Исследование антивирусов 7

Printable View

Показывать 40 сообщений этой темы на одной странице

05.03.2010, 19:18
Torvic99

Файл plugin-flash.swf получен 2010.03.05 15:59:01 (UTC)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: [COLOR=red]20[/COLOR]/42 (47.62%)

[QUOTE]Антивирус Версия Обновление Результат

[B]a-squared 4.5.0.50 2010.03.05-Exploit.SWF!IK
AhnLab-V3 5.0.0.2 2010.03.05-Win-Trojan/Swf-exploit
AntiVir 8.2.1.180 2010.03.05-SWF/Drop.Agent.E.10[/B]
Antiy-AVL 2.0.3.7 2010.03.05-
[B]Authentium 5.2.0.5 2010.03.05-SWF/Obfusc.A!Camelot
Avast 4.8.1351.0 2010.03.05-SWF:Downloader-F
Avast5 5.0.332.0 2010.03.05-SWF:Downloader-F[/B]
AVG 9.0.0.730 2010.03.05-
[B]BitDefender 7.2 2010.03.05-Trojan.SWF.Dropper.E[/B]
CAT-QuickHeal 10.00 2010.03.05-
ClamAV 0.96.0.0-git 2010.03.05-
[B]Comodo 4091 2010.02.28-UnclassifiedMalware[/B]
DrWeb 5.0.1.12222 2010.03.05-
eSafe 7.0.17.0 2010.03.04-
eTrust-Vet3 5.2.7341 2010.03.05-
F-Prot 4.5.1.85 2010.03.04-
[B]F-Secure 9.0.15370.0 2010.03.05-Trojan.SWF.Dropper.E[/B]
Fortinet 4.0.14.0 2010.03.04-
[B]GData 19 2010.03.05-Trojan.SWF.Dropper.E
Ikarus T3.1.1.80.0 2010.03.05-Exploit.SWF[/B]
Jiangmin 13.0.900 2010.03.05-
K7AntiVirus 7.10.990 2010.03.04-
Kaspersky 7.0.0.125 2010.03.05-
McAfee 5910 2010.03.04-
McAfee+Artemis 5910 2010.03.04-
[B]McAfee-GW-Edition 6.8.5 2010.03.05-SWF.Drop.Agent.E.10
Microsoft 1.5502 2010.03.05-TrojanDownloader:Win32/Swif.gen!A
NOD32 4918 2010.03.05-SWF/TrojanDownloader.Swif.NAL[/B]
Norman 6.04.08 2010.03.05-
[B]nProtect 2009.1.8.0 2010.03.05-Trojan-Exploit/W32.SWFlash.16658.HL[/B]
Panda 10.0.2.2 2010.03.04-
[B]PCTools 7.0.3.5 2010.03.04-HeurEngine.MaliciousExploit[/B]
Prevx 3.0 2010.03.05-
Rising 22.37.04.04 2010.03.05-
[B]Sophos 4.51.0 2010.03.05-Troj/SWFLdr-A[/B]
Sunbelt 5759 2010.03.05-
[B]Symantec 20091.2.0.41 2010.03.05-Bloodhound.Exploit.193[/B]
TheHacker 6.5.1.7.221 2010.03.05-
[B]TrendMicro 9.120.0.1004 2010.03.05-SWF_DLOADR.AOU[/B]
VBA32 3.12.12.2 2010.03.05-
[B]ViRobot 2010.3.5.2214 2010.03.05-SWF.S.Exploit.16658[/B]
VirusBuster 5.0.27.0 2010.03.05-

Дополнительная информация
File size: 16658 bytes
MD5...: d1e5c87722e883d30ddf342dfc0e08e9
SHA1..: a4ea20afd0a0c1a27bcbee10573959d6e0aa0167
SHA256: ce2b8fb32259047cded64dc262208497a2dbb575e83c5adf12d53cbca24aa999ssdeep: 384:YC2/7Np3bJ/SSsD4vPkdexXvmsxC4/urjN1:YC+BprJ/SfMkIxXvXxK
PEiD..: -PEInfo: -RDS...: NSRL Reference Data Set[/QUOTE]
10.03.2010, 12:42
Юльча

притащили на флешке в комплекте с запускающим автораном :scratch_one-s_head:
Файл USBUtil.exe получен 2010.03.10 08:47:02 (UTC)
Результат: [B][COLOR="Red"]12[/COLOR]/42[/B] (28.57%)

[QUOTE]
Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.03.10 -
AhnLab-V3 5.0.0.2 2010.03.09 -
[B]AntiVir 8.2.1.180 2010.03.09 TR/ATRAPS.Gen2[/B]
Antiy-AVL 2.0.3.7 2010.03.10 -
Authentium 5.2.0.5 2010.03.10 -
Avast 4.8.1351.0 2010.03.09 -
Avast5 5.0.332.0 2010.03.09 -
AVG 9.0.0.787 2010.03.09 -
[B]BitDefender 7.2 2010.03.10 Gen:Trojan.FirewallBypass.jmGfaSJSyXpc[/B]
CAT-QuickHeal 10.00 2010.03.10 -
ClamAV 0.96.0.0-git 2010.03.10 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.10 -
eSafe 7.0.17.0 2010.03.09 -
eTrust-Vet 35.2.7351 2010.03.10 -
F-Prot 4.5.1.85 2010.03.09 -
[B]F-Secure 9.0.15370.0 2010.03.10 Gen:Trojan.FirewallBypass.jmGfaSJSyXpc[/B]
Fortinet 4.0.14.0 2010.03.09 -
[B]GData 19 2010.03.10 Gen:Trojan.FirewallBypass.jmGfaSJSyXpc[/B]
Ikarus T3.1.1.80.0 2010.03.10 -
Jiangmin 13.0.900 2010.03.10 -
K7AntiVirus 7.10.993 2010.03.09 -
Kaspersky 7.0.0.125 2010.03.10 -
McAfee 5915 2010.03.09 -
McAfee+Artemis 5915 2010.03.09 -
[B]McAfee-GW-Edition 6.8.5 2010.03.10 Trojan.ATRAPS.Gen2
Microsoft 1.5502 2010.03.10 Worm:Win32/SillyShareCopy.gen[/B]
NOD32 4930 2010.03.09 -
[B]Norman 6.04.08 2010.03.10 W32/Malware[/B]
nProtect 2009.1.8.0 2010.03.10 -
Panda 10.0.2.2 2010.03.09 -
PCTools 7.0.3.5 2010.03.10 -
Prevx 3.0 2010.03.10 -
[B]Rising 22.38.02.03 2010.03.10 Trojan.Win32.DownldrU.a
Sophos 4.51.0 2010.03.10 Mal/SillyFDC-A
Sunbelt 5811 2010.03.10 BehavesLike.Win32.Malware (v)
Symantec 20091.2.0.41 2010.03.10 Suspicious.Insight[/B]
TheHacker 6.5.2.0.228 2010.03.10 -
[B]TrendMicro 9.120.0.1004 2010.03.10 PAK_Generic.001[/B]
VBA32 3.12.12.2 2010.03.09 -
ViRobot 2010.3.10.2219 2010.03.10 -
VirusBuster 5.0.27.0 2010.03.09 -

Дополнительная информация
File size: 154112 bytes
MD5 : 6884fdc6dc471f4319799deac3fa31eb[/QUOTE]

[url]http://www.virustotal.com/ru/analisis/7dee489c2fd1d7c37493143722d1901219a0794fa7630d073cbd891cec675ede-1268210822[/url]
15.03.2010, 16:57
Юльча

Файл Book_2262.exe получен 2010.03.15 13:52:01 (UTC)
Результат: [B][COLOR="Red"]10[/COLOR]/42 (23.81%)[/B]

[QUOTE]Антивирус Версия Обновление Результат
[B]a-squared 4.5.0.50 2010.03.15 Trojan-Downloader.Win32.Adload!IK[/B]
AhnLab-V3 5.0.0.2 2010.03.15 -
[B]AntiVir 8.2.1.180 2010.03.15 ADSPY/AdSpy.Gen[/B]
Antiy-AVL 2.0.3.7 2010.03.15 -
Authentium 5.2.0.5 2010.03.15 -
Avast 4.8.1351.0 2010.03.15 -
Avast5 5.0.332.0 2010.03.15 -
AVG 9.0.0.787 2010.03.15 -
BitDefender 7.2 2010.03.15 -
CAT-QuickHeal 10.00 2010.03.15 -
ClamAV 0.96.0.0-git 2010.03.15 -
[B]Comodo 4273 2010.03.15 ApplicUnsaf.Win32.Adware.Fearads.~J
DrWeb 5.0.1.12222 2010.03.15 Adware.FieryAds.36[/B]
eSafe 7.0.17.0 2010.03.14 -
eTrust-Vet 35.2.7363 2010.03.15 -
F-Prot 4.5.1.85 2010.03.15 -
F-Secure 9.0.15370.0 2010.03.15 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.15 -
[B]Ikarus T3.1.1.80.0 2010.03.15 Trojan-Downloader.Win32.Adload[/B]
Jiangmin 13.0.900 2010.03.15 -
K7AntiVirus 7.10.997 2010.03.13 -
Kaspersky 7.0.0.125 2010.03.15 -
McAfee 5920 2010.03.14 -
McAfee+Artemis 5920 2010.03.14 -
[B]McAfee-GW-Edition 6.8.5 2010.03.15 Ad-Spyware.AdSpy.Gen[/B]
Microsoft 1.5502 2010.03.12 -
[B]NOD32 4946 2010.03.15 a variant of Win32/Adware.FearAds.AA[/B]
Norman 6.04.08 2010.03.14 -
nProtect 2009.1.8.0 2010.03.15 -
Panda 10.0.2.2 2010.03.14 -
PCTools 7.0.3.5 2010.03.15 -
Prevx 3.0 2010.03.15 -
[B]Rising 22.39.00.04 2010.03.15 Trojan.DL.Win32.Undef.ryn[/B]
Sophos 4.51.0 2010.03.15 -
Sunbelt 5894 2010.03.15 -
[B]Symantec 20091.2.0.41 2010.03.15 Suspicious.Insight[/B]
TheHacker 6.5.2.0.233 2010.03.15 -
TrendMicro 9.120.0.1004 2010.03.15 -
[B]VBA32 3.12.12.2 2010.03.14 AdWare.Win32.FearAds.bme[/B]
ViRobot 2010.3.15.2228 2010.03.15 -
VirusBuster 5.0.27.0 2010.03.14 - [/QUOTE]

[size="1"][color="#666686"][B][I]Добавлено через 1 минуту[/I][/B][/color][/size]

[url]http://www.virustotal.com/ru/analisis/5520cb0f6abc6c6e0b76d2ab619734ee193575486cc809bfe44e61263b3a1f13-1268661121[/url]
16.03.2010, 11:09
Юльча

Файл jjj.jar получен 2010.03.16 05:58:46 (UTC)
Результат: [B]13/42 (30.96%)[/B]

[QUOTE]Антивирус Версия Обновление Результат
[B]a-squared 4.5.0.50 2010.03.16 Trojan-Downloader.Java.Agent.ak!A2[/B]
AhnLab-V3 5.0.0.2 2010.03.16 -
AntiVir 8.2.1.180 2010.03.15 -
Antiy-AVL 2.0.3.7 2010.03.15 -
Authentium 5.2.0.5 2010.03.16 -
Avast 4.8.1351.0 2010.03.15 -
Avast5 5.0.332.0 2010.03.15 -
AVG 9.0.0.787 2010.03.15 -
BitDefender 7.2 2010.03.16 -
CAT-QuickHeal 10.00 2010.03.15 -
ClamAV 0.96.0.0-git 2010.03.16 -
Comodo 4280 2010.03.16 -
[B]DrWeb 5.0.1.12222 2010.03.16 Exploit.CVE2008.5353[/B]
eSafe 7.0.17.0 2010.03.15 -
[B]eTrust-Vet 35.2.7365 2010.03.16 Java/ByteVerify!exploit[/B]
F-Prot 4.5.1.85 2010.03.15 -
F-Secure 9.0.15370.0 2010.03.16 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.16 -
[B]Ikarus T3.1.1.80.0 2010.03.16 Exploit.Java.CVE-2008-5353[/B]
Jiangmin 13.0.900 2010.03.16 -
K7AntiVirus 7.10.998 2010.03.15 -
[B]Kaspersky 7.0.0.125 2010.03.16 Trojan-Downloader.Java.Agent.ak
McAfee 5921 2010.03.15 Exploit-CVE2008-5353
McAfee+Artemis 5921 2010.03.15 Exploit-CVE2008-5353[/B]
McAfee-GW-Edition 6.8.5 2010.03.15 -
[B]Microsoft 1.5605 2010.03.16 Exploit:Java/CVE-2008-5353.C
NOD32 4947 2010.03.15 Java/Exploit.CVE-2008-5353.C
Norman 6.04.08 2010.03.15 Java/Exploit.gen.A[/B]
nProtect 2009.1.8.0 2010.03.15 -
Panda 10.0.2.2 2010.03.15 -
[B]PCTools 7.0.3.5 2010.03.15 Trojan.Generic[/B]
Prevx 3.0 2010.03.16 -
Rising 22.39.01.03 2010.03.16 -
Sophos 4.51.0 2010.03.16 -
Sunbelt 5909 2010.03.16 -
[B]Symantec 20091.2.0.41 2010.03.16 Trojan Horse[/B]
TheHacker 6.5.2.0.234 2010.03.16 -
TrendMicro 9.120.0.1004 2010.03.16 -
[B]VBA32 3.12.12.2 2010.03.14 Exploit.Java.CVE-2008-5353[/B]
ViRobot 2010.3.16.2229 2010.03.16 -
VirusBuster 5.0.27.0 2010.03.15 -[/QUOTE]

[url]http://www.virustotal.com/ru/analisis/c211446675adff03c2e9cb07e03684dd71ce4f1cb6b5a92cf749cbf6390b7ae4-1268719126[/url]

[size="1"][color="#666686"][B][I]Добавлено через 2 часа 5 минут[/I][/B][/color][/size]

подозрительный файл и есть основания полагать что это вирус..

Файл [B]HUFv.exe[/B] получен 2010.03.16 07:38:31 (UTC)
Результат: [B][COLOR="Red"]4[/COLOR]/42 (9.53%)[/B]
[QUOTE]
Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.03.16 -
AhnLab-V3 5.0.0.2 2010.03.16 -
AntiVir 8.2.1.180 2010.03.15 -
Antiy-AVL 2.0.3.7 2010.03.15 -
Authentium 5.2.0.5 2010.03.16 -
Avast 4.8.1351.0 2010.03.15 -
Avast5 5.0.332.0 2010.03.15 -
AVG 9.0.0.787 2010.03.15 -
BitDefender 7.2 2010.03.16 -
CAT-QuickHeal 10.00 2010.03.15 -
ClamAV 0.96.0.0-git 2010.03.16 -
[B]Comodo 4281 2010.03.16 Heur.Packed.Unknown[/B]
DrWeb 5.0.1.12222 2010.03.16 -
eSafe 7.0.17.0 2010.03.15 -
eTrust-Vet 35.2.7365 2010.03.16 -
F-Prot 4.5.1.85 2010.03.15 -
F-Secure 9.0.15370.0 2010.03.16 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.16 -
Ikarus T3.1.1.80.0 2010.03.16 -
Jiangmin 13.0.900 2010.03.16 -
K7AntiVirus 7.10.998 2010.03.15 -
Kaspersky 7.0.0.125 2010.03.16 -
McAfee 5921 2010.03.15 -
McAfee+Artemis 5921 2010.03.15 -
McAfee-GW-Edition 6.8.5 2010.03.15 -
Microsoft 1.5605 2010.03.16 -
NOD32 4947 2010.03.15 -
Norman 6.04.08 2010.03.15 -
nProtect 2009.1.8.0 2010.03.16 -
Panda 10.0.2.2 2010.03.15 -
PCTools 7.0.3.5 2010.03.15 -
Prevx 3.0 2010.03.16 -
Rising 22.39.01.04 2010.03.16 -
[B]Sophos 4.51.0 2010.03.16 Mal/Qbot-B[/B]
Sunbelt 5909 2010.03.16 -
[B]Symantec 20091.2.0.41 2010.03.16 Suspicious.Insight[/B]
TheHacker 6.5.2.0.234 2010.03.16 -
[B]TrendMicro 9.120.0.1004 2010.03.16 TROJ_QAKBOT.SMG[/B]
VBA32 3.12.12.2 2010.03.14 -
ViRobot 2010.3.16.2229 2010.03.16 -
VirusBuster 5.0.27.0 2010.03.15 -

Дополнительная информация
File size: 61952 bytes
MD5...: 5ecd9596eec22525c124dda8e392df77[/QUOTE]
[url]http://www.virustotal.com/ru/analisis/f37aab85f388cdb52960d0790d17797aa63100cc9dfb322049fc78074a651596-1268725111[/url]

[size="1"][color="#666686"][B][I]Добавлено позже[/I][/B][/color][/size]
не ошиблась, уже есть ответ от ЛК
Проверенный файл: [B]HUFv.exe[/B] - [COLOR="Red"]Инфицирован[/COLOR]
[B]HUFv.exe[/B] - инфицирован [COLOR="Red"]Trojan.Win32.Sasfis.ajhj[/COLOR]
20.03.2010, 18:53
ISO

Якобы я спам рассылаю, "проверили" мои диски за 5 сек))) и нашли кучу бяки, попросили скачать вот это "лекрство"
Мой KIS опять молчит как рыба об лёд((( Придётся им отослать этого зверя.
File Setup_456.exe received on 2010.03.20 15:42:41 (UTC)
Result: 18/42 (42.86%)
[QUOTE]Antivirus Version Last Update Result
[B]a-squared 4.5.0.50 2010.03.20 Gen.Trojan!IK[/B]
AhnLab-V3 5.0.0.2 2010.03.20 -
AntiVir 8.2.1.196 2010.03.19 -
Antiy-AVL 2.0.3.7 2010.03.19 -
Authentium 5.2.0.5 2010.03.19 -
Avast 4.8.1351.0 2010.03.20 -
Avast5 5.0.332.0 2010.03.20 -
[B]AVG 9.0.0.787 2010.03.20 Generic17.ICN
BitDefender 7.2 2010.03.20 Gen:Trojan.Heur.TP.nOW@bWoILmm[/B]
CAT-QuickHeal 10.00 2010.03.19 -
ClamAV 0.96.0.0-git 2010.03.20 -
Comodo 4330 2010.03.20 -
[B]DrWeb 5.0.1.12222 2010.03.20 Trojan.Fakealert.13805[/B]
eSafe 7.0.17.0 2010.03.18 -
eTrust-Vet 35.2.7376 2010.03.19 -
F-Prot 4.5.1.85 2010.03.19 -
[B]F-Secure 9.0.15370.0 2010.03.20 Gen:Trojan.Heur.TP.nOW@bWoILmm
Fortinet 4.0.14.0 2010.03.20 W32/Agent.578D!tr.dldr
GData 19 2010.03.20 Gen:Trojan.Heur.TP.nOW@bWoILmm
Ikarus T3.1.1.80.0 2010.03.20 Gen.Trojan[/B]
Jiangmin 13.0.900 2010.03.20 -
K7AntiVirus 7.10.1002 2010.03.19 -
Kaspersky 7.0.0.125 2010.03.20 -
[B]McAfee 5926 2010.03.20 Downloader-CEW[/B]
[B]McAfee+Artemis 5926 2010.03.20 Downloader-CEW[/B]
[B]McAfee-GW-Edition 6.8.5 2010.03.20 [B]Heuristic.LooksLike.Win32.SuspiciousPE.H!90[/B][/B]
Microsoft 1.5605 2010.03.20 -
[B]NOD32 4960 2010.03.20 a variant of Win32/Kryptik.DDO[/B]
Norman 6.04.09 2010.03.20 -
nProtect 2009.1.8.0 2010.03.20 -
[B]Panda 10.0.2.2 2010.03.20 Suspicious file[/B]
PCTools 7.0.3.5 2010.03.20 -
[B]Prevx 3.0 2010.03.20 High Risk Cloaked Malware[/B]
Rising 22.39.05.02 2010.03.20 -
[B]Sophos 4.51.0 2010.03.20 Mal/FakeAV-CO[/B]
Sunbelt 5989 2010.03.20 -
[B]Symantec 20091.2.0.41 2010.03.20 Downloader.MisleadApp
TheHacker 6.5.2.0.241 2010.03.20 Trojan/Kryptik.ddo
TrendMicro 9.120.0.1004 2010.03.20 TROJ_FAKESPY.AB[/B]
VBA32 3.12.12.2 2010.03.19 -
ViRobot 2010.3.19.2236 2010.03.20 -
VirusBuster 5.0.27.0 2010.03.20 -[/QUOTE]
Additional information
File size: 220672 bytes
MD5...: 910cc0b36286f6550354e85de4872b20
SHA1..: e77c0d80cc4fd32e101931499d27a5ee86e8f371
SHA256: 1759e8ffa6b328fb43e31a7b5b57449f30836fe30ce5caf48b88556e7b64fc96
ssdeep: 6144:K6j4W3ynIdPnvEVpSc7fWPPhoBYINRlGGkZ/O:AQPvo46qGN/8Z
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3e47
timedatestamp.....: 0x49d2f176 (Wed Apr 01 04:45:42 2009)
machinetype.......: 0x14c (I386)
20.03.2010, 20:24
han2er

Файл activation.exe получен 2010.03.20 16:42:48 (UTC)

