Исследование антивирусов 6

Printable View

Показывать 40 сообщений этой темы на одной странице

06.11.2007, 20:45
Макcим

Файл index.php получен 2007.11.06 17:49:28 (CET)
[QUOTE][B]AVG 7.5.0.503 2007.11.06 JS/Downloader.Agent
Sophos 4.23.0 2007.11.06 Mal/ObfJS-M
Webwasher-Gateway 6.0.1 2007.11.06 JavaScript.CodeUnfolding.gen!High (suspicious)[/B][/QUOTE]Дополнительная информация
File size: 9369 bytes
MD5: ad197989915846adf2ece6ef4469a138
SHA1: 336fdd129e6228ce8eb15f4b737c3ee9e503262e
07.11.2007, 16:38
Макcим

Файл syswqer.exe получен 2007.11.07 14:35:01 (CET)
[QUOTE][B]AntiVir 7.6.0.34 2007.11.07 DR/Delphi.Gen
AVG 7.5.0.503 2007.11.07 Obfustat.SYJ
BitDefender 7.2 2007.11.07 Trojan.PWS.LDPinch.TDF
DrWeb 4.44.0.09170 2007.11.07 Trojan.Packed.194
eSafe 7.0.15.0 2007.11.06 Suspicious File
FileAdvisor 1 2007.11.07 High threat detected
Ikarus T3.1.1.12 2007.11.07 Trojan-PWS.LDPinch.TDF
Panda 9.0.0.4 2007.11.06 Generic Trojan
Sophos 4.23.0 2007.11.07 Mal/Dropper-T
VBA32 3.12.2.4 2007.11.06 suspected of Trojan-PSW.Pinch.90 (paranoid heuristics)
Webwasher-Gateway 6.0.1 2007.11.07 Trojan.Delphi.Gen[/B][/QUOTE]Дополнительная информация
File size: 58368 bytes
MD5: 2b3af9294ff4f88fc5b48c609c6a1fda
SHA1: 68d74a2b8d4cc9409ceaf42ad53361d7da48ad20
Bit9 info: [url]http://fileadvisor.bit9.com/services/extinfo.aspx?md5=2b3af9294ff4f88fc5b48c609c6a1fda[/url]
08.11.2007, 16:46
XL

Файл dancer.exe получен 2007.11.08 14:37:06
[QUOTE]AhnLab-V3 2007.11.9.0 2007.11.08 -
[B]AntiVir 7.6.0.34 2007.11.08 WORM/Zhelatin.Gen[/B]
Authentium 4.93.8 2007.11.01 -
Avast 4.7.1074.0 2007.11.08 -
AVG 7.5.0.503 2007.11.08 -
[B]BitDefender 7.2 2007.11.08 Trojan.Peed.INS
CAT-QuickHeal 9.00 2007.11.08 (Suspicious) - DNAScan[/B]
ClamAV 0.91.2 2007.11.07 -
[B]DrWeb 4.44.0.09170 2007.11.08 Trojan.Packed.209[/B]
[B]eSafe 7.0.15.0 2007.10.28 Suspicious File[/B]
eTrust-Vet 31.2.5276 2007.11.07 -
Ewido 4.0 2007.11.08 -
FileAdvisor 1 2007.11.08 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.07 -
F-Secure 6.70.13030.0 2007.11.08 -
Ikarus T3.1.1.12 2007.11.08 -
Kaspersky 7.0.0.125 2007.11.08 -
[B]McAfee 5157 2007.11.06 New Malware.cn
Microsoft 1.3007 2007.11.08 TrojanDropper:Win32/Nuwar.gen!avkill
NOD32v2 2646 2007.11.08 probably unknown NewHeur_PE virus[/B]
Norman 5.80.02 2007.11.06 -
Panda 9.0.0.4 2007.11.06 -
Prevx1 V2 2007.11.08 -
Rising 20.17.32.00 2007.11.08 -
[B]Sophos 4.23.0 2007.11.08 Mal/Dorf-F[/B]
Sunbelt 2.2.907.0 2007.10.31 -
[B]Symantec 10 2007.11.08 Trojan.Peacomm.D[/B]
TheHacker 6.2.9.118 2007.11.06 -
VBA32 3.12.2.4 2007.11.06 -
VirusBuster 4.3.26:9 2007.11.06 -
[B]Webwasher-Gateway 6.0.1 2007.07.05 Win32.Malware.gen (suspicious)[/B]
Дополнительная информация
File size: 123746 bytes
MD5: 93712eabfb4eb95973c4a279acaac069
SHA1: 15535312189baefedbb57ca41c8c9d072e61a907[/QUOTE]

свежак. рулят generic сигнатуры и эвристика....
09.11.2007, 06:20
TANUKI

Файл 6143_1_.js получен 2007.11.09 02:56:01 (CET)

[B]AntiVir 7.6.0.34 2007.11.08 TR/Dldr.Agent.abi.1
F-Secure 6.70.13030.0 2007.11.09 Trojan-Downloader.JS.Agent.abi
Ikarus T3.1.1.12 2007.11.09 Trojan-Downloader.JS.Agent.abi
Kaspersky 7.0.0.125 2007.11.09 Trojan-Downloader.JS.Agent.abi
Sunbelt 2.2.907.0 2007.11.08 Trojan-Downloader.Agent.abi.1
Symantec 10 2007.11.09 Downloader
Webwasher-Gateway 6.0.1 2007.11.09 Trojan.Dldr.Agent.abi.1[/B]

File size: 2190 bytes
MD5: 58de1a946e120811eb7806847ba9fe85
SHA1: 435a47e933508564dc760049a16d6be7f2739983

[size="1"][color="#666686"][B][I]Добавлено через 24 минуты[/I][/B][/color][/size]

Файл lib_1_.exe получен 2007.11.09 02:56:54 (CET)

[B]AntiVir 7.6.0.34 2007.11.08 HEUR/Malware
AVG 7.5.0.503 2007.11.08 BackDoor.Generic8.AAAQ
CAT-QuickHeal 9.00 2007.11.08 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.11.09 PUA.Packed.UPack-2
eSafe 7.0.15.0 2007.11.08 Suspicious File
F-Prot 4.4.2.54 2007.11.07 W32/Heuristic-162!Eldorado
Ikarus T3.1.1.12 2007.11.09 Trojan-Downloader.Win32.Zlob.and
McAfee 5159 2007.11.08 New Malware.aj
NOD32v2 2647 2007.11.09 Win32/TrojanDropper.Agent.NGP
Norman 5.80.02 2007.11.08 W32/Zlob.ASKO
Panda 9.0.0.4 2007.11.09 Suspicious file
Sophos 4.23.0 2007.11.09 Mal/Packer
Sunbelt 2.2.907.0 2007.11.08 VIPRE.Suspicious
TheHacker 6.2.9.120 2007.11.08 W32/Behav-Heuristic-060
VBA32 3.12.2.4 2007.11.08 suspected of Trojan-PSW.Game.30 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.11.08 Packed/Upack
Webwasher-Gateway 6.0.1 2007.11.09 Heuristic.Malware
[/B]

Дополнительная информация
File size: 137904 bytes
MD5: 2016d135efbc5b7800b5bc1ad5462df9
SHA1: 5271bb6daca4a9914de5a3defeb148b6d8065a2a

[size="1"][color="#666686"][B][I]Добавлено через 43 минуты[/I][/B][/color][/size]

Файл userinit.exe получен 2007.11.09 03:45:05 (CET)

Антивирус Версия Обновление Результат
[B]AhnLab-V3 2007.11.9.0 2007.11.09 Win-Trojan/Agent.23552.DM
AntiVir 7.6.0.34 2007.11.08 TR/Dldr.Agent.blm.16
AVG 7.5.0.503 2007.11.08 Downloader.Agent.TIA
BitDefender 7.2 2007.11.09 Trojan.Downloader.Agent.YMX
DrWeb 4.44.0.09170 2007.11.08 Trojan.DownLoader.33566
Ewido 4.0 2007.11.08 Downloader.Agent.blm
F-Secure 6.70.13030.0 2007.11.09 Trojan-Downloader.Win32.Agent.blm
Ikarus T3.1.1.12 2007.11.09 Trojan-Downloader.Win32.Agent.blm
Kaspersky 7.0.0.125 2007.11.09 Trojan-Downloader.Win32.Agent.blm
NOD32v2 2647 2007.11.09 Win32/TrojanDownloader.Agent.NRU
Norman 5.80.02 2007.11.08 W32/Agent.DAHY
Panda 9.0.0.4 2007.11.09 Suspicious file
Rising 20.17.32.00 2007.11.08 Trojan.DL.Win32.Agent.ydm
TheHacker 6.2.9.120 2007.11.08 Trojan/Downloader.Agent.blm
Webwasher-Gateway 6.0.1 2007.11.09 Trojan.Dldr.Agent.blm.16[/B]

File size: 25088 bytes
MD5: de4ad604ac304d540354ae064cd4e692
SHA1: 1c3fce3275a279191d9bc8d66e6baa4bf06fd6d4
09.11.2007, 17:00
Макcим

