PDA

Просмотр полной версии : Исследование антивирусов 6



Страницы : [1] 2 3

ALEX(XX)
05.10.2007, 08:39
Сообщение от Geser http://virusinfo.info/images/buttonsru/viewpost.gif (http://virusinfo.info/showthread.php?p=75585#post75585)
В общем думал я думал как сделать более-менее объективную оценку антивирусов, и кое что придумал. Вот в эту тему прошу всех постить результаты проверки зверей которые были пойманы исключительно ручками. Т.е. которых не видел установленный на компютере антивирус. Так выборка будет по настоящему случайной.

Постить в эту тему результаты проверки файлов исключительно пойманных руками на компьютерах.

Не постить результаты проверки файлов найденных на других сайтах или в коллекциях.
Не постить результаты проверки файлов изначально найденных антивирусом.


Продолжим в новой теме.
Предыдущий топик здесь (http://virusinfo.info/showthread.php?t=7403). Результаты его в прикрепленном файле. Спасибо Shu_b за проделанную работу!

Shu_b
05.10.2007, 13:03
t 12945

Файл C:\WINDOWS\system32\svchost.exe:exe.exe
получен 2007.10.05 11:51:37 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.5.2 2007.10.05 -
AntiVir 7.6.0.20 2007.10.05 BDS/Hacdef.DM.29.B
Authentium 4.93.8 2007.10.04 -
Avast 4.7.1051.0 2007.10.04 -
AVG 7.5.0.488 2007.10.04 SHeur.RDQ
BitDefender 7.2 2007.10.05 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 9.00 2007.10.05 -
ClamAV 0.91.2 2007.10.05 -
DrWeb 4.44.0.09170 2007.10.05 BackDoor.Bolg.origin
eSafe 7.0.15.0 2007.10.04 suspicious Trojan/Worm
eTrust-Vet 31.2.5188 2007.10.05 -
Ewido 4.0 2007.10.04 -
FileAdvisor 1 2007.10.05 -
Fortinet 3.11.0.0 2007.10.05 -
F-Prot 4.3.2.48 2007.10.04 -
F-Secure 6.70.13030.0 2007.10.05 -
Ikarus T3.1.1.12 2007.10.05 Trojan.Win32.Agent.alt
Kaspersky 7.0.0.125 2007.10.05 Heur.Trojan.Generic
McAfee 5134 2007.10.04 -
Microsoft 1.2803 2007.10.04 -
NOD32v2 2573 2007.10.05 -
Norman 5.80.02 2007.10.04 -
Panda 9.0.0.4 2007.10.05 -
Prevx1 V2 2007.10.05 Malware.Gen
Rising 19.43.40.00 2007.10.05 -
Sophos 4.22.0 2007.10.05 -
Sunbelt 2.2.907.0 2007.10.04 -
Symantec 10 2007.10.05 -
TheHacker 6.2.6.076 2007.10.03 -
VBA32 3.12.2.4 2007.10.03 -
VirusBuster 4.3.26:9 2007.10.04 -
Webwasher-Gateway 6.0.1 2007.10.05 Trojan.Hacdef.DM.29.B
Дополнительная информация
File size: 49664 bytes
MD5: 5e2729025d1e66b03917523ca61ab57b
SHA1: bb56fed36d82b830aef0d7d22b968fb8ecc76d31
packers: UPX

santy
05.10.2007, 14:17
айл exe-load.exe получен 2007.10.05 13:02:20 (CET)
Результат: 7/32 (21.88%)
Загрузка информации...

Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.5.2 2007.10.05 -
AntiVir 7.6.0.20 2007.10.05 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.10.04 -
Avast 4.7.1051.0 2007.10.05 -
AVG 7.5.0.488 2007.10.04 Downloader.Obfuskated
BitDefender 7.2 2007.10.05 -
CAT-QuickHeal 9.00 2007.10.05 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.10.05 -
DrWeb 4.44.0.09170 2007.10.05 Trojan.Packed.147
eSafe 7.0.15.0 2007.10.04 Suspicious Trojan/Worm
eTrust-Vet 31.2.5188 2007.10.05 -
Ewido 4.0 2007.10.05 -
FileAdvisor 1 2007.10.05 -
Fortinet 3.11.0.0 2007.10.05 -
F-Prot 4.3.2.48 2007.10.04 -
F-Secure 6.70.13030.0 2007.10.05 -
Ikarus T3.1.1.12 2007.10.05 -
Kaspersky 7.0.0.125 2007.10.05 -
McAfee 5134 2007.10.04 -
Microsoft 1.2803 2007.10.04 -
NOD32v2 2573 2007.10.05 probably unknown NewHeur_PE virus
Norman 5.80.02 2007.10.05 -
Panda 9.0.0.4 2007.10.05 -
Prevx1 V2 2007.10.05 -
Rising 19.43.40.00 2007.10.05 -
Sophos 4.22.0 2007.10.05 -
Sunbelt 2.2.907.0 2007.10.04 -
Symantec 10 2007.10.05 -
TheHacker 6.2.6.076 2007.10.03 -
VBA32 3.12.2.4 2007.10.05 -
VirusBuster 4.3.26:9 2007.10.04 -
Webwasher-Gateway 6.0.1 2007.10.05 Trojan.Crypt.XPACK.Gen
Дополнительная информация
File size: 10240 bytes
MD5: f74074d45285c760690e80f5d6bce79d
SHA1: 4d1e26dc29bad232ce5ab107358bba231e3c2c74

Shu_b
05.10.2007, 14:35
t 12954


Файл file[1].exe получен 2007.10.05 13:24:07 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.5.2 2007.10.05 -
AntiVir 7.6.0.20 2007.10.05 -
Authentium 4.93.8 2007.10.04 -
Avast 4.7.1051.0 2007.10.05 -
AVG 7.5.0.488 2007.10.04 -
BitDefender 7.2 2007.10.05 -
CAT-QuickHeal 9.00 2007.10.05 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.10.05 PUA.Packed.UPack-2
DrWeb 4.44.0.09170 2007.10.05 -
eSafe 7.0.15.0 2007.10.04 Suspicious Trojan/Worm
eTrust-Vet 31.2.5188 2007.10.05 -
Ewido 4.0 2007.10.05 -
FileAdvisor 1 2007.10.05 -
Fortinet 3.11.0.0 2007.10.05 -
F-Prot 4.3.2.48 2007.10.05 -
F-Secure 6.70.13030.0 2007.10.05 -
Ikarus T3.1.1.12 2007.10.05 -
Kaspersky 7.0.0.125 2007.10.05 -
McAfee 5134 2007.10.04 -
Microsoft 1.2803 2007.10.04 -
NOD32v2 2573 2007.10.05 -
Norman 5.80.02 2007.10.05 W32/Suspicious_U.gen
Panda 9.0.0.4 2007.10.05 Suspicious file
Prevx1 V2 2007.10.05 -
Rising 19.43.40.00 2007.10.05 -
Sophos 4.22.0 2007.10.05 Mal/Packer
Sunbelt 2.2.907.0 2007.10.04 VIPRE.Suspicious
Symantec 10 2007.10.05 -
TheHacker 6.2.6.076 2007.10.03 W32/Behav-Heuristic-060
VBA32 3.12.2.4 2007.10.05 -
VirusBuster 4.3.26:9 2007.10.04 Packed/Upack
Webwasher-Gateway 6.0.1 2007.10.05 Win32.Malware.gen (suspicious)
Дополнительная информация
File size: 2437 bytes
MD5: 6e8d68709db9f0014053e8e3e312f808
SHA1: 2f4c51f8aaed7281bcf6dc839450b1b18b16bde4
packers: PE_Patch, UPack

[ не зачет: file[1].exe_ - Этот файл повреждён.

Макcим
06.10.2007, 21:20
AhnLab-V3 2007.10.6.0 2007.10.05 -
AntiVir 7.6.0.20 2007.10.05 -
Authentium 4.93.8 2007.10.05 -
Avast 4.7.1051.0 2007.10.06 -
AVG 7.5.0.488 2007.10.06 -
BitDefender 7.2 2007.10.06 -
CAT-QuickHeal 9.00 2007.10.06 -
ClamAV 0.91.2 2007.10.06 -
DrWeb 4.44.0.09170 2007.10.06 -
eSafe 7.0.15.0 2007.10.04 -
eTrust-Vet 31.2.5190 2007.10.06 -
Ewido 4.0 2007.10.06 -
FileAdvisor 1 2007.10.06 -
Fortinet 3.11.0.0 2007.10.06 -
F-Prot 4.3.2.48 2007.10.05 -
F-Secure 6.70.13030.0 2007.10.06 -
Ikarus T3.1.1.12 2007.10.06 -
Kaspersky 7.0.0.125 2007.10.06 -
McAfee 5135 2007.10.05 -
Microsoft 1.2908 2007.10.06 TrojanDropper:Win32/Malf.gen
NOD32v2 2575 2007.10.06 -
Norman 5.80.02 2007.10.05 -
Panda 9.0.0.4 2007.10.06 -
Prevx1 V2 2007.10.06 -
Rising 19.43.50.00 2007.10.06 -
Sophos 4.22.0 2007.10.06 -
Sunbelt 2.2.907.0 2007.10.06 Trojan-Dropper.Win32.Malf.gen
Symantec 10 2007.10.06 -
TheHacker 6.2.6.078 2007.10.06 -
VBA32 3.12.2.4 2007.10.05 -
VirusBuster 4.3.26:9 2007.10.06 -
Webwasher-Gateway 6.0.1 2007.10.05 -

Дополнительная информация
File size: 551424 bytes
MD5: 7743aa7c2f4f52e35732edaf1db27609
SHA1: 83cc85fb3257355bff7f9595c2b8a5f82006ea4c

santy
09.10.2007, 07:42
Файл h0i9xtmd.VVexe получен 2007.10.09 05:19:33 (CET)

Результат: 18/32 (56.25%)

Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.9.0 2007.10.08 -
AntiVir 7.6.0.20 2007.10.08 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.10.08 -
Avast 4.7.1051.0 2007.10.08 -
AVG 7.5.0.488 2007.10.08 Pakes_c.X
BitDefender 7.2 2007.10.09 Trojan.Spy.Wsnpoem.C
CAT-QuickHeal 9.00 2007.10.08 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.10.09 Trojan.Gpcode
DrWeb 4.44.0.09170 2007.10.08 Trojan.Proxy.2071
eSafe 7.0.15.0 2007.10.08 Suspicious File
eTrust-Vet 31.2.5197 2007.10.09 -
Ewido 4.0 2007.10.08 Trojan.Zbot.d
FileAdvisor 1 2007.10.09 -
Fortinet 3.11.0.0 2007.10.09 W32/Agent.BRW!tr
F-Prot 4.3.2.48 2007.10.08 W32/Trojan.CDVP
F-Secure 6.70.13030.0 2007.10.09 -
Ikarus T3.1.1.12 2007.10.09 Trojan-Spy.Win32.Zbot.x
Kaspersky 7.0.0.125 2007.10.09 -
McAfee 5136 2007.10.08 -
Microsoft 1.2908 2007.10.08 -
NOD32v2 2578 2007.10.08 Win32/Spy.Agent.NDM
Norman 5.80.02 2007.10.08 -
Panda 9.0.0.4 2007.10.08 Suspicious file
Prevx1 V2 2007.10.09 -
Rising 19.44.10.00 2007.10.09 -
Sophos 4.22.0 2007.10.09 Mal/Behav-066
Sunbelt 2.2.907.0 2007.10.08 VIPRE.Suspicious
Symantec 10 2007.10.09 Infostealer.Notos!gen
TheHacker 6.2.6.080 2007.10.09 Trojan/Spy.Zbot.aa
VBA32 3.12.2.4 2007.10.08 -
VirusBuster 4.3.26:9 2007.10.08 -
Webwasher-Gateway 6.0.1 2007.10.08 Trojan.Crypt.XPACK.Gen
Дополнительная информация
File size: 42496 bytes
MD5: 6eb9d9e2be058222eecbfcf501b53b64
SHA1: 414c210a703b2bc6220df063da00df34fcc07843
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

PavelA
09.10.2007, 13:31
t 12954
[ не зачет: file[1].exe_ - Этот файл повреждён.

У меня есть такой же в заначке. Достался с форума Касперского.
Интересно бы их сравнить.

Добавлено через 3 часа 15 минут


Файл avz00002.dta (c:\windows\system32\svchost.exe:ext.exe:$DATA)
получен 2007.10.09 12:21:12 (CET)Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.9.1 2007.10.09 -
AntiVir 7.6.0.20 2007.10.09 TR/Hijack.Explor.320
Authentium 4.93.8 2007.10.08 -
Avast 4.7.1051.0 2007.10.08 -
AVG 7.5.0.488 2007.10.09 SHeur.ROB
BitDefender 7.2 2007.10.09 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 9.00 2007.10.08 -
ClamAV 0.91.2 2007.10.09 -
DrWeb 4.44.0.09170 2007.10.09 -
eSafe 7.0.15.0 2007.10.08 suspicious Trojan/Worm
eTrust-Vet 31.2.5198 2007.10.09 -
Ewido 4.0 2007.10.08 -
FileAdvisor 1 2007.10.09 -
Fortinet 3.11.0.0 2007.10.09 -
F-Prot 4.3.2.48 2007.10.08 -
F-Secure 6.70.13030.0 2007.10.09 Trojan.Win32.Agent.bwn
Ikarus T3.1.1.12 2007.10.09 Trojan.Win32.Agent.alt
Kaspersky 7.0.0.125 2007.10.09 Trojan.Win32.Agent.bwn
McAfee 5136 2007.10.08 -
Microsoft 1.2908 2007.10.09 -
NOD32v2 2579 2007.10.09 -
Norman 5.80.02 2007.10.08 -
Panda 9.0.0.4 2007.10.08 -
Prevx1 V2 2007.10.09 Covert.Code
Rising 19.44.12.00 2007.10.09 -
Sophos 4.22.0 2007.10.09 -
Sunbelt 2.2.907.0 2007.10.08 Win32.ExplorerHijack
Symantec 10 2007.10.09 -
TheHacker 6.2.6.080 2007.10.09 -
VBA32 3.12.2.4 2007.10.08 -
VirusBuster 4.3.26:9 2007.10.08 -
Webwasher-Gateway 6.0.1 2007.10.09 Trojan.Hijack.Explor.320
Дополнительная информация
File size: 51712 bytes
MD5: 1b350b46700a59d4da5fbd4b88d90443
SHA1: 84961192eec0422722cfbc6d92eadffd6856d6b6
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=97F0749000009359CA4200EF473889005 A54C50E

drongo
09.10.2007, 13:38
T-13027

Файл avz00001.dta получен 2007.10.09 12:28:32 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.9.1 2007.10.09 -
AntiVir 7.6.0.20 2007.10.09 -
Authentium 4.93.8 2007.10.08 Possibly a new variant of W32/Threat-HLLSI-based!Maximus
Avast 4.7.1051.0 2007.10.08 Win32:Iespy-H
AVG 7.5.0.488 2007.10.09 -
BitDefender 7.2 2007.10.09 -
CAT-QuickHeal 9.00 2007.10.08 -
ClamAV 0.91.2 2007.10.09 -
DrWeb 4.44.0.09170 2007.10.09 -
eSafe 7.0.15.0 2007.10.08 suspicious Trojan/Worm
eTrust-Vet 31.2.5198 2007.10.09 Win32/Ramerl!generic
Ewido 4.0 2007.10.08 -
FileAdvisor 1 2007.10.09 -
Fortinet 3.11.0.0 2007.10.09 -
F-Prot 4.3.2.48 2007.10.08 W32/Threat-HLLSI-based!Maximus
F-Secure 6.70.13030.0 2007.10.09 W32/Horst.gen33
Ikarus T3.1.1.12 2007.10.09 Virus.Win32.Iespy.H
Kaspersky 7.0.0.125 2007.10.09 -
McAfee 5136 2007.10.08 Downloader-ASL
Microsoft 1.2908 2007.10.09 TrojanSpy:Win32/Lespy.gen
NOD32v2 2579 2007.10.09 a variant of Win32/Spy.Iespy
Norman 5.80.02 2007.10.09 W32/Horst.gen33
Panda 9.0.0.4 2007.10.08 -
Prevx1 V2 2007.10.09 -
Rising 19.44.12.00 2007.10.09 -
Sophos 4.22.0 2007.10.09 -
Sunbelt 2.2.907.0 2007.10.08 -
Symantec 10 2007.10.09 -
TheHacker 6.2.6.080 2007.10.09 -
VBA32 3.12.2.4 2007.10.08 -
VirusBuster 4.3.26:9 2007.10.08 Trojan.IESPy.Gen
Webwasher-Gateway 6.0.1 2007.10.09 Trojan.Downloader.Win32.Malware.gen (suspicious)
Дополнительная информация
File size: 7680 bytes
MD5: 97e28b394d7fc2c9ed24fba5c97c2e43
SHA1: 669f31a4c20be7afbb7a39a123d909964587544d
packers: UPX
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX


Файл avz00003.dta получен 2007.10.09 12:52:38 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.9.1 2007.10.09 -
AntiVir 7.6.0.20 2007.10.09 TR/Agent.BOZ.1
Authentium 4.93.8 2007.10.08 -
Avast 4.7.1051.0 2007.10.08 -
AVG 7.5.0.488 2007.10.09 Dropper.Agent.9.J
BitDefender 7.2 2007.10.09 -
CAT-QuickHeal 9.00 2007.10.08 -
ClamAV 0.91.2 2007.10.09 -
DrWeb 4.44.0.09170 2007.10.09 -
eSafe 7.0.15.0 2007.10.08 -
eTrust-Vet 31.2.5198 2007.10.09 -
Ewido 4.0 2007.10.09 -
FileAdvisor 1 2007.10.09 -
Fortinet 3.11.0.0 2007.10.09 -
F-Prot 4.3.2.48 2007.10.08 -
F-Secure 6.70.13030.0 2007.10.09 Trojan.Win32.Agent.boz
Ikarus T3.1.1.12 2007.10.09 Trojan.Win32.Agent.asu
Kaspersky 7.0.0.125 2007.10.09 Trojan.Win32.Agent.boz
McAfee 5136 2007.10.08 -
Microsoft 1.2908 2007.10.09 -
NOD32v2 2579 2007.10.09 probably unknown NewHeur_PE virus
Norman 5.80.02 2007.10.09 -
Panda 9.0.0.4 2007.10.09 -
Prevx1 V2 2007.10.09 -
Rising 19.44.12.00 2007.10.09 -
Sophos 4.22.0 2007.10.09 -
Sunbelt 2.2.907.0 2007.10.08 -
Symantec 10 2007.10.09 -
TheHacker 6.2.6.080 2007.10.09 -
VBA32 3.12.2.4 2007.10.08 -
VirusBuster 4.3.26:9 2007.10.08 -
Webwasher-Gateway 6.0.1 2007.10.09 Trojan.Agent.BOZ.1
Дополнительная информация
File size: 33280 bytes
MD5: 7129569a56af2c875ce47117882a95cf
SHA1: 66963a92d273524b4200eeb4f280df9243ac74df

TANUKI
09.10.2007, 16:47
Файл spooldr.exe- получен 2007.10.09 14:37:55 (CET)

Антивирус Версия Обновление Результат

Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.9.1 2007.10.09 -
AntiVir 7.6.0.20 2007.10.09 TR/Patched.AQ.12
Authentium 4.93.8 2007.10.08 -
Avast 4.7.1051.0 2007.10.08 Win32:Patched-BM
AVG 7.5.0.488 2007.10.09 Win32/Bagif
BitDefender 7.2 2007.10.09 Trojan.Starter.AEZ
CAT-QuickHeal 9.00 2007.10.08 -
ClamAV 0.91.2 2007.10.09 -
DrWeb 4.44.0.09170 2007.10.09 BackDoor.Groan
eSafe 7.0.15.0 2007.10.08 -
eTrust-Vet 31.2.5198 2007.10.09 Win32/UVSW.B
Ewido 4.0 2007.10.09 -
FileAdvisor 1 2007.10.09 -
Fortinet 3.11.0.0 2007.10.09 W32/Patched.AQ!tr
F-Prot 4.3.2.48 2007.10.08 -
F-Secure 6.70.13030.0 2007.10.09 Trojan.Win32.Patched.aq
Ikarus T3.1.1.12 2007.10.09 Virus.Win32.Sploder.a
Kaspersky 7.0.0.125 2007.10.09 Trojan.Win32.Patched.aq
McAfee 5136 2007.10.08 -
Microsoft 1.2908 2007.10.09 Virus:Win32/Nuwar.B
NOD32v2 2580 2007.10.09 Win32/Nuwar.AU
Norman 5.80.02 2007.10.09 -
Panda 9.0.0.4 2007.10.09 -
Prevx1 V2 2007.10.09 -
Rising 19.44.12.00 2007.10.09 -
Sophos 4.22.0 2007.10.09 -
Sunbelt 2.2.907.0 2007.10.08 VIPRE.Suspicious
Symantec 10 2007.10.09 Trojan.Peacomm!inf
TheHacker 6.2.6.080 2007.10.09 -
VBA32 3.12.2.4 2007.10.08 -
VirusBuster 4.3.26:9 2007.10.08 Rootkit.KillAV.HL
Webwasher-Gateway 6.0.1 2007.10.09 Trojan.Patched.AQ.12

----------------------------------------------------------------------

Файл spooldr.exe- получен 2007.10.09 14:37:55 (CET)

Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.9.1 2007.10.09 -
AntiVir 7.6.0.20 2007.10.09 WORM/Zhelatin.Gen
Authentium 4.93.8 2007.10.08 -
Avast 4.7.1051.0 2007.10.08 -
AVG 7.5.0.488 2007.10.09 Downloader.Tibs
BitDefender 7.2 2007.10.09 Trojan.Peed.ILR
CAT-QuickHeal 9.00 2007.10.08 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.10.09 Trojan.Peed-17
DrWeb 4.44.0.09170 2007.10.09 Trojan.Packed.142
eSafe 7.0.15.0 2007.10.08 Win32.Zhelatin.ki
eTrust-Vet 31.2.5198 2007.10.09 -
Ewido 4.0 2007.10.09 -
FileAdvisor 1 2007.10.09 -
Fortinet 3.11.0.0 2007.10.09 W32/[email protected]
F-Prot 4.3.2.48 2007.10.08 -
F-Secure 6.70.13030.0 2007.10.09 Email-Worm.Win32.Zhelatin.ki
Ikarus T3.1.1.12 2007.10.09 Trojan.Peed.ILR
Kaspersky 7.0.0.125 2007.10.09 Email-Worm.Win32.Zhelatin.ki
McAfee 5136 2007.10.08 -
Microsoft 1.2908 2007.10.09 Trojan:Win32/Tibs.EO
NOD32v2 2580 2007.10.09 Win32/Nuwar.Gen
Norman 5.80.02 2007.10.09 W32/Tibs.AWYO
Panda 9.0.0.4 2007.10.09 -
Prevx1 V2 2007.10.09 -
Rising 19.44.12.00 2007.10.09 -
Sophos 4.22.0 2007.10.09 -
Sunbelt 2.2.907.0 2007.10.08 Trojan-Dropper.Win32.Nuwar.gen!lds
Symantec 10 2007.10.09 Trojan.Packed.13
TheHacker 6.2.6.080 2007.10.09 W32/Zhelatin.gen
VBA32 3.12.2.4 2007.10.08 -
VirusBuster 4.3.26:9 2007.10.08 Trojan.Tibs.Gen!Pac.132
Webwasher-Gateway 6.0.1 2007.10.09 Worm.Zhelatin.Gen

vaber
09.10.2007, 18:56
Файл installer.exe получен 2007.10.09 17:43:54 (CET)

Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.9.1 2007.10.09 -
AntiVir 7.6.0.20 2007.10.09 TR/Crypt.Morphine.Gen
Authentium 4.93.8 2007.10.08 -
Avast 4.7.1051.0 2007.10.08 -
AVG 7.5.0.488 2007.10.09 -
BitDefender 7.2 2007.10.09 -
CAT-QuickHeal 9.00 2007.10.09 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.10.09 -
DrWeb 4.44.0.09170 2007.10.09 Trojan.Sentinel
eSafe 7.0.15.0 2007.10.08 Suspicious File
eTrust-Vet 31.2.5198 2007.10.09 -
Ewido 4.0 2007.10.09 -
FileAdvisor 1 2007.10.09 -
Fortinet 3.11.0.0 2007.10.09 -
F-Prot 4.3.2.48 2007.10.08 -
F-Secure 6.70.13030.0 2007.10.09 W32/BHO.QG
Ikarus T3.1.1.12 2007.10.09 -
Kaspersky 7.0.0.125 2007.10.09 Heur.Trojan.Generic
McAfee 5136 2007.10.08 New Malware.bl
Microsoft 1.2908 2007.10.09 -
NOD32v2 2581 2007.10.09 -
Norman 5.80.02 2007.10.09 W32/BHO.QG
Panda 9.0.0.4 2007.10.09 -
Prevx1 V2 2007.10.09 -
Rising 19.44.12.00 2007.10.09 -
Sophos 4.22.0 2007.10.09 -
Sunbelt 2.2.907.0 2007.10.08 -
Symantec 10 2007.10.09 -
TheHacker 6.2.6.080 2007.10.09 -
VBA32 3.12.2.4 2007.10.08 -
VirusBuster 4.3.26:9 2007.10.09 -
Webwasher-Gateway 6.0.1 2007.10.09 Trojan.Crypt.Morphine.Gen
Дополнительная информация
File size: 147456 bytes
MD5: 0acd27b043664c5d239e40ecd5796b99
SHA1: 5345d1389e02f5491e54774d1d5f4e385625987f
packers: Morphine

V_Bond
09.10.2007, 20:17
ntos.exe из темы ..http://virusinfo.info/showthread.php?p=140811#post140811


AhnLab-V3 2007.10.10.0 2007.10.09 -
AntiVir 7.6.0.20 2007.10.09 -
Authentium 4.93.8 2007.10.08 -
Avast 4.7.1051.0 2007.10.09 -
AVG 7.5.0.488 2007.10.09 -
BitDefender 7.2 2007.10.09 -
CAT-QuickHeal 9.00 2007.10.09 -
ClamAV 0.91.2 2007.10.09 -
DrWeb 4.44.0.09170 2007.10.09 Trojan.Fakealert.334
eSafe 7.0.15.0 2007.10.09 -
eTrust-Vet 31.2.5198 2007.10.09 -
Ewido 4.0 2007.10.09 -
FileAdvisor 1 2007.10.09 -
Fortinet 3.11.0.0 2007.10.09 -
F-Prot 4.3.2.48 2007.10.08 -
F-Secure 6.70.13030.0 2007.10.09 -
Ikarus T3.1.1.12 2007.10.09 -
Kaspersky 7.0.0.125 2007.10.09 -
McAfee 5137 2007.10.09 -
Microsoft 1.2908 2007.10.09 -
NOD32v2 2581 2007.10.09 -
Norman 5.80.02 2007.10.09 -
Panda 9.0.0.4 2007.10.09 Suspicious file
Prevx1 V2 2007.10.09 -
Rising 19.44.12.00 2007.10.09 -
Sophos 4.22.0 2007.10.09 -
Sunbelt 2.2.907.0 2007.10.08 -
Symantec 10 2007.10.09 -
TheHacker 6.2.6.080 2007.10.09 -
VBA32 3.12.2.4 2007.10.08 Trojan.Fakealert.334
VirusBuster 4.3.26:9 2007.10.09 -
Webwasher-Gateway 6.0.1 2007.10.09 -
Дополнительная информация
File size: 2560 bytes
MD5: 8178ef302f7da6c19a81a90486266dc4
SHA1: 0481f7d1e39c0ab97871222ee39e8a1b2fc489a6

drongo
10.10.2007, 00:11
T=13035

Файл avz00005.dta получен 2007.10.09 23:03:27 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.10.0 2007.10.09 -
AntiVir 7.6.0.20 2007.10.09 -
Authentium 4.93.8 2007.10.09 -
Avast 4.7.1051.0 2007.10.09 -
AVG 7.5.0.488 2007.10.09 BHO.BMT
BitDefender 7.2 2007.10.09 Adware.Sagou.A
CAT-QuickHeal 9.00 2007.10.09 AdWare.BHO.gt (Not a Virus)
ClamAV 0.91.2 2007.10.09 -
DrWeb 4.44.0.09170 2007.10.09 Trojan.Cinco
eSafe 7.0.15.0 2007.10.09 -
eTrust-Vet 31.2.5198 2007.10.09 -
Ewido 4.0 2007.10.09 -
FileAdvisor 1 2007.10.09 -
Fortinet 3.11.0.0 2007.10.09 -
F-Prot 4.3.2.48 2007.10.09 -
F-Secure 6.70.13030.0 2007.10.09 -
Ikarus T3.1.1.12 2007.10.09 -
Kaspersky 7.0.0.125 2007.10.09 not-a-virus:AdWare.Win32.BHO.hk
McAfee 5137 2007.10.09 -
Microsoft 1.2908 2007.10.09 -
NOD32v2 2581 2007.10.09 -
Norman 5.80.02 2007.10.09 -
Panda 9.0.0.4 2007.10.09 -
Prevx1 V2 2007.10.09 Heuristic: Suspicious File With Bad Parent Associations
Rising 19.44.12.00 2007.10.09 -
Sophos 4.22.0 2007.10.09 -
Sunbelt 2.2.907.0 2007.10.08 -
Symantec 10 2007.10.09 -
TheHacker 6.2.6.080 2007.10.09 -
VBA32 3.12.2.4 2007.10.08 -
VirusBuster 4.3.26:9 2007.10.09 -
Webwasher-Gateway 6.0.1 2007.10.09 -
Дополнительная информация
File size: 53248 bytes
MD5: 6697d065374174117a8d5507c88783b5
SHA1: 777617a6ab40a53e3bff3f4dc05d79aa84a622d0
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=BFD4BDE30010A6D5D05000AEF05A3800A B90E2E9


Файл avz00010.dta получен 2007.10.09 23:12:51 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.10.0 2007.10.09 -
AntiVir 7.6.0.20 2007.10.09 -
Authentium 4.93.8 2007.10.09 -
Avast 4.7.1051.0 2007.10.09 -
AVG 7.5.0.488 2007.10.09 -
BitDefender 7.2 2007.10.09 Adware.Sagou.A
CAT-QuickHeal 9.00 2007.10.09 -
ClamAV 0.91.2 2007.10.09 -
DrWeb 4.44.0.09170 2007.10.09 -
eSafe 7.0.15.0 2007.10.09 -
eTrust-Vet 31.2.5198 2007.10.09 -
Ewido 4.0 2007.10.09 -
FileAdvisor 1 2007.10.09 -
Fortinet 3.11.0.0 2007.10.09 -
F-Prot 4.3.2.48 2007.10.09 -
F-Secure 6.70.13030.0 2007.10.09 -
Ikarus T3.1.1.12 2007.10.09 -
Kaspersky 7.0.0.125 2007.10.09 not-a-virus:AdWare.Win32.Zhongsou.m
McAfee 5137 2007.10.09 -
Microsoft 1.2908 2007.10.09 -
NOD32v2 2582 2007.10.09 -
Norman 5.80.02 2007.10.09 -
Panda 9.0.0.4 2007.10.09 -
Prevx1 V2 2007.10.09 TROJAN.AGENT.GEN
Rising 19.44.12.00 2007.10.09 -
Sophos 4.22.0 2007.10.09 -
Sunbelt 2.2.907.0 2007.10.08 -
Symantec 10 2007.10.09 -
TheHacker 6.2.6.080 2007.10.09 -
VBA32 3.12.2.4 2007.10.08 -
VirusBuster 4.3.26:9 2007.10.09 -
Webwasher-Gateway 6.0.1 2007.10.09 -
Дополнительная информация
File size: 118784 bytes
MD5: fdc2ccd8fd34483d88f09585fd9cf274
SHA1: 207ba59716ab7eabe565a42520f46c3ada5820fc
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=C5D42E3A0088AA99D07F013A89F2F800A 92AFC0B


Файл avz00009.dta получен 2007.10.09 23:17:36 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.10.0 2007.10.09 -
AntiVir 7.6.0.20 2007.10.09 TR/Rootkit.Gen
Authentium 4.93.8 2007.10.09 -
Avast 4.7.1051.0 2007.10.09 Win32:Agent-KYE
AVG 7.5.0.488 2007.10.09 -
BitDefender 7.2 2007.10.09 -
CAT-QuickHeal 9.00 2007.10.09 -
ClamAV 0.91.2 2007.10.09 -
DrWeb 4.44.0.09170 2007.10.09 -
eSafe 7.0.15.0 2007.10.09 -
eTrust-Vet 31.2.5198 2007.10.09 -
Ewido 4.0 2007.10.09 -
FileAdvisor 1 2007.10.09 -
Fortinet 3.11.0.0 2007.10.09 -
F-Prot 4.3.2.48 2007.10.09 -
F-Secure 6.70.13030.0 2007.10.09 Trojan-Downloader.Win32.Hmir.bu
Ikarus T3.1.1.12 2007.10.09 Trojan-Downloader.Win32.Agent.bbb
Kaspersky 7.0.0.125 2007.10.09 Trojan-Downloader.Win32.Hmir.bu
McAfee 5137 2007.10.09 -
Microsoft 1.2908 2007.10.09 Backdoor:WinNT/Farfli.B!sys
NOD32v2 2582 2007.10.09 a variant of Win32/Rootkit.Agent.NCK
Norman 5.80.02 2007.10.09 -
Panda 9.0.0.4 2007.10.09 -
Prevx1 V2 2007.10.09 -
Rising 19.44.12.00 2007.10.09 -
Sophos 4.22.0 2007.10.09 -
Sunbelt 2.2.907.0 2007.10.08 -
Symantec 10 2007.10.09 -
TheHacker 6.2.6.080 2007.10.09 -
VBA32 3.12.2.4 2007.10.08 -
VirusBuster 4.3.26:9 2007.10.09 -
Webwasher-Gateway 6.0.1 2007.10.09 Trojan.Rootkit.Gen
Дополнительная информация
File size: 22208 bytes
MD5: f4300abbb3a379e8e43b11ad54d0ed39
SHA1: 2e9fd820405c3480e7286350c20c090f09fea449


Файл avz00014.dta получен 2007.10.09 23:34:12 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.10.0 2007.10.09 -
AntiVir 7.6.0.20 2007.10.09 TR/Spy.Gen
Authentium 4.93.8 2007.10.09 -
Avast 4.7.1051.0 2007.10.09 Win32:Agent-JZN
AVG 7.5.0.488 2007.10.09 -
BitDefender 7.2 2007.10.09 -
CAT-QuickHeal 9.00 2007.10.09 -
ClamAV 0.91.2 2007.10.09 -
DrWeb 4.44.0.09170 2007.10.09 DLOADER.Trojan
eSafe 7.0.15.0 2007.10.09 -
eTrust-Vet 31.2.5198 2007.10.09 -
Ewido 4.0 2007.10.09 -
FileAdvisor 1 2007.10.09 -
Fortinet 3.11.0.0 2007.10.09 -
F-Prot 4.3.2.48 2007.10.09 -
F-Secure 6.70.13030.0 2007.10.09 Trojan-Downloader.Win32.Hmir.bu
Ikarus T3.1.1.12 2007.10.09 Virus.Win32.Agent.JZN
Kaspersky 7.0.0.125 2007.10.09 Trojan-Downloader.Win32.Hmir.bu
McAfee 5137 2007.10.09 -
Microsoft 1.2908 2007.10.09 Backdoor:Win32/Farfli.B.dll
NOD32v2 2582 2007.10.09 a variant of Win32/TrojanDownloader.Agent.NPO
Norman 5.80.02 2007.10.09 -
Panda 9.0.0.4 2007.10.09 -
Prevx1 V2 2007.10.09 -
Rising 19.44.12.00 2007.10.09 -
Sophos 4.22.0 2007.10.09 Mal/Behav-063
Sunbelt 2.2.907.0 2007.10.08 -
Symantec 10 2007.10.09 -
TheHacker 6.2.6.080 2007.10.09 -
VBA32 3.12.2.4 2007.10.08 -
VirusBuster 4.3.26:9 2007.10.09 Trojan.DL.Agent.Gen.10
Webwasher-Gateway 6.0.1 2007.10.09 Trojan.Spy.Gen
Дополнительная информация
File size: 139264 bytes
MD5: cb2c900ee2e9879a93248793a4748132
SHA1: 65d48ba3420028595ab7e1a11cfe982d984b38d3

Файл avz00012.dta получен 2007.10.09 23:46:43 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.10.0 2007.10.09 -
AntiVir 7.6.0.20 2007.10.09 -
Authentium 4.93.8 2007.10.09 -
Avast 4.7.1051.0 2007.10.09 -
AVG 7.5.0.488 2007.10.09 -
BitDefender 7.2 2007.10.09 -
CAT-QuickHeal 9.00 2007.10.09 -
ClamAV 0.91.2 2007.10.09 -
DrWeb 4.44.0.09170 2007.10.09 -
eSafe 7.0.15.0 2007.10.09 -
eTrust-Vet 31.2.5198 2007.10.09 -
Ewido 4.0 2007.10.09 -
FileAdvisor 1 2007.10.09 -
Fortinet 3.11.0.0 2007.10.09 -
F-Prot 4.3.2.48 2007.10.09 -
F-Secure 6.70.13030.0 2007.10.09 -
Ikarus T3.1.1.12 2007.10.09 -
Kaspersky 7.0.0.125 2007.10.09 Trojan.Win32.Inject.gr
McAfee 5137 2007.10.09 BackDoor-DMB.sys
Microsoft 1.2908 2007.10.09 -
NOD32v2 2582 2007.10.09 -
Norman 5.80.02 2007.10.09 -
Panda 9.0.0.4 2007.10.09 -
Prevx1 V2 2007.10.10 -
Rising 19.44.12.00 2007.10.09 -
Sophos 4.22.0 2007.10.09 -
Sunbelt 2.2.907.0 2007.10.08 -
Symantec 10 2007.10.09 -
TheHacker 6.2.6.080 2007.10.09 -
VBA32 3.12.2.4 2007.10.08 -
VirusBuster 4.3.26:9 2007.10.09 -
Webwasher-Gateway 6.0.1 2007.10.09 Win32.Malware.gen!88 (suspicious)
Дополнительная информация
File size: 173348 bytes
MD5: cc2eea05d38c579721f077a4d483e01a
SHA1: 59ec54992bbabf947086d3936c2e5329548e0fd9

vaber
10.10.2007, 18:51
Файл id3213.exe получен 2007.10.10 17:25:52 (CET)

Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.10.1 2007.10.10 -
AntiVir 7.6.0.20 2007.10.10 HEUR/Crypted
Authentium 4.93.8 2007.10.09 -
Avast 4.7.1051.0 2007.10.09 -
AVG 7.5.0.488 2007.10.10 -
BitDefender 7.2 2007.10.10 Trojan.Srizbi.T
CAT-QuickHeal 9.00 2007.10.10 -
ClamAV 0.91.2 2007.10.10 -
DrWeb 4.44.0.09170 2007.10.10 -
eSafe 7.0.15.0 2007.10.09 suspicious Trojan/Worm
eTrust-Vet 31.2.5201 2007.10.10 -
Ewido 4.0 2007.10.10 -
FileAdvisor 1 2007.10.10 -
Fortinet 3.11.0.0 2007.10.10 -
F-Prot 4.3.2.48 2007.10.09 -
F-Secure 6.70.13030.0 2007.10.10 -
Ikarus T3.1.1.12 2007.10.10 -
Kaspersky 7.0.0.125 2007.10.10 -
McAfee 5137 2007.10.09 -
Microsoft 1.2908 2007.10.10 -
NOD32v2 2584 2007.10.10 -
Norman 5.80.02 2007.10.10 -
Panda 9.0.0.4 2007.10.10 -
Prevx1 V2 2007.10.10 -
Rising 19.44.22.00 2007.10.10 -
Sophos 4.22.0 2007.10.10 -
Sunbelt 2.2.907.0 2007.10.10 -
Symantec 10 2007.10.10 -
TheHacker 6.2.6.082 2007.10.10 -
VBA32 3.12.2.4 2007.10.10 -
VirusBuster 4.3.26:9 2007.10.10 -
Webwasher-Gateway 6.0.1 2007.10.10 Heuristic.Crypted
Дополнительная информация
File size: 115200 bytes
MD5: 5c8d412845400cab9133a7c44be53b0c
SHA1: 6135ea8d7c05c16cb64f94c2bd21f95bf0c6db86
packers: UPX
packers: PE_Patch.UPX, UPX

drongo
11.10.2007, 22:16
File avz00003.dta received on 10.11.2007 21:03:56 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.10.12.0 2007.10.11 -
AntiVir 7.6.0.20 2007.10.11 -
Authentium 4.93.8 2007.10.09 -
Avast 4.7.1051.0 2007.10.11 -
AVG 7.5.0.488 2007.10.11 -
BitDefender 7.2 2007.10.11 -
CAT-QuickHeal 9.00 2007.10.11 -
ClamAV 0.91.2 2007.10.11 -
DrWeb 4.44.0.09170 2007.10.11 -
eSafe 7.0.15.0 2007.10.10 suspicious Trojan/Worm
eTrust-Vet 31.2.5203 2007.10.11 -
Ewido 4.0 2007.10.11 -
FileAdvisor 1 2007.10.11 -
Fortinet 3.11.0.0 2007.10.11 -
F-Prot 4.3.2.48 2007.10.11 -
F-Secure 6.70.13030.0 2007.10.11 -
Ikarus T3.1.1.12 2007.10.11 -
Kaspersky 7.0.0.125 2007.10.11 Trojan.Win32.Small.sk
McAfee 5139 2007.10.11 -
Microsoft 1.2908 2007.10.11 VirTool:Win32/Obfuscator.L
NOD32v2 2586 2007.10.11 -
Norman 5.80.02 2007.10.11 -
Panda 9.0.0.4 2007.10.11 -
Rising 19.44.32.00 2007.10.11 -
Sophos 4.22.0 2007.10.11 -
Sunbelt 2.2.907.0 2007.10.11 -
Symantec 10 2007.10.11 -
TheHacker 6.2.8.085 2007.10.11 -
VBA32 3.12.2.4 2007.10.11 -
VirusBuster 4.3.26:9 2007.10.11 -
Webwasher-Gateway 6.0.1 2007.10.11 Win32.UPXpacked.gen (suspicious)
Additional information
File size: 8192 bytes
MD5: 669d932908f2d100622b21827d17dbbe
SHA1: c049bfdb6d8204192a428d2fe910b2589e7a8d39
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX

Muzzle
12.10.2007, 03:41
C:\WINDOWS\System32\Iqxtqpq.dll



AhnLab-V3 2007.10.12.0 2007.10.11 -
AntiVir 7.6.0.20 2007.10.11 TR/Agent.BRW.1
Authentium 4.93.8 2007.10.11 -
Avast 4.7.1051.0 2007.10.11 -
AVG 7.5.0.488 2007.10.11 Generic8.CRO
BitDefender 7.2 2007.10.12 Trojan.Inject.EM
CAT-QuickHeal 9.00 2007.10.11 -
ClamAV 0.91.2 2007.10.11 -
DrWeb 4.44.0.09170 2007.10.12 Trojan.Inject.398
eSafe 7.0.15.0 2007.10.10 Suspicious File
eTrust-Vet 31.2.5203 2007.10.11 -
Ewido 4.0 2007.10.11 -
FileAdvisor 1 2007.10.12 -
Fortinet 3.11.0.0 2007.10.11 W32/Agent.BRW!tr
F-Prot 4.3.2.48 2007.10.11 -
F-Secure 6.70.13030.0 2007.10.11 Trojan.Win32.Agent.brw
Ikarus T3.1.1.12 2007.10.12 Trojan.Inject.EM
Kaspersky 7.0.0.125 2007.10.12 Trojan.Win32.Agent.brw
McAfee 5139 2007.10.11 -
Microsoft 1.2908 2007.10.12 -
NOD32v2 2586 2007.10.11 -
Norman 5.80.02 2007.10.11 W32/Malware.AVIQ
Panda 9.0.0.4 2007.10.11 Trj/Downloader.MDW
Prevx1 V2 2007.10.12 -
Rising 19.44.32.00 2007.10.11 -
Sophos 4.22.0 2007.10.11 Troj/Agent-GDH
Sunbelt 2.2.907.0 2007.10.11 -
Symantec 10 2007.10.12 -
TheHacker 6.2.8.086 2007.10.11 -
VBA32 3.12.2.4 2007.10.11 Trojan.Win32.Agent.brw
VirusBuster 4.3.26:9 2007.10.11 -
Webwasher-Gateway 6.0.1 2007.10.11 Trojan.Agent.BRW.1

vaber
12.10.2007, 20:01
Гы


Файл word.exe получен 2007.10.12 18:36:12 (CET)

Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.12.1 2007.10.12 -
AntiVir 7.6.0.23 2007.10.12 -
Authentium 4.93.8 2007.10.12 -
Avast 4.7.1051.0 2007.10.11 -
AVG 7.5.0.488 2007.10.12 -
BitDefender 7.2 2007.10.12 -
CAT-QuickHeal 9.00 2007.10.12 -
ClamAV 0.91.2 2007.10.12 -
DrWeb 4.44.0.09170 2007.10.12 -
eSafe 7.0.15.0 2007.10.10 -
eTrust-Vet 31.2.5205 2007.10.12 -
Ewido 4.0 2007.10.12 -
FileAdvisor 1 2007.10.12 -
Fortinet 3.11.0.0 2007.10.12 -
F-Prot 4.3.2.48 2007.10.11 -
F-Secure 6.70.13030.0 2007.10.12 -
Ikarus T3.1.1.12 2007.10.12 -
Kaspersky 7.0.0.125 2007.10.12 -
McAfee 5140 2007.10.12 -
Microsoft 1.2908 2007.10.12 -
NOD32v2 2589 2007.10.12 -
Norman 5.80.02 2007.10.12 -
Panda 9.0.0.4 2007.10.12 -
Prevx1 V2 2007.10.12 -
Rising 19.44.42.00 2007.10.12 -
Sophos 4.22.0 2007.10.12 -
Sunbelt 2.2.907.0 2007.10.11 -
Symantec 10 2007.10.12 -
TheHacker 6.2.8.087 2007.10.12 -
VBA32 3.12.2.4 2007.10.12 -
VirusBuster 4.3.26:9 2007.10.12 -
Webwasher-Gateway 6.0.1 2007.10.12 -
Дополнительная информация
File size: 24064 bytes
MD5: aded501eeeffcd1fd00905118f70512f
SHA1: a82ca93c9d7c13524920cfe7b68ae6c7d7794adc

mayas
14.10.2007, 19:07
File winupdsvs.exe received on 10.14.2007 17:53:30 (CET)

Antivirus;Version;Last Update;Result
AntiVir;7.6.0.23;2007.10.13;HEUR/Crypted
CAT-QuickHeal;9.00;2007.10.13;(Suspicious) - DNAScan
DrWeb;4.44.0.09170;2007.10.14;Trojan.PWS.LDPinch.1 417
eSafe;7.0.15.0;2007.10.10;1155434060
Ikarus;T3.1.1.12;2007.10.14;Trojan-PWS.Win32.LdPinch.bpj
Kaspersky;7.0.0.125;2007.10.14;Heur.Trojan.Generic
Panda;9.0.0.4;2007.10.14;Suspicious file
Sophos;4.22.0;2007.10.14;Mal/Basine-C
Sunbelt;2.2.907.0;2007.10.13;VIPRE.Suspicious
Webwasher-Gateway;6.0.1;2007.10.13;Heuristic.Crypted

Additional information
File size: 53732 bytes
MD5: ccd7c8c267b6ed1bfd015c62e20d56fa
SHA1: ffb4d3f42179aa87536163e4e794e2735e85368a
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Surfer
15.10.2007, 17:40
Упало в забытый ящик на мыло.ру

Файл Update_Dealer.exe получен 2007.10.15 16:30:11 (CET)

AhnLab-V3 2007.10.16.0 2007.10.15 -
AntiVir 7.6.0.23 2007.10.15 -
Authentium 4.93.8 2007.10.14 -
Avast 4.7.1051.0 2007.10.14 -
AVG 7.5.0.488 2007.10.15 -
BitDefender 7.2 2007.10.15 BehavesLike:Win32.Malware
CAT-QuickHeal 9.00 2007.10.13 -
ClamAV 0.91.2 2007.10.14 -
DrWeb 4.44.0.09170 2007.10.15 -
eSafe 7.0.15.0 2007.10.10 -
eTrust-Vet 31.2.5207 2007.10.13 -
Ewido 4.0 2007.10.15 -
FileAdvisor 1 2007.10.15 -
Fortinet 3.11.0.0 2007.10.15 -
F-Prot 4.3.2.48 2007.10.15 -
F-Secure 6.70.13030.0 2007.10.15 -
Ikarus T3.1.1.12 2007.10.15 -
Kaspersky 7.0.0.125 2007.10.15 Heur.Trojan.Generic
McAfee 5140 2007.10.12 -
Microsoft 1.2908 2007.10.15 -
NOD32v2 2591 2007.10.14 -
Norman 5.80.02 2007.10.15 -
Panda 9.0.0.4 2007.10.14 Suspicious file
Prevx1 V2 2007.10.15 -
Rising 19.45.02.00 2007.10.15 -
Sophos 4.22.0 2007.10.15 -
Sunbelt 2.2.907.0 2007.10.13 -
Symantec 10 2007.10.15 -
TheHacker 6.2.8.091 2007.10.15 -
VBA32 3.12.2.4 2007.10.15 -
VirusBuster 4.3.26:9 2007.10.14 -
Webwasher-Gateway 6.6.1 2007.10.15 -

Дополнительная информация
File size: 46641 bytes
MD5: 6753badb5360330caae68196c5a0f62b
SHA1: 31e19bba762c633bfc5a330097fccc4c444456cf
packers: PE_Patch

UPD
он же, но после запуска (во временной папке нашёл =)).
Проактивка каспера ловит что-то типа "passwords sending"


File svchost.exe received on 10.15.2007 17:11:04 (CET)

AhnLab-V3 2007.10.16.0 2007.10.15 -
AntiVir 7.6.0.23 2007.10.15 HEUR/Crypted
Authentium 4.93.8 2007.10.14 -
Avast 4.7.1051.0 2007.10.14 -
AVG 7.5.0.488 2007.10.15 -
BitDefender 7.2 2007.10.15 -
CAT-QuickHeal 9.00 2007.10.13 -
ClamAV 0.91.2 2007.10.14 -
DrWeb 4.44.0.09170 2007.10.15 -
eSafe 7.0.15.0 2007.10.10 -
eTrust-Vet 31.2.5207 2007.10.13 -
Ewido 4.0 2007.10.15 -
FileAdvisor 1 2007.10.15 -
Fortinet 3.11.0.0 2007.10.15 W32/Oporto.3076
F-Prot 4.3.2.48 2007.10.15 -
F-Secure 6.70.13030.0 2007.10.15 -
Ikarus T3.1.1.12 2007.10.15 Trojan-Spy.Win32.Agent.DI
Kaspersky 7.0.0.125 2007.10.15 -
McAfee 5140 2007.10.12 -
Microsoft 1.2908 2007.10.15 -
NOD32v2 2591 2007.10.14 -
Norman 5.80.02 2007.10.15 -
Panda 9.0.0.4 2007.10.14 -
Prevx1 V2 2007.10.15 -
Rising 19.45.02.00 2007.10.15 -
Sophos 4.22.0 2007.10.15 Mal/Basine-C
Sunbelt 2.2.907.0 2007.10.13 -
Symantec 10 2007.10.15 -
TheHacker 6.2.8.091 2007.10.15 -
VBA32 3.12.2.4 2007.10.15 -
VirusBuster 4.3.26:9 2007.10.14 -
Webwasher-Gateway 6.6.1 2007.10.15 Heuristic.Crypted

Additional information
File size: 42496 bytes
MD5: 6ac6201be846ce6934bf89a70b7e8182
SHA1: d21ac0a86ae5b2cd1b6a425189e2f90b0b837483
packers: PE_Patch

Shu_b
16.10.2007, 08:45
t - 13236


File WinAvXX.exe received on 10.16.2007 07:36:16 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.10.16.1 2007.10.16 -
AntiVir 7.6.0.23 2007.10.15 TR/Crypt.ULPM.Gen
Authentium 4.93.8 2007.10.14 Possibly a new variant of W32/Fathom.3-based!Maximus
Avast 4.7.1051.0 2007.10.15 -
AVG 7.5.0.488 2007.10.15 -
BitDefender 7.2 2007.10.16 Trojan.Peed.JZ
CAT-QuickHeal 9.00 2007.10.15 -
ClamAV 0.91.2 2007.10.14 -
DrWeb 4.44.0.09170 2007.10.15 Trojan.Fakealert.357
eSafe 7.0.15.0 2007.10.15 suspicious Trojan/Worm
eTrust-Vet 31.2.5213 2007.10.15 -
Ewido 4.0 2007.10.15 -
FileAdvisor 1 2007.10.16 -
Fortinet 3.11.0.0 2007.10.16 -
F-Prot 4.3.2.48 2007.10.15 W32/Fathom.3-based!Maximus
F-Secure 6.70.13030.0 2007.10.16 -
Ikarus T3.1.1.12 2007.10.16 -
Kaspersky 7.0.0.125 2007.10.16 -
McAfee 5141 2007.10.15 -
Microsoft 1.2908 2007.10.16 Trojan:Win32/SystemHijack.gen
NOD32v2 2592 2007.10.15 -
Norman 5.80.02 2007.10.15 -
Panda 9.0.0.4 2007.10.16 Suspicious file
Prevx1 V2 2007.10.16 -
Rising 19.45.10.00 2007.10.16 -
Sophos 4.22.0 2007.10.16 Mal/HckPk-A
Sunbelt 2.2.907.0 2007.10.16 -
Symantec 10 2007.10.16 -
TheHacker 6.2.8.091 2007.10.15 -
VBA32 3.12.2.4 2007.10.15 -
VirusBuster 4.3.26:9 2007.10.15 -
Webwasher-Gateway 6.6.1 2007.10.16 Trojan.Crypt.ULPM.Gen
Additional information
File size: 7680 bytes

santy
16.10.2007, 09:55
Файл zw0jzcrr.exe получен 2007.10.16 08:43:07 (CET)
Результат: 19/32 (59.38%)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.16.1 2007.10.16 -
AntiVir 7.6.0.23 2007.10.16 HEUR/Malware
Authentium 4.93.8 2007.10.14 Possibly a new variant of W32/new-malware!Maximus
Avast 4.7.1051.0 2007.10.15 -
AVG 7.5.0.488 2007.10.15 Downloader.Generic6.KPH
BitDefender 7.2 2007.10.16 Generic.Malware.Bdld!!.ACF63F02
CAT-QuickHeal 9.00 2007.10.15 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.10.14 -
DrWeb 4.44.0.09170 2007.10.15 Trojan.DownLoader.28665
eSafe 7.0.15.0 2007.10.15 suspicious Trojan/Worm
eTrust-Vet 31.2.5213 2007.10.15 -
Ewido 4.0 2007.10.15 -
FileAdvisor 1 2007.10.16 -
Fortinet 3.11.0.0 2007.10.16 -
F-Prot 4.3.2.48 2007.10.15 W32/Downloader-Sml-based!Maximus
F-Secure 6.70.13030.0 2007.10.16 Trojan-Downloader.Win32.Small.gbl
Ikarus T3.1.1.12 2007.10.16 Trojan-Downloader.Win32.Small.gbl
Kaspersky 7.0.0.125 2007.10.16 Trojan-Downloader.Win32.Small.gbl
McAfee 5141 2007.10.15 -
Microsoft 1.2908 2007.10.16 -
NOD32v2 2592 2007.10.15 a variant of Win32/TrojanDownloader.Small.NWJ
Norman 5.80.02 2007.10.15 Harnig.gen1
Panda 9.0.0.4 2007.10.16 Suspicious file
Prevx1 V2 2007.10.16 -
Rising 19.45.11.00 2007.10.16 -
Sophos 4.22.0 2007.10.16 Mal/Behav-112
Sunbelt 2.2.907.0 2007.10.16 VIPRE.Suspicious
Symantec 10 2007.10.16 -
TheHacker 6.2.8.091 2007.10.15 -
VBA32 3.12.2.4 2007.10.15 Trojan.DownLoader.28665
VirusBuster 4.3.26:9 2007.10.15 Packed/FSG
Webwasher-Gateway 6.6.1 2007.10.16 Heuristic.Malware
Дополнительная информация
File size: 1661 bytes
MD5: 2838f4233a78514921f231268a3d11a8
SHA1: f4ed349ad83099234f25bab0d4d43efcd8ce09c9
packers: FSG

santy
17.10.2007, 09:59
Файл lloh.exe получен 2007.10.17 05:57:21 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.17.0 2007.10.16 -
AntiVir 7.6.0.23 2007.10.16 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.10.17 -
Avast 4.7.1051.0 2007.10.17 -
AVG 7.5.0.488 2007.10.16 -
BitDefender 7.2 2007.10.17 -
CAT-QuickHeal 9.00 2007.10.16 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.10.16 -
DrWeb 4.44.0.09170 2007.10.17 -
eSafe 7.0.15.0 2007.10.15 Suspicious File
eTrust-Vet 31.2.5216 2007.10.17 -
Ewido 4.0 2007.10.16 -
FileAdvisor 1 2007.10.17 -
Fortinet 3.11.0.0 2007.10.17 -
F-Prot 4.3.2.48 2007.10.17 -
F-Secure 6.70.13030.0 2007.10.17 -
Ikarus T3.1.1.12 2007.10.17 -
Kaspersky 7.0.0.125 2007.10.17 -
McAfee 5142 2007.10.16 -
Microsoft 1.2908 2007.10.16 -
NOD32v2 2596 2007.10.17 -
Norman 5.80.02 2007.10.16 -
Panda 9.0.0.4 2007.10.16 Suspicious file
Prevx1 V2 2007.10.17 -
Rising 19.45.20.00 2007.10.17 -
Sophos 4.22.0 2007.10.17 Mal/Basine-C
Sunbelt 2.2.907.0 2007.10.16 -
Symantec 10 2007.10.17 -
TheHacker 6.2.8.093 2007.10.16 -
VBA32 3.12.2.4 2007.10.16 -
VirusBuster 4.3.26:9 2007.10.16 -
Webwasher-Gateway 6.6.1 2007.10.17 Trojan.Crypt.XPACK.Gen
Дополнительная информация
File size: 34783 bytes
MD5: 6c2344a4f1e2ac6bb2f02f72d82f5494
SHA1: a91fbaae3ad33ab64a359fd7d6cc97142959a273
---
ВирЛаб ДрВеб ответил, что файл поврежден.

