Исследование антивирусов 4

scanning result of "VIRUS___Pinch.rar", received in VirusTotal at 07.24.2006, 09:27:15 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.24 07.24.2006 no virus found
Authentium 4.93.8 07.21.2006 no virus found
Avast 4.7.844.0 07.23.2006 no virus found
AVG 386 07.21.2006 no virus found
BitDefender 7.2 07.22.2006 no virus found
CAT-QuickHeal 8.00 07.22.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 07.21.2006 no virus found
DrWeb 4.33 07.23.2006 Trojan.PWS.LDPinch.462
eTrust-InoculateIT 23.72.76 07.23.2006 no virus found
eTrust-Vet 12.6.2306 07.24.2006 no virus found
Ewido 4.0 07.23.2006 Trojan.LdPinch
Fortinet 2.77.0.0 07.23.2006 suspicious
F-Prot 3.16f 07.21.2006 no virus found
F-Prot4 4.2.1.29 07.21.2006 no virus found
Ikarus 0.2.65.0 07.23.2006 no virus found
Kaspersky 4.0.2.24 07.24.2006 no virus found
McAfee 4812 07.21.2006 no virus found
Microsoft 1.1508 07.24.2006 no virus found
NOD32v2 1.1675 07.23.2006 probably unknown NewHeur_PE virus
Norman 5.90.23 07.21.2006 no virus found
Panda 9.0.0.4 07.23.2006 Suspicious file
Sophos 4.07.0 07.24.2006 no virus found
Symantec 8.0 07.24.2006 no virus found
TheHacker 5.9.8.180 07.24.2006 no virus found
UNA 1.83 07.21.2006 Win32.CRYPT.virus
VBA32 3.11.0 07.24.2006 Trojan.PWS.LDPinch.462
VirusBuster 4.3.7:9 07.23.2006 no virus found


Aditional Information
File size: 135398 bytes
MD5: 5b09a2cb7fb3b59dbc441053a60781ca
SHA1: 5143220e2fe690024260d707d3fb8affedb4b53e
packers: SVKProtector

Вдогонку, тест распакованного из архива вируса дал:
Ikarus 0.2.65.0 07.23.2006 Backdoor.Win32.SdBot.AKU

Икарусу стоило бы понимать РАР :)

Complete scanning result of "winccf32.dll", received in VirusTotal at 07.24.2006, 10:17:56 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.24 07.24.2006 TR/PCK.Klone.G.15
Authentium 4.93.8 07.21.2006 no virus found
Avast 4.7.844.0 07.23.2006 Win32:Klone-N
AVG 386 07.21.2006 Generic.YEC
BitDefender 7.2 07.22.2006 Trojan.Downloader.Agent.ADE
CAT-QuickHeal 8.00 07.22.2006 no virus found
ClamAV devel-20060426 07.21.2006 no virus found
DrWeb 4.33 07.23.2006 no virus found
eTrust-InoculateIT 23.72.76 07.23.2006 no virus found
eTrust-Vet 12.6.2306 07.24.2006 no virus found
Ewido 4.0 07.23.2006 no virus found
Fortinet 2.77.0.0 07.23.2006 W32/Klone.G
F-Prot 3.16f 07.21.2006 no virus found
F-Prot4 4.2.1.29 07.21.2006 no virus found
Ikarus 0.2.65.0 07.24.2006 no virus found
Kaspersky 4.0.2.24 07.24.2006 Packed.Win32.Klone.g
McAfee 4812 07.21.2006 no virus found
Microsoft 1.1508 07.24.2006 no virus found
NOD32v2 1.1675 07.23.2006 no virus found
Norman 5.90.23 07.21.2006 no virus found
Panda 9.0.0.4 07.23.2006 Suspicious file
Sophos 4.07.0 07.24.2006 no virus found
Symantec 8.0 07.24.2006 no virus found
TheHacker 5.9.8.180 07.24.2006 no virus found
UNA 1.83 07.21.2006 no virus found
VBA32 3.11.0 07.24.2006 no virus found
VirusBuster 4.3.7:9 07.23.2006 no virus found

Aditional Information
File size: 18944 bytes
MD5: f849bedb22de523bf9ced1edea4d6e3e
SHA1: 2a57e9929ee939640a1655cba394b16b18c5cd7f
packers: PecBundle, PECompact

STATUS: FINISHEDComplete scanning result of "winlogon1.exe", received in VirusTotal at 07.26.2006, 14:58:27 (CET).
Antivirus Version Update Result
AntiVir 6.35.1.0 07.26.2006 no virus found
Authentium 4.93.8 07.26.2006 no virus found
Avast 4.7.844.0 07.26.2006 no virus found
AVG 386 07.25.2006 no virus found
BitDefender 7.2 07.26.2006 no virus found
CAT-QuickHeal 8.00 07.26.2006 no virus found
ClamAV devel-20060426 07.26.2006 no virus found
DrWeb 4.33 07.26.2006 no virus found
eTrust-InoculateIT 23.72.78 07.25.2006 no virus found
eTrust-Vet 12.6.2309 07.26.2006 no virus found
Ewido 4.0 07.26.2006 no virus found
Fortinet 2.77.0.0 07.26.2006 no virus found
F-Prot 3.16f 07.26.2006 no virus found
F-Prot4 4.2.1.29 07.26.2006 no virus found
Ikarus 0.2.65.0 07.26.2006 no virus found
Kaspersky 4.0.2.24 07.26.2006 no virus found
McAfee 4814 07.25.2006 no virus found
Microsoft 1.1508 07.26.2006 no virus found
NOD32v2 1.1679 07.26.2006 no virus found
Norman 5.90.23 07.26.2006 no virus found
Panda 9.0.0.4 07.26.2006 no virus found
Sophos 4.07.0 07.26.2006 no virus found
Symantec 8.0 07.26.2006 no virus found
TheHacker 5.9.8.181 07.25.2006 no virus found
UNA 1.83 07.25.2006 no virus found
VBA32 3.11.0 07.26.2006 suspected of Trojan.Perflog.12
VirusBuster 4.3.7:9 07.25.2006 no virus found

это действительно троян, свежайший ITW ...

