Исследование антивирусов 7

Printable View

Показывать 40 сообщений этой темы на одной странице

16.04.2010, 16:41
Vadim_SVN

C:\Program Files\expdebug.exe висел дебагером к explorer.exe
В прикрытии шел подмененный [url=http://www.virustotal.com/ru/analisis/2486b420e81b090e85a7b20037941a5ab9b78898890121fb8d9ce8b7cb86658a-1271420982]userinit.exe на VT[/url]
Файл avz00001.dta получен 2010.04.16 12:29:57 (UTC)
Результат: [b]9/40[/b] (22.5%)

[CODE]Антивирус Версия Обновление Результат
[b]a-squared 4.5.0.50 2010.04.16 Virus.Win32.Small!IK[/b]
AhnLab-V3 5.0.0.2 2010.04.16 -
AntiVir 7.10.6.113 2010.04.16 -
Antiy-AVL 2.0.3.7 2010.04.16 -
Authentium 5.2.0.5 2010.04.16 -
Avast 4.8.1351.0 2010.04.16 -
Avast5 5.0.332.0 2010.04.16 -
AVG 9.0.0.787 2010.04.16 -
BitDefender 7.2 2010.04.16 -
[b]CAT-QuickHeal 10.00 2010.04.16 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.04.16 PUA.Packed.ASPack
Comodo 4614 2010.04.16 Heur.Packed.Unknown[/b]
DrWeb 5.0.2.03300 2010.04.16 -
eSafe 7.0.17.0 2010.04.15 -
eTrust-Vet 35.2.7429 2010.04.16 -
F-Prot 4.5.1.85 2010.04.16 -
[b]F-Secure 9.0.15370.0 2010.04.16 Suspicious:W32/Malware!Gemini[/b]
Fortinet 4.0.14.0 2010.04.16 -
GData 19 2010.04.16 -
[b]Ikarus T3.1.1.80.0 2010.04.16 Virus.Win32.Small[/b]
Jiangmin 13.0.900 2010.04.16 -
Kaspersky 7.0.0.125 2010.04.16 -
McAfee 5.400.0.1158 2010.04.16 -
[b]McAfee-GW-Edition 6.8.5 2010.04.16 Heuristic.LooksLike.Win32.Suspicious.H[/b]
Microsoft 1.5605 2010.04.16 -
NOD32 5033 2010.04.16 -
Norman 6.04.11 2010.04.16 -
nProtect 2010-04-16.01 2010.04.16 -
[b]Panda 10.0.2.7 2010.04.15 Suspicious file[/b]
PCTools 7.0.3.5 2010.04.16 -
[b]Prevx 3.0 2010.04.16 High Risk Spyware[/b]
Rising 22.43.04.04 2010.04.16 -
Sophos 4.52.0 2010.04.16 -
Sunbelt 6183 2010.04.16 -
Symantec 20091.2.0.41 2010.04.16 -
TheHacker 6.5.2.0.262 2010.04.15 -
TrendMicro 9.120.0.1004 2010.04.15 -
VBA32 3.12.12.4 2010.04.15 -
ViRobot 2010.4.16.2280 2010.04.16 -
VirusBuster 5.0.27.0 2010.04.16 -
[/CODE]
17.04.2010, 17:49
Korvelle

Приходит по icq.

File foto.jar received on 2010.04.17 13:35:26 (UTC)
Current status: Finished
Result: 5/40 (12.5%)
[QUOTE]Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.17 -
AhnLab-V3 5.0.0.2 2010.04.16 -
[B]AntiVir 7.10.6.115 2010.04.16 JAVA/Konov.O[/B]
Antiy-AVL 2.0.3.7 2010.04.16 -
Authentium 5.2.0.5 2010.04.16 -
Avast 4.8.1351.0 2010.04.17 -
Avast5 5.0.332.0 2010.04.17 -
AVG 9.0.0.787 2010.04.17 -
BitDefender 7.2 2010.04.17 -
CAT-QuickHeal 10.00 2010.04.17 -
ClamAV 0.96.0.3-git 2010.04.17 -
Comodo 4625 2010.04.17 -
DrWeb 5.0.2.03300 2010.04.17 -
eSafe 7.0.17.0 2010.04.15 -
eTrust-Vet 35.2.7430 2010.04.16 -
F-Prot 4.5.1.85 2010.04.17 -
[B]F-Secure 9.0.15370.0 2010.04.16 Riskware:Java/SmsSend.Gen!A[/B]
Fortinet 4.0.14.0 2010.04.17 -
GData 19 2010.04.17 -
[B]Ikarus T3.1.1.80.0 2010.04.17 Trojan-SMS[/B]
Jiangmin 13.0.900 2010.04.17 -
[B]Kaspersky 7.0.0.125 2010.04.17 Trojan-SMS.J2ME.Konov.v[/B]
McAfee 5.400.0.1158 2010.04.17 -
[B]McAfee-GW-Edition 6.8.5 2010.04.17 Java.Konov.O[/B]
Microsoft 1.5605 2010.04.17 -
NOD32 5035 2010.04.16 -
Norman 6.04.11 2010.04.16 -
nProtect 2010-04-17.01 2010.04.17 -
Panda 10.0.2.7 2010.04.17 -
PCTools 7.0.3.5 2010.04.17 -
Prevx 3.0 2010.04.17 -
Rising 22.43.05.03 2010.04.17 -
Sophos 4.52.0 2010.04.17 -
Sunbelt 6187 2010.04.17 -
Symantec 20091.2.0.41 2010.04.17 -
TheHacker 6.5.2.0.263 2010.04.16 -
TrendMicro 9.120.0.1004 2010.04.15 -
VBA32 3.12.12.4 2010.04.15 -
ViRobot 2010.4.17.2282 2010.04.17 -
VirusBuster 5.0.27.0 2010.04.17 -
Additional information
File size: 5085 bytes
MD5...: cc077e417f5b48c80f66b315b54193aa
SHA1..: bf412ef404abb45b19b71e610ce05f245542e70d
SHA256: e8008244dcb96ffa024236be7dda61fd8feaf3676a3092583286517c90329622
ssdeep: 96:6FTiOURs9qVeiThylfHD5nRGpQ3/wRmODrBGTe/j5vd00vIOakxZW:6Z5Udei
TcJHlRGi/w0ODrkTyt1001W
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set[/QUOTE]
20.04.2010, 19:28
Юльча

Файл zbot.exe получен 2010.04.20 15:21:02 (UTC)
Результат: 8/41 (19.52%)

[QUOTE]Антивирус Версия Обновление Результат
[B]a-squared 4.5.0.50 2010.04.20 PWS.Win32!IK[/B]
AhnLab-V3 5.0.0.2 2010.04.20 -
[B]AntiVir 7.10.6.144 2010.04.20 TR/PSW.Zbot.75776.R[/B]
Antiy-AVL 2.0.3.7 2010.04.19 -
Authentium 5.2.0.5 2010.04.20 -
Avast 4.8.1351.0 2010.04.20 -
Avast5 5.0.332.0 2010.04.20 -
AVG 9.0.0.787 2010.04.20 -
BitDefender 7.2 2010.04.20 -
CAT-QuickHeal 10.00 2010.04.20 -
ClamAV 0.96.0.3-git 2010.04.20 -
Comodo 4653 2010.04.20 -
DrWeb 5.0.2.03300 2010.04.20 -
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7436 2010.04.20 -
F-Prot 4.5.1.85 2010.04.20 -
F-Secure 9.0.15370.0 2010.04.20 -
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.20 -
[B]Ikarus T3.1.1.80.0 2010.04.20 PWS.Win32[/B]
Jiangmin 13.0.900 2010.04.20 -
Kaspersky 7.0.0.125 2010.04.20 -
McAfee 5.400.0.1158 2010.04.20 -
[B]McAfee-GW-Edition 6.8.5 2010.04.20 Trojan.PSW.Zbot.75776.R
Microsoft 1.5703 2010.04.20 PWS:Win32/Zbot.gen!R[/B]
NOD32 5044 2010.04.20 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-20.01 2010.04.20 -
[B]Panda 10.0.2.7 2010.04.19 Suspicious file[/B]
PCTools 7.0.3.5 2010.04.20 -
[B]Prevx 3.0 2010.04.20 Medium Risk Malware[/B]
Rising 22.44.01.03 2010.04.20 -
[B]Sophos 4.52.0 2010.04.20 Mal/Generic-L[/B]
Sunbelt 6199 2010.04.20 -
Symantec 20091.2.0.41 2010.04.20 -
TheHacker 6.5.2.0.265 2010.04.20 -
TrendMicro 9.120.0.1004 2010.04.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.20 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.20 -[/QUOTE]

[url]http://www.virustotal.com/ru/analisis/06b2feca7c50a841391d27fb9cf17cfad8a2336ebf0980b098cbc714b5e7bfa0-1271776862[/url]
20.04.2010, 20:05
gjf

Нет повести печальнее на свете, чем повесть ТДЛа на планете....

File keygen.ex1 received on 2010.04.20 16:02:52 (UTC)
Result: 5/41 (12.2%)
[QUOTE]a-squared 4.5.0.50 2010.04.20 -
AhnLab-V3 5.0.0.2 2010.04.20 -
AntiVir 7.10.6.144 2010.04.20 -
Antiy-AVL 2.0.3.7 2010.04.19 -
Authentium 5.2.0.5 2010.04.20 -
Avast 4.8.1351.0 2010.04.20 -
Avast5 5.0.332.0 2010.04.20 -
AVG 9.0.0.787 2010.04.20 -
BitDefender 7.2 2010.04.20 -
CAT-QuickHeal 10.00 2010.04.20 -
ClamAV 0.96.0.3-git 2010.04.20 -
Comodo 4653 2010.04.20 -
[B]DrWeb 5.0.2.03300 2010.04.20 Trojan.DownLoad1.54489[/B]
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7436 2010.04.20 -
F-Prot 4.5.1.85 2010.04.20 -
F-Secure 9.0.15370.0 2010.04.20 -
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.20 -
Ikarus T3.1.1.80.0 2010.04.20 -
Jiangmin 13.0.900 2010.04.20 -
[B]Kaspersky 7.0.0.125 2010.04.20 Trojan-Dropper.Win32.TDSS.bs[/B]
McAfee 5.400.0.1158 2010.04.20 -
McAfee-GW-Edition 6.8.5 2010.04.20 -
Microsoft 1.5703 2010.04.20 -
[B]NOD32 5044 2010.04.20 Win32/Olmarik.SC[/B]
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-20.01 2010.04.20 -
Panda 10.0.2.7 2010.04.19 -
PCTools 7.0.3.5 2010.04.20 -
[B]Prevx 3.0 2010.04.20 Medium Risk Malware[/B]
Rising 22.44.01.03 2010.04.20 -
Sophos 4.52.0 2010.04.20 -
Sunbelt 6199 2010.04.20 -
[B]Symantec 20091.2.0.41 2010.04.20 Backdoor.Tidserv[/B]
TheHacker 6.5.2.0.265 2010.04.20 -
TrendMicro 9.120.0.1004 2010.04.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.20 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.20 -[/QUOTE]

[url]http://www.virustotal.com/analisis/037b16fd36c985d4ac1123c99743383af6de70dcbc4640ffe25d4a7d47a22eb9-1271779372[/url]
21.04.2010, 11:14
Nexus

На одном из местных форумов раскидывали под видом безобидных программ.