Результат: 14/42 (33.34%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.03.20 -
AhnLab-V3 5.0.0.2 2010.03.20 -
[B]AntiVir 8.2.1.196 2010.03.19 TR/Spy.26624.22[/B]
Antiy-AVL 2.0.3.7 2010.03.19 -
Authentium 5.2.0.5 2010.03.19 -
Avast 4.8.1351.0 2010.03.20 -
Avast5 5.0.332.0 2010.03.20 -
[B]AVG 9.0.0.787 2010.03.20 Win32/Heur[/B]
[B]BitDefender 7.2 2010.03.20 Gen:Trojan.Heur.GZ.bSWbbWT!L1h[/B]
CAT-QuickHeal 10.00 2010.03.19 -
[B]ClamAV 0.96.0.0-git 2010.03.20 PUA.Packed.ASPack
Comodo 4330 2010.03.20 TrojWare.Win32.Trojan.Agent.Gen[/B]
DrWeb 5.0.1.12222 2010.03.20 -
eSafe 7.0.17.0 2010.03.18 -
eTrust-Vet 35.2.7376 2010.03.19 -
F-Prot 4.5.1.85 2010.03.19 -
[B]F-Secure 9.0.15370.0 2010.03.20 Gen:Trojan.Heur.GZ.bSWbbWT!L1h[/B]
Fortinet 4.0.14.0 2010.03.20 -
[B]GData 19 2010.03.20 Gen:Trojan.Heur.GZ.bSWbbWT!L1h[/B]
Ikarus T3.1.1.80.0 2010.03.20 -
Jiangmin 13.0.900 2010.03.20 -
K7AntiVirus 7.10.1002 2010.03.19 -
Kaspersky 7.0.0.125 2010.03.20 -
McAfee 5926 2010.03.20 -
[B]McAfee+Artemis 5926 2010.03.20 Artemis!95E01A2631D5[/B]
[B]McAfee-GW-Edition 6.8.5 2010.03.20 Heuristic.LooksLike.Win32.Suspicious.B[/B]
Microsoft 1.5605 2010.03.20 -
NOD32 4960 2010.03.20 -
Norman 6.04.09 2010.03.20 -
nProtect 2009.1.8.0 2010.03.20 -
Panda 10.0.2.2 2010.03.20 -
[B]PCTools 7.0.3.5 2010.03.20 Trojan.PWS
Prevx 3.0 2010.03.20 Medium Risk Malware
Rising 22.39.05.02 2010.03.20 Dropper.Win32.Undef.GEN
Sophos 4.51.0 2010.03.20 Mal/EncPk-GC[/B]
Sunbelt 5990 2010.03.20 -
[B]Symantec 20091.2.0.41 2010.03.20 Trojan.PWS.QQPass[/B]
TheHacker 6.5.2.0.241 2010.03.20 -
TrendMicro 9.120.0.1004 2010.03.20 -
VBA32 3.12.12.2 2010.03.19 -
ViRobot 2010.3.19.2236 2010.03.20 -
VirusBuster 5.0.27.0 2010.03.20 -

Дополнительная информация
File size: 26624 bytes
MD5...: 95e01a2631d51f50527708bee9d42f75
SHA1..: 1631c8558be2879939f92acce5d432ee5be05f44
SHA256: cf332684d679e848dd97ec4d852c748a76fe0fa97739dbccd492c610e0b20711
ssdeep: 768:2k+zy7R41kfxf0r/k4zJcLz0QJGjJxcLoI:Gzyjf8/diz0QJB<br>
21.03.2010, 09:56
Korvelle

Фэйкалерт заблокировал машину.
Файл 54527427.exe получен 2010.03.21 06:52:39 (UTC)
Текущий статус: закончено
Результат: 7/42 (16.67%)
Форматированные
[QUOTE]Печать результатов Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.03.21 -
AhnLab-V3 5.0.0.2 2010.03.20 -
AntiVir 8.2.1.196 2010.03.19 -
Antiy-AVL 2.0.3.7 2010.03.19 -
Authentium 5.2.0.5 2010.03.21 -
Avast 4.8.1351.0 2010.03.20 -
Avast5 5.0.332.0 2010.03.20 -
AVG 9.0.0.787 2010.03.20 -
BitDefender 7.2 2010.03.21 -
CAT-QuickHeal 10.00 2010.03.19 -
ClamAV 0.96.0.0-git 2010.03.20 -
Comodo 4337 2010.03.21 -
DrWeb 5.0.1.12222 2010.03.21 -
eSafe 7.0.17.0 2010.03.18 -
eTrust-Vet 35.2.7376 2010.03.19 -
F-Prot 4.5.1.85 2010.03.21 -
[B]F-Secure 9.0.15370.0 2010.03.21 Suspicious:W32/Malware![/B]Gemini
Fortinet 4.0.14.0 2010.03.20 -
GData 19 2010.03.21 -
Ikarus T3.1.1.80.0 2010.03.21 -
Jiangmin 13.0.900 2010.03.21 -
K7AntiVirus 7.10.1002 2010.03.19 -
Kaspersky 7.0.0.125 2010.03.21 -
[B]McAfee 5926 2010.03.20 FakeAlert-KW.e[/B]
[B]McAfee+Artemis 5926 2010.03.20 FakeAlert-KW.e[/B]
[B]McAfee-GW-Edition 6.8.5 2010.03.20 heuristic.LooksLike.Win32.Suspicious.K!92[/B]
Microsoft 1.5605 2010.03.21 -
[B]NOD32 4961 2010.03.20 a variant of Win32/Kryptik.DEN[/B]
Norman 6.04.09 2010.03.20 -
nProtect 2009.1.8.0 2010.03.20 -
Panda 10.0.2.2 2010.03.20 -
PCTools 7.0.3.5 2010.03.21 -
Prevx 3.0 2010.03.21 -
Rising 22.39.06.01 2010.03.21 -
Sophos 4.51.0 2010.03.21 -
Sunbelt 6002 2010.03.21 -
[B]Symantec 20091.2.0.41 2010.03.21 Suspicious.Insight[/B]
[B]TheHacker 6.5.2.0.241 2010.03.21 Trojan/FakeAV.gen[/B]
TrendMicro 9.120.0.1004 2010.03.21 -
VBA32 3.12.12.2 2010.03.19 -
ViRobot 2010.3.19.2236 2010.03.20 -
VirusBuster 5.0.27.0 2010.03.20 -[/QUOTE]
Дополнительная информация
File size: 1040384 bytes
MD5...: 0c5271f5172892de1ba2853d117f4b1e
SHA1..: c3a944a5dac592c598538ba07276f6f020829dc7
SHA256: e54b1042d66f1c45c8612b8dafb01e30f3736842d00c51936620452744444a8b
ssdeep: 24576:jIHXDIY8lUqtEo1PuWQKX1/DH59azCbpB5zq0dki99s+:E3kYjd8XJbpBh
24.03.2010, 12:00
Юльча

Файл 111 получен 2010.03.24 08:55:35 (UTC)
Результат: 10/42 (23.81%)

[QUOTE]Антивирус Версия Обновление Результат
[B]a-squared 4.5.0.50 2010.03.24 Virus.Win32.Injector!IK[/B]
AhnLab-V3 5.0.0.2 2010.03.24 -
AntiVir 8.2.1.196 2010.03.23 -
Antiy-AVL 2.0.3.7 2010.03.24 -
Authentium 5.2.0.5 2010.03.24 -
Avast 4.8.1351.0 2010.03.23 -
Avast5 5.0.332.0 2010.03.23 -
AVG 9.0.0.787 2010.03.23 -
[B]BitDefender 7.2 2010.03.24 Gen:Trojan.Heur.hGZ@tDHN1bjaY[/B]
CAT-QuickHeal 10.00 2010.03.24 -
ClamAV 0.96.0.0-git 2010.03.24 -
[B]Comodo 4366 2010.03.24 Backdoor.Win32.Delf.~DD[/B]
DrWeb 5.0.1.12222 2010.03.24 -
eSafe 7.0.17.0 2010.03.23 -
eTrust-Vet 35.2.7385 2010.03.23 -
F-Prot 4.5.1.85 2010.03.23 -
[B]F-Secure 9.0.15370.0 2010.03.24 Gen:Trojan.Heur.hGZ@tDHN1bjaY[/B]
Fortinet 4.0.14.0 2010.03.24 -
[B]GData 19 2010.03.24 Gen:Trojan.Heur.hGZ@tDHN1bjaY
Ikarus T3.1.1.80.0 2010.03.24 Virus.Win32.Injector[/B]
Jiangmin 13.0.900 2010.03.24 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.24 -
McAfee 5929 2010.03.23 -
McAfee+Artemis 5929 2010.03.23 -
McAfee-GW-Edition 6.8.5 2010.03.24 -
Microsoft 1.5605 2010.03.24 -
[B]NOD32 4969 2010.03.23 a variant of Win32/Injector.BDL[/B]
Norman 6.04.10 2010.03.23 -
nProtect 2009.1.8.0 2010.03.24 -
[B]Panda 10.0.2.2 2010.03.23 Suspicious file[/B]
PCTools 7.0.3.5 2010.03.24 -
Prevx 3.0 2010.03.24 -
Rising 22.40.02.03 2010.03.24 -
Sophos 4.51.0 2010.03.24 -
Sunbelt 6031 2010.03.22 -
[B]Symantec 20091.2.0.41 2010.03.24 Suspicious.Insight[/B]
TheHacker 6.5.2.0.242 2010.03.24 -
TrendMicro 9.120.0.1004 2010.03.24 -
[B]VBA32 3.12.12.2 2010.03.23 suspected of Trojan-Dropper.Agent.109[/B]
ViRobot 2010.3.24.2241 2010.03.24 -
VirusBuster 5.0.27.0 2010.03.23 -[/QUOTE]
26.03.2010, 18:16
ISO

File uKvbEPtAuuFLQaG.dll received on 2010.03.26 15:13:05 (UTC)
Result: 13/42 (30.96%)
[QUOTE]Antivirus Version Last Update Result
[B]a-squared 4.5.0.50 2010.03.26 Trojan-Ransom.Win32.Hexzone!IK[/B]
AhnLab-V3 5.0.0.2 2010.03.26 -
[B]AntiVir 7.10.5.230 2010.03.26 TR/Ransom.20480[/B]
Antiy-AVL 2.0.3.7 2010.03.26 -
Authentium 5.2.0.5 2010.03.26 -
Avast 4.8.1351.0 2010.03.25 -
Avast5 5.0.332.0 2010.03.25 -
[B]AVG 9.0.0.787 2010.03.26 Ransom.B[/B]
BitDefender 7.2 2010.03.26 -
CAT-QuickHeal 10.00 2010.03.26 -
ClamAV 0.96.0.0-git 2010.03.26 -
Comodo 4392 2010.03.26 -
[B]DrWeb 5.0.1.12222 2010.03.26 Trojan.BrowseBan.252[/B]
eSafe 7.0.17.0 2010.03.25 -
eTrust-Vet 35.2.7390 2010.03.26 -
F-Prot 4.5.1.85 2010.03.26 -
F-Secure 9.0.15370.0 2010.03.26 -
Fortinet 4.0.14.0 2010.03.26 -
GData 19 2010.03.26 -
[B]Ikarus T3.1.1.80.0 2010.03.26 Trojan-Ransom.Win32.Hexzone
Jiangmin 13.0.900 2010.03.26 Trojan/Hexzone.akd[/B]
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.26 -
McAfee 5931 2010.03.25 -
[B]McAfee+Artemis 5931 2010.03.25 Artemis!7C655F4CEF28
McAfee-GW-Edition 6.8.5 2010.03.26 Trojan.Ransom.20480[/B]
Microsoft 1.5605 2010.03.26 -
[B]NOD32 4977 2010.03.26 Win32/Ransom.AC
Norman 6.04.10 2010.03.26 W32/BrowseBan.A[/B]
nProtect 2009.1.8.0 2010.03.26 -
[B]Panda 10.0.2.2 2010.03.26 Suspicious file[/B]
PCTools 7.0.3.5 2010.03.26 -
Prevx 3.0 2010.03.26 -
Rising 22.40.04.04 2010.03.26 -
[B]Sophos 4.52.0 2010.03.26 Troj/HexZon-Gen[/B]
Sunbelt 6098 2010.03.26 -
[B]Symantec 20091.2.0.41 2010.03.26 Suspicious.Insight[/B]
TheHacker 6.5.2.0.245 2010.03.26 -
TrendMicro 9.120.0.1004 2010.03.26 -
VBA32 3.12.12.2 2010.03.25 -
ViRobot 2010.3.26.2246 2010.03.26 -
VirusBuster 5.0.27.0 2010.03.26 -[/QUOTE]
Additional information
File size: 19968 bytes
MD5...: 7c655f4cef28390e156b6d9d89d74be4
SHA1..: 2af1eb6ec10b0b9b5a2ae52c5aa88dbca65377a7
SHA256: 6d3b703510bea7b56a0ac5bec94f7f3b4918ce8123b3512989e3ace5a3ce7d87
ssdeep: 384:c5m3QCvlOJKxVw/VES840AxYi1PgBBrx6yJXty6J:c51MlOnx81wSpJXtLJ
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4f87
timedatestamp.....: 0x4baa4cfb (Wed Mar 24 17:33:47 2010)
machinetype.......: 0x14c (I386)

File termsrv.dll received on 2010.03.26 15:12:50 (UTC)
Result: 2/42 (4.77%)
[QUOTE]Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.03.26 -
AhnLab-V3 5.0.0.2 2010.03.26 -
AntiVir 7.10.5.230 2010.03.26 -
Antiy-AVL 2.0.3.7 2010.03.26 -
Authentium 5.2.0.5 2010.03.26 -
Avast 4.8.1351.0 2010.03.25 -
Avast5 5.0.332.0 2010.03.25 -
AVG 9.0.0.787 2010.03.26 -
BitDefender 7.2 2010.03.26 -
CAT-QuickHeal 10.00 2010.03.26 -
ClamAV 0.96.0.0-git 2010.03.26 -
Comodo 4392 2010.03.26 -
DrWeb 5.0.1.12222 2010.03.26 -
eSafe 7.0.17.0 2010.03.25 -
eTrust-Vet 35.2.7390 2010.03.26 -
F-Prot 4.5.1.85 2010.03.26 -
F-Secure 9.0.15370.0 2010.03.26 -
Fortinet 4.0.14.0 2010.03.26 -
GData 19 2010.03.26 -
Ikarus T3.1.1.80.0 2010.03.26 -
[B]Jiangmin 13.0.900 2010.03.26 Backdoor/Huigezi.akaa
K7AntiVirus 7.10.1004 2010.03.22 Trojan.Win32.Agent2.cnig[/B]
Kaspersky 7.0.0.125 2010.03.26 -
McAfee 5931 2010.03.25 -
McAfee+Artemis 5931 2010.03.25 -
McAfee-GW-Edition 6.8.5 2010.03.26 -
Microsoft 1.5605 2010.03.26 -
NOD32 4977 2010.03.26 -
Norman 6.04.10 2010.03.26 -
nProtect 2009.1.8.0 2010.03.26 -
Panda 10.0.2.2 2010.03.26 -
PCTools 7.0.3.5 2010.03.26 -
Prevx 3.0 2010.03.26 -
Rising 22.40.04.04 2010.03.26 -
Sophos 4.52.0 2010.03.26 -
Sunbelt 6098 2010.03.26 -
Symantec 20091.2.0.41 2010.03.26 -
TheHacker 6.5.2.0.245 2010.03.26 -
TrendMicro 9.120.0.1004 2010.03.26 -
VBA32 3.12.12.2 2010.03.25 -
ViRobot 2010.3.26.2246 2010.03.26 -
VirusBuster 5.0.27.0 2010.03.26 -[/QUOTE]
Additional information
File size: 215552 bytes
MD5...: a77219a971029dc2fb683e8513713803
SHA1..: 1c456520a7b7faf71900c71167038185f5a7d312
SHA256: 1eba9a909641e64e935090956b03182335d298cad78052cef3b3f75691eb3f50
ssdeep: 3072:PtNuBp/YIDqobOlqVLBBjAg79G1T65ZF8p5LGvPEDRRQLUMPZU2GdH8CN9u
iecd:PtNuBSID4AVdVAWF8p5L2ECPZzCN1
PEiD..: -
PEInfo: PE Structure information
26.03.2010, 19:15
Юльча

Файл ff.exe получен 2010.03.26 16:13:06 (UTC)
Результат: 5/42 (11.91%)

[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.03.26 -
AhnLab-V3 5.0.0.2 2010.03.26 -
AntiVir 7.10.5.230 2010.03.26 -
Antiy-AVL 2.0.3.7 2010.03.26 -
Authentium 5.2.0.5 2010.03.26 -
Avast 4.8.1351.0 2010.03.25 -
Avast5 5.0.332.0 2010.03.25 -
[B]AVG 9.0.0.787 2010.03.26 unknown virus Win32/DH.CAFF82025D[/B]
BitDefender 7.2 2010.03.26 -
CAT-QuickHeal 10.00 2010.03.26 -
ClamAV 0.96.0.0-git 2010.03.26 -
Comodo 4392 2010.03.26 -
DrWeb 5.0.1.12222 2010.03.26 -
eSafe 7.0.17.0 2010.03.25 -
eTrust-Vet 35.2.7390 2010.03.26 -
F-Prot 4.5.1.85 2010.03.26 -
F-Secure 9.0.15370.0 2010.03.26 -
Fortinet 4.0.14.0 2010.03.26 -
GData 19 2010.03.26 -
Ikarus T3.1.1.80.0 2010.03.26 -
Jiangmin 13.0.900 2010.03.26 -
K7AntiVirus 7.10.1004 2010.03.22 -
[B]Kaspersky 7.0.0.125 2010.03.26 Packed.Win32.Krap.x[/B]
McAfee 5931 2010.03.25 -
McAfee+Artemis 5931 2010.03.25 -
McAfee-GW-Edition 6.8.5 2010.03.26 -
Microsoft 1.5605 2010.03.26 -
NOD32 4977 2010.03.26 -
Norman 6.04.10 2010.03.26 -
nProtect 2009.1.8.0 2010.03.26 -
[B]Panda 10.0.2.2 2010.03.26 Suspicious file[/B]
PCTools 7.0.3.5 2010.03.26 -
Prevx 3.0 2010.03.26 -
Rising 22.40.04.04 2010.03.26 -
Sophos 4.52.0 2010.03.26 -
[B]Sunbelt 6099 2010.03.26 Trojan.Win32.Generic.pak!cobra
Symantec 20091.2.0.41 2010.03.26 Suspicious.Insight[/B]
TheHacker 6.5.2.0.245 2010.03.26 -
TrendMicro 9.120.0.1004 2010.03.26 -
VBA32 3.12.12.2 2010.03.25 -
ViRobot 2010.3.26.2246 2010.03.26 -
VirusBuster 5.0.27.0 2010.03.26 -[/QUOTE]

[url]http://www.virustotal.com/ru/analisis/051bdb9e28ab6d3d04f9fb92e448307037011aae67090e33120d48c6681e3e49-1269619986[/url]
01.04.2010, 15:42
Vadim_SVN

Файл avz00001.dta получен 2010.04.01 11:07:30 (UTC)
Результат: [B]16/42[/B] (38.1%)
[CODE][B]a-squared 4.5.0.50 2010.04.01 Trojan.Win32.SuspectCRC!IK[/B]
AhnLab-V3 5.0.0.2 2010.03.31 -
AntiVir 7.10.6.13 2010.04.01 -
Antiy-AVL 2.0.3.7 2010.04.01 -
Authentium 5.2.0.5 2010.04.01 -
[B]Avast 4.8.1351.0 2010.03.31 Win32:Rootkit-gen
Avast5 5.0.332.0 2010.03.31 Win32:Rootkit-gen
AVG 9.0.0.787 2010.04.01 SHeur3.LWD[/B]
BitDefender 7.2 2010.04.01 -
[B]CAT-QuickHeal 10.00 2010.04.01 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.0-git 2010.04.01 -
[B]Comodo 4461 2010.04.01 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.04.01 Trojan.Packed.19855[/B]
eSafe 7.0.17.0 2010.03.31 -
eTrust-Vet 35.2.7401 2010.04.01 -
F-Prot 4.5.1.85 2010.04.01 -
F-Secure 9.0.15370.0 2010.04.01 -
[B]Fortinet 4.0.14.0 2010.04.01 PossibleThreat
GData 19 2010.04.01 Win32:Rootkit-gen
Ikarus T3.1.1.80.0 2010.04.01 Trojan.Win32.SuspectCRC[/B]
Jiangmin 13.0.900 2010.04.01 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.04.01 -
McAfee 5937 2010.03.31 -
McAfee+Artemis 5937 2010.03.31 -
McAfee-GW-Edition 6.8.5 2010.04.01 -
Microsoft 1.5605 2010.03.31 -
[B]NOD32 4991 2010.04.01 Win32/Spy.Shiz.NAI[/B]
Norman 6.04.10 2010.03.31 -
nProtect 2009.1.8.0 2010.04.01 -
[B]Panda 10.0.2.2 2010.04.01 Suspicious file[/B]
PCTools 7.0.3.5 2010.04.01 -
Prevx 3.0 2010.04.01 -
[B]Rising 22.41.03.04 2010.04.01 Trojan.Win32.Generic.51FCAE35[/B]
Sophos 4.52.0 2010.04.01 -
[B]Sunbelt 6124 2010.04.01 Trojan.Win32.Generic!SB.0
Symantec 20091.2.0.41 2010.04.01 Suspicious.Insight[/B]
TheHacker 6.5.2.0.248 2010.03.31 -
TrendMicro 9.120.0.1004 2010.04.01 -
[B]VBA32 3.12.12.4 2010.04.01 Win32.Spy.Shiz.NAI[/B]
ViRobot 2010.4.1.2256 2010.04.01 -
VirusBuster 5.0.27.0 2010.04.01 -
[/CODE]
[url]http://www.virustotal.com/ru/analisis/a502d7515521549647058855c44cbfad502bd00c799e873bcba376d8f60fa858-1270120050[/url]
01.04.2010, 20:54
DefesT

