Исследование антивирусов 7

Файл [B]mms.jar[/B] получен 2010.05.24 08:33:57 (UTC)
Результат: [B][COLOR="Red"]8[/COLOR]/41[/B] (19.52%)
[QUOTE][U]Антивирус Версия Обновление Результат[/U]
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.23.00 2010.05.22 -
AntiVir 8.2.1.242 2010.05.23 [B]JAVA/Smmer.5994[/B]
Antiy-AVL 2.0.3.7 2010.05.24 [B]Trojan/J2ME.Smmer[/B]
Authentium 5.2.0.5 2010.05.23 -
Avast 4.8.1351.0 2010.05.23 -
Avast5 5.0.332.0 2010.05.23 -
AVG 9.0.0.787 2010.05.23 [B]Java/SMS.J[/B]
BitDefender 7.2 2010.05.24 -
CAT-QuickHeal 10.00 2010.05.24 -
ClamAV 0.96.0.3-git 2010.05.22 -
Comodo 4930 2010.05.24 [B]UnclassifiedMalware[/B]
DrWeb 5.0.2.03300 2010.05.24 [B]Java.SMSSend.177[/B]
eSafe 7.0.17.0 2010.05.23 -
eTrust-Vet 35.2.7506 2010.05.24 -
F-Prot 4.6.0.103 2010.05.23 -
F-Secure 9.0.15370.0 2010.05.24 [B]Riskware:Java/SmsSend.Gen!A[/B]
Fortinet 4.1.133.0 2010.05.23 -
GData 21 2010.05.24 -
Ikarus T3.1.1.84.0 2010.05.24 [B]Trojan-SMS[/B]
Jiangmin 13.0.900 2010.05.22 -
Kaspersky 7.0.0.125 2010.05.24 [B]Trojan-SMS.J2ME.Smmer.a[/B]
McAfee 5.400.0.1158 2010.05.24 -
McAfee-GW-Edition 2010.1 2010.05.23 -
Microsoft 1.5802 2010.05.24 -
NOD32 5139 2010.05.23 -
Norman 6.04.12 2010.05.23 -
nProtect 2010-05-23.01 2010.05.23 -
Panda 10.0.2.7 2010.05.23 -
PCTools 7.0.3.5 2010.05.24 -
Prevx 3.0 2010.05.24 -
Rising 22.49.00.03 2010.05.24 -
Sophos 4.53.0 2010.05.24 -
Sunbelt 6346 2010.05.24 -
Symantec 20101.1.0.89 2010.05.24 -
TheHacker 6.5.2.0.286 2010.05.24 -
TrendMicro 9.120.0.1004 2010.05.24 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.24 -
VBA32 3.12.12.5 2010.05.22 -
ViRobot 2010.5.20.2326 2010.05.24 -
VirusBuster 5.0.27.0 2010.05.23 -
[/QUOTE]
Дополнительная информация
File size: [B]17493[/B] bytes
MD5...: b4c114850d73db941c695b9d35cf4f29
SHA1..: 3b64e52f05f9bcbf51e7bb3366d65d1815cb9319
SHA256: 37dd628f6c9d53181c9002fe8bdc5026685811ff2bff5f3116d36dc335847ae9
[url]http://www.virustotal.com/ru/analisis/37dd628f6c9d53181c9002fe8bdc5026685811ff2bff5f3116d36dc335847ae9-1274690037[/url]

Файл video-plugin.45046.exe получен 2010.05.25 11:00:38 (UTC)
Результат: 14/40 (35%)

[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.25.00 2010.05.25 -
AntiVir 8.2.1.242 2010.05.25 -
Antiy-AVL 2.0.3.7 2010.05.25 -
[B]Authentium 5.2.0.5 2010.05.25 W32/FakeAlert.5!Maximus[/B]
Avast 4.8.1351.0 2010.05.25 -
Avast5 5.0.332.0 2010.05.25 -
AVG 9.0.0.787 2010.05.25 -
[B]BitDefender 7.2 2010.05.25 Trojan.Renos.PGL[/B]
CAT-QuickHeal 10.00 2010.05.25 -
ClamAV 0.96.0.3-git 2010.05.25 -
Comodo 4939 2010.05.25 -
[B]DrWeb 5.0.2.03300 2010.05.25 Trojan.DownLoad1.60983[/B]
eSafe 7.0.17.0 2010.05.24 -
[B]eTrust-Vet 35.2.7508 2010.05.25 Win32/FakeCodec.C!generic
F-Prot 4.6.0.103 2010.05.24 W32/FakeAlert.5!Maximus
F-Secure 9.0.15370.0 2010.05.25 Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.1.133.0 2010.05.23 -
[B]GData 21 2010.05.25 Trojan.Renos.PGL[/B]
Ikarus T3.1.1.84.0 2010.05.25 -
Jiangmin 13.0.900 2010.05.24 -
Kaspersky 7.0.0.125 2010.05.25 -
[B]McAfee 5.400.0.1158 2010.05.25 Downloader-CEW.b[/B]
McAfee-GW-Edition 2010.1 2010.05.25 -
Microsoft 1.5802 2010.05.25 -
[B]NOD32 5143 2010.05.25 Win32/TrojanDownloader.FakeAlert.AYQ[/B]
Norman 6.04.12 2010.05.25 -
nProtect 2010-05-25.01 2010.05.25 -
[B]Panda 10.0.2.7 2010.05.25 Suspicious file[/B]
PCTools 7.0.3.5 2010.05.25 -
[B]Rising 22.49.01.04 2010.05.25 Trojan.Win32.Generic.52062772
Sophos 4.53.0 2010.05.25 Mal/FakeAV-CX
Sunbelt 6352 2010.05.25 Trojan.Win32.Generic!BT[/B]
Symantec 20101.1.0.89 2010.05.25 -
TheHacker 6.5.2.0.287 2010.05.25 -
TrendMicro 9.120.0.1004 2010.05.25 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.25 -
VBA32 3.12.12.5 2010.05.25 -
ViRobot 2010.5.20.2326 2010.05.25 -
[B]VirusBuster 5.0.27.0 2010.05.24 Trojan.Codecpack.Gen.6[/B][/QUOTE]

[url]http://www.virustotal.com/ru/analisis/19fdcd90bd8cb33b3ad9bd83963bf5c8a9950598df0c357e479eca31c665637b-1274785238[/url]

Файл [B]0.005320158428112287.exe[/B] получен 2010.05.27 10:30:04 (UTC)
Результат: [B][COLOR="Red"]4[/COLOR]/40 (10%)[/B]


[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.27.00 2010.05.27 -
AntiVir 8.2.1.242 2010.05.27 -
Antiy-AVL 2.0.3.7 2010.05.26 -
Authentium 5.2.0.5 2010.05.27 -
[B]Avast 4.8.1351.0 2010.05.27 Win32:Crypt-GMW
Avast5 5.0.332.0 2010.05.27 Win32:Crypt-GMW[/B]
AVG 9.0.0.787 2010.05.27 -
BitDefender 7.2 2010.05.27 -
CAT-QuickHeal 10.00 2010.05.27 -
ClamAV 0.96.0.3-git 2010.05.27 -
Comodo 4942 2010.05.25 -
[B]DrWeb 5.0.2.03300 2010.05.27 Trojan.DownLoad1.60799[/B]
eSafe 7.0.17.0 2010.05.26 -
eTrust-Vet 35.2.7513 2010.05.27 -
F-Prot 4.6.0.103 2010.05.26 -
F-Secure 9.0.15370.0 2010.05.27 -
Fortinet 4.1.133.0 2010.05.26 -
[B]GData 21 2010.05.27 Win32:Crypt-GMW[/B]
Ikarus T3.1.1.84.0 2010.05.27 -
Jiangmin 13.0.900 2010.05.24 -
Kaspersky 7.0.0.125 2010.05.27 -
McAfee 5.400.0.1158 2010.05.27 -
McAfee-GW-Edition 2010.1 2010.05.27 -
Microsoft 1.5802 2010.05.27 -
NOD32 5149 2010.05.27 -
Norman 6.04.12 2010.05.26 -
nProtect 2010-05-27.01 2010.05.27 -
Panda 10.0.2.7 2010.05.26 -
PCTools 7.0.3.5 2010.05.27 -
Rising 22.49.03.04 2010.05.27 -
Sophos 4.53.0 2010.05.27 -
Sunbelt 6363 2010.05.27 -
Symantec 20101.1.0.89 2010.05.27 -
TheHacker 6.5.2.0.287 2010.05.25 -
TrendMicro 9.120.0.1004 2010.05.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.27 -
VBA32 3.12.12.5 2010.05.26 -
ViRobot 2010.5.20.2326 2010.05.27 -
VirusBuster 5.0.27.0 2010.05.26 -[/QUOTE]

[url]http://www.virustotal.com/ru/analisis/33e93197bf66a344be2d54a3beb7c91d7a98c6e6fb212b8bd0b6396522453cee-1274956204[/url]

t-79536
File stWpaE7.exe received on 2010.05.28 05:44:32 (UTC)
[CODE]Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.28.00 2010.05.28 -
AntiVir 8.2.1.242 2010.05.27 -
Antiy-AVL 2.0.3.7 2010.05.26 -
Authentium 5.2.0.5 2010.05.28 -
Avast 4.8.1351.0 2010.05.27 -
Avast5 5.0.332.0 2010.05.27 -
AVG 9.0.0.787 2010.05.27 -
BitDefender 7.2 2010.05.28 -
[B]CAT-QuickHeal 10.00 2010.05.28 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.05.28 -
Comodo 4942 2010.05.25 -
[B]DrWeb 5.0.2.03300 2010.05.28 Trojan.Packed.20325[/B]
eSafe 7.0.17.0 2010.05.27 -
eTrust-Vet 35.2.7515 2010.05.27 -
F-Prot 4.6.0.103 2010.05.28 -
F-Secure 9.0.15370.0 2010.05.28 -
Fortinet 4.1.133.0 2010.05.26 -
GData 21 2010.05.28 -
Ikarus T3.1.1.84.0 2010.05.28 -
Jiangmin 13.0.900 2010.05.27 -
Kaspersky 7.0.0.125 2010.05.28 -
McAfee 5.400.0.1158 2010.05.28 -
McAfee-GW-Edition 2010.1 2010.05.27 -
[B]Microsoft 1.5802 2010.05.28 Trojan:Win32/Meredrop[/B]
NOD32 5151 2010.05.27 -
Norman 6.04.12 2010.05.27 -
nProtect 2010-05-27.03 2010.05.27 -
Panda 10.0.2.7 2010.05.27 -
PCTools 7.0.3.5 2010.05.28 -
[B]Prevx 3.0 2010.05.28 Medium Risk Malware[/B]
Rising 22.49.04.01 2010.05.28 -
Sophos 4.53.0 2010.05.28 -
Sunbelt 6367 2010.05.28 -
Symantec 20101.1.0.89 2010.05.28 -
TheHacker 6.5.2.0.288 2010.05.27 -
TrendMicro 9.120.0.1004 2010.05.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.28 -
VBA32 3.12.12.5 2010.05.27 -
ViRobot 2010.5.20.2326 2010.05.28 -
VirusBuster 5.0.27.0 2010.05.27 -[/CODE]
Additional information
File size: 100864 bytes
MD5...: 63896d67aa1026e7e4e94b6b38acf743

Файл [B]svhost.exe[/B] получен 2010.05.28 09:47:05 (UTC)
Результат:[B] 9/41[/B] (21.96%)
[CODE]a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.28.00 2010.05.28 -
AntiVir 8.2.1.242 2010.05.28 -
Antiy-AVL 2.0.3.7 2010.05.26 -
Authentium 5.2.0.5 2010.05.28 -
Avast 4.8.1351.0 2010.05.28 -
[B]Avast5 5.0.332.0 2010.05.28 Win32:SuspBehav-C[/B]
AVG 9.0.0.787 2010.05.27 -
BitDefender 7.2 2010.05.28 -
[B]CAT-QuickHeal 10.00 2010.05.28 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.05.28 -
Comodo 4942 2010.05.25 -
[B]DrWeb 5.0.2.03300 2010.05.28 Trojan.Winlock.1765[/B]
eSafe 7.0.17.0 2010.05.27 -
eTrust-Vet 35.2.7516 2010.05.28 -
F-Prot 4.6.0.103 2010.05.28 -
[B]F-Secure 9.0.15370.0 2010.05.28 Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.1.133.0 2010.05.26 -
GData 21 2010.05.28 -
Ikarus T3.1.1.84.0 2010.05.28 -
Jiangmin 13.0.900 2010.05.28 -
[B]Kaspersky 7.0.0.125 2010.05.28 Trojan-Ransom.Win32.PinkBlocker.blk[/B]
McAfee 5.400.0.1158 2010.05.28 -
[B]McAfee-GW-Edition 2010.1 2010.05.28 Artemis!BE43FF336A01[/B]
Microsoft 1.5802 2010.05.28 -
NOD32 5152 2010.05.28 -
Norman 6.04.12 2010.05.27 -
nProtect 2010-05-27.03 2010.05.27 -
[B]Panda 10.0.2.7 2010.05.27 Suspicious file[/B]
PCTools 7.0.3.5 2010.05.28 -
Prevx 3.0 2010.05.28 -
Rising 22.49.04.04 2010.05.28 -
[B]Sophos 4.53.0 2010.05.28 Sus/UnkPack-C[/B]
Sunbelt 6368 2010.05.28 -
Symantec 20101.1.0.89 2010.05.28 -
TheHacker 6.5.2.0.288 2010.05.27 -
TrendMicro 9.120.0.1004 2010.05.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.28 -
[B]VBA32 3.12.12.5 2010.05.28 Trojan.Win32.Waledac.42[/B]
ViRobot 2010.5.20.2326 2010.05.28 -
VirusBuster 5.0.27.0 2010.05.27 -
[/CODE]

