PDA

Просмотр полной версии : Исследование антивирусов 7



Страницы : [1] 2 3 4 5

Shu_b
05.11.2008, 14:07
Сообщение от Geser http://virusinfo.info/images/buttonsru/viewpost.gif (http://virusinfo.info/showthread.php?p=75585#post75585)
В общем думал я думал как сделать более-менее объективную оценку антивирусов, и кое что придумал. Вот в эту тему прошу всех постить результаты проверки зверей которые были пойманы исключительно ручками. Т.е. которых не видел установленный на компютере антивирус. Так выборка будет по настоящему случайной.

Постить в эту тему результаты проверки файлов исключительно пойманных руками на компьютерах.

Не постить результаты проверки файлов найденных на других сайтах или в коллекциях.
Не постить результаты проверки файлов изначально найденных антивирусом.


Продолжим в новой теме.

Добавлено через 4 часа 40 минут

Для затравки:
File svchost.exe:ext.exe:$DATA received on 11.05.2008 12:03:13 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.11.5.3 2008.11.05 -
AntiVir 7.9.0.10 2008.11.05 TR/Crypt.U.Gen
Authentium 5.1.0.4 2008.11.04 -
Avast 4.8.1248.0 2008.11.04 Win32:Agent-ABKC
AVG 8.0.0.161 2008.11.05 -
BitDefender 7.2 2008.11.05 Trojan.Rootkit.Agent.NFS
CAT-QuickHeal 9.50 2008.11.04 Win32.Backdoor.Tofsee.F.3
ClamAV 0.94.1 2008.11.05 -
DrWeb 4.44.0.09170 2008.11.05 -
eSafe 7.0.17.0 2008.11.04 Suspicious File
eTrust-Vet 31.6.6190 2008.11.05 -
Ewido 4.0 2008.11.04 -
F-Prot 4.4.4.56 2008.11.04 -
F-Secure 8.0.14332.0 2008.11.05 -
Fortinet 3.117.0.0 2008.11.05 -
GData 19 2008.11.05 Trojan.Rootkit.Agent.NFS
Ikarus T3.1.1.45.0 2008.11.05 Virus.Win32.Agent.ABKC
K7AntiVirus 7.10.516 2008.11.04 -
Kaspersky 7.0.0.125 2008.11.05 -
McAfee 5424 2008.11.04 New Malware.bm
Microsoft 1.4005 2008.11.05 -
NOD32 3585 2008.11.05 -
Norman 5.80.02 2008.11.04 -
Panda 9.0.0.4 2008.11.05 -
PCTools 4.4.2.0 2008.11.04 -
Prevx1 V2 2008.11.05 -
Rising 21.02.22.00 2008.11.05 Win32.Virut.GEN
SecureWeb-Gateway 6.7.6 2008.11.05 Trojan.Crypt.U.Gen
Sophos 4.35.0 2008.11.05 -
Sunbelt 3.1.1783.2 2008.11.05 -
Symantec 10 2008.11.05 -
TheHacker 6.3.1.1.140 2008.11.05 -
TrendMicro 8.700.0.1004 2008.11.05 PAK_Generic.001
VBA32 3.12.8.9 2008.11.05 -
ViRobot 2008.11.5.1453 2008.11.05 -
VirusBuster 4.5.11.0 2008.11.04 -
Additional information
File size: 39936 bytes

Hanson
06.11.2008, 16:07
Файл avz00002.dta(C:\WINDOWS\system32\tvsm.dll) получен 2008.11.06 13:54:41 (CET)
Текущий статус:закончено
Результат: 1/36 (2.78%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.11.5.3 2008.11.06 -
AntiVir 7.9.0.26 2008.11.06 -
Authentium 5.1.0.4 2008.11.06 -
Avast 4.8.1248.0 2008.11.05 -
AVG 8.0.0.161 2008.11.06 -
BitDefender 7.2 2008.11.06 -
CAT-QuickHeal 9.50 2008.11.04 -
ClamAV 0.94.1 2008.11.06 -
DrWeb 4.44.0.09170 2008.11.06 -
eSafe 7.0.17.0 2008.11.05 -
eTrust-Vet 31.6.6194 2008.11.06 -
Ewido 4.0 2008.11.06 -
F-Prot 4.4.4.56 2008.11.06 -
F-Secure 8.0.14332.0 2008.11.06 -
Fortinet 3.117.0.0 2008.11.05 -
GData 19 2008.11.06 -
Ikarus T3.1.1.45.0 2008.11.06 -
K7AntiVirus 7.10.517 2008.11.05 -
Kaspersky 7.0.0.125 2008.11.06 Trojan-Ransom.Win32.BHO.a
McAfee 5425 2008.11.05 -
Microsoft 1.4005 2008.11.06 -
NOD32 3590 2008.11.06 -
Norman 5.80.02 2008.11.06 -
Panda 9.0.0.4 2008.11.05 -
PCTools 4.4.2.0 2008.11.06 -
Prevx1 V2 2008.11.06 -
Rising 21.02.32.00 2008.11.06 -
SecureWeb-Gateway 6.7.6 2008.11.06 -
Sophos 4.35.0 2008.11.06 -
Sunbelt 3.1.1783.2 2008.11.05 -
Symantec 10 2008.11.06 -
TheHacker 6.3.1.1.141 2008.11.05 -
TrendMicro 8.700.0.1004 2008.11.06 -
VBA32 3.12.8.9 2008.11.05 -
ViRobot 2008.11.6.1455 2008.11.06 -
VirusBuster 4.5.11.0 2008.11.05 -

Дополнительная информация
File size: 221184 bytes
MD5...: f9dc2a3052db20dfb8939a74e75314ed
SHA1..: fd936b597982f68d05d037773819d178d6706517
SHA256: a1e1a209a40dccc9848bf2b9029ba091cb3522c769e3a08276 1e277d534af1e1
SHA512: 3088346ac8f5f82f47abfadb2541e0e1e85dbe2db5cabcb13f d10d744123c8dd
9667ab1fffa8a1766a95e5717135239cb397db6dc26512ff4c cee0e87356f01c
PEiD..: -

может и ложняк,но вот ответ каспера

avz00002.dta - Trojan-Ransom.Win32.BHO.a

This file is already detected. Please update your antivirus bases.

Добавлено через 8 минут

Файл avz00009.dta получен 2008.11.06 14:01:20 (CET)
(C:\windows\services.exe)
Текущий статус: закончено
Результат: 15/36 (41.67%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.11.5.3 2008.11.06 -
AntiVir 7.9.0.26 2008.11.06 Worm/Joleee.CA
Authentium 5.1.0.4 2008.11.06 -
Avast 4.8.1248.0 2008.11.05 Win32:Fabot
AVG 8.0.0.161 2008.11.06 Downloader.Generic_r.BG
BitDefender 7.2 2008.11.06 Trojan.Spammer.Tedroo.AT
CAT-QuickHeal 9.50 2008.11.04 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.11.06 -
DrWeb 4.44.0.09170 2008.11.06 -
eSafe 7.0.17.0 2008.11.05 -
eTrust-Vet 31.6.6194 2008.11.06 -
Ewido 4.0 2008.11.06 -
F-Prot 4.4.4.56 2008.11.06 -
F-Secure 8.0.14332.0 2008.11.06 Email-Worm.Win32.Joleee.ca
Fortinet 3.117.0.0 2008.11.05 -
GData 19 2008.11.06 Win32:Fabot
Ikarus T3.1.1.45.0 2008.11.06 Email-Worm.Win32.Joleee.ca
K7AntiVirus 7.10.517 2008.11.05 -
Kaspersky 7.0.0.125 2008.11.06 Email-Worm.Win32.Joleee.ca
McAfee 5425 2008.11.05 -
Microsoft 1.4005 2008.11.06 TrojanDropper:Win32/Cutwail.AR
NOD32 3590 2008.11.06 -
Norman 5.80.02 2008.11.06 -
Panda 9.0.0.4 2008.11.05 -
PCTools 4.4.2.0 2008.11.06 -
Prevx1 V2 2008.11.06 System Back Door
Rising 21.02.32.00 2008.11.06 Trojan.Win32.Undef.smc
SecureWeb-Gateway 6.7.6 2008.11.06 Worm.Joleee.CA
Sophos 4.35.0 2008.11.06 W32/Jolly-A
Sunbelt 3.1.1783.2 2008.11.05 -
Symantec 10 2008.11.06 Backdoor.Trojan
TheHacker 6.3.1.1.141 2008.11.05 -
TrendMicro 8.700.0.1004 2008.11.06 -
VBA32 3.12.8.9 2008.11.05 -
ViRobot 2008.11.6.1455 2008.11.06 -
VirusBuster 4.5.11.0 2008.11.05 -

File size: 40960 bytes
MD5...: 9d0528ae22b6e911b466ca74944f3013
SHA1..: e6c1466b2af413663b50e7461a55309dfdae0e86
SHA256: 810dd0f979c479b1eb494b87c454224ca02458bc501c8c6c6f b5a59362295dcb
SHA512: 749b25065d175ee5dc45678ff6700d0f13e2b7118aa1ea2d03 e2ff95276c1dfa
cdc1565a88a722caf1f1721f190f8b817ff2f7874c117a9de7 ddcb5240b4512c

ISO
08.11.2008, 08:27
Порно информер - надстройка в IE.

Файл trdlib.dll получен 2008.11.07 01:20:05 (CET)
Результат: 6/36 (16.67%)
Антивирус Версия Обновление Результат
AhnLab-V3 2008.11.7.1 2008.11.06 Win-Trojan/Hexzone.352256
AntiVir 7.9.0.26 2008.11.07 -
Authentium 5.1.0.4 2008.11.06 -
Avast 4.8.1248.0 2008.11.06 -
AVG 8.0.0.161 2008.11.07 -
BitDefender 7.2 2008.11.07 -
CAT-QuickHeal 9.50 2008.11.04 TrojanRansom.Hexzone.abq
ClamAV 0.94.1 2008.11.07 -
DrWeb 4.44.0.09170 2008.11.07 Trojan.Blackmailer.244
eSafe 7.0.17.0 2008.11.06 -
eTrust-Vet 31.6.6195 2008.11.06 -
Ewido 4.0 2008.11.06 -
F-Prot 4.4.4.56 2008.11.06 -
F-Secure 8.0.14332.0 2008.11.06 -
Fortinet 3.117.0.0 2008.11.06 -
GData 19 2008.11.07 -
Ikarus T3.1.1.45.0 2008.11.06 -
K7AntiVirus 7.10.518 2008.11.06 -
Kaspersky 7.0.0.125 2008.11.07 -
McAfee 5426 2008.11.06 -
Microsoft 1.4104 2008.11.07 Trojan:Win32/Hexzone.A!dll
NOD32 3592 2008.11.06 Win32/Hexzone.I
Norman 5.80.02 2008.11.06 -
Panda 9.0.0.4 2008.11.06 -
PCTools 4.4.2.0 2008.11.06 -
Prevx1 V2 2008.11.07 Fraudulent Security Program
Rising 21.02.32.00 2008.11.06 -
SecureWeb-Gateway 6.7.6 2008.11.06 -
Sophos 4.35.0 2008.11.07 -
Sunbelt 3.1.1783.2 2008.11.05 -
Symantec 10 2008.11.07 -
TheHacker 6.3.1.1.143 2008.11.07 -
TrendMicro 8.700.0.1004 2008.11.06 -
VBA32 3.12.8.9 2008.11.06 -
ViRobot 2008.11.6.1455 2008.11.06 -
VirusBuster 4.5.11.0 2008.11.06 -
Дополнительная информация
File size: 352256 bytes
MD5...: 9d175e378ad55e55c2637c4ded6d749e
SHA1..: 21da44fc2dd8541188d3a21ba4b0875b69edd6ac
SHA256: 6e85aceb0b90726d1032ed98ccfdc3508010936a7a621822d2 0c068264b6935d
SHA512: 1151b5faadc673f55281c275f0fdd34753025bed1e660b67c9 b473143559c469
673b61f87fdae496cc99aa7c5af0982e5a5020354d10b82875 69d3826a580300
PEiD..: -

Hanson
11.11.2008, 13:27
Файл csrss5.dll получен 2008.11.11 10:28:26 (CET)
Текущий статус:закончено
Результат: 12/36 (33.34%)


Антивирус Версия Обновление Результат
AhnLab-V3 2008.11.11.0 2008.11.10 -
AntiVir 7.9.0.29 2008.11.11 TR/Agent.rnn
Authentium 5.1.0.4 2008.11.11 -
Avast 4.8.1248.0 2008.11.10 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.11.11 -
BitDefender 7.2 2008.11.11 Trojan.Generic.752223
CAT-QuickHeal 9.50 2008.11.11 -
ClamAV 0.94.1 2008.11.11 -
DrWeb 4.44.0.09170 2008.11.11 -
eSafe 7.0.17.0 2008.11.10 Suspicious File
eTrust-Vet 31.6.6203 2008.11.11 -
Ewido 4.0 2008.11.10 -
F-Prot 4.4.4.56 2008.11.10 -
F-Secure 8.0.14332.0 2008.11.11 -
Fortinet 3.117.0.0 2008.11.11 -
GData 19 2008.11.11 Trojan.Generic.752223
Ikarus T3.1.1.45.0 2008.11.11 Virus.Win32.Trojan
K7AntiVirus 7.10.521 2008.11.10 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.11.11 -
McAfee 5430 2008.11.10 -
Microsoft 1.4104 2008.11.11 -
NOD32 3601 2008.11.11 -
Norman 5.80.02 2008.11.10 -
Panda 9.0.0.4 2008.11.10 Generic Trojan
PCTools 4.4.2.0 2008.11.10 -
Prevx1 V2 2008.11.11 Worm
Rising 21.03.11.00 2008.11.11 -
SecureWeb-Gateway 6.7.6 2008.11.11 Trojan.Agent.rnn
Sophos 4.35.0 2008.11.11 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.11 Trojan Horse
TheHacker 6.3.1.1.147 2008.11.10 -
TrendMicro 8.700.0.1004 2008.11.11 BKDR_AGENT.BZ
VBA32 3.12.8.9 2008.11.10 -
ViRobot 2008.11.11.1460 2008.11.11 -
VirusBuster 4.5.11.0 2008.11.10 -

Hanson
13.11.2008, 11:15
Файл winctrl32.dll получен 2008.11.12 09:56:22 (CET)
Текущий статус: закончено
Результат: 12/36 (33.33%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.11.11.2 2008.11.12 -
AntiVir 7.9.0.31 2008.11.12 TR/Dropper.Gen
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.11 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.11.11 Win32/Heur
BitDefender 7.2 2008.11.12 Trojan.Dropper.Kobcka.Gen.1
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.12 -
DrWeb 4.44.0.09170 2008.11.12 BackDoor.Bulknet.225
eSafe 7.0.17.0 2008.11.11 -
eTrust-Vet 31.6.6203 2008.11.11 -
Ewido 4.0 2008.11.11 -
F-Prot 4.4.4.56 2008.11.11 -
F-Secure 8.0.14332.0 2008.11.12 -
Fortinet 3.117.0.0 2008.11.12 -
GData 19 2008.11.12 Trojan.Dropper.Kobcka.Gen.1
Ikarus T3.1.1.45.0 2008.11.12 -
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.12 -
McAfee 5431 2008.11.12 Cutwail.dll.gen
Microsoft 1.4104 2008.11.12 TrojanDownloader:Win32/Cutwail.S
NOD32 3605 2008.11.12 -
Norman 5.80.02 2008.11.11 -
Panda 9.0.0.4 2008.11.11 -
PCTools 4.4.2.0 2008.11.11 -
Prevx1 V2 2008.11.12 Malicious Software
Rising 21.03.20.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 Trojan.Dropper.Gen
Sophos 4.35.0 2008.11.12 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.12 -
TheHacker 6.3.1.1.149 2008.11.12 -
TrendMicro 8.700.0.1004 2008.11.12 -
VBA32 3.12.8.9 2008.11.11 suspected of Embedded.Trojan-Downloader.Win32.Nicak
ViRobot 2008.11.12.1462 2008.11.12 -
VirusBuster 4.5.11.0 2008.11.11 Trojan.DR.Pandex.Gen.7

kvit
13.11.2008, 12:12
Антивирус Версия Обновление Результат
AhnLab-V3 2008.11.13.2 2008.11.13 -
AntiVir 7.9.0.31 2008.11.13 -
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.12 -
BitDefender 7.2 2008.11.13 BehavesLike:Trojan.ShellObject
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.13 -
DrWeb 4.44.0.09170 2008.11.13 -
eSafe 7.0.17.0 2008.11.12 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.12 -
F-Prot 4.4.4.56 2008.11.12 -
Fortinet 3.117.0.0 2008.11.13 -
GData 19 2008.11.13 -
Ikarus T3.1.1.45.0 2008.11.13 -
K7AntiVirus 7.10.523 2008.11.12 -
Kaspersky 7.0.0.125 2008.11.13 Trojan-Spy.Win32.Agent.evf
McAfee 5432 2008.11.13 -
Microsoft 1.4104 2008.11.13 -
NOD32 3608 2008.11.13 -
Norman 5.80.02 2008.11.12 -
Panda 9.0.0.4 2008.11.12 Suspicious file
PCTools 4.4.2.0 2008.11.13 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.13 -
Sophos 4.35.0 2008.11.13 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.13 -
TheHacker 6.3.1.1.151 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.13 -
VBA32 3.12.8.9 2008.11.12 -
ViRobot 2008.11.13.1464 2008.11.13 -
VirusBuster 4.5.11.0 2008.11.12 -
Дополнительная информация
File size: 24064 bytes
MD5...: 58d3976c41012ebf512eecd22bb782b3
SHA1..: b2bfa3e3ca372f11f4c21df10565a9214e4cd141
SHA256: baf8f3ec9e95df5e367a5c0267a3f097f8da9ee9d8b1b914aa b7cbc338b27b8e
SHA512: 9ebef0bbcc74f72933fcf560803b51b7d6ff23c3bc2a70d0e9 80e6de93dd008a
33e914b72def62a9b3cac455068dd745cf31cdd9c7de8a566e 51a6507206899b
PEiD..: -


Добавлено через 1 минуту


Антивирус Версия Обновление Результат
AhnLab-V3 2008.11.13.0 2008.11.13 -
AntiVir 7.9.0.31 2008.11.13 -
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.12 -
AVG 8.0.0.199 2008.11.12 -
BitDefender 7.2 2008.11.13 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.13 -
DrWeb 4.44.0.09170 2008.11.13 -
eSafe 7.0.17.0 2008.11.12 -
eTrust-Vet 31.6.6208 2008.11.13 -
Ewido 4.0 2008.11.12 -
F-Prot 4.4.4.56 2008.11.12 -
F-Secure 8.0.14332.0 2008.11.13 Trojan-Spy.Win32.Agent.evj
Fortinet 3.117.0.0 2008.11.13 -
GData 19 2008.11.13 -
Ikarus T3.1.1.45.0 2008.11.13 -
K7AntiVirus 7.10.523 2008.11.12 -
Kaspersky 7.0.0.125 2008.11.13 Trojan-Spy.Win32.Agent.evj
McAfee 5432 2008.11.13 -
Microsoft 1.4104 2008.11.13 -
NOD32 3608 2008.11.13 -
Norman 5.80.02 2008.11.12 -
Panda 9.0.0.4 2008.11.12 Suspicious file
PCTools 4.4.2.0 2008.11.13 -
Prevx1 V2 2008.11.13 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.13 -
Sophos 4.35.0 2008.11.13 -
Sunbelt 3.1.1785.2 2008.11.11 Virus.Win32.Agent.AJ (vf)
Symantec 10 2008.11.13 -
TheHacker 6.3.1.1.151 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.13 -
VBA32 3.12.8.9 2008.11.12 -
ViRobot 2008.11.13.1464 2008.11.13 -
VirusBuster 4.5.11.0 2008.11.12 -
Дополнительная информация
File size: 20480 bytes
MD5...: 9b9bc66a0b0de6fc3b3c24a8e98f2059
SHA1..: 33560b84a929114cbfcfbd91a6dce94edfc062ed
SHA256: b141c2cb4da0857eb5823e503802b4a680a4594a0fdde2a8ce ba636cc6dfcb7d
SHA512: b59d52a798ada47efdfa54214d0f28ff554752c529fc505490 b1ccc24ef04298
a32129994fd8c9f546beb2992c65a9fcda49b52d79b5b3200d 9041351e63c968
PEiD..: -

Добавлено через 1 минуту


Антивирус Версия Обновление Результат
AhnLab-V3 2008.11.13.2 2008.11.13 -
AntiVir 7.9.0.31 2008.11.13 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.11.12 W32/Ristix.A
Avast 4.8.1248.0 2008.11.12 -
AVG 8.0.0.199 2008.11.12 Win32/Heur
BitDefender 7.2 2008.11.13 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.13 -
DrWeb 4.44.0.09170 2008.11.13 -
eSafe 7.0.17.0 2008.11.12 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.12 -
F-Prot 4.4.4.56 2008.11.12 W32/Zbot.I.gen!Eldorado
F-Secure 8.0.14332.0 2008.11.13 Worm.Win32.AutoRun.sff
Fortinet 3.117.0.0 2008.11.13 -
GData 19 2008.11.13 -
Ikarus T3.1.1.45.0 2008.11.13 Worm.Win32.AutoRun
K7AntiVirus 7.10.523 2008.11.12 -
Kaspersky 7.0.0.125 2008.11.13 Worm.Win32.AutoRun.sff
McAfee 5432 2008.11.13 -
Microsoft 1.4104 2008.11.13 Trojan:Win32/AgentBypass.gen!K
NOD32 3608 2008.11.13 -
Norman 5.80.02 2008.11.12 -
Panda 9.0.0.4 2008.11.12 Suspicious file
PCTools 4.4.2.0 2008.11.13 -
Prevx1 V2 2008.11.13 -
Rising 21.03.30.00 2008.11.13 -
SecureWeb-Gateway 6.7.6 2008.11.13 Trojan.Crypt.XPACK.Gen
Sophos 4.35.0 2008.11.13 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.13 -
TheHacker 6.3.1.1.151 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.13 PAK_Generic.001
VBA32 3.12.8.9 2008.11.12 Trojan.Autorun.gen
ViRobot 2008.11.13.1464 2008.11.13 -
VirusBuster 4.5.11.0 2008.11.12 -
Дополнительная информация
File size: 24770 bytes
MD5...: 0d3335954da589c4fefdf544f6696fcf
SHA1..: cbd67db5092407a32457a2f8cd17ef51f1908849
SHA256: 8fc81c6c9414346256d2d4edce75f653061b438e2c068bef3c 8153ea4e5eb0ff
SHA512: c1125f47fc9c4268acca3e6e7f3574647b6f13e92cd5f4d179 4e10f0ac45597c
4378a374185796ad43b45aa5e13e4f1c518ae3fd220fa3a1a3 9c1e5236ccd63a
PEiD..: -

Добавлено через 5 минут

и еще плюс один который вообще ни один антивирус не нашел...
тот который никто не находил:

Ваш запрос был проанализирован. Запись о новом вирусе добавлена в базу.
Вирус: Trojan.Blackmailer.291.

ISO
13.11.2008, 12:14
File clips01505.scr received on 11.13.2008 09:53:16 (CET)
Result: 11/36 (30.56%)


Antivirus Version Last Update Result
AhnLab-V3 2008.11.13.2 2008.11.13 -
AntiVir 7.9.0.31 2008.11.13 DR/Delphi.Gen
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.12 -
AVG 8.0.0.199 2008.11.12 Win32/Heur
BitDefender 7.2 2008.11.13 Trojan.Dropper.LdPinch.AO
CAT-QuickHeal 9.50 2008.11.12 TrojanPSW.LdPinch.abkf
ClamAV 0.94.1 2008.11.13 -
DrWeb 4.44.0.09170 2008.11.13 -
eSafe 7.0.17.0 2008.11.12 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.12 -
F-Prot 4.4.4.56 2008.11.12 -
F-Secure 8.0.14332.0 2008.11.13 -
Fortinet 3.117.0.0 2008.11.13 -
GData 19 2008.11.13 Trojan.Dropper.LdPinch.AO
Ikarus T3.1.1.45.0 2008.11.13 Downloader.Delphi
K7AntiVirus 7.10.523 2008.11.12 -
Kaspersky 7.0.0.125 2008.11.13 -
McAfee 5432 2008.11.13 -
Microsoft 1.4104 2008.11.13 -
NOD32 3609 2008.11.13 a variant of Win32/Injector.DT
Norman 5.80.02 2008.11.12 -
Panda 9.0.0.4 2008.11.12 -
PCTools 4.4.2.0 2008.11.13 -
Prevx1 V2 2008.11.13 -
Rising 21.03.30.00 2008.11.13 -
SecureWeb-Gateway 6.7.6 2008.11.13 Trojan.Dropper.Delphi.Gen
Sophos 4.35.0 2008.11.13 Troj/Merein-Gen
Sunbelt 3.1.1785.2 2008.11.11 Trojan-PSW.Win32.OnLineGames.AFLB (vf)
Symantec 10 2008.11.13 -
TheHacker 6.3.1.1.151 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.13 -
VBA32 3.12.8.9 2008.11.12 Malware-Cryptor.Win32.Xip
ViRobot 2008.11.13.1464 2008.11.13 -
VirusBuster 4.5.11.0 2008.11.12 -
Additional information
File size: 327680 bytes
MD5...: c0b52e992067fc43c7ac10cbabd0ee71
SHA1..: c57057305d14886dc6b9d236e7e69b29568ae04e
SHA256: 2f8ce5806dae02a5b76fb74c4e6e248178ae2caba458186336 d5ec1b9dc28084
SHA512: ead5c5f730793eb113c1a09f2fee8c4adda19d09e85959fdbd a5c61d3b17b1ab
1b3d26d45534475edb67eb2e085203a7586999d5408441a525 1d88228fccbd0c

ISO
17.11.2008, 06:37
Файл virusscan.jotti.com из архива, скачанного по ссылке из этой темы http://virusinfo.info/showthread.php?t=33974
File 1.exe received on 11.17.2008 04:26:24 (CET)
Result: 9/35 (25.72%)


Antivirus Version Last Update Result
AhnLab-V3 2008.11.14.3 2008.11.17 -
AntiVir 7.9.0.31 2008.11.16 DR/Delphi.Gen
Authentium 5.1.0.4 2008.11.17 -
Avast 4.8.1281.0 2008.11.16 -
AVG 8.0.0.199 2008.11.16 -
BitDefender 7.2 2008.11.17 Trojan.Dropper.LdPinch.AO
CAT-QuickHeal 10.00 2008.11.15 -
ClamAV 0.94.1 2008.11.17 -
DrWeb 4.44.0.09170 2008.11.17 -
eSafe 7.0.17.0 2008.11.16 Suspicious File
eTrust-Vet 31.6.6210 2008.11.14 -
Ewido 4.0 2008.11.16 -
F-Prot 4.4.4.56 2008.11.16 -
F-Secure 8.0.14332.0 2008.11.17 Suspicious:W32/Malware!Gemini
Fortinet 3.117.0.0 2008.11.15 -
GData 19 2008.11.17 Trojan.Dropper.LdPinch.AO
Ikarus T3.1.1.45.0 2008.11.17 AdWare.SoftLayer
K7AntiVirus 7.10.526 2008.11.15 -
Kaspersky 7.0.0.125 2008.11.17 -
McAfee 5436 2008.11.16 -
Microsoft 1.4104 2008.11.17 -
NOD32 3615 2008.11.15 -
Norman 5.80.02 2008.11.14 -
Panda 9.0.0.4 2008.11.16 Suspicious file
PCTools 4.4.2.0 2008.11.16 -
Rising 21.03.42.00 2008.11.14 -
SecureWeb-Gateway 6.7.6 2008.11.16 Trojan.Dropper.Delphi.Gen
Sophos 4.35.0 2008.11.17 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.17 -
TheHacker 6.3.1.1.155 2008.11.15 -
TrendMicro 8.700.0.1004 2008.11.14 PAK_Generic.001
VBA32 3.12.8.9 2008.11.16 -
ViRobot 2008.11.17.1471 2008.11.17 -
VirusBuster 4.5.11.0 2008.11.16 -
Additional information
File size: 62976 bytes
MD5...: de69f09bc4d9365ddb519f7f14ba2d2e
SHA1..: a42d6fc76deb5bb39e4a6c8dbb9633885852622a
SHA256: 3a7930377eb4098d371827ba2c71892414afe9c7914b2fea36 cfe01767cfa738
SHA512: 9db02bdd920d39c8feed03f281101111945665b7fb4a01c650 e9fb694aa0a9da
d0fdbd3ec173280ef4f38c5252fa9ef37631cefd554214d272 aa42ba3fa908ad
PEiD..: UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification
Win32 Executable Generic (67.8%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
VXD Driver (0.2%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x422300
timedatestamp.....: 0x491ba782 (Thu Nov 13 04:05:22 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x13000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x14000 0xf000 0xf000 7.98 1d00a1d0110c03fdcec46aaeee5c6102
.rsrc 0x23000 0x1000 0x400 2.87 3053439ba625a5a3f1e0b8e29556614f

( 3 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> crtdll.dll: _rmdir
> shlwapi.dll: PathAddBackslashA

( 0 exports )
packers (F-Prot): embedded, UPX_LZMA
packers (Kaspersky): UPX

Shu_b
18.11.2008, 16:55
File wupdate.exe received on 11.18.2008 07:57:55 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.18.0 2008.11.18 -
AntiVir 7.9.0.31 2008.11.17 HEUR/Crypted
Authentium 5.1.0.4 2008.11.18 -
Avast 4.8.1281.0 2008.11.17 -
AVG 8.0.0.199 2008.11.17 SHeur.CHGW
BitDefender 7.2 2008.11.18 -
CAT-QuickHeal 10.00 2008.11.17 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.11.18 -
DrWeb 4.44.0.09170 2008.11.18 -
eSafe 7.0.17.0 2008.11.17 -
eTrust-Vet 31.6.6210 2008.11.14 -
Ewido 4.0 2008.11.17 -
F-Prot 4.4.4.56 2008.11.17 -
F-Secure 8.0.14332.0 2008.11.18 -
Fortinet 3.117.0.0 2008.11.18 -
GData 19 2008.11.18 -
Ikarus T3.1.1.45.0 2008.11.18 Trojan.Crypt.ASPM
K7AntiVirus 7.10.526 2008.11.15 -
Kaspersky 7.0.0.125 2008.11.18 -
McAfee 5437 2008.11.17 -
Microsoft 1.4104 2008.11.17 Backdoor:Win32/Rbot.gen
NOD32 3620 2008.11.18 -
Norman 5.80.02 2008.11.17 -
Panda 9.0.0.4 2008.11.17 Suspicious file
PCTools 4.4.2.0 2008.11.17 -
Prevx1 V2 2008.11.18 -
Rising 21.04.10.00 2008.11.18 -
SecureWeb-Gateway 6.7.6 2008.11.18 Heuristic.Crypted
Sophos 4.35.0 2008.11.18 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.18 -
TheHacker 6.3.1.1.157 2008.11.18 -
TrendMicro 8.700.0.1004 2008.11.18 -
VBA32 3.12.8.9 2008.11.17 -
ViRobot 2008.11.18.1473 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.17 -
Additional information
File size: 794624 bytes

Добавлено через 6 часов 13 минут

File ttuwj.sys received on 11.18.2008 14:11:55 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.18.2 2008.11.18 -
AntiVir 7.9.0.31 2008.11.18 TR/Rootkit.Gen
Authentium 5.1.0.4 2008.11.18 -
Avast 4.8.1281.0 2008.11.17 Win32:Rootkit-gen
AVG 8.0.0.199 2008.11.17 -
BitDefender 7.2 2008.11.18 -
CAT-QuickHeal 10.00 2008.11.18 -
ClamAV 0.94.1 2008.11.18 -
DrWeb 4.44.0.09170 2008.11.18 -
eSafe 7.0.17.0 2008.11.17 -
eTrust-Vet 31.6.6209 2008.11.14 -
Ewido 4.0 2008.11.18 -
F-Prot 4.4.4.56 2008.11.17 -
F-Secure 8.0.14332.0 2008.11.18 -
Fortinet 3.117.0.0 2008.11.18 -
GData 19 2008.11.18 Win32:Rootkit-gen
Ikarus T3.1.1.45.0 2008.11.18 Backdoor.WinNT.Rustock
K7AntiVirus 7.10.526 2008.11.15 -
Kaspersky 7.0.0.125 2008.11.18 -
McAfee 5437 2008.11.17 -
Microsoft 1.4104 2008.11.17 Backdoor:WinNT/Rustock.H
NOD32 3621 2008.11.18 -
Norman 5.80.02 2008.11.18 W32/Rootkit.TFO
Panda 9.0.0.4 2008.11.17 Generic Malware
PCTools 4.4.2.0 2008.11.18 -
Prevx1 V2 2008.11.18 -
Rising 21.04.12.00 2008.11.18 -
SecureWeb-Gateway 6.7.6 2008.11.18 Trojan.Rootkit.Gen
Sophos 4.35.0 2008.11.18 -
Sunbelt 3.1.1801.2 2008.11.14 Trojan-GameThief.Win32.OnLineGames.TPC (vf)
Symantec 10 2008.11.18 -
TheHacker 6.3.1.1.157 2008.11.18 -
TrendMicro 8.700.0.1004 2008.11.18 -
VBA32 3.12.8.9 2008.11.17 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.17 -
Additional information
File size: 47104 bytes
MD5...: f39ed4922db5a0017a02f0dadfaac20a

Добавлено через 33 минуты

File wm9dap.dll received on 11.18.2008 14:32:37 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.18.2 2008.11.18 Win32/Bagle.worm.73728.F
AntiVir 7.9.0.31 2008.11.18 -
Authentium 5.1.0.4 2008.11.18 W32/Bongler-based!Maximus
Avast 4.8.1281.0 2008.11.17 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.11.17 -
BitDefender 7.2 2008.11.18 Win32.Worm.Bagle.ZLT
CAT-QuickHeal 10.00 2008.11.18 -
ClamAV 0.94.1 2008.11.18 -
DrWeb 4.44.0.09170 2008.11.18 -
eSafe 7.0.17.0 2008.11.17 -
eTrust-Vet 31.6.6210 2008.11.14 -
Ewido 4.0 2008.11.18 -
F-Prot 4.4.4.56 2008.11.17 W32/Bongler-based!Maximus
F-Secure 8.0.14332.0 2008.11.18 -
Fortinet 3.117.0.0 2008.11.18 -
GData 19 2008.11.18 Win32.Worm.Bagle.ZLT
Ikarus T3.1.1.45.0 2008.11.18 -
K7AntiVirus 7.10.526 2008.11.15 -
Kaspersky 7.0.0.125 2008.11.18 -
McAfee 5437 2008.11.17 -
Microsoft 1.4104 2008.11.17 -
NOD32 3621 2008.11.18 -
Norman 5.80.02 2008.11.18 -
Panda 9.0.0.4 2008.11.17 -
PCTools 4.4.2.0 2008.11.18 -
Prevx1 V2 2008.11.18 -
Rising 21.04.12.00 2008.11.18 -
SecureWeb-Gateway 6.7.6 2008.11.18 -
Sophos 4.35.0 2008.11.18 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.18 -
TheHacker 6.3.1.1.157 2008.11.18 -
TrendMicro 8.700.0.1004 2008.11.18 -
VBA32 3.12.8.9 2008.11.18 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.17 -
Additional information
File size: 73728 bytes

Добавлено через 5 минут

File antiviruspro2009.exe received on 11.18.2008 14:43:59 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.18.2 2008.11.18 Win-Trojan/FakeAv.597323
AntiVir 7.9.0.31 2008.11.18 TR/Fakealert.HO
Authentium 5.1.0.4 2008.11.18 -
Avast 4.8.1281.0 2008.11.17 -
AVG 8.0.0.199 2008.11.17 Downloader.Zlob.AGXV
BitDefender 7.2 2008.11.18 -
CAT-QuickHeal 10.00 2008.11.18 -
ClamAV 0.94.1 2008.11.18 Trojan.FakeAV-17
DrWeb 4.44.0.09170 2008.11.18 -
eSafe 7.0.17.0 2008.11.17 -
eTrust-Vet 31.6.6209 2008.11.14 -
Ewido 4.0 2008.11.18 -
F-Prot 4.4.4.56 2008.11.17 -
F-Secure 8.0.14332.0 2008.11.18 -
Fortinet 3.117.0.0 2008.11.18 -
GData 19 2008.11.18 -
Ikarus T3.1.1.45.0 2008.11.18 Trojan-Clicker.Win32.Klik
K7AntiVirus 7.10.526 2008.11.15 -
Kaspersky 7.0.0.125 2008.11.18 -
McAfee 5437 2008.11.17 Generic FakeAlert.d
Microsoft 1.4104 2008.11.17 Trojan:Win32/FakeRean
NOD32 3621 2008.11.18 a variant of Win32/TrojanDownloader.FakeAlert.FP
Norman 5.80.02 2008.11.18 -
Panda 9.0.0.4 2008.11.17 -
PCTools 4.4.2.0 2008.11.18 -
Prevx1 V2 2008.11.18 Malicious Software
Rising 21.04.12.00 2008.11.18 -
SecureWeb-Gateway 6.7.6 2008.11.18 Trojan.Fakealert.HO
Sophos 4.35.0 2008.11.18 Mal/Generic-A
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.18 -
TheHacker 6.3.1.1.157 2008.11.18 -
TrendMicro 8.700.0.1004 2008.11.18 -
VBA32 3.12.8.9 2008.11.18 Trojan.Win32.FraudPack.gtt
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.17 -
Additional information
File size: 597323 bytes

Shu_b
19.11.2008, 16:25
File mschco.exe received on 11.19.2008 11:21:50 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.18.2 2008.11.19 -
AntiVir 7.9.0.34 2008.11.19 TR/ATRAPS.Gen
Authentium 5.1.0.4 2008.11.18 -
Avast 4.8.1281.0 2008.11.18 -
AVG 8.0.0.199 2008.11.19 Generic12.OIV
BitDefender 7.2 2008.11.19 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 10.00 2008.11.19 -
ClamAV 0.94.1 2008.11.19 -
DrWeb 4.44.0.09170 2008.11.19 -
eSafe 7.0.17.0 2008.11.18 -
eTrust-Vet 31.6.6217 2008.11.19 -
Ewido 4.0 2008.11.18 -
F-Prot 4.4.4.56 2008.11.18 -
F-Secure 8.0.14332.0 2008.11.19 W32/Malware
Fortinet 3.117.0.0 2008.11.19 -
GData 19 2008.11.19 BehavesLike:Win32.ExplorerHijack
Ikarus T3.1.1.45.0 2008.11.19 Trojan-Dropper.Agent
K7AntiVirus 7.10.527 2008.11.18 -
Kaspersky 7.0.0.125 2008.11.19 Heur.Trojan.Generic
McAfee 5438 2008.11.18 -
Microsoft 1.4104 2008.11.19 -
NOD32 3623 2008.11.18 -
Norman 5.80.02 2008.11.18 W32/Malware
Panda 9.0.0.4 2008.11.19 Suspicious file
PCTools 4.4.2.0 2008.11.18 -
Prevx1 V2 2008.11.19 -
Rising 21.04.22.00 2008.11.19 -
SecureWeb-Gateway 6.7.6 2008.11.19 Trojan.ATRAPS.Gen
Sophos 4.35.0 2008.11.19 Mal/Behav-204
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.19 -
TheHacker 6.3.1.1.158 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.19 -
VBA32 3.12.8.9 2008.11.18 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.18 -
Additional information
File size: 66560 bytes
MD5...: 07cf2d63869c7dd52e464e36cdece5ee

Добавлено через 2 часа 40 минут

File Client_gerda.exe received on 11.19.2008 14:12:39 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.18.2 2008.11.19 -
AntiVir 7.9.0.34 2008.11.19 -
Authentium 5.1.0.4 2008.11.18 -
Avast 4.8.1281.0 2008.11.18 -
AVG 8.0.0.199 2008.11.19 -
BitDefender 7.2 2008.11.19 -
CAT-QuickHeal 10.00 2008.11.19 -
ClamAV 0.94.1 2008.11.19 -
DrWeb 4.44.0.09170 2008.11.19 -
eSafe 7.0.17.0 2008.11.18 -
eTrust-Vet 31.6.6217 2008.11.19 -
Ewido 4.0 2008.11.18 -
F-Prot 4.4.4.56 2008.11.18 -
F-Secure 8.0.14332.0 2008.11.19 -
Fortinet 3.117.0.0 2008.11.19 -
GData 19 2008.11.19 -
Ikarus T3.1.1.45.0 2008.11.19 -
K7AntiVirus 7.10.527 2008.11.18 -
Kaspersky 7.0.0.125 2008.11.19 -
McAfee 5438 2008.11.18 -
Microsoft 1.4104 2008.11.19 -
NOD32 3624 2008.11.19 a variant of Win32/Packed.Themida
Norman 5.80.02 2008.11.18 -
Panda 9.0.0.4 2008.11.19 -
PCTools 4.4.2.0 2008.11.19 -
Prevx1 V2 2008.11.19 -
Rising 21.04.22.00 2008.11.19 -
SecureWeb-Gateway 6.7.6 2008.11.19 Win32.EPO.gen (suspicious)
Sophos 4.35.0 2008.11.19 Sus/UnkPacker
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.19 -
TheHacker 6.3.1.1.158 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.19 -
VBA32 3.12.8.9 2008.11.18 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.18 -
Additional information
File size: 2816512 bytes

Добавлено через 8 минут

File services.exe received on 11.19.2008 14:22:18 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.18.2 2008.11.19 -
AntiVir 7.9.0.34 2008.11.19 -
Authentium 5.1.0.4 2008.11.18 -
Avast 4.8.1281.0 2008.11.18 -
AVG 8.0.0.199 2008.11.19 Downloader.Generic_r.BT
BitDefender 7.2 2008.11.19 -
CAT-QuickHeal 10.00 2008.11.19 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.11.19 -
DrWeb 4.44.0.09170 2008.11.19 -
eSafe 7.0.17.0 2008.11.18 -
eTrust-Vet 31.6.6217 2008.11.19 -
Ewido 4.0 2008.11.18 -
F-Prot 4.4.4.56 2008.11.18 -
F-Secure 8.0.14332.0 2008.11.19 -
Fortinet 3.117.0.0 2008.11.19 -
GData 19 2008.11.19 -
Ikarus T3.1.1.45.0 2008.11.19 -
K7AntiVirus 7.10.527 2008.11.18 -
Kaspersky 7.0.0.125 2008.11.19 -
McAfee 5438 2008.11.18 -
Microsoft 1.4104 2008.11.19 -
NOD32 3624 2008.11.19 probably a variant of Win32/Kryptik.BJ
Norman 5.80.02 2008.11.18 -
Panda 9.0.0.4 2008.11.19 -
PCTools 4.4.2.0 2008.11.19 -
Prevx1 V2 2008.11.19 -
Rising 21.04.22.00 2008.11.19 -
SecureWeb-Gateway 6.7.6 2008.11.19 Trojan.LooksLike.Agent
Sophos 4.35.0 2008.11.19 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.19 -
TheHacker 6.3.1.1.158 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.19 -
VBA32 3.12.8.9 2008.11.18 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.18 -
Additional information
File size: 43520 bytes
MD5...: f8250fd02168d36d7ecb6c6ba1429f45

Shu_b
20.11.2008, 14:30
File rs32net.exe received on 11.20.2008 11:48:48 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.20.3 2008.11.20 -
AntiVir 7.9.0.34 2008.11.20 TR/Dropper.Gen
Authentium 5.1.0.4 2008.11.20 -
Avast 4.8.1281.0 2008.11.19 -
AVG 8.0.0.199 2008.11.19 -
BitDefender 7.2 2008.11.20 -
CAT-QuickHeal 10.00 2008.11.20 -
ClamAV 0.94.1 2008.11.20 -
DrWeb 4.44.0.09170 2008.11.20 -
eSafe 7.0.17.0 2008.11.19 -
eTrust-Vet 31.6.6219 2008.11.20 -
Ewido 4.0 2008.11.19 -
F-Prot 4.4.4.56 2008.11.20 -
F-Secure 8.0.14332.0 2008.11.20 -
Fortinet 3.117.0.0 2008.11.20 -
GData 19 2008.11.20 -
Ikarus T3.1.1.45.0 2008.11.20 -
K7AntiVirus 7.10.528 2008.11.19 -
Kaspersky 7.0.0.125 2008.11.20 -
McAfee 5439 2008.11.19 -
Microsoft 1.4104 2008.11.20 TrojanDropper:Win32/Cutwail.AL
NOD32 3626 2008.11.19 -
Norman 5.80.02 2008.11.19 -
Panda 9.0.0.4 2008.11.20 -
PCTools 4.4.2.0 2008.11.19 -
Prevx1 V2 2008.11.20 Malicious Software
Rising 21.04.32.00 2008.11.20 -
SecureWeb-Gateway 6.7.6 2008.11.20 Trojan.Dropper.Gen
Sophos 4.35.0 2008.11.20 Troj/Bravo-I
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.20 -
TheHacker 6.3.1.1.159 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.20 -
VBA32 3.12.8.9 2008.11.19 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.19 -
Additional information
File size: 22528 bytes
MD5...: 5e14eee58af9bf39dd2c35177dd4fd97

Добавлено через 21 минуту

File RQRSPOVS.sys received on 11.20.2008 12:11:22 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.20.3 2008.11.20 -
AntiVir 7.9.0.34 2008.11.20 -
Authentium 5.1.0.4 2008.11.20 -
Avast 4.8.1281.0 2008.11.19 -
AVG 8.0.0.199 2008.11.19 -
BitDefender 7.2 2008.11.20 -
CAT-QuickHeal 10.00 2008.11.20 -
ClamAV 0.94.1 2008.11.20 -
DrWeb 4.44.0.09170 2008.11.20 -
eSafe 7.0.17.0 2008.11.19 -
eTrust-Vet 31.6.6219 2008.11.20 -
Ewido 4.0 2008.11.19 -
F-Prot 4.4.4.56 2008.11.20 -
F-Secure 8.0.14332.0 2008.11.20 -
Fortinet 3.117.0.0 2008.11.20 -
GData 19 2008.11.20 -
Ikarus T3.1.1.45.0 2008.11.20 -
K7AntiVirus 7.10.528 2008.11.19 -
Kaspersky 7.0.0.125 2008.11.20 -
McAfee 5439 2008.11.19 -
Microsoft 1.4104 2008.11.20 -
NOD32 3627 2008.11.20 -
Norman 5.80.02 2008.11.19 -
Panda 9.0.0.4 2008.11.20 -
PCTools 4.4.2.0 2008.11.19 -
Prevx1 V2 2008.11.20 -
Rising 21.04.32.00 2008.11.20 -
SecureWeb-Gateway 6.7.6 2008.11.20 Trojan.LooksLike.Rootkit
Sophos 4.35.0 2008.11.20 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.20 -
TheHacker 6.3.1.1.159 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.20 Cryp_Xed-3
VBA32 3.12.8.9 2008.11.19 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.19 -
Additional information
File size: 176640 bytes
MD5...: 7de9a3c67dc9c95275d594662bb7c993

Добавлено через 15 минут

File Microsoft Common\svchost.exe received on 11.20.2008 12:26:54 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.20.3 2008.11.20 -
AntiVir 7.9.0.34 2008.11.20 -
Authentium 5.1.0.4 2008.11.20 -
Avast 4.8.1281.0 2008.11.19 -
AVG 8.0.0.199 2008.11.19 SHeur2.CKX
BitDefender 7.2 2008.11.20 -
CAT-QuickHeal 10.00 2008.11.20 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.11.20 -
DrWeb 4.44.0.09170 2008.11.20 -
eSafe 7.0.17.0 2008.11.19 -
eTrust-Vet 31.6.6219 2008.11.20 -
Ewido 4.0 2008.11.19 -
F-Prot 4.4.4.56 2008.11.20 -
F-Secure 8.0.14332.0 2008.11.20 W32/Zbot.BDS
Fortinet 3.117.0.0 2008.11.20 -
GData 19 2008.11.20 -
Ikarus T3.1.1.45.0 2008.11.20 Trojan.Win32.AgentBypass
K7AntiVirus 7.10.528 2008.11.19 -
Kaspersky 7.0.0.125 2008.11.20 -
McAfee 5439 2008.11.19 -
Microsoft 1.4104 2008.11.20 Trojan:Win32/AgentBypass.gen!K
NOD32 3627 2008.11.20 -
Norman 5.80.02 2008.11.19 W32/Zbot.BDS
Panda 9.0.0.4 2008.11.20 -
PCTools 4.4.2.0 2008.11.19 -
Prevx1 V2 2008.11.20 -
Rising 21.04.32.00 2008.11.20 Worm.Win32.Agent.aaj
SecureWeb-Gateway 6.7.6 2008.11.20 Win32.NewMalware.HM!27136!4
Sophos 4.35.0 2008.11.20 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.20 -
TheHacker 6.3.1.1.159 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.20 PAK_Generic.001
VBA32 3.12.8.9 2008.11.19 Worm.Win32.AutoRun.rjn
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.19 -
Additional information
File size: 27136 bytes

Phoenix
21.11.2008, 09:56
Предыдущая проверка кем-то на тотале была с результатом 10/36 от 12.11.2008.
Медленно реагируют господа аналитики... >:(

Файл mzlcjb.exe получен 2008.11.21 07:39:36 (CET)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.11.21.0 2008.11.20 -
AntiVir 7.9.0.34 2008.11.20 TR/Autoit.420098
Authentium 5.1.0.4 2008.11.20 -
Avast 4.8.1281.0 2008.11.20 Win32:Rootkit-gen
AVG 8.0.0.199 2008.11.20 Worm/Autoit.FOX
BitDefender 7.2 2008.11.21 -
CAT-QuickHeal 10.00 2008.11.21 -
ClamAV 0.94.1 2008.11.21 -
DrWeb 4.44.0.09170 2008.11.20 -
eSafe 7.0.17.0 2008.11.19 Win32.Autoit.fj
eTrust-Vet 31.6.6220 2008.11.21 -
Ewido 4.0 2008.11.20 -
F-Prot 4.4.4.56 2008.11.21 -
F-Secure 8.0.14332.0 2008.11.21 Trojan.Win32.Autoit.fj
Fortinet 3.117.0.0 2008.11.21 W32/Autoit.FJ!tr
GData 19 2008.11.21 Win32:Rootkit-gen
Ikarus T3.1.1.45.0 2008.11.21 Trojan.Win32.Autoit.dt
K7AntiVirus 7.10.529 2008.11.20 -
Kaspersky 7.0.0.125 2008.11.21 Trojan.Win32.Autoit.fj
McAfee 5440 2008.11.20 -
Microsoft 1.4104 2008.11.21 Trojan:Win32/Meredrop
NOD32 3629 2008.11.21 -
Norman 5.80.02 2008.11.20 W32/Agent.JIIR
Panda 9.0.0.4 2008.11.20 W32/Sohanat.AS.worm
PCTools 4.4.2.0 2008.11.20 -
Prevx1 V2 2008.11.21 -
Rising 21.04.40.00 2008.11.21 -
SecureWeb-Gateway 6.7.6 2008.11.21 Trojan.Autoit.420098
Sophos 4.35.0 2008.11.20 Sus/Behav-1011
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.21 W32.Harakit
TheHacker 6.3.1.1.159 2008.11.19 Trojan/Autoit.gs
TrendMicro 8.700.0.1004 2008.11.21 -
VBA32 3.12.8.9 2008.11.20 Trojan.Win32.Autoit.fj
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.20 Trojan.Autoit.ED
Дополнительная информация
File size: 420614 bytes
MD5...: 12a2b1e6075df82adb55b0091d0fb3f8
SHA1..: 2a73bbfe558ef5f7c7fecb991513598456d5609b
SHA256: c950a445c37e58538b1c64b28397b425d521eb2dacc73bd62e 9cb6a4e31eca76
SHA512: 4b36f77d26a396579fd1872171372f446dba448ea682cee6db 03614e8ea78d71<br>a47d33e7df9c34152d6cdc79f00be271cf1d55a3cf706b5488 2bac8b383eb721
PEiD..: -
TrID..: File type identification<br>UPX compressed Win32 Executable (39.5%)<br>Win32 EXE Yoda's Crypter (34.3%)<br>Win32 Executable Generic (11.0%)<br>Win32 Dynamic Link Library (generic) (9.8%)<br>Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x490490<br>timedatestamp.....: 0x4850e379 (Thu Jun 12 08:51:05 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0x58000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x59000 0x38000 0x37800 7.93 c8cb0c68e090a662ba2868cc32095c1b<br>.rsrc 0x91000 0x1000 0x600 3.31 d013d2373cc18dfe81eb1acfaa18d88b<br><br>( 13 imports ) <br>&gt; KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br>&gt; ADVAPI32.dll: RegCloseKey<br>&gt; COMCTL32.dll: ImageList_Create<br>&gt; comdlg32.dll: GetSaveFileNameW<br>&gt; GDI32.dll: LineTo<br>&gt; MPR.dll: WNetUseConnectionW<br>&gt; ole32.dll: CoInitialize<br>&gt; OLEAUT32.dll: -<br>&gt; SHELL32.dll: DragFinish<br>&gt; USER32.dll: GetDC<br>&gt; VERSION.dll: VerQueryValueW<br>&gt; WINMM.dll: timeGetTime<br>&gt; WSOCK32.dll: -<br><br>( 0 exports ) <br>
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX

Shu_b
21.11.2008, 14:13
File msansspc.dll received on 11.21.2008 08:39:34 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.21.0 2008.11.20 -
AntiVir 7.9.0.34 2008.11.20 -
Authentium 5.1.0.4 2008.11.20 -
Avast 4.8.1281.0 2008.11.20 -
AVG 8.0.0.199 2008.11.20 -
BitDefender 7.2 2008.11.21 -
CAT-QuickHeal 10.00 2008.11.21 -
ClamAV 0.94.1 2008.11.21 -
DrWeb 4.44.0.09170 2008.11.20 Trojan.Inject.4675
eSafe 7.0.17.0 2008.11.19 Suspicious File
eTrust-Vet 31.6.6219 2008.11.20 -
Ewido 4.0 2008.11.20 -
F-Prot 4.4.4.56 2008.11.21 -
F-Secure 8.0.14332.0 2008.11.21 -
Fortinet 3.117.0.0 2008.11.21 -
GData 19 2008.11.21 -
Ikarus T3.1.1.45.0 2008.11.21 -
K7AntiVirus 7.10.529 2008.11.20 -
Kaspersky 7.0.0.125 2008.11.21 Backdoor.Win32.Small.gsc
McAfee 5440 2008.11.20 -
Microsoft 1.4104 2008.11.21 -
NOD32 3629 2008.11.21 -
Norman 5.80.02 2008.11.20 -
Panda 9.0.0.4 2008.11.20 -
PCTools 4.4.2.0 2008.11.20 -
Prevx1 V2 2008.11.21 -
Rising 21.04.40.00 2008.11.21 Trojan.Win32.Undef.tap
SecureWeb-Gateway 6.7.6 2008.11.21 -
Sophos 4.35.0 2008.11.20 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.21 -
TheHacker 6.3.1.1.159 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.21 -
VBA32 3.12.8.9 2008.11.20 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.20 -
Additional information
File size: 28160 bytes
MD5...: f0f3bf172996b2ae0dd399b7119f94a1

Добавлено через 1 минуту

File ie567.dll received on 11.21.2008 08:53:15 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.21.0 2008.11.20 -
AntiVir 7.9.0.34 2008.11.21 -
Authentium 5.1.0.4 2008.11.20 W32/Heuristic-KPP!Eldorado
Avast 4.8.1281.0 2008.11.20 -
AVG 8.0.0.199 2008.11.20 -
BitDefender 7.2 2008.11.21 -
CAT-QuickHeal 10.00 2008.11.21 Win32.TrojanSpy.Hitpop.gen!C.6
ClamAV 0.94.1 2008.11.21 -
DrWeb 4.44.0.09170 2008.11.21 -
eSafe 7.0.17.0 2008.11.19 -
eTrust-Vet 31.6.6220 2008.11.21 -
Ewido 4.0 2008.11.20 -
F-Prot 4.4.4.56 2008.11.21 W32/Heuristic-KPP!Eldorado
F-Secure 8.0.14332.0 2008.11.21 -
Fortinet 3.117.0.0 2008.11.21 -
GData 19 2008.11.21 -
Ikarus T3.1.1.45.0 2008.11.21 -
K7AntiVirus 7.10.529 2008.11.20 -
Kaspersky 7.0.0.125 2008.11.21 -
McAfee 5440 2008.11.20 -
Microsoft 1.4104 2008.11.21 -
NOD32 3629 2008.11.21 -
Norman 5.80.02 2008.11.20 W32/Malware.EJQN
Panda 9.0.0.4 2008.11.20 Suspicious file
PCTools 4.4.2.0 2008.11.20 -
Prevx1 V2 2008.11.21 Worm
Rising 21.04.40.00 2008.11.21 AdWare.Win32.Mnless.aof
SecureWeb-Gateway 6.7.6 2008.11.21 -
Sophos 4.35.0 2008.11.20 Mal/Behav-304
Sunbelt 3.1.1823.2 2008.11.21 -
Symantec 10 2008.11.21 -
TheHacker 6.3.1.1.159 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.21 -
VBA32 3.12.8.9 2008.11.20 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.20 -
Additional information
File size: 46592 bytes

Добавлено через 7 минут

File qyklib.dll received on 11.21.2008 09:05:51 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.21.0 2008.11.20 -
AntiVir 7.9.0.34 2008.11.21 -
Authentium 5.1.0.4 2008.11.20 -
Avast 4.8.1281.0 2008.11.20 -
AVG 8.0.0.199 2008.11.20 -
BitDefender 7.2 2008.11.21 -
CAT-QuickHeal 10.00 2008.11.21 -
ClamAV 0.94.1 2008.11.21 -
DrWeb 4.44.0.09170 2008.11.21 Trojan.Virtumod.852
eSafe 7.0.17.0 2008.11.19 -
eTrust-Vet 31.6.6220 2008.11.21 -
Ewido 4.0 2008.11.20 -
F-Prot 4.4.4.56 2008.11.21 -
F-Secure 8.0.14332.0 2008.11.21 Trojan-Downloader.Win32.BHO.zt
Fortinet 3.117.0.0 2008.11.21 -
GData 19 2008.11.21 -
Ikarus T3.1.1.45.0 2008.11.21 -
K7AntiVirus 7.10.529 2008.11.20 -
Kaspersky 7.0.0.125 2008.11.21 Trojan-Downloader.Win32.BHO.zt
McAfee 5440 2008.11.20 -
Microsoft 1.4104 2008.11.21 -
NOD32 3629 2008.11.21 -
Norman 5.80.02 2008.11.20 -
Panda 9.0.0.4 2008.11.20 -
PCTools 4.4.2.0 2008.11.20 -
Prevx1 V2 2008.11.21 -
Rising 21.04.40.00 2008.11.21 -
SecureWeb-Gateway 6.7.6 2008.11.21 -
Sophos 4.35.0 2008.11.20 -
Sunbelt 3.1.1823.2 2008.11.21 -
Symantec 10 2008.11.21 -
TheHacker 6.3.1.1.159 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.21 -
VBA32 3.12.8.9 2008.11.20 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.20 -
Additional information
File size: 330240 bytes
MD5...: 3ef71d8bb7020a5b2850fe47d5a62a49

Добавлено через 3 минуты

File avz00003.dta received on 11.21.2008 09:06:51 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.21.0 2008.11.20 -
AntiVir 7.9.0.34 2008.11.21 -
Authentium 5.1.0.4 2008.11.20 -
Avast 4.8.1281.0 2008.11.20 -
AVG 8.0.0.199 2008.11.20 Win32/Heur
BitDefender 7.2 2008.11.21 -
CAT-QuickHeal 10.00 2008.11.21 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.11.21 -
DrWeb 4.44.0.09170 2008.11.21 -
eSafe 7.0.17.0 2008.11.19 Suspicious File
eTrust-Vet 31.6.6220 2008.11.21 -
Ewido 4.0 2008.11.20 -
F-Prot 4.4.4.56 2008.11.21 -
F-Secure 8.0.14332.0 2008.11.21 Trojan.Win32.Agent.aouk
Fortinet 3.117.0.0 2008.11.21 -
GData 19 2008.11.21 -
Ikarus T3.1.1.45.0 2008.11.21 Backdoor.Win32.Momibot
K7AntiVirus 7.10.529 2008.11.20 -
Kaspersky 7.0.0.125 2008.11.21 Trojan.Win32.Agent.aouk
McAfee 5440 2008.11.20 -
Microsoft 1.4104 2008.11.21 Backdoor:Win32/Momibot.gen!B
NOD32 3629 2008.11.21 -
Norman 5.80.02 2008.11.20 -
Panda 9.0.0.4 2008.11.20 -
PCTools 4.4.2.0 2008.11.20 -
Prevx1 V2 2008.11.21 -
Rising 21.04.40.00 2008.11.21 -
SecureWeb-Gateway 6.7.6 2008.11.21 -
Sophos 4.35.0 2008.11.20 -
Sunbelt 3.1.1823.2 2008.11.21 -
Symantec 10 2008.11.21 -
TheHacker 6.3.1.1.159 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.21 -
VBA32 3.12.8.9 2008.11.20 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.20 -
Additional information
File size: 42496 bytes

Добавлено через 9 минут

File msvcrt48.dll received on 11.21.2008 09:16:54 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.21.0 2008.11.20 -
AntiVir 7.9.0.34 2008.11.21 -
Authentium 5.1.0.4 2008.11.20 -
Avast 4.8.1281.0 2008.11.20 -
AVG 8.0.0.199 2008.11.20 PSW.Agent.WGY
BitDefender 7.2 2008.11.21 -
CAT-QuickHeal 10.00 2008.11.21 -
ClamAV 0.94.1 2008.11.21 -
DrWeb 4.44.0.09170 2008.11.21 -
eSafe 7.0.17.0 2008.11.19 -
eTrust-Vet 31.6.6220 2008.11.21 -
Ewido 4.0 2008.11.20 -
F-Prot 4.4.4.56 2008.11.21 -
F-Secure 8.0.14332.0 2008.11.21 Trojan-Spy.Win32.Agent.eyl
Fortinet 3.117.0.0 2008.11.21 Spy/Agent
GData 19 2008.11.21 -
Ikarus T3.1.1.45.0 2008.11.21 -
K7AntiVirus 7.10.529 2008.11.20 -
Kaspersky 7.0.0.125 2008.11.21 Trojan-Spy.Win32.Agent.eyl
McAfee 5440 2008.11.20 -
Microsoft 1.4104 2008.11.21 -
NOD32 3629 2008.11.21 -
Norman 5.80.02 2008.11.20 -
Panda 9.0.0.4 2008.11.20 Suspicious file
PCTools 4.4.2.0 2008.11.20 -
Prevx1 V2 2008.11.21 -
Rising 21.04.40.00 2008.11.21 -
SecureWeb-Gateway 6.7.6 2008.11.21 -
Sophos 4.35.0 2008.11.20 -
Sunbelt 3.1.1823.2 2008.11.21 -
Symantec 10 2008.11.21 -
TheHacker 6.3.1.1.159 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.21 -
VBA32 3.12.8.9 2008.11.20 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.20 -
Additional information
File size: 20480 bytes

Добавлено через 1 минуту

File msconfig.exe received on 11.21.2008 09:17:48 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.21.0 2008.11.20 -
AntiVir 7.9.0.34 2008.11.21 TR/Dropper.Gen
Authentium 5.1.0.4 2008.11.20 -
Avast 4.8.1281.0 2008.11.20 -
AVG 8.0.0.199 2008.11.20 -
BitDefender 7.2 2008.11.21 -
CAT-QuickHeal 10.00 2008.11.21 TrojanDropper.Agent.zaq
ClamAV 0.94.1 2008.11.21 -
DrWeb 4.44.0.09170 2008.11.21 -
eSafe 7.0.17.0 2008.11.19 -
eTrust-Vet 31.6.6219 2008.11.20 -
Ewido 4.0 2008.11.20 -
F-Prot 4.4.4.56 2008.11.21 -
F-Secure 8.0.14332.0 2008.11.21 Trojan-Dropper.Win32.Agent.zxz
Fortinet 3.117.0.0 2008.11.21 -
GData 19 2008.11.21 -
Ikarus T3.1.1.45.0 2008.11.21 -
K7AntiVirus 7.10.529 2008.11.20 -
Kaspersky 7.0.0.125 2008.11.21 Trojan-Dropper.Win32.Agent.zxz
McAfee 5440 2008.11.20 -
Microsoft 1.4104 2008.11.21 -
NOD32 3629 2008.11.21 -
Norman 5.80.02 2008.11.20 -
Panda 9.0.0.4 2008.11.20 Suspicious file
PCTools 4.4.2.0 2008.11.20 -
Prevx1 V2 2008.11.21 -
Rising 21.04.40.00 2008.11.21 -
SecureWeb-Gateway 6.7.6 2008.11.21 Trojan.Dropper.Gen
Sophos 4.35.0 2008.11.20 -
Sunbelt 3.1.1823.2 2008.11.21 -
Symantec 10 2008.11.21 -
TheHacker 6.3.1.1.159 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.21 -
VBA32 3.12.8.9 2008.11.20 Trojan-Dropper.Win32.Agent.zaq
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.20 -
Additional information
File size: 25088 bytes

Добавлено через 20 минут

File 1.tmp received on 11.21.2008 09:40:18 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.21.0 2008.11.21 -
AntiVir 7.9.0.34 2008.11.21 -
Authentium 5.1.0.4 2008.11.20 -
Avast 4.8.1281.0 2008.11.20 -
AVG 8.0.0.199 2008.11.20 -
BitDefender 7.2 2008.11.21 -
CAT-QuickHeal 10.00 2008.11.21 -
ClamAV 0.94.1 2008.11.21 -
DrWeb 4.44.0.09170 2008.11.21 Trojan.EmailSpy.origin
eSafe 7.0.17.0 2008.11.19 -
eTrust-Vet 31.6.6220 2008.11.21 -
Ewido 4.0 2008.11.20 -
F-Prot 4.4.4.56 2008.11.21 -
F-Secure 8.0.14332.0 2008.11.21 -
Fortinet 3.117.0.0 2008.11.21 -
GData 19 2008.11.21 -
Ikarus T3.1.1.45.0 2008.11.21 Trojan-PWS.Win32.LdPinch
K7AntiVirus 7.10.529 2008.11.20 -
Kaspersky 7.0.0.125 2008.11.21 -
McAfee 5440 2008.11.20 -
Microsoft 1.4104 2008.11.21 -
NOD32 3629 2008.11.21 -
Norman 5.80.02 2008.11.20 -
Panda 9.0.0.4 2008.11.20 -
PCTools 4.4.2.0 2008.11.20 -
Prevx1 V2 2008.11.21 -
Rising 21.04.40.00 2008.11.21 -
SecureWeb-Gateway 6.7.6 2008.11.21 -
Sophos 4.35.0 2008.11.20 -
Sunbelt 3.1.1823.2 2008.11.21 -
Symantec 10 2008.11.21 -
TheHacker 6.3.1.1.159 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.21 -
VBA32 3.12.8.9 2008.11.20 suspected of Email-Worm.Bagle.2 (paranoid heuristics)
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.20 -
Additional information
File size: 17408 bytes

Добавлено через 2 часа 29 минут

File twext.exe received on 11.21.2008 12:10:31 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.21.0 2008.11.21 -
AntiVir 7.9.0.34 2008.11.21 -
Authentium 5.1.0.4 2008.11.20 -
Avast 4.8.1281.0 2008.11.20 Win32:Rootkit-gen
AVG 8.0.0.199 2008.11.20 Win32/Heur
BitDefender 7.2 2008.11.21 -
CAT-QuickHeal 10.00 2008.11.21 -
ClamAV 0.94.1 2008.11.21 -
DrWeb 4.44.0.09170 2008.11.21 -
eSafe 7.0.17.0 2008.11.19 -
eTrust-Vet 31.6.6221 2008.11.21 -
Ewido 4.0 2008.11.20 -
F-Prot 4.4.4.56 2008.11.21 W32/Tibs.AA.gen!Eldorado
F-Secure 8.0.14332.0 2008.11.21 -
Fortinet 3.117.0.0 2008.11.21 -
GData 19 2008.11.21 Win32:Rootkit-gen
Ikarus T3.1.1.45.0 2008.11.21 -
K7AntiVirus 7.10.529 2008.11.20 -
Kaspersky 7.0.0.125 2008.11.21 -
McAfee 5440 2008.11.20 PWS-Zbot.gen.c
McAfee+Artemis 5440 2008.11.20 PWS-Zbot.gen.c
Microsoft 1.4104 2008.11.21 -
NOD32 3629 2008.11.21 -
Norman 5.80.02 2008.11.20 W32/Malware.EMMQ
Panda 9.0.0.4 2008.11.20 Suspicious file
PCTools 4.4.2.0 2008.11.20 -
Prevx1 V2 2008.11.21 -
Rising 21.04.42.00 2008.11.21 -
SecureWeb-Gateway 6.7.6 2008.11.21 -
Sophos 4.35.0 2008.11.21 -
Sunbelt 3.1.1823.2 2008.11.21 -
Symantec 10 2008.11.21 -
TheHacker 6.3.1.1.159 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.21 -
VBA32 3.12.8.9 2008.11.20 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.20 -
Additional information
File size: 180224 bytes
MD5...: 76cd24722cdae9e4d955d8c5f76577d9

Shu_b
24.11.2008, 12:18
File MyCentriaInfoBar.dll received on 11.24.2008 07:30:28 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.21.0 2008.11.24 -
AntiVir 7.9.0.35 2008.11.23 -
Authentium 5.1.0.4 2008.11.24 -
Avast 4.8.1281.0 2008.11.23 -
AVG 8.0.0.199 2008.11.23 Generic.BK
BitDefender 7.2 2008.11.24 -
CAT-QuickHeal 10.00 2008.11.24 -
ClamAV 0.94.1 2008.11.24 -
DrWeb 4.44.0.09170 2008.11.24 -
eSafe 7.0.17.0 2008.11.23 -
eTrust-Vet 31.6.6222 2008.11.22 -
Ewido 4.0 2008.11.23 -
F-Prot 4.4.4.56 2008.11.24 -
F-Secure 8.0.14332.0 2008.11.24 -
Fortinet 3.117.0.0 2008.11.23 -
GData 19 2008.11.24 -
Ikarus T3.1.1.45.0 2008.11.24 -
K7AntiVirus 7.10.531 2008.11.22 -
Kaspersky 7.0.0.125 2008.11.24 -
McAfee 5443 2008.11.23 -
McAfee+Artemis 5443 2008.11.23 -
Microsoft 1.4104 2008.11.24 -
NOD32 3633 2008.11.24 a variant of Win32/Adware.Mycentria.AA
Norman 5.80.02 2008.11.22 -
Panda 9.0.0.4 2008.11.23 -
PCTools 4.4.2.0 2008.11.23 -
Prevx1 V2 2008.11.24 -
Rising 21.05.00.00 2008.11.24 -
SecureWeb-Gateway 6.7.6 2008.11.23 Worm.Win32.Malware.gen (suspicious)
Sophos 4.35.0 2008.11.24 -
Sunbelt 3.1.1823.2 2008.11.22 VIPRE.Suspicious
Symantec 10 2008.11.24 -
TheHacker 6.3.1.1.160 2008.11.23 -
TrendMicro 8.700.0.1004 2008.11.24 -
VBA32 3.12.8.9 2008.11.23 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.23 -
Additional information
File size: 677888 bytes
MD5...: 2865574dfa36fe62154efe8f35ef58c8

Добавлено через 1 минуту

File qlylib.dll received on 11.24.2008 07:30:07 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.21.0 2008.11.24 -
AntiVir 7.9.0.35 2008.11.23 -
Authentium 5.1.0.4 2008.11.24 -
Avast 4.8.1281.0 2008.11.23 -
AVG 8.0.0.199 2008.11.23 -
BitDefender 7.2 2008.11.24 -
CAT-QuickHeal 10.00 2008.11.24 -
ClamAV 0.94.1 2008.11.24 -
DrWeb 4.44.0.09170 2008.11.24 Trojan.Blackmailer.origin
eSafe 7.0.17.0 2008.11.23 -
eTrust-Vet 31.6.6221 2008.11.21 -
Ewido 4.0 2008.11.23 -
F-Prot 4.4.4.56 2008.11.24 -
F-Secure 8.0.14332.0 2008.11.24 Trojan-Ransom.Win32.Hexzone.gfz
Fortinet 3.117.0.0 2008.11.23 -
GData 19 2008.11.24 -
Ikarus T3.1.1.45.0 2008.11.24 -
K7AntiVirus 7.10.531 2008.11.22 -
Kaspersky 7.0.0.125 2008.11.24 Trojan-Ransom.Win32.Hexzone.gfz
McAfee 5443 2008.11.23 -
McAfee+Artemis 5443 2008.11.23 -
Microsoft 1.4104 2008.11.24 -
NOD32 3633 2008.11.24 -
Norman 5.80.02 2008.11.22 -
Panda 9.0.0.4 2008.11.23 -
PCTools 4.4.2.0 2008.11.23 -
Prevx1 V2 2008.11.24 -
Rising 21.05.00.00 2008.11.24 -
SecureWeb-Gateway 6.7.6 2008.11.23 -
Sophos 4.35.0 2008.11.24 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.24 -
TheHacker 6.3.1.1.160 2008.11.23 -
TrendMicro 8.700.0.1004 2008.11.24 -
VBA32 3.12.8.9 2008.11.23 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.23 -
Additional information
File size: 318976 bytes
MD5...: 1ea079abbcc15c884c25ee73f41e4b77

Добавлено через 1 час 0 минут

File csrcs.exe received on 11.24.2008 10:12:28 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.21.0 2008.11.24 -
AntiVir 7.9.0.35 2008.11.24 TR/Autoit.FN
Authentium 5.1.0.4 2008.11.24 -
Avast 4.8.1281.0 2008.11.23 -
AVG 8.0.0.199 2008.11.23 -
BitDefender 7.2 2008.11.24 -
CAT-QuickHeal 10.00 2008.11.24 -
ClamAV 0.94.1 2008.11.24 -
DrWeb 4.44.0.09170 2008.11.24 Win32.HLLW.Autoruner.3438
eSafe 7.0.17.0 2008.11.23 Suspicious File
eTrust-Vet 31.6.6225 2008.11.24 -
Ewido 4.0 2008.11.23 -
F-Prot 4.4.4.56 2008.11.24 -
F-Secure 8.0.14332.0 2008.11.24 Trojan.Win32.Autoit.fn
Fortinet 3.117.0.0 2008.11.24 -
GData 19 2008.11.24 -
Ikarus T3.1.1.45.0 2008.11.24 Trojan.Win32.Autoit.dt
K7AntiVirus 7.10.531 2008.11.22 -
Kaspersky 7.0.0.125 2008.11.24 Trojan.Win32.Autoit.fn
McAfee 5443 2008.11.23 -
McAfee+Artemis 5443 2008.11.23 -
Microsoft 1.4104 2008.11.24 -
NOD32 3634 2008.11.24 -
Norman 5.80.02 2008.11.22 W32/Agent.JIIR
Panda 9.0.0.4 2008.11.23 -
PCTools 4.4.2.0 2008.11.23 -
Prevx1 V2 2008.11.24 -
Rising 21.05.00.00 2008.11.24 -
SecureWeb-Gateway 6.7.6 2008.11.24 Trojan.Autoit.FN
Sophos 4.35.0 2008.11.24 Sus/Behav-1011
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.24 -
TheHacker 6.3.1.1.161 2008.11.24 Trojan/Autoit.gs
TrendMicro 8.700.0.1004 2008.11.24 -
VBA32 3.12.8.9 2008.11.23 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.23 -
Additional information
File size: 420170 bytes
MD5...: 6c34e59430cbe53274744841c5edb554

Hanson
25.11.2008, 12:53
File twext.exe received on 11.25.2008 07:14:53 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 14/37 (37.84%)


Antivirus Version Last Update Result
AhnLab-V3 2008.11.24.3 2008.11.25 -
AntiVir 7.9.0.35 2008.11.24 -
Authentium 5.1.0.4 2008.11.24 -
Avast 4.8.1281.0 2008.11.24 Win32:Rootkit-gen
AVG 8.0.0.199 2008.11.24 Agent.AMGG
BitDefender 7.2 2008.11.25 -
CAT-QuickHeal 10.00 2008.11.25 -
ClamAV 0.94.1 2008.11.25 -
DrWeb 4.44.0.09170 2008.11.24 -
eSafe 7.0.17.0 2008.11.24 Suspicious File
eTrust-Vet 31.6.6226 2008.11.25 -
Ewido 4.0 2008.11.24 -
F-Prot 4.4.4.56 2008.11.24 W32/DelfInject.A.gen!Eldorado
F-Secure 8.0.14332.0 2008.11.25 Trojan.Win32.Agent.anyc
Fortinet 3.117.0.0 2008.11.25 W32/Agent.ANYC!tr
GData 19 2008.11.25 Win32:Rootkit-gen
Ikarus T3.1.1.45.0 2008.11.25 Trojan.Win32.Agent
K7AntiVirus 7.10.532 2008.11.24 -
Kaspersky 7.0.0.125 2008.11.25 Trojan.Win32.Agent.anyc
McAfee 5444 2008.11.24 -
McAfee+Artemis 5444 2008.11.24 Generic!Artemis
Microsoft 1.4104 2008.11.25 PWS:Win32/Zbot.FAL
NOD32 3637 2008.11.24 -
Norman 5.80.02 2008.11.24 W32/Agent.JILH
Panda 9.0.0.4 2008.11.24 -
PCTools 4.4.2.0 2008.11.24 -
Prevx1 V2 2008.11.25 -
Rising 21.05.10.00 2008.11.25 Trojan.Win32.Agent.any
SecureWeb-Gateway 6.7.6 2008.11.24 -
Sophos 4.35.0 2008.11.25 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.25 -
TheHacker 6.3.1.1.162 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.25 -
VBA32 3.12.8.9 2008.11.24 Trojan.Win32.Agent.anyc
ViRobot 2008.11.25.1484 2008.11.25 -
VirusBuster 4.5.11.0 2008.11.24 -

Shu_b
25.11.2008, 14:42
File dezubebo.dll received on 11.25.2008 12:10:38 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.24.3 2008.11.25 -
AntiVir 7.9.0.35 2008.11.25 -
Authentium 5.1.0.4 2008.11.25 -
Avast 4.8.1281.0 2008.11.24 -
AVG 8.0.0.199 2008.11.24 -
BitDefender 7.2 2008.11.25 -
CAT-QuickHeal 10.00 2008.11.25 -
ClamAV 0.94.1 2008.11.25 -
DrWeb 4.44.0.09170 2008.11.25 -
eSafe 7.0.17.0 2008.11.24 Suspicious File
eTrust-Vet 31.6.6227 2008.11.25 -
Ewido 4.0 2008.11.24 -
F-Prot 4.4.4.56 2008.11.24 -
F-Secure 8.0.14332.0 2008.11.25 -
Fortinet 3.117.0.0 2008.11.25 -
GData 19 2008.11.25 -
Ikarus T3.1.1.45.0 2008.11.25 -
K7AntiVirus 7.10.532 2008.11.24 -
Kaspersky 7.0.0.125 2008.11.25 -
McAfee 5444 2008.11.24 -
McAfee+Artemis 5444 2008.11.24 -
Microsoft 1.4104 2008.11.25 -
Norman 5.80.02 2008.11.25 -
Panda 9.0.0.4 2008.11.24 Suspicious file
PCTools 4.4.2.0 2008.11.24 -
Prevx1 V2 2008.11.25 Malicious Software
Rising 21.05.12.00 2008.11.25 Trojan.Win32.VUNDO.bug
SecureWeb-Gateway 6.7.6 2008.11.25 Win32.Malware.gen!92 (suspicious)
Sophos 4.35.0 2008.11.25 Troj/Virtum-Gen
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.25 -
TheHacker 6.3.1.1.162 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.25 -
VBA32 3.12.8.9 2008.11.24 -
ViRobot 2008.11.25.1485 2008.11.25 -
VirusBuster 4.5.11.0 2008.11.24 -
Additional information
File size: 93238 bytes
MD5...: 61607392528b27274c81bbaacfc10f50

Добавлено через 2 минуты

File junefare.dll vakumene.dll vebimayo.dll received on 11.25.2008 12:10:23 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.24.3 2008.11.25 -
AntiVir 7.9.0.35 2008.11.25 -
Authentium 5.1.0.4 2008.11.25 -
Avast 4.8.1281.0 2008.11.24 -
AVG 8.0.0.199 2008.11.24 -
BitDefender 7.2 2008.11.25 -
CAT-QuickHeal 10.00 2008.11.25 -
ClamAV 0.94.1 2008.11.25 -
DrWeb 4.44.0.09170 2008.11.25 -
eSafe 7.0.17.0 2008.11.24 Suspicious File
eTrust-Vet 31.6.6227 2008.11.25 -
Ewido 4.0 2008.11.24 -
F-Prot 4.4.4.56 2008.11.24 -
F-Secure 8.0.14332.0 2008.11.25 -
Fortinet 3.117.0.0 2008.11.25 -
GData 19 2008.11.25 -
Ikarus T3.1.1.45.0 2008.11.25 -
K7AntiVirus 7.10.532 2008.11.24 -
Kaspersky 7.0.0.125 2008.11.25 -
McAfee 5444 2008.11.24 -
McAfee+Artemis 5444 2008.11.24 -
Microsoft 1.4104 2008.11.25 TrojanDownloader:Win32/Agent.F
NOD32 3638 2008.11.25 a variant of Win32/Adware.Virtumonde.NDI
Norman 5.80.02 2008.11.25 -
Panda 9.0.0.4 2008.11.24 -
PCTools 4.4.2.0 2008.11.24 -
Prevx1 V2 2008.11.25 -
Rising 21.05.12.00 2008.11.25 Trojan.Win32.VUNDO.btg
SecureWeb-Gateway 6.7.6 2008.11.25 Win32.Malware.gen!92 (suspicious)
Sophos 4.35.0 2008.11.25 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.25 -
TheHacker 6.3.1.1.162 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.25 -
VBA32 3.12.8.9 2008.11.24 -
ViRobot 2008.11.25.1485 2008.11.25 -
VirusBuster 4.5.11.0 2008.11.24 -
Additional information
File size: 59444 bytes
MD5...: 2c96bf8d899b877939ea04f2f750d449
SHA1..: 10fe62be640628edb4ac661902213bb0cde922be

Добавлено через 1 минуту

File winsys2.exe received on 11.25.2008 12:18:26 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.24.3 2008.11.25 -
AntiVir 7.9.0.35 2008.11.25 -
Authentium 5.1.0.4 2008.11.25 -
Avast 4.8.1281.0 2008.11.24 -
AVG 8.0.0.199 2008.11.24 -
BitDefender 7.2 2008.11.25 -
CAT-QuickHeal 10.00 2008.11.25 -
ClamAV 0.94.1 2008.11.25 -
DrWeb 4.44.0.09170 2008.11.25 -
eSafe 7.0.17.0 2008.11.24 -
eTrust-Vet 31.6.6227 2008.11.25 -
Ewido 4.0 2008.11.24 -
F-Prot 4.4.4.56 2008.11.24 -
F-Secure 8.0.14332.0 2008.11.25 -
Fortinet 3.117.0.0 2008.11.25 -
GData 19 2008.11.25 -
Ikarus T3.1.1.45.0 2008.11.25 -
K7AntiVirus 7.10.532 2008.11.24 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.11.25 -
McAfee 5444 2008.11.24 -
McAfee+Artemis 5444 2008.11.24 -
Microsoft 1.4104 2008.11.25 -
NOD32 3638 2008.11.25 -
Norman 5.80.02 2008.11.25 -
Panda 9.0.0.4 2008.11.24 Trj/Agent.ISR
PCTools 4.4.2.0 2008.11.24 -
Prevx1 V2 2008.11.25 -
Rising 21.05.12.00 2008.11.25 -
SecureWeb-Gateway 6.7.6 2008.11.25 -
Sophos 4.35.0 2008.11.25 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.25 -
TheHacker 6.3.1.1.162 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.25 -
VBA32 None 2008.11.24 -
ViRobot 2008.11.25.1485 2008.11.25 -
VirusBuster 4.5.11.0 2008.11.24 -
Additional information
File size: 208896 bytes
MD5...: daee383586db76671c43a83c04e51283

Добавлено через 2 минуты

File kdsqm.exe received on 11.25.2008 12:17:28 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.24.3 2008.11.25 -
AntiVir 7.9.0.35 2008.11.25 -
Authentium 5.1.0.4 2008.11.25 W32/Sinowal-based!Maximus
Avast 4.8.1281.0 2008.11.24 Win32:FaDrop
AVG 8.0.0.199 2008.11.24 -
BitDefender 7.2 2008.11.25 -
CAT-QuickHeal 10.00 2008.11.25 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.11.25 -
DrWeb 4.44.0.09170 2008.11.25 -
eSafe 7.0.17.0 2008.11.24 Suspicious File
eTrust-Vet 31.6.6227 2008.11.25 -
Ewido 4.0 2008.11.24 -
F-Prot 4.4.4.56 2008.11.24 W32/Sinowal-based!Maximus
F-Secure 8.0.14332.0 2008.11.25 Suspicious:W32/Malware!Gemini
Fortinet 3.117.0.0 2008.11.25 -
GData 19 2008.11.25 Win32:FaDrop
Ikarus T3.1.1.45.0 2008.11.25 Trojan.Win32.Alureon
K7AntiVirus 7.10.532 2008.11.24 -
Kaspersky 7.0.0.125 2008.11.25 -
McAfee 5444 2008.11.24 -
McAfee+Artemis 5444 2008.11.24 Generic!Artemis
Microsoft 1.4104 2008.11.25 Trojan:Win32/Alureon.gen
NOD32 3638 2008.11.25 a variant of Win32/Kryptik.BT
Norman 5.80.02 2008.11.25 -
Panda 9.0.0.4 2008.11.24 -
PCTools 4.4.2.0 2008.11.24 -
Prevx1 V2 2008.11.25 -
Rising 21.05.12.00 2008.11.25 -
SecureWeb-Gateway 6.7.6 2008.11.25 -
Sophos 4.35.0 2008.11.25 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.25 -
TheHacker 6.3.1.1.162 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.25 -
VBA32 3.12.8.9 2008.11.24 -
ViRobot 2008.11.25.1485 2008.11.25 -
VirusBuster 4.5.11.0 2008.11.24 -
Additional information
File size: 75264 bytes
MD5...: 2401ac0314d0dfbbae8b74eae98e1b3f

Добавлено через 11 минут

File bodozanu.dll received on 11.25.2008 12:38:52 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.24.3 2008.11.25 -
AntiVir 7.9.0.35 2008.11.25 -
Authentium 5.1.0.4 2008.11.25 -
Avast 4.8.1281.0 2008.11.24 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.11.24 Generic11.BERB
BitDefender 7.2 2008.11.25 Trojan.Vundo.FSY
CAT-QuickHeal 10.00 2008.11.25 -
ClamAV 0.94.1 2008.11.25 Trojan.Spy-55283
DrWeb 4.44.0.09170 2008.11.25 Trojan.Virtumod.585
eSafe 7.0.17.0 2008.11.24 Suspicious File
eTrust-Vet 31.6.6227 2008.11.25 -
Ewido 4.0 2008.11.25 -
F-Prot 4.4.4.56 2008.11.24 W32/Virtumonde.AG.gen!Eldorado
F-Secure 8.0.14332.0 2008.11.25 -
Fortinet 3.117.0.0 2008.11.25 -
GData 19 2008.11.25 Trojan.Vundo.FSY
Ikarus T3.1.1.45.0 2008.11.25 Trojan.Vundo.FSY
K7AntiVirus 7.10.532 2008.11.24 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.11.25 -
McAfee 5444 2008.11.24 -
McAfee+Artemis 5444 2008.11.24 -
Microsoft 1.4104 2008.11.25 Trojan:Win32/Vundo.KAM
NOD32 3638 2008.11.25 a variant of Win32/Adware.Virtumonde.NCG
Norman 5.80.02 2008.11.25 W32/Virtumonde.ABGK
Panda 9.0.0.4 2008.11.24 -
PCTools 4.4.2.0 2008.11.24 -
Prevx1 V2 2008.11.25 -
Rising 21.05.12.00 2008.11.25 Trojan.Win32.Undef.rjb
SecureWeb-Gateway 6.7.6 2008.11.25 Win32.Malware.gen!92 (suspicious)
Sophos 4.35.0 2008.11.25 Troj/BHO-HG
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.25 Trojan.Vundo
TheHacker 6.3.1.1.162 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.25 -
VBA32 3.12.8.9 2008.11.24 -
ViRobot 2008.11.25.1485 2008.11.25 Trojan.Win32.PSWIGames.59392.I
VirusBuster 4.5.11.0 2008.11.24 -
Additional information
File size: 59392 bytes

senyak
25.11.2008, 18:38
Файл fun_21243 получен 2008.11.25 16:33:08 (CET)
Текущий статус: закончено
Результат: 5/37 (13.52%)


