-
Файл page.html получен 2009.06.09 08:19:58 (UTC)
Текущий статус: закончено
Результат: 10/40 (25.00%)
[CODE]Антивирус Версия Обновление Результат
[B]a-squared 4.5.0.18 2009.06.09 Trojan-Downloader.JS.Psyme.cv!IK*[/B]
AhnLab-V3 5.0.0.2 2009.06.09 -
AntiVir 7.9.0.180 2009.06.08 -
Antiy-AVL 2.0.3.1 2009.06.08 -
Authentium 5.1.2.4 2009.06.08 -
[B]Avast 4.8.1335.0 2009.06.08 JS:Redirector-Q[/B]
[B]AVG 8.5.0.339 2009.06.08 JS/Downloader.Agent[/B]
BitDefender 7.2 2009.06.09 -
CAT-QuickHeal 10.00 2009.06.09 -
ClamAV 0.94.1 2009.06.09 -
Comodo 1291 2009.06.09 -
[B]DrWeb 5.0.0.12182 2009.06.09 VBS.Psyme.377[/B]
eSafe 7.0.17.0 2009.06.07 -
eTrust-Vet 31.6.6548 2009.06.08 -
F-Prot 4.4.4.56 2009.06.08 -
F-Secure 8.0.14470.0 2009.06.09 -
Fortinet 3.117.0.0 2009.06.08 -
[B]GData 19 2009.06.09 JS:Redirector-Q [/B]
Ikarus T3.1.1.59.0 2009.06.09 -
K7AntiVirus 7.10.757 2009.06.08 -
Kaspersky 7.0.0.125 2009.06.09 -
[B]McAfee 5640 2009.06.08 JS/Wonka[/B]
[B]McAfee+Artemis 5640 2009.06.08 JS/Wonka[/B]
[B]McAfee-GW-Edition 6.7.6 2009.06.09 Exploit.HTML.Shellcode.gen (suspicious)[/B]
Microsoft 1.4701 2009.06.09 -
NOD32 4139 2009.06.08 -
Norman 6.01.09 2009.06.08 -
nProtect 2009.1.8.0 2009.06.09 -
Panda 10.0.0.14 2009.06.09 -
PCTools 4.4.2.0 2009.06.06 -
Prevx 3.0 2009.06.09 -
[B]Rising 21.33.11.00 2009.06.09 Hack.Exploit.Script.JS.ShellCode.k[/B]
[B]Sophos 4.42.0 2009.06.09 Mal/ObfJS-H[/B]
Sunbelt 3.2.1858.2 2009.06.09 -
Symantec 1.4.4.12 2009.06.09 -
TheHacker 6.3.4.3.342 2009.06.08 -
TrendMicro 8.950.0.1092 2009.06.09 -
VBA32 3.12.10.6 2009.06.08 -
ViRobot 2009.6.9.1774 2009.06.09 -
VirusBuster 4.6.5.0 2009.06.08 -[/CODE]
Дополнительная информация
File size: 100859 bytes
MD5 : 6b1cdd41e6bef098c4fd3cd6e88403e7
SHA1 : 09249ae71fbab37cc59a6bd218f9380347ea89c3
SHA256: 694d8a6a88440ffb0f692bc211e60374c6bed8cbd8322d06e7c271845304ab7b
TrID : File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
ssdeep: -
PEiD : -
RDS : NSRL Reference Data Set
-
На компьютере нет антивируса, но вирус, как проверил, ловился всеми почти кроме Ikarus. Это... значит пойман руками?
C:\windows\system32\explorer.exe
File EXPLORER.EXE received on 2009.06.09 09:57:27 (UTC)
Current status:Finished
Result: 39/40 (97.5%)
[B]a-squared 4.5.0.18 - Virus.Win32.VB.bu!IK
AhnLab-V3 5.0.0.2 - Win-Trojan/KorGameHack.36864.B[/B]
A[B]ntiVir 7.9.0.180 - W32/VB.BU
Antiy-AVL 2.0.3.1 - Virus/Win32.VB
Authentium 5.1.2.4 - W32/Legendmir.CTS
Avast 4.8.1335.0 - Win32:detnat-AX
AVG 8.5.0.339 - Generic2.FRK
BitDefender 7.2 - Trojan.PWS.OnlineGames.WJP
CAT-QuickHeal 10.00 - Worm.VB.bu
ClamAV 0.94.1 - Trojan.VB-420
Comodo 1291 - Worm.Win32.VB.NHZ
DrWeb 5.0.0.12182 - BackDoor.Generic.1451
eSafe 7.0.17.0 - Virus.Win32.VB.bu
eTrust-Vet 31.6.6549 - Win32/Jampork.D
F-Prot 4.4.4.56 - W32/Legendmir.CTS
F-Secure 8.0.14470.0 - Virus.Win32.VB.bu
Fortinet 3.117.0.0 - W32/VB.BU!tr
GData 19 - Trojan.PWS.OnlineGames.WJP[/B]
IkarusT3.1.1.59.0 -
[B]K7AntiVirus 7.10.757 - Worm.Win32.VB
Kaspersky 7.0.0.125 - Virus.Win32.VB.bu
McAfee 5640 - Generic PWS.g
McAfee+Artemis 5640 - Generic PWS.g
McAfee-GW-Edition 6.7.6 - Win32.VB.BU
Microsoft 1.4701 - Virus:Win32/VB.BU
NOD32 4140 - Win32/VB.NHZ
Norman 6.01.09 - W32/VBTroj.DVG
nProtect 2009.1.8.0 - Trojan/W32.Agent.36864.R
Panda 10.0.0.14 - Trj/Gamania.HL
PCTools 4.4.2.0 - Worm.AutoRun.J
Prevx 3.0 - Medium Risk Malware
Rising 21.33.12.00 - Trojan.Win32.VB.zrd
Sophos 4.42.0 - Troj/Gampass-A
Sunbelt 3.2.1858.2 - Infostealer.Lineage
Symantec 1.4.4.12 - Infostealer.Lineage
TheHacker 6.3.4.3.342 - Trojan/VB.atv
TrendMicro 8.950.0.1092 - WORM_VB.DVP
VBA32 3.12.10.6 - Win32.VB.NHZ
ViRobot 2009.6.9.1774 - Trojan.Win32.PSWKGame.36864
VirusBuster 4.6.5.0 - Worm.AutoRun.J
[/B]
Additional information
File size: 36864 bytes
MD5...: 1eb40158ddee938b5e40af9e66c3e1b7
SHA1..: 651768e6150e44ba75759ea0a3e9e5ac2bbd16f8
SHA256: ad6e57c05bcdd11afde9d328fbff56cbdcdf27de70adf027912689d7744906e1
TrID..: File type identification
Win32 Executable Microsoft Visual Basic 6 (86.2%)
Win32 Executable Generic (5.8%)
Win32 Dynamic Link Library (generic) (5.1%)
Generic Win/DOS Executable (1.3%)
DOS Executable Generic (1.3%)
P.S. Такое творится в новом, самом большом роддоме в Европе который рядом со мной построили
[[color=#CC0000]moderated[/color]][QUOTE]Т.е. которых не видел установленный на компютере антивирус.[/QUOTE]
Это не относится к тестированию антивирусов, это разгильдяйство...
