Исследование антивирусов 4

Complete scanning result of "DSC_03546.exe", received in VirusTotal at 12.22.2006, 14:22:24 (CET).

[i]Antivirus Version Update Result[/i]

AntiVir 7.3.0.21 12.22.2006 TR/PSW.PdPinch.L.68
[COLOR="#ff0000"]Authentium 4.93.8 12.22.2006 no virus found
Avast 4.7.892.0 12.21.2006 no virus found
AVG 386 12.21.2006 no virus found[/COLOR]
BitDefender 7.2 12.22.2006 MemScan:Trojan.PWS.PdPinch.L
[COLOR="#ff0000"]CAT-QuickHeal 8.00 12.21.2006 no virus found
ClamAV devel-20060426 12.21.2006 no virus found[/COLOR]
DrWeb 4.33 12.22.2006 Trojan.MulDrop.4906
[COLOR="#ff0000"]eSafe 7.0.14.0 12.21.2006 no virus found
eTrust-InoculateIT 23.73.95 12.22.2006 no virus found
eTrust-Vet 30.3.3269 12.22.2006 no virus found
Ewido 4.0 12.22.2006 no virus found
Fortinet 2.82.0.0 12.22.2006 no virus found
F-Prot 3.16f 12.21.2006 no virus found
F-Prot4 4.2.1.29 12.21.2006 no virus found
Ikarus T3.1.0.27 12.22.2006 no virus found[/COLOR]
Kaspersky 4.0.2.24 12.22.2006 Trojan-PSW.Win32.LdPinch.bhg
[COLOR="#ff0000"]McAfee 4924 12.21.2006 no virus found
Microsoft 1.1904 12.22.2006 no virus found[/COLOR]
NOD32v2 1934 12.21.2006 a variant of Win32/PSW.LdPinch.NCB
Norman 5.80.02 12.22.2006 W32/EMailWorm.AR
Panda 9.0.0.4 12.22.2006 Suspicious file
[COLOR="#ff0000"]Prevx1 V2 12.22.2006 no virus found
Sophos 4.12.0 12.22.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.135 12.20.2006 no virus found
UNA 1.83 12.21.2006 no virus found
VBA32 3.11.1 12.21.2006 no virus found
VirusBuster 4.3.19:9 12.21.2006 no virus found[/COLOR]

Aditional Information
File size: 135542 bytes
MD5: d7f8adcf172a47399f9b174fdc3b9a07
SHA1: d368ce2e8ed5a91bd8219d44270ca5cd86bb6c1f

Complete scanning result of "sp_m2_v127_333.exe", received in VirusTotal at 12.22.2006, 23:01:43 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 12.22.2006 TR/Spambot.BXE
Authentium 4.93.8 12.22.2006 no virus found
Avast 4.7.892.0 12.21.2006 no virus found
AVG 386 12.22.2006 Proxy.JBD
BitDefender 7.2 12.22.2006 Trojan.Spambot.BXE
CAT-QuickHeal 8.00 12.22.2006 TrojanProxy.Dlena.bd
ClamAV devel-20060426 12.22.2006 no virus found
DrWeb 4.33 12.22.2006 no virus found
eSafe 7.0.14.0 12.21.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.95 12.22.2006 no virus found
eTrust-Vet 30.3.3269 12.22.2006 no virus found
Ewido 4.0 12.22.2006 Proxy.Dlena.bd
Fortinet 2.82.0.0 12.22.2006 no virus found
F-Prot 3.16f 12.22.2006 no virus found
F-Prot4 4.2.1.29 12.21.2006 no virus found
Ikarus T3.1.0.27 12.22.2006 Trojan.Spambot.BXE
Kaspersky 4.0.2.24 12.22.2006 Trojan-Proxy.Win32.Dlena.bd
McAfee 4925 12.22.2006 no virus found
Microsoft 1.1904 12.22.2006 no virus found
[B]NOD32v2 1935 12.22.2006 no virus found[/B]
Norman 5.80.02 12.22.2006 no virus found
Panda 9.0.0.4 12.22.2006 no virus found
Prevx1 V2 12.22.2006 Trojan.RPCC.Payload
Sophos 4.12.0 12.22.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.135 12.20.2006 Trojan/Proxy.Dlena.bd
UNA 1.83 12.22.2006 TrojanProxy.Win32.Dlena.2A57
VBA32 3.11.1 12.22.2006 no virus found
VirusBuster 4.3.19:9 12.22.2006 no virus found

Aditional Information
File size: 30720 bytes
MD5: a178ae2b44868723792f80452414ce6c
SHA1: 07cc219c6bc321e115e597449f0eb78dc5e98b76
Prevx info: [url]http://fileinfo.prevx.com/fileinfo.asp?PXC=a0b863369501[/url]

Complete scanning result of "postcard4.zip", received in VirusTotal at 12.25.2006, 13:07:03 (CET).