File Tero.rar received on 2010.04.21 06:54:48 (UTC)
[quote]a-squared 4.5.0.50 2010.04.21 -
AhnLab-V3 5.0.0.2 2010.04.21 -
[B]AntiVir 7.10.6.145 2010.04.20 TR/Agent.568320[/B]
Antiy-AVL 2.0.3.7 2010.04.21 -
Authentium 5.2.0.5 2010.04.21 -
Avast 4.8.1351.0 2010.04.20 -
Avast5 5.0.332.0 2010.04.20 -
AVG 9.0.0.787 2010.04.21 -
BitDefender 7.2 2010.04.21 -
CAT-QuickHeal 10.00 2010.04.21 -
ClamAV 0.96.0.3-git 2010.04.21 -
Comodo 4656 2010.04.21 -
DrWeb 5.0.2.03300 2010.04.21 -
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7439 2010.04.21 -
F-Prot 4.5.1.85 2010.04.20 -
F-Secure 9.0.15370.0 2010.04.21 -
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.21 -
Ikarus T3.1.1.80.0 2010.04.21 -
Jiangmin 13.0.900 2010.04.20 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.04.21 -
McAfee 5.400.0.1158 2010.04.21 -
McAfee+Artemis 5937 2010.03.31 -
[B]McAfee-GW-Edition 6.8.5 2010.04.20 Trojan.Agent.568320[/B]
Microsoft 1.5703 2010.04.21 -
NOD32 5045 2010.04.20 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-20.01 2010.04.20 -
Panda 10.0.2.7 2010.04.20 -
PCTools 7.0.3.5 2010.04.21 -
Rising 22.44.02.04 2010.04.21 -
[B]Sophos 4.52.0 2010.04.21 Sus/Behav-269[/B]
Sunbelt 6202 2010.04.21 -
Symantec 20091.2.0.41 2010.04.21 -
TheHacker 6.5.2.0.265 2010.04.21 -
TrendMicro 9.120.0.1004 2010.04.21 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.21 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.20 -[/quote]

Additional information
File size: 215788 bytes
MD5...: c9e9104f6f3b7c727b2dd6b3167bab85

[url]http://www.virustotal.com/analisis/6f37a6fedecafe755e8ab87539d66a3d9dbaf47051b291c3990bbe6ce0777f55-1271832888[/url]

File Setup.exe received on 2010.04.21 07:06:03 (UTC)
[quote]a-squared 4.5.0.50 2010.04.21 -
AhnLab-V3 5.0.0.2 2010.04.21 -
[B]AntiVir 7.10.6.145 2010.04.20 TR/Agent.568320[/B]
Antiy-AVL 2.0.3.7 2010.04.21 -
Authentium 5.2.0.5 2010.04.21 -
Avast 4.8.1351.0 2010.04.20 -
Avast5 5.0.332.0 2010.04.20 -
AVG 9.0.0.787 2010.04.21 -
BitDefender 7.2 2010.04.21 -
CAT-QuickHeal 10.00 2010.04.21 -
ClamAV 0.96.0.3-git 2010.04.21 -
Comodo 4656 2010.04.21 -
DrWeb 5.0.2.03300 2010.04.21 -
eSafe 7.0.17.0 2010.04.18 -
[B]eTrust-Vet 35.2.7439 2010.04.21 Win32/ASuspect.HDCDS[/B]
F-Prot 4.5.1.85 2010.04.20 -
F-Secure 9.0.15370.0 2010.04.21 -
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.21 -
Ikarus T3.1.1.80.0 2010.04.21 -
Jiangmin 13.0.900 2010.04.20 -
Kaspersky 7.0.0.125 2010.04.21 -
McAfee 5.400.0.1158 2010.04.21 -
[B]McAfee-GW-Edition 6.8.5 2010.04.20 Trojan.Agent.568320[/B]
Microsoft 1.5703 2010.04.21 -
NOD32 5045 2010.04.20 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-20.01 2010.04.20 -
Panda 10.0.2.7 2010.04.20 -
PCTools 7.0.3.5 2010.04.21 -
Prevx 3.0 2010.04.21 -
Rising 22.44.02.04 2010.04.21 -
[B]Sophos 4.52.0 2010.04.21 Sus/Behav-269[/B]
Sunbelt 6202 2010.04.21 -
Symantec 20091.2.0.41 2010.04.21 -
TheHacker 6.5.2.0.265 2010.04.21 -
TrendMicro 9.120.0.1004 2010.04.21 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.21 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.20 -[/quote]

Additional information
File size: 568320 bytes
MD5...: b1215d5f68767171e467de018e3c5a18

[url]http://www.virustotal.com/analisis/ae761b9c8f5bcca93903ca3e2074e23286088773d00b6917031259058fa34d6b-1271833563[/url]
21.04.2010, 18:15
Erekle

Файл F0CD0B3E00F90FD9F070022BB07F4400C0E4A1EC.exe получен 2010.04.21 01:31:08 (UTC)
Результат: 6/40 (15.00%)
[QUOTE]a-squared 4.5.0.50 2010.04.21 -
AhnLab-V3 5.0.0.2 2010.04.20 -
AntiVir 7.10.6.145 2010.04.20 -
Antiy-AVL 2.0.3.7 2010.04.19 -
[B]Authentium 5.2.0.5 2010.04.20 W32/Zegost.A.gen!Eldorado[/B]
Avast 4.8.1351.0 2010.04.20 -
Avast5 5.0.332.0 2010.04.20 -
AVG 9.0.0.787 2010.04.21 -
BitDefender 7.2 2010.04.21 -
CAT-QuickHeal 10.00 2010.04.20 -
ClamAV 0.96.0.3-git 2010.04.20 -
Comodo 4656 2010.04.21 -
[B]DrWeb 5.0.2.03300 2010.04.21 Trojan.Baijin.origin[/B]
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7436 2010.04.20 -
[B]F-Prot 4.5.1.85 2010.04.20 W32/Zegost.A.gen!Eldorado
F-Secure 9.0.15370.0 2010.04.21 Backdoor:W32/Agent.DIUY[/B]
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.21 -
Ikarus T3.1.1.80.0 2010.04.21 -
Jiangmin 13.0.900 2010.04.20 -
Kaspersky 7.0.0.125 2010.04.21 -
McAfee 5.400.0.1158 2010.04.21 -
McAfee-GW-Edition 6.8.5 2010.04.20 -
Microsoft 1.5703 2010.04.20 -
NOD32 5045 2010.04.20 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-20.01 2010.04.20 -
[B]Panda 10.0.2.7 2010.04.20 Suspicious file[/B]
PCTools 7.0.3.5 2010.04.21 -
Prevx 3.0 2010.04.21 -
Rising 22.44.01.03 2010.04.20 -
Sophos 4.52.0 2010.04.21 -
Sunbelt 6201 2010.04.21 -
Symantec 20091.2.0.41 2010.04.21 -
TheHacker 6.5.2.0.265 2010.04.20 -
[B]TrendMicro 9.120.0.1004 2010.04.20 BKDR_ZEGOST.SMF[/B]
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.20 -[/QUOTE]
Дополнительная информация
File size: 192512 bytes
MD5 : 7184aa1a4c5bcb70ed7b9f03c4022643
SHA1 : 726613609b33f52fddd8c7c7cb54bc753d7947d0
SHA256: 678815d2253ff0a508146ed72684dce6645f860f4d323b8652a08f327774ebb8
[url]http://www.virustotal.com/ru/analisis/678815d2253ff0a508146ed72684dce6645f860f4d323b8652a08f327774ebb8-1271813468[/url]

Файл anitsvstart.vll получен 2010.04.20 11:03:07 (UTC)
Результат: 15/40 (37.50%)
[QUOTE][B]a-squared 4.5.0.50 2010.04.20 Win32.SuspectCrc!IK[/B]
AhnLab-V3 5.0.0.2 2010.04.20 -
[B]AntiVir 7.10.6.142 2010.04.20 HEUR/Malware[/B]
Antiy-AVL 2.0.3.7 2010.04.19 -
Authentium 5.2.0.5 2010.04.20 -
Avast 4.8.1351.0 2010.04.19 -
Avast5 5.0.332.0 2010.04.19 -
AVG 9.0.0.787 2010.04.20 -
[B]BitDefender 7.2 2010.04.20 DeepScan:Generic.Peed.A4838A1A[/B]
CAT-QuickHeal 10.00 2010.04.20 -
ClamAV 0.96.0.3-git 2010.04.20 -
[B]Comodo 4652 2010.04.20 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.04.20 Trojan.DownLoader1.5889[/B]
eSafe 7.0.17.0 2010.04.18 -
[B]eTrust-Vet 35.2.7436 2010.04.20 Win32/Etap[/B]
F-Prot 4.5.1.85 2010.04.20 -
[B]F-Secure 9.0.15370.0 2010.04.20 DeepScan:Generic.Peed.A4838A1A[/B]
Fortinet 4.0.14.0 2010.04.18 -
[B]GData 19 2010.04.20 DeepScan:Generic.Peed.A4838A1A
Ikarus T3.1.1.80.0 2010.04.20 Win32.SuspectCrc[/B]
Jiangmin 13.0.900 2010.04.20 -
[B]Kaspersky 7.0.0.125 2010.04.20 Trojan-Downloader.Win32.Agent.dljj[/B]
McAfee 5.400.0.1158 2010.04.20 -
[B]McAfee-GW-Edition 6.8.5 2010.04.20 Heuristic.Malware[/B]
Microsoft 1.5703 2010.04.20 -
NOD32 5043 2010.04.20 -
[B]Norman 6.04.11 2010.04.20 W32/Redosdru.LS[/B]
nProtect 2010-04-20.01 2010.04.20 -
[B]Panda 10.0.2.7 2010.04.19 Trj/CI.A[/B]
PCTools 7.0.3.5 2010.04.20 -
Prevx 3.0 2010.04.20 -
Rising 22.44.01.03 2010.04.20 -
[B]Sophos 4.52.0 2010.04.20 Sus/UnkPack-C[/B]
Sunbelt 6199 2010.04.20 -
Symantec 20091.2.0.41 2010.04.20 -
TheHacker 6.5.2.0.265 2010.04.19 -
[B]TrendMicro 9.120.0.1004 2010.04.20 TROJ_REDOSDRU.BR[/B]
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.19 -[/QUOTE]
Дополнительная информация
File size: 151576 bytes
MD5 : 077cfb5a729108364ac4e25d2741f603
SHA1 : 2b852569c73060f6ba1bbd45d4a7eb83e828e033
SHA256: 183c7469d2f6b0da959c16772ebc3c94b992e330adc67f4e918e7fa75e9beb46
[url]http://www.virustotal.com/ru/analisis/183c7469d2f6b0da959c16772ebc3c94b992e330adc67f4e918e7fa75e9beb46-1271761387[/url]