Complete scanning result of "Process._xe", received in VirusTotal at 07.28.2006, 13:34:13 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.0 07.28.2006 no virus found
Authentium 4.93.8 07.28.2006 no virus found
Avast 4.7.844.0 07.26.2006 no virus found
AVG 386 07.27.2006 no virus found
BitDefender 7.2 07.28.2006 no virus found
CAT-QuickHeal 8.00 07.26.2006 no virus found
ClamAV devel-20060426 07.27.2006 no virus found
DrWeb 4.33 07.28.2006 no virus found
eTrust-InoculateIT 23.72.80 07.28.2006 no virus found
eTrust-Vet 12.6.2314 07.28.2006 no virus found
Ewido 4.0 07.27.2006 no virus found
Fortinet 2.77.0.0 07.27.2006 no virus found
F-Prot 3.16f 07.27.2006 no virus found
F-Prot4 4.2.1.29 07.27.2006 no virus found
Ikarus 0.2.65.0 07.27.2006 no virus found
Kaspersky 4.0.2.24 07.28.2006 no virus found
McAfee 4816 07.27.2006 potentially unwanted program PrcViewer
Microsoft 1.1508 07.27.2006 no virus found
NOD32v2 1.1682 07.27.2006 Win32/PrcView
Norman 5.90.23 07.28.2006 no virus found
Panda 9.0.0.4 07.27.2006 Application/Processor
Sophos 4.07.0 07.28.2006 no virus found
Symantec 8.0 07.28.2006 no virus found
TheHacker 5.9.8.182 07.27.2006 Aplicacion/Processor.20
UNA 1.83 07.27.2006 no virus found
VBA32 3.11.0 07.27.2006 no virus found
VirusBuster 4.3.7:9 07.27.2006 no virus found

Aditional Information
File size: 53248 bytes
MD5: 7397f6ee4a9601a123b645c0cd428017
SHA1: 890368473ecbc404dcd42ff0c6c38397102f59c0

Complete scanning result of "avz00003.dta", received in VirusTotal at 07.29.2006, 07:58:27 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.0 07.28.2006 no virus found
Authentium 4.93.8 07.29.2006 no virus found
Avast 4.7.844.0 07.28.2006 no virus found
AVG 386 07.28.2006 no virus found
BitDefender 7.2 07.29.2006 no virus found
CAT-QuickHeal 8.00 07.28.2006 no virus found
ClamAV devel-20060426 07.27.2006 no virus found
DrWeb 4.33 07.28.2006 no virus found
eTrust-InoculateIT 23.72.81 07.29.2006 no virus found
eTrust-Vet 12.6.2314 07.28.2006 no virus found
Ewido 4.0 07.28.2006 no virus found
Fortinet 2.77.0.0 07.29.2006 W32/Small.UD!tr
F-Prot 3.16f 07.28.2006 no virus found
F-Prot4 4.2.1.29 07.28.2006 no virus found
Ikarus 0.2.65.0 07.28.2006 no virus found
Kaspersky 4.0.2.24 07.29.2006 no virus found
McAfee 4817 07.28.2006 no virus found
Microsoft 1.1508 07.27.2006 no virus found
NOD32v2 1.1683 07.28.2006 no virus found
Norman 5.90.23 07.28.2006 no virus found
Panda 9.0.0.4 07.28.2006 no virus found
Sophos 4.08.0 07.29.2006 no virus found
Symantec 8.0 07.29.2006 no virus found
TheHacker 5.9.8.182 07.27.2006 no virus found
UNA 1.83 07.28.2006 no virus found
VBA32 3.11.0 07.28.2006 no virus found
VirusBuster 4.3.7:9 07.28.2006 no virus found

Aditional Information
File size: 186368 bytes
MD5: e9cd5f02365e9a0e92772bb08120385a
SHA1: 374b3ad656445df8c721ceb895eaeff96c16c8d1
packers: PecBundle, PECompact

Complete scanning result of "avz00004.dta", received in VirusTotal at 07.29.2006, 08:02:29 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.0 07.28.2006 no virus found
Authentium 4.93.8 07.29.2006 no virus found
Avast 4.7.844.0 07.28.2006 no virus found
AVG 386 07.28.2006 BackDoor.Agent.BWP
BitDefender 7.2 07.29.2006 Trojan.Antiav.3.9
CAT-QuickHeal 8.00 07.28.2006 no virus found
ClamAV devel-20060426 07.27.2006 no virus found
DrWeb 4.33 07.28.2006 Trojan.MulDrop.3299
eTrust-InoculateIT 23.72.81 07.29.2006 no virus found
eTrust-Vet 12.6.2314 07.28.2006 Win32/Covesmer.L
Ewido 4.0 07.28.2006 Backdoor.Agent.adr
Fortinet 2.77.0.0 07.29.2006 W32/Agent.ADR!tr.bdr
F-Prot 3.16f 07.28.2006 no virus found
F-Prot4 4.2.1.29 07.28.2006 no virus found
Ikarus 0.2.65.0 07.28.2006 no virus found
Kaspersky 4.0.2.24 07.29.2006 no virus found
McAfee 4817 07.28.2006 no virus found
Microsoft 1.1508 07.27.2006 no virus found
NOD32v2 1.1683 07.28.2006 a variant of Win32/TrojanDropper.Agent.AKO
Norman 5.90.23 07.28.2006 no virus found
Panda 9.0.0.4 07.28.2006 Adware/SpySheriff
Sophos 4.08.0 07.29.2006 no virus found
Symantec 8.0 07.29.2006 no virus found
TheHacker 5.9.8.182 07.27.2006 no virus found
UNA 1.83 07.28.2006 no virus found
VBA32 3.11.0 07.28.2006 no virus found
VirusBuster 4.3.7:9 07.28.2006 no virus found


