Исследование антивирусов 6

Printable View

Показывать 40 сообщений этой темы на одной странице

18.09.2008, 18:19
zorro84

Файл vfpqlp.txt получен 2008.09.18 16:06:09 (CET)
Результат: 12/36 (33.34%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.9.13.0 2008.09.18 -
[B]AntiVir 7.8.1.34 2008.09.18 TR/Crypt.CFI.Gen[/B]
Authentium 5.1.0.4 2008.09.18 -
[B]Avast 4.8.1195.0 2008.09.18 Win32:Trojan-gen {Other}[/B]
AVG 8.0.0.161 2008.09.18 -
BitDefender 7.2 2008.09.18 -
[B]CAT-QuickHeal 9.50 2008.09.17 Trojan.Autoit.dm[/B]
ClamAV 0.93.1 2008.09.18 -
DrWeb 4.44.0.09170 2008.09.18 -
[B]eSafe 7.0.17.0 2008.09.17 Suspicious File[/B]
eTrust-Vet 31.6.6091 2008.09.16 -
Ewido 4.0 2008.09.18 -
F-Prot 4.4.4.56 2008.09.18 -
[B]F-Secure 8.0.14332.0 2008.09.18 Trojan.Win32.Autoit.dm[/B]
[B]Fortinet 3.113.0.0 2008.09.18 W32/Agent.DF!tr[/B]
[B]GData 19 2008.09.18 Win32:Trojan-gen[/B]
[B]Ikarus T3.1.1.34.0 2008.09.18 Trojan.Win32.Autoit.dt[/B]
K7AntiVirus 7.10.461 2008.09.18 -
[B]Kaspersky 7.0.0.125 2008.09.18 Trojan.Win32.Autoit.dm[/B]
McAfee 5386 2008.09.17 -
Microsoft 1.3903 2008.09.18 -
NOD32v2 3452 2008.09.18 -
Norman 5.80.02 2008.09.17 -
Panda 9.0.0.4 2008.09.18 -
PCTools 4.4.2.0 2008.09.18 -
[B]Prevx1 V2 2008.09.18 Cloaked Malware[/B]
Rising 20.62.32.00 2008.09.18 -
Sophos 4.33.0 2008.09.18 -
Sunbelt 3.1.1645.1 2008.09.17 -
Symantec 10 2008.09.18 -
TheHacker 6.3.0.9.086 2008.09.18 -
[B]TrendMicro 8.700.0.1004 2008.09.18 WORM_AUTORUN.AB[/B]
VBA32 3.12.8.5 2008.09.17 -
ViRobot 2008.9.18.1381 2008.09.18 -
VirusBuster 4.5.11.0 2008.09.17 -
[B]Webwasher-Gateway 6.6.2 2008.09.18 Trojan.Crypt.CFI.Gen[/B]
24.09.2008, 11:35
Hanson

Файл ntos.exe получен 2008.09.24 08:55:02 (CET)
[QUOTE] Результат: 1/36 (2.78%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.9.23.1 2008.09.24 -
AntiVir 7.8.1.34 2008.09.23 -
Authentium 5.1.0.4 2008.09.23 -
Avast 4.8.1195.0 2008.09.23 -
AVG 8.0.0.161 2008.09.23 -
BitDefender 7.2 2008.09.24 -
CAT-QuickHeal 9.50 2008.09.24 -
ClamAV 0.93.1 2008.09.24 -
DrWeb 4.44.0.09170 2008.09.24 -
eSafe 7.0.17.0 2008.09.23 -
eTrust-Vet 31.6.6101 2008.09.23 -
Ewido 4.0 2008.09.23 -
F-Prot 4.4.4.56 2008.09.23 -
F-Secure 8.0.14332.0 2008.09.24 -
Fortinet 3.113.0.0 2008.09.23 -
GData 19 2008.09.24 -
Ikarus T3.1.1.34.0 2008.09.24 -
K7AntiVirus 7.10.469 2008.09.23 -
[B]Kaspersky 7.0.0.125 2008.09.24 Trojan-Spy.Win32.Zbot.fae[/B]
McAfee 5390 2008.09.23 -
Microsoft 1.3903 2008.09.24 -
NOD32 3466 2008.09.24 -
Norman 5.80.02 2008.09.23 -
Panda 9.0.0.4 2008.09.23 -
PCTools 4.4.2.0 2008.09.23 -
Prevx1 V2 2008.09.24 -
Rising 20.63.21.00 2008.09.24 -
Sophos 4.33.0 2008.09.24 -
Sunbelt 3.1.1666.1 2008.09.24 -
Symantec 10 2008.09.24 -
TheHacker 6.3.0.9.092 2008.09.24 -
TrendMicro 8.700.0.1004 2008.09.23 -
VBA32 3.12.8.5 2008.09.23 -
ViRobot 2008.9.23.1389 2008.09.24 -
VirusBuster 4.5.11.0 2008.09.23 -
Webwasher-Gateway 6.6.2 2008.09.23 -[/QUOTE]

сеня ситуация лучше уже Результат: 10/36 (27.78%)

The file 'NTOS' has been determined to be 'MALWARE'. Our analysts named the threat TR/Spy.ZBot.fae.1. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version

авира ответила )))
а вот в НоДЕ предпочитают никогда неотвечать,
да и в базы они добавляют ОООЧЕНЬЬ долго
25.09.2008, 14:55
strawser

File sms_reader.exe received on 09.25.2008 12:52:41 (CET)
[B]AhnLab-V3 2008.9.25.0 2008.09.25 Win-Trojan/[/B]Injector.45568.B
AntiVir 7.8.1.34 2008.09.25 -
[B]Authentium 5.1.0.4 2008.09.24 W32/Backdoor2.CFAC
Avast 4.8.1195.0 2008.09.25 Win32:Delf-LAC
AVG 8.0.0.161 2008.09.25 BackDoor.Generic10.KAL
BitDefender 7.2 2008.09.25 Trojan.Delf.Inject.AX
CAT-QuickHeal 9.50 2008.09.25 Win32.Backdoor.Delf.kho.8
ClamAV 0.93.1 2008.09.25 Trojan.Buzus-1620
DrWeb 4.44.0.09170 2008.09.25 BackDoor.IRC.Sdbot.3840[/B]
eSafe 7.0.17.0 2008.09.24 -
[B]eTrust-Vet 31.6.6105 2008.09.24 Win32/Bifrost.EZ
Ewido 4.0 2008.09.25 Backdoor.Delf.kho
F-Prot 4.4.4.56 2008.09.25 W32/Backdoor2.CFAC
F-Secure 8.0.14332.0 2008.09.25 Backdoor.Win32.Delf.kho
Fortinet 3.113.0.0 2008.09.25 W32/Delf.KHO!tr
GData 19 2008.09.25 Trojan.Delf.Inject.AX
Ikarus T3.1.1.34.0 2008.09.25 Trojan.Injector.AF
K7AntiVirus 7.10.470 2008.09.24 Backdoor.Win32.Delf.kho
Kaspersky 7.0.0.125 2008.09.25 Backdoor.Win32.Delf.kho
McAfee 5391 2008.09.24 MultiDropper-RY
Microsoft 1.3903 2008.09.25 VirTool:Win32/DelfInject.gen!N
NOD32 3470 2008.09.25 a variant of Win32/Injector.CL
Norman 5.80.02 2008.09.24 W32/Malware[/B]
Panda 9.0.0.4 2008.09.24 -
PCTools 4.4.2.0 2008.09.24 -
Prevx1 V2 2008.09.25 -
[B]Rising 20.63.32.00 2008.09.25 Trojan.Win32.Buzus.nuy[/B]
Sophos 4.33.0 2008.09.25 -
Sunbelt 3.1.1668.1 2008.09.24 -
Symantec 10 2008.09.25 -
TheHacker 6.3.0.9.093 2008.09.25 -
TrendMicro 8.700.0.1004 2008.09.25 -
[B]VBA32 3.12.8.6 2008.09.25 Trojan.Win32.Buzus.oie
ViRobot 2008.9.25.1392 2008.09.25 Trojan.Win32.Buzus.58368
VirusBuster 4.5.11.0 2008.09.24 Backdoor.Delf.BGUE[/B]
Webwasher-Gateway 6.6.2 2008.09.25 -
Additional information
File size: 138752 bytes
MD5...: 9ef87d7687aeeac31347b559f545059b
SHA1..: d4d45fe3ecdf2c332fdb2040d95479125c88a684
SHA256: 228426565ddda774e344d9a91905503d6054d8e666c9f0004a198b8861b94337
SHA512: 683fdb03a1617ecef5edbc269a70d213f296484e944ceaa96ff4b7e0781884e4
8d64c3823ad84532395205ef414ae22f194e3cfae3ce31020e0af4d2795f3498
PEiD..: -
27.09.2008, 12:54
Синауридзе Александр

Файл trzF5F.tmp получен 2008.09.27 04:37:08 (CET)

[QUOTE][B]AhnLab-V3 2008.9.25.0 2008.09.26 Win-Trojan/Hamweq.9728[/B]
[B]AntiVir 7.8.1.34 2008.09.26 TR/Dropper.Gen[/B]
[B]Authentium 5.1.0.4 2008.09.27 W32/Worm.XVU[/B]
[B]Avast 4.8.1195.0 2008.09.26 Win32:Trojan-gen {Other}[/B]
[B]AVG 8.0.0.161 2008.09.26 Klone.W [/B]
[B]BitDefender 7.2 2008.09.27 Backdoor.Hamweq.A [/B]
[B]CAT-QuickHeal 9.50 2008.09.26 Trojan.Agent.gen[/B]
[B]ClamAV 0.93.1 2008.09.27 Trojan.Kolabc.BFY[/B]
[B]DrWeb 4.44.0.09170 2008.09.27 Win32.HLLW.Autoruner.2077[/B]
[B]eSafe 7.0.17.0 2008.09.25 Suspicious File[/B]
[B]eTrust-Vet 31.6.6111 2008.09.27 Win32/SillyAutorun.MW[/B]
[B]Ewido 4.0 2008.09.26 Worm.AutoRun.eda[/B]
[B]F-Prot 4.4.4.56 2008.09.27 W32/Worm.XVU[/B]
[B]F-Secure 8.0.14332.0 2008.09.27 W32/Hamweq.gen1[/B]
Fortinet 3.113.0.0 2008.09.27 -
[B]GData 19 2008.09.27 Backdoor.Hamweq.A[/B]
[B]Ikarus T3.1.1.34.0 2008.09.27 Worm.Win32.VB.el[/B]
[B]K7AntiVirus 7.10.475 2008.09.26 Trojan.Win32.Inject.zi[/B]
Kaspersky 7.0.0.125 2008.09.27 -
[B]McAfee 5393 2008.09.27 W32/IRCbot.gen.c[/B]
[B]Microsoft 1.3903 2008.09.27 Worm:Win32/Hamweq.A[/B]
[B]NOD32 3475 2008.09.26 Win32/Inject.NAX[/B]
[B]Norman 5.80.02 2008.09.26 W32/Hamweq.gen1[/B]
[B]Panda 9.0.0.4 2008.09.27 Bck/SDBot.LWE[/B]
PCTools 4.4.2.0 2008.09.26 -
Rising 20.63.42.00 2008.09.26 -
[B]SecureWeb-Gateway 6.7.6 2008.09.26 Trojan.Dropper.Gen[/B]
[B]Sophos 4.34.0 2008.09.27 Sus/UnkPacker[/B]
Sunbelt 3.1.1675.1 2008.09.27 -
[B]Symantec 10 2008.09.27 W32.SillyFDC[/B]
TheHacker 6.3.0.9.094 2008.09.25 -
[B]TrendMicro 8.700.0.1004 2008.09.26 PAK_Generic.001[/B]
[B]VBA32 3.12.8.6 2008.09.27 Backdoor.Win32.Agent.jue[/B]
ViRobot 2008.9.26.1394 2008.09.26 -
[B]VirusBuster 4.5.11.0 2008.09.26 Packed/Pepsi[/B][/QUOTE]

