Исследование антивирусов 7

Printable View

Показывать 40 сообщений этой темы на одной странице

24.05.2010, 12:48
DefesT

Файл [B]mms.jar[/B] получен 2010.05.24 08:33:57 (UTC)
Результат: [B][COLOR="Red"]8[/COLOR]/41[/B] (19.52%)
[QUOTE][U]Антивирус Версия Обновление Результат[/U]
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.23.00 2010.05.22 -
AntiVir 8.2.1.242 2010.05.23 [B]JAVA/Smmer.5994[/B]
Antiy-AVL 2.0.3.7 2010.05.24 [B]Trojan/J2ME.Smmer[/B]
Authentium 5.2.0.5 2010.05.23 -
Avast 4.8.1351.0 2010.05.23 -
Avast5 5.0.332.0 2010.05.23 -
AVG 9.0.0.787 2010.05.23 [B]Java/SMS.J[/B]
BitDefender 7.2 2010.05.24 -
CAT-QuickHeal 10.00 2010.05.24 -
ClamAV 0.96.0.3-git 2010.05.22 -
Comodo 4930 2010.05.24 [B]UnclassifiedMalware[/B]
DrWeb 5.0.2.03300 2010.05.24 [B]Java.SMSSend.177[/B]
eSafe 7.0.17.0 2010.05.23 -
eTrust-Vet 35.2.7506 2010.05.24 -
F-Prot 4.6.0.103 2010.05.23 -
F-Secure 9.0.15370.0 2010.05.24 [B]Riskware:Java/SmsSend.Gen!A[/B]
Fortinet 4.1.133.0 2010.05.23 -
GData 21 2010.05.24 -
Ikarus T3.1.1.84.0 2010.05.24 [B]Trojan-SMS[/B]
Jiangmin 13.0.900 2010.05.22 -
Kaspersky 7.0.0.125 2010.05.24 [B]Trojan-SMS.J2ME.Smmer.a[/B]
McAfee 5.400.0.1158 2010.05.24 -
McAfee-GW-Edition 2010.1 2010.05.23 -
Microsoft 1.5802 2010.05.24 -
NOD32 5139 2010.05.23 -
Norman 6.04.12 2010.05.23 -
nProtect 2010-05-23.01 2010.05.23 -
Panda 10.0.2.7 2010.05.23 -
PCTools 7.0.3.5 2010.05.24 -
Prevx 3.0 2010.05.24 -
Rising 22.49.00.03 2010.05.24 -
Sophos 4.53.0 2010.05.24 -
Sunbelt 6346 2010.05.24 -
Symantec 20101.1.0.89 2010.05.24 -
TheHacker 6.5.2.0.286 2010.05.24 -
TrendMicro 9.120.0.1004 2010.05.24 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.24 -
VBA32 3.12.12.5 2010.05.22 -
ViRobot 2010.5.20.2326 2010.05.24 -
VirusBuster 5.0.27.0 2010.05.23 -
[/QUOTE]
Дополнительная информация
File size: [B]17493[/B] bytes
MD5...: b4c114850d73db941c695b9d35cf4f29
SHA1..: 3b64e52f05f9bcbf51e7bb3366d65d1815cb9319
SHA256: 37dd628f6c9d53181c9002fe8bdc5026685811ff2bff5f3116d36dc335847ae9
[url]http://www.virustotal.com/ru/analisis/37dd628f6c9d53181c9002fe8bdc5026685811ff2bff5f3116d36dc335847ae9-1274690037[/url]
25.05.2010, 15:08
Юльча

Файл video-plugin.45046.exe получен 2010.05.25 11:00:38 (UTC)
Результат: 14/40 (35%)

[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.25.00 2010.05.25 -
AntiVir 8.2.1.242 2010.05.25 -
Antiy-AVL 2.0.3.7 2010.05.25 -
[B]Authentium 5.2.0.5 2010.05.25 W32/FakeAlert.5!Maximus[/B]
Avast 4.8.1351.0 2010.05.25 -
Avast5 5.0.332.0 2010.05.25 -
AVG 9.0.0.787 2010.05.25 -
[B]BitDefender 7.2 2010.05.25 Trojan.Renos.PGL[/B]
CAT-QuickHeal 10.00 2010.05.25 -
ClamAV 0.96.0.3-git 2010.05.25 -
Comodo 4939 2010.05.25 -
[B]DrWeb 5.0.2.03300 2010.05.25 Trojan.DownLoad1.60983[/B]
eSafe 7.0.17.0 2010.05.24 -
[B]eTrust-Vet 35.2.7508 2010.05.25 Win32/FakeCodec.C!generic
F-Prot 4.6.0.103 2010.05.24 W32/FakeAlert.5!Maximus
F-Secure 9.0.15370.0 2010.05.25 Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.1.133.0 2010.05.23 -
[B]GData 21 2010.05.25 Trojan.Renos.PGL[/B]
Ikarus T3.1.1.84.0 2010.05.25 -
Jiangmin 13.0.900 2010.05.24 -
Kaspersky 7.0.0.125 2010.05.25 -
[B]McAfee 5.400.0.1158 2010.05.25 Downloader-CEW.b[/B]
McAfee-GW-Edition 2010.1 2010.05.25 -
Microsoft 1.5802 2010.05.25 -
[B]NOD32 5143 2010.05.25 Win32/TrojanDownloader.FakeAlert.AYQ[/B]
Norman 6.04.12 2010.05.25 -
nProtect 2010-05-25.01 2010.05.25 -
[B]Panda 10.0.2.7 2010.05.25 Suspicious file[/B]
PCTools 7.0.3.5 2010.05.25 -
[B]Rising 22.49.01.04 2010.05.25 Trojan.Win32.Generic.52062772
Sophos 4.53.0 2010.05.25 Mal/FakeAV-CX
Sunbelt 6352 2010.05.25 Trojan.Win32.Generic!BT[/B]
Symantec 20101.1.0.89 2010.05.25 -
TheHacker 6.5.2.0.287 2010.05.25 -
TrendMicro 9.120.0.1004 2010.05.25 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.25 -
VBA32 3.12.12.5 2010.05.25 -
ViRobot 2010.5.20.2326 2010.05.25 -
[B]VirusBuster 5.0.27.0 2010.05.24 Trojan.Codecpack.Gen.6[/B][/QUOTE]

[url]http://www.virustotal.com/ru/analisis/19fdcd90bd8cb33b3ad9bd83963bf5c8a9950598df0c357e479eca31c665637b-1274785238[/url]
27.05.2010, 14:34
Юльча

Файл [B]0.005320158428112287.exe[/B] получен 2010.05.27 10:30:04 (UTC)
Результат: [B][COLOR="Red"]4[/COLOR]/40 (10%)[/B]

[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.27.00 2010.05.27 -
AntiVir 8.2.1.242 2010.05.27 -
Antiy-AVL 2.0.3.7 2010.05.26 -
Authentium 5.2.0.5 2010.05.27 -
[B]Avast 4.8.1351.0 2010.05.27 Win32:Crypt-GMW
Avast5 5.0.332.0 2010.05.27 Win32:Crypt-GMW[/B]
AVG 9.0.0.787 2010.05.27 -
BitDefender 7.2 2010.05.27 -
CAT-QuickHeal 10.00 2010.05.27 -
ClamAV 0.96.0.3-git 2010.05.27 -
Comodo 4942 2010.05.25 -
[B]DrWeb 5.0.2.03300 2010.05.27 Trojan.DownLoad1.60799[/B]
eSafe 7.0.17.0 2010.05.26 -
eTrust-Vet 35.2.7513 2010.05.27 -
F-Prot 4.6.0.103 2010.05.26 -
F-Secure 9.0.15370.0 2010.05.27 -
Fortinet 4.1.133.0 2010.05.26 -
[B]GData 21 2010.05.27 Win32:Crypt-GMW[/B]
Ikarus T3.1.1.84.0 2010.05.27 -
Jiangmin 13.0.900 2010.05.24 -
Kaspersky 7.0.0.125 2010.05.27 -
McAfee 5.400.0.1158 2010.05.27 -
McAfee-GW-Edition 2010.1 2010.05.27 -
Microsoft 1.5802 2010.05.27 -
NOD32 5149 2010.05.27 -
Norman 6.04.12 2010.05.26 -
nProtect 2010-05-27.01 2010.05.27 -
Panda 10.0.2.7 2010.05.26 -
PCTools 7.0.3.5 2010.05.27 -
Rising 22.49.03.04 2010.05.27 -
Sophos 4.53.0 2010.05.27 -
Sunbelt 6363 2010.05.27 -
Symantec 20101.1.0.89 2010.05.27 -
TheHacker 6.5.2.0.287 2010.05.25 -
TrendMicro 9.120.0.1004 2010.05.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.27 -
VBA32 3.12.12.5 2010.05.26 -
ViRobot 2010.5.20.2326 2010.05.27 -
VirusBuster 5.0.27.0 2010.05.26 -[/QUOTE]

[url]http://www.virustotal.com/ru/analisis/33e93197bf66a344be2d54a3beb7c91d7a98c6e6fb212b8bd0b6396522453cee-1274956204[/url]
28.05.2010, 09:47
Shu_b

t-79536
File stWpaE7.exe received on 2010.05.28 05:44:32 (UTC)
[CODE]Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.28.00 2010.05.28 -
AntiVir 8.2.1.242 2010.05.27 -
Antiy-AVL 2.0.3.7 2010.05.26 -
Authentium 5.2.0.5 2010.05.28 -
Avast 4.8.1351.0 2010.05.27 -
Avast5 5.0.332.0 2010.05.27 -
AVG 9.0.0.787 2010.05.27 -
BitDefender 7.2 2010.05.28 -
[B]CAT-QuickHeal 10.00 2010.05.28 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.05.28 -
Comodo 4942 2010.05.25 -
[B]DrWeb 5.0.2.03300 2010.05.28 Trojan.Packed.20325[/B]
eSafe 7.0.17.0 2010.05.27 -
eTrust-Vet 35.2.7515 2010.05.27 -
F-Prot 4.6.0.103 2010.05.28 -
F-Secure 9.0.15370.0 2010.05.28 -
Fortinet 4.1.133.0 2010.05.26 -
GData 21 2010.05.28 -
Ikarus T3.1.1.84.0 2010.05.28 -
Jiangmin 13.0.900 2010.05.27 -
Kaspersky 7.0.0.125 2010.05.28 -
McAfee 5.400.0.1158 2010.05.28 -
McAfee-GW-Edition 2010.1 2010.05.27 -
[B]Microsoft 1.5802 2010.05.28 Trojan:Win32/Meredrop[/B]
NOD32 5151 2010.05.27 -
Norman 6.04.12 2010.05.27 -
nProtect 2010-05-27.03 2010.05.27 -
Panda 10.0.2.7 2010.05.27 -
PCTools 7.0.3.5 2010.05.28 -
[B]Prevx 3.0 2010.05.28 Medium Risk Malware[/B]
Rising 22.49.04.01 2010.05.28 -
Sophos 4.53.0 2010.05.28 -
Sunbelt 6367 2010.05.28 -
Symantec 20101.1.0.89 2010.05.28 -
TheHacker 6.5.2.0.288 2010.05.27 -
TrendMicro 9.120.0.1004 2010.05.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.28 -
VBA32 3.12.12.5 2010.05.27 -
ViRobot 2010.5.20.2326 2010.05.28 -
VirusBuster 5.0.27.0 2010.05.27 -[/CODE]
Additional information
File size: 100864 bytes
MD5...: 63896d67aa1026e7e4e94b6b38acf743
28.05.2010, 14:25
Vadim_SVN

Файл [B]svhost.exe[/B] получен 2010.05.28 09:47:05 (UTC)
Результат:[B] 9/41[/B] (21.96%)
[CODE]a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.28.00 2010.05.28 -
AntiVir 8.2.1.242 2010.05.28 -
Antiy-AVL 2.0.3.7 2010.05.26 -
Authentium 5.2.0.5 2010.05.28 -
Avast 4.8.1351.0 2010.05.28 -
[B]Avast5 5.0.332.0 2010.05.28 Win32:SuspBehav-C[/B]
AVG 9.0.0.787 2010.05.27 -
BitDefender 7.2 2010.05.28 -
[B]CAT-QuickHeal 10.00 2010.05.28 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.05.28 -
Comodo 4942 2010.05.25 -
[B]DrWeb 5.0.2.03300 2010.05.28 Trojan.Winlock.1765[/B]
eSafe 7.0.17.0 2010.05.27 -
eTrust-Vet 35.2.7516 2010.05.28 -
F-Prot 4.6.0.103 2010.05.28 -
[B]F-Secure 9.0.15370.0 2010.05.28 Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.1.133.0 2010.05.26 -
GData 21 2010.05.28 -
Ikarus T3.1.1.84.0 2010.05.28 -
Jiangmin 13.0.900 2010.05.28 -
[B]Kaspersky 7.0.0.125 2010.05.28 Trojan-Ransom.Win32.PinkBlocker.blk[/B]
McAfee 5.400.0.1158 2010.05.28 -
[B]McAfee-GW-Edition 2010.1 2010.05.28 Artemis!BE43FF336A01[/B]
Microsoft 1.5802 2010.05.28 -
NOD32 5152 2010.05.28 -
Norman 6.04.12 2010.05.27 -
nProtect 2010-05-27.03 2010.05.27 -
[B]Panda 10.0.2.7 2010.05.27 Suspicious file[/B]
PCTools 7.0.3.5 2010.05.28 -
Prevx 3.0 2010.05.28 -
Rising 22.49.04.04 2010.05.28 -
[B]Sophos 4.53.0 2010.05.28 Sus/UnkPack-C[/B]
Sunbelt 6368 2010.05.28 -
Symantec 20101.1.0.89 2010.05.28 -
TheHacker 6.5.2.0.288 2010.05.27 -
TrendMicro 9.120.0.1004 2010.05.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.28 -
[B]VBA32 3.12.12.5 2010.05.28 Trojan.Win32.Waledac.42[/B]
ViRobot 2010.5.20.2326 2010.05.28 -
VirusBuster 5.0.27.0 2010.05.27 -
[/CODE]

Дополнительная информация
File size: [B]380416 bytes[/B]
MD5...: be43ff336a0176b9976c8b44a66753d6

[url]http://www.virustotal.com/ru/analisis/350cdf0cdadc3bf64e4a849853ff08e90469411a33382e38986968fdec19abd4-1275040025[/url]
31.05.2010, 14:32
valho

Сделал человеку фотографию на паспорт дома, записал на флешку, сестра сходила в фотостудию. Оттуда уже принесла и это при том что у флешки был заблокирован autorun.inf

File jwgkvsq.vmx received on 2010.05.31 10:17:54 (UTC)
Current status: Finished
Result: 32/33 (96.97%)
[QUOTE][B]a-squared 5.0.0.26 2010.05.31 Net-Worm.Win32.Kido!IK[/B]
[B]AntiVir 8.2.1.242 2010.05.31 Worm/Conficker.AG[/B]
Antiy-AVL 2.0.3.7 2010.05.31 -
[B]Authentium 5.2.0.5 2010.05.31 W32/Conficker!Generic[/B]
[B]Avast 4.8.1351.0 2010.05.30 Win32:Confi[/B]
[B]Avast5 5.0.332.0 2010.05.30 Win32:Confi[/B]
[B]BitDefender 7.2 2010.05.31 Win32.Worm.Downadup.Gen[/B]
[B]CAT-QuickHeal 10.00 2010.05.31 Worm.Conficker.b[/B]
[B]ClamAV 0.96.0.3-git 2010.05.30 Worm.Kido-61[/B]
[B]Comodo 4959 2010.05.31 Worm.Win32.Conficker.AG0[/B]
[B]eSafe 7.0.17.0 2010.05.30 Win32.Conficker.worm[/B]
[B]eTrust-Vet 35.2.7521 2010.05.31 Win32/Conficker[/B]
[B]F-Prot 4.6.0.103 2010.05.31 W32/Conficker!Generic[/B]
[B]Fortinet 4.1.133.0 2010.05.30 W32/Conficker.IH!worm.im[/B]
[B]GData 21 2010.05.31 Win32.Worm.Downadup.Gen[/B]
[B]Ikarus T3.1.1.84.0 2010.05.31 Net-Worm.Win32.Kido[/B]
[B]Jiangmin 13.0.900 2010.05.30 Worm/Kido.jm[/B]
[B]Kaspersky 7.0.0.125 2010.05.31 Net-Worm.Win32.Kido.ih[/B]
[B]McAfee 5.400.0.1158 2010.05.31 W32/Conficker.worm.gen.a[/B]
[B]McAfee-GW-Edition 2010.1 2010.05.31 W32/Conficker.worm.gen.a[/B]
[B]Microsoft 1.5802 2010.05.31 Worm:Win32/Conficker.B[/B]
[B]NOD32 5157 2010.05.31 a variant of Win32/Conficker.AA[/B]
[B]nProtect 2010-05-31.01 2010.05.31 Worm/W32.Kido.169822[/B]
[B]Panda 10.0.2.7 2010.05.30 W32/Conficker.C.worm[/B]
[B]PCTools 7.0.3.5 2010.05.31 Trojan.Conficker[/B]
[B]Prevx 3.0 2010.05.31 Medium Risk Malware[/B]
[B]Rising 22.50.00.04 2010.05.31 Trojan.Win32.Generic.51F828F1[/B]
[B]Sophos 4.53.0 2010.05.31 Mal/Conficker-A[/B]
[B]TheHacker 6.5.2.0.290 2010.05.30 W32/Kido.ih[/B]
[B]TrendMicro 9.120.0.1004 2010.05.31 WORM_DOWNAD.AD[/B]
[B]VBA32 3.12.12.5 2010.05.29 Worm.Win32.kido.105[/B]
[B]ViRobot 2010.5.20.2326 2010.05.28 Worm.Win32.Conficker.169822[/B]
[B]VirusBuster 5.0.27.0 2010.05.30 Worm.Kido.KE[/B][/QUOTE]
Additional information
File size: 169822 bytes
MD5...: acf4da36e762084070f8138a43144759
SHA1..: 2f00848973f6abaa5a31647a19c0da6053a3e4c5
SHA256: 71608b749d8e3d8736975a26151d529ddee99d92f97640ab36927f91e1846282
ssdeep: 3072:+/5E60KXnXhddhoqAtULVMtpJW+PIeii72sxPzhO8k6YWsC8VTd/ThWlA0J
RkFX+:U5p0KdDtLKtpJFILroPzhO71+I1FWu0f
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x43cb
timedatestamp.....: 0x4495b5bb (Sun Jun 18 20:21:15 2006)
machinetype.......: 0x14c (I386)
31.05.2010, 17:36
gjf

File _TEMP.exe received on 2010.05.31 09:31:26 (UTC)
Result: 0/41 (0.00%)
[QUOTE]a-squared 5.0.0.26 2010.05.31 -
AhnLab-V3 2010.05.30.00 2010.05.29 -
AntiVir 8.2.1.242 2010.05.31 -
Antiy-AVL 2.0.3.7 2010.05.31 -
Authentium 5.2.0.5 2010.05.31 -
Avast 4.8.1351.0 2010.05.30 -
Avast5 5.0.332.0 2010.05.30 -
AVG 9.0.0.787 2010.05.31 -
BitDefender 7.2 2010.05.31 -
CAT-QuickHeal 10.00 2010.05.31 -
ClamAV 0.96.0.3-git 2010.05.30 -
Comodo 4959 2010.05.31 -
DrWeb 5.0.2.03300 2010.05.31 -
eSafe 7.0.17.0 2010.05.30 -
eTrust-Vet 35.2.7521 2010.05.31 -
F-Prot 4.6.0.103 2010.05.31 -
F-Secure 9.0.15370.0 2010.05.31 -
Fortinet 4.1.133.0 2010.05.30 -
GData 21 2010.05.31 -
Ikarus T3.1.1.84.0 2010.05.31 -
Jiangmin 13.0.900 2010.05.30 -
Kaspersky 7.0.0.125 2010.05.31 -
McAfee 5.400.0.1158 2010.05.31 -
McAfee-GW-Edition 2010.1 2010.05.31 -
Microsoft 1.5802 2010.05.31 -
NOD32 5157 2010.05.31 -
Norman 6.04.12 2010.05.31 -
nProtect 2010-05-31.01 2010.05.31 -
Panda 10.0.2.7 2010.05.30 -
PCTools 7.0.3.5 2010.05.31 -
Prevx 3.0 2010.05.31 -
Rising 22.50.00.04 2010.05.31 -
Sophos 4.53.0 2010.05.31 -
Sunbelt 6380 2010.05.31 -
Symantec 20101.1.0.89 2010.05.31 -
TheHacker 6.5.2.0.290 2010.05.30 -
TrendMicro 9.120.0.1004 2010.05.31 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.31 -
VBA32 3.12.12.5 2010.05.29 -
ViRobot 2010.5.20.2326 2010.05.28 -
VirusBuster 5.0.27.0 2010.05.30 -[/QUOTE]
[url]http://www.virustotal.com/analisis/467c7c4b5f82470170b0b9d89b9724769b809ba4384f95b0239bfd47cec20c6b-1275298286[/url]
[B]P.S. ~Temp.exe = Trojan.MSIL.Agent.lc[/B]

[size="1"][color="#666686"][B][I]Добавлено через 2 часа 25 минут[/I][/B][/color][/size]

ZBot2:
File load.exe received on 2010.05.31 13:33:28 (UTC)
Result: 8/41 (19.52%)
[QUOTE][B]a-squared 5.0.0.26 2010.05.31 Backdoor.Win32.Bifrose!IK[/B]
AhnLab-V3 2010.05.30.00 2010.05.29 -
AntiVir 8.2.1.242 2010.05.31 -
Antiy-AVL 2.0.3.7 2010.05.31 -
Authentium 5.2.0.5 2010.05.31 -
Avast 4.8.1351.0 2010.05.30 -
Avast5 5.0.332.0 2010.05.30 -
AVG 9.0.0.787 2010.05.31 -
BitDefender 7.2 2010.05.31 -
[B]CAT-QuickHeal 10.00 2010.05.31 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.05.31 -
Comodo 4959 2010.05.31 -
DrWeb 5.0.2.03300 2010.05.31 -
eSafe 7.0.17.0 2010.05.30 -
eTrust-Vet 35.2.7521 2010.05.31 -
F-Prot 4.6.0.103 2010.05.31 -
F-Secure 9.0.15370.0 2010.05.31 -
Fortinet 4.1.133.0 2010.05.30 -
GData 21 2010.05.31 -
[B]Ikarus T3.1.1.84.0 2010.05.31 Backdoor.Win32.Bifrose[/B]
Jiangmin 13.0.900 2010.05.30 -
Kaspersky 7.0.0.125 2010.05.31 -
[B]McAfee 5.400.0.1158 2010.05.31 BackDoor-CEP.gen.cb[/B]
McAfee-GW-Edition 2010.1 2010.05.31 [B]Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.B
Microsoft 1.5802 2010.05.31 VirTool:Win32/VBInject.gen!CI[/B]
NOD32 5157 2010.05.31 -
Norman 6.04.12 2010.05.31 -
nProtect 2010-05-31.01 2010.05.31 -
[B]Panda 10.0.2.7 2010.05.30 Bck/Bifrost.gen[/B]
PCTools 7.0.3.5 2010.05.31 -
[B]Prevx 3.0 2010.05.31 High Risk Cloaked Malware[/B]
Rising 22.50.00.04 2010.05.31 -
Sophos 4.53.0 2010.05.31 -
Sunbelt 6381 2010.05.31 -
Symantec 20101.1.0.89 2010.05.31 -
TheHacker 6.5.2.0.290 2010.05.30 -
TrendMicro 9.120.0.1004 2010.05.31 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.31 -
VBA32 3.12.12.5 2010.05.31 -
ViRobot 2010.5.31.2331 2010.05.31 -
VirusBuster 5.0.27.0 2010.05.30 -[/QUOTE]
[url]http://www.virustotal.com/analisis/7a3e027c0c988fccda032f5fa404c6368e78901b6a0401403a2f8e5d12028cb1-1275312808[/url]
02.06.2010, 00:10
gjf

