 2008.03.31 - 

http://www.virustotal.com/analisis/6...9ebc803dbad254

Опять кто-то выпал, не могу понять кто =)

----------


## Shu_b

Добавляю график по итогам первого квартала года:

----------


## maXmo

воевал сегодня вот с этим товарищем; свой файл лочит, зараза.
http://www.virustotal.com/analisis/c...f8a84703122a0b
File ntos.exe received on 04.03.2008 10:16:05 (CET)
Result: 7/32 (21.88%)

AhnLab-V3	2008.4.1.2	2008.04.03	-
*AntiVir	7.6.0.80	2008.04.03	TR/Drop.Small.bgy*
Authentium	4.93.8	2008.04.03	-
Avast	4.7.1098.0	2008.04.02	-
*AVG	7.5.0.516	2008.04.02	Generic10.BUS*
BitDefender	7.2	2008.04.03	-
CAT-QuickHeal	9.50	2008.04.02	-
ClamAV	0.92.1	2008.04.02	-
DrWeb	4.44.0.09170	2008.04.03	-
eSafe	7.0.15.0	2008.04.01	-
eTrust-Vet	31.3.5666	2008.04.02	-
Ewido	4.0	2008.04.02	-
F-Prot	4.4.2.54	2008.04.02	-
*F-Secure	6.70.13260.0	2008.04.03	Suspicious:W32/Malware!Gemini*
FileAdvisor	1	2008.04.03	-
Fortinet	3.14.0.0	2008.04.03	-
*Ikarus	T3.1.1.20	2008.04.03	Trojan-Spy.Win32.Zbot.aft*
Kaspersky	7.0.0.125	2008.04.03	-
McAfee	5265	2008.04.02	-
Microsoft	1.3408	2008.04.03	-
NOD32v2	2996	2008.04.03	-
*Norman	5.80.02	2008.04.02	W32/Smalltroj.CTZB
Panda	9.0.0.4	2008.04.02	Trj/Sinowal.ABN*
Prevx1	V2	2008.04.03	-
Rising	20.38.22.00	2008.04.02	-
Sophos	4.28.0	2008.04.03	-
Sunbelt	3.0.978.0	2008.03.18	-
Symantec	10	2008.04.03	-
TheHacker	6.2.92.263	2008.04.03	-
VBA32	3.12.6.3	2008.03.25	-
VirusBuster	4.3.26:9	2008.04.02	-
*Webwasher-Gateway	6.6.2	2008.04.03	Trojan.Drop.Small.bgy*

Additional information
File size: 409600 bytes
MD5: bbf52692e3a8240db57dbf27f69d0672
SHA1: 7bf013472655edd22b4099f27394301e7a6b1667

----------


## DoSTR

t=21000
C:\WINDOWS\system32\drivers\oreans32.sys
(*Добавлено:* ЛК сказала, ничего вредоносного не обнаружено, т.е. ложняк.
*Dr.Web:* Это был не вирус. Присланный Вами файл является драйвером упаковщика Themida)


 Файл oreans32.sys получен 2008.04.04 04:09:23 (CET)	

Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3	2008.4.3.3	2008.04.03	-
AntiVir	7.6.0.80	2008.04.03	-
*Authentium	4.93.8	2008.04.03	W32/Sdbot.AEFT*
Avast	4.7.1098.0	2008.04.04	-
AVG	7.5.0.516	2008.04.04	-
BitDefender	7.2	2008.04.04	-
*CAT-QuickHeal	9.50	2008.04.02	Rootkit.Agent.ad*
ClamAV	0.92.1	2008.04.04	-
DrWeb	4.44.0.09170	2008.04.03	-
eSafe	7.0.15.0	2008.04.01	-
eTrust-Vet	31.3.5669	2008.04.03	-
Ewido	4.0	2008.04.03	-
*F-Prot	4.4.2.54	2008.04.03	W32/Sdbot.AEFT*
F-Secure	6.70.13260.0	2008.04.04	-
FileAdvisor	1	2008.04.04	-
Fortinet	3.14.0.0	2008.04.03	-
Ikarus	T3.1.1.20	2008.04.04	-
Kaspersky	7.0.0.125	2008.04.04	-
McAfee	5266	2008.04.03	-
Microsoft	1.3408	2008.04.03	-
NOD32v2	3001	2008.04.04	-
Norman	5.80.02	2008.04.03	-
Panda	9.0.0.4	2008.04.04	-
Prevx1	V2	2008.04.04	-
Rising	20.38.60.00	2008.04.03	-
Sophos	4.28.0	2008.04.04	-
Sunbelt	3.0.978.0	2008.03.18	-
Symantec	10	2008.04.04	-
TheHacker	6.2.92.264	2008.04.04	-
VBA32	3.12.6.3	2008.03.25	-
VirusBuster	4.3.26:9	2008.04.03	-
Webwasher-Gateway	6.6.2	2008.04.03	-
Дополнительная информация
File size: 33952 bytes
MD5: aad837bf3b475092fd515cd0842334e9
SHA1: 2f845acac30e40d5aea3ccf8d02f5226089366a5
PEiD: -

----------


## wise-wistful

Файл vdmdracp.exe получен 2008.04.04 19:45:38 (CET)
Текущий статус:   закончено 
Результат: 11/32 (34.38%) 



```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.4.4.1	2008.04.04	-
AntiVir	7.6.0.81	2008.04.04	-
Authentium	4.93.8	2008.04.03	-
Avast	4.7.1098.0	2008.04.04	-
AVG	7.5.0.516	2008.04.04	-
BitDefender	7.2	2008.04.04	-
CAT-QuickHeal	9.50	2008.04.04	I-Worm.Warezov.vs
ClamAV	0.92.1	2008.04.04	-
DrWeb	4.44.0.09170	2008.04.04	-
eSafe	7.0.15.0	2008.04.01	-
eTrust-Vet	31.3.5670	2008.04.04	-
Ewido	4.0	2008.04.04	-
F-Prot	4.4.2.54	2008.04.04	W32/Heuristic-162!Eldorado
F-Secure	6.70.13260.0	2008.04.04	W32/Viking.EQ
FileAdvisor	1	2008.04.04	-
Fortinet	3.14.0.0	2008.04.04	-
Ikarus	T3.1.1.20.0	2008.04.04	Backdoor.Win32.Rbot.AJU
Kaspersky	7.0.0.125	2008.04.04	-
McAfee	5267	2008.04.04	New Malware.n
Microsoft	1.3408	2008.04.03	-
NOD32v2	3003	2008.04.04	-
Norman	5.80.02	2008.04.04	W32/Viking.EQ
Panda	9.0.0.4	2008.04.04	Suspicious file
Prevx1	V2	2008.04.04	-
Rising	20.38.60.00	2008.04.03	-
Sophos	4.28.0	2008.04.04	Mal/EncPk-BW
Sunbelt	3.0.978.0	2008.03.18	VIPRE.Suspicious
Symantec	10	2008.04.04	-
TheHacker	6.2.92.264	2008.04.04	W32/Behav-Heuristic-060
VBA32	3.12.6.3	2008.03.25	-
VirusBuster	4.3.26:9	2008.04.04	-
Webwasher-Gateway	6.6.2	2008.04.04	Win32.Malware.gen#Upack (suspicious)
```

Дополнительная информация
File size: 92784 bytes
MD5...: 4bbcb7dcac4cc01ceeeb90c019ca1f33
SHA1..: 6e4414a151e28fd9a4578dd011cfc216ec95a970

Файл mciawinr.dll получен 2008.04.04 19:48:32 (CET)
Текущий статус:    закончено 
Результат: 16/32 (50%) 



```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.4.4.1	2008.04.04	Win32/Stration.worm.Gen
AntiVir	7.6.0.81	2008.04.04	Worm/Warezov.PZ.2
Authentium	4.93.8	2008.04.03	-
Avast	4.7.1098.0	2008.04.04	Win32:Warezov-BVH
AVG	7.5.0.516	2008.04.04	I-Worm/Stration
BitDefender	7.2	2008.04.04	Worm.Warezov.PZ
CAT-QuickHeal	9.50	2008.04.04	Worm.Warezov.pz
ClamAV	0.92.1	2008.04.04	-
DrWeb	4.44.0.09170	2008.04.04	-
eSafe	7.0.15.0	2008.04.01	-
eTrust-Vet	31.3.5670	2008.04.04	-
Ewido	4.0	2008.04.04	-
F-Prot	4.4.2.54	2008.04.04	-
F-Secure	6.70.13260.0	2008.04.04	-
FileAdvisor	1	2008.04.04	-
Fortinet	3.14.0.0	2008.04.04	W32/[email protected]
Ikarus	T3.1.1.20.0	2008.04.04	Virus.Win32.Warezov.BVH
Kaspersky	7.0.0.125	2008.04.04	-
McAfee	5267	2008.04.04	W32/[email protected]
Microsoft	1.3408	2008.04.03	Trojan:Win32/Stration.F!dll
NOD32v2	3003	2008.04.04	-
Norman	5.80.02	2008.04.04	W32/Stration.JCV
Panda	9.0.0.4	2008.04.04	-
Prevx1	V2	2008.04.04	I-Worm/Stration
Rising	20.38.60.00	2008.04.03	-
Sophos	4.28.0	2008.04.04	W32/Strati-Gen
Sunbelt	3.0.978.0	2008.03.18	Worm.Warezov.PZ
Symantec	10	2008.04.04	[email protected]
TheHacker	6.2.92.264	2008.04.04	-
VBA32	3.12.6.3	2008.03.25	-
VirusBuster	4.3.26:9	2008.04.04	-
Webwasher-Gateway	6.6.2	2008.04.04	Worm.Warezov.PZ.2
```

Дополнительная информация
File size: 32768 bytes
MD5...: c569301e995cdf7bbdceaeacdf5405b0
SHA1..: 0a5e1e8b467b5a21cb823a9c15adf561a06310bc

*Добавлено через 3 часа 42 минуты*

Файл ikkfwwjq.dll получен 2008.04.04 23:39:35 (CET)
Текущий статус:   закончено 
Результат: 12/32 (37.5%) 



```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.4.4.1	2008.04.04	-
AntiVir	7.6.0.81	2008.04.04	TR/Vundo.Gen
Authentium	4.93.8	2008.04.04	-
Avast	4.7.1098.0	2008.04.04	Win32:TratBHO
AVG	7.5.0.516	2008.04.04	Lop
BitDefender	7.2	2008.04.04	-
CAT-QuickHeal	9.50	2008.04.04	-
ClamAV	0.92.1	2008.04.04	-
DrWeb	4.44.0.09170	2008.04.04	-
eSafe	7.0.15.0	2008.04.01	Suspicious File
eTrust-Vet	31.3.5670	2008.04.04	-
Ewido	4.0	2008.04.04	-
F-Prot	4.4.2.54	2008.04.04	W32/Virtumonde.G.gen!Eldorado
F-Secure	6.70.13260.0	2008.04.04	-
FileAdvisor	1	2008.04.04	-
Fortinet	3.14.0.0	2008.04.04	-
Ikarus	T3.1.1.20	2008.04.04	-
Kaspersky	7.0.0.125	2008.04.04	-
McAfee	5267	2008.04.04	-
Microsoft	1.3408	2008.04.03	Trojan:Win32/Vundo.gen!D
NOD32v2	3003	2008.04.04	-
Norman	5.80.02	2008.04.04	Vundo.gen145
Panda	9.0.0.4	2008.04.04	Suspicious file
Prevx1	V2	2008.04.04	-
Rising	20.38.60.00	2008.04.03	AdWare.Win32.Virtumonde.ggu
Sophos	4.28.0	2008.04.04	Troj/Virtum-Gen
Sunbelt	3.0.978.0	2008.03.18	-
Symantec	10	2008.04.04	-
TheHacker	6.2.92.265	2008.04.04	-
VBA32	3.12.6.3	2008.03.25	-
VirusBuster	4.3.26:9	2008.04.04	Adware.Vundo.Gen!Pac.18
Webwasher-Gateway	6.6.2	2008.04.04	Trojan.Vundo.Gen
```

Дополнительная информация
File size: 85056 bytes
MD5...: bb010e8aaef035aeeac9eb794bba9db8
SHA1..: 120e8b51a5a485ada698e671fa07d947b09280f1

Файл osntlurh.dll получен 2008.04.04 23:40:39 (CET)
Текущий статус:     закончено 
Результат: 8/32 (25%) 


```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.4.4.1	2008.04.04	-
AntiVir	7.6.0.81	2008.04.04	TR/Vundo.Gen
Authentium	4.93.8	2008.04.04	-
Avast	4.7.1098.0	2008.04.04	-
AVG	7.5.0.516	2008.04.04	-
BitDefender	7.2	2008.04.04	-
CAT-QuickHeal	9.50	2008.04.04	-
ClamAV	0.92.1	2008.04.04	-
DrWeb	4.44.0.09170	2008.04.04	-
eSafe	7.0.15.0	2008.04.01	Suspicious File
eTrust-Vet	31.3.5670	2008.04.04	-
Ewido	4.0	2008.04.04	-
F-Prot	4.4.2.54	2008.04.04	W32/Virtumonde.G.gen!Eldorado
F-Secure	6.70.13260.0	2008.04.04	-
FileAdvisor	1	2008.04.04	-
Fortinet	3.14.0.0	2008.04.04	-
Ikarus	T3.1.1.20	2008.04.04	-
Kaspersky	7.0.0.125	2008.04.04	-
McAfee	5267	2008.04.04	-
Microsoft	1.3408	2008.04.03	Trojan:Win32/Vundo.gen!D
NOD32v2	3003	2008.04.04	-
Norman	5.80.02	2008.04.04	-
Panda	9.0.0.4	2008.04.04	Suspicious file
Prevx1	V2	2008.04.04	-
Rising	20.38.60.00	2008.04.03	-
Sophos	4.28.0	2008.04.04	Sus/Behav-200
Sunbelt	3.0.978.0	2008.03.18	-
Symantec	10	2008.04.04	-
TheHacker	6.2.92.265	2008.04.04	-
VBA32	3.12.6.3	2008.03.25	-
VirusBuster	4.3.26:9	2008.04.04	Adware.Vundo.Gen!Pac.18
Webwasher-Gateway	6.6.2	2008.04.04	Trojan.Vundo.Gen
```

Дополнительная информация
File size: 87104 bytes
MD5...: 3702ec0ff8d47a9cebe6a96312235d02
SHA1..: 49c1ce6871a5a0276179bc8df1c08e29271b6398

Файл avz00005.dta получен 2008.04.04 23:45:31 (CET)
Текущий статус:   закончено 
Результат: 12/32 (37.5%) 


```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.4.4.1	2008.04.04	-
AntiVir	7.6.0.81	2008.04.04	TR/Vundo.Gen
Authentium	4.93.8	2008.04.04	-
Avast	4.7.1098.0	2008.04.04	Win32:TratBHO
AVG	7.5.0.516	2008.04.04	-
BitDefender	7.2	2008.04.04	Trojan.Vundo.EFK
CAT-QuickHeal	9.50	2008.04.04	-
ClamAV	None	2008.04.04	-
DrWeb	4.44.0.09170	2008.04.04	-
eSafe	7.0.15.0	2008.04.01	-
eTrust-Vet	31.3.5672	2008.04.04	Win32/Vundo.VT
Ewido	4.0	2008.04.04	-
F-Prot	4.4.2.54	2008.04.04	W32/Virtumonde.G.gen!Eldorado
F-Secure	6.70.13260.0	2008.04.04	-
FileAdvisor	1	2008.04.04	-
Fortinet	3.14.0.0	2008.04.04	-
Ikarus	T3.1.1.20	2008.04.04	-
Kaspersky	7.0.0.125	2008.04.04	-
McAfee	5267	2008.04.04	Vundo
Microsoft	1.3408	2008.04.03	Trojan:Win32/Vundo.gen!D
NOD32v2	3003	2008.04.04	-
Norman	5.80.02	2008.04.04	Vundo.gen148
Panda	9.0.0.4	2008.04.04	Spyware/Virtumonde
Prevx1	V2	2008.04.04	-
Rising	20.38.60.00	2008.04.03	AdWare.Win32.Virtumonde.gjw
Sophos	4.28.0	2008.04.04	Troj/Virtum-Gen
Sunbelt	3.0.978.0	2008.03.18	-
Symantec	10	2008.04.04	-
TheHacker	6.2.92.265	2008.04.04	-
VBA32	3.12.6.3	2008.03.25	-
VirusBuster	4.3.26:9	2008.04.04	-
Webwasher-Gateway	6.6.2	2008.04.04	Trojan.Vundo.Gen
```

Дополнительная информация
File size: 268288 bytes
MD5...: f36ef78d354211b10f1a8531375a30d8
SHA1..: 1135ce57d8e55b16b029f9a3097264817d5c088e

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## rubin

baseage32.dll

Файл avz00005.dta получен 2008.04.05 10:37:28 (CET)
Текущий статус:   закончено 
Результат: 8/32 (25%)



```
AhnLab-V3	2008.4.4.1	2008.04.04	-
AntiVir	7.6.0.81	2008.04.04	HEUR/Crypted
Authentium	4.93.8	2008.04.05	-
Avast	4.7.1098.0	2008.04.04	-
AVG	7.5.0.516	2008.04.04	Agent.STC
BitDefender	7.2	2008.04.05	Trojan.Inject.GF
CAT-QuickHeal	9.50	2008.04.05	-
ClamAV	0.92.1	2008.04.05	-
DrWeb	4.44.0.09170	2008.04.05	-
eSafe	7.0.15.0	2008.04.01	-
eTrust-Vet	31.3.5672	2008.04.04	-
Ewido	4.0	2008.04.04	-
F-Prot	4.4.2.54	2008.04.04	-
F-Secure	6.70.13260.0	2008.04.05	-
FileAdvisor	1	2008.04.05	-
Fortinet	3.14.0.0	2008.04.05	-
Ikarus	T3.1.1.20	2008.04.05	Trojan.Inject.GF
Kaspersky	7.0.0.125	2008.04.05	-
McAfee	5267	2008.04.04	-
Microsoft	1.3408	2008.04.05	-
NOD32v2	3004	2008.04.05	-
Norman	5.80.02	2008.04.04	-
Panda	9.0.0.4	2008.04.04	Suspicious file
Prevx1	V2	2008.04.05	Generic.Malware
Rising	20.38.60.00	2008.04.03	-
Sophos	4.28.0	2008.04.05	-
Sunbelt	3.0.1032.0	2008.04.05	-
Symantec	10	2008.04.05	-
TheHacker	6.2.92.265	2008.04.04	-
VBA32	3.12.6.3	2008.03.25	-
VirusBuster	4.3.26:9	2008.04.04	Trojan.DL.BServ.Gen
Webwasher-Gateway	6.6.2	2008.04.04	Heuristic.Crypted
```

File size: 24576 bytes
MD5...: ef035fa27be59e3abdbb46e1299d9803
SHA1..: 3f9a3f2d9a08fe668d06e8a96dbf8c5b185b6958
SHA256: f21b6ac72a943ad9d17eafdaea01704e4e4d6c1a8520cf782c  7da8df61331d49
SHA512: 641ec0147cb0c3877d439d36ec728fdad445eacc08e79c97b4  6409df3a3133b9
f81d7a6078d08e096182aecdddaebc0e4f308790a94a749f65  6c91db89f766aa
PEiD..: -


ntos.exe
Файл avz00008.dta получен 2008.04.05 10:37:46 (CET)


```
AhnLab-V3	2008.4.4.1	2008.04.04	-
AntiVir	7.6.0.81	2008.04.04	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.04.05	-
Avast	4.7.1098.0	2008.04.04	Win32:Crypt-TN
AVG	7.5.0.516	2008.04.04	-
BitDefender	7.2	2008.04.05	Trojan.Spy.ZBot.AM
CAT-QuickHeal	9.50	2008.04.05	-
ClamAV	0.92.1	2008.04.05	-
DrWeb	4.44.0.09170	2008.04.05	Trojan.Packed.424
eSafe	7.0.15.0	2008.04.01	-
eTrust-Vet	31.3.5672	2008.04.04	-
Ewido	4.0	2008.04.04	Logger.Zbot.alo
F-Prot	4.4.2.54	2008.04.04	-
F-Secure	6.70.13260.0	2008.04.05	Suspicious:W32/Malware!Gemini
FileAdvisor	1	2008.04.05	-
Fortinet	3.14.0.0	2008.04.05	-
Ikarus	T3.1.1.20	2008.04.05	-
Kaspersky	7.0.0.125	2008.04.05	-
McAfee	5267	2008.04.04	-
Microsoft	1.3408	2008.04.05	PWS:Win32/Zbot.gen!A
NOD32v2	3004	2008.04.05	-
Norman	5.80.02	2008.04.04	-
Panda	9.0.0.4	2008.04.04	-
Prevx1	V2	2008.04.05	-
Rising	20.38.60.00	2008.04.03	-
Sophos	4.28.0	2008.04.05	Troj/Zbot-L
Sunbelt	3.0.1032.0	2008.04.05	-
Symantec	10	2008.04.05	-
TheHacker	6.2.92.265	2008.04.04	-
VBA32	3.12.6.3	2008.03.25	-
VirusBuster	4.3.26:9	2008.04.04	-
Webwasher-Gateway	6.6.2	2008.04.04	Trojan.Crypt.XPACK.Gen
```

File size: 460288 bytes
MD5...: 3ba363e27f85e5b4c60cbec1d37ee82a
SHA1..: 978c5512dca4d8166c359f206a81c2877bbfd422
SHA256: f722e4d2b82460af90e987d9192ebfd4c5c1614d39adda1088  9266495cf78f3f
SHA512: 5d8fdca251bad5d008070becb38db50758c362c822158f4efc  4327049a4d6cff
0b57acd78d4ae63fc3b368b383dc1cac867e2fa1cf68faa6c8  f53882bbca1c25
PEiD..: -

----------


## yu_mor

Файл avz00004.dta получен 2008.04.08 03:59:35 (CET)
Текущий статус: закончено 

Результат: 16/32 (50.00%)
Форматированные Печать результатов 
Антивирус Версия Обновление Результат 


```
 
AhnLab-V3 2008.4.8.0 2008.04.07 Win-Trojan/Agent.46592.CZ 
AntiVir 7.6.0.81 2008.04.07 TR/Dldr.Agent.mkb.5 
Authentium 4.93.8 2008.04.08 - 
Avast 4.8.1169.0 2008.04.07 - 
AVG 7.5.0.516 2008.04.07 Downloader.Agent.AEWS 
BitDefender 7.2 2008.04.08 DeepScan:Generic.Malware.SFYd.AC1C730F 
CAT-QuickHeal 9.50 2008.04.05 - 
ClamAV 0.92.1 2008.04.08 - 
DrWeb 4.44.0.09170 2008.04.08 Trojan.DownLoader.56617 
eSafe 7.0.15.0 2008.04.01 suspicious Trojan/Worm 
eTrust-Vet 31.3.5680 2008.04.08 Win32/SillyDl.EDE 
Ewido 4.0 2008.04.07 - 
F-Prot 4.4.2.54 2008.04.07 - 
F-Secure 6.70.13260.0 2008.04.08 Trojan-Downloader.Win32.Agent.mkb 
FileAdvisor 1 2008.04.08 - 
Fortinet 3.14.0.0 2008.04.07 - 
Ikarus T3.1.1.26 2008.04.07 Trojan-Downloader.Win32.Agent.mkb 
Kaspersky 7.0.0.125 2008.04.08 Trojan-Downloader.Win32.Agent.mkb 
McAfee 5268 2008.04.07 - 
Microsoft 1.3408 2008.04.06 Spammer:Win32/Newacc.A 
NOD32v2 3008 2008.04.08 - 
Norman 5.80.02 2008.04.07 W32/Agent.FDVK 
Panda 9.0.0.4 2008.04.07 - 
Prevx1 V2 2008.04.08 Generic.Malware 
Rising 20.38.60.00 2008.04.03 - 
Sophos 4.28.0 2008.04.08 Mal/Generic-A 
Sunbelt 3.0.1032.0 2008.04.08 - 
Symantec 10 2008.04.08 Backdoor.Trojan 
TheHacker 6.2.92.267 2008.04.07 - 
VBA32 3.12.6.4 2008.04.06 - 
VirusBuster 4.3.26:9 2008.04.07 - 
Webwasher-Gateway 6.6.2 2008.04.07 Trojan.Dldr.Agent.mkb.5 
```

Дополнительная информация 
File size: 46592 bytes 
MD5...: 7a211534c048a7d67732e8c29007e95b

----------


## senyak

Файл hosts.rar получен 2008.04.11 22:03:50 (CET)
Текущий статус: закончено 
Результат: 2/32 (6.25%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.4.12.0	2008.04.11	-
> AntiVir	7.6.0.85	2008.04.11	-
> Authentium	4.93.8	2008.04.11	-
> Avast	4.8.1169.0	2008.04.11	-
> AVG	7.5.0.516	2008.04.11	-
> BitDefender	7.2	2008.04.11	-
> CAT-QuickHeal	9.50	2008.04.11	-
> ClamAV	0.92.1	2008.04.11	-
> ...


Дополнительная информация
File size: 609 bytes
MD5...: f98c91c6ea2475d9911cd5094c165fd1
SHA1..: d6e2b8ab38528e568d53a17f6ec09673b3fbeb08
SHA256: 07405a553b2bd3f246bf33265baf2cc8cb6a4080874ab5f715  2d332064ce1071
SHA512: 3f0f161802c4cf2b9f7ea9fbaa489fed8474eb5d29ecdd1463  4470399f8e78cf
7e886014cf27e8f51a9bb447f693320fffd1239ae9c8aec13d  69fbe30bb91761
PEiD..: -
PEInfo: -

----------


## strawser

File HTMLInfected.WebPage.Gen.exe received on 04.12.2008 20 :20: 47 (CET)

AhnLab-V3	2008.4.12.0	2008.04.11	-
*AntiVir	7.6.0.85	2008.04.11	HTML/Infected.WebPage.Gen*
Authentium	4.93.8	2008.04.11	-
Avast	4.8.1169.0	2008.04.12	-
AVG	7.5.0.516	2008.04.12	-
BitDefender	7.2	2008.04.12	-
CAT-QuickHeal	9.50	2008.04.12	-
ClamAV	0.92.1	2008.04.12	-
DrWeb	4.44.0.09170	2008.04.12	-
eSafe	7.0.15.0	2008.04.09	-
eTrust-Vet	31.3.5692	2008.04.11	-
Ewido	4.0	2008.04.12	-
F-Prot	4.4.2.54	2008.04.11	-
*F-Secure	6.70.13260.0	2008.04.11	Trojan-Downloader.HTML.IFrame.fl*
FileAdvisor	1	2008.04.12	-
Fortinet	3.14.0.0	2008.04.12	-
*Ikarus	T3.1.1.26	2008.04.12	Trojan-Downloader.HTML.IFrame.fl
Kaspersky	7.0.0.125	2008.04.12	Trojan-Downloader.HTML.IFrame.fl*
McAfee	5272	2008.04.11	-
Microsoft	1.3408	2008.04.12	-
NOD32v2	3020	2008.04.11	-
Norman	5.80.02	2008.04.12	-
Panda	9.0.0.4	2008.04.12	-
Prevx1	V2	2008.04.12	-
Rising	20.39.52.00	2008.04.12	-
Sophos	4.28.0	2008.04.12	-
Sunbelt	3.0.1041.0	2008.04.12	-
Symantec	10	2008.04.12	-
TheHacker	6.2.92.275	2008.04.12	-
VBA32	3.12.6.4	2008.04.06	-
VirusBuster	4.3.26:9	2008.04.12	-
*Webwasher-Gateway	6.6.2	2008.04.11	Script.Infected.WebPage.Gen*
Additional information
File size: 3218 bytes
MD5...: a205833ad3b8846526f34cf640479cc4
SHA1..: d41d0e94ec7768c36c99d9413ae754389570bd86
SHA256: e4b370d4d5b64f07e97b3f497f5c5be48d2163c37285adb1cb  153080c69d2274
SHA512: 87077f688effe4c3f1f3686db0e61c8f959ba3eb226450bb36  d0dd08e7c56e70
cd9083027b3bb8936c5f130d85f676e2eb9b811a40e9b33c6d  7aa16a825753a7
PEiD..: -
PEInfo: -

----------


## senyak

Файл ECC.exe получен 2008.04.16 22:59:48 (CET)
Текущий статус:    закончено 
Результат: 12/32 (37.5%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.4.17.0	2008.04.16	-
> *AntiVir	7.6.0.85	2008.04.16	TR/Dropper.Gen*
> Authentium	4.93.8	2008.04.16	-
> *Avast	4.8.1169.0	2008.04.16	Win32ropper-AQ*
> AVG	7.5.0.516	2008.04.16	-
> BitDefender	7.2	2008.04.16	-
> CAT-QuickHeal	9.50	2008.04.16	-
> ClamAV	0.92.1	2008.04.16	-
> ...


Дополнительная информация
File size: 121882 bytes
MD5...: 122012c37511b5b009473afe6d6a3477
SHA1..: 0ac9e05c2917a1650dde20c99c3122438bc227bc
SHA256: 813649a1af7bea223da8361c81e2e93a30870d2290c12a42e0  67f720849a1fd1
SHA512: 5a95da63534c05232c9ec948f81ff1cdff106935ace38407e0  07cf25b9faa806
d69acbc996b71cb0d50ea61309d24a35da6535b6878663fd42  a8a7b495b02e74
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

----------


## mayas

File macctl.exe received on 04.19.2008 01:08:08 (CET)

Result: 12/32 (37.5%)




> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3	2008.4.19.0	2008.04.18	-
> AntiVir	7.8.0.8	2008.04.18	*TR/Crypt.XPACK.Gen*
> Authentium	4.93.8	2008.04.18	-
> Avast	4.8.1169.0	2008.04.18	*Win32:Agent-KIW*
> AVG	7.5.0.516	2008.04.18	*Win32/PolyCrypt*
> BitDefender	7.2	2008.04.18	-
> CAT-QuickHeal	9.50	2008.04.18	*(Suspicious) - DNAScan*
> ClamAV	0.92.1	2008.04.19	-
> ...


*Добавлено через 15 минут*

исчо

File lansetm.exe received on 04.19.2008 01:21:43 (CET)

Result: 7/32 (21.88%)



> AhnLab-V3	2008.4.19.0	2008.04.18	-
> AntiVir	7.8.0.8	2008.04.18	*TR/Crypt.XPACK.Gen*
> Authentium	4.93.8	2008.04.18	-
> Avast	4.8.1169.0	2008.04.18	-
> AVG	7.5.0.516	2008.04.18	_Pakes_
> BitDefender	7.2	2008.04.18	-
> CAT-QuickHeal	9.50	2008.04.18	_(Suspicious) - DNAScan_
> ClamAV	0.92.1	2008.04.19	-
> DrWeb	4.44.0.09170	2008.04.18	-
> ...

----------


## rubin

новый amvo



```
AhnLab-V3	2008.4.19.0	2008.04.18	-
AntiVir	7.8.0.8	2008.04.18	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.04.18	W32/PWStealer.OGA
Avast	4.8.1169.0	2008.04.18	-
AVG	7.5.0.516	2008.04.18	-
BitDefender	7.2	2008.04.19	Packer.Malware.NSAnti.AD
CAT-QuickHeal	9.50	2008.04.19	TrojanPSW.OnLineGames.xli
ClamAV	0.92.1	2008.04.19	Trojan.Spy-29186
DrWeb	4.44.0.09170	2008.04.19	Win32.HLLW.Taterf.2
eSafe	7.0.15.0	2008.04.17	suspicious Trojan/Worm
eTrust-Vet	31.3.5714	2008.04.19	Win32/Frethog.APB
Ewido	4.0	2008.04.18	-
F-Prot	4.4.2.54	2008.04.18	W32/PWStealer.OGA
FileAdvisor	1	2008.04.19	-
Fortinet	3.14.0.0	2008.04.19	W32/OnLineGamesEncPK.fam!tr.pws
Ikarus	T3.1.1.26.0	2008.04.19	-
Kaspersky	7.0.0.125	2008.04.19	-
McAfee	5277	2008.04.18	W32/Autorun.worm.bx.gen
Microsoft	1.3408	2008.04.19	Worm:Win32/Taterf.gen!C
NOD32v2	3040	2008.04.19	Win32/PSW.OnLineGames.NMY
Panda	9.0.0.4	2008.04.19	Suspicious file
Prevx1	V2	2008.04.19	Heuristic: Suspicious Self Modifying EXE
Rising	20.40.51.00	2008.04.19	Packer.Win32.Mian007.a
Sophos	4.28.0	2008.04.19	Mal/EncPk-CE
Sunbelt	3.0.1056.0	2008.04.17	VIPRE.Suspicious
TheHacker	6.2.92.284	2008.04.18	Trojan/PSW.OnLineGames.xli
VBA32	3.12.6.4	2008.04.16	Malware-Cryptor.Win32.NSAnti
VirusBuster	4.3.26:9	2008.04.18	Trojan.Lineage.Gen!Pac.3
Webwasher-Gateway	6.6.2	2008.04.18	Trojan.Crypt.XPACK.Gen
```

File size: 103936 bytes
MD5...: 324d5d34e89f3774d6e6ea5bb13071a6
SHA1..: 59466ad66afc1de5916f0e6c712c1bea074cabb7




```
AhnLab-V3	2008.4.19.0	2008.04.18	Win-Trojan/OnlineGameHack.70656.K
AntiVir	7.8.0.8	2008.04.18	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.04.18	W32/PWStealer.OGA
Avast	4.8.1169.0	2008.04.18	Win32:OnLineGames-DIK
AVG	7.5.0.516	2008.04.18	PSW.OnlineGames.AW
BitDefender	7.2	2008.04.19	Packer.Malware.NSAnti.AD
CAT-QuickHeal	9.50	2008.04.19	-
ClamAV	0.92.1	2008.04.19	-
DrWeb	4.44.0.09170	2008.04.19	Win32.HLLW.Taterf.2
eSafe	7.0.15.0	2008.04.17	suspicious Trojan/Worm
eTrust-Vet	31.3.5714	2008.04.19	Win32/VMalum.CNDD
Ewido	4.0	2008.04.18	-
F-Prot	4.4.2.54	2008.04.18	W32/PWStealer.OGA
F-Secure	6.70.13260.0	2008.04.19	-
FileAdvisor	1	2008.04.19	-
Fortinet	3.14.0.0	2008.04.19	W32/OnLineGamesEncPK.fam!tr.pws
Ikarus	T3.1.1.26	2008.04.19	Packer.Malware.NSAnti.AA
Kaspersky	7.0.0.125	2008.04.19	-
McAfee	5277	2008.04.18	W32/Autorun.worm.bx.gen.dll
Microsoft	1.3408	2008.04.19	Worm:Win32/Taterf.A.dll
NOD32v2	3040	2008.04.19	Win32/PSW.OnLineGames.NMP
Norman	5.80.02	2008.04.18	W32/NSAnti.HZW
Panda	9.0.0.4	2008.04.19	W32/Lineage.IBZ.worm
Prevx1	V2	2008.04.19	KAVKOP:Payload-A
Rising	20.40.51.00	2008.04.19	Packer.Win32.Mian007.a
Sophos	4.28.0	2008.04.19	Mal/EncPk-CE
Sunbelt	3.0.1056.0	2008.04.17	Trojan.Crypt.XPACK.Gen
Symantec	10	2008.04.19	Packed.Generic.61
TheHacker	6.2.92.284	2008.04.18	-
VBA32	3.12.6.4	2008.04.16	Malware-Cryptor.Win32.NSAnti
VirusBuster	4.3.26:9	2008.04.18	Trojan.Lineage.Gen!Pac.3
Webwasher-Gateway	6.6.2	2008.04.18	Trojan.Crypt.XPACK.Gen
```

File size: 70656 bytes
MD5...: 6580ab7609b5b00abf90ff06cc772357
SHA1..: 5b7b5b243a1f626569e098707e3ada0af3b887a6

----------


## senyak

Файл BitAccelerator.dll получен 2008.04.19 11:23:23 (CET)
Текущий статус:   закончено 
Результат: 5/32 (15.63%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.4.19.0	2008.04.18	-
> AntiVir	7.8.0.8	2008.04.18	-
> Authentium	4.93.8	2008.04.18	-
> Avast	4.8.1169.0	2008.04.18	-
> AVG	7.5.0.516	2008.04.18	-
> BitDefender	7.2	2008.04.19	-
> *CAT-QuickHeal	9.50	2008.04.19	AdTool.BitAccelerator.m (Not a Virus)*
> ClamAV	0.92.1	2008.04.19	-
> ...


File size: 90112 bytes
MD5...: 30a75f73869a6dac1e8fdd3c983c11c4
SHA1..: 10aac98994226e11dea9038b245d94f41956e541
SHA256: f484dcf7b659b35e3f05dd4992209d077d1ca7741c01ed06ce  bccb431483267e
SHA512: a8878a9e8904b35f1a460e8ce402f820d32f5e43cf7493abee  1a27c10a21c8da
1d8fc50b0cab37ed3ffbd6cbfd08d6c8ceee3f902790790e35  d740bf1fad4f9e
PEiD..: Armadillo v1.xx - v2.xx

*Добавлено через 43 минуты*

Файл fitW.exe получен 2008.04.19 13:48:05 (CET)
Текущий статус:    закончено 
Результат: 17/32 (53.13%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.4.19.0	2008.04.18	-
> AntiVir	7.8.0.8	2008.04.18	-
> Authentium	4.93.8	2008.04.18	-
> Avast	4.8.1169.0	2008.04.18	-
> AVG	7.5.0.516	2008.04.18	-
> BitDefender	7.2	2008.04.19	-
> *CAT-QuickHeal	9.50	2008.04.19	(Suspicious) - DNAScan
> ClamAV	0.92.1	2008.04.19	PUA.Packed.UPack-2*
> ...

----------


## Синауридзе Александр

Файл file883.exe получен 2008.04.20 04:57:53 (CET)

AhnLab-V3  2008.4.19.0  2008.04.18  -
*AntiVir  7.8.0.8  2008.04.18  TR/Agent.97280.2*
Authentium  4.93.8  2008.04.19  -
Avast  4.8.1169.0  2008.04.19  -
*AVG  7.5.0.516  2008.04.19  Generic10.LUK*
*BitDefender  7.2  2008.04.20  Generic.Malware.SQwg.455789D3*
CAT-QuickHeal  9.50  2008.04.19  -
*ClamAV  0.92.1  2008.04.20  Worm.Mytob.AS*
*DrWeb  4.44.0.09170  2008.04.19  BACKDOOR.Trojan*
*eSafe  7.0.15.0  2008.04.17  Suspicious File*
eTrust-Vet  31.3.5714  2008.04.19  -
*Ewido  4.0  2008.04.19  Heuristic.Win32.HostFile*
F-Prot  4.4.2.54  2008.04.20  -
F-Secure  6.70.13260.0  2008.04.19  -
FileAdvisor  1  2008.04.20  -
Fortinet  3.14.0.0  2008.04.20  -
*Ikarus  T3.1.1.26  2008.04.20  Win32.SuspectCrc*
*Kaspersky  7.0.0.125  2008.04.20  Email-Worm.Win32.Anker.n*
McAfee  5277  2008.04.18  -
*Microsoft  1.3408  2008.04.20  Trojan:Win32/Meredrop*
*NOD32v2  3041  2008.04.19  probably unknown NewHeur_PE virus*
Norman  5.80.02  2008.04.18  -
Panda  9.0.0.4  2008.04.19  -
Prevx1  V2  2008.04.20  -
Rising  20.40.52.00  2008.04.19  -
*Sophos  4.28.0  2008.04.19  Mal/Generic-A*
Sunbelt  3.0.1056.0  2008.04.17  -
TheHacker  6.2.92.285  2008.04.19  -
*VBA32  3.12.6.4  2008.04.16  suspected of MalwareScope.Trojan-PSW.Pinch.3 (paranoid heuristics)*
VirusBuster  4.3.26:9  2008.04.19  -
*Webwasher-Gateway  6.6.2  2008.04.18  Trojan.Agent.97280.2*

Дополнительная информация
File size: 97280 bytes
  MD5...: c75679d4bfc020afba3cd11d3dddd80a
  SHA1..: 5046691d53ff7c180c13cc84e6fe3b0c4a946817
  SHA256: da01983f8fb96d266c3a560d93df131b9062619880ee36afc1  0229c97d096afd
  SHA512: 8551420f913cb70110fbee0cd5307914563170f5dca8884405  31b54023a54068
5e383dfdf8c53baa85dae231b5634c549b925bf99aad579b27  5db1363f625ab7
  PEiD..: ASPack v2.12 -> Alexey Solodovnikov
  PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x435001
timedatestamp.....: 0x48050fab (Tue Apr 15 20:27:23 200 :Cool: 
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x28000 0x13000 8.00 df9bf69f65d64712f3b616fbee4e2de5
.rdata 0x29000 0x7000 0x2400 7.97 e301ea0fe1337897c53f7a6bf54a060c
.data 0x30000 0x4000 0x800 7.83 8fb79af6bb5aa0f21183a24089b8dd9f
.rsrc 0x34000 0x1000 0x200 1.68 d59201a6e7ea249416fcd5bd39985275
.aspack 0x35000 0x2000 0x1800 5.66 621d7157e3fe7609137e67c88975b448
.adata 0x37000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 8 imports ) 
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> shell32.dll: -
> user32.dll: TranslateMessage
> advapi32.dll: SetServiceStatus
> ole32.dll: OleInitialize
> oleaut32.dll: -
> iphlpapi.dll: GetIpAddrTable
> ws2_32.dll: -

( 0 exports ) 
  packers: Aspack
  packers: ASPack

----------


## rubin

Файл avz00006.dta получен 2008.04.20 20:02:19 (CET)



```
AhnLab-V3	2008.4.19.0	2008.04.18	-
AntiVir	7.8.0.8	2008.04.18	TR/BHO.Delf.M.2
Authentium	4.93.8	2008.04.20	-
Avast	4.8.1169.0	2008.04.20	-
AVG	7.5.0.516	2008.04.20	Downloader.Delf.12.AN
BitDefender	7.2	2008.04.20	-
CAT-QuickHeal	9.50	2008.04.19	-
ClamAV	0.92.1	2008.04.20	-
DrWeb	4.44.0.09170	2008.04.20	-
eSafe	7.0.15.0	2008.04.17	suspicious Trojan/Worm
eTrust-Vet	31.3.5714	2008.04.19	Win32/Kvol!generic
Ewido	4.0	2008.04.20	-
F-Prot	4.4.2.54	2008.04.20	-
F-Secure	6.70.13260.0	2008.04.20	-
FileAdvisor	1	2008.04.20	-
Fortinet	3.14.0.0	2008.04.20	-
Ikarus	T3.1.1.26.0	2008.04.20	Virus.Trojan.Win32.Pakes.cdw
Kaspersky	7.0.0.125	2008.04.20	-
McAfee	5277	2008.04.18	-
Microsoft	1.3408	2008.04.20	Trojan:Win32/Boaxxe.B
NOD32v2	3041	2008.04.19	-
Norman	5.80.02	2008.04.18	-
Panda	9.0.0.4	2008.04.20	Suspicious file
Prevx1	V2	2008.04.20	Generic.Malware
Rising	20.40.62.00	2008.04.20	Trojan.Clicker.Win32.Delf.mm
Sophos	4.28.0	2008.04.20	-
Sunbelt	3.0.1056.0	2008.04.17	Trojan.BHO.Delf.M.2
Symantec	10	2008.04.20	Trojan Horse
TheHacker	6.2.92.285	2008.04.19	-
VBA32	3.12.6.4	2008.04.16	-
VirusBuster	4.3.26:9	2008.04.20	-
Webwasher-Gateway	6.6.2	2008.04.18	Trojan.BHO.Delf.M.2
```

File size: 88064 bytes
MD5...: 37edd55bd4703156aeedeaab59c2c62c
SHA1..: 2c92342bc798ea129bfe4916b19c35450059c689
SHA256: b86041cc4578b6a3a0ab88ed0ed87a763624ab98c8e63dee6f  fa73316ed36bee
SHA512: 619a93e415d70a61265d7840c7d61277b6a0870081c08a8a6a  ea9d31f97e840d
b4937e7490da274b826dee59a4d459752ccccfdbc8b71e5862  778a6ed6b83fab



Файл avz00009.dta получен 2008.04.20 20:02:31 (CET)


```
AhnLab-V3	2008.4.19.0	2008.04.18	-
AntiVir	7.8.0.8	2008.04.18	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.04.20	-
Avast	4.8.1169.0	2008.04.20	-
AVG	7.5.0.516	2008.04.20	-
BitDefender	7.2	2008.04.20	-
CAT-QuickHeal	9.50	2008.04.19	-
ClamAV	0.92.1	2008.04.20	-
DrWeb	4.44.0.09170	2008.04.20	-
eSafe	7.0.15.0	2008.04.17	-
eTrust-Vet	31.3.5714	2008.04.19	-
Ewido	4.0	2008.04.20	-
F-Prot	4.4.2.54	2008.04.20	-
F-Secure	6.70.13260.0	2008.04.20	-
FileAdvisor	1	2008.04.20	-
Fortinet	3.14.0.0	2008.04.20	-
Ikarus	T3.1.1.26.0	2008.04.20	Trojan.Crypt.XPACK
Kaspersky	7.0.0.125	2008.04.20	-
McAfee	5277	2008.04.18	-
Microsoft	1.3408	2008.04.20	-
NOD32v2	3041	2008.04.19	-
Norman	5.80.02	2008.04.18	-
Panda	9.0.0.4	2008.04.20	-
Prevx1	V2	2008.04.20	Trojan.Downloader
Rising	20.40.62.00	2008.04.20	-
Sophos	4.28.0	2008.04.20	-
Sunbelt	3.0.1056.0	2008.04.17	-
Symantec	10	2008.04.20	-
TheHacker	6.2.92.285	2008.04.19	-
VBA32	3.12.6.4	2008.04.16	-
VirusBuster	4.3.26:9	2008.04.20	-
Webwasher-Gateway	6.6.2	2008.04.18	Trojan.Crypt.XPACK.Gen
```

File size: 16384 bytes
MD5...: 1b92b1958e6de9e412de9c210e8b9bff
SHA1..: 612c03d2c0d3d1829be27f8679a6971d18850f5e
SHA256: 510078045b4b2e2820d9ebcc639492ff59d20b80421eb4e401  e61e9d7a2d152f
SHA512: 169a2948f24b8b84f93dd40c2333e52c6674db5fd60344f960  24b610917ff633
297a2fc9ac1f28f8fe2fafdb3f9466404ec7af1ff2bcdfb0f7  385bcf699964a7



Файл avz00004.dta получен 2008.04.20 20:03:50 (CET)




```
AhnLab-V3	2008.4.19.0	2008.04.18	-
AntiVir	7.8.0.8	2008.04.18	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.04.20	-
Avast	4.8.1169.0	2008.04.20	Win32:Pakes-AJN
AVG	7.5.0.516	2008.04.20	-
BitDefender	7.2	2008.04.20	-
CAT-QuickHeal	9.50	2008.04.19	-
ClamAV	0.92.1	2008.04.20	-
DrWeb	4.44.0.09170	2008.04.20	-
eSafe	7.0.15.0	2008.04.17	-
eTrust-Vet	31.3.5714	2008.04.19	-
Ewido	4.0	2008.04.20	-
F-Prot	4.4.2.54	2008.04.20	-
F-Secure	6.70.13260.0	2008.04.20	Suspicious:W32/Malware!Gemini
FileAdvisor	1	2008.04.20	-
Fortinet	3.14.0.0	2008.04.20	-
Ikarus	T3.1.1.26.0	2008.04.20	-
Kaspersky	7.0.0.125	2008.04.20	Heur.Trojan.Generic
McAfee	5277	2008.04.18	-
Microsoft	1.3408	2008.04.20	Spammer:Win32/Tedroo.C
NOD32v2	3041	2008.04.19	-
Norman	5.80.02	2008.04.18	-
Panda	9.0.0.4	2008.04.20	-
Rising	20.40.62.00	2008.04.20	-
Sophos	4.28.0	2008.04.20	-
Sunbelt	3.0.1056.0	2008.04.17	-
Symantec	10	2008.04.20	Packed.Generic.57
TheHacker	6.2.92.285	2008.04.19	-
VBA32	3.12.6.4	2008.04.16	-
VirusBuster	4.3.26:9	2008.04.20	-
Webwasher-Gateway	6.6.2	2008.04.18	Trojan.Crypt.XPACK.Gen
```


File size: 38912 bytes
MD5...: 2c64bd2e321e519c8cf51005b3996c36
SHA1..: b0f2f32e48e7c733584a263e6442100c121f956c
SHA256: 414703f5c44d0621e8a5c0b3ff500834bb75034a03e15857dc  bdc2c76e7d9a47
SHA512: 935f71b55096b491ba5c8de63b52ba08e19f23c4383007b04e  49fafa9da7aa2c
02a4f0b899fd40e00154e945497f2134dbf57f48a8bc3726c4  6450180e2aac81


Файл avz00010.dta получен 2008.04.20 20:02:44 (CET)




```
AhnLab-V3	2008.4.19.0	2008.04.18	-
AntiVir	7.8.0.8	2008.04.18	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.04.20	-
Avast	4.8.1169.0	2008.04.20	-
AVG	7.5.0.516	2008.04.20	-
BitDefender	7.2	2008.04.20	-
CAT-QuickHeal	9.50	2008.04.19	-
ClamAV	0.92.1	2008.04.20	-
DrWeb	4.44.0.09170	2008.04.20	-
eSafe	7.0.15.0	2008.04.17	Suspicious File
eTrust-Vet	31.3.5714	2008.04.19	-
Ewido	4.0	2008.04.20	-
F-Prot	4.4.2.54	2008.04.20	-
F-Secure	6.70.13260.0	2008.04.20	-
FileAdvisor	1	2008.04.20	-
Fortinet	3.14.0.0	2008.04.20	-
Ikarus	T3.1.1.26	2008.04.20	-
Kaspersky	7.0.0.125	2008.04.20	-
McAfee	5277	2008.04.18	-
Microsoft	1.3408	2008.04.20	Backdoor:Win32/Momibot.gen!C
NOD32v2	3041	2008.04.19	-
Norman	5.80.02	2008.04.18	-
Panda	9.0.0.4	2008.04.20	-
Prevx1	V2	2008.04.20	Generic.Malware
Rising	20.40.62.00	2008.04.20	-
Sophos	4.28.0	2008.04.20	-
Sunbelt	3.0.1056.0	2008.04.17	-
Symantec	10	2008.04.20	-
TheHacker	6.2.92.285	2008.04.19	-
VBA32	3.12.6.4	2008.04.16	-
VirusBuster	4.3.26:9	2008.04.20	-
Webwasher-Gateway	6.6.2	2008.04.18	Trojan.Crypt.XPACK.Gen
```

File size: 22016 bytes
MD5...: 4758b3488d1282856d7deea4bff5724d
SHA1..: c62588ef0dd542fbdec6055e9753220d78f10ceb
SHA256: 07346fd86b7dbd298dfde4ab054f5826179a0a6a1019720236  1a1e1509c774c2
SHA512: 465d7f44976b3ac327a0dc3b1d7f0bf82b89f6fa20643e5ccc  c8a82de24407ab
410636bdaf53824930db28f871fd59810db637edfa43a5d5b4  43960ac01c6b7d

----------


## Shu_b

t-21868


```
File svchost.exe received on 04.22.2008 07:27:42 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.4.22.0	2008.04.21	-
AntiVir	7.8.0.8	2008.04.21	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.04.22	-
Avast	4.8.1169.0	2008.04.21	-
AVG	7.5.0.516	2008.04.21	Win32/PolyCrypt
BitDefender	7.2	2008.04.22	BehavesLike:Win32.Malware
CAT-QuickHeal	9.50	2008.04.21	Trojan.Inject.bbr
ClamAV	0.92.1	2008.04.22	-
DrWeb	4.44.0.09170	2008.04.22	-
eSafe	7.0.15.0	2008.04.21	-
eTrust-Vet	31.3.5723	2008.04.22	-
Ewido	4.0	2008.04.21	-
F-Prot	4.4.2.54	2008.04.21	-
F-Secure	6.70.13260.0	2008.04.22	Suspicious:W32/Malware!Gemini
FileAdvisor	1	2008.04.22	-
Fortinet	3.14.0.0	2008.04.22	-
Ikarus	T3.1.1.26.0	2008.04.22	-
Kaspersky	7.0.0.125	2008.04.22	Heur.Trojan.Generic
McAfee	5278	2008.04.21	-
Microsoft	1.3408	2008.04.22	-
NOD32v2	3044	2008.04.21	-
Norman	5.80.02	2008.04.21	W32/Smalltroj.EAUK
Panda	9.0.0.4	2008.04.21	-
Prevx1	V2	2008.04.22	-
Rising	20.41.10.00	2008.04.22	-
Sophos	4.28.0	2008.04.22	-
Sunbelt	3.0.1056.0	2008.04.17	-
Symantec	10	2008.04.22	-
TheHacker	6.2.92.286	2008.04.21	-
VBA32	3.12.6.4	2008.04.16	-
VirusBuster	4.3.26:9	2008.04.21	-
Webwasher-Gateway	6.6.2	2008.04.21	Trojan.Crypt.XPACK.Gen
Additional information
File size: 13825 bytes
```

----------


## Гриша

Файл *Photo.exe* получен 2008.04.22 11:44:48 (CET)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.4.22.0	2008.04.22	-
> *AntiVir	7.8.0.8	2008.04.22	PCK/Obsidium*
> *Authentium	4.93.8	2008.04.22	W32/SdbotP.BK*
> *Avast	4.8.1169.0	2008.04.21	Win32:Krotten-C*
> AVG	7.5.0.516	2008.04.21	-
> *BitDefender	7.2	2008.04.22	Trojan.Krotten.EF
> CAT-QuickHeal	9.50	2008.04.21	(Suspicious) - DNAScan*
> ClamAV	0.92.1	2008.04.22	-
> ...

----------


## mayas

File 7ad0k32n.exe received on 04.22.2008 12:48:06 (CET)

Result: 5/32 (15.63%)




> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3	2008.4.22.0	2008.04.22	-
> AntiVir	7.8.0.8	2008.04.22	*HEUR/Malware*
> Authentium	4.93.8	2008.04.22	-
> Avast	4.8.1169.0	2008.04.21	-
> AVG	7.5.0.516	2008.04.21	-
> BitDefender	7.2	2008.04.22	-
> CAT-QuickHeal	9.50	2008.04.21	-
> ClamAV	0.92.1	2008.04.22	-
> ...

----------


## Surfer

File video.exe received on 04.22.2008 14:37:59 (CET)
Result: 11/32 (34.38%)




> AhnLab-V3	2008.4.22.0	2008.04.22	-
> *AntiVir	7.8.0.8	2008.04.22	TR/Crypt.XPACK.Gen*
> Authentium	4.93.8	2008.04.22	-
> Avast	4.8.1169.0	2008.04.21	-
> *AVG	7.5.0.516	2008.04.21	Downloader.Zlob.12.AH*
> BitDefender	7.2	2008.04.22	-
> *CAT-QuickHeal	9.50	2008.04.21	(Suspicious) - DNAScan*
> ClamAV	0.92.1	2008.04.22	-
> DrWeb	4.44.0.09170	2008.04.22	-
> ...

----------


## Shu_b

t 21927


```
File icf.exe received on 04.23.2008 11:09:34 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.4.23.0	2008.04.22	-
AntiVir	7.8.0.8	2008.04.23	BDS/Backdoor.Gen
Authentium	4.93.8	2008.04.22	-
Avast	4.8.1169.0	2008.04.23	Win32:Obfuscated-EJC
AVG	7.5.0.516	2008.04.23	Pakes.N
BitDefender	7.2	2008.04.23	Dropped:Trojan.Ozdok.F
CAT-QuickHeal	9.50	2008.04.22	-
ClamAV	0.92.1	2008.04.23	-
DrWeb	4.44.0.09170	2008.04.23	-
eSafe	7.0.15.0	2008.04.21	suspicious Trojan/Worm
eTrust-Vet	31.3.5728	2008.04.23	-
Ewido	4.0	2008.04.22	-
F-Prot	4.4.2.54	2008.04.22	-
F-Secure	6.70.13260.0	2008.04.23	-
FileAdvisor	1	2008.04.23	-
Fortinet	3.14.0.0	2008.04.23	-
Ikarus	T3.1.1.26.0	2008.04.23	DroppedBackdoor.Agent.ZCI
Kaspersky	7.0.0.125	2008.04.23	Heur.Trojan.Generic
McAfee	5279	2008.04.23	-
Microsoft	1.3408	2008.04.22	Trojan:Win32/Pugeju.A
NOD32v2	3047	2008.04.23	-
Norman	5.80.02	2008.04.22	-
Panda	9.0.0.4	2008.04.23	-
Prevx1	V2	2008.04.23	Covert.Code
Rising	20.41.12.00	2008.04.22	Trojan.Win32.Undef.dti
Sophos	4.28.0	2008.04.23	Mal/Behav-150
Sunbelt	3.0.1056.0	2008.04.17	-
Symantec	10	2008.04.23	Trojan Horse
TheHacker	6.2.92.288	2008.04.23	-
VBA32	3.12.6.4	2008.04.16	-
VirusBuster	4.3.26:9	2008.04.22	-
Webwasher-Gateway	6.6.2	2008.04.23	Trojan.Backdoor.Backdoor.Gen
Additional information
File size: 28162 bytes
```

*Добавлено через 28 минут*

t 21931


```
File ntos.exe received on 04.23.2008 11:26:30 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.4.23.0	2008.04.23	-
AntiVir	7.8.0.8	2008.04.23	TR/Spy.ZBot.bcn
Authentium	4.93.8	2008.04.22	-
Avast	4.8.1169.0	2008.04.23	-
AVG	7.5.0.516	2008.04.23	-
BitDefender	7.2	2008.04.23	Trojan.Spy.Wsnpoem.BA
CAT-QuickHeal	9.50	2008.04.23	TrojanSpy.Zbot.bcn
ClamAV	None	2008.04.23	-
DrWeb	4.44.0.09170	2008.04.23	Trojan.Proxy.2842
eSafe	7.0.15.0	2008.04.21	-
eTrust-Vet	31.3.5728	2008.04.23	-
Ewido	4.0	2008.04.22	-
F-Prot	4.4.2.54	2008.04.22	-
F-Secure	6.70.13260.0	2008.04.23	Trojan-Spy.Win32.Zbot.bcn
FileAdvisor	1	2008.04.23	-
Fortinet	3.14.0.0	2008.04.23	-
Ikarus	T3.1.1.26	2008.04.23	Trojan-Spy.Win32.Zbot.bcn
Kaspersky	7.0.0.125	2008.04.23	Trojan-Spy.Win32.Zbot.bcn
McAfee	5279	2008.04.23	-
Microsoft	1.3408	2008.04.22	-
NOD32v2	3047	2008.04.23	-
Norman	5.80.02	2008.04.22	W32/Zbot.KU
Panda	9.0.0.4	2008.04.23	-
Prevx1	V2	2008.04.23	Infostealer
Rising	20.41.12.00	2008.04.22	-
Sophos	4.28.0	2008.04.23	Mal/EncPk-DI
Sunbelt	3.0.1056.0	2008.04.17	-
Symantec	10	2008.04.23	-
TheHacker	6.2.92.288	2008.04.23	Trojan/Spy.Zbot.bcn
VBA32	3.12.6.4	2008.04.16	-
VirusBuster	4.3.26:9	2008.04.22	-
Webwasher-Gateway	6.6.2	2008.04.23	Trojan.Spy.ZBot.bcn
Additional information
File size: 473600 bytes
```



```
File temp\winlogon.exe received on 04.23.2008 11:26:49 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.4.23.0	2008.04.23	-
AntiVir	7.8.0.8	2008.04.23	DR/Delphi.Gen
Authentium	4.93.8	2008.04.22	-
Avast	4.8.1169.0	2008.04.23	-
AVG	7.5.0.516	2008.04.23	SHeur.BGTB
BitDefender	7.2	2008.04.23	-
CAT-QuickHeal	9.50	2008.04.23	-
ClamAV	0.92.1	2008.04.23	-
DrWeb	4.44.0.09170	2008.04.23	-
eSafe	7.0.15.0	2008.04.21	suspicious Trojan/Worm
eTrust-Vet	31.3.5728	2008.04.23	-
Ewido	4.0	2008.04.22	-
F-Prot	4.4.2.54	2008.04.22	-
F-Secure	6.70.13260.0	2008.04.23	-
FileAdvisor	1	2008.04.23	-
Fortinet	3.14.0.0	2008.04.23	-
Ikarus	T3.1.1.26.0	2008.04.23	Virus.Win32.Zapchast.DA
Kaspersky	7.0.0.125	2008.04.23	-
McAfee	5279	2008.04.23	-
Microsoft	1.3408	2008.04.22	Trojan:Win32/Delfobfus.A
NOD32v2	3047	2008.04.23	a variant of Win32/Injector.Z
Norman	5.80.02	2008.04.22	-
Panda	9.0.0.4	2008.04.23	-
Prevx1	V2	2008.04.23	Generic.Malware
Rising	20.41.12.00	2008.04.22	Trojan.DL.Win32.Agent.bxw
Sophos	4.28.0	2008.04.23	-
Sunbelt	3.0.1056.0	2008.04.17	-
Symantec	10	2008.04.23	-
TheHacker	6.2.92.288	2008.04.23	-
VBA32	3.12.6.4	2008.04.16	-
VirusBuster	4.3.26:9	2008.04.22	-
Webwasher-Gateway	6.6.2	2008.04.23	Trojan.Dropper.Delphi.Gen
Additional information
File size: 39424 bytes
```

*Ложное срабатывание:*

```
File Beep.sys received on 04.23.2008 11:27:08 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.4.23.0	2008.04.23	-
AntiVir	7.8.0.8	2008.04.23	TR/Crypt.XDR.Gen
Authentium	4.93.8	2008.04.22	-
Avast	4.8.1169.0	2008.04.23	Win32:Agent-LSV
AVG	7.5.0.516	2008.04.23	-
BitDefender	7.2	2008.04.23	-
CAT-QuickHeal	9.50	2008.04.23	-
ClamAV	None	2008.04.23	-
DrWeb	4.44.0.09170	2008.04.23	-
eSafe	7.0.15.0	2008.04.21	-
eTrust-Vet	31.3.5728	2008.04.23	-
Ewido	4.0	2008.04.22	-
F-Prot	4.4.2.54	2008.04.22	-
F-Secure	6.70.13260.0	2008.04.23	-
FileAdvisor	1	2008.04.23	-
Fortinet	3.14.0.0	2008.04.23	-
Ikarus	T3.1.1.26	2008.04.23	Virus.Win32.Agent.LSV
Kaspersky	7.0.0.125	2008.04.23	-
McAfee	5279	2008.04.23	-
Microsoft	1.3408	2008.04.22	-
NOD32v2	3047	2008.04.23	-
Norman	5.80.02	2008.04.22	-
Panda	9.0.0.4	2008.04.23	-
Prevx1	V2	2008.04.23	Generic.Malware
Rising	20.41.12.00	2008.04.22	-
Sophos	4.28.0	2008.04.23	-
Sunbelt	3.0.1056.0	2008.04.17	-
Symantec	10	2008.04.23	-
TheHacker	6.2.92.288	2008.04.23	-
VBA32	3.12.6.4	2008.04.16	-
VirusBuster	4.3.26:9	2008.04.22	-
Webwasher-Gateway	6.6.2	2008.04.23	Trojan.Crypt.XDR.Gen
Additional information
File size: 65536 bytes
```



```
File baselhi32.dll received on 04.23.2008 11:27:29 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.4.23.0	2008.04.23	-
AntiVir	7.8.0.8	2008.04.23	HEUR/Crypted
Authentium	4.93.8	2008.04.22	-
Avast	4.8.1169.0	2008.04.23	-
AVG	7.5.0.516	2008.04.23	-
BitDefender	7.2	2008.04.23	Trojan.Agent.AGKK
CAT-QuickHeal	9.50	2008.04.23	-
ClamAV	None	2008.04.23	-
DrWeb	4.44.0.09170	2008.04.23	-
eSafe	7.0.15.0	2008.04.21	-
eTrust-Vet	31.3.5728	2008.04.23	-
Ewido	4.0	2008.04.22	-
F-Prot	4.4.2.54	2008.04.22	W32/Agent.AZ.gen!Eldorado
F-Secure	6.70.13260.0	2008.04.23	-
FileAdvisor	1	2008.04.23	-
Fortinet	3.14.0.0	2008.04.23	-
Ikarus	T3.1.1.26	2008.04.23	-
Kaspersky	7.0.0.125	2008.04.23	-
McAfee	5279	2008.04.23	-
Microsoft	1.3408	2008.04.22	-
NOD32v2	3047	2008.04.23	-
Norman	5.80.02	2008.04.22	-
Panda	9.0.0.4	2008.04.23	Suspicious file
Prevx1	V2	2008.04.23	-
Rising	20.41.12.00	2008.04.22	-
Sophos	4.28.0	2008.04.23	-
Sunbelt	3.0.1056.0	2008.04.17	-
Symantec	10	2008.04.23	-
TheHacker	6.2.92.288	2008.04.23	-
VBA32	3.12.6.4	2008.04.16	-
VirusBuster	4.3.26:9	2008.04.22	-
Webwasher-Gateway	6.6.2	2008.04.23	Heuristic.Crypted
Additional information
File size: 24576 bytes
```



```
File clbdriver.sys received on 04.23.2008 11:39:06 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.4.23.0	2008.04.23	-
AntiVir	7.8.0.8	2008.04.23	Rkit/Agent.aii
Authentium	4.93.8	2008.04.22	-
Avast	4.8.1169.0	2008.04.23	-
AVG	7.5.0.516	2008.04.23	BackDoor.Generic9.AHXS
BitDefender	7.2	2008.04.23	-
CAT-QuickHeal	9.50	2008.04.23	-
ClamAV	0.92.1	2008.04.23	-
DrWeb	4.44.0.09170	2008.04.23	-
eSafe	7.0.15.0	2008.04.21	-
eTrust-Vet	31.3.5728	2008.04.23	-
Ewido	4.0	2008.04.22	-
F-Prot	4.4.2.54	2008.04.22	-
F-Secure	6.70.13260.0	2008.04.23	Rootkit.Win32.Agent.aii
FileAdvisor	1	2008.04.23	-
Fortinet	3.14.0.0	2008.04.23	-
Ikarus	T3.1.1.26.0	2008.04.23	Rkit.Agent.aii
Kaspersky	7.0.0.125	2008.04.23	Rootkit.Win32.Agent.aii
McAfee	5279	2008.04.23	-
Microsoft	1.3408	2008.04.22	-
NOD32v2	3048	2008.04.23	probably unknown NewHeur_PE virus
Norman	5.80.02	2008.04.22	-
Panda	9.0.0.4	2008.04.23	-
Prevx1	V2	2008.04.23	BACKDOOR.DIMPY.WIN32VBSY.Q
Rising	20.41.12.00	2008.04.22	-
Sophos	4.28.0	2008.04.23	-
Sunbelt	3.0.1056.0	2008.04.17	-
Symantec	10	2008.04.23	-
TheHacker	6.2.92.288	2008.04.23	Trojan/Agent.aii
VBA32	3.12.6.4	2008.04.16	-
VirusBuster	4.3.26:9	2008.04.22	-
Webwasher-Gateway	6.6.2	2008.04.23	Rootkit.Agent.aii
Additional information
File size: 6656 bytes
```

----------


## senyak

Файл avz00001.dta получен 2008.04.23 16:14:20 (CET)
Текущий статус:    закончено 
Результат: 6/32 (18.75%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.4.23.0	2008.04.23	-
> AntiVir	7.8.0.8	2008.04.23	-
> Authentium	4.93.8	2008.04.22	-
> Avast	4.8.1169.0	2008.04.23	-
> AVG	7.5.0.516	2008.04.23	-
> BitDefender	7.2	2008.04.23	-
> CAT-QuickHeal	9.50	2008.04.23	-
> ClamAV	0.92.1	2008.04.23	-
> ...


File size: 57344 bytes
MD5...: 04ca42243277208426101dc31d09ffec
SHA1..: 7387d6df398e933fda1a18dc4d1c317ddd624393
SHA256: b1532f85f704a61dbbf1ba552af6dd272eb80235e5259eb19d  095da68a258a04
SHA512: ad4a79530af8c44425d0ef1121450b8be7c81173313d019fca  0daf17f7aaf7da
f6792f9ea4df3ab5d6d813f89074e37bacc1ddf50036bb8049  d6c1770e5800c1
PEiD..: Armadillo v1.71

----------


## mayas

File 2zd0r32k.exe received on 04.23.2008 22:01:25 (CET)

Result: 15/32 (46.88%)




> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3	2008.4.23.0	2008.04.23	-
> *AntiVir	7.8.0.8	2008.04.23* *TR/Spy.Gen*
> Authentium	4.93.8	2008.04.22	-
> Avast	4.8.1169.0	2008.04.23	-
> *AVG	7.5.0.516	2008.04.23	**Packed.AverCrypt*
> *BitDefender	7.2	2008.04.23	**Packer.Pohernah.C*
> *CAT-QuickHeal	9.50	2008.04.23	**(Suspicious) - DNAScan*
> ClamAV	0.92.1	2008.04.23	-
> ...

----------


## Kuzz

Файл index.html получен 2008.04.23 19:18:10 (CET)
Текущий статус: закончено
Результат: 13/32 (40.62%)


```
Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3 	2008.4.23.0 	2008.04.23 	-
AntiVir 	7.8.0.8 	2008.04.23 	HEUR/Exploit.HTML
Authentium 	4.93.8 	2008.04.22 	-
Avast 	4.8.1169.0 	2008.04.23 	VBS:Malware-gen
AVG 	7.5.0.516 	2008.04.23 	HTML/Framer.Z
BitDefender 	7.2 	2008.04.23 	-
CAT-QuickHeal 	9.50 	2008.04.23 	HTM/Agent.IJ1
ClamAV 	0.92.1 	2008.04.23 	HTML.IFrame-10
DrWeb 	4.44.0.09170 	2008.04.23 	Trojan.DownLoader.33840
eSafe 	7.0.15.0 	2008.04.21 	JS.Agent.hdd
eTrust-Vet 	31.3.5728 	2008.04.23 	-
Ewido 	4.0 	2008.04.23 	-
F-Prot 	4.4.2.54 	2008.04.22 	-
F-Secure 	6.70.13260.0 	2008.04.23 	JS/Agent.B
FileAdvisor 	1 	2008.04.23 	-
Fortinet 	3.14.0.0 	2008.04.23 	-
Ikarus 	T3.1.1.26 	2008.04.23 	-
Kaspersky 	7.0.0.125 	2008.04.23 	Trojan-Downloader.HTML.Agent.ij
McAfee 	5279 	2008.04.23 	-
Microsoft 	1.3408 	2008.04.22 	-
NOD32v2 	3049 	2008.04.23 	-
Norman 	5.80.02 	2008.04.23 	JS/Agent.B
Panda 	9.0.0.4 	2008.04.23 	-
Prevx1 	V2 	2008.04.23 	-
Rising 	20.41.22.00 	2008.04.23 	-
Sophos 	4.28.0 	2008.04.23 	Troj/Unif-B
Sunbelt 	3.0.1056.0 	2008.04.17 	-
Symantec 	10 	2008.04.23 	Trojan.Webkit!html
TheHacker 	6.2.92.288 	2008.04.23 	-
VBA32 	3.12.6.4 	2008.04.16 	-
VirusBuster 	4.3.26:9 	2008.04.23 	-
Webwasher-Gateway 	6.6.2 	2008.04.23 	Heuristic.Exploit.HTML
Дополнительная информация
File size: 9501 bytes
MD5...: dd3062170ffdbf2adf686660a61ed487
SHA1..: 088d89a30105a9c9a346316b424c731a60cf496d
SHA256: 91e61d36a2ac895b4d78261fdc3b4d5b0b3fa7298782758f85035feff3bcb510
SHA512: e397664def584cb3e69a6bcecb3deca68ce6285791dcf3fd828f9c58c9a0c508
ec620a67d8fafabcfc4800db01432b53c2e05fce027bb4c8588717154b63cb1e
```

----------


## mayas

File __________________.bat received on 04.24.2008 12:00:45 (CET)

Result: 3/32 (9.38%)





> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3	2008.4.24.0	2008.04.24	-
> AntiVir	7.8.0.8	2008.04.24	-
> Authentium	4.93.8	2008.04.24	-
> Avast	4.8.1169.0	2008.04.24	-
> AVG	7.5.0.516	2008.04.23	-
> *BitDefender	7.2	2008.04.24	Trojan.BAT.DelAll.R*
> CAT-QuickHeal	9.50	2008.04.23	-
> ClamAV	0.92.1	2008.04.24	-
> ...

----------


## Гриша

Файл avz00001.dta(ntos.exe) получен 2008.04.25 14:13:59 (CET)




> Антивирус  	Версия  	Обновление  	Результат
> AhnLab-V3	2008.4.25.2	2008.04.25	-
> *AntiVir	7.8.0.10	2008.04.25	TR/Crypt.XPACK.Gen*
> Authentium	4.93.8	2008.04.25	-
> *Avast	4.8.1169.0	2008.04.24	Win32.Zbot-gen*
> *AVG	7.5.0.516	2008.04.25	Pakes*
> *BitDefender	7.2	2008.04.25	Trojan.Spy.Wsnpoem.BD*
> CAT-QuickHeal	9.50	2008.04.24	-
> ClamAV	0.92.1	2008.04.25	-
> ...