-
[QUOTE]Последний раз редактировалось Shu_b; Сегодня в 12:12 Причина: вне зачёта... [/QUOTE]
Вах :)
Хорошо что тут есть сподвижники, а то там куда иногда хожу одни неадекваты
-
Файл Jimm2009.jar получен 2009.06.12 19:30:29 (UTC)
Текущий статус: закончено
Результат: 10/39 (25.65%)
[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.12 -
AhnLab-V3 5.0.0.2 2009.06.12 -
AntiVir 7.9.0.187 2009.06.12 -
[B]Antiy-AVL 2.0.3.1 2009.06.12 Trojan/J2ME.Swapi[/B]
Authentium 5.1.2.4 2009.06.12 -
[B]Avast 4.8.1335.0 2009.06.12 Other:Malware-gen
AVG 8.5.0.339 2009.06.12 Java/Swapi[/B]
BitDefender 7.2 2009.06.12 -
CAT-QuickHeal 10.00 2009.06.12 -
ClamAV 0.94.1 2009.06.12 -
[B]Comodo 1322 2009.06.12 TrojWare.J2ME.SMS.Swapi.n
DrWeb 5.0.0.12182 2009.06.12 Java.SmsFlood[/B]
eSafe 7.0.17.0 2009.06.11 -
eTrust-Vet 31.6.6555 2009.06.12 -
F-Prot 4.4.4.56 2009.06.12 -
[B]F-Secure 8.0.14470.0 2009.06.12 Trojan-SMS.J2ME.Swapi.n
Fortinet 3.117.0.0 2009.06.12 Java/Swapi.N!tr
GData 19 2009.06.12 Other:Malware-gen
Ikarus T3.1.1.59.0 2009.06.12 Trojan-SMS[/B]
K7AntiVirus 7.10.762 2009.06.12 -
[B]Kaspersky 7.0.0.125 2009.06.12 Trojan-SMS.J2ME.Swapi.n[/B]
McAfee 5644 2009.06.12 -
McAfee+Artemis 5644 2009.06.12 -
Microsoft 1.4701 2009.06.12 -
NOD32 4151 2009.06.12 -
Norman 6.01.09 2009.06.12 -
nProtect 2009.1.8.0 2009.06.12 -
Panda 10.0.0.14 2009.06.12 -
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.12 -
Rising 21.33.44.00 2009.06.12 -
Sophos 4.42.0 2009.06.12 -
Sunbelt 3.2.1858.2 2009.06.12 -
Symantec 1.4.4.12 2009.06.12 -
TheHacker 6.3.4.3.344 2009.06.11 -
TrendMicro 8.950.0.1092 2009.06.12 -
VBA32 3.12.10.7 2009.06.12 -
ViRobot 2009.6.12.1783 2009.06.12 -
VirusBuster 4.6.5.0 2009.06.12 -[/QUOTE]
Дополнительная информация
File size: 135727 bytes
MD5...: 7d79377f1762699a9ca742b9228c47fc
SHA1..: 104f318995681d842b2967f866375bbe93db9b03
SHA256: bdb3d1dd263064aa54790372927077abaf131f5e45cb003b1ad7a7b919d32d76
ssdeep: -
PEiD..: -
TrID..: File type identification
Java Archive (78.2%)
ZIP compressed archive (21.5%)
Sybase iAnywhere database files (0.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
Файл nazvanie.jar получен 2009.06.12 19:26:44 (UTC)
Текущий статус: закончено
Результат: 13/39 (33.34%)
[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.12 -
AhnLab-V3 5.0.0.2 2009.06.12 -
[B]AntiVir 7.9.0.187 2009.06.12 JAVA/Boxer.1
Antiy-AVL 2.0.3.1 2009.06.12 Trojan/J2ME.Boxer[/B]
Authentium 5.1.2.4 2009.06.12 -
[B]Avast 4.8.1335.0 2009.06.12 Other:Malware-gen
AVG 8.5.0.339 2009.06.12 Java/SMS.C[/B]
BitDefender 7.2 2009.06.12 -
CAT-QuickHeal 10.00 2009.06.12 -
ClamAV 0.94.1 2009.06.12 -
[B]Comodo 1322 2009.06.12 Unclassified Malware
DrWeb 5.0.0.12182 2009.06.12 Java.SMSSend.4[/B]1
eSafe 7.0.17.0 2009.06.11 -
eTrust-Vet 31.6.6555 2009.06.12 -
F-Prot 4.4.4.56 2009.06.12 -
[B]F-Secure 8.0.14470.0 2009.06.12 Trojan-SMS.J2ME.Boxer.i[/B]
Fortinet 3.117.0.0 2009.06.12 -
[B]GData 19 2009.06.12 Other:Malware-gen
Ikarus T3.1.1.59.0 2009.06.12 Trojan-SMS[/B]
K7AntiVirus 7.10.762 2009.06.12 -
[B]Kaspersky 7.0.0.125 2009.06.12 Trojan-SMS.J2ME.Boxer.i[/B]
McAfee 5644 2009.06.12 -
McAfee+Artemis 5644 2009.06.12 -
[B]Microsoft 1.4701 2009.06.12 Trojan:Java/Boxer.A[/B]
NOD32 4151 2009.06.12 -
Norman 6.01.09 2009.06.12 -
nProtect 2009.1.8.0 2009.06.12 -
Panda 10.0.0.14 2009.06.12 -
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.12 -
Rising 21.33.44.00 2009.06.12 -
Sophos 4.42.0 2009.06.12 -
Sunbelt 3.2.1858.2 2009.06.12 -
[B]Symantec 1.4.4.12 2009.06.12 Trojan Horse[/B]
TheHacker 6.3.4.3.344 2009.06.11 -
[B]TrendMicro 8.950.0.1092 2009.06.12 TROJ_BOXER.B[/B]
VBA32 3.12.10.7 2009.06.12 -
ViRobot 2009.6.12.1783 2009.06.12 -
VirusBuster 4.6.5.0 2009.06.12 -[/QUOTE]
Дополнительная информация
File size: 17383 bytes
MD5...: dc617d7a363fb020e7eeb102a9362b9a
SHA1..: ce5f7557876c5dd89a556dc670340cb4aad54df6
SHA256: 2b8cc58e9228189f91e40fba7d25f80ada0887247b62ea22a23c1ef4a9c3fcd6
ssdeep: -
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Прислали в ICQ с просьбой познакомиться и если есть желание сразу фотку посмотреть. Мой KIS промолчал, базы от 14.06.2009, вижу что за 15.06 уже детект есть.
File foto.jar received on 2009.06.15 03:53:24 (UTC)
Result: 7/39 (17.95%)
[CODE][B]Antivirus Version Last Update Result[/B]
a-squared 4.5.0.18 2009.06.15 -
AhnLab-V3 5.0.0.2 2009.06.14 -
AntiVir 7.9.0.187 2009.06.14 -
[B]Antiy-AVL 2.0.3.1 2009.06.12 Trojan/J2ME.Boxer[/B]
Authentium 5.1.2.4 2009.06.14 -
Avast 4.8.1335.0 2009.06.14 -
[B]AVG 8.5.0.339 2009.06.14 Java/SMS.B[/B]
BitDefender 7.2 2009.06.15 -
CAT-QuickHeal 10.00 2009.06.15 -
ClamAV 0.94.1 2009.06.15 -
[B]Comodo 1331 2009.06.15 TrojWare.J2ME.SMS.Boxer.g[/B]
[B]DrWeb 5.0.0.12182 2009.06.15 Java.SMSSend.36[/B]
eSafe 7.0.17.0 2009.06.11 -
eTrust-Vet 31.6.6556 2009.06.12 -
F-Prot 4.4.4.56 2009.06.14 -
[B]F-Secure 8.0.14470.0 2009.06.15 Trojan-SMS.J2ME.Boxer.g[/B]
Fortinet 3.117.0.0 2009.06.15 -
GData 19 2009.06.15 -
[B]Ikarus T3.1.1.59.0 2009.06.15 Trojan-SMS[/B]
K7AntiVirus 7.10.762 2009.06.12 -
[B]Kaspersky 7.0.0.125 2009.06.15 Trojan-SMS.J2ME.Boxer.g[/B]
McAfee 5646 2009.06.14 -
McAfee+Artemis 5646 2009.06.14 -
Microsoft 1.4701 2009.06.14 -
NOD32 4153 2009.06.14 -
Norman 6.01.09 2009.06.12 -
nProtect 2009.1.8.0 2009.06.14 -
Panda 10.0.0.14 2009.06.14 -
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.15 -
Rising 21.34.00.00 2009.06.15 -
Sophos 4.42.0 2009.06.15 -
Sunbelt 3.2.1858.2 2009.06.14 -
Symantec 1.4.4.12 2009.06.15 -
TheHacker 6.3.4.3.345 2009.06.13 -
TrendMicro 8.950.0.1092 2009.06.15 -
VBA32 3.12.10.7 2009.06.14 -
ViRobot 2009.6.15.1786 2009.06.15 -
VirusBuster 4.6.5.0 2009.06.14 -[/CODE]
Additional information
File size: 15921 bytes
MD5...: a377419041614e0042d0d27cfc3dd54c
SHA1..: f3fc9cbf527b4f48ec62954a36a27591cee4f5a6
