Исследование антивирусов 4

STATUS: FINISHEDComplete scanning result of "__1056", received in VirusTotal at 09.19.2006, 13:23:17 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.16 09.19.2006 BDC/Coldfus.11B.Dll
Authentium 4.93.8 09.18.2006 no virus found
Avast 4.7.844.0 09.15.2006 no virus found
AVG 386 09.18.2006 no virus found
BitDefender 7.2 09.19.2006 no virus found
CAT-QuickHeal 8.00 09.18.2006 no virus found
ClamAV devel-20060426 09.19.2006 Trojan.Dropper.Joiner.21
DrWeb 4.33 09.19.2006 no virus found
eTrust-InoculateIT 23.72.128 09.19.2006 no virus found
eTrust-Vet 30.3.3086 09.19.2006 no virus found
Ewido 4.0 09.19.2006 Trojan.LdPinch.axh
Fortinet 2.82.0.0 09.19.2006 W32/SpyBot.P!worm
F-Prot 3.16f 09.18.2006 no virus found
F-Prot4 4.2.1.29 09.18.2006 no virus found
Ikarus 0.2.65.0 09.18.2006 Trojan-Dropper.Win32.Tefil.21.A
Kaspersky 4.0.2.24 09.19.2006 Trojan-PSW.Win32.LdPinch.axh
McAfee 4854 09.18.2006 W32/Spybot.worm.gen.p
Microsoft 1.1560 09.19.2006 no virus found
NOD32v2 1.1762 09.19.2006 no virus found
Norman 5.90.23 09.19.2006 no virus found
Panda 9.0.0.4 09.18.2006 Suspicious file
Sophos 4.09.0 09.19.2006 no virus found
Symantec 8.0 09.19.2006 no virus found
TheHacker 6.0.1.072 09.19.2006 Trojan/Hami
UNA 1.83 09.18.2006 no virus found
VBA32 3.11.1 09.19.2006 Trojan-PSW.Win32.LdPinch.axh
VirusBuster 4.3.7:9 09.18.2006 no virus found


Aditional Information
File size: 1744896 bytes
MD5: 92c9f40b4da907589123bcb6cc600fa1
SHA1: 43408d1b230de21c8be607b7c8cd6dd4456ce8b5
packers: Armadillo
Реально это пинч, склееный с с чем-то. Так что правы и те кто джойнер палят, хотя пинч это достовернее.

STATUS: FINISHEDComplete scanning result of "__1056", received in VirusTotal at 09.19.2006, 13:34:24 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.16 09.19.2006 no virus found
Authentium 4.93.8 09.18.2006 no virus found
Avast 4.7.844.0 09.15.2006 no virus found
AVG 386 09.18.2006 no virus found
BitDefender 7.2 09.19.2006 no virus found
CAT-QuickHeal 8.00 09.18.2006 no virus found
ClamAV devel-20060426 09.19.2006 no virus found
eTrust-InoculateIT 23.72.128 09.19.2006 no virus found
eTrust-Vet 30.3.3086 09.19.2006 no virus found
DrWeb 4.33 09.19.2006 no virus found
Ewido 4.0 09.19.2006 Dropper.Delf.zp
Fortinet 2.82.0.0 09.19.2006 no virus found
F-Prot 3.16f 09.18.2006 no virus found
F-Prot4 4.2.1.29 09.18.2006 no virus found
Ikarus 0.2.65.0 09.18.2006 no virus found
Kaspersky 4.0.2.24 09.19.2006 no virus found
McAfee 4854 09.18.2006 no virus found
Microsoft 1.1560 09.19.2006 no virus found
NOD32v2 1.1762 09.19.2006 no virus found
Norman 5.80.02 09.19.2006 no virus found
Panda 9.0.0.4 09.18.2006 no virus found
Sophos 4.09.0 09.19.2006 no virus found
Symantec 8.0 09.19.2006 no virus found
TheHacker 6.0.1.072 09.19.2006 no virus found
UNA 1.83 09.18.2006 no virus found
VBA32 3.11.1 09.19.2006 suspected of Trojan-Dropper.Delf.71 (paranoid heuristics)
VirusBuster 4.3.7:9 09.18.2006 no virus found


Aditional Information
File size: 748544 bytes
MD5: 8c223cf3c7a9c2d6e03f00d4bb122ef3
SHA1: 9709c247c8021a2ad513fb107b648bde4dda5b4e

Троян-дроппер

zip архив

STATUS: FINISHEDComplete scanning result of "__1056", received in VirusTotal at 09.19.2006, 13:45:28 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.16 09.19.2006 HEUR/Crypted
Authentium 4.93.8 09.18.2006 no virus found
Avast 4.7.844.0 09.15.2006 no virus found
AVG 386 09.18.2006 no virus found
BitDefender 7.2 09.19.2006 no virus found
CAT-QuickHeal 8.00 09.18.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 09.19.2006 no virus found
DrWeb 4.33 09.19.2006 no virus found
eTrust-InoculateIT 23.72.128 09.19.2006 no virus found
eTrust-Vet 30.3.3086 09.19.2006 no virus found
Ewido 4.0 09.19.2006 Heuristic.Win32.Morphine-Crypted
Fortinet 2.82.0.0 09.19.2006 suspicious
F-Prot 3.16f 09.18.2006 no virus found
F-Prot4 4.2.1.29 09.18.2006 no virus found
Ikarus 0.2.65.0 09.18.2006 no virus found
Kaspersky 4.0.2.24 09.19.2006 no virus found
McAfee 4854 09.18.2006 New Malware.h
Microsoft 1.1560 09.19.2006 no virus found
NOD32v2 1.1762 09.19.2006 unpack error
Norman 5.90.23 09.19.2006 W32/Suspicious_N.gen
Panda 9.0.0.4 09.18.2006 Suspicious file
Sophos 4.09.0 09.19.2006 no virus found
Symantec 8.0 09.19.2006 no virus found
TheHacker 6.0.1.072 09.19.2006 no virus found
UNA 1.83 09.18.2006 no virus found
VBA32 3.11.1 09.19.2006 suspected of Trojan.Delf.37
VirusBuster 4.3.7:9 09.18.2006 no virus found


Aditional Information
File size: 422765 bytes
MD5: 413d6911092cf298733a18363f96cf59
SHA1: 18e1cbfcf2b9ee4a4fa7922d07daabc09dde6d8f
packers: Morphine, AHPack

если распаковать м постить exe то результ. тот же

безобидный криптор

STATUS: FINISHEDComplete scanning result of "__1056", received in VirusTotal at 09.19.2006, 14:19:16 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.16 09.19.2006 no virus found
Authentium 4.93.8 09.18.2006 no virus found
Avast 4.7.844.0 09.15.2006 no virus found
AVG 386 09.18.2006 no virus found
BitDefender 7.2 09.19.2006 no virus found
CAT-QuickHeal 8.00 09.18.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 09.19.2006 no virus found
DrWeb 4.33 09.19.2006 no virus found
eTrust-InoculateIT 23.72.128 09.19.2006 no virus found
eTrust-Vet 30.3.3086 09.19.2006 no virus found
Ewido 4.0 09.19.2006 no virus found
Fortinet 2.82.0.0 09.19.2006 PossibleThreat!01519
F-Prot 3.16f 09.18.2006 no virus found
F-Prot4 4.2.1.29 09.18.2006 no virus found
Ikarus 0.2.65.0 09.18.2006 no virus found
Kaspersky 4.0.2.24 09.19.2006 no virus found
McAfee 4854 09.18.2006 no virus found
Microsoft 1.1560 09.19.2006 no virus found
NOD32v2 1.1762 09.19.2006 no virus found
Norman 5.90.23 09.19.2006 no virus found
Panda 9.0.0.4 09.18.2006 Suspicious file
Sophos 4.09.0 09.19.2006 no virus found
Symantec 8.0 09.19.2006 no virus found
TheHacker 6.0.1.072 09.19.2006 Posible_Worm32
UNA 1.83 09.18.2006 no virus found
VBA32 3.11.1 09.19.2006 no virus found
VirusBuster 4.3.7:9 09.18.2006 no virus found


Aditional Information
File size: 27648 bytes
MD5: 3a1cbaf3a33d4bdbd67937ac0641acbc
SHA1: 7da5ab72c8673367235c68b244b389e070c2ee2e
packers: UPX

ложняк

[B]Обнаружил в Cache у Firefox'а троян:[/B]

Complete scanning result of "C39791ADd01", received in VirusTotal at 09.20.2006, 09:48:04 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.16 09.20.2006 no virus found
Authentium 4.93.8 09.19.2006 no virus found
Avast 4.7.844.0 09.19.2006 no virus found
AVG 386 09.19.2006 no virus found
BitDefender 7.2 09.20.2006 no virus found
CAT-QuickHeal 8.00 09.20.2006 no virus found
ClamAV devel-20060426 09.20.2006 no virus found
DrWeb 4.33 09.20.2006 no virus found
eTrust-InoculateIT 23.72.128 09.19.2006 no virus found
eTrust-Vet 30.3.3088 09.20.2006 no virus found
Ewido 4.0 09.19.2006 no virus found
Fortinet 2.82.0.0 09.20.2006 JS/Agent.AB!tr.dldr
F-Prot 3.16f 09.19.2006 no virus found
F-Prot4 4.2.1.29 09.19.2006 no virus found
Ikarus 0.2.65.0 09.19.2006 no virus found
Kaspersky 4.0.2.24 09.20.2006 Trojan-Downloader.JS.Agent.ab
McAfee 4855 09.19.2006 no virus found
Microsoft 1.1560 09.19.2006 no virus found
NOD32v2 1.1763 09.19.2006 no virus found
Norman 5.90.23 09.19.2006 no virus found
Panda 9.0.0.4 09.19.2006 no virus found
Sophos 4.09.0 09.20.2006 no virus found
Symantec 8.0 09.20.2006 no virus found
TheHacker 6.0.1.074 09.20.2006 no virus found
UNA 1.83 09.19.2006 no virus found
VBA32 3.11.1 09.19.2006 no virus found
VirusBuster 4.3.7:9 09.19.2006 no virus found

Aditional Information
File size: 16500 bytes
MD5: f6f15ec5745156eba9463448ce882688
SHA1: ed558a29dbb33d48ef271ec2f5c3fdd342d66851

Письмо якобы от eBay.