Тема [url]http://virusinfo.info/showthread.php?t=14005[/url]

Файл avz00006.dta получен 2007.11.09 08:13:10 (CET)
[QUOTE][B]AntiVir 7.6.0.34 2007.11.08 TR/Crypt.XPACK.Gen
AVG 7.5.0.503 2007.11.08 Downloader.Obfuskated
CAT-QuickHeal 9.00 2007.11.08 TrojanProxy.Agent.qq
DrWeb 4.44.0.09170 2007.11.08 Trojan.Packed.147
eSafe 7.0.15.0 2007.11.08 Win32.Agent.qq
F-Secure 6.70.13030.0 2007.11.09 Trojan-Proxy.Win32.Agent.qq
Ikarus T3.1.1.12 2007.11.09 Trojan-Proxy.Win32.Agent.qq
Kaspersky 7.0.0.125 2007.11.09 Trojan-Proxy.Win32.Agent.qq
Microsoft 1.3007 2007.11.09 Virus:Win32/Grum.E
NOD32v2 2647 2007.11.09 Win32/TrojanProxy.Small.NBA
Prevx1 V2 2007.11.09 Heuristic: Suspicious File With Code Injection Technology
Sophos 4.23.0 2007.11.09 Mal/Generic-A
VBA32 3.12.2.4 2007.11.08 Trojan-Proxy.Win32.Agent.qq
Webwasher-Gateway 6.0.1 2007.11.09 Trojan.Crypt.XPACK.Gen[/B][/QUOTE]File size: 32768 bytes
MD5: e23df3f7c0a8fb86087346d80ba14b88
SHA1: 9ea8e2936787211f1042b960a112585b7a256054
Prevx info: [url]http://fileinfo.prevx.com/fileinfo.asp?PX5=26FBCD2B00E8E39D80B40090A63D9400D4A87AED[/url]

Файл avz00003.dta получен 2007.11.09 08:12:34 (CET)
[QUOTE][B]AntiVir 7.6.0.34 2007.11.08 TR/Crypt.XPACK.Gen
AVG 7.5.0.503 2007.11.08 Dropper.Agent.9.J
BitDefender 7.2 2007.11.09 Trojan.Proxy.Agent.AZP
DrWeb 4.44.0.09170 2007.11.08 Trojan.Packed.147
Ikarus T3.1.1.12 2007.11.09 Trojan.Win32.Agent.asu
NOD32v2 2647 2007.11.09 probably unknown NewHeur_PE virus
Webwasher-Gateway 6.0.1 2007.11.09 Trojan.Crypt.XPACK.Gen[/B][/QUOTE]Дополнительная информация
File size: 33280 bytes
MD5: 0b97adc7b6d7a850608ac1102c9bb180
SHA1: 77b06d0e8ed54318a1a6ba80b8fecab8b62912bb

Файл avz00002.dta получен 2007.11.09 08:12:18 (CET)
[QUOTE][B]AntiVir 7.6.0.34 2007.11.08 TR/Crypt.XPACK.Gen
AVG 7.5.0.503 2007.11.08 Dropper.Agent.9.J
BitDefender 7.2 2007.11.09 Trojan.Proxy.Agent.AZP
CAT-QuickHeal 9.00 2007.11.08 TrojanDropper.Agent.cjq
ClamAV 0.91.2 2007.11.09 Trojan.Dropper-2814
DrWeb 4.44.0.09170 2007.11.08 Trojan.Packed.147
FileAdvisor 1 2007.11.09 High threat detected
F-Secure 6.70.13030.0 2007.11.09 Trojan-Dropper.Win32.Agent.cjq
Ikarus T3.1.1.12 2007.11.09 Trojan.Win32.Agent.asu
Kaspersky 7.0.0.125 2007.11.09 Trojan-Dropper.Win32.Agent.cjq
Microsoft 1.3007 2007.11.09 Virus:Win32/Grum.G
NOD32v2 2647 2007.11.09 probably unknown NewHeur_PE virus
Panda 9.0.0.4 2007.11.09 Trj/Downloader.MDW
Sophos 4.23.0 2007.11.09 Mal/Generic-A
VBA32 3.12.2.4 2007.11.06 Trojan-Dropper.Win32.Agent.cjq
Webwasher-Gateway 6.0.1 2007.11.09 Trojan.Crypt.XPACK.Gen[/B][/QUOTE]Дополнительная информация
File size: 33280 bytes
MD5: 91687869e1f5fdf5fbff020db8541e67
SHA1: ecbf8797171027270fd8ceeb0e410dc84ede12d6
Bit9 info: [url]http://fileadvisor.bit9.com/services/extinfo.aspx?md5=91687869e1f5fdf5fbff020db8541e67[/url]

Файл avz00001.dta получен 2007.11.09 08:11:59 (CET)
[QUOTE][B]AntiVir 7.6.0.34 2007.11.08 TR/Crypt.XPACK.Gen
AVG 7.5.0.503 2007.11.08 Dropper.Agent.9.J
BitDefender 7.2 2007.11.09 Trojan.Proxy.Agent.AZP
DrWeb 4.44.0.09170 2007.11.08 Trojan.Packed.147
Ikarus T3.1.1.12 2007.11.09 Trojan.Win32.Agent.asu
NOD32v2 2647 2007.11.09 probably unknown NewHeur_PE virus
Prevx1 V2 2007.11.09 Trojan.Nudos
Webwasher-Gateway 6.0.1 2007.11.09 Trojan.Crypt.XPACK.Gen[/B][/QUOTE]Дополнительная информация
File size: 33280 bytes
MD5: f0fe48b79151c39217e3c01030e63fe7
SHA1: 41ac5e903ce68636918400d21f07ad8ebe2a2bdf
Prevx info: [url]http://fileinfo.prevx.com/fileinfo.asp?PX5=DBBB0A840036374C82AB00F64ECBC600D466C95E[/url]

[size="1"][color="#666686"][B][I]Добавлено через 6 часов 38 минут[/I][/B][/color][/size]

Файл Elektrichka.exe получен 2007.11.09 14:28:51 (CET)
[QUOTE][B]AntiVir 7.6.0.34 2007.11.09 TR/PSW.LdPinch.bsj.113
BitDefender 7.2 2007.11.09 MemScan:Trojan.PWS.LdPinch.BSJ
CAT-QuickHeal 9.00 2007.11.09 (Suspicious) - DNAScan
eTrust-Vet 31.2.5282 2007.11.09 Win32/Unknown
F-Prot 4.4.2.54 2007.11.09 W32/Heuristic-162!Eldorado
F-Secure 6.70.13030.0 2007.11.09 Trojan.Win32.Pakes.bos
Ikarus T3.1.1.12 2007.11.09 MemScanTrojan.Pws.LdPinch.BSJ
Kaspersky 7.0.0.125 2007.11.09 Trojan.Win32.Pakes.bos
Panda 9.0.0.4 2007.11.09 Suspicious file
Prevx1 V2 2007.11.09 Malware.Gen
Webwasher-Gateway 6.0.1 2007.11.09 Trojan.PSW.LdPinch.bsj.113[/B][/QUOTE]Дополнительная информация
File size: 371712 bytes
MD5: 78abcfe77598501faaa3afb1b1d216a1
SHA1: 2328496d8a229146bae5e717eb744a38e5068bf3
packers: ASProtect
packers: PE_Patch, Aspack
packers: PE_Patch
Prevx info: [url]http://fileinfo.prevx.com/fileinfo.asp?PX5=5D4028450048A7D4AC9205EC35AC1800CDEB05A5[/url]

Файл avz00001.dta получен 2007.11.09 14:45:46 (CET)
[QUOTE][B]AntiVir 7.6.0.34 2007.11.09 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.11.09 Possibly a new variant of W32/Threat-HLLVL-based!Maximus
AVG 7.5.0.503 2007.11.09 SHeur.YKL
BitDefender 7.2 2007.11.09 MemScan:Trojan.Spy.Bancos.AAM
CAT-QuickHeal 9.00 2007.11.09 TrojanSpy.Zbot.bu
DrWeb 4.44.0.09170 2007.11.09 Trojan.Proxy.1824
F-Prot 4.4.2.54 2007.11.09 W32/Threat-HLLVL-based!Maximus
F-Secure 6.70.13030.0 2007.11.09 Trojan-Spy.Win32.Zbot.bu
Ikarus T3.1.1.12 2007.11.09 MemScanTrojan.Spy.Bancos.AAM
Kaspersky 7.0.0.125 2007.11.09 Trojan-Spy.Win32.Zbot.bu
Panda 9.0.0.4 2007.11.09 Suspicious file
Sophos 4.23.0 2007.11.09 Mal/Behav-023
Sunbelt 2.2.907.0 2007.11.09 VIPRE.Suspicious
Symantec 10 2007.11.09 Infostealer.Notos!gen
Webwasher-Gateway 6.0.1 2007.11.09 Trojan.Crypt.XPACK.Gen
[/B][/QUOTE]Дополнительная информация
File size: 239104 bytes
MD5: c081802b12c75c529a32e78d51bae9d7
SHA1: 42ee7db3e52e8b8b82f230e05ba1edc2d8551c3d
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Из темы [url]http://forum.kaspersky.com/index.php?showtopic=52204[/url]