SHA256: c0377103f1454c29a0e381d9d7b338dfd47fda0e705c33bd754b5864e313f15b
ssdeep: -
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Файл jimm_2010.jar получен 2009.06.15 11:50:57 (UTC)
[CODE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.15 -
AhnLab-V3 5.0.0.2 2009.06.15 -
[B] AntiVir 7.9.0.187 2009.06.15 JAVA/SMS.Konov.J
Antiy-AVL 2.0.3.1 2009.06.15 Trojan/J2ME.Konov[/B]
Authentium 5.1.2.4 2009.06.14 -
Avast 4.8.1335.0 2009.06.14 -
AVG 8.5.0.339 2009.06.15 -
BitDefender 7.2 2009.06.15 -
CAT-QuickHeal 10.00 2009.06.15 -
ClamAV 0.94.1 2009.06.15 -
Comodo 1335 2009.06.15 -
DrWeb 5.0.0.12182 2009.06.15 -
eSafe 7.0.17.0 2009.06.11 -
eTrust-Vet 31.6.6556 2009.06.12 -
F-Prot 4.4.4.56 2009.06.14 -
[B] F-Secure 8.0.14470.0 2009.06.15 Trojan-SMS.J2ME.Konov.j[/B]
Fortinet 3.117.0.0 2009.06.15 -
GData 19 2009.06.15 -
[B] Ikarus T3.1.1.59.0 2009.06.15 Trojan-SMS[/B]
Jiangmin 11.0.706 2009.06.15 -
K7AntiVirus 7.10.762 2009.06.12 -
[B] Kaspersky 7.0.0.125 2009.06.15 Trojan-SMS.J2ME.Konov.j[/B]
McAfee 5646 2009.06.14 -
McAfee+Artemis 5646 2009.06.14 -
[B] McAfee-GW-Edition 6.7.6 2009.06.15 Java.SMS.Konov.J[/B]
Microsoft 1.4701 2009.06.15 -
NOD32 4154 2009.06.15 -
Norman 6.01.09 2009.06.12 -
nProtect 2009.1.8.0 2009.06.15 -
Panda 10.0.0.14 2009.06.14 -
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.15 -
Rising 21.34.03.00 2009.06.15 -
Sophos 4.42.0 2009.06.15 -
Sunbelt 3.2.1858.2 2009.06.14 -
Symantec 1.4.4.12 2009.06.15 -
TheHacker 6.3.4.3.345 2009.06.13 -
TrendMicro 8.950.0.1092 2009.06.15 -
VBA32 3.12.10.7 2009.06.14 -
ViRobot 2009.6.15.1787 2009.06.15 -
[/CODE] Дополнительная информация
File size: 4559 bytes
MD5...: 3f8f3882c10fed6214761516477234bd
SHA1..: b962085f5636b89d014aa117cefc8f410719766e
SHA256: c378f380bb5ad7fdf1666311e32a8c3a83d00667b1cff14d506d7ad1c1be71a3
ssdeep: -<BR>
PEiD..: -
TrID..: File type identification<BR>Java Archive (78.3%)<BR>ZIP compressed archive (21.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<BR>-
-
Файл foto32.scr получен 2009.06.15 18:13:29 (UTC)
Текущий статус: закончено
Результат: 8/40 (20%)
[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.15 -
AhnLab-V3 5.0.0.2 2009.06.15 -
AntiVir 7.9.0.187 2009.06.15 -
Antiy-AVL 2.0.3.1 2009.06.15 -
Authentium 5.1.2.4 2009.06.15 -
Avast 4.8.1335.0 2009.06.15 -
[B]AVG 8.5.0.339 2009.06.15 Win32/Cryptor[/B]
BitDefender 7.2 2009.06.15 -
CAT-QuickHeal 10.00 2009.06.15 -
ClamAV 0.94.1 2009.06.15 -
Comodo 1337 2009.06.15 -
DrWeb 5.0.0.12182 2009.06.15 -
eSafe 7.0.17.0 2009.06.15 -
eTrust-Vet 31.6.6560 2009.06.15 -
F-Prot 4.4.4.56 2009.06.15 -
F-Secure 8.0.14470.0 2009.06.15 -
Fortinet 3.117.0.0 2009.06.15 -
GData 19 2009.06.15 -
Ikarus T3.1.1.59.0 2009.06.15 -
Jiangmin 11.0.706 2009.06.15 -
K7AntiVirus 7.10.762 2009.06.12 -
Kaspersky 7.0.0.125 2009.06.15 -
McAfee 5647 2009.06.15 -
[B]McAfee+Artemis 5647 2009.06.15 Artemis!169E0A8FF6F8
McAfee-GW-Edition 6.7.6 2009.06.15 Win32.Malware.gen (suspicious)
Microsoft 1.4701 2009.06.15 VirTool:Win32/Obfuscator.FL[/B]
NOD32 4156 2009.06.15 -
Norman 6.01.09 2009.06.15 -
nProtect 2009.1.8.0 2009.06.15 -
Panda 10.0.0.14 2009.06.15 -
PCTools 4.4.2.0 2009.06.12 -
[B]Prevx 3.0 2009.06.15 High Risk Worm
Rising 21.34.04.00 2009.06.15 Packer.Win32.UnkPacker.a [Suspicious][/B]
Sophos 4.42.0 2009.06.15 -
Sunbelt 3.2.1858.2 2009.06.15 -
Symantec 1.4.4.12 2009.06.15 -
TheHacker 6.3.4.3.345 2009.06.15 -
[B]TrendMicro 8.950.0.1092 2009.06.15 PAK_Generic.001
VBA32 3.12.10.7 2009.06.14 Malware-Cryptor.Win32.Vals.3[/B]
ViRobot 2009.6.15.1787 2009.06.15 -[/QUOTE]
Дополнительная информация
File size: 130560 bytes
MD5...: 169e0a8ff6f8b45867895920175ff750
SHA1..: c0a41237b693ebb1932374e9da2d80fb8386549e
SHA256: 2b1120be498560d7670b20227f7b8b8269c7343c83b5052e011d17be50b58840
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.3%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
-
"История болезни" - [url]http://virusinfo.info/showthread.php?t=47970[/url]
[B]C:\WINDOWS\system32\drivers\jcnpuznxjmabh.sys[/B]
Файл avz00002.dta получен 2009.06.16 08:52:44 (UTC)
[QUOTE]Антивирус Версия Обновление Результат
[B]a-squared 4.5.0.18 2009.06.16 Backdoor.Winnt!IK [/B]
AhnLab-V3 5.0.0.2 2009.06.16 -
AntiVir 7.9.0.187 2009.06.16 -
Antiy-AVL 2.0.3.1 2009.06.15 -
Authentium 5.1.2.4 2009.06.15 -
Avast 4.8.1335.0 2009.06.15 -
AVG 8.5.0.339 2009.06.15 -
BitDefender 7.2 2009.06.16 -
CAT-QuickHeal 10.00 2009.06.16 -
ClamAV 0.94.1 2009.06.16 -
Comodo 1340 2009.06.16 -
DrWeb 5.0.0.12182 2009.06.16 -
[B]eSafe 7.0.17.0 2009.06.15 Win32.BackdoorWinNTR [/B]
eTrust-Vet 31.6.6560 2009.06.15 -
F-Prot 4.4.4.56 2009.06.15 -
F-Secure 8.0.14470.0 2009.06.16 -
Fortinet 3.117.0.0 2009.06.16 -
GData 19 2009.06.16 -
[B]Ikarus T3.1.1.59.0 2009.06.16 Backdoor.Winnt [/B]
Jiangmin 11.0.706 2009.06.16 -
K7AntiVirus 7.10.762 2009.06.12 -
Kaspersky 7.0.0.125 2009.06.16 -
McAfee 5647 2009.06.15 -
[B]McAfee+Artemis 5647 2009.06.15 Artemis!5157F9FBB58B [/B]
McAfee-GW-Edition 6.7.6 2009.06.16 -
[B]Microsoft 1.4701 2009.06.16 Backdoor:WinNT/Rustock.gen!B [/B]
[B]NOD32 4158 2009.06.16 Win32/Rootkit.Agent.NMR [/B]
Norman 6.01.09 2009.06.15 -
nProtect 2009.1.8.0 2009.06.16 -
[B]Panda 10.0.0.14 2009.06.15 Suspicious file [/B]
PCTools 4.4.2.0 2009.06.12 -
[B]Prevx 3.0 2009.06.16 Medium Risk Malware [/B]
Rising 21.34.11.00 2009.06.16 -
Sophos 4.42.0 2009.06.16 -
Sunbelt 3.2.1858.2 2009.06.16 -
Symantec 1.4.4.12 2009.06.16 -
TheHacker 6.3.4.3.345 2009.06.15 -
TrendMicro 8.950.0.1094 2009.06.16 -
[B]VBA32 3.12.10.7 2009.06.16 Win32.Rootkit.Agent.NMR [/B]
ViRobot 2009.6.16.1788 2009.06.16 -
VirusBuster 4.6.5.0 2009.06.15 -[/QUOTE]
-
Сидел у пользователя в автозагрузке, KIS молчал и лишь изредка что то шептала проактивка, правда сетевой экран стоял на "Разрешать всё")))
File ______.exe received on 2009.06.16 10:26:13 (UTC)
[CODE][B]Antivirus Version Last Update Result[/B]