Файл tcpz-x86d.sys- получен 2010.04.10 10:24:10 (UTC)
Результат: 17/39 (43.59%)
[QUOTE][B]a-squared 4.5.0.50 2010.04.10 Trojan-Dropper.Agent!IK[/B]
AhnLab-V3 5.0.0.2 2010.04.10 -
AntiVir 7.10.6.55 2010.04.09 -
[B]Antiy-AVL 2.0.3.7 2010.04.09 Backdoor/Win32.Agent.gen[/B]
Authentium 5.2.0.5 2010.04.09 -
Avast 4.8.1351.0 2010.04.09 -
[B]Avast5 5.0.332.0 2010.04.09 Win32:Tcpz-C
AVG 9.0.0.787 2010.04.10 BackDoor.Agent.ADTM[/B]
BitDefender 7.2 2010.04.10 -
[B]CAT-QuickHeal 10.00 2010.04.10 Trojan.Agent.gen[/B]
ClamAV 0.96.0.3-git 2010.04.10 -
[B]Comodo 4553 2010.04.10 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.04.10 Tool.TcpZ[/B]
eSafe 7.0.17.0 2010.04.08 -
[B]eTrust-Vet 35.2.7418 2010.04.09 Win32/FakeAV.CEH[/B]
F-Prot 4.5.1.85 2010.04.09 -
F-Secure 9.0.15370.0 2010.04.10 -
Fortinet 4.0.14.0 2010.04.10 -
GData 19 2010.04.10 -
[B]Ikarus T3.1.1.80.0 2010.04.10 Trojan-Dropper.Agent[/B]
Jiangmin 13.0.900 2010.04.10 -
Kaspersky 7.0.0.125 2010.04.10 -
McAfee-GW-Edition 6.8.5 2010.04.09 -
Microsoft 1.5605 2010.04.10 -
[B]NOD32 5014 2010.04.09 Win32/TCPZ.D
Norman 6.04.11 2010.04.10 W32/Suspicious_Gen2.VDAL
nProtect 2009.1.8.0 2010.04.06 Backdoor/W32.Agent.12136[/B]
Panda 10.0.2.2 2010.04.09 -
[B]PCTools 7.0.3.5 2010.04.10 Hacktool.Rootkit
Prevx 3.0 2010.04.10 High Risk Rootkit[/B]
Rising 22.42.04.03 2010.04.09 -
[B]Sophos 4.52.0 2010.04.10 TCP-Z TCP Patch and Monitor
Sunbelt 6160 2010.04.10 Hacktool.Rootkit
Symantec 20091.2.0.41 2010.04.10 Hacktool.Rootkit[/B]
TheHacker 6.5.2.0.259 2010.04.10 -
TrendMicro 9.120.0.1004 2010.04.10 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.10.2270 2010.04.10 -
VirusBuster 5.0.27.0 2010.04.09 -[/QUOTE]
Дополнительная информация
File size: 12136 bytes
MD5 : 1d1e2ac3195b7d199337557ca9ab84cf
SHA1 : 1ac8d3db5647b3bcba39c3b48a647207d4651be7
SHA256: 04b2e94cb8b232b6ecd37604c234d812a086f2aa94f12578f255eacaa1d4fb8d
[url]http://www.virustotal.com/ru/analisis/04b2e94cb8b232b6ecd37604c234d812a086f2aa94f12578f255eacaa1d4fb8d-1270895050[/url]

Файл A16.exe получен 2010.04.21 13:38:54 (UTC)
Результат: 7/42 (16.67%)
[QUOTE][B]a-squared 4.5.0.50 2010.04.21 Backdoor.Win32.SdBot!IK[/B]
AhnLab-V3 5.0.0.2 2010.04.21 -
AntiVir 7.10.6.149 2010.04.21 -
[B]Antiy-AVL 2.0.3.7 2010.04.21 Trojan/Win32.Agent.gen
Authentium 5.2.0.5 2010.04.21 W32/Damaged_File.gen!Eldorado[/B]
Avast 4.8.1351.0 2010.04.21 -
Avast5 5.0.332.0 2010.04.21 -
[B]AVG 9.0.0.787 2010.04.21 SHeur3.SHH[/B]
BitDefender 7.2 2010.04.21 -
CAT-QuickHeal 10.00 2010.04.21 -
ClamAV 0.96.0.3-git 2010.04.21 -
Comodo 4657 2010.04.21 -
DrWeb 5.0.2.03300 2010.04.21 -
eSafe 7.0.17.0 2010.04.21 -
eTrust-Vet 35.2.7439 2010.04.21 -
[B]F-Prot 4.5.1.85 2010.04.21 W32/Damaged_File.gen!Eldorado
F-Secure 9.0.15370.0 2010.04.21 Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.0.14.0 2010.04.21 -
GData 21 2010.04.21 -
[B]Ikarus T3.1.1.80.0 2010.04.21 Backdoor.Win32.SdBot[/B]
Jiangmin 13.0.900 2010.04.20 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.04.21 -
McAfee 5.400.0.1158 2010.04.21 -
McAfee+Artemis 5937 2010.03.31 -
McAfee-GW-Edition 6.8.5 2010.04.21 -
Microsoft 1.5703 2010.04.21 -
NOD32 5047 2010.04.21 -
Norman 6.04.11 2010.04.21 -
nProtect 2010-04-21.01 2010.04.21 -
Panda 10.0.2.7 2010.04.20 -
PCTools 7.0.3.5 2010.04.21 -
Rising 22.44.02.05 2010.04.21 -
Sophos 4.52.0 2010.04.21 -
Sunbelt 6203 2010.04.21 -
Symantec 20091.2.0.41 2010.04.21 -
TheHacker 6.5.2.0.266 2010.04.21 -
TrendMicro 9.120.0.1004 2010.04.21 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.21 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.21.2288 2010.04.21 -
VirusBuster 5.0.27.0 2010.04.21 -[/QUOTE]
Дополнительная информация
File size: 90112 bytes
MD5...: 51d17c04411919860110dab16996f96a
SHA1..: 1e820785f7736841c8130f8574382be93e5a09d3
SHA256: 68079ce67e9cc5e0442d43c0be0cb2781eb75a71c3afbded9ae16b6d361d7a22
[url]http://www.virustotal.com/ru/analisis/68079ce67e9cc5e0442d43c0be0cb2781eb75a71c3afbded9ae16b6d361d7a22-1271857134[/url]

Файл bbdydmz.vll получен 2010.04.20 12:12:54 (UTC)
Результат: 12/40 (30.00%)
[QUOTE][B]a-squared 4.5.0.50 2010.04.20 Backdoor.Win32.PcClient!IK[/B]
AhnLab-V3 5.0.0.2 2010.04.20 -
AntiVir 7.10.6.142 2010.04.20 -
Antiy-AVL 2.0.3.7 2010.04.19 -
Authentium 5.2.0.5 2010.04.20 -
[B]Avast 4.8.1351.0 2010.04.20 Win32:Agent-EPC
Avast5 5.0.332.0 2010.04.20 Win32:Agent-EPC[/B]
AVG 9.0.0.787 2010.04.20 -
BitDefender 7.2 2010.04.20 -
CAT-QuickHeal 10.00 2010.04.20 -
ClamAV 0.96.0.3-git 2010.04.20 -
[B]Comodo 4652 2010.04.20 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.04.20 DLOADER.Trojan[/B]
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7436 2010.04.20 -
F-Prot 4.5.1.85 2010.04.20 -
F-Secure 9.0.15370.0 2010.04.20 -
Fortinet 4.0.14.0 2010.04.20 -
[B]GData 19 2010.04.20 Win32:Agent-EPC
Ikarus T3.1.1.80.0 2010.04.20 Backdoor.Win32.PcClient[/B]
Jiangmin 13.0.900 2010.04.20 -
Kaspersky 7.0.0.125 2010.04.20 -
McAfee 5.400.0.1158 2010.04.20 -
McAfee-GW-Edition 6.8.5 2010.04.20 -
Microsoft 1.5703 2010.04.20 -
NOD32 5043 2010.04.20 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-20.01 2010.04.20 -
[B]Panda 10.0.2.7 2010.04.19 Suspicious file
PCTools 7.0.3.5 2010.04.20 Trojan.Conficker.c.gen
Prevx 3.0 2010.04.20 High Risk Cloaked Malware[/B]
Rising 22.44.01.03 2010.04.20 -
[B]Sophos 4.52.0 2010.04.20 Mal/Behav-001[/B]
Sunbelt 6199 2010.04.20 -
Symantec 20091.2.0.41 2010.04.20 -
TheHacker 6.5.2.0.265 2010.04.19 -
TrendMicro 9.120.0.1004 2010.04.20 -
[B]VBA32 3.12.12.4 2010.04.19 suspected of Malware.Agent.22[/B]
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.19 -[/QUOTE]
Дополнительная информация
File size: 103936 bytes
MD5 : 31a0613ef9e8a63bdd3d5d4528e6142c
SHA1 : 0299d263c94b7c3db8d0bd71833f965280b4b976
SHA256: c132415d1f6aeabd34763225efa746e2eddc87b863e1e5316691be734f1dbca9
[url]http://www.virustotal.com/ru/analisis/c132415d1f6aeabd34763225efa746e2eddc87b863e1e5316691be734f1dbca9-1271765574[/url]