File [B]patch.exe[/B] received on 2010.04.01 16:46:36 (UTC)
Result: [COLOR="Red"][B]10[/B][/COLOR]/42 (23.81%)
[QUOTE][U]Antivirus Version Last Update Result[/U]
a-squared 4.5.0.50 2010.04.01 -
AhnLab-V3 5.0.0.2 2010.04.01 -
[B]AntiVir 7.10.6.16 2010.04.01 TR/Rootkit.Gen[/B]
Antiy-AVL 2.0.3.7 2010.04.01 -
Authentium 5.2.0.5 2010.04.01 -
Avast 4.8.1351.0 2010.04.01 -
Avast5 5.0.332.0 2010.04.01 -
AVG 9.0.0.787 2010.04.01 -
[B]BitDefender 7.2 2010.04.01 Gen:Win32.Malware.bmW@aKexpncc[/B]
CAT-QuickHeal 10.00 2010.04.01 -
ClamAV 0.96.0.0-git 2010.04.01 -
Comodo 4461 2010.04.01 -
DrWeb 5.0.2.03300 2010.04.01 -
eSafe 7.0.17.0 2010.04.01 -
eTrust-Vet 35.2.7401 2010.04.01 -
F-Prot 4.5.1.85 2010.04.01 -
[B]F-Secure 9.0.15370.0 2010.04.01 Gen:Win32.Malware.bmW@aKexpncc[/B]
Fortinet 4.0.14.0 2010.04.01 -
[B]GData 19 2010.04.01 Gen:Win32.Malware.bmW@aKexpncc[/B]
Ikarus T3.1.1.80.0 2010.04.01 -
Jiangmin 13.0.900 2010.04.01 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.04.01 -
McAfee 5937 2010.03.31 -
McAfee+Artemis 5937 2010.03.31 -
[B]McAfee-GW-Edition 6.8.5 2010.04.01 Trojan.Rootkit.Gen[/B]
Microsoft 1.5605 2010.03.31 -
NOD32 4993 2010.04.01 -
Norman 6.04.10 2010.04.01 -
[B]nProtect 2009.1.8.0 2010.04.01 Gen:Win32.Malware.bmW@aKexpncc[/B]
Panda 10.0.2.2 2010.04.01 -
PCTools 7.0.3.5 2010.04.01 -
Prevx 3.0 2010.04.01 -
Rising 22.41.03.04 2010.04.01 -
[B]Sophos 4.52.0 2010.04.01 Troj/FakeAle-FJ
Sunbelt 6124 2010.04.01 BehavesLike.Win32.Malware (v)
Symantec 20091.2.0.41 2010.04.01 Suspicious.Insight[/B]
TheHacker 6.5.2.0.249 2010.04.01 -
[B]TrendMicro 9.120.0.1004 2010.04.01 PAK_Generic.001[/B]
VBA32 3.12.12.4 2010.04.01 -
ViRobot 2010.4.1.2256 2010.04.01 -
VirusBuster 5.0.27.0 2010.04.01 -[/QUOTE]
Additional information
File size: [B]16896[/B] bytes
MD5...: 174a637539cf5d031e007f69a8f04e61
SHA1..: f7bb6b1611a92362d2e76e19ef125e8cd5a0e486
SHA256: 95ee666f96c3929e9e430308f1d5d3210bab387efe12c1ff16de8c536fb26b8a
[url]http://www.virustotal.com/analisis/95ee666f96c3929e9e430308f1d5d3210bab387efe12c1ff16de8c536fb26b8a-1270140396[/url]

File [B]_install.exe[/B] received on 2010.04.01 16:48:00 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: [B][COLOR="Red"]32[/COLOR][/B]/42 (76.2%)
[QUOTE][U]Antivirus Version Last Update Result[/U]
[B]a-squared 4.5.0.50 2010.04.01 Trojan-Downloader.Win32.PassAlert.r!IK[/B]
AhnLab-V3 5.0.0.2 2010.04.01 -
[B]AntiVir 7.10.6.16 2010.04.01 HEUR/Crypted[/B]
[B]Antiy-AVL 2.0.3.7 2010.04.01 Trojan/Win32.heuristic
Authentium 5.2.0.5 2010.04.01 W32/Heuristic-210!Eldorado
Avast 4.8.1351.0 2010.04.01 Win32:Malware-gen
Avast5 5.0.332.0 2010.04.01 Win32:Malware-gen[/B]
[B]AVG 9.0.0.787 2010.04.01 Generic15.CEYF
BitDefender 7.2 2010.04.01 Trojan.Agent.ANPG
CAT-QuickHeal 10.00 2010.04.01 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.0-git 2010.04.01 -
[B]Comodo 4462 2010.04.01 Heur.Packed.Unknown
DrWeb 5.0.2.03300 2010.04.01 Trojan.Winlock.275
eSafe 7.0.17.0 2010.04.01 Win32.Stration[/B]
eTrust-Vet 35.2.7401 2010.04.01 -
[B]F-Prot 4.5.1.85 2010.04.01 W32/Heuristic-210!Eldorado
F-Secure 9.0.15370.0 2010.04.01 Trojan.Agent.ANPG[/B]
Fortinet 4.0.14.0 2010.04.01 -
[B]GData 19 2010.04.01 Trojan.Agent.ANPG
Ikarus T3.1.1.80.0 2010.04.01 Trojan-Downloader.Win32.PassAlert.r
Jiangmin 13.0.900 2010.04.01 Backdoor/RBot.njz[/B]
K7AntiVirus 7.10.1004 2010.03.22 -
[B]Kaspersky 7.0.0.125 2010.04.01 Heur.Trojan.Generic[/B]
McAfee 5937 2010.03.31 -
[B]McAfee+Artemis 5937 2010.03.31 Artemis!7C957776E1F1
McAfee-GW-Edition 6.8.5 2010.04.01 Heuristic.LooksLike.Win32.Suspicious.H[/B]
Microsoft 1.5605 2010.03.31 -
[B]NOD32 4993 2010.04.01 a variant of Win32/Small.NGO
Norman 6.04.10 2010.04.01 Suspicious_M.gen
nProtect 2009.1.8.0 2010.04.01 Trojan.Agent.ANPG
Panda 10.0.2.2 2010.04.01 Trj/CI.A
PCTools 7.0.3.5 2010.04.01 HeurEngine.ZeroDayThreat[/B]
Prevx 3.0 2010.04.01 -
Rising 22.41.03.04 2010.04.01 -
[B]Sophos 4.52.0 2010.04.01 Mal/EncPk-BA
Sunbelt 6124 2010.04.01 Trojan.Win32.Generic!BT
Symantec 20091.2.0.41 2010.04.01 Suspicious.MLApp
TheHacker 6.5.2.0.249 2010.04.01 W32/Behav-Heuristic-066
TrendMicro 9.120.0.1004 2010.04.01 Cryp_MEW-11
VBA32 3.12.12.4 2010.04.01 Trojan.Win32.Scar.akln[/B]
ViRobot 2010.4.1.2256 2010.04.01 -
[B]VirusBuster 5.0.27.0 2010.04.01 Packed/MEW[/B][/QUOTE]
Additional information
File size: [B]2290[/B] bytes
MD5...: 7c957776e1f1f18d80240f9c366fa7bb
SHA1..: f156ca0d2507fef7e080860ea38ecede574b6f52
SHA256: d3fd1d0b92787898d34836ec22bea675ddefb1ce5c6725576cfc5df6d31a0ad3
[url]http://www.virustotal.com/analisis/d3fd1d0b92787898d34836ec22bea675ddefb1ce5c6725576cfc5df6d31a0ad3-1270140480[/url]
01.04.2010, 22:08
AlexGOMEL

Файл netrazis.exe получен 2010.04.01 16:40:38 (UTC)
Текущий статус: закончено
Результат: 9/42 (21.43%)
Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.04.01 -
AhnLab-V3 5.0.0.2 2010.04.01 -
AntiVir 7.10.6.16 2010.04.01 -
Antiy-AVL 2.0.3.7 2010.04.01 -
Authentium 5.2.0.5 2010.04.01 -
[B]Avast 4.8.1351.0 2010.04.01 Win32:MalOb-AI
Avast5 5.0.332.0 2010.04.01 Win32:MalOb-AI[/B]
AVG 9.0.0.787 2010.04.01 -
BitDefender 7.2 2010.04.01 -
CAT-QuickHeal 10.00 2010.04.01 -
ClamAV 0.96.0.0-git 2010.04.01 -
Comodo 4461 2010.04.01 -
DrWeb 5.0.2.03300 2010.04.01 -
eSafe 7.0.17.0 2010.04.01 -
eTrust-Vet 35.2.7401 2010.04.01 -
F-Prot 4.5.1.85 2010.04.01 -
F-Secure 9.0.15370.0 2010.04.01 -
Fortinet 4.0.14.0 2010.04.01 -
GData 19 2010.04.01 Win32:MalOb-AI
Ikarus T3.1.1.80.0 2010.04.01 -
Jiangmin 13.0.900 2010.04.01 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.04.01 -
[B]McAfee 5937 2010.03.31 W32/Palevo.gen.a
McAfee+Artemis 5937 2010.03.31 W32/Palevo.gen.a[/B]
McAfee-GW-Edition 6.8.5 2010.04.01 -
Microsoft 1.5605 2010.03.31 -
[B]NOD32 4993 2010.04.01 a variant of Win32/Peerfrag.GR[/B]
Norman 6.04.10 2010.04.01 -
nProtect 2009.1.8.0 2010.04.01 -
Panda 10.0.2.2 2010.04.01 -
PCTools 7.0.3.5 2010.04.01 -
[B]Prevx 3.0 2010.04.01 High Risk Cloaked Malware[/B]
Rising 22.41.03.04 2010.04.01 -
Sophos 4.52.0 2010.04.01 -
Sunbelt 6124 2010.04.01 -
[B]Symantec 20091.2.0.41 2010.04.01 Suspicious.Insight[/B]
TheHacker 6.5.2.0.249 2010.04.01 -
[B]TrendMicro 9.120.0.1004 2010.04.01 TROJ_BREDLAB.SMD[/B]
VBA32 3.12.12.4 2010.04.01 -
ViRobot 2010.4.1.2256 2010.04.01 -
VirusBuster 5.0.27.0 2010.04.01 -

Дополнительная информация
File size: 108032 bytes
MD5 : dded5ca3e5d2899aeed5c54371866f38
SHA1 : dacc50134ea7a8e223c7d13c4304c10e6f4fb166
SHA256: 5a8847eb917eb16a00dbcd853048d1615a922a4284c209ec53222859e88588ea
02.04.2010, 11:27
Shu_b

Народное тестирование. Что прислали - посчитали. Февраль - Март:
(ну и вчерашние тоже прихватил)
05.04.2010, 18:31
senyak

Во какая гадость ломится в Скайп уже второй день

Файл Mario_Kolaricjpg.zip получен 2010.04.05 14:07:41 (UTC)
Текущий статус: закончено
Результат: 6/39 (15.38%)
[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.04.05 -
AhnLab-V3 5.0.0.2 2010.04.05 -
[B]AntiVir 7.10.6.24 2010.04.03 TR/Dropper.Gen[/B]
Antiy-AVL 2.0.3.7 2010.04.02 -
Authentium 5.2.0.5 2010.04.05 -
Avast 4.8.1351.0 2010.04.05 -
Avast5 5.0.332.0 2010.04.05 -
AVG 9.0.0.787 2010.04.05 -
BitDefender 7.2 2010.04.05 -
CAT-QuickHeal 10.00 2010.04.05 -
ClamAV 0.96.0.3-git 2010.04.05 -
Comodo 4506 2010.04.05 -
[B]DrWeb 5.0.2.03300 2010.04.05 Win32.HLLW.SpyNet[/B]
eSafe 7.0.17.0 2010.04.01 -
eTrust-Vet 35.2.7408 2010.04.05 -
F-Prot 4.5.1.85 2010.04.05 -
F-Secure 9.0.15370.0 2010.04.05 -
Fortinet 4.0.14.0 2010.04.04 -
GData 19 2010.04.05 -
Ikarus T3.1.1.80.0 2010.04.05 -
Jiangmin 13.0.900 2010.04.05 -
Kaspersky 7.0.0.125 2010.04.05 -
[B]McAfee-GW-Edition 6.8.5 2010.04.03 Trojan.Dropper.Gen[/B]
Microsoft 1.5605 2010.04.05 -
NOD32 5001 2010.04.05 -
Norman 6.04.10 2010.04.05 -
nProtect 2009.1.8.0 2010.04.05 -
[B]Panda 10.0.2.2 2010.04.05 Bck/Bifrost.gen[/B]
PCTools 7.0.3.5 2010.04.05 -
Prevx 3.0 2010.04.05 -
Rising 22.41.04.05 2010.04.02 -
Sophos 4.52.0 2010.04.05 -
[B]Sunbelt 6139 2010.04.05 Virtool.Win32.VBInject.gen (v)
Symantec 20091.2.0.41 2010.04.05 Suspicious.Insight[/B]
TheHacker 6.5.2.0.253 2010.04.05 -
TrendMicro 9.120.0.1004 2010.04.05 -
VBA32 3.12.12.4 2010.04.05 -
ViRobot 2010.4.5.2261 2010.04.05 -
VirusBuster 5.0.27.0 2010.04.04 -[/QUOTE]
Дополнительная информация
File size: 40395 bytes
MD5 : af7d11e9bdab6e39b3b8530b7711de06
SHA1 : 7b1000a284ae08a7c810ec2a58930698b09428cb
SHA256: 1c1b7e719c01c36552a945c54c28dfd7532eece7e1c4151217726dfa8fc256c3
TrID : File type identification
ZIP compressed archive (100.0%)

[url]http://www.virustotal.com/ru/analisis/1c1b7e719c01c36552a945c54c28dfd7532eece7e1c4151217726dfa8fc256c3-1270476461[/url]
06.04.2010, 09:22
Юльча

Файл install_flash_player.exe получен 2010.04.06 05:18:42 (UTC)
Результат: 10/39 (25.65%)

[QUOTE]Антивирус Версия Обновление Результат
[B]a-squared 4.5.0.50 2010.04.06 Trojan-Dropper.Win32.Sirefef!IK[/B]
AhnLab-V3 5.0.0.2 2010.04.05 -
[B]AntiVir 7.10.6.25 2010.04.05 TR/Crypt.ZPACK.Gen[/B]
Antiy-AVL 2.0.3.7 2010.04.02 -
Authentium 5.2.0.5 2010.04.06 -
Avast 4.8.1351.0 2010.04.05 -
Avast5 5.0.332.0 2010.04.05 -
AVG 9.0.0.787 2010.04.05 -
BitDefender 7.2 2010.04.06 -
CAT-QuickHeal 10.00 2010.04.06 -
ClamAV 0.96.0.3-git 2010.04.06 -
[B]Comodo 4513 2010.04.06 TrojWare.Win32.Trojan.Agent.Gen[/B]
DrWeb 5.0.2.03300 2010.04.06 -
eSafe 7.0.17.0 2010.04.01 -
eTrust-Vet 35.2.7409 2010.04.05 -
F-Prot 4.5.1.85 2010.04.05 -
F-Secure 9.0.15370.0 2010.04.06 -
Fortinet 4.0.14.0 2010.04.04 -
GData 19 2010.04.06 -
[B]Ikarus T3.1.1.80.0 2010.04.06 Trojan-Dropper.Win32.Sirefef[/B]
Jiangmin 13.0.900 2010.04.06 -
Kaspersky 7.0.0.125 2010.04.06 -
[B]McAfee-GW-Edition 6.8.5 2010.04.05 Trojan.Crypt.ZPACK.Gen
Microsoft 1.5605 2010.04.06 TrojanDropper:Win32/Sirefef.B
NOD32 5002 2010.04.05 a variant of Win32/Kryptik.DMJ[/B]
Norman 6.04.10 2010.04.05 -
nProtect 2009.1.8.0 2010.04.05 -
[B]Panda 10.0.2.2 2010.04.05 Suspicious file[/B]
PCTools 7.0.3.5 2010.04.06 -
Prevx 3.0 2010.04.06 -
Rising 22.42.01.01 2010.04.06 -
Sophos 4.52.0 2010.04.06 -
Sunbelt 6142 2010.04.06 -
[B]Symantec 20091.2.0.41 2010.04.06 Suspicious.Insight[/B]
TheHacker 6.5.2.0.254 2010.04.05 -
TrendMicro 9.120.0.1004 2010.04.06 -
[B]VBA32 3.12.12.4 2010.04.05 Trojan.Win32.Waledac.45[/B]
ViRobot 2010.4.6.2262 2010.04.06 -
VirusBuster 5.0.27.0 2010.04.05 -[/QUOTE]

[url]http://www.virustotal.com/ru/analisis/ead25148132d0660ad2786cd4f4c835c62e59fe519f93807c22b9d3a495f7ca1-1270531122[/url]
09.04.2010, 08:21
AlexGOMEL

[QUOTE]Файл avz00007.dta получен 2010.04.08 18:10:49 (UTC)Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.04.08 -
AhnLab-V3 5.0.0.2 2010.04.08 -
AntiVir 7.10.6.49 2010.04.08 -
Antiy-AVL 2.0.3.7 2010.04.08 -
Authentium 5.2.0.5 2010.04.08 -
Avast 4.8.1351.0 2010.04.08 -
Avast5 5.0.332.0 2010.04.08 -
AVG 9.0.0.787 2010.04.08 -
BitDefender 7.2 2010.04.08 -
CAT-QuickHeal 10.00 2010.04.08 -
ClamAV 0.96.0.3-git 2010.04.08 -
Comodo 4540 2010.04.08 -
DrWeb 5.0.2.03300 2010.04.08 -
eSafe 7.0.17.0 2010.04.08 -
eTrust-Vet 35.2.7414 2010.04.08 -
F-Prot 4.5.1.85 2010.04.07 -
F-Secure 9.0.15370.0 2010.04.08 -
Fortinet 4.0.14.0 2010.04.08 -
GData 19 2010.04.08 -
Ikarus T3.1.1.80.0 2010.04.08 -
Jiangmin 13.0.900 2010.04.08 -
Kaspersky 7.0.0.125 2010.04.08 -
McAfee-GW-Edition 6.8.5 2010.04.08 -
Microsoft 1.5605 2010.04.08 -
NOD32 5011 2010.04.08 -
Norman 6.04.11 2010.04.08 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.08 -
PCTools 7.0.3.5 2010.04.08 -
Prevx 3.0 2010.04.08 -
Rising 22.42.03.03 2010.04.08 -
Sophos 4.52.0 2010.04.08 -
Sunbelt 6151 2010.04.08 -
[B]Symantec 20091.2.0.41 2010.04.08 Suspicious.Insight[/B]
TheHacker 6.5.2.0.258 2010.04.08 -
TrendMicro 9.120.0.1004 2010.04.08 -
[B]VBA32 3.12.12.4 2010.04.05 suspected of Malware-Cryptor.Win32.MTA.gen[/B]
ViRobot 2010.4.8.2267 2010.04.08 -
VirusBuster 5.0.27.0 2010.04.08 -

Дополнительная информация
File size: 183296 bytes
MD5 : 6238e5fc8c4d2c5cef3368a6112ca3b9
SHA1 : 1b4e65878d64b36d93a4bd6c017412234115dbf5
SHA256: a98d45e6cb1e5601169eb9614ba58c96048ea396d6d64f63a0d9ad2002ec3c85[/QUOTE]
Два подозрения, [URL="http://virusinfo.info/showpost.php?p=618254&postcount=736"]но....[/URL]
09.04.2010, 16:23
gjf

File TDSS.new.exe received on 2010.04.09 10:14:58 (UTC)
Result: 7/39 (17.95%)
[QUOTE]a-squared 4.5.0.50 2010.04.09 -
AhnLab-V3 5.0.0.2 2010.04.09 -
AntiVir 7.10.6.52 2010.04.09 -
Antiy-AVL 2.0.3.7 2010.04.09 -
Authentium 5.2.0.5 2010.04.09 -
Avast 4.8.1351.0 2010.04.09 -
Avast5 5.0.332.0 2010.04.09 -
[B]AVG 9.0.0.787 2010.04.09 Win32/Heur[/B]
BitDefender 7.2 2010.04.09 -
CAT-QuickHeal 10.00 2010.04.09 -
ClamAV 0.96.0.3-git 2010.04.09 -
Comodo 4547 2010.04.09 -
DrWeb 5.0.2.03300 2010.04.09 -
eSafe 7.0.17.0 2010.04.08 -
eTrust-Vet 35.2.7417 2010.04.09 -
F-Prot 4.5.1.85 2010.04.08 -
[B]F-Secure 9.0.15370.0 2010.04.09 Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.0.14.0 2010.04.08 -
GData 19 2010.04.09 -
Ikarus T3.1.1.80.0 2010.04.09 -
Jiangmin 13.0.900 2010.04.09 -
Kaspersky 7.0.0.125 2010.04.09 -
[B]McAfee-GW-Edition 6.8.5 2010.04.09 Heuristic.LooksLike.Trojan.TDss.B[/B]
Microsoft 1.5605 2010.04.09 -
[B]NOD32 5012 2010.04.09 a variant of Win32/Kryptik.DON[/B]
Norman 6.04.11 2010.04.09 -
nProtect 2009.1.8.0 2010.04.06 -
[B]Panda 10.0.2.2 2010.04.08 Suspicious file[/B]
PCTools 7.0.3.5 2010.04.09 -
Prevx 3.0 2010.04.09 -
Rising 22.42.04.03 2010.04.09 -
[B]Sophos 4.52.0 2010.04.09 Sus/UnkPack-C[/B]
Sunbelt 6155 2010.04.09 -
[B]Symantec 20091.2.0.41 2010.04.09 Packed.Generic.295[/B]
TheHacker 6.5.2.0.258 2010.04.09 -
TrendMicro 9.120.0.1004 2010.04.09 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.9.2269 2010.04.09 -
VirusBuster 5.0.27.0 2010.04.08 -[/QUOTE]
[url]http://www.virustotal.com/analisis/7a20947bdf2dd45f96664af8ca62449e788e87954c672430146de2d40874fa68-1270808098[/url]

P.S. И это очень печально.