[B]a-squared 4.5.0.18 2009.06.16 Trojan-Dropper.Cutwail!IK
AhnLab-V3 5.0.0.2 2009.06.16 Win-Trojan/Downloader.21090.B
AntiVir 7.9.0.187 2009.06.16 TR/Drop.Cutwail.EI[/B]
Antiy-AVL 2.0.3.1 2009.06.16 -
Authentium 5.1.2.4 2009.06.15 -
Avast 4.8.1335.0 2009.06.15 -
[B]AVG 8.5.0.339 2009.06.15 Win32/Cryptor
BitDefender 7.2 2009.06.16 Trojan.Dropper.Cutwail.EI[/B]
CAT-QuickHeal 10.00 2009.06.16 -
ClamAV 0.94.1 2009.06.16 -
Comodo 1341 2009.06.16 -
DrWeb 5.0.0.12182 2009.06.16 -
eSafe 7.0.17.0 2009.06.15 -
eTrust-Vet 31.6.6560 2009.06.15 -
F-Prot 4.4.4.56 2009.06.15 -
F-Secure 8.0.14470.0 2009.06.16 -
Fortinet 3.117.0.0 2009.06.16 -
[B]GData 19 2009.06.16 Trojan.Dropper.Cutwail.EI
Ikarus T3.1.1.59.0 2009.06.16 Trojan-Dropper.Cutwail[/B]
Jiangmin 11.0.706 2009.06.16 -
K7AntiVirus 7.10.762 2009.06.12 -
Kaspersky 7.0.0.125 2009.06.16 -
[B]McAfee 5647 2009.06.15 Cutwail
McAfee+Artemis 5647 2009.06.15 Cutwail
McAfee-GW-Edition 6.7.6 2009.06.16 Trojan.Drop.Cutwail.EI
Microsoft 1.4701 2009.06.16 TrojanDownloader:Win32/Cutwail.AI
NOD32 4158 2009.06.16 a variant of Win32/Wigon.LC[/B]
Norman 6.01.09 2009.06.15 -
[B]nProtect 2009.1.8.0 2009.06.16 Trojan/W32.Agent.21090.B[/B]
Panda 10.0.0.14 2009.06.16 -
PCTools 4.4.2.0 2009.06.12 -
[B]Prevx 3.0 2009.06.16 Medium Risk Malware[/B]
Rising 21.34.11.00 2009.06.16 -
[B]Sophos 4.42.0 2009.06.16 Mal/Generic-A[/B]
Sunbelt 3.2.1858.2 2009.06.16 -
Symantec 1.4.4.12 2009.06.16 -
TheHacker 6.3.4.3.345 2009.06.15 -
TrendMicro 8.950.0.1094 2009.06.16 -
VBA32 3.12.10.7 2009.06.16 -
ViRobot 2009.6.16.1789 2009.06.16 -
VirusBuster 4.6.5.0 2009.06.15 -[/CODE]
Additional information
File size: 21090 bytes
MD5...: 6d3589c7dc8968123c8c6127ff7af184
SHA1..: 85cb6467212ab1cf8e663053ea8b3ad05d17a633
SHA256: a78e1cb2de5a48ab9ddc89f30b949efa0b05255558b7c757179e5eff178ba8ce
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10d4
timedatestamp.....: 0x4a32c5a3 (Fri Jun 12 21:16:19 2009)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7d6 0x7da 6.22 b2ea1bb19a9e7a910a937c3538e65190
.data 0x2000 0x4c4 0x4c6 4.71 c704989cf0d5b5927788a65f2198dcbc
.rsrc 0x3000 0x4260 0x4262 7.98 7aafd7651f89f01bc9e36fed04684272
( 2 imports )
> KERNEL32.dll: CloseHandle, CreateFileA, ExitProcess, GetModuleFileNameA, GetModuleHandleA, GetSystemInfo, GetVersionExA, LocalAlloc, ReadFile, Sleep
> USER32.dll: BeginPaint, BlockInput, CharLowerA, CharUpperA, CloseWindowStation, CreateDialogParamA, CreateWindowExA, DefWindowProcA, DispatchMessageA, EndDialog, EndPaint, FindWindowA, FlashWindow, GetAsyncKeyState, GetClassInfoExA, GetMessageA, GetProcessWindowStation, GetTopWindow, MessageBoxA, OpenWindowStationA, RegisterWindowMessageA, SetDlgItemInt, SetFocus, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
А это видимо один из файлов, которые он уже накачал на комп (сидел во временной папке пользователя)
File BN3.tmp received on 2009.06.16 10:26:41 (UTC)
[CODE][B]Antivirus Version Last Update Result[/B]
[B]a-squared 4.5.0.18 2009.06.16 Trojan-Dropper.Kobcka!IK
AhnLab-V3 5.0.0.2 2009.06.16 Win-Trojan/Agent.32629
AntiVir 7.9.0.187 2009.06.16 TR/Drop.Cutwail.DF[/B]
Antiy-AVL 2.0.3.1 2009.06.16 -
Authentium 5.1.2.4 2009.06.15 -
[B]Avast 4.8.1335.0 2009.06.15 Win32:Cutwail-T[/B]
[B]AVG 8.5.0.339 2009.06.15 Win32/Cryptor
BitDefender 7.2 2009.06.16 Trojan.Dropper.Cutwail.DF[/B]
CAT-QuickHeal 10.00 2009.06.16 -
ClamAV 0.94.1 2009.06.16 -
Comodo 1341 2009.06.16 -
[B]DrWeb 5.0.0.12182 2009.06.16 Trojan.DownLoad.38459[/B]
eSafe 7.0.17.0 2009.06.15 -
eTrust-Vet 31.6.6560 2009.06.15 -
F-Prot 4.4.4.56 2009.06.15 -
F-Secure 8.0.14470.0 2009.06.16 -
Fortinet 3.117.0.0 2009.06.16 -
[B]GData 19 2009.06.16 Trojan.Dropper.Cutwail.DF
Ikarus T3.1.1.59.0 2009.06.16 Trojan-Dropper.Kobcka[/B]
Jiangmin 11.0.706 2009.06.16 -
K7AntiVirus 7.10.762 2009.06.12 -
Kaspersky 7.0.0.125 2009.06.16 -
McAfee 5647 2009.06.15 Cutwail
[B]McAfee+Artemis 5647 2009.06.15 Cutwail
McAfee-GW-Edition 6.7.6 2009.06.16 Win32.NewMalware.HF[/B]
Microsoft 1.4701 2009.06.16 -
[B]NOD32 4158 2009.06.16 a variant of Win32/Wigon.LC[/B]
Norman 6.01.09 2009.06.15 -
[B]nProtect 2009.1.8.0 2009.06.16 Trojan/W32.Agent.32629[/B]
Panda 10.0.0.14 2009.06.16 -
PCTools 4.4.2.0 2009.06.12 -
[B]Prevx 3.0 2009.06.16 High Risk Cloaked Malware[/B]
Rising 21.34.11.00 2009.06.16 -
[B]Sophos 4.42.0 2009.06.16 Mal/Generic-A[/B]
Sunbelt 3.2.1858.2 2009.06.16 -
Symantec 1.4.4.12 2009.06.16 -
TheHacker 6.3.4.3.345 2009.06.15 -
TrendMicro 8.950.0.1094 2009.06.16 -
VBA32 3.12.10.7 2009.06.16 -
ViRobot 2009.6.16.1789 2009.06.16 -[/CODE]
Additional information
File size: 32629 bytes
MD5...: 1b4fbaed15a32ef6c2907a1f916373c4
SHA1..: 0374f78bfebf09b6ae9ddc8f9673241c44493fe8
SHA256: fc497c3f409af5d63340c82a4e58ac3e6f653be8b50aad5494b20c890499122b
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10d4
timedatestamp.....: 0x4a2e5aff (Tue Jun 09 12:52:15 2009)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x76a 0x76e 6.27 e3bf8a4721be2fc8406165504b4ae02b
.data 0x2000 0x43e 0x440 4.57 029bb8a75438155af08de3b36a7ab371
.rsrc 0x3000 0x6f78 0x6f75 7.99 cc41339d8c9cd636097379d17d548acf
( 2 imports )
> KERNEL32.dll: GetModuleHandleA, GetSystemInfo, GetVersionExA, LocalAlloc, Sleep, ExitProcess
> USER32.dll: BeginPaint, BlockInput, CharLowerA, CharUpperA, CloseWindowStation, CreateDialogParamA, CreateWindowExA, DispatchMessageA, EndDialog, EndPaint, FindWindowA, FlashWindow, GetAsyncKeyState, GetClassInfoExA, GetProcessWindowStation, GetTopWindow, MessageBoxA, OpenWindowStationA, RegisterWindowMessageA, SetDlgItemInt, SetFocus, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
-
[QUOTE=ISO;417750]
А это видимо один из файлов, которые он уже накачал на комп (сидел во временной папке пользователя)
[/QUOTE]
Скорее защитно-нагрузочный модуль этого же троя...