Дополнительная информация
File size: [B]380416 bytes[/B]
MD5...: be43ff336a0176b9976c8b44a66753d6

[url]http://www.virustotal.com/ru/analisis/350cdf0cdadc3bf64e4a849853ff08e90469411a33382e38986968fdec19abd4-1275040025[/url]

Сделал человеку фотографию на паспорт дома, записал на флешку, сестра сходила в фотостудию. Оттуда уже принесла и это при том что у флешки был заблокирован autorun.inf

File jwgkvsq.vmx received on 2010.05.31 10:17:54 (UTC)
Current status: Finished
Result: 32/33 (96.97%)
[QUOTE][B]a-squared 5.0.0.26 2010.05.31 Net-Worm.Win32.Kido!IK[/B]
[B]AntiVir 8.2.1.242 2010.05.31 Worm/Conficker.AG[/B]
Antiy-AVL 2.0.3.7 2010.05.31 -
[B]Authentium 5.2.0.5 2010.05.31 W32/Conficker!Generic[/B]
[B]Avast 4.8.1351.0 2010.05.30 Win32:Confi[/B]
[B]Avast5 5.0.332.0 2010.05.30 Win32:Confi[/B]
[B]BitDefender 7.2 2010.05.31 Win32.Worm.Downadup.Gen[/B]
[B]CAT-QuickHeal 10.00 2010.05.31 Worm.Conficker.b[/B]
[B]ClamAV 0.96.0.3-git 2010.05.30 Worm.Kido-61[/B]
[B]Comodo 4959 2010.05.31 Worm.Win32.Conficker.AG0[/B]
[B]eSafe 7.0.17.0 2010.05.30 Win32.Conficker.worm[/B]
[B]eTrust-Vet 35.2.7521 2010.05.31 Win32/Conficker[/B]
[B]F-Prot 4.6.0.103 2010.05.31 W32/Conficker!Generic[/B]
[B]Fortinet 4.1.133.0 2010.05.30 W32/Conficker.IH!worm.im[/B]
[B]GData 21 2010.05.31 Win32.Worm.Downadup.Gen[/B]
[B]Ikarus T3.1.1.84.0 2010.05.31 Net-Worm.Win32.Kido[/B]
[B]Jiangmin 13.0.900 2010.05.30 Worm/Kido.jm[/B]
[B]Kaspersky 7.0.0.125 2010.05.31 Net-Worm.Win32.Kido.ih[/B]
[B]McAfee 5.400.0.1158 2010.05.31 W32/Conficker.worm.gen.a[/B]
[B]McAfee-GW-Edition 2010.1 2010.05.31 W32/Conficker.worm.gen.a[/B]
[B]Microsoft 1.5802 2010.05.31 Worm:Win32/Conficker.B[/B]
[B]NOD32 5157 2010.05.31 a variant of Win32/Conficker.AA[/B]
[B]nProtect 2010-05-31.01 2010.05.31 Worm/W32.Kido.169822[/B]
[B]Panda 10.0.2.7 2010.05.30 W32/Conficker.C.worm[/B]
[B]PCTools 7.0.3.5 2010.05.31 Trojan.Conficker[/B]
[B]Prevx 3.0 2010.05.31 Medium Risk Malware[/B]
[B]Rising 22.50.00.04 2010.05.31 Trojan.Win32.Generic.51F828F1[/B]
[B]Sophos 4.53.0 2010.05.31 Mal/Conficker-A[/B]
[B]TheHacker 6.5.2.0.290 2010.05.30 W32/Kido.ih[/B]
[B]TrendMicro 9.120.0.1004 2010.05.31 WORM_DOWNAD.AD[/B]
[B]VBA32 3.12.12.5 2010.05.29 Worm.Win32.kido.105[/B]
[B]ViRobot 2010.5.20.2326 2010.05.28 Worm.Win32.Conficker.169822[/B]
[B]VirusBuster 5.0.27.0 2010.05.30 Worm.Kido.KE[/B][/QUOTE]
Additional information
File size: 169822 bytes
MD5...: acf4da36e762084070f8138a43144759
SHA1..: 2f00848973f6abaa5a31647a19c0da6053a3e4c5
SHA256: 71608b749d8e3d8736975a26151d529ddee99d92f97640ab36927f91e1846282
ssdeep: 3072:+/5E60KXnXhddhoqAtULVMtpJW+PIeii72sxPzhO8k6YWsC8VTd/ThWlA0J
RkFX+:U5p0KdDtLKtpJFILroPzhO71+I1FWu0f
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x43cb
timedatestamp.....: 0x4495b5bb (Sun Jun 18 20:21:15 2006)
machinetype.......: 0x14c (I386)

File _TEMP.exe received on 2010.05.31 09:31:26 (UTC)
Result: 0/41 (0.00%)
[QUOTE]a-squared 5.0.0.26 2010.05.31 -
AhnLab-V3 2010.05.30.00 2010.05.29 -
AntiVir 8.2.1.242 2010.05.31 -
Antiy-AVL 2.0.3.7 2010.05.31 -
Authentium 5.2.0.5 2010.05.31 -
Avast 4.8.1351.0 2010.05.30 -
Avast5 5.0.332.0 2010.05.30 -
AVG 9.0.0.787 2010.05.31 -
BitDefender 7.2 2010.05.31 -
CAT-QuickHeal 10.00 2010.05.31 -
ClamAV 0.96.0.3-git 2010.05.30 -
Comodo 4959 2010.05.31 -
DrWeb 5.0.2.03300 2010.05.31 -
eSafe 7.0.17.0 2010.05.30 -
eTrust-Vet 35.2.7521 2010.05.31 -
F-Prot 4.6.0.103 2010.05.31 -
F-Secure 9.0.15370.0 2010.05.31 -
Fortinet 4.1.133.0 2010.05.30 -
GData 21 2010.05.31 -
Ikarus T3.1.1.84.0 2010.05.31 -
Jiangmin 13.0.900 2010.05.30 -
Kaspersky 7.0.0.125 2010.05.31 -
McAfee 5.400.0.1158 2010.05.31 -
McAfee-GW-Edition 2010.1 2010.05.31 -
Microsoft 1.5802 2010.05.31 -
NOD32 5157 2010.05.31 -
Norman 6.04.12 2010.05.31 -
nProtect 2010-05-31.01 2010.05.31 -
Panda 10.0.2.7 2010.05.30 -
PCTools 7.0.3.5 2010.05.31 -
Prevx 3.0 2010.05.31 -
Rising 22.50.00.04 2010.05.31 -
Sophos 4.53.0 2010.05.31 -
Sunbelt 6380 2010.05.31 -
Symantec 20101.1.0.89 2010.05.31 -
TheHacker 6.5.2.0.290 2010.05.30 -
TrendMicro 9.120.0.1004 2010.05.31 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.31 -
VBA32 3.12.12.5 2010.05.29 -
ViRobot 2010.5.20.2326 2010.05.28 -
VirusBuster 5.0.27.0 2010.05.30 -[/QUOTE]
[url]http://www.virustotal.com/analisis/467c7c4b5f82470170b0b9d89b9724769b809ba4384f95b0239bfd47cec20c6b-1275298286[/url]
[B]P.S. ~Temp.exe = Trojan.MSIL.Agent.lc[/B]

[size="1"][color="#666686"][B][I]Добавлено через 2 часа 25 минут[/I][/B][/color][/size]

ZBot2:
File load.exe received on 2010.05.31 13:33:28 (UTC)
Result: 8/41 (19.52%)
[QUOTE][B]a-squared 5.0.0.26 2010.05.31 Backdoor.Win32.Bifrose!IK[/B]
AhnLab-V3 2010.05.30.00 2010.05.29 -
AntiVir 8.2.1.242 2010.05.31 -
Antiy-AVL 2.0.3.7 2010.05.31 -
Authentium 5.2.0.5 2010.05.31 -
Avast 4.8.1351.0 2010.05.30 -
Avast5 5.0.332.0 2010.05.30 -
AVG 9.0.0.787 2010.05.31 -
BitDefender 7.2 2010.05.31 -
[B]CAT-QuickHeal 10.00 2010.05.31 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.05.31 -
Comodo 4959 2010.05.31 -
DrWeb 5.0.2.03300 2010.05.31 -
eSafe 7.0.17.0 2010.05.30 -
eTrust-Vet 35.2.7521 2010.05.31 -
F-Prot 4.6.0.103 2010.05.31 -
F-Secure 9.0.15370.0 2010.05.31 -
Fortinet 4.1.133.0 2010.05.30 -
GData 21 2010.05.31 -
[B]Ikarus T3.1.1.84.0 2010.05.31 Backdoor.Win32.Bifrose[/B]
Jiangmin 13.0.900 2010.05.30 -
Kaspersky 7.0.0.125 2010.05.31 -
[B]McAfee 5.400.0.1158 2010.05.31 BackDoor-CEP.gen.cb[/B]
McAfee-GW-Edition 2010.1 2010.05.31 [B]Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.B
Microsoft 1.5802 2010.05.31 VirTool:Win32/VBInject.gen!CI[/B]
NOD32 5157 2010.05.31 -
Norman 6.04.12 2010.05.31 -
nProtect 2010-05-31.01 2010.05.31 -
[B]Panda 10.0.2.7 2010.05.30 Bck/Bifrost.gen[/B]
PCTools 7.0.3.5 2010.05.31 -
[B]Prevx 3.0 2010.05.31 High Risk Cloaked Malware[/B]
Rising 22.50.00.04 2010.05.31 -
Sophos 4.53.0 2010.05.31 -
Sunbelt 6381 2010.05.31 -
Symantec 20101.1.0.89 2010.05.31 -
TheHacker 6.5.2.0.290 2010.05.30 -
TrendMicro 9.120.0.1004 2010.05.31 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.31 -
VBA32 3.12.12.5 2010.05.31 -
ViRobot 2010.5.31.2331 2010.05.31 -
VirusBuster 5.0.27.0 2010.05.30 -[/QUOTE]
[url]http://www.virustotal.com/analisis/7a3e027c0c988fccda032f5fa404c6368e78901b6a0401403a2f8e5d12028cb1-1275312808[/url]

TDL3 - суточной давности дроппер.
File setup.exe received on 2010.06.01 20:07:22 (UTC)
Result: [COLOR=red]4[/COLOR]/41 (9.76%)
[QUOTE]a-squared5.0.0.262010.06.01-
AhnLab-V32010.06.01.012010.06.01-
AntiVir8.2.1.2422010.06.01-
Antiy-AVL2.0.3.72010.06.01-
Authentium5.2.0.52010.06.01-
Avast4.8.1351.02010.06.01-
Avast55.0.332.02010.06.01-
AVG9.0.0.7872010.06.01-
BitDefender7.22010.06.01-
CAT-QuickHeal10.002010.06.01-
ClamAV0.96.0.3-git2010.06.01-
[B]Comodo[/B][B]4977[/B][B]2010.06.01[/B][B]Heur.Packed.Unknown[/B]
DrWeb5.0.2.033002010.06.01-
eSafe7.0.17.02010.06.01-
eTrust-Vet35.2.75232010.06.01-
F-Prot4.6.0.1032010.06.01-
F-Secure9.0.15370.02010.06.01-
Fortinet4.1.133.02010.06.01-
GData212010.06.01-
IkarusT3.1.1.84.02010.06.01-
Jiangmin13.0.9002010.05.31-
Kaspersky7.0.0.1252010.06.01-
McAfee5.400.0.11582010.06.01-
[B]McAfee-GW-Edition[/B][B]2010.1[/B][B]2010.06.01[/B]
[B]Heuristic.LooksLike.Trojan.Backdoor.Agent.I[/B]
Microsoft1.58022010.06.01-
NOD3251642010.06.01-
Norman6.04.122010.06.01-
nProtect2010-06-01.022010.06.01-
Panda10.0.2.72010.06.01-
PCTools7.0.3.52010.06.01-
[B]Prevx[/B][B]3.0[/B][B]2010.06.01[/B][B]Medium Risk Malware[/B]
Rising22.50.01.032010.06.01-
[B]Sophos[/B][B]4.53.0[/B][B]2010.06.01[/B][B]Mal/TDSSPack-Y[/B]
Sunbelt63872010.06.01-
Symantec20101.1.0.892010.06.01-
TheHacker6.5.2.0.2912010.06.01-
TrendMicro9.120.0.10042010.06.01-
TrendMicro-HouseCall9.120.0.10042010.06.01-
VBA323.12.12.52010.06.01-
ViRobot2010.6.1.23332010.06.01-
VirusBuster5.0.27.02010.06.01-[/QUOTE]
[url]http://www.virustotal.com/analisis/2669faf30cbc1ced13578d4c27c5ad9dbedeec255531570fba362610724dbb6d-1275422842[/url]

Мой KIS опять не знаком с этой гадостью.
File [B]csrss.exe[/B] received on 2010.06.04 06:46:45 (UTC)
Result: 21/41 (51.22%)

