Исследование антивирусов 7

Printable View

Показывать 40 сообщений этой темы на одной странице

14.07.2010, 08:56
olejah

Очередная порция раздела Помогите -

Файл c:\windows\system32\nssm.exe -

[QUOTE]Антивирус Версия Обновление Результат
[B]a-squared 5.0.0.31 2010.07.13 Trojan-Dropper.Small!IK[/B]
AhnLab-V3 2010.07.13.01 2010.07.13 -
AntiVir 8.2.4.10 2010.07.13 -
Antiy-AVL 2.0.3.7 2010.07.12 -
Authentium 5.2.0.5 2010.07.13 -
Avast 4.8.1351.0 2010.07.13 -
Avast5 5.0.332.0 2010.07.13 -
AVG 9.0.0.836 2010.07.13 -
BitDefender 7.2 2010.07.13 -
CAT-QuickHeal 11.00 2010.07.13 -
ClamAV 0.96.0.3-git 2010.07.13 -
Comodo 5417 2010.07.13 -
DrWeb 5.0.2.03300 2010.07.13 -
eSafe 7.0.17.0 2010.07.11 -
eTrust-Vet 36.1.7703 2010.07.13 -
F-Prot 4.6.1.107 2010.07.13 -
F-Secure 9.0.15370.0 2010.07.13 -
Fortinet 4.1.143.0 2010.07.13 -
GData 21 2010.07.13 -
[B]Ikarus T3.1.1.84.0 2010.07.13 Trojan-Dropper.Small[/B]
Jiangmin 13.0.900 2010.07.13 -
Kaspersky 7.0.0.125 2010.07.13 -
[B]McAfee 5.400.0.1158 2010.07.13 Artemis!1416B62E8A99[/B]
[B]McAfee-GW-Edition 2010.1 2010.07.13 Artemis!1416B62E8A99[/B]
Microsoft 1.5902 2010.07.13 -
[B]NOD32 5276 2010.07.13 probably a variant of Win32/Injector.CHG[/B]
Norman 6.05.11 2010.07.13 -
nProtect 2010-07-13.01 2010.07.13 -
Panda 10.0.2.7 2010.07.13 -
PCTools 7.0.3.5 2010.07.13 -
[B]Prevx 3.0 2010.07.13 High Risk Cloaked Malware[/B]
Rising 22.56.01.04 2010.07.13 -
[B]Sophos 4.55.0 2010.07.13 Mal/VBInject-T[/B]
Sunbelt 6575 2010.07.13 -
SUPERAntiSpyware 4.40.0.1006 2010.07.13 -
Symantec 20101.1.0.89 2010.07.13 -
TheHacker 6.5.2.1.313 2010.07.13 -
TrendMicro 9.120.0.1004 2010.07.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.13 -
VBA32 3.12.12.6 2010.07.13 -
ViRobot 2010.7.12.3932 2010.07.13 -
VirusBuster 5.0.27.0 2010.07.13 -[/QUOTE]

[URL="http://www.virustotal.com/ru/analisis/b7809bfc327d88bdd1c3141f9a4990e1dd85f48a06c996de2268c01cd8b306e5-1279046698"]virustotal.com[/URL]

Файл - c:\documents and settings\Администратор.e09f1fec3b0f47d\application data\netprotocol.exe -

[QUOTE]Антивирус Версия Обновление Результат
a-squared 5.0.0.31 2010.07.14 -
AhnLab-V3 2010.07.14.00 2010.07.13 -
AntiVir 8.2.4.10 2010.07.13 -
Antiy-AVL 2.0.3.7 2010.07.12 -
Authentium 5.2.0.5 2010.07.14 -
Avast 4.8.1351.0 2010.07.13 -
Avast5 5.0.332.0 2010.07.13 -
AVG 9.0.0.836 2010.07.13 -
BitDefender 7.2 2010.07.14 -
CAT-QuickHeal 11.00 2010.07.14 -
ClamAV 0.96.0.3-git 2010.07.14 -
[B]Comodo 5419 2010.07.14 Heur.Suspicious[/B]
DrWeb 5.0.2.03300 2010.07.14 -
eSafe 7.0.17.0 2010.07.11 -
eTrust-Vet 36.1.7704 2010.07.13 -
F-Prot 4.6.1.107 2010.07.14 -
F-Secure 9.0.15370.0 2010.07.14 -
Fortinet 4.1.143.0 2010.07.13 -
GData 21 2010.07.14 -
Ikarus T3.1.1.84.0 2010.07.14 -
Jiangmin 13.0.900 2010.07.13 -
Kaspersky 7.0.0.125 2010.07.14 -
McAfee 5.400.0.1158 2010.07.14 -
McAfee-GW-Edition 2010.1 2010.07.13 -
Microsoft 1.5902 2010.07.13 -
[B]NOD32 5276 2010.07.13 a variant of Win32/Kryptik.FJT[/B]
Norman 6.05.11 2010.07.13 -
nProtect 2010-07-13.01 2010.07.13 -
Panda 10.0.2.7 2010.07.13 -
PCTools 7.0.3.5 2010.07.14 -
Prevx 3.0 2010.07.14 -
Rising 22.56.02.01 2010.07.14 -
Sophos 4.55.0 2010.07.14 -
Sunbelt 6578 2010.07.14 -
SUPERAntiSpyware 4.40.0.1006 2010.07.14 -
Symantec 20101.1.1.7 2010.07.14 -
TheHacker 6.5.2.1.313 2010.07.13 -
TrendMicro 9.120.0.1004 2010.07.14 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.14 -
VBA32 3.12.12.6 2010.07.13 -
ViRobot 2010.7.12.3932 2010.07.14 -
VirusBuster 5.0.27.0 2010.07.13 -[/QUOTE]

[URL="http://www.virustotal.com/ru/analisis/2c335fcf55146e6b02c164ddc515cddecc19a5e01f3442e160c54f7b245d4717-1279082909"]virustotal.com/[/URL]

Файл - c:\documents and settings\all users.windows\media\kasper_zaebal.exe -

[QUOTE]Антивирус Версия Обновление Результат
a-squared 5.0.0.31 2010.07.12 -
AhnLab-V3 2010.07.10.00 2010.07.09 -
AntiVir 8.2.4.10 2010.07.12 -
Antiy-AVL 2.0.3.7 2010.07.12 -
Authentium 5.2.0.5 2010.07.11 -
Avast 4.8.1351.0 2010.07.12 -
[B]Avast5 5.0.332.0 2010.07.12 Win32:SuspBehav-D[/B]
AVG 9.0.0.836 2010.07.12 -
[B]BitDefender 7.2 2010.07.12 Gen:Variant.Renos.31[/B]
CAT-QuickHeal 11.00 2010.07.12 -
ClamAV 0.96.0.3-git 2010.07.12 -
Comodo 5403 2010.07.12 -
[B]DrWeb 5.0.2.03300 2010.07.12 Trojan.Packed.1158[/B]
eSafe 7.0.17.0 2010.07.11 -
eTrust-Vet 36.1.7700 2010.07.12 -
F-Prot 4.6.1.107 2010.07.11 -
[B]F-Secure 9.0.15370.0 2010.07.12 Gen:Variant.Renos.31[/B]
Fortinet 4.1.143.0 2010.07.11 -
[B]GData 21 2010.07.12 Gen:Variant.Renos.31[/B]
Ikarus T3.1.1.84.0 2010.07.12 -
Jiangmin 13.0.900 2010.07.12 -
Kaspersky 7.0.0.125 2010.07.12 -
[B]McAfee 5.400.0.1158 2010.07.12 Artemis!397CC549E3F5
McAfee-GW-Edition 2010.1 2010.07.12 Artemis!397CC549E3F5[/B]
Microsoft 1.5902 2010.07.12 -
[B]NOD32 5272 2010.07.12 a variant of Win32/LockScreen.UZ[/B]
Norman 6.05.11 2010.07.12 -
[B]nProtect 2010-07-12.01 2010.07.12 Gen:Variant.Renos.31[/B]
[B]Panda 10.0.2.7 2010.07.11 Suspicious file[/B]
PCTools 7.0.3.5 2010.07.12 -
Prevx 3.0 2010.07.12 -
Rising 22.56.00.04 2010.07.12 -
Sophos 4.55.0 2010.07.12 -
[B]Sunbelt 6566 2010.07.10 VirTool.Win32.Obfuscator.ah!a (v)[/B]
SUPERAntiSpyware 4.40.0.1006 2010.07.12 -
Symantec 20101.1.0.89 2010.07.12 -
TheHacker 6.5.2.1.312 2010.07.12 -
TrendMicro 9.120.0.1004 2010.07.12 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.12 -
[B]VBA32 3.12.12.6 2010.07.12 BScope.Malware.FraudTool.xc[/B]
ViRobot 2010.7.12.3932 2010.07.12 -
VirusBuster 5.0.27.0 2010.07.12 -[/QUOTE]

[URL="http://www.virustotal.com/ru/analisis/5b7394db79053f72119aada91c5c3e969c76d5f663e5505450dfd44e106bf241-1278946740"]virustotal.com/[/URL]
20.07.2010, 09:36
ISO

File ali.exe received on 2010.07.20 05:24:22 (UTC)