Aditional Information
File size: 184320 bytes
MD5: bd5d084936a498db3e938b2316707657
SHA1: d993877ba3828857853266d4fa15cdeda258865e

Complete scanning result of "drsmartload185a.exe", received in VirusTotal at 07.29.2006, 08:54:23 (CET).
Antivirus Version Update Result
AntiVir 6.35.1.0 07.28.2006 no virus found
Authentium 4.93.8 07.29.2006 no virus found
Avast 4.7.844.0 07.28.2006 no virus found
AVG 386 07.28.2006 no virus found
BitDefender 7.2 07.29.2006 BehavesLike:Trojan.Downloader
CAT-QuickHeal 8.00 07.28.2006 no virus found
ClamAV devel-20060426 07.27.2006 no virus found
DrWeb 4.33 07.28.2006 Adware.DollarRevenue
eTrust-InoculateIT 23.72.81 07.29.2006 no virus found
eTrust-Vet 12.6.2314 07.28.2006 no virus found
Ewido 4.0 07.28.2006 Downloader.VB.aiw
Fortinet 2.77.0.0 07.29.2006 no virus found
F-Prot 3.16f 07.28.2006 no virus found
F-Prot4 4.2.1.29 07.28.2006 no virus found
Ikarus 0.2.65.0 07.28.2006 no virus found
Kaspersky 4.0.2.24 07.29.2006 no virus found
McAfee 4817 07.28.2006 no virus found
Microsoft 1.1508 07.27.2006 no virus found
NOD32v2 1.1683 07.28.2006 Win32/TrojanDownloader.Adload.NAR
Norman 5.90.23 07.28.2006 no virus found
Panda 9.0.0.4 07.28.2006 no virus found
Sophos 4.08.0 07.29.2006 no virus found
Symantec 8.0 07.29.2006 no virus found
TheHacker 5.9.8.182 07.27.2006 no virus found
UNA 1.83 07.28.2006 no virus found
VBA32 3.11.0 07.28.2006 no virus found
VirusBuster 4.3.7:9 07.28.2006 no virus found
---------------
Complete scanning result of "win32.exe", received in VirusTotal at 07.29.2006, 09:00:53 (CET).
Antivirus Version Update Result
AntiVir 6.35.1.0 07.29.2006 TR/Dldr.Tibs.C
Authentium 4.93.8 07.29.2006 W32/Downloader.AFBZ
Avast 4.7.844.0 07.28.2006 Win32:Tibs-DG
AVG 386 07.28.2006 no virus found
BitDefender 7.2 07.29.2006 no virus found
CAT-QuickHeal 8.00 07.28.2006 no virus found
ClamAV devel-20060426 07.27.2006 no virus found
DrWeb 4.33 07.28.2006 Trojan.DownLoader.10891
eTrust-InoculateIT 23.72.81 07.29.2006 no virus found
eTrust-Vet 12.6.2314 07.28.2006 Win32/Vxidl!generic
Ewido 4.0 07.28.2006 Downloader.Tibs.gc
Fortinet 2.77.0.0 07.29.2006 no virus found
F-Prot 3.16f 07.28.2006 W32/Downloader.AFBZ
F-Prot4 4.2.1.29 07.28.2006 Possibly a new unknown PE_Virus!Maximus
Ikarus 0.2.65.0 07.28.2006 no virus found
Kaspersky 4.0.2.24 07.29.2006 no virus found
McAfee 4817 07.28.2006 no virus found
Microsoft 1.1508 07.27.2006 no virus found
NOD32v2 1.1683 07.28.2006 probably a variant of Win32/TrojanDownloader.Small.AWA
Norman 5.90.23 07.28.2006 no virus found
Panda 9.0.0.4 07.28.2006 Suspicious file
Sophos 4.08.0 07.29.2006 no virus found
Symantec 8.0 07.29.2006 Trojan.Galapoper.A
TheHacker 5.9.8.182 07.27.2006 no virus found
UNA 1.83 07.28.2006 no virus found
VBA32 3.11.0 07.28.2006 Trojan.DownLoader.10891
VirusBuster 4.3.7:9 07.28.2006 no virus found

Complete scanning result of "SYS2.DLL", received in VirusTotal at 07.31.2006, 08:32:08 (CET).

Antivirus Version Update Result
AntiVir6.35.1.007.30.2006no virus found
Authentium4.93.807.29.2006no virus found
Avast4.7.844.007.29.2006no virus found
AVG38607.28.2006no virus found
BitDefender7.207.31.2006no virus found
CAT-QuickHeal8.0007.31.2006no virus found
ClamAVdevel-2006042607.31.2006no virus found
DrWeb 4.3307.30.2006no virus found
eTrust-InoculateIT23.72.8207.30.2006no virus found
eTrust-Vet12.6.231407.28.2006no virus found
Ewido4.007.30.2006no virus found
Fortinet2.77.0.007.30.2006no virus found
F-Prot3.16f07.28.2006no virus found
F-Prot44.2.1.2907.28.2006no virus found
Ikarus0.2.65.007.28.2006no virus found
[B] Kaspersky4.0.2.2407.31.2006not-a-virus:Monitor.Win32.ActualSpy.a[/B]
McAfee481707.28.2006no virus found
Microsoft1.150807.27.2006no virus found
[B] NOD32v21.168407.29.2006a variant of Win32/RiskWare.ActualSpy[/B]
Norman5.90.2307.28.2006no virus found
Panda9.0.0.407.30.2006no virus found
Sophos4.08.007.30.2006no virus found
Symantec8.007.31.2006no virus found
TheHacker5.9.8.18307.30.2006no virus found
UNA1.8307.28.2006no virus found
[B] VBA323.11.007.31.2006suspected of Malware.Delf.24[/B]
VirusBuster4.3.7:907.30.2006no virus found