Antivirus Version Update Result
AntiVir 7.3.0.21 12.24.2006 TR/Dldr.Stration.Gen
Authentium 4.93.8 12.22.2006 W32/Warezov.gen3!W32DL
Avast 4.7.892.0 12.21.2006 no virus found
AVG 386 12.25.2006 Downloader.Generic3.EAT
BitDefender 7.2 12.25.2006 Generic.Malware.dld!!.FDC38EE1
CAT-QuickHeal 8.00 12.23.2006 no virus found
ClamAV devel-20060426 12.25.2006 Trojan.Downloader-326
DrWeb 4.33 12.25.2006 DLOADER.Trojan
eSafe 7.0.14.0 12.24.2006 no virus found
eTrust-InoculateIT 23.73.98 12.24.2006 no virus found
eTrust-Vet 30.3.3271 12.23.2006 no virus found
Ewido 4.0 12.25.2006 no virus found
Fortinet 2.82.0.0 12.25.2006 no virus found
F-Prot 3.16f 12.22.2006 W32/Warezov.gen3!W32DL
F-Prot4 4.2.1.29 12.22.2006 W32/Warezov.gen3!W32DL
Ikarus T3.1.0.27 12.25.2006 Win32.Outbreak
Kaspersky 4.0.2.24 12.25.2006 Trojan-Downloader.Win32.Small.edn
McAfee 4925 12.22.2006 no virus found
Microsoft 1.1904 12.25.2006 no virus found
NOD32v2 1938 12.25.2006 Win32/TrojanDownloader.Small.EDN
Norman 5.80.02 12.22.2006 W32/Downloader
Panda 9.0.0.4 12.24.2006 Suspicious file
Prevx1 V2 12.25.2006 no virus found
Sophos 4.12.0 12.24.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.136 12.24.2006 no virus found
UNA 1.83 12.22.2006 no virus found
VBA32 3.11.1 12.25.2006 suspected of Win32.Trojan.Downloader ([url]http://.[/url]..)
VirusBuster 4.3.19:9 12.25.2006 no virus found


Aditional Information
File size: 1401 bytes
MD5: 8e87e3a0a92210a5aecbc8aec70a79f3
SHA1: a08fd3506dae5ae8df4b903ef5ab3595814283bd
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email][email protected][/email] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* File length: 3588 bytes.

[ Changes to filesystem ]
* Creates file C:WINDOWSmodule.exe.

[ Network services ]
* Opens URL: hххp://www6.easeruikingandefunjs.com/chr/893/nt.exe.

[ Security issues ]
* Starting downloaded file - potential security problem.





Complete scanning result of "nt.exe", received in VirusTotal at 12.25.2006, 13:10:33 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 12.24.2006 Worm/Stration.C
Authentium 4.93.8 12.22.2006 W32/Warezov.gen4
Avast 4.7.892.0 12.21.2006 no virus found
AVG 386 12.25.2006 I-Worm/Stration.BMS
BitDefender 7.2 12.25.2006 DeepScan:Generic.Malware.SFign!.59DD4136
CAT-QuickHeal 8.00 12.23.2006 no virus found
ClamAV devel-20060426 12.25.2006 Worm.Stration.WR
DrWeb 4.33 12.25.2006 no virus found
eSafe 7.0.14.0 12.24.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.98 12.24.2006 Win32/Stration.Variant!Worm
eTrust-Vet 30.3.3271 12.23.2006 Win32/Stration!generic
Ewido 4.0 12.25.2006 no virus found
Fortinet 2.82.0.0 12.25.2006 W32/Stration.DS@mm
F-Prot 3.16f 12.22.2006 W32/Warezov.gen4
F-Prot4 4.2.1.29 12.22.2006 W32/Warezov.gen4
Ikarus T3.1.0.27 12.25.2006 no virus found
Kaspersky 4.0.2.24 12.25.2006 Email-Worm.Win32.Warezov.fh
McAfee 4925 12.22.2006 no virus found
Microsoft 1.1904 12.25.2006 Win32/Stration.gen!dr
NOD32v2 1938 12.25.2006 Win32/Stration.UF
Norman 5.80.02 12.22.2006 W32/Malware
Panda 9.0.0.4 12.24.2006 no virus found
Prevx1 V2 12.25.2006 Win32.Malware.gen
Sophos 4.12.0 12.24.2006 W32/Strati-Gen
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.136 12.24.2006 W32/Warezov.hb
UNA 1.83 12.22.2006 no virus found
VBA32 3.11.1 12.25.2006 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.19:9 12.25.2006 no virus found


Aditional Information
File size: 89088 bytes
MD5: 5f7a2d9bc74fa5ad8727dc65572581e5
SHA1: f7ed50ce05b6ca252cb8a17f58671277d070078b
packers: UPX
packers: UPX
packers: UPX
packers: UPX, embedded
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email][email protected][/email] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Decompressing UPX.
* File length: 89088 bytes.

[ Changes to filesystem ]
* Creates file C:WINDOWSwqpd32.exe.
* Creates file C:WINDOWSwqpd32.dat.
* Creates file C:WINDOWSSYSTEM32e1.dll.

[ Changes to registry ]
* Creates value "wqpd32"="C:WINDOWSwqpd32.exe s" in key "HKLMSoftwareMicrosoftWindowsCurrentVersionRun".

[ Process/window information ]
* Will automatically restart after boot (I'll be back...).
* Enumerates running processes.
* Modifies other process memory.
* Creates a remote thread.