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## rubin

Новый пинч



```
AhnLab-V3	2008.4.25.2	2008.04.25	-
AntiVir	7.8.0.10	2008.04.25	HEUR/Crypted
Authentium	4.93.8	2008.04.25	-
Avast	4.8.1169.0	2008.04.24	-
AVG	7.5.0.516	2008.04.25	PSW.Ldpinch.11.BM
BitDefender	7.2	2008.04.25	-
CAT-QuickHeal	9.50	2008.04.25	-
ClamAV	0.92.1	2008.04.25	-
DrWeb	4.44.0.09170	2008.04.25	-
eSafe	7.0.15.0	2008.04.21	-
eTrust-Vet	31.3.5733	2008.04.25	-
Ewido	4.0	2008.04.25	-
F-Prot	4.4.2.54	2008.04.24	-
F-Secure	6.70.13260.0	2008.04.25	Suspicious:W32/Malware!Gemini
FileAdvisor	1	2008.04.25	-
Fortinet	3.14.0.0	2008.04.25	-
Ikarus	T3.1.1.26	2008.04.25	-
Kaspersky	7.0.0.125	2008.04.25	-
McAfee	5281	2008.04.24	-
Microsoft	1.3408	2008.04.22	-
NOD32v2	3055	2008.04.25	-
Norman	5.80.02	2008.04.25	-
Panda	9.0.0.4	2008.04.25	-
Prevx1	V2	2008.04.25	Heuristic: Suspicious Self Modifying File
Rising	20.41.42.00	2008.04.25	-
Sophos	4.28.0	2008.04.25	Mal/Basine-C
Sunbelt	3.0.1056.0	2008.04.17	-
Symantec	10	2008.04.25	-
TheHacker	6.2.92.291	2008.04.24	-
VBA32	3.12.6.5	2008.04.24	-
VirusBuster	4.3.26:9	2008.04.25	-
Webwasher-Gateway	6.6.2	2008.04.25	Heuristic.Crypted
```

File size: 51200 bytes
MD5...: 712265e1da77b58d13d53d185b1c8a43
SHA1..: 1bd0e9c1bbc7af488073770b50451f0101719f14
SHA256: 76ed9f373067e84a963a0a770b29dafe6fd0728567f61d4ab4  66195f7a5039f7
SHA512: bf6da71d8495d76f64b356ecc969a41324b98e5f0eb60a5ba1  8096a89ae8f34c
a1323adf553f48a100f79e26e2466eb0ba1d4c2050fdb080de  d1f88f8f35c715

----------


## Shu_b

t 21941

```
File sens.dll received on 04.26.2008 08:18:27 (CET)
Antivirus    Version    Last Update    Result
AhnLab-V3    2008.4.25.2    2008.04.25    -
AntiVir    7.8.0.10    2008.04.25    -
Authentium    4.93.8    2008.04.26    -
Avast    4.8.1169.0    2008.04.25    Win32:Patched-FF
AVG    7.5.0.516    2008.04.25    -
BitDefender    7.2    2008.04.26    Trojan.Patched.BD
CAT-QuickHeal    9.50    2008.04.26    -
ClamAV    0.92.1    2008.04.26    -
DrWeb    4.44.0.09170    2008.04.25    -
eSafe    7.0.15.0    2008.04.21    -
eTrust-Vet    31.3.5736    2008.04.26    -
Ewido    4.0    2008.04.25    -
F-Prot    4.4.2.54    2008.04.25    -
F-Secure    6.70.13260.0    2008.04.26    -
FileAdvisor    1    2008.04.26    -
Fortinet    3.14.0.0    2008.04.26    -
Ikarus    T3.1.1.26    2008.04.26    Trojan.Patched.BD
Kaspersky    7.0.0.125    2008.04.26    -
McAfee    5282    2008.04.25    -
Microsoft    1.3408    2008.04.22    -
NOD32v2    3056    2008.04.26    -
Norman    5.80.02    2008.04.25    -
Panda    9.0.0.4    2008.04.26    -
Prevx1    V2    2008.04.26    -
Rising    20.41.50.00    2008.04.26    Trojan.Win32.Patch.d
Sophos    4.28.0    2008.04.26    -
Sunbelt    3.0.1056.0    2008.04.17    -
Symantec    10    2008.04.26    -
TheHacker    6.2.92.293    2008.04.26    -
VBA32    3.12.6.5    2008.04.26    -
VirusBuster    4.3.26:9    2008.04.25    -
Webwasher-Gateway    6.6.2    2008.04.26    -
 
Additional information
File size: 38912 bytes
```

*Добавлено через 2 часа 11 минут*

t 22090

```
File avz00002.dta received on 04.26.2008 10:23:23 (CET)
Antivirus    Version    Last Update    Result
AhnLab-V3    2008.4.25.2    2008.04.25    -
AntiVir    7.8.0.10    2008.04.25    HEUR/Crypted
Authentium    4.93.8    2008.04.26    -
Avast    4.8.1169.0    2008.04.25    -
AVG    7.5.0.516    2008.04.25    -
BitDefender    7.2    2008.04.26    Trojan.Agent.AGKK
CAT-QuickHeal    9.50    2008.04.26    -
ClamAV    0.92.1    2008.04.26    -
DrWeb    4.44.0.09170    2008.04.26    -
eSafe    7.0.15.0    2008.04.21    -
eTrust-Vet    31.3.5736    2008.04.26    -
Ewido    4.0    2008.04.25    -
F-Prot    4.4.2.54    2008.04.25    W32/Agent.AZ.gen!Eldorado
F-Secure    6.70.13260.0    2008.04.26    -
FileAdvisor    1    2008.04.26    -
Fortinet    3.14.0.0    2008.04.26    -
Ikarus    T3.1.1.26    2008.04.26    -
Kaspersky    7.0.0.125    2008.04.26    -
McAfee    5282    2008.04.25    -
Microsoft    1.3408    2008.04.22    -
NOD32v2    3056    2008.04.26    -
Norman    5.80.02    2008.04.25    -
Panda    9.0.0.4    2008.04.26    Suspicious file
Prevx1    V2    2008.04.26    -
Rising    20.41.50.00    2008.04.26    -
Sophos    4.28.0    2008.04.26    -
Sunbelt    3.0.1056.0    2008.04.17    -
Symantec    10    2008.04.26    -
TheHacker    6.2.92.293    2008.04.26    -
VBA32    3.12.6.5    2008.04.26    -
VirusBuster    4.3.26:9    2008.04.25    -
Webwasher-Gateway    6.6.2    2008.04.26    Heuristic.Crypted
 
Additional information
File size: 24576 bytes
```



```
File temp\winlogon.exe received on 04.26.2008 10:45:57 (CET)
Antivirus    Version    Last Update    Result
AhnLab-V3    2008.4.25.2    2008.04.25    -
AntiVir    7.8.0.10    2008.04.25    DR/Delphi.Gen
Authentium    4.93.8    2008.04.26    -
Avast    4.8.1169.0    2008.04.25    -
AVG    7.5.0.516    2008.04.25    SHeur.BGTB
BitDefender    7.2    2008.04.26    -
CAT-QuickHeal    9.50    2008.04.26    -
ClamAV    0.92.1    2008.04.26    -
DrWeb    4.44.0.09170    2008.04.26    Trojan.Spambot.2496
eSafe    7.0.15.0    2008.04.21    suspicious Trojan/Worm
eTrust-Vet    31.3.5736    2008.04.26    -
Ewido    4.0    2008.04.25    -
F-Prot    4.4.2.54    2008.04.25    -
F-Secure    6.70.13260.0    2008.04.26    SpamTool.Win32.Agent.is
FileAdvisor    1    2008.04.26    -
Fortinet    3.14.0.0    2008.04.26    -
Ikarus    T3.1.1.26    2008.04.26    Virus.Win32.Zapchast.DA
Kaspersky    7.0.0.125    2008.04.26    SpamTool.Win32.Agent.is
McAfee    5282    2008.04.25    -
Microsoft    1.3408    2008.04.22    Trojan:Win32/Delfobfus.A
NOD32v2    3056    2008.04.26    a variant of Win32/Injector.Z
Norman    5.80.02    2008.04.25    -
Panda    9.0.0.4    2008.04.26    -
Prevx1    V2    2008.04.26    Generic.Malware
Rising    20.41.50.00    2008.04.26    Trojan.DL.Win32.Agent.bxw
Sophos    4.28.0    2008.04.26    -
Sunbelt    3.0.1056.0    2008.04.17    -
Symantec    10    2008.04.26    -
TheHacker    6.2.92.293    2008.04.26    Trojan/Agent.is
VBA32    3.12.6.5    2008.04.26    SpamTool.Win32.Agent.is
VirusBuster    4.3.26:9    2008.04.25    -
Webwasher-Gateway    6.6.2    2008.04.26    Trojan.Dropper.Delphi.Gen
 
Additional information
File size: 39424 bytes
```

----------


## senyak

Файл Dc56.exe получен 2008.04.26 20:00:46 (CET)
Текущий статус:    закончено 
Результат: 9/32 (28.13%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.4.25.2	2008.04.25	-
> *AntiVir	7.8.0.10	2008.04.25	HEUR/Malware*
> Authentium	4.93.8	2008.04.26	-
> Avast	4.8.1169.0	2008.04.26	-
> AVG	7.5.0.516	2008.04.26	-
> *BitDefender	7.2	2008.04.26	Dropped:Trojan.Generic.225225*
> CAT-QuickHeal	9.50	2008.04.26	-
> ClamAV	None	2008.04.26	-
> ...




Дополнительная информация
File size: 626176 bytes
MD5...: 9e776590cbd92c23d7d97f31d1594e61
SHA1..: 4450209217284b168e1d4f755aad199efacbc92c
SHA256: 150a7b3df615821c707c5eb7af3c5da0acc18c5fd3d4c5288f  afc1d89c432ca2
SHA512: a4c12878ee4de30e1385e4f6014387fd412be1a83ef8cd1330  69755a7c427681
75e773d4a2189fa0a9d57536b9895e6822bb76cf8792977a5f  ba3d83342df4dd
PEiD..: ASPack v2.12

----------


## rubin

ntos.exe



```
AhnLab-V3	2008.4.25.2	2008.04.25	-
AntiVir	7.8.0.10	2008.04.25	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.04.27	-
Avast	4.8.1169.0	2008.04.26	Win32:Zbot-gen
AVG	7.5.0.516	2008.04.27	Pakes
BitDefender	7.2	2008.04.27	Trojan.Spy.ZBot.AM
CAT-QuickHeal	9.50	2008.04.26	-
ClamAV	0.92.1	2008.04.27	-
DrWeb	4.44.0.09170	2008.04.27	Trojan.Packed.424
eSafe	7.0.15.0	2008.04.21	-
eTrust-Vet	31.3.5736	2008.04.26	-
Ewido	4.0	2008.04.27	Logger.Zbot.alo
F-Prot	4.4.2.54	2008.04.26	W32/Zbot.F.gen!Eldorado
F-Secure	6.70.13260.0	2008.04.26	Suspicious:W32/Malware!Gemini
FileAdvisor	1	2008.04.27	-
Fortinet	3.14.0.0	2008.04.27	-
Ikarus	T3.1.1.26	2008.04.27	Trojan-Spy.Wsnpoem.AN
Kaspersky	7.0.0.125	2008.04.27	-
McAfee	5282	2008.04.25	Spy-Agent.bw.gen.c
Microsoft	1.3408	2008.04.22	PWS:Win32/Zbot.gen!A
NOD32v2	3057	2008.04.26	-
Norman	5.80.02	2008.04.25	-
Panda	9.0.0.4	2008.04.27	-
Prevx1	V2	2008.04.27	-
Rising	20.41.62.00	2008.04.27	-
Sophos	4.28.0	2008.04.26	Troj/Zbot-L
Sunbelt	3.0.1056.0	2008.04.17	-
Symantec	10	2008.04.27	-
TheHacker	6.2.92.294	2008.04.26	-
VBA32	3.12.6.5	2008.04.26	-
VirusBuster	4.3.26:9	2008.04.26	TrojanSpy.ZBot.Gen!Pac.3
Webwasher-Gateway	6.6.2	2008.04.27	Trojan.Crypt.XPACK.Gen
```

File size: 387584 bytes
MD5...: bf08f25e9f1a4eacfc2f115a8c300893
SHA1..: 11ccd76950e1fb53603d15188bd0e232e5aa44b0
SHA256: a65ce55ba4962544a0df647563a0fb814adbc5e75542b7a617  19673736c4497a
SHA512: 39d17f71e2406ac49c477c15b78229dcbd9438178849eb99c2  1e3049a55cb41f
e5cc64a3b18d2728ecd6b5f3c7b703a83e7829adffef0b4f5f  1927046a5e557e

base*.dll



```
AhnLab-V3	2008.4.25.2	2008.04.25	-
AntiVir	7.8.0.10	2008.04.25	HEUR/Crypted
Authentium	4.93.8	2008.04.27	-
Avast	4.8.1169.0	2008.04.26	-
AVG	7.5.0.516	2008.04.27	-
BitDefender	7.2	2008.04.27	Trojan.Agent.AGKK
CAT-QuickHeal	9.50	2008.04.26	-
ClamAV	None	2008.04.27	-
DrWeb	4.44.0.09170	2008.04.27	Trojan.Okuks.29
eSafe	7.0.15.0	2008.04.21	-
eTrust-Vet	31.3.5736	2008.04.26	-
Ewido	4.0	2008.04.27	-
F-Prot	4.4.2.54	2008.04.26	W32/Agent.AZ.gen!Eldorado
F-Secure	6.70.13260.0	2008.04.26	-
FileAdvisor	1	2008.04.27	-
Fortinet	3.14.0.0	2008.04.27	-
Ikarus	T3.1.1.26.0	2008.04.27	-
Kaspersky	7.0.0.125	2008.04.27	-
McAfee	5282	2008.04.25	-
Microsoft	1.3408	2008.04.22	-
NOD32v2	3057	2008.04.26	-
Norman	5.80.02	2008.04.25	-
Panda	9.0.0.4	2008.04.27	Suspicious file
Prevx1	V2	2008.04.27	-
Rising	20.41.62.00	2008.04.27	-
Sophos	4.28.0	2008.04.26	-
Sunbelt	3.0.1056.0	2008.04.17	-
Symantec	10	2008.04.27	-
TheHacker	6.2.92.294	2008.04.26	-
VBA32	3.12.6.5	2008.04.26	-
VirusBuster	4.3.26:9	2008.04.26	-
Webwasher-Gateway	6.6.2	2008.04.27	Heuristic.Crypted
```

File size: 24576 bytes
MD5...: 2b21ed3bd5eadc3e2d41ea49ea64bc10
SHA1..: e4c0820938ab03cda907e75a75df687721ba42c5
SHA256: 4547eec366428fc8204a718e9c6c3c70d3bed318db8fc5f6d8  6145b416be10cf
SHA512: 2f2728573d740609b257c4ce2475163ad7571405a981b51aa4  a7f7f0e0402d4b
b45adde1aef2d948a8b2292406e660515fc1afab89976c4820  07aab202d09d6b

----------


## Surfer

File video.exe received on 04.27.2008 17:19:18 (CET)




> AhnLab-V3	2008.4.25.2	2008.04.25	-
> *AntiVir	7.8.0.10	2008.04.25	TR/Crypt.XPACK.Gen*
> Authentium	4.93.8	2008.04.27	-
> Avast	4.8.1169.0	2008.04.26	-
> *AVG	7.5.0.516	2008.04.27	Downloader.Zlob.12.AH*
> BitDefender	7.2	2008.04.27	-
> *CAT-QuickHeal	9.50	2008.04.26	(Suspicious) - DNAScan*
> ClamAV	0.92.1	2008.04.27	-
> DrWeb	4.44.0.09170	2008.04.27	-
> ...

----------


## Groft

> Файл opr001PL.htm получен 2008.04.28 22:17:11 (CET)
> Текущий статус: закончено 
> Результат: 4/31 (12.90%)
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.4.29.0	2008.04.28	-
> AntiVir	7.8.0.10	2008.04.28	-
> Authentium	4.93.8	2008.04.27	-
> Avast	4.8.1169.0	2008.04.28	-
> ...


 http://www.virustotal.com/ru/analisi...42900f7f66e24d

----------


## stigor

File resume.exe received on 04.29.2008 19 :20: 27
Result: 7/32 (21.88%)

AhnLab-V3	2008.4.30.0	2008.04.29	-
AntiVir	7.8.0.10	2008.04.29	-
Authentium	4.93.8	2008.04.27	-
Avast	4.8.1169.0	2008.04.29	-
*AVG	7.5.0.516	2008.04.29	Scagent.P*
*BitDefender	7.2	2008.04.29	Trojan.Patched.BQ*
*CAT-QuickHeal	9.50	2008.04.29	(Suspicious) - DNAScan*
ClamAV	0.92.1	2008.04.29	-
DrWeb	4.44.0.09170	2008.04.29	-
*eSafe	7.0.15.0	2008.04.28	Suspicious File*
eTrust-Vet	31.3.5744	2008.04.29	-
Ewido	4.0	2008.04.29	-
F-Prot	4.4.2.54	2008.04.28	-
F-Secure	6.70.13260.0	2008.04.29	-
FileAdvisor	1	2008.04.29	-
Fortinet	3.14.0.0	2008.04.29	-
*Ikarus	T3.1.1.26	2008.04.29	Trojan.Patched.BQ*
Kaspersky	7.0.0.125	2008.04.29	-
McAfee	5284	2008.04.29	-
Microsoft	1.3408	2008.04.22	-
NOD32v2	3063	2008.04.29	-
Norman	5.80.02	2008.04.29	-
Panda	9.0.0.4	2008.04.29	-
Prevx1	V2	2008.04.29	-
Rising	20.42.12.00	2008.04.29	-
*Sophos	4.28.0	2008.04.29	Sus/UnkPacker*
Sunbelt	3.0.1056.0	2008.04.17	-
Symantec	10	2008.04.29	-
TheHacker	6.2.92.297	2008.04.29	-
VBA32	3.12.6.5	2008.04.29	-
VirusBuster	4.3.26:9	2008.04.29	-
*Webwasher-Gateway	6.6.2	2008.04.29 Virus.Win32.FileInfector.gen (suspicious)
*
Additional information
File size: 163840 bytes
MD5...: ee4dff6b91520da286f7b71f20548f6a
SHA1..: e30f4bc3574bb139ffc1191eb3bc4f54b5d673d2

http://www.virustotal.com/analisis/5...d50eefe5b737b3

----------


## senyak

Файл DigiCertComericaInstaller_v0422_2 получен 2008.04.29 21:13:22 (CET)
Текущий статус:     закончено 
Результат: 10/30 (33.34%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.4.30.0	2008.04.29	-
> *AntiVir	7.8.0.10	2008.04.29	TR/Crypt.XPACK.Gen*
> Authentium	4.93.8	2008.04.27	-
> Avast	4.8.1169.0	2008.04.29	-
> *AVG	7.5.0.516	2008.04.29	Downloader.Small.CIF*
> BitDefender	7.2	2008.04.29	-
> *CAT-QuickHeal	9.50	2008.04.29	TrojanPSW.Papras.dk*
> ClamAV	0.92.1	2008.04.29	-
> ...


Дополнительная информация
File size: 21148 bytes
MD5...: d29e12376cf2035ea5effef225f908e0
SHA1..: 1f33e509c103b684691419fbc2547eccc2a997b9
SHA256: f45fd442173370e81250a12d9acb5fb8686767cdbd69183956  df7285c3f7a202
SHA512: cb08b7a8c9996bcffe589f06502f479c63a668f4de84081578  406d9b5f466e31
b596e2e8010bca74087eb1e724a39444d1ce457f77e7264240  8ea9ce03448861
PEiD..: -
PEInfo: -

----------


## stigor

Файл resume.exe получен 2008.04.30 08:12:22 (CET)
Текущий статус: закончено 
Результат: 15/31 (48.39%)

Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.4.30.0	2008.04.29	-
*AntiVir	7.8.0.10	2008.04.29	TR/Crypt.XPACK.Gen*
Authentium	4.93.8	2008.04.27	-
Avast	4.8.1169.0	2008.04.29	-
*AVG	7.5.0.516	2008.04.30	SHeur.BERH
BitDefender	7.2	2008.04.30	Trojan.Srizbi.CC
CAT-QuickHeal	9.50	2008.04.29	(Suspicious) - DNAScan
*ClamAV	0.92.1	2008.04.30	-
DrWeb	4.44.0.09170	2008.04.29	-
*eSafe	7.0.15.0	2008.04.28	Suspicious File*
eTrust-Vet	31.3.5746	2008.04.30	-
Ewido	4.0	2008.04.29	-
F-Prot	4.4.2.54	2008.04.30	-
*F-Secure	6.70.13260.0	2008.04.30	Trojan.Win32.Srizbi.v*
Fortinet	3.14.0.0	2008.04.29	-
*Ikarus	T3.1.1.26	2008.04.30	Trojan.Crypt.XPACK*
*Kaspersky	7.0.0.125	2008.04.30	Trojan.Win32.Srizbi.v*
McAfee	5284	2008.04.29	-
*Microsoft	1.3408	2008.04.22	TrojanDropper:Win32/Srizbi.gen!D
NOD32v2	3064	2008.04.29	Win32/Srizbi.Gen
*Norman	5.80.02	2008.04.29	-
Panda	9.0.0.4	2008.04.30	-
Prevx1	V2	2008.04.30	-
*Rising	20.42.12.00	2008.04.29	Packer.Win32.Mian007.a
Sophos	4.28.0	2008.04.30	Mal/Generic-A*
Sunbelt	3.0.1056.0	2008.04.17	-
Symantec	10	2008.04.30	-
*TheHacker	6.2.92.297	2008.04.29	Trojan/Srizbi.v
VBA32	3.12.6.5	2008.04.29	Trojan.Win32.Srizbi.v*
VirusBuster	4.3.26:9	2008.04.29	-
*Webwasher-Gateway	6.6.2	2008.04.30	Trojan.Crypt.XPACK.Gen
*
Дополнительная информация
File size: 159744 bytes
MD5...: a3b0fb6bd0b819ef5489f3ce02456f67

http://www.virustotal.com/ru/analisi...ff15c7d9c8f68a

----------


## rubin

Файл avz00001.dta получен 2008.04.30 11:13:17 (CET)



```
AhnLab-V3	2008.4.30.0	2008.04.30	-
AntiVir	7.8.0.10	2008.04.30	TR/Drop.Agent.snu
Authentium	4.93.8	2008.04.27	-
Avast	4.8.1169.0	2008.04.30	Win32:Injecter-AU
AVG	7.5.0.516	2008.04.30	Worm/Generic.GPB
BitDefender	7.2	2008.04.30	Trojan.Spy.ZBot.BO
CAT-QuickHeal	9.50	2008.04.29	TrojanDropper.Small.bgy
ClamAV	None	2008.04.30	-
DrWeb	4.44.0.09170	2008.04.30	BackDoor.FireOn
eSafe	7.0.15.0	2008.04.28	-
eTrust-Vet	31.3.5746	2008.04.30	-
Ewido	4.0	2008.04.29	-
F-Prot	4.4.2.54	2008.04.30	-
F-Secure	6.70.13260.0	2008.04.30	Trojan:W32/Agent.ERT
Fortinet	3.14.0.0	2008.04.30	-
Ikarus	T3.1.1.26	2008.04.30	Trojan-Dropper.Agent.snu
Kaspersky	7.0.0.125	2008.04.30	-
McAfee	5284	2008.04.29	-
Microsoft	1.3408	2008.04.22	-
NOD32v2	3064	2008.04.29	-
Norman	5.80.02	2008.04.29	W32/Smalltroj.DSBM
Panda	9.0.0.4	2008.04.30	-
Prevx1	V2	2008.04.30	-
Rising	20.42.20.00	2008.04.30	-
Sophos	4.28.0	2008.04.30	Sus/UnkPacker
Sunbelt	3.0.1056.0	2008.04.17	-
Symantec	10	2008.04.30	-
TheHacker	6.2.92.297	2008.04.29	-
VBA32	3.12.6.5	2008.04.29	BackDoor.FireOn
VirusBuster	4.3.26:9	2008.04.29	-
Webwasher-Gateway	6.6.2	2008.04.30	Trojan.Drop.Agent.snu
```

File size: 161972 bytes
MD5...: 230dea022515ea5734e3e9223bcc5975
SHA1..: 1f2fc7139e5cd1e6333a79a18d39d6c7aa209050
SHA256: 0e5c7a1966b77f5ae8c54f8b89b129b6dfc89853ac56f69276  7bc01ed94c5775
SHA512: 0cd93b385c18ca396b09a32c0570ff41cfceecc1589cd79b54  caccb697d5913e
3964e87ebf9ac75b493bd9181fb3b33bd811a30532cf74898a  5ab1edc7e4097d

*Добавлено через 8 минут*

Файл avz00001.dta получен 2008.04.30 11:26:05 (CET)

base*.dll


```
AhnLab-V3	2008.4.30.0	2008.04.30	-
AntiVir	7.8.0.10	2008.04.30	HEUR/Crypted
Authentium	4.93.8	2008.04.27	-
Avast	4.8.1169.0	2008.04.30	-
AVG	7.5.0.516	2008.04.30	-
BitDefender	7.2	2008.04.30	Trojan.Agent.AGKK
CAT-QuickHeal	9.50	2008.04.29	-
ClamAV	0.92.1	2008.04.30	-
DrWeb	4.44.0.09170	2008.04.30	-
eSafe	7.0.15.0	2008.04.28	-
eTrust-Vet	31.3.5747	2008.04.30	-
Ewido	4.0	2008.04.29	-
F-Prot	4.4.2.54	2008.04.30	W32/Agent.AZ.gen!Eldorado
F-Secure	6.70.13260.0	2008.04.30	-
Fortinet	3.14.0.0	2008.04.30	-
Ikarus	T3.1.1.26	2008.04.30	-
Kaspersky	7.0.0.125	2008.04.30	-
McAfee	5284	2008.04.29	-
Microsoft	1.3408	2008.04.22	-
NOD32v2	3064	2008.04.29	-
Norman	5.80.02	2008.04.29	-
Panda	9.0.0.4	2008.04.30	Suspicious file
Prevx1	V2	2008.04.30	-
Rising	20.42.20.00	2008.04.30	-
Sophos	4.28.0	2008.04.30	-
Sunbelt	3.0.1056.0	2008.04.17	-
Symantec	10	2008.04.30	-
TheHacker	6.2.92.297	2008.04.29	-
VBA32	3.12.6.5	2008.04.29	-
VirusBuster	4.3.26:9	2008.04.29	-
Webwasher-Gateway	6.6.2	2008.04.30	Heuristic.Crypted
```

File size: 24576 bytes
MD5...: b4c3e1b37d26e514d8b90921cc9d5bf7
SHA1..: 15749acfa1dd979036e107dae2a232e0c8d61f37
SHA256: 442d3c3d1941c0e6ee9ca7b4f4eff635f45caed2e50a42df26  074a666be72942
SHA512: 2600406a25d6ebf932bf463b8c883b7328031b9d84328c2172  29860302e1008b
35964a8207ee466c44d621a2bbadbd7dcbb1bec313416244f3  f8e8fd56c1fbc7

----------


## Shu_b

подведём итоги апреля...

----------


## mayas

из карантина File 77612B90d01 received on 05.01.2008 01:16:13 (CET)
Result: 3/32 (9.38%)




> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3	2008.5.1.0	2008.04.30	-
> AntiVir	7.8.0.11	2008.04.30	*VBS/Dldr.Agent.DM*
> Authentium	4.93.8	2008.04.30	-
> Avast	4.8.1169.0	2008.04.30	-
> AVG	7.5.0.516	2008.04.30	-
> BitDefender	7.2	2008.05.01	-
> CAT-QuickHeal	9.50	2008.04.30	-
> ClamAV	0.92.1	2008.04.30	-
> ...

----------


## senyak

Файл mircreg.exe получен 2008.05.03 03:25:30 (CET)
Текущий статус:     закончено 
Результат: 13/31 (41.94%)




> Антивирус	Версия	Обновление	Результат
> *AhnLab-V3	2008.5.3.0	2008.05.02	Win-Trojan/Krotten.54442*
> AntiVir	7.8.0.11	2008.05.02	-
> *Authentium	4.93.8	2008.05.02	W32/Krotten.A*
> Avast	4.8.1169.0	2008.05.03	-
> *AVG	7.5.0.516	2008.05.03	Agent.DD
> BitDefender	7.2	2008.05.02	Trojan.Krotten.B*
> CAT-QuickHeal	9.50	2008.05.02	-
> *ClamAV	0.92.1	2008.05.02	Trojan.Agent-12182*
> ...


Дополнительная информация
File size: 28627 bytes
MD5...: b979b050794c17ac997cbcaa96f9661c
SHA1..: 90799d681c9d13572eda983f74e8b0a078108de7
SHA256: 59788477e7c8c0f13b0ee6d2528a819d1f7c9b6583d905efb4  f2634ab36a5d3a
SHA512: 269c4a93d4e7822f8dec9d1dd13a91602f1be066e702c295c2  44c7f703963d79
872dbc360a594c6404bb2bf14bbad17c8e84cdc294fc87fac8  9118ef34d114ec
PEiD..: -

----------


## Groft

из аськи моего друга:
Привет , Помнишь меня? )
В архиве мои фотки как ты просил...
http :Kiss: ***
Целую, 
Твоя Леночка

Файл My_foto.rar получен 2008.05.04 15:54:00 (CET)
Текущий статус:     закончено 
Результат: 14/30 (46.67%) 
 Форматированные 
Печать результатов  

```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.3.0	2008.05.02	-
AntiVir	7.8.0.11	2008.05.02	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.05.02	-
Avast	4.8.1169.0	2008.05.04	-
AVG	7.5.0.516	2008.05.03	SHeur.BIJX
BitDefender	7.2	2008.05.04	Trojan.Dropper.Agent.TST
CAT-QuickHeal	9.50	2008.05.03	Trojan.Agent.gly
ClamAV	0.92.1	2008.05.04	Trojan.Dropper-6761
DrWeb	4.44.0.09170	2008.05.04	Trojan.Spambot.3151
eSafe	7.0.15.0	2008.04.28	Suspicious File
eTrust-Vet	31.3.5755	2008.05.03	-
Ewido	4.0	2008.05.04	-
F-Prot	4.4.2.54	2008.05.04	-
F-Secure	6.70.13260.0	2008.05.04	Trojan.Win32.Agent.gly
Fortinet	3.14.0.0	2008.05.04	W32/Agent.GLY!tr
Ikarus	T3.1.1.26	2008.05.04	Trojan.Crypt.XPACK
Kaspersky	7.0.0.125	2008.05.04	Trojan.Win32.Agent.gly
McAfee	5287	2008.05.02	-
Microsoft	1.3408	2008.04.22	-
NOD32v2	3072	2008.05.03	-
Norman	5.80.02	2008.05.02	-
Panda	9.0.0.4	2008.05.03	-
Prevx1	V2	2008.05.04	-
Rising	20.42.62.00	2008.05.04	-
Sophos	4.29.0	2008.05.04	Troj/RKDrop-A
Sunbelt	3.0.1097.0	2008.05.03	-
TheHacker	6.2.92.300	2008.05.03	-
VBA32	3.12.6.5	2008.05.03	-
VirusBuster	4.3.26:9	2008.05.03	Trojan.Srizbi.AC
Webwasher-Gateway	6.6.2	2008.05.04	Trojan.Crypt.XPACK.Gen
```

вот такая вот фотачка Леночки))  :Cheesy: 
ps где-то на форуме об этом уже писалось, но все же...
в следующем обновлении vba32 будет его детектировать

----------


## SuperBrat

Файл avz00003.dta (pagefile.pif) получен 2008.05.07 12:30:31 (CET)


```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.3.0	2008.05.07	Dropper/Agent.102400.L
AntiVir	7.8.0.11	2008.05.07	TR/Xoror.H
Authentium	4.93.8	2008.05.07	-
Avast	4.8.1169.0	2008.05.06	Win32:Agent-ODP
AVG	7.5.0.516	2008.05.07	Generic9.APCT
BitDefender	7.2	2008.05.07	-
CAT-QuickHeal	9.50	2008.05.06	-
ClamAV	0.92.1	2008.05.07	W32.Xorer-6
DrWeb	4.44.0.09170	2008.05.07	Trojan.Hunder.origin
eSafe	7.0.15.0	2008.05.06	-
eTrust-Vet	31.4.5766	2008.05.07	Win32/Pagipef!generic
Ewido	4.0	2008.05.06	-
F-Prot	4.4.2.54	2008.05.06	W32/BadBHO.A.gen!Eldorado
F-Secure	6.70.13260.0	2008.05.07	Virus.Win32.Xorer.dr
Fortinet	3.14.0.0	2008.05.07	-
Ikarus	T3.1.1.26	2008.05.07	Virus.Win32.Xorer.dr
Kaspersky	7.0.0.125	2008.05.07	-
McAfee	5289	2008.05.06	W32/Fujacks
Microsoft	1.3408	2008.05.07	Virus:Win32/Xorer.A
NOD32v2	3082	2008.05.07	a variant of Win32/Xorer
Norman	5.80.02	2008.05.06	-
Panda	9.0.0.4	2008.05.06	Suspicious file
Prevx1	V2	2008.05.07	Malicious Software
Rising	20.43.12.00	2008.05.07	Worm.Win32.DiskGen.bj
Sophos	4.29.0	2008.05.07	Mal/Packer
Sunbelt	3.0.1097.0	2008.05.07	-
Symantec	10	2008.05.07	W32.Pagipef.I!inf
TheHacker	6.2.92.302	2008.05.07	-
VBA32	3.12.6.5	2008.05.06	suspected of Embedded.Virus.Win32.Xorer.c
VirusBuster	4.3.26:9	2008.05.06	Packed/FSG
Webwasher-Gateway	6.6.2	2008.05.07	Trojan.Xoror.H
```

Дополнительная информация
File size: 102400 bytes
MD5...: 19acf11a06587fcacf8085d7038e6c6a
SHA1..: ad1e3785496e777c99316320933b7b3161ea3510
SHA256: fa4cfa1ab8b478d0f07902413d58193caa51314775f71f10e4  641e1f11053bea
SHA512: 69aa6956e67c93417dbf56374a6de76ca78339360f7d000f0e  cfa00010ce5a62<BR>ce671b0dbb9135a22d220b833da46a16  cfe4dff2f0c4f31660dc29774a0719a9
PEiD..: Armadillo v1.71
Prevx info: http://info.prevx.com/aboutprogramte...9597000E4AFAD1

----------


## Shu_b

t 22579

```
File datmps.dll received on 05.07.2008 19:53:37 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.5.3.0	2008.05.07	-
AntiVir	7.8.0.11	2008.05.07	TR/Spy.Gen
Authentium	4.93.8	2008.05.07	-
Avast	4.8.1169.0	2008.05.07	-
AVG	7.5.0.516	2008.05.07	-
BitDefender	7.2	2008.05.07	-
CAT-QuickHeal	9.50	2008.05.07	-
ClamAV	0.92.1	2008.05.07	-
DrWeb	4.44.0.09170	2008.05.07	-
eSafe	7.0.15.0	2008.05.07	suspicious Trojan/Worm
eTrust-Vet	31.4.5766	2008.05.07	-
Ewido	4.0	2008.05.07	-
F-Prot	4.4.2.54	2008.05.06	-
F-Secure	6.70.13260.0	2008.05.07	-
Fortinet	3.14.0.0	2008.05.07	-
Ikarus	T3.1.1.26.0	2008.05.07	-
Kaspersky	7.0.0.125	2008.05.07	-
McAfee	5290	2008.05.07	-
Microsoft	1.3408	2008.05.07	-
NOD32v2	3083	2008.05.07	-
Norman	5.80.02	2008.05.07	-
Panda	9.0.0.4	2008.05.06	-
Prevx1	V2	2008.05.07	Malicious Software
Rising	20.43.12.00	2008.05.07	-
Sophos	4.29.0	2008.05.07	-
Sunbelt	3.0.1097.0	2008.05.07	-
Symantec	10	2008.05.07	-
TheHacker	6.2.92.302	2008.05.07	-
VBA32	3.12.6.5	2008.05.07	suspected of Trojan-Spy.Banker.51 (paranoid heuristics)
VirusBuster	4.3.26:9	2008.05.07	-
Webwasher-Gateway	6.6.2	2008.05.07	Trojan.Spy.Gen

Additional information
File size: 21958 bytes
```

----------


## Shu_b

t 22570

```
File aozcc.exe received on 05.08.2008 10:26:20 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.5.3.0	2008.05.08	-
AntiVir	7.8.0.14	2008.05.08	TR/Downloader.Gen
Authentium	4.93.8	2008.05.08	-
Avast	4.8.1169.0	2008.05.07	-
AVG	7.5.0.516	2008.05.07	Potentially harmful program Fake_AntiSpyware.RS
BitDefender	7.2	2008.05.08	-
CAT-QuickHeal	9.50	2008.05.07	-
ClamAV	0.92.1	2008.05.08	-
DrWeb	4.44.0.09170	2008.05.07	-
eSafe	7.0.15.0	2008.05.07	suspicious Trojan/Worm
eTrust-Vet	31.4.5768	2008.05.07	-
Ewido	4.0	2008.05.07	-
F-Prot	4.4.2.54	2008.05.07	-
F-Secure	6.70.13260.0	2008.05.08	Suspicious:W32/Malware!Gemini
Fortinet	3.14.0.0	2008.05.08	-
Ikarus	T3.1.1.26	2008.05.08	Trojan-Downloader.Win32.Renos
Kaspersky	7.0.0.125	2008.05.08	-
McAfee	5290	2008.05.07	-
Microsoft	1.3408	2008.05.08	TrojanDownloader:Win32/Renos
NOD32v2	3084	2008.05.08	-
Norman	5.80.02	2008.05.07	-
Panda	9.0.0.4	2008.05.07	Suspicious file
Prevx1	V2	2008.05.08	Adware
Rising	20.43.30.00	2008.05.08	-
Sophos	4.29.0	2008.05.08	-
Sunbelt	3.0.1097.0	2008.05.07	-
Symantec	10	2008.05.08	Awola
TheHacker	6.2.92.302	2008.05.07	-
VBA32	3.12.6.5	2008.05.07	-
VirusBuster	4.3.26:9	2008.05.07	-
Webwasher-Gateway	6.6.2	2008.05.08	Trojan.Downloader.Gen
Additional information
File size: 14336 bytes
```

----------


## Пушистый

Сегодня пришло в ICQ :Это твоя что ли фотка? [url]http :Kiss: ***  Красивая



```
AhnLab-V3	2008.5.3.0	2008.05.08	-
AntiVir	7.8.0.14	2008.05.08	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.05.08	-
Avast	4.8.1169.0	2008.05.07	-
AVG	7.5.0.516	2008.05.07	-
BitDefender	7.2	2008.05.08	Packer.Malware.Crypter.C
CAT-QuickHeal	9.50	2008.05.08	-
ClamAV	0.92.1	2008.05.08	Trojan.Dropper-6679
DrWeb	4.44.0.09170	2008.05.08	-
eSafe	7.0.15.0	2008.05.07	-
eTrust-Vet	31.4.5769	2008.05.08	-
Ewido	4.0	2008.05.08	-
F-Prot	4.4.2.54	2008.05.07	-
F-Secure	6.70.13260.0	2008.05.08	Suspicious:W32/Malware!Gemini
Fortinet	3.14.0.0	2008.05.08	-
Ikarus	T3.1.1.26.0	2008.05.08	-
Kaspersky	7.0.0.125	2008.05.08	Trojan-Dropper.Win32.Pincher.as
McAfee	5291	2008.05.08	-
Microsoft	1.3408	2008.05.08	VirTool:Win32/Fcrypter.gen!A
NOD32v2	3086	2008.05.08	-
Norman	5.80.02	2008.05.08	-
Panda	9.0.0.4	2008.05.07	-
Prevx1	V2	2008.05.08	-
Rising	20.43.32.00	2008.05.08	-
Sophos	4.29.0	2008.05.08	-
Sunbelt	3.0.1097.0	2008.05.07	-
Symantec	10	2008.05.08	-
TheHacker	6.2.92.305	2008.05.08	-
VBA32	3.12.6.5	2008.05.08	-
VirusBuster	4.3.26:9	2008.05.08	-
Webwasher-Gateway	6.6.2	2008.05.08	Trojan.Crypt.XPACK.Ge
```

----------


## mayas

a-squared 		    3.5.0.18 		    2008.05.08  		    2008-05-08                     -
 		    7.118 		   		    AhnLab V3 		    2008.05.09.00 		    2008.05.09  		    2008-05-09                     -
 		    6.689 		   		    AntiVir 		    7.8.0.14 		    7.0.4.20  		    2008-05-09                     TR/Crypt.XPACK.Gen
 		    6.527 		   		    Arcavir 		    1.0.4 		    200805082025  		    2008-05-08                     -
 		    3.093 		   		    AVAST! 		    1.0.8 		    080507-0  		    2008-05-07                     Win32 :lol: dPinch-CNU [Trj]
 		    7.772 		   		    AVG 		    7.5.51.442 		    269.23.11/1422  		    2008-05-08                     -
 		    5.587 		   		    BitDefender 		    7.60825.1190744 		    7.18889  		    2008-05-09                     Trojan.Dropper.RTS
 		    9.967 		   		    CA (VET) 		    9.0.0.143 		    31.4.5771  		    2008-05-09                     -
 		    34.707 		   		    ClamAV 		    0.93 		    7070  		    2008-05-09                     Trojan.Dropper-6121
 		    0.015 		   		    Comodo 		    2.11 		    2.0.0.519  		    2008-05-09                     -
 		    1.951 		   		    CP Secure 		    1.1.0.715 		    2008.05.09  		    2008-05-09                     Troj.Dropper.W32.Small.auj
 		    6.600 		   		    Dr.Web 		    4.44.0.9170 		    2008.05.08  		    2008-05-08                     Trojan.DownLoader.59620
 		    5.031 		   		    ewido 		    4.0.0.2 		    2008.05.08  		    2008-05-08                     -
 		    11.858 		   		    F-Prot 		    4.4.1.52 		    20080508  		    2008-05-08                     -
 		    3.262 		   		    F-Secure 		    5.51.6100 		    2008.05.09.02  		    2008-05-09                     -
 		    10.029 		   		    Fortinet 		    2.81-3.11 		    9.62  		    2008-05-09                     Suspicious
 		    5.772 		   		    Ikarus 		    T3.1.01.26 		    2008.05.09.70723  		    2008-05-09                     Packer.Pohernah.C
 		    4.683 		   		    JiangMin 		    10.00.650 		    2008.05.09  		    2008-05-09                     TrojanDropper.Joiner.fm
 		    2.093 		   		    Kaspersky 		    5.5.10 		    2008.05.09  		    2008-05-09                     -
 		    7.984 		   		    KingSoft 		    2007.6.20.249 		    2008.5.7  		    2008-05-07                     -
 		    2.161 		   		    McAfee 		    5.2.00 		    5291  		    2008-05-08                     -
 		    5.380 		   		    Microsoft 		    1.3408 		    2008.05.09  		    2008-05-09                     -
 		    9.681 		   		    mks_vir 		    2.01 		    2008.05.07  		    2008-05-07                     -
 		    9.340 		   		    Norman 		    5.91.10 		    5.90  		    2008-04-29                     -
 		    16.179 		   		    nProtect 		    2008-05-02.00 		    1445923  		    2008-05-02                     Trojan-Dropper/W32.Pincher.118337
 		    12.095 		   		    Panda 		    9.04.03.0001 		    2008.05.08  		    2008-05-08                     Suspicious file
 		    6.010 		   		    Prevx 		    V2 		    20080509  		    2008-05-09                     TROJAN.DOWNLOADER.GEN
 		    10.763 		   		    Quick Heal 		    9.00 		    2008.05.08  		    2008-05-08                     -
 		    11.395 		   		    Rising 		    20.0 		    20.43.32.00  		    2008-05-08                     -
 		    4.620 		   		    Sophos 		    2.73.0 		    4.29  		    2008-05-09                     -
 		    12.988 		   		    Symantec 		    1.3.0.24 		    20080508.002  		    2008-05-08                     -
 		    0.249 		   		    The Hacker 		    6.2.92 		    v00305  		    2008-05-08                     -
 		    4.768 		   		    Trend Micro 		    8.500-1001 		    5.268.02  		    2008-05-08                     -
 		    0.210 		   		    VBA32 		    3.12.6.5 		    20080508.0130  		    2008-05-08                     Backdoor.Delf.180 (paranoid heuristics) (suspicious)
 		    21.351 		   		    ViRobot 		    20080508 		    2008.05.08  		    2008-05-08                     -
 		    0.779 		   		    VirusBuster 		    4.3.19:9 		    9.127.11/11.0  		    2008-05-08                     -
 		    10.020

----------


## mayas

a-squared 		    3.5.0.18 		    2008.05.10  		    2008-05-10                     -
 		    40.542 		   		    AhnLab V3 		    2008.05.09.00 		    2008.05.09  		    2008-05-09                     -
 		    40.487 		   		    AntiVir 		    7.8.0.17 		    7.0.4.23  		    2008-05-09                     -
 		    4.003 		   		    Arcavir 		    1.0.4 		    200805101105  		    2008-05-10                     -
 		    3.343 		   		    AVAST! 		    1.0.8 		    080510-0  		    2008-05-10                     -
 		    3.061 		   		    AVG 		    7.5.51.442 		    269.23.15/1426  		    2008-05-10                     -
 		    2.840 		   		    BitDefender 		    7.60825.1191169 		    7.18939  		    2008-05-11                     Trojan.Patched.BR
 		    4.312 		   		    CA (VET) 		    9.0.0.143 		    31.4.5772  		    2008-05-09                     -
 		    40.249 		   		    ClamAV 		    0.93 		    7087  		    2008-05-11                     -
 		    0.072 		   		    Comodo 		    2.11 		    2.0.0.521  		    2008-05-11                     -
 		    20.153 		   		    CP Secure 		    1.1.0.715 		    2008.05.11  		    2008-05-11                     -
 		    7.316 		   		    Dr.Web 		    4.44.0.9170 		    2008.05.10  		    2008-05-10                     -
 		    6.973 		   		    ewido 		    4.0.0.2 		    2008.05.09  		    2008-05-09                     -
 		    6.702 		   		    F-Prot 		    4.4.1.52 		    20080510  		    2008-05-10                     -
 		    6.633 		   		    F-Secure 		    5.51.6100 		    2008.05.10.01  		    2008-05-10                     -
 		    12.418 		   		    Fortinet 		    2.81-3.11 		    9.65  		    2008-05-10                     Suspicious
 		    13.768 		   		    Ikarus 		    T3.1.01.26 		    2008.05.11.70733  		    2008-05-11                     -
 		    6.619 		   		    JiangMin 		    10.00.650 		    2008.05.11  		    2008-05-11                     -
 		    12.071 		   		    Kaspersky 		    5.5.10 		    2008.05.11  		    2008-05-11                     -
 		    32.835 		   		    KingSoft 		    2007.6.20.249 		    2008.5.7  		    2008-05-07                     -
 		    1.664 		   		    McAfee 		    5.2.00 		    5292  		    2008-05-09                     -
 		    13.820 		   		    Microsoft 		    1.3408 		    2008.05.10  		    2008-05-10                     VirTool:Win32/Obfuscator.AX(Suspicious)
 		    8.617 		   		    mks_vir 		    2.01 		    2008.05.10  		    2008-05-10                     -
 		    18.378 		   		    Norman 		    5.92.06 		    5.92.00  		    2008-05-0900:14:51                     -
 		    36.136 		   		    nProtect 		    2008-05-02.00 		    1441206  		    2008-05-02                     Trojan.Patched.BR
 		    6.668 		   		    Panda 		    9.04.03.0001 		    2008.05.11  		    2008-05-11                     Suspicious file
 		    10.268 		   		    Prevx 		    V2 		    20080511  		    2008-05-11                     TROJAN.DOWNLOADER.GEN
 		    5.197 		   		    Quick Heal 		    9.00 		    2008.05.10  		    2008-05-10                     Suspicious - DNAScan
 		    3.566 		   		    Rising 		    20.0 		    20.43.62.00  		    2008-05-11                     Packer.Win32.Agent.d
 		    2.603 		   		    Sophos 		    2.73.0 		    4.29  		    2008-05-11                     -
 		    12.886 		   		    Symantec 		    1.3.0.24 		    20080510.006  		    2008-05-10                     -
 		    0.201 		   		    The Hacker 		    6.2.92 		    v00307  		    2008-05-10                     -
 		    1.356 		   		    Trend Micro 		    8.500-1001 		    5.270.01  		    2008-05-09                     -
 		    0.044 		   		    VBA32 		    3.12.6.5 		    20080509.1907  		    2008-05-09                     Malware-Cryptor.Win32.Vserafno
 		    5.312 		   		    ViRobot 		    20080510 		    2008.05.10  		    2008-05-10                     -
 		    3.600 		   		    VirusBuster 		    4.3.19:9 		    9.127.13/11.0  		    2008-05-11                     -
 		    4.193

*Добавлено через 50 минут*
типа новая версия квипа 8060




> AhnLab-V3	2008.5.10.0	2008.05.10	-
> AntiVir	7.8.0.17	2008.05.09	-
> Authentium	4.93.8	2008.05.11	-
> Avast	4.8.1169.0	2008.05.10	-
> AVG	7.5.0.516	2008.05.11	-
> BitDefender	7.2	2008.05.08	-
> CAT-QuickHeal	9.50	2008.05.10	-
> ClamAV	0.92.1	2008.05.11	-
> DrWeb	4.44.0.09170	2008.05.10	-
> ...

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Groft

типо еще 1 квип :)



> Файл qip.exe получен 2008.05.11 19:42:33 (CET)
> Текущий статус:    закончено 
> Результат: 13/31 (41.94%) 
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.5.10.0	2008.05.10	-
> *AntiVir	7.8.0.17	2008.05.11	TR/Crypt.XPACK.Gen*
> Authentium	4.93.8	2008.05.11	-
> *Avast	4.8.1169.0	2008.05.10	Win32:LdPinch-CNU
> ...


http://www.virustotal.com/ru/analisi...048ab05285d753

----------


## Shu_b

t 22727

```
File braviax.exe received on 05.12.2008 09:29:16 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.5.10.0	2008.05.10	-
AntiVir	7.8.0.17	2008.05.11	HEUR/Malware
Authentium	4.93.8	2008.05.10	-
Avast	4.8.1169.0	2008.05.11	-
AVG	7.5.0.516	2008.05.11	-
BitDefender	7.2	2008.05.08	-
CAT-QuickHeal	9.50	2008.05.10	-
ClamAV	None	2008.05.12	-
DrWeb	4.44.0.09170	2008.05.12	-
eSafe	7.0.15.0	2008.05.12	-
eTrust-Vet	31.4.5772	2008.05.09	-
Ewido	4.0	2008.05.11	-
F-Prot	4.4.2.54	2008.05.12	-
F-Secure	6.70.13260.0	2008.05.12	W32/Malware
Fortinet	3.14.0.0	2008.05.12	-
Ikarus	T3.1.1.26.0	2008.05.12	-
Kaspersky	7.0.0.125	2008.05.12	Heur.Trojan.Generic
McAfee	5291	2008.05.08	-
Microsoft	1.3408	2008.05.12	-
NOD32v2	3091	2008.05.12	-
Norman	5.80.02	2008.05.09	-
Panda	9.0.0.4	2008.05.11	-
Prevx1	V2	2008.05.12	-
Rising	20.43.62.00	2008.05.11	-
Sophos	4.29.0	2008.05.12	-
Sunbelt	3.0.1114.0	2008.05.12	-
Symantec	10	2008.05.12	-
TheHacker	6.2.92.307	2008.05.12	-
VBA32	3.12.6.5	2008.05.12	-
VirusBuster	4.3.26:9	2008.05.11	-
Webwasher-Gateway	6.6.2	2008.05.11	Heuristic.Malware
Additional information
File size: 37376 bytes
```

----------


## Groft

Файл opr003SL.exe получен 2008.05.13 15:05:46 (CET)
Текущий статус: закончено 
Результат: 8/32 (25%) 
Форматированные 
Печать результатов Антивирус    Версия    Обновление    Результат
AhnLab-V3    2008.5.10.0    2008.05.13    -
*AntiVir    7.8.0.17    2008.05.13    TR/Crypt.XPACK.Gen*
Authentium    5.1.0.4    2008.05.13    -
Avast    4.8.1169.0    2008.05.12    -
*AVG    7.5.0.516    2008.05.13    Downloader.Zlob.12.AH*
BitDefender    7.2    2008.05.08    -
*CAT-QuickHeal    9.50    2008.05.12    (Suspicious) - DNAScan*
ClamAV    0.92.1    2008.05.13    -
DrWeb    4.44.0.09170    2008.05.13    -
*eSafe    7.0.15.0    2008.05.12    Suspicious File*
eTrust-Vet    31.4.5783    2008.05.12    -
Ewido    4.0    2008.05.13    -
F-Prot    4.4.2.54    2008.05.13    -
F-Secure    6.70.13260.0    2008.05.13    -
Fortinet    3.14.0.0    2008.05.13    -
GData    2.0.7306.1023    2008.05.13    -
Ikarus    T3.1.1.26.0    2008.05.13    -
Kaspersky    7.0.0.125    2008.05.13    -
McAfee    5293    2008.05.12    -
*Microsoft    1.3408    2008.05.13    Trojan:Win32/Tibs.gen!G*
NOD32v2    3095    2008.05.13    -
Norman    5.80.02    2008.05.09    -
Panda    9.0.0.4    2008.05.12    -
Prevx1    V2    2008.05.13    -
Rising    20.44.12.00    2008.05.13    -
*Sophos    4.29.0    2008.05.13    Mal/EncPk-DA*
Sunbelt    3.0.1114.0    2008.05.12    -
Symantec    10    2008.05.13    -
TheHacker    6.2.92.309    2008.05.13    -
*VBA32    3.12.6.6    2008.05.13    suspected of Downloader.Zlob.8*
VirusBuster    4.3.26:9    2008.05.12    -
*Webwasher-Gateway    6.6.2    2008.05.13    Trojan.Crypt.XPACK.Gen*
http://www.virustotal.com/ru/analisi...a5dec80d6f5293

----------


## mayas

Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2008.5.10.0	2008.05.13	-
*AntiVir	7.8.0.17	2008.05.13	HEUR/Win32.Virus.Damaged*
*Authentium	5.1.0.4	2008.05.14	W32/NewUnknownMalware-P74!Maximus*
Avast	4.8.1169.0	2008.05.12	-
*AVG	7.5.0.516	2008.05.13	Win32/PolyCrypt*
BitDefender	7.2	2008.05.08	-
CAT-QuickHeal	9.50	2008.05.12	-
ClamAV	0.92.1	2008.05.13	-
DrWeb	4.44.0.09170	2008.05.13	-
eSafe	7.0.15.0	2008.05.12	-
eTrust-Vet	31.4.5784	2008.05.13	-
Ewido	4.0	2008.05.13	-
*F-Prot	4.4.2.54	2008.05.13	W32/NewUnknownMalware-P74!Maximus*
*F-Secure	6.70.13260.0	2008.05.13	Suspicious:W32/Malware!Gemini*
Fortinet	3.14.0.0	2008.05.13	-
GData	2.0.7306.1023	2008.05.14	-
*Ikarus	T3.1.1.26.0	2008.05.13	Trojan.MulDrop.4111*
Kaspersky	7.0.0.125	2008.05.13	-
McAfee	5293	2008.05.12	-
*Microsoft	1.3408	2008.05.13	VirTool:Win32/Obfuscator.AX*
NOD32v2	3095	2008.05.13	-
Norman	5.80.02	2008.05.09	-
Panda	9.0.0.4	2008.05.12	-
Rising	20.44.12.00	2008.05.13	-
*Sophos	4.29.0	2008.05.13	Sus/UnkPacker*
Sunbelt	3.0.1114.0	2008.05.12	-
Symantec	10	2008.05.13	-
TheHacker	6.2.92.309	2008.05.13	-
VBA32	3.12.6.6	2008.05.13	-
VirusBuster	4.3.26:9	2008.05.12	-
*Webwasher-Gateway	6.6.2	2008.05.13	Heuristic.Win32.Virus.Damaged*
Additional information
File size: 595085 bytes
MD5...: 12931f9ad898e6a776a08c66c551365d
SHA1..: ffb8fe5cc11b382af407fcfc70a31de04ced502b
SHA256: a1db3f79a36ba5cb6e6fb9bf2848bc7b704169189d4cdd1132  6c9d5fc73da429
SHA512: 6ddbbc3c951ff22c84fca5d74d86f0ae0c2d3c4613addd6b39  de5e614b18ae75
28b92dd94a3cc2370fa27cac1b9f4401f8722606e7b31bf71b  aca166d4b38f50

----------


## ALEX(XX)

File autorun.exe received on 05.16.2008 14:14:45 (CET)



```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.5.16.0	2008.05.16	-
AntiVir	7.8.0.19	2008.05.16	CC/UKMalw.LB
Authentium	5.1.0.4	2008.05.16	W32/Trojan.BWKV
Avast	4.8.1169.0	2008.05.12	Win32:Trojan-gen {VC}
AVG	7.5.0.516	2008.05.16	-
BitDefender	7.2	2008.05.16	-
CAT-QuickHeal	9.50	2008.05.15	Trojan.Soltek.kj
ClamAV	0.92.1	2008.05.16	Trojan.Agent-17889
DrWeb	4.44.0.09170	2008.05.16	-
eSafe	7.0.15.0	2008.05.16	-
eTrust-Vet	31.4.5788	2008.05.14	-
Ewido	4.0	2008.05.14	Trojan.Legmir
F-Prot	4.4.2.54	2008.05.16	W32/Trojan.BWKV
F-Secure	6.70.13260.0	2008.05.16	-
Fortinet	3.14.0.0	2008.05.15	W32/Small.K!tr
GData	2.0.7306.1023	2008.05.16	Win32:Trojan-gen 
Ikarus	T3.1.1.26.0	2008.05.16	Trojan-PWS.Legmir
Kaspersky	7.0.0.125	2008.05.16	-
McAfee	5296	2008.05.16	-
Microsoft	1.3408	2008.05.13	-
NOD32v2	3104	2008.05.16	-
Norman	5.80.02	2008.05.15	-
Panda	9.0.0.4	2008.05.15	-
Prevx1	V2	2008.05.16	Malicious Software
Rising	20.44.32.00	2008.05.15	-
Sophos	4.29.0	2008.05.16	Troj/Userin-B
Sunbelt	3.0.1114.0	2008.05.12	-
Symantec	10	2008.05.16	Backdoor.EggDrop
TheHacker	6.2.92.311	2008.05.15	Trojan/Legmir.gen
VBA32	3.12.6.6	2008.05.16	Trojan.PWS.Legmir
VirusBuster	4.3.26:9	2008.05.15	-
Webwasher-Gateway	6.6.2	2008.05.16	Virus.UKMalw.LB
```

----------


## mayas

Result: 4/32 (12.5%)





> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3	2008.5.10.0	2008.05.13	-
> AntiVir	7.8.0.17	2008.05.13	-
> Authentium	5.1.0.4	2008.05.14	-
> Avast	4.8.1169.0	2008.05.12	*Win32:SdBot-4752*
> AVG	7.5.0.516	2008.05.13	-
> BitDefender	7.2	2008.05.08	-
> CAT-QuickHeal	9.50	2008.05.12	-
> ClamAV	0.92.1	2008.05.13	-
> ...


_
ответ [email protected]
\qip2.exe	Инфицирован	Trojan-Dropper.Win32.Pincher.bg	_

----------


## Alex_Goodwin

---


```
Файл wstest.dll получен 2008.05.18 12:11:41 (CET)
Текущий статус: закончено 
Результат: 3/32 (9.38%)
 Форматированные 
Печать результатов  Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.10.0	2008.05.13	-
AntiVir	7.8.0.17	2008.05.13	HEUR/Malware
Authentium	5.1.0.4	2008.05.14	-
Avast	4.8.1169.0	2008.05.12	-
AVG	7.5.0.516	2008.05.13	-
BitDefender	7.2	2008.05.08	-
CAT-QuickHeal	9.50	2008.05.12	-
ClamAV	0.92.1	2008.05.13	-
DrWeb	4.44.0.09170	2008.05.13	-
eSafe	7.0.15.0	2008.05.12	-
eTrust-Vet	31.4.5784	2008.05.13	-
Ewido	4.0	2008.05.13	-
F-Prot	4.4.2.54	2008.05.13	-
F-Secure	6.70.13260.0	2008.05.13	-
Fortinet	3.14.0.0	2008.05.13	-
GData	2.0.7306.1023	2008.05.14	-
Ikarus	T3.1.1.26.0	2008.05.13	-
Kaspersky	7.0.0.125	2008.05.13	-
McAfee	5293	2008.05.12	-
Microsoft	1.3408	2008.05.13	-
NOD32v2	3095	2008.05.13	-
Norman	5.80.02	2008.05.09	-
Panda	9.0.0.4	2008.05.12	Suspicious file
Prevx1	V2	2008.05.18	-
Rising	20.44.12.00	2008.05.13	-
Sophos	4.29.0	2008.05.13	-
Sunbelt	3.0.1114.0	2008.05.12	-
Symantec	10	2008.05.13	-
TheHacker	6.2.92.309	2008.05.13	-
VBA32	3.12.6.6	2008.05.13	-
VirusBuster	4.3.26:9	2008.05.12	-
Webwasher-Gateway	6.6.2	2008.05.13	Heuristic.Malware
Дополнительная информация
File size: 7680 bytes
MD5...: 692f13c703ff9fc8a71f2da0617bfd99
SHA1..: 37f5722091998b483063e10da872880aeda706a7
SHA256: bc6021f4e171ac7505e7c18f95ad28707ca35d3ef38fbcdd1cb5f9f7237fc4ce
SHA512: d78ce19f6e5a274b8c65c83d7abb8903348cc0491e39d17a37d66038223e2863
fe9d849765bb9ed9f0b193635ece2e380aee1372acdd2d9916345b33a49d6d60
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100009d6
timedatestamp.....: 0x48077ecc (Thu Apr 17 16:46:04 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x200 0x118e 0x1200 5.76 9f63dcc93871507979b00c4429c75508
.data 0x1400 0x62e 0x800 4.21 8604c046dca04a429a41d065b25c4d04
.reloc 0x1c00 0x186 0x200 4.65 7777b7ed8ed6c57fde52d25d96edafa2

( 4 imports ) 
> WSOCK32.dll: -, -, -, -, -, -, -, -, -
> KERNEL32.dll: CreateToolhelp32Snapshot, Process32First, OpenProcess, TerminateProcess, Process32Next, lstrlenA, lstrcatA, lstrcpyA, CloseHandle, WriteFile, CreateFileA, Sleep, WinExec, lstrcmpiA, GetVersionExA, GetVolumeInformationA, DeleteFileA, GetFileSize, ReadFile, GetSystemDirectoryA, GetProcAddress, LoadLibraryExA
> USER32.dll: wsprintfA
> ADVAPI32.dll: RegOpenKeyExA, RegQueryValueExA, RegCloseKey

( 1 exports ) 
winl
```

----------


## Surfer

File index.htm received on 05.19.2008 20:58:55 (CET)
Result: 4/32 (12.5%)

AhnLab-V3 2008.5.20.0 2008.05.19 - 
AntiVir 7.8.0.19 2008.05.19 - 
Authentium 5.1.0.4 2008.05.18 - 
Avast 4.8.1195.0 2008.05.18 - 
AVG 7.5.0.516 2008.05.19 - 
BitDefender 7.2 2008.05.19 - 
CAT-QuickHeal 9.50 2008.05.19 - 
ClamAV 0.92.1 2008.05.19 - 
DrWeb 4.44.0.09170 2008.05.19 - 
eSafe 7.0.15.0 2008.05.19 - 
eTrust-Vet 31.4.5798 2008.05.16 - 
Ewido 4.0 2008.05.19 - 
F-Prot 4.4.2.54 2008.05.16 - 
*F-Secure 6.70.13260.0 2008.05.19 Trojan-Spy.HTML.Prikolfraud.c* 
Fortinet 3.14.0.0 2008.05.19 - 
*GData 2.0.7306.1023 2008.05.19 Trojan-Spy.HTML.Prikolfraud.c 
Ikarus T3.1.1.26.0 2008.05.19 Trojan-Spy.HTML.Prikolfraud.c 
Kaspersky 7.0.0.125 2008.05.19 Trojan-Spy.HTML.Prikolfraud.c* 
McAfee 5298 2008.05.19 - 
Microsoft 1.3408 2008.05.13 - 
NOD32v2 3110 2008.05.19 - 
Norman 5.80.02 2008.05.19 - 
Panda 9.0.0.4 2008.05.19 - 
Prevx1 V2 2008.05.19 - 
Rising 20.45.02.00 2008.05.19 - 
Sophos 4.29.0 2008.05.19 - 
Sunbelt 3.0.1123.1 2008.05.17 - 
Symantec 10 2008.05.19 - 
TheHacker 6.2.92.313 2008.05.19 - 
VBA32 3.12.6.6 2008.05.19 - 
VirusBuster 4.3.26:9 2008.05.19 - 
Webwasher-Gateway 6.6.2 2008.05.19 - 

http://www.virustotal.com/analisis/1...50af694a21c396

----------


## Макcим

t=23113




> Файл avz00002.dta получен 2008.05.20 11:12:26 (CET)
> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.5.20.0	2008.05.20	-
> *AntiVir	7.8.0.19	2008.05.20	DR/Delphi.Gen*
> Authentium	5.1.0.4	2008.05.19	-
> Avast	4.8.1195.0	2008.05.19	-
> *AVG	7.5.0.516	2008.05.19	Dropper.Generic.XNM*
> BitDefender	7.2	2008.05.20	-
> CAT-QuickHeal	9.50	2008.05.19	-
> ...

----------


## Surfer

File video.exe received on 05.20.2008 16:00:49 (CET)
Result: 7/32 (21.88%)

AhnLab-V3 2008.5.20.0 2008.05.20 - 
AntiVir 7.8.0.19 2008.05.20 - 
Authentium 5.1.0.4 2008.05.19 - 
Avast 4.8.1195.0 2008.05.20 - 
AVG 7.5.0.516 2008.05.20 - 
BitDefender 7.2 2008.05.20 - 
*CAT-QuickHeal 9.50 2008.05.19 (Suspicious) - DNAScan* 
ClamAV 0.92.1 2008.05.20 - 
DrWeb 4.44.0.09170 2008.05.20 - 
*eSafe 7.0.15.0 2008.05.19 Suspicious File* 
eTrust-Vet 31.4.5806 2008.05.20 - 
Ewido 4.0 2008.05.20 - 
F-Prot 4.4.2.54 2008.05.16 - 
F-Secure 6.70.13260.0 2008.05.20 - 
*Fortinet 3.14.0.0 2008.05.20 W32/PolyZlob!tr.dldr* 
GData 2.0.7306.1023 2008.05.20 - 
Ikarus T3.1.1.26.0 2008.05.20 - 
Kaspersky 7.0.0.125 2008.05.20 - 
McAfee 5298 2008.05.19 - 
*Microsoft 1.3520 2008.05.20 TrojanDropper:Win32/Nuwar.gen!lds* 
NOD32v2 3114 2008.05.20 - 
Norman 5.80.02 2008.05.19 - 
Panda 9.0.0.4 2008.05.20 - 
Prevx1 V2 2008.05.20 - 
Rising 20.45.12.00 2008.05.20 - 
Sophos 4.29.0 2008.05.20 Mal/EncPk-DA 
Sunbelt 3.0.1123.1 2008.05.17 - 
Symantec 10 2008.05.20 - 
TheHacker 6.2.92.314 2008.05.20 - 
*VBA32 3.12.6.6 2008.05.19 MalwareScope.Worm.Nuwar-Glowa.1* 
VirusBuster 4.3.26:9 2008.05.19 - 
*Webwasher-Gateway 6.6.2 2008.05.20 Worm.Win32.Malware.gen (suspicious)* 

http://www.virustotal.com/analisis/6...bab7ca915dfe8f

----------


## Shu_b

t 23161

```
File tcpsr.sys received on 05.21.2008 12:49:09 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.5.20.0	2008.05.21	-
AntiVir	7.8.0.19	2008.05.21	TR/Rootkit.Gen
Authentium	5.1.0.4	2008.05.21	-
Avast	4.8.1195.0	2008.05.21	-
AVG	7.5.0.516	2008.05.20	SpamBot.G
BitDefender	7.2	2008.05.21	-
CAT-QuickHeal	9.50	2008.05.19	-
ClamAV	0.92.1	2008.05.21	-
DrWeb	4.44.0.09170	2008.05.21	-
eSafe	7.0.15.0	2008.05.20	-
eTrust-Vet	31.4.5808	2008.05.21	-
Ewido	4.0	2008.05.21	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.21	-
Fortinet	3.14.0.0	2008.05.21	-
GData	2.0.7306.1023	2008.05.21	-
Ikarus	T3.1.1.26.0	2008.05.21	Trojan.Rootkit
Kaspersky	7.0.0.125	2008.05.21	-
McAfee	5299	2008.05.20	-
Microsoft	1.3520	2008.05.21	VirTool:WinNT/Cutwail.gen!C
NOD32v2	3116	2008.05.21	-
Norman	5.80.02	2008.05.20	-
Panda	9.0.0.4	2008.05.21	-
Prevx1	V2	2008.05.21	-
Rising	20.45.12.00	2008.05.20	-
Sophos	4.29.0	2008.05.21	-
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.21	-
TheHacker	6.2.92.314	2008.05.20	-
VBA32	3.12.6.6	2008.05.20	-
VirusBuster	4.3.26:9	2008.05.20	-
Webwasher-Gateway	6.6.2	2008.05.21	Trojan.Rootkit.Gen
Additional information
File size: 8064 bytes
```


t 23174

```
Файл chief.scr получен 2008.05.21 10:19:31 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.20.0	2008.05.21	-
AntiVir	7.8.0.19	2008.05.21	-
Authentium	5.1.0.4	2008.05.21	-
Avast	4.8.1195.0	2008.05.21	-
AVG	7.5.0.516	2008.05.20	Dropper.FreeJoiner.D
BitDefender	7.2	2008.05.21	Trojan.PWS.LdPinch.TNV
CAT-QuickHeal	9.50	2008.05.19	-
ClamAV	0.92.1	2008.05.21	-
DrWeb	4.44.0.09170	2008.05.21	-
eSafe	7.0.15.0	2008.05.20	-
eTrust-Vet	31.4.5808	2008.05.21	-
Ewido	4.0	2008.05.20	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.21	-
Fortinet	3.14.0.0	2008.05.21	-
GData	2.0.7306.1023	2008.05.21	-
Ikarus	T3.1.1.26.0	2008.05.21	-
Kaspersky	7.0.0.125	2008.05.21	-
McAfee	5299	2008.05.20	-
Microsoft	1.3520	2008.05.21	-
NOD32v2	3115	2008.05.20	probably a variant of Win32/TrojanDropper.Agent.NKS
Norman	5.80.02	2008.05.20	-
Panda	9.0.0.4	2008.05.21	Suspicious file
Prevx1	V2	2008.05.21	-
Rising	20.45.12.00	2008.05.20	-
Sophos	4.29.0	2008.05.21	Mal/EncPk-CO
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.21	-
TheHacker	6.2.92.314	2008.05.20	-
VBA32	3.12.6.6	2008.05.20	-
VirusBuster	4.3.26:9	2008.05.20	-
Webwasher-Gateway	6.6.2	2008.05.21	Win32.Malware.gen!80 (suspicious)
Дополнительная информация
File size: 84480 bytes
```

*Добавлено через 2 часа 0 минут*

t 22934

```
File avz.exe_ received on 05.21.2008 14:52:14 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.5.20.0	2008.05.21	-
AntiVir	7.8.0.19	2008.05.21	-
Authentium	5.1.0.4	2008.05.21	-
Avast	4.8.1195.0	2008.05.21	-
AVG	7.5.0.516	2008.05.21	-
BitDefender	7.2	2008.05.21	Trojan.Inject.HP
CAT-QuickHeal	9.50	2008.05.19	-
ClamAV	0.92.1	2008.05.21	-
DrWeb	4.44.0.09170	2008.05.21	-
eSafe	7.0.15.0	2008.05.20	suspicious Trojan/Worm
eTrust-Vet	31.4.5808	2008.05.21	-
Ewido	4.0	2008.05.21	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.21	Virus.Win32.Afgan.a
Fortinet	3.14.0.0	2008.05.21	W32/Afgen.A
GData	2.0.7306.1023	2008.05.21	Virus.Win32.Afgan.a
Ikarus	T3.1.1.26.0	2008.05.21	BehavesLike.Win32.ExplorerHijack
Kaspersky	7.0.0.125	2008.05.21	Virus.Win32.Afgan.a
McAfee	5299	2008.05.20	-
Microsoft	1.3520	2008.05.21	Virus:Win32/Afgar.A
NOD32v2	3116	2008.05.21	-
Norman	5.80.02	2008.05.20	-
Panda	9.0.0.4	2008.05.21	-
Prevx1	V2	2008.05.21	-
Rising	20.45.12.00	2008.05.21	-
Sophos	4.29.0	2008.05.21	-
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.21	-
TheHacker	6.2.92.314	2008.05.20	-
VBA32	3.12.6.6	2008.05.21	-
VirusBuster	4.3.26:9	2008.05.20	-
Webwasher-Gateway	6.6.2	2008.05.21	-
Additional information
File size: 758784 bytes
MD5...: d108b4e849d00764d935c951578fb9bc
```

*Добавлено через 39 минут*

t 23175

```
File temp\winlogon.exe received on 05.21.2008 15:27:02 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.5.20.0	2008.05.21	-
AntiVir	7.8.0.19	2008.05.21	DR/Delphi.Gen
Authentium	5.1.0.4	2008.05.21	-
Avast	4.8.1195.0	2008.05.21	-
AVG	7.5.0.516	2008.05.21	-
BitDefender	7.2	2008.05.21	-
CAT-QuickHeal	9.50	2008.05.21	-
ClamAV	0.92.1	2008.05.21	-
DrWeb	4.44.0.09170	2008.05.21	-
eSafe	7.0.15.0	2008.05.20	suspicious Trojan/Worm
eTrust-Vet	31.4.5808	2008.05.21	-
Ewido	4.0	2008.05.21	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.21	-
Fortinet	3.14.0.0	2008.05.21	-
GData	2.0.7306.1023	2008.05.21	-
Ikarus	T3.1.1.26.0	2008.05.21	Virus.Win32.Zapchast.DA
Kaspersky	7.0.0.125	2008.05.21	-
McAfee	5299	2008.05.20	Generic Dropper.bb
Microsoft	1.3520	2008.05.21	Trojan:Win32/Delfobfus.A
NOD32v2	3116	2008.05.21	a variant of Win32/Injector.AJ
Norman	5.80.02	2008.05.20	-
Panda	9.0.0.4	2008.05.21	-
Prevx1	V2	2008.05.21	Cloaked Malware
Rising	20.45.12.00	2008.05.21	Trojan.DL.Win32.Agent.bxw
Sophos	4.29.0	2008.05.21	-
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.21	-
TheHacker	6.2.92.314	2008.05.20	-
VBA32	3.12.6.6	2008.05.21	-
VirusBuster	4.3.26:9	2008.05.20	-
Webwasher-Gateway	6.6.2	2008.05.21	Trojan.Dropper.Delphi.Gen
Additional information
File size: 39424 bytes
```

----------


## Groft

> Файл autorun.inf получен 2008.05.22 12:39:26 (CET)
> Текущий статус:    закончено 
> Результат: 13/32 (40.63%) 
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.5.22.1	2008.05.22	-
> AntiVir	7.8.0.19	2008.05.22	-
> *Authentium	5.1.0.4	2008.05.21	IS/Autorun*
> *Avast	4.8.1195.0	2008.05.22	VBS:Malware-gen*
> ...


http://www.virustotal.com/ru/analisi...ab897ea7f5860e
в режиме real-time у vba32 он подозрительный  :Smiley:

----------


## senyak

Файл codecthe51070.ety получен 2008.05.22 16:28:26 (CET)
Текущий статус: закончено 
Результат: 8/32 (25.00%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.5.22.1	2008.05.22	-
> *AntiVir	7.8.0.19	2008.05.22	TR/Dldr.Zlob.NMO*
> Authentium	5.1.0.4	2008.05.21	-
> Avast	4.8.1195.0	2008.05.22	-
> *AVG	7.5.0.516	2008.05.22	Downloader.Zlob.ZV*
> BitDefender	7.2	2008.05.22	-
> CAT-QuickHeal	9.50	2008.05.22	-
> *ClamAV	0.92.1	2008.05.22	Trojan.Zlob-4837*
> ...