Дополнительная информация
File size: 33280 bytes
MD5...: ced0689850e8c6f544097d5f218a70b9
SHA1..: f62558ac977f6b6f85c1c88bc70954ecd7ae8b7d
SHA256: 1d4ecf36709a15c014338d8e5f8097eb5dd876168317186b8bc79642722cb519
SHA512: 9f402ea77ca9daafa3a937975479c8cd939e05303cf462dbd6fed443ed0569fa
8e48670e295023e965d041792e2fc557f41cff79ce08e8e603677657dab18c9e
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x407124
timedatestamp.....: 0x47ec14d6 (Thu Mar 27 21:42:46 2008)
machinetype.......: 0x14c (I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.pepsi 0x1000 0x6000 0x1dd5 7.40 4cdd1c7708d69fa7a4bffb638c8474a3
.text 0x7000 0x1000 0x600 5.73 4f18d5ee8ce76e6ef6e9203a51d95079

( 1 imports )
> kernel32.dll: ExitProcess, GetModuleHandleA, GetProcAddress, LoadLibraryA, RtlZeroMemory, VirtualAlloc, VirtualFree, VirtualProtect

( 0 exports )

Norman Sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email][email protected][/email] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* File length: 33280 bytes.

[size="1"][color="#666686"][B][I]Добавлено через 5 часов 58 минут[/I][/B][/color][/size]

Уже ответили:

[QUOTE]Здравствуйте,

trzF5F - Worm.Win32.AutoRun.pes

Детектирование файла будет добавлено в следующее обновление.

Пожалуйста, при ответе включайте переписку целиком.

--
С уважением, Евгений Асеев
Вирусный аналитик Лаборатории Касперского.
e-mail: [email][email protected][/email]
[url]http://www.kaspersky.com/[/url]

[url]http://www.kaspersky.ru/virusscanner[/url] - Онлайн тестирование самыми свежими KAV-базами.
[url]http://www.kaspersky.com/helpdesk.html[/url] - техническая поддержка

> Attachment: trzF5F.bz2

> Здравствуйте!
>
> Отправляю Вам файл для анализа. Заранее спасибо за ответ.[/QUOTE]
29.09.2008, 00:19
ananas

Файл vkontakt.exe получен 2008.09.28 22:05:32 (CET)
Текущий статус: закончено
Результат: 15/36 (41.67%)
Форматированные
Печать результатов Антивирус Версия Обновление Результат
AhnLab-V3 2008.9.25.0 2008.09.26 -
[B]AntiVir 7.8.1.34 2008.09.28 TR/KillDisk.AN[/B]
Authentium 5.1.0.4 2008.09.28 -
[B]Avast 4.8.1195.0 2008.09.27 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.09.28 Generic11.YZX[/B]
BitDefender 7.2 2008.09.28 -
CAT-QuickHeal 9.50 2008.09.27 -
ClamAV 0.93.1 2008.09.28 -
[B]DrWeb 4.44.0.09170 2008.09.28 Trojan.KillMBR.143[/B]
eSafe 7.0.17.0 2008.09.28 -
eTrust-Vet 31.6.6110 2008.09.26 -
Ewido 4.0 2008.09.28 -
F-Prot 4.4.4.56 2008.09.27 -
[B]F-Secure8.0.14332.0 2008.09.28 Trojan.Win32.KillDisk.an[/B]
Fortinet 3.113.0.0 2008.09.28 -
[B]GData 19 2008.09.28 Win32:Trojan-gen {Other}
Ikarus T3.1.1.34.0 2008.09.28 Trojan-Proxy.Win32.Delf.cc
K7AntiVirus 7.10.476 2008.09.27 Trojan.Win32.KillDisk.an
Kaspersky 7.0.0.125 2008.09.28 Trojan.Win32.KillDisk.an
McAfee 5393 2008.09.27 Generic.dx[/B]
Microsoft 1.3903 2008.09.28 -
NOD32 3478 2008.09.28 -
Norman 5.80.02 2008.09.26 -
Panda 9.0.0.4 2008.09.28 -
PCTools 4.4.2.0 2008.09.26 -
[B]Prevx1 V2 2008.09.28 Worm[/B]
Rising 20.63.62.00 2008.09.28 -
[B]SecureWeb-Gateway6.7.62008.09.28 Trojan.KillDisk.AN[/B]
Sophos 4.34.0 2008.09.28 -
[B]Sunbelt 3.1.1675.1 2008.09.27 Trojan.Win32.KillDisk.an[/B]
Symantec 10 2008.09.28 -
TheHacker 6.3.0.9.095 2008.09.27 -
[B]TrendMicro8.700.0.1004 2008.09.26 TROJ_KILLDISK.AM[/B]
[B]VBA32 3.12.8.6 2008.09.27 Trojan.KillMBR.143[/B]
ViRobot 2008.9.26.1394 2008.09.26 -
VirusBuster 4.5.11.0 2008.09.28 -
Дополнительная информация
File size: 44032 bytes
MD5...: 6147920244c67a3c3f2d92af8f396d95
29.09.2008, 14:30
insane

File Name : Юле 35.exe
File Size : 87126 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : c67e887a58bfc0c0a3f8b4ef518a514b
SHA1 : be93aa06e900876340a808dc8d7a16458fa62ed6

a-squared 4.0.0.14 2008.09.28 2008-09-28 - 1.562
AhnLab V3 2008.09.29.01 2008.09.29 2008-09-29 - 0.956
[B]AntiVir 7.8.1.34 7.0.6.222 2008-09-29 Worm/Delf.BL.1 2.296[/B]
Arcavir 1.0.5 200809281307 2008-09-28 - 1.217
[B]Authentium 5.1.1 200809241708 2008-09-24 W32/Heuristic-131!Eldorado (Heuristic) 1.095[/B]
[B]AVAST! 3.0.1 080929-0 2008-09-29 Win32:Delf-FXF 0.014[/B]
[B]AVG 7.5.52.442 270.7.5/1696 2008-09-28 Worm/Delf.BWM 1.650[/B]
[B]BitDefender 7.60825.1821573 7.21098 2008-09-29 Win32.Worm.Delf.BL 3.098[/B]
CA (VET) 9.0.0.143 31.6.6116 2008-09-29 - 4.984
ClamAV 0.94 8352 2008-09-29 - 0.030
Comodo 2.11 2.0.0.661 2008-09-29 - 3.378
[B]CP Secure 1.1.0.715 2008.09.29 2008-09-29 W32.Delf.bq 5.926[/B]
[B]Dr.Web 4.44.0.9170 2008.09.29 2008-09-29 Win32.HLLW.Frendly 3.233[/B]
ewido 4.0.0.2 2008.09.28 2008-09-28 - 3.867
[B]F-Prot 4.4.4.56 20080928 2008-09-28 Possible W32/Heuristic-131!Eldorado (not disinfectable) 1.070[/B]
[B]F-Secure 5.51.6100 2008.09.29.03 2008-09-29 Virus.Win32.Delf.bq [AVP] 0.040[/B]
[B]Fortinet 2.81-3.113 9.600 2008-09-29 W32/Delf.BQ 0.146[/B]
[B]Ikarus T3.1.01.34 2008.09.29.71548 2008-09-29 Virus.Win32.Delf.bq 3.355[/B]
[B]JiangMin 11.0.706 2008.09.29 2008-09-29 Virus.Delf.al 3.346[/B]
[B]Kaspersky 5.5.10 2008.09.29 2008-09-29 Virus.Win32.Delf.bq 0.030[/B]
KingSoft 2008.9.8.18 2008.9.29.14 2008-09-29 - 1.206
[B]McAfee 5.3.00 5393 2008-09-26 Generic.dx 1.979[/B]
Microsoft 1.3903 2008.09.29 2008-09-29 - 4.099
[B]mks_vir 2.01 2008.09.29 2008-09-29 Worm.Win32.Delf.ysk 2.685[/B]
[B]Norman 5.93.01 5.93.00 2008-09-18 W32/Malware.SMM 5.663[/B]
[B]nProtect 2008-09-29.00 2184043 2008-09-29 Win32.Worm.Delf.BL 7.645[/B]
Panda 9.05.01 2008.09.27 2008-09-27 - 0.962
Quick Heal 9.50 2008.09.29 2008-09-29 - 2.437
[B]Rising 20.0 20.63.62.00 2008-09-28 Worm.Win32.Delf.ysk 1.008[/B]
[B]Sophos 2.79.0 4.34 2008-09-29 Mal/Behav-043 1.729[/B]
Sunbelt 3.1.1675.1 2261 2008-09-26 - 0.521
[B]Symantec 1.3.0.24 20080928.003 2008-09-28 W32.Folmess 0.075[/B]
The Hacker 6.3.0.9 v00096 2008-09-28 - 0.434
[B]Trend Micro 8.700-1004 5.570.07 2008-09-29 WORM_DELF.IPT 0.021[/B]
[B]VBA32 3.12.8.6 20080928.0844 2008-09-28 Virus.Win32.Delf.bq 1.204[/B]
ViRobot 20080926 2008.09.26 2008-09-26 - 0.427
VirusBuster 4.5.11.10 10.89.1/635920 2008-09-28 - 0.948
30.09.2008, 12:43
ISO

File 16.tmp received on 09.30.2008 10:22:28 (CET)
Current status: finished
Result: 12/36 (33.34%)
Antivirus Version Last Update Result
AhnLab-V3 2008.9.25.0 2008.09.30 -
AntiVir 7.8.1.34 2008.09.30 -
[B]Authentium 5.1.0.4 2008.09.29 W32/Heuristic-MU2!Eldorado
Avast 4.8.1195.0 2008.09.29 Win32:Trojan-gen {Other}[/B]
AVG 8.0.0.161 2008.09.29 -
[B]BitDefender 7.2 2008.09.30 Trojan.Generic.543401[/B]
CAT-QuickHeal 9.50 2008.09.30 -
ClamAV 0.93.1 2008.09.30 -
DrWeb 4.44.0.09170 2008.09.30 -
[B]eSafe 7.0.17.0 2008.09.29 Suspicious File[/B]
eTrust-Vet 31.6.6117 2008.09.30 -
Ewido 4.0 2008.09.29 -
[B]F-Prot 4.4.4.56 2008.09.29 W32/Heuristic-MU2!Eldorado[/B]
F-Secure 8.0.14332.0 2008.09.30 -
Fortinet 3.113.0.0 2008.09.30 -
[B]GData 19 2008.09.30 Trojan.Generic.543401[/B]
Ikarus T3.1.1.34.0 2008.09.30 -
K7AntiVirus 7.10.476 2008.09.27 -
Kaspersky 7.0.0.125 2008.09.30 -
McAfee 5394 2008.09.30 -
[B]Microsoft 1.4005 2008.09.30 TrojanSpy:Win32/Festeal.B[/B]
NOD32 3481 2008.09.29 -
[B]Norman 5.80.02 2008.09.29 W32/Smalltroj.dam
Panda 9.0.0.4 2008.09.29 Trj/Agent.GJD[/B]
PCTools 4.4.2.0 2008.09.29 -
Prevx1 V2 2008.09.30 -
Rising 20.63.62.00 2008.09.28 -
[B]SecureWeb-Gateway 6.7.6 2008.09.30 Win32.Malware.dam (suspicious)[/B]
Sophos 4.34.0 2008.09.30 -
[B]Sunbelt 3.1.1675.1 2008.09.27 VIPRE.Suspicious
Symantec 10 2008.09.30 Trojan.Dropper[/B]
TheHacker 6.3.0.9.097 2008.09.29 -
TrendMicro 8.700.0.1004 2008.09.30 -
VBA32 3.12.8.6 2008.09.29 -
ViRobot 2008.9.30.1397 2008.09.30 -
VirusBuster 4.5.11.0 2008.09.29 -
Additional information
File size: 40558 bytes
MD5...: 3c44a438a3069f4ca0c280f451cd12d2
SHA1..: f59160f0a13d52475e33d14ab2c4a835ce82e812
SHA256: 4a9801124df640c34c557f7999c37dd6712a86fbfb810c57c3ad163184e03eca
SHA512: f2727ccdedf22dc754dbe3b14c49c01ec3870cff2fa4224513b852f3b8013bf6
2f4dc9f3b404ecf62c5e7c7ae8ae877400891c2e91ea6e2479d051919f5f38a4
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4123b0
timedatestamp.....: 0x46d6ff0d (Thu Aug 30 17:31:57 2007)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x5000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x6000 0xd000 0xc600 7.75 23a05301a652409e56a553985f813a75
.rsrc 0x13000 0x1000 0xa00 0.00 d41d8cd98f00b204e9800998ecf8427e