[size="1"][color="#666686"][B][I]Добавлено через 24 минуты[/I][/B][/color][/size]

File 3.safe received on 2010.04.09 10:40:56 (UTC)
Result: 7/39 (17.95%)
[QUOTE][B]a-squared 4.5.0.50 2010.04.09 Trojan.Win32.Hiloti!IK[/B]
AhnLab-V3 5.0.0.2 2010.04.09 -
AntiVir 7.10.6.52 2010.04.09 -
Antiy-AVL 2.0.3.7 2010.04.09 -
Authentium 5.2.0.5 2010.04.09 -
Avast 4.8.1351.0 2010.04.09 -
Avast5 5.0.332.0 2010.04.09 -
AVG 9.0.0.787 2010.04.09 -
BitDefender 7.2 2010.04.09 -
CAT-QuickHeal 10.00 2010.04.09 -
ClamAV 0.96.0.3-git 2010.04.09 -
[B]Comodo 4547 2010.04.09 TrojWare.Win32.Downloader.Mufanom.I[/B]
DrWeb 5.0.2.03300 2010.04.09 -
eSafe 7.0.17.0 2010.04.08 -
[B]eTrust-Vet 35.2.7417 2010.04.09 Win32/Hiloti.B!generic[/B]
F-Prot 4.5.1.85 2010.04.08 -
F-Secure 9.0.15370.0 2010.04.09 -
Fortinet 4.0.14.0 2010.04.08 -
GData 19 2010.04.09 -
[B]Ikarus T3.1.1.80.0 2010.04.09 Trojan.Win32.Hiloti[/B]
Jiangmin 13.0.900 2010.04.09 -
Kaspersky 7.0.0.125 2010.04.09 -
McAfee-GW-Edition 6.8.5 2010.04.09 -
Microsoft 1.5605 2010.04.09 -
NOD32 5012 2010.04.09 -
Norman 6.04.11 2010.04.09 -
nProtect 2009.1.8.0 2010.04.06 -
[B]Panda 10.0.2.2 2010.04.08 Suspicious file[/B]
PCTools 7.0.3.5 2010.04.09 -
Prevx 3.0 2010.04.09 -
Rising 22.42.04.03 2010.04.09 -
[B]Sophos 4.52.0 2010.04.09 Mal/Hiloti-C[/B]
Sunbelt 6155 2010.04.09 -
Symantec 20091.2.0.41 2010.04.09 -
TheHacker 6.5.2.0.258 2010.04.09 -
TrendMicro 9.120.0.1004 2010.04.09 -
[B]VBA32 3.12.12.4 2010.04.09 Bscope.Malware-Cryptor.Tip[/B]
ViRobot 2010.4.9.2269 2010.04.09 -
VirusBuster 5.0.27.0 2010.04.08 -[/QUOTE]
[url]http://www.virustotal.com/analisis/af0dde544106fde288b4507c792efffa27b95c83e4d524a7c196f304729a4a51-1270809656[/url]

Интересно, что даёт анпак того же файла:

File dump.safe received on 2010.04.09 10:44:08 (UTC)
Result: 11/39 (28.21%)
[QUOTE][B]a-squared 4.5.0.50 2010.04.09 Trojan-Downloader.Win32.Mufanom!IK[/B]
AhnLab-V3 5.0.0.2 2010.04.09 -
AntiVir 7.10.6.52 2010.04.09 -
Antiy-AVL 2.0.3.7 2010.04.09 -
[B]Authentium 5.2.0.5 2010.04.09 W32/Mufanom.A.gen!Eldorado[/B]
Avast 4.8.1351.0 2010.04.09 -
Avast5 5.0.332.0 2010.04.09 -
[B]AVG 9.0.0.787 2010.04.09 Generic17.GST[/B]
BitDefender 7.2 2010.04.09 -
CAT-QuickHeal 10.00 2010.04.09 -
ClamAV 0.96.0.3-git 2010.04.09 -
Comodo 4547 2010.04.09 -
[B]DrWeb 5.0.2.03300 2010.04.09 Trojan.DownLoad1.43052[/B]
eSafe 7.0.17.0 2010.04.08 -
eTrust-Vet 35.2.7417 2010.04.09 -
[B]F-Prot 4.5.1.85 2010.04.08 W32/Mufanom.A.gen!Eldorado
F-Secure 9.0.15370.0 2010.04.09 Trojan-Downloader:W32/Mufanom.B[/B]
Fortinet 4.0.14.0 2010.04.08 -
GData 19 2010.04.09 -
[B]Ikarus T3.1.1.80.0 2010.04.09 Trojan-Downloader.Win32.Mufanom[/B]
Jiangmin 13.0.900 2010.04.09 -
[B]Kaspersky 7.0.0.125 2010.04.09 Trojan-Downloader.Win32.Mufanom.pgq[/B]
McAfee-GW-Edition 6.8.5 2010.04.09 -
[B]Microsoft 1.5605 2010.04.09 Trojan:Win32/Hiloti.gen!D
NOD32 5012 2010.04.09 probably a variant of Win32/Cimag.W[/B]
Norman 6.04.11 2010.04.09 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.08 -
PCTools 7.0.3.5 2010.04.09 -
Prevx 3.0 2010.04.09 -
[B]Rising 22.42.04.03 2010.04.09 Trojan.DL.Win32.Downloader.GEN[/B]
Sophos 4.52.0 2010.04.09 -
Sunbelt 6155 2010.04.09 -
Symantec 20091.2.0.41 2010.04.09 -
TheHacker 6.5.2.0.258 2010.04.09 -
TrendMicro 9.120.0.1004 2010.04.09 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.9.2269 2010.04.09 -
VirusBuster 5.0.27.0 2010.04.08 -[/QUOTE]

[size="1"][color="#666686"][B][I]Добавлено через 1 час 36 минут[/I][/B][/color][/size]

Как только не называют Black Energy 2.1+! А некоторые - вообще никак не называют :)
File rootkit.ex1 received on 2010.04.09 12:19:39 (UTC)
Result: 26/39 (66.67%)
[QUOTE][B]a-squared 4.5.0.50 2010.04.09 Trojan.SuspectCRC!IK[/B]
AhnLab-V3 5.0.0.2 2010.04.09 -
[B]AntiVir 7.10.6.53 2010.04.09 TR/Obfuscated.GQ.10[/B]
[B]Antiy-AVL 2.0.3.7 2010.04.09 Trojan/Win32.Agent.gen[/B]
Authentium 5.2.0.5 2010.04.09 -
[B]Avast 4.8.1351.0 2010.04.09 Win32:Zbot-LYA[/B]
[B]Avast5 5.0.332.0 2010.04.09 Win32:Zbot-LYA[/B]
[B]AVG 9.0.0.787 2010.04.09 Generic16.BYLT
BitDefender 7.2 2010.04.09 Trojan.Generic.3256916
CAT-QuickHeal 10.00 2010.04.09 Backdoor.Rustock.e[/B]
ClamAV 0.96.0.3-git 2010.04.09 -
[B]Comodo 4548 2010.04.09 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.04.09 Trojan.Winlock.1110[/B]
eSafe 7.0.17.0 2010.04.08 -
eTrust-Vet 35.2.7417 2010.04.09 -
F-Prot 4.5.1.85 2010.04.08 -
[B]F-Secure 9.0.15370.0 2010.04.09 Trojan.Generic.3256916
Fortinet 4.0.14.0 2010.04.08 W32/Bancos.E
GData 19 2010.04.09 Trojan.Generic.3256916
Ikarus T3.1.1.80.0 2010.04.09 Trojan.SuspectCRC[/B]
Jiangmin 13.0.900 2010.04.09 -
Kaspersky 7.0.0.125 2010.04.09 -
[B]McAfee-GW-Edition 6.8.5 2010.04.09 Heuristic.LooksLike.Win32.Suspicious.B!85
Microsoft 1.5605 2010.04.09 Backdoor:Win32/Rustock.E
NOD32 5012 2010.04.09 probably a variant of Win32/Kryptik.BRT
Norman 6.04.11 2010.04.09 W32/Obfuscated.V[/B]
nProtect 2009.1.8.0 2010.04.06 -
[B]Panda 10.0.2.2 2010.04.08 Trj/CI.A
PCTools 7.0.3.5 2010.04.09 Trojan-PSW.Generic[/B]
Prevx 3.0 2010.04.09 -
Rising 22.42.04.03 2010.04.09 -
[B]Sophos 4.52.0 2010.04.09 Mal/Bancos-E
Sunbelt 6155 2010.04.09 Trojan.Win32.Generic!BT
Symantec 20091.2.0.41 2010.04.09 Infostealer[/B]
TheHacker 6.5.2.0.258 2010.04.09 -
[B]TrendMicro 9.120.0.1004 2010.04.09 TROJ_Gen.BA33L9
VBA32 3.12.12.4 2010.04.09 Malware-Cryptor.Win32.Vals.22[/B]
ViRobot 2010.4.9.2269 2010.04.09 -
[B]VirusBuster 5.0.27.0 2010.04.09 Trojan.Obfuscated.DXYU[/B][/QUOTE]

[url]http://www.virustotal.com/analisis/5af3fd53aea5e008d8725c720ea0290e2e0cd485d8a953053ccf02e5e81a94a0-1270815579[/url]
13.04.2010, 15:57
Surfer

File vk-__o______a.exe received on 2010.04.13 10:42:41 (UTC)
Result: 10/40 (25%)

[QUOTE]a-squared 4.5.0.50 2010.04.13 -
AhnLab-V3 5.0.0.2 2010.04.12 -
AntiVir 7.10.6.65 2010.04.13 -
Antiy-AVL 2.0.3.7 2010.04.13 -
Authentium 5.2.0.5 2010.04.12 -
Avast 4.8.1351.0 2010.04.13 -
Avast5 5.0.332.0 2010.04.13 -
AVG 9.0.0.787 2010.04.13 -
BitDefender 7.2 2010.04.13 -
CAT-QuickHeal 10.00 2010.04.13 -
[B]ClamAV 0.96.0.3-git 2010.04.13 Trojan.Magania-9679[/B]
[B]Comodo 4585 2010.04.13 TrojWare.Win32.TrojanDropper.Delf.~HP[/B]
DrWeb 5.0.2.03300 2010.04.13 -
eSafe 7.0.17.0 2010.04.12 -
eTrust-Vet 35.2.7421 2010.04.12 -
F-Prot 4.5.1.85 2010.04.12 -
F-Secure 9.0.15370.0 2010.04.13 -
Fortinet 4.0.14.0 2010.04.12 -
GData 19 2010.04.13 -
Ikarus T3.1.1.80.0 2010.04.13 -
[B]Jiangmin 13.0.900 2010.04.13 Worm.VBS.ew[/B]
[B]Kaspersky 7.0.0.125 2010.04.13 Type_Script[/B]
McAfee 5.400.0.1158 2010.04.13 -
[B]McAfee-GW-Edition 6.8.5 2010.04.13 Heuristic.LooksLike.Win32.Suspicious.H[/B]
Microsoft 1.5605 2010.04.13 -
NOD32 5024 2010.04.13 -
[B]Norman 6.04.11 2010.04.13 W32/Agent.TXES[/B]
[B]nProtect 2009.1.8.0 2010.04.06 Trojan/W32.Agent.180736.K[/B]
Panda 10.0.2.7 2010.04.13 -
PCTools 7.0.3.5 2010.04.13 -
Prevx 3.0 2010.04.13 High Risk Worm
[B]Rising 22.43.01.01 2010.04.13 Trojan.Win32.GyBird.c[/B]
Sophos 4.52.0 2010.04.13 -
Sunbelt 6170 2010.04.13 -
Symantec 20091.2.0.41 2010.04.13 -
TheHacker 6.5.2.0.259 2010.04.12 -
TrendMicro 9.120.0.1004 2010.04.13 -
VBA32 3.12.12.4 2010.04.09 -
[B]ViRobot 2010.4.13.2273 2010.04.13 Trojan.Win32.Delf.180224.B[/B]
VirusBuster 5.0.27.0 2010.04.12 -[/QUOTE]

[url]http://www.virustotal.com/analisis/787c6eb4ab6d9209ff78baa92e40a29212d104eb471dbccbca90fd3d8b1033e1-1271155361[/url]
14.04.2010, 08:07
zalman

Файл autorun.in получен 2010.04.14 03:54:13 (UTC)
[QUOTE]
a-squared 4.5.0.50 2010.04.14 -
AhnLab-V3 5.0.0.2 2010.04.13 -
[COLOR="Red"]AntiVir 7.10.6.69 2010.04.13 TR/AutorunINF.633[/COLOR]
Antiy-AVL 2.0.3.7 2010.04.13 -
Authentium 5.2.0.5 2010.04.14 -
Avast 4.8.1351.0 2010.04.13 -
Avast5 5.0.332.0 2010.04.13 -
AVG 9.0.0.787 2010.04.14 -
[COLOR="#ff0000"]BitDefender 7.2 2010.04.14 Trojan.AutorunINF.Gen[/COLOR]
CAT-QuickHeal 10.00 2010.04.14 -
[COLOR="#ff0000"]ClamAV 0.96.0.3-git 2010.04.13 Worm.Autorun-1792[/COLOR]
Comodo 4593 2010.04.14 -
DrWeb 5.0.2.03300 2010.04.14 -
eSafe 7.0.17.0 2010.04.13 -
eTrust-Vet 35.2.7423 2010.04.13 -
F-Prot 4.5.1.85 2010.04.13 -
[COLOR="#ff0000"]F-Secure 9.0.15370.0 2010.04.14 Trojan.AutorunINF.Gen[/COLOR]
Fortinet 4.0.14.0 2010.04.12 -
[COLOR="#ff0000"]GData 19 2010.04.14 Trojan.AutorunINF.Gen[/COLOR]
Ikarus T3.1.1.80.0 2010.04.14 -
Jiangmin 13.0.900 2010.04.13 -
Kaspersky 7.0.0.125 2010.04.14 -
[COLOR="#ff0000"]McAfee 5.400.0.1158 2010.04.14 Generic!atr.b[/COLOR]
[COLOR="#ff0000"]McAfee-GW-Edition 6.8.5 2010.04.13 Trojan.AutorunINF.633[/COLOR]
[COLOR="#ff0000"]Microsoft 1.5605 2010.04.14 VirTool:INF/Autorun.gen[/COLOR]
NOD32 5026 2010.04.13 -
Norman 6.04.11 2010.04.13 -
[COLOR="#ff0000"]nProtect 2009.1.8.0 2010.04.06 Trojan.AutorunINF.Gen[/COLOR]
[COLOR="#ff0000"]Panda 10.0.2.7 2010.04.13 W32/Harakit.D.worm[/COLOR]
PCTools 7.0.3.5 2010.04.14 -
Prevx 3.0 2010.04.14 -
Rising 22.43.02.01 2010.04.14 -
Sophos 4.52.0 2010.04.14 -
[COLOR="#ff0000"]Sunbelt 6174 2010.04.14 INF.Autorun (v)[/COLOR]
Symantec 20091.2.0.41 2010.04.14 -
[COLOR="#ff0000"]TheHacker 6.5.2.0.260 2010.04.13 Trojan/Autorun.gen[/COLOR]
TrendMicro 9.120.0.1004 2010.04.13 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.13.2274 2010.04.13 -
VirusBuster 5.0.27.0 2010.04.13 -[/QUOTE]

[url]http://www.virustotal.com/ru/analisis/89f6b2a673e19143122179d1e164cc916a74c2416a9392ea40fe15e62a3abcef-1271217253[/url]

[size="1"][color="#666686"][B][I]Добавлено через 5 минут[/I][/B][/color][/size]

айл autorun.i получен 2010.04.14 04:04:34 (UTC)
Результат: [COLOR="Red"]12[/COLOR]/40 (30%)

[QUOTE]a-squared 4.5.0.50 2010.04.14 -
AhnLab-V3 5.0.0.2 2010.04.13 -
AntiVir 7.10.6.69 2010.04.13 -
Antiy-AVL 2.0.3.7 2010.04.13 -
Authentium 5.2.0.5 2010.04.14 -
[COLOR="Red"]Avast 4.8.1351.0 2010.04.13 BV:AutoRun-AK[/COLOR]
[COLOR="#ff0000"]Avast5 5.0.332.0 2010.04.13 BV:AutoRun-AK[/COLOR]
AVG 9.0.0.787 2010.04.14 -
[COLOR="#ff0000"]BitDefender 7.2 2010.04.14 Trojan.AutorunINF.Gen[/COLOR]
CAT-QuickHeal 10.00 2010.04.14 -
[COLOR="#ff0000"]ClamAV 0.96.0.3-git 2010.04.13 Worm.Autorun-1792[/COLOR]
Comodo 4593 2010.04.14 -
DrWeb 5.0.2.03300 2010.04.14 -
eSafe 7.0.17.0 2010.04.13 -
eTrust-Vet 35.2.7423 2010.04.13 -
F-Prot 4.5.1.85 2010.04.13 -
[COLOR="#ff0000"]F-Secure 9.0.15370.0 2010.04.14 Trojan.AutorunINF.Gen[/COLOR]
Fortinet 4.0.14.0 2010.04.12 -
[COLOR="#ff0000"]GData 19 2010.04.14 Trojan.AutorunINF.Gen[/COLOR]
Ikarus T3.1.1.80.0 2010.04.14 -
Jiangmin 13.0.900 2010.04.13 -
Kaspersky 7.0.0.125 2010.04.14 -
[COLOR="#ff0000"]McAfee 5.400.0.1158 2010.04.14 Generic!atr.b[/COLOR]
McAfee-GW-Edition 6.8.5 2010.04.13 -
[COLOR="#ff0000"]Microsoft 1.5605 2010.04.14 VirTool:INF/Autorun.gen[/COLOR]
NOD32 5026 2010.04.13 -
Norman 6.04.11 2010.04.13 -
[COLOR="#ff0000"]nProtect 2009.1.8.0 2010.04.06 Trojan.AutorunINF.Gen[/COLOR]
[COLOR="#ff0000"]Panda 10.0.2.7 2010.04.13 W32/Harakit.D.worm[/COLOR]
PCTools 7.0.3.5 2010.04.14 -
Prevx 3.0 2010.04.14 -
Rising 22.43.02.01 2010.04.14 -
Sophos 4.52.0 2010.04.14 -
[COLOR="#ff0000"]Sunbelt 6174 2010.04.14 INF.Autorun (v)[/COLOR]
Symantec 20091.2.0.41 2010.04.14 -
[COLOR="#ff0000"]TheHacker 6.5.2.0.260 2010.04.13 Trojan/Autorun.gen[/COLOR]
TrendMicro 9.120.0.1004 2010.04.13 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.13.2274 2010.04.13 -
VirusBuster 5.0.27.0 2010.04.13 -[/QUOTE]

[url]http://www.virustotal.com/ru/analisis/3b42703c3a25e4dfbaa79e01eb05736ee76add377a5bd3279c2fc3be75ba6c6d-1271217874[/url]
16.04.2010, 16:41
Vadim_SVN

C:\Program Files\expdebug.exe висел дебагером к explorer.exe
В прикрытии шел подмененный [url=http://www.virustotal.com/ru/analisis/2486b420e81b090e85a7b20037941a5ab9b78898890121fb8d9ce8b7cb86658a-1271420982]userinit.exe на VT[/url]
Файл avz00001.dta получен 2010.04.16 12:29:57 (UTC)
Результат: [b]9/40[/b] (22.5%)

[CODE]Антивирус Версия Обновление Результат
[b]a-squared 4.5.0.50 2010.04.16 Virus.Win32.Small!IK[/b]
AhnLab-V3 5.0.0.2 2010.04.16 -
AntiVir 7.10.6.113 2010.04.16 -
Antiy-AVL 2.0.3.7 2010.04.16 -
Authentium 5.2.0.5 2010.04.16 -
Avast 4.8.1351.0 2010.04.16 -
Avast5 5.0.332.0 2010.04.16 -
AVG 9.0.0.787 2010.04.16 -
BitDefender 7.2 2010.04.16 -
[b]CAT-QuickHeal 10.00 2010.04.16 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.04.16 PUA.Packed.ASPack
Comodo 4614 2010.04.16 Heur.Packed.Unknown[/b]
DrWeb 5.0.2.03300 2010.04.16 -
eSafe 7.0.17.0 2010.04.15 -
eTrust-Vet 35.2.7429 2010.04.16 -
F-Prot 4.5.1.85 2010.04.16 -
[b]F-Secure 9.0.15370.0 2010.04.16 Suspicious:W32/Malware!Gemini[/b]
Fortinet 4.0.14.0 2010.04.16 -
GData 19 2010.04.16 -
[b]Ikarus T3.1.1.80.0 2010.04.16 Virus.Win32.Small[/b]
Jiangmin 13.0.900 2010.04.16 -
Kaspersky 7.0.0.125 2010.04.16 -
McAfee 5.400.0.1158 2010.04.16 -
[b]McAfee-GW-Edition 6.8.5 2010.04.16 Heuristic.LooksLike.Win32.Suspicious.H[/b]
Microsoft 1.5605 2010.04.16 -
NOD32 5033 2010.04.16 -
Norman 6.04.11 2010.04.16 -
nProtect 2010-04-16.01 2010.04.16 -
[b]Panda 10.0.2.7 2010.04.15 Suspicious file[/b]
PCTools 7.0.3.5 2010.04.16 -
[b]Prevx 3.0 2010.04.16 High Risk Spyware[/b]
Rising 22.43.04.04 2010.04.16 -
Sophos 4.52.0 2010.04.16 -
Sunbelt 6183 2010.04.16 -
Symantec 20091.2.0.41 2010.04.16 -
TheHacker 6.5.2.0.262 2010.04.15 -
TrendMicro 9.120.0.1004 2010.04.15 -
VBA32 3.12.12.4 2010.04.15 -
ViRobot 2010.4.16.2280 2010.04.16 -
VirusBuster 5.0.27.0 2010.04.16 -
[/CODE]
17.04.2010, 17:49
Korvelle

Приходит по icq.