Антивирус Версия Обновление Результат
AhnLab-V3 2008.11.24.3 2008.11.25 -
AntiVir 7.9.0.35 2008.11.25 -
Authentium 5.1.0.4 2008.11.25 -
Avast 4.8.1281.0 2008.11.24 -
AVG 8.0.0.199 2008.11.25 Crypt.AUA
BitDefender 7.2 2008.11.25 -
CAT-QuickHeal 10.00 2008.11.25 -
ClamAV 0.94.1 2008.11.25 -
DrWeb 4.44.0.09170 2008.11.25 Trojan.MulDrop.24733
eSafe 7.0.17.0 2008.11.25 -
eTrust-Vet 31.6.6227 2008.11.25 -
Ewido 4.0 2008.11.25 -
F-Prot 4.4.4.56 2008.11.24 -
F-Secure 8.0.14332.0 2008.11.25 Trojan.Win32.VB.gzk
Fortinet 3.117.0.0 2008.11.25 -
GData 19 2008.11.25 -
Ikarus T3.1.1.45.0 2008.11.25 -
K7AntiVirus 7.10.532 2008.11.24 -
Kaspersky 7.0.0.125 2008.11.25 Trojan.Win32.VB.gzk
McAfee 5444 2008.11.24 -
McAfee+Artemis 5444 2008.11.24 -
Microsoft 1.4104 2008.11.25 -
NOD32 3638 2008.11.25 -
Norman 5.80.02 2008.11.25 -
Panda 9.0.0.4 2008.11.25 Suspicious file
PCTools 4.4.2.0 2008.11.25 -
Prevx1 V2 2008.11.25 -
Rising 21.05.12.00 2008.11.25 -
SecureWeb-Gateway 6.7.6 2008.11.25 -
Sophos 4.35.0 2008.11.25 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.25 -
TheHacker 6.3.1.1.162 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.25 -
VBA32 3.12.8.9 2008.11.24 -
ViRobot 2008.11.25.1485 2008.11.25 -
VirusBuster 4.5.11.0 2008.11.24 -

Дополнительная информация
File size: 77824 bytes
MD5...: 42c1ae4d7b30882c6ba0bddb7b3f44f3
SHA1..: b18e5f4e85faba16c556f79a55c7765f5406fbaa
SHA256: 9869cc465979cf5ea529443d647ad56880ca8cce715f8b5bd7 5943e5d56dbf78
SHA512: 040544eb767f3520c21c75a9e151fef389ff5f169295fdec42 5fb8ef07e35e11
f54c01a54f63bac82fe46a7dd4e092db5524a871fc9ae29ae9 5039ed46fc33a0
ssdeep: 1536:tbDP3wktXejTL6b4VWL5hU9QMpqrB3RatglP+fDcValMn d:tX3wktujTLkY
WLjKJpaB3ItglgwVaKd
PEiD..: -

Shu_b
26.11.2008, 15:45
File adsl.exe received on 11.26.2008 08:15:16 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.24.3 2008.11.26 Win-Trojan/Avkiller.17920
AntiVir 7.9.0.35 2008.11.26 -
Authentium 5.1.0.4 2008.11.25 -
Avast 4.8.1281.0 2008.11.25 -
AVG 8.0.0.199 2008.11.25 -
BitDefender 7.2 2008.11.26 -
CAT-QuickHeal 10.00 2008.11.26 -
ClamAV 0.94.1 2008.11.26 -
DrWeb 4.44.0.09170 2008.11.26 MULDROP.Trojan
eSafe 7.0.17.0 2008.11.25 Suspicious File
eTrust-Vet 31.6.6228 2008.11.26 -
Ewido 4.0 2008.11.25 -
F-Prot 4.4.4.56 2008.11.25 -
F-Secure 8.0.14332.0 2008.11.26 Suspicious:W32/Malware!Gemini
Fortinet 3.117.0.0 2008.11.25 -
GData 19 2008.11.26 -
Ikarus T3.1.1.45.0 2008.11.26 Trojan.Win32.KillAV.ko
K7AntiVirus 7.10.533 2008.11.25 -
Kaspersky 7.0.0.125 2008.11.26 -
McAfee 5445 2008.11.25 -
McAfee+Artemis 5445 2008.11.25 -
Microsoft 1.4104 2008.11.26 -
NOD32 3641 2008.11.26 -
Norman 5.80.02 2008.11.25 -
Panda 9.0.0.4 2008.11.25 Suspicious file
PCTools 4.4.2.0 2008.11.25 -
Prevx1 V2 2008.11.26 -
Rising 21.05.12.00 2008.11.25 -
SecureWeb-Gateway 6.7.6 2008.11.25 -
Sophos 4.35.0 2008.11.25 -
Sunbelt 3.1.1830.2 2008.11.26 -
Symantec 10 2008.11.26 -
TheHacker 6.3.1.1.163 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.26 PAK_Generic.001
VBA32 3.12.8.9 2008.11.26 Trojan.Win32.KillAV.ko
ViRobot 2008.11.26.1486 2008.11.26 -
VirusBuster 4.5.11.0 2008.11.25 -
Additional information
File size: 10240 bytes
MD5...: bab9b4a25a879bd14909df4b21bcda48

Добавлено через 2 часа 56 минут

File lsass.exe received on 11.26.2008 11:09:13 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.24.3 2008.11.26 -
AntiVir 7.9.0.35 2008.11.26 -
Authentium 5.1.0.4 2008.11.26 -
Avast 4.8.1281.0 2008.11.25 -
AVG 8.0.0.199 2008.11.25 -
BitDefender 7.2 2008.11.26 -
CAT-QuickHeal 10.00 2008.11.26 -
ClamAV 0.94.1 2008.11.26 -
DrWeb 4.44.0.09170 2008.11.26 -
eSafe 7.0.17.0 2008.11.25 Suspicious File
eTrust-Vet 31.6.6228 2008.11.26 -
Ewido 4.0 2008.11.25 -
F-Prot 4.4.4.56 2008.11.25 -
F-Secure 8.0.14332.0 2008.11.26 -
Fortinet 3.117.0.0 2008.11.26 -
GData 19 2008.11.26 -
Ikarus T3.1.1.45.0 2008.11.26 Trojan.Win32.Autoit.dt
K7AntiVirus 7.10.533 2008.11.25 -
Kaspersky 7.0.0.125 2008.11.26 -
McAfee 5445 2008.11.25 -
McAfee+Artemis 5445 2008.11.25 -
Microsoft 1.4104 2008.11.26 -
NOD32 3641 2008.11.26 -
Norman 5.80.02 2008.11.25 W32/Agent.JIIR
Panda 9.0.0.4 2008.11.25 W32/Autoit.AB
PCTools 4.4.2.0 2008.11.25 -
Prevx1 V2 2008.11.26 -
Rising 21.05.20.00 2008.11.26 -
SecureWeb-Gateway 6.7.6 2008.11.26 -
Sophos 4.35.0 2008.11.26 Sus/Behav-1011
Sunbelt 3.1.1830.2 2008.11.26 -
Symantec 10 2008.11.26 -
TheHacker 6.3.1.1.163 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.26 -
VBA32 3.12.8.9 2008.11.26 -
ViRobot 2008.11.26.1486 2008.11.26 -
VirusBuster 4.5.11.0 2008.11.25 -
Additional information
File size: 249172 bytes
MD5...: 0a19525f0fdae4376a586f77bf5fcb4d

Добавлено через 2 часа 29 минут

File vmi386.sys received on 11.26.2008 13:36:01 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.24.3 2008.11.26 Win-Trojan/Pakes.26784
AntiVir 7.9.0.35 2008.11.26 -
Authentium 5.1.0.4 2008.11.26 -
Avast 4.8.1281.0 2008.11.25 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.11.26 Generic12.HRL
BitDefender 7.2 2008.11.26 -
CAT-QuickHeal 10.00 2008.11.26 -
ClamAV 0.94.1 2008.11.26 -
DrWeb 4.44.0.09170 2008.11.26 Trojan.Packed.1228
eSafe 7.0.17.0 2008.11.25 -
eTrust-Vet 31.6.6228 2008.11.26 -
Ewido 4.0 2008.11.26 -
F-Prot 4.4.4.56 2008.11.25 -
F-Secure 8.0.14332.0 2008.11.26 -
Fortinet 3.117.0.0 2008.11.26 -
GData 19 2008.11.26 Win32:Trojan-gen {Other}
Ikarus T3.1.1.45.0 2008.11.26 -
K7AntiVirus 7.10.533 2008.11.25 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.11.26 -
McAfee 5445 2008.11.25 -
McAfee+Artemis 5445 2008.11.25 Generic!Artemis
Microsoft 1.4104 2008.11.26 -
NOD32 3642 2008.11.26 Win32/Agent.AMBG
Norman 5.80.02 2008.11.26 -
Panda 9.0.0.4 2008.11.25 -
PCTools 4.4.2.0 2008.11.26 -
Prevx1 V2 2008.11.26 -
Rising 21.05.22.00 2008.11.26 -
SecureWeb-Gateway 6.7.6 2008.11.26 -
Sophos 4.35.0 2008.11.26 -
Sunbelt 3.1.1830.2 2008.11.26 -
Symantec 10 2008.11.26 Trojan.Dropper
TheHacker 6.3.1.1.163 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.26 -
VBA32 3.12.8.9 2008.11.26 -
ViRobot 2008.11.26.1487 2008.11.26 Trojan.Win32.Pakes.26784
VirusBuster 4.5.11.0 2008.11.25 -
Additional information
File size: 26784 bytes
MD5...: 3006e4d347c5bb5767dab0a99ddeb68f

Hanson
26.11.2008, 16:11
Файл winlogon_exe_ получен 2008.11.26 13:56:09 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 9/37 (24.33%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.11.24.3 2008.11.26 -
AntiVir 7.9.0.35 2008.11.26 DR/Delphi.Gen
Authentium 5.1.0.4 2008.11.26 -
Avast 4.8.1281.0 2008.11.26 Win32:Delf-LMN
AVG 8.0.0.199 2008.11.26 SHeur2.DTA
BitDefender 7.2 2008.11.26 Trojan.Dropper.LdPinch.AO
CAT-QuickHeal 10.00 2008.11.26 -
ClamAV 0.94.1 2008.11.26 -
DrWeb 4.44.0.09170 2008.11.26 -
eSafe 7.0.17.0 2008.11.25 Suspicious File
eTrust-Vet 31.6.6228 2008.11.26 -
Ewido 4.0 2008.11.26 -
F-Prot 4.4.4.56 2008.11.25 -
F-Secure 8.0.14332.0 2008.11.26 -
Fortinet 3.117.0.0 2008.11.26 -
GData 19 2008.11.26 Trojan.Dropper.LdPinch.AO
Ikarus T3.1.1.45.0 2008.11.26 Trojan-Dropper.LdPinch
K7AntiVirus 7.10.533 2008.11.25 -
Kaspersky 7.0.0.125 2008.11.26 -
McAfee 5445 2008.11.25 -
McAfee+Artemis 5445 2008.11.25 Generic!Artemis
Microsoft 1.4104 2008.11.26 -
NOD32 3642 2008.11.26 -
Norman 5.80.02 2008.11.26 -
Panda 9.0.0.4 2008.11.25 -
PCTools 4.4.2.0 2008.11.26 -
Prevx1 V2 2008.11.26 -
Rising 21.05.22.00 2008.11.26 -
SecureWeb-Gateway 6.7.6 2008.11.26 Trojan.ATRAPS.Gen
Sophos 4.35.0 2008.11.26 -
Sunbelt 3.1.1830.2 2008.11.26 -
Symantec 10 2008.11.26 -
TheHacker 6.3.1.1.163 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.26 -
VBA32 3.12.8.9 2008.11.26 -
ViRobot 2008.11.26.1487 2008.11.26 -
VirusBuster 4.5.11.0 2008.11.25 -

Shu_b
27.11.2008, 17:50
File icq5e.dll received on 11.27.2008 07:40:25 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.27.1 2008.11.27 -
AntiVir 7.9.0.35 2008.11.26 -
Authentium 5.1.0.4 2008.11.27 -
Avast 4.8.1281.0 2008.11.27 -
AVG 8.0.0.199 2008.11.27 -
BitDefender 7.2 2008.11.27 -
CAT-QuickHeal 10.00 2008.11.27 -
ClamAV 0.94.1 2008.11.27 -
DrWeb 4.44.0.09170 2008.11.27 -
eSafe 7.0.17.0 2008.11.25 -
eTrust-Vet 31.6.6231 2008.11.27 -
Ewido 4.0 2008.11.26 -
F-Prot 4.4.4.56 2008.11.26 -
F-Secure 8.0.14332.0 2008.11.27 Trojan-Downloader.Win32.Agent.arut
Fortinet 3.117.0.0 2008.11.27 -
GData 19 2008.11.27 -
Ikarus T3.1.1.45.0 2008.11.27 -
K7AntiVirus 7.10.534 2008.11.26 -
Kaspersky 7.0.0.125 2008.11.27 Trojan-Downloader.Win32.Agent.arut
McAfee 5446 2008.11.26 -
McAfee+Artemis 5446 2008.11.26 -
Microsoft 1.4104 2008.11.27 -
NOD32 3644 2008.11.26 -
Norman 5.80.02 2008.11.26 -
Panda 9.0.0.4 2008.11.27 Suspicious file
PCTools 4.4.2.0 2008.11.26 -
Prevx1 V2 2008.11.27 -
Rising 21.05.30.00 2008.11.27 -
SecureWeb-Gateway 6.7.6 2008.11.26 -
Sophos 4.35.0 2008.11.27 -
Sunbelt 3.1.1830.2 2008.11.26 -
Symantec 10 2008.11.27 -
TheHacker 6.3.1.1.164 2008.11.27 -
TrendMicro 8.700.0.1004 2008.11.27 -
VBA32 3.12.8.9 2008.11.26 -
ViRobot 2008.11.27.1488 2008.11.27 -
VirusBuster 4.5.11.0 2008.11.26 -
Additional information
File size: 110592 bytes
MD5...: 0ab70f09b36cd6c329f68f3ff06ec5d5

Добавлено через 7 часов 53 минуты

[cut] -false alarm

Добавлено через 1 минуту

File msvcrt48.dll received on 11.27.2008 15:37:38 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.27.4 2008.11.27 -
AntiVir 7.9.0.35 2008.11.27 -
Authentium 5.1.0.4 2008.11.27 -
Avast 4.8.1281.0 2008.11.27 -
AVG 8.0.0.199 2008.11.27 PSW.Agent.WGY
BitDefender 7.2 2008.11.27 -
CAT-QuickHeal 10.00 2008.11.27 -
ClamAV 0.94.1 2008.11.27 -
DrWeb 4.44.0.09170 2008.11.27 Trojan.PWS.Webmonier.115
eSafe 7.0.17.0 2008.11.27 -
eTrust-Vet 31.6.6233 2008.11.27 -
Ewido 4.0 2008.11.27 -
F-Prot 4.4.4.56 2008.11.27 -
F-Secure 8.0.14332.0 2008.11.27 Trojan-Spy.Win32.Agent.eyl
Fortinet 3.117.0.0 2008.11.27 Spy/Agent
GData 19 2008.11.27 -
Ikarus T3.1.1.45.0 2008.11.27 -
K7AntiVirus 7.10.536 2008.11.27 -
Kaspersky 7.0.0.125 2008.11.27 Trojan-Spy.Win32.Agent.eyl
McAfee 5446 2008.11.26 -
McAfee+Artemis 5446 2008.11.26 -
Microsoft 1.4104 2008.11.27 -
NOD32 3645 2008.11.27 -
Norman 5.80.02 2008.11.26 -
Panda 9.0.0.4 2008.11.27 Suspicious file
PCTools 4.4.2.0 2008.11.27 -
Prevx1 V2 2008.11.27 -
Rising 21.05.32.00 2008.11.27 -
SecureWeb-Gateway 6.7.6 2008.11.27 -
Sophos 4.35.0 2008.11.27 -
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.27 -
TheHacker 6.3.1.1.164 2008.11.27 -
TrendMicro 8.700.0.1004 2008.11.27 -
VBA32 3.12.8.9 2008.11.27 -
ViRobot 2008.11.27.1489 2008.11.27 -
VirusBuster 4.5.11.0 2008.11.26 -
Additional information
File size: 20480 bytes
MD5...: 55d308f64c57e382583eb18757abd535

Добавлено через 2 минуты

File fskahuipymcphgo.sys received on 11.27.2008 15:39:36 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.27.4 2008.11.27 -
AntiVir 7.9.0.35 2008.11.27 TR/Rootkit.Gen
Authentium 5.1.0.4 2008.11.27 -
Avast 4.8.1281.0 2008.11.27 Win32:Rootkit-gen
AVG 8.0.0.199 2008.11.27 DDoS.K
BitDefender 7.2 2008.11.27 -
CAT-QuickHeal 10.00 2008.11.27 -
ClamAV 0.94.1 2008.11.27 -
DrWeb 4.44.0.09170 2008.11.27 -
eSafe 7.0.17.0 2008.11.27 -
eTrust-Vet 31.6.6233 2008.11.27 -
Ewido 4.0 2008.11.27 -
F-Prot 4.4.4.56 2008.11.27 -
F-Secure 8.0.14332.0 2008.11.27 -
Fortinet 3.117.0.0 2008.11.27 -
GData 19 2008.11.27 Win32:Rootkit-gen
Ikarus T3.1.1.45.0 2008.11.27 Backdoor.WinNT.Rustock
K7AntiVirus 7.10.536 2008.11.27 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.11.27 -
McAfee 5446 2008.11.26 -
McAfee+Artemis 5446 2008.11.26 Generic!Artemis
Microsoft 1.4104 2008.11.27 Backdoor:WinNT/Rustock.H
NOD32 3645 2008.11.27 -
Norman 5.80.02 2008.11.26 W32/Rootkit.WKA
Panda 9.0.0.4 2008.11.27 -
PCTools 4.4.2.0 2008.11.27 -
Prevx1 V2 2008.11.27 -
Rising 21.05.32.00 2008.11.27 -
SecureWeb-Gateway 6.7.6 2008.11.27 Trojan.Rootkit.Gen
Sophos 4.35.0 2008.11.27 -
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.27 -
TheHacker 6.3.1.1.164 2008.11.27 -
TrendMicro 8.700.0.1004 2008.11.27 -
VBA32 3.12.8.9 2008.11.27 -
ViRobot 2008.11.27.1489 2008.11.27 -
VirusBuster 4.5.11.0 2008.11.26 -
Additional information
File size: 30848 bytes
MD5...: b0709f0e1517f9a7bf964761c2e47493

zorro84
28.11.2008, 08:55
Файл ntos.exe получен 2008.11.26 06:16:33 (CET)
Текущий статус: закончено
Результат: 11/37 (29.73%)


Антивирус Версия Обновление Результат
AhnLab-V3 2008.11.24.3 2008.11.26 -
AntiVir 7.9.0.35 2008.11.25 DR/Delphi.Gen
Authentium 5.1.0.4 2008.11.25 -
Avast 4.8.1281.0 2008.11.25 Win32:Delf-LMN
AVG 8.0.0.199 2008.11.25 Win32/Heur
BitDefender 7.2 2008.11.26 Trojan.Dropper.LdPinch.AO
CAT-QuickHeal 10.00 2008.11.25 -
ClamAV 0.94.1 2008.11.26 -
DrWeb 4.44.0.09170 2008.11.26 Trojan.PWS.Panda.17
eSafe 7.0.17.0 2008.11.25 -
eTrust-Vet 31.6.6228 2008.11.26 -
Ewido 4.0 2008.11.25 -
F-Prot 4.4.4.56 2008.11.25 -
F-Secure 8.0.14332.0 2008.11.26 Trojan.Win32.Agent.aqpj
Fortinet 3.117.0.0 2008.11.25 -
GData 19 2008.11.26 Trojan.Dropper.LdPinch.AO
Ikarus T3.1.1.45.0 2008.11.26 Trojan-Dropper.LdPinch
K7AntiVirus 7.10.533 2008.11.25 -
Kaspersky 7.0.0.125 2008.11.26 Trojan.Win32.Agent.aqpj
McAfee 5445 2008.11.25 -
McAfee+Artemis 5445 2008.11.25 -
Microsoft 1.4104 2008.11.26 -
NOD32 3641 2008.11.26 -
Norman 5.80.02 2008.11.25 -
Panda 9.0.0.4 2008.11.25 -
PCTools 4.4.2.0 2008.11.25 -
Prevx1 V2 2008.11.26 -
Rising 21.05.12.00 2008.11.25 -
SecureWeb-Gateway 6.7.6 2008.11.25 Trojan.Dropper.Delphi.Gen
Sophos 4.35.0 2008.11.25 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.26 Infostealer
TheHacker 6.3.1.1.163 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.26 -
VBA32 3.12.8.9 2008.11.26 -
ViRobot 2008.11.26.1486 2008.11.26 -
VirusBuster 4.5.11.0 2008.11.25 -
Дополнительная информация
File size: 699392 bytes
MD5...: d48bc81b3ad1acd0b4416ddefe1eea09
SHA1..: 51009421c683bad2a2eb6d7dee324c806632cd67

Shu_b
28.11.2008, 13:09
File msansspc.dll received on 11.28.2008 06:05:23 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.27.4 2008.11.28 -
AntiVir 7.9.0.35 2008.11.27 TR/Agent.aqkz
Authentium 5.1.0.4 2008.11.28 -
Avast 4.8.1281.0 2008.11.27 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.11.27 Agent.AMYR
BitDefender 7.2 2008.11.28 -
CAT-QuickHeal 10.00 2008.11.28 Trojan.Agent.aqkz
ClamAV 0.94.1 2008.11.28 -
DrWeb 4.44.0.09170 2008.11.28 Trojan.Botnetlog.1
eSafe 7.0.17.0 2008.11.27 Suspicious File
eTrust-Vet 31.6.6233 2008.11.27 -
Ewido 4.0 2008.11.27 -
F-Prot 4.4.4.56 2008.11.27 -
F-Secure 8.0.14332.0 2008.11.28 -
Fortinet 3.117.0.0 2008.11.27 -
GData 19 2008.11.28 Win32:Trojan-gen {Other}
Ikarus T3.1.1.45.0 2008.11.28 -
K7AntiVirus 7.10.536 2008.11.27 -
Kaspersky 7.0.0.125 2008.11.28 -
McAfee 5447 2008.11.27 -
McAfee+Artemis 5447 2008.11.27 -
Microsoft 1.4104 2008.11.28 -
NOD32 3647 2008.11.27 -
Norman 5.80.02 2008.11.27 -
Panda 9.0.0.4 2008.11.28 -
PCTools 4.4.2.0 2008.11.27 -
Prevx1 V2 2008.11.28 -
Rising 21.05.40.00 2008.11.28 Trojan.Win32.Undef.tff
SecureWeb-Gateway 6.7.6 2008.11.27 Trojan.Agent.aqkz
Sophos 4.36.0 2008.11.28 -
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.28 -
TheHacker 6.3.1.1.166 2008.11.28 -
TrendMicro 8.700.0.1004 2008.11.27 -
VBA32 3.12.8.9 2008.11.27 -
ViRobot 2008.11.27.1489 2008.11.27 -
VirusBuster 4.5.11.0 2008.11.27 -
Additional information
File size: 27648 bytes
MD5...: de110803efec6c70e69016f51ed23832

Добавлено через 1 час 57 минут

File mdm.exe received on 11.28.2008 08:58:31 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.27.4 2008.11.28 -
AntiVir 7.9.0.35 2008.11.28 -
Authentium 5.1.0.4 2008.11.28 -
Avast 4.8.1281.0 2008.11.27 -
AVG 8.0.0.199 2008.11.27 SHeur2.DRQ
BitDefender 7.2 2008.11.28 -
CAT-QuickHeal 10.00 2008.11.28 Backdoor.IRCBot.gqg
ClamAV 0.94.1 2008.11.28 -
DrWeb 4.44.0.09170 2008.11.28 BackDoor.IRC.Rxbot.26
eSafe 7.0.17.0 2008.11.27 -
eTrust-Vet 31.6.6233 2008.11.27 -
Ewido 4.0 2008.11.27 -
F-Prot 4.4.4.56 2008.11.27 -
Fortinet 3.117.0.0 2008.11.27 W32/IRCBot.GQG!tr.bdr
GData 19 2008.11.28 -
Ikarus T3.1.1.45.0 2008.11.28 -
K7AntiVirus 7.10.536 2008.11.27 Backdoor.Win32.IRCBot.gqg
Kaspersky 7.0.0.125 2008.11.28 Backdoor.Win32.IRCBot.gqg
McAfee 5447 2008.11.27 -
McAfee+Artemis 5447 2008.11.27 -
Microsoft 1.4104 2008.11.28 -
NOD32 3647 2008.11.27 -
Norman 5.80.02 2008.11.27 -
Panda 9.0.0.4 2008.11.28 -
PCTools 4.4.2.0 2008.11.27 -
Prevx1 V2 2008.11.28 -
Rising 21.05.40.00 2008.11.28 -
SecureWeb-Gateway 6.7.6 2008.11.28 -
Sophos 4.36.0 2008.11.28 -
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.28 -
TheHacker 6.3.1.1.166 2008.11.28 -
TrendMicro 8.700.0.1004 2008.11.28 WORM_MAINBOT.MCL
VBA32 3.12.8.9 2008.11.27 -
ViRobot 2008.11.28.1490 2008.11.28 -
VirusBuster 4.5.11.0 2008.11.27 -
Additional information
File size: 35840 bytes
MD5...: dbf6bdddfbe8bb6035e9ae885cbf5d04

Numb
28.11.2008, 13:21
Из раздела "Помогите!":
Файл avz00002.dta получен 2008.11.28 11:06:47 (CET)
(оригинальное имя - C:\Program Files\Microsoft Common\svchost.exe)

AhnLab-V3 2008.11.27.4 2008.11.28 -
AntiVir 7.9.0.35 2008.11.28 -
Authentium 5.1.0.4 2008.11.28 -
Avast 4.8.1281.0 2008.11.27 -
AVG 8.0.0.199 2008.11.27 Win32/Cryptor
BitDefender 7.2 2008.11.28 -
CAT-QuickHeal 10.00 2008.11.28 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.11.28 -
DrWeb 4.44.0.09170 2008.11.28 -
eSafe 7.0.17.0 2008.11.27 -
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.27 -
F-Prot 4.4.4.56 2008.11.27 -
F-Secure 8.0.14332.0 2008.11.28 -
Fortinet 3.117.0.0 2008.11.28 -
GData 19 2008.11.28 -
Ikarus T3.1.1.45.0 2008.11.28 -
K7AntiVirus 7.10.536 2008.11.27 -
Kaspersky 7.0.0.125 2008.11.28 -
McAfee 5447 2008.11.27 -
McAfee+Artemis 5447 2008.11.27 -
Microsoft 1.4104 2008.11.28 TrojanDropper:Win32/Emold.C
NOD32 3647 2008.11.27 -
Norman 5.80.02 2008.11.27 -
Panda 9.0.0.4 2008.11.28 -
PCTools 4.4.2.0 2008.11.27 -
Prevx1 V2 2008.11.28 -
Rising 21.05.40.00 2008.11.28 -
SecureWeb-Gateway 6.7.6 2008.11.28 -
Sophos 4.36.0 2008.11.28 Mal/EncPk-GH
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.28 -
TheHacker 6.3.1.1.166 2008.11.28 -
TrendMicro 8.700.0.1004 2008.11.28 PAK_Generic.001
VBA32 3.12.8.9 2008.11.27 suspected of Unknown.Win32Virus
ViRobot 2008.11.28.1490 2008.11.28 -
VirusBuster 4.5.11.0 2008.11.27 Worm.Autorun.Gen!Pac.14
Дополнительная информация
File size: 28672 bytes
MD5...: b5446b4263b5c3f443bd19f6860bf157
SHA1..: 4e590b3d85ef4e3624915ed8eb28e0aa698ff312

Файл avz00009.dta получен 2008.11.28 11:10:25 (CET)
(оригинальное имя - c:\windows\system32\msmsg.exe)

AhnLab-V3 2008.11.28.2 2008.11.28 -
AntiVir 7.9.0.35 2008.11.28 TR/ATRAPS.Gen
Authentium 5.1.0.4 2008.11.28 -
Avast 4.8.1281.0 2008.11.27 -
AVG 8.0.0.199 2008.11.27 -
BitDefender 7.2 2008.11.28 -
CAT-QuickHeal 10.00 2008.11.28 -
ClamAV 0.94.1 2008.11.28 -
DrWeb 4.44.0.09170 2008.11.28 -
eSafe 7.0.17.0 2008.11.27 Suspicious File
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.27 -
F-Prot 4.4.4.56 2008.11.27 -
F-Secure 8.0.14332.0 2008.11.28 -
Fortinet 3.117.0.0 2008.11.28 -
GData 19 2008.11.28 -
Ikarus T3.1.1.45.0 2008.11.28 -
K7AntiVirus 7.10.536 2008.11.27 -
Kaspersky 7.0.0.125 2008.11.28 -
McAfee 5447 2008.11.27 -
McAfee+Artemis 5447 2008.11.27 -
Microsoft 1.4104 2008.11.28 Trojan:Win32/Anomaly.gen!A
NOD32 3647 2008.11.27 -
Norman 5.80.02 2008.11.27 -
Panda 9.0.0.4 2008.11.28 -
PCTools 4.4.2.0 2008.11.27 -
Prevx1 V2 2008.11.28 -
Rising 21.05.40.00 2008.11.28 Packer.RyCrypt
SecureWeb-Gateway 6.7.6 2008.11.28 Trojan.ATRAPS.Gen
Sophos 4.36.0 2008.11.28 -
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.28 -
TheHacker 6.3.1.1.166 2008.11.28 -
TrendMicro 8.700.0.1004 2008.11.28 Possible_Virus
VBA32 3.12.8.9 2008.11.27 -
ViRobot 2008.11.28.1490 2008.11.28 -
VirusBuster 4.5.11.0 2008.11.27 -
Дополнительная информация
File size: 52224 bytes
MD5...: 8e7aa93d943c5022bedeeb7fc3444764
SHA1..: 4a8c3528f304dd96a7884feb7c32908c5e619f91

Shu_b
28.11.2008, 15:58
File fccyaXqn.dll received on 11.28.2008 13:46:49 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.28.2 2008.11.28 -
AntiVir 7.9.0.36 2008.11.28 -
Authentium 5.1.0.4 2008.11.28 -
Avast 4.8.1281.0 2008.11.27 -
AVG 8.0.0.199 2008.11.27 Vundo.AT
BitDefender 7.2 2008.11.28 Trojan.Vundo.FXR
CAT-QuickHeal 10.00 2008.11.28 -
ClamAV 0.94.1 2008.11.28 -
DrWeb 4.44.0.09170 2008.11.28 -
eSafe 7.0.17.0 2008.11.27 -
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.28 -
F-Prot 4.4.4.56 2008.11.27 -
Fortinet 3.117.0.0 2008.11.28 -
GData 19 2008.11.28 Trojan.Vundo.FXR
Ikarus T3.1.1.45.0 2008.11.28 -
K7AntiVirus 7.10.536 2008.11.27 -
Kaspersky 7.0.0.125 2008.11.28 -
McAfee 5447 2008.11.27 -
McAfee+Artemis 5447 2008.11.27 -
Microsoft 1.4104 2008.11.28 Trojan:Win32/Vundo.gen!R
NOD32 3648 2008.11.28 a variant of Win32/Adware.Virtumonde.NDK
Norman 5.80.02 2008.11.28 -
Panda 9.0.0.4 2008.11.28 -
PCTools 4.4.2.0 2008.11.27 -
Prevx1 V2 2008.11.28 -
Rising 21.05.42.00 2008.11.28 -
SecureWeb-Gateway 6.7.6 2008.11.28 Riskware.LooksLike.Fraud.An
Sophos 4.36.0 2008.11.28 -
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.28 Packed.Generic.201
TheHacker 6.3.1.1.166 2008.11.28 -
TrendMicro 8.700.0.1004 2008.11.28 -
VBA32 3.12.8.9 2008.11.28 -
ViRobot 2008.11.28.1491 2008.11.28 -
VirusBuster 4.5.11.0 2008.11.27 -
Additional information
File size: 246272 bytes
MD5...: 89088dcede745e1f6cb169207ab58fce


File cBSifEvT.dll received on 11.28.2008 13:50:33 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.11.28.2 2008.11.28 -
AntiVir 7.9.0.36 2008.11.28 TR/Vundo.fxr.84
Authentium 5.1.0.4 2008.11.28 -
Avast 4.8.1281.0 2008.11.27 -
AVG 8.0.0.199 2008.11.27 Vundo.AT
BitDefender 7.2 2008.11.28 Trojan.Vundo.FXR
CAT-QuickHeal 10.00 2008.11.28 Win32.Trojan.Vundo.gen!R.3
ClamAV 0.94.1 2008.11.28 -
DrWeb 4.44.0.09170 2008.11.28 Trojan.Siggen.630
eSafe 7.0.17.0 2008.11.27 -
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.28 -
F-Prot 4.4.4.56 2008.11.27 -
F-Secure 8.0.14332.0 2008.11.28 Trojan:W32/Vundo.BV
Fortinet 3.117.0.0 2008.11.28 PossibleThreat
GData 19 2008.11.28 Trojan.Vundo.FXR
Ikarus T3.1.1.45.0 2008.11.28 Trojan.Win32.Monder
K7AntiVirus 7.10.536 2008.11.27 -
Kaspersky 7.0.0.125 2008.11.28 -
McAfee 5447 2008.11.27 -
McAfee+Artemis 5447 2008.11.27 Generic!Artemis
Microsoft 1.4104 2008.11.28 Trojan:Win32/Vundo.gen!R
NOD32 3648 2008.11.28 a variant of Win32/Adware.Virtumonde.NDI
Norman 5.80.02 2008.11.28 -
Panda 9.0.0.4 2008.11.28 -
PCTools 4.4.2.0 2008.11.27 -
Prevx1 V2 2008.11.28 -
Rising 21.05.42.00 2008.11.28 -
SecureWeb-Gateway 6.7.6 2008.11.28 Trojan.Vundo.fxr.84
Sophos 4.36.0 2008.11.28 -
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.28 Packed.Generic.201
TheHacker 6.3.1.1.166 2008.11.28 -
TrendMicro 8.700.0.1004 2008.11.28 PAK_Generic.001
VBA32 3.12.8.9 2008.11.28 -
ViRobot 2008.11.28.1491 2008.11.28 -
VirusBuster 4.5.11.0 2008.11.27 -
Additional information
File size: 37888 bytes
MD5...: 394ce94ae80941b3676eebcc76668561

Синауридзе Александр
30.11.2008, 06:22
Файл DUpL.exe получен 2008.11.30 01:17:20 (CET)


AhnLab-V3 2008.11.28.2 2008.11.29 -
AntiVir 7.9.0.36 2008.11.29 -
Authentium 5.1.0.4 2008.11.29 -
Avast 4.8.1281.0 2008.11.29 -
AVG 8.0.0.199 2008.11.29 -
BitDefender 7.2 2008.11.30 Trojan.Generic.694784
CAT-QuickHeal 10.00 2008.11.29 -
ClamAV 0.94.1 2008.11.29 -
DrWeb 4.44.0.09170 2008.11.29 -
eSafe 7.0.17.0 2008.11.27 Suspicious File
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.29 -
F-Prot 4.4.4.56 2008.11.29 W32/Malware.D.dam!Eldorado
F-Secure 8.0.14332.0 2008.11.29 -
Fortinet 3.117.0.0 2008.11.29 -
GData 19 2008.11.30 Trojan.Generic.694784
Ikarus T3.1.1.45.0 2008.11.29 -
K7AntiVirus 7.10.538 2008.11.29 -
Kaspersky 7.0.0.125 2008.11.30 -
McAfee 5449 2008.11.29 -
McAfee+Artemis 5449 2008.11.29 -
Microsoft 1.4104 2008.11.30 VirTool:Win32/Obfuscator.BO
NOD32 3650 2008.11.28 -
Norman 5.80.02 2008.11.28 -
Panda 9.0.0.4 2008.11.29 -
PCTools 4.4.2.0 2008.11.29 -
Prevx1 V2 2008.11.30 -
Rising 21.05.52.00 2008.11.29 -
SecureWeb-Gateway 6.7.6 2008.11.29 Win32.Malware.dam (suspicious)
Sophos 4.36.0 2008.11.29 -
Sunbelt 3.1.1832.2 2008.11.27 VIPRE.Suspicious
Symantec 10 2008.11.30 -
TheHacker 6.3.1.1.169 2008.11.29 -
TrendMicro 8.700.0.1004 2008.11.28 -
VBA32 3.12.8.9 2008.11.29 -
ViRobot 2008.11.29.1492 2008.11.29 -
VirusBuster 4.5.11.0 2008.11.29 -

Дополнительная информация
File size: 12081 bytes
MD5...: 0bffe2fb6a7f610fae8914a09bcd2987
SHA1..: 4a656493a7d0b3f5c3c920ffe58bbc309cbba3d9
SHA256: 53785632a8650bc766b606ca540c7f97a50d8187de5239233a 0e5089271961e4
SHA512: 91bdb0623927bbec83e536cd36b8245e4faafc423f78460c74 0864d98a6c774d
0b535d01546b853b496de83c6ac4d4972cb5d678a9f2fcc40e 932bfcd1d519cd

ssdeep: 192:xQRwiZPCP3xGFFkNugr9fUWcTTuU7vWjZqprZvMb6R+Acg MFSLFBmA:W103x
NuQ8WOTR7OIh6gbLj

PEiD..: -
TrID..: File type identification
Win16/32 Executable Delphi generic (34.0%)
Generic Win/DOS Executable (32.9%)
DOS Executable Generic (32.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4090a0
timedatestamp.....: 0x47ec6ca2 (Fri Mar 28 03:57:22 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.rdata 0x1000 0x1c41 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x3000 0x4fce 0x2200 7.97 ea7fd029f38a484f214183b938deeffb
.data_ 0x8000 0x1000 0xa00 7.90 88931dcced08016e4ef86ca25f7716e1
.icode 0x9000 0x350 0x400 0.00 d41d8cd98f00b204e9800998ecf8427e
.icode 0xa000 0x2f3 0x400 0.00 d41d8cd98f00b204e9800998ecf8427e

( 0 imports )

( 0 exports )

CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=0bffe2fb6a7f610fae8914a09bcd2987' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=0bffe2fb6a7f610fae8914a09bcd2987</a>

Добавлено через 4 минуты

Файл sxkW.exe получен 2008.11.30 01:30:35 (CET)


AhnLab-V3 2008.11.28.2 2008.11.29 -
AntiVir 7.9.0.36 2008.11.29 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.11.30 -
Avast 4.8.1281.0 2008.11.29 -
AVG 8.0.0.199 2008.11.29 Win32/Heur
BitDefender 7.2 2008.11.30 -
CAT-QuickHeal 10.00 2008.11.29 -
ClamAV 0.94.1 2008.11.29 -
DrWeb 4.44.0.09170 2008.11.29 -
eSafe 7.0.17.0 2008.11.27 Suspicious File
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.29 -
F-Prot 4.4.4.56 2008.11.29 -
F-Secure 8.0.14332.0 2008.11.29 -
Fortinet 3.117.0.0 2008.11.29 -
GData 19 2008.11.30 -
Ikarus T3.1.1.45.0 2008.11.29 -
K7AntiVirus 7.10.538 2008.11.29 -
Kaspersky 7.0.0.125 2008.11.30 -
McAfee 5449 2008.11.29 -
McAfee+Artemis 5449 2008.11.29 -
Microsoft 1.4104 2008.11.30 VirTool:Win32/Obfuscator.BO
NOD32 3650 2008.11.28 -
Norman 5.80.02 2008.11.28 -
Panda 9.0.0.4 2008.11.29 -
PCTools 4.4.2.0 2008.11.29 -
Prevx1 V2 2008.11.30 -
Rising 21.05.52.00 2008.11.29 -
SecureWeb-Gateway 6.7.6 2008.11.29 Trojan.Crypt.XPACK.Gen
Sophos 4.36.0 2008.11.29 Mal/EncPk-DB
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.30 -
TheHacker 6.3.1.1.169 2008.11.29 -
TrendMicro 8.700.0.1004 2008.11.28 -
VBA32 3.12.8.9 2008.11.29 suspected of Malware-Cryptor.Win32.General.3
ViRobot 2008.11.29.1492 2008.11.29 -
VirusBuster 4.5.11.0 2008.11.29 -

Дополнительная информация
File size: 14208 bytes
MD5...: f356940144bbc710d7e57cbf2af36157
SHA1..: 36baafce982c7cfa0ca7617f3909d537936a10b6
SHA256: c64ddc5e2a7ddb9064cd8819db102db117ec57130ebe985315 798b4101017599
SHA512: 1092fd043a1e6e52371a0ca19545f481fda144369cfc8433b0 7f8a8d968851e5
57bb10cac2e6b6b4418c3a5978b3d247671ecd0af5aef59024 df830b66ad1ed7

ssdeep: 384:KcUIcPPOZdRxe2ri1nqAiiMs3t4S2LTNLy:KcUIU+HrGii H367LR

PEiD..: -
TrID..: File type identification
Win16/32 Executable Delphi generic (34.0%)
Generic Win/DOS Executable (32.9%)
DOS Executable Generic (32.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4090dc
timedatestamp.....: 0x47c10656 (Sun Feb 24 05:53:26 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.code 0x1000 0x1b24 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.share 0x3000 0x47db 0x2200 7.93 de390b5b79bc2344f57f0a4bea25aebb
.rsrc 0x8000 0x1000 0xa00 7.60 005b62737adabeac198f7d9663c09c29
.masm 0x9000 0x392 0x400 7.21 f469f31688506a1d5934baeddf0a428b
.data_ 0xa000 0x363 0x400 4.77 80b5ab88155861b55a37a077c8c6df10

( 1 imports )
> user32.dll: GrayStringA, LoadKeyboardLayoutW, EnumDisplaySettingsExW, SetWindowsHookExA, CreateDialogIndirectParamA

( 0 exports )

CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f356940144bbc710d7e57cbf2af36157' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f356940144bbc710d7e57cbf2af36157</a>

Добавлено через 2 часа 48 минут


Здравствуйте,

sxkW.exe_ - Email-Worm.Win32.Zhelatin.aia

Детектирование файла будет добавлено в следующее обновление.

Пожалуйста, при ответе включайте переписку целиком.
Ответ актуален для последних баз с источников обновлений.




>From: sinauridze[antispam]rambler.ru
>Sent: Nov 30 2008 3:45AM
>To: "New Virus" <[email protected]>
>Subject:
>
>Здравствуйте!
>
> Отправляю Вам файл для анализа. Заранее спасибо за ответ.
> --
> Александр Синауридзе.
>
С уважением, Михаил Кусачев
Вирусный аналитик

Shu_b
01.12.2008, 17:06
итого

Shu_b
01.12.2008, 17:48
File nttest.sys received on 12.01.2008 15:38:12 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.1.3 2008.12.01 -
AntiVir 7.9.0.36 2008.12.01 -
Authentium 5.1.0.4 2008.12.01 -
Avast 4.8.1281.0 2008.12.01 -
AVG 8.0.0.199 2008.12.01 -
BitDefender 7.2 2008.12.01 -
CAT-QuickHeal 10.00 2008.12.01 -
ClamAV 0.94.1 2008.12.01 -
DrWeb 4.44.0.09170 2008.12.01 -
eSafe 7.0.17.0 2008.11.30 -
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.12.01 -
F-Prot 4.4.4.56 2008.11.30 -
F-Secure 8.0.14332.0 2008.12.01 -
Fortinet 3.117.0.0 2008.11.30 -
GData 19 2008.12.01 -
Ikarus T3.1.1.45.0 2008.12.01 -
K7AntiVirus 7.10.539 2008.12.01 -
Kaspersky 7.0.0.125 2008.12.01 -
McAfee 5450 2008.11.30 -
McAfee+Artemis 5450 2008.11.30 -
Microsoft 1.4104 2008.12.01 -
NOD32 3653 2008.12.01 Win32/SpamTool.Agent.NBF
Norman 5.80.02 2008.12.01 -
Panda 9.0.0.4 2008.12.01 -
PCTools 4.4.2.0 2008.12.01 -
Prevx1 V2 2008.12.01 -
Rising 21.06.02.00 2008.12.01 -
SecureWeb-Gateway 6.7.6 2008.12.01 -
Sophos 4.36.0 2008.12.01 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.01 -
TheHacker 6.3.1.1.169 2008.11.29 -
TrendMicro 8.700.0.1004 2008.12.01 -
VBA32 3.12.8.9 2008.12.01 -
ViRobot 2008.12.1.1494 2008.12.01 -
VirusBuster 4.5.11.0 2008.11.30 -
Additional information
File size: 33280 bytes
MD5...: ff07e4d14fcef9dabd1685ddf67d0974

Shu_b
02.12.2008, 11:26
File explorer.ex_ received on 12.02.2008 07:38:15 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.2.0 2008.12.02 -
AntiVir 7.9.0.36 2008.12.01 -
Authentium 5.1.0.4 2008.12.02 -
Avast 4.8.1281.0 2008.12.01 -
AVG 8.0.0.199 2008.12.02 Win32/Small.DO
BitDefender 7.2 2008.12.02 Trojan.Inject.HP
CAT-QuickHeal 10.00 2008.12.02 -
ClamAV 0.94.1 2008.12.02 -
DrWeb 4.44.0.09170 2008.12.02 -
eSafe 7.0.17.0 2008.11.30 -
eTrust-Vet 31.6.6238 2008.12.02 -
Ewido 4.0 2008.12.01 -
F-Prot 4.4.4.56 2008.12.01 -
F-Secure 8.0.14332.0 2008.12.02 W32/Afgan.C
Fortinet 3.117.0.0 2008.12.02 -
GData 19 2008.12.02 Trojan.Inject.HP
Ikarus T3.1.1.45.0 2008.12.02 -
K7AntiVirus 7.10.539 2008.12.01 -
Kaspersky 7.0.0.125 2008.12.02 Heur.Infector
McAfee 5451 2008.12.01 -
McAfee+Artemis 5451 2008.12.01 -
Microsoft 1.4104 2008.12.02 -
NOD32 3656 2008.12.02 a variant of Win32/Afgan
Norman 5.80.02 2008.12.01 W32/Afgan.C
Panda 9.0.0.4 2008.12.02 -
PCTools 4.4.2.0 2008.12.01 -
Prevx1 V2 2008.12.02 -
Rising 21.06.10.00 2008.12.02 -
SecureWeb-Gateway 6.7.6 2008.12.01 Win32.Malware.gen!84 (suspicious)
Sophos 4.36.0 2008.12.02 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.02 -
TheHacker 6.3.1.2.171 2008.12.02 -
TrendMicro 8.700.0.1004 2008.12.02 -
VBA32 3.12.8.9 2008.12.01 -
ViRobot 2008.12.2.1495 2008.12.02 -
VirusBuster 4.5.11.0 2008.12.01 -
Additional information
File size: 1056768 bytes
MD5...: bdefbce8919f5b8dffe487942140fa11

Добавлено через 59 минут

File ethxttap.sys ethsqcxl.sys received on 12.02.2008 09:13:38 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.2.0 2008.12.02 -
AntiVir 7.9.0.36 2008.12.02 TR/Rootkit.Gen
Authentium 5.1.0.4 2008.12.02 -
Avast 4.8.1281.0 2008.12.01 -
AVG 8.0.0.199 2008.12.02 Win32/Rustock.G
BitDefender 7.2 2008.12.02 -
CAT-QuickHeal 10.00 2008.12.02 -
ClamAV 0.94.1 2008.12.02 -
DrWeb 4.44.0.09170 2008.12.02 -
eSafe 7.0.17.0 2008.11.30 -
eTrust-Vet 31.6.6238 2008.12.02 -
Ewido 4.0 2008.12.01 -
F-Prot 4.4.4.56 2008.12.01 -
F-Secure 8.0.14332.0 2008.12.02 -
Fortinet 3.117.0.0 2008.12.02 -
GData 19 2008.12.02 -
Ikarus T3.1.1.45.0 2008.12.02 -
K7AntiVirus 7.10.539 2008.12.01 -
Kaspersky 7.0.0.125 2008.12.02 -
McAfee 5451 2008.12.01 -
McAfee+Artemis 5451 2008.12.01 -
Microsoft 1.4104 2008.12.02 Spammer:Win32/Rlsloup.B
NOD32 3656 2008.12.02 -
Norman 5.80.02 2008.12.01 -
Panda 9.0.0.4 2008.12.02 -
PCTools 4.4.2.0 2008.12.01 -
Prevx1 V2 2008.12.02 -
Rising 21.06.10.00 2008.12.02 -
SecureWeb-Gateway 6.7.6 2008.12.02 Trojan.Rootkit.Gen
Sophos 4.36.0 2008.12.02 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.02 -
TheHacker 6.3.1.2.171 2008.12.02 -
TrendMicro 8.700.0.1004 2008.12.02 -
VBA32 3.12.8.9 2008.12.01 -
ViRobot 2008.12.2.1495 2008.12.02 -
VirusBuster 4.5.11.0 2008.12.01 -
Additional information
File size: 135232 bytes
MD5...: 2690ad3b314f9e94d47356171889af67

Hanson
02.12.2008, 13:48
Файл avz00003.dta(vmnetx86.sys) получен 2008.12.02 09:13:08 (CET)
Текущий статус:закончено
Результат: 5/37 (13.52%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.12.2.0 2008.12.02 -
AntiVir 7.9.0.36 2008.12.02 -
Authentium 5.1.0.4 2008.12.02 -
Avast 4.8.1281.0 2008.12.01 -
AVG 8.0.0.199 2008.12.02 -
BitDefender 7.2 2008.12.02 -
CAT-QuickHeal 10.00 2008.12.02 -
ClamAV 0.94.1 2008.12.02 -
DrWeb 4.44.0.09170 2008.12.02 -
eSafe 7.0.17.0 2008.11.30 -
eTrust-Vet 31.6.6238 2008.12.02 -
Ewido 4.0 2008.12.01 -
F-Prot 4.4.4.56 2008.12.01 -
F-Secure 8.0.14332.0 2008.12.02 -
Fortinet 3.117.0.0 2008.12.02 suspicious
GData 19 2008.12.02 -
Ikarus T3.1.1.45.0 2008.12.02 -
K7AntiVirus 7.10.539 2008.12.01 -
Kaspersky 7.0.0.125 2008.12.02 -
McAfee 5451 2008.12.01 -
McAfee+Artemis 5451 2008.12.01 Generic!Artemis
Microsoft 1.4104 2008.12.02 -
NOD32 3656 2008.12.02 -
Norman 5.80.02 2008.12.01 -
Panda 9.0.0.4 2008.12.02 -
PCTools 4.4.2.0 2008.12.01 -
Prevx1 V2 2008.12.02 -
Rising 21.06.10.00 2008.12.02 RootKit.Win32.Undef.nb
SecureWeb-Gateway 6.7.6 2008.12.02 -
Sophos 4.36.0 2008.12.02 -
Sunbelt 3.1.1832.2 2008.12.01 Trojan.DDoS.SITC
Symantec 10 2008.12.02 -
TheHacker 6.3.1.2.171 2008.12.02 -
TrendMicro 8.700.0.1004 2008.12.02 -
VBA32 3.12.8.9 2008.12.01 Trojan.Win32.DDosBot
ViRobot 2008.12.2.1495 2008.12.02 -
VirusBuster 4.5.11.0 2008.12.01 -
ответ Каспера, через 2 часа после отправки файла

Здравствуйте,

avz00003.dta - Rootkit.Win32.KernelBot.dn

Детектирование файла будет добавлено в следующее обновление.

др веб ответил через 4 часа,
Trojan.NtRootKit.2400
больше никто пока неответил

Shu_b
02.12.2008, 16:15
File Microsoft Common\wuauclt.exe received on 12.02.2008 12:41:26 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.2.2 2008.12.02 -
AntiVir 7.9.0.36 2008.12.02 -
Authentium 5.1.0.4 2008.12.02 -
Avast 4.8.1281.0 2008.12.01 -
AVG 8.0.0.199 2008.12.02 Win32/Heur
BitDefender 7.2 2008.12.02 Trojan.Generic.1023521
CAT-QuickHeal 10.00 2008.12.02 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.12.02 -
DrWeb 4.44.0.09170 2008.12.02 -
eSafe 7.0.17.0 2008.11.30 Suspicious File
eTrust-Vet 31.6.6238 2008.12.02 -
Ewido 4.0 2008.12.01 -
F-Prot 4.4.4.56 2008.12.01 -
Fortinet 3.117.0.0 2008.12.02 -
GData 19 2008.12.02 Trojan.Generic.1023521
Ikarus T3.1.1.45.0 2008.12.02 -
K7AntiVirus 7.10.539 2008.12.01 -
Kaspersky 7.0.0.125 2008.12.02 -
McAfee 5451 2008.12.01 New Malware.ix
McAfee+Artemis 5451 2008.12.01 New Malware.ix
Microsoft 1.4104 2008.12.02 -
NOD32 3657 2008.12.02 -
Norman 5.80.02 2008.12.01 -
Panda 9.0.0.4 2008.12.02 -
PCTools 4.4.2.0 2008.12.01 -
Rising 21.06.12.00 2008.12.02 -
SecureWeb-Gateway 6.7.6 2008.12.02 Virus.Win32.FileInfector.gen (suspicious)
Sophos 4.36.0 2008.12.02 Mal/EncPk-FC
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.02 -
TheHacker 6.3.1.2.171 2008.12.02 -
TrendMicro 8.700.0.1004 2008.12.02 -
VBA32 3.12.8.9 2008.12.01 suspected of Malware-Cryptor.Win32.General.3
ViRobot 2008.12.2.1496 2008.12.02 -
VirusBuster 4.5.11.0 2008.12.01 -
Additional information
File size: 24576 bytes
MD5...: 23801a0d48390720d217adba2fe6f9fc

Добавлено через 50 минут

File kdmpq.exe received on 12.02.2008 13:24:41 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.2.2 2008.12.02 -
AntiVir 7.9.0.36 2008.12.02 -
Authentium 5.1.0.4 2008.12.02 W32/Sinowal-based!Maximus
Avast 4.8.1281.0 2008.12.01 Win32:FaDrop
AVG 8.0.0.199 2008.12.02 -
BitDefender 7.2 2008.12.02 -
CAT-QuickHeal 10.00 2008.12.02 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.12.02 -
DrWeb 4.44.0.09170 2008.12.02 -
eSafe 7.0.17.0 2008.11.30 Suspicious File
eTrust-Vet 31.6.6238 2008.12.02 -
Ewido 4.0 2008.12.01 -
F-Prot 4.4.4.56 2008.12.01 W32/Sinowal-based!Maximus
F-Secure 8.0.14332.0 2008.12.02 Suspicious:W32/Malware!Gemini
Fortinet 3.117.0.0 2008.12.02 -
GData 19 2008.12.02 Win32:FaDrop
Ikarus T3.1.1.45.0 2008.12.02 -
K7AntiVirus 7.10.539 2008.12.01 -
Kaspersky 7.0.0.125 2008.12.02 -
McAfee 5451 2008.12.01 -
McAfee+Artemis 5451 2008.12.01 -
Microsoft 1.4104 2008.12.02 Trojan:Win32/Alureon.gen
NOD32 3657 2008.12.02 a variant of Win32/Kryptik.BT
Norman 5.80.02 2008.12.01 -
Panda 9.0.0.4 2008.12.02 -
PCTools 4.4.2.0 2008.12.01 -
Prevx1 V2 2008.12.02 -
Rising 21.06.12.00 2008.12.02 -
SecureWeb-Gateway 6.7.6 2008.12.02 -
Sophos 4.36.0 2008.12.02 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.02 -
TheHacker 6.3.1.2.171 2008.12.02 -
TrendMicro 8.700.0.1004 2008.12.02 -
VBA32 3.12.8.9 2008.12.01 -
ViRobot 2008.12.2.1496 2008.12.02 -
VirusBuster 4.5.11.0 2008.12.01 -
Additional information
File size: 76800 bytes
MD5...: 41b8e54b145f0b509870b2c91756d5b7

Добавлено через 32 минуты

File autorun.inf\sgucjl.exe received on 12.02.2008 14:02:45 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.2.2 2008.12.02 -
AntiVir 7.9.0.36 2008.12.02 -
Authentium 5.1.0.4 2008.12.02 -
Avast 4.8.1281.0 2008.12.01 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.12.02 -
BitDefender 7.2 2008.12.02 -
CAT-QuickHeal 10.00 2008.12.02 -
ClamAV 0.94.1 2008.12.02 -
DrWeb 4.44.0.09170 2008.12.02 -
eSafe 7.0.17.0 2008.11.30 Suspicious File
eTrust-Vet 31.6.6238 2008.12.02 -
Ewido 4.0 2008.12.01 -
F-Prot 4.4.4.56 2008.12.01 -
F-Secure 8.0.14332.0 2008.12.02 -
Fortinet 3.117.0.0 2008.12.02 -
GData 19 2008.12.02 Win32:Trojan-gen {Other}
Ikarus T3.1.1.45.0 2008.12.02 -
K7AntiVirus 7.10.539 2008.12.01 -
Kaspersky 7.0.0.125 2008.12.02 -
McAfee 5451 2008.12.01 -
McAfee+Artemis 5451 2008.12.01 -
Microsoft 1.4104 2008.12.02 -
NOD32 3657 2008.12.02 Win32/Packed.Autoit.Gen
Norman 5.80.02 2008.12.01 -
Panda 9.0.0.4 2008.12.02 -
PCTools 4.4.2.0 2008.12.02 -
Prevx1 V2 2008.12.02 -
Rising 21.06.12.00 2008.12.02 -
SecureWeb-Gateway 6.7.6 2008.12.02 -
Sophos 4.36.0 2008.12.02 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.02 -
TheHacker 6.3.1.2.171 2008.12.02 -
TrendMicro 8.700.0.1004 2008.12.02 -
VBA32 3.12.8.9 2008.12.01 -
ViRobot 2008.12.2.1496 2008.12.02 -
VirusBuster 4.5.11.0 2008.12.01 -
Additional information
File size: 484488 bytes
MD5...: 11ba1cec8e6f3c7a6d064f0c53bc4510

Добавлено через 5 минут

File kavo0.dll received on 12.02.2008 14:06:32 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.2.2 2008.12.02 -
AntiVir 7.9.0.36 2008.12.02 -
Authentium 5.1.0.4 2008.12.02 -
Avast 4.8.1281.0 2008.12.01 -
AVG 8.0.0.199 2008.12.02 Win32/Heur
BitDefender 7.2 2008.12.02 -
CAT-QuickHeal 10.00 2008.12.02 -
ClamAV 0.94.1 2008.12.02 -
DrWeb 4.44.0.09170 2008.12.02 -
eSafe 7.0.17.0 2008.11.30 Suspicious File
eTrust-Vet 31.6.6238 2008.12.02 -
Ewido 4.0 2008.12.02 -
F-Prot 4.4.4.56 2008.12.01 -
F-Secure 8.0.14332.0 2008.12.02 -
Fortinet 3.117.0.0 2008.12.02 -
GData 19 2008.12.02 Packer.Malware.NSAnti.1
Ikarus T3.1.1.45.0 2008.12.02 -
K7AntiVirus 7.10.539 2008.12.01 -
Kaspersky 7.0.0.125 2008.12.02 -
McAfee 5451 2008.12.01 -
McAfee+Artemis 5451 2008.12.01 Generic!Artemis
Microsoft 1.4104 2008.12.02 PWS:Win32/Frethog.D
NOD32 3657 2008.12.02 -
Norman 5.80.02 2008.12.01 -
Panda 9.0.0.4 2008.12.02 Suspicious file
PCTools 4.4.2.0 2008.12.02 -
Prevx1 V2 2008.12.02 -
Rising 21.06.12.00 2008.12.02 -
SecureWeb-Gateway 6.7.6 2008.12.02 Virus.Win32.FileInfector.gen!84 (suspicious)
Sophos 4.36.0 2008.12.02 Troj/Virtum-Gen
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.02 -
TheHacker 6.3.1.2.171 2008.12.02 -
TrendMicro 8.700.0.1004 2008.12.02 -
VBA32 3.12.8.9 2008.12.01 -
ViRobot 2008.12.2.1496 2008.12.02 -
VirusBuster 4.5.11.0 2008.12.01 -
Additional information
File size: 147456 bytes
MD5...: e3cefe9cf6bf9400fec3912a24dfae7b


File autorun.inf \eeqt.exe received on 12.02.2008 14:06:45 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.2.2 2008.12.02 -
AntiVir 7.9.0.36 2008.12.02 -
Authentium 5.1.0.4 2008.12.02 -
Avast 4.8.1281.0 2008.12.01 -
AVG 8.0.0.199 2008.12.02 PSW.OnlineGames_r.K
BitDefender 7.2 2008.12.02 -
CAT-QuickHeal 10.00 2008.12.02 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.12.02 -
DrWeb 4.44.0.09170 2008.12.02 -
eSafe 7.0.17.0 2008.11.30 Suspicious File
eTrust-Vet 31.6.6238 2008.12.02 -
Ewido 4.0 2008.12.02 -
F-Prot 4.4.4.56 2008.12.01 -
Fortinet 3.117.0.0 2008.12.02 -
GData 19 2008.12.02 Packer.Malware.NSAnti.1
Ikarus T3.1.1.45.0 2008.12.02 -
K7AntiVirus 7.10.539 2008.12.01 -
Kaspersky 7.0.0.125 2008.12.02 -
McAfee 5451 2008.12.01 New Malware.bx
McAfee+Artemis 5451 2008.12.01 New Malware.bx
Microsoft 1.4104 2008.12.02 PWS:Win32/Frethog.AJ
NOD32 3657 2008.12.02 -
Norman 5.80.02 2008.12.01 -
Panda 9.0.0.4 2008.12.02 -
PCTools 4.4.2.0 2008.12.02 -
Prevx1 V2 2008.12.02 -
Rising 21.06.12.00 2008.12.02 -
SecureWeb-Gateway 6.7.6 2008.12.02 Trojan.Crypt.LooksLike.XPACK
Sophos 4.36.0 2008.12.02 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.02 -
TheHacker 6.3.1.2.171 2008.12.02 -
TrendMicro 8.700.0.1004 2008.12.02 -
VBA32 3.12.8.9 2008.12.01 -
ViRobot 2008.12.2.1496 2008.12.02 -
VirusBuster 4.5.11.0 2008.12.01 -
Additional information
File size: 109788 bytes
MD5...: fc7f4c670fad604211bf890a70365d6b

Shu_b
05.12.2008, 16:00
File \Temp\init.exe received on 12.05.2008 12:01:28 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.5.0 2008.12.05 -
AntiVir 7.9.0.41 2008.12.05 -
Authentium 5.1.0.4 2008.12.05 -
Avast 4.8.1281.0 2008.12.04 Win32:Fabot
AVG 8.0.0.199 2008.12.05 -
BitDefender 7.2 2008.12.05 -
CAT-QuickHeal 10.00 2008.12.05 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.12.05 -
Comodo 682 2008.12.04 -
DrWeb 4.44.0.09170 2008.12.05 -
eSafe 7.0.17.0 2008.12.04 -
eTrust-Vet 31.6.6243 2008.12.04 -
Ewido 4.0 2008.12.04 -
F-Prot 4.4.4.56 2008.12.04 -
F-Secure 8.0.14332.0 2008.12.05 -
Fortinet 3.117.0.0 2008.12.05 -
GData 19 2008.12.05 Win32:Fabot
Ikarus T3.1.1.45.0 2008.12.05 -
K7AntiVirus 7.10.543 2008.12.04 -
Kaspersky 7.0.0.125 2008.12.05 -
McAfee 5454 2008.12.04 -
McAfee+Artemis 5454 2008.12.04 -
Microsoft 1.4205 2008.12.05 -
NOD32 3666 2008.12.05 -
Norman 5.80.02 2008.12.04 -
Panda 9.0.0.4 2008.12.04 -
PCTools 4.4.2.0 2008.12.04 -
Prevx1 V2 2008.12.05 -
Rising 21.06.42.00 2008.12.05 -
SecureWeb-Gateway 6.7.6 2008.12.05 -
Sophos 4.36.0 2008.12.05 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.05 -
TheHacker 6.3.1.2.176 2008.12.05 -
TrendMicro 8.700.0.1004 2008.12.05 -
VBA32 3.12.8.10 2008.12.05 -
ViRobot 2008.12.5.1502 2008.12.05 -
VirusBuster 4.5.11.0 2008.12.04 -
Additional information
File size: 36864 bytes
MD5...: 592ee0ae2fce5633e5b37186453e79b1

Добавлено через 1 минуту

File services.exe received on 12.05.2008 12:04:15 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.5.0 2008.12.05 -
AntiVir 7.9.0.41 2008.12.05 TR/Drop.SQH.31
Authentium 5.1.0.4 2008.12.05 -
Avast 4.8.1281.0 2008.12.04 Win32:Fabot
AVG 8.0.0.199 2008.12.05 -
BitDefender 7.2 2008.12.05 Trojan.Dropper.SQH
CAT-QuickHeal 10.00 2008.12.05 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.12.05 -
Comodo 682 2008.12.04 -
DrWeb 4.44.0.09170 2008.12.05 -
eSafe 7.0.17.0 2008.12.04 -
eTrust-Vet 31.6.6243 2008.12.04 -
Ewido 4.0 2008.12.04 -
F-Prot 4.4.4.56 2008.12.04 -
F-Secure 8.0.14332.0 2008.12.05 -
Fortinet 3.117.0.0 2008.12.05 -
GData 19 2008.12.05 Trojan.Dropper.SQH
Ikarus T3.1.1.45.0 2008.12.05 -
K7AntiVirus 7.10.543 2008.12.04 -
Kaspersky 7.0.0.125 2008.12.05 -
McAfee 5454 2008.12.04 -
McAfee+Artemis 5454 2008.12.04 -
Microsoft 1.4205 2008.12.05 -
NOD32 3666 2008.12.05 -
Norman 5.80.02 2008.12.04 -
Panda 9.0.0.4 2008.12.04 -
PCTools 4.4.2.0 2008.12.04 -
Prevx1 V2 2008.12.05 -
Rising 21.06.42.00 2008.12.05 -
SecureWeb-Gateway 6.7.6 2008.12.05 Trojan.Drop.SQH.31
Sophos 4.36.0 2008.12.05 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.05 -
TheHacker 6.3.1.2.176 2008.12.05 -
TrendMicro 8.700.0.1004 2008.12.05 -
VBA32 3.12.8.10 2008.12.05 -
ViRobot 2008.12.5.1502 2008.12.05 -
VirusBuster 4.5.11.0 2008.12.04 -
Additional information
File size: 43008 bytes
MD5...: dc03a966df53d8bba045895a11a18957

Добавлено через 1 час 52 минуты

File runsql.exe svzip.exe received on 12.05.2008 13:49:29 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.5.0 2008.12.05 -
AntiVir 7.9.0.41 2008.12.05 TR/Dropper.Gen
Authentium 5.1.0.4 2008.12.05 -
Avast 4.8.1281.0 2008.12.04 Win32:Lighty-I
AVG 8.0.0.199 2008.12.05 Win32/Heur
BitDefender 7.2 2008.12.05 -
CAT-QuickHeal 10.00 2008.12.05 -
ClamAV 0.94.1 2008.12.05 -
Comodo 682 2008.12.04 -
DrWeb 4.44.0.09170 2008.12.05 -
eSafe 7.0.17.0 2008.12.04 -
eTrust-Vet 31.6.6243 2008.12.04 -
Ewido 4.0 2008.12.05 -
F-Prot 4.4.4.56 2008.12.04 -
F-Secure 8.0.14332.0 2008.12.05 -
Fortinet 3.117.0.0 2008.12.05 -
GData 19 2008.12.05 Win32:Lighty-I
Ikarus T3.1.1.45.0 2008.12.05 -
K7AntiVirus 7.10.543 2008.12.04 -
Kaspersky 7.0.0.125 2008.12.05 -
McAfee 5454 2008.12.04 Olmarik
McAfee+Artemis 5454 2008.12.04 Olmarik
Microsoft 1.4205 2008.12.05 TrojanDownloader:Win32/Renos.FJ
NOD32 3666 2008.12.05 a variant of Win32/Kryptik.CM
Norman 5.80.02 2008.12.05 -
Panda 9.0.0.4 2008.12.05 -
PCTools 4.4.2.0 2008.12.05 -
Prevx1 V2 2008.12.05 Cloaked Malware
Rising 21.06.43.00 2008.12.05 -
SecureWeb-Gateway 6.7.6 2008.12.05 Trojan.Dropper.Gen
Sophos 4.36.0 2008.12.05 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.05 Trojan.Fakeavalert
TheHacker 6.3.1.2.176 2008.12.05 -
TrendMicro 8.700.0.1004 2008.12.05 -
VBA32 3.12.8.10 2008.12.05 -
ViRobot 2008.12.5.1502 2008.12.05 -
VirusBuster 4.5.11.0 2008.12.04 Trojan.FakeAlert.Gen!Pac.3
Additional information
File size: 279040 bytes
MD5...: 979c3771126466704cc8ca49bb8bd4ec

Groft
07.12.2008, 23:21
Файл tmp1.tmp получен 2008.12.07 21:13:51 (CET)
Текущий статус: закончено
Результат: 9/38 (23.69%)
Форматированные
Печать результатов
Антивирус Версия Обновление Результат
AhnLab-V3 2008.12.6.0 2008.12.06 -
AntiVir 7.9.0.42 2008.12.07 -
Authentium 5.1.0.4 2008.12.06 -
Avast 4.8.1281.0 2008.12.06 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.12.06 Downloader.Generic7.AXDR
BitDefender 7.2 2008.12.07 Trojan.Downloader.ConHook.BK
CAT-QuickHeal 10.00 2008.12.06 TrojanDownloader.Cavitate.e
ClamAV 0.94.1 2008.12.07 -
Comodo 698 2008.12.06 -
DrWeb 4.44.0.09170 2008.12.07 -
eSafe 7.0.17.0 2008.12.07 -
eTrust-Vet 31.6.6246 2008.12.05 -
Ewido 4.0 2008.12.07 -
F-Prot 4.4.4.56 2008.12.04 -
F-Secure 8.0.14332.0 2008.12.07 -
Fortinet 3.117.0.0 2008.12.07 -
GData 19 2008.12.07 Trojan.Downloader.ConHook.BK
Ikarus T3.1.1.45.0 2008.12.07 Trojan-Downloader.Win32.Injecter
K7AntiVirus 7.10.547 2008.12.06 -
Kaspersky 7.0.0.125 2008.12.07 -
McAfee 5456 2008.12.06 -
McAfee+Artemis 5456 2008.12.06 -
Microsoft 1.4205 2008.12.07 TrojanDownloader:Win32/Cavitate.gen!E
NOD32 3668 2008.12.06 probably a variant of Win32/TrojanDownloader.Agent.NXY
Norman 5.80.02 2008.12.05 -
Panda 9.0.0.4 2008.12.07 -
PCTools 4.4.2.0 2008.12.06 -
Prevx1 V2 2008.12.07 -
Rising 21.06.62.00 2008.12.07 -
SecureWeb-Gateway 6.7.6 2008.12.07 -
Sophos 4.36.0 2008.12.07 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.07 -
TheHacker 6.3.1.2.179 2008.12.06 -
TrendMicro 8.700.0.1004 2008.12.05 -
VBA32 3.12.8.10 2008.12.07 suspected of Downloader.Small.48
ViRobot 2008.12.6.1504 2008.12.06 -
VirusBuster 4.5.11.0 2008.12.05 -
Дополнительная информация
File size: 34304 bytes
MD5...: d7688fb077e20b86aa73754a52521038
http://www.virustotal.com/ru/analisis/b3abd972edac4bc473817575ac7b18ce

ISO
08.12.2008, 19:57
Очередной порноинформер
File glwlib.dll received on 12.08.2008 16:31:07 (CET)
Result: 7/38 (18.43%)



Antivirus Version Last Update Result AhnLab-V32008.12.6.02008.12.06-
AntiVir7.9.0.422008.12.08-
Authentium5.1.0.42008.12.08-
Avast4.8.1281.02008.12.08Win32:Hexzone-U
AVG8.0.0.1992008.12.07Adload_r.FF
BitDefender7.22008.12.07-
CAT-QuickHeal10.002008.12.08-
ClamAV0.94.12008.12.07-
Comodo7082008.12.08-
DrWeb4.44.0.091702008.12.07Trojan.Blackmailer.orig ine
Safe7.0.17.02008.12.08-
eTrust-
Vet31.6.62462008.12.05-
Ewido4.02008.12.07-
F-Prot4.4.4.562008.12.04-
F-Secure8.0.14332.02008.12.08Trojan-Ransom.Win32.Hexzone.giz
Fortinet3.117.0.02008.12.07-
GData192008.12.07Win32:Hexzone-U
IkarusT3.1.1.45.02008.12.08Trojan-Ransom.Win32.Hexzone
K7AntiVirus7.10.5482008.12.08-
Kaspersky7.0.0.1252008.12.07Trojan-Ransom.Win32.Hexzone.giz
McAfee54562008.12.06-
McAfee+Artemis54562008.12.06-
Microsoft1.42052008.12.08-
NOD3236702008.12.08-
Norman5.80.022008.12.05-
Panda9.0.0.42008.12.07-
PCTools4.4.2.02008.12.08-
Prevx1V22008.12.08-
Rising21.06.62.002008.12.07-
SecureWeb-
Gateway6.7.62008.12.08-
Sophos4.36.02008.12.07-
Sunbelt3.1.1832.22008.12.01-
Symantec102008.12.07-
TheHacker6.3.1.2.1792008.12.06-
TrendMicro8.700.0.10042008.12.08-
VBA323.12.8.102008.12.07-
ViRobot2008.12.6.15042008.12.06-
VirusBuster4.5.11.02008.12.08-


File conmgr.exe received on 12.09.2008 05:44:27 (CET)
Result: 16/38 (42.11%)


Antivirus Version Last Update Result
AhnLab-V3 2008.12.8.1 2008.12.09 -
AntiVir 7.9.0.43 2008.12.08 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.12.08 -
Avast 4.8.1281.0 2008.12.08 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.12.08 -
BitDefender 7.2 2008.12.09 Packer.Krunchy.B
CAT-QuickHeal 10.00 2008.12.09 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.12.09 -
Comodo 711 2008.12.08 -
DrWeb 4.44.0.09170 2008.12.09 -
eSafe 7.0.17.0 2008.12.08 -
eTrust-Vet 31.6.6246 2008.12.05 -
Ewido 4.0 2008.12.08 -
F-Prot 4.4.4.56 2008.12.08 -
F-Secure 8.0.14332.0 2008.12.09 W32/Packed_Krunchy.A
Fortinet 3.117.0.0 2008.12.09 PossibleThreat
GData 19 2008.12.09 Packer.Krunchy.B
Ikarus T3.1.1.45.0 2008.12.08 Packer.Krunchy.B
K7AntiVirus 7.10.548 2008.12.08 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.12.09 -
McAfee 5458 2008.12.08 Generic.dx
McAfee+Artemis 5458 2008.12.09 Generic.dx
Microsoft 1.4205 2008.12.09 -
NOD32 3674 2008.12.09 -
Norman 5.80.02 2008.12.08 W32/Packed_Krunchy.A
Panda 9.0.0.4 2008.12.08 Generic Trojan
PCTools 4.4.2.0 2008.12.08 -
Prevx1 V2 2008.12.09 -
Rising 21.07.02.00 2008.12.08 -
SecureWeb-Gateway 6.7.6 2008.12.09 Trojan.Crypt.XPACK.Gen
Sophos 4.36.0 2008.12.09 Mal/Generic-A
Sunbelt 3.1.1832.2 2008.12.01 VIPRE.Suspicious
Symantec 10 2008.12.09 -
TheHacker 6.3.1.2.180 2008.12.09 -
TrendMicro 8.700.0.1004 2008.12.08 -
VBA32 3.12.8.10 2008.12.09 -
ViRobot 2008.12.9.1507 2008.12.09 -
VirusBuster 4.5.11.0 2008.12.08 -

ALEX(XX)
09.12.2008, 11:04
File rxzwug.exe received on 12.09.2008 08:29:07 (CET)


Antivirus Version Last Update Result
AhnLab-V3 2008.12.8.1 2008.12.09 -
AntiVir 7.9.0.43 2008.12.08 TR/Autoit.FN
Authentium 5.1.0.4 2008.12.08 -
Avast 4.8.1281.0 2008.12.08 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.12.08 -
BitDefender 7.2 2008.12.09 Trojan.Generic.1175909
CAT-QuickHeal 10.00 2008.12.09 Trojan.Agent.arqp
ClamAV 0.94.1 2008.12.09 Worm.Autorun-1793
Comodo 713 2008.12.09 -
DrWeb 4.44.0.09170 2008.12.09 -
eSafe 7.0.17.0 2008.12.08 Suspicious File
eTrust-Vet 31.6.6246 2008.12.05 -
Ewido 4.0 2008.12.08 -
F-Prot 4.4.4.56 2008.12.08 -
F-Secure 8.0.14332.0 2008.12.09 Trojan.Win32.Autoit.fn
Fortinet 3.117.0.0 2008.12.09 -
GData 19 2008.12.09 Trojan.Generic.1175909
Ikarus T3.1.1.45.0 2008.12.08 Trojan.Win32.Autoit.dt
K7AntiVirus 7.10.548 2008.12.08 -
Kaspersky 7.0.0.125 2008.12.09 Trojan.Win32.Autoit.fn
McAfee 5458 2008.12.08 W32/Autorun.worm.zf.gen
McAfee+Artemis 5458 2008.12.09 W32/Autorun.worm.zf.gen
Microsoft 1.4205 2008.12.09 Worm:AutoIt/Renocide.gen!A
NOD32 3675 2008.12.09 Win32/Packed.Autoit.Gen
Norman 5.80.02 2008.12.08 W32/Agent.JIIR
Panda 9.0.0.4 2008.12.08 W32/Autoit.AB
PCTools 4.4.2.0 2008.12.08 -
Prevx1 V2 2008.12.09 -
Rising 21.07.02.00 2008.12.08 -
SecureWeb-Gateway 6.7.6 2008.12.09 Trojan.Autoit.FN
Sophos 4.36.0 2008.12.09 Sus/Behav-1011
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.09 -
TheHacker 6.3.1.2.180 2008.12.09 Trojan/Autoit.gs
TrendMicro 8.700.0.1004 2008.12.09 -
VBA32 3.12.8.10 2008.12.09 -
ViRobot 2008.12.9.1507 2008.12.09 -
VirusBuster 4.5.11.0 2008.12.08 -

Additional information
File size: 420320 bytes
MD5...: 0a41d1c04d74329667594d85b054542f
SHA1..: 1b4b46d5804812f3a921e06a4179bd46e05e586a
SHA256: 4bcfb65ca251580266878b92a1c4c01063e765bc5ded930fa1 9d7c3dc053c577
SHA512: 88f041a876d13ae04e24e3960e8947eeb898f4c3e59cfabcf1 a9efc2f79f9d80<BR>ce6554009b497f7c88318c8ab0977f0aaacd28ccf95ff19c6a 6598313aa894a5<BR>
ssdeep: 12288:mnNhuBoY8SorxgmA+nlvVluyVsMDCTHEs9K:mPatCg7E P8yqMDOkgK<BR>
PEiD..: -
TrID..: File type identification<BR>UPX compressed Win32 Executable (39.5%)<BR>Win32 EXE Yoda's Crypter (34.3%)<BR>Win32 Executable Generic (11.0%)<BR>Win32 Dynamic Link Library (generic) (9.8%)<BR>Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x490490<BR>timedatestamp.....: 0x4850e379 (Thu Jun 12 08:51:05 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>UPX0 0x1000 0x58000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>UPX1 0x59000 0x38000 0x37800 7.93 c8cb0c68e090a662ba2868cc32095c1b<BR>.rsrc 0x91000 0x1000 0x600 3.31 d013d2373cc18dfe81eb1acfaa18d88b<BR><BR>( 13 imports ) <BR>&gt; KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<BR>&gt; ADVAPI32.dll: RegCloseKey<BR>&gt; COMCTL32.dll: ImageList_Create<BR>&gt; comdlg32.dll: GetSaveFileNameW<BR>&gt; GDI32.dll: LineTo<BR>&gt; MPR.dll: WNetUseConnectionW<BR>&gt; ole32.dll: CoInitialize<BR>&gt; OLEAUT32.dll: -<BR>&gt; SHELL32.dll: DragFinish<BR>&gt; USER32.dll: GetDC<BR>&gt; VERSION.dll: VerQueryValueW<BR>&gt; WINMM.dll: timeGetTime<BR>&gt; WSOCK32.dll: -<BR><BR>( 0 exports ) <BR>
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX

Добавлено через 7 минут

Файл autorun.inf получен 2008.12.09 08:59:40 (CET)


Антивирус Версия Обновление Результат
AhnLab-V3 2008.12.8.1 2008.12.09 -
AntiVir 7.9.0.43 2008.12.09 -
Authentium 5.1.0.4 2008.12.08 -
Avast 4.8.1281.0 2008.12.08 -
AVG 8.0.0.199 2008.12.08 Worm/AutoRun
BitDefender 7.2 2008.12.09 -
CAT-QuickHeal 10.00 2008.12.09 -
ClamAV 0.94.1 2008.12.09 Worm.Autorun-1792
Comodo 713 2008.12.09 -
DrWeb 4.44.0.09170 2008.12.09 -
eSafe 7.0.17.0 2008.12.08 -
eTrust-Vet 31.6.6246 2008.12.05 INF/SillyAutorun
Ewido 4.0 2008.12.08 -
F-Prot 4.4.4.56 2008.12.08 -
F-Secure 8.0.14332.0 2008.12.09 BAT/AutoRun.AE
Fortinet 3.117.0.0 2008.12.09 -
GData 19 2008.12.09 -
Ikarus T3.1.1.45.0 2008.12.08 -
K7AntiVirus 7.10.548 2008.12.08 -
Kaspersky 7.0.0.125 2008.12.09 -
McAfee 5458 2008.12.08 -
McAfee+Artemis 5458 2008.12.09 -
Microsoft 1.4205 2008.12.09 -
NOD32 3675 2008.12.09 INF/Autorun.gen
Norman 5.80.02 2008.12.08 BAT/AutoRun.AE
Panda 9.0.0.4 2008.12.08 -
PCTools 4.4.2.0 2008.12.08 -
Prevx1 V2 2008.12.09 -
Rising 21.07.02.00 2008.12.08 -
SecureWeb-Gateway 6.7.6 2008.12.09 -
Sophos 4.36.0 2008.12.09 W32/Yahlov-A
Sunbelt 3.1.1832.2 2008.12.01 INF.Autorun (v)
Symantec 10 2008.12.09 -
TheHacker 6.3.1.2.180 2008.12.09 -
TrendMicro 8.700.0.1004 2008.12.09 Mal_Otorun1
VBA32 3.12.8.10 2008.12.09 -
ViRobot 2008.12.9.1507 2008.12.09 -
VirusBuster 4.5.11.0 2008.12.08 INF.Autorun.Gen

Дополнительная информация
File size: 329 bytes
MD5...: 75f1ea0c347a2181a360a9304678379c
SHA1..: 24bcea875b855efcaf7d17b8b794506cd1ad9140
SHA256: 7be18c48eb4bcb971925d33d98804acd233d507950044a037b febfd32757ae76
SHA512: 72c49d94e3d7c2a7ab8cc7556b18c7dac4636934d182d61f13 2f97cabef75fdf<BR>2dd92b30eda731db98895c366ddf8db2cdde149088fdb4cc4e 60098dd5e81ff8<BR>
ssdeep: 6:ic5hu37Kxg7oQq0TMvc3WA8ziQDG243Dqea8XWVLXJZJggTw Zew7n:i2uLKm7P<BR>Mvc3WA8zfGDKLlggcQw7<BR>
PEiD..: -
TrID..: File type identification<BR>Unknown!
PEInfo: -

Shu_b
10.12.2008, 16:55
File ntos.exe received on 12.10.2008 12:28:27 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.10.2 2008.12.10 -
AntiVir 7.9.0.43 2008.12.10 -
Authentium 5.1.0.4 2008.12.10 -
Avast 4.8.1281.0 2008.12.10 Win32:Lighty-J
AVG 8.0.0.199 2008.12.09 SHeur2.FKG
BitDefender 7.2 2008.12.10 Packer.Malware.Lighty.E
CAT-QuickHeal 10.00 2008.12.10 -
ClamAV 0.94.1 2008.12.10 -
Comodo 718 2008.12.10 -
DrWeb 4.44.0.09170 2008.12.10 -
eSafe 7.0.17.0 2008.12.09 Suspicious File
eTrust-Vet 31.6.6253 2008.12.10 -
Ewido 4.0 2008.12.09 -
F-Prot 4.4.4.56 2008.12.10 -
F-Secure 8.0.14332.0 2008.12.10 -
Fortinet 3.117.0.0 2008.12.10 -
GData 19 2008.12.10 Packer.Malware.Lighty.E
Ikarus T3.1.1.45.0 2008.12.10 Packer.Malware.Lighty
K7AntiVirus 7.10.549 2008.12.09 -
Kaspersky 7.0.0.125 2008.12.10 -
McAfee 5459 2008.12.09 -
McAfee+Artemis 5459 2008.12.09 -
Microsoft 1.4205 2008.12.10 TrojanSpy:Win32/Zbot.gen!C
NOD32 3681 2008.12.10 -
Norman 5.80.02 2008.12.09 -
Panda 9.0.0.4 2008.12.09 -
PCTools 4.4.2.0 2008.12.09 -
Prevx1 V2 2008.12.10 -
Rising 21.07.22.00 2008.12.10 -
SecureWeb-Gateway 6.7.6 2008.12.10 -
Sophos 4.36.0 2008.12.10 Mal/EncPk-EQ
Sunbelt 3.2.1801.2 2008.12.10 -
Symantec 10 2008.12.10 Trojan.Fakeavalert
TheHacker 6.3.1.2.182 2008.12.10 -
TrendMicro 8.700.0.1004 2008.12.10 -
VBA32 3.12.8.10 2008.12.09 -
ViRobot 2008.12.10.1511 2008.12.10 -
VirusBuster 4.5.11.0 2008.12.09 -
Additional information
File size: 177664 bytes
MD5...: faa00352c59d47f98ddfb742f563480d

Добавлено через 16 минут

File twext.exe received on 12.10.2008 12:50:56 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.10.2 2008.12.10 -
AntiVir 7.9.0.43 2008.12.10 -
Authentium 5.1.0.4 2008.12.10 -
Avast 4.8.1281.0 2008.12.10 Win32:Zbot-AVH
AVG 8.0.0.199 2008.12.10 -
BitDefender 7.2 2008.12.10 -
CAT-QuickHeal 10.00 2008.12.10 -
ClamAV 0.94.1 2008.12.10 -
Comodo 718 2008.12.10 -
DrWeb 4.44.0.09170 2008.12.10 Trojan.PWS.Panda.31
eSafe 7.0.17.0 2008.12.09 -
eTrust-Vet 31.6.6252 2008.12.09 -
Ewido 4.0 2008.12.09 -
F-Prot 4.4.4.56 2008.12.10 -
F-Secure 8.0.14332.0 2008.12.10 Trojan-Spy.Win32.Zbot.hrc
Fortinet 3.117.0.0 2008.12.10 -
GData 19 2008.12.10 Win32:Zbot-AVH
Ikarus T3.1.1.45.0 2008.12.10 Trojan-Spy.Win32.Zbot
K7AntiVirus 7.10.549 2008.12.09 -
Kaspersky 7.0.0.125 2008.12.10 Trojan-Spy.Win32.Zbot.hrc
McAfee 5459 2008.12.09 -
McAfee+Artemis 5459 2008.12.09 Generic!Artemis
Microsoft 1.4205 2008.12.10 -
NOD32 3681 2008.12.10 -
Norman 5.80.02 2008.12.09 W32/Malware.EQSW
Panda 9.0.0.4 2008.12.09 -
PCTools 4.4.2.0 2008.12.10 -
Prevx1 V2 2008.12.10 -
Rising 21.07.22.00 2008.12.10 -
SecureWeb-Gateway 6.7.6 2008.12.10 -
Sophos 4.36.0 2008.12.10 -
Sunbelt 3.2.1801.2 2008.12.10 -
Symantec 10 2008.12.10 -
TheHacker 6.3.1.2.182 2008.12.10 -
TrendMicro 8.700.0.1004 2008.12.10 -
VBA32 3.12.8.10 2008.12.09 Trojan-Spy.Win32.Zbot.hme
ViRobot 2008.12.10.1511 2008.12.10 -
VirusBuster 4.5.11.0 2008.12.09 -
Additional information
File size: 588288 bytes
MD5...: 6c6802f0928c25ec068fc8cf33c4c9ba

Добавлено через 1 час 28 минут

File msqpdxmqltoity.sys received on 12.10.2008 13:47:55 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.10.2 2008.12.10 -
AntiVir 7.9.0.43 2008.12.10 -
Authentium 5.1.0.4 2008.12.10 -
Avast 4.8.1281.0 2008.12.10 -
AVG 8.0.0.199 2008.12.10 -
BitDefender 7.2 2008.12.10 -
CAT-QuickHeal 10.00 2008.12.10 -
ClamAV 0.94.1 2008.12.10 -
Comodo 718 2008.12.10 -
DrWeb 4.44.0.09170 2008.12.10 -
eSafe 7.0.17.0 2008.12.09 Suspicious File
eTrust-Vet 31.6.6253 2008.12.10 -
Ewido 4.0 2008.12.10 -
F-Prot 4.4.4.56 2008.12.10 -
F-Secure 8.0.14332.0 2008.12.10 -
Fortinet 3.117.0.0 2008.12.10 -
GData 19 2008.12.10 -
Ikarus T3.1.1.45.0 2008.12.10 -
K7AntiVirus 7.10.549 2008.12.09 -
Kaspersky 7.0.0.125 2008.12.10 -
McAfee 5459 2008.12.09 -
McAfee+Artemis 5459 2008.12.09 -
Microsoft 1.4205 2008.12.10 -
NOD32 3681 2008.12.10 -
Norman 5.80.02 2008.12.09 -
Panda 9.0.0.4 2008.12.09 -
PCTools 4.4.2.0 2008.12.10 -
Prevx1 V2 2008.12.10 Malicious Software
Rising 21.07.22.00 2008.12.10 -
SecureWeb-Gateway 6.7.6 2008.12.10 -
Sophos 4.36.0 2008.12.10 -
Sunbelt 3.2.1801.2 2008.12.10 -
Symantec 10 2008.12.10 -
TheHacker 6.3.1.2.182 2008.12.10 -
TrendMicro 8.700.0.1004 2008.12.10 -
VBA32 3.12.8.10 2008.12.09 -
ViRobot 2008.12.10.1511 2008.12.10 -
VirusBuster 4.5.11.0 2008.12.09 -
Additional information
File size: 62464 bytes
MD5...: 7d0c76addaa22a5cb5b3407d5a78b211

Добавлено через 32 минуты

File nttest.sys received on 12.10.2008 14:49:14 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.10.2 2008.12.10 -
AntiVir 7.9.0.43 2008.12.10 TR/Spy.Agent.sad
Authentium 5.1.0.4 2008.12.10 -
Avast 4.8.1281.0 2008.12.10 Win32:Rootkit-gen
AVG 8.0.0.199 2008.12.10 -
BitDefender 7.2 2008.12.10 -
CAT-QuickHeal 10.00 2008.12.10 -
ClamAV 0.94.1 2008.12.10 -
Comodo 718 2008.12.10 -
DrWeb 4.44.0.09170 2008.12.10 -
eSafe 7.0.17.0 2008.12.10 -
eTrust-Vet 31.6.6253 2008.12.10 -
Ewido 4.0 2008.12.10 -
F-Prot 4.4.4.56 2008.12.10 -
Fortinet 3.117.0.0 2008.12.10 -
GData 19 2008.12.10 Win32:Rootkit-gen
Ikarus T3.1.1.45.0 2008.12.10 -
K7AntiVirus 7.10.550 2008.12.10 -
Kaspersky 7.0.0.125 2008.12.10 Rootkit.Win32.Agent.fiy
McAfee 5459 2008.12.09 -
McAfee+Artemis 5459 2008.12.09 -
Microsoft 1.4205 2008.12.10 -
NOD32 3681 2008.12.10 -
Norman 5.80.02 2008.12.10 -
Panda 9.0.0.4 2008.12.09 -
PCTools 4.4.2.0 2008.12.10 -
Prevx1 V2 2008.12.10 -
Rising 21.07.22.00 2008.12.10 -
SecureWeb-Gateway 6.7.6 2008.12.10 Trojan.Spy.Agent.sad
Sophos 4.36.0 2008.12.10 -
Sunbelt 3.2.1801.2 2008.12.10 -
Symantec 10 2008.12.10 -
TheHacker 6.3.1.2.182 2008.12.10 -
TrendMicro 8.700.0.1004 2008.12.10 -
VBA32 3.12.8.10 2008.12.09 -
ViRobot 2008.12.10.1511 2008.12.10 -
VirusBuster 4.5.11.0 2008.12.09 -
Additional information
File size: 33792 bytes
MD5...: ecaa2fbb9a7ea227cce882ffe31351b4

PavelA
10.12.2008, 18:07
Тема:http://virusinfo.info/showthread.php?t=35469

Src=\??\C:\WINDOWS\system32\drivers\ethvfbgq.sys

Файл bcqr00004.dta получен 2008.12.10 16:01:05 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2008.12.10.2 2008.12.10 Win-Trojan/Agent.137792
AntiVir 7.9.0.43 2008.12.10 TR/Rootkit.Gen
Authentium 5.1.0.4 2008.12.10 -
Avast 4.8.1281.0 2008.12.10 -
AVG 8.0.0.199 2008.12.10 Win32/Rustock.G
BitDefender 7.2 2008.12.10 -
CAT-QuickHeal 10.00 2008.12.10 Rootkit.Agent.epv
ClamAV 0.94.1 2008.12.10 -
Comodo 718 2008.12.10 -
DrWeb 4.44.0.09170 2008.12.10 -
eSafe 7.0.17.0 2008.12.10 -
eTrust-Vet 31.6.6253 2008.12.10 -
Ewido 4.0 2008.12.10 -
F-Prot 4.4.4.56 2008.12.10 -
F-Secure 8.0.14332.0 2008.12.10 -
Fortinet 3.117.0.0 2008.12.10 -
GData 19 2008.12.10 -
Ikarus T3.1.1.45.0 2008.12.10 -
K7AntiVirus 7.10.550 2008.12.10 -
Kaspersky 7.0.0.125 2008.12.10 -
McAfee 5459 2008.12.09 -
McAfee+Artemis 5459
Microsoft 1.4205 2008.12.10 Spammer:Win32/Rlsloup.B
NOD32 3682 2008.12.10 -
Norman 5.80.02 2008.12.10 -
Panda 9.0.0.4 2008.12.09 -
PCTools 4.4.2.0 2008.12.10 -
Prevx1 V2 2008.12.10 -
Rising 21.07.22.00 2008.12.10 -
SecureWeb-Gateway 6.7.6 2008.12.10 Trojan.Rootkit.Gen
Sophos 4.36.0 2008.12.10 -
Sunbelt 3.2.1801.2 2008.12.10 -
Symantec 10 2008.12.10 -
TheHacker 6.3.1.2.182 2008.12.10 -
TrendMicro 8.700.0.1004 2008.12.10 -
VBA32 3.12.8.10 2008.12.09 Rootkit.Win32.Agent.epv
ViRobot 2008.12.10.1511 2008.12.10 Trojan.Win32.RT-Agent.137792
VirusBuster 4.5.11.0 2008.12.10

Фалса или действительно Русток пожаловал в "Помогите!"