PavelA
17.10.2007, 14:16
Из раздела "Помогите":

Файл ip6fw.sys получен 2007.10.17 12:54:42 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.17.1 2007.10.17 Win-Trojan/Agent.7552
AntiVir 7.6.0.23 2007.10.17 RKIT/Ntech.I
Authentium 4.93.8 2007.10.17 W32/DL_small.FJ
Avast 4.7.1051.0 2007.10.17 Win32:Agent-KIR
AVG 7.5.0.488 2007.10.16 Downloader.Agent.OFN
BitDefender 7.2 2007.10.17 Trojan.Rootkit.GDX
CAT-QuickHeal 9.00 2007.10.16 TrojanDownloader.Agent.acl
ClamAV 0.91.2 2007.10.16 Trojan.Downloader-6838
DrWeb 4.44.0.09170 2007.10.17 BackDoor.Bulknet
eSafe 7.0.15.0 2007.10.15 Win32.Agent.acl
eTrust-Vet 31.2.5216 2007.10.17 Win32/Cutwail!generic
Ewido 4.0 2007.10.17 Downloader.Agent.acl
FileAdvisor 1 2007.10.17 High threat detected
Fortinet 3.11.0.0 2007.10.17 W32/Pushu.ACL!tr
F-Prot 4.3.2.48 2007.10.17 W32/DL_small.FJ
F-Secure 6.70.13030.0 2007.10.17 Trojan-Downloader.Win32.Agent.acl
Ikarus T3.1.1.12 2007.10.17 Trojan-Downloader.Win32.Agent.acl
Kaspersky 7.0.0.125 2007.10.17 Trojan-Downloader.Win32.Agent.acl
McAfee 5142 2007.10.16 Generic RootKit.a
Microsoft 1.2908 2007.10.16 VirTool:WinNT/Cutwail.C
NOD32v2 2597 2007.10.17 Win32/Rootkit.Agent.DP
Norman 5.80.02 2007.10.16 W32/Agent.CPCD
Panda 9.0.0.4 2007.10.16 Generic Trojan Prevx1 V2 2007.10.17 -
Rising 19.45.22.00 2007.10.17 Trojan.DL.Win32.Agent.acl
Sophos 4.22.0 2007.10.17 Troj/Pushu-Gen
Sunbelt 2.2.907.0 2007.10.16 -
Symantec 10 2007.10.17 -
TheHacker 6.2.8.096 2007.10.17 Trojan/Downloader.Agent.acl
VBA32 3.12.2.4 2007.10.17 Trojan-Downloader.Win32.Agent.acl
VirusBuster 4.3.26:9 2007.10.16 Trojan.Pandex.H
Webwasher-Gateway 6.6.1 2007.10.17 Rootkit.Ntech.I
Дополнительная информация
File size: 29056 bytes
MD5: 281486d13a98744ace4c478e555e30b6
SHA1: edc40db17b9e20ad51fde4cde684289591103c9f
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=281486d13a98744ace4c478e555e30b6

PavelA
18.10.2007, 13:00
из раздела "Помогите"

Файл avz00001.dta (c:\windows\system32\svchost.exe:ext.exe:$DATA) получен 2007.10.18 11:43:10 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.18.0 2007.10.17 -
AntiVir 7.6.0.23 2007.10.18 TR/Hijack.Explor.690
Authentium 4.93.8 2007.10.17 -
Avast 4.7.1051.0 2007.10.17 -
AVG 7.5.0.488 2007.10.17 SHeur.TPX
BitDefender 7.2 2007.10.18 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 9.00 2007.10.18 -
ClamAV 0.91.2 2007.10.17 -
DrWeb 4.44.0.09170 2007.10.18 -
eSafe 7.0.15.0 2007.10.15 suspicious Trojan/Worm
eTrust-Vet 31.2.5220 2007.10.18 -
Ewido 4.0 2007.10.17 -
FileAdvisor 1 2007.10.18 -
Fortinet 3.11.0.0 2007.10.18 -
F-Prot 4.3.2.48 2007.10.18 -
F-Secure 6.70.13030.0 2007.10.18 -
Ikarus T3.1.1.12 2007.10.18 BehavesLikeWin32.ExplorerHijack
Kaspersky 7.0.0.125 2007.10.18 Heur.Trojan.Generic
McAfee 5143 2007.10.17 -
Microsoft 1.2908 2007.10.18 -
NOD32v2 2599 2007.10.17 -
Norman 5.80.02 2007.10.17 -
Panda 9.0.0.4 2007.10.18 -
Prevx1 V2 2007.10.18 -
Rising 19.45.32.00 2007.10.18 -
Sophos 4.22.0 2007.10.18 Mal/Behav-150
Sunbelt 2.2.907.0 2007.10.18 -
Symantec 10 2007.10.18 -
TheHacker 6.2.9.097 2007.10.18 -
VBA32 3.12.2.4 2007.10.17 -
VirusBuster 4.3.26:9 2007.10.17 -
Webwasher-Gateway 6.6.1 2007.10.18 Trojan.Hijack.Explor.690
Дополнительная информация
File size: 24064 bytes
MD5: c8ab1a5d3abb777247e4a7ec8d7a77a6
SHA1: 2eb66ec40c488056fad216e963c56adbd74a4d9e
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX

Интересно. что Икарус и Касперский на этот раз говорят по разному.

drongo
19.10.2007, 00:03
Файл avz00003.dta получен 2007.10.18 22:52:09 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.19.0 2007.10.18 -
AntiVir 7.6.0.27 2007.10.18 HEUR/Crypted
Authentium 4.93.8 2007.10.18 -
Avast 4.7.1051.0 2007.10.18 -
AVG 7.5.0.488 2007.10.18 -
BitDefender 7.2 2007.10.18 -
CAT-QuickHeal 9.00 2007.10.18 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.10.17 PUA.Packed.UPack-2
DrWeb 4.44.0.09170 2007.10.18 -
eSafe 7.0.15.0 2007.10.15 Suspicious File
eTrust-Vet 31.2.5220 2007.10.18 -
Ewido 4.0 2007.10.18 -
FileAdvisor 1 2007.10.18 -
Fortinet 3.11.0.0 2007.10.18 -
F-Prot 4.3.2.48 2007.10.18 -
F-Secure 6.70.13030.0 2007.10.18 Trojan-PSW.Win32.LdPinch.dus
Ikarus T3.1.1.12 2007.10.18 Trojan-Downloader.Win32.Zlob.and
Kaspersky 7.0.0.125 2007.10.18 Trojan-PSW.Win32.LdPinch.dus
McAfee 5144 2007.10.18 New Malware.aj
Microsoft 1.2908 2007.10.18 -
NOD32v2 2601 2007.10.18 -
Norman 5.80.02 2007.10.18 W32/Suspicious_U.gen
Panda 9.0.0.4 2007.10.18 Suspicious file
Prevx1 V2 2007.10.18 Malware.Gen
Rising 19.45.32.00 2007.10.18 -
Sophos 4.22.0 2007.10.18 Mal/Packer
Sunbelt 2.2.907.0 2007.10.18 VIPRE.Suspicious
Symantec 10 2007.10.18 -
TheHacker 6.2.9.097 2007.10.18 W32/Behav-Heuristic-060
VBA32 3.12.2.4 2007.10.17 -
VirusBuster 4.3.26:9 2007.10.18 Packed/Upack
Webwasher-Gateway 6.6.1 2007.10.18 Heuristic.Crypted
Дополнительная информация
File size: 19116 bytes
MD5: 85a290e78a75dc49ed2e8d0622b928cf
SHA1: 806b9b0966dc2ee60f96b8d99016348b0668b018
packers: UPack
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=7CCC0333ACB98B5F4A9200B35C3FEA006 3A58C8B
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

TANUKI
20.10.2007, 01:34
Файл C1AA5427d01 получен 2007.10.20 00:15:08 (CET)

AhnLab-V3 2007.10.20.0 2007.10.19 -
AntiVir 7.6.0.27 2007.10.19 -
Authentium 4.93.8 2007.10.19 -
Avast 4.7.1051.0 2007.10.19 -
AVG 7.5.0.488 2007.10.19 -
BitDefender 7.2 2007.10.19 -
CAT-QuickHeal 9.00 2007.10.19 -
ClamAV 0.91.2 2007.10.17 -
DrWeb 4.44.0.09170 2007.10.19 -
eSafe 7.0.15.0 2007.10.15 -
eTrust-Vet 31.2.5223 2007.10.19 -
Ewido 4.0 2007.10.19 -
FileAdvisor 1 2007.10.20 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.19 -
F-Secure 6.70.13030.0 2007.10.19 Trojan-Downloader.JS.Remora.w
Ikarus T3.1.1.12 2007.10.19 -
Kaspersky 7.0.0.125 2007.10.19 Trojan-Downloader.JS.Remora.w
McAfee 5145 2007.10.19 -
Microsoft 1.2908 2007.10.20 -
NOD32v2 2604 2007.10.19 -
Norman 5.80.02 2007.10.19 -
Panda 9.0.0.4 2007.10.19 -
Prevx1 V2 2007.10.20 -
Rising 19.45.42.00 2007.10.19 -
Sophos 4.22.0 2007.10.19 -
Sunbelt 2.2.907.0 2007.10.19 -
Symantec 10 2007.10.19 -
TheHacker 6.2.9.100 2007.10.19 -
VBA32 3.12.2.4 2007.10.19 -
VirusBuster 4.3.26:9 2007.10.19 -
Webwasher-Gateway 6.0.1 2007.10.19 -

NickGolovko
20.10.2007, 09:20
Файл avz00001.dta получен 2007.10.20 06:41:56 (CET)

Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.20.0 2007.10.19 -
AntiVir 7.6.0.27 2007.10.19 -
Authentium 4.93.8 2007.10.19 -
Avast 4.7.1051.0 2007.10.19 -
AVG 7.5.0.488 2007.10.19 -
BitDefender 7.2 2007.10.20 -
CAT-QuickHeal 9.00 2007.10.19 -
ClamAV 0.91.2 2007.10.17 -
DrWeb 4.44.0.09170 2007.10.19 -
eSafe 7.0.15.0 2007.10.15 -
eTrust-Vet 31.2.5225 2007.10.20 -
Ewido 4.0 2007.10.19 -
FileAdvisor 1 2007.10.20 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.19 -
F-Secure 6.70.13030.0 2007.10.19 -
Ikarus T3.1.1.12 2007.10.20 -
Kaspersky 7.0.0.125 2007.10.20 -
McAfee 5145 2007.10.19 -
Microsoft 1.2908 2007.10.20 -
NOD32v2 2604 2007.10.19 -
Norman 5.80.02 2007.10.19 -
Panda 9.0.0.4 2007.10.19 -
Prevx1 V2 2007.10.20 -
Rising 19.45.50.00 2007.10.20 -
Sophos 4.22.0 2007.10.19 Mal/Behav-010
Sunbelt 2.2.907.0 2007.10.20 -
Symantec 10 2007.10.20 -
TheHacker 6.2.9.100 2007.10.19 -
VBA32 3.12.2.4 2007.10.19 -
VirusBuster 4.3.26:9 2007.10.19 -
Webwasher-Gateway 6.6.1 2007.10.19 -
Дополнительная информация
File size: 15200 bytes
MD5: 9834a1a1e24d85b0577ddabbe854bf13
SHA1: 4488f20638e7ff873a09f730c477fc6b8c437735

Теперь это Rootkit.Win32.Agent.lf

NickGolovko
21.10.2007, 07:28
File avz00001.dta received on 10.21.2007 05:57:46 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2007.10.20.0 2007.10.19 Win-Trojan/Rootkit.17664
AntiVir 7.6.0.27 2007.10.20 TR/Rootkit.Gen
Authentium 4.93.8 2007.10.20 -
Avast 4.7.1051.0 2007.10.20 -
AVG 7.5.0.488 2007.10.20 -
BitDefender 7.2 2007.10.21 Trojan.Conhook.CW
CAT-QuickHeal 9.00 2007.10.20 -
ClamAV 0.91.2 2007.10.20 -
DrWeb 4.44.0.09170 2007.10.20 Trojan.Sentinel
eSafe 7.0.15.0 2007.10.15 -
eTrust-Vet 31.2.5225 2007.10.20 -
Ewido 4.0 2007.10.20 -
FileAdvisor 1 2007.10.21 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.20 -
F-Secure 6.70.13030.0 2007.10.19 -
Ikarus T3.1.1.12 2007.10.21 -
Kaspersky 7.0.0.125 2007.10.21 -
McAfee 5145 2007.10.19 -
Microsoft 1.2908 2007.10.21 -
NOD32v2 2604 2007.10.19 -
Norman 5.80.02 2007.10.19 -
Panda 9.0.0.4 2007.10.20 -
Prevx1 V2 2007.10.21 -
Rising 19.45.61.00 2007.10.21 -
Sophos 4.22.0 2007.10.21 -
Sunbelt 2.2.907.0 2007.10.20 -
Symantec 10 2007.10.21 -
TheHacker 6.2.9.101 2007.10.20 -
VBA32 3.12.2.4 2007.10.19 -
VirusBuster 4.3.26:9 2007.10.20 -
Webwasher-Gateway 6.6.1 2007.10.20 Trojan.Rootkit.Gen
Additional information
File size: 17664 bytes
MD5: fc59e69c5810f26a1bc9c82520b053f2
SHA1: 903901213bcc8a5166e116166f29d42003011d02

Brutal
21.10.2007, 12:22
File patch.exe received on 10.21.2007 10:37:57 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2007.10.20.0 2007.10.19 -
AntiVir 7.6.0.27 2007.10.20 BDS/Agent.XN.21
Authentium 4.93.8 2007.10.20 -
Avast 4.7.1051.0 2007.10.20 -
AVG 7.5.0.488 2007.10.20 -
BitDefender 7.2 2007.10.21 Backdoor.Agent.XN
CAT-QuickHeal 9.00 2007.10.20 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.10.20 -
DrWeb 4.44.0.09170 2007.10.20 -
eSafe 7.0.15.0 2007.10.15 Win32.Agent.xn
eTrust-Vet 31.2.5225 2007.10.20 -
Ewido 4.0 2007.10.20 -
FileAdvisor 1 2007.10.21 High threat detected
Fortinet 3.11.0.0 2007.10.19 PossibleThreat
F-Prot 4.3.2.48 2007.10.20 -
F-Secure 6.70.13030.0 2007.10.19 W32/Agent.AHEE
Ikarus T3.1.1.12 2007.10.21 Trojan-PWS.Win32.Agent.BU
Kaspersky 7.0.0.125 2007.10.21 -
McAfee 5145 2007.10.19 -
Microsoft 1.2908 2007.10.21 -
NOD32v2 2604 2007.10.19 probably a variant of Win32/Agent
Norman 5.80.02 2007.10.19 W32/Agent.AHEE
Panda 9.0.0.4 2007.10.20 Generic Trojan
Prevx1 V2 2007.10.21 -
Rising 19.45.61.00 2007.10.21 -
Sophos 4.22.0 2007.10.21 Mal/Packer
Sunbelt 2.2.907.0 2007.10.20 Backdoor.Agent.XN
Symantec 10 2007.10.21 Backdoor.Trojan
TheHacker 6.2.9.103 2007.10.21 -
VBA32 3.12.2.4 2007.10.19 -
VirusBuster 4.3.26:9 2007.10.20 Packed/NSPack
Webwasher-Gateway 6.6.1 2007.10.20 Trojan.Agent.XN.21


Приятель с ноутбуком приходил, вот такого зверька у него обнаружил.

PS. У меня вопрос по поводу сводной таблицы:
Pack/Crypt означает, что антивирус не смог распаковать егзешник?

XL
21.10.2007, 22:44
Почистил рабочую флэшку каспером, вот что не обнаружилось:


Файл avz00005.dta получен 2007.10.21 21:29:42 (CET)

AhnLab-V3 2007.10.20.0 2007.10.19 -
AntiVir 7.6.0.27 2007.10.21 TR/Crypt.FKM.Gen
Authentium 4.93.8 2007.10.20 -
Avast 4.7.1051.0 2007.10.21 Win32:Goldun-KG
AVG 7.5.0.488 2007.10.21 -
BitDefender 7.2 2007.10.21 -
CAT-QuickHeal 9.00 2007.10.20 -
ClamAV 0.91.2 2007.10.21 -
DrWeb 4.44.0.09170 2007.10.21 Trojan.PWS.GoldSpy
eSafe 7.0.15.0 2007.10.15 suspicious Trojan/Worm
eTrust-Vet 31.2.5225 2007.10.20 -
Ewido 4.0 2007.10.21 -
FileAdvisor 1 2007.10.21 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.20 -
F-Secure 6.70.13030.0 2007.10.21 -
Ikarus T3.1.1.12 2007.10.21 Trojan.Win32.Delf.nf
Kaspersky 7.0.0.125 2007.10.21 -
McAfee 5145 2007.10.19 -
Microsoft 1.2908 2007.10.21 -
NOD32v2 2604 2007.10.19 -
Norman 5.80.02 2007.10.19 -
Panda 9.0.0.4 2007.10.21 -
Prevx1 V2 2007.10.21 Heuristic: Suspicious File With Code Injection Technology
Rising 19.45.62.00 2007.10.21 -
Sophos 4.22.0 2007.10.21 -
Sunbelt 2.2.907.0 2007.10.20 Goldun.Fam
Symantec 10 2007.10.21 Trojan.Goldun
TheHacker 6.2.9.103 2007.10.21 -
VBA32 3.12.2.4 2007.10.19 -
VirusBuster 4.3.26:9 2007.10.21 -
Webwasher-Gateway 6.6.1 2007.10.21 Trojan.Crypt.FKM.Gen


Файл avz00006.dta получен 2007.10.21 21:30:16 (CET)

AhnLab-V3 2007.10.19.0 2007.10.18 -
AntiVir 7.6.0.27 2007.10.21 TR/Rootkit.Gen
Authentium 4.93.8 2007.10.20 -
Avast 4.7.1051.0 2007.10.21 Win32:Small-EPJ
AVG 7.5.0.488 2007.10.21 BackDoor.Generic8.NOA
BitDefender 7.2 2007.10.21 -
CAT-QuickHeal 9.00 2007.10.20 -
ClamAV 0.91.2 2007.10.21 -
DrWeb 4.44.0.09170 2007.10.21 -
eSafe 7.0.15.0 2007.10.15 -
eTrust-Vet 31.2.5225 2007.10.20 -
Ewido 4.0 2007.10.21 -
FileAdvisor 1 2007.10.21 -
Fortinet 3.11.0.0 2007.10.19 RKRun!tr
F-Prot 4.3.2.48 2007.10.20 -
F-Secure 6.70.13030.0 2007.10.21 W32/Rootkit.ARY
Ikarus T3.1.1.12 2007.10.21 Virus.Win32.Small.EPJ
Kaspersky 7.0.0.125 2007.10.21 -
McAfee 5145 2007.10.19 -
Microsoft 1.2908 2007.10.21 Trojan:WinNT/Cutwail.A!sys
NOD32v2 2604 2007.10.19 a variant of Win32/Rootkit.Agent.EY
Norman 5.80.02 2007.10.19 W32/Rootkit.ARY
Panda 9.0.0.4 2007.10.21 -
Prevx1 V2 2007.10.21 -
Rising 19.45.62.00 2007.10.21 -
Sophos 4.22.0 2007.10.21 Troj/RKRun-Gen
Sunbelt 2.2.907.0 2007.10.18 Trojan.Pandex
Symantec 10 2007.10.21 Trojan.Pandex
TheHacker 6.2.9.103 2007.10.21 -
VBA32 3.12.2.4 2007.10.19 -
VirusBuster 4.3.26:9 2007.10.21 -
Webwasher-Gateway 6.6.1 2007.10.21 Trojan.Rootkit.Gen

Добавлено через 5 минут

и еще:


Файл avz00013.dta получен 2007.10.21 21:33:51 (CET)
AhnLab-V3 2007.10.20.0 2007.10.19 -
AntiVir 7.6.0.27 2007.10.21 HEUR/Malware
Authentium 4.93.8 2007.10.20 -
Avast 4.7.1051.0 2007.10.21 Win32:Warezov-CMI
AVG 7.5.0.488 2007.10.21 I-Worm/Stration.DRV
BitDefender 7.2 2007.10.21 [email protected]
CAT-QuickHeal 9.00 2007.10.20 -
ClamAV 0.91.2 2007.10.21 -
DrWeb 4.44.0.09170 2007.10.21 Win32.HLLM.Limar.2138
eSafe 7.0.15.0 2007.10.15 -
eTrust-Vet 31.2.5225 2007.10.20 -
Ewido 4.0 2007.10.21 -
FileAdvisor 1 2007.10.21 -
Fortinet 3.11.0.0 2007.10.19 W32/[email protected]
F-Prot 4.3.2.48 2007.10.20 -
F-Secure 6.70.13030.0 2007.10.21 -
Ikarus T3.1.1.12 2007.10.21 Win32.Stration.DBG
Kaspersky 7.0.0.125 2007.10.21 -
McAfee 5145 2007.10.19 -
Microsoft 1.2908 2007.10.21 -
NOD32v2 2604 2007.10.19 a variant of Win32/Stration
Norman 5.80.02 2007.10.19 -
Panda 9.0.0.4 2007.10.21 Suspicious file
Prevx1 V2 2007.10.21 -
Rising 19.45.62.00 2007.10.21 -
Sophos 4.22.0 2007.10.21 W32/Strati-Gen
Sunbelt 2.2.907.0 2007.10.20 -
Symantec 10 2007.10.21 -
TheHacker 6.2.9.103 2007.10.21 -
VBA32 3.12.2.4 2007.10.19 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.26:9 2007.10.21 -
Webwasher-Gateway 6.6.1 2007.10.21 Heuristic.Malware

santy
22.10.2007, 06:42
файл lloh.VVexe получен 2007.10.22 05:22:52 (CET)
(см. лог он 2007.10.17 там еще никем из основных АВ не определялся)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.20.0 2007.10.19 -
AntiVir 7.6.0.27 2007.10.21 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.10.22 -
Avast 4.7.1051.0 2007.10.21 -
AVG 7.5.0.488 2007.10.21 PSW.Ldpinch.QMC
BitDefender 7.2 2007.10.22 Trojan.PWS.LdPinch.DUP
CAT-QuickHeal 9.00 2007.10.20 TrojanPSW.LdPinch.dup
ClamAV 0.91.2 2007.10.22 -
DrWeb 4.44.0.09170 2007.10.21 Trojan.Spambot
eSafe 7.0.15.0 2007.10.21 Suspicious File
eTrust-Vet 31.2.5225 2007.10.20 -
Ewido 4.0 2007.10.21 -
FileAdvisor 1 2007.10.22 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.22 -
F-Secure 6.70.13030.0 2007.10.22 Trojan-PSW.Win32.LdPinch.dup
Ikarus T3.1.1.12 2007.10.21 Trojan-PWS.LDPinch.DUP
Kaspersky 7.0.0.125 2007.10.22 Trojan-PSW.Win32.LdPinch.dup
McAfee 5145 2007.10.19 -
Microsoft 1.2908 2007.10.22 -
NOD32v2 2605 2007.10.22 Win32/PSW.LdPinch.DUP
Norman 5.80.02 2007.10.19 -
Panda 9.0.0.4 2007.10.21 Suspicious file
Prevx1 V2 2007.10.22 Malware.Gen
Rising 19.45.62.00 2007.10.21 Trojan.PSW.Win32.LdPinch.dup
Sophos 4.22.0 2007.10.22 Mal/Basine-C
Sunbelt 2.2.907.0 2007.10.20 Trojan-PSW.Win32.LdPinch.dup
Symantec 10 2007.10.22 -
TheHacker 6.2.9.103 2007.10.21 -
VBA32 3.12.2.4 2007.10.19 -
VirusBuster 4.3.26:9 2007.10.21 Trojan.PWS.LdPinch.BZC
Webwasher-Gateway 6.6.1 2007.10.21 Trojan.Crypt.XPACK.Gen
Дополнительная информация
File size: 34783 bytes
MD5: 6c2344a4f1e2ac6bb2f02f72d82f5494
SHA1: a91fbaae3ad33ab64a359fd7d6cc97142959a273

XL
23.10.2007, 00:41
Файл avz00001.dta получен 2007.10.22 23:23:43 (CET)


AhnLab-V3 2007.10.23.0 2007.10.22 Win-AppCare/Bho.73728.D
AntiVir 7.6.0.27 2007.10.22 -
Authentium 4.93.8 2007.10.22 -
Avast 4.7.1051.0 2007.10.22 Win32:RuPorn
AVG 7.5.0.488 2007.10.22 -
BitDefender 7.2 2007.10.22 -
CAT-QuickHeal 9.00 2007.10.22 -
ClamAV 0.91.2 2007.10.22 -
DrWeb 4.44.0.09170 2007.10.22 -
eSafe 7.0.15.0 2007.10.22 -
eTrust-Vet 31.2.5230 2007.10.22 -
Ewido 4.0 2007.10.22 -
FileAdvisor 1 2007.10.22 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.22 -
F-Secure 6.70.13030.0 2007.10.22 -
Ikarus T3.1.1.12 2007.10.22 Virus.Win32.RuPorn
Kaspersky 7.0.0.125 2007.10.22 -
McAfee 5146 2007.10.22 -
Microsoft 1.2908 2007.10.22 -
NOD32v2 2607 2007.10.22 -
Norman 5.80.02 2007.10.22 -
Panda 9.0.0.4 2007.10.22 Suspicious file
Prevx1 V2 2007.10.22 -
Rising 19.46.02.00 2007.10.22 -
Sophos 4.22.0 2007.10.22 -
Sunbelt 2.2.907.0 2007.10.20 -
Symantec 10 2007.10.22 -
TheHacker 6.2.9.104 2007.10.22 -
VBA32 3.12.2.4 2007.10.22 suspected of Downloader.Small.110 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.10.22 -

Добавлено через 3 минуты

Файл avz00003.dta получен 2007.10.22 23:25:12 (CET)


AhnLab-V3 2007.10.23.0 2007.10.22 -
AntiVir 7.6.0.27 2007.10.22 TR/Crypt.Morphine.Gen
Authentium 4.93.8 2007.10.22 -
Avast 4.7.1051.0 2007.10.22 -
AVG 7.5.0.488 2007.10.22 -
BitDefender 7.2 2007.10.22 -
CAT-QuickHeal 9.00 2007.10.22 -
ClamAV 0.91.2 2007.10.22 -
DrWeb 4.44.0.09170 2007.10.22 Trojan.Sentinel
eSafe 7.0.15.0 2007.10.22 Suspicious File
eTrust-Vet 31.2.5230 2007.10.22 -
Ewido 4.0 2007.10.22 -
FileAdvisor 1 2007.10.22 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.22 -
F-Secure 6.70.13030.0 2007.10.22 W32/BHO.QG
Ikarus T3.1.1.12 2007.10.22 Trojan.Win32.StartPage.bag
Kaspersky 7.0.0.125 2007.10.22 -
McAfee 5146 2007.10.22 -
Microsoft 1.2908 2007.10.22 Trojan:Win32/Agent.ADH
NOD32v2 2607 2007.10.22 -
Norman 5.80.02 2007.10.22 W32/BHO.QG
Panda 9.0.0.4 2007.10.22 Suspicious file
Prevx1 V2 2007.10.22 -
Rising 19.46.02.00 2007.10.22 -
Sophos 4.22.0 2007.10.22 -
Sunbelt 2.2.907.0 2007.10.20 -
Symantec 10 2007.10.22 -
TheHacker 6.2.9.104 2007.10.22 -
VBA32 3.12.2.4 2007.10.22 -
VirusBuster 4.3.26:9 2007.10.22 -
Webwasher-Gateway 6.6.1 2007.10.22 Trojan.Crypt.Morphine.Gen

Deja Vu
23.10.2007, 09:00
Нашел написанный мною ... троянчик, даже скорее рекламный троян
Решил проверить ...
File TSLogo.exe received on 10.23.2007 07:50:33 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2007.10.23.0 2007.10.23 -
AntiVir 7.6.0.27 2007.10.22 -
Authentium 4.93.8 2007.10.22 -
Avast 4.7.1051.0 2007.10.22 -
AVG 7.5.0.488 2007.10.22 -
BitDefender 7.2 2007.10.22 -
CAT-QuickHeal 9.00 2007.10.22 -
ClamAV 0.91.2 2007.10.23 -
DrWeb 4.44.0.09170 2007.10.23 -
eSafe 7.0.15.0 2007.10.22 -
eTrust-Vet 31.2.5232 2007.10.23 -
Ewido 4.0 2007.10.21 -
FileAdvisor 1 2007.10.23 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.22 -
F-Secure 6.70.13030.0 2007.10.23 -
Ikarus T3.1.1.12 2007.10.23 -
Kaspersky 7.0.0.125 2007.10.23 Heur.Trojan.Generic
McAfee 5146 2007.10.22 -
Microsoft 1.2908 2007.10.23 -
NOD32v2 2608 2007.10.23 probably unknown NewHeur_PE virus
Norman 5.80.02 2007.10.22 -
Panda 9.0.0.4 2007.10.23 Suspicious file
Prevx1 V2 2007.10.23 -
Rising 19.46.11.00 2007.10.23 -
Sophos 4.22.0 2007.10.23 -
Sunbelt 2.2.907.0 2007.10.20 -
Symantec 10 2007.10.23 -
TheHacker 6.2.9.105 2007.10.23 -
VBA32 3.12.2.4 2007.10.22 -
VirusBuster 4.3.26:9 2007.10.22 -
Webwasher-Gateway 6.6.1 2007.10.23 -

NickGolovko
23.10.2007, 13:34
c:\windows\system32\csrss32.exe

Файл avz00002.dta получен 2007.10.23 12:02:00 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.23.0 2007.10.23 -
AntiVir 7.6.0.27 2007.10.23 HEUR/Malware
Authentium 4.93.8 2007.10.22 Possibly a new variant of W32/SecRisk-ProcessPatcher-Sml-based!Maximus
Avast 4.7.1051.0 2007.10.22 -
AVG 7.5.0.488 2007.10.22 -
BitDefender 7.2 2007.10.23 -
CAT-QuickHeal 9.00 2007.10.22 -
ClamAV 0.91.2 2007.10.23 -
DrWeb 4.44.0.09170 2007.10.23 -
eSafe 7.0.15.0 2007.10.22 -
eTrust-Vet 31.2.5233 2007.10.23 -
Ewido 4.0 2007.10.22 -
FileAdvisor 1 2007.10.23 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.22 W32/SecRisk-ProcessPatcher-Sml-based!Maximus
F-Secure 6.70.13030.0 2007.10.23 W32/Malware
Ikarus T3.1.1.12 2007.10.23 -
Kaspersky 7.0.0.125 2007.10.23 -
McAfee 5146 2007.10.22 -
Microsoft 1.2908 2007.10.23 -
NOD32v2 2609 2007.10.23 -
Norman 5.80.02 2007.10.22 W32/Malware
Panda 9.0.0.4 2007.10.23 Suspicious file
Prevx1 V2 2007.10.23 -
Rising 19.46.12.00 2007.10.23 -
Sophos 4.22.0 2007.10.23 Mal/Behav-010
Sunbelt 2.2.907.0 2007.10.20 -
Symantec 10 2007.10.23 -
TheHacker 6.2.9.105 2007.10.23 -
VBA32 3.12.2.4 2007.10.22 -
VirusBuster 4.3.26:9 2007.10.22 -
Webwasher-Gateway 6.0.1 2007.10.23 Heuristic.Malware
Дополнительная информация
File size: 9216 bytes
MD5: 57c9abc435269818e3983473b0c808bb
SHA1: fbb1493cbed53cee443e5230c76da9645b087e6e
norman sandbox: [ General information ]
***IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)***
File length: 9216 bytes.
[ Changes to registry ]
* Creates key \"HKLM\Software\Microsoft\Internet Explorer\Main\UsersPolicy\".
[ Security issues ]
* Modified OS kernel function code.
[ Process/window information ]
* Enumerates running processes.
* Modifies other process memory.
* Creates a remote thread.

XL
23.10.2007, 17:34
Файл mpgcodec4441.exe получен 2007.10.23 16:21:51 (CET)


AhnLab-V3 2007.10.23.0 2007.10.23 -
AntiVir 7.6.0.27 2007.10.23 TR/Dldr.Zlob.NMO
Authentium 4.93.8 2007.10.22 -
Avast 4.7.1051.0 2007.10.22 -
AVG 7.5.0.488 2007.10.23 Downloader.Zlob.KF
BitDefender 7.2 2007.10.23 Trojan.Zlob.AQ
CAT-QuickHeal 9.00 2007.10.23 -
ClamAV 0.91.2 2007.10.23 -
DrWeb 4.44.0.09170 2007.10.23 -
eSafe 7.0.15.0 2007.10.22 -
eTrust-Vet 31.2.5233 2007.10.23 -
Ewido 4.0 2007.10.23 -
FileAdvisor 1 2007.10.23 -
Fortinet 3.11.0.0 2007.10.19 Zlob.AFG!tr
F-Prot 4.3.2.48 2007.10.22 -
F-Secure 6.70.13030.0 2007.10.23 -
Ikarus T3.1.1.12 2007.10.23 Win32.DnsChanger.MP
Kaspersky 7.0.0.125 2007.10.23 -
McAfee 5146 2007.10.22 -
Microsoft 1.2908 2007.10.23 -
NOD32v2 2609 2007.10.23 -
Norman 5.80.02 2007.10.23 -
Panda 9.0.0.4 2007.10.23 Adware/EZVideo
Prevx1 V2 2007.10.23 Generic.Dropper.xCodec
Rising 19.46.12.00 2007.10.23 -
Sophos 4.22.0 2007.10.23 Troj/Zlob-AFG
Sunbelt 2.2.907.0 2007.10.20 Trojan.DNSChanger
Symantec 10 2007.10.23 -
TheHacker 6.2.9.105 2007.10.23 -
VBA32 3.12.2.4 2007.10.22 -
VirusBuster 4.3.26:9 2007.10.22 -
Webwasher-Gateway 6.0.1 2007.10.23 Trojan.Dldr.Zlob.NMO

Surfer
23.10.2007, 18:18
Файл finreal.exe получен 2007.10.23 16:49:18 (CET)


Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.23.0 2007.10.23 Win-AppCare/Webmoner.618496
AntiVir 7.6.0.27 2007.10.23 -
Authentium 4.93.8 2007.10.22 -
Avast 4.7.1051.0 2007.10.22 Win32:Trojan-gen {Other}
AVG 7.5.0.488 2007.10.23 Generic7.PAQ
BitDefender 7.2 2007.10.23 -
CAT-QuickHeal 9.00 2007.10.23 Hoax.WebMoner.bd (Not a Virus)
ClamAV 0.91.2 2007.10.23 -
DrWeb 4.44.0.09170 2007.10.23 -
eSafe 7.0.15.0 2007.10.22 -
eTrust-Vet 31.2.5233 2007.10.23 -
Ewido 4.0 2007.10.23 Not-A-Virus.Hoax.Win32.WebMoner.bd
FileAdvisor 1 2007.10.23 High threat detected
Fortinet 3.11.0.0 2007.10.19 Misc/WebMoner
F-Prot 4.3.2.48 2007.10.22 -
F-Secure 6.70.13030.0 2007.10.23 not-virus:Hoax.Win32.WebMoner.bd
Ikarus T3.1.1.12 2007.10.23 not-a-virus:Hoax.Win32.WebMoner.bd
Kaspersky 7.0.0.125 2007.10.23 not-virus:Hoax.Win32.WebMoner.bd
McAfee 5146 2007.10.22 -
Microsoft 1.2908 2007.10.23 -
NOD32v2 2609 2007.10.23 -
Norman 5.80.02 2007.10.23 W32/Webmoner.MI
Panda 9.0.0.4 2007.10.23 Trj/Webmoner.O
Prevx1 V2 2007.10.23 -
Rising 19.46.12.00 2007.10.23 -
Sophos 4.22.0 2007.10.23 -
Sunbelt 2.2.907.0 2007.10.20 Hoax.Win32.WebMoner.bd
Symantec 10 2007.10.23 -
TheHacker 6.2.9.105 2007.10.23 Aplicacion/WebMoner.bd
VBA32 3.12.2.4 2007.10.22 -
VirusBuster 4.3.26:9 2007.10.22 -
Webwasher-Gateway 6.6.1 2007.10.23 Riskware.Hoax.Webmoner.BD

Дополнительная информация
File size: 618496 bytes
MD5: 758acb4a461722d3f3bbf62f3a25844b
SHA1: 50e53b51faf3b2e4b9050b83c87b23a03bf8dc92
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=758acb4a461722d3f3bbf62f3a25844b
packers: Aspack
packers: ASPack

PavelA
24.10.2007, 12:32
Это t1.dll из раздела "Помогите!" http://virusinfo.info/showthread.php?t=13455

Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.24.1 2007.10.24 -
AntiVir 7.6.0.27 2007.10.24 HEUR/Malware
Authentium 4.93.8 2007.10.23 -
Avast 4.7.1074.0 2007.10.23 -
AVG 7.5.0.488 2007.10.23 -
BitDefender 7.2 2007.10.24 -
CAT-QuickHeal 9.00 2007.10.23 -
ClamAV 0.91.2 2007.10.24 -
DrWeb 4.44.0.09170 2007.10.24 Trojan.Proxy.2355
eSafe 7.0.15.0 2007.10.22 suspicious Trojan/Worm
eTrust-Vet 31.2.5236 2007.10.24 -
Ewido 4.0 2007.10.23 -
FileAdvisor 1 2007.10.24 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.23 -
F-Secure 6.70.13030.0 2007.10.24 -
Ikarus T3.1.1.12 2007.10.24 Trojan-Downloader.Win32.Agent.but
Kaspersky 7.0.0.125 2007.10.24 -
McAfee 5147 2007.10.23 -
Microsoft 1.2908 2007.10.24 Trojan:Win32/Agent.ADA
NOD32v2 2612 2007.10.24 -
Norman 5.80.02 2007.10.23 -
Panda 9.0.0.4 2007.10.23 Suspicious file
Prevx1 V2 2007.10.24 Malware.Gen
Rising 19.46.21.00 2007.10.24 -
Sophos 4.22.0 2007.10.24 -
Sunbelt 2.2.907.0 2007.10.23 -
Symantec 10 2007.10.24 -
TheHacker 6.2.9.106 2007.10.24 -
VBA32 3.12.2.4 2007.10.22 suspected of Malware.Agent.123 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.10.23 -

Дополнительная информация
File size: 110080 bytes
MD5: 4b5bd78dd08f76dc0fd8e887bd1ddd86
SHA1: 06fc5916a6d0adbb3896ec398a3738b9effac53e
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=D3A68A2300957376AE89018E6213F6002 556DB2F

XL
24.10.2007, 22:35
Файл avz00007.dta получен 2007.10.24 21:07:28 (CET)


AhnLab-V3 2007.10.25.0 2007.10.24 -
AntiVir 7.6.0.27 2007.10.24 TR/Small.62976
Authentium 4.93.8 2007.10.23 -
Avast 4.7.1074.0 2007.10.23 -
AVG 7.5.0.488 2007.10.24 Proxy.TYV
BitDefender 7.2 2007.10.24 -
CAT-QuickHeal 9.00 2007.10.23 -
ClamAV 0.91.2 2007.10.24 -
DrWeb 4.44.0.09170 2007.10.24 DLOADER.Trojan
eSafe 7.0.15.0 2007.10.22 suspicious Trojan/Worm
eTrust-Vet 31.2.5237 2007.10.24 -
Ewido 4.0 2007.10.24 -
FileAdvisor 1 2007.10.24 High threat detected
Fortinet 3.11.0.0 2007.10.19 W32/Dloader.QVJ!tr
F-Prot 4.3.2.48 2007.10.23 -
F-Secure 6.70.13030.0 2007.10.24 W32/Horst.gen32
Ikarus T3.1.1.12 2007.10.24 Win32.SuspectCrc
Kaspersky 7.0.0.125 2007.10.24 -
McAfee 5147 2007.10.23 -
Microsoft 1.2908 2007.10.24 -
NOD32v2 2614 2007.10.24 probably unknown NewHeur_PE virus
Norman 5.80.02 2007.10.24 W32/Horst.gen32
Panda 9.0.0.4 2007.10.23 Trj/Downloader.QKS
Prevx1 V2 2007.10.24 -
Rising 19.46.22.00 2007.10.24 -
Sophos 4.22.0 2007.10.24 Mal/Emogen-G
Sunbelt 2.2.907.0 2007.10.24 -
Symantec 10 2007.10.24 -
TheHacker 6.2.9.106 2007.10.24 -
VBA32 3.12.2.4 2007.10.24 -
VirusBuster 4.3.26:9 2007.10.24 -
Webwasher-Gateway 6.6.1 2007.10.24 Trojan.Small.62976

Добавлено через 5 минут

Файл avz00028.dta получен 2007.10.24 21:07:51 (CET)


AhnLab-V3 2007.10.25.0 2007.10.24 -
AntiVir 7.6.0.27 2007.10.24 WORM/Zhelatin.Gen
Authentium 4.93.8 2007.10.23 -
Avast 4.7.1074.0 2007.10.23 Win32:Tibser
AVG 7.5.0.488 2007.10.24 Downloader.Tibs
BitDefender 7.2 2007.10.24 Trojan.Peed.IKO
CAT-QuickHeal 9.00 2007.10.23 Win32.Email-Worm.Zhelatin.he
ClamAV 0.91.2 2007.10.24 Trojan.Small-4122
DrWeb 4.44.0.09170 2007.10.24 Trojan.Packed.142
eSafe 7.0.15.0 2007.10.22 Win32.Packed.13
eTrust-Vet 31.2.5237 2007.10.24 Win32/Tibs!generic
Ewido 4.0 2007.10.24 -
FileAdvisor 1 2007.10.24 High threat detected
Fortinet 3.11.0.0 2007.10.19 W32/[email protected]
F-Prot 4.3.2.48 2007.10.23 -
F-Secure 6.70.13030.0 2007.10.24 Tibs.gen135
Ikarus T3.1.1.12 2007.10.24 Packed.Win32.Tibs.ca
Kaspersky 7.0.0.125 2007.10.24 -
McAfee 5147 2007.10.23 Tibs-Packed
Microsoft 1.2908 2007.10.24 Trojan:Win32/Tibs.EK
NOD32v2 2614 2007.10.24 Win32/Nuwar.Gen
Norman 5.80.02 2007.10.24 Tibs.gen135
Panda 9.0.0.4 2007.10.23 Trj/Alanchum.MV
Prevx1 V2 2007.10.24 -
Rising 19.46.22.00 2007.10.24 Trojan.Win32.Tibs.quc
Sophos 4.22.0 2007.10.24 Mal/Dorf-A
Sunbelt 2.2.907.0 2007.10.24 Trojan.Vxgame.z
Symantec 10 2007.10.24 Trojan.Packed.13
TheHacker 6.2.9.106 2007.10.24 W32/Zhelatin.genw
VBA32 3.12.2.4 2007.10.24 Worm.Win32.Nuwar.Gen
VirusBuster 4.3.26:9 2007.10.24 Trojan.Tibs.Gen!Pac.132

santy
25.10.2007, 07:31
Файл rt25.exe получен 2007.10.25 06:03:25 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.25.0 2007.10.25 -
AntiVir 7.6.0.27 2007.10.24 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.10.24 -
Avast 4.7.1074.0 2007.10.25 -
AVG 7.5.0.488 2007.10.24 -
BitDefender 7.2 2007.10.25 Trojan.PWS.LdPinch.TDK
CAT-QuickHeal 9.00 2007.10.23 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.10.25 -
DrWeb 4.44.0.09170 2007.10.24 Trojan.Packed.188
eSafe 7.0.15.0 2007.10.22 Suspicious File
eTrust-Vet 31.2.5239 2007.10.25 -
Ewido 4.0 2007.10.24 -
FileAdvisor 1 2007.10.25 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.24 -
F-Secure 6.70.13030.0 2007.10.25 -
Ikarus T3.1.1.12 2007.10.25 -
Kaspersky 7.0.0.125 2007.10.25 -
McAfee 5148 2007.10.24 -
Microsoft 1.2908 2007.10.25 -
NOD32v2 2614 2007.10.24 -
Norman 5.80.02 2007.10.24 -
Panda 9.0.0.4 2007.10.25 Suspicious file
Prevx1 V2 2007.10.25 -
Rising 19.46.30.00 2007.10.25 -
Sophos 4.22.0 2007.10.25 Mal/Basine-C
Sunbelt 2.2.907.0 2007.10.24 -
Symantec 10 2007.10.25 -
TheHacker 6.2.9.106 2007.10.24 -
VBA32 3.12.2.4 2007.10.24 -
VirusBuster 4.3.26:9 2007.10.24 -
Webwasher-Gateway 6.6.1 2007.10.25 Trojan.Crypt.XPACK.Gen
Дополнительная информация
File size: 34956 bytes
MD5: 056cc3d4fb9beb59a181b7213141c801
SHA1: d48e44999b3d4048ca232311977b6548cab519a6

ISO
25.10.2007, 17:55
Antivirus Version Last Update Result
AhnLab-V3 2007.10.25.0 2007.10.25 -
AntiVir 7.6.0.27 2007.10.25 -
Authentium 4.93.8 2007.10.24 -
Avast 4.7.1074.0 2007.10.25 -
AVG 7.5.0.488 2007.10.24 -
BitDefender 7.2 2007.10.25 -
CAT-QuickHeal 9.00 2007.10.25 -
ClamAV 0.91.2 2007.10.25 -
DrWeb 4.44.0.09170 2007.10.25 -
eSafe 7.0.15.0 2007.10.22 -
eTrust-Vet 31.2.5241 2007.10.25 -
Ewido 4.0 2007.10.25 Worm.Fujacks.k
FileAdvisor 1 2007.10.25 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.25 -
F-Secure 6.70.13030.0 2007.10.25 Trojan.JS.Redirector.c
Ikarus T3.1.1.12 2007.10.25 -
Kaspersky 7.0.0.125 2007.10.25 Trojan.JS.Redirector.c
McAfee 5148 2007.10.24 -
Microsoft 1.2908 2007.10.25 Exploit:HTML/IframeRef.gen
NOD32v2 2617 2007.10.25 -
Norman 5.80.02 2007.10.25 -
Panda 9.0.0.4 2007.10.25 -
Prevx1 V2 2007.10.25 -
Rising 19.46.31.00 2007.10.25 -
Sophos 4.22.0 2007.10.25 -
Sunbelt 2.2.907.0 2007.10.24 -
Symantec 10 2007.10.25 -
TheHacker 6.2.9.107 2007.10.25 -
VBA32 3.12.2.4 2007.10.24 -
VirusBuster 4.3.26:9 2007.10.24 -
Webwasher-Gateway 6.0.1 2007.10.25 -
Additional information
File size: 3891 bytes
MD5: be02920a94ab1384a85505144613e897
SHA1: 04e94af34205cf14883819c2a832549acb51ecc5

Surfer
25.10.2007, 17:59
File kqxgvfeu.exe received on 10.25.2007 16:34:22 (CET)


Antivirus Version Last Update Result
AhnLab-V3 2007.10.25.0 2007.10.25 -
AntiVir 7.6.0.27 2007.10.25 -
Authentium 4.93.8 2007.10.24 -
Avast 4.7.1074.0 2007.10.25 Win32:Zhelatin-ASX
AVG 7.5.0.488 2007.10.24 Downloader.Generic6.AXL
BitDefender 7.2 2007.10.25 -
CAT-QuickHeal 9.00 2007.10.25 I-Worm.Zhelatin.gn
ClamAV 0.91.2 2007.10.25 Trojan.Small-3411
DrWeb 4.44.0.09170 2007.10.25 BackDoor.Groan
eSafe 7.0.15.0 2007.10.22 -
eTrust-Vet 31.2.5241 2007.10.25 Win32/Pecoan
Ewido 4.0 2007.10.25 -
FileAdvisor 1 2007.10.25 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.25 W32/WormX.AO
F-Secure 6.70.13030.0 2007.10.25 Email-Worm.Win32.Zhelatin.gn
Ikarus T3.1.1.12 2007.10.25 Backdoor.Win32.Agent.amd
Kaspersky 7.0.0.125 2007.10.25 Email-Worm.Win32.Zhelatin.gn
McAfee 5148 2007.10.24 -
Microsoft 1.2908 2007.10.25 -
NOD32v2 2617 2007.10.25 -
Norman 5.80.02 2007.10.25 W32/Tibs.dam
Panda 9.0.0.4 2007.10.25 -
Rising 19.46.31.00 2007.10.25 Worm.Mail.Win32.Zhelatin.gn
Sophos 4.22.0 2007.10.25 W32/Dref-AP
Sunbelt 2.2.907.0 2007.10.24 -
Symantec 10 2007.10.25 -
TheHacker 6.2.9.107 2007.10.25 -
VBA32 3.12.2.4 2007.10.24 Email-Worm.Win32.Zhelatin.gn
VirusBuster 4.3.26:9 2007.10.24 -
Webwasher-Gateway 6.0.1 2007.10.25 Win32.Malware.dam (suspicious)


Additional information
File size: 77562 bytes
MD5: 10e0db132bfd94d8b64b33495d3af232
SHA1: b2b6c43bcbd9e377a4bc3dd655241f28e5969bcf


:Z это смайл =)

Selmanuk
26.10.2007, 10:34
Файл realfoto.exe.5D5BEF92 получен 2007.10.26 09:14:32 (CET)Антивирус Версия Обновление Результат
AntiVir 7.6.0.27 2007.10.26 HEUR/Crypted
BitDefender 7.2 2007.10.26 DeepScan:Generic.Malware.Bdld!!.E1FB9853
CAT-QuickHeal 9.00 2007.10.25 (Suspicious) - DNAScan
DrWeb 4.44.0.09170 2007.10.26 Trojan.DownLoader.35934
eSafe 7.0.15.0 2007.10.22 -503605165
F-Secure 6.70.13030.0 2007.10.26 Harnig.gen1
Kaspersky 7.0.0.125 2007.10.26 Heur.Trojan.Generic
Microsoft 1.2908 2007.10.26 TrojanDownloader:Win32/Agent.WX
NOD32v2 2618 2007.10.26 probably a variant of Win32/TrojanDownloader.Small.DRU
Norman 5.80.02 2007.10.25 Harnig.gen1
Panda 9.0.0.4 2007.10.26 Suspicious file
Sophos 4.22.0 2007.10.26 Mal/Packer
Sunbelt 2.2.907.0 2007.10.26 VIPRE.Suspicious
Symantec 10 2007.10.26 Downloader
VirusBuster 4.3.26:9 2007.10.25 Packed/FSG
Webwasher-Gateway 6.6.1 2007.10.26 Heuristic.Crypted

Дополнительная информация
File size: 1861 bytes
MD5: 058a27b34937771c98f88a3d7675197f
SHA1: b2829f3bb9d0d56b9f1315a65ce384a8b343188b
packers: FSG
packers: FSG
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Добавлено через 7 минут

Файл index_2_.htm.7FFFAE33 получен 2007.10.26 09:28:47 (CET)Антивирус Версия Обновление Результат
AntiVir 7.6.0.27 2007.10.26 HTML/Shellcode.Gen
Authentium 4.93.8 2007.10.25 JS/[email protected]
Avast 4.7.1074.0 2007.10.25 JS:IESlice
AVG 7.5.0.503 2007.10.25 JS/Downloader.Agent
BitDefender 7.2 2007.10.26 Trojan.Exploit.Js.Vmlfill.D
DrWeb 4.44.0.09170 2007.10.26 Trojan.DownLoader.35207
eSafe 7.0.15.0 2007.10.22 JS.Downld.Troj
Ewido 4.0 2007.10.25 Downloader.Agent.hq
F-Prot 4.3.2.48 2007.10.25 JS/[email protected]
F-Secure 6.70.13030.0 2007.10.26 JS/[email protected]
McAfee 5149 2007.10.25 JS/Exploit-BO.gen
Microsoft 1.2908 2007.10.26 TrojanDownloader:Win32/Small.gen!Z
Rising 19.46.40.00 2007.10.26 Trojan.DL.JS.Agent.lfo
Sophos 4.22.0 2007.10.26 Mal/JSShell-B
Symantec 10 2007.10.26 Downloader
TheHacker 6.2.9.107 2007.10.25 JS/IE.Exploit
VirusBuster 4.3.26:9 2007.10.25 JS.Psyme.DF
Webwasher-Gateway 6.6.1 2007.10.26 Script.Shellcode.Gen

Дополнительная информация
File size: 7278 bytes
MD5: d402f0fa9fc74dda7b1516ad3ab3fa23
SHA1: a776ccd157021738474c929d7f641416bbb3a80b

drongo
26.10.2007, 13:52
Файл file.data получен 2007.10.26 12:28:16 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.26.0 2007.10.26 -
AntiVir 7.6.0.27 2007.10.26 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.10.25 -
Avast 4.7.1074.0 2007.10.25 -
AVG 7.5.0.503 2007.10.26 -
BitDefender 7.2 2007.10.26 DeepScan:Generic.LdPinch1.94613D58
CAT-QuickHeal 9.00 2007.10.25 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.10.26 -
DrWeb 4.44.0.09170 2007.10.26 Trojan.PWS.LDPinch.1941
eSafe 7.0.15.0 2007.10.22 Suspicious File
eTrust-Vet 31.2.5241 2007.10.25 -
Ewido 4.0 2007.10.25 -
FileAdvisor 1 2007.10.26 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.25 -
F-Secure 6.70.13030.0 2007.10.26 -
Ikarus T3.1.1.12 2007.10.26 Backdoor.Win32.Prorat.19.i
Kaspersky 7.0.0.125 2007.10.26 Heur.Trojan.Generic
McAfee 5149 2007.10.25 PWS-LDPinch
Microsoft 1.2908 2007.10.26 PWS:Win32/Ldpinch.gen
NOD32v2 2619 2007.10.26 -
Norman 5.80.02 2007.10.26 -
Panda 9.0.0.4 2007.10.26 Suspicious file
Prevx1 V2 2007.10.26 Heuristic: Suspicious Self Modifying EXE
Rising 19.46.41.00 2007.10.26 -
Sophos 4.22.0 2007.10.26 Mal/Basine-C
Sunbelt 2.2.907.0 2007.10.26 VIPRE.Suspicious
Symantec 10 2007.10.26 -
TheHacker 6.2.9.107 2007.10.25 -
VBA32 3.12.2.4 2007.10.26 -
VirusBuster 4.3.26:9 2007.10.25 -
Webwasher-Gateway 6.6.1 2007.10.26 Trojan.Crypt.XPACK.Gen
Дополнительная информация
File size: 20480 bytes
MD5: 690d77cca6d20246e87803eafeb06bed
SHA1: d4eb6d05641b93aeaee52c834b7ef1f557afb677
packers: PecBundle, PECompact
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=3252C4BF008177B550CA00CE98E8FC00E CFFB33E
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

vaber
26.10.2007, 20:42
Файл nm_15_10_07_75_0.exe получен 2007.10.26 19:20:25 (CET)

Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.26.1 2007.10.26 -
AntiVir 7.6.0.30 2007.10.26 -
Authentium 4.93.8 2007.10.26 -
Avast 4.7.1074.0 2007.10.25 -
AVG 7.5.0.503 2007.10.26 -
BitDefender 7.2 2007.10.26 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 9.00 2007.10.26 -
ClamAV 0.91.2 2007.10.26 -
DrWeb 4.44.0.09170 2007.10.26 -
eSafe 7.0.15.0 2007.10.22 suspicious Trojan/Worm
eTrust-Vet 31.2.5244 2007.10.26 -
Ewido 4.0 2007.10.26 -
FileAdvisor 1 2007.10.26 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.25 -
F-Secure 6.70.13030.0 2007.10.26 -
Ikarus T3.1.1.12 2007.10.26 -
Kaspersky 7.0.0.125 2007.10.26 Heur.Trojan.Generic
McAfee 5150 2007.10.26 -
Microsoft 1.2908 2007.10.26 -
NOD32v2 2619 2007.10.26 -
Norman 5.80.02 2007.10.26 -
Panda 9.0.0.4 2007.10.26 -
Prevx1 V2 2007.10.26 -
Rising 19.46.42.00 2007.10.26 -
Sophos 4.22.0 2007.10.26 Mal/Behav-150
Sunbelt 2.2.907.0 2007.10.26 -
Symantec 10 2007.10.26 -
TheHacker 6.2.9.107 2007.10.25 -
VBA32 3.12.2.4 2007.10.26 -
VirusBuster 4.3.26:9 2007.10.26 -
Webwasher-Gateway 6.6.1 2007.10.26 -
Дополнительная информация
File size: 24064 bytes
MD5: c383ea5fb0ca6beb1d2a3f5bf13c5c79
SHA1: 7213a7a1ead53437e3eb1e69a755909889a9118d
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX


Файл rasta.exe получен 2007.10.26 20:30:18 (CET)

Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.26.1 2007.10.26 -
AntiVir 7.6.0.30 2007.10.26 TR/Dropper.Gen
Authentium 4.93.8 2007.10.26 -
Avast 4.7.1074.0 2007.10.25 -
AVG 7.5.0.503 2007.10.26 -
BitDefender 7.2 2007.10.26 -
CAT-QuickHeal 9.00 2007.10.26 -
ClamAV 0.91.2 2007.10.26 -
DrWeb 4.44.0.09170 2007.10.26 -
eSafe 7.0.15.0 2007.10.22 -
eTrust-Vet 31.2.5244 2007.10.26 -
Ewido 4.0 2007.10.26 -
FileAdvisor 1 2007.10.26 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.26 -
F-Secure 6.70.13030.0 2007.10.26 -
Ikarus T3.1.1.12 2007.10.26 -
Kaspersky 7.0.0.125 2007.10.26 -
McAfee 5150 2007.10.26 -
Microsoft 1.2908 2007.10.26 TrojanDropper:Win32/Cutwail.A
NOD32v2 2619 2007.10.26 -
Norman 5.80.02 2007.10.26 -
Panda 9.0.0.4 2007.10.26 -
Prevx1 V2 2007.10.26 -
Rising 19.46.42.00 2007.10.26 -
Sophos 4.22.0 2007.10.26 Troj/Pushdo-Gen
Sunbelt 2.2.907.0 2007.10.26 -
Symantec 10 2007.10.26 -
TheHacker 6.2.9.107 2007.10.25 -
VBA32 3.12.2.4 2007.10.26 -
VirusBuster 4.3.26:9 2007.10.26 -
Webwasher-Gateway 6.6.1 2007.10.26 Trojan.Dropper.Gen
Дополнительная информация
File size: 20992 bytes
MD5: 090ab214e9505df6e49f50e3294178c2
SHA1: 2ef710e630b9c7a1d4ff43fa7e3b32ea321acaca


Файл iesetup.exe получен 2007.10.26 20:48:15 (CET)

Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.27.0 2007.10.26 -
Authentium 4.93.8 2007.10.26 -
Avast 4.7.1074.0 2007.10.25 -
AVG 7.5.0.503 2007.10.26 Adware Generic2.TTC
BitDefender 7.2 2007.10.26 -
CAT-QuickHeal 9.00 2007.10.26 -
ClamAV 0.91.2 2007.10.26 -
DrWeb 4.44.0.09170 2007.10.26 -
eSafe 7.0.15.0 2007.10.22 -
eTrust-Vet 31.2.5244 2007.10.26 -
Ewido 4.0 2007.10.26 -
FileAdvisor 1 2007.10.26 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.26 -
F-Secure 6.70.13030.0 2007.10.26 -
Ikarus T3.1.1.12 2007.10.26 -
Kaspersky 7.0.0.125 2007.10.26 -
McAfee 5150 2007.10.26 -
Microsoft 1.2908 2007.10.26 -
NOD32v2 2619 2007.10.26 -
Norman 5.80.02 2007.10.26 -
Panda 9.0.0.4 2007.10.26 -
Prevx1 V2 2007.10.26 -
Rising 19.46.42.00 2007.10.26 -
Sophos 4.22.0 2007.10.26 -
Sunbelt 2.2.907.0 2007.10.26 -
Symantec 10 2007.10.26 -
TheHacker 6.2.9.107 2007.10.25 -
VBA32 3.12.2.4 2007.10.26 -
VirusBuster 4.3.26:9 2007.10.26 -
Webwasher-Gateway 6.6.1 2007.10.26 Trojan.Drop.Agent.888
Дополнительная информация
File size: 360502 bytes
MD5: 6a9e88cde02f6d97331249ce6427d4a9
SHA1: e23ae6e5553065afc09fe9d2fe0f195ff75dce37

NickGolovko
27.10.2007, 08:25
Файл avz00002.dta получен 2007.10.27 07:09:53 (CET)

Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.27.0 2007.10.26 -
AntiVir 7.6.0.30 2007.10.26 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.10.26 -
Avast 4.7.1074.0 2007.10.26 -
AVG 7.5.0.503 2007.10.26 -
BitDefender 7.2 2007.10.27 -
CAT-QuickHeal 9.00 2007.10.26 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.10.27 -
DrWeb 4.44.0.09170 2007.10.26 Trojan.Spambot.2444
eSafe 7.0.15.0 2007.10.22 Suspicious File
eTrust-Vet 31.2.5244 2007.10.26 -
Ewido 4.0 2007.10.26 -
FileAdvisor 1 2007.10.27 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.26 -
F-Secure 6.70.13030.0 2007.10.26 -
Ikarus T3.1.1.12 2007.10.27 -
Kaspersky 7.0.0.125 2007.10.27 -
McAfee 5150 2007.10.26 -
Microsoft 1.2908 2007.10.27 -
NOD32v2 2620 2007.10.27 -
Norman 5.80.02 2007.10.26 -
Panda 9.0.0.4 2007.10.27 Suspicious file
Prevx1 V2 2007.10.27 -
Rising 19.46.42.00 2007.10.26 -
Sophos 4.22.0 2007.10.27 Mal/Basine-C
Sunbelt 2.2.907.0 2007.10.27 -
Symantec 10 2007.10.27 -
TheHacker 6.2.9.107 2007.10.25 -
VBA32 3.12.2.4 2007.10.26 Trojan.Spambot.2444
VirusBuster 4.3.26:9 2007.10.26 -
Webwasher-Gateway 6.6.1 2007.10.27 Trojan.Crypt.XPACK.Gen
Дополнительная информация
File size: 34774 bytes
MD5: eaa7fd91e46a9be981f4ea10904dedf5
SHA1: fac2d79fac98bd44cdb9d4403f9c65197ceae29e

TANUKI
29.10.2007, 00:09
Файл mails.exe получен 2007.10.28 21:17:42 (CET)


Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.27.0 2007.10.26 -
AntiVir 7.6.0.30 2007.10.26 -
Authentium 4.93.8 2007.10.28 -
Avast 4.7.1074.0 2007.10.28 -
AVG 7.5.0.503 2007.10.28 -
BitDefender 7.2 2007.10.28 -
CAT-QuickHeal 9.00 2007.10.26 -
ClamAV 0.91.2 2007.10.28 -
DrWeb 4.44.0.09170 2007.10.28 Trojan.Packed.147
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5244 2007.10.26 -
Ewido 4.0 2007.10.28 -
FileAdvisor 1 2007.10.28 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.26 -
F-Secure 6.70.13030.0 2007.10.28 -
Ikarus T3.1.1.12 2007.10.28 -
Kaspersky 7.0.0.125 2007.10.28 Trojan-Dropper.Win32.Small.bbs
McAfee 5150 2007.10.26 -
Microsoft 1.2908 2007.10.28 Virus:Win32/Grum.G
NOD32v2 2621 2007.10.28 probably unknown NewHeur_PE virus
Norman 5.80.02 2007.10.26 -
Panda 9.0.0.4 2007.10.28 -
Prevx1 V2 2007.10.28 -
Rising 19.46.61.00 2007.10.28 -
Sophos 4.23.0 2007.10.28 -
Sunbelt 2.2.907.0 2007.10.27 -
Symantec 10 2007.10.28 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.10.28 -
VirusBuster 4.3.26:9 2007.10.28 -
Webwasher-Gateway 6.6.1 2007.10.28 -



Файл 603-a.exe получен 2007.10.28 21:17:34 (CET)


Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.27.0 2007.10.26 -
AntiVir 7.6.0.30 2007.10.26 -
Authentium 4.93.8 2007.10.28 -
Avast 4.7.1074.0 2007.10.28 -
AVG 7.5.0.503 2007.10.28 -
BitDefender 7.2 2007.10.28 Trojan.Proxy.Agent.AZP
CAT-QuickHeal 9.00 2007.10.26 -
ClamAV 0.91.2 2007.10.28 -
DrWeb 4.44.0.09170 2007.10.28 -
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5244 2007.10.26 -
Ewido 4.0 2007.10.28 -
FileAdvisor 1 2007.10.28 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.26 -
F-Secure 6.70.13030.0 2007.10.28 -
Ikarus T3.1.1.12 2007.10.28 Trojan.Win32.Agent.asu
Kaspersky 7.0.0.125 2007.10.28 Trojan-Dropper.Win32.Agent.ckh
McAfee 5150 2007.10.26 -
Microsoft 1.2908 2007.10.28 -
NOD32v2 2621 2007.10.28 -
Norman 5.80.02 2007.10.26 -
Panda 9.0.0.4 2007.10.28 -
Prevx1 V2 2007.10.28 -
Rising 19.46.61.00 2007.10.28 -
Sophos 4.23.0 2007.10.28 -
Sunbelt 2.2.907.0 2007.10.27 -
Symantec 10 2007.10.28 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.10.28 -
VirusBuster 4.3.26:9 2007.10.28 -
Webwasher-Gateway 6.6.1 2007.10.28 -

vaber
29.10.2007, 01:02
Файл u12_frk_abc123.exe получен 2007.10.28 22:48:33 (CET)

Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.27.0 2007.10.26 -
AntiVir 7.6.0.30 2007.10.28 -
Authentium 4.93.8 2007.10.28 -
Avast 4.7.1074.0 2007.10.28 -
AVG 7.5.0.503 2007.10.28 -
BitDefender 7.2 2007.10.28 -
CAT-QuickHeal 9.00 2007.10.26 -
ClamAV 0.91.2 2007.10.28 -
DrWeb 4.44.0.09170 2007.10.28 -
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5244 2007.10.26 -
Ewido 4.0 2007.10.28 -
FileAdvisor 1 2007.10.28 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.26 -
F-Secure 6.70.13030.0 2007.10.28 -
Ikarus T3.1.1.12 2007.10.28 Trojan-Downloader.Win32.Small.evh
Kaspersky 7.0.0.125 2007.10.28 -
McAfee 5150 2007.10.26 -
Microsoft 1.2908 2007.10.28 -
NOD32v2 2622 2007.10.28 a variant of Win32/TrojanProxy.Xorpix.BS
Norman 5.80.02 2007.10.26 -
Panda 9.0.0.4 2007.10.28 -
Prevx1 V2 2007.10.28 -
Rising 19.46.61.00 2007.10.28 -
Sophos 4.23.0 2007.10.28 -
Sunbelt 2.2.907.0 2007.10.27 -
Symantec 10 2007.10.28 Backdoor.Eterok.C
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.10.28 -
VirusBuster 4.3.26:9 2007.10.28 -
Webwasher-Gateway 6.6.1 2007.10.28 -
Дополнительная информация
File size: 23040 bytes
MD5: 2c0157d1701d48c30fc10db4bcf8c9e3
SHA1: dcf27144f0bcf6b535c110ecb00c4aa25e184f7f

Brutal
30.10.2007, 09:35
В винсоксе у юзера нашел.

File t0.dll received on 10.30.2007 07:01:57 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2007.10.30.0 2007.10.30 -
AntiVir 7.6.0.30 2007.10.29 TR/Dldr.Agent.dda
Authentium 4.93.8 2007.10.29 -
Avast 4.7.1074.0 2007.10.29 Win32:Agent-LOO
AVG 7.5.0.503 2007.10.29 Generic8.HES
BitDefender 7.2 2007.10.30 Generic.Malware.Fdld.A516C50D
CAT-QuickHeal 9.00 2007.10.29 -
ClamAV 0.91.2 2007.10.30 -
DrWeb 4.44.0.09170 2007.10.30 Trojan.DownLoader.35253
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5252 2007.10.30 -
Ewido 4.0 2007.10.29 -
FileAdvisor 1 2007.10.30 -
Fortinet 3.11.0.0 2007.10.19 Heuri.E
F-Prot 4.3.2.48 2007.10.29 -
F-Secure 6.70.13030.0 2007.10.30 Trojan.Win32.Agent.bvn
Ikarus T3.1.1.12 2007.10.30 Trojan-Downloader.Win32.Agent.but
Kaspersky 7.0.0.125 2007.10.30 Trojan.Win32.Agent.bvn
McAfee 5151 2007.10.29 -
Microsoft 1.2908 2007.10.30 Trojan:Win32/Agent.ADA
NOD32v2 2626 2007.10.30 Win32/TrojanDownloader.Agent.NSB
Norman 5.80.02 2007.10.29 -
Panda 9.0.0.4 2007.10.30 Suspicious file
Prevx1 V2 2007.10.30 -
Rising 19.47.10.00 2007.10.30 Trojan.Win32.Agent.bvn
Sophos 4.23.0 2007.10.30 Mal/Heuri-E
Sunbelt 2.2.907.0 2007.10.29 Trojan.Win32/Agent.ADA
Symantec 10 2007.10.30 -
TheHacker 6.2.9.110 2007.10.27 Trojan/Agent.bvn
VBA32 3.12.2.4 2007.10.28 Trojan.Win32.Agent.bvn
VirusBuster 4.3.26:9 2007.10.29 -
Webwasher-Gateway 6.6.1 2007.10.29 Trojan.Dldr.Agent.dda

Additional information
File size: 30208 bytes
MD5: 0866b8b38b4b3b35cc4175161ca39f8f
SHA1: 3dfd5c6f2d232bc89a97feeb9ab2ab16cc1bb863
packers: UPX
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX

Добавлено через 3 минуты

Мне кто-нибудь ответит, что у вас означает пункт "Pack/Crypt" вот в этой диаграмме?:
http://virusinfo.info/attachment.php?attachmentid=19218&d=1191562708

ISO
30.10.2007, 10:11
File patch.exe received on 10.30.2007 07:52:49 (CET)
Current status: finished
Result: 19/31 (61.3%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2007.10.30.0 2007.10.30 -
AntiVir 7.6.0.30 2007.10.29 TR/PSW.OnlineGames.aci.113
Authentium 4.93.8 2007.10.29 -
Avast 4.7.1074.0 2007.10.29 -
AVG 7.5.0.503 2007.10.29 -
BitDefender 7.2 2007.10.30 Trojan.Pws.Onlinegames.ACI
CAT-QuickHeal 9.00 2007.10.29 TrojanPSW.OnLineGames.es
ClamAV 0.91.2 2007.10.30 PUA.Packed.UPack-2
DrWeb 4.44.0.09170 2007.10.30 -
eSafe 7.0.15.0 2007.10.28 Win32.OnLineGames.ac
eTrust-Vet 31.2.5253 2007.10.30 -
Ewido 4.0 2007.10.29 -
FileAdvisor 1 2007.10.30 High threat detected
Fortinet 3.11.0.0 2007.10.19 Patch.F!tr
F-Prot 4.3.2.48 2007.10.29 -
F-Secure 6.70.13030.0 2007.10.30 Trojan-PSW.Win32.OnLineGames.aci
Ikarus T3.1.1.12 2007.10.30 Trojan-Downloader.Win32.Zlob.and
Kaspersky 7.0.0.125 2007.10.30 Trojan-PSW.Win32.OnLineGames.aci
McAfee 5151 2007.10.29 New Malware.aj
Microsoft 1.2908 2007.10.30 HackTool:Win32/Patch.A
NOD32v2 2626 2007.10.30 -
Norman 5.80.02 2007.10.29 W32/Suspicious_U.gen
Panda 9.0.0.4 2007.10.30 Trj/Lineage.BZE
Prevx1 V2 2007.10.30 -
Rising 19.47.10.00 2007.10.30 -
Sophos 4.23.0 2007.10.30 Troj/Patch-F
Sunbelt 2.2.907.0 2007.10.29 VIPRE.Suspicious
Symantec 10 2007.10.30 -
TheHacker 6.2.9.110 2007.10.27 Trojan/PSW.OnLineGames.aci
VBA32 3.12.2.4 2007.10.28 Trojan-PSW.Win32.OnLineGames.aci
VirusBuster 4.3.26:9 2007.10.29 Packed/Upack
Additional information
File size: 8120 bytes
MD5: 2d5b60d000d7792ec504127c6ee238ff
SHA1: 593335fa2eddcbd5d69a981dd17d896a289a4455
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=2d5b60d000d7792ec504127c6ee238ff
packers: UPack
packers: PE_Patch

ZhIV
31.10.2007, 05:07
Файл setuprs1.rar получен 2007.10.31 02:42:40 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.31.0 2007.10.30 -
AntiVir 7.6.0.30 2007.10.30 BDS/Hupigon.Gen
Authentium 4.93.8 2007.10.30 -
Avast 4.7.1074.0 2007.10.30 -
AVG 7.5.0.503 2007.10.30 -
BitDefender 7.2 2007.10.31 -
CAT-QuickHeal 9.00 2007.10.30 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.10.30 -
DrWeb 4.44.0.09170 2007.10.30 -
eSafe 7.0.15.0 2007.10.28 suspicious Trojan/Worm
eTrust-Vet 31.2.5253 2007.10.30 -
Ewido 4.0 2007.10.30 -
FileAdvisor 1 2007.10.31 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.30 -
F-Secure 6.70.13030.0 2007.10.31 W32/Delf.AECZ
Ikarus T3.1.1.12 2007.10.31 Backdoor.Win32.Hupigon.MY
Kaspersky 7.0.0.125 2007.10.31 -
McAfee 5152 2007.10.30 Generic BackDoor
Microsoft 1.2908 2007.10.31 -
NOD32v2 2627 2007.10.30 -
Norman 5.80.02 2007.10.30 -
Panda 9.0.0.4 2007.10.30 -
Prevx1 V2 2007.10.31 -
Rising 19.47.12.00 2007.10.30 -
Sophos 4.23.0 2007.10.30 Mal/Packer
Sunbelt 2.2.907.0 2007.10.31 -
Symantec 10 2007.10.31 -
TheHacker 6.2.9.110 2007.10.27 W32/Behav-Heuristic-067
VBA32 3.12.2.4 2007.10.28 -
VirusBuster 4.3.26:9 2007.10.30 Packed/NSPack
Webwasher-Gateway 6.6.1 2007.10.31 Trojan.Hupigon.Gen
Дополнительная информация
File size: 127648 bytes
MD5: ab66a9f07cfa012fb79e1543369a148e
SHA1: e4620b4eaf0af3d254b1ea5d96fde2d3a2b15adb
packers: NSPack, PE_Patch
packers: NSPack, NSPack

Добавлено через 9 минут

Файл mshost.exe получен 2007.10.31 02:58:57 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.31.0 2007.10.30 -
AntiVir 7.6.0.30 2007.10.30 -
Authentium 4.93.8 2007.10.30 -
Avast 4.7.1074.0 2007.10.30 -
AVG 7.5.0.503 2007.10.30 -
BitDefender 7.2 2007.10.31 -
CAT-QuickHeal 9.00 2007.10.30 -
ClamAV 0.91.2 2007.10.30 -
DrWeb 4.44.0.09170 2007.10.30 Win32.HLLW.Autoruner.784
eSafe 7.0.15.0 2007.10.28 suspicious Trojan/Worm
eTrust-Vet 31.2.5253 2007.10.30 -
Ewido 4.0 2007.10.30 -
FileAdvisor 1 2007.10.31 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.30 -
F-Secure 6.70.13030.0 2007.10.31 Virus.Win32.AutoRun.yy
Ikarus T3.1.1.12 2007.10.31 Virus.Win32.AutoRun.yy
Kaspersky 7.0.0.125 2007.10.31 Virus.Win32.AutoRun.yy
McAfee 5152 2007.10.30 -
Microsoft 1.2908 2007.10.31 -
NOD32v2 2627 2007.10.30 -
Norman 5.80.02 2007.10.30 -
Panda 9.0.0.4 2007.10.30 Suspicious file
Prevx1 V2 2007.10.31 Heuristic: Suspicious File With Covert Attributes
Rising 19.47.12.00 2007.10.30 -
Sophos 4.23.0 2007.10.30 -
Sunbelt 2.2.907.0 2007.10.31 -
Symantec 10 2007.10.31 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.10.28 -
VirusBuster 4.3.26:9 2007.10.30 -
Webwasher-Gateway 6.6.1 2007.10.31 -
Дополнительная информация
File size: 192512 bytes
MD5: 4cc7c9d5bef15e7c62849cbceba6fe34
SHA1: f6e465264ef4e56aaafdb421e8a61e6522a1ad94
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=8739257F00048F9DF068025631F92A00B 1C6F298

drongo
31.10.2007, 19:52
BitAccelerator- меняет md5, но не суть.
можно посмотреть какие из лабораторий не торопятся следить за изменениями.


Файл BitAccelerator.dta получен 2007.10.31 17:37:43 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.10.31.1 2007.10.31 -
AntiVir 7.6.0.30 2007.10.31 -
Authentium 4.93.8 2007.10.30 -
Avast 4.7.1074.0 2007.10.31 -
AVG 7.5.0.503 2007.10.31 -
BitDefender 7.2 2007.10.31 Adware.BHO.WPW
CAT-QuickHeal 9.00 2007.10.31 -
ClamAV 0.91.2 2007.10.31 Adware.BHO-50
DrWeb 4.44.0.09170 2007.10.31 -
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5256 2007.10.31 -
Ewido 4.0 2007.10.31 -
FileAdvisor 1 2007.10.31 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.30 -
F-Secure 6.70.13030.0 2007.10.31 -
Ikarus T3.1.1.12 2007.10.31 Virus.Win32.AdWare
Kaspersky 7.0.0.125 2007.10.31 not-a-virus:AdWare.Win32.BHO.ic
McAfee 5152 2007.10.30 -
Microsoft 1.2908 2007.10.31 -
NOD32v2 2630 2007.10.31 -
Norman 5.80.02 2007.10.31 -
Panda 9.0.0.4 2007.10.31 -
Prevx1 V2 2007.10.31 -
Rising 19.47.21.00 2007.10.31 -
Sophos 4.23.0 2007.10.31 -
Sunbelt 2.2.907.0 2007.10.31 -
Symantec 10 2007.10.31 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.10.28 -
VirusBuster 4.3.26:9 2007.10.31 -
Webwasher-Gateway 6.0.1 2007.10.31 -
Дополнительная информация
File size: 394124 bytes
MD5: 97209ee33ade0ba71326964ef8210364
SHA1: e93c7ccf12bf8b091be0084c689772abc494a84b

Kuzz
31.10.2007, 21:03
AhnLab-V3 2007.11.1.0 2007.10.31 -
AntiVir 7.6.0.30 2007.10.31 TR/PSW.LdPinch.dkt
Authentium 4.93.8 2007.10.31 -
Avast 4.7.1074.0 2007.10.31 -
AVG 7.5.0.503 2007.10.31 Dropper.Delf.KM
BitDefender 7.2 2007.10.31 Trojan.Agent.AFLF
CAT-QuickHeal 9.00 2007.10.31 TrojanPSW.LdPinch.dkt
ClamAV 0.91.2 2007.10.31 Trojan.LdPinch-1029
DrWeb 4.44.0.09170 2007.10.31 Trojan.MulDrop.9120
eSafe 7.0.15.0 2007.10.28 Win32.LdPinch.dkt
eTrust-Vet 31.2.5256 2007.10.31 -
Ewido 4.0 2007.10.31 -
FileAdvisor 1 2007.10.31 -
Fortinet 3.11.0.0 2007.10.19 W32/LdPinch.DKT!tr.pws
F-Prot 4.3.2.48 2007.10.31 -
F-Secure 6.70.13030.0 2007.10.31 Trojan-PSW.Win32.LdPinch.dkt
Ikarus T3.1.1.12 2007.10.31 Trojan.MulDrop.9120
Kaspersky 7.0.0.125 2007.10.31 Trojan-PSW.Win32.LdPinch.dkt
McAfee 5152 2007.10.30 -
Microsoft 1.2908 2007.10.31 -
NOD32v2 2630 2007.10.31 -
Norman 5.80.02 2007.10.31 -
Panda 9.0.0.4 2007.10.31 Trj/Ldpinch.WE
Prevx1 V2 2007.10.31 -
Rising 19.47.21.00 2007.10.31 Trojan.PSW.Win32.LdPinch.dkt
Sophos 4.23.0 2007.10.31 -
Sunbelt 2.2.907.0 2007.10.31 -
Symantec 10 2007.10.31 -
TheHacker 6.2.9.110 2007.10.27 Trojan/PSW.LdPinch.dkt
VBA32 3.12.2.4 2007.10.28 Trojan.MulDrop.9120
VirusBuster 4.3.26:9 2007.10.31 -

XL
01.11.2007, 00:39
Очередная реинкарнация:


Файл halloween.exe получен 2007.10.31 22:28:29 (CET)

AhnLab-V3 2007.11.1.0 2007.10.31 -
AntiVir 7.6.0.30 2007.10.31 WORM/Zhelatin.Gen
Authentium 4.93.8 2007.10.31 W32/StormWorm.G
Avast 4.7.1074.0 2007.10.31 -
AVG 7.5.0.503 2007.10.31 Downloader.Tibs
BitDefender 7.2 2007.10.31 Trojan.Peed.INN
CAT-QuickHeal 9.00 2007.10.31 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.10.31 Trojan.Peed-44
DrWeb 4.44.0.09170 2007.10.31 Trojan.Packed.162
eSafe 7.0.15.0 2007.10.28 Suspicious File
eTrust-Vet 31.2.5256 2007.10.31 Win32/Sintun.AK
Ewido 4.0 2007.10.31 -
FileAdvisor 1 2007.10.31 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.31 W32/StormWorm.G
F-Secure 6.70.13030.0 2007.10.31 -
Ikarus T3.1.1.12 2007.10.31 -
Kaspersky 7.0.0.125 2007.10.31 -
McAfee 5153 2007.10.31 -
Microsoft 1.2908 2007.10.31 TrojanDropper:Win32/Nuwar.gen!avkill
NOD32v2 2630 2007.10.31 probably unknown NewHeur_PE virus
Norman 5.80.02 2007.10.31 Tibs.gen177
Panda 9.0.0.4 2007.10.31 -
Prevx1 V2 2007.10.31 -
Rising 19.47.21.00 2007.10.31 -
Sophos 4.23.0 2007.10.31 Mal/Behav-146
Sunbelt 2.2.907.0 2007.10.31 -
Symantec 10 2007.10.31 Trojan.Peacomm.B
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.10.31 -
VirusBuster 4.3.26:9 2007.10.31 -
Webwasher-Gateway 6.6.1 2007.10.31 Worm.Zhelatin.Gen
Дополнительная информация
File size: 112346 bytes
MD5: 791d713d7795d7cb051774be76203207
SHA1: d7cdfbee6de020b68a7a2b7f68d1c4d7208b03fb

Shu_b
01.11.2007, 10:06
Итого за месяц.

Shu_b
02.11.2007, 16:08
о как... тема 13760
File mssrv32.exe received on 11.02.2007 13:54:37 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.11.2.1 2007.11.02 -
AntiVir 7.6.0.30 2007.11.02 TR/Dldr.Agent.ZAA
Authentium 4.93.8 2007.11.01 -
Avast 4.7.1074.0 2007.11.02 -
AVG 7.5.0.503 2007.11.02 -
BitDefender 7.2 2007.11.02 Trojan.PWS.LDPinch.TDD
CAT-QuickHeal 9.00 2007.11.02 -
ClamAV 0.91.2 2007.11.02 -
DrWeb 4.44.0.09170 2007.11.02 Trojan.Packed.194
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5262 2007.11.02 -
Ewido 4.0 2007.11.02 -
FileAdvisor 1 2007.11.02 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.02 -
F-Secure 6.70.13030.0 2007.11.02 -
Ikarus T3.1.1.12 2007.11.02 Virus.Win32.Zapchast.DA
Kaspersky 7.0.0.125 2007.11.02 -
McAfee 5154 2007.11.01 -
Microsoft 1.2908 2007.11.02 -
NOD32v2 2633 2007.11.02 Win32/PSW.LdPinch.NFO
Norman 5.80.02 2007.11.02 -
Panda 9.0.0.4 2007.11.02 -
Prevx1 V2 2007.11.02 Malware.Gen
Rising 20.16.42.00 2007.11.02 -
Sophos 4.23.0 2007.11.02 Mal/Dropper-T
Sunbelt 2.2.907.0 2007.10.31 Trojan.PWS.LDPinch.TDD
Symantec 10 2007.11.02 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.11.02 Trojan.Win32.PSW.LdPinch.NFO
VirusBuster 4.3.26:9 2007.11.01 -
Additional information
File size: 32768 bytes

Макcим
02.11.2007, 21:19
Файл 2007-11-02.rar получен 2007.11.02 19:09:29 (CET)

AntiVir 7.6.0.30 2007.11.02 TR/Dldr.Stration.Gen
Avast 4.7.1074.0 2007.11.02 Win32:Warezov-CRS
AVG 7.5.0.503 2007.11.02 I-Worm/Stration.DJG
BitDefender 7.2 2007.11.02 [email protected]
CAT-QuickHeal 9.00 2007.11.02 I-Worm.Warezov.ny
DrWeb 4.44.0.09170 2007.11.02 Win32.HLLM.Limar
eSafe 7.0.15.0 2007.10.28 Win32.Stration.DB
Ewido 4.0 2007.11.02 Worm.Warezov.zm
Fortinet 3.11.0.0 2007.10.19 PossibleThreat
F-Prot 4.4.2.54 2007.11.02 W32/Warezov.ABW
Ikarus T3.1.1.12 2007.11.02 Win32.Stration
McAfee 5155 2007.11.02 W32/[email protected]
Microsoft 1.2908 2007.11.02 Trojan:Win32/Stration.gen!C
NOD32v2 2634 2007.11.02 Win32/Stration.ZM
Panda 9.0.0.4 2007.11.02 Generic Worm
Rising 20.16.42.00 2007.11.02 Worm.Mail.Win32.Warezov.no
Sophos 4.23.0 2007.11.02 W32/Strati-Gen
Sunbelt 2.2.907.0 2007.11.02 [email protected]
Symantec 10 2007.11.02 [email protected]
VBA32 3.12.2.4 2007.11.02 MalwareScope.Worm.Warezov.1Дополнительная информация
File size: 381171 bytes
MD5: 2026564c39ddf422b71349f8b884c2e7
SHA1: b74dd2b0ffa6e2386bbf04356c5cd07370dba9d8
Sunbelt info: [email protected] is a mass mailing worm that carries an infected attachment and spreads by sending a copy of itself to every email address in the victim's computer.


Файл _install.exe.7FFFFFC3 получен 2007.11.02 20:37:42 (CET)

AntiVir 7.6.0.30 2007.11.02 WORM/Zhelatin.Gen
Authentium 4.93.8 2007.11.02 W32/StormWorm.G
Avast 4.7.1074.0 2007.11.02 Win32:Tibs-BLT
AVG 7.5.0.503 2007.11.02 Downloader.Tibs.8.F
BitDefender 7.2 2007.11.02 Trojan.Peed.INN
CAT-QuickHeal 9.00 2007.11.02 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.11.02 Trojan.Peed-44
DrWeb 4.44.0.09170 2007.11.02 Trojan.Packed.162
eSafe 7.0.15.0 2007.10.28 Suspicious File
eTrust-Vet 31.2.5262 2007.11.02 Win32/Sintun.AK
F-Prot 4.4.2.54 2007.11.02 W32/StormWorm.G
F-Secure 6.70.13030.0 2007.11.02 Packed.Win32.Tibs.dg
Ikarus T3.1.1.12 2007.11.02 Packed.Win32.Tibs.dg
Kaspersky 7.0.0.125 2007.11.02 Packed.Win32.Tibs.dg
McAfee 5155 2007.11.02 Tibs-Packed
Microsoft 1.2908 2007.11.02 Trojan:Win32/Tibs.EV
NOD32v2 2634 2007.11.02 Win32/Nuwar.Gen
Norman 5.80.02 2007.11.02 Tibs.gen177
Sophos 4.23.0 2007.11.02 Mal/Dorf-F
Symantec 10 2007.11.02 Trojan.Peacomm.B
Webwasher-Gateway 6.6.1 2007.11.02 Worm.Zhelatin.GenДополнительная информация
File size: 113370 bytes
MD5: 14b25ba8a3e700f90eec3c0ab5a3ab49
SHA1: 57581352befdd5cc149b1744cca70bcf2eb5afc2


Файл 2007-11-02.rar получен 2007.11.02 20:49:46 (CET)

AntiVir 7.6.0.30 2007.11.02 ADSPY/NetAdware.AC.1
Avast 4.7.1074.0 2007.11.02 Win32:Zlob-AFG
AVG 7.5.0.503 2007.11.02 Downloader.Zlob.QSD
BitDefender 7.2 2007.11.02 Adware.NetAdware.AA
CAT-QuickHeal 9.00 2007.11.02 AdWare.Vapsup.kg (Not a Virus)
eSafe 7.0.15.0 2007.10.28 suspicious Trojan/Worm
Ikarus T3.1.1.12 2007.11.02 AdWare.NetAdware.E
NOD32v2 2634 2007.11.02 Win32/Adware.Agent.NHS
Panda 9.0.0.4 2007.11.02 Suspicious file
Prevx1 V2 2007.11.02 Heuristic: Suspicious File With Covert Attributes
Webwasher-Gateway 6.6.1 2007.11.02 Ad-Spyware.NetAdware.AC.1Дополнительная информация
File size: 3510625 bytes
MD5: 4eb64cd05568968115dc795ee7541686
SHA1: 07e1fe2188fddb50fb5c90fe0af6c2fded282ab5
packers: UPX_LZMA
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=75896255007C45163C5B45DDD1D658000 E174DB6

Макcим
03.11.2007, 17:26
Файл IcqControl.dll получен 2007.11.03 11:20:52 (CET)

AntiVir 7.6.0.30 2007.11.02 HEUR/Crypted
AVG 7.5.0.503 2007.11.02 BackDoor.Hupigon2.KNN
eSafe 7.0.15.0 2007.10.28 Suspicious File
FileAdvisor 1 2007.11.03 High threat detected
Norman 5.80.02 2007.11.02 W32/Suspicious_N.gen
Sophos 4.23.0 2007.11.03 Mal/Packer
TheHacker 6.2.9.110 2007.10.27 W32/Behav-Heuristic-067
Webwasher-Gateway 6.6.1 2007.11.02 Heuristic.CryptedДополнительная информация
File size: 208384 bytes
MD5: f04f5b0359404bd3ac349a82465494e2
SHA1: a8916be5fd43f1d5e69df2cac38c0fcc7f628bf4
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=f04f5b0359404bd3ac349a82465494e2
packers: NSPack, PE_Patch
packers: NSPack

Добавлено через 13 минут

Файл install_cr.exe получен 2007.11.03 11:28:51 (CET)

Avast 4.7.1074.0 2007.11.03 Win32:Zlob-AFG
AVG 7.5.0.503 2007.11.02 Downloader.Zlob
BitDefender 7.2 2007.11.03 Adware.NetAdware.AEДополнительная информация
File size: 200131 bytes
MD5: 06ab52f74863c917f8402a06a2b51332
SHA1: 6278e5eb0aa4dc8543297ec4e5bb398e2e76ee95

Добавлено через 46 минут

Файл load.exe получен 2007.11.03 12:27:12 (CET)

AntiVir 7.6.0.30 2007.11.02 TR/Crypt.XPACK.Gen
AVG 7.5.0.503 2007.11.02 SHeur.XIC
CAT-QuickHeal 9.00 2007.11.02 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.11.03 PUA.Packed.UPack-2
eSafe 7.0.15.0 2007.10.28 Suspicious File
F-Prot 4.4.2.54 2007.11.02 W32/Heuristic-162!Eldorado
F-Secure 6.70.13030.0 2007.11.02 Trojan-Dropper.Win32.Agent.clo
Ikarus T3.1.1.12 2007.11.03 Trojan-Downloader.Win32.Zlob.and
Kaspersky 7.0.0.125 2007.11.03 Trojan-Dropper.Win32.Agent.clo
McAfee 5155 2007.11.02 New Malware.aj
Norman 5.80.02 2007.11.02 W32/Zlob.ARTB
Panda 9.0.0.4 2007.11.03 Suspicious file
Sophos 4.23.0 2007.11.03 Mal/Packer
Sunbelt 2.2.907.0 2007.11.02 VIPRE.Suspicious
TheHacker 6.2.9.110 2007.10.27 W32/Behav-Heuristic-060
VirusBuster 4.3.26:9 2007.11.02 Packed/Upack
Webwasher-Gateway 6.6.1 2007.11.02 Trojan.Crypt.XPACK.GenДополнительная информация
File size: 46088 bytes
MD5: 59f41d310b88d924d2a113b939697499
SHA1: a4bd83f6707df4e58aade38ea8717a6cae3854d8
packers: UPack
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Добавлено через 2 часа 48 минут

Файл gping_205.exe получен 2007.11.03 15:18:31 (CET)

AntiVir 7.6.0.30 2007.11.02 DR/MicroJoiner.Gen
AVG 7.5.0.503 2007.11.03 Win32/PolyCrypt
CAT-QuickHeal 9.00 2007.11.03 TrojanPSW.LdPinch.eap
F-Secure 6.70.13030.0 2007.11.02 Trojan-PSW.Win32.LdPinch.eap
Ikarus T3.1.1.12 2007.11.03 Trojan-PWS.Win32.LdPinch.eap
Kaspersky 7.0.0.125 2007.11.03 Trojan-PSW.Win32.LdPinch.eap
Panda 9.0.0.4 2007.11.03 Suspicious file
Webwasher-Gateway 6.6.1 2007.11.02 Trojan.MicroJoiner.GenДополнительная информация
File size: 1274368 bytes
MD5: 335ca696a5aa477cd8c87157cf40145c
SHA1: ed044a0c4a3a0b35b3068340eee930781dcf2aa8

456
04.11.2007, 09:40
Файл bin1.exe получен 2007.11.04 06:49:29 (CET)
Его firewall заблокировал .

AhnLab-V32007.11.3.02007.11.02-
AntiVir7.6.0.302007.11.02 TR/Crypt.XPACK.Gen
Authentium4.93.82007.11.03-
Avast4.7.1074.02007.11.03-
AVG7.5.0.5032007.11.03Win32/PolyCryp
tBitDefender7.22007.11.04-
CAT-QuickHeal9.002007.11.03 TrojanPSW.LdPinch.eap
ClamAV0.91.22007.11.04-
DrWeb4.44.0.091702007.11.03-
eSafe7.0.15.02007.10.28 SuspiciousFile
eTrust-Vet31.2.52642007.11.02-
Ewido4.02007.11.03-
FileAdvisor12007.11.04-
Fortinet3.11.0.02007.10.19-
F-Prot4.4.2.542007.11.03-
F-Secure6.70.13030.02007.11.04 Trojan-PSW.Win32.LdPinch.eap
IkarusT3.1.1.122007.11.04 Trojan-PWS.Win32.LdPinch.eap
Kaspersky7.0.0.1252007.11.03 Trojan-PSW.Win32.LdPinch.eap
McAfee51552007.11.02-
Microsoft1.29082007.11.03-
NOD32v2 2336 2007.11.03-
Norman5.80.022007.11.02-
Panda9.0.0.42007.11.03 Suspiciousfile
Prevx1V22007.11.04 Malware.Gen
Rising20.16.60.002007.11.04-
Sophos4.23.02007.11.04 Mal/Basine-C
Sunbelt2.2.907.02007.11.02 VIPRE.Suspicious
Symantec102007.11.04-
TheHacker6.2.9.1102007.10.27-
VBA323.12.2.42007.11.03-
VirusBuster4.3.26:92007.11.03-
Webwasher-Gateway6.6.12007.11.02 Trojan.Crypt.XPACK.Gen

Дополнительная информация File size: 55296 bytesMD5: 4958b414a1a16cd519c804ff2f5ca01cSHA1: c02bf69b3b7c7c463b87c47f445b749e55fc5f46

Макcим
04.11.2007, 14:46
Это не ложное срабатывание, файл на самом деле является malware, которое заподозрил только один антивирус.

Файл 1.htm получен 2007.11.04 08:41:37 (CET)

Webwasher-Gateway 6.6.1 2007.11.02 JavaScript.CodeUnfolding.gen!High (suspicious)Дополнительная информация
File size: 2359 bytes
MD5: 3f438825635986942b14e5760bdaec3e
SHA1: d98b7554c75fb7bf43e394d32eab60e889486303

Добавлено через 3 часа 36 минут

Файл avz00008.dta получен 2007.11.04 12:35:35 (CET)

AntiVir 7.6.0.30 2007.11.02 HEUR/Malware
Authentium 4.93.8 2007.11.03 Possibly a new variant of W32/new-malware!Maximus
eSafe 7.0.15.0 2007.10.28 suspicious Trojan/Worm
F-Prot 4.4.2.54 2007.11.03 W32/new-malware!Maximus
Ikarus T3.1.1.12 2007.11.04 Trojan-Spy.Win32.Agent.rb
Panda 9.0.0.4 2007.11.04 Suspicious file
Prevx1 V2 2007.11.04 Heuristic: Suspicious Browser Help Object
Sophos 4.23.0 2007.11.04 Troj/Dowdec-Gen
Sunbelt 2.2.907.0 2007.11.02 VIPRE.Suspicious
VBA32 3.12.2.4 2007.11.03 suspected of Downloader.Small.33
Webwasher-Gateway 6.6.1 2007.11.02 Heuristic.MalwareДополнительная информация
File size: 12288 bytes
MD5: 89c1b7f8c76bc14d5ca6a6ba070372c2
SHA1: 3076d6e030a351194602c3cc7ad6dfe43644019a
packers: UPX
packers: UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=C1B31436002A502F30C0000AAA5AD100B 7568A70
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

drongo
06.11.2007, 00:51
Касперский добавит в следуещее обновление под именем : Backdoor.Win32.Kbot.ab


Файл avz00002.dta получен 2007.11.05 22:43:59 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.11.6.0 2007.11.05 -
AntiVir 7.6.0.30 2007.11.05 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.11.05 -
Avast 4.7.1074.0 2007.11.05 Win32:Small-HZL
AVG 7.5.0.503 2007.11.05 Downloader.Obfuskated
BitDefender 7.2 2007.11.05 Trojan.AVKiller.AW
CAT-QuickHeal 9.00 2007.11.05 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.11.05 -
DrWeb 4.44.0.09170 2007.11.05 Trojan.MulDrop.8347
eSafe 7.0.15.0 2007.10.28 Suspicious File
eTrust-Vet 31.2.5264 2007.11.02 -
Ewido 4.0 2007.11.05 -
FileAdvisor 1 2007.11.05 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.05 -
F-Secure 6.70.13030.0 2007.11.05 -
Ikarus T3.1.1.12 2007.11.05 -
Kaspersky 7.0.0.125 2007.11.05 -
McAfee 5156 2007.11.05 Tcad-Crypted
Microsoft 1.2908 2007.11.05 TrojanDownloader:Win32/Small.gen!AAM
NOD32v2 2639 2007.11.05 -
Norman 5.80.02 2007.11.05 -
Panda 9.0.0.4 2007.11.05 Suspicious file
Prevx1 V2 2007.11.05 -
Rising 20.17.01.00 2007.11.05 Trojan.DL.Win32.Small.fyn
Sophos 4.23.0 2007.11.05 Mal/Basine-C
Sunbelt 2.2.907.0 2007.11.02 -
Symantec 10 2007.11.05 -
TheHacker 6.2.9.116 2007.11.05 -
VBA32 3.12.2.4 2007.11.05 -
VirusBuster 4.3.26:9 2007.11.05 Trojan.DR.Dirat.Gen
Webwasher-Gateway 6.0.1 2007.11.05 Trojan.Crypt.XPACK.Gen
Дополнительная информация
File size: 12788 bytes
MD5: 85f7cd6ffd231dce0d052884f6682d40
SHA1: 07fe747914cc7dfc0c9206055d33c65970c05295

Shu_b
06.11.2007, 16:09
t=13890

File csrss.exe received on 11.06.2007 08:14:44 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.11.6.1 2007.11.06 -
AntiVir 7.6.0.30 2007.11.05 HEUR/Crypted
Authentium 4.93.8 2007.11.05 -
Avast 4.7.1074.0 2007.11.05 -
AVG 7.5.0.503 2007.11.05 -
BitDefender 7.2 2007.11.06 Trojan.PWS.LDPinch.TDD
CAT-QuickHeal 9.00 2007.11.05 -
ClamAV 0.91.2 2007.11.06 -
DrWeb 4.44.0.09170 2007.11.05 -
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5270 2007.11.05 -
Ewido 4.0 2007.11.05 -
FileAdvisor 1 2007.11.06 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.06 -
F-Secure 6.70.13030.0 2007.11.05 -
Ikarus T3.1.1.12 2007.11.06 Virus.Win32.Zapchast.DA
Kaspersky 7.0.0.125 2007.11.06 -
McAfee 5156 2007.11.05 -
Microsoft 1.2908 2007.11.05 -
NOD32v2 2639 2007.11.06 -
Norman 5.80.02 2007.11.05 -
Panda 9.0.0.4 2007.11.06 -
Prevx1 V2 2007.11.06 -
Rising 20.17.02.00 2007.11.06 -
Sophos 4.23.0 2007.11.06 -
Sunbelt 2.2.907.0 2007.11.02 -
Symantec 10 2007.11.06 -
TheHacker 6.2.9.117 2007.11.06 -
VBA32 3.12.2.4 2007.11.06 -
VirusBuster 4.3.26:9 2007.11.05 -
Webwasher-Gateway 6.0.1 2007.11.05 Heuristic.Crypted
Additional information
File size: 20992 bytes
MD5: 62d7900b0e5f56a06b818a7443b7edbb
SHA1: eb9cc8432d26e57d9b53ba1a9d623194040df0a9

Добавлено через 5 часов 6 минут

t=13896
File
syswin.exe ; msrpc.exe ; lsassv.exe ; AdobeGammaLoader.scr ; calc2.exe
received on 11.06.2007 13:16:58 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.11.6.1 2007.11.06 -
AntiVir 7.6.0.30 2007.11.05 -
Authentium 4.93.8 2007.11.05 -
Avast 4.7.1074.0 2007.11.05 -
AVG 7.5.0.503 2007.11.06 -
BitDefender 7.2 2007.11.06 -
CAT-QuickHeal 9.00 2007.11.05 -
ClamAV 0.91.2 2007.11.06 -
DrWeb 4.44.0.09170 2007.11.06 Trojan.LydraSpy.origin
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5270 2007.11.05 -
Ewido 4.0 2007.11.06 -
FileAdvisor 1 2007.11.06 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.06 -
F-Secure 6.70.13030.0 2007.11.06 -
Ikarus T3.1.1.12 2007.11.06 -
Kaspersky 7.0.0.125 2007.11.06 Heur.Trojan.Generic
McAfee 5156 2007.11.05 -
Microsoft 1.3007 2007.11.06 TrojanSpy:Win32/Lydra.gen!B
NOD32v2 2640 2007.11.06 -
Norman 5.80.02 2007.11.06 -
Panda 9.0.0.4 2007.11.06 Suspicious file
Prevx1 V2 2007.11.06 -
Rising 20.17.12.00 2007.11.06 -
Sophos 4.23.0 2007.11.06 -
Sunbelt 2.2.907.0 2007.11.02 -
Symantec 10 2007.11.06 -
TheHacker 6.2.9.117 2007.11.06 -
VBA32 3.12.2.4 2007.11.06 -
VirusBuster 4.3.26:9 2007.11.05 -
Webwasher-Gateway 6.0.1 2007.11.05 -
Additional information
File size: 468207 bytes
MD5: de9730919f23225ae5c49d2e56258264
SHA1: 92f0b3403063647e685c0de5777465665946412d

Добавлено через 38 минут

t=13895

File bindmod.dll received on 11.06.2007 13:43:50 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.11.6.1 2007.11.06 -
AntiVir 7.6.0.30 2007.11.05 TR/Zlob.Dll
Authentium 4.93.8 2007.11.05 -
Avast 4.7.1074.0 2007.11.05 Win32:Agent-LTS
AVG 7.5.0.503 2007.11.06 Downloader.Zlob.QRV
BitDefender 7.2 2007.11.06 -
CAT-QuickHeal 9.00 2007.11.05 -
ClamAV 0.91.2 2007.11.06 -
DrWeb 4.44.0.09170 2007.11.06 -
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5270 2007.11.05 -
Ewido 4.0 2007.11.06 -
FileAdvisor 1 2007.11.06 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.06 -
F-Secure 6.70.13030.0 2007.11.06 -
Ikarus T3.1.1.12 2007.11.06 not-a-virus:AdWare.Win32.Agent.bn
Kaspersky 7.0.0.125 2007.11.06 -
McAfee 5156 2007.11.05 -
Microsoft 1.3007 2007.11.06 -
NOD32v2 2640 2007.11.06 -
Norman 5.80.02 2007.11.06 Agent.CUUF
Panda 9.0.0.4 2007.11.06 -
Prevx1 V2 2007.11.06 -
Rising 20.17.12.00 2007.11.06 -
Sophos 4.23.0 2007.11.06 -
Sunbelt 2.2.907.0 2007.11.02 -
Symantec 10 2007.11.06 -
TheHacker 6.2.9.117 2007.11.06 -
VBA32 3.12.2.4 2007.11.06 -
VirusBuster 4.3.26:9 2007.11.05 -
Webwasher-Gateway 6.0.1 2007.11.05 Trojan.Zlob.Dll
Additional information
File size: 281088 bytes

File advrepgpd.dll received on 11.06.2007 13:44:01 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.11.6.1 2007.11.06 -
AntiVir 7.6.0.30 2007.11.05 TR/BHO.Agent.258048
Authentium 4.93.8 2007.11.05 -
Avast 4.7.1074.0 2007.11.05 -
AVG 7.5.0.503 2007.11.06 Downloader.Zlob.QRY
BitDefender 7.2 2007.11.06 Adware.NetAdware.AB
CAT-QuickHeal 9.00 2007.11.05 -
ClamAV 0.91.2 2007.11.06 -
DrWeb 4.44.0.09170 2007.11.06 -
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5270 2007.11.05 -
Ewido 4.0 2007.11.06 -
FileAdvisor 1 2007.11.06 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.06 -
F-Secure 6.70.13030.0 2007.11.06 -
Ikarus T3.1.1.12 2007.11.06 Generic.NetAdware
Kaspersky 7.0.0.125 2007.11.06 -
McAfee 5156 2007.11.05 -
Microsoft 1.3007 2007.11.06 -
NOD32v2 2640 2007.11.06 a variant of Win32/Adware.Agent.NHO
Norman 5.80.02 2007.11.06 W32/Vapsup.AV
Panda 9.0.0.4 2007.11.06 -
Prevx1 V2 2007.11.06 -
Rising 20.17.12.00 2007.11.06 -
Sophos 4.23.0 2007.11.06 -
Sunbelt 2.2.907.0 2007.11.02 -
Symantec 10 2007.11.06 -
TheHacker 6.2.9.117 2007.11.06 -
VBA32 3.12.2.4 2007.11.06 -
VirusBuster 4.3.26:9 2007.11.05 -
Webwasher-Gateway 6.0.1 2007.11.05 Trojan.BHO.Agent.258048
Additional information
File size: 258048 bytes

File hupsrv.dll received on 11.06.2007 13:43:38 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.11.6.1 2007.11.06 -
AntiVir 7.6.0.30 2007.11.05 ADSPY/VideoPlug.A.1
Authentium 4.93.8 2007.11.05 -
Avast 4.7.1074.0 2007.11.05 -
AVG 7.5.0.503 2007.11.06 Downloader.Zlob.QRZ
BitDefender 7.2 2007.11.06 -
CAT-QuickHeal 9.00 2007.11.05 -
ClamAV 0.91.2 2007.11.06 -
DrWeb 4.44.0.09170 2007.11.06 -
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5270 2007.11.05 -
Ewido 4.0 2007.11.06 -
FileAdvisor 1 2007.11.06 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.06 -
F-Secure 6.70.13030.0 2007.11.06 -
Ikarus T3.1.1.12 2007.11.06 not-a-virus:AdWare.Win32.Agent.bn
Kaspersky 7.0.0.125 2007.11.06 -
McAfee 5156 2007.11.05 -
Microsoft 1.3007 2007.11.06 -
NOD32v2 2640 2007.11.06 -
Norman 5.80.02 2007.11.06 Agent.CUUF
Panda 9.0.0.4 2007.11.06 -
Prevx1 V2 2007.11.06 -
Rising 20.17.12.00 2007.11.06 -
Sophos 4.23.0 2007.11.06 -
Sunbelt 2.2.907.0 2007.11.02 -
Symantec 10 2007.11.06 -
TheHacker 6.2.9.117 2007.11.06 -
VBA32 3.12.2.4 2007.11.06 -
VirusBuster 4.3.26:9 2007.11.05 -
Webwasher-Gateway 6.0.1 2007.11.05 Ad-Spyware.VideoPlug.A.1
Additional information
File size: 269312 bytes
какой интересный денёк...

Добавлено через 2 минуты

t=13894 [незачёт - Этот файл повреждён.]

File SYSDRV1.EXE received on 11.06.2007 13:54:09 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.11.6.1 2007.11.06 -
AntiVir 7.6.0.30 2007.11.05 -
Authentium 4.93.8 2007.11.05 -
Avast 4.7.1074.0 2007.11.05 Win32:LdPinch-IG
AVG 7.5.0.503 2007.11.06 -
BitDefender 7.2 2007.11.06 Trojan.Pws.Ldpinch.AJA
CAT-QuickHeal 9.00 2007.11.06 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.11.06 -
DrWeb 4.44.0.09170 2007.11.06 -
eSafe 7.0.15.0 2007.10.28 Suspicious File
eTrust-Vet 31.2.5270 2007.11.05 -
Ewido 4.0 2007.11.06 -
FileAdvisor 1 2007.11.06 -
Fortinet 3.11.0.0 2007.10.19 Spy/Basine
F-Prot 4.4.2.54 2007.11.06 -
F-Secure 6.70.13030.0 2007.11.06 LdPinch.JVR
Ikarus T3.1.1.12 2007.11.06 Trojan-PWS.Win32.LdPinch.bph
Kaspersky 7.0.0.125 2007.11.06 -
McAfee 5156 2007.11.05 PWS-LDPinch
Microsoft 1.3007 2007.11.06 -
NOD32v2 2640 2007.11.06 Win32/PSW.LdPinch.NEL
Norman 5.80.02 2007.11.06 LdPinch.JVR
Panda 9.0.0.4 2007.11.06 Trj/LdPinch.AJF
Prevx1 V2 2007.11.06 -
Rising 20.17.12.00 2007.11.06 Trojan.PSW.Win32.LdPinch.buj
Sophos 4.23.0 2007.11.06 Mal/Basine-C
Sunbelt 2.2.907.0 2007.11.02 Trojan-PSW.Win32.Hooker.24.c
Symantec 10 2007.11.06 Infostealer
TheHacker 6.2.9.117 2007.11.06 -
VBA32 3.12.2.4 2007.11.06 Trojan.Win32.PSW.LdPinch.NEL
VirusBuster 4.3.26:9 2007.11.05 Packed/FSG
Webwasher-Gateway 6.0.1 2007.11.05 Win32.Malware.gen#FSG (suspicious)
Additional information
File size: 24231 bytes
MD5: 4acb6bf2e065d7ed9ed048d134980f5b
SHA1: c37522ec0f9b29bee95bc3062a507d9dc6b4558a
packers: PE_Patch, FSG

Макcим
06.11.2007, 20:45
Файл index.php получен 2007.11.06 17:49:28 (CET)

AVG 7.5.0.503 2007.11.06 JS/Downloader.Agent
Sophos 4.23.0 2007.11.06 Mal/ObfJS-M
Webwasher-Gateway 6.0.1 2007.11.06 JavaScript.CodeUnfolding.gen!High (suspicious)Дополнительная информация
File size: 9369 bytes
MD5: ad197989915846adf2ece6ef4469a138
SHA1: 336fdd129e6228ce8eb15f4b737c3ee9e503262e

Макcим
07.11.2007, 16:38
Файл syswqer.exe получен 2007.11.07 14:35:01 (CET)

AntiVir 7.6.0.34 2007.11.07 DR/Delphi.Gen
AVG 7.5.0.503 2007.11.07 Obfustat.SYJ
BitDefender 7.2 2007.11.07 Trojan.PWS.LDPinch.TDF
DrWeb 4.44.0.09170 2007.11.07 Trojan.Packed.194
eSafe 7.0.15.0 2007.11.06 Suspicious File
FileAdvisor 1 2007.11.07 High threat detected
Ikarus T3.1.1.12 2007.11.07 Trojan-PWS.LDPinch.TDF
Panda 9.0.0.4 2007.11.06 Generic Trojan
Sophos 4.23.0 2007.11.07 Mal/Dropper-T
VBA32 3.12.2.4 2007.11.06 suspected of Trojan-PSW.Pinch.90 (paranoid heuristics)
Webwasher-Gateway 6.0.1 2007.11.07 Trojan.Delphi.GenДополнительная информация
File size: 58368 bytes
MD5: 2b3af9294ff4f88fc5b48c609c6a1fda
SHA1: 68d74a2b8d4cc9409ceaf42ad53361d7da48ad20
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=2b3af9294ff4f88fc5b48c609c6a1fda

XL
08.11.2007, 16:46
Файл dancer.exe получен 2007.11.08 14:37:06

AhnLab-V3 2007.11.9.0 2007.11.08 -
AntiVir 7.6.0.34 2007.11.08 WORM/Zhelatin.Gen
Authentium 4.93.8 2007.11.01 -
Avast 4.7.1074.0 2007.11.08 -
AVG 7.5.0.503 2007.11.08 -
BitDefender 7.2 2007.11.08 Trojan.Peed.INS
CAT-QuickHeal 9.00 2007.11.08 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.11.07 -
DrWeb 4.44.0.09170 2007.11.08 Trojan.Packed.209
eSafe 7.0.15.0 2007.10.28 Suspicious File
eTrust-Vet 31.2.5276 2007.11.07 -
Ewido 4.0 2007.11.08 -
FileAdvisor 1 2007.11.08 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.07 -
F-Secure 6.70.13030.0 2007.11.08 -
Ikarus T3.1.1.12 2007.11.08 -
Kaspersky 7.0.0.125 2007.11.08 -
McAfee 5157 2007.11.06 New Malware.cn
Microsoft 1.3007 2007.11.08 TrojanDropper:Win32/Nuwar.gen!avkill
NOD32v2 2646 2007.11.08 probably unknown NewHeur_PE virus
Norman 5.80.02 2007.11.06 -
Panda 9.0.0.4 2007.11.06 -
Prevx1 V2 2007.11.08 -
Rising 20.17.32.00 2007.11.08 -
Sophos 4.23.0 2007.11.08 Mal/Dorf-F
Sunbelt 2.2.907.0 2007.10.31 -
Symantec 10 2007.11.08 Trojan.Peacomm.D
TheHacker 6.2.9.118 2007.11.06 -
VBA32 3.12.2.4 2007.11.06 -
VirusBuster 4.3.26:9 2007.11.06 -
Webwasher-Gateway 6.0.1 2007.07.05 Win32.Malware.gen (suspicious)
Дополнительная информация
File size: 123746 bytes
MD5: 93712eabfb4eb95973c4a279acaac069
SHA1: 15535312189baefedbb57ca41c8c9d072e61a907

свежак. рулят generic сигнатуры и эвристика....