[U]Aditional Information[/U]
File size: 20480 bytes
MD5: 154c89f71c125660f1ef4cc7a903a1e9
SHA1: 0914c5ca347e090fec684eab8b18fa2f3076183f
packers: embedded

Complete scanning result of "pmnlm.dll", received in VirusTotal at 07.31.2006, 13:24:31 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.0 07.31.2006 ADSPY/Virtumonde.BD
Authentium 4.93.8 07.29.2006 no virus found
Avast 4.7.844.0 07.31.2006 no virus found
AVG 386 07.28.2006 no virus found
BitDefender 7.2 07.31.2006 no virus found
CAT-QuickHeal 8.00 07.31.2006 no virus found
ClamAV devel-20060426 07.31.2006 no virus found
DrWeb 4.33 07.31.2006 Trojan.Virtumod
eTrust-InoculateIT 23.72.82 07.30.2006 no virus found
eTrust-Vet 12.6.2318 07.31.2006 Win32/Vundo
Ewido 4.0 07.30.2006 no virus found
Fortinet 2.77.0.0 07.30.2006 suspicious
F-Prot 3.16f 07.28.2006 no virus found
F-Prot4 4.2.1.29 07.28.2006 no virus found
Ikarus 0.2.65.0 07.28.2006 no virus found
Kaspersky 4.0.2.24 07.31.2006 not-a-virus:AdWare.Win32.Virtumonde.gen
McAfee 4817 07.28.2006 Vundo
Microsoft 1.1508 07.27.2006 no virus found
NOD32v2 1.1684 07.29.2006 no virus found
Norman 5.90.23 07.31.2006 no virus found
Panda 9.0.0.4 07.30.2006 Suspicious file
Sophos 4.08.0 07.31.2006 no virus found
Symantec 8.0 07.31.2006 no virus found
TheHacker 5.9.8.183 07.30.2006 no virus found
UNA 1.83 07.28.2006 no virus found
VBA32 3.11.0 07.31.2006 no virus found
VirusBuster 4.3.7:9 07.30.2006 no virus found

Aditional Information
File size: 581684 bytes
MD5: 124748ab0a385191bf04af0336e6df55
SHA1: 3d87c659daccfb410a4aa36a1004c3f95f48c0e7
packers: embedded

Complete scanning result of "DC008_FOTO.JGP___________________", received in VirusTotal at 08.01.2006, 07:24:32 (CET).

AntivirusVersionUpdateResult [B]
AntiVir6.35.1.007.31.2006HEUR/Win32.Virus.Hdr[/B]
Authentium4.93.807.31.2006no virus found
Avast4.7.844.007.31.2006no virus found
AVG38607.31.2006no virus found
BitDefender7.208.01.2006no virus found
[B] CAT-QuickHeal8.0007.31.2006(Suspicious) - DNAScan[/B]
[B] ClamAVdevel-2006042608.01.2006Trojan.Downloader.Small-1712[/B]
DrWeb 4.3307.31.2006no virus found
eTrust-InoculateIT23.72.8307.31.2006no virus found
eTrust-Vet12.6.231807.31.2006no virus found
Ewido4.007.31.2006no virus found
[B] Fortinet2.77.0.008.01.2006suspicious[/B]
F-Prot3.16f07.31.2006no virus found
F-Prot44.2.1.2907.31.2006no virus found
[B] Ikarus0.2.65.007.31.2006Trojan-Downloader.Win32.Small.CIE[/B]
Kaspersky4.0.2.2408.01.2006no virus found
[B] McAfee481807.31.2006Downloader-ZL[/B]
[B] Microsoft1.150807.27.2006TrojanDropper:Win32/Small.gen[/B]
[B] NOD32v21.168507.31.2006probably unknown NewHeur_PE virus[/B]
[B] Norman5.90.2307.31.2006W32/Downloader
Panda9.0.0.407.31.2006Trj/Downloader.JOU[/B]
Sophos4.08.008.01.2006no virus found
[B] Symantec8.008.01.2006Trojan.Gobrena[/B]
TheHacker5.9.8.18407.31.2006no virus found
UNA1.8307.31.2006no virus found
[B] VBA323.11.007.31.2006suspected of Win32.Trojan.Downloader (http://{removed}/flash/menu6.swf)[/B]
VirusBuster4.3.7:907.31.2006no virus found

[U]Aditional Information[/U] File size: 2369 bytesMD5: e3fa68c3f01a36db8bf3e246f1f1b457SHA1: 670f099c4cd4f9ab12ee899c95d5bb85594c2655Norman SandBox:
[ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [EMAIL="[email protected]"][email protected][/EMAIL] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* File length: 2369 bytes.

[ Changes to filesystem ]
* Creates file C:oot.log.
* Deletes file c:oot.log.
* Creates file C:autoexec32.exe.

[ Network services ]
* Downloads file from [URL="http://update.microsoft.com/"]http://update.microsoft.com/[/URL] as c:oot.log.
* Downloads file from xttp//www.eden21.net/flash/menu6.swf as c:autoexec32.exe.

[ Security issues ]
* Starting downloaded file - potential security problem.

Complete scanning result of "GainPlugin.dll", received in VirusTotal at 08.01.2006, 10:52:38 (CET).

