Исследование антивирусов 7

Printable View

Показывать 40 сообщений этой темы на одной странице

14.07.2010, 08:56
olejah

Очередная порция раздела Помогите -

Файл c:\windows\system32\nssm.exe -

[QUOTE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.31 2010.07.13 Trojan-Dropper.Small!IK[/B]
AhnLab-V3 2010.07.13.01 2010.07.13 -
AntiVir 8.2.4.10 2010.07.13 -
Antiy-AVL 2.0.3.7 2010.07.12 -
Authentium 5.2.0.5 2010.07.13 -
Avast 4.8.1351.0 2010.07.13 -
Avast5 5.0.332.0 2010.07.13 -
AVG 9.0.0.836 2010.07.13 -
BitDefender 7.2 2010.07.13 -
CAT-QuickHeal 11.00 2010.07.13 -
ClamAV 0.96.0.3-git 2010.07.13 -
Comodo 5417 2010.07.13 -
DrWeb 5.0.2.03300 2010.07.13 -
eSafe 7.0.17.0 2010.07.11 -
eTrust-Vet 36.1.7703 2010.07.13 -
F-Prot 4.6.1.107 2010.07.13 -
F-Secure 9.0.15370.0 2010.07.13 -
Fortinet 4.1.143.0 2010.07.13 -
GData 21 2010.07.13 -
[B]Ikarus T3.1.1.84.0 2010.07.13 Trojan-Dropper.Small[/B]
Jiangmin 13.0.900 2010.07.13 -
Kaspersky 7.0.0.125 2010.07.13 -
[B]McAfee 5.400.0.1158 2010.07.13 Artemis!1416B62E8A99[/B]
[B]McAfee-GW-Edition 2010.1 2010.07.13 Artemis!1416B62E8A99[/B]
Microsoft 1.5902 2010.07.13 -
[B]NOD32 5276 2010.07.13 probably a variant of Win32/Injector.CHG[/B]
Norman 6.05.11 2010.07.13 -
nProtect 2010-07-13.01 2010.07.13 -
Panda 10.0.2.7 2010.07.13 -
PCTools 7.0.3.5 2010.07.13 -
[B]Prevx 3.0 2010.07.13 High Risk Cloaked Malware[/B]
Rising 22.56.01.04 2010.07.13 -
[B]Sophos 4.55.0 2010.07.13 Mal/VBInject-T[/B]
Sunbelt 6575 2010.07.13 -
SUPERAntiSpyware 4.40.0.1006 2010.07.13 -
Symantec 20101.1.0.89 2010.07.13 -
TheHacker 6.5.2.1.313 2010.07.13 -
TrendMicro 9.120.0.1004 2010.07.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.13 -
VBA32 3.12.12.6 2010.07.13 -
ViRobot 2010.7.12.3932 2010.07.13 -
VirusBuster 5.0.27.0 2010.07.13 -[/QUOTE]

[URL="http://www.virustotal.com/ru/analisis/b7809bfc327d88bdd1c3141f9a4990e1dd85f48a06c996de2268c01cd8b306e5-1279046698"]virustotal.com[/URL]

Файл - c:\documents and settings\Администратор.e09f1fec3b0f47d\application data\netprotocol.exe -

[QUOTE]Антивирус Версия Обновление Результат
a-squared 5.0.0.31 2010.07.14 -
AhnLab-V3 2010.07.14.00 2010.07.13 -
AntiVir 8.2.4.10 2010.07.13 -
Antiy-AVL 2.0.3.7 2010.07.12 -
Authentium 5.2.0.5 2010.07.14 -
Avast 4.8.1351.0 2010.07.13 -
Avast5 5.0.332.0 2010.07.13 -
AVG 9.0.0.836 2010.07.13 -
BitDefender 7.2 2010.07.14 -
CAT-QuickHeal 11.00 2010.07.14 -
ClamAV 0.96.0.3-git 2010.07.14 -
[B]Comodo 5419 2010.07.14 Heur.Suspicious[/B]
DrWeb 5.0.2.03300 2010.07.14 -
eSafe 7.0.17.0 2010.07.11 -
eTrust-Vet 36.1.7704 2010.07.13 -
F-Prot 4.6.1.107 2010.07.14 -
F-Secure 9.0.15370.0 2010.07.14 -
Fortinet 4.1.143.0 2010.07.13 -
GData 21 2010.07.14 -
Ikarus T3.1.1.84.0 2010.07.14 -
Jiangmin 13.0.900 2010.07.13 -
Kaspersky 7.0.0.125 2010.07.14 -
McAfee 5.400.0.1158 2010.07.14 -
McAfee-GW-Edition 2010.1 2010.07.13 -
Microsoft 1.5902 2010.07.13 -
[B]NOD32 5276 2010.07.13 a variant of Win32/Kryptik.FJT[/B]
Norman 6.05.11 2010.07.13 -
nProtect 2010-07-13.01 2010.07.13 -
Panda 10.0.2.7 2010.07.13 -
PCTools 7.0.3.5 2010.07.14 -
Prevx 3.0 2010.07.14 -
Rising 22.56.02.01 2010.07.14 -
Sophos 4.55.0 2010.07.14 -
Sunbelt 6578 2010.07.14 -
SUPERAntiSpyware 4.40.0.1006 2010.07.14 -
Symantec 20101.1.1.7 2010.07.14 -
TheHacker 6.5.2.1.313 2010.07.13 -
TrendMicro 9.120.0.1004 2010.07.14 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.14 -
VBA32 3.12.12.6 2010.07.13 -
ViRobot 2010.7.12.3932 2010.07.14 -
VirusBuster 5.0.27.0 2010.07.13 -[/QUOTE]

[URL="http://www.virustotal.com/ru/analisis/2c335fcf55146e6b02c164ddc515cddecc19a5e01f3442e160c54f7b245d4717-1279082909"]virustotal.com/[/URL]

Файл - c:\documents and settings\all users.windows\media\kasper_zaebal.exe -

[QUOTE]Антивирус Версия Обновление Результат
a-squared 5.0.0.31 2010.07.12 -
AhnLab-V3 2010.07.10.00 2010.07.09 -
AntiVir 8.2.4.10 2010.07.12 -
Antiy-AVL 2.0.3.7 2010.07.12 -
Authentium 5.2.0.5 2010.07.11 -
Avast 4.8.1351.0 2010.07.12 -
[B]Avast5 5.0.332.0 2010.07.12 Win32:SuspBehav-D[/B]
AVG 9.0.0.836 2010.07.12 -
[B]BitDefender 7.2 2010.07.12 Gen:Variant.Renos.31[/B]
CAT-QuickHeal 11.00 2010.07.12 -
ClamAV 0.96.0.3-git 2010.07.12 -
Comodo 5403 2010.07.12 -
[B]DrWeb 5.0.2.03300 2010.07.12 Trojan.Packed.1158[/B]
eSafe 7.0.17.0 2010.07.11 -
eTrust-Vet 36.1.7700 2010.07.12 -
F-Prot 4.6.1.107 2010.07.11 -
[B]F-Secure 9.0.15370.0 2010.07.12 Gen:Variant.Renos.31[/B]
Fortinet 4.1.143.0 2010.07.11 -
[B]GData 21 2010.07.12 Gen:Variant.Renos.31[/B]
Ikarus T3.1.1.84.0 2010.07.12 -
Jiangmin 13.0.900 2010.07.12 -
Kaspersky 7.0.0.125 2010.07.12 -
[B]McAfee 5.400.0.1158 2010.07.12 Artemis!397CC549E3F5
McAfee-GW-Edition 2010.1 2010.07.12 Artemis!397CC549E3F5[/B]
Microsoft 1.5902 2010.07.12 -
[B]NOD32 5272 2010.07.12 a variant of Win32/LockScreen.UZ[/B]
Norman 6.05.11 2010.07.12 -
[B]nProtect 2010-07-12.01 2010.07.12 Gen:Variant.Renos.31[/B]
[B]Panda 10.0.2.7 2010.07.11 Suspicious file[/B]
PCTools 7.0.3.5 2010.07.12 -
Prevx 3.0 2010.07.12 -
Rising 22.56.00.04 2010.07.12 -
Sophos 4.55.0 2010.07.12 -
[B]Sunbelt 6566 2010.07.10 VirTool.Win32.Obfuscator.ah!a (v)[/B]
SUPERAntiSpyware 4.40.0.1006 2010.07.12 -
Symantec 20101.1.0.89 2010.07.12 -
TheHacker 6.5.2.1.312 2010.07.12 -
TrendMicro 9.120.0.1004 2010.07.12 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.12 -
[B]VBA32 3.12.12.6 2010.07.12 BScope.Malware.FraudTool.xc[/B]
ViRobot 2010.7.12.3932 2010.07.12 -
VirusBuster 5.0.27.0 2010.07.12 -[/QUOTE]

[URL="http://www.virustotal.com/ru/analisis/5b7394db79053f72119aada91c5c3e969c76d5f663e5505450dfd44e106bf241-1278946740"]virustotal.com/[/URL]
20.07.2010, 09:36
ISO

File ali.exe received on 2010.07.20 05:24:22 (UTC)

[QUOTE]Antivirus Version Last Update Result
[B]a-squared 5.0.0.34 2010.07.20 Trojan-Downloader.Small!IK
AhnLab-V3 2010.07.20.00 2010.07.19 Backdoor/Win32.Trup
AntiVir 8.2.4.12 2010.07.19 TR/Dldr.Small.ardp
Antiy-AVL 2.0.3.7 2010.07.15 Trojan/Win32.Small.gen[/B]
Authentium 5.2.0.5 2010.07.20 -
[B]Avast 4.8.1351.0 2010.07.19 Win32:Trojan-gen
Avast5 5.0.332.0 2010.07.19 Win32:Trojan-gen
AVG 9.0.0.836 2010.07.19 Clicker.AIZI
BitDefender 7.2 2010.07.20 Trojan.Generic.4052955[/B]
CAT-QuickHeal 11.00 2010.07.20 -
ClamAV 0.96.0.3-git 2010.07.20 -
[B]Comodo 5482 2010.07.19 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.07.20 Trojan.Siggen1.30703[/B]
eSafe 7.0.17.0 2010.07.19 -
eTrust-Vet 36.1.7722 2010.07.20 -
F-Prot 4.6.1.107 2010.07.19 -
[B]F-Secure 9.0.15370.0 2010.07.20 Trojan.Generic.4052955[/B]
Fortinet 4.1.143.0 2010.07.19 -
[B]GData 21 2010.07.20 Trojan.Generic.4052955
Ikarus T3.1.1.84.0 2010.07.20 Trojan-Downloader.Small
Jiangmin 13.0.900 2010.07.19 TrojanDownloader.Small.artz
Kaspersky 7.0.0.125 2010.07.20 Backdoor.Win32.Trup.am[/B]
McAfee 5.400.0.1158 2010.07.20 -
McAfee-GW-Edition 2010.1 2010.07.19 -
Microsoft 1.6004 2010.07.19 -
[B]NOD32 5293 2010.07.19 a variant of Win32/TrojanClicker.Agent.NKS[/B]
Norman 6.05.11 2010.07.19 -
[B]nProtect 2010-07-20.01 2010.07.20 Trojan/W32.Small.17920.BH
Panda 10.0.2.7 2010.07.19 Generic Trojan
PCTools 7.0.3.5 2010.07.20 Trojan.Gen
Prevx 3.0 2010.07.20 Medium Risk Malware
Rising 22.57.01.02 2010.07.20 Trojan.Win32.Generic.52052F0B[/B]
Sophos 4.55.0 2010.07.20 -
[B]Sunbelt 6605 2010.07.20 Trojan.Win32.Generic!BT
Symantec 20101.1.1.7 2010.07.20 Trojan.Gen[/B]
TheHacker 6.5.2.1.320 2010.07.19 -
TrendMicro 9.120.0.1004 2010.07.19 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.20 -
VBA32 3.12.12.6 2010.07.19 -
ViRobot 2010.6.21.3896 2010.07.20 -
VirusBuster 5.0.27.0 2010.07.19 -[/QUOTE]
Additional information
File size: 17920 bytes
MD5...: f2782d280ff4765299eb5aec472acfdb
SHA1..: d8a0e1d9cfe4897e9eab31adb19ad1d6324de002
SHA256: 35668de01833bc1099834772d4f1e4b729ffe633699b92783dba455c57af5a48
ssdeep: 384:UmP1u69a1AM4C0r1c7+RxBOsFt7QQ2xx1AIL3znvW/nlu4FtG:zArAM4Vr1c
7+zBOsFZQQ2xx3znvW/nlk
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3544
timedatestamp.....: 0x4bf10121 (Mon May 17 08:41:05 2010)
machinetype.......: 0x14c (I386)
20.07.2010, 12:13
jerkol

File _WTR4132.tmp.rar received on 2010.07.20 08:07:56 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 24/42 (57.15%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 81 and 116 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2010.07.20.00 2010.07.19 -
AntiVir 8.2.4.12 2010.07.20 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.20 -
Avast 4.8.1351.0 2010.07.19 Win32:Malware-gen
Avast5 5.0.332.0 2010.07.19 Win32:Malware-gen
AVG 9.0.0.836 2010.07.19 Dropper.Generic2.YQQ
BitDefender 7.2 2010.07.20 Win32.Worm.Stuxnet.A
CAT-QuickHeal 11.00 2010.07.20 -
ClamAV 0.96.0.3-git 2010.07.20 Trojan.Stuxnet
Comodo 5483 2010.07.20 -
DrWeb 5.0.2.03300 2010.07.20 Trojan.Stuxnet.1
Emsisoft 5.0.0.34 2010.07.20 Trojan-Dropper.Win32.Stuxnet!IK
eSafe 7.0.17.0 2010.07.19 Win32.TRDrop.Stuxnet
eTrust-Vet 36.1.7723 2010.07.20 -
F-Prot 4.6.1.107 2010.07.19 -
F-Secure 9.0.15370.0 2010.07.20 Trojan-Dropper:W32/Stuxnet.A
Fortinet 4.1.143.0 2010.07.19 -
GData 21 2010.07.20 Win32.Worm.Stuxnet.A
Ikarus T3.1.1.84.0 2010.07.20 Trojan-Dropper.Win32.Stuxnet
Jiangmin 13.0.900 2010.07.20 TrojanDropper.Stuxnet.a
Kaspersky 7.0.0.125 2010.07.20 Trojan-Dropper.Win32.Stuxnet.a
McAfee 5.400.0.1158 2010.07.20 Stuxnet
McAfee-GW-Edition 2010.1 2010.07.20 Artemis!D7BC75397629
Microsoft 1.6004 2010.07.20 TrojanDropper:Win32/Stuxnet.A
NOD32 5293 2010.07.19 a variant of Win32/Stuxnet.A
Norman 6.05.11 2010.07.19 W32/Suspicious_Gen2.BOYEK
nProtect 2010-07-20.01 2010.07.20 -
Panda 10.0.2.7 2010.07.19 Rootkit/TmpHider
PCTools 7.0.3.5 2010.07.20 Malware.Stuxnet
Prevx 3.0 2010.07.20 -
Rising 22.57.01.04 2010.07.20 -
Sophos 4.55.0 2010.07.20 -
Sunbelt 6605 2010.07.20 Trojan.Win32.Generic!BT
SUPERAntiSpyware 4.40.0.1006 2010.07.20 -
Symantec 20101.1.1.7 2010.07.20 -
TheHacker 6.5.2.1.320 2010.07.19 -
TrendMicro 9.120.0.1004 2010.07.20 WORM_STUXNET.SM
TrendMicro-HouseCall 9.120.0.1004 2010.07.20 WORM_STUXNET.SM
VBA32 3.12.12.6 2010.07.19 Trojan-Spy.0485
ViRobot 2010.6.21.3896 2010.07.20 -
VirusBuster 5.0.27.0 2010.07.19 -
Additional information
File size: 1018519 bytes
MD5...: 32d3e83f195e687c552f0ba9262d5f77
SHA1..: ad7840007d32370aa25198ced30ff6dd70320945
SHA256: 64ef4ef3413e593c8fe2ecc852a75f951c4f91c2d9a0bfd17a68efc2b6ec8dae
ssdeep: 24576:+4v853A7ekORdOvVeHNqogJXbaoumuTw4Nh:+4v856xOuvgNqZb1umuTw4
z
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: RAR Archive (83.3%)
REALbasic Project (16.6%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
21.07.2010, 18:14
olejah

Файл - C:\WINDOWS\system32\driqst.exe - новый зловред, [B]Backdoor.Win32.Shiz.ms[/B]

[QUOTE]Антивирус Версия Обновление Результат
a-squared 5.0.0.34 2010.07.20 -
AhnLab-V3 2010.07.20.00 2010.07.19 -
AntiVir 8.2.4.12 2010.07.19 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.20 -
Avast 4.8.1351.0 2010.07.19 -
Avast5 5.0.332.0 2010.07.19 -
AVG 9.0.0.836 2010.07.19 -
BitDefender 7.2 2010.07.20 -
[B]CAT-QuickHeal 11.00 2010.07.19 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.07.19 -
[B]Comodo 5482 2010.07.19 TrojWare.Win32.Trojan.Agent.Gen[/B]
[B]DrWeb 5.0.2.03300 2010.07.20 Trojan.PWS.Ibank.53[/B]
eSafe 7.0.17.0 2010.07.19 -
eTrust-Vet 36.1.7722 2010.07.20 -
F-Prot 4.6.1.107 2010.07.19 -
F-Secure 9.0.15370.0 2010.07.20 -
Fortinet 4.1.143.0 2010.07.19 -
GData 21 2010.07.20 -
Ikarus T3.1.1.84.0 2010.07.20 -
Jiangmin 13.0.900 2010.07.19 -
[B]Kaspersky 7.0.0.125 2010.07.20 Backdoor.Win32.Shiz.ms[/B]
McAfee 5.400.0.1158 2010.07.20 -
McAfee-GW-Edition 2010.1 2010.07.19 -
Microsoft 1.6004 2010.07.19 -
[B]NOD32 5293 2010.07.19 Win32/Spy.Shiz.NAL[/B]
Norman 6.05.11 2010.07.19 -
nProtect 2010-07-19.01 2010.07.19 -
[B]Panda 10.0.2.7 2010.07.19 Suspicious file[/B]
PCTools 7.0.3.5 2010.07.20 -
[B]Prevx 3.0 2010.07.20 High Risk Cloaked Malware[/B]
Rising 22.57.00.04 2010.07.20 -
Sophos 4.55.0 2010.07.20 -
Sunbelt 6605 2010.07.20 -
SUPERAntiSpyware 4.40.0.1006 2010.07.20 -
Symantec 20101.1.1.7 2010.07.20 -
TheHacker 6.5.2.1.320 2010.07.19 -
TrendMicro 9.120.0.1004 2010.07.19 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.20 -
VBA32 3.12.12.6 2010.07.19 -
ViRobot 2010.6.21.3896 2010.07.19 -
VirusBuster 5.0.27.0 2010.07.19 -[/QUOTE]

[URL="http://www.virustotal.com/ru/analisis/39ddc119c4b631e043664607366d505a316bf29357950b238492aa8e942934fc-1279596194"]virustotal.com[/URL]
25.07.2010, 10:01
olejah

Популярный в последнее время - \Documents and Settings\Username\Главное меню\Программы\Автозагрузка\wwwznv32.exe -

