Исследование антивирусов 4

Complete scanning result of "avz00001.dta", received in VirusTotal at 10.13.2006, 11:12:17 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.30 10.13.2006 no virus found
Authentium 4.93.8 10.13.2006 Possibly a new variant of W32/Bongler-based
Avast 4.7.892.0 10.12.2006 no virus found
AVG 386 10.12.2006 no virus found
BitDefender 7.2 10.13.2006 DeepScan:Generic.Stration.102D26B8
CAT-QuickHeal 8.00 10.12.2006 no virus found
ClamAV devel-20060426 10.12.2006 no virus found
DrWeb 4.33 10.13.2006 no virus found
eTrust-InoculateIT 23.73.21 10.12.2006 no virus found
eTrust-Vet 30.3.3131 10.13.2006 no virus found
Ewido 4.0 10.13.2006 no virus found
Fortinet 2.82.0.0 10.13.2006 no virus found
F-Prot 3.16f 10.12.2006 Possibly a new variant of W32/Bongler-based
F-Prot4 4.2.1.29 10.13.2006 W32/Bongler-based
Ikarus 0.2.65.0 10.12.2006 no virus found
Kaspersky 4.0.2.24 10.13.2006 no virus found
McAfee 4872 10.12.2006 no virus found
Microsoft 1.1603 10.13.2006 no virus found
NOD32v2 1.1802 10.13.2006 Win32/Stration.HJ
Norman 5.80.02 10.13.2006 no virus found
Panda 9.0.0.4 10.12.2006 no virus found
Sophos 4.10.0 10.13.2006 no virus found
TheHacker 6.0.1.097 10.13.2006 no virus found
UNA 1.83 10.12.2006 I-Worm.Warezov
VBA32 3.11.1 10.12.2006 no virus found
VirusBuster 4.3.7:9 10.12.2006 no virus found

Aditional Information
File size: 110592 bytes
MD5: 966783485732d8e722652604a0ca0c5f
SHA1: 9c23c230d4d233b255121fe658bdb08b62ae2193

Complete scanning result of "gozel.jpg.exe", received in VirusTotal at 10.13.2006, 16:43:21 (CET).

AntiVir 7.2.0.30 10.13.2006 no virus found
Authentium 4.93.8 10.13.2006 no virus found
Avast 4.7.892.0 10.13.2006 Win32:Trojano-1134
AVG 386 10.13.2006 PSW.Banker.25.S
BitDefender 7.2 10.13.2006 no virus found
CAT-QuickHeal 8.00 10.12.2006 no virus found
ClamAVdevel-20060426 10.13.2006 no virus found
DrWeb 4.33 10.13.2006 Trojan.Peflog.30
eTrust-InoculateIT 23.73.21 10.12.2006 no virus found
eTrust-Vet 30.3.3131 10.13.2006 no virus found
Ewido 4.0 10.13.2006 no virus found
Fortinet 2.82.0.0 10.13.2006 Keylog/PerfLogger
F-Prot3.16f 10.12.2006 no virus found
F-Prot4 4.2.1.29 10.13.2006 no virus found
Ikarus 0.2.65.0 10.13.2006 no virus found
Kaspersky 4.0.2.24 10.13.2006 not-a-virus:Monitor.Win32.Perflogger.al
McAfee 4872 10.12.2006 no virus found
Microsoft 1.1603 10.13.2006 no virus found
NOD32v2 1.1802 10.13.2006 no virus found
Norman 5.90.23 10.13.2006 W32/Banker.HVH
Panda 9.0.0.4 10.13.2006 no virus found
Sophos 4.10.0 10.13.2006 no virus found
TheHacker 6.0.1.097 10.13.2006 no virus found
UNA 1.83 10.12.2006 no virus found
VBA32 3.11.1 10.12.2006 Trojan-Downloader.Win32.Agent.fz
VirusBuster 4.3.7:9 10.13.2006 no virus found

[U]Aditional Information[/U]
File size: 283288
bytesMD5: b721e87eb9e8be9a27b68f17d49edfea
SHA1: c72dfd0d775a47b61939f5f9ededc543b71d8604
packers: RAR

Complete scanning result of "secret-porn-video.zip", received in VirusTotal at 10.14.2006, 15:51:35 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.30 10.14.2006 no virus found
Authentium 4.93.8 10.13.2006 no virus found
Avast 4.7.892.0 10.13.2006 [COLOR="DarkRed"]Win32:Delf-AMI[/COLOR]
AVG 386 10.13.2006 no virus found
BitDefender 7.2 10.14.2006 no virus found
CAT-QuickHeal 8.00 10.14.2006 no virus found
ClamAV devel-20060426 10.14.2006 no virus found
DrWeb 4.33 10.14.2006 [COLOR="darkred"]Trojan.Iespy[/COLOR]
eTrust-InoculateIT 23.73.22 10.13.2006 no virus found
eTrust-Vet 30.3.3131 10.13.2006 no virus found
Ewido 4.0 10.14.2006 no virus found
Fortinet 2.82.0.0 10.14.2006 no virus found
F-Prot 3.16f 10.13.2006 no virus found
F-Prot4 4.2.1.29 10.13.2006 no virus found
Ikarus 0.2.65.0 10.13.2006 no virus found
Kaspersky 4.0.2.24 10.14.2006 [COLOR="darkred"]Backdoor.Win32.Delf.aui[/COLOR]
McAfee 4873 10.13.2006 [COLOR="darkred"]potentially unwanted program Ptop[/COLOR]
Microsoft 1.1603 10.14.2006 no virus found
NOD32v2 1.1803 10.13.2006 [COLOR="DarkRed"]probably a variant of Win32/PornTool.Topor[/COLOR]
Norman 5.80.02 10.13.2006 no virus found
Panda 9.0.0.4 10.14.2006 [COLOR="darkred"]Suspicious file[/COLOR]
Sophos 4.10.0 10.13.2006 no virus found
TheHacker 6.0.1.098 10.14.2006 no virus found
UNA 1.83 10.13.2006 no virus found
VBA32 3.11.1 10.13.2006 [COLOR="darkred"]suspected of Trojan-Clicker.Agent.35 (paranoid heuristics)[/COLOR]
VirusBuster 4.3.7:9 10.14.2006 no virus found

Aditional Information
File size: 382097 bytes
MD5: 3555f9e2982391b0cce2aa56dbf4cd57
SHA1: 44e16a1bcf968a841887edd4b929a4b0aa5cc075

Complete scanning result of "taskmgr.exe"

Antivirus Version Update Result
AntiVir 7.2.0.30 10.14.2006 Worm/Sdbot.128512.9
Authentium 4.93.8 10.13.2006 no virus found
Avast 4.7.892.0 10.13.2006 no virus found
AVG 386 10.14.2006 no virus found
BitDefender 7.2 10.14.2006 DeepScan:Generic.Sdbot.42E1A01F
CAT-QuickHeal 8.00 10.14.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.14.2006 no virus found
DrWeb 4.33 10.14.2006 no virus found
eTrust-InoculateIT 23.73.22 10.13.2006 no virus found
eTrust-Vet 30.3.3131 10.13.2006 no virus found
Ewido 4.0 10.14.2006 no virus found
Fortinet 2.82.0.0 10.14.2006 suspicious
F-Prot 3.16f 10.13.2006 no virus found
F-Prot4 4.2.1.29 10.13.2006 no virus found
Ikarus 0.2.65.0 10.13.2006 no virus found
[b]Kaspersky 4.0.2.24 10.14.2006 no virus found [/b]
McAfee 4873 10.13.2006 no virus found
Microsoft 1.1603 10.14.2006 no virus found
NOD32v2 1.1803 10.13.2006 no virus found
Norman 5.90.23 10.13.2006 no virus found
Panda 9.0.0.4 10.14.2006 Trj/Ranky.QG
Sophos 4.10.0 10.13.2006 Mal/Packer
TheHacker 6.0.1.098 10.14.2006 no virus found
UNA 1.83 10.13.2006 no virus found
VBA32 3.11.1 10.13.2006 no virus found
VirusBuster 4.3.7:9 10.14.2006 no virus found


Aditional Information
File size: 128512 bytes
MD5: 22271f50235f90fba02487301bad7076
SHA1: b1bea761eedf3c284fe2defde93759313bc22eea
packers: Enigma

Complete scanning result of "unlock.exe", received in VirusTotal at 10.15.2006,
16:44:22 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.30 10.14.2006 TR/PSW.PdPinch.I
Authentium 4.93.8 10.13.2006 no virus found
Avast 4.7.892.0 10.13.2006 Win32:Ldpinch-BD
AVG 386 10.14.2006 no virus found
BitDefender 7.2 10.15.2006 Generic.PWStealer.D1E7A557
CAT-QuickHeal 8.00 10.14.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.15.2006 Trojan.LdPinch-133
eTrust-InoculateIT 23.73.22 10.13.2006 no virus found
eTrust-Vet 30.3.3131 10.13.2006 no virus found
DrWeb 4.33 10.15.2006 BACKDOOR.PWS.Trojan
Ewido 4.0 10.15.2006 no virus found
Fortinet 2.82.0.0 10.15.2006 suspicious
F-Prot 3.16f 10.13.2006 no virus found
F-Prot4 4.2.1.29 10.13.2006 no virus found
Ikarus 0.2.65.0 10.13.2006 no virus found
Kaspersky 4.0.2.24 10.15.2006 no virus found
McAfee 4873 10.13.2006 no virus found
Microsoft 1.1603 10.15.2006 no virus found
NOD32v2 1.1804 10.15.2006 a variant of Win32/PSW.LdPinch
Norman 5.80.02 10.13.2006 no virus found
Panda 9.0.0.4 10.15.2006 Suspicious file
Sophos 4.10.0 10.15.2006 no virus found
TheHacker 6.0.1.098 10.14.2006 no virus found
UNA 1.83 10.13.2006 no virus found
VBA32 3.11.1 10.15.2006 suspected of Trojan-PSW.PdPinch.1
VirusBuster 4.3.7:9 10.14.2006 no virus found

Aditional Information
File size: 27648 bytes
MD5: 8e6eebef6aec45dfe76abfc9cccd0df9
SHA1: 4f2f4d37d169491b5693c3a681a26804baea383f

По аське прибежало


STATUS: FINISHEDComplete scanning result of "goodday_movi.exe", received in VirusTotal at 10.15.2006, 17:05:55 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.30 10.14.2006 HEUR/Crypted
Authentium 4.93.8 10.13.2006 no virus found
Avast 4.7.892.0 10.13.2006 no virus found
AVG 386 10.14.2006 I-Worm/Stration.QQ
BitDefender 7.2 10.15.2006 DeepScan:Generic.Stration.3E95FA5D
CAT-QuickHeal 8.00 10.14.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.15.2006 no virus found
DrWeb 4.33 10.15.2006 Win32.HLLM.Limar
eTrust-InoculateIT 23.73.22 10.13.2006 no virus found
eTrust-Vet 30.3.3131 10.13.2006 no virus found
Ewido 4.0 10.15.2006 Worm.Warezov
Fortinet 2.82.0.0 10.15.2006 W32/Warezov@mm
F-Prot 3.16f 10.13.2006 no virus found
F-Prot4 4.2.1.29 10.13.2006 no virus found
Ikarus 0.2.65.0 10.13.2006 Packer.byDwing
Kaspersky 4.0.2.24 10.15.2006 Email-Worm.Win32.Warezov.gen
McAfee 4873 10.13.2006 New Malware.n
Microsoft 1.1603 10.15.2006 no virus found
NOD32v2 1.1804 10.15.2006 a variant of Win32/Stration
Norman 5.80.02 10.13.2006 no virus found
Panda 9.0.0.4 10.15.2006 Suspicious file
Sophos 4.10.0 10.15.2006 Mal/Packer
TheHacker 6.0.1.098 10.14.2006 no virus found
UNA 1.83 10.13.2006 I-Worm.Warezov
VBA32 3.11.1 10.15.2006 no virus found
VirusBuster 4.3.7:9 10.14.2006 no virus found


Aditional Information
File size: 52974 bytes
MD5: 6269ef28a4ead7eb684a98341b6eb2ad
SHA1: 89ac4f786e5e1c75390d044a902e488b8316bd27
packers: UPACK