Prevx info: [url]http://fileinfo.prevx.com/fileinfo.asp?PXC=c4ad65554348[/url]

Complete scanning result of "win32update.exe", received in VirusTotal at 12.27.2006, 09:04:22 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.21 12.27.2006 TR/Proxy.Agent.HD.18
Authentium 4.93.8 12.22.2006 no virus found
Avast 4.7.892.0 12.21.2006 Win32:Agent-DCJ
AVG 386 12.26.2006 Proxy.CEA
BitDefender 7.2 12.27.2006 Trojan.Proxy.Agent.ED
CAT-QuickHeal 8.00 12.26.2006 no virus found
ClamAV devel-20060426 12.26.2006 no virus found
DrWeb 4.33 12.27.2006 Trojan.Proxy.870
eSafe 7.0.14.0 12.26.2006 no virus found
eTrust-InoculateIT 23.73.99 12.27.2006 no virus found
eTrust-Vet 30.3.3271 12.23.2006 Win32/SillyProxy.AV
Ewido 4.0 12.26.2006 Proxy.Agent.hd
Fortinet 2.82.0.0 12.27.2006 W32/Agent.HD!tr
F-Prot 3.16f 12.22.2006 no virus found
F-Prot4 4.2.1.29 12.22.2006 generic
Ikarus T3.1.0.27 12.27.2006 Trojan-Proxy.Win32.Agent.hd
Kaspersky 4.0.2.24 12.27.2006 Trojan-Proxy.Win32.Agent.hd
McAfee 4926 12.26.2006 no virus found
Microsoft 1.1904 12.27.2006 TrojanProxy:Win32/Agent.IN
NOD32v2 1939 12.26.2006 a variant of Win32/TrojanProxy.Ranky
Norman 5.80.02 12.26.2006 W32/Agent.AHUU
Panda 9.0.0.4 12.27.2006 Adware/WUpd
Prevx1 V2 12.27.2006 Covert.Sys.Exec
Sophos 4.13.0 12.26.2006 Troj/Ranck-Gen
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.136 12.24.2006 no virus found
UNA 1.83 12.26.2006 TrojanProxy.Win32.Agent.B86C
VBA32 3.11.1 12.26.2006 Trojan-Proxy.Win32.Agent.hd
VirusBuster 4.3.19:9 12.26.2006 no virus found

Aditional Information
File size: 188494 bytes
MD5: 3d533d78a26c13e4ce1fef680c6ddd6a
SHA1: 04f6cba0023b1167cef0fe4aa5f4dbcf0489316d
Prevx info: [url]http://fileinfo.prevx.com/fileinfo.asp?PXC=70a316676736[/url]

Complete scanning result of "Savicheva_XXX.exe", received in VirusTotal at 12.28.2006, 06:42:52 (CET).


Antivirus Version Update Result

[B]AntiVir 7.3.0.21 12.27.2006 HEUR/Crypted[/B]
Authentium 4.93.8 12.27.2006 no virus found
Avast 4.7.892.0 12.21.2006 no virus found
AVG 386 12.28.2006 no virus found
[B]BitDefender 7.2 12.28.2006 MemScan:Trojan.PWS.PdPinch.L
CAT-QuickHeal 8.00 12.27.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 12.27.2006 Trojan.Dropper.Agent-106
DrWeb 4.33 12.27.2006 Trojan.PWS.LDPinch.1217
eSafe 7.0.14.0 12.26.2006 Suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.100 12.28.2006 no virus found
eTrust-Vet 30.3.3283 12.27.2006 no virus found
Ewido 4.0 12.27.2006 no virus found
Fortinet 2.82.0.0 12.27.2006 no virus found
F-Prot 3.16f 12.22.2006 no virus found
F-Prot4 4.2.1.29 12.22.2006 no virus found
Ikarus T3.1.0.27 12.28.2006 no virus found
[B]Kaspersky 4.0.2.24 12.28.2006 Trojan-PSW.Win32.LdPinch.bgj[/B]
McAfee 4927 12.27.2006 no virus found
[B]Microsoft 1.1904 12.27.2006 Win32/Ldpinch
NOD32v2 1941 12.28.2006 a variant of Win32/PSW.LdPinch.NCB[/B]
Norman 5.80.02 12.27.2006 no virus found
[B]Panda 9.0.0.4 12.28.2006 Suspicious file[/B]
Prevx1 V2 12.28.2006 no virus found
Sophos 4.13.0 12.26.2006 no virus found
[B]Sunbelt 2.2.907.0 12.18.2006 VIPRE.Suspicious[/B]
TheHacker 6.0.3.138 12.28.2006 no virus found
UNA 1.83 12.27.2006 no virus found
[B]VBA32 3.11.1 12.27.2006 MalwareScope.Trojan-PSW.Pinch.1[/B]
VirusBuster 4.3.19:9 12.27.2006 no virus found

Aditional Information
File size: 32256 bytes
MD5: 365a362e1022ee45f45d50fcbb6f177c
SHA1: 5421f84286dee6008cbf395fee3c00086104b216
packers: PECOMPACT
packers: PecBundle, PECompact
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Complete scanning result of "setup.exe", received in VirusTotal at 12.29.2006, 20:48:24 (CET).