AntivirusVersionUpdateResult
[B] AntiVir6.35.1.008.01.2006 ADSPY/Gator.1101.2[/B]
Authentium4.93.807.31.2006 no virus found
Avast4.7.844.007.31.2006 no virus found
[B] AVG38607.31.2006 Adware Generic.CYU[/B]
BitDefender7.208.01.2006 no virus found
CAT-QuickHeal-07.31.2006 no virus found
ClamAVdevel-2006042608.01.2006 no virus found
DrWebn- no virus found
eTrust-InoculateIT23.72.8307.31.2006 no virus found
eTrust-Vet12.6.231908.01.2006 no virus found
Ewido4.008.01.2006 no virus found
Fortinet2.77.0.008.01.2006 no virus found
F-Prot3.16f07.31.2006 no virus found
F-Prot44.2.1.2907.31.2006 no virus found
Ikarus0.2.65.007.31.2006 no virus found
[B] Kaspersky4.0.2.2408.01.2006 not-a-virus:AdWare.Win32.Gator.1101[/B]
[B] McAfee481807.31.2006 potentially unwanted program Adware-GAIN[/B]
Microsoft1.150807.27.2006 no virus found
NOD32v21.168608.01.2006 no virus found
Norman5.90.2307.31.2006 no virus found
[B] Panda9.0.0.407.31.2006 Suspicious file[/B]
Sophos4.08.008.01.2006 no virus found
Symantec8.008.01.2006 no virus found
TheHacker5.9.8.18407.31.2006 no virus found
UNA1.8308.01.2006 no virus found
[B] VBA323.11.007.31.2006 suspected of Adware.Gator.3[/B]
VirusBuster4.3.7:907.31.2006 no virus found

[U]Aditional Information[/U]
File size: 65536 bytes
MD5: 34cc0828ec37e6a04bfe48b521689e4f
SHA1: 4586064fee90142f4eb9ce5836664256fce19745

Результаты

AntiVir 6.35.1.0 08.02.2006 HEUR/Crypted.Modified
Authentium 4.93.8 08.02.2006 no virus found
Avast 4.7.844.0 08.02.2006 Win32:Ldpinch-EJ
AVG 386 08.01.2006 no virus found
BitDefender 7.2 08.02.2006 no virus found
CAT-QuickHeal 8.00 08.02.2006 no virus found
ClamAV devel-20060426 08.02.2006 no virus found
DrWeb 4.33 08.02.2006 no virus found
eTrust-InoculateIT 23.72.84 08.01.2006 no virus found
eTrust-Vet 12.6.2321 08.02.2006 no virus found
Ewido 4.0 08.02.2006 no virus found
Fortinet 2.77.0.0 08.02.2006 suspicious
F-Prot 3.16f 08.02.2006 no virus found
F-Prot4 4.2.1.29 08.02.2006 no virus found
Ikarus 0.2.65.0 08.02.2006 no virus found
Kaspersky 4.0.2.24 08.02.2006 no virus found
McAfee 4819 08.01.2006 no virus found
Microsoft 1.1508 08.02.2006 Win32/Ldpinch
NOD32v2 1.1687 08.01.2006 probably unknown NewHeur_PE virus
Norman 5.90.23 08.02.2006 no virus found
Panda 9.0.0.4 08.01.2006 Suspicious file
Sophos 4.08.0 08.02.2006 Troj/LdPnch-Gen
Symantec 8.0 08.02.2006 no virus found
TheHacker 5.9.8.185 08.02.2006 no virus found
UNA 1.83 08.01.2006 no virus found
VBA32 3.11.0 08.01.2006 suspected of Trojan-PSW.PdPinch.1
VirusBuster 4.3.7:9 08.01.2006 no virus found

Complete scanning result of "intcodec-v6.335.exe", received in VirusTotal at 08.05.2006, 19:31:11 (CET).

AntiVir 6.35.1.0 08.05.2006 no virus found
Authentium 4.93.8 08.04.2006 no virus found
Avast 4.7.844.0 08.04.2006 no virus found
[b] AVG 386 08.04.2006 Downloader.Zlob.CGR [/b]
[b]BitDefender 7.2 08.05.2006 Trojan.Zlob.Gen [/b]
CAT-QuickHeal 8.00 08.04.2006 no virus found
[b]ClamAV devel-20060426 08.04.2006 Trojan.Downloader.Zlob-471[/b]
DrWeb 4.33 08.05.2006 no virus found
eTrust-InoculateIT 23.72.87 08.04.2006 no virus found
eTrust-Vet 12.6.2324 08.04.2006 no virus found
Ewido 4.0 08.05.2006 no virus found
[b]Fortinet 2.77.0.0 08.05.2006 suspicious [/b]
F-Prot 3.16f 08.04.2006 no virus found
F-Prot4 4.2.1.29 08.04.2006 no virus found
[b]Ikarus 0.2.65.0 08.04.2006 Trojan-Downloader.Win32.Zlob.ni [/b]
Kaspersky 4.0.2.24 08.05.2006 no virus found
McAfee 4822 08.04.2006 no virus found
Microsoft 1.1508 08.04.2006 no virus found
NOD32v2 1.1693 08.05.2006 no virus found
Norman 5.90.23 08.04.2006 no virus found
Panda 9.0.0.4 08.05.2006 no virus found
Sophos 4.08.0 08.05.2006 no virus found
Symantec 8.0 08.05.2006 no virus found
TheHacker 5.9.8.186 08.04.2006 no virus found
[b] UNA 1.83 08.04.2006 TrojanDownloader.Win32.Zlob [/b]
VBA32 3.11.0 08.04.2006 no virus found
VirusBuster 4.3.7:9 08.05.2006 no virus found