Синауридзе Александр
11.12.2008, 21:33
Файл angel.exe получен 2008.12.11 19:21:58 (CET)


AhnLab-V3 2008.12.12.0 2008.12.11 -
AntiVir 7.9.0.43 2008.12.11 -
Authentium 5.1.0.4 2008.12.11 -
Avast 4.8.1281.0 2008.12.10 -
AVG 8.0.0.199 2008.12.11 -
BitDefender 7.2 2008.12.11 -
CAT-QuickHeal 10.00 2008.12.11 -
ClamAV 0.94.1 2008.12.11 -
Comodo 733 2008.12.11 -
DrWeb 4.44.0.09170 2008.12.11 BackDoor.Zany.17
eSafe 7.0.17.0 2008.12.11 -
eTrust-Vet 31.6.6256 2008.12.11 -
Ewido 4.0 2008.12.11 -
F-Prot 4.4.4.56 2008.12.11 -
F-Secure 8.0.14332.0 2008.12.11 Trojan:W32/Reggol.A
Fortinet 3.117.0.0 2008.12.11 -
GData 19 2008.12.11 -
Ikarus T3.1.1.45.0 2008.12.11 -
K7AntiVirus 7.10.551 2008.12.11 -
Kaspersky 7.0.0.125 2008.12.11 -
McAfee 5460 2008.12.10 -
McAfee+Artemis 5460 2008.12.10 Generic!Artemis
Microsoft 1.4205 2008.12.10 -
NOD32 3684 2008.12.11 -
Norman 5.80.02 2008.12.11 -
Panda 9.0.0.4 2008.12.11 -
PCTools 4.4.2.0 2008.12.11 -
Prevx1 V2 2008.12.11 -
Rising 21.07.32.00 2008.12.11 -
SecureWeb-Gateway 6.7.6 2008.12.11 -
Sophos 4.36.0 2008.12.11 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.11 -
TheHacker 6.3.1.2.183 2008.12.11 -
TrendMicro 8.700.0.1004 2008.12.11 -
VBA32 3.12.8.10 2008.12.11 BackDoor.Zany.17
ViRobot 2008.12.11.1513 2008.12.11 -
VirusBuster 4.5.11.0 2008.12.11 -

Дополнительная информация
File size: 747008 bytes
MD5...: c0a16d7987903267becffbf82f82a99b

AlexGOMEL
15.12.2008, 13:25
Файл AVZ00002.DTA получен 2008.09.22 06:21:59 (CET)

moderated by Shu_b: Сентябрьское исследование неинтересно.

ISO
15.12.2008, 14:05
File adsldpcx.exe received on 12.15.2008 11:33:52 (CET)


AhnLab-V3 2008.12.12.2 2008.12.15 -
AntiVir 7.9.0.45 2008.12.15 -
Authentium 5.1.0.4 2008.12.14 -
Avast 4.8.1281.0 2008.12.14 -
AVG 8.0.0.199 2008.12.14 -
BitDefender 7.2 2008.12.15 -
CAT-QuickHeal 10.00 2008.12.15 -
ClamAV 0.94.1 2008.12.15 -
Comodo 754 2008.12.14 -
DrWeb 4.44.0.09170 2008.12.15 -
eSafe 7.0.17.0 2008.12.14 Suspicious File
eTrust-Vet 31.6.6258 2008.12.12 -
Ewido 4.0 2008.12.14 -
F-Prot 4.4.4.56 2008.12.14 -
F-Secure 8.0.14332.0 2008.12.15 -
Fortinet 3.117.0.0 2008.12.14 -
GData 19 2008.12.15 -
Ikarus T3.1.1.45.0 2008.12.15 Trojan-Clicker.Win32.Klik
K7AntiVirus 7.10.553 2008.12.13 -
Kaspersky 7.0.0.125 2008.12.15 -
McAfee 5464 2008.12.14 Generic FakeAlert.f
McAfee+Artemis 5464 2008.12.14 Generic FakeAlert.f
Microsoft 1.4205 2008.12.15 VirTool:Win32/Obfuscator.DO
NOD32 3691 2008.12.14 -
Norman 5.80.02 2008.12.12 -
Panda 9.0.0.4 2008.12.14 -
PCTools 4.4.2.0 2008.12.14 -
Prevx1 V2 2008.12.15 Cloaked Malware
Rising 21.08.01.00 2008.12.15 -
SecureWeb-Gateway 6.7.6 2008.12.15 -
Sophos 4.36.0 2008.12.15 Mal/EncPk-EQ
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.15 Trojan.Fakeavalert
TheHacker 6.3.1.4.188 2008.12.14 -
TrendMicro 8.700.0.1004 2008.12.15 -
VBA32 3.12.8.10 2008.12.14 -
ViRobot 2008.12.15.1518 2008.12.15 -
VirusBuster 4.5.11.0 2008.12.14 Trojan.FakeAlert.Gen!Pac.3


File wndutl32.dll received on 12.15.2008 11:46:11 (CET)


Antivirus Version Last Update Result
AhnLab-V3 2008.12.12.2 2008.12.15 -
AntiVir 7.9.0.45 2008.12.15 -
Authentium 5.1.0.4 2008.12.14 -
Avast 4.8.1281.0 2008.12.14 -
AVG 8.0.0.199 2008.12.14 -
BitDefender 7.2 2008.12.15 Packer.Malware.Lighty.F
CAT-QuickHeal 10.00 2008.12.15 -
ClamAV 0.94.1 2008.12.15 -
Comodo 754 2008.12.14 -
DrWeb 4.44.0.09170 2008.12.15 -
eSafe 7.0.17.0 2008.12.14 Suspicious File
eTrust-Vet 31.6.6261 2008.12.15 -
Ewido 4.0 2008.12.14 -
F-Prot 4.4.4.56 2008.12.14 -
F-Secure 8.0.14332.0 2008.12.15 -
Fortinet 3.117.0.0 2008.12.14 -
GData 19 2008.12.15 Packer.Malware.Lighty.F
Ikarus T3.1.1.45.0 2008.12.15 Trojan-Clicker.Win32.Klik
K7AntiVirus 7.10.553 2008.12.13 -
Kaspersky 7.0.0.125 2008.12.15 -
McAfee 5464 2008.12.14 -
McAfee+Artemis 5464 2008.12.14 -
Microsoft 1.4205 2008.12.15 TrojanDownloader:Win32/Renos
NOD32 3691 2008.12.14 -
Norman 5.80.02 2008.12.12 -
Panda 9.0.0.4 2008.12.14 -
PCTools 4.4.2.0 2008.12.14 -
Prevx1 V2 2008.12.15 Malicious Software
Rising 21.08.01.00 2008.12.15 -
SecureWeb-Gateway 6.7.6 2008.12.15 -
Sophos 4.36.0 2008.12.15 Mal/EncPk-EQ
Sunbelt 3.2.1801.2 2008.12.10 -
Symantec 10 2008.12.15 Trojan.Fakeavalert
TheHacker 6.3.1.4.188 2008.12.14 -
TrendMicro 8.700.0.1004 2008.12.15 -
VBA32 3.12.8.10 2008.12.14 -
ViRobot 2008.12.15.1518 2008.12.15 -
VirusBuster 4.5.11.0 2008.12.14 Trojan.FakeAlert.Gen!Pac.3


File a.exe received on 12.15.2008 11:50:48 (CET)


AhnLab-V3 2008.12.12.2 2008.12.15 -
AntiVir 7.9.0.45 2008.12.15 TR/Dropper.Gen
Authentium 5.1.0.4 2008.12.14 -
Avast 4.8.1281.0 2008.12.15 -
AVG 8.0.0.199 2008.12.14 -
BitDefender 7.2 2008.12.15 -
CAT-QuickHeal 10.00 2008.12.15 -
ClamAV 0.94.1 2008.12.15 -
Comodo 754 2008.12.14 -
DrWeb 4.44.0.09170 2008.12.15 -
eSafe 7.0.17.0 2008.12.14 Suspicious File
eTrust-Vet 31.6.6261 2008.12.15 -
Ewido 4.0 2008.12.14 -
F-Prot 4.4.4.56 2008.12.14 -
F-Secure 8.0.14332.0 2008.12.15 -
Fortinet 3.117.0.0 2008.12.14 -
GData 19 2008.12.15 -
Ikarus T3.1.1.45.0 2008.12.15 Trojan-Clicker.Win32.Klik
K7AntiVirus 7.10.553 2008.12.13 -
Kaspersky 7.0.0.125 2008.12.15 -
McAfee 5464 2008.12.14 Generic FakeAlert.f
McAfee+Artemis 5464 2008.12.14 Generic FakeAlert.f
Microsoft 1.4205 2008.12.15 TrojanDropper:Win32/Rooter.B
NOD32 3691 2008.12.14 -
Norman 5.80.02 2008.12.12 -
Panda 9.0.0.4 2008.12.14 -
PCTools 4.4.2.0 2008.12.14 -
Prevx1 V2 2008.12.15 Malicious Software
Rising 21.08.01.00 2008.12.15 -
SecureWeb-Gateway 6.7.6 2008.12.15 Trojan.Dropper.Gen
Sophos 4.36.0 2008.12.15 Mal/EncPk-EQ
Sunbelt 3.2.1801.2 2008.12.10 -
Symantec 10 2008.12.15 Trojan.Fakeavalert
TheHacker 6.3.1.4.188 2008.12.14 -
TrendMicro 8.700.0.1004 2008.12.15 -
VBA32 3.12.8.10 2008.12.14 -
ViRobot 2008.12.15.1518 2008.12.15 -
VirusBuster 4.5.11.0 2008.12.14 -

PavelA
15.12.2008, 16:20
Тема:http://virusinfo.info/showthread.php?t=35666
Ответ из ЛК: smss.exe_ - Trojan-Downloader.Win32.Small.ahfw (свежий)

Файл avz00002.dta получен 2008.12.15 10:22:32 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2008.12.12.2 2008.12.15 -
AntiVir 7.9.0.45 2008.12.15 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.12.14 W32/Heuristic-210!Eldorado
Avast 4.8.1281.0 2008.12.14 -
AVG 8.0.0.199 2008.12.14 Win32/Heur
BitDefender 7.2 2008.12.15 -
CAT-QuickHeal 10.00 2008.12.15 -
ClamAV 0.94.1 2008.12.15 Trojan.Delf-6581
Comodo 754 2008.12.14 -
DrWeb 4.44.0.09170 2008.12.15 -
eSafe 7.0.17.0 2008.12.14 Suspicious File
eTrust-Vet 31.6.6258 2008.12.12 -
Ewido 4.0 2008.12.14 -
F-Prot 4.4.4.56 2008.12.14 W32/Heuristic-210!Eldorado
F-Secure 8.0.14332.0 2008.12.15 Suspicious:W32/Malware!Gemini
Fortinet 3.117.0.0 2008.12.14 -
GData 19 2008.12.15 -
Ikarus T3.1.1.45.0 2008.12.15 -
K7AntiVirus 7.10.553 2008.12.13 -
Kaspersky 7.0.0.125 2008.12.15 -
McAfee 5464 2008.12.14 New Malware.ac
McAfee+Artemis 5464 2008.12.14 New Malware.ac
Microsoft 1.4205 2008.12.15 TrojanDownloader:Win32/VB.EE
NOD32 3691 2008.12.14 probably unknown NewHeur_PE
Norman 5.80.02 2008.12.12 -
Panda 9.0.0.4 2008.12.14 Suspicious file
PCTools 4.4.2.0 2008.12.14 -
Prevx1 V2 2008.12.15 Malicious Software
Rising 21.08.01.00 2008.12.15 -
SecureWeb-Gateway 6.7.6 2008.12.15 Trojan.Crypt.XPACK.Gen
Sophos 4.36.0 2008.12.15 Mal/EncPk-EW
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.15 -
TheHacker 6.3.1.4.188 2008.12.14 -
TrendMicro 8.700.0.1004 2008.12.15 -
VBA32 3.12.8.10 2008.12.14 -
ViRobot 2008.12.15.1517 2008.12.15 -
VirusBuster 4.5.11.0 2008.12.14 -

Дополнительная информация
File size: 13312 bytes
MD5...: 64fabb64d37b0fa3d6852b6a2bd9fed1

Pili
15.12.2008, 19:02
Src=C:\WINDOWS\system32\spool32.exe
Файл avz00001.dta получен 2008.12.15 16:50:28 (CET)

AhnLab-V3 2008.12.15.3 2008.12.15 -
AntiVir 7.9.0.45 2008.12.15 -
Authentium 5.1.0.4 2008.12.14 -
Avast 4.8.1281.0 2008.12.15 Win32:Oliga
AVG 8.0.0.199 2008.12.15 SHeur2.FKM
BitDefender 7.2 2008.12.15 -
CAT-QuickHeal 10.00 2008.12.15 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.12.15 -
Comodo 754 2008.12.14 -
DrWeb 4.44.0.09170 2008.12.15 -
eSafe 7.0.17.0 2008.12.15 Suspicious File
eTrust-Vet 31.6.6261 2008.12.15 -
Ewido 4.0 2008.12.15 -
F-Prot 4.4.4.56 2008.12.14 -
F-Secure 8.0.14332.0 2008.12.15 Trojan.Win32.Monder.aaxz
Fortinet 3.117.0.0 2008.12.14 suspicious
GData 19 2008.12.15 Win32:Oliga
Ikarus T3.1.1.45.0 2008.12.15 -
K7AntiVirus 7.10.553 2008.12.13 -
Kaspersky 7.0.0.125 2008.12.15 Trojan.Win32.Monder.aaxz
McAfee 5464 2008.12.14 New Malware.bx
McAfee+Artemis 5464 2008.12.14 New Malware.bx
Microsoft 1.4205 2008.12.15 -
NOD32 3692 2008.12.15 -
Norman 5.80.02 2008.12.12 W32/Vundo.FQN
Panda 9.0.0.4 2008.12.15 Suspicious file
PCTools 4.4.2.0 2008.12.15 -
Prevx1 V2 2008.12.15 -
Rising 21.08.02.00 2008.12.15 -
SecureWeb-Gateway 6.7.6 2008.12.15 Win32.Malware.gen (suspicious)
Sophos 4.36.0 2008.12.15 Mal/EncPk-FS
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.15 -
TheHacker 6.3.1.4.188 2008.12.14 -
TrendMicro 8.700.0.1004 2008.12.15 PAK_Generic.001
VBA32 3.12.8.10 2008.12.15 -
ViRobot 2008.12.15.1518 2008.12.15 -
VirusBuster 4.5.11.0 2008.12.15 -

Дополнительная информация
File size: 140127 bytes
MD5...: e69dd9605856b2ee189e7ab3be0bc83d

Shu_b
16.12.2008, 11:37
File sdllib.dll received on 12.16.2008 08:58:38 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.16.2 2008.12.16 -
AntiVir 7.9.0.45 2008.12.15 -
Authentium 5.1.0.4 2008.12.16 -
Avast 4.8.1281.0 2008.12.15 Win32:Hexzone-U
AVG 8.0.0.199 2008.12.15 Adload_r.FF
BitDefender 7.2 2008.12.16 -
CAT-QuickHeal 10.00 2008.12.16 -
ClamAV 0.94.1 2008.12.16 -
Comodo 760 2008.12.15 -
DrWeb 4.44.0.09170 2008.12.16 Trojan.Blackmailer.origin
eSafe 7.0.17.0 2008.12.15 -
eTrust-Vet 31.6.6262 2008.12.16 -
Ewido 4.0 2008.12.15 -
F-Prot 4.4.4.56 2008.12.15 W32/Hexzone.B.gen!Eldorado
F-Secure 8.0.14332.0 2008.12.16 -
Fortinet 3.117.0.0 2008.12.16 -
GData 19 2008.12.16 Win32:Hexzone-U
Ikarus T3.1.1.45.0 2008.12.16 Trojan-Ransom.Win32.Hexzone
K7AntiVirus 7.10.554 2008.12.15 -
Kaspersky 7.0.0.125 2008.12.16 -
McAfee 5465 2008.12.15 -
McAfee+Artemis 5465 2008.12.15 -
Microsoft 1.4205 2008.12.16 -
NOD32 3694 2008.12.15 -
Norman 5.80.02 2008.12.15 -
Panda 9.0.0.4 2008.12.15 -
PCTools 4.4.2.0 2008.12.15 -
Prevx1 V2 2008.12.16 -
Rising 21.08.11.00 2008.12.16 -
SecureWeb-Gateway 6.7.6 2008.12.15 -
Sophos 4.36.0 2008.12.16 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.16 -
TheHacker 6.3.1.4.189 2008.12.16 -
TrendMicro 8.700.0.1004 2008.12.16 -
VBA32 3.12.8.10 2008.12.15 -
ViRobot 2008.12.16.1520 2008.12.16 -
VirusBuster 4.5.11.0 2008.12.15 -
Additional information
File size: 316928 bytes
MD5...: 1263fba1d0e14cdabeb3ba4b5796792c

Добавлено через 2 минуты

Src=c:\windows\system32\drivers\winlogon.exe
File winlogon.exe received on 12.16.2008 08:52:59 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.16.2 2008.12.16 Win32/IRCBot.worm.variant
AntiVir 7.9.0.45 2008.12.15 -
Authentium 5.1.0.4 2008.12.16 W32/Backdoor2.DGZN
Avast 4.8.1281.0 2008.12.15 -
AVG 8.0.0.199 2008.12.15 Win32/Heur
BitDefender 7.2 2008.12.16 DeepScan:Generic.Sdbot.936847E5
CAT-QuickHeal 10.00 2008.12.16 Backdoor.SdBot.ifq
ClamAV 0.94.1 2008.12.16 Trojan.SdBot-9776
Comodo 760 2008.12.15 -
DrWeb 4.44.0.09170 2008.12.16 -
eSafe 7.0.17.0 2008.12.15 -
eTrust-Vet 31.6.6262 2008.12.16 -
Ewido 4.0 2008.12.15 -
F-Prot 4.4.4.56 2008.12.15 W32/Backdoor2.DGZN
F-Secure 8.0.14332.0 2008.12.16 Suspicious:W32/Malware!Gemini
Fortinet 3.117.0.0 2008.12.16 -
GData 19 2008.12.16 DeepScan:Generic.Sdbot.936847E5
Ikarus T3.1.1.45.0 2008.12.16 -
K7AntiVirus 7.10.554 2008.12.15 -
Kaspersky 7.0.0.125 2008.12.16 -
McAfee 5465 2008.12.15 New Poly Win32
McAfee+Artemis 5465 2008.12.15 New Poly Win32
Microsoft 1.4205 2008.12.16 Exploit:Win32/Lsass.gen
NOD32 3694 2008.12.15 probably a variant of Win32/Packed.Themida
Norman 5.80.02 2008.12.15 -
Panda 9.0.0.4 2008.12.15 Suspicious file
PCTools 4.4.2.0 2008.12.15 -
Prevx1 V2 2008.12.16 -
Rising 21.08.11.00 2008.12.16 -
SecureWeb-Gateway 6.7.6 2008.12.15 Win32.Malware.gen!84 (suspicious)
Sophos 4.36.0 2008.12.16 Sus/UnkPacker
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.16 -
TheHacker 6.3.1.4.189 2008.12.16 -
TrendMicro 8.700.0.1004 2008.12.16 -
VBA32 3.12.8.10 2008.12.15 -
ViRobot 2008.12.16.1520 2008.12.16 Backdoor.Win32.IRCBot.709632
VirusBuster 4.5.11.0 2008.12.15 Backdoor.SdBot.ACTL
Additional information
File size: 709632 bytes
MD5...: 3e1923216a98a3624ae0d311293bd47e

Добавлено через 17 минут

File rs32net.exe received on 12.16.2008 09:13:38 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.16.2 2008.12.16 -
AntiVir 7.9.0.45 2008.12.15 TR/Dropper.Gen
Authentium 5.1.0.4 2008.12.16 -
Avast 4.8.1281.0 2008.12.15 -
AVG 8.0.0.199 2008.12.15 -
BitDefender 7.2 2008.12.16 -
CAT-QuickHeal 10.00 2008.12.16 -
ClamAV 0.94.1 2008.12.16 -
Comodo 760 2008.12.15 -
DrWeb 4.44.0.09170 2008.12.16 -
eSafe 7.0.17.0 2008.12.15 -
eTrust-Vet 31.6.6262 2008.12.16 -
Ewido 4.0 2008.12.15 -
F-Prot 4.4.4.56 2008.12.15 -
F-Secure 8.0.14332.0 2008.12.16 Trojan.Win32.Agent.avhd
Fortinet 3.117.0.0 2008.12.16 -
GData 19 2008.12.16 -
Ikarus T3.1.1.45.0 2008.12.16 Trojan.Win32.Agent
K7AntiVirus 7.10.554 2008.12.15 -
Kaspersky 7.0.0.125 2008.12.16 Trojan.Win32.Agent.avhd
McAfee 5465 2008.12.15 -
McAfee+Artemis 5465 2008.12.15 Generic!Artemis
Microsoft 1.4205 2008.12.16 -
NOD32 3694 2008.12.15 -
Norman 5.80.02 2008.12.15 -
Panda 9.0.0.4 2008.12.15 -
PCTools 4.4.2.0 2008.12.15 -
Prevx1 V2 2008.12.16 Cloaked Malware
Rising 21.08.11.00 2008.12.16 -
SecureWeb-Gateway 6.7.6 2008.12.15 Trojan.Dropper.Gen
Sophos 4.36.0 2008.12.16 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.16 -
TheHacker 6.3.1.4.189 2008.12.16 Trojan/Agent.avhd
TrendMicro 8.700.0.1004 2008.12.16 -
VBA32 3.12.8.10 2008.12.15 Malware-Cryptor.Win32.Kefir
ViRobot 2008.12.16.1520 2008.12.16 -
VirusBuster 4.5.11.0 2008.12.15 Trojan.DR.Protector.A
Additional information
File size: 22528 bytes
MD5...: 7e19ef46397d95497f30432cda342046

Добавлено через 7 минут

File ~tmpc.exe received on 12.16.2008 09:13:08 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.16.2 2008.12.16 -
AntiVir 7.9.0.45 2008.12.15 -
Authentium 5.1.0.4 2008.12.16 -
Avast 4.8.1281.0 2008.12.15 -
AVG 8.0.0.199 2008.12.15 Win32/Cryptor
BitDefender 7.2 2008.12.16 -
CAT-QuickHeal 10.00 2008.12.16 TrojanDownloader.Agent.gen
ClamAV 0.94.1 2008.12.16 -
Comodo 760 2008.12.15 TrojWare.Win32.Trojan.Agent.~
DrWeb 4.44.0.09170 2008.12.16 -
eSafe 7.0.17.0 2008.12.15 -
eTrust-Vet 31.6.6262 2008.12.16 -
Ewido 4.0 2008.12.15 -
F-Prot 4.4.4.56 2008.12.15 -
F-Secure 8.0.14332.0 2008.12.16 -
Fortinet 3.117.0.0 2008.12.16 -
GData 19 2008.12.16 -
Ikarus T3.1.1.45.0 2008.12.16 -
K7AntiVirus 7.10.554 2008.12.15 -
Kaspersky 7.0.0.125 2008.12.16 Trojan.Win32.FraudPack.hws
McAfee 5465 2008.12.15 -
McAfee+Artemis 5465 2008.12.15 -
Microsoft 1.4205 2008.12.16 TrojanDownloader:Win32/Renos.FM
NOD32 3694 2008.12.15 a variant of Win32/Kryptik.CU
Norman 5.80.02 2008.12.15 -
Panda 9.0.0.4 2008.12.15 -
PCTools 4.4.2.0 2008.12.15 -
Prevx1 V2 2008.12.16 Malware Downloader
Rising 21.08.11.00 2008.12.16 -
SecureWeb-Gateway 6.7.6 2008.12.15 Trojan.LooksLike.Proxy
Sophos 4.36.0 2008.12.16 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.16 Trojan Horse
TheHacker 6.3.1.4.189 2008.12.16 -
TrendMicro 8.700.0.1004 2008.12.16 -
VBA32 3.12.8.10 2008.12.15 -
ViRobot 2008.12.16.1520 2008.12.16 -
VirusBuster 4.5.11.0 2008.12.15 -
Additional information
File size: 81920 bytes
MD5...: edeea2b8b2a6e9de437cf05e4039bbbe

Добавлено через 1 минуту

File ~tmpb.exe received on 12.16.2008 09:12:41 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.16.2 2008.12.16 -
AntiVir 7.9.0.45 2008.12.15 TR/FraudPack.huv
Authentium 5.1.0.4 2008.12.16 -
Avast 4.8.1281.0 2008.12.15 -
AVG 8.0.0.199 2008.12.15 Win32/Cryptor
BitDefender 7.2 2008.12.16 -
CAT-QuickHeal 10.00 2008.12.16 TrojanDownloader.Agent.gen
ClamAV 0.94.1 2008.12.16 -
Comodo 760 2008.12.15 -
DrWeb 4.44.0.09170 2008.12.16 -
eSafe 7.0.17.0 2008.12.15 -
eTrust-Vet 31.6.6262 2008.12.16 -
Ewido 4.0 2008.12.15 -
F-Prot 4.4.4.56 2008.12.14 -
F-Secure 8.0.14332.0 2008.12.16 -
Fortinet 3.117.0.0 2008.12.16 -
GData 19 2008.12.16 -
Ikarus T3.1.1.45.0 2008.12.16 -
K7AntiVirus 7.10.554 2008.12.15 -
Kaspersky 7.0.0.125 2008.12.16 Trojan.Win32.FraudPack.hvz
McAfee 5465 2008.12.15 -
McAfee+Artemis 5465 2008.12.15 -
Microsoft 1.4205 2008.12.16 TrojanDownloader:Win32/Renos.DZ
NOD32 3694 2008.12.15 a variant of Win32/Kryptik.CU
Norman 5.80.02 2008.12.15 -
Panda 9.0.0.4 2008.12.15 -
PCTools 4.4.2.0 2008.12.15 -
Prevx1 V2 2008.12.16 -
Rising 21.08.11.00 2008.12.16 -
SecureWeb-Gateway 6.7.6 2008.12.15 Trojan.FraudPack.huv
Sophos 4.36.0 2008.12.16 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.16 Downloader
TheHacker 6.3.1.4.189 2008.12.16 -
TrendMicro 8.700.0.1004 2008.12.16 -
VBA32 3.12.8.10 2008.12.15 -
ViRobot 2008.12.16.1520 2008.12.16 -
VirusBuster 4.5.11.0 2008.12.15 -
Additional information
File size: 86020 bytes
MD5...: 047f6fce96752b7d991c4cc178936a7a

Добавлено через 2 минуты

File userinit.exe received on 12.16.2008 09:12:11 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.16.2 2008.12.16 -
AntiVir 7.9.0.45 2008.12.15 -
Authentium 5.1.0.4 2008.12.16 -
Avast 4.8.1281.0 2008.12.15 -
AVG 8.0.0.199 2008.12.15 -
BitDefender 7.2 2008.12.16 -
CAT-QuickHeal 10.00 2008.12.16 -
ClamAV 0.94.1 2008.12.16 -
Comodo 760 2008.12.15 -
DrWeb 4.44.0.09170 2008.12.16 -
eSafe 7.0.17.0 2008.12.15 Suspicious File
eTrust-Vet 31.6.6262 2008.12.16 -
Ewido 4.0 2008.12.15 -
F-Prot 4.4.4.56 2008.12.15 -
F-Secure 8.0.14332.0 2008.12.16 -
Fortinet 3.117.0.0 2008.12.16 -
GData 19 2008.12.16 -
Ikarus T3.1.1.45.0 2008.12.16 -
K7AntiVirus 7.10.554 2008.12.15 -
Kaspersky 7.0.0.125 2008.12.16 -
McAfee 5465 2008.12.15 -
McAfee+Artemis 5465 2008.12.15 -
Microsoft 1.4205 2008.12.16 -
NOD32 3694 2008.12.15 -
Norman 5.80.02 2008.12.15 -
Panda 9.0.0.4 2008.12.15 -
PCTools 4.4.2.0 2008.12.15 -
Prevx1 V2 2008.12.16 Cloaked Malware
Rising 21.08.11.00 2008.12.16 -
SecureWeb-Gateway 6.7.6 2008.12.15 -
Sophos 4.36.0 2008.12.16 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.16 -
TheHacker 6.3.1.4.189 2008.12.16 -
TrendMicro 8.700.0.1004 2008.12.16 -
VBA32 3.12.8.10 2008.12.15 suspected of Malware-Cryptor.Win32.General.4
ViRobot 2008.12.16.1520 2008.12.16 -
VirusBuster 4.5.11.0 2008.12.15 -
Additional information
File size: 32768 bytes
MD5...: d57614424f0b8ce32c238195eece7586

Добавлено через 1 минуту

File svchost.exe received on 12.16.2008 09:11:53 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.16.2 2008.12.16 -
AntiVir 7.9.0.45 2008.12.15 -
Authentium 5.1.0.4 2008.12.16 -
Avast 4.8.1281.0 2008.12.15 -
AVG 8.0.0.199 2008.12.15 -
BitDefender 7.2 2008.12.16 -
CAT-QuickHeal 10.00 2008.12.16 -
ClamAV 0.94.1 2008.12.16 -
Comodo 760 2008.12.15 -
DrWeb 4.44.0.09170 2008.12.16 -
eSafe 7.0.17.0 2008.12.15 Suspicious File
eTrust-Vet 31.6.6262 2008.12.16 -
Ewido 4.0 2008.12.15 -
F-Prot 4.4.4.56 2008.12.15 -
F-Secure 8.0.14332.0 2008.12.16 -
Fortinet 3.117.0.0 2008.12.16 -
GData 19 2008.12.16 -
Ikarus T3.1.1.45.0 2008.12.16 -
K7AntiVirus 7.10.554 2008.12.15 -
Kaspersky 7.0.0.125 2008.12.16 P2P-Worm.Win32.Agent.hw
McAfee 5465 2008.12.15 -
McAfee+Artemis 5465 2008.12.15 -
Microsoft 1.4205 2008.12.16 -
NOD32 3694 2008.12.15 -
Norman 5.80.02 2008.12.15 -
Panda 9.0.0.4 2008.12.15 -
PCTools 4.4.2.0 2008.12.15 -
Prevx1 V2 2008.12.16 Cloaked Malware
Rising 21.08.11.00 2008.12.16 -
SecureWeb-Gateway 6.7.6 2008.12.15 -
Sophos 4.36.0 2008.12.16 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.16 -
TheHacker 6.3.1.4.189 2008.12.16 -
TrendMicro 8.700.0.1004 2008.12.16 -
VBA32 3.12.8.10 2008.12.15 suspected of Malware-Cryptor.Win32.General.3
ViRobot 2008.12.16.1520 2008.12.16 -
VirusBuster 4.5.11.0 2008.12.15 -
Additional information
File size: 31744 bytes
MD5...: 9c8adb9f7f66f0a88ca866b993f42c22

Добавлено через 1 минуту

File ntndis.exe received on 12.16.2008 09:10:23 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.16.2 2008.12.16 -
AntiVir 7.9.0.45 2008.12.15 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.12.16 W32/LdPinch.N.gen!Eldorado
Avast 4.8.1281.0 2008.12.15 -
AVG 8.0.0.199 2008.12.15 Worm/AutoRun.CL
BitDefender 7.2 2008.12.16 GenPack:Backdoor.SDBot.DETV
CAT-QuickHeal 10.00 2008.12.16 -
ClamAV 0.94.1 2008.12.16 -
Comodo 760 2008.12.15 -
DrWeb 4.44.0.09170 2008.12.16 -
eSafe 7.0.17.0 2008.12.15 Suspicious File
eTrust-Vet 31.6.6262 2008.12.16 -
Ewido 4.0 2008.12.15 -
F-Prot 4.4.4.56 2008.12.14 W32/LdPinch.N.gen!Eldorado
F-Secure 8.0.14332.0 2008.12.16 Suspicious:W32/Malware!Gemini
Fortinet 3.117.0.0 2008.12.16 suspicious
GData 19 2008.12.16 GenPack:Backdoor.SDBot.DETV
Ikarus T3.1.1.45.0 2008.12.16 -
K7AntiVirus 7.10.554 2008.12.15 -
Kaspersky 7.0.0.125 2008.12.16 -
McAfee 5465 2008.12.15 -
McAfee+Artemis 5465 2008.12.15 -
Microsoft 1.4205 2008.12.16 -
NOD32 3694 2008.12.15 -
Norman 5.80.02 2008.12.15 -
Panda 9.0.0.4 2008.12.15 -
PCTools 4.4.2.0 2008.12.15 -
Prevx1 V2 2008.12.16 -
Rising 21.08.11.00 2008.12.16 -
SecureWeb-Gateway 6.7.6 2008.12.15 Trojan.Crypt.XPACK.Gen
Sophos 4.36.0 2008.12.16 Mal/Basine-C
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.16 -
TheHacker 6.3.1.4.189 2008.12.16 -
TrendMicro 8.700.0.1004 2008.12.16 -
VBA32 3.12.8.10 2008.12.15 -
ViRobot 2008.12.16.1520 2008.12.16 -
VirusBuster 4.5.11.0 2008.12.15 -
Additional information
File size: 40107 bytes
MD5...: 70ca8199611e79ed9b1422e0df83f628

Shu_b
17.12.2008, 17:25
File KB908665.exe received on 12.17.2008 15:21:39 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.17.3 2008.12.17 -
AntiVir 7.9.0.45 2008.12.17 TR/Dropper.Gen
Authentium 5.1.0.4 2008.12.17 -
Avast 4.8.1281.0 2008.12.17 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.12.17 Win32/Heur
BitDefender 7.2 2008.12.17 Trojan.Dropper.Kobcka.FE
CAT-QuickHeal 10.00 2008.12.17 -
ClamAV 0.94.1 2008.12.17 -
Comodo 771 2008.12.17 -
DrWeb 4.44.0.09170 2008.12.17 -
eSafe 7.0.17.0 2008.12.16 -
eTrust-Vet 31.6.6265 2008.12.17 -
Ewido 4.0 2008.12.17 -
F-Prot 4.4.4.56 2008.12.17 -
F-Secure 8.0.14332.0 2008.12.17 -
Fortinet 3.117.0.0 2008.12.17 -
GData 19 2008.12.17 Trojan.Dropper.Kobcka.FE
Ikarus T3.1.1.45.0 2008.12.17 -
K7AntiVirus 7.10.556 2008.12.17 -
Kaspersky 7.0.0.125 2008.12.17 -
McAfee 5466 2008.12.16 -
McAfee+Artemis 5466 2008.12.16 Generic!Artemis
Microsoft 1.4205 2008.12.17 -
NOD32 3698 2008.12.17 a variant of Win32/Wigon
Norman 5.80.02 2008.12.16 -
Panda 9.0.0.4 2008.12.17 -
PCTools 4.4.2.0 2008.12.17 -
Prevx1 V2 2008.12.17 -
Rising 21.08.22.00 2008.12.17 -
SecureWeb-Gateway 6.7.6 2008.12.17 Trojan.Dropper.Gen
Sophos 4.37.0 2008.12.17 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.17 -
TheHacker 6.3.1.4.189 2008.12.16 -
TrendMicro 8.700.0.1004 2008.12.17 -
VBA32 3.12.8.10 2008.12.16 -
ViRobot 2008.12.17.1523 2008.12.17 -
VirusBuster 4.5.11.0 2008.12.16 -
Additional information
File size: 14848 bytes
MD5...: 9d874acad44489cbf918882a696e9ff4

Pili
18.12.2008, 10:14
Файл services.exe получен 2008.12.18 08:11:07 (CET)


AhnLab-V3 2008.12.17.3 2008.12.18 -
AntiVir 7.9.0.45 2008.12.17 TR/Dropper.Gen
Authentium 5.1.0.4 2008.12.18 -
Avast 4.8.1281.0 2008.12.17 Win32:Crypt-DGD
AVG 8.0.0.199 2008.12.17 BackDoor.Generic_r.EA
BitDefender 7.2 2008.12.18 Trojan.Spammer.Tedroo.AV
CAT-QuickHeal 10.00 2008.12.18 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.12.18 -
Comodo 771 2008.12.17 -
DrWeb 4.44.0.09170 2008.12.17 -
eSafe 7.0.17.0 2008.12.17 -
eTrust-Vet 31.6.6266 2008.12.18 -
Ewido 4.0 2008.12.17 -
F-Prot 4.4.4.56 2008.12.17 -
F-Secure 8.0.14332.0 2008.12.18 -
Fortinet 3.117.0.0 2008.12.18 -
GData 19 2008.12.18 Win32:Crypt-DGD
Ikarus T3.1.1.45.0 2008.12.18 -
K7AntiVirus 7.10.556 2008.12.17 -
Kaspersky 7.0.0.125 2008.12.18 -
McAfee 5467 2008.12.17 -
McAfee+Artemis 5467 2008.12.17 -
Microsoft 1.4205 2008.12.18 -
NOD32 3700 2008.12.17 a variant of Win32/Injector.DO
Norman 5.80.02 2008.12.17 -
Panda 9.0.0.4 2008.12.18 -
PCTools 4.4.2.0 2008.12.17 -
Prevx1 V2 2008.12.18 -
Rising 21.08.30.00 2008.12.18 -
SecureWeb-Gateway 6.7.6 2008.12.17 Trojan.Dropper.Gen
Sophos 4.37.0 2008.12.18 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.18 -
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.18 -
VBA32 3.12.8.10 2008.12.17 -
ViRobot 2008.12.18.1524 2008.12.18 -
VirusBuster 4.5.11.0 2008.12.17 -
Дополнительная информация
File size: 42496 bytes
MD5...: d059090e5fd545e21eaf6f4f0971555e

Shu_b
18.12.2008, 10:49
File rs32net.exe received on 12.18.2008 08:32:15 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.17.3 2008.12.18 -
AntiVir 7.9.0.45 2008.12.17 TR/Dropper.Gen
Authentium 5.1.0.4 2008.12.18 -
Avast 4.8.1281.0 2008.12.17 -
AVG 8.0.0.199 2008.12.17 -
BitDefender 7.2 2008.12.18 -
CAT-QuickHeal 10.00 2008.12.18 -
ClamAV 0.94.1 2008.12.18 -
Comodo 771 2008.12.17 -
DrWeb 4.44.0.09170 2008.12.17 -
eSafe 7.0.17.0 2008.12.17 -
eTrust-Vet 31.6.6266 2008.12.18 -
Ewido 4.0 2008.12.17 -
F-Prot 4.4.4.56 2008.12.17 -
F-Secure 8.0.14332.0 2008.12.18 -
Fortinet 3.117.0.0 2008.12.18 -
GData 19 2008.12.18 -
Ikarus T3.1.1.45.0 2008.12.18 -
K7AntiVirus 7.10.556 2008.12.17 -
Kaspersky 7.0.0.125 2008.12.18 -
McAfee 5467 2008.12.17 -
McAfee+Artemis 5467 2008.12.17 -
Microsoft 1.4205 2008.12.18 -
NOD32 3700 2008.12.17 -
Norman 5.80.02 2008.12.17 -
Panda 9.0.0.4 2008.12.17 -
PCTools 4.4.2.0 2008.12.17 -
Prevx1 V2 2008.12.18 Cloaked Malware
Rising 21.08.30.00 2008.12.18 -
SecureWeb-Gateway 6.7.6 2008.12.18 Trojan.Dropper.Gen
Sophos 4.37.0 2008.12.18 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.18 -
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.18 -
VBA32 3.12.8.10 2008.12.17 -
ViRobot 2008.12.18.1524 2008.12.18 -
VirusBuster 4.5.11.0 2008.12.17 -
Additional information
File size: 22528 bytes
MD5...: 3f57bfc5720636570e8d6aebac6f207b

Добавлено через 1 минуту

File vqolquurbqr.dll received on 12.18.2008 08:28:36 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.17.3 2008.12.18 -
AntiVir 7.9.0.45 2008.12.17 -
Authentium 5.1.0.4 2008.12.18 -
Avast 4.8.1281.0 2008.12.17 -
AVG 8.0.0.199 2008.12.17 -
BitDefender 7.2 2008.12.18 -
CAT-QuickHeal 10.00 2008.12.18 -
ClamAV 0.94.1 2008.12.18 -
Comodo 771 2008.12.17 -
DrWeb 4.44.0.09170 2008.12.17 -
eSafe 7.0.17.0 2008.12.17 -
eTrust-Vet 31.6.6266 2008.12.18 -
Ewido 4.0 2008.12.17 -
F-Prot 4.4.4.56 2008.12.17 -
F-Secure 8.0.14332.0 2008.12.18 -
Fortinet 3.117.0.0 2008.12.18 -
GData 19 2008.12.18 -
Ikarus T3.1.1.45.0 2008.12.18 -
K7AntiVirus 7.10.556 2008.12.17 -
Kaspersky 7.0.0.125 2008.12.18 -
McAfee 5467 2008.12.17 -
McAfee+Artemis 5467 2008.12.17 -
Microsoft 1.4205 2008.12.18 -
NOD32 3700 2008.12.17 -
Norman 5.80.02 2008.12.17 -
Panda 9.0.0.4 2008.12.17 -
PCTools 4.4.2.0 2008.12.17 -
Prevx1 V2 2008.12.18 -
Rising 21.08.30.00 2008.12.18 -
SecureWeb-Gateway 6.7.6 2008.12.18 -
Sophos 4.37.0 2008.12.18 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.18 -
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.18 -
VBA32 3.12.8.10 2008.12.17 -
ViRobot 2008.12.18.1524 2008.12.18 -
VirusBuster 4.5.11.0 2008.12.17 -
Additional information
File size: 384512 bytes
MD5...: 552c752e717efcd9bda0e75e59195c10

Добавлено через 1 минуту

File winhelp32.exe received on 12.18.2008 08:22:44 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.17.3 2008.12.18 -
AntiVir 7.9.0.45 2008.12.17 -
Authentium 5.1.0.4 2008.12.18 W32/NaviPromo.B.gen!Eldorado
Avast 4.8.1281.0 2008.12.17 -
AVG 8.0.0.199 2008.12.17 -
BitDefender 7.2 2008.12.18 -
CAT-QuickHeal 10.00 2008.12.18 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.12.18 -
Comodo 771 2008.12.17 -
DrWeb 4.44.0.09170 2008.12.17 -
eSafe 7.0.17.0 2008.12.17 Suspicious File
eTrust-Vet 31.6.6266 2008.12.18 -
Ewido 4.0 2008.12.17 -
F-Prot 4.4.4.56 2008.12.17 W32/NaviPromo.B.gen!Eldorado
F-Secure 8.0.14332.0 2008.12.18 Trojan-Dropper.Win32.Agent.abph
Fortinet 3.117.0.0 2008.12.18 W32/Agent.ABPH!tr
GData 19 2008.12.18 -
Ikarus T3.1.1.45.0 2008.12.18 Trojan-Dropper.Agent
K7AntiVirus 7.10.556 2008.12.17 -
Kaspersky 7.0.0.125 2008.12.18 Trojan-Dropper.Win32.Agent.abph
McAfee 5467 2008.12.17 -
McAfee+Artemis 5467 2008.12.17 -
Microsoft 1.4205 2008.12.18 -
NOD32 3700 2008.12.17 -
Norman 5.80.02 2008.12.17 -
Panda 9.0.0.4 2008.12.18 Suspicious file
PCTools 4.4.2.0 2008.12.17 -
Prevx1 V2 2008.12.18 -
Rising 21.08.30.00 2008.12.18 -
SecureWeb-Gateway 6.7.6 2008.12.18 -
Sophos 4.37.0 2008.12.18 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.18 -
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.18 -
VBA32 3.12.8.10 2008.12.17 -
ViRobot 2008.12.18.1524 2008.12.18 -
VirusBuster 4.5.11.0 2008.12.17 -
Additional information
File size: 359944 bytes

Добавлено через 2 минуты

File tdll.dll received on 12.18.2008 08:22:30 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.17.3 2008.12.18 -
AntiVir 7.9.0.45 2008.12.17 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.12.18 -
Avast 4.8.1281.0 2008.12.17 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.12.17 -
BitDefender 7.2 2008.12.18 Trojan.Inject.IA
CAT-QuickHeal 10.00 2008.12.18 -
ClamAV 0.94.1 2008.12.18 -
Comodo 771 2008.12.17 -
DrWeb 4.44.0.09170 2008.12.17 -
eSafe 7.0.17.0 2008.12.17 Suspicious File
eTrust-Vet 31.6.6266 2008.12.18 -
Ewido 4.0 2008.12.17 -
F-Prot 4.4.4.56 2008.12.17 -
F-Secure 8.0.14332.0 2008.12.18 Trojan.Win32.Inject.lmo
Fortinet 3.117.0.0 2008.12.18 -
GData 19 2008.12.18 Trojan.Inject.IA
Ikarus T3.1.1.45.0 2008.12.18 Spammer
K7AntiVirus 7.10.556 2008.12.17 -
Kaspersky 7.0.0.125 2008.12.18 Trojan.Win32.Inject.lmo
McAfee 5467 2008.12.17 -
McAfee+Artemis 5467 2008.12.17 -
Microsoft 1.4205 2008.12.18 Spammer:Win32/Cutwail.gen!B
NOD32 3700 2008.12.17 -
Norman 5.80.02 2008.12.17 -
Panda 9.0.0.4 2008.12.18 -
PCTools 4.4.2.0 2008.12.17 -
Prevx1 V2 2008.12.18 -
Rising 21.08.30.00 2008.12.18 -
SecureWeb-Gateway 6.7.6 2008.12.18 Trojan.Crypt.XPACK.Gen
Sophos 4.37.0 2008.12.18 -
Sunbelt 3.2.1801.2 2008.12.11 -
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.18 -
VBA32 3.12.8.10 2008.12.17 -
ViRobot 2008.12.18.1524 2008.12.18 -
VirusBuster 4.5.11.0 2008.12.17 -
Additional information
File size: 67194 bytes
MD5...: d3a053084671cb4eb145b248aab4e7a3

Добавлено через 1 минуту

File vmmreg32.dll received on 12.18.2008 08:22:13 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.17.3 2008.12.18 -
AntiVir 7.9.0.45 2008.12.17 TR/Drop.Agent.abph
Authentium 5.1.0.4 2008.12.18 -
Avast 4.8.1281.0 2008.12.17 -
AVG 8.0.0.199 2008.12.17 -
BitDefender 7.2 2008.12.18 -
CAT-QuickHeal 10.00 2008.12.18 -
ClamAV 0.94.1 2008.12.18 -
Comodo 771 2008.12.17 -
DrWeb 4.44.0.09170 2008.12.17 -
eSafe 7.0.17.0 2008.12.17 Suspicious File
eTrust-Vet 31.6.6266 2008.12.18 -
Ewido 4.0 2008.12.17 -
F-Prot 4.4.4.56 2008.12.17 -
F-Secure 8.0.14332.0 2008.12.18 Trojan-Dropper.Win32.Agent.abph
Fortinet 3.117.0.0 2008.12.18 W32/Agent.ABPH!tr
GData 19 2008.12.18 -
Ikarus T3.1.1.45.0 2008.12.18 Trojan-Dropper.Agent
K7AntiVirus 7.10.556 2008.12.17 -
Kaspersky 7.0.0.125 2008.12.18 Trojan-Dropper.Win32.Agent.abph
McAfee 5467 2008.12.17 -
McAfee+Artemis 5467 2008.12.17 -
Microsoft 1.4205 2008.12.18 -
NOD32 3700 2008.12.17 -
Norman 5.80.02 2008.12.17 -
Panda 9.0.0.4 2008.12.17 Suspicious file
PCTools 4.4.2.0 2008.12.17 -
Prevx1 V2 2008.12.18 -
Rising 21.08.30.00 2008.12.18 -
SecureWeb-Gateway 6.7.6 2008.12.18 Trojan.Drop.Agent.abph
Sophos 4.37.0 2008.12.18 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.18 -
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.18 -
VBA32 3.12.8.10 2008.12.17 -
ViRobot 2008.12.18.1524 2008.12.18 -
VirusBuster 4.5.11.0 2008.12.17 -
Additional information
File size: 219144 bytes
MD5...: 0f06783162341a6f3fe0fba25f310215

Добавлено через 1 минуту

File vmi386.sys received on 12.18.2008 08:21:22 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.17.3 2008.12.18 -
AntiVir 7.9.0.45 2008.12.17 TR/Dropper.Gen
Authentium 5.1.0.4 2008.12.18 -
Avast 4.8.1281.0 2008.12.17 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.12.17 -
BitDefender 7.2 2008.12.18 -
CAT-QuickHeal 10.00 2008.12.18 -
ClamAV 0.94.1 2008.12.18 -
Comodo 771 2008.12.17 -
DrWeb 4.44.0.09170 2008.12.17 Trojan.Packed.1228
eSafe 7.0.17.0 2008.12.17 -
eTrust-Vet 31.6.6266 2008.12.18 -
Ewido 4.0 2008.12.17 -
F-Prot 4.4.4.56 2008.12.17 -
F-Secure 8.0.14332.0 2008.12.18 Trojan.Win32.Pakes.mfj
Fortinet 3.117.0.0 2008.12.18 -
GData 19 2008.12.18 Win32:Trojan-gen {Other}
Ikarus T3.1.1.45.0 2008.12.18 Trojan.Win32.Pakes
K7AntiVirus 7.10.556 2008.12.17 -
Kaspersky 7.0.0.125 2008.12.18 Trojan.Win32.Pakes.mfj
McAfee 5467 2008.12.17 -
McAfee+Artemis 5467 2008.12.17 Generic!Artemis
Microsoft 1.4205 2008.12.18 -
NOD32 3700 2008.12.17 -
Norman 5.80.02 2008.12.17 -
Panda 9.0.0.4 2008.12.18 -
PCTools 4.4.2.0 2008.12.17 -
Prevx1 V2 2008.12.18 Malicious Software
Rising 21.08.30.00 2008.12.18 -
SecureWeb-Gateway 6.7.6 2008.12.18 Trojan.Dropper.Gen
Sophos 4.37.0 2008.12.18 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.18 -
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.18 -
VBA32 3.12.8.10 2008.12.17 -
ViRobot 2008.12.18.1524 2008.12.18 -
VirusBuster 4.5.11.0 2008.12.17 -
Additional information
File size: 72736 bytes
MD5...: 09e2f34eb7b0872159ba3fe16b23145f

Добавлено через 1 минуту

File VIDEO.sys received on 12.18.2008 08:21:58 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.17.3 2008.12.18 -
AntiVir 7.9.0.45 2008.12.17 TR/PSW.Agent.lii
Authentium 5.1.0.4 2008.12.18 -
Avast 4.8.1281.0 2008.12.17 -
AVG 8.0.0.199 2008.12.17 -
BitDefender 7.2 2008.12.18 -
CAT-QuickHeal 10.00 2008.12.18 -
ClamAV 0.94.1 2008.12.18 -
Comodo 771 2008.12.17 -
DrWeb 4.44.0.09170 2008.12.17 -
eSafe 7.0.17.0 2008.12.17 -
eTrust-Vet 31.6.6266 2008.12.18 -
Ewido 4.0 2008.12.17 -
F-Prot 4.4.4.56 2008.12.17 -
F-Secure 8.0.14332.0 2008.12.18 Trojan-PSW.Win32.Agent.lii
Fortinet 3.117.0.0 2008.12.18 W32/Agent.LII!tr.pws
GData 19 2008.12.18 -
Ikarus T3.1.1.45.0 2008.12.18 Trojan-PWS.Win32.Agent
K7AntiVirus 7.10.556 2008.12.17 -
Kaspersky 7.0.0.125 2008.12.18 Trojan-PSW.Win32.Agent.lii
McAfee 5467 2008.12.17 -
McAfee+Artemis 5467 2008.12.17 -
Microsoft 1.4205 2008.12.18 -
NOD32 3700 2008.12.17 -
Norman 5.80.02 2008.12.17 -
Panda 9.0.0.4 2008.12.18 -
PCTools 4.4.2.0 2008.12.17 -
Prevx1 V2 2008.12.18 -
Rising 21.08.30.00 2008.12.18 -
SecureWeb-Gateway 6.7.6 2008.12.18 Trojan.PSW.Agent.lii
Sophos 4.37.0 2008.12.18 -
Sunbelt 3.2.1801.2 2008.12.10 -
Symantec 10 2008.12.18 -
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.18 -
VBA32 3.12.8.10 2008.12.17 -
ViRobot 2008.12.18.1524 2008.12.18 -
VirusBuster 4.5.11.0 2008.12.17 -
Additional information
File size: 28416 bytes
MD5...: f41dde69903b4a1279e8e52308f41339

Shu_b
19.12.2008, 11:51
File disc32.dll received on 12.19.2008 08:24:01 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.19.0 2008.12.19 -
AntiVir 7.9.0.45 2008.12.19 -
Authentium 5.1.0.4 2008.12.18 W32/Heuristic-VFM!Eldorado
Avast 4.8.1281.0 2008.12.18 -
AVG 8.0.0.199 2008.12.18 -
BitDefender 7.2 2008.12.19 -
CAT-QuickHeal 10.00 2008.12.19 -
ClamAV 0.94.1 2008.12.18 -
Comodo 780 2008.12.19 -
DrWeb 4.44.0.09170 2008.12.18 -
eSafe 7.0.17.0 2008.12.18 Suspicious File
eTrust-Vet 31.6.6268 2008.12.18 -
Ewido 4.0 2008.12.18 -
F-Prot 4.4.4.56 2008.12.18 W32/Heuristic-VFM!Eldorado
F-Secure 8.0.14332.0 2008.12.19 Worm.Win32.AutoRun.uwl
Fortinet 3.117.0.0 2008.12.19 -
GData 19 2008.12.19 -
Ikarus T3.1.1.45.0 2008.12.19 Backdoor.Win32.Bandok
K7AntiVirus 7.10.557 2008.12.18 -
Kaspersky 7.0.0.125 2008.12.19 Worm.Win32.AutoRun.uwl
McAfee 5468 2008.12.18 -
McAfee+Artemis 5468 2008.12.18 -
Microsoft 1.4205 2008.12.19 -
NOD32 3704 2008.12.18 -
Norman 5.80.02 2008.12.18 -
Panda 9.0.0.4 2008.12.19 -
PCTools 4.4.2.0 2008.12.18 -
Prevx1 V2 2008.12.19 -
Rising 21.08.40.00 2008.12.19 -
SecureWeb-Gateway 6.7.6 2008.12.19 Win32.Malware.gen#UPX (suspicious)
Sophos 4.37.0 2008.12.19 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.19 -
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.19 -
VBA32 3.12.8.10 2008.12.18 -
ViRobot 2008.12.18.1526 2008.12.19 -
VirusBuster 4.5.11.0 2008.12.18 -
Additional information
File size: 14336 bytes
MD5...: c93c8279540aed5051d85b94d95b855d

Добавлено через 2 минуты

File winlogon.exe received on 12.19.2008 08:50:29 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.19.0 2008.12.19 -
AntiVir 7.9.0.45 2008.12.19 -
Authentium 5.1.0.4 2008.12.18 -
Avast 4.8.1281.0 2008.12.18 -
AVG 8.0.0.199 2008.12.18 -
BitDefender 7.2 2008.12.19 -
CAT-QuickHeal 10.00 2008.12.19 -
ClamAV 0.94.1 2008.12.18 -
Comodo 780 2008.12.19 -
DrWeb 4.44.0.09170 2008.12.18 -
eSafe 7.0.17.0 2008.12.18 -
eTrust-Vet 31.6.6268 2008.12.18 -
Ewido 4.0 2008.12.18 -
F-Prot 4.4.4.56 2008.12.18 -
F-Secure 8.0.14332.0 2008.12.19 -
Fortinet 3.117.0.0 2008.12.19 -
GData 19 2008.12.19 -
Ikarus T3.1.1.45.0 2008.12.19 -
K7AntiVirus 7.10.557 2008.12.18 -
Kaspersky 7.0.0.125 2008.12.19 Trojan-Proxy.Win32.Delf.ki
McAfee 5468 2008.12.18 New Malware.gr
McAfee+Artemis 5468 2008.12.18 New Malware.gr
Microsoft 1.4205 2008.12.19 -
NOD32 3704 2008.12.18 -
Norman 5.80.02 2008.12.18 -
Panda 9.0.0.4 2008.12.19 Suspicious file
PCTools 4.4.2.0 2008.12.18 -
Prevx1 V2 2008.12.19 Malicious Software
Rising 21.08.40.00 2008.12.19 -
SecureWeb-Gateway 6.7.6 2008.12.19 -
Sophos 4.37.0 2008.12.19 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.19 -
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.19 -
VBA32 3.12.8.10 2008.12.18 -
ViRobot 2008.12.18.1526 2008.12.19 -
VirusBuster 4.5.11.0 2008.12.18 -
Additional information
File size: 712704 bytes
MD5...: dcac5a14860babc1d3ed514b73467a68

Добавлено через 2 минуты

File xxyxVlJd.dll received on 12.19.2008 09:04:13 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.19.0 2008.12.19 -
AntiVir 7.9.0.45 2008.12.19 TR/Vundo.Gen.6.23
Authentium 5.1.0.4 2008.12.18 -
Avast 4.8.1281.0 2008.12.18 -
AVG 8.0.0.199 2008.12.18 Vundo.CK
BitDefender 7.2 2008.12.19 Trojan.Vundo.Gen.6
CAT-QuickHeal 10.00 2008.12.19 -
ClamAV 0.94.1 2008.12.18 -
Comodo 780 2008.12.19 -
DrWeb 4.44.0.09170 2008.12.18 Trojan.Virtumod.855
eSafe 7.0.17.0 2008.12.18 -
eTrust-Vet 31.6.6268 2008.12.18 Win32/Vundo!generic
Ewido 4.0 2008.12.18 -
F-Prot 4.4.4.56 2008.12.18 W32/Virtumonde.AC.gen!Eldorado
F-Secure 8.0.14332.0 2008.12.19 Trojan:W32/Vundo.EL
Fortinet 3.117.0.0 2008.12.19 -
GData 19 2008.12.19 Trojan.Vundo.Gen.6
Ikarus T3.1.1.45.0 2008.12.19 -
K7AntiVirus 7.10.557 2008.12.18 -
Kaspersky 7.0.0.125 2008.12.19 -
McAfee 5468 2008.12.18 -
McAfee+Artemis 5468 2008.12.18 -
Microsoft 1.4205 2008.12.19 Trojan:Win32/Vundo.gen!R
NOD32 3704 2008.12.18 Win32/Adware.Virtumonde.FP
Norman 5.80.02 2008.12.18 -
Panda 9.0.0.4 2008.12.19 -
PCTools 4.4.2.0 2008.12.18 -
Prevx1 V2 2008.12.19 -
Rising 21.08.41.00 2008.12.19 Trojan.Win32.VUNDO.cbw
SecureWeb-Gateway 6.7.6 2008.12.19 Trojan.Vundo.Gen.6.23
Sophos 4.37.0 2008.12.19 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.19 Packed.Generic.203
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.19 -
VBA32 3.12.8.10 2008.12.18 -
ViRobot 2008.12.18.1526 2008.12.19 -
VirusBuster 4.5.11.0 2008.12.18 -
Additional information
File size: 235520 bytes
MD5...: 0970f7b9d3927f6b93c8ceb1312a00f8

Добавлено через 2 минуты

File winscenter.exe received on 12.19.2008 09:22:23 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.19.0 2008.12.19 -
AntiVir 7.9.0.45 2008.12.19 -
Authentium 5.1.0.4 2008.12.18 -
Avast 4.8.1281.0 2008.12.18 -
AVG 8.0.0.199 2008.12.18 Win32/Cryptor
BitDefender 7.2 2008.12.19 -
CAT-QuickHeal 10.00 2008.12.19 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.12.18 -
Comodo 780 2008.12.19 -
DrWeb 4.44.0.09170 2008.12.18 -
eSafe 7.0.17.0 2008.12.18 -
eTrust-Vet 31.6.6268 2008.12.18 -
Ewido 4.0 2008.12.18 -
F-Prot 4.4.4.56 2008.12.18 -
F-Secure 8.0.14332.0 2008.12.19 -
Fortinet 3.117.0.0 2008.12.19 -
GData 19 2008.12.19 -
Ikarus T3.1.1.45.0 2008.12.19 Rootkit.Win32.TDSS
K7AntiVirus 7.10.557 2008.12.18 -
Kaspersky 7.0.0.125 2008.12.19 -
McAfee 5468 2008.12.18 -
McAfee+Artemis 5468 2008.12.18 Generic!Artemis
Microsoft 1.4205 2008.12.19 -
NOD32 3704 2008.12.18 -
Norman 5.80.02 2008.12.18 -
Panda 9.0.0.4 2008.12.19 -
PCTools 4.4.2.0 2008.12.18 -
Prevx1 V2 2008.12.19 Malicious Software
Rising 21.08.41.00 2008.12.19 -
SecureWeb-Gateway 6.7.6 2008.12.19 -
Sophos 4.37.0 2008.12.19 Mal/EncPk-CZ
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.19 -
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.19 TROJ_FAKEAV.AEA
VBA32 3.12.8.10 2008.12.18 -
ViRobot 2008.12.18.1526 2008.12.19 -
VirusBuster 4.5.11.0 2008.12.18 -
Additional information
File size: 384512 bytes
MD5...: a69de673a56ee3c21f40f3775ea05842

Добавлено через 5 минут

File kqozsbo.sys received on 12.19.2008 09:48:59 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.19.0 2008.12.19 -
AntiVir 7.9.0.45 2008.12.19 TR/Rootkit.Gen
Authentium 5.1.0.4 2008.12.18 -
Avast 4.8.1281.0 2008.12.18 Win32:Rootkit-gen
AVG 8.0.0.199 2008.12.18 DDoS.K
BitDefender 7.2 2008.12.19 -
CAT-QuickHeal 10.00 2008.12.19 -
ClamAV 0.94.1 2008.12.18 -
Comodo 780 2008.12.19 -
DrWeb 4.44.0.09170 2008.12.19 -
eSafe 7.0.17.0 2008.12.18 -
eTrust-Vet 31.6.6268 2008.12.18 -
Ewido 4.0 2008.12.18 -
F-Prot 4.4.4.56 2008.12.18 -
F-Secure 8.0.14332.0 2008.12.19 -
Fortinet 3.117.0.0 2008.12.19 -
GData 19 2008.12.19 Win32:Rootkit-gen
Ikarus T3.1.1.45.0 2008.12.19 -
K7AntiVirus 7.10.557 2008.12.18 -
Kaspersky 7.0.0.125 2008.12.19 -
McAfee 5468 2008.12.18 -
McAfee+Artemis 5468 2008.12.18 -
Microsoft 1.4205 2008.12.19 Backdoor:WinNT/Rustock.H
NOD32 3704 2008.12.18 -
Norman 5.80.02 2008.12.18 -
Panda 9.0.0.4 2008.12.19 -
PCTools 4.4.2.0 2008.12.18 -
Prevx1 V2 2008.12.19 -
Rising 21.08.41.00 2008.12.19 -
SecureWeb-Gateway 6.7.6 2008.12.19 Trojan.Rootkit.Gen
Sophos 4.37.0 2008.12.19 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.19 -
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.19 -
VBA32 3.12.8.10 2008.12.18 -
ViRobot 2008.12.18.1526 2008.12.19 -
VirusBuster 4.5.11.0 2008.12.18 -
Additional information
File size: 30848 bytes
MD5...: 78f59cf8d0d936d24a3b5af5c16114e5

Shu_b
22.12.2008, 17:34
из свежеприсланного (t=36108)

File tpszxyd.sys received on 12.22.2008 15:17:37 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.22.0 2008.12.22 -
AntiVir 7.9.0.45 2008.12.22 -
Authentium 5.1.0.4 2008.12.22 -
Avast 4.8.1281.0 2008.12.21 Win32:Refpron-C
AVG 8.0.0.199 2008.12.22 Agent.4.E
BitDefender 7.2 2008.12.22 -
CAT-QuickHeal 10.00 2008.12.22 -
ClamAV 0.94.1 2008.12.22 -
Comodo 793 2008.12.21 -
DrWeb 4.44.0.09170 2008.12.22 -
eSafe 7.0.17.0 2008.12.21 -
eTrust-Vet 31.6.6271 2008.12.20 -
Ewido 4.0 2008.12.22 -
F-Prot 4.4.4.56 2008.12.22 -
F-Secure 8.0.14332.0 2008.12.22 Suspicious:W32/DVBBS.c!Gemini
Fortinet 3.117.0.0 2008.12.22 -
GData 19 2008.12.22 Win32:Refpron-C
Ikarus T3.1.1.45.0 2008.12.22 Virus.Win32.DNSChanger.XR
K7AntiVirus 7.10.562 2008.12.22 -
Kaspersky 7.0.0.125 2008.12.22 -
McAfee 5471 2008.12.21 -
McAfee+Artemis 5471 2008.12.21 -
Microsoft 1.4205 2008.12.22 Backdoor:Win32/Refpron.I
NOD32 3710 2008.12.22 -
Norman 5.80.02 2008.12.22 -
Panda 9.0.0.4 2008.12.21 -
PCTools 4.4.2.0 2008.12.22 -
Prevx1 V2 2008.12.22 Cloaked Malware
Rising 21.09.02.00 2008.12.22 -
SecureWeb-Gateway 6.7.6 2008.12.22 -
Sophos 4.37.0 2008.12.22 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.22 -
TheHacker 6.3.1.4.195 2008.12.20 -
TrendMicro 8.700.0.1004 2008.12.22 TROJ_REFPRON.E
VBA32 3.12.8.10 2008.12.21 -
ViRobot 2008.12.22.1530 2008.12.22 -
VirusBuster 4.5.11.0 2008.12.21 -
Additional information
File size: 263168 bytes
MD5...: dd69d2f9d2d1709c286cb5fa6ef0ca8f


File system32\reminst\smss.exe received on 12.22.2008 15:17:50 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.22.0 2008.12.22 -
AntiVir 7.9.0.45 2008.12.22 HEUR/Malware
Authentium 5.1.0.4 2008.12.22 -
Avast 4.8.1281.0 2008.12.21 -
AVG 8.0.0.199 2008.12.22 -
BitDefender 7.2 2008.12.22 DeepScan:Generic.Malware.dld!!.98AD12A5
CAT-QuickHeal 10.00 2008.12.22 Win32.Backdoor.PcClient.ZA.3
ClamAV 0.94.1 2008.12.22 -
Comodo 793 2008.12.21 -
DrWeb 4.44.0.09170 2008.12.22 -
eSafe 7.0.17.0 2008.12.21 Suspicious File
eTrust-Vet 31.6.6271 2008.12.20 -
Ewido 4.0 2008.12.22 -
F-Prot 4.4.4.56 2008.12.22 -
F-Secure 8.0.14332.0 2008.12.22 -
Fortinet 3.117.0.0 2008.12.22 -
GData 19 2008.12.22 DeepScan:Generic.Malware.dld!!.98AD12A5
Ikarus T3.1.1.45.0 2008.12.22 -
K7AntiVirus 7.10.562 2008.12.22 -
Kaspersky 7.0.0.125 2008.12.22 -
McAfee 5471 2008.12.21 New Malware.ac
McAfee+Artemis 5471 2008.12.21 Generic!Artemis
Microsoft 1.4205 2008.12.22 -
NOD32 3710 2008.12.22 -
Norman 5.80.02 2008.12.22 -
Panda 9.0.0.4 2008.12.21 Suspicious file
PCTools 4.4.2.0 2008.12.22 -
Prevx1 V2 2008.12.22 -
Rising 21.09.02.00 2008.12.22 -
SecureWeb-Gateway 6.7.6 2008.12.22 Heuristic.Malware
Sophos 4.37.0 2008.12.22 Sus/Behav-1005
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.22 Downloader
TheHacker 6.3.1.4.195 2008.12.20 -
TrendMicro 8.700.0.1004 2008.12.22 PAK_Generic.001
VBA32 3.12.8.10 2008.12.21 -
ViRobot 2008.12.22.1530 2008.12.22 -
VirusBuster 4.5.11.0 2008.12.21 -
Additional information
File size: 6144 bytes
MD5...: 282e012b74885150185048920b5f4f51


File system32\reminst\csrss.exe received on 12.22.2008 15:23:51 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.22.0 2008.12.22 -
AntiVir 7.9.0.45 2008.12.22 -
Authentium 5.1.0.4 2008.12.22 W32/new-malware!Maximus
Avast 4.8.1281.0 2008.12.21 -
AVG 8.0.0.199 2008.12.22 -
BitDefender 7.2 2008.12.22 -
CAT-QuickHeal 10.00 2008.12.22 Trojan.Siveras.e
ClamAV 0.94.1 2008.12.22 -
Comodo 793 2008.12.21 -
DrWeb 4.44.0.09170 2008.12.22 Trojan.DownLoad.25792
eSafe 7.0.17.0 2008.12.21 Suspicious File
eTrust-Vet 31.6.6271 2008.12.20 -
Ewido 4.0 2008.12.22 -
F-Prot 4.4.4.56 2008.12.22 W32/new-malware!Maximus
F-Secure 8.0.14332.0 2008.12.22 -
Fortinet 3.117.0.0 2008.12.22 -
GData 19 2008.12.22 -
Ikarus T3.1.1.45.0 2008.12.22 Trojan.Buzus.iij
K7AntiVirus 7.10.562 2008.12.22 -
Kaspersky 7.0.0.125 2008.12.22 -
McAfee 5471 2008.12.21 -
McAfee+Artemis 5471 2008.12.21 -
Microsoft 1.4205 2008.12.22 Exploit:Win32/Siveras.E
NOD32 3710 2008.12.22 -
Norman 5.80.02 2008.12.22 -
Panda 9.0.0.4 2008.12.21 Suspicious file
PCTools 4.4.2.0 2008.12.22 -
Prevx1 V2 2008.12.22 -
Rising 21.09.02.00 2008.12.22 -
SecureWeb-Gateway 6.7.6 2008.12.22 Trojan.Downloader.Win32.Malware.gen (suspicious)
Sophos 4.37.0 2008.12.22 -
Sunbelt 3.2.1801.2 2008.12.11 VIPRE.Suspicious
Symantec 10 2008.12.22 -
TheHacker 6.3.1.4.195 2008.12.20 -
TrendMicro 8.700.0.1004 2008.12.22 PAK_Generic.001
VBA32 3.12.8.10 2008.12.21 -
ViRobot 2008.12.22.1530 2008.12.22 -
VirusBuster 4.5.11.0 2008.12.21 -
Additional information
File size: 43520 bytes
MD5...: f7fcc33c6cf1ae3d006f9f5e41929f71


File temp\0002.exe received on 12.22.2008 15:18:02 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.22.0 2008.12.22 -
AntiVir 7.9.0.45 2008.12.22 TR/ATRAPS.Gen
Authentium 5.1.0.4 2008.12.22 -
Avast 4.8.1281.0 2008.12.21 -
AVG 8.0.0.199 2008.12.22 Dropper.Bravix
BitDefender 7.2 2008.12.22 -
CAT-QuickHeal 10.00 2008.12.22 Win32.PWS.Gamania.gen!D.8
ClamAV 0.94.1 2008.12.22 -
Comodo 793 2008.12.21 -
DrWeb 4.44.0.09170 2008.12.22 -
eSafe 7.0.17.0 2008.12.21 -
eTrust-Vet 31.6.6271 2008.12.20 -
Ewido 4.0 2008.12.22 -
F-Prot 4.4.4.56 2008.12.22 -
F-Secure 8.0.14332.0 2008.12.22 Suspicious:W32/Malware!Gemini
Fortinet 3.117.0.0 2008.12.22 -
GData 19 2008.12.22 -
Ikarus T3.1.1.45.0 2008.12.22 -
K7AntiVirus 7.10.562 2008.12.22 -
Kaspersky 7.0.0.125 2008.12.22 -
McAfee 5471 2008.12.21 -
McAfee+Artemis 5471 2008.12.21 -
Microsoft 1.4205 2008.12.22 Trojan:Win32/Adpclient
NOD32 3710 2008.12.22 -
Norman 5.80.02 2008.12.22 -
Panda 9.0.0.4 2008.12.21 Suspicious file
PCTools 4.4.2.0 2008.12.22 -
Prevx1 V2 2008.12.22 -
Rising 21.09.02.00 2008.12.22 -
SecureWeb-Gateway 6.7.6 2008.12.22 Trojan.ATRAPS.Gen
Sophos 4.37.0 2008.12.22 Troj/Sacom-Gen
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.22 -
TheHacker 6.3.1.4.195 2008.12.20 -
TrendMicro 8.700.0.1004 2008.12.22 -
VBA32 3.12.8.10 2008.12.21 suspected of Win32 Shadow Driver Install
ViRobot 2008.12.22.1530 2008.12.22 -
VirusBuster 4.5.11.0 2008.12.21 -
Additional information
File size: 60928 bytes
MD5...: 35cd63388a75d9369b241eb19901f02b

kvit
23.12.2008, 08:44
пришло сегодня по icq


Антивирус Версия Обновление Результат
AhnLab-V3 2008.12.22.0 2008.12.23 Win-Trojan/LdPinch.41984.AH
AntiVir 7.9.0.45 2008.12.22 TR/Spy.Gen
Authentium 5.1.0.4 2008.12.23 W32/LdPinch.A.gen!Eldorado
Avast 4.8.1281.0 2008.12.23 Win32:LdPinch-CYW
AVG 8.0.0.199 2008.12.22 PSW.Ldpinch.OLX
BitDefender 7.2 2008.12.23 Trojan.PWS.LdPinch.TPC
CAT-QuickHeal 10.00 2008.12.23 -
ClamAV 0.94.1 2008.12.22 Trojan.LdPinch-1592
Comodo 800 2008.12.22 TrojWare.Win32.PSW.Ldpinch.~TE
DrWeb 4.44.0.09170 2008.12.22 Trojan.PWS.LDPinch.4182
eSafe 7.0.17.0 2008.12.21 -
eTrust-Vet 31.6.6271 2008.12.20 Win32/Yurist.DD
Ewido 4.0 2008.12.22 Trojan.LdPinch.cdz
F-Prot 4.4.4.56 2008.12.22 W32/LdPinch.A.gen!Eldorado
F-Secure 8.0.14332.0 2008.12.23 Trojan-PSW.Win32.LdPinch.dis
Fortinet 3.117.0.0 2008.12.23 W32/LdPinch.BYX!tr.pws
GData 19 2008.12.23 Trojan.PWS.LdPinch.TPC
Ikarus T3.1.1.45.0 2008.12.23 Trojan-PWS.Win32.LdPinch
K7AntiVirus 7.10.562 2008.12.22 Trojan-PSW.Win32.LdPinch.cds
Kaspersky 7.0.0.125 2008.12.23 Trojan-PSW.Win32.LdPinch.dis
McAfee 5472 2008.12.22 -
McAfee+Artemis 5472 2008.12.22 Generic!Artemis
Microsoft 1.4205 2008.12.22 PWS:Win32/Ldpinch.gen
NOD32 3712 2008.12.22 a variant of Win32/PSW.LdPinch.NEL
Norman 5.80.02 2008.12.22 LdPinch.gen1
Panda 9.0.0.4 2008.12.22 Trj/Ldpinch.APF
PCTools 4.4.2.0 2008.12.22 Trojan.PWS.LdPinch.CCL
Prevx1 V2 2008.12.23 Malicious Software
Rising 21.09.10.00 2008.12.23 Trojan.PSW.Win32.LdPinch.cds
SecureWeb-Gateway 6.7.6 2008.12.22 Trojan.Spy.Gen
Sophos 4.37.0 2008.12.23 Troj/LDPinch-RG
Sunbelt 3.2.1809.2 2008.12.22 BehavesLike.Win32.Malware (v)
Symantec 10 2008.12.23 Infostealer.Ldpinch
TheHacker 6.3.1.4.195 2008.12.20 -
TrendMicro 8.700.0.1004 2008.12.23 TROJ_LDPINCH.BB
VBA32 3.12.8.10 2008.12.22 Trojan.Win32.Agent.tpa
ViRobot 2008.12.23.1531 2008.12.23 Trojan.Win32.PSWLdPinch.41984.F
VirusBuster 4.5.11.0 2008.12.22 Trojan.PWS.LdPinch.CCL

Shu_b
23.12.2008, 09:33
File userinit.exe received on 12.23.2008 07:06:54 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.22.0 2008.12.23 -
AntiVir 7.9.0.45 2008.12.22 TR/Spy.ZBot.DAB.2
Authentium 5.1.0.4 2008.12.23 -
Avast 4.8.1281.0 2008.12.23 -
AVG 8.0.0.199 2008.12.22 SHeur2.GNW
BitDefender 7.2 2008.12.23 -
CAT-QuickHeal 10.00 2008.12.23 -
ClamAV 0.94.1 2008.12.22 -
Comodo 800 2008.12.22 -
DrWeb 4.44.0.09170 2008.12.22 -
eSafe 7.0.17.0 2008.12.21 Suspicious File
eTrust-Vet 31.6.6274 2008.12.22 -
Ewido 4.0 2008.12.22 -
F-Prot 4.4.4.56 2008.12.22 -
F-Secure 8.0.14332.0 2008.12.23 -
Fortinet 3.117.0.0 2008.12.23 -
GData 19 2008.12.23 -
Ikarus T3.1.1.45.0 2008.12.23 -
K7AntiVirus 7.10.562 2008.12.22 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.12.23 -
McAfee 5472 2008.12.22 -
McAfee+Artemis 5472 2008.12.22 Generic!Artemis
Microsoft 1.4205 2008.12.22 VirTool:Win32/Obfuscator.CW
NOD32 3712 2008.12.22 a variant of Win32/Kryptik.DK
Norman 5.80.02 2008.12.22 -
Panda 9.0.0.4 2008.12.22 -
PCTools 4.4.2.0 2008.12.22 -
Rising 21.09.10.00 2008.12.23 -
SecureWeb-Gateway 6.7.6 2008.12.23 -
Sophos 4.37.0 2008.12.23 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.23 Infostealer
TheHacker 6.3.1.4.195 2008.12.20 -
TrendMicro 8.700.0.1004 2008.12.23 -
VBA32 3.12.8.10 2008.12.22 suspected of Malware-Cryptor.Win32.General.4
ViRobot 2008.12.23.1531 2008.12.23 -
VirusBuster 4.5.11.0 2008.12.22 -
Additional information
File size: 74240 bytes
MD5...: 18789d6b2155e4755feb98b5629babb7
SHA1..: 1e76a4b48299639cd6e2794ef4717876d66f0055

Добавлено через 1 минуту

File im.exe received on 12.23.2008 07:14:51 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.22.0 2008.12.23 -
AntiVir 7.9.0.45 2008.12.22 TR/Crypt.CFI.Gen
Authentium 5.1.0.4 2008.12.23 W32/VB-Backdoor-PSVR-based!Maximus
Avast 4.8.1281.0 2008.12.23 -
AVG 8.0.0.199 2008.12.22 -
BitDefender 7.2 2008.12.23 -
CAT-QuickHeal 10.00 2008.12.23 -
ClamAV 0.94.1 2008.12.22 -
Comodo 800 2008.12.22 -
DrWeb 4.44.0.09170 2008.12.22 -
eSafe 7.0.17.0 2008.12.21 -
eTrust-Vet 31.6.6271 2008.12.20 -
Ewido 4.0 2008.12.22 -
F-Prot 4.4.4.56 2008.12.22 W32/VB-Backdoor-PSVR-based!Maximus
F-Secure 8.0.14332.0 2008.12.23 -
Fortinet 3.117.0.0 2008.12.23 -
GData 19 2008.12.23 -
Ikarus T3.1.1.45.0 2008.12.23 not-a-virus:AdTool.Win32.VB.a
K7AntiVirus 7.10.562 2008.12.22 -
Kaspersky 7.0.0.125 2008.12.23 -
McAfee 5472 2008.12.22 -
McAfee+Artemis 5472 2008.12.22 Generic!Artemis
Microsoft 1.4205 2008.12.22 -
NOD32 3712 2008.12.22 -
Norman 5.80.02 2008.12.22 -
Panda 9.0.0.4 2008.12.22 -
PCTools 4.4.2.0 2008.12.22 -
Prevx1 V2 2008.12.23 -
Rising 21.09.10.00 2008.12.23 -
SecureWeb-Gateway 6.7.6 2008.12.23 Trojan.Crypt.CFI.Gen
Sophos 4.37.0 2008.12.23 -
Sunbelt 3.2.1809.2 2008.12.22 Backdoor.Win32.VB.PSVR!cobra (v)
Symantec 10 2008.12.23 -
TheHacker 6.3.1.4.195 2008.12.20 -
TrendMicro 8.700.0.1004 2008.12.23 -
VBA32 3.12.8.10 2008.12.22 -
ViRobot 2008.12.23.1531 2008.12.23 -
VirusBuster 4.5.11.0 2008.12.22 -
Additional information
File size: 98304 bytes
MD5...: 26f25a5a029d118623f039398b1f7dee