TANUKI
09.11.2007, 06:20
Файл 6143_1_.js получен 2007.11.09 02:56:01 (CET)

AntiVir 7.6.0.34 2007.11.08 TR/Dldr.Agent.abi.1
F-Secure 6.70.13030.0 2007.11.09 Trojan-Downloader.JS.Agent.abi
Ikarus T3.1.1.12 2007.11.09 Trojan-Downloader.JS.Agent.abi
Kaspersky 7.0.0.125 2007.11.09 Trojan-Downloader.JS.Agent.abi
Sunbelt 2.2.907.0 2007.11.08 Trojan-Downloader.Agent.abi.1
Symantec 10 2007.11.09 Downloader
Webwasher-Gateway 6.0.1 2007.11.09 Trojan.Dldr.Agent.abi.1

File size: 2190 bytes
MD5: 58de1a946e120811eb7806847ba9fe85
SHA1: 435a47e933508564dc760049a16d6be7f2739983

Добавлено через 24 минуты

Файл lib_1_.exe получен 2007.11.09 02:56:54 (CET)

AntiVir 7.6.0.34 2007.11.08 HEUR/Malware
AVG 7.5.0.503 2007.11.08 BackDoor.Generic8.AAAQ
CAT-QuickHeal 9.00 2007.11.08 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.11.09 PUA.Packed.UPack-2
eSafe 7.0.15.0 2007.11.08 Suspicious File
F-Prot 4.4.2.54 2007.11.07 W32/Heuristic-162!Eldorado
Ikarus T3.1.1.12 2007.11.09 Trojan-Downloader.Win32.Zlob.and
McAfee 5159 2007.11.08 New Malware.aj
NOD32v2 2647 2007.11.09 Win32/TrojanDropper.Agent.NGP
Norman 5.80.02 2007.11.08 W32/Zlob.ASKO
Panda 9.0.0.4 2007.11.09 Suspicious file
Sophos 4.23.0 2007.11.09 Mal/Packer
Sunbelt 2.2.907.0 2007.11.08 VIPRE.Suspicious
TheHacker 6.2.9.120 2007.11.08 W32/Behav-Heuristic-060
VBA32 3.12.2.4 2007.11.08 suspected of Trojan-PSW.Game.30 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.11.08 Packed/Upack
Webwasher-Gateway 6.0.1 2007.11.09 Heuristic.Malware


Дополнительная информация
File size: 137904 bytes
MD5: 2016d135efbc5b7800b5bc1ad5462df9
SHA1: 5271bb6daca4a9914de5a3defeb148b6d8065a2a

Добавлено через 43 минуты

Файл userinit.exe получен 2007.11.09 03:45:05 (CET)

Антивирус Версия Обновление Результат
AhnLab-V3 2007.11.9.0 2007.11.09 Win-Trojan/Agent.23552.DM
AntiVir 7.6.0.34 2007.11.08 TR/Dldr.Agent.blm.16
AVG 7.5.0.503 2007.11.08 Downloader.Agent.TIA
BitDefender 7.2 2007.11.09 Trojan.Downloader.Agent.YMX
DrWeb 4.44.0.09170 2007.11.08 Trojan.DownLoader.33566
Ewido 4.0 2007.11.08 Downloader.Agent.blm
F-Secure 6.70.13030.0 2007.11.09 Trojan-Downloader.Win32.Agent.blm
Ikarus T3.1.1.12 2007.11.09 Trojan-Downloader.Win32.Agent.blm
Kaspersky 7.0.0.125 2007.11.09 Trojan-Downloader.Win32.Agent.blm
NOD32v2 2647 2007.11.09 Win32/TrojanDownloader.Agent.NRU
Norman 5.80.02 2007.11.08 W32/Agent.DAHY
Panda 9.0.0.4 2007.11.09 Suspicious file
Rising 20.17.32.00 2007.11.08 Trojan.DL.Win32.Agent.ydm
TheHacker 6.2.9.120 2007.11.08 Trojan/Downloader.Agent.blm
Webwasher-Gateway 6.0.1 2007.11.09 Trojan.Dldr.Agent.blm.16

File size: 25088 bytes
MD5: de4ad604ac304d540354ae064cd4e692
SHA1: 1c3fce3275a279191d9bc8d66e6baa4bf06fd6d4

Макcим
09.11.2007, 17:00
Тема http://virusinfo.info/showthread.php?t=14005

Файл avz00006.dta получен 2007.11.09 08:13:10 (CET)

AntiVir 7.6.0.34 2007.11.08 TR/Crypt.XPACK.Gen
AVG 7.5.0.503 2007.11.08 Downloader.Obfuskated
CAT-QuickHeal 9.00 2007.11.08 TrojanProxy.Agent.qq
DrWeb 4.44.0.09170 2007.11.08 Trojan.Packed.147
eSafe 7.0.15.0 2007.11.08 Win32.Agent.qq
F-Secure 6.70.13030.0 2007.11.09 Trojan-Proxy.Win32.Agent.qq
Ikarus T3.1.1.12 2007.11.09 Trojan-Proxy.Win32.Agent.qq
Kaspersky 7.0.0.125 2007.11.09 Trojan-Proxy.Win32.Agent.qq
Microsoft 1.3007 2007.11.09 Virus:Win32/Grum.E
NOD32v2 2647 2007.11.09 Win32/TrojanProxy.Small.NBA
Prevx1 V2 2007.11.09 Heuristic: Suspicious File With Code Injection Technology
Sophos 4.23.0 2007.11.09 Mal/Generic-A
VBA32 3.12.2.4 2007.11.08 Trojan-Proxy.Win32.Agent.qq
Webwasher-Gateway 6.0.1 2007.11.09 Trojan.Crypt.XPACK.GenFile size: 32768 bytes
MD5: e23df3f7c0a8fb86087346d80ba14b88
SHA1: 9ea8e2936787211f1042b960a112585b7a256054
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=26FBCD2B00E8E39D80B40090A63D9400D 4A87AED


Файл avz00003.dta получен 2007.11.09 08:12:34 (CET)

AntiVir 7.6.0.34 2007.11.08 TR/Crypt.XPACK.Gen
AVG 7.5.0.503 2007.11.08 Dropper.Agent.9.J
BitDefender 7.2 2007.11.09 Trojan.Proxy.Agent.AZP
DrWeb 4.44.0.09170 2007.11.08 Trojan.Packed.147
Ikarus T3.1.1.12 2007.11.09 Trojan.Win32.Agent.asu
NOD32v2 2647 2007.11.09 probably unknown NewHeur_PE virus
Webwasher-Gateway 6.0.1 2007.11.09 Trojan.Crypt.XPACK.GenДополнительная информация
File size: 33280 bytes
MD5: 0b97adc7b6d7a850608ac1102c9bb180
SHA1: 77b06d0e8ed54318a1a6ba80b8fecab8b62912bb


Файл avz00002.dta получен 2007.11.09 08:12:18 (CET)

AntiVir 7.6.0.34 2007.11.08 TR/Crypt.XPACK.Gen
AVG 7.5.0.503 2007.11.08 Dropper.Agent.9.J
BitDefender 7.2 2007.11.09 Trojan.Proxy.Agent.AZP
CAT-QuickHeal 9.00 2007.11.08 TrojanDropper.Agent.cjq
ClamAV 0.91.2 2007.11.09 Trojan.Dropper-2814
DrWeb 4.44.0.09170 2007.11.08 Trojan.Packed.147
FileAdvisor 1 2007.11.09 High threat detected
F-Secure 6.70.13030.0 2007.11.09 Trojan-Dropper.Win32.Agent.cjq
Ikarus T3.1.1.12 2007.11.09 Trojan.Win32.Agent.asu
Kaspersky 7.0.0.125 2007.11.09 Trojan-Dropper.Win32.Agent.cjq
Microsoft 1.3007 2007.11.09 Virus:Win32/Grum.G
NOD32v2 2647 2007.11.09 probably unknown NewHeur_PE virus
Panda 9.0.0.4 2007.11.09 Trj/Downloader.MDW
Sophos 4.23.0 2007.11.09 Mal/Generic-A
VBA32 3.12.2.4 2007.11.06 Trojan-Dropper.Win32.Agent.cjq
Webwasher-Gateway 6.0.1 2007.11.09 Trojan.Crypt.XPACK.GenДополнительная информация
File size: 33280 bytes
MD5: 91687869e1f5fdf5fbff020db8541e67
SHA1: ecbf8797171027270fd8ceeb0e410dc84ede12d6
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=91687869e1f5fdf5fbff020db8541e67


Файл avz00001.dta получен 2007.11.09 08:11:59 (CET)

AntiVir 7.6.0.34 2007.11.08 TR/Crypt.XPACK.Gen
AVG 7.5.0.503 2007.11.08 Dropper.Agent.9.J
BitDefender 7.2 2007.11.09 Trojan.Proxy.Agent.AZP
DrWeb 4.44.0.09170 2007.11.08 Trojan.Packed.147
Ikarus T3.1.1.12 2007.11.09 Trojan.Win32.Agent.asu
NOD32v2 2647 2007.11.09 probably unknown NewHeur_PE virus
Prevx1 V2 2007.11.09 Trojan.Nudos
Webwasher-Gateway 6.0.1 2007.11.09 Trojan.Crypt.XPACK.GenДополнительная информация
File size: 33280 bytes
MD5: f0fe48b79151c39217e3c01030e63fe7
SHA1: 41ac5e903ce68636918400d21f07ad8ebe2a2bdf
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=DBBB0A840036374C82AB00F64ECBC600D 466C95E

Добавлено через 6 часов 38 минут

Файл Elektrichka.exe получен 2007.11.09 14:28:51 (CET)

AntiVir 7.6.0.34 2007.11.09 TR/PSW.LdPinch.bsj.113
BitDefender 7.2 2007.11.09 MemScan:Trojan.PWS.LdPinch.BSJ
CAT-QuickHeal 9.00 2007.11.09 (Suspicious) - DNAScan
eTrust-Vet 31.2.5282 2007.11.09 Win32/Unknown
F-Prot 4.4.2.54 2007.11.09 W32/Heuristic-162!Eldorado
F-Secure 6.70.13030.0 2007.11.09 Trojan.Win32.Pakes.bos
Ikarus T3.1.1.12 2007.11.09 MemScanTrojan.Pws.LdPinch.BSJ
Kaspersky 7.0.0.125 2007.11.09 Trojan.Win32.Pakes.bos
Panda 9.0.0.4 2007.11.09 Suspicious file
Prevx1 V2 2007.11.09 Malware.Gen
Webwasher-Gateway 6.0.1 2007.11.09 Trojan.PSW.LdPinch.bsj.113Дополнительная информация
File size: 371712 bytes
MD5: 78abcfe77598501faaa3afb1b1d216a1
SHA1: 2328496d8a229146bae5e717eb744a38e5068bf3
packers: ASProtect
packers: PE_Patch, Aspack
packers: PE_Patch
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=5D4028450048A7D4AC9205EC35AC1800C DEB05A5


Файл avz00001.dta получен 2007.11.09 14:45:46 (CET)

AntiVir 7.6.0.34 2007.11.09 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.11.09 Possibly a new variant of W32/Threat-HLLVL-based!Maximus
AVG 7.5.0.503 2007.11.09 SHeur.YKL
BitDefender 7.2 2007.11.09 MemScan:Trojan.Spy.Bancos.AAM
CAT-QuickHeal 9.00 2007.11.09 TrojanSpy.Zbot.bu
DrWeb 4.44.0.09170 2007.11.09 Trojan.Proxy.1824
F-Prot 4.4.2.54 2007.11.09 W32/Threat-HLLVL-based!Maximus
F-Secure 6.70.13030.0 2007.11.09 Trojan-Spy.Win32.Zbot.bu
Ikarus T3.1.1.12 2007.11.09 MemScanTrojan.Spy.Bancos.AAM
Kaspersky 7.0.0.125 2007.11.09 Trojan-Spy.Win32.Zbot.bu
Panda 9.0.0.4 2007.11.09 Suspicious file
Sophos 4.23.0 2007.11.09 Mal/Behav-023
Sunbelt 2.2.907.0 2007.11.09 VIPRE.Suspicious
Symantec 10 2007.11.09 Infostealer.Notos!gen
Webwasher-Gateway 6.0.1 2007.11.09 Trojan.Crypt.XPACK.Gen
Дополнительная информация
File size: 239104 bytes
MD5: c081802b12c75c529a32e78d51bae9d7
SHA1: 42ee7db3e52e8b8b82f230e05ba1edc2d8551c3d
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.


Из темы http://forum.kaspersky.com/index.php?showtopic=52204

Файл avz00001.dta получен 2007.11.09 14:50:51 (CET)

DrWeb 4.44.0.09170 2007.11.09 Trojan.Ftpspy
Panda 9.0.0.4 2007.11.09 Trj/FtpSpy.AДополнительная информация
File size: 5632 bytes
MD5: ff570702b4b27e5ab974fc7bbb094abc
SHA1: d83c07509420f37040ae41fd2a0febfd83ddbf0c

ISO
10.11.2007, 06:11
File BitAccelerator.exe received on 11.10.2007 03:50:58 (CET)
Current status: finished
Result: 6/32 (18.75%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2007.11.10.0 2007.11.09 -
AntiVir 7.6.0.34 2007.11.09 -
Authentium 4.93.8 2007.11.09 -
Avast 4.7.1074.0 2007.11.09 -
AVG 7.5.0.503 2007.11.09 -
BitDefender 7.2 2007.11.10 Adware.BHO.WPW
CAT-QuickHeal 9.00 2007.11.09 -
ClamAV 0.91.2 2007.11.10 Adware.BHO-50
DrWeb 4.44.0.09170 2007.11.09 -
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5284 2007.11.09 -
Ewido 4.0 2007.11.09 -
FileAdvisor 1 2007.11.10 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.09 -
F-Secure 6.70.13030.0 2007.11.09 -
Ikarus T3.1.1.12 2007.11.10 Virus.Win32.AdWare
Kaspersky 7.0.0.125 2007.11.10 not-a-virus:AdWare.Win32.BHO.ic
McAfee 5160 2007.11.09 -
Microsoft 1.3007 2007.11.10 -
NOD32v2 2650 2007.11.09 -
Norman 5.80.02 2007.11.09 -
Panda 9.0.0.4 2007.11.10 Adware/BHO.L
Prevx1 V2 2007.11.10 -
Rising 20.17.42.00 2007.11.10 -
Sophos 4.23.0 2007.11.09 BitAccelerator
Sunbelt 2.2.907.0 2007.11.09 -
Symantec 10 2007.11.10 -
TheHacker 6.2.9.122 2007.11.09 -
VBA32 3.12.2.4 2007.11.08 -
VirusBuster 4.3.26:9 2007.11.09 -
Webwasher-Gateway 6.0.1 2007.11.10 -
Additional information
File size: 394128 bytes
MD5: 1697c99f32c75e42230094b9eec619ce
SHA1: e9f2a20f5c4a45e58076c29c99b38f68fa7ce3d1

Макcим
10.11.2007, 12:07
В будущем будет детектиться КАВом как not-a-virus:AdWare.Win32.BHO.kj

Файл avz00001.dta получен 2007.11.10 09:58:22 (CET)

Panda 9.0.0.4 2007.11.10 Suspicious fileДополнительная информация
File size: 399872 bytes
MD5: c0236e7c0a6f98545f9c5ac76b6c5962
SHA1: 1adef52d8190e7eef344c54d903e33ec6676f7b7

Макcим
11.11.2007, 19:28
Файл alaunch.cab получен 2007.11.11 09:46:22 (CET)

Avast 4.7.1074.0 2007.11.10 Win32:Adan-055
AVG 7.5.0.503 2007.11.10 Adware Generic.CZP
BitDefender 7.2 2007.11.11 Adware.Gamespy.B
CAT-QuickHeal 9.00 2007.11.10 RiskWare.Downloader.SpyGame (Not a Virus)
Ewido 4.0 2007.11.10 Not-A-Virus.Downloader.Win32.SpyGame
Fortinet 3.11.0.0 2007.10.19 Download/Spygame
F-Prot 4.4.2.54 2007.11.10 W32/Adware.PPN
F-Secure 6.70.13030.0 2007.11.10 W32/DLoader.AKWR
Ikarus T3.1.1.12 2007.11.11 not-a-virus:Downloader.Win32.SpyGame
Kaspersky 7.0.0.125 2007.11.11 not-a-virus:Downloader.Win32.SpyGame
McAfee 5160 2007.11.09 potentially unwanted program Adware-GameSpy
NOD32v2 2652 2007.11.11 Win32/TrojanDownloader.SpyGame.A
Norman 5.80.02 2007.11.09 W32/DLoader.AKWR
Panda 9.0.0.4 2007.11.10 Generic Trojan
Rising 20.17.60.00 2007.11.11 Trojan.DL.Agent.xtx
VBA32 3.12.2.4 2007.11.08 RiskWare.Downloader.SpyGame
Webwasher-Gateway 6.0.1 2007.11.11 Riskware.Dldr.SpyGameДополнительная информация
File size: 65941 bytes
MD5: 3c48574cf159b50ad5b9f1d101b7ba1a
SHA1: fc6f13263be0e163364c8c33480911c447202999

Добавлено через 7 часов 28 минут

Будет детектиться КАВом в следущем обновлении как not-a-virus:FraudTool.Win32.SmartAntiSpyware.b

Файл setup.exe получен 2007.11.11 16:59:44 (CET)

AhnLab-V3 2007.11.10.0 2007.11.09 -
AntiVir 7.6.0.34 2007.11.09 -
Authentium 4.93.8 2007.11.10 -
Avast 4.7.1074.0 2007.11.10 -
AVG 7.5.0.503 2007.11.11 -
BitDefender 7.2 2007.11.11 -
CAT-QuickHeal 9.00 2007.11.10 -
ClamAV 0.91.2 2007.11.11 -
DrWeb 4.44.0.09170 2007.11.11 -
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5284 2007.11.09 -
Ewido 4.0 2007.11.11 -
FileAdvisor 1 2007.11.11 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.10 -
F-Secure 6.70.13030.0 2007.11.10 -
Ikarus T3.1.1.12 2007.11.11 -
Kaspersky 7.0.0.125 2007.11.11 -
McAfee 5160 2007.11.09 -
Microsoft 1.3007 2007.11.11 -
NOD32v2 2652 2007.11.11 -
Norman 5.80.02 2007.11.09 -
Panda 9.0.0.4 2007.11.10 -
Prevx1 V2 2007.11.11 -
Rising 20.17.62.00 2007.11.11 -
Sophos 4.23.0 2007.11.11 -
Sunbelt 2.2.907.0 2007.11.09 -
Symantec 10 2007.11.11 -
TheHacker 6.2.9.123 2007.11.10 -
VBA32 3.12.2.4 2007.11.11 -
VirusBuster 4.3.26:9 2007.11.11 -
Webwasher-Gateway 6.0.1 2007.11.11 -Дополнительная информация
File size: 391187 bytes
MD5: 6c126e36a73970b4fd841ff7dc45f372
SHA1: 66dc9501d808aeaa1c1ef7052c55c164afb77005
packers: RAR, Unicode

NickGolovko_
12.11.2007, 12:43
Забэкдоренная машина, поэтому не логинюсь.

Файл avz00001.dta получен 2007.11.12 10:35:07 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.11.12.0 2007.11.12 Win-Trojan/Xema.variant
AntiVir 7.6.0.34 2007.11.12 TR/Spy.Gen
Authentium 4.93.8 2007.11.10 -
Avast 4.7.1074.0 2007.11.11 Win32:Delf-EBR
AVG 7.5.0.503 2007.11.11 BackDoor.Generic8.ZJB
BitDefender 7.2 2007.11.12 Generic.Malware.FPYdPk.92F90C9A
CAT-QuickHeal 9.00 2007.11.10 Backdoor.Delf.aws
ClamAV 0.91.2 2007.11.12 Worm.Delf-63
DrWeb 4.44.0.09170 2007.11.12 BackDoor.Kais
eSafe 7.0.15.0 2007.11.08 Win32.Delf.aws
eTrust-Vet 31.2.5289 2007.11.12 Win32/Liphew.G
Ewido 4.0 2007.11.11 Backdoor.Delf.aws
FileAdvisor 1 2007.11.12 -
Fortinet 3.11.0.0 2007.10.19 W32/BackDoor.AWS!tr.bdr
F-Prot 4.4.2.54 2007.11.10 W32/Agent.GWT
F-Secure 6.70.13030.0 2007.11.12 Backdoor.Win32.Delf.aws
Ikarus T3.1.1.12 2007.11.12 Backdoor.Win32.Hupigon.MY
Kaspersky 7.0.0.125 2007.11.12 Backdoor.Win32.Delf.aws
McAfee 5160 2007.11.09 Generic BackDoor
Microsoft 1.3007 2007.11.12 Backdoor:Win32/Delf.XD
NOD32v2 2652 2007.11.11 Win32/Delf.NFP
Norman 5.80.02 2007.11.09 W32/Suspicious_N.gen
Panda 9.0.0.4 2007.11.11 Trj/Banker.GWB
Prevx1 V2 2007.11.12 -
Rising 20.18.00.00 2007.11.12 Backdoor.RWX.2005.hx
Sophos 4.23.0 2007.11.12 Mal/EncPk-E
Sunbelt 2.2.907.0 2007.11.09 -
Symantec 10 2007.11.12 Backdoor.Graybird
TheHacker 6.2.9.124 2007.11.12 Backdoor/Delf.aws
VBA32 3.12.2.4 2007.11.11 Backdoor.Win32.Delf.aws
VirusBuster 4.3.26:9 2007.11.11 Packed/NSPack
Webwasher-Gateway 6.0.1 2007.11.12 Trojan.Spy.Gen
Дополнительная информация
File size: 280626 bytes
MD5: ef5a3159b65df5085a7ea865cbbf3dbe
SHA1: 11801ab92e9aeaa07f203f7642017d1adf4a8759
packers: NsPack, NsPack
packers: NSPack, NSPack

ISO
12.11.2007, 17:40
Провайдер сказал, что с данного компа идёт бешеный трафик, пришёл и увидел ужас сколько зверья, многое из них на вирустотале знают уже все, а вот некоторое ещё много кому не знакомо.

File xpdx.sys received on 11.12.2007 14:45:27 (CET)
Current status: finished
Result: 19/32 (59.38%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2007.11.12.0 2007.11.12 Win-Trojan/Pakes.54218
AntiVir 7.6.0.34 2007.11.12 TR/Pakes.EL
Authentium 4.93.8 2007.11.10 -
Avast 4.7.1074.0 2007.11.11 -
AVG 7.5.0.503 2007.11.11 Obfustat.SUM
BitDefender 7.2 2007.11.12 -
CAT-QuickHeal 9.00 2007.11.12 Trojan.Pakes.el
ClamAV 0.91.2 2007.11.12 -
DrWeb 4.44.0.09170 2007.11.12 Trojan.Spambot.2478
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5289 2007.11.12 -
Ewido 4.0 2007.11.12 -
FileAdvisor 1 2007.11.12 -
Fortinet 3.11.0.0 2007.10.19 W32/RKRustok.A!tr
F-Prot 4.4.2.54 2007.11.10 W32/Trojan2.DGT
F-Secure 6.70.13030.0 2007.11.12 Trojan.Win32.Pakes.el
Ikarus T3.1.1.12 2007.11.12 Trojan.Win32.Pakes.el
Kaspersky 7.0.0.125 2007.11.12 Trojan.Win32.Pakes.el
McAfee 5160 2007.11.09 Generic.dx
Microsoft 1.3007 2007.11.12 Backdoor:Win32/Rustock.gen!B
NOD32v2 2653 2007.11.12 Win32/Rustock.NCT
Norman 5.80.02 2007.11.09 -
Panda 9.0.0.4 2007.11.11 Rootkit/Spammer.ZX
Prevx1 V2 2007.11.12 -
Rising 20.18.02.00 2007.11.12 -
Sophos 4.23.0 2007.11.12 Mal/RKRustok-A
Sunbelt 2.2.907.0 2007.11.09 Backdoor.Rustock
Symantec 10 2007.11.12 -
TheHacker 6.2.9.124 2007.11.12 Trojan/Pakes.el
VBA32 3.12.2.4 2007.11.11 Trojan.Win32.Pakes.el
VirusBuster 4.3.26:9 2007.11.11 -
Webwasher-Gateway 6.0.1 2007.11.12 Trojan.Pakes.EL
Additional information
File size: 54218 bytes
MD5: 366008a494dc2ab87c9d404e859f359d
SHA1: ba37b12c6a10df3a35f7d3808cf9c0f4f39c16b1
Sunbelt info: Backdoor.Rustock is a threat that acts as a hidden proxy and enables an attacker to send spam from the machine.

Добавлено через 15 минут

File bitw.exe received on 11.12.2007 14:56:09 (CET)
Current status: finished
Result: 17/32 (53.13%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2007.11.12.0 2007.11.12 -
AntiVir 7.6.0.34 2007.11.12 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.11.10 -
Avast 4.7.1074.0 2007.11.11 -
AVG 7.5.0.503 2007.11.11 Generic8.NEC
BitDefender 7.2 2007.11.12 -
CAT-QuickHeal 9.00 2007.11.12 Trojan.Agent.ccj
ClamAV 0.91.2 2007.11.12 Trojan.Agent-9002
DrWeb 4.44.0.09170 2007.11.12 Trojan.Packed.195
eSafe 7.0.15.0 2007.11.08 Win32.Agent.ccj
eTrust-Vet 31.2.5289 2007.11.12 -
Ewido 4.0 2007.11.12 -
FileAdvisor 1 2007.11.12 -
Fortinet 3.11.0.0 2007.10.19 Basine.C
F-Prot 4.4.2.54 2007.11.10 -
F-Secure 6.70.13030.0 2007.11.12 Trojan.Win32.Agent.ccj
Ikarus T3.1.1.12 2007.11.12 Trojan.Win32.Agent.ccj
Kaspersky 7.0.0.125 2007.11.12 Trojan.Win32.Agent.ccj
McAfee 5160 2007.11.09 -
Microsoft 1.3007 2007.11.12 -
NOD32v2 2653 2007.11.12 Win32/PSW.Agent.NGT
Norman 5.80.02 2007.11.09 W32/Agent.CUWR
Panda 9.0.0.4 2007.11.11 Trj/Downloader.MDW
Prevx1 V2 2007.11.12 -
Rising 20.18.02.00 2007.11.12 -
Sophos 4.23.0 2007.11.12 Mal/Basine-C
Sunbelt 2.2.907.0 2007.11.09 -
Symantec 10 2007.11.12 -
TheHacker 6.2.9.124 2007.11.12 Trojan/Agent.ccj
VBA32 3.12.2.4 2007.11.11 Trojan.Win32.Agent.ccj
VirusBuster 4.3.26:9 2007.11.11 -
Webwasher-Gateway 6.0.1 2007.11.12 Trojan.Crypt.XPACK.Gen
Additional information
File size: 34996 bytes
MD5: 44756a3999721a52824dfa08bac23667
SHA1: 7552fdf49871c8196869d74a5d8876d1b3107ce5

Добавлено через 23 минуты

File svshost.dll received on 11.12.2007 15:09:35 (CET)
Current status: finished
Result: 22/32 (68.75%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2007.11.12.0 2007.11.12 Win-Trojan Downloader.2560.DC
AntiVir 7.6.0.34 2007.11.12 BDS/Small.ckm.2
Authentium 4.93.8 2007.11.10 -
Avast 4.7.1074.0 2007.11.11 Win32:Small-CHC
AVG 7.5.0.503 2007.11.11 BackDoor.Generic8.TVW
BitDefender 7.2 2007.11.12 -
CAT-QuickHeal 9.00 2007.11.12 Backdoor.Small.ckm
ClamAV 0.91.2 2007.11.12 -
DrWeb 4.44.0.09170 2007.11.12 Trojan.DownLoader.34918
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5289 2007.11.12 -
Ewido 4.0 2007.11.12 Backdoor.Small.ckm
FileAdvisor 1 2007.11.12 High threat detected
Fortinet 3.11.0.0 2007.10.19 W32/Small.CKM!tr.bdr
F-Prot 4.4.2.54 2007.11.10 W32/Backdoor.CAAF
F-Secure 6.70.13030.0 2007.11.12 Backdoor.Win32.Small.ckm
Ikarus T3.1.1.12 2007.11.12 Backdoor.Win32.Small.ckm
Kaspersky 7.0.0.125 2007.11.12 Backdoor.Win32.Small.ckm
McAfee 5160 2007.11.09 PWS-LDPinch
Microsoft 1.3007 2007.11.12 -
NOD32v2 2653 2007.11.12 Win32/Small.CLQ
Norman 5.80.02 2007.11.09 -
Panda 9.0.0.4 2007.11.11 Bck/Agent.GWZ
Prevx1 V2 2007.11.12 -
Rising 20.18.02.00 2007.11.12 Backdoor.Win32.Small.ckm
Sophos 4.23.0 2007.11.12 Mal/Generic-A
Sunbelt 2.2.907.0 2007.11.09 Backdoor.Win32.Small.ckm
Symantec 10 2007.11.12 -
TheHacker 6.2.9.124 2007.11.12 Backdoor/Small.ckm
VBA32 3.12.2.4 2007.11.11 Backdoor.Win32.Small.ckm
VirusBuster 4.3.26:9 2007.11.11 -
Webwasher-Gateway 6.0.1 2007.11.12 Trojan.Small.ckm.2
Additional information
File size: 2560 bytes
MD5: fe494cf81dafa9cde8dfe85231566aeb
SHA1: 372d71ff2f9a77b34ab0414b6ecbe4c8b650ca34
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=fe494cf81dafa9cde8dfe85231566aeb

Добавлено через 2 минуты

File t0.dll received on 11.12.2007 15:09:26 (CET)
Current status: finished
Result: 20/32 (62.5%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2007.11.12.0 2007.11.12 -
AntiVir 7.6.0.34 2007.11.12 TR/Dldr.Agent.dda
Authentium 4.93.8 2007.11.10 -
Avast 4.7.1074.0 2007.11.11 Win32:Agent-LOO
AVG 7.5.0.503 2007.11.11 Generic8.HES
BitDefender 7.2 2007.11.12 Generic.Malware.Fdld.A516C50D
CAT-QuickHeal 9.00 2007.11.12 -
ClamAV 0.91.2 2007.11.12 Trojan.Agent-8747
DrWeb 4.44.0.09170 2007.11.12 Trojan.DownLoader.35253
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5289 2007.11.12 Win32/Ralpsa.A
Ewido 4.0 2007.11.12 -
FileAdvisor 1 2007.11.12 -
Fortinet 3.11.0.0 2007.10.19 Heuri.E
F-Prot 4.4.2.54 2007.11.10 -
F-Secure 6.70.13030.0 2007.11.12 Trojan.Win32.Agent.bvn
Ikarus T3.1.1.12 2007.11.12 Trojan-Downloader.Win32.Agent.but
Kaspersky 7.0.0.125 2007.11.12 Trojan.Win32.Agent.bvn
McAfee 5160 2007.11.09 -
Microsoft 1.3007 2007.11.12 Trojan:Win32/Agent.ADA
NOD32v2 2653 2007.11.12 Win32/TrojanDownloader.Agent.NSB
Norman 5.80.02 2007.11.09 -
Panda 9.0.0.4 2007.11.11 Suspicious file
Prevx1 V2 2007.11.12 -
Rising 20.18.02.00 2007.11.12 Trojan.Win32.Agent.bvn
Sophos 4.23.0 2007.11.12 Mal/Heuri-E
Sunbelt 2.2.907.0 2007.11.09 Trojan.Win32/Agent.ADA
Symantec 10 2007.11.12 -
TheHacker 6.2.9.124 2007.11.12 Trojan/Agent.bvn
VBA32 3.12.2.4 2007.11.11 Trojan.Win32.Agent.bvn
VirusBuster 4.3.26:9 2007.11.11 -
Webwasher-Gateway 6.0.1 2007.11.12 Trojan.Dldr.Agent.dda
Additional information
File size: 30208 bytes
MD5: 0866b8b38b4b3b35cc4175161ca39f8f
SHA1: 3dfd5c6f2d232bc89a97feeb9ab2ab16cc1bb863
packers: UPX
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX

Добавлено через 5 минут

File wininet.exe received on 11.12.2007 15:35:16 (CET)
Current status: finished
Result: 12/32 (37.5%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2007.11.12.0 2007.11.12 -
AntiVir 7.6.0.34 2007.11.12 DR/Delphi.Gen
Authentium 4.93.8 2007.11.10 -
Avast 4.7.1074.0 2007.11.11 -
AVG 7.5.0.503 2007.11.11 SHeur.TKA
BitDefender 7.2 2007.11.12 Trojan.PWS.LDPinch.TDF
CAT-QuickHeal 9.00 2007.11.12 Backdoor.Small.clh
ClamAV 0.91.2 2007.11.12 -
DrWeb 4.44.0.09170 2007.11.12 Trojan.Packed.194
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5289 2007.11.12 -
Ewido 4.0 2007.11.12 -
FileAdvisor 1 2007.11.12 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.10 -
F-Secure 6.70.13030.0 2007.11.12 Backdoor.Win32.Small.clh
Ikarus T3.1.1.12 2007.11.12 Trojan-PWS.LDPinch.TDF
Kaspersky 7.0.0.125 2007.11.12 Backdoor.Win32.Small.clh
McAfee 5160 2007.11.09 -
Microsoft 1.3007 2007.11.12 -
NOD32v2 2653 2007.11.12 -
Norman 5.80.02 2007.11.09 -
Panda 9.0.0.4 2007.11.11 Trj/Downloader.MDW
Prevx1 V2 2007.11.12 -
Rising 20.18.02.00 2007.11.12 -
Sophos 4.23.0 2007.11.12 Mal/Dropper-T
Sunbelt 2.2.907.0 2007.11.09 -
Symantec 10 2007.11.12 -
TheHacker 6.2.9.124 2007.11.12 -
VBA32 3.12.2.4 2007.11.11 Backdoor.Win32.Small.clh
VirusBuster 4.3.26:9 2007.11.12 -
Webwasher-Gateway 6.0.1 2007.11.12 Trojan.Delphi.Gen
Additional information
File size: 23040 bytes
MD5: 71c7320afc1221ead1c548702e9975e9
SHA1: f3394fe1c2cc18f4c4d149c7deb478a085fcbc93

TANUKI
13.11.2007, 06:27
Файл DbEditor.exe получен 2007.11.13 03:48:00 (CET)

Avast 4.7.1074.0 2007.11.12 Win32:Weed
AVG 7.5.0.503 2007.11.12 Win32/Tvido
BitDefender 7.2 2007.11.13 Win32.Tvido.A
ClamAV 0.91.2 2007.11.12 W32.Dwee-1
DrWeb 4.44.0.09170 2007.11.12 Win32.Dwee.3029
F-Secure 6.70.13030.0 2007.11.13 Virus.Win32.Tvido.a
Ikarus T3.1.1.12 2007.11.13 Virus.Win32.Tvido.a
Kaspersky 7.0.0.125 2007.11.13 Virus.Win32.Tvido.a
Norman 5.80.02 2007.11.12 W32/NetworkWorm.BWC
Prevx1 V2 2007.11.13 GENERIC.MALWARE
Sunbelt 2.2.907.0 2007.11.13 VIPRE.Suspicious
VBA32 3.12.2.4 2007.11.11 Virus.Win32.Olm

File size: 733696 bytes
MD5: b3b5eb8c143ed29238b30771709ad27b
SHA1: f9d5c911f3aa840695a101371e090bb393ebf9bb

П.С. Утверждается, что это белорусский вирус :)

ISO
13.11.2007, 07:14
Прыгает на флешку вместе с файликом autorun.inf с заражённого системника, в системе в system32 есть ещё его близнецы под другими именами svshost.exe и tskmgr.exe.
File NTDETECT.EXE received on 11.13.2007 04:58:16 (CET)
Current status: finished
Result: 17/32 (53.13%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2007.11.13.0 2007.11.13 -
AntiVir 7.6.0.34 2007.11.13 TR/PSW.Webmoner.T
Authentium 4.93.8 2007.11.13 Possibly a new variant of W32/Threat-SysVenFak-based!Maximus
Avast 4.7.1074.0 2007.11.12 Win32:Trojan-gen {Other}
AVG 7.5.0.503 2007.11.12 PSW.Generic5.MUQ
BitDefender 7.2 2007.11.13 BehavesLike:Win32.Malware
CAT-QuickHeal 9.00 2007.11.12 -
ClamAV 0.91.2 2007.11.12 -
DrWeb 4.44.0.09170 2007.11.12 Win32.HLLW.Money.4
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5290 2007.11.12 -
Ewido 4.0 2007.11.12 Trojan.WebMoner.t
FileAdvisor 1 2007.11.13 -
Fortinet 3.11.0.0 2007.10.19 W32/WebMoner.T!tr.pws
F-Prot 4.4.2.54 2007.11.13 W32/Threat-SysVenFak-based!Maximus
F-Secure 6.70.13030.0 2007.11.13 Trojan-PSW.Win32.WebMoner.t
Ikarus T3.1.1.12 2007.11.13 Trojan-PWS.Win32.WebMoner.t
Kaspersky 7.0.0.125 2007.11.13 Trojan-PSW.Win32.WebMoner.t
McAfee 5161 2007.11.12 -
Microsoft 1.3007 2007.11.12 -
NOD32v2 2653 2007.11.12 -
Norman 5.80.02 2007.11.12 W32/Malware.ATTE
Panda 9.0.0.4 2007.11.13 Trj/WebMoner.AH
Prevx1 V2 2007.11.13 -
Rising 20.18.02.00 2007.11.12 Trojan.PSW.Win32.WebMoner.t
Sophos 4.23.0 2007.11.13 -
Sunbelt 2.2.907.0 2007.11.13 -
Symantec 10 2007.11.13 -
TheHacker 6.2.9.124 2007.11.13 -
VBA32 3.12.2.4 2007.11.11 Trojan-PSW.Win32.WebMoner.t
VirusBuster 4.3.26:9 2007.11.12 -
Webwasher-Gateway 6.0.1 2007.11.13 Trojan.PSW.Webmoner.T
Additional information
File size: 555520 bytes
MD5: 4de4cb50b8f3e41e9a123aafcdece965
SHA1: 40f1ee09b497b5429bd9a63618bf66175d08b684

mayas
15.11.2007, 21:51
File setup.exe received on 11.15.2007 19:37:48 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.11.16.0 2007.11.15 -
AntiVir 7.6.0.34 2007.11.15 Worm/Feebs.LQ
Authentium 4.93.8 2007.11.15 -
Avast 4.7.1074.0 2007.11.14 -
AVG 7.5.0.503 2007.11.15 Dropper.Generic.RVO
BitDefender 7.2 2007.11.15 -
CAT-QuickHeal 9.00 2007.11.15 Worm.Feebs.lq
ClamAV 0.91.2 2007.11.15 -
DrWeb 4.44.0.09170 2007.11.15 -
eSafe 7.0.15.0 2007.11.14 Suspicious File
eTrust-Vet 31.2.5297 2007.11.15 Win32/Feeb.CK
Ewido 4.0 2007.11.15 -
FileAdvisor 1 2007.11.15 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.14 W32/Heuristic-162!Eldorado
F-Secure 6.70.13030.0 2007.11.15 Worm.Win32.Feebs.lq
Ikarus T3.1.1.12 2007.11.15 Worm.Win32.Feebs.lq
Kaspersky 7.0.0.125 2007.11.15 Worm.Win32.Feebs.lq
McAfee 5164 2007.11.15 -
Microsoft 1.3007 2007.11.12 -
NOD32v2 2660 2007.11.15 -
Norman 5.80.02 2007.11.15 W32/Suspicious_U.gen
Panda 9.0.0.4 2007.11.15 -
Prevx1 V2 2007.11.15 -
Rising 20.18.31.00 2007.11.15 -
Sophos 4.23.0 2007.11.15 Mal/Generic-A
Sunbelt 2.2.907.0 2007.11.15 -
Symantec 10 2007.11.15 Downloader
TheHacker 6.2.9.129 2007.11.15 W32/Feebs.lq
VBA32 3.12.2.5 2007.11.15 suspected of MalwareScope.Worm.Feebs.1 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.11.15 -
Webwasher-Gateway 6.0.1 2007.11.15 Worm.Feebs.LQ
Additional information
File size: 104448 bytes
MD5: a35a450fd2cb571706bcb88588ec297a
SHA1: 905845fdbfcec5158a209e052e9ef245f1b42704
packers: embedded, UPack

Макcим
17.11.2007, 11:57
Файл setup.exe получен 2007.11.17 09:46:11 (CET)
AVG 7.5.0.503 2007.11.17 Downloader.Zlob.LI
BitDefender 7.2 2007.11.17 Trojan.Zlob.3.Gen
ClamAV 0.91.2 2007.11.17 Trojan.Dropper-2529
DrWeb 4.44.0.09170 2007.11.17 Trojan.Popuper.5033
Kaspersky 7.0.0.125 2007.11.17 Trojan-Downloader.Win32.Zlob.ejb
Microsoft 1.3007 2007.11.17 Trojan:Win32/Zlob.ZWC
Prevx1 V2 2007.11.17 Generic.Dropper.xCodecДополнительная информация
File size: 80637 bytes
MD5: 08787184519921376ae697f2be02c4d0
SHA1: 8a54d890603dd38d73be3a40d6fc131b6ad3ecb9
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=EF31DB76FDB74D223A3001340E34E700E A581B4E


Файл vip.exe получен 2007.11.17 07:49:03 (CET)
AntiVir 7.6.0.34 2007.11.16 HEUR/Malware
BitDefender 7.2 2007.11.17 Generic.Malware.P!Yd!dldPk!.876CD84A
CAT-QuickHeal 9.00 2007.11.16 (Suspicious) - DNAScan
DrWeb 4.44.0.09170 2007.11.16 Trojan.DownLoader.origin
eSafe 7.0.15.0 2007.11.14 suspicious Trojan/Worm
Ikarus T3.1.1.12 2007.11.17 Packed.Win32.Klone.af
McAfee 5165 2007.11.16 New Malware.u
NOD32v2 2665 2007.11.17 probably unknown NewHeur_PE virus
Norman 5.80.02 2007.11.16 W32/Suspicious_N.gen
Panda 9.0.0.4 2007.11.17 Suspicious file
Sophos 4.23.0 2007.11.17 Mal/Packer
TheHacker 6.2.9.132 2007.11.16 W32/Behav-Heuristic-067
VirusBuster 4.3.26:9 2007.11.16 Packed/NSPack
Webwasher-Gateway 6.0.1 2007.11.16 Heuristic.MalwareДополнительная информация
File size: 21752 bytes
MD5: c59d448179d6c93cff1156930fe785f4
SHA1: 9f4314678df4e508df468c031325e32b5f2fce39
packers: NSPack, PE_Patch
packers: NSPack


Файл Downloader.exe получен 2007.11.17 07:48:58 (CET)
NOD32v2 2665 2007.11.17 a variant of Win32/BHO.NAT
Prevx1 V2 2007.11.17 SPYWARE.BANKER.CPV
Sophos 4.23.0 2007.11.17 Mal/Behav-112Дополнительная информация
File size: 28672 bytes
MD5: 8456eabd2c67871b50baecb6c442f1e6
SHA1: 85013163fbfe7003f47c55eb5f7e981d3670f8a6
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=77A9513500E0218870C500E968E88F00D 35F0C43


Файл load.exe получен 2007.11.17 07:33:58 (CET)
AntiVir 7.6.0.34 2007.11.16 TR/Spy.Bancos.aam.43
AVG 7.5.0.503 2007.11.17 SHeur.ZRY
BitDefender 7.2 2007.11.17 MemScan:Trojan.Spy.Bancos.AAM
CAT-QuickHeal 9.00 2007.11.16 Backdoor.Hupigon.wgk
eSafe 7.0.15.0 2007.11.14 Suspicious File
F-Secure 6.70.13030.0 2007.11.16 Backdoor.Win32.Hupigon.wgk
Ikarus T3.1.1.12 2007.11.17 Trojan-Spy.Win32.Bancos.aam
Kaspersky 7.0.0.125 2007.11.17 Backdoor.Win32.Hupigon.wgk
Norman 5.80.02 2007.11.16 W32/Agent.DGQE
Prevx1 V2 2007.11.17 SPYWARE.BANCOS.AAM
Rising 20.18.40.00 2007.11.16 Backdoor.Win32.Gpigeon.wgk
Sophos 4.23.0 2007.11.17 Mal/Behav-164
Sunbelt 2.2.907.0 2007.11.17 Trojan-Spy.Bancos.AAM
Symantec 10 2007.11.17 Infostealer.Notos!gen
TheHacker 6.2.9.132 2007.11.16 Backdoor/Agent.cpw
Webwasher-Gateway 6.0.1 2007.11.16 Trojan.Spy.Bancos.aam.43Дополнительная информация
File size: 42496 bytes
MD5: d2f651be01c553c5e49547749f9ab7d1
SHA1: 490b2edd810ccfb864e1243f15560fbf5dba5416
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=7CF6B2470024E050A6990012CA1340002 9304EC5

rubin
18.11.2007, 10:48
Все файлы получены 17.11.2007 в 20:15.
ssqqoon.dll - not-a-virus:AdWare.Win32.Virtumonde.aqr

AntiVir 7.6.0.34 2007.11.16 ADSPY/Virtumond.afb
AVG 7.5.0.503 2007.11.17 BHO.CNT
eSafe 7.0.15.0 2007.11.14 Suspicious File
F-Secure 6.70.13030.0 2007.11.17 Vundo.gen42
NOD32v2 2665 2007.11.17 Win32/Adware.Virtumonde
Norman 5.80.02 2007.11.16 Vundo.gen42
Prevx1 V2 2007.11.17 SpywareQuake
Sunbelt 2.2.907.0 2007.11.17 Virtumonde
VirusBuster 4.3.26:9 2007.11.17 Adware.Vundo.V.Gen
Webwasher-Gateway 6.0.1 2007.11.16 Ad-Spyware.Virtumond.afb

rspakidr.dll - Trojan.Win32.BHO.xp

AVG 7.5.0.503 2007.11.17 Lop
eSafe 7.0.15.0 2007.11.14 Suspicious File
McAfee 5165 2007.11.16 Vundo
Panda 9.0.0.4 2007.11.17 Suspicious file
VirusBuster 4.3.26:9 2007.11.17 Adware.Vundo.V.Gen
Webwasher-Gateway 6.0.1 2007.11.16 Win32.Malware.gen (suspicious)

rjxhdalz.dll - not-a-virus:AdWare.Win32.SecToolBar.o

AntiVir 7.6.0.34 2007.11.16 TR/BHO.Agent.AW
AVG 7.5.0.503 2007.11.17 Obfustat.YUY
BitDefender 7.2 2007.11.17 Adware.Virtumonde.GHK
eSafe 7.0.15.0 2007.11.14 Suspicious File
NOD32v2 2665 2007.11.17 Win32/Adware.SecToolbar
Norman 5.80.02 2007.11.16 Vundo.gen50
Panda 9.0.0.4 2007.11.17 Adware/BestSellerAV
Prevx1 V2 2007.11.17 Trojan.Vundo

ddaya.dll - not-a-virus:AdWare.Win32.Virtumonde.aqq

AntiVir 7.6.0.34 2007.11.16 ADSPY/Virtumond.afa
AVG 7.5.0.503 2007.11.17 BHO.CNF
F-Secure 6.70.13030.0 2007.11.17 Vundo.gen49
NOD32v2 2665 2007.11.17 Win32/Adware.Virtumonde
Norman 5.80.02 2007.11.16 Vundo.gen49
Panda 9.0.0.4 2007.11.17 Spyware/Virtumonde
Prevx1 V2 2007.11.17 Rogue.Winfixer
VirusBuster 4.3.26:9 2007.11.17 Adware.Vundo.V.Gen
Webwasher-Gateway 6.0.1 2007.11.16 Ad-Spyware.Virtumond.afa
Symantec 10 2007.11.17 Trojan.Metajuan
VirusBuster 4.3.26:9 2007.11.17 Adware.Vundo.V.Gen
Webwasher-Gateway 6.0.1 2007.11.16 Trojan.BHO.Agent.AW

rubin
19.11.2007, 18:55
C:\WINDOWS\TEMP\winlogon.exe

File avz00001.dta received on 11.19.2007 16:42:55 (CET)
Current status: finished
Result: 4/32 (12.5%)

AhnLab-V3 2007.11.19.0 2007.11.19 -
AntiVir 7.6.0.34 2007.11.19 -
Authentium 4.93.8 2007.11.19 -
Avast 4.7.1074.0 2007.11.19 -
AVG 7.5.0.503 2007.11.19 Obfustat.ZYG
BitDefender 7.2 2007.11.19 -
CAT-QuickHeal 9.00 2007.11.19 -
ClamAV 0.91.2 2007.11.19 -
DrWeb 4.44.0.09170 2007.11.19 Trojan.Packed.194
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.3.5308 2007.11.19 -
Ewido 4.0 2007.11.19 -
FileAdvisor 1 2007.11.19 -
Fortinet 3.11.0.0 2007.11.19 -
F-Prot 4.4.2.54 2007.11.18 -
F-Secure 6.70.13030.0 2007.11.19 -
Ikarus T3.1.1.12 2007.11.19 Virus.Win32.Zapchast.DA
Kaspersky 7.0.0.125 2007.11.19 -
McAfee 5165 2007.11.16 -
Microsoft 1.3007 2007.11.19 -
NOD32v2 2668 2007.11.19 -
Norman 5.80.02 2007.11.19 -
Panda 9.0.0.4 2007.11.18 -
Prevx1 V2 2007.11.19 -
Rising 20.19.00.00 2007.11.19 -
Sophos 4.23.0 2007.11.19 Mal/Dropper-T
Sunbelt 2.2.907.0 2007.11.17 -
Symantec 10 2007.11.19 -
TheHacker 6.2.9.133 2007.11.17 -
VBA32 3.12.2.5 2007.11.19 -
VirusBuster 4.3.26:9 2007.11.18 -
Webwasher-Gateway 6.0.1 2007.11.19 -
Additional information
File size: 43520 bytes
MD5: 6a44352812e6032ab81be334ddb8b5d7
SHA1: 1b8db08d55cb2dd5396204eeeae9c452c4235855

Shu_b
20.11.2007, 15:03
Maxim, TANUKI, rubin

Большая просьба не резать, и публиковать полный лог.
(очень трудно обрабатывать)

urbanangel
21.11.2007, 01:15
File Firefox_Setup_3.0_Beta_1.rar received on 11.20.2007 22:51:50 (CET)
Current status: finished
Result: 3/32 (9.38%)

Antivirus Version Last Update Result
AhnLab-V3 2007.11.21.0 2007.11.20 -
AntiVir 7.6.0.34 2007.11.20 -
Authentium 4.93.8 2007.11.20 -
Avast 4.7.1074.0 2007.11.20 -
AVG 7.5.0.503 2007.11.20 -
BitDefender 7.2 2007.11.20 -
CAT-QuickHeal 9.00 2007.11.20 -
ClamAV 0.91.2 2007.11.20 -
DrWeb 4.44.0.09170 2007.11.20 Trojan.MulDrop.9120
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.3.5312 2007.11.20 -
Ewido 4.0 2007.11.20 -
FileAdvisor 1 2007.11.20 -
Fortinet 3.11.0.0 2007.11.20 -
F-Prot 4.4.2.54 2007.11.19 -
F-Secure 6.70.13030.0 2007.11.20 -
Ikarus T3.1.1.12 2007.11.20 -
Kaspersky 7.0.0.125 2007.11.20 -
McAfee 5167 2007.11.20 -
Microsoft 1.3007 2007.11.20 -
NOD32v2 2673 2007.11.20 -
Norman 5.80.02 2007.11.20 -
Panda 9.0.0.4 2007.11.20 Suspicious file
Prevx1 V2 2007.11.20 -
Rising 20.19.10.00 2007.11.20 -
Sophos 4.23.0 2007.11.20 -
Sunbelt 2.2.907.0 2007.11.20 -
Symantec 10 2007.11.20 -
TheHacker 6.2.9.135 2007.11.20 -
VBA32 3.12.2.5 2007.11.20 Trojan.MulDrop.9120
VirusBuster 4.3.26:9 2007.11.20 -
Webwasher-Gateway 6.0.1 2007.11.20 -
Additional information
File size: 6721731 bytes
MD5: d31848f71c6318613182766c46ff4de4
SHA1: b4826b751423dbd9a5ee0ed13210f3b1f1b9ae08
packers: PE_Patch, MewBundle, MEW

А вот, представляющая интерес выдержка из лога ESET Smart Security 3.0.563.0 на запуск этого инсталлятора

21.11.2007 0:46:25 Real-time file system protection file C:\DOCUME~1\Maxim\LOCALS~1\Temp\Setup.exe probably a variant of Win32/TrojanDropper.Agent.NGU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Downloads\Firefox_Setup_3.0_Beta_1\Firefox Setup 3.0 Beta 1.exe.