[QUOTE]Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.06.04 -
AhnLab-V3 2010.06.04.00 2010.06.03 -
[B]AntiVir 8.2.2.4 2010.06.03 TR/ATRAPS.Gen2[/B]
Antiy-AVL 2.0.3.7 2010.06.02 -
[B]Authentium 5.2.0.5 2010.06.04 W32/Rimecud.I.gen!Eldorado[/B]
Avast 4.8.1351.0 2010.06.03 -
[B]Avast5 5.0.332.0 2010.06.03 Win32:SuspBehav-C[/B]
[B]AVG 9.0.0.787 2010.06.04 Cryptic.IJ[/B]
[B]BitDefender 7.2 2010.06.04 Gen:Variant.Rimecud.2
CAT-QuickHeal 10.00 2010.06.04 Worm.Palevo[/B]
ClamAV 0.96.0.3-git 2010.06.04 -
[B]Comodo 4981 2010.06.04 TrojWare.Win32.Cryp_Palevo5
DrWeb 5.0.2.03300 2010.06.04 Trojan.Packed.20312[/B]
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7527 2010.06.03 -
[B]F-Prot 4.6.0.103 2010.06.03 W32/Rimecud.I.gen!Eldorado
F-Secure 9.0.15370.0 2010.06.04 Gen:Variant.Rimecud.2[/B]
Fortinet 4.1.133.0 2010.06.03 -
[B]GData 21 2010.06.04 Gen:Variant.Rimecud.2[/B]
Ikarus T3.1.1.84.0 2010.06.04 -
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
[B]McAfee-GW-Edition 2010.1 2010.06.04 Artemis!A6536E001908[/B]
Microsoft 1.5802 2010.06.04 -
[B]NOD32 5170 2010.06.03 a variant of Win32/Peerfrag.HD[/B]
Norman 6.04.12 2010.06.03 -
[B]nProtect 2010-06-03.01 2010.06.03 Gen:Variant.Rimecud.2
Panda 10.0.2.7 2010.06.03 Suspicious file
PCTools 7.0.3.5 2010.06.04 Malware.Pilleuz[/B]
Prevx 3.0 2010.06.04 -
Rising 22.50.04.01 2010.06.04 -
Sophos 4.53.0 2010.06.04 -
[B]Sunbelt 6403 2010.06.04 Packed.Win32.Crum (v)
Symantec 20101.1.0.89 2010.06.04 W32.Pilleuz!gen5[/B]
TheHacker 6.5.2.0.292 2010.06.04 -
[B]TrendMicro 9.120.0.1004 2010.06.04 Mal_Palevo5
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 Mal_Palevo5
VBA32 3.12.12.5 2010.06.03 BScope.Trojan.MTA.0230[/B]
ViRobot 2010.6.4.2336 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.03 -[/QUOTE]
Additional information
File size: 141824 bytes
MD5...: a6536e001908e4bb243c3b4e85dcd169
SHA1..: 2c3f13c0d0227f8e830fccfde5d6f010dbf88fff
SHA256: f87df4c3d49dd0e44630381f5a98c0853d7343c43de31094d094190ee069ec2d
ssdeep: 3072:bUA1SZQBWQednQjOfZnn8vyn1fbEvxLysmsYSsgMm6mFq:b11DS11EksYS

"Улов"
Файл porno-incest-zrelye-zhenschiny_pa получен 2010.06.04 15:42:04 (UTC)
[CODE]Антивирус Версия Обновление Результат
a-squared 5.0.0.26 2010.06.04 -
AhnLab-V3 2010.06.04.02 2010.06.04 -
AntiVir 8.2.2.6 2010.06.04 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 HTML:Script-inf
Avast5 5.0.332.0 2010.06.04 HTML:Script-inf[/B]
AVG 9.0.0.787 2010.06.04 -
BitDefender 7.2 2010.06.04 -
CAT-QuickHeal 10.00 2010.06.04 -
ClamAV 0.96.0.3-git 2010.06.04 -
Comodo 4984 2010.06.04 -
DrWeb 5.0.2.03300 2010.06.04 -
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.03 -
F-Secure 9.0.15370.0 2010.06.04 -
Fortinet 4.1.133.0 2010.06.04 -
[B]GData 21 2010.06.04 HTML:Script-inf[/B]
Ikarus T3.1.1.84.0 2010.06.04 -
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
Microsoft 1.5802 2010.06.04 -
NOD32 5172 2010.06.04 -
Norman 6.04.12 2010.06.04 -
nProtect 2010-06-04.01 2010.06.04 -
Panda 10.0.2.7 2010.06.04 -
PCTools 7.0.3.5 2010.06.04 -
Prevx 3.0 2010.06.04 -
Rising 22.50.04.04 2010.06.04 -
Sophos 4.53.0 2010.06.04 -
Sunbelt 6405 2010.06.04 -
Symantec 20101.1.0.89 2010.06.04 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 -
VBA32 3.12.12.5 2010.06.04 -
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File size: 26773 bytes
MD5   : 6a6a7c160b7d82dfb458779dbfeb379a
SHA1  : d25c03d21a4dbbcac922da3d65539b99ae3536f2
SHA256: 9fd352c5a6d2acfe57c8184113b2fe243c7303834e631f4ad5c298085c2353ca
TrID&nbsp;&nbsp;: File type identification<br>HyperText Markup Language (100.0%)
ssdeep: 384:UkhHQYsqLeDcxJT7Xo2IVHzBOPQVPdaPGDKpMy/nlJJfbr24/i9tolCKW7QWm0J:UkhHsqLeDcfT82uFThUbrX+olCL75m0J
sigcheck: publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
PEiD&nbsp;&nbsp;: -
RDS&nbsp;&nbsp;&nbsp;: NSRL Reference Data Set<br>-
[/CODE]

Файл jdpkXFS.exe получен 2010.06.04 15:42:33 (UTC)
[CODE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.26 2010.06.04 Trojan.Win32.Meredrop.A!A2[/B]
AhnLab-V3 2010.06.04.02 2010.06.04 -
[B]AntiVir 8.2.2.6 2010.06.04 TR/Meredrop.A.10097[/B]
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 Win32:Rootkit-gen
Avast5 5.0.332.0 2010.06.04 Win32:Rootkit-gen
AVG 9.0.0.787 2010.06.04 SHeur3.ZZZ[/B]
BitDefender 7.2 2010.06.04 -
[B]CAT-QuickHeal 10.00 2010.06.04 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.06.04 -
[B]Comodo 4984 2010.06.04 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.06.04 Trojan.Packed.20320[/B]
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.03 -
F-Secure 9.0.15370.0 2010.06.04 -
Fortinet 4.1.133.0 2010.06.04 -
[B]GData 21 2010.06.04 Win32:Rootkit-gen[/B]
Ikarus T3.1.1.84.0 2010.06.04 -
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
[B]Microsoft 1.5802 2010.06.04 Trojan:Win32/Meredrop
NOD32 5172 2010.06.04 Win32/Spy.Shiz.NBD[/B]
Norman 6.04.12 2010.06.04 -
nProtect 2010-06-04.01 2010.06.04 -
[B]Panda 10.0.2.7 2010.06.04 Generic Malware[/B]
PCTools 7.0.3.5 2010.06.04 -
[B]Prevx 3.0 2010.06.04 Medium Risk Malware[/B]
Rising 22.50.04.04 2010.06.04 -
Sophos 4.53.0 2010.06.04 -
[B]Sunbelt 6405 2010.06.04 Trojan.Win32.Generic!BT[/B]
Symantec 20101.1.0.89 2010.06.04 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 -
[B]VBA32 3.12.12.5 2010.06.04 Win32.Spy.Shiz.NBD[/B]
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File size: 95232 bytes
MD5...: 60461eab0f3830660d660cc0d81ea605
SHA1..: 987176733844a08c282078e617ba916c1fa4043d
SHA256: f6a2df0b7214934f9ecda9e324faddb68afac775cde4e8e7ee58e683d591f470
ssdeep: 1536:M1S6ssPcBOeiY9PXNWen/ycAFlP7JE9dWW670ISC0W+3CML+2ssTTmle:M1<br>SLOeZ18e/X2lP7JcWWzISCkSAie<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x16a0<br>timedatestamp.....: 0x343f7e00 (Sat Oct 11 13:24:16 1997)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x52da 0x5400 7.58 494c135b90b12369c37c8b57fa715381<br>.data 0x7000 0xf810 0xfa00 7.38 5935f2309984ab57a4dda823cede9dd2<br>.idata 0x17000 0x4ab 0x600 4.05 04fc78daff8355191d10b900ec97fefb<br>.rsrc 0x18000 0x19a0 0x1a00 5.78 181203eafe0908823d482840a504445f<br>.reloc 0x1a000 0xce 0x200 3.16 a360412cd1e858c80b1fd295c8789b55<br><br>( 2 imports ) <br>&gt; KERNEL32.dll: GetStartupInfoA, GetModuleHandleA, GetProcAddress, GetTickCount, FatalAppExitA, GetTempFileNameA, GetLogicalDrives, RemoveDirectoryW, GetCurrentThreadId, GetModuleFileNameW, FileTimeToLocalFileTime, MoveFileW, ExitProcess, ExitThread, CreateSemaphoreA, FileTimeToSystemTime, GetCurrentDirectoryA, CreateNamedPipeW, OpenMutexA, GetFileAttributesW, FindAtomA, SetCurrentDirectoryA, GlobalAlloc<br>&gt; USER32.dll: WaitMessage, DialogBoxIndirectParamA, TrackPopupMenu, SetDlgItemTextW, GetKeyboardLayout, PeekMessageA, InsertMenuItemA, GetMessageW, CreateWindowExW, GetKeyState, SetCapture, GetClassInfoW, GetClassLongW, wsprintfA, IsDlgButtonChecked, ShowCursor, CheckRadioButton, LockWindowUpdate, GetDlgItemInt<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (38.3%)<br>Win32 Dynamic Link Library (generic) (34.1%)<br>Win16/32 Executable Delphi generic (9.3%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%)
&lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=283F1722006047E0740D01689A325E0037E45040' target='_blank'&gt;http://info.prevx.com/aboutprogramtext.asp?PX5=283F1722006047E0740D01689A325E0037E45040&lt;/a&gt;
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:<br>publisher....: Pgovgj Xgjlps Ixtryw<br>copyright....: Ywrywbp Xzilnrf Ruwzcjh<br>product......: Pwmwsws<br>description..: Vqoqtv Cxipn<br>original name: n/a<br>internal name: n/a<br>file version.: 9.5.0.9<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
[/CODE]

Файл 50f4b730-5243791e получен 2010.06.04 15:42:10 (UTC)
[CODE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.26 2010.06.04 Trojan-Downloader.Java.Agent!IK[/B]
AhnLab-V3 2010.06.04.02 2010.06.04 -
AntiVir 8.2.2.6 2010.06.04 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 Java:Djewers-H
Avast5 5.0.332.0 2010.06.04 Java:Djewers-H[/B]
AVG 9.0.0.787 2010.06.04 -
BitDefender 7.2 2010.06.04 -
CAT-QuickHeal 10.00 2010.06.04 -
ClamAV 0.96.0.3-git 2010.06.04 -
Comodo 4984 2010.06.04 -
DrWeb 5.0.2.03300 2010.06.04 -
eSafe 7.0.17.0 2010.06.03 -
[B]eTrust-Vet 35.2.7528 2010.06.04 Java/SillyDl.HJW[/B]
F-Prot 4.6.0.103 2010.06.03 -
F-Secure 9.0.15370.0 2010.06.04 -
Fortinet 4.1.133.0 2010.06.04 -
[B]GData 21 2010.06.04 Java:Djewers-H
Ikarus T3.1.1.84.0 2010.06.04 Trojan-Downloader.Java.Agent[/B]
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
Microsoft 1.5802 2010.06.04 -
NOD32 5172 2010.06.04 -
Norman 6.04.12 2010.06.04 -
nProtect 2010-06-04.01 2010.06.04 -
Panda 10.0.2.7 2010.06.04 -
PCTools 7.0.3.5 2010.06.04 -
Prevx 3.0 2010.06.04 -
Rising 22.50.04.04 2010.06.04 -
Sophos 4.53.0 2010.06.04 -
[B]Sunbelt 6405 2010.06.04 Trojan-Downloader.Java.Agent.bk (v)[/B]
Symantec 20101.1.0.89 2010.06.04 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 -
VBA32 3.12.12.5 2010.06.04 -
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File size: 7917 bytes
MD5...: 38b48c672a3e45988b5a59e457d74181
SHA1..: a84bf350369d7547de0e4d235683a7fa30220df1
SHA256: 991abd8b4b2e913335e0211ee1686a07561172f2a2bd2e4b020fd1ec8f3a87d7
ssdeep: 192:apVYRxkKEFOrzOr2pj2C3okf4XmOi5ReU7tWAmloz:apVYRfEFdSCC3okf+i<br>2Emloz<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Unknown!
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
[/CODE]