TDL3 - суточной давности дроппер.
File setup.exe received on 2010.06.01 20:07:22 (UTC)
Result: [COLOR=red]4[/COLOR]/41 (9.76%)
[QUOTE]a-squared5.0.0.262010.06.01-
AhnLab-V32010.06.01.012010.06.01-
AntiVir8.2.1.2422010.06.01-
Antiy-AVL2.0.3.72010.06.01-
Authentium5.2.0.52010.06.01-
Avast4.8.1351.02010.06.01-
Avast55.0.332.02010.06.01-
AVG9.0.0.7872010.06.01-
BitDefender7.22010.06.01-
CAT-QuickHeal10.002010.06.01-
ClamAV0.96.0.3-git2010.06.01-
[B]Comodo[/B][B]4977[/B][B]2010.06.01[/B][B]Heur.Packed.Unknown[/B]
DrWeb5.0.2.033002010.06.01-
eSafe7.0.17.02010.06.01-
eTrust-Vet35.2.75232010.06.01-
F-Prot4.6.0.1032010.06.01-
F-Secure9.0.15370.02010.06.01-
Fortinet4.1.133.02010.06.01-
GData212010.06.01-
IkarusT3.1.1.84.02010.06.01-
Jiangmin13.0.9002010.05.31-
Kaspersky7.0.0.1252010.06.01-
McAfee5.400.0.11582010.06.01-
[B]McAfee-GW-Edition[/B][B]2010.1[/B][B]2010.06.01[/B]
[B]Heuristic.LooksLike.Trojan.Backdoor.Agent.I[/B]
Microsoft1.58022010.06.01-
NOD3251642010.06.01-
Norman6.04.122010.06.01-
nProtect2010-06-01.022010.06.01-
Panda10.0.2.72010.06.01-
PCTools7.0.3.52010.06.01-
[B]Prevx[/B][B]3.0[/B][B]2010.06.01[/B][B]Medium Risk Malware[/B]
Rising22.50.01.032010.06.01-
[B]Sophos[/B][B]4.53.0[/B][B]2010.06.01[/B][B]Mal/TDSSPack-Y[/B]
Sunbelt63872010.06.01-
Symantec20101.1.0.892010.06.01-
TheHacker6.5.2.0.2912010.06.01-
TrendMicro9.120.0.10042010.06.01-
TrendMicro-HouseCall9.120.0.10042010.06.01-
VBA323.12.12.52010.06.01-
ViRobot2010.6.1.23332010.06.01-
VirusBuster5.0.27.02010.06.01-[/QUOTE]
[url]http://www.virustotal.com/analisis/2669faf30cbc1ced13578d4c27c5ad9dbedeec255531570fba362610724dbb6d-1275422842[/url]
04.06.2010, 10:57
ISO

Мой KIS опять не знаком с этой гадостью.
File [B]csrss.exe[/B] received on 2010.06.04 06:46:45 (UTC)
Result: 21/41 (51.22%)

[QUOTE]Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.06.04 -
AhnLab-V3 2010.06.04.00 2010.06.03 -
[B]AntiVir 8.2.2.4 2010.06.03 TR/ATRAPS.Gen2[/B]
Antiy-AVL 2.0.3.7 2010.06.02 -
[B]Authentium 5.2.0.5 2010.06.04 W32/Rimecud.I.gen!Eldorado[/B]
Avast 4.8.1351.0 2010.06.03 -
[B]Avast5 5.0.332.0 2010.06.03 Win32:SuspBehav-C[/B]
[B]AVG 9.0.0.787 2010.06.04 Cryptic.IJ[/B]
[B]BitDefender 7.2 2010.06.04 Gen:Variant.Rimecud.2
CAT-QuickHeal 10.00 2010.06.04 Worm.Palevo[/B]
ClamAV 0.96.0.3-git 2010.06.04 -
[B]Comodo 4981 2010.06.04 TrojWare.Win32.Cryp_Palevo5
DrWeb 5.0.2.03300 2010.06.04 Trojan.Packed.20312[/B]
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7527 2010.06.03 -
[B]F-Prot 4.6.0.103 2010.06.03 W32/Rimecud.I.gen!Eldorado
F-Secure 9.0.15370.0 2010.06.04 Gen:Variant.Rimecud.2[/B]
Fortinet 4.1.133.0 2010.06.03 -
[B]GData 21 2010.06.04 Gen:Variant.Rimecud.2[/B]
Ikarus T3.1.1.84.0 2010.06.04 -
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
[B]McAfee-GW-Edition 2010.1 2010.06.04 Artemis!A6536E001908[/B]
Microsoft 1.5802 2010.06.04 -
[B]NOD32 5170 2010.06.03 a variant of Win32/Peerfrag.HD[/B]
Norman 6.04.12 2010.06.03 -
[B]nProtect 2010-06-03.01 2010.06.03 Gen:Variant.Rimecud.2
Panda 10.0.2.7 2010.06.03 Suspicious file
PCTools 7.0.3.5 2010.06.04 Malware.Pilleuz[/B]
Prevx 3.0 2010.06.04 -
Rising 22.50.04.01 2010.06.04 -
Sophos 4.53.0 2010.06.04 -
[B]Sunbelt 6403 2010.06.04 Packed.Win32.Crum (v)
Symantec 20101.1.0.89 2010.06.04 W32.Pilleuz!gen5[/B]
TheHacker 6.5.2.0.292 2010.06.04 -
[B]TrendMicro 9.120.0.1004 2010.06.04 Mal_Palevo5
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 Mal_Palevo5
VBA32 3.12.12.5 2010.06.03 BScope.Trojan.MTA.0230[/B]
ViRobot 2010.6.4.2336 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.03 -[/QUOTE]
Additional information
File size: 141824 bytes
MD5...: a6536e001908e4bb243c3b4e85dcd169
SHA1..: 2c3f13c0d0227f8e830fccfde5d6f010dbf88fff
SHA256: f87df4c3d49dd0e44630381f5a98c0853d7343c43de31094d094190ee069ec2d
ssdeep: 3072:bUA1SZQBWQednQjOfZnn8vyn1fbEvxLysmsYSsgMm6mFq:b11DS11EksYS
04.06.2010, 20:08
ALEX(XX)

"Улов"
Файл porno-incest-zrelye-zhenschiny_pa получен 2010.06.04 15:42:04 (UTC)
[CODE]Антивирус Версия Обновление Результат
a-squared 5.0.0.26 2010.06.04 -
AhnLab-V3 2010.06.04.02 2010.06.04 -
AntiVir 8.2.2.6 2010.06.04 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 HTML:Script-inf
Avast5 5.0.332.0 2010.06.04 HTML:Script-inf[/B]
AVG 9.0.0.787 2010.06.04 -
BitDefender 7.2 2010.06.04 -
CAT-QuickHeal 10.00 2010.06.04 -
ClamAV 0.96.0.3-git 2010.06.04 -
Comodo 4984 2010.06.04 -
DrWeb 5.0.2.03300 2010.06.04 -
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.03 -
F-Secure 9.0.15370.0 2010.06.04 -
Fortinet 4.1.133.0 2010.06.04 -
[B]GData 21 2010.06.04 HTML:Script-inf[/B]
Ikarus T3.1.1.84.0 2010.06.04 -
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
Microsoft 1.5802 2010.06.04 -
NOD32 5172 2010.06.04 -
Norman 6.04.12 2010.06.04 -
nProtect 2010-06-04.01 2010.06.04 -
Panda 10.0.2.7 2010.06.04 -
PCTools 7.0.3.5 2010.06.04 -
Prevx 3.0 2010.06.04 -
Rising 22.50.04.04 2010.06.04 -
Sophos 4.53.0 2010.06.04 -
Sunbelt 6405 2010.06.04 -
Symantec 20101.1.0.89 2010.06.04 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 -
VBA32 3.12.12.5 2010.06.04 -
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File size: 26773 bytes
MD5   : 6a6a7c160b7d82dfb458779dbfeb379a
SHA1  : d25c03d21a4dbbcac922da3d65539b99ae3536f2
SHA256: 9fd352c5a6d2acfe57c8184113b2fe243c7303834e631f4ad5c298085c2353ca
TrID  : File type identification HyperText Markup Language (100.0%)
ssdeep: 384:UkhHQYsqLeDcxJT7Xo2IVHzBOPQVPdaPGDKpMy/nlJJfbr24/i9tolCKW7QWm0J:UkhHsqLeDcfT82uFThUbrX+olCL75m0J
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
PEiD  : -
RDS   : NSRL Reference Data Set -
[/CODE]

Файл jdpkXFS.exe получен 2010.06.04 15:42:33 (UTC)
[CODE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.26 2010.06.04 Trojan.Win32.Meredrop.A!A2[/B]
AhnLab-V3 2010.06.04.02 2010.06.04 -
[B]AntiVir 8.2.2.6 2010.06.04 TR/Meredrop.A.10097[/B]
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 Win32:Rootkit-gen
Avast5 5.0.332.0 2010.06.04 Win32:Rootkit-gen
AVG 9.0.0.787 2010.06.04 SHeur3.ZZZ[/B]
BitDefender 7.2 2010.06.04 -
[B]CAT-QuickHeal 10.00 2010.06.04 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.06.04 -
[B]Comodo 4984 2010.06.04 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.06.04 Trojan.Packed.20320[/B]
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.03 -
F-Secure 9.0.15370.0 2010.06.04 -
Fortinet 4.1.133.0 2010.06.04 -
[B]GData 21 2010.06.04 Win32:Rootkit-gen[/B]
Ikarus T3.1.1.84.0 2010.06.04 -
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
[B]Microsoft 1.5802 2010.06.04 Trojan:Win32/Meredrop
NOD32 5172 2010.06.04 Win32/Spy.Shiz.NBD[/B]
Norman 6.04.12 2010.06.04 -
nProtect 2010-06-04.01 2010.06.04 -
[B]Panda 10.0.2.7 2010.06.04 Generic Malware[/B]
PCTools 7.0.3.5 2010.06.04 -
[B]Prevx 3.0 2010.06.04 Medium Risk Malware[/B]
Rising 22.50.04.04 2010.06.04 -
Sophos 4.53.0 2010.06.04 -
[B]Sunbelt 6405 2010.06.04 Trojan.Win32.Generic!BT[/B]
Symantec 20101.1.0.89 2010.06.04 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 -
[B]VBA32 3.12.12.5 2010.06.04 Win32.Spy.Shiz.NBD[/B]
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File size: 95232 bytes
MD5...: 60461eab0f3830660d660cc0d81ea605
SHA1..: 987176733844a08c282078e617ba916c1fa4043d
SHA256: f6a2df0b7214934f9ecda9e324faddb68afac775cde4e8e7ee58e683d591f470
ssdeep: 1536:M1S6ssPcBOeiY9PXNWen/ycAFlP7JE9dWW670ISC0W+3CML+2ssTTmle:M1 SLOeZ18e/X2lP7JcWWzISCkSAie 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x16a0 timedatestamp.....: 0x343f7e00 (Sat Oct 11 13:24:16 1997) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x52da 0x5400 7.58 494c135b90b12369c37c8b57fa715381 .data 0x7000 0xf810 0xfa00 7.38 5935f2309984ab57a4dda823cede9dd2 .idata 0x17000 0x4ab 0x600 4.05 04fc78daff8355191d10b900ec97fefb .rsrc 0x18000 0x19a0 0x1a00 5.78 181203eafe0908823d482840a504445f .reloc 0x1a000 0xce 0x200 3.16 a360412cd1e858c80b1fd295c8789b55 ( 2 imports ) > KERNEL32.dll: GetStartupInfoA, GetModuleHandleA, GetProcAddress, GetTickCount, FatalAppExitA, GetTempFileNameA, GetLogicalDrives, RemoveDirectoryW, GetCurrentThreadId, GetModuleFileNameW, FileTimeToLocalFileTime, MoveFileW, ExitProcess, ExitThread, CreateSemaphoreA, FileTimeToSystemTime, GetCurrentDirectoryA, CreateNamedPipeW, OpenMutexA, GetFileAttributesW, FindAtomA, SetCurrentDirectoryA, GlobalAlloc > USER32.dll: WaitMessage, DialogBoxIndirectParamA, TrackPopupMenu, SetDlgItemTextW, GetKeyboardLayout, PeekMessageA, InsertMenuItemA, GetMessageW, CreateWindowExW, GetKeyState, SetCapture, GetClassInfoW, GetClassLongW, wsprintfA, IsDlgButtonChecked, ShowCursor, CheckRadioButton, LockWindowUpdate, GetDlgItemInt ( 0 exports ) 
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: Win32 Executable Generic (38.3%) Win32 Dynamic Link Library (generic) (34.1%) Win16/32 Executable Delphi generic (9.3%) Generic Win/DOS Executable (9.0%) DOS Executable Generic (9.0%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=283F1722006047E0740D01689A325E0037E45040' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=283F1722006047E0740D01689A325E0037E45040</a>
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck: publisher....: Pgovgj Xgjlps Ixtryw copyright....: Ywrywbp Xzilnrf Ruwzcjh product......: Pwmwsws description..: Vqoqtv Cxipn original name: n/a internal name: n/a file version.: 9.5.0.9 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
[/CODE]

Файл 50f4b730-5243791e получен 2010.06.04 15:42:10 (UTC)
[CODE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.26 2010.06.04 Trojan-Downloader.Java.Agent!IK[/B]
AhnLab-V3 2010.06.04.02 2010.06.04 -
AntiVir 8.2.2.6 2010.06.04 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 Java:Djewers-H
Avast5 5.0.332.0 2010.06.04 Java:Djewers-H[/B]
AVG 9.0.0.787 2010.06.04 -
BitDefender 7.2 2010.06.04 -
CAT-QuickHeal 10.00 2010.06.04 -
ClamAV 0.96.0.3-git 2010.06.04 -
Comodo 4984 2010.06.04 -
DrWeb 5.0.2.03300 2010.06.04 -
eSafe 7.0.17.0 2010.06.03 -
[B]eTrust-Vet 35.2.7528 2010.06.04 Java/SillyDl.HJW[/B]
F-Prot 4.6.0.103 2010.06.03 -
F-Secure 9.0.15370.0 2010.06.04 -
Fortinet 4.1.133.0 2010.06.04 -
[B]GData 21 2010.06.04 Java:Djewers-H
Ikarus T3.1.1.84.0 2010.06.04 Trojan-Downloader.Java.Agent[/B]
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
Microsoft 1.5802 2010.06.04 -
NOD32 5172 2010.06.04 -
Norman 6.04.12 2010.06.04 -
nProtect 2010-06-04.01 2010.06.04 -
Panda 10.0.2.7 2010.06.04 -
PCTools 7.0.3.5 2010.06.04 -
Prevx 3.0 2010.06.04 -
Rising 22.50.04.04 2010.06.04 -
Sophos 4.53.0 2010.06.04 -
[B]Sunbelt 6405 2010.06.04 Trojan-Downloader.Java.Agent.bk (v)[/B]
Symantec 20101.1.0.89 2010.06.04 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 -
VBA32 3.12.12.5 2010.06.04 -
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File size: 7917 bytes
MD5...: 38b48c672a3e45988b5a59e457d74181
SHA1..: a84bf350369d7547de0e4d235683a7fa30220df1
SHA256: 991abd8b4b2e913335e0211ee1686a07561172f2a2bd2e4b020fd1ec8f3a87d7
ssdeep: 192:apVYRxkKEFOrzOr2pj2C3okf4XmOi5ReU7tWAmloz:apVYRfEFdSCC3okf+i 2Emloz 
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: Unknown!
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
[/CODE]

Файл 6BkLj93.exe получен 2010.06.04 15:42:42 (UTC)
[CODE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.26 2010.06.04 Trojan.Win32.Meredrop.A!A2[/B]
AhnLab-V3 2010.06.04.02 2010.06.04 -
[B]AntiVir 8.2.2.6 2010.06.04 TR/Meredrop.A.10097[/B]
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 Win32:Rootkit-gen
Avast5 5.0.332.0 2010.06.04 Win32:Rootkit-gen
AVG 9.0.0.787 2010.06.04 SHeur3.ZZZ[/B]
BitDefender 7.2 2010.06.04 -
[B]CAT-QuickHeal 10.00 2010.06.04 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.06.04 -
[B]Comodo 4984 2010.06.04 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.06.04 Trojan.Packed.20320[/B]
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.03 -
F-Secure 9.0.15370.0 2010.06.04 -
Fortinet 4.1.133.0 2010.06.04 -
[B]GData 21 2010.06.04 Win32:Rootkit-gen[/B]
Ikarus T3.1.1.84.0 2010.06.04 -
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
[B]Microsoft 1.5802 2010.06.04 Trojan:Win32/Meredrop
NOD32 5172 2010.06.04 Win32/Spy.Shiz.NBD[/B]
Norman 6.04.12 2010.06.04 -
nProtect 2010-06-04.01 2010.06.04 -
[B]Panda 10.0.2.7 2010.06.04 Generic Malware[/B]
PCTools 7.0.3.5 2010.06.04 -
[B]Prevx 3.0 2010.06.04 Medium Risk Malware[/B]
Rising 22.50.04.04 2010.06.04 -
Sophos 4.53.0 2010.06.04 -
[B]Sunbelt 6405 2010.06.04 Trojan.Win32.Generic!BT[/B]
Symantec 20101.1.0.89 2010.06.04 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 -
[B]VBA32 3.12.12.5 2010.06.04 Win32.Spy.Shiz.NBD[/B]
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File size: 95232 bytes
MD5...: 60461eab0f3830660d660cc0d81ea605
SHA1..: 987176733844a08c282078e617ba916c1fa4043d
SHA256: f6a2df0b7214934f9ecda9e324faddb68afac775cde4e8e7ee58e683d591f470
ssdeep: 1536:M1S6ssPcBOeiY9PXNWen/ycAFlP7JE9dWW670ISC0W+3CML+2ssTTmle:M1 SLOeZ18e/X2lP7JcWWzISCkSAie 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x16a0 timedatestamp.....: 0x343f7e00 (Sat Oct 11 13:24:16 1997) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x52da 0x5400 7.58 494c135b90b12369c37c8b57fa715381 .data 0x7000 0xf810 0xfa00 7.38 5935f2309984ab57a4dda823cede9dd2 .idata 0x17000 0x4ab 0x600 4.05 04fc78daff8355191d10b900ec97fefb .rsrc 0x18000 0x19a0 0x1a00 5.78 181203eafe0908823d482840a504445f .reloc 0x1a000 0xce 0x200 3.16 a360412cd1e858c80b1fd295c8789b55 ( 2 imports ) > KERNEL32.dll: GetStartupInfoA, GetModuleHandleA, GetProcAddress, GetTickCount, FatalAppExitA, GetTempFileNameA, GetLogicalDrives, RemoveDirectoryW, GetCurrentThreadId, GetModuleFileNameW, FileTimeToLocalFileTime, MoveFileW, ExitProcess, ExitThread, CreateSemaphoreA, FileTimeToSystemTime, GetCurrentDirectoryA, CreateNamedPipeW, OpenMutexA, GetFileAttributesW, FindAtomA, SetCurrentDirectoryA, GlobalAlloc > USER32.dll: WaitMessage, DialogBoxIndirectParamA, TrackPopupMenu, SetDlgItemTextW, GetKeyboardLayout, PeekMessageA, InsertMenuItemA, GetMessageW, CreateWindowExW, GetKeyState, SetCapture, GetClassInfoW, GetClassLongW, wsprintfA, IsDlgButtonChecked, ShowCursor, CheckRadioButton, LockWindowUpdate, GetDlgItemInt ( 0 exports ) 
RDS...: NSRL Reference Data Set -
trid..: Win32 Executable Generic (38.3%) Win32 Dynamic Link Library (generic) (34.1%) Win16/32 Executable Delphi generic (9.3%) Generic Win/DOS Executable (9.0%) DOS Executable Generic (9.0%)
pdfid.: -
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck: publisher....: Pgovgj Xgjlps Ixtryw copyright....: Ywrywbp Xzilnrf Ruwzcjh product......: Pwmwsws description..: Vqoqtv Cxipn original name: n/a internal name: n/a file version.: 9.5.0.9 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=283F1722006047E0740D01689A325E0037E45040' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=283F1722006047E0740D01689A325E0037E45040</a>
[/CODE]
Файл HkdfkjX.class получен 2010.06.04 15:42:46 (UTC)
[CODE]Антивирус Версия Обновление Результат
a-squared 5.0.0.26 2010.06.04 -
AhnLab-V3 2010.06.04.02 2010.06.04 -
AntiVir 8.2.2.6 2010.06.04 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 Java:Djewers-H
Avast5 5.0.332.0 2010.06.04 Java:Djewers-H[/B]
AVG 9.0.0.787 2010.06.04 -
BitDefender 7.2 2010.06.04 -
CAT-QuickHeal 10.00 2010.06.04 -
ClamAV 0.96.0.3-git 2010.06.04 -
Comodo 4984 2010.06.04 -
DrWeb 5.0.2.03300 2010.06.04 -
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.03 -
F-Secure 9.0.15370.0 2010.06.04 -
Fortinet 4.1.133.0 2010.06.04 -
[B]GData 21 2010.06.04 Java:Djewers-H [/B]
Ikarus T3.1.1.84.0 2010.06.04 -
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
Microsoft 1.5802 2010.06.04 -
NOD32 5172 2010.06.04 -
Norman 6.04.12 2010.06.04 -
nProtect 2010-06-04.01 2010.06.04 -
Panda 10.0.2.7 2010.06.04 -
PCTools 7.0.3.5 2010.06.04 -
Prevx 3.0 2010.06.04 -
Rising 22.50.04.04 2010.06.04 -
[B]Sophos 4.53.0 2010.06.04 Mal/JavaDldr-B[/B]
Sunbelt 6405 2010.06.04 -
Symantec 20101.1.0.89 2010.06.04 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 -
VBA32 3.12.12.5 2010.06.04 -
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File size: 5624 bytes
MD5...: 91255e4e3bc74188f1484179405225c9
SHA1..: 9f59fca1ff4219b45acfd715005f39b67eaf119b
SHA256: 7d191aad484697fec3060ba7cbb3b0588134d302aa74a6f9415491665ca98921
ssdeep: 96:W7FlYEkuSyZjYVpMpTgrVpK4KcBxRgtuz5WM1kApgS0:WlnZcygrZKclgtudW 0kApgS0 
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: Java Bytecode (60.0%) Mac OS X Universal Binary executable (40.0%)
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
[/CODE]
Файл KHdfsdeX.class получен 2010.06.04 15:46:26 (UTC)
[CODE]Антивирус Версия Обновление Результат
a-squared 5.0.0.26 2010.06.04 -
AhnLab-V3 2010.06.04.02 2010.06.04 -
AntiVir 8.2.2.6 2010.06.04 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 Java:Djewers-E
Avast5 5.0.332.0 2010.06.04 Java:Djewers-E[/B]
AVG 9.0.0.787 2010.06.04 -
BitDefender 7.2 2010.06.04 -
CAT-QuickHeal 10.00 2010.06.04 -
ClamAV 0.96.0.3-git 2010.06.04 -
Comodo 4984 2010.06.04 -
DrWeb 5.0.2.03300 2010.06.04 -
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.03 -
F-Secure 9.0.15370.0 2010.06.04 -
Fortinet 4.1.133.0 2010.06.04 -
[B]GData 21 2010.06.04 Java:Djewers-E [/B]
Ikarus T3.1.1.84.0 2010.06.04 -
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
Microsoft 1.5802 2010.06.04 -
NOD32 5172 2010.06.04 -
Norman 6.04.12 2010.06.04 -
nProtect 2010-06-04.01 2010.06.04 -
Panda 10.0.2.7 2010.06.04 -
PCTools 7.0.3.5 2010.06.04 -
Prevx 3.0 2010.06.04 -
Rising 22.50.04.04 2010.06.04 -
[B]Sophos 4.53.0 2010.06.04 Mal/JavaDldr-B[/B]
Sunbelt 6405 2010.06.04 -
Symantec 20101.1.0.89 2010.06.04 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 -
VBA32 3.12.12.5 2010.06.04 -
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File size: 7491 bytes
MD5   : e73234098eaae758219a109403978ea2
SHA1  : 20836967becbfd1f38a018cc5c5de2516b5463ee
SHA256: 2afc7199f3b048b621f4a673ed1150b21f7048de2d3586b8870c73b73e3d2657
TrID  : File type identification Java Bytecode (60.0%) Mac OS X Universal Binary executable (40.0%)
ssdeep: 96:t6PZl4kTiDXIzMEFQVwBXeo16NZD2DUDUHIzseszUy0oA7vQLpVDUUU6DUUUKJuV:SZlPTGwBuoysbzU+LpxMkMrM87SE
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
PEiD  : -
RDS   : NSRL Reference Data Set -
[/CODE]