Shu_b
21.11.2007, 09:13
t=14256

File CProCtrl.sys received on 11.21.2007 06:19:13 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.11.21.0 2007.11.21 -
AntiVir 7.6.0.34 2007.11.20 -
Authentium 4.93.8 2007.11.21 -
Avast 4.7.1074.0 2007.11.20 -
AVG 7.5.0.503 2007.11.20 -
BitDefender 7.2 2007.11.21 -
CAT-QuickHeal 9.00 2007.11.20 -
ClamAV 0.91.2 2007.11.21 -
DrWeb 4.44.0.09170 2007.11.20 -
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.3.5312 2007.11.20 -
Ewido 4.0 2007.11.20 -
FileAdvisor 1 2007.11.21 -
Fortinet 3.14.0.0 2007.11.21 -
F-Prot 4.4.2.54 2007.11.21 W32/Cinmus.E.gen!Eldorado
F-Secure 6.70.13030.0 2007.11.21 -
Ikarus T3.1.1.12 2007.11.21 -
Kaspersky 7.0.0.125 2007.11.21 Rootkit.Win32.Agent.oy
McAfee 5167 2007.11.20 -
Microsoft 1.3007 2007.11.21 -
NOD32v2 2674 2007.11.21 -
Norman 5.80.02 2007.11.20 -
Panda 9.0.0.4 2007.11.21 -
Prevx1 V2 2007.11.21 -
Rising 20.19.12.00 2007.11.21 -
Sophos 4.23.0 2007.11.21 -
Sunbelt 2.2.907.0 2007.11.21 -
Symantec 10 2007.11.21 -
TheHacker 6.2.9.135 2007.11.20 -
VBA32 3.12.2.5 2007.11.20 -
VirusBuster 4.3.26:9 2007.11.20 -
Webwasher-Gateway 6.0.1 2007.11.21 -
Additional information
File size: 46080 bytes
MD5: 24a2d8c156acfadc224a71b900a3c6e0
SHA1: 375e69af3cb6b79d454c44ee9ab5989431553eef
t=14392

File ntos.exe received on 11.21.2007 06:14:17 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.11.21.0 2007.11.21 -
AntiVir 7.6.0.34 2007.11.20 -
Authentium 4.93.8 2007.11.21 -
Avast 4.7.1074.0 2007.11.20 -
AVG 7.5.0.503 2007.11.20 SHeur.ACHW
BitDefender 7.2 2007.11.21 -
CAT-QuickHeal 9.00 2007.11.20 -
ClamAV 0.91.2 2007.11.21 -
DrWeb 4.44.0.09170 2007.11.20 -
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.3.5312 2007.11.20 -
Ewido 4.0 2007.11.20 -
FileAdvisor 1 2007.11.21 -
Fortinet 3.14.0.0 2007.11.21 -
F-Prot 4.4.2.54 2007.11.21 -
F-Secure 6.70.13030.0 2007.11.21 -
Ikarus T3.1.1.12 2007.11.21 -
Kaspersky 7.0.0.125 2007.11.21 Trojan-Spy.Win32.Zbot.cz
McAfee 5167 2007.11.20 -
Microsoft 1.3007 2007.11.21 -
NOD32v2 2674 2007.11.21 -
Norman 5.80.02 2007.11.20 -
Panda 9.0.0.4 2007.11.21 Suspicious file
Prevx1 V2 2007.11.21 -
Rising 20.19.12.00 2007.11.21 -
Sophos 4.23.0 2007.11.21 -
Sunbelt 2.2.907.0 2007.11.21 -
Symantec 10 2007.11.21 -
TheHacker 6.2.9.135 2007.11.20 -
VBA32 3.12.2.5 2007.11.20 -
VirusBuster 4.3.26:9 2007.11.20 -
Webwasher-Gateway 6.0.1 2007.11.21 Win32.Malware.gen (suspicious)
Additional information
File size: 442880 bytes
MD5: 6bd9797f295b737b683dac169ff73169
SHA1: e3e10814e1a4784eb6e186db0b06259f3c415cec

rubin
21.11.2007, 14:54
t=14405

File avz00007.dta received on 11.21.2007 12:33:17 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.11.21.1 2007.11.21 -
AntiVir 7.6.0.34 2007.11.21 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.11.21 -
Avast 4.7.1074.0 2007.11.20 -
AVG 7.5.0.503 2007.11.21 Crypt.F
BitDefender 7.2 2007.11.21 Trojan.AVKiller.AW
CAT-QuickHeal 9.00 2007.11.20 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.11.21 -
DrWeb 4.44.0.09170 2007.11.21 Trojan.MulDrop.8347
eSafe 7.0.15.0 2007.11.14 Suspicious File
eTrust-Vet 31.3.5313 2007.11.21 -
Ewido 4.0 2007.11.20 -
FileAdvisor 1 2007.11.21 -
Fortinet 3.14.0.0 2007.11.21 -
F-Prot 4.4.2.54 2007.11.21 -
F-Secure 6.70.13030.0 2007.11.21 -
Ikarus T3.1.1.12 2007.11.21 -
Kaspersky 7.0.0.125 2007.11.21 -
McAfee 5167 2007.11.20 Tcad-Crypted
Microsoft 1.3007 2007.11.21 TrojanDownloader:Win32/Small.gen!AAM
NOD32v2 2674 2007.11.21 -
Norman 5.80.02 2007.11.20 -
Panda 9.0.0.4 2007.11.21 Suspicious file
Prevx1 V2 2007.11.21 -
Rising 20.19.20.00 2007.11.21 Trojan.DL.Win32.Small.evl
Sophos 4.23.0 2007.11.21 Mal/Basine-C
Sunbelt 2.2.907.0 2007.11.21 -
Symantec 10 2007.11.21 -
TheHacker 6.2.9.135 2007.11.20 -
VBA32 3.12.2.5 2007.11.20 -
VirusBuster 4.3.26:9 2007.11.21 Trojan.DR.Dirat.Gen
Webwasher-Gateway 6.0.1 2007.11.21 Trojan.Crypt.XPACK.Gen

Additional information
File size: 12395 bytes
MD5: af63e4eb1ddba00377bf939fec099b6b
SHA1: d3efd43be9e2b0b8e32f4112099cac37ebd5f7c0


File avz00002.dta received on 11.21.2007 12:34:07 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.11.21.1 2007.11.21 -
AntiVir 7.6.0.34 2007.11.21 -
Authentium 4.93.8 2007.11.21 -
Avast 4.7.1074.0 2007.11.20 -
AVG 7.5.0.503 2007.11.21 SHeur.ACTR
BitDefender 7.2 2007.11.21 -
CAT-QuickHeal 9.00 2007.11.20 -
ClamAV 0.91.2 2007.11.21 -
DrWeb 4.44.0.09170 2007.11.21 -
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.3.5313 2007.11.21 -
Ewido 4.0 2007.11.20 -
FileAdvisor 1 2007.11.21 -
Fortinet 3.14.0.0 2007.11.21 -
F-Prot 4.4.2.54 2007.11.21 -
F-Secure 6.70.13030.0 2007.11.21 -
Ikarus T3.1.1.12 2007.11.21 -
Kaspersky 7.0.0.125 2007.11.21 -
McAfee 5167 2007.11.20 -
Microsoft 1.3007 2007.11.21 Spammer:Win32/Tedroo.B
NOD32v2 2674 2007.11.21 Win32/TrojanProxy.Small.NBD
Norman 5.80.02 2007.11.20 -
Panda 9.0.0.4 2007.11.21 -
Prevx1 V2 2007.11.21 -
Rising 20.19.20.00 2007.11.21 -
Sophos 4.23.0 2007.11.21 -
Sunbelt 2.2.907.0 2007.11.21 -
Symantec 10 2007.11.21 -
TheHacker 6.2.9.135 2007.11.20 -
VBA32 3.12.2.5 2007.11.20 -
VirusBuster 4.3.26:9 2007.11.21 -
Webwasher-Gateway 6.0.1 2007.11.21 -

Additional information
File size: 32768 bytes
MD5: 8c10f9134e5a7d16aa5697de32c9d1d9
SHA1: abe50820c9b8353a6d71d180877a7f1075839f13

Selmanuk
27.11.2007, 14:30
Файл opr03U42.htm.7FFFAE33 получен 2007.11.27 12:17:23 (CET)Антивирус Версия Обновление Результат
AhnLab-V3 2007.11.27.1 2007.11.27 -
AntiVir 7.6.0.34 2007.11.27 HEUR/Exploit.HTML
Authentium 4.93.8 2007.11.24 -
Avast 4.7.1074.0 2007.11.27 -
AVG 7.5.0.503 2007.11.26 Downloader.Agent
BitDefender 7.2 2007.11.27 -
CAT-QuickHeal 9.00 2007.11.27 -
ClamAV 0.91.2 2007.11.27 -
DrWeb 4.44.0.09170 2007.11.27 Worm.Sifiliz
eSafe 7.0.15.0 2007.11.21 -
eTrust-Vet 31.3.5329 2007.11.26 -
Ewido 4.0 2007.11.26 -
FileAdvisor 1 2007.11.27 -
Fortinet 3.14.0.0 2007.11.27 -
F-Prot 4.4.2.54 2007.11.27 -
F-Secure 6.70.13030.0 2007.11.27 -
Ikarus T3.1.1.12 2007.11.27 -
Kaspersky 7.0.0.125 2007.11.27 -
McAfee 5171 2007.11.26 -
Microsoft 1.3007 2007.11.27 -
NOD32v2 2687 2007.11.26 -
Norman 5.80.02 2007.11.26 -
Panda 9.0.0.4 2007.11.26 -
Prevx1 V2 2007.11.27 -
Rising 20.20.11.00 2007.11.27 -
Sophos 4.23.0 2007.11.27 Mal/ObfJS-R
Sunbelt 2.2.907.0 2007.11.27 -
Symantec 10 2007.11.27 -
TheHacker 6.2.9.142 2007.11.26 -
VBA32 3.12.2.5 2007.11.27 -
VirusBuster 4.3.26:9 2007.11.26 -
Webwasher-Gateway 6.0.1 2007.11.27 Heuristic.Exploit.HTML

Дополнительная информация
File size: 32803 bytes
MD5: 5021a06aa8e0848d140aa2b336e89aa8
SHA1: db20d942fb98310a5b43d3cc2a035c07962e0aac

Shu_b
30.11.2007, 16:58
Сегодня последний день ноября, а так как активность данной темы немного упала, то я подбиваю промежуточные итоги. Выкладываю два графика за прошедший месяц и сумму. Месячный итог забавным получился.... ;-)

DVi
30.11.2007, 17:12
Сумма - это второй, в котором стоит максимум 140?

Shu_b
30.11.2007, 17:24
Сумма - это второй, в котором стоит максимум 140?

да, 65 + 58

Surfer
01.12.2007, 19:17
Жестокие пинчары пошли, никем не ловятся.

File illusion.exe received on 12.01.2007 15:41:05 (CET)
Result: 4/32 (12.5%)

AhnLab-V3 2007.12.1.0 2007.11.30 -
AntiVir 7.6.0.34 2007.11.30 -
Authentium 4.93.8 2007.12.01 -
Avast 4.7.1074.0 2007.11.30 -
AVG 7.5.0.503 2007.12.01 -
BitDefender 7.2 2007.12.01 -
CAT-QuickHeal 9.00 2007.12.01 -
ClamAV 0.91.2 2007.12.01 -
DrWeb 4.44.0.09170 2007.12.01 -
eSafe 7.0.15.0 2007.11.29 -
eTrust-Vet 31.3.5340 2007.11.30 -
Ewido 4.0 2007.12.01 -
FileAdvisor 1 2007.12.01 -
Fortinet 3.14.0.0 2007.12.01 -
F-Prot 4.4.2.54 2007.11.30 -
F-Secure 6.70.13030.0 2007.11.30 -
Ikarus T3.1.1.12 2007.12.01 Virus.Win32.Zapchast.DA
Kaspersky 7.0.0.125 2007.12.01 Trojan.BAT.Runner.j
McAfee 5175 2007.11.30 -
Microsoft 1.3007 2007.12.01 -
NOD32v2 2696 2007.11.30 -
Norman 5.80.02 2007.11.30 -
Panda 9.0.0.4 2007.12.01 -
Prevx1 V2 2007.12.01 -
Rising 20.20.51.00 2007.12.01 Trojan.DL.Win32.Agent.bxw
Sophos 4.23.0 2007.12.01 Mal/Dropper-T
Sunbelt 2.2.907.0 2007.12.01 -
Symantec 10 2007.12.01 -
TheHacker 6.2.9.146 2007.11.30 -
VBA32 3.12.2.5 2007.12.01 -
VirusBuster 4.3.26:9 2007.11.30 -
Webwasher-Gateway 6.6.2 2007.12.01 -
Additional information
File size: 159843 bytes
MD5: 1b4023097c4e527b5e2e465d026d68cc
SHA1: 8bfd2cc1a1b4dbab31b15bc0581e6149c2cd1c29
packers: RAR

А вот он же, но в распакованом виде

File 1.exe received on 12.01.2007 15:46:00 (CET)
Result: 3/32 (9.38%)


Antivirus Version Last Update Result
AhnLab-V3 2007.12.1.0 2007.11.30 -
AntiVir 7.6.0.34 2007.11.30 -
Authentium 4.93.8 2007.12.01 -
Avast 4.7.1074.0 2007.11.30 -
AVG 7.5.0.503 2007.12.01 -
BitDefender 7.2 2007.12.01 -
CAT-QuickHeal 9.00 2007.12.01 -
ClamAV 0.91.2 2007.12.01 -
DrWeb 4.44.0.09170 2007.12.01 -
eSafe 7.0.15.0 2007.11.29 -
eTrust-Vet 31.3.5340 2007.11.30 -
Ewido 4.0 2007.12.01 -
FileAdvisor 1 2007.12.01 -
Fortinet 3.14.0.0 2007.12.01 -
F-Prot 4.4.2.54 2007.11.30 -
F-Secure 6.70.13030.0 2007.11.30 -
Ikarus T3.1.1.12 2007.12.01 Virus.Win32.Zapchast.DA
Kaspersky 7.0.0.125 2007.12.01 -
McAfee 5175 2007.11.30 -
Microsoft 1.3007 2007.12.01 -
NOD32v2 2696 2007.11.30 -
Norman 5.80.02 2007.11.30 -
Panda 9.0.0.4 2007.12.01 -
Prevx1 V2 2007.12.01 -
Rising 20.20.51.00 2007.12.01 Trojan.DL.Win32.Agent.bxw
Sophos 4.23.0 2007.12.01 Mal/Dropper-T
Sunbelt 2.2.907.0 2007.12.01 -
Symantec 10 2007.12.01 -
TheHacker 6.2.9.146 2007.11.30 -
VBA32 3.12.2.5 2007.12.01 -
VirusBuster 4.3.26:9 2007.11.30 -
Webwasher-Gateway 6.6.2 2007.12.01 -
Additional information
File size: 28672 bytes
MD5: 5564a7b0ec2c7012c64af96a87876491
SHA1: 840a0c70f91e49b4a6edb5fcb1b8eb64e9fcdb87

Helgin
02.12.2007, 06:28
Антивирус Версия Обновление Результат
AhnLab-V3 2007.12.1.0 2007.11.30 -
AntiVir 7.6.0.34 2007.11.30 CC/UKMalw.LB
Authentium 4.93.8 2007.12.01 W32/Trojan.BWKV
Avast 4.7.1074.0 2007.12.01 -
AVG 7.5.0.503 2007.12.01 -
BitDefender 7.2 2007.12.02 -
CAT-QuickHeal 9.00 2007.12.01 Trojan.Soltek.kj
ClamAV 0.91.2 2007.12.02 -
DrWeb 4.44.0.09170 2007.12.01 -
eSafe 7.0.15.0 2007.11.29 -
eTrust-Vet 31.3.5340 2007.11.30 -
Ewido 4.0 2007.12.01 Trojan.Legmir
FileAdvisor 1 2007.12.02 -
Fortinet 3.14.0.0 2007.12.01 Generic.A!tr
F-Prot 4.4.2.54 2007.11.30 W32/Trojan.BWKV
F-Secure 6.70.13030.0 2007.11.30 W32/Malware.dam
Ikarus T3.1.1.12 2007.12.02 Trojan-PWS.Legmir
Kaspersky 7.0.0.125 2007.12.02 -
McAfee 5175 2007.11.30 Generic Packed
Microsoft 1.3007 2007.12.02 -
NOD32v2 2696 2007.11.30 -
Norman 5.80.02 2007.11.30 W32/Malware.dam
Panda 9.0.0.4 2007.12.02 Generic Trojan
Prevx1 V2 2007.12.02 Generic.Malware
Rising 20.20.52.00 2007.12.02 -
Sophos 4.23.0 2007.12.01 Mal/Generic-A
Sunbelt 2.2.907.0 2007.12.01 -
Symantec 10 2007.12.02 Backdoor.EggDrop
TheHacker 6.2.9.147 2007.12.01 -
VBA32 3.12.2.5 2007.12.01 Trojan.PWS.Legmir
VirusBuster 4.3.26:9 2007.12.01 -
Webwasher-Gateway 6.6.2 2007.12.01 Virus.UKMalw.LB
Дополнительная информация
File size: 61440 bytes
MD5: 9a667611eb788402ccadd829e29a4184
SHA1: 1b28150e07c4da97c7f343f63acf8a468a5f3733
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=6732446900B8FDA7F00A0052F5ABFE00B D2000BF[/CODE]

Макcим
02.12.2007, 17:42
Из темы http://virusinfo.info/showthread.php?t=14788
AhnLab-V3 2007.12.1.0 2007.11.30 -
AntiVir 7.6.0.34 2007.11.30 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.12.01 -
Avast 4.7.1074.0 2007.12.02 -
AVG 7.5.0.503 2007.12.02 -
BitDefender 7.2 2007.12.02 -
CAT-QuickHeal 9.00 2007.12.01 -
ClamAV 0.91.2 2007.12.02 -
DrWeb 4.44.0.09170 2007.12.02 Trojan.Packed.147
eSafe 7.0.15.0 2007.11.29 -
eTrust-Vet 31.3.5340 2007.11.30 -
Ewido 4.0 2007.12.02 -
FileAdvisor 1 2007.12.02 -
Fortinet 3.14.0.0 2007.12.02 -
F-Prot 4.4.2.54 2007.11.30 -
F-Secure 6.70.13030.0 2007.11.30 -
Ikarus T3.1.1.12 2007.12.02 -
Kaspersky 7.0.0.125 2007.12.02 -
McAfee 5175 2007.11.30 -
Microsoft 1.3007 2007.12.02 Spammer:Win32/Tedroo.B
NOD32v2 2697 2007.12.02 -
Norman 5.80.02 2007.11.30 -
Panda 9.0.0.4 2007.12.02 -
Prevx1 V2 2007.12.02 -
Rising 20.20.62.00 2007.12.02 -
Sophos 4.23.0 2007.12.02 -
Sunbelt 2.2.907.0 2007.12.01 -
Symantec 10 2007.12.02 -
TheHacker 6.2.9.147 2007.12.01 -
VBA32 3.12.2.5 2007.12.02 -
VirusBuster 4.3.26:9 2007.12.01 -
Webwasher-Gateway 6.6.2 2007.12.01 Trojan.Crypt.XPACK.Gen
Дополнительная информация
File size: 32768 bytes
MD5: ba6f53f0ccb15762068f41681d387761
SHA1: 5b4da53e8f918159c97f96f78971c430f6627dce

ssa555
03.12.2007, 23:59
Из темы http://virusinfo.info/showthread.php?t=14796


Файл mssrv32.exe получен 2007.12.03 19:56:29 (CET)Антивирус Версия Обновление Результат
AhnLab-V3 2007.12.4.0 2007.12.03 -
AntiVir 7.6.0.34 2007.12.03 TR/Dldr.Agent.fow
Authentium 4.93.8 2007.12.03 -
Avast 4.7.1074.0 2007.12.03 -
AVG 7.5.0.503 2007.12.03 Obfustat.ABFX
BitDefender 7.2 2007.12.03 -
CAT-QuickHeal 9.00 2007.12.03 TrojanDownloader.Agent.fow
ClamAV 0.91.2 2007.12.03 -
DrWeb 4.44.0.09170 2007.12.03 Trojan.Packed.194
eSafe 7.0.15.0 2007.12.03 -
eTrust-Vet 31.3.5340 2007.11.30 -
Ewido 4.0 2007.12.03 -
FileAdvisor 1 2007.12.03 -
Fortinet 3.14.0.0 2007.12.03 -
F-Prot 4.4.2.54 2007.12.02 -
F-Secure 6.70.13030.0 2007.12.03 Trojan-Downloader.Win32.Agent.fow
Ikarus T3.1.1.12 2007.12.03 Virus.Win32.Zapchast.DA
Kaspersky 7.0.0.125 2007.12.03 Trojan-Downloader.Win32.Agent.fow
McAfee 5176 2007.12.03 -
Microsoft 1.3007 2007.12.03 -
NOD32v2 2698 2007.12.03 -
Norman 5.80.02 2007.12.03 -
Panda 9.0.0.4 2007.12.02 -
Prevx1 V2 2007.12.03 -
Rising 20.21.02.00 2007.12.03 Trojan.DL.Win32.Agent.bxw
Sophos 4.23.0 2007.12.03 -
Sunbelt 2.2.907.0 2007.12.01 -
Symantec 10 2007.12.03 -
TheHacker 6.2.9.147 2007.12.01 -
VBA32 3.12.2.5 2007.12.03 -
VirusBuster 4.3.26:9 2007.12.03 -
Webwasher-Gateway 6.6.2 2007.12.03 Trojan.Dldr.Agent.fow

Дополнительная информация
File size: 24576 bytes
MD5: f0bc7f9da285c7714917756de15a53ea
SHA1: 8fd774c3ded5b7cfc69a863f1a5793315c143681
PEiD: -

Shu_b
04.12.2007, 12:12
t - 14813

Antivirus Version Last Update Result
AhnLab-V3 2007.12.4.0 2007.12.03 -
AntiVir 7.6.0.34 2007.12.03 -
Authentium 4.93.8 2007.12.04 -
Avast 4.7.1074.0 2007.12.03 -
AVG 7.5.0.503 2007.12.04 -
BitDefender 7.2 2007.12.04 -
CAT-QuickHeal 9.00 2007.12.03 -
ClamAV 0.91.2 2007.12.04 -
DrWeb 4.44.0.09170 2007.12.03 -
eSafe 7.0.15.0 2007.12.03 Win32.Eterok.C
eTrust-Vet 31.3.5349 2007.12.04 -
Ewido 4.0 2007.12.03 -
FileAdvisor 1 2007.12.04 -
Fortinet 3.14.0.0 2007.12.04 -
F-Prot 4.4.2.54 2007.12.04 -
F-Secure 6.70.13030.0 2007.12.04 -
Ikarus T3.1.1.12 2007.12.04 -
Kaspersky 7.0.0.125 2007.12.04 -
McAfee 5176 2007.12.03 -
Microsoft 1.3007 2007.12.03 -
NOD32v2 2699 2007.12.03 -
Norman 5.80.02 2007.12.03 -
Panda 9.0.0.4 2007.12.03 -
Prevx1 V2 2007.12.04 -
Rising 20.21.02.00 2007.12.03 -
Sophos 4.24.0 2007.12.04 -
Sunbelt 2.2.907.0 2007.12.01 -
Symantec 10 2007.12.04 Backdoor.Eterok.C
TheHacker 6.2.9.148 2007.12.03 -
VBA32 3.12.2.5 2007.12.03 -
VirusBuster 4.3.26:9 2007.12.03 -
Webwasher-Gateway 6.6.2 2007.12.03 -
Additional information
File size: 19968 bytes

t-14175

File _svchost.exe ( ie_updater.exe ) received on 12.04.2007 09:36:34 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.4.0 2007.12.03 Win-Trojan/Xema.variant
AntiVir 7.6.0.34 2007.12.04 -
Authentium 4.93.8 2007.12.04 -
Avast 4.7.1074.0 2007.12.03 Win32:Tiny-LJ
AVG 7.5.0.503 2007.12.04 Downloader.Generic6.WVT
BitDefender 7.2 2007.12.04 -
CAT-QuickHeal 9.00 2007.12.03 TrojanDownloader.Tiny.abz
ClamAV 0.91.2 2007.12.04 -
DrWeb 4.44.0.09170 2007.12.04 Trojan.DownLoader.origin
eSafe 7.0.15.0 2007.12.03 -
eTrust-Vet 31.3.5349 2007.12.04 -
Ewido 4.0 2007.12.03 -
FileAdvisor 1 2007.12.04 -
Fortinet 3.14.0.0 2007.12.04 -
F-Prot 4.4.2.54 2007.12.04 -
F-Secure 6.70.13030.0 2007.12.04 -
Ikarus T3.1.1.12 2007.12.04 Virus.Win32.Tiny.LJ
Kaspersky 7.0.0.125 2007.12.04 -
McAfee 5176 2007.12.03 Generic Downloader.k
Microsoft 1.3007 2007.12.03 -
NOD32v2 2699 2007.12.03 Win32/TrojanDownloader.Tiny.NJ
Norman 5.80.02 2007.12.03 -
Panda 9.0.0.4 2007.12.03 Trj/Downloader.RLK
Prevx1 V2 2007.12.04 Heuristic: Suspicious File With Outbound Communications
Rising 20.21.10.00 2007.12.04 -
Sophos 4.24.0 2007.12.04 -
Sunbelt 2.2.907.0 2007.12.01 -
Symantec 10 2007.12.04 -
TheHacker 6.2.9.148 2007.12.03 -
VBA32 3.12.2.5 2007.12.03 -
VirusBuster 4.3.26:9 2007.12.03 -
Webwasher-Gateway 6.6.2 2007.12.04 -
Additional information
File size: 6144 bytes
MD5: a375f523505751cf04a34506315fd982
SHA1: 0b2eeee53b89ea666653ed5e770824d637d633ef
PEiD: -
packers: embedded

Ultima Weapon
05.12.2007, 06:28
File pskavs.zip received on 12.04.2007 12:09:29 (CET)
Current status: finished
Result: 6/32 (18.75%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - Frisk #2
Authentium - - -
Avast - - Win32:CTX
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - Sirius.Annihilator.272
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - Virus.Win32.CTX
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - W95/Whog-878b
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Win32.Bumble
Additional information
MD5: f20440d212d03abdb531eb3c99e1a47a

Добавлено через 8 минут

File Sample_3.zip received on 12.04.2007 12:57:39 (CET)
Current status: finished
Result: 21/32 (65.63%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2007.12.4.1 2007.12.04 -
AntiVir 7.6.0.34 2007.12.04 TR/Crack.H.5
Authentium 4.93.8 2007.12.04 -
Avast 4.7.1074.0 2007.12.04 Win32ownloader-AS
AVG 7.5.0.503 2007.12.04 Downloader.Generic2.LKM
BitDefender 7.2 2007.12.04 Trojan.Crack.H
CAT-QuickHeal 9.00 2007.12.03 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.12.04 -
DrWeb 4.44.0.09170 2007.12.04 -
eSafe 7.0.15.0 2007.12.03 Win32.Trojan
eTrust-Vet 31.3.5349 2007.12.04 -
Ewido 4.0 2007.12.04 Trojan.Crack.h
FileAdvisor 1 2007.12.04 -
Fortinet 3.14.0.0 2007.12.04 Crack.D!tr
F-Prot 4.4.2.54 2007.12.04 W32/Heuristic-162!Eldorado
F-Secure 6.70.13030.0 2007.12.04 W32/DLoader.ASHL
Ikarus T3.1.1.12 2007.12.04 Trojan-PWS.Win32.LdPinch.SX
Kaspersky 7.0.0.125 2007.12.04 -
McAfee 5176 2007.12.03 Downloader.gen.a
Microsoft 1.3007 2007.12.03 -
NOD32v2 2699 2007.12.03 probably a variant of Win32/Agent
Norman 5.80.02 2007.12.04 W32/DLoader.ASHL
Panda 9.0.0.4 2007.12.03 Suspicious file
Prevx1 V2 2007.12.04 Generic.Malware
Rising 20.21.10.00 2007.12.04 Hack.Win32.Dpatch.a
Sophos 4.24.0 2007.12.04 Troj/Crack-D
Sunbelt 2.2.907.0 2007.12.01 VIPRE.Suspicious
Symantec 10 2007.12.04 Trojan Horse
TheHacker 6.2.9.148 2007.12.03 -
VBA32 3.12.2.5 2007.12.03 -
VirusBuster 4.3.26:9 2007.12.03 -
Webwasher-Gateway 6.6.2 2007.12.04 Trojan.Crack.H.5

Добавлено через 5 минут

File Trojan_1.zip received on 12.04.2007 13:03:24 (CET)
Current status: finished
Result: 20/32 (62.5%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2007.12.4.1 2007.12.04 -
AntiVir 7.6.0.34 2007.12.04 TR/Crack.H.3
Authentium 4.93.8 2007.12.04 -
Avast 4.7.1074.0 2007.12.04 Win32ownloader-AS
AVG 7.5.0.503 2007.12.04 Downloader.Generic2.LKM
BitDefender 7.2 2007.12.04 Trojan.Crack.H
CAT-QuickHeal 9.00 2007.12.03 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.12.04 -
DrWeb 4.44.0.09170 2007.12.04 -
eSafe 7.0.15.0 2007.12.03 Win32.Trojan
eTrust-Vet 31.3.5349 2007.12.04 -
Ewido 4.0 2007.12.04 Trojan.Crack.h
FileAdvisor 1 2007.12.04 -
Fortinet 3.14.0.0 2007.12.04 W32/Crack.D!tr
F-Prot 4.4.2.54 2007.12.04 W32/Heuristic-162!Eldorado
F-Secure 6.70.13030.0 2007.12.04 W32/DLoader.ASHL
Ikarus T3.1.1.12 2007.12.04 Trojan-PWS.Win32.LdPinch.SX
Kaspersky 7.0.0.125 2007.12.04 -
McAfee 5176 2007.12.03 Generic Downloader.z
Microsoft 1.3007 2007.12.03 -
NOD32v2 2699 2007.12.03 probably a variant of Win32/Agent
Norman 5.80.02 2007.12.04 W32/DLoader.ASHL
Panda 9.0.0.4 2007.12.03 Generic Trojan
Prevx1 V2 2007.12.04 -
Rising 20.21.10.00 2007.12.04 Hack.Win32.Dpatch.a
Sophos 4.24.0 2007.12.04 Troj/Crack-D
Sunbelt 2.2.907.0 2007.12.01 Trojan.Unclassified.gen
Symantec 10 2007.12.04 Trojan Horse
TheHacker 6.2.9.148 2007.12.03 -
VBA32 3.12.2.5 2007.12.03 -
VirusBuster 4.3.26:9 2007.12.03 -
Webwasher-Gateway 6.6.2 2007.12.04 Trojan.Crack.H.3

Добавлено через 1 минуту

ile Trojan_Win_32_Agent.cro.zip received on 12.04.2007 11:15:37 (CET)
Current status: finished
Result: 26/32 (81.25%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - TR/Drop.Agent.cro
Authentium - - W32/Splendor.7116
Avast - - Win32:Agent-NMK
AVG - - Win32/Virut
BitDefender - - Trojan.Downloader.LoadAdv.XXA
CAT-QuickHeal - - Win32.Trojan.Pakes
ClamAV - - Trojan.Agent-9180
DrWeb - - Trojan.Packed.155
eSafe - - Win32.Agent.cro
eTrust-Vet - - -
Ewido - - Trojan.Agent.cro
FileAdvisor - - -
Fortinet - - W32/Agent.VD!tr
F-Prot - - W32/Backdoor.CARM
F-Secure - - Virus.Win32.Virut.av
Ikarus - - Trojan.Win32.Agent.cro
Kaspersky - - Trojan.Win32.Agent.cro
McAfee - - W32/Virut.gen.a
Microsoft - - Virus:Win32/Virut.AC
NOD32v2 - - Win32/TrojanDownloader.Agent.NSP
Norman - - DLoader.EBYE
Panda - - Trj/Agent.HCK
Prevx1 - - -
Rising - - Trojan.Win32.Mnless.zir
Sophos - - Mal/HckPk-A
Sunbelt - - -
Symantec - - W32.Virut.W
TheHacker - - -
VBA32 - - Trojan.Win32.Agent.cro
VirusBuster - - Adware.Vundo.V.Gen
Webwasher-Gateway - - Trojan.Drop.Agent.cro


File crude.exe received on 12.05.2007 04:09:52 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 4/32 (12.5%)


AhnLab-V3 2007.12.5.0 2007.12.05 -
AntiVir 7.6.0.34 2007.12.04 -
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 -
AVG 7.5.0.503 2007.12.04 -
BitDefender 7.2 2007.12.05 -
CAT-QuickHeal 9.00 2007.12.04 -
ClamAV 0.91.2 2007.12.05 -
DrWeb 4.44.0.09170 2007.12.04 -
eSafe 7.0.15.0 2007.12.04 suspicious Trojan/Worm
eTrust-Vet 31.3.5352 2007.12.05 -
Ewido 4.0 2007.12.04 -
FileAdvisor 1 2007.12.05 -
Fortinet 3.14.0.0 2007.12.04 -
F-Prot 4.4.2.54 2007.12.05 -
F-Secure 6.70.13030.0 2007.12.05 -
Ikarus T3.1.1.12 2007.12.05 -
Kaspersky 7.0.0.125 2007.12.05 -
McAfee 5177 2007.12.04 -
Microsoft 1.3007 2007.12.03 -
NOD32v2 2701 2007.12.05 -
Norman 5.80.02 2007.12.04 -
Panda 9.0.0.4 2007.12.04 -
Prevx1 V2 2007.12.05 Generic.Malware
Rising 20.21.12.00 2007.12.05 -
Sophos 4.24.0 2007.12.05 -
Sunbelt 2.2.907.0 2007.12.05 VIPRE.Suspicious
Symantec 10 2007.12.05 -
TheHacker 6.2.9.150 2007.12.05 -
VBA32 3.12.2.5 2007.12.04 -
VirusBuster 4.3.26:9 2007.12.04 -
Webwasher-Gateway 6.6.2 2007.12.04 Win32.Malware.gen#UPX!92 (suspicious)

Добавлено через 6 минут

File noisybearcab_bin received on 07.23.2007 09:36:30 (CET)
Result: 20/30 (66.67%)
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - Java/NoisyBear
Authentium - - is a destructive program
Avast - - JS:NoisyBear
AVG - - -
BitDefender - - Trojan.NoisyBear
CAT-QuickHeal - - -
ClamAV - - Java.Noisybear
DrWeb - - Trojan.NoisyBear
eSafe - - Drummer
eTrust-Vet - - Java/Nosybea
Ewido - - Trojan.NoisyBear
FileAdvisor - - -
Fortinet - - JAV/Noisybear!tr
F-Prot - - Java/Trojan!217c
F-Secure - - Java/NoisyBear.A
Ikarus - - Trojan.NoisyBear
Kaspersky - - -
McAfee - - JV/g
Microsoft - - Trojan:Java/Noisybear
NOD32v2 - - -
Norman - - -
Panda - - JV/NoisyBear
Sophos - - Troj/NoisyBear
Sunbelt - - -
Symantec - - Trojan Horse
TheHacker - - -
VBA32 - - -
VirusBuster - - Java.NoisyBear
Webwasher-Gateway - - Java.NoisyBear

File emul.zip received on 12.03.2007 07:49:40 (CET)
Result: 16/32 (50%)
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - TR/Hijack.Explor.4284
Authentium - - -
Avast - - Win32:Avtest
AVG - - Downloader.Delf.LY
BitDefender - - BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Win32.Delf.adw
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - W32/Downloader.AJC
Ikarus - - BehavesLikeWin32.ExplorerHijack
Kaspersky - - Heur.Invader
McAfee - - -
Microsoft - - TrojanDownloader:Win32/Delf
NOD32v2 - - probably unknown NewHeur_PE virus
Norman - - W32/Downloader.AJC
Panda - - Suspicious file
Prevx1 - - Generic.Malware
Rising - - -
Sophos - - -
Sunbelt - - Win32.ExplorerHijack
Symantec - - -
TheHacker - - -
VBA32 - - suspected of Win32.Trojan.Downloader (http://...)
VirusBuster - - -
Webwasher-Gateway - - Trojan.Hijack.Explor.4284


Добавлено через 4 минуты

File EvID4226.exe received on 12.04.2007 16:11:06 (CET)
Result: 15/32 (46.88%)
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - Potentially harmful program HackTool.AB
BitDefender - - Application.Evid.M
CAT-QuickHeal - - AdWare.Agent.bq (Not a Virus)
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - Not-A-Virus.Hacktool.EvID
FileAdvisor - - High threat detected
Fortinet - - HackerTool/Evid
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - potentially unwanted program Tool-Evid
Microsoft - - -
NOD32v2 - - Win32/Tool.EvID4226
Norman - - -
Panda - - HackTool/EvID
Prevx1 - - Potentially harmful program HackTool.AB
Rising - - -
Sophos - - EvID4226
Sunbelt - - Event ID 4226 Patcher
Symantec - - -
TheHacker - - Aplicacion/Tool.evid
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Riskware.Tool.EvID4226.A

Ultima Weapon
05.12.2007, 16:32
File askBarSetup.zip received on 12.05.2007 08:29:00 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 4/32 (12.5%)

Antivirus Version Last Update Result
AhnLab-V3 2007.12.5.0 2007.12.05 -
AntiVir 7.6.0.34 2007.12.05 -
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 -
AVG 7.5.0.503 2007.12.04 -
BitDefender 7.2 2007.12.05 -
CAT-QuickHeal 9.00 2007.12.04 -
ClamAV 0.91.2 2007.12.05 -
DrWeb 4.44.0.09170 2007.12.04 -
eSafe 7.0.15.0 2007.12.04 -
eTrust-Vet 31.3.5352 2007.12.05 -
Ewido 4.0 2007.12.04 -
FileAdvisor 1 2007.12.05 -
Fortinet 3.14.0.0 2007.12.05 -
F-Prot 4.4.2.54 2007.12.05 W32/Mywebsearch.I.gen!Eldorado
F-Secure 6.70.13030.0 2007.12.05 -
Ikarus T3.1.1.12 2007.12.05 -
Kaspersky 7.0.0.125 2007.12.05 -
McAfee 5177 2007.12.04 -
Microsoft 1.3007 2007.12.05 -
NOD32v2 2703 2007.12.05 a variant of Win32/AdInstaller
Norman 5.80.02 2007.12.04 -
Panda 9.0.0.4 2007.12.04 -
Prevx1 V2 2007.12.05 Heuristic: Suspicious Hijacker
Rising 20.21.20.00 2007.12.05 -
Sophos 4.24.0 2007.12.05 -
Sunbelt 2.2.907.0 2007.12.05 -
Symantec 10 2007.12.05 -
TheHacker 6.2.9.150 2007.12.05 -
VBA32 3.12.2.5 2007.12.04 suspected of Trojan-Dropper.Delf.36 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.12.04 -
Webwasher-Gateway 6.6.2 2007.12.05 -

Добавлено через 8 минут

File gen.exe received on 12.05.2007 08:37:09 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 4/32 (12.5%)


Antivirus Version Last Update Result
AhnLab-V3 2007.12.5.0 2007.12.05 -
AntiVir 7.6.0.34 2007.12.05 -
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 -
AVG 7.5.0.503 2007.12.04 -
BitDefender 7.2 2007.12.05 -
CAT-QuickHeal 9.00 2007.12.04 -
ClamAV 0.91.2 2007.12.05 -
DrWeb 4.44.0.09170 2007.12.04 -
eSafe 7.0.15.0 2007.12.04 suspicious Trojan/Worm
eTrust-Vet 31.3.5352 2007.12.05 -
Ewido 4.0 2007.12.04 -
FileAdvisor 1 2007.12.05 -
Fortinet 3.14.0.0 2007.12.05 -
F-Prot 4.4.2.54 2007.12.05 -
F-Secure 6.70.13030.0 2007.12.05 -
Ikarus T3.1.1.12 2007.12.05 -
Kaspersky 7.0.0.125 2007.12.05 -
McAfee 5177 2007.12.04 -
Microsoft 1.3007 2007.12.05 -
NOD32v2 2703 2007.12.05 -
Norman 5.80.02 2007.12.04 -
Panda 9.0.0.4 2007.12.04 Suspicious file
Prevx1 V2 2007.12.05 -
Rising 20.21.20.00 2007.12.05 -
Sophos 4.24.0 2007.12.05 -
Sunbelt 2.2.907.0 2007.12.05 VIPRE.Suspicious
Symantec 10 2007.12.05 -
TheHacker 6.2.9.150 2007.12.05 -
VBA32 3.12.2.5 2007.12.04 -
VirusBuster 4.3.26:9 2007.12.04 -
Webwasher-Gateway 6.6.2 2007.12.05 Win32.Malware.gen#UPX!92 (suspicious)

Добавлено через 22 минуты

File b.exe received on 12.05.2007 08:57:30 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 15/32 (46.88%)

Antivirus Version Last Update Result
AhnLab-V3 2007.12.5.0 2007.12.05 -
AntiVir 7.6.0.34 2007.12.05 -
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 -
AVG 7.5.0.503 2007.12.04 Generic5.HNY
BitDefender 7.2 2007.12.05 -
CAT-QuickHeal 9.00 2007.12.04 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.12.05 PUA.Packed.UPack-2
DrWeb 4.44.0.09170 2007.12.04 -
eSafe 7.0.15.0 2007.12.04 Suspicious File
eTrust-Vet 31.3.5352 2007.12.05 -
Ewido 4.0 2007.12.04 -
FileAdvisor 1 2007.12.05 High threat detected
Fortinet 3.14.0.0 2007.12.05 -
F-Prot 4.4.2.54 2007.12.05 W32/Heuristic-162!Eldorado
F-Secure 6.70.13030.0 2007.12.05 -
Ikarus T3.1.1.12 2007.12.05 Trojan-Downloader.Win32.Zlob.and
Kaspersky 7.0.0.125 2007.12.05 -
McAfee 5177 2007.12.04 New Malware.aj
Microsoft 1.3007 2007.12.05 -
NOD32v2 2703 2007.12.05 -
Norman 5.80.02 2007.12.04 W32/Suspicious_U.gen
Panda 9.0.0.4 2007.12.04 -
Prevx1 V2 2007.12.05 Generic.Malware
Rising 20.21.20.00 2007.12.05 -
Sophos 4.24.0 2007.12.05 Mal/Packer
Sunbelt 2.2.907.0 2007.12.05 VIPRE.Suspicious
Symantec 10 2007.12.05 -
TheHacker 6.2.9.150 2007.12.05 W32/Behav-Heuristic-060
VBA32 3.12.2.5 2007.12.04 -
VirusBuster 4.3.26:9 2007.12.04 Packed/Upack
Webwasher-Gateway 6.6.2 2007.12.05 Win32.Malware.gen (suspicious)

Добавлено через 22 минуты

File c.exe received on 12.03.2007 16:35:59 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 4/32 (12.5%)


Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - ADSPY/LordPatch.A
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious File With Outbound Communications
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Ad-Spyware.LordPatch.A

Добавлено через 27 минут

File bab.exe received on 11.19.2007 08:12:20 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 2/32 (6.25%)


Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - W32/Malware.AQMG
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - W32/Malware.AQMG
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -

Добавлено через 28 минут

File ul.exe received on 12.01.2007 08:24:10 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 8/32 (25%)

Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - TR/Gendal.134656
Authentium - - -
Avast - - -
AVG - - Generic7.FSV
BitDefender - - Trojan.Generic.69247
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - High threat detected
Fortinet - - W32/BBTN.A!tr
F-Prot - - -
F-Secure - - -
Ikarus - - Trojan.Generic
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - W32.MALWARE.GEN
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Trojan.Gendal.134656

Добавлено через 10 минут

File kayo.rar received on 12.05.2007 10:26:36 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 10/32 (31.25%)


Antivirus Version Last Update Result
AhnLab-V3 2007.12.5.0 2007.12.05 -
AntiVir 7.6.0.34 2007.12.05 -
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 -
AVG 7.5.0.503 2007.12.04 -
BitDefender 7.2 2007.12.05 Packer.Krunchy.A
CAT-QuickHeal 9.00 2007.12.04 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.12.05 -
DrWeb 4.44.0.09170 2007.12.04 -
eSafe 7.0.15.0 2007.12.04 Suspicious File
eTrust-Vet 31.3.5353 2007.12.05 -
Ewido 4.0 2007.12.04 -
FileAdvisor 1 2007.12.05 -
Fortinet 3.14.0.0 2007.12.05 -
F-Prot 4.4.2.54 2007.12.05 W32/Heuristic-162!Eldorado
F-Secure 6.70.13030.0 2007.12.05 -
Ikarus T3.1.1.12 2007.12.05 Packer.Krunchy.A
Kaspersky 7.0.0.125 2007.12.05 -
McAfee 5177 2007.12.04 -
Microsoft 1.3007 2007.12.05 -
NOD32v2 2703 2007.12.05 -
Norman 5.80.02 2007.12.04 -
Panda 9.0.0.4 2007.12.04 Suspicious file
Prevx1 V2 2007.12.05 Heuristic: Suspicious File With Covert Attributes
Rising 20.21.20.00 2007.12.05 -
Sophos 4.24.0 2007.12.05 Mal/EncPk-BP
Sunbelt 2.2.907.0 2007.12.05 -
Symantec 10 2007.12.05 -
TheHacker 6.2.9.150 2007.12.05 -
VBA32 3.12.2.5 2007.12.04 -
VirusBuster 4.3.26:9 2007.12.04 Packed/FRBR
Webwasher-Gateway 6.6.2 2007.12.05 Win32.Malware.gen (suspicious)

Добавлено через 4 минуты

File chong.exe received on 11.14.2007 03:26:51 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 7/32 (21.88%)
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - Generic9.STX
BitDefender - - -
CAT-QuickHeal - - (Suspicious) - DNAScan
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - W32/Malware.AZKM
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - W32/Malware.AZKM
Panda - - -
Prevx1 - - Heuristic: Suspicious Self Modifying EXE
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Win32.Malware.gen#PECompact (suspicious)

Добавлено через 52 секунды

File maker.exe received on 11.21.2007 03:48:22 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 1/32 (3.13%)
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Win32.ModifiedUPX.gen!90 (suspicious)

Добавлено через 4 минуты

File obra.exe received on 12.04.2007 20:25:35 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 8/32 (25%)
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - (Suspicious) - DNAScan
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - Low threat detected
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - Trojan-PWS.Win32.LdPinch.bjx
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - Generic.Malware
Rising - - -
Sophos - - -
Sunbelt - - VIPRE.Suspicious
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Win32.Malware.gen#PECompact!92 (suspicious)

Добавлено через 1 минуту

File mader.exe received on 11.10.2007 16:55:53 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 7/32 (21.88%)

Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - (Suspicious) - DNAScan
ClamAV - - -
DrWeb - - -
eSafe - - SuspiciousR-Mytob3
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - Backdoor.Win32.IRCBot.az
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - W32/Behav-Heuristic-065
VBA32 - - -
VirusBuster - - Packed/MoleBox
Webwasher-Gateway - - Win32.Malware.gen (suspicious)
Additional information

Surfer
05.12.2007, 17:34
OMFG...

Ultima Weapon plz, post only real malware in this thread.

for example EvID4226.exe is not malware, it is only patch for tcp/ip for p2p networks...

%)

sergio342
05.12.2007, 20:52
Файл startdrv.exe получен 2007.12.05 18:42:02 (CET)
Был пойман эвристикой KIS7.125 как Troyan.Generic

Антивирус Версия Обновление Результат
AhnLab-V3 2007.12.5.0 2007.12.05 -
AntiVir 7.6.0.34 2007.12.05 -
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 -
AVG 7.5.0.503 2007.12.05 -
BitDefender 7.2 2007.12.05 -
CAT-QuickHeal 9.00 2007.12.05 -
ClamAV 0.91.2 2007.12.05 -
DrWeb 4.44.0.09170 2007.12.05 -
eSafe 7.0.15.0 2007.12.05 -
eTrust-Vet 31.3.5352 2007.12.05 -
Ewido 4.0 2007.12.05 -
FileAdvisor 1 2007.12.05 -
Fortinet 3.14.0.0 2007.12.05 -
F-Prot 4.4.2.54 2007.12.05 -
F-Secure 6.70.13030.0 2007.12.05 -
Ikarus T3.1.1.12 2007.12.05 -
Kaspersky 7.0.0.125 2007.12.05 Trojan.Win32.Agent.dei
McAfee 5178 2007.12.05 -
Microsoft 1.3007 2007.12.05 -
NOD32v2 2704 2007.12.05 -
Norman 5.80.02 2007.12.05 -
Panda 9.0.0.4 2007.12.04 -
Prevx1 V2 2007.12.05 -
Rising 20.21.20.00 2007.12.05 -
Sophos 4.24.0 2007.12.05 Mal/Dropper-O
Sunbelt 2.2.907.0 2007.12.05 -
Symantec 10 2007.12.05 -
TheHacker 6.2.9.150 2007.12.05 -
VBA32 3.12.2.5 2007.12.04 -
VirusBuster 4.3.26:9 2007.12.05 -
Webwasher-Gateway 6.6.2 2007.12.05 -

Ultima Weapon
06.12.2007, 08:21
File cmdow.zip received on 12.05.2007 20:09:17 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 13/32 (40.63%)


Antivirus Version Last Update Result
AhnLab-V3 2007.12.6.0 2007.12.05 -
AntiVir 7.6.0.34 2007.12.05 -
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 -
AVG 7.5.0.503 2007.12.05 Potentially harmful program HideExec.BD
BitDefender 7.2 2007.12.05 -
CAT-QuickHeal 9.00 2007.12.05 RiskTool.HideWindows (Not a Virus)
ClamAV 0.91.2 2007.12.05 -
DrWeb 4.44.0.09170 2007.12.05 -
eSafe 7.0.15.0 2007.12.05 -
eTrust-Vet 31.3.5353 2007.12.05 -
Ewido 4.0 2007.12.05 -
FileAdvisor 1 2007.12.05 -
Fortinet 3.14.0.0 2007.12.05 HackerTool/HideWindows
F-Prot 4.4.2.54 2007.12.05 W32/HackToolX.DY
F-Secure 6.70.13030.0 2007.12.05 -
Ikarus T3.1.1.12 2007.12.05 not-a-virus:RiskTool.Win32.HideWindows
Kaspersky 7.0.0.125 2007.12.05 not-a-virus:RiskTool.Win32.HideWindows
McAfee 5178 2007.12.05 potentially unwanted program Tool-HideWindow
Microsoft 1.3007 2007.12.05 -
NOD32v2 2701 2007.12.05 Win32/CMDOW.143
Norman 5.80.02 2007.12.05 -
Panda 9.0.0.4 2007.12.04 Application/HideWindow.S
Prevx1 V2 2007.12.05 -
Rising 20.21.20.00 2007.12.05 -
Sophos 4.24.0 2007.12.05 HideWindow
Sunbelt 2.2.907.0 2007.12.05 Trojan.HideWindow
Symantec 10 2007.12.05 -
TheHacker 6.2.9.150 2007.12.05 Aplicacion/HideWindows
VBA32 3.12.2.5 2007.12.04 -
VirusBuster 4.3.26:9 2007.12.05 -
Webwasher-Gateway 6.6.2 2007.12.05 Riskware.HideWindows.I

Добавлено через 39 минут

File avz_2200_2.cab received on 12.05.2007 20:47:22 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 15/32 (46.88%)


Antivirus Version Last Update Result
AhnLab-V3 2007.12.6.0 2007.12.05 -
AntiVir 7.6.0.34 2007.12.05 TR/Hijack.Explor.4284
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 Win32:Avtest
AVG 7.5.0.503 2007.12.05 Downloader.Delf.LY
BitDefender 7.2 2007.12.05 BehavesLike:Win32ExplorerHijack
CAT-QuickHeal 9.00 2007.12.05 -
ClamAV 0.91.2 2007.12.05 -
DrWeb 4.44.0.09170 2007.12.05 Trojan.MulDrop.9781
eSafe 7.0.15.0 2007.12.05 Win32.Delf.adw
eTrust-Vet 31.3.5353 2007.12.05 -
Ewido 4.0 2007.12.05 -
FileAdvisor 1 2007.12.05 -
Fortinet 3.14.0.0 2007.12.05 -
F-Prot 4.4.2.54 2007.12.05 -
F-Secure 6.70.13030.0 2007.12.05 W32/Downloader.AJC
Ikarus T3.1.1.12 2007.12.05 BehavesLikeWin32.ExplorerHijack
Kaspersky 7.0.0.125 2007.12.05 Heur.Invader
McAfee 5178 2007.12.05 -
Microsoft 1.3007 2007.12.05 TrojanDownloader:Win32/Delf
NOD32v2 2704 2007.12.05 probably unknown NewHeur_PE virus
Norman 5.80.02 2007.12.05 -
Panda 9.0.0.4 2007.12.04 Suspicious file
Prevx1 V2 2007.12.05 Generic.Malware
Rising 20.21.20.00 2007.12.05 -
Sophos 4.24.0 2007.12.05 -
Sunbelt 2.2.907.0 2007.12.05 -
Symantec 10 2007.12.05 -
TheHacker 6.2.9.150 2007.12.05 -
VBA32 3.12.2.5 2007.12.04 suspected of Win32.Trojan.Downloader (http://...)
VirusBuster 4.3.26:9 2007.12.05 -
Webwasher-Gateway 6.6.2 2007.12.05 Trojan.Hijack.Explor.4284

Добавлено через 43 минуты

File SSINSTALLER_124.zip received on 12.05.2007 21:24:16 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 8/32 (25%)


Antivirus Version Last Update Result
AhnLab-V3 2007.12.6.0 2007.12.05 -
AntiVir 7.6.0.34 2007.12.05 ADSPY/SafeSurf
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 -
AVG 7.5.0.503 2007.12.05 -
BitDefender 7.2 2007.12.05 Trojan.Generic.75414
CAT-QuickHeal 9.00 2007.12.05 -
ClamAV 0.91.2 2007.12.05 -
DrWeb 4.44.0.09170 2007.12.05 -
eSafe 7.0.15.0 2007.12.05 -
eTrust-Vet 31.3.5353 2007.12.05 -
Ewido 4.0 2007.12.05 -
FileAdvisor 1 2007.12.05 -
Fortinet 3.14.0.0 2007.12.05 Spy/SafeSurf
F-Prot 4.4.2.54 2007.12.05 -
F-Secure 6.70.13030.0 2007.12.05 -
Ikarus T3.1.1.12 2007.12.05 -
Kaspersky 7.0.0.125 2007.12.05 -
McAfee 5178 2007.12.05 -
Microsoft 1.3007 2007.12.05 -
NOD32v2 2704 2007.12.05 -
Norman 5.80.02 2007.12.05 -
Panda 9.0.0.4 2007.12.05 Spyware/SafeSurf
Prevx1 V2 2007.12.05 Generic.Malware
Rising 20.21.20.00 2007.12.05 -
Sophos 4.24.0 2007.12.05 -
Sunbelt 2.2.907.0 2007.12.05 SafeSurfing
Symantec 10 2007.12.05 -
TheHacker 6.2.9.151 2007.12.05 -
VBA32 3.12.2.5 2007.12.05 -
VirusBuster 4.3.26:9 2007.12.05 Trojan.DL.Istbar.Gen.1
Webwasher-Gateway 6.6.2 2007.12.05 Ad-Spyware.SafeSurf

Добавлено через 8 часов 43 минуты

File DLD.exe received on 11.21.2007 09:14:16 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 2/32 (6.25%)


Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - BACKDOOR.Trojan
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious Hijacker
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -

Shu_b
06.12.2007, 08:28
t-14879
File abcB812.tmp received on 12.06.2007 06:05:57 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.6.0 2007.12.06 -
AntiVir 7.6.0.34 2007.12.05 Worm/Ntech.W
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 -
AVG 7.5.0.503 2007.12.06 Downloader.Agent.14.C
BitDefender 7.2 2007.12.06 Trojan.Kobcka.BC
CAT-QuickHeal 9.00 2007.12.05 Trojan.Pakes.brf
ClamAV 0.91.2 2007.12.06 -
DrWeb 4.44.0.09170 2007.12.05 -
eSafe 7.0.15.0 2007.12.05 -
eTrust-Vet 31.3.5355 2007.12.05 -
Ewido 4.0 2007.12.05 -
FileAdvisor 1 2007.12.06 -
Fortinet 3.14.0.0 2007.12.06 -
F-Prot 4.4.2.54 2007.12.05 -
F-Secure 6.70.13030.0 2007.12.06 Trojan.Win32.Pakes.brf
Ikarus T3.1.1.12 2007.12.06 Trojan.Win32.Pakes.brf
Kaspersky 7.0.0.125 2007.12.06 Trojan.Win32.Pakes.brf
McAfee 5178 2007.12.05 -
Microsoft 1.3007 2007.12.06 TrojanDropper:Win32/Cutwail.R
NOD32v2 2705 2007.12.05 Win32/Agent.NNK
Norman 5.80.02 2007.12.05 W32/Smalltroj.BOJA
Panda 9.0.0.4 2007.12.05 -
Prevx1 V2 2007.12.06 -
Rising 20.21.22.00 2007.12.06 -
Sophos 4.24.0 2007.12.06 -
Sunbelt 2.2.907.0 2007.12.05 -
Symantec 10 2007.12.06 -
TheHacker 6.2.9.151 2007.12.05 -
VBA32 3.12.2.5 2007.12.05 Trojan.Win32.Pakes.brf
VirusBuster 4.3.26:9 2007.12.05 Trojan.DR.Pandex.Gen.1
Webwasher-Gateway 6.6.2 2007.12.05 Worm.Ntech.W
Additional information
File size: 20480 bytes

File rt26.exe received on 12.06.2007 06:10:27 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.6.0 2007.12.06 -
AntiVir 7.6.0.34 2007.12.05 -
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 -
AVG 7.5.0.503 2007.12.06 -
BitDefender 7.2 2007.12.06 -
CAT-QuickHeal 9.00 2007.12.05 -
ClamAV 0.91.2 2007.12.06 -
DrWeb 4.44.0.09170 2007.12.05 -
eSafe 7.0.15.0 2007.12.05 -
eTrust-Vet 31.3.5355 2007.12.05 -
Ewido 4.0 2007.12.05 -
FileAdvisor 1 2007.12.06 -
Fortinet 3.14.0.0 2007.12.06 -
F-Prot 4.4.2.54 2007.12.05 -
F-Secure 6.70.13030.0 2007.12.06 -
Ikarus T3.1.1.12 2007.12.06 Virus.Win32.Zapchast.DA
Kaspersky 7.0.0.125 2007.12.06 Trojan-PSW.Win32.LdPinch.ejl
McAfee 5178 2007.12.05 -
Microsoft 1.3007 2007.12.06 -
NOD32v2 2705 2007.12.05 -
Norman 5.80.02 2007.12.05 -
Panda 9.0.0.4 2007.12.05 -
Prevx1 V2 2007.12.06 -
Rising 20.21.22.00 2007.12.06 Trojan.DL.Win32.Agent.bxw
Sophos 4.24.0 2007.12.06 Mal/Dropper-T
Sunbelt 2.2.907.0 2007.12.05 -
Symantec 10 2007.12.06 -
TheHacker 6.2.9.151 2007.12.05 -
VBA32 3.12.2.5 2007.12.05 -
VirusBuster 4.3.26:9 2007.12.05 -
Webwasher-Gateway 6.6.2 2007.12.05 -
Additional information
File size: 52224 bytes

Ultima Weapon
06.12.2007, 08:30
File change.exe received on 12.06.2007 06:22:16 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2007.12.6.0 2007.12.06 -
AntiVir 7.6.0.34 2007.12.05 -
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 -
AVG 7.5.0.503 2007.12.06 -
BitDefender 7.2 2007.12.06 -
CAT-QuickHeal 9.00 2007.12.05 -
ClamAV 0.91.2 2007.12.06 -
DrWeb 4.44.0.09170 2007.12.05 -
eSafe 7.0.15.0 2007.12.05 suspicious Trojan/Worm
eTrust-Vet 31.3.5355 2007.12.05 -
Ewido 4.0 2007.12.05 -
FileAdvisor 1 2007.12.06 -
Fortinet 3.14.0.0 2007.12.06 -
F-Prot 4.4.2.54 2007.12.05 -
F-Secure 6.70.13030.0 2007.12.06 -
Ikarus T3.1.1.12 2007.12.06 -
Kaspersky 7.0.0.125 2007.12.06 -
McAfee 5178 2007.12.05 -
Microsoft 1.3007 2007.12.06 -
NOD32v2 2705 2007.12.05 -
Norman 5.80.02 2007.12.05 -
Panda 9.0.0.4 2007.12.05 -
Prevx1 V2 2007.12.06 -
Rising 20.21.22.00 2007.12.06 -
Sophos 4.24.0 2007.12.06 -
Sunbelt 2.2.907.0 2007.12.05 VIPRE.Suspicious
Symantec 10 2007.12.06 -
TheHacker 6.2.9.151 2007.12.05 -
VBA32 3.12.2.5 2007.12.05 -
VirusBuster 4.3.26:9 2007.12.05 -
Webwasher-Gateway 6.6.2 2007.12.05 Win32.Malware.gen#UPX!92 (suspicious)

Shu_b
06.12.2007, 08:42
You do not know where to receive the report for the publication?
Look -

Ultima Weapon
06.12.2007, 09:28
File fi.exe received on 12.05.2007 06:59:45 (CET)
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - KillAV.FF
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - Spy/Agent
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Additional information
MD5: 239421fb8dde79a54e86bca3ef4868ac

rubin
06.12.2007, 21:51
Файл avz00001.dta получен 2007.12.06 19:38:20 (CET)

AhnLab-V3 2007.12.7.0 2007.12.06 Win-Trojan/Xema.variant
AntiVir 7.6.0.34 2007.12.06 TR/Dldr.Vb.ANF.104
Authentium 4.93.8 2007.12.05 W32/Downldr2.URL
Avast 4.7.1098.0 2007.12.05 -
AVG 7.5.0.503 2007.12.06 Downloader.Generic4.KWJ
BitDefender 7.2 2007.12.06 Trojan.Downloader.Vb.ANF
CAT-QuickHeal 9.00 2007.12.06 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.12.06 PUA.Packed.Expressor
DrWeb 4.44.0.09170 2007.12.06 Trojan.DownLoader.15237
eSafe 7.0.15.0 2007.12.06 Suspicious File
eTrust-Vet 31.3.5356 2007.12.06 -
Ewido 4.0 2007.12.06 -
FileAdvisor 1 2007.12.06 High threat detected
Fortinet 3.14.0.0 2007.12.06 PossibleThreat
F-Prot 4.4.2.54 2007.12.05 W32/Downldr2.URL
F-Secure 6.70.13030.0 2007.12.06 -
Ikarus T3.1.1.12 2007.12.06 Backdoor.Win32.Hupigon.mrv
Kaspersky 7.0.0.125 2007.12.06 -
McAfee 5179 2007.12.06 New Malware.dq
Microsoft 1.3007 2007.12.06 Worm:Win32/VB
NOD32v2 2707 2007.12.06 Win32/TrojanDownloader.VB.ANF
Norman 5.80.02 2007.12.06 -
Panda 9.0.0.4 2007.12.06 Trj/QQPass.QV
Prevx1 V2 2007.12.06 Heuristic: Suspicious File With Code Injection Technology
Rising 20.21.32.00 2007.12.06 Trojan.DL.VB.dpl
Sophos 4.24.0 2007.12.06 Mal/Behav-160
Sunbelt 2.2.907.0 2007.12.05 Trojan-Downloader.Vb.ANF
Symantec 10 2007.12.06 W32.SillyFDC
TheHacker 6.2.9.151 2007.12.05 -
VBA32 3.12.2.5 2007.12.05 Trojan-Downloader.Win32.VB.anf
VirusBuster 4.3.26:9 2007.12.06 Packed/eXPressor
Webwasher-Gateway 6.6.2 2007.12.06 Trojan.Dldr.Vb.ANF.104

Дополнительная информация
File size: 22044 bytes
MD5: 477f7953da0469d65efd95f84e4bb0dc
SHA1: 30f811ac2fc90ea2d59fa8d20e44fa11f8fa9c2b
PEiD: eXPressor v1.3 -> CGSoftLabs (h)
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=477f7953da0469d65efd95f84e4bb0dc
packers: Expressor
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=523D110E1CAD74D056CE0031D8FA6C000 93D066E

zorro84
07.12.2007, 08:06
Файл PICT0038470.zip получен 2007.12.07 05:47:24 (CET)
Результат: 8/32 (25%)

Антивирус Версия Обновление Результат
AhnLab-V3 2007.12.7.0 2007.12.07 -
AntiVir 7.6.0.34 2007.12.06 -
Authentium 4.93.8 2007.12.06 -
Avast 4.7.1098.0 2007.12.06 -
AVG 7.5.0.503 2007.12.07 Obfustat.AARZ
BitDefender 7.2 2007.12.07 Trojan.Downloader.Agent.YVP
CAT-QuickHeal 9.00 2007.12.06 -
ClamAV 0.91.2 2007.12.07 -
DrWeb 4.44.0.09170 2007.12.06 Trojan.MulDrop.9716
eSafe 7.0.15.0 2007.12.06 -
eTrust-Vet 31.3.5358 2007.12.07 -
Ewido 4.0 2007.12.06 -
FileAdvisor 1 2007.12.07 -
Fortinet 3.14.0.0 2007.12.06 -
F-Prot 4.4.2.54 2007.12.06 -
F-Secure 6.70.13030.0 2007.12.07 Trojan-PSW.Win32.LdPinch.eim
Ikarus T3.1.1.12 2007.12.07 -
Kaspersky 7.0.0.125 2007.12.07 Trojan-PSW.Win32.LdPinch.eim
McAfee 5179 2007.12.06 -
Microsoft 1.3007 2007.12.07 -
NOD32v2 2708 2007.12.07 -
Norman 5.80.02 2007.12.06 W32/Malware.AHSU.dropper
Panda 9.0.0.4 2007.12.06 -
Prevx1 V2 2007.12.07 -
Rising 20.21.32.00 2007.12.06 -
Sophos 4.24.0 2007.12.07 -
Sunbelt 2.2.907.0 2007.12.07 -
Symantec 10 2007.12.07 -
TheHacker 6.2.9.152 2007.12.07 -
VBA32 3.12.2.5 2007.12.05 MalwareScope.Trojan-PSW.Pinch.1
VirusBuster 4.3.26:9 2007.12.06 Trojan.DR.LdPinch.CCL
Webwasher-Gateway 6.6.2 2007.12.06 -

Дополнительная информация
File size: 92275 bytes
MD5: bfb62a7151a4aa1cb5aaeab569858e03
SHA1: fc3bbbce71e60d508c5577a70e37c8a505f25166

santy
13.12.2007, 09:22
File ntos.exe received on 12.13.2007 07:05:07 (CET)
Result: 8/32 (25%)
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - TR/Crypt.XPACK.Gen
Authentium - - -
Avast - - -
AVG - - Pakes_c.GD
BitDefender - - Trojan.Spy.Agent.NLL
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - Trojan.Proxy.2071
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Trj/Wsnpoem.NI
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - VIPRE.Suspicious
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - TrojanSpy.ZBot.Gen!Pac.3
Webwasher-Gateway - - Trojan.Crypt.XPACK.Gen
Additional information
MD5: e46d907a7bc952e60910dec6c906d443

Shu_b
13.12.2007, 11:07
другой ntos.exe


received on 12.11.2007 13:19:22 (CET)
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - Infostealer.Notos!gen
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Virus.Win32.FileInfector.gen (suspicious)
Additional information
MD5: ec43197aed08fa5ade6f3853341a96fe
прошло два дня...
received on 12.13.2007 08:54:08 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.13.10 2007.12.12 -
AntiVir 7.6.0.40 2007.12.13 TR/Rkit.WsnPoem
Authentium 4.93.8 2007.12.13 -
Avast 4.7.1098.0 2007.12.12 -
AVG 7.5.0.503 2007.12.12 Pakes_c.FU
BitDefender 7.2 2007.12.13 -
CAT-QuickHeal 9.00 2007.12.12 TrojanSpy.Zbot.ej
ClamAV 0.91.2 2007.12.12 -
DrWeb 4.44.0.09170 2007.12.12 -
eSafe 7.0.15.0 2007.12.12 -
eTrust-Vet 31.3.5373 2007.12.13 -
Ewido 4.0 2007.12.12 -
FileAdvisor 1 2007.12.13 -
Fortinet 3.14.0.0 2007.12.13 Spy/Zbot
F-Prot 4.4.2.54 2007.12.12 -
F-Secure 6.70.13030.0 2007.12.13 Trojan-Spy.Win32.Zbot.ej
Ikarus T3.1.1.12 2007.12.13 Trojan-Spy.Win32.Zbot.ej
Kaspersky 7.0.0.125 2007.12.13 Trojan-Spy.Win32.Zbot.ej
McAfee 5184 2007.12.12 -
Microsoft 1.3007 2007.12.13 -
NOD32v2 2720 2007.12.12 -
Norman 5.80.02 2007.12.12 -
Panda 9.0.0.4 2007.12.12 Trj/Wsnpoem.NI
Prevx1 V2 2007.12.13 -
Rising 20.22.30.00 2007.12.13 -
Sophos 4.24.0 2007.12.13 -
Sunbelt 2.2.907.0 2007.12.13 -
Symantec 10 2007.12.13 Infostealer.Notos!gen
TheHacker 6.2.9.157 2007.12.12 Trojan/Spy.Zbot.ej
VBA32 3.12.2.5 2007.12.10 -
VirusBuster 4.3.26:9 2007.12.12 -
Webwasher-Gateway 6.6.2 2007.12.13 Trojan.Rkit.WsnPoem
Additional information
File size: 436224 bytes
MD5: ec43197aed08fa5ade6f3853341a96fe

Shu_b
14.12.2007, 13:53
эвона как бывает....