( 0 imports )

( 0 exports )
packers (Kaspersky): PE_Patch
01.10.2008, 05:46
Granin

Файл qtslmoyc.dat получен 2008.10.01 02:06:05 (CET)
Результат: 27/35 (77.15%)

AhnLab-V3 2008.10.1.0 2008.09.30 -
[B]AntiVir 7.8.1.34 2008.09.30 TR/Rootkit.Gen
Authentium 5.1.0.4 2008.09.30 W32/Trojan2.INC
Avast 4.8.1195.0 2008.09.30 Win32:Agent-NGL
AVG 8.0.0.161 2008.09.30 Agent.2.AF
BitDefender 7.2 2008.10.01 Trojan.Spy.Agent.NJP
CAT-QuickHeal 9.50 2008.09.30 Trojan.Agent.cid
ClamAV 0.93.1 2008.10.01 Trojan.Rootkit-349
DrWeb 4.44.0.09170 2008.09.30 Trojan.Sentinel[/B]
eSafe 7.0.17.0 2008.09.30 -
[B]eTrust-Vet 31.6.6119 2008.09.30 Win32/Kvol.C
Ewido 4.0 2008.09.30 Trojan.Agent.cid
F-Prot 4.4.4.56 2008.09.30 W32/Trojan2.INC
F-Secure 8.0.14332.0 2008.10.01 Trojan.Win32.Agent.cid
Fortinet 3.113.0.0 2008.09.30 W32/Boaxxe.C!tr
GData 19 2008.10.01 Trojan.Spy.Agent.NJP
Ikarus T3.1.1.34.0 2008.10.01 Trojan.Win32.Agent.cid
K7AntiVirus 7.10.478 2008.09.30 Trojan.Win32.Agent.cid
Kaspersky 7.0.0.125 2008.10.01 Trojan.Win32.Agent.cid
McAfee 5394 2008.09.30 BackDoor-CVM!sys
Microsoft 1.4005 2008.10.01 VirTool:WinNT/Boaxxe.C[/B]
Norman 5.80.02 2008.09.30 -
Panda 9.0.0.4 2008.09.30 -
[B]PCTools 4.4.2.0 2008.09.30 Rootkit.Agent.WWD
Prevx1 V2 2008.10.01 Rootkit
Rising 20.63.62.00 2008.09.28 Trojan.Win32.Agent.cid
SecureWeb-Gateway 6.7.6 2008.10.01 Trojan.Rootkit.Gen
Sophos 4.34.0 2008.10.01 Troj/Boaxxe-C [/B]
Sunbelt 3.1.1668.1 2008.09.24 -
Symantec 10 2008.10.01 -
TheHacker 6.3.0.9.097 2008.09.29 -
[B]TrendMicro 8.700.0.1004 2008.09.30 TROJ_AGENT.AEUA [/B]
VBA32 3.12.8.6 2008.09.30 -
[B]ViRobot 2008.9.30.1398 2008.09.30 Trojan.Win32.Agent.5120.F
VirusBuster 4.5.11.0 2008.09.30 Rootkit.Agent.WWD [/B]

Дополнительная информация
File size: 5120 bytes
MD5...: 04d090ebbf5e9e8de2f281b085d8578b

Файл boot.com получен 2008.10.01 03:27:55 (CET)
Результат: 14/36 (38.89%)

AhnLab-V3 2008.10.1.0 2008.09.30 -
[B]AntiVir 7.8.1.34 2008.09.30 TR/Autorun.BE [/B]
Authentium 5.1.0.4 2008.09.30 -
[B]Avast 4.8.1195.0 2008.09.30 Win32:KdCrypt
AVG 8.0.0.161 2008.09.30 Worm/Generic_r.AO [/B]
BitDefender 7.2 2008.10.01 -
CAT-QuickHeal 9.50 2008.09.30 -
ClamAV 0.93.1 2008.10.01 -
DrWeb 4.44.0.09170 2008.09.30 -
eSafe 7.0.17.0 2008.09.30 -
[B]eTrust-Vet 31.6.6119 2008.09.30 Win32/Vipordno.B [/B]
Ewido 4.0 2008.09.30 -
[B]F-Prot 4.4.4.56 2008.09.30 W32/Virtumonde.T.gen!Eldorado
F-Secure 8.0.14332.0 2008.10.01 Trojan.Win32.Inject.hzf [/B]
Fortinet 3.113.0.0 2008.09.30 -
[B]GData 19 2008.10.01 Win32:KdCrypt [/B]
Ikarus T3.1.1.34.0 2008.10.01 -
[B]K7AntiVirus 7.10.478 2008.09.30 Trojan.Win32.Inject.hzf
Kaspersky 7.0.0.125 2008.10.01 Trojan.Win32.Inject.hzf [/B]
McAfee 5395 2008.10.01 -
[B]Microsoft 1.4005 2008.10.01 TrojanDropper:Win32/Cutwail.AN [/B]
NOD32 3484 2008.09.30 -
Norman 5.80.02 2008.09.30 -
Panda 9.0.0.4 2008.09.30 -
PCTools 4.4.2.0 2008.09.30 -
Prevx1 V2 2008.10.01 -
Rising 20.63.62.00 2008.09.28 -
[B]SecureWeb-Gateway 6.7.6 2008.10.01 Trojan.Autorun.BE
Sophos 4.34.0 2008.10.01 Sus/Behav-282
Sunbelt 3.1.1675.1 2008.09.27 Trojan.Win32.Inject.hzf [/B]
Symantec 10 2008.10.01 -
TheHacker 6.3.0.9.097 2008.09.29 -
TrendMicro 8.700.0.1004 2008.09.30 -
[B]VBA32 3.12.8.6 2008.09.30 Trojan.Win32.Inject.hzf [/B]
ViRobot 2008.9.30.1398 2008.09.30 -
VirusBuster 4.5.11.0 2008.09.30 -

Дополнительная информация
File size: 28160 bytes
MD5...: cbf8d2a710c257ed5fa9eef30ef1ad08

Файл kdndg.exe получен 2008.10.01 03:37:29 (CET)
Результат: 14/36 (38.89%)

AhnLab-V3 2008.10.1.0 2008.09.30 -
AntiVir 7.8.1.34 2008.09.30 -
Authentium 5.1.0.4 2008.09.30 -
[B]Avast 4.8.1195.0 2008.09.30 Win32:KdCrypt
AVG 8.0.0.161 2008.09.30 Worm/Generic_r.AO[/B]
BitDefender 7.2 2008.10.01 -
CAT-QuickHeal 9.50 2008.09.30 -
ClamAV 0.93.1 2008.10.01 -
DrWeb 4.44.0.09170 2008.09.30 -
eSafe 7.0.17.0 2008.09.30 -
eTrust-Vet 31.6.6119 2008.09.30 -
Ewido 4.0 2008.09.30 -
[B]F-Prot 4.4.4.56 2008.09.30 W32/Virtumonde.T.gen!Eldorado
F-Secure 8.0.14332.0 2008.10.01 Suspicious:W32/Malware!Gemini [/B]
Fortinet 3.113.0.0 2008.09.30 -
[B]GData 19 2008.10.01 Win32:KdCrypt
Ikarus T3.1.1.34.0 2008.10.01 Virus.Win32.Gipor
K7AntiVirus 7.10.478 2008.09.30 Trojan.Win32.Malware.1 [/B]
Kaspersky 7.0.0.125 2008.10.01 -
[B]McAfee 5395 2008.10.01 DNSChanger.gen
Microsoft 1.4005 2008.10.01 Trojan:Win32/Alureon.gen
NOD32 3484 2008.09.30 a variant of Win32/Adware.Virtumonde.NBS[/B]
Norman 5.80.02 2008.09.30 -
Panda 9.0.0.4 2008.09.30 -
PCTools 4.4.2.0 2008.09.30 -
Prevx1 V2 2008.10.01 -
[B]Rising 20.63.62.00 2008.09.28 Trojan.Win32.DNSChanger.drb
SecureWeb-Gateway 6.7.6 2008.10.01 Virus.Win32.FileInfector.gen!92 (suspicious)
Sophos 4.34.0 2008.10.01 Sus/Behav-282[/B]
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.01 -
TheHacker 6.3.0.9.097 2008.09.29 -
TrendMicro 8.700.0.1004 2008.09.30 -
[B]VBA32 3.12.8.6 2008.09.30 suspected of Trojan-Downloader.Agent.31 [/B]
ViRobot 2008.9.30.1398 2008.09.30 -
VirusBuster 4.5.11.0 2008.09.30 -

Дополнительная информация
File size: 52736 bytes
MD5...: fae8e8003afc655097ca954544d7edc9

про kdndg.exe антивирусы написали разное, а так, вполне приличный руткит

Файл wpx4.cpx получен 2008.10.01 04:06:55 (CET)
Результат: 17/36 (47.23%)