Файл avz00001.dta получен 2007.11.09 14:50:51 (CET)
[QUOTE][B]DrWeb 4.44.0.09170 2007.11.09 Trojan.Ftpspy
Panda 9.0.0.4 2007.11.09 Trj/FtpSpy.A[/B][/QUOTE]Дополнительная информация
File size: 5632 bytes
MD5: ff570702b4b27e5ab974fc7bbb094abc
SHA1: d83c07509420f37040ae41fd2a0febfd83ddbf0c
10.11.2007, 06:11
ISO

File BitAccelerator.exe received on 11.10.2007 03:50:58 (CET)
Current status: finished
Result: 6/32 (18.75%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2007.11.10.0 2007.11.09 -
AntiVir 7.6.0.34 2007.11.09 -
Authentium 4.93.8 2007.11.09 -
Avast 4.7.1074.0 2007.11.09 -
AVG 7.5.0.503 2007.11.09 -
[B]BitDefender 7.2 2007.11.10 Adware.BHO.WPW[/B]
CAT-QuickHeal 9.00 2007.11.09 -
[B]ClamAV 0.91.2 2007.11.10 Adware.BHO-50[/B]
DrWeb 4.44.0.09170 2007.11.09 -
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5284 2007.11.09 -
Ewido 4.0 2007.11.09 -
FileAdvisor 1 2007.11.10 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.09 -
F-Secure 6.70.13030.0 2007.11.09 -
[B]Ikarus T3.1.1.12 2007.11.10 Virus.Win32.AdWare
Kaspersky 7.0.0.125 2007.11.10 not-a-virus:AdWare.Win32.BHO.ic[/B]
McAfee 5160 2007.11.09 -
Microsoft 1.3007 2007.11.10 -
NOD32v2 2650 2007.11.09 -
Norman 5.80.02 2007.11.09 -
[B]Panda 9.0.0.4 2007.11.10 Adware/BHO.L[/B]
Prevx1 V2 2007.11.10 -
Rising 20.17.42.00 2007.11.10 -
[B]Sophos 4.23.0 2007.11.09 BitAccelerator[/B]
Sunbelt 2.2.907.0 2007.11.09 -
Symantec 10 2007.11.10 -
TheHacker 6.2.9.122 2007.11.09 -
VBA32 3.12.2.4 2007.11.08 -
VirusBuster 4.3.26:9 2007.11.09 -
Webwasher-Gateway 6.0.1 2007.11.10 -
Additional information
File size: 394128 bytes
MD5: 1697c99f32c75e42230094b9eec619ce
SHA1: e9f2a20f5c4a45e58076c29c99b38f68fa7ce3d1
10.11.2007, 12:07
Макcим

В будущем будет детектиться КАВом как [B]not-a-virus:AdWare.Win32.BHO.kj[/B]

Файл avz00001.dta получен 2007.11.10 09:58:22 (CET)
[QUOTE][B]Panda 9.0.0.4 2007.11.10 Suspicious file[/B][/QUOTE]Дополнительная информация
File size: 399872 bytes
MD5: c0236e7c0a6f98545f9c5ac76b6c5962
SHA1: 1adef52d8190e7eef344c54d903e33ec6676f7b7
11.11.2007, 19:28
Макcим

Файл alaunch.cab получен 2007.11.11 09:46:22 (CET)
[QUOTE][B]Avast 4.7.1074.0 2007.11.10 Win32:Adan-055
AVG 7.5.0.503 2007.11.10 Adware Generic.CZP
BitDefender 7.2 2007.11.11 Adware.Gamespy.B
CAT-QuickHeal 9.00 2007.11.10 RiskWare.Downloader.SpyGame (Not a Virus)
Ewido 4.0 2007.11.10 Not-A-Virus.Downloader.Win32.SpyGame
Fortinet 3.11.0.0 2007.10.19 Download/Spygame
F-Prot 4.4.2.54 2007.11.10 W32/Adware.PPN
F-Secure 6.70.13030.0 2007.11.10 W32/DLoader.AKWR
Ikarus T3.1.1.12 2007.11.11 not-a-virus:Downloader.Win32.SpyGame
Kaspersky 7.0.0.125 2007.11.11 not-a-virus:Downloader.Win32.SpyGame
McAfee 5160 2007.11.09 potentially unwanted program Adware-GameSpy
NOD32v2 2652 2007.11.11 Win32/TrojanDownloader.SpyGame.A
Norman 5.80.02 2007.11.09 W32/DLoader.AKWR
Panda 9.0.0.4 2007.11.10 Generic Trojan
Rising 20.17.60.00 2007.11.11 Trojan.DL.Agent.xtx
VBA32 3.12.2.4 2007.11.08 RiskWare.Downloader.SpyGame
Webwasher-Gateway 6.0.1 2007.11.11 Riskware.Dldr.SpyGame[/B][/QUOTE]Дополнительная информация
File size: 65941 bytes
MD5: 3c48574cf159b50ad5b9f1d101b7ba1a
SHA1: fc6f13263be0e163364c8c33480911c447202999

[size="1"][color="#666686"][B][I]Добавлено через 7 часов 28 минут[/I][/B][/color][/size]

Будет детектиться КАВом в следущем обновлении как [B]not-a-virus:FraudTool.Win32.SmartAntiSpyware.b[/B]

Файл setup.exe получен 2007.11.11 16:59:44 (CET)
[QUOTE][B]AhnLab-V3 2007.11.10.0 2007.11.09 -
AntiVir 7.6.0.34 2007.11.09 -
Authentium 4.93.8 2007.11.10 -
Avast 4.7.1074.0 2007.11.10 -
AVG 7.5.0.503 2007.11.11 -
BitDefender 7.2 2007.11.11 -
CAT-QuickHeal 9.00 2007.11.10 -
ClamAV 0.91.2 2007.11.11 -
DrWeb 4.44.0.09170 2007.11.11 -
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5284 2007.11.09 -
Ewido 4.0 2007.11.11 -
FileAdvisor 1 2007.11.11 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.10 -
F-Secure 6.70.13030.0 2007.11.10 -
Ikarus T3.1.1.12 2007.11.11 -
Kaspersky 7.0.0.125 2007.11.11 -
McAfee 5160 2007.11.09 -
Microsoft 1.3007 2007.11.11 -
NOD32v2 2652 2007.11.11 -
Norman 5.80.02 2007.11.09 -
Panda 9.0.0.4 2007.11.10 -
Prevx1 V2 2007.11.11 -
Rising 20.17.62.00 2007.11.11 -
Sophos 4.23.0 2007.11.11 -
Sunbelt 2.2.907.0 2007.11.09 -
Symantec 10 2007.11.11 -
TheHacker 6.2.9.123 2007.11.10 -
VBA32 3.12.2.4 2007.11.11 -
VirusBuster 4.3.26:9 2007.11.11 -
Webwasher-Gateway 6.0.1 2007.11.11 -[/B][/QUOTE]Дополнительная информация
File size: 391187 bytes
MD5: 6c126e36a73970b4fd841ff7dc45f372
SHA1: 66dc9501d808aeaa1c1ef7052c55c164afb77005
packers: RAR, Unicode
12.11.2007, 12:43
NickGolovko_

Забэкдоренная машина, поэтому не логинюсь.