[CODE]Файл 8358902Anonim_SMS.jar получен 2009.06.16 17:21:39 (UTC)
Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.16 -
AhnLab-V3 5.0.0.2 2009.06.16 -
AntiVir 7.9.0.187 2009.06.16 -
Antiy-AVL 2.0.3.1 2009.06.16 -
Authentium 5.1.2.4 2009.06.16 -
Avast 4.8.1335.0 2009.06.15 -
AVG 8.5.0.339 2009.06.16 -
BitDefender 7.2 2009.06.16 -
CAT-QuickHeal 10.00 2009.06.16 -
ClamAV 0.94.1 2009.06.16 -
Comodo 1341 2009.06.16 -
DrWeb 5.0.0.12182 2009.06.16 -
eSafe 7.0.17.0 2009.06.16 -
eTrust-Vet 31.6.6563 2009.06.16 -
F-Prot 4.4.4.56 2009.06.15 -
[B]F-Secure 8.0.14470.0 2009.06.16 Trojan-SMS.J2ME.Swapi.e[/B]
Fortinet 3.117.0.0 2009.06.16 -
GData 19 2009.06.16 -
[B]Ikarus T3.1.1.59.0 2009.06.16 Trojan-SMS[/B]
Jiangmin 11.0.706 2009.06.16 -
K7AntiVirus 7.10.765 2009.06.16 -
[B]Kaspersky 7.0.0.125 2009.06.16 Trojan-SMS.J2ME.Swapi.e[/B]
McAfee 5648 2009.06.16 -
McAfee+Artemis 5648 2009.06.16 -
McAfee-GW-Edition 6.7.6 2009.06.16 -
[B]Microsoft 1.4701 2009.06.16 Trojan:Java/Swapi.D[/B]
NOD32 4160 2009.06.16 -
Norman 6.01.09 2009.06.16 -
nProtect 2009.1.8.0 2009.06.16 -
Panda 10.0.0.14 2009.06.16 -
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.16 -
Rising 21.34.13.00 2009.06.16 -
Sophos 4.42.0 2009.06.16 -
Sunbelt 3.2.1858.2 2009.06.16 -
Symantec 1.4.4.12 2009.06.16 -
TheHacker 6.3.4.3.345 2009.06.15 -
TrendMicro 8.950.0.1094 2009.06.16 -
VBA32 3.12.10.7 2009.06.16 -
ViRobot 2009.6.16.1789 2009.06.16 -
VirusBuster 4.6.5.0 2009.06.16 -
[/CODE]
Дополнительная информация
File size: 2611 bytes
MD5...: 09a1965eb43cda5da481f457247e749f
SHA1..: d7bf7fc7735e5a84e63319c330adb94814fd71eb
SHA256: 8d92b41a86a05c52b2392f6e0a39b7c3e77d22ee4443b56c538552beea25618d
ssdeep: -<br>
PEiD..: -
TrID..: File type identification<br>Java Archive (78.3%)<br>ZIP compressed archive (21.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
ЗЫ. Как уже достали эти смс-трои..
-
Файл 111 получен 2009.06.17 07:38:58 (UTC)
Текущий статус: закончено
Результат: 8/41 (19.52%)
[QUOTE]Антивирус Версия Обновление Результат
[B]a-squared 4.5.0.18 2009.06.17 Virus.JS.Decdec.A!IK[/B]
AhnLab-V3 5.0.0.2 2009.06.17 -
[B]AntiVir 7.9.0.187 2009.06.17 HTML/Crypted.Gen[/B]
Antiy-AVL 2.0.3.1 2009.06.16 -
Authentium 5.1.2.4 2009.06.16 -
Avast 4.8.1335.0 2009.06.16 -
AVG 8.5.0.339 2009.06.17 -
BitDefender 7.2 2009.06.17 -
CAT-QuickHeal 10.00 2009.06.17 -
ClamAV 0.94.1 2009.06.17 -
[B]Comodo 1348 2009.06.17 Unclassified Malware[/B]
DrWeb 5.0.0.12182 2009.06.17 -
eSafe 7.0.17.0 2009.06.16 -
eTrust-Vet 31.6.6564 2009.06.17 -
F-Prot 4.4.4.56 2009.06.16 -
F-Secure 8.0.14470.0 2009.06.17 -
Fortinet 3.117.0.0 2009.06.17 -
GData 19 2009.06.17 -
[B]Ikarus T3.1.1.59.0 2009.06.17 Virus.JS.Decdec.A[/B]
Jiangmin 11.0.706 2009.06.17 -
K7AntiVirus 7.10.765 2009.06.16 -
Kaspersky 7.0.0.125 2009.06.17 -
[B]McAfee 5648 2009.06.16 Exploit-IFrame.gen.c
McAfee+Artemis 5648 2009.06.16 Exploit-IFrame.gen.c
McAfee-GW-Edition 6.7.6 2009.06.17 Heuristic.Script.Crypted[/B]
Microsoft 1.4701 2009.06.17 -
NOD32 4160 2009.06.16 -
Norman 6.01.09 2009.06.16 -
nProtect 2009.1.8.0 2009.06.17 -
Panda 10.0.0.14 2009.06.16 -
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.17 -
Rising 21.34.21.00 2009.06.17 -
[B]Sophos 4.42.0 2009.06.17 Troj/Decdec-A[/B]
Sunbelt 3.2.1858.2 2009.06.17 -
Symantec 1.4.4.12 2009.06.17 -
TheHacker 6.3.4.3.347 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.17 -
VBA32 3.12.10.7 2009.06.17 -
ViRobot 2009.6.17.1791 2009.06.17 -
VirusBuster 4.6.5.0 2009.06.16 -[/QUOTE]
Дополнительная информация
File size: 1415 bytes
MD5...: 96d22822880e75d8eefe4928302a5f51
SHA1..: 4c059e1c637636822ae99a882f54bd9c30d859d8
SHA256: 96f3a2f941e946bb0df563a7cc74817dff7c92e2c9f0f990d2e21bfad382eebd
ssdeep: -
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Сегодняшний улов:
Src=C:\windows\system32\drivers\MSIVXjgvuhkorridxbnpytpedckukvxibtwwg.sys
Файл avz00002.dta получен 2009.06.17 10:29:11 (UTC)
[QUOTE]Антивирус Версия Обновление Результат
[B]a-squared 4.5.0.18 2009.06.17 Trojan.WinNT!IK [/B]
AhnLab-V3 5.0.0.2 2009.06.17 -
AntiVir 7.9.0.187 2009.06.17 -
Antiy-AVL 2.0.3.1 2009.06.17 -
Authentium 5.1.2.4 2009.06.16 -
[B]Avast 4.8.1335.0 2009.06.16 Win32:Alureon-BS [/B]
AVG 8.5.0.339 2009.06.17 -
BitDefender 7.2 2009.06.17 -
CAT-QuickHeal 10.00 2009.06.17 -
ClamAV 0.94.1 2009.06.17 -
Comodo 1349 2009.06.17 -
[B]DrWeb 5.0.0.12182 2009.06.17 Trojan.Packed.2479
eSafe 7.0.17.0 2009.06.16 Suspicious File [/B]
eTrust-Vet 31.6.6564 2009.06.17 -
F-Prot 4.4.4.56 2009.06.16 -
Fortinet 3.117.0.0 2009.06.17 -
[B]GData 19 2009.06.17 Win32:Alureon-BS
Ikarus T3.1.1.59.0 2009.06.17 Trojan.WinNT [/B]
Jiangmin 11.0.706 2009.06.17 -
K7AntiVirus 7.10.765 2009.06.16 -
Kaspersky 7.0.0.125 2009.06.17 -
McAfee 5648 2009.06.16 -
McAfee+Artemis 5648 2009.06.16 -
[B]McAfee-GW-Edition 6.7.6 2009.06.17 Trojan.LooksLike.Vundo
Microsoft 1.4701 2009.06.17 VirTool:Win32/Obfuscator.ET [/B]
NOD32 4161 2009.06.17 -
Norman 6.01.09 2009.06.16 -
nProtect 2009.1.8.0 2009.06.17 -
Panda 10.0.0.14 2009.06.16 -
Prevx 3.0 2009.06.17 -
Rising 21.34.22.00 2009.06.17 -
Sophos 4.42.0 2009.06.17 -
Sunbelt 3.2.1858.2 2009.06.17 -
Symantec 1.4.4.12 2009.06.17 -
TheHacker 6.3.4.3.347 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.17 -
VBA32 3.12.10.7 2009.06.17 -
ViRobot 2009.6.17.1792 2009.06.17 -
[B]VirusBuster 4.6.5.0 2009.06.16 Rootkit.Alureon.Gen!Pac.2[/B] [/QUOTE]
-
Сидел в автозагрузке и устанавливал соединение с ip 78.129.158.88