Antivirus Version Update Result
AntiVir 6.35.1.0 08.07.2006 HEUR/Hijacker
Authentium 4.93.8 08.06.2006 Possibly a new variant of W32/Threat-HLLSI-based!Maximus
Avast 4.7.844.0 08.04.2006 no virus found
AVG 386 08.05.2006 PSW.Generic2.CYG
BitDefender 7.2 08.07.2006 Generic.Malware.SMB.B37B41D1
CAT-QuickHeal 8.00 08.07.2006 no virus found
ClamAV devel-20060426 08.06.2006 no virus found
DrWeb 4.33 08.07.2006 Trojan.PWS.Rat
eTrust-InoculateIT 23.72.88 08.06.2006 no virus found
eTrust-Vet 12.6.2324 08.04.2006 no virus found
Ewido 4.0 08.06.2006 Logger.TheRat.b
Fortinet 2.77.0.0 08.07.2006 no virus found
F-Prot 3.16f 08.06.2006 Possibly a new variant of W32/Threat-HLLSI-based!Maximus
F-Prot4 4.2.1.29 08.06.2006 W32/Threat-HLLSI-based!Maximus
Ikarus 0.2.65.0 08.07.2006 no virus found
Kaspersky 4.0.2.24 08.07.2006 Trojan-Spy.Win32.TheRat.b
McAfee 4822 08.04.2006 no virus found
Microsoft 1.1508 08.04.2006 no virus found
NOD32v2 1.1694 08.05.2006 no virus found
Norman 5.90.23 08.04.2006 no virus found
Panda 9.0.0.4 08.06.2006 no virus found
Sophos 4.08.0 08.07.2006 no virus found
Symantec 8.0 08.07.2006 no virus found
TheHacker 5.9.8.187 08.07.2006 no virus found
UNA 1.83 08.04.2006 no virus found
VBA32 3.11.0 08.06.2006 Trojan-Spy.Win32.TheRat.b
VirusBuster 4.3.7:9 08.06.2006 no virus found

Antivirus Version Update Result
AntiVir 6.35.1.0 08.07.2006 TR/VB.akr
Authentium 4.93.8 08.06.2006 no virus found
Avast 4.7.844.0 08.04.2006 Win32:Trojan-gen. {VB}
AVG 386 08.05.2006 Generic.SPI
BitDefender 7.2 08.07.2006 Trojan.Vb.AKR
CAT-QuickHeal 8.00 08.07.2006 no virus found
ClamAV devel-20060426 08.06.2006 no virus found
DrWeb 4.33 08.07.2006 Trojan.PWS.Yah
eTrust-InoculateIT 23.72.88 08.06.2006 no virus found
eTrust-Vet 12.6.2324 08.04.2006 no virus found
Ewido 4.0 08.06.2006 Trojan.VB.akr
Fortinet 2.77.0.0 08.07.2006 W32/VB.AKR!tr
F-Prot 3.16f 08.06.2006 no virus found
F-Prot4 4.2.1.29 08.06.2006 no virus found
Ikarus 0.2.65.0 08.07.2006 no virus found
Kaspersky 4.0.2.24 08.07.2006 Trojan.Win32.VB.akr
McAfee 4822 08.04.2006 W32/Generic.worm!p2p
Microsoft 1.1508 08.04.2006 no virus found
NOD32v2 1.1694 08.05.2006 Win32/VB.AKR
Norman 5.90.23 08.04.2006 W32/VBTroj.BJD
Panda 9.0.0.4 08.06.2006 Suspicious file
Sophos 4.08.0 08.07.2006 no virus found
Symantec 8.0 08.07.2006 Trojan Horse
TheHacker 5.9.8.187 08.07.2006 no virus found
UNA 1.83 08.04.2006 no virus found
VBA32 3.11.0 08.06.2006 no virus found
VirusBuster 4.3.7:9 08.06.2006 no virus found

AntiVir 6.35.1.0 08.07.2006 EXP/Agent.B
Authentium 4.93.8 08.06.2006 no virus found
Avast 4.7.844.0 08.04.2006 no virus found
AVG 386 08.05.2006 no virus found
BitDefender 7.2 08.07.2006 no virus found
CAT-QuickHeal 8.00 08.07.2006 no virus found
ClamAV devel-20060426 08.06.2006 no virus found
DrWeb 4.33 08.07.2006 no virus found
eTrust-InoculateIT 23.72.88 08.06.2006 no virus found
eTrust-Vet 12.6.2328 08.07.2006 no virus found
Ewido 4.0 08.07.2006 Hijacker.Agent.a
Fortinet 2.77.0.0 08.07.2006 HTML/Clicker.B!tr
F-Prot 3.16f 08.06.2006 no virus found
F-Prot4 4.2.1.29 08.06.2006 no virus found
Ikarus 0.2.65.0 08.07.2006 no virus found
Kaspersky 4.0.2.24 08.07.2006 Trojan-Clicker.HTML.Agent.a
McAfee 4822 08.04.2006 no virus found
Microsoft 1.1508 08.04.2006 no virus found
NOD32v2 1.1694 08.05.2006 no virus found
Norman 5.90.23 08.07.2006 no virus found
Panda 9.0.0.4 08.07.2006 no virus found
Sophos 4.08.0 08.07.2006 no virus found
Symantec 8.0 08.07.2006 no virus found
TheHacker 5.9.8.187 08.07.2006 no virus found
UNA 1.83 08.04.2006 no virus found
VBA32 3.11.0 08.07.2006 Trojan-Clicker.HTML.Agent.a#22
VirusBuster 4.3.7:9 08.07.2006 no virus found

Complete scanning result of "exe_1", received in VirusTotal at 08.07.2006, 18:04:10 (CET).
Antivirus Version Update Result
AntiVir 6.35.1.0 08.07.2006 HEUR/Win32.Virus.HLLP
Authentium 4.93.8 08.06.2006 no virus found
Avast 4.7.844.0 08.04.2006 no virus found
AVG 386 08.07.2006 no virus found
BitDefender 7.2 08.07.2006 MemScan:Backdoor.Haxdoor.IX
CAT-QuickHeal 8.00 08.07.2006 no virus found
ClamAV devel-20060426 08.07.2006 no virus found
DrWeb 4.33 08.07.2006 Trojan.MulDrop.3820
eTrust-InoculateIT 23.72.88 08.06.2006 Win32/Unknown!Trojan
eTrust-Vet 12.6.2328 08.07.2006 Win32/Multidropper.AJ
Ewido 4.0 08.07.2006 no virus found
Fortinet 2.77.0.0 08.07.2006 W32/Small.APZ!tr
F-Prot 3.16f 08.06.2006 no virus found
F-Prot4 4.2.1.29 08.06.2006 no virus found
Ikarus 0.2.65.0 08.07.2006 no virus found
Kaspersky 4.0.2.24 08.07.2006 Trojan-Dropper.Win32.Small.apz
McAfee 4823 08.07.2006 no virus found
Microsoft 1.1508 08.04.2006 no virus found
NOD32v2 1.1695 08.07.2006 probably unknown NewHeur_PE virus
Norman 5.90.23 08.07.2006 no virus found
Panda 9.0.0.4 08.07.2006 Suspicious file
Sophos 4.08.0 08.07.2006 no virus found
Symantec 8.0 08.07.2006 no virus found
TheHacker 5.9.8.187 08.07.2006 no virus found
UNA 1.83 08.04.2006 TrojanDropper.Win32.Small
VBA32 3.11.0 08.07.2006 Trojan-Dropper.Win32.Small.apz
VirusBuster 4.3.7:9 08.07.2006 no virus found