Файл 700531.exe1 получен 2010.04.21 13:22:57 (UTC)
Результат: 20/40 (50.00%)
[QUOTE][B]a-squared 4.5.0.50 2010.04.21 Win32.SuspectCrc!IK[/B]
AhnLab-V3 5.0.0.2 2010.04.21 -
AntiVir 7.10.6.149 2010.04.21 -
[B]Antiy-AVL 2.0.3.7 2010.04.21 Trojan/Win32.heuristic[/B]
Authentium 5.2.0.5 2010.04.21 -
Avast 4.8.1351.0 2010.04.21 -
Avast5 5.0.332.0 2010.04.21 -
[B]AVG 9.0.0.787 2010.04.21 Win32/CryptExe
BitDefender 7.2 2010.04.21 DeepScan:Generic.Rincux2.1D125CC4
CAT-QuickHeal 10.00 2010.04.21 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.04.21 -
[B]Comodo 4656 2010.04.21 Heur.Pck.EXECryptor
DrWeb 5.0.2.03300 2010.04.21 Win32.HLLP.DDoS[/B]
eSafe 7.0.17.0 2010.04.21 -
eTrust-Vet 35.2.7439 2010.04.21 -
F-Prot 4.5.1.85 2010.04.21 -
[B]F-Secure 9.0.15370.0 2010.04.21 DeepScan:Generic.Rincux2.1D125CC4[/B]
Fortinet 4.0.14.0 2010.04.21 -
[B]GData 19 2010.04.21 DeepScan:Generic.Rincux2.1D125CC4
Ikarus T3.1.1.80.0 2010.04.21 Win32.SuspectCrc[/B]
Jiangmin 13.0.900 2010.04.20 -
[B]Kaspersky 7.0.0.125 2010.04.21 Heur.Trojan.Generic
McAfee 5.400.0.1158 2010.04.21 Generic.dx!rwd
McAfee-GW-Edition 6.8.5 2010.04.21 Heuristic.LooksLike.Win32.SuspiciousPE.C[/B]
Microsoft 1.5703 2010.04.21 -
NOD32 5047 2010.04.21 -
Norman 6.04.11 2010.04.21 -
nProtect 2010-04-21.01 2010.04.21 -
[B]Panda 10.0.2.7 2010.04.20 Trj/CI.A
PCTools 7.0.3.5 2010.04.21 Trojan.Panddos
Prevx 3.0 2010.04.21 High Risk Cloaked Malware[/B]
Rising 22.44.02.05 2010.04.21 -
[B]Sophos 4.52.0 2010.04.21 Sus/Dropper-A[/B]
Sunbelt 6203 2010.04.21 -
[B]Symantec 20091.2.0.41 2010.04.21 Trojan.Panddos[/B]
TheHacker 6.5.2.0.266 2010.04.21 -
TrendMicro 9.120.0.1004 2010.04.21 -
[B]VBA32 3.12.12.4 2010.04.19 suspected of Embedded.Trojan.Win32.Scar.babq[/B]
ViRobot 2010.4.21.2288 2010.04.21 -
[B]VirusBuster 5.0.27.0 2010.04.21 Packed/Execryptor[/B][/QUOTE]
Дополнительная информация
File size: 292428 bytes
MD5 : 657dd12404df9afb9f520a22f831c2ae
SHA1 : e8f9273c4a941c8a8ddff4fa50551476944ec528
SHA256: 5c83f88730d4e6320be3d31d5f6dc339edd93d7e227551ff5245a025491105f9
[url]http://www.virustotal.com/ru/analisis/5c83f88730d4e6320be3d31d5f6dc339edd93d7e227551ff5245a025491105f9-1271856177[/url]

Файл 5E68ED8600F01A5A2CF00089A30BB40055799196.exe получен 2010.04.19 17:06:50 (UTC)
Результат: 1/40 (2.50%)
[QUOTE]a-squared 4.5.0.50 2010.04.19 -
AhnLab-V3 5.0.0.2 2010.04.19 -
AntiVir 7.10.6.121 2010.04.19 -
Antiy-AVL 2.0.3.7 2010.04.19 -
Authentium 5.2.0.5 2010.04.16 -
Avast 4.8.1351.0 2010.04.19 -
Avast5 5.0.332.0 2010.04.19 -
AVG 9.0.0.787 2010.04.19 -
BitDefender 7.2 2010.04.19 -
CAT-QuickHeal 10.00 2010.04.19 -
ClamAV 0.96.0.3-git 2010.04.19 -
Comodo 4645 2010.04.19 -
DrWeb 5.0.2.03300 2010.04.19 -
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7434 2010.04.19 -
F-Prot 4.5.1.85 2010.04.19 -
F-Secure 9.0.15370.0 2010.04.19 -
Fortinet 4.0.14.0 2010.04.18 -
GData 19 2010.04.19 -
Ikarus T3.1.1.80.0 2010.04.19 -
Jiangmin 13.0.900 2010.04.19 -
Kaspersky 7.0.0.125 2010.04.19 -
McAfee 5.400.0.1158 2010.04.19 -
McAfee-GW-Edition 6.8.5 2010.04.19 -
Microsoft 1.5605 2010.04.19 -
NOD32 5041 2010.04.19 -
Norman 6.04.11 2010.04.19 -
nProtect 2010-04-19.01 2010.04.19 -
Panda 10.0.2.7 2010.04.19 -
PCTools 7.0.3.5 2010.04.19 -
[B]Prevx 3.0 2010.04.19 High Risk Banking Info Stealer[/B]
Rising 22.44.00.04 2010.04.19 -
Sophos 4.52.0 2010.04.19 -
Sunbelt 6195 2010.04.19 -
Symantec 20091.2.0.41 2010.04.19 -
TheHacker 6.5.2.0.264 2010.04.19 -
TrendMicro 9.120.0.1004 2010.04.19 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2283 2010.04.19 -
VirusBuster 5.0.27.0 2010.04.19 -[/QUOTE]
Дополнительная информация
File size: 11264 bytes
MD5 : b0bafb22df88aee92941859d2f29a5d0
SHA1 : f508d9c94245ee791257036d52a57beebdfc9c0a
SHA256: 1dfb18b73ce42af605c1ea3aa44f4b5138bf382c6be9d6a060a52d94e25d213d
[url]http://www.virustotal.com/ru/analisis/1dfb18b73ce42af605c1ea3aa44f4b5138bf382c6be9d6a060a52d94e25d213d-1271696810[/url]
22.04.2010, 06:13
amcenter

File CSLook.exe received on 2010.04.22 01:59:46 (UTC)
Result: [b]16/41[/b] (39.03%)

[QUOTE]
[b]a-squared 4.5.0.50 2010.04.22 Win32.Neshta!IK[/b]
AhnLab-V3 5.0.0.2 2010.04.22 -
[b]AntiVir 7.10.6.169 2010.04.21 W32/Neshta.a[/b]
Antiy-AVL 2.0.3.7 2010.04.21 -
Authentium 5.2.0.5 2010.04.22 -
[b]Avast 4.8.1351.0 2010.04.21 Win32:Neshta[/b]
[b]Avast5 5.0.332.0 2010.04.21 Win32:Neshta[/b]
[b]AVG 9.0.0.787 2010.04.21 Win32/Neshta.A[/b]
BitDefender 7.2 2010.04.22 -
CAT-QuickHeal 10.00 2010.04.21 -
ClamAV 0.96.0.3-git 2010.04.21 -
[b]Comodo 4662 2010.04.22 Virus.Win32.Neshta.a1[/b]
DrWeb 5.0.2.03300 2010.04.22 -
[b]eSafe 7.0.17.0 2010.04.21 Win32.Neshta.A[/b]
eTrust-Vet 35.2.7442 2010.04.21 -
F-Prot 4.5.1.85 2010.04.21 -
F-Secure 9.0.15370.0 2010.04.21 -
[b]Fortinet 4.0.14.0 2010.04.21 PossibleThreat[/b]
[b]GData 21 2010.04.22 Win32:Neshta[/b]
[b]Ikarus T3.1.1.80.0 2010.04.22 Win32.Neshta[/b]
Jiangmin 13.0.900 2010.04.20 -
Kaspersky 7.0.0.125 2010.04.22 -
McAfee 5.400.0.1158 2010.04.22 -
[b]McAfee-GW-Edition 6.8.5 2010.04.21 Win32.Neshta.a[/b]
Microsoft 1.5703 2010.04.21 -
NOD32 5048 2010.04.21 -
Norman 6.04.11 2010.04.21 -
nProtect 2010-04-21.01 2010.04.21 -
[b]Panda 10.0.2.7 2010.04.21 Suspicious file[/b]
[b]PCTools 7.0.3.5 2010.04.22 Win32.Neshta.B[/b]
Prevx 3.0 2010.04.22 -
Rising 22.44.03.01 2010.04.22 -
Sophos 4.53.0 2010.04.22 -
[b]Sunbelt 6205 2010.04.22 Virus.Win32.Neshta.Gen.3 (fs)[/b]
[b]Symantec 20091.2.0.41 2010.04.22 W32.Neshuta[/b]
TheHacker 6.5.2.0.266 2010.04.21 -
TrendMicro 9.120.0.1004 2010.04.21 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.22 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.21.2288 2010.04.22 -
[b]VirusBuster 5.0.27.0 2010.04.21 Win32.Neshta.B[/b]
[/QUOTE]
Additional information
File size: 4021248 bytes
MD5...: b0642d29c9ceac81c40fb5a2b21e9f03
SHA1..: 4b258daca65ebcf72980633871cc9030f2e5df7c
SHA256: 609814655edda2938c96c45d3504cfa33cce0b043bd251fd9bb912d229ab3f02
ssdeep: 98304:Zyt5pBpppppppxqppqxqpqCppppppppppxpFpppppppBpCpp6qq:E
PEiD..: -
[url]http://www.virustotal.com/analisis/609814655edda2938c96c45d3504cfa33cce0b043bd251fd9bb912d229ab3f02-1271901586[/url]
22.04.2010, 14:11
SyperVirus

MD5: 341c13c8f52bca5a6ffc1338b7ed851d

Антивирус Версия Обновление Результат
a-squared 4.5.0.43 2009.12.25 -
AhnLab-V3 5.0.0.2 2009.12.24 -
AntiVir 7.9.1.122 2009.12.24 -
Antiy-AVL 2.0.3.7 2009.12.25 -
Authentium 5.2.0.5 2009.12.25 -
Avast 4.8.1351.0 2009.12.25 -
AVG 8.5.0.430 2009.12.25 -
BitDefender 7.2 2009.12.25 -
CAT-QuickHeal 10.00 2009.12.24 -
ClamAV 0.94.1 2009.12.25 -
Comodo 3363 2009.12.25 -
DrWeb 5.0.1.12222 2009.12.25 -
eSafe 7.0.17.0 2009.12.24 -
eTrust-Vet 35.1.7197 2009.12.25 -
F-Prot 4.5.1.85 2009.12.25 -
F-Secure 9.0.15370.0 2009.12.25 -
Fortinet 4.0.14.0 2009.12.25 -
GData 19 2009.12.25 -
Ikarus T3.1.1.79.0 2009.12.25 -
Jiangmin 13.0.900 2009.12.25 -
K7AntiVirus 7.10.929 2009.12.24 -
Kaspersky 7.0.0.125 2009.12.25 -
McAfee 5842 2009.12.24 -
McAfee+Artemis 5842 2009.12.24 -
McAfee-GW-Edition 6.8.5 2009.12.25 -
Microsoft 1.5302 2009.12.25 -
NOD32 4716 2009.12.25 -
Norman 6.04.03 2009.12.24 -
nProtect 2009.1.8.0 2009.12.24 -
Panda 10.0.2.2 2009.12.15 -
PCTools 7.0.3.5 2009.12.25 -
Prevx 3.0 2009.12.25 -
Rising 22.27.04.04 2009.12.25 -
Sophos 4.49.0 2009.12.25 -
Sunbelt 3.2.1858.2 2009.12.24 -
Symantec 1.4.4.12 2009.12.25 -
TheHacker 6.5.0.3.110 2009.12.24 -
TrendMicro 9.120.0.1004 2009.12.25 PAK_Generic.001
VBA32 3.12.12.0 2009.12.25 -
ViRobot 2009.12.24.2107 2009.12.24 -
VirusBuster 5.0.21.0 2009.12.25 -
24.04.2010, 03:54
Erekle