Complete scanning result of "edlead_slipwave.com_1219_21245898",
received in VirusTotal at 09.21.2006, 09:11:23 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.16 09.21.2006 no virus found
Authentium 4.93.8 09.21.2006 no virus found
Avast 4.7.844.0 09.19.2006 no virus found
AVG 386 09.20.2006 no virus found
BitDefender 7.2 09.21.2006 no virus found
CAT-QuickHeal 8.00 09.20.2006 no virus found
ClamAV devel-20060426 09.21.2006 HTML.Phishing.Auction-144
DrWeb 4.33 09.20.2006 no virus found
eTrust-InoculateIT 23.73.1 09.21.2006 no virus found
eTrust-Vet 30.3.3088 09.20.2006 no virus found
Ewido 4.0 09.20.2006 no virus found
Fortinet 2.82.0.0 09.20.2006 no virus found
F-Prot 3.16f 09.20.2006 no virus found
F-Prot4 4.2.1.29 09.20.2006 no virus found
Ikarus 0.2.65.0 09.20.2006 no virus found
Kaspersky 4.0.2.24 09.21.2006 no virus found
McAfee 4856 09.20.2006 no virus found
Microsoft 1.1560 09.21.2006 no virus found
NOD32v2 1.1765 09.20.2006 no virus found
Norman 5.90.23 09.20.2006 no virus found
Panda 9.0.0.4 09.20.2006 no virus found
Sophos 4.09.0 09.21.2006 no virus found
Symantec 8.0 09.21.2006 no virus found
TheHacker 6.0.1.074 09.20.2006 no virus found
UNA 1.83 09.20.2006 no virus found
VBA32 3.11.1 09.19.2006 no virus found
VirusBuster 4.3.7:9 09.20.2006 no virus found


Aditional Information
File size: 15613 bytes
MD5: e0c1808dd82e87068402eaed1688bc4f
SHA1: f50ec1a592a388e35d7f875f540fdf835e9e7736

Действительно фишинг, ссылка ведёт на хттп://www.digitalsat.tv/cgi.ebay.com/ws/ebayisapi%3bdllsignin&co_partnerid=2/puserid=&siteid=0&pagetype=&pa1=&i1=&bshowgif=&usingssl=&ru/

P.S. Dr.Web 21.09.06 16:13 MSD: Trojan.Bankfraud.378

STATUS: FINISHEDComplete scanning result of "avz00001.dta", received in VirusTotal at 09.21.2006, 21:08:32 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.16 09.21.2006 BDS/VanBot.N
Authentium 4.93.8 09.21.2006 W32/Ircbot.VM
Avast 4.7.844.0 09.19.2006 no virus found
AVG 386 09.21.2006 BackDoor.Generic3.OAT
BitDefender 7.2 09.21.2006 DeepScan:Generic.Sdbot.BAE122A0
CAT-QuickHeal 8.00 09.20.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 09.21.2006 no virus found
DrWeb 4.33 09.21.2006 BackDoor.IRC.Combot
eTrust-InoculateIT 23.73.1 09.21.2006 Win32/Duiskbot.J!Worm
eTrust-Vet 30.3.3090 09.21.2006 Win32/Duiskbot.J
Ewido 4.0 09.21.2006 no virus found
Fortinet 2.82.0.0 09.21.2006 W32/SpyBot.MK!worm
F-Prot 3.16f 09.21.2006 security risk named W32/Ircbot.VM
F-Prot4 4.2.1.29 09.21.2006 W32/Ircbot.VM
Ikarus 0.2.65.0 09.21.2006 no virus found
Kaspersky 4.0.2.24 09.21.2006 Backdoor.Win32.VanBot.n
McAfee 4857 09.21.2006 W32/Sdbot.worm!MS06-040
Microsoft 1.1560 09.21.2006 no virus found
NOD32v2 1.1766 09.21.2006 no virus found
Norman 5.90.23 09.21.2006 no virus found
Panda 9.0.0.4 09.21.2006 W32/Sdbot.IFM.worm
Sophos 4.09.0 09.21.2006 W32/Spybot-MK
Symantec 8.0 09.21.2006 no virus found
TheHacker 6.0.1.075 09.21.2006 no virus found
UNA 1.83 09.21.2006 Backdoor.SdBot.D
VBA32 3.11.1 09.21.2006 BackDoor.IRC.Combot
VirusBuster 4.3.7:9 09.21.2006 no virus found

Complete scanning result of "OD_02.exe", received in VirusTotal at 09.23.2006, 20:40:13 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.18 09.23.2006 TR/PSW.LdPinch.ach.6
Authentium 4.93.8 09.23.2006 no virus found
Avast 4.7.844.0 09.22.2006 Win32:Ldpinch-CK
AVG 386 09.22.2006 no virus found
BitDefender 7.2 09.23.2006 no virus found
CAT-QuickHeal 8.00 09.22.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 09.23.2006 no virus found
DrWeb 4.33 09.22.2006 no virus found
eTrust-InoculateIT 23.73.3 09.23.2006 no virus found
eTrust-Vet 30.3.3093 09.22.2006 no virus found
Ewido 4.0 09.23.2006 Trojan.LdPinch.ach
Fortinet 2.82.0.0 09.23.2006 suspicious
F-Prot 3.16f 09.23.2006 no virus found
F-Prot4 4.2.1.29 09.23.2006 no virus found
Ikarus 0.2.65.0 09.23.2006 Trojan-PSW.Win32.LdPinch.ach
Kaspersky 4.0.2.24 09.23.2006 no virus found
McAfee 4858 09.22.2006 no virus found
Microsoft 1.1560 09.23.2006 no virus found
NOD32v2 1.1769 09.23.2006 no virus found
Norman 5.90.23 09.22.2006 no virus found
Panda 9.0.0.4 09.23.2006 Suspicious file
Sophos 4.09.0 09.23.2006 no virus found
Symantec 8.0 09.23.2006 Infostealer
TheHacker 6.0.1.077 09.23.2006 no virus found
UNA 1.83 09.22.2006 no virus found
VBA32 3.11.1 09.23.2006 no virus found
VirusBuster 4.3.7:9 09.23.2006 no virus found

Aditional Information
File size: 439040 bytes
MD5: 3c3728ea1fa42690db0b34f31ad85145
SHA1: 85675c90d05a921d19bbc5862c155aaf48572f0f
packers: ACProtect, Aspack

Complete scanning result of "FR.exe", received in VirusTotal at 09.25.2006, 00:00:21 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.18 09.24.2006 TR/Small.Crypted.Gen
Authentium 4.93.8 09.23.2006 no virus found
Avast 4.7.844.0 09.22.2006 Win32:Downloader-gen
AVG 386 09.22.2006 Downloader.Obfuskated
[I]BitDefender 7.2 09.24.2006 no virus found[/I]
CAT-QuickHeal 8.00 09.22.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 09.24.2006 Dialer-307
DrWeb 4.33 09.22.2006 Trojan.DownLoader.based
eTrust-InoculateIT 23.73.4 09.24.2006 no virus found
eTrust-Vet 30.3.3093 09.22.2006 Win32/SillyDl.PW
Ewido 4.0 09.24.2006 no virus found
Fortinet 2.82.0.0 09.24.2006 Dial/269
F-Prot 3.16f 09.23.2006 no virus found
F-Prot4 4.2.1.29 09.23.2006 no virus found
Ikarus 0.2.65.0 09.23.2006 no virus found
Kaspersky 4.0.2.24 09.24.2006 Trojan-Downloader.Win32.Obfuscated.n
McAfee 4858 09.22.2006 potentially unwanted program Dialer-269
Microsoft 1.1560 09.24.2006 TrojanDownloader:Win32/Beenut.gen
NOD32v2 1.1772 09.24.2006 a variant of Win32/TrojanDownloader.Busky
Norman 5.90.23 09.22.2006 no virus found
Panda 9.0.0.4 09.24.2006 no virus found
Sophos 4.09.0 09.24.2006 no virus found
Symantec 8.0 09.24.2006 no virus found
TheHacker 6.0.1.078 09.24.2006 no virus found
UNA 1.83 09.22.2006 no virus found
VBA32 3.11.1 09.24.2006 suspected of MalwareScope.Trojan-Downloader.Obfuscated.1 (paranoid heuristics)
VirusBuster 4.3.7:9 09.24.2006 no virus found

Aditional Information
File size: 17528 bytes
MD5: 9317998c25a12f749cd8c3b5ca7e8c3a
SHA1: 7bacca912bc4b799bfe94ddb12dc069ef5ceef2a
packers: embedded

Не совсем в соответствии с правилами топика.
Отсюда:[url]http://forum.kaspersky.com/index.php?showtopic=22251[/url]

STATUS: FINISHEDComplete scanning result of "m_mail.rar", received in VirusTotal at 09.27.2006, 10:18:00 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.18 09.27.2006 TR/Drop.Microjoin.J.262
Authentium 4.93.8 09.27.2006 no virus found
Avast 4.7.892.0 09.26.2006 no virus found
AVG 386 09.26.2006 no virus found
BitDefender 7.2 09.27.2006 Trojan.Dropper.Microjoin.J
CAT-QuickHeal 8.00 09.27.2006 no virus found
ClamAV devel-20060426 09.27.2006no virus found
eTrust-InoculateIT 23.73.6 09.27.2006 no virus found
eTrust-Vet 30.3.3103 09.27.2006 no virus found
DrWeb 4.33 09.27.2006 Trojan.MulDrop.4153
Ewido 4.0 09.26.2006 no virus found
Fortinet 2.82.0.0 09.27.2006 suspicios
F-Prot 3.16f 09.27.2006 no virus found
F-Prot4 4.2.1.29 09.27.2006 no virus found
Ikarus 0.2.65.0 09.27.2006 no virus found
Kaspersky 4.0.2.24 09.27.2006 no virus found
McAfee 4860 09.26.2006 New Win32
Microsoft 1.1603 09.27.2006 no virus found
NOD32v2 1.1777 09.26.2006 no virus found
Norman 5.80.02 09.26.2006 no virus found
Panda 9.0.0.4 09.26.2006 Suspicious file
Sophos 4.10.0 09.27.2006 no virus found
Symantec 8.0 09.27.2006 no virus found
TheHacker 6.0.1.083 09.27.2006 no virus found
UNA 1.83 09.26.2006 no virus found
VBA32 3.11.1 09.26.2006 no virus found
VirusBuster 4.3.7:9 09.26.2006 no virus found


Aditional Information
File size: 303185 bytes
MD5: 3107a1ac0811b4ffbaa30e9e47e8defd
SHA1: 5fb710f44de5d6d3a48921d2595cc49ec0b6ef88

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability

Complete scanning result of "Document.hta", received in VirusTotal at 09.28.2006, 05:47:59 (CET).