Aditional Information
File size: 65654 bytes
MD5: a3404e3847ff77d63d6183361224fe1a
SHA1: 58fd90a5ea3037c694caf54d186318c99b20cb42
packers: embedded

Complete scanning result of "exe_2", received in VirusTotal at 08.07.2006, 18:04:37 (CET).
Antivirus Version Update Result
AntiVir 6.35.1.0 08.07.2006 no virus found
Authentium 4.93.8 08.06.2006 no virus found
Avast 4.7.844.0 08.04.2006 Win32:Trojan-gen. {Other}
AVG 386 08.07.2006 no virus found
BitDefender 7.2 08.07.2006 Backdoor.Haxdoor.IX
CAT-QuickHeal 8.00 08.07.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 08.07.2006 no virus found
DrWeb 4.33 08.07.2006 BackDoor.Haxdoor.287
eTrust-InoculateIT 23.72.88 08.06.2006 no virus found
eTrust-Vet 12.6.2328 08.07.2006 Win32/Haxdoor!generic
Ewido 4.0 08.07.2006 no virus found
Fortinet 2.77.0.0 08.07.2006 suspicious
F-Prot 3.16f 08.06.2006 no virus found
F-Prot4 4.2.1.29 08.06.2006 no virus found
Ikarus 0.2.65.0 08.07.2006 no virus found
Kaspersky 4.0.2.24 08.07.2006 Backdoor.Win32.Haxdoor.iy
McAfee 4823 08.07.2006 no virus found
Microsoft 1.1508 08.04.2006 no virus found
NOD32v2 1.1695 08.07.2006 a variant of Win32/Haxdoor
Norman 5.90.23 08.07.2006 W32/Haxdoor.ALQ
Panda 9.0.0.4 08.07.2006 Bck/Haxdoor.LR
Sophos 4.08.0 08.07.2006 no virus found
Symantec 8.0 08.07.2006 no virus found
TheHacker 5.9.8.187 08.07.2006 no virus found
UNA 1.83 08.04.2006 no virus found
VBA32 3.11.0 08.07.2006 suspected of Embedded.Backdoor.Win32.Haxdoor.iy
VirusBuster 4.3.7:9 08.07.2006 Trojan.DR.Haxdoor.Gen.4

Aditional Information
File size: 53189 bytes
MD5: 673bec1a7aeb5a4ea96d230909eb413f
SHA1: af6db7da9dfad7f5142547a8bdc9256cd1961c39
packers: FSG

Complete scanning result of "lger.exe", received in VirusTotal at 08.08.2006, 13:53:30
(CET).

Antivirus Version Update Result
AntiVir 6.35.1.0 08.08.2006 no virus found
Authentium 4.93.8 08.08.2006 no virus found
Avast 4.7.844.0 08.04.2006 no virus found
AVG 386 08.07.2006 no virus found
BitDefender 7.2 08.08.2006 Dropped:Trojan.Downloader.Small.CYF
CAT-QuickHeal 8.00 08.08.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 08.08.2006 no virus found
DrWeb 4.33 08.08.2006 Trojan.MulDrop.4061
eTrust-InoculateIT 23.72.89 08.08.2006 no virus found
eTrust-Vet 12.6.2329 08.08.2006 no virus found
Ewido 4.0 08.08.2006 no virus found
Fortinet 2.77.0.0 08.08.2006 no virus found
F-Prot 3.16f 08.06.2006 no virus found
F-Prot4 4.2.1.29 08.06.2006 no virus found
Ikarus 0.2.65.0 08.08.2006 no virus found
Kaspersky 4.0.2.24 08.08.2006 Trojan-Dropper.Win32.Agent.atu
McAfee 4823 08.07.2006 no virus found
Microsoft 1.1508 08.04.2006 no virus found
NOD32v2 1.1696 08.07.2006 a variant of Win32/TrojanDownloader.Small.NLI
Norman 5.90.23 08.08.2006 W32/Downloader
Panda 9.0.0.4 08.07.2006 Suspicious file
Sophos 4.08.0 08.08.2006 no virus found
Symantec 8.0 08.08.2006 no virus found
TheHacker 5.9.8.187 08.07.2006 no virus found
UNA 1.83 08.07.2006 no virus found
VBA32 3.11.0 08.07.2006 suspected of Embedded.Trojan-Dropper.Win32.Tiny.d
VirusBuster 4.3.7:9 08.07.2006 no virus found

Aditional Information
File size: 29184 bytes
MD5: ed090462824e8eee300d212063346088
SHA1: 2cb8c50c7008a55a2f6113ed6ae7d50c3752af83
packers: PecBundle, PECompact
Norman SandBox:
[ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email][email protected][/email] - REMEMBER TO
ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Decompressing PEC2.
* Creating several executable files on hard-drive.
* File length: 29184 bytes.

[ Changes to filesystem ]
* Creates file C:WINDOWSTEMP<981.exe.
* Creates file C:WINDOWSSYSTEM32shchostv.exe.
* Creates file C:WINDOWSTEMPwertiodfio898e.tmp.
* Creates file C:WINDOWSTEMP?31.exe.