File avz00004.dta received on 12.12.2007 15:43:24 (CET)
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - Trojan.PWS.Mailspy.origin
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Additional information
MD5: dbdc82a265e16e784d0a4e97ce515e01
прошло два дня...
File avz00004.dta received on 12.14.2007 07:27:01 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.14.10 2007.12.13 -
AntiVir 7.6.0.45 2007.12.13 -
Authentium 4.93.8 2007.12.13 -
Avast 4.7.1098.0 2007.12.13 -
AVG 7.5.0.503 2007.12.13 -
BitDefender 7.2 2007.12.14 -
CAT-QuickHeal 9.00 2007.12.13 -
ClamAV 0.91.2 2007.12.13 -
DrWeb 4.44.0.09170 2007.12.13 Trojan.PWS.Mailspy.origin
eSafe 7.0.15.0 2007.12.13 -
eTrust-Vet 31.3.5374 2007.12.13 -
Ewido 4.0 2007.12.13 -
FileAdvisor 1 2007.12.14 -
Fortinet 3.14.0.0 2007.12.14 -
F-Prot 4.4.2.54 2007.12.13 -
F-Secure 6.70.13030.0 2007.12.14 -
Ikarus T3.1.1.15 2007.12.14 -
Kaspersky 7.0.0.125 2007.12.14 Trojan-Proxy.Win32.Agent.ul
McAfee 5185 2007.12.13 -
Microsoft 1.3109 2007.12.14 -
NOD32v2 2722 2007.12.14 -
Norman 5.80.02 2007.12.13 -
Panda 9.0.0.4 2007.12.14 -
Prevx1 V2 2007.12.14 -
Rising 20.22.40.00 2007.12.14 -
Sophos 4.24.0 2007.12.14 -
Sunbelt 2.2.907.0 2007.12.14 -
Symantec 10 2007.12.14 -
TheHacker 6.2.9.159 2007.12.14 -
VBA32 3.12.2.5 2007.12.14 -
VirusBuster 4.3.26:9 2007.12.13 -
Webwasher-Gateway 6.6.2 2007.12.14 -
Additional information
File size: 241664 bytes
MD5: dbdc82a265e16e784d0a4e97ce515e01
SHA1: 9c990d0b3d3078fa4b40f8783ef431bad3429e54
PEiD: -

Добавлено через 4 часа 21 минуту

t-15259
Вроде пара, а детектируются совсем не одинаково...

File vp7vmcia.exe received on 12.14.2007 11:43:10 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.14.11 2007.12.14 -
AntiVir 7.6.0.45 2007.12.14 -
Authentium 4.93.8 2007.12.13 -
Avast 4.7.1098.0 2007.12.13 Win32:Warezov-CLK
AVG 7.5.0.503 2007.12.13 I-Worm/Stration
BitDefender 7.2 2007.12.14 [email protected]
CAT-QuickHeal 9.00 2007.12.13 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.12.14 -
DrWeb 4.44.0.09170 2007.12.14 Win32.HLLM.Limar
eSafe 7.0.15.0 2007.12.13 Suspicious File
eTrust-Vet 31.3.5375 2007.12.14 -
Ewido 4.0 2007.12.13 -
FileAdvisor 1 2007.12.14 -
Fortinet 3.14.0.0 2007.12.14 -
F-Prot 4.4.2.54 2007.12.13 W32/Heuristic-162!Eldorado
F-Secure 6.70.13030.0 2007.12.14 W32/Viking.EQ
Ikarus T3.1.1.15 2007.12.14 Backdoor.Win32.Rbot.AJU
Kaspersky 7.0.0.125 2007.12.14 Email-Worm.Win32.Warezov.gen
McAfee 5185 2007.12.13 New Malware.n
Microsoft 1.3109 2007.12.14 -
NOD32v2 2722 2007.12.14 a variant of Win32/Stration.ABD
Norman 5.80.02 2007.12.13 W32/Suspicious_U.gen
Panda 9.0.0.4 2007.12.14 W32/Spamta.ADQ.worm
Prevx1 V2 2007.12.14 -
Rising 20.22.41.00 2007.12.14 Worm.Mail.Warezov.cj
Sophos 4.24.0 2007.12.14 Mal/EncPk-BW
Sunbelt 2.2.907.0 2007.12.14 VIPRE.Suspicious
Symantec 10 2007.12.14 -
TheHacker 6.2.9.159 2007.12.14 W32/Behav-Heuristic-060
VBA32 3.12.2.5 2007.12.14 -
VirusBuster 4.3.26:9 2007.12.13 Packed/Upack
Webwasher-Gateway 6.6.2 2007.12.14 Packer.UPACK
Additional information
File size: 93769 bytes
MD5: 34eff679d5d09d0e466dfb86d62f486f
SHA1: f1a3ebd40ae65a534ce9186b3490acedbe77fb18
PEiD: -
packers: PE_Patch, UPack
File vp7vmcia.dll received on 12.14.2007 11:43:21 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.14.11 2007.12.14 Win32/Stration.worm.Gen
AntiVir 7.6.0.45 2007.12.14 -
Authentium 4.93.8 2007.12.13 W32/Warezov.gen4
Avast 4.7.1098.0 2007.12.13 Win32:Warezov-CRX
AVG 7.5.0.503 2007.12.13 I-Worm/Stration
BitDefender 7.2 2007.12.14 Generic.Stration.BF196041
CAT-QuickHeal 9.00 2007.12.13 -
ClamAV 0.91.2 2007.12.14 -
DrWeb 4.44.0.09170 2007.12.14 Win32.HLLM.Limar
eSafe 7.0.15.0 2007.12.13 Suspicious File
eTrust-Vet 31.3.5375 2007.12.14 -
Ewido 4.0 2007.12.13 -
FileAdvisor 1 2007.12.14 -
Fortinet 3.14.0.0 2007.12.14 -
F-Prot 4.4.2.54 2007.12.13 W32/Warezov.gen4
F-Secure 6.70.13030.0 2007.12.14 -
Ikarus T3.1.1.15 2007.12.14 -
Kaspersky 7.0.0.125 2007.12.14 -
McAfee 5185 2007.12.13 -
Microsoft 1.3109 2007.12.14 Trojan:Win32/Stration.F!dll
NOD32v2 2722 2007.12.14 -
Norman 5.80.02 2007.12.13 -
Panda 9.0.0.4 2007.12.14 -
Prevx1 V2 2007.12.14 -
Rising 20.22.41.00 2007.12.14 -
Sophos 4.24.0 2007.12.14 W32/Strati-Gen
Sunbelt 2.2.907.0 2007.12.14 -
Symantec 10 2007.12.14 -
TheHacker 6.2.9.159 2007.12.14 -
VBA32 3.12.2.5 2007.12.14 -
VirusBuster 4.3.26:9 2007.12.13 -
Webwasher-Gateway 6.6.2 2007.12.14 -
Additional information
File size: 118784 bytes
MD5: c46a64349de797bd24a689ee0b774af6
SHA1: e2683a98a513aabc92bf5a4a294d4be40586109a
PEiD: -

t-15272
File avz00004__1_._ta received on 12.14.2007 14:28:19 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.14.11 2007.12.14 -
AntiVir 7.6.0.45 2007.12.14 -
Authentium 4.93.8 2007.12.13 -
Avast 4.7.1098.0 2007.12.13 -
AVG 7.5.0.503 2007.12.14 -
BitDefender 7.2 2007.12.14 -
CAT-QuickHeal 9.00 2007.12.13 -
ClamAV 0.91.2 2007.12.14 -
DrWeb 4.44.0.09170 2007.12.14 Trojan.BhoSpy.origin
eSafe 7.0.15.0 2007.12.13 suspicious Trojan/Worm
eTrust-Vet 31.3.5375 2007.12.14 -
Ewido 4.0 2007.12.14 -
FileAdvisor 1 2007.12.14 -
Fortinet 3.14.0.0 2007.12.14 -
F-Prot 4.4.2.54 2007.12.13 -
F-Secure 6.70.13030.0 2007.12.14 -
Ikarus T3.1.1.15 2007.12.14 Trojan.Win32.BHO.d
Kaspersky 7.0.0.125 2007.12.14 -
McAfee 5185 2007.12.13 -
Microsoft 1.3109 2007.12.14 Trojan:Win32/Adclicker.AO
NOD32v2 2723 2007.12.14 -
Norman 5.80.02 2007.12.13 -
Panda 9.0.0.4 2007.12.14 -
Prevx1 V2 2007.12.14 -
Rising 20.22.41.00 2007.12.14 -
Sophos 4.24.0 2007.12.14 -
Sunbelt 2.2.907.0 2007.12.14 -
Symantec 10 2007.12.14 Trojan.Adclicker
TheHacker 6.2.9.159 2007.12.14 -
VBA32 3.12.2.5 2007.12.14 -
VirusBuster 4.3.26:9 2007.12.13 -
Webwasher-Gateway 6.0.1 2007.12.14 -
Additional information
File size: 25600 bytes
MD5: bc4efbf73eafc728fe58fc2636c5b87a
SHA1: bd9e8c3a1ef447aa38d16746c3b47f95c14de725
PEiD: -
packers: UPX
File avz00005__1_._ta received on 12.14.2007 14:30:27 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.14.11 2007.12.14 -
AntiVir 7.6.0.45 2007.12.14 -
Authentium 4.93.8 2007.12.13 -
Avast 4.7.1098.0 2007.12.13 Win32:Trojan-gen {Other}
AVG 7.5.0.503 2007.12.14 -
BitDefender 7.2 2007.12.14 Trojan.Agent.AFJP
CAT-QuickHeal 9.00 2007.12.13 -
ClamAV 0.91.2 2007.12.14 -
DrWeb 4.44.0.09170 2007.12.14 Trojan.Inject.363
eSafe 7.0.15.0 2007.12.13 -
eTrust-Vet 31.3.5375 2007.12.14 -
Ewido 4.0 2007.12.14 -
FileAdvisor 1 2007.12.14 High threat detected
Fortinet 3.14.0.0 2007.12.14 -
F-Prot 4.4.2.54 2007.12.13 -
F-Secure 6.70.13030.0 2007.12.14 -
Ikarus T3.1.1.15 2007.12.14 Virus.Win32.Trojan
Kaspersky 7.0.0.125 2007.12.14 -
McAfee 5185 2007.12.13 -
Microsoft 1.3109 2007.12.14 -
NOD32v2 2723 2007.12.14 -
Norman 5.80.02 2007.12.13 -
Panda 9.0.0.4 2007.12.14 Trj/Inject.O
Prevx1 V2 2007.12.14 -
Rising 20.22.41.00 2007.12.14 Trojan.Win32.Inject.dg
Sophos 4.24.0 2007.12.14 -
Sunbelt 2.2.907.0 2007.12.14 -
Symantec 10 2007.12.14 Trojan.Farfli
TheHacker 6.2.9.159 2007.12.14 -
VBA32 3.12.2.5 2007.12.14 -
VirusBuster 4.3.26:9 2007.12.13 -
Webwasher-Gateway 6.0.1 2007.12.14 -
Additional information
File size: 3072 bytes
MD5: 8651fab023f6fbd1b02428ce2889e9e4

rubin
16.12.2007, 18:18
Файл avz00001.dta получен 2007.12.16 16:11:03 (CET)

AhnLab-V3 2007.12.15.10 2007.12.14 -
AntiVir 7.6.0.45 2007.12.16 TR/Dldr.Delf.djm
Authentium 4.93.8 2007.12.16 -
Avast 4.7.1098.0 2007.12.16 -
AVG 7.5.0.503 2007.12.16 Downloader.Generic6.ZTJ
BitDefender 7.2 2007.12.16 -
CAT-QuickHeal 9.00 2007.12.15 -
ClamAV 0.91.2 2007.12.16 -
DrWeb 4.44.0.09170 2007.12.16 -
eSafe 7.0.15.0 2007.12.13 -
eTrust-Vet 31.3.5377 2007.12.15 -
Ewido 4.0 2007.12.16 -
FileAdvisor 1 2007.12.16 -
Fortinet 3.14.0.0 2007.12.16 -
F-Prot 4.4.2.54 2007.12.16 W32/Backdoor2.ATN
F-Secure 6.70.13030.0 2007.12.16 Trojan-Downloader.Win32.Delf.djm
Ikarus T3.1.1.15 2007.12.16 Trojan-Downloader.Win32.Delf.djm
Kaspersky 7.0.0.125 2007.12.16 Trojan-Downloader.Win32.Delf.djm
McAfee 5186 2007.12.14 -
Microsoft 1.3109 2007.12.16 Trojan:Win32/Delflob.D
NOD32v2 2723 2007.12.14 Win32/Adware.IeDefender
Norman 5.80.02 2007.12.13 -
Panda 9.0.0.4 2007.12.16 Adware/VideoDecoder
Prevx1 V2 2007.12.16 -
Rising 20.22.41.00 2007.12.14 -
Sophos 4.24.0 2007.12.15 Mal/Emogen-N
Sunbelt 2.2.907.0 2007.12.15 -
Symantec 10 2007.12.15 -
TheHacker 6.2.9.160 2007.12.14 -
VBA32 3.12.2.5 2007.12.15 -
VirusBuster 4.3.26:9 2007.12.16 -
Webwasher-Gateway 6.6.2 2007.12.16 -

Дополнительная информация
File size: 222208 bytes
MD5: c7c05b733e1db6c2ee9d847b7296a0ab
SHA1: 368759f675f0066375e4fd0b45309ddde8afabc4
PEiD: ASPack v2.12 -> Alexey Solodovnikov
packers: ASPack

Shu_b
17.12.2007, 10:43
t-15367
File svchost.exe received on 12.17.2007 06:13:11 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.17.10 2007.12.17 -
AntiVir 7.6.0.45 2007.12.16 TR/Rootkit.Gen
Authentium 4.93.8 2007.12.16 -
Avast 4.7.1098.0 2007.12.16 -
AVG 7.5.0.503 2007.12.16 -
BitDefender 7.2 2007.12.17 -
CAT-QuickHeal 9.00 2007.12.15 -
ClamAV 0.91.2 2007.12.17 -
DrWeb 4.44.0.09170 2007.12.16 BackDoor.PifPaf.origin
eSafe 7.0.15.0 2007.12.16 -
eTrust-Vet 31.3.5377 2007.12.15 Win32/Unknown
Ewido 4.0 2007.12.16 -
FileAdvisor 1 2007.12.17 -
Fortinet 3.14.0.0 2007.12.17 -
F-Prot 4.4.2.54 2007.12.17 -
F-Secure 6.70.13030.0 2007.12.17 Backdoor.Win32.IRCBot.avf
Ikarus T3.1.1.15 2007.12.17 -
Kaspersky 7.0.0.125 2007.12.17 Backdoor.Win32.IRCBot.avf
McAfee 5186 2007.12.14 -
Microsoft 1.3109 2007.12.17 -
NOD32v2 2723 2007.12.14 -
Norman 5.80.02 2007.12.13 -
Panda 9.0.0.4 2007.12.16 Suspicious file
Prevx1 V2 2007.12.17 Heuristic: Suspicious Self Modifying File
Rising 20.22.41.00 2007.12.14 Backdoor.Win32.IRCbot.anh
Sophos 4.24.0 2007.12.16 Mal/Behav-059
Sunbelt 2.2.907.0 2007.12.15 -
Symantec 10 2007.12.15 -
TheHacker 6.2.9.160 2007.12.14 -
VBA32 3.12.2.5 2007.12.15 -
VirusBuster 4.3.26:9 2007.12.16 -
Webwasher-Gateway 6.6.2 2007.12.17 Trojan.Rootkit.Gen
Additional information
File size: 66560 bytes
MD5: 83ebab351e7a88e7b84863afc2b2e9fa

t-15357 кто знает руткита?
File vncbwxjt.dat received on 12.17.2007 08:21:30 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.17.10 2007.12.17 -
AntiVir 7.6.0.45 2007.12.17 TR/Rootkit.Gen
Authentium 4.93.8 2007.12.16 -
Avast 4.7.1098.0 2007.12.16 -
AVG 7.5.0.503 2007.12.16 -
BitDefender 7.2 2007.12.17 Trojan.Rootkit.Agent.NDW
CAT-QuickHeal 9.00 2007.12.15 Rootkit.Agent.ql
ClamAV 0.91.2 2007.12.17 -
DrWeb 4.44.0.09170 2007.12.16 Trojan.NtRootKit.511
eSafe 7.0.15.0 2007.12.16 -
eTrust-Vet 31.3.5377 2007.12.15 Win32/Kvol.Q
Ewido 4.0 2007.12.16 -
FileAdvisor 1 2007.12.17 -
Fortinet 3.14.0.0 2007.12.17 -
F-Prot 4.4.2.54 2007.12.17 W32/Rootkit.AHL
F-Secure 6.70.13030.0 2007.12.17 Rootkit.Win32.Agent.ql
Ikarus T3.1.1.15 2007.12.17 Rootkit.Win32.Agent.ql
Kaspersky 7.0.0.125 2007.12.17 Rootkit.Win32.Agent.ql
McAfee 5186 2007.12.14 -
Microsoft 1.3109 2007.12.17 -
NOD32v2 2726 2007.12.17 -
Norman 5.80.02 2007.12.14 -
Panda 9.0.0.4 2007.12.16 -
Prevx1 V2 2007.12.17 Win32.Rootkit.Gen
Rising 20.23.00.00 2007.12.17 -
Sophos 4.24.0 2007.12.16 -
Sunbelt 2.2.907.0 2007.12.15 -
Symantec 10 2007.12.17 -
TheHacker 6.2.9.160 2007.12.14 -
VBA32 3.12.2.5 2007.12.15 -
VirusBuster 4.3.26:9 2007.12.16 Rootkit.Agent.XBM
Webwasher-Gateway 6.6.2 2007.12.17 Trojan.Rootkit.Gen
Additional information
File size: 19456 bytes
MD5: b0e801a834bd344fcb4c5f53fdf495a8
SHA1: ad7e31f0060490886ed0f2947080611c670c6764

Добавлено через 2 часа 11 минут

t-15251 Эвристик VBA радует, жаль что нечасто...
File avz00001.dta received on 12.17.2007 08:34:05 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.17.10 2007.12.17 -
AntiVir 7.6.0.45 2007.12.17 -
Authentium 4.93.8 2007.12.16 -
Avast 4.7.1098.0 2007.12.16 -
AVG 7.5.0.503 2007.12.16 -
BitDefender 7.2 2007.12.17 -
CAT-QuickHeal 9.00 2007.12.15 -
ClamAV 0.91.2 2007.12.17 -
DrWeb 4.44.0.09170 2007.12.16 -
eSafe 7.0.15.0 2007.12.16 -
eTrust-Vet 31.3.5377 2007.12.15 -
Ewido 4.0 2007.12.16 -
FileAdvisor 1 2007.12.17 -
Fortinet 3.14.0.0 2007.12.17 -
F-Prot 4.4.2.54 2007.12.17 -
F-Secure 6.70.13030.0 2007.12.17 Trojan.Win32.Agent.dkf
Ikarus T3.1.1.15 2007.12.17 -
Kaspersky 7.0.0.125 2007.12.17 Trojan.Win32.Agent.dkf
McAfee 5186 2007.12.14 -
Microsoft 1.3109 2007.12.17 -
NOD32v2 2726 2007.12.17 -
Norman 5.80.02 2007.12.14 -
Panda 9.0.0.4 2007.12.16 -
Prevx1 V2 2007.12.17 -
Rising 20.23.00.00 2007.12.17 -
Sophos 4.24.0 2007.12.16 -
Sunbelt 2.2.907.0 2007.12.15 -
Symantec 10 2007.12.17 -
TheHacker 6.2.9.160 2007.12.14 -
VBA32 3.12.2.5 2007.12.15 suspected of Trojan-Downloader.PassAlert.2
VirusBuster 4.3.26:9 2007.12.16 -
Webwasher-Gateway 6.6.2 2007.12.17 -
Additional information
File size: 17920 bytes
MD5: 521a3ba1db0ee2caa04b85ea0ab27390

т-15300
File avz00010.dta received on 12.17.2007 09:10:51 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.14.11 2007.12.14 -
AntiVir 7.6.0.45 2007.12.17 TR/Dldr.Small.hdo.1
Authentium 4.93.8 2007.12.13 -
Avast 4.7.1098.0 2007.12.13 -
AVG 7.5.0.503 2007.12.13 -
BitDefender 7.2 2007.12.17 -
CAT-QuickHeal 9.00 2007.12.13 -
ClamAV 0.91.2 2007.12.14 -
DrWeb 4.44.0.09170 2007.12.14 -
eSafe 7.0.15.0 2007.12.13 -
eTrust-Vet 31.3.5382 2007.12.17 Win32/Chepvil!generic
Ewido 4.0 2007.12.14 -
FileAdvisor 1 2007.12.17 -
Fortinet 3.14.0.0 2007.12.14 -
F-Prot 4.4.2.54 2007.12.13 -
F-Secure 6.70.13030.0 2007.12.17 Trojan-Downloader.Win32.Small.hdo
Ikarus T3.1.1.15 2007.12.14 -
Kaspersky 7.0.0.125 2007.12.17 Trojan-Downloader.Win32.Small.hdo
McAfee 5185 2007.12.13 -
Microsoft 1.3109 2007.12.14 -
NOD32v2 2726 2007.12.17 -
Norman 5.80.02 2007.12.14 W32/Malware
Panda 9.0.0.4 2007.12.14 -
Prevx1 V2 2007.12.17 -
Rising 20.22.41.00 2007.12.14 -
Sophos 4.24.0 2007.12.17 -
Sunbelt 2.2.907.0 2007.12.14 -
Symantec 10 2007.12.17 -
TheHacker 6.2.9.159 2007.12.14 -
VBA32 3.12.2.5 2007.12.14 -
VirusBuster 4.3.26:9 2007.12.13 -
Webwasher-Gateway 6.0.1 2007.12.17 Trojan.Dldr.Small.hdo.1
Additional information
File size: 8704 bytes
MD5: 6546cdedb878e65ff6274327d92309cd

rubin
18.12.2007, 15:08
Файл avz00001.dta получен 2007.12.18 12:43:29 (CET)

AhnLab-V3 2007.12.18.11 2007.12.18 Win-Trojan/Agent.677888
AntiVir 7.6.0.45 2007.12.18 -
Authentium 4.93.8 2007.12.18 -
Avast 4.7.1098.0 2007.12.17 -
AVG 7.5.0.503 2007.12.17 -
BitDefender 7.2 2007.12.18 BehavesLike:Trojan.ShellStartup
CAT-QuickHeal 9.00 2007.12.17 -
ClamAV 0.91.2 2007.12.18 -
DrWeb 4.44.0.09170 2007.12.18 -
eSafe 7.0.15.0 2007.12.17 -
eTrust-Vet 31.3.5385 2007.12.18 -
Ewido 4.0 2007.12.18 -
FileAdvisor 1 2007.12.18 -
Fortinet 3.14.0.0 2007.12.18 -
F-Prot 4.4.2.54 2007.12.18 -
F-Secure 6.70.13030.0 2007.12.18 -
Ikarus T3.1.1.15 2007.12.18 BehavesLikeTrojan.ShellStartup
Kaspersky 7.0.0.125 2007.12.18 Trojan-Clicker.Win32.Agent.op
McAfee 5187 2007.12.17 -
Microsoft 1.3109 2007.12.18 -
NOD32v2 2729 2007.12.18 -
Norman 5.80.02 2007.12.17 -
Panda 9.0.0.4 2007.12.18 -
Prevx1 V2 2007.12.18 -
Rising 20.23.12.00 2007.12.18 -
Sophos 4.24.0 2007.12.18 -
Sunbelt 2.2.907.0 2007.12.18 -
Symantec 10 2007.12.18 -
TheHacker 6.2.9.162 2007.12.17 -
VBA32 3.12.2.5 2007.12.17 suspected of Embedded.Trojan.Win32.ViniX
VirusBuster 4.3.26:9 2007.12.17 -
Webwasher-Gateway 6.0.1 2007.12.18 -

Дополнительная информация
File size: 687616 bytes
MD5: 03c1bbbc57e9b85b448e36541cb9f46d
SHA1: 9d8206da74f1bde05946c7ee0a8c165df9b31eae
PEiD: Armadillo v1.71

Макcим
18.12.2007, 18:06
Файл avz00001.dta получен 2007.12.18 15:53:45 (CET)

AhnLab-V3 2007.12.18.11 2007.12.18 -
AntiVir 7.6.0.45 2007.12.18 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.12.18 -
Avast 4.7.1098.0 2007.12.17 Win32:Kbot-D
AVG 7.5.0.503 2007.12.17 SHeur.SHY
BitDefender 7.2 2007.12.18 Trojan.AVKiller.AW
CAT-QuickHeal 9.00 2007.12.17 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.12.18 -
DrWeb 4.44.0.09170 2007.12.18 Trojan.MulDrop.8347
eSafe 7.0.15.0 2007.12.17 Suspicious File
eTrust-Vet 31.3.5385 2007.12.18 -
Ewido 4.0 2007.12.18 -
FileAdvisor 1 2007.12.18 High threat detected
Fortinet 3.14.0.0 2007.12.18 -
F-Prot 4.4.2.54 2007.12.18 -
F-Secure 6.70.13030.0 2007.12.18 -
Ikarus T3.1.1.15 2007.12.18 Backdoor.Win32.Kbot.aq
Kaspersky 7.0.0.125 2007.12.18 -
McAfee 5187 2007.12.17 Tcad-Crypted
Microsoft 1.3109 2007.12.18 TrojanDownloader:Win32/Small.gen!AAM
NOD32v2 2730 2007.12.18 -
Norman 5.80.02 2007.12.17 -
Panda 9.0.0.4 2007.12.18 Suspicious file
Prevx1 V2 2007.12.18 -
Rising 20.23.12.00 2007.12.18 Trojan.Win32.Agent.yfx
Sophos 4.24.0 2007.12.18 Mal/Basine-C
Sunbelt 2.2.907.0 2007.12.18 -
Symantec 10 2007.12.18 Backdoor.Trojan
TheHacker 6.2.9.162 2007.12.17 -
VBA32 3.12.2.5 2007.12.17 Trojan.MulDrop.8347
VirusBuster 4.3.26:9 2007.12.17 Trojan.DR.Dirat.Gen
Webwasher-Gateway 6.6.2 2007.12.18 Trojan.Crypt.XPACK.GenДополнительная информация
File size: 12868 bytes
MD5: 9d537c85b5071a82695474ca45621822
SHA1: 9f6b2251125a4751f593ad693b564470839d48c5
PEiD: BlackEnergy DDoS Bot Crypter
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=9d537c85b5071a82695474ca45621822

rubin
18.12.2007, 21:10
\com\lsass.exe
Файл avz00002.dta получен 2007.12.18 18:09:58 (CET)

AhnLab-V3 2007.12.19.10 2007.12.18 -
AntiVir 7.6.0.45 2007.12.18 TR/Agent.dzc.1
Authentium 4.93.8 2007.12.18 -
Avast 4.7.1098.0 2007.12.17 -
AVG 7.5.0.503 2007.12.17 Downloader.Agent.14.R
BitDefender 7.2 2007.12.18 Trojan.Pinx.A
CAT-QuickHeal 9.00 2007.12.18 -
ClamAV 0.91.2 2007.12.18 -
DrWeb 4.44.0.09170 2007.12.18 -
eSafe 7.0.15.0 2007.12.18 -
eTrust-Vet 31.3.5385 2007.12.18 -
Ewido 4.0 2007.12.18 -
FileAdvisor 1 2007.12.18 -
Fortinet 3.14.0.0 2007.12.18 -
F-Prot 4.4.2.54 2007.12.18 W32/BadBHO.A.gen!Eldorado
F-Secure 6.70.13030.0 2007.12.18 -
Ikarus T3.1.1.15 2007.12.18 -
Kaspersky 7.0.0.125 2007.12.18 -
McAfee 5187 2007.12.17 W32/Fujacks
Microsoft 1.3109 2007.12.18 -
NOD32v2 2730 2007.12.18 -
Norman 5.80.02 2007.12.18 -
Panda 9.0.0.4 2007.12.18 Adware/BaiduBar
Prevx1 V2 2007.12.18 Heuristic: Suspicious File With Bad Child Associations
Rising 20.23.12.00 2007.12.18 Worm.Win32.DiskGen.ay
Sophos 4.24.0 2007.12.18 Mal/Packer
Sunbelt 2.2.907.0 2007.12.18 -
Symantec 10 2007.12.18 W32.Pagipef.I
TheHacker 6.2.9.163 2007.12.18 -
VBA32 3.12.2.5 2007.12.17 -
VirusBuster 4.3.26:9 2007.12.18 Packed/FSG
Webwasher-Gateway 6.6.2 2007.12.18 Trojan.Agent.dzc.1
Дополнительная информация
File size: 102400 bytes
MD5: 6d8280c2b3a8265efe330a50c7db8312
SHA1: c3e2a50cac6b58a7666c934420a381083a2ea899
PEiD: Armadillo v1.71
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=18F14A9000FC2FAB902901F2C F2EBE000ABE57DC

santy
19.12.2007, 06:41
File _msntsrv.exe_ received on 12.18.2007 22:24:34 (CET)
Result: 2/32 (6.25%)
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - a variant of Win32/Injector.F
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Additional information
MD5: 0c31e0783fda89f9f5daff4861fc1f86

rubin
19.12.2007, 21:15
t=15470
айл avz00002.dta получен 2007.12.19 19:07:31 (CET)

AhnLab-V3 2007.12.20.10 2007.12.19 -
AntiVir 7.6.0.45 2007.12.19 -
Authentium 4.93.8 2007.12.19 -
Avast 4.7.1098.0 2007.12.18 -
AVG 7.5.0.503 2007.12.19 -
BitDefender 7.2 2007.12.19 -
CAT-QuickHeal 9.00 2007.12.19 -
ClamAV 0.91.2 2007.12.19 -
DrWeb 4.44.0.09170 2007.12.19 -
eSafe 7.0.15.0 2007.12.19 -
eTrust-Vet 31.3.5386 2007.12.18 -
Ewido 4.0 2007.12.19 -
FileAdvisor 1 2007.12.19 -
Fortinet 3.14.0.0 2007.12.19 -
F-Prot 4.4.2.54 2007.12.18 -
F-Secure 6.70.13030.0 2007.12.19 -
Ikarus T3.1.1.15 2007.12.19 -
Kaspersky 7.0.0.125 2007.12.19 SpamTool.Win32.Agent.ee
McAfee 5189 2007.12.19 -
Microsoft 1.3109 2007.12.19 -
NOD32v2 2734 2007.12.19 -
Norman 5.80.02 2007.12.19 -
Panda 9.0.0.4 2007.12.18 -
Prevx1 V2 2007.12.19 SystemPoser:Trojan-a
Rising 20.23.22.00 2007.12.19 -
Sophos 4.24.0 2007.12.19 -
Sunbelt 2.2.907.0 2007.12.19 -
Symantec 10 2007.12.19 -
TheHacker 6.2.9.165 2007.12.19 -
VBA32 3.12.2.5 2007.12.19 -
VirusBuster 4.3.26:9 2007.12.19 -
Webwasher-Gateway 6.6.2 2007.12.19 -
Дополнительная информация
File size: 33280 bytes
MD5: 182d10f02592b398575cb25bccc8ad8b
SHA1: e9eabd6d65b65a72056fdf9bd287333c17bd0495
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=0B11785700275687820A00715 0F3520000CD71DE

XL
19.12.2007, 21:58
Файл ndisrd.sys получен 2007.12.19 19:45:21


AhnLab-V3 2007.12.20.10 2007.12.19 -
AntiVir 7.6.0.45 2007.12.19 TR/Dldr.Small.AQI.3
Authentium 4.93.8 2007.12.19 -
Avast 4.7.1098.0 2007.12.18 -
AVG 7.5.0.503 2007.12.19 Generic5.LQN
BitDefender 7.2 2007.12.19 Trojan.Generic.61039
CAT-QuickHeal 9.00 2007.12.19 -
ClamAV 0.91.2 2007.12.19 -
DrWeb 4.44.0.09170 2007.12.19 -
eSafe 7.0.15.0 2007.12.19 -
eTrust-Vet 31.3.5387 2007.12.19 -
Ewido 4.0 2007.12.19 Downloader.Small
FileAdvisor 1 2007.12.19 High threat detected
Fortinet 3.14.0.0 2007.12.19 W32/Small.AQI!tr
F-Prot 4.4.2.54 2007.12.18 W32/DownloaderX.UDM
F-Secure 6.70.13030.0 2007.12.19 W32/Smalltroj.LRX
Ikarus T3.1.1.15 2007.12.19 -
Kaspersky 7.0.0.125 2007.12.19 -
McAfee 5189 2007.12.19 -
Microsoft 1.3109 2007.12.19 TrojanDownloader:Win32/Small
NOD32v2 2734 2007.12.19 -
Norman 5.80.02 2007.12.19 W32/Smalltroj.LRX
Panda 9.0.0.4 2007.12.18 -
Prevx1 V2 2007.12.19 -
Rising 20.23.22.00 2007.12.19 -
Sophos 4.24.0 2007.12.19 -
Sunbelt 2.2.907.0 2007.12.19 -
Symantec 10 2007.12.19 -
TheHacker 6.2.9.165 2007.12.19 -
VBA32 3.12.2.5 2007.12.19 -
VirusBuster 4.3.26:9 2007.12.19 -
Webwasher-Gateway 6.6.2 2007.12.19 Trojan.Dldr.Small.AQI.3

File size: 15338 bytes
MD5: 62d4ef02daab1e5a32a2dee911bbb8a2

Макcим
22.12.2007, 12:38
Файл avz00005.dta получен 2007.12.22 10:30:48 (CET)

AhnLab-V3 2007.12.22.10 2007.12.21 Win-Trojan/Conhook.121876.D
AntiVir 7.6.0.46 2007.12.21 TR/Dldr.ConHook.Gen
Authentium 4.93.8 2007.12.21 -
Avast 4.7.1098.0 2007.12.21 Win32:Adware-gen
AVG 7.5.0.503 2007.12.21 Adware Generic2.WJX
BitDefender 7.2 2007.12.22 Trojan.Conhook.Y
CAT-QuickHeal 9.00 2007.12.22 AdWare.BHO.nv (Not a Virus)
ClamAV 0.91.2 2007.12.22 Adware.BHO-181
DrWeb 4.44.0.09170 2007.12.21 Adware.Crew
eSafe 7.0.15.0 2007.12.20 Suspicious File
eTrust-Vet 31.3.5395 2007.12.21 -
Ewido 4.0 2007.12.21 -
FileAdvisor 1 2007.12.22 -
Fortinet 3.14.0.0 2007.12.22 -
F-Prot 4.4.2.54 2007.12.21 W32/Heuristic-162!Eldorado
F-Secure 6.70.13030.0 2007.12.21 -
Ikarus T3.1.1.15 2007.12.22 Trojan.Conhook.Y
Kaspersky 7.0.0.125 2007.12.22 -
McAfee 5191 2007.12.21 -
Microsoft 1.3109 2007.12.22 VirTool:Win32/Obfuscator.Q
NOD32v2 2740 2007.12.21 Win32/Adware.BHO.V
Norman 5.80.02 2007.12.21 -
Panda 9.0.0.4 2007.12.22 Suspicious file
Prevx1 V2 2007.12.22 Generic.Malware
Rising 20.23.51.00 2007.12.22 -
Sophos 4.24.0 2007.12.22 Mal/BHO-C
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.22 -
TheHacker 6.2.9.167 2007.12.21 -
VBA32 3.12.2.5 2007.12.21 -
VirusBuster 4.3.26:9 2007.12.21 -
Webwasher-Gateway 6.6.2 2007.12.22 Trojan.Dldr.ConHook.GenДополнительная информация
File size: 121876 bytes
MD5: a4693d78511723681930fb2fc144e1b6
SHA1: de04b3a37b95f3a16f556b74124c521856a8d563
PEiD: -
packers: Morphine
packers: Morphine
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=68EC51D314B80545DCD30124E BFEEF006D771E7E

Shu_b
24.12.2007, 12:14
t-15578

File jkklm.dll received on 12.24.2007 10:05:58 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.24.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.24 TR/Agent.316512
Authentium 4.93.8 2007.12.23 -
Avast 4.7.1098.0 2007.12.23 -
AVG 7.5.0.516 2007.12.23 BHO.CTB
BitDefender 7.2 2007.12.24 Trojan.Vundo.DRM
CAT-QuickHeal 9.00 2007.12.22 -
ClamAV 0.91.2 2007.12.24 -
DrWeb 4.44.0.09170 2007.12.24 -
eSafe 7.0.15.0 2007.12.23 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.23 -
FileAdvisor 1 2007.12.24 -
Fortinet 3.14.0.0 2007.12.24 -
F-Prot 4.4.2.54 2007.12.23 W32/Virtumonde.G.gen!Eldorado
F-Secure 6.70.13030.0 2007.12.24 Vundo.gen49
Ikarus T3.1.1.15 2007.12.24 Trojan.Vundo.DRM
Kaspersky 7.0.0.125 2007.12.24 -
McAfee 5191 2007.12.21 -
Microsoft 1.3109 2007.12.24 Trojan:Win32/Vundo.gen!A
NOD32v2 2744 2007.12.23 -
Norman 5.80.02 2007.12.21 Vundo.gen49
Panda 9.0.0.4 2007.12.23 Spyware/Vundo
Prevx1 V2 2007.12.24 Rogue Antispyware:All Strains-All Variants
Rising 20.24.00.00 2007.12.24 -
Sophos 4.24.0 2007.12.24 -
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.24 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.22 -
VirusBuster 4.3.26:9 2007.12.23 Adware.Vundo.V.Gen
Webwasher-Gateway 6.6.2 2007.12.24 Trojan.Agent.316512
Additional information
File size: 316512 bytes
MD5: 03cb87e667cd31645b6f4256c4c6cbaa
File eotfkuyf.dll received on 12.24.2007 10:05:44 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.24.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.24 TR/Vundo.Gen
Authentium 4.93.8 2007.12.23 -
Avast 4.7.1098.0 2007.12.23 -
AVG 7.5.0.516 2007.12.23 Obfustat.ADEL
BitDefender 7.2 2007.12.24 -
CAT-QuickHeal 9.00 2007.12.22 -
ClamAV 0.91.2 2007.12.24 -
DrWeb 4.44.0.09170 2007.12.24 Trojan.Virtumod.251
eSafe 7.0.15.0 2007.12.23 Suspicious File
eTrust-Vet 31.3.5400 2007.12.24 Win32/Vundo.IX
Ewido 4.0 2007.12.23 -
FileAdvisor 1 2007.12.24 -
Fortinet 3.14.0.0 2007.12.24 -
F-Prot 4.4.2.54 2007.12.23 W32/Virtumonde.G.gen!Eldorado
F-Secure 6.70.13030.0 2007.12.24 -
Ikarus T3.1.1.15 2007.12.24 -
Kaspersky 7.0.0.125 2007.12.24 -
McAfee 5191 2007.12.21 -
Microsoft 1.3109 2007.12.24 Trojan:Win32/Vundo.gen!A
NOD32v2 2744 2007.12.23 -
Norman 5.80.02 2007.12.21 -
Panda 9.0.0.4 2007.12.23 Spyware/Virtumonde
Prevx1 V2 2007.12.24 -
Rising 20.24.00.00 2007.12.24 -
Sophos 4.24.0 2007.12.24 Troj/Virtum-Gen
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.24 -
TheHacker 6.2.9.168 2007.12.22 Adware/SecToolBar.y
VBA32 3.12.2.5 2007.12.22 -
VirusBuster 4.3.26:9 2007.12.23 Adware.Vundo.V.Gen
Webwasher-Gateway 6.6.2 2007.12.24 Trojan.Vundo.Gen
Additional information
File size: 165472 bytes
MD5: 0e0691c9faf2a69a96d44ac24bb281c3

vlad179
24.12.2007, 17:15
Файл avz00001.dta получен 2007.12.24 12:00:39 (CET)

Антивирус Версия Обновление Результат
AhnLab-V3 2007.12.24.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.24 DR/Delphi.Gen
Authentium 4.93.8 2007.12.23 -
Avast 4.7.1098.0 2007.12.24 -
AVG 7.5.0.516 2007.12.23 Agent.MCC
BitDefender 7.2 2007.12.24 Trojan.PSW.LdPinch.AKX
CAT-QuickHeal 9.00 2007.12.22 -
ClamAV 0.91.2 2007.12.24 -
DrWeb 4.44.0.09170 2007.12.24 -
eSafe 7.0.15.0 2007.12.23 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.24 -
FileAdvisor 1 2007.12.24 -
Fortinet 3.14.0.0 2007.12.24 W32/Dropper.DMW!tr
F-Prot 4.4.2.54 2007.12.23 -
F-Secure 6.70.13030.0 2007.12.24 Trojan.Win32.Agent.dmw
Ikarus T3.1.1.15 2007.12.24 Virus.Win32.Zapchast.DA
Kaspersky 7.0.0.125 2007.12.24 Trojan.Win32.Agent.dmw
McAfee 5191 2007.12.21 -
Microsoft 1.3109 2007.12.24 VirTool:Win32/DelfInject.gen!AA
NOD32v2 2745 2007.12.24 -
Norman 5.80.02 2007.12.24 LdPinch.STT
Panda 9.0.0.4 2007.12.23 -
Prevx1 V2 2007.12.24 -
Rising 20.24.01.00 2007.12.24 Trojan.DL.Win32.Agent.bxw
Sophos 4.24.0 2007.12.24 Mal/Dropper-T
Sunbelt 2.2.907.0 2007.12.21 -
TheHacker 6.2.9.168 2007.12.22 Trojan/Agent.dmw
VBA32 3.12.2.5 2007.12.22 -
VirusBuster 4.3.26:9 2007.12.23 -
Webwasher-Gateway 6.6.2 2007.12.24 Trojan.Dropper.Delphi.Gen

Дополнительная информация
File size: 42496 bytes
MD5: e52ef0b4afca6e89c1bb2abdeb59543c
SHA1: dc1bd5e85c38918777f928ac398642dee3d997bb
PEiD: -

strawser
24.12.2007, 22:03
File Keylog.zip received on 12.03.2007 14:14:43 (CET)
Current status: finished
Result: 26/32 (81.25%)
Version Last Update Result
AhnLab-V3 - - -
AntiVir - - TR/SPY.KeyLogger.LF
Authentium - - W32/Trojan.OGD
Avast - - Win32:Keylogger-DO
AVG - - PSW.Generic2.LFE
BitDefender - - Trojan.Spy.Keylogger.LF
CAT-QuickHeal - -
ClamAV - - -
DrWeb - - -
eSafe - - Win32.Trojan
eTrust-Vet - - Win32/VMalum.ANED
Ewido - - Logger.KeyLogger.lf
FileAdvisor - - High threat detected
Fortinet - - Spy/KeyLogger
F-Prot - - W32/Trojan.OGD
F-Secure - - Trojan-Spy.Win32.KeyLogger.lf
Ikarus - - Trojan-Spy.Win32.KeyLogger.lf
Kaspersky - - Trojan-Spy.Win32.KeyLogger.lf
McAfee - - Generic.do
Microsoft - - -
NOD32v2 - - Win32/Spy.KeyLogger.LF
Norman - - W32/Keylog.BAM
Panda - - Trj/Keylog.LH
Prevx1 - - -
Rising - - Trojan.Spy.KeyLogger.agx
Sophos - - Mal/Generic-A
Sunbelt - - Trojan-Spy.Win32.KeyLogger.lf
Symantec - - Infostealer
TheHacker - - Trojan/Spy.KeyLogger.lf
VBA32 - - Trojan-Spy.Win32.KeyLogger.lf
VirusBuster - - TrojanSpy.KeyLogger.JX
Webwasher-Gateway - - Trojan.SPY.KeyLogger.LF

Additional information
MD5: 8935a514da0aac5d8828c4afa37a6c08


File Trojan_Spy_Banker_qez.rar received on 12.24.2007 15:38:13 (CET)
Current status: finished
Result: 6/32 (18.75%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - TrojanSpy.Banker.gez
ClamAV - - -
DrWeb - - Adware.MoneyGainer
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - W32/Banker.BBZT
F-Secure - - -
Ikarus - - Trojan-Spy.Win32.Banker.gez
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious File With Bad Child Associations
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - Trojan-Spy.Win32.Banker.gez
VirusBuster - - -
Webwasher-Gateway - - -
Additional information
MD5: b6aaf0e414282bd28a625f09e88d0e8c

Mcafee ???

Trojan_program_Rootkit.Win32.Agen received on 12.24.2007 15:43:58 (CET)
Current status: finished
Result: 24/32 (75%)
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - TR/Crypt.XDR.Gen
Authentium - - -
Avast - - Win32:Trojan-gen {UPX}
AVG - - Dropper.Agent.9.Q
BitDefender - - Trojan.Srizbi.T
CAT-QuickHeal - - Rootkit.Agent.ld
ClamAV - - -
DrWeb - - Trojan.NtRootKit.493
eSafe - - Rootkit.Win32.Agent.
eTrust-Vet - - -
Ewido - - Rootkit.Agent.ld
FileAdvisor - - -
Fortinet - - W32/Agent.LD!tr.rkit
F-Prot - - W32/Rootkit.AGQ
F-Secure - - Rootkit.Win32.Agent.ld
Ikarus - - Trojan.Srizbi.T
Kaspersky - - Rootkit.Win32.Agent.ld
McAfee - - -
Microsoft - - Trojan:Win32/Agent
NOD32v2 - - probably a variant of Win32/Rootkit
Norman - - -
Panda - - Trj/Downloader.MDW
Prevx1 - - Generic.Malware
Rising - - RootKit.Win32.Agent.ld
Sophos - - Mal/Generic-A
Sunbelt - - Trojan.Srizbi.T
Symantec - - Trojan.Srizbi
TheHacker - - Trojan/Agent.ld
VBA32 - - Rootkit.Win32.Agent.ld
VirusBuster - - -
Webwasher-Gateway - - Trojan.Crypt.XDR.Gen
Additional information
MD5: 04d5a112d079eee44f7df7f3557a7c3f

drongo
25.12.2007, 01:26
Файл avz00001.dta получен 2007.12.24 23:19:03 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2007.12.25.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.24 TR/Hijacker.Gen
Authentium 4.93.8 2007.12.23 -
Avast 4.7.1098.0 2007.12.24 Win32:Small-IKB
AVG 7.5.0.516 2007.12.24 Downloader.Small.60.AO
BitDefender 7.2 2007.12.24 -
CAT-QuickHeal 9.00 2007.12.24 -
ClamAV 0.91.2 2007.12.24 -
DrWeb 4.44.0.09170 2007.12.24 -
eSafe 7.0.15.0 2007.12.24 suspicious Trojan/Worm
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.24 -
FileAdvisor 1 2007.12.24 -
Fortinet 3.14.0.0 2007.12.24 -
F-Prot 4.4.2.54 2007.12.23 -
F-Secure 6.70.13030.0 2007.12.24 -
Ikarus T3.1.1.15 2007.12.24 Virus.Win32.Small.IKB
Kaspersky 7.0.0.125 2007.12.24 -
McAfee 5192 2007.12.24 -
Microsoft 1.3109 2007.12.24 VirTool:Win32/Obfuscator!Mal
NOD32v2 2745 2007.12.24 -
Norman 5.80.02 2007.12.24 -
Panda 9.0.0.4 2007.12.24 -
Prevx1 V2 2007.12.24 -
Rising 20.24.02.00 2007.12.24 -
Sophos 4.24.0 2007.12.24 -
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.24 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.24 -
VirusBuster 4.3.26:9 2007.12.24 -
Webwasher-Gateway 6.6.2 2007.12.24 Trojan.Hijacker.Gen
Дополнительная информация
File size: 8192 bytes
MD5: 71629f64d4a92d29d4e5932e17931a05
SHA1: 55d4c70ec497b15a7c49257a4f82d032b7b47938
PEiD: -
packers: UPX
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX

Shu_b
25.12.2007, 08:26
t=15629
File cssrss.exe received on 12.25.2007 06:20:01 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.25.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.24 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.12.24 -
Avast 4.7.1098.0 2007.12.24 -
AVG 7.5.0.516 2007.12.24 -
BitDefender 7.2 2007.12.25 -
CAT-QuickHeal 9.00 2007.12.25 -
ClamAV 0.91.2 2007.12.25 -
DrWeb 4.44.0.09170 2007.12.24 -
eSafe 7.0.15.0 2007.12.24 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.24 -
FileAdvisor 1 2007.12.25 -
Fortinet 3.14.0.0 2007.12.25 -
F-Prot 4.4.2.54 2007.12.24 -
F-Secure 6.70.13030.0 2007.12.24 -
Ikarus T3.1.1.15 2007.12.25 -
Kaspersky 7.0.0.125 2007.12.25 -
McAfee 5192 2007.12.24 -
Microsoft 1.3109 2007.12.25 -
NOD32v2 2746 2007.12.25 -
Norman 5.80.02 2007.12.24 -
Panda 9.0.0.4 2007.12.24 -
Prevx1 V2 2007.12.25 -
Rising 20.24.02.00 2007.12.24 -
Sophos 4.24.0 2007.12.24 -
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.25 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.24 -
VirusBuster 4.3.26:9 2007.12.24 -
Webwasher-Gateway 6.6.2 2007.12.25 Trojan.Crypt.XPACK.Gen
Additional information
File size: 35840 bytes
MD5: 1c1e3c1e4109f5f9e15d147c91326c13

Shu_b
25.12.2007, 12:53
File askBarSetup.zip received on 12.05.2007 08:34:36 (CET)

сегодня 25.12, а не 5.12... :-(

Добавлено через 1 час 36 минут

t-15645
File user32.dat received on 12.25.2007 10:46:25 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.25.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.24 -
Authentium 4.93.8 2007.12.24 -
Avast 4.7.1098.0 2007.12.24 Win32:Tibs-ADO
AVG 7.5.0.516 2007.12.24 -
BitDefender 7.2 2007.12.25 -
CAT-QuickHeal 9.00 2007.12.25 -
ClamAV 0.91.2 2007.12.25 -
DrWeb 4.44.0.09170 2007.12.25 -
eSafe 7.0.15.0 2007.12.24 suspicious Trojan/Worm
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.24 -
FileAdvisor 1 2007.12.25 -
Fortinet 3.14.0.0 2007.12.25 -
F-Prot 4.4.2.54 2007.12.24 -
F-Secure 6.70.13030.0 2007.12.24 -
Ikarus T3.1.1.15 2007.12.25 Virus.Win32.Tibs.ADO
Kaspersky 7.0.0.125 2007.12.25 Trojan-Clicker.Win32.Agent.ph
McAfee 5192 2007.12.24 -
Microsoft 1.3109 2007.12.25 -
NOD32v2 2746 2007.12.25 -
Norman 5.80.02 2007.12.24 -
Panda 9.0.0.4 2007.12.24 -
Prevx1 V2 2007.12.25 Heuristic: Suspicious File With Bad Parent Associations
Rising 20.24.11.00 2007.12.25 -
Sophos 4.24.0 2007.12.25 -
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.25 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.24 -
VirusBuster 4.3.26:9 2007.12.24 -
Webwasher-Gateway 6.6.2 2007.12.25 Win32.UPXpacked.gen (suspicious)
Additional information
File size: 6144 bytes
MD5: b7d2d09d310a8c86ff706b5b9b84593d
SHA1: 50c91dadee58fd8c7a7c7013e2178bb55dbeb0b0
PEiD: -
packers: UPX

strawser
25.12.2007, 13:11
сегодня 25.12, а не 5.12... :-(

Да,прошу прощения. Скопировал старый лог. Вот новый.Dr web уже знает этого зверя, а F-pot почему-то уже нет.