Файл AppletX.class получен 2010.06.04 15:43:03 (UTC)
[CODE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.26 2010.06.04 Trojan.Java.ClassLoader!IK[/B]
AhnLab-V3 2010.06.04.02 2010.06.04 -
AntiVir 8.2.2.6 2010.06.04 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 Java:Agent-B
Avast5 5.0.332.0 2010.06.04 Java:Agent-B
AVG 9.0.0.787 2010.06.04 Java/Downloader.U
[/B]BitDefender 7.2 2010.06.04 -
CAT-QuickHeal 10.00 2010.06.04 -
[B]ClamAV 0.96.0.3-git 2010.06.04 Exploit.JS-7[/B]
Comodo 4984 2010.06.04 -
[B]DrWeb 5.0.2.03300 2010.06.04 Exploit.Java.1[/B]
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.03 -
F-Secure 9.0.15370.0 2010.06.04 -
Fortinet 4.1.133.0 2010.06.04 -
GData 21 2010.06.04 Java:Agent-B
[B]Ikarus T3.1.1.84.0 2010.06.04 Trojan.Java.ClassLoader[/B]
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
[B]Microsoft 1.5802 2010.06.04 Trojan:Java/Classloader.S
NOD32 5172 2010.06.04 a variant of Java/TrojanDownloader.OpenStream.NAJ[/B]
Norman 6.04.12 2010.06.04 -
nProtect 2010-06-04.01 2010.06.04 -
Panda 10.0.2.7 2010.06.04 -
[B]PCTools 7.0.3.5 2010.06.04 Trojan.Generic[/B]
Prevx 3.0 2010.06.04 -
Rising 22.50.04.04 2010.06.04 -
[B]Sophos 4.53.0 2010.06.04 Sus/ClassLdr-A[/B]
Sunbelt 6405 2010.06.04 -
[B]Symantec 20101.1.0.89 2010.06.04 Trojan Horse[/B]
TheHacker 6.5.2.0.292 2010.06.04 -
[B]TrendMicro 9.120.0.1004 2010.06.04 JAVA_DLOAD.YT
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 JAVA_DLOAD.YT[/B]
[B]VBA32 3.12.12.5 2010.06.04 Exploit.Java.1[/B]
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File size: 5254 bytes
MD5...: 5103f06af294aa364dd6049c1b217c83
SHA1..: a32c61706e1ec3c947799e8356d8ae6336758fde
SHA256: 05000e29f191047292ae2e625df5580c6dbfb8957cf1d7dd167e79cd00b443af
ssdeep: 96:CilE7Pql5lov5//9Q7PEeLkC4Vx8P/lwCywJGwL/rpGNd9KlK62SYeL:yDql5 M5/67PE0kC4X8P9wCyP49AhUL 
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: Java Bytecode (60.0%) Mac OS X Universal Binary executable (40.0%)
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
[/CODE]

Файл LoaderX.class получен 2010.06.04 15:44:41 (UTC)
[CODE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.26 2010.06.04 Trojan-Downloader.Java.Agent!IK[/B]
AhnLab-V3 2010.06.04.02 2010.06.04 -
AntiVir 8.2.2.6 2010.06.04 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 Java:Agent-B
Avast5 5.0.332.0 2010.06.04 Java:Agent-B[/B]
AVG 9.0.0.787 2010.06.04 -
BitDefender 7.2 2010.06.04 -
CAT-QuickHeal 10.00 2010.06.04 -
ClamAV 0.96.0.3-git 2010.06.04 -
Comodo 4984 2010.06.04 -
[B]DrWeb 5.0.2.03300 2010.06.04 Exploit.Java.2[/B]
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.03 -
F-Secure 9.0.15370.0 2010.06.04 -
Fortinet 4.1.133.0 2010.06.04 -
[B]GData 21 2010.06.04 Java:Agent-B
Ikarus T3.1.1.84.0 2010.06.04 Trojan-Downloader.Java.Agent[/B]
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
[B]Microsoft 1.5802 2010.06.04 Exploit:Java/CVE-2008-5353.C
NOD32 5172 2010.06.04 a variant of Java/TrojanDownloader.Agent.NBE
Norman 6.04.12 2010.06.04 JAVA/ByteVerify.B[/B]
nProtect 2010-06-04.01 2010.06.04 -
Panda 10.0.2.7 2010.06.04 -
[B]PCTools 7.0.3.5 2010.06.04 Trojan.Generic[/B]
Prevx 3.0 2010.06.04 -
Rising 22.50.04.04 2010.06.04 -
[B]Sophos 4.53.0 2010.06.04 Sus/ClassLdr-A[/B]
Sunbelt 6405 2010.06.04 -
[B]Symantec 20101.1.0.89 2010.06.04 Trojan Horse[/B]
TheHacker 6.5.2.0.292 2010.06.04 -
[B]TrendMicro 9.120.0.1004 2010.06.04 JAVA_DLOAD.YT
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 JAVA_DLOAD.YT
VBA32 3.12.12.5 2010.06.04 Exploit.Java.2[/B]
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File size: 3743 bytes
MD5...: 59b358987b10355b6818f2fa8b5851d5
SHA1..: 8bfdb8f0be7674fed30a8d836bc73594cdcec3b9
SHA256: 9a9c78dbb951285845f03aa99366203df854e06fe7c5e614a6fde02159fc1ca4
ssdeep: 96:EcwFl+E3C4Vx8Pjlov5//9Q7qqTxwnSupzu7eYhB:Enl7C4X8PjM5/67zxwS1 7F/ 
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: Java Bytecode (60.0%) Mac OS X Universal Binary executable (40.0%)
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
[/CODE]

Byodsadc.class получен 2010.06.04 15:44:44 (UTC)

[CODE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.26 2010.06.04 Virus.Java.Djewers!IK[/B]
AhnLab-V3 2010.06.04.02 2010.06.04 -
[B]AntiVir 8.2.2.6 2010.06.04 TR/Dldr.Java.Agent.BH.6[/B]
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 Java:Djewers-J
Avast5 5.0.332.0 2010.06.04 Java:Djewers-J[/B]
AVG 9.0.0.787 2010.06.04 -
BitDefender 7.2 2010.06.04 -
CAT-QuickHeal 10.00 2010.06.04 -
ClamAV 0.96.0.3-git 2010.06.04 -
Comodo 4984 2010.06.04 -
DrWeb 5.0.2.03300 2010.06.04 -
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.03 -
[B]F-Secure 9.0.15370.0 2010.06.04 Exploit:Java/Agent.DIRE[/B]
Fortinet 4.1.133.0 2010.06.04 -
[B]GData 21 2010.06.04 Java:Djewers-J
Ikarus T3.1.1.84.0 2010.06.04 Virus.Java.Djewers[/B]
Jiangmin 13.0.900 2010.06.04 -
[B]Kaspersky 7.0.0.125 2010.06.04 Trojan-Downloader.Java.Agent.bh[/B]
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
Microsoft 1.5802 2010.06.04 -
[B]NOD32 5172 2010.06.04 a variant of Java/TrojanDownloader.Agent.NAX[/B]
Norman 6.04.12 2010.06.04 -
nProtect 2010-06-04.01 2010.06.04 -
Panda 10.0.2.7 2010.06.04 -
[B]PCTools 7.0.3.5 2010.06.04 Downloader.Generic[/B]
Prevx 3.0 2010.06.04 -
Rising 22.50.04.04 2010.06.04 -
[B]Sophos 4.53.0 2010.06.04 Troj/ClsLdr-AA[/B]
Sunbelt 6405 2010.06.04 -
[B]Symantec 20101.1.0.89 2010.06.04 Downloader[/B]
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 -
VBA32 3.12.12.5 2010.06.04 -
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File size: 2933 bytes
MD5...: 2c00e9fbbe72676c8060b7b9120fc750
SHA1..: 190e5a9d820b08abe2a95450ad4df2fa6edf0de5
SHA256: 83f291048284eab6186440542ebb86133e485558dcf49823ad67ba4b0246fe76
ssdeep: 48:6pvKdOEgPDG4nXl3NR/DDvJvtQF4xR5/TXd/d6nRKpF/Lwj8dGR6bJcYhMBfR v7c:YKXgPD7ldRvvJvekzZtdGMVcYhKv2rX 
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: Java Bytecode (60.0%) Mac OS X Universal Binary executable (40.0%)
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
[/CODE]

[size="1"][color="#666686"][B][I]Добавлено через 4 минуты[/I][/B][/color][/size]

Файл mgdyfiqd.dll получен 2010.06.04 16:06:13 (UTC)
[CODE]Антивирус Версия Обновление Результат
a-squared 5.0.0.26 2010.06.04 -
[B]AhnLab-V3 2010.06.04.02 2010.06.04 Malware/Win32.Generic[/B]
AntiVir 8.2.2.6 2010.06.04 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 Win32:Malware-gen
Avast5 5.0.332.0 2010.06.04 Win32:Malware-gen
AVG 9.0.0.787 2010.06.04 Pakes.FKP
BitDefender 7.2 2010.06.04 Trojan.Generic.4089896[/B]
CAT-QuickHeal 10.00 2010.06.04 -
ClamAV 0.96.0.3-git 2010.06.04 -
[B]Comodo 4984 2010.06.04 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.06.04 Trojan.Packed.20273[/B]
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.03 -
[B]F-Secure 9.0.15370.0 2010.06.04 Trojan.Generic.4089896[/B]
Fortinet 4.1.133.0 2010.06.04 -
[B]GData 21 2010.06.04 Trojan.Generic.4089896[/B]
Ikarus T3.1.1.84.0 2010.06.04 -
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
Microsoft 1.5802 2010.06.04 -
[B]NOD32 5172 2010.06.04 a variant of Win32/Kryptik.ELC[/B]
Norman 6.04.12 2010.06.04 -
[B]nProtect 2010-06-04.01 2010.06.04 Trojan.Generic.4089896
Panda 10.0.2.7 2010.06.04 Suspicious file[/B]
PCTools 7.0.3.5 2010.06.04 -
Prevx 3.0 2010.06.04 -
Rising 22.50.04.04 2010.06.04 -
Sophos 4.53.0 2010.06.04 -
Sunbelt 6405 2010.06.04 -
Symantec 20101.1.0.89 2010.06.04 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 -
[B]VBA32 3.12.12.5 2010.06.04 Trojan.MTA.0424[/B]
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File size: 40448 bytes
MD5...: 0f1341509dbf6c92b063a1853666e55c
SHA1..: 0c8a176b30b5d2d23bc4c9815acf884a400fbb7d
SHA256: 6d64c74469c4161120710fd2761a3db6e14b563e4c92c641b18a74796c71016d
ssdeep: 768:tTcwoB3xs9Mszzm75Rip/Vt4LX1ds6sfg0QN8ASr2:eB3xsxGviJ2UYZY2 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1550 timedatestamp.....: 0x304f3700 (Thu Sep 07 18:16:32 1995) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x29ea 0x2a00 7.24 ba3de342086e2761991c42a17822b857 .data 0x4000 0x3d48 0x3e00 7.27 1a37ac19bbfcd8f11d22fa0e3495c67d .idata 0x8000 0x4bc 0x600 3.79 1224cf5c0daf575befd41b06bad51d29 .rsrc 0x9000 0x29d0 0x2a00 6.00 474b98ada983ceac7e5197ec8ed67369 .reloc 0xc000 0x142 0x200 4.71 7c0ff060fddc7eddd580624b4bfbc982 ( 6 imports ) > KERNEL32.dll: Beep, GetProcessHeap, WaitForMultipleObjects, ConnectNamedPipe, LoadLibraryW, FileTimeToLocalFileTime, GetModuleHandleW, lstrcpyA, lstrcpyW, VirtualAlloc, GetShortPathNameW, CreateNamedPipeA, HeapCreate, lstrcmpi > USER32.dll: SetCursor, GetCursorPos, GetMenuStringW, MessageBoxA, DefWindowProcA, LoadCursorA, MessageBeep, DestroyCursor, wsprintfA, DeleteMenu, LoadImageW, SetWindowTextA, GetDesktopWindow, GetKeyboardLayout > GDI32.dll: GetBitmapBits, SetTextColor, CreateFontIndirectA, GetStockObject, SetBkColor > ADVAPI32.dll: RegEnumValueA, RegRestoreKeyA, RegEnumValueW > COMDLG32.dll: PrintDlgExA, ChooseFontW > SHELL32.dll: StrRChrIW ( 0 exports ) 
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: Win64 Executable Generic (79.3%) Win32 Executable Generic (7.9%) Win32 Dynamic Link Library (generic) (7.0%) Win16/32 Executable Delphi generic (1.9%) Generic Win/DOS Executable (1.8%)
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck: publisher....: Lqlpfm Iqxxwa Vyfps Dbxys copyright....: Wshmgg Advjxcq Mwzipt Onurl product......: Qsede Krxlxpq Suonur Kndrm description..: Krgtgjl Hsqxvz original name: n/a internal name: n/a file version.: 2.7.4.8 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
[/CODE]
05.06.2010, 15:04
Nexus

Рассылают Вконтакте, свеженький.

File photo-057.exe received on 2010.06.05 10:57:54 (UTC)
[quote]a-squared 5.0.0.26 2010.06.05 -
AhnLab-V3 2010.06.05.00 2010.06.04 -
AntiVir 8.2.2.6 2010.06.04 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.05 -
Avast 4.8.1351.0 2010.06.05 -
Avast5 5.0.332.0 2010.06.05 -
AVG 9.0.0.787 2010.06.05 -
BitDefender 7.2 2010.06.05 -
CAT-QuickHeal 10.00 2010.06.05 -
ClamAV 0.96.0.3-git 2010.06.05 -
Comodo 4994 2010.06.05 -
DrWeb 5.0.2.03300 2010.06.05 -
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.04 -
F-Secure 9.0.15370.0 2010.06.04 -
Fortinet 4.1.133.0 2010.06.05 -
GData 21 2010.06.05 -
Ikarus T3.1.1.84.0 2010.06.05 -
Jiangmin 13.0.900 2010.06.05 -
[B]Kaspersky 7.0.0.125 2010.06.05 Trojan.Win32.Qhost.ngg[/B]
McAfee 5.400.0.1158 2010.06.05 -
McAfee-GW-Edition 2010.1 2010.06.05 -
Microsoft 1.5802 2010.06.05 -
NOD32 5173 2010.06.04 -
Norman 6.04.12 2010.06.05 -
nProtect 2010-06-05.01 2010.06.05 -
[B]Panda 10.0.2.7 2010.06.05 Suspicious file[/B]
PCTools 7.0.3.5 2010.06.05 -
Prevx 3.0 2010.06.05 -
Rising 22.50.05.03 2010.06.05 -
Sophos 4.53.0 2010.06.05 -
Sunbelt 6409 2010.06.05 -
Symantec 20101.1.0.89 2010.06.05 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.05 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.05 -
VBA32 3.12.12.5 2010.06.04 -
ViRobot 2010.6.5.2339 2010.06.05 -
[/quote]

Additional information
File size: 823296 bytes
MD5 : 3cc0ff8334edd4a55b3ff2c1d873b92b

[url]http://www.virustotal.com/analisis/62600d2efada8cd00e1139b64f84daa24f18ba603920b873390c692f1fd2e591-1275735474[/url]
08.06.2010, 08:30
valho

File vip_porno_44808.avi.exe received on 2010.06.08 04:20:49 (UTC)
Current status: Finished
Result: 15/41 (36.59%)

[QUOTE][B]a-squared 5.0.0.26 2010.06.08 Trojan-Ransom.Win32.PornoBlocker!IK[/B]
[B]AhnLab-V3 2010.06.08.00 2010.06.08 Trojan/Win32.PornoBlocker[/B]
[B]AntiVir 8.2.2.6 2010.06.07 TR/Ransom.PornoBlocker.VR.1[/B]
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.08 -
Avast 4.8.1351.0 2010.06.07 -
Avast5 5.0.332.0 2010.06.07 -
[B]AVG 9.0.0.787 2010.06.07 Generic18.CXR[/B]
BitDefender 7.2 2010.06.08 -
CAT-QuickHeal 10.00 2010.06.08 -
ClamAV 0.96.0.3-git 2010.06.08 -
[B]Comodo 5022 2010.06.07 TrojWare.Win32.Magania.~AAF[/B]
[B]DrWeb 5.0.2.03300 2010.06.08 Trojan.Winlock.1849[/B]
eSafe 7.0.17.0 2010.06.06 -
eTrust-Vet 36.1.7617 2010.06.07 -
F-Prot 4.6.0.103 2010.06.07 -
F-Secure 9.0.15370.0 2010.06.08 -
Fortinet 4.1.133.0 2010.06.06 -
GData 21 2010.06.08 -
[B]Ikarus T3.1.1.84.0 2010.06.08 Trojan-Ransom.Win32.PornoBlocker[/B]
Jiangmin 13.0.900 2010.06.07 -
[B]Kaspersky 7.0.0.125 2010.06.08 Trojan-Ransom.Win32.PornoBlocker.vr[/B]
[B]McAfee 5.400.0.1158 2010.06.08 Suspect-1B!B8AF0ECE0AB4[/B]
[B]McAfee-GW-Edition 2010.1 2010.06.07 Heuristic.BehavesLike.Win32.Trojan.H[/B]
Microsoft 1.5802 2010.06.08 -
[B]NOD32 5180 2010.06.07 Win32/LockScreen.TV[/B]
Norman 6.04.12 2010.06.07 -
nProtect 2010-06-07.01 2010.06.07 -
[B]Panda 10.0.2.7 2010.06.07 Suspicious file[/B]
PCTools 7.0.3.5 2010.06.08 -
[B]Prevx 3.0 2010.06.08 High Risk Cloaked Malware[/B]
Rising 22.51.01.00 2010.06.08 -
[B]Sophos 4.53.0 2010.06.08 Mal/Generic-L[/B]
[B]Sunbelt 6417 2010.06.08 Backdoor.Win32.Hupigon (v)[/B]
Symantec 20101.1.0.89 2010.06.08 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.08 -
VBA32 3.12.12.5 2010.06.07 -
ViRobot 2010.6.8.2342 2010.06.08 -
VirusBuster 5.0.27.0 2010.06.07 -[/QUOTE]
Additional information
File size: 266240 bytes
MD5...: b8af0ece0ab4c7acd4c1a52caa6a1587
SHA1..: 8aa549a91fb953d55a4fbc6080aa9f62b5bd4606
SHA256: 698bf974c7aff83e113f0c299aa09fcd8883095b752de0a1d5191eaa8762c374
ssdeep: 6144:gY903Ds7HbqCnm5KnpDNUUoaGtnlK1wkmOMawiSqW:gl3Ds77qYm5G+nknm
O1lW
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x37df4
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
08.06.2010, 20:15
Vadim_SVN

File mozilla.exe received on 2010.06.08 05:31:52 (UTC)
Current status: finished
[B]Result: [COLOR="Red"]6[/COLOR]/41 (14.63%)[/B]
[CODE]a-squared 5.0.0.26 2010.06.08 -
AhnLab-V3 2010.06.08.00 2010.06.08 -
AntiVir 8.2.2.6 2010.06.07 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.08 -
Avast 4.8.1351.0 2010.06.07 -
[B]Avast5 5.0.332.0 2010.06.07 Win32:SuspBehav-C[/B]
AVG 9.0.0.787 2010.06.07 -
BitDefender 7.2 2010.06.08 -
[B]CAT-QuickHeal 10.00 2010.06.08 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.06.08 -
Comodo 5023 2010.06.08 -
[B]DrWeb 5.0.2.03300 2010.06.08 Trojan.AdultBan.59[/B]
eSafe 7.0.17.0 2010.06.06 -
eTrust-Vet 36.1.7617 2010.06.07 -
F-Prot 4.6.0.103 2010.06.08 -
F-Secure 9.0.15370.0 2010.06.08 -
Fortinet 4.1.133.0 2010.06.06 -
GData 21 2010.06.08 -
Ikarus T3.1.1.84.0 2010.06.08 -
Jiangmin 13.0.900 2010.06.07 -
[B]Kaspersky 7.0.0.125 2010.06.08 Packed.Win32.Krap.gx[/B]
McAfee 5.400.0.1158 2010.06.08 -
McAfee-GW-Edition 2010.1 2010.06.07 -
Microsoft 1.5802 2010.06.08 -
NOD32 5180 2010.06.07 -
Norman 6.04.12 2010.06.07 -
nProtect 2010-06-07.01 2010.06.07 -
Panda 10.0.2.7 2010.06.07 -
PCTools 7.0.3.5 2010.06.08 -
Prevx 3.0 2010.06.08 -
Rising 22.51.01.03 2010.06.08 -
[B]Sophos 4.53.0 2010.06.08 Sus/UnkPack-C[/B]
Sunbelt 6417 2010.06.08 -
Symantec 20101.1.0.89 2010.06.08 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.08 -
[B]VBA32 3.12.12.5 2010.06.07 Trojan.Win32.Waledac.42[/B]
ViRobot 2010.6.8.2342 2010.06.08 -
VirusBuster 5.0.27.0 2010.06.07 -
[/CODE]

Additional information
File size: 389120 bytes
MD5 : 3873606fe0d593c2e85aaa011616069a
[CODE][HKEY_LOCAL_MACHINE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe, C:\\Program Files\\Common Files\\Mozilla\\mozilla.exe"

И еще вот такой ключик был:
[HKEY_LOCAL_MACHINE\Microsoft\Windows NT\CurrentVersion\winlogon ]
"shell"="Explorer.exe, C:\\Program Files\\Common Files\\Mozilla\\mozilla.exe"[/CODE]

[url]http://www.virustotal.com/analisis/5f4a33691698084664940609d6bd6da27b2e0b7d4d6d8cfd0b232affde411dc7-1275975112[/url]

[size="1"][color="#666686"][B][I]Добавлено через 10 часов 30 минут[/I][/B][/color][/size]

Еще порнобаннер (из той же серии, судя по всему)

File photoshop.exe received on 2010.06.08 16:05:06 (UTC)
[B]Result: [COLOR="Red"]9[/COLOR]/41 (21.96%)[/B]

[CODE]a-squared 5.0.0.26 2010.06.08 -
AhnLab-V3 2010.06.08.06 2010.06.08 -
AntiVir 8.2.2.6 2010.06.08 -
Antiy-AVL 2.0.3.7 2010.06.08 -
Authentium 5.2.0.5 2010.06.08 -
Avast 4.8.1351.0 2010.06.08 -
[B]Avast5 5.0.332.0 2010.06.08 Win32:SuspBehav-C[/B]
AVG 9.0.0.787 2010.06.08 -
BitDefender 7.2 2010.06.08 -
[B]CAT-QuickHeal 10.00 2010.06.08 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.06.08 -
[B]Comodo 5029 2010.06.08 TrojWare.Win32.MalPack.~PKA1
DrWeb 5.0.2.03300 2010.06.08 Trojan.Packed.20343[/B]
eSafe 7.0.17.0 2010.06.06 -
eTrust-Vet 36.1.7618 2010.06.08 -
F-Prot 4.6.0.103 2010.06.08 -
F-Secure 9.0.15370.0 2010.06.08 -
Fortinet 4.1.133.0 2010.06.08 -
GData 21 2010.06.08 -
Ikarus T3.1.1.84.0 2010.06.08 -
Jiangmin 13.0.900 2010.06.08 -
[B]Kaspersky 7.0.0.125 2010.06.08 Packed.Win32.Krap.gx[/B]
McAfee 5.400.0.1158 2010.06.08 -
[B]McAfee-GW-Edition 2010.1 2010.06.08 Artemis!D0579AD09624[/B]
Microsoft 1.5802 2010.06.08 -
NOD32 5182 2010.06.08 -
Norman 6.04.12 2010.06.07 -
nProtect 2010-06-08.01 2010.06.08 -
[B]Panda 10.0.2.7 2010.06.07 Suspicious file[/B]
PCTools 7.0.3.5 2010.06.08 -
Prevx 3.0 2010.06.08 -
Rising 22.51.01.04 2010.06.08 -
[B]Sophos 4.53.0 2010.06.08 Sus/UnkPack-C[/B]
Sunbelt 6419 2010.06.08 -
Symantec 20101.1.0.89 2010.06.08 -
TheHacker 6.5.2.0.295 2010.06.08 -
TrendMicro 9.120.0.1004 2010.06.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.08 -
[B]VBA32 3.12.12.5 2010.06.08 Malware-Cryptor.Win32.Limpopo[/B]
ViRobot 2010.6.8.2343 2010.06.08 -
VirusBuster 5.0.27.0 2010.06.08 -[/CODE]