AntiVir 7.2.0.18 09.27.2006 no virus found
Authentium 4.93.8 09.28.2006 VBS/Scano@dr
Avast 4.7.892.0 09.27.2006 no virus found
AVG 386 09.27.2006 I-Worm/Scano
BitDefender 7.2 09.28.2006 [email][email protected][/email]
CAT-QuickHeal 8.00 09.27.2006 VBS/Scano.E
ClamAV devel-20060426 09.27.2006 Worm.Scano.AF-2
DrWeb 4.33 09.27.2006 Win32.HLLM.Perf
eTrust-InoculateIT 23.73.7 09.28.2006 VBS/Areses!Worm
eTrust-Vet 30.3.3103 09.27.2006 VBS/Areses!generic
Ewido 4.0 09.27.2006 no virus found
Fortinet 2.82.0.0 09.28.2006 VBS/Scano.AF@mm
F-Prot 3.16f 09.28.2006 VBS/Scano@dr
F-Prot4 4.2.1.29 09.28.2006 VBS/Scano@dr
Ikarus 0.2.65.0 09.28.2006 no virus found
Kaspersky 4.0.2.24 09.28.2006 Trojan-Downloader.Win32.Scano.gen
McAfee 4861 09.27.2006 W32/Areses.dr
Microsoft 1.1603 09.28.2006 TrojanDropper:VBS/Scano.gen
NOD32v2 1.1780 09.27.2006 Win32/Scano.AO
Norman 5.90.23 09.27.2006 no virus found
Panda 9.0.0.4 09.27.2006 no virus found
Sophos 4.10.0 09.28.2006 W32/Bagle-GY
Symantec 8.0 09.28.2006 W32.Areses.Q!vbs
TheHacker 6.0.1.085 09.28.2006 no virus found
UNA 1.83 09.27.2006 no virus found
VBA32 3.11.1 09.27.2006 Email-Worm.Win32.Scano.e#6
VirusBuster 4.3.7:9 09.27.2006 VBS.Scano.AZ

Complete scanning result of "axdlplug-1.5.0.0-0147-setup.exe", received in VirusTotal at 09.29.2006, 08:10:23 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.18 09.28.2006 no virus found
Authentium 4.93.8 09.28.2006 no virus found
Avast 4.7.892.0 09.27.2006 Win32:Adware-gen.
AVG 386 09.27.2006 no virus found
BitDefender 7.2 09.29.2006 no virus found
CAT-QuickHeal 8.00 09.28.2006 no virus found
ClamAV devel-20060426 09.28.2006 no virus found
DrWeb 4.33 09.28.2006 Trojan.DownLoader.13318
eTrust-InoculateIT 23.73.8 09.29.2006 no virus found
eTrust-Vet 30.3.3104 09.28.2006 no virus found
Ewido 4.0 09.28.2006 no virus found
Fortinet 2.82.0.0 09.29.2006 suspicious
F-Prot 3.16f 09.28.2006 no virus found
F-Prot4 4.2.1.29 09.28.2006 no virus found
Ikarus 0.2.65.0 09.28.2006 no virus found
Kaspersky 4.0.2.24 09.29.2006 no virus found
McAfee 4862 09.28.2006 no virus found
Microsoft 1.1603 09.29.2006 NetPumper (threat-c)
NOD32v2 1.1782 09.28.2006 no virus found
Norman 5.90.23 09.28.2006 no virus found
Panda 9.0.0.4 09.28.2006 no virus found
Sophos 4.10.0 09.29.2006 no virus found
Symantec 8.0 09.29.2006 no virus found
TheHacker 6.0.1.086 09.29.2006 no virus found
UNA 1.83 09.28.2006 no virus found
VBA32 3.11.1 09.28.2006 no virus found
VirusBuster 4.3.7:9 09.28.2006 no virus found

Aditional Information
File size: 356911 bytes
MD5: 84373090b6b8d2122424ee6e5b997c9d
SHA1: f69cded63ef3a06bf71307fff485b01286026cbd
packers: RAR

Предлагают посмотреть на солистку ТАТУ в ванной


Complete scanning result of "tatu_Lena.exe", received in VirusTotal at 10.01.2006, 14:30:22 (CET).

[B]AntiVir 7.2.0.22 09.30.2006 DR/Agent.aij.2[/B]
Authentium 4.93.8 09.29.2006 could be a corrupted executable file
Avast 4.7.892.0 09.29.2006 no virus found
AVG 386 09.29.2006 no virus found
[B]BitDefender 7.2 10.01.2006 Trojan.PWS.LDPinch.SCA[/B]
[B]CAT-QuickHeal 8.00 09.30.2006 (Suspicious) - DNAScan[/B]
ClamAV devel-20060426 10.01.2006 no virus found
eTrust-InoculateIT 23.73.10 09.30.2006 no virus found
eTrust-Vet 30.3.3106 09.30.2006 no virus found
[B]DrWeb 4.33 10.01.2006 Trojan.MulDrop.1413[/B]
Ewido 4.0 09.30.2006 no virus found
[B]Fortinet 2.82.0.0 09.30.2006 PossibleThreat!09705[/B]
F-Prot 3.16f 09.29.2006 no virus found
F-Prot4 4.2.1.29 09.29.2006 no virus found
Ikarus 0.2.65.0 09.29.2006 no virus found
[B]Kaspersky 4.0.2.24 10.01.2006 Trojan-PSW.Win32.PdPinch.fe[/B]
[B]McAfee 4863 09.29.2006 New Win32.g5[/B]
Microsoft 1.1603 10.01.2006 no virus found
NOD32v2 1.1784 09.29.2006 no virus found
Norman 5.80.02 09.29.2006 no virus found
Panda 9.0.0.4 09.30.2006 no virus found
Sophos 4.10.0 09.30.2006 no virus found
Symantec 8.0 10.01.2006 no virus found
TheHacker 6.0.1.088 09.30.2006 no virus found
UNA 1.83 09.29.2006 no virus found
[B]VBA32 3.11.1 09.29.2006 Trojan.VBS.KillAV.O[/B]
VirusBuster 4.3.7:9 09.30.2006 no virus found

Aditional Information
File size: 30849 bytes
MD5: 5260cd82fc76352bc622964eccf9a8b2
SHA1: 42bfa6394d7d4a6e4ff57b4b50f5bbf4b176ae54

Девушка предлагает посмотреть на ее фото с подругой.

STATUS: FINISHEDComplete scanning result of "spodrugoj.zip", received in VirusTotal at 10.02.2006, 00:16:23 (CET).

AntiVir 7.2.0.22 09.30.2006 HEUR/Malware
Authentium 4.93.8 09.29.2006 no virus found
Avast 4.7.892.0 09.29.2006 no virus found
AVG 386 10.01.2006 no virus found
BitDefender 7.2 10.01.2006 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 8.00 09.30.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.01.2006 no virus found
DrWeb 4.33 10.01.2006 no virus found
eTrust-InoculateIT 23.73.10 09.30.2006 no virus found
eTrust-Vet 30.3.3106 09.30.2006 Win32/Areses
Ewido 4.0 10.01.2006 no virus found
Fortinet 2.82.0.0 10.01.2006 suspicious
F-Prot 3.16f 09.29.2006 no virus found
F-Prot4 4.2.1.29 09.29.2006 no virus found
Ikarus 0.2.65.0 09.29.2006 no virus found
Kaspersky 4.0.2.24 10.01.2006 no virus found
McAfee 4863 09.29.2006 Downloader-AWA
Microsoft 1.1603 10.01.2006 no virus found
NOD32v2 1.1784 09.29.2006 a variant of Win32/TrojanDownloader.Delf.AJD
Norman 5.90.23 09.29.2006 W32/Downloader
Panda 9.0.0.4 10.01.2006 Suspicious file
Sophos 4.10.0 10.01.2006 Mal/Packer
Symantec 8.0 10.01.2006 no virus found
TheHacker 6.0.1.088 09.30.2006 no virus found
UNA 1.83 09.29.2006 no virus found
VBA32 3.11.1 10.01.2006 no virus found
VirusBuster 4.3.7:9 10.01.2006 no virus found

Complete scanning result of "Update-KB5984-x86.exe", processed in VirusTotal at 10/02/2006 06:47:26 (CET).

[ file data ]
* name: Update-KB5984-x86.exe
* size: 148860
* md5.: bb8c209c4f62e12db30fb58636ca9eb6
* sha1: 98bb80f43058a8b39990dff801f40e809c46bf60

[ scan result ]
AntiVir 7.2.0.22/20060930 found [Worm/Stration.C]
Authentium 4.93.8/20060929 found nothing
Avast 4.7.892.0/20060929 found nothing
AVG 386/20061001 found [I-Worm/Stration]
BitDefender 7.2/20061002 found nothing
CAT-QuickHeal 8.00/20060930 found [(Suspicious) - DNAScan]
ClamAV devel-20060426/20061002 found [Worm.Stration.EM]
DrWeb 4.33/20061001 found nothing
eTrust-InoculateIT 23.73.10/20060930 found nothing
eTrust-Vet 30.3.3106/20060930 found nothing
Ewido 4.0/20061001 found nothing
F-Prot 3.16f/20060929 found nothing
F-Prot4 4.2.1.29/20060929 found nothing
Fortinet 2.82.0.0/20061002 found [suspicious]
Ikarus 0.2.65.0/20060929 found [Email-Worm.Win32.Warezov.at]
Kaspersky 4.0.2.24/20061002 found nothing
McAfee 4863/20060929 found [New Malware.n]
Microsoft 1.1603/20061001 found nothing
NOD32v2 1.1784/20060929 found nothing
Norman 5.80.02/20060929 found nothing
Panda 9.0.0.4/20061001 found [Suspicious file]
Sophos 4.10.0/20061002 found [Mal/Packer]
Symantec 8.0/20061002 found nothing
TheHacker 6.0.1.088/20060930 found nothing
UNA 1.83/20060929 found nothing
VBA32 3.11.1/20061001 found nothing
VirusBuster 4.3.7:9/20061001 found [Trojan.Opnis.Gen!Pac2]

[ notes ]
packers: UPACK

STATUS: FINISHEDComplete scanning result of "__1056", received in VirusTotal at 10.02.2006, 10:09:55 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.22 09.30.2006 EXP/Agent.B
Authentium 4.93.8 09.29.2006 no virus found
Avast 4.7.892.0 09.29.2006 no virus found
AVG 386 10.01.2006 no virus found
BitDefender 7.2 10.02.2006 Application.JS.ForcePopup.D
CAT-QuickHeal 8.00 09.30.2006 no virus found
ClamAV devel-20060426 10.02.2006 no virus found
eTrust-InoculateIT 23.73.10 09.30.2006 no virus found
eTrust-Vet 30.3.3111 10.02.2006 no virus found
DrWeb 4.33 10.02.2006 Trojan.Click.1394
Ewido 4.0 10.02.2006 Hijacker.Agent.a
Fortinet 2.82.0.0 10.02.2006 no virus found
F-Prot 3.16f 09.29.2006 no virus found
F-Prot4 4.2.1.29 09.29.2006 no virus found
Ikarus 0.2.65.0 10.02.2006 no virus found
Kaspersky 4.0.2.24 10.02.2006 Trojan-Clicker.HTML.Agent.a
McAfee 4863 09.29.2006 no virus found
Microsoft 1.1603 10.02.2006 no virus found
NOD32v2 1.1785 10.02.2006 no virus found
Norman 5.80.02 09.29.2006 no virus found
Panda 9.0.0.4 10.01.2006 no virus found
Sophos 4.10.0 10.02.2006 no virus found
Symantec 8.0 10.02.2006 no virus found
TheHacker 6.0.1.089 10.02.2006 no virus found
UNA 1.83 09.29.2006 no virus found
VBA32 3.11.1 10.01.2006 no virus found
VirusBuster 4.3.7:9 10.01.2006 no virus found


Aditional Information
File size: 8935 bytes
MD5: a9474a01779ec4f2e6219ea94c014d31
SHA1: 58e7f438a370b9dc00d37935da89c93eb4a5b48f