Файл avz00001.dta получен 2007.11.12 10:35:07 (CET)
Антивирус Версия Обновление Результат
[b]AhnLab-V3 2007.11.12.0 2007.11.12 Win-Trojan/Xema.variant
AntiVir 7.6.0.34 2007.11.12 TR/Spy.Gen[/b]
Authentium 4.93.8 2007.11.10 -
[b]Avast 4.7.1074.0 2007.11.11 Win32:Delf-EBR
AVG 7.5.0.503 2007.11.11 BackDoor.Generic8.ZJB
BitDefender 7.2 2007.11.12 Generic.Malware.FPYdPk.92F90C9A
CAT-QuickHeal 9.00 2007.11.10 Backdoor.Delf.aws
ClamAV 0.91.2 2007.11.12 Worm.Delf-63
DrWeb 4.44.0.09170 2007.11.12 BackDoor.Kais
eSafe 7.0.15.0 2007.11.08 Win32.Delf.aws
eTrust-Vet 31.2.5289 2007.11.12 Win32/Liphew.G
Ewido 4.0 2007.11.11 Backdoor.Delf.aws[/b]
FileAdvisor 1 2007.11.12 -
[b]Fortinet 3.11.0.0 2007.10.19 W32/BackDoor.AWS!tr.bdr
F-Prot 4.4.2.54 2007.11.10 W32/Agent.GWT
F-Secure 6.70.13030.0 2007.11.12 Backdoor.Win32.Delf.aws
Ikarus T3.1.1.12 2007.11.12 Backdoor.Win32.Hupigon.MY
Kaspersky 7.0.0.125 2007.11.12 Backdoor.Win32.Delf.aws
McAfee 5160 2007.11.09 Generic BackDoor
Microsoft 1.3007 2007.11.12 Backdoor:Win32/Delf.XD
NOD32v2 2652 2007.11.11 Win32/Delf.NFP
Norman 5.80.02 2007.11.09 W32/Suspicious_N.gen
Panda 9.0.0.4 2007.11.11 Trj/Banker.GWB[/b]
Prevx1 V2 2007.11.12 -
[b]Rising 20.18.00.00 2007.11.12 Backdoor.RWX.2005.hx
Sophos 4.23.0 2007.11.12 Mal/EncPk-E[/b]
Sunbelt 2.2.907.0 2007.11.09 -
[b]Symantec 10 2007.11.12 Backdoor.Graybird
TheHacker 6.2.9.124 2007.11.12 Backdoor/Delf.aws
VBA32 3.12.2.4 2007.11.11 Backdoor.Win32.Delf.aws
VirusBuster 4.3.26:9 2007.11.11 Packed/NSPack
Webwasher-Gateway 6.0.1 2007.11.12 Trojan.Spy.Gen[/b]
Дополнительная информация
File size: 280626 bytes
MD5: ef5a3159b65df5085a7ea865cbbf3dbe
SHA1: 11801ab92e9aeaa07f203f7642017d1adf4a8759
packers: NsPack, NsPack
packers: NSPack, NSPack
12.11.2007, 17:40
ISO

Провайдер сказал, что с данного компа идёт бешеный трафик, пришёл и увидел ужас сколько зверья, многое из них на вирустотале знают уже все, а вот некоторое ещё много кому не знакомо.

File xpdx.sys received on 11.12.2007 14:45:27 (CET)
Current status: finished
Result: 19/32 (59.38%)
Compact
Print results Antivirus Version Last Update Result
[B]AhnLab-V3 2007.11.12.0 2007.11.12 Win-Trojan/Pakes.54218
AntiVir 7.6.0.34 2007.11.12 TR/Pakes.EL[/B]
Authentium 4.93.8 2007.11.10 -
Avast 4.7.1074.0 2007.11.11 -
[B]AVG 7.5.0.503 2007.11.11 Obfustat.SUM[/B]
BitDefender 7.2 2007.11.12 -
[B]CAT-QuickHeal 9.00 2007.11.12 Trojan.Pakes.el[/B]
ClamAV 0.91.2 2007.11.12 -
[B]DrWeb 4.44.0.09170 2007.11.12 Trojan.Spambot.2478[/B]
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5289 2007.11.12 -
Ewido 4.0 2007.11.12 -
FileAdvisor 1 2007.11.12 -
[B]Fortinet 3.11.0.0 2007.10.19 W32/RKRustok.A!tr
F-Prot 4.4.2.54 2007.11.10 W32/Trojan2.DGT
F-Secure 6.70.13030.0 2007.11.12 Trojan.Win32.Pakes.el
Ikarus T3.1.1.12 2007.11.12 Trojan.Win32.Pakes.el
Kaspersky 7.0.0.125 2007.11.12 Trojan.Win32.Pakes.el
McAfee 5160 2007.11.09 Generic.dx
Microsoft 1.3007 2007.11.12 Backdoor:Win32/Rustock.gen!B
NOD32v2 2653 2007.11.12 Win32/Rustock.NCT[/B]
Norman 5.80.02 2007.11.09 -
[B]Panda 9.0.0.4 2007.11.11 Rootkit/Spammer.ZX[/B]
Prevx1 V2 2007.11.12 -
Rising 20.18.02.00 2007.11.12 -
[B]Sophos 4.23.0 2007.11.12 Mal/RKRustok-A
Sunbelt 2.2.907.0 2007.11.09 Backdoor.Rustock[/B]
Symantec 10 2007.11.12 -
[B]TheHacker 6.2.9.124 2007.11.12 Trojan/Pakes.el
VBA32 3.12.2.4 2007.11.11 Trojan.Win32.Pakes.el[/B]
VirusBuster 4.3.26:9 2007.11.11 -
[B]Webwasher-Gateway 6.0.1 2007.11.12 Trojan.Pakes.EL[/B]
Additional information
File size: 54218 bytes
MD5: 366008a494dc2ab87c9d404e859f359d
SHA1: ba37b12c6a10df3a35f7d3808cf9c0f4f39c16b1
Sunbelt info: Backdoor.Rustock is a threat that acts as a hidden proxy and enables an attacker to send spam from the machine.

[size="1"][color="#666686"][B][I]Добавлено через 15 минут[/I][/B][/color][/size]

File bitw.exe received on 11.12.2007 14:56:09 (CET)
Current status: finished
Result: 17/32 (53.13%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2007.11.12.0 2007.11.12 -
[B]AntiVir 7.6.0.34 2007.11.12 TR/Crypt.XPACK.Gen[/B]
Authentium 4.93.8 2007.11.10 -
Avast 4.7.1074.0 2007.11.11 -
[B]AVG 7.5.0.503 2007.11.11 Generic8.NEC[/B]
BitDefender 7.2 2007.11.12 -
[B]CAT-QuickHeal 9.00 2007.11.12 Trojan.Agent.ccj
ClamAV 0.91.2 2007.11.12 Trojan.Agent-9002
DrWeb 4.44.0.09170 2007.11.12 Trojan.Packed.195
eSafe 7.0.15.0 2007.11.08 Win32.Agent.ccj[/B]
eTrust-Vet 31.2.5289 2007.11.12 -
Ewido 4.0 2007.11.12 -
FileAdvisor 1 2007.11.12 -
[B]Fortinet 3.11.0.0 2007.10.19 Basine.C[/B]
F-Prot 4.4.2.54 2007.11.10 -
[B]F-Secure 6.70.13030.0 2007.11.12 Trojan.Win32.Agent.ccj
Ikarus T3.1.1.12 2007.11.12 Trojan.Win32.Agent.ccj
Kaspersky 7.0.0.125 2007.11.12 Trojan.Win32.Agent.ccj[/B]
McAfee 5160 2007.11.09 -
Microsoft 1.3007 2007.11.12 -
[B]NOD32v2 2653 2007.11.12 Win32/PSW.Agent.NGT
Norman 5.80.02 2007.11.09 W32/Agent.CUWR
Panda 9.0.0.4 2007.11.11 Trj/Downloader.MDW[/B]
Prevx1 V2 2007.11.12 -
Rising 20.18.02.00 2007.11.12 -
[B]Sophos 4.23.0 2007.11.12 Mal/Basine-C[/B]
Sunbelt 2.2.907.0 2007.11.09 -
Symantec 10 2007.11.12 -
[B]TheHacker 6.2.9.124 2007.11.12 Trojan/Agent.ccj
VBA32 3.12.2.4 2007.11.11 Trojan.Win32.Agent.ccj[/B]
VirusBuster 4.3.26:9 2007.11.11 -
[B]Webwasher-Gateway 6.0.1 2007.11.12 Trojan.Crypt.XPACK.Gen[/B]
Additional information
File size: 34996 bytes
MD5: 44756a3999721a52824dfa08bac23667
SHA1: 7552fdf49871c8196869d74a5d8876d1b3107ce5

[size="1"][color="#666686"][B][I]Добавлено через 23 минуты[/I][/B][/color][/size]

File svshost.dll received on 11.12.2007 15:09:35 (CET)
Current status: finished
Result: 22/32 (68.75%)
Compact
Print results Antivirus Version Last Update Result
[B]AhnLab-V3 2007.11.12.0 2007.11.12 Win-Trojan Downloader.2560.DC[/B]
[B]AntiVir 7.6.0.34 2007.11.12 BDS/Small.ckm.2[/B]
Authentium 4.93.8 2007.11.10 -
[B]Avast 4.7.1074.0 2007.11.11 Win32:Small-CHC
AVG 7.5.0.503 2007.11.11 BackDoor.Generic8.TVW[/B]
BitDefender 7.2 2007.11.12 -
[B]CAT-QuickHeal 9.00 2007.11.12 Backdoor.Small.ckm[/B]
ClamAV 0.91.2 2007.11.12 -
[B]DrWeb 4.44.0.09170 2007.11.12 Trojan.DownLoader.34918[/B]
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5289 2007.11.12 -
[B]Ewido 4.0 2007.11.12 Backdoor.Small.ckm
FileAdvisor 1 2007.11.12 High threat detected
Fortinet 3.11.0.0 2007.10.19 W32/Small.CKM!tr.bdr
F-Prot 4.4.2.54 2007.11.10 W32/Backdoor.CAAF
F-Secure 6.70.13030.0 2007.11.12 Backdoor.Win32.Small.ckm
Ikarus T3.1.1.12 2007.11.12 Backdoor.Win32.Small.ckm
Kaspersky 7.0.0.125 2007.11.12 Backdoor.Win32.Small.ckm
McAfee 5160 2007.11.09 PWS-LDPinch[/B]
Microsoft 1.3007 2007.11.12 -
[B]NOD32v2 2653 2007.11.12 Win32/Small.CLQ[/B]
Norman 5.80.02 2007.11.09 -
[B]Panda 9.0.0.4 2007.11.11 Bck/Agent.GWZ[/B]
Prevx1 V2 2007.11.12 -
[B]Rising 20.18.02.00 2007.11.12 Backdoor.Win32.Small.ckm
Sophos 4.23.0 2007.11.12 Mal/Generic-A
Sunbelt 2.2.907.0 2007.11.09 Backdoor.Win32.Small.ckm[/B]
Symantec 10 2007.11.12 -
[B]TheHacker 6.2.9.124 2007.11.12 Backdoor/Small.ckm
VBA32 3.12.2.4 2007.11.11 Backdoor.Win32.Small.ckm[/B]
VirusBuster 4.3.26:9 2007.11.11 -
[B]Webwasher-Gateway 6.0.1 2007.11.12 Trojan.Small.ckm.2[/B]
Additional information
File size: 2560 bytes
MD5: fe494cf81dafa9cde8dfe85231566aeb
SHA1: 372d71ff2f9a77b34ab0414b6ecbe4c8b650ca34
Bit9 info: [url]http://fileadvisor.bit9.com/services/extinfo.aspx?md5=fe494cf81dafa9cde8dfe85231566aeb[/url]