Complete scanning result of "Janna_Friski.exe", received in VirusTotal at 10.17.2006, 21:01:14 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.30 10.17.2006 TR/Spy.Agent.ACU
Authentium 4.93.8 10.16.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus
Avast 4.7.892.0 10.17.2006 no virus found
AVG 386 10.17.2006 no virus found
BitDefender 7.2 10.17.2006 DeepScan:Generic.Malware.FYd!lg.A3AD7032
CAT-QuickHeal 8.00 10.17.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.17.2006 no virus found
eTrust-InoculateIT 23.73.24 10.17.2006 no virus found
eTrust-Vet 30.3.3139 10.17.2006 no virus found
DrWeb 4.33 10.17.2006 no virus found
Ewido 4.0 10.17.2006 no virus found
Fortinet 2.82.0.0 10.17.2006 no virus found
F-Prot 3.16f 10.16.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus
F-Prot4 4.2.1.29 10.17.2006 W32/HLLI-MewOrleans-based!Maximus
Ikarus 0.2.65.0 10.17.2006 Backdoor.Win32.Ciadoor.N
Kaspersky 4.0.2.24 10.17.2006 Trojan-PSW.Win32.LdPinch.azw
McAfee 4875 10.17.2006 no virus found
Microsoft 1.1603 10.17.2006 Win32/Ldpinch
[B]NOD32v2 1.1808 10.17.2006 no virus found[/B]
Norman 5.80.02 10.17.2006 W32/Suspicious_M.gen
Panda 9.0.0.4 10.17.2006 Suspicious file
Sophos 4.10.0 10.15.2006 Mal/Packer
TheHacker 6.0.1.099 10.16.2006 no virus found
UNA 1.83 10.17.2006 no virus found
VBA32 3.11.1 10.17.2006 suspected of Malware.Agent.26 (paranoid heuristics)
VirusBuster 4.3.7:9 10.17.2006 no virus found

Aditional Information
File size: 24384 bytes
MD5: 72d3fdba15a1c26b04d9c15e8a3afefe
SHA1: 0cb5e3f52e371342a0896fa8d71c99dd258fc6b1
Packers: MEW

Antivirus Version Update Result
AntiVir 7.2.0.30 10.18.2006 TR/Drop.Joiner.CI.2
Authentium 4.93.8 10.18.2006 no virus found
Avast 4.7.892.0 10.18.2006 no virus found
AVG 386 10.18.2006 Dropper.Generic.HCG
BitDefender 7.2 10.18.2006 no virus found
CAT-QuickHeal 8.00 10.18.2006 no virus found
ClamAV devel-20060426 10.18.2006 no virus found
DrWeb 4.33 10.18.2006 no virus found
eTrust-InoculateIT 23.73.25 10.18.2006 no virus found
eTrust-Vet 30.3.3141 10.18.2006 no virus found
Ewido 4.0 10.18.2006 no virus found
Fortinet 2.82.0.0 10.18.2006 W32/Joiner.CI!tr
F-Prot 3.16f 10.18.2006 no virus found
F-Prot4 4.2.1.29 10.17.2006 no virus found
Ikarus 0.2.65.0 10.18.2006 no virus found
Kaspersky 4.0.2.24 10.18.2006 Trojan-Dropper.Win32.Joiner.ci
McAfee 4875 10.17.2006 no virus found
Microsoft 1.1603 10.18.2006 no virus found
NOD32v2 1.1809 10.18.2006 Win32/TrojanDropper.Joiner.NAA
Norman 5.80.02 10.18.2006 no virus found
Panda 9.0.0.4 10.17.2006 no virus found
Sophos 4.10.0 10.15.2006 no virus found
TheHacker 6.0.1.100 10.18.2006 no virus found
UNA 1.83 10.17.2006 no virus found
VBA32 3.11.1 10.17.2006 suspected of Trojan-Dropper.Delf.71 (paranoid heuristics)
VirusBuster 4.3.7:9 10.18.2006 no virus found


Aditional Information
File size: 285696 bytes
MD5: be22132834ad2863c151830c3908bd06
SHA1: 76c62d6b7b331721928b53e727aea835b50f03fd
packers: UPX
packers: UPX
packers: UPX

Antivirus Version Update Result
AntiVir 7.2.0.30 10.18.2006 Worm/Warezov.CV.2.A
Authentium 4.93.8 10.18.2006 no virus found
Avast 4.7.892.0 10.18.2006 Win32:Warezov-LM
AVG 386 10.18.2006 I-Worm/Stration.QQ
BitDefender 7.2 10.18.2006 DeepScan:Generic.Stration.3E95FA5D
CAT-QuickHeal 8.00 10.18.2006 I-Worm.Warezov.gen
ClamAV devel-20060426 10.18.2006 Worm.Stration.IK
DrWeb 4.33 10.18.2006 Win32.HLLM.Limar
eTrust-InoculateIT 23.73.25 10.18.2006 no virus found
eTrust-Vet 30.3.3141 10.18.2006 no virus found
Ewido 4.0 10.18.2006 Worm.Warezov
Fortinet 2.82.0.0 10.18.2006 W32/Warezov@mm
F-Prot 3.16f 10.18.2006 no virus found
F-Prot4 4.2.1.29 10.17.2006 no virus found
Ikarus 0.2.65.0 10.18.2006 Packer.byDwing
Kaspersky 4.0.2.24 10.18.2006 Email-Worm.Win32.Warezov.gen
McAfee 4875 10.17.2006 New Malware.n
Microsoft 1.1603 10.18.2006 no virus found
NOD32v2 1.1809 10.18.2006 Win32/Stration.HK
Norman 5.90.23 10.18.2006 no virus found
Panda 9.0.0.4 10.18.2006 W32/Spamta.GZ.worm
TheHacker 6.0.1.100 10.18.2006 W32/Warezov.gen
UNA 1.83 10.17.2006 I-Worm.Warezov
VBA32 3.11.1 10.17.2006 Email-Worm.Win32.Warezov.gen
VirusBuster 4.3.7:9 10.18.2006 no virus found


Aditional Information
File size: 52974 bytes
MD5: 6269ef28a4ead7eb684a98341b6eb2ad
SHA1: 89ac4f786e5e1c75390d044a902e488b8316bd27

STATUS: FINISHEDComplete scanning result of "__1056", received in VirusTotal at 10.18.2006, 15:39:16 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.30 10.18.2006 EXP/HTML.VML.Gen
Authentium 4.93.8 10.18.2006 no virus found
Avast 4.7.892.0 10.18.2006 no virus found
AVG 386 10.18.2006 no virus found
BitDefender 7.2 10.18.2006 no virus found
CAT-QuickHeal 8.00 10.18.2006 no virus found
ClamAV devel-20060426 10.18.2006 no virus found
DrWeb 4.33 10.18.2006 Exploit.VMLFill
eTrust-InoculateIT 23.73.25 10.18.2006 HTML/Veemyfull!Exploit!Trojan
eTrust-Vet 30.3.3141 10.18.2006 no virus found
Ewido 4.0 10.18.2006 no virus found
Fortinet 2.82.0.0 10.18.2006 HTML/MS06.XMLNS!exploit
F-Prot 3.16f 10.18.2006 no virus found
F-Prot4 4.2.1.29 10.17.2006 no virus found
Ikarus 0.2.65.0 10.18.2006 Exploit.HTML.VML.e
Kaspersky 4.0.2.24 10.18.2006 Exploit.HTML.VML.h
McAfee 4875 10.17.2006 JS/Exploit-BO.gen
Microsoft 1.1603 10.18.2006 no virus found
NOD32v2 1.1809 10.18.2006 probably a variant of HTML/Exploit.VMLFill
Norman 5.80.02 10.18.2006 no virus found
Sophos 4.10.0 10.15.2006 no virus found
TheHacker 6.0.1.100 10.18.2006 Exploit/IE
UNA 1.83 10.17.2006 no virus found
VBA32 3.11.1 10.17.2006 Exploit.JS.CVE-2006-1359.l#1
VirusBuster 4.3.7:9 10.18.2006 Exploit.VML.A


Aditional Information
File size: 86119 bytes
MD5: 3d24c99901591fcdc5e2a84ee3e0d79d
SHA1: d9e8633c2b5af386843fca8b57605bb78219533a

STATUS: FINISHEDComplete scanning result of "__1056", received in VirusTotal at 10.18.2006, 15:45:34 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.30 10.18.2006 BDS/Probat.B.77.A
Authentium 4.93.8 10.18.2006 no virus found
Avast 4.7.892.0 10.18.2006 Win32:Prorat-BC
AVG 386 10.18.2006 no virus found
BitDefender 7.2 10.18.2006 no virus found
CAT-QuickHeal 8.00 10.18.2006 no virus found
ClamAV devel-20060426 10.18.2006 no virus found
DrWeb 4.33 10.18.2006 BackDoor.ProRat.23
eTrust-InoculateIT 23.73.25 10.18.2006 no virus found
eTrust-Vet 30.3.3141 10.18.2006 no virus found
Ewido 4.0 10.18.2006 Backdoor.Prorat.19.al
Fortinet 2.82.0.0 10.18.2006 no virus found
F-Prot 3.16f 10.18.2006 no virus found
F-Prot4 4.2.1.29 10.17.2006 no virus found
Ikarus 0.2.65.0 10.18.2006 Backdoor.Win32.Prorat.19
Kaspersky 4.0.2.24 10.18.2006 Backdoor.Win32.Prorat.fm
McAfee 4875 10.17.2006 no virus found
Microsoft 1.1603 10.18.2006 no virus found
NOD32v2 1.1809 10.18.2006 no virus found
Norman 5.80.02 10.18.2006 no virus found
Panda 9.0.0.4 10.18.2006 Suspicious file
Sophos 4.10.0 10.15.2006 no virus found
TheHacker 6.0.1.100 10.18.2006 W32/Mumu.B
UNA 1.83 10.17.2006 no virus found
VBA32 3.11.1 10.17.2006 suspected of Backdoor.Prorat.2
VirusBuster 4.3.7:9 10.18.2006 no virus found


Aditional Information
File size: 208896 bytes
MD5: 77b667770fe30ea3b6137edf4e45811a
SHA1: 7b542c5eca3f04dccaffa46b7bf2aec4ba737292

STATUS: FINISHEDComplete scanning result of "__1056", received in VirusTotal at 10.18.2006, 15:51:42 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.30 10.18.2006 HEUR/Malware
Authentium 4.93.8 10.18.2006 no virus found
Avast 4.7.892.0 10.18.2006 no virus found
AVG 386 10.18.2006 no virus found
BitDefender 7.2 10.18.2006 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 8.00 10.18.2006 no virus found
ClamAV devel-20060426 10.18.2006 no virus found
DrWeb 4.33 10.18.2006 DLOADER.Trojan
eTrust-InoculateIT 23.73.25 10.18.2006 no virus found
eTrust-Vet 30.3.3141 10.18.2006 no virus found
Ewido 4.0 10.18.2006 no virus found
Fortinet 2.82.0.0 10.18.2006 no virus found
F-Prot 3.16f 10.18.2006 no virus found
F-Prot4 4.2.1.29 10.17.2006 no virus found
Ikarus 0.2.65.0 10.18.2006 no virus found
Kaspersky 4.0.2.24 10.18.2006 no virus found
McAfee 4875 10.17.2006 no virus found
Microsoft 1.1603 10.18.2006 no virus found
NOD32v2 1.1809 10.18.2006 probably unknown NewHeur_PE virus
Norman 5.80.02 10.18.2006 no virus found
Panda 9.0.0.4 10.18.2006 Suspicious file
Sophos 4.10.0 10.15.2006 no virus found
TheHacker 6.0.1.100 10.18.2006 no virus found
UNA 1.83 10.17.2006 no virus found
VBA32 3.11.1 10.17.2006 no virus found
VirusBuster 4.3.7:9 10.18.2006 no virus found


Aditional Information
File size: 11776 bytes
MD5: e5470997d94db88d7e7f44277cfbf4ad
SHA1: 044a58df6e129cbc8d3a41c4d5ba44b2084209fe
packers: UPX
packers: UPX
packers: UPX

STATUS: FINISHEDComplete scanning result of "qwerty.exe", received in VirusTotal at 10.23.2006, 07:29:27 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.32 10.21.2006 HEUR/Malware
Authentium 4.93.8 10.23.2006 no virus found
Avast 4.7.892.0 10.22.2006 no virus found
AVG 386 10.20.2006 no virus found
BitDefender 7.2 10.23.2006 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 8.00 10.20.2006 no virus found
ClamAV devel-20060426 10.23.2006 no virus found
DrWeb 4.33 10.22.2006 BackDoor.Pixbot
eTrust-InoculateIT 23.73.33 10.23.2006 no virus found
eTrust-Vet 30.3.3146 10.20.2006 no virus found
Ewido 4.0 10.22.2006 no virus found
Fortinet 2.82.0.0 10.23.2006 W32/Agent.AIH!tr.bdr
F-Prot 3.16f 10.23.2006 no virus found
F-Prot4 4.2.1.29 10.23.2006 no virus found
Ikarus 0.2.65.0 10.22.2006 no virus found
Kaspersky 4.0.2.24 10.23.2006 Backdoor.Win32.Agent.aih
McAfee 4878 10.20.2006 no virus found
Microsoft 1.1603 10.23.2006 no virus found
NOD32v2 1.1825 10.22.2006 probably unknown NewHeur_PE virus
Norman 5.80.02 10.20.2006 no virus found
Panda 9.0.0.4 10.22.2006 Suspicious file
Sophos 4.10.0 10.15.2006 no virus found
TheHacker 6.0.1.103 10.23.2006 no virus found
UNA 1.83 10.22.2006 no virus found
VBA32 3.11.1 10.23.2006 Backdoor.Win32.Agent.aih
VirusBuster 4.3.7:9 10.23.2006 no virus found


Aditional Information
File size: 11776 bytes
MD5: e5470997d94db88d7e7f44277cfbf4ad
SHA1: 044a58df6e129cbc8d3a41c4d5ba44b2084209fe
packers: UPX
packers: UPX
packers: UPX

porno.scr
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)
MD5 5f4fd123aeecf204150877bec2931825
Packers detected: -
Scanner results

[B]AntiVir Found Heuristic/Crypted (probable variant)[/B]
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VirusBuster Found nothing
VBA32 Found nothing


Вирустотал ожил:

STATUS: FINISHEDComplete scanning result of "porno.scr", received in VirusTotal at 10.19.2006, 08:28:07 (CET).