[QUOTE]Антивирус Версия Обновление Результат
AhnLab-V3 2010.07.24.01 2010.07.23 -
AntiVir 8.2.4.26 2010.07.23 -
Antiy-AVL 2.0.3.7 2010.07.23 -
Authentium 5.2.0.5 2010.07.24 -
[B]Avast 4.8.1351.0 2010.07.24 Win32:Crypt-GYS[/B]
[B]Avast5 5.0.332.0 2010.07.24 Win32:Crypt-GYS[/B]
AVG 9.0.0.851 2010.07.24 -
[B]BitDefender 7.2 2010.07.24 Gen:Variant.Ursnif.19[/B]
CAT-QuickHeal 11.00 2010.07.24 -
ClamAV 0.96.0.3-git 2010.07.24 -
Comodo 5522 2010.07.23 -
DrWeb 5.0.2.03300 2010.07.24 -
Emsisoft 5.0.0.34 2010.07.24 -
eSafe 7.0.17.0 2010.07.22 -
eTrust-Vet 36.1.7734 2010.07.24 -
F-Prot 4.6.1.107 2010.07.24 -
[B]F-Secure 9.0.15370.0 2010.07.24 Gen:Variant.Ursnif.19[/B]
Fortinet 4.1.143.0 2010.07.24 -
[B]GData 21 2010.07.24 Gen:Variant.Ursnif.19[/B]
Ikarus T3.1.1.84.0 2010.07.24 -
Jiangmin 13.0.900 2010.07.24 -
Kaspersky 7.0.0.125 2010.07.24 -
McAfee 5.400.0.1158 2010.07.24 -
McAfee-GW-Edition 2010.1 2010.07.23 -
Microsoft 1.6004 2010.07.24 TrojanDownloader:Win32/Bredolab.AA
NOD32 5308 2010.07.24 -
Norman 6.05.11 2010.07.24 -
[B]nProtect 2010-07-24.02 2010.07.24 Gen:Variant.Ursnif.19[/B]
[B]Panda 10.0.2.7 2010.07.24 Suspicious file[/B]
PCTools 7.0.3.5 2010.07.24 -
[B]Prevx 3.0 2010.07.24 Medium Risk Malware[/B]
Rising 22.57.03.08 2010.07.23 -
Sophos 4.55.0 2010.07.24 -
[B]Sunbelt 6631 2010.07.24 Trojan.Win32.Generic.pak!cobra[/B]
[B]SUPERAntiSpyware 4.40.0.1006 2010.07.24 Trojan.Agent/Gen-Faldesc[/B]
Symantec 20101.1.1.7 2010.07.24 -
TheHacker 6.5.2.1.324 2010.07.23 -
TrendMicro 9.120.0.1004 2010.07.23 -
[B]TrendMicro-HouseCall 9.120.0.1004 2010.07.24 TROJ_BURNIX.SMEP[/B]
VBA32 3.12.12.6 2010.07.23 -
ViRobot 2010.7.23.3956 2010.07.24 -
VirusBuster 5.0.27.0 2010.07.23 -[/QUOTE]

[URL="http://www.virustotal.com/ru/analisis/86d5b27256ac348d82a5146a75a53e8e16f76583fdf732bd1defe83db943b547-1279979708"]virustotal.com[/URL]
27.07.2010, 15:12
valho

В одной школе нашёл, на стареньком компике, есть цифровая подпись, может из за того что упаковано molebox так выдаёт :unknw:
File GCLEAN.EXE received on 2010.07.27 10:24:42 (UTC)
Current status: finished
Result: 20/42 (47.62%)
[QUOTE][B]AhnLab-V3 2010.07.27.00 2010.07.26 Backdoor/Win32.Trojan[/B]
[B]AntiVir 8.2.4.26 2010.07.27 BDS/Bot.95399[/B]
Antiy-AVL 2.0.3.7 2010.07.26 -
Authentium 5.2.0.5 2010.07.27 -
Avast 4.8.1351.0 2010.07.26 -
Avast5 5.0.332.0 2010.07.26 -
AVG 9.0.0.851 2010.07.27 -
[B]BitDefender 7.2 2010.07.27 Backdoor.Bot.95399[/B]
[B]CAT-QuickHeal 11.00 2010.07.27 Trojan.Agent.ATV[/B]
[B]ClamAV 0.96.0.3-git 2010.07.27 PUA.Packed.MoleBox.2X[/B]
[B]Comodo 5554 2010.07.27 Heur.Suspicious[/B]
DrWeb 5.0.2.03300 2010.07.27 -
Emsisoft 5.0.0.34 2010.07.27 -
[B]eSafe 7.0.17.0 2010.07.26 SuspiciousR-Mytob3[/B]
eTrust-Vet 36.1.7738 2010.07.26 -
F-Prot 4.6.1.107 2010.07.27 -
[B]F-Secure 9.0.15370.0 2010.07.27 Backdoor.Bot.95399[/B]
Fortinet 4.1.143.0 2010.07.24 -
[B]GData 21 2010.07.27 Backdoor.Bot.95399[/B]
Ikarus T3.1.1.84.0 2010.07.27 -
Jiangmin 13.0.900 2010.07.26 -
Kaspersky 7.0.0.125 2010.07.27 -
[B]McAfee 5.400.0.1158 2010.07.27 Artemis!40D6BE49F665[/B]
[B]McAfee-GW-Edition 2010.1 2010.07.27 Artemis!40D6BE49F665[/B]
Microsoft 1.6004 2010.07.27 -
NOD32 5316 2010.07.27 -
[B]Norman 6.05.11 2010.07.27 W32/Bot.JO[/B]
[B]nProtect 2010-07-27.01 2010.07.27 Backdoor.Bot.95399[/B]
[B]Panda 10.0.2.7 2010.07.26 Trj/CI.A[/B]
[B]PCTools 7.0.3.5 2010.07.27 Backdoor.Trojan[/B]
[B]Prevx 3.0 2010.07.27 Medium Risk Malware[/B]
Rising 22.58.01.04 2010.07.27 -
Sophos 4.55.0 2010.07.27 -
[B]Sunbelt 6647 2010.07.27 Trojan.Win32.Generic!BT[/B]
SUPERAntiSpyware 4.40.0.1006 2010.07.27 -
[B]Symantec 20101.1.1.7 2010.07.27 Backdoor.Trojan[/B]
[B]TheHacker 6.5.2.1.326 2010.07.27 W32/Behav-Heuristic-065[/B]
TrendMicro 9.120.0.1004 2010.07.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.27 -
VBA32 3.12.12.6 2010.07.27 -
ViRobot 2010.7.28.3961 2010.07.27 -
[B]VirusBuster 5.0.27.0 2010.07.27 Packed/MoleBox[/B][/QUOTE]
Additional information
File size: 350784 bytes
MD5 : 40d6be49f665e7a00686f69f24602a2e
SHA1 : a6ff7b33b1c7122f748bdd56a0b3ab923baaad26
SHA256: 622ca0f8943800438b3a97efad9d72e784f4ee0b6a4c85e49d31643e64e759c7
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x85B63
timedatestamp.....: 0x2A425E19 (Sat Jun 20 00:22:17 1992)
machinetype.......: 0x14C (Intel I386)
sigcheck: publisher....: ___ ___ _______-_______
copyright....: (C) 2006 ___ ___ _______-_______
product......: ______. _________ F1
description..: _______ ______ - _______ _______
original name: gclean.exe
internal name: ______-_______
file version.: 6.3.0.19
comments.....: n/a
signers......: NPP Garant-Service
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 2:27 AM 1/27/2006
verified.....: -
Prevx Info: [url]http://info.prevx.com/aboutprogramtext.asp?PX5=C6359DAD404146E85AE805C0BC6AF80076EAAC1B[/url]
30.07.2010, 04:19
grobik

C:\Documents and Settings\Username\Аpplication data\fuki.exe

Файл [B]fuki.exe[/B] получен 2010.07.29 21:32:38 (UTC)

Результат: 8/42 (19.05%)
[QUOTE]
Антивирус Версия Обновление Результат
AhnLab-V3 2010.07.29.00 2010.07.28 -
[B]AntiVir 8.2.4.32 2010.07.29 TR/Dropper.Gen[/B]
Antiy-AVL 2.0.3.7 2010.07.29 -
[B]Authentium 5.2.0.5 2010.07.29 W32/Trojan2.NABV[/B]
Avast 4.8.1351.0 2010.07.29 -
Avast5 5.0.332.0 2010.07.29 -
AVG 9.0.0.851 2010.07.29 -
[B]BitDefender 7.2 2010.07.29 Gen:Variant.Koobface.1[/B]
CAT-QuickHeal 11.00 2010.07.29 -
ClamAV 0.96.0.3-git 2010.07.29 -
Comodo 5584 2010.07.29 -
[B]DrWeb 5.0.2.03300 2010.07.29 BackDoor.Qbot.20[/B]
Emsisoft 5.0.0.34 2010.07.29 -
eSafe 7.0.17.0 2010.07.29 -
eTrust-Vet 36.1.7748 2010.07.29 -
[B]F-Prot 4.6.1.107 2010.07.29 W32/Trojan2.NABV
F-Secure 9.0.15370.0 2010.07.29 Gen:Variant.Koobface.1[/B]
Fortinet 4.1.143.0 2010.07.29 -
[B]GData 21 2010.07.29 Gen:Variant.Koobface.1[/B]
Ikarus T3.1.1.84.0 2010.07.29 -
Jiangmin 13.0.900 2010.07.29 -
Kaspersky 7.0.0.125 2010.07.29 -
McAfee 5.400.0.1158 2010.07.29 -
McAfee-GW-Edition 2010.1 2010.07.29 -
Microsoft 1.6004 2010.07.29 -
NOD32 5324 2010.07.29 -
Norman 6.05.11 2010.07.29 -
nProtect 2010-07-29.01 2010.07.29 -
Panda 10.0.2.7 2010.07.29 -
PCTools 7.0.3.5 2010.07.29 -
Prevx 3.0 2010.07.29 -
Rising 22.58.03.04 2010.07.29 -
[B]Sophos 4.56.0 2010.07.29 Mal/EncPk-LW[/B]
Sunbelt 6660 2010.07.29 -
SUPERAntiSpyware 4.40.0.1006 2010.07.29 -
Symantec 20101.1.1.7 2010.07.29 -
TheHacker 6.5.2.1.328 2010.07.29 -
TrendMicro 9.120.0.1004 2010.07.29 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.29 -
VBA32 3.12.12.6 2010.07.28 -
ViRobot 2010.7.29.3963 2010.07.29 -
VirusBuster 5.0.27.0 2010.07.29 -[/QUOTE]
Дополнительная информация
File size: 166400 bytes
MD5...: e573040b8257f7d6b98adf47dddd6b02
SHA1..: 93f0d889b217625d67d3563541a92aaec633146b
SHA256: 0decedcda7378dca793c1d7e167df03e5d3051f2d2c071c4bc9b84a088181d07

( base data )
entrypointaddress.: 0x11b0
timedatestamp.....: 0x3eabdc15 (Sun Apr 27 13:33:09 2003)
machinetype.......: 0x14c (I386)

sigcheck:
publisher....: VMware, Inc.
copyright....: Copyright (c) 1998-2008 VMware, Inc.
product......: VMware Workstation
description..: VMware Virtual Disk Manager
original name: vmware-vdiskmanager.exe
internal name: diskUtil
file version.: 6.5.1 build-126130
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
[url]http://www.virustotal.com/ru/analisis/0decedcda7378dca793c1d7e167df03e5d3051f2d2c071c4bc9b84a088181d07-1280439158[/url]
30.07.2010, 23:33
olejah

Совсем-совсем свежачок - [B]C:\WINDOWS\system32\sidebar32.exe[/B], Касперский добавил вчера - новый зловред, [B]Trojan-Spy.Win32.BZub.iad[/B]. Последние два дня очень часто встречается в Помогите -

[QUOTE]Антивирус Версия Обновление Результат
[B]AhnLab-V3 2010.07.30.00 2010.07.29 Spyware/Win32.BZub[/B]
[B]AntiVir 8.2.4.32 2010.07.30 TR/Spy.BZub.iad[/B]
Antiy-AVL 2.0.3.7 2010.07.30 -
Authentium 5.2.0.5 2010.07.30 -
Avast 4.8.1351.0 2010.07.30 -
Avast5 5.0.332.0 2010.07.30 -
AVG 9.0.0.851 2010.07.30 -
BitDefender 7.2 2010.07.30 -
CAT-QuickHeal 11.00 2010.07.30 -
ClamAV 0.96.0.3-git 2010.07.30 -
Comodo 5590 2010.07.30 -
DrWeb 5.0.2.03300 2010.07.30 -
Emsisoft 5.0.0.34 2010.07.30 -
eSafe 7.0.17.0 2010.07.29 -
eTrust-Vet 36.1.7751 2010.07.30 -
F-Prot 4.6.1.107 2010.07.30 -
F-Secure 9.0.15370.0 2010.07.30 -
Fortinet 4.1.143.0 2010.07.30 -
GData 21 2010.07.30 -
Ikarus T3.1.1.84.0 2010.07.30 -
Jiangmin 13.0.900 2010.07.29 -
[B]Kaspersky 7.0.0.125 2010.07.30 Trojan-Spy.Win32.BZub.iad[/B]
McAfee 5.400.0.1158 2010.07.30 -
McAfee-GW-Edition 2010.1 2010.07.30 -
Microsoft 1.6004 2010.07.30 -
[B]NOD32 5327 2010.07.30 Win32/AutoRun.Agent.WA[/B]
Norman 6.05.11 2010.07.30 -
nProtect 2010-07-30.02 2010.07.30 -
Panda 10.0.2.7 2010.07.30 -
PCTools 7.0.3.5 2010.07.30 -
Prevx 3.0 2010.07.30 -
Rising 22.58.04.05 2010.07.30 -
[B]Sophos 4.56.0 2010.07.30 Mal/Generic-L[/B]
Sunbelt 6664 2010.07.30 -
Symantec 20101.1.1.7 2010.07.30 -
TheHacker 6.5.2.1.328 2010.07.30 -
TrendMicro 9.120.0.1004 2010.07.30 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.30 -
VBA32 3.12.12.7 2010.07.30 -
ViRobot 2010.7.30.3963 2010.07.30 -
VirusBuster 5.0.27.0 2010.07.30 -[/QUOTE]

[URL="http://www.virustotal.com/ru/analisis/43eaec8ea0e2ae2ef97d654d249bb4c39a111baeab509a7607cb3b339975f0ff-1280508614"]virustotal.com[/URL]
03.08.2010, 00:09
Никита Соловьев

Файл avz00001.dta получен 2010.08.02 20:05:46 (UTC)Антивирус Версия Обновление Результат
[QUOTE]AhnLab-V3 2010.08.01.00 2010.07.31 -
AntiVir 8.2.4.32 2010.08.02 [B]TR/Spy.98304.342[/B]
Antiy-AVL 2.0.3.7 2010.08.02 -
Authentium 5.2.0.5 2010.08.02 -
Avast 4.8.1351.0 2010.08.02 [B]Win32:Rootkit-gen [/B]
Avast5 5.0.332.0 2010.08.02 [B]Win32:Rootkit-gen[/B]
AVG 9.0.0.851 2010.08.02 [B]SHeur3.AQXB[/B]
BitDefender 7.2 2010.08.02 [B]Gen:Trojan.Heur.FU.gq0@aaDk4Mji [/B]
CAT-QuickHeal 11.00 2010.08.02 [B](Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.08.02 -
Comodo 5623 2010.08.02 [B]TrojWare.Win32.Trojan.Agent.Gen[/B]
DrWeb 5.0.2.03300 2010.08.02 -
Emsisoft 5.0.0.34 2010.07.30 -
eSafe 7.0.17.0 2010.08.02 -
eTrust-Vet 36.1.7757 2010.08.02 -
F-Prot 4.6.1.107 2010.08.02 -
F-Secure 9.0.15370.0 2010.08.02 [B]Gen:Trojan.Heur.FU.gq0@aaDk4Mji[/B]
Fortinet 4.1.143.0 2010.08.02 -
GData 21 2010.08.02 [B]Gen:Trojan.Heur.FU.gq0@aaDk4Mji[/B]
Ikarus T3.1.1.84.0 2010.08.02 -
Jiangmin 13.0.900 2010.08.01 -
Kaspersky 7.0.0.125 2010.08.02 -
McAfee 5.400.0.1158 2010.08.02 -
McAfee-GW-Edition 2010.1 2010.08.02 -
Microsoft 1.6004 2010.08.02 -
NOD32 5335 2010.08.02 -
Norman 6.05.11 2010.08.02 -
nProtect 2010-08-02.02 2010.08.02 -
Panda 10.0.2.7 2010.08.02 [B]Suspicious file[/B]
PCTools 7.0.3.5 2010.08.02 -
Prevx 3.0 2010.08.02 -
Rising 22.59.00.04 2010.08.02 -
Sophos 4.56.0 2010.08.02 -
Sunbelt 6675 2010.08.02 -
SUPERAntiSpyware 4.40.0.1006 2010.08.02 -
Symantec 20101.1.1.7 2010.08.02 -
TheHacker 6.5.2.1.328 2010.07.30 -
TrendMicro 9.120.0.1004 2010.08.02 [B]BKDR_SHIZ.V [/B]
TrendMicro-HouseCall 9.120.0.1004 2010.08.02 [B]BKDR_SHIZ.V[/B]
VBA32 3.12.12.7 2010.08.02 -
ViRobot 2010.7.31.3965 2010.08.02 -
VirusBuster 5.0.27.0 2010.08.02 -[/QUOTE]
03.08.2010, 16:20
Никита Соловьев

Сегодняшний

Файл avz00002.dta получен 2010.08.03 12:16:45 (UTC)Антивирус Версия Обновление Результат
[QUOTE]AhnLab-V3 2010.08.03.00 2010.08.03 -
AntiVir 8.2.4.32 2010.08.03 -
Antiy-AVL 2.0.3.7 2010.08.03 -
Authentium 5.2.0.5 2010.08.03 -
Avast 4.8.1351.0 2010.08.03 -
Avast5 5.0.332.0 2010.08.03 -
AVG 9.0.0.851 2010.08.03 [B]SHeur3.AQZJ[/B]
BitDefender 7.2 2010.08.03 -
CAT-QuickHeal 11.00 2010.08.03 -
ClamAV 0.96.0.3-git 2010.08.03 -
Comodo 5630 2010.08.03 [B]TrojWare.Win32.Trojan.Agent.Gen[/B]
DrWeb 5.0.2.03300 2010.08.03 -
Emsisoft 5.0.0.36 2010.08.03 -
eSafe 7.0.17.0 2010.08.02 -
eTrust-Vet 36.1.7759 2010.08.03 -
F-Prot 4.6.1.107 2010.08.03 -
F-Secure 9.0.15370.0 2010.08.03 [B]Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.1.143.0 2010.08.02 -
GData 21 2010.08.03 -
Ikarus T3.1.1.84.0 2010.08.03 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.03 -
McAfee 5.400.0.1158 2010.08.03 -
McAfee-GW-Edition 2010.1 2010.08.03 -
Microsoft 1.6004 2010.08.03 -
NOD32 5336 2010.08.03 -
Norman 6.05.11 2010.08.02 -
nProtect 2010-08-03.01 2010.08.03 -
Panda 10.0.2.7 2010.08.02 [B]Suspicious file [/B]
PCTools 7.0.3.5 2010.08.03 -
Prevx 3.0 2010.08.03 -
Rising 22.59.01.04 2010.08.03 -
Sophos 4.56.0 2010.08.03 -
Sunbelt 6678 2010.08.03 -
SUPERAntiSpyware 4.40.0.1006 2010.08.03 -
Symantec 20101.1.1.7 2010.08.03 -
TheHacker 6.5.2.1.329 2010.08.03 -
TrendMicro 9.120.0.1004 2010.08.03 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.03 -
VBA32 3.12.12.7 2010.08.02 -
ViRobot 2010.8.3.3969 2010.08.03 -
VirusBuster 5.0.27.0 2010.08.02 -[/QUOTE]
04.08.2010, 05:07
grobik

Файл [B]Reader.exe[/B] получен 2010.08.03 22:18:08 (UTC)
Текущий статус: закончено