[size="1"][color="#666686"][B][I]Добавлено через 2 минуты[/I][/B][/color][/size]

File t0.dll received on 11.12.2007 15:09:26 (CET)
Current status: finished
Result: 20/32 (62.5%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2007.11.12.0 2007.11.12 -
[B]AntiVir 7.6.0.34 2007.11.12 TR/Dldr.Agent.dda[/B]
Authentium 4.93.8 2007.11.10 -
[B]Avast 4.7.1074.0 2007.11.11 Win32:Agent-LOO
AVG 7.5.0.503 2007.11.11 Generic8.HES
BitDefender 7.2 2007.11.12 Generic.Malware.Fdld.A516C50D[/B]
CAT-QuickHeal 9.00 2007.11.12 -
[B]ClamAV 0.91.2 2007.11.12 Trojan.Agent-8747
DrWeb 4.44.0.09170 2007.11.12 Trojan.DownLoader.35253[/B]
eSafe 7.0.15.0 2007.11.08 -
[B]eTrust-Vet 31.2.5289 2007.11.12 Win32/Ralpsa.A[/B]
Ewido 4.0 2007.11.12 -
FileAdvisor 1 2007.11.12 -
[B]Fortinet 3.11.0.0 2007.10.19 Heuri.E[/B]
F-Prot 4.4.2.54 2007.11.10 -
[B]F-Secure 6.70.13030.0 2007.11.12 Trojan.Win32.Agent.bvn
Ikarus T3.1.1.12 2007.11.12 Trojan-Downloader.Win32.Agent.but
Kaspersky 7.0.0.125 2007.11.12 Trojan.Win32.Agent.bvn[/B]
McAfee 5160 2007.11.09 -
[B]Microsoft 1.3007 2007.11.12 Trojan:Win32/Agent.ADA
NOD32v2 2653 2007.11.12 Win32/TrojanDownloader.Agent.NSB[/B]
Norman 5.80.02 2007.11.09 -
[B]Panda 9.0.0.4 2007.11.11 Suspicious file[/B]
Prevx1 V2 2007.11.12 -
[B]Rising 20.18.02.00 2007.11.12 Trojan.Win32.Agent.bvn
Sophos 4.23.0 2007.11.12 Mal/Heuri-E
Sunbelt 2.2.907.0 2007.11.09 Trojan.Win32/Agent.ADA[/B]
Symantec 10 2007.11.12 -
[B]TheHacker 6.2.9.124 2007.11.12 Trojan/Agent.bvn
VBA32 3.12.2.4 2007.11.11 Trojan.Win32.Agent.bvn[/B]
VirusBuster 4.3.26:9 2007.11.11 -
[B]Webwasher-Gateway 6.0.1 2007.11.12 Trojan.Dldr.Agent.dda[/B]
Additional information
File size: 30208 bytes
MD5: 0866b8b38b4b3b35cc4175161ca39f8f
SHA1: 3dfd5c6f2d232bc89a97feeb9ab2ab16cc1bb863
packers: UPX
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX

[size="1"][color="#666686"][B][I]Добавлено через 5 минут[/I][/B][/color][/size]

File wininet.exe received on 11.12.2007 15:35:16 (CET)
Current status: finished
Result: 12/32 (37.5%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2007.11.12.0 2007.11.12 -
[B]AntiVir 7.6.0.34 2007.11.12 DR/Delphi.Gen[/B]
Authentium 4.93.8 2007.11.10 -
Avast 4.7.1074.0 2007.11.11 -
[B]AVG 7.5.0.503 2007.11.11 SHeur.TKA
BitDefender 7.2 2007.11.12 Trojan.PWS.LDPinch.TDF
CAT-QuickHeal 9.00 2007.11.12 Backdoor.Small.clh[/B]
ClamAV 0.91.2 2007.11.12 -
[B]DrWeb 4.44.0.09170 2007.11.12 Trojan.Packed.194[/B]
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5289 2007.11.12 -
Ewido 4.0 2007.11.12 -
FileAdvisor 1 2007.11.12 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.10 -
[B]F-Secure 6.70.13030.0 2007.11.12 Backdoor.Win32.Small.clh
Ikarus T3.1.1.12 2007.11.12 Trojan-PWS.LDPinch.TDF
Kaspersky 7.0.0.125 2007.11.12 Backdoor.Win32.Small.clh[/B]
McAfee 5160 2007.11.09 -
Microsoft 1.3007 2007.11.12 -
NOD32v2 2653 2007.11.12 -
Norman 5.80.02 2007.11.09 -
[B]Panda 9.0.0.4 2007.11.11 Trj/Downloader.MDW[/B]
Prevx1 V2 2007.11.12 -
Rising 20.18.02.00 2007.11.12 -
[B]Sophos 4.23.0 2007.11.12 Mal/Dropper-T[/B]
Sunbelt 2.2.907.0 2007.11.09 -
Symantec 10 2007.11.12 -
TheHacker 6.2.9.124 2007.11.12 -
[B]VBA32 3.12.2.4 2007.11.11 Backdoor.Win32.Small.clh[/B]
VirusBuster 4.3.26:9 2007.11.12 -
[B]Webwasher-Gateway 6.0.1 2007.11.12 Trojan.Delphi.Gen[/B]
Additional information
File size: 23040 bytes
MD5: 71c7320afc1221ead1c548702e9975e9
SHA1: f3394fe1c2cc18f4c4d149c7deb478a085fcbc93
13.11.2007, 06:27
TANUKI

Файл DbEditor.exe получен 2007.11.13 03:48:00 (CET)

[B]Avast 4.7.1074.0 2007.11.12 Win32:Weed
AVG 7.5.0.503 2007.11.12 Win32/Tvido
BitDefender 7.2 2007.11.13 Win32.Tvido.A
ClamAV 0.91.2 2007.11.12 W32.Dwee-1
DrWeb 4.44.0.09170 2007.11.12 Win32.Dwee.3029
F-Secure 6.70.13030.0 2007.11.13 Virus.Win32.Tvido.a
Ikarus T3.1.1.12 2007.11.13 Virus.Win32.Tvido.a
Kaspersky 7.0.0.125 2007.11.13 Virus.Win32.Tvido.a
Norman 5.80.02 2007.11.12 W32/NetworkWorm.BWC
Prevx1 V2 2007.11.13 GENERIC.MALWARE
Sunbelt 2.2.907.0 2007.11.13 VIPRE.Suspicious
VBA32 3.12.2.4 2007.11.11 Virus.Win32.Olm[/B]

File size: 733696 bytes
MD5: b3b5eb8c143ed29238b30771709ad27b
SHA1: f9d5c911f3aa840695a101371e090bb393ebf9bb