AhnLab-V3 2008.10.1.0 2008.09.30 -
[B]AntiVir 7.8.1.34 2008.09.30 TR/Drop.Tupai.A.1[/B]
Authentium 5.1.0.4 2008.09.30 -
[B]Avast 4.8.1195.0 2008.09.30 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.09.30 Downloader.FraudLoad.W
BitDefender 7.2 2008.10.01 Trojan.Dropper.Tupai.A[/B]
CAT-QuickHeal 9.50 2008.09.30 -
ClamAV 0.93.1 2008.10.01 -
DrWeb 4.44.0.09170 2008.09.30 -
[B]eSafe 7.0.17.0 2008.09.30 Suspicious File[/B]
eTrust-Vet 31.6.6119 2008.09.30 -
Ewido 4.0 2008.09.30 -
F-Prot 4.4.4.56 2008.09.30 -
[B]F-Secure 8.0.14332.0 2008.10.01 Trojan.Win32.Agent.aeqt
Fortinet 3.113.0.0 2008.09.30 PossibleThreat
GData 19 2008.10.01 Trojan.Dropper.Tupai.A
Ikarus T3.1.1.34.0 2008.10.01 Trojan-Dropper.Win32.Prefsap
K7AntiVirus 7.10.478 2008.09.30 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.10.01 Trojan.Win32.Agent.aeqt
McAfee 5395 2008.10.01 Generic Dropper
Microsoft 1.4005 2008.10.01 TrojanDropper:Win32/Prefsap.gen[/B]
NOD32 3484 2008.09.30 -
[B]Norman 5.80.02 2008.09.30 W32/Agent.IPSX[/B]
Panda 9.0.0.4 2008.09.30 -
PCTools 4.4.2.0 2008.09.30 -
Prevx1 V2 2008.10.01 Worm
Rising 20.63.62.00 2008.09.28 -
[B]SecureWeb-Gateway 6.7.6 2008.10.01 Trojan.Drop.Tupai.A.1[/B]
Sophos 4.34.0 2008.10.01 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.01 -
TheHacker 6.3.0.9.097 2008.09.29 -
TrendMicro 8.700.0.1004 2008.09.30 -
[B]VBA32 3.12.8.6 2008.09.30 Trojan.Win32.Agent.aepq[/B]
ViRobot 2008.9.30.1398 2008.09.30 -
VirusBuster 4.5.11.0 2008.09.30 -

Дополнительная информация
File size: 37376 bytes
MD5...: 864297ef119d0a3d9f55d69263daf6b7

Файл _.exe получен 2008.10.01 04:14:22 (CET)
Результат: 10/36 (27.78%)

AhnLab-V3 2008.10.1.0 2008.09.30 -
[B]AntiVir 7.8.1.34 2008.09.30 DR/Delphi.Gen[/B]
Authentium 5.1.0.4 2008.09.30 -
Avast 4.8.1195.0 2008.09.30 -
[B]AVG 8.0.0.161 2008.09.30 Win32/Heur[/B]
BitDefender 7.2 2008.10.01 -
CAT-QuickHeal 9.50 2008.09.30 -
ClamAV 0.93.1 2008.10.01 -
[B]DrWeb 4.44.0.09170 2008.09.30 Trojan.MulDrop.17277[/B]
eSafe 7.0.17.0 2008.09.30 -
eTrust-Vet 31.6.6119 2008.09.30 -
Ewido 4.0 2008.09.30 -
F-Prot 4.4.4.56 2008.09.30 -
F-Secure 8.0.14332.0 2008.10.01 -
Fortinet 3.113.0.0 2008.09.30 -
GData 19 2008.10.01 -
[B]Ikarus T3.1.1.34.0 2008.10.01 Downloader.Delphi
K7AntiVirus 7.10.478 2008.09.30 Trojan.Win32.Malware.1[/B]
Kaspersky 7.0.0.125 2008.10.01 -
McAfee 5395 2008.10.01 -
[B]Microsoft 1.4005 2008.10.01 VirTool:Win32/DelfInject.gen!AM
NOD32 3484 2008.09.30 a variant of Win32/Injector.DC[/B]
Norman 5.80.02 2008.09.30 -
Panda 9.0.0.4 2008.09.30 -
PCTools 4.4.2.0 2008.09.30 -
[B]Prevx1 V2 2008.10.01 Malicious Software[/B]
Rising 20.63.62.00 2008.09.28 -
[B]SecureWeb-Gateway 6.7.6 2008.10.01 Trojan.Dropper.Delphi.Gen
Sophos 4.34.0 2008.10.01 Troj/Merein-Gen[/B]
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.01 -
TheHacker 6.3.0.9.097 2008.09.29 -
TrendMicro 8.700.0.1004 2008.09.30 -
VBA32 3.12.8.6 2008.09.30 -
ViRobot 2008.9.30.1398 2008.09.30 -
VirusBuster 4.5.11.0 2008.09.30 -

Дополнительная информация
File size: 27136 bytes
MD5...: f5ec6ef43b18526557f64d3e1ef64b0c
01.10.2008, 17:23
Shu_b

14 исследований суммировать нет смысла, за прошедший месяц результатов не будет.
02.10.2008, 20:40
senyak

Файл Install.exe получен 2008.10.02 18:36:31 (CET)
Текущий статус: закончено
Результат: 25/36 (69.45%)
[QUOTE]Антивирус Версия Обновление Результат
AhnLab-V3 2008.10.3.0 2008.10.02 -
[B]AntiVir 7.8.1.34 2008.10.02 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.10.02 W32/Ristix.A
Avast 4.8.1248.0 2008.10.02 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.10.02 Win32/Heur
BitDefender 7.2 2008.10.02 Trojan.Generic.743676
CAT-QuickHeal 9.50 2008.10.01 TrojanPSW.LdPinch.aawg[/B]
ClamAV 0.93.1 2008.10.02 -
DrWeb 4.44.0.09170 2008.10.02 -
[B]eSafe 7.0.17.0 2008.10.02 Win32.LdPinch.aawg[/B]
eTrust-Vet 31.6.6121 2008.10.02 -
Ewido 4.0 2008.10.02 -
[B]F-Prot 4.4.4.56 2008.10.02 W32/Zbot.I.gen!Eldorado
F-Secure 8.0.14332.0 2008.10.02 Trojan-PSW.Win32.LdPinch.aawg
Fortinet 3.113.0.0 2008.10.02 W32/LdPinch.AAWG!tr.pws
GData 19 2008.10.02 Trojan.Generic.743676
Ikarus T3.1.1.34.0 2008.10.02 Trojan-PWS.Win32.LdPinch.aawg
K7AntiVirus 7.10.481 2008.10.02 Trojan-PSW.Win32.LdPinch.aawg
Kaspersky 7.0.0.125 2008.10.02 Trojan-PSW.Win32.LdPinch.aawg
McAfee 5396 2008.10.02 DNSChanger.gen
Microsoft 1.4005 2008.10.02 Trojan:Win32/Alureon.gen!H[/B]
NOD32 3490 2008.10.02 -
Norman 5.80.02 2008.10.02 -
[B]Panda 9.0.0.4 2008.10.02 Trj/Ldpinch.WE[/B]
PCTools 4.4.2.0 2008.10.02 -
[B]Prevx1 V2 2008.10.02 Suspicious[/B]
Rising 20.63.62.00 2008.09.28 -
[B]SecureWeb-Gateway 6.7.6 2008.10.02 Trojan.Crypt.XPACK.Gen
Sophos 4.34.0 2008.10.02 Mal/Generic-A
Sunbelt 3.1.1668.1 2008.09.24 VIPRE.Suspicious[/B]
Symantec 10 2008.10.02 -
[B]TheHacker 6.3.0.9.098 2008.10.01 Trojan/PSW.LdPinch.aawg
TrendMicro 8.700.0.1004 2008.10.02 Cryp_Xed-3
VBA32 3.12.8.6 2008.10.02 Malware-Cryptor.Win32.General.2
ViRobot 2008.10.2.1403 2008.10.02 Trojan.Win32.PSWLdPinch.55808.E[/B]
VirusBuster 4.5.11.0 2008.10.02 -[/QUOTE]

Дополнительная информация
File size: 55808 bytes
MD5...: 0ce61a9ed2c52a60ef7b349ca459f1eb
SHA1..: 5a27d502dceb493e12272d5978cc7195a929fa6c
SHA256: 45bdd402dd865fb40a541d3a4d82189bc2a28cdc3577f4cecb2aedb90b3719c4
SHA512: e3476457e0610663e5b87f1c3beca702f13681e004cc8c5cb6c59319416a639f
298f08d564d776997677fb1cef833ab98390cb49283f06319036f516dabe5159
PEiD..: -
05.10.2008, 00:28
anton_dr

File _.exe received on 10.04.2008 22:22:41 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 8/36 (22.23%)
[QUOTE]Antivirus Version Last Update Result
AhnLab-V3 2008.10.3.2 2008.10.03 -
[B]AntiVir 7.8.1.34 2008.10.04 TR/Crypt.XPACK.Gen[/B]
Authentium 5.1.0.4 2008.10.04 -
Avast 4.8.1248.0 2008.10.04 -
[B]AVG 8.0.0.161 2008.10.04 SHeur.CCJK[/B]
BitDefender 7.2 2008.10.04 -
[B]CAT-QuickHeal 9.50 2008.10.04 (Suspicious) - DNAScan[/B]
ClamAV 0.93.1 2008.10.04 -
DrWeb 4.44.0.09170 2008.10.04 -
[B]eSafe 7.0.17.0 2008.10.02 Suspicious File[/B]
eTrust-Vet 31.6.6129 2008.10.04 -
Ewido 4.0 2008.10.04 -
F-Prot 4.4.4.56 2008.10.04 -
[B]F-Secure 8.0.14332.0 2008.10.04 Suspicious:W32/Malware!Gemini[/B]
Fortinet 3.113.0.0 2008.10.04 -
GData 19 2008.10.04 -
Ikarus T3.1.1.34.0 2008.10.04 -
K7AntiVirus 7.10.484 2008.10.04 -
Kaspersky 7.0.0.125 2008.10.04 -
McAfee 5398 2008.10.04 -
Microsoft 1.4005 2008.10.04 -
NOD32 3495 2008.10.04 -
Norman 5.80.02 2008.10.03 -
Panda 9.0.0.4 2008.10.04 -
PCTools 4.4.2.0 2008.10.04 -
Prevx1 V2 2008.10.04 -
Rising 20.63.62.00 2008.09.28 -
[B]SecureWeb-Gateway 6.7.6 2008.10.04 Trojan.Crypt.XPACK.Gen[/B]
[B]Sophos 4.34.0 2008.10.04 Sus/UnkPacker[/B]
[B]Sunbelt 3.1.1675.1 2008.09.27 VIPRE.Suspicious[/B]
Symantec 10 2008.10.04 -
TheHacker 6.3.1.0.101 2008.10.04 -
TrendMicro 8.700.0.1004 2008.10.03 -
VBA32 3.12.8.6 2008.10.04 -
ViRobot 2008.10.4.1406 2008.10.04 -
VirusBuster 4.5.11.0 2008.10.04 -
Additional information
File size: 44544 bytes
MD5...: 4a4c1a0c00a31ead2a3db3d889ef4518
SHA1..: 7dcd352fd267550d1f0ee9c389798401eb0d812a
SHA256: 55123e03c4b15b623d0defbd559269559dcbe3349c6ef1bb60458ba71197e1fe
SHA512: 8a09197ab5a774fe0a41875575c5a6b1a84727d38c3d29bb470a8f5ae8c06832
91fa23709e1614473046d1e7a40105dfd6bdeb010ecf191f1493712a30d22ee0
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x41a5a7
timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970)
machinetype.......: 0x14c (I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0xeb80 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
0x10000 0xa9e9 0xaa00 7.98 d9c8eeeaf2c6e429932ec4a18d2150b8

( 0 imports )