Результат: 7/42 (16.67%)
[QUOTE]Антивирус Версия Обновление Результат
AhnLab-V3 2010.08.04.00 2010.08.03 -
AntiVir 8.2.4.32 2010.08.03 -
Antiy-AVL 2.0.3.7 2010.08.03 -
[B]Authentium 5.2.0.5 2010.08.03 W32/Bredolab.GC[/B]
Avast 4.8.1351.0 2010.08.03 -
Avast5 5.0.332.0 2010.08.03 -
AVG 9.0.0.851 2010.08.03 -
BitDefender 7.2 2010.08.03 -
CAT-QuickHeal 11.00 2010.08.03 -
[B]ClamAV 0.96.0.3-git 2010.08.03 Trojan.GenericBL.3232[/B]
Comodo 5636 2010.08.04 -
DrWeb 5.0.2.03300 2010.08.03 -
Emsisoft 5.0.0.36 2010.08.04 -
eSafe 7.0.17.0 2010.08.03 -
eTrust-Vet 36.1.7759 2010.08.03 -
F-Prot 4.6.1.107 2010.08.03 -
[B]F-Secure 9.0.15370.0 2010.08.03 Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.1.143.0 2010.08.02 -
GData 21 2010.08.03 -
Ikarus T3.1.1.84.0 2010.08.03 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.03 -
McAfee 5.400.0.1158 2010.08.03 -
McAfee-GW-Edition 2010.1 2010.08.03 -
Microsoft 1.6004 2010.08.03 -
NOD32 5338 2010.08.03 -
[B]Norman 6.05.11 2010.08.03 W32/Bredolab.B!genr[/B]
nProtect 2010-08-03.01 2010.08.03 -
Panda 10.0.2.7 2010.08.03 -
PCTools 7.0.3.5 2010.08.03 -
[B]Prevx 3.0 2010.08.04 High Risk Cloaked Malware[/B]
Rising 22.59.01.04 2010.08.03 -
[B]Sophos 4.56.0 2010.08.03 Mal/EncPk-QA
Sunbelt 6680 2010.08.03 Trojan.Win32.Generic.pak!cobra[/B]
SUPERAntiSpyware 4.40.0.1006 2010.08.03 -
Symantec 20101.1.1.7 2010.08.03 -
TheHacker 6.5.2.1.330 2010.08.03 -
TrendMicro 9.120.0.1004 2010.08.03 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.03 -
VBA32 3.12.12.7 2010.08.02 -
ViRobot 2010.8.3.3969 2010.08.03 -
VirusBuster 5.0.27.0 2010.08.03 -
[/QUOTE]
File size: 21504 bytes
MD5...: 64149dde50077f83502bbf532966f69f
SHA1..: 29e8e72501cf4f8c779ec9698893bd946d29967b
SHA256: 025e6e8752194c34e1c3593c1f03f51479a4cb825fe7b02b79cf15efe5b1d6b4
ssdeep: 384:scZZkDqx1uSQGT7UTw6AlT+WymHD9TRJSbIdMecgoq:fZkDqLuSQw7UTyiWy
CVJS2Me3h

( base data )
entrypointaddress.: 0x1390
timedatestamp.....: 0x4bdc490c (Sat May 01 15:30:20 2010)
machinetype.......: 0x14c (I386)
[url]http://www.virustotal.com/ru/analisis/025e6e8752194c34e1c3593c1f03f51479a4cb825fe7b02b79cf15efe5b1d6b4-1280873888[/url]
07.08.2010, 05:19
grobik

C:\Program Files\Common Files\Microsoft Shared\Help\1046\MicrosoftHelp.exe

Файл [B]MicrosoftHelp.exe[/B] получен 2010.08.06 22:39:54 (UTC)

Результат: 8/42 (19.05%)
[QUOTE]Антивирус Версия Обновление Результат
AhnLab-V3 2010.08.07.00 2010.08.06 -
AntiVir 8.2.4.34 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
[B]Authentium 5.2.0.5 2010.08.06 W32/Katusha.C.gen!Eldorado[/B]
Avast 4.8.1351.0 2010.08.06 -
Avast5 5.0.332.0 2010.08.06 -
[B]AVG 9.0.0.851 2010.08.06 Cryptic.ATF[/B]
BitDefender 7.2 2010.08.07 -
CAT-QuickHeal 11.00 2010.08.06 -
ClamAV 0.96.0.3-git 2010.08.06 -
[B]Comodo 5671 2010.08.06 Heur.Packed.Unknown[/B]
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7771 2010.08.06 -
[B]F-Prot 4.6.1.107 2010.08.06 W32/Katusha.C.gen!Eldorado[/B]
F-Secure 9.0.15370.0 2010.08.07 -
Fortinet 4.1.143.0 2010.08.06 -
GData 21 2010.08.06 -
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.06 -
[B]McAfee 5.400.0.1158 2010.08.06 Downloader-CEW[/B]
[B]McAfee-GW-Edition 2010.1 2010.08.06 Heuristic.BehavesLike.Win32.Suspicious.A[/B]
Microsoft 1.6004 2010.08.06 -
NOD32 5348 2010.08.06 -
Norman 6.05.11 2010.08.06 -
nProtect 2010-08-06.01 2010.08.06 -
[B]Panda 10.0.2.7 2010.08.06 Suspicious file[/B]
PCTools 7.0.3.5 2010.08.06 -
Prevx 3.0 2010.08.07 -
Rising 22.59.04.04 2010.08.06 -
[B]Sophos 4.56.0 2010.08.06 Mal/FakeAV-EI[/B]
Sunbelt 6696 2010.08.06 -
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.07 -
TheHacker 6.5.2.1.335 2010.08.07 -
TrendMicro 9.120.0.1004 2010.08.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.07 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.06 -
VirusBuster 5.0.27.0 2010.08.06 -
[/QUOTE]
File size: 163840 bytes
MD5...: a974c620a84ca66a2445581a996822c3
SHA1..: 8bc98d6392014e2b22632dcea0227c4209a98d73
SHA256: dbac0281507987694f6217d655396bb7503bb4ebd2d1d140615e84b5c979171d
ssdeep: 3072:81XmnVKXi9DvPSX0rJ4OpbQp1Fj8Zk3n7Qeokrcj0fy:R9DvPSX0VtpRZic

( base data )
entrypointaddress.: 0x2b74
timedatestamp.....: 0x3c6c7ff8 (Fri Feb 15 03:26:48 2002)
machinetype.......: 0x14c (I386)
[url]http://www.virustotal.com/ru/analisis/dbac0281507987694f6217d655396bb7503bb4ebd2d1d140615e84b5c979171d-1281134394[/url]
07.08.2010, 21:55
polar_owl

Поймал неделю назад у знакомого на компьютере. Жаловался, что при нажатии на ссылку на mail.ru его перенаправляет на порносайт.
Выложил результат проверки только сейчас, так как ждал вердикта аналитиков из Kaspersky или DrWeb. DrWeb только вчера его добавили. От Kaspersky, судя по Киберу, нет ответа с 20.07.
Зараза прописывается в [B]AppInit_DLLs[/B], имеет имя: [B]C:\WINDOWS\system32\sysintm.dll[/B]

[B]Файл avz00001.dta получен 2010.08.07 17:42:54 (UTC)
Результат: [COLOR="Red"]4[/COLOR]/42 (9.53%)[/B]
[QUOTE]Антивирус Версия Обновление Результат
AhnLab-V3 2010.08.07.00 2010.08.06 -
AntiVir 8.2.4.34 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.07 -
Avast 4.8.1351.0 2010.08.07 -
Avast5 5.0.332.0 2010.08.07 -
AVG 9.0.0.851 2010.08.07 -
BitDefender 7.2 2010.08.07 -
CAT-QuickHeal 11.00 2010.08.07 -
ClamAV 0.96.0.3-git 2010.08.07 -
Comodo 5672 2010.08.07 -
[B]DrWeb 5.0.2.03300 2010.08.07 Trojan.BrowseSpy.2[/B]
Emsisoft 5.0.0.36 2010.08.07 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7773 2010.08.07 -
F-Prot 4.6.1.107 2010.08.07 -
F-Secure 9.0.15370.0 2010.08.07 -
Fortinet 4.1.143.0 2010.08.07 -
GData 21 2010.08.07 -
Ikarus T3.1.1.84.0 2010.08.07 -
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.07 -
McAfee 5.400.0.1158 2010.08.07 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.07 -
[B]NOD32 5348 2010.08.06 Win32/Agent.OGA[/B]
Norman 6.05.11 2010.08.07 -
nProtect 2010-08-07.01 2010.08.07 -
Panda 10.0.2.7 2010.08.07 -
PCTools 7.0.3.5 2010.08.07 -
Prevx 3.0 2010.08.07 -
Rising 22.59.05.04 2010.08.07 -
Sophos 4.56.0 2010.08.07 -
Sunbelt 6700 2010.08.07 -
SUPERAntiSpyware 4.40.0.1006 2010.08.07 -
Symantec 20101.1.1.7 2010.08.07 -
[B]TheHacker 6.5.2.1.336 2010.08.07 Trojan/Agent.oga
TrendMicro 9.120.0.1004 2010.08.07 PAK_Generic.001[/B]
TrendMicro-HouseCall 9.120.0.1004 2010.08.07 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.07 -
VirusBuster 5.0.27.0 2010.08.07 -[/QUOTE]
[URL="http://www.virustotal.com/ru/analisis/354655259524aace859800e5e89d167c7652f640dfe9bf968818b3aab70af615-1281202974"]VirusTotal[/URL]
08.08.2010, 01:54
Никита Соловьев

Новое из раздела "помогите"

Файл avz00001.dta получен 2010.08.07 21:49:55 (UTC)Антивирус Версия Обновление [QUOTE]Результат
AhnLab-V3 2010.08.08.00 2010.08.07 -
AntiVir 8.2.4.34 2010.08.07 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.07 -
Avast 4.8.1351.0 2010.08.07 -
Avast5 5.0.332.0 2010.08.07 -
AVG 9.0.0.851 2010.08.07 [B]SHeur3.ASBP[/B]
BitDefender 7.2 2010.08.07 -
CAT-QuickHeal 11.00 2010.08.07 -
ClamAV 0.96.0.3-git 2010.08.07 -
Comodo 5676 2010.08.07 [B]TrojWare.Win32.Trojan.Agent.Gen [/B]
DrWeb 5.0.2.03300 2010.08.07 -
Emsisoft 5.0.0.36 2010.08.07 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7773 2010.08.07 -
F-Prot 4.6.1.107 2010.08.07 -
F-Secure 9.0.15370.0 2010.08.07 [B]Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.1.143.0 2010.08.07 -
GData 21 2010.08.07 -
Ikarus T3.1.1.84.0 2010.08.07 -
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.07 -
McAfee 5.400.0.1158 2010.08.07 -
McAfee-GW-Edition 2010.1 2010.08.07 -
Microsoft 1.6004 2010.08.07 -
NOD32 5349 2010.08.07 -
Norman 6.05.11 2010.08.07 -
nProtect 2010-08-07.01 2010.08.07 -
Panda 10.0.2.7 2010.08.07 [B]Suspicious file [/B]
PCTools 7.0.3.5 2010.08.07 -
Prevx 3.0 2010.08.07 -
Rising 22.59.05.04 2010.08.07 -
Sophos 4.56.0 2010.08.07 -
Sunbelt 6700 2010.08.07 -
SUPERAntiSpyware 4.40.0.1006 2010.08.07 -
Symantec 20101.1.1.7 2010.08.07 [B]Suspicious.Mystic[/B]
TheHacker 6.5.2.1.336 2010.08.07 -
TrendMicro 9.120.0.1004 2010.08.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.07 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.07 -
VirusBuster 5.0.27.0 2010.08.07 - [/QUOTE]
10.08.2010, 04:25
DefesT

File [B]_.exe[/B] received on 2010.08.10 00:12:29 (UTC)
Result: [B][COLOR="Red"]17[/COLOR]/42[/B] (40.48%)
[QUOTE][U]Antivirus Version Last Update Result[/U]
[B]AhnLab-V3 2010.08.10.00 2010.08.09 Malware/Win32.Generic[/B]
[B]AntiVir 8.2.4.34 2010.08.09 TR/Midgare.apwr[/B]
Antiy-AVL 2.0.3.7 2010.08.09 -
Authentium 5.2.0.5 2010.08.09 -
[B]Avast 4.8.1351.0 2010.08.09 Win32:Trojan-gen
Avast5 5.0.332.0 2010.08.09 Win32:Trojan-gen[/B]
AVG 9.0.0.851 2010.08.09 -
[B]BitDefender 7.2 2010.08.10 Trojan.Generic.KD.25631[/B]
CAT-QuickHeal 11.00 2010.08.09 -
ClamAV 0.96.0.3-git 2010.08.09 -
Comodo 5700 2010.08.10 -
[B]DrWeb 5.0.2.03300 2010.08.10 Trojan.Inject.9224[/B]
[B]Emsisoft 5.0.0.36 2010.08.09 Trojan.Win32.VBKrypt!IK[/B]
[B]eSafe 7.0.17.0 2010.08.09 Suspicious File[/B]
eTrust-Vet 36.1.7778 2010.08.09 -
F-Prot 4.6.1.107 2010.08.09 -
[B]F-Secure 9.0.15370.0 2010.08.10 Trojan.Generic.KD.25631[/B]
Fortinet 4.1.143.0 2010.08.09 -
[B]GData 21 2010.08.10 Trojan.Generic.KD.25631
Ikarus T3.1.1.87.0 2010.08.09 Trojan.Win32.VBKrypt[/B]
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.09 -
McAfee 5.400.0.1158 2010.08.10 -
[B]McAfee-GW-Edition 2010.1 2010.08.09 Heuristic.LooksLike.Win32.Suspicious.F!89[/B]
Microsoft 1.6004 2010.08.09 -
NOD32 5353 2010.08.09 -
[B]Norman 6.05.11 2010.08.09 W32/VBTroj.CYEZ
nProtect 2010-08-09.02 2010.08.09 Trojan.Generic.KD.25631
Panda 10.0.2.7 2010.08.09 Suspicious file[/B]
PCTools 7.0.3.5 2010.08.09 -
[B]Prevx 3.0 2010.08.10 Medium Risk Malware Dropper[/B]
Rising 22.60.00.04 2010.08.09 -
[B]Sophos 4.56.0 2010.08.09 Mal/Dloadr-AL[/B]
Sunbelt 6709 2010.08.10 -
SUPERAntiSpyware 4.40.0.1006 2010.08.10 -
Symantec 20101.1.1.7 2010.08.09 -
TheHacker 6.5.2.1.341 2010.08.10 -
TrendMicro 9.120.0.1004 2010.08.09 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.10 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.8.9.3978 2010.08.09 -
VirusBuster 5.0.27.0 2010.08.09 -[/QUOTE]
Additional information
File size: [B]619086[/B] bytes
MD5...: e8297474f8754cf041f86c16f161cacc
SHA1..: 366e37fea9891de5d8575d04c5ef2100d381e068
SHA256: 2ba13174bffd065339e6c7cd825430fbaf8f602b44293eada90d2ba81f1792af
[url]http://www.virustotal.com/analisis/2ba13174bffd065339e6c7cd825430fbaf8f602b44293eada90d2ba81f1792af-1281399149[/url]

File [B]flash_player.exe[/B] received on 2010.08.10 00:12:37 (UTC)
Result: [B][COLOR="Red"]3[/COLOR]/42[/B] (7.15%)
[QUOTE][U]Antivirus Version Last Update Result[/U]
AhnLab-V3 2010.08.10.00 2010.08.09 -
AntiVir 8.2.4.34 2010.08.09 -
Antiy-AVL 2.0.3.7 2010.08.09 -
Authentium 5.2.0.5 2010.08.09 -
Avast 4.8.1351.0 2010.08.09 -
Avast5 5.0.332.0 2010.08.09 -
AVG 9.0.0.851 2010.08.09 -
BitDefender 7.2 2010.08.10 -
CAT-QuickHeal 11.00 2010.08.09 -
ClamAV 0.96.0.3-git 2010.08.09 -
Comodo 5700 2010.08.10 -
DrWeb 5.0.2.03300 2010.08.10 -
Emsisoft 5.0.0.36 2010.08.09 -
eSafe 7.0.17.0 2010.08.09 -
eTrust-Vet 36.1.7778 2010.08.09 -
F-Prot 4.6.1.107 2010.08.09 -
[B]F-Secure 9.0.15370.0 2010.08.10 Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.1.143.0 2010.08.09 -
GData 21 2010.08.10 -
Ikarus T3.1.1.87.0 2010.08.09 -
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.09 -
McAfee 5.400.0.1158 2010.08.10 -
McAfee-GW-Edition 2010.1 2010.08.09 -
Microsoft 1.6004 2010.08.09 -
[B]NOD32 5353 2010.08.09 a variant of Win32/Injector.CMA[/B]
Norman 6.05.11 2010.08.09 -
nProtect 2010-08-09.02 2010.08.09 -
Panda 10.0.2.7 2010.08.09 -
PCTools 7.0.3.5 2010.08.09 -
Prevx 3.0 2010.08.10 -
Rising 22.60.00.04 2010.08.09 -
Sophos 4.56.0 2010.08.09 -
[B]Sunbelt 6709 2010.08.10 Virtool.Win32.Vbinject.1 (v)[/B]
SUPERAntiSpyware 4.40.0.1006 2010.08.10 -
Symantec 20101.1.1.7 2010.08.09 -
TheHacker 6.5.2.1.341 2010.08.10 -
TrendMicro 9.120.0.1004 2010.08.09 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.10 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.8.9.3978 2010.08.09 -
VirusBuster 5.0.27.0 2010.08.09 -[/QUOTE]
Additional information
File size: [B]112448[/B] bytes
MD5...: b7859c16428982587c5f4cf5f167180a
SHA1..: e17ab5180d752fc1596964068003b81437e8a265
SHA256: ebc49d82097a19c3e41aef6c75bb66379d8cf9ec84b8dae7bb9ae8ccd12c2bb3
[url]http://www.virustotal.com/analisis/ebc49d82097a19c3e41aef6c75bb66379d8cf9ec84b8dae7bb9ae8ccd12c2bb3-1281399157[/url]
10.08.2010, 16:44
Никита Соловьев

[B]monoca32.exe[/B]

[QUOTE]AhnLab-V3 2010.08.10.01 2010.08.10 [B]Win-Trojan/Xema.variant [/B]
AntiVir 8.2.4.34 2010.08.10 -
Antiy-AVL 2.0.3.7 2010.08.10 -
Authentium 5.2.0.5 2010.08.10 -
Avast 4.8.1351.0 2010.08.10 [B]Win32:Crypt-HCS [/B]
Avast5 5.0.332.0 2010.08.10 [B]Win32:Crypt-HCS[/B]
AVG 9.0.0.851 2010.08.10 [B]Agent2.BCCT[/B]
BitDefender 7.2 2010.08.10 [B]Trojan.Generic.4544889[/B]
CAT-QuickHeal 11.00 2010.08.10 -
ClamAV 0.96.0.3-git 2010.08.10 -
Comodo 5706 2010.08.10 [B]TrojWare.Win32.Trojan.Agent.Gen[/B]
DrWeb 5.0.2.03300 2010.08.10 [B]Trojan.Winlock.2282[/B]
Emsisoft 5.0.0.37 2010.08.10 [B]Trojan-Ransom.Win32.DigiPog!IK[/B]
eSafe 7.0.17.0 2010.08.09 [B]Win32.Bredolab.W [/B]
eTrust-Vet 36.1.7779 2010.08.10 -
F-Prot 4.6.1.107 2010.08.10 -
F-Secure 9.0.15370.0 2010.08.10 [B]Trojan.Generic.4544889[/B]
Fortinet 4.1.143.0 2010.08.10 [B]W32/DigiPog.WC!tr[/B]
GData 21 2010.08.10 [B]Trojan.Generic.4544889 [/B]
Ikarus T3.1.1.87.0 2010.08.10 [B]Trojan-Ransom.Win32.DigiPog[/B]
Jiangmin 13.0.900 2010.08.10 [B]Trojan/DigiPog.yd [/B]
Kaspersky 7.0.0.125 2010.08.10 [B]Trojan-Ransom.Win32.DigiPog.wc[/B]
McAfee 5.400.0.1158 2010.08.10 [B]Bredolab.gen.w[/B]
McAfee-GW-Edition 2010.1 2010.08.10 -
Microsoft 1.6004 2010.08.10 [B]TrojanDownloader:Win32/Bredolab.AA[/B]
NOD32 5353 2010.08.10 [B]a variant of Win32/Kryptik.FSL [/B]
Norman 6.05.11 2010.08.09 [B]W32/Harnig.A!genr[/B]
nProtect 2010-08-10.01 2010.08.10 [B]Trojan.Generic.4544889 [/B]
Panda 10.0.2.7 2010.08.10 [B]Trj/CI.A[/B]
PCTools 7.0.3.5 2010.08.10 [B]Trojan.Gen[/B]
Prevx 3.0 2010.08.10 [B]Medium Risk Malware Dropper[/B]
Rising 22.60.01.04 2010.08.10 -
Sophos 4.56.0 2010.08.10 [B]Mal/FakeAV-EA[/B]
Sunbelt 6711 2010.08.10 [B]Trojan.Win32.Generic.pak!cobra[/B]
SUPERAntiSpyware 4.40.0.1006 2010.08.10 [B]Trojan.Agent/Gen-Faldesc[/B]
Symantec 20101.1.1.7 2010.08.10 [B]Trojan.Gen[/B]
TheHacker 6.5.2.1.341 2010.08.10 [B]Trojan/DigiPog.wc[/B]
TrendMicro 9.120.0.1004 2010.08.10 [B]TROJ_BURNIX.SMEP[/B]
TrendMicro-HouseCall 9.120.0.1004 2010.08.10 [B]TROJ_BURNIX.SMEP[/B]
VBA32 3.12.12.8 2010.08.10 [B]TrojanRansom.DigiPog.wc[/B]
ViRobot 2010.8.9.3978 2010.08.10 -
VirusBuster 5.0.27.0 2010.08.09 [B]Trojan.DigiPog.RI[/B] [/QUOTE]
12.08.2010, 14:54
Vadim_SVN