Добавлено через 2 минуты

File twext.exe received on 12.23.2008 07:19:11 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.22.0 2008.12.23 -
AntiVir 7.9.0.45 2008.12.22 -
Authentium 5.1.0.4 2008.12.23 -
Avast 4.8.1281.0 2008.12.23 Win32:Zbot-AVH
AVG 8.0.0.199 2008.12.22 -
BitDefender 7.2 2008.12.23 -
CAT-QuickHeal 10.00 2008.12.23 -
ClamAV 0.94.1 2008.12.22 -
Comodo 800 2008.12.22 -
DrWeb 4.44.0.09170 2008.12.22 -
eSafe 7.0.17.0 2008.12.21 -
eTrust-Vet 31.6.6274 2008.12.22 -
Ewido 4.0 2008.12.22 -
F-Prot 4.4.4.56 2008.12.22 -
F-Secure 8.0.14332.0 2008.12.23 Trojan-Spy.Win32.Zbot.imd
Fortinet 3.117.0.0 2008.12.23 -
GData 19 2008.12.23 Win32:Zbot-AVH
Ikarus T3.1.1.45.0 2008.12.23 -
K7AntiVirus 7.10.562 2008.12.22 -
Kaspersky 7.0.0.125 2008.12.23 Trojan-Spy.Win32.Zbot.imd
McAfee 5472 2008.12.22 -
McAfee+Artemis 5472 2008.12.22 -
Microsoft 1.4205 2008.12.22 TrojanSpy:Win32/Zbot.gen!C
NOD32 3712 2008.12.22 a variant of Win32/Kryptik.DB
Norman 5.80.02 2008.12.22 -
Panda 9.0.0.4 2008.12.22 -
PCTools 4.4.2.0 2008.12.22 -
Prevx1 V2 2008.12.23 -
Rising 21.09.10.00 2008.12.23 -
SecureWeb-Gateway 6.7.6 2008.12.23 -
Sophos 4.37.0 2008.12.23 Mal/Zbot-H
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.23 -
TheHacker 6.3.1.4.195 2008.12.20 -
TrendMicro 8.700.0.1004 2008.12.23 -
VBA32 3.12.8.10 2008.12.22 -
ViRobot 2008.12.23.1531 2008.12.23 -
VirusBuster 4.5.11.0 2008.12.22 TrojanSpy.ZBot.Gen!Pac.6
Additional information
File size: 575488 bytes
MD5...: e1b79b469184ff37468af1e427500c4b

Добавлено через 52 секунды

File PrivateContent.exe received on 12.23.2008 07:21:43 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.12.22.0 2008.12.23 -
AntiVir 7.9.0.45 2008.12.22 -
Authentium 5.1.0.4 2008.12.23 -
Avast 4.8.1281.0 2008.12.23 -
AVG 8.0.0.199 2008.12.22 -
BitDefender 7.2 2008.12.23 -
CAT-QuickHeal 10.00 2008.12.23 -
ClamAV 0.94.1 2008.12.22 -
Comodo 800 2008.12.22 -
DrWeb 4.44.0.09170 2008.12.22 -
eSafe 7.0.17.0 2008.12.21 -
eTrust-Vet 31.6.6274 2008.12.22 -
Ewido 4.0 2008.12.22 -
F-Prot 4.4.4.56 2008.12.22 -
F-Secure 8.0.14332.0 2008.12.23 AdWare.Win32.Cinmus.aiyf
Fortinet 3.117.0.0 2008.12.23 -
GData 19 2008.12.23 -
Ikarus T3.1.1.45.0 2008.12.23 -
K7AntiVirus 7.10.562 2008.12.22 -
Kaspersky 7.0.0.125 2008.12.23 not-a-virus:AdWare.Win32.Cinmus.aiyf
McAfee 5472 2008.12.22 -
McAfee+Artemis 5472 2008.12.22 -
Microsoft 1.4205 2008.12.22 -
NOD32 3712 2008.12.22 -
Norman 5.80.02 2008.12.22 -
Panda 9.0.0.4 2008.12.22 -
PCTools 4.4.2.0 2008.12.22 -
Prevx1 V2 2008.12.23 -
Rising 21.09.10.00 2008.12.23 -
SecureWeb-Gateway 6.7.6 2008.12.23 -
Sophos 4.37.0 2008.12.23 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.23 -
TheHacker 6.3.1.4.195 2008.12.20 -
TrendMicro 8.700.0.1004 2008.12.23 -
VBA32 3.12.8.10 2008.12.22 -
ViRobot 2008.12.23.1531 2008.12.23 -
VirusBuster 4.5.11.0 2008.12.22 -
Additional information
File size: 88576 bytes
MD5...: 1bbde9abaf1f459143de6844db9ed624

senyak
23.12.2008, 17:43
Файл 49c4f4f6.eml получен 2008.12.23 15:30:54 (CET)
Текущий статус: закончено
Результат: 4/38 (10.53%)


Антивирус Версия Обновление Результат
AhnLab-V3 2008.12.22.0 2008.12.23 -
AntiVir 7.9.0.45 2008.12.23 HEUR/HTML.Malware
Authentium 5.1.0.4 2008.12.23 -
Avast 4.8.1281.0 2008.12.23 -
AVG 8.0.0.199 2008.12.22 -
BitDefender 7.2 2008.12.23 -
CAT-QuickHeal 10.00 2008.12.23 -
ClamAV 0.94.1 2008.12.23 Phishing.Heuristics.Email.SpoofedDomain
Comodo 804 2008.12.23 -
DrWeb 4.44.0.09170 2008.12.23 -
eSafe 7.0.17.0 2008.12.21 -
eTrust-Vet 31.6.6274 2008.12.22 -
Ewido 4.0 2008.12.23 -
F-Prot 4.4.4.56 2008.12.23 -
F-Secure 8.0.14332.0 2008.12.23 Trojan-Spy.HTML.Fraud.gen
Fortinet 3.117.0.0 2008.12.23 -
GData 19 2008.12.23 -
Ikarus T3.1.1.45.0 2008.12.23 -
K7AntiVirus 7.10.563 2008.12.23 -
Kaspersky 7.0.0.125 2008.12.23 Trojan-Spy.HTML.Fraud.gen
McAfee 5472 2008.12.22 -
McAfee+Artemis 5472 2008.12.22 -
Microsoft 1.4205 2008.12.23 -
NOD32 3713 2008.12.23 -
Norman 5.80.02 2008.12.23 -
Panda 9.0.0.4 2008.12.23 -
PCTools 4.4.2.0 2008.12.23 -
Prevx1 V2 2008.12.23 -
Rising 21.09.13.00 2008.12.23 -
SecureWeb-Gateway 6.7.6 2008.12.23 -
Sophos 4.37.0 2008.12.23 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.23 -
TheHacker 6.3.1.4.195 2008.12.20 -
TrendMicro 8.700.0.1004 2008.12.23 -
VBA32 3.12.8.10 2008.12.22 -
ViRobot 2008.12.23.1532 2008.12.23 -
VirusBuster 4.5.11.0 2008.12.23 -
Дополнительная информация
File size: 4113 bytes
MD5...: 35ab57faa44d9691baa991c2dec704f6
SHA1..: 8753bb9d81121ab07dfbc996c00ca51f838271de
SHA256: 78c274d4bc6fd7998184ee30ebccbb6448872cc9cfccd79bc9 0b8723f639d1d4
SHA512: ca7edaf312f97c7edfd443706d39c00c5fc4deea77a2ca86e0 297a5a61e712c6
55bd2a6ccfc1c4735aa66001e07fa915f71ea860e5c739ec77 149afdcbb6f23d
ssdeep: 48:SC/Ji2tmsNBxAM3T7WpL5AjNux0219IXMyxM8OX/1UKtjDUpICUAixkKHJktv
AnH:F5xF3G5uNux021yMDqEBN9gXq2EQLk
PEiD..: -
TrID..: File type identification
E-Mail message (Var. 1) (100.0%)
PEInfo: -
packers (F-Prot): qp

Shu_b
24.12.2008, 12:16
File qwe received on 12.24.2008 09:05:31 (CET)

Antivirus Version Last Update Result
a-squared 4.0.0.73 2008.12.24 -
AhnLab-V3 2008.12.22.0 2008.12.24 -
AntiVir 7.9.0.45 2008.12.24 TR/Dropper.Gen
Authentium 5.1.0.4 2008.12.24 -
Avast 4.8.1281.0 2008.12.23 -
AVG 8.0.0.199 2008.12.23 -
BitDefender 7.2 2008.12.24 -
CAT-QuickHeal 10.00 2008.12.24 -
ClamAV 0.94.1 2008.12.24 -
Comodo 804 2008.12.23 -
DrWeb 4.44.0.09170 2008.12.24 -
eSafe 7.0.17.0 2008.12.23 -
eTrust-Vet 31.6.6276 2008.12.24 -
Ewido 4.0 2008.12.23 -
F-Prot 4.4.4.56 2008.12.24 -
F-Secure 8.0.14332.0 2008.12.24 -
Fortinet 3.117.0.0 2008.12.24 -
GData 19 2008.12.24 -
Ikarus T3.1.1.45.0 2008.12.24 -
K7AntiVirus 7.10.563 2008.12.23 -
Kaspersky 7.0.0.125 2008.12.24 -
McAfee 5473 2008.12.23 -
McAfee+Artemis 5473 2008.12.23 -
Microsoft 1.4205 2008.12.24 -
NOD32 3715 2008.12.24 -
Norman 5.80.02 2008.12.23 -
Panda 9.0.0.4 2008.12.23 -
PCTools 4.4.2.0 2008.12.23 -
Prevx1 V2 2008.12.24 Cloaked Malware
Rising 21.09.21.00 2008.12.24 -
SecureWeb-Gateway 6.7.6 2008.12.24 Trojan.Dropper.Gen
Sophos 4.37.0 2008.12.24 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.24 -
TheHacker 6.3.1.4.199 2008.12.23 -
TrendMicro 8.700.0.1004 2008.12.24 -
VBA32 3.12.8.10 2008.12.23 -
ViRobot 2008.12.24.1533 2008.12.24 -
VirusBuster 4.5.11.0 2008.12.23 -
Additional information
File size: 22528 bytes
MD5...: 5ad1dc609b765c81a895a1fd42040b73

ALEX(XX)
24.12.2008, 14:12
File 3.exe received on 12.24.2008 10:33:03 (CET)


Antivirus Version Last Update Result
a-squared 4.0.0.73 2008.12.24 Trojan-PWS.Win32.QQPass!IK
AhnLab-V3 2008.12.22.0 2008.12.24 Packed/Upack
AntiVir 7.9.0.45 2008.12.24 TR/ATRAPS.Gen
Authentium 5.1.0.4 2008.12.24 W32/Heuristic-210!Eldorado
Avast 4.8.1281.0 2008.12.23 -
AVG 8.0.0.199 2008.12.23 -
BitDefender 7.2 2008.12.24 -
CAT-QuickHeal 10.00 2008.12.24 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.12.24 -
Comodo 804 2008.12.23 -
DrWeb 4.44.0.09170 2008.12.24 -
eSafe 7.0.17.0 2008.12.23 -
eTrust-Vet 31.6.6276 2008.12.24 -
Ewido 4.0 2008.12.23 -
F-Prot 4.4.4.56 2008.12.24 W32/Heuristic-210!Eldorado
F-Secure 8.0.14332.0 2008.12.24 W32/Packed_Upack.A
Fortinet 3.117.0.0 2008.12.24 -
GData 19 2008.12.24 -
Ikarus T3.1.1.45.0 2008.12.24 Trojan-PWS.Win32.QQPass
K7AntiVirus 7.10.563 2008.12.23 -
Kaspersky 7.0.0.125 2008.12.24 -
McAfee 5473 2008.12.23 New Malware.aj
McAfee+Artemis 5473 2008.12.23 New Malware.n
Microsoft 1.4205 2008.12.24 PWS:Win32/QQpass.AA
NOD32 3715 2008.12.24 a variant of Win32/PSW.Delf.NMX
Norman 5.80.02 2008.12.23 W32/Packed_Upack.A
Panda 9.0.0.4 2008.12.23 Suspicious file
PCTools 4.4.2.0 2008.12.23 Packed/Upack
Prevx1 V2 2008.12.24 -
Rising 21.09.22.00 2008.12.24 Trojan.Win32.QQFish.w
SecureWeb-Gateway 6.7.6 2008.12.24 Trojan.ATRAPS.Gen
Sophos 4.37.0 2008.12.24 Sus/ComPack-C
Sunbelt 3.2.1809.2 2008.12.22 VIPRE.Suspicious
Symantec 10 2008.12.24 -
TheHacker 6.3.1.4.199 2008.12.23 W32/Behav-Heuristic-060
TrendMicro 8.700.0.1004 2008.12.24 PAK_Generic.006
VBA32 3.12.8.10 2008.12.23 Trojan-PSW.Win32.QQPass.efy
ViRobot 2008.12.24.1533 2008.12.24 -
VirusBuster 4.5.11.0 2008.12.23 Packed/Upack

Additional information
File size: 48360 bytes
MD5...: 98ce99bb088c252d7d084f87ed2a500c
SHA1..: 70d9bcdefc0e1a23efea874a46e4d80800daf32a
SHA256: d6f414e798bde608b368d0c41aff41737c9b641b4b9a802fd7 17e1d2864fb9b6
SHA512: 8f0b0281c7e4614e31a345a428ae2e3764ef48c2306fea4f94 e658645f695d44<BR>13588dc16e2ad43974bf6ec9cdbc0e61644fe1bd5ec3260074 570b3725098957<BR>
ssdeep: 768:uMVvp3w/gocWsGh+V4Aq4cEM/9UyIdkqezAS3COSec2KGr0LjVot0g62KRQY<BR>:uMVvp3w/ghWbkq4NMiy6o6ic2KGrAotm<BR>
PEiD..: -
TrID..: File type identification<BR>DOS Executable Generic (100.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x261018<BR>timedatestamp.....: 0x2611b0be (Thu Mar 29 06:52:46 1990)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>PS 0x1000 0x69000 0x1f0 5.43 ce40f9782f141f111303501525d8de5e<BR>_Y_ 0x6a000 0x13000 0xbae8 7.87 38e69c9cd23df97d12da107e6d2f4a34<BR>__ 0x7d000 0x1000 0x1f0 5.43 ce40f9782f141f111303501525d8de5e<BR><BR>( 0 imports ) <BR><BR>( 0 exports ) <BR>
packers (Authentium): UPack
packers (Kaspersky): PE_Patch, UPack
packers (F-Prot): UPack


File 0001.exe received on 12.24.2008 10:34:51 (CET)


Antivirus Version Last Update Result
a-squared 4.0.0.73 2008.12.24 Backdoor.Bifrose!IK
AhnLab-V3 2008.12.22.0 2008.12.24 -
AntiVir 7.9.0.45 2008.12.24 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.12.24 -
Avast 4.8.1281.0 2008.12.23 -
AVG 8.0.0.199 2008.12.23 Win32/Heur
BitDefender 7.2 2008.12.24 Trojan.Rincux.AW
CAT-QuickHeal 10.00 2008.12.24 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.12.24 -
Comodo 804 2008.12.23 -
DrWeb 4.44.0.09170 2008.12.24 -
eSafe 7.0.17.0 2008.12.23 Suspicious File
eTrust-Vet 31.6.6276 2008.12.24 -
Ewido 4.0 2008.12.23 -
F-Prot 4.4.4.56 2008.12.24 -
F-Secure 8.0.14332.0 2008.12.24 Suspicious:W32/Malware!Gemini
Fortinet 3.117.0.0 2008.12.24 -
GData 19 2008.12.24 Trojan.Rincux.AW
Ikarus T3.1.1.45.0 2008.12.24 Backdoor.Bifrose
K7AntiVirus 7.10.563 2008.12.23 -
Kaspersky 7.0.0.125 2008.12.24 -
McAfee 5473 2008.12.23 -
McAfee+Artemis 5473 2008.12.23 Generic!Artemis
Microsoft 1.4205 2008.12.24 Trojan:Win32/Agent
NOD32 3715 2008.12.24 -
Norman 5.80.02 2008.12.23 -
Panda 9.0.0.4 2008.12.23 -
PCTools 4.4.2.0 2008.12.23 -
Prevx1 V2 2008.12.24 -
Rising 21.09.22.00 2008.12.24 Backdoor.Win32.DDOS.ev
SecureWeb-Gateway 6.7.6 2008.12.24 Trojan.Crypt.XPACK.Gen
Sophos 4.37.0 2008.12.24 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.24 -
TheHacker 6.3.1.4.199 2008.12.23 -
TrendMicro 8.700.0.1004 2008.12.24 -
VBA32 3.12.8.10 2008.12.23 -
ViRobot 2008.12.24.1533 2008.12.24 -
VirusBuster 4.5.11.0 2008.12.23 -

Additional information
File size: 21396 bytes
MD5...: bde49df3cbcf4d06f3a4c245bbae2f0e
SHA1..: 59102419014279f1c39ba91fc2f066aa9a5a7e98
SHA256: e0e3c3d8a1bfee5b907965b2b3616a730e57e79f5b4008ba52 2ed03afa43b195
SHA512: 282a98a79b5cf7b0f1b0ab6168d51c535115d0a0b4f3bdea9d 2914157077f143<BR>eb8d27ad5477f5643a43e2aa493dbca7887bc8e2f2465c6c21 8e9bb2ea737acd<BR>
ssdeep: 384:XSz2AJknpV5ILyJwhgP8wFYDcV9Vq6EHXnnnnXVmnXXnXX nXXn8MxR8YbcXn<BR>nnnC:XUJkn7TJwhP8aV5nXsXXXXXXrVYnX3nC<BR>
PEiD..: -
TrID..: File type identification<BR>Generic Win/DOS Executable (49.8%)<BR>DOS Executable Generic (49.7%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)<BR>Targa bitmap (Original TGA Format) (0.1%)<BR>MS Flight Simulator Aircraft Performance Info (0.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x4032d6<BR>timedatestamp.....: 0x373898 (Wed Feb 11 21:16:08 1970)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2502 0x2600 7.98 6799f3ee1ab99e18a67368b0d8d49822<BR>.rdata 0x4000 0xdba 0xe00 7.97 a5db486c5ed67dba7d0af1d89855f069<BR>.data 0x5000 0x3ce04 0x600 7.95 a01c8037745cacc4261ee87e144f8865<BR>.sdffqw 0x42000 0x1594 0x1594 6.77 1cae004626695a37382f7a9f915895e7<BR><BR>( 1 imports ) <BR>&gt; KERNEL32.dll: ExitProcess, Beep<BR><BR>( 0 exports ) <BR>
ThreatExpert info: <A href="http://www.threatexpert.com/report.aspx?md5=bde49df3cbcf4d06f3a4c245bbae2f0e" target="_blank">http://www.threatexpert.com/report.aspx?md5=bde49df3cbcf4d06f3a4c245bbae2f0e</A>

senyak
25.12.2008, 03:31
Файл InstallAVv_880294.exe получен 2008.12.24 14:52:32 (CET)
Текущий статус: закончено
Результат: 5/39 (12.83%)


Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2008.12.24 -
AhnLab-V3 2008.12.25.0 2008.12.24 -
AntiVir 7.9.0.45 2008.12.24 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.12.24 -
Avast 4.8.1281.0 2008.12.24 -
AVG 8.0.0.199 2008.12.24 -
BitDefender 7.2 2008.12.24 -
CAT-QuickHeal 10.00 2008.12.24 -
ClamAV 0.94.1 2008.12.24 -
Comodo 809 2008.12.24 -
DrWeb 4.44.0.09170 2008.12.24 -
eSafe 7.0.17.0 2008.12.23 -
eTrust-Vet 31.6.6276 2008.12.24 -
Ewido 4.0 2008.12.24 -
F-Prot 4.4.4.56 2008.12.24 -
F-Secure 8.0.14332.0 2008.12.24 Trojan-Downloader.Win32.FraudLoad.vepo
Fortinet 3.117.0.0 2008.12.24 -
GData 19 2008.12.24 -
Ikarus T3.1.1.45.0 2008.12.24 -
K7AntiVirus 7.10.564 2008.12.24 -
Kaspersky 7.0.0.125 2008.12.24 Trojan-Downloader.Win32.FraudLoad.vepo
McAfee 5473 2008.12.23 -
McAfee+Artemis 5473 2008.12.23 -
Microsoft 1.4205 2008.12.24 -
NOD32 3716 2008.12.24 -
Norman 5.80.02 2008.12.23 -
Panda 9.0.0.4 2008.12.24 -
PCTools 4.4.2.0 2008.12.24 -
Prevx1 V2 2008.12.24 Fraudulent Security Program
Rising 21.09.22.00 2008.12.24 -
SecureWeb-Gateway 6.7.6 2008.12.24 Trojan.Crypt.XPACK.Gen
Sophos 4.37.0 2008.12.24 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.24 -
TheHacker 6.3.1.4.199 2008.12.23 -
TrendMicro 8.700.0.1004 2008.12.24 -
VBA32 3.12.8.10 2008.12.23 -
ViRobot 2008.12.24.1534 2008.12.24 -
VirusBuster 4.5.11.0 2008.12.24 -
Дополнительная информация
File size: 126976 bytes
MD5...: b486518c2aeda4c0dcdbaca4a061bd1e
SHA1..: 77f72f5feb2d1be02049197fb331fcf7e00da8e3
SHA256: 5a21d6f8f556f688e8829ff1c03c08a370aa15febe7174bd44 b35ddc2a10021b
SHA512: 7f293e0150ff4e95a1fd872dd31bf8f57b74fdd0fa47632e0b 8f6945bd373767
497b8d8ee32eb0b5c7219b92261f7525c46d6190aa57be78c3 abe03b0defec77
ssdeep: 1536:rGMf78rLmBMWP4pNm6EaFOk4xuqFIxMIelYu8ksYANGgV 9waPgO:rqLm1x3
kyKfNGs9waP
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
PEInfo: PE Structure information

Добавлено через 10 часов 19 минут

Файл 013 получен 2008.12.25 01:26:40 (CET)
Текущий статус: закончено
Результат: 4/39 (10.26%)


Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2008.12.24 -
AhnLab-V3 2008.12.25.0 2008.12.25 -
AntiVir 7.9.0.45 2008.12.24 -
Authentium 5.1.0.4 2008.12.24 -
Avast 4.8.1281.0 2008.12.24 -
AVG 8.0.0.199 2008.12.24 -
BitDefender 7.2 2008.12.25 -
CAT-QuickHeal 10.00 2008.12.24 -
ClamAV 0.94.1 2008.12.24 -
Comodo 809 2008.12.24 -
DrWeb 4.44.0.09170 2008.12.25 -
eSafe 7.0.17.0 2008.12.24 Suspicious File
eTrust-Vet 31.6.6276 2008.12.24 Win32/Kvol!generic
Ewido 4.0 2008.12.24 -
F-Prot 4.4.4.56 2008.12.24 -
F-Secure 8.0.14332.0 2008.12.24 -
Fortinet 3.117.0.0 2008.12.25 -
GData 19 2008.12.25 -
Ikarus T3.1.1.45.0 2008.12.24 -
K7AntiVirus 7.10.564 2008.12.24 -
Kaspersky 7.0.0.125 2008.12.25 -
McAfee 5474 2008.12.24 -
McAfee+Artemis 5474 2008.12.24 -
Microsoft 1.4205 2008.12.25 Trojan:Win32/Boaxxe.J
NOD32 3716 2008.12.24 -
Norman 5.80.02 2008.12.24 -
Panda 9.0.0.4 2008.12.24 -
PCTools 4.4.2.0 2008.12.24 -
Prevx1 V2 2008.12.25 -
Rising 21.09.22.00 2008.12.24 Trojan.Win32.Undef.vey
SecureWeb-Gateway 6.7.6 2008.12.24 -
Sophos 4.37.0 2008.12.24 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.25 -
TheHacker 6.3.1.4.199 2008.12.23 -
TrendMicro 8.700.0.1004 2008.12.24 -
VBA32 3.12.8.10 2008.12.24 -
ViRobot 2008.12.24.1534 2008.12.24 -
VirusBuster 4.5.11.0 2008.12.24 -
Дополнительная информация
File size: 123392 bytes
MD5...: b66b6ee78cb727fb2e006ff70ae29c2c
SHA1..: 48c47d6b404b0dfd4b28d1d259b7ad213d2d19b7
SHA256: 919ca217f10841f9850f81ddcd66ab5825c6ccbdda9c4d08c3 83e647df5257cb
SHA512: 9db0b6ba0976cee4ac11153440a8f6bba46fdb0349473fd1bd fbc6f98ae1e6cf
622db784a50e09a4dc65a7030161f52207c4d1732c4814c92a 3b107ad0cdac66
ssdeep: 3072:sXJbIA7dlf/CKmusfsJXflHji57VPJT45Oeakm2Wm8UgQ:sPlfifsZflDW7
VPJUYeC27g
PEiD..: -



Файл 123 получен 2008.12.25 01:28:31 (CET)
Текущий статус: закончено
Результат: 3/39 (7.7%)


Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2008.12.24 -
AhnLab-V3 2008.12.25.0 2008.12.25 -
AntiVir 7.9.0.45 2008.12.24 HEUR/HTML.Malware
Authentium 5.1.0.4 2008.12.24 -
Avast 4.8.1281.0 2008.12.24 -
AVG 8.0.0.199 2008.12.24 -
BitDefender 7.2 2008.12.25 -
CAT-QuickHeal 10.00 2008.12.24 -
ClamAV 0.94.1 2008.12.24 -
Comodo 809 2008.12.24 -
DrWeb 4.44.0.09170 2008.12.25 -
eSafe 7.0.17.0 2008.12.24 -
eTrust-Vet 31.6.6276 2008.12.24 -
Ewido 4.0 2008.12.24 -
F-Prot 4.4.4.56 2008.12.24 -
F-Secure 8.0.14332.0 2008.12.24 -
Fortinet 3.117.0.0 2008.12.25 -
GData 19 2008.12.25 -
Ikarus T3.1.1.45.0 2008.12.24 -
K7AntiVirus 7.10.564 2008.12.24 -
Kaspersky 7.0.0.125 2008.12.25 -
McAfee 5474 2008.12.24 -
McAfee+Artemis 5474 2008.12.24 -
Microsoft 1.4205 2008.12.25 -
NOD32 3716 2008.12.24 -
Norman 5.80.02 2008.12.24 -
Panda 9.0.0.4 2008.12.24 -
PCTools 4.4.2.0 2008.12.24 -
Prevx1 V2 2008.12.25 -
Rising 21.09.22.00 2008.12.24 -
SecureWeb-Gateway 6.7.6 2008.12.24 Heuristic.HTML.Malware
Sophos 4.37.0 2008.12.24 Mal/ObfJS-M
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.25 -
TheHacker 6.3.1.4.199 2008.12.23 -
TrendMicro 8.700.0.1004 2008.12.24 -
VBA32 3.12.8.10 2008.12.24 -
ViRobot 2008.12.24.1534 2008.12.24 -
VirusBuster 4.5.11.0 2008.12.24 -
Дополнительная информация
File size: 6337 bytes
MD5...: 811a08c39ec469f69d5fe5707ca75e06
SHA1..: c00815cf1d42cb23f0ab00083df697a46c83bd86
SHA256: 43663188b7bed172bbd04c39d4c16d8b1a7de354c08a97be84 0d47ef2d004d22
SHA512: 9afc18ae38b4719b769f72e391f7a5b8fbc182cbab3eb802b0 ba68cb19b3ce27
146a7bd0f3d91541021d5f771b903ea2f4f1cf75d4444326ad 2cbbf3d0833107
ssdeep: 192:53yPKA6lw/RPTmeX+RJcOR3aS0MCk4sSAq1:/lgIDcOR3aFrbSy
PEiD..: -
TrID..: File type identification
GZipped File (100.0%)
PEInfo: -
packers (F-Prot): packed

Shu_b
25.12.2008, 13:06
File ethtuhbi.sys received on 12.25.2008 10:55:13 (CET)

Antivirus Version Last Update Result
a-squared 4.0.0.73 2008.12.25 -
AhnLab-V3 2008.12.25.0 2008.12.25 -
AntiVir 7.9.0.45 2008.12.24 -
Authentium 5.1.0.4 2008.12.25 W32/SpamAgent.B.gen!Eldorado
Avast 4.8.1281.0 2008.12.24 -
AVG 8.0.0.199 2008.12.24 -
BitDefender 7.2 2008.12.25 -
CAT-QuickHeal 10.00 2008.12.24 -
ClamAV 0.94.1 2008.12.24 -
Comodo 811 2008.12.25 -
DrWeb 4.44.0.09170 2008.12.25 -
eSafe 7.0.17.0 2008.12.24 -
eTrust-Vet 31.6.6276 2008.12.24 -
Ewido 4.0 2008.12.24 -
F-Prot 4.4.4.56 2008.12.24 W32/SpamAgent.B.gen!Eldorado
F-Secure 8.0.14332.0 2008.12.25 -
Fortinet 3.117.0.0 2008.12.25 -
GData 19 2008.12.25 -
Ikarus T3.1.1.45.0 2008.12.25 -
K7AntiVirus 7.10.564 2008.12.24 -
Kaspersky 7.0.0.125 2008.12.25 -
McAfee 5474 2008.12.24 -
McAfee+Artemis 5474 2008.12.24 -
Microsoft 1.4205 2008.12.25 Spammer:Win32/Rlsloup.B
NOD32 3716 2008.12.24 -
Norman 5.80.02 2008.12.24 -
Panda 9.0.0.4 2008.12.24 -
PCTools 4.4.2.0 2008.12.24 -
Prevx1 V2 2008.12.25 -
Rising 21.09.32.00 2008.12.25 -
SecureWeb-Gateway 6.7.6 2008.12.24 Win32.LooksLike.NewMalware
Sophos 4.37.0 2008.12.25 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.25 -
TheHacker 6.3.1.4.199 2008.12.23 -
TrendMicro 8.700.0.1004 2008.12.25 -
VBA32 3.12.8.10 2008.12.24 -
ViRobot 2008.12.24.1534 2008.12.24 -
VirusBuster 4.5.11.0 2008.12.24 -
Additional information
File size: 135616 bytes
MD5...: 16b0de9de1433d3be401c72d128d02ab

PavelA
26.12.2008, 16:49
Из http://virusinfo.info/showthread.php?t=36231
Файл avz00003.dta (c:\windows\system32\iasapi.dll) получен 2008.12.26 14:43:06 (CET)Антивирус Версия Обновление Результат


a-squared 4.0.0.73 2008.12.26 Virus.Win32.Dialer.1313!IK
AhnLab-V3 2008.12.25.0 2008.12.26 -
AntiVir 7.9.0.45 2008.12.25 -
Authentium 5.1.0.4 2008.12.25 W32/Heuristic-KPP!Eldorado
Avast 4.8.1281.0 2008.12.26 -
AVG 8.0.0.199 2008.12.25 -
BitDefender 7.2 2008.12.26 -
CAT-QuickHeal 10.00 2008.12.26 -
ClamAV 0.94.1 2008.12.26 -
Comodo 819 2008.12.26 -
DrWeb 4.44.0.09170 2008.12.26 -
eSafe 7.0.17.0 2008.12.24 -
eTrust-Vet 31.6.6276 2008.12.24 -
Ewido 4.0 2008.12.26 -
F-Prot 4.4.4.56 2008.12.24 W32/Heuristic-KPP!Eldorado
F-Secure 8.0.14332.0 2008.12.26 -
Fortinet 3.117.0.0 2008.12.26 -
GData 19 2008.12.26 -
Ikarus T3.1.1.45.0 2008.12.26 Virus.Win32.Dialer.1313
K7AntiVirus 7.10.567 2008.12.26 -
Kaspersky 7.0.0.125 2008.12.26 -
McAfee 5474 2008.12.24 -
McAfee+Artemis 5474 2008.12.24 -
Microsoft 1.4205 2008.12.26 -
NOD32 3718 2008.12.26 -
Norman 5.80.02 2008.12.26 -
Panda 9.0.0.4 2008.12.26 Suspicious file
PCTools 4.4.2.0 2008.12.26 -
Prevx1 V2 2008.12.26 -
Rising 21.09.42.00 2008.12.26 Backdoor.Win32.Drwolf.sp
SecureWeb-Gateway 6.7.6 2008.12.25 -
Sophos 4.37.0 2008.12.26 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.26 -
TheHacker 6.3.1.4.199 2008.12.23 -
TrendMicro 8.700.0.1004 2008.12.26 -
VBA32 3.12.8.10 2008.12.25 -
ViRobot 2008.12.26.1536 2008.12.26 -
VirusBuster 4.5.11.0 2008.12.25 -

senyak
27.12.2008, 22:23
Файл spyprotector_install.exe получен 2008.12.27 20:19:25 (CET)
Текущий статус: закончено
Результат: 8/39 (20.52%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2008.12.27 Trojan.Win32.FakePowav!IK
AhnLab-V3 2008.12.25.0 2008.12.27 -
AntiVir 7.9.0.45 2008.12.27 -
Authentium 5.1.0.4 2008.12.27 -
Avast 4.8.1281.0 2008.12.27 -
AVG 8.0.0.199 2008.12.26 -
BitDefender 7.2 2008.12.27 -
CAT-QuickHeal 10.00 2008.12.27 -
ClamAV 0.94.1 2008.12.27 -
Comodo 826 2008.12.27 -
DrWeb 4.44.0.09170 2008.12.27 -
eSafe 7.0.17.0 2008.12.24 -
eTrust-Vet 31.6.6276 2008.12.24 -
Ewido 4.0 2008.12.27 -
F-Prot 4.4.4.56 2008.12.26 -
F-Secure 8.0.14332.0 2008.12.27 -
Fortinet 3.117.0.0 2008.12.27 -
GData 19 2008.12.27 -
Ikarus T3.1.1.45.0 2008.12.27 Trojan.Win32.FakePowav
K7AntiVirus 7.10.568 2008.12.27 -
Kaspersky 7.0.0.125 2008.12.27 Trojan-Downloader.Win32.FraudLoad.veuz
McAfee 5476 2008.12.27 -
McAfee+Artemis 5476 2008.12.27 Generic!Artemis
Microsoft 1.4205 2008.12.27 Trojan:Win32/FakePowav
NOD32 3719 2008.12.27 -
Norman 5.80.02 2008.12.26 -
Panda 9.0.0.4 2008.12.27 Suspicious file
PCTools 4.4.2.0 2008.12.27 -
Prevx1 V2 2008.12.27 -
Rising 21.09.52.00 2008.12.27 -
SecureWeb-Gateway 6.7.6 2008.12.27 -
Sophos 4.37.0 2008.12.27 -
Sunbelt 3.2.1809.2 2008.12.22 SpyProtector
Symantec 10 2008.12.27 -
TheHacker 6.3.1.4.200 2008.12.26 -
TrendMicro 8.700.0.1004 2008.12.26 -
VBA32 3.12.8.10 2008.12.27 suspected of Win32.Trojan.Downloader (http://...)
ViRobot 2008.12.26.1536 2008.12.26 -
VirusBuster 4.5.11.0 2008.12.27 -
Дополнительная информация
File size: 40960 bytes
MD5...: 40679e7b2a24ce3d77c03cab6825afd3
SHA1..: 6d69883bbe07c5299d4bb451fde1b15e2043e089
SHA256: 0cbaa8bd54a9e128b0d9ca8abc97625c6bfbfd6bbe00125976 89786e7083900e
SHA512: 48d855acff787c54e3dedd8a5039d71358e925fac61dbbc701 b62c66c997c1bc
c7681e86baa50745ded62fe83ddbaacd15b6811f2814b2b76d a7ac548894887b
ssdeep: 384:Xd9gNeB1Gn3yRdYlr9EWvwsbsGmlBDAQ0F21xulpdGagoe raMDUdlCy:s4B1
G3Yd2r9F490F21xOpUZollC
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

PavelA
30.12.2008, 12:30
userinit.exe вот такой попался в "Помогите!"

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2008.12.30 -
AhnLab-V3 2008.12.30.2 2008.12.30 -
AntiVir 7.9.0.45 2008.12.30 TR/Crypt.FKM.Gen
Authentium 5.1.0.4 2008.12.29 -
Avast 4.8.1281.0 2008.12.29 -
AVG 8.0.0.199 2008.12.29 -
BitDefender 7.2 2008.12.30 DeepScan:Generic.Malware.FPB.E71D9A1E
CAT-QuickHeal 10.00 2008.12.30 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.12.30 -
Comodo 837 2008.12.29 -
DrWeb 4.44.0.09170 2008.12.30 -
eSafe 7.0.17.0 2008.12.28 Suspicious File
eTrust-Vet 31.6.6281 2008.12.29 -
Ewido 4.0 2008.12.30 -
F-Prot 4.4.4.56 2008.12.29 -
F-Secure 8.0.14470.0 2008.12.30 -
Fortinet 3.117.0.0 2008.12.30 -
GData 19 2008.12.30 DeepScan:Generic.Malware.FPB.E71D9A1E
Ikarus T3.1.1.45.0 2008.12.30 -
K7AntiVirus 7.10.569 2008.12.29 -
Kaspersky 7.0.0.125 2008.12.30 -
McAfee 5478 2008.12.29 -
McAfee+Artemis 5478 2008.12.29 -
Microsoft 1.4205 2008.12.30 -
NOD32 3722 2008.12.29 -
Norman 5.80.02 2008.12.29 -
Panda 9.0.0.4 2008.12.29 -
PCTools 4.4.2.0 2008.12.29 Packed/Execryptor
Prevx1 V2 2008.12.30 -
Rising 21.10.12.00 2008.12.30 -
SecureWeb-Gateway 6.7.6 2008.12.30 Trojan.Crypt.FKM.Gen
Sophos 4.37.0 2008.12.30 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.30 -
TheHacker 6.3.1.4.202 2008.12.30 -
TrendMicro 8.700.0.1004 2008.12.30 -
VBA32 3.12.8.10 2008.12.30 BScope.Trojan-PSW.OnlineGames
ViRobot 2008.12.30.1540 2008.12.30 -
VirusBuster 4.5.11.0 2008.12.29 Packed

Shu_b
31.12.2008, 13:03
File msqpdxymrdbbml.sys received on 12.31.2008 10:50:27 (CET)

Antivirus Version Last Update Result
a-squared 4.0.0.73 2008.12.31 -
AhnLab-V3 2008.12.31.0 2008.12.31 -
AntiVir 7.9.0.45 2008.12.31 -
Authentium 5.1.0.4 2008.12.30 -
Avast 4.8.1281.0 2008.12.30 -
AVG 8.0.0.199 2008.12.30 -
BitDefender 7.2 2008.12.31 -
CAT-QuickHeal 10.00 2008.12.31 -
ClamAV 0.94.1 2008.12.31 -
Comodo 851 2008.12.31 -
DrWeb 4.44.0.09170 2008.12.31 -
eSafe 7.0.17.0 2008.12.30 Suspicious File
eTrust-Vet 31.6.6284 2008.12.31 -
Ewido 4.0 2008.12.30 -
F-Prot 4.4.4.56 2008.12.30 -
F-Secure 8.0.14470.0 2008.12.31 -
Fortinet 3.117.0.0 2008.12.31 -
GData 19 2008.12.31 -
Ikarus T3.1.1.45.0 2008.12.31 -
K7AntiVirus 7.10.571 2008.12.30 -
Kaspersky 7.0.0.125 2008.12.31 Trojan.Win32.Pakes.mmb
McAfee 5479 2008.12.30 -
McAfee+Artemis 5479 2008.12.30 -
Microsoft 1.4205 2008.12.31 Trojan:WinNT/Alureon.C
NOD32 3725 2008.12.31 -
Norman 5.80.02 2008.12.30 -
Panda 9.0.0.4 2008.12.30 -
PCTools 4.4.2.0 2008.12.30 -
Prevx1 V2 2008.12.31 -
Rising 21.10.22.00 2008.12.31 -
SecureWeb-Gateway 6.7.6 2008.12.31 Trojan.LooksLike.Agent
Sophos 4.37.0 2008.12.31 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.31 -
TheHacker 6.3.1.4.202 2008.12.30 -
TrendMicro 8.700.0.1004 2008.12.31 -
VBA32 3.12.8.10 2008.12.30 -
ViRobot 2008.12.30.1540 2008.12.31 -
VirusBuster 4.5.11.0 2008.12.30 -
Additional information
File size: 71680 bytes
MD5...: 22bab406e1d25cb3dd45480e96cd3dd7

Добавлено через 2 минуты

File twex.exe received on 12.31.2008 10:58:38 (CET)

Antivirus Version Last Update Result
a-squared 4.0.0.73 2008.12.31 -
AhnLab-V3 2008.12.31.0 2008.12.31 -
AntiVir 7.9.0.45 2008.12.31 -
Authentium 5.1.0.4 2008.12.30 -
Avast 4.8.1281.0 2008.12.30 -
AVG 8.0.0.199 2008.12.30 Win32/Cryptor
BitDefender 7.2 2008.12.31 -
CAT-QuickHeal 10.00 2008.12.31 -
ClamAV 0.94.1 2008.12.31 -
Comodo 851 2008.12.31 -
DrWeb 4.44.0.09170 2008.12.31 -
eTrust-Vet 31.6.6284 2008.12.31 -
Ewido 4.0 2008.12.30 -
F-Prot 4.4.4.56 2008.12.30 -
F-Secure 8.0.14470.0 2008.12.31 -
Fortinet 3.117.0.0 2008.12.31 -
GData 19 2008.12.31 -
Ikarus T3.1.1.45.0 2008.12.31 -
K7AntiVirus 7.10.571 2008.12.30 -
Kaspersky 7.0.0.125 2008.12.31 Trojan-Spy.Win32.Zbot.jbq
McAfee 5479 2008.12.30 -
McAfee+Artemis 5479 2008.12.30 -
Microsoft 1.4205 2008.12.31 Trojan:Win32/Zbot.BX
NOD32 3725 2008.12.31 -
Norman 5.80.02 2008.12.30 W32/Malware.EXHS
Panda 9.0.0.4 2008.12.30 -
PCTools 4.4.2.0 2008.12.30 -
Prevx1 V2 2008.12.31 -
Rising 21.10.22.00 2008.12.31 -
SecureWeb-Gateway 6.7.6 2008.12.31 -
Sophos 4.37.0 2008.12.31 -
Sunbelt 3.2.1809.2 2008.12.22 RiskTool.Win32.ProcessPatcher.Nor!cobra (v)
Symantec 10 2008.12.31 Infostealer.Banker.C
TheHacker 6.3.1.4.202 2008.12.30 -
TrendMicro 8.700.0.1004 2008.12.31 -
VBA32 3.12.8.10 2008.12.30 Trojan-Spy.Win32.Zbot.iva
ViRobot 2008.12.30.1540 2008.12.31 -
VirusBuster 4.5.11.0 2008.12.30 -
Additional information
File size: 313344 bytes
MD5...: 0f01dcbbbf388a636a6126aa27a7eefd

senyak
31.12.2008, 14:22
Файл keymaker.exe получен 2008.12.31 12:14:14 (CET)
Текущий статус: закончено
Результат: 19/38 (50%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2008.12.31 Trojan.Crypt!IK
AhnLab-V3 2008.12.31.0 2008.12.31 -
AntiVir 7.9.0.45 2008.12.31 TR/PCK.Black.A.1550
Authentium 5.1.0.4 2008.12.30 -
Avast 4.8.1281.0 2008.12.30 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.12.31 Win32/Themida
BitDefender 7.2 2008.12.31 Trojan.Packed.45180
CAT-QuickHeal 10.00 2008.12.31 -
ClamAV 0.94.1 2008.12.31 -
Comodo 851 2008.12.31 TrojWare.Win32.Trojan.Black.~DW
DrWeb 4.44.0.09170 2008.12.31 Trojan.Packed.650
eTrust-Vet 31.6.6284 2008.12.31 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2008.12.30 -
F-Secure 8.0.14470.0 2008.12.31 Packed.Win32.Black.a
Fortinet 3.117.0.0 2008.12.31 W32/Black.A
GData 19 2008.12.31 Trojan.Packed.45180
Ikarus T3.1.1.45.0 2008.12.31 Trojan.Crypt
K7AntiVirus 7.10.571 2008.12.30 -
Kaspersky 7.0.0.125 2008.12.31 Packed.Win32.Black.a
McAfee 5479 2008.12.30 New Malware.jn
McAfee+Artemis 5479 2008.12.30 New Malware.jn
Microsoft 1.4205 2008.12.31 -
NOD32 3725 2008.12.31 -
Norman 5.80.02 2008.12.30 -
Panda 9.0.0.4 2008.12.31 Trj/Downloader.MDW
PCTools 4.4.2.0 2008.12.30 -
Prevx1 V2 2008.12.31 -
Rising 21.10.22.00 2008.12.31 -
SecureWeb-Gateway 6.7.6 2008.12.31 Trojan.PCK.Black.A.1550
Sophos 4.37.0 2008.12.31 Mal/Generic-A
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.31 -
TheHacker 6.3.1.4.202 2008.12.30 W32/Behav-Heuristic-064
TrendMicro 8.700.0.1004 2008.12.31 -
VBA32 3.12.8.10 2008.12.30 -
ViRobot 2008.12.30.1540 2008.12.31 Spyware.Black.Packed.3548672
VirusBuster 4.5.11.0 2008.12.30 -
Дополнительная информация
File size: 3548672 bytes
MD5...: 3af1caa3206f513a77da611090f40aaf
SHA1..: 118e9d68783914b1c43514b1e9ea1f4b47c3a2de
SHA256: 910aefe6873d1927c88a5ab5a325112c69365031793d063aa1 1c2482081bd801
SHA512: e7ce86335b5d601273b21af12102531846463be3fe69e996ca 3d5f14254db4f6
d65edddb4a98b89af63cac122b1eb20d87be7f83b3f5eef977 7d3d9f98d1a1de
ssdeep: 98304:7IHZSbtE2IikOAY9Q5BzxYWZlV+tG5JhiyTcrBb5p:UH ZSy2Ii/9ABNV+t
Gp89b5p
PEiD..: -

Shu_b
31.12.2008, 15:23
итого за декабрь:

senyak
02.01.2009, 06:26
Файл Patch_AML_v472_b30400.exe получен 2009.01.02 04:09:50 (CET)
Текущий статус: закончено
Результат: 14/38 (36.85%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2008.12.31 -
AhnLab-V3 2008.12.31.0 2009.01.01 -
AntiVir 7.9.0.45 2009.01.01 -
Authentium 5.1.0.4 2009.01.01 W32/Heuristic-210!Eldorado
Avast 4.8.1281.0 2009.01.01 Win32:Adware-gen
AVG 8.0.0.199 2008.12.31 -
BitDefender 7.2 2009.01.02 -
CAT-QuickHeal 10.00 2009.01.02 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.01.02 -
Comodo 851 2008.12.31 -
DrWeb 4.44.0.09170 2009.01.02 -
eTrust-Vet 31.6.6287 2009.01.01 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2008.12.30 W32/Heuristic-210!Eldorado
F-Secure 8.0.14470.0 2009.01.02 AdWare.Win32.Zhongsou.l
Fortinet 3.117.0.0 2009.01.02 Adware/Zhongsou
GData 19 2008.12.31 Win32:Adware-gen
Ikarus T3.1.1.45.0 2009.01.02 -
K7AntiVirus 7.10.572 2008.12.31 -
Kaspersky 7.0.0.125 2009.01.02 not-a-virus:AdWare.Win32.Zhongsou.l
McAfee 5481 2009.01.02 -
McAfee+Artemis 5479 2008.12.30 potentially unwanted program Generic!Artemis
Microsoft 1.4205 2009.01.01 -
NOD32 3725 2008.12.31 -
Norman 5.80.02 2009.01.01 W32/Zhongsou.DF
Panda 9.0.0.4 2009.01.01 -
PCTools 4.4.2.0 2008.12.31 -
Prevx1 V2 2009.01.02 -
Rising 21.10.22.00 2008.12.31 -
SecureWeb-Gateway 6.7.6 2008.12.31 Win32.Malware.gen (suspicious)
Sophos 4.37.0 2009.01.02 -
Sunbelt 3.2.1809.2 2008.12.22 VIPRE.Suspicious
Symantec 10 2008.12.31 -
TheHacker 6.3.1.4.204 2009.01.02 -
TrendMicro 8.700.0.1004 2008.12.31 -
VBA32 3.12.8.10 2009.01.01 AdWare.Win32.Zhongsou.l
ViRobot 2008.12.30.1540 2008.12.31 Adware.Zhongsou.411648
VirusBuster 4.5.11.0 2009.01.01 -
Дополнительная информация
File size: 411648 bytes
MD5...: f0cfc6ddbcf829cbeae1e1978e0d7d50
SHA1..: 8f1f1727c1481ac551409972bd7bb2c236fd77ff
SHA256: fecb0a5defe81c65665af042ce058786e49aaa3ee3de7388fa 24196947ed1808
SHA512: 61c15d34efa6c62979978af2518c1596a258ae0d683bc1e4fb 0822d8e1f92265
69f439427be517587854d51808f0389006cdb23eeb192c1e0f 8064884f4e9246
ssdeep: 12288:TZwCT33yW+yimmz2gXFo6nmNtTirdMwEoQK:twCDyW+W 42WeTEdMw3d
PEiD..: ASProtect v1.23 RC1

antanta
03.01.2009, 14:40
bobmid.exe , выловлен 30-го декабря прошлого года.


Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.03 MemScanTrojan.Downloader.JKFL!IK
AhnLab-V3 2008.12.31.0 2009.01.02 -
AntiVir 7.9.0.45 2009.01.02 HEUR/Crypted
Authentium 5.1.0.4 2009.01.02 W32/Heuristic-THX!Eldorado
Avast 4.8.1281.0 2009.01.03 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2009.01.02 -
BitDefender 7.2 2009.01.03 -
CAT-QuickHeal 10.00 2009.01.03 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.01.03 -
Comodo 866 2009.01.02 -
eTrust-Vet 31.6.6289 2009.01.02 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.02 W32/Heuristic-THX!Eldorado
F-Secure 8.0.14470.0 2009.01.03 -
Fortinet 3.117.0.0 2009.01.03 -
GData 19 2009.01.03 Win32:Trojan-gen {Other}
Ikarus T3.1.1.45.0 2009.01.03 MemScanTrojan.Downloader.JKFL
K7AntiVirus 7.10.572 2009.01.02 -
Kaspersky 7.0.0.125 2009.01.03 -
McAfee 5482 2009.01.02 -
McAfee+Artemis 5482 2009.01.02 -
Microsoft 1.4205 2009.01.03 -
NOD32 3733 2009.01.02 -
Norman 5.80.02 2009.01.02 -
Panda 9.0.0.4 2009.01.02 -
PCTools 4.4.2.0 2009.01.02 -
Prevx1 V2 2009.01.03 -
Rising 21.10.22.00 2008.12.31 -
SecureWeb-Gateway 6.7.6 2009.01.03 Heuristic.Crypted
Sophos 4.37.0 2009.01.03 Sus/UnkPacker
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.03 -
TheHacker 6.3.1.4.204 2009.01.02 -
TrendMicro 8.700.0.1004 2009.01.02 -
VBA32 3.12.8.10 2009.01.03 -
ViRobot 2009.1.3.1541 2009.01.03 -
VirusBuster 4.5.11.0 2009.01.02 -

ЗЫ: А что делать с файлами, которые 99,99 % зловреды, и при этом никем не определяются? Каждый час их закидывать на virustotal, чтобы увидеть, кто первым в базы занес? :)

senyak
03.01.2009, 16:34
Файл autorun21 получен 2009.01.03 14:25:56 (CET)
Текущий статус: закончено
Результат: 19/36 (52.78%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.03 Worm.Win32.AutoRun!IK
AhnLab-V3 2008.12.31.0 2009.01.03 -
AntiVir 7.9.0.45 2009.01.02 TR/Autorun.LD
Authentium 5.1.0.4 2009.01.03 IS/Autorun
Avast 4.8.1281.0 2009.01.03 Win32:AutoRun-HL
AVG 8.0.0.199 2009.01.02 -
BitDefender 7.2 2009.01.03 Trojan.Autorun.LD
CAT-QuickHeal 10.00 2009.01.03 -
ClamAV 0.94.1 2009.01.03 -
Comodo 869 2009.01.03 Win32.AutoRun.NS
DrWeb 4.44.0.09170 2009.01.03 Win32.HLLW.Autoruner.937
eTrust-Vet 31.6.6289 2009.01.02 INF/SillyAutorun.AE
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.03 IS/Autorun
Fortinet 3.117.0.0 2009.01.03 -
GData 19 2009.01.03 Trojan.Autorun.LD
Ikarus T3.1.1.45.0 2009.01.03 Worm.Win32.AutoRun
K7AntiVirus 7.10.575 2009.01.03 -
Kaspersky 7.0.0.125 2009.01.03 Worm.Win32.AutoRun.acm
McAfee 5482 2009.01.02 -
McAfee+Artemis 5482 2009.01.02 -
Microsoft 1.4205 2009.01.03 -
NOD32 3733 2009.01.02 Win32/AutoRun.NS
Norman 5.80.02 2009.01.02 BAT/AutoRun.AE
Panda 9.0.0.4 2009.01.03 -
PCTools 4.4.2.0 2009.01.03 -
Prevx1 V2 2009.01.03 -
Rising 21.10.22.00 2008.12.31 -
SecureWeb-Gateway 6.7.6 2009.01.03 Trojan.Autorun.LD
Sophos 4.37.0 2009.01.03 W32/AutoRun-AC
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.03 -
TheHacker 6.3.1.4.204 2009.01.02 Trojan/Small.autorun
TrendMicro 8.700.0.1004 2009.01.02 Mal_Otorun1
ViRobot 2009.1.3.1541 2009.01.03 -
VirusBuster 4.5.11.0 2009.01.02 INF.Autorun.Gen
Дополнительная информация
File size: 315 bytes
MD5...: 57a9674adaea24a4a7d9d33b77438141
SHA1..: d9730e3b9c8322cfd3d758c455a169c4d8ce8324
SHA256: 43e8a337f8aa86644f21d8c9f80ca5ff9a2240756037f86a39 7b43255167f0eb
SHA512: b3a5c92f240231da4796b30b4e9399487d19ef5cb64d28ac48 6a6098e55c0d91
980369f31665b59f5c9ed58404372dae655e25b49853f600f3 6828e08192d8b4
ssdeep: 6:e1KhiDqsrV6q0TMWcWuFH6voq6swZ1wZewWcWuFHHeCyry:Z wNyMRIw3wQwRne

antanta
03.01.2009, 23:19
Файл TXPlatform.exe получен 2009.01.03 17:29:29 (CET)
Текущий статус: закончено
Результат: 12/38 (31.58%)


Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.03 -
AhnLab-V3 2008.12.31.0 2009.01.03 Win32/MalPackedB.suspicious
AntiVir 7.9.0.45 2009.01.02 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2009.01.03 -
Avast 4.8.1281.0 2009.01.03 Win32:Adware-gen
AVG 8.0.0.199 2009.01.02 Win32/Heur
BitDefender 7.2 2009.01.03 Backdoor.Hupigon.AYGZ
CAT-QuickHeal 10.00 2009.01.03 -
ClamAV 0.94.1 2009.01.03 -
Comodo 869 2009.01.03 -
DrWeb 4.44.0.09170 2009.01.03 -
eTrust-Vet 31.6.6289 2009.01.02 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.03 -
F-Secure 8.0.14470.0 2009.01.03 -
Fortinet 3.117.0.0 2009.01.03 suspicious
GData 19 2009.01.03 Backdoor.Hupigon.AYGZ
Ikarus T3.1.1.45.0 2009.01.03 -
K7AntiVirus 7.10.575 2009.01.03 -
Kaspersky 7.0.0.125 2009.01.03 -
McAfee 5483 2009.01.03 -
McAfee+Artemis 5483 2009.01.03 Generic!Artemis
Microsoft 1.4205 2009.01.03 -
NOD32 3733 2009.01.02 a variant of Win32/Adware.Antivirus2008
Norman 5.80.02 2009.01.02 -
Panda 9.0.0.4 2009.01.03 Suspicious file
PCTools 4.4.2.0 2009.01.03 -
Prevx1 V2 2009.01.03 Cloaked Malware
Rising 21.10.22.00 2008.12.31 -
SecureWeb-Gateway 6.7.6 2009.01.03 Trojan.Crypt.XPACK.Gen
Sophos 4.37.0 2009.01.03 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.03 -
TheHacker 6.3.1.4.204 2009.01.02 -
TrendMicro 8.700.0.1004 2009.01.02 -
VBA32 3.12.8.10 2009.01.03 -
ViRobot 2009.1.3.1541 2009.01.03 -
VirusBuster 4.5.11.0 2009.01.03 -
Дополнительная информация

Добавлено через 6 минут

Файл LBXQFASTABPDN.EXE получен 2009.01.03 17:38:55 (CET)
Текущий статус: закончено
Результат: 15/38 (39.48%)


Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2008.12.31 Virus.Win32.Agent.OQV!IK
AhnLab-V3 2008.12.31.0 2009.01.03 -
AntiVir 7.9.0.45 2009.01.02 TR/Crypt.CFI.Gen
Authentium 5.1.0.4 2009.01.03 -
Avast 4.8.1281.0 2009.01.03 Win32:Agent-OQV
AVG 8.0.0.199 2008.12.31 Generic3.AFDC
BitDefender 7.2 2009.01.03 Dropped:Adware.AdMoke.FA
CAT-QuickHeal 10.00 2009.01.03 -
ClamAV 0.94.1 2009.01.03 -
Comodo 851 2008.12.31 -
DrWeb 4.44.0.09170 2009.01.03 BackDoor.Scrum.origin
eTrust-Vet 31.6.6289 2009.01.02 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2008.12.30 -
F-Secure 8.0.14470.0 2009.01.03 -
Fortinet 3.117.0.0 2009.01.03 -
GData 19 2008.12.31 Dropped:Adware.AdMoke.FA
Ikarus T3.1.1.45.0 2009.01.03 Virus.Win32.Agent.OQV
K7AntiVirus 7.10.572 2008.12.31 -
Kaspersky 7.0.0.125 2009.01.03 -
McAfee 5483 2009.01.03 potentially unwanted program Generic PUP
McAfee+Artemis 5479 2008.12.30 potentially unwanted program Generic PUP
Microsoft 1.4205 2009.01.03 Trojan:Win32/Daekom.A
NOD32 3725 2008.12.31 a variant of Win32/Adware.MoKeAD
Norman 5.80.02 2009.01.02 -
Panda 9.0.0.4 2009.01.03 Suspicious file
PCTools 4.4.2.0 2008.12.31 -
Rising 21.10.22.00 2008.12.31 -
SecureWeb-Gateway 6.7.6 2008.12.31 Trojan.Crypt.CFI.Gen
Sophos 4.37.0 2009.01.03 Sus/Behav-269
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.31 -
TheHacker 6.3.1.4.204 2009.01.02 -
TrendMicro 8.700.0.1004 2008.12.31 -
VBA32 3.12.8.10 2009.01.03 -
ViRobot 2008.12.30.1540 2008.12.31 -

Добавлено через 2 часа 28 минут

Встречаем братца.

Файл LBXQFASTABPDN.EXE получен 2009.01.03 17:38:55 (CET)
Текущий статус: закончено
Результат: 15/38 (39.47%)
Форматированные
Печать результатов Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2008.12.31 Virus.Win32.Agent.OQV!IK
AhnLab-V3 2008.12.31.0 2009.01.03 -
AntiVir 7.9.0.45 2009.01.02 TR/Crypt.CFI.Gen
Authentium 5.1.0.4 2009.01.03 -
Avast 4.8.1281.0 2009.01.03 Win32:Agent-OQV
AVG 8.0.0.199 2008.12.31 Generic3.AFDC
BitDefender 7.2 2009.01.03 Dropped:Adware.AdMoke.FA
CAT-QuickHeal 10.00 2009.01.03 -
ClamAV 0.94.1 2009.01.03 -
Comodo 851 2008.12.31 -
DrWeb 4.44.0.09170 2009.01.03 BackDoor.Scrum.origin
eTrust-Vet 31.6.6289 2009.01.02 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2008.12.30 -
F-Secure 8.0.14470.0 2009.01.03 -
Fortinet 3.117.0.0 2009.01.03 -
GData 19 2008.12.31 Dropped:Adware.AdMoke.FA
Ikarus T3.1.1.45.0 2009.01.03 Virus.Win32.Agent.OQV
K7AntiVirus 7.10.572 2008.12.31 -
Kaspersky 7.0.0.125 2009.01.03 -
McAfee 5483 2009.01.03 potentially unwanted program Generic PUP
McAfee+Artemis 5479 2008.12.30 potentially unwanted program Generic PUP
Microsoft 1.4205 2009.01.03 Trojan:Win32/Daekom.A
NOD32 3725 2008.12.31 a variant of Win32/Adware.MoKeAD
Norman 5.80.02 2009.01.02 -
Panda 9.0.0.4 2009.01.03 Suspicious file
PCTools 4.4.2.0 2008.12.31 -
Prevx1 V2 2009.01.03 -
Rising 21.10.22.00 2008.12.31 -
SecureWeb-Gateway 6.7.6 2008.12.31 Trojan.Crypt.CFI.Gen
Sophos 4.37.0 2009.01.03 Sus/Behav-269
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.31 -
TheHacker 6.3.1.4.204 2009.01.02 -
TrendMicro 8.700.0.1004 2008.12.31 -
VBA32 3.12.8.10 2009.01.03 -
ViRobot 2008.12.30.1540 2008.12.31 -
VirusBuster 4.5.11.0 2009.01.03 -
Дополнительная информация
File size: 224768 bytes
MD5...: 6962277ab908a29957b857193c2d33ac
SHA1..: 7355b40200a37a19a076775011448860b296d127
SHA256: 8c5c067b7ccf3017b48c734149a219be8e6f57778c1cb924a0 c9c0af10c7d64b
SHA512: 7fa5df9964dd5828e07e71c71d5ac653a360a70801ee3d2bca c58a071ba78c8d
9a48d656bdcfb940c277a51b7a73f85164e99bac59475bbdad ba9374f01bb4ca
ssdeep: 6144:rfUbzKBz0Cu8HmX1aFomxl9BK/LKzF3dLJ/y:onWzI8Hm6rlu/WH
PEiD..: ASPack v2.12
TrID..: File type identification
ASPack compressed Win32 Executable (generic) (85.7%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
Win16/32 Executable Delphi generic (1.3%)
Generic Win/DOS Executable (1.2%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x490001
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 10 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x74000 0x2e800 8.00 6c615ff75193c608e3d1e698b0ff239c
DATA 0x75000 0x2000 0xe00 7.57 00711bbcacf81a1dd5473eeb4073e85c
BSS 0x77000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x78000 0x3000 0xe00 7.60 34d429ae6c449747ad3b19444bdd4317
.tls 0x7b000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x7c000 0x1000 0x200 0.20 6d63c0c5b8cb4cd53655fdff98132b6f
.reloc 0x7d000 0x9000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x86000 0xa000 0x2800 6.86 53a6281c8ef57e16f325c1e176a7a1a4
.aspack 0x90000 0x4000 0x3c00 6.31 3b766a0075942997af4973dbeb3b446c
.adata 0x94000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 13 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> user32.dll: GetKeyboardType
> advapi32.dll: RegQueryValueExA
> oleaut32.dll: SysFreeString
> advapi32.dll: RegSetValueExA
> version.dll: VerQueryValueA
> gdi32.dll: UnrealizeObject
> user32.dll: CreateWindowExA
> ole32.dll: CLSIDFromString
> oleaut32.dll: SafeArrayPtrOfIndex
> ole32.dll: CoUninitialize
> oleaut32.dll: GetErrorInfo
> comctl32.dll: ImageList_SetIconSize

( 0 exports )
packers (Kaspersky): ASPack
packers (F-Prot): Aspack
packers (Avast): ASPack

Service & Privacy Policy

Добавлено через 51 минуту

Обратите внимание, Касперкому ведом сей упаковшик... Я фшоке


Файл zyndle081223.exe получен 2009.01.03 20:52:41 (CET)
Текущий статус: закончено
Результат: 31/38 (81.58%)
Форматированные
Печать результатов Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.03 Backdoor.Rbot!IK
AhnLab-V3 2008.12.31.0 2009.01.03 -
AntiVir 7.9.0.45 2009.01.02 TR/Dropper.Gen
Authentium 5.1.0.4 2009.01.03 W32/Heuristic-210!Eldorado
Avast 4.8.1281.0 2009.01.03 Win32:AutoRun-APU
AVG 8.0.0.199 2009.01.03 Worm/Generic.ROC
BitDefender 7.2 2009.01.03 Generic.Malware.Sdldspg.F2F94788
CAT-QuickHeal 10.00 2009.01.03 Win32.Trojan.Agent.NAL.3
ClamAV 0.94.1 2009.01.03 -
Comodo 869 2009.01.03 -
DrWeb 4.44.0.09170 2009.01.03 Win32.HLLW.Autoruner.origin
eTrust-Vet 31.6.6289 2009.01.02 Win32/Hotpop!generic
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.03 W32/Heuristic-210!Eldorado
F-Secure 8.0.14470.0 2009.01.03 W32/Packed_Upack.A
Fortinet 3.117.0.0 2009.01.03 PossibleThreat
GData 19 2009.01.03 Generic.Malware.Sdldspg.F2F94788
Ikarus T3.1.1.45.0 2009.01.03 Backdoor.Rbot
K7AntiVirus 7.10.575 2009.01.03 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.01.03 -
McAfee 5483 2009.01.03 New Malware.aj
McAfee+Artemis 5483 2009.01.03 New Malware.n
Microsoft 1.4205 2009.01.03 TrojanSpy:Win32/Hitpop.gen!C
NOD32 3733 2009.01.02 probably a variant of Win32/AutoRun.YE
Norman 5.80.02 2009.01.02 W32/Packed_Upack.A
Panda 9.0.0.4 2009.01.03 Trj/Downloader.MDW
PCTools 4.4.2.0 2009.01.03 Packed/Upack
Prevx1 V2 2009.01.03 -
Rising 21.10.22.00 2008.12.31 Trojan.DL.Win32.MyDown.beh
SecureWeb-Gateway 6.7.6 2009.01.03 Trojan.Dropper.Gen
Sophos 4.37.0 2009.01.03 Mal/Autorun-C
Sunbelt 3.2.1809.2 2008.12.22 VIPRE.Suspicious
Symantec 10 2009.01.03 W32.SillyDC
TheHacker 6.3.1.4.204 2009.01.02 W32/Behav-Heuristic-060
TrendMicro 8.700.0.1004 2009.01.02 Possible_OtorunA
VBA32 3.12.8.10 2009.01.03 suspected of Backdoor.XiaoBird.5 (paranoid heuristics)
ViRobot 2009.1.3.1541 2009.01.03 -
VirusBuster 4.5.11.0 2009.01.03 Packed/Upack
Дополнительная информация
File size: 36260 bytes
MD5...: e32320ae765ce6a42479169b18b082c7
SHA1..: 4a65f043d2983c21bc38aee1494f2f0b2377b249
SHA256: 4540d79c12c59d800a90e3b49dde7e6b3920d66cc7060f156c d0fb3a9c90321e
SHA512: 1585e6b66270f0ca1e0d9cb9b9d6618a10c0d75874cb886778 1a466c4f8b5451
8815f5afe212fddb8411c8c4d0358769b9f9e2d0f8b0a1521d 8642292eba430b
ssdeep: 768:RS5rFXi7ZqJHFYAeHA4k0aKPGr7lTSRcdjAegvHqGzQrNI mRayvra1GY:RO3
HFntldkqyQrimRY1P
PEiD..: -
TrID..: File type identification
DOS Executable Generic (100.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x701018
timedatestamp.....: 0x7011b0be (Tue Jul 31 15:52:30 2029)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
PS 0x1000 0x1d000 0x1f0 5.34 8fc3a0d705355501676128dd02c17c03
p_jr 0x1e000 0xc000 0x8ba4 7.99 a8523ee649d6c462e6d4f461e7124818
qp 0x2a000 0x1000 0x1f0 5.34 8fc3a0d705355501676128dd02c17c03

( 0 imports )
( 0 exports )
packers (Kaspersky): PE_Patch, UPack
packers (Avast): Upack
packers (Authentium): UPack
packers (F-Prot): UPack

Добавлено через 11 минут

Groft, извини, критика была не от тебя :-)

senyak
04.01.2009, 04:56
Файл 123 получен 2009.01.04 02:53:26 (CET)
Текущий статус: закончено
Результат: 4/38 (10.53%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.03 Trojan-SMS!IK
AhnLab-V3 2008.12.31.0 2009.01.03 -
AntiVir 7.9.0.45 2009.01.03 -
Authentium 5.1.0.4 2009.01.03 -
Avast 4.8.1281.0 2009.01.03 -
AVG 8.0.0.199 2009.01.03 -
BitDefender 7.2 2009.01.04 -
CAT-QuickHeal 10.00 2009.01.03 -
ClamAV 0.94.1 2009.01.04 -
Comodo 869 2009.01.03 -
DrWeb 4.44.0.09170 2009.01.04 -
eTrust-Vet 31.6.6289 2009.01.02 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.03 -
F-Secure 8.0.14470.0 2009.01.04 Trojan-SMS.J2ME.Konov.f
Fortinet 3.117.0.0 2009.01.03 -
GData 19 2009.01.04 -
Ikarus T3.1.1.45.0 2009.01.03 Trojan-SMS
K7AntiVirus 7.10.575 2009.01.03 -
Kaspersky 7.0.0.125 2009.01.04 Trojan-SMS.J2ME.Konov.f
McAfee 5483 2009.01.03 -
McAfee+Artemis 5483 2009.01.03 -
Microsoft 1.4205 2009.01.03 -
NOD32 3734 2009.01.03 -
Norman 5.80.02 2009.01.02 -
Panda 9.0.0.4 2009.01.03 -
PCTools 4.4.2.0 2009.01.03 -
Prevx1 V2 2009.01.04 -
Rising 21.10.22.00 2008.12.31 -
SecureWeb-Gateway 6.7.6 2009.01.03 -
Sophos 4.37.0 2009.01.04 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.04 -
TheHacker 6.3.1.4.204 2009.01.02 -
TrendMicro 8.700.0.1004 2009.01.02 -
VBA32 3.12.8.10 2009.01.03 -
ViRobot 2009.1.3.1541 2009.01.03 -
VirusBuster 4.5.11.0 2009.01.03 -
Дополнительная информация
File size: 2724 bytes
MD5...: fc1e1f0611b0f5b240696fd6aa8e805c
SHA1..: f57c1be1b01ed68b7c61865c81cefd7ab95c7182
SHA256: d5e338df336e02149a1ba376ebc1e2091e4a05c9c9f470a2e1 152582ee092dd1
SHA512: 1984fa19f4bb5a709338c86c948c9447bf15621b408105bdbf be54951ebd6609
1732b611afff2b7daa7cce1dcda9ad4ab0927e91bc793f5f78 bc60812734e75d
ssdeep: 48:BiLvqFZ84Sx8scqQOT/gIzANMJvyfHS+b9NpBcpf/9e3oUMH:BiWR/xOc8ANk
Qy+bFBcpfFqJMH
PEiD..: -

antanta
04.01.2009, 11:16
Не спать! Косить!

Файл zU.exe получен 2009.01.04 09:05:49 (CET)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.03 Trojan-Clicker.Win32.Klik!IK
AhnLab-V3 2008.12.31.0 2009.01.03 Win-Trojan/Fakeav.9728
AntiVir 7.9.0.45 2009.01.03 TR/Fakealert.ane.44
Authentium 5.1.0.4 2009.01.03 -
Avast 4.8.1281.0 2009.01.03 Win32:Lighty-D
AVG 8.0.0.199 2009.01.03 Dropper.Bravix.L
BitDefender 7.2 2009.01.04 Trojan.FakeAlert.ANE
CAT-QuickHeal 10.00 2009.01.03 TrojanDropper.Rooter.b
ClamAV 0.94.1 2009.01.04 -
Comodo 869 2009.01.03 -
DrWeb 4.44.0.09170 2009.01.04 -
eTrust-Vet 31.6.6289 2009.01.02 Win32/FakeAlert!generic
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.03 W32/FakeAlert.AB.gen!Eldorado
F-Secure 8.0.14470.0 2009.01.04 W32/Fakealert
Fortinet 3.117.0.0 2009.01.04 W32/FakeAlert.D!tr
GData 19 2009.01.04 Trojan.FakeAlert.ANE
Ikarus T3.1.1.45.0 2009.01.03 Trojan-Clicker.Win32.Klik
K7AntiVirus 7.10.575 2009.01.03 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.01.04 -
McAfee 5483 2009.01.03 Generic Dropper.bu
McAfee+Artemis 5483 2009.01.03 Generic Dropper.bu
Microsoft 1.4205 2009.01.04 TrojanDropper:Win32/Rooter.B
NOD32 3734 2009.01.03 a variant of Win32/Kryptik.BN
Norman 5.80.02 2009.01.02 W32/Renos.BZB
Panda 9.0.0.4 2009.01.03 Generic Trojan
PCTools 4.4.2.0 2009.01.03 -
Prevx1 V2 2009.01.04 Malicious Software
Rising 21.10.61.00 2009.01.04 -
SecureWeb-Gateway 6.7.6 2009.01.03 Trojan.Fakealert.ane.44
Sophos 4.37.0 2009.01.04 Mal/EncPk-EQ
Sunbelt 3.2.1809.2 2008.12.22 VIPRE.Suspicious
Symantec 10 2009.01.04 Trojan.Virantix.C
TheHacker 6.3.1.4.204 2009.01.02 -
TrendMicro 8.700.0.1004 2009.01.02 -
VBA32 3.12.8.10 2009.01.03 -
ViRobot 2009.1.3.1541 2009.01.03 Backdoor.Win32.IRCBot.39936.L
VirusBuster 4.5.11.0 2009.01.03 Trojan.FakeAlert.Gen!Pac.3


Добавлено через 4 минуты

Продолжимс.

Файл runsql.exe получен 2009.01.04 09:13:48 (CET)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.03 Trojan-Clicker.Win32.Klik!IK
AhnLab-V3 2008.12.31.0 2009.01.03 Win-Trojan/Fakeav.9728
AntiVir 7.9.0.45 2009.01.03 TR/Dropper.Gen
Authentium 5.1.0.4 2009.01.03 -
Avast 4.8.1281.0 2009.01.03 Win32:Lighty-D
AVG 8.0.0.199 2009.01.03 Dropper.Bravix.L
BitDefender 7.2 2009.01.04 Trojan.FakeAlert.ANE
CAT-QuickHeal 10.00 2009.01.03 Backdoor.UltimateDefender.gqg
ClamAV 0.94.1 2009.01.04 -
Comodo 869 2009.01.03 -
DrWeb 4.44.0.09170 2009.01.04 -
eTrust-Vet 31.6.6289 2009.01.02 Win32/FakeAlert!generic
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.03 W32/FakeAlert.AB.gen!Eldorado
Fortinet 3.117.0.0 2009.01.04 -
GData 19 2009.01.04 Trojan.FakeAlert.ANE
Ikarus T3.1.1.45.0 2009.01.03 Trojan-Clicker.Win32.Klik
K7AntiVirus 7.10.575 2009.01.03 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.01.04 -
McAfee 5483 2009.01.03 Generic Dropper.bu
McAfee+Artemis 5483 2009.01.03 Generic Dropper.bu
Microsoft 1.4205 2009.01.04 TrojanDownloader:Win32/Renos.FJ
NOD32 3734 2009.01.03 a variant of Win32/Kryptik.BN
Norman 5.80.02 2009.01.02 W32/Renos.CAG
Panda 9.0.0.4 2009.01.03 Generic Trojan
PCTools 4.4.2.0 2009.01.03 -
Prevx1 V2 2009.01.04 Malicious Software
Rising 21.10.61.00 2009.01.04 -
SecureWeb-Gateway 6.7.6 2009.01.03 Trojan.Dropper.Gen
Sophos 4.37.0 2009.01.04 Mal/EncPk-EQ
Sunbelt 3.2.1809.2 2008.12.22 VIPRE.Suspicious
Symantec 10 2009.01.04 Trojan.Virantix.C
TheHacker 6.3.1.4.204 2009.01.02 -
TrendMicro 8.700.0.1004 2009.01.02 -
VBA32 3.12.8.10 2009.01.03 -
ViRobot 2009.1.3.1541 2009.01.03 Backdoor.Win32.IRCBot.39936.L
VirusBuster 4.5.11.0 2009.01.03 Trojan.FakeAlert.Gen!Pac.3
Дополнительная информация
File size: 278528 bytes
MD5...: 4f86af63d2df938148acf090f5ce73bd
SHA1..: 1fb27502eb373940e5bdad052b083325dfc87523
SHA256: 7604ae55c98e40cec74d9efd75dd4a4b39f5eee556e9042c28 cf3776b1ba5e10
SHA512: 1f64743b07bf90a383f88b55997a0bf379756dc0c40fd5905e b83be4031f4776
4be5ae2631ff960ac59b83b1a73bca5f56fd5aec73d02c8547 afab42eed83d0d

ssdeep: 6144:+P1UsU2DR906fVzzqDAnBbwLkFK8aiZ+i+MlZZZVrA:+P 1UgDR9lNzzYAVg
dNA+4ZZV

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401008
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0x1000 0x200 5.78 886abbf737703371751e2ccaebab272f
.data 0x2000 0x44000 0x43000 8.00 2230ad2638b1bed16e72953f7c3c81b6
.rsrc 0x46000 0x84000 0xa00 3.61 ab2365cb0abfdcb5337cb3f9d03da60f

( 3 imports )
> KERNEL32.DLL: AddAtomA, CancelDeviceWakeupRequest, CancelWaitableTimer, CopyFileW, DebugActiveProcess, DebugBreak, DefineDosDeviceW, EnumCalendarInfoW, ExitProcess, GetEnvironmentStrings, GetLongPathNameW, GetOverlappedResult, GetThreadTimes, GetUserDefaultLCID, GlobalFindAtomA, GlobalGetAtomNameW, LocalReAlloc, SetCalendarInfoW, SetCommTimeouts, VerLanguageNameA, WaitForMultipleObjectsEx, WaitForSingleObject, WriteProfileSectionA, lstrcpy
> USER32.DLL: ChangeDisplaySettingsExA, CharUpperA, CheckRadioButton, CopyAcceleratorTableW, DestroyCursor, DialogBoxIndirectParamW, DragDetect, DrawIconEx, EnableMenuItem, EnableScrollBar, FillRect, GetAsyncKeyState, GetKeyboardLayoutNameA, GetMenuCheckMarkDimensions, GetMessageA, GetUpdateRgn, GetWindowLongA, GetWindowTextLengthA, IsCharUpperW, PostMessageW, PostThreadMessageW, RegisterWindowMessageW, SetShellWindow, SetSystemCursor, SetUserObjectSecurity
> GDI32.DLL: CopyEnhMetaFileA, CreateDCA, CreateFontW, CreateICA, CreatePatternBrush, EnumMetaFile, Escape, ExtEscape, GdiFlush, GdiPlayDCScript, GetCharWidthA, GetKerningPairsW, GetPolyFillMode, GetTextExtentExPointA, GetViewportExtEx, GetViewportOrgEx, LPtoDP, PolyPolygon, Polygon, RectInRegion, RectVisible, SelectObject, SetArcDirection, SetEnhMetaFileBits, SetPixel, SetViewportOrgEx, SetWinMetaFileBits

( 0 exports )

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=0F166C2900A2BEA340D7049BC D8DBE00850A8D0A' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=0F166C2900A2BEA340D7049BC D8DBE00850A8D0A</a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=4f86af63d2df938148acf090f5ce73bd' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=4f86af63d2df938148acf090f5ce73bd</a>

kvit
04.01.2009, 13:33
a-squared 4.0.0.73 2009.01.03 Win32.SuspectCrc!IK
AhnLab-V3 2008.12.31.0 2009.01.03 -
AntiVir 7.9.0.45 2009.01.03 TR/Crypt.XDR.Gen
Authentium 5.1.0.4 2009.01.03 -
Avast 4.8.1281.0 2009.01.03 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2009.01.03 Generic12.AIDL
BitDefender 7.2 2009.01.04 Dropped:Trojan.Generic.1267262
CAT-QuickHeal 10.00 2009.01.03 -
ClamAV 0.94.1 2009.01.04 -
Comodo 869 2009.01.03 -
DrWeb 4.44.0.09170 2009.01.04 Trojan.MulDrop.29356
eTrust-Vet 31.6.6289 2009.01.02 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.03 -
F-Secure 8.0.14470.0 2009.01.04 -
Fortinet 3.117.0.0 2009.01.04 PossibleThreat
GData 19 2009.01.04 Dropped:Trojan.Generic.1267262
Ikarus T3.1.1.45.0 2009.01.03 Win32.SuspectCrc
K7AntiVirus 7.10.575 2009.01.03 -
Kaspersky 7.0.0.125 2009.01.04 Trojan.Win32.VB.ihj
McAfee 5483 2009.01.03 -
McAfee+Artemis 5483 2009.01.03 Generic!Artemis
Microsoft 1.4205 2009.01.04 -
NOD32 3734 2009.01.03 a variant of Win32/Injector.GL
Norman 5.80.02 2009.01.02 W32/Smalltroj.KBEI
Panda 9.0.0.4 2009.01.03 Suspicious file
PCTools 4.4.2.0 2009.01.03 -
Prevx1 V2 2009.01.04 -
Rising 21.10.62.00 2009.01.04 -
SecureWeb-Gateway 6.7.6 2009.01.03 Trojan.Crypt.XDR.Gen
Sophos 4.37.0 2009.01.04 Sus/Behav-1018
Sunbelt 3.2.1809.2 2008.12.22 BehavesLike.Win32.Malware (v)
Symantec 10 2009.01.04 -
TheHacker 6.3.1.4.204 2009.01.02 -
TrendMicro 8.700.0.1004 2009.01.04 -
VBA32 3.12.8.10 2009.01.03 -
ViRobot 2009.1.3.1541 2009.01.03 -
VirusBuster 4.5.11.0 2009.01.03 -

Дополнительная информация
File size: 792256 bytes
MD5...: a19d9ce5f4c3e1cb58a5b828b125afa6
SHA1..: 9947b55d8bfae5033ae7c7b8b01e36d2d6dda6cf
SHA256: 9aa6df47bf19f8ac113acb4caa0dcc5f18444671f702a20b20 34af97a5d59069
SHA512: fc2bd9e8c527f9f6c4e8fb34803fee36363e1036a320631ccf 0d739f496480a4
7f621ac4de1d46c09427141b65f76370d00365b9042f63e92d 623a9961dc01d4

Aleksandra
06.01.2009, 22:06
Файл tLBq.exe получен 2009.01.06 19:27:13 (CET)


a-squared 4.0.0.73 2009.01.06 Trojan-Spy.Win32.Zbot.djy!IK
AhnLab-V3 2009.1.6.3 2009.01.06 Win32/IRCBot.worm.variant
AntiVir 7.9.0.45 2009.01.06 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2009.01.05 W32/Trojan2.CKMB
Avast 4.8.1281.0 2009.01.06 Win32:Zbot-AIO
AVG 8.0.0.199 2009.01.06 Win32/Heur
BitDefender 7.2 2009.01.06 Trojan.Wsnpoem.K
CAT-QuickHeal 10.00 2009.01.06 -
ClamAV 0.94.1 2009.01.06 Trojan.Zbot-1823
Comodo 884 2009.01.06 -
DrWeb 4.44.0.09170 2009.01.06 Trojan.Packed.511
eTrust-Vet 31.6.6293 2009.01.06 -
Ewido 4.0 2008.12.31 Logger.Zbot.aez
F-Prot 4.4.4.56 2009.01.05 W32/Trojan2.CKMB
F-Secure 8.0.14470.0 2009.01.06 -
Fortinet 3.117.0.0 2009.01.06 W32/Zbot.W!tr
GData 19 2009.01.06 Trojan.Wsnpoem.K
Ikarus T3.1.1.45.0 2009.01.06 Trojan-Spy.Win32.Zbot.djy
K7AntiVirus 7.10.578 2009.01.06 Trojan-Spy.Win32.Zbot.djy
Kaspersky 7.0.0.125 2009.01.06 -
McAfee 5486 2009.01.05 PWS-Zbot.gen.c
McAfee+Artemis 5487 2009.01.06 PWS-Zbot.gen.c
Microsoft 1.4205 2009.01.06 Trojan:Win32/Zbot.BD
NOD32 3743 2009.01.06 a variant of Win32/Spy.Agent.PZ
Norman 5.80.02 2009.01.06 W32/Zbot.APJ
Panda 9.0.0.4 2009.01.06 -
PCTools 4.4.2.0 2009.01.06 -
Prevx1 V2 2009.01.06 -
Rising 21.11.12.00 2009.01.06 -
SecureWeb-Gateway 6.7.6 2009.01.06 Trojan.Crypt.XPACK.Gen
Sophos 4.37.0 2009.01.06 Mal/TibsPak
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.06 Infostealer.Notos!gen
TheHacker 6.3.1.4.205 2009.01.05 -
TrendMicro 8.700.0.1004 2009.01.06 Cryp_Zbot
VBA32 3.12.8.10 2009.01.05 Trojan-Spy.Win32.Zbot.djy
ViRobot 2009.1.6.1546 2009.01.06 Trojan.Win32.Zbot.90112
VirusBuster 4.5.11.0 2009.01.06 -Дополнительная информация
File size: 49624 bytes
MD5...: bc1432c0b30fc6fb41ca94ce116a9dc6

Black Angel
09.01.2009, 16:52
Файл key.EXE получен 2009.01.09 14:35:56 (CET)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.09 Tool.DOS.SimulatedVirus.B!IK
AhnLab-V3 2009.1.9.2 2009.01.09 -
AntiVir 7.9.0.45 2009.01.09 SPR/Fake.CscSimX
Authentium 5.1.0.4 2009.01.08 -
Avast 4.8.1281.0 2009.01.08 -
AVG 8.0.0.229 2009.01.09 DOS.Generic_c.J
BitDefender 7.2 2009.01.09 Application.Viremul.B
CAT-QuickHeal 10.00 2009.01.09 -
ClamAV 0.94.1 2009.01.09 DOS.Simulated.Virus
Comodo 895 2009.01.08 Application.SimulatedVir
DrWeb 4.44.0.09170 2009.01.09 Tool.VirEmul
eSafe 7.0.17.0 2009.01.08 Dos.4907
eTrust-Vet 31.6.6299 2009.01.09 -
F-Prot 4.4.4.56 2009.01.08 -
F-Secure 8.0.14470.0 2009.01.09 -
Fortinet 3.117.0.0 2009.01.09 Misc/Simulated
GData 19 2009.01.09 Application.Viremul.B
Ikarus T3.1.1.45.0 2009.01.09 Tool.DOS.SimulatedVirus.B
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.09 -
McAfee 5489 2009.01.08 potentially unwanted program Simulated Virus
McAfee+Artemis 5489 2009.01.08 potentially unwanted program Simulated Virus
Microsoft 1.4205 2009.01.09 Tool:DOS/SimulatedVirus.B
NOD32 3754 2009.01.09 SimulatedVir
Norman 5.99.02 2009.01.09 -
Panda 9.4.3.3 2009.01.09 Lepe.2818
PCTools 4.4.2.0 2009.01.09 -
Prevx1 V2 2009.01.09 Malicious Software
Rising 21.11.42.00 2009.01.09 -
SecureWeb-Gateway 6.7.6 2009.01.09 Riskware.Fake.CscSimX
Sophos 4.37.0 2009.01.09 -
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.09 -
TheHacker 6.3.1.4.214 2009.01.09 -
TrendMicro 8.700.0.1004 2009.01.09 -
VBA32 3.12.8.10 2009.01.08 -
ViRobot 2009.1.9.1552 2009.01.09 -
VirusBuster 4.5.11.0 2009.01.08 -
Дополнительная информация
File size: 2818 bytes
MD5...: 9435eae54f53fb1e7517b2dbad8e4caf

Добавлено через 10 минут

Файл hosts.EXE получен 2009.01.09 14:45:13 (CET)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.09 Tool.DOS.SimulatedVirus.A!IK
AhnLab-V3 2009.1.9.2 2009.01.09 -
AntiVir 7.9.0.54 2009.01.09 -
Authentium 5.1.0.4 2009.01.08 Intended_Virus!e2da
Avast 4.8.1281.0 2009.01.08 -
AVG 8.0.0.229 2009.01.09 DOS.Generic_c.R
BitDefender 7.2 2009.01.09 Application.Dropper.A
CAT-QuickHeal 10.00 2009.01.09 -
ClamAV 0.94.1 2009.01.09 DOS.Simulated.Virus
Comodo 895 2009.01.08 Application.SimulatedVir
DrWeb 4.44.0.09170 2009.01.09 Tool.VirEmul
eSafe 7.0.17.0 2009.01.08 Dos.Balooch
eTrust-Vet 31.6.6300 2009.01.09 -
F-Prot 4.4.4.56 2009.01.08 Intended_Virus!e2da
Fortinet 3.117.0.0 2009.01.09 W32/Music
GData 19 2009.01.09 Application.Dropper.A
Ikarus T3.1.1.45.0 2009.01.09 Tool.DOS.SimulatedVirus.A
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.09 -
McAfee 5489 2009.01.08 potentially unwanted program Simulated Virus
McAfee+Artemis 5489 2009.01.08 potentially unwanted program Simulated Virus
Microsoft 1.4205 2009.01.09 Tool:DOS/SimulatedVirus.A
NOD32 3754 2009.01.09 SimulatedVir
Panda 9.4.3.3 2009.01.09 -
PCTools 4.4.2.0 2009.01.09 -
Rising 21.11.42.00 2009.01.09 -
SecureWeb-Gateway 6.7.6 2009.01.09 -
Sophos 4.37.0 2009.01.09 Junk/Music sim
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.09 -
TheHacker 6.3.1.4.214 2009.01.09 -
TrendMicro 8.700.0.1004 2009.01.09 -
VBA32 3.12.8.10 2009.01.08 -
ViRobot 2009.1.9.1552 2009.01.09 -
VirusBuster 4.5.11.0 2009.01.08 -
Дополнительная информация
File size: 2974 bytes
MD5...: c7c76758a017faf547d006691fdf575d