( 0 exports ) [/QUOTE]
05.10.2008, 02:34
rayoflight

Файл setup.exe получен 2008.10.05 00:21:18 (CET)
[QUOTE]AhnLab-V3 2008.10.3.2 2008.10.03 -
[B]AntiVir 7.8.1.34 2008.10.04 DR/Zlob.Gen [/B]
Authentium 5.1.0.4 2008.10.04 -
Avast 4.8.1248.0 2008.10.04 -
AVG 8.0.0.161 2008.10.04 -
BitDefender 7.2 2008.10.04 -
CAT-QuickHeal 9.50 2008.10.04 -
[B]ClamAV 0.93.1 2008.10.04 Trojan.Dropper-2529[/B]
DrWeb 4.44.0.09170 2008.10.04 -
eSafe 7.0.17.0 2008.10.02 -
eTrust-Vet 31.6.6129 2008.10.04 -
Ewido 4.0 2008.10.04 -
F-Prot 4.4.4.56 2008.10.04 -
F-Secure 8.0.14332.0 2008.10.04 -
Fortinet 3.113.0.0 2008.10.04 -
GData 19 2008.10.04 -
Ikarus T3.1.1.34.0 2008.10.04 -
K7AntiVirus 7.10.484 2008.10.04 -
Kaspersky 7.0.0.125 2008.10.05 -
McAfee 5398 2008.10.04 -
Microsoft 1.4005 2008.10.05 -
NOD32 3495 2008.10.04 -
Norman 5.80.02 2008.10.03 -
Panda 9.0.0.4 2008.10.04 -
PCTools 4.4.2.0 2008.10.04 -
Prevx1 V2 2008.10.05 -
[B]Rising 20.63.62.00 2008.09.28 Trojan.DL.Zlob.GEN [/B]
[B]SecureWeb-Gateway 6.7.6 2008.10.04 Trojan.Dropper.Zlob.Gen [/B]
Sophos 4.34.0 2008.10.04 -
Sunbelt 3.1.1668.1 2008.09.24 -
Symantec 10 2008.10.04 -
TheHacker 6.3.1.0.101 2008.10.04 -
[B]TrendMicro 8.700.0.1004 2008.10.03 Mal_Zlob-2 [/B]
[B]VBA32 3.12.8.6 2008.10.04 suspected of Downloader.Zlob.3 (paranoid heuristics) [/B]
ViRobot 2008.10.4.1406 2008.10.04 -
VirusBuster 4.5.11.0 2008.10.04 -
[/QUOTE]
Дополнительная информация
File size: 72557 bytes
MD5...: 363412d819aee9673213a7a925c8e67a
SHA1..: e77aebd6ea138aceb76fd761de909720c5ddc98c
SHA256: f4621ee1345dca1a1d5cfd2a744ded65973b48740da8497f1ee608102d1e9369
SHA512: 74151ae15f5d03938361a265291695db716d10666861082a5b0f4c79b0937f66
cde1d89c39329cb1e5a4727f9e2749ce648fe7e43e512783222956fb6f1cfe18
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403225
timedatestamp.....: 0x48a737e7 (Sat Aug 16 20:26:15 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5976 0x5a00 6.47 335c19bb25cd1d02eec2b0a4eacb979c
.rdata 0x7000 0x1190 0x1200 5.18 db16645055619c0cc73276ff5c3adb75
.data 0x9000 0x1af98 0x400 4.69 59710519e577598f785044e4d95261f4
.ndata 0x24000 0xa000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x2e000 0xd00 0xe00 3.83 a1a46b4c7c35c54b3e16f1321d622e01

( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )

packers (Kaspersky): UPX
07.10.2008, 01:53
senyak

Файл avz00003.dta получен 2008.10.06 20:20:37 (CET)
Текущий статус: закончено
Результат: 6/36 (16.67%)

[QUOTE]Антивирус Версия Обновление Результат
AhnLab-V3 2008.10.3.2 2008.10.06 -
[B]AntiVir 7.8.1.34 2008.10.06 TR/Dropper.Gen[/B]
Authentium 5.1.0.4 2008.10.06 -
[B]Avast 4.8.1248.0 2008.10.05 Win32:Zbot-APR[/B]
AVG 8.0.0.161 2008.10.06 -
BitDefender 7.2 2008.10.06 -
CAT-QuickHeal 9.50 2008.10.06 -
ClamAV 0.93.1 2008.10.06 -
DrWeb 4.44.0.09170 2008.10.06 -
eSafe 7.0.17.0 2008.10.05 -
eTrust-Vet 31.6.6131 2008.10.06 -
Ewido 4.0 2008.10.06 -
F-Prot 4.4.4.56 2008.10.05 -
[B]F-Secure 8.0.14332.0 2008.10.06 Trojan-Spy.Win32.Zbot.ffz[/B]
Fortinet 3.113.0.0 2008.10.06 -
[B]GData 19 2008.10.06 Win32:Zbot-APR[/B]
Ikarus T3.1.1.34.0 2008.10.06 -
K7AntiVirus 7.10.486 2008.10.06 -
[B]Kaspersky 7.0.0.125 2008.10.06 Trojan-Spy.Win32.Zbot.ffz[/B]
McAfee 5398 2008.10.04 -
Microsoft 1.4005 2008.10.06 -
NOD32 3497 2008.10.06 -
Norman 5.80.02 2008.10.06 -
Panda 9.0.0.4 2008.10.06 -
PCTools 4.4.2.0 2008.10.06 -
Prevx1 V2 2008.10.06 -
Rising 20.65.02.00 2008.10.06 -
[B]SecureWeb-Gateway 6.7.6 2008.10.06 Trojan.Dropper.Gen[/B]
Sophos 4.34.0 2008.10.06 -
Sunbelt 3.1.1704.1 2008.10.06 -
Symantec 10 2008.10.06 -
TheHacker 6.3.1.0.101 2008.10.04 -
TrendMicro 8.700.0.1004 2008.10.06 -
VBA32 3.12.8.6 2008.10.05 -
ViRobot 2008.10.6.1408 2008.10.06 -
VirusBuster 4.5.11.0 2008.10.06 -[/QUOTE]
Дополнительная информация
File size: 118784 bytes
MD5...: 62a4f04a1d6b90e645734208e49581aa
SHA1..: a587c79df47ba07dbb42ee9072ab54c3fcc565de
SHA256: 6f9f1f73421f7c15a62012d699661a5951788c8b9a9c74bd00fa2f5b706f4122
SHA512: eb940ee943426abce0e77914abceb6879c7ba76bb485e320ffe5544099baa440
3c2aefeeb4413480f0eaed408a97d1f5e100280fdb01ab88d409fb9c47677d86
PEiD..: -

Файл avz00001.dta получен 2008.10.06 20:29:25 (CET)
Текущий статус: закончено
Результат: 2/36 (5.56%)

[QUOTE]Антивирус Версия Обновление Результат
AhnLab-V3 2008.10.3.2 2008.10.06 -
AntiVir 7.8.1.34 2008.10.06 -
Authentium 5.1.0.4 2008.10.06 -
[B]Avast 4.8.1248.0 2008.10.05 Win32:Trojan-gen {Other}[/B]
AVG 8.0.0.161 2008.10.06 -
BitDefender 7.2 2008.10.06 -
CAT-QuickHeal 9.50 2008.10.06 -
ClamAV 0.93.1 2008.10.06 -
DrWeb 4.44.0.09170 2008.10.06 -
eSafe 7.0.17.0 2008.10.05 -
eTrust-Vet 31.6.6131 2008.10.06 -
Ewido 4.0 2008.10.06 -
F-Prot 4.4.4.56 2008.10.05 -
F-Secure 8.0.14332.0 2008.10.06 -
Fortinet 3.113.0.0 2008.10.06 -
GData 19 2008.10.06 -
Ikarus T3.1.1.34.0 2008.10.06 -
K7AntiVirus 7.10.486 2008.10.06 -
Kaspersky 7.0.0.125 2008.10.06 -
McAfee 5398 2008.10.04 -
Microsoft 1.4005 2008.10.06 -
NOD32 3497 2008.10.06 -
Norman 5.80.02 2008.10.06 -
Panda 9.0.0.4 2008.10.06 -
PCTools 4.4.2.0 2008.10.06 -
Prevx1 V2 2008.10.06 -
Rising 20.65.02.00 2008.10.06 -
[B]SecureWeb-Gateway 6.7.6 2008.10.06 Trojan.Dropper.Gen[/B]
Sophos 4.34.0 2008.10.06 -
Sunbelt 3.1.1704.1 2008.10.06 -
Symantec 10 2008.10.06 -
TheHacker 6.3.1.0.101 2008.10.04 -
TrendMicro 8.700.0.1004 2008.10.06 -
VBA32 3.12.8.6 2008.10.05 -
ViRobot 2008.10.6.1408 2008.10.06 -
VirusBuster 4.5.11.0 2008.10.06 -
[/QUOTE]
Дополнительная информация
File size: 10442752 bytes
MD5...: 3eccb91f73aff9af873e4462d457c8b1
SHA1..: 39a48cdc83c556daa506f161d377ad0610419dae
SHA256: 608964e0b100bc8294c4e86c6d5e1c59dc02ea642339960b7c13bde3654b6a15
SHA512: c73b903a61b765fbb491dee963e23955ffbe35c3ba370dbc4143c8c4fda990d1
e8b9bb3bbd6f97cd3cd466673c15e1d4795fca7e8c23c49856e854e544d2618f
PEiD..: -

Файл avz00004.dta получен 2008.10.06 20:33:10 (CET)
Текущий статус: закончено
Результат: 11/36 (30.56%)

[QUOTE]Антивирус Версия Обновление Результат
AhnLab-V3 2008.10.3.2 2008.10.06 -
AntiVir 7.8.1.34 2008.10.06 -
Authentium 5.1.0.4 2008.10.06 -
Avast 4.8.1248.0 2008.10.05 -
[B]AVG 8.0.0.161 2008.10.06 Generic11.ARUR[/B]
BitDefender 7.2 2008.10.06 -
[B]CAT-QuickHeal 9.50 2008.10.06 (Suspicious) - DNAScan[/B]
ClamAV 0.93.1 2008.10.06 -
DrWeb 4.44.0.09170 2008.10.06 -
[B]eSafe 7.0.17.0 2008.10.05 Suspicious File[/B]
eTrust-Vet 31.6.6131 2008.10.06 -
Ewido 4.0 2008.10.06 -
F-Prot 4.4.4.56 2008.10.05 -
F-Secure 8.0.14332.0 2008.10.06 -
Fortinet 3.113.0.0 2008.10.06 -
GData 19 2008.10.06 -
Ikarus T3.1.1.34.0 2008.10.06 -
K7AntiVirus 7.10.486 2008.10.06 -
[B]Kaspersky 7.0.0.125 2008.10.06 Trojan-Downloader.Win32.Small.aepy
McAfee 5398 2008.10.04 FakeAlert-AG.gen.a[/B]
[B]Microsoft 1.4005 2008.10.06 TrojanDownloader:Win32/Renos.gen!AU
NOD32 3497 2008.10.06 a variant of Win32/Adware.XPAntivirus.AA[/B]
Norman 5.80.02 2008.10.06 -
Panda 9.0.0.4 2008.10.06 -
PCTools 4.4.2.0 2008.10.06 -
[B]Prevx1 V2 2008.10.06 Cloaked Malware[/B]
Rising 20.65.02.00 2008.10.06 -
[B]SecureWeb-Gateway 6.7.6 2008.10.06 Trojan.Crypt.LooksLike.CFI
Sophos 4.34.0 2008.10.06 Mal/EncPk-CZ[/B]
Sunbelt 3.1.1704.1 2008.10.06 -
Symantec 10 2008.10.06 -
TheHacker 6.3.1.0.101 2008.10.04 -
TrendMicro 8.700.0.1004 2008.10.06 -
VBA32 3.12.8.6 2008.10.05 -
ViRobot 2008.10.6.1408 2008.10.06 -
[B]VirusBuster 4.5.11.0 2008.10.06 Trojan.FakeAlert.Gen!Pac.2[/B]
[/QUOTE]
Дополнительная информация
File size: 184832 bytes
MD5...: f1538453fe8999f364a179a5cc850989
SHA1..: 63981bfd85f91cca0cd42c7abc9315566c62c530
SHA256: b749b03567f37fa03fa4a0301b72c4e5a0f81d14c0f0099a338d3e4d7c6667c2
SHA512: e1b1c798824fce58b151ac4026c52509302eb0cd11cfee0f1077f59a2505355d
e5f00773b10de4fed5fdae63cc4edfc7801b3405ebe7d7099e7ffc1ef281935f
PEiD..: -