OSAM в столбцах написал, что это Userinit и паблишер BitDefender :)

[CODE]File name: avz00001.dta
Submission date: 2010-08-12 08:11:44 (UTC)
[B][COLOR="Red"]Result: 5/ 41 (12.2%)[/COLOR][/B]

AhnLab-V3 2010.08.12.00 2010.08.11 -
AntiVir 8.2.4.34 2010.08.11 -
Antiy-AVL 2.0.3.7 2010.08.11 -
Authentium 5.2.0.5 2010.08.12 -
Avast 4.8.1351.0 2010.08.11 -
Avast5 5.0.332.0 2010.08.11 -
AVG 9.0.0.851 2010.08.11 -
BitDefender 7.2 2010.08.12 -
[B]CAT-QuickHeal 11.00 2010.08.12 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.08.12 -
Comodo 5714 2010.08.11 -
DrWeb 5.0.2.03300 2010.08.12 -
Emsisoft 5.0.0.37 2010.08.12 -
eSafe 7.0.17.0 2010.08.11 -
eTrust-Vet 36.1.7784 2010.08.12 -
F-Prot 4.6.1.107 2010.08.12 -
F-Secure 9.0.15370.0 2010.08.12 -
Fortinet 4.1.143.0 2010.08.11 -
GData 21 2010.08.12 -
Ikarus T3.1.1.88.0 2010.08.12 -
Jiangmin 13.0.900 2010.08.12 -
Kaspersky 7.0.0.125 2010.08.12 -
McAfee 5.400.0.1158 2010.08.12 -
McAfee-GW-Edition 2010.1 2010.08.12 -
Microsoft 1.6004 2010.08.12 -
[B]NOD32 5358 2010.08.11 a variant of Win32/Kryptik.FYA[/B]
Norman 6.05.11 2010.08.12 -
nProtect 2010-08-12.03 2010.08.12 -
[B]Panda 10.0.2.7 2010.08.11 Suspicious file[/B]
PCTools 7.0.3.5 2010.08.12 -
Rising 22.60.03.01 2010.08.12 -
Sophos 4.56.0 2010.08.12 -
Sunbelt 6721 2010.08.12 -
SUPERAntiSpyware 4.40.0.1006 2010.08.12 -
Symantec 20101.1.1.7 2010.08.12 -
TheHacker 6.5.2.1.343 2010.08.11 -
[B]TrendMicro 9.120.0.1004 2010.08.12 TSPY_LOGSKIE.SMF
TrendMicro-HouseCall 9.120.0.1004 2010.08.12 TSPY_LOGSKIE.SMF[/B]
VBA32 3.12.14.0 2010.08.11 -
ViRobot 2010.8.9.3978 2010.08.12 -
VirusBuster 5.0.27.0 2010.08.11 -

Additional information
MD5 : 9af33e507415daf1d7961523d162899c
SHA1 : 85e60304a851098c2cd654f4b4339f0c54baaa5b
SHA256: 2acab996ea2c7f5c96853ca2386ef80137a2d6c127c26dc0bd758e40f7d4a8a3
[/CODE]
[CODE]File name: avz00002.dta
Submission date: 2010-08-12 08:12:43 (UTC)
[B][COLOR="Red"]Result: 7/ 42 (16.7%)[/COLOR][/B]

AhnLab-V3 2010.08.12.00 2010.08.11 -
AntiVir 8.2.4.34 2010.08.11 -
Antiy-AVL 2.0.3.7 2010.08.11 -
Authentium 5.2.0.5 2010.08.12 -
Avast 4.8.1351.0 2010.08.11 -
Avast5 5.0.332.0 2010.08.11 -
AVG 9.0.0.851 2010.08.11 -
BitDefender 7.2 2010.08.12 -
[B]CAT-QuickHeal 11.00 2010.08.12 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.08.12 -
[B]Comodo 5714 2010.08.11 TrojWare.Win32.Trojan.Agent.Gen[/B]
DrWeb 5.0.2.03300 2010.08.12 -
Emsisoft 5.0.0.37 2010.08.12 -
eSafe 7.0.17.0 2010.08.11 -
eTrust-Vet 36.1.7784 2010.08.12 -
F-Prot 4.6.1.107 2010.08.12 -
F-Secure 9.0.15370.0 2010.08.12 -
Fortinet 4.1.143.0 2010.08.11 -
GData 21 2010.08.12 -
Ikarus T3.1.1.88.0 2010.08.12 -
Jiangmin 13.0.900 2010.08.12 -
Kaspersky 7.0.0.125 2010.08.12 -
McAfee 5.400.0.1158 2010.08.12 -
McAfee-GW-Edition 2010.1 2010.08.12 -
[B]Microsoft 1.6004 2010.08.12 Trojan:Win32/Meredrop
NOD32 5358 2010.08.11 a variant of Win32/Kryptik.FYA[/B]
Norman 6.05.11 2010.08.12 -
nProtect 2010-08-12.03 2010.08.12 -
[B]Panda 10.0.2.7 2010.08.11 Suspicious file[/B]
PCTools 7.0.3.5 2010.08.12 -
Prevx 3.0 2010.08.12 -
Rising 22.60.03.01 2010.08.12 -
Sophos 4.56.0 2010.08.12 -
Sunbelt 6721 2010.08.12 -
SUPERAntiSpyware 4.40.0.1006 2010.08.12 -
Symantec 20101.1.1.7 2010.08.12 -
TheHacker 6.5.2.1.343 2010.08.11 -
[B]TrendMicro 9.120.0.1004 2010.08.12 TSPY_LOGSKIE.SMF
TrendMicro-HouseCall 9.120.0.1004 2010.08.12 TSPY_LOGSKIE.SMF[/B]
VBA32 3.12.14.0 2010.08.11 -
ViRobot 2010.8.9.3978 2010.08.12 -
VirusBuster 5.0.27.0 2010.08.11 -

Additional information
MD5 : ea368e1bf69a029e3433b354999e1c16
SHA1 : e8b74ee8584f63e4cc754297e7661d72de9e2298
SHA256: 07a1a9d51d74d0377c06140a2d8102507aa9071c37bac53d257799059e058f68
[/CODE]

Сэмплы ушли Вебу и Касперу

[size="1"][color="#666686"][B][I]Добавлено через 2 часа 14 минут[/I][/B][/color][/size]

Уже проверены :)
Alexey Gashkin - Virus Monitoring Service Doctor Web Ltd.
avz00001.dta - Угроза: Trojan.PWS.Ibank.109
avz00002.dta - Угроза: BackDoor.Siggen.25748
15.08.2010, 15:01
Nexus

Выловил monoca32.exe

File name:
avz00001.dta
Submission date:
2010-08-15 10:38:10 (UTC)
Result:
15/ 42 (35.7%)

[QUOTE][B]AhnLab-V3 2010.08.15.01 2010.08.15 Win-Trojan/Bredolab.55808[/B]
AntiVir 8.2.4.34 2010.08.13 -
Antiy-AVL 2.0.3.7 2010.08.11 -
Authentium 5.2.0.5 2010.08.14 -
[B]Avast 4.8.1351.0 2010.08.14 Win32:Crypt-HIB
Avast5 5.0.332.0 2010.08.14 Win32:Crypt-HIB[/B]
AVG 9.0.0.851 2010.08.15 -
[B]BitDefender 7.2 2010.08.15 Gen:Variant.Ursnif.20
CAT-QuickHeal 11.00 2010.08.14 Win32.Packed.Krap.ao.7[/B]
ClamAV 0.96.0.3-git 2010.08.15 -
Comodo 5746 2010.08.15 -
DrWeb 5.0.2.03300 2010.08.15 -
Emsisoft 5.0.0.37 2010.08.15 -
eSafe 7.0.17.0 2010.08.12 -
eTrust-Vet 36.1.7790 2010.08.13 -
F-Prot 4.6.1.107 2010.08.14 -
F-Secure 9.0.15370.0 2010.08.15 -
Fortinet 4.1.143.0 2010.08.15 -
[B]GData 21 2010.08.15 Gen:Variant.Ursnif.20[/B]
Ikarus T3.1.1.88.0 2010.08.15 -
Jiangmin 13.0.900 2010.08.15 -
Kaspersky 7.0.0.125 2010.08.15 -
[B]McAfee 5.400.0.1158 2010.08.15 Downloader-BZI.gen.a[/B]
McAfee-GW-Edition 2010.1 2010.08.14 -
Microsoft 1.6004 2010.08.15 -
[B]NOD32 5367 2010.08.14 a variant of Win32/Kryptik.FZR[/B]
Norman 6.05.11 2010.08.14 -
[B]nProtect 2010-08-15.01 2010.08.15 Gen:Variant.Ursnif.20[/B]
Panda 10.0.2.7 2010.08.14 -
[B]PCTools 7.0.3.5 2010.08.15 Downloader.Harnig
Prevx 3.0 2010.08.15 Medium Risk Malware[/B]
Rising 22.60.06.04 2010.08.15 -
Sophos 4.56.0 2010.08.15 -
[B]Sunbelt 6735 2010.08.15 Trojan.Win32.Generic.pak!cobra[/B]
SUPERAntiSpyware 4.40.0.1006 2010.08.15 -
[B]Symantec 20101.1.1.7 2010.08.15 Downloader.Harnig!gen1[/B]
TheHacker 6.5.2.1.348 2010.08.14 -
[B]TrendMicro 9.120.0.1004 2010.08.15 TROJ_BURNIX.SMEP
TrendMicro-HouseCall 9.120.0.1004 2010.08.15 TROJ_BURNIX.SMEP[/B]
VBA32 3.12.14.0 2010.08.13 -
ViRobot 2010.8.9.3978 2010.08.14 -
VirusBuster 5.0.27.0 2010.08.14 -[/QUOTE]
16.08.2010, 15:47
kvit

[CODE]Antivirus Version Last Update Result
[B]AhnLab-V3 2010.08.16.02 2010.08.16 Malware/Win32.Generic[/B]
AntiVir 8.2.4.34 2010.08.16 -
Antiy-AVL 2.0.3.7 2010.08.16 -
[B]Authentium 5.2.0.5 2010.08.16 W32/Infostealer.A!Maximus[/B]
Avast 4.8.1351.0 2010.08.15 -
Avast5 5.0.332.0 2010.08.15 -
AVG 9.0.0.851 2010.08.16 -
[B]BitDefender 7.2 2010.08.16 DeepScan:Generic.Malware.FPPkTkg.7388E5A8[/B]
CAT-QuickHeal 11.00 2010.08.16 -
ClamAV 0.96.0.3-git 2010.08.16 -
Comodo 5758 2010.08.16 -
DrWeb 5.0.2.03300 2010.08.16 -
eSafe 7.0.17.0 2010.08.15 -
eTrust-Vet 36.1.7793 2010.08.16 -
[B]F-Prot 4.6.1.107 2010.08.16 W32/Infostealer.A!Maximus[/B]
[B]F-Secure 9.0.15370.0 2010.08.16 DeepScan:Generic.Malware.FPPkTkg.7388E5A8[/B]
Fortinet 4.1.143.0 2010.08.16 -
[B]GData 21 2010.08.16 DeepScan:Generic.Malware.FPPkTkg.7388E5A8[/B]
[B]Ikarus T3.1.1.88.0 2010.08.16 Win32.SuspectCrc[/B]
Jiangmin 13.0.900 2010.08.16 -
Kaspersky 7.0.0.125 2010.08.16 -
McAfee 5.400.0.1158 2010.08.16 -
McAfee-GW-Edition 2010.1 2010.08.16 -
Microsoft 1.6004 2010.08.16 -
NOD32 5369 2010.08.16 -
Norman 6.05.11 2010.08.15 -
nProtect 2010-08-16.01 2010.08.16 -
[B]Panda 10.0.2.7 2010.08.15 Suspicious file[/B]
PCTools 7.0.3.5 2010.08.16 -
Prevx 3.0 2010.08.16 -
Rising 22.61.00.04 2010.08.16 -
Sophos 4.56.0 2010.08.16 -
[B]Sunbelt 6740 2010.08.16 Trojan.Win32.Generic!BT[/B]
SUPERAntiSpyware 4.40.0.1006 2010.08.16 -
Symantec 20101.1.1.7 2010.08.16 -
TheHacker 6.5.2.1.349 2010.08.16 -
TrendMicro 9.120.0.1004 2010.08.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.16 -
VBA32 3.12.14.0 2010.08.13 -
ViRobot 2010.8.16.3990 2010.08.16 -
VirusBuster 5.0.27.0 2010.08.15 -
[/CODE]
[CODE]Additional informationShow all
MD5 : 058ebc415a27694b7cff3093cfaf2f4a
SHA1 : b0f3ccd65414853eb120b01e1ad7fbf25fc59690
SHA256: 41e19d03853208caec30a3c6c9bffa038e6b03f0a021b24bbac092dbdbff788c[/CODE]
20.08.2010, 08:00
grobik

File name: [B]nyik.exe[/B]
Submission date: 2010-08-20 00:18:41 (UTC)
Current status: finished

Result: 9/ 41 (22.0%)
[QUOTE]Antivirus Version Last Update Result
AhnLab-V3 2010.08.20.00 2010.08.19 -
AntiVir 8.2.4.38 2010.08.19 -
Antiy-AVL 2.0.3.7 2010.08.16 -
[B]Authentium 5.2.0.5 2010.08.20 W32/Skintrim.1!Generic[/B]
Avast 4.8.1351.0 2010.08.19 -
Avast5 5.0.332.0 2010.08.19 -
AVG 9.0.0.851 2010.08.19 -
BitDefender 7.2 2010.08.20 -
CAT-QuickHeal 11.00 2010.08.19 -
ClamAV 0.96.2.0-git 2010.08.20 -
Comodo 5788 2010.08.20 -
[B]DrWeb 5.0.2.03300 2010.08.20 Trojan.PWS.Panda.387[/B]
Emsisoft 5.0.0.37 2010.08.20 -
eSafe 7.0.17.0 2010.08.19 -
eTrust-Vet 36.1.7801 2010.08.19 -
[B]F-Prot 4.6.1.107 2010.08.19 W32/Skintrim.1!Generic
F-Secure 9.0.15370.0 2010.08.20 Trojan-Spy:W32/Zbot.AHGN[/B]
Fortinet 4.1.143.0 2010.08.19 -
GData 21 2010.08.20 -
Ikarus T3.1.1.88.0 2010.08.20 -
Jiangmin 13.0.900 2010.08.19 -
Kaspersky 7.0.0.125 2010.08.20 -
McAfee 5.400.0.1158 2010.08.20 -
[B]Microsoft 1.6103 2010.08.20 PWS:Win32/Zbot.gen!Y
NOD32 5380 2010.08.19 a variant of Win32/Kryptik.GDT[/B]
Norman 6.05.11 2010.08.19 -
nProtect 2010-08-19.01 2010.08.19 -
Panda 10.0.2.7 2010.08.19 -
PCTools 7.0.3.5 2010.08.20 -
[B]Prevx 3.0 2010.08.20 Medium Risk Malware[/B]
Rising 22.61.03.04 2010.08.19 -
[B]Sophos 4.56.0 2010.08.20 Mal/Zbot-U[/B]
Sunbelt 6763 2010.08.20 -
[B]SUPERAntiSpyware 4.40.0.1006 2010.08.20 Trojan.Agent/Gen-Faldesc[/B]
Symantec 20101.1.1.7 2010.08.20 -
TheHacker 6.5.2.1.351 2010.08.19 -
TrendMicro 9.120.0.1004 2010.08.19 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.20 -
VBA32 3.12.14.0 2010.08.20 -
ViRobot 2010.8.16.3990 2010.08.19 -
VirusBuster 5.0.27.0 2010.08.19 -[/QUOTE]

MD5 : af4c670a44086fb04d8bbd8d7cec3878
SHA1 : fd4e4077d2e17c7914a47e8a7bc63b4580aa8950
SHA256: 562992f1e18e5fb36f969ec9d1201449d6bdbe0c01a0e6aff68f30be699c5bf2
ssdeep: 3072:DFGKdZNPH53dJpakeOiZTdrk+C7riQtyXmiiuCYL31mf3QCoGz:Nf5rpake1A7riQQ7nCY
zgvj

File size : 150528 bytes
First seen: 2010-08-20 00:18:41
Last seen : 2010-08-20 00:18:41
[url]http://www.virustotal.com/file-scan/report.html?id=562992f1e18e5fb36f969ec9d1201449d6bdbe0c01a0e6aff68f30be699c5bf2-1282263521[/url]

в автозапуске
[URL=http://www.radikal.ru][IMG]http://s02.radikal.ru/i175/1008/e0/a9d41830a02c.png[/IMG][/URL]
22.08.2010, 17:38
polar_owl