File askBarSetup.zip received on 12.25.2007 11:05:11 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.25.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.24 -
Authentium 4.93.8 2007.12.25 -
Avast 4.7.1098.0 2007.12.24 -
AVG 7.5.0.516 2007.12.24 -
BitDefender 7.2 2007.12.25 -
CAT-QuickHeal 9.00 2007.12.25 -
ClamAV 0.91.2 2007.12.25 -
DrWeb 4.44.0.09170 2007.12.25 Adware.Msearch
eSafe 7.0.15.0 2007.12.24 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.24 -
FileAdvisor 1 2007.12.25 -
Fortinet 3.14.0.0 2007.12.25 -
F-Prot 4.4.2.54 2007.12.24 -
F-Secure 6.70.13030.0 2007.12.24 -
Ikarus T3.1.1.15 2007.12.25 -
Kaspersky 7.0.0.125 2007.12.25 -
McAfee 5192 2007.12.24 -
Microsoft 1.3109 2007.12.25 -
NOD32v2 2746 2007.12.25 a variant of Win32/AdInstaller
Norman 5.80.02 2007.12.24 -
Panda 9.0.0.4 2007.12.24 -
Prevx1 V2 2007.12.25 Heuristic: Suspicious Hijacker
Rising 20.24.11.00 2007.12.25 -
Sophos 4.24.0 2007.12.25 -
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.25 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.24 suspected of Trojan-Dropper.Delf.36 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.12.24 -
Webwasher-Gateway 6.6.2 2007.12.25 -
Additional information
File size: 517576 bytes
MD5: 170996a490c22b2c1c77b89067280d9e
SHA1: a59d0e8b21b186a7f7c2f727456484a61be873ac
PEiD: -

Shu_b
25.12.2007, 15:55
Вот новый.Dr web уже знает этого зверя {cut}

Это неизвестно, на вирустотале только недавно "отремонтировали" Drweb чтоб он adware показывал.

ps. если не трудно, зашлите по ссылке (в zip'e, с паролем virus) - http://virusinfo.info/upload_virus.php?tid=12941

rubin
25.12.2007, 16:55
vhosts.exe


AhnLab-V3 2007.12.25.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.25 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.12.25 -
Avast 4.7.1098.0 2007.12.24 -
AVG 7.5.0.516 2007.12.25 -
BitDefender 7.2 2007.12.25 -
CAT-QuickHeal 9.00 2007.12.25 -
ClamAV 0.91.2 2007.12.25 -
DrWeb 4.44.0.09170 2007.12.25 -
eSafe 7.0.15.0 2007.12.24 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.25 -
FileAdvisor 1 2007.12.25 -
Fortinet 3.14.0.0 2007.12.25 -
F-Prot 4.4.2.54 2007.12.25 -
F-Secure 6.70.13030.0 2007.12.25 -
Ikarus T3.1.1.15 2007.12.25 -
Kaspersky 7.0.0.125 2007.12.25 -
McAfee 5192 2007.12.24 -
Microsoft 1.3109 2007.12.25 -
NOD32v2 2747 2007.12.25 -
Norman 5.80.02 2007.12.24 -
Panda 9.0.0.4 2007.12.25 Suspicious file
Prevx1 V2 2007.12.25 -
Rising 20.24.12.00 2007.12.25 -
Sophos 4.24.0 2007.12.25 Mal/Basine-C
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.25 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.24 -
VirusBuster 4.3.26:9 2007.12.24 -
Webwasher-Gateway 6.6.2 2007.12.25 Trojan.Crypt.XPACK.Gen
File size: 20480 bytes
MD5: 3f6a0b6f22e6b87ef817638789b46c0b
SHA1: ba8a1503089e8c0489b4beb52b160b11c05b15f4


avz00002.dta

AhnLab-V3 2007.12.25.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.25 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.12.25 -
Avast 4.7.1098.0 2007.12.24 -
AVG 7.5.0.516 2007.12.25 -
BitDefender 7.2 2007.12.25 -
CAT-QuickHeal 9.00 2007.12.25 -
ClamAV 0.91.2 2007.12.25 -
DrWeb 4.44.0.09170 2007.12.25 Trojan.Proxy.2240
eSafe 7.0.15.0 2007.12.24 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.25 Downloader.Small.fah
FileAdvisor 1 2007.12.25 -
Fortinet 3.14.0.0 2007.12.25 -
F-Prot 4.4.2.54 2007.12.25 -
F-Secure 6.70.13030.0 2007.12.25 -
Ikarus T3.1.1.15 2007.12.25 -
Kaspersky 7.0.0.125 2007.12.25 -
McAfee 5192 2007.12.24 -
Microsoft 1.3109 2007.12.25 -
NOD32v2 2747 2007.12.25 -
Norman 5.80.02 2007.12.24 -
Panda 9.0.0.4 2007.12.25 -
Prevx1 V2 2007.12.25 -
Rising 20.24.12.00 2007.12.25 -
Sophos 4.24.0 2007.12.25 -
Sunbelt 2.2.907.0 2007.12.21 VIPRE.Suspicious
Symantec 10 2007.12.25 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.24 suspected of Trojan-PSW.Pinch.35 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.12.24 -
Webwasher-Gateway 6.6.2 2007.12.25 Trojan.Crypt.XPACK.Gen
File size: 16896 bytes
MD5: f75864554cb100786170999c4dffc115
SHA1: 752d20a5a147e50b46dd69b76a80e94d05159be4

ALEX(XX)
25.12.2007, 20:26
File sysfope.exe received on 12.25.2007 18:20:39 (CET)

Antivirus;Version;Last Update;Result
AhnLab-V3;2007.12.25.10;2007.12.24;-
AntiVir;7.6.0.46;2007.12.25;TR/Crypt.ULPM.Gen
Authentium;4.93.8;2007.12.25;-
Avast;4.7.1098.0;2007.12.25;Win32:Agent-PBQ
AVG;7.5.0.516;2007.12.25;-
BitDefender;7.2;2007.12.25;-
CAT-QuickHeal;9.00;2007.12.25;(Suspicious) - DNAScan
ClamAV;0.91.2;2007.12.25;-
DrWeb;4.44.0.09170;2007.12.25;Trojan.DownLoader.38 353
eSafe;7.0.15.0;2007.12.25;suspicious Trojan/Worm
eTrust-Vet;31.3.5400;2007.12.24;-
Ewido;4.0;2007.12.25;-
FileAdvisor;1;2007.12.25;-
Fortinet;3.14.0.0;2007.12.25;-
F-Prot;4.4.2.54;2007.12.25;W32/Heuristic-KPP!Eldorado
F-Secure;6.70.13030.0;2007.12.25;-
Ikarus;T3.1.1.15;2007.12.25;-
Kaspersky;7.0.0.125;2007.12.25;not-a-virus:AdWare.Win32.Agent.yz
McAfee;5192;2007.12.24;-
Microsoft;1.3109;2007.12.25;Trojan:Win32/AgentBypass.gen!K
NOD32v2;2747;2007.12.25;-
Norman;5.80.02;2007.12.24;-
Panda;9.0.0.4;2007.12.25;Suspicious file
Prevx1;V2;2007.12.25;Generic.Malware
Rising;20.24.12.00;2007.12.25;-
Sophos;4.24.0;2007.12.25;-
Sunbelt;2.2.907.0;2007.12.21;VIPRE.Suspicious
Symantec;10;2007.12.25;-
TheHacker;6.2.9.168;2007.12.22;-
VBA32;3.12.2.5;2007.12.24;-
VirusBuster;4.3.26:9;2007.12.25;-
Webwasher-Gateway;6.6.2;2007.12.25;Trojan.Crypt.ULPM.Gen

Additional information
File size: 34049 bytes
MD5: 0639ebdcda125a88685314262d817f8a
SHA1: f3d51361257b93db898a8f819653081b7ce369cf
PEiD: RCryptor v1.5 --> Vaska
packers: UPX
packers: UPX
packers: SuperCrypt, PE_Patch.UPX, UPX, UPX, PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=4B224CFB01D8114585B400157 81844009E3A294A
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

ZhIV
26.12.2007, 06:25
Файл opr02TF4.htm получен 2007.12.26 04:02:54 (CET)

AhnLab-V3 2007.12.25.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.25 -
Authentium 4.93.8 2007.12.25 -
Avast 4.7.1098.0 2007.12.25 -
AVG 7.5.0.516 2007.12.25 -
BitDefender 7.2 2007.12.26 -
CAT-QuickHeal 9.00 2007.12.25 -
ClamAV 0.91.2 2007.12.26 -
DrWeb 4.44.0.09170 2007.12.25 VBS.PackFor
eSafe 7.0.15.0 2007.12.25 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.25 -
FileAdvisor 1 2007.12.26 -
Fortinet 3.14.0.0 2007.12.26 -
F-Prot 4.4.2.54 2007.12.25 -
F-Secure 6.70.13030.0 2007.12.26 DoS.JS.Dframe.n
Ikarus T3.1.1.15 2007.12.26 -
Kaspersky 7.0.0.125 2007.12.26 DoS.JS.Dframe.n
McAfee 5192 2007.12.24 Exploit-IFrame
Microsoft 1.3109 2007.12.26 DoS:JS/Dframe.gen
NOD32v2 2747 2007.12.25 -
Norman 5.80.02 2007.12.24 -
Panda 9.0.0.4 2007.12.25 W32/Dowlod.A
Prevx1 V2 2007.12.26 -
Rising 20.24.12.00 2007.12.25 -
Sophos 4.24.0 2007.12.26 Troj/Pintadd-A
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.26 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.24 -
VirusBuster 4.3.26:9 2007.12.25 -
Webwasher-Gateway 6.6.2 2007.12.25 -
Дополнительная информация
File size: 35862 bytes
MD5: 4c03044564b1a19743b16341be25f583
SHA1: a0f5e06399f4899ec3e20cf086d232ead442e0c4
PEiD: -

Файл opr02TFK.htm получен 2007.12.26 04:08:36 (CET)
AhnLab-V3 2007.12.25.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.25 -
Authentium 4.93.8 2007.12.25 -
Avast 4.7.1098.0 2007.12.25 -
AVG 7.5.0.516 2007.12.25 -
BitDefender 7.2 2007.12.26 -
CAT-QuickHeal 9.00 2007.12.25 -
ClamAV 0.91.2 2007.12.26 -
DrWeb 4.44.0.09170 2007.12.25 VBS.PackFor
eSafe 7.0.15.0 2007.12.25 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.25 -
FileAdvisor 1 2007.12.26 -
Fortinet 3.14.0.0 2007.12.26 -
F-Prot 4.4.2.54 2007.12.25 -
F-Secure 6.70.13030.0 2007.12.26 -
Ikarus T3.1.1.15 2007.12.26 -
Kaspersky 7.0.0.125 2007.12.26 -
McAfee 5192 2007.12.24 Exploit-IFrame
Microsoft 1.3109 2007.12.26 -
NOD32v2 2747 2007.12.25 -
Norman 5.80.02 2007.12.24 -
Panda 9.0.0.4 2007.12.25 -
Prevx1 V2 2007.12.26 -
Rising 20.24.12.00 2007.12.25 -
Sophos 4.24.0 2007.12.26 Troj/Pintadd-A
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.26 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.24 -
VirusBuster 4.3.26:9 2007.12.25 -
Webwasher-Gateway 6.6.2 2007.12.26 -
Дополнительная информация
File size: 67463 bytes
MD5: ec217fa712390258690ffa3ba97f41e4
SHA1: ce0b0e06cf70c2654ca0580b74ac627919acd327
PEiD: -

Файл opr02UM9.htm получен 2007.12.26 04:09:04 (CET)
AhnLab-V3 2007.12.25.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.25 -
Authentium 4.93.8 2007.12.25 -
Avast 4.7.1098.0 2007.12.25 -
AVG 7.5.0.516 2007.12.25 -
BitDefender 7.2 2007.12.26 Trojan.Downloader.Js.Agent.KV
CAT-QuickHeal 9.00 2007.12.25 -
ClamAV 0.91.2 2007.12.26 -
DrWeb 4.44.0.09170 2007.12.25 Trojan.DownLoader.28150
eSafe 7.0.15.0 2007.12.25 JS.Iframe.cv
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.25 -
FileAdvisor 1 2007.12.26 -
Fortinet 3.14.0.0 2007.12.26 -
F-Prot 4.4.2.54 2007.12.25 -
F-Secure 6.70.13030.0 2007.12.26 Trojan-Downloader.JS.Agent.kv
Ikarus T3.1.1.15 2007.12.26 Trojan-Downloader.JS.Agent.kv
Kaspersky 7.0.0.125 2007.12.26 Trojan-Downloader.JS.Agent.kv
McAfee 5192 2007.12.24 Exploit-IFrame
Microsoft 1.3109 2007.12.26 -
NOD32v2 2747 2007.12.25 -
Norman 5.80.02 2007.12.24 -
Panda 9.0.0.4 2007.12.25 -
Prevx1 V2 2007.12.26 -
Rising 20.24.12.00 2007.12.25 -
Sophos 4.24.0 2007.12.26 -
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.26 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.24 -
VirusBuster 4.3.26:9 2007.12.25 -
Webwasher-Gateway 6.6.2 2007.12.26 -
Дополнительная информация
File size: 12753 bytes
MD5: 5e9f555d80e10568d2dc561d7033c6e2
SHA1: 10f2687c222d366086a8c236ac68ab67d7fb92bb
PEiD: -

Файл opr03KWH.htm получен 2007.12.26 04:09:18 (CET)
AhnLab-V3 2007.12.25.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.25 HTML/Rce.Gen
Authentium 4.93.8 2007.12.25 -
Avast 4.7.1098.0 2007.12.25 -
AVG 7.5.0.516 2007.12.25 JS/Downloader.Agent
BitDefender 7.2 2007.12.26 Exploit.AdodbStream.J
CAT-QuickHeal 9.00 2007.12.25 -
ClamAV 0.91.2 2007.12.26 -
DrWeb 4.44.0.09170 2007.12.25 VBS.PackFor
eSafe 7.0.15.0 2007.12.25 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.25 -
FileAdvisor 1 2007.12.26 -
Fortinet 3.14.0.0 2007.12.26 JS/WebAttacker!exploit
F-Prot 4.4.2.54 2007.12.25 -
F-Secure 6.70.13030.0 2007.12.26 JS/Laume.gen2
Ikarus T3.1.1.15 2007.12.26 Trojan-Downloader.JS.Psyme.hu
Kaspersky 7.0.0.125 2007.12.26 -
McAfee 5192 2007.12.24 JS/Downloader-AUD
Microsoft 1.3109 2007.12.26 TrojanDownloader:JS/Psyme.gen
NOD32v2 2747 2007.12.25 -
Norman 5.80.02 2007.12.24 JS/Laume.gen2
Panda 9.0.0.4 2007.12.25 -
Prevx1 V2 2007.12.26 -
Rising 20.24.12.00 2007.12.25 -
Sophos 4.24.0 2007.12.26 Mal/ObfJS-A
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.26 Downloader
TheHacker 6.2.9.168 2007.12.22 Trojan/Downloader.vbs
VBA32 3.12.2.5 2007.12.24 -
VirusBuster 4.3.26:9 2007.12.25 -
Webwasher-Gateway 6.6.2 2007.12.26 Script.Rce.Gen
Дополнительная информация
File size: 507 bytes
MD5: 969a819391719993899c36f0ab1b921f
SHA1: 0f9d6e1200e22427cc1b8d7f215e6cf8de6e36d5
PEiD: -
packers: Crypt.DCScript

Добавлено через 4 минуты

Файл opr03NVL.htm получен 2007.12.26 04:10:43 (CET)

AhnLab-V3 2007.12.25.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.25 -
Authentium 4.93.8 2007.12.25 -
Avast 4.7.1098.0 2007.12.25 -
AVG 7.5.0.516 2007.12.25 -
BitDefender 7.2 2007.12.26 Trojan.Downloader.Js.Psyme.O
CAT-QuickHeal 9.00 2007.12.25 -
ClamAV 0.91.2 2007.12.26 JS.Small
DrWeb 4.44.0.09170 2007.12.25 VBS.Psyme.377
eSafe 7.0.15.0 2007.12.25 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.25 -
FileAdvisor 1 2007.12.26 -
Fortinet 3.14.0.0 2007.12.26 JS/Inor.A!tr.dldr
F-Prot 4.4.2.54 2007.12.25 -
F-Secure 6.70.13030.0 2007.12.26 Trojan-Downloader.JS.Small.ih
Ikarus T3.1.1.15 2007.12.26 Trojan-Downloader.JS.Inor.A
Kaspersky 7.0.0.125 2007.12.26 Trojan-Downloader.JS.Small.ih
McAfee 5192 2007.12.24 JS/Wonka
Microsoft 1.3109 2007.12.26 -
NOD32v2 2747 2007.12.25 -
Norman 5.80.02 2007.12.24 -
Panda 9.0.0.4 2007.12.25 -
Prevx1 V2 2007.12.26 -
Rising 20.24.12.00 2007.12.25 -
Sophos 4.24.0 2007.12.26 Mal/ObfJS-H
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.26 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.24 Trojan-Downloader.JS.Psyme.cv
VirusBuster 4.3.26:9 2007.12.25 -
Webwasher-Gateway 6.6.2 2007.12.26 -
Дополнительная информация
File size: 18502 bytes
MD5: d558d4e52ca3393ae521632262337912
SHA1: 032f4109040572877ab7a8d77f38cbafeb35b697
PEiD: -

strawser
26.12.2007, 19:42
ps. если не трудно, зашлите по ссылке (в zip'e, с паролем virus) - http://virusinfo.info/upload_virus.php?tid=12941
Выслал.

Добавлено через 21 минуту

symantec ??

File 43.rar received on 12.26.2007 17:32:26 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.27.10 2007.12.26 -
AntiVir 7.6.0.46 2007.12.26 TR/Dldr.Agent.dow
Authentium 4.93.8 2007.12.26 -
Avast 4.7.1098.0 2007.12.26 Win32:Agent-MHD
AVG 7.5.0.516 2007.12.25 Agent.LOH
BitDefender 7.2 2007.12.26 Generic.NPop.84CDBBCB
CAT-QuickHeal 9.00 2007.12.25 Trojan.Agent.app
ClamAV 0.91.2 2007.12.26 Trojan.Downloader.Agent-1278
DrWeb 4.44.0.09170 2007.12.26 Trojan.DownLoader.36243
eSafe 7.0.15.0 2007.12.25 Win32.Agent.app
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.26 -
FileAdvisor 1 2007.12.26 -
Fortinet 3.14.0.0 2007.12.26 W32/Agent.GBH!tr
F-Prot 4.4.2.54 2007.12.25 W32/VCtroj.A.gen!Eldorado
F-Secure 6.70.13030.0 2007.12.26 Trojan-Downloader.Win32.Agent.gbh
Ikarus T3.1.1.15 2007.12.26 Trojan.Win32.Agent.app
Kaspersky 7.0.0.125 2007.12.26 Trojan-Downloader.Win32.Agent.gbh
McAfee 5192 2007.12.24 Generic Downloader.p
Microsoft 1.3109 2007.12.26 Trojan:Win32/Agent.APP
NOD32v2 2747 2007.12.25 Win32/Agent.NNA
Norman 5.80.02 2007.12.26 -
Panda 9.0.0.4 2007.12.25 Trj/Downloader.QKJ
Prevx1 V2 2007.12.26 SystemPoser:Trojan-b
Rising 20.24.21.00 2007.12.26 Trojan.DL.Win32.Agent.zkj
Sophos 4.24.0 2007.12.26 -
Sunbelt 2.2.907.0 2007.12.21 Trojan.Win32.Agent.app
Symantec 10 2007.12.26 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.26 Trojan.Win32.Agent.app
VirusBuster 4.3.26:9 2007.12.26 Trojan.Gretus.Gen!Pac
Webwasher-Gateway 6.6.2 2007.12.26 Trojan.Dldr.Agent.dow
Additional information
File size: 27469 bytes
MD5: 8a22d6c8a332be275d082e755fd7ae0c
SHA1: 956ab2106bb1fd18248429d9169a6433f1e52275
PEiD: -
packers: PecBundle, PECompact
packers: PE_Patch.PECompact, PecBundle, PECompact
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=D83A575300BE316874AC00841 6355900D01AA827

File Trojan_DownloaderWMA.rar received on 12.26.2007 19:18:02 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.27.10 2007.12.26 -
AntiVir 7.6.0.46 2007.12.26 -
Authentium 4.93.8 2007.12.26 -
Avast 4.7.1098.0 2007.12.26 -
AVG 7.5.0.516 2007.12.26 -
BitDefender 7.2 2007.12.26 -
CAT-QuickHeal 9.00 2007.12.25 -
ClamAV 0.91.2 2007.12.26 -
DrWeb 4.44.0.09170 2007.12.26 -
eSafe 7.0.15.0 2007.12.26 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.26 -
FileAdvisor 1 2007.12.26 -
Fortinet 3.14.0.0 2007.12.26 -
F-Prot 4.4.2.54 2007.12.25 -
F-Secure 6.70.13030.0 2007.12.26 Trojan-Downloader.WMA.Wimad.l
Ikarus T3.1.1.15 2007.12.26 Trojan-Downloader.WMA.Wimad.l
Kaspersky 7.0.0.125 2007.12.26 Trojan-Downloader.WMA.Wimad.l
McAfee 5192 2007.12.24 -
Microsoft 1.3109 2007.12.26 -
NOD32v2 2747 2007.12.25 -
Norman 5.80.02 2007.12.26 -
Panda 9.0.0.4 2007.12.25 -
Prevx1 V2 2007.12.26 -
Rising 20.24.21.00 2007.12.26 -
Sophos 4.24.0 2007.12.26 -
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.26 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.26 -
VirusBuster 4.3.26:9 2007.12.26 -
Webwasher-Gateway 6.6.2 2007.12.26 -
Additional information
File size: 333266 bytes
MD5: 3c9f2cfeb66f87e40aae6aba6fe0fd39
SHA1: 913429c10f23984dd014a049f507ec10e5b99cf4
PEiD: -

XL
26.12.2007, 22:14
Свежий шторм:


Файл happy-2008.exe получен 2007.12.26 19:54:10 (CET)

AhnLab-V3 2007.12.27.10 2007.12.26 -
AntiVir 7.6.0.46 2007.12.26 HEUR/Crypted
Authentium 4.93.8 2007.12.26 -
Avast 4.7.1098.0 2007.12.26 Win32:DNSChanger-HI
AVG 7.5.0.516 2007.12.26 -
BitDefender 7.2 2007.12.26 -
CAT-QuickHeal 9.00 2007.12.26 -
ClamAV 0.91.2 2007.12.26 -
DrWeb 4.44.0.09170 2007.12.26 -
eSafe 7.0.15.0 2007.12.26 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.26 -
FileAdvisor 1 2007.12.26 -
Fortinet 3.14.0.0 2007.12.26 -
F-Prot 4.4.2.54 2007.12.25 -
F-Secure 6.70.13030.0 2007.12.26 -
Ikarus T3.1.1.15 2007.12.26 -
Kaspersky 7.0.0.125 2007.12.26 -
McAfee 5193 2007.12.26 -
Microsoft 1.3109 2007.12.26 -
NOD32v2 2747 2007.12.25 -
Norman 5.80.02 2007.12.26 -
Panda 9.0.0.4 2007.12.25 -
Prevx1 V2 2007.12.26 Heuristic: Suspicious File With Bad Child Associations
Rising 20.24.21.00 2007.12.26 -
Sophos 4.24.0 2007.12.26 -
Sunbelt 2.2.907.0 2007.12.21 VIPRE.Suspicious
Symantec 10 2007.12.26 -
TheHacker 6.2.9.169 2007.12.26 -
VBA32 3.12.2.5 2007.12.26 -
VirusBuster 4.3.26:9 2007.12.26 -
Webwasher-Gateway 6.6.2 2007.12.26 Heuristic.Crypted
Дополнительная информация
File size: 152064 bytes
MD5: 5c1d151eb4bfc5bf29ed0a02059c08bc
SHA1: f09434c0562f35071844d2a9606f431682f52511

ALEX(XX)
28.12.2007, 13:17
File loader.exe received on 12.27.2007 2145 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.12.28.10 2007.12.27 -
AntiVir 7.6.0.46 2007.12.27 -
Authentium 4.93.8 2007.12.27 -
Avast 4.7.1098.0 2007.12.27 -
AVG 7.5.0.516 2007.12.27 Generic9.AIKU
BitDefender 7.2 2007.12.27 Trojan.Agent.Small.SVO
CAT-QuickHeal 9.00 2007.12.27 -
ClamAV 0.91.2 2007.12.27 -
DrWeb 4.44.0.09170 2007.12.27 -
eSafe 7.0.15.0 2007.12.27 -
eTrust-Vet 31.3.5406 2007.12.27 Win32/Chepvil!generic
Ewido 4.0 2007.12.27 -
FileAdvisor 1 2007.12.27 -
Fortinet 3.14.0.0 2007.12.27 -
F-Prot 4.4.2.54 2007.12.26 -
F-Secure 6.70.13030.0 2007.12.27 W32/Malware
Ikarus T3.1.1.15 2007.12.27 -
Kaspersky 7.0.0.125 2007.12.27 -
McAfee 5194 2007.12.27 -
Microsoft 1.3109 2007.12.27 -
NOD32v2 2751 2007.12.27 -
Norman 5.80.02 2007.12.27 W32/Malware
Panda 9.0.0.4 2007.12.27 -
Prevx1 V2 2007.12.27 -
Rising 20.24.32.00 2007.12.27 -
Sophos 4.24.0 2007.12.27 -
Sunbelt 2.2.907.0 2007.12.27 -
Symantec 10 2007.12.27 -
TheHacker 6.2.9.172 2007.12.27 -
VBA32 3.12.2.5 2007.12.26 -
VirusBuster 4.3.26:9 2007.12.27 -
Webwasher-Gateway 6.6.2 2007.12.27 -

Additional information
File size: 8704 bytes
MD5: 4b4bfceb4b304e2823cae013c55cca97
SHA1: db326f1ccef67ebeebb4aff07286190580e36113
PEiD: -
norman sandbox: [ General information ]<br /> * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.<br /> * File length: 8704 bytes.<br /><br /> [ Process/window information ]<br /> * Attempts to access service \"McShield\".<br /> * Disables security related services.<br /><br />

Добавлено через 10 часов 10 минут

File winable.exe received on 12.28.2007 07:08:05 (CET)

Antivirus;Version;Last Update;Result
AhnLab-V3;2007.12.28.11;2007.12.28;Win-Trojan/Agent.61440.DB
AntiVir;7.6.0.46;2007.12.27;BDS/StarDor.A
Authentium;4.93.8;2007.12.28;-
Avast;4.7.1098.0;2007.12.27;Win32:Adloader-KY
AVG;7.5.0.516;2007.12.27;-
BitDefender;7.2;2007.12.28;-
CAT-QuickHeal;9.00;2007.12.27;TrojanDownloader.bho.gll
ClamAV;0.91.2;2007.12.27;-
DrWeb;4.44.0.09170;2007.12.27;Trojan.Stars.origin
eSafe;7.0.15.0;2007.12.27;-
eTrust-Vet;31.3.5407;2007.12.27;-
Ewido;4.0;2007.12.27;Downloader.Adload.ni
FileAdvisor;1;2007.12.28;-
Fortinet;3.14.0.0;2007.12.28;-
F-Prot;4.4.2.54;2007.12.28;-
F-Secure;6.70.13030.0;2007.12.28;-
Ikarus;T3.1.1.15;2007.12.28;-
Kaspersky;7.0.0.125;2007.12.28;-
McAfee;5194;2007.12.27;-
Microsoft;1.3109;2007.12.28;-
NOD32v2;2751;2007.12.27;-
Norman;5.80.02;2007.12.27;-
Panda;9.0.0.4;2007.12.27;-
Prevx1;V2;2007.12.28;-
Rising;20.24.32.00;2007.12.27;Trojan.Win32.Agent.z ug
Sophos;4.24.0;2007.12.28;-
Sunbelt;2.2.907.0;2007.12.28;-
Symantec;10;2007.12.28;Adware.MaxSearch
TheHacker;6.2.9.172;2007.12.27;-
VBA32;3.12.2.5;2007.12.26;-
VirusBuster;4.3.26:9;2007.12.27;-
Webwasher-Gateway;6.6.2;2007.12.28;Trojan.Backdoor.StarDor.A

Additional information
File size: 61440 bytes
MD5: 4a7b083438836184abebec212920d695
SHA1: 922d42c3b759725bacef54c24b4da0b9b4bb3503
PEiD: -

Добавлено через 3 часа 38 минут

File VideoAccessCodecInstall.exe received on 12.28.2007 11:08:55 (CET)

Antivirus;Version;Last Update;Result
AhnLab-V3;2007.12.28.11;2007.12.28;-
AntiVir;7.6.0.46;2007.12.28;TR/Dldr.Zlob
Authentium;4.93.8;2007.12.28;-
Avast;4.7.1098.0;2007.12.27;-
AVG;7.5.0.516;2007.12.27;Downloader.Zlob
BitDefender;7.2;2007.12.28;-
CAT-QuickHeal;9.00;2007.12.27;TrojanDownloader.Zlob.ge n
ClamAV;0.91.2;2007.12.28;Trojan.Dropper-2557
DrWeb;4.44.0.09170;2007.12.28;-
eSafe;7.0.15.0;2007.12.27;-
eTrust-Vet;31.3.5408;2007.12.28;-
Ewido;4.0;2007.12.27;-
FileAdvisor;1;2007.12.28;-
Fortinet;3.14.0.0;2007.12.28;-
F-Prot;4.4.2.54;2007.12.28;-
F-Secure;6.70.13030.0;2007.12.28;Trojan-Downloader.Win32.Zlob.fns
Ikarus;T3.1.1.15;2007.12.28;-
Kaspersky;7.0.0.125;2007.12.28;Trojan-Downloader.Win32.Zlob.fns
McAfee;5194;2007.12.27;-
Microsoft;1.3109;2007.12.28;Trojan:Win32/Tibs.gen!lds
NOD32v2;2752;2007.12.28;-
Norman;5.80.02;2007.12.27;W32/Zlob.ARDM
Panda;9.0.0.4;2007.12.27;-
Prevx1;V2;2007.12.28;-
Rising;20.24.41.00;2007.12.28;-
Sophos;4.24.0;2007.12.28;Troj/Zlobar-Fam
Sunbelt;2.2.907.0;2007.12.28;-
Symantec;10;2007.12.28;-
TheHacker;6.2.9.172;2007.12.27;Trojan/Downloader.gen
VBA32;3.12.2.5;2007.12.26;MalwareScope.Worm.Nuwar-Glowa.1
VirusBuster;4.3.26:9;2007.12.27;-
Webwasher-Gateway;6.6.2;2007.12.28;Trojan.Dldr.Zlob

Additional information
File size: 148200 bytes
MD5: 4a9828c1ef46b792f45d6358855ead27
SHA1: be7dcaed6ceb853078832d2dc6c80fc696f5bdcd
PEiD: -

rubin
29.12.2007, 14:43
эвона как бывает... temp/winlogon.exe

AhnLab-V3 2007.12.29.11 2007.12.29 -
AntiVir 7.6.0.46 2007.12.28 -
Authentium 4.93.8 2007.12.29 -
Avast 4.7.1098.0 2007.12.28 -
AVG 7.5.0.516 2007.12.28 SHeur.AJLM
BitDefender 7.2 2007.12.29 -
CAT-QuickHeal 9.00 2007.12.29 -
ClamAV 0.91.2 2007.12.29 -
DrWeb 4.44.0.09170 2007.12.29 -
eSafe 7.0.15.0 2007.12.27 -
eTrust-Vet 31.3.5412 2007.12.29 -
Ewido 4.0 2007.12.29 -
FileAdvisor 1 2007.12.29 -
Fortinet 3.14.0.0 2007.12.29 -
F-Prot 4.4.2.54 2007.12.28 -
F-Secure 6.70.13030.0 2007.12.28 -
Ikarus T3.1.1.15 2007.12.29 -
Kaspersky 7.0.0.125 2007.12.29 -
McAfee 5195 2007.12.28 -
Microsoft 1.3109 2007.12.29 -
NOD32v2 2754 2007.12.28 -
Norman 5.80.02 2007.12.28 -
Panda 9.0.0.4 2007.12.28 -
Prevx1 V2 2007.12.29 -
Rising 20.24.52.00 2007.12.29 -
Sophos 4.24.0 2007.12.29 -
Sunbelt 2.2.907.0 2007.12.28 -
Symantec 10 2007.12.29 -
TheHacker 6.2.9.174 2007.12.28 -
VBA32 3.12.2.5 2007.12.29 -
VirusBuster 4.3.26:9 2007.12.28 -
Webwasher-Gateway 6.6.2 2007.12.28 -

Дополнительная информация
File size: 33280 bytes
MD5: 16ccf9650143c6746eb39ba09489d412
SHA1: 4080c60b5b983d93c822fa0cbc04d844a54ad969

Bratez
30.12.2007, 14:12
Complete scanning result of "avz00001.dta", processed in VirusTotal at 12/30/2007 12:02:21 (CET).

[ file data ]
* name: avz00001.dta
* size: 73742
* md5.: 179f70d07c604671de2741a531840e81
* sha1: 5e7827dd0db639fdada394bd1312972c530f541c
* peid..: -

[ scan result ]
AhnLab-V3 2007.12.29.11/20071229 found nothing
AntiVir 7.6.0.46/20071229 found [HEUR/Crypted]
Authentium 4.93.8/20071229 found nothing
Avast 4.7.1098.0/20071229 found nothing
AVG 7.5.0.516/20071229 found [DNSChanger.G]
BitDefender 7.2/20071230 found [Trojan.DNSChanger.RB]
CAT-QuickHeal 9.00/20071229 found [(Suspicious) - DNAScan]
ClamAV 0.91.2/20071230 found nothing
DrWeb 4.44.0.09170/20071230 found nothing
eSafe 7.0.15.0/20071227 found nothing
eTrust-Vet 31.3.5412/20071229 found nothing
Ewido 4.0/20071229 found nothing
F-Prot 4.4.2.54/20071229 found nothing
F-Secure 6.70.13030.0/20071230 found nothing
FileAdvisor 1/20071230 found nothing
Fortinet 3.14.0.0/20071230 found nothing
Ikarus T3.1.1.15/20071230 found [Trojan.DNSChanger.RB]
Kaspersky 7.0.0.125/20071230 found [Heur.Trojan.Generic]
McAfee 5195/20071228 found nothing
Microsoft 1.3109/20071230 found [Trojan:Win32/Alureon.gen!D]
NOD32v2 2755/20071229 found [Win32/TrojanDownloader.Zlob.BMQ]
Norman 5.80.02/20071228 found nothing
Panda 9.0.0.4/20071230 found nothing
Prevx1 V2/20071230 found nothing
Rising 20.24.52.00/20071229 found nothing
Sophos 4.24.0/20071230 found nothing
Sunbelt 2.2.907.0/20071230 found nothing
Symantec 10/20071230 found nothing
TheHacker 6.2.9.175/20071229 found nothing
VBA32 3.12.2.5/20071229 found nothing
VirusBuster 4.3.26:9/20071229 found nothing
Webwasher-Gateway 6.6.2/20071229 found [Heuristic.Crypted]

strawser
30.12.2007, 16:36
File websitetutorial.exe received on 12.30.2007 14:25:33 (CET)

Result: 4/32 (12.5%)

Antivirus Version Last Update Result
AhnLab-V3 2007.12.29.11 2007.12.29 -
AntiVir 7.6.0.46 2007.12.29 -
Authentium 4.93.8 2007.12.29 -
Avast 4.7.1098.0 2007.12.29 -
AVG 7.5.0.516 2007.12.30 -
BitDefender 7.2 2007.12.30 -
CAT-QuickHeal 9.00 2007.12.29 -
ClamAV 0.91.2 2007.12.30 -
DrWeb 4.44.0.09170 2007.12.30 -
eSafe 7.0.15.0 2007.12.27 suspicious Trojan/Worm
eTrust-Vet 31.3.5412 2007.12.29 -
Ewido 4.0 2007.12.30 -
FileAdvisor 1 2007.12.30 -
Fortinet 3.14.0.0 2007.12.30 -
F-Prot 4.4.2.54 2007.12.29 -
F-Secure 6.70.13030.0 2007.12.30 -
Ikarus T3.1.1.15 2007.12.30 Trojan-Downloader.Win32.Banload.eta
Kaspersky 7.0.0.125 2007.12.30 -
McAfee 5195 2007.12.28 -
Microsoft 1.3109 2007.12.30 -
NOD32v2 2755 2007.12.29 -
Norman 5.80.02 2007.12.28 W32/BHO.AMN
Panda 9.0.0.4 2007.12.30 -
Prevx1 V2 2007.12.30 Heuristic: Suspicious File With Outbound Communications
Rising 20.24.52.00 2007.12.29 -
Sophos 4.24.0 2007.12.30 -
Sunbelt 2.2.907.0 2007.12.30 -
Symantec 10 2007.12.30 -
TheHacker 6.2.9.175 2007.12.29 -
VBA32 3.12.2.5 2007.12.29 -
VirusBuster 4.3.26:9 2007.12.29 -
Webwasher-Gateway 6.6.2 2007.12.29 -
Additional information
File size: 338164 bytes
MD5: 236882e4572d87562157798ed807eccf
SHA1: 4ade5312ae36fbc760cf4a73eae60ce099ac1209
PEiD: -
packers: UPX
packers: UPX
packers: UPX

Shu_b
31.12.2007, 13:52
Ну... подведём итоги... месяца. :)

edit: загружены более компактные картинки.

Surfer
31.12.2007, 17:35
Опять шторм, только криптованый.
Самое интересное что 8-ка каспера уже ловит его как желатин =\


Файл happy_2008.exe получен 2007.12.31 15:13:22 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 12/32 (37.5%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.1.1.10 2007.12.31 -
AntiVir 7.6.0.46 2007.12.31 TR/Crypt.XDR.Gen
Authentium 4.93.8 2007.12.30 -
Avast 4.7.1098.0 2007.12.30 Win32:Zhelatin-ASX
AVG 7.5.0.516 2007.12.31 -
BitDefender 7.2 2007.12.31 Trojan.Peed.IRS
CAT-QuickHeal 9.00 2007.12.31 -
ClamAV 0.91.2 2007.12.31 -
DrWeb 4.44.0.09170 2007.12.31 Trojan.Spambot.2559
eSafe 7.0.15.0 2007.12.30 -
eTrust-Vet 31.3.5417 2007.12.31 -
Ewido 4.0 2007.12.31 -
FileAdvisor 1 2007.12.31 -
Fortinet 3.14.0.0 2007.12.31 W32/[email protected]
F-Prot 4.4.2.54 2007.12.31 -
F-Secure 6.70.13030.0 2007.12.31 -
Ikarus T3.1.1.15 2007.12.31 -
Kaspersky 7.0.0.125 2007.12.31 -
McAfee 5195 2007.12.28 W32/[email protected]
Microsoft 1.3109 2007.12.31 Backdoor:WinNT/Nuwar.B!sys
NOD32v2 2758 2007.12.31 probably a variant of Win32/Nuwar
Norman 5.80.02 2007.12.31 -
Panda 9.0.0.4 2007.12.31 Suspicious file
Prevx1 V2 2007.12.31 Stormy:Worm-All Variants
Rising 20.24.52.00 2007.12.29 -
Sophos 4.24.0 2007.12.31 Mal/Dorf-H
Sunbelt 2.2.907.0 2007.12.30 -
Symantec 10 2007.12.31 -
TheHacker 6.2.9.175 2007.12.29 -
VBA32 3.12.2.5 2007.12.29 -
VirusBuster 4.3.26:9 2007.12.31 -
Webwasher-Gateway 6.6.2 2007.12.31 Trojan.Crypt.XDR.Gen
Дополнительная информация
File size: 143873 bytes
MD5: 30196db0c6df236d32307693feb4935e
SHA1: bb34c478ab65a3418f333996568178fcdc7a6011
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=105E7F9201F7EAC4320F020ED 7E37E00B13961EF

mA_sat
01.01.2008, 16:34
Поставил Икарус себе, посмотреть как он работает


Файл Mswtif.dll получен 2007.11.05 22:24:39 (CET)

Текущий статус: закончено
Результат: 3/31 (9.68%)
Форматированные Форматированные
Печать результатов Печать результатов
Антивирус Версия Обновление Результат
AhnLab-V3 - - -
AntiVir - - -
Authentium - - Possibly a new variant of W32/CodeCru-based!Maximus
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - W32/CodeCru-based!Maximus
F-Secure - - -
Ikarus - - Trojan-Spy.Win32.Agent.rb
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Дополнительная информация
MD5: 472f3ca7b2d92bd5b3c351e101fd5451

XL
01.01.2008, 16:56
Свежая сборка Storm:


Файл happy_2008.rar получен 2008.01.01 14:46:59 (CET)

AhnLab-V3 2008.1.1.10 2007.12.31 -
AntiVir 7.6.0.46 2007.12.31 TR/Crypt.XDR.Gen
Authentium 4.93.8 2007.12.31 -
Avast 4.7.1098.0 2007.12.31 Win32:Zhelatin-ASX
AVG 7.5.0.516 2007.12.31 -
BitDefender 7.2 2008.01.01 Trojan.Agent.AGIU
CAT-QuickHeal 9.00 2007.12.31 -
ClamAV 0.91.2 2008.01.01 Trojan.Peed-80
DrWeb 4.44.0.09170 2007.12.31 -
eSafe 7.0.15.0 2007.12.31 -
eTrust-Vet 31.3.5421 2008.01.01 -
Ewido 4.0 2007.12.31 -
FileAdvisor 1 2008.01.01 -
Fortinet 3.14.0.0 2008.01.01 -
F-Prot 4.4.2.54 2007.12.31 -
F-Secure 6.70.13030.0 2008.01.01 Tibs.BFZU
Ikarus T3.1.1.15 2008.01.01 -
Kaspersky 7.0.0.125 2008.01.01 Email-Worm.Win32.Zhelatin.qa
McAfee 5196 2007.12.31 -
Microsoft 1.3109 2008.01.01 Backdoor:Win32/Nuwar.gen!A
NOD32v2 2759 2008.01.01 a variant of Win32/Nuwar
Norman 5.80.02 2007.12.31 -
Panda 9.0.0.4 2008.01.01 Suspicious file
Prevx1 V2 2008.01.01 -
Rising 20.24.52.00 2007.12.29 -
Sophos 4.24.0 2008.01.01 -
Sunbelt 2.2.907.0 2007.12.30 -
Symantec 10 2008.01.01 Trojan.Peacomm.D
TheHacker 6.2.9.176 2008.01.01 -
VBA32 3.12.2.5 2007.12.31 -
VirusBuster 4.3.26:9 2008.01.01 -
Webwasher-Gateway 6.6.2 2007.12.31 Trojan.Crypt.XDR.Gen
Дополнительная информация
File size: 81844 bytes
MD5: 7ae43f75d7127fe35c840daf86ab7a73
SHA1: 665043076eb03db80edfa756a83739074f7b57dc

Каспер только недавно начал детектить...базы пришлось вручную обновить.

Surfer
01.01.2008, 23:06
File ibho1.dll received on 01.01.2008 20:56:10 (CET)
Current status: finished

Result: 6/32 (18.75%)


Antivirus Version Last Update Result
AhnLab-V3 2008.1.1.10 2007.12.31 -
AntiVir 7.6.0.46 2007.12.31 -
Authentium 4.93.8 2007.12.31 -
Avast 4.7.1098.0 2007.12.31 -
AVG 7.5.0.516 2008.01.01 -
BitDefender 7.2 2008.01.01 Adware.Give4free.C
CAT-QuickHeal 9.00 2007.12.31 -
ClamAV 0.91.2 2008.01.01 -
DrWeb 4.44.0.09170 2007.12.31 -
eSafe 7.0.15.0 2008.01.01 -
eTrust-Vet 31.3.5421 2008.01.01 -
Ewido 4.0 2008.01.01 -
FileAdvisor 1 2008.01.01 -
Fortinet 3.14.0.0 2008.01.01 -
F-Prot 4.4.2.54 2008.01.01 -
F-Secure 6.70.13030.0 2008.01.01 -
Ikarus T3.1.1.15 2008.01.01 -
Kaspersky 7.0.0.125 2008.01.01 -
McAfee 5196 2007.12.31 potentially unwanted program Adware-Give4Free
Microsoft 1.3109 2008.01.01 Adware:Win32/Give4Free
NOD32v2 2759 2008.01.01 -
Norman 5.80.02 2007.12.31 -
Panda 9.0.0.4 2008.01.01 Generic Malware
Prevx1 V2 2008.01.01 -
Rising 20.24.52.00 2007.12.29 -
Sophos 4.24.0 2008.01.01 -
Sunbelt 2.2.907.0 2007.12.30 Give4Free
Symantec 10 2008.01.01 -
TheHacker 6.2.9.176 2008.01.01 -
VBA32 3.12.2.5 2007.12.31 -
VirusBuster 4.3.26:9 2008.01.01 -
Webwasher-Gateway 6.6.2 2007.12.31 Trojan.Downloader.Win32.Malware.gen (suspicious)

Additional information
File size: 29696 bytes
MD5: b2e0d43ac994b95839af87587a50d9dd
SHA1: 8d49252eeafba8616c05e93274907e7c28ec9490
PEiD: -
packers: UPX
packers: UPX
packers: UPX

strawser
03.01.2008, 01:39
File Crack_Windows_XP.zip received on 01.02.2008 23:22:33 (CET)
Result: 11/32 (34.38%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.3.10 2008.01.02 -
AntiVir 7.6.0.46 2008.01.02 TR/Dropper.Gen
Authentium 4.93.8 2008.01.02 -
Avast 4.7.1098.0 2008.01.02 Win32:Agent-KXS
AVG 7.5.0.516 2008.01.02 Dropper.Agent.DQC
BitDefender 7.2 2008.01.02 Trojan.PWS.LdPinch.BSG
CAT-QuickHeal 9.00 2008.01.02 -
ClamAV 0.91.2 2008.01.02 -
DrWeb 4.44.0.09170 2008.01.02 Trojan.MulDrop.6269
eSafe 7.0.15.0 2008.01.02 Suspicious File
eTrust-Vet 31.3.5424 2008.01.02 -
Ewido 4.0 2008.01.02 -
FileAdvisor 1 2008.01.02 -
Fortinet 3.14.0.0 2008.01.02 -
F-Prot 4.4.2.54 2008.01.02 -
F-Secure 6.70.13030.0 2008.01.02 Trojan-Dropper.Win32.Agent.bib
Ikarus T3.1.1.15 2008.01.02 Trojan-Dropper.Win32.Agent.bib
Kaspersky 7.0.0.125 2008.01.02 Trojan-Dropper.Win32.Agent.bib
McAfee 5197 2008.01.02 -
Microsoft 1.3109 2008.01.02 -
NOD32v2 2761 2008.01.02 -
Norman 5.80.02 2008.01.02 -
Panda 9.0.0.4 2008.01.02 Suspicious file
Prevx1 V2 2008.01.02 -
Rising 20.25.22.00 2008.01.02 -
Sophos 4.24.0 2008.01.02 -
Sunbelt 2.2.907.0 2008.01.02 -
Symantec 10 2008.01.02 -
TheHacker 6.2.9.176 2008.01.01 -
VBA32 3.12.2.5 2008.01.02 -
VirusBuster 4.3.26:9 2008.01.02 -
Webwasher-Gateway 6.6.2 2008.01.02 Trojan.Dropper.Gen
Additional information
File size: 76817 bytes
MD5: 70d14dd0b905baf481453ff2001ee566
SHA1: 78fce6f9585cf29bcb8e033874e1378c14a1dbed
PEiD: -


File mvat.rar received on 01.02.2008 23:48:44 (CET)
Result: 15/32 (46.88%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.3.10 2008.01.02 -
AntiVir 7.6.0.46 2008.01.02 BDS/Pcclient.GV.183
Authentium 4.93.8 2008.01.02 -
Avast 4.7.1098.0 2008.01.02 -
AVG 7.5.0.516 2008.01.02 -
BitDefender 7.2 2008.01.02 Backdoor.Pcclient.GV
CAT-QuickHeal 9.00 2008.01.02 (Suspicious) - DNAScan
ClamAV 0.91.2 2008.01.02 -
DrWeb 4.44.0.09170 2008.01.02 -
eSafe 7.0.15.0 2008.01.02 suspicious Trojan/Worm
eTrust-Vet 31.3.5424 2008.01.02 -
Ewido 4.0 2008.01.02 -
FileAdvisor 1 2008.01.02 -
Fortinet 3.14.0.0 2008.01.02 PossibleThreat!024944
F-Prot 4.4.2.54 2008.01.02 W32/Heuristic-162!Eldorado
F-Secure 6.70.13030.0 2008.01.02 -
Ikarus T3.1.1.15 2008.01.02 MalwareScope.Backdoor.Hupigon.3
Kaspersky 7.0.0.125 2008.01.02 -
McAfee 5197 2008.01.02 New Malware.aq
Microsoft 1.3109 2008.01.02 -
NOD32v2 2761 2008.01.02 -
Norman 5.80.02 2008.01.02 -
Panda 9.0.0.4 2008.01.02 Generic Malware
Prevx1 V2 2008.01.02 BACKDOOR.PCCLIENT.GV
Rising 20.25.22.00 2008.01.02 -
Sophos 4.24.0 2008.01.02 Mal/Packer
Sunbelt 2.2.907.0 2008.01.02 -
Symantec 10 2008.01.02 Backdoor.Trojan
TheHacker 6.2.9.176 2008.01.01 W32/Behav-Heuristic-063
VBA32 3.12.2.5 2008.01.02 -
VirusBuster 4.3.26:9 2008.01.02 Packed/NSPack
Webwasher-Gateway 6.6.2 2008.01.02 Trojan.Backdoor.Pcclient.GV.183
Additional information
File size: 44114 bytes
MD5: 6ee63970d8f3523c80115cbd55eaba7b
SHA1: 57c81f393055eda6db89da9e97398081701e9382
PEiD: -
packers: NSPack, PE_Patch, UPX
packers: NSPack, UPX
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=7B9C43E74B2A6556CD6200EBB 381510018414621

File mail.ru.games.crack.rar received on 01.03.2008 00:15:36 (CET)
Result: 13/32 (40.63%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.3.10 2008.01.02 -
AntiVir 7.6.0.46 2008.01.02 -
Authentium 4.93.8 2008.01.02 -
Avast 4.7.1098.0 2008.01.02 -
AVG 7.5.0.516 2008.01.02 Generic5.MNE
BitDefender 7.2 2008.01.02 -
CAT-QuickHeal 9.00 2008.01.02 (Suspicious) - DNAScan
ClamAV 0.91.2 2008.01.02 PUA.Packed.UPack-2
DrWeb 4.44.0.09170 2008.01.02 -
eSafe 7.0.15.0 2008.01.02 Suspicious File
eTrust-Vet 31.3.5424 2008.01.02 -
Ewido 4.0 2008.01.02 -
FileAdvisor 1 2008.01.03 -
Fortinet 3.14.0.0 2008.01.02 -
F-Prot 4.4.2.54 2008.01.02 W32/Heuristic-162!Eldorado
F-Secure 6.70.13030.0 2008.01.02 -
Ikarus T3.1.1.15 2008.01.02 Trojan.Keygen.Q
Kaspersky 7.0.0.125 2008.01.02 -
McAfee 5197 2008.01.02 New Malware.aj
Microsoft 1.3109 2008.01.02 -
NOD32v2 2761 2008.01.02 -
Norman 5.80.02 2008.01.02 -
Panda 9.0.0.4 2008.01.02 -
Prevx1 V2 2008.01.03 Generic.Malware
Rising 20.25.22.00 2008.01.02 -
Sophos 4.24.0 2008.01.02 Mal/Packer
Sunbelt 2.2.907.0 2008.01.02 VIPRE.Suspicious
Symantec 10 2008.01.02 -
TheHacker 6.2.9.176 2008.01.01 W32/Behav-Heuristic-060
VBA32 3.12.2.5 2008.01.02 -
VirusBuster 4.3.26:9 2008.01.02 Packed/Upack
Webwasher-Gateway 6.0.1 2008.01.02 Win32.Malware.gen (suspicious)
Additional information
File size: 47431 bytes
MD5: 027e42801a8c06b052b246000d5d8181
SHA1: 84896e282662da0c99f10de258da036d217e1da4
PEiD: -
packers: UPack
packers: PE_Patch, UPack
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=357064D3680D0A85BF470060C 7DFB10012B9D722
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

File Backdoor-Controller.rar received on 01.03.2008 12:31:10 (CET)
Result: 16/32 (50%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.3.10 2008.01.02 -
AntiVir 7.6.0.46 2008.01.03 BDS/Prorat.ae.23
Authentium 4.93.8 2008.01.02 is a dropper for W32/Dropper.DFP
Avast 4.7.1098.0 2008.01.03 Win32:LdPinch-RV
AVG 7.5.0.516 2008.01.02 PSW.Ldpinch.DQX
BitDefender 7.2 2008.01.03 Trojan.Dropper.Agent.BBA
CAT-QuickHeal 9.00 2008.01.02 -
ClamAV 0.91.2 2008.01.03 Trojan.Dropper-118
DrWeb 4.44.0.09170 2008.01.03 Trojan.MulDrop.5406
eSafe 7.0.15.0 2008.01.02 -
eTrust-Vet 31.3.5427 2008.01.03 -
Ewido 4.0 2008.01.02 -
FileAdvisor 1 2008.01.03 -
Fortinet 3.14.0.0 2008.01.03 -
F-Prot 4.4.2.54 2008.01.02 W32/Dropper.DFP
F-Secure 6.70.13030.0 2008.01.03 Trojan-Dropper.Win32.Agent.bba
Ikarus T3.1.1.15 2008.01.03 Trojan-Dropper.Win32.VB.FI
Kaspersky 7.0.0.125 2008.01.03 Trojan-Dropper.Win32.Agent.bba
McAfee 5198 2008.01.03 -
Microsoft 1.3109 2008.01.03 -
NOD32v2 2763 2008.01.03 Win32/TrojanDropper.Small.AQM
Norman 5.80.02 2008.01.03 -
Panda 9.0.0.4 2008.01.03 Suspicious file
Prevx1 V2 2008.01.03 Generic.Malware
Rising 20.25.32.00 2008.01.03 -
Sophos 4.24.0 2008.01.03 -
Sunbelt 2.2.907.0 2008.01.03 -
Symantec 10 2008.01.03 -
TheHacker 6.2.9.178 2008.01.03 -
VBA32 3.12.2.5 2008.01.02 Trojan-PSW.Win32.LdPinch.bka
VirusBuster 4.3.26:9 2008.01.02 -
Webwasher-Gateway 6.6.2 2008.01.03 Trojan.Backdoor.Prorat.ae.23
Additional information
File size: 978065 bytes
MD5: 4bedef351df50464ee90711a1e2d380a
SHA1: 401e41aa223770086ed242053588dd62ab6b952b
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=873FF7B3386CCA335CCA0F2BE 836BD00ADC94FD9

Вначале только эвристики сработали,а потом Каспер подтвердил и довалил в базы этого зверя по имени Dr. Web Антивирус + Антиспам.rar. Только тот антивирус, которому вирус посвящен еще не детектит.