[size="1"][color="#666686"][B][I]Добавлено через 3 часа 16 минут[/I][/B][/color][/size]

Файл MESSAGES.TBB получен 2008.10.06 23:46:15 (CET)
Текущий статус: закончено
Результат: 10/36 (27.78%)

[QUOTE]Антивирус Версия Обновление Результат
AhnLab-V3 2008.10.3.2 2008.10.06 -
AntiVir 7.8.1.34 2008.10.06 -
Authentium 5.1.0.4 2008.10.06 -
Avast 4.8.1248.0 2008.10.06 -
AVG 8.0.0.161 2008.10.06 -
BitDefender 7.2 2008.10.06 -
CAT-QuickHeal 9.50 2008.10.06 -
ClamAV 0.93.1 2008.10.06 -
[B]DrWeb 4.44.0.09170 2008.10.06 VBS.PackFor[/B]
eSafe 7.0.17.0 2008.10.05 -
eTrust-Vet 31.6.6131 2008.10.06 -
Ewido 4.0 2008.10.06 -
F-Prot 4.4.4.56 2008.10.06 -
[B]F-Secure 8.0.14332.0 2008.10.06 Trojan.Win32.Pakes.ktl[/B]
Fortinet 3.113.0.0 2008.10.06 -
[B]GData 19 2008.10.06 Trojan.Downloader.JS.Laugma.AB
Ikarus T3.1.1.34.0 2008.10.06 Trojan-Clicker.HTML.IFrame.lc[/B]
K7AntiVirus 7.10.486 2008.10.06 -
[B]Kaspersky 7.0.0.125 2008.10.06 Trojan.Win32.Pakes.ktl
McAfee 5398 2008.10.04 JS/Downloader-AUD
Microsoft 1.4005 2008.10.06 TrojanDownloader:JS/Psyme.gen[/B]
NOD32 3497 2008.10.06 -
Norman 5.80.02 2008.10.06 -
Panda 9.0.0.4 2008.10.06 -
[B]PCTools 4.4.2.0 2008.10.06 JS.Agent.B[/B]
Prevx1 V2 2008.10.06 -
Rising 20.65.02.00 2008.10.06 -
SecureWeb-Gateway 6.7.6 2008.10.06 -
[B]Sophos 4.34.0 2008.10.06 Mal/ObfJS-AB[/B]
Sunbelt 3.1.1706.1 2008.10.06 -
Symantec 10 2008.10.06 -
TheHacker 6.3.1.0.102 2008.10.06 -
[B]TrendMicro 8.700.0.1004 2008.10.06 Mal_Hifrm-2[/B]
VBA32 3.12.8.6 2008.10.05 -
ViRobot 2008.10.6.1408 2008.10.06 -
VirusBuster 4.5.11.0 2008.10.06 -[/QUOTE]
Дополнительная информация
File size: 74919 bytes
MD5...: 9b5543b27dfc504c219f9c8d6daa394b
SHA1..: 7429df79d3225a36cc725ae6b5bf1a0ac19893d4
SHA256: 6ddb6eb4db76cbcd14bfbd9a9f014ab6e6663a643433f4d7dfd2b0ed78e6fbd0
SHA512: e1421452f5a3801cb7ddbdded48967474eae9c10d687dec99f6eaedc6a22cda0
31fd23d7902891ab635bf2ea93a72a81c79f20e766310f9af7e36635d19e1e1c
PEiD..: -
TrID..: File type identification
The Bat! Message Base (99.8%)
HSC music composer song (0.1%)
Lumena CEL bitmap (0.0%)
Corel Photo Paint (0.0%)
VXD Driver (0.0%)
PEInfo: -
07.10.2008, 09:56
ZhIV

Файл opr04WJI.htm получен 2008.10.07 07:38:34 (CET)
[code]
AhnLab-V3 2008.10.3.2 2008.10.06 -
AntiVir 7.8.1.34 2008.10.06 -
Authentium 5.1.0.4 2008.10.07 -
Avast 4.8.1248.0 2008.10.06 -
[B]AVG 8.0.0.161 2008.10.06 Exploit[/B]
BitDefender 7.2 2008.10.07 -
CAT-QuickHeal 9.50 2008.10.07 -
ClamAV 0.93.1 2008.10.07 -
[B]DrWeb 4.44.0.09170 2008.10.06 VBS.PackFor[/B]
eSafe 7.0.17.0 2008.10.07 -
eTrust-Vet 31.6.6132 2008.10.06 -
Ewido 4.0 2008.10.06 -
F-Prot 4.4.4.56 2008.10.06 -
F-Secure 8.0.14332.0 2008.10.07 -
Fortinet 3.113.0.0 2008.10.07 -
GData 19 2008.10.07 -
Ikarus T3.1.1.34.0 2008.10.07 -
K7AntiVirus 7.10.486 2008.10.06 -
Kaspersky 7.0.0.125 2008.10.06 -
McAfee 5398 2008.10.04 -
Microsoft 1.4005 2008.10.07 -
NOD32 3498 2008.10.07 -
Norman 5.80.02 2008.10.06 -
Panda 9.0.0.4 2008.10.07 -
PCTools 4.4.2.0 2008.10.06 -
Prevx1 V2 2008.10.07 -
Rising 20.65.02.00 2008.10.06 -
SecureWeb-Gateway 6.7.6 2008.10.06 -
[B]Sophos 4.34.0 2008.10.07 Mal/ObfJS-AJ[/B]
Sunbelt 3.1.1707.1 2008.10.07 -
Symantec 10 2008.10.07 -
TheHacker 6.3.1.0.102 2008.10.07 -
TrendMicro 8.700.0.1004 2008.10.07 -
VBA32 3.12.8.6 2008.10.07 -
ViRobot 2008.10.7.1409 2008.10.07 -
VirusBuster 4.5.11.0 2008.10.06 -
[/code]
Дополнительная информация
File size: 40729 bytes
MD5...: 7842dd0880feb829572c2ef34fa63398
SHA1..: 7f66da7a637d952d2e8fa8a0c6355b4c1f419258
SHA256: 12041e906e9e2b8f97a5479e046e79341823b5491284025b8ac4788c8accc812
SHA512: fbf67548b63cde7a4a97bdfc0c1e4a45085877c8ef0af9d6820bf73e5b5198af<BR>c39224255a289c83cf880d69a155efeada1e05e6c6edd085542ff3e5a57652b7
PEiD..: -
07.10.2008, 20:55
senyak

Файл uzrlib.dll получен 2008.10.07 18:52:03 (CET)
Текущий статус: закончено
Результат: 13/36 (36.12%)

[QUOTE]Антивирус Версия Обновление Результат
AhnLab-V3 2008.10.3.2 2008.10.07 -
[B]AntiVir 7.8.1.34 2008.10.07 TR/BHO.Agent.mwe[/B]
Authentium 5.1.0.4 2008.10.07 -
[B]Avast 4.8.1248.0 2008.10.07 Win32:Hexzone-C
AVG 8.0.0.161 2008.10.07 Adload_r.CG[/B]
BitDefender 7.2 2008.10.07 -
CAT-QuickHeal 9.50 2008.10.07 -
ClamAV 0.93.1 2008.10.07 -
[B]DrWeb 4.44.0.09170 2008.10.07 Trojan.Blackmailer.origin[/B]
eSafe 7.0.17.0 2008.10.07 -
eTrust-Vet 31.6.6133 2008.10.07 -
Ewido 4.0 2008.10.07 -
[B]F-Prot 4.4.4.56 2008.10.06 W32/AdClicker.E.gen!Eldorado
F-Secure 8.0.14332.0 2008.10.07 Trojan-Ransom.Win32.Hexzone.om[/B]
Fortinet 3.113.0.0 2008.10.07 -
[B]GData 19 2008.10.07 Win32:Hexzone-C[/B]
[B]Ikarus T3.1.1.34.0 2008.10.07 Trojan.BHO.Agent.mwe[/B]
K7AntiVirus 7.10.487 2008.10.07 -
[B]Kaspersky 7.0.0.125 2008.10.07 Trojan-Ransom.Win32.Hexzone.om[/B]
McAfee 5399 2008.10.07 -
Microsoft 1.4005 2008.10.07 -
[B]NOD32 3501 2008.10.07 a variant of Win32/BHO.NHU[/B]
Norman 5.80.02 2008.10.06 -
Panda 9.0.0.4 2008.10.07 -
PCTools 4.4.2.0 2008.10.07 -
Prevx1 V2 2008.10.07 Adware
Rising 20.65.12.00 2008.10.07 -
[B]SecureWeb-Gateway 6.7.6 2008.10.07 Trojan.BHO.Agent.mwe[/B]
Sophos 4.34.0 2008.10.07 -
[B]Sunbelt 3.1.1708.1 2008.10.07 Trojan.Clicker.BHO.AV[/B]
Symantec 10 2008.10.07 -
TheHacker 6.3.1.0.102 2008.10.07 -
TrendMicro 8.700.0.1004 2008.10.07 -
VBA32 3.12.8.6 2008.10.07 -
ViRobot 2008.10.7.1410 2008.10.07 -
VirusBuster 4.5.11.0 2008.10.07 -[/QUOTE]
Дополнительная информация
File size: 359424 bytes
MD5...: e2f9d130e95e9a7ce358a4dd5a711ef6
SHA1..: e70a0e2c0a3573cd8e1238bdab1a0dd816ab0463
SHA256: 7050863d1dff1594135adb201b0d4e47827ba2fd7879915e89be5f8f8ebc2336
SHA512: 32c808ac60a0e6159a7659c72b7ef5b1018261bdbc06d482ace3ffd7220e6ea7
8e19101d143ef0686c8ee7d78339ceb40943ef2bac00959fb8d4cc75a4178df7
PEiD..: -
07.10.2008, 21:04
zorro84