Только что из Помогите.
[B]c:\windows\system32\40e38710.exe[/B], прописывается в [B]UserInit[/B]
[B]avz00001.dta
Submission date: 2010-08-22 13:32:15 (UTC)
Current status: finished
Result: [COLOR="Red"]4[/COLOR]/ 42 (9.5%)[/B]
[QUOTE][B]Antivirus Version Last Update Result[/B]
AhnLab-V3 2010.08.22.00 2010.08.21 -
AntiVir 8.2.4.38 2010.08.20 -
Antiy-AVL 2.0.3.7 2010.08.16 -
Authentium 5.2.0.5 2010.08.22 -
Avast 4.8.1351.0 2010.08.22 -
Avast5 5.0.332.0 2010.08.22 -
AVG 9.0.0.851 2010.08.22 -
BitDefender 7.2 2010.08.22 -
CAT-QuickHeal 11.00 2010.08.21 -
ClamAV 0.96.2.0-git 2010.08.22 -
[B]Comodo 5817 2010.08.22 [COLOR="red"]TrojWare.Win32.Trojan.Agent.Gen[/COLOR][/B]
DrWeb 5.0.2.03300 2010.08.22 -
Emsisoft 5.0.0.37 2010.08.22 -
eSafe 7.0.17.0 2010.08.19 -
eTrust-Vet 36.1.7804 2010.08.21 -
F-Prot 4.6.1.107 2010.08.22 -
[B]F-Secure 9.0.15370.0 2010.08.22 [COLOR="red"]Suspicious:W32/Malware!Gemini[/COLOR][/B]
Fortinet 4.1.143.0 2010.08.22 -
GData 21 2010.08.22 -
Ikarus T3.1.1.88.0 2010.08.22 -
Jiangmin 13.0.900 2010.08.21 -
Kaspersky 7.0.0.125 2010.08.22 -
McAfee 5.400.0.1158 2010.08.22 -
McAfee-GW-Edition 2010.1B 2010.08.21 -
Microsoft 1.6103 2010.08.22 -
NOD32 5386 2010.08.22 -
Norman 6.05.11 2010.08.22 -
nProtect 2010-08-22.01 2010.08.22 -
[B]Panda 10.0.2.7 2010.08.22 [COLOR="red"]Suspicious file[/COLOR][/B]
PCTools 7.0.3.5 2010.08.22 -
[B]Prevx 3.0 2010.08.22 [COLOR="red"]High Risk Cloaked Malware[/COLOR][/B]
Rising 22.61.06.04 2010.08.22 -
Sophos 4.56.0 2010.08.22 -
Sunbelt 6775 2010.08.22 -
SUPERAntiSpyware 4.40.0.1006 2010.08.22 -
Symantec 20101.1.1.7 2010.08.22 -
TheHacker 6.5.2.1.352 2010.08.20 -
TrendMicro 9.120.0.1004 2010.08.22 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.22 -
VBA32 3.12.14.0 2010.08.20 -
ViRobot 2010.8.18.3995 2010.08.22 -
VirusBuster 5.0.27.0 2010.08.21 -[/QUOTE]

[URL="http://www.virustotal.com/file-scan/report.html?id=b9f8697dd287c672fdb8a1da0487be5f78bd9fb044cc4824b4f594ec47a85047-1282483935"]VirusTotal[/URL]
24.08.2010, 18:39
valho

Не было Ц.П.
File name: tftp.exe
Submission date: 2010-08-24 14:27:18 (UTC)
Current status:finished
Result: 7 /42 (16.7%)
[QUOTE]AhnLab-V3 2010.08.24.00 2010.08.23 -
AntiVir 8.2.4.38 2010.08.24 -
Antiy-AVL 2.0.3.7 2010.08.23 -
[B]Authentium 5.2.0.5 2010.08.24 W32/Backdoor2.BIRB[/B]
Avast 4.8.1351.0 2010.08.23 -
Avast5 5.0.332.0 2010.08.23 -
AVG 9.0.0.851 2010.08.24 -
BitDefender 7.2 2010.08.24 -
CAT-QuickHeal 11.00 2010.08.24 -
ClamAV 0.96.2.0-git 2010.08.24 -
Comodo 5843 2010.08.24 -
DrWeb 5.0.2.03300 2010.08.24 -
Emsisoft 5.0.0.37 2010.08.24 -
eSafe 7.0.17.0 2010.08.24 -
eTrust-Vet 36.1.7810 2010.08.23 -
[B]F-Prot 4.6.1.107 2010.08.24 W32/Backdoor2.BIRB[/B]
F-Secure 9.0.15370.0 2010.08.24 -
Fortinet 4.1.143.0 2010.08.24 -
GData 21 2010.08.24 -
Ikarus T3.1.1.88.0 2010.08.24 -
[B]Jiangmin 13.0.900 2010.08.23 Trojan/Agent.aaul[/B]
Kaspersky 7.0.0.125 2010.08.24 -
[B]McAfee 5.400.0.1158 2010.08.24 Artemis!DB3F663417BA[/B]
[B]McAfee-GW-Edition 2010.1B 2010.08.24 Artemis!DB3F663417BA[/B]
Microsoft 1.6103 2010.08.24 -
NOD32 5393 2010.08.24 -
Norman 6.05.11 2010.08.24 -
nProtect 2010-08-24.01 2010.08.24 -
Panda 10.0.2.7 2010.08.24 -
PCTools 7.0.3.5 2010.08.24 -
Prevx 3.0 2010.08.24 -
Rising 22.62.01.04 2010.08.24 -
Sophos 4.56.0 2010.08.24 -
[B]Sunbelt 6784 2010.08.24 Worm.Win32.IRCBot.Gen[/B]
SUPERAntiSpyware 4.40.0.1006 2010.08.24 -
Symantec 20101.1.1.7 2010.08.24 -
[B]TheHacker 6.5.2.1.355 2010.08.24 Trojan/Downloader.Small.vwo[/B]
TrendMicro 9.120.0.1004 2010.08.24 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.24 -
VBA32 3.12.14.0 2010.08.24 -
ViRobot 2010.8.24.4005 2010.08.24 -
VirusBuster 5.0.27.0 2010.08.23 -[/QUOTE]
Additional information
Show all
MD5 : db3f663417baec4d8da89267a4a27df5
SHA1 : 943e17378e006babd80d8b480bbd4e00fe9a70bd
SHA256: f950a2885af8d280d3a3d15171fca25b022d011c5bfbe03f94cb244116d54c5a
ssdeep: 3:WlWUqt/vll2sZ2vxrlYC8XvEXGl/nl/llakVFvlNl//vl7//llrllVlVJl/t1l9r:idqUsOxr[*lb*]lY1/E2ZnlqtW1
File size : 16896 bytes
First seen: 2007-03-28 23:38:55
Last seen : 2010-08-24 14:27:18
Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1000
timedatestamp....: 0x42DCB199 (Tue Jul 19 07:54:01 2005)
machinetype......: 0x14C (Intel I386)
25.08.2010, 08:27
olejah

Файл [B]C:\Documents and Settings\USERNAME\.exe[/B] -

[QUOTE]Antivirus Version Last Update Result
AhnLab-V3 2010.07.28.00 2010.07.27 -
AntiVir 8.2.4.26 2010.07.27 -
Antiy-AVL 2.0.3.7 2010.07.28 -
Authentium 5.2.0.5 2010.07.28 -
Avast 4.8.1351.0 2010.07.28 -
Avast5 5.0.332.0 2010.07.28 -
AVG 9.0.0.851 2010.07.27 -
BitDefender 7.2 2010.07.28 -
CAT-QuickHeal 11.00 2010.07.28 -
ClamAV 0.96.0.3-git 2010.07.28 -
Comodo 5564 2010.07.28 -
[B]DrWeb 5.0.2.03300 2010.07.28 - [COLOR="Red"]Trojan.WinSpy.914[/COLOR][/B]
[B]Emsisoft 5.0.0.34 2010.07.28 - [COLOR="Red"]Trojan.Win32.Agent!A2[/COLOR][/B]
eSafe 7.0.17.0 2010.07.27 -
eTrust-Vet 36.1.7743 2010.07.27 -
F-Prot 4.6.1.107 2010.07.28 -
F-Secure 9.0.15370.0 2010.07.28 -
Fortinet 4.1.143.0 2010.07.24 -
GData 21 2010.07.28 -
Ikarus T3.1.1.84.0 2010.07.28 -
Jiangmin 13.0.900 2010.07.28 -
Kaspersky 7.0.0.125 2010.07.27 -
McAfee 5.400.0.1158 2010.07.28 -
McAfee-GW-Edition 2010.1 2010.07.27 -
Microsoft 1.6004 2010.07.28 -
NOD32 5318 2010.07.27 -
Norman 6.05.11 2010.07.27 -
nProtect 2010-07-28.01 2010.07.28 -
[B]Panda 10.0.2.7 2010.07.27 - [COLOR="Red"]Suspicious file[/COLOR][/B]
PCTools 7.0.3.5 2010.07.28 -
Prevx 3.0 2010.07.28 -
Rising 22.58.02.03 2010.07.28 -
Sophos 4.55.0 2010.07.28 -
Sunbelt 6652 2010.07.28 -
SUPERAntiSpyware 4.40.0.1006 2010.07.28 -
Symantec 20101.1.1.7 2010.07.28 -
TheHacker 6.5.2.1.326 2010.07.27 -
TrendMicro 9.120.0.1004 2010.07.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.28 -
VBA32 3.12.12.6 2010.07.27 -
ViRobot 2010.7.23.3956 2010.07.28 -
VirusBuster 5.0.27.0 2010.07.28 -[/QUOTE]

[URL="http://www.virustotal.com/file-scan/report.html?id=4f2ed025f3a8d12083571bbe1889c60c1d2e3759fedd5d02282e335fcb8dea2c-1280300681"]virustotal.com[/URL]

Файл - [B]C:\WINDOWS\system32\syschk32.exe[/B] -

[QUOTE]Antivirus Version Last Update Result
AhnLab-V3 2010.08.25.00 2010.08.24 -
AntiVir 8.2.4.38 2010.08.24 -
Antiy-AVL 2.0.3.7 2010.08.23 -
Authentium 5.2.0.5 2010.08.25 -
Avast 4.8.1351.0 2010.08.24 -
Avast5 5.0.594.0 2010.08.24 -
AVG 9.0.0.851 2010.08.24 -
BitDefender 7.2 2010.08.25 -
CAT-QuickHeal 11.00 2010.08.24 -
ClamAV 0.96.2.0-git 2010.08.25 -
Comodo 5848 2010.08.24 -
[B]DrWeb 5.0.2.03300 2010.08.25 - [COLOR="Red"]Trojan.Siggen.36831[/COLOR][/B]
Emsisoft 5.0.0.37 2010.08.25 -
eSafe 7.0.17.0 2010.08.24 -
eTrust-Vet 36.1.7814 2010.08.24 -
F-Prot 4.6.1.107 2010.08.24 -
F-Secure 9.0.15370.0 2010.08.25 -
Fortinet 4.1.143.0 2010.08.24 -
GData 21 2010.08.24 -
Ikarus T3.1.1.88.0 2010.08.25 -
[B]Jiangmin 13.0.900 2010.08.23 - [COLOR="Red"]Trojan/Inject.ijv[/COLOR][/B]
Kaspersky 7.0.0.125 2010.08.25 -
McAfee 5.400.0.1158 2010.08.25 -
[B]McAfee-GW-Edition 2010.1B 2010.08.25 - [COLOR="Red"]Heuristic.BehavesLike.Win32.Trojan.H[/COLOR] [/B]
Microsoft 1.6103 2010.08.25 -
[B]NOD32 5394 2010.08.24 - [COLOR="Red"]a variant of Win32/Agent.QKY[/COLOR][/B]
Norman 6.05.11 2010.08.24 -
nProtect 2010-08-24.01 2010.08.24 -
[B]Panda 10.0.2.7 2010.08.25 - [COLOR="Red"]Suspicious file[/COLOR] [/B]
PCTools 7.0.3.5 2010.08.25 -
Prevx 3.0 2010.08.25 -
Rising 22.62.02.01 2010.08.25 -
Sophos 4.56.0 2010.08.25 -
Sunbelt 6788 2010.08.25 -
SUPERAntiSpyware 4.40.0.1006 2010.08.25 -
Symantec 20101.1.1.7 2010.08.25 -
TheHacker 6.5.2.1.355 2010.08.24 -
TrendMicro 9.120.0.1004 2010.08.25 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.25 -
VBA32 3.12.14.0 2010.08.24 -
[B]ViRobot 2010.8.24.4005 2010.08.24 - [COLOR="Red"]Trojan.Win32.Inject.43520.C[/COLOR][/B]
VirusBuster 5.0.27.0 2010.08.24 -[/QUOTE]

[URL="http://www.virustotal.com/file-scan/report.html?id=7f565f8bf7c67c20c72a5a2d5aa0403651f3afb9720ed96128cb49ea76a4ebf4-1282711015"]virustotal.com[/URL]
26.08.2010, 14:08
olejah

Наш новенький - [B]C:\Documents and Settings\Admin\Главное меню\Программы\Автозагрузка\sisgbi32.exe[/B], аналог monoca32, только, как я понял, круче -

[QUOTE]Antivirus Version Last Update Result
AhnLab-V3 2010.08.26.00 2010.08.25 -
AntiVir 8.2.4.38 2010.08.25 -
Antiy-AVL 2.0.3.7 2010.08.23 -
Authentium 5.2.0.5 2010.08.25 -
Avast 4.8.1351.0 2010.08.25 -
Avast5 5.0.594.0 2010.08.25 -
AVG 9.0.0.851 2010.08.25 -
BitDefender 7.2 2010.08.25 -
CAT-QuickHeal 11.00 2010.08.24 -
[B]ClamAV 0.96.2.0-git 2010.08.25 - [COLOR="Red"]Worm.Palevo-9668[/COLOR][/B]
Comodo 5856 2010.08.25 -
[B]DrWeb 5.0.2.03300 2010.08.25 - [COLOR="Red"]Trojan.Packed.20894[/COLOR][/B]
Emsisoft 5.0.0.37 2010.08.25 -
eSafe 7.0.17.0 2010.08.25 -
eTrust-Vet 36.1.7815 2010.08.25 -
F-Prot 4.6.1.107 2010.08.25 -
[B]F-Secure 9.0.15370.0 2010.08.25 - [COLOR="Red"]Suspicious:W32/Malware!Gemini[/COLOR][/B]
Fortinet 4.1.143.0 2010.08.25 -
GData 21 2010.08.25 -
Ikarus T3.1.1.88.0 2010.08.25 -
Jiangmin 13.0.900 2010.08.25 -
Kaspersky 7.0.0.125 2010.08.25 -
McAfee 5.400.0.1158 2010.08.25 -
McAfee-GW-Edition 2010.1B 2010.08.25 -
Microsoft 1.6103 2010.08.25 -
NOD32 5397 2010.08.25 -
Norman 6.05.11 2010.08.25 -
nProtect 2010-08-25.02 2010.08.25 -
[B]Panda 10.0.2.7 2010.08.25 - [COLOR="Red"]Suspicious file[/COLOR][/B]
PCTools 7.0.3.5 2010.08.25 -
Prevx 3.0 2010.08.26 -
Rising 22.62.02.04 2010.08.25 -
[B]Sophos 4.56.0 2010.08.25 - [COLOR="Red"]Sus/VB-BD[/COLOR][/B]
Sunbelt 6792 2010.08.25 -
SUPERAntiSpyware 4.40.0.1006 2010.08.25 -
Symantec 20101.1.1.7 2010.08.26 -
TheHacker 6.5.2.1.355 2010.08.25 -
TrendMicro 9.120.0.1004 2010.08.25 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.25 -
VBA32 3.12.14.0 2010.08.25 -
ViRobot 2010.8.25.4007 2010.08.25 -
VirusBuster 5.0.27.0 2010.08.25 -[/QUOTE]

[URL="http://www.virustotal.com/file-scan/report.html?id=aee77e38a3b6681b910503e28f74851a893a35a2b9518c93cf3c3616136d9ca0-1282774617"]virustotal.com[/URL]
03.09.2010, 18:38
Winsent

File name: aol.exe
Submission date: 2010-09-03 14:30:07 (UTC)
Current status: finished
Result: 17/ 43 (39.5%)

[i]Antivirus results[/i]

AhnLab-V3 - 2010.09.03.01 - 2010.09.03 - [color=red]Trojan/Win32.Zbot [/color]
AntiVir - 8.2.4.50 - 2010.09.03 - -
Antiy-AVL - 2.0.3.7 - 2010.09.03 - -
Authentium - 5.2.0.5 - 2010.09.03 - -
Avast - 4.8.1351.0 - 2010.09.03 - -
Avast5 - 5.0.594.0 - 2010.09.03 - -
AVG - 9.0.0.851 - 2010.09.03 - -
BitDefender - 7.2 - 2010.09.03 - [color=red]Trojan.Generic.KD.32733 [/color]
CAT-QuickHeal - 11.00 - 2010.09.03 - -
ClamAV - 0.96.2.0-git - 2010.09.03 - -
Comodo - 5956 - 2010.09.03 - -
DrWeb - 5.0.2.03300 - 2010.09.03 - [color=red]Trojan.PWS.Panda.387 [/color]
Emsisoft - 5.0.0.37 - 2010.09.03 - [color=red]PWS.Win32!IK [/color]
eSafe - 7.0.17.0 - 2010.09.01 - -
eTrust-Vet - 36.1.7834 - 2010.09.03 - -
F-Prot - 4.6.1.107 - 2010.09.01 - -
F-Secure - 9.0.15370.0 - 2010.09.03 - [color=red]Trojan.Generic.KD.32733 [/color]
Fortinet - 4.1.143.0 - 2010.09.03 - -
GData - 21 - 2010.09.03 - [color=red]Trojan.Generic.KD.32733 [/color]
Ikarus - T3.1.1.88.0 - 2010.09.03 - [color=red]PWS.Win32 [/color]
Jiangmin - 13.0.900 - 2010.09.03 - -
K7AntiVirus - 9.63.2424 - 2010.09.02 - -
Kaspersky - 7.0.0.125 - 2010.09.03 - -
McAfee - 5.400.0.1158 - 2010.09.03 - [color=red]Artemis!F79B504BC7DB [/color]
McAfee-GW-Edition - 2010.1B - 2010.09.03 - [color=red]Artemis!F79B504BC7DB [/color]
Microsoft - 1.6103 - 2010.09.03 - [color=red]PWS:Win32/Zbot.gen!Y [/color]
NOD32 - 5420 - 2010.09.03 - -
Norman - 6.05.11 - 2010.09.03 - -
nProtect - 2010-09-03.01 - 2010.09.03 - [color=red]Trojan/W32.Agent.140288.CT [/color]
Panda - 10.0.2.7 - 2010.09.03 - [color=red]Trj/CI.A [/color]
PCTools - 7.0.3.5 - 2010.09.03 - [color=red]Trojan.Gen [/color]
Prevx - 3.0 - 2010.09.03 - [color=red]Medium Risk Malware [/color]
Rising - 22.63.04.01 - 2010.09.03 - -
Sophos - 4.57.0 - 2010.09.03 - [color=red]Mal/Zbot-U [/color]
Sunbelt - 6827 - 2010.09.03 - [color=red]Trojan.Win32.Generic!SB.0 [/color]
SUPERAntiSpyware - 4.40.0.1006 - 2010.09.03 - -
Symantec - 20101.1.1.7 - 2010.09.03 - [color=red]Trojan.Gen [/color]
TheHacker - 6.5.2.1.362 - 2010.09.03 - -
TrendMicro - 9.120.0.1004 - 2010.09.03 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2010.09.03 - -
VBA32 - 3.12.14.0 - 2010.09.03 - -
ViRobot - 2010.8.31.4017 - 2010.09.03 - -
VirusBuster - 12.64.15.0 - 2010.09.02 - -

[i]File info:[/i]
MD5: f79b504bc7db28605867c8d52c783bcd
SHA1: 6d67ff3af691024200943a5e8ad86adfac1b2818
SHA256: f3c9a0059de673be0b243801a2af110d0ea6bb8413380edbfa7b5851fc77f7ad
File size: 140288 bytes
Scan date: 2010-09-03 14:30:07 (UTC)
05.09.2010, 16:22
olejah

Файл - [B]C:\WINDOWS\cfdrive32.exe[/B]

Result: - [B][COLOR="Red"]7[/COLOR] /43 (16.3%)[/B]