File winamp1.exe received on 2009.06.17 10:47:43 (UTC)
[CODE][B]Antivirus Version Last Update Result[/B]
[B]a-squared 4.5.0.18 2009.06.17 Virus.Worm.Win32.AutoRun!IK[/B]
AhnLab-V3 5.0.0.2 2009.06.17 -
[B]AntiVir 7.9.0.187 2009.06.17 Worm/Autorun.apui[/B]
Antiy-AVL 2.0.3.1 2009.06.17 -
Authentium 5.1.2.4 2009.06.16 -
Avast 4.8.1335.0 2009.06.16 -
[B]AVG 8.5.0.339 2009.06.17 Worm/Generic.ABYX[/B]
BitDefender 7.2 2009.06.17 -
[B]CAT-QuickHeal 10.00 2009.06.17 Worm.AutoRun.apui[/B]
ClamAV 0.94.1 2009.06.17 -
Comodo 1349 2009.06.17 -
[B]DrWeb 5.0.0.12182 2009.06.17 Trojan.MulDrop.31990[/B]
eSafe 7.0.17.0 2009.06.16 -
eTrust-Vet 31.6.6564 2009.06.17 -
F-Prot 4.4.4.56 2009.06.16 -
[B]Fortinet 3.117.0.0 2009.06.17 W32/AutoRun.APUI!worm[/B]
GData 19 2009.06.17 -
[B]Ikarus T3.1.1.59.0 2009.06.17 Virus.Worm.Win32.AutoRun[/B]
Jiangmin 11.0.706 2009.06.17 -
K7AntiVirus 7.10.765 2009.06.16 -
[B]Kaspersky 7.0.0.125 2009.06.17 Worm.Win32.AutoRun.apui[/B]
McAfee 5648 2009.06.16 -
[B]McAfee+Artemis 5648 2009.06.16 Artemis!0B988853939D
McAfee-GW-Edition 6.7.6 2009.06.17 Worm.Autorun.apui[/B]
Microsoft 1.4701 2009.06.17 -
[B]NOD32 4162 2009.06.17 a variant of Win32/Injector.QJ[/B]
Norman 6.01.09 2009.06.16 -
nProtect 2009.1.8.0 2009.06.17 -
[B]Panda 10.0.0.14 2009.06.16 Suspicious file[/B]
PCTools 4.4.2.0 2009.06.12 -
[B]Prevx 3.0 2009.06.17 Email High Risk Worm[/B]
Rising 21.34.23.00 2009.06.17 -
Sophos 4.42.0 2009.06.17 -
Sunbelt 3.2.1858.2 2009.06.17 -
Symantec 1.4.4.12 2009.06.17 -
TheHacker 6.3.4.3.347 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.17 -
VBA32 3.12.10.7 2009.06.17 -
ViRobot 2009.6.17.1792 2009.06.17 -
VirusBuster 4.6.5.0 2009.06.16 -[/CODE]
Additional information
File size: 163880 bytes
MD5...: 0b988853939d6c5f8c96fb902e76b9f6
SHA1..: 547283cc8048c8fb11106b4bbc4097bf605804d1
SHA256: 2c23a6661783d7c77dae7ca939018f838c3ca5745e8882e548a11cbe3c9373b2
ssdeep: 3072:BN87KddemDnj6+x6KhkqzhvABKHXDLYaIO+PWzOM:L87K7FD2QGK3lIA
PEiD..: -
TrID..: File type identification
Win32 Executable Microsoft Visual Basic 6 (90.9%)
Win32 Executable Generic (6.1%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1618
timedatestamp.....: 0x4a1f9bc1 (Fri May 29 08:24:33 2009)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xebec 0xf000 5.47 350af5f7907d11a42a44315d2f81b0a8
.data 0x10000 0x50c 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x11000 0x16e89 0x17000 7.23 3c6ba12817cc927e204c80b3cb1930cb
( 1 imports )
> MSVBVM60.DLL: __vbaVarSub, _CIcos, _adj_fptan, __vbaVarMove, __vbaAryMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, -, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaSetSystemError, __vbaRecDestruct, __vbaHresultCheckObj, __vbaVargVarCopy, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, -, _CIsin, -, __vbaErase, -, __vbaVarZero, __vbaChkstk, -, __vbaFileClose, __vbaGenerateBoundsError, __vbaStrCmp, __vbaPutOwner3, __vbaAryConstruct2, -, __vbaI2I4, DllFunctionCall, -, __vbaLbound, __vbaRedimPreserve, _adj_fpatan, __vbaFixstrConstruct, __vbaRedim, __vbaRecUniToAnsi, __vbaUI1I2, _CIsqrt, __vbaExceptHandler, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, -, __vbaInStrVar, __vbaUbound, __vbaStrVarVal, __vbaGetOwner3, __vbaVarCat, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, __vbaVar2Vec, -, -, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, -, __vbaI4Str, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaI4Var, __vbaVarCmpEq, __vbaAryLock, __vbaVarDup, __vbaStrToAnsi, __vbaAryVarVarg, __vbaFpI4, __vbaVarCopy, -, _CIatan, __vbaAryCopy, __vbaStrMove, __vbaStrVarCopy, -, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeObj, __vbaI4ErrVar, __vbaFreeStr
( 0 exports )
PDFiD.: -
-
Файл AgentSetup.exe получен 2009.06.17 13:52:41 (UTC)
Текущий статус: закончено
Результат: 7/41 (17.07%)
[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.17 -
AhnLab-V3 5.0.0.2 2009.06.17 -
AntiVir 7.9.0.187 2009.06.17 -
Antiy-AVL 2.0.3.1 2009.06.17 -
Authentium 5.1.2.4 2009.06.16 -
Avast 4.8.1335.0 2009.06.16 -
[B]AVG 8.5.0.339 2009.06.17 Downloader.Agent2.DFN[/B]
BitDefender 7.2 2009.06.17 -
CAT-QuickHeal 10.00 2009.06.17 -
ClamAV 0.94.1 2009.06.17 -
Comodo 1350 2009.06.17 -
DrWeb 5.0.0.12182 2009.06.17 -
eSafe 7.0.17.0 2009.06.17 -
eTrust-Vet 31.6.6564 2009.06.17 -
F-Prot 4.4.4.56 2009.06.16 -
[B]F-Secure 8.0.14470.0 2009.06.17 AdWare.Win32.Reklosoft.s[/B]
Fortinet 3.117.0.0 2009.06.17 -
GData 19 2009.06.17 -
[B]Ikarus T3.1.1.59.0 2009.06.17 not-a-virus:AdWare.Win32.Reklosoft[/B]
Jiangmin 11.0.706 2009.06.17 -
K7AntiVirus 7.10.765 2009.06.16 -
[B]Kaspersky 7.0.0.125 2009.06.17 not-a-virus:AdWare.Win32.Reklosoft.s[/B]
McAfee 5648 2009.06.16 -
McAfee+Artemis 5648 2009.06.16 -
McAfee-GW-Edition 6.7.6 2009.06.17 -
[B]Microsoft 1.4701 2009.06.17 BrowserModifier:Win32/Kerlofost[/B]
NOD32 4162 2009.06.17 -
Norman 6.01.09 2009.06.17 -
nProtect 2009.1.8.0 2009.06.17 -
[B]Panda 10.0.0.14 2009.06.16 Trj/CI.A[/B]
PCTools 4.4.2.0 2009.06.17 -
Prevx 3.0 2009.06.17 -
Rising 21.34.24.00 2009.06.17 -
[B]Sophos 4.42.0 2009.06.17 Mal/Generic-A[/B]
Sunbelt 3.2.1858.2 2009.06.17 -
Symantec 1.4.4.12 2009.06.17 -
TheHacker 6.3.4.3.347 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.17 -
VBA32 3.12.10.7 2009.06.17 -
ViRobot 2009.6.17.1792 2009.06.17 -
VirusBuster 4.6.5.0 2009.06.16 -[/QUOTE]
Дополнительная информация
File size: 1747415 bytes
MD5 : e1e9a39388aab756728fc714afebb6d2
SHA1 : d40d69b0c77685fba67bfc421181691967abc758