Antivirus Version Update Result

[B]AntiVir 7.2.0.30 10.19.2006 HEUR/Crypted
Authentium 4.93.8 10.19.2006 could be a corrupted executable file [/B]
Avast 4.7.892.0 10.18.2006 no virus found
AVG 386 10.18.2006 no virus found
BitDefender 7.2 10.19.2006 no virus found
[B]CAT-QuickHeal 8.00 10.19.2006 (Suspicious) - DNAScan[/B]
ClamAV devel-20060426 10.19.2006 no virus found
DrWeb 4.33 10.19.2006 no virus found
eTrust-InoculateIT 23.73.28 10.19.2006 no virus found
eTrust-Vet 30.3.3141 10.18.2006 no virus found
Ewido 4.0 10.18.2006 no virus found
[B]Fortinet 2.82.0.0 10.19.2006 suspicious[/B]
F-Prot 3.16f 10.19.2006 no virus found
F-Prot4 4.2.1.29 10.19.2006 no virus found
Ikarus 0.2.65.0 10.19.2006 no virus found
Kaspersky 4.0.2.24 10.19.2006 no virus found
McAfee 4876 10.18.2006 no virus found
Microsoft 1.1603 10.19.2006 no virus found
NOD32v2 1.1811 10.19.2006 no virus found
Norman 5.80.02 10.18.2006 no virus found
Panda 9.0.0.4 10.18.2006 no virus found
Sophos 4.10.0 10.15.2006 no virus found
TheHacker 6.0.1.101 10.19.2006 no virus found
UNA 1.83 10.18.2006 no virus found
VBA32 3.11.1 10.18.2006 no virus found
VirusBuster 4.3.7:9 10.19.2006 no virus found


Aditional Information
File size: 44662 bytes
MD5: 5f4fd123aeecf204150877bec2931825
SHA1: 77147af1ce55090c828acdab45bafc1680afa145

Complete scanning result of "filip_kirkorov_ebal_natalyu_podol", received in VirusTotal at 10.19.2006, 09:15:16 (CET).


Antivirus Version Update Result

[B]AntiVir 7.2.0.30 10.19.2006 HEUR/Crypted
Authentium 4.93.8 10.19.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus[/B]
Avast 4.7.892.0 10.18.2006 no virus found
AVG 386 10.18.2006 no virus found
[B]BitDefender 7.2 10.19.2006 DeepScan:Generic.Malware.FYd!lg.C0FC6504[/B]
[B]CAT-QuickHeal 8.00 10.19.2006 (Suspicious) - DNAScan[/B]
ClamAV devel-20060426 10.19.2006 no virus found
DrWeb 4.33 10.19.2006 no virus found
eTrust-InoculateIT 23.73.28 10.19.2006 no virus found
eTrust-Vet 30.3.3143 10.19.2006 no virus found
Ewido 4.0 10.18.2006 no virus found
Fortinet 2.82.0.0 10.19.2006 no virus found
[B]F-Prot 3.16f 10.19.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus[/B]
[B]F-Prot4 4.2.1.29 10.19.2006 W32/HLLI-MewOrleans-based!Maximus
Ikarus 0.2.65.0 10.19.2006 Backdoor.Win32.Ciadoor.N[/B]
Kaspersky 4.0.2.24 10.19.2006 no virus found
McAfee 4876 10.18.2006 no virus found
[B]Microsoft 1.1603 10.19.2006 Win32/Ldpinch[/B]
NOD32v2 1.1812 10.19.2006 no virus found
[B]Norman 5.90.23 10.18.2006 W32/Suspicious_M.gen
Panda 9.0.0.4 10.18.2006 Suspicious file[/B]
Sophos 4.10.0 10.15.2006 Mal/Packer
TheHacker 6.0.1.101 10.19.2006 no virus found
UNA 1.83 10.18.2006 no virus found
[B]VBA32 3.11.1 10.19.2006 suspected of Malware.Agent.26 (paranoid heuristics)[/B]
VirusBuster 4.3.7:9 10.19.2006 no virus found

Complete scanning result of "Update-KB9515-x86.exe", received in VirusTotal at 10.20.2006, 06:28:32 (CET).

Antivirus Version Update Result

[B]AntiVir 7.2.0.31 10.20.2006 TR/Dldr.Stration.C.2
Authentium 4.93.8 10.20.2006 W32/Warezov.DM[/B]
Avast 4.7.892.0 10.19.2006 no virus found
AVG 386 10.19.2006 no virus found
BitDefender 7.2 10.20.2006 no virus found
CAT-QuickHeal 8.00 10.19.2006 no virus found
[B]ClamAV devel-20060426 10.20.2006 Worm.Stration.JE[/B]
DrWeb 4.33 10.19.2006 no virus found
eTrust-InoculateIT 23.73.30 10.20.2006 no virus found
eTrust-Vet 30.3.3143 10.19.2006 no virus found
Ewido 4.0 10.19.2006 no virus found
Fortinet 2.82.0.0 10.20.2006 no virus found
[B]F-Prot 3.16f 10.20.2006 W32/Warezov.DM[/B]
[B]F-Prot4 4.2.1.29 10.19.2006 Possibly a new unknown PE_Virus!Maximus[/B]
Ikarus 0.2.65.0 10.19.2006 no virus found
Kaspersky 4.0.2.24 10.20.2006 no virus found
McAfee 4877 10.19.2006 no virus found
Microsoft 1.1603 10.19.2006 no virus found
[B]NOD32v2 1.1817 10.19.2006 probably unknown NewHeur_PE virus[/B]
Norman 5.90.23 10.19.2006 no virus found
Panda 9.0.0.4 10.19.2006 no virus found
[B]TheHacker 6.0.1.101 10.19.2006 Posible_Worm32[/B]
UNA 1.83 10.19.2006 no virus found
VBA32 3.11.1 10.19.2006 no virus found
VirusBuster 4.3.7:9 10.19.2006 no virus found

Complete scanning result of "Agytin.scr", received in VirusTotal at 10.20.2006, 15:39:36 (CET).


Antivirus Version Update Result

[B]AntiVir 7.2.0.31 10.20.2006 HEUR/Crypted
Authentium 4.93.8 10.20.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus[/B]
Avast 4.7.892.0 10.20.2006 no virus found
AVG 386 10.20.2006 no virus found
[B]BitDefender 7.2 10.20.2006 DeepScan:Generic.Dialer.5DAB36F2
CAT-QuickHeal 8.00 10.20.2006 (Suspicious) - DNAScan[/B]
ClamAV devel-20060426 10.20.2006 no virus found
DrWeb 4.33 10.20.2006 no virus found
eTrust-InoculateIT 23.73.30 10.20.2006 no virus found
eTrust-Vet 30.3.3146 10.20.2006 no virus found
Ewido 4.0 10.19.2006 no virus found
Fortinet 2.82.0.0 10.20.2006 no virus found
[B]F-Prot 3.16f 10.20.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus[/B]
[B]F-Prot4 4.2.1.29 10.19.2006 W32/HLLI-MewOrleans-based!Maximus[/B]
Ikarus 0.2.65.0 10.20.2006 no virus found
Kaspersky 4.0.2.24 10.20.2006 no virus found
McAfee 4877 10.19.2006 no virus found
[B]Microsoft 1.1603 10.20.2006 Win32/Ldpinch[/B]
NOD32v2 1.1819 10.20.2006 no virus found
[B]Norman 5.90.23 10.20.2006 W32/Suspicious_M.gen[/B]
Panda 9.0.0.4 10.19.2006 no virus found
[B]Sophos 4.10.0 10.15.2006 Mal/Packer[/B]
TheHacker 6.0.1.101 10.19.2006 no virus found
UNA 1.83 10.20.2006 no virus found
[B]VBA32 3.11.1 10.19.2006 suspected of Malware.Agent.26 (paranoid heuristics)[/B]
VirusBuster 4.3.7:9 10.20.2006 no virus found

Aditional Information
File size: 53890 bytes
MD5: ecec55ce1dd960924dd8c01b636f1bcc
SHA1: 797811bbda799d00cecdc7f36fc4e51edf0f6e6e
packers: MEW

Complete scanning result of "vccodec.5891.exe", received in VirusTotal at 10.21.2006, 15:14:07 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.32 10.21.2006 DR/Zlob.Gen
Authentium 4.93.8 10.21.2006 no virus found
Avast 4.7.892.0 10.20.2006 no virus found
AVG 386 10.20.2006 no virus found
BitDefender 7.2 10.21.2006 no virus found
CAT-QuickHeal 8.00 10.20.2006 no virus found
ClamAV devel-20060426 10.21.2006 no virus found
eTrust-InoculateIT 23.73.32 10.21.2006 no virus found
eTrust-Vet 30.3.3146 10.20.2006 no virus found
DrWeb 4.33 10.21.2006 no virus found
Ewido 4.0 10.20.2006 no virus found
Fortinet 2.82.0.0 10.21.2006 suspicious
F-Prot 3.16f 10.21.2006 no virus found
F-Prot4 4.2.1.29 10.21.2006 no virus found
Ikarus 0.2.65.0 10.21.2006 no virus found
Kaspersky 4.0.2.24 10.21.2006 no virus found
McAfee 4878 10.20.2006 no virus found
Microsoft 1.1603 10.21.2006 no virus found
NOD32v2 1.1821 10.21.2006 no virus found
Norman 5.80.02 10.20.2006 no virus found
Panda 9.0.0.4 10.21.2006 Suspicious file
Sophos 4.10.0 10.15.2006 no virus found
TheHacker 6.0.1.102 10.20.2006 no virus found
UNA 1.83 10.21.2006 no virus found
VBA32 3.11.1 10.20.2006 no virus found
VirusBuster 4.3.7:9 10.20.2006 no virus found


Aditional Information
File size: 49983 bytes
MD5: 9093d690bf2f9e51fe1b36ee8e2678fa
SHA1: 63b00190c8e9cdeda16904f3fc643c11010866ec
packers: UPX

STATUS: FINISHEDComplete scanning result of "index.php", received in VirusTotal at 10.23.2006, 07:42:13 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.32 10.21.2006 no virus found
Authentium 4.93.8 10.23.2006 no virus found
Avast 4.7.892.0 10.22.2006 no virus found
AVG 386 10.20.2006 no virus found
BitDefender 7.2 10.23.2006 no virus found
CAT-QuickHeal 8.00 10.20.2006 no virus found
ClamAV devel-20060426 10.23.2006 no virus found
DrWeb 4.33 10.22.2006 BackDoor.Pixbot
eTrust-InoculateIT 23.73.33 10.23.2006 no virus found
eTrust-Vet 30.3.3146 10.20.2006 no virus found
Ewido 4.0 10.22.2006 no virus found
Fortinet 2.82.0.0 10.23.2006 no virus found
F-Prot 3.16f 10.23.2006 no virus found
F-Prot4 4.2.1.29 10.23.2006 no virus found
Ikarus 0.2.65.0 10.22.2006 no virus found
Kaspersky 4.0.2.24 10.23.2006 Backdoor.Win32.Agent.aih
McAfee 4878 10.20.2006 no virus found
Microsoft 1.1603 10.23.2006 no virus found
NOD32v2 1.1825 10.22.2006 no virus found
Norman 5.80.02 10.20.2006 no virus found
Panda 9.0.0.4 10.22.2006 no virus found
Sophos 4.10.0 10.15.2006 no virus found
TheHacker 6.0.1.103 10.23.2006 no virus found
UNA 1.83 10.22.2006 no virus found
VBA32 3.11.1 10.23.2006 no virus found
VirusBuster 4.3.7:9 10.23.2006 no virus found


Aditional Information
File size: 6015 bytes
MD5: ba25d3b6cd60d67945da38c673000809
SHA1: 0ed161e7edc49f17969d73ca9e908aa03cb4a6e9

Complete scanning result of "shock.scr", received in VirusTotal at 10.24.2006, 17:32:48 (CET).