Antivirus Version Update Result

[B]AntiVir 7.3.0.21 12.29.2006 TR/Proxy.Horst.Gen[/B]
Authentium 4.93.8 12.29.2006 no virus found
Avast 4.7.892.0 12.21.2006 no virus found
[B]AVG 386 12.29.2006 Proxy.26.M
BitDefender 7.2 12.29.2006 DeepScan:Generic.Horst.7E87FB89[/B]
CAT-QuickHeal 8.00 12.29.2006 no virus found
ClamAV devel-20060426 12.29.2006 no virus found
DrWeb 4.33 12.29.2006 no virus found
[B]eSafe 7.0.14.0 12.28.2006 suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.101 12.29.2006 no virus found
[B]eTrust-Vet 30.3.3289 12.29.2006 Win32/Boxed!generic[/B]
Ewido 4.0 12.29.2006 no virus found
Fortinet 2.82.0.0 12.29.2006 no virus found
F-Prot 3.16f 12.29.2006 no virus found
F-Prot4 4.2.1.29 12.29.2006 no virus found
Ikarus T3.1.0.27 12.29.2006 no virus found
[B]Kaspersky 4.0.2.24 12.29.2006 Trojan-Proxy.Win32.Horst.gen[/B]
[B]McAfee 4929 12.29.2006 BackDoor-CMQ.dldr[/B]
Microsoft 1.1904 12.27.2006 no virus found
NOD32v2 1946 12.29.2006 no virus found
[B]Norman 5.80.02 12.29.2006 W32/Malware
Panda 9.0.0.4 12.29.2006 Suspicious file[/B]
Prevx1 V2 12.29.2006 no virus found
[B]Sophos 4.13.0 12.28.2006 Mal/Behav-080[/B]
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
[B]VBA32 3.11.1 12.29.2006 MalwareScope.Trojan-Proxy.Horst.1[/B]
VirusBuster 4.3.19:9 12.29.2006 no virus found

Aditional Information
File size: 42496 bytes
MD5: 7b429cc811c739822ddf355494637a2a
SHA1: 66452cb3ef2c65338d19f4eb732d550639d7f711
packers: UPX
packers: UPX
packers: UPX
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email][email protected][/email] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Decompressing UPX.
* File length: 42496 bytes.

[ Process/window information ]
* Modifies other process memory.
* Modifies execution flow of a remote process.

Complete scanning result of "__________ICQ.exe", received in VirusTotal at 12.29.2006, 21:44:08 (CET).


Antivirus Version Update Result

[B]AntiVir 7.3.0.21 12.29.2006 HEUR/Crypted[/B]
Authentium 4.93.8 12.29.2006 no virus found
Avast 4.7.892.0 12.21.2006 no virus found
AVG 386 12.29.2006 no virus found
[B]BitDefender 7.2 12.29.2006 MemScan:Trojan.PWS.PdPinch.L
CAT-QuickHeal 8.00 12.29.2006 (Suspicious) - DNAScan[/B]
ClamAV devel-20060426 12.29.2006 no virus found
[B]DrWeb 4.33 12.29.2006 Trojan.PWS.LDPinch.1217[/B]
eSafe 7.0.14.0 12.28.2006 no virus found
eTrust-InoculateIT 23.73.101 12.29.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
[B]Ewido 4.0 12.29.2006 Trojan.LdPinch.bet[/B]
Fortinet 2.82.0.0 12.29.2006 suspicious
F-Prot 3.16f 12.29.2006 no virus found
F-Prot4 4.2.1.29 12.29.2006 no virus found
[B]Ikarus T3.1.0.27 12.29.2006 Trojan-PSW.Win32.LdPinch.apk
Kaspersky 4.0.2.24 12.29.2006 Trojan-PSW.Win32.LdPinch.bgj[/B]
McAfee 4929 12.29.2006 no virus found
[B]Microsoft 1.1904 12.27.2006 Win32/Ldpinch
NOD32v2 1946 12.29.2006 a variant of Win32/PSW.LdPinch.NCB[/B]
Norman 5.80.02 12.29.2006 no virus found
[B]Panda 9.0.0.4 12.29.2006 Suspicious file[/B]
Prevx1 V2 12.29.2006 no virus found
Sophos 4.13.0 12.28.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
[B]VBA32 3.11.1 12.29.2006 MalwareScope.Trojan-PSW.Pinch.[/B]4
VirusBuster 4.3.19:9 12.29.2006 no virus found

Aditional Information
File size: 48057 bytes
MD5: 3aa158d23b0e149bb2cfbd5186b36f79
SHA1: 25fdda6cf8a1f41289c16c188acc03fc10ab7573

[QUOTE=Winsent;89475]Complete scanning result of "__________ICQ.exe", received in VirusTotal at 12.29.2006, 21:44:08 (CET).[/QUOTE]

То же самое в 305 топике.