[QUOTE]Antivirus Version Last Update Result
[B]a-squared 5.0.0.34 2010.07.20 Trojan-Downloader.Small!IK
AhnLab-V3 2010.07.20.00 2010.07.19 Backdoor/Win32.Trup
AntiVir 8.2.4.12 2010.07.19 TR/Dldr.Small.ardp
Antiy-AVL 2.0.3.7 2010.07.15 Trojan/Win32.Small.gen[/B]
Authentium 5.2.0.5 2010.07.20 -
[B]Avast 4.8.1351.0 2010.07.19 Win32:Trojan-gen
Avast5 5.0.332.0 2010.07.19 Win32:Trojan-gen
AVG 9.0.0.836 2010.07.19 Clicker.AIZI
BitDefender 7.2 2010.07.20 Trojan.Generic.4052955[/B]
CAT-QuickHeal 11.00 2010.07.20 -
ClamAV 0.96.0.3-git 2010.07.20 -
[B]Comodo 5482 2010.07.19 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.07.20 Trojan.Siggen1.30703[/B]
eSafe 7.0.17.0 2010.07.19 -
eTrust-Vet 36.1.7722 2010.07.20 -
F-Prot 4.6.1.107 2010.07.19 -
[B]F-Secure 9.0.15370.0 2010.07.20 Trojan.Generic.4052955[/B]
Fortinet 4.1.143.0 2010.07.19 -
[B]GData 21 2010.07.20 Trojan.Generic.4052955
Ikarus T3.1.1.84.0 2010.07.20 Trojan-Downloader.Small
Jiangmin 13.0.900 2010.07.19 TrojanDownloader.Small.artz
Kaspersky 7.0.0.125 2010.07.20 Backdoor.Win32.Trup.am[/B]
McAfee 5.400.0.1158 2010.07.20 -
McAfee-GW-Edition 2010.1 2010.07.19 -
Microsoft 1.6004 2010.07.19 -
[B]NOD32 5293 2010.07.19 a variant of Win32/TrojanClicker.Agent.NKS[/B]
Norman 6.05.11 2010.07.19 -
[B]nProtect 2010-07-20.01 2010.07.20 Trojan/W32.Small.17920.BH
Panda 10.0.2.7 2010.07.19 Generic Trojan
PCTools 7.0.3.5 2010.07.20 Trojan.Gen
Prevx 3.0 2010.07.20 Medium Risk Malware
Rising 22.57.01.02 2010.07.20 Trojan.Win32.Generic.52052F0B[/B]
Sophos 4.55.0 2010.07.20 -
[B]Sunbelt 6605 2010.07.20 Trojan.Win32.Generic!BT
Symantec 20101.1.1.7 2010.07.20 Trojan.Gen[/B]
TheHacker 6.5.2.1.320 2010.07.19 -
TrendMicro 9.120.0.1004 2010.07.19 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.20 -
VBA32 3.12.12.6 2010.07.19 -
ViRobot 2010.6.21.3896 2010.07.20 -
VirusBuster 5.0.27.0 2010.07.19 -[/QUOTE]
Additional information
File size: 17920 bytes
MD5...: f2782d280ff4765299eb5aec472acfdb
SHA1..: d8a0e1d9cfe4897e9eab31adb19ad1d6324de002
SHA256: 35668de01833bc1099834772d4f1e4b729ffe633699b92783dba455c57af5a48
ssdeep: 384:UmP1u69a1AM4C0r1c7+RxBOsFt7QQ2xx1AIL3znvW/nlu4FtG:zArAM4Vr1c
7+zBOsFZQQ2xx3znvW/nlk
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3544
timedatestamp.....: 0x4bf10121 (Mon May 17 08:41:05 2010)
machinetype.......: 0x14c (I386)
20.07.2010, 12:13
jerkol

File _WTR4132.tmp.rar received on 2010.07.20 08:07:56 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 24/42 (57.15%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 81 and 116 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2010.07.20.00 2010.07.19 -
AntiVir 8.2.4.12 2010.07.20 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.20 -
Avast 4.8.1351.0 2010.07.19 Win32:Malware-gen
Avast5 5.0.332.0 2010.07.19 Win32:Malware-gen
AVG 9.0.0.836 2010.07.19 Dropper.Generic2.YQQ
BitDefender 7.2 2010.07.20 Win32.Worm.Stuxnet.A
CAT-QuickHeal 11.00 2010.07.20 -
ClamAV 0.96.0.3-git 2010.07.20 Trojan.Stuxnet
Comodo 5483 2010.07.20 -
DrWeb 5.0.2.03300 2010.07.20 Trojan.Stuxnet.1
Emsisoft 5.0.0.34 2010.07.20 Trojan-Dropper.Win32.Stuxnet!IK
eSafe 7.0.17.0 2010.07.19 Win32.TRDrop.Stuxnet
eTrust-Vet 36.1.7723 2010.07.20 -
F-Prot 4.6.1.107 2010.07.19 -
F-Secure 9.0.15370.0 2010.07.20 Trojan-Dropper:W32/Stuxnet.A
Fortinet 4.1.143.0 2010.07.19 -
GData 21 2010.07.20 Win32.Worm.Stuxnet.A
Ikarus T3.1.1.84.0 2010.07.20 Trojan-Dropper.Win32.Stuxnet
Jiangmin 13.0.900 2010.07.20 TrojanDropper.Stuxnet.a
Kaspersky 7.0.0.125 2010.07.20 Trojan-Dropper.Win32.Stuxnet.a
McAfee 5.400.0.1158 2010.07.20 Stuxnet
McAfee-GW-Edition 2010.1 2010.07.20 Artemis!D7BC75397629
Microsoft 1.6004 2010.07.20 TrojanDropper:Win32/Stuxnet.A
NOD32 5293 2010.07.19 a variant of Win32/Stuxnet.A
Norman 6.05.11 2010.07.19 W32/Suspicious_Gen2.BOYEK
nProtect 2010-07-20.01 2010.07.20 -
Panda 10.0.2.7 2010.07.19 Rootkit/TmpHider
PCTools 7.0.3.5 2010.07.20 Malware.Stuxnet
Prevx 3.0 2010.07.20 -
Rising 22.57.01.04 2010.07.20 -
Sophos 4.55.0 2010.07.20 -
Sunbelt 6605 2010.07.20 Trojan.Win32.Generic!BT
SUPERAntiSpyware 4.40.0.1006 2010.07.20 -
Symantec 20101.1.1.7 2010.07.20 -
TheHacker 6.5.2.1.320 2010.07.19 -
TrendMicro 9.120.0.1004 2010.07.20 WORM_STUXNET.SM
TrendMicro-HouseCall 9.120.0.1004 2010.07.20 WORM_STUXNET.SM
VBA32 3.12.12.6 2010.07.19 Trojan-Spy.0485
ViRobot 2010.6.21.3896 2010.07.20 -
VirusBuster 5.0.27.0 2010.07.19 -
Additional information
File size: 1018519 bytes
MD5...: 32d3e83f195e687c552f0ba9262d5f77
SHA1..: ad7840007d32370aa25198ced30ff6dd70320945
SHA256: 64ef4ef3413e593c8fe2ecc852a75f951c4f91c2d9a0bfd17a68efc2b6ec8dae
ssdeep: 24576:+4v853A7ekORdOvVeHNqogJXbaoumuTw4Nh:+4v856xOuvgNqZb1umuTw4
z
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: RAR Archive (83.3%)
REALbasic Project (16.6%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
21.07.2010, 18:14
olejah

Файл - C:\WINDOWS\system32\driqst.exe - новый зловред, [B]Backdoor.Win32.Shiz.ms[/B]

[QUOTE]Антивирус Версия Обновление Результат
a-squared 5.0.0.34 2010.07.20 -
AhnLab-V3 2010.07.20.00 2010.07.19 -
AntiVir 8.2.4.12 2010.07.19 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.20 -
Avast 4.8.1351.0 2010.07.19 -
Avast5 5.0.332.0 2010.07.19 -
AVG 9.0.0.836 2010.07.19 -
BitDefender 7.2 2010.07.20 -
[B]CAT-QuickHeal 11.00 2010.07.19 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.07.19 -
[B]Comodo 5482 2010.07.19 TrojWare.Win32.Trojan.Agent.Gen[/B]
[B]DrWeb 5.0.2.03300 2010.07.20 Trojan.PWS.Ibank.53[/B]
eSafe 7.0.17.0 2010.07.19 -
eTrust-Vet 36.1.7722 2010.07.20 -
F-Prot 4.6.1.107 2010.07.19 -
F-Secure 9.0.15370.0 2010.07.20 -
Fortinet 4.1.143.0 2010.07.19 -
GData 21 2010.07.20 -
Ikarus T3.1.1.84.0 2010.07.20 -
Jiangmin 13.0.900 2010.07.19 -
[B]Kaspersky 7.0.0.125 2010.07.20 Backdoor.Win32.Shiz.ms[/B]
McAfee 5.400.0.1158 2010.07.20 -
McAfee-GW-Edition 2010.1 2010.07.19 -
Microsoft 1.6004 2010.07.19 -
[B]NOD32 5293 2010.07.19 Win32/Spy.Shiz.NAL[/B]
Norman 6.05.11 2010.07.19 -
nProtect 2010-07-19.01 2010.07.19 -
[B]Panda 10.0.2.7 2010.07.19 Suspicious file[/B]
PCTools 7.0.3.5 2010.07.20 -
[B]Prevx 3.0 2010.07.20 High Risk Cloaked Malware[/B]
Rising 22.57.00.04 2010.07.20 -
Sophos 4.55.0 2010.07.20 -
Sunbelt 6605 2010.07.20 -
SUPERAntiSpyware 4.40.0.1006 2010.07.20 -
Symantec 20101.1.1.7 2010.07.20 -
TheHacker 6.5.2.1.320 2010.07.19 -
TrendMicro 9.120.0.1004 2010.07.19 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.20 -
VBA32 3.12.12.6 2010.07.19 -
ViRobot 2010.6.21.3896 2010.07.19 -
VirusBuster 5.0.27.0 2010.07.19 -[/QUOTE]

[URL="http://www.virustotal.com/ru/analisis/39ddc119c4b631e043664607366d505a316bf29357950b238492aa8e942934fc-1279596194"]virustotal.com[/URL]
25.07.2010, 10:01
olejah

Популярный в последнее время - \Documents and Settings\Username\Главное меню\Программы\Автозагрузка\wwwznv32.exe -