Дополнительная информация
File size: 74856 bytes
MD5...: bc428b5b166205452b6b4aa2f7fc61c1
SHA1..: 0e8625d3d02049367fed37b5f7e8e7869523933d
SHA256: 2a6c34e8f6388e49a4d5a39c6f274d6e74807d7777147f16af  6294b764bb27a2
SHA512: 8a60010c6ba73aeb2bee88d403bb4cf6cb9067ef6e7e4eec03  47d91d8e94c6a4
2e2f1152c633e26743c08552bebddbcac9cdcebb7007680fac  7fdc14307c8621
PEiD..: -
PEInfo: PE Structure information

----------


## ZhIV

```
Файл jeur430.exe получен 2008.05.23 02:28:37 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.22.1	2008.05.22	-
AntiVir	7.8.0.19	2008.05.22	PCK/NSIS.M
Authentium	5.1.0.4	2008.05.22	-
Avast	4.8.1195.0	2008.05.22	-
AVG	7.5.0.516	2008.05.22	DNSChanger.AA
BitDefender	7.2	2008.05.23	Trojan.DNSChanger.SL
CAT-QuickHeal	9.50	2008.05.22	-
ClamAV	0.92.1	2008.05.22	-
DrWeb	4.44.0.09170	2008.05.23	-
eSafe	7.0.15.0	2008.05.22	-
eTrust-Vet	31.4.5814	2008.05.22	-
Ewido	4.0	2008.05.22	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.22	Trojan.Win32.DNSChanger.bov
Fortinet	3.14.0.0	2008.05.22	-
GData	2.0.7306.1023	2008.05.23	-
Ikarus	T3.1.1.26.0	2008.05.23	-
Kaspersky	7.0.0.125	2008.05.23	Trojan.Win32.DNSChanger.bov
McAfee	5301	2008.05.22	-
Microsoft	1.3520	2008.05.23	TrojanDropper:Win32/Alureon.D
NOD32v2	3124	2008.05.23	-
Norman	5.80.02	2008.05.22	-
Panda	9.0.0.4	2008.05.22	-
Prevx1	V2	2008.05.23	Malware Dropper
Rising	20.45.32.00	2008.05.22	-
Sophos	4.29.0	2008.05.22	-
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.23	-
TheHacker	6.2.92.318	2008.05.23	-
VBA32	3.12.6.6	2008.05.22	-
VirusBuster	4.3.26:9	2008.05.22	-
Webwasher-Gateway	6.6.2	2008.05.23	Packer.NSIS.M

Дополнительная информация
File size: 109192 bytes
```

*Добавлено через 15 минут*



```
Файл jeur599.exe получен 2008.05.23 02:30:25 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.22.1	2008.05.22	-
AntiVir	7.8.0.19	2008.05.22	TR/Drop.Ag.37888-28
Authentium	5.1.0.4	2008.05.22	-
Avast	4.8.1195.0	2008.05.22	-
AVG	7.5.0.516	2008.05.22	PSW.Webmoner.D
BitDefender	7.2	2008.05.23	-
CAT-QuickHeal	9.50	2008.05.22	-
ClamAV	0.92.1	2008.05.22	-
DrWeb	4.44.0.09170	2008.05.23	Trojan.PWS.Webmonier.18
eSafe	7.0.15.0	2008.05.22	Suspicious File
eTrust-Vet	31.4.5814	2008.05.22	-
Ewido	4.0	2008.05.22	Logger.Webmoner.jl
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.22	Trojan-Spy.Win32.Webmoner.jl
Fortinet	3.14.0.0	2008.05.22	Spy/Webmoner
GData	2.0.7306.1023	2008.05.23	Trojan-Spy.Win32.Webmoner.jl
Ikarus	T3.1.1.26.0	2008.05.23	Trojan-Spy.Win32.Webmoner.jl
Kaspersky	7.0.0.125	2008.05.23	Trojan-Spy.Win32.Webmoner.jl
McAfee	5301	2008.05.22	-
Microsoft	1.3520	2008.05.23	-
NOD32v2	3124	2008.05.23	-
Norman	5.80.02	2008.05.22	W32/Webmoner.VV
Panda	9.0.0.4	2008.05.22	-
Prevx1	V2	2008.05.23	Malicious Software
Rising	20.45.32.00	2008.05.22	-
Sophos	4.29.0	2008.05.22	Mal/Generic-A
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.23	-
TheHacker	6.2.92.318	2008.05.23	Trojan/Spy.Webmoner.jl
VBA32	3.12.6.6	2008.05.22	Trojan-Spy.Win32.Webmoner.jl
VirusBuster	4.3.26:9	2008.05.22	-
Webwasher-Gateway	6.6.2	2008.05.23	Trojan.Drop.Ag.37888-28

Дополнительная информация
File size: 37888 bytes
MD5...: 1067d0e85cb48c0a810ce1d6ae18f0c7
```



```
Файл jeur623.exe получен 2008.05.23 02:39:44 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.22.1	2008.05.22	-
AntiVir	7.8.0.19	2008.05.22	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.05.22	-
Avast	4.8.1195.0	2008.05.22	-
AVG	7.5.0.516	2008.05.22	SHeur.BLNN
BitDefender	7.2	2008.05.23	Trojan.Crypt.DI
CAT-QuickHeal	9.50	2008.05.22	Worm.Socks.md
ClamAV	0.92.1	2008.05.22	-
DrWeb	4.44.0.09170	2008.05.23	-
eSafe	7.0.15.0	2008.05.22	-
eTrust-Vet	31.4.5814	2008.05.22	-
Ewido	4.0	2008.05.22	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.22	Worm.Win32.Socks.md
Fortinet	3.14.0.0	2008.05.22	W32/Socks.MD!worm
GData	2.0.7306.1023	2008.05.23	Worm.Win32.Socks.md
Ikarus	T3.1.1.26.0	2008.05.23	Trojan.Crypt.DI
Kaspersky	7.0.0.125	2008.05.23	Worm.Win32.Socks.md
McAfee	5301	2008.05.22	-
Microsoft	1.3520	2008.05.23	TrojanDropper:Win32/Buzus.gen!A
NOD32v2	3124	2008.05.23	-
Norman	5.80.02	2008.05.22	W32/Socks.T
Panda	9.0.0.4	2008.05.22	-
Prevx1	V2	2008.05.23	Malicious Software
Rising	20.45.32.00	2008.05.22	-
Sophos	4.29.0	2008.05.22	Mal/Generic-A
Sunbelt	3.0.1123.1	2008.05.17	VIPRE.Suspicious
Symantec	10	2008.05.23	-
TheHacker	6.2.92.318	2008.05.23	-
VBA32	3.12.6.6	2008.05.22	-
VirusBuster	4.3.26:9	2008.05.22	-
Webwasher-Gateway	6.6.2	2008.05.23	Trojan.Crypt.XPACK.Gen

Дополнительная информация
File size: 9216 bytes
MD5...: f15988aa3743b6ab54b34b5d90dfa692
```



```
Файл jeur627.exe получен 2008.05.23 02:41:19 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.22.1	2008.05.22	-
AntiVir	7.8.0.19	2008.05.22	-
Authentium	5.1.0.4	2008.05.22	-
Avast	4.8.1195.0	2008.05.22	-
AVG	7.5.0.516	2008.05.22	-
BitDefender	7.2	2008.05.23	-
CAT-QuickHeal	9.50	2008.05.22	Trojan.Srizbi.ag
ClamAV	0.92.1	2008.05.22	-
DrWeb	4.44.0.09170	2008.05.23	-
eSafe	7.0.15.0	2008.05.22	-
eTrust-Vet	31.4.5814	2008.05.22	-
Ewido	4.0	2008.05.22	-
F-Prot	4.4.2.54	2008.05.16	-
Fortinet	3.14.0.0	2008.05.22	-
GData	2.0.7306.1023	2008.05.23	Trojan.Win32.Srizbi.ag
Ikarus	T3.1.1.26.0	2008.05.23	Virus.Trojan.Win32.Srizbi.ag
Kaspersky	7.0.0.125	2008.05.23	Trojan.Win32.Srizbi.ag
McAfee	5301	2008.05.22	-
Microsoft	1.3520	2008.05.23	-
NOD32v2	3124	2008.05.23	-
Norman	5.80.02	2008.05.22	-
Panda	9.0.0.4	2008.05.22	-
Prevx1	V2	2008.05.23	-
Rising	20.45.32.00	2008.05.22	-
Sophos	4.29.0	2008.05.22	-
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.23	-
TheHacker	6.2.92.318	2008.05.23	-
VBA32	3.12.6.6	2008.05.22	-
VirusBuster	4.3.26:9	2008.05.22	-
Webwasher-Gateway	6.6.2	2008.05.23	Win32.Malware.dam (suspicious)

Дополнительная информация
File size: 56088 bytes
MD5...: d97e63f2c5c659db19eaa3b3fc84725d
```




```
Файл jeur641.exe получен 2008.05.23 02:43:56 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.22.1	2008.05.22	-
AntiVir	7.8.0.19	2008.05.22	TR/Crypt.CD.7
Authentium	5.1.0.4	2008.05.22	-
Avast	4.8.1195.0	2008.05.22	-
AVG	7.5.0.516	2008.05.22	PSW.Agent.THE
BitDefender	7.2	2008.05.23	Trojan.Crypt.CD
CAT-QuickHeal	9.50	2008.05.22	TrojanPSW.Agent.alb
ClamAV	0.92.1	2008.05.22	-
DrWeb	4.44.0.09170	2008.05.23	-
eSafe	7.0.15.0	2008.05.22	Suspicious File
eTrust-Vet	31.4.5814	2008.05.22	Win32/VMalum.CYWO
Ewido	4.0	2008.05.22	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.22	Trojan-PSW.Win32.Agent.alb
Fortinet	3.14.0.0	2008.05.22	-
GData	2.0.7306.1023	2008.05.23	Trojan-PSW.Win32.Agent.alb
Ikarus	T3.1.1.26.0	2008.05.23	Trojan.Crypt.CD
Kaspersky	7.0.0.125	2008.05.23	Trojan-PSW.Win32.Agent.alb
McAfee	5301	2008.05.22	-
Microsoft	1.3520	2008.05.23	Trojan:Win32/Meredrop
NOD32v2	3124	2008.05.23	-
Norman	5.80.02	2008.05.22	-
Panda	9.0.0.4	2008.05.22	Trj/WoW.TZ
Prevx1	V2	2008.05.23	Malicious Software
Rising	20.45.32.00	2008.05.22	-
Sophos	4.29.0	2008.05.22	Mal/Generic-A
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.23	Infostealer
TheHacker	6.2.92.318	2008.05.23	Trojan/PSW.Agent.alb
VBA32	3.12.6.6	2008.05.22	-
VirusBuster	4.3.26:9	2008.05.22	-
Webwasher-Gateway	6.6.2	2008.05.23	Trojan.Crypt.CD.7

Дополнительная информация
File size: 65024 bytes
MD5...: 45ccb5b40703c5f365ba076553ab3d05
```



```
Файл jeur642.exe получен 2008.05.23 02:45:09 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.22.1	2008.05.22	-
AntiVir	7.8.0.19	2008.05.22	-
Authentium	5.1.0.4	2008.05.22	-
Avast	4.8.1195.0	2008.05.22	-
AVG	7.5.0.516	2008.05.22	-
BitDefender	7.2	2008.05.23	-
CAT-QuickHeal	9.50	2008.05.22	-
ClamAV	0.92.1	2008.05.22	-
DrWeb	4.44.0.09170	2008.05.23	-
eSafe	7.0.15.0	2008.05.22	-
eTrust-Vet	31.4.5814	2008.05.22	-
Ewido	4.0	2008.05.22	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.22	-
Fortinet	3.14.0.0	2008.05.22	-
GData	2.0.7306.1023	2008.05.23	-
Ikarus	T3.1.1.26.0	2008.05.23	-
Kaspersky	7.0.0.125	2008.05.23	-
McAfee	5301	2008.05.22	-
Microsoft	1.3520	2008.05.23	-
NOD32v2	3124	2008.05.23	-
Norman	5.80.02	2008.05.22	-
Panda	9.0.0.4	2008.05.22	Suspicious file
Prevx1	V2	2008.05.23	-
Rising	20.45.32.00	2008.05.22	-
Sophos	4.29.0	2008.05.22	-
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.23	-
TheHacker	6.2.92.318	2008.05.23	-
VBA32	3.12.6.6	2008.05.22	-
VirusBuster	4.3.26:9	2008.05.22	-
Webwasher-Gateway	6.6.2	2008.05.23	Win32.Malware.dam (suspicious)

Дополнительная информация
File size: 14881 bytes
MD5...: ac9d4545dfd8ec5c6a1cfa79f6f7a8a1
```


*Добавлено через 24 минуты*



```
Файл jeur345.exe получен 2008.05.23 03:11:27 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.22.1	2008.05.22	-
AntiVir	7.8.0.19	2008.05.22	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.05.22	-
Avast	4.8.1195.0	2008.05.22	-
AVG	7.5.0.516	2008.05.22	SHeur.BHTK
BitDefender	7.2	2008.05.23	-
CAT-QuickHeal	9.50	2008.05.22	(Suspicious) - DNAScan
ClamAV	0.92.1	2008.05.22	-
DrWeb	4.44.0.09170	2008.05.23	-
eSafe	7.0.15.0	2008.05.22	Suspicious File
eTrust-Vet	31.4.5814	2008.05.22	-
Ewido	4.0	2008.05.22	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.22	-
Fortinet	3.14.0.0	2008.05.22	W32/STRAT_GEN.3!worm
GData	2.0.7306.1023	2008.05.23	-
Ikarus	T3.1.1.26.0	2008.05.23	Trojan.Crypt.XPACK
Kaspersky	7.0.0.125	2008.05.23	-
McAfee	5301	2008.05.22	-
Microsoft	1.3520	2008.05.23	TrojanDropper:Win32/Srizbi.gen!D
NOD32v2	3124	2008.05.23	-
Norman	5.80.02	2008.05.22	-
Panda	9.0.0.4	2008.05.22	-
Prevx1	V2	2008.05.23	-
Rising	20.45.32.00	2008.05.22	-
Sophos	4.29.0	2008.05.22	Mal/EncPk-CK
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.23	-
TheHacker	6.2.92.318	2008.05.23	-
VBA32	3.12.6.6	2008.05.22	-
VirusBuster	4.3.26:9	2008.05.22	-
Webwasher-Gateway	6.6.2	2008.05.23	Trojan.Crypt.XPACK.Gen

Дополнительная информация
File size: 167936 bytes
MD5...: 9294b7367b75231e32fe38bdc765563d
```

----------


## [email protected]

Файл svchosts.exe получен 2008.05.22 04:35:42 (CET)
Текущий статус: закончено 
Результат: 8/32 (25.00%)
 Форматированные 
Печать результатов  Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.20.0	2008.05.21	-
*AntiVir	7.8.0.19	2008.05.21	TR/Crypt.XPACK.Gen*
Authentium	5.1.0.4	2008.05.21	-
Avast	4.8.1195.0	2008.05.21	-
AVG	7.5.0.516	2008.05.21	Pakes
*BitDefender	7.2	2008.05.22	Trojan.Spy.Wsnpoem.CH*
CAT-QuickHeal	9.50	2008.05.21	-
ClamAV	0.92.1	2008.05.22	-
DrWeb	4.44.0.09170	2008.05.21	-
*eSafe	7.0.15.0	2008.05.21	Suspicious File*
eTrust-Vet	31.4.5808	2008.05.21	-
Ewido	4.0	2008.05.21	-
F-Prot	4.4.2.54	2008.05.16	-
*F-Secure	6.70.13260.0	2008.05.22	Suspicious:W32/Malware!Gemini*
Fortinet	3.14.0.0	2008.05.22	-
GData	2.0.7306.1023	2008.05.22	-
Ikarus	T3.1.1.26.0	2008.05.22	-
Kaspersky	7.0.0.125	2008.05.22	-
*McAfee	5300	2008.05.21	Spy-Agent.bw.gen.e
Microsoft	1.3520	2008.05.22	PWS:Win32/Zbot.gen!E*
NOD32v2	3118	2008.05.21	-
Norman	5.80.02	2008.05.21	-
Panda	9.0.0.4	2008.05.22	-
Prevx1	V2	2008.05.22	-
Rising	20.45.22.00	2008.05.22	-
Sophos	4.29.0	2008.05.22	-
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.22	-
TheHacker	6.2.92.315	2008.05.21	-
VBA32	3.12.6.6	2008.05.21	-
VirusBuster	4.3.26:9	2008.05.21	-
*Webwasher-Gateway	6.6.2	2008.05.21	Trojan.Crypt.XPACK.G*en
Дополнительная информация
File size: 50688 bytes
MD5...: dbbc12952a8f0fec8eb0268f7223f66f
SHA1..: 05ca78a3e43797cb019f076f3e98a4d88f3c2a66
SHA256: e48c8448c1ec44a4b07fd26438455e4551d100dc19c7969905  5b9446c6acfdb6
SHA512: 17cb55fbd91428445dfbbc99f90a7689a1846f6f53f0124459  b2e9f30e8f518e
3dcfe6ce04de64921032288205dcf684d8de59de6097b8c8a8  0990d7a09fe339

----------


## Гриша

t=23264




> Файл avz00002.dta получен 2008.05.23 08:21:22 (CET)
> 
> Антивирус  	Версия  	Обновление  	Результат
> AhnLab-V3	2008.5.22.1	2008.05.23	-
> *AntiVir	7.8.0.19	2008.05.22	HEUR/Malware*
> Authentium	5.1.0.4	2008.05.22	-
> Avast	4.8.1195.0	2008.05.22	-
> AVG	7.5.0.516	2008.05.22	-
> BitDefender	7.2	2008.05.23	-
> ...





> Файл avz00003.dta получен 2008.05.23 08:21:55 (CET)
> 
> Антивирус  	Версия  	Обновление  	Результат
> AhnLab-V3	2008.5.22.1	2008.05.23	-
> *AntiVir	7.8.0.19	2008.05.22-HEUR/Malware*
> Authentium	5.1.0.4	2008.05.22	-
> Avast	4.8.1195.0	2008.05.22	-
> AVG	7.5.0.516	2008.05.22	-
> BitDefender	7.2	2008.05.23	-
> ...

----------


## Shu_b

```
File Temp\wmsetup.dll received on 05.23.2008 10:13:42 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.5.22.1	2008.05.23	-
AntiVir	7.8.0.19	2008.05.23	-
Authentium	5.1.0.4	2008.05.22	-
Avast	4.8.1195.0	2008.05.22	-
AVG	7.5.0.516	2008.05.22	-
BitDefender	7.2	2008.05.23	DeepScan:Generic.Malware.dld!!.8E2E18BD
CAT-QuickHeal	9.50	2008.05.22	-
ClamAV	0.92.1	2008.05.23	-
DrWeb	4.44.0.09170	2008.05.23	DLOADER.Trojan
eSafe	7.0.15.0	2008.05.22	-
eTrust-Vet	31.4.5814	2008.05.22	-
Ewido	4.0	2008.05.22	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.23	Trojan-Downloader.Win32.Murlo.nn
Fortinet	3.14.0.0	2008.05.23	-
GData	2.0.7306.1023	2008.05.23	Trojan-Downloader.Win32.Murlo.nn
Ikarus	T3.1.1.26.0	2008.05.23	-
Kaspersky	7.0.0.125	2008.05.23	Trojan-Downloader.Win32.Murlo.nn
McAfee	5301	2008.05.22	-
Microsoft	1.3520	2008.05.23	-
NOD32v2	3124	2008.05.23	-
Norman	5.80.02	2008.05.22	-
Panda	9.0.0.4	2008.05.22	-
Prevx1	V2	2008.05.23	-
Rising	20.45.32.00	2008.05.22	-
Sophos	4.29.0	2008.05.23	-
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.23	-
TheHacker	6.2.92.318	2008.05.23	-
VBA32	3.12.6.6	2008.05.22	-
VirusBuster	4.3.26:9	2008.05.22	-
Webwasher-Gateway	6.6.2	2008.05.23	-
Additional information
File size: 5632 bytes
```

----------


## mayas

> Result: 4/32 (12.5%)
> 
> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3	2008.5.22.1	2008.05.23	-
> AntiVir	7.8.0.19	2008.05.23	-
> Authentium	5.1.0.4	2008.05.23	-
> Avast	4.8.1195.0	2008.05.23	-
> AVG	7.5.0.516	2008.05.24	-
> BitDefender	7.2	2008.05.24	-
> ...



http://www.virustotal.com/analisis/5...afdd2e9655073b






> File ______________________.__.bat received on 05.25.2008 00:33:53 
> Result: 1/32 (3.13%)
> 
> Antivirus 	Version 	Last Update 	Result
> AhnLab-V3	2008.5.22.1	2008.05.23	-
> AntiVir	7.8.0.19	2008.05.24	-
> Authentium	5.1.0.4	2008.05.23	-
> Avast	4.8.1195.0	2008.05.24	-
> AVG	7.5.0.516	2008.05.24	-
> ...

----------


## Winsent

* name..: svchost.exe
* size..: 42496
* md5...: 2a0cfe442f8ac14b3b1d619597c87c1e
* sha1..: 04ef33ee52fb57009fb3fbd2935330e5ded5ecaf
* peid..: -

[ scan result ]
AhnLab-V3 2008.5.22.1/20080523 found nothing
*AntiVir 7.8.0.19/20080524 found [TR/Spy.Gen]
Authentium 5.1.0.4/20080523 found [W32/LdPinch.I.gen!Eldorado]*
Avast 4.8.1195.0/20080524 found nothing
*AVG 7.5.0.516/20080524 found [PSW.Ldpinch.11.BM]
BitDefender 7.2/20080525 found [Trojan.PWS.LdPinch.TMK]
CAT-QuickHeal 9.50/20080524 found [TrojanPSW.LdPinch.cdz]*
ClamAV 0.92.1/20080525 found nothing
DrWeb 4.44.0.09170/20080525 found nothing
eSafe 7.0.15.0/20080522 found nothing
eTrust-Vet 31.4.5817/20080523 found nothing
Ewido 4.0/20080524 found nothing
*F-Prot 4.4.4.56/20080523 found [W32/LdPinch.I.gen!Eldorado]
F-Secure 6.70.13260.0/20080523 found [LdPinch.gen1]*
Fortinet 3.14.0.0/20080524 found nothing
GData 2.0.7306.1023/20080523 found nothing
*Ikarus T3.1.1.26.0/20080525 found [MalwareScope.Trojan-PWS.Pinch.1]*
Kaspersky 7.0.0.125/20080525 found nothing
McAfee 5302/20080523 found nothing
*Microsoft 1.3520/20080525 found [PWS:Win32/Ldpinch.gen]*
NOD32v2 3128/20080523 found nothing
*Norman 5.80.02/20080523 found [LdPinch.gen1]*
Panda 9.0.0.4/20080524 found nothing
Prevx1 V2/20080525 found nothing
Rising 20.45.42.00/20080523 found nothing
*Sophos 4.29.0/20080524 found [Mal/Basine-C]*
Sunbelt 3.0.1123.1/20080517 found nothing
Symantec 10/20080525 found nothing
TheHacker 6.2.92.318/20080523 found nothing
*VBA32 3.12.6.6/20080524 found [MalwareScope.Trojan-PSW.Pinch.42]*
VirusBuster 4.3.26:9/20080524 found nothing
*Webwasher-Gateway 6.6.2/20080525 found [Trojan.Spy.Gen]*

----------


## [email protected]

> Файл avz00001.dta получен 2008.05.10 08:41:40 (CET)
> Текущий статус: закончено 
> Результат: 13/31 (41.94%)
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> AhnLab-V3	-	-	-
> *AntiVir	-	-	TR/Proxy.Small.MP*
> Authentium	-	-	-
> Avast	-	-	-
> ...





> Файл ieupdater.exe_ получен 2008.05.24 16:35:43 (CET)
> Текущий статус: закончено 
> Результат: 20/32 (62.50%)
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.5.22.1	2008.05.23	-
> *AntiVir	7.8.0.19	2008.05.24	TR/Dldr.Winlagons.KE*
> Authentium	5.1.0.4	2008.05.23	-
> Avast	4.8.1195.0	2008.05.23	-
> ...







> Файл avz00003.dta получен 2008.05.26 03:30:30 (CET)
> Текущий статус:   закончено 
> Результат: 16/32 (50%) 
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.5.22.1	2008.05.23	-
> *AntiVir	7.8.0.19	2008.05.25	TR/SubSys.DJ.2
> Authentium	5.1.0.4	2008.05.26	W32/Agent.AZ.gen!Eldorado*
> Avast	4.8.1195.0	2008.05.25	-
> ...


пока хватит) стоял McAfee думаю пора его на свалку)

[moderated: мартовские проверки наверное интересны, но не актуальны. Поэтому убраны.]

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## santy

Файл ntos.e получен 2008.05.27 13:24:46 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.22.1	2008.05.27	-
*AntiVir	7.8.0.19	2008.05.27	TR/Crypt.XPACK.Gen* 
Authentium	5.1.0.4	2008.05.26	-
*Avast	4.8.1195.0	2008.05.27	Win32bot-gen*
*AVG	7.5.0.516	2008.05.26	Pakes*
*BitDefender	7.2	2008.05.27	Trojan.Spy.Wsnpoem.CH*
CAT-QuickHeal	9.50	2008.05.26	-
ClamAV	0.92.1	2008.05.27	-
DrWeb	4.44.0.09170	2008.05.27	-
eSafe	7.0.15.0	2008.05.26	-
eTrust-Vet	31.4.5826	2008.05.27	-
Ewido	4.0	2008.05.27	-
*F-Prot	4.4.4.56	2008.05.26	W32/Zbot.G.gen!Eldorado*
*F-Secure	6.70.13260.0	2008.05.27	Suspicious:W32/Malware!Gemini*
Fortinet	3.14.0.0	2008.05.27	-
*GData	2.0.7306.1023	2008.05.27	Win32bot-gen*
Ikarus	T3.1.1.26.0	2008.05.27	-
Kaspersky	7.0.0.125	2008.05.27	-
McAfee	5303	2008.05.26	Spy-Agent.bw.gen.e
*Microsoft	1.3520	2008.05.27	PWS:Win32/Zbot.gen!E*
NOD32v2	3134	2008.05.27	-
Norman	5.80.02	2008.05.26	-
Panda	9.0.0.4	2008.05.27	-
Prevx1	V2	2008.05.27	-
Rising	20.46.12.00	2008.05.27	-
Sophos	4.29.0	2008.05.27	-
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.27	-
TheHacker	6.2.92.320	2008.05.26	-
VBA32	3.12.6.6	2008.05.27	-
VirusBuster	4.3.26:9	2008.05.26	-
*Webwasher-Gateway	6.6.2	2008.05.27	Trojan.Crypt.XPACK.Gen*

*Добавлено через 3 минуты*

Файл svchosts.exe получен 2008.05.27 13:14:05 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.22.1	2008.05.27	-
*AntiVir	7.8.0.19	2008.05.27	TR/Crypt.XPACK.Gen*
Authentium	5.1.0.4	2008.05.26	-
Avast	4.8.1195.0	2008.05.27	-
*AVG	7.5.0.516	2008.05.26	Pakes*
*BitDefender	7.2	2008.05.27	Trojan.Peed.Gen*
CAT-QuickHeal	9.50	2008.05.26	-
ClamAV	0.92.1	2008.05.27	-
DrWeb	4.44.0.09170	2008.05.27	-
*eSafe	7.0.15.0	2008.05.26	Suspicious File*
eTrust-Vet	31.4.5826	2008.05.27	-
Ewido	4.0	2008.05.27	-
*F-Prot	4.4.4.56	2008.05.26	W32/Zbot.G.gen!Eldorado*
*F-Secure	6.70.13260.0	2008.05.27	Suspicious:W32/Malware!Gemini*
Fortinet	3.14.0.0	2008.05.27	-
GData	2.0.7306.1023	2008.05.27	-
Ikarus	T3.1.1.26.0	2008.05.27	-
Kaspersky	7.0.0.125	2008.05.27	-
*McAfee	5303	2008.05.26	Spy-Agent.bw.gen.e*
*Microsoft	1.3520	2008.05.27	PWS:Win32/Zbot.gen!E*
NOD32v2	3134	2008.05.27	-
Norman	5.80.02	2008.05.26	-
Panda	9.0.0.4	2008.05.27	-
Prevx1	V2	2008.05.27	-
Rising	20.46.12.00	2008.05.27	-
Sophos	4.29.0	2008.05.27	-
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.27	-
TheHacker	6.2.92.320	2008.05.26	-
VBA32	3.12.6.6	2008.05.27	-
VirusBuster	4.3.26:9	2008.05.26	-
*Webwasher-Gateway	6.6.2	2008.05.27	Trojan.Crypt.XPACK.Gen*

----------


## ISO

Файл mstc.exe получен 2008.05.29 08:03:55 (CET)
Текущий статус:   закончено 
Результат: 19/32 (59.38%) 
 Форматированные 
Печать результатов  Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.29.0	2008.05.29	-
*AntiVir	7.8.0.19	2008.05.28	TR/Agent.5632.176
Authentium	5.1.0.4	2008.05.28	W32/Heuristic-210!Eldorado
Avast	4.8.1195.0	2008.05.29	Win32:Agent-TEN
AVG	7.5.0.516	2008.05.28	Downloader.Generic7.NYI
BitDefender	7.2	2008.05.29	DeepScan:Generic.Malware.dld!!.ED0C8AEA*
CAT-QuickHeal	9.50	2008.05.28	-
*ClamAV	0.92.1	2008.05.28	PUA.Packed.PEPack
DrWeb	4.44.0.09170	2008.05.28	Trojan.DownLoader.61999
eSafe	7.0.15.0	2008.05.28	suspicious Trojan/Worm*
eTrust-Vet	31.4.5831	2008.05.28	-
Ewido	4.0	2008.05.28	-
*F-Prot	4.4.4.56	2008.05.28	W32/Heuristic-210!Eldorado
F-Secure	6.70.13260.0	2008.05.29	W32/Downloader*
Fortinet	3.14.0.0	2008.05.29	-
*GData	2.0.7306.1023	2008.05.29	Win32:Agent-TEN
Ikarus	T3.1.1.26.0	2008.05.29	Backdoor.Win32.SdBot.XM*
Kaspersky	7.0.0.125	2008.05.29	-
*McAfee	5305	2008.05.28	Generic Downloader.x*
Microsoft	1.3520	2008.05.29	-
*NOD32v2	3142	2008.05.28	a variant of Win32/TrojanDownloader.Small.OAA
Norman	5.80.02	2008.05.28	W32/Downloader*
Panda	9.0.0.4	2008.05.28	-
*Prevx1	V2	2008.05.29	Cloaked Malware*
Rising	20.46.22.00	2008.05.28	-
*Sophos	4.29.0	2008.05.29	Mal/Generic-A*
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.29	-
TheHacker	6.2.92.322	2008.05.28	-
*VBA32	3.12.6.6	2008.05.28	Trojan.Win32.Small.avf*
VirusBuster	4.3.26:9	2008.05.28	-
*Webwasher-Gateway	6.6.2	2008.05.28	Trojan.Agent.5632.176*
Дополнительная информация
File size: 5632 bytes
MD5...: 75353afd20ef7b53b7eb205b4fffcc72
SHA1..: a5b9ee506980a948e24c1df05699980033de44ee
SHA256: cbdc6a611115c20419141bf62efdeba456454766475ed1f7d3  34e3a45b532a77
SHA512: 26876f97e787842020ea95b3b164b81817e4f292175a952d06  c8469966089bac
537cad8826c7cef96f7612e304b9ed8d9ba73091584f7bbbf5  d4b96beb318566
PEiD..: Crypto-Lock v2.02 (Eng) -> Ryan Thian
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40a080
timedatestamp.....: 0x48387199 (Sat May 24 19:50:49 200 :Cool: 
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x8000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x9000 0x2000 0x1200 7.55 e77f91e3af256a16123cf47f293ff431
UPX2 0xb000 0x1000 0x200 1.44 805117c88e7f7cf2e567ccb44fdabc8a

( 2 imports ) 
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess
> USER32.DLL: wsprintfA

( 0 exports ) 
packers (Authentium): UPX, PE-Pack, Aspack
Norman Sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Creating several executable files on hard-drive.
* File length: 5632 bytes.

С каким паролем на [email protected] отправлять файл?


Файл sy32.exe получен 2008.05.29 08:16:26 (CET)
Текущий статус:    закончено 
Результат: 15/32 (46.88%) 
 Форматированные 
Печать результатов  Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.29.0	2008.05.29	-
*AntiVir	7.8.0.19	2008.05.28	TR/Crypt.ULPM.Gen
Authentium	5.1.0.4	2008.05.28	W32/Heuristic-MUP!Eldorado
Avast	4.8.1195.0	2008.05.29	Win32:JunkPoly
AVG	7.5.0.516	2008.05.28	Worm/AutoRun.CC
BitDefender	7.2	2008.05.29	Packer.Malware.LDPinch.A*
CAT-QuickHeal	9.50	2008.05.28	-
ClamAV	0.92.1	2008.05.28	-
*DrWeb	4.44.0.09170	2008.05.28	Trojan.Inject.3265
eSafe	7.0.15.0	2008.05.28	suspicious Trojan/Worm*
eTrust-Vet	31.4.5831	2008.05.28	-
Ewido	4.0	2008.05.28	-
*F-Prot	4.4.4.56	2008.05.28	W32/Heuristic-MUP!Eldorado*
F-Secure	6.70.13260.0	2008.05.29	-
Fortinet	3.14.0.0	2008.05.29	-
*GData	2.0.7306.1023	2008.05.29	Win32:JunkPoly
Ikarus	T3.1.1.26.0	2008.05.29	Virus.Win32.JunkPoly
Kaspersky	7.0.0.125	2008.05.29	Heur.Invader
McAfee	5305	2008.05.28	New Malware.bl*
Microsoft	1.3520	2008.05.29	-
NOD32v2	3142	2008.05.28	-
Norman	5.80.02	2008.05.28	-
*Panda	9.0.0.4	2008.05.28	Suspicious file*
Prevx1	V2	2008.05.29	-
Rising	20.46.30.00	2008.05.29	-
*Sophos	4.29.0	2008.05.29	Mal/HckPk-A*
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.29	-
TheHacker	6.2.92.322	2008.05.28	-
VBA32	3.12.6.6	2008.05.28	-
VirusBuster	4.3.26:9	2008.05.28	-
*Webwasher-Gateway	6.6.2	2008.05.28	Trojan.Crypt.ULPM.Gen*
Дополнительная информация
File size: 12506 bytes
MD5...: 50803e2c00a35657dff5a6b581495472
SHA1..: f5e18c76c0bbf0fd7ed999c45602212a2595db6e
SHA256: 5525b395f1fbf374d12bb2049051d5390e0b6fb4ec71cb76ea  319fbafede9cbd
SHA512: a18c9557422080dd9e05fe2ff86e3070548495ca4cecfc88bf  77a0b534650e7e
4233a29ac8271db0ebb191c43c9311d534e869cacc711d6cc5  18e06298d58c51
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x408200
timedatestamp.....: 0x47ec14d6 (Thu Mar 27 21:42:46 200 :Cool: 
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x5000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x6000 0x2000 0x1c00 7.72 9a7c0330ddef28c50e4ffacfd1035d14
UPX2 0x8000 0x2000 0x10da 6.44 1aa4badbc4f2bbae4d2d5b5bc45eeabd

( 0 imports ) 

( 0 exports )

----------


## sergio342

Файл SuperMenuHook.dll получен 2008.05.29 13 :20: 26 (CET)
Он же baksm.dll, baksm.dat.

Антивирус Версия Обновление Результат 
AhnLab-V3 2008.5.29.0 2008.05.29 - 
AntiVir 7.8.0.19 2008.05.29 - 
Authentium 5.1.0.4 2008.05.28 - 
Avast 4.8.1195.0 2008.05.29 - 
AVG 7.5.0.516 2008.05.29 - 
BitDefender 7.2 2008.05.29 - 
CAT-QuickHeal 9.50 2008.05.28 - 
ClamAV 0.92.1 2008.05.29 - 
DrWeb 4.44.0.09170 2008.05.29 - 
eSafe 7.0.15.0 2008.05.28 - 
eTrust-Vet 31.4.5832 2008.05.29 - 
Ewido 4.0 2008.05.29 - 
F-Prot 4.4.4.56 2008.05.28 - 
*F-Secure 6.70.13260.0 2008.05.29 Trojan.Win32.Delf.ceh* 
Fortinet 3.14.0.0 2008.05.29 - 
*GData 2.0.7306.1023 2008.05.29 Trojan.Win32.Delf.ceh 
Ikarus T3.1.1.26.0 2008.05.29 Trojan.Delf.ceh 
Kaspersky 7.0.0.125 2008.05.29 Trojan.Win32.Delf.ceh* 
McAfee 5305 2008.05.28 - 
Microsoft 1.3520 2008.05.29 - 
NOD32v2 3143 2008.05.29 - 
Norman 5.80.02 2008.05.28 - 
Panda 9.0.0.4 2008.05.28 - 
Prevx1 V2 2008.05.29 - 
Rising 20.46.32.00 2008.05.29 - 
*Sophos 4.29.0 2008.05.29 Mal/Generic-A* 
Sunbelt 3.0.1123.1 2008.05.17 - 
Symantec 10 2008.05.29 - 
TheHacker 6.2.92.322 2008.05.28 - 
*VBA32 3.12.6.6 2008.05.29 Trojan.Win32.Delf.ceh* 
VirusBuster 4.3.26:9 2008.05.28 - 
*Webwasher-Gateway 6.6.2 2008.05.29 Win32.Malware.gen!84 (suspicious)* 
Дополнительная информация 
File size: 269824 bytes 
MD5...: 26a1592c74a90cfeadf3b00265b2e585

----------


## ISO

Файл delnew.exe получен 2008.05.29 14:47:24 (CET)
Текущий статус:   закончено 
Результат: 12/32 (37.5%) 
 Форматированные 
Печать результатов  Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.29.0	2008.05.29	-
*AntiVir	7.8.0.19	2008.05.29	TR/Crypt.XPACK.Gen*
Authentium	5.1.0.4	2008.05.28	-
*Avast	4.8.1195.0	2008.05.29	Win32:Rootkit-gen*
AVG	7.5.0.516	2008.05.29	-
*BitDefender	7.2	2008.05.29	GenPack:Trojan.Downloader.VB.VPQ
CAT-QuickHeal	9.50	2008.05.28	(Suspicious) - DNAScan*
ClamAV	0.92.1	2008.05.29	-
DrWeb	4.44.0.09170	2008.05.29	-
eSafe	7.0.15.0	2008.05.29	-
eTrust-Vet	31.4.5832	2008.05.29	-
Ewido	4.0	2008.05.29	-
*F-Prot	4.4.4.56	2008.05.28	W32/Heuristic-210!Eldorado*
F-Secure	6.70.13260.0	2008.05.29	-
Fortinet	3.14.0.0	2008.05.29	-
*GData	2.0.7306.1023	2008.05.29	Win32:Rootkit-gen
Ikarus	T3.1.1.26.0	2008.05.29	Generic.Trojan-Downloader.VB.VPQ*
Kaspersky	7.0.0.125	2008.05.29	-
McAfee	5305	2008.05.28	-
Microsoft	1.3520	2008.05.29	-
NOD32v2	3143	2008.05.29	-
Norman	5.80.02	2008.05.28	-
*Panda	9.0.0.4	2008.05.28	Suspicious file
Prevx1	V2	2008.05.29	Malicious Software*
Rising	20.46.32.00	2008.05.29	-
*Sophos	4.29.0	2008.05.29	Sus/UnkPacker*
Sunbelt	3.0.1123.1	2008.05.17	-
*Symantec	10	2008.05.29	Trojan Horse*
TheHacker	6.2.92.322	2008.05.28	-
VBA32	3.12.6.6	2008.05.29	-
VirusBuster	4.3.26:9	2008.05.28	-
*Webwasher-Gateway	6.6.2	2008.05.29	Trojan.Crypt.XPACK.Gen*
Дополнительная информация
File size: 7680 bytes
MD5...: ef182fa62c132dc33461d598817bf7b2
SHA1..: 8bee727773f0c680665bd6ddd8ec0e76aa8d65b9
SHA256: 2f7b07da01ffb42f037014e127713e656ed28de6349945d8fb  1d0c2104809ba7
SHA512: c00b6662ca7e7b5ce8d6c7bdc9a2df2f5bc5b37f46ff194f77  d2980019959343
217b67f85006ec13081959157d05130b89beb1c88ea25f6a9b  26d34f15c7e7ee
PEiD..: -
PEInfo: PE Structure information

----------


## rubin

```
AhnLab-V3	2008.5.29.0	2008.05.29	-
AntiVir	7.8.0.19	2008.05.29	Rkit/Agent.DU
Authentium	5.1.0.4	2008.05.28	-
Avast	4.8.1195.0	2008.05.29	-
AVG	7.5.0.516	2008.05.29	Win32/Agent
BitDefender	7.2	2008.05.29	Trojan.Dropper.Cutwail.O
CAT-QuickHeal	9.50	2008.05.28	-
ClamAV	0.92.1	2008.05.29	-
DrWeb	4.44.0.09170	2008.05.29	BackDoor.Bulknet.206
eSafe	7.0.15.0	2008.05.29	-
eTrust-Vet	31.4.5832	2008.05.29	-
Ewido	4.0	2008.05.29	-
F-Prot	4.4.4.56	2008.05.28	-
F-Secure	6.70.13260.0	2008.05.29	-
Fortinet	3.14.0.0	2008.05.29	-
GData	2.0.7306.1023	2008.05.29	-
Ikarus	T3.1.1.26.0	2008.05.29	-
Kaspersky	7.0.0.125	2008.05.29	-
McAfee	5305	2008.05.28	-
Microsoft	1.3520	2008.05.29	TrojanDownloader:Win32/Cutwail.S
NOD32v2	3144	2008.05.29	-
Norman	5.80.02	2008.05.28	-
Panda	9.0.0.4	2008.05.28	-
Prevx1	V2	2008.05.29	Malicious Software
Rising	20.46.32.00	2008.05.29	Trojan.Win32.Undef.gzl
Sophos	4.29.0	2008.05.29	Troj/Pushdo-Gen
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.29	Trojan.Pandex
TheHacker	6.2.92.322	2008.05.28	-
VBA32	3.12.6.6	2008.05.29	-
VirusBuster	4.3.26:9	2008.05.28	Trojan.DR.Pandex.Gen.4
Webwasher-Gateway	6.6.2	2008.05.29	Rootkit.Agent.DU
```

File size: 12800 bytes
MD5...: dd98e05c96d05463317e6d1683f987b5
SHA1..: af8164fea8d6c33e73834380578859260c515d3c
SHA256: c9bb0fd804756a26da196c6067ceee1ec041a1cb75aa9a253a  1487345121020c
SHA512: b4496dc9db7e475b33f29656fff9fcd7830215fee2468d3306  e6d6d2c5c008f3
6b44ebd03a2a681734a245e802f96c96f8d0d3039ff2e4fd12  7bfc67e234ef2f

----------


## Numb

Карантин из темы http://virusinfo.info/showthread.php?t=23675 (файл C:\WINDOWS\ikdogy.dll)


```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.29.0	2008.05.29	-
AntiVir	7.8.0.24	2008.05.29	TR/Drop.BHO.AS
Authentium	5.1.0.4	2008.05.28	-
Avast	4.8.1195.0	2008.05.29	-
AVG	7.5.0.516	2008.05.29	-
BitDefender	7.2	2008.05.29	Trojan.Delf.PFP
CAT-QuickHeal	9.50	2008.05.29	-
ClamAV	0.92.1	2008.05.29	-
DrWeb	4.44.0.09170	2008.05.29	-
eSafe	7.0.15.0	2008.05.29	suspicious Trojan/Worm
eTrust-Vet	31.4.5832	2008.05.29	Win32/Burgspill!generic
Ewido	4.0	2008.05.29	-
F-Prot	4.4.4.56	2008.05.29	-
F-Secure	6.70.13260.0	2008.05.29	-
Fortinet	3.14.0.0	2008.05.29	-
GData	2.0.7306.1023	2008.05.29	-
Ikarus	T3.1.1.26.0	2008.05.29	Trojan.Win32.Delflob.I
Kaspersky	7.0.0.125	2008.05.29	-
McAfee	5306	2008.05.29	-
Microsoft	None	2008.05.29	-
NOD32v2	3145	2008.05.29	-
Norman	5.80.02	2008.05.29	-
Panda	9.0.0.4	2008.05.29	-
Prevx1	V2	2008.05.29	-
Rising	20.46.32.00	2008.05.29	-
Sophos	4.29.0	2008.05.29	-
Sunbelt	3.0.1139.1	2008.05.29	-
Symantec	10	2008.05.29	Downloader.MisleadApp
TheHacker	6.2.92.322	2008.05.28	-
VBA32	3.12.6.6	2008.05.29	-
VirusBuster	4.3.26:9	2008.05.29	-
Webwasher-Gateway	6.6.2	2008.05.29	Trojan.Drop.BHO.AS
```

Дополнительная информация
File size: 252928 bytes
MD5...: 12d0f31177368f44abe6498b8d7bb1ce
SHA1..: fe641ca796277a11495d8640f553da052d42fb40
SHA256: d290ba1bc712e347a7cfd438918e339d0c88446cc2377b8e7e  cf2a7b750c5f54
SHA512: 067f8aab1d66a5c8cd5dd7faca0d821286a612a0dcac102f1b  02345f0ded8be8
92f2b99cf10d0bece1887a869ece8588a80bdbbe91bad7be96  4439866233fd16
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4b0f00
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
code 0x1000 0x75000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
text 0x76000 0x3c000 0x3b200 7.92 33a1131e4fc7cf09236f18884a09d4a5
.rsrc 0xb2000 0x3000 0x2600 3.89 cba5ec134b328951831923c4e7020692

( 9 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree
> advapi32.dll: RegCloseKey
> comctl32.dll: ImageList_Add
> gdi32.dll: SaveDC
> ole32.dll: OleDraw
> oleaut32.dll: VariantCopy
> shell32.dll: ShellExecuteA
> user32.dll: GetDC
> version.dll: VerQueryValueA

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX

----------


## Groft

> Файл bro.txt получен 2008.05.31 15:05:17 (CET)
> Текущий статус:   закончено 
> Результат: 11/31 (35.49%) 
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.5.30.1	2008.05.30	-
> *AntiVir	7.8.0.25	2008.05.30	PERL/Shellbot.BF*
> Authentium	5.1.0.4	2008.05.31	-
> Avast	4.8.1195.0	2008.05.31	-
> ...


http://www.virustotal.com/ru/analisi...b2c647b5ef2744



> Файл fuckkr.exe получен 2008.05.31 15:03:39 (CET)
> Текущий статус:   закончено 
> Результат: 13/31 (41.94%) 
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.5.30.1	2008.05.30	-
> *AntiVir	7.8.0.25	2008.05.30	HEUR/Malware*
> Authentium	5.1.0.4	2008.05.31	-
> Avast	4.8.1195.0	2008.05.31	-
> ...


http://www.virustotal.com/ru/analisi...264cabb624dd92



> Файл 2.doc получен 2008.05.31 15:06:32 (CET)
> Текущий статус:   закончено 
> Результат: 3/31 (9.68%) 
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.5.30.1	2008.05.30	-
> AntiVir	7.8.0.25	2008.05.30	-
> Authentium	5.1.0.4	2008.05.31	-
> *Avast	4.8.1195.0	2008.05.31	HTML:Iframe-gen*
> ...


http://www.virustotal.com/ru/analisi...906ec4053ea2ee

----------


## Groft

Типо кодек  :Smiley: 



> Файл MediaTubeCodec_ver1.1316.0.exe получен 2008.06.01 10:32:26 (CET)
> Текущий статус:   закончено 
> Результат: 7/31 (22.59%) 
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.5.30.1	2008.05.30	-
> AntiVir	7.8.0.26	2008.06.01	-
> Authentium	5.1.0.4	2008.06.01	-
> Avast	4.8.1195.0	2008.05.31	-
> ...


http://www.virustotal.com/ru/analisi...ca68e1648c4c45



> Файл opr00PLR.jpg получен 2008.06.01 14:28:11 (CET)
> Текущий статус:   закончено 
> Результат: 9/31 (29.04%) 
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.5.30.1	2008.05.30	-
> *AntiVir	7.8.0.26	2008.06.01	TR/Spy.Agent.96256*
> *Authentium	5.1.0.4	2008.06.01	W32/Trojan2.ASQE*
> Avast	4.8.1195.0	2008.05.31	-
> ...


http://www.virustotal.com/ru/analisi...cf84db1782817a

----------


## Surfer

AhnLab-V3 2008.5.30.1 2008.05.30 - 
AntiVir 7.8.0.26 2008.06.01 - 
Authentium 5.1.0.4 2008.06.01 - 
Avast 4.8.1195.0 2008.05.31 - 
AVG 7.5.0.516 2008.05.31 - 
BitDefender 7.2 2008.06.01 - 
*CAT-QuickHeal 9.50 2008.05.31 (Suspicious) - DNAScan*
ClamAV 0.92.1 2008.06.01 - 
DrWeb 4.44.0.09170 2008.06.01 - 
*eSafe 7.0.15.0 2008.05.29 Suspicious File*
eTrust-Vet 31.4.5837 2008.05.30 - 
Ewido 4.0 2008.06.01 - 
F-Prot 4.4.4.56 2008.05.31 - 
*F-Secure 6.70.13260.0 2008.06.01 Trojan-Downloader.Win32.QQHelper.bjx*
Fortinet 3.14.0.0 2008.06.01 - 
*GData 2.0.7306.1023 2008.06.01 Trojan-Downloader.Win32.QQHelper.bjx*
Ikarus T3.1.1.26.0 2008.06.01 - 
*Kaspersky 7.0.0.125 2008.06.01 Trojan-Downloader.Win32.QQHelper.bjx*
McAfee 5307 2008.05.30 - 
*Microsoft 1.3520 2008.06.01 Trojan:Win32/Tibs.gen!lds*
NOD32v2 3149 2008.05.31 - 
Norman 5.80.02 2008.05.30 - 
Panda 9.0.0.4 2008.06.01 - 
*Prevx1 V2 2008.06.01 Malicious Software*
Rising 20.46.62.00 2008.06.01 - 
*Sophos 4.29.0 2008.06.01 Mal/EncPk-DA*
Sunbelt 3.0.1139.1 2008.05.29 - 
Symantec 10 2008.06.01 - 
*VBA32 3.12.6.6 2008.06.01 MalwareScope.Worm.Nuwar-Glowa.1*
VirusBuster 4.3.26:9 2008.05.31 - 
*Webwasher-Gateway 6.6.2 2008.06.01 Worm.Win32.Malware.gen (suspicious)*


http://www.virustotal.com/analisis/e...387c048018494b

----------


## Shu_b

итоги мая:

----------


## ISO

Ещё один видеокодек
File space-codec5025.exe received on 06.02.2008 16:44:46 (CET)
Current status:   finished 
Result: 14/32 (43.75%) 
 Compact 
Print results  

```
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.5.30.1	2008.06.02	-
AntiVir	7.8.0.26	2008.06.02	DR/Dldr.DNSChanger.Gen
Authentium	5.1.0.4	2008.06.01	-
Avast	4.8.1195.0	2008.06.02	-
AVG	7.5.0.516	2008.06.02	DNSChanger.AA
BitDefender	7.2	2008.06.02	Dropped:Trojan.DNSChanger.SL
CAT-QuickHeal	9.50	2008.06.02	Win32.Trojan.DNSChanger.arn.5
ClamAV	0.92.1	2008.06.02	Trojan.Dropper-7527
DrWeb	4.44.0.09170	2008.06.02	Trojan.Starter.509
eSafe	7.0.15.0	2008.06.02	-
eTrust-Vet	31.4.5842	2008.06.02	-
Ewido	4.0	2008.06.02	-
F-Prot	4.4.4.56	2008.06.01	-
F-Secure	6.70.13260.0	2008.06.02	W32/Malware
Fortinet	3.14.0.0	2008.06.02	-
GData	2.0.7306.1023	2008.06.02	-
Ikarus	T3.1.1.26.0	2008.06.02	-
Kaspersky	7.0.0.125	2008.06.02	Trojan.Win32.DNSChanger.bov
McAfee	5307	2008.05.30	-
Microsoft	1.3520	2008.06.02	TrojanDropper:Win32/Alureon.D
NOD32v2	3152	2008.06.02	-
Norman	5.80.02	2008.05.30	W32/Malware
Panda	9.0.0.4	2008.06.02	-
Prevx1	V2	2008.06.02	Malware Dropper
Rising	20.47.02.00	2008.06.02	-
Sophos	4.29.0	2008.06.02	-
Sunbelt	3.0.1139.1	2008.05.29	-
Symantec	10	2008.06.02	Trojan.Zlob
TheHacker	6.2.92.331	2008.06.02	-
VBA32	3.12.6.6	2008.06.01	Trojan.Win32.DNSChanger
VirusBuster	4.3.26:9	2008.06.02	-
Webwasher-Gateway	6.6.2	2008.06.02	Trojan.Dropper.Dldr.DNSChanger.Gen
Additional information
File size: 237758 bytes
MD5...: 870f7380b0582945a5980ee7fb2dfb0a
```

SHA1..: a5040b41dbfdbb2d7b019fac783d0fdc74557784
SHA256: 898e41f72ec4dbf8e6b4806f689570968af0f338b49f4dc82f  41e145992cc727
SHA512: eb19aa22be67d940bf0c1a7f4453d04d4fc74e3d5141e2ee99  52dacf6556a414
8c221d28c89105b1c65348f31ada20add3a4c74e59671580af  2b84345644dd96

----------


## Groft

> Файл sfc_oe.dll получен 2008.06.03 00:21:57 (CET)
> Текущий статус:   закончено 
> Результат: 12/32 (37.5%) 
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.5.30.1	2008.06.02	-
> AntiVir	7.8.0.26	2008.06.02	-
> Authentium	5.1.0.4	2008.06.02	-
> *Avast	4.8.1195.0	2008.06.02	Win32:AutoRun-SD*
> ...


http://www.virustotal.com/ru/analisi...02394e33c06377

+ авторан к червю



> AhnLab-V3	2008.5.30.1	2008.06.02	-
> AntiVir	7.8.0.26	2008.06.02	-
> Authentium	5.1.0.4	2008.06.02	-
> Avast	4.8.1195.0	2008.06.02	-
> AVG	7.5.0.516	2008.06.02	-
> *BitDefender	7.2	2008.06.02	Worm.AutoRun.VCS*
> CAT-QuickHeal	9.50	2008.06.02	-
> ClamAV	0.92.1	2008.06.02	-
> DrWeb	4.44.0.09170	2008.06.02	-
> ...


http://www.virustotal.com/ru/analisi...4b4f18e882ae79

----------


## ZhIV

Два файла вирус вроде один результаты разные.

Файл svchosts.exe получен 2008.06.04 05:10:31 (CET)
Текущий статус:   закончено 
Результат: 17/32 (53.13%) 
 Форматированные 
Печать результатов  

```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.30.1	2008.06.03	-
AntiVir	7.8.0.26	2008.06.03	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.06.04	-
Avast	4.8.1195.0	2008.06.04	-
AVG	7.5.0.516	2008.06.04	Pakes
BitDefender	7.2	2008.06.04	Trojan.Spy.Zeus.1.Gen
CAT-QuickHeal	9.50	2008.06.03	TrojanSpy.Zbot.ccg
ClamAV	0.92.1	2008.06.04	Trojan.Zbot-941
DrWeb	4.44.0.09170	2008.06.03	Trojan.Proxy.3215
eSafe	7.0.15.0	2008.06.03	Suspicious File
eTrust-Vet	31.4.5845	2008.06.03	-
Ewido	4.0	2008.06.03	-
F-Prot	4.4.4.56	2008.06.04	W32/Zbot.G.gen!Eldorado
F-Secure	6.70.13260.0	2008.06.04	Trojan-Spy.Win32.Zbot.ccg
Fortinet	3.14.0.0	2008.06.04	-
GData	2.0.7306.1023	2008.06.04	Trojan-Spy.Win32.Zbot.ccg
Ikarus	T3.1.1.26.0	2008.06.04	-
Kaspersky	7.0.0.125	2008.06.04	Trojan-Spy.Win32.Zbot.ccg
McAfee	5309	2008.06.03	Spy-Agent.bw.gen.e
Microsoft	None	2008.06.04	-
NOD32v2	3156	2008.06.03	-
Norman	5.80.02	2008.06.03	W32/Zbot.TT
Panda	9.0.0.4	2008.06.04	-
Prevx1	V2	2008.06.04	-
Rising	20.47.12.00	2008.06.03	-
Sophos	4.29.0	2008.06.04	Mal/Generic-A
Sunbelt	3.0.1143.1	2008.06.03	-
Symantec	10	2008.06.04	-
TheHacker	6.2.92.333	2008.06.03	Trojan/Spy.Zbot.ccg
VBA32	3.12.6.7	2008.06.03	Trojan-Spy.Win32.Zbot.ccg
VirusBuster	4.3.26:9	2008.06.03	-
Webwasher-Gateway	6.6.2	2008.06.04	Trojan.Crypt.XPACK.Gen
Дополнительная информация
File size: 50688 bytes
MD5...: f4f387486cdbc09027f1bb05c3618b91
```

Еще один ntos

Файл ntos.exe получен 2008.06.04 05:30:56 (CET)
Текущий статус:   закончено 
Результат: 16/32 (50%) 
 Форматированные 
Печать результатов  

```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.30.1	2008.06.03	-
AntiVir	7.8.0.26	2008.06.03	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.06.04	-
Avast	4.8.1195.0	2008.06.04	Win32:Zbot-gen
AVG	7.5.0.516	2008.06.04	Pakes
BitDefender	7.2	2008.06.04	Trojan.Spy.Zeus.1.Gen
CAT-QuickHeal	9.50	2008.06.03	TrojanSpy.Zbot.ccg
ClamAV	0.92.1	2008.06.04	Trojan.Zbot-941
DrWeb	4.44.0.09170	2008.06.03	Trojan.Proxy.3215
eSafe	7.0.15.0	2008.06.03	-
eTrust-Vet	31.4.5845	2008.06.03	-
Ewido	4.0	2008.06.03	-
F-Prot	4.4.4.56	2008.06.04	W32/Zbot.G.gen!Eldorado
F-Secure	6.70.13260.0	2008.06.04	Trojan-Spy.Win32.Zbot.ccg
Fortinet	3.14.0.0	2008.06.04	-
GData	2.0.7306.1023	2008.06.04	Trojan-Spy.Win32.Zbot.ccg
Ikarus	T3.1.1.26.0	2008.06.04	-
Kaspersky	7.0.0.125	2008.06.04	Trojan-Spy.Win32.Zbot.ccg
McAfee	5309	2008.06.03	Spy-Agent.bw.gen.e
Microsoft	None	2008.06.04	-
NOD32v2	3156	2008.06.03	-
Norman	5.80.02	2008.06.03	W32/Zbot.TT
Panda	9.0.0.4	2008.06.04	-
Prevx1	V2	2008.06.04	-
Rising	20.47.12.00	2008.06.03	-
Sophos	4.29.0	2008.06.04	-
Sunbelt	3.0.1143.1	2008.06.03	-
Symantec	10	2008.06.04	-
TheHacker	6.2.92.333	2008.06.03	Trojan/Spy.Zbot.ccg
VBA32	3.12.6.7	2008.06.03	Trojan-Spy.Win32.Zbot.ccg
VirusBuster	4.3.26:9	2008.06.03	-
Webwasher-Gateway	6.6.2	2008.06.04	Trojan.Crypt.XPACK.Gen
Дополнительная информация
File size: 504320 bytes
MD5...: 9c87b6cd29418c82404ad5b4f81837a0
```

----------


## rubin

spools.exe



```
AhnLab-V3	2008.5.30.1	2008.06.04	-
AntiVir	7.8.0.26	2008.06.04	-
Authentium	5.1.0.4	2008.06.04	-
Avast	4.8.1195.0	2008.06.04	-
AVG	7.5.0.516	2008.06.04	SHeur.BMMO
BitDefender	7.2	2008.06.04	-
CAT-QuickHeal	9.50	2008.06.03	TrojanDownloader.Small.wiw
ClamAV	0.92.1	2008.06.04	-
DrWeb	4.44.0.09170	2008.06.04	Trojan.PWS.Pace.16
eSafe	7.0.15.0	2008.06.03	Suspicious File
eTrust-Vet	31.6.5847	2008.06.04	-
Ewido	4.0	2008.06.04	-
F-Prot	4.4.4.56	2008.06.04	-
F-Secure	6.70.13260.0	2008.06.04	-
Fortinet	3.14.0.0	2008.06.04	-
GData	2.0.7306.1023	2008.06.04	-
Ikarus	T3.1.1.26.0	2008.06.04	-
Kaspersky	7.0.0.125	2008.06.04	-
McAfee	5309	2008.06.03	-
Microsoft	1.3604	2008.06.04	-
NOD32v2	3157	2008.06.04	-
Norman	5.80.02	2008.06.03	-
Panda	9.0.0.4	2008.06.04	-
Prevx1	V2	2008.06.04	-
Rising	20.47.22.00	2008.06.04	-
Sophos	4.30.0	2008.06.04	-
Sunbelt	3.0.1144.1	2008.06.04	-
Symantec	10	2008.06.04	-
TheHacker	6.2.92.333	2008.06.03	-
VBA32	3.12.6.7	2008.06.03	Trojan-Downloader.Win32.Small.wiw
VirusBuster	4.3.26:9	2008.06.03	-
Webwasher-Gateway	6.6.2	2008.06.04	Win32.Malware.dam (suspicious)
```

File size: 35224 bytes
MD5...: b16e8c3cedb07b6c71497a1b9c71c792
SHA1..: 03086e3564d89c706c3c9300e5b9a8214c9e3ee0
SHA256: faa6e82c5faffa097ddbbb936661985939adb506c868fce309  5a0791c38e21cb
SHA512: 064558c5a09ec62d2e39c53d162f5424d16c81f73e38b24d59  4ed40fdddaa58f
c409c2686e935724ecc201c6458ca1082fac2b50efb82567d9  4b656aa95218b8

*Добавлено через 59 минут*

Файл xdhdg.dll_ получен 2008.06.04 14:21:13 (CET)



```
AhnLab-V3	2008.5.30.1	2008.06.04	-
AntiVir	7.8.0.26	2008.06.04	TR/Agent.7680
Authentium	5.1.0.4	2008.06.04	W32/Heuristic-KPP!Eldorado
Avast	4.8.1195.0	2008.06.04	Win32:OnLineGames-DJV
AVG	7.5.0.516	2008.06.04	PSW.OnlineGames.ARUJ
BitDefender	7.2	2008.06.04	Trojan.PWS.OnlineGames.YYB
CAT-QuickHeal	9.50	2008.06.03	-
ClamAV	0.92.1	2008.06.04	-
DrWeb	4.44.0.09170	2008.06.04	Trojan.PWS.Wsgame.origin
eSafe	7.0.15.0	2008.06.03	-
eTrust-Vet	31.6.5847	2008.06.04	Win32/KBHooker.B
Ewido	4.0	2008.06.04	-
F-Prot	4.4.4.56	2008.06.04	W32/Heuristic-KPP!Eldorado
F-Secure	6.70.13260.0	2008.06.04	-
Fortinet	3.14.0.0	2008.06.04	W32/OnLineGames.NBK!tr.pws
GData	2.0.7306.1023	2008.06.04	Win32:OnLineGames-DJV
Ikarus	T3.1.1.26.0	2008.06.04	Virus.Win32.Onlinegames.BBH
Kaspersky	7.0.0.125	2008.06.04	-
McAfee	5309	2008.06.03	-
Microsoft	1.3604	2008.06.04	Trojan:Win32/Hookja.A
NOD32v2	3157	2008.06.04	a variant of Win32/PSW.OnLineGames.NNV
Norman	5.80.02	2008.06.03	W32/Smalltroj.ESKT
Panda	9.0.0.4	2008.06.04	Suspicious file
Prevx1	V2	2008.06.04	-
Rising	20.47.22.00	2008.06.04	Trojan.PSW.Win32.ZhuXian.ht
Sophos	4.30.0	2008.06.04	Mal/Generic-A
Sunbelt	3.0.1144.1	2008.06.04	-
Symantec	10	2008.06.04	-
TheHacker	6.2.92.333	2008.06.03	-
VBA32	3.12.6.7	2008.06.03	suspected of Embedded.Trojan-PSW.Win32.OnLineGames.akvc
VirusBuster	4.3.26:9	2008.06.03	-
Webwasher-Gateway	6.6.2	2008.06.04	Trojan.Agent.7680
```

File size: 28304 bytes
MD5...: be7a62b5fe0d516de077385f3663da74
SHA1..: b31a4401b1d80bd4eee71ff27b35060875c18050
SHA256: 676a517348d7cb22329f80c555ccf178432bea5ec44a1e302a  40a1261e0e82bd
SHA512: b19ed3e11dc50eaed71b272f088538fc700795e90c32707b7a  1c3ebf0f4e654e
e6fb69a3a1adead6b338872b5c1926648c100b437237c5a266  2f27a45c497d99

Файл avz00010.dta получен 2008.06.04 14:19:18 (CET)



```
AhnLab-V3	2008.5.30.1	2008.06.04	-
AntiVir	7.8.0.26	2008.06.04	-
Authentium	5.1.0.4	2008.06.04	-
Avast	4.8.1195.0	2008.06.04	-
AVG	7.5.0.516	2008.06.04	-
BitDefender	7.2	2008.06.04	-
CAT-QuickHeal	9.50	2008.06.03	-
ClamAV	0.92.1	2008.06.04	Trojan.PWS.Wexd
DrWeb	4.44.0.09170	2008.06.04	-
eSafe	7.0.15.0	2008.06.03	-
eTrust-Vet	31.6.5847	2008.06.04	-
Ewido	4.0	2008.06.04	-
F-Prot	4.4.4.56	2008.06.04	-
F-Secure	6.70.13260.0	2008.06.04	-
Fortinet	3.14.0.0	2008.06.04	-
GData	2.0.7306.1023	2008.06.04	-
Ikarus	T3.1.1.26.0	2008.06.04	Trojan-Spy.Win32.Delf.FK
Kaspersky	7.0.0.125	2008.06.04	-
McAfee	5309	2008.06.03	-
Microsoft	1.3604	2008.06.04	-
NOD32v2	3157	2008.06.04	-
Norman	5.80.02	2008.06.03	-
Panda	9.0.0.4	2008.06.04	Suspicious file
Prevx1	V2	2008.06.04	-
Rising	20.47.22.00	2008.06.04	Trojan.Spy.PCAgent.35.dll
Sophos	4.30.0	2008.06.04	-
Sunbelt	3.0.1144.1	2008.06.04	-
Symantec	10	2008.06.04	-
TheHacker	6.2.92.333	2008.06.03	-
VBA32	3.12.6.7	2008.06.03	-
VirusBuster	4.3.26:9	2008.06.03	-
Webwasher-Gateway	6.6.2	2008.06.04	-
```

File size: 10240 bytes
MD5...: 05f1580bdd822c37edffd8655e582ba8
SHA1..: c8b8d34752600eaac5566e5dc68c3f21140bfdca
SHA256: b5b6051f2b5461ef329e5f2798417721b1a49d84f4e403277e  afda7ecb9617bd
SHA512: 709a5a2256e73b0429d649723414b43bff13fbc48f4fa12225  cdaa51851fc8ee
958db84aa8589bf7b6834c0c4b04ad39f29968e199ddb35909  94a4df1cc64692

Файл ThunderAdvise.dll_ получен 2008.06.04 14:21:20 (CET)



```
AntiVir	7.8.0.26	2008.06.04	ADSPY/Bho.daq
Authentium	5.1.0.4	2008.06.04	-
Avast	4.8.1195.0	2008.06.04	-
AVG	7.5.0.516	2008.06.04	-
BitDefender	7.2	2008.06.04	-
CAT-QuickHeal	9.50	2008.06.03	-
ClamAV	0.92.1	2008.06.04	-
DrWeb	4.44.0.09170	2008.06.04	Adware.ThunderAdvise.1
eSafe	7.0.15.0	2008.06.03	-
eTrust-Vet	31.6.5847	2008.06.04	-
Ewido	4.0	2008.06.04	-
F-Prot	4.4.4.56	2008.06.04	-
F-Secure	6.70.13260.0	2008.06.04	-
Fortinet	3.14.0.0	2008.06.04	-
GData	2.0.7306.1023	2008.06.04	-
Ikarus	T3.1.1.26.0	2008.06.04	-
Kaspersky	7.0.0.125	2008.06.04	-
McAfee	5309	2008.06.03	-
Microsoft	1.3604	2008.06.04	-
NOD32v2	3157	2008.06.04	Win32/Agent.QNW
Norman	5.80.02	2008.06.03	-
Panda	9.0.0.4	2008.06.04	-
Prevx1	V2	2008.06.04	Malicious Software
Rising	20.47.22.00	2008.06.04	-
Sophos	4.30.0	2008.06.04	-
Sunbelt	3.0.1144.1	2008.06.04	-
Symantec	10	2008.06.04	-
TheHacker	6.2.92.333	2008.06.03	-
VBA32	3.12.6.7	2008.06.03	-
VirusBuster	4.3.26:9	2008.06.03	-
Webwasher-Gateway	6.6.2	2008.06.04	Ad-Spyware.Bho.daq
```

File size: 45056 bytes
MD5...: cf84d56c3cb3e98e14e296c4c0774392
SHA1..: b298443fa23e32fcf34fa47ec2176abdca64e09f
SHA256: c823e5154b764fd02370d06a4a88538be1e00b419f0bf01eee  50cbbf46fdda54
SHA512: d8836fe48911d2c3a1835d7bdd0af3f770ca7eeae8df66464a  6b0926f36658e3
8c0c4de6c77efde6f2696895944f6445594f6eb9eb94b7b01d  94cf53d9fcb064


Файл sthth.dll_ получен 2008.06.04 14:21:34 (CET)



```
AhnLab-V3	2008.5.30.1	2008.06.04	-
AntiVir	7.8.0.26	2008.06.04	TR/Agent.7680
Authentium	5.1.0.4	2008.06.04	W32/Heuristic-KPP!Eldorado
Avast	4.8.1195.0	2008.06.04	Win32:OnLineGames-DJV
AVG	7.5.0.516	2008.06.04	Generic10.AGAW
BitDefender	7.2	2008.06.04	Trojan.PWS.OnlineGames.YYD
CAT-QuickHeal	9.50	2008.06.03	-
ClamAV	0.92.1	2008.06.04	-
DrWeb	4.44.0.09170	2008.06.04	Trojan.PWS.Wsgame.origin
eSafe	7.0.15.0	2008.06.03	-
eTrust-Vet	31.6.5847	2008.06.04	-
Ewido	4.0	2008.06.04	-
F-Prot	4.4.4.56	2008.06.04	W32/Heuristic-KPP!Eldorado
F-Secure	6.70.13260.0	2008.06.04	-
Fortinet	3.14.0.0	2008.06.04	W32/OnLineGames.NBK!tr.pws
GData	2.0.7306.1023	2008.06.04	Win32:OnLineGames-DJV
Ikarus	T3.1.1.26.0	2008.06.04	Virus.Win32.Onlinegames.BBH
Kaspersky	7.0.0.125	2008.06.04	-
McAfee	5309	2008.06.03	-
Microsoft	1.3604	2008.06.04	Trojan:Win32/Hookja.A
NOD32v2	3157	2008.06.04	probably a variant of Win32/Genetik
Norman	5.80.02	2008.06.03	W32/Smalldrp.ZGE
Panda	9.0.0.4	2008.06.04	Generic Malware
Prevx1	V2	2008.06.04	Malicious Software
Rising	20.47.22.00	2008.06.04	Trojan.PSW.Win32.GameOL.ntt
Sophos	4.30.0	2008.06.04	Mal/Dloadr-E
Sunbelt	3.0.1144.1	2008.06.04	-
Symantec	10	2008.06.04	-
TheHacker	6.2.92.333	2008.06.03	-
VBA32	3.12.6.7	2008.06.03	suspected of Embedded.Trojan-PSW.Win32.OnLineGames.akzq
VirusBuster	4.3.26:9	2008.06.03	-
Webwasher-Gateway	6.6.2	2008.06.04	Trojan.Agent.7680
```

File size: 32536 bytes
MD5...: b4fe1376c9cd6b798bffb3002b0a8f7a
SHA1..: 3470d082e729264421d93ae724123f6ae4354d28
SHA256: bbdb460d3bfcc3f371b908703b9195704121d47f886e66f882  8518d76226b4df
SHA512: 1e2a0e645e596d06f5e3dd0b524f742c2a1b00ca41f81cd4cd  f05b699304fa3a
9e19b4fedc0d3fa5f43995c61615eb6c8039caf7dfe8bb5081  919115d9d25484