[CODE]AhnLab-V3 2008.10.3.2 2008.10.07 -
[B]AntiVir 7.8.1.34 2008.10.07 TR/Crypt.CFI.Gen[/B]
Authentium 5.1.0.4 2008.10.07 -
[B]Avast 4.8.1248.0 2008.10.07 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.10.07 Worm/Autoit.DBD
BitDefender 7.2 2008.10.07 Win32.Worm.Sohanad.NCC
CAT-QuickHeal 9.50 2008.10.07 Trojan.Autoit.dt[/B]
ClamAV 0.93.1 2008.10.07 -
DrWeb 4.44.0.09170 2008.10.07 -
[B]eSafe 7.0.17.0 2008.10.07 Win32.Autoit.dt
eTrust-Vet 31.6.6133 2008.10.07 Win32/SillyAutorun.QU[/B]
Ewido 4.0 2008.10.07 -
F-Prot 4.4.4.56 2008.10.06 -
[B]F-Secure 8.0.14332.0 2008.10.07 Trojan.Win32.Autoit.dt
Fortinet 3.113.0.0 2008.10.07 W32/Autoit.DT!tr
GData 19 2008.10.07 Win32.Worm.Sohanad.NCC
Ikarus T3.1.1.34.0 2008.10.07 Trojan.Win32.Autoit.dt
K7AntiVirus 7.10.487 2008.10.07 Worm.Win32.AutoIt.cg
Kaspersky 7.0.0.125 2008.10.07 Trojan.Win32.Autoit.dt
McAfee 5399 2008.10.07 W32/YahLover.worm
Microsoft 1.4005 2008.10.07 Trojan:Win32/Meredrop
NOD32 3501 2008.10.07 Win32/Packed.Autoit.Gen
Norman 5.80.02 2008.10.06 AutoRun.FYV
Panda 9.0.0.4 2008.10.07 W32/Sohanat.AS.worm[/B]
PCTools 4.4.2.0 2008.10.07 -
[B]Prevx1 V2 2008.10.07 Cloaked Malware[/B]
Rising 20.65.12.00 2008.10.07 -
[B]SecureWeb-Gateway 6.7.6 2008.10.07 Trojan.Crypt.CFI.Gen
Sophos 4.34.0 2008.10.07 Mal/Generic-A[/B]
Sunbelt 3.1.1708.1 2008.10.07 -
[B]Symantec 10 2008.10.07 W32.SillyFDC
TheHacker 6.3.1.0.102 2008.10.07 Trojan/Autoit.dt
TrendMicro 8.700.0.1004 2008.10.07 WORM_AUTORUN.AB
VBA32 3.12.8.6 2008.10.07 Worm.Win32.AutoIt.cg[/B]
ViRobot 2008.10.7.1410 2008.10.07 -
VirusBuster 4.5.11.0 2008.10.07 -
Дополнительная информация
File size: 453700 bytes
MD5...: ff595c6c3298c332f15c9c321a5ec37b
SHA1..: 9f6efc8b0e00a37c2c7149a6e6de773cb46ee98e[/CODE]

[CODE][B]AhnLab-V3 2008.10.3.2 2008.10.07 Win-Trojan/MalPacked.Gen
AntiVir 7.8.1.34 2008.10.07 TR/Crypt.NSPM.Gen
Authentium 5.1.0.4 2008.10.07 W32/Worm.MUG
Avast 4.8.1248.0 2008.10.07 Win32:Oliga
AVG 8.0.0.161 2008.10.07 Generic9.ARIT
BitDefender 7.2 2008.10.07 Packer.Malware.NSAnti.1
CAT-QuickHeal 9.50 2008.10.07 Win32.Packed.NSAnti.r[/B]
ClamAV 0.93.1 2008.10.07 -
[B]DrWeb 4.44.0.09170 2008.10.07 Trojan.PWS.Wsgame.2721
eSafe 7.0.17.0 2008.10.07 Suspicious File[/B]
eTrust-Vet 31.6.6133 2008.10.07 -
[B]Ewido 4.0 2008.10.07 Worm.AutoRun.bvo
F-Prot 4.4.4.56 2008.10.06 W32/Worm.MUG
F-Secure 8.0.14332.0 2008.10.07 Worm.Win32.AutoRun.bvo
Fortinet 3.113.0.0 2008.10.07 W32/OnLineGames.fam!tr.pws
GData 19 2008.10.07 Packer.Malware.NSAnti.1
Ikarus T3.1.1.34.0 2008.10.07 Worm.Win32.AutoRun.bvo
K7AntiVirus 7.10.487 2008.10.07 Worm.Win32.AutoRun.bvo
Kaspersky 7.0.0.125 2008.10.07 Worm.Win32.AutoRun.bvo
McAfee 5399 2008.10.07 PWS-Gamania.gen.a
Microsoft 1.4005 2008.10.07 Worm:Win32/Taterf.gen!D
NOD32 3501 2008.10.07 Win32/Pacex.Gen
Norman 5.80.02 2008.10.06 W32/Smalltroj.CIRQ
Panda 9.0.0.4 2008.10.07 Suspicious file
PCTools 4.4.2.0 2008.10.07 Trojan.Lineage.Gen!Pac.3
Prevx1 V2 2008.10.07 Malicious Software
Rising 20.65.12.00 2008.10.07 Packer.Win32.Mian007.a
SecureWeb-Gateway 6.7.6 2008.10.07 Trojan.Crypt.NSPM.Gen
Sophos 4.34.0 2008.10.07 Mal/EncPk-CE[/B]
Sunbelt 3.1.1708.1 2008.10.07 -
[B]Symantec 10 2008.10.07 Infostealer.Gampass
TheHacker 6.3.1.0.102 2008.10.07 W32/AutoRun.bvo
TrendMicro 8.700.0.1004 2008.10.07 Mal_NSAnti-1
VBA32 3.12.8.6 2008.10.07 Malware-Cryptor.Win32.NSAnti
ViRobot 2008.10.7.1410 2008.10.07 Trojan.Win32.Amvo.Gen
VirusBuster 4.5.11.0 2008.10.07 Trojan.Onlinegames.Gen!Pac.73[/B]
Дополнительная информация
File size: 146493 bytes
MD5...: c6d471b11fd3a0ca583bc897c816ee7d
SHA1..: 2dc510ab29660757a5d60a257409a9310c1132b8
[/CODE]
[CODE][B]AhnLab-V3 2008.10.3.2 2008.10.07 Win32/Autorun.worm.123873
AntiVir 7.8.1.34 2008.10.07 TR/Crypt.NSPM.Gen
Authentium 5.1.0.4 2008.10.07 W32/Pws.AAFV
Avast 4.8.1248.0 2008.10.07 Win32:Oliga
AVG 8.0.0.161 2008.10.07 PSW.OnlineGames.XJJ
BitDefender 7.2 2008.10.07 Packer.Malware.NSAnti.1
CAT-QuickHeal 9.50 2008.10.07 Win32.Packed.NSAnti.r
ClamAV 0.93.1 2008.10.07 Trojan.Agent-10379
DrWeb 4.44.0.09170 2008.10.07 Trojan.PWS.Wsgame.2387
eSafe 7.0.17.0 2008.10.07 Suspicious File
eTrust-Vet 31.6.6133 2008.10.07 Win32/Frethog.ATP
Ewido 4.0 2008.10.07 Trojan.OnLineGames.lfi
F-Prot 4.4.4.56 2008.10.06 W32/Pws.AAFV
F-Secure 8.0.14332.0 2008.10.07 Trojan-GameThief.Win32.OnLineGames.lfi
Fortinet 3.113.0.0 2008.10.07 W32/OnLineGames.fam!tr.pws
GData 19 2008.10.07 Packer.Malware.NSAnti.1
Ikarus T3.1.1.34.0 2008.10.07 Trojan-GameThief.Win32.OnLineGames.lfi
K7AntiVirus 7.10.487 2008.10.07 Trojan-PSW.Win32.OnLineGames.lfi
Kaspersky 7.0.0.125 2008.10.07 Trojan-GameThief.Win32.OnLineGames.lfi
McAfee 5399 2008.10.07 PWS-Gamania.gen.a
Microsoft 1.4005 2008.10.07 PWS:Win32/Frethog.D
NOD32 3501 2008.10.07 Win32/Pacex.Gen
Norman 5.80.02 2008.10.06 W32/NSAnti.EKS
Panda 9.0.0.4 2008.10.07 W32/Lineage.GQY.worm
PCTools 4.4.2.0 2008.10.07 Trojan.PWS.OnLineGames.COB
Prevx1 V2 2008.10.07 Cloaked Malware
Rising 20.65.12.00 2008.10.07 Packer.Win32.Mian007.a
SecureWeb-Gateway 6.7.6 2008.10.07 Trojan.Crypt.NSPM.Gen
Sophos 4.34.0 2008.10.07 Troj/OnLineG-AJ
Sunbelt 3.1.1708.1 2008.10.07 Trojan-PSW.Win32.OnLineGames.lfi
Symantec 10 2008.10.07 W32.Gammima.AG
TheHacker 6.3.1.0.102 2008.10.07 Trojan/PSW.OnLineGames.lfi
TrendMicro 8.700.0.1004 2008.10.07 Mal_NSAnti-1
VBA32 3.12.8.6 2008.10.07 Malware-Cryptor.Win32.NSAnti
ViRobot 2008.10.7.1410 2008.10.07 Trojan.Win32.Amvo.Gen
VirusBuster 4.5.11.0 2008.10.07 Trojan.PWS.OnLineGames.COB
[/B]Дополнительная информация
File size: 123873 bytes
MD5...: 0083adff7ea4534e61ab4629778ff917
SHA1..: 215d5eef0353b9f8fff9d0f0ceb71ba5059a193b[/CODE]
10.10.2008, 01:48
senyak

Файл help.exe получен 2008.10.09 21:46:20 (CET)
Текущий статус: закончено
Результат: 15/36 (41.67%)

[QUOTE]Антивирус Версия Обновление Результат
AhnLab-V3 2008.10.10.0 2008.10.09 -
[B]AntiVir 7.8.1.34 2008.10.09 TR/Crypt.CFI.Gen
Authentium 5.1.0.4 2008.10.09 W32/Vaklik.ge[/B]n
Avast 4.8.1248.0 2008.10.09 -
[B]AVG 8.0.0.161 2008.10.09 Win32/Heur[/B]
BitDefender 7.2 2008.10.09 -
[B]CAT-QuickHeal 9.50 2008.10.08 (Suspicious) - DNAScan[/B]
ClamAV 0.93.1 2008.10.09 -
DrWeb 4.44.0.09170 2008.10.09 -
[B]eSafe 7.0.17.0 2008.10.08 Suspicious File[/B]
eTrust-Vet 31.6.6137 2008.10.09 -
Ewido 4.0 2008.10.09 -
[B]F-Prot 4.4.4.56 2008.10.08 W32/Vaklik.gen[/B]
F-Secure 8.0.14332.0 2008.10.09 -
Fortinet 3.113.0.0 2008.10.09 -
GData 19 2008.10.09 -
[B]Ikarus T3.1.1.34.0 2008.10.09 PWS.Win32.OnLineGames.ER[/B]
K7AntiVirus 7.10.489 2008.10.09 -
Kaspersky 7.0.0.125 2008.10.09 -
McAfee 5402 2008.10.09 -
[B]Microsoft 1.4005 2008.10.09 PWS:Win32/OnLineGames.ER[/B]
NOD32 3507 2008.10.09 -
Norman 5.80.02 2008.10.09 -
[B]Panda 9.0.0.4 2008.10.09 Suspicious file
PCTools 4.4.2.0 2008.10.09 Trojan.Peed.Gen!Pac[/B]
Prevx1 V2 2008.10.09 -
[B]Rising 20.65.32.00 2008.10.09 Packer.Win32.Agent.f
SecureWeb-Gateway 6.7.6 2008.10.09 Trojan.Crypt.CFI.Gen
Sophos 4.34.0 2008.10.09 Sus/UnkPacker[/B]
Sunbelt 3.1.1708.1 2008.10.09 -
Symantec 10 2008.10.09 -
TheHacker 6.3.1.0.103 2008.10.07 -
[B]TrendMicro 8.700.0.1004 2008.10.09 PAK_Generic.001[/B]
VBA32 3.12.8.6 2008.10.09 -
ViRobot 2008.10.9.1414 2008.10.09 -
[B]VirusBuster 4.5.11.0 2008.10.09 Trojan.Peed.Gen!Pac[/B][/QUOTE]
Дополнительная информация
File size: 109056 bytes
MD5...: bd6a45a2f84ab7790c15ffb8dfbdfea7
SHA1..: dff64ccbe2a37d64567452f5f907453359580e73
SHA256: 695d80f57e2f1077406e3ee7c149db3cb3da78d4372878ebc8a14f851c6239f4
SHA512: 22d3db48eb8a5be866140947b9a93ce2652b9051f80a1ed1d65c2de04dc8e43d
f389fd793324d53e10d0c64a88113f4c18564e168e4c3ad7ac7923b9a44727b3
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
12.10.2008, 19:47
senyak