[QUOTE]Антивирус Версия Обновление Результат
AhnLab-V3 2010.07.24.01 2010.07.23 -
AntiVir 8.2.4.26 2010.07.23 -
Antiy-AVL 2.0.3.7 2010.07.23 -
Authentium 5.2.0.5 2010.07.24 -
[B]Avast 4.8.1351.0 2010.07.24 Win32:Crypt-GYS[/B]
[B]Avast5 5.0.332.0 2010.07.24 Win32:Crypt-GYS[/B]
AVG 9.0.0.851 2010.07.24 -
[B]BitDefender 7.2 2010.07.24 Gen:Variant.Ursnif.19[/B]
CAT-QuickHeal 11.00 2010.07.24 -
ClamAV 0.96.0.3-git 2010.07.24 -
Comodo 5522 2010.07.23 -
DrWeb 5.0.2.03300 2010.07.24 -
Emsisoft 5.0.0.34 2010.07.24 -
eSafe 7.0.17.0 2010.07.22 -
eTrust-Vet 36.1.7734 2010.07.24 -
F-Prot 4.6.1.107 2010.07.24 -
[B]F-Secure 9.0.15370.0 2010.07.24 Gen:Variant.Ursnif.19[/B]
Fortinet 4.1.143.0 2010.07.24 -
[B]GData 21 2010.07.24 Gen:Variant.Ursnif.19[/B]
Ikarus T3.1.1.84.0 2010.07.24 -
Jiangmin 13.0.900 2010.07.24 -
Kaspersky 7.0.0.125 2010.07.24 -
McAfee 5.400.0.1158 2010.07.24 -
McAfee-GW-Edition 2010.1 2010.07.23 -
Microsoft 1.6004 2010.07.24 TrojanDownloader:Win32/Bredolab.AA
NOD32 5308 2010.07.24 -
Norman 6.05.11 2010.07.24 -
[B]nProtect 2010-07-24.02 2010.07.24 Gen:Variant.Ursnif.19[/B]
[B]Panda 10.0.2.7 2010.07.24 Suspicious file[/B]
PCTools 7.0.3.5 2010.07.24 -
[B]Prevx 3.0 2010.07.24 Medium Risk Malware[/B]
Rising 22.57.03.08 2010.07.23 -
Sophos 4.55.0 2010.07.24 -
[B]Sunbelt 6631 2010.07.24 Trojan.Win32.Generic.pak!cobra[/B]
[B]SUPERAntiSpyware 4.40.0.1006 2010.07.24 Trojan.Agent/Gen-Faldesc[/B]
Symantec 20101.1.1.7 2010.07.24 -
TheHacker 6.5.2.1.324 2010.07.23 -
TrendMicro 9.120.0.1004 2010.07.23 -
[B]TrendMicro-HouseCall 9.120.0.1004 2010.07.24 TROJ_BURNIX.SMEP[/B]
VBA32 3.12.12.6 2010.07.23 -
ViRobot 2010.7.23.3956 2010.07.24 -
VirusBuster 5.0.27.0 2010.07.23 -[/QUOTE]

[URL="http://www.virustotal.com/ru/analisis/86d5b27256ac348d82a5146a75a53e8e16f76583fdf732bd1defe83db943b547-1279979708"]virustotal.com[/URL]
27.07.2010, 15:12
valho

В одной школе нашёл, на стареньком компике, есть цифровая подпись, может из за того что упаковано molebox так выдаёт :unknw:
File GCLEAN.EXE received on 2010.07.27 10:24:42 (UTC)
Current status: finished
Result: 20/42 (47.62%)
[QUOTE][B]AhnLab-V3 2010.07.27.00 2010.07.26 Backdoor/Win32.Trojan[/B]
[B]AntiVir 8.2.4.26 2010.07.27 BDS/Bot.95399[/B]
Antiy-AVL 2.0.3.7 2010.07.26 -
Authentium 5.2.0.5 2010.07.27 -
Avast 4.8.1351.0 2010.07.26 -
Avast5 5.0.332.0 2010.07.26 -
AVG 9.0.0.851 2010.07.27 -
[B]BitDefender 7.2 2010.07.27 Backdoor.Bot.95399[/B]
[B]CAT-QuickHeal 11.00 2010.07.27 Trojan.Agent.ATV[/B]
[B]ClamAV 0.96.0.3-git 2010.07.27 PUA.Packed.MoleBox.2X[/B]
[B]Comodo 5554 2010.07.27 Heur.Suspicious[/B]
DrWeb 5.0.2.03300 2010.07.27 -
Emsisoft 5.0.0.34 2010.07.27 -
[B]eSafe 7.0.17.0 2010.07.26 SuspiciousR-Mytob3[/B]
eTrust-Vet 36.1.7738 2010.07.26 -
F-Prot 4.6.1.107 2010.07.27 -
[B]F-Secure 9.0.15370.0 2010.07.27 Backdoor.Bot.95399[/B]
Fortinet 4.1.143.0 2010.07.24 -
[B]GData 21 2010.07.27 Backdoor.Bot.95399[/B]
Ikarus T3.1.1.84.0 2010.07.27 -
Jiangmin 13.0.900 2010.07.26 -
Kaspersky 7.0.0.125 2010.07.27 -
[B]McAfee 5.400.0.1158 2010.07.27 Artemis!40D6BE49F665[/B]
[B]McAfee-GW-Edition 2010.1 2010.07.27 Artemis!40D6BE49F665[/B]
Microsoft 1.6004 2010.07.27 -
NOD32 5316 2010.07.27 -
[B]Norman 6.05.11 2010.07.27 W32/Bot.JO[/B]
[B]nProtect 2010-07-27.01 2010.07.27 Backdoor.Bot.95399[/B]
[B]Panda 10.0.2.7 2010.07.26 Trj/CI.A[/B]
[B]PCTools 7.0.3.5 2010.07.27 Backdoor.Trojan[/B]
[B]Prevx 3.0 2010.07.27 Medium Risk Malware[/B]
Rising 22.58.01.04 2010.07.27 -
Sophos 4.55.0 2010.07.27 -
[B]Sunbelt 6647 2010.07.27 Trojan.Win32.Generic!BT[/B]
SUPERAntiSpyware 4.40.0.1006 2010.07.27 -
[B]Symantec 20101.1.1.7 2010.07.27 Backdoor.Trojan[/B]
[B]TheHacker 6.5.2.1.326 2010.07.27 W32/Behav-Heuristic-065[/B]
TrendMicro 9.120.0.1004 2010.07.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.27 -
VBA32 3.12.12.6 2010.07.27 -
ViRobot 2010.7.28.3961 2010.07.27 -
[B]VirusBuster 5.0.27.0 2010.07.27 Packed/MoleBox[/B][/QUOTE]
Additional information
File size: 350784 bytes
MD5 : 40d6be49f665e7a00686f69f24602a2e
SHA1 : a6ff7b33b1c7122f748bdd56a0b3ab923baaad26
SHA256: 622ca0f8943800438b3a97efad9d72e784f4ee0b6a4c85e49d31643e64e759c7
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x85B63
timedatestamp.....: 0x2A425E19 (Sat Jun 20 00:22:17 1992)
machinetype.......: 0x14C (Intel I386)
sigcheck: publisher....: ___ ___ _______-_______
copyright....: (C) 2006 ___ ___ _______-_______
product......: ______. _________ F1
description..: _______ ______ - _______ _______
original name: gclean.exe
internal name: ______-_______
file version.: 6.3.0.19
comments.....: n/a
signers......: NPP Garant-Service
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 2:27 AM 1/27/2006
verified.....: -
Prevx Info: [url]http://info.prevx.com/aboutprogramtext.asp?PX5=C6359DAD404146E85AE805C0BC6AF80076EAAC1B[/url]
30.07.2010, 04:19
grobik

C:\Documents and Settings\Username\Аpplication data\fuki.exe

Файл [B]fuki.exe[/B] получен 2010.07.29 21:32:38 (UTC)

Результат: 8/42 (19.05%)
[QUOTE]
Антивирус Версия Обновление Результат
AhnLab-V3 2010.07.29.00 2010.07.28 -
[B]AntiVir 8.2.4.32 2010.07.29 TR/Dropper.Gen[/B]
Antiy-AVL 2.0.3.7 2010.07.29 -
[B]Authentium 5.2.0.5 2010.07.29 W32/Trojan2.NABV[/B]
Avast 4.8.1351.0 2010.07.29 -
Avast5 5.0.332.0 2010.07.29 -
AVG 9.0.0.851 2010.07.29 -
[B]BitDefender 7.2 2010.07.29 Gen:Variant.Koobface.1[/B]
CAT-QuickHeal 11.00 2010.07.29 -
ClamAV 0.96.0.3-git 2010.07.29 -
Comodo 5584 2010.07.29 -
[B]DrWeb 5.0.2.03300 2010.07.29 BackDoor.Qbot.20[/B]
Emsisoft 5.0.0.34 2010.07.29 -
eSafe 7.0.17.0 2010.07.29 -
eTrust-Vet 36.1.7748 2010.07.29 -
[B]F-Prot 4.6.1.107 2010.07.29 W32/Trojan2.NABV
F-Secure 9.0.15370.0 2010.07.29 Gen:Variant.Koobface.1[/B]
Fortinet 4.1.143.0 2010.07.29 -
[B]GData 21 2010.07.29 Gen:Variant.Koobface.1[/B]
Ikarus T3.1.1.84.0 2010.07.29 -
Jiangmin 13.0.900 2010.07.29 -
Kaspersky 7.0.0.125 2010.07.29 -
McAfee 5.400.0.1158 2010.07.29 -
McAfee-GW-Edition 2010.1 2010.07.29 -
Microsoft 1.6004 2010.07.29 -
NOD32 5324 2010.07.29 -
Norman 6.05.11 2010.07.29 -
nProtect 2010-07-29.01 2010.07.29 -
Panda 10.0.2.7 2010.07.29 -
PCTools 7.0.3.5 2010.07.29 -
Prevx 3.0 2010.07.29 -
Rising 22.58.03.04 2010.07.29 -
[B]Sophos 4.56.0 2010.07.29 Mal/EncPk-LW[/B]
Sunbelt 6660 2010.07.29 -
SUPERAntiSpyware 4.40.0.1006 2010.07.29 -
Symantec 20101.1.1.7 2010.07.29 -
TheHacker 6.5.2.1.328 2010.07.29 -
TrendMicro 9.120.0.1004 2010.07.29 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.29 -
VBA32 3.12.12.6 2010.07.28 -
ViRobot 2010.7.29.3963 2010.07.29 -
VirusBuster 5.0.27.0 2010.07.29 -[/QUOTE]
Дополнительная информация
File size: 166400 bytes
MD5...: e573040b8257f7d6b98adf47dddd6b02
SHA1..: 93f0d889b217625d67d3563541a92aaec633146b
SHA256: 0decedcda7378dca793c1d7e167df03e5d3051f2d2c071c4bc9b84a088181d07