Файл jmkcgt.dll_ получен 2008.06.04 14:21:39 (CET)


```
AhnLab-V3	2008.5.30.1	2008.06.04	-
AntiVir	7.8.0.26	2008.06.04	HEUR/Malware
Authentium	5.1.0.4	2008.06.04	-
Avast	4.8.1195.0	2008.06.04	Win32:OnLineGames-DJV
AVG	7.5.0.516	2008.06.04	PSW.OnlineGames.APFW
BitDefender	7.2	2008.06.04	Trojan.Loader.W
CAT-QuickHeal	9.50	2008.06.03	-
ClamAV	0.92.1	2008.06.04	-
DrWeb	4.44.0.09170	2008.06.04	Trojan.PWS.Wsgame.5167
eSafe	7.0.15.0	2008.06.03	-
eTrust-Vet	31.6.5847	2008.06.04	Win32/KBHooker.B
Ewido	4.0	2008.06.04	-
F-Prot	4.4.4.56	2008.06.04	-
F-Secure	6.70.13260.0	2008.06.04	-
Fortinet	3.14.0.0	2008.06.04	-
GData	2.0.7306.1023	2008.06.04	Win32:OnLineGames-DJV
Ikarus	T3.1.1.26.0	2008.06.04	Virus.Win32.OnLineGames.DJV
Kaspersky	7.0.0.125	2008.06.04	Trojan-PSW.Win32.OnLineGames.amms
McAfee	5309	2008.06.03	Generic PWS.y
Microsoft	1.3604	2008.06.04	PWS:Win32/OnLineGames.EO
NOD32v2	3157	2008.06.04	Win32/PSW.OnLineGames.NNV
Norman	5.80.02	2008.06.03	W32/Malware.CYHP
Panda	9.0.0.4	2008.06.04	-
Prevx1	V2	2008.06.04	Malicious Software
Rising	20.47.22.00	2008.06.04	Trojan.PSW.Win32.GameOL.nkn
Sophos	4.30.0	2008.06.04	-
Sunbelt	3.0.1144.1	2008.06.04	-
Symantec	10	2008.06.04	-
TheHacker	6.2.92.333	2008.06.03	-
VBA32	3.12.6.7	2008.06.03	Trojan.PWS.Wsgame.5167
VirusBuster	4.3.26:9	2008.06.03	-
Webwasher-Gateway	6.6.2	2008.06.04	Heuristic.Malware
```

File size: 7168 bytes
MD5...: 8d397035b053fe67520569c24b4aeb37
SHA1..: d57a68e51823f5e7f87ea01876cfed64e50b4225
SHA256: 89bacca4b22823cc2cee256860e4d434cb78c40dc83217290d  c294d8d26bf8f9
SHA512: 527c39ea3e450c99762e6727b510832f047b4656cd40fded2b  45012efc41c451
3e59ba168fc16219bc0a7e03ee7761dca00e3ca187dd61b1ac  a3d8a96623e483

*Добавлено через 1 час 5 минут*

Файл WinCtrl32.dll_ получен 2008.06.04 15:35:47 (CET)


```
AhnLab-V3	2008.5.30.1	2008.06.04	-
AntiVir	7.8.0.26	2008.06.04	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.06.04	-
Avast	4.8.1195.0	2008.06.04	Win32:Mutant-AL
AVG	7.5.0.516	2008.06.04	Win32/Agent
BitDefender	7.2	2008.06.04	Trojan.Dropper.Kobcka.C
CAT-QuickHeal	9.50	2008.06.03	-
ClamAV	0.92.1	2008.06.04	-
DrWeb	4.44.0.09170	2008.06.04	BackDoor.Bulknet.208
eSafe	7.0.15.0	2008.06.03	-
eTrust-Vet	31.6.5847	2008.06.04	-
Ewido	4.0	2008.06.04	Downloader.Mutant.ow
F-Prot	4.4.4.56	2008.06.02	W32/Downloader.Z1.gen!Eldorado
F-Secure	6.70.13260.0	2008.06.04	-
Fortinet	3.14.0.0	2008.06.04	-
GData	2.0.7306.1023	2008.06.04	Win32:Mutant-AL
Ikarus	T3.1.1.26.0	2008.06.04	Trojan-Dropper.Kobcka.C
Kaspersky	7.0.0.125	2008.06.04	-
McAfee	5309	2008.06.03	-
Microsoft	1.3604	2008.06.04	TrojanDownloader:Win32/Cutwail.S
NOD32v2	3157	2008.06.04	-
Norman	5.80.02	2008.06.04	-
Panda	9.0.0.4	2008.06.04	Trj/Agent.IWV
Prevx1	V2	2008.06.04	Malicious Software
Rising	20.47.22.00	2008.06.04	Trojan.Win32.Undef.hel
Sophos	4.30.0	2008.06.04	Troj/Dropr-M
Sunbelt	3.0.1144.1	2008.06.04	-
Symantec	10	2008.06.04	-
TheHacker	6.2.92.333	2008.06.03	-
VBA32	3.12.6.7	2008.06.03	-
VirusBuster	4.3.26:9	2008.06.03	Trojan.DR.Pandex.Gen.4
Webwasher-Gateway	6.6.2	2008.06.04	Trojan.Crypt.XPACK.Gen
```

File size: 14848 bytes
MD5...: e519c47fcd6e5d363ecb7d090cc1d501
SHA1..: 49ec52aeffda6216211f1d87bfd2fc0473fd0108
SHA256: a5448f32c473c07665f077227106a32cc0b037f93cae8d1c82  b58223617c4acf
SHA512: afa4fc1d3a88f73713c3737b6bced98298d936f7757f1cc609  04d3052b72b38d
82ffda458e4b27b2f90f0ccb5ce012552ee7a01470031255a2  89290169e708fc

----------


## Pili

Файл ps.exe получен 2008.06.05 16:50:14 (CET)


```
Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2008.5.30.1	2008.06.05	-
AntiVir	7.8.0.26	2008.06.05	W32/Sality
Authentium	5.1.0.4	2008.06.05	W32/Sality.AJ
Avast	4.8.1195.0	2008.06.05	-
AVG	7.5.0.516	2008.06.05	-
BitDefender	7.2	2008.06.05	Win32.Sality.NX
CAT-QuickHeal	9.50	2008.06.05	W32.Sality.T
ClamAV	0.92.1	2008.06.05	-
DrWeb	4.44.0.09170	2008.06.05	Win32.Sector.5
eSafe	7.0.15.0	2008.06.04	-
eTrust-Vet	31.6.5850	2008.06.05	Win32/Sality.W
Ewido	4.0	2008.06.05	-
F-Prot	4.4.4.56	2008.06.05	W32/Sality.AJ
F-Secure	6.70.13260.0	2008.06.05	W32/Sality.AA
Fortinet	3.14.0.0	2008.06.05	W32/Sality.Y
GData	2.0.7306.1023	2008.06.05	Virus.Win32.Sality.y
Ikarus	T3.1.1.26.0	2008.06.05	-
Kaspersky	7.0.0.125	2008.06.05	Virus.Win32.Sality.y
McAfee	5310	2008.06.04	W32/Sality.ae
Microsoft	1.3604	2008.06.05	Virus:Win32/Sality.AM
NOD32v2	3161	2008.06.05	Win32/Sality.NAO
Norman	5.80.02	2008.06.04	W32/Sality.AA
Panda	9.0.0.4	2008.06.05	W32/Sality.AE
Prevx1	V2	2008.06.05	-
Rising	20.47.32.00	2008.06.05	Win32.KUKU.a
Sophos	4.30.0	2008.06.05	W32/Sality-AM
Sunbelt	3.0.1145.1	2008.06.05	-
Symantec	10	2008.06.05	W32.Sality.AE
TheHacker	6.2.92.335	2008.06.05	-
VBA32	3.12.6.7	2008.06.05	Virus.Win32.Sality.z
VirusBuster	4.3.26:9	2008.06.04	Win32.Sality.AL
Webwasher-Gateway	6.6.2	2008.06.05	Win32.Sality
```

Дополнительная информация
File size: 263168 bytes
MD5...: 9e63eee8d0ce2d721d2bb8618fb530a0
SHA1..: aa52cfec1149b3c180ac98eac463b90a35f1a312
SHA256: ecd58f804b740b4695b2df07fdae9e6c043f46506145b70823  a855c0a7ce71e0
SHA512: fd8f8d82797c6c2ce5d00e985943cc09370edefea4d80608e9  527b967486f6df
db742e484dbbcfec7c4f5e2dacd8dba92225e6e9586e46071e  dd32dbff5d28de

----------


## maXmo

какой-то мощный руткит, в сейфмод не пущает, сопротивляется перезагрузкой.
http://www.virustotal.com/analisis/e...0020b5b8605a75


```
AhnLab-V3 	2008.5.30.1 	2008.06.05 	-
AntiVir 	7.8.0.26 	2008.06.06 	-
Authentium 	5.1.0.4 	2008.06.06 	-
Avast 	4.8.1195.0 	2008.06.06 	Win32:Srizbi
AVG 	7.5.0.516 	2008.06.06 	-
BitDefender 	7.2 	2008.06.06 	-
CAT-QuickHeal 	9.50 	2008.06.05 	-
ClamAV 	0.92.1 	2008.06.06 	-
DrWeb 	4.44.0.09170 	2008.06.06 	-
eSafe 	7.0.15.0 	2008.06.05 	-
eTrust-Vet 	31.6.5853 	2008.06.06 	-
Ewido 	4.0 	2008.06.05 	-
F-Prot 	4.4.4.56 	2008.06.05 	-
F-Secure 	6.70.13260.0 	2008.06.06 	Srizbi.gen1
Fortinet 	3.14.0.0 	2008.06.06 	-
GData 	2.0.7306.1023 	2008.06.06 	Win32:Srizbi
Ikarus 	T3.1.1.26.0 	2008.06.06 	Rootkit.Win32.Agent.ea
Kaspersky 	7.0.0.125 	2008.06.06 	-
McAfee 	5311 	2008.06.05 	-
Microsoft 	1.3604 	2008.06.06 	-
NOD32v2 	3163 	2008.06.06 	-
Norman 	5.80.02 	2008.06.05 	Srizbi.gen1
Panda 	9.0.0.4 	2008.06.05 	-
Prevx1 	V2 	2008.06.06 	-
Rising 	20.47.40.00 	2008.06.06 	-
Sophos 	4.30.0 	2008.06.06 	-
Sunbelt 	3.0.1145.1 	2008.06.05 	-
Symantec 	10 	2008.06.06 	-
TheHacker 	6.2.92.337 	2008.06.06 	-
VBA32 	3.12.6.7 	2008.06.05 	-
VirusBuster 	4.3.26:9 	2008.06.05 	-
Webwasher-Gateway 	6.6.2 	2008.06.06 	Win32.Malware.gen!80 (suspicious)
```

А не, вот исходный файл http://www.virustotal.com/ru/analisi...8b37a1b511c6de (я дамп анализировал)

----------


## rubin

```
AhnLab-V3	2008.5.30.1	2008.06.05	-
AntiVir	7.8.0.26	2008.06.06	TR/Spy.ZBot.DQ
Authentium	5.1.0.4	2008.06.06	-
Avast	4.8.1195.0	2008.06.06	-
AVG	7.5.0.516	2008.06.06	SHeur.BOPL
BitDefender	7.2	2008.06.06	Trojan.Spy.Zbot.DQ
CAT-QuickHeal	9.50	2008.06.05	-
ClamAV	0.92.1	2008.06.06	-
DrWeb	4.44.0.09170	2008.06.06	-
eSafe	7.0.15.0	2008.06.05	suspicious Trojan/Worm
eTrust-Vet	31.6.5853	2008.06.06	-
Ewido	4.0	2008.06.06	-
F-Prot	4.4.4.56	2008.06.05	-
F-Secure	6.70.13260.0	2008.06.06	-
Fortinet	3.14.0.0	2008.06.06	-
GData	2.0.7306.1023	2008.06.06	-
Ikarus	T3.1.1.26.0	2008.06.06	Trojan-Spy.Zbot.DQ
Kaspersky	7.0.0.125	2008.06.06	-
McAfee	5311	2008.06.05	-
Microsoft	1.3604	2008.06.06	Program:Win32/WinSpywareProtect
NOD32v2	3163	2008.06.06	-
Norman	5.80.02	2008.06.06	-
Panda	9.0.0.4	2008.06.05	-
Prevx1	V2	2008.06.06	Malicious Software
Rising	20.47.40.00	2008.06.06	-
Sophos	4.30.0	2008.06.06	-
Sunbelt	3.0.1145.1	2008.06.05	-
Symantec	10	2008.06.06	-
TheHacker	6.2.92.337	2008.06.06	-
VBA32	3.12.6.7	2008.06.05	-
VirusBuster	4.3.26:9	2008.06.05	-
Webwasher-Gateway	6.6.2	2008.06.06	Trojan.Spy.ZBot.DQ
```

File size: 41984 bytes
MD5...: 09328b8de2095606a6c6217c80ea5a31
SHA1..: f6912d765c8cf41f2e075bb0f1e16b0332674fa2
SHA256: f468c13432cb1ef2ee9f21af02595097174ac027febde1f158  0eb0f28475fed3
SHA512: 61f06479304040605a8048ea5e41fd85e14e1301d5bb44d3f9  540051bea46ba8
785ab15aff123f46129f50f6634e94b4b6aa5bbd73fcd0e59d  f96976d21d8900

*Добавлено через 24 минуты*

Файл c-setup.exe получен 2008.06.06 14:51:18 (CET)



```
AhnLab-V3	2008.5.30.1	2008.06.05	-
AntiVir	7.8.0.26	2008.06.06	ADSPY/Agent.dgn
Authentium	5.1.0.4	2008.06.06	-
Avast	4.8.1195.0	2008.06.06	-
AVG	7.5.0.516	2008.06.06	-
BitDefender	7.2	2008.06.06	-
CAT-QuickHeal	9.50	2008.06.05	-
ClamAV	0.92.1	2008.06.06	-
DrWeb	4.44.0.09170	2008.06.06	Trojan.MulDrop.16361
eSafe	7.0.15.0	2008.06.05	Suspicious File
eTrust-Vet	31.6.5853	2008.06.06	-
Ewido	4.0	2008.06.06	-
F-Prot	4.4.4.56	2008.06.05	W32/Delf.C.gen!Eldorado
F-Secure	6.70.13260.0	2008.06.06	Suspicious:W32/Malware!Gemini
Fortinet	3.14.0.0	2008.06.06	W32/Fake.B!tr.dldr
GData	2.0.7306.1023	2008.06.06	-
Ikarus	T3.1.1.26.0	2008.06.06	Trojan-Downloader.Win32.Chengtot.A
Kaspersky	7.0.0.125	2008.06.06	not-a-virus:AdWare.Win32.Agent.dgn
McAfee	5311	2008.06.05	Generic Downloader.c
Microsoft	1.3604	2008.06.06	-
NOD32v2	3163	2008.06.06	-
Norman	5.80.02	2008.06.06	W32/DLoader.HNHV
Panda	9.0.0.4	2008.06.05	Suspicious file
Prevx1	V2	2008.06.06	Malicious Software
Rising	20.47.40.00	2008.06.06	Dropper.Win32.DownLoader.c
Sophos	4.30.0	2008.06.06	Mal/Heuri-E
Sunbelt	3.0.1145.1	2008.06.05	-
Symantec	10	2008.06.06	-
TheHacker	6.2.92.337	2008.06.06	-
VBA32	3.12.6.7	2008.06.05	-
VirusBuster	4.3.26:9	2008.06.05	-
Webwasher-Gateway	6.6.2	2008.06.06	Ad-Spyware.Agent.dgn
```

File size: 86504 bytes
MD5...: d07ffc4e0032b76d0cde316a2dba5d79
SHA1..: 2e7e6791c4ba672417266083667615ceadb7d340
SHA256: db5fceceffa8290931461fee2ede382e297a32704614144aa1  6a9f4f4eb7cf77
SHA512: d58ad789a74b81ac95407550a292483f729f0323515148363a  acafcc8443d245
722ca638f9f07a18924123d5f482b12f515203895d12acabf1  995b88124767dc

*Добавлено через 4 минуты*

Файл setup_501_18_.exe получен 2008.06.06 14:57:53 (CET)


```
AhnLab-V3	2008.5.30.1	2008.06.05	-
AntiVir	7.8.0.26	2008.06.06	-
Authentium	5.1.0.4	2008.06.06	-
Avast	4.8.1195.0	2008.06.06	-
AVG	7.5.0.516	2008.06.06	SHeur.BOPI
BitDefender	7.2	2008.06.06	-
CAT-QuickHeal	9.50	2008.06.05	-
ClamAV	0.92.1	2008.06.06	-
DrWeb	4.44.0.09170	2008.06.06	-
eSafe	7.0.15.0	2008.06.05	suspicious Trojan/Worm
eTrust-Vet	31.6.5853	2008.06.06	-
Ewido	4.0	2008.06.06	-
F-Prot	4.4.4.56	2008.06.05	-
F-Secure	6.70.13260.0	2008.06.06	-
Fortinet	3.14.0.0	2008.06.06	-
GData	2.0.7306.1023	2008.06.06	-
Ikarus	T3.1.1.26.0	2008.06.06	-
Kaspersky	7.0.0.125	2008.06.06	-
McAfee	5311	2008.06.05	-
Microsoft	1.3604	2008.06.06	Program:Win32/WinSpywareProtect
NOD32v2	3163	2008.06.06	-
Norman	5.80.02	2008.06.06	-
Panda	9.0.0.4	2008.06.05	-
Prevx1	V2	2008.06.06	-
Rising	20.47.40.00	2008.06.06	-
Sophos	4.30.0	2008.06.06	-
Sunbelt	3.0.1145.1	2008.06.05	-
Symantec	10	2008.06.06	-
TheHacker	6.2.92.337	2008.06.06	-
VBA32	3.12.6.7	2008.06.05	-
VirusBuster	4.3.26:9	2008.06.05	-
Webwasher-Gateway	6.6.2	2008.06.06	-
```

File size: 37376 bytes
MD5...: 60de3eb6167c822e646c5d140571522a
SHA1..: 29837278414d61ed729ef1a57e7fac385357d70f
SHA256: 499b063d41c9afc4f43716576be008760bc96c6ce468fee70c  5d2dce5a161e58
SHA512: 76e673d9d5ed3ed4ed073ed72dc959e8225c4192aece8957c9  2bd4f2bf86dc25
3ac38fe6a82ae1d79e0671002c155bd84fcb36b89834424049  c7e61f04c24f70

----------


## senyak

Файл explorer.exe получен 2008.06.07 16:14:45 (CET)
Текущий статус: закончено 
Результат: 13/32 (40.62%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.5.30.1	2008.06.05	-
> *AntiVir	7.8.0.55	2008.06.06	TR/Hijack.Explor.4709*
> Authentium	5.1.0.4	2008.06.06	-
> *Avast	4.8.1195.0	2008.06.07	Win32:Afgan
> AVG	7.5.0.516	2008.06.07	Win32/Small.DO
> BitDefender	7.2	2008.06.07	Trojan.Inject.HP*
> CAT-QuickHeal	9.50	2008.06.07	-
> ClamAV	0.92.1	2008.06.07	-
> ...


Дополнительная информация
File size: 1057792 bytes
MD5...: e3673f60debcfb61abc0c932a23d1bde
SHA1..: 3647b3dbb7e072be7d8373656608458ec9bc0823
SHA256: 35539f95ce6c0ab4433ef38114c6d7912e71f1e82ca579f9fd  b6e0c0c40eecb6
SHA512: 25c267d23165179d1e3170f6ce11292d539a9021257c79ff84  cf4711c0b38db8
a99f1fb444f2d41c3b01328b59e12060087cae937e49adaa43  e2ed39f4fc94e6
PEiD..: -
PEInfo: PE Structure information

----------


## rubin

Файл avz00001.dta получен 2008.06.08 16:05:28 (CET)



```
AhnLab-V3	2008.5.30.1	2008.06.05	-
AntiVir	7.8.0.55	2008.06.06	-
Authentium	5.1.0.4	2008.06.08	W32/Threat-HLLSI-based!Maximus
Avast	4.8.1195.0	2008.06.08	Win32:Iespy-H
AVG	7.5.0.516	2008.06.07	PSW.Spy.D
BitDefender	7.2	2008.06.08	Trojan.Spy.IESpy.B
CAT-QuickHeal	9.50	2008.06.07	-
ClamAV	None	2008.06.08	-
DrWeb	4.44.0.09170	2008.06.08	-
eSafe	7.0.15.0	2008.06.05	suspicious Trojan/Worm
eTrust-Vet	31.6.5858	2008.06.08	Win32/Ramerl!generic
Ewido	4.0	2008.06.08	-
F-Prot	4.4.4.56	2008.06.08	W32/Threat-HLLSI-based!Maximus
F-Secure	6.70.13260.0	2008.06.08	W32/Horst.gen33
Fortinet	3.14.0.0	2008.06.08	-
GData	2.0.7306.1023	2008.06.08	Win32:Iespy-H
Ikarus	T3.1.1.26.0	2008.06.08	Virus.Win32.Iespy.H
Kaspersky	7.0.0.125	2008.06.08	-
McAfee	5312	2008.06.06	Downloader-ASL
Microsoft	1.3604	2008.06.08	TrojanSpy:Win32/Lespy.gen
NOD32v2	3165	2008.06.06	a variant of Win32/Spy.Iespy
Norman	5.80.02	2008.06.06	W32/Horst.gen33
Panda	9.0.0.4	2008.06.08	-
Prevx1	V2	2008.06.08	-
Rising	20.47.42.00	2008.06.06	-
Sophos	4.30.0	2008.06.08	-
Sunbelt	3.0.1145.1	2008.06.05	-
Symantec	10	2008.06.08	-
TheHacker	6.2.92.339	2008.06.07	-
VBA32	3.12.6.7	2008.06.08	-
VirusBuster	4.3.26:9	2008.06.08	Trojan.IESPy.Gen
Webwasher-Gateway	6.6.2	2008.06.08	Trojan.Downloader.Win32.Malware.gen (suspicious)
```

File size: 7680 bytes
MD5...: 0fbb92da51641ccb2da2fb03ae02bbd8
SHA1..: 35353055d08c8614390647eb328d990f13daa6a9
SHA256: d0b1f67a15448e444d9db68d1e018b4218c42d28e6d79f8d63  cef10f72970e5f
SHA512: 2e7fe650bb0fe5bcffa96857c642ede4aff009adadffa05c57  18354e37d56c9e
23540f97b25679273cd4b79d655bb1292a0ef8f39e7752afbc  555ac0253d4c64



Файл avz00002.dta получен 2008.06.08 16:05:48 (CET)


```
AhnLab-V3	2008.5.30.1	2008.06.05	-
AntiVir	7.8.0.55	2008.06.06	TR/Crypt.Morphine.Gen
Authentium	5.1.0.4	2008.06.08	W32/Heuristic-324!Eldorado
Avast	4.8.1195.0	2008.06.08	Win32:Daemonize-AI
AVG	7.5.0.516	2008.06.07	Packed.Morphine.C
BitDefender	7.2	2008.06.08	Packer.Morphine.B
CAT-QuickHeal	9.50	2008.06.07	Win32.Email-Worm.Bagle.pp02
ClamAV	0.92.1	2008.06.08	Trojan.Packed-86
DrWeb	4.44.0.09170	2008.06.08	BackDoor.Salidol
eSafe	7.0.15.0	2008.06.05	Suspicious File
eTrust-Vet	31.6.5858	2008.06.08	-
Ewido	4.0	2008.06.08	-
F-Prot	4.4.4.56	2008.06.08	W32/Heuristic-324!Eldorado
F-Secure	6.70.13260.0	2008.06.08	W32/Malware
Fortinet	3.14.0.0	2008.06.08	W32/NewThreat!Morphine
GData	2.0.7306.1023	2008.06.08	Win32:Daemonize-AI
Ikarus	T3.1.1.26.0	2008.06.08	-
Kaspersky	7.0.0.125	2008.06.08	-
McAfee	5312	2008.06.06	New Malware.cn
Microsoft	1.3604	2008.06.08	VirTool:Win32/Obfuscator.E
NOD32v2	3165	2008.06.06	a variant of Win32/TrojanProxy.Daemonize
Norman	5.80.02	2008.06.06	W32/Malware
Panda	9.0.0.4	2008.06.08	Suspicious file
Prevx1	V2	2008.06.08	-
Rising	20.47.42.00	2008.06.06	Packer.Win32.Morphine.a
Sophos	4.30.0	2008.06.08	Mal/TibsPak
Sunbelt	3.0.1145.1	2008.06.05	-
Symantec	10	2008.06.08	Backdoor.Trojan
TheHacker	6.2.92.339	2008.06.07	-
VBA32	3.12.6.7	2008.06.08	BackDoor.Salidol
VirusBuster	4.3.26:9	2008.06.08	Packed/Morphine.B
Webwasher-Gateway	6.6.2	2008.06.08	Trojan.Crypt.Morphine.Gen
```


File size: 44032 bytes
MD5...: 35ae0eb3a1737239f58df9d75fd2d7e8
SHA1..: e09dcd2c3987a396de27d8636365434b81046d27
SHA256: 8ff80abe936515d071bc8b7cf763ba685923880338421c3c8e  873d47cf8b1b3e
SHA512: 567ccf4b5d12ce5700614e3c12ba241c1788f35b2e3ddfc8e5  9f1333c1ef8a41
53f55be463e234de3de5f4f79ffef03cc7996b3b5346cda03c  c484363714eca3


PS: А на второй файл восьмерка ругается  :Smiley:  на ВТ нет

----------


## Surfer

штормег
File loveyou.exe received on 06.08.2008 17:06:34 (CET)

AhnLab-V3 2008.5.30.1 2008.06.05 - 
*AntiVir 7.8.0.55 2008.06.06 TR/Dropper.Gen*
Authentium 5.1.0.4 2008.06.08 - 
Avast 4.8.1195.0 2008.06.08 - 
AVG 7.5.0.516 2008.06.07 - 
*BitDefender 7.2 2008.06.08 Dropped:Trojan.Peed.PM*
*CAT-QuickHeal 9.50 2008.06.07 (Suspicious) - DNAScan*
ClamAV 0.92.1 2008.06.08 - 
*DrWeb 4.44.0.09170 2008.06.08 Trojan.DownLoader.62867*
*eSafe 7.0.15.0 2008.06.05 Suspicious File*
eTrust-Vet 31.6.5858 2008.06.08 - 
Ewido 4.0 2008.06.08 - 
F-Prot 4.4.4.56 2008.06.08 - 
*F-Secure 6.70.13260.0 2008.06.08 Email-Worm.Win32.Zhelatin.zy*
Fortinet 3.14.0.0 2008.06.08 - 
*GData 2.0.7306.1023 2008.06.08 Email-Worm.Win32.Zhelatin.zy
Ikarus T3.1.1.26.0 2008.06.08 Email-Worm.Win32.Zhelatin.zy
Kaspersky 7.0.0.125 2008.06.08 Email-Worm.Win32.Zhelatin.zy*
McAfee 5312 2008.06.06 - 
*Microsoft 1.3604 2008.06.08 Backdoor:Win32/Nuwar.A*
NOD32v2 3165 2008.06.06 - 
Norman 5.80.02 2008.06.06 - 
Panda 9.0.0.4 2008.06.08 - 
Prevx1 V2 2008.06.08 - 
Rising 20.47.42.00 2008.06.06 - 
*Sophos 4.30.0 2008.06.08 Mal/Dorf-N*
Sunbelt 3.0.1145.1 2008.06.05 - 
Symantec 10 2008.06.08 - 
TheHacker 6.2.92.339 2008.06.07 - 
VBA32 3.12.6.7 2008.06.08 - 
VirusBuster 4.3.26:9 2008.06.08 - 
*Webwasher-Gateway 6.6.2 2008.06.08 Trojan.Dropper.Gen*

http://www.virustotal.com/analisis/d...3386e6136efafb

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## senyak

Файл fadgfagsagasha получен 2008.06.08 22:07:43 (CET)
Текущий статус:   закончено 
Результат: 6/32 (18.75%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.5.30.1	2008.06.05	-
> *AntiVir	7.8.0.55	2008.06.06	HTML/Crypted.Gen*
> Authentium	5.1.0.4	2008.06.08	-
> Avast	4.8.1195.0	2008.06.08	-
> *AVG	7.5.0.516	2008.06.08	JS/Psyme.OX*
> BitDefender	7.2	2008.06.08	-
> CAT-QuickHeal	9.50	2008.06.07	-
> ClamAV	0.92.1	2008.06.08	-
> ...


Дополнительная информация
File size: 53633 bytes
MD5...: ff42f7edfcb680a02757974d76ef8431
SHA1..: 2b7550ef171194998b26e03087ec4388972bf994
SHA256: 595221ecb4d85e9b1b1289abcd66f1543b81cac3e512798074  5415de725a0a16
SHA512: 97316ab5d9d89cec9a0b52193b481c094afb224e6c86e1a090  2f746a773c8717
f5764de588b1af3d8ce9acdcd77c88482c0d0bedebfa5ce211  59ff2372a23c69
PEiD..: -
PEInfo: -

----------


## senyak

Файл commonforms.dll получен 2008.04.12 08:33:51 (CET)
Текущий статус: закончено 
Результат: 5/32 (15.62%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.4.12.0	2008.04.11	-
> AntiVir	7.6.0.85	2008.04.11	-
> Authentium	4.93.8	2008.04.11	-
> Avast	4.8.1169.0	2008.04.11	-
> AVG	7.5.0.516	2008.04.11	-
> *BitDefender	7.2	2008.04.12	Packer.RLPack.D*
> CAT-QuickHeal	9.50	2008.04.11	-
> ClamAV	0.92.1	2008.04.12	-
> ...


Дополнительная информация
Tamano archivo: 46653 bytes
MD5...: 6784c73e4b5e5ff74102ab13c5367e5a
SHA1..: 3087b1d702dd2e64f238abc3dc67cdf1ff6bbd50
SHA256: e32daffbc6ce0ead3f183067c644114a1e070d5675f3728129  6eb5aa65cd4a5f
SHA512: 4d8642a42c008f785f1d1090a6dac5a8a6dcda79e76574066b  3bc6e8893e4056
9fc47e8a9b56d7eb235f361dab33bcfce82f2106a1c486e0d7  869db2bc889abf
PEiD..: -
PEInfo: PE Structure information

----------


## Shu_b

t 24365



> File Jwoj68.sys received on 06.11.2008 08:46:16 (CET)
> Antivirus	Version	Last Update	Result
> AhnLab-V3	2008.6.11.0	2008.06.10	-
> *AntiVir	7.8.0.55	2008.06.11	TR/Rootkit.Gen*
> Authentium	5.1.0.4	2008.06.11	-
> *Avast	4.8.1195.0	2008.06.11	Win32:Rootkit-gen
> AVG	7.5.0.516	2008.06.10	Scagent.L
> BitDefender	7.2	2008.06.11	Rootkit.1269*
> CAT-QuickHeal	9.50	2008.06.10	-
> ...

----------


## senyak

Файл index.dre получен 2008.06.12 14:55:30 (CET)
Текущий статус:   закончено 
Результат: 6/32 (18.75%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.6.11.0	2008.06.12	-
> *AntiVir	7.8.0.55	2008.06.12	HEUR/HTML.Malware*
> Authentium	5.1.0.4	2008.06.12	-
> Avast	4.8.1195.0	2008.06.12	-
> AVG	7.5.0.516	2008.06.12	-
> BitDefender	7.2	2008.06.12	-
> CAT-QuickHeal	9.50	2008.06.11	-
> ClamAV	0.92.1	2008.06.12	-
> ...

----------


## senyak

Файл ieav.aae получен 2008.06.14 20:46:44 (CET)
Текущий статус:   закончено 
Результат: 8/32 (25%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.6.13.1	2008.06.13	-
> *AntiVir	7.8.0.55	2008.06.14	ADSPY/AdSpy.Gen*
> Authentium	5.1.0.4	2008.06.14	-
> Avast	4.8.1195.0	2008.06.14	-
> *AVG	7.5.0.516	2008.06.13	Potentially harmful program Fake_AntiSpCyware.SC*
> BitDefender	7.2	2008.06.14	-
> CAT-QuickHeal	9.50	2008.06.14	-
> ClamAV	0.92.1	2008.06.14	-
> ...


Дополнительная информация
File size: 741458 bytes
MD5...: 0c993166e2ace79ea7162a20e364fe48
SHA1..: 4781fcc0f0a63de75f4aabf8f2b741c2e7c4e670
SHA256: c57e8094653445cb0da99e2ddeed45044c2b8ff2b15bfda34f  d84d80ca04edc7
SHA512: f40ff6aa73a23598eb713c2c9f477b060b62525447c038e056  0a4ffc76a5050c
3e79ec5d898e0643c92f2826108032525e4c370db82df7e510  1d6d47a60d29f0
PEiD..: -
PEInfo: PE Structure information

----------


## senyak

Файл faff.rra получен 2008.06.15 14:32:41 (CET)
Текущий статус:    закончено 
Результат: 9/31 (29.04%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.6.13.1	2008.06.13	-
> *AntiVir	7.8.0.55	2008.06.14	HTML/Rce.Gen*
> Authentium	5.1.0.4	2008.06.14	-
> Avast	4.8.1195.0	2008.06.15	-
> AVG	7.5.0.516	2008.06.14	-
> BitDefender	7.2	2008.06.15	-
> CAT-QuickHeal	9.50	2008.06.14	-
> ClamAV	None	2008.06.15	-
> ...


Дополнительная информация
File size: 5822 bytes
MD5...: fe9cd17b68391a37a0d4878597b0398f
SHA1..: caf4a4c7345edf56c4886392971801b4c8d04d7e
SHA256: 0174a70dab5b7a7cbf7e2f04e1f75a476bc1ec0b851672db08  588b7bc6715ac7
SHA512: f6784ecac420d560478a2465de79fb9ef401e31636d49eec2c  f6a556ffdc0a55
ef91799c16afb7cb758535a925602f9bbb04cdb2e74ca3151b  a369b518ba7be0
PEiD..: -
PEInfo: -

*Добавлено через 2 минуты*

Файл faff.rra получен 2008.06.15 14:36:37 (CET)
Текущий статус:   закончено 
Результат: 10/32 (31.25%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.6.13.1	2008.06.13	-
> *AntiVir	7.8.0.55	2008.06.14	HTML/Rce.Gen*
> Authentium	5.1.0.4	2008.06.14	-
> Avast	4.8.1195.0	2008.06.15	-
> AVG	7.5.0.516	2008.06.14	-
> BitDefender	7.2	2008.06.15	-
> CAT-QuickHeal	9.50	2008.06.14	-
> ClamAV	0.92.1	2008.06.15	-
> ...


Дополнительная информация
File size: 5822 bytes
MD5...: fe9cd17b68391a37a0d4878597b0398f
SHA1..: caf4a4c7345edf56c4886392971801b4c8d04d7e
SHA256: 0174a70dab5b7a7cbf7e2f04e1f75a476bc1ec0b851672db08  588b7bc6715ac7
SHA512: f6784ecac420d560478a2465de79fb9ef401e31636d49eec2c  f6a556ffdc0a55
ef91799c16afb7cb758535a925602f9bbb04cdb2e74ca3151b  a369b518ba7be0
PEiD..: -
PEInfo: -

*Добавлено через 14 минут*

Файл 3913098.HEUR получен 2008.06.15 14:47:49 (CET)
Текущий статус:   закончено 
Результат: 13/32 (40.63%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.6.13.1	2008.06.13	-
> *AntiVir	7.8.0.55	2008.06.14	HEUR/Malware*
> Authentium	5.1.0.4	2008.06.14	-
> *Avast	4.8.1195.0	2008.06.15	Win32:Vapsup-EB*
> AVG	7.5.0.516	2008.06.14	-
> *BitDefender	7.2	2008.06.15	Trojan.Zlob.CMJ*
> CAT-QuickHeal	9.50	2008.06.14	-
> ClamAV	0.92.1	2008.06.15	-
> ...


Дополнительная информация
File size: 95751 bytes
MD5...: 6f99f52a5b9e11646803c85f67da7353
SHA1..: 8824e84aca7a3bf6ba6827dcf9cb4bcf851458d2
SHA256: 0947c0138c24cc26f07added00f455aeb6951a8ad57dc33320  c4752c829d9ce4
SHA512: 60bbfd546084ebf37942a2ac6fa4dbd5f52ba0969fbe6d327e  94c1329eb96a2c
eef3a7b1f09f02f34fd49008ce0a765f3ff113dff596311a72  65b224de8aea4c
PEiD..: -
PEInfo: PE Structure information



Файл MediaTubeCodec_ver1.1081.0.HEUR получен 2008.06.15 14:51:07 (CET)
Текущий статус:   закончено 
Результат: 6/32 (18.75%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.6.13.1	2008.06.13	-
> *AntiVir	7.8.0.55	2008.06.14	HEUR/Malware*
> Authentium	5.1.0.4	2008.06.14	-
> Avast	4.8.1195.0	2008.06.15	-
> AVG	7.5.0.516	2008.06.14	-
> BitDefender	7.2	2008.06.15	-
> CAT-QuickHeal	9.50	2008.06.14	-
> ClamAV	0.92.1	2008.06.15	-
> ...


Дополнительная информация
File size: 49152 bytes
MD5...: 7d8dfce1d1352f147139e0d8ad66d7ad
SHA1..: 3af5c4d0da120f9080cc18f315fdd0db67c1b115
SHA256: 39f7e9393868e0a44f400e047f2c279821b73d4321636308ce  d83304ecebce67
SHA512: f5fb186765cb7744ab4261336ea459cd9f9f9aa298e8ccc633  a8b7609a9afa66
65037f5cb3c59ce9739ee204dd85cf2603e04d5b459421854b  ade8757f0a9e6d
PEiD..: -
PEInfo: PE Structure information

----------


## Klara Zaharovna

Файл ieav.exe получен 2008.06.16 19:57:44 (CET)
Текущий статус: закончено
Результат: 5/33 (15.15%)



> AhnLab-V3 	2008.6.17.0 	2008.06.16 	-
> *AntiVir 	7.8.0.55 	2008.06.16 	ADSPY/AdSpy.Gen*
> Authentium 	5.1.0.4 	2008.06.16 	-
> Avast 	4.8.1195.0 	2008.06.15 	-
> AVG 	7.5.0.516 	2008.06.16 	-
> BitDefender 	7.2 	2008.06.16 	-
> CAT-QuickHeal 	9.50 	2008.06.16 	-
> ClamAV 	0.93.1 	2008.06.16 	-
> DrWeb 	4.44.0.09170 	2008.06.16 	-
> ...


Дополнительная информация
File size: 883862 bytes
MD5...: f792d002dae28937962dcffcdc52a4c3
SHA1..: 30595680e8f792a4101d749ecd4c023e8227ea95
SHA256: 1401a52a6886c7e10c19e6ef828027d5d8a75514e576b39aa0  5beffb55544ac5
SHA512: a1a905fc0be7a32b4b70ff72c33facbc7f37dc6b7393dae350  3e6e4b63be1338
e6e5d6e8080d3c132d754b0e8e70b39aec6b83bc46b7319abf  8e6ed8b302e97a



Файл avz00002.dta получен 2008.06.12 17:37:48 (CET)
Текущий статус: закончено
Результат: 16/32 (50.00%)




> AhnLab-V3 	- 	- 	-
> *AntiVir 	- 	- 	TR/Dldr.Small.uqc*
> Authentium 	- 	- 	-
> *Avast 	- 	- 	Win32:Small-LCP
> AVG 	- 	- 	Downloader.Generic7.ICK*
> BitDefender 	- 	- 	-
> *CAT-QuickHeal 	- 	- 	TrojanDownloader.Small.uqc*
> ClamAV 	- 	- 	-
> *DrWeb 	- 	- 	Trojan.DownLoader.58318*
> ...


Дополнительная информация
MD5: b1b399365142b8bc3ac3a02455a62542
SHA1: 905b87f5f2a8ea76ded66bd597ffffae753960c4
SHA256: 0829990aa8c9afd519f3e5348886a92fcb3eefa6e9749ba4b3  918282da7b45af
SHA512: e9643f232740a38af273f48fb695b4c5617525351eaf1d2425  84c4a5401184608c877dc2bf39c94337c670b0bf29c03ef794  126375ae8a57ae54e6fd004d06dc

----------


## santy

Файл vsdrv.exe получен 2008.06.19 08:16:36 (CET)
Результат: 4/33 (12.13%)

Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.6.19.0	2008.06.18	-
AntiVir	7.8.0.55	2008.06.18	-
Authentium	5.1.0.4	2008.06.18	-
Avast	4.8.1195.0	2008.06.18	-
AVG	7.5.0.516	2008.06.19	-
BitDefender	7.2	2008.06.19	-
*CAT-QuickHeal	9.50	2008.06.18	Trojan.Autoit.q*
ClamAV	0.93.1	2008.06.19	-
DrWeb	4.44.0.09170	2008.06.18	-
*eSafe	7.0.15.0	2008.06.18	suspicious Trojan/Worm*
eTrust-Vet	31.6.5886	2008.06.19	-
Ewido	4.0	2008.06.18	-
F-Prot	4.4.4.56	2008.06.18	-
F-Secure	6.70.13260.0	2008.06.18	-
Fortinet	3.14.0.0	2008.06.19	-
GData	2.0.7306.1023	2008.06.18	-
*Ikarus	T3.1.1.26.0	2008.06.19	Trojan-PWS.Win32.Agent.bn*
Kaspersky	7.0.0.125	2008.06.18	-
McAfee	5320	2008.06.18	-
Microsoft	1.3604	2008.06.19	-
NOD32v2	3198	2008.06.18	-
Norman	5.80.02	2008.06.17	-
Panda	9.0.0.4	2008.06.18	-
*Prevx1	V2	2008.06.19	Malicious Software*
Rising	20.49.30.00	2008.06.19	-
Sophos	4.30.0	2008.06.19	-
Sunbelt	3.0.1153.1	2008.06.15	-
Symantec	10	2008.06.19	-
TheHacker	6.2.92.354	2008.06.18	-
TrendMicro	8.700.0.1004	2008.06.19	-
VBA32	3.12.6.7	2008.06.19	-
VirusBuster	4.3.26:9	2008.06.12	-
Webwasher-Gateway	6.6.2	2008.06.19	-

Дополнительная информация
File size: 121089 bytes
MD5...: 52c3485c4b181163c13fcc4bd6a4505b
SHA1..: 9236e30b4e456724f33093b1e89cfce2067b7fcd
SHA256: 5f1a03465af2c1f2285903937594a0a1ae0b8b74e795271395  5fc7ea2d26fc5f
SHA512: b115a205fa524dffba818d8314854dfbdfc324c0bf5cc02612  ee2b8241315463<br>79fb9f269234c8c58358c636e7d295a0  08de4f5ba5c6017d075361debf7aa7d1

----------


## rubin

Файл blphc1s0j0elep.scr_ получен 2008.06.19 11:35:11 (CET)



```
AhnLab-V3	2008.6.19.0	2008.06.19	Win-AppCare/Xema.716800
AntiVir	7.8.0.55	2008.06.19	-
Authentium	5.1.0.4	2008.06.18	-
Avast	4.8.1195.0	2008.06.18	-
AVG	7.5.0.516	2008.06.19	-
BitDefender	7.2	2008.06.19	-
CAT-QuickHeal	9.50	2008.06.18	-
ClamAV	0.93.1	2008.06.19	-
DrWeb	4.44.0.09170	2008.06.19	-
eSafe	7.0.15.0	2008.06.18	suspicious Trojan/Worm
eTrust-Vet	31.6.5887	2008.06.19	-
Ewido	4.0	2008.06.18	-
F-Prot	4.4.4.56	2008.06.18	-
F-Secure	6.70.13260.0	2008.06.18	-
Fortinet	3.14.0.0	2008.06.19	Joke/Bluescreen
GData	2.0.7306.1023	2008.06.19	-
Ikarus	T3.1.1.26.0	2008.06.19	-
Kaspersky	7.0.0.125	2008.06.19	-
McAfee	5320	2008.06.18	potentially unwanted program Joke-Bluescreen
Microsoft	1.3604	2008.06.19	-
NOD32v2	3199	2008.06.19	-
Norman	5.80.02	2008.06.17	-
Panda	9.0.0.4	2008.06.18	-
Prevx1	V2	2008.06.19	-
Rising	20.49.32.00	2008.06.19	-
Sophos	4.30.0	2008.06.19	-
Sunbelt	3.0.1153.1	2008.06.15	-
Symantec	10	2008.06.19	-
TheHacker	6.2.92.354	2008.06.18	-
TrendMicro	8.700.0.1004	2008.06.19	-
VBA32	3.12.6.7	2008.06.19	-
VirusBuster	4.3.26:9	2008.06.12	-
Webwasher-Gateway	6.6.2	2008.06.19	-
```

File size: 60928 bytes
MD5...: 538f9ead95eba12134d95b4fe7082331
SHA1..: 527c50b92b5cededdd5b7e3edda71cb13d108dac
SHA256: a416bab39037854c14540edaaf80cff7b5f2e9db31eee23552  7574e8dedd54e6
SHA512: 4631ff7cf868348585ee0e26591b95be3ee8b232c7980f5013  f4464f285b0fbd
ef41794c44cb8653d6fb6dc815c0c0a9f4af780bfeb9b23d2f  4c3bdc62bf4581


Файл lphc1s0j0elep.exe_ получен 2008.06.19 11:38:29 (CET)


```
AhnLab-V3	2008.6.19.0	2008.06.19	-
AntiVir	7.8.0.55	2008.06.19	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.06.18	-
Avast	4.8.1195.0	2008.06.18	-
AVG	7.5.0.516	2008.06.19	Agent.WVI
BitDefender	7.2	2008.06.19	-
CAT-QuickHeal	9.50	2008.06.18	Trojan.Agent.rqr
ClamAV	0.93.1	2008.06.19	-
DrWeb	4.44.0.09170	2008.06.19	Trojan.Fakealert.767
eSafe	7.0.15.0	2008.06.18	Suspicious File
eTrust-Vet	31.6.5887	2008.06.19	-
Ewido	4.0	2008.06.18	-
F-Prot	4.4.4.56	2008.06.18	-
F-Secure	6.70.13260.0	2008.06.18	-
Fortinet	3.14.0.0	2008.06.19	-
GData	2.0.7306.1023	2008.06.19	-
Ikarus	T3.1.1.26.0	2008.06.19	-
Kaspersky	7.0.0.125	2008.06.19	-
McAfee	5320	2008.06.18	-
Microsoft	1.3604	2008.06.19	-
NOD32v2	3199	2008.06.19	-
Norman	5.80.02	2008.06.17	-
Panda	9.0.0.4	2008.06.18	-
Prevx1	V2	2008.06.19	-
Rising	20.49.32.00	2008.06.19	-
Sophos	4.30.0	2008.06.19	-
Sunbelt	3.0.1153.1	2008.06.15	-
Symantec	10	2008.06.19	-
TheHacker	6.2.92.354	2008.06.18	-
TrendMicro	8.700.0.1004	2008.06.19	PAK_Generic.001
VBA32	3.12.6.7	2008.06.19	Trojan.Win32.Tibs
VirusBuster	4.3.26:9	2008.06.12	-
Webwasher-Gateway	6.6.2	2008.06.19	Trojan.Crypt.XPACK.Gen
```

File size: 109056 bytes
MD5...: 8f6934a9183028d306e0e76f1de7129c
SHA1..: cb323df7bd3bda50dbff43369e8611d73add1c9b
SHA256: 3ac0e7adbaa6cae0197ddda3c7ab008ea5b00f1241b39abe6f  9fb47d838d5ef7
SHA512: f0f7d0c6672fe4d2d36396789d024c07b9b010f3cca9b6b808  7cd1a410cfd456
f6496151cc1df9dad9a88094cfc1fe71ffe56a14aa8108e7ed  6bc67b0f463f79

----------


## senyak

Файл MediaTubeCodec_ver1.1081.0.exe получен 2008.06.19 23:32:51 (CET)
Текущий статус:   закончено 
Результат: 6/33 (18.19%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.6.19.0	2008.06.19	-
> AntiVir	7.8.0.55	2008.06.19	-
> Authentium	5.1.0.4	2008.06.19	-
> Avast	4.8.1195.0	2008.06.19	-
> AVG	7.5.0.516	2008.06.19	-
> BitDefender	7.2	2008.06.19	-
> CAT-QuickHeal	9.50	2008.06.19	-
> ClamAV	0.93.1	2008.06.19	-
> ...


Дополнительная информация
File size: 45056 bytes
MD5...: b6322a66db179dabdc094780f2eae7b1
SHA1..: 940a249529f566b84f5c8a84af316dac0cb4ccca
SHA256: 52bb6e3d8db6f82cd766bbf40587883f28b1fc7481e6be7bbb  f710f254d9079c
SHA512: 38bcaaec85c4cfaf147c94a718d35bf088bb26d68b1a023b98  7fe042773efa7f
c25423c2ca0add46cfc3a6ab57bbd2252d0dc77f42f33ff177  488f32fae86cc9
PEiD..: -
PEInfo: PE Structure information



Файл 3913098.mru получен 2008.06.19 23:36:29 (CET)
Текущий статус:   закончено 
Результат: 11/33 (33.34%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.6.19.0	2008.06.19	-
> *AntiVir	7.8.0.55	2008.06.19	HEUR/Malware*
> Authentium	5.1.0.4	2008.06.19	-
> *Avast	4.8.1195.0	2008.06.19	Win32:Vapsup-EB*
> AVG	7.5.0.516	2008.06.19	-
> BitDefender	7.2	2008.06.19	-
> CAT-QuickHeal	9.50	2008.06.19	-
> ClamAV	0.93.1	2008.06.19	-
> ...


Дополнительная информация
File size: 41479 bytes
MD5...: 34c4dea4ff3e95118e39766409b2bb8b
SHA1..: cd026c57ac0f59ce9676180b0b236154b8fb00a9
SHA256: ceaaee7135e068b5291f4ab4a44fd167147173058458132a96  919b2a4d0692a6
SHA512: a4f3b99f1a1fe21932fd2774cfd243ffc4935018c2f43ed56d  501aad4b010f27
57758fc11206960673d1c3a922504b98a5e9c21cdd01bc8114  cc394ffb55d82b
PEiD..: -
PEInfo: PE Structure information



Файл player.bbn получен 2008.06.19 23:38:46 (CET)
Текущий статус:   закончено 
Результат: 8/33 (24.25%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.6.19.0	2008.06.19	-
> *AntiVir	7.8.0.55	2008.06.19	HEUR/HTML.Malware
> Authentium	5.1.0.4	2008.06.19	JS/Agent.CF*
> Avast	4.8.1195.0	2008.06.19	-
> AVG	7.5.0.516	2008.06.19	-
> *BitDefender	7.2	2008.06.19	Trojan.Html.Zlob.L
> CAT-QuickHeal	9.50	2008.06.19	HTM/Zlob.GEN.2*
> ClamAV	0.93.1	2008.06.19	-
> ...


Дополнительная информация
File size: 11164 bytes
MD5...: b96fbb6a705d23417a42811f8ecd052f
SHA1..: 204c0b0427bbe6947b3cccd5a6386a0cb4a95919
SHA256: 1ddd8490d394cc58a33eaecb35c5f66cacd958805ae30c3fd4  f88b96139fb5e0
SHA512: 3d0285c55aedb9581e81cc4ed39cc9e420ed372c25733c2047  494942f7dc78ca
367b2e7f7b9af4e7d15ab3da5cf0be0516e79bbed05b34e37b  b6fd37ece582f4
PEiD..: -
PEInfo: -



Файл AntiMalwareGuard_Free.exe получен 2008.06.19 23:42:05 (CET)
Текущий статус:    закончено 
Результат: 8/33 (24.25%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.6.19.0	2008.06.19	-
> AntiVir	7.8.0.55	2008.06.19	-
> *Authentium	5.1.0.4	2008.06.19	W32/180Solutions.A.gen!Eldorado*
> Avast	4.8.1195.0	2008.06.19	-
> *AVG	7.5.0.516	2008.06.19	Potentially harmful program Fake_AntiSpyware.WD*
> BitDefender	7.2	2008.06.19	-
> CAT-QuickHeal	9.50	2008.06.19	-
> ClamAV	0.93.1	2008.06.19	-
> ...


Дополнительная информация
File size: 569296 bytes
MD5...: 1f69605864805e5dd14e6f08725ad150
SHA1..: f2568a69b912b40a6e8e41ecc417b5264000b2f9
SHA256: fa778632ecbe48d93bdb6d460ff649b08b24f26f397cb56b05  243bf696c0ecee
SHA512: 956af5bb001fd067903cff58cfb613d18fa8647b676835225a  6241a71f3c52f3
328a8c0c51ec8d947eced32b84347f6577c6c8d18540d58df7  00df37213be20c
PEiD..: ASPack v2.12
PEInfo: PE Structure information

*Добавлено через 1 час 6 минут*

Файл 13445.raw получен 2008.06.20 00:47:38 (CET)
Текущий статус:   закончено 
Результат: 8/33 (24.25%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.6.19.0	2008.06.19	-
> *AntiVir	7.8.0.55	2008.06.19	HEUR/HTML.Malware*
> Authentium	5.1.0.4	2008.06.19	-
> Avast	4.8.1195.0	2008.06.19	-
> *AVG	7.5.0.516	2008.06.19	Downloader.Agent*
> BitDefender	7.2	2008.06.19	-
> CAT-QuickHeal	9.50	2008.06.19	-
> ClamAV	0.93.1	2008.06.19	-
> ...


Дополнительная информация
File size: 62170 bytes
MD5...: 560fb08e250c16d5dab395ad7be5bc73
SHA1..: 9d7a427f7cade6f32d1300a549d77a1b171b1b6c
SHA256: 1372559e77c2a56e76eb3cdd8ce92ce1ca396b555d24919a3a  f03c34971d4af8
SHA512: bcb2c77a00de47e49a97e504a71ab3839e388409754b3672e3  de210679586c03
f2136444d600a2806251dfb550971a95c13c9d0f7350a54d94  3b97316da9ca29
PEiD..: -
PEInfo: -

----------


## senyak

Файл 1314252567 получен 2008.06.22 01:26:57 (CET)
Текущий статус:   закончено 
Результат: 8/33 (24.25%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.6.22.0	2008.06.22	-
> *AntiVir	7.8.0.59	2008.06.21	HEUR/HTML.Malware
> Authentium	5.1.0.4	2008.06.21	JS/Agent.CF*
> Avast	4.8.1195.0	2008.06.21	-
> AVG	7.5.0.516	2008.06.21	-
> *BitDefender	7.2	2008.06.22	Trojan.Html.Zlob.L
> CAT-QuickHeal	9.50	2008.06.20	HTM/Zlob.GEN.2*
> ClamAV	0.93.1	2008.06.22	-
> ...


Дополнительная информация
File size: 11162 bytes
MD5...: 86fbaeacdabd52dd03de5d33d2fab7b8
SHA1..: daf01763b5cf6d6bf07ce387825d0d423311bac8
SHA256: d46aca660eed7b191ae38af51283df2252b500d2124dc44d2e  e7cf5005b2f0d1
SHA512: d24d09b5e82208c0104e3096f510415057b7237396cf5e334f  17483cfe411555
049a1a51d2aff25de34d99c361b7d567e7b214550daabb89d1  6e5fefb5da3125
PEiD..: -
PEInfo: -



Файл 3913119.exe получен 2008.06.22 01:30:11 (CET)
Текущий статус:   закончено 
Результат: 13/33 (39.4%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.6.22.0	2008.06.22	-
> *AntiVir	7.8.0.59	2008.06.21	HEUR/Malware*
> Authentium	5.1.0.4	2008.06.21	-
> *Avast	4.8.1195.0	2008.06.21	Win32:Vapsup-EB*
> AVG	7.5.0.516	2008.06.21	-
> BitDefender	7.2	2008.06.22	-
> CAT-QuickHeal	9.50	2008.06.20	-
> ClamAV	0.93.1	2008.06.22	-
> ...


Дополнительная информация
File size: 41991 bytes
MD5...: 828497f035205a1a1e9dc228b78a2563
SHA1..: a1a16e4d3c3e53b05605c54bd0384554b064d278
SHA256: 33f8730bb8a7caa27a70cf12004e4398d6d83ba1f5400bf030  2383e055a696ae
SHA512: e2f8432d2060bb0dbb3aff429d7916098419d91f03fc2dc77d  a45dfb8684cb20
67f90f319a0d3847e62f1326627684332cb8235cd60194385b  7b8d65c0b523ce
PEiD..: -
PEInfo: PE Structure information

----------


## senyak

Файл MediaTubeCodec_ver1.775.0.mru получен 2008.06.23 09:43:34 (CET)
Текущий статус:   закончено 
Результат: 4/33 (12.13%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.6.22.0	2008.06.23	-
> AntiVir	7.8.0.59	2008.06.23	-
> Authentium	5.1.0.4	2008.06.21	-
> Avast	4.8.1195.0	2008.06.23	-
> AVG	7.5.0.516	2008.06.22	-
> BitDefender	7.2	2008.06.23	-
> CAT-QuickHeal	9.50	2008.06.20	-
> ClamAV	0.93.1	2008.06.23	-
> ...


Дополнительная информация
File size: 49152 bytes
MD5...: 6ae339674c46d24693657b8f8b31791d
SHA1..: 9f9013ef52cef181925dc9318b60d8f2b703e09c
SHA256: a2e2cf2ae2fe5e8049dfc0c9d608e7f7d0a84227b944b2f89b  11c01a216901b2
SHA512: 38d1b039b4d10744074a9b9bbe2358a5ab1759e9489b744a4c  974e9bf3e35a70
de47c6ceb52f43a27d08297d4036145dc2250de1298806e62b  5054d9b18bce33
PEiD..: -
PEInfo: PE Structure information

----------


## [email protected]

Файл exss430.exe получен 2008.06.24 09:59:21 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.6.24.0	2008.06.24	-
*AntiVir	7.8.0.59	2008.06.23	DR/Dldr.DNSChanger.Gen*
Authentium	5.1.0.4	2008.06.24	-
*Avast	4.8.1195.0	2008.06.23	Win32NSChanger-VR*
*AVG	7.5.0.516	2008.06.24	DNSChanger.AE*
BitDefender	7.2	2008.06.24	-
CAT-QuickHeal	9.50	2008.06.23	-
ClamAV	0.93.1	2008.06.24	-
DrWeb	4.44.0.09170	2008.06.24	-
eSafe	7.0.15.0	2008.06.23	-
eTrust-Vet	31.6.5897	2008.06.23	-
Ewido	4.0	2008.06.23	-
F-Prot	4.4.4.56	2008.06.23	-
*F-Secure	7.60.13501.0	2008.06.20	Trojan.Win32.DNSChanger.dmt
Fortinet	3.14.0.0	2008.06.24	W32/DNSChanger.0513!tr*
GData	2.0.7306.1023	2008.06.24	-
*Ikarus	T3.1.1.26.0	2008.06.24	Virus.Trojan.Win32.DNSChanger.chg*
*Kaspersky	7.0.0.125	2008.06.24	Trojan.Win32.DNSChanger.erp*
McAfee	5323	2008.06.23	-
Microsoft	None	2008.06.24	-
NOD32v2	3211	2008.06.24	-
Norman	5.80.02	2008.06.23	-
Panda	9.0.0.4	2008.06.23	-
*Prevx1	V2	2008.06.24	Cloaked Malware*
Rising	20.50.10.00	2008.06.24	-
Sophos	4.30.0	2008.06.24	-
Sunbelt	3.0.1153.1	2008.06.15	-
Symantec	10	2008.06.24	-
*TheHacker	6.2.92.359	2008.06.24	Trojan/DNSChanger.chg*
*TrendMicro	8.700.0.1004	2008.06.24	TROJ_ZLOB.CCW*
VBA32	3.12.6.8	2008.06.23	-
VirusBuster	4.5.11.0	2008.06.23	-
*Webwasher-Gateway	6.6.2	2008.06.24	Trojan.Dropper.Dldr.DNSChanger.Gen*
Дополнительная информация
File size: 174065 bytes
MD5...: 50708191fa25804d5163c027d6013a66
SHA1..: f4b826d3235c4b2c2475f2ee700f1e142dbd84eb
SHA256: 3eb18074d6f5f757f46b6ffa04cffe60efca168d4008b4432b  367694f4d915ec
SHA512: 1e4382db3510ef813d472d3f6251b978ffae373c192a549e02  d99bc5c6b08f8d<br>350a71403f4858d2a2592b3779bc362e  80fc99f37e8f362b67d7ded91a7c30d0

----------


## Surfer

Что-то с вебвошером не так  :Smiley: 

Antivirus Version Last Update Result 
AhnLab-V3 2008.6.24.0 2008.06.24 - 
*AntiVir 7.8.0.59 2008.06.24 Worm/Zhelatin.zc*
Authentium 5.1.0.4 2008.06.24 - 
*Avast 4.8.1195.0 2008.06.24 Win32:TDrop*
AVG 7.5.0.516 2008.06.24 - 
*BitDefender 7.2 2008.06.24 Trojan.Peed.JLV*
CAT-QuickHeal 9.50 2008.06.23 - 
ClamAV 0.93.1 2008.06.24 - 
DrWeb 4.44.0.09170 2008.06.24 - 
*eSafe 7.0.17.0 2008.06.24 Suspicious File*
eTrust-Vet 31.6.5900 2008.06.24 - 
Ewido 4.0 2008.06.24 - 
F-Prot 4.4.4.56 2008.06.23 - 
F-Secure 7.60.13501.0 2008.06.24 - 
Fortinet 3.14.0.0 2008.06.24 - 
*GData 2.0.7306.1023 2008.06.24 Win32:TDrop
Ikarus T3.1.1.26.0 2008.06.24 Email-Worm.Win32.Zhelatin.zy*
Kaspersky 7.0.0.125 2008.06.24 - 
McAfee 5324 2008.06.24 - 
Microsoft 1.3604 2008.06.24 - 
*NOD32v2 3214 2008.06.24 a variant of Win32/Nuwar.DA*
Norman 5.80.02 2008.06.24 - 
Panda 9.0.0.4 2008.06.24 - 
Prevx1 V2 2008.06.24 - 
Rising 20.50.10.00 2008.06.24 - 
*Sophos 4.30.0 2008.06.24 Troj/Agent-HDG*
Sunbelt 3.0.1153.1 2008.06.15 - 
Symantec 10 2008.06.24 - 
TheHacker 6.2.92.359 2008.06.24 - 
TrendMicro 8.700.0.1004 2008.06.24 - 
VBA32 3.12.6.8 2008.06.23 - 
VirusBuster 4.5.11.0 2008.06.23 - 
Webwasher-Gateway 6.6.2 2008.06.24 - 

http://www.virustotal.com/analisis/7...dae5190c2d1722

----------


## rubin

Файл avz00001.dta получен 2008.06.25 07:18:10 (CET)



```
AhnLab-V3	2008.6.25.0	2008.06.25	Win-Trojan/Rootkit.27008.B
AntiVir	7.8.0.59	2008.06.24	-
Authentium	5.1.0.4	2008.06.24	-
Avast	4.8.1195.0	2008.06.25	Win32:Agent-VGV
AVG	7.5.0.516	2008.06.25	Scagent.T
BitDefender	7.2	2008.06.25	-
CAT-QuickHeal	9.50	2008.06.23	-
ClamAV	0.93.1	2008.06.24	-
DrWeb	4.44.0.09170	2008.06.24	-
eSafe	7.0.17.0	2008.06.24	-
eTrust-Vet	31.6.5902	2008.06.25	-
Ewido	4.0	2008.06.24	-
F-Prot	4.4.4.56	2008.06.24	-
F-Secure	7.60.13501.0	2008.06.24	-
Fortinet	3.14.0.0	2008.06.24	-
GData	2.0.7306.1023	2008.06.25	Win32:Agent-VGV
Ikarus	T3.1.1.26.0	2008.06.25	Virus.Win32.Agent.VGV
Kaspersky	7.0.0.125	2008.06.25	-
McAfee	5324	2008.06.24	-
Microsoft	1.3604	2008.06.25	-
NOD32v2	3215	2008.06.24	-
Norman	5.80.02	2008.06.24	-
Panda	9.0.0.4	2008.06.24	-
Prevx1	V2	2008.06.25	-
Rising	20.50.20.00	2008.06.25	Dropper.Win32.Cutwail.t
Sophos	4.30.0	2008.06.25	-
Sunbelt	3.0.1153.1	2008.06.15	-
Symantec	10	2008.06.25	-
TheHacker	6.2.92.361	2008.06.25	-
TrendMicro	8.700.0.1004	2008.06.25	-
VBA32	3.12.6.8	2008.06.23	-
VirusBuster	4.5.11.0	2008.06.23	-
Webwasher-Gateway	6.6.2	2008.06.25	-
```

File size: 27008 bytes
MD5...: 774450b732dac86ea7b2c13176a302a7
SHA1..: a794b3d1f6f1d7a15dd44001f6148dada86bf206
SHA256: 9e25399527a7421a3a62e3f04e3055722138c578225b678587  71b020451c9300
SHA512: 8247b385b7f176916e96d8d7a6141dba73cb666d9cb6a6a626  542d4037e9a190
d87bea8a766a9515e7767a067e4a3365e361569d0cfb6dd26d  9e876734eb5769

----------


## Surfer

File video1.exe received on 06.25.2008 19:21:10 (CET)
Result: 5/32 (15.63%)

Antivirus Version Last Update Result 
AhnLab-V3 2008.6.26.0 2008.06.25 - 
AntiVir 7.8.0.59 2008.06.25 - 
Authentium 5.1.0.4 2008.06.24 - 
Avast 4.8.1195.0 2008.06.25 - 
AVG 7.5.0.516 2008.06.25 - 
BitDefender 7.2 2008.06.25 - 
*CAT-QuickHeal 9.50 2008.06.25 (Suspicious) - DNAScan*
ClamAV 0.93.1 2008.06.25 - 
DrWeb 4.44.0.09170 2008.06.25 - 
*eSafe 7.0.17.0 2008.06.25 Suspicious File*
eTrust-Vet 31.6.5904 2008.06.25 - 
Ewido 4.0 2008.06.25 - 
F-Prot 4.4.4.56 2008.06.24 - 
F-Secure 7.60.13501.0 2008.06.24 - 
Fortinet 3.14.0.0 2008.06.25 - 
GData 2.0.7306.1023 2008.06.25 - 
Ikarus T3.1.1.26.0 2008.06.25 - 
Kaspersky 7.0.0.125 2008.06.25 - 
McAfee 5325 2008.06.25 - 
*Microsoft 1.3604 2008.06.25 TrojanDropper:Win32/Nuwar.gen!ldt*
NOD32v2 3218 2008.06.25 - 
Norman 5.80.02 2008.06.24 - 
Panda 9.0.0.4 2008.06.25 - 
Rising 20.50.22.00 2008.06.25 - 
Sophos 4.30.0 2008.06.25 - 
Sunbelt 3.0.1153.1 2008.06.15 - 
Symantec 10 2008.06.25 - 
TheHacker 6.2.92.361 2008.06.25 - 
TrendMicro 8.700.0.1004 2008.06.25 - 
*VBA32 3.12.6.8 2008.06.25 MalwareScope.Worm.Nuwar-Glowa.1*
VirusBuster 4.5.11.0 2008.06.23 - 
*Webwasher-Gateway 6.6.2 2008.06.25 Win32.Malware.gen!94 (suspicious)*

http://www.virustotal.com/analisis/4...5f1905271f9b41

----------


## rubin

svchost.exe:ext.exe

Файл avz00001.dta получен 2008.06.26 11:22:42 (CET)



```
AhnLab-V3	2008.6.26.0	2008.06.26	-
AntiVir	7.8.0.59	2008.06.26	BDS/Backdoor.Gen
Authentium	5.1.0.4	2008.06.25	-
Avast	4.8.1195.0	2008.06.26	Win32:Obfuscated-EJM
AVG	7.5.0.516	2008.06.25	Pakes.N
BitDefender	7.2	2008.06.26	Dropped:Trojan.Ozdok.F
CAT-QuickHeal	9.50	2008.06.25	-
ClamAV	0.93.1	2008.06.26	-
DrWeb	4.44.0.09170	2008.06.26	-
eSafe	7.0.17.0	2008.06.25	Suspicious File
eTrust-Vet	31.6.5907	2008.06.26	-
Ewido	4.0	2008.06.25	-
F-Prot	4.4.4.56	2008.06.25	-
F-Secure	7.60.13501.0	2008.06.24	-
Fortinet	3.14.0.0	2008.06.26	-
GData	2.0.7306.1023	2008.06.26	Win32:Obfuscated-EJM
Ikarus	T3.1.1.26.0	2008.06.26	Virus.Win32.Obfuscated.EJC
Kaspersky	7.0.0.125	2008.06.26	Heur.Trojan.Generic
McAfee	5325	2008.06.25	-
Microsoft	1.3704	2008.06.26	Trojan:Win32/Pugeju.A
NOD32v2	3220	2008.06.26	-
Norman	5.80.02	2008.06.25	-
Panda	9.0.0.4	2008.06.26	-
Prevx1	V2	2008.06.26	Malicious Software
Rising	20.50.31.00	2008.06.26	Trojan.Win32.Undef.dti
Sophos	4.30.0	2008.06.26	Mal/Behav-150
Sunbelt	3.0.1153.1	2008.06.15	-
Symantec	10	2008.06.26	Trojan Horse
TheHacker	6.2.92.362	2008.06.26	-
TrendMicro	8.700.0.1004	2008.06.26	PAK_Generic.001
VBA32	3.12.6.8	2008.06.26	-
VirusBuster	4.5.11.0	2008.06.23	-
Webwasher-Gateway	6.6.2	2008.06.26	Trojan.Backdoor.Backdoor.Gen
```

File size: 28674 bytes
MD5...: d7a1f27c239a90f7d8369d8133d54e99
SHA1..: f94440a881ff50f9d1f8ac09c685e56e61b82709
SHA256: 09947312ea46a938f5126751fd070c1b3774ddfaede9fca23b  3575a4dd7ee0e3
SHA512: 0ed68a854a5cccfc3408f332f9c7f4163c413588596fe32b7d  f583faca34c762
3163927136579e236d049592e3379ad3a89fba8962b7496311  8541718ebc9c4d

----------


## senyak

Файл MediaTubeCodec_ver1.1472.0.gsg получен 2008.06.26 22:24:29 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 5/33 (15.16%)




> Антивирус  	Версия  	Обновление  	Результат
> AhnLab-V3	2008.6.26.0	2008.06.26	-
> AntiVir	7.8.0.59	2008.06.26	-
> Authentium	5.1.0.4	2008.06.25	-
> Avast	4.8.1195.0	2008.06.26	-
> AVG	7.5.0.516	2008.06.26	-
> BitDefender	7.2	2008.06.26	-
> *CAT-QuickHeal	9.50	2008.06.26	TrojanDownloader.Zlob.pnq*
> ClamAV	0.93.1	2008.06.26	-
> ...


Дополнительная информация
File size: 61440 bytes
MD5...: cd49065ab484deeac33f2b12108fa770
SHA1..: a0348154703499aad1e129c20088549af322f992
SHA256: 7c51fdb34f9fc95d21850e960675c0d4c201502072fcfe21b9  50503340f889fb
SHA512: 4c3a9835c2edac0ae29d47c6b6a0a73ad46a8eef04788bd365  2048813a5760fd
20516c5e66e5f7726c154722ea9d1c913134e500db40cc8d98  e7e5fb3127208a
PEiD..: -
PEInfo: PE Structure information

----------


## Kuzz

File vnc-E4_4_1-x86_x64_win32.exe received on 06.27.2008 17:38:38 (CET)
Current status: finished 
Result: 5/33 (15.15%)


```
Print results  Antivirus	Version	Last Update	Result
AhnLab-V3	2008.6.27.1	2008.06.27	-
AntiVir	7.8.0.59	2008.06.27	-
Authentium	5.1.0.4	2008.06.27	-
Avast	4.8.1195.0	2008.06.26	-
AVG	7.5.0.516	2008.06.27	Win32/CryptExe
BitDefender	7.2	2008.06.27	-
CAT-QuickHeal	9.50	2008.06.26	-
ClamAV	0.93.1	2008.06.27	Trojan.Downloader-41859
DrWeb	4.44.0.09170	2008.06.27	-
eSafe	7.0.17.0	2008.06.26	-
eTrust-Vet	31.6.5911	2008.06.27	-
Ewido	4.0	2008.06.27	-
F-Prot	4.4.4.56	2008.06.27	-
F-Secure	7.60.13501.0	2008.06.26	-
Fortinet	3.14.0.0	2008.06.27	-
GData	2.0.7306.1023	2008.06.27	-
Ikarus	T3.1.1.26.0	2008.06.27	-
Kaspersky	7.0.0.125	2008.06.27	-
McAfee	5326	2008.06.26	-
Microsoft	1.3704	2008.06.27	-
NOD32v2	3224	2008.06.27	-
Norman	5.80.02	2008.06.26	-
Panda	9.0.0.4	2008.06.26	-
Prevx1	V2	2008.06.27	-
Rising	20.50.42.00	2008.06.27	-
Sophos	4.30.0	2008.06.27	Sus/ComPack-J
Sunbelt	3.0.1176.1	2008.06.26	-
Symantec	10	2008.06.27	-
TheHacker	6.2.96.362	2008.06.27	-
TrendMicro	8.700.0.1004	2008.06.27	-
VBA32	3.12.6.8	2008.06.27	-
VirusBuster	4.5.11.0	2008.06.23	Packed/Execryptor
Webwasher-Gateway	6.6.2	2008.06.27	Win32.ModifiedUPX.gen (suspicious)
```

http://www.virustotal.com/analisis/4...7e6c7068b907c6
Из http://virusinfo.info/showthread.php?t=25454

----------


## SuperBrat

Файл Setup.exe получен 2008.06.27 18:51:39 (CET)


```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.6.27.1	2008.06.27	-
AntiVir	7.8.0.59	2008.06.27	-
Authentium	5.1.0.4	2008.06.27	-
Avast	4.8.1195.0	2008.06.26	-
AVG	7.5.0.516	2008.06.27	-
BitDefender	7.2	2008.06.27	-
CAT-QuickHeal	9.50	2008.06.26	Trojan.Delf.anx
ClamAV	0.93.1	2008.06.27	Trojan.Delf-2824
DrWeb	4.44.0.09170	2008.06.27	-
eSafe	7.0.17.0	2008.06.26	-
eTrust-Vet	31.6.5911	2008.06.27	-
Ewido	4.0	2008.06.27	Trojan.Delf.anx
F-Prot	4.4.4.56	2008.06.27	-
F-Secure	7.60.13501.0	2008.06.26	Suspicious:W32/UltimateRAT.21!Gemini
Fortinet	3.14.0.0	2008.06.27	-
GData	2.0.7306.1023	2008.06.27	-
Ikarus	T3.1.1.26.0	2008.06.27	Trojan-Spy.Win32.Banbra.ym
Kaspersky	7.0.0.125	2008.06.27	-
McAfee	5327	2008.06.27	-
Microsoft	1.3704	2008.06.27	-
NOD32v2	3224	2008.06.27	-
Norman	5.80.02	2008.06.26	W32/Agent.FWRD
Panda	9.0.0.4	2008.06.26	-
Prevx1	V2	2008.06.27	-
Rising	20.50.42.00	2008.06.27	-
Sophos	4.30.0	2008.06.27	-
Sunbelt	3.0.1176.1	2008.06.26	-
Symantec	10	2008.06.27	-
TheHacker	6.2.96.362	2008.06.27	-
TrendMicro	8.700.0.1004	2008.06.27	-
VBA32	3.12.6.8	2008.06.27	-
VirusBuster	4.5.11.0	2008.06.23	-
Webwasher-Gateway	6.6.2	2008.06.27	-

Дополнительная информация
File size: 614147 bytes
MD5...: d92c2805547893868008cc02b294f4b4
SHA1..: d8c74aa1224aa46b51c3dcfed3f7cf34ef953d1c
SHA256: 2d709ab8938088d4182a2a21c8bacb7968cc817e8f6cf89385cdb5f89edc61ac
SHA512: 172f4de15abe2b6806e554aac331f320952e3a41b18211d7462224d0c8864160<BR>5525c6ea5b4f475fcd47271d673f028036ce722b483a64de7782ae12b6e55157
PEiD..: BobSoft Mini Delphi -&gt; BoB / BobSoft
```

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Kuzz

Похоже на очередной псевдоантитроян.