Файл autorun.rar получен 2008.10.12 17:38:27 (CET)
Текущий статус: закончено
Результат: 16/36 (44.45%)

[QUOTE]Антивирус Версия Обновление Результат
AhnLab-V3 2008.10.10.1 2008.10.10 -
[B]AntiVir 7.8.1.34 2008.10.11 TR/Spy.188
Authentium 5.1.0.4 2008.10.11 IS/Autorun
Avast 4.8.1248.0 2008.10.11 VBS:Malware-gen[/B]
AVG 8.0.0.161 2008.10.12 -
BitDefender 7.2 2008.10.12 -
CAT-QuickHeal 9.50 2008.10.11 -
ClamAV 0.93.1 2008.10.12 -
DrWeb 4.44.0.09170 2008.10.12 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6141 2008.10.10 -
Ewido 4.0 2008.10.12 -
[B]F-Prot 4.4.4.56 2008.10.11 IS/Autorun
F-Secure 8.0.14332.0 2008.10.12 BAT/AutoRun.AE[/B]
Fortinet 3.113.0.0 2008.10.12 -
[B]GData 19 2008.10.12 VBS:Malware-gen
Ikarus T3.1.1.34.0 2008.10.12 Worm.Win32.Autorun[/B]
K7AntiVirus 7.10.491 2008.10.11 -
Kaspersky 7.0.0.125 2008.10.12 -
[B]McAfee 5403 2008.10.11 Generic!atr
Microsoft 1.4005 2008.10.12 Worm:Win32/Autorun!inf[/B]
[B]NOD32 3515 2008.10.11 INF/Autorun.gen
Norman 5.80.02 2008.10.10 BAT/AutoRun.AE[/B]
Panda 9.0.0.4 2008.10.12 -
[B]PCTools 4.4.2.0 2008.10.12 INF.Autorun.Gen[/B]
Prevx1 V2 2008.10.12 -
Rising 20.65.42.00 2008.10.10 -
[B]SecureWeb-Gateway 6.7.6 2008.10.11 Trojan.Spy.188[/B]
Sophos 4.34.0 2008.10.12 -
[B]Sunbelt 3.1.1716.1 2008.10.12 INF.Autorun (v)[/B]
Symantec 10 2008.10.12 -
TheHacker 6.3.1.0.108 2008.10.11 -
[B]TrendMicro 8.700.0.1004 2008.10.10 Mal_Otorun1[/B]
VBA32 3.12.8.6 2008.10.12 -
ViRobot 2008.10.10.1416 2008.10.10 -
[B]VirusBuster 4.5.11.0 2008.10.11 INF.Autorun.Gen[/B][/QUOTE]
Дополнительная информация
File size: 174 bytes
MD5...: bbea1b3c03c81e22cd32f2295661b111
SHA1..: 022337eab889151469fa4cae0cb2363503479b67
SHA256: 370293e38ebf01ca32e523296320b923f57c51fd5d20347a1e4278a86b59b4fe
SHA512: 9186dbf590db0bcdadc74de3804dbdcce93435f42641d2e9c8f8abb40d777e73
39ad83bc364963443fb9ed529c2068d425f89ce7de8094799e8cad92082cdf3c
PEiD..: -
13.10.2008, 09:01
ISO

Файл boot.exe получен 2008.10.13 06:27:34 (CET)

Результат: 21/36 (58.34%)

[QUOTE]Антивирус Версия Обновление Результат
AhnLab-V3 2008.10.10.1 2008.10.10 -
[B]AntiVir 7.8.1.34 2008.10.12 Worm/Autorun.okh[/B]
Authentium 5.1.0.4 2008.10.12 -
[B]Avast 4.8.1248.0 2008.10.12 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.10.12 Worm/Generic.KLL
BitDefender 7.2 2008.10.13 BehavesLike:Trojan.StartPage
CAT-QuickHeal 9.50 2008.10.13 Worm.AutoRun.okh[/B]
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 -
[B]eSafe 7.0.17.0 2008.10.12 Win32.AutoRun.okh[/B]
eTrust-Vet 31.6.6141 2008.10.10 -
Ewido 4.0 2008.10.12 -
F-Prot 4.4.4.56 2008.10.12 -
[B]F-Secure 8.0.14332.0 2008.10.13 Worm.Win32.AutoRun.okh
Fortinet 3.113.0.0 2008.10.13 W32/AutoRun.OKH!worm
GData 19 2008.10.13 Win32:Trojan-gen {Other}
Ikarus T3.1.1.34.0 2008.10.13 BehavesLike.Trojan.StartPage
K7AntiVirus 7.10.491 2008.10.11 Worm.Win32.AutoRun.okh
Kaspersky 7.0.0.125 2008.10.13 Worm.Win32.AutoRun.okh
McAfee 5403 2008.10.11 W32/Autorun.worm.gen[/B]
Microsoft 1.4005 2008.10.13 -
[B]NOD32 3516 2008.10.13 probably a variant of Win32/Autorun[/B]
Norman 5.80.02 2008.10.10 -
[B]Panda 9.0.0.4 2008.10.12 Suspicious file[/B]
PCTools 4.4.2.0 2008.10.12 -
Prevx1 V2 2008.10.13 Suspicious
Rising 20.65.42.00 2008.10.10 -
[B]SecureWeb-Gateway 6.7.6 2008.10.12 Worm.Autorun.okh
Sophos 4.34.0 2008.10.13 Mal/Generic-A
Sunbelt 3.1.1719.1 2008.10.13 Worm.Win32.AutoRun.okh[/B]
Symantec 10 2008.10.13 -
TheHacker 6.3.1.0.108 2008.10.11 -
[B]TrendMicro 8.700.0.1004 2008.10.13 Mal_Otorun5
VBA32 3.12.8.6 2008.10.12 Worm.Win32.AutoRun.okh[/B]
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.12 -[/QUOTE]
Дополнительная информация
File size: 117761 bytes
MD5...: 75d3872c7e449855fc4dbe407bdceffc
SHA1..: b5be09cdd1b7e8db62f874400fcf02f86500f52f
SHA256: 2d1b60486680d049a77458d9d036a26f4625a2d9a544ccacfb0f86f79c2e629d
SHA512: b798e91cceb3948f3c3cd35cceb1ca4ba7c1cfd030fbec28dd2a541108ec4425
1765087b88779b40193ce0f61520628724ea64688b4bb6565d0fba5b2926c2c6
PEiD..: -
TrID..: File type identification
Win32 Executable Borland Delphi 7 (96.7%)
Win32 Executable Generic (1.2%)
Win32 Dynamic Link Library (generic) (1.0%)
Win16/32 Executable Delphi generic (0.2%)
Generic Win/DOS Executable (0.2%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4188b4
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x17a60 0x17c00 6.49 f2e496fc2a7dc7cfe4cfcc53737813e9
DATA 0x19000 0x650 0x800 3.58 204bdd3daa82e55fa976a9c708641ee5
BSS 0x1a000 0x8c1 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x1b000 0xd44 0xe00 4.68 7aa70f45f35a138db5514811a26e7122
.tls 0x1c000 0xc 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x1d000 0x18 0x200 0.20 f93f0f5e58a36c4601c1e6f1a813a836
.reloc 0x1e000 0x1d94 0x1e00 6.65 94bd2f5df3ec3bd3c5d5b64522152d5d
.rsrc 0x20000 0x1600 0x1600 3.46 5fa31beca58c61517faf7e9e8c842456
15.10.2008, 15:05
Hanson

[B]C:\Documents and Settings\Tatyana\рабочий стол\ieupdr2.exe[/B]

Файл avz00002.dta получен 2008.10.15 12:55:07 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 13/36 (36.12%)
[CODE]Антивирус Версия Обновление Результат
AhnLab-V3 2008.10.15.2 2008.10.15 -
AntiVir 7.8.1.34 2008.10.15 -
Authentium 5.1.0.4 2008.10.15 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.15 -
BitDefender 7.2 2008.10.15 -
[B]CAT-QuickHeal 9.50 2008.10.14 (Suspicious) - DNAScan
ClamAV 0.93.1 2008.10.15 Trojan.OnlineGames-1517[/B]
DrWeb 4.44.0.09170 2008.10.15 -
[B]eSafe 7.0.17.0 2008.10.15 Suspicious File[/B]
eTrust-Vet 31.6.6147 2008.10.14 -
Ewido 4.0 2008.10.14 -
F-Prot 4.4.4.56 2008.10.14 -
[B]F-Secure 8.0.14332.0 2008.10.15 W32/Packed/FSG_2.A[/B]
Fortinet 3.113.0.0 2008.10.15 -
GData 19 2008.10.15 -
Ikarus T3.1.1.34.0 2008.10.15 -
K7AntiVirus 7.10.493 2008.10.14 -
Kaspersky 7.0.0.125 2008.10.15 -
McAfee 5405 2008.10.14 -
Microsoft 1.4005 2008.10.15 -
NOD32 3522 2008.10.14 -
[B]Norman 5.80.02 2008.10.14 W32/Packed_FSG.D
Panda 9.0.0.4 2008.10.14 Suspicious file
PCTools 4.4.2.0 2008.10.14 Packed/FSG
Prevx1 V2 2008.10.15 Malicious Software[/B]
Rising 20.66.22.00 2008.10.15 -
[B]SecureWeb-Gateway 6.7.6 2008.10.15 Win32.Malware.gen#FSG [/B](suspicious)
[B]Sophos 4.34.0 2008.10.15 Sus/UnkPacker
Sunbelt 3.1.1725.1 2008.10.15 Trojan.Win32.Packed.gen (v)[/B]
Symantec 10 2008.10.15 -
TheHacker 6.3.1.0.112 2008.10.15 -
[B]TrendMicro 8.700.0.1004 2008.10.15 Cryp_Bits[/B]
VBA32 3.12.8.6 2008.10.14 -
ViRobot 2008.10.15.1421 2008.10.15 -
[B]VirusBuster 4.5.11.0 2008.10.14 Packed/FSG[/B][/CODE]

[QUOTE]Дополнительная информация
File size: 773 bytes
MD5...: c2b15a4f78906fee29b46670ebe2a909
SHA1..: a638458fd35147f1361d9f7d6b564af0bc3882fe
SHA256: 72eb91ccc610da4d98c2e9f8c26e6d911e90119ddd61cbf59e3d0c935f782e60
SHA512: bee0679f40d52fcbb429937cd081947ed2a2bd416583b200a2cea76816f9413a
2c9e2a09ba16d44d8a2af4429643270b51a4920d13fe8d3bb3925749ef8212b9
PEiD..: FSG v2.0 -> bart/xt
TrID..: File type identification
Generic Win/DOS Executable (49.8%)
DOS Executable Generic (49.8%)
Targa bitmap (Original TGA Format) (0.1%)
MS Flight Simulator Aircraft Performance Info (0.0%)[/QUOTE]

Показывать 40 сообщений этой темы на одной странице