( base data )
entrypointaddress.: 0x11b0
timedatestamp.....: 0x3eabdc15 (Sun Apr 27 13:33:09 2003)
machinetype.......: 0x14c (I386)

sigcheck:
publisher....: VMware, Inc.
copyright....: Copyright (c) 1998-2008 VMware, Inc.
product......: VMware Workstation
description..: VMware Virtual Disk Manager
original name: vmware-vdiskmanager.exe
internal name: diskUtil
file version.: 6.5.1 build-126130
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
[url]http://www.virustotal.com/ru/analisis/0decedcda7378dca793c1d7e167df03e5d3051f2d2c071c4bc9b84a088181d07-1280439158[/url]
30.07.2010, 23:33
olejah

Совсем-совсем свежачок - [B]C:\WINDOWS\system32\sidebar32.exe[/B], Касперский добавил вчера - новый зловред, [B]Trojan-Spy.Win32.BZub.iad[/B]. Последние два дня очень часто встречается в Помогите -

[QUOTE]Антивирус Версия Обновление Результат
[B]AhnLab-V3 2010.07.30.00 2010.07.29 Spyware/Win32.BZub[/B]
[B]AntiVir 8.2.4.32 2010.07.30 TR/Spy.BZub.iad[/B]
Antiy-AVL 2.0.3.7 2010.07.30 -
Authentium 5.2.0.5 2010.07.30 -
Avast 4.8.1351.0 2010.07.30 -
Avast5 5.0.332.0 2010.07.30 -
AVG 9.0.0.851 2010.07.30 -
BitDefender 7.2 2010.07.30 -
CAT-QuickHeal 11.00 2010.07.30 -
ClamAV 0.96.0.3-git 2010.07.30 -
Comodo 5590 2010.07.30 -
DrWeb 5.0.2.03300 2010.07.30 -
Emsisoft 5.0.0.34 2010.07.30 -
eSafe 7.0.17.0 2010.07.29 -
eTrust-Vet 36.1.7751 2010.07.30 -
F-Prot 4.6.1.107 2010.07.30 -
F-Secure 9.0.15370.0 2010.07.30 -
Fortinet 4.1.143.0 2010.07.30 -
GData 21 2010.07.30 -
Ikarus T3.1.1.84.0 2010.07.30 -
Jiangmin 13.0.900 2010.07.29 -
[B]Kaspersky 7.0.0.125 2010.07.30 Trojan-Spy.Win32.BZub.iad[/B]
McAfee 5.400.0.1158 2010.07.30 -
McAfee-GW-Edition 2010.1 2010.07.30 -
Microsoft 1.6004 2010.07.30 -
[B]NOD32 5327 2010.07.30 Win32/AutoRun.Agent.WA[/B]
Norman 6.05.11 2010.07.30 -
nProtect 2010-07-30.02 2010.07.30 -
Panda 10.0.2.7 2010.07.30 -
PCTools 7.0.3.5 2010.07.30 -
Prevx 3.0 2010.07.30 -
Rising 22.58.04.05 2010.07.30 -
[B]Sophos 4.56.0 2010.07.30 Mal/Generic-L[/B]
Sunbelt 6664 2010.07.30 -
Symantec 20101.1.1.7 2010.07.30 -
TheHacker 6.5.2.1.328 2010.07.30 -
TrendMicro 9.120.0.1004 2010.07.30 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.30 -
VBA32 3.12.12.7 2010.07.30 -
ViRobot 2010.7.30.3963 2010.07.30 -
VirusBuster 5.0.27.0 2010.07.30 -[/QUOTE]

[URL="http://www.virustotal.com/ru/analisis/43eaec8ea0e2ae2ef97d654d249bb4c39a111baeab509a7607cb3b339975f0ff-1280508614"]virustotal.com[/URL]
03.08.2010, 00:09
Никита Соловьев

Файл avz00001.dta получен 2010.08.02 20:05:46 (UTC)Антивирус Версия Обновление Результат
[QUOTE]AhnLab-V3 2010.08.01.00 2010.07.31 -
AntiVir 8.2.4.32 2010.08.02 [B]TR/Spy.98304.342[/B]
Antiy-AVL 2.0.3.7 2010.08.02 -
Authentium 5.2.0.5 2010.08.02 -
Avast 4.8.1351.0 2010.08.02 [B]Win32:Rootkit-gen [/B]
Avast5 5.0.332.0 2010.08.02 [B]Win32:Rootkit-gen[/B]
AVG 9.0.0.851 2010.08.02 [B]SHeur3.AQXB[/B]
BitDefender 7.2 2010.08.02 [B]Gen:Trojan.Heur.FU.gq0@aaDk4Mji [/B]
CAT-QuickHeal 11.00 2010.08.02 [B](Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.08.02 -
Comodo 5623 2010.08.02 [B]TrojWare.Win32.Trojan.Agent.Gen[/B]
DrWeb 5.0.2.03300 2010.08.02 -
Emsisoft 5.0.0.34 2010.07.30 -
eSafe 7.0.17.0 2010.08.02 -
eTrust-Vet 36.1.7757 2010.08.02 -
F-Prot 4.6.1.107 2010.08.02 -
F-Secure 9.0.15370.0 2010.08.02 [B]Gen:Trojan.Heur.FU.gq0@aaDk4Mji[/B]
Fortinet 4.1.143.0 2010.08.02 -
GData 21 2010.08.02 [B]Gen:Trojan.Heur.FU.gq0@aaDk4Mji[/B]
Ikarus T3.1.1.84.0 2010.08.02 -
Jiangmin 13.0.900 2010.08.01 -
Kaspersky 7.0.0.125 2010.08.02 -
McAfee 5.400.0.1158 2010.08.02 -
McAfee-GW-Edition 2010.1 2010.08.02 -
Microsoft 1.6004 2010.08.02 -
NOD32 5335 2010.08.02 -
Norman 6.05.11 2010.08.02 -
nProtect 2010-08-02.02 2010.08.02 -
Panda 10.0.2.7 2010.08.02 [B]Suspicious file[/B]
PCTools 7.0.3.5 2010.08.02 -
Prevx 3.0 2010.08.02 -
Rising 22.59.00.04 2010.08.02 -
Sophos 4.56.0 2010.08.02 -
Sunbelt 6675 2010.08.02 -
SUPERAntiSpyware 4.40.0.1006 2010.08.02 -
Symantec 20101.1.1.7 2010.08.02 -
TheHacker 6.5.2.1.328 2010.07.30 -
TrendMicro 9.120.0.1004 2010.08.02 [B]BKDR_SHIZ.V [/B]
TrendMicro-HouseCall 9.120.0.1004 2010.08.02 [B]BKDR_SHIZ.V[/B]
VBA32 3.12.12.7 2010.08.02 -
ViRobot 2010.7.31.3965 2010.08.02 -
VirusBuster 5.0.27.0 2010.08.02 -[/QUOTE]
03.08.2010, 16:20
Никита Соловьев

Сегодняшний

Файл avz00002.dta получен 2010.08.03 12:16:45 (UTC)Антивирус Версия Обновление Результат
[QUOTE]AhnLab-V3 2010.08.03.00 2010.08.03 -
AntiVir 8.2.4.32 2010.08.03 -
Antiy-AVL 2.0.3.7 2010.08.03 -
Authentium 5.2.0.5 2010.08.03 -
Avast 4.8.1351.0 2010.08.03 -
Avast5 5.0.332.0 2010.08.03 -
AVG 9.0.0.851 2010.08.03 [B]SHeur3.AQZJ[/B]
BitDefender 7.2 2010.08.03 -
CAT-QuickHeal 11.00 2010.08.03 -
ClamAV 0.96.0.3-git 2010.08.03 -
Comodo 5630 2010.08.03 [B]TrojWare.Win32.Trojan.Agent.Gen[/B]
DrWeb 5.0.2.03300 2010.08.03 -
Emsisoft 5.0.0.36 2010.08.03 -
eSafe 7.0.17.0 2010.08.02 -
eTrust-Vet 36.1.7759 2010.08.03 -
F-Prot 4.6.1.107 2010.08.03 -
F-Secure 9.0.15370.0 2010.08.03 [B]Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.1.143.0 2010.08.02 -
GData 21 2010.08.03 -
Ikarus T3.1.1.84.0 2010.08.03 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.03 -
McAfee 5.400.0.1158 2010.08.03 -
McAfee-GW-Edition 2010.1 2010.08.03 -
Microsoft 1.6004 2010.08.03 -
NOD32 5336 2010.08.03 -
Norman 6.05.11 2010.08.02 -
nProtect 2010-08-03.01 2010.08.03 -
Panda 10.0.2.7 2010.08.02 [B]Suspicious file [/B]
PCTools 7.0.3.5 2010.08.03 -
Prevx 3.0 2010.08.03 -
Rising 22.59.01.04 2010.08.03 -
Sophos 4.56.0 2010.08.03 -
Sunbelt 6678 2010.08.03 -
SUPERAntiSpyware 4.40.0.1006 2010.08.03 -
Symantec 20101.1.1.7 2010.08.03 -
TheHacker 6.5.2.1.329 2010.08.03 -
TrendMicro 9.120.0.1004 2010.08.03 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.03 -
VBA32 3.12.12.7 2010.08.02 -
ViRobot 2010.8.3.3969 2010.08.03 -
VirusBuster 5.0.27.0 2010.08.02 -[/QUOTE]
04.08.2010, 05:07
grobik