П.С. Утверждается, что это белорусский вирус :)
13.11.2007, 07:14
ISO

Прыгает на флешку вместе с файликом autorun.inf с заражённого системника, в системе в system32 есть ещё его близнецы под другими именами svshost.exe и tskmgr.exe.
File NTDETECT.EXE received on 11.13.2007 04:58:16 (CET)
Current status: finished
Result: 17/32 (53.13%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2007.11.13.0 2007.11.13 -
[B]AntiVir 7.6.0.34 2007.11.13 TR/PSW.Webmoner.T
Authentium 4.93.8 2007.11.13 Possibly a new variant of W32/Threat-SysVenFak-based!Maximus
Avast 4.7.1074.0 2007.11.12 Win32:Trojan-gen {Other}
AVG 7.5.0.503 2007.11.12 PSW.Generic5.MUQ
BitDefender 7.2 2007.11.13 BehavesLike:Win32.Malware[/B]
CAT-QuickHeal 9.00 2007.11.12 -
ClamAV 0.91.2 2007.11.12 -
[B]DrWeb 4.44.0.09170 2007.11.12 Win32.HLLW.Money.4[/B]
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5290 2007.11.12 -
[B]Ewido 4.0 2007.11.12 Trojan.WebMoner.t[/B]
FileAdvisor 1 2007.11.13 -
[B]Fortinet 3.11.0.0 2007.10.19 W32/WebMoner.T!tr.pws
F-Prot 4.4.2.54 2007.11.13 W32/Threat-SysVenFak-based!Maximus
F-Secure 6.70.13030.0 2007.11.13 Trojan-PSW.Win32.WebMoner.t
Ikarus T3.1.1.12 2007.11.13 Trojan-PWS.Win32.WebMoner.t
Kaspersky 7.0.0.125 2007.11.13 Trojan-PSW.Win32.WebMoner.t[/B]
McAfee 5161 2007.11.12 -
Microsoft 1.3007 2007.11.12 -
NOD32v2 2653 2007.11.12 -
[B]Norman 5.80.02 2007.11.12 W32/Malware.ATTE
Panda 9.0.0.4 2007.11.13 Trj/WebMoner.AH[/B]
Prevx1 V2 2007.11.13 -
[B]Rising 20.18.02.00 2007.11.12 Trojan.PSW.Win32.WebMoner.t[/B]
Sophos 4.23.0 2007.11.13 -
Sunbelt 2.2.907.0 2007.11.13 -
Symantec 10 2007.11.13 -
TheHacker 6.2.9.124 2007.11.13 -
[B]VBA32 3.12.2.4 2007.11.11 Trojan-PSW.Win32.WebMoner.t[/B]
VirusBuster 4.3.26:9 2007.11.12 -
[B]Webwasher-Gateway 6.0.1 2007.11.13 Trojan.PSW.Webmoner.T[/B]
Additional information
File size: 555520 bytes
MD5: 4de4cb50b8f3e41e9a123aafcdece965
SHA1: 40f1ee09b497b5429bd9a63618bf66175d08b684
15.11.2007, 21:51
mayas

File setup.exe received on 11.15.2007 19:37:48 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.11.16.0 2007.11.15 -
[B]AntiVir 7.6.0.34 2007.11.15 Worm/Feebs.LQ[/B]
Authentium 4.93.8 2007.11.15 -
Avast 4.7.1074.0 2007.11.14 -
[I][B]AVG 7.5.0.503 2007.11.15 Dropper.Generic.RVO[/B][/I]
BitDefender 7.2 2007.11.15 -
[B]CAT-QuickHeal 9.00 2007.11.15 Worm.Feebs.lq[/B]
ClamAV 0.91.2 2007.11.15 -
DrWeb 4.44.0.09170 2007.11.15 -
[I]eSafe 7.0.15.0 2007.11.14 Suspicious File[/I]
[B]eTrust-Vet 31.2.5297 2007.11.15 Win32/Feeb.CK[/B]
Ewido 4.0 2007.11.15 -
FileAdvisor 1 2007.11.15 -
Fortinet 3.11.0.0 2007.10.19 -
[B]F-Prot 4.4.2.54 2007.11.14 W32/Heuristic-162!Eldorado[/B]
[B]F-Secure 6.70.13030.0 2007.11.15 Worm.Win32.Feebs.lq
Ikarus T3.1.1.12 2007.11.15 Worm.Win32.Feebs.lq
Kaspersky 7.0.0.125 2007.11.15 Worm.Win32.Feebs.lq[/B]
McAfee 5164 2007.11.15 -
Microsoft 1.3007 2007.11.12 -
NOD32v2 2660 2007.11.15 -
[I][B][I]Norman 5.80.02 2007.11.15 W32/Suspicious_U.gen[/I][/B][/I]
Panda 9.0.0.4 2007.11.15 -
Prevx1 V2 2007.11.15 -
Rising 20.18.31.00 2007.11.15 -
[I][B]Sophos 4.23.0 2007.11.15 Mal/Generic-A[/B][/I]
Sunbelt 2.2.907.0 2007.11.15 -
[B]Symantec 10 2007.11.15 Downloader[/B]
[B]TheHacker 6.2.9.129 2007.11.15 W32/Feebs.lq[/B]
[B]VBA32 3.12.2.5 2007.11.15 suspected of MalwareScope.Worm.Feebs.1 (paranoid heuristics)[/B]
VirusBuster 4.3.26:9 2007.11.15 -
[B]Webwasher-Gateway 6.0.1 2007.11.15 Worm.Feebs.LQ[/B]
Additional information
File size: 104448 bytes
MD5: a35a450fd2cb571706bcb88588ec297a
SHA1: 905845fdbfcec5158a209e052e9ef245f1b42704
packers: embedded, UPack
17.11.2007, 11:57
Макcим

Файл setup.exe получен 2007.11.17 09:46:11 (CET)[QUOTE][B]AVG 7.5.0.503 2007.11.17 Downloader.Zlob.LI
BitDefender 7.2 2007.11.17 Trojan.Zlob.3.Gen
ClamAV 0.91.2 2007.11.17 Trojan.Dropper-2529
DrWeb 4.44.0.09170 2007.11.17 Trojan.Popuper.5033
Kaspersky 7.0.0.125 2007.11.17 Trojan-Downloader.Win32.Zlob.ejb
Microsoft 1.3007 2007.11.17 Trojan:Win32/Zlob.ZWC
Prevx1 V2 2007.11.17 Generic.Dropper.xCodec[/B][/QUOTE]Дополнительная информация
File size: 80637 bytes
MD5: 08787184519921376ae697f2be02c4d0
SHA1: 8a54d890603dd38d73be3a40d6fc131b6ad3ecb9
Prevx info: [url]http://fileinfo.prevx.com/fileinfo.asp?PX5=EF31DB76FDB74D223A3001340E34E700EA581B4E[/url]

Файл vip.exe получен 2007.11.17 07:49:03 (CET)[QUOTE][B]AntiVir 7.6.0.34 2007.11.16 HEUR/Malware
BitDefender 7.2 2007.11.17 Generic.Malware.P!Yd!dldPk!.876CD84A
CAT-QuickHeal 9.00 2007.11.16 (Suspicious) - DNAScan
DrWeb 4.44.0.09170 2007.11.16 Trojan.DownLoader.origin
eSafe 7.0.15.0 2007.11.14 suspicious Trojan/Worm
Ikarus T3.1.1.12 2007.11.17 Packed.Win32.Klone.af
McAfee 5165 2007.11.16 New Malware.u
NOD32v2 2665 2007.11.17 probably unknown NewHeur_PE virus
Norman 5.80.02 2007.11.16 W32/Suspicious_N.gen
Panda 9.0.0.4 2007.11.17 Suspicious file
Sophos 4.23.0 2007.11.17 Mal/Packer
TheHacker 6.2.9.132 2007.11.16 W32/Behav-Heuristic-067
VirusBuster 4.3.26:9 2007.11.16 Packed/NSPack
Webwasher-Gateway 6.0.1 2007.11.16 Heuristic.Malware[/B][/QUOTE]Дополнительная информация
File size: 21752 bytes
MD5: c59d448179d6c93cff1156930fe785f4
SHA1: 9f4314678df4e508df468c031325e32b5f2fce39
packers: NSPack, PE_Patch
packers: NSPack

Файл Downloader.exe получен 2007.11.17 07:48:58 (CET)[QUOTE][B]NOD32v2 2665 2007.11.17 a variant of Win32/BHO.NAT
Prevx1 V2 2007.11.17 SPYWARE.BANKER.CPV
Sophos 4.23.0 2007.11.17 Mal/Behav-112[/B][/QUOTE]Дополнительная информация
File size: 28672 bytes
MD5: 8456eabd2c67871b50baecb6c442f1e6
SHA1: 85013163fbfe7003f47c55eb5f7e981d3670f8a6
Prevx info: [url]http://fileinfo.prevx.com/fileinfo.asp?PX5=77A9513500E0218870C500E968E88F00D35F0C43[/url]

Файл load.exe получен 2007.11.17 07:33:58 (CET)[QUOTE][B]AntiVir 7.6.0.34 2007.11.16 TR/Spy.Bancos.aam.43
AVG 7.5.0.503 2007.11.17 SHeur.ZRY
BitDefender 7.2 2007.11.17 MemScan:Trojan.Spy.Bancos.AAM
CAT-QuickHeal 9.00 2007.11.16 Backdoor.Hupigon.wgk
eSafe 7.0.15.0 2007.11.14 Suspicious File
F-Secure 6.70.13030.0 2007.11.16 Backdoor.Win32.Hupigon.wgk
Ikarus T3.1.1.12 2007.11.17 Trojan-Spy.Win32.Bancos.aam
Kaspersky 7.0.0.125 2007.11.17 Backdoor.Win32.Hupigon.wgk
Norman 5.80.02 2007.11.16 W32/Agent.DGQE
Prevx1 V2 2007.11.17 SPYWARE.BANCOS.AAM
Rising 20.18.40.00 2007.11.16 Backdoor.Win32.Gpigeon.wgk
Sophos 4.23.0 2007.11.17 Mal/Behav-164
Sunbelt 2.2.907.0 2007.11.17 Trojan-Spy.Bancos.AAM
Symantec 10 2007.11.17 Infostealer.Notos!gen
TheHacker 6.2.9.132 2007.11.16 Backdoor/Agent.cpw
Webwasher-Gateway 6.0.1 2007.11.16 Trojan.Spy.Bancos.aam.43[/B][/QUOTE]Дополнительная информация
File size: 42496 bytes
MD5: d2f651be01c553c5e49547749f9ab7d1
SHA1: 490b2edd810ccfb864e1243f15560fbf5dba5416
Prevx info: [url]http://fileinfo.prevx.com/fileinfo.asp?PX5=7CF6B2470024E050A6990012CA13400029304EC5[/url]
18.11.2007, 10:48
rubin