Кликеру сто лет, а ловят по прежнему единицы

В продолжении Update'а-KB5984-x86.exe

Untitled.txt [From ***@telcan.com][Date Pц]/Update-KB8750-x86.exe/PE_Patch/UPack



File "Untitled.txt" received on 10.02.2006 at 13:31:12 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

Antivirus Version Update Result
[B]AntiVir 7.2.0.22 10.02.2006 Worm/Stration.C[/B]
Authentium 4.93.8 09.29.2006 no virus found
Avast 4.7.892.0 10.02.2006 no virus found
AVG 386 10.01.2006 no virus found
BitDefender 7.2 10.02.2006 no virus found
CAT-QuickHeal 8.00 09.30.2006 no virus found
[B]ClamAV devel-20060426 10.02.2006 Worm.Stration.EW[/B]
[B]DrWeb 4.33 10.02.2006 Win32.HLLM.Limar.based[/B]
eTrust-InoculateIT 23.73.10 09.30.2006 no virus found
eTrust-Vet 30.3.3111 10.02.2006 no virus found
Ewido 4.0 10.02.2006 no virus found
Fortinet 2.82.0.0 10.02.2006 suspicious
F-Prot 3.16f 09.29.2006 no virus found
F-Prot4 4.2.1.29 09.29.2006 no virus found
[B]Ikarus 0.2.65.0 10.02.2006 Email-Worm.Win32.Warezov.at[/B]
[B]Kaspersky 4.0.2.24 10.02.2006 Email-Worm.Win32.Warezov.bt[/B]
[B]McAfee 4863 09.29.2006 New Malware.n[/B]
Microsoft 1.1603 10.02.2006 no virus found
NOD32v2 1.1786 10.02.2006 no virus found
Norman 5.90.23 09.29.2006 no virus found
Panda 9.0.0.4 10.01.2006 Suspicious file
Sophos 4.10.0 10.02.2006 Mal/Packer
Symantec 8.0 10.02.2006 no virus found

Aditional Information
File size: 201263 bytes
MD5: a54fefc9a3507e5e8764e29c6d835602
SHA1: b9979a7b447ad3b5ca76dca245d541de5b783a7e

* name: test.txt.bat
* size: 150557
* md5.: 52ce315c114cd680db7b71c7927687c2
* sha1: 6f6bcc5734eb7614dad11aead24613ba581520b8

[ scan result ]
AntiVir 7.2.0.22/20061002 found [Worm/Stration.C]
Authentium 4.93.8/20060929 found nothing
Avast 4.7.892.0/20061002 found nothing
AVG 386/20061001 found [I-Worm/Stration]
BitDefender 7.2/20061002 found [Dropped:Win32.Stration.Gen@mm]
CAT-QuickHeal 8.00/20060930 found [(Suspicious) - DNAScan]
ClamAV devel-20060426/20061002 found [Worm.Stration.ET]
DrWeb 4.33/20061002 found [Win32.HLLM.Limar.based]
eTrust-InoculateIT 23.73.10/20060930 found nothing
eTrust-Vet 30.3.3111/20061002 found nothing
Ewido 4.0/20061002 found nothing
F-Prot 3.16f/20060929 found nothing
F-Prot4 4.2.1.29/20060929 found nothing
Fortinet 2.82.0.0/20061002 found [suspicious]
Ikarus 0.2.65.0/20061002 found [Email-Worm.Win32.Warezov.at]
Kaspersky 4.0.2.24/20061002 found [Email-Worm.Win32.Warezov.bw]
McAfee 4863/20060929 found [New Malware.n]
Microsoft 1.1603/20061002 found nothing
NOD32v2 1.1786/20061002 found [Win32/Stration.FM]
Norman 5.80.02/20060929 found nothing
Panda 9.0.0.4/20061001 found [Suspicious file]
Sophos 4.10.0/20061002 found [Mal/Packer]
Symantec 8.0/20061002 found nothing
TheHacker 6.0.1.089/20061002 found nothing
UNA 1.83/20060929 found nothing
VBA32 3.11.1/20061001 found nothing
VirusBuster 4.3.7:9/20061001 found [Trojan.Opnis.Gen!Pac2]

packers: UPACK


* name: document.log.cmd
* size: 147768
* md5.: b2676ac7cae4b137c6929eb0457fe3c8
* sha1: 2bd946a9cd09f34de32682723c068e0749836795

[ scan result ]
AntiVir 7.2.0.22/20061002 found [Worm/Stration.C]
Authentium 4.93.8/20060929 found nothing
Avast 4.7.892.0/20061002 found nothing
AVG 386/20061001 found [I-Worm/Stration]
BitDefender 7.2/20061002 found [Win32.Stration.Gen@mm]
CAT-QuickHeal 8.00/20060930 found [(Suspicious) - DNAScan]
ClamAV devel-20060426/20061002 found [Worm.Stration.EY]
DrWeb 4.33/20061002 found [Win32.HLLM.Limar.based]
eTrust-InoculateIT 23.73.10/20060930 found nothing
eTrust-Vet 30.3.3111/20061002 found nothing
Ewido 4.0/20061002 found nothing
F-Prot 3.16f/20060929 found nothing
F-Prot4 4.2.1.29/20060929 found nothing
Fortinet 2.82.0.0/20061002 found [suspicious]
Ikarus 0.2.65.0/20061002 found [Email-Worm.Win32.Warezov.at]
Kaspersky 4.0.2.24/20061002 found nothing
McAfee 4863/20060929 found [New Malware.n]
Microsoft 1.1603/20061002 found nothing
NOD32v2 1.1786/20061002 found [Win32/Stration.FS]
Norman 5.80.02/20060929 found nothing
Panda 9.0.0.4/20061001 found [Suspicious file]
Sophos 4.10.0/20061002 found [Mal/Packer]
Symantec 8.0/20061002 found nothing
TheHacker 6.0.1.089/20061002 found nothing
UNA 1.83/20060929 found nothing
VBA32 3.11.1/20061001 found nothing
VirusBuster 4.3.7:9/20061001 found [Trojan.Opnis.Gen!Pac2]

packers: UPACK

на фтп + еще пара детектируемых почти всеми вариантов

* name: readme.dat.exe
* size: 144414
* md5.: 2ce50c5687173f2ef8d8504a5a4bcf4e
* sha1: ccbf3ed449ba080d4cb8f1d16f8fc6b1d409658d

[ scan result ]
AntiVir 7.2.0.22/20061002 found [Worm/Stration.C]
[B]Authentium 4.93.8/20060929 found nothing [/B]
[B]Avast 4.7.892.0/20061002 found nothing [/B]
AVG 386/20061001 found [I-Worm/Stration]
BitDefender 7.2/20061002 found [Win32.Stration.Gen@mm]
CAT-QuickHeal 8.00/20060930 found [(Suspicious) - DNAScan]
ClamAV devel-20060426/20061002 found [Worm.Stration.FC-1]
DrWeb 4.33/20061002 found [Win32.HLLM.Limar.based]
[B]eTrust-InoculateIT 23.73.10/20060930 found nothing [B]
[B]eTrust-Vet 30.3.3111/20061002 found nothing [/B]
[B]Ewido 4.0/20061002 found nothing [/B]
[B]F-Prot 3.16f/20060929 found nothing [/B]
[B]F-Prot4 4.2.1.29/20060929 found nothing [/B]
Fortinet 2.82.0.0/20061002 found [W32/Stration.DR@mm]
Ikarus 0.2.65.0/20061002 found [Packer.byDwing]
[B]Kaspersky 4.0.2.24/20061002 found nothing [/B]
McAfee 4863/20060929 found [New Malware.n]
[B]Microsoft 1.1603/20061002 found nothing [/B]
NOD32v2 1.1786/20061002 found [a variant of Win32/Stration]
[B]Norman 5.80.02/20061002 found nothing [/B]
Panda 9.0.0.4/20061001 found [Suspicious file]
Sophos 4.10.0/20061002 found [W32/Stratio-AO]
[B]Symantec 8.0/20061002 found nothing [/B]
[B]TheHacker 6.0.1.089/20061002 found nothing [/B]
[B]UNA 1.83/20061002 found nothing [/B]
VBA32 3.11.1/20061001 found [suspected of Worm.Warezov.5 (paranoid heuristics)]
VirusBuster 4.3.7:9/20061002 found [Trojan.Opnis.Gen!Pac2]

[ notes ]
packers: UPACK

Complete scanning result of "body.zip", received in VirusTotal at 10.04.2006, 05:28:40 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.22 10.03.2006 no virus found
Authentium 4.93.8 10.03.2006 W32/Warezov.gen!W32DL
[B]Avast 4.7.892.0 10.03.2006 no virus found [/B]
AVG 386 10.03.2006 I-Worm/Stration
[B]BitDefender 7.2 10.04.2006 no virus found [/B]
CAT-QuickHeal 8.00 10.03.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.04.2006 Worm.Stration.EY
DrWeb 4.33 10.03.2006 Win32.HLLM.Limar
eTrust-InoculateIT 23.73.13 10.04.2006 Win32/Stration.4gf!Worm
eTrust-Vet 30.3.3113 10.03.2006 Win32/Stration!ZIP!generic
Ewido 4.0 10.04.2006 Worm.Warezov
Fortinet 2.82.0.0 10.04.2006 W32/Stration.DR@mm
F-Prot 3.16f 10.03.2006 W32/Warezov.gen!W32DL
F-Prot4 4.2.1.29 10.02.2006 W32/Tricky-Malware-based!Maximus
Ikarus 0.2.65.0 10.03.2006 Packer.byDwing
[B]Kaspersky 4.0.2.24 10.04.2006 no virus found [/B]
McAfee 4865 10.03.2006 W32/Stration.dr
[B]Microsoft 1.1603 10.04.2006 no virus found [/B]
[B]NOD32v2 1.1788 10.03.2006 no virus found [/B]
Norman 5.90.23 10.03.2006 W32/Stration.PR
[B]Panda 9.0.0.4 10.03.2006 no virus found [/B]
Sophos 4.10.0 10.04.2006 W32/Stratio-Zip
[B]Symantec 8.0 10.04.2006 no virus found [/B]
TheHacker 6.0.1.090 10.03.2006 W32/Stration@MM
[B]UNA 1.83 10.03.2006 no virus found [/B]
[B]VBA32 3.11.1 10.03.2006 no virus found [/B]
VirusBuster 4.3.7:9 10.03.2006 Trojan.Opnis.Gen!Pac2

Aditional Information
File size: 110914 bytes
MD5: 83e2fb64b28a5d0d562d031d63cbf653
SHA1: 8b891bcc69c54e5f4fd12b95400c9de2a907e6f5

Вчерашнее письмо.