Additional information
File size: 340480 bytes
MD5...: d0579ad09624a861589b5db71ddf5242

Болтался по пути:
[CODE]C:\Program Files\Common files\Adobe Photoshop\[/CODE]
Анделитером нашел тамже батничек:
[CODE]reg add "hkey_local_machine\software\microsoft\windows nt\currentversion\winlogon " /v shell /t reg_sz /d "Explorer.exe" /f
reg add "hkey_local_machine\software\microsoft\windows nt\currentversion\winlogon" /v shell /t reg_sz /d "Explorer.exe" /f
erase "C:\PROGRAM FILES\COMMON FILES\ADOBE PHOTOSHOP\trr.bat"
[/CODE]

[url]http://www.virustotal.com/analisis/063fe302a5ed22a46e41872c2fbeadb962562afc3881a1b2db6a1f8b5da206e1-1276013106[/url]
11.06.2010, 00:58
DefesT

File [B]foto15.scr[/B] received on 2010.06.10 20:52:15 (UTC)
Result: [B][COLOR="Red"]3[/COLOR][/B]/[B]41[/B] (7.32%)
[QUOTE][U]Antivirus Version Last Update Result[/U]
a-squared 5.0.0.26 2010.06.10 -
AhnLab-V3 2010.06.10.02 2010.06.10 -
AntiVir 8.2.2.6 2010.06.10 -
Antiy-AVL 2.0.3.7 2010.06.08 -
Authentium 5.2.0.5 2010.06.10 -
Avast 4.8.1351.0 2010.06.10 -
Avast5 5.0.332.0 2010.06.10 -
[B]AVG 9.0.0.787 2010.06.10 Cryptic.ACV[/B]
BitDefender 7.2 2010.06.10 -
CAT-QuickHeal 10.00 2010.06.10 -
ClamAV 0.96.0.3-git 2010.06.10 -
Comodo 5054 2010.06.10 -
[B]DrWeb 5.0.2.03300 2010.06.10 Trojan.MulDrop.54863[/B]
eSafe 7.0.17.0 2010.06.10 -
eTrust-Vet 36.1.7625 2010.06.10 -
F-Prot 4.6.0.103 2010.06.09 -
F-Secure 9.0.15370.0 2010.06.10 -
Fortinet 4.1.133.0 2010.06.10 -
GData 21 2010.06.10 -
Ikarus T3.1.1.84.0 2010.06.10 -
Jiangmin 13.0.900 2010.06.10 -
Kaspersky 7.0.0.125 2010.06.10 -
McAfee 5.400.0.1158 2010.06.10 -
McAfee-GW-Edition 2010.1 2010.06.10 -
Microsoft 1.5802 2010.06.10 -
NOD32 5188 2010.06.10 -
Norman 6.04.12 2010.06.10 -
nProtect 2010-06-10.01 2010.06.10 -
Panda 10.0.2.7 2010.06.10 -
PCTools 7.0.3.5 2010.06.10 -
Prevx 3.0 2010.06.10 -
Rising 22.51.03.05 2010.06.10 -
[B]Sophos 4.54.0 2010.06.10 Mal/FakeAV-DS[/B]
Sunbelt 6431 2010.06.10 -
Symantec 20101.1.0.89 2010.06.10 -
TheHacker 6.5.2.0.296 2010.06.10 -
TrendMicro 9.120.0.1004 2010.06.10 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.10 -
VBA32 3.12.12.5 2010.06.10 -
ViRobot 2010.6.10.3879 2010.06.10 -
VirusBuster 5.0.27.0 2010.06.10 -[/QUOTE]
Additional information
File size: [B]93264[/B] bytes
MD5...: 726cf1ea7100954f3051587d9f2fce83
SHA1..: 0d37efa0e1ce3068c5b0580f115a98a17baf944b
SHA256: c8d883377c71bfd3aef60ebd67da85ba6469fd62c8ea2effaed995e0e4004bca
[url]http://www.virustotal.com/analisis/c8d883377c71bfd3aef60ebd67da85ba6469fd62c8ea2effaed995e0e4004bca-1276203135[/url]
11.06.2010, 10:05
ALEX(XX)

Улов
Файл avz00001.dta получен 2010.06.11 05:58:07 (UTC)
[CODE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.26 2010.06.11 Backdoor.WinNT.Rustock!IK[/B]
AhnLab-V3 2010.06.11.00 2010.06.11 -
[B]AntiVir 8.2.2.6 2010.06.10 TR/Crypt.ZPACK.Gen[/B]
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.11 -
Avast 4.8.1351.0 2010.06.10 -
Avast5 5.0.332.0 2010.06.10 -
AVG 9.0.0.787 2010.06.10 -
BitDefender 7.2 2010.06.11 -
CAT-QuickHeal 10.00 2010.06.11 -
ClamAV 0.96.0.3-git 2010.06.11 -
Comodo 5059 2010.06.11 -
DrWeb 5.0.2.03300 2010.06.11 -
eSafe 7.0.17.0 2010.06.10 -
eTrust-Vet 36.1.7627 2010.06.10 -
F-Prot 4.6.0.103 2010.06.11 -
F-Secure 9.0.15370.0 2010.06.11 -
Fortinet 4.1.133.0 2010.06.10 -
GData 21 2010.06.11 -
[B]Ikarus T3.1.1.84.0 2010.06.11 Backdoor.WinNT.Rustock[/B]
Jiangmin 13.0.900 2010.06.10 -
Kaspersky 7.0.0.125 2010.06.11 -
McAfee 5.400.0.1158 2010.06.11 -
[B]McAfee-GW-Edition 2010.1 2010.06.10 Artemis!25802B50EC45
Microsoft 1.5802 2010.06.10 Backdoor:WinNT/Rustock.gen!B[/B]
NOD32 5188 2010.06.10 -
Norman 6.04.12 2010.06.10 -
nProtect 2010-06-10.01 2010.06.10 -
Panda 10.0.2.7 2010.06.10 -
PCTools 7.0.3.5 2010.06.11 -
Prevx 3.0 2010.06.11 -
[B]Rising 22.51.04.01 2010.06.11 Trojan.Win32.Generic.52085284
Sophos 4.54.0 2010.06.11 Sus/UnkPack-C[/B]
Sunbelt 6433 2010.06.11 -
Symantec 20101.1.0.89 2010.06.11 -
TheHacker 6.5.2.0.297 2010.06.11 -
TrendMicro 9.120.0.1004 2010.06.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.11 -
[B]VBA32 3.12.12.5 2010.06.10 OScope.Rootkit.Samidi[/B]
ViRobot 2010.6.10.3879 2010.06.10 -
VirusBuster 5.0.27.0 2010.06.10 -

Дополнительная информация
File size: 82304 bytes
MD5...: 25802b50ec45a8b7dbda384b3c21220f
SHA1..: 0bc52bb7b7b279afa3bea946b5108c86d7bfe1a9
SHA256: cb81a5fb08814b938f11f897b9a4346cf8c463b83785525aea5b58f2abc40204
ssdeep: 1536:JKO6e3zCMokd7ZFHEy5qCAMASaF25n+stFfbqsqaCftMBuCMzq5fHY6sLh3 2Yu:JKOdGMb5MD2TvfesqdftMBLM2fHAR2Y 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x13050 timedatestamp.....: 0x4c0ec28a (Tue Jun 08 22:22:02 2010) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x300 0x13122 0x13180 7.36 bbdbea9fc85e936dd66fe6c7ba305f34 .rdata 0x13480 0x459 0x480 5.28 76a40bd3d0b421094f95df52e5034b20 .data 0x13900 0xe 0x80 0.00 f09f35a5637839458e462e6350ecbce4 INIT 0x13980 0x188 0x200 4.10 d049f827186dfd9b204f6e0f9ac5683e .rsrc 0x13b80 0x328 0x380 3.14 aab3efebe20ecb4816a13f85cc37592a .reloc 0x13f00 0x280 0x280 4.32 307a90365c3fbbea837a3afebc2f6c06 ( 2 imports ) > HAL.dll: KeQueryPerformanceCounter > ntoskrnl.exe: KeTickCount, KeInitializeEvent, KeGetCurrentThread, IoGetCurrentProcess, PsGetCurrentProcessId, memcpy, memset, PsGetVersion, KeInitializeMutex, MmQuerySystemSize, KeInitializeTimer, KeInitializeSpinLock ( 0 exports ) 
RDS...: NSRL Reference Data Set -
trid..: Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
pdfid.: -
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned [/CODE]

Файл avz00002.dta получен 2010.06.11 05:58:10 (UTC)

[CODE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.26 2010.06.11 Backdoor.WinNT.Rustock!IK[/B]
AhnLab-V3 2010.06.11.00 2010.06.11 -
[B]AntiVir 8.2.2.6 2010.06.10 TR/Crypt.ZPACK.Gen[/B]
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.11 -
Avast 4.8.1351.0 2010.06.10 -
Avast5 5.0.332.0 2010.06.10 -
AVG 9.0.0.787 2010.06.10 -
BitDefender 7.2 2010.06.11 -
CAT-QuickHeal 10.00 2010.06.11 -
ClamAV 0.96.0.3-git 2010.06.11 -
Comodo 5059 2010.06.11 -
DrWeb 5.0.2.03300 2010.06.11 -
eSafe 7.0.17.0 2010.06.10 -
eTrust-Vet 36.1.7627 2010.06.10 -
F-Prot 4.6.0.103 2010.06.11 -
F-Secure 9.0.15370.0 2010.06.11 -
Fortinet 4.1.133.0 2010.06.10 -
GData 21 2010.06.11 -
[B]Ikarus T3.1.1.84.0 2010.06.11 Backdoor.WinNT.Rustock[/B]
Jiangmin 13.0.900 2010.06.10 -
Kaspersky 7.0.0.125 2010.06.11 -
McAfee 5.400.0.1158 2010.06.11 -
[B]McAfee-GW-Edition 2010.1 2010.06.10 Artemis!25802B50EC45
Microsoft 1.5802 2010.06.10 Backdoor:WinNT/Rustock.gen!B[/B]
NOD32 5188 2010.06.10 -
Norman 6.04.12 2010.06.10 -
nProtect 2010-06-10.01 2010.06.10 -
Panda 10.0.2.7 2010.06.10 -
PCTools 7.0.3.5 2010.06.11 -
[B]Rising 22.51.04.01 2010.06.11 Trojan.Win32.Generic.52085284
Sophos 4.54.0 2010.06.11 Sus/UnkPack-C[/B]
Sunbelt 6433 2010.06.11 -
Symantec 20101.1.0.89 2010.06.11 -
TheHacker 6.5.2.0.297 2010.06.11 -
TrendMicro 9.120.0.1004 2010.06.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.11 -
[B]VBA32 3.12.12.5 2010.06.10 OScope.Rootkit.Samidi[/B]
ViRobot 2010.6.10.3879 2010.06.10 -
VirusBuster 5.0.27.0 2010.06.10 -

Дополнительная информация
File size: 82304 bytes
MD5...: 25802b50ec45a8b7dbda384b3c21220f
SHA1..: 0bc52bb7b7b279afa3bea946b5108c86d7bfe1a9
SHA256: cb81a5fb08814b938f11f897b9a4346cf8c463b83785525aea5b58f2abc40204
ssdeep: 1536:JKO6e3zCMokd7ZFHEy5qCAMASaF25n+stFfbqsqaCftMBuCMzq5fHY6sLh3 2Yu:JKOdGMb5MD2TvfesqdftMBLM2fHAR2Y 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x13050 timedatestamp.....: 0x4c0ec28a (Tue Jun 08 22:22:02 2010) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x300 0x13122 0x13180 7.36 bbdbea9fc85e936dd66fe6c7ba305f34 .rdata 0x13480 0x459 0x480 5.28 76a40bd3d0b421094f95df52e5034b20 .data 0x13900 0xe 0x80 0.00 f09f35a5637839458e462e6350ecbce4 INIT 0x13980 0x188 0x200 4.10 d049f827186dfd9b204f6e0f9ac5683e .rsrc 0x13b80 0x328 0x380 3.14 aab3efebe20ecb4816a13f85cc37592a .reloc 0x13f00 0x280 0x280 4.32 307a90365c3fbbea837a3afebc2f6c06 ( 2 imports ) > HAL.dll: KeQueryPerformanceCounter > ntoskrnl.exe: KeTickCount, KeInitializeEvent, KeGetCurrentThread, IoGetCurrentProcess, PsGetCurrentProcessId, memcpy, memset, PsGetVersion, KeInitializeMutex, MmQuerySystemSize, KeInitializeTimer, KeInitializeSpinLock ( 0 exports ) 
RDS...: NSRL Reference Data Set -
trid..: Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
pdfid.: -
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99[/CODE]

Эта зараза меня !@$%@#^ уже. Приводит к тому, что lsass грузит проц в дрова, тачка тупо не грузится дальше приветствия. Только в безопаске и БЕЗ СЕТИ!
4-я машина такая приходит. Зараза отлично работает, пока не прибиваешь его спутников. Приносят машину, всё ок. Прогоняешь куритом, тулом или АВЗ, прибиваешь явно видное, а после этого "солнышко". Машина в дровах
12.06.2010, 00:21
DefesT

File [B]Mail.Exe[/B] received on 2010.06.11 20:06:49 (UTC)
Result: [COLOR="Red"][B]26[/B][/COLOR]/[B]41[/B] (63.42%)
[QUOTE][U]Antivirus Version Last Update Result[/U]
a-squared 5.0.0.26 2010.06.11 [B]Trojan-PWS.MSIL!IK[/B]
AhnLab-V3 2010.06.11.00 2010.06.11 -
AntiVir 8.2.2.6 2010.06.11 [B]TR/Dropper.Gen[/B]
Antiy-AVL 2.0.3.7 2010.06.11 [B]Trojan/MSIL.Dybalom.gen[/B]
Authentium 5.2.0.5 2010.06.11 -
Avast 4.8.1351.0 2010.06.11 [B]Win32:Trojan-gen[/B]
Avast5 5.0.332.0 2010.06.11 [B]Win32:Trojan-gen[/B]
AVG 9.0.0.787 2010.06.11 [B]BackDoor.Generic12.BFSN[/B]
BitDefender 7.2 2010.06.11 [B]Backdoor.Generic.319280[/B]
CAT-QuickHeal 10.00 2010.06.11 [B]TrojanPSW.MSIL.Dybalom.ji[/B]
ClamAV 0.96.0.3-git 2010.06.11 [B]Trojan.Spy-73879[/B]
Comodo 5059 2010.06.11 -
DrWeb 5.0.2.03300 2010.06.11 -
eSafe 7.0.17.0 2010.06.10 -
eTrust-Vet 36.1.7629 2010.06.11 -
F-Prot 4.6.0.103 2010.06.11 -
F-Secure 9.0.15370.0 2010.06.11 [B]Backdoor.Generic.319280[/B]
Fortinet 4.1.133.0 2010.06.11 -
GData 21 2010.06.11 [B]Backdoor.Generic.319280[/B]
Ikarus T3.1.1.84.0 2010.06.11 [B]Trojan-PWS.MSIL[/B]
Jiangmin 13.0.900 2010.06.11 [B]Trojan/PSW.MSIL.jb[/B]
Kaspersky 7.0.0.125 2010.06.11 -
McAfee 5.400.0.1158 2010.06.11 [B]Generic MSIL.c[/B]
McAfee-GW-Edition 2010.1 2010.06.11 [B]Generic MSIL.c[/B]
Microsoft 1.5802 2010.06.11 -
NOD32 5191 2010.06.11 [B]a variant of MSIL/Injector.F[/B]
Norman 6.04.12 2010.06.11 [B]W32/Obfuscated.N3!genr[/B]
nProtect 2010-06-11.01 2010.06.11 [B]Backdoor.Generic.319280[/B]
Panda 10.0.2.7 2010.06.11 [B]Suspicious file[/B]
PCTools 7.0.3.5 2010.06.11 [B]Trojan-PSW.Generic[/B]
Prevx 3.0 2010.06.11 [B]High Risk Cloaked Malware[/B]
Rising 22.51.04.04 2010.06.11 -
Sophos 4.54.0 2010.06.11 [B]Mal/Exwamp-B[/B]
Sunbelt 6436 2010.06.11 -
Symantec 20101.1.0.89 2010.06.11 [B]Infostealer[/B]
TheHacker 6.5.2.0.297 2010.06.11 [B]Trojan/MSIL.Dybalom.ix[/B]
TrendMicro 9.120.0.1004 2010.06.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.11 -
VBA32 3.12.12.5 2010.06.11 [B]Trojan-PSW.MSIL.Dybalom.ji[/B]
ViRobot 2010.6.11.3881 2010.06.11 -
VirusBuster 5.0.27.0 2010.06.11 [B]Trojan.PWS.MSIL.LH[/B][/QUOTE]
Additional information
File size: [B]144817[/B] bytes
MD5...: 8baaf0ad46497979cebc7ff48f46c619
SHA1..: 17f6e923f659bfeed35b106fc45ab2da63aaf608
SHA256: f5609e08c229dc2b8d84b11367f38dba160150bc23c9bf4a67028ea5b24f2d59
[url]http://www.virustotal.com/analisis/f5609e08c229dc2b8d84b11367f38dba160150bc23c9bf4a67028ea5b24f2d59-1276286809[/url]

File [B]data.exe[/B] received on 2010.06.11 20:14:02 (UTC)
Result: [COLOR="Red"][B]13[/B][/COLOR]/[B]40[/B] (32.5%)
[QUOTE][U]Antivirus Version Last Update Result[/U]
a-squared 5.0.0.26 2010.06.11 [B]Trojan-Downloader.Win32.Uloadis!IK[/B]
AhnLab-V3 2010.06.11.00 2010.06.11 -
AntiVir 8.2.2.6 2010.06.11 [B]HEUR/Crypted[/B]
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.11 -
Avast 4.8.1351.0 2010.06.11 -
Avast5 5.0.332.0 2010.06.11 -
AVG 9.0.0.787 2010.06.11 -
BitDefender 7.2 2010.06.11 -
CAT-QuickHeal 10.00 2010.06.11 [B](Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.06.11 -
Comodo 5059 2010.06.11 [B]Heur.Packed.Unknown[/B]
DrWeb 5.0.2.03300 2010.06.11 [B]Trojan.PWS.Webmonier.295[/B]
eSafe 7.0.17.0 2010.06.10 -
eTrust-Vet 36.1.7629 2010.06.11 -
F-Prot 4.6.0.103 2010.06.11 -
F-Secure 9.0.15370.0 2010.06.11 -
Fortinet 4.1.133.0 2010.06.11 -
GData 21 2010.06.11 -
Ikarus T3.1.1.84.0 2010.06.11 [B]Trojan-Downloader.Win32.Uloadis[/B]
Jiangmin 13.0.900 2010.06.11 [B]TrojanSpy.Webmoner.ub[/B]
Kaspersky 7.0.0.125 2010.06.11 -
McAfee 5.400.0.1158 2010.06.11 -
McAfee-GW-Edition 2010.1 2010.06.11 [B]Artemis!9C65DAA0A7E3[/B]
Microsoft 1.5802 2010.06.11 [B]PWS:Win32/Dipwit.B[/B]
NOD32 5191 2010.06.11 -
Norman 6.04.12 2010.06.11 -
nProtect 2010-06-11.01 2010.06.11 -
Panda 10.0.2.7 2010.06.11 -
PCTools 7.0.3.5 2010.06.11 -
Rising 22.51.04.04 2010.06.11 -
Sophos 4.54.0 2010.06.11 [B]Sus/Behav-1018[/B]
Sunbelt 6436 2010.06.11 -
Symantec 20101.1.0.89 2010.06.11 -
TheHacker 6.5.2.0.297 2010.06.11 -
TrendMicro 9.120.0.1004 2010.06.11 [B]Cryp_Xin2[/B]
TrendMicro-HouseCall 9.120.0.1004 2010.06.11 [B]Cryp_Xin2[/B]
VBA32 3.12.12.5 2010.06.11 [B]suspected of Embedded.Trojan-Spy.Win32.Wemon.lv[/B]
ViRobot 2010.6.11.3881 2010.06.11 -
VirusBuster 5.0.27.0 2010.06.11 -[/QUOTE]
Additional information
File size: [B]36864[/B] bytes
MD5...: 9c65daa0a7e3f8c16bfa935f920178d3
SHA1..: b9e849780ab211f52a5744b9f04172880b332581
SHA256: 22e0375e9b3588d18966c6a6fe2e6a35da089f3cd834c569d91ccc8fb5d388d9
[url]http://www.virustotal.com/analisis/22e0375e9b3588d18966c6a6fe2e6a35da089f3cd834c569d91ccc8fb5d388d9-1276287242[/url]
13.06.2010, 10:56
VV2006

Эротический баннер, достаточно глянуть в Far'e Version Info :)

Файл [B]WIMAMP.EXE [/B]получен 2010.06.13 06:34:04 (UTC)
Текущий статус: закончено
Результат: 9/41 (21.96%)
[QUOTE][U]Антивирус Версия Обновление Результат[/U]
[B]a-squared 5.0.0.26 2010.06.13 Trojan.Win32.Carmapic!IK[/B]
AhnLab-V3 2010.06.13.00 2010.06.12 -
AntiVir 8.2.2.6 2010.06.11 -
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.12 -
Avast 4.8.1351.0 2010.06.13 -
Avast5 5.0.332.0 2010.06.13 -
[B]AVG 9.0.0.787 2010.06.12 Cryptic.AED[/B]
BitDefender 7.2 2010.06.13 -
CAT-QuickHeal 10.00 2010.06.12 -
ClamAV 0.96.0.3-git 2010.06.13 -
Comodo 5083 2010.06.13 -
[B]DrWeb 5.0.2.03300 2010.06.13 Trojan.AdultBan.79[/B]
eSafe 7.0.17.0 2010.06.10 -
eTrust-Vet 36.1.7629 2010.06.11 -
F-Prot 4.6.0.103 2010.06.12 -
F-Secure 9.0.15370.0 2010.06.12 -
Fortinet 4.1.133.0 2010.06.12 -
GData 21 2010.06.13 -
[B]Ikarus T3.1.1.84.0 2010.06.13 Trojan.Win32.Carmapic[/B]
Jiangmin 13.0.900 2010.06.12 -
[B]Kaspersky 7.0.0.125 2010.06.13 Trojan-Ransom.Win32.PinkBlocker.bpk[/B]
McAfee 5.400.0.1158 2010.06.13 -
[B]McAfee-GW-Edition 2010.1 2010.06.12 Artemis!BCDC4A1F137B[/B]
[B]Microsoft 1.5802 2010.06.13 Trojan:Win32/Carmapic.C[/B]
NOD32 5192 2010.06.12 -
Norman 6.04.12 None.. -
nProtect 2010-06-12.01 2010.06.12 -
Panda 10.0.2.7 2010.06.12 -
PCTools 7.0.3.5 2010.06.13 -
Prevx 3.0 2010.06.13 -
Rising 22.51.06.01 2010.06.13 -
[B]Sophos 4.54.0 2010.06.13 Sus/UnkPack-C[/B]
Sunbelt 6442 2010.06.13 -
Symantec 20101.1.0.89 2010.06.13 -
TheHacker 6.5.2.0.298 2010.06.12 -
TrendMicro 9.120.0.1004 2010.06.12 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.13 -
[B]VBA32 3.12.12.5 2010.06.11 Malware-Cryptor.Win32.Limpopo[/B]
ViRobot 2010.6.12.3882 2010.06.12 -
VirusBuster 5.0.27.0 2010.06.12 -
[/QUOTE]
Дополнительная информация
File size: 393728 bytes
MD5...: bcdc4a1f137bfd229439ddd9c32904bf
SHA1..: 609c259fa7a150f7c2252dda76bd31befc8737ce
SHA256: 75e8c76a06c47241ce02c5e72ef59efc436884227c915c71265653a3c2b6f5eb
ssdeep: 12288:Vge8nYTOjaGmPfSxHHZmyeYzFAOhHNsW1:Ke8nxjIPfuUyT2c1
PEiD..: -
13.06.2010, 22:06
amcenter