Файл [B]Reader.exe[/B] получен 2010.08.03 22:18:08 (UTC)
Текущий статус: закончено

Результат: 7/42 (16.67%)
[QUOTE]Антивирус Версия Обновление Результат
AhnLab-V3 2010.08.04.00 2010.08.03 -
AntiVir 8.2.4.32 2010.08.03 -
Antiy-AVL 2.0.3.7 2010.08.03 -
[B]Authentium 5.2.0.5 2010.08.03 W32/Bredolab.GC[/B]
Avast 4.8.1351.0 2010.08.03 -
Avast5 5.0.332.0 2010.08.03 -
AVG 9.0.0.851 2010.08.03 -
BitDefender 7.2 2010.08.03 -
CAT-QuickHeal 11.00 2010.08.03 -
[B]ClamAV 0.96.0.3-git 2010.08.03 Trojan.GenericBL.3232[/B]
Comodo 5636 2010.08.04 -
DrWeb 5.0.2.03300 2010.08.03 -
Emsisoft 5.0.0.36 2010.08.04 -
eSafe 7.0.17.0 2010.08.03 -
eTrust-Vet 36.1.7759 2010.08.03 -
F-Prot 4.6.1.107 2010.08.03 -
[B]F-Secure 9.0.15370.0 2010.08.03 Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.1.143.0 2010.08.02 -
GData 21 2010.08.03 -
Ikarus T3.1.1.84.0 2010.08.03 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.03 -
McAfee 5.400.0.1158 2010.08.03 -
McAfee-GW-Edition 2010.1 2010.08.03 -
Microsoft 1.6004 2010.08.03 -
NOD32 5338 2010.08.03 -
[B]Norman 6.05.11 2010.08.03 W32/Bredolab.B!genr[/B]
nProtect 2010-08-03.01 2010.08.03 -
Panda 10.0.2.7 2010.08.03 -
PCTools 7.0.3.5 2010.08.03 -
[B]Prevx 3.0 2010.08.04 High Risk Cloaked Malware[/B]
Rising 22.59.01.04 2010.08.03 -
[B]Sophos 4.56.0 2010.08.03 Mal/EncPk-QA
Sunbelt 6680 2010.08.03 Trojan.Win32.Generic.pak!cobra[/B]
SUPERAntiSpyware 4.40.0.1006 2010.08.03 -
Symantec 20101.1.1.7 2010.08.03 -
TheHacker 6.5.2.1.330 2010.08.03 -
TrendMicro 9.120.0.1004 2010.08.03 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.03 -
VBA32 3.12.12.7 2010.08.02 -
ViRobot 2010.8.3.3969 2010.08.03 -
VirusBuster 5.0.27.0 2010.08.03 -
[/QUOTE]
File size: 21504 bytes
MD5...: 64149dde50077f83502bbf532966f69f
SHA1..: 29e8e72501cf4f8c779ec9698893bd946d29967b
SHA256: 025e6e8752194c34e1c3593c1f03f51479a4cb825fe7b02b79cf15efe5b1d6b4
ssdeep: 384:scZZkDqx1uSQGT7UTw6AlT+WymHD9TRJSbIdMecgoq:fZkDqLuSQw7UTyiWy
CVJS2Me3h

( base data )
entrypointaddress.: 0x1390
timedatestamp.....: 0x4bdc490c (Sat May 01 15:30:20 2010)
machinetype.......: 0x14c (I386)
[url]http://www.virustotal.com/ru/analisis/025e6e8752194c34e1c3593c1f03f51479a4cb825fe7b02b79cf15efe5b1d6b4-1280873888[/url]
07.08.2010, 05:19
grobik

C:\Program Files\Common Files\Microsoft Shared\Help\1046\MicrosoftHelp.exe

Файл [B]MicrosoftHelp.exe[/B] получен 2010.08.06 22:39:54 (UTC)

Результат: 8/42 (19.05%)
[QUOTE]Антивирус Версия Обновление Результат
AhnLab-V3 2010.08.07.00 2010.08.06 -
AntiVir 8.2.4.34 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
[B]Authentium 5.2.0.5 2010.08.06 W32/Katusha.C.gen!Eldorado[/B]
Avast 4.8.1351.0 2010.08.06 -
Avast5 5.0.332.0 2010.08.06 -
[B]AVG 9.0.0.851 2010.08.06 Cryptic.ATF[/B]
BitDefender 7.2 2010.08.07 -
CAT-QuickHeal 11.00 2010.08.06 -
ClamAV 0.96.0.3-git 2010.08.06 -
[B]Comodo 5671 2010.08.06 Heur.Packed.Unknown[/B]
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7771 2010.08.06 -
[B]F-Prot 4.6.1.107 2010.08.06 W32/Katusha.C.gen!Eldorado[/B]
F-Secure 9.0.15370.0 2010.08.07 -
Fortinet 4.1.143.0 2010.08.06 -
GData 21 2010.08.06 -
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.06 -
[B]McAfee 5.400.0.1158 2010.08.06 Downloader-CEW[/B]
[B]McAfee-GW-Edition 2010.1 2010.08.06 Heuristic.BehavesLike.Win32.Suspicious.A[/B]
Microsoft 1.6004 2010.08.06 -
NOD32 5348 2010.08.06 -
Norman 6.05.11 2010.08.06 -
nProtect 2010-08-06.01 2010.08.06 -
[B]Panda 10.0.2.7 2010.08.06 Suspicious file[/B]
PCTools 7.0.3.5 2010.08.06 -
Prevx 3.0 2010.08.07 -
Rising 22.59.04.04 2010.08.06 -
[B]Sophos 4.56.0 2010.08.06 Mal/FakeAV-EI[/B]
Sunbelt 6696 2010.08.06 -
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.07 -
TheHacker 6.5.2.1.335 2010.08.07 -
TrendMicro 9.120.0.1004 2010.08.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.07 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.06 -
VirusBuster 5.0.27.0 2010.08.06 -
[/QUOTE]
File size: 163840 bytes
MD5...: a974c620a84ca66a2445581a996822c3
SHA1..: 8bc98d6392014e2b22632dcea0227c4209a98d73
SHA256: dbac0281507987694f6217d655396bb7503bb4ebd2d1d140615e84b5c979171d
ssdeep: 3072:81XmnVKXi9DvPSX0rJ4OpbQp1Fj8Zk3n7Qeokrcj0fy:R9DvPSX0VtpRZic

( base data )
entrypointaddress.: 0x2b74
timedatestamp.....: 0x3c6c7ff8 (Fri Feb 15 03:26:48 2002)
machinetype.......: 0x14c (I386)
[url]http://www.virustotal.com/ru/analisis/dbac0281507987694f6217d655396bb7503bb4ebd2d1d140615e84b5c979171d-1281134394[/url]
07.08.2010, 21:55
polar_owl

Поймал неделю назад у знакомого на компьютере. Жаловался, что при нажатии на ссылку на mail.ru его перенаправляет на порносайт.
Выложил результат проверки только сейчас, так как ждал вердикта аналитиков из Kaspersky или DrWeb. DrWeb только вчера его добавили. От Kaspersky, судя по Киберу, нет ответа с 20.07.
Зараза прописывается в [B]AppInit_DLLs[/B], имеет имя: [B]C:\WINDOWS\system32\sysintm.dll[/B]

[B]Файл avz00001.dta получен 2010.08.07 17:42:54 (UTC)
Результат: [COLOR="Red"]4[/COLOR]/42 (9.53%)[/B]
[QUOTE]Антивирус Версия Обновление Результат
AhnLab-V3 2010.08.07.00 2010.08.06 -
AntiVir 8.2.4.34 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.07 -
Avast 4.8.1351.0 2010.08.07 -
Avast5 5.0.332.0 2010.08.07 -
AVG 9.0.0.851 2010.08.07 -
BitDefender 7.2 2010.08.07 -
CAT-QuickHeal 11.00 2010.08.07 -
ClamAV 0.96.0.3-git 2010.08.07 -
Comodo 5672 2010.08.07 -
[B]DrWeb 5.0.2.03300 2010.08.07 Trojan.BrowseSpy.2[/B]
Emsisoft 5.0.0.36 2010.08.07 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7773 2010.08.07 -
F-Prot 4.6.1.107 2010.08.07 -
F-Secure 9.0.15370.0 2010.08.07 -
Fortinet 4.1.143.0 2010.08.07 -
GData 21 2010.08.07 -
Ikarus T3.1.1.84.0 2010.08.07 -
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.07 -
McAfee 5.400.0.1158 2010.08.07 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.07 -
[B]NOD32 5348 2010.08.06 Win32/Agent.OGA[/B]
Norman 6.05.11 2010.08.07 -
nProtect 2010-08-07.01 2010.08.07 -
Panda 10.0.2.7 2010.08.07 -
PCTools 7.0.3.5 2010.08.07 -
Prevx 3.0 2010.08.07 -
Rising 22.59.05.04 2010.08.07 -
Sophos 4.56.0 2010.08.07 -
Sunbelt 6700 2010.08.07 -
SUPERAntiSpyware 4.40.0.1006 2010.08.07 -
Symantec 20101.1.1.7 2010.08.07 -
[B]TheHacker 6.5.2.1.336 2010.08.07 Trojan/Agent.oga
TrendMicro 9.120.0.1004 2010.08.07 PAK_Generic.001[/B]
TrendMicro-HouseCall 9.120.0.1004 2010.08.07 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.07 -
VirusBuster 5.0.27.0 2010.08.07 -[/QUOTE]
[URL="http://www.virustotal.com/ru/analisis/354655259524aace859800e5e89d167c7652f640dfe9bf968818b3aab70af615-1281202974"]VirusTotal[/URL]
08.08.2010, 01:54
Никита Соловьев

Новое из раздела "помогите"