Complete scanning result of "doc.zip", received in VirusTotal at 10.04.2006, 07:55:55 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.22 10.03.2006 Worm/Stration.C
Authentium 4.93.8 10.03.2006 W32/Warezov.gen!W32DL
Avast 4.7.892.0 10.03.2006 Win32:Warezov-HQ
AVG 386 10.03.2006 I-Worm/Stration
BitDefender 7.2 10.04.2006 Dropped:Win32.Stration.Gen@mm
CAT-QuickHeal 8.00 10.03.2006 I-Worm.Warezov.bu
ClamAV devel-20060426 10.04.2006 Worm.Stration.EU
DrWeb 4.33 10.03.2006 Win32.HLLM.Limar
eTrust-InoculateIT 23.73.13 10.04.2006 Win32/Stration.4gf!Worm
eTrust-Vet 30.3.3113 10.03.2006 Win32/Stration.CN
Ewido 4.0 10.04.2006 Worm.Warezov.bu
Fortinet 2.82.0.0 10.04.2006 W32/Stration.DR@mm
F-Prot 3.16f 10.03.2006 W32/Warezov.gen!W32DL
F-Prot4 4.2.1.29 10.02.2006 W32/Tricky-Malware-based!Maximus
Ikarus 0.2.65.0 10.03.2006 Packer.byDwing
Kaspersky 4.0.2.24 10.04.2006 Email-Worm.Win32.Warezov.bu
McAfee 4865 10.03.2006 W32/Stration.dr
Microsoft 1.1603 10.04.2006 Win32/Stration.gen!dr
NOD32v2 1.1788 10.03.2006 Win32/Stration.FL
Norman 5.90.23 10.03.2006 W32/Stration.PM
Panda 9.0.0.4 10.03.2006 W32/Spamta.EB.worm
Sophos 4.10.0 10.04.2006 W32/Stratio-AO
[B]Symantec 8.0 10.04.2006 no virus found[/B]
TheHacker 6.0.1.091 10.04.2006 W32/Stration@MM
[B]UNA 1.83 10.03.2006 no virus found[/B]
VBA32 3.11.1 10.03.2006 Email-Worm.Win32.Warezov.bu
VirusBuster 4.3.7:9 10.03.2006 Trojan.Opnis.Gen!Pac2

Aditional Information
File size: 131507 bytes
MD5: 8284c69db3330c122e46b6d66c19cb5b
SHA1: 8431d833b3889025e55cfb75c93ae568b65488db

Complete scanning result of "Update-KB7031-x86.exe", received in VirusTotal at 10.04.2006, 09:43:07 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.22 10.04.2006 Worm/Stration.C
Authentium 4.93.8 10.03.2006 W32/Warezov.gen!W32DL
[B]Avast 4.7.892.0 10.03.2006 no virus found [/B]
AVG 386 10.03.2006 I-Worm/Stration
BitDefender 7.2 10.04.2006 Win32.Worm.Stration.CC@mm
CAT-QuickHeal 8.00 10.03.2006 (Suspicious) - DNAScan
[B]ClamAV devel-20060426 10.04.2006 no virus found [/B]
eTrust-InoculateIT 23.73.13 10.04.2006 Win32/Stration.Variant!Worm
eTrust-Vet 30.3.3113 10.03.2006 Win32/Stration!generic
DrWeb 4.33 10.04.2006 Win32.HLLM.Limar
[B]Ewido 4.0 10.04.2006 no virus found [/B]
Fortinet 2.82.0.0 10.04.2006 W32/Stration.DR@mm
F-Prot 3.16f 10.03.2006 W32/Warezov.gen!W32DL
F-Prot4 4.2.1.29 10.02.2006 W32/Tricky-Malware-based!Maximus
Ikarus 0.2.65.0 10.04.2006 Packer.byDwing
Kaspersky 4.0.2.24 10.04.2006 Email-Worm.Win32.Warezov.gen
McAfee 4865 10.03.2006 W32/Stration.dr
Microsoft 1.1603 10.04.2006 Win32/Stration.gen!dr
NOD32v2 1.1788 10.03.2006 a variant of Win32/Stration
Norman 5.80.02 10.03.2006 W32/Stration.gen@mm
Panda 9.0.0.4 10.03.2006 Suspicious file
Sophos 4.10.0 10.04.2006 W32/Stratio-AO
[B]Symantec 8.0 10.04.2006 no virus found [/B]
TheHacker 6.0.1.091 10.04.2006 W32/Stration@MM
[B]UNA 1.83 10.03.2006 no virus found [/B]
VBA32 3.11.1 10.03.2006 suspected of Worm.Warezov.5 (paranoid heuristics)
VirusBuster 4.3.7:9 10.03.2006 Trojan.Opnis.Gen!Pac2

Aditional Information
File size: 149422 bytes
MD5: 92b463742a398d1c1b2b2f43b58adb45
SHA1: 5b01de326250e061990d67a0f570e342de3690b7
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email][email protected][/email] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Decompressing Upack?.
* Display message box (Information) : Update successfully installed..
* File length: 149422 bytes.

[ Process/window information ]
* Creates an event called ZAEventEx.
* Creates an event called SGEventEx.
* Creates an event called MAEvent2Ex.
* Creates an event called NISEventEx.
* Creates an event called OPEventEx.
* Attempts to access service "vsmon".
* Creates an event called ActiveZA.
* Attempts to access service "SmcService".
* Creates an event called ActiveSG.
* Attempts to access service "wscsvc".
* Attempts to access service "SharedAccess".
* Attempts to access service "Symantec Core LC".
* Creates an event called ActiveNIS.
[B]* Attempts to access service "OutpostFirewall".[/B]
* Creates an event called ActiveOP.
* Attempts to access service "MpfService".
* Creates an event called ActiveMA.
* Attempts to access service "WinRoute".

Complete scanning result of "Agytin.scr", received in VirusTotal at 10.04.2006, 20:47:55 (CET).

Antivirus Version Update Result

[B]AntiVir 7.2.0.22 10.04.2006 TR/PSW.LdPinch.axz[/B]
[B]Authentium 4.93.8 10.03.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus[/B]
Avast 4.7.892.0 10.04.2006 no virus found
AVG 386 10.04.2006 no virus found
[B]BitDefender 7.2 10.04.2006 DeepScan:Generic.PWStealer.91DD6EFA[/B]
[B]CAT-QuickHeal 8.00 10.04.2006 W32.Brontok.Q[/B]
ClamAV devel-20060426 10.04.2006 no virus found
[B]DrWeb 4.33 10.04.2006 Trojan.PWS.LDPinch.1196[/B]
eTrust-InoculateIT 23.73.13 10.04.2006 no virus found
eTrust-Vet 30.3.3114 10.04.2006 no virus found
[B]Ewido 4.0 10.04.2006 Trojan.LdPinch.axz[/B]
[B]Fortinet 2.82.0.0 10.04.2006 W32/LdPinch.AXZ!tr.pws[/B]
[B]F-Prot 3.16f 10.03.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus[/B]
[B]F-Prot4 4.2.1.29 10.04.2006 W32/HLLI-MewOrleans-based!Maximus
Ikarus 0.2.65.0 10.04.2006 no virus found[/B]
[B]Kaspersky 4.0.2.24 10.04.2006 Trojan-PSW.Win32.LdPinch.axz[/B]
McAfee 4866 10.04.2006 no virus found
[B]Microsoft 1.1603 10.04.2006 Win32/Ldpinch[/B]
NOD32v2 1.1789 10.04.2006 no virus found
[B]Norman 5.90.23 10.04.2006 W32/Suspicious_M.gen[/B]
Panda 9.0.0.4 10.04.2006 Suspicious file
Sophos 4.10.0 10.04.2006 Mal/Packer
Symantec 8.0 10.04.2006 no virus found
TheHacker 6.0.1.091 10.04.2006 no virus found
UNA 1.83 10.04.2006 no virus found
[B]VBA32 3.11.1 10.04.2006 Trojan-PSW.Win32.LdPinch.axz[/B]
VirusBuster 4.3.7:9 10.04.2006 no virus found

Aditional Information
File size: 48259 bytes
MD5: 2066d4c80d5c952357411c746d7ff66c
SHA1: 71aaf54e0412aa3e2e9e11c0c9792f784369b026
packers: MEW

Complete scanning result of "playercodec1079.exe", received in VirusTotal at 10.05.2006, 00:29:15 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.22 10.04.2006 TR/Drop.Zlob.acn
Authentium 4.93.8 10.04.2006 no virus found
Avast 4.7.892.0 10.04.2006 no virus found
AVG 386 10.04.2006 Downloader.Zlob.DEZ
BitDefender 7.2 10.04.2006 no virus found
CAT-QuickHeal 8.00 10.04.2006 no virus found
ClamAV devel-20060426 10.04.2006 no virus found
DrWeb 4.33 10.04.2006 no virus found
eTrust-InoculateIT 23.73.13 10.04.2006 no virus found
eTrust-Vet 30.3.3114 10.04.2006 no virus found
Ewido 4.0 10.04.2006 no virus found
Fortinet 2.82.0.0 10.04.2006 no virus found
F-Prot 3.16f 10.04.2006 no virus found
F-Prot4 4.2.1.29 10.04.2006 no virus found
Ikarus 0.2.65.0 10.04.2006 no virus found
Kaspersky 4.0.2.24 10.04.2006 no virus found
McAfee 4866 10.04.2006 no virus found
Microsoft 1.1603 10.04.2006 no virus found
NOD32v2 1.1790 10.04.2006 no virus found
Norman 5.90.23 10.04.2006 no virus found
Panda 9.0.0.4 10.04.2006 no virus found
Sophos 4.10.0 10.04.2006 no virus found
Symantec 8.0 10.04.2006 no virus found
TheHacker 6.0.1.091 10.04.2006 no virus found
UNA 1.83 10.04.2006 no virus found
VBA32 3.11.1 10.04.2006 no virus found
VirusBuster 4.3.7:9 10.04.2006 no virus found

Aditional Information
File size: 73055 bytes
MD5: 2b0329b23efcf409a5c604be7a9120e4
SHA1: 8080331f906431390c53a4e86fac0cb9279ea706

STATUS: FINISHEDComplete scanning result of "__1056", received in VirusTotal at 10.06.2006, 14:34:20 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.25 10.06.2006 HEUR/Crypted
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.06.2006 no virus found
AVG 386 10.06.2006 PSW.Ldpinch.CGU
BitDefender 7.2 10.06.2006 no virus found
CAT-QuickHeal 8.00 10.06.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.06.2006 no virus found
DrWeb 4.33 10.06.2006 Trojan.PWS.LDPinch.1156
eTrust-InoculateIT 23.73.15 10.06.2006 no virus found
eTrust-Vet 30.3.3115 10.05.2006 no virus found
Ewido 4.0 10.06.2006 Trojan.LdPinch.axr
Fortinet 2.82.0.0 10.06.2006 W32/LdPinch.AXR!tr.pws
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.05.2006 no virus found
Ikarus 0.2.65.0 10.06.2006 no virus found
Kaspersky 4.0.2.24 10.06.2006 Trojan-PSW.Win32.LdPinch.axr
McAfee 4867 10.05.2006 no virus found
Microsoft 1.1603 10.06.2006 no virus found
NOD32v2 1.1793 10.06.2006 no virus found
Norman 5.90.23 10.06.2006 W32/Suspicious_M.gen
Panda 9.0.0.4 10.05.2006 Suspicious file
Sophos 4.10.0 10.05.2006 Mal/Packer
TheHacker 6.0.1.092 10.05.2006 Trojan/PSW.LdPinch.axr
UNA 1.83 10.05.2006 Trojan.PSW.Win32.LdPinch.7F46
VBA32 3.11.1 10.05.2006 suspected of Malware.Agent.26 (paranoid heuristics)
VirusBuster 4.3.7:9 10.05.2006 no virus found


Aditional Information
File size: 199099 bytes
MD5: b28a73ea5d14509f5cfc082e56603eb8
SHA1: 7fe74ca1f158c5e90904d52226a37b7cb1e5f7d4
packers: MEW

Пинч. Выловил мак Афи на работе. На вирустотале макафи его уже не взял. Базы?