 Файл maxantispy.exe получен 2008.06.27 19:00:35 (CET)
Текущий статус: закончено
Результат: 3/33 (9.09%)


```
Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3 	2008.6.27.1 	2008.06.27 	-
AntiVir 	7.8.0.59 	2008.06.27 	-
Authentium 	5.1.0.4 	2008.06.27 	-
Avast 	4.8.1195.0 	2008.06.26 	Win32:Trojan-gen {Other}
AVG 	7.5.0.516 	2008.06.27 	-
BitDefender 	7.2 	2008.06.27 	-
CAT-QuickHeal 	9.50 	2008.06.26 	-
ClamAV 	0.93.1 	2008.06.27 	Trojan.Downloader-41859
DrWeb 	4.44.0.09170 	2008.06.27 	-
eSafe 	7.0.17.0 	2008.06.26 	-
eTrust-Vet 	31.6.5911 	2008.06.27 	-
Ewido 	4.0 	2008.06.27 	-
F-Prot 	4.4.4.56 	2008.06.27 	-
F-Secure 	7.60.13501.0 	2008.06.26 	-
Fortinet 	3.14.0.0 	2008.06.27 	-
GData 	2.0.7306.1023 	2008.06.27 	Win32:Trojan-gen
Ikarus 	T3.1.1.26.0 	2008.06.27 	-
Kaspersky 	7.0.0.125 	2008.06.27 	-
McAfee 	5327 	2008.06.27 	-
Microsoft 	1.3704 	2008.06.27 	-
NOD32v2 	3224 	2008.06.27 	-
Norman 	5.80.02 	2008.06.26 	-
Panda 	9.0.0.4 	2008.06.26 	-
Prevx1 	V2 	2008.06.27 	-
Rising 	20.50.42.00 	2008.06.27 	-
Sophos 	4.30.0 	2008.06.27 	-
Sunbelt 	3.0.1176.1 	2008.06.26 	-
Symantec 	10 	2008.06.27 	-
TheHacker 	6.2.96.362 	2008.06.27 	-
TrendMicro 	8.700.0.1004 	2008.06.27 	-
VBA32 	3.12.6.8 	2008.06.27 	-
VirusBuster 	4.5.11.0 	2008.06.23 	-
Webwasher-Gateway 	6.6.2 	2008.06.27 	-
```

http://www.virustotal.com/ru/analisi...838738296498ad

----------


## rubin

довольно стойкий руткит

Файл Dim50.dta получен 2008.06.28 14:38:10 (CET)


```
AhnLab-V3	2008.6.27.1	2008.06.27	-
AntiVir	7.8.0.59	2008.06.27	TR/Dropper.Gen
Authentium	5.1.0.4	2008.06.27	-
Avast	4.8.1195.0	2008.06.28	Win32:Cutwail
AVG	7.5.0.516	2008.06.28	Generic10.ATQT
BitDefender	7.2	2008.06.28	-
CAT-QuickHeal	9.50	2008.06.28	-
ClamAV	0.93.1	2008.06.28	-
DrWeb	4.44.0.09170	2008.06.28	BackDoor.Bulknet.216
eSafe	7.0.17.0	2008.06.26	-
eTrust-Vet	31.6.5911	2008.06.27	-
Ewido	4.0	2008.06.27	-
F-Prot	4.4.4.56	2008.06.27	-
F-Secure	7.60.13501.0	2008.06.26	-
Fortinet	3.14.0.0	2008.06.28	Pushu!tr
GData	2.0.7306.1023	2008.06.28	Win32:Cutwail
Ikarus	T3.1.1.26.0	2008.06.28	Virus.Win32.Cutwail
Kaspersky	7.0.0.125	2008.06.28	-
McAfee	5327	2008.06.27	-
Microsoft	1.3704	2008.06.28	TrojanDownloader:Win32/Cutwail.S
NOD32v2	3224	2008.06.27	Win32/Wigon.CT
Norman	5.80.02	2008.06.27	-
Panda	9.0.0.4	2008.06.28	-
Prevx1	V2	2008.06.28	Rootkit
Rising	20.50.52.00	2008.06.28	-
Sophos	4.30.0	2008.06.28	Troj/Pushu-Gen
Sunbelt	3.0.1176.1	2008.06.26	-
Symantec	10	2008.06.28	-
TheHacker	6.2.96.362	2008.06.27	-
TrendMicro	8.700.0.1004	2008.06.27	-
VBA32	3.12.6.8	2008.06.28	-
VirusBuster	4.5.11.0	2008.06.23	-
Webwasher-Gateway	6.6.2	2008.06.28	Trojan.Dropper.Gen
```

File size: 30208 bytes
MD5...: fec068456ce4a5200b41da646361f9d5
SHA1..: 8dad75c7fa3a11e2ae80536e71b6fe2c84a81d07
SHA256: 94187ec53b30101f56e0263560121254e7d2ecbfcdd1ccf838  e5af1164134c2d
SHA512: 894e47e5f92ba6fddd39ad5705cb9caacbc1c2b90854cee1b6  a957861ddd341e
ee3959c36a55a3f54bdb8164c83656cb8f6d04b000f6919bce  7e9f63790cf76b

----------


## senyak

Файл MediaTubeCodec_ver1.1081.0.exe получен 2008.06.29 01:46:27 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 3/33 (9.1%)




> Антивирус  	Версия  	Обновление  	Результат
> AhnLab-V3	2008.6.27.1	2008.06.27	-
> AntiVir	7.8.0.59	2008.06.28	-
> Authentium	5.1.0.4	2008.06.29	-
> Avast	4.8.1195.0	2008.06.28	-
> AVG	7.5.0.516	2008.06.29	-
> BitDefender	7.2	2008.06.29	-
> CAT-QuickHeal	9.50	2008.06.28	-
> ClamAV	0.93.1	2008.06.28	-
> ...


Дополнительная информация
File size: 61440 bytes
MD5...: 31075bdacbdf483242831b62ef74d7a6
SHA1..: 0747214be0df0bdb8570c09b891cc6e690200ce1
SHA256: e8b7e4610a1e311519fb19ad18c0aa3f3e10303a7b059f04dd  9f83c7b649c65d
SHA512: c16eca24fba20c3e8440d76e2dfc4d6ce80daf06f0fe5d5015  96f0de02950bc5
2ad2fda29719483e75474d7a5db7799b2948cd3e325dc17325  3d402e5036a8a7
PEiD..: -
PEInfo: PE Structure information




Файл 3913098.exe получен 2008.06.29 01:49:25 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 15/33 (45.46%)




> Антивирус  	Версия  	Обновление  	Результат
> AhnLab-V3	2008.6.27.1	2008.06.27	-
> *AntiVir	7.8.0.59	2008.06.28	TR/Dldr.Injecter.ZY
> Authentium	5.1.0.4	2008.06.29	W32/Adware-RegBHO-based.1!Maximus*
> Avast	4.8.1195.0	2008.06.28	-
> *AVG	7.5.0.516	2008.06.29	Downloader.Generic7.VJI*
> BitDefender	7.2	2008.06.29	-
> CAT-QuickHeal	9.50	2008.06.28	-
> ClamAV	0.93.1	2008.06.28	-
> ...


Дополнительная информация
File size: 50695 bytes
MD5...: 13436ac1a69bd81a5f3d3b70c8e32940
SHA1..: 426519a2950abc5f48b268766531cd60c8583a1b
SHA256: a65ea6a7c460ed3614d2256d899430f660953011324dc8ea93  e435265870f53c
SHA512: 7b57898557d77b5d96824883417219196f48fc81db751a5f99  cb529b2d82aa47
4772fa9f93efa4dae5497ed91d4fcf9cdc072a94e19ffcb585  b396316e06edbd
PEiD..: -
PEInfo: PE Structure information




Файл codec.ipg получен 2008.06.29 01:55:37 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 9/33 (27.28%)




> Антивирус  	Версия  	Обновление  	Результат
> *AhnLab-V3	2008.6.27.1	2008.06.27	HTML/Zlob
> AntiVir	7.8.0.59	2008.06.28	HEUR/HTML.Malware
> Authentium	5.1.0.4	2008.06.29	JS/Agent.CF*
> Avast	4.8.1195.0	2008.06.28	-
> AVG	7.5.0.516	2008.06.29	-
> *BitDefender	7.2	2008.06.29	Trojan.Html.Zlob.L
> CAT-QuickHeal	9.50	2008.06.28	HTM/Zlob.GEN.2*
> ClamAV	0.93.1	2008.06.28	-
> ...


Дополнительная информация
File size: 11148 bytes
MD5...: 67fc43cf3aa6a74ad59521f3ed34a28e
SHA1..: c760bb992ecef6a0665169882cf99e55d9e9096d
SHA256: 19987030945fc645376db70330c8d7470de1b45850e8ed5104  263d16bebf835b
SHA512: ccba54fd71dfa340825d96ce76a39ba67e19b0fe938bac10c6  10b69e40fde05a
b60af2111a62d7cad11842cabe9961094aafcd442776708853  79f42b341c1a73
PEiD..: -
PEInfo: -




Файл AntvrsInstall.msu получен 2008.06.29 01:59:13 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 6/33 (18.19%)




> Антивирус  	Версия  	Обновление  	Результат
> AhnLab-V3	2008.6.27.1	2008.06.27	-
> AntiVir	7.8.0.59	2008.06.28	-
> Authentium	5.1.0.4	2008.06.29	-
> Avast	4.8.1195.0	2008.06.28	-
> *AVG	7.5.0.516	2008.06.29	FakeAlert.F
> BitDefender	7.2	2008.06.29	Trojan.FakeAlert.TE*
> CAT-QuickHeal	9.50	2008.06.28	-
> ClamAV	0.93.1	2008.06.28	-
> ...


Дополнительная информация
File size: 66848 bytes
MD5...: ee389a86d91e0b36e0c59905a871f382
SHA1..: accfa5c044bb48812cb8bfde80f7e41c0b9ef35d
SHA256: 0fab5e5cf31c98c4ea6c8a8dc992c16fbb2fda28fb5f04cd75  1f48526a30d25d
SHA512: 31d6dd3083cf17c2b3b53cef6bc674887a1e36a4d525177167  b63da49d22eb67
7ea1b1ec4b64a17ab139b57b7fb481298b8993af34e83e10a5  7731a20189c69c
PEiD..: -
PEInfo: -

*Добавлено через 1 час 6 минут*

Файл MediaTubeCodec_ver1.1472.0.exe получен 2008.06.29 03:02:22 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 3/33 (9.1%)




> Антивирус  	Версия  	Обновление  	Результат
> AhnLab-V3	2008.6.27.1	2008.06.27	-
> AntiVir	7.8.0.59	2008.06.28	-
> Authentium	5.1.0.4	2008.06.29	-
> Avast	4.8.1195.0	2008.06.28	-
> AVG	7.5.0.516	2008.06.29	-
> BitDefender	7.2	2008.06.29	-
> CAT-QuickHeal	9.50	2008.06.28	-
> ClamAV	0.93.1	2008.06.28	-
> ...


Дополнительная информация
File size: 61440 bytes
MD5...: db3543d699f556cb334ea6b87abbec22
SHA1..: c1c6a4994000abc66ebdd10fd4dbac4de6036c87
SHA256: 80684c22ecf05fc2dbc8755b1023b5fc0702f47ff08b5fd5a0  5a4482e8ac8c2d
SHA512: 03270d545299abac89a32cf610f2770323aab301494f2318ea  0ceb46ff28e4ee
4862e121f50a4cee6e9aa6a991f4ea1ebe5fbdfeac2f2ba3a6  bf2baf0beabef4
PEiD..: -
PEInfo: PE Structure information

----------


## senyak

Файл MediaTubeCodec_ver1.1081.0.exe получен 2008.06.29 21:19:19 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 4/33 (12.13%)




> Антивирус  	Версия  	Обновление  	Результат
> AhnLab-V3	2008.6.27.1	2008.06.29	-
> AntiVir	7.8.0.59	2008.06.29	-
> Authentium	5.1.0.4	2008.06.29	-
> Avast	4.8.1195.0	2008.06.28	-
> AVG	7.5.0.516	2008.06.29	-
> BitDefender	7.2	2008.06.29	-
> CAT-QuickHeal	9.50	2008.06.28	-
> ClamAV	0.93.1	2008.06.29	-
> ...


Дополнительная информация
File size: 61440 bytes
MD5...: 90a998c337044b10e9dd93606814f5cb
SHA1..: 16e45c2c7f55eb540fcdfbba43aea47693e43186
SHA256: b13fcc1402113880c53e6cb9b8e94074367bc843db5b38b287  5dd6aaef0efe8c
SHA512: 0cd3334fd113b83dc872a8ab39aca00c134652742c2dd1e65b  9cb795f46b31b5
e7b8aadcdd5a01587435ac5488c5f41bc596fa024d7637d53f  f692b2fff9cf7a
PEiD..: -
PEInfo: PE Structure information




Файл 3913098.exe получен 2008.06.29 21:22:37 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 12/33 (36.37%)




> Антивирус  	Версия  	Обновление  	Результат
> AhnLab-V3	2008.6.27.1	2008.06.29	-
> *AntiVir	7.8.0.59	2008.06.29	HEUR/Malware
> Authentium	5.1.0.4	2008.06.29	W32/Adware-RegBHO-based.1!Maximus*
> Avast	4.8.1195.0	2008.06.28	-
> AVG	7.5.0.516	2008.06.29	-
> BitDefender	7.2	2008.06.29	-
> CAT-QuickHeal	9.50	2008.06.28	-
> ClamAV	0.93.1	2008.06.29	-
> ...


Дополнительная информация
File size: 52743 bytes
MD5...: 1242b6e2af0b7102b2840f2a1bdb1931
SHA1..: b0358ea9abcc76e3bc2e0338a80e7f9c9de7c29d
SHA256: 76bb0f7353a5fd078112c5f53ad19d5f77df84ad3e800e8073  e0f11ffc38cddc
SHA512: 69ae3e0a6b805a6ef2e02d7518ee469ad2b1cd4a6c68f819a2  bd56ca8cf258e2
c6ee47ca717c2469a74e99f890f30e3f2d3da096cc9cb98a8c  c9ffa7d2231edf
PEiD..: -
PEInfo: PE Structure information

----------


## rubin

виртумонде

Файл avz00002.dta получен 2008.06.30 12:13:11 (CET)


```
AhnLab-V3	2008.6.27.1	2008.06.30	-
AntiVir	7.8.0.59	2008.06.30	TR/Monder.agt
Authentium	5.1.0.4	2008.06.29	-
Avast	4.8.1195.0	2008.06.28	-
AVG	7.5.0.516	2008.06.29	Downloader.Zlob.XUO
BitDefender	7.2	2008.06.30	-
CAT-QuickHeal	9.50	2008.06.28	-
ClamAV	0.93.1	2008.06.30	-
DrWeb	4.44.0.09170	2008.06.30	-
eSafe	7.0.17.0	2008.06.29	Suspicious File
eTrust-Vet	31.6.5914	2008.06.30	-
Ewido	4.0	2008.06.27	-
F-Prot	4.4.4.56	2008.06.29	-
F-Secure	7.60.13501.0	2008.06.26	-
Fortinet	3.14.0.0	2008.06.30	-
GData	2.0.7306.1023	2008.06.30	-
Ikarus	T3.1.1.26.0	2008.06.30	Trojan.Win32.Vundo.BY
Kaspersky	7.0.0.125	2008.06.30	-
McAfee	5327	2008.06.27	-
Microsoft	1.3704	2008.06.30	Trojan:Win32/Vundo.BY
NOD32v2	3226	2008.06.30	-
Norman	5.80.02	2008.06.27	Zlob.BTMP
Panda	9.0.0.4	2008.06.29	-
Prevx1	V2	2008.06.30	Fraudulent Security Program
Rising	20.51.01.00	2008.06.30	-
Sophos	4.30.0	2008.06.30	Troj/Virtum-Gen
Sunbelt	3.0.1176.1	2008.06.26	-
Symantec	10	2008.06.30	-
TheHacker	6.2.96.364	2008.06.28	-
TrendMicro	8.700.0.1004	2008.06.30	-
VBA32	3.12.6.8	2008.06.30	-
VirusBuster	4.5.11.0	2008.06.30	-
Webwasher-Gateway	6.6.2	2008.06.30	Trojan.Monder.agt
```

File size: 28288 bytes
MD5...: 67b50fe0dc9ec65922297121872f184a
SHA1..: bd5e434997ff117f18fc525ed727ed0647b60604
SHA256: 055a37b117b0b98361a337a632d640fa44f3410b41208325fd  59e3a0eb88fe8e
SHA512: 605d83349752918ef301cfc180e8c6670f86042c503a8cc5fc  510498a508dfe8
29a5d8022b89d2899991a5a96d47bcccf717216080bde7bfdc  3ec994a3c03c27

----------


## Black Angel

Файл tvktbs.exe получен 2008.06.30 12:48:26 (CET)
Антивирус      Версия  Обновление     Результат
AhnLab-V3      2008.6.27.1    2008.06.30     -
AntiVir 7.8.0.59       2008.06.30     -
Authentium     5.1.0.4 2008.06.29     -
Avast   4.8.1195.0     2008.06.28     -
AVG     7.5.0.516      2008.06.29     -
BitDefender    7.2     2008.06.30     -
CAT-QuickHeal  9.50    2008.06.28     -
ClamAV  0.93.1  2008.06.30     -
*DrWeb   4.44.0.09170   2008.06.30     Trojan.Inject.3570*
eSafe   7.0.17.0       2008.06.29     -
eTrust-Vet     31.6.5914      2008.06.30     -
Ewido   4.0     2008.06.27     -
F-Prot  4.4.4.56       2008.06.29     -
F-Secure       7.60.13501.0   2008.06.26     -
*Fortinet       3.14.0.0       2008.06.30     Pushdo!tr*
GData   2.0.7306.1023  2008.06.30     -
*Ikarus  T3.1.1.26.0    2008.06.30     Trojan-Dropper.Win32.Cutwail.AG*
Kaspersky      7.0.0.125      2008.06.30     -
McAfee  5327    2008.06.27     -
*Microsoft      1.3704  2008.06.30     TrojanDownloader:Win32/Cutwail.S*
NOD32v2 3226    2008.06.30     -
Norman  5.80.02 2008.06.27     -
Panda   9.0.0.4 2008.06.29     -
*Prevx1  V2      2008.06.30     Cloaked Malware*
Rising  20.51.02.00    2008.06.30     -
*Sophos  4.30.0  2008.06.30     Troj/Pushdo-Gen*
Sunbelt3.0.1176.1     2008.06.26     -
Symantec       10      2008.06.30     -
TheHacker      6.2.96.364     2008.06.28     -
TrendMicro     8.700.0.1004   2008.06.30     -
VBA32   3.12.6.8       2008.06.30     -
VirusBuster    4.5.11.0       2008.06.30     -
Webwasher-Gateway      6.6.2   2008.06.30     -

Дополнительная информация
File size: 13312 bytes
MD5...: f9ceb1b4b40f5366b4a9776f0ea6473c
SHA1..: ca9ff66360ec91a50a6f3d71b2d49598e5987e26
SHA256: 969be708e2375117a2e0e2bffff0a64c8eea9ed120403fd19b  fcb21fbbe92164
SHA512: 81305f107cfd73a5c4e2429171d524991da559226ccadbf8b8  2e0dd7c83c91e6<BR>121e59e95552acdc0e3f1fc94b00d776  f41b1ed16107d1c24eef45c3f79a2a6c



Файл glzqer.exe получен 2008.06.30 12:45:05 (CET)
Антивирус      Версия  Обновление     Результат
AhnLab-V3      2008.6.27.1    2008.06.30     -
AntiVir 7.8.0.59       2008.06.30     -
Authentium     5.1.0.4 2008.06.29     -
Avast   4.8.1195.0     2008.06.28     -
AVG     7.5.0.516      2008.06.29     -
BitDefender    7.2     2008.06.30     -
CAT-QuickHeal  9.50    2008.06.28     -
ClamAV  0.93.1  2008.06.30     -
*DrWeb   4.44.0.09170   2008.06.30     Trojan.Packed.557*
*eSafe   7.0.17.0       2008.06.29     Suspicious File*
eTrust-Vet     31.6.5914      2008.06.30     -
Ewido   4.0     2008.06.27     -
F-Prot  4.4.4.56       2008.06.29     -
F-Secure       7.60.13501.0   2008.06.26     -
Fortinet       3.14.0.0       2008.06.30     -
GData   2.0.7306.1023  2008.06.30     -
Ikarus  T3.1.1.26.0    2008.06.30     -
Kaspersky      7.0.0.125      2008.06.30     -
McAfee  5327    2008.06.27     -
*Microsoft      1.3704  2008.06.30     Trojan:Win32/Tibs.GK*
NOD32v2 3226    2008.06.30     -
Norman  5.80.02 2008.06.27     -
Panda   9.0.0.4 2008.06.29     -
Prevx1  V2      2008.06.30     -
Rising  20.51.02.00    2008.06.30     -
*Sophos  4.30.0  2008.06.30     Mal/Dorf-C*
Sunbelt 3.0.1176.1     2008.06.26     -
Symantec       10      2008.06.30     -
TheHacker      6.2.96.364     2008.06.28     -
TrendMicro     8.700.0.1004   2008.06.30     -
VBA32   3.12.6.8       2008.06.30     -
VirusBuster    4.5.11.0       2008.06.30     -
*Webwasher-Gateway      6.6.2   2008.06.30     Win32.Malware.gen (suspicious)*

Дополнительная информация
File size: 106925 bytes
MD5...: 514df67979fb15f038bd916d794d65cd
SHA1..: 4ed6cd443625892e40b5ae3538c8d444e24770a3
SHA256: cedd7823e2610ca2c22f8f8d315cada86ac14d3ec82e8768c3  2c16cd30c3e6fa
SHA512: 23c5f3a036a846783d8cf7f5e7874d15fc8f0591cb0796bc9d  9a8693f65fb3c9<BR>944a11bfb53c67e1ad98d455807bea81  c7095fac5ec6598a5528e8d1254482f2

----------


## rubin

Файл avz00002.dta получен 2008.06.30 13:05:41 (CET)


```
AhnLab-V3	2008.6.27.1	2008.06.30	-
AntiVir	7.8.0.59	2008.06.30	TR/Patched.BD.342
Authentium	5.1.0.4	2008.06.29	W32/Patched.C.gen!Eldorado
Avast	4.8.1195.0	2008.06.28	Win32:Patched-FF
AVG	7.5.0.516	2008.06.29	-
BitDefender	7.2	2008.06.30	Trojan.Patched.BD
CAT-QuickHeal	9.50	2008.06.28	-
ClamAV	0.93.1	2008.06.30	-
DrWeb	4.44.0.09170	2008.06.30	Trojan.Starter.481
eSafe	7.0.17.0	2008.06.29	-
eTrust-Vet	31.6.5914	2008.06.30	-
Ewido	4.0	2008.06.27	-
F-Prot	4.4.4.56	2008.06.29	W32/Patched.C.gen!Eldorado
F-Secure	7.60.13501.0	2008.06.26	-
Fortinet	3.14.0.0	2008.06.30	-
GData	2.0.7306.1023	2008.06.30	Win32:Patched-FF
Ikarus	T3.1.1.26.0	2008.06.30	Trojan.Patched.BD
Kaspersky	7.0.0.125	2008.06.30	-
McAfee	5327	2008.06.27	-
Microsoft	1.3704	2008.06.30	-
NOD32v2	3226	2008.06.30	-
Norman	5.80.02	2008.06.27	-
Panda	9.0.0.4	2008.06.29	-
Prevx1	V2	2008.06.30	-
Rising	20.51.02.00	2008.06.30	Trojan.Win32.Patch.d
Sophos	4.30.0	2008.06.30	-
Sunbelt	3.0.1176.1	2008.06.26	-
Symantec	10	2008.06.30	-
TheHacker	6.2.96.364	2008.06.28	-
TrendMicro	8.700.0.1004	2008.06.30	-
VBA32	3.12.6.8	2008.06.30	-
VirusBuster	4.5.11.0	2008.06.30	-
Webwasher-Gateway	6.6.2	2008.06.30	Trojan.Patched.BD.342
```

File size: 38912 bytes
MD5...: ef788c680041f8577162633f48aa9e53
SHA1..: e814dd1cf92f70ff47dc50fe658557a2a3800eab
SHA256: f91c59e560feb196d2f804f91a0bad4958c5a064d2c9478159  ef8de93979175c
SHA512: cb3916c616b36e14c5ee372567ded78ccbfcd09f089c187bb6  cbdda60643b0ff
dc678e368af336a29060b988b25119cf35f7548ef367be4304  6e0399488c1535

*Добавлено через 6 часов 17 минут*

winctrl32.dll
Файл avz00001.dta получен 2008.06.30 19:22:36 (CET)


```
AhnLab-V3	2008.6.27.1	2008.06.30	-
AntiVir	7.8.0.59	2008.06.30	-
Authentium	5.1.0.4	2008.06.29	-
Avast	4.8.1195.0	2008.06.30	Win32:Trojan-gen {Other}
AVG	7.5.0.516	2008.06.30	-
BitDefender	7.2	2008.06.30	-
CAT-QuickHeal	9.50	2008.06.30	TrojanDownloader.Cutwail.s
ClamAV	0.93.1	2008.06.30	-
DrWeb	4.44.0.09170	2008.06.30	Trojan.DownLoader.63553
eSafe	7.0.17.0	2008.06.30	-
eTrust-Vet	31.6.5914	2008.06.30	-
Ewido	4.0	2008.06.27	-
F-Prot	4.4.4.56	2008.06.29	-
F-Secure	7.60.13501.0	2008.06.26	-
Fortinet	3.14.0.0	2008.06.30	PossibleThreat
GData	2.0.7306.1023	2008.06.30	Win32:Trojan-gen
Ikarus	T3.1.1.26.0	2008.06.30	Trojan-Downloader.Win32.Cutwail.S
Kaspersky	7.0.0.125	2008.06.30	-
McAfee	5328	2008.06.30	-
Microsoft	1.3704	2008.06.30	TrojanDownloader:Win32/Cutwail.S
NOD32v2	3228	2008.06.30	-
Norman	5.80.02	2008.06.27	-
Panda	9.0.0.4	2008.06.29	-
Prevx1	V2	2008.06.30	Malicious Software
Rising	20.51.02.00	2008.06.30	-
Sophos	4.30.0	2008.06.30	Sus/Behav-258
Sunbelt	3.0.1176.1	2008.06.26	-
Symantec	10	2008.06.30	-
TheHacker	6.2.96.364	2008.06.28	-
TrendMicro	8.700.0.1004	2008.06.30	-
VBA32	3.12.6.8	2008.06.30	-
VirusBuster	4.5.11.0	2008.06.30	-
Webwasher-Gateway	6.6.2	2008.06.30	-
```

File size: 15872 bytes
MD5...: 5f2c442e5a07ac3a4d8a504456b72455
SHA1..: df85b08230a46f4e157ae6da2e8302a8b7ea1810
SHA256: dc7286af5934d7bc97ac543bd3ee90bf0eda9e2b88c1028c56  0fa827288168cc
SHA512: b1df18f557ee09c6c41811966df53f2ce7c690f98ba5e627be  e07d802592a6fe
5786338b33bcd4ce4f360f7c117676fc5537a4c2c5b8f83fbe  f6db2cfcb02de0

----------


## Pili

Файл xmlview.dll получен 2008.07.01 08:10:51 (CET)


```
AhnLab-V3	2008.7.1.0	2008.07.01	-
AntiVir	7.8.0.59	2008.07.01	TR/BHO.Fake.26624.A
Authentium	5.1.0.4	2008.07.01	W32/Adware-RegBHO-based.1!Maximus
Avast	4.8.1195.0	2008.06.30	-
AVG	7.5.0.516	2008.06.30	-
BitDefender	7.2	2008.07.01	Trojan.FakeAlert.TN
CAT-QuickHeal	9.50	2008.06.30	-
ClamAV	0.93.1	2008.07.01	-
DrWeb	4.44.0.09170	2008.06.30	-
eSafe	7.0.17.0	2008.06.30	Suspicious File
eTrust-Vet	31.6.5916	2008.07.01	-
Ewido	4.0	2008.06.27	-
F-Prot	4.4.4.56	2008.07.01	W32/Adware-RegBHO-based.1!Maximus
F-Secure	7.60.13501.0	2008.06.26	-
Fortinet	3.14.0.0	2008.07.01	-
GData	2.0.7306.1023	2008.07.01	Trojan.Win32.BHO.eks
Ikarus	T3.1.1.26.0	2008.07.01	-
Kaspersky	7.0.0.125	2008.07.01	Trojan.Win32.BHO.eks
McAfee	5328	2008.06.30	-
Microsoft	1.3704	2008.07.01	Trojan:Win32/Agent
NOD32v2	3230	2008.07.01	Win32/Adware.IeDefender.NFX
Norman	5.80.02	2008.06.30	-
Panda	9.0.0.4	2008.07.01	-
Prevx1	V2	2008.07.01	Cloaked Malware
Rising	20.51.10.00	2008.07.01	-
Sophos	4.30.0	2008.07.01	Troj/Agent-HDV
Sunbelt	3.1.1509.1	2008.07.01	-
Symantec	10	2008.07.01	-
TheHacker	6.2.96.365	2008.07.01	-
TrendMicro	8.700.0.1004	2008.07.01	PAK_Generic.001
VBA32	3.12.6.8	2008.06.30	-
VirusBuster	4.5.11.0	2008.06.30	-
Webwasher-Gateway	6.6.2	2008.07.01	Win32.NewMalware.HU!26624
```

File size: 26624 bytes
MD5...: 0281d66756b7429e88bb242ad74d734c
SHA1..: a6f52dd4cf37636b9a8e08de42e3938751ad6ace
SHA256: 76ea75a6bc97be096b209f89013ab4665c9e57cbb1761bf4d5  ef5eae2a4270c3
SHA512: 4415cf4c0d1003a84ce26cb5618b4b34c7cc1502f6f8afd246  c7bcd4c73126f2
84b871516163c57de302adeed61a28a0655ec78ce19c026d9c  efa51d05d891b8

----------


## ZhIV

Файл blphc1rhj0ev2n.scr получен 2008.07.02 08:40:52 (CET)

```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.7.2.0	2008.07.01	Win-AppCare/Xema.716800
AntiVir	7.8.0.59	2008.07.01	-
Authentium	5.1.0.4	2008.07.01	-
Avast	4.8.1195.0	2008.07.01	-
AVG	7.5.0.516	2008.07.01	-
BitDefender	7.2	2008.07.02	-
CAT-QuickHeal	9.50	2008.06.30	-
ClamAV	0.93.1	2008.07.02	-
DrWeb	4.44.0.09170	2008.07.02	-
eSafe	7.0.17.0	2008.07.01	Suspicious File
eTrust-Vet	31.6.5919	2008.07.02	-
Ewido	4.0	2008.07.01	-
F-Prot	4.4.4.56	2008.07.01	-
F-Secure	7.60.13501.0	2008.07.01	-
Fortinet	3.14.0.0	2008.07.02	Joke/Bluescreen
GData	2.0.7306.1023	2008.07.01	-
Ikarus	T3.1.1.26.0	2008.07.02	Win32.SuspectCrc
Kaspersky	7.0.0.125	2008.07.02	-
McAfee	5329	2008.07.01	potentially unwanted program Joke-Bluescreen
Microsoft	None	2008.07.02	-
NOD32v2	3233	2008.07.01	-
Norman	5.80.02	2008.07.01	-
Panda	9.0.0.4	2008.07.01	-
Prevx1	V2	2008.07.02	-
Rising	20.51.12.00	2008.07.01	-
Sophos	4.30.0	2008.07.02	-
Sunbelt	3.1.1509.1	2008.07.01	-
Symantec	10	2008.07.01	Joke.Blusod
TheHacker	6.2.96.365	2008.07.01	-
TrendMicro	8.700.0.1004	2008.07.01	-
VBA32	3.12.6.8	2008.07.01	-
VirusBuster	4.5.11.0	2008.07.01	-
Webwasher-Gateway	6.6.2	2008.07.01	-
```

Дополнительная информация
File size: 60928 bytes
MD5...: 538f9ead95eba12134d95b4fe7082331
SHA1..: 527c50b92b5cededdd5b7e3edda71cb13d108dac
SHA256: a416bab39037854c14540edaaf80cff7b5f2e9db31eee23552  7574e8dedd54e6
SHA512: 4631ff7cf868348585ee0e26591b95be3ee8b232c7980f5013  f4464f285b0fbd<BR>ef41794c44cb8653d6fb6dc815c0c0a9  f4af780bfeb9b23d2f4c3bdc62bf4581


Файл _ninstall.exe получен 2008.07.02 09:04:30 (CET)

```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.7.2.0	2008.07.01	Win-Trojan/LdPinch.38912.AE
AntiVir	7.8.0.59	2008.07.01	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.07.01	W32/Tibs.P.gen!Eldorado
Avast	4.8.1195.0	2008.07.01	-
AVG	7.5.0.516	2008.07.01	PSW.Ldpinch.11.BM
BitDefender	7.2	2008.07.02	Trojan.Downloader.Agent.ZID
CAT-QuickHeal	9.50	2008.06.30	TrojanPSW.LdPinch.tlo
ClamAV	0.93.1	2008.07.02	-
DrWeb	4.44.0.09170	2008.07.02	Trojan.PWS.LDPinch.1941
eSafe	7.0.17.0	2008.07.01	Suspicious File
eTrust-Vet	31.6.5919	2008.07.02	Win32/VMalum.CVLL
Ewido	4.0	2008.07.01	-
F-Prot	4.4.4.56	2008.07.01	W32/Tibs.P.gen!Eldorado
F-Secure	7.60.13501.0	2008.07.01	Trojan-PSW.Win32.LdPinch.tlo
Fortinet	3.14.0.0	2008.07.02	W32/TibsPak.TLO!tr.pws
GData	2.0.7306.1023	2008.07.01	Trojan-PSW.Win32.LdPinch.tlo
Ikarus	T3.1.1.26.0	2008.07.02	Trojan.Crypt.XPACK
Kaspersky	7.0.0.125	2008.07.02	Trojan-PSW.Win32.LdPinch.tlo
McAfee	5329	2008.07.01	-
Microsoft	None	2008.07.02	-
NOD32v2	3233	2008.07.01	-
Norman	5.80.02	2008.07.01	LdPinch.gen1
Panda	9.0.0.4	2008.07.01	Suspicious file
Prevx1	V2	2008.07.02	Malicious Software
Rising	20.51.12.00	2008.07.01	Worm.Mail.Win32.Zhelatin.xa
Sophos	4.30.0	2008.07.02	Mal/TibsPak
Sunbelt	3.1.1509.1	2008.07.01	Trojan.Crypt.XPACK
Symantec	10	2008.07.01	Trojan.Packed.13
TheHacker	6.2.96.365	2008.07.01	-
TrendMicro	8.700.0.1004	2008.07.01	TROJ_AVKILLP.MCS
VBA32	3.12.6.8	2008.07.01	Trojan-PSW.Win32.LdPinch.tlo
VirusBuster	4.5.11.0	2008.07.01	Trojan.Renos.Gen!Pac.10
Webwasher-Gateway	6.6.2	2008.07.01	Trojan.Crypt.XPACK.Gen

```

Дополнительная информация
File size: 38912 bytes
MD5...: a79374cf0935be671c0d53fb2fa9f53e
SHA1..: 4ab932b259d6f14dabddcc6abbcf5bc82df0eb8a
SHA256: 38cb3b1276ac5d8c06642b0ed363686164a4a900ce683e939b  f56d00b1168c77
SHA512: 834a0d1e8c55ce1231e18317cd4485a865e7549abf01af34ff  a15ffa3c9d71c9<BR>85c2587bce401c7406c9d850ef59ecd1  53b61f2305e58fb2715e6c3fa848c5b8


Файл lphc1rhj0ev2n.exe получен 2008.07.02 09:05:07 (CET)

```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.7.2.0	2008.07.02	-
AntiVir	7.8.0.59	2008.07.01	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.07.01	-
Avast	4.8.1195.0	2008.07.01	Win32:Trojan-gen {Other}
AVG	7.5.0.516	2008.07.01	-
BitDefender	7.2	2008.07.02	-
CAT-QuickHeal	9.50	2008.06.30	(Suspicious) - DNAScan
ClamAV	0.93.1	2008.07.02	-
DrWeb	4.44.0.09170	2008.07.02	-
eSafe	7.0.17.0	2008.07.01	Suspicious File
eTrust-Vet	31.6.5919	2008.07.02	-
Ewido	4.0	2008.07.01	-
F-Prot	4.4.4.56	2008.07.01	-
F-Secure	7.60.13501.0	2008.07.01	-
Fortinet	3.14.0.0	2008.07.02	-
GData	2.0.7306.1023	2008.07.01	Trojan.Win32.Pakes.jld
Ikarus	T3.1.1.26.0	2008.07.02	Trojan.Crypt.XPACK
Kaspersky	7.0.0.125	2008.07.02	Trojan.Win32.Pakes.jld
McAfee	5329	2008.07.01	-
Microsoft	None	2008.07.02	-
NOD32v2	3233	2008.07.01	-
Norman	5.80.02	2008.07.01	-
Panda	9.0.0.4	2008.07.01	-
Prevx1	V2	2008.07.02	Malicious Software
Rising	20.51.20.00	2008.07.02	-
Sophos	4.30.0	2008.07.02	Mal/Generic-A
Sunbelt	3.1.1509.1	2008.07.01	-
Symantec	10	2008.07.02	-
TheHacker	6.2.96.365	2008.07.01	-
TrendMicro	8.700.0.1004	2008.07.02	-
VBA32	3.12.6.8	2008.07.01	-
VirusBuster	4.5.11.0	2008.07.01	-
Webwasher-Gateway	6.6.2	2008.07.02	Trojan.Crypt.XPACK.Gen
```

Дополнительная информация
File size: 109056 bytes
MD5...: 08f01efdadc577c4147376dc40c1b6e5
SHA1..: 90952e5197096a3693c55746be0e3c993a9a8a15
SHA256: 537951bac54245632afd9a1e167f5e9ec01c6644c61031b1ce  05d957c4ded43c
SHA512: 9ef60f020b530132ce4bcc05ff4be87bb7a6faf22843ece458  aa7a4384f48f80<BR>a9fc33b3db584327997af6645138cb43  92e45a8f6216131cb8387f612dfe66f0


Файл phc1rhj0ev2n.bmp получен 2008.07.02 09:06:46 (CET)

```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.7.2.0	2008.07.02	-
AntiVir	7.8.0.59	2008.07.01	-
Authentium	5.1.0.4	2008.07.01	-
Avast	4.8.1195.0	2008.07.01	-
AVG	7.5.0.516	2008.07.01	Generic_c.OYJ
BitDefender	7.2	2008.07.02	-
CAT-QuickHeal	9.50	2008.06.30	-
ClamAV	0.93.1	2008.07.02	-
DrWeb	4.44.0.09170	2008.07.02	-
eSafe	7.0.17.0	2008.07.01	-
eTrust-Vet	31.6.5919	2008.07.02	-
Ewido	4.0	2008.07.01	-
F-Prot	4.4.4.56	2008.07.01	-
F-Secure	7.60.13501.0	2008.07.01	-
Fortinet	3.14.0.0	2008.07.02	-
GData	2.0.7306.1023	2008.07.01	-
Ikarus	T3.1.1.26.0	2008.07.02	-
Kaspersky	7.0.0.125	2008.07.02	-
McAfee	5329	2008.07.01	-
Microsoft	None	2008.07.02	-
NOD32v2	3233	2008.07.01	Win32/TrojanDownloader.FakeAlert.DJ
Norman	5.80.02	2008.07.01	-
Panda	9.0.0.4	2008.07.01	-
Prevx1	V2	2008.07.02	-
Rising	20.51.20.00	2008.07.02	-
Sophos	4.30.0	2008.07.02	-
Sunbelt	3.1.1509.1	2008.07.01	-
Symantec	10	2008.07.01	Trojan.Blusod
TheHacker	6.2.96.365	2008.07.01	-
TrendMicro	8.700.0.1004	2008.07.02	-
VBA32	3.12.6.8	2008.07.01	-
VirusBuster	4.5.11.0	2008.07.01	-
Webwasher-Gateway	6.6.2	2008.07.02	-
```

Дополнительная информация
File size: 90838 bytes
MD5...: 818c2209bd67775533ddf1acefb1f84c
SHA1..: 0a56c98ca99a777eceef89ec6b915432a9d5badd
SHA256: 0ee400f8300a5a07e284555fd0611ecec541689a3e820a43a2  69d9c3fa0fbf4e
SHA512: 2868335714e34bbdb7be8f88f330e810a0abf514d9327be5da  8033bbdcbdbeb3<BR>4a998ca84c78fe9d0dbd031a3a2ea9dd  ed007eb1d471466b2e707c542bed908a


Файл services.exe получен 2008.07.02 09:05:10 (CET)

```
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.7.2.0	2008.07.02	-
AntiVir	7.8.0.59	2008.07.01	HEUR/Crypted
Authentium	5.1.0.4	2008.07.01	-
Avast	4.8.1195.0	2008.07.01	-
AVG	7.5.0.516	2008.07.01	-
BitDefender	7.2	2008.07.02	-
CAT-QuickHeal	9.50	2008.06.30	(Suspicious) - DNAScan
ClamAV	0.93.1	2008.07.02	-
DrWeb	4.44.0.09170	2008.07.02	-
eSafe	7.0.17.0	2008.07.01	-
eTrust-Vet	31.6.5919	2008.07.02	-
Ewido	4.0	2008.07.01	-
F-Prot	4.4.4.56	2008.07.01	-
F-Secure	7.60.13501.0	2008.07.01	Suspicious:W32/Malware!Gemini
Fortinet	3.14.0.0	2008.07.02	-
GData	2.0.7306.1023	2008.07.01	-
Ikarus	T3.1.1.26.0	2008.07.02	-
Kaspersky	7.0.0.125	2008.07.02	-
McAfee	5329	2008.07.01	-
Microsoft	None	2008.07.02	-
NOD32v2	3233	2008.07.01	-
Norman	5.80.02	2008.07.01	-
Panda	9.0.0.4	2008.07.01	-
Prevx1	V2	2008.07.02	Malicious Software
Rising	20.51.20.00	2008.07.02	-
Sophos	4.30.0	2008.07.02	-
Sunbelt	3.1.1509.1	2008.07.01	-
Symantec	10	2008.07.02	-
TheHacker	6.2.96.365	2008.07.01	W32/Behav-Heuristic-061
TrendMicro	8.700.0.1004	2008.07.02	-
VBA32	3.12.6.8	2008.07.01	-
VirusBuster	4.5.11.0	2008.07.01	-
Webwasher-Gateway	6.6.2	2008.07.02	Heuristic.Crypted
```

Дополнительная информация
File size: 43008 bytes
MD5...: 70d319d7f3270fa1d972c3904eb69f84
SHA1..: 3937fd7ca497f72c266459af7fe462c185ee16e1
SHA256: 98d0bf8ae17966ace3dfddeb0d9c8e1f1be7c4862481f17ee8  90e9461e940bb2
SHA512: d7df0df4b5d8c87d43b78042301a34e4b01563527fae5b415b  7d062dcff85819<BR>35e8c1eee76ce199df6a1eef280d05c6  ced398f6c68b23f67ae54968d50dea62

----------


## senyak

Файл MediaTubeCodec_ver1.1081.0.exe получен 2008.07.01 05:51:59 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 10/33 (30.31%)




> Антивирус 	Версия 	Обновление 	Результат
> AhnLab-V3	2008.7.1.0	2008.06.30	-
> AntiVir	7.8.0.59	2008.06.30	-
> Authentium	5.1.0.4	2008.07.01	-
> Avast	4.8.1195.0	2008.06.30	-
> AVG	7.5.0.516	2008.06.30	-
> BitDefender	7.2	2008.07.01	-
> *CAT-QuickHeal	9.50	2008.06.30	TrojanDownloader.Zlob.pwc*
> ClamAV	0.93.1	2008.07.01	-
> ...


Дополнительная информация
File size: 61440 bytes
MD5...: 03632e5fa16503f264c8ccc4484f4014
SHA1..: c38bcf524c4d8f5e26afaff187cc8453fbce1ebe
SHA256: bbd43829461960e3ab6bfe7b01f44b2d511ed90958c459cada  2fa616911bc01e
SHA512: 859d8a2e016cd6747cc270df501e6ef9690d8dc843b9856532  a7b9b45f6fe9a3
cd35a87c5d72eb5500cf667cd8af0823b1b6ea309177291c83  e71d5d1eed4496
PEiD..: -
PEInfo: PE Structure information





Файл player.php получен 2008.07.01 05:57:10 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 9/33 (27.28%)




> Антивирус  	Версия  	Обновление  	Результат
> *AhnLab-V3	2008.7.1.0	2008.06.30	HTML/Zlob
> AntiVir	7.8.0.59	2008.06.30	HEUR/HTML.Malware
> Authentium	5.1.0.4	2008.07.01	JS/Agent.CF*
> Avast	4.8.1195.0	2008.06.30	-
> AVG	7.5.0.516	2008.06.30	-
> *BitDefender	7.2	2008.07.01	Trojan.Html.Zlob.L
> CAT-QuickHeal	9.50	2008.06.30	HTM/Zlob.GEN.2*
> ClamAV	0.93.1	2008.07.01	-
> ...


Дополнительная информация
File size: 11148 bytes
MD5...: 67fc43cf3aa6a74ad59521f3ed34a28e
SHA1..: c760bb992ecef6a0665169882cf99e55d9e9096d
SHA256: 19987030945fc645376db70330c8d7470de1b45850e8ed5104  263d16bebf835b
SHA512: ccba54fd71dfa340825d96ce76a39ba67e19b0fe938bac10c6  10b69e40fde05a
b60af2111a62d7cad11842cabe9961094aafcd442776708853  79f42b341c1a73
PEiD..: -
PEInfo: -

----------


## Black Angel

Файл win.exe получен 2008.07.04 09:51:39 (CET)

Антивирус Версия Обновление Результат 
*AhnLab-V3 2008.7.4.0 2008.07.03 Win-Trojan/Xema.variant* 
*AntiVir 7.8.0.64 2008.07.04 DR/Delphi.Gen* 
Authentium 5.1.0.4 2008.07.04 - 
Avast 4.8.1195.0 2008.07.04 - 
AVG 7.5.0.516 2008.07.03 - 
*BitDefender 7.2 2008.07.04 Trojan.Crypt.Delf.T* 
CAT-QuickHeal 9.50 2008.07.03 - 
ClamAV 0.93.1 2008.07.04 - 
*DrWeb 4.44.0.09170 2008.07.04 Trojan.MulDrop.17266* 
eSafe 7.0.17.0 2008.07.03 - 
eTrust-Vet 31.6.5925 2008.07.04 - 
Ewido 4.0 2008.07.03 - 
F-Prot 4.4.4.56 2008.07.03 - 
F-Secure 7.60.13501.0 2008.07.03 - 
*Fortinet 3.14.0.0 2008.07.04 PossibleThreat* 
GData 2.0.7306.1023 2008.07.04 - 
*Ikarus T3.1.1.26.0 2008.07.04 Downloader.Delphi* 
Kaspersky 7.0.0.125 2008.07.04 - 
McAfee 5331 2008.07.03 - 
Microsoft None 2008.07.04 - 
*NOD32v2 3240 2008.07.04 a variant of Win32/Injector.V* 
Norman 5.80.02 2008.07.03 - 
Panda 9.0.0.4 2008.07.03 - 
*Prevx1 V2 2008.07.04 Malicious Software* 
Rising 20.51.41.00 2008.07.04 - 
Sophos 4.30.0 2008.07.04 - 
*Sunbelt 3.1.1509.1 2008.07.04 VIPRE.Suspicious* 
Symantec 10 2008.07.04 - 
TheHacker 6.2.96.370 2008.07.04 - 
TrendMicro 8.700.0.1004 2008.07.04 - 
VBA32 3.12.6.8 2008.07.03 - 
VirusBuster 4.5.11.0 2008.07.03 - 
*Webwasher-Gateway 6.6.2 2008.07.04 Trojan.Dropper.Delphi.Gen* 

Дополнительная информация 
File size: 26624 bytes 
MD5...: 3652640f23a1e45d605d2efdab37c442 
SHA1..: 49d403d343b4fb4979911674a0130b75a3be3163 
SHA256: a35c1d31b408dd3bc750121cb945e0c0aee73faa61430200fd  2b38dcbd260e3e

----------


## rubin

Файл avz00004.dta получен 2008.07.04 18 :20: 06 (CET)


```
AhnLab-V3	2008.7.4.1	2008.07.04	-
AntiVir	7.8.0.64	2008.07.04	TR/Spy.Gen
Authentium	5.1.0.4	2008.07.04	W32/Heuristic-KPP!Eldorado
Avast	4.8.1195.0	2008.07.04	Win32:Agent-TAG
AVG	7.5.0.516	2008.07.03	Generic10.AXFJ
BitDefender	7.2	2008.07.04	-
CAT-QuickHeal	9.50	2008.07.04	-
ClamAV	0.93.1	2008.07.04	-
DrWeb	4.44.0.09170	2008.07.04	DLOADER.Trojan
eSafe	7.0.17.0	2008.07.03	-
eTrust-Vet	31.6.5927	2008.07.04	-
Ewido	4.0	2008.07.04	-
F-Prot	4.4.4.56	2008.07.03	W32/Heuristic-KPP!Eldorado
F-Secure	7.60.13501.0	2008.07.03	-
Fortinet	3.14.0.0	2008.07.04	-
GData	2.0.7306.1023	2008.07.04	Win32:Agent-TAG
Ikarus	T3.1.1.26.0	2008.07.04	Virus.Win32.Agent.TAG
Kaspersky	7.0.0.125	2008.07.04	-
McAfee	5332	2008.07.04	-
Microsoft	1.3704	2008.07.04	-
NOD32v2	3243	2008.07.04	probably a variant of Win32/Genetik
Norman	5.80.02	2008.07.04	-
Panda	9.0.0.4	2008.07.03	Suspicious file
Prevx1	V2	2008.07.04	-
Rising	20.51.42.00	2008.07.04	-
Sophos	4.31.0	2008.07.04	Mal/Emogen-Y
Sunbelt	3.1.1509.1	2008.07.04	-
Symantec	10	2008.07.04	-
TheHacker	6.2.96.370	2008.07.04	-
TrendMicro	8.700.0.1004	2008.07.04	-
VBA32	3.12.6.8	2008.07.03	-
VirusBuster	4.5.11.0	2008.07.04	-
Webwasher-Gateway	6.6.2	2008.07.04	Trojan.Spy.Gen
```

File size: 150021 bytes
MD5...: deba856ff0c7d31f63ea8f631bc501e6
SHA1..: 9d2e6f424558e0a25dff0d4ec4b141fe3e4d617f
SHA256: 7ee3239d27ffd390c59e4d156d846ea2000d464bcb04e664e8  9692c25358d59b
SHA512: 0c83a7894914ad521e70eafb44d4d78aa4a2d7b850bec90736  7215349b013f33
d651b89ec2ebbcc1122790453c17fceb2fb59283482b40679a  94aad3bcab7235

----------


## santy

Файл otkritka.swf.Vexe получен 2008.07.08 07:08:10 (CET)
Текущий статус: закончено
Результат: 17/33 (51.52%)

Антивирус 	Версия 	Обновление 	Результат
*AhnLab-V3 	2008.7.8.0 	2008.07.07 	Win-Trojan/Agent.143360.BL*
*AntiVir 	7.8.0.64 	2008.07.07 	HEUR/Crypted*
Authentium 	5.1.0.4 	2008.07.07 	-
*Avast 	4.8.1195.0 	2008.07.07 	Win32:Agent-TWL*
*AVG 	7.5.0.516 	2008.07.07 	SHeur.AWZN*
*BitDefender 	7.2 	2008.07.08 	Trojan.Srizbi.BL*
*CAT-QuickHeal 	9.50 	2008.07.07 	Trojan.Agent.gjf*
ClamAV 	0.93.1 	2008.07.08 	-
*DrWeb 	4.44.0.09170 	2008.07.07 	Trojan.Sentinel*
*eSafe 	7.0.17.0 	2008.07.07 	Suspicious File*
*eTrust-Vet 	31.6.5936 	2008.07.08 	Win32/Fuzfle.AF*
Ewido 	4.0 	2008.07.07 	-
F-Prot 	4.4.4.56 	2008.07.07 	-
F-Secure 	7.60.13501.0 	2008.07.08 	-
Fortinet 	3.14.0.0 	2008.07.07 	-
*GData 	2.0.7306.1023 	2008.07.08 	Win32:Agent-TWL*
Ikarus 	T3.1.1.26.0 	2008.07.08 	-
Kaspersky 	7.0.0.125 	2008.07.08 	-
McAfee 	5333 	2008.07.07 	-
Microsoft 	1.3704 	2008.07.08 	-
*NOD32v2 	3248 	2008.07.07 	Win32/Srizbi.Gen*
*Norman 	5.80.02 	2008.07.07 	W32/Agent.ETMR*
Panda 	9.0.0.4 	2008.07.08 	-
Prevx1 	V2 	2008.07.08 	-
Rising 	20.52.10.00 	2008.07.08 	-
*Sophos 	4.31.0 	2008.07.08 	Sus/UnkPacker*
Sunbelt 	3.1.1509.1 	2008.07.04 	-
*Symantec 	10 	2008.07.08 	Trojan.Srizbi*
TheHacker 	6.2.96.374 	2008.07.07 	-
*TrendMicro 	8.700.0.1004 	2008.07.08 	Cryp_Xed-3*
VBA32 	3.12.6.8 	2008.07.07 	-
*VirusBuster 	4.5.11.0 	2008.07.07 	Trojan.Agent.CXXQ*
*Webwasher-Gateway 	6.6.2 	2008.07.07 	Heuristic.Crypted*

Дополнительная информация
File size: 140462 bytes
MD5...: 9eeb019822cb380507ebfd0fad701c38
SHA1..: 52ebcf24f5851246a915325eaa9d83448bd9f0e5
SHA256: 63bdfadf5446bc4f5fc3524c5a25811147c1226a29c53999f8  884949b74e391a
SHA512: 36d7559423d66d7acbcb93214860e75da9eb1b1276bfa72fb4  579db1298ed1ca
808e6e8adc6a5802d220abf3052c1301fad9ba687281e457f8  629fb8f89647ed

----------


## Surfer

AhnLab-V3 2008.7.8.0 2008.07.08 - 
*AntiVir 7.8.0.64 2008.07.08 TR/Crypt.XPACK.Gen*
Authentium 5.1.0.4 2008.07.07 - 
Avast 4.8.1195.0 2008.07.07 - 
AVG 7.5.0.516 2008.07.08 - 
*BitDefender 7.2 2008.07.08 Trojan.Downloader.Exchanger.Gen.1
CAT-QuickHeal 9.50 2008.07.07 (Suspicious) - DNAScan
ClamAV 0.93.1 2008.07.08 Trojan.Agent.SIW*
DrWeb 4.44.0.09170 2008.07.08 - 
*eSafe 7.0.17.0 2008.07.08 Suspicious File*
eTrust-Vet 31.6.5937 2008.07.08 - 
Ewido 4.0 2008.07.08 - 
F-Prot 4.4.4.56 2008.07.07 - 
F-Secure 7.60.13501.0 2008.07.08 - 
Fortinet 3.14.0.0 2008.07.08 - 
GData 2.0.7306.1023 2008.07.08 - 
*Ikarus T3.1.1.26.0 2008.07.08 Trojan-Dropper.Win32.Nuwar*
Kaspersky 7.0.0.125 2008.07.08 - 
McAfee 5333 2008.07.07 - 
*Microsoft 1.3704 2008.07.08 TrojanDropper:Win32/Nuwar.gen!lds*
NOD32v2 3249 2008.07.08 - 
Norman 5.80.02 2008.07.08 - 
Panda 9.0.0.4 2008.07.08 - 
*Prevx1 V2 2008.07.08 Suspicious*
Rising 20.52.12.00 2008.07.08 - 
*Sophos 4.31.0 2008.07.08 Mal/EncPk-DA
Sunbelt 3.1.1509.1 2008.07.04 Trojan-Downloader.Win32.Agent.qxx*
*Symantec 10 2008.07.08 Trojan.Zlob*
TheHacker 6.2.96.374 2008.07.07 - 
TrendMicro 8.700.0.1004 2008.07.08 - 
*VBA32 3.12.6.8 2008.07.07 Trojan.Win32.Revelation*
VirusBuster 4.5.11.0 2008.07.07 - 
*Webwasher-Gateway 6.6.2 2008.07.08 Trojan.Crypt.XPACK.Gen*

http://www.virustotal.com/analisis/f...d8fcaa699711fd

----------


## santy

Файл avz00001.dta (nvrsma.dll) получен 2008.07.10 14:02:55 (CET)
Результат: 8/33 (24.25%)
Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2008.7.10.0	2008.07.10	-
*AntiVir	7.8.0.64	2008.07.10	TR/Crypt.XDR.Gen*
*Authentium	5.1.0.4	2008.07.10	W32/Dropper.gen8!Maximus*
*Avast	4.8.1195.0	2008.07.09	Win32:Agent-ZQD*
AVG	7.5.0.516	2008.07.10	-
BitDefender	7.2	2008.07.10	-
CAT-QuickHeal	9.50	2008.07.09	-
ClamAV	0.93.1	2008.07.10	-
DrWeb	4.44.0.09170	2008.07.10	-
eSafe	7.0.17.0	2008.07.09	-
eTrust-Vet	31.6.5942	2008.07.10	-
Ewido	4.0	2008.07.10	-
*F-Prot	4.4.4.56	2008.07.10	W32/Dropper.gen8!Maximus*
F-Secure	7.60.13501.0	2008.07.10	-
Fortinet	3.14.0.0	2008.07.10	-
*GData	2.0.7306.1023	2008.07.10	Win32:Agent-ZQD*
Ikarus	T3.1.1.26.0	2008.07.10	-
Kaspersky	7.0.0.125	2008.07.10	-
McAfee	5335	2008.07.09	-
*Microsoft	1.3704	2008.07.10	Worm:Win32/Mariofev.A*
NOD32v2	3257	2008.07.10	-
Norman	5.80.02	2008.07.10	-
Panda	9.0.0.4	2008.07.09	-
Prevx1	V2	2008.07.10	-
Rising	20.52.32.00	2008.07.10	-
*Sophos	4.31.0	2008.07.10	W32/MarioF-B*
Sunbelt	3.1.1509.1	2008.07.04	-
Symantec	10	2008.07.10	-
TheHacker	6.2.96.374	2008.07.07	-
TrendMicro	8.700.0.1004	2008.07.10	-
VBA32	3.12.6.9	2008.07.10	-
VirusBuster	4.5.11.0	2008.07.09	-
*Webwasher-Gateway	6.6.2	2008.07.10	Trojan.Crypt.XDR.Gen*
Дополнительная информация
File size: 167936 bytes
MD5...: 9e1f7fe778bac05639166f79846ef475
SHA1..: 434bb2746bfa723a5d4052e52da74919b76a262a
SHA256: 3043a2df82749747d944d0708fe2f0fcc643933f7fca6c560a  edb4aa39f4cd4e
SHA512: 1c383ace3b6aa22ce6512356760f49477952da30229ef5c9bd  847f24f0466586
a619d6f0bcae0e29725e8c3cfced911b9d5dc0eebcbf2e88a7  626f3fba19c62b
PEiD..: Armadillo v1.xx - v2.xx

----------


## ISO

File Autorun.exe received on 07.12.2008 03:10:13 (CET)
Current status:    finished 
Result: 19/33 (57.58%) 
 Compact 
Print results  Antivirus	Version	Last Update	Result
AhnLab-V3	2008.7.11.0	2008.07.11	-
*AntiVir	7.8.0.64	2008.07.11	CC/UKMalw.LB
Authentium	5.1.0.4	2008.07.11	W32/Trojan.BWKV*
Avast	4.8.1195.0	2008.07.12	-
AVG	7.5.0.516	2008.07.11	-
BitDefender	7.2	2008.07.12	-
*CAT-QuickHeal	9.50	2008.07.11	Trojan.Soltek.kj
ClamAV	0.93.1	2008.07.11	Trojan.Agent-17889*
DrWeb	4.44.0.09170	2008.07.11	-
eSafe	7.0.17.0	2008.07.10	-
eTrust-Vet	31.6.5947	2008.07.11	-
*Ewido	4.0	2008.07.11	Trojan.Legmir
F-Prot	4.4.4.56	2008.07.11	W32/Trojan.BWKV*
F-Secure	7.60.13501.0	2008.07.10	-
*Fortinet	3.14.0.0	2008.07.11	Generic.A!tr*
GData	2.0.7306.1023	2008.07.12	-
*Ikarus	T3.1.1.26.0	2008.07.12	Trojan-PWS.Legmir*
Kaspersky	7.0.0.125	2008.07.12	-
*McAfee	5337	2008.07.11	Generic Packed*
Microsoft	1.3704	2008.07.12	-
NOD32v2	3263	2008.07.11	-
*Norman	5.80.02	2008.07.11	W32/Malware.dam*
Panda	9.0.0.4	2008.07.11	-
*Prevx1	V2	2008.07.12	System Back Door*
Rising	20.52.41.00	2008.07.11	-
*Sophos	4.31.0	2008.07.12	Troj/Userin-B
Sunbelt	3.1.1509.1	2008.07.04	Trojan-PWS.LegMir
Symantec	10	2008.07.12	Backdoor.EggDrop
TheHacker	6.2.96.376	2008.07.10	Trojan/Legmir.gen
TrendMicro	8.700.0.1004	2008.07.11	TROJ_LEGMIR.AL
VBA32	3.12.6.9	2008.07.11	Trojan.PWS.Legmir
VirusBuster	4.5.11.0	2008.07.11	Trojan.Agent.EAPN
Webwasher-Gateway	6.6.2	2008.07.11	Virus.UKMalw.LB*
Additional information
File size: 61440 bytes
MD5...: 9a667611eb788402ccadd829e29a4184
SHA1..: 1b28150e07c4da97c7f343f63acf8a468a5f3733
SHA256: 4849c6b6f0575b511cbdda7ae3cbb6d88520b7093db32d5279  1c022d2526aa32
SHA512: 6efc167db4174c8cb31041b4c6dbf07edd7691e1b4855748c8  24d9e566633daa
c1d5c8ba06f9ea2373f9c6711aff67eeadf6056094b99e8bf5  77a23d35ed8fb3
PEiD..: Armadillo v1.71

----------


## Winsent

Complete scanning result of "video.exe", processed in VirusTotal at 07/14/2008 08:45:44 (CET).