Файл 7CF7E372000A5AF206880399B31467009D1D8CC2.dll [I][acpi24.dll][/I] получен 2010.04.21 09:53:27 (UTC)
Результат: 11/42 (26.19%)
[QUOTE][B]a-squared 4.5.0.50 2010.04.21 Trojan-Dropper.Agent!IK[/B]
AhnLab-V3 5.0.0.2 2010.04.21 -
AntiVir 7.10.6.147 2010.04.21 -
Antiy-AVL 2.0.3.7 2010.04.21 -
[B]Authentium 5.2.0.5 2010.04.21 W32/Mepaow.A.gen!Eldorado[/B]
Avast 4.8.1351.0 2010.04.21 -
Avast5 5.0.332.0 2010.04.21 -
[B]AVG 9.0.0.787 2010.04.21 Generic17.BDSX[/B]
BitDefender 7.2 2010.04.21 -
CAT-QuickHeal 10.00 2010.04.21 -
ClamAV 0.96.0.3-git 2010.04.21 -
Comodo 4656 2010.04.21 -
[B]DrWeb 5.0.2.03300 2010.04.21 DDoS.origin[/B]
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7439 2010.04.21 -
[B]F-Prot 4.5.1.85 2010.04.20 W32/Mepaow.A.gen!Eldorado[/B]
F-Secure 9.0.15370.0 2010.04.21 -
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.21 -
[B]Ikarus T3.1.1.80.0 2010.04.21 Trojan-Dropper.Agent[/B]
Jiangmin 13.0.900 2010.04.20 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.04.21 -
McAfee 5.400.0.1158 2010.04.21 -
McAfee+Artemis 5937 2010.03.31 -
[B]McAfee-GW-Edition 6.8.5 2010.04.21 Heuristic.BehavesLike.Win32.CodeInjection.L
Microsoft 1.5703 2010.04.21 Trojan:Win32/Boupke.gen!A[/B]
NOD32 5046 2010.04.21 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-21.01 2010.04.21 -
Panda 10.0.2.7 2010.04.20 -
PCTools 7.0.3.5 2010.04.21 -
[B]Prevx 3.0 2010.04.21 High Risk Cloaked Malware[/B]
Rising 22.44.02.05 2010.04.21 -
[B]Sophos 4.52.0 2010.04.21 Sus/Behav-1012
Sunbelt 6203 2010.04.21 Trojan.Win32.Generic!BT[/B]
Symantec 20091.2.0.41 2010.04.21 -
TheHacker 6.5.2.0.265 2010.04.21 -
TrendMicro 9.120.0.1004 2010.04.21 -
VBA32 3.12.12.4 2010.04.19 -
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.21 -[/QUOTE]
Дополнительная информация
File size: 198144 bytes
MD5 : 75795790277268d6602a3e538254ac51
SHA1 : 845c198e7dda25bc03514b430e6694a673d0bcaa
SHA256: 0512d71364ad551deea89e94c39b15a7daf9c5a1b262be6fc0429502d444e3e1
[url]http://www.virustotal.com/ru/analisis/0512d71364ad551deea89e94c39b15a7daf9c5a1b262be6fc0429502d444e3e1-1271843607[/url]

[size="1"][color="#666686"][B][I]Добавлено через 5 часов 44 минуты[/I][/B][/color][/size]

Файл 14B603100023AF9EB033009761736100F2314A94.exe получен 2010.04.21 09:52:53 (UTC)
Результат: 1/40 (2.50%)
[QUOTE]a-squared 4.5.0.50 2010.04.21 -
AhnLab-V3 5.0.0.2 2010.04.21 -
AntiVir 7.10.6.147 2010.04.21 -
Antiy-AVL 2.0.3.7 2010.04.21 -
Authentium 5.2.0.5 2010.04.21 -
Avast 4.8.1351.0 2010.04.21 -
Avast5 5.0.332.0 2010.04.21 -
AVG 9.0.0.787 2010.04.21 -
BitDefender 7.2 2010.04.21 -
CAT-QuickHeal 10.00 2010.04.21 -
ClamAV 0.96.0.3-git 2010.04.21 -
Comodo 4656 2010.04.21 -
DrWeb 5.0.2.03300 2010.04.21 -
eSafe 7.0.17.0 2010.04.18 -
eTrust-Vet 35.2.7439 2010.04.21 -
F-Prot 4.5.1.85 2010.04.20 -
F-Secure 9.0.15370.0 2010.04.21 -
Fortinet 4.0.14.0 2010.04.20 -
GData 19 2010.04.21 -
Ikarus T3.1.1.80.0 2010.04.21 -
Jiangmin 13.0.900 2010.04.20 -
Kaspersky 7.0.0.125 2010.04.21 -
McAfee 5.400.0.1158 2010.04.21 -
McAfee-GW-Edition 6.8.5 2010.04.21 -
Microsoft 1.5703 2010.04.21 -
NOD32 5046 2010.04.21 -
Norman 6.04.11 2010.04.20 -
nProtect 2010-04-21.01 2010.04.21 -
Panda 10.0.2.7 2010.04.20 -
PCTools 7.0.3.5 2010.04.21 -
Prevx 3.0 2010.04.21 -
Rising 22.44.02.05 2010.04.21 -
Sophos 4.52.0 2010.04.21 -
Sunbelt 6203 2010.04.21 -
Symantec 20091.2.0.41 2010.04.21 -
TheHacker 6.5.2.0.265 2010.04.21 -
TrendMicro 9.120.0.1004 2010.04.21 -
[B]VBA32 3.12.12.4 2010.04.19 suspected of Win32.Trojan.Downloader ([url]http://.[/url]..)[/B]
ViRobot 2010.4.19.2284 2010.04.20 -
VirusBuster 5.0.27.0 2010.04.21 -[/QUOTE]
Дополнительная информация
File size: 45056 bytes
MD5 : 4c91f2dfc4e901cc1c97a2e8fd7aef52
SHA1 : b0e748429d8970d9bb12085381f831f82fc17e1d
SHA256: 55948827bb857828a7094c933009912551e0fbbf46b65782fadfd9cbef2d4f93
[url]http://www.virustotal.com/ru/analisis/55948827bb857828a7094c933009912551e0fbbf46b65782fadfd9cbef2d4f93-1271843573[/url]
29.04.2010, 21:26
Korvelle

Знакомый вернул флэшку.
File autorun.inf received on 2010.04.29 17:20:37 (UTC)
Result: 9/40 (22.5%)

Antivirus Version Last Update Result
[QUOTE][B]a-squared 4.5.0.50 2010.04.29 Virus.Worm.AutoRun!IK[/B]
AhnLab-V3 2010.04.29.05 2010.04.29 -
AntiVir 8.2.1.224 2010.04.29 -
Antiy-AVL 2.0.3.7 2010.04.29 -
Authentium 5.2.0.5 2010.04.29 -
Avast 4.8.1351.0 2010.04.29 -
Avast5 5.0.332.0 2010.04.29 -
[B]AVG 9.0.0.787 2010.04.29 Worm/AutoRun[/B]
BitDefender 7.2 2010.04.29 -
CAT-QuickHeal 10.00 2010.04.29 -
ClamAV 0.96.0.3-git 2010.04.29 -
Comodo 4711 2010.04.29 -
DrWeb 5.0.2.03300 2010.04.29 -
eSafe 7.0.17.0 2010.04.29 -
eTrust-Vet 35.2.7457 2010.04.29 -
F-Prot 4.5.1.85 2010.04.29 -
F-Secure 9.0.15370.0 2010.04.29 -
Fortinet 4.0.14.0 2010.04.27 -
GData 21 2010.04.29 -
[B]Ikarus T3.1.1.80.0 2010.04.29 Virus.Worm.AutoRun[/B]
Jiangmin 13.0.900 2010.04.29 -
Kaspersky 7.0.0.125 2010.04.29 -
[B]McAfee 5.400.0.1158 2010.04.29 Generic!atr.b[/B]
McAfee-GW-Edition 6.8.5 2010.04.29 -
Microsoft 1.5703 2010.04.29 -
NOD32 5072 2010.04.29 -
[B]Norman 6.04.12 2010.04.29 INF/Autorun.CX[/B]
nProtect 2010-04-29.01 2010.04.29 -
[B]Panda 10.0.2.7 2010.04.29 W32/P2Pworm.JW.worm[/B]
PCTools 7.0.3.5 2010.04.29 -
Rising 22.45.03.03 2010.04.29 -
[B]Sophos 4.53.0 2010.04.29 Mal/AutoInf-A[/B]
Sunbelt 6235 2010.04.28 -
Symantec 20091.2.0.41 2010.04.29 -
TheHacker 6.5.2.0.273 2010.04.29 -
[B]TrendMicro 9.120.0.1004 2010.04.29 Mal_Otorun1[/B]
[B]TrendMicro-HouseCall 9.120.0.1004 2010.04.29 Mal_Otorun1[/B]
VBA32 3.12.12.4 2010.04.29 -
ViRobot 2010.4.27.2295 2010.04.28 -
VirusBuster 5.0.27.0 2010.04.29 -[/QUOTE]
01.05.2010, 16:08
gjf

Продолжение печальной повести - новый TDL3: дроппер:
Файл keygen.ex1 получен 2010.05.01 04:41:11 (UTC)
Текущий статус: закончено
Результат: 17/40 (42.50%)
[QUOTE]a-squared 4.5.0.50 2010.05.01 -
AhnLab-V3 2010.05.01.00 2010.05.01 -
[B]AntiVir 8.2.1.224 2010.04.30 TR/Alureon.CT.1379[/B]
Antiy-AVL 2.0.3.7 2010.04.30 -
Authentium 5.2.0.5 2010.05.01 -
Avast 4.8.1351.0 2010.04.30 -
Avast5 5.0.332.0 2010.04.30 -
[B]AVG 9.0.0.787 2010.04.30 Generic17.BMCX[/B]
BitDefender 7.2 2010.05.01 -
CAT-QuickHeal 10.00 2010.04.29 -
ClamAV 0.96.0.3-git 2010.05.01 -
[B]Comodo 4725 2010.05.01 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.05.01 BackDoor.Tdss.2459[/B]
eSafe 7.0.17.0 2010.04.29 -
[B]eTrust-Vet 35.2.7462 2010.04.30 Win32/TDSS.B!generic[/B]
F-Prot 4.5.1.85 2010.04.30 -
[B]F-Secure 9.0.15370.0 2010.04.30 Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.0.14.0 2010.04.30 -
GData 21 2010.05.01 -
Ikarus T3.1.1.80.0 2010.04.30 -
Jiangmin 13.0.900 2010.04.29 -
[B]Kaspersky 7.0.0.125 2010.05.01 Trojan.Win32.TDSS.bcfd[/B]
McAfee 5.400.0.1158 2010.05.01 -
[B]McAfee-GW-Edition 6.8.5 2010.04.30 Trojan.Alureon.CT.1379
Microsoft 1.5703 2010.05.01 Trojan:Win32/Alureon.CT
NOD32 5076 2010.04.30 Win32/Olmarik.YJ[/B]
Norman 6.04.12 2010.04.30 -
nProtect 2010-04-30.01 2010.04.30 -
[B]Panda 10.0.2.7 2010.04.30 Suspicious file[/B]
PCTools 7.0.3.5 2010.05.01 -
[B]Prevx 3.0 2010.05.01 Medium Risk Malware[/B]
Rising 22.45.04.03 2010.04.30 -
[B]Sophos 4.53.0 2010.05.01 Sus/EncPk-OJ
Sunbelt 6245 2010.05.01 Trojan.Win32.Generic!BT[/B]
[B]Symantec 20091.2.0.41 2010.05.01 Backdoor.Tidserv[/B]
TheHacker 6.5.2.0.274 2010.04.30 -
[B]TrendMicro 9.120.0.1004 2010.04.30 BKDR_TDSS.SMC[/B]
VBA32 3.12.12.4 2010.04.30 -
ViRobot 2010.4.30.2297 2010.05.01 -
[B]VirusBuster 5.0.27.0 2010.04.30 Rootkit.Alureon.Gen.10[/B][/QUOTE]
[url]http://www.virustotal.com/ru/analisis/a85d73c849b7a192afc2b06e460edaff89e2656ea3cd9a7801733af518cbd5f5-1272688871[/url]