Antivirus Version Update Result

[B]AntiVir 7.2.0.32 10.24.2006 HEUR/Crypted[/B]
[B]Authentium 4.93.8 10.24.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus[/B]
Avast 4.7.892.0 10.24.2006 no virus found
AVG 386 10.23.2006 no virus found
BitDefender 7.2 10.24.2006 no virus found
[B]CAT-QuickHeal 8.00 10.23.2006 W32.Brontok.Q[/B]
ClamAV devel-20060426 10.24.2006 no virus found
[B]DrWeb 4.33 10.24.2006 Trojan.PWS.LDPinch.1257[/B]
eTrust-InoculateIT 23.73.34 10.23.2006 no virus found
eTrust-Vet 30.3.3154 10.24.2006 no virus found
Ewido 4.0 10.24.2006 no virus found
Fortinet 2.82.0.0 10.24.2006 no virus found
[B]F-Prot 3.16f 10.24.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus[/B]
[B]F-Prot4 4.2.1.29 10.24.2006 W32/HLLI-MewOrleans-based!Maximus[/B]
Ikarus 0.2.65.0 10.24.2006 no virus found
Kaspersky 4.0.2.24 10.24.2006 no virus found
McAfee 4879 10.23.2006 no virus found
[B]Microsoft 1.1609 10.24.2006 Win32/Ldpinch
NOD32v2 1.1830 10.24.2006 probably a variant of Win32/PSW.LdPinch.NCC
Norman 5.80.02 10.24.2006 W32/Suspicious_M.gen
Panda 9.0.0.4 10.24.2006 Suspicious file[/B]
Sophos 4.10.0 10.24.2006 Mal/Packer
TheHacker 6.0.1.104 10.23.2006 no virus found
UNA 1.83 10.24.2006 no virus found
[B]VBA32 3.11.1 10.24.2006 suspected of Malware.Agent.26 (paranoid heuristics)[/B]
VirusBuster 4.3.7:9 10.24.2006 no virus found

Aditional Information
File size: 47815 bytes
MD5: 30cd8a4c3fdd395b7137d54095c670dc
SHA1: 54f847a1af1b276f1bb5b1f539cfe043df79de8c
packers: MEW
packers: MEW

Закачал данный файл через блютус на сотовый телефон:
Complete scanning result of "CARIBE.SIS", received in VirusTotal at 10.26.2006, 18:21:17 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.32 10.26.2006 no virus found
Authentium 4.93.8 10.26.2006 no virus found
Avast 4.7.892.0 10.26.2006 no virus found
AVG 386 10.26.2006 no virus found
BitDefender 7.2 10.26.2006 no virus found
CAT-QuickHeal 8.00 10.26.2006 no virus found
ClamAV devel-20060426 10.26.2006 no virus found
DrWeb 4.33 10.26.2006 no virus found
eTrust-InoculateIT 23.73.37 10.26.2006 no virus found
eTrust-Vet 30.3.3158 10.26.2006 no virus found
Ewido 4.0 10.26.2006 no virus found
Fortinet 2.82.0.0 10.26.2006 no virus found
F-Prot 3.16f 10.26.2006 no virus found
F-Prot4 4.2.1.29 10.26.2006 no virus found
Ikarus 0.2.65.0 10.26.2006 no virus found
Kaspersky 4.0.2.24 10.26.2006 Worm.SymbOS.Cabir.k
McAfee 4882 10.26.2006 SymbOS/Cabir.gen!sis
Microsoft 1.1609 10.25.2006 no virus found
NOD32v2 1.1836 10.26.2006 archive damaged - the file could not be extracted.
Norman 5.80.02 10.26.2006 no virus found
Panda 9.0.0.4 10.26.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.105 10.25.2006 no virus found
UNA 1.83 10.25.2006 no virus found
VBA32 3.11.1 10.26.2006 no virus found
VirusBuster 4.3.15:9 10.26.2006 no virus found

Aditional Information
File size: 572 bytes
MD5: 1fe063e1749984a7ed040e2da70e939f
SHA1: 5f3be96a3c408a7a1102edf04103a08583410db9

При проверке оказалось - битый.
Полный детектится примерно так:
[CODE]
Complete scanning result of "Caribe.A.zip", received in VirusTotal at 11.04.2006,
19:33:13 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.37 11.03.2006 Worm/Symbi.Cabir.A
Authentium 4.93.8 11.04.2006 Epoc/Cabir.A
Avast 4.7.892.0 11.03.2006 SymbOS:Cabir
AVG 386 11.04.2006 SymbOS/Cabir.A
BitDefender 7.2 11.04.2006 SymbOS.Worm.Cabir.A
CAT-QuickHeal 8.00 11.04.2006 no virus found
ClamAV devel-20060426 11.04.2006 SymbOS.Worm.Cabir.A-3
DrWeb 4.33 11.04.2006 Symbian.Cabir
eTrust-InoculateIT 23.73.45 11.03.2006 EPOC/Cabir.A!Worm
eTrust-Vet 30.3.3176 11.03.2006 SymbOS/Cabir.A
Ewido 4.0 11.04.2006 Worm.Cabir.a
Fortinet 2.82.0.0 11.04.2006 SymbOS/Cabir.B!worm
F-Prot 3.16f 11.04.2006 Epoc/Cabir.A
F-Prot4 4.2.1.29 11.04.2006 EPOC/Cabir
Ikarus 0.2.65.0 11.03.2006 Worm.SymbOS.Cabir.A
Kaspersky 4.0.2.24 11.04.2006 Worm.SymbOS.Cabir.a
McAfee 4888 11.03.2006 SymbOS/Cabir.a
Microsoft 1.1609 11.04.2006 SymbOS/Cabir.A
NOD32v2 1.1853 11.03.2006 SymbOS/Cabir.A
Norman 5.80.02 11.03.2006 no virus found
Panda 9.0.0.4 11.04.2006 SymbOS/Cabir.B.worm
Sophos 4.10.0 10.26.2006 Symb/Mabir-A
TheHacker 6.0.1.112 11.03.2006 no virus found
UNA 1.83 11.03.2006 Worm.SymbOS.Cabir.a.2D1F
VBA32 3.11.1 11.04.2006 Worm.SymbOS.Cabir.a#1
VirusBuster 4.3.15:9 11.04.2006 no virus found

Aditional Information
File size: 7190 bytes
MD5: 0879c600ee3ca9834154b5262a98cf17
SHA1: 526fa3708b70a459c2b99a9cd1bc3c644450281c
[/CODE]

Complete scanning result of "Anna.scr", received in VirusTotal at 10.27.2006, 06:42:03 (CET).


Antivirus Version Update Result

[B]AntiVir 7.2.0.32 10.26.2006 HEUR/Crypted[/B]
[B]Authentium 4.93.8 10.27.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus[/B]
[COLOR="Red"]Avast 4.7.892.0 10.26.2006 no virus found[/COLOR]
[B][B]AVG 386 10.26.2006 PSW.Ldpinch.CKR[/B]
BitDefender 7.2 10.27.2006 DeepScan:Generic.Dialer.5DAB36F2
CAT-QuickHeal 8.00 10.26.2006 (Suspicious) - DNAScan[/B]
[COLOR="#ff0000"]ClamAV devel-20060426 10.27.2006 no virus found[/COLOR]
[B]DrWeb 4.33 10.26.2006 Trojan.PWS.LDPinch.1243[/B]
[COLOR="#ff0000"]eTrust-InoculateIT 23.73.38 10.27.2006 no virus found
eTrust-Vet 30.3.3158 10.26.2006 no virus found[/COLOR]
[B]Ewido 4.0 10.26.2006 Trojan.LdPinch.bag
Fortinet 2.82.0.0 10.27.2006 SPY/LdPinch
F-Prot 3.16f 10.27.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus[/B]
[B]F-Prot4 4.2.1.29 10.27.2006 W32/HLLI-MewOrleans-based!Maximus[/B]
[COLOR="Red"]Ikarus 0.2.65.0 10.26.2006 no virus found[/COLOR]
[B]Kaspersky 4.0.2.24 10.27.2006 Trojan-PSW.Win32.LdPinch.bag[/B]
[COLOR="#ff0000"]McAfee 4882 10.26.2006 no virus found[/COLOR]
[B]Microsoft 1.1609 10.26.2006 Win32/Ldpinch[/B]
[COLOR="#ff0000"]NOD32v2 1.1838 10.26.2006 no virus found[/COLOR]
[B]Norman 5.80.02 10.26.2006 W32/Suspicious_M.gen[/B]
[COLOR="#ff0000"]Panda 9.0.0.4 10.27.2006 no virus found[/COLOR]
[B]Sophos 4.10.0 10.26.2006 Mal/Packer[/B]
[B]TheHacker 6.0.1.106 10.26.2006 Trojan/PSW.LdPinch.bag
UNA 1.83 10.26.2006 Trojan.PSW.Win32.LdPinch.5EC9
VBA32 3.11.1 10.26.2006 Trojan-PSW.Win32.LdPinch.bag[/B]
[COLOR="#ff0000"]VirusBuster 4.3.15:9 10.26.2006 no virus found[/COLOR]

Aditional Information
File size: 53890 bytes
MD5: ecec55ce1dd960924dd8c01b636f1bcc
SHA1: 797811bbda799d00cecdc7f36fc4e51edf0f6e6e
packers: MEW
packers: MEW

STATUS: FINISHEDComplete scanning result of "__1056", received in VirusTotal at 10.27.2006, 10:23:48 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.27.2006 TR/Daideneg.A
Authentium 4.93.8 10.27.2006 no virus found
Avast 4.7.892.0 10.26.2006 Win32:Daideneg
AVG 386 10.27.2006 Generic.WKG
BitDefender 7.2 10.27.2006 BehavesLike:Trojan.RegistryDisabler
CAT-QuickHeal 8.00 10.26.2006 no virus found
ClamAV devel-20060426 10.27.2006 no virus found
[B]DrWeb 4.33 10.27.2006 no virus found [/B]
eTrust-InoculateIT 23.73.38 10.27.2006 no virus found
eTrust-Vet 30.3.3162 10.27.2006 no virus found
Ewido 4.0 10.27.2006 Trojan.Daideneg.a
Fortinet 2.82.0.0 10.27.2006 W32/Daideneg.A!tr
F-Prot 3.16f 10.27.2006 no virus found
F-Prot4 4.2.1.29 10.27.2006 no virus found
Ikarus 0.2.65.0 10.27.2006 no virus found
Kaspersky 4.0.2.24 10.27.2006 Trojan.Win32.Daideneg.a
[B]McAfee 4882 10.26.2006 no virus found [/B]
Microsoft 1.1609 10.26.2006 no virus found
NOD32v2 1.1840 10.27.2006 Win32/Agent.NBY
Norman 5.80.02 10.26.2006 W32/Agent.AHAP
Panda 9.0.0.4 10.27.2006 Suspicious file
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.106 10.26.2006 no virus found
UNA 1.83 10.26.2006 Trojan.Win32.Daideneg.A951
VBA32 3.11.1 10.26.2006 Trojan.Win32.Daideneg.a
VirusBuster 4.3.15:9 10.27.2006 no virus found


Aditional Information
File size: 4608 bytes
MD5: 711bcd7321a4236691e2cce057897891
SHA1: 14a5ece4d49dbbea61d58ab922250dae0812c881
packers: UPX
packers: UPX
packers: UPX
packers: UPX

Complete scanning result of "winckhlp.exe", received in VirusTotal at 10.28.2006, 04:43:46 (CET).