Файл avz00001.dta получен 2010.08.07 21:49:55 (UTC)Антивирус Версия Обновление [QUOTE]Результат
AhnLab-V3 2010.08.08.00 2010.08.07 -
AntiVir 8.2.4.34 2010.08.07 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.07 -
Avast 4.8.1351.0 2010.08.07 -
Avast5 5.0.332.0 2010.08.07 -
AVG 9.0.0.851 2010.08.07 [B]SHeur3.ASBP[/B]
BitDefender 7.2 2010.08.07 -
CAT-QuickHeal 11.00 2010.08.07 -
ClamAV 0.96.0.3-git 2010.08.07 -
Comodo 5676 2010.08.07 [B]TrojWare.Win32.Trojan.Agent.Gen [/B]
DrWeb 5.0.2.03300 2010.08.07 -
Emsisoft 5.0.0.36 2010.08.07 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7773 2010.08.07 -
F-Prot 4.6.1.107 2010.08.07 -
F-Secure 9.0.15370.0 2010.08.07 [B]Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.1.143.0 2010.08.07 -
GData 21 2010.08.07 -
Ikarus T3.1.1.84.0 2010.08.07 -
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.07 -
McAfee 5.400.0.1158 2010.08.07 -
McAfee-GW-Edition 2010.1 2010.08.07 -
Microsoft 1.6004 2010.08.07 -
NOD32 5349 2010.08.07 -
Norman 6.05.11 2010.08.07 -
nProtect 2010-08-07.01 2010.08.07 -
Panda 10.0.2.7 2010.08.07 [B]Suspicious file [/B]
PCTools 7.0.3.5 2010.08.07 -
Prevx 3.0 2010.08.07 -
Rising 22.59.05.04 2010.08.07 -
Sophos 4.56.0 2010.08.07 -
Sunbelt 6700 2010.08.07 -
SUPERAntiSpyware 4.40.0.1006 2010.08.07 -
Symantec 20101.1.1.7 2010.08.07 [B]Suspicious.Mystic[/B]
TheHacker 6.5.2.1.336 2010.08.07 -
TrendMicro 9.120.0.1004 2010.08.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.07 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.07 -
VirusBuster 5.0.27.0 2010.08.07 - [/QUOTE]
10.08.2010, 04:25
DefesT

File [B]_.exe[/B] received on 2010.08.10 00:12:29 (UTC)
Result: [B][COLOR="Red"]17[/COLOR]/42[/B] (40.48%)
[QUOTE][U]Antivirus Version Last Update Result[/U]
[B]AhnLab-V3 2010.08.10.00 2010.08.09 Malware/Win32.Generic[/B]
[B]AntiVir 8.2.4.34 2010.08.09 TR/Midgare.apwr[/B]
Antiy-AVL 2.0.3.7 2010.08.09 -
Authentium 5.2.0.5 2010.08.09 -
[B]Avast 4.8.1351.0 2010.08.09 Win32:Trojan-gen
Avast5 5.0.332.0 2010.08.09 Win32:Trojan-gen[/B]
AVG 9.0.0.851 2010.08.09 -
[B]BitDefender 7.2 2010.08.10 Trojan.Generic.KD.25631[/B]
CAT-QuickHeal 11.00 2010.08.09 -
ClamAV 0.96.0.3-git 2010.08.09 -
Comodo 5700 2010.08.10 -
[B]DrWeb 5.0.2.03300 2010.08.10 Trojan.Inject.9224[/B]
[B]Emsisoft 5.0.0.36 2010.08.09 Trojan.Win32.VBKrypt!IK[/B]
[B]eSafe 7.0.17.0 2010.08.09 Suspicious File[/B]
eTrust-Vet 36.1.7778 2010.08.09 -
F-Prot 4.6.1.107 2010.08.09 -
[B]F-Secure 9.0.15370.0 2010.08.10 Trojan.Generic.KD.25631[/B]
Fortinet 4.1.143.0 2010.08.09 -
[B]GData 21 2010.08.10 Trojan.Generic.KD.25631
Ikarus T3.1.1.87.0 2010.08.09 Trojan.Win32.VBKrypt[/B]
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.09 -
McAfee 5.400.0.1158 2010.08.10 -
[B]McAfee-GW-Edition 2010.1 2010.08.09 Heuristic.LooksLike.Win32.Suspicious.F!89[/B]
Microsoft 1.6004 2010.08.09 -
NOD32 5353 2010.08.09 -
[B]Norman 6.05.11 2010.08.09 W32/VBTroj.CYEZ
nProtect 2010-08-09.02 2010.08.09 Trojan.Generic.KD.25631
Panda 10.0.2.7 2010.08.09 Suspicious file[/B]
PCTools 7.0.3.5 2010.08.09 -
[B]Prevx 3.0 2010.08.10 Medium Risk Malware Dropper[/B]
Rising 22.60.00.04 2010.08.09 -
[B]Sophos 4.56.0 2010.08.09 Mal/Dloadr-AL[/B]
Sunbelt 6709 2010.08.10 -
SUPERAntiSpyware 4.40.0.1006 2010.08.10 -
Symantec 20101.1.1.7 2010.08.09 -
TheHacker 6.5.2.1.341 2010.08.10 -
TrendMicro 9.120.0.1004 2010.08.09 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.10 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.8.9.3978 2010.08.09 -
VirusBuster 5.0.27.0 2010.08.09 -[/QUOTE]
Additional information
File size: [B]619086[/B] bytes
MD5...: e8297474f8754cf041f86c16f161cacc
SHA1..: 366e37fea9891de5d8575d04c5ef2100d381e068
SHA256: 2ba13174bffd065339e6c7cd825430fbaf8f602b44293eada90d2ba81f1792af
[url]http://www.virustotal.com/analisis/2ba13174bffd065339e6c7cd825430fbaf8f602b44293eada90d2ba81f1792af-1281399149[/url]

File [B]flash_player.exe[/B] received on 2010.08.10 00:12:37 (UTC)
Result: [B][COLOR="Red"]3[/COLOR]/42[/B] (7.15%)
[QUOTE][U]Antivirus Version Last Update Result[/U]
AhnLab-V3 2010.08.10.00 2010.08.09 -
AntiVir 8.2.4.34 2010.08.09 -
Antiy-AVL 2.0.3.7 2010.08.09 -
Authentium 5.2.0.5 2010.08.09 -
Avast 4.8.1351.0 2010.08.09 -
Avast5 5.0.332.0 2010.08.09 -
AVG 9.0.0.851 2010.08.09 -
BitDefender 7.2 2010.08.10 -
CAT-QuickHeal 11.00 2010.08.09 -
ClamAV 0.96.0.3-git 2010.08.09 -
Comodo 5700 2010.08.10 -
DrWeb 5.0.2.03300 2010.08.10 -
Emsisoft 5.0.0.36 2010.08.09 -
eSafe 7.0.17.0 2010.08.09 -
eTrust-Vet 36.1.7778 2010.08.09 -
F-Prot 4.6.1.107 2010.08.09 -
[B]F-Secure 9.0.15370.0 2010.08.10 Suspicious:W32/Malware!Gemini[/B]
Fortinet 4.1.143.0 2010.08.09 -
GData 21 2010.08.10 -
Ikarus T3.1.1.87.0 2010.08.09 -
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.09 -
McAfee 5.400.0.1158 2010.08.10 -
McAfee-GW-Edition 2010.1 2010.08.09 -
Microsoft 1.6004 2010.08.09 -
[B]NOD32 5353 2010.08.09 a variant of Win32/Injector.CMA[/B]
Norman 6.05.11 2010.08.09 -
nProtect 2010-08-09.02 2010.08.09 -
Panda 10.0.2.7 2010.08.09 -
PCTools 7.0.3.5 2010.08.09 -
Prevx 3.0 2010.08.10 -
Rising 22.60.00.04 2010.08.09 -
Sophos 4.56.0 2010.08.09 -
[B]Sunbelt 6709 2010.08.10 Virtool.Win32.Vbinject.1 (v)[/B]
SUPERAntiSpyware 4.40.0.1006 2010.08.10 -
Symantec 20101.1.1.7 2010.08.09 -
TheHacker 6.5.2.1.341 2010.08.10 -
TrendMicro 9.120.0.1004 2010.08.09 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.10 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.8.9.3978 2010.08.09 -
VirusBuster 5.0.27.0 2010.08.09 -[/QUOTE]
Additional information
File size: [B]112448[/B] bytes
MD5...: b7859c16428982587c5f4cf5f167180a
SHA1..: e17ab5180d752fc1596964068003b81437e8a265
SHA256: ebc49d82097a19c3e41aef6c75bb66379d8cf9ec84b8dae7bb9ae8ccd12c2bb3
[url]http://www.virustotal.com/analisis/ebc49d82097a19c3e41aef6c75bb66379d8cf9ec84b8dae7bb9ae8ccd12c2bb3-1281399157[/url]
10.08.2010, 16:44
Никита Соловьев

[B]monoca32.exe[/B]