[QUOTE]Antivirus Version Last Update Result
AhnLab-V3 2010.09.05.00 2010.09.04 -
AntiVir 8.2.4.50 2010.09.03 -
Antiy-AVL 2.0.3.7 2010.09.03 -
Authentium 5.2.0.5 2010.09.04 -
Avast 4.8.1351.0 2010.09.05 -
Avast5 5.0.594.0 2010.09.05 -
[B]AVG 9.0.0.851 2010.09.05 - [COLOR="Red"]Dropper.Small.GBQ[/COLOR][/B]
BitDefender 7.2 2010.09.05 -
CAT-QuickHeal 11.00 2010.09.03 -
ClamAV 0.96.2.0-git 2010.09.05 -
Comodo 5970 2010.09.04 -
[B]DrWeb 5.0.2.03300 2010.09.05 - [COLOR="Red"]Trojan.AVKill.2320[/COLOR][/B]
Emsisoft 5.0.0.37 2010.09.05 -
eSafe 7.0.17.0 2010.09.01 -
eTrust-Vet 36.1.7835 2010.09.03 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.05 -
Fortinet 4.1.143.0 2010.09.04 -
GData 21 2010.09.05 -
Ikarus T3.1.1.88.0 2010.09.05 -
Jiangmin 13.0.900 2010.09.05 -
K7AntiVirus 9.63.2442 2010.09.04 -
Kaspersky 7.0.0.125 2010.09.05 -
[B]McAfee 5.400.0.1158 2010.09.05 - [COLOR="Red"]Artemis!3009AF7F0603[/COLOR]
McAfee-GW-Edition 2010.1B 2010.09.05 - [COLOR="Red"]Artemis!3009AF7F0603[/COLOR][/B]
Microsoft 1.6103 2010.09.05 -
[B]NOD32 5423 2010.09.04 - [COLOR="Red"]a variant of Win32/Injector.CVK[/COLOR][/B]
Norman 6.05.11 2010.09.04 -
nProtect 2010-09-05.01 2010.09.05 -
Panda 10.0.2.7 2010.09.04 -
PCTools 7.0.3.5 2010.09.05 -
[B]Prevx 3.0 2010.09.05 - [COLOR="Red"]High Risk Cloaked Malware[/COLOR][/B]
Rising 22.63.05.01 2010.09.04 -
Sophos 4.57.0 2010.09.05 -
Sunbelt 6833 2010.09.05 -
[B]SUPERAntiSpyware 4.40.0.1006 2010.09.05 [COLOR="Red"]Trojan.Agent/Gen-Koobface[/COLOR][/B]
Symantec 20101.1.1.7 2010.09.05 -
TheHacker 6.5.2.1.364 2010.09.05 -
TrendMicro 9.120.0.1004 2010.09.05 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.05 -
VBA32 3.12.14.0 2010.09.03 -
ViRobot 2010.8.31.4017 2010.09.04 -
VirusBuster 12.64.17.1 2010.09.04 -[/QUOTE]

[URL="http://www.virustotal.com/file-scan/report.html?id=f901c7d1a38e47e3dfe67e99a976cbeeb3322d69d02ee1830e142aee98e2f3c0-1283674641"]virustotal.com[/URL]

[size="1"][color="#666686"][B][I]Добавлено через 3 минуты[/I][/B][/color][/size]

Файл - [B]C:\WINDOWS\system32\msvmiode.exe[/B]

[B]Result: [COLOR="Red"]5[/COLOR] /43 (11.6%)[/B]

[QUOTE]Antivirus Version Last Update Result
AhnLab-V3 2010.09.05.00 2010.09.04 -
AntiVir 8.2.4.50 2010.09.03 -
Antiy-AVL 2.0.3.7 2010.09.03 -
Authentium 5.2.0.5 2010.09.04 -
Avast 4.8.1351.0 2010.09.05 -
Avast5 5.0.594.0 2010.09.05 -
[B]AVG 9.0.0.851 2010.09.05 - [COLOR="Red"]Dropper.Small.GCD[/COLOR][/B]
BitDefender 7.2 2010.09.05 -
CAT-QuickHeal 11.00 2010.09.03 -
ClamAV 0.96.2.0-git 2010.09.05 -
Comodo 5970 2010.09.04 -
[B]DrWeb 5.0.2.03300 2010.09.05 - [COLOR="Red"]Trojan.DownLoader1.19905[/COLOR][/B]
Emsisoft 5.0.0.37 2010.09.05 -
eSafe 7.0.17.0 2010.09.01 -
eTrust-Vet 36.1.7835 2010.09.03 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.05 -
Fortinet 4.1.143.0 2010.09.04 -
GData 21 2010.09.05 -
Ikarus T3.1.1.88.0 2010.09.05 -
Jiangmin 13.0.900 2010.09.05 -
K7AntiVirus 9.63.2442 2010.09.04 -
Kaspersky 7.0.0.125 2010.09.05 -
[B]McAfee 5.400.0.1158 2010.09.05 - [COLOR="Red"]Artemis!AC95D52BE1F7[/COLOR]
McAfee-GW-Edition 2010.1B 2010.09.05 - [COLOR="Red"]Artemis!AC95D52BE1F7[/COLOR][/B]
Microsoft 1.6103 2010.09.05 -
[B]NOD32 5423 2010.09.04 - [COLOR="Red"]a variant of Win32/Injector.CVK[/COLOR][/B]
Norman 6.05.11 2010.09.04 -
nProtect 2010-09-05.01 2010.09.05 -
Panda 10.0.2.7 2010.09.04 -
PCTools 7.0.3.5 2010.09.05 -
Prevx 3.0 2010.09.05 -
Rising 22.63.05.01 2010.09.04 -
Sophos 4.57.0 2010.09.05 -
Sunbelt 6833 2010.09.05 -
SUPERAntiSpyware 4.40.0.1006 2010.09.05 -
Symantec 20101.1.1.7 2010.09.05 -
TheHacker 6.5.2.1.364 2010.09.05 -
TrendMicro 9.120.0.1004 2010.09.05 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.05 -
VBA32 3.12.14.0 2010.09.03 -
ViRobot 2010.8.31.4017 2010.09.04 -
VirusBuster 12.64.17.1 2010.09.04 -[/QUOTE]

[URL="http://www.virustotal.com/file-scan/report.html?id=908734802e78ad09049d3338250651cee29f6c8424010faf817ef2db7255773a-1283670904"]virustotal.com[/URL]
05.09.2010, 22:52
kyzya

чет забили на итоги!
06.09.2010, 12:41
VV2006

Расположение: C:\Windows\System32\0, дата: 03.08.2010, информация о версии отсутствует.
[QUOTE]File name: 0
Submission date: 2010-09-06 06:58:30 (UTC)
[B]Result: [COLOR="Red"]9[/COLOR] /43 (20.9%)[/B] [URL="http://www.virustotal.com/file-scan/report.html?id=5b8c2c38cd60636ac20ae47cad87cc12133cff0c86cd5ff4e18b8564d127f3a3-1283756310"]VT Community[/URL]

AhnLab-V3 2010.09.05.00 2010.09.04 -
AntiVir 8.2.4.50 2010.09.05 -
[B]Antiy-AVL 2.0.3.7 2010.09.03 Packed/Win32.Krap.gen[/B]
Authentium 5.2.0.5 2010.09.06 -
[B]Avast 4.8.1351.0 2010.09.05 Win32:Rootkit-gen[/B]
[B]Avast5 5.0.594.0 2010.09.05 Win32:Rootkit-gen[/B]
[B]AVG 9.0.0.851 2010.09.05 SHeur3.ARJO[/B]
BitDefender 7.2 2010.09.06 -
CAT-QuickHeal 11.00 2010.09.06 -
ClamAV 0.96.2.0-git 2010.09.06 -
Comodo 5984 2010.09.05 -
[B]DrWeb 5.0.2.03300 2010.09.06 Trojan.Packed.20771[/B]
Emsisoft 5.0.0.37 2010.09.06 -
eSafe 7.0.17.0 2010.09.05 -
eTrust-Vet 36.1.7835 2010.09.03 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.06 -
Fortinet 4.1.143.0 2010.09.05 -
[B]GData 21 2010.09.06 Win32:Rootkit-gen [/B]
Ikarus T3.1.1.88.0 2010.09.06 -
[B]Jiangmin 13.0.900 2010.09.06 Packed.Krap.devx[/B]
K7AntiVirus 9.63.2442 2010.09.04 -
[B]Kaspersky 7.0.0.125 2010.09.06 Packed.Win32.Krap.hr[/B]
McAfee 5.400.0.1158 2010.09.06 -
McAfee-GW-Edition 2010.1B 2010.09.06 -
Microsoft 1.6103 2010.09.06 -
NOD32 5425 2010.09.05 -
Norman 6.05.11 2010.09.05 -
nProtect 2010-09-05.01 2010.09.05 -
Panda 10.0.2.7 2010.09.05 -
PCTools 7.0.3.5 2010.09.06 -
Prevx 3.0 2010.09.06 -
Rising 22.64.00.01 2010.09.06 -
Sophos 4.57.0 2010.09.06 -
Sunbelt 6837 2010.09.06 -
SUPERAntiSpyware 4.40.0.1006 2010.09.06 -
Symantec 20101.1.1.7 2010.09.06 -
[B]TheHacker 6.5.2.1.364 2010.09.05 Trojan/Kryptik.fwu[/B]
TrendMicro 9.120.0.1004 2010.09.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.06 -
VBA32 3.12.14.0 2010.09.03 -
ViRobot 2010.8.31.4017 2010.09.06 -
VirusBuster 12.64.18.1 2010.09.05 -

[B]Additional information[/B]

MD5 : 8379bf99fb27045e50322a370b53c4e5
SHA1 : 1a20952d87273a5461683755aa44e1409fa5d144
SHA256: 5b8c2c38cd60636ac20ae47cad87cc12133cff0c86cd5ff4e18b8564d127f3a3

[B]VT Community[/B]

This file has never been reviewed by any VT Community member. Be the first one to comment on it!
[/QUOTE]

[size="1"][color="#666686"][B][I]Добавлено через 8 минут[/I][/B][/color][/size]

Расположение: C:\Windows\System32\@[, дата: 14.08.2010, информация о версии отсутствует.
[QUOTE]File name: @[
Submission date: 2010-09-06 06:51:39 (UTC)
[B]Result: [COLOR="Red"]8[/COLOR] /43 (18.6%)[/B] [URL="http://www.virustotal.com/file-scan/report.html?id=8505f790368348524030e75985450370882fecba707843ad5853e65c9c2b817f-1283755899"]VT Community[/URL]

AhnLab-V3 2010.09.05.00 2010.09.04 -
AntiVir 8.2.4.50 2010.09.05 -
Antiy-AVL 2.0.3.7 2010.09.03 -
Authentium 5.2.0.5 2010.09.06 -
[B]Avast 4.8.1351.0 2010.09.05 Win32:Rootkit-gen[/B]
[B]Avast5 5.0.594.0 2010.09.05 Win32:Rootkit-gen[/B]
[B]AVG 9.0.0.851 2010.09.05 SHeur3.ATLT[/B]
BitDefender 7.2 2010.09.06 -
CAT-QuickHeal 11.00 2010.09.06 -
ClamAV 0.96.2.0-git 2010.09.06 -
[B]Comodo 5984 2010.09.05 MalCrypt.Indus![/B]
[B]DrWeb 5.0.2.03300 2010.09.06 Trojan.Packed.20771[/B]
Emsisoft 5.0.0.37 2010.09.06 -
eSafe 7.0.17.0 2010.09.05 -
eTrust-Vet 36.1.7835 2010.09.03 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.06 -
Fortinet 4.1.143.0 2010.09.05 -
[B]GData 21 2010.09.06 Win32:Rootkit-gen [/B]
Ikarus T3.1.1.88.0 2010.09.06 -
Jiangmin 13.0.900 2010.09.06 -
K7AntiVirus 9.63.2442 2010.09.04 -
[B]Kaspersky 7.0.0.125 2010.09.06 Packed.Win32.Krap.hr[/B]
McAfee 5.400.0.1158 2010.09.06 -
McAfee-GW-Edition 2010.1B 2010.09.06 -
Microsoft 1.6103 2010.09.06 -
NOD32 5425 2010.09.05 -
Norman 6.05.11 2010.09.05 -
nProtect 2010-09-05.01 2010.09.05 -
Panda 10.0.2.7 2010.09.05 -
PCTools 7.0.3.5 2010.09.06 -
Prevx 3.0 2010.09.06 -
Rising 22.64.00.01 2010.09.06 -
Sophos 4.57.0 2010.09.06 -
Sunbelt 6837 2010.09.06 -
SUPERAntiSpyware 4.40.0.1006 2010.09.06 -
Symantec 20101.1.1.7 2010.09.06 -
[B]TheHacker 6.5.2.1.364 2010.09.05 Backdoor/Shiz.sn[/B]
TrendMicro 9.120.0.1004 2010.09.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.06 -
VBA32 3.12.14.0 2010.09.03 -
ViRobot 2010.8.31.4017 2010.09.06 -
VirusBuster 12.64.18.1 2010.09.05 -

MD5: 8ec058654b8875d7d0488109c5c1460f
SHA1: ac435944cb4fc6f3dfdbbe36f3baa2c0ee378b18
SHA256: 8505f790368348524030e75985450370882fecba707843ad5853e65c9c2b817f
File size: 72683 bytes
Scan date: 2010-09-06 06:51:39 (UTC)

[B]VT Community[/B]
This file has never been reviewed by any VT Community member. Be the first one to comment on it![/QUOTE]
07.09.2010, 17:36
olejah

Файл - [B]C:\WINDOWS\system32\eusacf.exe[/B], прописывается в userinit, был выловлен в 911 -

[B] [COLOR="Red"]1[/COLOR] /43 (2.3%)[/B]

[QUOTE]Antivirus Version Last Update Result
AhnLab-V3 2010.09.05.00 2010.09.04 -
AntiVir 8.2.4.50 2010.09.03 -
Antiy-AVL 2.0.3.7 2010.09.03 -
Authentium 5.2.0.5 2010.09.04 -
Avast 4.8.1351.0 2010.09.05 -
Avast5 5.0.594.0 2010.09.05 -
AVG 9.0.0.851 2010.09.05 -
BitDefender 7.2 2010.09.05 -
CAT-QuickHeal 11.00 2010.09.03 -
ClamAV 0.96.2.0-git 2010.09.05 -
Comodo 5980 2010.09.05 -
DrWeb 5.0.2.03300 2010.09.05 -
Emsisoft 5.0.0.37 2010.09.05 -
eSafe 7.0.17.0 2010.09.05 -
eTrust-Vet 36.1.7835 2010.09.03 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.05 -
Fortinet 4.1.143.0 2010.09.05 -
GData 21 2010.09.05 -
Ikarus T3.1.1.88.0 2010.09.05 -
Jiangmin 13.0.900 2010.09.05 -
K7AntiVirus 9.63.2442 2010.09.04 -
Kaspersky 7.0.0.125 2010.09.05 -
McAfee 5.400.0.1158 2010.09.05 -
McAfee-GW-Edition 2010.1B 2010.09.05 -
Microsoft 1.6103 2010.09.05 -
NOD32 5425 2010.09.05 -
Norman 6.05.11 2010.09.05 -
nProtect 2010-09-05.01 2010.09.05 -
[B]Panda 10.0.2.7 2010.09.05 - [COLOR="Red"]Suspicious file[/COLOR][/B]
PCTools 7.0.3.5 2010.09.05 -
Prevx 3.0 2010.09.05 -
Rising 22.63.06.00 2010.09.05 -
Sophos 4.57.0 2010.09.05 -
Sunbelt 6834 2010.09.05 -
SUPERAntiSpyware 4.40.0.1006 2010.09.05 -
Symantec 20101.1.1.7 2010.09.05 -
TheHacker 6.5.2.1.364 2010.09.05 -
TrendMicro 9.120.0.1004 2010.09.05 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.05 -
VBA32 3.12.14.0 2010.09.03 -
ViRobot 2010.8.31.4017 2010.09.05 -
VirusBuster 12.64.17.1 2010.09.04 -[/QUOTE]

[URL="http://www.virustotal.com/file-scan/report.html?id=932ca3c480348c8eac1231efee7074b030c27af97bf14e016aabc7069bf24cf1-1283702234"]virustotal.com[/URL]
09.09.2010, 20:01
ISO

Вот такой вот подарок:)
File name:
[B]Podarok.exe[/B]
Submission date:
2010-09-09 06:30:50 (UTC)
Result:
11/ 43 (25.6%)
[QUOTE]Antivirus Version Last Update Result
AhnLab-V3 2010.09.09.00 2010.09.09 -
AntiVir 8.2.4.50 2010.09.08 -
Antiy-AVL 2.0.3.7 2010.09.09 -
Authentium 5.2.0.5 2010.09.08 -
[B]Avast 4.8.1351.0 2010.09.08 Win32:Malware-gen[/B]
[B]Avast5 5.0.594.0 2010.09.08 Win32:Malware-gen[/B]
[B]AVG 9.0.0.851 2010.09.08 Generic18.AIDN
BitDefender 7.2 2010.09.09 Gen:Trojan.Heur.DP.yGW@aGbuNVh
CAT-QuickHeal 11.00 2010.09.09 Trojan.VkHost.agg[/B]
ClamAV 0.96.2.0-git 2010.09.09 -
Comodo 6021 2010.09.09 -
DrWeb 5.0.2.03300 2010.09.09 -
Emsisoft 5.0.0.37 2010.09.09 -
eSafe 7.0.17.0 2010.09.07 -
eTrust-Vet 36.1.7843 2010.09.08 -
F-Prot 4.6.1.107 2010.09.01 -
[B]F-Secure 9.0.15370.0 2010.09.09 Gen:Trojan.Heur.DP.yGW@aGbuNVh[/B]
Fortinet 4.1.143.0 2010.09.08 -
[B]GData 21 2010.09.09 Gen:Trojan.Heur.DP.yGW@aGbuNVh[/B]
Ikarus T3.1.1.88.0 2010.09.09 -
[B]Jiangmin 13.0.900 2010.09.09 Trojan/VkHost.li[/B]
K7AntiVirus 9.63.2470 2010.09.08 -
Kaspersky 7.0.0.125 2010.09.09 -
McAfee 5.400.0.1158 2010.09.09 -
McAfee-GW-Edition 2010.1B 2010.09.09 -
[B]Microsoft 1.6103 2010.09.09 Trojan:Win32/Vkhost.A[/B]
NOD32 5435 2010.09.08 -
[B]Norman 6.06.05 2010.09.08 W32/Malware[/B]
nProtect 2010-09-09.02 2010.09.09 -
[B]Panda 10.0.2.7 2010.09.08 Trj/Downloader.MDW[/B]
PCTools 7.0.3.5 2010.09.09 -
Prevx 3.0 2010.09.09 -
Rising 22.64.03.01 2010.09.09 -
Sophos 4.57.0 2010.09.09 -
Sunbelt 6850 2010.09.09 -
SUPERAntiSpyware 4.40.0.1006 2010.09.09 -
Symantec 20101.1.1.7 2010.09.09 -
TheHacker 6.7.0.0.012 2010.09.09 -
TrendMicro 9.120.0.1004 2010.09.09 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.09 -
VBA32 3.12.14.0 2010.09.08 -
ViRobot 2010.9.8.4031 2010.09.09 -
VirusBuster 12.64.24.0 2010.09.08 -[/QUOTE]
Additional information
Show all
MD5 : de6bf05cd2f0c0bf7d278f73913452cd
SHA1 : 7be1b3058fd58f2197bca694db54824d1528d5c6
SHA256: 9d49cfa9151b08f812cd7d9718ceb52fe9f0510896f2ef85936389ed6f54b255
09.09.2010, 20:29
olejah

Файл [B]C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe[/B] -

[B][COLOR="Red"]5 [/COLOR]/43 (11.6%)[/B]