Complete scanning result of "DCOMgui.zip", received in VirusTotal at 12.30.2006, 09:05:23 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 12.29.2006 no virus found
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 Win32:Interlac-B
AVG 386 12.29.2006 no virus found
BitDefender 7.2 12.30.2006 no virus found
CAT-QuickHeal 8.00 12.29.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 12.30.2006 no virus found
DrWeb 4.33 12.30.2006 BackDoor.Pigeon.516
eSafe 7.0.14.0 12.30.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.29.2006 Dropper.Interlac.10.b
Fortinet 2.82.0.0 12.30.2006 suspicious
F-Prot 3.16f 12.29.2006 no virus found
F-Prot4 4.2.1.29 12.29.2006 no virus found
Ikarus T3.1.0.27 12.30.2006 Backdoor.Win32.Hupigon.BV
Kaspersky 4.0.2.24 12.30.2006 Trojan-Dropper.Win32.Interlac.10.b
McAfee 4929 12.29.2006 New Malware.u
Microsoft 1.1904 12.27.2006 no virus found
NOD32v2 1947 12.30.2006 no virus found
Norman 5.80.02 12.29.2006 no virus found
Panda 9.0.0.4 12.30.2006 Suspicious file
Prevx1 V2 12.30.2006 no virus found
Sophos 4.13.0 12.28.2006 Mal/Packer
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 12.29.2006 no virus found
VirusBuster 4.3.19:9 12.29.2006 novirus:Packed/NSPack

Aditional Information
File size: 257436 bytes
MD5: 860e5b99b176b3120388234cdfb632d6
SHA1: 0f35491c52a52e2f5d192910ee61beb2afa068b0
packers: NsPack, Morphine
packers: NSPack, PE_Patch

Это письмо, в нём postcard.exe. На момент проверки Доктор зверя уже знал, а на момент прохождения ещё нет, и письмо я просто глазом в ящике нашёл.
[quote]Complete scanning result of "mzukh_completepkgltd.com_111_3731", received in VirusTotal at 12.30.2006, 10:53:32 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 12.30.2006 TR/Dldr.Tibs.JZ
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.29.2006 Downloader.Tibs
BitDefender 7.2 12.30.2006 no virus found
CAT-QuickHeal 8.00 12.29.2006 no virus found
ClamAV devel-20060426 12.30.2006 Trojan.Downloader-390
DrWeb 4.33 12.30.2006 Win32.Dref
eSafe 7.0.14.0 12.30.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 Win32/Tibs!generic
Ewido 4.0 12.29.2006 no virus found
Fortinet 2.82.0.0 12.30.2006 suspicious
F-Prot 3.16f 12.29.2006 no virus found
F-Prot4 4.2.1.29 12.29.2006 no virus found
Ikarus T3.1.0.27 12.30.2006 Trojan-Downloader.Win32.Tibs.jy
Kaspersky 4.0.2.24 12.30.2006 Trojan-Downloader.Win32.Tibs.jy
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 12.27.2006 no virus found
NOD32v2 1947 12.30.2006 no virus found
Norman 5.80.02 12.29.2006 no virus found
Panda 9.0.0.4 12.30.2006 no virus found
Prevx1 V2 12.30.2006 no virus found
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 12.29.2006 no virus found
VirusBuster 4.3.19:9 12.29.2006 Trojan.DL.Tibs.Gen!Pac10


Aditional Information
File size: 25146 bytes
MD5: 1ae86f854f959af0ca40007aad1f9ee1
SHA1: 6e474a99c0cd3c85186b1b1a387eb483a7419eb8[/quote]

Complete scanning result of "cheker.exe", received in VirusTotal at 12.30.2006, 11:02:21 (CET).


Antivirus Version Update Result

[B]AntiVir 7.3.0.21 12.30.2006 HEUR/Crypted[/B]
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.29.2006 no virus found
[B]BitDefender 7.2 12.30.2006 BehavesLike:Trojan.ShellObject[/B]
[B]CAT-QuickHeal 8.00 12.29.2006 (Suspicious) - DNAScan[/B]
ClamAV devel-20060426 12.30.2006 no virus found
DrWeb 4.33 12.30.2006 no virus found
[B]eSafe 7.0.14.0 12.30.2006 suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.29.2006 no virus found
Fortinet 2.82.0.0 12.30.2006 suspicious
F-Prot 3.16f 12.29.2006 no virus found
[B]F-Prot4 4.2.1.29 12.29.2006 generic[/B]
Ikarus T3.1.0.27 12.30.2006 no virus found
Kaspersky 4.0.2.24 12.30.2006 no virus found
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 12.27.2006 no virus found
NOD32v2 1947 12.30.2006 no virus found
Norman 5.80.02 12.29.2006 no virus found
[B]Panda 9.0.0.4 12.30.2006 Suspicious file[/B]
Prevx1 V2 12.30.2006 no virus found
Sophos 4.13.0 12.30.2006 no virus found
[B]Sunbelt 2.2.907.0 12.18.2006 VIPRE.Suspicious[/B]
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
[B]VBA32 3.11.1 12.29.2006 Trojan.PWS.Wmsender[/B]
VirusBuster 4.3.19:9 12.29.2006 no virus found

Aditional Information
File size: 11232 bytes
MD5: d3ccd699d4a6726795b2037635d79a35
SHA1: 1d6cc5d4ab10ad7eded76d672d41d2f0cac56e9b
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.