[ scan result ]
AhnLab-V3 2008.7.11.0/20080711 found nothing
*AntiVir 7.8.0.64/20080714 found [TR/Crypt.XPACK.Gen]*
Authentium 5.1.0.4/20080713 found nothing
Avast 4.8.1195.0/20080713 found nothing
AVG 7.5.0.516/20080713 found nothing
*BitDefender 7.2/20080714 found [Trojan.Downloader.Exchanger.Gen.1]
CAT-QuickHeal 9.50/20080711 found [(Suspicious) - DNAScan]*
ClamAV 0.93.1/20080714 found nothing
DrWeb 4.44.0.09170/20080714 found nothing
*eSafe 7.0.17.0/20080703 found [Suspicious File]*
eTrust-Vet 31.6.5949/20080712 found nothing
Ewido 4.0/20080713 found nothing
F-Prot 4.4.4.56/20080713 found nothing
F-Secure 7.60.13501.0/20080712 found nothing
*Fortinet 3.14.0.0/20080714 found [W32/Agent.WBT!tr.dldr]
GData 2.0.7306.1023/20080714 found [Trojan-Downloader.Win32.Agent.wbt]
Ikarus T3.1.1.26/20080714 found [Trojan-Downloader.Exchanger.Gen.1]
Kaspersky 7.0.0.125/20080714 found [Trojan-Downloader.Win32.Agent.wbt]*
McAfee 5337/20080711 found nothing
*Microsoft 1.3704/20080714 found [TrojanDropper:Win32/Nuwar.gen!ldt]*
NOD32v2 3263/20080711 found nothing
Norman 5.80.02/20080711 found nothing
Panda 9.0.0.4/20080713 found nothing
Prevx1 V2/20080714 found nothing
Rising 20.53.00.00/20080714 found nothing
*Sophos 4.31.0/20080714 found [Mal/EncPk-DA]*
Sunbelt 3.1.1536.1/20080712 found nothing
Symantec 10/20080714 found nothing
TheHacker 6.2.96.378/20080713 found nothing
TrendMicro 8.700.0.1004/20080714 found nothing
VBA32 3.12.6.9/20080713 found nothing
VirusBuster 4.5.11.0/20080713 found nothing
*Webwasher-Gateway 6.6.2/20080714 found [Trojan.Crypt.XPACK.Gen]*

----------


## rubin

Файл avz00001.dta получен 2008.07.15 12:38:58 (CET)



```
AhnLab-V3	2008.7.11.0	2008.07.15	-
AntiVir	7.8.0.64	2008.07.15	DR/Delphi.Gen
Authentium	5.1.0.4	2008.07.15	-
Avast	4.8.1195.0	2008.07.14	Win32:Buzus-MQ
AVG	7.5.0.516	2008.07.15	-
BitDefender	7.2	2008.07.15	-
CAT-QuickHeal	9.50	2008.07.14	TrojanDropper.Delphi.gen
ClamAV	0.93.1	2008.07.15	-
DrWeb	4.44.0.09170	2008.07.15	-
eSafe	7.0.17.0	2008.07.14	-
eTrust-Vet	31.6.5956	2008.07.15	-
Ewido	4.0	2008.07.14	-
F-Prot	4.4.4.56	2008.07.14	-
F-Secure	7.60.13501.0	2008.07.15	-
Fortinet	3.14.0.0	2008.07.15	-
GData	2.0.7306.1023	2008.07.15	Win32:Buzus-MQ
Ikarus	T3.1.1.26.0	2008.07.15	Downloader.Delphi
Kaspersky	7.0.0.125	2008.07.15	-
McAfee	5338	2008.07.14	-
Microsoft	1.3704	2008.07.15	VirTool:Win32/DelfInject.gen!AM
NOD32v2	3268	2008.07.15	Win32/Injector.BM
Norman	5.80.02	2008.07.14	-
Panda	9.0.0.4	2008.07.14	-
Prevx1	V2	2008.07.15	Malicious Software
Rising	20.53.12.00	2008.07.15	-
Sophos	4.31.0	2008.07.15	-
Sunbelt	3.1.1536.1	2008.07.12	Trojan-Dropper.Delphi.Gen
Symantec	10	2008.07.15	Trojan Horse
TheHacker	6.2.96.379	2008.07.14	-
TrendMicro	8.700.0.1004	2008.07.15	-
VBA32	3.12.8.0	2008.07.15	-
VirusBuster	4.5.11.0	2008.07.14	-
Webwasher-Gateway	6.6.2	2008.07.15	Trojan.Dropper.Delphi.Gen
```

File size: 28672 bytes
MD5...: ab19dd3bd7acf51c52290ff51a90c2bb
SHA1..: 279561ad549716b83b60e8ef3e590f6bac0ec59b
SHA256: b6aa9cda9c544aece9b966d1d082010e3e7bb3775023fb5063  8cb0e67eefbac4
SHA512: edb287562ade55d3ee0e981346c0f3a5917d9da8f4c24411b7  6ec5ae476af288
4df6f0ad1af7def8fc7fd4ff6ca194c5d025d56bf63270a969  93fba02ca7e031


Файл avz00004.dta получен 2008.07.15 12:39:04 (CET)


```
AhnLab-V3	2008.7.11.0	2008.07.15	-
AntiVir	7.8.0.64	2008.07.15	TR/Agent.AGKK.87
Authentium	5.1.0.4	2008.07.15	W32/Agent.AZ.gen!Eldorado
Avast	4.8.1195.0	2008.07.14	-
AVG	7.5.0.516	2008.07.15	-
BitDefender	7.2	2008.07.15	Trojan.Agent.AGKK
CAT-QuickHeal	9.50	2008.07.14	-
ClamAV	0.93.1	2008.07.15	-
DrWeb	4.44.0.09170	2008.07.15	Trojan.Okuks.based
eSafe	7.0.17.0	2008.07.14	-
eTrust-Vet	31.6.5956	2008.07.15	-
Ewido	4.0	2008.07.14	-
F-Prot	4.4.4.56	2008.07.14	W32/Agent.AZ.gen!Eldorado
F-Secure	7.60.13501.0	2008.07.15	-
Fortinet	3.14.0.0	2008.07.15	-
GData	2.0.7306.1023	2008.07.15	-
Ikarus	T3.1.1.26.0	2008.07.15	Trojan.Agent.AGKK
Kaspersky	7.0.0.125	2008.07.15	-
McAfee	5338	2008.07.14	-
Microsoft	1.3704	2008.07.15	Trojan:Win32/Agent.gen!O
NOD32v2	3268	2008.07.15	-
Norman	5.80.02	2008.07.14	-
Panda	9.0.0.4	2008.07.14	Suspicious file
Prevx1	V2	2008.07.15	-
Rising	20.53.12.00	2008.07.15	-
Sophos	4.31.0	2008.07.15	Troj/Agent-GXR
Sunbelt	3.1.1536.1	2008.07.12	-
Symantec	10	2008.07.15	-
TheHacker	6.2.96.379	2008.07.14	-
TrendMicro	8.700.0.1004	2008.07.15	-
VBA32	3.12.8.0	2008.07.15	-
VirusBuster	4.5.11.0	2008.07.14	-
Webwasher-Gateway	6.6.2	2008.07.15	Trojan.Agent.AGKK.87
```

File size: 24576 bytes
MD5...: 1c2e52051883d470023ade231a22a8c8
SHA1..: 31bc05b5bbeae01ac81bd1201f3ae6ab8f91df66
SHA256: 27cc7b29ddfcfee61f99f60bd27cf38aff4b80443b5cf8534a  e918e6ed9d4dd7
SHA512: 2601e7fe5a83f5c37f7dade5c3e27d7ceca07a69d04ff2910c  aad225b8ecf494
84b465a9560f5620631e96b202eeec780b2bf01157f6adc780  1360c1da4af9a2

*Добавлено через 6 минут*

Файл avz00001.dta получен 2008.07.15 12:48:22 (CET)


```
AhnLab-V3	2008.7.11.0	2008.07.15	-
AntiVir	7.8.0.64	2008.07.15	-
Authentium	5.1.0.4	2008.07.15	W32/Adware-RegBHO-based.1!Maximus
Avast	4.8.1195.0	2008.07.14	Win32:Vapsup-EB
AVG	7.5.0.516	2008.07.15	-
BitDefender	7.2	2008.07.15	-
CAT-QuickHeal	9.50	2008.07.14	-
ClamAV	0.93.1	2008.07.15	-
DrWeb	4.44.0.09170	2008.07.15	-
eSafe	7.0.17.0	2008.07.14	-
eTrust-Vet	31.6.5956	2008.07.15	Win32/Pripecs!generic
Ewido	4.0	2008.07.14	-
F-Prot	4.4.4.56	2008.07.14	W32/Adware-RegBHO-based.1!Maximus
F-Secure	7.60.13501.0	2008.07.15	-
Fortinet	3.14.0.0	2008.07.15	-
GData	2.0.7306.1023	2008.07.15	Win32:Vapsup-EB
Ikarus	T3.1.1.26.0	2008.07.15	-
Kaspersky	7.0.0.125	2008.07.15	-
McAfee	5338	2008.07.14	-
Microsoft	1.3704	2008.07.15	-
NOD32v2	3268	2008.07.15	-
Norman	5.80.02	2008.07.14	-
Panda	9.0.0.4	2008.07.14	-
Prevx1	V2	2008.07.15	-
Rising	20.53.12.00	2008.07.15	-
Sophos	4.31.0	2008.07.15	Mal/Emogen-AC
Sunbelt	3.1.1536.1	2008.07.12	-
Symantec	10	2008.07.15	Downloader.Zlob!gen.3
TheHacker	6.2.96.379	2008.07.14	-
TrendMicro	8.700.0.1004	2008.07.15	-
VBA32	3.12.8.0	2008.07.15	suspected of Downloader.Zlob.7
VirusBuster	4.5.11.0	2008.07.14	-
Webwasher-Gateway	6.6.2	2008.07.15	-
```

File size: 167936 bytes
MD5...: 75acc889fcd1ad070d42b8a07adbacae
SHA1..: ebd4a0b626ba12f9645fd7b466b30a74e7c6945e
SHA256: 4cc3955b477be5f52287ae672e7d20ae229c2f40d15eb08200  912708a42baec5
SHA512: e5eab82743decb1da49b4e8f5adcceca0830ecd39293df215c  a9b683c23f3c59
2da7687dfd800587f86f1716b927972790983eabd2f3b2abcc  2b5b222ebc8567

Файл avz00003.dta получен 2008.07.15 12:48:27 (CET)


```
AhnLab-V3	2008.7.11.0	2008.07.15	-
AntiVir	7.8.0.64	2008.07.15	-
Authentium	5.1.0.4	2008.07.15	-
Avast	4.8.1195.0	2008.07.14	-
AVG	7.5.0.516	2008.07.15	-
BitDefender	7.2	2008.07.15	-
CAT-QuickHeal	9.50	2008.07.14	-
ClamAV	0.93.1	2008.07.15	-
DrWeb	4.44.0.09170	2008.07.15	-
eSafe	7.0.17.0	2008.07.14	-
eTrust-Vet	31.6.5956	2008.07.15	Win32/Pripecs!generic
Ewido	4.0	2008.07.14	-
F-Prot	4.4.4.56	2008.07.14	-
F-Secure	7.60.13501.0	2008.07.15	-
Fortinet	3.14.0.0	2008.07.15	-
GData	2.0.7306.1023	2008.07.15	-
Ikarus	T3.1.1.26.0	2008.07.15	-
Kaspersky	7.0.0.125	2008.07.15	-
McAfee	5338	2008.07.14	-
Microsoft	1.3704	2008.07.15	-
NOD32v2	3268	2008.07.15	-
Norman	5.80.02	2008.07.14	-
Panda	9.0.0.4	2008.07.14	-
Prevx1	V2	2008.07.15	-
Rising	20.53.12.00	2008.07.15	Trojan.Win32.Undef.int
Sophos	4.31.0	2008.07.15	-
Sunbelt	3.1.1536.1	2008.07.12	-
Symantec	10	2008.07.15	Downloader.Zlob!gen.3
TheHacker	6.2.96.379	2008.07.14	-
TrendMicro	8.700.0.1004	2008.07.15	-
VBA32	3.12.8.0	2008.07.15	suspected of Downloader.Zlob.7
VirusBuster	4.5.11.0	2008.07.14	-
Webwasher-Gateway	6.6.2	2008.07.15	-
```

File size: 290816 bytes
MD5...: 93907325a13e149426ad14ca2fd08359
SHA1..: 76b5336407a58752a29126f9e9920ee6f4864537
SHA256: 3f949f53f050ed155f27aeba161c839c09122faf27ef51831a  45e398c222ecb8
SHA512: ea177d1d9277a8d0426b7a2cf008180cdb224df549370d912c  5df9c6f71d4e4a
15253f6b1f5b2b5494193e8cd75e4befa474d1d20a903f0d41  a660eadf3aab2a

----------


## Surfer

AhnLab-V3 2008.7.17.0 2008.07.17 - 
*AntiVir 7.8.0.68 2008.07.17 TR/Crypt.XPACK.Gen* 
Authentium 5.1.0.4 2008.07.16 - 
Avast 4.8.1195.0 2008.07.17 - 
AVG 7.5.0.516 2008.07.16 - 
*BitDefender 7.2 2008.07.17 Trojan.Downloader.Exchanger.Gen.1 
CAT-QuickHeal 9.50 2008.07.16 (Suspicious) - DNAScan* 
ClamAV 0.93.1 2008.07.17 - 
DrWeb 4.44.0.09170 2008.07.17 - 
*eSafe 7.0.17.0 2008.07.16 Suspicious File* 
eTrust-Vet 31.6.5961 2008.07.17 - 
Ewido 4.0 2008.07.16 - 
F-Prot 4.4.4.56 2008.07.16 - 
F-Secure 7.60.13501.0 2008.07.17 - 
Fortinet 3.14.0.0 2008.07.17 - 
GData 2.0.7306.1023 2008.07.17 - 
*Ikarus T3.1.1.26.0 2008.07.17 Trojan-Downloader.Exchanger.Gen.1* 
Kaspersky 7.0.0.125 2008.07.17 - 
McAfee 5340 2008.07.16 - 
*Microsoft 1.3704 2008.07.17 TrojanDropper:Win32/Nuwar.gen!ldt* 
NOD32v2 3274 2008.07.17 - 
Norman 5.80.02 2008.07.16 - 
Panda 9.0.0.4 2008.07.16 - 
Prevx1 V2 2008.07.17 - 
Rising 20.53.30.00 2008.07.17 - 
*Sophos 4.31.0 2008.07.17 Mal/TibsPak* 
Sunbelt 3.1.1536.1 2008.07.15 - 
*Symantec 10 2008.07.17 Trojan.Pandex* 
TheHacker 6.2.96.381 2008.07.16 - 
TrendMicro 8.700.0.1004 2008.07.17 - 
VBA32 3.12.8.0 2008.07.17 - 
VirusBuster 4.5.11.0 2008.07.16 - 
*Webwasher-Gateway 6.6.2 2008.07.17 Trojan.Crypt.XPACK.Gen* 

http://www.virustotal.com/analisis/a...3c6949d53d2112

----------


## rubin

Файл avz00001.dta получен 2008.07.17 12:51:23 (CET)


```
AhnLab-V3	2008.7.17.0	2008.07.17	Win-Trojan/Backdoor.30720
AntiVir	7.8.0.68	2008.07.17	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.07.16	-
Avast	4.8.1195.0	2008.07.17	Win32:Trojan-gen {Other}
AVG	8.0.0.130	2008.07.17	SHeur.BUZO
BitDefender	7.2	2008.07.17	Packer.Krunchy.B
CAT-QuickHeal	9.50	2008.07.16	Backdoor.Nvgra.k
ClamAV	0.93.1	2008.07.17	-
DrWeb	4.44.0.09170	2008.07.17	-
eSafe	7.0.17.0	2008.07.16	-
eTrust-Vet	31.6.5961	2008.07.17	Win32/VMalum.DNIW
Ewido	4.0	2008.07.16	-
F-Prot	4.4.4.56	2008.07.16	-
F-Secure	7.60.13501.0	2008.07.17	Suspicious:W32/Malware!Gemini
Fortinet	3.14.0.0	2008.07.17	PossibleThreat
GData	2.0.7306.1023	2008.07.17	Win32:Trojan-gen
Ikarus	T3.1.1.26.0	2008.07.17	Packer.Krunchy.B
Kaspersky	7.0.0.125	2008.07.17	-
McAfee	5340	2008.07.16	-
Microsoft	1.3704	2008.07.17	Backdoor:Win32/Nvgra.K
NOD32v2	3275	2008.07.17	-
Norman	5.80.02	2008.07.16	W32/Smalltroj.FGYV
Panda	9.0.0.4	2008.07.16	Generic Trojan
Prevx1	V2	2008.07.17	Worm
Rising	20.53.32.00	2008.07.17	-
Sophos	4.31.0	2008.07.17	-
Sunbelt	3.1.1536.1	2008.07.15	-
Symantec	10	2008.07.17	-
TheHacker	6.2.96.381	2008.07.16	-
TrendMicro	8.700.0.1004	2008.07.17	-
VBA32	3.12.8.0	2008.07.17	-
VirusBuster	4.5.11.0	2008.07.16	Packed/FRBR
Webwasher-Gateway	6.6.2	2008.07.17	Trojan.Crypt.XPACK.Gen
```

File size: 30720 bytes
MD5...: adc6f1dfc8c7a2efd14f1b075300e16a
SHA1..: 5340f594428385efae104433fa6b8e2dcf67eb25
SHA256: 08c0b284765a456e201f10912cfb71ab2dc6dffcf5178b2c5a  656249613f099b
SHA512: 8ab5223714bb591e24c08a3be6952662a8449bd87351dcb908  104b9fb9f0e410
674adc36215a02c1df80ec8ac63e253f7147a60a508d618bb4  3cbf311ebbd093

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## ZhIV

Файл flow.htm получен 2008.07.18 02:06:30 (CET)


```
AhnLab-V3	2008.7.17.0	2008.07.17	-
AntiVir	7.8.0.68	2008.07.17	HTML/Shellcode.Gen
Authentium	5.1.0.4	2008.07.18	JS/CVE0613
Avast	4.8.1195.0	2008.07.17	-
AVG	8.0.0.130	2008.07.17	JS/Downloader.Agent
BitDefender	7.2	2008.07.18	Trojan.Exploit.Js.Vmlfill.D
CAT-QuickHeal	9.50	2008.07.17	-
ClamAV	0.93.1	2008.07.18	HTML.Exploit-6
DrWeb	4.44.0.09170	2008.07.17	Exploit.MS05-052.1
eSafe	7.0.17.0	2008.07.17	JS.Dloader.bxr.
eTrust-Vet	31.6.5962	2008.07.17	JS/SillyDlScript.DL
Ewido	4.0	2008.07.17	Downloader.Agent.ans
F-Prot	4.4.4.56	2008.07.18	JS/CVE0613
F-Secure	7.60.13501.0	2008.07.17	-
Fortinet	3.14.0.0	2008.07.17	JS/CVC061359.R!exploit
GData	2.0.7306.1023	2008.07.17	-
Ikarus	T3.1.1.34.0	2008.07.17	HTML.Shellcode
Kaspersky	7.0.0.125	2008.07.18	-
McAfee	5340	2008.07.16	-
Microsoft	1.3704	2008.07.18	Exploit:JS/MS05014.A
NOD32v2	3276	2008.07.17	-
Norman	5.80.02	2008.07.17	-
Panda	9.0.0.4	2008.07.17	-
Prevx1	V2	2008.07.18	-
Rising	20.53.32.00	2008.07.17	Hack.Exploit.Script.JS.Bucode.m
Sophos	4.31.0	2008.07.18	Mal/JSShell-B
Sunbelt	3.1.1536.1	2008.07.17	-
Symantec	10	2008.07.18	Downloader
TheHacker	6.2.96.381	2008.07.16	-
TrendMicro	8.700.0.1004	2008.07.17	-
VBA32	3.12.8.0	2008.07.17	-
VirusBuster	4.5.11.0	2008.07.17	-
Webwasher-Gateway	6.6.2	2008.07.18	Script.Shellcode.Gen
```

Дополнительная информация
File size: 1387 bytes
MD5...: 18c18379fda342a718bebc037052a12d
SHA1..: 54ee5a7dc24d43e7355e9a183d4752dd4bef7558
SHA256: 94f3444a15c69c4869c6e29febc24fa7f4f5b3ddea6a1fa5d1  10cd75f51cbba9
SHA512: dd6a978f5908acdbc476dd4e0238275ac9ac8ebb17d1be53c2  ced837f816dd2c<BR>a65824c8c32b7d9bfdf6fd64dd33f7db  4afbd66a8d6bd49d7bf9711df8e1e0f8
PEiD..: -
PEInfo: -

*Добавлено через 1 час 1 минуту*

Файл win.exe получен 2008.07.18 03:09:38 (CET)


```
AhnLab-V3	2008.7.17.0	2008.07.17	-
AntiVir	7.8.0.68	2008.07.17	TR/Hijacker.Gen
Authentium	5.1.0.4	2008.07.18	W32/Downloader.N.gen!Eldorado
Avast	4.8.1195.0	2008.07.17	Win32:Trojan-gen {Other}
AVG	8.0.0.130	2008.07.17	Downloader.Small
BitDefender	7.2	2008.07.18	Trojan.Downloader.Agent.ZFJ
CAT-QuickHeal	9.50	2008.07.17	(Suspicious) - DNAScan
ClamAV	0.93.1	2008.07.18	-
DrWeb	4.44.0.09170	2008.07.17	-
eSafe	7.0.17.0	2008.07.17	-
eTrust-Vet	31.6.5962	2008.07.17	Win32/VMalum.DNFT
Ewido	4.0	2008.07.17	-
F-Prot	4.4.4.56	2008.07.18	W32/Downloader.N.gen!Eldorado
F-Secure	7.60.13501.0	2008.07.17	Trojan.Win32.Inject.dsk
Fortinet	3.14.0.0	2008.07.17	W32/Small.DRU!tr.dldr
GData	2.0.7306.1023	2008.07.18	Trojan.Win32.Inject.dsk
Ikarus	T3.1.1.34.0	2008.07.18	Trojan-Downloader.Agent.ZFJ
Kaspersky	7.0.0.125	2008.07.18	Trojan.Win32.Inject.dsk
McAfee	5341	2008.07.18	Downloader.gen.a
Microsoft	1.3704	2008.07.18	TrojanDownloader:Win32/Agent.WX
NOD32v2	3276	2008.07.17	a variant of Win32/TrojanDownloader.Small.DRU
Norman	5.80.02	2008.07.17	Suspicious_F.gen
Panda	9.0.0.4	2008.07.17	Suspicious file
Prevx1	V2	2008.07.18	-
Rising	20.53.32.00	2008.07.17	-
Sophos	4.31.0	2008.07.18	Mal/Packer
Sunbelt	3.1.1536.1	2008.07.17	Trojan.Win32.Inject.dsk
Symantec	10	2008.07.18	-
TheHacker	6.2.96.381	2008.07.16	-
TrendMicro	8.700.0.1004	2008.07.17	PAK_Generic.001
VBA32	3.12.8.0	2008.07.17	Trojan.Win32.Inject.dsk
VirusBuster	4.5.11.0	2008.07.17	Trojan.DL.Zanoza.Gen
Webwasher-Gateway	6.6.2	2008.07.18	Trojan.Hijacker.Gen
```

Дополнительная информация
File size: 1997 bytes
MD5...: b5cb9d2037f788a56b06157e90b81d72
SHA1..: 90e6b9d72f40afb7c8749aa9defc6af1acdaa7be
SHA256: 6fb960a3bcd3d6cd39e0068d87b960d6143cccab700fccc3d0  dc27c7fda007d5
SHA512: 3175570fec071ff4164af15a52662c8cc0f28b2e11fba242fc  5652181515216d<BR>34a845ad824b363dfa8a1fd08b393c19  a524b38cf281e6e15f2d7fb2a4a92df4
PEiD..: FSG v2.0 -&gt; bart/xt

Файл chkdskxp.exe получен 2008.07.18 03:12:12 (CET)


```
AhnLab-V3	2008.7.17.0	2008.07.17	-
AntiVir	7.8.0.68	2008.07.17	TR/Dropper.Gen
Authentium	5.1.0.4	2008.07.18	W32/Threat-HLLSI-based!Maximus
Avast	4.8.1195.0	2008.07.17	Win32:Iespy-H
AVG	8.0.0.130	2008.07.17	PSW.Spy.D
BitDefender	7.2	2008.07.18	Trojan.Spy.IESpy.DK
CAT-QuickHeal	9.50	2008.07.17	(Suspicious) - DNAScan
ClamAV	0.93.1	2008.07.18	-
DrWeb	4.44.0.09170	2008.07.17	-
eSafe	7.0.17.0	2008.07.17	Suspicious File
eTrust-Vet	31.6.5962	2008.07.17	-
Ewido	4.0	2008.07.17	-
F-Prot	4.4.4.56	2008.07.18	W32/Threat-HLLSI-based!Maximus
F-Secure	7.60.13501.0	2008.07.17	Trojan-Spy.Win32.Iespy.amr
Fortinet	3.14.0.0	2008.07.17	W32/IeSpy.A!tr.dldr
GData	2.0.7306.1023	2008.07.18	Trojan-Spy.Win32.Iespy.amr
Ikarus	T3.1.1.34.0	2008.07.18	Trojan-Spy.Iespy.DK
Kaspersky	7.0.0.125	2008.07.18	Trojan-Spy.Win32.Iespy.amr
McAfee	5341	2008.07.18	Downloader-ASL
Microsoft	1.3704	2008.07.18	TrojanSpy:Win32/Lespy.gen
NOD32v2	3276	2008.07.17	a variant of Win32/Spy.Iespy.NAH
Norman	5.80.02	2008.07.17	Suspicious_F.gen
Panda	9.0.0.4	2008.07.17	Suspicious file
Prevx1	V2	2008.07.18	-
Rising	20.53.32.00	2008.07.17	-
Sophos	4.31.0	2008.07.18	Mal/IeSpy-A
Sunbelt	3.1.1536.1	2008.07.17	Trojan-Spy.IESpy.DK
Symantec	10	2008.07.18	-
TheHacker	6.2.96.381	2008.07.16	-
TrendMicro	8.700.0.1004	2008.07.17	PAK_Generic.001
VBA32	3.12.8.0	2008.07.17	-
VirusBuster	4.5.11.0	2008.07.17	Packed/FSG
Webwasher-Gateway	6.6.2	2008.07.18	Trojan.Dropper.Gen

```

Дополнительная информация
File size: 7288 bytes
MD5...: 1d47e25da59e470020c7a20e277e478b
SHA1..: 2cfdb88c9356dc8c7f6b10c1e932ab6b7dcbda26
SHA256: 165354b1b80b7389acfc1d2207994272a1b1397f4b5a4a74b1  ef68ee9a32d13e
SHA512: a48ffea17d4d304a545da29024925ce0ee29b12cb5713ed47e  ee69c509225363<BR>3ee93d42e5b9dc392f99291db293e7a7  87e2fb4453f5be02252178b4b50459f9
PEiD..: FSG v2.0 -&gt; bart/xt

Файл chkdsk64.exe получен 2008.07.18 03:12:58 (CET)

```
AhnLab-V3	2008.7.17.0	2008.07.17	-
AntiVir	7.8.0.68	2008.07.17	TR/Crypt.Morphine.Gen
Authentium	5.1.0.4	2008.07.18	W32/Injector.A.gen!Eldorado
Avast	4.8.1195.0	2008.07.17	-
AVG	8.0.0.130	2008.07.17	Packed.Morphine.E
BitDefender	7.2	2008.07.18	Packer.Morphine.B
CAT-QuickHeal	9.50	2008.07.17	(Suspicious) - DNAScan
ClamAV	0.93.1	2008.07.18	Trojan.Packed-86
DrWeb	4.44.0.09170	2008.07.17	-
eSafe	7.0.17.0	2008.07.17	Suspicious File
eTrust-Vet	31.6.5962	2008.07.17	-
Ewido	4.0	2008.07.17	-
F-Prot	4.4.4.56	2008.07.18	W32/Injector.A.gen!Eldorado
F-Secure	7.60.13501.0	2008.07.17	Trojan-Proxy.Win32.Mitglieder.lu
Fortinet	3.14.0.0	2008.07.17	W32/NewThreat!Morphine
GData	2.0.7306.1023	2008.07.18	Trojan-Proxy.Win32.Mitglieder.lu
Ikarus	T3.1.1.34.0	2008.07.18	Trojan-PWS.Win32.Vipgsm.ah
Kaspersky	7.0.0.125	2008.07.18	Trojan-Proxy.Win32.Mitglieder.lu
McAfee	5341	2008.07.18	New Poly Win32
Microsoft	1.3704	2008.07.18	VirTool:Win32/Obfuscator.E
NOD32v2	3276	2008.07.17	probably a variant of Win32/Bagfi
Norman	5.80.02	2008.07.17	W32/Smalltroj.FJUD
Panda	9.0.0.4	2008.07.17	Suspicious file
Prevx1	V2	2008.07.18	-
Rising	20.53.32.00	2008.07.17	Packer.Win32.Morphine.a
Sophos	4.31.0	2008.07.18	Mal/EncPk-M
Sunbelt	3.1.1536.1	2008.07.17	Trojan-Proxy.Win32.Mitglieder.lm
Symantec	10	2008.07.18	Bloodhound.Morphine
TheHacker	6.2.96.381	2008.07.16	-
TrendMicro	8.700.0.1004	2008.07.17	Cryp_Morphine
VBA32	3.12.8.0	2008.07.17	Trojan-Proxy.Win32.Mitglieder.lt
VirusBuster	4.5.11.0	2008.07.17	Packed/Morphine.B
Webwasher-Gateway	6.6.2	2008.07.18	Trojan.Crypt.Morphine.Gen

```

Дополнительная информация
File size: 73216 bytes
MD5...: b013bade0e4ce5be5dd713085eb7977a
SHA1..: 8afa956bc8bb3441932b9b66cd52a46a0856db53
SHA256: 3189ab202d0e1af16e2f408993abc8286e8c9acff23bcae067  0d27203162c652
SHA512: 4d94878353483c0920515d6355ba20d6161ce19776253c15ce  41b3bd05090a3d<BR>bea0968482ec41c63b9fccb96030c0c8  091442ec3aa24f23967bae58f97f079f
PEiD..: -

----------


## senyak

Файл movie.cnm получен 2008.07.18 19:54:33 (CET)
Текущий статус:   закончено 
Результат: 8/33 (24.25%)




> *AhnLab-V3	2008.7.17.0	2008.07.18	HTML/Zlob
> AntiVir	7.8.1.11	2008.07.18	HEUR/HTML.Malware*
> Authentium	5.1.0.4	2008.07.18	-
> Avast	4.8.1195.0	2008.07.18	-
> *AVG	8.0.0.130	2008.07.18	JS/Downloader.Agent
> BitDefender	7.2	2008.07.18	Trojan.HTML.Zlob.W
> CAT-QuickHeal	9.50	2008.07.18	HTM/Zlob.GEN.2*
> ClamAV	0.93.1	2008.07.18	-
> DrWeb	4.44.0.09170	2008.07.18	-
> ...


Дополнительная информация
File size: 10660 bytes
MD5...: 94fdd4465553a2ad2544f3e21c801731
SHA1..: d0e643b0c798a5bc1929d55f9b46f9e90358e4b0
SHA256: c019f6cee3e047f16b149d3678843f02e26468ed8094715b87  d1d1e22c34ae1c
SHA512: 5c7e3995697ff44fd7b35ab5efd3fa4ac696db7096be92c72b  c1a8b5145f9895
2a3ee180bda8e7ee0be684b55f4db4bade51d61000db9b44ed  79ff7778b4d78a
PEiD..: -
PEInfo: -




Файл index.corm получен 2008.07.18 19:54:41 (CET)
Текущий статус:   закончено 
Результат: 8/33 (24.25%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.7.17.0	2008.07.18	-
> *AntiVir	7.8.1.11	2008.07.18	HEUR/HTML.Malware
> Authentium	5.1.0.4	2008.07.18	JS/Agent.CH*
> Avast	4.8.1195.0	2008.07.18	-
> AVG	8.0.0.130	2008.07.18	-
> *BitDefender	7.2	2008.07.18	Trojan.HTML.Zlob.AA
> CAT-QuickHeal	9.50	2008.07.18	HTM/Zlob.GEN.1*
> ClamAV	0.93.1	2008.07.18	-
> ...


Дополнительная информация
File size: 12550 bytes
MD5...: dc41cdeea34c120fa963a28775c40d4c
SHA1..: f494380e17544c5f85e7ec5e5ef30135431784fa
SHA256: 659e9a377dabedcfd65ace1d152a9eecd03a83015f70320ff3  b50562f18ec6da
SHA512: 9ee03f1747a51c8af55f06c54e16c22fa3a8452e90411c2a9a  1b2b4741029d9c
068929f421aba8eb63af7336caa103c986130194eecc54630f  75dc4b25ed2867
PEiD..: -
PEInfo: -




Файл 3913098.codec получен 2008.07.18 19:54:51 (CET)
Текущий статус:   закончено 
Результат: 19/33 (57.58%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.7.17.0	2008.07.18	-
> *AntiVir	7.8.1.11	2008.07.18	DR/Delphi.Gen
> Authentium	5.1.0.4	2008.07.18	W32/Adware-RegBHO-based.1!*Maximus
> Avast	4.8.1195.0	2008.07.18	-
> *AVG	8.0.0.130	2008.07.18	Generic10.BENK
> BitDefender	7.2	2008.07.18	Dropped:Trojan.Zlob.CQJ*
> CAT-QuickHeal	9.50	2008.07.18	-
> ClamAV	0.93.1	2008.07.18	-
> ...


Дополнительная информация
File size: 56839 bytes
MD5...: d3c0a9e08873a21834b974b23fbf2280
SHA1..: 0692c06db8388cedb3ade279b3be907da18051a8
SHA256: 29ef18abfdb5a40868375a2f53a4551fdf592e5f6b662570e1  137e94512a2c66
SHA512: 179b5ec9f71db5e0ab6b99aa7d6bf3f4e5db1e739d231bade5  59e116d5a28c38
1c343032450d85bf287b776e1056d07725537083f72f09b301  126314b2292eae
PEiD..: -
PEInfo: PE Structure information




Файл AntiMalwareGuard_Free.exe получен 2008.07.18 20:29:44 (CET)
Текущий статус:   закончено 
Результат: 11/33 (33.34%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.7.17.0	2008.07.18	-
> AntiVir	7.8.1.11	2008.07.18	-
> *Authentium	5.1.0.4	2008.07.18	W32/180Solutions.A.gen!Eldorado
> Avast	4.8.1195.0	2008.07.18	Win32:Faker-J*
> AVG	8.0.0.130	2008.07.18	-
> BitDefender	7.2	2008.07.18	-
> CAT-QuickHeal	9.50	2008.07.18	-
> ClamAV	0.93.1	2008.07.18	-
> ...


Дополнительная информация
File size: 572368 bytes
MD5...: db40f65910898dc7e6067a6644356881
SHA1..: cfa8988a75905390b1fbf7d3434f830908412fa8
SHA256: b894c45cb4ec168f052454f1ae106fab80b2d21cc5c71ed6bb  ef5ab6e8309111
SHA512: 42b125c58b07e4b1d1128a35b13bda1735ca8167aac4a998ac  1ded1750880c5c
2480fc9126447303da5cfb63e266a4c23347dac743ad901f0f  28141fbd7421c9
PEiD..: ASPack v2.12
PEInfo: PE Structure information

*Добавлено через 25 минут*

Файл MediaTubeCodec_ver1.1172.1.bbr получен 2008.07.18 20:57:41 (CET)
Текущий статус:   закончено 
Результат: 6/33 (18.19%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.7.17.0	2008.07.18	-
> AntiVir	7.8.1.11	2008.07.18	-
> Authentium	5.1.0.4	2008.07.18	-
> Avast	4.8.1195.0	2008.07.18	-
> AVG	8.0.0.130	2008.07.18	-
> BitDefender	7.2	2008.07.18	-
> CAT-QuickHeal	9.50	2008.07.18	-
> *ClamAV	0.93.1	2008.07.18	Trojan.Zlob.REN*
> ...


Дополнительная информация
File size: 65536 bytes
MD5...: 767ea438d639d6e61286850a65958ef8
SHA1..: 6659a6c20aef70d6538ce7aa032e2f701468e656
SHA256: 4e2cda79db0b749d8f42756a24630958b5df173ea5b3cb9259  310455b753a170
SHA512: c0183686287ca9483481df6d423e41a059d7e12afa673694e9  fbc901edcec44c
3c9048404c674aa43ca89aa7f2befa4bb97addec014b3c7e82  732cc84dabfada
PEiD..: -
PEInfo: PE Structure information

----------


## Groft

> Файл exe.exe получен 2008.07.20 20:05:25 (CET)
> Текущий статус:   закончено 
> Результат: 20/33 (60.61%) 
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> *AhnLab-V3	2008.7.17.0	2008.07.18	Win32/IRCBot.worm.19968.F*
> *AntiVir	7.8.1.11	2008.07.20	TR/Agent.19968.N*
> *Authentium	5.1.0.4	2008.07.20	W32/Heuristic-245!Eldorado*
> *Avast	4.8.1195.0	2008.07.20	Win32:Trojan-gen {Other}*
> ...


http://www.virustotal.com/ru/analisi...1745a2701a1da3



> Файл opr000SS.exe получен 2008.07.20 20:05:49 (CET)
> Текущий статус:   закончено 
> Результат: 6/33 (18.19%) 
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.7.17.0	2008.07.18	-
> AntiVir	7.8.1.11	2008.07.20	-
> Authentium	5.1.0.4	2008.07.20	-
> *Avast	4.8.1195.0	2008.07.20	Win32:Trojan-gen {Other}*
> ...


http://www.virustotal.com/ru/analisi...557c7d1d94be2e



> Файл opr001AG.xml получен 2008.07.20 20:10:31 (CET)
> Текущий статус:   закончено 
> Результат: 8/33 (24.25%) 
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.7.17.0	2008.07.18	-
> AntiVir	7.8.1.11	2008.07.20	-
> *Authentium	5.1.0.4	2008.07.20	W32/Downloader-Sml-based!Maximus*
> Avast	4.8.1195.0	2008.07.20	-
> ...


http://www.virustotal.com/ru/analisi...15bfb978af58e7



> Файл _________________________________ получен 2008.07.20 20:12:46 (CET)
> Текущий статус:    закончено 
> Результат: 4/33 (12.13%) 
>  Форматированные 
> Печать результатов  Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.7.17.0	2008.07.18	-
> AntiVir	7.8.1.11	2008.07.20	-
> Authentium	5.1.0.4	2008.07.20	-
> Avast	4.8.1195.0	2008.07.20	-
> ...


http://www.virustotal.com/ru/analisi...5030550b621de3

----------


## santy

Файл procexp_.Vexe получен 2008.07.21 10:21:25 (CET)
Антивирус	Версия	Обновление	Результат
*AhnLab-V3	2008.7.17.0	2008.07.21	Win32/Kashu.B*
*AntiVir	7.8.1.11	2008.07.21	W32/Sality*
*Authentium	5.1.0.4	2008.07.20	W32/Sality.AJ*
*Avast	4.8.1195.0	2008.07.20	Win32:Sality*
*AVG	8.0.0.130	2008.07.20	Win32/Tanatos.J*
*BitDefender	7.2	2008.07.21	Win32.Sality.OE*
*CAT-QuickHeal	9.50	2008.07.18	W32.Sality.U*
ClamAV	0.93.1	2008.07.21	-
*DrWeb	4.44.0.09170	2008.07.21	Win32.Sector.5*
eSafe	7.0.17.0	2008.07.20	-
*eTrust-Vet	31.6.5966	2008.07.18	Win32/Sality.X*
Ewido	4.0	2008.07.20	-
*F-Prot	4.4.4.56	2008.07.20	W32/Sality.AJ*
*F-Secure	7.60.13501.0	2008.07.21	Virus.Win32.Sality.z*
*Fortinet	3.14.0.0	2008.07.21	W32/Sality.Y*
*GData	2.0.7306.1023	2008.07.21	Virus.Win32.Sality.z*
*Ikarus	T3.1.1.34.0	2008.07.21	Virus.Win32.Sality.y*
Kaspersky	7.0.0.125	2008.07.21	-
*McAfee	5342	2008.07.18	W32/Sality.ag*
*Microsoft	1.3704	2008.07.21	Virus:Win32/Sality.AM*
*NOD32v2	3282	2008.07.19	Win32/Sality.NAO*
*Norman	5.80.02	2008.07.18	W32/Sality.AD*
*Panda	9.0.0.4	2008.07.20	W32/Sality.AF*
Prevx1	V2	2008.07.21	-
*Rising	20.54.00.00	2008.07.21	Win32.KUKU.a*
*Sophos	4.31.0	2008.07.21	W32/Sality-AM*
Sunbelt	3.1.1536.1	2008.07.18	-
*Symantec	10	2008.07.21	W32.Sality.AE*
TheHacker	6.2.96.385	2008.07.20	-
*TrendMicro	8.700.0.1004	2008.07.21	Mal_Sality*
*VBA32	3.12.8.1	2008.07.20	Virus.Win32.Sality.2*
*VirusBuster	4.5.11.0	2008.07.20	Win32.Sality.AM.Gen*
*Webwasher-Gateway	6.6.2	2008.07.21	Win32.Sality*
Дополнительная информация
File size: 3585064 bytes
MD5...: 2ed3fae47ad21f40fd3477650dabbd4c
SHA1..: 62d744123392905c4117e9b1874a5ade61fd3e9c
SHA256: fbf7c2e418da126b06706d040bba36ae962a86036032de16e7  a5dbf545e07f07
SHA512: 433ab91e99fd072c4cac741d0436de917a7ea1f0b6df6bf274  e03ff38d92ae5a<br>e9d4bd0202e96b8c1b4e6d28255ee5e9  2b2d817cb5541c51d63a03f35b9657e7
PEiD..: -

http://www.virustotal.com/ru/analisi...bb28a6486f7544

----------


## senyak

Файл viewmovie.html получен 2008.07.21 23:28:40 (CET)
Текущий статус:   закончено 
Результат: 5/33 (15.16%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.7.21.1	2008.07.21	-
> *AntiVir	7.8.1.11	2008.07.21	HEUR/HTML.Malware*
> Authentium	5.1.0.4	2008.07.21	-
> Avast	4.8.1195.0	2008.07.21	-
> AVG	8.0.0.130	2008.07.21	-
> *BitDefender	7.2	2008.07.21	Trojan.HTML.Zlob.Y
> CAT-QuickHeal	9.50	2008.07.21	HTM/Zlob.GEN.2*
> ClamAV	0.93.1	2008.07.21	-
> ...


Дополнительная информация
File size: 12180 bytes
MD5...: cd78194afd19532055c4e8b87e0860d4
SHA1..: d509174241ab949b2aafac21b09aea3d1270169c
SHA256: 75052d9a18207f247ce4df9ce173d585d7543fee4362eae919  d3c2703d98fb0f
SHA512: 5dc882d9c9631170fc89cee8926cb686e0da0ff5f43da82f1b  19c4b282c41297
cd82356c6778854b09bd93a6fe9e5e4dcc0f3f3aba19a0b0f5  603e5f30087bbe
PEiD..: -
PEInfo: -

----------


## rubin

Файл avz00001.dta получен 2008.07.22 14:05:20 (CET)



```
AhnLab-V3	2008.7.22.2	2008.07.22	-
AntiVir	7.8.1.11	2008.07.22	TR/Dropper.Gen
Authentium	5.1.0.4	2008.07.22	-
Avast	4.8.1195.0	2008.07.22	Win32:Trojan-gen {Other}
AVG	8.0.0.130	2008.07.22	SHeur.BWOJ
BitDefender	7.2	2008.07.22	-
CAT-QuickHeal	9.50	2008.07.21	-
ClamAV	0.93.1	2008.07.22	-
DrWeb	4.44.0.09170	2008.07.22	Trojan.Inject.3609
eSafe	7.0.17.0	2008.07.21	-
eTrust-Vet	31.6.5974	2008.07.22	-
Ewido	4.0	2008.07.22	-
F-Prot	4.4.4.56	2008.07.22	-
F-Secure	7.60.13501.0	2008.07.22	-
Fortinet	3.14.0.0	2008.07.22	W32/Dropper.KIN!tr
GData	2.0.7306.1023	2008.07.22	Win32:Trojan-gen
Ikarus	T3.1.1.34.0	2008.07.22	Trojan-Dropper
Kaspersky	7.0.0.125	2008.07.22	-
McAfee	5343	2008.07.21	-
Microsoft	1.3704	2008.07.22	-
NOD32v2	3288	2008.07.22	-
Norman	5.80.02	2008.07.21	-
Panda	9.0.0.4	2008.07.21	-
PCTools	4.4.2.0	2008.07.21	-
Prevx1	V2	2008.07.22	-
Rising	20.54.12.00	2008.07.22	-
Sophos	4.31.0	2008.07.22	-
Sunbelt	3.1.1536.1	2008.07.18	-
Symantec	10	2008.07.22	Trojan Horse
TheHacker	6.2.96.385	2008.07.20	-
TrendMicro	8.700.0.1004	2008.07.22	-
VBA32	3.12.8.1	2008.07.21	suspected of Malware-Cryptor.Win32.General.2
VirusBuster	4.5.11.0	2008.07.21	-
Webwasher-Gateway	6.6.2	2008.07.22	Trojan.Dropper.Gen
```

File size: 94720 bytes
MD5...: 63b2fda89aac60482d1d19fd16089c8b
SHA1..: 4c443639da4bac88181665f41e98c10e7fbd2173
SHA256: b51a4314502a6dc1911cea39d2e456861979e934a6ba7f608a  bc46bed107cc65
SHA512: e588d5f7ed20420be8e13fb5ac6140bce1f3f6e75e35d80338  976e1e918a6f6d
cc0b4d689e4bbed521b4167cac6432511f09d0bb55e4b5d45a  0bebce0457b1e9

----------


## senyak

Файл viewmovie.html получен 2008.07.22 18:33:06 (CET)
Текущий статус:   закончено 
Результат: 6/34 (17.65%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.7.22.2	2008.07.22	-
> *AntiVir	7.8.1.11	2008.07.22	HEUR/HTML.Malware*
> Authentium	5.1.0.4	2008.07.22	-
> Avast	4.8.1195.0	2008.07.22	-
> AVG	8.0.0.130	2008.07.22	-
> *BitDefender	7.2	2008.07.22	Trojan.HTML.Zlob.Y
> CAT-QuickHeal	9.50	2008.07.22	HTM/Zlob.GEN.2*
> ClamAV	0.93.1	2008.07.22	-
> ...


Дополнительная информация
File size: 12180 bytes
MD5...: cd78194afd19532055c4e8b87e0860d4
SHA1..: d509174241ab949b2aafac21b09aea3d1270169c
SHA256: 75052d9a18207f247ce4df9ce173d585d7543fee4362eae919  d3c2703d98fb0f
SHA512: 5dc882d9c9631170fc89cee8926cb686e0da0ff5f43da82f1b  19c4b282c41297
cd82356c6778854b09bd93a6fe9e5e4dcc0f3f3aba19a0b0f5  603e5f30087bbe
PEiD..: -
PEInfo: -

----------


## Kuzz

Файл file.exe получен 2008.07.23 12:29:42 (CET)
Результат: 9/35 (25.72%) 
Антивирус	Версия	Обновление	Результат


```
AhnLab-V3	2008.7.23.0	2008.07.22	-
AntiVir		7.8.1.11	2008.07.23	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.07.23	-
Avast		4.8.1195.0	2008.07.23	Win32:Zbot-AIO
AVG		8.0.0.130	2008.07.23	Pakes
BitDefender	7.2	2008.07.23	Trojan.Spy.ZBot.HJ
CAT-QuickHeal	9.50	2008.07.22	-
ClamAV		0.93.1	2008.07.23	-
DrWeb		4.44.0.09170	2008.07.23	Trojan.Packed.511
eSafe		7.0.17.0		2008.07.22	-
eTrust-Vet	31.6.5975	2008.07.22	-
Ewido		4.0		2008.07.22	-
F-Prot		4.4.4.56		2008.07.22	W32/Zbot.J2.gen!Eldorado
F-Secure	7.60.13501.0	2008.07.23	-
Fortinet	3.14.0.0		2008.07.23	-
GData		2.0.7306.1023	2008.07.23	Win32:Zbot-AIO
Ikarus		T3.1.1.34.0	2008.07.23	-
Kaspersky	7.0.0.125		2008.07.23	-
McAfee		5344	2008.07.22	-
Microsoft	1.3704	2008.07.23	-
NOD32v2		3290	2008.07.23	-
Norman		5.80.02	2008.07.22	-
Panda		9.0.0.4	2008.07.23	-
PCTools		4.4.2.0	2008.07.22	-
Prevx1		V2	2008.07.23	-
Rising		20.54.22.00	2008.07.23	-
Sophos		4.31.0	2008.07.23	Mal/TibsPak
Sunbelt		3.1.1536.1	2008.07.18	-
Symantec	10	2008.07.23	-
TheHacker	6.2.96.387	2008.07.23	-
TrendMicro	8.700.0.1004	2008.07.23	-
VBA32		3.12.8.1	2008.07.22	-
VIRobot		2008.7.23.1307	2008.07.23	-
VirusBuster	4.5.11.0	2008.07.22	-
Webwasher-Gateway	6.6.2	2008.07.23	Trojan.Crypt.XPACK.Gen
```

Дополнительная информация
File size: 54272 bytes
MD5...: 0340c7bd437baa624de2f97e4a75f797
SHA1..: 48c5c9096c6d471fff2ee8f3802fa345f4f7648d
SHA256: a34507a4c5a1c1316288e4396b003641237014e01c23f5b20a  d46eea657c9b3c
SHA512: 0bdaa55316c42e0e302c0d7e5a31a90489e5dab6810e2a03a4  5b4d38cbceda83
355e582d5986064c69b5cf6802073e9a83681159fa48006414  f56f84f52e2559


Файл load.exe получен 2008.07.23 12:29:51 (CET)
Результат: 14/35 (40%) 
Антивирус	Версия	Обновление	Результат


```
AhnLab-V3	2008.7.23.0	2008.07.22	-
AntiVir	7.8.1.11	2008.07.23	HEUR/Crypted
Authentium	5.1.0.4	2008.07.23	-
Avast	4.8.1195.0	2008.07.23	-
AVG	8.0.0.130	2008.07.23	Downloader.FraudLoad.A
BitDefender	7.2	2008.07.23	Trojan.FakeAlert.UT
CAT-QuickHeal	9.50	2008.07.22	(Suspicious) - DNAScan
ClamAV	0.93.1	2008.07.23	-
DrWeb	4.44.0.09170	2008.07.23	-
eSafe	7.0.17.0	2008.07.22	Suspicious File
eTrust-Vet	31.6.5976	2008.07.23	-
Ewido	4.0	2008.07.22	-
F-Prot	4.4.4.56	2008.07.22	-
F-Secure	7.60.13501.0	2008.07.23	-
Fortinet	3.14.0.0	2008.07.23	-
GData	2.0.7306.1023	2008.07.23	Trojan-Downloader.Win32.Small.ytt
Ikarus	T3.1.1.34.0	2008.07.23	Trojan.Fakealert.UT
Kaspersky	7.0.0.125	2008.07.23	Trojan-Downloader.Win32.Small.ytt
McAfee	5344	2008.07.22	-
Microsoft	1.3704	2008.07.23	Trojan:Win32/Tibs.HK
NOD32v2	3290	2008.07.23	Win32/TrojanDownloader.FakeAlert.DR
Norman	5.80.02	2008.07.22	-
Panda	9.0.0.4	2008.07.23	-
PCTools	4.4.2.0	2008.07.22	-
Prevx1	V2	2008.07.23	Malicious Software
Rising	20.54.22.00	2008.07.23	-
Sophos	4.31.0	2008.07.23	Mal/TibsPk-D
Sunbelt	3.1.1536.1	2008.07.18	-
Symantec	10	2008.07.23	Packed.Generic.174
TheHacker	6.2.96.387	2008.07.23	-
TrendMicro	8.700.0.1004	2008.07.23	-
VBA32	3.12.8.1	2008.07.22	-
VIRobot	2008.7.23.1307	2008.07.23	-
VirusBuster	4.5.11.0	2008.07.22	-
Webwasher-Gateway	6.6.2	2008.07.23	Heuristic.Crypted
```

Дополнительная информация
File size: 110080 bytes
MD5...: 5754a53b9ce16286b572f8eefa50b947
SHA1..: 0a4f521601e77e9c4c1ac314795a5300715b773c
SHA256: 5813a7673432cc50e8bbc7eddab1acec671a75538b8a2125ef  5bebd3790cc4ae
SHA512: 5c678755c2ee90f7404e4cbed70ae1b1d44acb1fdbb067ae1d  654e8415607f8d
8165ddd4b3cbf5f50eb24d2640971623d28a16df70096b9ad1  fa1db2f3a7fc13
PEiD..: -

----------


## Shu_b

С опозданием, но всё же... 
Итоги июня, второго квартала, сумма по всему тесту.
В месячном добавлен - GData, в суммах исключён FileAdvisor.

----------


## senyak

Файл NODB65.tmp получен 2008.07.25 19:48:45 (CET)
Текущий статус:   закончено 
Результат: 7/35 (20%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.7.26.0	2008.07.25	-
> *AntiVir	7.8.1.12	2008.07.25	DR/BHO.ffl*
> Authentium	5.1.0.4	2008.07.25	-
> Avast	4.8.1195.0	2008.07.25	-
> AVG	8.0.0.130	2008.07.25	-
> *BitDefender	7.2	2008.07.25	Trojan.Zlob.CQO*
> CAT-QuickHeal	9.50	2008.07.25	-
> ClamAV	0.93.1	2008.07.25	-
> ...


Дополнительная информация
File size: 192252 bytes
MD5...: fbe42f89224b258bf479d757cb0b6b74
SHA1..: 5627ee9c577173cfa336cfd966b785e977e3f67a
SHA256: ad679adce858af6f60d38f0ca1e047aa05e831fa53217c7f89  d667559dc2a3cf
SHA512: 116f0e167bb9da1b0cb857623ad8cc224fb4529e96cf8ca6a2  85b7a9d8e15d6a
5e42837323a11cfa403ec94ae8178f3cc9fb13e79ffc31eb0b  c3b54a9a59ded4
PEiD..: -
PEInfo: -
packers (Kaspersky): PE-Crypt.XorPE
packers (F-Prot): XORCrypt

----------


## senyak

Файл MediaTubeCodec_ver1.568.0.exe получен 2008.07.26 20:19:40 (CET)
Текущий статус:   закончено 
Результат: 5/35 (14.29%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.7.26.0	2008.07.25	-
> AntiVir	7.8.1.12	2008.07.25	-
> Authentium	5.1.0.4	2008.07.26	-
> Avast	4.8.1195.0	2008.07.26	-
> AVG	8.0.0.130	2008.07.25	-
> BitDefender	7.2	2008.07.26	-
> CAT-QuickHeal	9.50	2008.07.25	-
> ClamAV	0.93.1	2008.07.26	-
> ...


Дополнительная информация
File size: 65536 bytes
MD5...: e5194a524a278174201fd7aa76f17611
SHA1..: 3a658e9bfb159c95b727e222accc1d59dfffb9d6
SHA256: da9f387995c279355432e07170f208fb6d159b2bd66fa44bb0  87a0a92ce8278f
SHA512: aa227c5e7d06d8533f8b367bc3bd707b55208b63dc3c7c4ea9  ef35e8f48e0f74
480965af6f77353656607ffaa12f9262adb2e823d44c1c76f5  476cdecd4a4aac
PEiD..: -
PEInfo: PE Structure information

----------


## senyak

Файл 3913098.exe получен 2008.07.28 13:54:04 (CET)
Текущий статус:   закончено 
Результат: 20/35 (57.15%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.7.26.0	2008.07.28	-
> *AntiVir	7.8.1.12	2008.07.28	TR/BHO.fby.3
> Authentium	5.1.0.4	2008.07.28	W32/Adware-RegBHO-based.1!Maximus*
> Avast	4.8.1195.0	2008.07.27	-
> *AVG	8.0.0.130	2008.07.28	Generic11.PM
> BitDefender	7.2	2008.07.28	Dropped:Trojan.Zlob.CQJ*
> CAT-QuickHeal	9.50	2008.07.25	-
> *ClamAV	0.93.1	2008.07.28	Trojan.BHO-3678*
> ...





Файл movie получен 2008.07.28 13:55:01 (CET)
Текущий статус:   закончено 
Результат: 10/35 (28.58%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.7.26.0	2008.07.28	-
> *AntiVir	7.8.1.12	2008.07.28	HEUR/HTML.Malware
> Authentium	5.1.0.4	2008.07.28	JS/Agent.FA*
> Avast	4.8.1195.0	2008.07.27	-
> *AVG	8.0.0.130	2008.07.28	Downloader.Zlob.HTML
> BitDefender	7.2	2008.07.28	Trojan.HTML.Zlob.W
> CAT-QuickHeal	9.50	2008.07.25	HTM/Zlob.GEN.2*
> ClamAV	0.93.1	2008.07.28	-
> ...





Файл player.php получен 2008.07.28 13:57:24 (CET)
Текущий статус:   закончено 
Результат: 9/35 (25.72%)




> Антивирус	Версия	Обновление	Результат
> *AhnLab-V3	2008.7.26.0	2008.07.28	HTML/Zlob
> AntiVir	7.8.1.12	2008.07.28	HEUR/HTML.Malware
> Authentium	5.1.0.4	2008.07.28	JS/Agent.CF*
> Avast	4.8.1195.0	2008.07.27	-
> AVG	8.0.0.130	2008.07.28	-
> BitDefender	7.2	2008.07.28	-
> *CAT-QuickHeal	9.50	2008.07.25	HTM/Zlob.GEN.2*
> ClamAV	0.93.1	2008.07.28	-
> ...

----------


## Hanson

Файл avz00001.dta получен 2008.07.31 15:27:50 (CET)

Результат: 16/35 (45.72%)




> Антивирус     Версия     Обновление     Результат
> AhnLab-V3    2008.7.29.1    2008.07.31    -
> *AntiVir    7.8.1.12    2008.07.31    TR/Proxy.Delf.CA*
> Authentium    5.1.0.4    2008.07.31    -
> Avast    4.8.1195.0    2008.07.31    -
> AVG    8.0.0.156    2008.07.31    -
> BitDefender    7.2    2008.07.31    -
> *CAT-QuickHeal    9.50    2008.07.30    (Suspicious) - DNAScan*
> ClamAV    0.93.1    2008.07.31    -
> ...


Дополнительная информация
File size: 8957 bytes
MD5...: 6168356a1efb578baf20e3751c927ad0
SHA1..: b2899b2ca105b2d656498691fc7f4c0c050fd968
SHA256: 590c88ab4765309ee88106002d59ae1b0005479ea2e128701e  8a75ebad4b7989
SHA512: 03fcf634d4b3faff2713c6c1981f076c4768425df972b4ba60  c9de703278c0fa
c72243879bc85856be3b61ef26324a0e4f03e8deb52ec5371d  46a88378b38fd1

----------


## Shu_b

Чем поделились, то и посчитали... (что то много скриптов...)
в месячном добавлен TrendMicro.

----------


## senyak

Файл MediaTubeCodec_ver1.1555.0.exe получен 2008.08.03 20:12:51 (CET)
Текущий статус:    закончено 
Результат: 6/36 (16.67%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.7.29.1	2008.08.02	-
> AntiVir	7.8.1.15	2008.08.01	-
> Authentium	5.1.0.4	2008.08.03	-
> Avast	4.8.1195.0	2008.08.03	-
> *AVG	8.0.0.156	2008.08.03	Downloader.Zlob_r.Y
> BitDefender	7.2	2008.08.03	Trojan.Zlob.CRK*
> CAT-QuickHeal	9.50	2008.08.02	-
> ClamAV	0.93.1	2008.08.03	-
> ...


Дополнительная информация
File size: 65536 bytes
MD5...: 4375fc8069fb7199f1275c6d8e0d8412
SHA1..: 52229b7a0e24e297b0e3888ec6dba70440424aa7
SHA256: 2384858e0e88de42b4e69f636eea9389304f6f2a48324d2166  0b4dff3a23ca72
SHA512: ec3b028230f1660aeb6e3537112b8f2bf1a6713d1b250d13c0  fd8976cce8e036
d443b1f9090275e5293235738419c77ecd2fd017edc3d24933  9fa1854989be37
PEiD..: -
PEInfo: PE Structure information




Файл 1.html получен 2008.08.03 20:15:29 (CET)
Текущий статус:    закончено 
Результат: 13/36 (36.12%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.7.29.1	2008.08.02	-
> *AntiVir	7.8.1.15	2008.08.01	HTML/Silly.Gen*
> Authentium	5.1.0.4	2008.08.03	-
> Avast	4.8.1195.0	2008.08.03	-
> AVG	8.0.0.156	2008.08.03	-
> BitDefender	7.2	2008.08.03	-
> *CAT-QuickHeal	9.50	2008.08.02	HTM/SetSlice.A*
> ClamAV	0.93.1	2008.08.03	-
> ...


Дополнительная информация
File size: 9818 bytes
MD5...: 99d1bbdb47365a6f1ad19868afc316a7
SHA1..: 26ca5ffd7d09dc5d74be3973331095db66b9fa02
SHA256: 10cc4a22af7bfefc731ff247abcd4a082c2a7a9948f581272c  ca208b7ca40fc8
SHA512: 612c6f2b064d437c8ff56aa3eaf3d5f260fa219300370c05fc  32630d6b9b9a16
8688443c0ea84f9699eb8f7d3f65248bd4d01b7c943e6be7fb  4502db57d5721d
PEiD..: -
PEInfo: -





Файл master.js получен 2008.08.03 20:18:52 (CET)
Текущий статус:   закончено 
Результат: 4/36 (11.12%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.7.29.1	2008.08.02	-
> *AntiVir	7.8.1.15	2008.08.01	JS/Dldr.Agent.PV*
> Authentium	5.1.0.4	2008.08.03	-
> Avast	4.8.1195.0	2008.08.03	-
> *AVG	8.0.0.156	2008.08.02	Downloader.Generic_c.AAN
> BitDefender	7.2	2008.08.03	Trojan.FakeAlert.WO*
> CAT-QuickHeal	9.50	2008.08.02	-
> ClamAV	0.93.1	2008.08.03	-
> ...


Дополнительная информация
File size: 1380 bytes
MD5...: e4e18517e1ee5dcd68cf0bc7102d057a
SHA1..: 49e56e1d770a21c3fdca225b0842323100057b68
SHA256: d9b7697e34c02972467c20f34a29388df2dec374186d536e13  f5c4d39df87cf4
SHA512: 1c5c9075791e9cc2b1d5ee863e0f98247992b578dd92773ae3  ec00024e8ba06e
b257d780f953ea64ca2d140b4ce7b0b3693cfcc08124272122  27405e58c7959d
PEiD..: -
PEInfo: -

----------


## rubin

```
AhnLab-V3	2008.8.5.0	2008.08.05	-
AntiVir	7.8.1.15	2008.08.05	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.08.04	-
Avast	4.8.1195.0	2008.08.05	Win32:Trojan-gen {Other}
AVG	8.0.0.156	2008.08.05	Win32/Heur
BitDefender	7.2	2008.08.05	Trojan.PWS.OnlineGames.ZLB
CAT-QuickHeal	9.50	2008.08.04	-
ClamAV	0.93.1	2008.08.05	-
DrWeb	4.44.0.09170	2008.08.05	-
eSafe	7.0.17.0	2008.08.05	Suspicious File
eTrust-Vet	31.6.6009	2008.08.05	-
Ewido	4.0	2008.08.04	-
F-Prot	4.4.4.56	2008.08.04	-
F-Secure	7.60.13501.0	2008.08.05	-
Fortinet	3.14.0.0	2008.08.04	-
GData	2.0.7306.1023	2008.08.04	Win32:Trojan-gen
Ikarus	T3.1.1.34.0	2008.08.05	Trojan-PWS.Win32.Nilage.ara
K7AntiVirus	7.10.403	2008.08.04	-
Kaspersky	7.0.0.125	2008.08.05	-
McAfee	5353	2008.08.04	PWS-Gamania.gen.a
Microsoft	1.3807	2008.08.05	PWS:Win32/Frethog.D
NOD32v2	3327	2008.08.05	Win32/PSW.OnLineGames.NMP
Norman	5.80.02	2008.08.04	-
Panda	9.0.0.4	2008.08.04	W32/Lineage.JHI.worm
PCTools	4.4.2.0	2008.08.04	Trojan.Lineage.Gen!Pac.3
Prevx1	V2	2008.08.05	Cloaked Malware
Rising	20.56.11.00	2008.08.05	-
Sophos	4.31.0	2008.08.05	Sus/Behav-200
Sunbelt	3.1.1537.1	2008.08.01	-
Symantec	10	2008.08.05	W32.Gammima.AG
TheHacker	6.2.96.393	2008.08.04	-
TrendMicro	8.700.0.1004	2008.08.05	PAK_Generic.001
VBA32	3.12.8.2	2008.08.04	Trojan.Win32.Vaklik.ckm
ViRobot	2008.8.4.1322	2008.08.04	-
VirusBuster	4.5.11.0	2008.08.04	-
Webwasher-Gateway	6.6.2	2008.08.05	Trojan.Crypt.XPACK.Gen
```

File size: 84992 bytes
MD5...: 24979878f9fb2a3442f54e24c2304764
SHA1..: 4029a606d399f1583bcb57c53c5d79c467c7416a
SHA256: 8b99384bb84f49643af3993734fc7e68f83f0249d599bbfcad  6fd023586862f9
SHA512: 0066f55622aba3d4b46cf527ed1db8702e4948f65ad3532169  779ff9048e094b
6853e1da46aa93ab8332cf475e22121825457265300f7b6930  671d79cbd41416




```
AhnLab-V3	2008.8.5.0	2008.08.05	-
AntiVir	7.8.1.15	2008.08.05	-
Authentium	5.1.0.4	2008.08.04	-
Avast	4.8.1195.0	2008.08.05	-
AVG	8.0.0.156	2008.08.05	Worm/AutoRun
BitDefender	7.2	2008.08.05	Trojan.Autorun.XM
CAT-QuickHeal	9.50	2008.08.04	-
ClamAV	0.93.1	2008.08.05	Inf.Suspect-2
DrWeb	4.44.0.09170	2008.08.05	-
eSafe	7.0.17.0	2008.08.05	-
eTrust-Vet	31.6.6009	2008.08.05	INF/Frethog
Ewido	4.0	2008.08.04	-
F-Prot	4.4.4.56	2008.08.04	-
F-Secure	7.60.13501.0	2008.08.05	-
Fortinet	3.14.0.0	2008.08.04	-
GData	2.0.7306.1023	2008.08.04	-
Ikarus	T3.1.1.34.0	2008.08.05	-
K7AntiVirus	7.10.403	2008.08.04	-
Kaspersky	7.0.0.125	2008.08.05	-
McAfee	5353	2008.08.04	-
Microsoft	1.3807	2008.08.05	-
NOD32v2	3327	2008.08.05	Win32/PSW.OnLineGames.NMY
Norman	5.80.02	2008.08.04	BAT/Autorun.BJ
Panda	9.0.0.4	2008.08.04	W32/Lineage.JHI.worm
PCTools	4.4.2.0	2008.08.04	-
Prevx1	V2	2008.08.05	-
Rising	20.56.11.00	2008.08.05	-
Sophos	4.31.0	2008.08.05	Mal/AutoInf-A
Sunbelt	3.1.1537.1	2008.08.01	INF.Autorun (v)
Symantec	10	2008.08.05	-
TheHacker	6.2.96.393	2008.08.04	-
TrendMicro	8.700.0.1004	2008.08.05	-
VBA32	3.12.8.2	2008.08.04	-
ViRobot	2008.8.4.1322	2008.08.04	-
VirusBuster	4.5.11.0	2008.08.04	-
Webwasher-Gateway	6.6.2	2008.08.05	-
```

File size: 680 bytes
MD5...: a0042b33d5517b551f786d2384bd5d6d
SHA1..: 73ded13a7fb151f9406823fe4c9cfa8c469a669b
SHA256: 78dd69866554b033996b4db6f16e54579e81ce8944a701dd21  65eb3233630054
SHA512: c72581d77d2d4974db27c2790c763e3ef6d11f05bf93d4ae38  06a514dafd0ee4
da395caac2eb6b390fc4f4b8f357399433b6e2bb200a97a376  ae26f29612769b

----------


## rubin

```
AhnLab-V3	2008.8.6.0	2008.08.06	-
AntiVir	7.8.1.15	2008.08.05	-
Authentium	5.1.0.4	2008.08.05	-
Avast	4.8.1195.0	2008.08.05	-
AVG	8.0.0.156	2008.08.06	Worm/AutoRun
BitDefender	7.2	2008.08.06	-
CAT-QuickHeal	9.50	2008.08.05	-
ClamAV	0.93.1	2008.08.06	Inf.Suspect-1
DrWeb	4.44.0.09170	2008.08.05	-
eSafe	7.0.17.0	2008.08.05	-
eTrust-Vet	31.6.6013	2008.08.06	INF/Frethog
Ewido	4.0	2008.08.05	-
F-Prot	4.4.4.56	2008.08.05	-
F-Secure	7.60.13501.0	2008.08.06	BAT/AutoRun.AE
Fortinet	3.14.0.0	2008.08.05	-
GData	2.0.7306.1023	2008.08.06	-
Ikarus	T3.1.1.34.0	2008.08.06	-
K7AntiVirus	7.10.404	2008.08.05	-
Kaspersky	7.0.0.125	2008.08.06	-
McAfee	5354	2008.08.05	-
Microsoft	1.3807	2008.08.06	-
NOD32v2	3331	2008.08.06	-
Norman	5.80.02	2008.08.05	BAT/AutoRun.AE
Panda	9.0.0.4	2008.08.05	-
PCTools	4.4.2.0	2008.08.05	-
Prevx1	V2	2008.08.06	-
Rising	20.56.20.00	2008.08.06	-
Sophos	4.31.0	2008.08.06	Mal/AutoInf-A
Sunbelt	3.1.1537.1	2008.08.06	INF.Autorun (v)
Symantec	10	2008.08.06	-
TheHacker	6.2.96.393	2008.08.04	Trojan/Small.autorun
TrendMicro	8.700.0.1004	2008.08.06	-
VBA32	3.12.8.2	2008.08.05	-
ViRobot	2008.8.5.1324	2008.08.06	-
VirusBuster	4.5.11.0	2008.08.05	-
Webwasher-Gateway	6.6.2	2008.08.06	-
```

Дополнительная информация
File size: 445 bytes
MD5...: 45590e8ee9c080389af7c8b86948d95b
SHA1..: 602ca26ddbc9536f0c983272cb54e567eb3c2642
SHA256: a1a726f7689f987e4d73ecea6fe5acd4844988eee7c2800e26  76f2ebf9a60de2
SHA512: 2671684f682ed2928c652e0d5bf1b9494b4bd53ae5943874c6  349c51accfb50f<br>749f204e5d9e97ed497d0ba3abc68497  39f97f4e7faea3e9131c94eb6b83cdfa
PEiD..: -
PEInfo: -




```
AhnLab-V3	2008.8.6.0	2008.08.06	Win-Trojan/OnlineGameHack.77312.P
AntiVir	7.8.1.15	2008.08.05	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.08.05	W32/Onlinegames.gen
Avast	4.8.1195.0	2008.08.05	Win32:Oliga
AVG	8.0.0.156	2008.08.06	Win32/Heur
BitDefender	7.2	2008.08.06	Packer.Malware.NSAnti
CAT-QuickHeal	9.50	2008.08.05	-
ClamAV	0.93.1	2008.08.06	-
DrWeb	4.44.0.09170	2008.08.05	Trojan.Nsanti.Packed
eSafe	7.0.17.0	2008.08.05	Suspicious File
eTrust-Vet	31.6.6011	2008.08.05	-
Ewido	4.0	2008.08.05	-
F-Prot	4.4.4.56	2008.08.05	W32/Onlinegames.gen
F-Secure	7.60.13501.0	2008.08.06	-
Fortinet	3.14.0.0	2008.08.05	PossibleThreat
GData	2.0.7306.1023	2008.08.06	Win32:Oliga
Ikarus	T3.1.1.34.0	2008.08.06	Worm.Win32.Taterf.F
K7AntiVirus	7.10.404	2008.08.05	-
Kaspersky	7.0.0.125	2008.08.06	-
McAfee	5354	2008.08.05	PWS-Gamania.gen.a
Microsoft	1.3807	2008.08.06	PWS:Win32/Frethog.D
NOD32v2	3331	2008.08.06	a variant of Win32/Pacex.Gen
Norman	5.80.02	2008.08.05	W32/NSAnti.OXO
Panda	9.0.0.4	2008.08.05	W32/Lineage.IWY.worm
PCTools	4.4.2.0	2008.08.05	Trojan.Lineage.Gen!Pac.3
Prevx1	V2	2008.08.06	Cloaked Malware
Rising	20.56.20.00	2008.08.06	-
Sophos	4.31.0	2008.08.06	Mal/EncPk-CE
Sunbelt	3.1.1537.1	2008.08.06	-
Symantec	10	2008.08.06	W32.Gammima
TheHacker	6.2.96.393	2008.08.04	-
TrendMicro	8.700.0.1004	2008.08.06	Cryp_Nsanti-3
VBA32	3.12.8.2	2008.08.05	Trojan.Nsanti.Packed
ViRobot	2008.8.5.1324	2008.08.06	-
VirusBuster	4.5.11.0	2008.08.05	Trojan.Lineage.Gen!Pac.3
Webwasher-Gateway	6.6.2	2008.08.06	Trojan.Crypt.XPACK.Gen
```

File size: 77312 bytes
MD5...: 0eb0dcc0c91341d4cedaca0fd5e6d753
SHA1..: 1c53535f25faa6cca49a34f65417b4caf3fa0f45
SHA256: 33bf15aad5073c467786eaa5b99589fb0ba2784afbea62349f  7984b6e302a60b
SHA512: 9e8280a63fd0db5c59d115b15c0a25ba3710e0f9de60e2a98a  c26a8de72b09760c0af02509b24796ca77e317708bb83526c6  a1623aa91da7c410f1526298dc49

*Добавлено через 6 часов 5 минут*

Файл avz00011.dta получен 2008.08.06 15:44:32 (CET)



```
AhnLab-V3	2008.8.6.2	2008.08.06	-
AntiVir	7.8.1.15	2008.08.06	TR/PSW.OnlineGames.ZKH.71
Authentium	5.1.0.4	2008.08.05	W32/OnlineGames.AO.gen!Eldorado
Avast	4.8.1195.0	2008.08.06	Win32:Agent-ZRP
AVG	8.0.0.156	2008.08.06	PSW.Generic6.UXF
BitDefender	7.2	2008.08.06	Trojan.PWS.OnlineGames.ZKH
CAT-QuickHeal	9.50	2008.08.06	-
ClamAV	0.93.1	2008.08.06	-
DrWeb	4.44.0.09170	2008.08.06	Trojan.PWS.Wsgame.6848
eSafe	7.0.17.0	2008.08.05	-
eTrust-Vet	31.6.6015	2008.08.06	Win32/Treemz.BN
Ewido	4.0	2008.08.06	-
F-Prot	4.4.4.56	2008.08.05	W32/OnlineGames.AO.gen!Eldorado
F-Secure	7.60.13501.0	2008.08.06	-
Fortinet	3.14.0.0	2008.08.06	-
GData	2.0.7306.1023	2008.08.06	Win32:Agent-ZRP
Ikarus	T3.1.1.34.0	2008.08.06	Trojan-Spy.Win32.Agent.dfa
K7AntiVirus	7.10.405	2008.08.06	-
Kaspersky	7.0.0.125	2008.08.06	Trojan-GameThief.Win32.OnLineGames.sohl
McAfee	5354	2008.08.05	PWS-OnlineGames.bj
Microsoft	1.3807	2008.08.06	TrojanSpy:Win32/Treemz.gen!A
NOD32v2	3332	2008.08.06	a variant of Win32/PSW.OnLineGames.NXU
Norman	5.80.02	2008.08.06	W32/OnlineGames.BOID
Panda	9.0.0.4	2008.08.06	Suspicious file
PCTools	4.4.2.0	2008.08.06	-
Prevx1	V2	2008.08.06	Cloaked Malware
Rising	20.56.22.00	2008.08.06	Trojan.PSW.Win32.GameOL.ovi
Sophos	4.31.0	2008.08.06	-
Sunbelt	3.1.1537.1	2008.08.06	-
Symantec	10	2008.08.06	-
TheHacker	6.2.96.393	2008.08.04	-
TrendMicro	8.700.0.1004	2008.08.06	-
VBA32	3.12.8.2	2008.08.05	-
ViRobot	2008.8.6.1326	2008.08.06	Trojan.Win32.PSWIGames.24576.CR
VirusBuster	4.5.11.0	2008.08.05	Trojan.OnlineGames.Gen.99
Webwasher-Gateway	6.6.2	2008.08.06	Trojan.PSW.OnlineGames.ZKH.71
```

File size: 24576 bytes
MD5...: ab8968bbaa6cebca6597b89a5b104ed2
SHA1..: 2a1d0099bd22c339a2569869fbec8d33cb60f46d
SHA256: b133c1b6bf99fec874940deed6b655ea1a2c4e9bf5df154dfb  feebce027c9427
SHA512: 39a5bbb71e2d339e4f665cf0e5b993bc3fab64c2d7f8bdc3c1  d092e147c23587
145eedfe081d19f02eb2246dc1dc2f1eb443ad329aa93eb7cb  ff02fdf4e61d16
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information

Файл avz00014.dta получен 2008.08.06 15:44:37 (CET)


```
AhnLab-V3	2008.8.6.2	2008.08.06	Win-Trojan/Agent.28672.MP
AntiVir	7.8.1.15	2008.08.06	TR/PSW.OnlineGames.ZLN
Authentium	5.1.0.4	2008.08.05	W32/OnlineGames.AO.gen!Eldorado
Avast	4.8.1195.0	2008.08.06	Win32:Agent-ZRP
AVG	8.0.0.156	2008.08.06	PSW.Generic6.WBY
BitDefender	7.2	2008.08.06	Trojan.PWS.OnlineGames.ZLN
CAT-QuickHeal	9.50	2008.08.06	-
ClamAV	0.93.1	2008.08.06	-
DrWeb	4.44.0.09170	2008.08.06	-
eSafe	7.0.17.0	2008.08.05	-
eTrust-Vet	31.6.6015	2008.08.06	-
Ewido	4.0	2008.08.06	-
F-Prot	4.4.4.56	2008.08.05	W32/OnlineGames.AO.gen!Eldorado
F-Secure	7.60.13501.0	2008.08.06	-
Fortinet	3.14.0.0	2008.08.06	-
GData	2.0.7306.1023	2008.08.06	Win32:Agent-ZRP
Ikarus	T3.1.1.34.0	2008.08.06	Virus.Win32.Agent.ZRP
K7AntiVirus	7.10.405	2008.08.06	-
Kaspersky	7.0.0.125	2008.08.06	-
McAfee	5354	2008.08.05	PWS-OnlineGames.bj
Microsoft	1.3807	2008.08.06	TrojanSpy:Win32/Treemz.gen!A
NOD32v2	3332	2008.08.06	a variant of Win32/PSW.OnLineGames.NXI
Norman	5.80.02	2008.08.06	W32/OnlineGames.BOIC
Panda	9.0.0.4	2008.08.06	Suspicious file
PCTools	4.4.2.0	2008.08.06	-
Prevx1	V2	2008.08.06	-
Rising	20.56.22.00	2008.08.06	Trojan.PSW.Win32.GameOL.pcb
Sophos	4.31.0	2008.08.06	-
Sunbelt	3.1.1537.1	2008.08.06	-
Symantec	10	2008.08.06	Infostealer.Wowcraft
TheHacker	6.2.96.393	2008.08.04	-
TrendMicro	8.700.0.1004	2008.08.06	-
VBA32	3.12.8.2	2008.08.05	-
ViRobot	2008.8.6.1326	2008.08.06	Trojan.Win32.PSWIGames.28672.BW
VirusBuster	4.5.11.0	2008.08.05	-
Webwasher-Gateway	6.6.2	2008.08.06	Trojan.PSW.OnlineGames.ZLN
```

File size: 28672 bytes
MD5...: e59e8cb68a360aa463350b349e3b6838
SHA1..: 14588053ef1fa63fdc057f68b293eaff214443b5
SHA256: 8aed32cbdca3d822443a95bd014374e26a031aab7b55517286  9a68a232185d00
SHA512: 97d2ca498472f02921e07098a1686bf6fd66b90b8ab507b2be  270205c461c559
6941898ea932315c802441b72cca0e3fed601a646b156724cb  bfd9a2814a0542
PEiD..: Armadillo v1.xx - v2.xx

C:\WINDOWS\system32\wyrsdj.dll



```
AhnLab-V3	2008.8.6.2	2008.08.06	-
AntiVir	7.8.1.15	2008.08.06	TR/Spy.Gen
Authentium	5.1.0.4	2008.08.05	-
Avast	4.8.1195.0	2008.08.06	Win32:OnLineGames-DQP
AVG	8.0.0.156	2008.08.06	PSW.Generic6.WDU
BitDefender	7.2	2008.08.06	Trojan.Crypt.Delf.F
CAT-QuickHeal	9.50	2008.08.06	-
ClamAV	0.93.1	2008.08.06	Trojan.Crypt-60
DrWeb	4.44.0.09170	2008.08.06	Trojan.PWS.Gamania.12822
eSafe	7.0.17.0	2008.08.05	-
eTrust-Vet	31.6.6015	2008.08.06	Win32/Tilcun!generic
Ewido	4.0	2008.08.06	-
F-Prot	4.4.4.56	2008.08.05	-
F-Secure	7.60.13501.0	2008.08.06	-
Fortinet	3.14.0.0	2008.08.06	-
GData	2.0.7306.1023	2008.08.06	Win32:OnLineGames-DQP
Ikarus	T3.1.1.34.0	2008.08.06	Trojan-PWS.Win32.OnLineGames.alfp
K7AntiVirus	7.10.405	2008.08.06	-
Kaspersky	7.0.0.125	2008.08.06	Trojan-GameThief.Win32.OnLineGames.sohj
McAfee	5354	2008.08.05	PWS-OnlineGames.br
Microsoft	1.3807	2008.08.06	Trojan:Win32/Tilcun.gen!B
NOD32v2	3332	2008.08.06	a variant of Win32/PSW.OnLineGames.NOA
Norman	5.80.02	2008.08.06	W32/OnLineGames.BOIE
Panda	9.0.0.4	2008.08.06	-
PCTools	4.4.2.0	2008.08.06	Trojan-PWS.OnlineGames
Rising	20.56.22.00	2008.08.06	Trojan.PSW.Win32.GameOL.pco
Sophos	4.31.0	2008.08.06	-
Sunbelt	3.1.1537.1	2008.08.06	-
Symantec	10	2008.08.06	Infostealer.Gampass
TheHacker	6.2.96.393	2008.08.04	-
TrendMicro	8.700.0.1004	2008.08.06	-
VBA32	3.12.8.2	2008.08.05	suspected of Trojan-Spy.Delf.11 (paranoid heuristics)
ViRobot	2008.8.6.1326	2008.08.06	-
VirusBuster	4.5.11.0	2008.08.05	Trojan.OnlineGames.Gen.88
Webwasher-Gateway	6.6.2	2008.08.06	Trojan.Spy.Gen
```

File size: 229376 bytes
MD5...: ca54429c2c027deff3964efe94ec5899
SHA1..: 4bf234d80bc42b8ddb5234eb58f8aeca2f18a0e8
SHA256: ec42282217a5365796ad4f188e6f3f572962e86eb93a938a14  029da48ba25f11
SHA512: 954db6aa10e9fc66529a4470a39f69e432f7d3c0bced227982  582de1f8b1783b
f2a0d7afc449138cf6a034f4bc7d91ad477f80a49112b20965  8e2d43667296c9
PEiD..: -

Файл avz00035.dta получен 2008.08.06 15:41:13 (CET)


```
AhnLab-V3	2008.8.6.2	2008.08.06	-
AntiVir	7.8.1.15	2008.08.06	RKIT/OnLineGames.D
Authentium	5.1.0.4	2008.08.05	-
Avast	4.8.1195.0	2008.08.06	Win32:Trojan-gen {Other}
AVG	8.0.0.156	2008.08.06	PSW.Generic6.WED
BitDefender	7.2	2008.08.06	Generic.PWS.Games.3.6B3AC360
CAT-QuickHeal	9.50	2008.08.06	-
ClamAV	0.93.1	2008.08.06	-
DrWeb	4.44.0.09170	2008.08.06	Trojan.MulDrop.18250
eSafe	7.0.17.0	2008.08.05	-
eTrust-Vet	31.6.6015	2008.08.06	-
Ewido	4.0	2008.08.06	-
F-Prot	4.4.4.56	2008.08.05	-
F-Secure	7.60.13501.0	2008.08.06	-
Fortinet	3.14.0.0	2008.08.06	-
GData	2.0.7306.1023	2008.08.06	Win32:Tufik
Ikarus	T3.1.1.34.0	2008.08.06	Generic.PWS.Games.3
K7AntiVirus	7.10.405	2008.08.06	-
Kaspersky	7.0.0.125	2008.08.06	-
McAfee	5354	2008.08.05	PWS-OnlineGames.bq.sys
Microsoft	1.3807	2008.08.06	PWS:Win32/Lolyda.I
NOD32v2	3332	2008.08.06	probably a variant of Win32/PSW.OnLineGames.VPI
Norman	5.80.02	2008.08.06	-
Panda	9.0.0.4	2008.08.06	-
PCTools	4.4.2.0	2008.08.06	-
Prevx1	V2	2008.08.06	-
Rising	20.56.22.00	2008.08.06	-
Sophos	4.31.0	2008.08.06	-
Sunbelt	3.1.1537.1	2008.08.06	-
Symantec	10	2008.08.06	-
TheHacker	6.2.96.393	2008.08.04	-
TrendMicro	8.700.0.1004	2008.08.06	-
VBA32	3.12.8.2	2008.08.05	suspected of Trojan-PSW.Game.7 (paranoid heuristics)
ViRobot	2008.8.6.1326	2008.08.06	-
VirusBuster	4.5.11.0	2008.08.05	-
Webwasher-Gateway	6.6.2	2008.08.06	Rootkit.OnLineGames.D
```

File size: 40272 bytes
MD5...: 771578a63bb5f0e2adc835c0ba19272b
SHA1..: 93abffa7ca622a152a160e3b51bf5cc8786ba8c0
SHA256: 3be5773d6993db1cf04d1bee9d73d72e27f129dd1a65e07c2d  decac40b4dbd77
SHA512: 582993dbce269bc9491c24022cff9f70a97971677988e5b48b  ff2524ee976b22
37e346be84f39512733fc67a0be1c3802f8c6359fbc06f5214  4b3266dbeb5fe4

----------


## senyak

Файл viewmovie.php получен 2008.08.06 23:54:18 (CET)
Текущий статус:    закончено 
Результат: 10/36 (27.78%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.8.7.0	2008.08.06	-
> *AntiVir	7.8.1.19	2008.08.06	HEUR/HTML.Malware
> Authentium	5.1.0.4	2008.08.05	JS/Agent.FA*
> Avast	4.8.1195.0	2008.08.06	-
> *AVG	8.0.0.156	2008.08.06	Downloader.Zlob.HTML
> BitDefender	7.2	2008.08.06	Trojan.HTML.Zlob.Y
> CAT-QuickHeal	9.50	2008.08.06	HTM/Zlob.GEN.2*
> ClamAV	0.93.1	2008.08.06	-
> ...