[QUOTE]AhnLab-V3 2010.08.10.01 2010.08.10 [B]Win-Trojan/Xema.variant [/B]
AntiVir 8.2.4.34 2010.08.10 -
Antiy-AVL 2.0.3.7 2010.08.10 -
Authentium 5.2.0.5 2010.08.10 -
Avast 4.8.1351.0 2010.08.10 [B]Win32:Crypt-HCS [/B]
Avast5 5.0.332.0 2010.08.10 [B]Win32:Crypt-HCS[/B]
AVG 9.0.0.851 2010.08.10 [B]Agent2.BCCT[/B]
BitDefender 7.2 2010.08.10 [B]Trojan.Generic.4544889[/B]
CAT-QuickHeal 11.00 2010.08.10 -
ClamAV 0.96.0.3-git 2010.08.10 -
Comodo 5706 2010.08.10 [B]TrojWare.Win32.Trojan.Agent.Gen[/B]
DrWeb 5.0.2.03300 2010.08.10 [B]Trojan.Winlock.2282[/B]
Emsisoft 5.0.0.37 2010.08.10 [B]Trojan-Ransom.Win32.DigiPog!IK[/B]
eSafe 7.0.17.0 2010.08.09 [B]Win32.Bredolab.W [/B]
eTrust-Vet 36.1.7779 2010.08.10 -
F-Prot 4.6.1.107 2010.08.10 -
F-Secure 9.0.15370.0 2010.08.10 [B]Trojan.Generic.4544889[/B]
Fortinet 4.1.143.0 2010.08.10 [B]W32/DigiPog.WC!tr[/B]
GData 21 2010.08.10 [B]Trojan.Generic.4544889 [/B]
Ikarus T3.1.1.87.0 2010.08.10 [B]Trojan-Ransom.Win32.DigiPog[/B]
Jiangmin 13.0.900 2010.08.10 [B]Trojan/DigiPog.yd [/B]
Kaspersky 7.0.0.125 2010.08.10 [B]Trojan-Ransom.Win32.DigiPog.wc[/B]
McAfee 5.400.0.1158 2010.08.10 [B]Bredolab.gen.w[/B]
McAfee-GW-Edition 2010.1 2010.08.10 -
Microsoft 1.6004 2010.08.10 [B]TrojanDownloader:Win32/Bredolab.AA[/B]
NOD32 5353 2010.08.10 [B]a variant of Win32/Kryptik.FSL [/B]
Norman 6.05.11 2010.08.09 [B]W32/Harnig.A!genr[/B]
nProtect 2010-08-10.01 2010.08.10 [B]Trojan.Generic.4544889 [/B]
Panda 10.0.2.7 2010.08.10 [B]Trj/CI.A[/B]
PCTools 7.0.3.5 2010.08.10 [B]Trojan.Gen[/B]
Prevx 3.0 2010.08.10 [B]Medium Risk Malware Dropper[/B]
Rising 22.60.01.04 2010.08.10 -
Sophos 4.56.0 2010.08.10 [B]Mal/FakeAV-EA[/B]
Sunbelt 6711 2010.08.10 [B]Trojan.Win32.Generic.pak!cobra[/B]
SUPERAntiSpyware 4.40.0.1006 2010.08.10 [B]Trojan.Agent/Gen-Faldesc[/B]
Symantec 20101.1.1.7 2010.08.10 [B]Trojan.Gen[/B]
TheHacker 6.5.2.1.341 2010.08.10 [B]Trojan/DigiPog.wc[/B]
TrendMicro 9.120.0.1004 2010.08.10 [B]TROJ_BURNIX.SMEP[/B]
TrendMicro-HouseCall 9.120.0.1004 2010.08.10 [B]TROJ_BURNIX.SMEP[/B]
VBA32 3.12.12.8 2010.08.10 [B]TrojanRansom.DigiPog.wc[/B]
ViRobot 2010.8.9.3978 2010.08.10 -
VirusBuster 5.0.27.0 2010.08.09 [B]Trojan.DigiPog.RI[/B] [/QUOTE]
12.08.2010, 14:54
Vadim_SVN

OSAM в столбцах написал, что это Userinit и паблишер BitDefender :)

[CODE]File name: avz00001.dta
Submission date: 2010-08-12 08:11:44 (UTC)
[B][COLOR="Red"]Result: 5/ 41 (12.2%)[/COLOR][/B]

AhnLab-V3 2010.08.12.00 2010.08.11 -
AntiVir 8.2.4.34 2010.08.11 -
Antiy-AVL 2.0.3.7 2010.08.11 -
Authentium 5.2.0.5 2010.08.12 -
Avast 4.8.1351.0 2010.08.11 -
Avast5 5.0.332.0 2010.08.11 -
AVG 9.0.0.851 2010.08.11 -
BitDefender 7.2 2010.08.12 -
[B]CAT-QuickHeal 11.00 2010.08.12 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.08.12 -
Comodo 5714 2010.08.11 -
DrWeb 5.0.2.03300 2010.08.12 -
Emsisoft 5.0.0.37 2010.08.12 -
eSafe 7.0.17.0 2010.08.11 -
eTrust-Vet 36.1.7784 2010.08.12 -
F-Prot 4.6.1.107 2010.08.12 -
F-Secure 9.0.15370.0 2010.08.12 -
Fortinet 4.1.143.0 2010.08.11 -
GData 21 2010.08.12 -
Ikarus T3.1.1.88.0 2010.08.12 -
Jiangmin 13.0.900 2010.08.12 -
Kaspersky 7.0.0.125 2010.08.12 -
McAfee 5.400.0.1158 2010.08.12 -
McAfee-GW-Edition 2010.1 2010.08.12 -
Microsoft 1.6004 2010.08.12 -
[B]NOD32 5358 2010.08.11 a variant of Win32/Kryptik.FYA[/B]
Norman 6.05.11 2010.08.12 -
nProtect 2010-08-12.03 2010.08.12 -
[B]Panda 10.0.2.7 2010.08.11 Suspicious file[/B]
PCTools 7.0.3.5 2010.08.12 -
Rising 22.60.03.01 2010.08.12 -
Sophos 4.56.0 2010.08.12 -
Sunbelt 6721 2010.08.12 -
SUPERAntiSpyware 4.40.0.1006 2010.08.12 -
Symantec 20101.1.1.7 2010.08.12 -
TheHacker 6.5.2.1.343 2010.08.11 -
[B]TrendMicro 9.120.0.1004 2010.08.12 TSPY_LOGSKIE.SMF
TrendMicro-HouseCall 9.120.0.1004 2010.08.12 TSPY_LOGSKIE.SMF[/B]
VBA32 3.12.14.0 2010.08.11 -
ViRobot 2010.8.9.3978 2010.08.12 -
VirusBuster 5.0.27.0 2010.08.11 -

Additional information
MD5 : 9af33e507415daf1d7961523d162899c
SHA1 : 85e60304a851098c2cd654f4b4339f0c54baaa5b
SHA256: 2acab996ea2c7f5c96853ca2386ef80137a2d6c127c26dc0bd758e40f7d4a8a3
[/CODE]
[CODE]File name: avz00002.dta
Submission date: 2010-08-12 08:12:43 (UTC)
[B][COLOR="Red"]Result: 7/ 42 (16.7%)[/COLOR][/B]

AhnLab-V3 2010.08.12.00 2010.08.11 -
AntiVir 8.2.4.34 2010.08.11 -
Antiy-AVL 2.0.3.7 2010.08.11 -
Authentium 5.2.0.5 2010.08.12 -
Avast 4.8.1351.0 2010.08.11 -
Avast5 5.0.332.0 2010.08.11 -
AVG 9.0.0.851 2010.08.11 -
BitDefender 7.2 2010.08.12 -
[B]CAT-QuickHeal 11.00 2010.08.12 (Suspicious) - DNAScan[/B]
ClamAV 0.96.0.3-git 2010.08.12 -
[B]Comodo 5714 2010.08.11 TrojWare.Win32.Trojan.Agent.Gen[/B]
DrWeb 5.0.2.03300 2010.08.12 -
Emsisoft 5.0.0.37 2010.08.12 -
eSafe 7.0.17.0 2010.08.11 -
eTrust-Vet 36.1.7784 2010.08.12 -
F-Prot 4.6.1.107 2010.08.12 -
F-Secure 9.0.15370.0 2010.08.12 -
Fortinet 4.1.143.0 2010.08.11 -
GData 21 2010.08.12 -
Ikarus T3.1.1.88.0 2010.08.12 -
Jiangmin 13.0.900 2010.08.12 -
Kaspersky 7.0.0.125 2010.08.12 -
McAfee 5.400.0.1158 2010.08.12 -
McAfee-GW-Edition 2010.1 2010.08.12 -
[B]Microsoft 1.6004 2010.08.12 Trojan:Win32/Meredrop
NOD32 5358 2010.08.11 a variant of Win32/Kryptik.FYA[/B]
Norman 6.05.11 2010.08.12 -
nProtect 2010-08-12.03 2010.08.12 -
[B]Panda 10.0.2.7 2010.08.11 Suspicious file[/B]
PCTools 7.0.3.5 2010.08.12 -
Prevx 3.0 2010.08.12 -
Rising 22.60.03.01 2010.08.12 -
Sophos 4.56.0 2010.08.12 -
Sunbelt 6721 2010.08.12 -
SUPERAntiSpyware 4.40.0.1006 2010.08.12 -
Symantec 20101.1.1.7 2010.08.12 -
TheHacker 6.5.2.1.343 2010.08.11 -
[B]TrendMicro 9.120.0.1004 2010.08.12 TSPY_LOGSKIE.SMF
TrendMicro-HouseCall 9.120.0.1004 2010.08.12 TSPY_LOGSKIE.SMF[/B]
VBA32 3.12.14.0 2010.08.11 -
ViRobot 2010.8.9.3978 2010.08.12 -
VirusBuster 5.0.27.0 2010.08.11 -

Additional information
MD5 : ea368e1bf69a029e3433b354999e1c16
SHA1 : e8b74ee8584f63e4cc754297e7661d72de9e2298
SHA256: 07a1a9d51d74d0377c06140a2d8102507aa9071c37bac53d257799059e058f68
[/CODE]

Сэмплы ушли Вебу и Касперу

[size="1"][color="#666686"][B][I]Добавлено через 2 часа 14 минут[/I][/B][/color][/size]

Уже проверены :)
Alexey Gashkin - Virus Monitoring Service Doctor Web Ltd.
avz00001.dta - Угроза: Trojan.PWS.Ibank.109
avz00002.dta - Угроза: BackDoor.Siggen.25748
15.08.2010, 15:01
Nexus

Выловил monoca32.exe

File name:
avz00001.dta
Submission date:
2010-08-15 10:38:10 (UTC)
Result:
15/ 42 (35.7%)