[QUOTE=gines;89510]То же самое в 305 топике.[/QUOTE]

Размер разный, детектят не все что в прошлый раз. Название только такое же

[QUOTE=Winsent;89521]
Размер разный, детектят не все что в прошлый раз. Название только такое же[/QUOTE]
Размер, по-моему, не показатель. Первый вроде как сжат. Но, если всё-таки это две разновидности, то странно, что и касперский и доктор веб присвоили им одинаковые имена.

AntiVir 7.3.0.21 12.30.2006 TR/Dldr.Tibs.JY.A
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.30.2006 Downloader.Tibs
BitDefender 7.2 12.30.2006 GenPack:Trojan.Downloader.Agent.YC
CAT-QuickHeal 8.00 12.29.2006 no virus found
ClamAV devel-20060426 12.30.2006 Trojan.Small-914
DrWeb 4.33 12.30.2006 Win32.Dref
eSafe 7.0.14.0 12.30.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 Win32/Tibs!generic
Ewido 4.0 12.30.2006 no virus found
Fortinet 2.82.0.0 12.30.2006 suspicious
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
Ikarus T3.1.0.27 12.30.2006 Trojan-Downloader.Win32.Tibs.jy
Kaspersky 4.0.2.24 12.30.2006 Trojan-Downloader.Win32.Tibs.jy
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 12.30.2006 no virus found
NOD32v2 1949 12.30.2006 Win32/Nuwar.M
Norman 5.80.02 12.29.2006 no virus found
Panda 9.0.0.4 12.30.2006 Trj/Alanchum.MU
Prevx1 V2 12.30.2006 Spyware.VirusBurst
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 Trojan/Downloader.Generic
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 12.30.2006 no virus found
VirusBuster 4.3.19:9 12.30.2006 Trojan.DL.Tibs.Gen!Pac10


Aditional Information
File size: 54423 bytes
MD5: 80250d4b948dfb40013cedfa1261a997
SHA1: a01f706c20c2110394dd27d4eda33268844c8148
Prevx info: [url]http://fileinfo.prevx.com/fileinfo.asp?PXC=b20f66499269[/url]

Antivirus Version Update Result


[B]AntiVir 7.3.0.21 12.30.2006 HEUR/Crypted[/B]
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.30.2006 no virus found
[B]BitDefender 7.2 12.31.2006 DeepScan:Generic.PWStealer.A02C0538[/B]
CAT-QuickHeal 8.00 12.31.2006 no virus found
ClamAV devel-20060426 12.30.2006 no virus found
DrWeb 4.33 12.31.2006 no virus found
[B]eSafe 7.0.14.0 12.30.2006 suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.30.2006 no virus found
Fortinet 2.82.0.0 12.31.2006 suspicious
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
[B]Ikarus T3.1.0.27 12.31.2006 Trojan-PSW.Win32.LdPinch.apk
Kaspersky 4.0.2.24 12.31.2006 Trojan-PSW.Win32.LdPinch.bik[/B]
McAfee 4929 12.29.2006 no virus found
[B]Microsoft 1.1904 12.31.2006 Win32/Ldpinch
NOD32v2 1949 12.30.2006 Win32/PSW.LdPinch.NCS[/B]
Norman 5.80.02 12.29.2006 no virus found
Panda 9.0.0.4 12.30.2006 Suspicious file
Prevx1 V2 12.31.2006 no virus found
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
[B]VBA32 3.11.1 12.30.2006 MalwareScope.Trojan-PSW.Pinch.1[/B]
VirusBuster 4.3.19:9 12.30.2006 no virus found

Aditional Information
File size: 25600 bytes
MD5: 6c548c3a41bccae7c7cd75ef34a2b12c
SHA1: 0b46fee4995c0cb1cd3229f56f6a0676ba9117c9
packers: UPX
packers: UPX
packers: UPX

Antivirus Version Update Result


[B]AntiVir 7.3.0.21 12.30.2006 HEUR/Crypted[/B]
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.30.2006 no virus found
[B]BitDefender 7.2 12.31.2006 DeepScan:Generic.PWStealer.9D8B9DC6[/B]
CAT-QuickHeal 8.00 12.31.2006 no virus found
ClamAV devel-20060426 12.30.2006 no virus found
DrWeb 4.33 12.31.2006 no virus found
[B]eSafe 7.0.14.0 12.30.2006 suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.30.2006 no virus found
[B]Fortinet 2.82.0.0 12.31.2006 suspicious[/B]
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
[B]Ikarus T3.1.0.27 12.31.2006 Trojan-PSW.Win32.LdPinch.apk[/B]
Kaspersky 4.0.2.24 12.31.2006 no virus found
McAfee 4929 12.29.2006 no virus found
[B]Microsoft 1.1904 12.31.2006 Win32/Ldpinch[/B]
NOD32v2 1949 12.30.2006 no virus found
Norman 5.80.02 12.29.2006 no virus found
[B]Panda 9.0.0.4 12.30.2006 Suspicious file[/B]
Prevx1 V2 12.31.2006 no virus found
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
[B]VBA32 3.11.1 12.30.2006 MalwareScope.Trojan-PSW.Pinch.1[/B]
VirusBuster 4.3.19:9 12.30.2006 no virus found

Aditional Information
File size: 53248 bytes
MD5: 55ceb3fdc230b833e5f3a9aa84d1120b
SHA1: e5f2a7463b0bcbf8383fa87925f027cd4e3ab7d7
packers: UPX
packers: UPX
packers: UPX

Complete scanning result of "1.exe", received in VirusTotal at 12.31.2006, 14:20:09 (CET).