Файл install_flash_player.exe получен 2010.06.13 17:53:05 (UTC)
Текущий статус: закончено
Результат: [b][COLOR="Red"]7[/COLOR]/41[/b] (17.08%)
[QUOTE]Антивирус Версия Обновление Результат
[b]a-squared 5.0.0.26 2010.06.13 Trojan.Win32.Ransom!IK[/b]
AhnLab-V3 2010.06.13.00 2010.06.12 -
[b]AntiVir 8.2.2.6 2010.06.11 TR/Crypt.XDR.Gen[/b]
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.13 -
Avast 4.8.1351.0 2010.06.13 -
Avast5 5.0.332.0 2010.06.13 -
AVG 9.0.0.787 2010.06.13 -
BitDefender 7.2 2010.06.13 -
CAT-QuickHeal 10.00 2010.06.12 -
[b]ClamAV 0.96.0.3-git 2010.06.13 Trojan.Aavirus-1[/b]
[b]Comodo 5088 2010.06.13 Heur.Packed.Unknown[/b]
DrWeb 5.0.2.03300 2010.06.13 -
eSafe 7.0.17.0 2010.06.13 -
eTrust-Vet 36.1.7629 2010.06.11 -
F-Prot 4.6.0.103 2010.06.13 -
[b]F-Secure 9.0.15370.0 2010.06.13 Suspicious:W32/Malware!Gemini[/b]
Fortinet 4.1.133.0 2010.06.13 -
GData 21 2010.06.13 -
[b]Ikarus T3.1.1.84.0 2010.06.13 Trojan.Win32.Ransom[/b]
Jiangmin 13.0.900 2010.06.13 -
Kaspersky 7.0.0.125 2010.06.13 -
McAfee 5.400.0.1158 2010.06.13 -
McAfee-GW-Edition 2010.1 2010.06.12 -
Microsoft 1.5802 2010.06.13 -
NOD32 5193 2010.06.13 -
Norman 6.04.12 2010.06.13 -
nProtect 2010-06-12.01 2010.06.12 -
Panda 10.0.2.7 2010.06.13 -
PCTools 7.0.3.5 2010.06.13 -
[b]Prevx 3.0 2010.06.13 Medium Risk Malware[/b]
Rising 22.51.06.01 2010.06.13 -
Sophos 4.54.0 2010.06.13 -
Sunbelt 6444 2010.06.13 -
Symantec 20101.1.0.89 2010.06.13 -
TheHacker 6.5.2.0.298 2010.06.12 -
TrendMicro 9.120.0.1004 2010.06.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.13 -
VBA32 3.12.12.5 2010.06.11 -
ViRobot 2010.6.12.3882 2010.06.13 -
VirusBuster 5.0.27.0 2010.06.13 -[/QUOTE]

File size: 169984 bytes
MD5...: 21fdc7fcfd7f3fc3e3f123c31a046f70
SHA1..: 1f3fa67d0a2b8dc20be7a3b6b6a36af7bdbfbd3c
SHA256: 498196c0456d4c4aa5b4c1f656598e7feb73edb3cf364e02cb115daa1f535746
ssdeep: 3072:9OJU329k02butF7Soq2R8evKAQHJ804LJhTSeO1RsL+kaksC:9OJUGkut9l
x8eKHq04PTSeWg+kl

[url]http://www.virustotal.com/ru/analisis/498196c0456d4c4aa5b4c1f656598e7feb73edb3cf364e02cb115daa1f535746-1276451585[/url]
16.06.2010, 11:20
Dandy

Файл vip_porno_78982_1_.avi.exe получен 2010.06.16 07:14:48 (UTC)

Результат: 7/41 (17.08%)
[QUOTE]Антивирус Версия Обновление Результат
a-squared 5.0.0.26 2010.06.16 [COLOR="Red"]Trojan.Win32.Ransom!IK[/COLOR]
AhnLab-V3 2010.06.16.00 2010.06.16 -
AntiVir 8.2.2.6 2010.06.15 -
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.16 -
Avast 4.8.1351.0 2010.06.15 -
Avast5 5.0.332.0 2010.06.15 -
AVG 9.0.0.787 2010.06.15 -
BitDefender 7.2 2010.06.16 -
CAT-QuickHeal 10.00 2010.06.16 -
ClamAV 0.96.0.3-git 2010.06.16 -
Comodo 5117 2010.06.16 -
DrWeb 5.0.2.03300 2010.06.16 -
eSafe 7.0.17.0 2010.06.15 -
eTrust-Vet 36.1.7636 2010.06.15 -
F-Prot 4.6.0.103 2010.06.15 -
F-Secure 9.0.15370.0 2010.06.16 -
Fortinet 4.1.133.0 2010.06.15 -
GData 21 2010.06.16 -
Ikarus T3.1.1.84.0 2010.06.16 [COLOR="Red"]Trojan.Win32.Ransom[/COLOR]
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.16 -
McAfee 5.400.0.1158 2010.06.16 [COLOR="Red"]Suspect-1B!BB5D5E19370B[/COLOR]
McAfee-GW-Edition 2010.1 2010.06.15 -
Microsoft 1.5802 2010.06.16 [COLOR="Red"]Trojan:Win32/Ransom.AQ[/COLOR]
NOD32 5199 2010.06.15 [COLOR="Red"]a variant of Win32/LockScreen.TZ[/COLOR]
Norman 6.04.12 2010.06.15 -
nProtect 2010-06-15.02 2010.06.15 -
Panda 10.0.2.7 2010.06.15 [COLOR="Red"]Trj/SMSlock.B[/COLOR]
PCTools 7.0.3.5 2010.06.16 -
Prevx 3.0 2010.06.16 -
Rising 22.51.06.01 2010.06.13 -
Sophos 4.54.0 2010.06.16 -
Sunbelt 6453 2010.06.16 [COLOR="Red"]Backdoor.Win32.Hupigon (v)[/COLOR]
Symantec 20101.1.0.89 2010.06.16 -
TheHacker 6.5.2.0.299 2010.06.15 -
TrendMicro 9.120.0.1004 2010.06.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.16 -
VBA32 3.12.12.5 2010.06.15 -
ViRobot 2010.6.14.3884 2010.06.16 -
VirusBuster 5.0.27.0 2010.06.15 -
Дополнительная информация
File size: 119296 bytes
MD5...: bb5d5e19370b00a7c8b9a65c5c8eaec5
SHA1..: 14b82dec4d1d9f688b97d73aa8353c13300ca4fa
SHA256: b911931bc1e2d930b28ca7c3bddb93a496177c59f4c61150b5b7f253380c0d9c
ssdeep: 3072:natMJia4YT2boCUUArhqA2pNMs1bTcriuPCy:nU6ejoTbqA2pCs10iuP
PEiD..: -[/QUOTE]
16.06.2010, 18:35
kvalera

[url]http://oko-kino.ru/load/brazilija_severnaja_koreja_kndr_2010/7-1-0-2525[/url]
Решил скачать с сайта футбол бразилия-кндр. В папке
Temporary Internet Files образовался этот гад. Кстати, антивирус Ikarus по обнаружению новых вирусов сейчас впереди планеты всей. Вот последний тест: [url]http://www.virusbtn.com/vb100/rap-index.xml[/url]

Файл: HTML Document 7-1-0-2525

Результат: 2/ 43 (4.7%)

[QUOTE]Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.06.16 [COLOR="Red"][B]Virus.JS.Decdec!IK[/B][/COLOR]
AhnLab-V3 2010.06.16.07 2010.06.16 -
AntiVir 8.2.2.6 2010.06.16 -
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.16 -
Avast 4.8.1351.0 2010.06.16 -
Avast5 5.0.332.0 2010.06.16 -
AVG 9.0.0.787 2010.06.16 -
BitDefender 7.2 2010.06.16 -
CAT-QuickHeal 10.00 2010.06.16 -
ClamAV 0.96.0.3-git 2010.06.16 -
Comodo 5120 2010.06.16 -
DrWeb 5.0.2.03300 2010.06.16 -
eSafe 7.0.17.0 2010.06.16 -
eTrust-Vet 36.1.7638 2010.06.16 -
F-Prot 4.6.0.103 2010.06.16 -
F-Secure 9.0.15370.0 2010.06.16 -
Fortinet 4.1.133.0 2010.06.16 -
GData 21 2010.06.16 -
Ikarus T3.1.1.84.0 2010.06.16 [COLOR="Red"][B]Virus.JS.Decdec[/B][/COLOR]
Jiangmin 13.0.900 2010.06.15 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.06.16 -
McAfee 5.400.0.1158 2010.06.16 -
McAfee+Artemis 5937 2010.03.31 -
McAfee-GW-Edition 2010.1 2010.06.16 -
Microsoft 1.5802 2010.06.16 -
NOD32 5201 2010.06.16 -
Norman 6.04.12 2010.06.15 -
nProtect 2010-06-16.01 2010.06.16 -
Panda 10.0.2.7 2010.06.16 -
PCTools 7.0.3.5 2010.06.16 -
Prevx 3.0 2010.06.16 -
Rising 22.51.06.01 2010.06.13 -
Sophos 4.54.0 2010.06.16 -
Sunbelt 6454 2010.06.16 -
Symantec 20101.1.0.89 2010.06.16 -
TheHacker 6.5.2.0.299 2010.06.15 -
TrendMicro 9.120.0.1004 2010.06.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.16 -
VBA32 3.12.12.5 2010.06.16 -
ViRobot 2010.6.14.3884 2010.06.16 -
VirusBuster 5.0.27.0 2010.06.16 -[/QUOTE]
17.06.2010, 00:17
kyzya

инсталяха Call of Duty Modern Warfare 2

Файл setup.exe получен 2010.06.16 20:08:51 (UTC)
Результат: 11/41 (26.83%)

[url]http://www.virustotal.com/ru/analisis/46437ed36f5c0ee1d01544b249d95b9b0482b13b68eae74d2535924f5c1ddab7-1276718931[/url]

Антивирус Версия Обновление Результат
a-squared 5.0.0.26 2010.06.16 -
AhnLab-V3 2010.06.16.07 2010.06.16 -
AntiVir 8.2.2.6 2010.06.16 [B]TR/Dropper.Gen[/B]
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.16 -
Avast 4.8.1351.0 2010.06.16 [B]Win32:CabMod[/B]
Avast5 5.0.332.0 2010.06.16 [B]Win32:CabMod[/B]
AVG 9.0.0.787 2010.06.16 [B]Generic13.XHS[/B]
BitDefender 7.2 2010.06.16 -
CAT-QuickHeal 10.00 2010.06.16 [B]Trojan.Agent.ATV[/B]
ClamAV 0.96.0.3-git 2010.06.16 -
Comodo 5123 2010.06.16 [B]TrojWare.Win32.Agent.~WRAR[/B]
DrWeb 5.0.2.03300 2010.06.16 [B]Trojan.Siggen.3310[/B]
eSafe 7.0.17.0 2010.06.16 -
eTrust-Vet 36.1.7638 2010.06.16 -
F-Prot 4.6.0.103 2010.06.16 -
F-Secure 9.0.15370.0 2010.06.16 -
Fortinet 4.1.133.0 2010.06.16 -
GData 21 2010.06.16 [B]Win32:CabMod[/B]
Ikarus T3.1.1.84.0 2010.06.16 -
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.16 [B]Trojan.Win32.Chifrax.d[/B]
McAfee 5.400.0.1158 2010.06.16 -
McAfee-GW-Edition 2010.1 2010.06.16 -
Microsoft 1.5802 2010.06.16 [B]Trojan:Win32/Comame[/B]
NOD32 5202 2010.06.16 -
Norman 6.04.12 2010.06.16 -
nProtect 2010-06-16.01 2010.06.16 -
Panda 10.0.2.7 2010.06.16 -
PCTools 7.0.3.5 2010.06.16 -
Prevx 3.0 2010.06.16 -
Rising 22.51.06.01 2010.06.13 -
Sophos 4.54.0 2010.06.16 [B]Troj/BadCab-A[/B]
Sunbelt 6456 2010.06.16 -
Symantec 20101.1.0.89 2010.06.16 -
TheHacker 6.5.2.0.299 2010.06.15 -
TrendMicro 9.120.0.1004 2010.06.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.16 -
VBA32 3.12.12.5 2010.06.16 -
ViRobot 2010.6.14.3884 2010.06.16 -
VirusBuster 5.0.27.0 2010.06.16 -
18.06.2010, 02:11
valho

так и не понял откуда это, вобщем рассылался спам

File wvovybqv.sys received on 2010.06.17 21:52:03 (UTC)
Current status: finished
Result: 4/41 (9.76%)
[QUOTE][B]a-squared 5.0.0.26 2010.06.17 Trojan.Win32.Agent!IK[/B]
AhnLab-V3 2010.06.17.02 2010.06.17 -
AntiVir 8.2.2.6 2010.06.17 -
Antiy-AVL 2.0.3.7 2010.06.17 -
Authentium 5.2.0.5 2010.06.17 -
Avast 4.8.1351.0 2010.06.17 -
Avast5 5.0.332.0 2010.06.17 -
AVG 9.0.0.787 2010.06.17 -
BitDefender 7.2 2010.06.17 -
CAT-QuickHeal 10.00 2010.06.17 -
ClamAV 0.96.0.3-git 2010.06.17 -
Comodo 5136 2010.06.17 -
DrWeb 5.0.2.03300 2010.06.17 -
[B]eSafe 7.0.17.0 2010.06.17 Win32.TrojanHorse[/B]
eTrust-Vet 36.1.7642 2010.06.17 -
F-Prot 4.6.1.107 2010.06.17 -
F-Secure 9.0.15370.0 2010.06.17 -
Fortinet 4.1.133.0 2010.06.17 -
GData 21 2010.06.17 -
[B]Ikarus T3.1.1.84.0 2010.06.17 Trojan.Win32.Agent[/B]
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.17 -
McAfee 5.400.0.1158 2010.06.17 -
McAfee-GW-Edition 2010.1 2010.06.16 -
Microsoft 1.5902 2010.06.17 -
NOD32 5205 2010.06.17 -
Norman 6.05.06 2010.06.17 -
nProtect 2010-06-17.01 2010.06.17 -
Panda 10.0.2.7 2010.06.17 -
PCTools 7.0.3.5 2010.06.17 -
[B]Prevx 3.0 2010.06.17 High Risk Cloaked Malware[/B]
Rising 22.52.03.04 2010.06.17 -
Sophos 4.54.0 2010.06.17 -
Sunbelt 6463 2010.06.17 -
Symantec 20101.1.0.89 2010.06.17 -
TheHacker 6.5.2.0.299 2010.06.17 -
TrendMicro 9.120.0.1004 2010.06.17 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.17 -
VBA32 3.12.12.5 2010.06.17 -
ViRobot 2010.6.14.3884 2010.06.17 -
VirusBuster 5.0.27.0 2010.06.17 -[/QUOTE]
File size: 54016 bytes
MD5...: e6d35f3aa51a65eb35c1f2340154a25e
SHA1..: aabbd57e20d2e7041f9e7abce6cfd8a53c366537
SHA256: 3da4f51682e7d42c5569f1fb1adc6295182962e36f748219e1d0c8f2389ba516
ssdeep: 768:Bosx0q2ph6P2Jpz8ftoSUiJP7hYTCMrhwYKUzY4q:j076P2Jpz8ftBUMPaCM
rhwY
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xc505
timedatestamp.....: 0x4a9ee5b5 (Wed Sep 02 21:37:57 2009)
machinetype.......: 0x14c (I386)
[url]http://info.prevx.com/aboutprogramtext.asp?PX5=CB99356A002065F7D3EC001ED8409400D9D04283[/url]
18.06.2010, 15:38
ALEX(XX)

Файл tevesm.exe получен 2010.06.18 11:33:39 (UTC)

[CODE]Антивирус Версия Обновление Результат
a-squared 5.0.0.26 2010.06.18 -
AhnLab-V3 2010.06.18.01 2010.06.18 -
AntiVir 8.2.2.6 2010.06.18 -
Antiy-AVL 2.0.3.7 2010.06.18 -
Authentium 5.2.0.5 2010.06.18 -
Avast 4.8.1351.0 2010.06.18 -
Avast5 5.0.332.0 2010.06.18 -
AVG 9.0.0.787 2010.06.18 -
BitDefender 7.2 2010.06.18 -
CAT-QuickHeal 10.00 2010.06.18 -
ClamAV 0.96.0.3-git 2010.06.18 -
Comodo 5141 2010.06.18 [B]Heur.Suspicious[/B]
DrWeb 5.0.2.03300 2010.06.18 -
eSafe 7.0.17.0 2010.06.17 -
eTrust-Vet 36.1.7646 2010.06.18 -
F-Prot 4.6.1.107 2010.06.17 -
F-Secure 9.0.15370.0 2010.06.18 -
Fortinet 4.1.133.0 2010.06.17 -
GData 21 2010.06.18 -
Ikarus T3.1.1.84.0 2010.06.18 -
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.18 -
McAfee 5.400.0.1158 2010.06.18 -
McAfee-GW-Edition 2010.1 2010.06.18 -
Microsoft 1.5902 2010.06.18 -
NOD32 5206 2010.06.18 -
Norman 6.05.06 2010.06.17 -
nProtect 2010-06-18.01 2010.06.18 -
Panda 10.0.2.7 2010.06.18 -
PCTools 7.0.3.5 2010.06.18 -
Prevx 3.0 2010.06.18 -
Rising 22.52.04.04 2010.06.18 -
Sophos 4.54.0 2010.06.18 -
Sunbelt 6466 2010.06.18 -
Symantec 20101.1.0.89 2010.06.18 -
TheHacker 6.5.2.0.299 2010.06.17 -
TrendMicro 9.120.0.1004 2010.06.18 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.18 -
VBA32 3.12.12.5 2010.06.17 -
ViRobot 2010.6.14.3884 2010.06.18 -
VirusBuster 5.0.27.0 2010.06.17 -

Дополнительная информация
File size: 36864 bytes
MD5...: 09a8b44b855c1655266f69262dcf381c
SHA1..: dfb775e5a821c6bd93ef7d23738aa2a6b2036639
SHA256: 811aac9ef4f1618f4c63c8f9b199d23ecce5eb2b9388b53e1410066215bfd759
ssdeep: 768:fe6cp2fDl0qx3Xq2zUn2h/1lcBRAbds8fYNnmkUDNJwok5mW:fep2fhpxKX2 xw6d1fcmkURDGmW 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1b470 timedatestamp.....: 0x45281c31 (Sat Oct 07 21:29:21 2006) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x12000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x13000 0x9000 0x8600 7.95 5485a0223c5c9be90204414f6a53701d .rsrc 0x1c000 0x1000 0x600 3.48 e41e72f1570df29e4aff7824461ae72e ( 3 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > GDI32.DLL: BitBlt > USER32.DLL: GetMenu ( 0 exports ) 
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: Win32 Executable Generic (51.2%) Win16/32 Executable Delphi generic (12.4%) Clipper DOS Executable (12.1%) Generic Win/DOS Executable (12.0%) DOS Executable Generic (12.0%)
packers (Kaspersky): PE_Patch.UPX, UPX
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
packers (F-Prot): UPX[/CODE]

[B]Ваш запрос был проанализирован Автоматической Системой. Соответствующая запись добавлена в вирусную базу Dr.Web и будет доступна при следующем обновлении.
Угроза: [B][COLOR="Red"]Trojan.Oficla.38[/COLOR][/B][/B]
18.06.2010, 20:35
gjf

[QUOTE]никого не узнаёшь на этой фотке? :-D гг))
[url]http://**ya.ru/e/foto032.gif[/url][/QUOTE]
Откроет и правда [url=http://img716.imageshack.us/img716/377/6666hr.jpg]фотку[/url]. Может кто узнает? ;)
При этом создаёт и запускает [url=http://www.virustotal.com/analisis/1c058f40dfd209471876d762992f36a045dcc1a3ce6356d0c9ff091812c1db68-1276878475]svcgoost.exe[/url]:
File svcgoost.exe received on 2010.06.18 16:27:55 (UTC)
Result: 4/41 (9.76%)
[QUOTE]a-squared 5.0.0.26 2010.06.18 -
AhnLab-V3 2010.06.18.05 2010.06.18 -
AntiVir 8.2.2.6 2010.06.18 -
Antiy-AVL 2.0.3.7 2010.06.18 -
Authentium 5.2.0.5 2010.06.18 -
Avast 4.8.1351.0 2010.06.18 -
Avast5 5.0.332.0 2010.06.18 -
AVG 9.0.0.787 2010.06.18 -
BitDefender 7.2 2010.06.18 -
CAT-QuickHeal 10.00 2010.06.18 -
ClamAV 0.96.0.3-git 2010.06.18 -
Comodo 5143 2010.06.18 -
DrWeb 5.0.2.03300 2010.06.18 -
eSafe 7.0.17.0 2010.06.17 -
eTrust-Vet 36.1.7646 2010.06.18 -
F-Prot 4.6.1.107 2010.06.17 -
[B]F-Secure 9.0.15370.0 2010.06.18 Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.1.133.0 2010.06.18 -
GData 21 2010.06.18 -
Ikarus T3.1.1.84.0 2010.06.18 -
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.18 -
McAfee 5.400.0.1158 2010.06.18 -
McAfee-GW-Edition 2010.1 2010.06.18 -
Microsoft None 2010.06.18 -
NOD32 5208 2010.06.18 -
Norman 6.05.06 2010.06.17 -
nProtect 2010-06-18.01 2010.06.18 -
[B]Panda 10.0.2.7 2010.06.18 Suspicious file[/B]
PCTools 7.0.3.5 2010.06.18 -
[B]Prevx 3.0 2010.06.18 Medium Risk Malware[/B]
Rising 22.52.04.04 2010.06.18 -
Sophos 4.54.0 2010.06.18 -
[B]Sunbelt 6467 2010.06.18 Trojan.Win32.Generic.pak!cobra[/B]
Symantec 20101.1.0.89 2010.06.18 -
TheHacker 6.5.2.0.300 2010.06.18 -
TrendMicro 9.120.0.1004 2010.06.18 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.18 -
VBA32 3.12.12.5 2010.06.18 -
ViRobot 2010.6.14.3884 2010.06.18 -
VirusBuster 5.0.27.0 2010.06.18 -[/QUOTE]
и [url=http://www.virustotal.com/analisis/fef9483b3a994a5e068d08b7048be79053d261199c7119425d167edf7b3a522e-1276878492]exploree.exe[/url]:
File exploree.exe received on 2010.06.18 16:28:12 (UTC)
Result: 4/41 (9.76%)
[quote]a-squared 5.0.0.26 2010.06.18 -
AhnLab-V3 2010.06.18.05 2010.06.18 -
AntiVir 8.2.2.6 2010.06.18 -
Antiy-AVL 2.0.3.7 2010.06.18 -
Authentium 5.2.0.5 2010.06.18 -
Avast 4.8.1351.0 2010.06.18 -
Avast5 5.0.332.0 2010.06.18 -
AVG 9.0.0.787 2010.06.18 -
BitDefender 7.2 2010.06.18 -
CAT-QuickHeal 10.00 2010.06.18 -
ClamAV 0.96.0.3-git 2010.06.18 -
Comodo 5143 2010.06.18 -
DrWeb 5.0.2.03300 2010.06.18 -
eSafe 7.0.17.0 2010.06.17 -
eTrust-Vet 36.1.7646 2010.06.18 -
F-Prot 4.6.1.107 2010.06.17 -
[B]F-Secure 9.0.15370.0 2010.06.18 Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.1.133.0 2010.06.18 -
GData 21 2010.06.18 -
Ikarus T3.1.1.84.0 2010.06.18 -
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.18 -
McAfee 5.400.0.1158 2010.06.18 -
McAfee-GW-Edition 2010.1 2010.06.18 -
Microsoft 1.5902 2010.06.18 -
NOD32 5208 2010.06.18 -
Norman 6.05.06 2010.06.17 -
nProtect 2010-06-18.01 2010.06.18 -
[B]Panda 10.0.2.7 2010.06.18 Suspicious file[/B]
PCTools 7.0.3.5 2010.06.18 -
Prevx 3.0 2010.06.18 -
Rising 22.52.04.04 2010.06.18 -
[B]Sophos 4.54.0 2010.06.18 Mal/Basine-C
Sunbelt 6467 2010.06.18 Trojan.Win32.Generic.pak!cobra[/B]
Symantec 20101.1.0.89 2010.06.18 -
TheHacker 6.5.2.0.300 2010.06.18 -
TrendMicro 9.120.0.1004 2010.06.18 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.18 -
VBA32 3.12.12.5 2010.06.18 -
ViRobot 2010.6.14.3884 2010.06.18 -
VirusBuster 5.0.27.0 2010.06.18 -[/quote]