... и библа:

Файл tdlcmd.dll получен 2010.05.01 04:41:18 (UTC)
Текущий статус: закончено
Результат: 14/40 (35.00%)
[QUOTE][B]a-squared 4.5.0.50 2010.05.01 Virus.Win32.DNSChanger.VJ!IK[/B]
AhnLab-V3 2010.05.01.00 2010.05.01 -
[B]AntiVir 8.2.1.224 2010.04.30 TR/Agent.8704.76[/B]
Antiy-AVL 2.0.3.7 2010.04.30 -
[B]Authentium 5.2.0.5 2010.05.01 W32/AdAgent.Z.gen!Eldorado
Avast 4.8.1351.0 2010.04.30 Win32:DNSChanger-VJ
Avast5 5.0.332.0 2010.04.30 Win32:DNSChanger-VJ[/B]
AVG 9.0.0.787 2010.04.30 -
BitDefender 7.2 2010.05.01 -
CAT-QuickHeal 10.00 2010.04.29 -
ClamAV 0.96.0.3-git 2010.05.01 -
Comodo 4725 2010.05.01 -
[B]DrWeb 5.0.2.03300 2010.05.01 BackDoor.Tdss.origin[/B]
eSafe 7.0.17.0 2010.04.29 -
eTrust-Vet 35.2.7462 2010.04.30 -
[B]F-Prot 4.5.1.85 2010.04.30 W32/AdAgent.Z.gen!Eldorado[/B]
F-Secure 9.0.15370.0 2010.04.30 -
Fortinet 4.0.14.0 2010.04.30 -
[B]GData 21 2010.05.01 Win32:DNSChanger-VJ
Ikarus T3.1.1.80.0 2010.04.30 Virus.Win32.DNSChanger.VJ[/B]
Jiangmin 13.0.900 2010.04.29 -
Kaspersky 7.0.0.125 2010.05.01 -
McAfee 5.400.0.1158 2010.05.01 -
[B]McAfee-GW-Edition 6.8.5 2010.04.30 Heuristic.BehavesLike.Win32.Spyware.P
Microsoft 1.5703 2010.05.01 Trojan:Win32/Alureon.CT
NOD32 5076 2010.04.30 a variant of Win32/O[/B]lmarik.XU
Norman 6.04.12 2010.04.30 -
nProtect 2010-04-30.01 2010.04.30 -
Panda 10.0.2.7 2010.04.30 -
PCTools 7.0.3.5 2010.05.01 -
Prevx 3.0 2010.05.01 -
Rising 22.45.04.03 2010.04.30 -
[B]Sophos 4.53.0 2010.05.01 Mal/Emogen-Y[/B]
Sunbelt 6245 2010.05.01 -
Symantec 20091.2.0.41 2010.05.01 -
TheHacker 6.5.2.0.274 2010.04.30 -
TrendMicro 9.120.0.1004 2010.04.30 -
[B]VBA32 3.12.12.4 2010.04.30 Trojan.Win32.Olmarik.17[/B]
ViRobot 2010.4.30.2297 2010.05.01 -
VirusBuster 5.0.27.0 2010.04.30 -[/QUOTE]

[url]http://www.virustotal.com/ru/analisis/f9cdce8b35f6d4172cd0ffea528b47a364b9ed76ee17263c676724789b1bbaab-1272688878[/url]
06.05.2010, 13:54
AlexGOMEL

Файл torta.exe получен 2010.05.06 09:26:04 (UTC)

Результат: 29/41 (70.74%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.05.06 -
AhnLab-V3 2010.05.05.00 2010.05.05 [B]Win32/Palevo1.worm.Gen[/B]
AntiVir 8.2.1.236 2010.05.06 [B]TR/Crypt.ZPACK.Gen[/B]
Antiy-AVL 2.0.3.7 2010.05.06 -
Authentium 5.2.0.5 2010.05.06 [B]W32/Rimecud.A.gen!Eldorado[/B]
Avast 4.8.1351.0 2010.05.05 [B]Win32:MalOb-AI[/B]
Avast5 5.0.332.0 2010.05.05 [B]Win32:MalOb-AI[/B]
AVG 9.0.0.787 2010.05.05 [B]Win32/Cryptor[/B]
BitDefender 7.2 2010.05.06 [B]Gen:Heur.Krypt.24[/B]
CAT-QuickHeal 10.00 2010.05.04 [B]Worm.Rimecud.A[/B]
ClamAV 0.96.0.3-git 2010.05.06 -
Comodo 4778 2010.05.06 [B]TrojWare.Win32.P2P-Worm.Palevo.owp[/B]
DrWeb 5.0.2.03300 2010.05.06 [B]Trojan.Packed.688[/B]
eSafe 7.0.17.0 2010.05.05 -
eTrust-Vet 35.2.7470 2010.05.05 -
F-Prot 4.5.1.85 2010.05.06 [B]W32/Rimecud.A.gen!Eldorado[/B]
F-Secure 9.0.15370.0 2010.05.06 [B]Worm:W32/Palevo.gen!M[/B]
Fortinet 4.0.14.0 2010.05.05 [B]W32/Rimecud!tr[/B]
GData 21 2010.05.06 [B]Gen:Heur.Krypt.24[/B]
Ikarus T3.1.1.84.0 2010.05.06 -
Jiangmin 13.0.900 2010.05.06 [B]Heur:Trojan/Pakes[/B]
Kaspersky 7.0.0.125 2010.05.06 -
McAfee 5.400.0.1158 2010.05.06 [B]W32/Rimecud.gen.a[/B]
McAfee-GW-Edition 2010.1 2010.05.06 [B]W32/Rimecud.gen.a[/B]
Microsoft 1.5703 2010.05.05 [B]Worm:Win32/Rimecud.A[/B]
NOD32 5090 2010.05.06 [B]a variant of Win32/Peerfrag.FU[/B]
Norman 6.04.12 2010.05.06 -
nProtect 2010-05-06.02 2010.05.06 -
Panda 10.0.2.7 2010.05.05 [B]Trj/CI.A[/B]
PCTools 7.0.3.5 2010.05.06 [B]Malware.Pilleuz[/B]
Prevx 3.0 2010.05.06 [B]High Risk Cloaked Malware[/B]
Rising 22.46.03.04 2010.05.06 -
Sophos 4.53.0 2010.05.06 [B]Mal/Rimecud-B[/B]
Sunbelt 6265 2010.05.06 [B]Worm.Win32.Rimecud.c (v)[/B]
Symantec 20091.2.0.41 2010.05.06 [B]W32.Pilleuz!gen1[/B]
TheHacker 6.5.2.0.276 2010.05.06 [B]W32/Rimecud.gen[/B]
TrendMicro 9.120.0.1004 2010.05.06 [B]WORM_PALEVO.SMEP[/B]
TrendMicro-HouseCall 9.120.0.1004 2010.05.06 [B]WORM_PALEVO.SMEP[/B]
VBA32 3.12.12.4 2010.05.06 [B]Malware-Cryptor.Win32.Inject.gen[/B]
ViRobot 2010.5.4.2303 2010.05.06 -
VirusBuster 5.0.27.0 2010.05.05 -

Дополнительная информация
File size: 143360 bytes
MD5...: f96d4a9a7372421cf4cda22ed4f78f24
08.05.2010, 04:46
gjf

Новый буткит (тот, который с инфектором от TDL3). И пусть говорят, что старый :) Привожу один из вариантов, всего около десятка:
File 2d4f0001_1fc9fa66da8293c55e63e2a8 received on 2010.05.08 00:44:20 (UTC)
Result: 13/41 (31.71%)
[QUOTE][B]a-squared 4.5.0.50 2010.05.07 Trojan-Downloader.Win32.Mebroot!IK[/B]
AhnLab-V3 2010.05.08.00 2010.05.07 -
AntiVir 8.2.1.236 2010.05.07 -
Antiy-AVL 2.0.3.7 2010.05.07 -
Authentium 5.2.0.5 2010.05.07 -
Avast 4.8.1351.0 2010.05.07 -
Avast5 5.0.332.0 2010.05.07 -
[B]AVG 9.0.0.787 2010.05.07 PSW.Sinowal.AZ
BitDefender 7.2 2010.05.08 Gen:Variant.Sinowal.1[/B]
CAT-QuickHeal 10.00 2010.05.07 -
ClamAV 0.96.0.3-git 2010.05.08 -
[B]Comodo 4788 2010.05.07 Backdoor.Win32.Sinowal.~CRSE
DrWeb 5.0.2.03300 2010.05.08 Trojan.Packed.20024[/B]
eSafe 7.0.17.0 2010.05.06 -
eTrust-Vet 35.2.7474 2010.05.07 -
F-Prot 4.5.1.85 2010.05.07 -
[B]F-Secure 9.0.15370.0 2010.05.07 Gen:Variant.Sinowal.1[/B]
Fortinet 4.1.133.0 2010.05.07 -
[B]GData 21 2010.05.08 Gen:Variant.Sinowal.1
Ikarus T3.1.1.84.0 2010.05.07 Trojan-Downloader.Win32.Mebroot[/B]
Jiangmin 13.0.900 2010.05.07 -
Kaspersky 7.0.0.125 2010.05.08 -
McAfee 5.400.0.1158 2010.05.08 -
McAfee-GW-Edition 2010.1 2010.05.07 -
Microsoft 1.5703 2010.05.08 -
[B]NOD32 5096 2010.05.07 a variant of Win32/Mebroot.DX[/B]
Norman 6.04.12 2010.05.07 -
[B]nProtect 2010-05-07.01 2010.05.07 Gen:Variant.Sinowal.1
Panda 10.0.2.7 2010.05.07 Suspicious file[/B]
PCTools 7.0.3.5 2010.05.07 -
Prevx 3.0 2010.05.08 -
Rising 22.46.04.04 2010.05.07 -
Sophos 4.53.0 2010.05.08 -
Sunbelt 6276 2010.05.08 -
[B]Symantec 20091.2.0.41 2010.05.08 Trojan.Mebroot[/B]
TheHacker 6.5.2.0.277 2010.05.07 -
TrendMicro 9.120.0.1004 2010.05.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.08 -
[B]VBA32 3.12.12.4 2010.05.06 suspected of Malware-Cryptor.Win32.General.5[/B]
ViRobot 2010.5.7.2306 2010.05.07 -
VirusBuster 5.0.27.0 2010.05.07 -[/QUOTE]