DABbID
12.01.2009, 19:25
Файл innounp.exe получен 2009.01.12 17:19:17 (CET)
Текущий статус: закончено
Результат: 25/37 (67.57%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.12 Virus.Win32.Trojan!IK
AhnLab-V3 2009.1.10.0 2009.01.12 Packed/Upack
AntiVir 7.9.0.54 2009.01.12 -
Authentium 5.1.0.4 2009.01.12 W32/Heuristic-210!Eldorado
Avast 4.8.1281.0 2009.01.12 Win32:Trojan-gen {Other}
AVG 8.0.0.229 2009.01.12 Generic10.XFN
BitDefender 7.2 2009.01.12 -
CAT-QuickHeal 10.00 2009.01.12 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.01.12 -
Comodo 919 2009.01.12 -
DrWeb 4.44.0.09170 2009.01.12 -
eSafe 7.0.17.0 2009.01.12 Suspicious File
eTrust-Vet 31.6.6304 2009.01.12 -
F-Prot 4.4.4.56 2009.01.12 W32/Heuristic-210!Eldorado
F-Secure 8.0.14470.0 2009.01.12 W32/Packed_Upack.A
Fortinet 3.117.0.0 2009.01.11 PossibleThreat
GData 19 2009.01.12 Win32:Trojan-gen {Other}
Ikarus T3.1.1.45.0 2009.01.12 Virus.Win32.Trojan
K7AntiVirus 7.10.584 2009.01.09 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.01.12 -
McAfee 5492 2009.01.11 Generic.dx
McAfee+Artemis 5492 2009.01.11 Generic.dx
Microsoft 1.4205 2009.01.12 -
NOD32 3759 2009.01.12 -
Norman 5.93.01 2009.01.12 W32/Packed_Upack.A
Panda 9.4.3.3 2009.01.11 Trj/Lineage.BZE
PCTools 4.4.2.0 2009.01.12 Packed/Upack
Prevx1 V2 2009.01.12 Malicious Software
Rising 21.12.02.00 2009.01.12 -
SecureWeb-Gateway 6.7.6 2009.01.12 Trojan.PSW.LooksLike.Sagic
Sophos 4.37.0 2009.01.12 Sus/ComPack-C
Sunbelt 3.2.1831.2 2009.01.09 Trojan.Win32.Packed.gen (v)
TheHacker 6.3.1.4.218 2009.01.11 W32/Behav-Heuristic-060
TrendMicro 8.700.0.1004 2009.01.12 TROJ_PACKED.ECJ
VBA32 3.12.8.10 2009.01.12 -
ViRobot 2009.1.12.1554 2009.01.12 -
VirusBuster 4.5.11.0 2009.01.12 Packed/Upack
Дополнительная информация
File size: 94564 bytes
MD5...: 8a93c3415a3ebc7cf4ebd5ace6cb062d
SHA1..: c812b4f41d318a83e6ae71375e01c8a644fab697
SHA256: 9f13fd5d3cac4362c0523c98b6411b1f576049017f262783bc 0e5c8cc566db55
SHA512: 63f02e4d508329898188444929a390489404bb32aa1b47ca53 60b3bba73dbea9
3c9e21a85ed69237833734f9a1508a0bda9a8357fad5c21487 b92aeb0cfc2b7e
ssdeep: 1536:PmvVpfBxOTguIN7EhleATSP4cy01Ys/3ar6BY/0hNqY0NYLBKb/KkCtou40
89rv7:PmXfbxlWOAOX1P/3a0WNYLBO/ru4089P
PEiD..: -
TrID..: File type identification
DOS Executable Generic (100.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401018
timedatestamp.....: 0x4011b0be (Fri Jan 23 23:39:42 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
PS 0x1000 0x63000 0x1f0 5.41 dc08bdd8c711d73e0dbdca444ea5a54b
@_G 0x64000 0x1f000 0x16f64 8.00 03a2623cf8965f89c51fd96c96ca768b
8F@ 0x83000 0x1000 0x1f0 5.41 dc08bdd8c711d73e0dbdca444ea5a54b

( 0 imports )

( 0 exports )
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=8a93c3415a3ebc7cf4ebd5ace6cb062d' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=8a93c3415a3ebc7cf4ebd5ace6cb062d</a>
packers (Kaspersky): PE_Patch, UPack
packers (Authentium): UPack
packers (F-Prot): UPack
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=D5F7FF8364CF5375711701B8D DD94100EB95778A' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=D5F7FF8364CF5375711701B8D DD94100EB95778A</a>

senyak
12.01.2009, 22:13
Файл autorun.rar получен 2009.01.12 20:04:59 (CET)
Текущий статус: закончено
Результат: 5/38 (13.16%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.12 -
AhnLab-V3 2009.1.10.0 2009.01.12 -
AntiVir 7.9.0.54 2009.01.12 -
Authentium 5.1.0.4 2009.01.12 -
Avast 4.8.1281.0 2009.01.12 -
AVG 8.0.0.229 2009.01.12 -
BitDefender 7.2 2009.01.12 -
CAT-QuickHeal 10.00 2009.01.12 -
ClamAV 0.94.1 2009.01.12 -
Comodo 919 2009.01.12 -
DrWeb 4.44.0.09170 2009.01.12 -
eSafe 7.0.17.0 2009.01.12 -
eTrust-Vet 31.6.6301 2009.01.10 -
F-Prot 4.4.4.56 2009.01.12 -
F-Secure 8.0.14470.0 2009.01.12 -
Fortinet 3.117.0.0 2009.01.11 -
GData 19 2009.01.12 -
Ikarus T3.1.1.45.0 2009.01.12 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.12 -
McAfee 5493 2009.01.12 W32/Conficker.worm!inf
McAfee+Artemis 5493 2009.01.12 W32/Conficker.worm!inf
Microsoft 1.4205 2009.01.12 Worm:Win32/Conficker.B!inf
NOD32 3759 2009.01.12 -
Norman 5.93.01 2009.01.12 -
Panda 9.4.3.3 2009.01.12 W32/Conficker.C.worm
PCTools 4.4.2.0 2009.01.12 -
Prevx1 V2 2009.01.12 -
Rising 21.12.02.00 2009.01.12 -
SecureWeb-Gateway 6.7.6 2009.01.12 -
Sophos 4.37.0 2009.01.12 -
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.12 W32.Downadup!autorun
TheHacker 6.3.1.4.218 2009.01.11 -
TrendMicro 8.700.0.1004 2009.01.12 -
VBA32 3.12.8.10 2009.01.12 -
ViRobot 2009.1.12.1554 2009.01.12 -
VirusBuster 4.5.11.0 2009.01.12 -
Дополнительная информация
File size: 29663 bytes
MD5...: 21b0f00ae0d46d52c88a78b542f4bfa5
SHA1..: 0cc575c1fddd6796b9809c4ae438082ed0064357
SHA256: 2f09ce46b26377de1b6b8d46d524ed561ce05d7e3a8295781e e003ec779b48ae
SHA512: a43e74319726e8522c718a33cea595ff3c5007cf03ca254020 0e2f80e46a78ad
a3ab495154a6a30fca62d4f1db5731b4afb6b6a7bb4626db98 e92cb1fbad144f
ssdeep: 768:bT0GDmiHNP4bwGjUcfazYSRzH6qIUBCl+m:30imiHNP4kG jYN5aqIUBCl+m
PEiD..: -
TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)
PEInfo: -
packers (F-Prot): Unicode

IgorKr
13.01.2009, 17:45
Файл setup.exe получен 2009.01.13 15:37:30 (CET)
Текущий статус: закончено
Результат: 9/38 (23.69%)



a-squared 4.0.0.73 2009.01.13 -
AhnLab-V3 2009.1.13.3 2009.01.13 -
AntiVir 7.9.0.54 2009.01.13 -
Authentium 5.1.0.4 2009.01.13 -
Avast 4.8.1281.0 2009.01.13 -
AVG 8.0.0.229 2009.01.13 SHeur2.KOR.dropper
BitDefender 7.2 2009.01.13 Trojan.Vundo.GGF
CAT-QuickHeal 10.00 2009.01.12 -
ClamAV 0.94.1 2009.01.13 -
Comodo 927 2009.01.13 -
DrWeb 4.44.0.09170 2009.01.13 -
eSafe 7.0.17.0 2009.01.12 Suspicious File
eTrust-Vet 31.6.6304 2009.01.12 -
F-Prot 4.4.4.56 2009.01.12 -
F-Secure 8.0.14470.0 2009.01.13 -
Fortinet 3.117.0.0 2009.01.13 -
GData 19 2009.01.13 Trojan.Vundo.GGF
Ikarus T3.1.1.45.0 2009.01.13 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.13 -
McAfee 5493 2009.01.12 -
McAfee+Artemis 5493 2009.01.12 Generic!Artemis
Microsoft 1.4205 2009.01.13 Trojan:Win32/AgentBypass.gen!I
NOD32 3761 2009.01.13 -
Norman 5.93.01 2009.01.13 -
Panda 9.5.1.2 2009.01.13 Suspicious file
PCTools 4.4.2.0 2009.01.13 -
Prevx1 V2 2009.01.13 Malicious Software
Rising 21.12.12.00 2009.01.13 -
SecureWeb-Gateway 6.7.6 2009.01.13 -
Sophos 4.37.0 2009.01.13 -
Sunbelt 3.2.1831.2 2009.01.09 Trojan.Win32.Packed.gen (v)
Symantec 10 2009.01.13 -
TheHacker 6.3.1.4.218 2009.01.11 -
TrendMicro 8.700.0.1004 2009.01.13 -
VBA32 3.12.8.10 2009.01.12 -
ViRobot 2009.1.13.1556 2009.01.13 -
VirusBuster 4.5.11.0 2009.01.12 -
Дополнительная информация
File size: 5512192 bytes
MD5...: fcd73882f7cfca40d9283c0df2ad375e
SHA1..: 2dcac82db6726466e8491a746d7157630e879eb5
SHA256: 61201460005f89e05e4ef34b8156a03e4dcb5b93db60062659 47c028cf18eea1
SHA512: 9893cf69f04ff0321dae133b677f76fa7057fae86cd3fc7adb 779b6a526df8b7
3d42d45a0968f634d460b536e68c790876872a5f8e43081d7c b1b92a12a396cd
ssdeep: 98304:hv0s8YL870pr14I/jxikW+IvJvK7pcr2xVeRjlobkSPuxhqjBpd+0RpA44
a:1Dfpr14I/jxRyJv+qKAoASPuxmpd+0Rr
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (63.0%)
Win32 Executable MS Visual C++ (generic) (27.7%)
Win32 Executable Generic (6.2%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100645c
timedatestamp.....: 0x480251cd (Sun Apr 13 18:32:45 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x99c8 0x9a00 6.58 fd7744c26c2bf4d279968be94b283b11
.data 0xb000 0x1be4 0x400 4.25 99858e86526942a66950c7139f78a725
.rsrc 0xd000 0x537868 0x537a00 8.00 a049d0a5dd3dbe7ef6ec019c9e94b6a6

( 6 imports )
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, lstrlenA, GetModuleFileNameA, GetSystemDirectoryA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, lstrcpyA, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, FreeResource, GetProcAddress, LoadResource, SizeofResource, FindResourceA, lstrcatA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, LockResource
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports )
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=361A4EEA00420789B602008C2 40A1900095139A6' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=361A4EEA00420789B602008C2 40A1900095139A6</a>
packers (F-Prot): CAB, ZIP

ZhIV
14.01.2009, 07:37
Файл csrcs-.exe получен 2009.01.14 05:23:20 (CET)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.14 Trojan.Win32.Autoit.dt!IK
AhnLab-V3 2009.1.13.3 2009.01.14 Win-Trojan/Midgare.229888.B
AntiVir 7.9.0.54 2009.01.13 TR/Autoit.fi.420388
Authentium 5.1.0.4 2009.01.13 W32/Trojan2.FKMP
Avast 4.8.1281.0 2009.01.13 Win32:Trojan-gen {Other}
AVG 8.0.0.229 2009.01.13 Worm/Autoit.LYM
BitDefender 7.2 2009.01.14 Trojan.Generic.1175909
CAT-QuickHeal 10.00 2009.01.12 TrojanDownloader.Small.agrv
ClamAV 0.94.1 2009.01.13 Worm.Autorun-1793
Comodo 927 2009.01.13 -
DrWeb 4.44.0.09170 2009.01.13 -
eSafe 7.0.17.0 2009.01.13 Suspicious File
eTrust-Vet 31.6.6306 2009.01.13 -
F-Prot 4.4.4.56 2009.01.13 W32/Trojan2.FKMP
F-Secure 8.0.14470.0 2009.01.14 Trojan.Win32.Autoit.fi
Fortinet 3.117.0.0 2009.01.14 -
GData 19 2009.01.14 Trojan.Generic.1175909
Ikarus T3.1.1.45.0 2009.01.14 Trojan.Win32.Autoit.dt
K7AntiVirus 7.10.584 2009.01.09 Trojan.Win32.Midgare.rdk
Kaspersky 7.0.0.125 2009.01.14 Trojan.Win32.Autoit.fi
McAfee 5494 2009.01.13 W32/Autorun.worm.zf.gen
McAfee+Artemis 5494 2009.01.13 W32/Autorun.worm.zf.gen
Microsoft 1.4205 2009.01.13 Worm:AutoIt/Renocide.gen!A
NOD32 3763 2009.01.13 Win32/Packed.Autoit.Gen
Norman 5.93.01 2009.01.13 W32/Agent.JIIR
Panda 9.5.1.2 2009.01.13 W32/Autoit.Z
PCTools 4.4.2.0 2009.01.13 -
Prevx1 V2 2009.01.14 -
Rising 21.12.20.00 2009.01.14 -
SecureWeb-Gateway 6.7.6 2009.01.13 Trojan.Autoit.fi.420388
Sophos 4.37.0 2009.01.13 Sus/Behav-1011
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.14 W32.Harakit
TheHacker 6.3.1.4.219 2009.01.14 Trojan/Autoit.gs
TrendMicro 8.700.0.1004 2009.01.14 WORM_AUTORUN.HP
VBA32 3.12.8.10 2009.01.13 -
ViRobot 2009.1.14.1557 2009.01.14 -
VirusBuster 4.5.11.0 2009.01.13 -

Дополнительная информация
File size: 420360 bytes
MD5...: e297074d0a30c50ef6d227a362261685
SHA1..: 851d5403686594bd1752ef827aaed440f88e983e
SHA256: 6736a1ef071073c2e949168573730f33cca14a3f6d4a5848c4 d9d4f1d647adca
SHA512: 827dbb1bd64e3c1fa731d8b890bf17f555ba68138818ecb796 a95bf65cef601b<BR>9446996bd519a25421871d0b397c458c0d95ca4d3126dc05ef 85813563f648c9<BR>
ssdeep: 12288:tnNhuBoY8SorxgmA+nlvVl/2RSHOJGBaObFR4U:tPatCg7EPt2SOEoOQU<BR>
PEiD..: -

Добавлено через 8 минут

Файл autorun.inf получен 2009.01.14 05:29:51 (CET)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.14 -
AhnLab-V3 2009.1.13.3 2009.01.14 -
AntiVir 7.9.0.54 2009.01.13 -
Authentium 5.1.0.4 2009.01.13 -
Avast 4.8.1281.0 2009.01.13 -
AVG 8.0.0.229 2009.01.13 Worm/AutoRun
BitDefender 7.2 2009.01.14 Trojan.AutorunINF.Gen
CAT-QuickHeal 10.00 2009.01.12 -
ClamAV 0.94.1 2009.01.13 Worm.Autorun-1792
Comodo 927 2009.01.13 -
DrWeb 4.44.0.09170 2009.01.13 -
eSafe 7.0.17.0 2009.01.13 -
eTrust-Vet 31.6.6306 2009.01.13 INF/Frethog
F-Prot 4.4.4.56 2009.01.13 -
F-Secure 8.0.14470.0 2009.01.14 BAT/AutoRun.AE
Fortinet 3.117.0.0 2009.01.14 -
GData 19 2009.01.14 Trojan.AutorunINF.Gen
Ikarus T3.1.1.45.0 2009.01.14 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.14 -
McAfee 5494 2009.01.13 -
McAfee+Artemis 5494 2009.01.13 -
Microsoft 1.4205 2009.01.13 -
NOD32 3763 2009.01.13 -
Norman 5.93.01 2009.01.13 BAT/AutoRun.AE
Panda 9.5.1.2 2009.01.13 -
PCTools 4.4.2.0 2009.01.13 -
Prevx1 V2 2009.01.14 -
Rising 21.12.20.00 2009.01.14 -
SecureWeb-Gateway 6.7.6 2009.01.13 -
Sophos 4.37.0 2009.01.14 W32/Yahlov-A
Sunbelt 3.2.1831.2 2009.01.09 INF.Autorun (v)
Symantec 10 2009.01.14 -
TheHacker 6.3.1.4.219 2009.01.14 -
TrendMicro 8.700.0.1004 2009.01.14 -
VBA32 3.12.8.10 2009.01.13 -
ViRobot 2009.1.14.1557 2009.01.14 -
VirusBuster 4.5.11.0 2009.01.13 INF.Autorun.Gen

Дополнительная информация
File size: 473 bytes
MD5...: 6ed92792d0051fbc0a84d6aea3a8970a
SHA1..: 688d1291f9a62e37bbc2c716526deb5969467094
SHA256: e8ee51ea254861ff70bd860ee1c9b8c5cb5cf27480cd66be19 9e83ddeaebdeb2
SHA512: 9dc6de65f9f55e2a9e35fcf549f2cfbce0f755b78cbcb9f3b4 211b0de0360948<BR>1aaa2a2e50e2baef309c8165ac04abca755a61aa0a8d182ebd f1e67073914b74<BR>
ssdeep: 12:ZbgpDMbuRuuPM5BXiheTmNXq4izKswQwMDzrMRi:6F0ud4B kqm3SwQV04<BR>
PEiD..: -
TrID..: File type identification<BR>Unknown!
PEInfo: -

OSSP2008
14.01.2009, 12:58
Файл Virus.Win32.Parite.d получен 2009.01.14 10:50:22 (CET)
Текущий статус: закончено
Результат: 31/38 (81.58%)


a-squared 4.0.0.73 2009.01.14 Backdoor.Rbot!IK
AhnLab-V3 2009.1.13.3 2009.01.14 -
AntiVir 7.9.0.54 2009.01.13 W32/Parite
Authentium 5.1.0.4 2009.01.13 W32/Parite.D
Avast 4.8.1281.0 2009.01.13 Win32:Parite
AVG 8.0.0.229 2009.01.13 BackDoor.RBot.EL
BitDefender 7.2 2009.01.14 Win32.Parite.D
CAT-QuickHeal 10.00 2009.01.14 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.01.14 W32.Parite.B
Comodo 927 2009.01.13 Virus.Win32.Parite.d
DrWeb 4.44.0.09170 2009.01.14 Win32.Parite.4
eSafe 7.0.17.0 2009.01.13 Virus.Win32.Parite.d
eTrust-Vet 31.6.6307 2009.01.14 -
F-Prot 4.4.4.56 2009.01.13 W32/Spybot.BFC
F-Secure 8.0.14470.0 2009.01.14 Virus.Win32.Parite.d
Fortinet 3.117.0.0 2009.01.14 W32/Parite.B
GData 19 2009.01.14 Win32.Parite.D
Ikarus T3.1.1.45.0 2009.01.14 Backdoor.Rbot
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.14 Virus.Win32.Parite.d
McAfee 5494 2009.01.13 W32/Pate.d
McAfee+Artemis 5494 2009.01.13 W32/Pate.d
Microsoft 1.4205 2009.01.14 Virus:Win32/Parite.D
NOD32 3763 2009.01.13 Win32/Parite.D
Norman 5.93.01 2009.01.13 W32/Spybot.BNKS
Panda 9.5.1.2 2009.01.13 Generic Malware
PCTools 4.4.2.0 2009.01.13 -
Prevx1 V2 2009.01.14 Malicious Software
Rising 21.12.22.00 2009.01.14 Win32.Parite.d
SecureWeb-Gateway 6.7.6 2009.01.14 Win32.Parite
Sophos 4.37.0 2009.01.14 W32/Parite-A
Sunbelt 3.2.1831.2 2009.01.09 Backdoor.IRCBot
Symantec 10 2009.01.14 W32.Spybot.Worm
TheHacker 6.3.1.4.219 2009.01.14 -
TrendMicro 8.700.0.1004 2009.01.14 PE_PATE.D
VBA32 3.12.8.10 2009.01.13 Win32.Parite.D
ViRobot 2009.1.14.1558 2009.01.14 -
VirusBuster 4.5.11.0 2009.01.13 -

ZhIV
15.01.2009, 07:25
File autorun.exe received on 01.15.2009 04:56:27 (CET)

Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.15 Trojan-PWS.Legmir!IK
AhnLab-V3 2009.1.15.0 2009.01.14 -
AntiVir 7.9.0.54 2009.01.14 CC/UKMalw.LB
Authentium 5.1.0.4 2009.01.14 W32/Trojan.BWKV
Avast 4.8.1281.0 2009.01.14 -
AVG 8.0.0.229 2009.01.14 Generic12.PHK
BitDefender 7.2 2009.01.15 -
CAT-QuickHeal 10.00 2009.01.15 -
ClamAV 0.94.1 2009.01.15 Trojan.Agent-17889
Comodo 931 2009.01.14 TrojWare.Win32.PWS.Agent.AAA
DrWeb 4.44.0.09170 2009.01.15 -
eSafe 7.0.17.0 2009.01.14 Win32.Backdoor.EggDr
eTrust-Vet 31.6.6308 2009.01.15 -
F-Prot 4.4.4.56 2009.01.14 W32/Trojan.BWKV
F-Secure 8.0.14470.0 2009.01.15 -
Fortinet 3.117.0.0 2009.01.15 Generic.A!tr
GData 19 2009.01.15 -
Ikarus T3.1.1.45.0 2009.01.15 Trojan-PWS.Legmir
K7AntiVirus 7.10.584 2009.01.09 Trojan-Spy.Win32.BZub.Family
Kaspersky 7.0.0.125 2009.01.15 -
McAfee 5495 2009.01.14 Generic Packed
McAfee+Artemis 5495 2009.01.14 Generic Packed
Microsoft 1.4205 2009.01.15 -
NOD32 3767 2009.01.15 -
Norman 5.93.01 2009.01.13 W32/Malware.dam
Panda 9.5.1.2 2009.01.14 -
PCTools 4.4.2.0 2009.01.14 Trojan.Agent.EAPN
Prevx1 V2 2009.01.15 System Back Door
Rising 21.12.30.00 2009.01.15 -
SecureWeb-Gateway 6.7.6 2009.01.15 Virus.UKMalw.LB
Sophos 4.37.0 2009.01.15 -
Sunbelt 3.2.1831.2 2009.01.09 Trojan-PWS.LegMir
Symantec 10 2009.01.15 Backdoor.EggDrop
TheHacker 6.3.1.4.220 2009.01.14 Trojan/Legmir.gen
TrendMicro 8.700.0.1004 2009.01.14 TROJ_LEGMIR.AL
VBA32 3.12.8.10 2009.01.14 Trojan.PWS.Legmir
ViRobot 2009.1.14.1559 2009.01.14 Trojan.Win32.PSWLmir.61440.C
VirusBuster 4.5.11.0 2009.01.14 Trojan.Agent.EAPN

Additional information
File size: 61440 bytes
MD5...: 9a667611eb788402ccadd829e29a4184
SHA1..: 1b28150e07c4da97c7f343f63acf8a468a5f3733
SHA256: 4849c6b6f0575b511cbdda7ae3cbb6d88520b7093db32d5279 1c022d2526aa32
SHA512: 6efc167db4174c8cb31041b4c6dbf07edd7691e1b4855748c8 24d9e566633daa<BR>c1d5c8ba06f9ea2373f9c6711aff67eeadf6056094b99e8bf5 77a23d35ed8fb3<BR>
ssdeep: 768:nsj44SFkaaLPP+GizfclAzfvy1NQ/zY09OiJos/yQ:U44xeGYnzfvy1NQGio<BR>s7<BR>
PEiD..: Armadillo v1.71

Hanson
15.01.2009, 16:26
Файл autorun.inf

Файл avz00001.dta получен 2009.01.15 12:06:46 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 19/39 (48.72%)
Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.15 Trojan.Autorun.TE!IK
AhnLab-V3 2009.1.15.0 2009.01.15 -
AntiVir 7.9.0.54 2009.01.15 -
Authentium 5.1.0.4 2009.01.14 -
Avast 4.8.1281.0 2009.01.14 BV:AutoRun-G
AVG 8.0.0.229 2009.01.15 Worm/AutoRun.BR
BitDefender 7.2 2009.01.15 Trojan.Autorun.TE
CAT-QuickHeal 10.00 2009.01.15 -
ClamAV 0.94.1 2009.01.15 BAT.Autorun-8
Comodo 932 2009.01.15 -
DrWeb 4.44.0.09170 2009.01.15 -
eSafe 7.0.17.0 2009.01.14 -
eTrust-Vet 31.6.6309 2009.01.15 INF/Hamweq
F-Prot 4.4.4.56 2009.01.14 -
F-Secure 8.0.14470.0 2009.01.15 BAT/AutoRun.AE
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.15 Trojan.Autorun.TE
Ikarus T3.1.1.45.0 2009.01.15 Trojan.Autorun.TE
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.15 -
McAfee 5495 2009.01.14 Generic!atr
McAfee+Artemis 5495 2009.01.14 Generic!atr
Microsoft 1.4205 2009.01.15 Worm:Win32/Hamweq!inf
NOD32 3768 2009.01.15 -
Norman 5.93.01 2009.01.13 BAT/AutoRun.AE
nProtect 2009.1.8.0 2009.01.15 Trojan.Autorun.TE
Panda 9.5.1.2 2009.01.14 -
PCTools 4.4.2.0 2009.01.14 -
Prevx1 V2 2009.01.15 -
Rising 21.12.32.00 2009.01.15 -
SecureWeb-Gateway 6.7.6 2009.01.15 -
Sophos 4.37.0 2009.01.15 W32/HostInf-A
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.15 -
TheHacker 6.3.1.4.220 2009.01.14 Trojan/Small.autorun
TrendMicro 8.700.0.1004 2009.01.15 Mal_Otorun1
VBA32 3.12.8.10 2009.01.14 -
ViRobot 2009.1.15.1560 2009.01.15 INF.Autorun.274.K
VirusBuster 4.5.11.0 2009.01.14 INF.Autorun.Gen

Добавлено через 2 часа 9 минут

Файл twex_exe получен 2009.01.15 14:17:59 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 19/39 (48.72%)


Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.15 -
AhnLab-V3 2009.1.15.0 2009.01.15 Win32/IRCBot.worm.variant
AntiVir 7.9.0.54 2009.01.15 -
Authentium 5.1.0.4 2009.01.14 -
Avast 4.8.1281.0 2009.01.14 Win32:Zbot-AVH
AVG 8.0.0.229 2009.01.15 Generic12.WWQ
BitDefender 7.2 2009.01.15 Backdoor.Bot.68054
CAT-QuickHeal 10.00 2009.01.15 -
ClamAV 0.94.1 2009.01.15 Trojan.Zbot-2903
Comodo 932 2009.01.15 -
DrWeb 4.44.0.09170 2009.01.15 Trojan.PWS.Panda.31
eSafe 7.0.17.0 2009.01.15 -
eTrust-Vet 31.6.6309 2009.01.15 Win32/VMalum.EKDU
F-Prot 4.4.4.56 2009.01.14 -
F-Secure 8.0.14470.0 2009.01.15 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.15 Backdoor.Bot.68054
Ikarus T3.1.1.45.0 2009.01.15 -
K7AntiVirus 7.10.584 2009.01.09 Trojan-Spy.Win32.Zbot.hme
Kaspersky 7.0.0.125 2009.01.15 -
McAfee 5495 2009.01.14 -
McAfee+Artemis 5495 2009.01.14 -
Microsoft 1.4205 2009.01.15 TrojanSpy:Win32/Zbot.gen!C
NOD32 3768 2009.01.15 a variant of Win32/Kryptik.DB
Norman 5.93.01 2009.01.13 W32/Malware.EQSW
nProtect 2009.1.8.0 2009.01.15 Trojan-Spy/W32.ZBot.148480
Panda 9.5.1.2 2009.01.14 -
PCTools 4.4.2.0 2009.01.15 -
Prevx1 V2 2009.01.15 -
Rising 21.12.32.00 2009.01.15 Trojan.Spy.Win32.Zbot.fak
SecureWeb-Gateway 6.7.6 2009.01.15 -
Sophos 4.37.0 2009.01.15 Mal/Zbot-H
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.15 Infostealer.Banker.C
TheHacker 6.3.1.4.220 2009.01.14 Trojan/Spy.Zbot.hme
TrendMicro 8.700.0.1004 2009.01.15 -
VBA32 3.12.8.10 2009.01.14 Trojan-Spy.Win32.Zbot.hme
ViRobot 2009.1.15.1560 2009.01.15 -
VirusBuster 4.5.11.0 2009.01.14 TrojanSpy.ZBot.Gen!Pac.6

Добавлено через 1 минуту

Файл pe044_sys получен 2009.01.15 14:15:44 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 12/39 (30.77%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.15 Virus.Win32.Agent.VGV!IK
AhnLab-V3 2009.1.15.0 2009.01.15 -
AntiVir 7.9.0.54 2009.01.15 -
Authentium 5.1.0.4 2009.01.14 -
Avast 4.8.1281.0 2009.01.14 Win32:Agent-VGV
AVG 8.0.0.229 2009.01.15 BackDoor.Ntrootkit.AM
BitDefender 7.2 2009.01.15 Trojan.Dropper.SFO
CAT-QuickHeal 10.00 2009.01.15 -
ClamAV 0.94.1 2009.01.15 -
Comodo 932 2009.01.15 -
DrWeb 4.44.0.09170 2009.01.15 -
eSafe 7.0.17.0 2009.01.15 -
eTrust-Vet 31.6.6309 2009.01.15 -
F-Prot 4.4.4.56 2009.01.14 -
F-Secure 8.0.14470.0 2009.01.15 Trojan-Dropper.Win32.Agent.stj
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.15 Trojan.Dropper.SFO
Ikarus T3.1.1.45.0 2009.01.15 Virus.Win32.Agent.VGV
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.15 Trojan-Dropper.Win32.Agent.stj
McAfee 5495 2009.01.14 -
McAfee+Artemis 5495 2009.01.14 -
Microsoft 1.4205 2009.01.15 -
NOD32 3768 2009.01.15 -
Norman 5.93.01 2009.01.13 -
nProtect 2009.1.8.0 2009.01.15 Trojan.Dropper.SFO
Panda 9.5.1.2 2009.01.14 -
PCTools 4.4.2.0 2009.01.15 -
Prevx1 V2 2009.01.15 -
Rising 21.12.32.00 2009.01.15 Dropper.Win32.Cutwail.t
SecureWeb-Gateway 6.7.6 2009.01.15 -
Sophos 4.37.0 2009.01.15 -
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.15 Trojan.Pandex
TheHacker 6.3.1.4.220 2009.01.14 -
TrendMicro 8.700.0.1004 2009.01.15 TROJ_DROPPER.AXR
VBA32 3.12.8.10 2009.01.14 -
ViRobot 2009.1.15.1560 2009.01.15 -
VirusBuster 4.5.11.0 2009.01.14 -

senyak
15.01.2009, 22:12
Файл A0010364.exe получен 2009.01.15 19:57:03 (CET)
Текущий статус: закончено
Результат: 18/38 (47.37%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.15 Virus.Win32.Trojan!IK
AhnLab-V3 2009.1.15.0 2009.01.15 -
AntiVir 7.9.0.54 2009.01.15 Worm/SdBot.IW
Authentium 5.1.0.4 2009.01.15 -
Avast 4.8.1281.0 2009.01.15 Win32:Trojan-gen {Other}
AVG 8.0.0.229 2009.01.15 -
BitDefender 7.2 2009.01.15 Backdoor.Bot.8454
CAT-QuickHeal 10.00 2009.01.15 -
ClamAV 0.94.1 2009.01.15 -
Comodo 932 2009.01.15 -
DrWeb 4.44.0.09170 2009.01.15 -
eSafe 7.0.17.0 2009.01.15 SuspiciousR-Mytob3
eTrust-Vet 31.6.6309 2009.01.15 -
F-Prot 4.4.4.56 2009.01.15 -
F-Secure 8.0.14470.0 2009.01.15 -
Fortinet 3.117.0.0 2009.01.15 PossibleThreat
GData 19 2009.01.15 Backdoor.Bot.8454
Ikarus T3.1.1.45.0 2009.01.15 Virus.Win32.Trojan
K7AntiVirus 7.10.584 2009.01.09 Backdoor.Win32.SdBot.AEGC
Kaspersky 7.0.0.125 2009.01.15 -
McAfee 5496 2009.01.15 Generic.eb
McAfee+Artemis 5496 2009.01.15 Generic!Artemis
Microsoft 1.4205 2009.01.15 -
NOD32 3769 2009.01.15 -
Norman 5.93.01 2009.01.15 -
nProtect 2009.1.8.0 2009.01.15 -
Panda 9.5.1.2 2009.01.14 W32/Gaobot.OXI.worm
PCTools 4.4.2.0 2009.01.15 -
Prevx1 V2 2009.01.15 System Back Door
Rising 21.12.32.00 2009.01.15 Backdoor.SdBot.syt
SecureWeb-Gateway 6.7.6 2009.01.15 Worm.SdBot.IW
Sophos 4.37.0 2009.01.15 -
Sunbelt 3.2.1831.2 2009.01.09 Backdoor.SDBot
Symantec 10 2009.01.15 W32.IRCBot
TheHacker 6.3.1.4.220 2009.01.14 -
TrendMicro 8.700.0.1004 2009.01.15 BKDR_SDBOT.EMK
ViRobot 2009.1.15.1560 2009.01.15 -
VirusBuster 4.5.11.0 2009.01.15 -
File size: 3081895 bytes
MD5...: 72a571e7fc21d88228d44fdc59dc5c6d
SHA1..: c30951ece7962e9791bb5860981d71065a8a7051
SHA256: 9b3b3d7eccfc1207889a2923270f570d53d38236ac261139ea 6bc87b30c11b53
SHA512: 057d006d4a61f46d397f45271b1dedc073e0763bbb2d78d33b dfb80fb31e8f66
eeb1d6fd8e0e10ab0cbe806f6f602196b5e8a1850dbabd0eb9 1291fabc429c1b
ssdeep: 49152:xZYrlj+PSaHxZPiefYmLeV9Ia0Uvpz0y43s7HC3dACmZ fEPXbFqIpZ:e95
MLPiiYs2B0yI3UHC32CmJEDEI7
PEiD..: -



Файл imcast.exe получен 2009.01.15 20:07:37 (CET)
Текущий статус: закончено
Результат: 17/39 (43.59%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.15 Virus.Win32.Trojan!IK
AhnLab-V3 2009.1.15.0 2009.01.15 -
AntiVir 7.9.0.54 2009.01.15 Worm/SdBot.IW
Authentium 5.1.0.4 2009.01.15 -
Avast 4.8.1281.0 2009.01.15 Win32:Trojan-gen {Other}
AVG 8.0.0.229 2009.01.15 -
BitDefender 7.2 2009.01.15 Backdoor.Bot.8454
CAT-QuickHeal 10.00 2009.01.15 -
ClamAV 0.94.1 2009.01.15 -
Comodo 932 2009.01.15 Unclassified Malware
DrWeb 4.44.0.09170 2009.01.15 -
eSafe 7.0.17.0 2009.01.15 SuspiciousR-Mytob3
eTrust-Vet 31.6.6309 2009.01.15 -
F-Prot 4.4.4.56 2009.01.15 -
F-Secure 8.0.14470.0 2009.01.15 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.15 Backdoor.Bot.8454
Ikarus T3.1.1.45.0 2009.01.15 Virus.Win32.Trojan
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.15 -
McAfee 5496 2009.01.15 -
McAfee+Artemis 5496 2009.01.15 Generic!Artemis
Microsoft 1.4205 2009.01.15 -
NOD32 3769 2009.01.15 -
Norman 5.93.01 2009.01.15 W32/SDBot.AEGC
nProtect 2009.1.8.0 2009.01.15 Backdoor.Bot.8454
Panda 9.5.1.2 2009.01.14 W32/Gaobot.OXI.worm
PCTools 4.4.2.0 2009.01.15 -
Prevx1 V2 2009.01.15 System Back Door
Rising 21.12.32.00 2009.01.15 Backdoor.SdBot.syt
SecureWeb-Gateway 6.7.6 2009.01.15 Worm.SdBot.IW
Sophos 4.37.0 2009.01.15 -
Sunbelt 3.2.1831.2 2009.01.09 Backdoor.SDBot
Symantec 10 2009.01.15 W32.IRCbot
TheHacker 6.3.1.4.220 2009.01.14 -
TrendMicro 8.700.0.1004 2009.01.15 -
VBA32 3.12.8.10 2009.01.14 -
ViRobot 2009.1.15.1560 2009.01.15 -
VirusBuster 4.5.11.0 2009.01.15 -
Дополнительная информация
File size: 2084864 bytes
MD5...: b43ddd1591bb03fdcaa6db6a4b5def3e
SHA1..: 021edd86872c4212f1774b8fa4132a441da70255
SHA256: 694b76a4d42b814107e990de7abc84771c69fa5142e0ffd500 1aa3a5d3f2c89f
SHA512: 3f76391a4732cc372875f540ab1456782015e06a7c8e6b4d83 f1f1de72b39754
96c9bc36f3127cd3e867ed0e3b64e4fe14cadb08f4181f8d62 e5cc46a4b4378a
ssdeep: 24576:qUXiFqZWuBMdWHwbAcXx1XqYsZ63bl7fPcD9lehwhmbT sOsbK7vn4VNdjl
6QppDM:7sFu6pXx160I1CUNrbM0oNlCVGT
PEiD..: Armadillo v1.71

ISO
16.01.2009, 05:42
File autochk.dll received on 01.16.2009 03:29:33 (CET)
Result: 10/39 (25.65%)



Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.16 -
AhnLab-V3 2009.1.15.0 2009.01.15 -
AntiVir 7.9.0.55 2009.01.15 TR/Spy.Gen
Authentium 5.1.0.4 2009.01.15 -
Avast 4.8.1281.0 2009.01.15 Win32:Spyware-gen
AVG 8.0.0.229 2009.01.15 -
BitDefender 7.2 2009.01.16 Trojan.Generic.1275934
CAT-QuickHeal 10.00 2009.01.15 -
ClamAV 0.94.1 2009.01.15 -
Comodo 932 2009.01.15 -
DrWeb 4.44.0.09170 2009.01.15 -
eSafe 7.0.17.0 2009.01.15 -
eTrust-Vet 31.6.6309 2009.01.15 -
F-Prot 4.4.4.56 2009.01.15 -
F-Secure 8.0.14470.0 2009.01.16 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.16 Trojan.Generic.1275934
Ikarus T3.1.1.45.0 2009.01.16 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.16 -
McAfee 5496 2009.01.15 -
McAfee+Artemis 5496 2009.01.15 -
Microsoft 1.4205 2009.01.16 -
NOD32 3769 2009.01.15 -
Norman 5.93.01 2009.01.15 W32/Malware.EVEF
nProtect 2009.1.8.0 2009.01.16 Trojan.Generic.1275934
Panda 9.5.1.2 2009.01.15 Generic Trojan
PCTools 4.4.2.0 2009.01.15 -
Prevx1 V2 2009.01.16 Worm
Rising 21.12.32.00 2009.01.15 -
SecureWeb-Gateway 6.7.6 2009.01.16 Trojan.Spy.Gen
Sophos 4.37.0 2009.01.16 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.16 -
TheHacker 6.3.1.4.220 2009.01.14 -
TrendMicro 8.700.0.1004 2009.01.15 TSPY_AGENT.ZZR
VBA32 3.12.8.10 2009.01.14 -
ViRobot 2009.1.15.1560 2009.01.15 -
VirusBuster 4.5.11.0 2009.01.15 -

Additional information
File size: 16384 bytes
MD5...: 864b2ab9501c5be2a824d5863e139ed8
SHA1..: 0ddcac074bc254b97ab0dbbf0bdef1bd799b128c
SHA256: 8e8258a7249614ac9838df5ceadde908463eda2ce22278b8b6 a2b6b0c85bef22
SHA512: 75b8ffe8172aa29a664ec1bf0b309132f4254541d9c4d2a1c5 48ce8ae462784b
892a2279ea6e973d102c49501b51e17a732a8799d650bdb166 7270f93116cbfa
ssdeep: 384:8hqiM6cZM19GxfyT/UiSc7XSLdpZKvBpZVB5Y+T:uNKIUiSPLdXcBDVB

senyak
16.01.2009, 18:06
Файл smspodmenka.jar получен 2009.01.16 16:01:13 (CET)
Текущий статус: закончено
Результат: 10/39 (25.65%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.16 Trojan-SMS.J2ME.Swapi!IK
AhnLab-V3 2009.1.15.0 2009.01.16 -
AntiVir 7.9.0.55 2009.01.16 -
Authentium 5.1.0.4 2009.01.16 -
Avast 4.8.1281.0 2009.01.16 Other:Malware-gen
AVG 8.0.0.229 2009.01.16 -
BitDefender 7.2 2009.01.16 -
CAT-QuickHeal 10.00 2009.01.16 -
ClamAV 0.94.1 2009.01.16 -
Comodo 933 2009.01.16 TrojWare.J2ME.SMS.Swapi.c
DrWeb 4.44.0.09170 2009.01.16 Java.SMSSend.1
eSafe 7.0.17.0 2009.01.15 -
eTrust-Vet 31.6.6311 2009.01.16 -
F-Prot 4.4.4.56 2009.01.15 -
F-Secure 8.0.14470.0 2009.01.16 Trojan-SMS.J2ME.Swapi.c
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.16 Other:Malware-gen
Ikarus T3.1.1.45.0 2009.01.16 Trojan-SMS.J2ME.Swapi
K7AntiVirus 7.10.593 2009.01.16 -
Kaspersky 7.0.0.125 2009.01.16 Trojan-SMS.J2ME.Swapi.c
McAfee 5496 2009.01.15 -
McAfee+Artemis 5496 2009.01.15 -
Microsoft 1.4205 2009.01.16 Trojan:Java/Swapi.C
NOD32 3771 2009.01.16 -
Norman 5.93.01 2009.01.16 -
nProtect 2009.1.8.0 2009.01.16 -
Panda 9.5.1.2 2009.01.15 -
PCTools 4.4.2.0 2009.01.16 -
Prevx1 V2 2009.01.16 Cloaked Malware
Rising 21.12.42.00 2009.01.16 -
SecureWeb-Gateway 6.7.6 2009.01.16 -
Sophos 4.37.0 2009.01.16 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.16 -
TheHacker 6.3.1.4.220 2009.01.14 -
TrendMicro 8.700.0.1004 2009.01.16 -
VBA32 3.12.8.10 2009.01.16 -
ViRobot 2009.1.16.1562 2009.01.16 -
VirusBuster 4.5.11.0 2009.01.15 -
Дополнительная информация
File size: 4293 bytes
MD5...: 8c04cde53fbf4c00ed53c0ad3fd0d3e7
SHA1..: 8a802bb7b53c2e5353c5ec490ab963c423b85e97
SHA256: 7391c65fa3d89fa33f75933b6f4790982a2340719ca35a5f86 cfd56b33555b93
SHA512: aafdfadad9e826c723f911760f5ae8bf661b24bcc11d455d55 c224a84b86daab
9b0a44745f9a0ddf81b8088e2761158d9eca27f72abb629f05 8f4991c500b89e
ssdeep: 96:gcFXq9sIgtFSf9rph6w2TXX4qbvtmH+0vv/hXUhSi1YJ:gcFXEskH2TYAvIXn
/hINO
PEiD..: -

kvit
18.01.2009, 16:04
Еще один Trojan-SMS.J2ME.Swapi.c

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.18 -
AhnLab-V3 2009.1.15.0 2009.01.17 -
AntiVir 7.9.0.57 2009.01.17 -
Authentium 5.1.0.4 2009.01.17 -
Avast 4.8.1281.0 2009.01.16 Other:Malware-gen
AVG 8.0.0.229 2009.01.17 -
BitDefender 7.2 2009.01.18 -
CAT-QuickHeal 10.00 2009.01.17 -
ClamAV 0.94.1 2009.01.18 -
Comodo 935 2009.01.18 -
DrWeb 4.44.0.09170 2009.01.18 -
eSafe 7.0.17.0 2009.01.15 -
eTrust-Vet 31.6.6312 2009.01.17 -
F-Prot 4.4.4.56 2009.01.17 -
F-Secure 8.0.14470.0 2009.01.18 Trojan-SMS.J2ME.Swapi.c
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.18 Other:Malware-gen
Ikarus T3.1.1.45.0 2009.01.18 -
K7AntiVirus 7.10.594 2009.01.17 -
Kaspersky 7.0.0.125 2009.01.18 Trojan-SMS.J2ME.Swapi.c
McAfee 5498 2009.01.17 -
McAfee+Artemis 5498 2009.01.17 -
Microsoft 1.4205 2009.01.18 Trojan:Java/Swapi.C
NOD32 3774 2009.01.17 -
Norman 5.93.01 2009.01.16 -
nProtect 2009.1.8.0 2009.01.16 -
Panda 9.5.1.2 2009.01.18 -
PCTools 4.4.2.0 2009.01.18 -
Prevx1 V2 2009.01.18 -
Rising 21.12.62.00 2009.01.18 -
SecureWeb-Gateway 6.7.6 2009.01.17 -
Sophos 4.37.0 2009.01.18 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.18 -
TheHacker 6.3.1.5.222 2009.01.17 -
TrendMicro 8.700.0.1004 2009.01.16 -
VBA32 3.12.8.10 2009.01.17 -
ViRobot 2009.1.17.1563 2009.01.17 -
VirusBuster 4.5.11.0 2009.01.17 -

Дополнительная информация
File size: 270636 bytes
MD5...: 92155ab7dffbdbb37a2169d5636d1bb9
SHA1..: da0552b3bdd38e6387d1b5d683a1575accfb51f7
SHA256: 7d3045aa6ad2cf61c62be16f77e2b4f0a94d0540788f3a2e91 53bda802323b13
SHA512: 48b1a85bdc78cd0d8c3510293b0f7d9c566468b2e32d1bc59b 0625136bbcefcb
0aed2771a7cd51c3a545bad1211b180a00fd9278e0c07c8f36 888edab34a59d5
ssdeep: 6144:QTNF0BUjiQAIqDSwI6vI3/IRKyXWXDLeNLU29JCZEvVBuNN4y7WLbUz1:Qx
F0BUjVAIqDSP6K/E2DKNAJEvKNN4y1
PEiD..: -
TrID..: File type identification
ZIP compressed archive (99.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: -
packers (Kaspersky): PE_Patch

ISO
18.01.2009, 19:49
File sieft.jar received on 01.18.2009 17:25:24 (CET)
Result: 4/39 (10.26%)


Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.18 -
AhnLab-V3 2009.1.15.0 2009.01.17 -
AntiVir 7.9.0.57 2009.01.18 -
Authentium 5.1.0.4 2009.01.17 -
Avast 4.8.1281.0 2009.01.16 -
AVG 8.0.0.229 2009.01.18 -
BitDefender 7.2 2009.01.18 -
CAT-QuickHeal 10.00 2009.01.17 -
ClamAV 0.94.1 2009.01.18 -
Comodo 935 2009.01.18 -
DrWeb 4.44.0.09170 2009.01.18 Java.SMSSend.16
eSafe 7.0.17.0 2009.01.18 -
eTrust-Vet 31.6.6312 2009.01.17 -
F-Prot 4.4.4.56 2009.01.17 -
F-Secure 8.0.14470.0 2009.01.18 Trojan-SMS.J2ME.Swapi.e
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.18 -
Ikarus T3.1.1.45.0 2009.01.18 -
K7AntiVirus 7.10.594 2009.01.17 -
Kaspersky 7.0.0.125 2009.01.18 Trojan-SMS.J2ME.Swapi.e
McAfee 5499 2009.01.18 -
McAfee+Artemis 5499 2009.01.18 -
Microsoft 1.4205 2009.01.18 Trojan:Java/Swapi.D
NOD32 3774 2009.01.17 -
Norman 5.93.01 2009.01.16 -
nProtect 2009.1.8.0 2009.01.16 -
Panda 9.5.1.2 2009.01.18 -
PCTools 4.4.2.0 2009.01.18 -
Prevx1 V2 2009.01.18 -
Rising 21.12.62.00 2009.01.18 -
SecureWeb-Gateway 6.7.6 2009.01.18 -
Sophos 4.37.0 2009.01.18 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.18 -
TheHacker 6.3.1.5.222 2009.01.17 -
TrendMicro 8.700.0.1004 2009.01.16 -
VBA32 3.12.8.10 2009.01.18 -
ViRobot 2009.1.17.1563 2009.01.17 -
VirusBuster 4.5.11.0 2009.01.18 -

Additional information
File size: 7344 bytes
MD5...: fb0b4fbc04537f62e9db46798b5812b5
SHA1..: b592881a2aa87954a609440cc66c7a459231abfb
SHA256: 88b12b0f7609f2aa10a1196ad98d54fb394fa7b5a86d2bc122 b746a7ac7da2a4
SHA512: c50fc2ab50edb4b99e695b17220443569f2a2934b94a425eaf 38c03b4f2b2daf
2690e824040a98510baa0c53adffee208492450134f61f50aa fadc017d942d2a
ssdeep: 192:/n15HNaf6Kbz/jCU1JHaIWbTWcMv5c+BPiGlXSsArz:/n1yf6Qz/jCULHaIK
TzYKQ3LQ
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)

File icq_2oo9.jar received on 01.18.2009 17:19:41 (CET)
Result: 9/39 (23.08%)


Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.18 Trojan-SMS.J2ME.Swapi!IK
AhnLab-V3 2009.1.15.0 2009.01.17 -
AntiVir 7.9.0.57 2009.01.18 -
Authentium 5.1.0.4 2009.01.17 -
Avast 4.8.1281.0 2009.01.16 Other:Malware-gen
AVG 8.0.0.229 2009.01.18 -
BitDefender 7.2 2009.01.18 -
CAT-QuickHeal 10.00 2009.01.17 -
ClamAV 0.94.1 2009.01.18 -
Comodo 935 2009.01.18 TrojWare.J2ME.SMS.Swapi.c
DrWeb 4.44.0.09170 2009.01.18 Java.SMSSend.1
eSafe 7.0.17.0 2009.01.18 Suspicious File
eTrust-Vet 31.6.6312 2009.01.17 -
F-Prot 4.4.4.56 2009.01.17 -
F-Secure 8.0.14470.0 2009.01.18 Trojan-SMS.J2ME.Swapi.c
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.18 Other:Malware-gen
Ikarus T3.1.1.45.0 2009.01.18 Trojan-SMS.J2ME.Swapi
K7AntiVirus 7.10.594 2009.01.17 -
Kaspersky 7.0.0.125 2009.01.18 -
McAfee 5499 2009.01.18 -
McAfee+Artemis 5499 2009.01.18 -
Microsoft None 2009.01.18 -
NOD32 3774 2009.01.17 -
Norman 5.93.01 2009.01.16 -
nProtect 2009.1.8.0 2009.01.16 -
Panda 9.5.1.2 2009.01.18 -
PCTools 4.4.2.0 2009.01.18 -
Prevx1 V2 2009.01.18 Cloaked Malware
Rising 21.12.62.00 2009.01.18 -
SecureWeb-Gateway 6.7.6 2009.01.18 -
Sophos 4.37.0 2009.01.18 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.18 -
TheHacker 6.3.1.5.222 2009.01.17 -
TrendMicro 8.700.0.1004 2009.01.16 -
VBA32 3.12.8.10 2009.01.18 -
ViRobot 2009.1.17.1563 2009.01.17 -
VirusBuster 4.5.11.0 2009.01.18 -

Additional information
File size: 399289 bytes
MD5...: 02d11fb4aeeeb3af16fe0e6df959dc5d
SHA1..: b5db56bd7c5f0f80d58df7a5a8396c84666ba656
SHA256: 6546fcb34c4b82fb3d0c3417ea6a8bde4c97c4ec536410e950 914dd91e4b5433
SHA512: a54785e8f65986cf24464706dccba4030a0abce0884eb0290d 8f8ef37e63b77f
0a18eb94ec9037b70ca14b03ade4ecec6e04d7efe56270a24c 31dbf1d7323869
ssdeep: 12288:QxF0BUjVAIqDSP6K/E2DKNAJEvKNN4yWfUzoCgICAOKWKH8OA:83jVAItC
Kc2DVqvKDWBICzKWKHo
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

Hanson
19.01.2009, 16:15
Файл twext.exe получен 2009.01.19 14:06:45 (CET)
Текущий статус:
Результат: 10/39 (25.65%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.19 -
AhnLab-V3 2009.1.15.0 2009.01.19 Win-Trojan/Zbot.60416
AntiVir 7.9.0.57 2009.01.19 -
Authentium 5.1.0.4 2009.01.18 -
Avast 4.8.1281.0 2009.01.18 Win32:Zbot-AXP
AVG 8.0.0.229 2009.01.19 Win32/Cryptor
BitDefender 7.2 2009.01.19 MemScan:Trojan.Spy.ZBot.MK
CAT-QuickHeal 10.00 2009.01.19 -
ClamAV 0.94.1 2009.01.19 -
Comodo 937 2009.01.19 -
DrWeb 4.44.0.09170 2009.01.19 -
eSafe 7.0.17.0 2009.01.19 -
eTrust-Vet 31.6.6315 2009.01.19 -
F-Prot 4.4.4.56 2009.01.18 -
F-Secure 8.0.14470.0 2009.01.19 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.19 MemScan:Trojan.Spy.ZBot.MK
Ikarus T3.1.1.45.0 2009.01.19 -
K7AntiVirus 7.10.594 2009.01.17 -
Kaspersky 7.0.0.125 2009.01.19 -
McAfee 5499 2009.01.18 -
McAfee+Artemis 5499 2009.01.18 -
Microsoft 1.4205 2009.01.19 Trojan:Win32/Zbot.BX
NOD32 3777 2009.01.19 a variant of Win32/Kryptik.FH
Norman 5.93.01 2009.01.16 -
nProtect 2009.1.8.0 2009.01.19 Trojan.Spy.ZBot.PE
Panda 9.5.1.2 2009.01.19 -
PCTools 4.4.2.0 2009.01.19 -
Prevx1 V2 2009.01.19 -
Rising 21.13.02.00 2009.01.19 -
SecureWeb-Gateway 6.7.6 2009.01.19 -
Sophos 4.37.0 2009.01.19 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.19 -
TheHacker 6.3.1.5.223 2009.01.18 -
TrendMicro 8.700.0.1004 2009.01.19 TSPY_ZBOT.CAR
VBA32 3.12.8.10 2009.01.18 -
ViRobot 2009.1.19.1565 2009.01.19 -
VirusBuster 4.5.11.0 2009.01.18 TrojanSpy.ZBot.Gen!Pac.7

senyak
20.01.2009, 10:25
Файл dwr получен 2009.01.20 08:10:59 (CET)
Текущий статус: закончено
Результат: 9/39 (23.08%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.20 -
AhnLab-V3 2009.1.20.1 2009.01.20 -
AntiVir 7.9.0.57 2009.01.19 EXP/Pidief.IM.1
Authentium 5.1.0.4 2009.01.19 -
Avast 4.8.1281.0 2009.01.19 JS:Pdfka-AD
AVG 8.0.0.229 2009.01.20 -
BitDefender 7.2 2009.01.20 Exploit.PDF-JS.Gen.C03
CAT-QuickHeal 10.00 2009.01.20 -
ClamAV 0.94.1 2009.01.19 -
Comodo 937 2009.01.19 -
DrWeb 4.44.0.09170 2009.01.20 Exploit.PDF.55
eSafe 7.0.17.0 2009.01.19 -
eTrust-Vet 31.6.6315 2009.01.19 -
F-Prot 4.4.4.56 2009.01.19 -
F-Secure 8.0.14470.0 2009.01.20 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.20 JS:Pdfka-AD
Ikarus T3.1.1.45.0 2009.01.20 -
K7AntiVirus 7.10.595 2009.01.19 -
Kaspersky 7.0.0.125 2009.01.20 -
McAfee 5500 2009.01.19 -
McAfee+Artemis 5500 2009.01.19 -
Microsoft 1.4205 2009.01.20 Exploit:JS/Mult.BC
NOD32 3779 2009.01.19 -
Norman 5.93.01 2009.01.19 -
nProtect 2009.1.8.0 2009.01.20 Exploit.PDF-JS.Gen.C03
Panda 9.5.1.2 2009.01.19 -
PCTools 4.4.2.0 2009.01.19 -
Prevx1 V2 2009.01.20 -
Rising 21.13.11.00 2009.01.20 -
SecureWeb-Gateway 6.7.6 2009.01.19 Exploit.Pidief.IM.1
Sophos 4.37.0 2009.01.20 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.20 Bloodhound.Exploit.196
TheHacker 6.3.1.5.224 2009.01.20 -
TrendMicro 8.700.0.1004 2009.01.20 -
VBA32 3.12.8.10 2009.01.19 -
ViRobot 2009.1.20.1567 2009.01.20 -
VirusBuster 4.5.11.0 2009.01.19 -
Дополнительная информация
File size: 3531 bytes
MD5...: d4f84d9711c10c0ac8f995fbe4586f1c
SHA1..: a37d910fbc6a89300ed417e5f7ad4c93a61e67f4
SHA256: 8b679f236ece2e417a9923355eaf072d55211dea2cd3e2d7b9 1e8a40a84f6f2c
SHA512: a87bc4131b376dd79bef14e0a3c8ecb08e0dcf2f91e6ab9032 f6f5276251f1da
dcb88eef49e2b713040ccd7bb9ec248b1c52e02de2c8029bd4 d69d77707535aa
ssdeep: 96:rDg51rRORkqkrYyrKeH6yDQ18lORWC4CQX69XPz9V1YmOjr t1cKOUNrcGvhLM
iKh:f+1rROqqkrYkKeH6yDQm0QCNLiHrt/C
PEiD..: -

Hanson
20.01.2009, 11:11
Файл mycentrialinstall_exe получен 2009.01.20 09:03:23 (CET)
Текущий статус:
Результат: 2/38 (5.27%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.20 -
AhnLab-V3 5.0.0.2 2009.01.20 -
AntiVir 7.9.0.57 2009.01.19 -
Authentium 5.1.0.4 2009.01.19 -
Avast 4.8.1281.0 2009.01.19 -
AVG 8.0.0.229 2009.01.20 -
BitDefender 7.2 2009.01.20 -
CAT-QuickHeal 10.00 2009.01.20 -
ClamAV 0.94.1 2009.01.19 -
Comodo 937 2009.01.19 -
DrWeb 4.44.0.09170 2009.01.20 Trojan.Mycentria.22
eSafe 7.0.17.0 2009.01.19 -
eTrust-Vet 31.6.6315 2009.01.19 -
F-Prot 4.4.4.56 2009.01.19 -
F-Secure 8.0.14470.0 2009.01.20 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.20 -
Ikarus T3.1.1.45.0 2009.01.20 -
K7AntiVirus 7.10.595 2009.01.19 -
Kaspersky 7.0.0.125 2009.01.20 -
McAfee 5500 2009.01.19 -
McAfee+Artemis 5500 2009.01.19 -
Microsoft 1.4205 2009.01.20 -
NOD32 3779 2009.01.19 -
Norman 5.93.01 2009.01.19 -
nProtect 2009.1.8.0 2009.01.20 -
Panda 9.5.1.2 2009.01.19 -
PCTools 4.4.2.0 2009.01.19 -
Prevx1 V2 2009.01.20 Malicious Software
Rising 21.13.11.00 2009.01.20 -
SecureWeb-Gateway 6.7.6 2009.01.20 -
Sophos 4.37.0 2009.01.20 -
Sunbelt 3.2.1835.2 2009.01.16 -
TheHacker 6.3.1.5.224 2009.01.20 -
TrendMicro 8.700.0.1004 2009.01.20 -
VBA32 3.12.8.10 2009.01.19 -
ViRobot 2009.1.20.1567 2009.01.20 -
VirusBuster 4.5.11.0 2009.01.19 -

senyak
20.01.2009, 15:16
Пришло по Скайпу :blink:

Файл Appetite.exe получен 2009.01.20 13:05:32 (CET)
Текущий статус: закончено
Результат: 7/39 (17.95%)
Антивирус Версия Обновление Результат

a-squared 4.0.0.73 2009.01.20 -
AhnLab-V3 5.0.0.2 2009.01.20 -
AntiVir 7.9.0.57 2009.01.20 -
Authentium 5.1.0.4 2009.01.19 -
Avast 4.8.1281.0 2009.01.20 -
AVG 8.0.0.229 2009.01.20 VB.GCS
BitDefender 7.2 2009.01.20 -
CAT-QuickHeal 10.00 2009.01.20 -
ClamAV 0.94.1 2009.01.19 -
Comodo 939 2009.01.20 -
DrWeb 4.44.0.09170 2009.01.20 Trojan.PWS.LDPinch.4182
eSafe 7.0.17.0 2009.01.19 -
eTrust-Vet 31.6.6317 2009.01.20 -
F-Prot 4.4.4.56 2009.01.19 -
F-Secure 8.0.14470.0 2009.01.20 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.20 -
Ikarus T3.1.1.45.0 2009.01.20 -
K7AntiVirus 7.10.596 2009.01.20 -
Kaspersky 7.0.0.125 2009.01.20 -
McAfee 5500 2009.01.19 -
McAfee+Artemis 5500 2009.01.19 -
Microsoft 1.4205 2009.01.20 VirTool:Win32/Vbinder.P
NOD32 3780 2009.01.20 a variant of Win32/Injector.GZ
Norman 5.93.01 2009.01.19 -
nProtect 2009.1.8.0 2009.01.20 Backdoor/W32.Poison.44132
Panda 9.5.1.2 2009.01.19 -
PCTools 4.4.2.0 2009.01.20 -
Prevx1 V2 2009.01.20 Malicious Software
Rising 21.13.11.00 2009.01.20 -
SecureWeb-Gateway 6.7.6 2009.01.20 -
Sophos 4.37.0 2009.01.20 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.20 -
TheHacker 6.3.1.5.224 2009.01.20 -
TrendMicro 8.700.0.1004 2009.01.20 -
VBA32 3.12.8.10 2009.01.19 -
ViRobot 2009.1.20.1569 2009.01.20 Backdoor.Win32.Poison.85092
VirusBuster 4.5.11.0 2009.01.19 -
Дополнительная информация
File size: 94808 bytes
MD5...: 8db69261d86a6153088d5b8c90af781b
SHA1..: 66d37e63695aaa6c40357e92603ab0243d8dc566
SHA256: d69e5e385dd8df2ff1129d14646d490a0e53ae15dc0d061269 ce7c981c8fe0bf
SHA512: 91bf5dfe55a593f9b56a4ef34e4ab6ab2fbf957d9028daa6f9 eeca1eeb66c98f
69ba8ac2a95129c1a0829bfd253924399af97ab8656bd82635 b24b786213fcc6
ssdeep: 1536:PYwF9WD05appBix2t3Gmb9p2bYABto8uvvZe8gMiibdqZ KKRawplK:QwF96
L+5mhoivxx5Ik
PEiD..: -

AlexGOMEL
22.01.2009, 11:29
Файл nppr.dll получен 2009.01.22 09:24:51 (CET)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.22 Backdoor.Win32.Bifrose!IK
AhnLab-V3 2009.1.22.2 2009.01.22 Win-Trojan/Mailfinder.17408
AntiVir 7.9.0.57 2009.01.22 TR/Vundo.Gen
Authentium 5.1.0.4 2009.01.22 -
Avast 4.8.1281.0 2009.01.21 -
AVG 8.0.0.229 2009.01.22 Win32/Heur
BitDefender 7.2 2009.01.22 MemScan:Trojan.MailFinder.B
CAT-QuickHeal 10.00 2009.01.22 -
ClamAV 0.94.1 2009.01.22 -
Comodo 940 2009.01.21 -
DrWeb 4.44.0.09170 2009.01.22 -
eSafe 7.0.17.0 2009.01.20 Win32.heur
eTrust-Vet 31.6.6321 2009.01.22 -
F-Prot 4.4.4.56 2009.01.21 -
F-Secure 8.0.14470.0 2009.01.22 -
Fortinet 3.117.0.0 2009.01.22 -
GData 19 2009.01.22 MemScan:Trojan.MailFinder.B
Ikarus T3.1.1.45.0 2009.01.22 Backdoor.Win32.Bifrose
K7AntiVirus 7.10.599 2009.01.22 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.01.22 -
McAfee 5502 2009.01.21 -
McAfee+Artemis 5502 2009.01.21 Generic!Artemis
Microsoft 1.4205 2009.01.22 PWS:Win32/Finsgra.A
NOD32 3787 2009.01.22 -
Norman 5.93.01 2009.01.21 W32/Virtumonde.AKHD
nProtect 2009.1.8.0 2009.01.22 MemScan:Trojan.MailFinder.B
Panda 9.5.1.2 2009.01.21 -
PCTools 4.4.2.0 2009.01.21 -
Prevx1 V2 2009.01.22 Worm
Rising 21.13.32.00 2009.01.22 -
SecureWeb-Gateway 6.7.6 2009.01.22 Trojan.Vundo.Gen
Sophos 4.37.0 2009.01.22 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.22 -
TheHacker 6.3.1.5.225 2009.01.21 -
TrendMicro 8.700.0.1004 2009.01.22 PAK_Generic.001
VBA32 3.12.8.10 2009.01.22 -
ViRobot 2009.1.22.1573 2009.01.22 -
VirusBuster 4.5.11.0 2009.01.21 -
Дополнительная информация
File size: 17408 bytes
MD5...: d88540b8d78ec22660b6372d26b6d81f
SHA1..: be18d8f8d8ff020e8c1c982b1f4b07271693dc8f

nppr.dll - Trojan-Mailfinder.Win32.Agent.xu
Детектирование файлов будет добавлено в следующее обновление.

senyak
22.01.2009, 20:24
Файл autorun2.inf.tmp получен 2009.01.22 18:20:26 (CET)
Текущий статус: закончено
Результат: 23/39 (58.98%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.22 Worm.Win32.AutoRun!IK
AhnLab-V3 5.0.0.2 2009.01.22 -
AntiVir 7.9.0.57 2009.01.22 TR/Spy.179
Authentium 5.1.0.4 2009.01.22 -
Avast 4.8.1281.0 2009.01.22 VBS:Malware-gen
AVG 8.0.0.229 2009.01.22 Worm/Small.2.D
BitDefender 7.2 2009.01.22 -
CAT-QuickHeal 10.00 2009.01.22 -
ClamAV 0.94.1 2009.01.22 -
Comodo 942 2009.01.22 Backdoor.Win32.Delf.AWS
DrWeb 4.44.0.09170 2009.01.22 Win32.HLLW.Autoruner
eSafe 7.0.17.0 2009.01.22 -
eTrust-Vet 31.6.6321 2009.01.22 INF/Liphew
F-Prot 4.4.4.56 2009.01.21 -
F-Secure 8.0.14470.0 2009.01.22 Worm.Win32.AutoRun.dms
Fortinet 3.117.0.0 2009.01.22 -
GData 19 2009.01.22 VBS:Malware-gen
Ikarus T3.1.1.45.0 2009.01.22 Worm.Win32.AutoRun
K7AntiVirus 7.10.599 2009.01.22 -
Kaspersky 7.0.0.125 2009.01.22 Worm.Win32.AutoRun.dms
McAfee 5502 2009.01.21 Generic!atr
McAfee+Artemis 5502 2009.01.21 Generic!atr
Microsoft 1.4205 2009.01.22 Worm:Win32/Autorun!inf
NOD32 3790 2009.01.22 Win32/Delf.AWS
Norman 5.93.01 2009.01.22 Autorun.NY
nProtect 2009.1.8.0 2009.01.22 -
Panda 9.5.1.2 2009.01.21 Bck/Hupigon.LEO
PCTools 4.4.2.0 2009.01.22 -
Prevx1 V2 2009.01.22 -
Rising 21.13.32.00 2009.01.22 -
SecureWeb-Gateway 6.7.6 2009.01.22 Trojan.Spy.179
Sophos 4.37.0 2009.01.22 W32/SillyFDC-AV
Sunbelt 3.2.1835.2 2009.01.16 INF.Autorun (v)
Symantec 10 2009.01.22 -
TheHacker 6.3.1.5.225 2009.01.21 -
TrendMicro 8.700.0.1004 2009.01.22 Mal_Otorun1
VBA32 3.12.8.11 2009.01.22 Trojan.Autorun.gen
ViRobot 2009.1.22.1574 2009.01.22 INF.Autorun.186.D
VirusBuster 4.5.11.0 2009.01.22 -
Дополнительная информация
File size: 186 bytes
MD5...: 388cdce38219e26795c8df2e4b9a8a4c
SHA1..: 0e72b83417eab223464533d1b749d4bd8a6caa13
SHA256: 29eecdb0b3889f3fd97795e770d38455e8af0ca84119dda8e0 09a123aa527d9b
SHA512: 8912302845a77e2d19d0306acdefa1bd55666004eb6240f1d4 7fceef2ebccf11
02fceaf5564de89499106ee03514e6c9ffb82805faaf54be0a 9e5f304be0b5b7
ssdeep: 3:00nwLFQRMeLVSNdYRUNDVNdoYAFxFQRMeLVSNeNSFSpoYAFx FQRMeLVSN0QFQR
MA:jwLqRtsNdYRUDndFYqRtsN0S+YqRtsNA
PEiD..: -
TrID..: File type identification
Generic INI configuration (100.0%)
PEInfo: -

Hanson
23.01.2009, 11:16
Файл wxilib.dll получен 2009.01.23 09:11:41 (CET)
Результат: 6/39 (15.39%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.23 Trojan-Ransom!IK
AhnLab-V3 5.0.0.2 2009.01.23 -
AntiVir 7.9.0.60 2009.01.22 -
Authentium 5.1.0.4 2009.01.22 -
Avast 4.8.1281.0 2009.01.22 -
AVG 8.0.0.229 2009.01.22 Adload_r.GK
BitDefender 7.2 2009.01.23 -
CAT-QuickHeal 10.00 2009.01.23 -
ClamAV 0.94.1 2009.01.23 -
Comodo 942 2009.01.22 -
DrWeb 4.44.0.09170 2009.01.23 Trojan.Blackmailer.origin
eSafe 7.0.17.0 2009.01.22 -
eTrust-Vet 31.6.6323 2009.01.23 -
F-Prot 4.4.4.56 2009.01.22 W32/Hexzone.B.gen!Eldorado
F-Secure 8.0.14470.0 2009.01.23 -
Fortinet 3.117.0.0 2009.01.23 -
GData 19 2009.01.23 -
Ikarus T3.1.1.45.0 2009.01.23 Trojan-Ransom
K7AntiVirus 7.10.601 2009.01.22 -
Kaspersky 7.0.0.125 2009.01.23 -
McAfee 5503 2009.01.22 -
McAfee+Artemis 5503 2009.01.22 -
Microsoft 1.4205 2009.01.23 -
NOD32 3791 2009.01.22 -
Norman 5.93.01 2009.01.22 -
nProtect 2009.1.8.0 2009.01.23 -
Panda 9.5.1.2 2009.01.22 -
PCTools 4.4.2.0 2009.01.22 -
Prevx1 V2 2009.01.23 Fraudulent Security Program
Rising 21.13.41.00 2009.01.23 -
SecureWeb-Gateway 6.7.6 2009.01.23 -
Sophos 4.37.0 2009.01.23 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.23 -
TheHacker 6.3.1.5.226 2009.01.22 -
TrendMicro 8.700.0.1004 2009.01.23 -
VBA32 3.12.8.11 2009.01.22 -
ViRobot 2009.1.23.1576 2009.01.23 -
VirusBuster 4.5.11.0 2009.01.22 -
Дополнительная информация
File size: 323584 bytes
MD5...: 5fb85cc01066e45fd1e1dded6a4e8a4e
SHA1..: 5e2bc3102447e3db75b811d1830da7330223d164
SHA256: 9d13fef337a7570d3fcc356b2b2438934fc2e003eac63292c8 22c3953839c267
SHA512: 98894c6f53eefae13892408f743048496c5b869b31ca0f8cf6 aff6d95a1f3f05
89f39e874944dab19173e3fa552cc143e4c48f3ca5117822b4 133e3ebd064091
ssdeep: 6144:Esf4gitY5tecWw4cQuLmQbgvPx8eRCnJI9yt+QDMZ:Jck 4cQuLYNRdkHgZ
PEiD..: -
TrID..: File type identification
DirectShow filter (77.7%)
Win32 Executable MS Visual C++ (generic) (14.5%)
Win32 Executable Generic (3.2%)
Win32 Dynamic Link Library (generic) (2.9%)
Generic Win/DOS Executable (0.7%)

senyak
23.01.2009, 14:09
Файл live.gif получен 2009.01.23 12:03:01 (CET)
Текущий статус: закончено
Результат: 7/39 (17.95%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.23 Trojan.HTML.IFrame!IK
AhnLab-V3 5.0.0.2 2009.01.23 -
AntiVir 7.9.0.60 2009.01.23 HTML/IFrame.AC
Authentium 5.1.0.4 2009.01.22 -
Avast 4.8.1281.0 2009.01.22 -
AVG 8.0.0.229 2009.01.23 -
BitDefender 7.2 2009.01.23 -
CAT-QuickHeal 10.00 2009.01.23 -
ClamAV 0.94.1 2009.01.23 -
Comodo 943 2009.01.23 TrojWare.HTML.IFrame.ac
DrWeb 4.44.0.09170 2009.01.23 -
eSafe 7.0.17.0 2009.01.22 -
eTrust-Vet 31.6.6322 2009.01.23 -
F-Prot 4.4.4.56 2009.01.22 -
F-Secure 8.0.14470.0 2009.01.23 Trojan.HTML.IFrame.ac
Fortinet 3.117.0.0 2009.01.23 -
GData 19 2009.01.23 -
Ikarus T3.1.1.45.0 2009.01.23 Trojan.HTML.IFrame
K7AntiVirus 7.10.601 2009.01.22 -
Kaspersky 7.0.0.125 2009.01.23 Trojan.HTML.IFrame.ac
McAfee 5503 2009.01.22 -
McAfee+Artemis 5503 2009.01.22 -
Microsoft 1.4205 2009.01.23 -
NOD32 3792 2009.01.23 -
Norman 5.93.01 2009.01.23 -
nProtect 2009.1.8.0 2009.01.23 -
Panda 9.5.1.2 2009.01.23 -
PCTools 4.4.2.0 2009.01.22 -
Prevx1 V2 2009.01.23 -
Rising 21.13.41.00 2009.01.23 -
SecureWeb-Gateway 6.7.6 2009.01.23 Script.IFrame.AC
Sophos 4.37.0 2009.01.23 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.23 -
TheHacker 6.3.1.5.226 2009.01.22 -
TrendMicro 8.700.0.1004 2009.01.23 -
VBA32 3.12.8.11 2009.01.22 -
ViRobot 2009.1.23.1576 2009.01.23 -
VirusBuster 4.5.11.0 2009.01.22 -
Дополнительная информация
File size: 282 bytes
MD5...: 69e43b1eefc2eae2870fefb39f5f272b
SHA1..: b5af47e88ebab99931ab86d31a77257a185e524e
SHA256: 464346e40a005818953b52b6bf1e06873c5dfec37268f3b791 9599cd247ee2f3
SHA512: f3807844bf286659463fa930538c686a169206ec4882099c95 cea10bca792535
cf4abd96bf285ee8f14222c8f8ff52cb6252e8eafdded00c47 fcbf67cd677292
ssdeep: 3:+FUhXCHTaVXGLSMy8d3WRbKxhsRcOq94IK:f0UqSva3WR26R cOq9O
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

PavelA
26.01.2009, 15:36
м.б. и ложное срабатывание. Это из раздела "Помогите!"
http://virusinfo.info/showthread.php?t=38257
Файл avz00002.dta получен 2009.01.26 13:30:50 (CET)


Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.26 -
AhnLab-V3 5.0.0.2 2009.01.26 -
AntiVir 7.9.0.60 2009.01.26 TR/ATRAPS.Gen
Authentium 5.1.0.4 2009.01.26 -
Avast 4.8.1281.0 2009.01.25 -
AVG 8.0.0.229 2009.01.26 -
BitDefender 7.2 2009.01.26 -
CAT-QuickHeal 10.00 2009.01.24 -
ClamAV 0.94.1 2009.01.26 -
Comodo 947 2009.01.26 -
DrWeb 4.44.0.09170 2009.01.26 -
eSafe 7.0.17.0 2009.01.25 Suspicious File
eTrust-Vet 31.6.6325 2009.01.24 -
F-Prot 4.4.4.56 2009.01.25 -
F-Secure 8.0.14470.0 2009.01.26 -
Fortinet 3.117.0.0 2009.01.25 -
GData 19 2009.01.26 -
Ikarus T3.1.1.45.0 2009.01.26 -
K7AntiVirus 7.10.604 2009.01.24 -
Kaspersky 7.0.0.125 2009.01.26 -
McAfee 5506 2009.01.25 -
McAfee+Artemis 5506 2009.01.25 -
Microsoft 1.4205 2009.01.26 -
NOD32 3800 2009.01.26 -
Norman 5.93.01 2009.01.26 -
nProtect 2009.1.8.0 2009.01.26 -
Panda 9.5.1.2 2009.01.26 -
PCTools 4.4.2.0 2009.01.26 -
Prevx1 V2 2009.01.26 -
Rising 21.13.42.00 2009.01.23 -
SecureWeb-Gateway 6.7.6 2009.01.26 Trojan.ATRAPS.Gen
Sophos 4.37.0 2009.01.26 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.26 -
TheHacker 6.3.1.5.229 2009.01.26 -
TrendMicro 8.700.0.1004 2009.01.26 PAK_Generic.005
VBA32 3.12.8.11 2009.01.25 -
ViRobot 2009.1.23.1577 2009.01.26 -
VirusBuster 4.5.11.0 2009.01.25


Ответ из ЛК:
dpsec.dll - Trojan.Win32.Agent.bkzf

New malicious software was found in this file. It's detection will be included in the next
update. Thank you for your help.

senyak
26.01.2009, 17:11
Взятс флешки:

Файл abra.rar получен 2009.01.26 14:59:23 (CET)
Текущий статус: закончено
Результат: 9/39 (23.08%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.26 -
AhnLab-V3 5.0.0.2 2009.01.26 -
AntiVir 7.9.0.60 2009.01.26 -
Authentium 5.1.0.4 2009.01.26 -
Avast 4.8.1281.0 2009.01.25 -
AVG 8.0.0.229 2009.01.26 Worm/Generic_c.ZW
BitDefender 7.2 2009.01.26 -
CAT-QuickHeal 10.00 2009.01.24 -
ClamAV 0.94.1 2009.01.26 -
Comodo 947 2009.01.26 Worm.Win32.AutoRun.etg
DrWeb 4.44.0.09170 2009.01.26 Win32.HLLW.Shadow
eSafe 7.0.17.0 2009.01.26 -
eTrust-Vet 31.6.6325 2009.01.24 -
F-Prot 4.4.4.56 2009.01.25 -
F-Secure 8.0.14470.0 2009.01.26 -
Fortinet 3.117.0.0 2009.01.25 -
GData 19 2009.01.26 -
Ikarus T3.1.1.45.0 2009.01.26 -
K7AntiVirus 7.10.606 2009.01.26 -
Kaspersky 7.0.0.125 2009.01.26 Worm.Win32.AutoRun.etg
McAfee 5506 2009.01.25 -
McAfee+Artemis 5506 2009.01.25 -
Microsoft 1.4205 2009.01.26 Worm:Win32/Conficker.B!inf
NOD32 3800 2009.01.26 -
Norman 5.93.01 2009.01.26 -
nProtect 2009.1.8.0 2009.01.26 -
Panda 9.5.1.2 2009.01.26 W32/Conficker.C.worm
PCTools 4.4.2.0 2009.01.26 -
Prevx1 V2 2009.01.26 -
Rising 21.13.42.00 2009.01.23 -
SecureWeb-Gateway 6.7.6 2009.01.26 -
Sophos 4.37.0 2009.01.26 Mal/ConfInf-A
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.26 W32.Downadup!autorun
TheHacker 6.3.1.5.229 2009.01.26 -
TrendMicro 8.700.0.1004 2009.01.26 -
VBA32 3.12.8.11 2009.01.25 -
ViRobot 2009.1.23.1577 2009.01.26 -
VirusBuster 4.5.11.0 2009.01.25 INF.Conficker.F
Дополнительная информация
File size: 29608 bytes
MD5...: 46f649a4c561471e7cbeedfe9dbb10b2
SHA1..: 09df0fa0262dff115077e4bc4361655ccee7b7d0
SHA256: df7293082038452ffe2a296c5c1233be7b663593508eb35be5 2e614b3278bf19
SHA512: 2a800c48e78f1a18b93d0e3845e8bf45dd8803de7c4afa2337 757a63ad6ef3b0
43c0dbd77e86e935679e5e6ca0ac0ec76df501c6b8d7185fff de5e3167ea4067
ssdeep: 768:/FUNB0x1o8t9jYSyvjIPKANjWApF45nfd5FOQ1s:/F241z9sSyvjFAnC7OQ1
s
PEiD..: -



Файл jwgkvsq.rar получен 2009.01.26 15:00:46 (CET)
Текущий статус: закончено
Результат: 25/38 (65.79%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.26 -
AhnLab-V3 5.0.0.2 2009.01.26 -
AntiVir 7.9.0.60 2009.01.26 TR/Dropper.Gen
Authentium 5.1.0.4 2009.01.26 W32/Conficker!Generic
Avast 4.8.1281.0 2009.01.25 Win32:Confi
AVG 8.0.0.229 2009.01.26 Worm/Downadup
BitDefender 7.2 2009.01.26 Win32.Worm.Downadup.Gen
CAT-QuickHeal 10.00 2009.01.24 Win32.Net-Worm.Kido.ih.3.Pack
ClamAV 0.94.1 2009.01.26 -
Comodo 947 2009.01.26 -
DrWeb 4.44.0.09170 2009.01.26 Win32.HLLW.Shadow.based
eSafe 7.0.17.0 2009.01.26 Suspicious File
eTrust-Vet 31.6.6325 2009.01.24 -
F-Prot 4.4.4.56 2009.01.25 W32/Conficker!Generic
F-Secure 8.0.14470.0 2009.01.26 -
Fortinet 3.117.0.0 2009.01.25 -
GData 19 2009.01.26 Win32.Worm.Downadup.Gen
Ikarus T3.1.1.45.0 2009.01.26 Net-Worm.Win32.Kido
K7AntiVirus 7.10.606 2009.01.26 Net-Worm.Win32.Kido.ih
Kaspersky 7.0.0.125 2009.01.26 Net-Worm.Win32.Kido.ih
McAfee 5506 2009.01.25 W32/Conficker.worm.gen.a
McAfee+Artemis 5506 2009.01.25 W32/Conficker.worm.gen.a
Microsoft 1.4205 2009.01.26 Worm:Win32/Conficker.B
NOD32 3800 2009.01.26 a variant of Win32/Conficker.AE
nProtect 2009.1.8.0 2009.01.26 Win32.Worm.Downadup.Gen
Panda 9.5.1.2 2009.01.26 W32/Conficker.C.worm
PCTools 4.4.2.0 2009.01.26 -
Prevx1 V2 2009.01.26 Worm
Rising 21.13.42.00 2009.01.23 -
SecureWeb-Gateway 6.7.6 2009.01.26 Trojan.Dropper.Gen
Sophos 4.37.0 2009.01.26 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.26 W32.Downadup.B
TheHacker 6.3.1.5.229 2009.01.26 -
TrendMicro 8.700.0.1004 2009.01.26 WORM_DOWNAD.AD
VBA32 3.12.8.11 2009.01.25 Net-Worm.Win32.Kido.ih
ViRobot 2009.1.23.1577 2009.01.26 -
VirusBuster 4.5.11.0 2009.01.25 Trojan.Conficker.Gen!Pac
Дополнительная информация
File size: 165435 bytes
MD5...: b5a2bab57981404e060648216b7caacd
SHA1..: 24282bad6ac22ec6c94226d996889b3c6e476358
SHA256: 19c4ec91003fff14926b4d8361fe05e849e84a0c84a5039fb2 cf16a8bfb129a1
SHA512: 2be9023460c6fee0672c066da6072548afb299ad397c77bbff 70ee6a7577fdf1
3dbb69e531cdcfd1ff3b5244471debbb1f7f9d95828dee4ab5 cac8ccaf8b6734
ssdeep: 3072:Fvi4ICn/ofGEiUkWmvFGJzxLlLiq5r+2MQIkI43Z6mbbV01G71IdK9IKm: N
LIlGbUkWaFAzhB5r+sGiZ9PK07+dK94
PEiD..: -

senyak
27.01.2009, 21:54
Файл in.php получен 2009.01.27 19:47:31 (CET)
Текущий статус: закончено
Результат: 5/39 (12.83%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.73 2009.01.27 -
AhnLab-V3 5.0.0.2 2009.01.26 -
AntiVir 7.9.0.60 2009.01.27 HTML/Crypted.Gen
Authentium 5.1.0.4 2009.01.26 -
Avast 4.8.1281.0 2009.01.27 HTML:Iframe-inf
AVG 8.0.0.229 2009.01.27 -
BitDefender 7.2 2009.01.27 -
CAT-QuickHeal 10.00 2009.01.27 -
ClamAV 0.94.1 2009.01.27 -
Comodo 948 2009.01.27 -
DrWeb 4.44.0.09170 2009.01.27 -
eSafe 7.0.17.0 2009.01.27 -
eTrust-Vet 31.6.6329 2009.01.27 -
F-Prot 4.4.4.56 2009.01.26 -
F-Secure 8.0.14470.0 2009.01.27 -
Fortinet 3.117.0.0 2009.01.27 -
GData 19 2009.01.27 HTML:Iframe-inf
Ikarus T3.1.1.45.0 2009.01.27 -
K7AntiVirus 7.10.607 2009.01.27 -
Kaspersky 7.0.0.125 2009.01.27 -
McAfee 5507 2009.01.26 -
McAfee+Artemis 5507 2009.01.26 -
Microsoft 1.4205 2009.01.27 -
NOD32 3804 2009.01.27 -
Norman 5.93.01 2009.01.27 -
nProtect 2009.1.8.0 2009.01.27 -
Panda 9.5.1.2 2009.01.27 -
PCTools 4.4.2.0 2009.01.27 -
Prevx1 V2 2009.01.27 -
Rising 21.13.42.00 2009.01.23 -
SecureWeb-Gateway 6.7.6 2009.01.27 Heuristic.Script.Crypted
Sophos 4.37.0 2009.01.27 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.27 -
TheHacker 6.3.1.5.229 2009.01.26 -
TrendMicro 8.700.0.1004 2009.01.27 Mal_Hifrm
VBA32 3.12.8.11 2009.01.27 -
ViRobot 2009.1.23.1577 2009.01.26 -
VirusBuster 4.5.11.0 2009.01.27 -
Дополнительная информация
File size: 688 bytes
MD5...: ce5ffb0f7e75b8c95e4946e1c3e158a1
SHA1..: 4817bfaabe6257c5b52d167ab9fbdc91d40e0fb5
SHA256: 2ce9061a786ca298d981e379e8bf31f7963fac79c2a9403872 0d6d805572e2f7
SHA512: 99ca4098b21c01cdc669dda0f702726e3af1301444758c2392 fc68d8b9721337
bd92562791a5ef75df09d822b0f3c0249d32d5c9938ec669ef b993a0a62e45ba
ssdeep: 12:SumxKSAMGA7/N5DnMqIdzmx1jYxwGlQAMsMm16ByyVkJ1MIOne0Mnzc:+K5M1
/N5TMkLGl7Mo8yA6M5epzc
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

IgorKr
28.01.2009, 18:00
Файл quxnlq.exe получен 2009.01.28 15:29:42 (CET)
Текущий статус: закончено
Результат: 6/39 (15.38%)



a-squared 4.0.0.93 2009.01.28 -
AhnLab-V3 5.0.0.2 2009.01.28 -
AntiVir 7.9.0.60 2009.01.28 -
Authentium 5.1.0.4 2009.01.27 -
Avast 4.8.1281.0 2009.01.27 -
AVG 8.0.0.229 2009.01.28 -
BitDefender 7.2 2009.01.28 -
CAT-QuickHeal 10.00 2009.01.28 -
ClamAV 0.94.1 2009.01.28 -
Comodo 951 2009.01.28 -
DrWeb 4.44.0.09170 2009.01.28 -
eSafe 7.0.17.0 2009.01.28 Suspicious File
eTrust-Vet 31.6.6331 2009.01.28 -
F-Prot 4.4.4.56 2009.01.27 -
F-Secure 8.0.14470.0 2009.01.28 -
Fortinet 3.117.0.0 2009.01.28 -
GData 19 2009.01.28 -
Ikarus T3.1.1.45.0 2009.01.28 -
K7AntiVirus 7.10.607 2009.01.27 -
Kaspersky 7.0.0.125 2009.01.28 -
McAfee 5508 2009.01.27 W32/Autorun.worm.zf.gen
McAfee+Artemis 5508 2009.01.27 W32/Autorun.worm.zf.gen
Microsoft 1.4205 2009.01.28 -
NOD32 3806 2009.01.28 Win32/Packed.Autoit.Gen
Norman 5.93.01 2009.01.27 -
nProtect 2009.1.8.0 2009.01.28 -
Panda 9.5.1.2 2009.01.28 -
PCTools 4.4.2.0 2009.01.28 -
Prevx1 V2 2009.01.28 -
Rising 21.13.42.00 2009.01.23 -
SecureWeb-Gateway 6.7.6 2009.01.28 -
Sophos 4.37.0 2009.01.28 Sus/Behav-1011
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.28 -
TheHacker 6.3.1.5.229 2009.01.26 -
TrendMicro 8.700.0.1004 2009.01.28 -
VBA32 3.12.8.11 2009.01.27 suspected of Autoit.Script.Trojan
ViRobot 2009.1.28.1579 2009.01.28 -
VirusBuster 4.5.11.0 2009.01.27 -


Дополнительная информация
File size: 501424 bytes
MD5...: dcd0e884d36909288085ce5713c410fd
SHA1..: 6abccc198c5c356b1b8e7fa9329702ebff8d97df
SHA256: a1b0273e24ca316d14824e6dfe4a287962ac042e4a63ae5742 a22a09672a7e5e
SHA512: e2f8e660cba9703bf5bf37983f3786b5e81187243dfb73db9b 862ff877e1e48e
85944de877ae6dd87e8c2d1677c1d621bed53f39229d2c580b d3faba4b7bd014
ssdeep: 12288:knNhuBoY8SorxgmA+nlvVlOArQ4fbaue4pZ1Ib:kPatC g7EPgArxRN1E
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x95590
timedatestamp.....: 0x4850e379 (Thu Jun 12 08:51:05 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x5d000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x5e000 0x38000 0x37800 7.93 d154032dbbbf17f077b9dac50ab63eb4
.rsrc 0x96000 0x6000 0x5c00 4.96 d31158dea4acce887d13d324b967072d

( 13 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: RegCloseKey
> COMCTL32.dll: ImageList_Create
> comdlg32.dll: GetSaveFileNameW
> GDI32.dll: LineTo
> MPR.dll: WNetUseConnectionW
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHELL32.dll: DragFinish
> USER32.dll: GetDC
> VERSION.dll: VerQueryValueW
> WINMM.dll: timeGetTime
> WSOCK32.dll: -

( 0 exports )
packers (F-Prot): UPX
packers (Kaspersky): PE_Patch.UPX, UPX

VirCode
29.01.2009, 08:53
свеженькое

Файл love.vbs получен 2009.01.29 06:43:44 (CET)
Текущий статус: закончено
Результат: 7/39 (17.95%)



a-squared 4.0.0.93 2009.01.29 -
AhnLab-V3 5.0.0.2 2009.01.29 -
AntiVir 7.9.0.60 2009.01.28 -
Authentium 5.1.0.4 2009.01.28 Heuristic-31
Avast 4.8.1281.0 2009.01.28 -
AVG 8.0.0.229 2009.01.28 -
BitDefender 7.2 2009.01.29 -
CAT-QuickHeal 10.00 2009.01.29 -
ClamAV 0.94.1 2009.01.29 -
Comodo 951 2009.01.28 -
DrWeb 4.44.0.09170 2009.01.29 -
eSafe 7.0.17.0 2009.01.28 -
eTrust-Vet 31.6.6333 2009.01.29 -
F-Prot 4.4.4.56 2009.01.28 Heuristic-31
F-Secure 8.0.14470.0 2009.01.29 VBS/GenMail.A
Fortinet 3.117.0.0 2009.01.29 -
GData 19 2009.01.29 -
Ikarus T3.1.1.45.0 2009.01.29 -
K7AntiVirus 7.10.608 2009.01.28 -
Kaspersky 7.0.0.125 2009.01.29 -
McAfee 5509 2009.01.28 -
McAfee+Artemis 5509 2009.01.28 -
Microsoft 1.4205 2009.01.28 Worm:VBS/MassMail.gen
NOD32 3809 2009.01.29 probably unknown SCRIPT
Norman 6.00.02 2009.01.28 VBS/GenMail.A
nProtect 2009.1.8.0 2009.01.28 -
Panda 9.5.1.2 2009.01.28 -
PCTools 4.4.2.0 2009.01.28 -
Prevx1 V2 2009.01.29 -
Rising 21.13.42.00 2009.01.23 -
SecureWeb-Gateway 6.7.6 2009.01.28 VBScript.Vulnerable.gen!High (suspicious)
Sophos 4.38.0 2009.01.29 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.29 -
TheHacker 6.3.1.5.231 2009.01.29 -
TrendMicro 8.700.0.1004 2009.01.29 -
VBA32 3.12.8.11 2009.01.29 -
ViRobot 2009.1.29.1580 2009.01.29 -
VirusBuster 4.5.11.0 2009.01.28 -


Дополнительная информация
File size: 506 bytes
MD5...: 3fb2ac62c5cfa24f3c0b887c32af1d20
SHA1..: 41ec916821796c9c36fa14d774276238aa9ea075
SHA256: d1f5829f92146e9d7f1d367b4d3663970a696b84b796f712c1 bfd439c557bc5c
SHA512: 00238bc820e2725eee1a2e2af42816e32f386d9546000cfa79 5d8b4f3b02f1b2
e82f118ff2bda6b39551cfd345140fe23e8d3518b3ef029931 2edd1c85235375
ssdeep: 12:/ycPdtJWQONslam6ufesRAyt6BmSv2T1rGqTF8hnMv:/yEJWQONslaFAesRAY
yxs1rGA8hnc
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

AlexGOMEL
29.01.2009, 10:18
Файл avz00001.dta получен 2009.01.29 07:43:43 (CET)

Антивирус Версия Обновление Результат
a-squared 4.0.0.93 2009.01.29 -
AhnLab-V3 5.0.0.2 2009.01.29 -
AntiVir 7.9.0.60 2009.01.28 TR/Dropper.Gen
Authentium 5.1.0.4 2009.01.28 -
Avast 4.8.1281.0 2009.01.28 -
AVG 8.0.0.229 2009.01.28 -
BitDefender 7.2 2009.01.29 -
CAT-QuickHeal 10.00 2009.01.29 -
ClamAV 0.94.1 2009.01.29 -
Comodo 951 2009.01.28 -
DrWeb 4.44.0.09170 2009.01.29 Trojan.PWS.Banker.origin
eSafe 7.0.17.0 2009.01.28 Suspicious File
eTrust-Vet 31.6.6333 2009.01.29 -
F-Prot 4.4.4.56 2009.01.28 -
F-Secure 8.0.14470.0 2009.01.29 -
Fortinet 3.117.0.0 2009.01.29 -
GData 19 2009.01.29 -
Ikarus T3.1.1.45.0 2009.01.29 -
K7AntiVirus 7.10.608 2009.01.28 -
Kaspersky 7.0.0.125 2009.01.29 -
McAfee 5509 2009.01.28 -
McAfee+Artemis 5509 2009.01.28 -
Microsoft 1.4205 2009.01.28 -
NOD32 3809 2009.01.29 -
Norman 6.00.02 2009.01.28 -
nProtect 2009.1.8.0 2009.01.28 -
Panda 9.5.1.2 2009.01.28 -
PCTools 4.4.2.0 2009.01.28 -
Prevx1 V2 2009.01.29 Fraudulent Security Program
Rising 21.13.42.00 2009.01.23 -
SecureWeb-Gateway 6.7.6 2009.01.28 Trojan.Dropper.Gen
Sophos 4.38.0 2009.01.29 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.29 -
TheHacker 6.3.1.5.231 2009.01.29 -
TrendMicro 8.700.0.1004 2009.01.29 -
VBA32 3.12.8.11 2009.01.29 -
ViRobot 2009.1.29.1580 2009.01.29 -
VirusBuster 4.5.11.0 2009.01.28 -

Дополнительная информация
File size: 317440 bytes
MD5...: 4a8453e3a123475ba81e8455be573880

PavelA
29.01.2009, 19:24
из темы http://virusinfo.info/showthread.php?t=38468
Файл с десктопа. Детект весьма странный.