File foto.jar received on 2010.04.17 13:35:26 (UTC)
Current status: Finished
Result: 5/40 (12.5%)
[QUOTE]Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.17 -
AhnLab-V3 5.0.0.2 2010.04.16 -
[B]AntiVir 7.10.6.115 2010.04.16 JAVA/Konov.O[/B]
Antiy-AVL 2.0.3.7 2010.04.16 -
Authentium 5.2.0.5 2010.04.16 -
Avast 4.8.1351.0 2010.04.17 -
Avast5 5.0.332.0 2010.04.17 -
AVG 9.0.0.787 2010.04.17 -
BitDefender 7.2 2010.04.17 -
CAT-QuickHeal 10.00 2010.04.17 -
ClamAV 0.96.0.3-git 2010.04.17 -
Comodo 4625 2010.04.17 -
DrWeb 5.0.2.03300 2010.04.17 -
eSafe 7.0.17.0 2010.04.15 -
eTrust-Vet 35.2.7430 2010.04.16 -
F-Prot 4.5.1.85 2010.04.17 -
[B]F-Secure 9.0.15370.0 2010.04.16 Riskware:Java/SmsSend.Gen!A[/B]
Fortinet 4.0.14.0 2010.04.17 -
GData 19 2010.04.17 -
[B]Ikarus T3.1.1.80.0 2010.04.17 Trojan-SMS[/B]
Jiangmin 13.0.900 2010.04.17 -
[B]Kaspersky 7.0.0.125 2010.04.17 Trojan-SMS.J2ME.Konov.v[/B]
McAfee 5.400.0.1158 2010.04.17 -
[B]McAfee-GW-Edition 6.8.5 2010.04.17 Java.Konov.O[/B]
Microsoft 1.5605 2010.04.17 -
NOD32 5035 2010.04.16 -
Norman 6.04.11 2010.04.16 -
nProtect 2010-04-17.01 2010.04.17 -
Panda 10.0.2.7 2010.04.17 -
PCTools 7.0.3.5 2010.04.17 -
Prevx 3.0 2010.04.17 -
Rising 22.43.05.03 2010.04.17 -
Sophos 4.52.0 2010.04.17 -
Sunbelt 6187 2010.04.17 -
Symantec 20091.2.0.41 2010.04.17 -
TheHacker 6.5.2.0.263 2010.04.16 -
TrendMicro 9.120.0.1004 2010.04.15 -
VBA32 3.12.12.4 2010.04.15 -
ViRobot 2010.4.17.2282 2010.04.17 -
VirusBuster 5.0.27.0 2010.04.17 -
Additional information
File size: 5085 bytes
MD5...: cc077e417f5b48c80f66b315b54193aa
SHA1..: bf412ef404abb45b19b71e610ce05f245542e70d
SHA256: e8008244dcb96ffa024236be7dda61fd8feaf3676a3092583286517c90329622
ssdeep: 96:6FTiOURs9qVeiThylfHD5nRGpQ3/wRmODrBGTe/j5vd00vIOakxZW:6Z5Udei
TcJHlRGi/w0ODrkTyt1001W
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set[/QUOTE]
20.04.2010, 19:28
Юльча

Файл zbot.exe получен 2010.04.20 15:21:02 (UTC)
Результат: 8/41 (19.52%)

[QUOTE]Антивирус Версия Обновление Результат
[B]a-squared 4.5.0.50 2010.04.20 PWS.Win32!IK[/B]
AhnLab-V3 5.0.0.2 2010.04.20 -
[B]AntiVir 7.10.6.144 2010.04.20 TR/PSW.Zbot.75776.R[/B]
Antiy-AVL 2.0.3.7 2010.04.19 -
Authentium 5.2.0.5 2010.04.20 -
Avast 4.8.1351.0 2010.04.20 -
Avast5 5.0.332.0 2010.04.20 -
AVG 9.0.0.787 2010.04.20 -
BitDefender 7.2 2010.04.20 -
CAT-QuickHeal 10.00 2010.04.20 -
ClamAV 0.96.0.3-git 2010.04.20 -
Comodo 4653 2010.04.20 -
DrWeb 5.0.2.03300 2010.04.20 -
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7436 2010.04.20 -
F-Prot 4.5.1.85 2010.04.20 -
F-Secure 9.0.15370.0 2010.04.20 -
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.20 -
[B]Ikarus T3.1.1.80.0 2010.04.20 PWS.Win32[/B]
Jiangmin 13.0.900 2010.04.20 -
Kaspersky 7.0.0.125 2010.04.20 -
McAfee 5.400.0.1158 2010.04.20 -
[B]McAfee-GW-Edition 6.8.5 2010.04.20 Trojan.PSW.Zbot.75776.R
Microsoft 1.5703 2010.04.20 PWS:Win32/Zbot.gen!R[/B]
NOD32 5044 2010.04.20 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-20.01 2010.04.20 -
[B]Panda 10.0.2.7 2010.04.19 Suspicious file[/B]
PCTools 7.0.3.5 2010.04.20 -
[B]Prevx 3.0 2010.04.20 Medium Risk Malware[/B]
Rising 22.44.01.03 2010.04.20 -
[B]Sophos 4.52.0 2010.04.20 Mal/Generic-L[/B]
Sunbelt 6199 2010.04.20 -
Symantec 20091.2.0.41 2010.04.20 -
TheHacker 6.5.2.0.265 2010.04.20 -
TrendMicro 9.120.0.1004 2010.04.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.20 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.20 -[/QUOTE]

[url]http://www.virustotal.com/ru/analisis/06b2feca7c50a841391d27fb9cf17cfad8a2336ebf0980b098cbc714b5e7bfa0-1271776862[/url]
20.04.2010, 20:05
gjf

Нет повести печальнее на свете, чем повесть ТДЛа на планете....

File keygen.ex1 received on 2010.04.20 16:02:52 (UTC)
Result: 5/41 (12.2%)
[QUOTE]a-squared 4.5.0.50 2010.04.20 -
AhnLab-V3 5.0.0.2 2010.04.20 -
AntiVir 7.10.6.144 2010.04.20 -
Antiy-AVL 2.0.3.7 2010.04.19 -
Authentium 5.2.0.5 2010.04.20 -
Avast 4.8.1351.0 2010.04.20 -
Avast5 5.0.332.0 2010.04.20 -
AVG 9.0.0.787 2010.04.20 -
BitDefender 7.2 2010.04.20 -
CAT-QuickHeal 10.00 2010.04.20 -
ClamAV 0.96.0.3-git 2010.04.20 -
Comodo 4653 2010.04.20 -
[B]DrWeb 5.0.2.03300 2010.04.20 Trojan.DownLoad1.54489[/B]
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7436 2010.04.20 -
F-Prot 4.5.1.85 2010.04.20 -
F-Secure 9.0.15370.0 2010.04.20 -
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.20 -
Ikarus T3.1.1.80.0 2010.04.20 -
Jiangmin 13.0.900 2010.04.20 -
[B]Kaspersky 7.0.0.125 2010.04.20 Trojan-Dropper.Win32.TDSS.bs[/B]
McAfee 5.400.0.1158 2010.04.20 -
McAfee-GW-Edition 6.8.5 2010.04.20 -
Microsoft 1.5703 2010.04.20 -
[B]NOD32 5044 2010.04.20 Win32/Olmarik.SC[/B]
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-20.01 2010.04.20 -
Panda 10.0.2.7 2010.04.19 -
PCTools 7.0.3.5 2010.04.20 -
[B]Prevx 3.0 2010.04.20 Medium Risk Malware[/B]
Rising 22.44.01.03 2010.04.20 -
Sophos 4.52.0 2010.04.20 -
Sunbelt 6199 2010.04.20 -
[B]Symantec 20091.2.0.41 2010.04.20 Backdoor.Tidserv[/B]
TheHacker 6.5.2.0.265 2010.04.20 -
TrendMicro 9.120.0.1004 2010.04.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.20 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.20 -[/QUOTE]

[url]http://www.virustotal.com/analisis/037b16fd36c985d4ac1123c99743383af6de70dcbc4640ffe25d4a7d47a22eb9-1271779372[/url]
21.04.2010, 11:14
Nexus

На одном из местных форумов раскидывали под видом безобидных программ.

File Tero.rar received on 2010.04.21 06:54:48 (UTC)
[quote]a-squared 4.5.0.50 2010.04.21 -
AhnLab-V3 5.0.0.2 2010.04.21 -
[B]AntiVir 7.10.6.145 2010.04.20 TR/Agent.568320[/B]
Antiy-AVL 2.0.3.7 2010.04.21 -
Authentium 5.2.0.5 2010.04.21 -
Avast 4.8.1351.0 2010.04.20 -
Avast5 5.0.332.0 2010.04.20 -
AVG 9.0.0.787 2010.04.21 -
BitDefender 7.2 2010.04.21 -
CAT-QuickHeal 10.00 2010.04.21 -
ClamAV 0.96.0.3-git 2010.04.21 -
Comodo 4656 2010.04.21 -
DrWeb 5.0.2.03300 2010.04.21 -
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7439 2010.04.21 -
F-Prot 4.5.1.85 2010.04.20 -
F-Secure 9.0.15370.0 2010.04.21 -
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.21 -
Ikarus T3.1.1.80.0 2010.04.21 -
Jiangmin 13.0.900 2010.04.20 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.04.21 -
McAfee 5.400.0.1158 2010.04.21 -
McAfee+Artemis 5937 2010.03.31 -
[B]McAfee-GW-Edition 6.8.5 2010.04.20 Trojan.Agent.568320[/B]
Microsoft 1.5703 2010.04.21 -
NOD32 5045 2010.04.20 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-20.01 2010.04.20 -
Panda 10.0.2.7 2010.04.20 -
PCTools 7.0.3.5 2010.04.21 -
Rising 22.44.02.04 2010.04.21 -
[B]Sophos 4.52.0 2010.04.21 Sus/Behav-269[/B]
Sunbelt 6202 2010.04.21 -
Symantec 20091.2.0.41 2010.04.21 -
TheHacker 6.5.2.0.265 2010.04.21 -
TrendMicro 9.120.0.1004 2010.04.21 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.21 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.20 -[/quote]

Additional information
File size: 215788 bytes
MD5...: c9e9104f6f3b7c727b2dd6b3167bab85

[url]http://www.virustotal.com/analisis/6f37a6fedecafe755e8ab87539d66a3d9dbaf47051b291c3990bbe6ce0777f55-1271832888[/url]

File Setup.exe received on 2010.04.21 07:06:03 (UTC)
[quote]a-squared 4.5.0.50 2010.04.21 -
AhnLab-V3 5.0.0.2 2010.04.21 -
[B]AntiVir 7.10.6.145 2010.04.20 TR/Agent.568320[/B]
Antiy-AVL 2.0.3.7 2010.04.21 -
Authentium 5.2.0.5 2010.04.21 -
Avast 4.8.1351.0 2010.04.20 -
Avast5 5.0.332.0 2010.04.20 -
AVG 9.0.0.787 2010.04.21 -
BitDefender 7.2 2010.04.21 -
CAT-QuickHeal 10.00 2010.04.21 -
ClamAV 0.96.0.3-git 2010.04.21 -
Comodo 4656 2010.04.21 -
DrWeb 5.0.2.03300 2010.04.21 -
eSafe 7.0.17.0 2010.04.18 -
[B]eTrust-Vet 35.2.7439 2010.04.21 Win32/ASuspect.HDCDS[/B]
F-Prot 4.5.1.85 2010.04.20 -
F-Secure 9.0.15370.0 2010.04.21 -
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.21 -
Ikarus T3.1.1.80.0 2010.04.21 -
Jiangmin 13.0.900 2010.04.20 -
Kaspersky 7.0.0.125 2010.04.21 -
McAfee 5.400.0.1158 2010.04.21 -
[B]McAfee-GW-Edition 6.8.5 2010.04.20 Trojan.Agent.568320[/B]
Microsoft 1.5703 2010.04.21 -
NOD32 5045 2010.04.20 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-20.01 2010.04.20 -
Panda 10.0.2.7 2010.04.20 -
PCTools 7.0.3.5 2010.04.21 -
Prevx 3.0 2010.04.21 -
Rising 22.44.02.04 2010.04.21 -
[B]Sophos 4.52.0 2010.04.21 Sus/Behav-269[/B]
Sunbelt 6202 2010.04.21 -
Symantec 20091.2.0.41 2010.04.21 -
TheHacker 6.5.2.0.265 2010.04.21 -
TrendMicro 9.120.0.1004 2010.04.21 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.21 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.20 -[/quote]

Additional information
File size: 568320 bytes
MD5...: b1215d5f68767171e467de018e3c5a18

[url]http://www.virustotal.com/analisis/ae761b9c8f5bcca93903ca3e2074e23286088773d00b6917031259058fa34d6b-1271833563[/url]
21.04.2010, 18:15
Erekle

Файл F0CD0B3E00F90FD9F070022BB07F4400C0E4A1EC.exe получен 2010.04.21 01:31:08 (UTC)
Результат: 6/40 (15.00%)
[QUOTE]a-squared 4.5.0.50 2010.04.21 -
AhnLab-V3 5.0.0.2 2010.04.20 -
AntiVir 7.10.6.145 2010.04.20 -
Antiy-AVL 2.0.3.7 2010.04.19 -
[B]Authentium 5.2.0.5 2010.04.20 W32/Zegost.A.gen!Eldorado[/B]
Avast 4.8.1351.0 2010.04.20 -
Avast5 5.0.332.0 2010.04.20 -
AVG 9.0.0.787 2010.04.21 -
BitDefender 7.2 2010.04.21 -
CAT-QuickHeal 10.00 2010.04.20 -
ClamAV 0.96.0.3-git 2010.04.20 -
Comodo 4656 2010.04.21 -
[B]DrWeb 5.0.2.03300 2010.04.21 Trojan.Baijin.origin[/B]
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7436 2010.04.20 -
[B]F-Prot 4.5.1.85 2010.04.20 W32/Zegost.A.gen!Eldorado
F-Secure 9.0.15370.0 2010.04.21 Backdoor:W32/Agent.DIUY[/B]
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.21 -
Ikarus T3.1.1.80.0 2010.04.21 -
Jiangmin 13.0.900 2010.04.20 -
Kaspersky 7.0.0.125 2010.04.21 -
McAfee 5.400.0.1158 2010.04.21 -
McAfee-GW-Edition 6.8.5 2010.04.20 -
Microsoft 1.5703 2010.04.20 -
NOD32 5045 2010.04.20 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-20.01 2010.04.20 -
[B]Panda 10.0.2.7 2010.04.20 Suspicious file[/B]
PCTools 7.0.3.5 2010.04.21 -
Prevx 3.0 2010.04.21 -
Rising 22.44.01.03 2010.04.20 -
Sophos 4.52.0 2010.04.21 -
Sunbelt 6201 2010.04.21 -
Symantec 20091.2.0.41 2010.04.21 -
TheHacker 6.5.2.0.265 2010.04.20 -
[B]TrendMicro 9.120.0.1004 2010.04.20 BKDR_ZEGOST.SMF[/B]
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.20 -[/QUOTE]
Дополнительная информация
File size: 192512 bytes
MD5 : 7184aa1a4c5bcb70ed7b9f03c4022643
SHA1 : 726613609b33f52fddd8c7c7cb54bc753d7947d0
SHA256: 678815d2253ff0a508146ed72684dce6645f860f4d323b8652a08f327774ebb8
[url]http://www.virustotal.com/ru/analisis/678815d2253ff0a508146ed72684dce6645f860f4d323b8652a08f327774ebb8-1271813468[/url]

Файл anitsvstart.vll получен 2010.04.20 11:03:07 (UTC)
Результат: 15/40 (37.50%)
[QUOTE][B]a-squared 4.5.0.50 2010.04.20 Win32.SuspectCrc!IK[/B]
AhnLab-V3 5.0.0.2 2010.04.20 -
[B]AntiVir 7.10.6.142 2010.04.20 HEUR/Malware[/B]
Antiy-AVL 2.0.3.7 2010.04.19 -
Authentium 5.2.0.5 2010.04.20 -
Avast 4.8.1351.0 2010.04.19 -
Avast5 5.0.332.0 2010.04.19 -
AVG 9.0.0.787 2010.04.20 -
[B]BitDefender 7.2 2010.04.20 DeepScan:Generic.Peed.A4838A1A[/B]
CAT-QuickHeal 10.00 2010.04.20 -
ClamAV 0.96.0.3-git 2010.04.20 -
[B]Comodo 4652 2010.04.20 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.04.20 Trojan.DownLoader1.5889[/B]
eSafe 7.0.17.0 2010.04.18 -
[B]eTrust-Vet 35.2.7436 2010.04.20 Win32/Etap[/B]
F-Prot 4.5.1.85 2010.04.20 -
[B]F-Secure 9.0.15370.0 2010.04.20 DeepScan:Generic.Peed.A4838A1A[/B]
Fortinet 4.0.14.0 2010.04.18 -
[B]GData 19 2010.04.20 DeepScan:Generic.Peed.A4838A1A
Ikarus T3.1.1.80.0 2010.04.20 Win32.SuspectCrc[/B]
Jiangmin 13.0.900 2010.04.20 -
[B]Kaspersky 7.0.0.125 2010.04.20 Trojan-Downloader.Win32.Agent.dljj[/B]
McAfee 5.400.0.1158 2010.04.20 -
[B]McAfee-GW-Edition 6.8.5 2010.04.20 Heuristic.Malware[/B]
Microsoft 1.5703 2010.04.20 -
NOD32 5043 2010.04.20 -
[B]Norman 6.04.11 2010.04.20 W32/Redosdru.LS[/B]
nProtect 2010-04-20.01 2010.04.20 -
[B]Panda 10.0.2.7 2010.04.19 Trj/CI.A[/B]
PCTools 7.0.3.5 2010.04.20 -
Prevx 3.0 2010.04.20 -
Rising 22.44.01.03 2010.04.20 -
[B]Sophos 4.52.0 2010.04.20 Sus/UnkPack-C[/B]
Sunbelt 6199 2010.04.20 -
Symantec 20091.2.0.41 2010.04.20 -
TheHacker 6.5.2.0.265 2010.04.19 -
[B]TrendMicro 9.120.0.1004 2010.04.20 TROJ_REDOSDRU.BR[/B]
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.19 -[/QUOTE]
Дополнительная информация
File size: 151576 bytes
MD5 : 077cfb5a729108364ac4e25d2741f603
SHA1 : 2b852569c73060f6ba1bbd45d4a7eb83e828e033
SHA256: 183c7469d2f6b0da959c16772ebc3c94b992e330adc67f4e918e7fa75e9beb46
[url]http://www.virustotal.com/ru/analisis/183c7469d2f6b0da959c16772ebc3c94b992e330adc67f4e918e7fa75e9beb46-1271761387[/url]