[url]http://www.virustotal.com/analisis/a6f4f8f20279fa5ec2515b25a2b9c44329f9c3fd4191c607b0b498ddbf9f5bbe-1273279460[/url]
10.05.2010, 18:14
polar_owl

Поймал здесь:[url]http://virusinfo.info/showthread.php?t=77940[/url]
На момент "ловли" детектировался только VBA32 (по Киберу)
Файл 44a133dc6baefbbedb9ade16147405c0. получен 2010.05.10 14:09:45
Результат: 5/41 (12.2%)
[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.09.00 2010.05.08 -
AntiVir 8.2.1.236 2010.05.10 -
Antiy-AVL 2.0.3.7 2010.05.10 -
Authentium 5.2.0.5 2010.05.10 -
Avast 4.8.1351.0 2010.05.10 -
Avast5 5.0.332.0 2010.05.10 -
AVG 9.0.0.787 2010.05.10 -
BitDefender 7.2 2010.05.10 -
CAT-QuickHeal 10.00 2010.05.10 -
ClamAV 0.96.0.3-git 2010.05.10 -
Comodo 4814 2010.05.10 -
[B]DrWeb 5.0.2.03300 2010.05.10 Trojan.Winlock.1600[/B]
eSafe 7.0.17.0 2010.05.10 -
eTrust-Vet 35.2.7477 2010.05.10 -
F-Prot 4.5.1.85 2010.05.10 -
F-Secure 9.0.15370.0 2010.05.10 -
Fortinet 4.1.133.0 2010.05.10 -
GData 21 2010.05.10 -
Ikarus T3.1.1.84.0 2010.05.10 -
Jiangmin 13.0.900 2010.05.10 -
[B]Kaspersky 7.0.0.125 2010.05.10 Trojan-Ransom.Win32.PornoBlocker.sr
McAfee 5.400.0.1158 2010.05.09 Suspect-1B!FABBFDAFA955[/B]
McAfee-GW-Edition 2010.1 2010.05.10 -
Microsoft 1.5703 2010.05.10 -
NOD32 5101 2010.05.10 -
Norman 6.04.12 2010.05.10 -
nProtect 2010-05-10.01 2010.05.10 -
Panda 10.0.2.7 2010.05.09 -
PCTools 7.0.3.5 2010.05.10 -
Prevx 3.0 2010.05.10 -
Rising 22.47.00.04 2010.05.10 -
Sophos 4.53.0 2010.05.10 -
[B]Sunbelt 6284 2010.05.10 Backdoor.Win32.Hupigon (v)[/B]
Symantec 20091.2.0.41 2010.05.10 -
TheHacker 6.5.2.0.277 2010.05.10 -
TrendMicro 9.120.0.1004 2010.05.10 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.10 -
[B]VBA32 3.12.12.4 2010.05.06 suspected of Win32 Logon AutoStart Install[/B]
ViRobot 2010.5.10.2308 2010.05.10 -
VirusBuster 5.0.27.0 2010.05.10 -
[/QUOTE]

[url]http://www.virustotal.com/ru/analisis/faedb4d3f8f61e7f5ee2ea61dd311276a13c26eac1c79c28742eaee730bbf0fa-1273500585[/url]
13.05.2010, 12:08
gjf

Богов Олимпа надо уважать! ;)
File bot.exe received on 2010.05.13 08:04:51 (UTC)
Result: 19/41 (46.35%)
[QUOTE]a-squared 4.5.0.50 2010.05.10 -
[B]AhnLab-V3 2010.05.13.01 2010.05.13 Trojan/Win32.CSon[/B]
AntiVir 8.2.1.242 2010.05.12 -
Antiy-AVL 2.0.3.7 2010.05.13 -
Authentium 5.2.0.5 2010.05.13 -
Avast 4.8.1351.0 2010.05.13 -
Avast5 5.0.332.0 2010.05.13 -
[B]AVG 9.0.0.787 2010.05.13 SHeur3.WJS
BitDefender 7.2 2010.05.13 Trojan.Generic.KD.11459[/B]
CAT-QuickHeal 10.00 2010.05.13 -
ClamAV 0.96.0.3-git 2010.05.13 -
[B]Comodo 4831 2010.05.13 TrojWare.Win32.TrojanSpy.Zbot.Gen
DrWeb 5.0.2.03300 2010.05.13 Trojan.PWS.Panda.218[/B]
eSafe 7.0.17.0 2010.05.11 -
eTrust-Vet 35.2.7485 2010.05.13 -
F-Prot 4.5.1.85 2010.05.13 -
[B]F-Secure 9.0.15370.0 2010.05.13 Trojan.Generic.KD.11459[/B]
Fortinet 4.1.133.0 2010.05.13 -
[B]GData 21 2010.05.13 Trojan.Generic.KD.11459
Ikarus T3.1.1.84.0 2010.05.13 PWS.Win32[/B]
Jiangmin 13.0.900 2010.05.13 -
[B]Kaspersky 7.0.0.125 2010.05.13 Trojan-Spy.Win32.Zbot.ajhf[/B]
McAfee 5.400.0.1158 2010.05.13 -
[B]McAfee-GW-Edition 2010.1 2010.05.13 Artemis!4DC14290FB2C
Microsoft 1.5703 2010.05.13 PWS:Win32/Zbot.gen!R
NOD32 5110 2010.05.12 Win32/Spy.Zbot.YW[/B]
Norman 6.04.12 2010.05.13 -
[B]nProtect 2010-05-13.01 2010.05.13 Trojan.Generic.KD.11459
Panda 10.0.2.7 2010.05.12 Suspicious file[/B]
PCTools 7.0.3.5 2010.05.13 -
[B]Prevx 3.0 2010.05.13 Medium Risk Malware
Rising 22.47.03.02 2010.05.13 Trojan.Win32.Generic.52041BA7
Sophos 4.53.0 2010.05.13 Mal/FakeAV-DL
Sunbelt 6297 2010.05.13 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.05.13 Trojan.Zbot[/B]
TheHacker 6.5.2.0.280 2010.05.13 -
TrendMicro 9.120.0.1004 2010.05.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.13 -
VBA32 3.12.12.4 2010.05.13 -
ViRobot 2010.5.13.2313 2010.05.13 -
VirusBuster 5.0.27.0 2010.05.12 -[/QUOTE]
[url]http://www.virustotal.com/analisis/400f446a79b6e098530e948e93da7c3218852f3acd5b0ea4977ad7b5e122830b-1273737891[/url]
13.05.2010, 23:36
polar_owl

Поймал сегодня:[url]http://virusinfo.info/showthread.php?t=78262[/url]
Ни один антивирус на ВТ на момент ловли не детектил. Ситуация на данный момент:

Файл avz00001.dta получен 2010.05.13 19:30:34 (UTC)
Результат: 1/41 (2.44%)[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.13.01 2010.05.13 -
AntiVir 8.2.1.242 2010.05.13 -
Antiy-AVL 2.0.3.7 2010.05.13 -
Authentium 5.2.0.5 2010.05.13 -
Avast 4.8.1351.0 2010.05.13 -
Avast5 5.0.332.0 2010.05.13 -
AVG 9.0.0.787 2010.05.13 -
BitDefender 7.2 2010.05.13 -
CAT-QuickHeal 10.00 2010.05.13 -
ClamAV 0.96.0.3-git 2010.05.13 -
Comodo 4833 2010.05.13 -
[B]DrWeb 5.0.2.03300 2010.05.13 Trojan.Winlock.1643[/B]
eSafe 7.0.17.0 2010.05.13 -
eTrust-Vet 35.2.7485 2010.05.13 -
F-Prot 4.5.1.85 2010.05.13 -
F-Secure 9.0.15370.0 2010.05.13 -
Fortinet 4.1.133.0 2010.05.13 -
GData 21 2010.05.13 -
Ikarus T3.1.1.84.0 2010.05.13 -
Jiangmin 13.0.900 2010.05.13 -
Kaspersky 7.0.0.125 2010.05.13 -
McAfee 5.400.0.1158 2010.05.13 -
McAfee-GW-Edition 2010.1 2010.05.13 -
Microsoft 1.5703 2010.05.13 -
NOD32 5113 2010.05.13 -
Norman 6.04.12 2010.05.13 -
nProtect 2010-05-13.01 2010.05.13 -
Panda 10.0.2.7 2010.05.13 -
PCTools 7.0.3.5 2010.05.13 -
Prevx 3.0 2010.05.13 -
Rising 22.47.03.04 2010.05.13 -
Sophos 4.53.0 2010.05.13 -
Sunbelt 6299 2010.05.13 -
Symantec 20101.1.0.89 2010.05.13 -
TheHacker 6.5.2.0.280 2010.05.13 -
TrendMicro 9.120.0.1004 2010.05.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.13 -
VBA32 3.12.12.4 2010.05.13 -
ViRobot 2010.5.13.2314 2010.05.13 -
VirusBuster 5.0.27.0 2010.05.13 -[/QUOTE]
13.05.2010, 23:48
hton5

[B]File update_flash_player_x14.exe received on 2010.05.13 18:43:23 (UTC)[/B]

[CODE][B]a-squared;4.5.0.50;2010.05.10;Trojan-Ransom.Win32.PinkBlocker!IK[/B]
AhnLab-V3;2010.05.13.01;2010.05.13;-
AntiVir;8.2.1.242;2010.05.13;-
Antiy-AVL;2.0.3.7;2010.05.13;-
Authentium;5.2.0.5;2010.05.13;-
Avast;4.8.1351.0;2010.05.13;-
Avast5;5.0.332.0;2010.05.13;-
AVG;9.0.0.787;2010.05.13;-
BitDefender;7.2;2010.05.13;-
CAT-QuickHeal;10.00;2010.05.13;-
ClamAV;0.96.0.3-git;2010.05.13;-
Comodo;4833;2010.05.13;-
DrWeb;5.0.2.03300;2010.05.13;-
eSafe;7.0.17.0;2010.05.13;-
eTrust-Vet;35.2.7485;2010.05.13;-
F-Prot;4.5.1.85;2010.05.13;-
F-Secure;9.0.15370.0;2010.05.13;-
Fortinet;4.1.133.0;2010.05.13;-
GData;21;2010.05.13;-
[B]Ikarus;T3.1.1.84.0;2010.05.13;Trojan-Ransom.Win32.PinkBlocker[/B]
[B]Jiangmin;13.0.900;2010.05.13;Trojan/PinkBlocker.qs[/B]
Kaspersky;7.0.0.125;2010.05.13;-
McAfee;5.400.0.1158;2010.05.13;-
McAfee-GW-Edition;2010.1;2010.05.13;-
Microsoft;1.5703;2010.05.13;-
[B]NOD32;5113;2010.05.13;a variant of Win32/LockScreen.SN[/B]
Norman;6.04.12;2010.05.13;-
nProtect;2010-05-13.01;2010.05.13;-
Panda;10.0.2.7;2010.05.13;-
PCTools;7.0.3.5;2010.05.13;-
Rising;22.47.03.04;2010.05.13;-
Sophos;4.53.0;2010.05.13;-
Sunbelt;6299;2010.05.13;-
Symantec;20101.1.0.89;2010.05.13;-
TheHacker;6.5.2.0.280;2010.05.13;-
TrendMicro;9.120.0.1004;2010.05.13;-
TrendMicro-HouseCall;9.120.0.1004;2010.05.13;-
VBA32;3.12.12.4;2010.05.13;-
ViRobot;2010.5.13.2314;2010.05.13;-
VirusBuster;5.0.27.0;2010.05.13;-[/CODE]
18.05.2010, 11:21
Шапельский Александр