Антивирус Версия Обновление Результат
a-squared 4.0.0.93 2009.01.29 -
AhnLab-V3 5.0.0.2 2009.01.29 -
AntiVir 7.9.0.60 2009.01.29 -
Authentium 5.1.0.4 2009.01.28 -
Avast 4.8.1281.0 2009.01.28 -
AVG 8.0.0.229 2009.01.29 -
BitDefender 7.2 2009.01.29 -
CAT-QuickHeal 10.00 2009.01.29 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.01.29 -
Comodo 952 2009.01.29 -
DrWeb 4.44.0.09170 2009.01.29 -
eSafe 7.0.17.0 2009.01.29 Win32.TrojanFakeAle
eTrust-Vet 31.6.6334 2009.01.29 -
F-Prot 4.4.4.56 2009.01.28 -
F-Secure 8.0.14470.0 2009.01.29 -
Fortinet 3.117.0.0 2009.01.29 -
GData 19 2009.01.29 -
Ikarus T3.1.1.45.0 2009.01.29 -
K7AntiVirus 7.10.609 2009.01.29 -
Kaspersky 7.0.0.125 2009.01.29 -
McAfee 5509 2009.01.28 -
McAfee+Artemis 5509 2009.01.28 -
Microsoft 1.4205 2009.01.29 -
NOD32 3811 2009.01.29 a variant of Win32/Kryptik.GA
Norman 6.00.02 2009.01.29 -
nProtect 2009.1.8.0 2009.01.29 -
Panda 9.5.1.2 2009.01.29 -
PCTools 4.4.2.0 2009.01.29 -
Prevx1 V2 2009.01.29 -
Rising 21.13.42.00 2009.01.23 Trojan.Clicker.Win32.Undef.gj
SecureWeb-Gateway 6.7.6 2009.01.29 Ad-Spyware.LooksLike.Dm
Sophos 4.38.0 2009.01.29 Troj/FakeAle-LE
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.29 -
TheHacker 6.3.1.5.232 2009.01.29 -
TrendMicro 8.700.0.1004 2009.01.29 -
VBA32 3.12.8.11 2009.01.29 -
ViRobot 2009.1.29.1580 2009.01.29 -
VirusBuster 4.5.11.0 2009.01.28 -

Winsent
31.01.2009, 22:04
a-squared 4.0.0.93 2009.01.31 Downloader.Delphi!IK
AhnLab-V3 5.0.0.2 2009.01.31 -
AntiVir 7.9.0.60 2009.01.30 DR/Delphi.Gen
Authentium 5.1.0.4 2009.01.31 -
Avast 4.8.1281.0 2009.01.30 -
AVG 8.0.0.229 2009.01.30 Win32/Heur
BitDefender 7.2 2009.01.31 Gen:Trojan.Heur.Dropper.2
CAT-QuickHeal 10.00 2009.01.31 -
ClamAV 0.94.1 2009.01.31 -
Comodo 955 2009.01.31 -
DrWeb 4.44.0.09170 2009.01.31 -
eSafe 7.0.17.0 2009.01.29 -
eTrust-Vet 31.6.6335 2009.01.29 -
F-Prot 4.4.4.56 2009.01.31 -
F-Secure 8.0.14470.0 2009.01.31 -
Fortinet 3.117.0.0 2009.01.31 -
GData 19 2009.01.31 Gen:Trojan.Heur.Dropper.2
Ikarus T3.1.1.45.0 2009.01.31 Downloader.Delphi
K7AntiVirus 7.10.612 2009.01.31 -
Kaspersky 7.0.0.125 2009.01.31 -
McAfee 5512 2009.01.31 New Malware.bx
McAfee+Artemis 5512 2009.01.31 New Malware.bx
Microsoft 1.4306 2009.01.31 TrojanDropper:Win32/Delf.CI
NOD32 3815 2009.01.31 -
Norman 6.00.02 2009.01.31 -
nProtect 2009.1.8.0 2009.01.30 -
Panda 9.5.1.2 2009.01.31 -
PCTools 4.4.2.0 2009.01.31 -
Prevx1 V2 2009.01.31 -
Rising 21.13.42.00 2009.01.23 -
SecureWeb-Gateway 6.7.6 2009.01.30 Trojan.Dropper.Delphi.Gen
Sophos 4.38.0 2009.01.31 Sus/Dropper-R
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.31 -
TheHacker 6.3.1.5.241 2009.01.31 -
TrendMicro 8.700.0.1004 2009.01.30 PAK_Generic.001
VBA32 3.12.8.12 2009.01.30 Backdoor.Win32.UltimateDefender.nf
ViRobot 2009.1.31.1583 2009.01.31 -
VirusBuster 4.5.11.0 2009.01.31 -

Дополнительная информация
File size: 144398 bytes
MD5...: 0a44662b643f0119508bdd68893c2971
SHA1..: d84f79a6028434adb7d2063f7756309229e9c4d2
SHA256: ca7a9b12b4d0b38a3598d23799257c8ab3fc4bac3fff8a7bf7 d311481e22e678
SHA512: 971dc0af8e4c7e0299fe5c37455d37721e96f9b28eb16a147f fc2123003dfcbf
0a3a7ba66e3da7363e6adeba8a74d6ae312ece216bd47490c9 c3786607f9e47c
ssdeep: 3072:GyfJ9kGj2OGxbodTxyZdW/YrSmnM0KKH0zv:GyfJSG95d1wGIMS+v
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2b000
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x4000 0x3b1b 6.53 f7f6bdc124092be88cde3b74f5cd6f79
DATA 0x5000 0x1000 0xbc 4.23 71120066cc96af28429e3d91dadd84d9
BSS 0x6000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x7000 0x1000 0x5d9 4.32 ed346d7d259470b93b4f6229afa802ff
.tls 0x8000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x9000 0x2000 0x13 2.46 231ec597a238bf6a2b7189bb5ece7901
.rsrc 0xb000 0x1e5ec 0x1e600 7.81 47d7e28603a24c21c27321ebe8241704
WCALab 0x2a000 0x1000 0x40 4.40 1fc047478ccb43109160076f79c2a7e0
.Sunzer 0x2b000 0x200 0x200 6.70 a95ad18642ed68535afde26bea1db5a8

( 7 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, GetThreadLocale, GetStartupInfoA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
> user32.dll: GetKeyboardType, MessageBoxA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> oleaut32.dll: SysFreeString, SysReAllocStringLen
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> kernel32.dll: WriteFile, VirtualFree, VirtualAlloc, SizeofResource, SetFilePointer, SetEndOfFile, ReadFile, LockResource, LoadResource, GetTempPathA, FreeResource, FindResourceA, DeleteFileA, CreateFileA, CopyFileA, CloseHandle
> shell32.dll: ShellExecuteA

( 0 exports )

VirCode
03.02.2009, 07:27
даунлодер

Файл kexek__1_.exe получен 2009.02.03 05:18:10 (CET)
Текущий статус: закончено
Результат: 9/39 (23.08%)



Антивирус Версия Обновление Результат
a-squared 4.0.0.93 2009.02.03 -
AhnLab-V3 5.0.0.2 2009.02.03 -
AntiVir 7.9.0.71 2009.02.02 TR/Hijacker.Gen
Authentium 5.1.0.4 2009.02.02 -
Avast 4.8.1281.0 2009.02.03 -
AVG 8.0.0.229 2009.02.02 -
BitDefender 7.2 2009.02.03 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 10.00 2009.02.02 -
ClamAV 0.94.1 2009.02.03 -
Comodo 959 2009.02.02 -
DrWeb 4.44.0.09170 2009.02.03 -
eSafe 7.0.17.0 2009.02.01 -
eTrust-Vet 31.6.6338 2009.02.03 -
F-Prot 4.4.4.56 2009.02.02 -
F-Secure 8.0.14470.0 2009.02.03 W32/Malware
Fortinet 3.117.0.0 2009.02.02 -
GData 19 2009.02.03 BehavesLike:Win32.ExplorerHijack
Ikarus T3.1.1.45.0 2009.02.02 -
K7AntiVirus 7.10.615 2009.02.02 -
Kaspersky 7.0.0.125 2009.02.03 Heur.Trojan.Generic
McAfee 5514 2009.02.02 -
McAfee+Artemis 5514 2009.02.02 -
Microsoft 1.4306 2009.02.03 -
NOD32 3820 2009.02.03 -
Norman 6.00.02 2009.02.02 W32/Malware
nProtect 2009.1.8.0 2009.02.03 BehavesLike:Win32.ExplorerHijack
Panda 9.5.1.2 2009.02.02 -
PCTools 4.4.2.0 2009.02.02 -
Prevx1 V2 2009.02.03 -
Rising 21.14.61.00 2009.02.01 -
SecureWeb-Gateway 6.7.6 2009.02.03 Trojan.Hijacker.Gen
Sophos 4.38.0 2009.02.03 Mal/Emogen-Y
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.02.03 -
TheHacker 6.3.1.5.245 2009.02.03 -
TrendMicro 8.700.0.1004 2009.02.03 -
VBA32 3.12.8.12 2009.02.01 -
ViRobot 2009.2.3.1586 2009.02.03 -
VirusBuster 4.5.11.0 2009.02.02 -


Дополнительная информация
File size: 20480 bytes
MD5...: 1b3db5bcea84a7cdd0c7e8a7a4a38e1e
SHA1..: bb4d92f9e60c17ce092e7cbf053c7f5fabfc3aa5
SHA256: 182df22543c7b3c5daf181747b4070ecd787a31126333df811 3ae92b99ded605
SHA512: 69543af1499e39eeb25d98033097f0444b3529d1bd7b8962fd 4992479d150a77
bee71e88131e1a635abc256504a3ece639b0c06a06eab860d7 429e5015de5236
ssdeep: 384:rEuUMAr6N08l/ij7m+1Ir9EIBJPVIl6f/iGVAL/gseoJkw4KizbgIyj:rE9M
VNhl/ija+1I557qcnf6/gs7Fu
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information

Shu_b
03.02.2009, 11:01
итого по январю:

VirCode
05.02.2009, 13:09
Файл opendoor.exe получен 2009.02.05 11:02:26 (CET)
Текущий статус: закончено
Результат: 15/39 (38.47%)



Антивирус Версия Обновление Результат
a-squared 4.0.0.93 2009.02.05 -
AhnLab-V3 5.0.0.2 2009.02.05 -
AntiVir 7.9.0.74 2009.02.05 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2009.02.04 -
Avast 4.8.1281.0 2009.02.04 Win32:IRCBot-AHP
AVG 8.0.0.229 2009.02.04 Win32/CryptExe
BitDefender 7.2 2009.02.05 DeepScan:Generic.Malware.SFP!]g.70407C30
CAT-QuickHeal 10.00 2009.02.05 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.02.05 -
Comodo 964 2009.02.04 -
DrWeb 4.44.0.09170 2009.02.05 -
eSafe 7.0.17.0 2009.02.04 -
eTrust-Vet 31.6.6343 2009.02.05 -
F-Prot 4.4.4.56 2009.02.04 -
F-Secure 8.0.14470.0 2009.02.05 -
Fortinet 3.117.0.0 2009.02.05 -
GData 19 2009.02.05 DeepScan:Generic.Malware.SFP!g.70407C30
Ikarus T3.1.1.45.0 2009.02.05 -
K7AntiVirus 7.10.618 2009.02.04 -
Kaspersky 7.0.0.125 2009.02.05 Heur.Invader
McAfee 5516 2009.02.04 New Malware
McAfee+Artemis 5516 2009.02.04 New Malware
Microsoft 1.4306 2009.02.05 -
NOD32 3828 2009.02.05 -
Norman 6.00.02 2009.02.04 -
nProtect 2009.1.8.0 2009.02.05 -
Panda 9.5.1.2 2009.02.04 -
PCTools 4.4.2.0 2009.02.05 Packed/Execryptor
Prevx1 V2 2009.02.05 -
Rising 21.15.20.00 2009.02.04 -
SecureWeb-Gateway 6.7.6 2009.02.05 Trojan.Crypt.XPACK.Gen
Sophos 4.38.0 2009.02.05 -
Sunbelt 3.2.1835.2 2009.01.16 Trojan.Win32.Packed.gen (v)
Symantec 10 2009.02.04 Backdoor.IRC.Bot
TheHacker 6.3.1.5.247 2009.02.05 -
TrendMicro 8.700.0.1004 2009.02.05 -
VBA32 3.12.8.12 2009.02.04 suspected of Embedded.Rootkit.Win32.Agent.adg
ViRobot 2009.2.5.1591 2009.02.05 -
VirusBuster 4.5.11.0 2009.02.04 Packed/Execryptor


Дополнительная информация
File size: 264809 bytes
MD5...: aa477b7ead71870d05f24ff402236181
SHA1..: 775434f81642842f028cf6302ce4f0e821bdb868
SHA256: 3ff5e0f892747b66eede74bb32e53e37cdb88a47e3dafacf1e 4a7237a9439674
SHA512: 360d1c28ec7e2fa9c0ab202549e34fb0e8c7d465f555520a64 38412ebfd5b7c3
e602d35a70b2096f7f54333f7edfeabd4f39c41b9a431e9838 546244506c5b71
ssdeep: 6144:qAWvJasnJtNTR3Rp5RbCoC3igwmfDeZJz8kOXVN2mHNmd :qXMevJpXCoDkf
DeZOtemtC
PEiD..: EXECryptor 2.2.4 -> Strongbit/SoftComplete Development (h1)

rubin
07.02.2009, 23:49
a-squared 4.0.0.93 2009.02.07 -
AhnLab-V3 5.0.0.2 2009.02.07 -
AntiVir 7.9.0.76 2009.02.07 -
Authentium 5.1.0.4 2009.02.07 -
Avast 4.8.1335.0 2009.02.07 -
AVG 8.0.0.229 2009.02.07 -
BitDefender 7.2 2009.02.07 -
CAT-QuickHeal 10.00 2009.02.07 Win32.Backdoor.Poison.gen!A.2
ClamAV 0.94.1 2009.02.07 -
Comodo 969 2009.02.07 -
DrWeb 4.44.0.09170 2009.02.07 Trojan.DownLoad.29400
eSafe 7.0.17.0 2009.02.05 -
eTrust-Vet 31.6.6346 2009.02.07 -
F-Prot 4.4.4.56 2009.02.07 -
F-Secure 8.0.14470.0 2009.02.07 -
Fortinet 3.117.0.0 2009.02.07 -
GData 19 2009.02.07 -
Ikarus T3.1.1.45.0 2009.02.07 -
K7AntiVirus 7.10.623 2009.02.07 -
Kaspersky 7.0.0.125 2009.02.07 -
McAfee 5518 2009.02.07 -
McAfee+Artemis 5519 2009.02.07 -
Microsoft 1.4306 2009.02.06 -
NOD32 3836 2009.02.07 -
Norman 6.00.02 2009.02.06 -
nProtect 2009.1.8.0 2009.02.07 -
Panda 9.5.1.2 2009.02.07 -
PCTools 4.4.2.0 2009.02.07 -
Prevx1 V2 2009.02.07 -
Rising 21.15.50.00 2009.02.07 -
SecureWeb-Gateway 6.7.6 2009.02.07 -
Sophos 4.38.0 2009.02.07 -
Sunbelt 3.2.1847.2 2009.02.07 -
Symantec 10 2009.02.07 -
TheHacker 6.3.1.5.248 2009.02.07 -
TrendMicro 8.700.0.1004 2009.02.06 -
VBA32 3.12.8.12 2009.02.05 -
ViRobot 2009.2.6.1594 2009.02.06 -
VirusBuster 4.5.11.0 2009.02.07 -

File size: 8704 bytes
MD5...: 73b5806e6c07701f7e49f4bb836da2c4
SHA1..: 8ba13fb2d1f19da34846217fb90e43e558a26837

Добавлено через 1 час 50 минут


a-squared 4.0.0.93 2009.02.07 -
AhnLab-V3 5.0.0.2 2009.02.07 -
AntiVir 7.9.0.76 2009.02.07 TR/Crypt.ZPACK.Gen
Authentium 5.1.0.4 2009.02.07 -
Avast 4.8.1335.0 2009.02.07 Win32:Falder
AVG 8.0.0.229 2009.02.07 FakeAlert.FS
BitDefender 7.2 2009.02.07 Backdoor.Bot.78382
CAT-QuickHeal 10.00 2009.02.07 -
ClamAV 0.94.1 2009.02.07 -
Comodo 969 2009.02.07 -
DrWeb 4.44.0.09170 2009.02.07 -
eSafe 7.0.17.0 2009.02.05 -
eTrust-Vet 31.6.6346 2009.02.07 -
F-Prot 4.4.4.56 2009.02.07 -
F-Secure 8.0.14470.0 2009.02.07 -
Fortinet 3.117.0.0 2009.02.07 -
GData 19 2009.02.07 Backdoor.Bot.78382
Ikarus T3.1.1.45.0 2009.02.07 -
K7AntiVirus 7.10.623 2009.02.07 Trojan.Win32.Malware.4
Kaspersky 7.0.0.125 2009.02.07 -
McAfee 5518 2009.02.07 -
McAfee+Artemis 5519 2009.02.07 -
Microsoft 1.4306 2009.02.06 TrojanSpy:Win32/Zbot.gen!C
NOD32 3836 2009.02.07 a variant of Win32/Kryptik.FN
Norman 6.00.02 2009.02.06 -
nProtect 2009.1.8.0 2009.02.07 Backdoor/W32.IRCBot.190976
Panda 9.5.1.2 2009.02.07 -
PCTools 4.4.2.0 2009.02.07 -
Prevx1 V2 2009.02.07 -
Rising 21.15.50.00 2009.02.07 Trojan.Clicker.Win32.Undef.gj
SecureWeb-Gateway 6.7.6 2009.02.07 Trojan.Crypt.ZPACK.Gen
Sophos 4.38.0 2009.02.07 -
Sunbelt 3.2.1847.2 2009.02.06 -
Symantec 10 2009.02.07 Suspicious.MH690.A
TheHacker 6.3.1.5.248 2009.02.07 -
TrendMicro 8.700.0.1004 2009.02.06 -
VBA32 3.12.8.12 2009.02.05 Malware-Cryptor.Win32.Stit
ViRobot 2009.2.6.1594 2009.02.06 -
VirusBuster 4.5.11.0 2009.02.07 -

File size: 236544 bytes
MD5...: b119d620244c55d0c7d56a0a25841c3f
SHA1..: c07a6839fbfd8604aac7b98d24db4e9140e0ef54

rerrreers
08.02.2009, 12:29
Файл 4 получен 2009.02.08 10:17:14 (CET)

Антивирус Версия Обновление Результат
a-squared 4.0.0.93 2009.02.08 -
AhnLab-V3 5.0.0.2 2009.02.07 -
AntiVir 7.9.0.76 2009.02.07 -
Authentium 5.1.0.4 2009.02.07 -
Avast 4.8.1335.0 2009.02.07 -
AVG 8.0.0.229 2009.02.07 -
CAT-QuickHeal 10.00 2009.02.07 -
ClamAV 0.94.1 2009.02.08 -
Comodo 971 2009.02.08 -
DrWeb 4.44.0.09170 2009.02.08 -
eSafe 7.0.17.0 2009.02.05 -
eTrust-Vet 31.6.6346 2009.02.07 -
F-Prot 4.4.4.56 2009.02.07 -
F-Secure 8.0.14470.0 2009.02.08 Worm.Win32.AutoRun.exp
Fortinet 3.117.0.0 2009.02.08 -
GData 19 2009.02.08 -
Ikarus T3.1.1.45.0 2009.02.08 -
K7AntiVirus 7.10.623 2009.02.07 -
Kaspersky 7.0.0.125 2009.02.08 Worm.Win32.AutoRun.exp
McAfee 5518 2009.02.07 -
McAfee+Artemis 5519 2009.02.07 -
Microsoft 1.4306 2009.02.08 -
NOD32 3836 2009.02.07 -
Norman 6.00.02 2009.02.06 -
Panda 9.5.1.2 2009.02.07 -
PCTools 4.4.2.0 2009.02.07 -
Prevx1 V2 2009.02.08 -
Rising 21.15.50.00 2009.02.07 -
SecureWeb-Gateway 6.7.6 2009.02.08 -
Sophos 4.38.0 2009.02.08 -
Sunbelt 3.2.1847.2 2009.02.07 -
Symantec 10 2009.02.08 -
TheHacker 6.3.1.5.249 2009.02.08 -
TrendMicro 8.700.0.1004 2009.02.06 -
VBA32 3.12.8.12 2009.02.08 -
ViRobot 2009.2.6.1594 2009.02.06 -
VirusBuster 4.5.11.0 2009.02.07 -

Дополнительная информация
File size: 98304 bytes
MD5...: 27f048a961b537fb71fd15e92f4a349d
SHA1..: fb12944bde475175f565765bec16fd4071376c86
SHA256: f198a5f9f4a1d4c9cd555e3bcf095c0fd187afe52cd90669fe 184d72955a5bb7

PavelA
13.02.2009, 12:55
Из http://virusinfo.info/showthread.php?t=39643
'C:\WINDOWS\Fonts\CtmRes.dll'


Антивирус Версия Обновление Результат
a-squared 4.0.0.93 2009.02.13 BehavesLike!IK
AhnLab-V3 5.0.0.2 2009.02.13 Win-Trojan/Agent.10240.VO
AntiVir 7.9.0.76 2009.02.13 TR/Hijacker.Gen
Authentium 5.1.0.4 2009.02.13 W32/Heuristic-KPP!Eldorado
Avast 4.8.1335.0 2009.02.12 Win32:Spyware-gen
AVG 8.0.0.237 2009.02.13 PSW.Generic6.BASJ
BitDefender 7.2 2009.02.13 Trojan.Agent.12433
CAT-QuickHeal 10.00 2009.02.13 -
ClamAV 0.94.1 2009.02.13 -
Comodo 976 2009.02.13 -
DrWeb 4.44.0.09170 2009.02.13 -
eSafe 7.0.17.0 2009.02.12 -
eTrust-Vet 31.6.6356 2009.02.13 Win32/Gamepass.YN
F-Prot 4.4.4.56 2009.02.13 W32/Heuristic-KPP!Eldorado
F-Secure 8.0.14470.0 2009.02.13 -
Fortinet 3.117.0.0 2009.02.13 -
GData 19 2009.02.13 Trojan.Agent.12433
Ikarus T3.1.1.45.0 2009.02.13 BehavesLike
K7AntiVirus 7.10.628 2009.02.12 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.02.13 -
McAfee 5524 2009.02.12 Generic.dx
McAfee+Artemis 5524 2009.02.12 Generic.dx
Microsoft 1.4306 2009.02.13 Trojan:Win32/Comotor.A!dll
NOD32 3850 2009.02.13 Win32/Spy.Agent.NLK
Norman 6.00.02 2009.02.12 W32/Malware.FHAS
nProtect 2009.1.8.0 2009.02.13 Trojan/W32.Agent.10240.CR
Panda 10.0.0.10 2009.02.12 Generic Trojan
PCTools 4.4.2.0 2009.02.12 -
Prevx1 V2 2009.02.13 -
Rising 21.16.42.00 2009.02.13 Trojan.Win32.Nodef.aoq
SecureWeb-Gateway 6.7.6 2009.02.13 Trojan.Hijacker.Gen
Sophos 4.38.0 2009.02.13 -
Sunbelt 3.2.1851.2 2009.02.12 Trojan-PSW.OnlineGames
Symantec 10 2009.02.13 -
TheHacker 6.3.1.9.255 2009.02.13 -
TrendMicro 8.700.0.1004 2009.02.13 TROJ_VUNDO.MCL
VBA32 3.12.8.12 2009.02.13 Win32.Spy.Agent.NLK
ViRobot 2009.2.13.1605 2009.02.13 -
VirusBuster 4.5.11.0 2009.02.12 -

Surfer
17.02.2009, 16:46
File valentine.exe received on 02.17.2009 14:08:40 (CET)


a-squared 4.0.0.93 2009.02.17 -
AhnLab-V3 5.0.0.2 2009.02.17 -
AntiVir 7.9.0.79 2009.02.17 -
Authentium 5.1.0.4 2009.02.17 -
Avast 4.8.1335.0 2009.02.16 -
AVG 8.0.0.237 2009.02.17 Injector.CD
BitDefender 7.2 2009.02.17 Trojan.Waledac.Gen.1
CAT-QuickHeal 10.00 2009.02.17 -
ClamAV 0.94.1 2009.02.17 -
Comodo 982 2009.02.17 -
DrWeb 4.44.0.09170 2009.02.17 -
eSafe 7.0.17.0 2009.02.17 -
eTrust-Vet 31.6.6361 2009.02.17 Win32/Waledac!generic
F-Prot 4.4.4.56 2009.02.17 -
F-Secure 8.0.14470.0 2009.02.17 -
Fortinet 3.117.0.0 2009.02.17 W32/Waledac.fam!worm
GData 19 2009.02.17 Trojan.Waledac.Gen.1
Ikarus T3.1.1.45.0 2009.02.17 -
K7AntiVirus 7.10.630 2009.02.14 -
Kaspersky 7.0.0.125 2009.02.17 -
McAfee 5528 2009.02.16 W32/Waledac.gen.e
McAfee+Artemis 5528 2009.02.16 W32/Waledac.gen.e
Microsoft 1.4306 2009.02.17 VirTool:Win32/Obfuscator.ES
NOD32 3861 2009.02.17 -
Norman 6.00.06 2009.02.16 -
nProtect 2009.1.8.0 2009.02.17 -
Panda 10.0.0.10 2009.02.17 -
PCTools 4.4.2.0 2009.02.17 -
Prevx1 V2 2009.02.17 Cloaked Malware
Rising 21.17.12.00 2009.02.17 -
SecureWeb-Gateway 6.7.6 2009.02.17 -
Sophos 4.38.0 2009.02.17 Mal/WaledPak-A
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.17 -
TheHacker 6.3.2.2.259 2009.02.17 -
TrendMicro 8.700.0.1004 2009.02.17 -
VBA32 3.12.8.13 2009.02.17 -
ViRobot 2009.2.17.1611 2009.02.17 -
VirusBuster 4.5.11.0 2009.02.16 -


File size: 410972 bytes
MD5...: a7cd8f13ae9e4f903b524e12a743d759

Erekle
17.02.2009, 20:11
Файл Your_Dad_Has_Shit_Fetish_Too.PIF (http://www.virustotal.com/ru/analisis/973ddcca5fa10dc4fac147910144c76e) получен 2009.02.17 13:41:51 (CET)
Результат: 4/39 (10.26%)

a-squared 4.0.0.93 2009.02.17 -
AhnLab-V3 5.0.0.2 2009.02.17 -
AntiVir 7.9.0.79 2009.02.17 -
Authentium 5.1.0.4 2009.02.17 -
Avast 4.8.1335.0 2009.02.16 -
AVG 8.0.0.237 2009.02.17 -
BitDefender 7.2 2009.02.17 -
CAT-QuickHeal 10.00 2009.02.17 -
ClamAV 0.94.1 2009.02.17 -
Comodo 982 2009.02.17 -
DrWeb 4.44.0.09170 2009.02.17 -
eSafe 7.0.17.0 2009.02.17 -
eTrust-Vet 31.6.6361 2009.02.17 -
F-Prot 4.4.4.56 2009.02.17 -
F-Secure 8.0.14470.0 2009.02.17 -
Fortinet 3.117.0.0 2009.02.17 -
GData 19 2009.02.17 -
Ikarus T3.1.1.45.0 2009.02.17 -
K7AntiVirus 7.10.630 2009.02.14 -
Kaspersky 7.0.0.125 2009.02.17 -
McAfee 5528 2009.02.16 -
McAfee+Artemis 5528 2009.02.16 -
Microsoft 1.4306 2009.02.17 VirTool:Win32/Injector.gen!C
NOD32 3861 2009.02.17 -
Norman 6.00.06 2009.02.16 -
nProtect 2009.1.8.0 2009.02.17 Trojan/W32.Buzus.217088.C
Panda 10.0.0.10 2009.02.17 -
PCTools 4.4.2.0 2009.02.17 -
Prevx1 V2 2009.02.17 Malicious Software
Rising 21.17.12.00 2009.02.17 -
SecureWeb-Gateway 6.7.6 2009.02.17 -
Sophos 4.38.0 2009.02.17 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.17 -
TheHacker 6.3.2.2.259 2009.02.17 -
TrendMicro 8.700.0.1004 2009.02.17 PAK_Generic.001
VBA32 3.12.8.13 2009.02.17 -
ViRobot 2009.2.17.1611 2009.02.17 -
VirusBuster 4.5.11.0 2009.02.16 -

File size: 143360 bytes
MD5...: 38f7a10d68933b580bb1c617a8b1c787
SHA1..: 311a78a8436b6448d5d04c531f83fbea55935774
SHA256: d88e77286b64cec732bace9e6634dc7748041d41d418c024a8 0c30acfe6b5dad

PEiD..: Armadillo v1.71
(...)
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=3EEF358F00254B5A3028026E1 384AA00A3A24222


Файл perce.jpg.exe (http://www.virustotal.com/ru/analisis/8d0ebcf5a20372792ad41137e83edc34) [perce.jpg] получен 2009.02.17 10:10:15 (CET)
Результат: 5/39 (12.82%)

a-squared 4.0.0.93 2009.02.17 -
AhnLab-V3 5.0.0.2 2009.02.17 -
AntiVir 7.9.0.79 2009.02.17 -
Authentium 5.1.0.4 2009.02.16 -
Avast 4.8.1335.0 2009.02.16 -
AVG 8.0.0.237 2009.02.16 -
BitDefender 7.2 2009.02.17 -
CAT-QuickHeal 10.00 2009.02.17 -
ClamAV 0.94.1 2009.02.16 -
Comodo 980 2009.02.16 -
DrWeb 4.44.0.09170 2009.02.16 -
eSafe 7.0.17.0 2009.02.15 -
eTrust-Vet 31.6.6360 2009.02.16 -
F-Prot 4.4.4.56 2009.02.16 -
F-Secure 8.0.14470.0 2009.02.17 -
Fortinet 3.117.0.0 2009.02.17 -
GData 19 2009.02.17 -
Ikarus T3.1.1.45.0 2009.02.17 -
K7AntiVirus 7.10.630 2009.02.14 -
Kaspersky 7.0.0.125 2009.02.17 -
McAfee 5528 2009.02.16 Generic Dropper.cx
McAfee+Artemis 5528 2009.02.16 Generic Dropper.cx
Microsoft 1.4306 2009.02.17 TrojanDownloader:Win32/Renos.DZ
NOD32 3860 2009.02.17 -
Norman 6.00.06 2009.02.16 -
nProtect 2009.1.8.0 2009.02.17 -
Panda 10.0.0.10 2009.02.16 -
PCTools 4.4.2.0 2009.02.16 -
Prevx1 V2 2009.02.17 Malware Downloader
Rising 21.17.11.00 2009.02.17 -
SecureWeb-Gateway 6.7.6 2009.02.16 -
Sophos 4.38.0 2009.02.17 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.17 Downloader
TheHacker 6.3.2.2.259 2009.02.17 -
TrendMicro 8.700.0.1004 2009.02.17 -
VBA32 3.12.8.13 2009.02.17 -
ViRobot 2009.2.17.1611 2009.02.17 -
VirusBuster 4.5.11.0 2009.02.16 -

File size: 91140 bytes
MD5...: 5d7c7e1e76a06874d303f8ad082ee690
SHA1..: dbb0870b64db99d3ea2bb6adbc832b5efa1e485d
SHA256: b77080b63f165003b95a28d21096fbc90b91e144cd6e770cdd 9a4cbffa9c565d


Файл viewtubesoftware.40012.exe (http://www.virustotal.com/ru/analisis/ff7150f1f3d663bd261e3fd082a860e5) [systeminit.exe]
получен 2009.02.17 08:48:12 (CET)
Результат: 6/39 (15.38%)

a-squared 4.0.0.93 2009.02.17 -
AhnLab-V3 5.0.0.2 2009.02.17 -
AntiVir 7.9.0.79 2009.02.16 -
Authentium 5.1.0.4 2009.02.16 -
Avast 4.8.1335.0 2009.02.16 -
AVG 8.0.0.237 2009.02.16 -
BitDefender 7.2 2009.02.17 -
CAT-QuickHeal 10.00 2009.02.17 -
ClamAV 0.94.1 2009.02.16 -
Comodo 980 2009.02.16 -
DrWeb 4.44.0.09170 2009.02.16 -
eSafe 7.0.17.0 2009.02.15 -
eTrust-Vet 31.6.6360 2009.02.16 -
F-Prot 4.4.4.56 2009.02.16 -
F-Secure 8.0.14470.0 2009.02.17 Trojan.Win32.Agent.bqtn
Fortinet 3.117.0.0 2009.02.17 -
GData 19 2009.02.17 -
Ikarus T3.1.1.45.0 2009.02.17 -
K7AntiVirus 7.10.630 2009.02.14 -
Kaspersky 7.0.0.125 2009.02.17 Trojan.Win32.Agent.bqtn
McAfee 5528 2009.02.16 -
McAfee+Artemis 5528 2009.02.16 -
Microsoft 1.4306 2009.02.17 VirTool:Win32/Obfuscator.CW
NOD32 3860 2009.02.17 -
Norman 6.00.06 2009.02.16 -
nProtect 2009.1.8.0 2009.02.17 -
Panda 10.0.0.10 2009.02.16 -
PCTools 4.4.2.0 2009.02.16 -
Prevx1 V2 2009.02.17 Cloaked Malware
Rising 21.17.11.00 2009.02.17 -
SecureWeb-Gateway 6.7.6 2009.02.16 -
Sophos 4.38.0 2009.02.17 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.17 Downloader.MisleadApp
TheHacker 6.3.2.2.258 2009.02.16 -
TrendMicro 8.700.0.1004 2009.02.17 -
VBA32 3.12.8.12 2009.02.16 suspected of Malware-Cryptor.Win32.General.3
ViRobot 2009.2.17.1610 2009.02.17 -
VirusBuster 4.5.11.0 2009.02.16 -

File size: 33280 bytes
MD5...: 11c07d01f5d78b0a6c34e04841e70283
SHA1..: 09c8c1118911b7ee5b9fdc5770c8ed1cf6cde56a
SHA256: 59e763d49b10e9eb7007bff068fc8518873bafb1ef98dac8d8 1b5ff16aaf725a


Файл setup_200002.exe (http://www.virustotal.com/ru/analisis/bc65297c231ee1d9bad6f26253fe0467) получен 2009.02.17 17:22:47 (CET)
Результат: 8/39 (20.51%)

a-squared 4.0.0.93 2009.02.17 -
AhnLab-V3 5.0.0.2 2009.02.17 -
AntiVir 7.9.0.79 2009.02.17 TR/Dropper.Gen
Authentium 5.1.0.4 2009.02.17 -
Avast 4.8.1335.0 2009.02.16 -
AVG 8.0.0.237 2009.02.17 -
BitDefender 7.2 2009.02.17 Trojan.FakeAntivirus.Gen
CAT-QuickHeal 10.00 2009.02.17 -
ClamAV 0.94.1 2009.02.17 -
Comodo 982 2009.02.17 -
DrWeb 4.44.0.09170 2009.02.17 Trojan.DownLoad.28638
eSafe 7.0.17.0 2009.02.17 -
eTrust-Vet 31.6.6361 2009.02.17 -
F-Prot 4.4.4.56 2009.02.17 -
F-Secure 8.0.14470.0 2009.02.17 -
Fortinet 3.117.0.0 2009.02.17 -
GData 19 2009.02.17 Trojan.FakeAntivirus.Gen
Ikarus T3.1.1.45.0 2009.02.17 -
K7AntiVirus 7.10.630 2009.02.14 -
Kaspersky 7.0.0.125 2009.02.17 -
McAfee 5528 2009.02.16 -
McAfee+Artemis 5528 2009.02.16 -
Microsoft 1.4306 2009.02.17 VirTool:Win32/Obfuscator.EF
NOD32 3862 2009.02.17 Win32/Adware.AntiSpyware2009
Norman 6.00.06 2009.02.17 -
nProtect 2009.1.8.0 2009.02.17 -
Panda 10.0.0.10 2009.02.17 -
PCTools 4.4.2.0 2009.02.17 -
Prevx1 V2 2009.02.17 -
Rising 21.17.12.00 2009.02.17 -
SecureWeb-Gateway 6.7.6 2009.02.17 Trojan.Dropper.Gen
Sophos 4.38.0 2009.02.17 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.17 Packed.Generic.187
TheHacker 6.3.2.2.259 2009.02.17 -
TrendMicro 8.700.0.1004 2009.02.17 -
VBA32 3.12.8.13 2009.02.17 -
ViRobot 2009.2.17.1611 2009.02.17 -
VirusBuster 4.5.11.0 2009.02.17 -

File size: 81931 bytes
MD5...: 0b8cd059b9f2a5804d219fc6b6a08646
SHA1..: 9aa6eaf14e4bdfebde0181698409600a6e638e97
SHA256: cefac05e1916129168e673e6bdfac03204d84dc7d62ac1ab15 a920284ec4e91b


Файл msxml71.dll (http://www.virustotal.com/ru/analisis/da1169ee933277a73b70753b7d252f26) получен 2009.02.17 18:04:11 (CET)
Результат: 4/39 (10.26%)

a-squared 4.0.0.93 2009.02.17 -
AhnLab-V3 2009.2.17.2 2009.02.17 -
AntiVir 7.9.0.83 2009.02.17 -
Authentium 5.1.0.4 2009.02.17 -
Avast 4.8.1335.0 2009.02.16 -
AVG 8.0.0.237 2009.02.17 -
BitDefender 7.2 2009.02.17 -
CAT-QuickHeal 10.00 2009.02.17 -
ClamAV 0.94.1 2009.02.17 -
Comodo 982 2009.02.17 -
DrWeb 4.44.0.09170 2009.02.17 -
eSafe 7.0.17.0 2009.02.17 -
eTrust-Vet 31.6.6361 2009.02.17 -
F-Prot 4.4.4.56 2009.02.17 -
F-Secure 8.0.14470.0 2009.02.17 -
Fortinet 3.117.0.0 2009.02.17 -
GData 19 2009.02.17 -
Ikarus T3.1.1.45.0 2009.02.17 -
K7AntiVirus 7.10.582 2009.01.09 -
Kaspersky 7.0.0.125 2009.02.17 -
McAfee 5528 2009.02.16 -
McAfee+Artemis 5528 2009.02.16 -
Microsoft 1.4306 2009.02.17 -
NOD32 3862 2009.02.17 Win32/TrojanDownloader.FakeAlert.YW
Norman 6.00.06 2009.02.17 -
nProtect 2009.1.8.0 2009.02.17 -
Panda 9.4.3.20 2009.02.17 -
PCTools 4.4.2.0 2009.02.17 -
Prevx1 V2 2009.02.17 Fraudulent Security Program
Rising 21.17.12.00 2009.02.17 AdWare.Win32.Agent.cvw
SecureWeb-Gateway 6.7.6 2009.02.17 -
Sophos 4.38.0 2009.02.17 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.17 Downloader.MisleadApp
TheHacker 6.3.2.2.259 2009.02.17 -
TrendMicro 8.700.0.1004 2009.02.17 -
VBA32 3.12.8.13 2009.02.17 -
ViRobot 2009.2.17.1611 2009.02.17 -
VirusBuster 4.5.11.0 2009.02.17 -

File size: 115716 bytes
MD5...: dee4dcc0608bc4eddaa5c3ebefb36bcb
SHA1..: 9ff0792886dad5a1f418141a686cb5ae2828d9b5
SHA256: 28a44e10a083c9a656fb968fe643523f44a28cf49a5dfec438 dde7c9aae10565


Файл item.gif (http://www.virustotal.com/ru/analisis/b557974c5bb893da8e6513016f4968ba) получен 2009.02.17 18:42:17 (CET)
Результат: 7/39 (17.95%)

a-squared 4.0.0.93 2009.02.17 -
AhnLab-V3 5.0.0.2 2009.02.17 -
AntiVir 7.9.0.83 2009.02.17 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2009.02.17 -
Avast 4.8.1335.0 2009.02.16 -
AVG 8.0.0.237 2009.02.17 -
BitDefender 7.2 2009.02.17 -
CAT-QuickHeal 10.00 2009.02.17 -
ClamAV 0.94.1 2009.02.17 -
Comodo 982 2009.02.17 -
DrWeb 4.44.0.09170 2009.02.17 -
eSafe 7.0.17.0 2009.02.17 Suspicious File
eTrust-Vet 31.6.6361 2009.02.17 -
F-Prot 4.4.4.56 2009.02.17 -
F-Secure 8.0.14470.0 2009.02.17 -
Fortinet 3.117.0.0 2009.02.17 -
GData 19 2009.02.17 -
Ikarus T3.1.1.45.0 2009.02.17 -
K7AntiVirus 7.10.630 2009.02.14 -
Kaspersky 7.0.0.125 2009.02.17 -
McAfee 5528 2009.02.16 Generic Dropper.cx
McAfee+Artemis 5528 2009.02.16 Generic Dropper.cx
Microsoft 1.4306 2009.02.17 TrojanDownloader:Win32/Renos.DY
NOD32 3862 2009.02.17 Win32/TrojanDownloader.FakeAlert.YW
Norman 6.00.06 2009.02.17 -
nProtect 2009.1.8.0 2009.02.17 -
Panda 10.0.0.10 2009.02.17 -
PCTools 4.4.2.0 2009.02.17 -
Prevx1 V2 2009.02.17 Malicious Software
Rising 21.17.12.00 2009.02.17 -
SecureWeb-Gateway 6.7.6 2009.02.17 -
Sophos 4.38.0 2009.02.17 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.17 -
TheHacker 6.3.2.2.259 2009.02.17 -
TrendMicro 8.700.0.1004 2009.02.17 -
VBA32 3.12.8.13 2009.02.17 -
ViRobot 2009.2.17.1611 2009.02.17 -
VirusBuster 4.5.11.0 2009.02.17 -

File size: 124420 bytes
MD5...: 08043efb799efd081e31a0639c24a3b9
SHA1..: 1b6c01dceebaf6c7bddbc1e50179431fc70820d4
.

Shu_b
19.02.2009, 08:59
2 Erekle Просьба публиковать полные результаты, в данном виде подсчитываться не будет.

MedvedD
19.02.2009, 15:39
Файл twex.exe получен 2009.02.19 13:19:04 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО


Результат: 9/39 (23.08%)



Антивирус Версия Обновление Результат
a-squared 4.0.0.93 2009.02.19 -
AhnLab-V3 2009.2.19.0 2009.02.19 -
AntiVir 7.9.0.83 2009.02.19 TR/Dropper.Gen
Authentium 5.1.0.4 2009.02.19 -
Avast 4.8.1335.0 2009.02.18 Win32:Rootkit-gen
AVG 8.0.0.237 2009.02.19 -
BitDefender 7.2 2009.02.19 -
CAT-QuickHeal 10.00 2009.02.19 -
ClamAV 0.94.1 2009.02.18 -
Comodo 983 2009.02.18 -
DrWeb 4.44.0.09170 2009.02.19 -
eSafe 7.0.17.0 2009.02.18 -
eTrust-Vet 31.6.6365 2009.02.19 -
F-Prot 4.4.4.56 2009.02.19 -
F-Secure 8.0.14470.0 2009.02.19 Trojan-Spy.Win32.Zbot.myr
Fortinet 3.117.0.0 2009.02.18 -
GData 19 2009.02.19 Win32:Rootkit-gen
Ikarus T3.1.1.45.0 2009.02.19 -
K7AntiVirus 7.10.630 2009.02.18 -
Kaspersky 7.0.0.125 2009.02.19 Trojan-Spy.Win32.Zbot.myr
McAfee 5529 2009.02.17 -
McAfee+Artemis 5529 2009.02.17 -
Microsoft 1.4306 2009.02.19 PWS:Win32/Zbot.gen!R
NOD32 3867 2009.02.19 a variant of Win32/Kryptik.HK
Norman 6.00.06 2009.02.19 -
nProtect 2009.1.8.0 2009.02.19 -
Panda 10.0.0.10 2009.02.19 -
PCTools 4.4.2.0 2009.02.19 -
Prevx1 V2 2009.02.19 -
Rising 21.17.32.00 2009.02.19 -
SecureWeb-Gateway 6.7.6 2009.02.19 Trojan.Dropper.Gen
Sophos 4.38.0 2009.02.19 Mal/FakeVirPk-A
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.19 -
TheHacker 6.3.2.2.259 2009.02.18 -
TrendMicro 8.700.0.1004 2009.02.19 -
VBA32 3.12.10.0 2009.02.18 -
ViRobot 2009.2.19.1615 2009.02.19 -
VirusBuster 4.5.11.0 2009.02.18 -
Дополнительная информация
File size: 246784 bytes
MD5...: f937d9c8257c392c015b246841ba0a5f
SHA1..: 8035a03788bd26b3dfc441de1bdff6cf5821e5bd
SHA256: d0df8dbebef10a1f654a26bccd37794b71d679eca8bc844048 af0b8ef367eb53
SHA512: 0067615c7a88b0a5a36b8a83a0430f8f4b50b11be722a08ebf dd8e04c37b4d01
c578ed0c50e3802b9730402326333979212c061d8935a777fd 83a1c8f993b461
ssdeep: 6144:rtx/p89ofXaK6+GPUWv57VQyS2eidu/f6Z5T6tXpqb03+dW:bs8Xr6dPU0p
VQy0i2c5e5pqA3+dW

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information

Black_N
20.02.2009, 22:56
Файл hgGYRKCU.dll получен 2009.02.20 11:46:33 (CET)
Текущий статус: закончено
Результат: 10/39 (25.64%)


a-squared - Trojan.Win32.Monderd!IK
AhnLab-V3 -
AntiVir - - TR/Vundo.Gen
Authentium -
Avast -
AVG - Win32/Heur
BitDefender - Gen:Trojan.Heur.544453
CAT-QuickHeal -
ClamAV -
Comodo -
DrWeb -
eSafe -
eTrust-Vet -
F-Prot -
F-Secure -
Fortinet -
GData - - Gen:Trojan.Heur.544453
Ikarus - - Trojan.Win32.Monderd
K7AntiVirus -
Kaspersky -
McAfee -
McAfee+Artemis -
Microsoft -
NOD32 -
Norman -
nProtect - Gen:Trojan.Heur.544453
Panda -
PCTools -
Prevx1 -
Rising -
SecureWeb-Gateway - Trojan.Vundo.Gen
Sophos - Sus/Behav-278
Sunbelt -
Symantec -
TheHacker -
TrendMicro -
VBA32 -
ViRobot -
VirusBuster - Trojan.Vundo.Gen!Pac.27
Дополнительная информация
MD5: 47973e69abb4b32062a2a367ee60ce41
SHA1: a977c327d27046fec739aa0292980481331ca7f9
SHA256: 213db95223818a0f83dcbab445440ac1b42575d5a1f692ef32 cd162be3dd6a96
SHA512: 007ac7b4b85b824ee2b3a9c9d328775894bc8fcb5c6fc2151c bda738fdd0b598ef1d1e3fa5b6c89d9598214ff4bc7406e917 db409539784f76c63ec4647797cf

Добавлено через 6 минут

Файл tuvSIaWQ.dll получен 2009.02.19 04:20:12 (CET)
Текущий статус: закончено
Результат: 8/39 (20.51%)


a-squared - Virus.Trojan.Win32.Monderb!IK
AhnLab-V3 -
AntiVir -
Authentium -
Avast -
AVG -
BitDefender -
CAT-QuickHeal -
ClamAV -
Comodo -
DrWeb -
eSafe - Suspicious File
eTrust-Vet -
F-Prot -
F-Secure -
Fortinet -
GData -
Ikarus - Virus.Trojan.Win32.Monderb
K7AntiVirus -
Kaspersky - Trojan.Win32.Monderb.ajwo
McAfee -
McAfee+Artemis - Generic!Artemis
Microsoft - Trojan:Win32/Vundo.IB
NOD32 - probably a variant of Win32/Genetik
Norman -
nProtect -
Panda -
PCTools -
Prevx1 - Medium Risk Malware
Rising -
SecureWeb-Gateway -
Sophos -
Sunbelt -
Symantec -
TheHacker -
TrendMicro -
VBA32 -
ViRobot -
VirusBuster -
Дополнительная информация
MD5: 95caec91223f69e6a9f975e790991193
SHA1: 8fd087515830a1337a22acb586bd04d2d242c9bf
SHA256: 5665f4e4a701955aec1fdd441694352c995dc66d2ec0513a82 0baede04da578c
SHA512: ab2df72bce7550dd90273d8f68a59691eb5cab539d4d0a8476 bd2487998d756b6b2613ccc6a0800cff61aaf8bfc9fa95d528 3c68888a4fdd1867889cdf9fcec4

Добавлено через 22 минуты

Файл cogad.rar получен 2009.02.20 12:27:51 (CET)
Текущий статус: закончено
Результат: 20/38 (52.63%)


a-squared 4.0.0.93 2009.02.20 Virus.Win32.Trojan!IK
AhnLab-V3 2009.2.20.1 2009.02.20 -
AntiVir 7.9.0.85 2009.02.20 TR/Downloader.Gen
Authentium 5.1.0.4 2009.02.20 W32/Downloader.F.gen!Eldorado
Avast 4.8.1335.0 2009.02.19 Win32:Trojan-gen {Other}
AVG 8.0.0.237 2009.02.19 Downloader.Generic8.WRK
CAT-QuickHeal 10.00 2009.02.20 Trojan.Agent.bprt
ClamAV 0.94.1 2009.02.20 -
Comodo 983 2009.02.19 -
DrWeb 4.44.0.09170 2009.02.20 -
eSafe 7.0.17.0 2009.02.19 Suspicious File
eTrust-Vet 31.6.6367 2009.02.20 -
F-Prot 4.4.4.56 2009.02.19 W32/Downloader.F.gen!Eldorado
F-Secure 8.0.14470.0 2009.02.20 -
Fortinet 3.117.0.0 2009.02.20 PossibleThreat
GData 19 2009.02.20 Trojan.Generic.1439744
Ikarus T3.1.1.45.0 2009.02.20 Virus.Win32.Trojan
K7AntiVirus 7.10.637 2009.02.19 -
Kaspersky 7.0.0.125 2009.02.20 -
McAfee 5530 2009.02.19 -
McAfee+Artemis 5530 2009.02.19 Generic!Artemis
Microsoft 1.4306 2009.02.20 -
NOD32 3871 2009.02.20 a variant of Win32/TrojanDownloader.Agent.OOL
Norman 6.00.06 2009.02.19 -
nProtect 2009.1.8.0 2009.02.20 -
Panda 10.0.0.10 2009.02.20 Trj/Agent.LFV
PCTools 4.4.2.0 2009.02.19 -
Prevx1 V2 2009.02.20 Medium Risk Malware
Rising 21.17.42.00 2009.02.20 Trojan.DL.Win32.Undef.dgw
SecureWeb-Gateway 6.7.6 2009.02.20 Trojan.Downloader.Gen
Sophos 4.38.0 2009.02.20 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.20 Downloader
TheHacker 6.3.2.3.261 2009.02.20 -
TrendMicro 8.700.0.1004 2009.02.20 PAK_Generic.001
VBA32 3.12.10.0 2009.02.20 suspected of Win32.Trojan-Downloader
ViRobot 2009.2.20.1617 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.19 -
Дополнительная информация
File size: 55470 bytes
MD5...: ba0c365728ed71a6a90c2a2d13c31ccb
SHA1..: 12df2bff630a26191620dca9a706fcc0da6f70f5
SHA256: 9f65f32ad7ef24259d6841e101e7edc797c5c823a9a31b7d40 d0ef6214135ffa
SHA512: 67c142b82c5c7cb4204d6ececb5e32ba75b50084eb0e9e5c2f 9b32d53795a70c
324aad076743dd4d90778f96a4deab41592be3e6280293c826 2023768a67d3f6
ssdeep: 768:eSmyjYXfNU4F0x4NBRWZwDKeexgJfDd527cxkYXEyMiSXg fM7wtfX3wyTt5h
fdRc:UXfaxCS8K5mGZyMF+XXffpeJShgAA
PEiD..: -
TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)
PEInfo: -
packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=629C96CC00F176D4DE4C002BF CBD16005A660868

senyak
21.02.2009, 23:53
Файл icqreger.jar получен 2009.02.21 21:47:26 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 2/38 (5.27%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.93 2009.02.21 -
AhnLab-V3 2009.2.21.0 2009.02.21 -
AntiVir 7.9.0.87 2009.02.21 -
Authentium 5.1.0.4 2009.02.21 -
Avast 4.8.1335.0 2009.02.20 -
AVG 8.0.0.237 2009.02.21 -
BitDefender 7.2 2009.02.21 -
CAT-QuickHeal 10.00 2009.02.20 -
ClamAV 0.94.1 2009.02.21 -
Comodo 983 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.21 -
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6368 2009.02.20 -
F-Prot 4.4.4.56 2009.02.21 -
F-Secure 8.0.14470.0 2009.02.21 Trojan-SMS.J2ME.Konov.e
Fortinet 3.117.0.0 2009.02.21 -
GData 19 2009.02.21 -
Ikarus T3.1.1.45.0 2009.02.21 -
K7AntiVirus 7.10.639 2009.02.21 -
Kaspersky 7.0.0.125 2009.02.21 Trojan-SMS.J2ME.Konov.e
McAfee 5532 2009.02.21 -
McAfee+Artemis 5532 2009.02.21 -
Microsoft 1.4306 2009.02.21 -
NOD32 3875 2009.02.21 -
Norman 6.00.06 2009.02.20 -
nProtect 2009.1.8.0 2009.02.21 -
Panda 10.0.0.10 2009.02.21 -
PCTools 4.4.2.0 2009.02.21 -
Prevx1 V2 2009.02.21 -
Rising 21.17.52.00 2009.02.21 -
SecureWeb-Gateway 6.7.6 2009.02.21 -
Sophos 4.39.0 2009.02.21 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.21 -
TheHacker 6.3.2.4.262 2009.02.21 -
TrendMicro 8.700.0.1004 2009.02.20 -
ViRobot 2009.2.20.1617 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.21 -
Дополнительная информация
File size: 2319 bytes
MD5...: 3aa72f8238be00d96aaeb2e9a04850d5
SHA1..: 3d31080d089e4bdf7e85a9b83f1e9f7eb006abd6
SHA256: b4e80f0156b32306d3f8ec736255d0164f8344f50a2b325d87 24a483add0cfbe
SHA512: e5afedd1bd32171a3b26db4acf649ddb55ba2bd576c0c0179d d6d1f08adf3f4e
ce20b4ac223bd0d929e5d587f5c6c1ddd7899ca351482903a3 2d103c49256d9f
ssdeep: 48:gFD4VrTnHOCmmJwLnDTVWDkcRMxQGGzbkMxl/G:gFsTHmX3SRuGfkMxlO
PEiD..: -
TrID..: File type identification
Adobe PhotoShop Brush (50.0%)
BONK lossless/lossy audio compressor (49.9%)
PEInfo: -



Файл odnoklassniki.jar получен 2009.02.21 21:47:36 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 9/38 (23.69%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.93 2009.02.21 Trojan-SMS!IK
AhnLab-V3 2009.2.21.0 2009.02.21 -
AntiVir 7.9.0.87 2009.02.21 -
Authentium 5.1.0.4 2009.02.21 Java/Smarm.B
Avast 4.8.1335.0 2009.02.20 -
AVG 8.0.0.237 2009.02.21 -
BitDefender 7.2 2009.02.21 -
CAT-QuickHeal 10.00 2009.02.20 -
ClamAV 0.94.1 2009.02.21 -
Comodo 983 2009.02.20 TrojWare.J2ME.SMS.Konov.e
DrWeb 4.44.0.09170 2009.02.21 Java.SMSSend.18
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6368 2009.02.20 -
F-Prot 4.4.4.56 2009.02.21 Java/Smarm.B
F-Secure 8.0.14470.0 2009.02.21 Trojan-SMS.J2ME.Konov.e
Fortinet 3.117.0.0 2009.02.21 -
GData 19 2009.02.21 -
Ikarus T3.1.1.45.0 2009.02.21 Trojan-SMS
K7AntiVirus 7.10.639 2009.02.21 -
Kaspersky 7.0.0.125 2009.02.21 Trojan-SMS.J2ME.Konov.e
McAfee 5532 2009.02.21 -
McAfee+Artemis 5532 2009.02.21 -
Microsoft 1.4306 2009.02.21 Trojan:Java/Konov.A
NOD32 3875 2009.02.21 -
Norman 6.00.06 2009.02.20 -
nProtect 2009.1.8.0 2009.02.21 -
Panda 10.0.0.10 2009.02.21 -
PCTools 4.4.2.0 2009.02.21 -
Prevx1 V2 2009.02.21 -
Rising 21.17.52.00 2009.02.21 -
SecureWeb-Gateway 6.7.6 2009.02.21 -
Sophos 4.39.0 2009.02.21 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.21 -
TheHacker 6.3.2.4.262 2009.02.21 -
TrendMicro 8.700.0.1004 2009.02.20 -
ViRobot 2009.2.20.1617 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.21 -
Дополнительная информация
File size: 2322 bytes
MD5...: a38c0f6753f626a0c26225a0b23f59f7
SHA1..: 934907d4e85a3cc0268e9a90045da5357b56a5f7
SHA256: 344d56b51ecfcb7a3a80353ef8ddd89a1f35ccf59035c96c40 27c635019bf2c1
SHA512: bea05d0f6d69a8cc141d24c4ab83c48825b91bed36e001e74f 51c6110b260115
a9f0aff73cc578a2430b6d554c08fabce810273b537b3a23f1 e5f87e7cca9477
ssdeep: 48:+ETujh7rTnHOCmmJwLnDTjKWDkcRMxQGGzbkMxftjj:2THm X3vTRuGfkMxVjj
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: -

OSSP2008
22.02.2009, 10:20
Файл 11 получен 2009.02.22 08:13:16 (CET)
Текущий статус: закончено
Результат: 6/39 (15.39%)


a-squared 4.0.0.93 2009.02.22 -
AhnLab-V3 2009.2.21.0 2009.02.22 -
AntiVir 7.9.0.87 2009.02.21 -
Authentium 5.1.0.4 2009.02.21 -
Avast 4.8.1335.0 2009.02.22 HTML:IFrame-CM
AVG 8.0.0.237 2009.02.21 -
BitDefender 7.2 2009.02.22 -
CAT-QuickHeal 10.00 2009.02.20 -
ClamAV 0.94.1 2009.02.22 -
Comodo 983 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.22 -
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6368 2009.02.20 -
F-Prot 4.4.4.56 2009.02.21 -
F-Secure 8.0.14470.0 2009.02.22 Trojan-Downloader.JS.Iframe.ahs
Fortinet 3.117.0.0 2009.02.21 -
GData 19 2009.02.22 HTML:IFrame-CM
Ikarus T3.1.1.45.0 2009.02.22 -
K7AntiVirus 7.10.639 2009.02.21 -
Kaspersky 7.0.0.125 2009.02.22 Trojan-Downloader.JS.Iframe.ahs
McAfee 5532 2009.02.21 -
McAfee+Artemis 5532 2009.02.21 -
Microsoft 1.4306 2009.02.22 -
NOD32 3875 2009.02.21 -
Norman 6.00.06 2009.02.20 -
nProtect 2009.1.8.0 2009.02.22 -
Panda 10.0.0.10 2009.02.21 -
PCTools 4.4.2.0 2009.02.21 -
Prevx1 V2 2009.02.22 -
Rising 21.17.61.00 2009.02.22 -
SecureWeb-Gateway 6.7.6 2009.02.22 -
Sophos 4.39.0 2009.02.22 Mal/ObfJS-A
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.22 -
TheHacker 6.3.2.4.263 2009.02.21 Trojan/Downloader.vbs
TrendMicro 8.700.0.1004 2009.02.20 -
VBA32 3.12.10.0 2009.02.22 -
ViRobot 2009.2.20.1617 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.21 -

senyak
23.02.2009, 01:37
Файл avz00001.dta получен 2009.02.22 23:25:23 (CET)
Текущий статус: закончено
Результат: 18/39 (46.15%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.93 2009.02.22 Trojan-Dialer!IK
AhnLab-V3 2009.2.21.0 2009.02.22 -
AntiVir 7.9.0.87 2009.02.22 TR/ATRAPS.Gen
Authentium 5.1.0.4 2009.02.22 -
Avast 4.8.1335.0 2009.02.22 Win32:Delf-LWM
AVG 8.0.0.237 2009.02.22 Dropper.Generic.AIGP
BitDefender 7.2 2009.02.22 Trojan.Generic.1444572
CAT-QuickHeal 10.00 2009.02.22 -
ClamAV 0.94.1 2009.02.22 -
Comodo 983 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.22 Dialer.Siggen.121
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6368 2009.02.20 -
F-Prot 4.4.4.56 2009.02.22 -
F-Secure 8.0.14470.0 2009.02.22 Trojan-Downloader.Win32.Banload.abpk
Fortinet 3.117.0.0 2009.02.22 PossibleThreat
GData 19 2009.02.22 Trojan.Generic.1444572
Ikarus T3.1.1.45.0 2009.02.22 Trojan-Dialer
K7AntiVirus 7.10.639 2009.02.21 Trojan.Win32.Malware.4
Kaspersky 7.0.0.125 2009.02.22 Trojan-Downloader.Win32.Banload.abpk
McAfee 5533 2009.02.22 -
McAfee+Artemis 5533 2009.02.22 Generic!Artemis
Microsoft 1.4306 2009.02.22 VirTool:Win32/DelfInject.gen!AF
NOD32 3878 2009.02.22 a variant of Win32/Injector.JM
Norman 6.00.06 2009.02.20 -
nProtect 2009.1.8.0 2009.02.22 -
Panda 10.0.0.10 2009.02.22 Trj/CI.A
PCTools 4.4.2.0 2009.02.22 -
Prevx1 V2 2009.02.22 -
Rising 21.17.62.00 2009.02.22 -
SecureWeb-Gateway 6.7.6 2009.02.22 Trojan.ATRAPS.Gen
Sophos 4.39.0 2009.02.22 Troj/Inject-EH
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.22 -
TheHacker 6.3.2.4.263 2009.02.21 -
TrendMicro 8.700.0.1004 2009.02.20 -
VBA32 3.12.10.0 2009.02.22 -
ViRobot 2009.2.20.1617 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.22 -
Дополнительная информация
File size: 26156 bytes
MD5...: 26109da7e10e9ede0313655956ce151e
SHA1..: 16e8d4438f288e9b9d1694013d54d7b294d6284a
SHA256: b5d86daf7e32fe7fd3ce2dbce420a710c15376ed23a7032553 28e5ac0465706a
SHA512: 62e21113cca31c45ffbd18c210380064a6a8b37b8b0fe6e4b2 bb2cbf68d0dd79
679e0f8bfc00aa9829bd3a47bb4b4b5716a81eb94b7318cfab 88c67604926f69
ssdeep: 768:PARkOT1fzNNc1DICjBO89i2GQ87aPWMELHTW0YRDjyzO:P wNoj11GQ87abEL
ir9OK
PEiD..: BobSoft Mini Delphi -> BoB / BobSoft

IgorKr
23.02.2009, 21:15
Файл Lingvo_x3_patch.exe получен 2009.02.23 19:06:10 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 10/39 (25.65%)


Антивирус Версия Обновление Результат
a-squared 4.0.0.93 2009.02.23 Trojan.Win32.Bepiv!IK
AhnLab-V3 2009.2.24.0 2009.02.23 -
AntiVir 7.9.0.88 2009.02.23 TR/Drop.RKit.CM
Authentium 5.1.0.4 2009.02.23 -
Avast 4.8.1335.0 2009.02.23 -
AVG 8.0.0.237 2009.02.23 Downloader.Generic_r.DA
BitDefender 7.2 2009.02.23 -
CAT-QuickHeal 10.00 2009.02.22 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.02.23 -
Comodo 983 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.23 -
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6369 2009.02.23 -
F-Prot 4.4.4.56 2009.02.23 W32/Bepiv.A.gen!Eldorado
F-Secure 8.0.14470.0 2009.02.23 -
Fortinet 3.117.0.0 2009.02.23 -
GData 19 2009.02.23 -
Ikarus T3.1.1.45.0 2009.02.23 Trojan.Win32.Bepiv
K7AntiVirus 7.10.639 2009.02.21 -
Kaspersky 7.0.0.125 2009.02.23 -
McAfee 5533 2009.02.22 -
McAfee+Artemis 5534 2009.02.23 -
Microsoft 1.4306 2009.02.23 Trojan:Win32/Tibs.IR
NOD32 3881 2009.02.23 -
Norman 6.00.06 2009.02.23 -
nProtect 2009.1.8.0 2009.02.23 -
Panda 10.0.0.10 2009.02.23 Suspicious file
PCTools 4.4.2.0 2009.02.23 -
Prevx1 V2 2009.02.23 -
Rising 21.18.02.00 2009.02.23 -
SecureWeb-Gateway 6.7.6 2009.02.23 Trojan.Drop.RKit.CM
Sophos 4.39.0 2009.02.23 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.23 -
TheHacker 6.3.2.5.263 2009.02.23 -
TrendMicro 8.700.0.1004 2009.02.23 -
VBA32 3.12.10.0 2009.02.22 BScope.Zhelatin.13
ViRobot 2009.2.23.1618 2009.02.23 -
VirusBuster 4.5.11.0 2009.02.22 -


Дополнительная информация
File size: 438272 bytes
MD5...: cc83b516ac3ccfb306e3648cea8a6a8c
SHA1..: f1f1714eedb60c68bc50852275a2b7e4f3af47b1
SHA256: 1183f96dad037bc2de303763543c0bebd691554032fe029745 714222a084540f
SHA512: ff73169fa5ab1ca094ee410f8a5b1b3698a459a7435bf6772b 4bd1e7c3a2442c
245870e8b11ede570cbaf300071460b8f397e9e108ef4dbe04 11f33f10146507
ssdeep: 6144:q6zETtQNyhbTDO3megK5p5cH48oUJeahU4wR6uuWksrO: q5TiNqfNegK5a4
8nphUpRduWj
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4b033b
timedatestamp.....: 0x49a10222 (Sun Feb 22 07:43:30 2009)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x121b2 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x14000 0xfa8c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x24000 0x39a4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x28000 0x3fc80 0x2a000 6.32 2980c4e7005734cd9466ca7cef30e611
.vmp0 0x68000 0x10528 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.vmp1 0x79000 0x409d0 0x40a00 7.95 0feaeff7b8c0164b8c3858afea6dd358
.reloc 0xba000 0xb4 0x200 1.99 d18a5216916884b2e72de427e2d01b81

( 9 imports )
> KERNEL32.dll: GlobalLock
> USER32.dll: LoadCursorA
> ADVAPI32.dll: RegEnumKeyExA
> ole32.dll: CoTaskMemRealloc
> OLEAUT32.dll: -
> GDI32.dll: GetStockObject
> ntdll.dll: RtlFreeHeap
> KERNEL32.dll: LoadLibraryA, VirtualProtect, GetModuleFileNameA, ExitProcess
> USER32.dll: MessageBoxA

( 0 exports )

MedvedD
24.02.2009, 15:48
Файл .vbe получен 2009.02.24 13:17:15 (CET)

Результат: 29/39 (74.36%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.93 2009.02.24 Virus.VBS.Agent.ah!IK
AhnLab-V3 2009.2.24.0 2009.02.24 VBS/Autorun
AntiVir 7.9.0.88 2009.02.24 VBS/Autorun.AL
Authentium 5.1.0.4 2009.02.24 VBS/Agent.F
Avast 4.8.1335.0 2009.02.23 VBS:Agent-BD
AVG 8.0.0.237 2009.02.24 VBS/Worm.G
BitDefender 7.2 2009.02.24 VBS.Autorun.AAB
CAT-QuickHeal 10.00 2009.02.22 VBS/Autorun.S
ClamAV 0.94.1 2009.02.24 -
Comodo 984 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.24 VBS.Autoruner.6
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6369 2009.02.23 VBS/SillyAutorunScript.B
F-Prot 4.4.4.56 2009.02.24 VBS/Agent.F
F-Secure 8.0.14470.0 2009.02.24 Virus.VBS.AutoRun.ai
Fortinet 3.117.0.0 2009.02.24 VBS/Autorun.KH!tr
GData 19 2009.02.24 VBS.Autorun.AAB
Ikarus T3.1.1.45.0 2009.02.24 Virus.VBS.Agent.ah
K7AntiVirus 7.10.639 2009.02.21 Trojan.VBS.Agent.ah
Kaspersky 7.0.0.125 2009.02.24 Virus.VBS.AutoRun.ai
McAfee 5534 2009.02.23 W32/Autorun.worm.al
McAfee+Artemis 5534 2009.02.23 W32/Autorun.worm.al
Microsoft 1.4306 2009.02.24 Worm:VBS/Radier.B
NOD32 3885 2009.02.24 VBS/AutoRun.AI
Norman 6.00.06 2009.02.23 VBS/AutoRun.G
nProtect 2009.1.8.0 2009.02.24 -
Panda 10.0.0.10 2009.02.23 W32/Autorun.JF.worm
PCTools 4.4.2.0 2009.02.24 -
Prevx1 V2 2009.02.24 -
Rising 21.18.12.00 2009.02.24 Worm.Script.VBS.Agent.x
SecureWeb-Gateway 6.7.6 2009.02.24 Script.Autorun.AL
Sophos 4.39.0 2009.02.24 VBS/Autorun-AO
Sunbelt 3.2.1856.2 2009.02.24 -
Symantec 10 2009.02.24 VBS.Runauto
TheHacker 6.3.2.5.264 2009.02.24 -
TrendMicro 8.700.0.1004 2009.02.24 VBS_OBFUS.B
VBA32 3.12.10.0 2009.02.24 -
ViRobot 2009.2.24.1621 2009.02.24 VBS.Agent.10000.E
VirusBuster 4.5.11.0 2009.02.24 -
Дополнительная информация
File size: 10000 bytes
MD5...: 618ddd5fd5de4ba032a5c65d2a2d5e23
SHA1..: 42b258b70edf8ef01845a05757c44faebf1164c4
SHA256: b1e86b762b90dd0503a31ea3861f4ea081d957bc46edad2017 06d59de90adfcc
SHA512: 5ad7f9be2421929212812271e31e391c43d8dacc5917c03545 ec660c7d79719f
a3247463cad2a773c92be530bd0b4e526c3daf5be3e91e94e8 e62c9271c02868
ssdeep: 192:HFXMPP5ZI5WjGscmERS9hCMKjzMe5G1cYPhrtrvFGxqcLe Pjw0:lXMP7gWas
p06hCMKce5G1c6vE3L+E0

PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

Добавлено через 2 минуты

Файл xou32.exe получен 2009.02.24 12:59:19 (CET)

Результат: 30/39 (76.93%)



Антивирус Версия Обновление Результат
a-squared 4.0.0.93 2009.02.24 Backdoor.Hamweq.B!IK
AhnLab-V3 2009.2.24.0 2009.02.24 Win-Trojan/Agent.13824.FE
AntiVir 7.9.0.88 2009.02.24 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2009.02.24 W32/OnlineGames.AJ.gen!Eldorado
Avast 4.8.1335.0 2009.02.23 Win32:Agent-XKO
AVG 8.0.0.237 2009.02.24 Worm/Generic.IEV
BitDefender 7.2 2009.02.24 Backdoor.IRC.ZGE
CAT-QuickHeal 10.00 2009.02.22 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.02.24 PUA.Packed.NPack-2
Comodo 984 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.24 BackDoor.IRC.Flood.8
eSafe 7.0.17.0 2009.02.19 Suspicious File
eTrust-Vet 31.6.6369 2009.02.23 Win32/Hamweq.AE
F-Prot 4.4.4.56 2009.02.24 W32/OnlineGames.AJ.gen!Eldorado
F-Secure 8.0.14470.0 2009.02.24 W32/Packed_Nspack.A
Fortinet 3.117.0.0 2009.02.24 -
GData 19 2009.02.24 Backdoor.IRC.ZGE
Ikarus T3.1.1.45.0 2009.02.24 Backdoor.Hamweq.B
K7AntiVirus 7.10.639 2009.02.21 IRC-Worm.Win32.Small
Kaspersky 7.0.0.125 2009.02.24 Heur.Invader
McAfee 5534 2009.02.23 -
McAfee+Artemis 5534 2009.02.23 -
Microsoft 1.4306 2009.02.24 Worm:Win32/Hamweq.A
NOD32 3884 2009.02.24 a variant of Win32/AutoRun.KS
Norman 6.00.06 2009.02.23 W32/Packed_Nspack.A
nProtect 2009.1.8.0 2009.02.24 Worm/W32.Small.10752
Panda 10.0.0.10 2009.02.23 -
PCTools 4.4.2.0 2009.02.24 Packed/NSPack
Prevx1 V2 2009.02.24 -
Rising 21.18.12.00 2009.02.24 Trojan.DL.Win32.Undef.cgz
SecureWeb-Gateway 6.7.6 2009.02.24 Trojan.Crypt.XPACK.Gen
Sophos 4.39.0 2009.02.24 Mal/Packer
Sunbelt 3.2.1856.2 2009.02.24 -
Symantec 10 2009.02.24 Backdoor.Trojan
TheHacker 6.3.2.5.264 2009.02.24 W32/Behav-Heuristic-063
TrendMicro 8.700.0.1004 2009.02.24 PAK_Generic.005
VBA32 3.12.10.0 2009.02.24 -
ViRobot 2009.2.24.1621 2009.02.24 -
VirusBuster 4.5.11.0 2009.02.24 Packed/NSPack
Дополнительная информация
File size: 10731 bytes
MD5...: 82f6a9cfccafcaf882c514685c2bfdd4
SHA1..: 361edb5984471de00b697f6fddcd803f2032d6eb
SHA256: fe2d8627ebd1ce740f5b21bc9aef03d97b0d80144f80b36c8d f48a182e64c931
SHA512: 2b3f636d78d79e4015f0a543e086c6bf60db83c66a290439a4 ac4a36d7d766eb
fc30d9fa8d4b88fc876ca868abb22278b7a4c72cb08121054c db2380c11d36f8
ssdeep: 192:SRx87Oq4W3l0vdV+hBzAAgca2qmWZ6GpTMHs86YS8y2NqQ 7Busi4poOrNO:S
+F2vD2tkyqTMqMHs86S7IFsRpPx

PEiD..: NsPacK V3.7 -> LiuXingPing
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40a18f
timedatestamp.....: 0x4858fcdc (Wed Jun 18 12:17:32 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.nsp0 0x1000 0x9000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.nsp1 0xa000 0x3000 0x2600 7.83 b3605257808fc5ef2999e1084efb447d
.nsp2 0xd000 0x910 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 2 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.DLL: OpenProcessToken

( 0 exports )

packers (Kaspersky): NSPack, UPX
packers (Avast): NsPack, UPX

Black_N
24.02.2009, 23:06
Файл vcard.ex_ получен 2009.02.20 14:03:42 (CET)
Текущий статус: закончено
Результат: 8/39 (20.51%)
Форматированные
Печать результатов
Антивирус Версия Обновление Результат
a-squared 4.0.0.93 2009.02.20 -
AhnLab-V3 2009.2.20.1 2009.02.20 -
AntiVir 7.9.0.85 2009.02.20 -
Authentium 5.1.0.4 2009.02.20 -
Avast 4.8.1335.0 2009.02.19 -
AVG 8.0.0.237 2009.02.20 -
BitDefender 7.2 2009.02.20 Trojan.Waledac.Gen.1
CAT-QuickHeal 10.00 2009.02.20 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.02.20 -
Comodo 984 2009.02.19 -
DrWeb 4.44.0.09170 2009.02.20 -
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6367 2009.02.20 -
F-Prot 4.4.4.56 2009.02.19 -
F-Secure 8.0.14470.0 2009.02.20 -
Fortinet 3.117.0.0 2009.02.20 W32/Waledac.E!worm
GData 19 2009.02.20 Trojan.Waledac.Gen.1
Ikarus T3.1.1.45.0 2009.02.20 -
K7AntiVirus 7.10.637 2009.02.19 -
Kaspersky 7.0.0.125 2009.02.20 -
McAfee 5530 2009.02.19 -
McAfee+Artemis 5530 2009.02.19 -
Microsoft 1.4306 2009.02.20 VirTool:Win32/Obfuscator.ES
NOD32 3873 2009.02.20 a variant of Win32/Kryptik.HU
Norman 6.00.06 2009.02.20 -
nProtect 2009.1.8.0 2009.02.20 -
Panda 10.0.0.10 2009.02.20 -
PCTools 4.4.2.0 2009.02.20 -
Prevx1 V2 2009.02.20 -
Rising 21.17.42.00 2009.02.20 -
SecureWeb-Gateway 6.7.6 2009.02.20 -
Sophos 4.38.0 2009.02.20 Sus/Waled-A
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.20 -
TheHacker 6.3.2.3.261 2009.02.20 -
TrendMicro 8.700.0.1004 2009.02.20 -
VBA32 3.12.10.0 2009.02.20 -
ViRobot 2009.2.20.1617 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.19 Trojan.Waledac.Gen!Pac.6
Дополнительная информация
File size: 408064 bytes
MD5...: 4b5440e08003a7d1f6efc6e4b6f9b10e
SHA1..: c7a848c609a15b3ea94103add93dd6cc8036ff1e
SHA256: 9cacb8698a526dc147e4952055b4ad53dce02803c89f79a225 6c8121a10cfe3f
SHA512: 392bd1c14e5b60fffc79d118e8133b2d967d72d3e189ca77d0 a3e212f1640df3
11b3112baca0233b04e249882f6d43b13a3b1bf5a183ab2f24 5ca069c010aeda
ssdeep: 6144:BTDCraastM+CscSjbqSup7Pc35VXY8omhDmEVBoK5xiXe +Yt+MO7QYrnxDD
tMDy:NDXBwscSjJd5VzocDmEboKfC7++MD81
PEiD..: -
TrID..: File type identification
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40115f
timedatestamp.....: 0x41673756 (Sat Oct 09 00:56:54 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x62a70 0x62a00 8.00 d6678902db73cc613f88a75cd6cf2cd5
.data 0x64000 0x8f1e8 0x800 7.67 e8c34bf9c1816736ddb19df62e9ff161
.rsrc 0xf4000 0x36c 0x400 2.93 9df9f88b500e11a642ce36c0a6739e17

( 3 imports )
> KERNEL32.dll: GetLinguistLangSize, GlobalAlloc, GetStartupInfoA, VirtualProtect, EnumCalendarInfoExW, lstrcpyW, NlsGetCacheUpdateCount
> ADVAPI32.dll: RegDeleteValueA, LsaOpenSecret, AddAccessDeniedObjectAce, GetUserNameA, ElfChangeNotify
> ole32.dll: CoGetClassVersion, HDC_UserSize, CoRevokeMallocSpy

( 0 exports )

Rampant
25.02.2009, 13:58
File Win.rar received on 02.25.2009 11:48:22 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 12/38 (31.58%)

a-squared 4.0.0.93 2009.02.25 Virus.Win32.CIH!IK
AhnLab-V3 2009.2.24.0 2009.02.25 -
AntiVir 7.9.0.88 2009.02.25 W95/CIH
Authentium 5.1.0.4 2009.02.25 -
AVG 8.0.0.237 2009.02.25 Win32/Small
BitDefender 7.2 2009.02.25 Trojan.Generic.977964
CAT-QuickHeal 10.00 2009.02.25 -
ClamAV 0.94.1 2009.02.25 -
Comodo 983 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.25 -
eSafe 7.0.17.0 2009.02.25 -
eTrust-Vet 31.6.6373 2009.02.25 -
F-Prot 4.4.4.56 2009.02.25 -
F-Secure 8.0.14470.0 2009.02.25 -
Fortinet 3.117.0.0 2009.02.24 -
GData 19 2009.02.25 Trojan.Generic.977964
Ikarus T3.1.1.45.0 2009.02.25 Virus.Win32.CIH
K7AntiVirus 7.10.639 2009.02.21 Trojan.Win32.Small.IMEJ
Kaspersky 7.0.0.125 2009.02.25 -
McAfee 5535 2009.02.24 -
McAfee+Artemis 5535 2009.02.24 -
Microsoft 1.4306 2009.02.25 -
NOD32 3886 2009.02.24 -
Norman 6.00.06 2009.02.24 W32/Smalltroj.IMEJ
nProtect 2009.1.8.0 2009.02.25 -
Panda 10.0.0.10 2009.02.25 Generic Trojan
PCTools 4.4.2.0 2009.02.24 -
Prevx1 V2 2009.02.25 Medium Risk Malware
Rising 21.18.22.00 2009.02.25 -
SecureWeb-Gateway 6.7.6 2009.02.25 Win32.CIH
Sophos 4.39.0 2009.02.25 -
Sunbelt 3.2.1856.2 2009.02.24 -
Symantec 10 2009.02.25 Trojan Horse
TheHacker 6.3.2.5.265 2009.02.25 -
TrendMicro 8.700.0.1004 2009.02.25 -
VBA32 3.12.10.0 2009.02.25 -
ViRobot 2009.2.25.1622 2009.02.25 -
VirusBuster 4.5.11.0 2009.02.24 -

Additional information
File size: 14775 bytes
MD5...: 54747ae6d1b52feaec9a2a5b36b90ee5
SHA1..: 5ee9fcf3e593ab33c7496f2666edb686a507209f
SHA256: 868214f8c387218ef4219587d956e5172b9e4b481038e2a16c 93f1a471b8f637
SHA512: a4ba5999e37635b2ada6f7552ff32b9702ed905e578b1a4448 2907e974273fc0
3a5a84076e838807928bc7f84173e3f07337f0bb6663168bbb 2ac79a62c8dc85
ssdeep: 384:/MVI6qkBnTPlJSssgBu4l79iQHtIVxrhCJy66eeuRwG:t6qRssg Btw7rhCJy
9et

PEiD..: -
TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)
PEInfo: -
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=AB57B766307FBFBC769C00406 5FA440098B03A84' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=AB57B766307FBFBC769C00406 5FA440098B03A84</a>

Pili
26.02.2009, 08:06
Файл gaopdxbqppkowb.sys получен 2009.02.26 06:00:14 (CET)
Результат: 4/39 (10.26%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.93 2009.02.26 -
AhnLab-V3 2009.2.26.0 2009.02.25 -
AntiVir 7.9.0.88 2009.02.25 -
Authentium 5.1.0.4 2009.02.25 -
Avast 4.8.1335.0 2009.02.25 -
AVG 8.0.0.237 2009.02.25 -
BitDefender 7.2 2009.02.26 -
CAT-QuickHeal 10.00 2009.02.26 -
ClamAV 0.94.1 2009.02.25 -
Comodo 986 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.26 -
eSafe 7.0.17.0 2009.02.25 Suspicious File
eTrust-Vet 31.6.6375 2009.02.26 -
F-Prot 4.4.4.56 2009.02.25 -
F-Secure 8.0.14470.0 2009.02.26 -
Fortinet 3.117.0.0 2009.02.26 -
GData 19 2009.02.26 -
Ikarus T3.1.1.45.0 2009.02.26 -
K7AntiVirus 7.10.647 2009.02.25 -
Kaspersky 7.0.0.125 2009.02.26 -
McAfee 5536 2009.02.25 -
McAfee+Artemis 5536 2009.02.25 -
Microsoft 1.4306 2009.02.26 Trojan:WinNT/Alureon.C
NOD32 3890 2009.02.26 -
Norman 6.00.06 2009.02.25 -
nProtect 2009.1.8.0 2009.02.26 -
Panda 10.0.0.10 2009.02.26 -
PCTools 4.4.2.0 2009.02.25 -
Prevx1 V2 2009.02.26 High Risk Cloaked Malware
Rising 21.18.30.00 2009.02.26 -
SecureWeb-Gateway 6.0.0 2009.02.25 Trojan.LooksLike.Vundo
Sophos 4.39.0 2009.02.26 -
Sunbelt 3.2.1858.2 2009.02.25 -
Symantec 10 2009.02.26 -
TheHacker 6.3.2.5.265 2009.02.25 -
TrendMicro 8.700.0.1004 2009.02.26 -
VBA32 3.12.10.0 2009.02.26 -
ViRobot 2009.2.26.1624 2009.02.26 -
VirusBuster 4.5.11.0 2009.02.25 -
File size: 80896 bytes
MD5...: 6f3ea55a9a8aeab4ec760b351c587a6d
SHA1..: f7086188bf3b135cbef3627ecb06d6f3346ee51c
SHA256: 8f647076c77fddd2137349b51babd16abf8112b19852a7f78a 89dd74c895bd34
SHA512: 7a59a748d06851c9260f2f68324495497651169feedf3ec540 ebb35a961ab8b3
2621b36cf2666681f8c68af6154a801f325a9108144d26e9ea f93e3f36b09c9c
ssdeep: 1536:ZSH3MjRNOWb9zwuFkoHevrE1jM0R7aOSPV1QL4lP+SQIa OSpZ45I:ZmMF9z
TSkeMA0Ro10yfQQSkq

Black_N
26.02.2009, 16:38
Файл kodecs_Ukrainu.rar получен 2009.02.26 14:29:42 (CET)
Текущий статус: закончено
Результат: 5/38 (13.16%)


a-squared 4.0.0.93 2009.02.26 -
AntiVir 7.9.0.93 2009.02.26 -
Authentium 5.1.0.4 2009.02.26 -
Avast 4.8.1335.0 2009.02.25 -
AVG 8.0.0.237 2009.02.26 -
BitDefender 7.2 2009.02.26 -
CAT-QuickHeal 10.00 2009.02.26 -
ClamAV 0.94.1 2009.02.26 -
Comodo 986 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.26 -
eSafe 7.0.17.0 2009.02.25 Suspicious File
eTrust-Vet 31.6.6375 2009.02.26 -
F-Prot 4.4.4.56 2009.02.25 -
F-Secure 8.0.14470.0 2009.02.26 -
Fortinet 3.117.0.0 2009.02.26 -
GData 19 2009.02.26 -
Ikarus T3.1.1.45.0 2009.02.26 -
K7AntiVirus 7.10.647 2009.02.25 Trojan.Win32.Malware.4
Kaspersky 7.0.0.125 2009.02.26 -
McAfee 5536 2009.02.25 -
McAfee+Artemis 5536 2009.02.25 -
Microsoft 1.4306 2009.02.26 VirTool:Win32/Obfuscator.C
NOD32 3890 2009.02.26 -
Norman 6.00.06 None.. -
nProtect 2009.1.8.0 2009.02.26 -
Panda 10.0.0.10 2009.02.26 -
PCTools 4.4.2.0 2009.02.26 -
Prevx1 V2 2009.02.26 -
Rising 21.18.32.00 2009.02.26 -
SecureWeb-Gateway 6.0.0 2009.02.26 -
Sophos 4.39.0 2009.02.26 -
Sunbelt 3.2.1858.2 2009.02.25 -
Symantec 10 2009.02.26 Trojan Horse
TheHacker 6.3.2.5.265 2009.02.25 Aplicacion/GoldFake.d
TrendMicro 8.700.0.1004 2009.02.26 -
VBA32 3.12.10.0 2009.02.26 -
ViRobot 2009.2.26.1625 2009.02.26 -
VirusBuster 4.5.11.0 2009.02.25 -
Дополнительная информация
File size: 2276506 bytes
MD5...: 0a1b6bf0a16363874fccefe447d22b57
SHA1..: 6f6d11abee5d67cca85b11becf8fec4b3ae95b6b
SHA256: 06af3d8826f076fa82138c6e052ee05bc0d82e3fe52e5b1b21 4e0e6947ccfa37
SHA512: c1d044ae238ee43744765c9772da6a142ac30f28c23a6c8fb8 6ce0c527fa091b
4080fd702e485c6bd11f9223c4e98c4262debdbbe2fdd3d7b1 0617b5c264e2d7
ssdeep: 49152:um/++8qocMAHZiCEw9yre2LKD3VToUGa13TfOxfF99nhOBXoqeGC6 3:umk
qo0HZiChqea/6TG9j293
PEiD..: -
TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)
PEInfo: -
packers (Kaspersky): UPX
packers (F-Prot): UPX

Kuzz
27.02.2009, 11:00
Файл KB908199.exe получен 2009.02.27 08:53:42 (CET)
Текущий статус: закончено
Результат: 31/39 (79.49%)


a-squared 4.0.0.101 2009.02.27 Riskware.Win32.DelfInject!IK
AhnLab-V3 5.0.0.2 2009.02.26 Win-Trojan/Agent2.22528.E
AntiVir 7.9.0.98 2009.02.27 TR/Agent2.dsj
Authentium 5.1.0.4 2009.02.27 -
Avast 4.8.1335.0 2009.02.26 Win32:Trojan-gen {Other}
AVG 8.0.0.237 2009.02.26 Dropper.Generic.AIAA
BitDefender 7.2 2009.02.27 Trojan.Generic.1442776
CAT-QuickHeal 10.00 2009.02.27 Trojan.Agent2.dsj
ClamAV 0.94.1 2009.02.27 -
Comodo 986 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.27 Trojan.DownLoad.26770
eSafe 7.0.17.0 2009.02.26 Win32.GenericDropper
eTrust-Vet 31.6.6376 2009.02.27 Win32/VMalum.ESMV
F-Prot 4.4.4.56 2009.02.26 -
F-Secure 8.0.14470.0 2009.02.27 Trojan.Win32.Agent2.dsj
Fortinet 3.117.0.0 2009.02.27 W32/Dropper.DF!tr
GData 19 2009.02.27 Trojan.Generic.1442776
Ikarus T3.1.1.45.0 2009.02.27 VirTool.Win32.DelfInject
K7AntiVirus 7.10.648 2009.02.26 Trojan.Win32.Malware.4
Kaspersky 7.0.0.125 2009.02.27 Trojan.Win32.Agent2.dsj
McAfee 5537 2009.02.26 Generic Dropper.df
McAfee+Artemis 5537 2009.02.26 Generic!Artemis
Microsoft 1.4306 2009.02.27 VirTool:Win32/DelfInject.gen!X
NOD32 3893 2009.02.26 Win32/TrojanDownloader.FakeAlert.VK
Norman 6.00.06 2009.02.26 W32/Agent.LRSQ
nProtect 2009.1.8.0 2009.02.27 Trojan/W32.Inject.22528.L
Panda 10.0.0.10 2009.02.26 Trj/Zlob.KH
PCTools 4.4.2.0 2009.02.26 -
Prevx1 V2 2009.02.27 Medium Risk Malware
Rising 21.18.41.00 2009.02.27 Backdoor.Win32.Delf.dqz
SecureWeb-Gateway 6.0.0 2009.02.27 Trojan.Agent2.dsj
Sophos 4.39.0 2009.02.27 -
Sunbelt 3.2.1858.2 2009.02.26 Trojan.Win32.Agent2.dsj
Symantec 10 2009.02.27 Trojan Horse
TheHacker 6.3.2.5.266 2009.02.26 Trojan/Agent2.dsj
TrendMicro 8.700.0.1004 2009.02.27 PAK_Generic.001
VBA32 3.12.10.1 2009.02.26 Trojan.Win32.Agent2.dsj
ViRobot 2009.2.27.1626 2009.02.27 -
VirusBuster 4.5.11.0 2009.02.26 -
Дополнительная информация
File size: 22528 bytes
MD5...: de1ecdd0a9423086b8ecd04684041992
SHA1..: e7ab5a480a92efb6d7e14551b72294ce45f90006
SHA256: 3fe8d4e3982e70fd84c59e19fc8994cb8b4520b67e964089ce bc46d3c4631cb2
SHA512: 5383ccbff810a61eead388d113ef1c00c1873fced37315c255 b8b98d457c0b83
97b3afa07d231040f3831cccd03d4bc3ed8012b214e536a134 7228ce6c311e2d
ssdeep: 384:VjvfIDAtPsU5shLRSyQYWV5aPcIuPQHtiaM9bgjsfAGPzU gaPfg99vTrrjQF
f:VjHIDAx3ShJWVcPZuvaMSjsdzpkf29LG
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

ЗЫ. При таком детекте оно еще живет и распространяется...