Antivirus Version Update Result
[B]AntiVir 7.2.0.34 10.27.2006 HEUR/Crypted[/B]
Authentium 4.93.8 10.27.2006 no virus found
Avast 4.7.892.0 10.27.2006 no virus found
AVG 386 10.27.2006 no virus found
BitDefender 7.2 10.28.2006 no virus found
CAT-QuickHeal 8.00 10.27.2006 no virus found
ClamAV devel-20060426 10.27.2006 no virus found
[B]DrWeb 4.33 10.27.2006 Trojan.PWS.Ebay[/B]
eTrust-InoculateIT 23.73.39 10.27.2006 no virus found
eTrust-Vet 30.3.3162 10.27.2006 no virus found
Ewido 4.0 10.27.2006 no virus found
Fortinet 2.82.0.0 10.28.2006 no virus found
F-Prot 3.16f 10.27.2006 no virus found
F-Prot4 4.2.1.29 10.27.2006 no virus found
Ikarus 0.2.65.0 10.28.2006 no virus found
Kaspersky 4.0.2.24 10.28.2006 no virus found
McAfee 4883 10.27.2006 no virus found
Microsoft 1.1609 10.26.2006 no virus found
NOD32v2 1.1842 10.27.2006 no virus found
Norman 5.80.02 10.27.2006 no virus found
Panda 9.0.0.4 10.27.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.107 10.27.2006 no virus found
UNA 1.83 10.27.2006 no virus found
VBA32 3.11.1 10.27.2006 no virus found
VirusBuster 4.3.15:9 10.27.2006 no virus found

Aditional Information
File size: 121856 bytes
MD5: b023adf7fe52f5250d23cca4ca60bbf0
SHA1: fcdab93ed2bbd119e734a71d235619dae6203be2
packers: ASPACK
packers: Aspack

Complete scanning result of "[b]pack_setup.exe[/b]", received in VirusTotal at 10.28.2006, 08:07:28 (CET).

[i]Antivirus Version Update Result[/i]
AntiVir 7.2.0.34 10.27.2006 Worm/IRCBot.32768.1
Authentium 4.93.8 10.28.2006 Possibly a new variant of W32/IRCBot-based!Maximus
[COLOR="#ff0000"]Avast 4.7.892.0 10.27.2006 no virus found[/COLOR]
AVG 386 10.27.2006 Generic2.FOK
[COLOR="#ff0000"]BitDefender 7.2 10.28.2006 no virus found[/COLOR]
CAT-QuickHeal 8.00 10.27.2006 Trojan.Horst.gen
[COLOR="#ff0000"]ClamAV devel-20060426 10.27.2006 no virus found[/COLOR]
DrWeb 4.33 10.27.2006 Win32.HLLW.Medbod
eTrust-InoculateIT 23.73.40 10.28.2006 Win32/Boxed.6vi!Trojan
eTrust-Vet 30.3.3162 10.27.2006 Win32/Boxed!generic
Ewido 4.0 10.27.2006 Backdoor.IRCBot.xq
Fortinet 2.82.0.0 10.28.2006 W32/BEAV_New_Malware.XQ!tr.bdr
F-Prot 3.16f 10.28.2006 Possibly a new variant of W32/IRCBot-based!Maximus
F-Prot4 4.2.1.29 10.27.2006 W32/IRCBot-based!Maximus
Ikarus 0.2.65.0 10.28.2006 Backdoor.Win32.IRCBot.xq
Kaspersky 4.0.2.24 10.28.2006 Backdoor.Win32.IRCBot.xq
[COLOR="#ff0000"]McAfee 4883 10.27.2006 no virus found
Microsoft 1.1609 10.26.2006 no virus found[/COLOR]
NOD32v2 1.1842 10.27.2006 Win32/Medbot.BU
[COLOR="#ff0000"]Norman 5.80.02 10.27.2006 no virus found[/COLOR]
[i]Panda 9.0.0.4 10.27.2006 Suspicious file[/i]
[COLOR="#ff0000"]Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.107 10.27.2006 no virus found[/COLOR]
UNA 1.83 10.27.2006 Backdoor.IRCBot.6CC9
[COLOR="#ff0000"]VBA32 3.11.1 10.27.2006 no virus found[/COLOR]
VirusBuster 4.3.15:9 10.27.2006 Worm.Medbot.Gen.6

Aditional Information
File size: 36864 bytes
MD5: c06956fe1ef2493912d9c58cc737e135
SHA1: f3f37cf792c0a15a23dcef7ac7417c0186c63670
packers: UPX
packers: UPX
packers: UPX
packers: UPX

Complete scanning result of "[b]ARM32.dLL[/b]", received in VirusTotal at 10.28.2006, 12:08:45 (CET).

[i]Antivirus Version Update Result[/i]
AntiVir 7.2.0.34 10.27.2006 TR/Proxy.Xorpi.AM.1
[COLOR="#ff0000"]Authentium 4.93.8 10.28.2006 no virus found[/COLOR]
Avast 4.7.892.0 10.27.2006 Win32:Xorpix-U
AVG 386 10.27.2006 Proxy.GBP
[COLOR="#ff0000"]BitDefender 7.2 10.28.2006 no virus found[/COLOR]
[COLOR="#ff0000"]CAT-QuickHeal 8.00 10.27.2006 no virus found[/COLOR]
[COLOR="#ff0000"]ClamAV devel-20060426 10.28.2006 no virus found[/COLOR]
DrWeb 4.33 10.28.2006 Trojan.Proxy.1098
[COLOR="#ff0000"]eTrust-InoculateIT 23.73.40 10.28.2006 no virus found[/COLOR]
eTrust-Vet 30.3.3164 10.28.2006 Win32/Hsow!generic
Ewido 4.0 10.27.2006 Proxy.Xorpix.am
Fortinet 2.82.0.0 10.28.2006 W32/Xorpix.AM!tr
[COLOR="#ff0000"]F-Prot 3.16f 10.28.2006 no virus found[/COLOR]
[COLOR="#ff0000"]F-Prot4 4.2.1.29 10.27.2006 no virus found[/COLOR]
Ikarus 0.2.65.0 10.28.2006 Packer.byDwing
Kaspersky 4.0.2.24 10.28.2006 Trojan-Proxy.Win32.Xorpix.am
[COLOR="#ff0000"]McAfee 4883 10.27.2006 no virus found[/COLOR]
[COLOR="#ff0000"]Microsoft 1.1609 10.26.2006 no virus found[/COLOR]
NOD32v2 1.1842 10.27.2006 Win32/TrojanProxy.Xorpix
[COLOR="#ff0000"]Norman 5.80.02 10.27.2006 no virus found[/COLOR]
Panda 9.0.0.4 10.27.2006 Suspicious file
Sophos 4.10.0 10.26.2006 Mal/Packer
TheHacker 6.0.1.107 10.27.2006 Trojan/Proxy.Xorpix.am
UNA 1.83 10.27.2006 TrojanProxy.Win32.Xorpix.477F
VBA32 3.11.1 10.27.2006 Trojan-Proxy.Win32.Xorpix.am
[COLOR="#ff0000"]VirusBuster 4.3.15:9 10.27.2006 no virus found[/COLOR]

Aditional Information
File size: 13185 bytes
MD5: 155b1b4353eba435ba2647fa7522954a
SHA1: f123a68db5bda8a42b9720bf915de2951df55a06
packers: Upack
packers: UPACK
packers: UPack

Complete scanning result of "[b]ZHanny_friski.exe[/b]", received in VirusTotal at 10.28.2006, 12:14:15 (CET).

[i]Antivirus Version Update Result[/i]
AntiVir 7.2.0.34 10.27.2006 TR/Spy.Agent.ACU
Authentium 4.93.8 10.28.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus
[COLOR="#ff0000"]Avast 4.7.892.0 10.27.2006 no virus found[/COLOR]
AVG 386 10.27.2006 PSW.Ldpinch.CKB
BitDefender 7.2 10.28.2006 DeepScan:Generic.Malware.FYd!lg.A3AD7032
CAT-QuickHeal 8.00 10.27.2006 (Suspicious) - DNAScan
[COLOR="#ff0000"]ClamAV devel-20060426 10.28.2006 no virus found[/COLOR]
DrWeb 4.33 10.28.2006 Trojan.PWS.LDPinch.1233
[COLOR="#ff0000"]eTrust-InoculateIT 23.73.40 10.28.2006 no virus found
eTrust-Vet 30.3.3164 10.28.2006 no virus found[/COLOR]
Ewido 4.0 10.27.2006 Trojan.LdPinch.azw
Fortinet 2.82.0.0 10.28.2006 W32/LdPinch.AZW!tr.pws
F-Prot 3.16f 10.28.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus
F-Prot4 4.2.1.29 10.27.2006 W32/HLLI-MewOrleans-based!Maximus
Ikarus 0.2.65.0 10.28.2006 Backdoor.Win32.Ciadoor.N
Kaspersky 4.0.2.24 10.28.2006 Trojan-PSW.Win32.LdPinch.azw
[COLOR="#ff0000"]McAfee 4883 10.27.2006 no virus found[/COLOR]
Microsoft 1.1609 10.26.2006 Win32/Ldpinch
[COLOR="#ff0000"]NOD32v2 1.1842 10.27.2006 no virus found[/COLOR]
Norman 5.80.02 10.27.2006 W32/Suspicious_M.gen
Panda 9.0.0.4 10.27.2006 Trj/LDPinch.TT
Sophos 4.10.0 10.26.2006 Mal/Packer
TheHacker 6.0.1.107 10.27.2006 Trojan/PSW.LdPinch.azw
UNA 1.83 10.27.2006 Trojan.PSW.Win32.LdPinch.47B7
VBA32 3.11.1 10.27.2006 Trojan-PSW.Win32.LdPinch.azw
[COLOR="#ff0000"]VirusBuster 4.3.15:9 10.27.2006 no virus found[/COLOR]

Aditional Information
File size: 24384 bytes
MD5: 72d3fdba15a1c26b04d9c15e8a3afefe
SHA1: 0cb5e3f52e371342a0896fa8d71c99dd258fc6b1
packers: MEW
packers: MEW

Complete scanning result of "sex_scene.scr", received in VirusTotal at 10.29.2006, 13:16:07 (CET).


Antivirus Version Update Result

[B]AntiVir 7.2.0.34 10.28.2006 HEUR/Crypted
Authentium 4.93.8 10.28.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus[/B]
[COLOR="Red"]Avast 4.7.892.0 10.27.2006 no virus found
AVG 386 10.27.2006 no virus found
BitDefender 7.2 10.29.2006 no virus found[/COLOR]
[B]CAT-QuickHeal 8.00 10.28.2006 (Suspicious) - DNAScan[/B]
[COLOR="#ff0000"]ClamAV devel-20060426 10.29.2006 no virus found
DrWeb 4.33 10.29.2006 no virus found
eTrust-InoculateIT 23.73.40 10.28.2006 no virus found
eTrust-Vet 30.3.3164 10.28.2006 no virus found
Ewido 4.0 10.28.2006 no virus found
Fortinet 2.82.0.0 10.29.2006 no virus found[/COLOR]
[B]F-Prot 3.16f 10.28.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus
F-Prot4 4.2.1.29 10.29.2006 W32/HLLI-MewOrleans-based!Maximus[/B]
[COLOR="#ff0000"]Ikarus 0.2.65.0 10.29.2006 no virus found[/COLOR]
[B]Kaspersky 4.0.2.24 10.29.2006 Trojan-PSW.Win32.LdPinch.bbe[/B]
[COLOR="#ff0000"]McAfee 4883 10.27.2006 no virus found[/COLOR]
[B]Microsoft 1.1609 10.26.2006 Win32/Ldpinch[/B]
[COLOR="#ff0000"]NOD32v2 1.1842 10.27.2006 no virus found[/COLOR]
[B]Norman 5.80.02 10.27.2006 W32/Suspicious_M.gen
Panda 9.0.0.4 10.28.2006 Suspicious file
Sophos 4.10.0 10.26.2006 Mal/Packer[/B]
[COLOR="#ff0000"]TheHacker 6.0.1.107 10.27.2006 no virus found[/COLOR]
[COLOR="#ff0000"]UNA 1.83 10.27.2006 no virus found[/COLOR]
[B]VBA32 3.11.1 10.27.2006 suspected of Malware.Agent.26 (paranoid heuristics)[/B]
[COLOR="#ff0000"]VirusBuster 4.3.15:9 10.29.2006 no virus found[/COLOR]

Aditional Information
File size: 49877 bytes
MD5: b2bdeb7ea1b04210de09eb581cacfc96
SHA1: 7c8d4ad69abffbb144abe82bba5863e0f42e21c9
packers: MEW
packers: MEW