Судя по названию разработчик пинча, а некотыре антивирусы похоже с ним до сих пор не знакомы:'-(
Complete scanning result of "PinchBuilder.exe", received in VirusTotal at 10.07.2006, 05:29:31 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.25 10.06.2006 TR/PSW.LdPinch.aju
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.06.2006 Win32:Trojan-gen. {UPX!}
AVG 386 10.06.2006 PSW.Ldpinch.AVH
BitDefender 7.2 10.07.2006 Trojan.Pws.Ldpinch.AJU
CAT-QuickHeal 8.00 10.06.2006 no virus found
ClamAV devel-20060426 10.07.2006 no virus found
DrWeb 4.33 10.06.2006 Trojan.PWS.Banker.3909
eTrust-InoculateIT 23.73.16 10.07.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 no virus found
Ewido 4.0 10.06.2006 Trojan.LdPinch.aju
Fortinet 2.82.0.0 10.07.2006 W32/LdPinch.AJU!tr.pws
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.06.2006 no virus found
Ikarus 0.2.65.0 10.07.2006 no virus found
Kaspersky 4.0.2.24 10.07.2006 Trojan-PSW.Win32.LdPinch.aju
McAfee 4868 10.06.2006 no virus found
Microsoft 1.1603 10.07.2006 no virus found
NOD32v2 1.1794 10.06.2006 Win32/PSW.LdPinch.AJU
Norman 5.80.02 10.06.2006 W32/LdPinch.CZD
Panda 9.0.0.4 10.06.2006 Suspicious file
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.093 10.06.2006 no virus found
UNA 1.83 10.06.2006 Trojan.PSW.Win32.LdPinch.2FCF
VBA32 3.11.1 10.06.2006 Trojan-PSW.Win32.LdPinch.aju
VirusBuster 4.3.7:9 10.06.2006 Trojan.PWS.LdPinch.NJ

Aditional Information
File size: 246784 bytes
MD5: 94d2ace74c7e946a2985a48986acd8c6
SHA1: 977aeb78f714df76bd087e860e97547eb3579094
packers: UPX
packers: UPX
packers: UPX

Приполз по аське - ссылка от 170435134

STATUS: FINISHEDComplete scanning result of "lt.exe", received in VirusTotal at 10.07.2006, 15:12:59 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.25 10.06.2006 HEUR/Crypted
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.07.2006 no virus found
AVG 386 10.06.2006 no virus found
BitDefender 7.2 10.07.2006 DeepScan:Generic.Stration.EBB41240
CAT-QuickHeal 8.00 10.07.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.07.2006 no virus found
DrWeb 4.33 10.07.2006 Win32.HLLM.Limar
eTrust-InoculateIT 23.73.16 10.07.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 no virus found
Ewido 4.0 10.07.2006 Worm.Warezov.co
Fortinet 2.82.0.0 10.07.2006 W32/Warezov.CO@mm
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.06.2006 no virus found
Ikarus 0.2.65.0 10.07.2006 Packer.byDwing
Kaspersky 4.0.2.24 10.07.2006 Email-Worm.Win32.Warezov.co
McAfee 4868 10.06.2006 New Malware.n
Microsoft 1.1603 10.07.2006 no virus found
NOD32v2 1.1794 10.06.2006 a variant of Win32/Stration
Norman 5.80.02 10.06.2006 no virus found
Panda 9.0.0.4 10.06.2006 Suspicious file
Sophos 4.10.0 10.05.2006 Mal/Packer
TheHacker 6.0.1.093 10.06.2006 no virus found
UNA 1.83 10.06.2006 no virus found
VBA32 3.11.1 10.06.2006 no virus found
VirusBuster 4.3.7:9 10.06.2006 no virus found

Complete scanning result of "a20.exe", received in VirusTotal at 10.07.2006, 19:28:27 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.25 10.06.2006 TR/Packed.CryptExe
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.07.2006 no virus found
AVG 386 10.07.2006 Win32/CryptExe
BitDefender 7.2 10.07.2006 GenPack:Generic.Sdbot.A0C70812
CAT-QuickHeal 8.00 10.07.2006 no virus found
ClamAV devel-20060426 10.07.2006 no virus found
DrWeb 4.33 10.07.2006 Win32.HLLW.MyBot
eTrust-InoculateIT 23.73.16 10.07.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 no virus found
Ewido 4.0 10.07.2006 Backdoor.SdBot.avd
Fortinet 2.82.0.0 10.07.2006 suspicious
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.06.2006 generic
Ikarus 0.2.65.0 10.07.2006 no virus found
Kaspersky 4.0.2.24 10.07.2006 no virus found
McAfee 4868 10.06.2006 no virus found
Microsoft 1.1603 10.07.2006 no virus found
NOD32v2 1.1794 10.06.2006 a variant of IRC/SdBot
Norman 5.80.02 10.06.2006 W32/Malware.BBT
Panda 9.0.0.4 10.07.2006 W32/Sdbot.IJN.worm
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.093 10.06.2006 no virus found
UNA 1.83 10.06.2006 no virus found
VBA32 3.11.1 10.06.2006 suspected of Backdoor.xBot.1 (paranoid heuristics)
VirusBuster 4.3.7:9 10.07.2006 Worm.SdBot.CVO

Aditional Information
File size: 77312 bytes
MD5: cd3e5ed0109a0060fcc7c62fcb69c6a7
SHA1: 9d12e44dffed9cae34a397909ecd452795b3e062
packers: EXECryptor

Complete scanning result of "kber.exe", received in VirusTotal at 10.07.2006, 19:43:22 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.25 10.06.2006 TR/Packed.CryptExe
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.07.2006 no virus found
AVG 386 10.07.2006 Win32/CryptExe
BitDefender 7.2 10.07.2006 no virus found
CAT-QuickHeal 8.00 10.07.2006 Backdoor.Sdbot.gen
ClamAV devel-20060426 10.07.2006 no virus found
DrWeb 4.33 10.07.2006 Win32.HLLW.MyBot
eTrust-InoculateIT 23.73.16 10.07.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 no virus found
Ewido 4.0 10.07.2006 no virus found
Fortinet 2.82.0.0 10.07.2006 suspicious
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.06.2006 no virus found
Ikarus 0.2.65.0 10.07.2006 no virus found
Kaspersky 4.0.2.24 10.07.2006 no virus found
McAfee 4868 10.06.2006 no virus found
Microsoft 1.1603 10.07.2006 no virus found
NOD32v2 1.1794 10.06.2006 no virus found
Norman 5.80.02 10.06.2006 no virus found
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.093 10.06.2006 no virus found
UNA 1.83 10.06.2006 no virus found
VBA32 3.11.1 10.06.2006 suspected of Backdoor.xBot.1 (paranoid heuristics)
VirusBuster 4.3.7:9 10.07.2006 Worm.SdBot.CVO

Aditional Information
File size: 128000 bytes
MD5: b8a540991466e3f35ca0370cf5d27a79
SHA1: 687c2c7be5da959b5169a7ddb4b6e1b2268cbb1b
packers: EXECryptor
Мост , из темы "тихий ужас" : кав пока ещё не детектит ,я им ещё раз послал :)

Complete scanning result of "fabrika_zvezd.exe", received in VirusTotal at 10.08.2006, 08:08:11 (CET).


Antivirus Version Update Result

[B]AntiVir 7.2.0.25 10.06.2006 TR/Dldr.Small.dib.6[/B]
[B]Authentium 4.93.8 10.06.2006 Possibly a new variant of W32/Downloader-Sml-based!Maximus[/B]
[B]Avast 4.7.892.0 10.07.2006 Win32:Small-BSO[/B]
[B]AVG 386 10.07.2006 Downloader.Harnig.AM[/B]
[B]BitDefender 7.2 10.08.2006 DeepScan:Generic.Malware.dld!!g.AB061EF4[/B]
CAT-QuickHeal 8.00 10.07.2006 no virus found
ClamAV devel-20060426 10.08.2006 no virus found
[B]DrWeb 4.33 10.07.2006 Trojan.DownLoader.13549[/B]
[B]eTrust-InoculateIT 23.73.16 10.07.2006 Win32/SillyDL!Trojan
eTrust-Vet 30.3.3118 10.06.2006 Win32/Harnig!generic[/B]
Ewido 4.0 10.07.2006 no virus found
[B]Fortinet 2.82.0.0 10.08.2006 W32/Harnig.CU!tr.dldr
F-Prot 3.16f 10.06.2006 Possibly a new variant of W32/Downloader-Sml-based!Maximus
F-Prot4 4.2.1.29 10.06.2006 W32/Downloader-Sml-based!Maximus[/B]
Ikarus 0.2.65.0 10.07.2006 no virus found
[B]Kaspersky 4.0.2.24 10.08.2006 Trojan-Downloader.Win32.Harnig.cu[/B]
McAfee 4868 10.06.2006 no virus found
[B]Microsoft 1.1603 10.08.2006 TrojanDownloader:Win32/Vxidl
NOD32v2 1.1794 10.06.2006 a variant of Win32/TrojanDownloader.Small.DIB[/B]
[B]Norman 5.80.02 10.06.2006 W32/DLoader.gen2
Panda 9.0.0.4 10.07.2006 Suspicious file[/B]
Sophos 4.10.0 10.05.2006 no virus found
[B]TheHacker 6.0.1.093 10.06.2006 Trojan/Downloader.Tibs.gen[/B]
UNA 1.83 10.06.2006 no virus found
[B]VBA32 3.11.1 10.08.2006 suspected of Trojan-Downloader.Win32.Small.dnt.1 (paranoid heuristics)
VirusBuster 4.3.7:9 10.07.2006 Trojan.DL.Harnig.Gen.3[/B]

Aditional Information
File size: 7680 bytes
MD5: 4b329eaeb9532e8d68520e032b8d01a0
SHA1: 0c379ff277cb878317e9155389a99f5d84526a4f
packers: UPX
packers: UPX
packers: UPX