[ Changes to registry ]
* Sets value "WINID"="01C641D3E6DC73F0" in key "HKCUSoftwareMicrosoftWindowsCurrentVersionExplorer".
* Creates value "win_drivr32"="C:WINDOWSSYSTEM32shchostv.exe" in key "HKCUSoftwareMicrosoftWindowsCurrentVersionRun".
* Creates value "win_drivr32"="C:WINDOWSSYSTEM32shchostv.exe" in key "HKCUSoftwareMicrosoftWindowsCurrentVersionRunOnce".
* Creates key "HKCUSoftwareMicrosoftWindows NTCurrentVersionWindows".
* Sets value "load"="C:WINDOWSSYSTEM32shchostv.exe" in key "HKCUSoftwareMicrosoftWindows
NTCurrentVersionWindows".
* Sets value "run"="C:WINDOWSSYSTEM32shchostv.exe" in key "HKCUSoftwareMicrosoftWindows
NTCurrentVersionWindows".
* Creates value "win_drivr32"="C:WINDOWSSYSTEM32shchostv.exe" in key "HKLMSoftwareMicrosoftWindowsCurrentVersionRun".
* Creates key "HKLMSoftwareMicrosoftWindowsCurrentVersionRunOnce".
* Sets value "win_drivr32"="C:WINDOWSSYSTEM32shchostv.exe" in key "HKLMSoftwareMicrosoftWindowsCurrentVersionRunOnce".
* Creates key "HKLMSoftwareMicrosoftWindows NTcurrentversionWindows".
* Sets value "load"="C:WINDOWSSYSTEM32shchostv.exe" in key "HKLMSoftwareMicrosoftWindows
NTcurrentversionWindows".
* Sets value "run"="C:WINDOWSSYSTEM32shchostv.exe" in key "HKLMSoftwareMicrosoftWindows
NTcurrentversionWindows".
* Creates key "HKLMSoftwareMicrosoftWindows NTcurrentversionWinlogon".

Complete scanning result of "qw.exe", received in VirusTotal at 08.08.2006, 14:08:20
(CET).

Antivirus Version Update Result
AntiVir 6.35.1.0 08.08.2006 no virus found
Authentium 4.93.8 08.08.2006 no virus found
Avast 4.7.844.0 08.04.2006 no virus found
AVG 386 08.07.2006 no virus found
BitDefender 7.2 08.08.2006 no virus found
CAT-QuickHeal 8.00 08.08.2006 no virus found
ClamAV devel-20060426 08.08.2006 no virus found
DrWeb 4.33 08.08.2006 Trojan.Spambot
eTrust-InoculateIT 23.72.89 08.08.2006 no virus found
eTrust-Vet 12.6.2329 08.08.2006 Win32/Suspect
Ewido 4.0 08.08.2006 no virus found
Fortinet 2.77.0.0 08.08.2006 no virus found
F-Prot 3.16f 08.06.2006 no virus found
F-Prot4 4.2.1.29 08.06.2006 no virus found
Ikarus 0.2.65.0 08.08.2006 no virus found
Kaspersky 4.0.2.24 08.08.2006 no virus found
McAfee 4823 08.07.2006 New Malware.am
Microsoft 1.1508 08.04.2006 no virus found
NOD32v2 1.1696 08.07.2006 probably unknown NewHeur_PE virus
Norman 5.90.23 08.08.2006 no virus found
Panda 9.0.0.4 08.07.2006 Suspicious file
Sophos 4.08.0 08.08.2006 no virus found
Symantec 8.0 08.08.2006 no virus found
TheHacker 5.9.8.187 08.07.2006 no virus found
UNA 1.83 08.07.2006 no virus found
VBA32 3.11.0 08.07.2006 no virus found
VirusBuster 4.3.7:9 08.07.2006 no virus found

Aditional Information
File size: 23552 bytes
MD5: 5b2a41c86daec7124db931bf34b0580a
SHA1: a28ef328eca64d4adf43b12cb44ed0f4a38c0366

Complete scanning result of "drsmartload45a.exe", received in VirusTotal at 08.08.2006, 15:24:20 (CET).
Antivirus Version Update Result
AntiVir 6.35.1.0 08.08.2006 no virus found
Authentium 4.93.8 08.08.2006 no virus found
Avast 4.7.844.0 08.08.2006 no virus found
AVG 386 08.07.2006 no virus found
BitDefender 7.2 08.08.2006 BehavesLike:Trojan.Downloader
CAT-QuickHeal 8.00 08.08.2006 no virus found
ClamAV devel-20060426 08.08.2006 no virus found
DrWeb 4.33 08.08.2006 Adware.DollarRevenue
eTrust-InoculateIT 23.72.89 08.08.2006 no virus found
eTrust-Vet 12.6.2329 08.08.2006 no virus found
Ewido 4.0 08.08.2006 Downloader.Adload.ds
Fortinet 2.77.0.0 08.08.2006 no virus found
F-Prot 3.16f 08.06.2006 no virus found
F-Prot4 4.2.1.29 08.06.2006 no virus found
Ikarus 0.2.65.0 08.08.2006 no virus found
Kaspersky 4.0.2.24 08.08.2006 no virus found
McAfee 4823 08.07.2006 no virus found
Microsoft 1.1508 08.04.2006 no virus found
NOD32v2 1.1696 08.07.2006 probably unknown NewHeur_PE virus
Norman 5.90.23 08.08.2006 no virus found
Panda 9.0.0.4 08.07.2006 no virus found
Sophos 4.08.0 08.08.2006 no virus found
Symantec 8.0 08.08.2006 no virus found
TheHacker 5.9.8.187 08.07.2006 no virus found
UNA 1.83 08.07.2006 no virus found
VBA32 3.11.0 08.07.2006 no virus found
VirusBuster 4.3.7:9 08.07.2006 no virus found

Aditional Information
File size: 20480 bytes
MD5: f894952eaa7bf9ececac0c15667fae53
SHA1: 1a9be5e685e4bb47daa7e23353a0f27bae506c12