Все файлы получены 17.11.2007 в 20:15.
ssqqoon.dll - [b]not-a-virus:AdWare.Win32.Virtumonde.aqr[/b]

[b]AntiVir 7.6.0.34 2007.11.16 ADSPY/Virtumond.afb
AVG 7.5.0.503 2007.11.17 BHO.CNT
eSafe 7.0.15.0 2007.11.14 Suspicious File
F-Secure 6.70.13030.0 2007.11.17 Vundo.gen42
NOD32v2 2665 2007.11.17 Win32/Adware.Virtumonde
Norman 5.80.02 2007.11.16 Vundo.gen42
Prevx1 V2 2007.11.17 SpywareQuake
Sunbelt 2.2.907.0 2007.11.17 Virtumonde
VirusBuster 4.3.26:9 2007.11.17 Adware.Vundo.V.Gen
Webwasher-Gateway 6.0.1 2007.11.16 Ad-Spyware.Virtumond.afb[/b]

rspakidr.dll - [b]Trojan.Win32.BHO.xp[/b]
[b]
AVG 7.5.0.503 2007.11.17 Lop
eSafe 7.0.15.0 2007.11.14 Suspicious File
McAfee 5165 2007.11.16 Vundo
Panda 9.0.0.4 2007.11.17 Suspicious file
VirusBuster 4.3.26:9 2007.11.17 Adware.Vundo.V.Gen
Webwasher-Gateway 6.0.1 2007.11.16 Win32.Malware.gen (suspicious)[/b]

rjxhdalz.dll - [b]not-a-virus:AdWare.Win32.SecToolBar.o[/b]
[b]
AntiVir 7.6.0.34 2007.11.16 TR/BHO.Agent.AW
AVG 7.5.0.503 2007.11.17 Obfustat.YUY
BitDefender 7.2 2007.11.17 Adware.Virtumonde.GHK
eSafe 7.0.15.0 2007.11.14 Suspicious File
NOD32v2 2665 2007.11.17 Win32/Adware.SecToolbar
Norman 5.80.02 2007.11.16 Vundo.gen50
Panda 9.0.0.4 2007.11.17 Adware/BestSellerAV
Prevx1 V2 2007.11.17 Trojan.Vundo[/b]

ddaya.dll - [b]not-a-virus:AdWare.Win32.Virtumonde.aqq[/b]
[b]
AntiVir 7.6.0.34 2007.11.16 ADSPY/Virtumond.afa
AVG 7.5.0.503 2007.11.17 BHO.CNF
F-Secure 6.70.13030.0 2007.11.17 Vundo.gen49
NOD32v2 2665 2007.11.17 Win32/Adware.Virtumonde
Norman 5.80.02 2007.11.16 Vundo.gen49
Panda 9.0.0.4 2007.11.17 Spyware/Virtumonde
Prevx1 V2 2007.11.17 Rogue.Winfixer
VirusBuster 4.3.26:9 2007.11.17 Adware.Vundo.V.Gen
Webwasher-Gateway 6.0.1 2007.11.16 Ad-Spyware.Virtumond.afa
Symantec 10 2007.11.17 Trojan.Metajuan
VirusBuster 4.3.26:9 2007.11.17 Adware.Vundo.V.Gen
Webwasher-Gateway 6.0.1 2007.11.16 Trojan.BHO.Agent.AW[/b]
19.11.2007, 18:55
rubin

C:\WINDOWS\TEMP\winlogon.exe

File avz00001.dta received on 11.19.2007 16:42:55 (CET)
Current status: finished
Result: 4/32 (12.5%)

AhnLab-V3 2007.11.19.0 2007.11.19 -
AntiVir 7.6.0.34 2007.11.19 -
Authentium 4.93.8 2007.11.19 -
Avast 4.7.1074.0 2007.11.19 -
[b]AVG 7.5.0.503 2007.11.19 Obfustat.ZYG[/b]
BitDefender 7.2 2007.11.19 -
CAT-QuickHeal 9.00 2007.11.19 -
ClamAV 0.91.2 2007.11.19 -
[b]DrWeb 4.44.0.09170 2007.11.19 Trojan.Packed.194[/b]
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.3.5308 2007.11.19 -
Ewido 4.0 2007.11.19 -
FileAdvisor 1 2007.11.19 -
Fortinet 3.11.0.0 2007.11.19 -
F-Prot 4.4.2.54 2007.11.18 -
F-Secure 6.70.13030.0 2007.11.19 -
[b]Ikarus T3.1.1.12 2007.11.19 Virus.Win32.Zapchast.DA[/b]
Kaspersky 7.0.0.125 2007.11.19 -
McAfee 5165 2007.11.16 -
Microsoft 1.3007 2007.11.19 -
NOD32v2 2668 2007.11.19 -
Norman 5.80.02 2007.11.19 -
Panda 9.0.0.4 2007.11.18 -
Prevx1 V2 2007.11.19 -
Rising 20.19.00.00 2007.11.19 -
[b]Sophos 4.23.0 2007.11.19 Mal/Dropper-T[/b]
Sunbelt 2.2.907.0 2007.11.17 -
Symantec 10 2007.11.19 -
TheHacker 6.2.9.133 2007.11.17 -
VBA32 3.12.2.5 2007.11.19 -
VirusBuster 4.3.26:9 2007.11.18 -
Webwasher-Gateway 6.0.1 2007.11.19 -
Additional information
File size: 43520 bytes
MD5: 6a44352812e6032ab81be334ddb8b5d7
SHA1: 1b8db08d55cb2dd5396204eeeae9c452c4235855
20.11.2007, 15:03
Shu_b

[B]Maxim, TANUKI, rubin[/B]

Большая просьба не резать, и публиковать полный лог.
(очень трудно обрабатывать)
21.11.2007, 01:15
urbanangel

File Firefox_Setup_3.0_Beta_1.rar received on 11.20.2007 22:51:50 (CET)
Current status: finished
Result: 3/32 (9.38%)

Antivirus Version Last Update Result
AhnLab-V3 2007.11.21.0 2007.11.20 -
AntiVir 7.6.0.34 2007.11.20 -
Authentium 4.93.8 2007.11.20 -
Avast 4.7.1074.0 2007.11.20 -
AVG 7.5.0.503 2007.11.20 -
BitDefender 7.2 2007.11.20 -
CAT-QuickHeal 9.00 2007.11.20 -
ClamAV 0.91.2 2007.11.20 -
[B]DrWeb 4.44.0.09170 2007.11.20 Trojan.MulDrop.9120[/B]
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.3.5312 2007.11.20 -
Ewido 4.0 2007.11.20 -
FileAdvisor 1 2007.11.20 -
Fortinet 3.11.0.0 2007.11.20 -
F-Prot 4.4.2.54 2007.11.19 -
F-Secure 6.70.13030.0 2007.11.20 -
Ikarus T3.1.1.12 2007.11.20 -
Kaspersky 7.0.0.125 2007.11.20 -
McAfee 5167 2007.11.20 -
Microsoft 1.3007 2007.11.20 -
NOD32v2 2673 2007.11.20 -
Norman 5.80.02 2007.11.20 -
[B]Panda 9.0.0.4 2007.11.20 Suspicious file[/B]
Prevx1 V2 2007.11.20 -
Rising 20.19.10.00 2007.11.20 -
Sophos 4.23.0 2007.11.20 -
Sunbelt 2.2.907.0 2007.11.20 -
Symantec 10 2007.11.20 -
TheHacker 6.2.9.135 2007.11.20 -
[B]VBA32 3.12.2.5 2007.11.20 Trojan.MulDrop.9120[/B]
VirusBuster 4.3.26:9 2007.11.20 -
Webwasher-Gateway 6.0.1 2007.11.20 -
Additional information
File size: 6721731 bytes
MD5: d31848f71c6318613182766c46ff4de4
SHA1: b4826b751423dbd9a5ee0ed13210f3b1f1b9ae08
packers: PE_Patch, MewBundle, MEW

А вот, представляющая интерес выдержка из лога ESET Smart Security 3.0.563.0 на запуск этого инсталлятора