Complete scanning result of "execute._xe", received in VirusTotal at 10.31.2006, 23:39:38 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 TR/Click.Delf.FZ
Authentium 4.93.8 10.31.2006 no virus found
Avast 4.7.892.0 10.31.2006 no virus found
AVG 386 10.31.2006 Clicker.CPS
BitDefender 7.2 10.31.2006 no virus found
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 10.31.2006 no virus found
DrWeb 4.33 10.31.2006 DLOADER.Trojan
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3170 10.31.2006 no virus found
Ewido 4.0 10.31.2006 no virus found
Fortinet 2.82.0.0 10.31.2006 Adware/Delf!017
F-Prot 3.16f 10.31.2006 no virus found
F-Prot4 4.2.1.29 10.31.2006 no virus found
Ikarus 0.2.65.0 10.31.2006 no virus found
Kaspersky 4.0.2.24 11.01.2006 Trojan-Clicker.Win32.Delf.fz
McAfee 4885 10.31.2006 no virus found
Microsoft 1.1609 10.31.2006 no virus found
NOD32v2 1.1846 10.31.2006 no virus found
Norman 5.80.02 10.31.2006 W32/Delf.SEM
Panda 9.0.0.4 10.31.2006 Trj/Regger.E
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.109 10.30.2006 no virus found
UNA 1.83 10.31.2006 TrojanClicker.Win32.Delf.A4FB
VBA32 3.11.1 10.31.2006 no virus found
VirusBuster 4.3.15:9 10.31.2006 Trojan.CL.Delf.SOG


Aditional Information
File size: 280576 bytes
MD5: b3cc2a0366ce124b04fc4f279b742a7c
SHA1: c638421da3cc811dac1f7472d9dd7f229b583a50
packers: UPX
packers: UPX
packers: UPX

Complete scanning result of "index_1_.htm", received in VirusTotal at 11.01.2006, 10:46:43 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 no virus found
Authentium 4.93.8 10.31.2006 no virus found
Avast 4.7.892.0 10.31.2006 no virus found
AVG 386 11.01.2006 no virus found
BitDefender 7.2 11.01.2006 no virus found
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 11.01.2006 Exploit.HTML.VML
DrWeb 4.33 11.01.2006 no virus found
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3172 11.01.2006 no virus found
Ewido 4.0 10.31.2006 no virus found
Fortinet 2.82.0.0 11.01.2006 no virus found
F-Prot 3.16f 10.31.2006 no virus found
F-Prot4 4.2.1.29 10.31.2006 no virus found
Ikarus 0.2.65.0 10.31.2006 no virus found
Kaspersky 4.0.2.24 11.01.2006 no virus found
McAfee 4885 10.31.2006 no virus found
Microsoft 1.1609 11.01.2006 no virus found
NOD32v2 1.1846 10.31.2006 no virus found
Norman 5.80.02 10.31.2006 JS/Exploit_based.D
Panda 9.0.0.4 11.01.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.109 10.30.2006 no virus found
UNA 1.83 10.31.2006 no virus found
VBA32 3.11.1 10.31.2006 no virus found
VirusBuster 4.3.15:9 10.31.2006 no virus found


Aditional Information
File size: 105081 bytes
MD5: 3507f4249a56487fd38c22a3c5c3276c
SHA1: f707aadf9bd467f64a9ade4a16a752c0a7476d7c


Complete scanning result of "_tmp0374.exe", received in VirusTotal at 11.01.2006, 10:15:37 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 HEUR/Malware
Authentium 4.93.8 10.31.2006 no virus found
Avast 4.7.892.0 10.31.2006 no virus found
AVG 386 11.01.2006 Downloader.Generic2.VGB
BitDefender 7.2 11.01.2006 Generic.Malware.dld!!.D72BBC9C
CAT-QuickHeal 8.00 10.31.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.01.2006 no virus found
DrWeb 4.33 11.01.2006 no virus found
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3172 11.01.2006 no virus found
Ewido 4.0 10.31.2006 no virus found
Fortinet 2.82.0.0 11.01.2006 suspicious
F-Prot 3.16f 10.31.2006 no virus found
F-Prot4 4.2.1.29 10.31.2006 no virus found
Ikarus 0.2.65.0 10.31.2006 no virus found
Kaspersky 4.0.2.24 11.01.2006 no virus found
McAfee 4885 10.31.2006 no virus found
Microsoft 1.1609 11.01.2006 no virus found
NOD32v2 1.1846 10.31.2006 no virus found
Norman 5.80.02 10.31.2006 Suspicious_F.gen
Panda 9.0.0.4 11.01.2006 Suspicious file
Sophos 4.10.0 10.26.2006 Mal/Packer
TheHacker 6.0.1.109 10.30.2006 no virus found
UNA 1.83 10.31.2006 no virus found
VBA32 3.11.1 10.31.2006 no virus found
VirusBuster 4.3.15:9 10.31.2006 no virus found


Aditional Information
File size: 1633 bytes
MD5: bd2c4f76f779f657e366c2c743571a72
SHA1: e758beb0eadfc1053f7b82cc39919438597d3771
packers: FSG
packers: FSG


Complete scanning result of "dminload.exe", received in VirusTotal at 11.01.2006, 10:21:29 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 no virus found
Authentium 4.93.8 10.31.2006 no virus found
Avast 4.7.892.0 10.31.2006 no virus found
AVG 386 11.01.2006 no virus found
BitDefender 7.2 11.01.2006 Win32.Stration.Gen@mm
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 11.01.2006 no virus found
DrWeb 4.33 11.01.2006 no virus found
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3172 11.01.2006 Win32/Stration!generic
Ewido 4.0 10.31.2006 no virus found
Fortinet 2.82.0.0 11.01.2006 no virus found
F-Prot 3.16f 10.31.2006 no virus found
F-Prot4 4.2.1.29 10.31.2006 no virus found
Ikarus 0.2.65.0 10.31.2006 no virus found
Kaspersky 4.0.2.24 11.01.2006 no virus found
McAfee 4885 10.31.2006 no virus found
Microsoft 1.1609 11.01.2006 Win32/Stration.gen!dl
NOD32v2 1.1846 10.31.2006 no virus found
Norman 5.80.02 10.31.2006 no virus found
Panda 9.0.0.4 11.01.2006 Suspicious file
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.109 10.30.2006 no virus found
UNA 1.83 10.31.2006 I-Worm.Warezov
VBA32 3.11.1 10.31.2006 no virus found
VirusBuster 4.3.15:9 10.31.2006 no virus found


Aditional Information
File size: 12288 bytes
MD5: 720046632947d427c7b8d979fba7044d
SHA1: 142bc914aff128335f424c42a586bd112fe10b12


Complete scanning result of "mqqmkbdu.dll", received in VirusTotal at 11.01.2006, 10:22:09 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 no virus found
Authentium 4.93.8 10.31.2006 Possibly a new variant of W32/Bongler-based
Avast 4.7.892.0 10.31.2006 no virus found
AVG 386 11.01.2006 no virus found
BitDefender 7.2 11.01.2006 Win32.Stration.Gen@mm
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 11.01.2006 no virus found
DrWeb 4.33 11.01.2006 no virus found
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3172 11.01.2006 Win32/Stration!generic
Ewido 4.0 10.31.2006 no virus found
Fortinet 2.82.0.0 11.01.2006 no virus found
F-Prot 3.16f 10.31.2006 Possibly a new variant of W32/Bongler-based
F-Prot4 4.2.1.29 10.31.2006 W32/Bongler-based
Ikarus 0.2.65.0 10.31.2006 no virus found
Kaspersky 4.0.2.24 11.01.2006 no virus found
McAfee 4885 10.31.2006 W32/Stration@MM
Microsoft 1.1609 11.01.2006 Win32/Stration.gen!dll.E
NOD32v2 1.1846 10.31.2006 a variant of Win32/Stration
Norman 5.80.02 10.31.2006 no virus found
Panda 9.0.0.4 11.01.2006 no virus found
Sophos 4.10.0 10.26.2006 W32/Strati-Gen
TheHacker 6.0.1.109 10.30.2006 W32/Stration@MM
UNA 1.83 10.31.2006 I-Worm.Warezov
VBA32 3.11.1 10.31.2006 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.15:9 10.31.2006 no virus found


Aditional Information
File size: 20480 bytes
MD5: 2c551bd1bb8de2a82238b91f1bcae8ee
SHA1: ea4ee89b6afce52816659b2763849012de5b72f4


Complete scanning result of "e1.dll", received in VirusTotal at 11.01.2006, 10:26:24 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 no virus found
Authentium 4.93.8 10.31.2006 Possibly a new variant of W32/Bongler-based
Avast 4.7.892.0 10.31.2006 no virus found
AVG 386 11.01.2006 no virus found
BitDefender 7.2 11.01.2006 Win32.Stration.Gen@mm
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 11.01.2006 no virus found
DrWeb 4.33 11.01.2006 no virus found
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3172 11.01.2006 Win32/Stration!generic
Ewido 4.0 10.31.2006 no virus found
Fortinet 2.82.0.0 11.01.2006 no virus found
F-Prot 3.16f 10.31.2006 Possibly a new variant of W32/Bongler-based
F-Prot4 4.2.1.29 10.31.2006 W32/Bongler-based
Ikarus 0.2.65.0 10.31.2006 no virus found
Kaspersky 4.0.2.24 11.01.2006 no virus found
McAfee 4885 10.31.2006 W32/Stration@MM
Microsoft 1.1609 11.01.2006 Win32/Stration.gen!dll.B
NOD32v2 1.1846 10.31.2006 no virus found
Norman 5.80.02 10.31.2006 no virus found
Panda 9.0.0.4 11.01.2006 no virus found
Sophos 4.10.0 10.26.2006 W32/Strati-Gen
TheHacker 6.0.1.109 10.30.2006 W32/Stration@MM
UNA 1.83 10.31.2006 I-Worm.Warezov
VBA32 3.11.1 10.31.2006 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.15:9 10.31.2006 no virus found


Aditional Information
File size: 8192 bytes
MD5: b25b8112b47c73a93df5f9a103761909
SHA1: 3df20c7e236e7739a8b15ee89e3243c04e371778


Complete scanning result of "mcd3stor.dll", received in VirusTotal at 11.01.2006, 10:26:53 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 WORM/Stration.Gen
Authentium 4.93.8 10.31.2006 W32/Warezov.gen4
Avast 4.7.892.0 10.31.2006 no virus found
AVG 386 11.01.2006 no virus found
BitDefender 7.2 11.01.2006 DeepScan:Generic.Stration.0CF2AF6E
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 11.01.2006 no virus found
DrWeb 4.33 11.01.2006 no virus found
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3172 11.01.2006 no virus found
Ewido 4.0 10.31.2006 no virus found
Fortinet 2.82.0.0 11.01.2006 no virus found
F-Prot 3.16f 10.31.2006 W32/Warezov.gen4
F-Prot4 4.2.1.29 10.31.2006 W32/Warezov.gen4
Ikarus 0.2.65.0 10.31.2006 no virus found
Kaspersky 4.0.2.24 11.01.2006 no virus found
McAfee 4885 10.31.2006 no virus found
Microsoft 1.1609 11.01.2006 no virus found
NOD32v2 1.1846 10.31.2006 no virus found
Norman 5.80.02 10.31.2006 no virus found
Panda 9.0.0.4 11.01.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.109 10.30.2006 no virus found
UNA 1.83 10.31.2006 I-Worm.Warezov
VBA32 3.11.1 10.31.2006 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.15:9 10.31.2006 no virus found


Aditional Information
File size: 106496 bytes
MD5: 83f7be7ac48a8ca425115c4f4d24f134
SHA1: bf2174c0bb0fad7b37a7fc98f57f3fe0ff2a8140


Complete scanning result of "mqqmkbdu.dll", received in VirusTotal at 11.01.2006, 10:26:59 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 no virus found
Authentium 4.93.8 10.31.2006 Possibly a new variant of W32/Bongler-based
Avast 4.7.892.0 10.31.2006 no virus found
AVG 386 11.01.2006 no virus found
BitDefender 7.2 11.01.2006 Win32.Stration.Gen@mm
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 11.01.2006 no virus found
DrWeb 4.33 11.01.2006 no virus found
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3172 11.01.2006 Win32/Stration!generic
Ewido 4.0 10.31.2006 no virus found
Fortinet 2.82.0.0 11.01.2006 no virus found
F-Prot 3.16f 10.31.2006 Possibly a new variant of W32/Bongler-based
F-Prot4 4.2.1.29 10.31.2006 W32/Bongler-based
Ikarus 0.2.65.0 10.31.2006 no virus found
Kaspersky 4.0.2.24 11.01.2006 no virus found
McAfee 4885 10.31.2006 W32/Stration@MM
Microsoft 1.1609 11.01.2006 Win32/Stration.gen!dll.E
NOD32v2 1.1846 10.31.2006 a variant of Win32/Stration
Norman 5.80.02 10.31.2006 no virus found
Panda 9.0.0.4 11.01.2006 no virus found
Sophos 4.10.0 10.26.2006 W32/Strati-Gen
TheHacker 6.0.1.109 10.30.2006 W32/Stration@MM
UNA 1.83 10.31.2006 I-Worm.Warezov
VBA32 3.11.1 10.31.2006 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.15:9 10.31.2006 no virus found