Дополнительная информация
File size: 12378 bytes
MD5...: 9212508a7bf026d77f00412a212d884b
SHA1..: 41deba6d810ec5712f835d1c4417c4c9a8630d5b
SHA256: 7460ed4ad86d7930dbc97bc356c405146e3f63bbadea806fc5  7916e0bf3ade64
SHA512: 7e154f18f429a491f35a58f14278a57cdd48342e221e29410c  fd01d61c2724f7
1a28dc761947053485bc67225525b9e80baefbc3dee0402edc  89595c49d35b66
PEiD..: -
PEInfo: -

----------


## senyak

Файл 3wcxx91.cmd получен 2008.08.07 19:55:07 (CET)
Текущий статус:   закончено 
Результат: 16/36 (44.45%)




> Антивирус	Версия	Обновление	Результат
> *AhnLab-V3	2008.8.8.0	2008.08.07	Win-Trojan/MalPacked.Gen
> AntiVir	7.8.1.19	2008.08.07	TR/Crypt.NSPM.Gen*
> Authentium	5.1.0.4	2008.08.07	-
> *Avast	4.8.1195.0	2008.08.07	Win32:Crypt-CKA
> AVG	8.0.0.156	2008.08.07	Worm/AutoRun.Y*
> BitDefender	7.2	2008.08.07	-
> *CAT-QuickHeal	9.50	2008.08.07	Win32.Packed.NSAnti.r*
> ClamAV	0.93.1	2008.08.07	-
> ...


Дополнительная информация
File size: 105062 bytes
MD5...: 455a6d8ac366463db8d31128763ade1c
SHA1..: b22f2733c6b3cff0d3b2dd13c978523cc74481cb
SHA256: 11e7cc7a090e1e0b2fb65b17e648e35a135f9141d74f6975cc  5ddec66b1de4c2
SHA512: f8067805aa055affabe11f3dc1be9c291b3b6e33169d91cbc3  38004696c6d157
783746d218d321d3cebf5cab2a35629667c79e57c2d50e8b5e  7bd25f3e57245e
PEiD..: -
PEInfo: PE Structure information

----------


## polimorf

Файл IRLink.3.rar получен 2008.08.07 15:57:20 (CET)

Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.8.8.0	2008.08.07	-
*AntiVir	7.8.1.19	2008.08.07	W32/Parite
Authentium	5.1.0.4	2008.08.07	W32/Parite.B
Avast	           4.8.1195.0	2008.08.06	Win32.Parite
AVG	           8.0.0.156	2008.08.07	Win32/Parite
BitDefender	7.2	2008.08.07	Win32.Parite.B
CAT-QuickHeal	9.50	2008.08.06	W32.Perite.B
ClamAV	           0.93.1	2008.08.07	W32.Parite.B
DrWeb    	4.44.0.09170	2008.08.07	Win32.Parite.2
eSafe	            7.0.17.0	2008.08.07	Win32_Parite_B*
eTrust-Vet	31.6.6017	2008.08.07	-
Ewido	4.0	2008.08.07	-
*F-Prot	4.4.4.56	2008.08.06	W32/Parite.B
F-Secure	7.60.13501.0	2008.08.07	Virus.Win32.Parite.b
Fortinet	           3.14.0.0	2008.08.07	W32/Parite.B
GData	           2.0.7306.1023	2008.08.07	Virus.Win32.Parite.b
Ikarus	           T3.1.1.34.0	2008.08.07	Virus.Win32.Agent.ZPR
K7AntiVirus	7.10.407	2008.08.07	Virus.Win32.Parite.a
Kaspersky	7.0.0.125	2008.08.07	Virus.Win32.Parite.b
McAfee	5355	2008.08.06	W32/Pate.b
Microsoft	1.3807	2008.08.07	Virus:Win32/Parite.B
NOD32v2	3336	2008.08.07	Win32/Parite.B*
Norman	           5.80.02	2008.08.06	-
*Panda	9.0.0.4	2008.08.06	W32/Parite.B
PCTools    	4.4.2.0	2008.08.07	Win32.Parite.B*
Prevx1	V2	2008.08.07	-
*Rising	20.56.32.00	2008.08.07	Win32.Parite.b
Sophos    	4.31.0	2008.08.07	W32/Parite-B
Sunbelt	           3.1.1537.1	2008.08.07	Win32.Parite.b (v)
Symantec	10	2008.08.07	W32.Pinfi
TheHacker	6.2.96.393	2008.08.04	W32/Pate.B
TrendMicro	8.700.0.1004	2008.08.07	PE_PARITE.A
VBA32	           3.12.8.2	2008.08.06	Win32.Parite.B*
ViRobot    	2008.8.7.1328	2008.08.07	-
*VirusBuster	4.5.11.0	2008.08.07	Win32.Parite.B
Webwasher-Gateway	6.6.2	2008.08.07	Win32.Parite*

Дополнительная информация
File size: 3417572 bytes
MD5...: 390229fb7426f326f6ce9b99a137a2c8
SHA1..: ef7989610356346b9b09d1c7b275178a8c96e023
SHA256: b4070be891b6be27adc5825fd12f40642df63815e69d0f06ac  bc24aa49a50c96
SHA512: 04f27e6d9e96e24059deba5223f6596cc5c10af2bfa8829d4e  054607201f6861<BR>0fab2d18db05e6391c9c11b9c24a37a4  a6563a0415dd133e020de9906eedd0a8
PEiD..: -
PEInfo: -

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## kvit

Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2008.8.8.0	2008.08.08	-
*AntiVir	7.8.1.19	2008.08.08	TR/Crypt.XPACK.Gen*
Authentium	5.1.0.4	2008.08.07	-
Avast	4.8.1195.0	2008.08.07	-
*AVG	8.0.0.156	2008.08.08	I-Worm/Nuwar.V
BitDefender	7.2	2008.08.08	Trojan.Downloader.Exchanger.Gen.2
CAT-QuickHeal	9.50	2008.08.08	(Suspicious) - DNAScan*
ClamAV	0.93.1	2008.08.08	-
*DrWeb	4.44.0.09170	2008.08.08	Trojan.Packed.595
eSafe	7.0.17.0	2008.08.07	Suspicious File*
eTrust-Vet	31.6.6018	2008.08.07	-
Ewido	4.0	2008.08.07	-
F-Prot	4.4.4.56	2008.08.07	-
F-Secure	7.60.13501.0	2008.08.08	-
*Fortinet	3.14.0.0	2008.08.08	PossibleThreat
GData	2.0.7306.1023	2008.08.08	Trojan-Downloader.Win32.Exchanger.la*
*Ikarus	T3.1.1.34.0	2008.08.08	Trojan-Downloader.Exchanger.Gen.2*
K7AntiVirus	7.10.407	2008.08.07	-
*Kaspersky	7.0.0.125	2008.08.08	Trojan-Downloader.Win32.Exchanger.la*
McAfee	5356	2008.08.07	-
*Microsoft	1.3807	2008.08.08	Trojan:Win32/Tibs.gen!K
NOD32v2	3338	2008.08.07	a variant of Win32/Agent.ETH*
Norman	5.80.02	2008.08.06	-
Panda	9.0.0.4	2008.08.07	-
PCTools	4.4.2.0	2008.08.07	-
*Prevx1	V2	2008.08.08	Malware Dropper*
Rising	20.56.32.00	2008.08.07	-
*Sophos	4.32.0	2008.08.08	Mal/EncPk-DA*
Sunbelt	3.1.1537.1	2008.08.07	-
*Symantec	10	2008.08.08	Downloader*
TheHacker	6.2.96.394	2008.08.08	-
TrendMicro	8.700.0.1004	2008.08.08	-
*VBA32	3.12.8.3	2008.08.07	suspected of MalwareScope.Worm.Nuwar-Glowa.1 (paranoid heuristics)*
ViRobot	2008.8.7.1328	2008.08.07	-
VirusBuster	4.5.11.0	2008.08.07	-
*Webwasher-Gateway	6.6.2	2008.08.08	Trojan.Crypt.XPACK.Gen*
Дополнительная информация
File size: 78848 bytes
MD5...: b619ad8d6fd32ecf6c55a840eaa30f0a
SHA1..: 31a656f56869645c4b1c5a486dc6fdba50065167
SHA256: 1630cc4cfb15c76a38a7c1d7167387cad9ad4966d2d00419ba  578b5e5ae127c1
SHA512: 62b995ee485382fda9203fc060f93741a0738a72fd34a2c8ed  37dfb4754a32e1
fca90bc1c8968ed86dc919a5d7f8189b8804300c702e979aa6  8a7efb4c587d8f

----------


## senyak

Файл codecpack.v.1.0.145.exe получен 2008.08.09 11:41:37 (CET)
Текущий статус:    закончено 
Результат: 8/36 (22.23%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.8.9.0	2008.08.08	-
> AntiVir	7.8.1.19	2008.08.08	-
> Authentium	5.1.0.4	2008.08.09	-
> Avast	4.8.1195.0	2008.08.08	-
> AVG	8.0.0.156	2008.08.08	-
> BitDefender	7.2	2008.08.09	-
> CAT-QuickHeal	9.50	2008.08.08	-
> ClamAV	0.93.1	2008.08.09	-
> ...


Дополнительная информация
File size: 80384 bytes
MD5...: 4816d01efd3d10018537bbed8ddb5e5f
SHA1..: 780d308b070dcda85cb7b4759058280724ee962b
SHA256: 466e9c021cbc2cd855fdf26d0d3b55316fa1520853e6767400  771a2070268597
SHA512: 9934256782f976f6928714d7bdf7ccd63db9b942d80b01ca2a  bfbf21cae38431
2aeecfca22ffa7e2d4786b75807acb43481ac48256802579bc  72d93647da7d3d
PEiD..: -
PEInfo: PE Structure information




Файл MediaTubeCodec_ver1.1081.0.exe получен 2008.08.09 11:47:42 (CET)
Текущий статус:   закончено 
Результат: 5/36 (13.89%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.8.9.0	2008.08.08	-
> AntiVir	7.8.1.19	2008.08.08	-
> Authentium	5.1.0.4	2008.08.09	-
> Avast	4.8.1195.0	2008.08.08	-
> AVG	8.0.0.156	2008.08.08	-
> BitDefender	7.2	2008.08.09	-
> CAT-QuickHeal	9.50	2008.08.08	-
> ClamAV	0.93.1	2008.08.09	-
> ...


Дополнительная информация
File size: 73728 bytes
MD5...: 4b3539eff5d55fed4b512592824ab1dd
SHA1..: 700e70bbbf6a06562205b5eb53e2cf0c57ad671d
SHA256: 32593274dc20e83c7ed5493ca23c33e040fa424e90a118402b  f2d847bff56011
SHA512: a6517b6dda8411a74b1d539fefa8df4cbf77b2211829fcfdd5  3cdca5810cadca
9fefbf0ccea7ca2092c892c7287cb178a83738df386cb7ce66  44fa9865fad803
PEiD..: -
PEInfo: PE Structure information

----------


## ZhIV

Файл nod32.dll получен 2008.08.11 06:41:32 (CET)


```
AhnLab-V3	2008.8.9.0	2008.08.11	-
AntiVir	7.8.1.19	2008.08.10	TR/Spy.Banker.Gen
Authentium	5.1.0.4	2008.08.11	-
Avast	4.8.1195.0	2008.08.09	Win32:Spyware-gen
AVG	8.0.0.156	2008.08.10	BHO.EZO
BitDefender	7.2	2008.08.11	-
CAT-QuickHeal	9.50	2008.08.08	TrojanDownloader.BHO.np
ClamAV	0.93.1	2008.08.11	-
DrWeb	4.44.0.09170	2008.08.10	Trojan.PWS.Banker.26817
eSafe	7.0.17.0	2008.08.10	Suspicious File
eTrust-Vet	31.6.6021	2008.08.08	-
Ewido	4.0	2008.08.10	-
F-Prot	4.4.4.56	2008.08.10	-
F-Secure	7.60.13501.0	2008.08.11	Trojan-Downloader.Win32.BHO.np
Fortinet	3.14.0.0	2008.08.11	W32/BHO.NP!tr.dldr
GData	2.0.7306.1023	2008.08.11	Trojan-Downloader.Win32.BHO.np
Ikarus	T3.1.1.34.0	2008.08.11	Trojan-Spy.Finanz.J
K7AntiVirus	7.10.408	2008.08.09	Trojan-Downloader.Win32.BHO.np
Kaspersky	7.0.0.125	2008.08.11	Trojan-Downloader.Win32.BHO.np
McAfee	5357	2008.08.08	-
Microsoft	1.3807	2008.08.11	-
NOD32v2	3344	2008.08.10	-
Norman	5.80.02	2008.08.08	W32/DLoader.IPRO
Panda	9.0.0.4	2008.08.10	-
PCTools	4.4.2.0	2008.08.10	Trojan-Downloader.BHO!sd6
Prevx1	V2	2008.08.11	-
Rising	20.57.00.00	2008.08.11	-
Sophos	4.32.0	2008.08.11	-
Sunbelt	3.1.1538.1	2008.08.09	Trojan.Spy.Banker.Gen
Symantec	10	2008.08.11	-
TheHacker	6.2.96.395	2008.08.08	-
TrendMicro	8.700.0.1004	2008.08.11	-
VBA32	3.12.8.3	2008.08.10	Trojan-Downloader.Win32.BHO.np
ViRobot	2008.8.8.1329	2008.08.08	-
VirusBuster	4.5.11.0	2008.08.10	-
Webwasher-Gateway	6.6.2	2008.08.11	Trojan.Spy.Banker.Gen
```

Дополнительная информация
File size: 34816 bytes
MD5...: 762e4a27f74f01daf3d4878fda791079
SHA1..: d593460bcbf841675205dfbefa19fc158cc197fe
SHA256: b7613e617285ba4bfbc44ba740cbd671e878e787cdeaf2dcc5  dcdd64115fd290
SHA512: 6fe35aecc664d17e5b87bfd4226ef000cc96ddaef2da28b0f4  7e992d7bddd5c8<BR>2ef786981655c1f9c4759eefacbbb8d6  3c4ce1f833304e5ba0100a50f5bce386
PEiD..: -

Файл ntos.exe получен 2008.08.11 06:49:19 (CET)


```
AhnLab-V3	2008.8.9.0	2008.08.11	-
AntiVir	7.8.1.19	2008.08.10	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.08.11	Champagne
Avast	4.8.1195.0	2008.08.09	Win32:Zbot-AFS
AVG	8.0.0.156	2008.08.10	Win32/Heur
BitDefender	7.2	2008.08.11	Backdoor.Bot.19202
CAT-QuickHeal	9.50	2008.08.08	TrojanSpy.Zbot.cyy
ClamAV	0.93.1	2008.08.11	Trojan.Zbot-1556
DrWeb	4.44.0.09170	2008.08.10	-
eSafe	7.0.17.0	2008.08.10	Suspicious File
eTrust-Vet	31.6.6021	2008.08.08	-
Ewido	4.0	2008.08.10	-
F-Prot	4.4.4.56	2008.08.10	New or modified Champagne
F-Secure	7.60.13501.0	2008.08.11	Trojan-Spy.Win32.Zbot.cyy
Fortinet	3.14.0.0	2008.08.11	-
GData	2.0.7306.1023	2008.08.11	Trojan-Spy.Win32.Zbot.cyy
Ikarus	T3.1.1.34.0	2008.08.11	Trojan-Spy.Win32.Zbot.cyy
K7AntiVirus	7.10.408	2008.08.09	Trojan-Spy.Win32.Zbot.cyy
Kaspersky	7.0.0.125	2008.08.11	Trojan-Spy.Win32.Zbot.cyy
McAfee	5357	2008.08.08	-
Microsoft	1.3807	2008.08.11	-
NOD32v2	3344	2008.08.10	-
Norman	5.80.02	2008.08.08	W32/Zbot.AIN
Panda	9.0.0.4	2008.08.10	-
PCTools	4.4.2.0	2008.08.10	-
Prevx1	V2	2008.08.11	-
Rising	20.57.00.00	2008.08.11	-
Sophos	4.32.0	2008.08.11	Sus/UnkPacker
Sunbelt	3.1.1538.1	2008.08.09	-
Symantec	10	2008.08.11	Infostealer
TheHacker	6.2.96.395	2008.08.08	Trojan/Spy.Zbot.cyy
TrendMicro	8.700.0.1004	2008.08.11	TSPY_ZBOT.SV
VBA32	3.12.8.3	2008.08.10	Trojan-Spy.Win32.Zbot.ctt
ViRobot	2008.8.8.1329	2008.08.08	-
VirusBuster	4.5.11.0	2008.08.10	-
Webwasher-Gateway	6.6.2	2008.08.11	Trojan.Crypt.XPACK.Gen

```

Дополнительная информация
File size: 189440 bytes
MD5...: f5ecf76fb67b2d0dc65da9a14cddd5b3
SHA1..: ee6a6d4c371183d95ab9a3e62cee10de47623ecf
SHA256: 497920750b32bd96e154dc7fcc904864513ef5d41a34dfbd5f  6fd461849b0cc8
SHA512: eee3dec9e90313746c33aec0fc4a5f35a69d9a94aeb6977dab  27055b44fbd4b6<BR>5247f1894185bfdd1d77f6ee16a35639  7f69fdcbe0e6dc163b47fa1f51cc2d60
PEiD..: Obsidium V1.2.5.8 -&gt; Obsidium Software

----------


## insane

Как узнать действительно ли это вирус или ложное срабатывание

Файл _________________________________ получен 2008.08.11 11:13:15 (CET)
Текущий статус:   закончено 
Результат: 1/36 (2.78%) 
 Форматированные 

Печать результатов  Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.8.9.0	2008.08.11	-
AntiVir	7.8.1.19	2008.08.11	-
Authentium	5.1.0.4	2008.08.11	-
Avast	4.8.1195.0	2008.08.09	-
AVG	8.0.0.156	2008.08.11	-
BitDefender	7.2	2008.08.11	-
CAT-QuickHeal	9.50	2008.08.08	-
ClamAV	0.93.1	2008.08.11	-
DrWeb	4.44.0.09170	2008.08.11	-
eSafe	7.0.17.0	2008.08.10	-
eTrust-Vet	31.6.6021	2008.08.08	-
Ewido	4.0	2008.08.10	-
F-Prot	4.4.4.56	2008.08.10	-
F-Secure	7.60.13501.0	2008.08.11	-
Fortinet	3.14.0.0	2008.08.11	-
GData	2.0.7306.1023	2008.08.11	-
*Ikarus	T3.1.1.34.0	2008.08.11	Trojan.Fujif.E*
K7AntiVirus	7.10.408	2008.08.09	-
Kaspersky	7.0.0.125	2008.08.11	-
McAfee	5357	2008.08.08	-
Microsoft	1.3807	2008.08.11	-
NOD32v2	3344	2008.08.10	-
Norman	5.80.02	2008.08.08	-
Panda	9.0.0.4	2008.08.10	-
PCTools	4.4.2.0	2008.08.10	-
Prevx1	V2	2008.08.11	-
Rising	20.57.02.00	2008.08.11	-
Sophos	4.32.0	2008.08.11	-
Sunbelt	3.1.1538.1	2008.08.09	-
Symantec	10	2008.08.11	-
TheHacker	6.2.96.395	2008.08.08	-
TrendMicro	8.700.0.1004	2008.08.11	-
VBA32	3.12.8.3	2008.08.10	-
ViRobot	2008.8.8.1329	2008.08.08	-
VirusBuster	4.5.11.0	2008.08.10	-
Webwasher-Gateway	6.6.2	2008.08.11	-
Дополнительная информация
File size: 377979 bytes
MD5...: 96acd9688893c0138573e7f55fcd1df5
SHA1..: 3edd14d7a2099e9c5fc303ab960b33c9510f41c6
SHA256: fa6a9853007625e8e2b1b954be80e787cfb3e28672250d7740  4c2fe4d3537511
SHA512: 78b39d899b9ceea3a880bd65af8a01be2eafcd77dcf9ca538a  76a95f0abb5b5d
3570d2b3f6077951d7a3dd9b4d2ad2dfc032256b4513f03f89  ccbbe5c4f409f5
PEiD..: -
PEInfo: -

----------


## ZhIV

Файл winDb4vcv9i.exe получен 2008.08.13 07:00:25 (CET)


```
 AhnLab-V3	2008.8.13.0	2008.08.12	-
AntiVir	7.8.1.19	2008.08.12	TR/Dldr.Agent.vza
Authentium	5.1.0.4	2008.08.12	-
Avast	4.8.1195.0	2008.08.12	-
AVG	8.0.0.161	2008.08.12	-
BitDefender	7.2	2008.08.13	-
CAT-QuickHeal	9.50	2008.08.12	(Suspicious) - DNAScan
ClamAV	0.93.1	2008.08.13	-
DrWeb	4.44.0.09170	2008.08.12	-
eSafe	7.0.17.0	2008.08.12	-
eTrust-Vet	31.6.6027	2008.08.12	-
Ewido	4.0	2008.08.12	-
F-Prot	4.4.4.56	2008.08.12	-
F-Secure	7.60.13501.0	2008.08.13	-
Fortinet	3.14.0.0	2008.08.13	-
GData	2.0.7306.1023	2008.08.13	-
Ikarus	T3.1.1.34.0	2008.08.13	Trojan-Spy.Finanz.J
K7AntiVirus	7.10.412	2008.08.12	-
Kaspersky	7.0.0.125	2008.08.13	-
McAfee	5359	2008.08.12	-
Microsoft	1.3807	2008.08.13	-
NOD32v2	3350	2008.08.12	-
Norman	5.80.02	2008.08.12	-
Panda	9.0.0.4	2008.08.12	-
PCTools	4.4.2.0	2008.08.12	-
Prevx1	V2	2008.08.13	-
Rising	20.57.20.00	2008.08.13	-
Sophos	4.32.0	2008.08.13	-
Sunbelt	3.1.1542.1	2008.08.13	-
Symantec	10	2008.08.13	-
TheHacker	6.3.0.3.046	2008.08.12	-
TrendMicro	8.700.0.1004	2008.08.13	PAK_Generic.001
VBA32	3.12.8.3	2008.08.11	-
ViRobot	2008.8.12.1333	2008.08.12	-
VirusBuster	4.5.11.0	2008.08.12	-
Webwasher-Gateway	6.6.2	2008.08.13	Trojan.Dldr.Agent.vza
```

Дополнительная информация
File size: 48128 bytes
MD5...: 52f63d5ced5be5eb7c2ccac6e75a2e37
SHA1..: b28a20431550628f05d8bd507f21df25d92b5bc3
SHA256: 7b9903895dfea84bd4543ec81a173a063ee2fe934305054d8b  931366927ad799
SHA512: dc1727542b8c81f156561a3794a4d65664e038b5f1f9ef2518  00fbae4de34930<BR>321f933b7ae202c2241d398e73f5a3fc  931bb6896bc7411aef46b959a27c234e
PEiD..: -

Файл load_1_.exe получен 2008.08.13 07:56:41 (CET)


```
AhnLab-V3	2008.8.13.0	2008.08.12	-
AntiVir	7.8.1.19	2008.08.12	TR/Crypt.XDR.Gen
Authentium	5.1.0.4	2008.08.12	-
Avast	4.8.1195.0	2008.08.12	Win32:Trojan-gen {Other}
AVG	8.0.0.161	2008.08.12	PSW.Ldpinch.11.BB
BitDefender	7.2	2008.08.13	-
CAT-QuickHeal	9.50	2008.08.12	-
ClamAV	0.93.1	2008.08.13	-
DrWeb	4.44.0.09170	2008.08.12	-
eSafe	7.0.17.0	2008.08.12	-
eTrust-Vet	31.6.6029	2008.08.13	-
Ewido	4.0	2008.08.12	-
F-Prot	4.4.4.56	2008.08.12	W32/Zbot.I.gen!Eldorado
Fortinet	3.14.0.0	2008.08.13	-
GData	2.0.7306.1023	2008.08.13	Win32:Trojan-gen 
Ikarus	T3.1.1.34.0	2008.08.13	-
K7AntiVirus	7.10.412	2008.08.12	Trojan-PSW.Win32.LdPinch.zcx
Kaspersky	7.0.0.125	2008.08.13	-
McAfee	5359	2008.08.12	-
Microsoft	1.3807	2008.08.13	Backdoor:Win32/Rustock.gen!C
NOD32v2	3350	2008.08.12	-
Norman	5.80.02	2008.08.12	-
Panda	9.0.0.4	2008.08.12	Suspicious file
PCTools	4.4.2.0	2008.08.12	-
Prevx1	V2	2008.08.13	-
Rising	20.57.20.00	2008.08.13	-
Sophos	4.32.0	2008.08.13	-
Sunbelt	3.1.1542.1	2008.08.13	-
Symantec	10	2008.08.13	-
TheHacker	6.3.0.3.046	2008.08.12	-
TrendMicro	8.700.0.1004	2008.08.13	-
VBA32	3.12.8.3	2008.08.11	-
ViRobot	2008.8.12.1333	2008.08.12	-
VirusBuster	4.5.11.0	2008.08.12	-
Webwasher-Gateway	6.6.2	2008.08.13	Trojan.Crypt.XDR.Gen
```

Дополнительная информация
File size: 42961 bytes
MD5...: 110eb485c4a9ae934645e93d7b29b046
SHA1..: eead5bbf7535a12cf05c31c6d3713472e469654b
SHA256: 317a7551c88a7a907830597419d883ac1cc10684fefdb2a265  cab566e75f61c0
SHA512: 089a534be6e93ceff4e05d263566eea9d69430f3f5158a7def  75850193cc1608<BR>19778663b438781fb37a2d2a8f726424  f69f1181f2d27fd6dd6b60e6afcc5ab4
PEiD..: -

Файл index_4_.htm получен 2008.08.13 08:08:06 (CET)


```
AhnLab-V3	2008.8.13.0	2008.08.12	-
AntiVir	7.8.1.19	2008.08.12	HEUR/HTML.Malware
Authentium	5.1.0.4	2008.08.12	-
Avast	4.8.1195.0	2008.08.12	-
AVG	8.0.0.161	2008.08.12	JS/Downloader.Agent
BitDefender	7.2	2008.08.13	-
CAT-QuickHeal	9.50	2008.08.12	-
ClamAV	0.93.1	2008.08.13	HTML.Agent-19
DrWeb	4.44.0.09170	2008.08.13	-
eSafe	7.0.17.0	2008.08.12	-
eTrust-Vet	31.6.6029	2008.08.13	-
Ewido	4.0	2008.08.12	-
F-Prot	4.4.4.56	2008.08.12	-
F-Secure	7.60.13501.0	2008.08.13	-
Fortinet	3.14.0.0	2008.08.13	-
GData	2.0.7306.1023	2008.08.13	-
Ikarus	T3.1.1.34.0	2008.08.13	-
K7AntiVirus	7.10.412	2008.08.12	-
Kaspersky	7.0.0.125	2008.08.13	-
McAfee	5359	2008.08.12	-
Microsoft	1.3807	2008.08.13	-
NOD32v2	3350	2008.08.12	-
Norman	5.80.02	2008.08.12	-
Panda	9.0.0.4	2008.08.12	-
PCTools	4.4.2.0	2008.08.12	-
Prevx1	V2	2008.08.13	-
Rising	20.57.20.00	2008.08.13	-
Sophos	4.32.0	2008.08.13	Mal/ObfJS-M
Sunbelt	3.1.1542.1	2008.08.13	-
Symantec	10	2008.08.13	-
TheHacker	6.3.0.3.046	2008.08.12	-
TrendMicro	8.700.0.1004	2008.08.13	-
VBA32	3.12.8.3	2008.08.11	-
ViRobot	2008.8.12.1333	2008.08.12	-
VirusBuster	4.5.11.0	2008.08.12	-
Webwasher-Gateway	6.6.2	2008.08.13	Heuristic.HTML.Malware
```

Дополнительная информация
File size: 2762 bytes
MD5...: 4af08d33eb7f5dbd655a9ccff2b7ef1b
SHA1..: b7ba92a1c5eb34b7957b702ebb18e21b0a2de98b
SHA256: c0ce880f5f27004c457fd4645bc5afdd60c8c06b1a210bd08f  7402e5ffd075d0
SHA512: 424f572e447f3071d5eb0b0ce94b434d6f45d8367d829dff64  d7f14cf7f6dd09<BR>5a7fbc2af7b401e7b8a7f8ef9cef0928  d02d7b8346df3908c44cd06c7a00be37
PEiD..: -
PEInfo: -

*Добавлено через 1 час 16 минут*

Файл index_1_.php получен 2008.08.13 08:18:40 (CET)


```
AhnLab-V3	2008.8.13.0	2008.08.12	-
AntiVir	7.8.1.19	2008.08.12	HTML/Rce.Gen
Authentium	5.1.0.4	2008.08.12	-
Avast	4.8.1195.0	2008.08.12	-
AVG	8.0.0.161	2008.08.12	-
BitDefender	7.2	2008.08.13	-
CAT-QuickHeal	9.50	2008.08.12	-
ClamAV	0.93.1	2008.08.13	-
DrWeb	4.44.0.09170	2008.08.13	-
eSafe	7.0.17.0	2008.08.12	-
eTrust-Vet	31.6.6029	2008.08.13	-
Ewido	4.0	2008.08.12	-
F-Prot	4.4.4.56	2008.08.12	-
F-Secure	7.60.13501.0	2008.08.13	-
Fortinet	3.14.0.0	2008.08.13	-
GData	2.0.7306.1023	2008.08.13	-
Ikarus	T3.1.1.34.0	2008.08.13	-
K7AntiVirus	7.10.412	2008.08.12	-
Kaspersky	7.0.0.125	2008.08.13	-
McAfee	5359	2008.08.12	-
Microsoft	1.3807	2008.08.13	-
NOD32v2	3350	2008.08.12	-
Norman	5.80.02	2008.08.12	-
Panda	9.0.0.4	2008.08.12	-
PCTools	4.4.2.0	2008.08.12	-
Prevx1	V2	2008.08.13	-
Rising	20.57.20.00	2008.08.13	-
Sophos	4.32.0	2008.08.13	-
Sunbelt	3.1.1542.1	2008.08.13	-
Symantec	10	2008.08.13	-
TheHacker	6.3.0.3.046	2008.08.12	-
TrendMicro	8.700.0.1004	2008.08.13	-
VBA32	3.12.8.3	2008.08.11	-
ViRobot	2008.8.12.1333	2008.08.12	-
VirusBuster	4.5.11.0	2008.08.12	-
Webwasher-Gateway	6.6.2	2008.08.13	Script.Rce.Gen
```

Дополнительная информация
File size: 9356 bytes
MD5...: 22fc2c4b2b6433673ef56f7f0fb0452f
SHA1..: 7cc7a907f064b703bc40147a061d1b2ccbe3a75e
SHA256: 21a2a19a8850aea0b72a9f16f6f598ed1c9777cd4099fe2f01  80e90be40856fb
SHA512: 648eebc2618042f963867470aefb6e80bffd24df7cc425a94d  46508c114c5bb4<BR>a380885c287c82825a99940cb266c1bf  5ac53fe0b8483715c96e7758b0c3b7da
PEiD..: -
PEInfo: -
packers (F-Prot): packed

----------


## SuperBrat

Файл services.exe получен 2008.08.13 11:21:17 (CET)


```
 
Антивирус Версия Обновление Результат
AhnLab-V3 2008.8.13.0 2008.08.13 -
AntiVir 7.8.1.19 2008.08.13 -
Authentium 5.1.0.4 2008.08.12 -
Avast 4.8.1195.0 2008.08.12 -
AVG 8.0.0.161 2008.08.13 Generic_r.E
BitDefender 7.2 2008.08.13 -
CAT-QuickHeal 9.50 2008.08.12 -
ClamAV 0.93.1 2008.08.13 -
DrWeb 4.44.0.09170 2008.08.13 -
eSafe 7.0.17.0 2008.08.12 -
eTrust-Vet 31.6.6029 2008.08.13 -
Ewido 4.0 2008.08.12 -
F-Prot 4.4.4.56 2008.08.12 -
F-Secure 7.60.13501.0 2008.08.13 -
Fortinet 3.14.0.0 2008.08.13 -
GData 2.0.7306.1023 2008.08.13 -
Ikarus T3.1.1.34.0 2008.08.13 -
K7AntiVirus 7.10.412 2008.08.12 -
Kaspersky 7.0.0.125 2008.08.13 -
McAfee 5359 2008.08.12 -
Microsoft 1.3807 2008.08.13 -
NOD32v2 3350 2008.08.12 -
Norman 5.80.02 2008.08.13 -
Panda 9.0.0.4 2008.08.13 -
PCTools 4.4.2.0 2008.08.12 -
Prevx1 V2 2008.08.13 Malicious Software
Rising 20.57.22.00 2008.08.13 -
Sophos 4.32.0 2008.08.13 -
Sunbelt 3.1.1542.1 2008.08.13 -
Symantec 10 2008.08.13 -
TheHacker 6.3.0.3.046 2008.08.13 -
TrendMicro 8.700.0.1004 2008.08.13 -
VBA32 3.12.8.3 2008.08.13 -
ViRobot 2008.8.12.1333 2008.08.12 -
VirusBuster 4.5.11.0 2008.08.12 -
Webwasher-Gateway 6.6.2 2008.08.13 -
 
Дополнительная информация
File size: 45056 bytes
MD5...: 0105748650a94644dd0c26ae81906f60
SHA1..: 5ab9ea87ab13a23521b7b2ae52bcafff7af35400
SHA256: 4ae6e62e55d7a4df0f4b101020006cd1720b547000dba93e10170c48d514dd30
SHA512: 8e2cd82fb8bbf3b58130f99c719b681e9f3990fdeb6a6cc83c2b0522c16f581a<BR>5bb8a8cdf9ea477525053f9d3acaac15a26e3afd3fe8d3e1e3df6de5101bbd7d
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x401b74<BR>timedatestamp.....: 0x4885db44 (Tue Jul 22 13:06:12 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xb000 0x1200 5.41 61b620384486177cb533c5c997008567<BR>.data 0xc000 0x9000 0x8200 7.67 ad042961ad5009eac06bae526a6eb5af<BR>.idata 0x15000 0x2000 0x1800 5.11 0651d2f48a097f7c38bd73b0c0715af0<BR><BR>( 6 imports ) <BR>&gt; KERNEL32.dll: ConsoleMenuControl, GetConsoleInputWaitHandle, GetProcessIoCounters, AreFileApisANSI, SetVDMCurrentDirectories, GetCalendarInfoA, CreateWaitableTimerW, ConvertThreadToFiber, TerminateThread, OpenProfileUserMapping, UTUnRegister, GetACP, GetLongPathNameW, GetLastError, TerminateProcess, VirtualUnlock, SetConsoleTextAttribute, SetCalendarInfoW, IsValidCodePage, EnumResourceNamesW, GetStringTypeExA, OpenJobObjectA, DnsHostnameToComputerNameA, FreeEnvironmentStringsA, FindAtomW, SetFileApisToOEM, MoveFileExA, GetConsoleTitleW, GlobalAlloc, CancelWaitableTimer, SetConsoleTitleW, lstrcmpi, FreeConsole, IsDBCSLeadByteEx, Toolhelp32ReadProcessMemory, SetConsoleDisplayMode, SetWaitableTimer, OpenFile, NlsGetCacheUpdateCount, EnumResourceLanguagesW, CreateJobObjectW, VirtualProtect, IsProcessorFeaturePresent, SetFilePointerEx, GetThreadPriority, GetVolumePathNameA, CreateHardLinkW, GetConsoleCommandHistoryW, lstrcmpiA, FreeLibraryAndExitThread, CancelTimerQueueTimer, IsBadStringPtrA, WideCharToMultiByte, GetPrivateProfileStructA, GetDiskFreeSpaceExW<BR>&gt; USER32.dll: DialogBoxParamW, SetWindowLongW, GetClassNameA, IsWindowEnabled, RealGetWindowClassW, CallWindowProcA, DrawIcon, GetAltTabInfo, SetDlgItemInt, CharLowerBuffW, DrawMenuBar, GetClassWord, MapDialogRect, GetOpenClipboardWindow, IsCharAlphaA, GetInputDesktop, GetQueueStatus, SetCursorPos, BeginDeferWindowPos, TrackPopupMenu, ExitWindowsEx, TabbedTextOutA, ResolveDesktopForWOW, EnumPropsA, DlgDirSelectComboBoxExW, GetCursorFrameInfo, OpenWindowStationW, CharToOemA, GetMenuStringA, ChangeDisplaySettingsExA, EnumDisplayDevicesA, GetInputState, NotifyWinEvent, GetKeyboardLayoutNameW, UpdateLayeredWindow, SetUserObjectInformationA, IsWindow, LoadMenuIndirectW, DragDetect, MoveWindow, SendIMEMessageExW, DialogBoxIndirectParamW, EnumDesktopsA, CloseWindowStation, CharNextExA, SetPropA, GetFocus, LoadStringA, GetAncestor<BR>&gt; GDI32.dll: CreateHatchBrush, CreatePolyPolygonRgn, GdiSetPixelFormat, SetBitmapDimensionEx, GetMapMode, PATHOBJ_vEnumStartClipLines, CopyMetaFileA, GetCharABCWidthsI, EngEraseSurface, CreateDiscardableBitmap, PATHOBJ_bEnum, bInitSystemAndFontsDirectoriesW, CreateColorSpaceW, GetCharWidthW, EndFormPage, GetDeviceGammaRamp, GetFontAssocStatus, GdiDllInitialize, PlayMetaFileRecord, CreateFontIndirectA, EngLoadModule, GetMetaFileW, CLIPOBJ_cEnumStart, EngPlgBlt, BRUSHOBJ_pvAllocRbrush, SetRectRgn, SelectFontLocal, PolylineTo, GdiAddFontResourceW, GetOutlineTextMetricsW, STROBJ_bGetAdvanceWidths, GdiConvertDC, EnumFontsA, FillRgn, GetGlyphOutlineW, GdiQueryFonts, StartDocA, GdiEntry12, GdiEntry3, GetWindowOrgEx, GdiPlayScript, UnloadNetworkFonts, SetMetaFileBitsEx, GdiStartPageEMF, MaskBlt, RemoveFontResourceA, EngDeletePath, PatBlt<BR>&gt; COMDLG32.dll: GetSaveFileNameA, ChooseColorW, FindTextA, ReplaceTextW, PrintDlgW, LoadAlterBitmap, GetFileTitleA, ChooseFontW, WantArrows, PrintDlgExA, GetOpenFileNameA, dwOKSubclass, PageSetupDlgW<BR>&gt; psapi.dll: EmptyWorkingSet, QueryWorkingSet, GetModuleFileNameExA, GetMappedFileNameA, GetModuleInformation, GetDeviceDriverBaseNameW, EnumProcesses, GetMappedFileNameW, GetModuleBaseNameA, EnumProcessModules, GetDeviceDriverFileNameA, GetWsChanges, EnumDeviceDrivers, GetDeviceDriverFileNameW, GetModuleBaseNameW, InitializeProcessForWsWatch<BR>&gt; comctl32.dll: FlatSB_EnableScrollBar, CreateToolbar, LBItemFromPt, ImageList_SetIconSize, ImageList_DragLeave, _TrackMouseEvent, FlatSB_SetScrollRange, ImageList_Replace, ImageList_AddMasked, ImageList_LoadImageW, FlatSB_GetScrollPos, ImageList_Duplicate, GetEffectiveClientRect, ImageList_DrawEx, ShowHideMenuCtl, DrawInsert, ImageList_SetBkColor, ImageList_Destroy, CreateStatusWindowA, FlatSB_SetScrollPos, ImageList_GetFlags, DrawStatusTextA, CreatePropertySheetPage, ImageList_Read<BR><BR>( 0 exports ) <BR>
Prevx info: http://info.prevx.com/aboutprogramte...2E0700E2013F2E
```

----------


## senyak

Файл codecpack.v.1.0.149.exe получен 2008.08.13 22:39:47 (CET)
Текущий статус:   закончено 
Результат: 11/36 (30.56%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.8.13.0	2008.08.13	-
> AntiVir	7.8.1.19	2008.08.13	-
> Authentium	5.1.0.4	2008.08.13	-
> Avast	4.8.1195.0	2008.08.13	-
> AVG	8.0.0.161	2008.08.13	-
> BitDefender	7.2	2008.08.13	-
> CAT-QuickHeal	9.50	2008.08.13	-
> ClamAV	0.93.1	2008.08.13	-
> ...


Дополнительная информация
File size: 73216 bytes
MD5...: 057a31e8862cead0bf4f292a7a23ebb3
SHA1..: e37e7ddd80409aa434ffff0489aafe89e2e32b7c
SHA256: 42892363da59ba8872f42448a59a29cf19f3b314232c9824cd  53135f0defe1e3
SHA512: 4a85834cf1d3e55a26f855eb0e13c1562ccbb5465768f438e3  85b4bcc08da45d
0aa2f9b5a4baacca43038e15fa1775ccc55c9af3659c46e42e  96f0258eab1ed8
PEiD..: -
PEInfo: PE Structure information

----------


## ZhIV

Файл delautorun.bat получен 2008.08.14 04:04:02 (CET)


```
AhnLab-V3	2008.8.13.0	2008.08.13	Win32/Autorun.worm.204800.B
AntiVir	7.8.1.19	2008.08.13	TR/DNSChanger.D
Authentium	5.1.0.4	2008.08.14	-
Avast	4.8.1195.0	2008.08.13	Win32:DNSChanger-SL
AVG	8.0.0.161	2008.08.13	Worm/Generic.ETO
BitDefender	7.2	2008.08.14	Trojan.Zlob.1
CAT-QuickHeal	9.50	2008.08.13	Worm.Silly.ez
ClamAV	0.93.1	2008.08.14	-
DrWeb	4.44.0.09170	2008.08.13	-
eSafe	7.0.17.0	2008.08.13	-
eTrust-Vet	31.6.6031	2008.08.13	-
Ewido	4.0	2008.08.13	-
F-Prot	4.4.4.56	2008.08.13	-
F-Secure	7.60.13501.0	2008.08.13	-
Fortinet	3.14.0.0	2008.08.13	DNSChanger.D!tr
GData	2.0.7306.1023	2008.08.14	Win32:DNSChanger-SL
Ikarus	T3.1.1.34.0	2008.08.14	Trojan.DNSChanger.D
K7AntiVirus	7.10.413	2008.08.13	Worm.Win32.Silly.EZ
Kaspersky	7.0.0.125	2008.08.14	-
McAfee	5360	2008.08.13	W32/Autorun.worm.t
Microsoft	1.3807	2008.08.14	Worm:Win32/Silly.N
NOD32v2	3353	2008.08.13	a variant of Win32/AutoRun.MF
Norman	5.80.02	2008.08.13	W32/Smalltroj.DGWJ
Panda	9.0.0.4	2008.08.13	Adware/SecurityError
PCTools	4.4.2.0	2008.08.13	-
Prevx1	V2	2008.08.14	-
Rising	20.57.22.00	2008.08.13	-
Sophos	4.32.0	2008.08.14	W32/Silly-G
Sunbelt	3.1.1542.1	2008.08.13	-
Symantec	10	2008.08.14	Trojan.Zlob
TheHacker	6.3.0.3.046	2008.08.13	-
TrendMicro	8.700.0.1004	2008.08.13	WORM_SILLY.EZ
VBA32	3.12.8.3	2008.08.13	-
ViRobot	2008.8.13.1335	2008.08.13	-
VirusBuster	4.5.11.0	2008.08.13	-
Webwasher-Gateway	6.6.2	2008.08.13	Trojan.DNSChanger.D
```

Дополнительная информация
File size: 204800 bytes
MD5...: cd676a2e684da3c6647daf9ad0512be1
SHA1..: 1fffebf2184646ca62095bbcf1bea35594d35c73
SHA256: 6662b2d83b90832ca06a4a3f72cfb89a3173c7cc30e791bed4  3018937578766d
SHA512: 21160bc56468bcdf36a2c357aab0ddefaed57f0e5164c303b9  9173b289ae62b4<BR>36925e671858b593a80928d3694cb7b4  4dfad84603f170bbbe14f3716c9b5cb1
PEiD..: Armadillo v1.71

----------


## senyak

Файл index.php получен 2008.08.17 14:41:54 (CET)
Текущий статус:   закончено 
Результат: 9/34 (26.48%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.8.15.0	2008.08.15	-
> *AntiVir	7.8.1.19	2008.08.16	HEUR/HTML.Malware
> Authentium	5.1.0.4	2008.08.16	JS/Agent.CH*
> Avast	4.8.1195.0	2008.08.17	-
> AVG	8.0.0.161	2008.08.16	-
> *BitDefender	7.2	2008.08.17	Trojan.HTML.Zlob.AA
> CAT-QuickHeal	9.50	2008.08.16	HTM/Zlob.GEN.1*
> ClamAV	0.93.1	2008.08.16	-
> ...


Дополнительная информация
File size: 12502 bytes
MD5...: 98c858b1e0ab800b11494331da278b14
SHA1..: 3576881e3b1f47ec0246d19cb8b84242acc5e62e
SHA256: 3e9e78f3ca430ac52010e57af9422a739cbac41829d7ee0d26  c851997fc81fcc
SHA512: 84f7dd2b52dab20b1d50e8db559585700cd0d3dc55d1ae396e  ee7dc59393d4ab
f0d816e208e50ecbba1df03d20b4bc8c24f29ed02bf8a0f774  6f2a60d968e4bd
PEiD..: -
PEInfo: -




Файл player.php получен 2008.08.17 14:51:26 (CET)
Текущий статус:    закончено 
Результат: 9/36 (25%)




> Антивирус	Версия	Обновление	Результат
> *AhnLab-V3	2008.8.15.0	2008.08.15	HTML/Zlob
> AntiVir	7.8.1.19	2008.08.16	HEUR/HTML.Malware
> Authentium	5.1.0.4	2008.08.16	JS/Agent.CF*
> Avast	4.8.1195.0	2008.08.17	-
> AVG	8.0.0.161	2008.08.16	-
> BitDefender	7.2	2008.08.17	-
> *CAT-QuickHeal	9.50	2008.08.16	HTM/Zlob.GEN.2*
> ClamAV	0.93.1	2008.08.16	-
> ...


Дополнительная информация
File size: 11127 bytes
MD5...: 9572c7b900430c7d45f0d1bfac468a73
SHA1..: 63133373b702fe051a60d9e0ffe677dd5fce239a
SHA256: 4a5914609f2a250a7eaf877b1bdbdea644dfcffae9942b83bf  dcefb331b3ed0c
SHA512: c2aa0b512741252d8d29795a9894996299153cf570bd96f84c  07e6e16c94703b
b10326d08683f4f4e22ef30e75a917607237d7c13bbdb5d1b3  1edf845a8cb3cc
PEiD..: -
PEInfo: -




Файл viewmovie.php получен 2008.08.17 14:54:24 (CET)
Текущий статус:   закончено 
Результат: 10/36 (27.78%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.8.15.0	2008.08.15	-
> *AntiVir	7.8.1.19	2008.08.16	HEUR/HTML.Malware
> Authentium	5.1.0.4	2008.08.16	JS/Agent.FA*
> Avast	4.8.1195.0	2008.08.17	-
> *AVG	8.0.0.161	2008.08.16	Downloader.Zlob.HTML
> BitDefender	7.2	2008.08.17	Trojan.HTML.Zlob.Y
> CAT-QuickHeal	9.50	2008.08.16	HTM/Zlob.GEN.2*
> ClamAV	0.93.1	2008.08.16	-
> ...


Дополнительная информация
File size: 12389 bytes
MD5...: 620817bce08b32ca8921511d4d2474f5
SHA1..: 5e652f10cab8b2cbd87d699e95aea339baebf814
SHA256: 861e136a03dc122225da0b79886f5d6eea88050bf5873e2739  7d83f467e98a58
SHA512: 45537cd1b40d3e04a27579bd9d1750679fb2cf2d99aa7ee992  d07ae4b15ea12c
f6de802d0d5ba46fc044986dd59e1d73ca355e88a353670ab6  a8ba6842e70502
PEiD..: -
PEInfo: -

----------


## Geser

Не совсем честно, файл обнаружек КАВом при серфинге, однако показательно 
AhnLab-V3 2008.8.19.0 2008.08.18 - 
AntiVir 7.8.1.19 2008.08.18 HTML/Rce.Gen 
Authentium 5.1.0.4 2008.08.18 - 
Avast 4.8.1195.0 2008.08.18 - 
AVG 8.0.0.161 2008.08.18 - 
BitDefender 7.2 2008.08.18 - 
CAT-QuickHeal 9.50 2008.08.18 - 
ClamAV 0.93.1 2008.08.18 - 
DrWeb 4.44.0.09170 2008.08.18 Exploit.PDF.2 
eSafe 7.0.17.0 2008.08.18 - 
eTrust-Vet 31.6.6035 2008.08.15 - 
Ewido 4.0 2008.08.18 - 
F-Prot 4.4.4.56 2008.08.18 - 
F-Secure 7.60.13501.0 2008.08.18 Exploit.Win32.Pidief.fl 
Fortinet 3.14.0.0 2008.08.18 - 
GData 2.0.7306.1023 2008.08.18 Exploit.Win32.Pidief.fl 
Ikarus T3.1.1.34.0 2008.08.18 Exploit.Win32.Pidief.fl 
K7AntiVirus 7.10.420 2008.08.18 - 
Kaspersky 7.0.0.125 2008.08.18 Exploit.Win32.Pidief.fl 
McAfee 5363 2008.08.18 - 
Microsoft 1.3807 2008.08.18 - 
NOD32v2 3365 2008.08.18 - 
Norman 5.80.02 2008.08.18 - 
Panda 9.0.0.4 2008.08.17 - 
PCTools 4.4.2.0 2008.08.18 - 
Prevx1 V2 2008.08.18 - 
Rising 20.58.02.00 2008.08.18 - 
Sophos 4.32.0 2008.08.18 Troj/PDFJs-A 
Sunbelt 3.1.1546.1 2008.08.15 - 
Symantec 10 2008.08.18 - 
TheHacker 6.3.0.5.053 2008.08.18 - 
TrendMicro 8.700.0.1004 2008.08.18 - 
VBA32 3.12.8.3 2008.08.18 - 
ViRobot 2008.8.18.1339 2008.08.18 - 
VirusBuster 4.5.11.0 2008.08.18 - 
Webwasher-Gateway 6.6.2 2008.08.18 Script.Rce.Gen

----------


## ALEX(XX)

Позволю себе небольшой комментарий. Сегодня на работе много народу пыталось подцепить сию фигню.

----------


## rubin

Файл Sowr67.dta получен 2008.08.19 17:03:26 (CET)


```
AhnLab-V3	2008.8.19.0	2008.08.19	-
AntiVir	7.8.1.23	2008.08.19	TR/Rootkit.Gen
Authentium	5.1.0.4	2008.08.19	-
Avast	4.8.1195.0	2008.08.19	Win32:Qandr
AVG	8.0.0.161	2008.08.19	Scagent.L
BitDefender	7.2	2008.08.19	Trojan.Srizbi.SYS.Gen
CAT-QuickHeal	9.50	2008.08.18	-
ClamAV	0.93.1	2008.08.19	-
DrWeb	4.44.0.09170	2008.08.19	Trojan.Spambot.3201
eSafe	7.0.17.0	2008.08.19	-
eTrust-Vet	31.6.6035	2008.08.15	-
Ewido	4.0	2008.08.19	-
F-Prot	4.4.4.56	2008.08.18	-
F-Secure	7.60.13501.0	2008.08.19	Srizbi.gen1
Fortinet	3.14.0.0	2008.08.19	RootKit.C
GData	2.0.7306.1023	2008.08.19	Win32:Qandr
Ikarus	T3.1.1.34.0	2008.08.19	Rootkit.Win32.Agent.ea
K7AntiVirus	7.10.421	2008.08.19	Trojan.Win32.Srizbi.SYS.Family
Kaspersky	7.0.0.125	2008.08.19	-
McAfee	5363	2008.08.18	Generic.dx
Microsoft	1.3807	2008.08.19	Spammer:WinNT/Srizbi.A
NOD32v2	3368	2008.08.19	Win32/Srizbi
Norman	5.80.02	2008.08.19	Srizbi.gen1
Panda	9.0.0.4	2008.08.19	-
PCTools	4.4.2.0	2008.08.19	-
Prevx1	V2	2008.08.19	Cloaked Malware
Rising	20.58.12.00	2008.08.19	-
Sophos	4.32.0	2008.08.19	Mal/RootKit-C
Sunbelt	3.1.1546.1	2008.08.15	Trojan.Srizbi.SYS.Gen
Symantec	10	2008.08.19	Trojan.Srizbi
TheHacker	6.3.0.5.054	2008.08.19	-
TrendMicro	8.700.0.1004	2008.08.19	-
VBA32	3.12.8.3	2008.08.19	-
ViRobot	2008.8.19.1341	2008.08.19	-
VirusBuster	4.5.11.0	2008.08.19	-
Webwasher-Gateway	6.6.2	2008.08.19	Trojan.Rootkit.Gen
```

File size: 129024 bytes
MD5...: 1e254a8fe208c825397ca5854932ae51
SHA1..: 624285cceb51666e7da6bbeeaff1676e5a33510f
SHA256: 56423b8bde0169ea8e6c515b06fffa71ab79a2159a7e7abe68  02a825baf74fb4
SHA512: 447fec9c50e6d8746c020c5a65ded61150800b1645add3e310  41930c43ad3c14
4b747e7d12ff94c4e2267756c5f120d0c0a70c97fbe7fe33f0  1c5ba3b14bb8b9

*Добавлено через 13 минут*

Файл avz00001.dta получен 2008.08.19 17:19:08 (CET)



```
AhnLab-V3	2008.8.19.0	2008.08.19	-
AntiVir	7.8.1.23	2008.08.19	TR/Spy.Gen
Authentium	5.1.0.4	2008.08.19	-
Avast	4.8.1195.0	2008.08.19	Win32:Trojan-gen {Other}
AVG	8.0.0.161	2008.08.19	-
BitDefender	7.2	2008.08.19	Trojan.Mezzia.DP
CAT-QuickHeal	9.50	2008.08.18	Trojan.Mezzia.dp
ClamAV	0.93.1	2008.08.19	-
DrWeb	4.44.0.09170	2008.08.19	Trojan.Mssmsgs.2
eSafe	7.0.17.0	2008.08.19	-
eTrust-Vet	31.6.6035	2008.08.15	Win32/Nebuler!generic
Ewido	4.0	2008.08.19	-
F-Prot	4.4.4.56	2008.08.18	-
F-Secure	7.60.13501.0	2008.08.19	-
Fortinet	3.14.0.0	2008.08.19	Addler!tr
GData	2.0.7306.1023	2008.08.19	Win32:Trojan-gen
Ikarus	T3.1.1.34.0	2008.08.19	Trojan.Mezzia.DP
K7AntiVirus	7.10.421	2008.08.19	Trojan.Win32.Mezzia.DP
Kaspersky	7.0.0.125	2008.08.19	-
McAfee	5363	2008.08.18	-
Microsoft	1.3807	2008.08.19	Trojan:Win32/Nebuler.gen!D
NOD32v2	3368	2008.08.19	-
Norman	5.80.02	2008.08.19	-
Panda	9.0.0.4	2008.08.19	-
PCTools	4.4.2.0	2008.08.19	-
Prevx1	V2	2008.08.19	Cloaked Malware
Rising	20.58.12.00	2008.08.19	Trojan.Win32.Undef.jzu
Sophos	4.32.0	2008.08.19	Troj/Addler-Fam
Sunbelt	3.1.1546.1	2008.08.15	Trojan.Mezzia.DP
Symantec	10	2008.08.19	Trojan.Vundo
TheHacker	6.3.0.5.054	2008.08.19	-
TrendMicro	8.700.0.1004	2008.08.19	-
VBA32	3.12.8.3	2008.08.19	-
ViRobot	2008.8.19.1341	2008.08.19	-
VirusBuster	4.5.11.0	2008.08.19	-
Webwasher-Gateway	6.6.2	2008.08.19	Trojan.Spy.Gen
```

File size: 32768 bytes
MD5...: 6798c02a639903bf155281668b3d2d0d
SHA1..: eee9f2d0c926c44323e10e4acaf9321dbf9a57b2
SHA256: 8efd4cdccd9ea188ad1b8fc70188ec145cbf6f09a6f563326c  40326557a37d91
SHA512: f2a54e56bf5a039f945bdba53912802fc5ae300b1c1f5d7f7a  7f7c91d09ca849
88f47fbbffa946a38f4648d6951be40b0ca8d45ab5e5fe1f75  19ef639d2bf110

----------


## senyak

Файл codecpack.v.1.0.141.exe получен 2008.08.20 16:10:54 (CET)
Текущий статус:   закончено 
Результат: 4/36 (11.12%)




> [B]Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.8.19.0	2008.08.20	-
> AntiVir	7.8.1.23	2008.08.20	-
> Authentium	5.1.0.4	2008.08.20	-
> Avast	4.8.1195.0	2008.08.20	-
> AVG	8.0.0.161	2008.08.20	-
> BitDefender	7.2	2008.08.20	-
> CAT-QuickHeal	9.50	2008.08.20	-
> ClamAV	0.93.1	2008.08.19	-
> ...


Дополнительная информация
File size: 79360 bytes
MD5...: d1f9c74c23a1790e13608beacdebd4ba
SHA1..: 042213713d0c025fd23b2a00b500d4594558580c
SHA256: 5c304d86d4c9a6a2473acaab032247275d9cd639e98db0e153  683eb44ff7f693
SHA512: 49d29178c42f6fff0eca719351d3e051c2f361f4ccfdf23ccc  41827d8127fc86
f8f14830ac678b25fa46fb96f1c17f51afc0aa97c16386f128  d45304f1512c46
PEiD..: -
PEInfo: PE Structure information




Файл viewmovie.php получен 2008.08.20 16:27:07 (CET)
Текущий статус:   закончено 
Результат: 10/36 (27.78%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.8.19.0	2008.08.20	-
> *AntiVir	7.8.1.23	2008.08.20	HEUR/HTML.Malware
> Authentium	5.1.0.4	2008.08.20	JS/Agent.FA*
> Avast	4.8.1195.0	2008.08.20	-
> *AVG	8.0.0.161	2008.08.20	Downloader.Zlob.HTML
> BitDefender	7.2	2008.08.20	Trojan.HTML.Zlob.Y
> CAT-QuickHeal	9.50	2008.08.20	HTM/Zlob.GEN.2*
> ClamAV	0.93.1	2008.08.19	-
> ...


Дополнительная информация
File size: 12389 bytes
MD5...: ad90caa64db58b212b7ab8d9907d58cc
SHA1..: 4a7969edb97c6839a53775acadd056afa3814eef
SHA256: d093b1472fa93074ee466a729952c8f865f19b844768ac2cbd  dff9dc2a83ea04
SHA512: b8fa0749a1748b113a64f1a3a4045556a37cc0f0154de82c51  e91efd230d9736
9cd455a01e3aef8848a3f6047aefee5796c3015d98c0dd180e  5220f798f2a6ad
PEiD..: -
PEInfo: -

----------


## senyak

Файл codecpack.v.1.0.149.exe получен 2008.08.24 09:05:36 (CET)
Текущий статус:   закончено 
Результат: 3/36 (8.34%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.8.21.0	2008.08.22	-
> AntiVir	7.8.1.23	2008.08.23	-
> Authentium	5.1.0.4	2008.08.24	-
> Avast	4.8.1195.0	2008.08.23	-
> AVG	8.0.0.161	2008.08.23	-
> BitDefender	7.2	2008.08.24	-
> CAT-QuickHeal	9.50	2008.08.22	-
> ClamAV	0.93.1	2008.08.24	-
> ...


Дополнительная информация
File size: 87552 bytes
MD5...: 3d0a78b90d7e3ddcc1b20027af3d1d99
SHA1..: 327946ef93c1132f3182f50646c1b0e747c60068
SHA256: f28d6f08ce733fdaa00bee6ac22b7c764fd45f6c7a8f75b603  5b8001757334e7
SHA512: 937c5e663082aebe4e63bf5ff868cd1e6b427375652a2e6740  64ea7b00afc24a
90c2c9bf983a838400424951eeac912eda4a4c6e1725a97744  ea0be2bce873f1
PEiD..: -
PEInfo: PE Structure information




Файл viewmovie.php получен 2008.08.24 09:07:24 (CET)
Текущий статус:   закончено 
Результат: 10/35 (28.58%)




> Антивирус	Версия	Обновление	Результат
> *AntiVir	7.8.1.23	2008.08.23	HEUR/HTML.Malware
> Authentium	5.1.0.4	2008.08.24	JS/Agent.FA*
> Avast	4.8.1195.0	2008.08.23	-
> *AVG	8.0.0.161	2008.08.23	Downloader.Zlob.HTML
> BitDefender	7.2	2008.08.24	Trojan.HTML.Zlob.Y
> CAT-QuickHeal	9.50	2008.08.22	HTM/Zlob.GEN.2*
> ClamAV	0.93.1	2008.08.24	-
> DrWeb	4.44.0.09170	2008.08.23	-
> ...


Дополнительная информация
File size: 12469 bytes
MD5...: 1c8daf4b6502efac0f93398a7534c0ff
SHA1..: 95bc8638d600e038e93721db1827205ba76909ba
SHA256: 244485f2f69b27cae8c239b924e41f30569242fcba32459864  16f6a12716bf22
SHA512: 1a9508345b4de02741f7f9aa51937290ad258bf848fc324b7b  53edd1b0f52e13
a00fd0020f83322267ae84b1915ed686266092de10839efae7  81eaa3ed95b205
PEiD..: -
PEInfo: -

----------


## santy

Файл avz00001.dta получен 2008.08.25 10:32:55 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.8.21.0	2008.08.25	-
*AntiVir	7.8.1.23	2008.08.25	DR/Delphi.Gen*
Authentium	5.1.0.4	2008.08.25	-
*Avast	4.8.1195.0	2008.08.24	Win32:Rootkit-gen*
*AVG	8.0.0.161	2008.08.24	Win32/Heur*
BitDefender	7.2	2008.08.25	-
CAT-QuickHeal	9.50	2008.08.22	-
ClamAV	0.93.1	2008.08.25	-
DrWeb	4.44.0.09170	2008.08.25	-
eSafe	7.0.17.0	2008.08.24	-
eTrust-Vet	31.6.6044	2008.08.23	-
Ewido	4.0	2008.08.24	-
F-Prot	4.4.4.56	2008.08.25	-
Fortinet	3.14.0.0	2008.08.25	-
GData	2.0.7306.1023	2008.08.20	-
*Ikarus	T3.1.1.34.0	2008.08.25	Downloader.Delphi*
K7AntiVirus	7.10.427	2008.08.23	-
Kaspersky	7.0.0.125	2008.08.25	-
McAfee	5368	2008.08.22	-
*Microsoft	1.3807	2008.08.25	VirTool:Win32/DelfInject.gen!AM*
NOD32v2	3383	2008.08.24	-
Panda	9.0.0.4	2008.08.24	-
PCTools	4.4.2.0	2008.08.24	-
Prevx1	V2	2008.08.25	-
Rising	20.59.00.00	2008.08.25	-
Sophos	4.32.0	2008.08.25	-
Sunbelt	3.1.1575.1	2008.08.23	-
Symantec	10	2008.08.25	-
TheHacker	6.3.0.6.060	2008.08.23	-
TrendMicro	8.700.0.1004	2008.08.25	-
VBA32	3.12.8.4	2008.08.23	-
ViRobot	2008.8.22.1346	2008.08.22	-
*VirusBuster	4.5.11.0	2008.08.24	Trojan.Delfinject.Gen.4*
*Webwasher-Gateway	6.6.2	2008.08.25	Trojan.Dropper.Delphi.Gen*
Дополнительная информация
File size: 460800 bytes
MD5...: b73f2f3aa339dc0c2db469e6cf859e83
SHA1..: 1fa1b785518df658a4b34e37d25db3e783e70b89
SHA256: b59ca9bc84f1df311ac576e306e05c7764ca15fdae540d1260  30a5f11289ff0b
SHA512: b1265b7fc9fd5e05400439226104c5f148a89104526b0ebc51  7ce624150a31ea<br>46eeece79e7b49fd98202c050175e2f7  8658a2ed9d57c67761fa36f6a4496e0b
PEiD..: -

http://www.virustotal.com/ru/analisi...262e81ffaf3428

----------


## Hanson

c:\windows\system32\video.sys





> Файл avz00001.dta получен 2008.08.26 10:59:44 (CET)
> Результат: 6/36 (16.67%)
> 
> Антивирус 	Версия 	Обновление 	Результат
> AhnLab-V3	2008.8.21.0	2008.08.26	-
> AntiVir	7.8.1.23	2008.08.26	-
> Authentium	5.1.0.4	2008.08.25	-
> Avast	4.8.1195.0	2008.08.25	-
> AVG	8.0.0.161	2008.08.26	-
> ...


*Добавлено через 3 минуты*

C:\WINDOWS\system32\vmmreg32.dll




> Файл avz00004.dta получен 2008.08.26 11:00:19 (CET)
> Результат: 4/36 (11.12%)	
> Антивирус 	Версия 	Обновление 	Результат
> AhnLab-V3	2008.8.21.0	2008.08.26	-
> AntiVir	7.8.1.23	2008.08.26	-
> Authentium	5.1.0.4	2008.08.25	-
> Avast	4.8.1195.0	2008.08.25	-
> AVG	8.0.0.161	2008.08.26	-
> BitDefender	7.2	2008.08.26	-
> ...

----------


## Shu_b

Итоги месяца.

----------


## dark-saber

File wmcodec_update.exex received on 09.14.2008 15:32:48 (CET)Antivirus	Version	Last Update	Result
AhnLab-V3	2008.9.13.0	2008.09.12	-
AntiVir	7.8.1.28	2008.09.12	-
*Authentium	5.1.0.4	2008.09.13	W32/Zlob*
Avast	4.8.1195.0	2008.09.13	-
AVG	8.0.0.161	2008.09.14	-
BitDefender	7.2	2008.09.14	-
CAT-QuickHeal	9.50	2008.09.13	-
ClamAV	0.93.1	2008.09.14	-
DrWeb	4.44.0.09170	2008.09.14	-
eSafe	7.0.17.0	2008.09.14	-
eTrust-Vet	31.6.6087	2008.09.12	-
Ewido	4.0	2008.09.14	-
*F-Prot	4.4.4.56	2008.09.14	W32/Zlob*
F-Secure	8.0.14332.0	2008.09.14	-
Fortinet	3.113.0.0	2008.09.14	-
GData	19	2008.09.14	-
Ikarus	T3.1.1.34.0	2008.09.14	-
K7AntiVirus	7.10.454	2008.09.13	-
Kaspersky	7.0.0.125	2008.09.14	-
McAfee	5383	2008.09.12	-
Microsoft	1.3903	2008.09.14	-
NOD32v2	3440	2008.09.13	-
*Norman	5.80.02	2008.09.12	DLoader.JGRQ*
Panda	9.0.0.4	2008.09.14	-
PCTools	4.4.2.0	2008.09.14	-
*Prevx1	V2	2008.09.14	Malware Dropper*
Rising	20.61.42.00	2008.09.12	-
Sophos	4.33.0	2008.09.14	-
*Sunbelt	3.1.1633.1	2008.09.13	Trojan.NewMediaCodec*
Symantec	10	2008.09.14	-
TheHacker	6.3.0.9.082	2008.09.14	-
TrendMicro	8.700.0.1004	2008.09.12	-
VBA32	3.12.8.5	2008.09.14	-
ViRobot	2008.9.12.1375	2008.09.12	-
VirusBuster	4.5.11.0	2008.09.14	-
Webwasher-Gateway	6.6.2	2008.09.14	-

Additional information
File size: 73122 bytes
MD5...: 8df7d5c46401581a50afd7e0cff66141
SHA1..: 0448f3ca6dafdc23750d1b209d70d9ffa9cdb27b
SHA256: d85c9b03127a665205a2bbd5853f856ed59184057045e18b87  b5051ad67a4a62
SHA512: 0a496c7f54db65bcb03b0969952c6dcb448bb26fa86d9ce874  3c290640b275b9<BR>33fd49adfafad9ed398225451857f62d  1f854f247e8c26489f02342a96d8466c
PEiD..: -
http://www.virustotal.com/analisis/d...6e098393dbeca4

----------


## ALEX(XX)

```
File Setup_ver1.1318.0.exe received on 09.17.2008 07:40:36 (CET)Antivirus	Version	Last Update	Result
AhnLab-V3	2008.9.13.0	2008.09.17	-
AntiVir	7.8.1.28	2008.09.16	TR/Dldr.Zlob.Gen
Authentium	5.1.0.4	2008.09.17	-
Avast	4.8.1195.0	2008.09.16	-
AVG	8.0.0.161	2008.09.16	-
BitDefender	7.2	2008.09.17	-
CAT-QuickHeal	9.50	2008.09.16	-
ClamAV	0.93.1	2008.09.17	-
DrWeb	4.44.0.09170	2008.09.17	-
eSafe	7.0.17.0	2008.09.15	-
eTrust-Vet	31.6.6091	2008.09.16	-
Ewido	4.0	2008.09.16	-
F-Prot	4.4.4.56	2008.09.16	-
F-Secure	8.0.14332.0	2008.09.17	-
Fortinet	3.113.0.0	2008.09.17	-
GData	19	2008.09.17	-
Ikarus	T3.1.1.34.0	2008.09.17	Trojan-Downloader.Zlob
K7AntiVirus	7.10.458	2008.09.16	-
Kaspersky	7.0.0.125	2008.09.17	-
McAfee	5385	2008.09.17	-
Microsoft	1.3903	2008.09.16	TrojanDownloader:Win32/Zlob.gen!CD
NOD32v2	3447	2008.09.17	-
Norman	5.80.02	2008.09.16	-
Panda	9.0.0.4	2008.09.16	-
PCTools	4.4.2.0	2008.09.16	-
Prevx1	V2	2008.09.17	Malware Dropper
Rising	20.62.20.00	2008.09.17	-
Sophos	4.33.0	2008.09.17	-
Sunbelt	3.1.1645.1	2008.09.17	-
Symantec	10	2008.09.17	Downloader.Zlob!gen.3
TheHacker	6.3.0.9.084	2008.09.15	-
TrendMicro	8.700.0.1004	2008.09.17	-
VBA32	3.12.8.5	2008.09.16	-
ViRobot	2008.9.16.1378	2008.09.17	-
VirusBuster	4.5.11.0	2008.09.16	-
Webwasher-Gateway	6.6.2	2008.09.17	Trojan.Dldr.Zlob.Gen
```

----------


## zorro84

Файл vfpqlp.txt получен 2008.09.18 16:06:09 (CET)
Результат: 12/36 (33.34%)

Антивирус 	Версия 	Обновление 	Результат
AhnLab-V3	2008.9.13.0	2008.09.18	-
*AntiVir	7.8.1.34	2008.09.18	TR/Crypt.CFI.Gen*
Authentium	5.1.0.4	2008.09.18	-
*Avast	4.8.1195.0	2008.09.18	Win32:Trojan-gen {Other}*
AVG	8.0.0.161	2008.09.18	-
BitDefender	7.2	2008.09.18	-
*CAT-QuickHeal	9.50	2008.09.17	Trojan.Autoit.dm*
ClamAV	0.93.1	2008.09.18	-
DrWeb	4.44.0.09170	2008.09.18	-
*eSafe	7.0.17.0	2008.09.17	Suspicious File*
eTrust-Vet	31.6.6091	2008.09.16	-
Ewido	4.0	2008.09.18	-
F-Prot	4.4.4.56	2008.09.18	-
*F-Secure	8.0.14332.0	2008.09.18	Trojan.Win32.Autoit.dm*
*Fortinet	3.113.0.0	2008.09.18	W32/Agent.DF!tr*
*GData	19	2008.09.18	Win32:Trojan-gen*
*Ikarus	T3.1.1.34.0	2008.09.18	Trojan.Win32.Autoit.dt*
K7AntiVirus	7.10.461	2008.09.18	-
*Kaspersky	7.0.0.125	2008.09.18	Trojan.Win32.Autoit.dm*
McAfee	5386	2008.09.17	-
Microsoft	1.3903	2008.09.18	-
NOD32v2	3452	2008.09.18	-
Norman	5.80.02	2008.09.17	-
Panda	9.0.0.4	2008.09.18	-
PCTools	4.4.2.0	2008.09.18	-
*Prevx1	V2	2008.09.18	Cloaked Malware*
Rising	20.62.32.00	2008.09.18	-
Sophos	4.33.0	2008.09.18	-
Sunbelt	3.1.1645.1	2008.09.17	-
Symantec	10	2008.09.18	-
TheHacker	6.3.0.9.086	2008.09.18	-
*TrendMicro	8.700.0.1004	2008.09.18	WORM_AUTORUN.AB*
VBA32	3.12.8.5	2008.09.17	-
ViRobot	2008.9.18.1381	2008.09.18	-
VirusBuster	4.5.11.0	2008.09.17	-
*Webwasher-Gateway	6.6.2	2008.09.18	Trojan.Crypt.CFI.Gen*

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Hanson

Файл ntos.exe получен 2008.09.24 08:55:02 (CET)



> Результат: 1/36 (2.78%) 	
> 
> Антивирус 	Версия 	Обновление 	Результат
> AhnLab-V3	2008.9.23.1	2008.09.24	-
> AntiVir	7.8.1.34	2008.09.23	-
> Authentium	5.1.0.4	2008.09.23	-
> Avast	4.8.1195.0	2008.09.23	-
> AVG	8.0.0.161	2008.09.23	-
> BitDefender	7.2	2008.09.24	-
> ...