SHA256: 1aa26e8015a9f73b18011ec389d7db133576dd774be291a469921351066f6bf0
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x30CB
timedatestamp.....: 0x498A480F (Thu Feb 5 02:59:43 2009)
machinetype.......: 0x14C (Intel I386)
-
File InfinityOptimizer_Install.exe received on 2009.06.17 19:53:26 (UTC)
Current status: Finished
Result: 0/41 (0%)
[QUOTE]a-squared 4.5.0.18 2009.06.17 -
AhnLab-V3 5.0.0.2 2009.06.17 -
AntiVir 7.9.0.187 2009.06.17 -
Antiy-AVL 2.0.3.1 2009.06.17 -
Authentium 5.1.2.4 2009.06.17 -
Avast 4.8.1335.0 2009.06.17 -
AVG 8.5.0.339 2009.06.17 -
BitDefender 7.2 2009.06.17 -
CAT-QuickHeal 10.00 2009.06.17 -
ClamAV 0.94.1 2009.06.17 -
Comodo 1356 2009.06.17 -
DrWeb 5.0.0.12182 2009.06.17 -
eSafe 7.0.17.0 2009.06.17 -
eTrust-Vet 31.6.6564 2009.06.17 -
F-Prot 4.4.4.56 2009.06.17 -
F-Secure 8.0.14470.0 2009.06.17 -
Fortinet 3.117.0.0 2009.06.17 -
GData 19 2009.06.17 -
Ikarus T3.1.1.59.0 2009.06.17 -
Jiangmin 11.0.706 2009.06.17 -
K7AntiVirus 7.10.766 2009.06.17 -
Kaspersky 7.0.0.125 2009.06.17 -
McAfee 5649 2009.06.17 -
McAfee+Artemis 5649 2009.06.17 -
McAfee-GW-Edition 6.7.6 2009.06.17 -
Microsoft 1.4701 2009.06.17 -
NOD32 4164 2009.06.17 -
Norman 6.01.09 2009.06.17 -
nProtect 2009.1.8.0 2009.06.17 -
Panda 10.0.0.14 2009.06.17 -
PCTools 4.4.2.0 2009.06.17 -
Prevx 3.0 2009.06.17 -
Rising 21.34.24.00 2009.06.17 -
Sophos 4.42.0 2009.06.17 -
Sunbelt 3.2.1858.2 2009.06.17 -
Symantec 1.4.4.12 2009.06.17 -
TheHacker 6.3.4.3.348 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.17 -
VBA32 3.12.10.7 2009.06.17 -
ViRobot 2009.6.17.1792 2009.06.17 -
VirusBuster 4.6.5.0 2009.06.17 -[/QUOTE]
Additional information
File size: 9342397 bytes
MD5...: e67b1b23a53f3fbfd035cea9978730d1
SHA1..: 87cd1babf3da178ad3cc820df6d194f566981f7c
SHA256: 8b8fbe2770a4897dcb4a2c0271c1fac590500c8a86231168e21f206b515f040b
ssdeep: 196608:7+QX7Fc/XeNXJ056S4V0GURIbTxSReyEus8:7+hedSy0PkTgdh
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
packers (Kaspersky): ASPack
RDS : NSRL Reference Data Set
-
-
Вчера поймал, нод отреагировал эвристикой. касперский уже знает
[QUOTE]
Файл codec.exe получен 2009.06.18 06:29:18 (UTC)
[LEFT]Антивирус Версия Обновление Результат[/LEFT]
[LEFT][B]a-squared 4.5.0.18 2009.06.18 Trojan-Downloader.Win32.FakeRean!IK[/B]
AhnLab-V3 5.0.0.2 2009.06.17-
[B]AntiVir 7.9.0.187 2009.06.17 TR/Drop.Agent.sca[/B]
Antiy-AVL 2.0.3.1 2009.06.17-
Authentium 5.1.2.4 2009.06.17-
[B]Avast 4.8.1335.0 2009.06.17 Win32:Trojan-gen {Other}[/B]
[B]AVG 8.5.0.339 2009.06.17 Generic13.BIIQ[/B]
[B]BitDefender 7.2 2009.06.18 Gen:Trojan.Heur.6035CA9FEE[/B]
[B]CAT-QuickHeal 10.00 2009.06.18 TrojanDownloader.FraudLoad.er[/B]
ClamAV 0.94.1 2009.06.18-
Comodo 1360 2009.06.18-
DrWeb 5.0.0.12182 2009.06.17-
[B]eSafe 7.0.17.0 2009.06.17 Suspicious File[/B]
eTrust-Vet 31.6.6566 2009.06.17-
F-Prot 4.4.4.56 2009.06.17-
[B]F-Secure 8.0.14470.0 2009.06.18 Suspicious:W32/Malware!Gemini[/B]
[B]Fortinet 3.117.0.0 2009.06.18 W32/FakeAlert.CM!tr[/B]
[B]GData 19 2009.06.18 Gen:Trojan.Heur.6035CA9FEE[/B]
[B]Ikarus T3.1.1.59.0 2009.06.18 Trojan-Downloader.Win32.FakeRean[/B]
Jiangmin 11.0.706 2009.06.18-
K7AntiVirus 7.10.766 2009.06.17-
[B]Kaspersky 7.0.0.125 2009.06.18 Trojan-Downloader.Win32.FraudLoad.erk[/B]
[B]McAfee 5649 2009.06.17 FakeAlert-CM[/B]
[B]McAfee+Artemis 5649 2009.06.17 FakeAlert-CM[/B]
[B]McAfee-GW-Edition 6.7.6 2009.06.18 Trojan.Drop.Agent.sca[/B]
[B]Microsoft 1.4701 2009.06.18 TrojanDownloader:Win32/FakeRean[/B]
[B]NOD32 4165 2009.06.18 a variant of Win32/Kryptik.SM[/B]
Norman 6.01.09 2009.06.17-
nProtect 2009.1.8.0 2009.06.18-
[B]Panda 10.0.0.14 2009.06.17 Trj/CI.A[/B]
PCTools 4.4.2.0 2009.06.17-
[B]Prevx 3.0 2009.06.18 Medium Risk Malware[/B]
Rising 21.34.30.00 2009.06.18-
[B]Sophos 4.42.0 2009.06.18 Mal/EncPk-IF[/B]
Sunbelt 3.2.1858.2 2009.06.18-
[B]Symantec 1.4.4.12 2009.06.18 Packed.Generic.233[/B]
TheHacker6.3.4.3.3482009.06.17-
TrendMicro 8.950.0.1094 2009.06.18-
VBA32 3.12.10.7 2009.06.18-
ViRobot 2009.6.18.1793 2009.06.18-
[B]VirusBuster 4.6.5.0 2009.06.17 Trojan.DL.FakeRean.AM[/B][/LEFT]
[LEFT]Дополнительная информация File size: 110595 bytesMD5...: a5d3bcee3d8575f1968be7b7ab3c5853SHA1..: 432f7e19c3e2d47a2d0487cb7901fddc01e52a52SHA256: d65c3ab383bf49324000daf49aa6cd6bb847f1356c6085fbb287c516d5507125ssdeep: 3072:n1YSbUICy81sygYL0d95QlC06MszFi9X3kuJm:n17bUICy81fLy9kVOzmG[/LEFT]
PEiD..: -TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x12ed
timedatestamp.....: 0x43d993ec (Fri Jan 27 03:30:52 2006)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.code 0x1000 0x335a 0x3400 7.91 61f0ffd0beb12d37c141cb75bb882c50
.data 0x5000 0x200c1 0x11000 7.97 c28b94d54df38b16074c5b1ce6d4bb05
.idata 0x26000 0x40a 0x800 2.86 6a81227795348858e818129431137fa3
.rsrc 0x27000 0x58c4 0x5c00 5.54 17ccac79d64ab5b23c65817537ed0abf
.reloc 0x2d000 0x20 0x400 0.17 6b6622984ce1ab52d6f81eb6c3512d72
( 3 imports )
>KERNEL32.DLL: WriteConsoleW, ExpandEnvironmentStringsA,QueryPerformanceCounter, GetStdHandle, GetSystemDefaultLangID,GlobalUnlock, CreateDirectoryW, GetCommandLineA, GetTickCount,GetDateFormatW, ReadFile, GetCurrentProcessId,GetFileInformationByHandle, TlsSetValue, ExitProcess, SleepEx,VirtualProtect, LocalFileTimeToFileTime, GetSystemTime,GetCurrentDirectoryA
> USER32.DLL: MessageBoxW, CallWindowProcW,GetWindowLongW, IsRectEmpty, GetWindowPlacement, LoadBitmapW,RegisterClassExW, SetWindowRgn, GetMenu, SetScrollPos, EndDialog,GetClassInfoExW, GetWindowRect, CharNextW, GetScrollInfo