[QUOTE]AhnLab-V3 2010.09.08.02 2010.09.08 -
AntiVir 8.2.4.50 2010.09.08 -
Antiy-AVL 2.0.3.7 2010.09.08 -
Authentium 5.2.0.5 2010.09.08 -
Avast 4.8.1351.0 2010.09.08 -
Avast5 5.0.594.0 2010.09.08 -
AVG 9.0.0.851 2010.09.08 -
BitDefender 7.2 2010.09.08 -
CAT-QuickHeal 11.00 2010.09.08 -
ClamAV 0.96.2.0-git 2010.09.08 -
[B]Comodo 6016 2010.09.08 - [COLOR="Red"]Heur.Suspicious[/COLOR][/B]
DrWeb 5.0.2.03300 2010.09.08 -
Emsisoft 5.0.0.37 2010.09.08 -
eSafe 7.0.17.0 2010.09.07 -
eTrust-Vet 36.1.7842 2010.09.08 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.08 -
[B]Fortinet 4.1.143.0 2010.09.08 - [COLOR="Red"]W32/Dropper.KL!tr[/COLOR][/B]
GData 21 2010.09.08 -
Ikarus T3.1.1.88.0 2010.09.08 -
Jiangmin 13.0.900 2010.09.08 -
K7AntiVirus 9.63.2470 2010.09.08 -
Kaspersky 7.0.0.125 2010.09.08 -
McAfee 5.400.0.1158 2010.09.08 -
McAfee-GW-Edition 2010.1B 2010.09.08 -
[B]Microsoft 1.6103 2010.09.08 - [COLOR="Red"]TrojanProxy:Win32/Slenugga.A[/COLOR]
NOD32 5435 2010.09.08 - [COLOR="Red"]a variant of Win32/Injector.CWL[/COLOR][/B]
Norman 6.06.05 2010.09.08 -
nProtect 2010-09-08.01 2010.09.08 -
Panda 10.0.2.7 2010.09.08 -
PCTools 7.0.3.5 2010.09.08 -
Prevx 3.0 2010.09.08 -
Rising 22.64.02.04 2010.09.08 -
Sophos 4.57.0 2010.09.08 -
Sunbelt 6847 2010.09.08 -
SUPERAntiSpyware 4.40.0.1006 2010.09.08 -
Symantec 20101.1.1.7 2010.09.08 -
TheHacker 6.7.0.0.010 2010.09.08 -
TrendMicro 9.120.0.1004 2010.09.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.08 -
[B]VBA32 3.12.14.0 2010.09.08 - [COLOR="Red"]SScope.Trojan.0923[/COLOR][/B]
ViRobot 2010.9.8.4031 2010.09.08 -
VirusBuster 12.64.24.0 2010.09.08 -[/QUOTE]

[URL="http://www.virustotal.com/file-scan/report.html?id=1108a16891a66fdbe6fbd81d3af2ccb20e67247df08fd34ef39d84ace26ac4c6-1283978092"]virustotal.com[/URL]
12.09.2010, 13:05
olejah

Файл - [B]C:\Documents and Settings\Yurez\Application Data\Dawa\gyhe.exe[/B]

[B][COLOR="Red"]3 [/COLOR]/43 (7.0%)[/B]

[QUOTE]Antivirus Version Last Update Result
AhnLab-V3 2010.09.12.00 2010.09.11 -
AntiVir 8.2.4.50 2010.09.10 -
Antiy-AVL 2.0.3.7 2010.09.12 -
Authentium 5.2.0.5 2010.09.11 -
Avast 4.8.1351.0 2010.09.11 -
Avast5 5.0.594.0 2010.09.11 -
AVG 9.0.0.851 2010.09.12 -
[B]BitDefender 7.2 2010.09.12 - [COLOR="Red"]Gen:Variant.Kazy.351[/COLOR][/B]
CAT-QuickHeal 11.00 2010.09.10 -
ClamAV 0.96.2.0-git 2010.09.12 -
Comodo 6051 2010.09.12 -
DrWeb 5.0.2.03300 2010.09.12 -
Emsisoft 5.0.0.37 2010.09.12 -
eSafe 7.0.17.0 2010.09.07 -
eTrust-Vet 36.1.7850 2010.09.12 -
F-Prot 4.6.1.107 2010.09.11 -
F-Secure 9.0.15370.0 2010.09.11 -
Fortinet 4.1.143.0 2010.09.12 -
[B]GData 21 2010.09.12 - [COLOR="Red"]Gen:Variant.Kazy.351[/COLOR][/B]
Ikarus T3.1.1.88.0 2010.09.12 -
Jiangmin 13.0.900 2010.09.12 -
K7AntiVirus 9.63.2496 2010.09.11 -
Kaspersky 7.0.0.125 2010.09.12 -
McAfee 5.400.0.1158 2010.09.12 -
McAfee-GW-Edition 2010.1B 2010.09.12 -
Microsoft 1.6103 2010.09.12 -
NOD32 5443 2010.09.11 -
Norman 6.06.06 2010.09.12 -
[B]nProtect 2010-09-12.01 2010.09.12 - [COLOR="Red"]Gen:Variant.Kazy.351[/COLOR][/B]
Panda 10.0.2.7 2010.09.11 -
PCTools 7.0.3.5 2010.09.12 -
Prevx 3.0 2010.09.12 -
Rising 22.64.06.00 2010.09.12 -
Sophos 4.57.0 2010.09.12 -
Sunbelt 6865 2010.09.12 -
SUPERAntiSpyware 4.40.0.1006 2010.09.12 -
Symantec 20101.1.1.7 2010.09.12 -
TheHacker 6.7.0.0.015 2010.09.11 -
TrendMicro 9.120.0.1004 2010.09.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.12 -
VBA32 3.12.14.0 2010.09.08 -
ViRobot 2010.9.8.4031 2010.09.11 -
VirusBuster 12.65.1.1 2010.09.11 -[/QUOTE]

[URL="http://www.virustotal.com/file-scan/report.html?id=aa47e4173917fd122284cbe792adf82e902f53b91c415d2371a7b1c5dbc1f65e-1284282021"]virustotal.com[/URL]
14.09.2010, 17:36
ISO

[B]aaax.exe[/B]
Submission date:
2010-09-14 13:29:11 (UTC)
Result:
12/ 42 (28.6%)
[QUOTE]Antivirus Version Last Update Result
AhnLab-V3 2010.09.13.00 2010.09.13 -
[B]AntiVir 8.2.4.52 2010.09.14 TR/Dropper.Gen[/B]
Antiy-AVL 2.0.3.7 2010.09.14 -
[B]Authentium 5.2.0.5 2010.09.14 W32/Sality.C.gen!Eldorado[/B]
Avast 4.8.1351.0 2010.09.14 -
Avast5 5.0.594.0 2010.09.14 -
[B]AVG 9.0.0.851 2010.09.14 Win32/Sality.dropper[/B]
BitDefender 7.2 2010.09.14 -
[B]CAT-QuickHeal 11.00 2010.09.14 (Suspicious) - DNAScan[/B]
ClamAV 0.96.2.0-git 2010.09.14 -
[B]Comodo 6073 2010.09.14 Win32.Kashu.RA[/B]
DrWeb 5.0.2.03300 2010.09.14 -
eSafe 7.0.17.0 2010.09.14 -
eTrust-Vet 36.1.7854 2010.09.14 -
[B]F-Prot 4.6.1.107 2010.09.13 W32/Sality.C.gen!Eldorado[/B]
F-Secure 9.0.15370.0 2010.09.14 -
Fortinet 4.1.143.0 2010.09.13 -
GData 21 2010.09.14 -
Ikarus T3.1.1.88.0 2010.09.14 -
[B]Jiangmin 13.0.900 2010.09.14 Trojan/Inject.lyc
K7AntiVirus 9.63.2502 2010.09.14 Virus[/B]
Kaspersky 7.0.0.125 2010.09.14 -
[B]McAfee 5.400.0.1158 2010.09.14 Suspect-D!F0768E5884FC[/B]
McAfee-GW-Edition 2010.1B 2010.09.14 -
Microsoft 1.6103 2010.09.14 -
NOD32 5450 2010.09.14 -
[B]Norman 6.06.06 2010.09.14 Crypt.dam[/B]
nProtect 2010-09-14.01 2010.09.14 -
Panda 10.0.2.7 2010.09.14 -
PCTools 7.0.3.5 2010.09.14 -
Prevx 3.0 2010.09.14 -
[B]Rising 22.65.01.04 2010.09.14 Packer.Win32.Agent.bp[/B]
Sophos 4.57.0 2010.09.14 -
Sunbelt 6874 2010.09.14 -
SUPERAntiSpyware 4.40.0.1006 2010.09.14 -
Symantec 20101.1.1.7 2010.09.14 -
TheHacker 6.7.0.0.017 2010.09.14 -
TrendMicro 9.120.0.1004 2010.09.14 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.14 -
VBA32 3.12.14.0 2010.09.14 -
[B]ViRobot 2010.8.25.4006 2010.09.14 Trojan.Win32.Sality.103140[/B]
VirusBuster 12.65.5.0 2010.09.14 -[/QUOTE]
Additional information
Show all
MD5 : f0768e5884fc208ffe808b951163ba0f
SHA1 : ffdc12d0d505247b9c33dbd7975fc6c718072c0c
SHA256: 8e874aaba072a531f135ff75cb422ddf1796386f9aa4c5b0aafde99859a4555d

Ссылка на другой файл, но результат такой же [URL="http://www.virustotal.com/file-scan/report.html?id=4e5a455dd7eece22991ea1c4ca48524a96a702a9dafd7005bea053f7fcbd678e-1284509311"]http://www.virustotal.com/file-scan/report.html?id=4e5a455dd7eece22991ea1c4ca48524a96a702a9dafd7005bea053f7fcbd678e-1284509311[/URL]
17.09.2010, 06:22
grobik

File name: [B]46783848.exe[/B]
Submission date: 2010-09-17 01:38:30 (UTC)
Current status: finished

Result: 5 /43 (11.6%)

[QUOTE]
Antivirus Version Last Update Result
AhnLab-V3 2010.09.17.00 2010.09.16 -
AntiVir 8.2.4.52 2010.09.16 -
Antiy-AVL 2.0.3.7 2010.09.17 -
Authentium 5.2.0.5 2010.09.17 -
Avast 4.8.1351.0 2010.09.17 -
Avast5 5.0.594.0 2010.09.17 -
AVG 9.0.0.851 2010.09.16 -
BitDefender 7.2 2010.09.17 -
CAT-QuickHeal 11.00 2010.09.16 -
ClamAV 0.96.2.0-git 2010.09.17 -
[B]Comodo 6103 2010.09.17 TrojWare.Win32.Hoax.Archsms.~dy01[/B]
DrWeb 5.0.2.03300 2010.09.17 -
[B]Emsisoft 5.0.0.37 2010.09.17 Hoax.Win32.ArchSMS!IK[/B]
eSafe 7.0.17.0 2010.09.17 -
eTrust-Vet 36.1.7860 2010.09.16 -
F-Prot 4.6.1.107 2010.09.16 -
F-Secure 9.0.15370.0 2010.09.17 -
Fortinet 4.1.143.0 2010.09.16 -
GData 21 2010.09.17 -
[B]Ikarus T3.1.1.88.0 2010.09.17 Hoax.Win32.ArchSMS[/B]
Jiangmin 13.0.900 2010.09.16 -
K7AntiVirus 9.63.2533 2010.09.16 -
Kaspersky 7.0.0.125 2010.09.17 -
McAfee 5.400.0.1158 2010.09.17 -
McAfee-GW-Edition 2010.1C 2010.09.16 -
Microsoft 1.6201 2010.09.17 -
NOD32 5456 2010.09.16 -
Norman 6.06.06 2010.09.16 -
nProtect 2010-09-16.02 2010.09.16 -
[B]Panda 10.0.2.7 2010.09.16 Suspicious file[/B]
PCTools 7.0.3.5 2010.09.17 -
[B]Prevx 3.0 2010.09.17 High Risk Cloaked Malware[/B]
Rising 22.65.03.04 2010.09.16 -
Sophos 4.57.0 2010.09.17 -
Sunbelt 6884 2010.09.16 -
SUPERAntiSpyware 4.40.0.1006 2010.09.17 -
Symantec 20101.1.1.7 2010.09.17 -
TheHacker 6.7.0.0.020 2010.09.17 -
TrendMicro 9.120.0.1004 2010.09.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.17 -
VBA32 3.12.14.0 2010.09.16 -
ViRobot 2010.8.25.4006 2010.09.16 -
VirusBuster 12.65.10.0 2010.09.16 -
[/QUOTE]
MD5 : e5b1361486d00fdfe6634479451243d8
SHA1 : deba9fc19b4a1af4a36f7cd76f6ddc6e5172e589
SHA256: ed2f90b7865632f213489fc6c29696e206a5c4f5e82b813df2fbc852d1da6db2

File size : 8253956 bytes
First seen: 2010-09-17 01:21:44
Last seen : 2010-09-17 02:14:57
[url]http://www.virustotal.com/file-scan/report.html?id=ed2f90b7865632f213489fc6c29696e206a5c4f5e82b813df2fbc852d1da6db2-1284689697[/url]
21.09.2010, 08:56
Vadim_SVN

File name: [B]avz00001.dta[/B]
Submission date: 2010-09-20 08:55:28 (UTC)
Result: [B][COLOR="Red"]4 [/COLOR]/43 (9.3%)[/B]

[CODE]AhnLab-V3 2010.09.20.00 2010.09.20 -
AntiVir 8.2.4.58 2010.09.20 -
Antiy-AVL 2.0.3.7 2010.09.20 -
Authentium 5.2.0.5 2010.09.20 -
Avast 4.8.1351.0 2010.09.19 -
Avast5 5.0.594.0 2010.09.19 -
AVG 9.0.0.851 2010.09.19 -
BitDefender 7.2 2010.09.20 -
CAT-QuickHeal 11.00 2010.09.20 -
ClamAV 0.96.2.0-git 2010.09.20 -
Comodo 6138 2010.09.20 -
[B]DrWeb 5.0.2.03300 2010.09.20 Trojan.WinSpy.935[/B]
Emsisoft 5.0.0.37 2010.09.20 -
eSafe 7.0.17.0 2010.09.17 -
eTrust-Vet 36.1.7862 2010.09.17 -
F-Prot 4.6.2.117 2010.09.19 -
F-Secure 9.0.15370.0 2010.09.20 -
Fortinet 4.1.143.0 2010.09.20 -
GData 21 2010.09.20 -
Ikarus T3.1.1.88.0 2010.09.20 -
Jiangmin 13.0.900 2010.09.20 -
K7AntiVirus 9.63.2552 2010.09.18 -
Kaspersky 7.0.0.125 2010.09.20 -
[B]McAfee 5.400.0.1158 2010.09.20 Artemis!B346F01B0FDC
McAfee-GW-Edition 2010.1C 2010.09.20 Artemis!B346F01B0FDC[/B]
Microsoft 1.6201 2010.09.20 -
NOD32 5462 2010.09.19 -
Norman 6.06.06 2010.09.19 -
nProtect 2010-09-20.02 2010.09.20 -
Panda 10.0.2.7 2010.09.19 -
PCTools 7.0.3.5 2010.09.20 -
Prevx 3.0 2010.09.20 -
Rising 22.66.00.01 2010.09.20 -
Sophos 4.57.0 2010.09.20 -
Sunbelt 6898 2010.09.20 -
SUPERAntiSpyware 4.40.0.1006 2010.09.20 -
[B]Symantec 20101.1.1.7 2010.09.20 WS.Reputation.1[/B]
TheHacker 6.7.0.0.025 2010.09.20 -
TrendMicro 9.120.0.1004 2010.09.19 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.20 -
VBA32 3.12.14.0 2010.09.20 -
ViRobot 2010.9.20.4051 2010.09.20 -
VirusBuster 12.65.14.0 2010.09.19 -[/CODE]
Additional information
MD5 : b346f01b0fdcecf5caf4530a947a6a3e
File size : 11264 bytes
Прописывается в HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls
Обитает в C:\Program Files\Internet Explorer\setupapi.dll
[url]http://www.virustotal.com/file-scan/report.html?id=458a68e322993fc7b10294563021511f1cb2539351253775ce83dc90cb163079-1284972928[/url]

File name: [B]0.4412461684318797.exe[/B]
Submission date: 2010-09-20 10:19:01 (UTC)
Result: [B][COLOR="Red"]4 [/COLOR]/42 (9.5%)[/B]
[CODE]AhnLab-V3 2010.09.20.00 2010.09.20 -
AntiVir 8.2.4.58 2010.09.20 -
Antiy-AVL 2.0.3.7 2010.09.20 -
Authentium 5.2.0.5 2010.09.20 -
Avast 4.8.1351.0 2010.09.19 -
Avast5 5.0.594.0 2010.09.19 -
AVG 9.0.0.851 2010.09.20 -
BitDefender 7.2 2010.09.20 -
CAT-QuickHeal 11.00 2010.09.20 -
ClamAV 0.96.2.0-git 2010.09.20 -
Comodo 6140 2010.09.20 -
[B]DrWeb 5.0.2.03300 2010.09.20 Trojan.MulDrop1.44194[/B]
Emsisoft 5.0.0.37 2010.09.20 -
eSafe 7.0.17.0 2010.09.17 -
eTrust-Vet 36.1.7862 2010.09.17 -
F-Prot 4.6.2.117 2010.09.19 -
F-Secure 9.0.15370.0 2010.09.20 -
Fortinet 4.1.143.0 2010.09.20 -
GData 21 2010.09.20 -
Ikarus T3.1.1.88.0 2010.09.20 -
Jiangmin 13.0.900 2010.09.20 -
K7AntiVirus 9.63.2552 2010.09.18 -
Kaspersky 7.0.0.125 2010.09.20 -
[B]McAfee 5.400.0.1158 2010.09.20 Artemis!5AA44AB48913
McAfee-GW-Edition 2010.1C 2010.09.20 Artemis!5AA44AB48913[/B]
Microsoft 1.6201 2010.09.20 -
NOD32 5463 2010.09.20 -
Norman 6.06.06 2010.09.20 -
nProtect 2010-09-20.02 2010.09.20 -
Panda 10.0.2.7 2010.09.19 -
PCTools 7.0.3.5 2010.09.20 -
Prevx 3.0 2010.09.20 -
Rising 22.66.00.03 2010.09.20 -
Sophos 4.57.0 2010.09.20 -
SUPERAntiSpyware 4.40.0.1006 2010.09.20 -
Symantec 20101.1.1.7 2010.09.20 -
TheHacker 6.7.0.0.025 2010.09.20 -
TrendMicro 9.120.0.1004 2010.09.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.20 -
[B]VBA32 3.12.14.0 2010.09.20 BScope.Crex[/B]
ViRobot 2010.9.20.4051 2010.09.20 -
VirusBuster 12.65.14.0 2010.09.19 -[/CODE]
Additional information
MD5 : 5aa44ab48913e82572a428b1b14e9941
File size : 94792 bytes
[url]http://www.virustotal.com/file-scan/report.html?id=347c8bebef7c75a03e3a11829f605f6de0499baebf480baac53c18f36ab2c22d-1284977941[/url]
01.10.2010, 01:30
Никита Соловьев

new

[QUOTE]
AhnLab-V3 2010.10.01.00 2010.09.30 -
AntiVir 7.10.12.92 2010.09.30 [B]TR/Spy.513024.20[/B]
Antiy-AVL 2.0.3.7 2010.09.30 -
Authentium 5.2.0.5 2010.09.30 -
Avast 4.8.1351.0 2010.09.30 -
Avast5 5.0.594.0 2010.09.30 -
AVG 9.0.0.851 2010.09.30 -
BitDefender 7.2 2010.09.30 [B]Gen:Trojan.Heur.TP.Fm0@biX1I!h[/B]
CAT-QuickHeal 11.00 2010.09.30 -
ClamAV 0.96.2.0-git 2010.09.30 -
Comodo 6246 2010.09.30 -
DrWeb 5.0.2.03300 2010.09.30 [B]Win32.Dat.8[/B]
Emsisoft 5.0.0.50 2010.09.30 -
eSafe 7.0.17.0 2010.09.30 -
eTrust-Vet 36.1.7885 2010.09.30 -
F-Prot 4.6.2.117 2010.09.30 -
F-Secure 9.0.15370.0 2010.09.30 [B]Gen:Trojan.Heur.TP.Fm0@biX1I!h[/B]
Fortinet 4.1.143.0 2010.09.30 -
GData 21 2010.09.30 [B]Gen:Trojan.Heur.TP.Fm0@biX1I!h[/B]
Ikarus T3.1.1.90.0 2010.09.30 -
Jiangmin 13.0.900 2010.09.30 -
K7AntiVirus 9.63.2648 2010.09.30 -
Kaspersky 7.0.0.125 2010.09.30 -
McAfee 5.400.0.1158 2010.09.30 -
McAfee-GW-Edition 2010.1C 2010.09.30 -
Microsoft 1.6201 2010.09.30 [B]Virus:Win32/Bamital.E[/B]
NOD32 5493 2010.09.30 -
Norman 6.06.07 2010.09.30 -
nProtect 2010-09-30.01 2010.09.30 [B]Trojan-Downloader/W32.Small.513024[/B]
Panda 10.0.2.7 2010.09.30 -
PCTools 7.0.3.5 2010.09.30 -
Prevx 3.0 2010.09.30 [B]Medium Risk Malware[/B]
Rising 22.67.02.07 2010.09.30 -
Sophos 4.58.0 2010.09.30 [B]Troj/Patched-O[/B]
Sunbelt 6951 2010.09.30 -
SUPERAntiSpyware 4.40.0.1006 2010.09.30 -
Symantec 20101.2.0.161 2010.09.30 -
TheHacker 6.7.0.1.041 2010.09.30 -
TrendMicro 9.120.0.1004 2010.09.30 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.30 -
VBA32 3.12.14.1 2010.09.27 -
ViRobot 2010.8.31.4017 2010.09.30 -
VirusBuster 12.66.8.0 2010.09.30 -
[/QUOTE]
02.11.2010, 17:31
ISO