Файл 6BkLj93.exe получен 2010.06.04 15:42:42 (UTC)
[CODE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.26 2010.06.04 Trojan.Win32.Meredrop.A!A2[/B]
AhnLab-V3 2010.06.04.02 2010.06.04 -
[B]AntiVir 8.2.2.6 2010.06.04 TR/Meredrop.A.10097[/B]
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 Win32:Rootkit-gen
Avast5 5.0.332.0 2010.06.04 Win32:Rootkit-gen
AVG 9.0.0.787 2010.06.04 SHeur3.ZZZ[/B]
BitDefender 7.2 2010.06.04 -
[B]CAT-QuickHeal 10.00 2010.06.04 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.06.04 -
[B]Comodo 4984 2010.06.04 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.06.04 Trojan.Packed.20320[/B]
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.03 -
F-Secure 9.0.15370.0 2010.06.04 -
Fortinet 4.1.133.0 2010.06.04 -
[B]GData 21 2010.06.04 Win32:Rootkit-gen[/B]
Ikarus T3.1.1.84.0 2010.06.04 -
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
[B]Microsoft 1.5802 2010.06.04 Trojan:Win32/Meredrop
NOD32 5172 2010.06.04 Win32/Spy.Shiz.NBD[/B]
Norman 6.04.12 2010.06.04 -
nProtect 2010-06-04.01 2010.06.04 -
[B]Panda 10.0.2.7 2010.06.04 Generic Malware[/B]
PCTools 7.0.3.5 2010.06.04 -
[B]Prevx 3.0 2010.06.04 Medium Risk Malware[/B]
Rising 22.50.04.04 2010.06.04 -
Sophos 4.53.0 2010.06.04 -
[B]Sunbelt 6405 2010.06.04 Trojan.Win32.Generic!BT[/B]
Symantec 20101.1.0.89 2010.06.04 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 -
[B]VBA32 3.12.12.5 2010.06.04 Win32.Spy.Shiz.NBD[/B]
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File size: 95232 bytes
MD5...: 60461eab0f3830660d660cc0d81ea605
SHA1..: 987176733844a08c282078e617ba916c1fa4043d
SHA256: f6a2df0b7214934f9ecda9e324faddb68afac775cde4e8e7ee58e683d591f470
ssdeep: 1536:M1S6ssPcBOeiY9PXNWen/ycAFlP7JE9dWW670ISC0W+3CML+2ssTTmle:M1<br>SLOeZ18e/X2lP7JcWWzISCkSAie<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x16a0<br>timedatestamp.....: 0x343f7e00 (Sat Oct 11 13:24:16 1997)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x52da 0x5400 7.58 494c135b90b12369c37c8b57fa715381<br>.data 0x7000 0xf810 0xfa00 7.38 5935f2309984ab57a4dda823cede9dd2<br>.idata 0x17000 0x4ab 0x600 4.05 04fc78daff8355191d10b900ec97fefb<br>.rsrc 0x18000 0x19a0 0x1a00 5.78 181203eafe0908823d482840a504445f<br>.reloc 0x1a000 0xce 0x200 3.16 a360412cd1e858c80b1fd295c8789b55<br><br>( 2 imports ) <br>&gt; KERNEL32.dll: GetStartupInfoA, GetModuleHandleA, GetProcAddress, GetTickCount, FatalAppExitA, GetTempFileNameA, GetLogicalDrives, RemoveDirectoryW, GetCurrentThreadId, GetModuleFileNameW, FileTimeToLocalFileTime, MoveFileW, ExitProcess, ExitThread, CreateSemaphoreA, FileTimeToSystemTime, GetCurrentDirectoryA, CreateNamedPipeW, OpenMutexA, GetFileAttributesW, FindAtomA, SetCurrentDirectoryA, GlobalAlloc<br>&gt; USER32.dll: WaitMessage, DialogBoxIndirectParamA, TrackPopupMenu, SetDlgItemTextW, GetKeyboardLayout, PeekMessageA, InsertMenuItemA, GetMessageW, CreateWindowExW, GetKeyState, SetCapture, GetClassInfoW, GetClassLongW, wsprintfA, IsDlgButtonChecked, ShowCursor, CheckRadioButton, LockWindowUpdate, GetDlgItemInt<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
trid..: Win32 Executable Generic (38.3%)<br>Win32 Dynamic Link Library (generic) (34.1%)<br>Win16/32 Executable Delphi generic (9.3%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%)
pdfid.: -
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:<br>publisher....: Pgovgj Xgjlps Ixtryw<br>copyright....: Ywrywbp Xzilnrf Ruwzcjh<br>product......: Pwmwsws<br>description..: Vqoqtv Cxipn<br>original name: n/a<br>internal name: n/a<br>file version.: 9.5.0.9<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
&lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=283F1722006047E0740D01689A325E0037E45040' target='_blank'&gt;http://info.prevx.com/aboutprogramtext.asp?PX5=283F1722006047E0740D01689A325E0037E45040&lt;/a&gt;
[/CODE]
Файл HkdfkjX.class получен 2010.06.04 15:42:46 (UTC)
[CODE]Антивирус Версия Обновление Результат
a-squared 5.0.0.26 2010.06.04 -
AhnLab-V3 2010.06.04.02 2010.06.04 -
AntiVir 8.2.2.6 2010.06.04 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 Java:Djewers-H
Avast5 5.0.332.0 2010.06.04 Java:Djewers-H[/B]
AVG 9.0.0.787 2010.06.04 -
BitDefender 7.2 2010.06.04 -
CAT-QuickHeal 10.00 2010.06.04 -
ClamAV 0.96.0.3-git 2010.06.04 -
Comodo 4984 2010.06.04 -
DrWeb 5.0.2.03300 2010.06.04 -
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.03 -
F-Secure 9.0.15370.0 2010.06.04 -
Fortinet 4.1.133.0 2010.06.04 -
[B]GData 21 2010.06.04 Java:Djewers-H [/B]
Ikarus T3.1.1.84.0 2010.06.04 -
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
Microsoft 1.5802 2010.06.04 -
NOD32 5172 2010.06.04 -
Norman 6.04.12 2010.06.04 -
nProtect 2010-06-04.01 2010.06.04 -
Panda 10.0.2.7 2010.06.04 -
PCTools 7.0.3.5 2010.06.04 -
Prevx 3.0 2010.06.04 -
Rising 22.50.04.04 2010.06.04 -
[B]Sophos 4.53.0 2010.06.04 Mal/JavaDldr-B[/B]
Sunbelt 6405 2010.06.04 -
Symantec 20101.1.0.89 2010.06.04 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 -
VBA32 3.12.12.5 2010.06.04 -
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File size: 5624 bytes
MD5...: 91255e4e3bc74188f1484179405225c9
SHA1..: 9f59fca1ff4219b45acfd715005f39b67eaf119b
SHA256: 7d191aad484697fec3060ba7cbb3b0588134d302aa74a6f9415491665ca98921
ssdeep: 96:W7FlYEkuSyZjYVpMpTgrVpK4KcBxRgtuz5WM1kApgS0:WlnZcygrZKclgtudW<br>0kApgS0<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Java Bytecode (60.0%)<br>Mac OS X Universal Binary executable (40.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
[/CODE]
Файл KHdfsdeX.class получен 2010.06.04 15:46:26 (UTC)
[CODE]Антивирус Версия Обновление Результат
a-squared 5.0.0.26 2010.06.04 -
AhnLab-V3 2010.06.04.02 2010.06.04 -
AntiVir 8.2.2.6 2010.06.04 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 Java:Djewers-E
Avast5 5.0.332.0 2010.06.04 Java:Djewers-E[/B]
AVG 9.0.0.787 2010.06.04 -
BitDefender 7.2 2010.06.04 -
CAT-QuickHeal 10.00 2010.06.04 -
ClamAV 0.96.0.3-git 2010.06.04 -
Comodo 4984 2010.06.04 -
DrWeb 5.0.2.03300 2010.06.04 -
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.03 -
F-Secure 9.0.15370.0 2010.06.04 -
Fortinet 4.1.133.0 2010.06.04 -
[B]GData 21 2010.06.04 Java:Djewers-E [/B]
Ikarus T3.1.1.84.0 2010.06.04 -
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
Microsoft 1.5802 2010.06.04 -
NOD32 5172 2010.06.04 -
Norman 6.04.12 2010.06.04 -
nProtect 2010-06-04.01 2010.06.04 -
Panda 10.0.2.7 2010.06.04 -
PCTools 7.0.3.5 2010.06.04 -
Prevx 3.0 2010.06.04 -
Rising 22.50.04.04 2010.06.04 -
[B]Sophos 4.53.0 2010.06.04 Mal/JavaDldr-B[/B]
Sunbelt 6405 2010.06.04 -
Symantec 20101.1.0.89 2010.06.04 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 -
VBA32 3.12.12.5 2010.06.04 -
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File&nbsp;size: 7491 bytes
MD5&nbsp;&nbsp;&nbsp;: e73234098eaae758219a109403978ea2
SHA1&nbsp;&nbsp;: 20836967becbfd1f38a018cc5c5de2516b5463ee
SHA256: 2afc7199f3b048b621f4a673ed1150b21f7048de2d3586b8870c73b73e3d2657
TrID&nbsp;&nbsp;: File type identification<br>Java Bytecode (60.0%)<br>Mac OS X Universal Binary executable (40.0%)
ssdeep: 96:t6PZl4kTiDXIzMEFQVwBXeo16NZD2DUDUHIzseszUy0oA7vQLpVDUUU6DUUUKJuV:SZlPTGwBuoysbzU+LpxMkMrM87SE
sigcheck: publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
PEiD&nbsp;&nbsp;: -
RDS&nbsp;&nbsp;&nbsp;: NSRL Reference Data Set<br>-
[/CODE]

Файл AppletX.class получен 2010.06.04 15:43:03 (UTC)
[CODE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.26 2010.06.04 Trojan.Java.ClassLoader!IK[/B]
AhnLab-V3 2010.06.04.02 2010.06.04 -
AntiVir 8.2.2.6 2010.06.04 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 Java:Agent-B
Avast5 5.0.332.0 2010.06.04 Java:Agent-B
AVG 9.0.0.787 2010.06.04 Java/Downloader.U
[/B]BitDefender 7.2 2010.06.04 -
CAT-QuickHeal 10.00 2010.06.04 -
[B]ClamAV 0.96.0.3-git 2010.06.04 Exploit.JS-7[/B]
Comodo 4984 2010.06.04 -
[B]DrWeb 5.0.2.03300 2010.06.04 Exploit.Java.1[/B]
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.03 -
F-Secure 9.0.15370.0 2010.06.04 -
Fortinet 4.1.133.0 2010.06.04 -
GData 21 2010.06.04 Java:Agent-B
[B]Ikarus T3.1.1.84.0 2010.06.04 Trojan.Java.ClassLoader[/B]
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
[B]Microsoft 1.5802 2010.06.04 Trojan:Java/Classloader.S
NOD32 5172 2010.06.04 a variant of Java/TrojanDownloader.OpenStream.NAJ[/B]
Norman 6.04.12 2010.06.04 -
nProtect 2010-06-04.01 2010.06.04 -
Panda 10.0.2.7 2010.06.04 -
[B]PCTools 7.0.3.5 2010.06.04 Trojan.Generic[/B]
Prevx 3.0 2010.06.04 -
Rising 22.50.04.04 2010.06.04 -
[B]Sophos 4.53.0 2010.06.04 Sus/ClassLdr-A[/B]
Sunbelt 6405 2010.06.04 -
[B]Symantec 20101.1.0.89 2010.06.04 Trojan Horse[/B]
TheHacker 6.5.2.0.292 2010.06.04 -
[B]TrendMicro 9.120.0.1004 2010.06.04 JAVA_DLOAD.YT
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 JAVA_DLOAD.YT[/B]
[B]VBA32 3.12.12.5 2010.06.04 Exploit.Java.1[/B]
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File size: 5254 bytes
MD5...: 5103f06af294aa364dd6049c1b217c83
SHA1..: a32c61706e1ec3c947799e8356d8ae6336758fde
SHA256: 05000e29f191047292ae2e625df5580c6dbfb8957cf1d7dd167e79cd00b443af
ssdeep: 96:CilE7Pql5lov5//9Q7PEeLkC4Vx8P/lwCywJGwL/rpGNd9KlK62SYeL:yDql5<br>M5/67PE0kC4X8P9wCyP49AhUL<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Java Bytecode (60.0%)<br>Mac OS X Universal Binary executable (40.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
[/CODE]

Файл LoaderX.class получен 2010.06.04 15:44:41 (UTC)
[CODE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.26 2010.06.04 Trojan-Downloader.Java.Agent!IK[/B]
AhnLab-V3 2010.06.04.02 2010.06.04 -
AntiVir 8.2.2.6 2010.06.04 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 Java:Agent-B
Avast5 5.0.332.0 2010.06.04 Java:Agent-B[/B]
AVG 9.0.0.787 2010.06.04 -
BitDefender 7.2 2010.06.04 -
CAT-QuickHeal 10.00 2010.06.04 -
ClamAV 0.96.0.3-git 2010.06.04 -
Comodo 4984 2010.06.04 -
[B]DrWeb 5.0.2.03300 2010.06.04 Exploit.Java.2[/B]
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.03 -
F-Secure 9.0.15370.0 2010.06.04 -
Fortinet 4.1.133.0 2010.06.04 -
[B]GData 21 2010.06.04 Java:Agent-B
Ikarus T3.1.1.84.0 2010.06.04 Trojan-Downloader.Java.Agent[/B]
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
[B]Microsoft 1.5802 2010.06.04 Exploit:Java/CVE-2008-5353.C
NOD32 5172 2010.06.04 a variant of Java/TrojanDownloader.Agent.NBE
Norman 6.04.12 2010.06.04 JAVA/ByteVerify.B[/B]
nProtect 2010-06-04.01 2010.06.04 -
Panda 10.0.2.7 2010.06.04 -
[B]PCTools 7.0.3.5 2010.06.04 Trojan.Generic[/B]
Prevx 3.0 2010.06.04 -
Rising 22.50.04.04 2010.06.04 -
[B]Sophos 4.53.0 2010.06.04 Sus/ClassLdr-A[/B]
Sunbelt 6405 2010.06.04 -
[B]Symantec 20101.1.0.89 2010.06.04 Trojan Horse[/B]
TheHacker 6.5.2.0.292 2010.06.04 -
[B]TrendMicro 9.120.0.1004 2010.06.04 JAVA_DLOAD.YT
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 JAVA_DLOAD.YT
VBA32 3.12.12.5 2010.06.04 Exploit.Java.2[/B]
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File size: 3743 bytes
MD5...: 59b358987b10355b6818f2fa8b5851d5
SHA1..: 8bfdb8f0be7674fed30a8d836bc73594cdcec3b9
SHA256: 9a9c78dbb951285845f03aa99366203df854e06fe7c5e614a6fde02159fc1ca4
ssdeep: 96:EcwFl+E3C4Vx8Pjlov5//9Q7qqTxwnSupzu7eYhB:Enl7C4X8PjM5/67zxwS1<br>7F/<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Java Bytecode (60.0%)<br>Mac OS X Universal Binary executable (40.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
[/CODE]