Ну и в хост добавляет:
[QUOTE]fsdgdfg57657
173.212.229.196 [url]www.telebank.ru[/url]
194.8.250.102 [url]www.vk.com[/url]
194.8.250.102 mail.ru
194.8.250.102 [url]www.mail.ru[/url]
173.212.229.196 telebank.ru
194.8.250.102 [url]www.vkontakte.ru[/url]
194.8.250.102 vk.com
194.8.250.102 [url]www.odnoklassniki.ru[/url]
194.8.250.102 [url]www.odnoklassniki.ua[/url]
194.8.250.102 odnoklassniki.ua
194.8.250.102 odnoklassniki.ru
194.8.250.102 vkontakte.ru
Dsfgjy876[/QUOTE]

А вот что по [URL="http://www.virustotal.com/analisis/40a97997540ef02d91776fa11e87a943e030bfb4ab4137e0145d1e3e692681c2-1276877827"]дропперу-"фотке"[/URL], собственно:
File foto032.scr received on 2010.06.18 16:17:07 (UTC)
Result: 4/41 (9.76%)
[QUOTE]a-squared 5.0.0.26 2010.06.18 -
AhnLab-V3 2010.06.18.05 2010.06.18 -
AntiVir 8.2.2.6 2010.06.18 -
Antiy-AVL 2.0.3.7 2010.06.18 -
Authentium 5.2.0.5 2010.06.18 -
Avast 4.8.1351.0 2010.06.18 -
Avast5 5.0.332.0 2010.06.18 -
AVG 9.0.0.787 2010.06.18 -
BitDefender 7.2 2010.06.18 -
CAT-QuickHeal 10.00 2010.06.18 -
ClamAV 0.96.0.3-git 2010.06.18 -
[B]Comodo 5143 2010.06.18 MalCrypt.Indus![/B]
DrWeb 5.0.2.03300 2010.06.18 -
eSafe 7.0.17.0 2010.06.17 -
eTrust-Vet 36.1.7646 2010.06.18 -
F-Prot 4.6.1.107 2010.06.17 -
[B]F-Secure 9.0.15370.0 2010.06.18 Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.1.133.0 2010.06.18 -
GData 21 2010.06.18 -
Ikarus T3.1.1.84.0 2010.06.18 -
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.18 -
McAfee 5.400.0.1158 2010.06.18 -
McAfee-GW-Edition 2010.1 2010.06.18 -
Microsoft None 2010.06.18 -
NOD32 5207 2010.06.18 -
Norman 6.05.06 2010.06.17 -
nProtect 2010-06-18.01 2010.06.18 -
[B]Panda 10.0.2.7 2010.06.18 Suspicious file[/B]
PCTools 7.0.3.5 2010.06.18 -
[B]Prevx 3.0 2010.06.18 Medium Risk Malware[/B]
Rising 22.52.04.04 2010.06.18 -
Sophos 4.54.0 2010.06.18 -
Sunbelt 6467 2010.06.18 -
Symantec 20101.1.0.89 2010.06.18 -
TheHacker 6.5.2.0.300 2010.06.18 -
TrendMicro 9.120.0.1004 2010.06.18 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.18 -
VBA32 3.12.12.5 2010.06.18 -
ViRobot 2010.6.14.3884 2010.06.18 -
VirusBuster 5.0.27.0 2010.06.18 -[/QUOTE]

Всех поздравляю с пятницей! ;)
21.06.2010, 20:08
Nexus

Прислали по почте под видом документа MS Word от какой-то компании :)

File UPSInvoice.exe received on 2010.06.21 15:48:41 (UTC)

[QUOTE][B]a-squared 5.0.0.30 2010.06.21 Gen.Trojan!IK[/B]
AhnLab-V3 2010.06.21.02 2010.06.21 -
[B]AntiVir 8.2.2.6 2010.06.21 TR/Crypt.XPACK.Gen2[/B]
Antiy-AVL 2.0.3.7 2010.06.18 -
[B]Authentium 5.2.0.5 2010.06.21 W32/Oficla.H.gen!Eldorado[/B]
Avast 4.8.1351.0 2010.06.21 -
Avast5 5.0.332.0 2010.06.21 -
[B]AVG 9.0.0.787 2010.06.21 Win32/Heur[/B]
[B]BitDefender 7.2 2010.06.21 Gen:Trojan.Heur.fCW@rrVFZBjaf[/B]
[B]CAT-QuickHeal 10.00 2010.06.18 (Suspicious) - DNAScan[/B]
[B]ClamAV 0.96.0.3-git 2010.06.21 Trojan.Spy-74762[/B]
[B]Comodo 5174 2010.06.21 Heur.Suspicious[/B]
DrWeb 5.0.2.03300 2010.06.21 -
eSafe 7.0.17.0 2010.06.20 -
eTrust-Vet 36.1.7654 2010.06.21 -
[B]F-Prot 4.6.1.107 2010.06.20 W32/Oficla.H.gen!Eldorado
F-Secure 9.0.15370.0 2010.06.21 Trojan-Downloader:W32/Oficla.FR[/B]
Fortinet 4.1.133.0 2010.06.21 -
[B]GData 21 2010.06.21 Gen:Trojan.Heur.fCW@rrVFZBjaf
Ikarus T3.1.1.84.0 2010.06.21 Gen.Trojan[/B]
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.21 -
[B]McAfee 5.400.0.1158 2010.06.21 Generic.dx!szz
McAfee-GW-Edition 2010.1 2010.06.21 Artemis!FA90D121985C
Microsoft 1.5902 2010.06.21 Trojan:Win32/Oficla.M
NOD32 5215 2010.06.21 a variant of Win32/Kryptik.EUN
Norman 6.05.06 2010.06.21 W32/Obfuscated.D!genr[/B]
nProtect 2010-06-21.01 2010.06.21 -
[B]Panda 10.0.2.7 2010.06.20 Suspicious file
PCTools 7.0.3.5 2010.06.21 Trojan.Sasfis[/B]
Prevx 3.0 2010.06.21 -
Rising 22.53.00.04 2010.06.21 -
[B]Sophos 4.54.0 2010.06.21 Mal/FakeAV-BW[/B]
Sunbelt 6482 2010.06.21 -
[B]Symantec 20101.1.0.89 2010.06.21 Trojan.Sasfis[/B]
TheHacker 6.5.2.0.302 2010.06.20 -
TrendMicro 9.120.0.1004 2010.06.21 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.21 -
VBA32 3.12.12.5 2010.06.21 -
ViRobot 2010.6.21.3896 2010.06.21 -
VirusBuster 5.0.27.0 2010.06.21 -[/QUOTE]

Additional information
File size: 94720 bytes
MD5 : fa90d121985c65e18270f745182a73af

[url]http://www.virustotal.com/analisis/f662454ee2e64635166e3ec213039a96e6f669fd66311c693bb4bd31a07e2931-1277135321[/url]
24.06.2010, 15:56
DefesT

Файл [B]foto.jar[/B] получен 2010.06.24 11:50:23 (UTC)
Результат: [B][COLOR="Red"]10[/COLOR][/B]/[B]41[/B] (24.4%)
[QUOTE][U]Антивирус Версия Обновление Результат[/U]
[B]a-squared 5.0.0.30 2010.06.22 Trojan-SMS!IK[/B]
AhnLab-V3 2010.06.22.00 2010.06.22 -
[B]AntiVir 8.2.2.6 2010.06.21 JAVA/Picong.A[/B]
[B]Antiy-AVL 2.0.3.7 2010.06.22 Trojan/J2ME.Picong[/B]
Authentium 5.2.0.5 2010.06.22 -
Avast 4.8.1351.0 2010.06.21 -
Avast5 5.0.332.0 2010.06.21 -
AVG 9.0.0.787 2010.06.21 -
BitDefender 7.2 2010.06.22 -
CAT-QuickHeal 10.00 2010.06.22 -
ClamAV 0.96.0.3-git 2010.06.22 -
[B]Comodo 5180 2010.06.22 TrojWare.J2ME.SMS.Picong[/B]
[B]DrWeb 5.0.2.03300 2010.06.22 Java.SMSSend.188[/B]
eSafe 7.0.17.0 2010.06.20 -
eTrust-Vet 36.1.7657 2010.06.22 -
F-Prot 4.6.1.107 2010.06.21 -
[B]F-Secure 9.0.15370.0 2010.06.22 Riskware:Java/SmsSend.Gen!A[/B]
Fortinet 4.1.133.0 2010.06.21 -
GData 21 2010.06.22 -
[B]Ikarus T3.1.1.84.0 2010.06.22 Trojan-SMS[/B]
Jiangmin 13.0.900 2010.06.15 -
[B]Kaspersky 7.0.0.125 2010.06.22 Trojan-SMS.J2ME.Picong.a[/B]
McAfee 5.400.0.1158 2010.06.22 -
McAfee-GW-Edition 2010.1 2010.06.22 -
Microsoft 1.5902 2010.06.22 -
NOD32 5216 2010.06.21 -
Norman 6.05.06 2010.06.21 -
nProtect 2010-06-21.01 2010.06.21 -
Panda 10.0.2.7 2010.06.21 -
PCTools 7.0.3.5 2010.06.22 -
Prevx 3.0 2010.06.24 -
Rising 22.53.01.04 2010.06.22 -
Sophos 4.54.0 2010.06.22 -
Sunbelt 6483 2010.06.21 -
Symantec 20101.1.0.89 2010.06.22 -
TheHacker 6.5.2.0.302 2010.06.22 -
TrendMicro 9.120.0.1004 2010.06.22 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.22 -
[B]VBA32 3.12.12.5 2010.06.22 Trojan-SMS.J2ME.Picong.a[/B]
[B]ViRobot 2010.6.21.3896 2010.06.22 J2ME.S.Picong.3294[/B]
VirusBuster 5.0.27.0 2010.06.21 -[/QUOTE]
Дополнительная информация
File size: [B]10745[/B] bytes
MD5...: 399f2c9880b34580f1d77df0b54aaa07
SHA1..: bd161763e01441d3184c5ee8f2ccbaf8b6e69faf
SHA256: d9abe97c19c02b2e5c22fe39094f9628f88c8789d08589bccb7f59db88ab7b92
[url]http://www.virustotal.com/ru/analisis/d9abe97c19c02b2e5c22fe39094f9628f88c8789d08589bccb7f59db88ab7b92-1277380223[/url]
25.06.2010, 12:06
Vadim_SVN

Все тоже ... девки :)
[CODE]File WinSecurity.exe received on 2010.06.25 07:50:54 (UTC)
[B]Result: [COLOR="Red"]4[/COLOR]/41 (9.76%)[/B]

a-squared 5.0.0.30 2010.06.25 -
AhnLab-V3 2010.06.25.00 2010.06.25 -
AntiVir 8.2.4.2 2010.06.24 -
Antiy-AVL 2.0.3.7 2010.06.24 -
Authentium 5.2.0.5 2010.06.25 -
Avast 4.8.1351.0 2010.06.24 -
Avast5 5.0.332.0 2010.06.24 -
AVG 9.0.0.836 2010.06.24 -
BitDefender 7.2 2010.06.25 -
CAT-QuickHeal 10.00 2010.06.25 -
ClamAV 0.96.0.3-git 2010.06.24 -
[B]Comodo 5212 2010.06.25 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.06.25 Trojan.Hosts.507[/B]
eSafe 7.0.17.0 2010.06.24 -
eTrust-Vet 36.1.7665 2010.06.24 -
F-Prot 4.6.1.107 2010.06.24 -
F-Secure 9.0.15370.0 2010.06.25 -
Fortinet 4.1.133.0 2010.06.24 -
GData 21 2010.06.25 -
Ikarus T3.1.1.84.0 2010.06.25 -
Jiangmin 13.0.900 2010.06.15 -
[B]Kaspersky 7.0.0.125 2010.06.25 Trojan.Win32.Qhost.nkq[/B]
McAfee 5.400.0.1158 2010.06.25 -
McAfee-GW-Edition 2010.1 2010.06.25 -
Microsoft 1.5902 2010.06.25 -
NOD32 5227 2010.06.24 -
Norman 6.05.10 2010.06.24 -
nProtect 2010-06-24.01 2010.06.24 -
Panda 10.0.2.7 2010.06.24 -
PCTools 7.0.3.5 2010.06.25 -
Prevx 3.0 2010.06.25 -
Rising 22.53.04.03 2010.06.25 -
Sophos 4.54.0 2010.06.25 -
[B]Sunbelt 6503 2010.06.25 Trojan.Win32.Generic.pak!cobra[/B]
Symantec 20101.1.0.89 2010.06.25 -
TheHacker 6.5.2.0.303 2010.06.24 -
TrendMicro 9.120.0.1004 2010.06.25 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.25 -
VBA32 3.12.12.5 2010.06.24 -
ViRobot 2010.6.21.3896 2010.06.25 -
VirusBuster 5.0.27.0 2010.06.24 -[/CODE]

Additional information
File size: 86528 bytes
MD5...: 9d99cd3c55369e474434f76e1344e533
26.06.2010, 21:39
San(hez

Вот "ускоритель винды" =)
[CODE]Файл Accelerate_windows_v.3.5.zip получен 2010.06.26 17:20:06 (UTC)
Антивирус Версия Обновление Результат
a-squared 5.0.0.30 2010.06.26 -
AhnLab-V3 2010.06.27.00 2010.06.26 -
AntiVir 8.2.4.2 2010.06.25 -
Antiy-AVL 2.0.3.7 2010.06.25 -
Authentium 5.2.0.5 2010.06.26 -
Avast 4.8.1351.0 2010.06.26 -
Avast5 5.0.332.0 2010.06.26 -
AVG 9.0.0.836 2010.06.26 -
BitDefender 7.2 2010.06.26 -
CAT-QuickHeal 10.00 2010.06.26 Trojan.VkHost.ob
ClamAV 0.96.0.3-git 2010.06.26 -
Comodo 5223 2010.06.26 Heur.Packed.Unknown
DrWeb 5.0.2.03300 2010.06.26 Trojan.Hosts.380
eSafe 7.0.17.0 2010.06.24 -
eTrust-Vet 36.1.7668 2010.06.25 -
F-Prot 4.6.1.107 2010.06.26 -
F-Secure 9.0.15370.0 2010.06.26 -
Fortinet 4.1.133.0 2010.06.26 -
GData 21 2010.06.26 -
Ikarus T3.1.1.84.0 2010.06.26 -
Jiangmin 13.0.900 2010.06.25 Trojan/VkHost.eb
Kaspersky 7.0.0.125 2010.06.26 -
McAfee 5.400.0.1158 2010.06.26 -
McAfee-GW-Edition 2010.1 2010.06.25 Heuristic.BehavesLike.Exploit.CodeExec.NLOO
Microsoft 1.5902 2010.06.26 -
NOD32 5230 2010.06.26 a variant of Win32/Qhost.NXT
Norman 6.05.10 2010.06.26 W32/Malware
nProtect 2010-06-26.02 2010.06.26 -
Panda 10.0.2.7 2010.06.26 Trj/Downloader.MDW
PCTools 7.0.3.5 2010.06.26 -
Prevx 3.0 2010.06.26 -
Rising 22.53.04.05 2010.06.25 -
Sophos 4.54.0 2010.06.26 -
Sunbelt 6511 2010.06.26 -
Symantec 20101.1.0.89 2010.06.26 -
TheHacker 6.5.2.0.303 2010.06.25 -
TrendMicro 9.120.0.1004 2010.06.26 TROJ_QHOST.SME
TrendMicro-HouseCall 9.120.0.1004 2010.06.26 TROJ_QHOST.SME
VBA32 3.12.12.5 2010.06.25 Trojan.Horst.0317
ViRobot 2010.6.26.3907 2010.06.26 -
VirusBuster 5.0.27.0 2010.06.26 -
Дополнительная информация
File size: 209967 bytes
MD5...: f52e1dca944b5a46d740b180733f62e0
SHA1..: b5e5b4f1fbcd461e7a67a0ae8824a08ac0bab31b
SHA256: 706896ee9048b9947b3feed4e0dba87e72dae54ebafbf32d871ea215dc6628a9
ssdeep: 3072:09UGem3oVJSbc0giqy2DNG7pIvkVS4hsfyJ09bqCsuFvZZVF7Ak4DJFaHwR KiS69:095DcSoHy3HqyoFvZZr4FAHMypDQRF 
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: Mozilla Firefox browser extension (66.6%) ZIP compressed archive (33.3%)
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
[/CODE]
27.06.2010, 14:52
Winsent

Файл flash_player.exe получен 2010.06.27 10:42:39 (UTC)

[QUOTE] Антивирус Версия Обновление Результат

a-squared 5.0.0.30 2010.06.27 -
AhnLab-V3 2010.06.27.00 2010.06.26 -
AntiVir 8.2.4.2 2010.06.25 -
Antiy-AVL 2.0.3.7 2010.06.25 -
Authentium 5.2.0.5 2010.06.26 -
Avast 4.8.1351.0 2010.06.26 -
[B]Avast5 5.0.332.0 2010.06.26 Win32:SuspBehav-D [/B]
AVG 9.0.0.836 2010.06.27 -
BitDefender 7.2 2010.06.27 -
CAT-QuickHeal 10.00 2010.06.26 -
ClamAV 0.96.0.3-git 2010.06.26 -
Comodo 5232 2010.06.27 -
DrWeb 5.0.2.03300 2010.06.27 -
eSafe 7.0.17.0 2010.06.24 -
eTrust-Vet 36.1.7668 2010.06.25 -
F-Prot 4.6.1.107 2010.06.26 -
F-Secure 9.0.15370.0 2010.06.26 -
Fortinet 4.1.133.0 2010.06.26 -
GData 21 2010.06.27 -
Ikarus T3.1.1.84.0 2010.06.27 -
Jiangmin 13.0.900 2010.06.27 -
Kaspersky 7.0.0.125 2010.06.27 -
McAfee 5.400.0.1158 2010.06.27 -
McAfee-GW-Edition 2010.1 2010.06.25 -
Microsoft 1.5902 2010.06.27 -
[B]NOD32 5231 2010.06.27 a variant of Win32/Kryptik.FDD[/B]
Norman 6.05.10 2010.06.27 -
nProtect 2010-06-27.02 2010.06.27 -
Panda 10.0.2.7 2010.06.26 -
PCTools 7.0.3.5 2010.06.27 -
Prevx 3.0 2010.06.27 -
Rising 22.53.04.05 2010.06.25 -
Sophos 4.54.0 2010.06.27 -
[B]Sunbelt 6513 2010.06.27 VirTool.Win32.Obfuscator.hg!a (v)[/B]
Symantec 20101.1.0.89 2010.06.27 -
TheHacker 6.5.2.0.303 2010.06.25 -
TrendMicro 9.120.0.1004 2010.06.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.27 -
[B]VBA32 3.12.12.5 2010.06.25 SScope.Trojan.Agent.0466 [/B]
ViRobot 2010.6.26.3907 2010.06.26 -
VirusBuster 5.0.27.0 2010.06.26 - [/QUOTE]

Дополнительная информация
File size: 134144 bytes
MD5...: d386f2286c1907e69fa1b0eb8418cee9
SHA1..: 7b93d1de44527af180278eec06f99aad547c049c
SHA256: 9d70e30dc5dab8b21bb1133b16473623b35e0f5ba22a4f4f18717bb30b9b628b
ssdeep: 3072:ZjUP+Qlcxr2xNy6HUZNynHm8KbfpGeDo/M5JsNYFfP:dUmcp0jy5KVeU8E 
PEiD..: -

Файл set.exe получен 2010.06.27 10:45:58 (UTC)

[QUOTE]Антивирус Версия Обновление Результат

a-squared 5.0.0.30 2010.06.22 -
AhnLab-V3 2010.06.22.00 2010.06.22 -
AntiVir 8.2.2.6 2010.06.21 -
Antiy-AVL 2.0.3.7 2010.06.22 -
Authentium 5.2.0.5 2010.06.22 -
Avast 4.8.1351.0 2010.06.21 -
Avast5 5.0.332.0 2010.06.21 -
AVG 9.0.0.787 2010.06.21 -
BitDefender 7.2 2010.06.22 -
CAT-QuickHeal 10.00 2010.06.22 -
ClamAV 0.96.0.3-git 2010.06.22 -
Comodo 5180 2010.06.22 -
DrWeb 5.0.2.03300 2010.06.22 -
eSafe 7.0.17.0 2010.06.20 -
[B]eTrust-Vet 36.1.7657 2010.06.22 Win32/TDSS.B!generic [/B]
F-Prot 4.6.1.107 2010.06.21 -
F-Secure 9.0.15370.0 2010.06.22 -
Fortinet 4.1.133.0 2010.06.21 -
GData 21 2010.06.22 -
Ikarus T3.1.1.84.0 2010.06.22 -
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.22 -
McAfee 5.400.0.1158 2010.06.22 -
[B]McAfee-GW-Edition 2010.1 2010.06.22 Artemis!901C0A6A463E [/B]
Microsoft 1.5902 2010.06.22 -
[B]NOD32 5216 2010.06.21 a variant of Win32/Olmarik.UL [/B]
Norman 6.05.06 2010.06.21 -
nProtect 2010-06-21.01 2010.06.21 -
[B]Panda 10.0.2.7 2010.06.21 Suspicious file[/B]
PCTools 7.0.3.5 2010.06.22 -
Prevx 3.0 2010.06.27 -
Rising 22.53.01.04 2010.06.22 -
Sophos 4.54.0 2010.06.22 -
Sunbelt 6483 2010.06.21 -
Symantec 20101.1.0.89 2010.06.22 -
TheHacker 6.5.2.0.302 2010.06.22 -
TrendMicro 9.120.0.1004 2010.06.22 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.22 -
VBA32 3.12.12.5 2010.06.22 -
ViRobot 2010.6.21.3896 2010.06.22 -
VirusBuster 5.0.27.0 2010.06.21 - [/QUOTE]

Дополнительная информация
File size: 87040 bytes
MD5...: 901c0a6a463e3f781f1952bd47e4d6a5
SHA1..: 049ff6e16b24529dafd7523927a9a27f5f7f47e7
SHA256: 97300b960d912a27a81b2d7af2359df7d6657f73a35d8a4b8181e1d29eb0f0d7
ssdeep: 1536:SRpQfCAK8SZ7DPt+Gb2YXmmBrP632JC2xuMkO/yndJfnSMzJ:6piCAKLDXZ mo632JC2ojO/yndNd9 
PEiD..: -
30.06.2010, 09:10
Юльча