Файл vksaver-install.exe получен 2009.02.27 08:53:52 (CET)
Текущий статус: закончено
Результат: 6/39 (15.39%)

a-squared 4.0.0.101 2009.02.27 -
AhnLab-V3 5.0.0.2 2009.02.26 -
AntiVir 7.9.0.98 2009.02.27 -
Authentium 5.1.0.4 2009.02.27 -
Avast 4.8.1335.0 2009.02.26 -
AVG 8.0.0.237 2009.02.26 -
BitDefender 7.2 2009.02.27 -
CAT-QuickHeal 10.00 2009.02.27 -
ClamAV 0.94.1 2009.02.27 -
Comodo 986 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.27 Trojan.Sniff
eSafe 7.0.17.0 2009.02.26 Win32.Malware
eTrust-Vet 31.6.6376 2009.02.27 -
F-Prot 4.4.4.56 2009.02.26 -
F-Secure 8.0.14470.0 2009.02.27 W32/Malware
Fortinet 3.117.0.0 2009.02.27 -
GData 19 2009.02.27 -
Ikarus T3.1.1.45.0 2009.02.27 -
K7AntiVirus 7.10.648 2009.02.26 -
Kaspersky 7.0.0.125 2009.02.27 -
McAfee 5537 2009.02.26 -
McAfee+Artemis 5537 2009.02.26 -
Microsoft 1.4306 2009.02.27 -
NOD32 3893 2009.02.26 -
Norman 6.00.06 2009.02.26 Malware.FSDH
nProtect 2009.1.8.0 2009.02.27 -
Panda 10.0.0.10 2009.02.26 Suspicious file
PCTools 4.4.2.0 2009.02.26 -
Prevx1 V2 2009.02.27 High Risk Worm
Rising 21.18.41.00 2009.02.27 -
SecureWeb-Gateway 6.0.0 2009.02.27 -
Sophos 4.39.0 2009.02.27 -
Sunbelt 3.2.1858.2 2009.02.26 -
Symantec 10 2009.02.27 -
TheHacker 6.3.2.5.266 2009.02.26 -
TrendMicro 8.700.0.1004 2009.02.27 -
VBA32 3.12.10.1 2009.02.26 -
ViRobot 2009.2.27.1626 2009.02.27 -
VirusBuster 4.5.11.0 2009.02.26 -
File size: 66531 bytes
MD5...: 3676e816fd8c788a0b11af17f4283d63
SHA1..: f41a46c76c34496397310ff44dd106b9389773f8
SHA256: ef19269c9e89cd6f66427e32aa436f68e80e408f9889c96206 3b289e69a1aa12
SHA512: 17470c8c18b057fc95cd002cf5526f57460e228eec7565e722 27d1343a9fe4b1
e7d7c5c2f49724e9fc58227c386e61759ec170bbc5cd937c3a 46eb2332843998
ssdeep: 1536:GxY+TZkz1GxGTff7MbS0DymJevLPcw+YbCcpq/GM5+VFPeFGAcIHn+YbCcO
:8YL0xqfjyDymJevLPcw+YbjK0CzH+YbA

senyak
01.03.2009, 17:19
Файл discounts.exe получен 2009.03.01 14:24:04 (CET)
Текущий статус: закончено
Результат: 9/39 (23.08%)


Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.03.01 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.98 2009.02.28 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2009.02.28 -
Avast 4.8.1335.0 2009.02.28 -
AVG 8.0.0.237 2009.03.01 Injector.CD
BitDefender 7.2 2009.03.01 Trojan.Waledac.Gen.1
CAT-QuickHeal 10.00 2009.02.28 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.03.01 -
Comodo 986 2009.02.20 -
DrWeb 4.44.0.09170 2009.03.01 -
eSafe 7.0.17.0 2009.02.26 -
eTrust-Vet 31.6.6376 2009.02.27 -
F-Prot 4.4.4.56 2009.02.28 -
F-Secure 8.0.14470.0 2009.03.01 -
Fortinet 3.117.0.0 2009.03.01 -
GData 19 2009.03.01 Trojan.Waledac.Gen.1
Ikarus T3.1.1.45.0 2009.03.01 -
K7AntiVirus 7.10.649 2009.02.27 -
Kaspersky 7.0.0.125 2009.03.01 -
McAfee 5539 2009.02.28 -
McAfee+Artemis 5539 2009.02.28 -
Microsoft 1.4306 2009.03.01 -
NOD32 3897 2009.02.28 a variant of Win32/Waledac.GT
Norman 6.00.06 2009.02.27 -
nProtect 2009.1.8.0 2009.03.01 -
Panda 10.0.0.10 2009.03.01 -
PCTools 4.4.2.0 2009.03.01 -
Prevx1 V2 2009.03.01 -
Rising 21.18.62.00 2009.03.01 -
SecureWeb-Gateway 6.7.6 2009.03.01 Trojan.Crypt.XPACK.Gen
Sophos 4.39.0 2009.03.01 Sus/Waled-A
Sunbelt 3.2.1858.2 2009.02.28 -
Symantec 10 2009.03.01 Packed.Generic.210
TheHacker 6.3.2.6.268 2009.03.01 -
TrendMicro 8.700.0.1004 2009.02.27 -
VBA32 3.12.10.1 2009.03.01 -
ViRobot 2009.2.28.1628 2009.02.28 -
VirusBuster 4.5.11.0 2009.02.28 -
Дополнительная информация
File size: 411648 bytes
MD5...: 1b5faec7a955766316d3e8c099457a53
SHA1..: 178e4d7f23d2f0d3579a2aa4929b524bace1438b
SHA256: 83519a803f1878decf9fe60789442fa72f0c7b99b50ecd1b6e 630a1a414f27b2
SHA512: 7e8c77632e628f76de9816eeb96247664d27fd660e749e2f42 3a8d49e42fbd3b
b1c2bf83510a6d9d75cc0610b4083583affc54ff87c04acef7 3734ab73ba194b
ssdeep: 12288:FYF/n+QQvfJKpz20MaEBdsl4VXBmhztJ6mpXJZ:FYFWopz20MaEy4b mh/5
J



Файл 1 получен 2009.03.01 14:56:33 (CET)
Текущий статус: закончено
Результат: 7/39 (17.95%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.03.01 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.98 2009.02.28 HEUR/HTML.Malware
Authentium 5.1.0.4 2009.02.28 HTML/IFrame
Avast 4.8.1335.0 2009.02.28 HTML:Iframe-inf
AVG 8.0.0.237 2009.03.01 -
BitDefender 7.2 2009.03.01 -
CAT-QuickHeal 10.00 2009.02.28 -
ClamAV 0.94.1 2009.03.01 -
Comodo 986 2009.02.20 -
DrWeb 4.44.0.09170 2009.03.01 -
eSafe 7.0.17.0 2009.02.26 -
eTrust-Vet 31.6.6378 2009.03.01 -
F-Prot 4.4.4.56 2009.02.28 HTML/IFrame
F-Secure 8.0.14470.0 2009.03.01 -
Fortinet 3.117.0.0 2009.03.01 -
GData 19 2009.03.01 HTML:Iframe-inf
Ikarus T3.1.1.45.0 2009.03.01 -
K7AntiVirus 7.10.649 2009.02.27 -
Kaspersky 7.0.0.125 2009.03.01 -
McAfee 5539 2009.02.28 -
McAfee+Artemis 5539 2009.02.28 -
Microsoft 1.4306 2009.03.01 -
NOD32 3897 2009.02.28 -
Norman 6.00.06 2009.02.27 -
nProtect 2009.1.8.0 2009.03.01 -
Panda 10.0.0.10 2009.03.01 -
PCTools 4.4.2.0 2009.03.01 -
Prevx1 V2 2009.03.01 -
Rising 21.18.62.00 2009.03.01 -
SecureWeb-Gateway 6.7.6 2009.03.01 Heuristic.HTML.Malware
Sophos 4.39.0 2009.03.01 Mal/WaledJs-A
Sunbelt 3.2.1858.2 2009.02.28 -
Symantec 10 2009.03.01 -
TheHacker 6.3.2.6.268 2009.03.01 -
TrendMicro 8.700.0.1004 2009.02.27 -
VBA32 3.12.10.1 2009.03.01 -
ViRobot 2009.2.28.1628 2009.02.28 -
VirusBuster 4.5.11.0 2009.02.28 -
Дополнительная информация
File size: 1265 bytes
MD5...: 488be25987c46d729ec66213fa824812
SHA1..: 167124ad9842834c026cf89ce3667604cd654cca
SHA256: 9a768aa8de55ced8c0dd03a147ffaaa514d693153b3b6bc95f 2d71bf2f81ba2a
SHA512: 5cfee238316004c028095b8e07d8e1ce0a7df0f44962482f64 d2d961d435071b
76bbd83833f71c3cd861e9435829a49db19934220c4e8a9635 770edbd5a47386
ssdeep: 24:WGuU2CMyEAAKmi6L8FL2tlLxCRQQW9KFoX0MlXlvi6Lxd8P p:8VqEAAK6L8FL
2t7CjWFNlVLxda
PEiD..: -
TrID..: File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
PEInfo: -

Winsent
03.03.2009, 09:50
Complete scanning result of "jimm.jar", processed in VirusTotal at 03/03/2009 07:45:49 (CET).

[ file data ]
* name..: jimm.jar
* size..: 185922
* md5...: da9131225d5822f9d73cb61da5d9af22
* sha1..: 389dc780cb0250ee30d4c8698f29fe952faf0fe7
* peid..: -

[ scan result ]

a-squared 4.0.0.101/20090303 found nothing
AhnLab-V3 5.0.0.2/20090227 found nothing
AntiVir 7.9.0.98/20090302 found nothing
Authentium 5.1.0.4/20090303 found nothing
Avast 4.8.1335.0/20090302 found nothing
AVG 8.0.0.237/20090303 found nothing
BitDefender 7.2/20090303 found nothing
CAT-QuickHeal 10.00/20090303 found nothing
ClamAV 0.94.1/20090303 found nothing
Comodo 986/20090220 found nothing
DrWeb 4.44.0.09170/20090303 found nothing
eSafe 7.0.17.0/20090302 found nothing
eTrust-Vet 31.6.6381/20090303 found nothing
F-Prot 4.4.4.56/20090302 found nothing
F-Secure 8.0.14470.0/20090303 found [RiskTool.J2ME.SMSreg.b]
Fortinet 3.117.0.0/20090303 found nothing
GData 19/20090303 found nothing
Ikarus T3.1.1.45.0/20090303 found nothing
K7AntiVirus 7.10.654/20090302 found nothing
Kaspersky 7.0.0.125/20090303 found [not-a-virus:RiskTool.J2ME.SMSreg.b]
McAfee 5541/20090302 found nothing
McAfee+Artemis 5541/20090302 found nothing
Microsoft 1.4306/20090302 found nothing
NOD32 3902/20090302 found nothing
Norman 6.00.06/20090302 found nothing
nProtect 2009.1.8.0/20090303 found nothing
Panda 10.0.0.10/20090302 found nothing
PCTools 4.4.2.0/20090302 found nothing
Prevx1 V2/20090303 found nothing
Rising 21.19.10.00/20090303 found nothing
SecureWeb-Gateway 6.7.6/20090303 found nothing
Sophos 4.39.0/20090303 found nothing
Sunbelt 3.2.1858.2/20090302 found nothing
Symantec 10/20090303 found nothing
TheHacker 6.3.2.6.269/20090302 found nothing
TrendMicro 8.700.0.1004/20090303 found nothing
VBA32 3.12.10.1/20090303 found nothing
ViRobot 2009.3.3.1631/20090303 found nothing
VirusBuster 4.5.11.0/20090302 found nothing

Black_N
03.03.2009, 13:00
Файл 3.exe получен 2009.03.03 10:38:25 (CET)
Текущий статус: закончено
Результат: 2/39 (5.13%)
Цитата:

a-squared 4.0.0.101 2009.03.03 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.98 2009.03.03 -
Authentium 5.1.0.4 2009.03.03 -
Avast 4.8.1335.0 2009.03.02 -
AVG 8.0.0.237 2009.03.03 -
BitDefender 7.2 2009.03.03 -
CAT-QuickHeal 10.00 2009.03.03 -
ClamAV 0.94.1 2009.03.03 -
Comodo 1017 2009.03.03 -
DrWeb 4.44.0.09170 2009.03.03 -
eSafe 7.0.17.0 2009.03.02 -
eTrust-Vet 31.6.6381 2009.03.03 -
F-Prot 4.4.4.56 2009.03.02 -
F-Secure 8.0.14470.0 2009.03.03 -
Fortinet 3.117.0.0 2009.03.03 -
GData 19 2009.03.03 -
Ikarus T3.1.1.45.0 2009.03.03 -
K7AntiVirus 7.10.654 2009.03.02 -
Kaspersky 7.0.0.125 2009.03.03 -
McAfee 5541 2009.03.02 -
McAfee+Artemis 5541 2009.03.02 -
Microsoft 1.4306 2009.03.03 -
NOD32 3902 2009.03.02 -
Norman 6.00.06 2009.03.02 W32/Zlob.CYXP
nProtect 2009.1.8.0 2009.03.03 -
Panda 10.0.0.10 2009.03.02 -
PCTools 4.4.2.0 2009.03.02 -
Prevx1 V2 2009.03.03 -
Rising 21.19.11.00 2009.03.03 -
SecureWeb-Gateway 6.7.6 2009.03.03 -
Sophos 4.39.0 2009.03.03 -
Sunbelt 3.2.1858.2 2009.03.02 <Encrypted Archive>
Symantec 10 2009.03.03 -
TheHacker 6.3.2.6.269 2009.03.02 -
TrendMicro 8.700.0.1004 2009.03.03 -
VBA32 3.12.10.1 2009.03.03 -
ViRobot 2009.3.3.1631 2009.03.03 -
VirusBuster 4.5.11.0 2009.03.02 -

Дополнительная информация
File size: 11735191 bytes
MD5...: 579ee530d8d6bd3cf7beb13aeec5fe30
SHA1..: 92bc0cc76e7c43a8a4afb1afd3bb6ccd8445c53c
SHA256: f46e372751155b25d15d89e6b9d8edfcb2cf864c2cee680a8e f27edc19db3d67
SHA512: e4186e5d3819ee1d1f8e1033737de778acff22443e2a1e9f20 f38909edbd98d3
6d7bd98b18eea78a183e292b2fe147a36d1955d1cb47cb5c1d d4fc6b91eb8dae
ssdeep: 196608:FTLWeZd0IULK/TJFDFSSvQRPAdtPwmm1BPli4ahhjKlgX3TNAJeR:oeZd
0E/TJdF1oRPAdRmr/ahhjigX3yJK
PEiD..: Armadillo v1.71
TrID..: File type identification
Win64 Executable Generic (54.6%)
Win32 Executable MS Visual C++ (generic) (24.0%)
Windows Screen Saver (8.3%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x173a6
timedatestamp.....: 0x47d6fa36 (Tue Mar 11 21:31:34 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2e906 0x2f000 6.60 9ba09777227435273354d46c8470fbd3
.rdata 0x30000 0x842e 0x9000 4.58 ec25192b7421c9cc51f1a1283f96b143
.data 0x39000 0x9d08 0x6000 2.68 e4b5677a176f441e4836113962ecddba
.rsrc 0x43000 0x9998 0xa000 4.75 91c466c33a8b81107d6d20fbb56fd1da

( 8 imports )
> KERNEL32.dll: WritePrivateProfileStringA, GetProcessVersion, SizeofResource, GetCPInfo, GetOEMCP, RtlUnwind, ExitProcess, TerminateProcess, HeapFree, HeapAlloc, RaiseException, GetTimeZoneInformation, GetSystemTime, GetLocalTime, HeapReAlloc, SetEnvironmentVariableA, SetCurrentDirectoryA, GetStartupInfoA, GetCommandLineA, GetACP, HeapSize, LCMapStringA, LCMapStringW, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, VirtualFree, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, CompareStringA, CompareStringW, GetFileType, SetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, GlobalFlags, SetErrorMode, TlsGetValue, GetProfileStringA, LocalReAlloc, TlsSetValue, GlobalReAlloc, TlsFree, GlobalHandle, TlsAlloc, LocalAlloc, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, SetFileTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetFileTime, MulDiv, SetLastError, FreeLibrary, GetVersion, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GetModuleHandleA, GlobalUnlock, GlobalFree, LockResource, FindResourceA, LoadResource, GlobalLock, GlobalAlloc, GlobalDeleteAtom, GetCurrentThread, GetCurrentThreadId, lstrcmpiA, LoadLibraryA, GetProcAddress, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, WriteFile, GetCurrentProcess, DuplicateHandle, lstrcmpA, FileTimeToSystemTime, MultiByteToWideChar, WideCharToMultiByte, InterlockedDecrement, CreateDirectoryA, MoveFileA, SetVolumeLabelA, GetDriveTypeA, GetCurrentDirectoryA, GetFileSize, GetDiskFreeSpaceA, FormatMessageA, LocalFree, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, lstrlenA, CreateProcessA, GetLastError, GetExitCodeProcess, GetTempPathA, GetModuleFileNameA, RemoveDirectoryA, SetFileAttributesA, DeleteFileA, InterlockedIncrement, FindNextFileA, CreateFileA, SetFilePointer, ReadFile, CloseHandle, GetFullPathNameA, lstrcpynA, GetVolumeInformationA, GetFileAttributesA, lstrcpyA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, HeapCreate
> USER32.dll: ScreenToClient, AdjustWindowRectEx, GetSysColor, MapWindowPoints, UpdateWindow, ClientToScreen, GetWindowDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, LoadStringA, GetClassNameA, PtInRect, GetSysColorBrush, InflateRect, DestroyMenu, InvalidateRect, WinHelpA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, CreateWindowExA, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, RemovePropA, DefWindowProcA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, GetWindow, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, CopyRect, GetDC, ReleaseDC, EndDialog, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetNextDlgTabItem, GetMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, GetCursorPos, SetWindowsHookExA, GetLastActivePopup, UnhookWindowsHookEx, GetParent, SetFocus, IsWindowEnabled, ShowWindow, SetWindowPos, SetWindowLongA, GetDlgCtrlID, GetWindowTextLengthA, GetWindowTextA, SetWindowTextA, GetWindowLongA, IsDialogMessageA, SendDlgItemMessageA, GetDlgItem, CharUpperA, IsWindow, PostQuitMessage, UnregisterClassA, HideCaret, ShowCaret, CharToOemBuffA, OemToCharBuffA, wsprintfA, MsgWaitForMultipleObjects, TranslateMessage, DispatchMessageA, MessageBoxA, GetTopWindow, RegisterWindowMessageA, GetCapture, EnableWindow, LoadCursorA, SetCursor, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, PostMessageA, LoadIconA, SendMessageA, PeekMessageA, IsWindowUnicode, CharNextA, DefDlgProcA, DrawFocusRect, ExcludeUpdateRgn, GetFocus
> GDI32.dll: SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, IntersectClipRect, DeleteObject, GetDeviceCaps, CreateSolidBrush, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, SetBkMode, GetStockObject, SelectObject, RestoreDC, SaveDC, DeleteDC, GetObjectA, SetBkColor, SetTextColor, GetClipBox, PatBlt, CreateDIBitmap, GetTextExtentPointA, BitBlt, CreateCompatibleDC, CreateBitmap
> comdlg32.dll: GetFileTitleA
> WINSPOOL.DRV: DocumentPropertiesA, ClosePrinter, OpenPrinterA
> ADVAPI32.dll: RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegSetValueExA
> SHELL32.dll: SHFileOperationA
> COMCTL32.dll: -

( 0 exports )
packers (F-Prot): ZIP

Erekle
06.03.2009, 02:14
Файл ConfDriver.exe получен 2009.03.06 00:09:46 (CET)
Результат: 17/39 (43.59%)

a-squared 4.0.0.101 2009.03.05 -
AhnLab-V3 5.0.0.2 2009.02.27 Win-Trojan/Buzus.29184.AK
AntiVir 7.9.0.100 2009.03.05 -
Authentium 5.1.0.4 2009.03.05 -
Avast 4.8.1335.0 2009.03.05 -
AVG 8.0.0.237 2009.03.05 Generic12.ASUT
BitDefender 7.2 2009.03.05 Backdoor.Hamweq.B
CAT-QuickHeal 10.00 2009.03.05 Trojan.Buzus.afet
ClamAV 0.94.1 2009.03.05 -
Comodo 1027 2009.03.05 Worm.Win32.AutoRun.~ZU
DrWeb 4.44.0.09170 2009.03.05 Trojan.Inject.5370
eSafe 7.0.17.0 2009.03.05 Suspicious File
eTrust-Vet 31.6.6384 2009.03.05 Win32/SillyAutorun.AJE
F-Prot 4.4.4.56 2009.03.05 -
F-Secure 8.0.14470.0 2009.03.05 Worm.Win32.AutoRun.erh
Fortinet 3.117.0.0 2009.03.05 -
GData 19 2009.03.05 Backdoor.Hamweq.B
Ikarus T3.1.1.45.0 2009.03.05 -
K7AntiVirus 7.10.659 2009.03.05 -
Kaspersky 7.0.0.125 2009.03.05 Worm.Win32.AutoRun.erh
McAfee 5544 2009.03.05 -
McAfee+Artemis 5544 2009.03.05 -
Microsoft 1.4405 2009.03.06 Worm:Win32/Hamweq.A
NOD32 3911 2009.03.05 Win32/AutoRun.KS
Norman 6.00.06 2009.03.05 -
nProtect 2009.1.8.0 2009.03.05 -
Panda 10.0.0.10 2009.03.05 -
PCTools 4.4.2.0 2009.03.05 -
Prevx1 V2 2009.03.06 Medium Risk Malware
Rising 21.19.32.00 2009.03.05 -
SecureWeb-Gateway 6.7.6 2009.03.05 -
Sophos 4.39.0 2009.03.05 -
Sunbelt 3.2.1858.2 2009.03.05 -
Symantec 10 2009.03.06 -
TheHacker 6.3.2.7.272 2009.03.05 -
TrendMicro 8.700.0.1004 2009.03.05 PAK_Generic.001
VBA32 3.12.10.1 2009.03.05 Trojan.Win32.Buzus.afet
ViRobot 2009.3.5.1635 2009.03.05 -
VirusBuster 4.5.11.0 2009.03.05 Worm.AutoRun.FYJ
Дополнительная информация
File size: 29184 bytes
MD5...: 1a5f91554aad217185271b3414e10dcd
SHA1..: d6989ce427e0ff4e723cb11fa09f42147a2b347d
SHA256: 5febb6cef268db2c9c9ad227587f79dae1825a9d2db381afce b1ff98add214fe
___________________________

(eTrust - хорошо сказал :) )

vlad179
06.03.2009, 13:47
Файл avz00001.dta получен 2009.03.06 11:06:59 (CET)

Результат: 4/38 (10.53%)


Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.03.06 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.105 2009.03.06 -
Authentium 5.1.0.4 2009.03.06 -
Avast 4.8.1335.0 2009.03.05 -
AVG 8.0.0.237 2009.03.05 Adload_r.HT
BitDefender 7.2 2009.03.06 -
CAT-QuickHeal 10.00 2009.03.06 -
ClamAV 0.94.1 2009.03.06 -
Comodo 1027 2009.03.05 -
DrWeb 4.44.0.09170 2009.03.06 -
eSafe 7.0.17.0 2009.03.05 -
eTrust-Vet 31.6.6384 2009.03.05 -
F-Prot 4.4.4.56 2009.03.05 W32/Hexzone.B.gen!Eldorado
F-Secure 8.0.14470.0 2009.03.06 Trojan-Downloader.Win32.Agent.bjtm
Fortinet 3.117.0.0 2009.03.06 -
GData 19 2009.03.06 -
Ikarus T3.1.1.45.0 2009.03.06 -
K7AntiVirus 7.10.659 2009.03.05 -
Kaspersky 7.0.0.125 2009.03.06 Trojan-Downloader.Win32.Agent.bjtm
McAfee 5544 2009.03.05 -
McAfee+Artemis 5544 2009.03.05 -
Microsoft 1.4405 2009.03.06 -
NOD32 3912 2009.03.06 -
Norman 6.00.06 2009.03.05 -
nProtect 2009.1.8.0 2009.03.06 -
Panda 10.0.0.10 2009.03.05 -
PCTools 4.4.2.0 2009.03.05 -
Prevx1 V2 2009.03.06 -
Rising 21.19.42.00 2009.03.06 -
SecureWeb-Gateway 6.7.6 2009.03.06 -
Sophos 4.39.0 2009.03.06 -
Sunbelt 3.2.1858.2 2009.03.06 -
Symantec 10 2009.03.06 -
TheHacker 6.3.2.7.273 2009.03.06 -
TrendMicro 8.700.0.1004 2009.03.05 -
ViRobot 2009.3.6.1637 2009.03.06 -
VirusBuster 4.5.11.0 2009.03.05 -

Дополнительная информация
File size: 509952 bytes
MD5...: 46e1e2567163dca639a3eea51399423c
SHA1..: a8c1b02c5d373cbe33dc13519e4a68a1db1d7bb6
SHA256: 6e2135bdeaeeccb22b1cb7857362980e90f50e225dac599355 e2f47557fce12e
SHA512: 4df4bf98b91ff024737143a08863144d588dbb0395c989ba07 af24218d2f39eb
077f058691b23fb20931d9601e2ff61eb9b6a03d73d1493aef 0b7a83a9d31957
ssdeep: 12288:XH7t3DuI5p1LTVS9c2UIm98ODaPQUPKj1BO5RQEDHM1d DG:Xbt3yKp1LTV
KcgfYPj1BAR57MXi

senyak
09.03.2009, 22:14
Файл ______________.exe получен 2009.03.09 20:13:40 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 15/39 (38.47%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.03.09 Trojan-PWS.Win32.VKont!IK
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.107 2009.03.09 TR/PSW.VKont.A
Authentium 5.1.0.4 2009.03.09 -
Avast 4.8.1335.0 2009.03.09 Win32:Trojan-gen {Other}
AVG 8.0.0.237 2009.03.09 PSW.Generic6.BBIK
BitDefender 7.2 2009.03.09 Trojan.Generic.1406945
CAT-QuickHeal 10.00 2009.03.09 TrojanPSW.VKont.a
ClamAV 0.94.1 2009.03.09 -
Comodo 1039 2009.03.09 TrojWare.Win32.PSW.VKont.~A
DrWeb 4.44.0.09170 2009.03.09 Trojan.PWS.Vkontakte.6
eSafe 7.0.17.0 2009.03.09 -
eTrust-Vet 31.6.6387 2009.03.09 -
F-Prot 4.4.4.56 2009.03.08 -
F-Secure 8.0.14470.0 2009.03.09 Trojan-PSW.Win32.VKont.a
Fortinet 3.117.0.0 2009.03.09 -
GData 19 2009.03.09 Trojan.Generic.1406945
Ikarus T3.1.1.45.0 2009.03.09 Trojan-PWS.Win32.VKont
K7AntiVirus 7.10.664 2009.03.09 -
Kaspersky 7.0.0.125 2009.03.09 Trojan-PSW.Win32.VKont.a
McAfee 5548 2009.03.09 -
McAfee+Artemis 5548 2009.03.09 -
Microsoft 1.4405 2009.03.09 -
NOD32 3921 2009.03.09 -
Norman 6.00.06 2009.03.09 -
nProtect 2009.1.8.0 2009.03.09 Trojan-PWS/W32.VKont.813568
Panda 10.0.0.10 2009.03.09 -
PCTools 4.4.2.0 2009.03.09 -
Prevx1 V2 2009.03.09 -
Rising 21.20.02.00 2009.03.09 -
SecureWeb-Gateway 6.7.6 2009.03.09 Trojan.PSW.VKont.A
Sophos 4.39.0 2009.03.09 -
Sunbelt 3.2.1858.2 2009.03.08 -
Symantec 1.4.4.12 2009.03.09 -
TheHacker 6.3.3.0.277 2009.03.09 -
TrendMicro 8.700.0.1004 2009.03.09 -
VBA32 3.12.10.1 2009.03.09 Trojan-PSW.Win32.VKont.a
ViRobot 2009.3.9.1641 2009.03.09 -
VirusBuster 4.5.11.0 2009.03.09 -
Дополнительная информация
File size: 813568 bytes
MD5...: 85740a68e38e51807b1fd4f9190378e3
SHA1..: 995f5fd65a8c9ac8be5aa324e9b35fc51f5f0591
SHA256: 062fc5d9ac296d44223a5ef1b39f2ba9c2f9c12511e84a993d bbf3e3fa7838eb
SHA512: 071696ae10178453a8825bc61e97cb7e617641238d1d391020 12aaf4a7949c12
a7345277494a821cdcee05d77d29d2aa2e137e88cad2b5aed3 73f16899d6cddf
ssdeep: 12288:R/jDEG2cYpCXUm6AJGAh6QkkkmRKcjRula43e:pnSDCXOLik4K1p 3
PEiD..: BobSoft Mini Delphi -> BoB / BobSoft

ISO
11.03.2009, 13:17
File ximr.pif received on 03.11.2009 11:10:09 (CET)
Result: 6/39 (15.39%)


Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.11 -
AhnLab-V3 5.0.0.2 2009.03.11 -
AntiVir 7.9.0.109 2009.03.11 Worm/Autorun.esq
Authentium 5.1.0.4 2009.03.10 -
Avast 4.8.1335.0 2009.03.10 -
AVG 8.0.0.237 2009.03.10 -
BitDefender 7.2 2009.03.11 -
CAT-QuickHeal 10.00 2009.03.11 Worm.AutoRun.upf
ClamAV 0.94.1 2009.03.11 -
Comodo 1046 2009.03.10 Unclassified Malware
DrWeb 4.44.0.09170 2009.03.11 -
eSafe 7.0.17.0 2009.03.11 Win32.Worm.AutoRun.u
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.10 -
F-Secure 8.0.14470.0 2009.03.11 -
Fortinet 3.117.0.0 2009.03.11 -
GData 19 2009.03.11 -
Ikarus T3.1.1.45.0 2009.03.11 -
K7AntiVirus 7.10.665 2009.03.10 -
Kaspersky 7.0.0.125 2009.03.11 -
McAfee 5549 2009.03.10 -
McAfee+Artemis 5549 2009.03.10 -
Microsoft 1.4405 2009.03.11 -
NOD32 3925 2009.03.11 -
Norman 6.00.06 2009.03.10 -
nProtect 2009.1.8.0 2009.03.11 -
Panda 10.0.0.10 2009.03.10 -
PCTools 4.4.2.0 2009.03.10 -
Prevx1 V2 2009.03.11 -
Rising 21.20.22.00 2009.03.11 -
SecureWeb-Gateway 6.7.6 2009.03.11 Worm.Autorun.esq
Sophos 4.39.0 2009.03.11 -
Sunbelt 3.2.1858.2 2009.03.10 -
Symantec 1.4.4.12 2009.03.11 -
TheHacker 6.3.3.0.278 2009.03.11 W32/AutoRun.esq
TrendMicro 8.700.0.1004 2009.03.11 -
VBA32 3.12.10.1 2009.03.11 -
ViRobot 2009.3.11.1645 2009.03.11 -
VirusBuster 4.5.11.0 2009.03.10 -
Additional information
File size: 97791 bytes
MD5...: df7ebd547e890c70d0e802454168b346
SHA1..: 4e6f4197ee2563ed06946c6016d4fac1082ed1fe
SHA256: dfa991a20f3c184292e2eb3500ebfa3466bcaa06ae0d84e893 3df9f18c7302f1
SHA512: 182a46b08005b3a7ac4f9a1738d52ad6c667721472a86a989f f2c305c952d027
25cd75c39cc2e2f93c9aefb9709c3b7919a06bc3cec4b22417 9d5061bc1962f7
ssdeep: 1536:YEwOnbNQKLjWDyy1o5RepJUEbooPRrKKRSq6Hn:Y2NQKP WDyDRepJltZrpR
SfH
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information

GeorgeS
11.03.2009, 16:21
А график за февраль будет опубликован?

ike
11.03.2009, 22:33
Поддерживаю GeorgeS по данному вопросу. Каждый день захожу, смотрю не появился ли график за февраль.

IgorKr
11.03.2009, 23:12
Файл DrShark_cracked.exe получен 2009.03.11 14:31:44 (CET)
Текущий статус: закончено
Результат: 9/39 (23.08%)



a-squared - - -
AhnLab-V3 - - -
AntiVir - - TR/Drop.RKit.CM
Authentium - - -
Avast - - -
AVG - - Downloader.Generic_r.DA
BitDefender - - -
CAT-QuickHeal - - (Suspicious) - DNAScan
ClamAV - - -
Comodo - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
F-Prot - - W32/Bepiv.A.gen!Eldorado
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
McAfee+Artemis - - -
Microsoft - - Trojan:Win32/Tibs.IR
NOD32 - - a variant of Win32/AdProt.AF
Norman - - -
nProtect - - -
Panda - - Suspicious file
PCTools - - -
Prevx1 - - -
Rising - - -
SecureWeb-Gateway - - Trojan.Drop.RKit.CM
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - BScope.Zhelatin.13
ViRobot - - -
VirusBuster - - -


Дополнительная информация
MD5: 7b60db539c761b2babd2d15f2b49f525
SHA1: b3bc4af1e0b5cf052012d3b109b41f642721db3f
SHA256: 375072eab89a611d7f82be38d4ba7b2c7aa366cb5f7fcb5d15 5a1b3f4b36f1a4
SHA512: 212aa4fd7ebc996d09a8339f207af2b6665325ea91fb4b264c f887e14c9dc32460dce745dbb37a99b13a8ae20436a41c13ab f1273db322b4aa1f1f729beb5afb

Добавлено через 13 минут

Файл mouth_drillers_keygen.exe получен 2009.03.11 00:40:20 (CET)
Текущий статус: закончено
Результат: 11/39 (28.21%)



a-squared 4.0.0.101 2009.03.10 Trojan.Win32.Bepiv!IK
AhnLab-V3 5.0.0.2 2009.03.10 -
AntiVir 7.9.0.107 2009.03.10 TR/Drop.RKit.CM
Authentium 5.1.0.4 2009.03.10 -
Avast 4.8.1335.0 2009.03.10 -
AVG 8.0.0.237 2009.03.10 Downloader.Generic_r.DA
BitDefender 7.2 2009.03.11 -
CAT-QuickHeal 10.00 2009.03.10 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.03.10 -
Comodo 1046 2009.03.10 -
DrWeb 4.44.0.09170 2009.03.11 -
eSafe 7.0.17.0 2009.03.09 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.10 W32/Bepiv.A.gen!Eldorado
F-Secure 8.0.14470.0 2009.03.10 -
Fortinet 3.117.0.0 2009.03.10 -
GData 19 2009.03.10 -
Ikarus T3.1.1.45.0 2009.03.10 Trojan.Win32.Bepiv
K7AntiVirus 7.10.665 2009.03.10 -
Kaspersky 7.0.0.125 2009.03.11 -
McAfee 5549 2009.03.10 -
McAfee+Artemis 5549 2009.03.10 -
Microsoft 1.4405 2009.03.10 Trojan:Win32/Tibs.IR
NOD32 3924 2009.03.10 a variant of Win32/AdProt.AF
Norman 6.00.06 2009.03.10 -
nProtect 2009.1.8.0 2009.03.10 -
Panda 10.0.0.10 2009.03.10 Suspicious file
PCTools 4.4.2.0 2009.03.10 -
Prevx1 V2 2009.03.11 -
Rising 21.20.11.00 2009.03.10 -
SecureWeb-Gateway 6.7.6 2009.03.10 Trojan.Drop.RKit.CM
Sophos 4.39.0 2009.03.10 -
Sunbelt 3.2.1858.2 2009.03.10 -
Symantec 1.4.4.12 2009.03.11 -
TheHacker 6.3.3.0.278 2009.03.10 -
TrendMicro 8.700.0.1004 2009.03.10 -
VBA32 3.12.10.1 2009.03.10 BScope.Zhelatin.13
ViRobot 2009.3.10.1643 2009.03.10 -
VirusBuster 4.5.11.0 2009.03.10 -


Tamano archivo: 423936 bytes
MD5...: 3d085efeb45e1235dd20f32fef05d9f5
SHA1..: fa10896649a0ec80b206b0fc63b5be17ee9ff868
SHA256: 4f89a1911484c61caf4af3412cbcf9abdb052a55bf8e307412 4fadbb20bff7e6
SHA512: cbd6179648adc70143f34e08160a0d9cefb97bca9a9f770231 75b8ba4d1bdff5
280fa19dd5d56c2d6e4f833347fa91b8c3131b29e5d5edabff 2563ab9d225d98
ssdeep: 6144:yKkVQxrxKG9cUxMNuFFg0SRDA8k0PO5lTjJ8+nb/xznFl:BfxrxKG9cUxem
r2k0PKl3J8+bZzT
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x78516
timedatestamp.....: 0x49b35db2 (Sun Mar 08 05:54:58 2009)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x12192 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x14000 0xfa8c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x24000 0x39a4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x28000 0x3a480 0x2a000 4.11 2bee61ed43584c597a888b692b42b04a
.vmp0 0x63000 0x10944 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.vmp1 0x74000 0x3d074 0x3d200 7.95 057bdd7375ca355e49aad0d903075749
.reloc 0xb2000 0x98 0x200 1.91 7ce32232fd37f057468080eaef446b63

( 9 imports )
> KERNEL32.dll: GlobalLock
> USER32.dll: LoadCursorA
> ADVAPI32.dll: RegEnumKeyExA
> ole32.dll: CoTaskMemRealloc
> OLEAUT32.dll: -
> GDI32.dll: GetStockObject
> ntdll.dll: RtlFreeHeap
> KERNEL32.dll: LoadLibraryA, VirtualProtect, GetModuleFileNameA, ExitProcess
> USER32.dll: MessageBoxA

( 0 exports )

Rampant
13.03.2009, 20:34
File Putty.zip received on 03.13.2009 15:08:55 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 23/39 (58.98%)

a-squared 4.0.0.101 2009.03.13 Backdoor.Win32.Bifrose!IK
AhnLab-V3 5.0.0.2 2009.03.13 -
AntiVir 7.9.0.114 2009.03.13 BDS/Bifrose.abwo
Authentium 5.1.0.4 2009.03.13 W32/Backdoor2.DEIA
Avast 4.8.1335.0 2009.03.12 -
AVG 8.0.0.237 2009.03.13 -
BitDefender 7.2 2009.03.13 -
CAT-QuickHeal 10.00 2009.03.13 Backdoor.Bifrose.afuq
ClamAV 0.94.1 2009.03.13 -
Comodo 1053 2009.03.13 Backdoor.Win32.Bifrose.~XH
DrWeb 4.44.0.09170 2009.03.13 -
eSafe 7.0.17.0 2009.03.12 Suspicious File
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.13 W32/Backdoor2.DEIA
F-Secure 8.0.14470.0 2009.03.13 Backdoor.Win32.Bifrose.afuq
Fortinet 3.117.0.0 2009.03.13 PossibleThreat
GData 19 2009.03.13 -
Ikarus T3.1.1.45.0 2009.03.13 Backdoor.Win32.Bifrose
K7AntiVirus 7.10.668 2009.03.12 Backdoor.Win32.Bifrose.afuq
Kaspersky 7.0.0.125 2009.03.13 Backdoor.Win32.Bifrose.afuq
McAfee 5551 2009.03.12 Backdoor-CEP
McAfee+Artemis 5551 2009.03.12 Backdoor-CEP
McAfee-GW-Edition 6.7.6 2009.03.13 Trojan.Backdoor.Bifrose.abwo
Microsoft 1.4405 2009.03.13 -
NOD32 3934 2009.03.13 probably a variant of Win32/Bifrose
Norman 6.00.06 2009.03.13 W32/Bifrose.AKOL
nProtect 2009.1.8.0 2009.03.13 -
Panda 10.0.0.10 2009.03.13 Bck/Bifrose.AKL
PCTools 4.4.2.0 2009.03.13 -
Prevx1 V2 2009.03.13 -
Rising 21.20.42.00 2009.03.13 -
Sophos 4.39.0 2009.03.13 -
Sunbelt 3.2.1858.2 2009.03.13 Backdoor.Win32.Bifrose.afuq
Symantec 1.4.4.12 2009.03.13 Backdoor.Bifrose
TheHacker 6.3.3.0.281 2009.03.13 Backdoor/Bifrose.abwo
TrendMicro 8.700.0.1004 2009.03.13 -
VBA32 3.12.10.1 2009.03.12 Backdoor.Win32.Bifrose.afuq
ViRobot 2009.3.13.1648 2009.03.13 -
VirusBuster 4.6.5.0 2009.03.13 Backdoor.Bifrose.KRU

File size: 217658 bytes
MD5...: dbe5288e7b022eddfcefa03bb16705ce
SHA1..: ee7fac7ae06f8a9b034c33dfae94bb99793c625e
SHA256: ae4ec7685d1471a9f905bb984c9c055c7845fee539ff1369af 112a6c90f8967a
SHA512: 882b308a46b36b79cdfdda9d4e267946adfe91bf3dcbf6fd72 79a6d7092c4819
448871475167d3d97969d84e79573366b67a61a9e5567222b5 0cfd9ec816082d
ssdeep: 6144:5fIcYuyczDuxxuoATKgC9u1CH2hulI6Z6VLW4nxFZ2zzV 7r:xIcYuRDuxkF
TKteC2q8LWMv61
PEiD..: -
TrID..: File type identification
ZIP compressed archive (100.0%)

Добавлено через 3 часа 6 минут

File zar80.zip received on 03.13.2009 18:12:44 (CET)
Current status: Loading ... queued waiting scanning finished
Result: 19/39 (48.72%)

a-squared 4.0.0.101 2009.03.13 Trojan.Win32.Agent!IK
AhnLab-V3 5.0.0.2 2009.03.13 -
AntiVir 7.9.0.114 2009.03.13 TR/AvKill.Y
Authentium 5.1.0.4 2009.03.13 -
Avast 4.8.1335.0 2009.03.12 Win32:AVKill-425
AVG 8.0.0.237 2009.03.13 -
BitDefender 7.2 2009.03.13 Trojan.Avkill.Y
CAT-QuickHeal 10.00 2009.03.13 -
ClamAV 0.94.1 2009.03.13 -
Comodo 1053 2009.03.13 -
DrWeb 4.44.0.09170 2009.03.13 -
eSafe 7.0.17.0 2009.03.12 Win32.TrojanHorse
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.13 -
F-Secure 8.0.14470.0 2009.03.13 -
Fortinet 3.117.0.0 2009.03.13 PossibleThreat
GData 19 2009.03.13 Trojan.Avkill.Y
Ikarus T3.1.1.45.0 2009.03.13 Trojan.Win32.Agent
K7AntiVirus 7.10.668 2009.03.12 -
Kaspersky 7.0.0.125 2009.03.13 -
McAfee 5551 2009.03.12 Generic StartPage
McAfee+Artemis 5551 2009.03.12 Generic!Artemis
McAfee-GW-Edition 6.7.6 2009.03.13 Trojan.AvKill.Y
Microsoft 1.4405 2009.03.13 Trojan:Win32/Agent
NOD32 3935 2009.03.13 probably a variant of Win32/StartPage
Norman 6.00.06 2009.03.13 -
nProtect 2009.1.8.0 2009.03.13 -
Panda 10.0.0.10 2009.03.13 Adware/Startpage.CTK
PCTools 4.4.2.0 2009.03.13 -
Prevx1 V2 2009.03.13 Medium Risk Malware
Rising 21.20.42.00 2009.03.13 Backdoor.Win32.CAK.a
Sophos 4.39.0 2009.03.13 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.03.13 -
Symantec 1.4.4.12 2009.03.13 Backdoor.Formador
TheHacker 6.3.3.0.281 2009.03.13 -
TrendMicro 8.700.0.1004 2009.03.13 -
VBA32 3.12.10.1 2009.03.12 Trojan.Dater
ViRobot 2009.3.13.1648 2009.03.13 -
VirusBuster 4.6.5.0 2009.03.13 -

File size: 2234580 bytes
MD5...: e1a120608f1737a2d9709caab14d9795
SHA1..: 3ae600e731fcf40aaedd0c552104cb39d6c5282c
SHA256: 270fece47b622b770dc74fd722af1a3ac3604795d3183ae850 a410adabffa50e
SHA512: cffeb948a5677660d53b9409f6d59f9a5ba19234b14d266d65 6ad00f02b682d6
54cc10db2235a677579bc3acb85e0fb3a7d22548977465f538 11c79277ffa117
ssdeep: 49152:G8P85o+2Hf23YbH4im7dGfcLcMWO0Hoh31nkVXZWk4ZS vTC:Ge3HQYjrm7
duc990HohlnkVXZWH7

PEiD..: -
TrID..: File type identification
ZIP compressed archive (100.0%)
PEInfo: -
packers (Kaspersky): Armadillo, WScript
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=221491A80896B6071B0119D37 DDB5A005C35FA30' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=221491A80896B6071B0119D37 DDB5A005C35FA30</a>
packers (F-Prot): ZIP, Unicode

IgorKr
13.03.2009, 23:11
Файл crack__2009__DrShark_.exe получен 2009.03.13 20:56:53 (CET)
Текущий статус: закончено
Результат: 4/39 (10.26%)



a-squared 4.0.0.101 2009.03.13 -
AhnLab-V3 5.0.0.2 2009.03.13 -
AntiVir 7.9.0.114 2009.03.13 -
Authentium 5.1.0.4 2009.03.13 -
Avast 4.8.1335.0 2009.03.12 -
AVG 8.0.0.237 2009.03.13 SHeur2.VMT
BitDefender 7.2 2009.03.13 -
CAT-QuickHeal 10.00 2009.03.13 -
ClamAV 0.94.1 2009.03.13 -
Comodo 1053 2009.03.13 -
DrWeb 4.44.0.09170 2009.03.13 -
eSafe 7.0.17.0 2009.03.12 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.13 -
F-Secure 8.0.14470.0 2009.03.13 -
Fortinet 3.117.0.0 2009.03.13 -
GData 19 2009.03.13 -
Ikarus T3.1.1.45.0 2009.03.13 -
K7AntiVirus 7.10.668 2009.03.12 -
Kaspersky 7.0.0.125 2009.03.13 -
McAfee 5552 2009.03.13 -
McAfee+Artemis 5552 2009.03.13 -
McAfee-GW-Edition 6.7.6 2009.03.13 -
Microsoft 1.4405 2009.03.13 Trojan:Win32/FakeXPA
NOD32 3935 2009.03.13 -
Norman 6.00.06 2009.03.13 -
nProtect 2009.1.8.0 2009.03.13 -
Panda 10.0.0.10 2009.03.13 -
PCTools 4.4.2.0 2009.03.13 -
Prevx1 V2 2009.03.13 High Risk Cloaked Malware
Rising 21.20.42.00 2009.03.13 -
Sophos 4.39.0 2009.03.13 -
Sunbelt 3.2.1858.2 2009.03.13 -
Symantec 1.4.4.12 2009.03.13 -
TheHacker 6.3.3.0.281 2009.03.13 -
TrendMicro 8.700.0.1004 2009.03.13 -
VBA32 3.12.10.1 2009.03.12 -
ViRobot 2009.3.13.1648 2009.03.13 -
VirusBuster 4.6.5.0 2009.03.13 Trojan.Fraudpack.Gen


Дополнительная информация
File size: 1574912 bytes
MD5...: 7368a35455b8df682be1bd6c928bf48f
SHA1..: f3f2ea8ca366d5bbf8052d2d5d483b8605ce1928
SHA256: d9c46f5f8f4c5e9406caf41cccf8358ceac58ab59f35bc3f70 99e531d90d3f60
SHA512: 492152ed9099ad766bacef7cc499175b4b0e60f680583c33d1 1ed808bb9a6289
adfb57d3ca75ca10de28c9928cc500943b8d31f9200f533dde 12555200d3445b
ssdeep: 24576:95oKLBZpodfxzOWNAhsTjFf7+j62IVPPT5A5khFNVVhB XQsyIBo/XM/Kgu
4zG:96KlAdfVQG/V+ORPPFUkNVl5E8/KH
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d3c
timedatestamp.....: 0x3e800062 (Tue Mar 25 07:08:18 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8f74 0x9000 6.62 912623f777d72e09b3e33e3eb3b92ecc
.data 0xa000 0x1bec 0x400 4.25 b67e6b028734fe3692a3080d8ebfe3b1
.rsrc 0xc000 0x176eb4 0x177000 7.98 786e08e1e3a8cd10c31f94c7de1ffa9b

( 6 imports )
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GlobalFree, GlobalUnlock, GlobalLock, GetProcAddress, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalAlloc
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports )
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=2192E52A0B541BD1F001039F5 4E7B4000423A3DF' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=2192E52A0B541BD1F001039F5 4E7B4000423A3DF</a>
packers (F-Prot): CAB

Добавлено через 14 минут

Файл setup.exe получен 2009.03.13 21:04:12 (CET)
Текущий статус: закончено
Результат: 2/39 (5.13%)



a-squared 4.0.0.101 2009.03.13 -
AhnLab-V3 5.0.0.2 2009.03.13 -
AntiVir 7.9.0.114 2009.03.13 -
Authentium 5.1.0.4 2009.03.13 -
Avast 4.8.1335.0 2009.03.13 -
AVG 8.0.0.237 2009.03.13 -
BitDefender 7.2 2009.03.13 -
CAT-QuickHeal 10.00 2009.03.13 -
ClamAV 0.94.1 2009.03.13 -
Comodo 1053 2009.03.13 -
DrWeb 4.44.0.09170 2009.03.13 -
eSafe 7.0.17.0 2009.03.12 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.13 -
F-Secure 8.0.14470.0 2009.03.13 -
Fortinet 3.117.0.0 2009.03.13 -
GData 19 2009.03.13 -
Ikarus T3.1.1.45.0 2009.03.13 -
K7AntiVirus 7.10.668 2009.03.12 -
Kaspersky 7.0.0.125 2009.03.13 -
McAfee 5552 2009.03.13 -
McAfee+Artemis 5552 2009.03.13 -
McAfee-GW-Edition 6.7.6 2009.03.13 Trojan.Dldr.Agent.xyt
Microsoft 1.4405 2009.03.13 -
NOD32 3935 2009.03.13 -
Norman 6.00.06 2009.03.13 -
nProtect 2009.1.8.0 2009.03.13 -
Panda 10.0.0.10 2009.03.13 Suspicious file
PCTools 4.4.2.0 2009.03.13 -
Prevx1 V2 2009.03.13 -
Rising 21.20.42.00 2009.03.13 -
Sophos 4.39.0 2009.03.13 -
Sunbelt 3.2.1858.2 2009.03.13 -
Symantec 1.4.4.12 2009.03.13 -
TheHacker 6.3.3.0.281 2009.03.13 -
TrendMicro 8.700.0.1004 2009.03.13 -
VBA32 3.12.10.1 2009.03.12 -
ViRobot 2009.3.13.1648 2009.03.13 -
VirusBuster 4.6.5.0 2009.03.13 -


Дополнительная информация
File size: 566784 bytes
MD5...: 3405f8153c3703fd5fe0f114182fb786
SHA1..: d84d93c5f10e36fa1fc92a9da4e404bf2c8bd9bd
SHA256: c74c967fc49bc52827256076443794e69c92c94ca566816554 58b9f2e28547dc
SHA512: 6c79fbcf5cc7d658614f9dacfafecd61b8f6d450f1c6f343a6 55b85b08046e1c
9169940ade3141cd11ab27f470b9994b5093a2f1690305e8a2 e4abc798b13cb9
ssdeep: 12288:9rQgZtTZtiRTmAndgcPxAR+Wnutrno5Hg/7SvTT3it:9CRTmqJ6R+WK2gu
rT3it
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d3c
timedatestamp.....: 0x3e800062 (Tue Mar 25 07:08:18 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8f74 0x9000 6.62 912623f777d72e09b3e33e3eb3b92ecc
.data 0xa000 0x1bec 0x400 4.25 b67e6b028734fe3692a3080d8ebfe3b1
.rsrc 0xc000 0x80d34 0x80e00 7.89 3e3af9bf02f5254927dd49dd93f800ba

( 6 imports )
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GlobalFree, GlobalUnlock, GlobalLock, GetProcAddress, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalAlloc
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports )
packers (F-Prot): CAB

Добавлено через 4 минуты

Файл DrShark_Genuine_Licence.exe получен 2009.03.13 21:07:16 (CET)
Текущий статус: закончено
Результат: 2/39 (5.13%)



a-squared 4.0.0.101 2009.03.13 -
AhnLab-V3 5.0.0.2 2009.03.13 -
AntiVir 7.9.0.114 2009.03.13 -
Authentium 5.1.0.4 2009.03.13 -
Avast 4.8.1335.0 2009.03.13 -
AVG 8.0.0.237 2009.03.13 -
BitDefender 7.2 2009.03.13 -
CAT-QuickHeal 10.00 2009.03.13 -
ClamAV 0.94.1 2009.03.13 -
Comodo 1053 2009.03.13 -
DrWeb 4.44.0.09170 2009.03.13 -
eSafe 7.0.17.0 2009.03.12 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.13 -
F-Secure 8.0.14470.0 2009.03.13 -
Fortinet 3.117.0.0 2009.03.13 -
GData 19 2009.03.13 -
Ikarus T3.1.1.45.0 2009.03.13 -
K7AntiVirus 7.10.668 2009.03.12 -
Kaspersky 7.0.0.125 2009.03.13 -
McAfee 5552 2009.03.13 -
McAfee+Artemis 5552 2009.03.13 -
McAfee-GW-Edition 6.7.6 2009.03.13 -
Microsoft 1.4405 2009.03.13 Trojan:Win32/Vundo
NOD32 3935 2009.03.13 -
Norman 6.00.06 2009.03.13 -
nProtect 2009.1.8.0 2009.03.13 -
Panda 10.0.0.10 2009.03.13 -
PCTools 4.4.2.0 2009.03.13 -
Prevx1 V2 2009.03.13 High Risk Worm
Rising 21.20.42.00 2009.03.13 -
Sophos 4.39.0 2009.03.13 -
Sunbelt 3.2.1858.2 2009.03.13 -
Symantec 1.4.4.12 2009.03.13 -
TheHacker 6.3.3.0.281 2009.03.13 -
TrendMicro 8.700.0.1004 2009.03.13 -
VBA32 3.12.10.1 2009.03.12 -
ViRobot 2009.3.13.1648 2009.03.13 -
VirusBuster 4.6.5.0 2009.03.13 -


Дополнительная информация
File size: 1672704 bytes
MD5...: 6c105d240371a1ea5d36f755e1aff12a
SHA1..: e97e50e9d266d4de297ede4cc09a443813f18d5d
SHA256: 33fd00af172d3042be85e65eebf3d1d8155eb1eaf860523c43 a9928647c4d26b
SHA512: a47186e2d2a46611d859851998c9949c4f9ff404013460be06 55d8c80018fcd6
d6ca9ddbea1381f7e431a3c548d178f721ac280c5293420a0d 210c3769a15c00
ssdeep: 49152:XbfNT8+u/TN1CQ08cTJ8IR42YU/ZuYZHFJCu5HZLE:Xbfppc28C742YmIE
Y
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d3c
timedatestamp.....: 0x3e800062 (Tue Mar 25 07:08:18 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8f74 0x9000 6.62 912623f777d72e09b3e33e3eb3b92ecc
.data 0xa000 0x1bec 0x400 4.25 b67e6b028734fe3692a3080d8ebfe3b1
.rsrc 0xc000 0x18edf8 0x18ee00 7.99 f42b03ac3ca5c83e9ef260eb47be032e

( 6 imports )
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GlobalFree, GlobalUnlock, GlobalLock, GetProcAddress, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalAlloc
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports )
packers (F-Prot): CAB

IgorKr
17.03.2009, 00:48
Файл __2008___DrShark_.exe получен 2009.03.16 22:27:07 (CET)
Текущий статус: закончено
Результат: 2/39 (5.13%)



a-squared 4.0.0.101 2009.03.16 -
AhnLab-V3 5.0.0.2 2009.03.16 -
AntiVir 7.9.0.116 2009.03.16 -
Authentium 5.1.0.4 2009.03.16 -
Avast 4.8.1335.0 2009.03.16 -
AVG 8.0.0.237 2009.03.16 -
BitDefender 7.2 2009.03.16 -
CAT-QuickHeal 10.00 2009.03.16 -
ClamAV 0.94.1 2009.03.16 -
Comodo 1060 2009.03.16 -
DrWeb 4.44.0.09170 2009.03.16 -
eSafe 7.0.17.0 2009.03.15 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.16 -
F-Secure 8.0.14470.0 2009.03.16 -
Fortinet 3.117.0.0 2009.03.16 -
GData 19 2009.03.16 -
Ikarus T3.1.1.45.0 2009.03.16 -
K7AntiVirus 7.10.673 2009.03.16 -
Kaspersky 7.0.0.125 2009.03.16 -
McAfee 5555 2009.03.16 -
McAfee+Artemis 5555 2009.03.16 -
McAfee-GW-Edition 6.7.6 2009.03.16 Trojan.Dldr.Agent.xyt
Microsoft 1.4405 2009.03.16 -
NOD32 3938 2009.03.16 -
Norman 6.00.06 2009.03.16 -
nProtect 2009.1.8.0 2009.03.16 -
Panda 10.0.0.10 2009.03.16 Suspicious file
PCTools 4.4.2.0 2009.03.16 -
Prevx1 V2 2009.03.16 -
Rising 21.21.02.00 2009.03.16 -
Sophos 4.39.0 2009.03.16 -
Sunbelt 3.2.1858.2 2009.03.15 -
Symantec 1.4.4.12 2009.03.16 -
TheHacker 6.3.3.0.283 2009.03.16 -
TrendMicro 8.700.0.1004 2009.03.16 -
VBA32 3.12.10.1 2009.03.16 -
ViRobot 2009.3.16.1650 2009.03.16 -
VirusBuster 4.6.5.0 2009.03.16 -


Дополнительная информация
File size: 566784 bytes
MD5...: aab7c653e1fba61444586e0852542b1a
SHA1..: 6199f548571059a9cef109ec5cf60077c9257e9b
SHA256: 46cb057568bb775e396f8da92462b3d8a767a638afccaf5d3a 01fd011c66e33a
SHA512: dc140248202164d22ffb01268c4625827a668ec2c4ff41c39a 47b5b0bb0c5efd
1f8b0e72f1aa0079ee09f665a9ea2b1474e521eef3d4656154 6a523e8c2bbbea
ssdeep: 12288:Dr+gZtTZtARTmAndgcPxAR+Wnutrno5Hg/7SvT:DeRTmqJ6R+WK2gur
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d3c
timedatestamp.....: 0x3e800062 (Tue Mar 25 07:08:18 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8f74 0x9000 6.62 912623f777d72e09b3e33e3eb3b92ecc
.data 0xa000 0x1bec 0x400 4.25 b67e6b028734fe3692a3080d8ebfe3b1
.rsrc 0xc000 0x80d34 0x80e00 7.89 afdf07fc94a111c9a955e17d487dc861

( 6 imports )
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GlobalFree, GlobalUnlock, GlobalLock, GetProcAddress, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalAlloc
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports )
packers (F-Prot): CAB

Добавлено через 5 минут

Файл ScreenSavers_DrShark_.exe получен 2009.03.16 22:33:16 (CET)
Текущий статус: закончено
Результат: 16/38 (42.11%)



a-squared 4.0.0.101 2009.03.16 -
AhnLab-V3 5.0.0.2 2009.03.16 -
AntiVir 7.9.0.116 2009.03.16 -
Authentium 5.1.0.4 2009.03.16 -
Avast 4.8.1335.0 2009.03.16 Win32:Trojan-gen {Other}
AVG 8.0.0.237 2009.03.16 Downloader.Generic8.YCV
BitDefender 7.2 2009.03.16 MemScan:Trojan.Generic.1465213
CAT-QuickHeal 10.00 2009.03.16 -
ClamAV 0.94.1 2009.03.16 -
Comodo 1060 2009.03.16 -
DrWeb 4.44.0.09170 2009.03.16 Trojan.Fakealert.4044
eSafe 7.0.17.0 2009.03.15 Suspicious File
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.16 W32/Backdoor2.DXLN
F-Secure 8.0.14470.0 2009.03.16 Trojan-Downloader.Win32.Agent.bkdn
Fortinet 3.117.0.0 2009.03.16 -
GData 19 2009.03.16 MemScan:Trojan.Generic.1465213
Ikarus T3.1.1.45.0 2009.03.16 -
K7AntiVirus 7.10.673 2009.03.16 -
Kaspersky 7.0.0.125 2009.03.16 Trojan-Downloader.Win32.Agent.bkdn
McAfee 5555 2009.03.16 -
McAfee+Artemis 5555 2009.03.16 -
McAfee-GW-Edition 6.7.6 2009.03.16 Trojan.Downloader.Gen
Microsoft 1.4405 2009.03.16 TrojanDownloader:Win32/Matcash.L
NOD32 3938 2009.03.16 a variant of Win32/TrojanDownloader.Agent.OUB
Norman 6.00.06 2009.03.16 -
nProtect 2009.1.8.0 2009.03.16 -
Panda 10.0.0.10 2009.03.16 Generic Trojan
PCTools 4.4.2.0 2009.03.16 -
Prevx1 V2 2009.03.16 Medium Risk Malware
Rising 21.21.02.00 2009.03.16 Trojan.Win32.Nodef.fxa
Sophos 4.39.0 2009.03.16 Mal/EncPk-HJ
Sunbelt 3.2.1858.2 2009.03.15 -
Symantec 1.4.4.12 2009.03.16 -
TheHacker 6.3.3.0.283 2009.03.16 -
TrendMicro 8.700.0.1004 2009.03.16 -
ViRobot 2009.3.16.1650 2009.03.16 -
VirusBuster 4.6.5.0 2009.03.16 -


Дополнительная информация
File size: 1435136 bytes
MD5...: 5faec4b43d7aa5a72a001c0a64859779
SHA1..: 91ef6d83f894bde1312de147e7fa6b68da9d2b61
SHA256: 842858a38b7d3e54f1a45b3a9559cefb93c5c5473b069a31be 23deaaf48afbc7
SHA512: 04f6ab696ee0f4b5d95ef82c34a28f70018817f46e24f1e2e2 ebf5d984964598
92e2524f1c06e0738fddfe538280d064173015769a2a44d2eb 4d804e934644f1
ssdeep: 24576:6yoDHoBlcCfUwwPgdwrI80POSzRlJ7UIe+p0JvT6zD+V jVa53h6R:6jDHo
Blcq/wPZ8/bJ75uT6z6ih6
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d3c
timedatestamp.....: 0x3e800062 (Tue Mar 25 07:08:18 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8f74 0x9000 6.62 912623f777d72e09b3e33e3eb3b92ecc
.data 0xa000 0x1bec 0x400 4.25 b67e6b028734fe3692a3080d8ebfe3b1
.rsrc 0xc000 0x154c38 0x154e00 7.97 42fb972561cb463a3103f935f376ab48

( 6 imports )
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GlobalFree, GlobalUnlock, GlobalLock, GetProcAddress, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalAlloc
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports )
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=E6D7359B50835C05900000A22 47B7B009C91D684' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=E6D7359B50835C05900000A22 47B7B009C91D684</a>
packers (Kaspersky): PE_Patch.UPX, UPX, Edit
packers (F-Prot): CAB, RAR

Добавлено через 11 минут

Файл _ver_5.00.0__10.02.2009___DrShark получен 2009.03.16 22:46:02 (CET)
Текущий статус: закончено
Результат: 2/39 (5.13%)



a-squared 4.0.0.101 2009.03.16 -
AhnLab-V3 5.0.0.2 2009.03.16 -
AntiVir 7.9.0.116 2009.03.16 -
Authentium 5.1.0.4 2009.03.16 -
Avast 4.8.1335.0 2009.03.16 -
AVG 8.0.0.237 2009.03.16 -
BitDefender 7.2 2009.03.16 -
CAT-QuickHeal 10.00 2009.03.16 -
ClamAV 0.94.1 2009.03.16 -
Comodo 1060 2009.03.16 -
DrWeb 4.44.0.09170 2009.03.16 -
eSafe 7.0.17.0 2009.03.15 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.16 -
F-Secure 8.0.14470.0 2009.03.16 -
Fortinet 3.117.0.0 2009.03.16 -
GData 19 2009.03.16 -
Ikarus T3.1.1.45.0 2009.03.16 -
K7AntiVirus 7.10.673 2009.03.16 -
Kaspersky 7.0.0.125 2009.03.16 -
McAfee 5555 2009.03.16 -
McAfee+Artemis 5555 2009.03.16 -
McAfee-GW-Edition 6.7.6 2009.03.16 -
Microsoft 1.4405 2009.03.16 Trojan:Win32/Vundo
NOD32 3938 2009.03.16 -
Norman 6.00.06 2009.03.16 -
nProtect 2009.1.8.0 2009.03.16 -
Panda 10.0.0.10 2009.03.16 -
PCTools 4.4.2.0 2009.03.16 -
Prevx1 V2 2009.03.16 High Risk Worm
Rising 21.21.02.00 2009.03.16 -
Sophos 4.39.0 2009.03.16 -
Sunbelt 3.2.1858.2 2009.03.15 -
Symantec 1.4.4.12 2009.03.16 -
TheHacker 6.3.3.0.283 2009.03.16 -
TrendMicro 8.700.0.1004 2009.03.16 -
VBA32 3.12.10.1 2009.03.16 -
ViRobot 2009.3.16.1650 2009.03.16 -
VirusBuster 4.6.5.0 2009.03.16 -


Дополнительная информация
File size: 2033664 bytes
MD5...: 91cf31d90d899030daf81729cf5b4a94
SHA1..: e3758b60a2cfc3ade6109ea72058a9d89d61763d
SHA256: 6ac9627a497b70c1ac9f544b82a5384106d1e28bda6bc50d32 c4fef2bce7a575
SHA512: 2d50a37a0c596a27634f54f0aa8e2815f320702323e8184854 938589cab6493b
360210a97d2c8c25a6fc87fc9b6f4e2e16723f8f8245e185cc 880ce4cd13cd29
ssdeep: 49152:Q3tCX51cJFzPELRzEDS0iv9fFWkdIekgJ8EM7:Q3tSIF byRaMwkdIouE
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d3c
timedatestamp.....: 0x3e800062 (Tue Mar 25 07:08:18 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8f74 0x9000 6.62 912623f777d72e09b3e33e3eb3b92ecc
.data 0xa000 0x1bec 0x400 4.25 b67e6b028734fe3692a3080d8ebfe3b1
.rsrc 0xc000 0x1e6ec4 0x1e7000 7.99 daa581e9aec8b8636492f29e94dadccd

( 6 imports )
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GlobalFree, GlobalUnlock, GlobalLock, GetProcAddress, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalAlloc
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports )
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=3190B3A700D2FFF4704F012DD DE82A0032D1F3A5' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=3190B3A700D2FFF4704F012DD DE82A0032D1F3A5</a>
packers (F-Prot): CAB

Hanson
17.03.2009, 11:55
Файл avz00001.dta (twex.exe) получен 2009.03.17 09:31:37 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 10/39 (25.65%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.03.17 -
AhnLab-V3 5.0.0.2 2009.03.16 -
AntiVir 7.9.0.116 2009.03.17 TR/Dropper.Gen
Authentium 5.1.0.4 2009.03.17 -
Avast 4.8.1335.0 2009.03.16 Win32:Rootkit-gen
AVG 8.0.0.237 2009.03.16 -
BitDefender 7.2 2009.03.17 -
CAT-QuickHeal 10.00 2009.03.17 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.03.17 -
Comodo 1060 2009.03.16 -
DrWeb 4.44.0.09170 2009.03.17 Trojan.PWS.Panda.106
eSafe 7.0.17.0 2009.03.15 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.16 -
F-Secure 8.0.14470.0 2009.03.17 Trojan-Spy.Win32.Zbot.pox
Fortinet 3.117.0.0 2009.03.17 -
GData 19 2009.03.17 Win32:Rootkit-gen
Ikarus T3.1.1.45.0 2009.03.17 -
K7AntiVirus 7.10.673 2009.03.16 -
Kaspersky 7.0.0.125 2009.03.17 Trojan-Spy.Win32.Zbot.pox
McAfee 5555 2009.03.16 -
McAfee+Artemis 5555 2009.03.16 -
McAfee-GW-Edition 6.7.6 2009.03.17 Trojan.Dropper.Gen
Microsoft 1.4405 2009.03.17 PWS:Win32/Zbot.gen!R
NOD32 3941 2009.03.17 -
Norman 6.00.06 2009.03.16 -
nProtect 2009.1.8.0 2009.03.17 -
Panda 10.0.0.10 2009.03.16 -
PCTools 4.4.2.0 2009.03.16 -
Prevx1 V2 2009.03.17 -
Rising 21.21.11.00 2009.03.17 -
Sophos 4.39.0 2009.03.17 -
Sunbelt 3.2.1858.2 2009.03.17 -
Symantec 1.4.4.12 2009.03.17 -
TheHacker 6.3.3.0.283 2009.03.16 -
TrendMicro 8.700.0.1004 2009.03.17 -
VBA32 3.12.10.1 2009.03.16 Trojan-Spy.Win32.Zbot
ViRobot 2009.3.17.1651 2009.03.17 -
VirusBuster 4.6.5.0 2009.03.16 -

Добавлено через 2 минуты

Файл avz00002.dta (uvsync.sys)получен 2009.03.17 09:32:35 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 16/39 (41.03%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.03.17 Backdoor.Win32.Haxdoor!IK
AhnLab-V3 5.0.0.2 2009.03.16 -
AntiVir 7.9.0.116 2009.03.17 -
Authentium 5.1.0.4 2009.03.17 -
Avast 4.8.1335.0 2009.03.16 -
AVG 8.0.0.237 2009.03.16 PSW.Generic7.LS
BitDefender 7.2 2009.03.17 Trojan.Spy.Goldun.NCN
CAT-QuickHeal 10.00 2009.03.17 -
ClamAV 0.94.1 2009.03.17 -
Comodo 1060 2009.03.16 -
DrWeb 4.44.0.09170 2009.03.17 -
eSafe 7.0.17.0 2009.03.15 -
eTrust-Vet 31.6.6388 2009.03.09 Win32/ProcHide!generic
F-Prot 4.4.4.56 2009.03.16 -
F-Secure 8.0.14470.0 2009.03.17 Trojan-Spy.Win32.Goldun.bwi
Fortinet 3.117.0.0 2009.03.17 -
GData 19 2009.03.17 Trojan.Spy.Goldun.NCN
Ikarus T3.1.1.45.0 2009.03.17 Backdoor.Win32.Haxdoor
K7AntiVirus 7.10.673 2009.03.16 -
Kaspersky 7.0.0.125 2009.03.17 Trojan-Spy.Win32.Goldun.bwi
McAfee 5555 2009.03.16 -
McAfee+Artemis 5555 2009.03.16 Generic!Artemis
McAfee-GW-Edition 6.7.6 2009.03.17 -
Microsoft 1.4405 2009.03.17 Backdoor:Win32/Haxdoor
NOD32 3941 2009.03.17 -
Norman 6.00.06 2009.03.16 -
nProtect 2009.1.8.0 2009.03.17 -
Panda 10.0.0.10 2009.03.16 Trj/CI.A
PCTools 4.4.2.0 2009.03.16 -
Prevx1 V2 2009.03.17 Medium Risk Malware
Rising 21.21.11.00 2009.03.17 RootKit.Win32.Agent.epu
Sophos 4.39.0 2009.03.17 -
Sunbelt 3.2.1858.2 2009.03.17 Goldun.Fam
Symantec 1.4.4.12 2009.03.17 -
TheHacker 6.3.3.0.283 2009.03.16 Trojan/Spy.Goldun.bwi
TrendMicro 8.700.0.1004 2009.03.17 -
VBA32 3.12.10.1 2009.03.16 suspected of Rootkit.Agent.10 (paranoid heuristics)
ViRobot 2009.3.17.1651 2009.03.17 -
VirusBuster 4.6.5.0 2009.03.16 -

Surfer
19.03.2009, 12:09
Файл contact.exe получен 2009.03.19 10:06:14 (CET)
Результат: 5/39 (12.83%)


a-squared 4.0.0.101 2009.03.19 -
AhnLab-V3 5.0.0.2 2009.03.19 -
AntiVir 7.9.0.120 2009.03.18 -
Authentium 5.1.2.4 2009.03.18 -
Avast 4.8.1335.0 2009.03.18 -
AVG 8.5.0.283 2009.03.19 -
BitDefender 7.2 2009.03.19 -
CAT-QuickHeal 10.00 2009.03.19 -
ClamAV 0.94.1 2009.03.19 -
Comodo 1066 2009.03.18 -
DrWeb 4.44.0.09170 2009.03.19 -
eSafe 7.0.17.0 2009.03.18 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.18 -
F-Secure 8.0.14470.0 2009.03.19 -
Fortinet 3.117.0.0 2009.03.19 -
GData 19 2009.03.19 -
Ikarus T3.1.1.48.0 2009.03.19 -
K7AntiVirus 7.10.674 2009.03.17 -
Kaspersky 7.0.0.125 2009.03.19 -
McAfee 5557 2009.03.18 -
McAfee+Artemis 5557 2009.03.18 -
McAfee-GW-Edition 6.7.6 2009.03.18 Worm.LooksLike.Rbot
Microsoft 1.4502 2009.03.19 Trojan:Win32/Waledac.gen!A
NOD32 3947 2009.03.19 -
Norman 6.00.06 2009.03.18 Waledac.AJ
nProtect 2009.1.8.0 2009.03.19 -
Panda 10.0.0.10 2009.03.18 -
PCTools 4.4.2.0 2009.03.18 -
Prevx1 V2 2009.03.19 High Risk Cloaked Malware
Rising 21.21.31.00 2009.03.19 -
Sophos 4.39.0 2009.03.19 -
Sunbelt 3.2.1858.2 2009.03.19 -
Symantec 1.4.4.12 2009.03.19 -
TheHacker 6.3.3.0.285 2009.03.19 -
TrendMicro 8.700.0.1004 2009.03.19 -
VBA32 3.12.10.1 2009.03.18 suspected of Malware-Cryptor.Win32.General.4
ViRobot 2009.3.19.1655 2009.03.19 -
VirusBuster 4.6.5.0 2009.03.18 -

http://www.virustotal.com/ru/analisis/073479b85b16779376e2e0036e71f71b

senyak
19.03.2009, 23:42
Файл ygv.exe получен 2009.03.19 21:35:32 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 8/38 (21.06%)


Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.03.19 -
AhnLab-V3 5.0.0.2 2009.03.19 -
AntiVir 7.9.0.120 2009.03.19 TR/Crypt.XPACK.Gen
Authentium 5.1.2.4 2009.03.19 -
Avast 4.8.1335.0 2009.03.19 -
AVG 8.5.0.283 2009.03.19 -
BitDefender 7.2 2009.03.19 -
CAT-QuickHeal 10.00 2009.03.19 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.03.19 -
Comodo 1066 2009.03.18 -
DrWeb 4.44.0.09170 2009.03.19 -
eSafe 7.0.17.0 2009.03.19 Suspicious File
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.19 -
Fortinet 3.117.0.0 2009.03.19 -
GData 19 2009.03.19 -
Ikarus T3.1.1.48.0 2009.03.19 -
K7AntiVirus 7.10.676 2009.03.19 -
Kaspersky 7.0.0.125 2009.03.19 -
McAfee 5558 2009.03.19 -
McAfee+Artemis 5558 2009.03.19 Generic!Artemis
McAfee-GW-Edition 6.7.6 2009.03.19 Trojan.Crypt.XPACK.Gen
Microsoft 1.4502 2009.03.19 VirTool:Win32/Obfuscator.EO
NOD32 3948 2009.03.19 -
Norman 6.00.06 2009.03.19 -
nProtect 2009.1.8.0 2009.03.19 -
Panda 10.0.0.10 2009.03.19 Suspicious file
PCTools 4.4.2.0 2009.03.19 -
Prevx1 V2 2009.03.19 -
Rising 21.21.32.00 2009.03.19 -
Sophos 4.39.0 2009.03.19 Mal/Basine-C
Sunbelt 3.2.1858.2 2009.03.19 -
Symantec 1.4.4.12 2009.03.19 -
TheHacker 6.3.3.0.286 2009.03.19 -
TrendMicro 8.700.0.1004 2009.03.19 -
VBA32 3.12.10.1 2009.03.18 -
ViRobot 2009.3.19.1656 2009.03.19 -
VirusBuster 4.6.5.0 2009.03.19 -
Дополнительная информация
File size: 24064 bytes
MD5...: ae0cc33da9fa4e39f02f278ce70b0533
SHA1..: ae53e2ca0c1df0106b7138a22e1d3a3a158a9ae0
SHA256: 3436e7c3052bef71146e9e68cc8479a46669c7b9d24e6e42a6 a6e7910c161ece
SHA512: 8d1e3739d65a3a6d18b485eb4a0125316a1635ff49a6169cf1 146fd66052f8ae
a98a124e859b63a32af9b8238cc9802dea969d0985c0dfeea2 ea702ba52f1f45
ssdeep: 384:2lIZq4A+4UMa9UVxVYCUP3Dq89HPsr8vh9tAwotXuPdI9P w+nXGN:2lsafaa
VwTPT39HPsgp9tSteK9tnXY
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)