Файл tcpz-x86d.sys- получен 2010.04.10 10:24:10 (UTC)
Результат: 17/39 (43.59%)
[QUOTE][B]a-squared 4.5.0.50 2010.04.10 Trojan-Dropper.Agent!IK[/B]
AhnLab-V3 5.0.0.2 2010.04.10 -
AntiVir 7.10.6.55 2010.04.09 -
[B]Antiy-AVL 2.0.3.7 2010.04.09 Backdoor/Win32.Agent.gen[/B]
Authentium 5.2.0.5 2010.04.09 -
Avast 4.8.1351.0 2010.04.09 -
[B]Avast5 5.0.332.0 2010.04.09 Win32:Tcpz-C
AVG 9.0.0.787 2010.04.10 BackDoor.Agent.ADTM[/B]
BitDefender 7.2 2010.04.10 -
[B]CAT-QuickHeal 10.00 2010.04.10 Trojan.Agent.gen[/B]
ClamAV 0.96.0.3-git 2010.04.10 -
[B]Comodo 4553 2010.04.10 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.04.10 Tool.TcpZ[/B]
eSafe 7.0.17.0 2010.04.08 -
[B]eTrust-Vet 35.2.7418 2010.04.09 Win32/FakeAV.CEH[/B]
F-Prot 4.5.1.85 2010.04.09 -
F-Secure 9.0.15370.0 2010.04.10 -
Fortinet 4.0.14.0 2010.04.10 -
GData 19 2010.04.10 -
[B]Ikarus T3.1.1.80.0 2010.04.10 Trojan-Dropper.Agent[/B]
Jiangmin 13.0.900 2010.04.10 -
Kaspersky 7.0.0.125 2010.04.10 -
McAfee-GW-Edition 6.8.5 2010.04.09 -
Microsoft 1.5605 2010.04.10 -
[B]NOD32 5014 2010.04.09 Win32/TCPZ.D
Norman 6.04.11 2010.04.10 W32/Suspicious_Gen2.VDAL
nProtect 2009.1.8.0 2010.04.06 Backdoor/W32.Agent.12136[/B]
Panda 10.0.2.2 2010.04.09 -
[B]PCTools 7.0.3.5 2010.04.10 Hacktool.Rootkit
Prevx 3.0 2010.04.10 High Risk Rootkit[/B]
Rising 22.42.04.03 2010.04.09 -
[B]Sophos 4.52.0 2010.04.10 TCP-Z TCP Patch and Monitor
Sunbelt 6160 2010.04.10 Hacktool.Rootkit
Symantec 20091.2.0.41 2010.04.10 Hacktool.Rootkit[/B]
TheHacker 6.5.2.0.259 2010.04.10 -
TrendMicro 9.120.0.1004 2010.04.10 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.10.2270 2010.04.10 -
VirusBuster 5.0.27.0 2010.04.09 -[/QUOTE]
Дополнительная информация
File size: 12136 bytes
MD5 : 1d1e2ac3195b7d199337557ca9ab84cf
SHA1 : 1ac8d3db5647b3bcba39c3b48a647207d4651be7
SHA256: 04b2e94cb8b232b6ecd37604c234d812a086f2aa94f12578f255eacaa1d4fb8d
[url]http://www.virustotal.com/ru/analisis/04b2e94cb8b232b6ecd37604c234d812a086f2aa94f12578f255eacaa1d4fb8d-1270895050[/url]

Файл A16.exe получен 2010.04.21 13:38:54 (UTC)
Результат: 7/42 (16.67%)
[QUOTE][B]a-squared 4.5.0.50 2010.04.21 Backdoor.Win32.SdBot!IK[/B]
AhnLab-V3 5.0.0.2 2010.04.21 -
AntiVir 7.10.6.149 2010.04.21 -
[B]Antiy-AVL 2.0.3.7 2010.04.21 Trojan/Win32.Agent.gen
Authentium 5.2.0.5 2010.04.21 W32/Damaged_File.gen!Eldorado[/B]
Avast 4.8.1351.0 2010.04.21 -
Avast5 5.0.332.0 2010.04.21 -
[B]AVG 9.0.0.787 2010.04.21 SHeur3.SHH[/B]
BitDefender 7.2 2010.04.21 -
CAT-QuickHeal 10.00 2010.04.21 -
ClamAV 0.96.0.3-git 2010.04.21 -
Comodo 4657 2010.04.21 -
DrWeb 5.0.2.03300 2010.04.21 -
eSafe 7.0.17.0 2010.04.21 -
eTrust-Vet 35.2.7439 2010.04.21 -
[B]F-Prot 4.5.1.85 2010.04.21 W32/Damaged_File.gen!Eldorado
F-Secure 9.0.15370.0 2010.04.21 Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.0.14.0 2010.04.21 -
GData 21 2010.04.21 -
[B]Ikarus T3.1.1.80.0 2010.04.21 Backdoor.Win32.SdBot[/B]
Jiangmin 13.0.900 2010.04.20 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.04.21 -
McAfee 5.400.0.1158 2010.04.21 -
McAfee+Artemis 5937 2010.03.31 -
McAfee-GW-Edition 6.8.5 2010.04.21 -
Microsoft 1.5703 2010.04.21 -
NOD32 5047 2010.04.21 -
Norman 6.04.11 2010.04.21 -
nProtect 2010-04-21.01 2010.04.21 -
Panda 10.0.2.7 2010.04.20 -
PCTools 7.0.3.5 2010.04.21 -
Rising 22.44.02.05 2010.04.21 -
Sophos 4.52.0 2010.04.21 -
Sunbelt 6203 2010.04.21 -
Symantec 20091.2.0.41 2010.04.21 -
TheHacker 6.5.2.0.266 2010.04.21 -
TrendMicro 9.120.0.1004 2010.04.21 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.21 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.21.2288 2010.04.21 -
VirusBuster 5.0.27.0 2010.04.21 -[/QUOTE]
Дополнительная информация
File size: 90112 bytes
MD5...: 51d17c04411919860110dab16996f96a
SHA1..: 1e820785f7736841c8130f8574382be93e5a09d3
SHA256: 68079ce67e9cc5e0442d43c0be0cb2781eb75a71c3afbded9ae16b6d361d7a22
[url]http://www.virustotal.com/ru/analisis/68079ce67e9cc5e0442d43c0be0cb2781eb75a71c3afbded9ae16b6d361d7a22-1271857134[/url]

Файл bbdydmz.vll получен 2010.04.20 12:12:54 (UTC)
Результат: 12/40 (30.00%)
[QUOTE][B]a-squared 4.5.0.50 2010.04.20 Backdoor.Win32.PcClient!IK[/B]
AhnLab-V3 5.0.0.2 2010.04.20 -
AntiVir 7.10.6.142 2010.04.20 -
Antiy-AVL 2.0.3.7 2010.04.19 -
Authentium 5.2.0.5 2010.04.20 -
[B]Avast 4.8.1351.0 2010.04.20 Win32:Agent-EPC
Avast5 5.0.332.0 2010.04.20 Win32:Agent-EPC[/B]
AVG 9.0.0.787 2010.04.20 -
BitDefender 7.2 2010.04.20 -
CAT-QuickHeal 10.00 2010.04.20 -
ClamAV 0.96.0.3-git 2010.04.20 -
[B]Comodo 4652 2010.04.20 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.04.20 DLOADER.Trojan[/B]
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7436 2010.04.20 -
F-Prot 4.5.1.85 2010.04.20 -
F-Secure 9.0.15370.0 2010.04.20 -
Fortinet 4.0.14.0 2010.04.20 -
[B]GData 19 2010.04.20 Win32:Agent-EPC
Ikarus T3.1.1.80.0 2010.04.20 Backdoor.Win32.PcClient[/B]
Jiangmin 13.0.900 2010.04.20 -
Kaspersky 7.0.0.125 2010.04.20 -
McAfee 5.400.0.1158 2010.04.20 -
McAfee-GW-Edition 6.8.5 2010.04.20 -
Microsoft 1.5703 2010.04.20 -
NOD32 5043 2010.04.20 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-20.01 2010.04.20 -
[B]Panda 10.0.2.7 2010.04.19 Suspicious file
PCTools 7.0.3.5 2010.04.20 Trojan.Conficker.c.gen
Prevx 3.0 2010.04.20 High Risk Cloaked Malware[/B]
Rising 22.44.01.03 2010.04.20 -
[B]Sophos 4.52.0 2010.04.20 Mal/Behav-001[/B]
Sunbelt 6199 2010.04.20 -
Symantec 20091.2.0.41 2010.04.20 -
TheHacker 6.5.2.0.265 2010.04.19 -
TrendMicro 9.120.0.1004 2010.04.20 -
[B]VBA32 3.12.12.4 2010.04.19 suspected of Malware.Agent.22[/B]
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.19 -[/QUOTE]
Дополнительная информация
File size: 103936 bytes
MD5 : 31a0613ef9e8a63bdd3d5d4528e6142c
SHA1 : 0299d263c94b7c3db8d0bd71833f965280b4b976
SHA256: c132415d1f6aeabd34763225efa746e2eddc87b863e1e5316691be734f1dbca9
[url]http://www.virustotal.com/ru/analisis/c132415d1f6aeabd34763225efa746e2eddc87b863e1e5316691be734f1dbca9-1271765574[/url]

Файл 700531.exe1 получен 2010.04.21 13:22:57 (UTC)
Результат: 20/40 (50.00%)
[QUOTE][B]a-squared 4.5.0.50 2010.04.21 Win32.SuspectCrc!IK[/B]
AhnLab-V3 5.0.0.2 2010.04.21 -
AntiVir 7.10.6.149 2010.04.21 -
[B]Antiy-AVL 2.0.3.7 2010.04.21 Trojan/Win32.heuristic[/B]
Authentium 5.2.0.5 2010.04.21 -
Avast 4.8.1351.0 2010.04.21 -
Avast5 5.0.332.0 2010.04.21 -
[B]AVG 9.0.0.787 2010.04.21 Win32/CryptExe
BitDefender 7.2 2010.04.21 DeepScan:Generic.Rincux2.1D125CC4
CAT-QuickHeal 10.00 2010.04.21 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.04.21 -
[B]Comodo 4656 2010.04.21 Heur.Pck.EXECryptor
DrWeb 5.0.2.03300 2010.04.21 Win32.HLLP.DDoS[/B]
eSafe 7.0.17.0 2010.04.21 -
eTrust-Vet 35.2.7439 2010.04.21 -
F-Prot 4.5.1.85 2010.04.21 -
[B]F-Secure 9.0.15370.0 2010.04.21 DeepScan:Generic.Rincux2.1D125CC4[/B]
Fortinet 4.0.14.0 2010.04.21 -
[B]GData 19 2010.04.21 DeepScan:Generic.Rincux2.1D125CC4
Ikarus T3.1.1.80.0 2010.04.21 Win32.SuspectCrc[/B]
Jiangmin 13.0.900 2010.04.20 -
[B]Kaspersky 7.0.0.125 2010.04.21 Heur.Trojan.Generic
McAfee 5.400.0.1158 2010.04.21 Generic.dx!rwd
McAfee-GW-Edition 6.8.5 2010.04.21 Heuristic.LooksLike.Win32.SuspiciousPE.C[/B]
Microsoft 1.5703 2010.04.21 -
NOD32 5047 2010.04.21 -
Norman 6.04.11 2010.04.21 -
nProtect 2010-04-21.01 2010.04.21 -
[B]Panda 10.0.2.7 2010.04.20 Trj/CI.A
PCTools 7.0.3.5 2010.04.21 Trojan.Panddos
Prevx 3.0 2010.04.21 High Risk Cloaked Malware[/B]
Rising 22.44.02.05 2010.04.21 -
[B]Sophos 4.52.0 2010.04.21 Sus/Dropper-A[/B]
Sunbelt 6203 2010.04.21 -
[B]Symantec 20091.2.0.41 2010.04.21 Trojan.Panddos[/B]
TheHacker 6.5.2.0.266 2010.04.21 -
TrendMicro 9.120.0.1004 2010.04.21 -
[B]VBA32 3.12.12.4 2010.04.19 suspected of Embedded.Trojan.Win32.Scar.babq[/B]
ViRobot 2010.4.21.2288 2010.04.21 -
[B]VirusBuster 5.0.27.0 2010.04.21 Packed/Execryptor[/B][/QUOTE]
Дополнительная информация
File size: 292428 bytes
MD5 : 657dd12404df9afb9f520a22f831c2ae
SHA1 : e8f9273c4a941c8a8ddff4fa50551476944ec528
SHA256: 5c83f88730d4e6320be3d31d5f6dc339edd93d7e227551ff5245a025491105f9
[url]http://www.virustotal.com/ru/analisis/5c83f88730d4e6320be3d31d5f6dc339edd93d7e227551ff5245a025491105f9-1271856177[/url]

Файл 5E68ED8600F01A5A2CF00089A30BB40055799196.exe получен 2010.04.19 17:06:50 (UTC)
Результат: 1/40 (2.50%)
[QUOTE]a-squared 4.5.0.50 2010.04.19 -
AhnLab-V3 5.0.0.2 2010.04.19 -
AntiVir 7.10.6.121 2010.04.19 -
Antiy-AVL 2.0.3.7 2010.04.19 -
Authentium 5.2.0.5 2010.04.16 -
Avast 4.8.1351.0 2010.04.19 -
Avast5 5.0.332.0 2010.04.19 -
AVG 9.0.0.787 2010.04.19 -
BitDefender 7.2 2010.04.19 -
CAT-QuickHeal 10.00 2010.04.19 -
ClamAV 0.96.0.3-git 2010.04.19 -
Comodo 4645 2010.04.19 -
DrWeb 5.0.2.03300 2010.04.19 -
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7434 2010.04.19 -
F-Prot 4.5.1.85 2010.04.19 -
F-Secure 9.0.15370.0 2010.04.19 -
Fortinet 4.0.14.0 2010.04.18 -
GData 19 2010.04.19 -
Ikarus T3.1.1.80.0 2010.04.19 -
Jiangmin 13.0.900 2010.04.19 -
Kaspersky 7.0.0.125 2010.04.19 -
McAfee 5.400.0.1158 2010.04.19 -
McAfee-GW-Edition 6.8.5 2010.04.19 -
Microsoft 1.5605 2010.04.19 -
NOD32 5041 2010.04.19 -
Norman 6.04.11 2010.04.19 -
nProtect 2010-04-19.01 2010.04.19 -
Panda 10.0.2.7 2010.04.19 -
PCTools 7.0.3.5 2010.04.19 -
[B]Prevx 3.0 2010.04.19 High Risk Banking Info Stealer[/B]
Rising 22.44.00.04 2010.04.19 -
Sophos 4.52.0 2010.04.19 -
Sunbelt 6195 2010.04.19 -
Symantec 20091.2.0.41 2010.04.19 -
TheHacker 6.5.2.0.264 2010.04.19 -
TrendMicro 9.120.0.1004 2010.04.19 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2283 2010.04.19 -
VirusBuster 5.0.27.0 2010.04.19 -[/QUOTE]
Дополнительная информация
File size: 11264 bytes
MD5 : b0bafb22df88aee92941859d2f29a5d0
SHA1 : f508d9c94245ee791257036d52a57beebdfc9c0a
SHA256: 1dfb18b73ce42af605c1ea3aa44f4b5138bf382c6be9d6a060a52d94e25d213d
[url]http://www.virustotal.com/ru/analisis/1dfb18b73ce42af605c1ea3aa44f4b5138bf382c6be9d6a060a52d94e25d213d-1271696810[/url]
22.04.2010, 06:13
amcenter

File CSLook.exe received on 2010.04.22 01:59:46 (UTC)
Result: [b]16/41[/b] (39.03%)

[QUOTE]
[b]a-squared 4.5.0.50 2010.04.22 Win32.Neshta!IK[/b]
AhnLab-V3 5.0.0.2 2010.04.22 -
[b]AntiVir 7.10.6.169 2010.04.21 W32/Neshta.a[/b]
Antiy-AVL 2.0.3.7 2010.04.21 -
Authentium 5.2.0.5 2010.04.22 -
[b]Avast 4.8.1351.0 2010.04.21 Win32:Neshta[/b]
[b]Avast5 5.0.332.0 2010.04.21 Win32:Neshta[/b]
[b]AVG 9.0.0.787 2010.04.21 Win32/Neshta.A[/b]
BitDefender 7.2 2010.04.22 -
CAT-QuickHeal 10.00 2010.04.21 -
ClamAV 0.96.0.3-git 2010.04.21 -
[b]Comodo 4662 2010.04.22 Virus.Win32.Neshta.a1[/b]
DrWeb 5.0.2.03300 2010.04.22 -
[b]eSafe 7.0.17.0 2010.04.21 Win32.Neshta.A[/b]
eTrust-Vet 35.2.7442 2010.04.21 -
F-Prot 4.5.1.85 2010.04.21 -
F-Secure 9.0.15370.0 2010.04.21 -
[b]Fortinet 4.0.14.0 2010.04.21 PossibleThreat[/b]
[b]GData 21 2010.04.22 Win32:Neshta[/b]
[b]Ikarus T3.1.1.80.0 2010.04.22 Win32.Neshta[/b]
Jiangmin 13.0.900 2010.04.20 -
Kaspersky 7.0.0.125 2010.04.22 -
McAfee 5.400.0.1158 2010.04.22 -
[b]McAfee-GW-Edition 6.8.5 2010.04.21 Win32.Neshta.a[/b]
Microsoft 1.5703 2010.04.21 -
NOD32 5048 2010.04.21 -
Norman 6.04.11 2010.04.21 -
nProtect 2010-04-21.01 2010.04.21 -
[b]Panda 10.0.2.7 2010.04.21 Suspicious file[/b]
[b]PCTools 7.0.3.5 2010.04.22 Win32.Neshta.B[/b]
Prevx 3.0 2010.04.22 -
Rising 22.44.03.01 2010.04.22 -
Sophos 4.53.0 2010.04.22 -
[b]Sunbelt 6205 2010.04.22 Virus.Win32.Neshta.Gen.3 (fs)[/b]
[b]Symantec 20091.2.0.41 2010.04.22 W32.Neshuta[/b]
TheHacker 6.5.2.0.266 2010.04.21 -
TrendMicro 9.120.0.1004 2010.04.21 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.22 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.21.2288 2010.04.22 -
[b]VirusBuster 5.0.27.0 2010.04.21 Win32.Neshta.B[/b]
[/QUOTE]
Additional information
File size: 4021248 bytes
MD5...: b0642d29c9ceac81c40fb5a2b21e9f03
SHA1..: 4b258daca65ebcf72980633871cc9030f2e5df7c
SHA256: 609814655edda2938c96c45d3504cfa33cce0b043bd251fd9bb912d229ab3f02
ssdeep: 98304:Zyt5pBpppppppxqppqxqpqCppppppppppxpFpppppppBpCpp6qq:E
PEiD..: -
[url]http://www.virustotal.com/analisis/609814655edda2938c96c45d3504cfa33cce0b043bd251fd9bb912d229ab3f02-1271901586[/url]
22.04.2010, 14:11
SyperVirus

MD5: 341c13c8f52bca5a6ffc1338b7ed851d

Антивирус Версия Обновление Результат
a-squared 4.5.0.43 2009.12.25 -
AhnLab-V3 5.0.0.2 2009.12.24 -
AntiVir 7.9.1.122 2009.12.24 -
Antiy-AVL 2.0.3.7 2009.12.25 -
Authentium 5.2.0.5 2009.12.25 -
Avast 4.8.1351.0 2009.12.25 -
AVG 8.5.0.430 2009.12.25 -
BitDefender 7.2 2009.12.25 -
CAT-QuickHeal 10.00 2009.12.24 -
ClamAV 0.94.1 2009.12.25 -
Comodo 3363 2009.12.25 -
DrWeb 5.0.1.12222 2009.12.25 -
eSafe 7.0.17.0 2009.12.24 -
eTrust-Vet 35.1.7197 2009.12.25 -
F-Prot 4.5.1.85 2009.12.25 -
F-Secure 9.0.15370.0 2009.12.25 -
Fortinet 4.0.14.0 2009.12.25 -
GData 19 2009.12.25 -
Ikarus T3.1.1.79.0 2009.12.25 -
Jiangmin 13.0.900 2009.12.25 -
K7AntiVirus 7.10.929 2009.12.24 -
Kaspersky 7.0.0.125 2009.12.25 -
McAfee 5842 2009.12.24 -
McAfee+Artemis 5842 2009.12.24 -
McAfee-GW-Edition 6.8.5 2009.12.25 -
Microsoft 1.5302 2009.12.25 -
NOD32 4716 2009.12.25 -
Norman 6.04.03 2009.12.24 -
nProtect 2009.1.8.0 2009.12.24 -
Panda 10.0.2.2 2009.12.15 -
PCTools 7.0.3.5 2009.12.25 -
Prevx 3.0 2009.12.25 -
Rising 22.27.04.04 2009.12.25 -
Sophos 4.49.0 2009.12.25 -
Sunbelt 3.2.1858.2 2009.12.24 -
Symantec 1.4.4.12 2009.12.25 -
TheHacker 6.5.0.3.110 2009.12.24 -
TrendMicro 9.120.0.1004 2009.12.25 PAK_Generic.001
VBA32 3.12.12.0 2009.12.25 -
ViRobot 2009.12.24.2107 2009.12.24 -
VirusBuster 5.0.21.0 2009.12.25 -
24.04.2010, 03:54
Erekle