Файл xxx_video_843.avi.exe получен 2010.06.29 23:18:36 (UTC)
Результат: 7/41 (17.07%)

[QUOTE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.31 2010.06.29 Trojan-Ransom.Win32.PornoBlocker!IK[/B]
AhnLab-V3 2010.06.30.00 2010.06.30 -
AntiVir 8.2.4.2 2010.06.29 -
Antiy-AVL 2.0.3.7 2010.06.25 -
Authentium 5.2.0.5 2010.06.29 -
Avast 4.8.1351.0 2010.06.29 -
Avast5 5.0.332.0 2010.06.29 -
[B]AVG 9.0.0.836 2010.06.29 LockScreen.M[/B]
BitDefender 7.2 2010.06.30 -
CAT-QuickHeal 10.00 2010.06.29 -
ClamAV 0.96.0.3-git 2010.06.30 -
Comodo 5259 2010.06.29 -
DrWeb 5.0.2.03300 2010.06.30 -
eSafe 7.0.17.0 2010.06.29 -
eTrust-Vet 36.1.7675 2010.06.29 -
F-Prot 4.6.1.107 2010.06.29 -
F-Secure 9.0.15370.0 2010.06.30 -
Fortinet 4.1.133.0 2010.06.29 -
GData 21 2010.06.30 -
[B]Ikarus T3.1.1.84.0 2010.06.29 Trojan-Ransom.Win32.PornoBlocker[/B]
Jiangmin 13.0.900 2010.06.27 -
Kaspersky 7.0.0.125 2010.06.29 -
[B]McAfee 5.400.0.1158 2010.06.30 Suspect-1B!A26E3FCB8037[/B]
McAfee-GW-Edition 2010.1 2010.06.29 -
Microsoft 1.5902 2010.06.29 -
[B]NOD32 5238 2010.06.29 a variant of Win32/LockScreen.TZ[/B]
Norman 6.05.10 2010.06.29 -
nProtect 2010-06-29.01 2010.06.29 -
Panda 10.0.2.7 2010.06.29 -
PCTools 7.0.3.5 2010.06.29 -
Prevx 3.0 2010.06.30 -
Rising 22.54.01.03 2010.06.29 -
[B]Sophos 4.54.0 2010.06.29 Mal/DownLdr-AJ
Sunbelt 6523 2010.06.29 Backdoor.Win32.Hupigon (v)[/B]
Symantec 20101.1.0.89 2010.06.29 -
TheHacker 6.5.2.0.304 2010.06.28 -
TrendMicro 9.120.0.1004 2010.06.29 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.30 -
VBA32 3.12.12.5 2010.06.29 -
ViRobot 2010.6.29.3912 2010.06.29 -
VirusBuster 5.0.27.0 2010.06.29 -[/QUOTE]

[url]http://www.virustotal.com/ru/analisis/40197a97636dcb40eda0cfca7c714b1de69dfc94ab2e17881a4b8922dcee4589-1277853516[/url]
30.06.2010, 23:17
DefesT

File update_flash_player_x70.exe received on 2010.06.30 19:10:50 (UTC)
Result: [COLOR="Red"][B]3[/B][/COLOR]/[B]40[/B] (7.5%)
[QUOTE][U]Antivirus Version Last Update Result[/U]
a-squared 5.0.0.31 2010.06.30 -
AhnLab-V3 2010.06.30.07 2010.06.30 -
AntiVir 8.2.4.2 2010.06.30 -
Antiy-AVL 2.0.3.7 2010.06.30 -
Authentium 5.2.0.5 2010.06.30 -
Avast 4.8.1351.0 2010.06.30 -
Avast5 5.0.332.0 2010.06.30 -
AVG 9.0.0.836 2010.06.30 -
BitDefender 7.2 2010.06.30 -
CAT-QuickHeal 11.00 2010.06.30 -
ClamAV 0.96.0.3-git 2010.06.30 -
Comodo 5268 2010.06.30 -
[B]DrWeb 5.0.2.03300 2010.06.30 Trojan.AdultBan.214[/B]
eSafe 7.0.17.0 2010.06.30 -
eTrust-Vet 36.1.7677 2010.06.30 -
F-Prot 4.6.1.107 2010.06.29 -
F-Secure 9.0.15370.0 2010.06.30 -
Fortinet 4.1.133.0 2010.06.30 -
GData 21 2010.06.30 -
Ikarus T3.1.1.84.0 2010.06.30 -
Jiangmin 13.0.900 2010.06.30 -
Kaspersky 7.0.0.125 2010.06.30 -
McAfee 5.400.0.1158 2010.06.30 -
McAfee-GW-Edition 2010.1 2010.06.30 -
Microsoft 1.5902 2010.06.30 -
[B]NOD32 5241 2010.06.30 a variant of Win32/LockScreen.UP[/B]
Norman 6.05.10 2010.06.30 -
nProtect 2010-06-30.01 2010.06.30 -
Panda 10.0.2.7 2010.06.30 -
PCTools 7.0.3.5 2010.06.30 -
Rising 22.54.02.04 2010.06.30 -
Sophos 4.54.0 2010.06.30 -
Sunbelt 6527 2010.06.30 -
Symantec 20101.1.0.89 2010.06.30 -
TheHacker 6.5.2.0.305 2010.06.30 -
TrendMicro 9.120.0.1004 2010.06.30 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.30 -
VBA32 3.12.12.5 2010.06.30 -
ViRobot 2010.6.29.3912 2010.06.30 -
[B]VirusBuster 5.0.27.0 2010.06.30 Trojan.XBlocker.Gen!Pac[/B][/QUOTE]
Additional information
File size: [B]206336[/B] bytes
MD5...: 03e76077feb67818b7dede52189fc525
SHA1..: f95d8963e29fd639f05aeb90923145a5bcf5ac6d
SHA256: 4d48ce2cb1c9ebbd4bfa9a239eaa36f9be3c50a01985272e608fbc6e754dc70d
[url]http://www.virustotal.com/analisis/4d48ce2cb1c9ebbd4bfa9a239eaa36f9be3c50a01985272e608fbc6e754dc70d-1277925050[/url]
02.07.2010, 08:23
ZhIV

File CMedia.dll received on 2010.07.02 04:13:02 (UTC)
[QUOTE]Antivirus Version Last Update Result
[B]a-squared 5.0.0.31 2010.07.02 AdWare.Win32.Adsubscribe!IK
AhnLab-V3 2010.07.02.00 2010.07.02 Adware/Win32.FearAds
AntiVir 8.2.4.2 2010.07.01 ADSPY/AdSpy.Gen[/B]
Antiy-AVL 2.0.3.7 2010.06.30 -
[B]Authentium 5.2.0.5 2010.07.02 W32/AdSubscribe.A.gen!Eldorado
Avast 4.8.1351.0 2010.07.01 Win32:Adware-gen
Avast5 5.0.332.0 2010.07.01 Win32:Adware-gen
AVG 9.0.0.836 2010.07.02 Generic4.AFAW
BitDefender 7.2 2010.07.02 Gen:Adware.AdRiver.1
CAT-QuickHeal 11.00 2010.06.30 AdWare.FearAds.ib (Not a Virus)
ClamAV 0.96.0.3-git 2010.07.02 PUA.Packed.ASPack
[/B]Comodo 5285 2010.07.02 -
[B]DrWeb 5.0.2.03300 2010.07.01 Trojan.AdSubscribe.165[/B]
eSafe 7.0.17.0 2010.06.30 -
[B]eTrust-Vet 36.1.7680 2010.07.01 Win32/ASuspect.HAACC
F-Prot 4.6.1.107 2010.07.01 W32/AdSubscribe.A.gen!Eldorado
F-Secure 9.0.15370.0 2010.07.02 Adware:W32/Adsubscribe.C
Fortinet 4.1.133.0 2010.07.01 Adware/Win32_FearAds
GData 21 2010.07.02 Gen:Adware.AdRiver.1
Ikarus T3.1.1.84.0 2010.07.02 AdWare.Win32.Adsubscribe
Jiangmin 13.0.900 2010.07.01 AdWare/FearAds.fn
Kaspersky 7.0.0.125 2010.07.02 not-a-virus:AdWare.Win32.FearAds.cna
McAfee 5.400.0.1158 2010.07.02 Generic PUP.x!dp
McAfee-GW-Edition 2010.1 2010.07.01 Generic PUP.x!dp
Microsoft 1.5902 2010.07.01 Adware:Win32/Adsubscribe
NOD32 5244 2010.07.01 a variant of Win32/Adware.FearAds
[/B]Norman 6.05.10 2010.07.01 -
nProtect 2010-07-01.01 2010.07.01 -
[B]Panda 10.0.2.7 2010.07.01 Trj/CI.A[/B]
PCTools 7.0.3.5 2010.07.02 -
Rising 22.54.04.01 2010.07.02 -
[B]Sophos 4.54.0 2010.07.02 Adsubscribe
Sunbelt 6534 2010.07.02 Adware.Win32.Adsubscribe (v)
Symantec 20101.1.0.89 2010.07.02 WS.Reputation.1
[/B]TheHacker 6.5.2.1.307 2010.07.01 -
[B]TrendMicro 9.120.0.1004 2010.07.02 ADW_ADSUBSM
TrendMicro-HouseCall 9.120.0.1004 2010.07.02 ADW_ADSUBSM
VBA32 3.12.12.5 2010.07.01 BScope.Adware.CMedia
[/B]ViRobot 2010.6.29.3912 2010.07.02 -
[B]VirusBuster 5.0.27.0 2010.07.01 Adware.Adsubscribe.AOA[/B]
[/QUOTE]
Additional information
File size: 749568 bytes
MD5...: 3a63bb5f18a5dbb[/QUOTE]051d1e2fd839ad304
SHA1..: 7e93bf10e5333f97f12f2aca42be0e24ccf97aca
SHA256: d7dacfe9decb64f1cf44ccde4ade557da5859e8b47bca7979895d7e5fd1abb25
ssdeep: 12288:KMVnTAKP4Y03JhhYjO5INxTdnTCsyQP+LOm41q6xGJOpqD2ze3vNSC4:Ks /4YshY6uN1dn+syHLOm4A0Gkp563vq 

[url]http://www.virustotal.com/analisis/d7dacfe9decb64f1cf44ccde4ade557da5859e8b47bca7979895d7e5fd1abb25-1278043982[/url]

File Uninstall.exe received on 2010.07.02 04:13:36 (UTC)
[QUOTE]Antivirus Version Last Update Result
[B]a-squared 5.0.0.31 2010.07.02 Riskware.Win32.Adload!IK[/B]
AhnLab-V3 2010.07.02.00 2010.07.02 -
[B]AntiVir 8.2.4.2 2010.07.01 ADSPY/AdSpy.Gen
[/B]Antiy-AVL 2.0.3.7 2010.06.30 -
[B]Authentium 5.2.0.5 2010.07.02 W32/AdSubscribe.B.gen!Eldorado
[/B]Avast 4.8.1351.0 2010.07.01 -
Avast5 5.0.332.0 2010.07.01 -
AVG 9.0.0.836 2010.07.02 -
[B]BitDefender 7.2 2010.07.02 GenPack:Adware.FieryAds.C
CAT-QuickHeal 11.00 2010.06.30 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.07.02 PUA.Packed.ASPack
Comodo 5285 2010.07.02 ApplicUnsaf.Win32.Adware.Fearads.~K
DrWeb 5.0.2.03300 2010.07.01 Trojan.AdSubscribe.150
[/B]eSafe 7.0.17.0 2010.06.30 -
eTrust-Vet 36.1.7680 2010.07.01 -
[B]F-Prot 4.6.1.107 2010.07.01 W32/AdSubscribe.B.gen!Eldorado
F-Secure 9.0.15370.0 2010.07.02 Adware:W32/Adsubscribe.gen!B
[/B]Fortinet 4.1.133.0 2010.07.01 -
[B]GData 21 2010.07.02 GenPack:Adware.FieryAds.C
Ikarus T3.1.1.84.0 2010.07.02 not-a-virus:Win32.Adload
[/B]Jiangmin 13.0.900 2010.07.01 -
Kaspersky 7.0.0.125 2010.07.02 -
McAfee 5.400.0.1158 2010.07.02 -
McAfee-GW-Edition 2010.1 2010.07.01 -
[B]Microsoft 1.5902 2010.07.01 Adware:Win32/Adsubscribe
NOD32 5244 2010.07.01 a variant of Win32/Adware.FearAds.AG
[/B]Norman 6.05.10 2010.07.01 -
[B]nProtect 2010-07-01.01 2010.07.01 GenPack:Adware.FieryAds.C
Panda 10.0.2.7 2010.07.01 Trj/Thed.B
[/B]PCTools 7.0.3.5 2010.07.02 -
Prevx 3.0 2010.07.02 -
Rising 22.54.04.01 2010.07.02 -
[B]Sophos 4.54.0 2010.07.02 Adsubscribe
Sunbelt 6534 2010.07.02 Adware.Win32.Adsubscribe (v)
[/B]Symantec 20101.1.0.89 2010.07.02 -
TheHacker 6.5.2.1.307 2010.07.01 -
[B]TrendMicro 9.120.0.1004 2010.07.02 ADW_ADSUBSMR
TrendMicro-HouseCall 9.120.0.1004 2010.07.02 ADW_ADSUBSMR
VBA32 3.12.12.5 2010.07.01 Trojan.Win32.AdSubscribe
[/B]ViRobot 2010.6.29.3912 2010.07.02 -
VirusBuster 5.0.27.0 2010.07.01 -
[/QUOTE]
Additional information
File size: 805376 bytes
MD5...: c10697b7a9ba17fa6d5948d774ff39d6
SHA1..: 4742539aa07205b994d0bcf58559b59e60f21530
SHA256: d3fb5b8180056968b45cd9d8a22104c1fb780c16a598800240001a54b25ad913

[url]http://www.virustotal.com/analisis/d3fb5b8180056968b45cd9d8a22104c1fb780c16a598800240001a54b25ad913-1278044016[/url]
02.07.2010, 21:45
polar_owl

sms-вымогатель. Поймал сегодня:)
File [B]media.exe[/B] received on 2010.07.02 02:32:31 (UTC)

Result: [COLOR="Red"]15[/COLOR]/40 (37.50%)
[QUOTE][B]Antivirus Version Last Update Result[/B]
[B][B]a-squared 5.0.0.31 2010.07.02 Gen.Trojan!IK[/B][/B]
AhnLab-V3 2010.07.02.00 2010.07.02 -
[B][B]AntiVir 8.2.4.2 2010.07.01 TR/Spy.410624.17[/B][/B]
Antiy-AVL 2.0.3.7 2010.06.30 -
Authentium 5.2.0.5 2010.07.02 -
Avast 4.8.1351.0 2010.07.01 -
Avast5 5.0.332.0 2010.07.01 -
AVG 9.0.0.836 2010.07.02 -
[B][B]BitDefender 7.2 2010.07.02 Gen:Trojan.Heur.GZ.zy0@b4EIbJac
CAT-QuickHeal 11.00 2010.06.30 (Suspicious) - DNAScan[/B][/B]
ClamAV 0.96.0.3-git 2010.07.02 -
[B]Comodo 5282 2010.07.02 TrojWare.Win32.Trojan.Agent.Gen[/B]
DrWeb 5.0.2.03300 2010.07.01 -
eSafe 7.0.17.0 2010.06.30 -
eTrust-Vet 36.1.7680 2010.07.01 -
F-Prot 4.6.1.107 2010.07.01 -
[B]F-Secure 9.0.15370.0 2010.07.02 Gen:Trojan.Heur.GZ.zy0@b4EIbJac[/B]
Fortinet 4.1.133.0 2010.07.01 -
[B]GData 21 2010.07.02 Gen:Trojan.Heur.GZ.zy0@b4EIbJac
Ikarus T3.1.1.84.0 2010.07.02 Gen.Trojan[/B]
Jiangmin 13.0.900 2010.07.01 -
Kaspersky 7.0.0.125 2010.07.02 -
[B]McAfee 5.400.0.1158 2010.07.02 Artemis!F02E828BB308
McAfee-GW-Edition 2010.1 2010.07.01 Artemis!F02E828BB308
Microsoft 1.5902 2010.07.01 VirTool:Win32/Obfuscator.FW
NOD32 5244 2010.07.01 a variant of Win32/Kryptik.FGL[/B]
Norman 6.05.10 2010.07.01 -
nProtect 2010-07-01.01 2010.07.01 -
[B]Panda 10.0.2.7 2010.07.01 Trj/CI.A[/B]
PCTools 7.0.3.5 2010.07.02 -
Prevx 3.0 2010.07.02 -
Rising 22.54.04.01 2010.07.02 -
[B]Sophos 4.54.0 2010.07.02 Sus/UnkPack-C[/B]
Sunbelt 6533 2010.07.02 -
Symantec 20101.1.0.89 2010.07.02 -
TheHacker 6.5.2.1.307 2010.07.01 -
[B]TrendMicro-HouseCall 9.120.0.1004 2010.07.02 TSPY_QAKBOT.SMG[/B]
VBA32 3.12.12.5 2010.07.01 -
ViRobot 2010.6.29.3912 2010.07.01 -
VirusBuster 5.0.27.0 2010.07.01 -
[B]Additional information
File size: 410624 bytes
MD5 : f02e828bb308e1e5eaa3da77e8a1c8ac
SHA1 : dac8dd5f6d4a861daa642397e9352eba9b16d12e
SHA256: 34049d009c5bf78ed5e41fcaa633bca6effc45a17fde36963994a6559e0cc9b6
PEInfo: PE Structure information[/B][/QUOTE]
Ссылка:[url]http://www.virustotal.com/analisis/34049d009c5bf78ed5e41fcaa633bca6effc45a17fde36963994a6559e0cc9b6-1278037951[/url]
05.07.2010, 17:33
valho

Всякие блокеры винды и баннеры их много только упакованы по разному, внутри вот это, точнее они просто переименовываются из flash_player.exe:

File kasper_zaebal.exe received on 2010.07.05 13:05:19 (UTC)
Current status: finished
Result: 1/41 (2.44%)
[QUOTE]a-squared 5.0.0.31 2010.07.05 -
AhnLab-V3 2010.07.03.00 2010.07.03 -
AntiVir 8.2.4.2 2010.07.05 -
Antiy-AVL 2.0.3.7 2010.07.02 -
Authentium 5.2.0.5 2010.07.04 -
Avast 4.8.1351.0 2010.07.05 -
Avast5 5.0.332.0 2010.07.05 -
AVG 9.0.0.836 2010.07.05 -
BitDefender 7.2 2010.07.05 -
CAT-QuickHeal 11.00 2010.06.30 -
ClamAV 0.96.0.3-git 2010.07.05 -
Comodo 5326 2010.07.05 -
DrWeb 5.0.2.03300 2010.07.05 -
eSafe 7.0.17.0 2010.07.05 -
eTrust-Vet 36.1.7687 2010.07.05 -
F-Prot 4.6.1.107 2010.07.04 -
F-Secure 9.0.15370.0 2010.07.05 -
Fortinet 4.1.133.0 2010.07.04 -
GData 21 2010.07.05 -
Ikarus T3.1.1.84.0 2010.07.05 -
Jiangmin 13.0.900 2010.07.03 -
Kaspersky 7.0.0.125 2010.07.05 -
McAfee 5.400.0.1158 2010.07.05 -
McAfee-GW-Edition 2010.1 2010.07.05 -
Microsoft 1.5902 2010.07.03 -
[B]NOD32 5252 2010.07.05 a variant of Win32/Kryptik.EIF[/B]
Norman 6.05.10 2010.07.05 -
nProtect 2010-07-05.01 2010.07.05 -
Panda 10.0.2.7 2010.07.04 -
PCTools 7.0.3.5 2010.07.05 -
Prevx 3.0 2010.07.05 -
Rising 22.55.00.04 2010.07.05 -
Sophos 4.54.0 2010.07.05 -
Sunbelt 6545 2010.07.05 -
Symantec 20101.1.0.89 2010.07.05 -
TheHacker 6.5.2.1.308 2010.07.05 -
TrendMicro 9.120.0.1004 2010.07.05 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.05 -
VBA32 3.12.12.5 2010.07.05 -
ViRobot 2010.6.29.3912 2010.07.05 -
VirusBuster 5.0.27.0 2010.07.05 -[/QUOTE]

Additional information
File size: 95744 bytes
MD5...: 88479040dd0126e0b9bd764ba8bd4c43
SHA1..: 5f405ab52af61d9cbf528b0aa2c8bef9f4b4ed80
SHA256: 341c4bddb3032de44f73d35a08fc779b2785ea6c12bfca73847861835889b172
ssdeep: 1536:8JGlDUeQq8Nc/xrQ6mo3svzFzJn5Qn/yKNh+0ClNh40CsNdyukfPuz:n+Pq
88rLmYsvV55Qn/y3hQsNYFfPY
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x57ad
timedatestamp.....: 0x477540c5 (Fri Dec 28 18:30:29 2007)
machinetype.......: 0x14c (I386)

File kasper_zaebal.exe received on 2010.07.05 13:14:40 (UTC)
Current status: finished
Result: 3/41 (7.32%)
[QUOTE]a-squared 5.0.0.31 2010.07.05 -
AhnLab-V3 2010.07.03.00 2010.07.03 -
AntiVir 8.2.4.2 2010.07.05 -
Antiy-AVL 2.0.3.7 2010.07.02 -
Authentium 5.2.0.5 2010.07.04 -
Avast 4.8.1351.0 2010.07.05 -
Avast5 5.0.332.0 2010.07.05 -
AVG 9.0.0.836 2010.07.05 -
BitDefender 7.2 2010.07.05 -
CAT-QuickHeal 11.00 2010.06.30 -
ClamAV 0.96.0.3-git 2010.07.05 -
Comodo 5326 2010.07.05 -
DrWeb 5.0.2.03300 2010.07.05 -
eSafe 7.0.17.0 2010.07.05 -
eTrust-Vet 36.1.7687 2010.07.05 -
F-Prot 4.6.1.107 2010.07.04 -
F-Secure 9.0.15370.0 2010.07.05 -
Fortinet 4.1.133.0 2010.07.04 -
GData 21 2010.07.05 -
Ikarus T3.1.1.84.0 2010.07.05 -
Jiangmin 13.0.900 2010.07.03 -
Kaspersky 7.0.0.125 2010.07.05 -
McAfee 5.400.0.1158 2010.07.05 -
[B]McAfee-GW-Edition 2010.1 2010.07.05 Heuristic.LooksLike.Trojan.Crypt.I[/B]
Microsoft 1.5902 2010.07.03 -
[B]NOD32 5252 2010.07.05 a variant of Win32/Kryptik.EIF[/B]
Norman 6.05.10 2010.07.05 -
nProtect 2010-07-05.01 2010.07.05 -
Panda 10.0.2.7 2010.07.04 -
PCTools 7.0.3.5 2010.07.05 -
Prevx 3.0 2010.07.05 -
Rising 22.55.00.04 2010.07.05 -
Sophos 4.54.0 2010.07.05 -
Sunbelt 6545 2010.07.05 -
Symantec 20101.1.0.89 2010.07.05 -
TheHacker 6.5.2.1.308 2010.07.05 -
TrendMicro 9.120.0.1004 2010.07.05 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.05 -
[B]VBA32 3.12.12.5 2010.07.05 SScope.Trojan.Agent.0466[/B]
ViRobot 2010.6.29.3912 2010.07.05 -
VirusBuster 5.0.27.0 2010.07.05 -[/QUOTE]
Additional information
File size: 135680 bytes
MD5...: 3b0f9314eaead972d30f128b835bbdfe
SHA1..: 741f543698887d72099263221c958377434dd821
SHA256: 86297f92bbfc145907cb3c066e3b393fc5611334b1ebe478ddaa2804548f668c
ssdeep: 3072:j4IN6EcOcpivWVrrxrQj/+0Y+uqu58u971eirvvDx02UsNYFfP:j4IN1cL8
e5drk+BpN5Z7xrvLioE
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7e87
timedatestamp.....: 0x4688e2fa (Mon Jul 02 11:35:22 2007)
machinetype.......: 0x14c (I386)