Byodsadc.class получен 2010.06.04 15:44:44 (UTC)

[CODE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.26 2010.06.04 Virus.Java.Djewers!IK[/B]
AhnLab-V3 2010.06.04.02 2010.06.04 -
[B]AntiVir 8.2.2.6 2010.06.04 TR/Dldr.Java.Agent.BH.6[/B]
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 Java:Djewers-J
Avast5 5.0.332.0 2010.06.04 Java:Djewers-J[/B]
AVG 9.0.0.787 2010.06.04 -
BitDefender 7.2 2010.06.04 -
CAT-QuickHeal 10.00 2010.06.04 -
ClamAV 0.96.0.3-git 2010.06.04 -
Comodo 4984 2010.06.04 -
DrWeb 5.0.2.03300 2010.06.04 -
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.03 -
[B]F-Secure 9.0.15370.0 2010.06.04 Exploit:Java/Agent.DIRE[/B]
Fortinet 4.1.133.0 2010.06.04 -
[B]GData 21 2010.06.04 Java:Djewers-J
Ikarus T3.1.1.84.0 2010.06.04 Virus.Java.Djewers[/B]
Jiangmin 13.0.900 2010.06.04 -
[B]Kaspersky 7.0.0.125 2010.06.04 Trojan-Downloader.Java.Agent.bh[/B]
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
Microsoft 1.5802 2010.06.04 -
[B]NOD32 5172 2010.06.04 a variant of Java/TrojanDownloader.Agent.NAX[/B]
Norman 6.04.12 2010.06.04 -
nProtect 2010-06-04.01 2010.06.04 -
Panda 10.0.2.7 2010.06.04 -
[B]PCTools 7.0.3.5 2010.06.04 Downloader.Generic[/B]
Prevx 3.0 2010.06.04 -
Rising 22.50.04.04 2010.06.04 -
[B]Sophos 4.53.0 2010.06.04 Troj/ClsLdr-AA[/B]
Sunbelt 6405 2010.06.04 -
[B]Symantec 20101.1.0.89 2010.06.04 Downloader[/B]
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 -
VBA32 3.12.12.5 2010.06.04 -
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File size: 2933 bytes
MD5...: 2c00e9fbbe72676c8060b7b9120fc750
SHA1..: 190e5a9d820b08abe2a95450ad4df2fa6edf0de5
SHA256: 83f291048284eab6186440542ebb86133e485558dcf49823ad67ba4b0246fe76
ssdeep: 48:6pvKdOEgPDG4nXl3NR/DDvJvtQF4xR5/TXd/d6nRKpF/Lwj8dGR6bJcYhMBfR<br>v7c:YKXgPD7ldRvvJvekzZtdGMVcYhKv2rX<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Java Bytecode (60.0%)<br>Mac OS X Universal Binary executable (40.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
[/CODE]

[size="1"][color="#666686"][B][I]Добавлено через 4 минуты[/I][/B][/color][/size]

Файл mgdyfiqd.dll получен 2010.06.04 16:06:13 (UTC)
[CODE]Антивирус Версия Обновление Результат
a-squared 5.0.0.26 2010.06.04 -
[B]AhnLab-V3 2010.06.04.02 2010.06.04 Malware/Win32.Generic[/B]
AntiVir 8.2.2.6 2010.06.04 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.04 -
[B]Avast 4.8.1351.0 2010.06.04 Win32:Malware-gen
Avast5 5.0.332.0 2010.06.04 Win32:Malware-gen
AVG 9.0.0.787 2010.06.04 Pakes.FKP
BitDefender 7.2 2010.06.04 Trojan.Generic.4089896[/B]
CAT-QuickHeal 10.00 2010.06.04 -
ClamAV 0.96.0.3-git 2010.06.04 -
[B]Comodo 4984 2010.06.04 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.06.04 Trojan.Packed.20273[/B]
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.03 -
[B]F-Secure 9.0.15370.0 2010.06.04 Trojan.Generic.4089896[/B]
Fortinet 4.1.133.0 2010.06.04 -
[B]GData 21 2010.06.04 Trojan.Generic.4089896[/B]
Ikarus T3.1.1.84.0 2010.06.04 -
Jiangmin 13.0.900 2010.06.04 -
Kaspersky 7.0.0.125 2010.06.04 -
McAfee 5.400.0.1158 2010.06.04 -
McAfee-GW-Edition 2010.1 2010.06.04 -
Microsoft 1.5802 2010.06.04 -
[B]NOD32 5172 2010.06.04 a variant of Win32/Kryptik.ELC[/B]
Norman 6.04.12 2010.06.04 -
[B]nProtect 2010-06-04.01 2010.06.04 Trojan.Generic.4089896
Panda 10.0.2.7 2010.06.04 Suspicious file[/B]
PCTools 7.0.3.5 2010.06.04 -
Prevx 3.0 2010.06.04 -
Rising 22.50.04.04 2010.06.04 -
Sophos 4.53.0 2010.06.04 -
Sunbelt 6405 2010.06.04 -
Symantec 20101.1.0.89 2010.06.04 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.04 -
[B]VBA32 3.12.12.5 2010.06.04 Trojan.MTA.0424[/B]
ViRobot 2010.6.4.2337 2010.06.04 -
VirusBuster 5.0.27.0 2010.06.04 -

Дополнительная информация
File size: 40448 bytes
MD5...: 0f1341509dbf6c92b063a1853666e55c
SHA1..: 0c8a176b30b5d2d23bc4c9815acf884a400fbb7d
SHA256: 6d64c74469c4161120710fd2761a3db6e14b563e4c92c641b18a74796c71016d
ssdeep: 768:tTcwoB3xs9Mszzm75Rip/Vt4LX1ds6sfg0QN8ASr2:eB3xsxGviJ2UYZY2<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1550<br>timedatestamp.....: 0x304f3700 (Thu Sep 07 18:16:32 1995)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x29ea 0x2a00 7.24 ba3de342086e2761991c42a17822b857<br>.data 0x4000 0x3d48 0x3e00 7.27 1a37ac19bbfcd8f11d22fa0e3495c67d<br>.idata 0x8000 0x4bc 0x600 3.79 1224cf5c0daf575befd41b06bad51d29<br>.rsrc 0x9000 0x29d0 0x2a00 6.00 474b98ada983ceac7e5197ec8ed67369<br>.reloc 0xc000 0x142 0x200 4.71 7c0ff060fddc7eddd580624b4bfbc982<br><br>( 6 imports ) <br>&gt; KERNEL32.dll: Beep, GetProcessHeap, WaitForMultipleObjects, ConnectNamedPipe, LoadLibraryW, FileTimeToLocalFileTime, GetModuleHandleW, lstrcpyA, lstrcpyW, VirtualAlloc, GetShortPathNameW, CreateNamedPipeA, HeapCreate, lstrcmpi<br>&gt; USER32.dll: SetCursor, GetCursorPos, GetMenuStringW, MessageBoxA, DefWindowProcA, LoadCursorA, MessageBeep, DestroyCursor, wsprintfA, DeleteMenu, LoadImageW, SetWindowTextA, GetDesktopWindow, GetKeyboardLayout<br>&gt; GDI32.dll: GetBitmapBits, SetTextColor, CreateFontIndirectA, GetStockObject, SetBkColor<br>&gt; ADVAPI32.dll: RegEnumValueA, RegRestoreKeyA, RegEnumValueW<br>&gt; COMDLG32.dll: PrintDlgExA, ChooseFontW<br>&gt; SHELL32.dll: StrRChrIW<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win64 Executable Generic (79.3%)<br>Win32 Executable Generic (7.9%)<br>Win32 Dynamic Link Library (generic) (7.0%)<br>Win16/32 Executable Delphi generic (1.9%)<br>Generic Win/DOS Executable (1.8%)
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:<br>publisher....: Lqlpfm Iqxxwa Vyfps Dbxys<br>copyright....: Wshmgg Advjxcq Mwzipt Onurl<br>product......: Qsede Krxlxpq Suonur Kndrm<br>description..: Krgtgjl Hsqxvz<br>original name: n/a<br>internal name: n/a<br>file version.: 2.7.4.8<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
[/CODE]

Рассылают Вконтакте, свеженький.

File photo-057.exe received on 2010.06.05 10:57:54 (UTC)
[quote]a-squared 5.0.0.26 2010.06.05 -
AhnLab-V3 2010.06.05.00 2010.06.04 -
AntiVir 8.2.2.6 2010.06.04 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.05 -
Avast 4.8.1351.0 2010.06.05 -
Avast5 5.0.332.0 2010.06.05 -
AVG 9.0.0.787 2010.06.05 -
BitDefender 7.2 2010.06.05 -
CAT-QuickHeal 10.00 2010.06.05 -
ClamAV 0.96.0.3-git 2010.06.05 -
Comodo 4994 2010.06.05 -
DrWeb 5.0.2.03300 2010.06.05 -
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7528 2010.06.04 -
F-Prot 4.6.0.103 2010.06.04 -
F-Secure 9.0.15370.0 2010.06.04 -
Fortinet 4.1.133.0 2010.06.05 -
GData 21 2010.06.05 -
Ikarus T3.1.1.84.0 2010.06.05 -
Jiangmin 13.0.900 2010.06.05 -
[B]Kaspersky 7.0.0.125 2010.06.05 Trojan.Win32.Qhost.ngg[/B]
McAfee 5.400.0.1158 2010.06.05 -
McAfee-GW-Edition 2010.1 2010.06.05 -
Microsoft 1.5802 2010.06.05 -
NOD32 5173 2010.06.04 -
Norman 6.04.12 2010.06.05 -
nProtect 2010-06-05.01 2010.06.05 -
[B]Panda 10.0.2.7 2010.06.05 Suspicious file[/B]
PCTools 7.0.3.5 2010.06.05 -
Prevx 3.0 2010.06.05 -
Rising 22.50.05.03 2010.06.05 -
Sophos 4.53.0 2010.06.05 -
Sunbelt 6409 2010.06.05 -
Symantec 20101.1.0.89 2010.06.05 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.05 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.05 -
VBA32 3.12.12.5 2010.06.04 -
ViRobot 2010.6.5.2339 2010.06.05 -
[/quote]

Additional information
File size: 823296 bytes
MD5 : 3cc0ff8334edd4a55b3ff2c1d873b92b

[url]http://www.virustotal.com/analisis/62600d2efada8cd00e1139b64f84daa24f18ba603920b873390c692f1fd2e591-1275735474[/url]

File vip_porno_44808.avi.exe received on 2010.06.08 04:20:49 (UTC)
Current status: Finished
Result: 15/41 (36.59%)

[QUOTE][B]a-squared 5.0.0.26 2010.06.08 Trojan-Ransom.Win32.PornoBlocker!IK[/B]
[B]AhnLab-V3 2010.06.08.00 2010.06.08 Trojan/Win32.PornoBlocker[/B]
[B]AntiVir 8.2.2.6 2010.06.07 TR/Ransom.PornoBlocker.VR.1[/B]
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.08 -
Avast 4.8.1351.0 2010.06.07 -
Avast5 5.0.332.0 2010.06.07 -
[B]AVG 9.0.0.787 2010.06.07 Generic18.CXR[/B]
BitDefender 7.2 2010.06.08 -
CAT-QuickHeal 10.00 2010.06.08 -
ClamAV 0.96.0.3-git 2010.06.08 -
[B]Comodo 5022 2010.06.07 TrojWare.Win32.Magania.~AAF[/B]
[B]DrWeb 5.0.2.03300 2010.06.08 Trojan.Winlock.1849[/B]
eSafe 7.0.17.0 2010.06.06 -
eTrust-Vet 36.1.7617 2010.06.07 -
F-Prot 4.6.0.103 2010.06.07 -
F-Secure 9.0.15370.0 2010.06.08 -
Fortinet 4.1.133.0 2010.06.06 -
GData 21 2010.06.08 -
[B]Ikarus T3.1.1.84.0 2010.06.08 Trojan-Ransom.Win32.PornoBlocker[/B]
Jiangmin 13.0.900 2010.06.07 -
[B]Kaspersky 7.0.0.125 2010.06.08 Trojan-Ransom.Win32.PornoBlocker.vr[/B]
[B]McAfee 5.400.0.1158 2010.06.08 Suspect-1B!B8AF0ECE0AB4[/B]
[B]McAfee-GW-Edition 2010.1 2010.06.07 Heuristic.BehavesLike.Win32.Trojan.H[/B]
Microsoft 1.5802 2010.06.08 -
[B]NOD32 5180 2010.06.07 Win32/LockScreen.TV[/B]
Norman 6.04.12 2010.06.07 -
nProtect 2010-06-07.01 2010.06.07 -
[B]Panda 10.0.2.7 2010.06.07 Suspicious file[/B]
PCTools 7.0.3.5 2010.06.08 -
[B]Prevx 3.0 2010.06.08 High Risk Cloaked Malware[/B]
Rising 22.51.01.00 2010.06.08 -
[B]Sophos 4.53.0 2010.06.08 Mal/Generic-L[/B]
[B]Sunbelt 6417 2010.06.08 Backdoor.Win32.Hupigon (v)[/B]
Symantec 20101.1.0.89 2010.06.08 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.08 -
VBA32 3.12.12.5 2010.06.07 -
ViRobot 2010.6.8.2342 2010.06.08 -
VirusBuster 5.0.27.0 2010.06.07 -[/QUOTE]
Additional information
File size: 266240 bytes
MD5...: b8af0ece0ab4c7acd4c1a52caa6a1587
SHA1..: 8aa549a91fb953d55a4fbc6080aa9f62b5bd4606
SHA256: 698bf974c7aff83e113f0c299aa09fcd8883095b752de0a1d5191eaa8762c374
ssdeep: 6144:gY903Ds7HbqCnm5KnpDNUUoaGtnlK1wkmOMawiSqW:gl3Ds77qYm5G+nknm
O1lW
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x37df4
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