Файл 7CF7E372000A5AF206880399B31467009D1D8CC2.dll [I][acpi24.dll][/I] получен 2010.04.21 09:53:27 (UTC)
Результат: 11/42 (26.19%)
[QUOTE][B]a-squared 4.5.0.50 2010.04.21 Trojan-Dropper.Agent!IK[/B]
AhnLab-V3 5.0.0.2 2010.04.21 -
AntiVir 7.10.6.147 2010.04.21 -
Antiy-AVL 2.0.3.7 2010.04.21 -
[B]Authentium 5.2.0.5 2010.04.21 W32/Mepaow.A.gen!Eldorado[/B]
Avast 4.8.1351.0 2010.04.21 -
Avast5 5.0.332.0 2010.04.21 -
[B]AVG 9.0.0.787 2010.04.21 Generic17.BDSX[/B]
BitDefender 7.2 2010.04.21 -
CAT-QuickHeal 10.00 2010.04.21 -
ClamAV 0.96.0.3-git 2010.04.21 -
Comodo 4656 2010.04.21 -
[B]DrWeb 5.0.2.03300 2010.04.21 DDoS.origin[/B]
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7439 2010.04.21 -
[B]F-Prot 4.5.1.85 2010.04.20 W32/Mepaow.A.gen!Eldorado[/B]
F-Secure 9.0.15370.0 2010.04.21 -
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.21 -
[B]Ikarus T3.1.1.80.0 2010.04.21 Trojan-Dropper.Agent[/B]
Jiangmin 13.0.900 2010.04.20 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.04.21 -
McAfee 5.400.0.1158 2010.04.21 -
McAfee+Artemis 5937 2010.03.31 -
[B]McAfee-GW-Edition 6.8.5 2010.04.21 Heuristic.BehavesLike.Win32.CodeInjection.L
Microsoft 1.5703 2010.04.21 Trojan:Win32/Boupke.gen!A[/B]
NOD32 5046 2010.04.21 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-21.01 2010.04.21 -
Panda 10.0.2.7 2010.04.20 -
PCTools 7.0.3.5 2010.04.21 -
[B]Prevx 3.0 2010.04.21 High Risk Cloaked Malware[/B]
Rising 22.44.02.05 2010.04.21 -
[B]Sophos 4.52.0 2010.04.21 Sus/Behav-1012
Sunbelt 6203 2010.04.21 Trojan.Win32.Generic!BT[/B]
Symantec 20091.2.0.41 2010.04.21 -
TheHacker 6.5.2.0.265 2010.04.21 -
TrendMicro 9.120.0.1004 2010.04.21 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.21 -[/QUOTE]
Дополнительная информация
File size: 198144 bytes
MD5 : 75795790277268d6602a3e538254ac51
SHA1 : 845c198e7dda25bc03514b430e6694a673d0bcaa
SHA256: 0512d71364ad551deea89e94c39b15a7daf9c5a1b262be6fc0429502d444e3e1
[url]http://www.virustotal.com/ru/analisis/0512d71364ad551deea89e94c39b15a7daf9c5a1b262be6fc0429502d444e3e1-1271843607[/url]

[size="1"][color="#666686"][B][I]Добавлено через 5 часов 44 минуты[/I][/B][/color][/size]

Файл 14B603100023AF9EB033009761736100F2314A94.exe получен 2010.04.21 09:52:53 (UTC)
Результат: 1/40 (2.50%)
[QUOTE]a-squared 4.5.0.50 2010.04.21 -
AhnLab-V3 5.0.0.2 2010.04.21 -
AntiVir 7.10.6.147 2010.04.21 -
Antiy-AVL 2.0.3.7 2010.04.21 -
Authentium 5.2.0.5 2010.04.21 -
Avast 4.8.1351.0 2010.04.21 -
Avast5 5.0.332.0 2010.04.21 -
AVG 9.0.0.787 2010.04.21 -
BitDefender 7.2 2010.04.21 -
CAT-QuickHeal 10.00 2010.04.21 -
ClamAV 0.96.0.3-git 2010.04.21 -
Comodo 4656 2010.04.21 -
DrWeb 5.0.2.03300 2010.04.21 -
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7439 2010.04.21 -
F-Prot 4.5.1.85 2010.04.20 -
F-Secure 9.0.15370.0 2010.04.21 -
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.21 -
Ikarus T3.1.1.80.0 2010.04.21 -
Jiangmin 13.0.900 2010.04.20 -
Kaspersky 7.0.0.125 2010.04.21 -
McAfee 5.400.0.1158 2010.04.21 -
McAfee-GW-Edition 6.8.5 2010.04.21 -
Microsoft 1.5703 2010.04.21 -
NOD32 5046 2010.04.21 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-21.01 2010.04.21 -
Panda 10.0.2.7 2010.04.20 -
PCTools 7.0.3.5 2010.04.21 -
Prevx 3.0 2010.04.21 -
Rising 22.44.02.05 2010.04.21 -
Sophos 4.52.0 2010.04.21 -
Sunbelt 6203 2010.04.21 -
Symantec 20091.2.0.41 2010.04.21 -
TheHacker 6.5.2.0.265 2010.04.21 -
TrendMicro 9.120.0.1004 2010.04.21 -
[B]VBA32 3.12.12.4 2010.04.19 suspected of Win32.Trojan.Downloader ([url]http://.[/url]..)[/B]
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.21 -[/QUOTE]
Дополнительная информация
File size: 45056 bytes
MD5 : 4c91f2dfc4e901cc1c97a2e8fd7aef52
SHA1 : b0e748429d8970d9bb12085381f831f82fc17e1d
SHA256: 55948827bb857828a7094c933009912551e0fbbf46b65782fadfd9cbef2d4f93
[url]http://www.virustotal.com/ru/analisis/55948827bb857828a7094c933009912551e0fbbf46b65782fadfd9cbef2d4f93-1271843573[/url]
29.04.2010, 21:26
Korvelle

Знакомый вернул флэшку.
File autorun.inf received on 2010.04.29 17:20:37 (UTC)
Result: 9/40 (22.5%)

Antivirus Version Last Update Result
[QUOTE][B]a-squared 4.5.0.50 2010.04.29 Virus.Worm.AutoRun!IK[/B]
AhnLab-V3 2010.04.29.05 2010.04.29 -
AntiVir 8.2.1.224 2010.04.29 -
Antiy-AVL 2.0.3.7 2010.04.29 -
Authentium 5.2.0.5 2010.04.29 -
Avast 4.8.1351.0 2010.04.29 -
Avast5 5.0.332.0 2010.04.29 -
[B]AVG 9.0.0.787 2010.04.29 Worm/AutoRun[/B]
BitDefender 7.2 2010.04.29 -
CAT-QuickHeal 10.00 2010.04.29 -
ClamAV 0.96.0.3-git 2010.04.29 -
Comodo 4711 2010.04.29 -
DrWeb 5.0.2.03300 2010.04.29 -
eSafe 7.0.17.0 2010.04.29 -
eTrust-Vet 35.2.7457 2010.04.29 -
F-Prot 4.5.1.85 2010.04.29 -
F-Secure 9.0.15370.0 2010.04.29 -
Fortinet 4.0.14.0 2010.04.27 -
GData 21 2010.04.29 -
[B]Ikarus T3.1.1.80.0 2010.04.29 Virus.Worm.AutoRun[/B]
Jiangmin 13.0.900 2010.04.29 -
Kaspersky 7.0.0.125 2010.04.29 -
[B]McAfee 5.400.0.1158 2010.04.29 Generic!atr.b[/B]
McAfee-GW-Edition 6.8.5 2010.04.29 -
Microsoft 1.5703 2010.04.29 -
NOD32 5072 2010.04.29 -
[B]Norman 6.04.12 2010.04.29 INF/Autorun.CX[/B]
nProtect 2010-04-29.01 2010.04.29 -
[B]Panda 10.0.2.7 2010.04.29 W32/P2Pworm.JW.worm[/B]
PCTools 7.0.3.5 2010.04.29 -
Rising 22.45.03.03 2010.04.29 -
[B]Sophos 4.53.0 2010.04.29 Mal/AutoInf-A[/B]
Sunbelt 6235 2010.04.28 -
Symantec 20091.2.0.41 2010.04.29 -
TheHacker 6.5.2.0.273 2010.04.29 -
[B]TrendMicro 9.120.0.1004 2010.04.29 Mal_Otorun1[/B]
[B]TrendMicro-HouseCall 9.120.0.1004 2010.04.29 Mal_Otorun1[/B]
VBA32 3.12.12.4 2010.04.29 -
ViRobot 2010.4.27.2295 2010.04.28 -
VirusBuster 5.0.27.0 2010.04.29 -[/QUOTE]
01.05.2010, 16:08
gjf

Продолжение печальной повести - новый TDL3: дроппер:
Файл keygen.ex1 получен 2010.05.01 04:41:11 (UTC)
Текущий статус: закончено
Результат: 17/40 (42.50%)
[QUOTE]a-squared 4.5.0.50 2010.05.01 -
AhnLab-V3 2010.05.01.00 2010.05.01 -
[B]AntiVir 8.2.1.224 2010.04.30 TR/Alureon.CT.1379[/B]
Antiy-AVL 2.0.3.7 2010.04.30 -
Authentium 5.2.0.5 2010.05.01 -
Avast 4.8.1351.0 2010.04.30 -
Avast5 5.0.332.0 2010.04.30 -
[B]AVG 9.0.0.787 2010.04.30 Generic17.BMCX[/B]
BitDefender 7.2 2010.05.01 -
CAT-QuickHeal 10.00 2010.04.29 -
ClamAV 0.96.0.3-git 2010.05.01 -
[B]Comodo 4725 2010.05.01 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.05.01 BackDoor.Tdss.2459[/B]
eSafe 7.0.17.0 2010.04.29 -
[B]eTrust-Vet 35.2.7462 2010.04.30 Win32/TDSS.B!generic[/B]
F-Prot 4.5.1.85 2010.04.30 -
[B]F-Secure 9.0.15370.0 2010.04.30 Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.0.14.0 2010.04.30 -
GData 21 2010.05.01 -
Ikarus T3.1.1.80.0 2010.04.30 -
Jiangmin 13.0.900 2010.04.29 -
[B]Kaspersky 7.0.0.125 2010.05.01 Trojan.Win32.TDSS.bcfd[/B]
McAfee 5.400.0.1158 2010.05.01 -
[B]McAfee-GW-Edition 6.8.5 2010.04.30 Trojan.Alureon.CT.1379
Microsoft 1.5703 2010.05.01 Trojan:Win32/Alureon.CT
NOD32 5076 2010.04.30 Win32/Olmarik.YJ[/B]
Norman 6.04.12 2010.04.30 -
nProtect 2010-04-30.01 2010.04.30 -
[B]Panda 10.0.2.7 2010.04.30 Suspicious file[/B]
PCTools 7.0.3.5 2010.05.01 -
[B]Prevx 3.0 2010.05.01 Medium Risk Malware[/B]
Rising 22.45.04.03 2010.04.30 -
[B]Sophos 4.53.0 2010.05.01 Sus/EncPk-OJ
Sunbelt 6245 2010.05.01 Trojan.Win32.Generic!BT[/B]
[B]Symantec 20091.2.0.41 2010.05.01 Backdoor.Tidserv[/B]
TheHacker 6.5.2.0.274 2010.04.30 -
[B]TrendMicro 9.120.0.1004 2010.04.30 BKDR_TDSS.SMC[/B]
VBA32 3.12.12.4 2010.04.30 -
ViRobot 2010.4.30.2297 2010.05.01 -
[B]VirusBuster 5.0.27.0 2010.04.30 Rootkit.Alureon.Gen.10[/B][/QUOTE]
[url]http://www.virustotal.com/ru/analisis/a85d73c849b7a192afc2b06e460edaff89e2656ea3cd9a7801733af518cbd5f5-1272688871[/url]

... и библа:

Файл tdlcmd.dll получен 2010.05.01 04:41:18 (UTC)
Текущий статус: закончено
Результат: 14/40 (35.00%)
[QUOTE][B]a-squared 4.5.0.50 2010.05.01 Virus.Win32.DNSChanger.VJ!IK[/B]
AhnLab-V3 2010.05.01.00 2010.05.01 -
[B]AntiVir 8.2.1.224 2010.04.30 TR/Agent.8704.76[/B]
Antiy-AVL 2.0.3.7 2010.04.30 -
[B]Authentium 5.2.0.5 2010.05.01 W32/AdAgent.Z.gen!Eldorado
Avast 4.8.1351.0 2010.04.30 Win32:DNSChanger-VJ
Avast5 5.0.332.0 2010.04.30 Win32:DNSChanger-VJ[/B]
AVG 9.0.0.787 2010.04.30 -
BitDefender 7.2 2010.05.01 -
CAT-QuickHeal 10.00 2010.04.29 -
ClamAV 0.96.0.3-git 2010.05.01 -
Comodo 4725 2010.05.01 -
[B]DrWeb 5.0.2.03300 2010.05.01 BackDoor.Tdss.origin[/B]
eSafe 7.0.17.0 2010.04.29 -
eTrust-Vet 35.2.7462 2010.04.30 -
[B]F-Prot 4.5.1.85 2010.04.30 W32/AdAgent.Z.gen!Eldorado[/B]
F-Secure 9.0.15370.0 2010.04.30 -
Fortinet 4.0.14.0 2010.04.30 -
[B]GData 21 2010.05.01 Win32:DNSChanger-VJ
Ikarus T3.1.1.80.0 2010.04.30 Virus.Win32.DNSChanger.VJ[/B]
Jiangmin 13.0.900 2010.04.29 -
Kaspersky 7.0.0.125 2010.05.01 -
McAfee 5.400.0.1158 2010.05.01 -
[B]McAfee-GW-Edition 6.8.5 2010.04.30 Heuristic.BehavesLike.Win32.Spyware.P
Microsoft 1.5703 2010.05.01 Trojan:Win32/Alureon.CT
NOD32 5076 2010.04.30 a variant of Win32/O[/B]lmarik.XU
Norman 6.04.12 2010.04.30 -
nProtect 2010-04-30.01 2010.04.30 -
Panda 10.0.2.7 2010.04.30 -
PCTools 7.0.3.5 2010.05.01 -
Prevx 3.0 2010.05.01 -
Rising 22.45.04.03 2010.04.30 -
[B]Sophos 4.53.0 2010.05.01 Mal/Emogen-Y[/B]
Sunbelt 6245 2010.05.01 -
Symantec 20091.2.0.41 2010.05.01 -
TheHacker 6.5.2.0.274 2010.04.30 -
TrendMicro 9.120.0.1004 2010.04.30 -
[B]VBA32 3.12.12.4 2010.04.30 Trojan.Win32.Olmarik.17[/B]
ViRobot 2010.4.30.2297 2010.05.01 -
VirusBuster 5.0.27.0 2010.04.30 -[/QUOTE]

[url]http://www.virustotal.com/ru/analisis/f9cdce8b35f6d4172cd0ffea528b47a364b9ed76ee17263c676724789b1bbaab-1272688878[/url]
06.05.2010, 13:54
AlexGOMEL

Файл torta.exe получен 2010.05.06 09:26:04 (UTC)

Результат: 29/41 (70.74%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.05.06 -
AhnLab-V3 2010.05.05.00 2010.05.05 [B]Win32/Palevo1.worm.Gen[/B]
AntiVir 8.2.1.236 2010.05.06 [B]TR/Crypt.ZPACK.Gen[/B]
Antiy-AVL 2.0.3.7 2010.05.06 -
Authentium 5.2.0.5 2010.05.06 [B]W32/Rimecud.A.gen!Eldorado[/B]
Avast 4.8.1351.0 2010.05.05 [B]Win32:MalOb-AI[/B]
Avast5 5.0.332.0 2010.05.05 [B]Win32:MalOb-AI[/B]
AVG 9.0.0.787 2010.05.05 [B]Win32/Cryptor[/B]
BitDefender 7.2 2010.05.06 [B]Gen:Heur.Krypt.24[/B]
CAT-QuickHeal 10.00 2010.05.04 [B]Worm.Rimecud.A[/B]
ClamAV 0.96.0.3-git 2010.05.06 -
Comodo 4778 2010.05.06 [B]TrojWare.Win32.P2P-Worm.Palevo.owp[/B]
DrWeb 5.0.2.03300 2010.05.06 [B]Trojan.Packed.688[/B]
eSafe 7.0.17.0 2010.05.05 -
eTrust-Vet 35.2.7470 2010.05.05 -
F-Prot 4.5.1.85 2010.05.06 [B]W32/Rimecud.A.gen!Eldorado[/B]
F-Secure 9.0.15370.0 2010.05.06 [B]Worm:W32/Palevo.gen!M[/B]
Fortinet 4.0.14.0 2010.05.05 [B]W32/Rimecud!tr[/B]
GData 21 2010.05.06 [B]Gen:Heur.Krypt.24[/B]
Ikarus T3.1.1.84.0 2010.05.06 -
Jiangmin 13.0.900 2010.05.06 [B]Heur:Trojan/Pakes[/B]
Kaspersky 7.0.0.125 2010.05.06 -
McAfee 5.400.0.1158 2010.05.06 [B]W32/Rimecud.gen.a[/B]
McAfee-GW-Edition 2010.1 2010.05.06 [B]W32/Rimecud.gen.a[/B]
Microsoft 1.5703 2010.05.05 [B]Worm:Win32/Rimecud.A[/B]
NOD32 5090 2010.05.06 [B]a variant of Win32/Peerfrag.FU[/B]
Norman 6.04.12 2010.05.06 -
nProtect 2010-05-06.02 2010.05.06 -
Panda 10.0.2.7 2010.05.05 [B]Trj/CI.A[/B]
PCTools 7.0.3.5 2010.05.06 [B]Malware.Pilleuz[/B]
Prevx 3.0 2010.05.06 [B]High Risk Cloaked Malware[/B]
Rising 22.46.03.04 2010.05.06 -
Sophos 4.53.0 2010.05.06 [B]Mal/Rimecud-B[/B]
Sunbelt 6265 2010.05.06 [B]Worm.Win32.Rimecud.c (v)[/B]
Symantec 20091.2.0.41 2010.05.06 [B]W32.Pilleuz!gen1[/B]
TheHacker 6.5.2.0.276 2010.05.06 [B]W32/Rimecud.gen[/B]
TrendMicro 9.120.0.1004 2010.05.06 [B]WORM_PALEVO.SMEP[/B]
TrendMicro-HouseCall 9.120.0.1004 2010.05.06 [B]WORM_PALEVO.SMEP[/B]
VBA32 3.12.12.4 2010.05.06 [B]Malware-Cryptor.Win32.Inject.gen[/B]
ViRobot 2010.5.4.2303 2010.05.06 -
VirusBuster 5.0.27.0 2010.05.05 -

Дополнительная информация
File size: 143360 bytes
MD5...: f96d4a9a7372421cf4cda22ed4f78f24
08.05.2010, 04:46
gjf

Новый буткит (тот, который с инфектором от TDL3). И пусть говорят, что старый :) Привожу один из вариантов, всего около десятка:
File 2d4f0001_1fc9fa66da8293c55e63e2a8 received on 2010.05.08 00:44:20 (UTC)
Result: 13/41 (31.71%)
[QUOTE][B]a-squared 4.5.0.50 2010.05.07 Trojan-Downloader.Win32.Mebroot!IK[/B]
AhnLab-V3 2010.05.08.00 2010.05.07 -
AntiVir 8.2.1.236 2010.05.07 -
Antiy-AVL 2.0.3.7 2010.05.07 -
Authentium 5.2.0.5 2010.05.07 -
Avast 4.8.1351.0 2010.05.07 -
Avast5 5.0.332.0 2010.05.07 -
[B]AVG 9.0.0.787 2010.05.07 PSW.Sinowal.AZ
BitDefender 7.2 2010.05.08 Gen:Variant.Sinowal.1[/B]
CAT-QuickHeal 10.00 2010.05.07 -
ClamAV 0.96.0.3-git 2010.05.08 -
[B]Comodo 4788 2010.05.07 Backdoor.Win32.Sinowal.~CRSE
DrWeb 5.0.2.03300 2010.05.08 Trojan.Packed.20024[/B]
eSafe 7.0.17.0 2010.05.06 -
eTrust-Vet 35.2.7474 2010.05.07 -
F-Prot 4.5.1.85 2010.05.07 -
[B]F-Secure 9.0.15370.0 2010.05.07 Gen:Variant.Sinowal.1[/B]
Fortinet 4.1.133.0 2010.05.07 -
[B]GData 21 2010.05.08 Gen:Variant.Sinowal.1
Ikarus T3.1.1.84.0 2010.05.07 Trojan-Downloader.Win32.Mebroot[/B]
Jiangmin 13.0.900 2010.05.07 -
Kaspersky 7.0.0.125 2010.05.08 -
McAfee 5.400.0.1158 2010.05.08 -
McAfee-GW-Edition 2010.1 2010.05.07 -
Microsoft 1.5703 2010.05.08 -
[B]NOD32 5096 2010.05.07 a variant of Win32/Mebroot.DX[/B]
Norman 6.04.12 2010.05.07 -
[B]nProtect 2010-05-07.01 2010.05.07 Gen:Variant.Sinowal.1
Panda 10.0.2.7 2010.05.07 Suspicious file[/B]
PCTools 7.0.3.5 2010.05.07 -
Prevx 3.0 2010.05.08 -
Rising 22.46.04.04 2010.05.07 -
Sophos 4.53.0 2010.05.08 -
Sunbelt 6276 2010.05.08 -
[B]Symantec 20091.2.0.41 2010.05.08 Trojan.Mebroot[/B]
TheHacker 6.5.2.0.277 2010.05.07 -
TrendMicro 9.120.0.1004 2010.05.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.08 -
[B]VBA32 3.12.12.4 2010.05.06 suspected of Malware-Cryptor.Win32.General.5[/B]
ViRobot 2010.5.7.2306 2010.05.07 -
VirusBuster 5.0.27.0 2010.05.07 -[/QUOTE]

[url]http://www.virustotal.com/analisis/a6f4f8f20279fa5ec2515b25a2b9c44329f9c3fd4191c607b0b498ddbf9f5bbe-1273279460[/url]
10.05.2010, 18:14
polar_owl