[QUOTE][B]AhnLab-V3 2010.08.15.01 2010.08.15 Win-Trojan/Bredolab.55808[/B]
AntiVir 8.2.4.34 2010.08.13 -
Antiy-AVL 2.0.3.7 2010.08.11 -
Authentium 5.2.0.5 2010.08.14 -
[B]Avast 4.8.1351.0 2010.08.14 Win32:Crypt-HIB
Avast5 5.0.332.0 2010.08.14 Win32:Crypt-HIB[/B]
AVG 9.0.0.851 2010.08.15 -
[B]BitDefender 7.2 2010.08.15 Gen:Variant.Ursnif.20
CAT-QuickHeal 11.00 2010.08.14 Win32.Packed.Krap.ao.7[/B]
ClamAV 0.96.0.3-git 2010.08.15 -
Comodo 5746 2010.08.15 -
DrWeb 5.0.2.03300 2010.08.15 -
Emsisoft 5.0.0.37 2010.08.15 -
eSafe 7.0.17.0 2010.08.12 -
eTrust-Vet 36.1.7790 2010.08.13 -
F-Prot 4.6.1.107 2010.08.14 -
F-Secure 9.0.15370.0 2010.08.15 -
Fortinet 4.1.143.0 2010.08.15 -
[B]GData 21 2010.08.15 Gen:Variant.Ursnif.20[/B]
Ikarus T3.1.1.88.0 2010.08.15 -
Jiangmin 13.0.900 2010.08.15 -
Kaspersky 7.0.0.125 2010.08.15 -
[B]McAfee 5.400.0.1158 2010.08.15 Downloader-BZI.gen.a[/B]
McAfee-GW-Edition 2010.1 2010.08.14 -
Microsoft 1.6004 2010.08.15 -
[B]NOD32 5367 2010.08.14 a variant of Win32/Kryptik.FZR[/B]
Norman 6.05.11 2010.08.14 -
[B]nProtect 2010-08-15.01 2010.08.15 Gen:Variant.Ursnif.20[/B]
Panda 10.0.2.7 2010.08.14 -
[B]PCTools 7.0.3.5 2010.08.15 Downloader.Harnig
Prevx 3.0 2010.08.15 Medium Risk Malware[/B]
Rising 22.60.06.04 2010.08.15 -
Sophos 4.56.0 2010.08.15 -
[B]Sunbelt 6735 2010.08.15 Trojan.Win32.Generic.pak!cobra[/B]
SUPERAntiSpyware 4.40.0.1006 2010.08.15 -
[B]Symantec 20101.1.1.7 2010.08.15 Downloader.Harnig!gen1[/B]
TheHacker 6.5.2.1.348 2010.08.14 -
[B]TrendMicro 9.120.0.1004 2010.08.15 TROJ_BURNIX.SMEP
TrendMicro-HouseCall 9.120.0.1004 2010.08.15 TROJ_BURNIX.SMEP[/B]
VBA32 3.12.14.0 2010.08.13 -
ViRobot 2010.8.9.3978 2010.08.14 -
VirusBuster 5.0.27.0 2010.08.14 -[/QUOTE]
16.08.2010, 15:47
kvit

[CODE]Antivirus Version Last Update Result
[B]AhnLab-V3 2010.08.16.02 2010.08.16 Malware/Win32.Generic[/B]
AntiVir 8.2.4.34 2010.08.16 -
Antiy-AVL 2.0.3.7 2010.08.16 -
[B]Authentium 5.2.0.5 2010.08.16 W32/Infostealer.A!Maximus[/B]
Avast 4.8.1351.0 2010.08.15 -
Avast5 5.0.332.0 2010.08.15 -
AVG 9.0.0.851 2010.08.16 -
[B]BitDefender 7.2 2010.08.16 DeepScan:Generic.Malware.FPPkTkg.7388E5A8[/B]
CAT-QuickHeal 11.00 2010.08.16 -
ClamAV 0.96.0.3-git 2010.08.16 -
Comodo 5758 2010.08.16 -
DrWeb 5.0.2.03300 2010.08.16 -
eSafe 7.0.17.0 2010.08.15 -
eTrust-Vet 36.1.7793 2010.08.16 -
[B]F-Prot 4.6.1.107 2010.08.16 W32/Infostealer.A!Maximus[/B]
[B]F-Secure 9.0.15370.0 2010.08.16 DeepScan:Generic.Malware.FPPkTkg.7388E5A8[/B]
Fortinet 4.1.143.0 2010.08.16 -
[B]GData 21 2010.08.16 DeepScan:Generic.Malware.FPPkTkg.7388E5A8[/B]
[B]Ikarus T3.1.1.88.0 2010.08.16 Win32.SuspectCrc[/B]
Jiangmin 13.0.900 2010.08.16 -
Kaspersky 7.0.0.125 2010.08.16 -
McAfee 5.400.0.1158 2010.08.16 -
McAfee-GW-Edition 2010.1 2010.08.16 -
Microsoft 1.6004 2010.08.16 -
NOD32 5369 2010.08.16 -
Norman 6.05.11 2010.08.15 -
nProtect 2010-08-16.01 2010.08.16 -
[B]Panda 10.0.2.7 2010.08.15 Suspicious file[/B]
PCTools 7.0.3.5 2010.08.16 -
Prevx 3.0 2010.08.16 -
Rising 22.61.00.04 2010.08.16 -
Sophos 4.56.0 2010.08.16 -
[B]Sunbelt 6740 2010.08.16 Trojan.Win32.Generic!BT[/B]
SUPERAntiSpyware 4.40.0.1006 2010.08.16 -
Symantec 20101.1.1.7 2010.08.16 -
TheHacker 6.5.2.1.349 2010.08.16 -
TrendMicro 9.120.0.1004 2010.08.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.16 -
VBA32 3.12.14.0 2010.08.13 -
ViRobot 2010.8.16.3990 2010.08.16 -
VirusBuster 5.0.27.0 2010.08.15 -
[/CODE]
[CODE]Additional informationShow all
MD5 : 058ebc415a27694b7cff3093cfaf2f4a
SHA1 : b0f3ccd65414853eb120b01e1ad7fbf25fc59690
SHA256: 41e19d03853208caec30a3c6c9bffa038e6b03f0a021b24bbac092dbdbff788c[/CODE]
20.08.2010, 08:00
grobik

File name: [B]nyik.exe[/B]
Submission date: 2010-08-20 00:18:41 (UTC)
Current status: finished

Result: 9/ 41 (22.0%)
[QUOTE]Antivirus Version Last Update Result
AhnLab-V3 2010.08.20.00 2010.08.19 -
AntiVir 8.2.4.38 2010.08.19 -
Antiy-AVL 2.0.3.7 2010.08.16 -
[B]Authentium 5.2.0.5 2010.08.20 W32/Skintrim.1!Generic[/B]
Avast 4.8.1351.0 2010.08.19 -
Avast5 5.0.332.0 2010.08.19 -
AVG 9.0.0.851 2010.08.19 -
BitDefender 7.2 2010.08.20 -
CAT-QuickHeal 11.00 2010.08.19 -
ClamAV 0.96.2.0-git 2010.08.20 -
Comodo 5788 2010.08.20 -
[B]DrWeb 5.0.2.03300 2010.08.20 Trojan.PWS.Panda.387[/B]
Emsisoft 5.0.0.37 2010.08.20 -
eSafe 7.0.17.0 2010.08.19 -
eTrust-Vet 36.1.7801 2010.08.19 -
[B]F-Prot 4.6.1.107 2010.08.19 W32/Skintrim.1!Generic
F-Secure 9.0.15370.0 2010.08.20 Trojan-Spy:W32/Zbot.AHGN[/B]
Fortinet 4.1.143.0 2010.08.19 -
GData 21 2010.08.20 -
Ikarus T3.1.1.88.0 2010.08.20 -
Jiangmin 13.0.900 2010.08.19 -
Kaspersky 7.0.0.125 2010.08.20 -
McAfee 5.400.0.1158 2010.08.20 -
[B]Microsoft 1.6103 2010.08.20 PWS:Win32/Zbot.gen!Y
NOD32 5380 2010.08.19 a variant of Win32/Kryptik.GDT[/B]
Norman 6.05.11 2010.08.19 -
nProtect 2010-08-19.01 2010.08.19 -
Panda 10.0.2.7 2010.08.19 -
PCTools 7.0.3.5 2010.08.20 -
[B]Prevx 3.0 2010.08.20 Medium Risk Malware[/B]
Rising 22.61.03.04 2010.08.19 -
[B]Sophos 4.56.0 2010.08.20 Mal/Zbot-U[/B]
Sunbelt 6763 2010.08.20 -
[B]SUPERAntiSpyware 4.40.0.1006 2010.08.20 Trojan.Agent/Gen-Faldesc[/B]
Symantec 20101.1.1.7 2010.08.20 -
TheHacker 6.5.2.1.351 2010.08.19 -
TrendMicro 9.120.0.1004 2010.08.19 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.20 -
VBA32 3.12.14.0 2010.08.20 -
ViRobot 2010.8.16.3990 2010.08.19 -
VirusBuster 5.0.27.0 2010.08.19 -[/QUOTE]

MD5 : af4c670a44086fb04d8bbd8d7cec3878
SHA1 : fd4e4077d2e17c7914a47e8a7bc63b4580aa8950
SHA256: 562992f1e18e5fb36f969ec9d1201449d6bdbe0c01a0e6aff68f30be699c5bf2
ssdeep: 3072:DFGKdZNPH53dJpakeOiZTdrk+C7riQtyXmiiuCYL31mf3QCoGz:Nf5rpake1A7riQQ7nCY
zgvj

File size : 150528 bytes
First seen: 2010-08-20 00:18:41
Last seen : 2010-08-20 00:18:41
[url]http://www.virustotal.com/file-scan/report.html?id=562992f1e18e5fb36f969ec9d1201449d6bdbe0c01a0e6aff68f30be699c5bf2-1282263521[/url]

в автозапуске
[URL=http://www.radikal.ru][IMG]http://s02.radikal.ru/i175/1008/e0/a9d41830a02c.png[/IMG][/URL]

Показывать 40 сообщений этой темы на одной странице