Aditional Information
File size: 20480 bytes
MD5: 2c551bd1bb8de2a82238b91f1bcae8ee
SHA1: ea4ee89b6afce52816659b2763849012de5b72f4

STATUS: FINISHEDComplete scanning result of "__1056", received in VirusTotal at 11.01.2006, 10:43:53 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 TR/PSW.LdPinch.VM
Authentium 4.93.8 10.31.2006 is a security risk or a "backdoor" program
Avast 4.7.892.0 10.31.2006 Win32:Trojan-gen. {VC}
AVG 386 11.01.2006 PSW.Ldpinch.10.AC
BitDefender 7.2 11.01.2006 Trojan.Pws.Ldpinch.VM
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 11.01.2006 no virus found
DrWeb 4.33 11.01.2006 no virus found
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3172 11.01.2006 no virus found
Ewido 4.0 10.31.2006 Trojan.LdPinch.vm
Fortinet 2.82.0.0 11.01.2006 W32/LdPinch.VM!tr.pws
F-Prot 3.16f 10.31.2006 security risk or a "backdoor" program
F-Prot4 4.2.1.29 10.31.2006 generic
Ikarus 0.2.65.0 10.31.2006 Trojan-PSW.Win32.LdPinch.vm
Kaspersky 4.0.2.24 11.01.2006 Trojan-PSW.Win32.LdPinch.vm
McAfee 4885 10.31.2006 PWS-LDPinch
Microsoft 1.1609 11.01.2006 no virus found
NOD32v2 1.1846 10.31.2006 Win32/PSW.LdPinch.VM
Norman 5.80.02 10.31.2006 W32/LdPinch.AZY
Panda 9.0.0.4 11.01.2006 no virus found
Sophos 4.10.0 10.26.2006 Troj/LDPinch-IS
TheHacker 6.0.1.109 10.30.2006 Trojan/PSW.LdPinch.vm
UNA 1.83 10.31.2006 Trojan.PSW.Win32.LdPinch.8695
VBA32 3.11.1 10.31.2006 Trojan-PSW.Win32.LdPinch.vm
VirusBuster 4.3.15:9 10.31.2006 Trojan.PWS.LdPinch.ER


Aditional Information
File size: 1421312 bytes
MD5: b8ddffbc16d4fb9122721b0eb1cd13fd
SHA1: 5bb058b071588d408b9f4c6da800e6691ae1b4a3

Complete scanning result of "_______.exe", received in VirusTotal at 11.01.2006, 14:12:23 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 TR/Dldr.Delf.awg.2
Authentium 4.93.8 10.31.2006 no virus found
Avast 4.7.892.0 10.31.2006 Win32:Delf-BNL
AVG 386 11.01.2006 Downloader.Generic2.OAH
BitDefender 7.2 11.01.2006 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 8.00 10.31.2006 TrojanDownloader.Delf.awg
ClamAV devel-20060426 11.01.2006 Trojan.Downloader.Small-2298
DrWeb 4.33 11.01.2006 Trojan.DownLoader.12541
eTrust-InoculateIT 23.73.42 11.01.2006 Win32/Areses.5xb!Trojan
eTrust-Vet 30.3.3172 11.01.2006 Win32/Areses.AE
Ewido 4.0 11.01.2006 Downloader.Delf.awg
Fortinet 2.82.0.0 11.01.2006 W32/Delf.AWG!tr.dldr
F-Prot 3.16f 10.31.2006 no virus found
F-Prot4 4.2.1.29 10.31.2006 no virus found
Ikarus 0.2.65.0 10.31.2006 Packer.byDwing
Kaspersky 4.0.2.24 11.01.2006 Trojan-Downloader.Win32.Delf.awg
McAfee 4885 10.31.2006 Downloader-AWA
Microsoft 1.1609 11.01.2006 no virus found
NOD32v2 1.1847 11.01.2006 a variant of Win32/TrojanDownloader.Delf.AJD
Norman 5.80.02 11.01.2006 W32/DLoader.RR
Panda 9.0.0.4 11.01.2006 Trj/Downloader.KHM
Sophos 4.10.0 10.26.2006 Troj/Dloadr-AMN
TheHacker 6.0.1.109 10.30.2006 no virus found
UNA 1.83 10.31.2006 TrojanDownloader.Win32.Delf.9EEB
VBA32 3.11.1 10.31.2006 Trojan-Downloader.Win32.Delf.awg
VirusBuster 4.3.15:9 10.31.2006 no virus found

Aditional Information
File size: 11131 bytes
MD5: 8563010d68c732950181f2d8e0b5753f
SHA1: cef385786fe03aa90a97a2b0545b07c51b3d2049
packers: Upack
packers: UPACK
packers: UPack

Complete scanning result of "Windows_2003_crack.scr", received in VirusTotal at 11.01.2006, 14:32:33 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 Worm/Scano.AB
Authentium 4.93.8 10.31.2006 no virus found
Avast 4.7.892.0 10.31.2006 Win32:Scano-AS
AVG 386 11.01.2006 I-Worm/Scano.BC
BitDefender 7.2 11.01.2006 Win32.Scano.AB@mm
CAT-QuickHeal 8.00 11.01.2006 I-Worm.Scano.x
ClamAV devel-20060426 11.01.2006 Worm.Scano.AH
DrWeb 4.33 11.01.2006 Win32.HLLM.Perf
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3172 11.01.2006 Win32/Areses.AK
Ewido 4.0 11.01.2006 Worm.Scano.x
Fortinet 2.82.0.0 11.01.2006 W32/Areses.H
F-Prot 3.16f 10.31.2006 no virus found
F-Prot4 4.2.1.29 10.31.2006 no virus found
Ikarus 0.2.65.0 10.31.2006 Email-Worm.Win32.Scano.x
Kaspersky 4.0.2.24 11.01.2006 Email-Worm.Win32.Scano.x
McAfee 4885 10.31.2006 W32/Areses.h
Microsoft 1.1609 11.01.2006 Win32/Scano.gen
NOD32v2 1.1847 11.01.2006 Win32/Scano.NBC
Norman 5.80.02 11.01.2006 W32/Suspicious_U.gen
Panda 9.0.0.4 11.01.2006 W32/Areses.BF.worm
Sophos 4.10.0 10.26.2006 Mal/Packer
TheHacker 6.0.1.109 10.30.2006 no virus found
UNA 1.83 10.31.2006 no virus found
VBA32 3.11.1 10.31.2006 Worm.Win32.Scano.NBC
VirusBuster 4.3.15:9 10.31.2006 I-Worm.Scano.BD

Aditional Information
File size: 20900 bytes
MD5: e0ce6ec3ef1dd0db9ebc6bdb47664516
SHA1: e454e118476ccba6a32e0021ac8794eb2fa2fc43
packers: UPACK
packers: UPack

Complete scanning result of "kbui32-virus.rar", received in VirusTotal at 11.03.2006, 15:28:59 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.37 11.03.2006 no virus found
Authentium 4.93.8 11.03.2006 no virus found
Avast 4.7.892.0 11.02.2006 no virus found
AVG 386 11.03.2006 no virus found
BitDefender 7.2 11.03.2006 no virus found
CAT-QuickHeal 8.00 11.03.2006 no virus found
ClamAV devel-20060426 11.03.2006 no virus found
DrWeb 4.33 11.03.2006 no virus found
eTrust-InoculateIT 23.73.44 11.03.2006 no virus found
eTrust-Vet 30.3.3176 11.03.2006 no virus found
Ewido 4.0 11.03.2006 no virus found
Fortinet 2.82.0.0 11.03.2006 suspicious
F-Prot 3.16f 11.03.2006 no virus found
F-Prot4 4.2.1.29 11.03.2006 no virus found
Ikarus 0.2.65.0 11.03.2006 no virus found
Kaspersky 4.0.2.24 11.03.2006 no virus found
McAfee 4887 11.02.2006 no virus found
Microsoft 1.1609 11.03.2006 no virus found
NOD32v2 1.1851 11.03.2006 no virus found
Norman 5.80.02 11.03.2006 no virus found
Panda 9.0.0.4 11.02.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.111 11.02.2006 no virus found
UNA 1.83 11.02.2006 no virus found
[B]VBA32 3.11.1 11.02.2006 suspected of Email-Worm.Mydoom.3 (paranoid heuristics)[/B]
VirusBuster 4.3.15:9 11.03.2006 no virus found

Aditional Information
File size: 88083 bytes
MD5: 5f31c51064efab447fcd1ca42616f048
SHA1: e4fd8e42d2682ebd710808ccc5bc2ffbcf5f123a
packers: UPX
packers: UPX
packers: UPX


рассылало спам с машинки

Complete scanning result of "avz00005.dta", received in VirusTotal at 11.04.2006, 23:59:47 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.37 11.03.2006 no virus found
Authentium 4.93.8 11.04.2006 no virus found
Avast 4.7.892.0 11.03.2006 no virus found
AVG 386 11.04.2006 no virus found
BitDefender 7.2 11.04.2006 no virus found
CAT-QuickHeal 8.00 11.04.2006 no virus found
ClamAV devel-20060426 11.04.2006 no virus found
DrWeb 4.33 11.04.2006 Win32.HLLM.Limar
eTrust-InoculateIT 23.73.45 11.03.2006 no virus found
eTrust-Vet 30.3.3176 11.03.2006 no virus found
Ewido 4.0 11.04.2006 no virus found
Fortinet 2.82.0.0 11.04.2006 no virus found
F-Prot 3.16f 11.04.2006 no virus found
F-Prot4 4.2.1.29 11.04.2006 no virus found
Ikarus 0.2.65.0 11.03.2006 no virus found
Kaspersky 4.0.2.24 11.04.2006 no virus found
McAfee 4888 11.03.2006 no virus found
Microsoft 1.1609 11.04.2006 no virus found
NOD32v2 1.1853 11.03.2006 a variant of Win32/Stration
Norman 5.80.02 11.03.2006 no virus found
Panda 9.0.0.4 11.04.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.112 11.03.2006 no virus found
UNA 1.83 11.03.2006 I-Worm.Warezov.bg
VBA32 3.11.1 11.04.2006 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.15:9 11.04.2006 no virus found


Aditional Information
File size: 49152 bytes
MD5: 904492a4f1fd81035d744f780b56b437
SHA1: 9280066a44df6bdb584d014677b153154f79a887


Complete scanning result of "avz00006.dta", received in VirusTotal at 11.05.2006, 00:02:54 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.37 11.03.2006 no virus found
Authentium 4.93.8 11.04.2006 no virus found
Avast 4.7.892.0 11.03.2006 no virus found
AVG 386 11.04.2006 no virus found
BitDefender 7.2 11.04.2006 no virus found
CAT-QuickHeal 8.00 11.04.2006 no virus found
ClamAV devel-20060426 11.04.2006 no virus found
DrWeb 4.33 11.04.2006 Win32.HLLM.Limar
eTrust-InoculateIT 23.73.45 11.03.2006 no virus found
eTrust-Vet 30.3.3176 11.03.2006 no virus found
Ewido 4.0 11.04.2006 no virus found
Fortinet 2.82.0.0 11.04.2006 no virus found
F-Prot 3.16f 11.04.2006 no virus found
F-Prot4 4.2.1.29 11.04.2006 no virus found
Ikarus 0.2.65.0 11.03.2006 no virus found
Kaspersky 4.0.2.24 11.04.2006 no virus found
McAfee 4888 11.03.2006 no virus found
Microsoft 1.1609 11.04.2006 Win32/Stration.gen!dll.A
NOD32v2 1.1853 11.03.2006 no virus found
Norman 5.80.02 11.03.2006 no virus found
Panda 9.0.0.4 11.04.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.112 11.03.2006 no virus found
UNA 1.83 11.03.2006 I-Worm.Warezov.cp
VBA32 3.11.1 11.04.2006 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.15:9 11.04.2006 no virus found


Aditional Information
File size: 176128 bytes
MD5: 91c5a0af3c0e9e056ebd8e2ef0501f23
SHA1: 1e64815bc754a682bbc0d3de34ad98a1a5f2ca6b

[QUOTE=ZDM]Давненько шото итогов небыло. Какова там ситуаций ?[/QUOTE]вот -

Complete scanning result of "_________.jpg_.exe", received in VirusTotal at 11.07.2006, 10:34:05 (CET).