File Dr._Web__________________________ received on 01.03.2008 20:52:13 (CET)
Result: 3/32 (9.38%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.10 2008.01.03 -
AntiVir 7.6.0.46 2008.01.03 -
Authentium 4.93.8 2008.01.02 -
Avast 4.7.1098.0 2008.01.03 -
AVG 7.5.0.516 2008.01.03 -
BitDefender 7.2 2008.01.03 -
CAT-QuickHeal 9.00 2008.01.03 -
ClamAV 0.91.2 2008.01.03 -
DrWeb 4.44.0.09170 2008.01.03 -
eSafe 7.0.15.0 2008.01.03 -
eTrust-Vet 31.3.5427 2008.01.03 -
Ewido 4.0 2008.01.03 -
FileAdvisor 1 2008.01.03 -
Fortinet 3.14.0.0 2008.01.03 -
F-Prot 4.4.2.54 2008.01.02 -
F-Secure 6.70.13030.0 2008.01.03 -
Ikarus T3.1.1.15 2008.01.03 -
Kaspersky 7.0.0.125 2008.01.03 Trojan-Spy.Win32.Delf.avq
McAfee 5199 2008.01.03 -
Microsoft 1.3109 2008.01.03 -
NOD32v2 2764 2008.01.03 -
Norman 5.80.02 2008.01.03 -
Panda 9.0.0.4 2008.01.03 Suspicious file
Prevx1 V2 2008.01.03 Heuristic: Suspicious File With Mass Email Capabilities
Rising 20.25.32.00 2008.01.03 -
Sophos 4.24.0 2008.01.03 -
Sunbelt 2.2.907.0 2008.01.03 -
Symantec 10 2008.01.03 -
TheHacker 6.2.9.178 2008.01.03 -
VBA32 3.12.2.5 2008.01.02 -
VirusBuster 4.3.26:9 2008.01.03 -
Webwasher-Gateway 6.6.2 2008.01.03 -
Additional information
File size: 1900647 bytes
MD5: 0b2b4248ced3112ce75eff9bb0052a13
SHA1: 71c7e7861a1b43cc41d3ad9f3dc564192ec694bc
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=3D1AA9EF00A1257B2A5433533 4EB8000D3CE854D

File _webfile.ru____________.exe.safe received on 01.03.2008 22:18:35 (CET)
Result: 22/32 (68.75%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.10 2008.01.03 -
AntiVir 7.6.0.46 2008.01.03 TR/Spy.Gen
Authentium 4.93.8 2008.01.02 -
Avast 4.7.1098.0 2008.01.03 Win32:LdPinch-BHU
AVG 7.5.0.516 2008.01.03 Dropper.Generic.PPQ
BitDefender 7.2 2008.01.03 Trojan.PWS.LDPinch.TDA
CAT-QuickHeal 9.00 2008.01.03 TrojanDropper.Agent.buo
ClamAV 0.91.2 2008.01.03 -
DrWeb 4.44.0.09170 2008.01.03 Trojan.MulDrop.8720
eSafe 7.0.15.0 2008.01.03 Win32.Agent.buo
eTrust-Vet 31.3.5427 2008.01.03 -
Ewido 4.0 2008.01.03 -
FileAdvisor 1 2008.01.03 -
Fortinet 3.14.0.0 2008.01.03 W32/Basine.BUO!tr
F-Prot 4.4.2.54 2008.01.02 W32/Trojan.CFPJ
F-Secure 6.70.13030.0 2008.01.03 Trojan-Dropper.Win32.Agent.buo
Ikarus T3.1.1.15 2008.01.03 Trojan-Dropper.Win32.Small.bae
Kaspersky 7.0.0.125 2008.01.03 Trojan-Dropper.Win32.Agent.buo
McAfee 5199 2008.01.03 -
Microsoft 1.3109 2008.01.03 -
NOD32v2 2764 2008.01.03 probably a variant of Win32/TrojanDropper.Agent
Norman 5.80.02 2008.01.03 W32/Wow.CAV
Panda 9.0.0.4 2008.01.03 Trj/Downloader.MDW
Prevx1 V2 2008.01.03 Generic.Malware
Rising 20.25.32.00 2008.01.03 Dropper.Win32.Agent.buo
Sophos 4.24.0 2008.01.03 Mal/Basine-C
Sunbelt 2.2.907.0 2008.01.03 -
Symantec 10 2008.01.03 Infostealer.Notos!gen
TheHacker 6.2.9.178 2008.01.03 Trojan/Dropper.Agent.buo
VBA32 3.12.2.5 2008.01.02 Trojan-Dropper.Win32.Agent.buo
VirusBuster 4.3.26:9 2008.01.03 -
Webwasher-Gateway 6.6.2 2008.01.03 Trojan.Spy.Gen
Additional information
File size: 627488 bytes
MD5: 011df53be509662db76f8d75b3948f41
SHA1: 10e42de52df7c7cfcdc6ad5884c2a857e11354b4
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=ECB83E5120300063932809E3B CC83F001FBF7C10

File keygen__kaspersky_6.0_.exe.safe received on 01.03.2008 22:47:05 (CET)
Result: 19/32 (59.38%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.10 2008.01.03 -
AntiVir 7.6.0.46 2008.01.03 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2008.01.02 -
Avast 4.7.1098.0 2008.01.03 Win32:LdPinch-NO
AVG 7.5.0.516 2008.01.03 PSW.Ldpinch.RGB
BitDefender 7.2 2008.01.03 MemScan:Trojan.PWS.LdPinch.BSG
CAT-QuickHeal 9.00 2008.01.03 Win32.Trojan-PSW.LdPinch.bgj3
ClamAV 0.91.2 2008.01.03 -
DrWeb 4.44.0.09170 2008.01.03 Trojan.PWS.LDPinch.1407
eSafe 7.0.15.0 2008.01.03 Suspicious File
eTrust-Vet 31.3.5427 2008.01.03 -
Ewido 4.0 2008.01.03 -
FileAdvisor 1 2008.01.03 -
Fortinet 3.14.0.0 2008.01.03 -
F-Prot 4.4.2.54 2008.01.02 W32/LdPinch.F.gen!Eldorado
F-Secure 6.70.13030.0 2008.01.03 Trojan-PSW.Win32.LdPinch.btw
Ikarus T3.1.1.15 2008.01.03 Trojan-PWS.Win32.LdPinch.bmi
Kaspersky 7.0.0.125 2008.01.03 Trojan-PSW.Win32.LdPinch.btw
McAfee 5199 2008.01.03 -
Microsoft 1.3109 2008.01.03 Trojan:Win32/Anomaly.gen!A
NOD32v2 2764 2008.01.03 a variant of Win32/PSW.LdPinch.NCB
Norman 5.80.02 2008.01.03 -
Panda 9.0.0.4 2008.01.03 -
Prevx1 V2 2008.01.03 -
Rising 20.25.32.00 2008.01.03 Trojan.PSW.Win32.LdPinch.btw
Sophos 4.24.0 2008.01.03 Troj/LdPinch-PZ
Sunbelt 2.2.907.0 2008.01.03 Trojan-PWS.LdPinch.BSG
Symantec 10 2008.01.03 Infostealer
TheHacker 6.2.9.178 2008.01.03 -
VBA32 3.12.2.5 2008.01.02 MalwareScope.Trojan-PSW.Pinch.1
VirusBuster 4.3.26:9 2008.01.03 -
Webwasher-Gateway 6.6.2 2008.01.03 Trojan.Crypt.XPACK.Gen
Additional information
File size: 32829 bytes
MD5: b4bd55ddbdda7f7fc6d7985a19421700
SHA1: c9cdcd832a776813e1b45cd890ff7a8883d3955f
PEiD: -
packers: RCryptor, PECompact
packers: PecBundle, PECompact

File AVP_Keygen_5.0.exe received on 01.04.2008 11:46:22 (CET)
Result: 16/32 (50%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.11 2008.01.04 -
AntiVir 7.6.0.46 2008.01.03 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2008.01.04 -
Avast 4.7.1098.0 2008.01.03 Win32:Small-YL
AVG 7.5.0.516 2008.01.03 Packed.AverCrypt
BitDefender 7.2 2008.01.04 -
CAT-QuickHeal 9.00 2008.01.03 (Suspicious) - DNAScan
ClamAV 0.91.2 2008.01.04 -
DrWeb 4.44.0.09170 2008.01.03 Trojan.KeyLogger.195
eSafe 7.0.15.0 2008.01.03 1760502504
eTrust-Vet 31.3.5430 2008.01.04 -
Ewido 4.0 2008.01.03 Logger.Small.cw
FileAdvisor 1 2008.01.04 -
Fortinet 3.14.0.0 2008.01.04 -
F-Prot 4.4.2.54 2008.01.04 -
F-Secure 6.70.13030.0 2008.01.04 Trojan-Spy.Win32.Small.cw
Ikarus T3.1.1.15 2008.01.04 -
Kaspersky 7.0.0.125 2008.01.04 Trojan-Spy.Win32.Small.cw
McAfee 5199 2008.01.03 -
Microsoft 1.3109 2008.01.04 -
NOD32v2 2764 2008.01.03 probably unknown NewHeur_PE virus
Norman 5.80.02 2008.01.03 -
Panda 9.0.0.4 2008.01.03 Suspicious file
Prevx1 V2 2008.01.04 -
Rising 20.25.41.00 2008.01.04 -
Sophos 4.24.0 2008.01.04 Mal/Basine-C
Sunbelt 2.2.907.0 2008.01.04 VIPRE.Suspicious
Symantec 10 2008.01.04 Infostealer
TheHacker 6.2.9.180 2008.01.04 -
VBA32 3.12.2.5 2008.01.02 suspected of Embedded.Trojan.Win32.Spy.Small.CW
VirusBuster 4.3.26:9 2008.01.03 -
Webwasher-Gateway 6.6.2 2008.01.04 Trojan.Crypt.XPACK.Gen
Additional information
File size: 17920 bytes
MD5: d6420ad88e50a5f20fbbd87c0929fba0
SHA1: b3ca55bc190383e040656a78fe7e8082dc40b6ea
PEiD: AverCryptor 1.02 beta -> os1r1s
packers: PE-Crypt.PNH
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

File AMS_Enterprise_2.79.exe received on 01.04.2008 11:46:48 (CET)
Result: 16/32 (50%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.11 2008.01.04 -
AntiVir 7.6.0.46 2008.01.03 TR/Spy.Gen
Authentium 4.93.8 2008.01.04 -
Avast 4.7.1098.0 2008.01.03 -
AVG 7.5.0.516 2008.01.03 PSW.Ldpinch.RLT
BitDefender 7.2 2008.01.04 Trojan.PWS.LdPinch.TGA
CAT-QuickHeal 9.00 2008.01.03 TrojanPSW.LdPinch.cds
ClamAV 0.91.2 2008.01.04 -
DrWeb 4.44.0.09170 2008.01.03 Trojan.PWS.LDPinch.1941
eSafe 7.0.15.0 2008.01.03 Win32.LdPinch.cds
eTrust-Vet 31.3.5430 2008.01.04 -
Ewido 4.0 2008.01.03 -
FileAdvisor 1 2008.01.04 High threat detected
Fortinet 3.14.0.0 2008.01.04 -
F-Prot 4.4.2.54 2008.01.04 -
F-Secure 6.70.13030.0 2008.01.04 Trojan-PSW.Win32.LdPinch.cds
Ikarus T3.1.1.15 2008.01.04 MalwareScope.Trojan-PWS.Pinch.1
Kaspersky 7.0.0.125 2008.01.04 Trojan-PSW.Win32.LdPinch.cds
McAfee 5199 2008.01.03 -
Microsoft 1.3109 2008.01.04 -
NOD32v2 2764 2008.01.03 -
Norman 5.80.02 2008.01.03 -
Panda 9.0.0.4 2008.01.03 -
Prevx1 V2 2008.01.04 -
Rising 20.25.41.00 2008.01.04 Trojan.PSW.Win32.LdPinch.cds
Sophos 4.24.0 2008.01.04 Mal/Basine-C
Sunbelt 2.2.907.0 2008.01.04 Trojan-Spy.Gen
Symantec 10 2008.01.04 -
TheHacker 6.2.9.180 2008.01.04 Trojan/PSW.LdPinch.cds
VBA32 3.12.2.5 2008.01.02 Trojan-PSW.Win32.LdPinch.cds
VirusBuster 4.3.26:9 2008.01.03 -
Webwasher-Gateway 6.6.2 2008.01.04 Trojan.Spy.Gen
Additional information
File size: 42496 bytes
MD5: 2cb93a4a640c366add1d1177f0bec443
SHA1: cbf6b16d41f65b1ea0ebf74432a023abf15e528d
PEiD: -
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=2cb93a4a640c366add1d1177f0bec443
packers: PE_Patch.FreeCryptor, FreeCryptor

File pinch3_Builder.rar received on 01.04.2008 12:21:55 (CET)
Result: 22/32 (68.75%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.11 2008.01.04 -
AntiVir 7.6.0.46 2008.01.04 TR/Crypt.XDR.Gen
Authentium 4.93.8 2008.01.04 W32/Trojan.ACMO
Avast 4.7.1098.0 2008.01.03 Win32:LdPinch-OR
AVG 7.5.0.516 2008.01.03 Dropper.Agent.EFM
BitDefender 7.2 2008.01.04 Trojan.PWS.LdPinch.TAI
CAT-QuickHeal 9.00 2008.01.03 (Suspicious) - DNAScan
ClamAV 0.91.2 2008.01.04 Trojan.Spy-295
DrWeb 4.44.0.09170 2008.01.03 Trojan.MulDrop.7648
eSafe 7.0.15.0 2008.01.03 Suspicious File
eTrust-Vet 31.3.5430 2008.01.04 -
Ewido 4.0 2008.01.03 -
FileAdvisor 1 2008.01.04 -
Fortinet 3.14.0.0 2008.01.04 -
F-Prot 4.4.2.54 2008.01.04 W32/Trojan2.CKZ
F-Secure 6.70.13030.0 2008.01.04 Trojan-Dropper.Win32.PeStaple.13
Ikarus T3.1.1.15 2008.01.04 Trojan-Dropper.Win32.Agent.bgn
Kaspersky 7.0.0.125 2008.01.04 Trojan-Dropper.Win32.PeStaple.13
McAfee 5199 2008.01.03 -
Microsoft 1.3109 2008.01.04 -
NOD32v2 2765 2008.01.04 Win32/TrojanDropper.FriJoiner.NAA
Norman 5.80.02 2008.01.03 -
Panda 9.0.0.4 2008.01.03 Suspicious file
Prevx1 V2 2008.01.04 Heuristic: Suspicious Self Modifying EXE
Rising 20.25.42.00 2008.01.04 Dropper.Win32.Agent.bgn
Sophos 4.24.0 2008.01.04 Mal/Basine-C
Sunbelt 2.2.907.0 2008.01.04 VIPRE.Suspicious
Symantec 10 2008.01.04 -
TheHacker 6.2.9.180 2008.01.04 -
VBA32 3.12.2.5 2008.01.02 Trojan-Dropper.Win32.Agent.bgn
VirusBuster 4.3.26:9 2008.01.03 Trojan.DR.Webmoner.Gen.2
Webwasher-Gateway 6.6.2 2008.01.04 Trojan.Crypt.XDR.Gen
Additional information
File size: 422425 bytes
MD5: e33df8b9e185b82fe16a25e33c799d25
SHA1: d107330b71da84f1a1ac4397fe4829941ccafb94
PEiD: -
packers: PecBundle, PECompact
packers: PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=95CA3E6B2BB00A11EA0A01512 1B164009BA2505A
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

strawser
04.01.2008, 19:01
File paroliki.exe.safe received on 01.04.2008 16:52:17 (CET)
Result: 15/32 (46.88%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.11 2008.01.04 -
AntiVir 7.6.0.46 2008.01.04 TR/PSW.LdPinch.eix
Authentium 4.93.8 2008.01.04 -
Avast 4.7.1098.0 2008.01.03 Win32:LdPinch-BJV
AVG 7.5.0.516 2008.01.04 PSW.Ldpinch.RZB
BitDefender 7.2 2008.01.04 -
CAT-QuickHeal 9.00 2008.01.04 TrojanPSW.LdPinch.eix
ClamAV 0.91.2 2008.01.04 -
DrWeb 4.44.0.09170 2008.01.04 -
eSafe 7.0.15.0 2008.01.03 -
eTrust-Vet 31.3.5430 2008.01.04 -
Ewido 4.0 2008.01.04 -
FileAdvisor 1 2008.01.04 High threat detected
Fortinet 3.14.0.0 2008.01.04 -
F-Prot 4.4.2.54 2008.01.04 W32/LdPinch.H.gen!Eldorado
F-Secure 6.70.13030.0 2008.01.04 Trojan-PSW.Win32.LdPinch.eix
Ikarus T3.1.1.15 2008.01.04 Virus.Win32.LdPinch.BJV
Kaspersky 7.0.0.125 2008.01.04 Trojan-PSW.Win32.LdPinch.eix
McAfee 5199 2008.01.03 -
Microsoft 1.3109 2008.01.04 -
NOD32v2 2765 2008.01.04 -
Norman 5.80.02 2008.01.04 -
Panda 9.0.0.4 2008.01.03 Suspicious file
Prevx1 V2 2008.01.04 -
Rising 20.25.42.00 2008.01.04 -
Sophos 4.24.0 2008.01.04 -
Sunbelt 2.2.907.0 2008.01.04 VIPRE.Suspicious
Symantec 10 2008.01.04 Infostealer
TheHacker 6.2.9.180 2008.01.04 Trojan/PSW.LdPinch.eix
VBA32 3.12.2.5 2008.01.02 MalwareScope.Trojan-PSW.Pinch.1
VirusBuster 4.3.26:9 2008.01.04 -
Webwasher-Gateway 6.6.2 2008.01.04 Trojan.PSW.LdPinch.eix
Additional information
File size: 31232 bytes
MD5: 70a709161375ec2f634b5371d966b663
SHA1: 716dc079cbf424ef8ee41b6d5f301e9d519eb9af
PEiD: -
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=70a709161375ec2f634b5371d966b663
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

File __________________.rar received on 01.04.2008 17:09:46 (CET)
Result: 3/32 (9.38%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.11 2008.01.04 -
AntiVir 7.6.0.46 2008.01.04 -
Authentium 4.93.8 2008.01.04 -
Avast 4.7.1098.0 2008.01.03 -
AVG 7.5.0.516 2008.01.04 -
BitDefender 7.2 2008.01.04 -
CAT-QuickHeal 9.00 2008.01.04 -
ClamAV 0.91.2 2008.01.04 -
DrWeb 4.44.0.09170 2008.01.04 SCRIPT.Virus
eSafe 7.0.15.0 2008.01.03 -
eTrust-Vet 31.3.5430 2008.01.04 -
Ewido 4.0 2008.01.04 -
FileAdvisor 1 2008.01.04 -
Fortinet 3.14.0.0 2008.01.04 -
F-Prot 4.4.2.54 2008.01.04 -
F-Secure 6.70.13030.0 2008.01.04 -
Ikarus T3.1.1.15 2008.01.04 -
Kaspersky 7.0.0.125 2008.01.04 Trojan.VBS.KillFiles.u
McAfee 5199 2008.01.03 -
Microsoft 1.3109 2008.01.04 -
NOD32v2 2765 2008.01.04 -
Norman 5.80.02 2008.01.04 -
Panda 9.0.0.4 2008.01.03 Suspicious file
Prevx1 V2 2008.01.04 -
Rising 20.25.42.00 2008.01.04 -
Sophos 4.24.0 2008.01.04 -
Sunbelt 2.2.907.0 2008.01.04 -
Symantec 10 2008.01.04 -
TheHacker 6.2.9.180 2008.01.04 -
VBA32 3.12.2.5 2008.01.02 -
VirusBuster 4.3.26:9 2008.01.04 -
Webwasher-Gateway 6.6.2 2008.01.04 -
Additional information
File size: 1929 bytes
MD5: 8809ee20f31497ebec7796e40a314586
SHA1: 61e0b881ce3284a4ad154e47770f31e4f32e35ae
PEiD: -

File NewYear2008.scr.safe received on 01.04.2008 17:32:44 (CET)
Result: 18/32 (56.25%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.11 2008.01.04 Win-Trojan/LdPinch.34287
AntiVir 7.6.0.46 2008.01.04 TR/Crypt.NSPM.Gen
Authentium 4.93.8 2008.01.04 -
Avast 4.7.1098.0 2008.01.03 -
AVG 7.5.0.516 2008.01.04 PSW.Ldpinch.QZF
BitDefender 7.2 2008.01.04 Trojan.PWS.Ldpinch.TEJ
CAT-QuickHeal 9.00 2008.01.04 (Suspicious) - DNAScan
ClamAV 0.91.2 2008.01.04 -
DrWeb 4.44.0.09170 2008.01.04 Trojan.PWS.LDPinch.1407
eSafe 7.0.15.0 2008.01.03 Suspicious File
eTrust-Vet 31.3.5430 2008.01.04 -
Ewido 4.0 2008.01.04 -
FileAdvisor 1 2008.01.04 -
Fortinet 3.14.0.0 2008.01.04 -
F-Prot 4.4.2.54 2008.01.04 -
F-Secure 6.70.13030.0 2008.01.04 Trojan-PSW.Win32.LdPinch.ecw
Ikarus T3.1.1.15 2008.01.04 Trojan-PWS.Win32.LdPinch.ecw
Kaspersky 7.0.0.125 2008.01.04 Trojan-PSW.Win32.LdPinch.ecw
McAfee 5200 2008.01.04 -
Microsoft 1.3109 2008.01.04 -
NOD32v2 2765 2008.01.04 Win32/PSW.LdPinch.NCB
Norman 5.80.02 2008.01.04 W32/LdPinch.RUP
Panda 9.0.0.4 2008.01.03 -
Prevx1 V2 2008.01.04 -
Rising 20.25.42.00 2008.01.04 Trojan.DL.Win32.Small.etp
Sophos 4.24.0 2008.01.04 Mal/Basine-C
Sunbelt 2.2.907.0 2008.01.04 VIPRE.Suspicious
Symantec 10 2008.01.04 Infostealer
TheHacker 6.2.9.180 2008.01.04 -
VBA32 3.12.2.5 2008.01.02 -
VirusBuster 4.3.26:9 2008.01.04 Trojan.PWS.LdPinch.CGD
Webwasher-Gateway 6.6.2 2008.01.04 Trojan.Crypt.NSPM.Gen
Additional information
File size: 34287 bytes
MD5: add4b1566e862412eb08921b6975e5c7
SHA1: 590895137004cc116c2bb340e01c9a701990295b
PEiD: -
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

File l2phx.rar received on 01.04.2008 18:06:56 (CET)
Result: 12/32 (37.5%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.11 2008.01.04 -
AntiVir 7.6.0.46 2008.01.04 TR/Crypt.XDR.Gen
Authentium 4.93.8 2008.01.04 -
Avast 4.7.1098.0 2008.01.03 Win32:Cardspy-B
AVG 7.5.0.516 2008.01.04 -
BitDefender 7.2 2008.01.04 DeepScan:Generic.FWB.324295B9
CAT-QuickHeal 9.00 2008.01.04 -
ClamAV 0.91.2 2008.01.04 -
DrWeb 4.44.0.09170 2008.01.04 -
eSafe 7.0.15.0 2008.01.03 -
eTrust-Vet 31.3.5430 2008.01.04 -
Ewido 4.0 2008.01.04 -
FileAdvisor 1 2008.01.04 -
Fortinet 3.14.0.0 2008.01.04 -
F-Prot 4.4.2.54 2008.01.04 -
F-Secure 6.70.13030.0 2008.01.04 -
Ikarus T3.1.1.15 2008.01.04 Trojan.Win32.Delf.nf
Kaspersky 7.0.0.125 2008.01.04 Trojan-PSW.Win32.LdPinch.cds
McAfee 5200 2008.01.04 -
Microsoft 1.3109 2008.01.04 -
NOD32v2 2765 2008.01.04 -
Norman 5.80.02 2008.01.04 -
Panda 9.0.0.4 2008.01.03 Suspicious file
Prevx1 V2 2008.01.04 Heuristic: Suspicious Self Modifying File
Rising 20.25.42.00 2008.01.04 -
Sophos 4.24.0 2008.01.04 Mal/Behav-053
Sunbelt 2.2.907.0 2008.01.04 Backdoor.Delf.BF
Symantec 10 2008.01.04 -
TheHacker 6.2.9.180 2008.01.04 -
VBA32 3.12.2.5 2008.01.02 MalwareScope.Trojan-PSW.Pinch.1
VirusBuster 4.3.26:9 2008.01.04 Trojan.DR.Webmoner.Gen.2
Webwasher-Gateway 6.6.2 2008.01.04 Win32.NewMalware.CC!9728!4
Additional information
File size: 588302 bytes
MD5: fc2912bfe501e1303698cfcd7071ef9a
SHA1: 1a3f0b835a179e8ee52b9392925154c95dd72834
PEiD: -
packers: NCode
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=DFB27F2A00C4B8A626E100D40 4988F00C89E16CF

ALEX(XX)
05.01.2008, 18:22
File Check.exe received on 01.05.2008 16:13:02 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.1.5.11 2008.01.05 -
AntiVir 7.6.0.46 2008.01.04 TR/PSW.Wow.LQ
Authentium 4.93.8 2008.01.04 -
Avast 4.7.1098.0 2008.01.04 -
AVG 7.5.0.516 2008.01.05 -
BitDefender 7.2 2008.01.05 -
CAT-QuickHeal 9.00 2008.01.05 -
ClamAV 0.91.2 2008.01.05 -
DrWeb 4.44.0.09170 2008.01.05 -
eSafe 7.0.15.0 2008.01.03 Win32.WOW.lq
eTrust-Vet 31.3.5432 2008.01.04 -
Ewido 4.0 2008.01.05 -
FileAdvisor 1 2008.01.05 High threat detected
Fortinet 3.14.0.0 2008.01.05 W32/WOW.LQ!tr.pws
F-Prot 4.4.2.54 2008.01.04 -
F-Secure 6.70.13030.0 2008.01.04 W32/Wow.BHU
Ikarus T3.1.1.15 2008.01.05 Trojan-PWS.Win32.WOW.lq
Kaspersky 7.0.0.125 2008.01.05 -
McAfee 5200 2008.01.04 -
Microsoft 1.3109 2008.01.05 -
NOD32v2 2766 2008.01.04 -
Norman 5.80.02 2008.01.04 W32/Wow.BHU
Panda 9.0.0.4 2008.01.05 Trj/WoW.HV
Prevx1 V2 2008.01.05 Generic.Malware
Rising 20.25.52.00 2008.01.05 -
Sophos 4.24.0 2008.01.05 Mal/Generic-A
Sunbelt 2.2.907.0 2008.01.05 VIPRE.Suspicious
Symantec 10 2008.01.05 Trojan Horse
TheHacker 6.2.9.180 2008.01.04 Trojan/PSW.WOW.lq
VBA32 3.12.2.5 2008.01.02 Trojan-PSW.Win32.WOW.lq
VirusBuster 4.3.26:9 2008.01.05 -
Webwasher-Gateway 6.6.2 2008.01.04 Trojan.PSW.Wow.LQ

Additional information
File size: 245760 bytes
MD5: 70abf6a1b03de09b581ed39c5196c6fa
SHA1: 027891795ce1316faf4754066691c14002392bad
PEiD: -
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=70abf6a1b03de09b581ed39c5196c6fa
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=AC0B4401009E1677C0B303CFD CD867002B0784EF
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

rubin
06.01.2008, 14:04
mssrv32.exe получен 2008.01.06 11:56:33 (CET)

AhnLab-V3 2008.1.5.11 2008.01.05 -
AntiVir 7.6.0.46 2008.01.04 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2008.01.05 -
Avast 4.7.1098.0 2008.01.05 -
AVG 7.5.0.516 2008.01.05 Crypt.H
BitDefender 7.2 2008.01.06 -
CAT-QuickHeal 9.00 2008.01.05 -
ClamAV 0.91.2 2008.01.06 -
DrWeb 4.44.0.09170 2008.01.06 Trojan.DownLoader.35134
eSafe 7.0.15.0 2008.01.03 suspicious Trojan/Worm
eTrust-Vet 31.3.5432 2008.01.04 -
Ewido 4.0 2008.01.05 -
FileAdvisor 1 2008.01.06 -
Fortinet 3.14.0.0 2008.01.06 -
F-Prot 4.4.2.54 2008.01.05 -
F-Secure 6.70.13030.0 2008.01.05 -
Ikarus T3.1.1.15 2008.01.06 -
Kaspersky 7.0.0.125 2008.01.06 -
McAfee 5200 2008.01.04 -
Microsoft 1.3109 2008.01.06 -
NOD32v2 2767 2008.01.06 -
Norman 5.80.02 2008.01.04 -
Panda 9.0.0.4 2008.01.05 -
Prevx1 V2 2008.01.06 Heuristic: Suspicious Self Modifying EXE
Rising 20.25.62.00 2008.01.06 -
Sophos 4.24.0 2008.01.06 -
Sunbelt 2.2.907.0 2008.01.05 -
Symantec 10 2008.01.06 -
TheHacker 6.2.9.181 2008.01.05 -
VBA32 3.12.2.5 2008.01.02 -
VirusBuster 4.3.26:9 2008.01.05 -
Webwasher-Gateway 6.6.2 2008.01.04 Trojan.Crypt.XPACK.Gen
File size: 14336 bytes
MD5: 96357a35c71162303038c815cb9e02a6
SHA1: fcb927ef0aef3b6e3aa8521c5a16f1ce5b2ba5c9
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=151E04B300F5036D387C00F87 D78FB00D2F59177

Добавлено через 1 минуту

ftpgrb[1].exe получен 2008.01.06 11:56:29 (CET)

AhnLab-V3 2008.1.5.11 2008.01.05 -
AntiVir 7.6.0.46 2008.01.04 -
Authentium 4.93.8 2008.01.05 -
Avast 4.7.1098.0 2008.01.05 -
AVG 7.5.0.516 2008.01.05 -
BitDefender 7.2 2008.01.06 -
CAT-QuickHeal 9.00 2008.01.05 -
ClamAV 0.91.2 2008.01.06 -
DrWeb 4.44.0.09170 2008.01.06 -
eSafe 7.0.15.0 2008.01.03 -
eTrust-Vet 31.3.5432 2008.01.04 -
Ewido 4.0 2008.01.05 -
FileAdvisor 1 2008.01.06 -
Fortinet 3.14.0.0 2008.01.06 -
F-Prot 4.4.2.54 2008.01.05 -
F-Secure 6.70.13030.0 2008.01.05 -
Ikarus T3.1.1.15 2008.01.06 Trojan-Spy.Finanz.J
Kaspersky 7.0.0.125 2008.01.06 Trojan-PSW.Win32.Agent.vh
McAfee 5200 2008.01.04 -
Microsoft 1.3109 2008.01.06 -
NOD32v2 2767 2008.01.06 -
Norman 5.80.02 2008.01.04 -
Panda 9.0.0.4 2008.01.05 -
Prevx1 V2 2008.01.06 Heuristic: Suspicious Self Modifying File
Rising 20.25.62.00 2008.01.06 -
Sophos 4.24.0 2008.01.06 Mal/Behav-112
Sunbelt 2.2.907.0 2008.01.05 Trojan.Nethell.B
Symantec 10 2008.01.06 -
TheHacker 6.2.9.181 2008.01.05 -
VBA32 3.12.2.5 2008.01.02 -
VirusBuster 4.3.26:9 2008.01.05 -
Webwasher-Gateway 6.6.2 2008.01.04 -
File size: 16896 bytes
MD5: 5f587ef06b011a352f51c0fe67704d4b
SHA1: 8d5b1adaa59d352f2af549935936a0316f430361
PEiD: Armadillo v1.71
packers: UPX
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=3274D91B00128361427500E52 C0581002333697E

XL
06.01.2008, 20:56
вот такой малварный драйверочек поймал:


Файл beep.sys получен 2008.01.06 18:46:14 (CET)

AhnLab-V3 2008.1.5.11 2008.01.05 -
AntiVir 7.6.0.46 2008.01.06 -
Authentium 4.93.8 2008.01.06 -
Avast 4.7.1098.0 2008.01.06 -
AVG 7.5.0.516 2008.01.06 -
BitDefender 7.2 2008.01.06 Generic.Zlob.96765D0B
CAT-QuickHeal 9.00 2008.01.05 (Suspicious) - DNAScan
ClamAV 0.91.2 2008.01.06 -
DrWeb 4.44.0.09170 2008.01.06 -
eSafe 7.0.15.0 2008.01.06 -
eTrust-Vet 31.3.5432 2008.01.04 -
Ewido 4.0 2008.01.06 -
FileAdvisor 1 2008.01.06 -
Fortinet 3.14.0.0 2008.01.06 -
F-Prot 4.4.2.54 2008.01.05 -
F-Secure 6.70.13030.0 2008.01.05 Rootkit.Win32.Agent.sv
Ikarus T3.1.1.15 2008.01.06 Generic.Zlob
Kaspersky 7.0.0.125 2008.01.06 Rootkit.Win32.Agent.sv
McAfee 5200 2008.01.04 -
Microsoft 1.3109 2008.01.06 -
NOD32v2 2767 2008.01.06 -
Norman 5.80.02 2008.01.04 -
Panda 9.0.0.4 2008.01.06 -
Prevx1 V2 2008.01.06 Heuristic: Suspicious File With Anti-Security Technology
Rising 20.25.62.00 2008.01.06 -
Sophos 4.24.0 2008.01.06 -
Sunbelt 2.2.907.0 2008.01.05 -
Symantec 10 2008.01.06 Trojan.Virantix.B
TheHacker 6.2.9.181 2008.01.05 -
VBA32 3.12.2.5 2008.01.06 -
VirusBuster 4.3.26:9 2008.01.06 -
Webwasher-Gateway 6.6.2 2008.01.06 Win32.Malware.gen!80 (suspicious)
Дополнительная информация
File size: 61440 bytes
MD5: cd7336cd26222ff6d1c7872da7a43173
SHA1: 92eb6067027f64f866224e12509508fc97cc6aee

описание зверька от symantec:
http://www.symantec.com/security_response/writeup.jsp?docid=2007-122607-2738-99&tabid=2

в списке завершаемых процессов улыбнуло:
avz.exe
cureit.exe

Surfer
07.01.2008, 22:15
delphi - for noobs =)

Antivirus Version Last Update Result
AhnLab-V3 2008.1.8.10 2008.01.07 -
AntiVir 7.6.0.46 2008.01.07 TR/Delphi.Downloader.Gen
Authentium 4.93.8 2008.01.06 Possibly a new variant of W32/NewMalware-LSU-based!Maximus
Avast 4.7.1098.0 2008.01.07 -
AVG 7.5.0.516 2008.01.07 Downloader.Generic6.ACOR
BitDefender 7.2 2008.01.07 -
CAT-QuickHeal 9.00 2008.01.07 -
ClamAV 0.91.2 2008.01.07 -
DrWeb 4.44.0.09170 2008.01.07 DLOADER.Trojan
eSafe 7.0.15.0 2008.01.06 -
eTrust-Vet 31.3.5438 2008.01.07 -
Ewido 4.0 2008.01.07 -
FileAdvisor 1 2008.01.07 -
Fortinet 3.14.0.0 2008.01.07 -
F-Prot 4.4.2.54 2008.01.06 W32/NewMalware-LSU-based!Maximus
F-Secure 6.70.13030.0 2008.01.07 W32/Downloader
Ikarus T3.1.1.15 2008.01.07 Trojan-Downloader.Win32.Delf.NC
Kaspersky 7.0.0.125 2008.01.07 Heur.Downloader
McAfee 5201 2008.01.07 -
Microsoft 1.3109 2008.01.07 TrojanDownloader:Win32/Small.gen!X
NOD32v2 2771 2008.01.07 a variant of Win32/TrojanDownloader.Dadobra.FX
Norman 5.80.02 2008.01.07 W32/Downloader
Panda 9.0.0.4 2008.01.07 Suspicious file
Prevx1 V2 2008.01.07 -
Rising 20.26.02.00 2008.01.07 -
Sophos 4.24.0 2008.01.07 Mal/Heuri-E
Sunbelt 2.2.907.0 2008.01.05 -
Symantec 10 2008.01.07 -
TheHacker 6.2.9.183 2008.01.07 -
VBA32 3.12.2.5 2008.01.07 suspected of Win32.Trojan.Downloader (http://...)
VirusBuster 4.3.26:9 2008.01.07 -
Webwasher-Gateway 6.6.2 2008.01.07 Trojan.Delphi.Downloader.Gen
Additional information
File size: 16896 bytes
MD5: 10a20ab9b8e55fb3e5f3affdb94027ad
SHA1: 4296f6f9ae3ff4b804ee4e35484ae2d7700af0a7
PEiD: -

http://www.virustotal.com/analisis/4172f5fc9c1bd9282b9807533a0b08f5

rubin
07.01.2008, 22:54
Файл 123456.exe получен 2008.01.07 20:28:42 (CET)

AhnLab-V3 - - Win-Trojan/Agent.100891
AntiVir - - TR/Dldr.Agent.hbi
Authentium - - -
Avast - - -
AVG - - Downloader.Agent.ZNH
BitDefender - - -
CAT-QuickHeal - - TrojanDownloader.Agent.hbi
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - W32/Fake.B!tr.dldr
F-Prot - - -
F-Secure - - Trojan-Downloader.Win32.Agent.hbi
Ikarus - - Trojan-Downloader.Win32.Delf.cwv
Kaspersky - - Trojan-Downloader.Win32.Agent.hbi
McAfee - - Downloader.gen.a
Microsoft - - Trojan:Win32/Delflob.I
NOD32v2 - - -
Norman - - W32/Agent.DSTN
Panda - - Suspicious file
Prevx1 - - -
Rising - - -
Sophos - - Mal/DelpDldr-E
Sunbelt - - -
Symantec - - -
TheHacker - - Trojan/Downloader.Agent.hbi
VBA32 - - suspected of Win32.Trojan.Downloader
VirusBuster - - -
Webwasher-Gateway - - Trojan.Dldr.Agent.hbi

Surfer
07.01.2008, 22:54
А вот то, что он давлоадит (моя мессага на предыдущей странице)

Antivirus Version Last Update Result
AhnLab-V3 2008.1.8.10 2008.01.07 -
AntiVir 7.6.0.46 2008.01.07 TR/Spy.Banker.Gen
Authentium 4.93.8 2008.01.06 -
Avast 4.7.1098.0 2008.01.07 -
AVG 7.5.0.516 2008.01.07 PSW.Banker4.NOA
BitDefender 7.2 2008.01.07 -
CAT-QuickHeal 9.00 2008.01.07 -
ClamAV 0.91.2 2008.01.07 PUA.Packed.Themida
DrWeb 4.44.0.09170 2008.01.07 -
eSafe 7.0.15.0 2008.01.06 -
eTrust-Vet 31.3.5438 2008.01.07 -
Ewido 4.0 2008.01.07 -
FileAdvisor 1 2008.01.07 -
Fortinet 3.14.0.0 2008.01.07 -
F-Prot 4.4.2.54 2008.01.06 W32/Heuristic-162!Eldorado
F-Secure 6.70.13030.0 2008.01.07 -
Ikarus T3.1.1.15 2008.01.07 BehavesLikeWin32.ExplorerHijack
Kaspersky 7.0.0.125 2008.01.07 -
McAfee 5201 2008.01.07 PWS-Banker.gen.aa
Microsoft 1.3109 2008.01.07 -
NOD32v2 2772 2008.01.07 -
Norman 5.80.02 2008.01.07 -
Panda 9.0.0.4 2008.01.07 -
Prevx1 V2 2008.01.07 -
Rising 20.26.02.00 2008.01.07 Trojan.Spy.Win32.Banbra.fax
Sophos 4.24.0 2008.01.07 -
Sunbelt 2.2.907.0 2008.01.05 VIPRE.Suspicious
Symantec 10 2008.01.07 -
TheHacker 6.2.9.183 2008.01.07 W32/Behav-Heuristic-064
VBA32 3.12.2.5 2008.01.07 -
VirusBuster 4.3.26:9 2008.01.07 -
Webwasher-Gateway 6.6.2 2008.01.07 Trojan.Spy.Banker.Gen
Additional information
File size: 4295680 bytes
MD5: 22c206d7f1c4e50bbaa9baae0cbc3c3c
SHA1: 7d6cc46532445d3b19247d60607850b461dcb5b9
PEiD: Themida/WinLicense V1.8.0.2 + -> Oreans Technologies
packers: Themida

rubin
07.01.2008, 23:01
Файл G5-tmp_.exe получен 2008.01.07 20:52:55 (CET)


AhnLab-V3 2008.1.8.10 2008.01.07 -
AntiVir 7.6.0.46 2008.01.07 -
Authentium 4.93.8 2008.01.06 -
Avast 4.7.1098.0 2008.01.07 -
AVG 7.5.0.516 2008.01.07 -
BitDefender 7.2 2008.01.07 -
CAT-QuickHeal 9.00 2008.01.07 -
ClamAV 0.91.2 2008.01.07 -
DrWeb 4.44.0.09170 2008.01.07 -
eSafe 7.0.15.0 2008.01.06 suspicious Trojan/Worm
eTrust-Vet 31.3.5438 2008.01.07 Win32/Burgspill!generic
Ewido 4.0 2008.01.07 -
FileAdvisor 1 2008.01.07 -
Fortinet 3.14.0.0 2008.01.07 W32/Fake.B
F-Prot 4.4.2.54 2008.01.06 -
F-Secure 6.70.13030.0 2008.01.07 -
Ikarus T3.1.1.15 2008.01.07 Trojan-Downloader.Win32.Delf.cwv
Kaspersky 7.0.0.125 2008.01.07 -
McAfee 5201 2008.01.07 -
Microsoft 1.3109 2008.01.07 Trojan:Win32/Delflob.I
NOD32v2 2772 2008.01.07 -
Norman 5.80.02 2008.01.07 -
Panda 9.0.0.4 2008.01.07 -
Prevx1 V2 2008.01.07 Heuristic: Suspicious Browser Help Object
Rising 20.26.02.00 2008.01.07 Trojan.Win32.Delf.yjs
Sophos 4.24.0 2008.01.07 Mal/Emogen-N
Sunbelt 2.2.907.0 2008.01.05 -
Symantec 10 2008.01.07 -
TheHacker 6.2.9.183 2008.01.07 -
VBA32 3.12.2.5 2008.01.07 -
VirusBuster 4.3.26:9 2008.01.07 -
Webwasher-Gateway 6.6.2 2008.01.07 -

Дополнительная информация
File size: 405504 bytes
MD5: 1688e57fbc18ee8141b76ed2c526c69d
SHA1: 6c48f3294fbe9c94e2c317dc0315601b8f547065

strawser
08.01.2008, 02:15
File Winamp_to_qip.rar received on 01.08.2008 00:11:37

AhnLab-V3 - - -
AntiVir - - TR/Crypt.XPACK.Gen
Authentium - - -
Avast - - Win32:LdPinch-TO
AVG - - -
BitDefender - - -
CAT-QuickHeal - - (Suspicious) - DNAScan
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - Trojan-PSW.Win32.LdPinch.cqw
Ikarus - - Backdoor.Win32.Rbot.aeu
Kaspersky - - -
McAfee - - New Malware.cj
Microsoft - - -
NOD32v2 - - -
Norman - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - suspected of Trojan-PSW.Pinch.17 (paranoid heuristics)
VirusBuster - - -
Webwasher-Gateway - - Trojan.Crypt.XPACK.Gen
Additional information
MD5: 0667260500933fd2b7687d8bfdc1da7d

File file______.r received on 01.08.2008 11:47:28
AhnLab-V3 2008.1.8.12 2008.01.08 -
AntiVir 7.6.0.46 2008.01.08 -
Authentium 4.93.8 2008.01.07 -
Avast 4.7.1098.0 2008.01.07 -
AVG 7.5.0.516 2008.01.07 Generic5.CAD
BitDefender 7.2 2008.01.08 Trojan.Webmoner.O
CAT-QuickHeal 9.00 2008.01.07 -
ClamAV 0.91.2 2008.01.08 -
DrWeb 4.44.0.09170 2008.01.07 Joke.Finreal
eSafe 7.0.15.0 2008.01.06 Win32.Trojan
eTrust-Vet 31.3.5441 2008.01.08 -
Ewido 4.0 2008.01.07 Not-A-Virus.Hoax.Win32.WebMoner.t
FileAdvisor 1 2008.01.08 -
Fortinet 3.14.0.0 2008.01.08 Misc/WebMoner
F-Prot 4.4.2.54 2008.01.07 W32/Joke.OZ
F-Secure 6.70.13030.0 2008.01.08 not-virus:Hoax.Win32.WebMoner.t
Ikarus T3.1.1.20 2008.01.08 not-a-virus:Hoax.Win32.WebMoner.t
Kaspersky 7.0.0.125 2008.01.08 not-virus:Hoax.Win32.WebMoner.t
McAfee 5201 2008.01.07 -
Microsoft 1.3109 2008.01.08 -
NOD32v2 2774 2008.01.08 -
Norman 5.80.02 2008.01.07 -
Panda 9.0.0.4 2008.01.07 Trj/Webmoner.O
Prevx1 V2 2008.01.08 Generic.Malware
Rising 20.26.12.00 2008.01.08 AdWare.Win32.WebMoner.t
Sophos 4.24.0 2008.01.08 -
Sunbelt 2.2.907.0 2008.01.08 Trojan.Webmoner.O
Symantec 10 2008.01.08 Trojan Horse
TheHacker 6.2.9.183 2008.01.07 -
VBA32 3.12.2.5 2008.01.07 -
VirusBuster 4.3.26:9 2008.01.07 -
Webwasher-Gateway 6.6.2 2008.01.08 Riskware.Hoax.Webmoner.T
Additional information
File size: 610834 bytes
MD5: ba23ac427142d6d270737bc242fc06a2
SHA1: c24ac681c21db137e001601775c33fb3f7305bd0
PEiD: -
packers: ASPack
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=3854FAC700AAA8D0589E09094 F187D0086C0FEFE

ZhIV
09.01.2008, 04:56
Файл autorun.zip получен 2008.01.09 02:37:48 (CET)Антивирус Версия Обновление Результат
AhnLab-V3 2008.1.9.10 2008.01.08 -
AntiVir 7.6.0.46 2008.01.08 -
Authentium 4.93.8 2008.01.07 -
Avast 4.7.1098.0 2008.01.08 -
AVG 7.5.0.516 2008.01.08 -
BitDefender 7.2 2008.01.09 -
CAT-QuickHeal 9.00 2008.01.07 -
ClamAV 0.91.2 2008.01.08 -
DrWeb 4.44.0.09170 2008.01.08 -
eSafe 7.0.15.0 2008.01.08 -
eTrust-Vet 31.3.5443 2008.01.09 -
Ewido 4.0 2008.01.08 -
FileAdvisor 1 2008.01.09 -
Fortinet 3.14.0.0 2008.01.08 -
F-Prot 4.4.2.54 2008.01.08 -
F-Secure 6.70.13030.0 2008.01.09 -
Ikarus T3.1.1.20 2008.01.09 Virus.Win32.Spyware
Kaspersky 7.0.0.125 2008.01.09 -
McAfee 5202 2008.01.08 -
Microsoft 1.3109 2008.01.08 -
NOD32v2 2775 2008.01.08 -
Norman 5.80.02 2008.01.08 -
Panda 9.0.0.4 2008.01.08 -
Prevx1 V2 2008.01.09 -
Rising 20.26.12.00 2008.01.08 -
Sophos 4.24.0 2008.01.08 -
Sunbelt 2.2.907.0 2008.01.09 -
Symantec 10 2008.01.09 -
TheHacker 6.2.9.184 2008.01.08 Trojan/Agent.ek
VBA32 3.12.2.5 2008.01.07 -
VirusBuster 4.3.26:9 2008.01.08 -
Webwasher-Gateway 6.6.2 2008.01.08 Riskware.AniSYS.A

Дополнительная информация
File size: 343060 bytes
MD5: 0844ae3016bbf96b447ac3ec4bd82479
SHA1: baccb249f5557fcbd8928e61b084fc656222931a
PEiD: -

Синауридзе Александр
09.01.2008, 20:56
Файл key-gen.exe получен 2008.01.09 18:37:17 (CET)

AhnLab-V3 2008.1.10.10 2008.01.09 -
AntiVir 7.6.0.46 2008.01.09 -
Authentium 4.93.8 2008.01.09 -
Avast 4.7.1098.0 2008.01.08 -
AVG 7.5.0.516 2008.01.09 -
BitDefender 7.2 2008.01.09 Trojan.Silk.A
CAT-QuickHeal 9.00 2008.01.07 (Suspicious) - DNAScan
ClamAV 0.91.2 2008.01.09 -
DrWeb 4.44.0.09170 2008.01.09 Trojan.PWS.Silk
eSafe 7.0.15.0 2008.01.08 Suspicious File
eTrust-Vet 31.3.5444 2008.01.09 -
Ewido 4.0 2008.01.09 Trojan.Silk
FileAdvisor 1 2008.01.09 -
Fortinet 3.14.0.0 2008.01.09 Grayware
F-Prot 4.4.2.54 2008.01.08 -
F-Secure 6.70.13030.0 2008.01.09 -
Ikarus T3.1.1.20 2008.01.09 Application.Keygen.Xpstyle.U
Kaspersky 7.0.0.125 2008.01.09 -
McAfee 5203 2008.01.09 -
Microsoft 1.3109 2008.01.09 -
NOD32v2 2778 2008.01.09 -
Norman 5.80.02 2008.01.09 -
Panda 9.0.0.4 2008.01.08 -
Prevx1 V2 2008.01.09 -
Rising 20.26.21.00 2008.01.09 -
Sophos 4.24.0 2008.01.09 -
Sunbelt 2.2.907.0 2008.01.09 VIPRE.Suspicious
Symantec 10 2008.01.09 -
TheHacker 6.2.9.184 2008.01.08 W32/Behav-Heuristic-066
VBA32 3.12.2.5 2008.01.09 Trojan.PWS.Silk
VirusBuster 4.3.26:9 2008.01.09 -
Webwasher-Gateway 6.6.2 2008.01.09 -

Дополнительная информация
File size: 125952 bytes
MD5: 7d7ec5f3c596a32a057849630397d3e7
SHA1: 46b8938210285b328c8a47238b725ea83625cad0
PEiD: tElock 0.99c (Private ECLIPSE) -> tE!
packers: PE_Patch
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

rubin
09.01.2008, 22:37
t=16140 - srosa.sys

Файл avz00009.dta получен 2008.01.09 20:31:17 (CET)

AhnLab-V3 2008.1.10.10 2008.01.09 -
AntiVir 7.6.0.46 2008.01.09 TR/Rootkit.Gen
Authentium 4.93.8 2008.01.09 -
Avast 4.7.1098.0 2008.01.08 -
AVG 7.5.0.516 2008.01.09 I-Worm/Bagle.AEQ
BitDefender 7.2 2008.01.09 Trojan.Rootkit.Bagle.I
CAT-QuickHeal 9.00 2008.01.09 -
ClamAV 0.91.2 2008.01.09 -
DrWeb 4.44.0.09170 2008.01.09 Win32.HLLM.Beagle
eSafe 7.0.15.0 2008.01.08 -
eTrust-Vet 31.3.5444 2008.01.09 -
Ewido 4.0 2008.01.09 -
FileAdvisor 1 2008.01.09 -
Fortinet 3.14.0.0 2008.01.09 -
F-Prot 4.4.2.54 2008.01.09 -
F-Secure 6.70.13030.0 2008.01.09 -
Ikarus T3.1.1.20 2008.01.09 Trojan.Rootkit.Bagle.G
Kaspersky 7.0.0.125 2008.01.09 -
McAfee 5203 2008.01.09 -
Microsoft 1.3109 2008.01.09 Trojan:WinNT/Bagle.gen
NOD32v2 2778 2008.01.09 Win32/Bagle.LK
Norman 5.80.02 2008.01.09 W32/Rootkit.BVY
Panda 9.0.0.4 2008.01.09 -
Prevx1 V2 2008.01.09 Heuristic: Suspicious File With Anti-Security Technology
Rising 20.26.21.00 2008.01.09 -
Sophos 4.24.0 2008.01.09 -
Sunbelt 2.2.907.0 2008.01.09 VIPRE.Suspicious
Symantec 10 2008.01.09 -
TheHacker 6.2.9.184 2008.01.08 -
VBA32 3.12.2.5 2008.01.09 -
VirusBuster 4.3.26:9 2008.01.09 -
Webwasher-Gateway 6.6.2 2008.01.09 Trojan.Rootkit.Gen
File size: 90806 bytes
MD5: b0e67e8bcc5c854b2c316693519b31ba
SHA1: 6312ba8a3c5b64020b0a63a419afa2a2de28d811
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=C58170AAB694C36F62E30133C 84D5200B10D9B6E
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

zigmund shulc
10.01.2008, 17:04
Файл advapi32.___ получен 2008.01.10 14:44:08 (CET)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.1.10.12 2008.01.10 -
AntiVir 7.6.0.46 2008.01.10 TR/Patched.O.2
Authentium 4.93.8 2008.01.09 -
Avast 4.7.1098.0 2008.01.09 -
AVG 7.5.0.516 2008.01.09 -
BitDefender 7.2 2008.01.10 -
CAT-QuickHeal 9.00 2008.01.10 -
ClamAV 0.91.2 2008.01.10 Trojan.Patched
DrWeb 4.44.0.09170 2008.01.10 -
eSafe 7.0.15.0 2008.01.09 -
eTrust-Vet 31.3.5446 2008.01.10 -
Ewido 4.0 2008.01.10 -
FileAdvisor 1 2008.01.10 -
Fortinet 3.14.0.0 2008.01.10 -
F-Prot 4.4.2.54 2008.01.09 -
F-Secure 6.70.13030.0 2008.01.10 -
Ikarus T3.1.1.20 2008.01.10 Trojan.Win32.Patched.o
Kaspersky 7.0.0.125 2008.01.10 -
McAfee 5203 2008.01.09 -
Microsoft 1.3109 2008.01.10 -
NOD32v2 2780 2008.01.10 -
Norman 5.80.02 2008.01.10 -
Panda 9.0.0.4 2008.01.10 -
Prevx1 V2 2008.01.10 -
Rising 20.26.32.00 2008.01.10 -
Sophos 4.24.0 2008.01.10 -
Sunbelt 2.2.907.0 2008.01.10 -
Symantec 10 2008.01.10 -
TheHacker 6.2.9.185 2008.01.09 -
VBA32 3.12.2.5 2008.01.10 Trojan.Win32.Patched.o
VirusBuster 4.3.26:9 2008.01.09 -
Webwasher-Gateway 6.6.2 2008.01.10 Trojan.Patched.O.2

Дополнительная информация
File size: 699904 bytes
MD5: 08c16782a08e1aaaefecdd4dce461ee4
SHA1: b174a79c68cb23c6ed36941d5cbf390d09426fe7
PEiD: -

Синауридзе Александр
10.01.2008, 17:22
Файл autorun.rar получен 2008.01.10 14:59:00 (CET)

AhnLab-V3 2008.1.10.12 2008.01.10 -
AntiVir 7.6.0.46 2008.01.10 VBS/AutoRun.AL
Authentium 4.93.8 2008.01.09 -
Avast 4.7.1098.0 2008.01.09 VBS:Agent-BD
AVG 7.5.0.516 2008.01.09 -
BitDefender 7.2 2008.01.10 VBS.Worm.Runauto.E
CAT-QuickHeal 9.00 2008.01.10 VBS/Autorun.S
ClamAV 0.91.2 2008.01.10 -
DrWeb 4.44.0.09170 2008.01.10 -
eSafe 7.0.15.0 2008.01.09 -
eTrust-Vet 31.3.5446 2008.01.10 -
Ewido 4.0 2008.01.10 -
FileAdvisor 1 2008.01.10 -
Fortinet 3.14.0.0 2008.01.10 -
F-Prot 4.4.2.54 2008.01.09 -
F-Secure 6.70.13030.0 2008.01.10 Virus.VBS.Agent.ah
Ikarus T3.1.1.20 2008.01.10 Virus.VBS.Agent.BD
Kaspersky 7.0.0.125 2008.01.10 Virus.VBS.Agent.ah
McAfee 5203 2008.01.09 W32/Autorun.worm.al
Microsoft 1.3109 2008.01.10 Worm:VBS/Radier.A
NOD32v2 2780 2008.01.10 VBS/AutoRun.B
Norman 5.80.02 2008.01.10 -
Panda 9.0.0.4 2008.01.10 W32/Autorun.JF.worm
Prevx1 V2 2008.01.10 -
Rising 20.26.32.00 2008.01.10 -
Sophos 4.24.0 2008.01.10 -
Sunbelt 2.2.907.0 2008.01.10 -
Symantec 10 2008.01.10 VBS.Runauto
TheHacker 6.2.9.185 2008.01.09 -
VBA32 3.12.2.5 2008.01.10 -
VirusBuster 4.3.26:9 2008.01.09 -
Webwasher-Gateway 6.6.2 2008.01.10 Script.AutoRun.AL

Дополнительная информация
File size: 4129 bytes
MD5: 823f7b2facc3477fdb5772435e8d30fa
SHA1: 28f3ad621d2d115ca37eba4c6a81b264a495694d
PEiD: -

strawser
11.01.2008, 02:31
File BitAccelerator_2_.exe received on 01.11.2008 00:18:39

AhnLab-V3 2008.1.11.10 2008.01.10 -
AntiVir 7.6.0.46 2008.01.10 -
Authentium 4.93.8 2008.01.09 -
Avast 4.7.1098.0 2008.01.10 -
AVG 7.5.0.516 2008.01.10 -
BitDefender 7.2 2008.01.10 Adware.BHO.WPW
CAT-QuickHeal 9.00 2008.01.10 -
ClamAV 0.91.2 2008.01.10 Adware.BHO-50
DrWeb 4.44.0.09170 2008.01.10 Adware.BitAcc
eSafe 7.0.15.0 2008.01.10 AdWare.Win32.BHO.ic
eTrust-Vet 31.3.5446 2008.01.10 -
Ewido 4.0 2008.01.10 Not-A-Virus.Adware.BHO
FileAdvisor 1 2008.01.11 -
Fortinet 3.14.0.0 2008.01.10 Adware/BHO
F-Prot 4.4.2.54 2008.01.10 -
F-Secure 6.70.13030.0 2008.01.10 -
Ikarus T3.1.1.20 2008.01.10 Virus.Win32.AdWare
Kaspersky 7.0.0.125 2008.01.10 not-a-virus:AdWare.Win32.BHO.ic
McAfee 5204 2008.01.10 -
Microsoft 1.3109 2008.01.10 -
NOD32v2 2782 2008.01.11 -
Norman 5.80.02 2008.01.10 -
Panda 9.0.0.4 2008.01.10 -
Prevx1 V2 2008.01.11 -
Rising 20.26.32.00 2008.01.10 -
Sophos 4.24.0 2008.01.10 -
Sunbelt 2.2.907.0 2008.01.10 -
Symantec 10 2008.01.10 -
TheHacker 6.2.9.185 2008.01.09 -
VBA32 3.12.2.5 2008.01.10 -
VirusBuster 4.3.26:9 2008.01.10 -
Webwasher-Gateway 6.6.2 2008.01.10 -
Additional information
File size: 394122 bytes
MD5: a959ddfab492d2591deb17b2dd3977bf
SHA1: 502645b13e698b39bd6e566968e60591cc96a6ef
PEiD: -