Чистил ПК на работе. [QUOTE]G:\TAMBA\\\\\LAMBA.exe[/QUOTE]
Папка "TAMBA" находилась на флешке вместе с autorun.inf. Зловред прописывал csrss.exe (LAMBA.exe) в автозагрузку профиля пользователя с подменой диспетчера задач.
[URL="http://www.virustotal.com/ru/analisis/6ac4cc707bdbd48a702570fda650c252e3de12b84257c9094d5dc2b2bbe6635f-1274166216"]http://www.virustotal.com/ru/analisis/6ac4cc707bdbd48a702570fda650c252e3de12b84257c9094d5dc2b2bbe6635f-1274166216[/URL]
[QUOTE]a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.18.01 2010.05.18 -
AntiVir 8.2.1.242 2010.05.17 -
Antiy-AVL 2.0.3.7 2010.05.17 -
[B]Authentium 5.2.0.5 2010.05.18 W32/Rimecud.I2.gen!Eldorado[/B]
Avast 4.8.1351.0 2010.05.17 -
Avast5 5.0.332.0 2010.05.17 -
[B]AVG 9.0.0.787 2010.05.17 Cryptic.GW
BitDefender 7.2 2010.05.18 Gen:Variant.Rimecud.2
CAT-QuickHeal 10.00 2010.05.18 Worm.Palevo[/B]
ClamAV 0.96.0.3-git 2010.05.18 -
[B]Comodo 4869 2010.05.18 Worm.Win32.Peerfrag.~NHD
DrWeb 5.0.2.03300 2010.05.18 Trojan.Packed.189[/B]
eSafe 7.0.17.0 2010.05.17 -
eTrust-Vet 35.2.7495 2010.05.17 -
[B]F-Prot 4.5.1.85 2010.05.18 W32/Rimecud.I2.gen!Eldorado
F-Secure 9.0.15370.0 2010.05.18 Gen:Variant.Rimecud.2[/B]
Fortinet 4.1.133.0 2010.05.18 -
[B]GData 21 2010.05.18 Gen:Variant.Rimecud.2[/B]
Ikarus T3.1.1.84.0 2010.05.18 -
Jiangmin 13.0.900 2010.05.18 -
Kaspersky 7.0.0.125 2010.05.18 -
McAfee 5.400.0.1158 2010.05.18 -
McAfee-GW-Edition 2010.1 2010.05.17 -
[B]Microsoft 1.5703 2010.05.18 Worm:Win32/Rimecud.B
NOD32 5122 2010.05.17 a variant of Win32/Peerfrag.HD[/B]
Norman 6.04.12 2010.05.18 -
[B]nProtect 2010-05-17.01 2010.05.17 Gen:Variant.Rimecud.2[/B]
Panda 10.0.2.7 2010.05.17 -
[B]PCTools 7.0.3.5 2010.05.18 Malware.Pilleuz[/B]
Prevx 3.0 2010.05.18 -
Rising 22.48.01.02 2010.05.18 -
[B]Sophos 4.53.0 2010.05.18 Mal/Palevo-A
Sunbelt 6316 2010.05.18 Packed.Win32.Crum (v)
Symantec 20101.1.0.89 2010.05.18 W32.Pilleuz!gen5[/B]
TheHacker 6.5.2.0.281 2010.05.17 -
[B]TrendMicro 9.120.0.1004 2010.05.18 Mal_Palevo5
TrendMicro-HouseCall 9.120.0.1004 2010.05.18 Mal_Palevo5
VBA32 3.12.12.5 2010.05.17 Malware-Cryptor.Win32.101[/B]
ViRobot 2010.5.18.2321 2010.05.18 -
VirusBuster 5.0.27.0 2010.05.17 -
Дополнительная информация
File size: 153088 bytes
MD5...: 1b7d07967c3b17ff726d9690bdada386
SHA1..: 838840b2671d4f00243a82de051f0e0bbf1b5a85
SHA256: 6ac4cc707bdbd48a702570fda650c252e3de12b84257c9094d5dc2b2bbe6635f
ssdeep: 3072:dbFHOCTAmlnNznZc/PyY6Gro2IOP74qt3uojwY1S:dtO0AmfnZc/Pw+JIOP
L3uojw[/QUOTE]
18.05.2010, 18:27
gjf

Новый старый способ распространения TDL3:
[QUOTE]SMTP and POP3 servers for [I][email protected][/I] mailbox are changed. Please carefully read the attached instructions before updating settings.

[url]http://deleted/card.zip[/url][/QUOTE]

File card.zip received on 2010.05.18 13:57:26 (UTC)
Result: 14/41 (34.15%)
[QUOTE]a-squared 4.5.0.50 2010.05.10 -
[B]AhnLab-V3 2010.05.18.01 2010.05.18 Dropper/Win32.TDSS
AntiVir 8.2.1.242 2010.05.18 TR/Alureon.CT.1526[/B]
Antiy-AVL 2.0.3.7 2010.05.18 -
[B]Authentium 5.2.0.5 2010.05.18 W32/Alureon.JHV[/B]
Avast 4.8.1351.0 2010.05.18 -
Avast5 5.0.332.0 2010.05.18 -
AVG 9.0.0.787 2010.05.18 -
BitDefender 7.2 2010.05.18 -
CAT-QuickHeal 10.00 2010.05.18 -
ClamAV 0.96.0.3-git 2010.05.18 -
Comodo 4873 2010.05.18 -
[B]DrWeb 5.0.2.03300 2010.05.18 BackDoor.Tdss.2459[/B]
eSafe 7.0.17.0 2010.05.17 -
eTrust-Vet 35.2.7496 2010.05.18 -
[B]F-Prot 4.5.1.85 2010.05.18 W32/Alureon.JHV
F-Secure 9.0.15370.0 2010.05.18 Trojan:W32/TDSS.FQ[/B]
Fortinet 4.1.133.0 2010.05.18 -
GData 21 2010.05.18 -
[B]Ikarus T3.1.1.84.0 2010.05.18 Trojan.Win32.Alureon[/B]
Jiangmin 13.0.900 2010.05.18 -
Kaspersky 7.0.0.125 2010.05.18 -
McAfee 5.400.0.1158 2010.05.18 -
McAfee-GW-Edition 2010.1 2010.05.18 -
[B]Microsoft 1.5802 2010.05.18 Trojan:Win32/Alureon.CT
NOD32 5124 2010.05.18 Win32/Olmarik.ZH[/B]
Norman 6.04.12 2010.05.18 -
nProtect 2010-05-18.01 2010.05.18 -
[B]Panda 10.0.2.7 2010.05.17 Suspicious file
PCTools 7.0.3.5 2010.05.18 Backdoor.Tidserv[/B]
Prevx 3.0 2010.05.18 -
Rising 22.48.01.02 2010.05.18 -
[B]Sophos 4.53.0 2010.05.18 Troj/Bredo-CR[/B]
Sunbelt 6317 2010.05.18 -
[B]Symantec 20101.1.0.89 2010.05.18 Backdoor.Tidserv!gen4[/B]
TheHacker 6.5.2.0.281 2010.05.17 -
TrendMicro 9.120.0.1004 2010.05.18 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.18 -
VBA32 3.12.12.5 2010.05.18 -
ViRobot 2010.5.18.2322 2010.05.18 -
[B]VirusBuster 5.0.27.0 2010.05.18 Trojan.Alureon.Gen.12[/B][/QUOTE]

[url]http://www.virustotal.com/analisis/c4b3f436f90b02eb562338be0f55fb3a0d8dba61b65c6416dbbf470c20f94a40-1274191046[/url]
21.05.2010, 15:45
polar_owl

На работе выловил. Ничего его не брало, даже LiveCD. При запуске АВ - утилит комп просто завершал работу. Прописывается эта бяка в [B]AppInit_DLLs[/B]. Собственно так и выловил. Файл имел название [B]t.dll[/B] -- лежал в [B]system32[/B].

File 111.dll received on 2010.05.21 09:10:27 (UTC)
Результат: 9/41 (21.96%)
[QUOTE]Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.21.00 2010.05.20 -
AntiVir 8.2.1.242 2010.05.21 -
Antiy-AVL 2.0.3.7 2010.05.21 -
Authentium 5.2.0.5 2010.05.21 -
Avast 4.8.1351.0 2010.05.21 -
Avast5 5.0.332.0 2010.05.21 -
[B]AVG 9.0.0.787 2010.05.20 Cryptic.SO[/B]
BitDefender 7.2 2010.05.21 -
CAT-QuickHeal 10.00 2010.05.21 -
ClamAV 0.96.0.3-git 2010.05.21 -
[B]Comodo 4897 2010.05.21 Heur.Packed.Unknown
DrWeb 5.0.2.03300 2010.05.21 Trojan.Winlock.1721[/B]
eSafe 7.0.17.0 2010.05.20 -
eTrust-Vet 35.2.7502 2010.05.21 -
F-Prot 4.6.0.103 2010.05.20 -
F-Secure 9.0.15370.0 2010.05.21 -
Fortinet 4.1.133.0 2010.05.20 -
GData 21 2010.05.21 -
[B]Ikarus T3.1.1.84.0 2010.05.21 Trojan.Cryptic[/B]
Jiangmin 13.0.900 2010.05.20 -
[B]Kaspersky 7.0.0.125 2010.05.21 Worm.Win32.NeKav.cl[/B]
McAfee 5.400.0.1158 2010.05.21 -
[B]McAfee-GW-Edition 2010.1 2010.05.21 Artemis!39E93988A325
Microsoft 1.5802 2010.05.20 Worm:Win32/Autorun.gen!BS[/B]
NOD32 5134 2010.05.21 -
Norman 6.04.12 2010.05.21 -
nProtect 2010-05-21.01 2010.05.21 -
Panda 10.0.2.7 2010.05.20 -
PCTools 7.0.3.5 2010.05.21 -
Prevx 3.0 2010.05.21 -
Rising 22.48.04.04 2010.05.21 -
[B]Sophos 4.53.0 2010.05.21 Sus/UnkPack-C
Sunbelt 6332 2010.05.21 Trojan.Win32.Generic!BT[/B]
Symantec 20101.1.0.89 2010.05.21 -
TheHacker 6.5.2.0.284 2010.05.20 -
TrendMicro 9.120.0.1004 2010.05.21 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.21 -
VBA32 3.12.12.5 2010.05.20 -
ViRobot 2010.5.20.2326 2010.05.20 -
VirusBuster 5.0.27.0 2010.05.21 -[/QUOTE]

Показывать 40 сообщений этой темы на одной странице