сеня ситуация лучше уже Результат: 10/36 (27.78%)


The file 'NTOS' has been determined to be 'MALWARE'. Our analysts named the threat TR/Spy.ZBot.fae.1. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 

авира ответила )))
а вот в НоДЕ предпочитают никогда неотвечать,
да и в базы они добавляют ОООЧЕНЬЬ долго

----------


## strawser

File sms_reader.exe received on 09.25.2008 12:52:41 (CET)
*AhnLab-V3	2008.9.25.0	2008.09.25	Win-Trojan/*Injector.45568.B
AntiVir	7.8.1.34	2008.09.25	-
*Authentium	5.1.0.4	2008.09.24	W32/Backdoor2.CFAC
Avast	4.8.1195.0	2008.09.25	Win32elf-LAC
AVG	8.0.0.161	2008.09.25	BackDoor.Generic10.KAL
BitDefender	7.2	2008.09.25	Trojan.Delf.Inject.AX
CAT-QuickHeal	9.50	2008.09.25	Win32.Backdoor.Delf.kho.8
ClamAV	0.93.1	2008.09.25	Trojan.Buzus-1620
DrWeb	4.44.0.09170	2008.09.25	BackDoor.IRC.Sdbot.3840*
eSafe	7.0.17.0	2008.09.24	-
*eTrust-Vet	31.6.6105	2008.09.24	Win32/Bifrost.EZ
Ewido	4.0	2008.09.25	Backdoor.Delf.kho
F-Prot	4.4.4.56	2008.09.25	W32/Backdoor2.CFAC
F-Secure	8.0.14332.0	2008.09.25	Backdoor.Win32.Delf.kho
Fortinet	3.113.0.0	2008.09.25	W32/Delf.KHO!tr
GData	19	2008.09.25	Trojan.Delf.Inject.AX
Ikarus	T3.1.1.34.0	2008.09.25	Trojan.Injector.AF
K7AntiVirus	7.10.470	2008.09.24	Backdoor.Win32.Delf.kho
Kaspersky	7.0.0.125	2008.09.25	Backdoor.Win32.Delf.kho
McAfee	5391	2008.09.24	MultiDropper-RY
Microsoft	1.3903	2008.09.25	VirTool:Win32/DelfInject.gen!N
NOD32	3470	2008.09.25	a variant of Win32/Injector.CL
Norman	5.80.02	2008.09.24	W32/Malware*
Panda	9.0.0.4	2008.09.24	-
PCTools	4.4.2.0	2008.09.24	-
Prevx1	V2	2008.09.25	-
*Rising	20.63.32.00	2008.09.25	Trojan.Win32.Buzus.nuy*
Sophos	4.33.0	2008.09.25	-
Sunbelt	3.1.1668.1	2008.09.24	-
Symantec	10	2008.09.25	-
TheHacker	6.3.0.9.093	2008.09.25	-
TrendMicro	8.700.0.1004	2008.09.25	-
*VBA32	3.12.8.6	2008.09.25	Trojan.Win32.Buzus.oie
ViRobot	2008.9.25.1392	2008.09.25	Trojan.Win32.Buzus.58368
VirusBuster	4.5.11.0	2008.09.24	Backdoor.Delf.BGUE*
Webwasher-Gateway	6.6.2	2008.09.25	-
Additional information
File size: 138752 bytes
MD5...: 9ef87d7687aeeac31347b559f545059b
SHA1..: d4d45fe3ecdf2c332fdb2040d95479125c88a684
SHA256: 228426565ddda774e344d9a91905503d6054d8e666c9f0004a  198b8861b94337
SHA512: 683fdb03a1617ecef5edbc269a70d213f296484e944ceaa96f  f4b7e0781884e4
8d64c3823ad84532395205ef414ae22f194e3cfae3ce31020e  0af4d2795f3498
PEiD..: -

----------


## Синауридзе Александр

Файл trzF5F.tmp получен 2008.09.27 04:37:08 (CET)




> *AhnLab-V3 2008.9.25.0 2008.09.26 Win-Trojan/Hamweq.9728* 
> *AntiVir 7.8.1.34 2008.09.26 TR/Dropper.Gen* 
> *Authentium 5.1.0.4 2008.09.27 W32/Worm.XVU* 
> *Avast 4.8.1195.0 2008.09.26 Win32:Trojan-gen {Other}* 
> *AVG 8.0.0.161 2008.09.26 Klone.W* 
> *BitDefender 7.2 2008.09.27 Backdoor.Hamweq.A* 
> *CAT-QuickHeal 9.50 2008.09.26 Trojan.Agent.gen* 
> *ClamAV 0.93.1 2008.09.27 Trojan.Kolabc.BFY* 
> *DrWeb 4.44.0.09170 2008.09.27 Win32.HLLW.Autoruner.2077* 
> ...


Дополнительная информация 
File size: 33280 bytes 
MD5...: ced0689850e8c6f544097d5f218a70b9 
SHA1..: f62558ac977f6b6f85c1c88bc70954ecd7ae8b7d 
SHA256: 1d4ecf36709a15c014338d8e5f8097eb5dd876168317186b8b  c79642722cb519 
SHA512: 9f402ea77ca9daafa3a937975479c8cd939e05303cf462dbd6  fed443ed0569fa
8e48670e295023e965d041792e2fc557f41cff79ce08e8e603  677657dab18c9e 
PEiD..: - 
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x407124
timedatestamp.....: 0x47ec14d6 (Thu Mar 27 21:42:46 200 :Cool: 
machinetype.......: 0x14c (I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.pepsi 0x1000 0x6000 0x1dd5 7.40 4cdd1c7708d69fa7a4bffb638c8474a3
.text 0x7000 0x1000 0x600 5.73 4f18d5ee8ce76e6ef6e9203a51d95079

( 1 imports ) 
> kernel32.dll: ExitProcess, GetModuleHandleA, GetProcAddress, LoadLibraryA, RtlZeroMemory, VirtualAlloc, VirtualFree, VirtualProtect

( 0 exports ) 

Norman Sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* File length: 33280 bytes.

*Добавлено через 5 часов 58 минут*

Уже ответили:




> Здравствуйте,
> 
> trzF5F - Worm.Win32.AutoRun.pes
> 
> Детектирование файла будет добавлено в следующее обновление.
> 
> Пожалуйста, при ответе включайте переписку целиком.
> 
> --
> ...

----------


## ananas

Файл vkontakt.exe получен 2008.09.28 22:05:32 (CET)
Текущий статус:   закончено 
Результат: 15/36 (41.67%) 
 Форматированные 
Печать результатов  Антивирус	Версия	Обновление	Результат
AhnLab-V3 2008.9.25.0	2008.09.26	-
*AntiVir 7.8.1.34             2008.09.28	TR/KillDisk.AN*
Authentium 5.1.0.4	2008.09.28	-
*Avast	4.8.1195.0	2008.09.27	Win32:Trojan-gen {Other}
AVG	8.0.0.161	2008.09.28	Generic11.YZX*
BitDefender 7.2	             2008.09.28 	-
CAT-QuickHeal 9.50	2008.09.27	-
ClamAV	0.93.1	             2008.09.28	-
*DrWeb 4.44.0.09170	2008.09.28	Trojan.KillMBR.143*
eSafe	7.0.17.0	             2008.09.28	-
eTrust-Vet 31.6.6110	2008.09.26	-
Ewido	4.0	             2008.09.28	-
F-Prot	4.4.4.56 	2008.09.27	-
*F-Secure8.0.14332.0	2008.09.28	Trojan.Win32.KillDisk.an*
Fortinet	3.113.0.0	2008.09.28	-
*GData	19	             2008.09.28	Win32:Trojan-gen {Other}
Ikarus	T3.1.1.34.0	2008.09.28	Trojan-Proxy.Win32.Delf.cc
K7AntiVirus 7.10.476	2008.09.27	Trojan.Win32.KillDisk.an
Kaspersky 7.0.0.125	2008.09.28	Trojan.Win32.KillDisk.an
McAfee	5393	             2008.09.27	Generic.dx*
Microsoft 1.3903	             2008.09.28	-
NOD32	3478	             2008.09.28	-
Norman	5.80.02	            2008.09.26	-
Panda	9.0.0.4	            2008.09.28	-
PCTools 4.4.2.0              2008.09.26	-
*Prevx1	V2	             2008.09.28	Worm*
Rising	20.63.62.00	2008.09.28	-
*SecureWeb-Gateway6.7.62008.09.28	Trojan.KillDisk.AN*
Sophos	4.34.0	              2008.09.28	-
*Sunbelt	3.1.1675.1	2008.09.27	Trojan.Win32.KillDisk.an*
Symantec	10	2008.09.28	-
TheHacker 6.3.0.9.095	2008.09.27	-
*TrendMicro8.700.0.1004	2008.09.26	TROJ_KILLDISK.AM*
*VBA32	3.12.8.6	            2008.09.27	Trojan.KillMBR.143*
ViRobot	2008.9.26.1394	2008.09.26	-
VirusBuster 4.5.11.0	2008.09.28	-
Дополнительная информация
File size: 44032 bytes
MD5...: 6147920244c67a3c3f2d92af8f396d95

----------


## insane

File Name :	  Юле 35.exe
File Size :	  87126 byte
File Type :	  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 :	  c67e887a58bfc0c0a3f8b4ef518a514b
SHA1 :	  be93aa06e900876340a808dc8d7a16458fa62ed6


a-squared	4.0.0.14	2008.09.28	2008-09-28	-	1.562
AhnLab V3	2008.09.29.01	2008.09.29	2008-09-29	-	0.956
*AntiVir	7.8.1.34	7.0.6.222	2008-09-29	Worm/Delf.BL.1	2.296*
Arcavir	1.0.5	200809281307	2008-09-28	-	1.217
*Authentium	5.1.1	200809241708	2008-09-24	W32/Heuristic-131!Eldorado (Heuristic)	1.095*
*AVAST!	3.0.1	080929-0	2008-09-29	Win32elf-FXF	0.014*
*AVG	7.5.52.442	270.7.5/1696	2008-09-28	Worm/Delf.BWM	1.650*
*BitDefender	7.60825.1821573	7.21098	2008-09-29	Win32.Worm.Delf.BL	3.098*
CA (VET)	9.0.0.143	31.6.6116	2008-09-29	-	4.984
ClamAV	0.94	8352	2008-09-29	-	0.030
Comodo	2.11	2.0.0.661	2008-09-29	-	3.378
*CP Secure	1.1.0.715	2008.09.29	2008-09-29	W32.Delf.bq	5.926*
*Dr.Web	4.44.0.9170	2008.09.29	2008-09-29	Win32.HLLW.Frendly	3.233*
ewido	4.0.0.2	2008.09.28	2008-09-28	-	3.867
*F-Prot	4.4.4.56	20080928	2008-09-28	Possible W32/Heuristic-131!Eldorado (not disinfectable)	1.070*
*F-Secure	5.51.6100	2008.09.29.03	2008-09-29	Virus.Win32.Delf.bq [AVP]	0.040*
*Fortinet	2.81-3.113	9.600	2008-09-29	W32/Delf.BQ	0.146*
*Ikarus	T3.1.01.34	2008.09.29.71548	2008-09-29	Virus.Win32.Delf.bq	3.355*
*JiangMin	11.0.706	2008.09.29	2008-09-29	Virus.Delf.al	3.346*
*Kaspersky	5.5.10	2008.09.29	2008-09-29	Virus.Win32.Delf.bq	0.030*
KingSoft	2008.9.8.18	2008.9.29.14	2008-09-29	-	1.206
*McAfee	5.3.00	5393	2008-09-26	Generic.dx	1.979*
Microsoft	1.3903	2008.09.29	2008-09-29	-	4.099
*mks_vir	2.01	2008.09.29	2008-09-29	Worm.Win32.Delf.ysk	2.685*
*Norman	5.93.01	5.93.00	2008-09-18	W32/Malware.SMM	5.663*
*nProtect	2008-09-29.00	2184043	2008-09-29	Win32.Worm.Delf.BL	7.645*
Panda	9.05.01	2008.09.27	2008-09-27	-	0.962
Quick Heal	9.50	2008.09.29	2008-09-29	-	2.437
*Rising	20.0	20.63.62.00	2008-09-28	Worm.Win32.Delf.ysk	1.008*
*Sophos	2.79.0	4.34	2008-09-29	Mal/Behav-043	1.729*
Sunbelt	3.1.1675.1	2261	2008-09-26	-	0.521
*Symantec	1.3.0.24	20080928.003	2008-09-28	W32.Folmess	0.075*
The Hacker	6.3.0.9	v00096	2008-09-28	-	0.434
*Trend Micro	8.700-1004	5.570.07	2008-09-29	WORM_DELF.IPT	0.021*
*VBA32	3.12.8.6	20080928.0844	2008-09-28	Virus.Win32.Delf.bq	1.204*
ViRobot	20080926	2008.09.26	2008-09-26	-	0.427
VirusBuster	4.5.11.10	10.89.1/635920	2008-09-28	-	0.948

----------


## ISO

File 16.tmp received on 09.30.2008 10:22:28 (CET)
Current status:     finished   
Result: 12/36 (33.34%)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.9.25.0	2008.09.30	-
AntiVir	7.8.1.34	2008.09.30	-
*Authentium	5.1.0.4	2008.09.29	W32/Heuristic-MU2!Eldorado
Avast	4.8.1195.0	2008.09.29	Win32:Trojan-gen {Other}*
AVG	8.0.0.161	2008.09.29	-
*BitDefender	7.2	2008.09.30	Trojan.Generic.543401*
CAT-QuickHeal	9.50	2008.09.30	-
ClamAV	0.93.1	2008.09.30	-
DrWeb	4.44.0.09170	2008.09.30	-
*eSafe	7.0.17.0	2008.09.29	Suspicious File*
eTrust-Vet	31.6.6117	2008.09.30	-
Ewido	4.0	2008.09.29	-
*F-Prot	4.4.4.56	2008.09.29	W32/Heuristic-MU2!Eldorado*
F-Secure	8.0.14332.0	2008.09.30	-
Fortinet	3.113.0.0	2008.09.30	-
*GData	19	2008.09.30	Trojan.Generic.543401*
Ikarus	T3.1.1.34.0	2008.09.30	-
K7AntiVirus	7.10.476	2008.09.27	-
Kaspersky	7.0.0.125	2008.09.30	-
McAfee	5394	2008.09.30	-
*Microsoft	1.4005	2008.09.30	TrojanSpy:Win32/Festeal.B*
NOD32	3481	2008.09.29	-
*Norman	5.80.02	2008.09.29	W32/Smalltroj.dam
Panda	9.0.0.4	2008.09.29	Trj/Agent.GJD*
PCTools	4.4.2.0	2008.09.29	-
Prevx1	V2	2008.09.30	-
Rising	20.63.62.00	2008.09.28	-
*SecureWeb-Gateway	6.7.6	2008.09.30	Win32.Malware.dam (suspicious)*
Sophos	4.34.0	2008.09.30	-
*Sunbelt	3.1.1675.1	2008.09.27	VIPRE.Suspicious
Symantec	10	2008.09.30	Trojan.Dropper*
TheHacker	6.3.0.9.097	2008.09.29	-
TrendMicro	8.700.0.1004	2008.09.30	-
VBA32	3.12.8.6	2008.09.29	-
ViRobot	2008.9.30.1397	2008.09.30	-
VirusBuster	4.5.11.0	2008.09.29	-
Additional information
File size: 40558 bytes
MD5...: 3c44a438a3069f4ca0c280f451cd12d2
SHA1..: f59160f0a13d52475e33d14ab2c4a835ce82e812
SHA256: 4a9801124df640c34c557f7999c37dd6712a86fbfb810c57c3  ad163184e03eca
SHA512: f2727ccdedf22dc754dbe3b14c49c01ec3870cff2fa4224513  b852f3b8013bf6
2f4dc9f3b404ecf62c5e7c7ae8ae877400891c2e91ea6e2479  d051919f5f38a4
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4123b0
timedatestamp.....: 0x46d6ff0d (Thu Aug 30 17:31:57 2007)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x5000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x6000 0xd000 0xc600 7.75 23a05301a652409e56a553985f813a75
.rsrc 0x13000 0x1000 0xa00 0.00 d41d8cd98f00b204e9800998ecf8427e

( 0 imports ) 

( 0 exports ) 
packers (Kaspersky): PE_Patch

----------


## Granin

Файл qtslmoyc.dat получен 2008.10.01 02:06:05 (CET)
Результат: 27/35 (77.15%)

AhnLab-V3 2008.10.1.0 2008.09.30 - 
*AntiVir 7.8.1.34 2008.09.30 TR/Rootkit.Gen 
Authentium 5.1.0.4 2008.09.30 W32/Trojan2.INC 
Avast 4.8.1195.0 2008.09.30 Win32:Agent-NGL 
AVG 8.0.0.161 2008.09.30 Agent.2.AF 
BitDefender 7.2 2008.10.01 Trojan.Spy.Agent.NJP 
CAT-QuickHeal 9.50 2008.09.30 Trojan.Agent.cid 
ClamAV 0.93.1 2008.10.01 Trojan.Rootkit-349 
DrWeb 4.44.0.09170 2008.09.30 Trojan.Sentinel* 
eSafe 7.0.17.0 2008.09.30 - 
*eTrust-Vet 31.6.6119 2008.09.30 Win32/Kvol.C 
Ewido 4.0 2008.09.30 Trojan.Agent.cid 
F-Prot 4.4.4.56 2008.09.30 W32/Trojan2.INC 
F-Secure 8.0.14332.0 2008.10.01 Trojan.Win32.Agent.cid 
Fortinet 3.113.0.0 2008.09.30 W32/Boaxxe.C!tr 
GData 19 2008.10.01 Trojan.Spy.Agent.NJP 
Ikarus T3.1.1.34.0 2008.10.01 Trojan.Win32.Agent.cid 
K7AntiVirus 7.10.478 2008.09.30 Trojan.Win32.Agent.cid 
Kaspersky 7.0.0.125 2008.10.01 Trojan.Win32.Agent.cid 
McAfee 5394 2008.09.30 BackDoor-CVM!sys 
Microsoft 1.4005 2008.10.01 VirTool:WinNT/Boaxxe.C* 
Norman 5.80.02 2008.09.30 - 
Panda 9.0.0.4 2008.09.30 - 
*PCTools 4.4.2.0 2008.09.30 Rootkit.Agent.WWD 
Prevx1 V2 2008.10.01 Rootkit 
Rising 20.63.62.00 2008.09.28 Trojan.Win32.Agent.cid 
SecureWeb-Gateway 6.7.6 2008.10.01 Trojan.Rootkit.Gen 
Sophos 4.34.0 2008.10.01 Troj/Boaxxe-C* 
Sunbelt 3.1.1668.1 2008.09.24 - 
Symantec 10 2008.10.01 - 
TheHacker 6.3.0.9.097 2008.09.29 - 
*TrendMicro 8.700.0.1004 2008.09.30 TROJ_AGENT.AEUA* 
VBA32 3.12.8.6 2008.09.30 - 
*ViRobot 2008.9.30.1398 2008.09.30 Trojan.Win32.Agent.5120.F 
VirusBuster 4.5.11.0 2008.09.30 Rootkit.Agent.WWD* 

Дополнительная информация 
File size: 5120 bytes 
MD5...: 04d090ebbf5e9e8de2f281b085d8578b


Файл boot.com получен 2008.10.01 03:27:55 (CET)
Результат: 14/36 (38.89%)

AhnLab-V3 2008.10.1.0 2008.09.30 - 
*AntiVir 7.8.1.34 2008.09.30 TR/Autorun.BE* 
Authentium 5.1.0.4 2008.09.30 - 
*Avast 4.8.1195.0 2008.09.30 Win32:KdCrypt 
AVG 8.0.0.161 2008.09.30 Worm/Generic_r.AO* 
BitDefender 7.2 2008.10.01 - 
CAT-QuickHeal 9.50 2008.09.30 - 
ClamAV 0.93.1 2008.10.01 - 
DrWeb 4.44.0.09170 2008.09.30 - 
eSafe 7.0.17.0 2008.09.30 - 
*eTrust-Vet 31.6.6119 2008.09.30 Win32/Vipordno.B* 
Ewido 4.0 2008.09.30 - 
*F-Prot 4.4.4.56 2008.09.30 W32/Virtumonde.T.gen!Eldorado 
F-Secure 8.0.14332.0 2008.10.01 Trojan.Win32.Inject.hzf* 
Fortinet 3.113.0.0 2008.09.30 - 
*GData 19 2008.10.01 Win32:KdCrypt * 
Ikarus T3.1.1.34.0 2008.10.01 - 
*K7AntiVirus 7.10.478 2008.09.30 Trojan.Win32.Inject.hzf 
Kaspersky 7.0.0.125 2008.10.01 Trojan.Win32.Inject.hzf* 
McAfee 5395 2008.10.01 - 
*Microsoft 1.4005 2008.10.01 TrojanDropper:Win32/Cutwail.AN* 
NOD32 3484 2008.09.30 - 
Norman 5.80.02 2008.09.30 - 
Panda 9.0.0.4 2008.09.30 - 
PCTools 4.4.2.0 2008.09.30 - 
Prevx1 V2 2008.10.01 - 
Rising 20.63.62.00 2008.09.28 - 
*SecureWeb-Gateway 6.7.6 2008.10.01 Trojan.Autorun.BE 
Sophos 4.34.0 2008.10.01 Sus/Behav-282 
Sunbelt 3.1.1675.1 2008.09.27 Trojan.Win32.Inject.hzf* 
Symantec 10 2008.10.01 - 
TheHacker 6.3.0.9.097 2008.09.29 - 
TrendMicro 8.700.0.1004 2008.09.30 - 
*VBA32 3.12.8.6 2008.09.30 Trojan.Win32.Inject.hzf* 
ViRobot 2008.9.30.1398 2008.09.30 - 
VirusBuster 4.5.11.0 2008.09.30 - 

Дополнительная информация 
File size: 28160 bytes 
MD5...: cbf8d2a710c257ed5fa9eef30ef1ad08


Файл kdndg.exe получен 2008.10.01 03:37:29 (CET)
Результат: 14/36 (38.89%)

AhnLab-V3 2008.10.1.0 2008.09.30 - 
AntiVir 7.8.1.34 2008.09.30 - 
Authentium 5.1.0.4 2008.09.30 - 
*Avast 4.8.1195.0 2008.09.30 Win32:KdCrypt 
AVG 8.0.0.161 2008.09.30 Worm/Generic_r.AO* 
BitDefender 7.2 2008.10.01 - 
CAT-QuickHeal 9.50 2008.09.30 - 
ClamAV 0.93.1 2008.10.01 - 
DrWeb 4.44.0.09170 2008.09.30 - 
eSafe 7.0.17.0 2008.09.30 - 
eTrust-Vet 31.6.6119 2008.09.30 - 
Ewido 4.0 2008.09.30 - 
*F-Prot 4.4.4.56 2008.09.30 W32/Virtumonde.T.gen!Eldorado 
F-Secure 8.0.14332.0 2008.10.01 Suspicious:W32/Malware!Gemini* 
Fortinet 3.113.0.0 2008.09.30 - 
*GData 19 2008.10.01 Win32:KdCrypt  
Ikarus T3.1.1.34.0 2008.10.01 Virus.Win32.Gipor 
K7AntiVirus 7.10.478 2008.09.30 Trojan.Win32.Malware.1* 
Kaspersky 7.0.0.125 2008.10.01 - 
*McAfee 5395 2008.10.01 DNSChanger.gen 
Microsoft 1.4005 2008.10.01 Trojan:Win32/Alureon.gen 
NOD32 3484 2008.09.30 a variant of Win32/Adware.Virtumonde.NBS* 
Norman 5.80.02 2008.09.30 - 
Panda 9.0.0.4 2008.09.30 - 
PCTools 4.4.2.0 2008.09.30 - 
Prevx1 V2 2008.10.01 - 
*Rising 20.63.62.00 2008.09.28 Trojan.Win32.DNSChanger.drb 
SecureWeb-Gateway 6.7.6 2008.10.01 Virus.Win32.FileInfector.gen!92 (suspicious) 
Sophos 4.34.0 2008.10.01 Sus/Behav-282* 
Sunbelt 3.1.1675.1 2008.09.27 - 
Symantec 10 2008.10.01 - 
TheHacker 6.3.0.9.097 2008.09.29 - 
TrendMicro 8.700.0.1004 2008.09.30 - 
*VBA32 3.12.8.6 2008.09.30 suspected of Trojan-Downloader.Agent.31* 
ViRobot 2008.9.30.1398 2008.09.30 - 
VirusBuster 4.5.11.0 2008.09.30 - 

Дополнительная информация 
File size: 52736 bytes 
MD5...: fae8e8003afc655097ca954544d7edc9

про kdndg.exe антивирусы написали разное, а так, вполне приличный руткит


Файл wpx4.cpx получен 2008.10.01 04:06:55 (CET)
Результат: 17/36 (47.23%)

AhnLab-V3 2008.10.1.0 2008.09.30 - 
*AntiVir 7.8.1.34 2008.09.30 TR/Drop.Tupai.A.1* 
Authentium 5.1.0.4 2008.09.30 - 
*Avast 4.8.1195.0 2008.09.30 Win32:Trojan-gen {Other} 
AVG 8.0.0.161 2008.09.30 Downloader.FraudLoad.W 
BitDefender 7.2 2008.10.01 Trojan.Dropper.Tupai.A* 
CAT-QuickHeal 9.50 2008.09.30 - 
ClamAV 0.93.1 2008.10.01 - 
DrWeb 4.44.0.09170 2008.09.30 - 
*eSafe 7.0.17.0 2008.09.30 Suspicious File* 
eTrust-Vet 31.6.6119 2008.09.30 - 
Ewido 4.0 2008.09.30 - 
F-Prot 4.4.4.56 2008.09.30 - 
*F-Secure 8.0.14332.0 2008.10.01 Trojan.Win32.Agent.aeqt 
Fortinet 3.113.0.0 2008.09.30 PossibleThreat 
GData 19 2008.10.01 Trojan.Dropper.Tupai.A 
Ikarus T3.1.1.34.0 2008.10.01 Trojan-Dropper.Win32.Prefsap 
K7AntiVirus 7.10.478 2008.09.30 Trojan.Win32.Malware.1 
Kaspersky 7.0.0.125 2008.10.01 Trojan.Win32.Agent.aeqt 
McAfee 5395 2008.10.01 Generic Dropper 
Microsoft 1.4005 2008.10.01 TrojanDropper:Win32/Prefsap.gen* 
NOD32 3484 2008.09.30 - 
*Norman 5.80.02 2008.09.30 W32/Agent.IPSX* 
Panda 9.0.0.4 2008.09.30 - 
PCTools 4.4.2.0 2008.09.30 - 
Prevx1 V2 2008.10.01 Worm 
Rising 20.63.62.00 2008.09.28 - 
*SecureWeb-Gateway 6.7.6 2008.10.01 Trojan.Drop.Tupai.A.1* 
Sophos 4.34.0 2008.10.01 - 
Sunbelt 3.1.1675.1 2008.09.27 - 
Symantec 10 2008.10.01 - 
TheHacker 6.3.0.9.097 2008.09.29 - 
TrendMicro 8.700.0.1004 2008.09.30 - 
*VBA32 3.12.8.6 2008.09.30 Trojan.Win32.Agent.aepq* 
ViRobot 2008.9.30.1398 2008.09.30 - 
VirusBuster 4.5.11.0 2008.09.30 - 

Дополнительная информация 
File size: 37376 bytes 
MD5...: 864297ef119d0a3d9f55d69263daf6b7

Файл _.exe получен 2008.10.01 04:14:22 (CET)
Результат: 10/36 (27.78%)

AhnLab-V3 2008.10.1.0 2008.09.30 - 
*AntiVir 7.8.1.34 2008.09.30 DR/Delphi.Gen* 
Authentium 5.1.0.4 2008.09.30 - 
Avast 4.8.1195.0 2008.09.30 - 
*AVG 8.0.0.161 2008.09.30 Win32/Heur* 
BitDefender 7.2 2008.10.01 - 
CAT-QuickHeal 9.50 2008.09.30 - 
ClamAV 0.93.1 2008.10.01 - 
*DrWeb 4.44.0.09170 2008.09.30 Trojan.MulDrop.17277* 
eSafe 7.0.17.0 2008.09.30 - 
eTrust-Vet 31.6.6119 2008.09.30 - 
Ewido 4.0 2008.09.30 - 
F-Prot 4.4.4.56 2008.09.30 - 
F-Secure 8.0.14332.0 2008.10.01 - 
Fortinet 3.113.0.0 2008.09.30 - 
GData 19 2008.10.01 - 
*Ikarus T3.1.1.34.0 2008.10.01 Downloader.Delphi 
K7AntiVirus 7.10.478 2008.09.30 Trojan.Win32.Malware.1* 
Kaspersky 7.0.0.125 2008.10.01 - 
McAfee 5395 2008.10.01 - 
*Microsoft 1.4005 2008.10.01 VirTool:Win32/DelfInject.gen!AM 
NOD32 3484 2008.09.30 a variant of Win32/Injector.DC* 
Norman 5.80.02 2008.09.30 - 
Panda 9.0.0.4 2008.09.30 - 
PCTools 4.4.2.0 2008.09.30 - 
*Prevx1 V2 2008.10.01 Malicious Software* 
Rising 20.63.62.00 2008.09.28 - 
*SecureWeb-Gateway 6.7.6 2008.10.01 Trojan.Dropper.Delphi.Gen 
Sophos 4.34.0 2008.10.01 Troj/Merein-Gen* 
Sunbelt 3.1.1675.1 2008.09.27 - 
Symantec 10 2008.10.01 - 
TheHacker 6.3.0.9.097 2008.09.29 - 
TrendMicro 8.700.0.1004 2008.09.30 - 
VBA32 3.12.8.6 2008.09.30 - 
ViRobot 2008.9.30.1398 2008.09.30 - 
VirusBuster 4.5.11.0 2008.09.30 - 

Дополнительная информация 
File size: 27136 bytes 
MD5...: f5ec6ef43b18526557f64d3e1ef64b0c

----------


## Shu_b

14 исследований суммировать нет смысла, за прошедший месяц результатов не будет.

----------


## senyak

Файл Install.exe получен 2008.10.02 18:36:31 (CET)
Текущий статус: закончено 
Результат: 25/36 (69.45%)



> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.10.3.0	2008.10.02	-
> *AntiVir	7.8.1.34	2008.10.02	TR/Crypt.XPACK.Gen
> Authentium	5.1.0.4	2008.10.02	W32/Ristix.A
> Avast	4.8.1248.0	2008.10.02	Win32:Trojan-gen {Other}
> AVG	8.0.0.161	2008.10.02	Win32/Heur
> BitDefender	7.2	2008.10.02	Trojan.Generic.743676
> CAT-QuickHeal	9.50	2008.10.01	TrojanPSW.LdPinch.aawg*
> ClamAV	0.93.1	2008.10.02	-
> ...


Дополнительная информация
File size: 55808 bytes
MD5...: 0ce61a9ed2c52a60ef7b349ca459f1eb
SHA1..: 5a27d502dceb493e12272d5978cc7195a929fa6c
SHA256: 45bdd402dd865fb40a541d3a4d82189bc2a28cdc3577f4cecb  2aedb90b3719c4
SHA512: e3476457e0610663e5b87f1c3beca702f13681e004cc8c5cb6  c59319416a639f
298f08d564d776997677fb1cef833ab98390cb49283f063190  36f516dabe5159
PEiD..: -

----------


## anton_dr

File _.exe received on 10.04.2008 22:22:41 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 8/36 (22.23%)



> Antivirus  	Version  	Last Update  	Result
> AhnLab-V3	2008.10.3.2	2008.10.03	-
> *AntiVir	7.8.1.34	2008.10.04	TR/Crypt.XPACK.Gen*
> Authentium	5.1.0.4	2008.10.04	-
> Avast	4.8.1248.0	2008.10.04	-
> *AVG	8.0.0.161	2008.10.04	SHeur.CCJK*
> BitDefender	7.2	2008.10.04	-
> *CAT-QuickHeal	9.50	2008.10.04	(Suspicious) - DNAScan*
> ClamAV	0.93.1	2008.10.04	-
> ...

----------


## rayoflight

Файл setup.exe получен 2008.10.05 00:21:18 (CET)



> AhnLab-V3 2008.10.3.2 2008.10.03 - 
> *AntiVir 7.8.1.34 2008.10.04 DR/Zlob.Gen* 
> Authentium 5.1.0.4 2008.10.04 - 
> Avast 4.8.1248.0 2008.10.04 - 
> AVG 8.0.0.161 2008.10.04 - 
> BitDefender 7.2 2008.10.04 - 
> CAT-QuickHeal 9.50 2008.10.04 - 
> *ClamAV 0.93.1 2008.10.04 Trojan.Dropper-2529*
> DrWeb 4.44.0.09170 2008.10.04 - 
> ...


Дополнительная информация 
File size: 72557 bytes 
MD5...: 363412d819aee9673213a7a925c8e67a 
SHA1..: e77aebd6ea138aceb76fd761de909720c5ddc98c 
SHA256: f4621ee1345dca1a1d5cfd2a744ded65973b48740da8497f1e  e608102d1e9369 
SHA512: 74151ae15f5d03938361a265291695db716d10666861082a5b  0f4c79b0937f66
cde1d89c39329cb1e5a4727f9e2749ce648fe7e43e51278322  2956fb6f1cfe18 
PEiD..: - 
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403225
timedatestamp.....: 0x48a737e7 (Sat Aug 16 20:26:15 200 :Cool: 
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5976 0x5a00 6.47 335c19bb25cd1d02eec2b0a4eacb979c
.rdata 0x7000 0x1190 0x1200 5.18 db16645055619c0cc73276ff5c3adb75
.data 0x9000 0x1af98 0x400 4.69 59710519e577598f785044e4d95261f4
.ndata 0x24000 0xa000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x2e000 0xd00 0xe00 3.83 a1a46b4c7c35c54b3e16f1321d622e01

( 8 imports ) 
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports ) 

packers (Kaspersky): UPX

----------


## senyak

Файл avz00003.dta получен 2008.10.06 20 :20: 37 (CET)
Текущий статус: закончено 
Результат: 6/36 (16.67%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.10.3.2	2008.10.06	-
> *AntiVir	7.8.1.34	2008.10.06	TR/Dropper.Gen*
> Authentium	5.1.0.4	2008.10.06	-
> *Avast	4.8.1248.0	2008.10.05	Win32bot-APR*
> AVG	8.0.0.161	2008.10.06	-
> BitDefender	7.2	2008.10.06	-
> CAT-QuickHeal	9.50	2008.10.06	-
> ClamAV	0.93.1	2008.10.06	-
> ...


Дополнительная информация
File size: 118784 bytes
MD5...: 62a4f04a1d6b90e645734208e49581aa
SHA1..: a587c79df47ba07dbb42ee9072ab54c3fcc565de
SHA256: 6f9f1f73421f7c15a62012d699661a5951788c8b9a9c74bd00  fa2f5b706f4122
SHA512: eb940ee943426abce0e77914abceb6879c7ba76bb485e320ff  e5544099baa440
3c2aefeeb4413480f0eaed408a97d1f5e100280fdb01ab88d4  09fb9c47677d86
PEiD..: -



Файл avz00001.dta получен 2008.10.06 20:29:25 (CET)
Текущий статус: закончено 
Результат: 2/36 (5.56%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.10.3.2	2008.10.06	-
> AntiVir	7.8.1.34	2008.10.06	-
> Authentium	5.1.0.4	2008.10.06	-
> *Avast	4.8.1248.0	2008.10.05	Win32:Trojan-gen {Other}*
> AVG	8.0.0.161	2008.10.06	-
> BitDefender	7.2	2008.10.06	-
> CAT-QuickHeal	9.50	2008.10.06	-
> ClamAV	0.93.1	2008.10.06	-
> ...


Дополнительная информация
File size: 10442752 bytes
MD5...: 3eccb91f73aff9af873e4462d457c8b1
SHA1..: 39a48cdc83c556daa506f161d377ad0610419dae
SHA256: 608964e0b100bc8294c4e86c6d5e1c59dc02ea642339960b7c  13bde3654b6a15
SHA512: c73b903a61b765fbb491dee963e23955ffbe35c3ba370dbc41  43c8c4fda990d1
e8b9bb3bbd6f97cd3cd466673c15e1d4795fca7e8c23c49856  e854e544d2618f
PEiD..: -




Файл avz00004.dta получен 2008.10.06 20:33:10 (CET)
Текущий статус: закончено 
Результат: 11/36 (30.56%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.10.3.2	2008.10.06	-
> AntiVir	7.8.1.34	2008.10.06	-
> Authentium	5.1.0.4	2008.10.06	-
> Avast	4.8.1248.0	2008.10.05	-
> *AVG	8.0.0.161	2008.10.06	Generic11.ARUR*
> BitDefender	7.2	2008.10.06	-
> *CAT-QuickHeal	9.50	2008.10.06	(Suspicious) - DNAScan*
> ClamAV	0.93.1	2008.10.06	-
> ...


Дополнительная информация
File size: 184832 bytes
MD5...: f1538453fe8999f364a179a5cc850989
SHA1..: 63981bfd85f91cca0cd42c7abc9315566c62c530
SHA256: b749b03567f37fa03fa4a0301b72c4e5a0f81d14c0f0099a33  8d3e4d7c6667c2
SHA512: e1b1c798824fce58b151ac4026c52509302eb0cd11cfee0f10  77f59a2505355d
e5f00773b10de4fed5fdae63cc4edfc7801b3405ebe7d7099e  7ffc1ef281935f
PEiD..: -

*Добавлено через 3 часа 16 минут*

Файл MESSAGES.TBB получен 2008.10.06 23:46:15 (CET)
Текущий статус: закончено 
Результат: 10/36 (27.78%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.10.3.2	2008.10.06	-
> AntiVir	7.8.1.34	2008.10.06	-
> Authentium	5.1.0.4	2008.10.06	-
> Avast	4.8.1248.0	2008.10.06	-
> AVG	8.0.0.161	2008.10.06	-
> BitDefender	7.2	2008.10.06	-
> CAT-QuickHeal	9.50	2008.10.06	-
> ClamAV	0.93.1	2008.10.06	-
> ...


Дополнительная информация
File size: 74919 bytes
MD5...: 9b5543b27dfc504c219f9c8d6daa394b
SHA1..: 7429df79d3225a36cc725ae6b5bf1a0ac19893d4
SHA256: 6ddb6eb4db76cbcd14bfbd9a9f014ab6e6663a643433f4d7df  d2b0ed78e6fbd0
SHA512: e1421452f5a3801cb7ddbdded48967474eae9c10d687dec99f  6eaedc6a22cda0
31fd23d7902891ab635bf2ea93a72a81c79f20e766310f9af7  e36635d19e1e1c
PEiD..: -
TrID..: File type identification
The Bat! Message Base (99.8%)
HSC music composer song (0.1%)
Lumena CEL bitmap (0.0%)
Corel Photo Paint (0.0%)
VXD Driver (0.0%)
PEInfo: -

----------


## ZhIV

Файл opr04WJI.htm получен 2008.10.07 07:38:34 (CET)


```
AhnLab-V3	2008.10.3.2	2008.10.06	-
AntiVir	7.8.1.34	2008.10.06	-
Authentium	5.1.0.4	2008.10.07	-
Avast	4.8.1248.0	2008.10.06	-
AVG	8.0.0.161	2008.10.06	Exploit
BitDefender	7.2	2008.10.07	-
CAT-QuickHeal	9.50	2008.10.07	-
ClamAV	0.93.1	2008.10.07	-
DrWeb	4.44.0.09170	2008.10.06	VBS.PackFor
eSafe	7.0.17.0	2008.10.07	-
eTrust-Vet	31.6.6132	2008.10.06	-
Ewido	4.0	2008.10.06	-
F-Prot	4.4.4.56	2008.10.06	-
F-Secure	8.0.14332.0	2008.10.07	-
Fortinet	3.113.0.0	2008.10.07	-
GData	19	2008.10.07	-
Ikarus	T3.1.1.34.0	2008.10.07	-
K7AntiVirus	7.10.486	2008.10.06	-
Kaspersky	7.0.0.125	2008.10.06	-
McAfee	5398	2008.10.04	-
Microsoft	1.4005	2008.10.07	-
NOD32	3498	2008.10.07	-
Norman	5.80.02	2008.10.06	-
Panda	9.0.0.4	2008.10.07	-
PCTools	4.4.2.0	2008.10.06	-
Prevx1	V2	2008.10.07	-
Rising	20.65.02.00	2008.10.06	-
SecureWeb-Gateway	6.7.6	2008.10.06	-
Sophos	4.34.0	2008.10.07	Mal/ObfJS-AJ
Sunbelt	3.1.1707.1	2008.10.07	-
Symantec	10	2008.10.07	-
TheHacker	6.3.1.0.102	2008.10.07	-
TrendMicro	8.700.0.1004	2008.10.07	-
VBA32	3.12.8.6	2008.10.07	-
ViRobot	2008.10.7.1409	2008.10.07	-
VirusBuster	4.5.11.0	2008.10.06	-
```

Дополнительная информация
File size: 40729 bytes
MD5...: 7842dd0880feb829572c2ef34fa63398
SHA1..: 7f66da7a637d952d2e8fa8a0c6355b4c1f419258
SHA256: 12041e906e9e2b8f97a5479e046e79341823b5491284025b8a  c4788c8accc812
SHA512: fbf67548b63cde7a4a97bdfc0c1e4a45085877c8ef0af9d682  0bf73e5b5198af<BR>c39224255a289c83cf880d69a155efea  da1e05e6c6edd085542ff3e5a57652b7
PEiD..: -

----------


## senyak

Файл uzrlib.dll получен 2008.10.07 18:52:03 (CET)
Текущий статус: закончено 
Результат: 13/36 (36.12%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.10.3.2	2008.10.07	-
> *AntiVir	7.8.1.34	2008.10.07	TR/BHO.Agent.mwe*
> Authentium	5.1.0.4	2008.10.07	-
> *Avast	4.8.1248.0	2008.10.07	Win32:Hexzone-C
> AVG	8.0.0.161	2008.10.07	Adload_r.CG*
> BitDefender	7.2	2008.10.07	-
> CAT-QuickHeal	9.50	2008.10.07	-
> ClamAV	0.93.1	2008.10.07	-
> ...


Дополнительная информация
File size: 359424 bytes
MD5...: e2f9d130e95e9a7ce358a4dd5a711ef6
SHA1..: e70a0e2c0a3573cd8e1238bdab1a0dd816ab0463
SHA256: 7050863d1dff1594135adb201b0d4e47827ba2fd7879915e89  be5f8f8ebc2336
SHA512: 32c808ac60a0e6159a7659c72b7ef5b1018261bdbc06d482ac  e3ffd7220e6ea7
8e19101d143ef0686c8ee7d78339ceb40943ef2bac00959fb8  d4cc75a4178df7
PEiD..: -

----------


## zorro84

```
AhnLab-V3 	2008.10.3.2 	2008.10.07 	-
AntiVir 	7.8.1.34 	2008.10.07 	TR/Crypt.CFI.Gen
Authentium 	5.1.0.4 	2008.10.07 	-
Avast 	4.8.1248.0 	2008.10.07 	Win32:Trojan-gen {Other}
AVG 	8.0.0.161 	2008.10.07 	Worm/Autoit.DBD
BitDefender 	7.2 	2008.10.07 	Win32.Worm.Sohanad.NCC
CAT-QuickHeal 	9.50 	2008.10.07 	Trojan.Autoit.dt
ClamAV 	0.93.1 	2008.10.07 	-
DrWeb 	4.44.0.09170 	2008.10.07 	-
eSafe 	7.0.17.0 	2008.10.07 	Win32.Autoit.dt
eTrust-Vet 	31.6.6133 	2008.10.07 	Win32/SillyAutorun.QU
Ewido 	4.0 	2008.10.07 	-
F-Prot 	4.4.4.56 	2008.10.06 	-
F-Secure 	8.0.14332.0 	2008.10.07 	Trojan.Win32.Autoit.dt
Fortinet 	3.113.0.0 	2008.10.07 	W32/Autoit.DT!tr
GData 	19 	2008.10.07 	Win32.Worm.Sohanad.NCC
Ikarus 	T3.1.1.34.0 	2008.10.07 	Trojan.Win32.Autoit.dt
K7AntiVirus 	7.10.487 	2008.10.07 	Worm.Win32.AutoIt.cg
Kaspersky 	7.0.0.125 	2008.10.07 	Trojan.Win32.Autoit.dt
McAfee 	5399 	2008.10.07 	W32/YahLover.worm
Microsoft 	1.4005 	2008.10.07 	Trojan:Win32/Meredrop
NOD32 	3501 	2008.10.07 	Win32/Packed.Autoit.Gen
Norman 	5.80.02 	2008.10.06 	AutoRun.FYV
Panda 	9.0.0.4 	2008.10.07 	W32/Sohanat.AS.worm
PCTools 	4.4.2.0 	2008.10.07 	-
Prevx1 	V2 	2008.10.07 	Cloaked Malware
Rising 	20.65.12.00 	2008.10.07 	-
SecureWeb-Gateway 	6.7.6 	2008.10.07 	Trojan.Crypt.CFI.Gen
Sophos 	4.34.0 	2008.10.07 	Mal/Generic-A
Sunbelt 	3.1.1708.1 	2008.10.07 	-
Symantec 	10 	2008.10.07 	W32.SillyFDC
TheHacker 	6.3.1.0.102 	2008.10.07 	Trojan/Autoit.dt
TrendMicro 	8.700.0.1004 	2008.10.07 	WORM_AUTORUN.AB
VBA32 	3.12.8.6 	2008.10.07 	Worm.Win32.AutoIt.cg
ViRobot 	2008.10.7.1410 	2008.10.07 	-
VirusBuster 	4.5.11.0 	2008.10.07 	-
Дополнительная информация
File size: 453700 bytes
MD5...: ff595c6c3298c332f15c9c321a5ec37b
SHA1..: 9f6efc8b0e00a37c2c7149a6e6de773cb46ee98e
```



```
AhnLab-V3	2008.10.3.2	2008.10.07	Win-Trojan/MalPacked.Gen
AntiVir	7.8.1.34	2008.10.07	TR/Crypt.NSPM.Gen
Authentium	5.1.0.4	2008.10.07	W32/Worm.MUG
Avast	4.8.1248.0	2008.10.07	Win32:Oliga
AVG	8.0.0.161	2008.10.07	Generic9.ARIT
BitDefender	7.2	2008.10.07	Packer.Malware.NSAnti.1
CAT-QuickHeal	9.50	2008.10.07	Win32.Packed.NSAnti.r
ClamAV	0.93.1	2008.10.07	-
DrWeb	4.44.0.09170	2008.10.07	Trojan.PWS.Wsgame.2721
eSafe	7.0.17.0	2008.10.07	Suspicious File
eTrust-Vet	31.6.6133	2008.10.07	-
Ewido	4.0	2008.10.07	Worm.AutoRun.bvo
F-Prot	4.4.4.56	2008.10.06	W32/Worm.MUG
F-Secure	8.0.14332.0	2008.10.07	Worm.Win32.AutoRun.bvo
Fortinet	3.113.0.0	2008.10.07	W32/OnLineGames.fam!tr.pws
GData	19	2008.10.07	Packer.Malware.NSAnti.1
Ikarus	T3.1.1.34.0	2008.10.07	Worm.Win32.AutoRun.bvo
K7AntiVirus	7.10.487	2008.10.07	Worm.Win32.AutoRun.bvo
Kaspersky	7.0.0.125	2008.10.07	Worm.Win32.AutoRun.bvo
McAfee	5399	2008.10.07	PWS-Gamania.gen.a
Microsoft	1.4005	2008.10.07	Worm:Win32/Taterf.gen!D
NOD32	3501	2008.10.07	Win32/Pacex.Gen
Norman	5.80.02	2008.10.06	W32/Smalltroj.CIRQ
Panda	9.0.0.4	2008.10.07	Suspicious file
PCTools	4.4.2.0	2008.10.07	Trojan.Lineage.Gen!Pac.3
Prevx1	V2	2008.10.07	Malicious Software
Rising	20.65.12.00	2008.10.07	Packer.Win32.Mian007.a
SecureWeb-Gateway	6.7.6	2008.10.07	Trojan.Crypt.NSPM.Gen
Sophos	4.34.0	2008.10.07	Mal/EncPk-CE
Sunbelt	3.1.1708.1	2008.10.07	-
Symantec	10	2008.10.07	Infostealer.Gampass
TheHacker	6.3.1.0.102	2008.10.07	W32/AutoRun.bvo
TrendMicro	8.700.0.1004	2008.10.07	Mal_NSAnti-1
VBA32	3.12.8.6	2008.10.07	Malware-Cryptor.Win32.NSAnti
ViRobot	2008.10.7.1410	2008.10.07	Trojan.Win32.Amvo.Gen
VirusBuster	4.5.11.0	2008.10.07	Trojan.Onlinegames.Gen!Pac.73
Дополнительная информация
File size: 146493 bytes
MD5...: c6d471b11fd3a0ca583bc897c816ee7d
SHA1..: 2dc510ab29660757a5d60a257409a9310c1132b8
```



```
AhnLab-V3 	2008.10.3.2 	2008.10.07 	Win32/Autorun.worm.123873
AntiVir 	7.8.1.34 	2008.10.07 	TR/Crypt.NSPM.Gen
Authentium 	5.1.0.4 	2008.10.07 	W32/Pws.AAFV
Avast 	4.8.1248.0 	2008.10.07 	Win32:Oliga
AVG 	8.0.0.161 	2008.10.07 	PSW.OnlineGames.XJJ
BitDefender 	7.2 	2008.10.07 	Packer.Malware.NSAnti.1
CAT-QuickHeal 	9.50 	2008.10.07 	Win32.Packed.NSAnti.r
ClamAV 	0.93.1 	2008.10.07 	Trojan.Agent-10379
DrWeb 	4.44.0.09170 	2008.10.07 	Trojan.PWS.Wsgame.2387
eSafe 	7.0.17.0 	2008.10.07 	Suspicious File
eTrust-Vet 	31.6.6133 	2008.10.07 	Win32/Frethog.ATP
Ewido 	4.0 	2008.10.07 	Trojan.OnLineGames.lfi
F-Prot 	4.4.4.56 	2008.10.06 	W32/Pws.AAFV
F-Secure 	8.0.14332.0 	2008.10.07 	Trojan-GameThief.Win32.OnLineGames.lfi
Fortinet 	3.113.0.0 	2008.10.07 	W32/OnLineGames.fam!tr.pws
GData 	19 	2008.10.07 	Packer.Malware.NSAnti.1
Ikarus 	T3.1.1.34.0 	2008.10.07 	Trojan-GameThief.Win32.OnLineGames.lfi
K7AntiVirus 	7.10.487 	2008.10.07 	Trojan-PSW.Win32.OnLineGames.lfi
Kaspersky 	7.0.0.125 	2008.10.07 	Trojan-GameThief.Win32.OnLineGames.lfi
McAfee 	5399 	2008.10.07 	PWS-Gamania.gen.a
Microsoft 	1.4005 	2008.10.07 	PWS:Win32/Frethog.D
NOD32 	3501 	2008.10.07 	Win32/Pacex.Gen
Norman 	5.80.02 	2008.10.06 	W32/NSAnti.EKS
Panda 	9.0.0.4 	2008.10.07 	W32/Lineage.GQY.worm
PCTools 	4.4.2.0 	2008.10.07 	Trojan.PWS.OnLineGames.COB
Prevx1 	V2 	2008.10.07 	Cloaked Malware
Rising 	20.65.12.00 	2008.10.07 	Packer.Win32.Mian007.a
SecureWeb-Gateway 	6.7.6 	2008.10.07 	Trojan.Crypt.NSPM.Gen
Sophos 	4.34.0 	2008.10.07 	Troj/OnLineG-AJ
Sunbelt 	3.1.1708.1 	2008.10.07 	Trojan-PSW.Win32.OnLineGames.lfi
Symantec 	10 	2008.10.07 	W32.Gammima.AG
TheHacker 	6.3.1.0.102 	2008.10.07 	Trojan/PSW.OnLineGames.lfi
TrendMicro 	8.700.0.1004 	2008.10.07 	Mal_NSAnti-1
VBA32 	3.12.8.6 	2008.10.07 	Malware-Cryptor.Win32.NSAnti
ViRobot 	2008.10.7.1410 	2008.10.07 	Trojan.Win32.Amvo.Gen
VirusBuster 	4.5.11.0 	2008.10.07 	Trojan.PWS.OnLineGames.COB
Дополнительная информация
File size: 123873 bytes
MD5...: 0083adff7ea4534e61ab4629778ff917
SHA1..: 215d5eef0353b9f8fff9d0f0ceb71ba5059a193b
```

----------


## senyak

Файл help.exe получен 2008.10.09 21:46:20 (CET)
Текущий статус: закончено 
Результат: 15/36 (41.67%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.10.10.0	2008.10.09	-
> *AntiVir	7.8.1.34	2008.10.09	TR/Crypt.CFI.Gen
> Authentium	5.1.0.4	2008.10.09	W32/Vaklik.ge*n
> Avast	4.8.1248.0	2008.10.09	-
> *AVG	8.0.0.161	2008.10.09	Win32/Heur*
> BitDefender	7.2	2008.10.09	-
> *CAT-QuickHeal	9.50	2008.10.08	(Suspicious) - DNAScan*
> ClamAV	0.93.1	2008.10.09	-
> ...


Дополнительная информация
File size: 109056 bytes
MD5...: bd6a45a2f84ab7790c15ffb8dfbdfea7
SHA1..: dff64ccbe2a37d64567452f5f907453359580e73
SHA256: 695d80f57e2f1077406e3ee7c149db3cb3da78d4372878ebc8  a14f851c6239f4
SHA512: 22d3db48eb8a5be866140947b9a93ce2652b9051f80a1ed1d6  5c2de04dc8e43d
f389fd793324d53e10d0c64a88113f4c18564e168e4c3ad7ac  7923b9a44727b3
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

----------


## senyak

Файл autorun.rar получен 2008.10.12 17:38:27 (CET)
Текущий статус:    закончено 
Результат: 16/36 (44.45%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.10.10.1	2008.10.10	-
> *AntiVir	7.8.1.34	2008.10.11	TR/Spy.188
> Authentium	5.1.0.4	2008.10.11	IS/Autorun
> Avast	4.8.1248.0	2008.10.11	VBS:Malware-gen*
> AVG	8.0.0.161	2008.10.12	-
> BitDefender	7.2	2008.10.12	-
> CAT-QuickHeal	9.50	2008.10.11	-
> ClamAV	0.93.1	2008.10.12	-
> ...


Дополнительная информация
File size: 174 bytes
MD5...: bbea1b3c03c81e22cd32f2295661b111
SHA1..: 022337eab889151469fa4cae0cb2363503479b67
SHA256: 370293e38ebf01ca32e523296320b923f57c51fd5d20347a1e  4278a86b59b4fe
SHA512: 9186dbf590db0bcdadc74de3804dbdcce93435f42641d2e9c8  f8abb40d777e73
39ad83bc364963443fb9ed529c2068d425f89ce7de8094799e  8cad92082cdf3c
PEiD..: -

----------


## ISO

Файл boot.exe получен 2008.10.13 06:27:34 (CET)

Результат: 21/36 (58.34%)




> Антивирус 	Версия 	Обновление 	Результат
> AhnLab-V3	2008.10.10.1	2008.10.10	-
> *AntiVir	7.8.1.34	2008.10.12	Worm/Autorun.okh*
> Authentium	5.1.0.4	2008.10.12	-
> *Avast	4.8.1248.0	2008.10.12	Win32:Trojan-gen {Other}
> AVG	8.0.0.161	2008.10.12	Worm/Generic.KLL
> BitDefender	7.2	2008.10.13	BehavesLike:Trojan.StartPage
> CAT-QuickHeal	9.50	2008.10.13	Worm.AutoRun.okh*
> ClamAV	0.93.1	2008.10.13	-
> ...


Дополнительная информация
File size: 117761 bytes
MD5...: 75d3872c7e449855fc4dbe407bdceffc
SHA1..: b5be09cdd1b7e8db62f874400fcf02f86500f52f
SHA256: 2d1b60486680d049a77458d9d036a26f4625a2d9a544ccacfb  0f86f79c2e629d
SHA512: b798e91cceb3948f3c3cd35cceb1ca4ba7c1cfd030fbec28dd  2a541108ec4425
1765087b88779b40193ce0f61520628724ea64688b4bb6565d  0fba5b2926c2c6
PEiD..: -
TrID..: File type identification
Win32 Executable Borland Delphi 7 (96.7%)
Win32 Executable Generic (1.2%)
Win32 Dynamic Link Library (generic) (1.0%)
Win16/32 Executable Delphi generic (0.2%)
Generic Win/DOS Executable (0.2%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4188b4
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x17a60 0x17c00 6.49 f2e496fc2a7dc7cfe4cfcc53737813e9
DATA 0x19000 0x650 0x800 3.58 204bdd3daa82e55fa976a9c708641ee5
BSS 0x1a000 0x8c1 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x1b000 0xd44 0xe00 4.68 7aa70f45f35a138db5514811a26e7122
.tls 0x1c000 0xc 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x1d000 0x18 0x200 0.20 f93f0f5e58a36c4601c1e6f1a813a836
.reloc 0x1e000 0x1d94 0x1e00 6.65 94bd2f5df3ec3bd3c5d5b64522152d5d
.rsrc 0x20000 0x1600 0x1600 3.46 5fa31beca58c61517faf7e9e8c842456

----------


## Hanson

*C:\Documents and Settings\Tatyana\рабочий стол\ieupdr2.exe*

Файл avz00002.dta получен 2008.10.15 12:55:07 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 13/36 (36.12%)


```
Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2008.10.15.2	2008.10.15	-
AntiVir	     7.8.1.34	2008.10.15	-
Authentium	5.1.0.4	2008.10.15	-
Avast 	4.8.1248.0	2008.10.15	-
AVG	        8.0.0.161	2008.10.15	-
BitDefender	7.2	2008.10.15	-
CAT-QuickHeal	9.50	2008.10.14	(Suspicious) - DNAScan
ClamAV	0.93.1	2008.10.15	Trojan.OnlineGames-1517
DrWeb	4.44.0.09170	2008.10.15	-
eSafe	7.0.17.0	2008.10.15	Suspicious File
eTrust-Vet	31.6.6147	2008.10.14	-
Ewido	4.0	2008.10.14	-
F-Prot	4.4.4.56	2008.10.14	-
F-Secure	8.0.14332.0	2008.10.15	W32/Packed/FSG_2.A
Fortinet	3.113.0.0	2008.10.15	-
GData	19	2008.10.15	-
Ikarus	T3.1.1.34.0	2008.10.15	-
K7AntiVirus	7.10.493	2008.10.14	-
Kaspersky	7.0.0.125	2008.10.15	-
McAfee	5405	2008.10.14	-
Microsoft	1.4005	2008.10.15	-
NOD32	3522	2008.10.14	-
Norman	5.80.02	2008.10.14	W32/Packed_FSG.D
Panda	9.0.0.4	2008.10.14	Suspicious file
PCTools	4.4.2.0	2008.10.14	Packed/FSG
Prevx1	V2	2008.10.15	Malicious Software
Rising	20.66.22.00	2008.10.15	-
SecureWeb-Gateway	6.7.6	2008.10.15	Win32.Malware.gen#FSG (suspicious)
Sophos	4.34.0	2008.10.15	Sus/UnkPacker
Sunbelt	3.1.1725.1	2008.10.15	Trojan.Win32.Packed.gen (v)
Symantec	10	2008.10.15	-
TheHacker	6.3.1.0.112	2008.10.15	-
TrendMicro	8.700.0.1004	2008.10.15	Cryp_Bits
VBA32	3.12.8.6	2008.10.14	-
ViRobot	2008.10.15.1421	2008.10.15	-
VirusBuster	4.5.11.0	2008.10.14	Packed/FSG
```




> Дополнительная информация
> File size: 773 bytes
> MD5...: c2b15a4f78906fee29b46670ebe2a909
> SHA1..: a638458fd35147f1361d9f7d6b564af0bc3882fe
> SHA256: 72eb91ccc610da4d98c2e9f8c26e6d911e90119ddd61cbf59e  3d0c935f782e60
> SHA512: bee0679f40d52fcbb429937cd081947ed2a2bd416583b200a2  cea76816f9413a
> 2c9e2a09ba16d44d8a2af4429643270b51a4920d13fe8d3bb3  925749ef8212b9
> PEiD..: FSG v2.0 -> bart/xt
> TrID..: File type identification
> ...

----------


## Granin

Файл gwynqw.exe получен 2008.10.20 02:05:36 (CET)
Результат: 29/36 (80.56%)




> *AhnLab-V3	2008.10.18.0	2008.10.19	Win-Trojan/Agent.12800.FC
> AntiVir	7.9.0.5	2008.10.19	TR/Downloader.Gen*
> Authentium	5.1.0.4	2008.10.19	-
> *Avast	4.8.1248.0	2008.10.15	Win32:Trojan-gen {Other}
> AVG	8.0.0.161	2008.10.19	Generic11.AMHJ
> BitDefender	7.2	2008.10.20	Trojan.Agent.AKJC
> CAT-QuickHeal	9.50	2008.10.18	TrojanSpy.Keatep.a*
> ClamAV	0.93.1	2008.10.20	-
> *DrWeb	4.44.0.09170	2008.10.19	Trojan.PWS.Sector
> ...


Дополнительная информация 
File size: 12800 bytes 
MD5...: bd47bac8253e96e28b29f17ac48d4cc4

Файл windofp.exe получен 2008.10.20 02:00:08 (CET)
Результат: 26/36 (72.22%)




> *AhnLab-V3 2008.10.18.0 2008.10.19 Win-Trojan/Agent.24576.XI 
> AntiVir 7.9.0.5 2008.10.19 TR/Spy.Gen 
> Authentium 5.1.0.4 2008.10.19 W32/Heuristic-170!Eldorado 
> Avast 4.8.1248.0 2008.10.15 Win32:Agent-QNK 
> AVG 8.0.0.161 2008.10.19 Generic11.AVYA 
> BitDefender 7.2 2008.10.20 Trojan.Agent.AKNN 
> CAT-QuickHeal 9.50 2008.10.18 TrojanMailfinder.Agent.ux* 
> ClamAV 0.93.1 2008.10.19 - 
> *DrWeb 4.44.0.09170 2008.10.19 Trojan.Spambot.3654 
> ...


Дополнительная информация 
File size: 8192 bytes 
MD5...: c156b17eeccb7707860eeae887062486


Файл iexplorer.exe получен 2008.10.20 03:11:34 (CET)
Результат: 21/35 (60.00%)




> *AhnLab-V3 2008.10.18.0 2008.10.19 Win-Trojan/Buzus.28672.BZ 
> AntiVir 7.9.0.5 2008.10.19 DR/Delphi.Gen 
> Authentium 5.1.0.4 2008.10.19 W32/Trojan2.EJIB 
> Avast 4.8.1248.0 2008.10.15 Win32:Buzus-MQ 
> BitDefender 7.2 2008.10.20 Trojan.Crypt.Delf.T* 
> CAT-QuickHeal 9.50 2008.10.18 - 
> ClamAV 0.93.1 2008.10.20 - 
> *DrWeb 4.44.0.09170 2008.10.19 Trojan.MulDrop.18267* 
> eSafe 7.0.17.0 2008.10.19 - 
> ...


Дополнительная информация 
File size: 28672 bytes 
MD5...: c3d99ee591dd286a9e7b88a00aaa5b19


Файл winl2WteiHhw8.exe получен 2008.10.20 03:30:05 (CET)
Результат: 23/36 (63.89%)




> *AhnLab-V3 2008.10.18.0 2008.10.19 Win-Trojan/Buzus.26624.Q 
> AntiVir 7.9.0.5 2008.10.19 DR/Delphi.Gen 
> Authentium 5.1.0.4 2008.10.19 W32/Trojan2.EJII 
> Avast 4.8.1248.0 2008.10.15 Win32:Buzus-MQ 
> AVG 8.0.0.161 2008.10.19 Injector.AW 
> BitDefender 7.2 2008.10.20 Trojan.Spy.Zbot.ID* 
> CAT-QuickHeal 9.50 2008.10.18 - 
> ClamAV 0.93.1 2008.10.20 - 
> *DrWeb 4.44.0.09170 2008.10.19 Trojan.MulDrop.18267* 
> ...


Дополнительная информация 
File size: 26624 bytes 
MD5...: 7f26b50754e60fc7b63c59e083a138b0


Файл A0105239.EXE получен 2008.10.20 03:50:17 (CET)
Результат: 22/35 (62.86%)




> *AntiVir 7.9.0.5 2008.10.19 TR/PSW.ICQSniff.A* 
> Authentium 5.1.0.4 2008.10.19 - 
> *Avast 4.8.1248.0 2008.10.15 Win32:Trojan-gen {Other} 
> AVG 8.0.0.161 2008.10.19 Downloader.Generic_r.W 
> BitDefender 7.2 2008.10.20 Trojan.PWS.YHO 
> CAT-QuickHeal 9.50 2008.10.18 TrojanDropper.Agent.gen* 
> ClamAV 0.93.1 2008.10.20 - 
> *DrWeb 4.44.0.09170 2008.10.19 Trojan.PWS.ICQSniff.25 
> eSafe 7.0.17.0 2008.10.19 Suspicious File* 
> ...


Дополнительная информация 
File size: 73216 bytes 
MD5...: 1731148bbb5798a3c4c6f0daca6a1fe4

----------

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

----------


## Hanson

Файл UfaNetVPN.exe получен 2008.10.21 10:04:08 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 11/36 (30.56%)



> Антивирус  	Версия  	Обновление  	Результат
> AhnLab-V3	2008.10.18.0	2008.10.21	-
> *AntiVir	7.9.0.5	2008.10.21	TR/Crypt.CFI.Gen*
> Authentium	5.1.0.4	2008.10.21	-
> *Avast	4.8.1248.0	2008.10.15	Win32:Trojan-gen {Other}
> AVG	8.0.0.161	2008.10.20	Generic11.VNP
> BitDefender	7.2	2008.10.21	BehavesLike:Trojan.UserStartup*
> CAT-QuickHeal	9.50	2008.10.21	-
> ClamAV	0.93.1	2008.10.21	-
> ...


был найден *C:\Documents and Settings\menshenin\Local Settings\Application Data\Microsoft\svchost.exe* 
вставлена флешка (на ней АВЗ находиться), успешно скарантинен и удален при помощи АВЗ
но после этого был обнаружен в корне флэшки *UfaNetVPN.exe*и авторан.инф, авторан был уничтожен антивирусом а уфанет остался незамечен им и был удален уже мной
результаты сканирования на ВТ одинаковые, и приведены выше

*Добавлено через 2 минуты*

Файл *C:\Documents and Settings\menshenin\Local Settings\Application Data\Microsoft\kbrdwin5.dll*
 получен 2008.10.21 10:09:04 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 13/36 (36.12%)



> Антивирус  	Версия  	Обновление  	Результат
> *AhnLab-V3	2008.10.18.0	2008.10.21	Win-Trojan/Agent.5120.FY*
> AntiVir	7.9.0.5	2008.10.21	-
> Authentium	5.1.0.4	2008.10.21	-
> *Avast	4.8.1248.0	2008.10.15	Win32:Trojan-gen {Other}
> AVG	8.0.0.161	2008.10.20	Agent.ABVF
> BitDefender	7.2	2008.10.21	Trojan.Generic.800153*
> CAT-QuickHeal	9.50	2008.10.21	-
> ClamAV	0.93.1	2008.10.21	-
> ...

----------


## senyak

Файл clips01505.zip получен 2008.10.22 18:15:29 (CET)
Текущий статус:    закончено 
Результат: 12/36 (33.34%)




> Антивирус	Версия	Обновление	Результат
> AhnLab-V3	2008.10.22.0	2008.10.22	-
> *AntiVir	7.9.0.5	2008.10.22	DR/Delphi.Gen*
> Authentium	5.1.0.4	2008.10.22	-
> *Avast	4.8.1248.0	2008.10.22	Win32:Trojan-gen {Other}
> AVG	8.0.0.161	2008.10.22	Win32/Heur*
> BitDefender	7.2	2008.10.22	-
> CAT-QuickHeal	9.50	2008.10.22	-
> ClamAV	0.93.1	2008.10.22	-
> ...


Дополнительная информация
File size: 195759 bytes
MD5...: 36a37a72e308cf406ed2a8c403226812
SHA1..: 2fff40541e55c1a174e964a3f67a72a385a977e7
SHA256: 5faf699d3fb7829b6a92487e58935cd20a089da4051ee2bda5  541a48fdb15366
SHA512: 3bf5cc58afe58a1772edb03efb2498842c3dc91a3abf15695e  9f348fc226c4bc
f51774a6314d32e2be1463a6a5c6f3186dd1fc4e1cbf3b0917  83f4c50ef58170
PEiD..: -

----------


## Hanson

Файл rs32net.exe получен 2008.10.27 10:02:37 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 9/36 (25%)



> Антивирус  	Версия  	Обновление  	Результат
> AhnLab-V3	2008.10.27.2	2008.10.27	-
> *AntiVir	7.9.0.9	2008.10.27	TR/Kobcka.GN.1*
> Authentium	5.1.0.4	2008.10.27	-
> Avast	4.8.1248.0	2008.10.27	-
> *AVG	8.0.0.161	2008.10.27	Agent.AHPA
> BitDefender	7.2	2008.10.27	Trojan.Kobcka.GN*
> CAT-QuickHeal	9.50	2008.10.27	-
> ClamAV	0.93.1	2008.10.27	-
> ...

----------


## santy

Файл planet.vexe получен 2008.10.30 04:45:49 (CET)
Результат: 10/36 (27.78%)




> Антивирус 	Версия 	Обновление 	Результат
> AhnLab-V3	2008.10.30.1	2008.10.30	-
> *AntiVir	7.9.0.10	2008.10.29	HEUR/Malware*
> *Authentium	5.1.0.4	2008.10.30	W32/VB-Wird-based!Maximus*
> *Avast	4.8.1248.0	2008.10.29	Win32:Trojan-gen {Other}*
> *AVG	8.0.0.161	2008.10.29	Clicker.QUD*
> *BitDefender	7.2	2008.10.30	Trojan.Generic.721885*
> CAT-QuickHeal	9.50	2008.10.29	-
> ClamAV	0.93.1	2008.10.30	-
> ...


Дополнительная информация
File size: 49056 bytes
MD5...: 94332a41a84c7ea8009f76eef75f4331
SHA1..: 9f711f1862d9b5292d92fbc71a032dc5b6aeeab8
SHA256: 249cc47b09ef008e8166c70c114ae3f90a3422730ace452442  ce111408e396cb
SHA512: 5263352cc8b24fcadc5046241d2dd346ebcd58b44343ba70b6  6ae06d97f1fac4
ac2989c599af24b3635681764daab2a86eb19f5e748ec79e19  4a421ad49f5a20

http://www.virustotal.com/ru/analisi...c187154a123d2b

----------


## Hanson

Файл *services.exe* получен 2008.10.31 09:46:02 (CET)




> Текущий статус: проверка  закончено
> Результат: 11/36 (30.56%)
> Антивирус  	Версия  	Обновление  	Результат
> AhnLab-V3	2008.10.30.1	2008.10.31	-
> *AntiVir	7.9.0.10	2008.10.30	TR/Crypt.XPACK.Gen*
> Authentium	5.1.0.4	2008.10.31	-
> *Avast	4.8.1248.0	2008.10.30	Win32:Trojan-gen {Other}
> AVG	8.0.0.161	2008.10.30	Generic_r.E*
> BitDefender	7.2	2008.10.31	-
> ...

----------


## Shu_b

Подобьём итоги.
В сентябре 14, в октябре 27... итого 41 проверка.  :Sad:  678 проверок за 13 месяцев.

На этом я завершаю подсчёт в данном тестировании. Открываем новую тему.
Если кто желает быть счетоводом в новой теме - Welcome! (мне не хватает времени на это).

Ну и собственно картинки:

----------