... :) ...
06.07.2010, 21:13
San(hez

[URL="http://www.virustotal.com/ru/analisis/83caf2e5bf01cf71f502c692784e4becfee8a76c0813ad4a63f413e0256b14e1-1278434858"]Результаты =D[/URL]
Файл Deform__Torgestvo_gertvi___75.exe получен 2010.07.06 16:47:38 (UTC)
Текущий статус: закончено
Результат: 10/41 (24.4%)

[CODE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.31 2010.07.06 Hoax.Win32.ArchSMS!IK[/B]
AhnLab-V3 2010.07.06.00 2010.07.05 -
AntiVir 8.2.4.10 2010.07.06 -
[B]Antiy-AVL 2.0.3.7 2010.07.06 Hoax/Win32.ArchSMS.gen[/B]
Authentium 5.2.0.5 2010.07.06 -
[B]Avast 4.8.1351.0 2010.07.06 Win32:Malware-gen[/B]
[B]Avast5 5.0.332.0 2010.07.06 Win32:Malware-gen[/B]
AVG 9.0.0.836 2010.07.06 -
BitDefender 7.2 2010.07.06 -
CAT-QuickHeal 11.00 2010.06.30 -
ClamAV 0.96.0.3-git 2010.07.06 -
Comodo 5338 2010.07.06 -
[B]DrWeb 5.0.2.03300 2010.07.06 Tool.SMSSend.44[/B]
eSafe 7.0.17.0 2010.07.06 -
eTrust-Vet 36.1.7688 2010.07.06 -
F-Prot 4.6.1.107 2010.07.05 -
F-Secure 9.0.15370.0 2010.07.06 -
Fortinet 4.1.133.0 2010.07.04 -
[B]GData 21 2010.07.06 Win32:Malware-gen
Ikarus T3.1.1.84.0 2010.07.06 Hoax.Win32.ArchSMS
Jiangmin 13.0.900 2010.07.06 Hoax.ArchSMS.i[/B]
Kaspersky 7.0.0.125 2010.07.06 -
McAfee 5.400.0.1158 2010.07.06 -
McAfee-GW-Edition 2010.1 2010.07.05 -
Microsoft 1.5902 2010.07.06 -
NOD32 5256 2010.07.06 -
Norman 6.05.11 2010.07.06 -
[B]nProtect 2010-07-06.01 2010.07.06 Joke/W32.ArchSMS.6218752[/B]
[B]Panda 10.0.2.7 2010.07.06 Generic Malware[/B]
PCTools 7.0.3.5 2010.07.06 -
Prevx 3.0 2010.07.06 -
Rising 22.55.01.04 2010.07.06 -
Sophos 4.54.0 2010.07.06 -
Sunbelt 6550 2010.07.06 -
Symantec 20101.1.0.89 2010.07.06 -
TheHacker 6.5.2.1.308 2010.07.05 -
TrendMicro 9.120.0.1004 2010.07.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.06 -
VBA32 3.12.12.5 2010.07.05 -
ViRobot 2010.6.29.3912 2010.07.06 -
VirusBuster 5.0.27.0 2010.07.06 -[/CODE]

Дополнительная информация
File size: 6218752 bytes
MD5...: 6db7479e91a59f874c41403311febcc1
SHA1..: 0e500612f7947771065c843af35e08f72ec13d83
SHA256: 83caf2e5bf01cf71f502c692784e4becfee8a76c0813ad4a63f413e0256b14e1
ssdeep: 98304:DLDnoEjTlCZ0m8eLCz6vB1RvCF7nHVewr0NYq1QCC7oHOPNGbwQbSGEE/:
PzoAxCZ0Xzz6tKtQzNYlT2OPgqE
PEiD..: -

PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x7f908
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
06.07.2010, 22:28
olejah

Поймали сегодня - C:\WINDOWS\system32\lbfftlt.exe - Trojan-Dropper.Win32.Agent.cioj - [URL="http://virusinfo.info/showthread.php?t=82600"]http://virusinfo.info/showthread.php?t=82600[/URL]

[QUOTE]Антивирус Версия Обновление Результат
a-squared 5.0.0.31 2010.07.06 -
AhnLab-V3 2010.07.06.00 2010.07.05 -
[B]AntiVir 8.2.4.10 2010.07.06 TR/Spy.61952.94[/B]
Antiy-AVL 2.0.3.7 2010.07.06 -
Authentium 5.2.0.5 2010.07.06 -
Avast 4.8.1351.0 2010.07.06 -
Avast5 5.0.332.0 2010.07.06 -
AVG 9.0.0.836 2010.07.06 -
[B]BitDefender 7.2 2010.07.06 Gen:Backdoor.Heur.dmKfqSAJr8cc[/B]
CAT-QuickHeal 11.00 2010.06.30 -
ClamAV 0.96.0.3-git 2010.07.06 -
Comodo 5339 2010.07.06 -
DrWeb 5.0.2.03300 2010.07.06 -
[B]eSafe 7.0.17.0 2010.07.06 Win32.HEURCrypted[/B]
eTrust-Vet 36.1.7688 2010.07.06 -
F-Prot 4.6.1.107 2010.07.05 -
[B]F-Secure 9.0.15370.0 2010.07.06 Gen:Backdoor.Heur.dmKfqSAJr8cc[/B]
Fortinet 4.1.133.0 2010.07.04 -
[B]GData 21 2010.07.06 Gen:Backdoor.Heur.dmKfqSAJr8cc[/B]
Ikarus T3.1.1.84.0 2010.07.06 -
Jiangmin 13.0.900 2010.07.06 -
Kaspersky 7.0.0.125 2010.07.06 -
[B]McAfee 5.400.0.1158 2010.07.06 Suspect-02!4819946AA819[/B]
[B]McAfee-GW-Edition 2010.1 2010.07.05 Heuristic.BehavesLike.Win32.ModifiedUPX.C[/B]
[B]Microsoft 1.5902 2010.07.06 VirTool:Win32/DelfInject[/B]
[B]NOD32 5256 2010.07.06 Win32/Agent.OFR[/B]
Norman 6.05.11 2010.07.06 -
[B]nProtect 2010-07-06.01 2010.07.06 Gen:Backdoor.Heur.dmKfqSAJr8cc[/B]
[B]Panda 10.0.2.7 2010.07.06 Suspicious file[/B]
PCTools 7.0.3.5 2010.07.06 -
Rising 22.55.01.04 2010.07.06 -
[B]Sophos 4.54.0 2010.07.06 Sus/Behav-1021[/B]
Sunbelt 6550 2010.07.06 -
Symantec 20101.1.0.89 2010.07.06 -
TheHacker 6.5.2.1.309 2010.07.06 -
TrendMicro 9.120.0.1004 2010.07.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.06 -
VBA32 3.12.12.5 2010.07.05 -
ViRobot 2010.6.29.3912 2010.07.06 -
VirusBuster 5.0.27.0 2010.07.06 -[/QUOTE]

[URL="http://www.virustotal.com/ru/analisis/f013dd6d925f5d0acc2c31069ff66458db248fc76e4a2a5cd5a92a36e9c0df2e-1278437363"]http://virustotal.com/[/URL]
08.07.2010, 15:56
AlexGOMEL

Искал инструкцию, а наткнулся на...
[QUOTE]Файл teplovoypunkt-1278586887_611359.e получен 2010.07.08 11:27:15 (UTC)
Антивирус Версия Обновление Результат
a-squared 5.0.0.31 2010.07.08 -
AhnLab-V3 2010.07.08.04 2010.07.08 -
AntiVir 8.2.4.10 2010.07.08 -
Antiy-AVL 2.0.3.7 2010.07.08 -
Authentium 5.2.0.5 2010.07.08 -
Avast 4.8.1351.0 2010.07.08 -
Avast5 5.0.332.0 2010.07.08 -
AVG 9.0.0.836 2010.07.08 -
BitDefender 7.2 2010.07.08 -
CAT-QuickHeal 11.00 2010.07.08 -
ClamAV 0.96.0.3-git 2010.07.08 -
Comodo 5360 2010.07.08 -
[B]DrWeb 5.0.2.03300 2010.07.08 Tool.SMSSend.46[/B]
eSafe 7.0.17.0 2010.07.08 -
eTrust-Vet 36.1.7692 2010.07.08 -
F-Prot 4.6.1.107 2010.07.07 -
F-Secure 9.0.15370.0 2010.07.08 -
Fortinet 4.1.133.0 2010.07.08 -
GData 21 2010.07.08 -
Ikarus T3.1.1.84.0 2010.07.08 -
Jiangmin 13.0.900 2010.07.08 -
Kaspersky 7.0.0.125 2010.07.08 -
McAfee 5.400.0.1158 2010.07.08 -
McAfee-GW-Edition 2010.1 2010.07.05 -
Microsoft 1.5902 2010.07.08 -
NOD32 5261 2010.07.08 -
Norman 6.05.11 2010.07.08 -
nProtect 2010-07-08.01 2010.07.08 -
Panda 10.0.2.7 2010.07.07 -
PCTools 7.0.3.5 2010.07.08 -
Prevx 3.0 2010.07.08 -
Rising 22.55.03.04 2010.07.08 -
Sophos 4.54.0 2010.07.08 -
Sunbelt 6557 2010.07.07 -
Symantec 20101.1.0.89 2010.07.08 -
TheHacker 6.5.2.1.309 2010.07.07 -
TrendMicro 9.120.0.1004 2010.07.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.08 -
VBA32 3.12.12.6 2010.07.07 -
ViRobot 2010.6.29.3912 2010.07.08 -
VirusBuster 5.0.27.0 2010.07.07 -

Дополнительная информация
File size: 17457664 bytes
MD5...: 82813712837209fe9d057076f55a75f5 [/QUOTE]
09.07.2010, 12:41
olejah

Сегодня из помогите, файл - %system32%\3wO2bal.exe - детектируется KIS 2009=Зловред Backdoor.Win32.Shiz.gen, остальные реагируют так -

[QUOTE]Антивирус Версия Обновление Результат
a-squared 5.0.0.31 2010.07.09 -
AhnLab-V3 2010.07.09.00 2010.07.08 -
AntiVir 8.2.4.10 2010.07.08 -
Antiy-AVL 2.0.3.7 2010.07.08 -
Authentium 5.2.0.5 2010.07.09 -
Avast 4.8.1351.0 2010.07.08 -
Avast5 5.0.332.0 2010.07.08 -
AVG 9.0.0.836 2010.07.08 -
BitDefender 7.2 2010.07.09 -
[B]CAT-QuickHeal 11.00 2010.07.08 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.07.08 -
Comodo 5366 2010.07.09 -
DrWeb 5.0.2.03300 2010.07.09 -
eSafe 7.0.17.0 2010.07.08 -
eTrust-Vet 36.1.7693 2010.07.08 -
F-Prot 4.6.1.107 2010.07.08 -
F-Secure 9.0.15370.0 2010.07.09 -
Fortinet 4.1.133.0 2010.07.08 -
GData 21 2010.07.09 -
Ikarus T3.1.1.84.0 2010.07.09 -
Jiangmin 13.0.900 2010.07.08 -
Kaspersky 7.0.0.125 2010.07.08 -
McAfee 5.400.0.1158 2010.07.09 -
McAfee-GW-Edition 2010.1 2010.07.05 -
Microsoft 1.5902 2010.07.08 -
NOD32 5263 2010.07.08 -
Norman 6.05.11 2010.07.08 -
nProtect 2010-07-08.01 2010.07.08 -
[B]Panda 10.0.2.7 2010.07.08 Suspicious file[/B]
PCTools 7.0.3.5 2010.07.09 -
[B]Prevx 3.0 2010.07.09 High Risk Cloaked Malware[/B]
Rising 22.55.03.04 2010.07.08 -
Sophos 4.54.0 2010.07.09 -
Sunbelt 6562 2010.07.09 -
Symantec 20101.1.0.89 2010.07.08 -
TheHacker 6.5.2.1.311 2010.07.08 -
TrendMicro 9.120.0.1004 2010.07.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.09 -
VBA32 3.12.12.6 2010.07.08 -
ViRobot 2010.6.29.3912 2010.07.08 -
VirusBuster 5.0.27.0 2010.07.08 -[/QUOTE]

[URL="http://www.virustotal.com/ru/analisis/58eb46c235b9e2455f5602ebdfc6a37d222d063a39127902b2291d2327b25470-1278639670"]virustotal.com[/URL]

[size="1"][color="#666686"][B][I]Добавлено через 7 минут[/I][/B][/color][/size]

Из той же темы, файл C:\WINDOWS\system32\4aa6a58b.exe, по KIS 2009=Зловред Trojan.Win32.Scar.cmqi, по вирустотал -

[QUOTE]Антивирус Версия Обновление Результат
a-squared 5.0.0.31 2010.07.08 -
[B]AhnLab-V3 2010.07.08.04 2010.07.08 Trojan/Win32.Scar[/B]
[B]AntiVir 8.2.4.10 2010.07.08 TR/Scar.cmqi[/B]
Antiy-AVL 2.0.3.7 2010.07.08 -
Authentium 5.2.0.5 2010.07.08 -
Avast 4.8.1351.0 2010.07.08 -
Avast5 5.0.332.0 2010.07.08 -
[B]AVG 9.0.0.836 2010.07.08 SHeur3.AHJV[/B]
BitDefender 7.2 2010.07.08 -
CAT-QuickHeal 11.00 2010.07.08 -
ClamAV 0.96.0.3-git 2010.07.08 -
[B]Comodo 5365 2010.07.08 TrojWare.Win32.Trojan.Agent.Gen[/B]
[B]DrWeb 5.0.2.03300 2010.07.08 Trojan.MulDrop.64715[/B]
eSafe 7.0.17.0 2010.07.08 -
eTrust-Vet 36.1.7693 2010.07.08 -
F-Prot 4.6.1.107 2010.07.08 -
[B]F-Secure 9.0.15370.0 2010.07.08 Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.1.133.0 2010.07.08 -
GData 21 2010.07.08 -
Ikarus T3.1.1.84.0 2010.07.08 -
Jiangmin 13.0.900 2010.07.08 -
[B]Kaspersky 7.0.0.125 2010.07.08 Trojan.Win32.Scar.cmqi[/B]
McAfee 5.400.0.1158 2010.07.08 -
McAfee-GW-Edition 2010.1 2010.07.05 -
[B]Microsoft 1.5902 2010.07.08 Trojan:Win32/Meredrop[/B]
NOD32 5263 2010.07.08 -
Norman 6.05.11 2010.07.08 -
nProtect 2010-07-08.01 2010.07.08 -
Panda 10.0.2.7 2010.07.08 -
PCTools 7.0.3.5 2010.07.08 -
Prevx 3.0 2010.07.08 -
Rising 22.55.03.04 2010.07.08 -
Sophos 4.54.0 2010.07.08 -
Sunbelt 6561 2010.07.08 -
Symantec 20101.1.0.89 2010.07.08 -
TheHacker 6.5.2.1.311 2010.07.08 -
TrendMicro 9.120.0.1004 2010.07.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.08 -
VBA32 3.12.12.6 2010.07.08 -
ViRobot 2010.6.29.3912 2010.07.08 -
VirusBuster 5.0.27.0 2010.07.08 -[/QUOTE]

[URL="http://www.virustotal.com/ru/analisis/91d8d394b0eb9a30cc2085c81fe59af89787e9ee768a5f4e0315e4232c7ddadf-1278626224"]virustotal.com[/URL]

[size="1"][color="#666686"][B][I]Добавлено через 2 часа 19 минут[/I][/B][/color][/size]

Ещё из Помогите - C:\WINDOWS\system32\6983df75.exe - [B]HEUR:Backdoor.Win32.Generic[/B]

[QUOTE]Антивирус Версия Обновление Результат
a-squared 5.0.0.31 2010.07.09 -
AhnLab-V3 2010.07.09.00 2010.07.08 -
AntiVir 8.2.4.10 2010.07.08 -
Antiy-AVL 2.0.3.7 2010.07.08 -
Authentium 5.2.0.5 2010.07.09 -
Avast 4.8.1351.0 2010.07.08 -
Avast5 5.0.332.0 2010.07.08 -
AVG 9.0.0.836 2010.07.08 -
BitDefender 7.2 2010.07.09 -
CAT-QuickHeal 11.00 2010.07.09 -
ClamAV 0.96.0.3-git 2010.07.08 -
Comodo 5368 2010.07.09 -
DrWeb 5.0.2.03300 2010.07.09 -
eSafe 7.0.17.0 2010.07.08 -
eTrust-Vet 36.1.7693 2010.07.08 -
F-Prot 4.6.1.107 2010.07.08 -
[B]F-Secure 9.0.15370.0 2010.07.09 Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.1.133.0 2010.07.08 -
GData 21 2010.07.09 -
Ikarus T3.1.1.84.0 2010.07.09 -
Jiangmin 13.0.900 2010.07.08 -
Kaspersky 7.0.0.125 2010.07.09 -
McAfee 5.400.0.1158 2010.07.09 -
McAfee-GW-Edition 2010.1 2010.07.05 -
Microsoft 1.5902 2010.07.08 -
NOD32 5263 2010.07.08 -
Norman 6.05.11 2010.07.08 -
nProtect 2010-07-08.01 2010.07.08 -
[B]Panda 10.0.2.7 2010.07.08 Suspicious file[/B]
PCTools 7.0.3.5 2010.07.09 -
Prevx 3.0 2010.07.09 -
Rising 22.55.04.01 2010.07.09 -
Sophos 4.54.0 2010.07.09 -
Sunbelt 6562 2010.07.09 -
Symantec 20101.1.0.89 2010.07.09 -
TheHacker 6.5.2.1.311 2010.07.08 -
TrendMicro 9.120.0.1004 2010.07.09 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.09 -
VBA32 3.12.12.6 2010.07.08 -
ViRobot 2010.6.29.3912 2010.07.09 -
VirusBuster 5.0.27.0 2010.07.08 -[/QUOTE]

[URL="http://www.virustotal.com/ru/analisis/5863c92dd26a4a5fc1ff9823a484cb09825ad4688653783db244b35348a84478-1278649186"]virustotal.com[/URL]
10.07.2010, 09:21
olejah

Очередной экземпляр из Помогите, файл C:\WINDOWS\system32\sv[B]с[/B]h[B]о[/B]st.exe, где [B]с[/B] и [B]о[/B] русские, Доктор Вэб сказал, что это [B]Зловред Trojan.Click.33545[/B], вирустотал -

[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.41 2009.10.15 -
AhnLab-V3 5.0.0.2 2009.10.14 -
AntiVir 7.9.1.35 2009.10.15 -
Antiy-AVL 2.0.3.7 2009.10.15 -
Authentium 5.1.2.4 2009.10.15 -
Avast 4.8.1351.0 2009.10.14 -
AVG 8.5.0.420 2009.10.15 -
BitDefender 7.2 2009.10.15 -
CAT-QuickHeal 10.00 2009.10.15 -
ClamAV 0.94.1 2009.10.15 -
Comodo 2608 2009.10.15 -
DrWeb 5.0.0.12182 2009.10.15 -
[B]eSafe 7.0.17.0 2009.10.14 Suspicious File[/B]
eTrust-Vet 35.1.7069 2009.10.15 -
F-Prot 4.5.1.85 2009.10.14 -
F-Secure 8.0.14470.0 2009.10.15 -
Fortinet 3.120.0.0 2009.10.15 -
GData 19 2009.10.15 -
Ikarus T3.1.1.72.0 2009.10.15 -
Jiangmin 11.0.800 2009.10.15 -
K7AntiVirus 7.10.870 2009.10.14 -
Kaspersky 7.0.0.125 2009.10.15 -
McAfee 5771 2009.10.14 -
McAfee+Artemis 5771 2009.10.14 -
[B]McAfee-GW-Edition 6.8.5 2009.10.15 Heuristic.BehavesLike.Win32.Spyware.C[/B]
Microsoft 1.5101 2009.10.15 -
NOD32 4509 2009.10.15 -
Norman 6.01.09 2009.10.14 -
nProtect 2009.1.8.0 2009.10.15 -
Panda 10.0.2.2 2009.10.15 -
PCTools 4.4.2.0 2009.10.14 -
Prevx 3.0 2009.10.15 -
Rising 21.51.33.00 2009.10.15 -
Sophos 4.46.0 2009.10.15 -
Sunbelt 3.2.1858.2 2009.10.15 -
Symantec 1.4.4.12 2009.10.15 -
TheHacker 6.5.0.2.042 2009.10.14 -
TrendMicro 8.950.0.1094 2009.10.15 -
VBA32 3.12.10.11 2009.10.14 -
ViRobot 2009.10.15.1986 2009.10.15 -
VirusBuster 4.6.5.0 2009.10.14 -[/QUOTE]

[URL="http://www.virustotal.com/ru/analisis/08cfa4d0e20c3cbf9ad533b273d9298b1b19979afee6fa797aed279facb33d01-1255609612"]virustotal.com[/URL]
12.07.2010, 10:58
Юльча

Файл vip_porno_30373.avi.exe получен 2010.07.12 06:13:23 (UTC)
Результат: 15/41 (36.59%)

[QUOTE][B]a-squared 5.0.0.31 2010.07.12 Trojan-Ransom.Win32.PornoBlocker!IK[/B]
AhnLab-V3 2010.07.10.00 2010.07.09 -
AntiVir 8.2.4.10 2010.07.11 -
Antiy-AVL 2.0.3.7 2010.07.09 -
Authentium 5.2.0.5 2010.07.11 -
[B]Avast 4.8.1351.0 2010.07.11 Win32:Delf-NMT
Avast5 5.0.332.0 2010.07.11 Win32:Delf-NMT[/B]
AVG 9.0.0.836 2010.07.11 -
[B]BitDefender 7.2 2010.07.12 Backdoor.Generic.401776[/B]
CAT-QuickHeal 11.00 2010.07.12 -
ClamAV 0.96.0.3-git 2010.07.11 -
[B]Comodo 5398 2010.07.12 Heur.Suspicious[/B]
DrWeb 5.0.2.03300 2010.07.12 -
eSafe 7.0.17.0 2010.07.11 -
eTrust-Vet 36.1.7696 2010.07.10 -
F-Prot 4.6.1.107 2010.07.11 -
F-Secure 9.0.15370.0 2010.07.12 -
Fortinet 4.1.143.0 2010.07.11 -
[B]GData 21 2010.07.12 Backdoor.Generic.401776
Ikarus T3.1.1.84.0 2010.07.12 Trojan-Ransom.Win32.PornoBlocker[/B]
Jiangmin 13.0.900 2010.07.12 -
[B]Kaspersky 7.0.0.125 2010.07.12 Trojan-Ransom.Win32.PornoBlocker.abg
McAfee 5.400.0.1158 2010.07.12 Suspect-1B!7123D8ECCAAE
McAfee-GW-Edition 2010.1 2010.07.05 Artemis!7123D8ECCAAE[/B]
Microsoft 1.5902 2010.07.12 -
[B]NOD32 5270 2010.07.11 a variant of Win32/LockScreen.TZ[/B]
Norman 6.05.11 2010.07.11 -
nProtect 2010-07-11.01 2010.07.11 -
[B]Panda 10.0.2.7 2010.07.11 Trj/CI.A[/B]
PCTools 7.0.3.5 2010.07.12 -
[B]Prevx 3.0 2010.07.12 Medium Risk Malware[/B]
Rising 22.56.00.03 2010.07.12 -
[B]Sophos 4.55.0 2010.07.12 Mal/DownLdr-AJ
Sunbelt 6566 2010.07.10 Backdoor.Win32.Hupigon (v)[/B]
Symantec 20101.1.0.89 2010.07.12 -
TheHacker 6.5.2.1.312 2010.07.12 -
TrendMicro 9.120.0.1004 2010.07.12 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.12 -
VBA32 3.12.12.6 2010.07.09 -
ViRobot 2010.7.12.3932 2010.07.12 -
VirusBuster 5.0.27.0 2010.07.11 -[/QUOTE]

[url=http://www.virustotal.com/ru/analisis/447361649b57b954a40b953ff8b1269a211e27d6c3d4326c2c951e942a16b69d-1278915203]virustotal.com[/url]

Показывать 40 сообщений этой темы на одной странице