Antivirus Version Update Result
[B]AntiVir 7.3.0.21 12.30.2006 HEUR/Malware[/B]
[B]Authentium 4.93.8 12.30.2006 W32/Warezov.gen4[/B]
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.30.2006 no virus found
[B]BitDefender 7.2 12.31.2006 DeepScan:Generic.Sdbot.01ACBA66[/B]
CAT-QuickHeal 8.00 12.31.2006 no virus found
ClamAV devel-20060426 12.31.2006 no virus found
DrWeb 4.33 12.31.2006 no virus found
[B]eSafe 7.0.14.0 12.31.2006 suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.31.2006 no virus found
[B]Fortinet 2.82.0.0 12.31.2006 suspicious[/B]
[B]F-Prot 3.16f 12.30.2006 W32/Warezov.gen4[/B]
[B]F-Prot4 4.2.1.29 12.30.2006 W32/Warezov.gen4[/B]
[B]Ikarus T3.1.0.27 12.31.2006 Trojan-PSW.Win32.LdPinch.apk[/B]
Kaspersky 4.0.2.24 12.31.2006 no virus found
McAfee 4929 12.29.2006 no virus found
[B]Microsoft 1.1904 12.31.2006 Win32/Ldpinch[/B]
NOD32v2 1949 12.30.2006 no virus found
Norman 5.80.02 12.31.2006 no virus found
[B]Panda 9.0.0.4 12.31.2006 Suspicious file[/B]
Prevx1 V2 12.31.2006 no virus found
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
[B]VBA32 3.11.1 12.30.2006 MalwareScope.Trojan-PSW.Pinch.1[/B]
VirusBuster 4.3.19:9 12.30.2006 no virus found

Aditional Information
File size: 30720 bytes
MD5: 3945ca8dc0b7cfe4e568b22d23b78223
SHA1: 41f7fb7bd794c0f13172aa318d164fe120697fa9
packers: UPX
packers: UPX
packers: UPX
packers: UPX

Шло вместе с поющим Путиным :D Ушло в вирлаб ЛК

Complete scanning result of "maxsetup.1307.exe", received in VirusTotal at 01.01.2007, 18:56:32 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 12.31.2006 DR/Zlob.Gen
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.01.2007 Downloader.Zlob.FWR
BitDefender 7.2 01.01.2007 Trojan.Zlob.GT
CAT-QuickHeal 8.00 01.01.2007 TrojanDownloader.Zlob.gen
ClamAV devel-20060426 01.01.2007 Trojan.Downloader.Zlob-545
DrWeb 4.33 12.31.2006 no virus found
eSafe 7.0.14.0 01.01.2007 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 01.01.2007 no virus found
Fortinet 2.82.0.0 01.01.2007 suspicious
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
Ikarus T3.1.0.27 01.01.2007 Trojan-Downloader.Win32.Zlob.ni
Kaspersky 4.0.2.24 01.01.2007 Trojan-Downloader.Win32.Zlob.bbr
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 12.31.2006 no virus found
NOD32v2 1950 01.01.2007 no virus found
Norman 5.80.02 12.31.2007 W32/Zlob.XJU
Panda 9.0.0.4 01.01.2007 no virus found
Prevx1 V2 01.01.2007 no virus found
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.141 01.01.2007 no virus found
VBA32 3.11.1 01.01.2007 no virus found
VirusBuster 4.3.19:9 01.01.2007 Trojan.DR.Zlob.Gen!Pac13

Aditional Information
File size: 60347 bytes
MD5: a7f0bb706da9e508014ba8b6579c9177
SHA1: 7e5421398dd8d363c38e09b48dc27121bca642c8
packers: UPX
packers: UPX, BINARYRES, BINARYRES
packers: UPX

Antivirus Version Update Result

[B]AntiVir 7.3.0.21 01.02.2007 HEUR/Crypted[/B]
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.01.2007 no virus found
[B]BitDefender 7.2 01.02.2007 MemScan:Trojan.PWS.PdPinch.L
CAT-QuickHeal 8.00 01.01.2007 (Suspicious) - DNAScan[/B]
ClamAV devel-20060426 01.01.2007 no virus found
[B]DrWeb 4.33 01.02.2007 Trojan.MulDrop.4896[/B]
eSafe 7.0.14.0 01.01.2007 no virus found
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3296 01.02.2007 no virus found
Ewido 4.0 01.01.2007 no virus found
[B]Fortinet 2.82.0.0 01.02.2007 suspicious[/B]
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
Ikarus T3.1.0.27 01.02.2007 no virus found
Kaspersky 4.0.2.24 01.02.2007 no virus found
[B]McAfee 4929 12.29.2006 New Win32[/B]
Microsoft 1.1904 01.02.2007 no virus found
[B]NOD32v2 1951 01.01.2007 a variant of Win32/PSW.LdPinch.NCB[/B]
Norman 5.80.02 12.31.2007 no virus found
[B]Panda 9.0.0.4 01.01.2007 Suspicious file[/B]
Prevx1 V2 01.02.2007 no virus found
[B]Sophos 4.13.0 01.01.2007 no virus found
Sunbelt 2.2.907.0 12.18.2006 VIPRE.Suspicious[/B]
TheHacker 6.0.3.141 01.01.2007 no virus found
[B]VBA32 3.11.1 01.01.2007 suspected of Embedded.MalwareScope.Trojan-PSW.Pinch.[/B]1
VirusBuster 4.3.19:9 01.01.2007 no virus found