Complete scanning result of "avz00001.dta", received in VirusTotal at 10.08.2006, 17:11:17 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.25 10.06.2006 BDS/Iroffer.14b2.B
Authentium 4.93.8 10.06.2006 W32/Backdoor.HVJ
Avast 4.7.892.0 10.08.2006 Win32:Trojano-1333
AVG 386 10.07.2006 BackDoor.Generic.URF
BitDefender 7.2 10.08.2006 Backdoor.Irc.Elmer.A
CAT-QuickHeal 8.00 10.07.2006 no virus found
ClamAV devel-20060426 10.08.2006 no virus found
eTrust-InoculateIT 23.73.16 10.07.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 Win32/Identdhack.A
DrWeb 4.33 10.08.2006 BackDoor.IRC.Elmer
Ewido 4.0 10.08.2006 no virus found
Fortinet 2.82.0.0 10.08.2006 W32/CPB.A!tr.bdr
F-Prot 3.16f 10.06.2006 security risk named W32/Backdoor.HVJ
F-Prot4 4.2.1.29 10.06.2006 W32/Backdoor.HVJ
Ikarus 0.2.65.0 10.07.2006 Backdoor.Win32.Noer
Kaspersky 4.0.2.24 10.08.2006 no virus found
McAfee 4868 10.06.2006 BackDoor-CPB
Microsoft 1.1603 10.08.2006 no virus found
NOD32v2 1.1794 10.06.2006 no virus found
Norman 5.80.02 10.06.2006 no virus found
Panda 9.0.0.4 10.08.2006 Bck/Zapchast.BB
Sophos 4.10.0 10.05.2006 Troj/Bckdr-LBG
TheHacker 6.0.1.093 10.06.2006 Trojan/Small
UNA 1.83 10.06.2006 Backdoor.Noer.BFD9
VBA32 3.11.1 10.08.2006 BackDoor.Noer
VirusBuster 4.3.7:9 10.07.2006 no virus found

Aditional Information
File size: 11776 bytes
MD5: 80858f87275634946eed13b514222cdb
SHA1: 518d634a2bd8a7723638256ff66eaf3b7a06e755

Complete scanning result of "ied__1_._xe", received in VirusTotal at 10.09.2006, 08:49:50 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.25 10.09.2006 TR/Dldr.Medike.CT.2
Authentium 4.93.8 10.06.2006 no virus found
Avast 4.7.892.0 10.08.2006 Win32:Mediket-D
AVG 386 10.07.2006 no virus found
BitDefender 7.2 10.08.2006 no virus found
CAT-QuickHeal 8.00 10.07.2006 no virus found
ClamAV devel-20060426 10.08.2006 no virus found
DrWeb 4.33 10.08.2006 Trojan.PWS.Vipgsm
eTrust-InoculateIT 23.73.16 10.07.2006 no virus found
eTrust-Vet 30.3.3118 10.06.2006 no virus found
Ewido 4.0 10.08.2006 Downloader.Mediket.ct
Fortinet 2.82.0.0 10.09.2006 no virus found
F-Prot 3.16f 10.06.2006 no virus found
F-Prot4 4.2.1.29 10.06.2006 no virus found
Ikarus 0.2.65.0 10.07.2006 no virus found
Kaspersky 4.0.2.24 10.09.2006 no virus found
McAfee 4868 10.06.2006 no virus found
Microsoft 1.1603 10.09.2006 no virus found
NOD32v2 1.1794 10.06.2006 no virus found
Norman 5.80.02 10.06.2006 no virus found
Panda 9.0.0.4 10.08.2006 Suspicious file
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.094 10.08.2006 no virus found
UNA 1.83 10.06.2006 no virus found
VBA32 3.11.1 10.08.2006 suspected of Trojan-Downloader.Agent.149 (paranoid heuristics)
VirusBuster 4.3.7:9 10.08.2006 no virus found


Aditional Information
File size: 11264 bytes
MD5: 53adf27b79eab83d786cc2ae4d654b1c

* name: mediaview.cab
* size: 34082
* md5.: 106453777d793c91c5fdaedd7ca093b6
* sha1: 64f1dcb1de4729daebf4514d7bafba19dbb4aafc

[ scan result ]
AntiVir 7.2.0.25/20061009 found nothing
Authentium 4.93.8/20061006 found nothing
Avast 4.7.892.0/20061008 found [Win32:VB-MM]
AVG 386/20061007 found nothing
BitDefender 7.2/20061009 found nothing
CAT-QuickHeal 8.00/20061007 found nothing
ClamAV devel-20060426/20061009 found nothing
DrWeb 4.33/20061009 found nothing
eTrust-InoculateIT 23.73.16/20061007 found nothing
eTrust-Vet 30.3.3123/20061009 found nothing
Ewido 4.0/20061009 found nothing
F-Prot 3.16f/20061009 found nothing
F-Prot4 4.2.1.29/20061006 found nothing
Fortinet 2.82.0.0/20061009 found [Adware/MediaMotor]
Ikarus 0.2.65.0/20061009 found nothing
Kaspersky 4.0.2.24/20061009 found nothing
McAfee 4869/20061009 found [potentially unwanted program Adware-MediaMotor]
Microsoft 1.1603/20061009 found nothing
NOD32v2 1.1795/20061009 found nothing
Norman 5.80.02/20061009 found nothing
Panda 9.0.0.4/20061009 found nothing
Sophos 4.10.0/20061005 found nothing
TheHacker 6.0.1.094/20061008 found nothing
UNA 1.83/20061009 found nothing
VBA32 3.11.1/20061008 found [Dialer.EMSAT#1]
VirusBuster 4.3.7:9/20061009 found nothing




* name: 3138302D2D2D.exe
* size: 52600
* md5.: b68ed90f1032379972a2653688bf9617
* sha1: 9e147403b502ec6df535da0e05e8f556bb8fb993

[ scan result ]
AntiVir 7.2.0.25/20061009 found nothing
Authentium 4.93.8/20061006 found [Possibly a new variant of W32/VB-EMU:VB-Downloader-Minimi-based!Maximus]
Avast 4.7.892.0/20061008 found nothing
AVG 386/20061007 found nothing
BitDefender 7.2/20061009 found nothing
CAT-QuickHeal 8.00/20061007 found nothing
ClamAV devel-20060426/20061009 found [Trojan.Downloader.Adload-67]
DrWeb 4.33/20061009 found nothing
eTrust-InoculateIT 23.73.16/20061007 found nothing
eTrust-Vet 30.3.3123/20061009 found nothing
Ewido 4.0/20061009 found nothing
F-Prot 3.16f/20061009 found [Possibly a new variant of W32/VB-EMU:VB-Downloader-Minimi-based!Maximus]
F-Prot4 4.2.1.29/20061006 found [W32/VB-EMU:VB-Downloader-Minimi-based!Maximus]
Fortinet 2.82.0.0/20061009 found nothing
Ikarus 0.2.65.0/20061009 found nothing
Kaspersky 4.0.2.24/20061009 found nothing
McAfee 4869/20061009 found nothing
Microsoft 1.1603/20061009 found nothing
NOD32v2 1.1795/20061009 found [a variant of Win32/TrojanDownloader.Adload.NAN]
Norman 5.80.02/20061009 found nothing
Panda 9.0.0.4/20061009 found [Adware/ISearch]
Sophos 4.10.0/20061005 found nothing
TheHacker 6.0.1.094/20061008 found nothing
UNA 1.83/20061009 found nothing
VBA32 3.11.1/20061008 found nothing
VirusBuster 4.3.7:9/20061009 found nothing

Пришло письмо такого содержания:

От кого:
Даша <[email protected]>
Привет. Я уже вернулась с отпуска. Если свободен в выходные давай встретимся, ок? Ещ тебе несколько фоток выслала, они в архиве, это то что с отпуска. ну короче, жду. пока.
Прикрепленные данные: на волнах.exe (application/octet-stream, 11K)

Complete scanning result of "_________.exe", received in VirusTotal at 10.10.2006, 11:41:30 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.25 10.09.2006 TR/Dldr.Delf.awg.2
Authentium 4.93.8 10.09.2006 no virus found
Avast 4.7.892.0 10.10.2006 Win32:Delf-BNL
AVG 386 10.10.2006 Downloader.Generic2.NUB
BitDefender 7.2 10.10.2006 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 8.00 10.07.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.10.2006 Trojan.Downloader.Small-2298
DrWeb 4.33 10.10.2006 Trojan.DownLoader.12541
eTrust-InoculateIT 23.73.18 10.10.2006 no virus found
eTrust-Vet 30.3.3125 10.10.2006 Win32/Areses
Ewido 4.0 10.10.2006 Downloader.Delf.awg
Fortinet 2.82.0.0 10.10.2006 W32/Delf.AWG!tr.dldr
F-Prot 3.16f 10.09.2006 no virus found
F-Prot4 4.2.1.29 10.09.2006 no virus found
Ikarus 0.2.65.0 10.10.2006 Packer.byDwing
Kaspersky 4.0.2.24 10.10.2006 Trojan-Downloader.Win32.Delf.awg
McAfee 4869 10.09.2006 Downloader-AWA
Microsoft 1.1603 10.10.2006 no virus found
NOD32v2 1.1796 10.10.2006 a variant of Win32/TrojanDownloader.Delf.AJD
Norman 5.80.02 10.10.2006 W32/Downloader
Panda 9.0.0.4 10.09.2006 Trj/Downloader.KHM
Sophos 4.10.0 10.05.2006 Mal/Packer
TheHacker 6.0.1.094 10.08.2006 no virus found
UNA 1.83 10.09.2006 TrojanDownloader.Win32.Delf.CF270
VBA32 3.11.1 10.09.2006 Trojan-Downloader.Win32.Delf.awg
VirusBuster 4.3.7:9 10.09.2006 no virus found

Aditional Information
File size: 11146 bytes
MD5: 27a18bccc62f52472a1cbb146d655c74
SHA1: a4c38f6588550fcff430b1b1b5d66dc730a5e714
packers: Upack
packers: UPACK
packers: UPack
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email][email protected][/email] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* **Locates window "NULL [class AVP.AlertDialog]" on desktop.
* File length: 11146 bytes.

[ Changes to filesystem ]
* Creates file C:WINDOWSTEMPcsrss.exe.

[ Changes to registry ]
* Sets value "m"="m" in key "HKCUSoftwareMicrosoftWindows".

[ Network services ]
* Looks for an Internet connection.
* Opens URL: _http://rikoger.com/lonus/1/1.ехе

[ Security issues ]
* Starting downloaded file - potential security problem.

[ Process/window information ]
* Modifies other process memory.
* Attemps to open C:WINDOWSTEMPcsrss.exe NULL.