File name:
prezidente.exe
Result:
18/ 43 (41.9%)
[QUOTE]Antivirus Version Last Update Result
[B]AhnLab-V3 2010.11.02.00 2010.11.01 Win32/Palevo.worm.104960.CV[/B]
AntiVir 7.10.13.104 2010.11.02 -
Antiy-AVL 2.0.3.7 2010.11.02 -
[B]Authentium 5.2.0.5 2010.11.02 W32/SuspPack.CT.gen!Eldorado
Avast 4.8.1351.0 2010.11.02 Win32:Crypt-HXJ
Avast5 5.0.594.0 2010.11.02 Win32:Crypt-HXJ
AVG 9.0.0.851 2010.11.02 Cryptic.BEB
BitDefender 7.2 2010.11.02 Gen:Variant.Kazy.2381[/B]
CAT-QuickHeal 11.00 2010.10.26 -
ClamAV 0.96.2.0-git 2010.11.02 -
[B]Comodo 6589 2010.11.02 TrojWare.Win32.Kryptik.HSQ
DrWeb 5.0.2.03300 2010.11.02 Trojan.Packed.21155[/B]
Emsisoft 5.0.0.50 2010.11.02 -
eSafe 7.0.17.0 2010.11.02 -
eTrust-Vet 36.1.7950 2010.11.02 -
[B]F-Prot 4.6.2.117 2010.11.01 W32/SuspPack.CT.gen!Eldorado
F-Secure 9.0.16160.0 2010.11.02 Gen:Variant.Kazy.2381[/B]
Fortinet 4.2.249.0 2010.11.02 -
[B]GData 21 2010.11.02 Gen:Variant.Kazy.2381[/B]
Ikarus T3.1.1.90.0 2010.11.02 -
Jiangmin 13.0.900 2010.11.02 -
K7AntiVirus 9.67.2882 2010.11.01 -
Kaspersky 7.0.0.125 2010.11.02 -
[B]McAfee 5.400.0.1158 2010.11.02 W32/Rimecud.gen.i[/B]
McAfee-GW-Edition 2010.1C 2010.11.02 -
[B]Microsoft 1.6301 2010.11.02 Trojan:Win32/Rimecud.A
NOD32 5585 2010.11.02 a variant of Win32/Kryptik.HSQ[/B]
Norman 6.06.10 2010.11.02 -
[B]nProtect 2010-11-02.01 2010.11.02 Gen:Variant.Kazy.2381
Panda 10.0.2.7 2010.11.01 Suspicious file[/B]
PCTools 7.0.3.5 2010.11.02 -
Prevx 3.0 2010.11.02 -
Rising 22.72.00.03 2010.11.02 -
[B]Sophos 4.59.0 2010.11.02 Sus/EncPk-CC[/B]
Sunbelt 7194 2010.11.02 -
SUPERAntiSpyware 4.40.0.1006 2010.11.02 -
Symantec 20101.2.0.161 2010.11.02 -
TheHacker 6.7.0.1.075 2010.11.02 -
TrendMicro 9.120.0.1004 2010.11.02 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.02 -
VBA32 3.12.14.1 2010.11.01 -
[B]ViRobot 2010.10.4.4074 2010.11.02 -
VirusBuster 12.70.16.0 2010.11.02 Trojan.Kryptik.BQEX[/B][/QUOTE]
Additional information
Show all
MD5 : 7b3106352b39e89c90530c88bd988c9b
SHA1 : 0084583548833f9226c457f5fd1dfb8fc3675951
SHA256: 03aed9a2f086b375e63a3e7746c4e0195cdc39dba92db06ab1bc655bb5ba90c3
13.11.2010, 01:59
Sonchus

services.exe
поймано из C:\WINDOWS\services.exe
File name:
5F794DBB00F819FDA47200416C5FF600407A70C3.exe
Submission date:
2010-11-10 13:23:02 (UTC)
Current status:
finished
Result:
5 /43 (11.6%)
Antivirus Version Last Update Result
AhnLab-V3 2010.11.10.02 2010.11.10 -
AntiVir 7.10.13.201 2010.11.10 -
Antiy-AVL 2.0.3.7 2010.11.10 -
Authentium 5.2.0.5 2010.11.10 -
Avast 4.8.1351.0 2010.11.10 -
Avast5 5.0.594.0 2010.11.10 -
AVG 9.0.0.851 2010.11.10 Generic20.CD
BitDefender 7.2 2010.11.10 -
CAT-QuickHeal 11.00 2010.11.09 Win32.Backdoor.PoisonIvy.ay3
ClamAV 0.96.4.0 2010.11.10 -
Comodo 6674 2010.11.10 -
DrWeb 5.0.2.03300 2010.11.10 -
Emsisoft 5.0.0.50 2010.11.10 -
eSafe 7.0.17.0 2010.11.09 -
eTrust-Vet 36.1.7966 2010.11.10 -
F-Prot 4.6.2.117 2010.11.09 -
F-Secure 9.0.16160.0 2010.11.10 -
Fortinet 4.2.249.0 2010.11.10 -
GData 21 2010.11.10 -
Ikarus T3.1.1.90.0 2010.11.10 -
Jiangmin 13.0.900 2010.11.10 -
K7AntiVirus 9.67.2940 2010.11.09 -
Kaspersky 7.0.0.125 2010.11.10 -
McAfee 5.400.0.1158 2010.11.10 -
McAfee-GW-Edition 2010.1C 2010.11.10 Heuristic.BehavesLike.Win32.Suspicious.D
Microsoft 1.6301 2010.11.10 Spammer:Win32/Tedroo.I
NOD32 5606 2010.11.10 -
Norman 6.06.10 2010.11.10 -
nProtect 2010-11-10.01 2010.11.10 -
Panda 10.0.2.7 2010.11.09 Adware/SecurityTool
PCTools 7.0.3.5 2010.11.10 -
Prevx 3.0 2010.11.10 -
Rising 22.73.02.06 2010.11.10 -
Sophos 4.59.0 2010.11.10 -
Sunbelt 7270 2010.11.10 -
SUPERAntiSpyware 4.40.0.1006 2010.11.10 -
Symantec 20101.2.0.161 2010.11.10 -
TheHacker 6.7.0.1.081 2010.11.10 -
TrendMicro 9.120.0.1004 2010.11.10 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.10 -
VBA32 3.12.14.1 2010.11.09 -
ViRobot 2010.10.30.4121 2010.11.10 -
VirusBuster 12.72.5.0 2010.11.09 -
Additional information
Show all
MD5 : bdac41e7090e56aceaef2b9d7330a40d
SHA1 : 401905ec1005c0a8d653d2973d9fb8c23a56386a
SHA256: 4dd48539837a40aeced0db52409fa4c044a2abc281f2c35369c7a31a4fd64dcf
13.11.2010, 10:44
ISO

File name:
usrinit.exe
Submission date:
2010-11-13 07:36:28 (UTC)
Result:
28/ 43 (65.1%)
[B]Позавчера KIS ещё не знал эту гадость. На экране просьба отправить деньги на номер сотового билайн. Был дописан в реестре в в разделе HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon в строке Userinit[/B]
[QUOTE]
Antivirus Version Last Update Result
[B]AhnLab-V3 2010.11.13.00 2010.11.12 Malware/Win32.Generic
AntiVir 7.10.13.235 2010.11.12 TR/Dropper.Gen[/B]
Antiy-AVL 2.0.3.7 2010.11.13 -
Authentium 5.2.0.5 2010.11.13 -
[B]Avast 4.8.1351.0 2010.11.12 Win32:Malware-gen
Avast5 5.0.594.0 2010.11.12 Win32:Malware-gen
AVG 9.0.0.851 2010.11.12 Dropper.Generic2.BTBU
BitDefender 7.2 2010.11.13 Trojan.Generic.KDV.62930[/B]
CAT-QuickHeal 11.00 2010.11.09 -
[B]ClamAV 0.96.4.0 2010.11.13 BC.Heuristic.Trojan.SusPacked.BF-6.B[/B]
[B]Comodo 6703 2010.11.13 Heur.Suspicious
DrWeb 5.0.2.03300 2010.11.13 Trojan.Inject.13011
Emsisoft 5.0.0.50 2010.11.13 Trojan.Win32.Calelk!IK
eSafe 7.0.17.0 2010.11.11 Win32.TRDropper[/B]
eTrust-Vet 36.1.7973 2010.11.13 -
F-Prot 4.6.2.117 2010.11.13 -
[B]F-Secure 9.0.16160.0 2010.11.13 Trojan.Generic.KDV.62930
Fortinet 4.2.249.0 2010.11.12 W32/Refroso.JUA!tr
GData 21 2010.11.13 Trojan.Generic.KDV.62930
Ikarus T3.1.1.90.0 2010.11.13 Trojan.Win32.Calelk[/B]
Jiangmin 13.0.900 2010.11.13 -
[B]K7AntiVirus 9.67.2973 2010.11.12 Riskware
Kaspersky 7.0.0.125 2010.11.13 Trojan-Dropper.Win32.VB.arml
McAfee 5.400.0.1158 2010.11.13 Generic.dx!uqb
McAfee-GW-Edition 2010.1C 2010.11.12 Generic.dx!uqb
Microsoft 1.6301 2010.11.13 Trojan:Win32/Calelk.A
NOD32 5616 2010.11.13 a variant of Win32/Injector.DNO
Norman 6.06.10 2010.11.12 W32/Obfuscated.N!genr
nProtect 2010-11-13.01 2010.11.13 Trojan.Generic.KDV.62930
Panda 10.0.2.7 2010.11.12 Trj/CI.A[/B]
PCTools 7.0.3.5 2010.11.13 -
Prevx 3.0 2010.11.13 -
[B]Rising 22.73.03.06 2010.11.12 Trojan.Win32.Generic.52467B5E
Sophos 4.59.0 2010.11.13 Mal/Koobface-G
Sunbelt 7296 2010.11.13 Trojan.Win32.Generic!BT
SUPERAntiSpyware 4.40.0.1006 2010.11.13 Trojan.Agent/Gen-Koobface[Bonkers][/B]
Symantec 20101.2.0.161 2010.11.13 -
TheHacker 6.7.0.1.083 2010.11.13 -
TrendMicro 9.120.0.1004 2010.11.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.13 -
VBA32 3.12.14.2 2010.11.12 -
ViRobot 2010.11.13.4145 2010.11.13 -
VirusBuster 12.75.1.0 2010.11.12 -[/QUOTE]
Additional information
Show all
MD5 : 965ba42d98350532e4365f3fc4e7455e
SHA1 : 34eb0da8cabe535714e9f0112f99982969fc1516
SHA256: 2782073aa45e702c2cdc4f15f861df79611cb595922d40b0424e2bb57b497eea
15.11.2010, 15:36
maksimog

Блин, думаю почему у меня ПК глючит, взял на потестить касперского...
Скорее всего в последний раз...

[QUOTE]File name:
000057721_FOUND.000.exe
Submission date:
2010-04-05 03:53:08 (UTC)
Current status:
finished
Result:
39 /42 (92.9%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.05 IM-Worm.Win32.VB!IK
AhnLab-V3 5.0.0.2 2010.04.03 Win32/Cogduni.worm.61440
AntiVir 7.10.6.24 2010.04.03 BDS/Pakes
Antiy-AVL 2.0.3.7 2010.04.02 -
Authentium 5.2.0.5 2010.04.04 W32/Lurka.A
Avast 4.8.1351.0 2010.04.04 Win32:Trojan-gen
Avast5 5.0.332.0 2010.04.04 Win32:Trojan-gen
AVG 9.0.0.787 2010.04.04 BackDoor.Bifrose.EU
BitDefender 7.2 2010.04.05 Backdoor.Agent.YPB
CAT-QuickHeal 10.00 2010.04.03 Worm.SillyFDC.gen
ClamAV 0.96.0.0-git 2010.04.03 W32.Virut.Gen.D-61
Comodo 4502 2010.04.05 Worm.Win32.VB.NJO0
DrWeb 5.0.2.03300 2010.04.05 Trojan.MulDrop.8034
eSafe 7.0.17.0 2010.04.01 Win32.WormWinNTLurka
eTrust-Vet 35.2.7405 2010.04.02 Win32/Lurka.A
F-Prot 4.5.1.85 2010.04.04 W32/Lurka.A
F-Secure 9.0.15370.0 2010.04.05 Backdoor.Agent.YPB
Fortinet 4.0.14.0 2010.04.04 W32/Lurker.A
GData 19 2010.04.05 Backdoor.Agent.YPB
Ikarus T3.1.1.80.0 2010.04.05 IM-Worm.Win32.VB
Jiangmin 13.0.900 2010.04.04 Win32/lurker.a
K7AntiVirus 7.10.1004 2010.03.22 Virus.Win32.Virut.Generic
Kaspersky 7.0.0.125 2010.04.05 -
McAfee 5937 2010.03.31 W32/Lurka.a
McAfee+Artemis 5937 2010.03.31 W32/Lurka.a
McAfee-GW-Edition 6.8.5 2010.04.03 Trojan.Backdoor.Pakes
Microsoft 1.5605 2010.04.04 Virus:Win32/Lurka.A
NOD32 4999 2010.04.04 a variant of Win32/VB.NJO
Norman 6.04.10 2010.04.03 W32/Lurker.B
nProtect 2009.1.8.0 2010.04.04 Backdoor.Agent.YPB
Panda 10.0.2.2 2010.04.04 -
PCTools 7.0.3.5 2010.04.05 Malware.Lurkasys
Prevx 3.0 2010.04.05 High Risk Cloaked Malware
Rising 22.41.04.05 2010.04.02 Worm.VB.aii
Sophos 4.52.0 2010.04.05 W32/Lurka-A
Sunbelt 6138 2010.04.05 Virus.Win32.Virut.b (v)
Symantec 20091.2.0.41 2010.04.05 W32.Lurkasys.A!inf
TheHacker 6.5.2.0.252 2010.04.05 W32/Lurka.A
TrendMicro 9.120.0.1004 2010.04.04 PE_LURKER.A
VBA32 3.12.12.4 2010.04.02 SScope.Backdoor.Bifrose.ago
ViRobot 2010.4.3.2259 2010.04.04 I-Worm.Win32.Generic.61440
VirusBuster 5.0.27.0 2010.04.04 Win32.Lurka.H
Additional information
Show all
MD5 : db8ecedc7b0080d146f21308a6fe019a
SHA1 : 4bd76d23077d0ce35668843bb3eec270a8d95852
SHA256: 1e281ae1c8cfb658222b3f3948fdf9b7b529d6a9ed5df0295a34ad9c67808ae7
ssdeep: 6144:D87jogxu/xzDegxu/xzDWGd6gxu/xzDocNgxu/xzDPfyFmL6wgxu/xzD:HniniDnPNnLf4
2/n
File size : 831488 bytes
First seen: 2010-04-05 03:53:08
Last seen : 2010-04-05 03:53:08
Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID:
Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: v
copyright....: n/a
product......: v
description..: n/a
original name: windown_update.exe
internal name: windown_update
file version.: 1.00
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x10EC
timedatestamp....: 0x1A197200 (Thu Nov 17 00:00:00 1983)
machinetype......: 0x14C (Intel I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xB10C, 0xC000, 4.97, dc120d6c2d669975993d9735d751d60c
.data, 0xD000, 0x14D8, 0x0, 0.0, d41d8cd98f00b204e9800998ecf8427e
.rsrc, 0xF000, 0xBD125, 0xBE000, 4.06, d97386c600d5b7ae518d4cebf82e2ec4

[[ 1 import(s) ]]
msvbvm60.dll: MethCallEngine, -, -, -, EVENT_SINK_AddRef, -, -, DllFunctionCall, EVENT_SINK_Release, -, EVENT_SINK_QueryInterface, __vbaExceptHandler, -, -, ProcCallEngine, -, -, -, -, -, -, -, -[/QUOTE]

[size="1"][color="#666686"][B][I]Добавлено через 3 часа 38 минут[/I][/B][/color][/size]

А это чудо пришло в письме, как подарок...

[QUOTE]File name:
1.exe
Submission date:
2010-11-15 08:03:00 (UTC)
Current status:
finished
Result:
4 /43 (9.3%)

VT Community

malware
Safety score: 0.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.11.15.00 2010.11.14 -
AntiVir 7.10.13.238 2010.11.14 -
Antiy-AVL 2.0.3.7 2010.11.15 -
Authentium 5.2.0.5 2010.11.15 -
Avast 4.8.1351.0 2010.11.14 -
Avast5 5.0.594.0 2010.11.14 -
AVG 9.0.0.851 2010.11.15 -
BitDefender 7.2 2010.11.15 -
CAT-QuickHeal 11.00 2010.11.09 -
ClamAV 0.96.4.0 2010.11.15 -
Comodo 6724 2010.11.15 -
DrWeb 5.0.2.03300 2010.11.15 Trojan.Siggen2.8259
Emsisoft 5.0.0.50 2010.11.15 -
eSafe 7.0.17.0 2010.11.14 -
eTrust-Vet 36.1.7976 2010.11.15 -
F-Prot 4.6.2.117 2010.11.15 -
F-Secure 9.0.16160.0 2010.11.15 -
Fortinet 4.2.249.0 2010.11.14 -
GData 21 2010.11.15 -
Ikarus T3.1.1.90.0 2010.11.15 -
Jiangmin 13.0.900 2010.11.15 -
K7AntiVirus 9.67.2973 2010.11.12 -
Kaspersky 7.0.0.125 2010.11.15 -
McAfee 5.400.0.1158 2010.11.15 -
McAfee-GW-Edition 2010.1C 2010.11.15 -
Microsoft 1.6301 2010.11.15 -
NOD32 5619 2010.11.14 a variant of Win32/Kryptik.IDZ
Norman 6.06.10 2010.11.14 -
nProtect 2010-11-15.01 2010.11.15 -
Panda 10.0.2.7 2010.11.14 -
PCTools 7.0.3.5 2010.11.15 -
Prevx 3.0 2010.11.15 High Risk Cloaked Malware
Rising 22.73.06.01 2010.11.15 -
Sophos 4.59.0 2010.11.15 -
Sunbelt 7314 2010.11.15 -
SUPERAntiSpyware 4.40.0.1006 2010.11.15 Trojan.Agent/Gen-Fuffan
Symantec 20101.2.0.161 2010.11.15 -
TheHacker 6.7.0.1.083 2010.11.15 -
TrendMicro 9.120.0.1004 2010.11.14 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.15 -
VBA32 3.12.14.2 2010.11.12 -
ViRobot 2010.11.15.4147 2010.11.15 -
VirusBuster 12.75.3.0 2010.11.14 -[/QUOTE]

Показывать 40 сообщений этой темы на одной странице

Текущее время: 16:07. Часовой пояс GMT +3.

Page generated in 0.01026 seconds with 10 queries