Aditional Information
File size: 51200 bytes
MD5: 7d69316e4faa3e2dfc5ab4814e5e0781
SHA1: f9b1e2f20b12b9b3c33505b6ac79e4a4ea0295fd
packers: PECRYPT
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Antivirus Version Update Result

[B]AntiVir 7.3.0.21 01.05.2007 HEUR/Crypted
Authentium 4.93.8 12.30.2006 W32/Warezov.gen4[/B]
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.05.2007 no virus found
BitDefender 7.2 01.06.2007 no virus found
CAT-QuickHeal 9.00 01.05.2007 no virus found
ClamAV devel-20060426 01.06.2007 no virus found
DrWeb 4.33 01.06.2007 no virus found
[B]eSafe 7.0.14.0 01.05.2007 suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.107 01.06.2007 no virus found
eTrust-Vet 30.3.3307 01.06.2007 no virus found
Ewido 4.0 01.05.2007 no virus found
[B]Fortinet 2.82.0.0 01.06.2007 suspicious[/B]
[B]F-Prot 3.16f 01.05.2007 W32/Warezov.gen4
F-Prot4 4.2.1.29 01.05.2007 W32/Warezov.gen4
Ikarus T3.1.0.27 01.06.2007 Trojan-PSW.Win32.LdPinch.apk[/B]
Kaspersky 4.0.2.24 01.06.2007 no virus found
McAfee 4933 01.05.2007 no virus found
[B]Microsoft 1.1904 01.06.2007 Win32/Ldpinch
NOD32v2 1959 01.05.2007 a variant of Win32/PSW.LdPinch.BIE[/B]
Norman 5.80.02 12.31.2007 no virus found
[B]Panda 9.0.0.4 01.05.2007 Suspicious file[/B]
Prevx1 V2 01.06.2007 no virus found
Sophos 4.13.0 01.05.2007 no virus found
Sunbelt 2.2.907.0 01.05.2007 no virus found
TheHacker 6.0.3.143 01.05.2007 no virus found
UNA 1.83 01.04.2007 no virus found
[B]VBA32 3.11.1 01.06.2007 MalwareScope.Trojan-PSW.Pinch.1[/B]
VirusBuster 4.3.19:9 01.05.2007 no virus found

Aditional Information
File size: 31232 bytes
MD5: 1e3fb61c39e4921d65c3435b5c55f7f0
SHA1: ab91df5eafbc2244c543097d2ba302d9fa97081c
packers: UPX
packers: UPX
packers: UPX
packers: UPX

Antivirus Version Update Result


[B]AntiVir 7.3.0.21 01.05.2007 TR/Proxy.Horst.Gen[/B]
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.05.2007 no virus found
BitDefender 7.2 01.06.2007 no virus found
CAT-QuickHeal 9.00 01.05.2007 no virus found
ClamAV devel-20060426 01.06.2007 no virus found
DrWeb 4.33 01.06.2007 no virus found
[B]eSafe 7.0.14.0 01.05.2007 suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.107 01.06.2007 no virus found
eTrust-Vet 30.3.3307 01.06.2007 no virus found
Ewido 4.0 01.05.2007 no virus found
[B]Fortinet 2.82.0.0 01.06.2007 suspicious
F-Prot 3.16f 01.05.2007 W32/Methodbod.gen2
F-Prot4 4.2.1.29 01.05.2007 W32/Methodbod.gen2[/B]
Ikarus T3.1.0.27 01.06.2007 no virus found
Kaspersky 4.0.2.24 01.06.2007 no virus found
McAfee 4933 01.05.2007 no virus found
Microsoft 1.1904 01.06.2007 no virus found
NOD32v2 1959 01.05.2007 no virus found
[B]Norman 5.80.02 12.31.2007 W32/Malware
Panda 9.0.0.4 01.05.2007 Suspicious file[/B]
Prevx1 V2 01.06.2007 no virus found
[B]Sophos 4.13.0 01.05.2007 Mal/Behav-080[/B]
Sunbelt 2.2.907.0 01.05.2007 no virus found
TheHacker 6.0.3.143 01.05.2007 no virus found
UNA 1.83 01.04.2007 no virus found
VBA32 3.11.1 01.06.2007 no virus found
VirusBuster 4.3.19:9 01.05.2007 no virus found

Aditional Information
File size: 40448 bytes
MD5: ea7cfb190fa77011adb15b6072fa33bd
SHA1: 62ebc531b0b44ad33d133f9ceaeadb6ad6d972d6
packers: UPX
packers: UPX
packers: UPX
packers: UPX
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email][email protected][/email] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Decompressing UPX.
* File length: 40448 bytes.

[ Process/window information ]
* Modifies other process memory.
* Modifies execution flow of a remote process.