Поймал здесь:[url]http://virusinfo.info/showthread.php?t=77940[/url]
На момент "ловли" детектировался только VBA32 (по Киберу)
Файл 44a133dc6baefbbedb9ade16147405c0. получен 2010.05.10 14:09:45
Результат: 5/41 (12.2%)
[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.09.00 2010.05.08 -
AntiVir 8.2.1.236 2010.05.10 -
Antiy-AVL 2.0.3.7 2010.05.10 -
Authentium 5.2.0.5 2010.05.10 -
Avast 4.8.1351.0 2010.05.10 -
Avast5 5.0.332.0 2010.05.10 -
AVG 9.0.0.787 2010.05.10 -
BitDefender 7.2 2010.05.10 -
CAT-QuickHeal 10.00 2010.05.10 -
ClamAV 0.96.0.3-git 2010.05.10 -
Comodo 4814 2010.05.10 -
[B]DrWeb 5.0.2.03300 2010.05.10 Trojan.Winlock.1600[/B]
eSafe 7.0.17.0 2010.05.10 -
eTrust-Vet 35.2.7477 2010.05.10 -
F-Prot 4.5.1.85 2010.05.10 -
F-Secure 9.0.15370.0 2010.05.10 -
Fortinet 4.1.133.0 2010.05.10 -
GData 21 2010.05.10 -
Ikarus T3.1.1.84.0 2010.05.10 -
Jiangmin 13.0.900 2010.05.10 -
[B]Kaspersky 7.0.0.125 2010.05.10 Trojan-Ransom.Win32.PornoBlocker.sr
McAfee 5.400.0.1158 2010.05.09 Suspect-1B!FABBFDAFA955[/B]
McAfee-GW-Edition 2010.1 2010.05.10 -
Microsoft 1.5703 2010.05.10 -
NOD32 5101 2010.05.10 -
Norman 6.04.12 2010.05.10 -
nProtect 2010-05-10.01 2010.05.10 -
Panda 10.0.2.7 2010.05.09 -
PCTools 7.0.3.5 2010.05.10 -
Prevx 3.0 2010.05.10 -
Rising 22.47.00.04 2010.05.10 -
Sophos 4.53.0 2010.05.10 -
[B]Sunbelt 6284 2010.05.10 Backdoor.Win32.Hupigon (v)[/B]
Symantec 20091.2.0.41 2010.05.10 -
TheHacker 6.5.2.0.277 2010.05.10 -
TrendMicro 9.120.0.1004 2010.05.10 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.10 -
[B]VBA32 3.12.12.4 2010.05.06 suspected of Win32 Logon AutoStart Install[/B]
ViRobot 2010.5.10.2308 2010.05.10 -
VirusBuster 5.0.27.0 2010.05.10 -
[/QUOTE]

[url]http://www.virustotal.com/ru/analisis/faedb4d3f8f61e7f5ee2ea61dd311276a13c26eac1c79c28742eaee730bbf0fa-1273500585[/url]
13.05.2010, 12:08
gjf

Богов Олимпа надо уважать! ;)
File bot.exe received on 2010.05.13 08:04:51 (UTC)
Result: 19/41 (46.35%)
[QUOTE]a-squared 4.5.0.50 2010.05.10 -
[B]AhnLab-V3 2010.05.13.01 2010.05.13 Trojan/Win32.CSon[/B]
AntiVir 8.2.1.242 2010.05.12 -
Antiy-AVL 2.0.3.7 2010.05.13 -
Authentium 5.2.0.5 2010.05.13 -
Avast 4.8.1351.0 2010.05.13 -
Avast5 5.0.332.0 2010.05.13 -
[B]AVG 9.0.0.787 2010.05.13 SHeur3.WJS
BitDefender 7.2 2010.05.13 Trojan.Generic.KD.11459[/B]
CAT-QuickHeal 10.00 2010.05.13 -
ClamAV 0.96.0.3-git 2010.05.13 -
[B]Comodo 4831 2010.05.13 TrojWare.Win32.TrojanSpy.Zbot.Gen
DrWeb 5.0.2.03300 2010.05.13 Trojan.PWS.Panda.218[/B]
eSafe 7.0.17.0 2010.05.11 -
eTrust-Vet 35.2.7485 2010.05.13 -
F-Prot 4.5.1.85 2010.05.13 -
[B]F-Secure 9.0.15370.0 2010.05.13 Trojan.Generic.KD.11459[/B]
Fortinet 4.1.133.0 2010.05.13 -
[B]GData 21 2010.05.13 Trojan.Generic.KD.11459
Ikarus T3.1.1.84.0 2010.05.13 PWS.Win32[/B]
Jiangmin 13.0.900 2010.05.13 -
[B]Kaspersky 7.0.0.125 2010.05.13 Trojan-Spy.Win32.Zbot.ajhf[/B]
McAfee 5.400.0.1158 2010.05.13 -
[B]McAfee-GW-Edition 2010.1 2010.05.13 Artemis!4DC14290FB2C
Microsoft 1.5703 2010.05.13 PWS:Win32/Zbot.gen!R
NOD32 5110 2010.05.12 Win32/Spy.Zbot.YW[/B]
Norman 6.04.12 2010.05.13 -
[B]nProtect 2010-05-13.01 2010.05.13 Trojan.Generic.KD.11459
Panda 10.0.2.7 2010.05.12 Suspicious file[/B]
PCTools 7.0.3.5 2010.05.13 -
[B]Prevx 3.0 2010.05.13 Medium Risk Malware
Rising 22.47.03.02 2010.05.13 Trojan.Win32.Generic.52041BA7
Sophos 4.53.0 2010.05.13 Mal/FakeAV-DL
Sunbelt 6297 2010.05.13 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.05.13 Trojan.Zbot[/B]
TheHacker 6.5.2.0.280 2010.05.13 -
TrendMicro 9.120.0.1004 2010.05.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.13 -
VBA32 3.12.12.4 2010.05.13 -
ViRobot 2010.5.13.2313 2010.05.13 -
VirusBuster 5.0.27.0 2010.05.12 -[/QUOTE]
[url]http://www.virustotal.com/analisis/400f446a79b6e098530e948e93da7c3218852f3acd5b0ea4977ad7b5e122830b-1273737891[/url]
13.05.2010, 23:36
polar_owl

Поймал сегодня:[url]http://virusinfo.info/showthread.php?t=78262[/url]
Ни один антивирус на ВТ на момент ловли не детектил. Ситуация на данный момент:

Файл avz00001.dta получен 2010.05.13 19:30:34 (UTC)
Результат: 1/41 (2.44%)[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.13.01 2010.05.13 -
AntiVir 8.2.1.242 2010.05.13 -
Antiy-AVL 2.0.3.7 2010.05.13 -
Authentium 5.2.0.5 2010.05.13 -
Avast 4.8.1351.0 2010.05.13 -
Avast5 5.0.332.0 2010.05.13 -
AVG 9.0.0.787 2010.05.13 -
BitDefender 7.2 2010.05.13 -
CAT-QuickHeal 10.00 2010.05.13 -
ClamAV 0.96.0.3-git 2010.05.13 -
Comodo 4833 2010.05.13 -
[B]DrWeb 5.0.2.03300 2010.05.13 Trojan.Winlock.1643[/B]
eSafe 7.0.17.0 2010.05.13 -
eTrust-Vet 35.2.7485 2010.05.13 -
F-Prot 4.5.1.85 2010.05.13 -
F-Secure 9.0.15370.0 2010.05.13 -
Fortinet 4.1.133.0 2010.05.13 -
GData 21 2010.05.13 -
Ikarus T3.1.1.84.0 2010.05.13 -
Jiangmin 13.0.900 2010.05.13 -
Kaspersky 7.0.0.125 2010.05.13 -
McAfee 5.400.0.1158 2010.05.13 -
McAfee-GW-Edition 2010.1 2010.05.13 -
Microsoft 1.5703 2010.05.13 -
NOD32 5113 2010.05.13 -
Norman 6.04.12 2010.05.13 -
nProtect 2010-05-13.01 2010.05.13 -
Panda 10.0.2.7 2010.05.13 -
PCTools 7.0.3.5 2010.05.13 -
Prevx 3.0 2010.05.13 -
Rising 22.47.03.04 2010.05.13 -
Sophos 4.53.0 2010.05.13 -
Sunbelt 6299 2010.05.13 -
Symantec 20101.1.0.89 2010.05.13 -
TheHacker 6.5.2.0.280 2010.05.13 -
TrendMicro 9.120.0.1004 2010.05.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.13 -
VBA32 3.12.12.4 2010.05.13 -
ViRobot 2010.5.13.2314 2010.05.13 -
VirusBuster 5.0.27.0 2010.05.13 -[/QUOTE]
13.05.2010, 23:48
hton5

[B]File update_flash_player_x14.exe received on 2010.05.13 18:43:23 (UTC)[/B]

[CODE][B]a-squared;4.5.0.50;2010.05.10;Trojan-Ransom.Win32.PinkBlocker!IK[/B]
AhnLab-V3;2010.05.13.01;2010.05.13;-
AntiVir;8.2.1.242;2010.05.13;-
Antiy-AVL;2.0.3.7;2010.05.13;-
Authentium;5.2.0.5;2010.05.13;-
Avast;4.8.1351.0;2010.05.13;-
Avast5;5.0.332.0;2010.05.13;-
AVG;9.0.0.787;2010.05.13;-
BitDefender;7.2;2010.05.13;-
CAT-QuickHeal;10.00;2010.05.13;-
ClamAV;0.96.0.3-git;2010.05.13;-
Comodo;4833;2010.05.13;-
DrWeb;5.0.2.03300;2010.05.13;-
eSafe;7.0.17.0;2010.05.13;-
eTrust-Vet;35.2.7485;2010.05.13;-
F-Prot;4.5.1.85;2010.05.13;-
F-Secure;9.0.15370.0;2010.05.13;-
Fortinet;4.1.133.0;2010.05.13;-
GData;21;2010.05.13;-
[B]Ikarus;T3.1.1.84.0;2010.05.13;Trojan-Ransom.Win32.PinkBlocker[/B]
[B]Jiangmin;13.0.900;2010.05.13;Trojan/PinkBlocker.qs[/B]
Kaspersky;7.0.0.125;2010.05.13;-
McAfee;5.400.0.1158;2010.05.13;-
McAfee-GW-Edition;2010.1;2010.05.13;-
Microsoft;1.5703;2010.05.13;-
[B]NOD32;5113;2010.05.13;a variant of Win32/LockScreen.SN[/B]
Norman;6.04.12;2010.05.13;-
nProtect;2010-05-13.01;2010.05.13;-
Panda;10.0.2.7;2010.05.13;-
PCTools;7.0.3.5;2010.05.13;-
Rising;22.47.03.04;2010.05.13;-
Sophos;4.53.0;2010.05.13;-
Sunbelt;6299;2010.05.13;-
Symantec;20101.1.0.89;2010.05.13;-
TheHacker;6.5.2.0.280;2010.05.13;-
TrendMicro;9.120.0.1004;2010.05.13;-
TrendMicro-HouseCall;9.120.0.1004;2010.05.13;-
VBA32;3.12.12.4;2010.05.13;-
ViRobot;2010.5.13.2314;2010.05.13;-
VirusBuster;5.0.27.0;2010.05.13;-[/CODE]
18.05.2010, 11:21
Шапельский Александр

Чистил ПК на работе. [QUOTE]G:\TAMBA\\\\\LAMBA.exe[/QUOTE]
Папка "TAMBA" находилась на флешке вместе с autorun.inf. Зловред прописывал csrss.exe (LAMBA.exe) в автозагрузку профиля пользователя с подменой диспетчера задач.
[URL="http://www.virustotal.com/ru/analisis/6ac4cc707bdbd48a702570fda650c252e3de12b84257c9094d5dc2b2bbe6635f-1274166216"]http://www.virustotal.com/ru/analisis/6ac4cc707bdbd48a702570fda650c252e3de12b84257c9094d5dc2b2bbe6635f-1274166216[/URL]
[QUOTE]a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.18.01 2010.05.18 -
AntiVir 8.2.1.242 2010.05.17 -
Antiy-AVL 2.0.3.7 2010.05.17 -
[B]Authentium 5.2.0.5 2010.05.18 W32/Rimecud.I2.gen!Eldorado[/B]
Avast 4.8.1351.0 2010.05.17 -
Avast5 5.0.332.0 2010.05.17 -
[B]AVG 9.0.0.787 2010.05.17 Cryptic.GW
BitDefender 7.2 2010.05.18 Gen:Variant.Rimecud.2
CAT-QuickHeal 10.00 2010.05.18 Worm.Palevo[/B]
ClamAV 0.96.0.3-git 2010.05.18 -
[B]Comodo 4869 2010.05.18 Worm.Win32.Peerfrag.~NHD
DrWeb 5.0.2.03300 2010.05.18 Trojan.Packed.189[/B]
eSafe 7.0.17.0 2010.05.17 -
eTrust-Vet 35.2.7495 2010.05.17 -
[B]F-Prot 4.5.1.85 2010.05.18 W32/Rimecud.I2.gen!Eldorado
F-Secure 9.0.15370.0 2010.05.18 Gen:Variant.Rimecud.2[/B]
Fortinet 4.1.133.0 2010.05.18 -
[B]GData 21 2010.05.18 Gen:Variant.Rimecud.2[/B]
Ikarus T3.1.1.84.0 2010.05.18 -
Jiangmin 13.0.900 2010.05.18 -
Kaspersky 7.0.0.125 2010.05.18 -
McAfee 5.400.0.1158 2010.05.18 -
McAfee-GW-Edition 2010.1 2010.05.17 -
[B]Microsoft 1.5703 2010.05.18 Worm:Win32/Rimecud.B
NOD32 5122 2010.05.17 a variant of Win32/Peerfrag.HD[/B]
Norman 6.04.12 2010.05.18 -
[B]nProtect 2010-05-17.01 2010.05.17 Gen:Variant.Rimecud.2[/B]
Panda 10.0.2.7 2010.05.17 -
[B]PCTools 7.0.3.5 2010.05.18 Malware.Pilleuz[/B]
Prevx 3.0 2010.05.18 -
Rising 22.48.01.02 2010.05.18 -
[B]Sophos 4.53.0 2010.05.18 Mal/Palevo-A
Sunbelt 6316 2010.05.18 Packed.Win32.Crum (v)
Symantec 20101.1.0.89 2010.05.18 W32.Pilleuz!gen5[/B]
TheHacker 6.5.2.0.281 2010.05.17 -
[B]TrendMicro 9.120.0.1004 2010.05.18 Mal_Palevo5
TrendMicro-HouseCall 9.120.0.1004 2010.05.18 Mal_Palevo5
VBA32 3.12.12.5 2010.05.17 Malware-Cryptor.Win32.101[/B]
ViRobot 2010.5.18.2321 2010.05.18 -
VirusBuster 5.0.27.0 2010.05.17 -
Дополнительная информация
File size: 153088 bytes
MD5...: 1b7d07967c3b17ff726d9690bdada386
SHA1..: 838840b2671d4f00243a82de051f0e0bbf1b5a85
SHA256: 6ac4cc707bdbd48a702570fda650c252e3de12b84257c9094d5dc2b2bbe6635f
ssdeep: 3072:dbFHOCTAmlnNznZc/PyY6Gro2IOP74qt3uojwY1S:dtO0AmfnZc/Pw+JIOP
L3uojw[/QUOTE]
18.05.2010, 18:27
gjf

Новый старый способ распространения TDL3:
[QUOTE]SMTP and POP3 servers for [I][email protected][/I] mailbox are changed. Please carefully read the attached instructions before updating settings.

[url]http://deleted/card.zip[/url][/QUOTE]

File card.zip received on 2010.05.18 13:57:26 (UTC)
Result: 14/41 (34.15%)
[QUOTE]a-squared 4.5.0.50 2010.05.10 -
[B]AhnLab-V3 2010.05.18.01 2010.05.18 Dropper/Win32.TDSS
AntiVir 8.2.1.242 2010.05.18 TR/Alureon.CT.1526[/B]
Antiy-AVL 2.0.3.7 2010.05.18 -
[B]Authentium 5.2.0.5 2010.05.18 W32/Alureon.JHV[/B]
Avast 4.8.1351.0 2010.05.18 -
Avast5 5.0.332.0 2010.05.18 -
AVG 9.0.0.787 2010.05.18 -
BitDefender 7.2 2010.05.18 -
CAT-QuickHeal 10.00 2010.05.18 -
ClamAV 0.96.0.3-git 2010.05.18 -
Comodo 4873 2010.05.18 -
[B]DrWeb 5.0.2.03300 2010.05.18 BackDoor.Tdss.2459[/B]
eSafe 7.0.17.0 2010.05.17 -
eTrust-Vet 35.2.7496 2010.05.18 -
[B]F-Prot 4.5.1.85 2010.05.18 W32/Alureon.JHV
F-Secure 9.0.15370.0 2010.05.18 Trojan:W32/TDSS.FQ[/B]
Fortinet 4.1.133.0 2010.05.18 -
GData 21 2010.05.18 -
[B]Ikarus T3.1.1.84.0 2010.05.18 Trojan.Win32.Alureon[/B]
Jiangmin 13.0.900 2010.05.18 -
Kaspersky 7.0.0.125 2010.05.18 -
McAfee 5.400.0.1158 2010.05.18 -
McAfee-GW-Edition 2010.1 2010.05.18 -
[B]Microsoft 1.5802 2010.05.18 Trojan:Win32/Alureon.CT
NOD32 5124 2010.05.18 Win32/Olmarik.ZH[/B]
Norman 6.04.12 2010.05.18 -
nProtect 2010-05-18.01 2010.05.18 -
[B]Panda 10.0.2.7 2010.05.17 Suspicious file
PCTools 7.0.3.5 2010.05.18 Backdoor.Tidserv[/B]
Prevx 3.0 2010.05.18 -
Rising 22.48.01.02 2010.05.18 -
[B]Sophos 4.53.0 2010.05.18 Troj/Bredo-CR[/B]
Sunbelt 6317 2010.05.18 -
[B]Symantec 20101.1.0.89 2010.05.18 Backdoor.Tidserv!gen4[/B]
TheHacker 6.5.2.0.281 2010.05.17 -
TrendMicro 9.120.0.1004 2010.05.18 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.18 -
VBA32 3.12.12.5 2010.05.18 -
ViRobot 2010.5.18.2322 2010.05.18 -
[B]VirusBuster 5.0.27.0 2010.05.18 Trojan.Alureon.Gen.12[/B][/QUOTE]

[url]http://www.virustotal.com/analisis/c4b3f436f90b02eb562338be0f55fb3a0d8dba61b65c6416dbbf470c20f94a40-1274191046[/url]
21.05.2010, 15:45
polar_owl

На работе выловил. Ничего его не брало, даже LiveCD. При запуске АВ - утилит комп просто завершал работу. Прописывается эта бяка в [B]AppInit_DLLs[/B]. Собственно так и выловил. Файл имел название [B]t.dll[/B] -- лежал в [B]system32[/B].

File 111.dll received on 2010.05.21 09:10:27 (UTC)
Результат: 9/41 (21.96%)
[QUOTE]Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.21.00 2010.05.20 -
AntiVir 8.2.1.242 2010.05.21 -
Antiy-AVL 2.0.3.7 2010.05.21 -
Authentium 5.2.0.5 2010.05.21 -
Avast 4.8.1351.0 2010.05.21 -
Avast5 5.0.332.0 2010.05.21 -
[B]AVG 9.0.0.787 2010.05.20 Cryptic.SO[/B]
BitDefender 7.2 2010.05.21 -
CAT-QuickHeal 10.00 2010.05.21 -
ClamAV 0.96.0.3-git 2010.05.21 -
[B]Comodo 4897 2010.05.21 Heur.Packed.Unknown
DrWeb 5.0.2.03300 2010.05.21 Trojan.Winlock.1721[/B]
eSafe 7.0.17.0 2010.05.20 -
eTrust-Vet 35.2.7502 2010.05.21 -
F-Prot 4.6.0.103 2010.05.20 -
F-Secure 9.0.15370.0 2010.05.21 -
Fortinet 4.1.133.0 2010.05.20 -
GData 21 2010.05.21 -
[B]Ikarus T3.1.1.84.0 2010.05.21 Trojan.Cryptic[/B]
Jiangmin 13.0.900 2010.05.20 -
[B]Kaspersky 7.0.0.125 2010.05.21 Worm.Win32.NeKav.cl[/B]
McAfee 5.400.0.1158 2010.05.21 -
[B]McAfee-GW-Edition 2010.1 2010.05.21 Artemis!39E93988A325
Microsoft 1.5802 2010.05.20 Worm:Win32/Autorun.gen!BS[/B]
NOD32 5134 2010.05.21 -
Norman 6.04.12 2010.05.21 -
nProtect 2010-05-21.01 2010.05.21 -
Panda 10.0.2.7 2010.05.20 -
PCTools 7.0.3.5 2010.05.21 -
Prevx 3.0 2010.05.21 -
Rising 22.48.04.04 2010.05.21 -
[B]Sophos 4.53.0 2010.05.21 Sus/UnkPack-C
Sunbelt 6332 2010.05.21 Trojan.Win32.Generic!BT[/B]
Symantec 20101.1.0.89 2010.05.21 -
TheHacker 6.5.2.0.284 2010.05.20 -
TrendMicro 9.120.0.1004 2010.05.21 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.21 -
VBA32 3.12.12.5 2010.05.20 -
ViRobot 2010.5.20.2326 2010.05.20 -
VirusBuster 5.0.27.0 2010.05.21 -[/QUOTE]

Показывать 40 сообщений этой темы на одной странице