ZhIV
23.03.2009, 08:35
Файл eawnxi.exe получен 2009.03.23 06:18:40 (CET)
Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.03.23 -
AhnLab-V3 5.0.0.2 2009.03.22 -
AntiVir 7.9.0.120 2009.03.22 Worm/Autorun.esq
Authentium 5.1.2.4 2009.03.23 -
Avast 4.8.1335.0 2009.03.23 -
AVG 8.5.0.283 2009.03.22 -
BitDefender 7.2 2009.03.23 -
CAT-QuickHeal 10.00 2009.03.23 -
ClamAV 0.94.1 2009.03.23 -
Comodo 1080 2009.03.22 Unclassified Malware
DrWeb 4.44.0.09170 2009.03.23 -
eSafe 7.0.17.0 2009.03.19 Win32.Worm.AutoRun.u
eTrust-Vet 31.6.6409 2009.03.20 -
F-Prot 4.4.4.56 2009.03.23 -
F-Secure 8.0.14470.0 2009.03.23 -
Fortinet 3.117.0.0 2009.03.22 -
GData 19 2009.03.23 -
Ikarus T3.1.1.48.0 2009.03.23 -
K7AntiVirus 7.10.678 2009.03.21 -
Kaspersky 7.0.0.125 2009.03.23 -
McAfee 5561 2009.03.22 -
McAfee+Artemis 5561 2009.03.22 -
McAfee-GW-Edition 6.7.6 2009.03.22 Worm.Autorun.esq
Microsoft 1.4502 2009.03.22 -
NOD32 3953 2009.03.21 -
Norman 6.00.06 2009.03.20 -
nProtect 2009.1.8.0 2009.03.23 -
Panda 10.0.0.10 2009.03.22 -
PCTools 4.4.2.0 2009.03.22 -
Prevx1 V2 2009.03.23 -
Rising 21.22.00.00 2009.03.23 -
Sophos 4.39.0 2009.03.23 -
Sunbelt 3.2.1858.2 2009.03.22 -
Symantec 1.4.4.12 2009.03.23 -
TheHacker 6.3.3.4.287 2009.03.23 W32/AutoRun.esq
TrendMicro 8.700.0.1004 2009.03.23 -
VBA32 3.12.10.1 2009.03.23 -
ViRobot 2009.3.23.1659 2009.03.23 -
VirusBuster 4.6.5.0 2009.03.22 -

Дополнительная информация
File size: 97791 bytes
MD5...: df7ebd547e890c70d0e802454168b346
SHA1..: 4e6f4197ee2563ed06946c6016d4fac1082ed1fe
SHA256: dfa991a20f3c184292e2eb3500ebfa3466bcaa06ae0d84e893 3df9f18c7302f1
SHA512: 182a46b08005b3a7ac4f9a1738d52ad6c667721472a86a989f f2c305c952d027<BR>25cd75c39cc2e2f93c9aefb9709c3b7919a06bc3cec4b22417 9d5061bc1962f7
ssdeep: 1536:YEwOnbNQKLjWDyy1o5RepJUEbooPRrKKRSq6Hn:Y2NQKP WDyDRepJltZrpR<BR>SfH<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (53.1%)<BR>Windows Screen Saver (18.4%)<BR>Win32 Executable Generic (12.0%)<BR>Win32 Dynamic Link Library (generic) (10.6%)<BR>Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information

berkut_v
24.03.2009, 16:27
File ___8_____________1.xls (ж_8 бюджет1.xls) received on 03.24.2009 10:13:05 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 2/39 (5.13%)


Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.24 -
AhnLab-V3 5.0.0.2 2009.03.24 -
AntiVir 7.9.0.120 2009.03.24 EXP/Office.Dropper.Gen
Authentium 5.1.2.4 2009.03.23 -
Avast 4.8.1335.0 2009.03.23 -
AVG 8.5.0.283 2009.03.23 -
BitDefender 7.2 2009.03.24 -
CAT-QuickHeal 10.00 2009.03.24 -
ClamAV 0.94.1 2009.03.24 -
Comodo 1082 2009.03.23 -
DrWeb 4.44.0.09170 2009.03.24 -
eSafe 7.0.17.0 2009.03.23 -
eTrust-Vet 31.6.6414 2009.03.24 -
F-Prot 4.4.4.56 2009.03.23 -
F-Secure 8.0.14470.0 2009.03.24 -
Fortinet 3.117.0.0 2009.03.24 -
GData 19 2009.03.24 -
Ikarus T3.1.1.48.0 2009.03.24 -
K7AntiVirus 7.10.679 2009.03.23 -
Kaspersky 7.0.0.125 2009.03.24 -
McAfee 5562 2009.03.23 -
McAfee+Artemis 5562 2009.03.23 -
McAfee-GW-Edition 6.7.6 2009.03.24 Exploit.Office.Dropper.Gen
Microsoft 1.4502 2009.03.24 -
NOD32 3956 2009.03.24 -
Norman 6.00.06 2009.03.23 -
nProtect 2009.1.8.0 2009.03.24 -
Panda 10.0.0.10 2009.03.24 -
PCTools 4.4.2.0 2009.03.23 -
Prevx1 V2 2009.03.24 -
Rising 21.22.12.00 2009.03.24 -
Sophos 4.39.0 2009.03.24 -
Sunbelt 3.2.1858.2 2009.03.23 -
Symantec 1.4.4.12 2009.03.24 -
TheHacker 6.3.3.4.288 2009.03.24 -
TrendMicro 8.700.0.1004 2009.03.24 -
VBA32 3.12.10.1 2009.03.23 -
ViRobot 2009.3.23.1660 2009.03.24 -
VirusBuster 4.6.5.0 2009.03.23 -
Additional information
File size: 110080 bytes
MD5...: 3460754ac443f614434225ab8a3fbe38
SHA1..: 2800ec7a931893109f0f28bc1ae00d89081f46cd
SHA256: d1c1ed8f6325dc0b52ed4a663c844ae667aa4a5d79e3119efc 3945e91d4f8509
SHA512: 9322c48ef644b6f1f8e5350bf732678691ecfb04c457cb688d a7b894379b2b37
59c8b8466e2befd717a32e7c987931f2a1927a6179413f701d c7c7e9829b72e9
ssdeep: 768:CxTdfKsdNGTtLtV4mzX2c3TWh7JvGMdl12q9Cr1JPdd49Z A7F7TK+BT0EbDu
Vg:+hvGbP3TWt1Gw1j9Cp3

PEiD..: -
TrID..: File type identification
Microsoft Excel sheet (78.9%)
Generic OLE2 / Multistream Compound File (21.0%)

Добавлено через 3 часа 54 минуты

в предыдущем отлове только 16 антивирусов отлавливали
File macyjf.exe received on 03.24.2009 14:13:29 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 33/40 (82.5%)


Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.24 Trojan.Win32.Autoit!IK
AhnLab-V3 5.0.0.2 2009.03.24 Win-Trojan/Midgare.236544
AntiVir 7.9.0.120 2009.03.24 TR/Onlinegames.A3
Antiy-AVL 2.0.3.1 2009.03.24 -
Authentium 5.1.2.4 2009.03.23 W32/Trojan3.AIQ
Avast 4.8.1335.0 2009.03.23 Win32:Agent-AEEP
AVG 8.5.0.283 2009.03.23 Worm/Autoit.LQN
BitDefender 7.2 2009.03.24 Worm.Generic.41831
CAT-QuickHeal 10.00 2009.03.24 Backdoor.Agent.adzv
ClamAV 0.94.1 2009.03.24 Trojan.Autoit-72
Comodo 1082 2009.03.23 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 4.44.0.09170 2009.03.24 Win32.HLLW.Autoruner.6013
eSafe 7.0.17.0 2009.03.23 Win32.Autorun.worm.z
eTrust-Vet 31.6.6414 2009.03.24 -
F-Prot 4.4.4.56 2009.03.23 W32/Trojan3.AIQ
F-Secure 8.0.14470.0 2009.03.24 Trojan.Win32.Agent2.efp
Fortinet 3.117.0.0 2009.03.24 W32/Autorun.ZF!worm
GData 19 2009.03.24 Worm.Generic.41831
Ikarus T3.1.1.48.0 2009.03.24 Trojan.Win32.Autoit
K7AntiVirus 7.10.679 2009.03.23 Trojan.Win32.Midgare.roo
Kaspersky 7.0.0.125 2009.03.24 Trojan.Win32.Agent2.efp
McAfee 5562 2009.03.23 W32/Autorun.worm.n
McAfee+Artemis 5562 2009.03.23 W32/Autorun.worm.n
McAfee-GW-Edition 6.7.6 2009.03.24 Trojan.Onlinegames.A3
Microsoft 1.4502 2009.03.24 Worm:AutoIt/Renocide.gen!B
NOD32 3957 2009.03.24 Win32/Packed.Autoit.Gen
Norman 6.00.06 2009.03.23 W32/Smalltroj.LCYY
nProtect 2009.1.8.0 2009.03.24 -
Panda 10.0.0.10 2009.03.24 Trj/Agent.LPX
PCTools 4.4.2.0 2009.03.24 -
Prevx1 V2 2009.03.24 High Risk System Back Door
Rising 21.22.12.00 2009.03.24 -
Sophos 4.39.0 2009.03.24 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.03.23 -
Symantec 1.4.4.12 2009.03.24 W32.Harakit
TheHacker 6.3.3.4.288 2009.03.24 Trojan/Midgare.rvm
TrendMicro 8.700.0.1004 2009.03.24 WORM_AUTORUN.HOZ
VBA32 3.12.10.1 2009.03.23 Trojan.Autoit.gen
ViRobot 2009.3.24.1661 2009.03.24 Trojan.Win32.Klone.345416.B
VirusBuster 4.6.5.0 2009.03.23 -

Additional information
File size: 345416 bytes
MD5...: a68fed9bb2efde1ff0dca8dedff7a736
SHA1..: f45a20db3894e39cedc1c8d211f48acb39889bff
SHA256: 8e2d845d7cb056a05d1e10d2de82632fbeb2fb96edda7298d2 4e899d53ff1163
SHA512: 5de48df6e28a5033080a42c27c88db8c9f28051fb9fddabcfb 1f85f4f0522bdb
86c86b8c21ccea289fb586a9df20a2823aedf460862594f508 9e8cc6e9d386f0
ssdeep: 6144:Xjk1EHI7OyXfOe5JnVZFrv7p4TKcw5TCDx+a62foC0ji6 1D48jso:XjGjPO
evnllBcCMfAC0j88Yo

PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x90ed0
timedatestamp.....: 0x4850e379 (Thu Jun 12 08:51:05 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x57000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x58000 0x3a000 0x39200 7.92 e5dd1823a0945d13b9b1eafb53f1cd15
.rsrc 0x92000 0x1000 0x600 3.17 46fa8faf2149b0d50b1dadb772597c8c

( 13 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: RegCloseKey
> COMCTL32.dll: ImageList_Create
> comdlg32.dll: GetSaveFileNameW
> GDI32.dll: LineTo
> MPR.dll: WNetUseConnectionW
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHELL32.dll: DragFinish
> USER32.dll: GetDC
> VERSION.dll: VerQueryValueW
> WINMM.dll: timeGetTime
> WSOCK32.dll: -

( 0 exports )

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=38FE752C48FF656A45B10527A ABF3E00D8D6AEF3' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=38FE752C48FF656A45B10527A ABF3E00D8D6AEF3</a>

rxx
25.03.2009, 18:32
File autorun.inf received on 03.25.2009 16:28:29 (CET)
Current status: finished
Result: 18/39 (46.16%)

Antivirus Version Last Update Result
a-squared - - Worm.Win32.Conficker!IK
AhnLab-V3 - - -
AntiVir - - -
Antiy-AVL - - -
Authentium - - -
Avast - - -
AVG - - Worm/Generic_c.ZW
BitDefender - - Worm.Autorun.VHG
CAT-QuickHeal - - -
ClamAV - - Worm.Autorun-1838
Comodo - - Worm.Win32.AutoRun.etg
DrWeb - - Win32.HLLW.Shadow
eSafe - - -
eTrust-Vet - - INF/Conficker
F-Prot - - -
F-Secure - - Worm:W32/Downaduprun.A
Fortinet - - -
GData - - Worm.Autorun.VHG
Ikarus - - Worm.Win32.Conficker
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
McAfee+Artemis - - -
McAfee-GW-Edition - - -
Microsoft - - Worm:Win32/Conficker.B!inf
NOD32 - - INF/Conficker
Norman - - -
nProtect - - -
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
Sophos - - Mal/ConfInf-A
Sunbelt - - INF.Autorun (v)
Symantec - - W32.Downadup!autorun
TheHacker - - W32/Conficker.autorunL
TrendMicro - - TROJ_DOWNAD.AF
VBA32 - - Trojan.Autorun.gen
ViRobot - - -
VirusBuster - - INF.Conficker.F
Additional information
File size: 59306 bytes
MD5...: 060dc978741e7ff27686ca8885802623
SHA1..: 4e32ff1cf3243ce56ff278cc0924b601784463d1
SHA256: 4202574ee60beb13a329f4ba6f6bc55a6e3cfbdfccab929f50 024603d9cde020
SHA512: 6665cf3425448730ae8cf04d1d46b20ff088a915a912ed4061 136f44639dc10e
a469d38e636281f11850630cf92de41ba946bba2a0a4ef2266 cc5408dc587599
ssdeep: 1536:IS+zcVPpjrVmdmwGvp1kGEJ5V7hAUJcFc00LZ:+g9plmW 8PD2Gc2Z
PEiD..: -
TrID..: File type identification
Text - UTF-16 (LE) encoded (66.6%)
MP3 audio (33.3%)
PEInfo: -
RDS...: NSRL Reference Data Set
-
packers (F-Prot): Unicode

serjel
27.03.2009, 19:04
Файл A0045214.exe получен 2009.03.27 16:50:19 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО


Результат: 8/39 (20.52%)



Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.03.27 -
AhnLab-V3 5.0.0.2 2009.03.27 -
AntiVir 7.9.0.129 2009.03.27 -
Antiy-AVL 2.0.3.1 2009.03.27 -
Authentium 5.1.2.4 2009.03.27 -
Avast 4.8.1335.0 2009.03.26 -
AVG 8.5.0.283 2009.03.27 -
BitDefender 7.2 2009.03.27 -
CAT-QuickHeal 10.00 2009.03.26 -
ClamAV 0.94.1 2009.03.27 -
Comodo 1086 2009.03.27 ApplicUnsaf.Win32.AdWare.Mycentria.~A
DrWeb 4.44.0.09170 2009.03.27 Trojan.Mycentria.22
eSafe 7.0.17.0 2009.03.26 Win32.Banker
eTrust-Vet 31.6.6420 2009.03.27 -
F-Prot 4.4.4.56 2009.03.27 -
F-Secure 8.0.14470.0 2009.03.27 -
Fortinet 3.117.0.0 2009.03.27 -
GData 19 2009.03.27 -
Ikarus T3.1.1.48.0 2009.03.27 -
K7AntiVirus 7.10.683 2009.03.27 -
Kaspersky 7.0.0.125 2009.03.27 -
McAfee 5565 2009.03.26 potentially unwanted program Generic PUP
McAfee+Artemis 5565 2009.03.26 potentially unwanted program Generic PUP
McAfee-GW-Edition 6.7.6 2009.03.27 -
Microsoft 1.4502 2009.03.27 -
NOD32 3969 2009.03.27 Win32/Adware.Mycentria
Norman 6.00.06 2009.03.27 -
nProtect 2009.1.8.0 2009.03.27 -
Panda 10.0.0.10 2009.03.27 -
PCTools 4.4.2.0 2009.03.27 -
Prevx1 V2 2009.03.27 Medium Risk Malware
Rising 21.22.42.00 2009.03.27 -
Sophos 4.40.0 2009.03.27 -
Sunbelt 3.2.1858.2 2009.03.26 -
Symantec 1.4.4.12 2009.03.27 -
TheHacker 6.3.3.7.292 2009.03.26 -
TrendMicro 8.700.0.1004 2009.03.27 -
VBA32 3.12.10.1 2009.03.26 Win32.Adware.Mycentria
ViRobot 2009.3.27.1666 2009.03.27 -

Дополнительная информация
File size: 55586 bytes
MD5...: 9f5bc21ebdc08e169168124221f5deab
SHA1..: 8f9cda38451f1903a8e3da4ba8ff15927f8fc878
SHA256: 611c6a838934f4312796f88721657c0bc46595aefbced64e4c 00c604b04d3536
SHA512: 891f619bab571926629c8e07d508da34c27227e41dc0a62cda cbaa9099e1da6f
9ff077ddad236592add893474cb7c878e033a6f80a26c30db9 e6eb2171069859
ssdeep: 1536:FKDqJvz2xyM40DSmJAqAELVigPvtMOUheOs4d:FKDAfCD SmJPAI0uP0eOBd

PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x315d
timedatestamp.....: 0x460e79c3 (Sat Mar 31 15:09:55 2007)
machinetype.......: 0x14c (I386)

Kuzz
30.03.2009, 14:27
Файл avz00025.dta получен 2009.03.30 12:22:02 (CET)
Текущий статус: закончено
Результат: 15/40 (37.5%)

a-squared 4.0.0.101 2009.03.30 Riskware.AdWare.Mywebsearch!IK
AhnLab-V3 5.0.0.2 2009.03.30 -
AntiVir 7.9.0.129 2009.03.30 -
Antiy-AVL 2.0.3.1 2009.03.30 AdTool/Win32.MyWebSearch
Authentium 5.1.2.4 2009.03.29 W32/HackTool.BAC
Avast 4.8.1335.0 2009.03.29 -
AVG 8.5.0.285 2009.03.29 -
BitDefender 7.2 2009.03.30 -
CAT-QuickHeal 10.00 2009.03.30 -
ClamAV 0.94.1 2009.03.29 -
Comodo 1089 2009.03.29 ApplicUnwnt.Win32.Toolbar.MyWebSearch
DrWeb 4.44.0.09170 2009.03.30 -
eSafe 7.0.17.0 2009.03.27 -
eTrust-Vet 31.6.6424 2009.03.30 -
F-Prot 4.4.4.56 2009.03.29 W32/HackTool.BAC
F-Secure 8.0.14470.0 2009.03.30 -
Fortinet 3.117.0.0 2009.03.30 W32/MyWebSearch
GData 19 2009.03.30 -
Ikarus T3.1.1.48.0 2009.03.30 not-a-virus:AdWare.Mywebsearch
K7AntiVirus 7.10.684 2009.03.28 not-a-virus:AdTool.Win32.MyWebSearch.az
Kaspersky 7.0.0.125 2009.03.30 -
McAfee 5568 2009.03.29 potentially unwanted program MWS
McAfee+Artemis 5568 2009.03.29 potentially unwanted program MWS
McAfee-GW-Edition 6.7.6 2009.03.30 -
Microsoft 1.4502 2009.03.30 -
NOD32 3974 2009.03.30 Win32/Toolbar.MyWebSearch
Norman 6.00.06 2009.03.27 -
nProtect 2009.1.8.0 2009.03.30 Trojan-Clicker/W32.Toolbar.57344.B
Panda 10.0.0.10 2009.03.29 Application/MyWebSearch
PCTools 4.4.2.0 2009.03.29 -
Prevx1 V2 2009.03.30 -
Rising 21.23.03.00 2009.03.30 -
Sophos 4.40.0 2009.03.30 -
Sunbelt 3.2.1858.2 2009.03.29 -
Symantec 1.4.4.12 2009.03.30 -
TheHacker 6.3.3.9.296 2009.03.30 Adware/MyWebSearch.az
TrendMicro 8.700.0.1004 2009.03.30 -
VBA32 3.12.10.1 2009.03.29 -
ViRobot 2009.3.30.1668 2009.03.30 Adware.AskBar.To.57344
VirusBuster 4.6.5.0 2009.03.30 -
Дополнительная информация
File size: 57344 bytes
MD5...: 30e4c0a012ae80e8479523a8d9a3217f
SHA1..: f5e602af05e25de625fd401f9492a66659ea20b7
SHA256: 23b4fd1592eed3c2d06877fa909ed13985e0d3ca76db856cb2 16a1ec6af4c5cd
SHA512: cd9e775e448c78bc370d4d208a6383308f596d01409d0909c0 cbfb34fe9adf2b
410764d3e9c245001d013581f97335edc70c1fb7c090c5e1c0 11d4e6342e52ca
ssdeep: 768:iARygQiAOPjVbMVcEFjZW4ed44RO2/9IXH+jMF0MjaN5lJJwr6imhAlw:iAR
ygQAj+VcMd2VLMHON53Jw+imhAl

PEiD..: -

ZhIV
31.03.2009, 10:23
Файл avz00001.dta получен 2009.03.31 08:16:17 (CET)

Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.03.31 Packer.Krunchy!IK
AhnLab-V3 5.0.0.2 2009.03.31 -
AntiVir 7.9.0.129 2009.03.30 TR/Drop.Agent.akxp
Antiy-AVL 2.0.3.1 2009.03.30 -
Authentium 5.1.2.4 2009.03.30 W32/Heuristic-210!Eldorado
Avast 4.8.1335.0 2009.03.30 -
AVG 8.5.0.285 2009.03.30 SHeur2.YCD
BitDefender 7.2 2009.03.31 Packer.Krunchy.B
CAT-QuickHeal 10.00 2009.03.30 TrojanDropper.Agent.akxp
ClamAV 0.94.1 2009.03.31 -
Comodo 1090 2009.03.30 -
DrWeb 4.44.0.09170 2009.03.31 -
eSafe 7.0.17.0 2009.03.27 Suspicious File
eTrust-Vet 31.6.6425 2009.03.30 -
F-Prot 4.4.4.56 2009.03.30 W32/Heuristic-210!Eldorado
F-Secure 8.0.14470.0 2009.03.31 Trojan-Dropper.Win32.Agent.akxp
Fortinet 3.117.0.0 2009.03.31 PossibleThreat
GData 19 2009.03.31 Packer.Krunchy.B
Ikarus T3.1.1.49.0 2009.03.31 Packer.Krunchy
K7AntiVirus 7.10.685 2009.03.30 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.03.31 Trojan-Dropper.Win32.Agent.akxp
McAfee 5569 2009.03.30 -
McAfee+Artemis 5569 2009.03.30 Generic!Artemis
McAfee-GW-Edition 6.7.6 2009.03.30 Trojan.Drop.Agent.akxp
Microsoft 1.4502 2009.03.31 Trojan:Win32/Meredrop
NOD32 3976 2009.03.30 Win32/IRCBot.AMC
Norman 6.00.06 2009.03.30 W32/Spybot.gen6
nProtect 2009.1.8.0 2009.03.31 -
Panda 10.0.0.10 2009.03.30 Generic Malware
PCTools 4.4.2.0 2009.03.30 Packed/FRBR
Prevx1 V2 2009.03.31 High Risk Worm
Rising 21.23.10.00 2009.03.31 Trojan.DL.Win32.Nodef.gd
Sophos 4.40.0 2009.03.31 -
Sunbelt 3.2.1858.2 2009.03.31 -
Symantec 1.4.4.12 2009.03.31 -
TheHacker 6.3.3.9.296 2009.03.30 Trojan/Dropper.Agent.akxp
TrendMicro 8.700.0.1004 2009.03.30 WORM_SPYBOT.AUM
VBA32 3.12.10.1 2009.03.29 -
ViRobot 2009.3.30.1668 2009.03.31 -
VirusBuster 4.6.5.0 2009.03.30 Packed/FRBR

Дополнительная информация
File size: 23552 bytes
MD5...: 202a1c4c061a09929398bce42001997f
SHA1..: 3a53f384a7f5d17ba01d018ba752b9b025577946
SHA256: a36da5ac32bd8f724dbecf1ecc302d397e1ff471c7a826eaa1 afb54bdcb4aa12
SHA512: adf0e7664b5117c5f410962f2a0dc2720ef5c05a8a2486f610 31a0575f85f3b2<BR>11b7a0ce3a1c2ba97373f4a0f562c7f3a187b23966b2ba0c09 b5dde3df78f5ce
ssdeep: 384:A0s9TUQHU43B5NKdnBEb4lW4vs3Zd7vuEMt1WSltv7Ekhl SrFZjYHp7myKYb<BR>wXcE:A0OTUQP3nNzcxYBSlWXYtmVY0sxYp3h/<BR>
PEiD..: -

ZhIV
01.04.2009, 05:48
Файл ekfsgs.exe получен 2009.04.01 03:31:06 (CET)

Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.04.01 Trojan.Win32.Autoit!IK
AhnLab-V3 5.0.0.2 2009.03.31 Win-Trojan/Midgare.236544
AntiVir 7.9.0.129 2009.03.31 TR/Onlinegames.A3
Antiy-AVL 2.0.3.1 2009.03.31 Trojan/Win32.Agent2
Authentium 5.1.2.4 2009.03.31 W32/Trojan3.AIQ
Avast 4.8.1335.0 2009.03.31 Win32:Agent-AEEP
AVG 8.5.0.285 2009.03.31 Agent2.CK
BitDefender 7.2 2009.04.01 Trojan.Heur.AutoIT.1
CAT-QuickHeal 10.00 2009.03.31 Backdoor.Agent.adzv
ClamAV 0.94.1 2009.03.31 Trojan.Autoit-72
Comodo 1092 2009.03.31 -
DrWeb 4.44.0.09170 2009.04.01 -
eSafe 7.0.17.0 2009.03.31 Suspicious File
eTrust-Vet 31.6.6427 2009.03.31 -
F-Prot 4.4.4.56 2009.03.31 W32/Trojan3.AIQ
F-Secure 8.0.14470.0 2009.04.01 Trojan.Win32.Agent2.efp
Fortinet 3.117.0.0 2009.04.01 W32/Autorun.HOZ!worm
GData 19 2009.04.01 Trojan.Heur.AutoIT.1
Ikarus T3.1.1.49.0 2009.04.01 Trojan.Win32.Autoit
K7AntiVirus 7.10.687 2009.03.31 Trojan.Win32.Midgare.roo
Kaspersky 7.0.0.125 2009.04.01 Trojan.Win32.Agent2.efp
McAfee 5570 2009.03.31 W32/Autorun.worm.n
McAfee+Artemis 5570 2009.03.31 W32/Autorun.worm.n
McAfee-GW-Edition 6.7.6 2009.03.31 Trojan.Onlinegames.A3
Microsoft 1.4502 2009.04.01 -
NOD32 3978 2009.03.31 Win32/Packed.Autoit.Gen
Norman 6.00.06 2009.03.31 W32/Smalltroj.LCYY
nProtect 2009.1.8.0 2009.03.31 Trojan/W32.Agent2.336590
Panda 10.0.0.14 2009.03.31 Trj/Agent.LPX
PCTools 4.4.2.0 2009.03.31 -
Prevx1 V2 2009.04.01 -
Rising 21.23.12.00 2009.03.31 -
Sophos 4.40.0 2009.03.31 -
Sunbelt 3.2.1858.2 2009.04.01 -
Symantec 1.4.4.12 2009.04.01 Infostealer
TheHacker 6.3.3.9.298 2009.04.01 Trojan/Midgare.rvm
TrendMicro 8.700.0.1004 2009.03.31 WORM_AUTORUN.HOZ
VBA32 3.12.10.1 2009.03.31 Trojan.Autoit.gen
ViRobot 2009.3.31.1669 2009.03.31 -
VirusBuster 4.6.5.0 2009.03.31 Trojan.Autoit.MB

Дополнительная информация
File size: 336590 bytes
MD5...: aaf6347999670bd093b5c81c89589d6e
SHA1..: e8e8b5b6f7955d003f502cacefeb74c20706b443
SHA256: 025487b75ca057d42034b02bfb28ee474ac8274771fdb0896c ee3c3267c94d87
SHA512: 97a81f82249245a1c3460d52afea26d346999ee5edafb7a778 12e28603c82675<BR>67ca4eb3120c07541d8094856fc6ec7cb6e03926149ec0e4ae 2ef074c234c849
ssdeep: 6144:Ijk1EHI7OyXfOe5JnVZFrv7p4TKcw5TCg5FUq0F4h/4k:IjGjPOevnllBcC<BR>5FX02h/4k<BR>
PEiD..: -

Surfer
01.04.2009, 12:08
Файл save.exe получен 2009.04.01 10:05:23 (CET)
Результат: 6/39 (15.39%)


a-squared 4.0.0.101 2009.04.01 -
AhnLab-V3 5.0.0.2 2009.04.01 -
AntiVir 7.9.0.129 2009.04.01 -
Antiy-AVL 2.0.3.1 2009.04.01 -
Authentium 5.1.2.4 2009.03.31 -
Avast 4.8.1335.0 2009.03.31 -
AVG 8.5.0.285 2009.03.31 Win32/Cryptor
BitDefender 7.2 2009.04.01 -
CAT-QuickHeal 10.00 2009.04.01 -
ClamAV 0.94.1 2009.04.01 -
Comodo 1092 2009.03.31 -
eSafe 7.0.17.0 2009.03.31 -
eTrust-Vet 31.6.6427 2009.03.31 -
F-Prot 4.4.4.56 2009.03.31 -
F-Secure 8.0.14470.0 2009.04.01 -
Fortinet 3.117.0.0 2009.04.01 W32/PackWaledac.C
GData 19 2009.04.01 -
Ikarus T3.1.1.49.0 2009.04.01 -
K7AntiVirus 7.10.687 2009.03.31 -
Kaspersky 7.0.0.125 2009.04.01 -
McAfee 5570 2009.03.31 New Malware.bx
McAfee+Artemis 5570 2009.03.31 New Malware.bx
McAfee-GW-Edition 6.7.6 2009.04.01 -
Microsoft 1.4502 2009.04.01 Trojan:Win32/Waledac.gen!A
NOD32 3979 2009.03.31 a variant of Win32/Kryptik.LP
Norman 6.00.06 2009.03.31 -
nProtect 2009.1.8.0 2009.04.01 -
Panda 10.0.0.14 2009.03.31 -
PCTools 4.4.2.0 2009.03.31 -
Prevx1 V2 2009.04.01 -
Rising 21.23.20.00 2009.04.01 -
Sophos 4.40.0 2009.04.01 -
Sunbelt 3.2.1858.2 2009.04.01 -
Symantec 1.4.4.12 2009.04.01 -
TheHacker 6.3.4.0.298 2009.04.01 -
TrendMicro 8.700.0.1004 2009.04.01 -
VBA32 3.12.10.1 2009.03.31 -
ViRobot 2009.3.31.1670 2009.04.01 -
VirusBuster 4.6.5.0 2009.03.31 -

http://www.virustotal.com/ru/analisis/24cd12b2d426bbb7c3c9551622f17a18

Shu_b
01.04.2009, 12:14
итого за февраль - март

GeorgeS
03.04.2009, 12:07
http://www.virustotal.com/ru/analisis/fd5b46e32f9345f62fff7620ad200542

Результат: 9/39 (23.08%)
Форматированные
Печать результатов Антивирус Версия Обновление Результат
a-squared - - Exploit.Office!IK
AhnLab-V3 - - -
AntiVir - - EXP/Office.G
Antiy-AVL - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
Comodo - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - Exploit.Office
K7AntiVirus - - -
Kaspersky - - -
McAfee - - Exploit-1Table.b
McAfee+Artemis - - Exploit-1Table.b
McAfee-GW-Edition - - Exploit.Office.G
Microsoft - - -
NOD32 - - -
Norman - - ShellCode.B
nProtect - - -
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
Sophos - - Troj/MalDoc-Fam
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - suspected of Exploit.Signature
ViRobot - - -
Дополнительная информация
MD5: 96f47ab44b5ddad96531c03c50be8350
SHA1: 25612c5f85b93280e72b30940d56b8b31f6b8413
SHA256: 2f71a19178e7b09d49d87b12f7a5013bab49896ddb811bb08b b6353ba3857e76
SHA512: 8143524c328cf0c0c254f378ca59a3115e19162becaa0d7de8 d4b3ab1c1c11530e8fd0598cbbc9c7ba9f2c5c89f362d6e29c 13c617553c63e4501ea0565905fb



Просьба публиковать полные результаты, в данном виде (неизвестно когда выполненная) подсчитываться не будет.

Файл ______________________.doc получен 2009.03.28 19:37:05 (CET)
Добавил. Извиняюсь только начинаю слать. На компьютере стоят NOD32 BE 4 и Касперский СОС - оба соотв-но файл не приняли за вирус.

ZhIV
07.04.2009, 09:09
Файл actxprxy.dll получен 2009.04.07 04:42:28 (CET)

Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.04.07 Trojan-Downloader.Win32.Small!IK
AhnLab-V3 5.0.0.2 2009.04.06 -
AntiVir 7.9.0.138 2009.04.06 -
Antiy-AVL 2.0.3.1 2009.04.06 -
Authentium 5.1.2.4 2009.04.07 W32/Backdoor2.DWJU
Avast 4.8.1335.0 2009.04.06 Win32:Patched-JQ
AVG 8.5.0.285 2009.04.07 Win32/Patched.AC
BitDefender 7.2 2009.04.07 Trojan.Generic.1251266
CAT-QuickHeal 10.00 2009.04.06 TrojanDownloader.Small.ap
ClamAV 0.94.1 2009.04.06 -
Comodo 1101 2009.04.06 -
DrWeb 4.44.0.09170 2009.04.07 -
eSafe 7.0.17.0 2009.04.06 Win32.ActxHck.a
eTrust-Vet 31.6.6440 2009.04.07 -
F-Prot 4.4.4.56 2009.04.07 W32/Backdoor2.DWJU
F-Secure 8.0.14470.0 2009.04.07 -
Fortinet 3.117.0.0 2009.04.07 W32/ActxHck.A!tr
GData 19 2009.04.07 Trojan.Generic.1251266
Ikarus T3.1.1.49.0 2009.04.07 Trojan-Downloader.Win32.Small
K7AntiVirus 7.10.694 2009.04.06 Trojan.Win32.Malware
Kaspersky 7.0.0.125 2009.04.07 -
McAfee 5576 2009.04.06 Generic.dx
McAfee+Artemis 5576 2009.04.06 Generic.dx
McAfee-GW-Edition 6.7.6 2009.04.06 -
Microsoft 1.4502 2009.04.07 -
NOD32 3990 2009.04.06 -
Norman 6.00.06 2009.04.06 W32/Downloader.UHH
nProtect 2009.1.8.0 2009.04.07 -
Panda 10.0.0.14 2009.04.06 Trj/CI.A
PCTools 4.4.2.0 2009.04.06 -
Prevx1 V2 2009.04.07 -
Rising 21.23.41.00 2009.04.03 Win32.Agent.bs
Sophos 4.40.0 2009.04.07 Troj/ActxHck-A
Sunbelt 3.2.1858.2 2009.04.06 Trojan.1
Symantec 1.4.4.12 2009.04.07 -
TheHacker 6.3.4.0.303 2009.04.07 -
TrendMicro 8.700.0.1004 2009.04.06 -
VBA32 3.12.10.2 2009.04.07 -
ViRobot 2009.4.6.1680 2009.04.06 -
VirusBuster 4.6.5.0 2009.04.06 Backdoor.Agent.IPDH

Дополнительная информация
File size: 98304 bytes
MD5...: 0b1213e1023872091024aaeae85de230
SHA1..: f23a4cb5478b3f0064f6aff171dd0d7791b0ee9f
SHA256: 0d9e22d5dc99e4c02d96441dbbb92e4767c965133250e3fb2c ac850226578d1c
SHA512: a44228486f404dd69c2e3c6fa9f474f40b104d55d16d06b293 bd76123df93a40<BR>de08f167a35cf3b3317e88c1fe016dc93c1e52f86649be9d72 28b59ea90d1e19
ssdeep: 1536:9ayC3Uhcf6vpvM6c9ZCwjkLwwLS+OikWVyBzo78:h5jcD wv+7ikJBzog<BR>
PEiD..: -

Добавлено через 9 минут

Файл A06_1_.exe получен 2009.04.07 05:02:06 (CET)

Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.04.07 Generic.Onlinegames!IK
AhnLab-V3 5.0.0.2 2009.04.06 -
AntiVir 7.9.0.138 2009.04.06 TR/Crypt.XDR.Gen
Antiy-AVL 2.0.3.1 2009.04.06 -
Authentium 5.1.2.4 2009.04.07 W32/OnlineGames.CA.gen!Eldorado
Avast 4.8.1335.0 2009.04.06 Win32:Agent-ACMH
AVG 8.5.0.285 2009.04.07 Downloader.Zlob_r.FK
BitDefender 7.2 2009.04.07 Generic.Onlinegames.14.3AB5EF82
CAT-QuickHeal 10.00 2009.04.06 -
ClamAV 0.94.1 2009.04.06 -
Comodo 1101 2009.04.06 -
DrWeb 4.44.0.09170 2009.04.07 -
eSafe 7.0.17.0 2009.04.06 Suspicious File
eTrust-Vet 31.6.6440 2009.04.07 Win32/Gamepass!generic
F-Prot 4.4.4.56 2009.04.07 W32/OnlineGames.CA.gen!Eldorado
F-Secure 8.0.14470.0 2009.04.07 Trojan-GameThief.Win32.Magania.aydy
Fortinet 3.117.0.0 2009.04.07 SPY/LdPinch
GData 19 2009.04.07 Generic.Onlinegames.14.3AB5EF82
Ikarus T3.1.1.49.0 2009.04.07 Generic.Onlinegames
K7AntiVirus 7.10.694 2009.04.06 Trojan-PSW.Win32.Magania.aydy
Kaspersky 7.0.0.125 2009.04.07 Trojan-GameThief.Win32.Magania.aydy
McAfee 5576 2009.04.06 Generic Dropper.eb
McAfee+Artemis 5576 2009.04.06 Generic Dropper.eb
McAfee-GW-Edition 6.7.6 2009.04.06 Trojan.Crypt.XDR.Gen
Microsoft 1.4502 2009.04.07 PWS:Win32/Ldpinch.BY
NOD32 3990 2009.04.06 probably a variant of Win32/PSW.OnLineGames.NRD
Norman 6.00.06 2009.04.06 -
nProtect 2009.1.8.0 2009.04.07 -
Panda 10.0.0.14 2009.04.06 Trj/Lineage.BZE
PCTools 4.4.2.0 2009.04.06 -
Prevx1 V2 2009.04.07 Medium Risk Malware Dropper
Rising 21.23.41.00 2009.04.03 -
Sophos 4.40.0 2009.04.07 Troj/LdPinch-SE
Sunbelt 3.2.1858.2 2009.04.06 Trojan-GameThief.Win32.Magania.aydy
Symantec 1.4.4.12 2009.04.07 Infostealer.Gampass
TheHacker 6.3.4.0.303 2009.04.07 Trojan/Magania.aydy
TrendMicro 8.700.0.1004 2009.04.06 Possible_Movly-1
VBA32 3.12.10.2 2009.04.07 Trojan-GameThief.Win32.Magania.aydy
ViRobot 2009.4.6.1680 2009.04.06 -
VirusBuster 4.6.5.0 2009.04.06 Trojan.DR.OnlineGames.Gen.118

Дополнительная информация
File size: 22142 bytes
MD5...: bda8924fbf125a97a1830ba60a6516f2
SHA1..: 7db492eae22ea8200f631ffa8561709d009b2221
SHA256: 32d44eb218461fafb2b36b1eb3d95231d4f7e7ac972f479614 937921096706ac
SHA512: 042118f5566def5e807b5c07dab7d90e449fb834dafeef6451 7b0c4e3380435d<BR>9f737b2622489be93cc513db13fd06f8ad2d9bf7118d10b4f5 a9fcbcf2763f45
ssdeep: 384:cMQDBcN/8OPwR2fES1EIRjO6p4ym0kWOzx+lsoQb414I54x1:vQDON//PwRL<BR>SeIVp4F0TOzAlsoQbiqH<BR>
PEiD..: UPX 2.90 [LZMA] -&gt; Markus Oberhumer, Laszlo Molnar &amp; John Reiser

Добавлено через 10 минут

Файл D51_1_.exe получен 2009.04.07 05:14:18 (CET)

Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.04.07 -
AhnLab-V3 5.0.0.2 2009.04.06 Dropper/Agent.15360.I
AntiVir 7.9.0.138 2009.04.06 TR/Drop.Zena.A
Antiy-AVL 2.0.3.1 2009.04.06 -
Authentium 5.1.2.4 2009.04.07 W32/Dropper.AGQO
Avast 4.8.1335.0 2009.04.06 -
AVG 8.5.0.285 2009.04.07 PSW.OnlineGames.BGHS
BitDefender 7.2 2009.04.07 Dropped:Trojan.Generic.1459536
CAT-QuickHeal 10.00 2009.04.06 TrojanDropper.Agent.zje
ClamAV 0.94.1 2009.04.06 -
Comodo 1101 2009.04.06 -
DrWeb 4.44.0.09170 2009.04.07 -
eSafe 7.0.17.0 2009.04.06 -
eTrust-Vet 31.6.6440 2009.04.07 -
F-Prot 4.4.4.56 2009.04.07 W32/Dropper.AGQO
F-Secure 8.0.14470.0 2009.04.07 Trojan-Dropper.Win32.Agent.zje
Fortinet 3.117.0.0 2009.04.07 -
GData 19 2009.04.07 Dropped:Trojan.Generic.1459536
Ikarus T3.1.1.49.0 2009.04.07 -
K7AntiVirus 7.10.694 2009.04.06 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.04.07 Trojan-Dropper.Win32.Agent.zje
McAfee 5576 2009.04.06 -
McAfee+Artemis 5576 2009.04.06 -
McAfee-GW-Edition 6.7.6 2009.04.06 Trojan.Drop.Zena.A
Microsoft 1.4502 2009.04.07 Exploit:Win32/Siveras.E
NOD32 3991 2009.04.07 Win32/TrojanDropper.Agent.ZJE
Norman 6.00.06 2009.04.06 W32/Agent.LTIS.dropper
nProtect 2009.1.8.0 2009.04.07 Trojan-Dropper/W32.Agent.15360.G
Panda 10.0.0.14 2009.04.06 -
PCTools 4.4.2.0 2009.04.06 -
Prevx1 V2 2009.04.07 -
Rising 21.24.10.00 2009.04.07 Trojan.Win32.Undef.soe
Sophos 4.40.0 2009.04.07 Mal/Behav-112
Sunbelt 3.2.1858.2 2009.04.06 -
Symantec 1.4.4.12 2009.04.07 -
TheHacker 6.3.4.0.303 2009.04.07 Trojan/Dropper.Agent.zje
TrendMicro 8.700.0.1004 2009.04.06 PAK_Generic.001
VBA32 3.12.10.2 2009.04.07 Trojan-Dropper.Win32.Agent.zje
ViRobot 2009.4.6.1680 2009.04.06 Trojan.Win32.Agent.15360.AW
VirusBuster 4.6.5.0 2009.04.06 Trojan.DR.Agent.GCWR

Дополнительная информация
File size: 15360 bytes
MD5...: 60ed6c46181c2df285719f541ef3dc07
SHA1..: a9fbc6fb501b28d668878e9c61797bcea536d788
SHA256: 632b17dd78ddbff3d587ee47e3b8ae3d6c7750382049fec13c 2e05d148624106
SHA512: 0eb800bba9aa29ad72d7f4390e6ba875d0001978d224ba28c0 0a703d9ad0dabd<BR>74579026e47218bd7d021a366285431842d62c7cfa6a587311 ae58dec3681735
ssdeep: 384:20Rs1LvqfARgiQGtMFgi+ZxKQ3b8zBXs:200LSfRiQLgi+ ZH86<BR>
PEiD..: Armadillo v1.71

Добавлено через 4 минуты

Файл oleadp.dll получен 2009.04.07 05:15:01 (CET)

Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.04.07 Trojan-Dropper.Agent!IK
AhnLab-V3 5.0.0.2 2009.04.06 -
AntiVir 7.9.0.138 2009.04.06 TR/Small.bbp
Antiy-AVL 2.0.3.1 2009.04.06 Trojan/Win32.Agent
Authentium 5.1.2.4 2009.04.07 W32/Downldr2.FHII
Avast 4.8.1335.0 2009.04.06 Win32:Trojan-gen {Other}
AVG 8.5.0.285 2009.04.07 Downloader.Agent.AQQU
BitDefender 7.2 2009.04.07 Trojan.Generic.1602684
CAT-QuickHeal 10.00 2009.04.06 TrojanDownloader.Agent.atpy
ClamAV 0.94.1 2009.04.06 Trojan.Downloader-62080
Comodo 1101 2009.04.06 TrojWare.Win32.TrojanDownloader.Agent.~AGW
DrWeb 4.44.0.09170 2009.04.07 DLOADER.Trojan
eSafe 7.0.17.0 2009.04.06 Win32.TRSmall.bbp
eTrust-Vet 31.6.6440 2009.04.07 Win32/SillyDl.GMQ
F-Prot 4.4.4.56 2009.04.07 W32/Downldr2.FHII
F-Secure 8.0.14470.0 2009.04.07 Trojan-Downloader.Win32.Agent.atpy
Fortinet 3.117.0.0 2009.04.07 W32/Agent.ATPY!tr.dldr
GData 19 2009.04.07 Trojan.Generic.1602684
Ikarus T3.1.1.49.0 2009.04.07 Trojan-Dropper.Agent
K7AntiVirus 7.10.694 2009.04.06 Trojan-Downloader.Win32.Agent.atpy
Kaspersky 7.0.0.125 2009.04.07 Trojan-Downloader.Win32.Agent.atpy
McAfee 5576 2009.04.06 Generic Downloader.x
McAfee+Artemis 5576 2009.04.06 Generic Downloader.x
McAfee-GW-Edition 6.7.6 2009.04.06 Trojan.Small.bbp
Microsoft 1.4502 2009.04.07 TrojanDownloader:Win32/Agent.YD
NOD32 3991 2009.04.07 Win32/Agent.ONC
Norman 6.00.06 2009.04.06 W32/Agent.LUMN
nProtect 2009.1.8.0 2009.04.07 Trojan-Downloader/W32.Agent.22016.AY
Panda 10.0.0.14 2009.04.06 Trj/Downloader.MDW
PCTools 4.4.2.0 2009.04.06 Trojan-Downloader.Agent!sd6
Prevx1 V2 2009.04.07 High Risk Worm
Rising 21.24.10.00 2009.04.07 Trojan.Win32.Undef.vbf
Sophos 4.40.0 2009.04.07 -
Sunbelt 3.2.1858.2 2009.04.06 Trojan-Downloader.Win32.Agent.atpy
Symantec 1.4.4.12 2009.04.07 Trojan Horse
TheHacker 6.3.4.0.303 2009.04.07 Trojan/Downloader.Agent.atpy
TrendMicro 8.700.0.1004 2009.04.06 -
VBA32 3.12.10.2 2009.04.07 Win32.Agent.ONC
ViRobot 2009.4.6.1680 2009.04.06 -
VirusBuster 4.6.5.0 2009.04.06 Trojan.DL.Agent.IQPW

Дополнительная информация
File size: 22016 bytes
MD5...: 9ec06018e2a05e3851386959fde7aa91
SHA1..: a9fb4c9fcd54c2c13f1be33a40a242717998fc3f
SHA256: 88ab242f80ed5cfc01de25ec6d77fdc79ae2fc28a6d271d653 884757c34f872c
SHA512: ffaf5ed79d443eeb6f1406d6cf4d691a55744c2e63cfdb4bff e92feee719fdf0<BR>5382f2c15c08fd69c81c56caaa48b55da2aa6c0a443bd841d6 bec8b74edc5b80
ssdeep: 384:6tNZ/z4wmn8caDy8D/QW4YqPnEKzwFbL4HPx21VyHPWvyWNdaeI:6tNZ/z49<BR>kDo9xEiTHPgUH0J4e<BR>
PEiD..: Armadillo v1.xx - v2.xx

Добавлено через 1 минуту

Файл D9C002DD.dll получен 2009.04.07 05:20:07 (CET)

Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.04.07 Generic.Onlinegames!IK
AhnLab-V3 5.0.0.2 2009.04.06 -
AntiVir 7.9.0.138 2009.04.06 TR/Spy.Gen
Antiy-AVL 2.0.3.1 2009.04.06 -
Authentium 5.1.2.4 2009.04.07 W32/OnlineGames.CA.gen!Eldorado
Avast 4.8.1335.0 2009.04.06 Win32:Agent-ACMH
AVG 8.5.0.285 2009.04.07 PSW.OnlineGames3.ARG
BitDefender 7.2 2009.04.07 Generic.Onlinegames.14.8518F76E
CAT-QuickHeal 10.00 2009.04.06 -
ClamAV 0.94.1 2009.04.06 -
Comodo 1101 2009.04.06 -
DrWeb 4.44.0.09170 2009.04.07 -
eSafe 7.0.17.0 2009.04.06 Win32.TRSpy
eTrust-Vet 31.6.6440 2009.04.07 Win32/Gamepass!generic
F-Prot 4.4.4.56 2009.04.07 W32/OnlineGames.CA.gen!Eldorado
F-Secure 8.0.14470.0 2009.04.07 Trojan-GameThief.Win32.Magania.ayej
Fortinet 3.117.0.0 2009.04.07 W32/OnlineGames.MIG!tr.pws
GData 19 2009.04.07 Generic.Onlinegames.14.8518F76E
Ikarus T3.1.1.49.0 2009.04.07 Generic.Onlinegames
K7AntiVirus 7.10.694 2009.04.06 Trojan-PSW.Win32.Magania.ayej
Kaspersky 7.0.0.125 2009.04.07 Trojan-GameThief.Win32.Magania.ayej
McAfee 5576 2009.04.06 -
McAfee+Artemis 5576 2009.04.06 Generic!Artemis
McAfee-GW-Edition 6.7.6 2009.04.06 Trojan.Spy.Gen
Microsoft 1.4502 2009.04.07 PWS:Win32/OnLineGames.CP
NOD32 3991 2009.04.07 probably a variant of Win32/PSW.OnLineGames.NRD
Norman 6.00.06 2009.04.06 -
nProtect 2009.1.8.0 2009.04.07 -
Panda 10.0.0.14 2009.04.06 -
Prevx1 V2 2009.04.07 High Risk Fraudulent Security Program
Rising 21.24.10.00 2009.04.07 Trojan.PSW.Win32.Undef.bcn
Sophos 4.40.0 2009.04.07 Troj/LdPinch-SE
Sunbelt 3.2.1858.2 2009.04.06 -
Symantec 1.4.4.12 2009.04.07 Infostealer.Gampass
TheHacker 6.3.4.0.303 2009.04.07 Trojan/Magania.ayej
TrendMicro 8.700.0.1004 2009.04.06 Mal_OLGM-23
VBA32 3.12.10.2 2009.04.07 Malware-Dropper.Win32.Inject.gen
ViRobot 2009.4.6.1680 2009.04.06 -
VirusBuster 4.6.5.0 2009.04.06 -

Дополнительная информация
File size: 220262 bytes
MD5...: bf332508508a665c2f9c71b855291772
SHA1..: a43d9b9185594c43475214295c096a7872f07a69
SHA256: 7654c35f26bbae3bf8ff8673e243c351ac3dd7641efecc28d8 ea38e4fe63eaf6
SHA512: 282bc26860d1a497e2eed982e3cadaa1cd16995c6a247d5c3c 054146a1c2cfba<BR>c0f4dd78617799ad362b2290ec182d279f715ae6380e3bf3e2 9b9452f8585f22
ssdeep: 192:MeUH36HA2Y+Y8tG1Eaag1b3DgngOzqryaD3kzGQ6dA30nY YsG/OBLa09R+UJ<BR>n:Mec36TQEaa+8gO2dAKvd2pG/OBD3Tn<BR>
PEiD..: -

Добавлено через 5 минут

Файл MB29kg.EXE получен 2009.04.07 05:26:48 (CET)

Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.04.07 Backdoor.Win32.Agobot!IK
AhnLab-V3 5.0.0.2 2009.04.06 -
AntiVir 7.9.0.138 2009.04.06 -
Antiy-AVL 2.0.3.1 2009.04.06 -
Authentium 5.1.2.4 2009.04.07 W32/Heuristic-210!Eldorado
Avast 4.8.1335.0 2009.04.06 -
AVG 8.5.0.285 2009.04.07 -
BitDefender 7.2 2009.04.07 -
CAT-QuickHeal 10.00 2009.04.06 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.04.06 -
Comodo 1101 2009.04.06 -
DrWeb 4.44.0.09170 2009.04.07 -
eSafe 7.0.17.0 2009.04.06 Suspicious File
eTrust-Vet 31.6.6440 2009.04.07 -
F-Prot 4.4.4.56 2009.04.07 W32/Heuristic-210!Eldorado
F-Secure 8.0.14470.0 2009.04.07 -
Fortinet 3.117.0.0 2009.04.07 -
GData 19 2009.04.07 -
Ikarus T3.1.1.49.0 2009.04.07 Backdoor.Win32.Agobot
K7AntiVirus 7.10.694 2009.04.06 -
Kaspersky 7.0.0.125 2009.04.07 -
McAfee 5576 2009.04.06 -
McAfee+Artemis 5576 2009.04.06 -
McAfee-GW-Edition 6.7.6 2009.04.06 -
Microsoft 1.4502 2009.04.07 -
NOD32 3991 2009.04.07 -
Norman 6.00.06 2009.04.06 -
nProtect 2009.1.8.0 2009.04.07 -
Panda 10.0.0.14 2009.04.06 -
PCTools 4.4.2.0 2009.04.06 -
Prevx1 V2 2009.04.07 -
Rising 21.24.10.00 2009.04.07 -
Sophos 4.40.0 2009.04.07 Sus/ComPack-C
Sunbelt 3.2.1858.2 2009.04.06 VIPRE.Suspicious
Symantec 1.4.4.12 2009.04.07 -
TheHacker 6.3.4.0.303 2009.04.07 W32/Behav-Heuristic-066
TrendMicro 8.700.0.1004 2009.04.06 PAK_Generic.001
VBA32 3.12.10.2 2009.04.07 -
ViRobot 2009.4.6.1680 2009.04.06 -
VirusBuster 4.6.5.0 2009.04.06 -

Дополнительная информация
File size: 33280 bytes
MD5...: e971a74fff55c8a03b442e347418ca44
SHA1..: 2e0aa84614aff0841821503388f4c7626a27cb56
SHA256: b88153e71f4f6d5f64e7273c6368535c7fe2133c03562f1d17 5c29f21c07cd4b
SHA512: 13bc982455bc910a1f64e529ccdb611630f6be9d1dbbecdf71 56dd0f6ad7f8e5<BR>3d610abcdba89c9f04916ece68d9d5fc0ea6eeea8c0c096d25 dd9bbf481b8681
ssdeep: 768:O1H+8TAC5TcP0P8lypWkcVXJgqUdsuQVLjq+UumnBrjVIJ 8oNDvx:O1PTb0l<BR>G8XJgoVPjqBrjVIHDvx<BR>
PEiD..: -

Добавлено через 1 час 39 минут

Файл Dc1.dll получен 2009.04.07 07:02:45 (CET)

Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.04.07 Trojan.Horse.Pws.Ldpinch.DQY!IK
AhnLab-V3 5.0.0.2 2009.04.06 Win-Trojan/LdPinch.26112.BW
AntiVir 7.9.0.138 2009.04.06 -
Antiy-AVL 2.0.3.1 2009.04.06 -
Authentium 5.1.2.4 2009.04.07 W32/Trojan.BPOL
Avast 4.8.1335.0 2009.04.06 -
AVG 8.5.0.285 2009.04.07 -
BitDefender 7.2 2009.04.07 Trojan.Horse.Pws.Ldpinch.DQY
CAT-QuickHeal 10.00 2009.04.06 -
ClamAV 0.94.1 2009.04.07 Trojan.PWS.LdPinch.DQY
Comodo 1101 2009.04.06 Unclassified Malware
DrWeb 4.44.0.09170 2009.04.07 -
eSafe 7.0.17.0 2009.04.06 Suspicious File
eTrust-Vet 31.6.6440 2009.04.07 Win32/VMalum.ABBN
F-Prot 4.4.4.56 2009.04.07 W32/Trojan.BPOL
F-Secure 8.0.14470.0 2009.04.07 -
Fortinet 3.117.0.0 2009.04.07 PossibleThreat
GData 19 2009.04.07 Trojan.Horse.Pws.Ldpinch.DQY
Ikarus T3.1.1.49.0 2009.04.07 Trojan.Horse.Pws.Ldpinch.DQY
K7AntiVirus 7.10.694 2009.04.06 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.04.07 -
McAfee 5576 2009.04.06 Generic.dx
McAfee+Artemis 5576 2009.04.06 Generic.dx
McAfee-GW-Edition 6.7.6 2009.04.06 -
Microsoft 1.4502 2009.04.07 -
NOD32 3991 2009.04.07 -
Norman 6.00.06 2009.04.06 W32/LdPinch.IYH
nProtect 2009.1.8.0 2009.04.07 Trojan-PWS/W32.LdPinch.26112.C
Panda 10.0.0.14 2009.04.06 -
PCTools 4.4.2.0 2009.04.06 Trojan.Agent.DXEG
Prevx1 V2 2009.04.07 High Risk Information Stealer
Rising 21.24.10.00 2009.04.07 Trojan.PSW.Win32.LdPinch.rat
Sophos 4.40.0 2009.04.07 -
Sunbelt 3.2.1858.2 2009.04.06 Trojan.Horse.Pws.Ldpinch.DQY
Symantec 1.4.4.12 2009.04.07 Infostealer
TheHacker 6.3.4.0.303 2009.04.07 -
TrendMicro 8.700.0.1004 2009.04.07 PAK_Generic.001
VBA32 3.12.10.2 2009.04.07 -
ViRobot 2009.4.7.1681 2009.04.07 -
VirusBuster 4.6.5.0 2009.04.06 Trojan.Agent.DXEG

Дополнительная информация
File size: 26112 bytes
MD5...: 32f93c22f79f6658721e82e55f31006a
SHA1..: bbcd66ac2e2298f06d245c0c6ba6fa5ac7cb0857
SHA256: bdfa01e0831c33b13b39bf8fb810bb2b401f703cccb9f5a590 ae89b74af9973f
SHA512: 3de27ce23db3fa0bf6bb0363fe2bc3d52d6df9c728456f8496 cfc8f83eb9a7c8<BR>e5b14d8a964bfcfacf008b3d9f81a3817f75d08ca249e891b1 886e00246bfd20
ssdeep: 384:vZmwHCvIsmQsp3dLTouFEVimS6LTswyuYjNTlcZSGhOFXS b9n7:vZmVveQsZ<BR>dvxIi/biAFCbp<BR>
PEiD..: -

Kuzz
08.04.2009, 16:22
Файл avz00001.dta получен 2009.04.08 14:10:46 (CET)
Текущий статус: закончено
Результат: 8/40 (20%)


Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.04.08 -
AhnLab-V3 5.0.0.2 2009.04.08 -
AntiVir 7.9.0.138 2009.04.08 -
Antiy-AVL 2.0.3.1 2009.04.08 Backdoor/Win32.KeyStart
Authentium 5.1.2.4 2009.04.08 W32/Damaged_File.gen!Eldorado
Avast 4.8.1335.0 2009.04.07 -
AVG 8.5.0.285 2009.04.08 -
BitDefender 7.2 2009.04.08 -
CAT-QuickHeal 10.00 2009.04.08 -
ClamAV 0.94.1 2009.04.08 -
Comodo 1105 2009.04.08 -
DrWeb 4.44.0.09170 2009.04.08 Trojan.DownLoad.31797
eSafe 7.0.17.0 2009.04.07 Suspicious File
eTrust-Vet 31.6.6444 2009.04.08 -
F-Prot 4.4.4.56 2009.04.08 W32/Damaged_File.gen!Eldorado
F-Secure 8.0.14470.0 2009.04.08 -
Fortinet 3.117.0.0 2009.04.08 -
GData 19 2009.04.08 -
Ikarus T3.1.1.49.0 2009.04.08 -
K7AntiVirus 7.10.695 2009.04.07 -
Kaspersky 7.0.0.125 2009.04.08 -
McAfee 5577 2009.04.07 -
McAfee+Artemis 5577 2009.04.07 -
McAfee-GW-Edition 6.7.6 2009.04.08 Win32.Malware.dam (suspicious)
Microsoft 1.4502 2009.04.08 -
NOD32 3994 2009.04.07 -
Norman 6.00.06 2009.04.08 -
nProtect 2009.1.8.0 2009.04.08 -
Panda 10.0.0.14 2009.04.07 -
PCTools 4.4.2.0 2009.04.07 -
Prevx1 V2 2009.04.08 -
Rising 21.24.22.00 2009.04.08 -
Sophos 4.40.0 2009.04.08 -
Sunbelt 3.2.1858.2 2009.04.08 VIPRE.Suspicious
Symantec 1.4.4.12 2009.04.08 Suspicious.MH690.A
TheHacker 6.3.4.0.303 2009.04.08 -
TrendMicro 8.700.0.1004 2009.04.08 -
VBA32 3.12.10.2 2009.04.08 -
ViRobot 2009.4.7.1684 2009.04.08 -
VirusBuster 4.6.5.0 2009.04.07 -

Дополнительная информация
File size: 70722 bytes
MD5...: 88b7e71e3f16a3b1951af96a4fcd0a3b
SHA1..: 78ce49106664b3f0423d6352c26947a496dbe72b
SHA256: 62c390e08ab7168b88eb9701a72d26bb0fe67e47ca9a7aaf3a 612be1d5bcf102
SHA512: f75b65fd88017a4b0b92ffbdb58005dc071c660f88e49a9a89 4902ca455226d1
9d7a6292da7ed63aaddab8758f8d2678b348be9cdf0c1ecc83 4b0baaa9413986
ssdeep: 1536:Q6ybwt5R4uxGUex9IElFoEyPo0JF4W7R2ltXD+LKibO:C bwtL4uwbxCStyv
FRglUE
PEiD..: -

Добавлено через 3 минуты

Файл avz00002.dta получен 2009.04.08 14:10:55 (CET)


Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.04.08 Trojan-Spy.Finanz.J!IK
AhnLab-V3 5.0.0.2 2009.04.08 -
AntiVir 7.9.0.138 2009.04.08 TR/Dldr.Age.orh.1.A
Antiy-AVL 2.0.3.1 2009.04.08 -
Authentium 5.1.2.4 2009.04.08 -
Avast 4.8.1335.0 2009.04.07 -
AVG 8.5.0.285 2009.04.08 -
BitDefender 7.2 2009.04.08 -
CAT-QuickHeal 10.00 2009.04.08 -
ClamAV 0.94.1 2009.04.08 -
Comodo 1105 2009.04.08 -
DrWeb 4.44.0.09170 2009.04.08 -
eSafe 7.0.17.0 2009.04.07 Suspicious File
eTrust-Vet 31.6.6444 2009.04.08 -
F-Prot 4.4.4.56 2009.04.08 -
F-Secure 8.0.14470.0 2009.04.08 -
Fortinet 3.117.0.0 2009.04.08 -
GData 19 2009.04.08 -
Ikarus T3.1.1.49.0 2009.04.08 Trojan-Spy.Finanz.J
K7AntiVirus 7.10.695 2009.04.07 -
Kaspersky 7.0.0.125 2009.04.08 -
McAfee 5577 2009.04.07 Downloader-BAR
McAfee+Artemis 5577 2009.04.07 Generic!Artemis
McAfee-GW-Edition 6.7.6 2009.04.08 Trojan.Dldr.Age.orh.1.A
Microsoft 1.4502 2009.04.08 TrojanDownloader:Win32/Slupim.B
NOD32 3994 2009.04.07 -
Norman 6.00.06 2009.04.08 -
nProtect 2009.1.8.0 2009.04.08 -
Panda 10.0.0.14 2009.04.07 -
PCTools 4.4.2.0 2009.04.07 -
Prevx1 V2 2009.04.08 Medium Risk Malware
Rising 21.24.22.00 2009.04.08 -
Sophos 4.40.0 2009.04.08 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.04.08 -
Symantec 1.4.4.12 2009.04.08 Downloader
TheHacker 6.3.4.0.303 2009.04.08 -
TrendMicro 8.700.0.1004 2009.04.08 PAK_Generic.001
VBA32 3.12.10.2 2009.04.08 -
ViRobot 2009.4.7.1684 2009.04.08 -
VirusBuster 4.6.5.0 2009.04.07 -

Дополнительная информация
File size: 33280 bytes
MD5...: 9e1715c7898a8cd97a162711886989dc
SHA1..: 7777b0cc0bc5894aba0bbcf7bb76f501e58056dd
SHA256: 20adffebe69bf64ea0ec708335a357ff423258733bead565cc 6489277beadfa7
SHA512: add645ddc6629446aab0313f6a4587a9887479be830e0417e3 ddabcf3dd6f606<br>9ffd3c395c79e45e418f77df42344afef13895311ff7dcf17b 8fcdc331a7a090
ssdeep: 768:MghekVD4bDLwkXL621bClvRt+ki4Xl5i/2AQxyBr:MWHVcbfjLh1bIptni4X<br>Li/2H<br>
PEiD..: -

Добавлено через 2 минуты

Файл avz00008.dta получен 2009.04.08 14:13:43 (CET)

Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.04.08 -
AhnLab-V3 5.0.0.2 2009.04.08 -
AntiVir 7.9.0.138 2009.04.08 HEUR/Malware
Antiy-AVL 2.0.3.1 2009.04.08 -
Authentium 5.1.2.4 2009.04.08 -
Avast 4.8.1335.0 2009.04.07 -
AVG 8.5.0.285 2009.04.08 -
BitDefender 7.2 2009.04.08 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 10.00 2009.04.08 -
ClamAV 0.94.1 2009.04.08 -
Comodo 1105 2009.04.08 -
DrWeb 4.44.0.09170 2009.04.08 -
eSafe 7.0.17.0 2009.04.07 Suspicious File
eTrust-Vet 31.6.6444 2009.04.08 -
F-Prot 4.4.4.56 2009.04.08 -
F-Secure 8.0.14470.0 2009.04.08 -
Fortinet 3.117.0.0 2009.04.08 -
GData 19 2009.04.08 BehavesLike:Win32.ExplorerHijack
Ikarus T3.1.1.49.0 2009.04.08 -
K7AntiVirus 7.10.695 2009.04.07 -
Kaspersky 7.0.0.125 2009.04.08 Heur.Trojan.Generic
McAfee 5577 2009.04.07 -
McAfee+Artemis 5577 2009.04.07 -
McAfee-GW-Edition 6.7.6 2009.04.08 Heuristic.Malware
Microsoft 1.4502 2009.04.08 -
NOD32 3994 2009.04.07 -
Norman 6.00.06 2009.04.08 -
nProtect 2009.1.8.0 2009.04.08 -
Panda 10.0.0.14 2009.04.07 -
PCTools 4.4.2.0 2009.04.07 -
Prevx1 V2 2009.04.08 High Risk Cloaked Malware
Rising 21.24.22.00 2009.04.08 -
Sophos 4.40.0 2009.04.08 -
Sunbelt 3.2.1858.2 2009.04.08 -
Symantec 1.4.4.12 2009.04.08 -
TheHacker 6.3.4.0.303 2009.04.08 -
TrendMicro 8.700.0.1004 2009.04.08 PAK_Generic.001
VBA32 3.12.10.2 2009.04.08 -
ViRobot 2009.4.7.1684 2009.04.08 -
VirusBuster 4.6.5.0 2009.04.07 -

Дополнительная информация
File size: 61952 bytes
MD5...: 6dc3e5662cfc21669bb56bc99ff80060
SHA1..: f054eade47d031d80e5dd2737442a014cf157433
SHA256: f63f22ed4d5ac8e7c6db26b17aeb8f7cb4c5994de1ba486757 7bd63fdd5b0926
SHA512: 2b86681ef5cf71553da6a5834ad815f72fae38ed38fd691151 d4c79d7f6ab3fe<br>ebf79e7834c4902dc08d00ede69f77019366dd7d22e8a16268 97bf24bf18e11a
ssdeep: 1536:NBEb/fUusufovK9D0OJkncY3tzQuAPRjCenGkolgRA:NBEb/suNQA6nxt/A<br>pjCkXJu<br>
PEiD..: UPX 2.90 [LZMA] -&gt; Markus Oberhumer, Laszlo Molnar &amp; John Reiser

senyak
08.04.2009, 19:37
Файл __________.jar.jar получен 2009.04.08 17:25:21 (CET)
Текущий статус: закончено
Результат: 8/40 (20.00%)

Результат: 8/40 (20%)
Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.04.08 Trojan-SMS!IK
AhnLab-V3 5.0.0.2 2009.04.08 -
AntiVir 7.9.0.138 2009.04.08 JAVA/SMS.Konov.e
Antiy-AVL 2.0.3.1 2009.04.08 Trojan/J2ME.Konov
Authentium 5.1.2.4 2009.04.08 -
Avast 4.8.1335.0 2009.04.08 -
AVG 8.5.0.285 2009.04.08 -
BitDefender 7.2 2009.04.08 -
CAT-QuickHeal 10.00 2009.04.08 -
ClamAV 0.94.1 2009.04.08 -
Comodo 1105 2009.04.08 -
DrWeb 4.44.0.09170 2009.04.08 Java.SMSSend.18
eSafe 7.0.17.0 2009.04.07 -
eTrust-Vet 31.6.6444 2009.04.08 -
F-Prot 4.4.4.56 2009.04.08 -
F-Secure 8.0.14470.0 2009.04.08 Trojan-SMS.J2ME.Konov.e
Fortinet 3.117.0.0 2009.04.08 -
GData 19 2009.04.08 -
Ikarus T3.1.1.49.0 2009.04.08 Trojan-SMS
K7AntiVirus 7.10.695 2009.04.07 -
Kaspersky 7.0.0.125 2009.04.08 Trojan-SMS.J2ME.Konov.e
McAfee 5577 2009.04.07 -
McAfee+Artemis 5577 2009.04.07 -
McAfee-GW-Edition 6.7.6 2009.04.08 -
Microsoft 1.4502 2009.04.08 -
NOD32 3995 2009.04.08 -
Norman 6.00.06 2009.04.08 -
nProtect 2009.1.8.0 2009.04.08 -
Panda 10.0.0.14 2009.04.08 -
PCTools 4.4.2.0 2009.04.08 -
Prevx1 V2 2009.04.08 -
Rising 21.24.22.00 2009.04.08 -
Sophos 4.40.0 2009.04.08 -
Sunbelt 3.2.1858.2 2009.04.08 -
Symantec 1.4.4.12 2009.04.08 Trojan Horse
TheHacker 6.3.4.0.303 2009.04.08 -
TrendMicro 8.700.0.1004 2009.04.08 -
VBA32 3.12.10.2 2009.04.08 -
ViRobot 2009.4.7.1684 2009.04.08 -
VirusBuster 4.6.5.0 2009.04.08 -
Дополнительная информация
File size: 2366 bytes
MD5...: bef6ca276e3cef380b163c22a119e14c
SHA1..: 6b81c2d01e9fe4dfded625e12be770d7bbdf952c
SHA256: 934fb9228051fa17ae23c39e614f636402f87f2b1bb886a997 381a0964e2f475
SHA512: a217a183c5952e164e93045db0c03c5d26dfa25481b174a87c 491bd835b155fa
64deb241673056fe5c14dc070666130c214d00b97bd499e26e e8b0be91f4e92c
ssdeep: 48:51FTQo0tOURs9y3VeiTEzrTnHOCmmJwLnDfTBEm7:XFTiOU Rs9qVeiT6THmX3
J
PEiD..: -
TrID..: File type identification
Java Archive (78.2%)
ZIP compressed archive (21.5%)
Sybase iAnywhere database files (0.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: -
RDS...: NSRL Reference Data Set
-

senyak
11.04.2009, 04:15
Файл system32.vbs получен 2009.04.11 02:04:48 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 16/40 (40%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.04.11 Trojan.VBS.KillFiles!IK
AhnLab-V3 5.0.0.2 2009.04.10 -
AntiVir 7.9.0.138 2009.04.10 VBS/KillFiles.U
Antiy-AVL 2.0.3.1 2009.04.10 Trojan/VBS.Disabler
Authentium 5.1.2.4 2009.04.10 VBS/KillFil.U
Avast 4.8.1335.0 2009.04.10 VBS:Zjuka-A
AVG 8.5.0.285 2009.04.10 VBS/Agent
BitDefender 7.2 2009.04.11 -
CAT-QuickHeal 10.00 2009.04.10 -
ClamAV 0.94.1 2009.04.10 Trojan.VBS.Ejector
Comodo 1109 2009.04.10 -
DrWeb 4.44.0.09170 2009.04.11 VBS.Corruptor.7
eSafe 7.0.17.0 2009.04.07 -
eTrust-Vet 31.6.6450 2009.04.11 -
F-Prot 4.4.4.56 2009.04.10 VBS/KillFil.U
F-Secure 8.0.14470.0 2009.04.10 Trojan.VBS.Disabler.j
Fortinet 3.117.0.0 2009.04.10 -
GData 19 2009.04.11 VBS:Zjuka-A
Ikarus T3.1.1.49.0 2009.04.11 Trojan.VBS.KillFiles
K7AntiVirus 7.10.698 2009.04.09 -
Kaspersky 7.0.0.125 2009.04.11 Trojan.VBS.Disabler.j
McAfee 5580 2009.04.10 -
McAfee+Artemis 5580 2009.04.10 -
McAfee-GW-Edition 6.7.6 2009.04.10 Script.KillFiles.U
Microsoft 1.4502 2009.04.10 -
NOD32 4000 2009.04.10 VBS/Agent.D
Norman 6.00.06 2009.04.09 VBS/Agent.A
nProtect 2009.1.8.0 2009.04.10 -
Panda 10.0.0.14 2009.04.10 -
PCTools 4.4.2.0 2009.04.08 -
Prevx1 V2 2009.04.11 -
Rising 21.24.44.00 2009.04.10 -
Sophos 4.40.0 2009.04.11 -
Sunbelt 3.2.1858.2 2009.04.10 -
Symantec 1.4.4.12 2009.04.11 -
TheHacker 6.3.4.0.305 2009.04.10 -
TrendMicro 8.700.0.1004 2009.04.10 -
VBA32 3.12.10.2 2009.04.10 -
ViRobot 2009.4.10.1688 2009.04.10 -
VirusBuster 4.6.5.0 2009.04.10 -
Дополнительная информация
File size: 7554 bytes
MD5...: f990e831063777c40c6826eb49824986
SHA1..: cb901d7c022d02078cf76f319f5519e41cbd75ed
SHA256: fcac063882593e4809163985420da76021f8e4fe45a036b879 b5f708bedeca8d
SHA512: 79a3bd8dd8d4c3e83202755b844b0b7d14d76911572dba7cba ce3dcf131e2dd2
28f1a45243e5c5263332062b9456d114392f823287c23a60fa 708d2de5ae0b1b
ssdeep: 96:unqEsuV2EsV2EFb2GRdU6MtMoas4rYiHn7feAYIc6CMlBz/fNIDIS5deIHyyG
Kq3:uH2/2IUNm4UqgMF0CHztc/0QJF
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
RDS...: NSRL Reference Data Set




Файл Datren.com получен 2009.04.11 02:07:53 (CET)
Текущий статус: Закончено
Результат: 11/39 (28.21%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.04.11 Trojan.BAT.KillFiles!IK
AhnLab-V3 5.0.0.2 2009.04.10 -
AntiVir 7.9.0.138 2009.04.10 BDS/Killfiles.FW
Antiy-AVL 2.0.3.1 2009.04.10 Trojan/BAT.KillFiles
Authentium 5.1.2.4 2009.04.10 -
Avast 4.8.1335.0 2009.04.10 -
AVG 8.5.0.285 2009.04.10 -
BitDefender 7.2 2009.04.11 -
CAT-QuickHeal 10.00 2009.04.10 -
ClamAV 0.94.1 2009.04.10 -
Comodo 1109 2009.04.10 TrojWare.BAT.KillFiles.fw
DrWeb 4.44.0.09170 2009.04.11 Trojan.Gds.3318
eSafe 7.0.17.0 2009.04.07 -
eTrust-Vet 31.6.6450 2009.04.11 -
F-Prot 4.4.4.56 2009.04.10 -
Fortinet 3.117.0.0 2009.04.10 -
GData 19 2009.04.11 -
Ikarus T3.1.1.49.0 2009.04.11 Trojan.BAT.KillFiles
K7AntiVirus 7.10.698 2009.04.09 -
Kaspersky 7.0.0.125 2009.04.11 Trojan.BAT.KillFiles.fw
McAfee 5580 2009.04.10 -
McAfee+Artemis 5580 2009.04.10 -
McAfee-GW-Edition 6.7.6 2009.04.10 Trojan.Backdoor.Killfiles.FW
Microsoft 1.4502 2009.04.10 -
NOD32 4000 2009.04.10 -
Norman 6.00.06 2009.04.09 -
nProtect 2009.1.8.0 2009.04.10 -
Panda 10.0.0.14 2009.04.10 -
PCTools 4.4.2.0 2009.04.08 -
Prevx1 V2 2009.04.11 Medium Risk Malware
Rising 21.24.44.00 2009.04.10 -
Sophos 4.40.0 2009.04.11 -
Sunbelt 3.2.1858.2 2009.04.10 -
Symantec 1.4.4.12 2009.04.11 Trojan Horse
TheHacker 6.3.4.0.305 2009.04.10 -
TrendMicro 8.700.0.1004 2009.04.10 -
VBA32 3.12.10.2 2009.04.10 -
ViRobot 2009.4.10.1688 2009.04.10 Spyware.KillFiles.3318
VirusBuster 4.6.5.0 2009.04.10 -

senyak
12.04.2009, 04:43
Файл codec.exe получен 2009.04.11 20:26:58 (CET)
Текущий статус: Закончено

Результат: 14/40 (35%)
Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.04.11 -
AhnLab-V3 5.0.0.2 2009.04.11 -
AntiVir 7.9.0.138 2009.04.11 TR/Dldr.Agent.bqxq
Antiy-AVL 2.0.3.1 2009.04.11 -
Authentium 5.1.2.4 2009.04.11 -
Avast 4.8.1335.0 2009.04.10 -
AVG 8.5.0.285 2009.04.11 Win32/Heur
BitDefender 7.2 2009.04.11 Trojan.Delf.PQY
CAT-QuickHeal 10.00 2009.04.10 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.04.10 -
Comodo 1110 2009.04.11 -
DrWeb 4.44.0.09170 2009.04.11 -
eSafe 7.0.17.0 2009.04.07 Suspicious File
eTrust-Vet 31.6.6450 2009.04.11 -
F-Prot 4.4.4.56 2009.04.11 -
F-Secure 8.0.14470.0 2009.04.11 Trojan-Downloader.Win32.Agent.bqxq
Fortinet 3.117.0.0 2009.04.11 -
GData 19 2009.04.11 Trojan.Delf.PQY
Ikarus T3.1.1.49.0 2009.04.11 -
K7AntiVirus 7.10.700 2009.04.11 Trojan-Downloader.Win32.Agent.bqxq
Kaspersky 7.0.0.125 2009.04.11 Trojan-Downloader.Win32.Agent.bqxq
McAfee 5581 2009.04.11 -
McAfee+Artemis 5581 2009.04.11 -
McAfee-GW-Edition 6.7.6 2009.04.11 Trojan.Dldr.Agent.bqxq
Microsoft 1.4502 2009.04.11 TrojanDownloader:Win32/FakeRean
NOD32 4001 2009.04.11 -
Norman 6.00.06 2009.04.09 -
nProtect 2009.1.8.0 2009.04.11 -
Panda 10.0.0.14 2009.04.11 -
PCTools 4.4.2.0 2009.04.08 -
Prevx1 V2 2009.04.11 Medium Risk Malware
Rising 21.24.52.00 2009.04.11 -
Sophos 4.40.0 2009.04.11 -
Sunbelt 3.2.1858.2 2009.04.11 -
Symantec 1.4.4.12 2009.04.11 Downloader.MisleadApp
TheHacker 6.3.4.0.305 2009.04.11 Trojan/Downloader.Agent.bqxq
TrendMicro 8.700.0.1004 2009.04.10 -
VBA32 3.12.10.2 2009.04.10 -
ViRobot 2009.4.10.1688 2009.04.10 -
VirusBuster 4.6.5.0 2009.04.11 -
Дополнительная информация
File size: 106499 bytes
MD5...: 8aaa3a771b8d223ad587875dac6c82ac
SHA1..: 48416374c9f692b355ad50bd7ee7c41d866f1e7b
SHA256: 6d6368088c1f2e028342ddbf2409f2cf094b3e5ecedb3c4f59 e13fd70c6c2b89
SHA512: a52dc8e212d714a3304adeeb7f8538afc1209a9796cd17e7cd d5e31b1443ccc6
c07816f893eb3effad1d8976ffa9453e743bb4d1b6ca259569 8b0c2dbcceda50
ssdeep: 3072:j7EE/Iufd4dhGH2Ha3sFVsmT9IN/ai9X3kuy:j7E+fdxyssLBYM
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

Добавлено через 6 часов 3 минуты

Файл _________________________________ получен 2009.04.12 01:51:12 (CET)
Текущий статус: Закончено
Результат: 17/40 (42.5%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.04.12 Trojan-Clicker.JS.Agent.h!IK
AhnLab-V3 5.0.0.2 2009.04.11 -
AntiVir 7.9.0.138 2009.04.11 HTML/Crypted.Gen
Antiy-AVL 2.0.3.1 2009.04.11 -
Authentium 5.1.2.4 2009.04.11 -
Avast 4.8.1335.0 2009.04.11 HTML:Iframe-inf
AVG 8.5.0.285 2009.04.11 JS/Downloader.Agent
BitDefender 7.2 2009.04.12 -
CAT-QuickHeal 10.00 2009.04.10 JS/Agent.H1
ClamAV 0.94.1 2009.04.10 -
Comodo 1110 2009.04.11 -
DrWeb 4.44.0.09170 2009.04.11 -
eSafe 7.0.17.0 2009.04.07 JS.Iframe.en
eTrust-Vet 31.6.6450 2009.04.11 -
F-Prot 4.4.4.56 2009.04.11 -
F-Secure 8.0.14470.0 2009.04.11 Trojan-Clicker.JS.Agent.h
Fortinet 3.117.0.0 2009.04.11 -
GData 19 2009.04.12 HTML:Iframe-inf
Ikarus T3.1.1.49.0 2009.04.12 Trojan-Clicker.JS.Agent.h
K7AntiVirus 7.10.700 2009.04.11 -
Kaspersky 7.0.0.125 2009.04.12 Trojan-Clicker.JS.Agent.h
McAfee 5581 2009.04.11 JS/Downloader.gen
McAfee+Artemis 5581 2009.04.11 JS/Downloader.gen
McAfee-GW-Edition 6.7.6 2009.04.11 Heuristic.Script.Crypted
Microsoft 1.4502 2009.04.11 TrojanDownloader:JS/Psyme.gen
NOD32 4002 2009.04.11 -
Norman 6.00.06 2009.04.09 -
nProtect 2009.1.8.0 2009.04.11 -
Panda 10.0.0.14 2009.04.11 -
PCTools 4.4.2.0 2009.04.08 -
Prevx1 V2 2009.04.12 -
Rising 21.24.52.00 2009.04.11 -
Sophos 4.40.0 2009.04.11 Mal/ObfJS-AB
Sunbelt 3.2.1858.2 2009.04.11 Exploit.HTML.IFrame.gen (v)
Symantec 1.4.4.12 2009.04.12 -
TheHacker 6.3.4.0.305 2009.04.11 -
TrendMicro 8.700.0.1004 2009.04.10 Mal_Hifrm-2
VBA32 3.12.10.2 2009.04.10 -
ViRobot 2009.4.10.1688 2009.04.10 -
VirusBuster 4.6.5.0 2009.04.11 -
Дополнительная информация
File size: 1731 bytes
MD5...: e7d92c8f8fa5b347dd1cf068501e0eea
SHA1..: 623912671069117568d20b850b3424f46f83063a
SHA256: edc7fe75ef8392fad84b256e6145b7eba31017a32eab01f5b3 26ea288c523b6c
SHA512: b6b2a2fd237b0e6f5123aed7b0ffd3e343b9918d936cc76424 ece6ffa143c3e0
924c634f5eaf5c0d1e423cfeb25cd22ecce68f1f90b7eccd2a 0e475761be18f5
ssdeep: 48:f+LVIrRo7kB+swHyfMI3/nWlBY08rMWFQ+ez:fG8R/nkyL3PWMMWwz
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
RDS...: NSRL Reference Data Set

vlad179
12.04.2009, 07:55
Файл a получен 2009.04.12 05:51:23 (CET)

Результат: 11/40 (27.5%)
Форматированные
Печать результатов
Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.04.12 Trojan-Downloader.JS.Psyme.cv!IK
AhnLab-V3 5.0.0.2 2009.04.11 -
AntiVir 7.9.0.138 2009.04.11 HTML/Crypted.Gen
Antiy-AVL 2.0.3.1 2009.04.12 -
Authentium 5.1.2.4 2009.04.11 -
Avast 4.8.1335.0 2009.04.11 -
AVG 8.5.0.285 2009.04.11 JS/Downloader.Agent
BitDefender 7.2 2009.04.12 -
CAT-QuickHeal 10.00 2009.04.10 -
ClamAV 0.94.1 2009.04.12 -
Comodo 1110 2009.04.11 -
DrWeb 4.44.0.09170 2009.04.11 VBS.Psyme.377
eSafe 7.0.17.0 2009.04.07 -
eTrust-Vet 31.6.6450 2009.04.11 -
F-Prot 4.4.4.56 2009.04.11 -
F-Secure 8.0.14470.0 2009.04.11 Trojan-Downloader.JS.Iframe.arf
Fortinet 3.117.0.0 2009.04.11 -
GData 19 2009.04.12 -
Ikarus T3.1.1.49.0 2009.04.12 Trojan-Downloader.JS.Psyme.cv
K7AntiVirus 7.10.700 2009.04.11 -
Kaspersky 7.0.0.125 2009.04.12 Trojan-Downloader.JS.Iframe.arf
McAfee 5581 2009.04.11 JS/Wonka
McAfee+Artemis 5581 2009.04.11 JS/Wonka
McAfee-GW-Edition 6.7.6 2009.04.11 Heuristic.Script.Crypted
Microsoft 1.4502 2009.04.11 -
NOD32 4002 2009.04.11 -
Norman 6.00.06 2009.04.09 -
nProtect 2009.1.8.0 2009.04.12 -
Panda 10.0.0.14 2009.04.11 -
PCTools 4.4.2.0 2009.04.08 -
Prevx1 V2 2009.04.12 -
Rising 21.24.60.00 2009.04.12 -
Sophos 4.40.0 2009.04.12 -
Sunbelt 3.2.1858.2 2009.04.11 Trojan-Clicker.HTML.IFrame.gen (v)
Symantec 1.4.4.12 2009.04.12 -
TheHacker 6.3.4.0.305 2009.04.11 -
TrendMicro 8.700.0.1004 2009.04.10 -
VBA32 3.12.10.2 2009.04.12 -
ViRobot 2009.4.10.1688 2009.04.10 -
VirusBuster 4.6.5.0 2009.04.11 -

File size: 1549 bytes
MD5...: 7f4e8243134674c085a634ac5e55f99a
SHA1..: 2e45e93b83d33f93dc8bc1842f8f64647925be23
SHA256: ef507f7328beb544db81d52935d982c67099a6874c39bfafaf 10acedebbe50e3
SHA512: 571344b99bb358b4cbbbc11480c5702143bbd54f2e580beda3 e8586f157cae4e
ad0fe3c6d05b3141b7c52e96127ff70d2df7d53e1fef6e815c f435d347150bea
ssdeep: 24:gcWnHtnI0dNbeYh5zox64JWTXBU7Me49kCqvzocc7TvQ3pp nEGWYWSjhHQG1Q
/NV:gc4IaxeepoLWTXB09LozX4U7YHX1QlVj
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
RDS...: NSRL Reference Data Set