Antivirus Version Update Result

[B]AntiVir 7.2.0.37 11.07.2006 TR/Dldr.Delf.awg.2[/B]
Authentium 4.93.8 11.06.2006 no virus found
[B]Avast 4.7.892.0 11.06.2006 Win32:Delf-BSE[/B]
AVG 386 11.07.2006 no virus found
[B]BitDefender 7.2 11.06.2006 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 8.00 11.06.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.07.2006 Trojan.Downloader.Small-2298[/B]
DrWeb 4.33 11.07.2006 no virus found
eTrust-InoculateIT 23.73.48 11.07.2006 no virus found
eTrust-Vet 30.3.3178 11.06.2006 no virus found
Ewido 4.0 11.07.2006 no virus found
Fortinet 2.82.0.0 11.07.2006 suspicious
F-Prot 3.16f 11.06.2006 no virus found
F-Prot4 4.2.1.29 11.06.2006 no virus found
[B]Ikarus 0.2.65.0 11.07.2006 Packer.byDwing[/B]
Kaspersky 4.0.2.24 11.07.2006 no virus found
[B]McAfee 4889 11.06.2006 Downloader-AWA[/B]
Microsoft 1.1609 11.07.2006 no virus found
[B]NOD32v2 1.1856 11.06.2006 a variant of Win32/TrojanDownloader.Delf.AJD[/B]
[B]Norman 5.80.02 11.06.2006 W32/Downloader[/B]
Panda 9.0.0.4 11.06.2006 Suspicious file
Sophos 4.10.0 10.26.2006 Mal/Packer
TheHacker 6.0.1.113 11.06.2006 no virus found
UNA 1.83 11.06.2006 no virus found
VBA32 3.11.1 11.06.2006 no virus found
VirusBuster 4.3.15:9 11.07.2006 no virus found

Aditional Information
File size: 11128 bytes
MD5: 3cd3df1938e5e2d4f52dc78d940db5b8
SHA1: b375aec7a1898b2f4351a775b50d65e4228a2882
packers: Upack
packers: UPACK
packers: UPack
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email][email protected][/email] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* **Locates window "NULL [class AVP.AlertDialog]" on desktop.
* File length: 11128 bytes.

[ Changes to filesystem ]
* Creates file C:WINDOWSTEMPcsrss.exe.

[ Changes to registry ]
* Sets value "m"="m" in key "HKCUSoftwareMicrosoftWindows".

[ Network services ]
* Looks for an Internet connection.
* Opens URL: h[I]tt[/I]p://www.xeseretuo.com/px1.eхe

[ Security issues ]
* Starting downloaded file - potential security problem.

[ Process/window information ]
* Modifies other process memory.
* Attemps to open C:WINDOWSTEMPcsrss.exe NULL.

Сейчас выловил из автозагрузки. Откуда взялось так и не понял...

[I]rundll32 C:\PROGRA~1\NewDotNet\newdotnet6_38.dll,NewDotNetStartup -s[/I]


Complete scanning result of "newdotnet6_38.rar", received in VirusTotal at 11.07.2006, 15:09:59 (CET).


Antivirus Version Update Result

[B]AntiVir 7.2.0.37 11.07.2006 ADSPY/NewDotNet.A.7[/B]
[B]Authentium 4.93.8 11.06.2006 no virus found
Avast 4.7.892.0 11.07.2006 Win32:Adware-gen.
AVG 386 11.07.2006 Adware Generic.ATT[/B]
[B]BitDefender 7.2 11.06.2006 Application.Adware.NewDotNet.B
CAT-QuickHeal 8.00 11.07.2006 AdvWare.NewDotNet
ClamAV devel-20060426 11.07.2006 Adware.NewDotNet.B[/B]
DrWeb 4.33 11.07.2006 no virus found
eTrust-InoculateIT 23.73.48 11.07.2006 no virus found
eTrust-Vet 30.3.3181 11.07.2006 no virus found
[B]Ewido 4.0 11.07.2006 Adware.NewDotNet
Fortinet 2.82.0.0 11.07.2006 Adware/Newdotnet[/B]
F-Prot 3.16f 11.06.2006 no virus found
F-Prot4 4.2.1.29 11.06.2006 no virus found
Ikarus 0.2.65.0 11.07.2006 no virus found
[B]Kaspersky 4.0.2.24 11.07.2006 not-a-virus:AdWare.Win32.NewDotNet
McAfee 4889 11.06.2006 potentially unwanted program NDotNet
Microsoft 1.1609 11.07.2006 NewDotNet (threat-c)[/B]
NOD32v2 1.1857 11.07.2006 no virus found
Norman 5.80.02 11.07.2006 no virus found
[B]Panda 9.0.0.4 11.06.2006 Spyware/New.net[/B]
[B]Sophos 4.11.0 11.07.2006 NewDotNet
TheHacker 6.0.1.113 11.06.2006 Aplicacion/NewDotnet
UNA 1.83 11.06.2006 Adware.NewDotNet.335A
VBA32 3.11.1 11.07.2006 Adware.NewDotNet
VirusBuster 4.3.15:9 11.07.2006 Adware.NewDotNet.F[/B]

Aditional Information
File size: 90079 bytes
MD5: 4bfef9ce6bdcd7e3180993802912ea59
SHA1: fe8c2e000fee70da6116ab76330fb632b5e5ac83
packers: embedded

Antivirus Version Update Result
AntiVir 7.2.0.39 11.08.2006 no virus found
Authentium 4.93.8 11.07.2006 no virus found
Avast 4.7.892.0 11.07.2006 no virus found
AVG 386 11.07.2006 no virus found
BitDefender 7.2 11.08.2006 no virus found
CAT-QuickHeal 8.00 11.07.2006 no virus found
ClamAV devel-20060426 11.08.2006 no virus found
DrWeb 4.33 11.08.2006 no virus found
eTrust-InoculateIT 23.73.49 11.08.2006 no virus found
eTrust-Vet 30.3.3182 11.08.2006 no virus found
Ewido 4.0 11.08.2006 no virus found
Fortinet 2.82.0.0 11.08.2006 no virus found
F-Prot 3.16f 11.07.2006 no virus found
F-Prot4 4.2.1.29 11.07.2006 no virus found
Ikarus 0.2.65.0 11.08.2006 no virus found
Kaspersky 4.0.2.24 11.08.2006 no virus found
McAfee 4890 11.07.2006 no virus found
Microsoft 1.1609 11.08.2006 no virus found
NOD32v2 1.1858 11.07.2006 no virus found
Norman 5.80.02 11.08.2006 W32/Malware
Panda 9.0.0.4 11.07.2006 Suspicious file
Sophos 4.11.0 11.07.2006 no virus found


Aditional Information
File size: 4234 bytes
MD5: 9de9cdbf3bdac48b9bbdc693079e8f0a
SHA1: 28f39847c99db5e076e61bc7ad0ea5cfb8acad43
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email][email protected][/email] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Attempts to run Visual Basic Script (VBS).
* File length: 4234 bytes.

[ Changes to filesystem ]
* Creates file C:WINDOWSTEMP.vbs.

[ Process/window information ]
* Attemps to open C:WINDOWSTEMP.vbs NULL.

Песочница рулит

Complete scanning result of "agysteo.rar", received in VirusTotal at 11.08.2006, 13:34:42 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.39 11.08.2006 TR/Agent.aad.2
Authentium 4.93.8 11.07.2006 no virus found
Avast 4.7.892.0 11.07.2006 no virus found
AVG 386 11.07.2006 no virus found
BitDefender 7.2 11.08.2006 no virus found
CAT-QuickHeal 8.00 11.07.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.08.2006 no virus found
DrWeb 4.33 11.08.2006 BACKDOOR.Trojan
eTrust-InoculateIT 23.73.49 11.08.2006 no virus found
eTrust-Vet 30.3.3182 11.08.2006 no virus found
Ewido 4.0 11.08.2006 Trojan.Agent.aad
Fortinet 2.82.0.0 11.08.2006 W32/Agent.AAD!tr
F-Prot 3.16f 11.07.2006 no virus found
F-Prot4 4.2.1.29 11.07.2006 generic
Ikarus 0.2.65.0 11.08.2006 no virus found
Kaspersky 4.0.2.24 11.08.2006 Trojan.Win32.Agent.aad
McAfee 4890 11.07.2006 no virus found
Microsoft 1.1609 11.08.2006 no virus found
NOD32v2 1.1858 11.07.2006 probably unknown NewHeur_PE virus
Norman 5.80.02 11.08.2006 no virus found
Panda 9.0.0.4 11.07.2006 Trj/Agysteo.A
Sophos 4.11.0 11.07.2006 no virus found
TheHacker 6.0.1.114 11.08.2006 Trojan/Agent.aad
UNA 1.83 11.07.2006 no virus found
VBA32 3.11.1 11.08.2006 suspected of Trojan-Downloader.Delf.43 (paranoid heuristics)
VirusBuster 4.3.15:9 11.07.2006 no virus found

Aditional Information
File size: 3921 bytes
MD5: f87156570913d35465ddea6f2dddfdeb
SHA1: 00228dddf8d8f4c15cd4a34ea42ae0aab1fcbd23
packers: PECOMPACT
packers: PecBundle, PECompact

Пришел сегодня файл со спамовой на Mail.ru расылкой [b]пью кофе.exe[/b] или [b]за столом.exe[/b]
Complete scanning result of "___1087", received in VirusTotal at 11.09.2006, 08:27:23 (CET).

[i]Antivirus Version Update Result[/i]
AntiVir 7.2.0.39 11.09.2006 TR/Dldr.Delf.awg.2
[COLOR="#ff0000"]Authentium 4.93.8 11.08.2006 no virus found[/COLOR]
Avast 4.7.892.0 11.07.2006 Win32:Delf-BSE
[COLOR="#ff0000"]AVG 386 11.08.2006 no virus found[/COLOR]
BitDefender 7.2 11.09.2006 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 8.00 11.08.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.09.2006 Trojan.Downloader.Small-2298
[COLOR="#ff0000"]DrWeb 4.33 11.08.2006 no virus found[/COLOR]
[COLOR="#ff0000"]eTrust-InoculateIT 23.73.50 11.09.2006 no virus found[/COLOR]
[COLOR="#ff0000"]eTrust-Vet 30.3.3184 11.09.2006 no virus found[/COLOR]
[COLOR="#ff0000"]Ewido 4.0 11.08.2006 no virus found[/COLOR]
Fortinet 2.82.0.0 11.09.2006 suspicious
[COLOR="#ff0000"]F-Prot 3.16f 11.08.2006 no virus found[/COLOR]
--------[COLOR="#ff0000"]F-Prot4 4.2.1.29 11.08.2006 no virus found[/COLOR]
Ikarus 0.2.65.0 11.09.2006 Packer.byDwing
Kaspersky 4.0.2.24 11.09.2006 Trojan-Downloader.Win32.Delf.awg
McAfee 4891 11.08.2006 Downloader-AWA
[COLOR="#ff0000"]Microsoft 1.1609 11.09.2006 no virus found[/COLOR]
NOD32v2 1.1859 11.08.2006 a variant of Win32/TrojanDownloader.Delf.AJD
Norman 5.80.02 11.08.2006 W32/Downloader
[i]Panda 9.0.0.4 11.08.2006 Suspicious file[/i]
Sophos 4.11.0 11.07.2006 Mal/Packer
[COLOR="#ff0000"]TheHacker 6.0.1.116 11.09.2006 no virus found[/COLOR]
[COLOR="#ff0000"]UNA 1.83 11.08.2006 no virus found[/COLOR]
[COLOR="#ff0000"]VBA32 3.11.1 11.08.2006 no virus found[/COLOR]
VirusBuster 4.3.15:9 11.08.2006 Trojan.DL.Delf.TZU

Aditional Information
File size: 11166 bytes
MD5: bc3fbbb394e6c75ad9ada7056beb5641
SHA1: 872bc3840d5e3055e928caea92eb4aac6f9834cd
packers: Upack
packers: UPACK
packers: UPack
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email][email protected][/email] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* **Locates window "NULL [class AVP.AlertDialog]" on desktop.
* File length: 11166 bytes.

[ Changes to filesystem ]
* Creates file C:WINDOWSTEMPcsrss.exe.

[ Changes to registry ]
* Sets value "m"="m" in key "HKCUSoftwareMicrosoftWindows".

[ Network services ]
* Looks for an Internet connection.
* Opens URL: h[I]tt[/I]p://www.xeseretuo.com/px1.exe.

[ Security issues ]
* Starting downloaded file - potential security problem.

[ Process/window information ]
* Modifies other process memory.
* Attemps to open C:WINDOWSTEMPcsrss.exe NULL.