STATUS: FINISHEDComplete scanning result of "netcheck.exe", received in VirusTotal at 10.10.2006, 13:56:06 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.25 10.09.2006 HEUR/Crypted
Authentium 4.93.8 10.09.2006 no virus found
Avast 4.7.892.0 10.10.2006 no virus found
AVG 386 10.10.2006 May be infected by unknown virus .MPH
BitDefender 7.2 10.10.2006 no virus found
CAT-QuickHeal 8.00 10.07.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.10.2006 no virus found
eTrust-InoculateIT 23.73.18 10.10.2006 Win32/VstDoorDL.6vj!Trojan
eTrust-Vet 30.3.3125 10.10.2006 Win32/Chusk!generic
DrWeb 4.33 10.10.2006 Trojan.Inject.154
Ewido 4.0 10.10.2006 no virus found
Fortinet 2.82.0.0 10.10.2006 W32/NewThreat!Morphine
F-Prot 3.16f 10.09.2006 no virus found
F-Prot4 4.2.1.29 10.09.2006 generic
Ikarus 0.2.65.0 10.10.2006 no virus found
Kaspersky 4.0.2.24 10.10.2006 no virus found
McAfee 4869 10.09.2006 New Malware.h
Microsoft 1.1603 10.10.2006 no virus found
NOD32v2 1.1796 10.10.2006 probably a variant of Win32/TrojanDownloader.Delf.NHO
Norman 5.80.02 10.10.2006 no virus found
Panda 9.0.0.4 10.09.2006 Suspicious file
Sophos 4.10.0 10.05.2006 Troj/Daemoni-AP
TheHacker 6.0.1.094 10.08.2006 no virus found
UNA 1.83 10.09.2006 no virus found
VBA32 3.11.1 10.09.2006 Trojan-Downloader.Win32.Agent.ayf
VirusBuster 4.3.7:9 10.09.2006 no virus found


Aditional Information
File size: 9728 bytes
MD5: 38d234347926e53c9898353d6444ba95
SHA1: e36a8c83e59e46a44e2ac1c0762ac7a8f4737cdb
packers: Morphine, FSG

STATUS: FINISHEDComplete scanning result of "__1056", received in VirusTotal at 10.10.2006, 14:00:24 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.25 10.09.2006 DR/Radmin.J.10
Authentium 4.93.8 10.09.2006 no virus found
Avast 4.7.892.0 10.10.2006 Win32:Delf-MK
AVG 386 10.10.2006 May be infected by unknown virus .MPH
BitDefender 7.2 10.10.2006 Dropped:Backdoor.Radmin.J
CAT-QuickHeal 8.00 10.07.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.10.2006 no virus found
DrWeb 4.33 10.10.2006 no virus found
eTrust-InoculateIT 23.73.18 10.10.2006 no virus found
eTrust-Vet 30.3.3125 10.10.2006 Win32/Badmin.O
Ewido 4.0 10.10.2006 no virus found
Fortinet 2.82.0.0 10.10.2006 suspicious
F-Prot 3.16f 10.09.2006 no virus found
F-Prot4 4.2.1.29 10.09.2006 no virus found
Ikarus 0.2.65.0 10.10.2006 no virus found
Kaspersky 4.0.2.24 10.10.2006 no virus found
McAfee 4869 10.09.2006 New Malware.h
Microsoft 1.1603 10.10.2006 no virus found
NOD32v2 1.1796 10.10.2006 a variant of Win32/Radmin.J
Norman 5.90.23 10.10.2006 no virus found
Panda 9.0.0.4 10.09.2006 Suspicious file
Sophos 4.10.0 10.05.2006 Mal/Packer
TheHacker 6.0.1.094 10.08.2006 no virus found
UNA 1.83 10.09.2006 no virus found
VBA32 3.11.1 10.09.2006 no virus found
VirusBuster 4.3.7:9 10.09.2006 no virus found

Aditional Information
File size: 245760 bytes
MD5: 09f1e84e2ad58dc0db562821de271d6a

Вчера был найден вживую на компе клиента.

Complete scanning result of "rkgarwpi.exe", received in VirusTotal at 10.12.2006, 12:21:51 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.25 10.12.2006 BDS/Rustock.F
Authentium 4.93.8 10.12.2006 no virus found
Avast 4.7.892.0 10.11.2006 no virus found
AVG 386 10.11.2006 BackDoor.Generic3.LIH
BitDefender 7.2 10.12.2006 Backdoor.Rustock.F
CAT-QuickHeal 8.00 10.11.2006 Backdoor.Rustock.p
ClamAV devel-20060426 10.12.2006 no virus found
DrWeb 4.33 10.12.2006 Trojan.Spambot
eTrust-InoculateIT 23.73.20 10.11.2006 no virus found
eTrust-Vet 30.3.3129 10.12.2006 no virus found
Ewido 4.0 10.12.2006 no virus found
Fortinet 2.82.0.0 10.12.2006 W32/RUSTOCK.P!tr.bdr
F-Prot 3.16f 10.12.2006 no virus found
F-Prot4 4.2.1.29 10.12.2006 no virus found
Ikarus 0.2.65.0 10.12.2006 no virus found
Kaspersky 4.0.2.24 10.12.2006 no virus found
McAfee 4871 10.11.2006 no virus found
Microsoft 1.1603 10.12.2006 no virus found
NOD32v2 1.1799 10.12.2006 no virus found
Norman 5.80.02 10.12.2006 no virus found
Panda 9.0.0.4 10.11.2006 Suspicious file
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.096 10.11.2006 no virus found
UNA 1.83 10.11.2006 no virus found
VBA32 3.11.1 10.11.2006 suspected of Embedded.Trojan.Spambot
VirusBuster 4.3.7:9 10.11.2006 no virus found

Aditional Information
File size: 76288 bytes
MD5: f89acb8770cfeb029e1fb21c01564960
SHA1: eb5953ba20b8ee5e36ff9154e207eeb081455e8e

Сумма

пришла ссылка по аське, в результате такой итог:
Complete scanning result of "goodday_movi.exe", received in VirusTotal at 10.13.2006, 08:55:53 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.30 10.13.2006 HEUR/Crypted
Authentium 4.93.8 10.13.2006 no virus found
Avast 4.7.892.0 10.12.2006 no virus found
AVG 386 10.12.2006 no virus found
BitDefender 7.2 10.13.2006 DeepScan:Generic.Stration.5BAC4313
CAT-QuickHeal 8.00 10.12.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.12.2006 no virus found
DrWeb 4.33 10.13.2006 no virus found
eTrust-InoculateIT 23.73.21 10.12.2006 no virus found
eTrust-Vet 30.3.3131 10.13.2006 no virus found
Ewido 4.0 10.12.2006 no virus found
Fortinet 2.82.0.0 10.13.2006 W32/Warezov@mm
F-Prot 3.16f 10.12.2006 no virus found
F-Prot4 4.2.1.29 10.13.2006 no virus found
Ikarus 0.2.65.0 10.12.2006 Packer.byDwing
Kaspersky 4.0.2.24 10.13.2006 Email-Worm.Win32.Warezov.gen
McAfee 4872 10.12.2006 New Malware.n
Microsoft 1.1603 10.13.2006 no virus found
NOD32v2 1.1801 10.12.2006 a variant of Win32/Stration
Norman 5.90.23 10.12.2006 no virus found
Panda 9.0.0.4 10.12.2006 Suspicious file
Sophos 4.10.0 10.05.2006 Mal/Packer
TheHacker 6.0.1.096 10.11.2006 no virus found
UNA 1.83 10.12.2006 I-Worm.Warezov
VBA32 3.11.1 10.12.2006 no virus found
VirusBuster 4.3.7:9 10.12.2006 no virus found

Aditional Information
File size: 53070 bytes
MD5: 534c5bfd0ecb7f6bded1f3b3256a8219
SHA1: 33abe4dda038bbe8ca07b714b9d73a6c2358a9af

Complete scanning result of "fabrik.scr", received in VirusTotal at 10.13.2006, 10:26:27 (CET).


Antivirus Version Update Result

[B]AntiVir 7.2.0.30 10.13.2006 HEUR/Crypted
Authentium 4.93.8 10.13.2006 could be a corrupted executable file[/B]
Avast 4.7.892.0 10.12.2006 no virus found
AVG 386 10.12.2006 no virus found
BitDefender 7.2 10.13.2006 no virus found
[B]CAT-QuickHeal 8.00 10.12.2006 (Suspicious) - DNAScan[/B]
ClamAV devel-20060426 10.12.2006 no virus found
DrWeb 4.33 10.13.2006 no virus found
eTrust-InoculateIT 23.73.21 10.12.2006 no virus found
eTrust-Vet 30.3.3131 10.13.2006 no virus found
Ewido 4.0 10.13.2006 no virus found
[B]Fortinet 2.82.0.0 10.13.2006 suspicious[/B]
F-Prot 3.16f 10.12.2006 no virus found
F-Prot4 4.2.1.29 10.13.2006 no virus found
Ikarus 0.2.65.0 10.12.2006 no virus found
Kaspersky 4.0.2.24 10.13.2006 no virus found
McAfee 4872 10.12.2006 no virus found
Microsoft 1.1603 10.13.2006 no virus found
NOD32v2 1.1801 10.12.2006 no virus found
Norman 5.80.02 10.13.2006 no virus found
Panda 9.0.0.4 10.12.2006 no virus found
Sophos 4.10.0 10.13.2006 no virus found
TheHacker 6.0.1.096 10.11.2006 no virus found
UNA 1.83 10.12.2006 no virus found
VBA32 3.11.1 10.12.2006 no virus found
VirusBuster 4.3.7:9 10.12.2006 no virus found

Aditional Information
File size: 42030 bytes
MD5: 3e17ef909d9998ef8855f5e2b86e5e89
SHA1: 02c50f9c6f328e1aa5d0c4a9e3ba8c2714819975
packers: PecBundle, PECompact


PS: Очередной Pinch [I]Trojan-PSW.Win32.LdPinch.azo[/I] по KAV

Complete scanning result of "net.exe", received in VirusTotal at 10.13.2006, 11:20:11
(CET).

Antivirus Version Update Result
AntiVir 7.2.0.30 10.13.2006 HEUR/Malware
Authentium 4.93.8 10.13.2006 no virus found
Avast 4.7.892.0 10.12.2006 Win32:SdBot-gen22
AVG 386 10.12.2006 no virus found
BitDefender 7.2 10.13.2006 Generic.Malware.SWX!N!g.98715918
CAT-QuickHeal 8.00 10.12.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.12.2006 no virus found
DrWeb 4.33 10.13.2006 WIN.WORM.Virus
eTrust-InoculateIT 23.73.21 10.12.2006 no virus found
eTrust-Vet 30.3.3131 10.13.2006 no virus found
Ewido 4.0 10.13.2006 no virus found
Fortinet 2.82.0.0 10.13.2006 suspicious
F-Prot 3.16f 10.12.2006 no virus found
F-Prot4 4.2.1.29 10.13.2006 no virus found
Ikarus 0.2.65.0 10.12.2006 no virus found
Kaspersky 4.0.2.24 10.13.2006 no virus found
McAfee 4872 10.12.2006 no virus found
Microsoft 1.1603 10.13.2006 no virus found
NOD32v2 1.1802 10.13.2006 probably unknown NewHeur_PE virus
Norman 5.80.02 10.13.2006 W32/Suspicious_U.gen
Panda 9.0.0.4 10.12.2006 Suspicious file
Sophos 4.10.0 10.13.2006 Exp/MS04011-A
TheHacker 6.0.1.097 10.13.2006 no virus found
UNA 1.83 10.12.2006 no virus found
VBA32 3.11.1 10.12.2006 no virus found
VirusBuster 4.3.7:9 10.12.2006 no virus found

Aditional Information
File size: 31648 bytes
MD5: ac2dfe3f750b20f903e13fc108621e0c
SHA1: dc4c7b40cbca40698e11b0b67364bebafd125b88
packers: Upack
packers: UPACK
packers: UPack