21.11.2007 0:46:25 Real-time file system protection file C:\DOCUME~1\Maxim\LOCALS~1\Temp\Setup.exe [B]probably a variant of Win32/TrojanDropper.Agent.NGU trojan[/B] cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Downloads\Firefox_Setup_3.0_Beta_1\Firefox Setup 3.0 Beta 1.exe.
21.11.2007, 09:13
Shu_b

t=14256
[CODE]File CProCtrl.sys received on 11.21.2007 06:19:13 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.11.21.0 2007.11.21 -
AntiVir 7.6.0.34 2007.11.20 -
Authentium 4.93.8 2007.11.21 -
Avast 4.7.1074.0 2007.11.20 -
AVG 7.5.0.503 2007.11.20 -
BitDefender 7.2 2007.11.21 -
CAT-QuickHeal 9.00 2007.11.20 -
ClamAV 0.91.2 2007.11.21 -
DrWeb 4.44.0.09170 2007.11.20 -
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.3.5312 2007.11.20 -
Ewido 4.0 2007.11.20 -
FileAdvisor 1 2007.11.21 -
Fortinet 3.14.0.0 2007.11.21 -
[B]F-Prot 4.4.2.54 2007.11.21 W32/Cinmus.E.gen!Eldorado[/B]
F-Secure 6.70.13030.0 2007.11.21 -
Ikarus T3.1.1.12 2007.11.21 -
[B]Kaspersky 7.0.0.125 2007.11.21 Rootkit.Win32.Agent.oy[/B]
McAfee 5167 2007.11.20 -
Microsoft 1.3007 2007.11.21 -
NOD32v2 2674 2007.11.21 -
Norman 5.80.02 2007.11.20 -
Panda 9.0.0.4 2007.11.21 -
Prevx1 V2 2007.11.21 -
Rising 20.19.12.00 2007.11.21 -
Sophos 4.23.0 2007.11.21 -
Sunbelt 2.2.907.0 2007.11.21 -
Symantec 10 2007.11.21 -
TheHacker 6.2.9.135 2007.11.20 -
VBA32 3.12.2.5 2007.11.20 -
VirusBuster 4.3.26:9 2007.11.20 -
Webwasher-Gateway 6.0.1 2007.11.21 -
Additional information
File size: 46080 bytes
MD5: 24a2d8c156acfadc224a71b900a3c6e0
SHA1: 375e69af3cb6b79d454c44ee9ab5989431553eef[/CODE]
t=14392
[CODE]File ntos.exe received on 11.21.2007 06:14:17 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.11.21.0 2007.11.21 -
AntiVir 7.6.0.34 2007.11.20 -
Authentium 4.93.8 2007.11.21 -
Avast 4.7.1074.0 2007.11.20 -
[B]AVG 7.5.0.503 2007.11.20 SHeur.ACHW[/B]
BitDefender 7.2 2007.11.21 -
CAT-QuickHeal 9.00 2007.11.20 -
ClamAV 0.91.2 2007.11.21 -
DrWeb 4.44.0.09170 2007.11.20 -
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.3.5312 2007.11.20 -
Ewido 4.0 2007.11.20 -
FileAdvisor 1 2007.11.21 -
Fortinet 3.14.0.0 2007.11.21 -
F-Prot 4.4.2.54 2007.11.21 -
F-Secure 6.70.13030.0 2007.11.21 -
Ikarus T3.1.1.12 2007.11.21 -
[B]Kaspersky 7.0.0.125 2007.11.21 Trojan-Spy.Win32.Zbot.cz[/B]
McAfee 5167 2007.11.20 -
Microsoft 1.3007 2007.11.21 -
NOD32v2 2674 2007.11.21 -
Norman 5.80.02 2007.11.20 -
[B]Panda 9.0.0.4 2007.11.21 Suspicious file[/B]
Prevx1 V2 2007.11.21 -
Rising 20.19.12.00 2007.11.21 -
Sophos 4.23.0 2007.11.21 -
Sunbelt 2.2.907.0 2007.11.21 -
Symantec 10 2007.11.21 -
TheHacker 6.2.9.135 2007.11.20 -
VBA32 3.12.2.5 2007.11.20 -
VirusBuster 4.3.26:9 2007.11.20 -
[B]Webwasher-Gateway 6.0.1 2007.11.21 Win32.Malware.gen (suspicious)[/B]
Additional information
File size: 442880 bytes
MD5: 6bd9797f295b737b683dac169ff73169
SHA1: e3e10814e1a4784eb6e186db0b06259f3c415cec[/CODE]
21.11.2007, 14:54
rubin

t=14405
[code]File avz00007.dta received on 11.21.2007 12:33:17 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.11.21.1 2007.11.21 -
[b]AntiVir 7.6.0.34 2007.11.21 TR/Crypt.XPACK.Gen[/b]
Authentium 4.93.8 2007.11.21 -
Avast 4.7.1074.0 2007.11.20 -
[b]AVG 7.5.0.503 2007.11.21 Crypt.F
BitDefender 7.2 2007.11.21 Trojan.AVKiller.AW
CAT-QuickHeal 9.00 2007.11.20 (Suspicious) - DNAScan[/b]
ClamAV 0.91.2 2007.11.21 -
[b]DrWeb 4.44.0.09170 2007.11.21 Trojan.MulDrop.8347
eSafe 7.0.15.0 2007.11.14 Suspicious File[/b]
eTrust-Vet 31.3.5313 2007.11.21 -
Ewido 4.0 2007.11.20 -
FileAdvisor 1 2007.11.21 -
Fortinet 3.14.0.0 2007.11.21 -
F-Prot 4.4.2.54 2007.11.21 -
F-Secure 6.70.13030.0 2007.11.21 -
Ikarus T3.1.1.12 2007.11.21 -
Kaspersky 7.0.0.125 2007.11.21 -
[b]McAfee 5167 2007.11.20 Tcad-Crypted
Microsoft 1.3007 2007.11.21 TrojanDownloader:Win32/Small.gen!AAM[/b]
NOD32v2 2674 2007.11.21 -
Norman 5.80.02 2007.11.20 -
[b]Panda 9.0.0.4 2007.11.21 Suspicious file[/b]
Prevx1 V2 2007.11.21 -
[b]Rising 20.19.20.00 2007.11.21 Trojan.DL.Win32.Small.evl
Sophos 4.23.0 2007.11.21 Mal/Basine-C[/b]
Sunbelt 2.2.907.0 2007.11.21 -
Symantec 10 2007.11.21 -
TheHacker 6.2.9.135 2007.11.20 -
VBA32 3.12.2.5 2007.11.20 -
[b]VirusBuster 4.3.26:9 2007.11.21 Trojan.DR.Dirat.Gen
Webwasher-Gateway 6.0.1 2007.11.21 Trojan.Crypt.XPACK.Gen[/b]

Additional information
File size: 12395 bytes
MD5: af63e4eb1ddba00377bf939fec099b6b
SHA1: d3efd43be9e2b0b8e32f4112099cac37ebd5f7c0[/code]

[code]File avz00002.dta received on 11.21.2007 12:34:07 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.11.21.1 2007.11.21 -
AntiVir 7.6.0.34 2007.11.21 -
Authentium 4.93.8 2007.11.21 -
Avast 4.7.1074.0 2007.11.20 -
[b]AVG 7.5.0.503 2007.11.21 SHeur.ACTR[/b]
BitDefender 7.2 2007.11.21 -
CAT-QuickHeal 9.00 2007.11.20 -
ClamAV 0.91.2 2007.11.21 -
DrWeb 4.44.0.09170 2007.11.21 -
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.3.5313 2007.11.21 -
Ewido 4.0 2007.11.20 -
FileAdvisor 1 2007.11.21 -
Fortinet 3.14.0.0 2007.11.21 -
F-Prot 4.4.2.54 2007.11.21 -
F-Secure 6.70.13030.0 2007.11.21 -
Ikarus T3.1.1.12 2007.11.21 -
Kaspersky 7.0.0.125 2007.11.21 -
McAfee 5167 2007.11.20 -
[b]Microsoft 1.3007 2007.11.21 Spammer:Win32/Tedroo.B
NOD32v2 2674 2007.11.21 Win32/TrojanProxy.Small.NBD[/b]
Norman 5.80.02 2007.11.20 -
Panda 9.0.0.4 2007.11.21 -
Prevx1 V2 2007.11.21 -
Rising 20.19.20.00 2007.11.21 -
Sophos 4.23.0 2007.11.21 -
Sunbelt 2.2.907.0 2007.11.21 -
Symantec 10 2007.11.21 -
TheHacker 6.2.9.135 2007.11.20 -
VBA32 3.12.2.5 2007.11.20 -
VirusBuster 4.3.26:9 2007.11.21 -
Webwasher-Gateway 6.0.1 2007.11.21 -

Additional information
File size: 32768 bytes
MD5: 8c10f9134e5a7d16aa5697de32c9d1d9
SHA1: abe50820c9b8353a6d71d180877a7f1075839f13[/code]

Показывать 40 сообщений этой темы на одной странице