File mozilla.exe received on 2010.06.08 05:31:52 (UTC)
Current status: finished
[B]Result: [COLOR="Red"]6[/COLOR]/41 (14.63%)[/B]
[CODE]a-squared 5.0.0.26 2010.06.08 -
AhnLab-V3 2010.06.08.00 2010.06.08 -
AntiVir 8.2.2.6 2010.06.07 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.08 -
Avast 4.8.1351.0 2010.06.07 -
[B]Avast5 5.0.332.0 2010.06.07 Win32:SuspBehav-C[/B]
AVG 9.0.0.787 2010.06.07 -
BitDefender 7.2 2010.06.08 -
[B]CAT-QuickHeal 10.00 2010.06.08 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.06.08 -
Comodo 5023 2010.06.08 -
[B]DrWeb 5.0.2.03300 2010.06.08 Trojan.AdultBan.59[/B]
eSafe 7.0.17.0 2010.06.06 -
eTrust-Vet 36.1.7617 2010.06.07 -
F-Prot 4.6.0.103 2010.06.08 -
F-Secure 9.0.15370.0 2010.06.08 -
Fortinet 4.1.133.0 2010.06.06 -
GData 21 2010.06.08 -
Ikarus T3.1.1.84.0 2010.06.08 -
Jiangmin 13.0.900 2010.06.07 -
[B]Kaspersky 7.0.0.125 2010.06.08 Packed.Win32.Krap.gx[/B]
McAfee 5.400.0.1158 2010.06.08 -
McAfee-GW-Edition 2010.1 2010.06.07 -
Microsoft 1.5802 2010.06.08 -
NOD32 5180 2010.06.07 -
Norman 6.04.12 2010.06.07 -
nProtect 2010-06-07.01 2010.06.07 -
Panda 10.0.2.7 2010.06.07 -
PCTools 7.0.3.5 2010.06.08 -
Prevx 3.0 2010.06.08 -
Rising 22.51.01.03 2010.06.08 -
[B]Sophos 4.53.0 2010.06.08 Sus/UnkPack-C[/B]
Sunbelt 6417 2010.06.08 -
Symantec 20101.1.0.89 2010.06.08 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.08 -
[B]VBA32 3.12.12.5 2010.06.07 Trojan.Win32.Waledac.42[/B]
ViRobot 2010.6.8.2342 2010.06.08 -
VirusBuster 5.0.27.0 2010.06.07 -
[/CODE]

Additional information
File size: 389120 bytes
MD5 : 3873606fe0d593c2e85aaa011616069a
[CODE][HKEY_LOCAL_MACHINE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe, C:\\Program Files\\Common Files\\Mozilla\\mozilla.exe"

И еще вот такой ключик был:
[HKEY_LOCAL_MACHINE\Microsoft\Windows NT\CurrentVersion\winlogon ]
"shell"="Explorer.exe, C:\\Program Files\\Common Files\\Mozilla\\mozilla.exe"[/CODE]

[url]http://www.virustotal.com/analisis/5f4a33691698084664940609d6bd6da27b2e0b7d4d6d8cfd0b232affde411dc7-1275975112[/url]

[size="1"][color="#666686"][B][I]Добавлено через 10 часов 30 минут[/I][/B][/color][/size]

Еще порнобаннер (из той же серии, судя по всему)

File photoshop.exe received on 2010.06.08 16:05:06 (UTC)
[B]Result: [COLOR="Red"]9[/COLOR]/41 (21.96%)[/B]

[CODE]a-squared 5.0.0.26 2010.06.08 -
AhnLab-V3 2010.06.08.06 2010.06.08 -
AntiVir 8.2.2.6 2010.06.08 -
Antiy-AVL 2.0.3.7 2010.06.08 -
Authentium 5.2.0.5 2010.06.08 -
Avast 4.8.1351.0 2010.06.08 -
[B]Avast5 5.0.332.0 2010.06.08 Win32:SuspBehav-C[/B]
AVG 9.0.0.787 2010.06.08 -
BitDefender 7.2 2010.06.08 -
[B]CAT-QuickHeal 10.00 2010.06.08 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.06.08 -
[B]Comodo 5029 2010.06.08 TrojWare.Win32.MalPack.~PKA1
DrWeb 5.0.2.03300 2010.06.08 Trojan.Packed.20343[/B]
eSafe 7.0.17.0 2010.06.06 -
eTrust-Vet 36.1.7618 2010.06.08 -
F-Prot 4.6.0.103 2010.06.08 -
F-Secure 9.0.15370.0 2010.06.08 -
Fortinet 4.1.133.0 2010.06.08 -
GData 21 2010.06.08 -
Ikarus T3.1.1.84.0 2010.06.08 -
Jiangmin 13.0.900 2010.06.08 -
[B]Kaspersky 7.0.0.125 2010.06.08 Packed.Win32.Krap.gx[/B]
McAfee 5.400.0.1158 2010.06.08 -
[B]McAfee-GW-Edition 2010.1 2010.06.08 Artemis!D0579AD09624[/B]
Microsoft 1.5802 2010.06.08 -
NOD32 5182 2010.06.08 -
Norman 6.04.12 2010.06.07 -
nProtect 2010-06-08.01 2010.06.08 -
[B]Panda 10.0.2.7 2010.06.07 Suspicious file[/B]
PCTools 7.0.3.5 2010.06.08 -
Prevx 3.0 2010.06.08 -
Rising 22.51.01.04 2010.06.08 -
[B]Sophos 4.53.0 2010.06.08 Sus/UnkPack-C[/B]
Sunbelt 6419 2010.06.08 -
Symantec 20101.1.0.89 2010.06.08 -
TheHacker 6.5.2.0.295 2010.06.08 -
TrendMicro 9.120.0.1004 2010.06.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.08 -
[B]VBA32 3.12.12.5 2010.06.08 Malware-Cryptor.Win32.Limpopo[/B]
ViRobot 2010.6.8.2343 2010.06.08 -
VirusBuster 5.0.27.0 2010.06.08 -[/CODE]

Additional information
File size: 340480 bytes
MD5...: d0579ad09624a861589b5db71ddf5242

Болтался по пути:
[CODE]C:\Program Files\Common files\Adobe Photoshop\[/CODE]
Анделитером нашел тамже батничек:
[CODE]reg add "hkey_local_machine\software\microsoft\windows nt\currentversion\winlogon " /v shell /t reg_sz /d "Explorer.exe" /f
reg add "hkey_local_machine\software\microsoft\windows nt\currentversion\winlogon" /v shell /t reg_sz /d "Explorer.exe" /f
erase "C:\PROGRAM FILES\COMMON FILES\ADOBE PHOTOSHOP\trr.bat"
[/CODE]

[url]http://www.virustotal.com/analisis/063fe302a5ed22a46e41872c2fbeadb962562afc3881a1b2db6a1f8b5da206e1-1276013106[/url]

File [B]foto15.scr[/B] received on 2010.06.10 20:52:15 (UTC)
Result: [B][COLOR="Red"]3[/COLOR][/B]/[B]41[/B] (7.32%)
[QUOTE][U]Antivirus Version Last Update Result[/U]
a-squared 5.0.0.26 2010.06.10 -
AhnLab-V3 2010.06.10.02 2010.06.10 -
AntiVir 8.2.2.6 2010.06.10 -
Antiy-AVL 2.0.3.7 2010.06.08 -
Authentium 5.2.0.5 2010.06.10 -
Avast 4.8.1351.0 2010.06.10 -
Avast5 5.0.332.0 2010.06.10 -
[B]AVG 9.0.0.787 2010.06.10 Cryptic.ACV[/B]
BitDefender 7.2 2010.06.10 -
CAT-QuickHeal 10.00 2010.06.10 -
ClamAV 0.96.0.3-git 2010.06.10 -
Comodo 5054 2010.06.10 -
[B]DrWeb 5.0.2.03300 2010.06.10 Trojan.MulDrop.54863[/B]
eSafe 7.0.17.0 2010.06.10 -
eTrust-Vet 36.1.7625 2010.06.10 -
F-Prot 4.6.0.103 2010.06.09 -
F-Secure 9.0.15370.0 2010.06.10 -
Fortinet 4.1.133.0 2010.06.10 -
GData 21 2010.06.10 -
Ikarus T3.1.1.84.0 2010.06.10 -
Jiangmin 13.0.900 2010.06.10 -
Kaspersky 7.0.0.125 2010.06.10 -
McAfee 5.400.0.1158 2010.06.10 -
McAfee-GW-Edition 2010.1 2010.06.10 -
Microsoft 1.5802 2010.06.10 -
NOD32 5188 2010.06.10 -
Norman 6.04.12 2010.06.10 -
nProtect 2010-06-10.01 2010.06.10 -
Panda 10.0.2.7 2010.06.10 -
PCTools 7.0.3.5 2010.06.10 -
Prevx 3.0 2010.06.10 -
Rising 22.51.03.05 2010.06.10 -
[B]Sophos 4.54.0 2010.06.10 Mal/FakeAV-DS[/B]
Sunbelt 6431 2010.06.10 -
Symantec 20101.1.0.89 2010.06.10 -
TheHacker 6.5.2.0.296 2010.06.10 -
TrendMicro 9.120.0.1004 2010.06.10 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.10 -
VBA32 3.12.12.5 2010.06.10 -
ViRobot 2010.6.10.3879 2010.06.10 -
VirusBuster 5.0.27.0 2010.06.10 -[/QUOTE]
Additional information
File size: [B]93264[/B] bytes
MD5...: 726cf1ea7100954f3051587d9f2fce83
SHA1..: 0d37efa0e1ce3068c5b0580f115a98a17baf944b
SHA256: c8d883377c71bfd3aef60ebd67da85ba6469fd62c8ea2effaed995e0e4004bca
[url]http://www.virustotal.com/analisis/c8d883377c71bfd3aef60ebd67da85ba6469fd62c8ea2effaed995e0e4004bca-1276203135[/url]

Улов
Файл avz00001.dta получен 2010.06.11 05:58:07 (UTC)
[CODE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.26 2010.06.11 Backdoor.WinNT.Rustock!IK[/B]
AhnLab-V3 2010.06.11.00 2010.06.11 -
[B]AntiVir 8.2.2.6 2010.06.10 TR/Crypt.ZPACK.Gen[/B]
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.11 -
Avast 4.8.1351.0 2010.06.10 -
Avast5 5.0.332.0 2010.06.10 -
AVG 9.0.0.787 2010.06.10 -
BitDefender 7.2 2010.06.11 -
CAT-QuickHeal 10.00 2010.06.11 -
ClamAV 0.96.0.3-git 2010.06.11 -
Comodo 5059 2010.06.11 -
DrWeb 5.0.2.03300 2010.06.11 -
eSafe 7.0.17.0 2010.06.10 -
eTrust-Vet 36.1.7627 2010.06.10 -
F-Prot 4.6.0.103 2010.06.11 -
F-Secure 9.0.15370.0 2010.06.11 -
Fortinet 4.1.133.0 2010.06.10 -
GData 21 2010.06.11 -
[B]Ikarus T3.1.1.84.0 2010.06.11 Backdoor.WinNT.Rustock[/B]
Jiangmin 13.0.900 2010.06.10 -
Kaspersky 7.0.0.125 2010.06.11 -
McAfee 5.400.0.1158 2010.06.11 -
[B]McAfee-GW-Edition 2010.1 2010.06.10 Artemis!25802B50EC45
Microsoft 1.5802 2010.06.10 Backdoor:WinNT/Rustock.gen!B[/B]
NOD32 5188 2010.06.10 -
Norman 6.04.12 2010.06.10 -
nProtect 2010-06-10.01 2010.06.10 -
Panda 10.0.2.7 2010.06.10 -
PCTools 7.0.3.5 2010.06.11 -
Prevx 3.0 2010.06.11 -
[B]Rising 22.51.04.01 2010.06.11 Trojan.Win32.Generic.52085284
Sophos 4.54.0 2010.06.11 Sus/UnkPack-C[/B]
Sunbelt 6433 2010.06.11 -
Symantec 20101.1.0.89 2010.06.11 -
TheHacker 6.5.2.0.297 2010.06.11 -
TrendMicro 9.120.0.1004 2010.06.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.11 -
[B]VBA32 3.12.12.5 2010.06.10 OScope.Rootkit.Samidi[/B]
ViRobot 2010.6.10.3879 2010.06.10 -
VirusBuster 5.0.27.0 2010.06.10 -

Дополнительная информация
File size: 82304 bytes
MD5...: 25802b50ec45a8b7dbda384b3c21220f
SHA1..: 0bc52bb7b7b279afa3bea946b5108c86d7bfe1a9
SHA256: cb81a5fb08814b938f11f897b9a4346cf8c463b83785525aea5b58f2abc40204
ssdeep: 1536:JKO6e3zCMokd7ZFHEy5qCAMASaF25n+stFfbqsqaCftMBuCMzq5fHY6sLh3<BR>2Yu:JKOdGMb5MD2TvfesqdftMBLM2fHAR2Y<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x13050<BR>timedatestamp.....: 0x4c0ec28a (Tue Jun 08 22:22:02 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 6 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x300 0x13122 0x13180 7.36 bbdbea9fc85e936dd66fe6c7ba305f34<BR>.rdata 0x13480 0x459 0x480 5.28 76a40bd3d0b421094f95df52e5034b20<BR>.data 0x13900 0xe 0x80 0.00 f09f35a5637839458e462e6350ecbce4<BR>INIT 0x13980 0x188 0x200 4.10 d049f827186dfd9b204f6e0f9ac5683e<BR>.rsrc 0x13b80 0x328 0x380 3.14 aab3efebe20ecb4816a13f85cc37592a<BR>.reloc 0x13f00 0x280 0x280 4.32 307a90365c3fbbea837a3afebc2f6c06<BR><BR>( 2 imports ) <BR>&gt; HAL.dll: KeQueryPerformanceCounter<BR>&gt; ntoskrnl.exe: KeTickCount, KeInitializeEvent, KeGetCurrentThread, IoGetCurrentProcess, PsGetCurrentProcessId, memcpy, memset, PsGetVersion, KeInitializeMutex, MmQuerySystemSize, KeInitializeTimer, KeInitializeSpinLock<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
trid..: Win32 Executable Generic (68.0%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
pdfid.: -
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>[/CODE]

Файл avz00002.dta получен 2010.06.11 05:58:10 (UTC)

[CODE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.26 2010.06.11 Backdoor.WinNT.Rustock!IK[/B]
AhnLab-V3 2010.06.11.00 2010.06.11 -
[B]AntiVir 8.2.2.6 2010.06.10 TR/Crypt.ZPACK.Gen[/B]
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.11 -
Avast 4.8.1351.0 2010.06.10 -
Avast5 5.0.332.0 2010.06.10 -
AVG 9.0.0.787 2010.06.10 -
BitDefender 7.2 2010.06.11 -
CAT-QuickHeal 10.00 2010.06.11 -
ClamAV 0.96.0.3-git 2010.06.11 -
Comodo 5059 2010.06.11 -
DrWeb 5.0.2.03300 2010.06.11 -
eSafe 7.0.17.0 2010.06.10 -
eTrust-Vet 36.1.7627 2010.06.10 -
F-Prot 4.6.0.103 2010.06.11 -
F-Secure 9.0.15370.0 2010.06.11 -
Fortinet 4.1.133.0 2010.06.10 -
GData 21 2010.06.11 -
[B]Ikarus T3.1.1.84.0 2010.06.11 Backdoor.WinNT.Rustock[/B]
Jiangmin 13.0.900 2010.06.10 -
Kaspersky 7.0.0.125 2010.06.11 -
McAfee 5.400.0.1158 2010.06.11 -
[B]McAfee-GW-Edition 2010.1 2010.06.10 Artemis!25802B50EC45
Microsoft 1.5802 2010.06.10 Backdoor:WinNT/Rustock.gen!B[/B]
NOD32 5188 2010.06.10 -
Norman 6.04.12 2010.06.10 -
nProtect 2010-06-10.01 2010.06.10 -
Panda 10.0.2.7 2010.06.10 -
PCTools 7.0.3.5 2010.06.11 -
[B]Rising 22.51.04.01 2010.06.11 Trojan.Win32.Generic.52085284
Sophos 4.54.0 2010.06.11 Sus/UnkPack-C[/B]
Sunbelt 6433 2010.06.11 -
Symantec 20101.1.0.89 2010.06.11 -
TheHacker 6.5.2.0.297 2010.06.11 -
TrendMicro 9.120.0.1004 2010.06.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.11 -
[B]VBA32 3.12.12.5 2010.06.10 OScope.Rootkit.Samidi[/B]
ViRobot 2010.6.10.3879 2010.06.10 -
VirusBuster 5.0.27.0 2010.06.10 -

Дополнительная информация
File size: 82304 bytes
MD5...: 25802b50ec45a8b7dbda384b3c21220f
SHA1..: 0bc52bb7b7b279afa3bea946b5108c86d7bfe1a9
SHA256: cb81a5fb08814b938f11f897b9a4346cf8c463b83785525aea5b58f2abc40204
ssdeep: 1536:JKO6e3zCMokd7ZFHEy5qCAMASaF25n+stFfbqsqaCftMBuCMzq5fHY6sLh3<BR>2Yu:JKOdGMb5MD2TvfesqdftMBLM2fHAR2Y<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x13050<BR>timedatestamp.....: 0x4c0ec28a (Tue Jun 08 22:22:02 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 6 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x300 0x13122 0x13180 7.36 bbdbea9fc85e936dd66fe6c7ba305f34<BR>.rdata 0x13480 0x459 0x480 5.28 76a40bd3d0b421094f95df52e5034b20<BR>.data 0x13900 0xe 0x80 0.00 f09f35a5637839458e462e6350ecbce4<BR>INIT 0x13980 0x188 0x200 4.10 d049f827186dfd9b204f6e0f9ac5683e<BR>.rsrc 0x13b80 0x328 0x380 3.14 aab3efebe20ecb4816a13f85cc37592a<BR>.reloc 0x13f00 0x280 0x280 4.32 307a90365c3fbbea837a3afebc2f6c06<BR><BR>( 2 imports ) <BR>&gt; HAL.dll: KeQueryPerformanceCounter<BR>&gt; ntoskrnl.exe: KeTickCount, KeInitializeEvent, KeGetCurrentThread, IoGetCurrentProcess, PsGetCurrentProcessId, memcpy, memset, PsGetVersion, KeInitializeMutex, MmQuerySystemSize, KeInitializeTimer, KeInitializeSpinLock<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
trid..: Win32 Executable Generic (68.0%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
pdfid.: -
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99[/CODE]

Эта зараза меня !@$%@#^ уже. Приводит к тому, что lsass грузит проц в дрова, тачка тупо не грузится дальше приветствия. Только в безопаске и БЕЗ СЕТИ!
4-я машина такая приходит. Зараза отлично работает, пока не прибиваешь его спутников. Приносят машину, всё ок. Прогоняешь куритом, тулом или АВЗ, прибиваешь явно видное, а после этого "солнышко". Машина в дровах

File [B]Mail.Exe[/B] received on 2010.06.11 20:06:49 (UTC)
Result: [COLOR="Red"][B]26[/B][/COLOR]/[B]41[/B] (63.42%)
[QUOTE][U]Antivirus Version Last Update Result[/U]
a-squared 5.0.0.26 2010.06.11 [B]Trojan-PWS.MSIL!IK[/B]
AhnLab-V3 2010.06.11.00 2010.06.11 -
AntiVir 8.2.2.6 2010.06.11 [B]TR/Dropper.Gen[/B]
Antiy-AVL 2.0.3.7 2010.06.11 [B]Trojan/MSIL.Dybalom.gen[/B]
Authentium 5.2.0.5 2010.06.11 -
Avast 4.8.1351.0 2010.06.11 [B]Win32:Trojan-gen[/B]
Avast5 5.0.332.0 2010.06.11 [B]Win32:Trojan-gen[/B]
AVG 9.0.0.787 2010.06.11 [B]BackDoor.Generic12.BFSN[/B]
BitDefender 7.2 2010.06.11 [B]Backdoor.Generic.319280[/B]
CAT-QuickHeal 10.00 2010.06.11 [B]TrojanPSW.MSIL.Dybalom.ji[/B]
ClamAV 0.96.0.3-git 2010.06.11 [B]Trojan.Spy-73879[/B]
Comodo 5059 2010.06.11 -
DrWeb 5.0.2.03300 2010.06.11 -
eSafe 7.0.17.0 2010.06.10 -
eTrust-Vet 36.1.7629 2010.06.11 -
F-Prot 4.6.0.103 2010.06.11 -
F-Secure 9.0.15370.0 2010.06.11 [B]Backdoor.Generic.319280[/B]
Fortinet 4.1.133.0 2010.06.11 -
GData 21 2010.06.11 [B]Backdoor.Generic.319280[/B]
Ikarus T3.1.1.84.0 2010.06.11 [B]Trojan-PWS.MSIL[/B]
Jiangmin 13.0.900 2010.06.11 [B]Trojan/PSW.MSIL.jb[/B]
Kaspersky 7.0.0.125 2010.06.11 -
McAfee 5.400.0.1158 2010.06.11 [B]Generic MSIL.c[/B]
McAfee-GW-Edition 2010.1 2010.06.11 [B]Generic MSIL.c[/B]
Microsoft 1.5802 2010.06.11 -
NOD32 5191 2010.06.11 [B]a variant of MSIL/Injector.F[/B]
Norman 6.04.12 2010.06.11 [B]W32/Obfuscated.N3!genr[/B]
nProtect 2010-06-11.01 2010.06.11 [B]Backdoor.Generic.319280[/B]
Panda 10.0.2.7 2010.06.11 [B]Suspicious file[/B]
PCTools 7.0.3.5 2010.06.11 [B]Trojan-PSW.Generic[/B]
Prevx 3.0 2010.06.11 [B]High Risk Cloaked Malware[/B]
Rising 22.51.04.04 2010.06.11 -
Sophos 4.54.0 2010.06.11 [B]Mal/Exwamp-B[/B]
Sunbelt 6436 2010.06.11 -
Symantec 20101.1.0.89 2010.06.11 [B]Infostealer[/B]
TheHacker 6.5.2.0.297 2010.06.11 [B]Trojan/MSIL.Dybalom.ix[/B]
TrendMicro 9.120.0.1004 2010.06.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.11 -
VBA32 3.12.12.5 2010.06.11 [B]Trojan-PSW.MSIL.Dybalom.ji[/B]
ViRobot 2010.6.11.3881 2010.06.11 -
VirusBuster 5.0.27.0 2010.06.11 [B]Trojan.PWS.MSIL.LH[/B][/QUOTE]
Additional information
File size: [B]144817[/B] bytes
MD5...: 8baaf0ad46497979cebc7ff48f46c619
SHA1..: 17f6e923f659bfeed35b106fc45ab2da63aaf608
SHA256: f5609e08c229dc2b8d84b11367f38dba160150bc23c9bf4a67028ea5b24f2d59
[url]http://www.virustotal.com/analisis/f5609e08c229dc2b8d84b11367f38dba160150bc23c9bf4a67028ea5b24f2d59-1276286809[/url]

File [B]data.exe[/B] received on 2010.06.11 20:14:02 (UTC)
Result: [COLOR="Red"][B]13[/B][/COLOR]/[B]40[/B] (32.5%)
[QUOTE][U]Antivirus Version Last Update Result[/U]
a-squared 5.0.0.26 2010.06.11 [B]Trojan-Downloader.Win32.Uloadis!IK[/B]
AhnLab-V3 2010.06.11.00 2010.06.11 -
AntiVir 8.2.2.6 2010.06.11 [B]HEUR/Crypted[/B]
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.11 -
Avast 4.8.1351.0 2010.06.11 -
Avast5 5.0.332.0 2010.06.11 -
AVG 9.0.0.787 2010.06.11 -
BitDefender 7.2 2010.06.11 -
CAT-QuickHeal 10.00 2010.06.11 [B](Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.06.11 -
Comodo 5059 2010.06.11 [B]Heur.Packed.Unknown[/B]
DrWeb 5.0.2.03300 2010.06.11 [B]Trojan.PWS.Webmonier.295[/B]
eSafe 7.0.17.0 2010.06.10 -
eTrust-Vet 36.1.7629 2010.06.11 -
F-Prot 4.6.0.103 2010.06.11 -
F-Secure 9.0.15370.0 2010.06.11 -
Fortinet 4.1.133.0 2010.06.11 -
GData 21 2010.06.11 -
Ikarus T3.1.1.84.0 2010.06.11 [B]Trojan-Downloader.Win32.Uloadis[/B]
Jiangmin 13.0.900 2010.06.11 [B]TrojanSpy.Webmoner.ub[/B]
Kaspersky 7.0.0.125 2010.06.11 -
McAfee 5.400.0.1158 2010.06.11 -
McAfee-GW-Edition 2010.1 2010.06.11 [B]Artemis!9C65DAA0A7E3[/B]
Microsoft 1.5802 2010.06.11 [B]PWS:Win32/Dipwit.B[/B]
NOD32 5191 2010.06.11 -
Norman 6.04.12 2010.06.11 -
nProtect 2010-06-11.01 2010.06.11 -
Panda 10.0.2.7 2010.06.11 -
PCTools 7.0.3.5 2010.06.11 -
Rising 22.51.04.04 2010.06.11 -
Sophos 4.54.0 2010.06.11 [B]Sus/Behav-1018[/B]
Sunbelt 6436 2010.06.11 -
Symantec 20101.1.0.89 2010.06.11 -
TheHacker 6.5.2.0.297 2010.06.11 -
TrendMicro 9.120.0.1004 2010.06.11 [B]Cryp_Xin2[/B]
TrendMicro-HouseCall 9.120.0.1004 2010.06.11 [B]Cryp_Xin2[/B]
VBA32 3.12.12.5 2010.06.11 [B]suspected of Embedded.Trojan-Spy.Win32.Wemon.lv[/B]
ViRobot 2010.6.11.3881 2010.06.11 -
VirusBuster 5.0.27.0 2010.06.11 -[/QUOTE]
Additional information
File size: [B]36864[/B] bytes
MD5...: 9c65daa0a7e3f8c16bfa935f920178d3
SHA1..: b9e849780ab211f52a5744b9f04172880b332581
SHA256: 22e0375e9b3588d18966c6a6fe2e6a35da089f3cd834c569d91ccc8fb5d388d9
[url]http://www.virustotal.com/analisis/22e0375e9b3588d18966c6a6fe2e6a35da089f3cd834c569d91ccc8fb5d388d9-1276287242[/url]

Эротический баннер, достаточно глянуть в Far'e Version Info :)

Файл [B]WIMAMP.EXE [/B]получен 2010.06.13 06:34:04 (UTC)
Текущий статус: закончено
Результат: 9/41 (21.96%)
[QUOTE][U]Антивирус Версия Обновление Результат[/U]
[B]a-squared 5.0.0.26 2010.06.13 Trojan.Win32.Carmapic!IK[/B]
AhnLab-V3 2010.06.13.00 2010.06.12 -
AntiVir 8.2.2.6 2010.06.11 -
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.12 -
Avast 4.8.1351.0 2010.06.13 -
Avast5 5.0.332.0 2010.06.13 -
[B]AVG 9.0.0.787 2010.06.12 Cryptic.AED[/B]
BitDefender 7.2 2010.06.13 -
CAT-QuickHeal 10.00 2010.06.12 -
ClamAV 0.96.0.3-git 2010.06.13 -
Comodo 5083 2010.06.13 -
[B]DrWeb 5.0.2.03300 2010.06.13 Trojan.AdultBan.79[/B]
eSafe 7.0.17.0 2010.06.10 -
eTrust-Vet 36.1.7629 2010.06.11 -
F-Prot 4.6.0.103 2010.06.12 -
F-Secure 9.0.15370.0 2010.06.12 -
Fortinet 4.1.133.0 2010.06.12 -
GData 21 2010.06.13 -
[B]Ikarus T3.1.1.84.0 2010.06.13 Trojan.Win32.Carmapic[/B]
Jiangmin 13.0.900 2010.06.12 -
[B]Kaspersky 7.0.0.125 2010.06.13 Trojan-Ransom.Win32.PinkBlocker.bpk[/B]
McAfee 5.400.0.1158 2010.06.13 -
[B]McAfee-GW-Edition 2010.1 2010.06.12 Artemis!BCDC4A1F137B[/B]
[B]Microsoft 1.5802 2010.06.13 Trojan:Win32/Carmapic.C[/B]
NOD32 5192 2010.06.12 -
Norman 6.04.12 None.. -
nProtect 2010-06-12.01 2010.06.12 -
Panda 10.0.2.7 2010.06.12 -
PCTools 7.0.3.5 2010.06.13 -
Prevx 3.0 2010.06.13 -
Rising 22.51.06.01 2010.06.13 -
[B]Sophos 4.54.0 2010.06.13 Sus/UnkPack-C[/B]
Sunbelt 6442 2010.06.13 -
Symantec 20101.1.0.89 2010.06.13 -
TheHacker 6.5.2.0.298 2010.06.12 -
TrendMicro 9.120.0.1004 2010.06.12 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.13 -
[B]VBA32 3.12.12.5 2010.06.11 Malware-Cryptor.Win32.Limpopo[/B]
ViRobot 2010.6.12.3882 2010.06.12 -
VirusBuster 5.0.27.0 2010.06.12 -
[/QUOTE]
Дополнительная информация
File size: 393728 bytes
MD5...: bcdc4a1f137bfd229439ddd9c32904bf
SHA1..: 609c259fa7a150f7c2252dda76bd31befc8737ce
SHA256: 75e8c76a06c47241ce02c5e72ef59efc436884227c915c71265653a3c2b6f5eb
ssdeep: 12288:Vge8nYTOjaGmPfSxHHZmyeYzFAOhHNsW1:Ke8nxjIPfuUyT2c1
PEiD..: -

Файл install_flash_player.exe получен 2010.06.13 17:53:05 (UTC)
Текущий статус: закончено
Результат: [b][COLOR="Red"]7[/COLOR]/41[/b] (17.08%)
[QUOTE]Антивирус Версия Обновление Результат
[b]a-squared 5.0.0.26 2010.06.13 Trojan.Win32.Ransom!IK[/b]
AhnLab-V3 2010.06.13.00 2010.06.12 -
[b]AntiVir 8.2.2.6 2010.06.11 TR/Crypt.XDR.Gen[/b]
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.13 -
Avast 4.8.1351.0 2010.06.13 -
Avast5 5.0.332.0 2010.06.13 -
AVG 9.0.0.787 2010.06.13 -
BitDefender 7.2 2010.06.13 -
CAT-QuickHeal 10.00 2010.06.12 -
[b]ClamAV 0.96.0.3-git 2010.06.13 Trojan.Aavirus-1[/b]
[b]Comodo 5088 2010.06.13 Heur.Packed.Unknown[/b]
DrWeb 5.0.2.03300 2010.06.13 -
eSafe 7.0.17.0 2010.06.13 -
eTrust-Vet 36.1.7629 2010.06.11 -
F-Prot 4.6.0.103 2010.06.13 -
[b]F-Secure 9.0.15370.0 2010.06.13 Suspicious:W32/Malware!Gemini[/b]
Fortinet 4.1.133.0 2010.06.13 -
GData 21 2010.06.13 -
[b]Ikarus T3.1.1.84.0 2010.06.13 Trojan.Win32.Ransom[/b]
Jiangmin 13.0.900 2010.06.13 -
Kaspersky 7.0.0.125 2010.06.13 -
McAfee 5.400.0.1158 2010.06.13 -
McAfee-GW-Edition 2010.1 2010.06.12 -
Microsoft 1.5802 2010.06.13 -
NOD32 5193 2010.06.13 -
Norman 6.04.12 2010.06.13 -
nProtect 2010-06-12.01 2010.06.12 -
Panda 10.0.2.7 2010.06.13 -
PCTools 7.0.3.5 2010.06.13 -
[b]Prevx 3.0 2010.06.13 Medium Risk Malware[/b]
Rising 22.51.06.01 2010.06.13 -
Sophos 4.54.0 2010.06.13 -
Sunbelt 6444 2010.06.13 -
Symantec 20101.1.0.89 2010.06.13 -
TheHacker 6.5.2.0.298 2010.06.12 -
TrendMicro 9.120.0.1004 2010.06.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.13 -
VBA32 3.12.12.5 2010.06.11 -
ViRobot 2010.6.12.3882 2010.06.13 -
VirusBuster 5.0.27.0 2010.06.13 -[/QUOTE]

File size: 169984 bytes
MD5...: 21fdc7fcfd7f3fc3e3f123c31a046f70
SHA1..: 1f3fa67d0a2b8dc20be7a3b6b6a36af7bdbfbd3c
SHA256: 498196c0456d4c4aa5b4c1f656598e7feb73edb3cf364e02cb115daa1f535746
ssdeep: 3072:9OJU329k02butF7Soq2R8evKAQHJ804LJhTSeO1RsL+kaksC:9OJUGkut9l
x8eKHq04PTSeWg+kl

[url]http://www.virustotal.com/ru/analisis/498196c0456d4c4aa5b4c1f656598e7feb73edb3cf364e02cb115daa1f535746-1276451585[/url]

Файл vip_porno_78982_1_.avi.exe получен 2010.06.16 07:14:48 (UTC)

Результат: 7/41 (17.08%)
[QUOTE]Антивирус Версия Обновление Результат
a-squared 5.0.0.26 2010.06.16 [COLOR="Red"]Trojan.Win32.Ransom!IK[/COLOR]
AhnLab-V3 2010.06.16.00 2010.06.16 -
AntiVir 8.2.2.6 2010.06.15 -
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.16 -
Avast 4.8.1351.0 2010.06.15 -
Avast5 5.0.332.0 2010.06.15 -
AVG 9.0.0.787 2010.06.15 -
BitDefender 7.2 2010.06.16 -
CAT-QuickHeal 10.00 2010.06.16 -
ClamAV 0.96.0.3-git 2010.06.16 -
Comodo 5117 2010.06.16 -
DrWeb 5.0.2.03300 2010.06.16 -
eSafe 7.0.17.0 2010.06.15 -
eTrust-Vet 36.1.7636 2010.06.15 -
F-Prot 4.6.0.103 2010.06.15 -
F-Secure 9.0.15370.0 2010.06.16 -
Fortinet 4.1.133.0 2010.06.15 -
GData 21 2010.06.16 -
Ikarus T3.1.1.84.0 2010.06.16 [COLOR="Red"]Trojan.Win32.Ransom[/COLOR]
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.16 -
McAfee 5.400.0.1158 2010.06.16 [COLOR="Red"]Suspect-1B!BB5D5E19370B[/COLOR]
McAfee-GW-Edition 2010.1 2010.06.15 -
Microsoft 1.5802 2010.06.16 [COLOR="Red"]Trojan:Win32/Ransom.AQ[/COLOR]
NOD32 5199 2010.06.15 [COLOR="Red"]a variant of Win32/LockScreen.TZ[/COLOR]
Norman 6.04.12 2010.06.15 -
nProtect 2010-06-15.02 2010.06.15 -
Panda 10.0.2.7 2010.06.15 [COLOR="Red"]Trj/SMSlock.B[/COLOR]
PCTools 7.0.3.5 2010.06.16 -
Prevx 3.0 2010.06.16 -
Rising 22.51.06.01 2010.06.13 -
Sophos 4.54.0 2010.06.16 -
Sunbelt 6453 2010.06.16 [COLOR="Red"]Backdoor.Win32.Hupigon (v)[/COLOR]
Symantec 20101.1.0.89 2010.06.16 -
TheHacker 6.5.2.0.299 2010.06.15 -
TrendMicro 9.120.0.1004 2010.06.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.16 -
VBA32 3.12.12.5 2010.06.15 -
ViRobot 2010.6.14.3884 2010.06.16 -
VirusBuster 5.0.27.0 2010.06.15 -
Дополнительная информация
File size: 119296 bytes
MD5...: bb5d5e19370b00a7c8b9a65c5c8eaec5
SHA1..: 14b82dec4d1d9f688b97d73aa8353c13300ca4fa
SHA256: b911931bc1e2d930b28ca7c3bddb93a496177c59f4c61150b5b7f253380c0d9c
ssdeep: 3072:natMJia4YT2boCUUArhqA2pNMs1bTcriuPCy:nU6ejoTbqA2pCs10iuP
PEiD..: -[/QUOTE]

[url]http://oko-kino.ru/load/brazilija_severnaja_koreja_kndr_2010/7-1-0-2525[/url]
Решил скачать с сайта футбол бразилия-кндр. В папке
Temporary Internet Files образовался этот гад. Кстати, антивирус Ikarus по обнаружению новых вирусов сейчас впереди планеты всей. Вот последний тест: [url]http://www.virusbtn.com/vb100/rap-index.xml[/url]

Файл: HTML Document 7-1-0-2525

Результат: 2/ 43 (4.7%)

[QUOTE]Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.06.16 [COLOR="Red"][B]Virus.JS.Decdec!IK[/B][/COLOR]
AhnLab-V3 2010.06.16.07 2010.06.16 -
AntiVir 8.2.2.6 2010.06.16 -
Antiy-AVL 2.0.3.7 2010.06.11 -
Authentium 5.2.0.5 2010.06.16 -
Avast 4.8.1351.0 2010.06.16 -
Avast5 5.0.332.0 2010.06.16 -
AVG 9.0.0.787 2010.06.16 -
BitDefender 7.2 2010.06.16 -
CAT-QuickHeal 10.00 2010.06.16 -
ClamAV 0.96.0.3-git 2010.06.16 -
Comodo 5120 2010.06.16 -
DrWeb 5.0.2.03300 2010.06.16 -
eSafe 7.0.17.0 2010.06.16 -
eTrust-Vet 36.1.7638 2010.06.16 -
F-Prot 4.6.0.103 2010.06.16 -
F-Secure 9.0.15370.0 2010.06.16 -
Fortinet 4.1.133.0 2010.06.16 -
GData 21 2010.06.16 -
Ikarus T3.1.1.84.0 2010.06.16 [COLOR="Red"][B]Virus.JS.Decdec[/B][/COLOR]
Jiangmin 13.0.900 2010.06.15 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.06.16 -
McAfee 5.400.0.1158 2010.06.16 -
McAfee+Artemis 5937 2010.03.31 -
McAfee-GW-Edition 2010.1 2010.06.16 -
Microsoft 1.5802 2010.06.16 -
NOD32 5201 2010.06.16 -
Norman 6.04.12 2010.06.15 -
nProtect 2010-06-16.01 2010.06.16 -
Panda 10.0.2.7 2010.06.16 -
PCTools 7.0.3.5 2010.06.16 -
Prevx 3.0 2010.06.16 -
Rising 22.51.06.01 2010.06.13 -
Sophos 4.54.0 2010.06.16 -
Sunbelt 6454 2010.06.16 -
Symantec 20101.1.0.89 2010.06.16 -
TheHacker 6.5.2.0.299 2010.06.15 -
TrendMicro 9.120.0.1004 2010.06.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.16 -
VBA32 3.12.12.5 2010.06.16 -
ViRobot 2010.6.14.3884 2010.06.16 -
VirusBuster 5.0.27.0 2010.06.16 -[/QUOTE]