> MSVCRT.DLL: _wcsicmp, _amsg_exit, realloc, _wtol, exit, strchr, _adjust_fdiv
( 0 exports )
PDFiD.: -RDS...: NSRL Reference Data Set
-Prevxinfo: <ahref='http://info.prevx.com/aboutprogramtext.asp?PX5=DF790C5703182127B074019C5ED2B00025DF6F75'target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=DF790C5703182127B074019C5ED2B00025DF6F75</a>[/QUOTE]
-
Src=C:\Documents and Settings\user\Application Data\sdra64.exe из "Помогите"
[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.18 -
AhnLab-V3 5.0.0.2 2009.06.18 -
[B]AntiVir 7.9.0.191 2009.06.18 TR/Dropper.Gen [/B]
Antiy-AVL 2.0.3.1 2009.06.18 -
Authentium 5.1.2.4 2009.06.17 -
[B]Avast 4.8.1335.0 2009.06.17 Win32:Walivun
AVG 8.5.0.339 2009.06.17 Injector.EG
BitDefender 7.2 2009.06.18 Gen:Trojan.Heur.Hype.A097686868
CAT-QuickHeal 10.00 2009.06.18 (Suspicious) - DNAScan [/B]
ClamAV 0.94.1 2009.06.18 -
Comodo 1361 2009.06.18 -
DrWeb 5.0.0.12182 2009.06.18 -
[B]eSafe 7.0.17.0 2009.06.17 Suspicious File [/B]
eTrust-Vet 31.6.6566 2009.06.17 -
F-Prot 4.4.4.56 2009.06.17 -
Fortinet 3.117.0.0 2009.06.18 -
[B]GData 19 2009.06.18 Gen:Trojan.Heur.Hype.A097686868 [/B]
Ikarus T3.1.1.59.0 2009.06.18 -
Jiangmin 11.0.706 2009.06.18 -
K7AntiVirus 7.10.766 2009.06.17 -
[B]McAfee 5649 2009.06.17 Generic Obfuscated.b
McAfee+Artemis 5649 2009.06.17 Generic Obfuscated.b
McAfee-GW-Edition 6.7.6 2009.06.18 Trojan.Dropper.Gen
Microsoft 1.4701 2009.06.18 PWS:Win32/Zbot.PJ
NOD32 4165 2009.06.18 a variant of Win32/Kryptik.QN [/B]
Norman 6.01.09 2009.06.17 -
nProtect 2009.1.8.0 2009.06.18 -
Panda 10.0.0.14 2009.06.17 -
PCTools 4.4.2.0 2009.06.17 -
Prevx 3.0 2009.06.18 -
Rising 21.34.30.00 2009.06.18 -
[B]Sophos 4.42.0 2009.06.18 Mal/WaledPak-A [/B]
Sunbelt 3.2.1858.2 2009.06.18 -
Symantec 1.4.4.12 2009.06.18 -
TheHacker 6.3.4.3.348 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.18 -
[B]VBA32 3.12.10.7 2009.06.18 Trojan.Win32.Waledac [/B]
ViRobot 2009.6.18.1793 2009.06.18 -
VirusBuster 4.6.5.0 2009.06.17 - [/QUOTE]
Странно сегодня ВТ работает. Сканер Касперского куда-то делся.
[size="1"][color="#666686"][B][I]Добавлено через 5 часов 30 минут[/I][/B][/color][/size]
Src=C:\WINDOWS\system32\browsew.dll из "Помогите"
[QUOTE][B]a-squared 4.5.0.18 2009.06.18 Trojan-Dropper.Delf!IK [/B]
AhnLab-V3 5.0.0.2 2009.06.18 -
[B]AntiVir 7.9.0.191 2009.06.18 DR/Delphi.Gen [/B]
Antiy-AVL 2.0.3.1 2009.06.18 -
[B]Authentium 5.1.2.4 2009.06.18 W32/Delf.G.gen!Eldorado
Avast 4.8.1335.0 2009.06.17 Win32:Rootkit-gen
AVG 8.5.0.339 2009.06.18 Dropper.Rozena [/B]
BitDefender 7.2 2009.06.18 -
CAT-QuickHeal 10.00 2009.06.18 -
ClamAV 0.94.1 2009.06.18 -
Comodo 1363 2009.06.18 -
DrWeb 5.0.0.12182 2009.06.18 -
eSafe 7.0.17.0 2009.06.18 -
[B]eTrust-Vet 31.6.6567 2009.06.18 Win32/QQPass.BDW
F-Prot 4.4.4.56 2009.06.17 W32/Delf.G.gen!Eldorado [/B]
F-Secure 8.0.14470.0 2009.06.18 -
Fortinet 3.117.0.0 2009.06.18 -
[B]GData 19 2009.06.18 Win32:Rootkit-gen
Ikarus T3.1.1.59.0 2009.06.18 Trojan-Dropper.Delf [/B]
Jiangmin 11.0.706 2009.06.18 -
K7AntiVirus 7.10.766 2009.06.17 -
Kaspersky 7.0.0.125 2009.06.18 -
[B]McAfee 5649 2009.06.17 Generic Dropper.fz
McAfee+Artemis 5649 2009.06.17 Generic Dropper.fz
McAfee-GW-Edition 6.7.6 2009.06.18 Trojan.Dropper.Delphi.Gen [/B]
Microsoft 1.4701 2009.06.18 -
NOD32 4167 2009.06.18 -
Norman 6.01.09 2009.06.18 -
nProtect 2009.1.8.0 2009.06.18 -
[B]Panda 10.0.0.14 2009.06.17 Generic Trojan [/B]
PCTools 4.4.2.0 2009.06.17 -
Prevx 3.0 2009.06.18 -
[B]Rising 21.34.34.00 2009.06.18 Trojan.PSW.Win32.QQPass.qii [/B]
Sophos 4.42.0 2009.06.18 -
Sunbelt 3.2.1858.2 2009.06.18 -
Symantec 1.4.4.12 2009.06.18 -
TheHacker 6.3.4.3.348 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.18 -
VBA32 3.12.10.7 2009.06.18 -
ViRobot 2009.6.18.1794 2009.06.18 -
[B]VirusBuster 4.6.5.0 2009.06.18 Trojan.DR.Delf.Gen.7 [/B][/QUOTE]
-
Файл foto20.scr получен 2009.06.18 15:35:54 (UTC)
[CODE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.18 -
AhnLab-V3 5.0.0.2 2009.06.18 -
AntiVir 7.9.0.191 2009.06.18 -
Antiy-AVL 2.0.3.1 2009.06.18 -
Authentium 5.1.2.4 2009.06.18 -
Avast 4.8.1335.0 2009.06.17 -
AVG 8.5.0.339 2009.06.18 -
BitDefender 7.2 2009.06.18 -
CAT-QuickHeal 10.00 2009.06.18 -
ClamAV 0.94.1 2009.06.18 -
Comodo 1364 2009.06.18 -
[B]DrWeb 5.0.0.12182 2009.06.18 Trojan.Packed.2480[/B]
eSafe 7.0.17.0 2009.06.18 -
eTrust-Vet 31.6.6567 2009.06.18 -
F-Prot 4.4.4.56 2009.06.17 -
F-Secure 8.0.14470.0 2009.06.18 -
Fortinet 3.117.0.0 2009.06.18 -
GData 19 2009.06.18 -
Ikarus T3.1.1.59.0 2009.06.18 -
Jiangmin 11.0.706 2009.06.18 -
K7AntiVirus 7.10.766 2009.06.17 -
Kaspersky 7.0.0.125 2009.06.18 -
McAfee 5649 2009.06.17 -
McAfee+Artemis 5649 2009.06.17 -
[B]McAfee-GW-Edition 6.7.6 2009.06.18 Win32.Malware.gen (suspicious)[/B]
[B]Microsoft 1.4701 2009.06.18 VirTool:Win32/Obfuscator.FL[/B]
NOD32 4167 2009.06.18 -
Norman 6.01.09 2009.06.18 -
nProtect 2009.1.8.0 2009.06.18 -
Panda 10.0.0.14 2009.06.18 -
PCTools 4.4.2.0 2009.06.17 -
Prevx 3.0 2009.06.18 -
Rising 21.34.34.00 2009.06.18 -
Sophos 4.42.0 2009.06.18 -
Sunbelt 3.2.1858.2 2009.06.18 -
Symantec 1.4.4.12 2009.06.18 -
TheHacker 6.3.4.3.348 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.18 -
[B]VBA32 3.12.10.7 2009.06.18 Malware-Cryptor.Win32.Vals.3[/B]
ViRobot 2009.6.18.1794 2009.06.18 -
VirusBuster 4.6.5.0 2009.06.18 -[/CODE]
Дополнительная информация
File size: 224768 bytes
MD5...: 28777e565ee8ea3e6f023d1c18afcf3f
SHA1..: 09b292f2948b81cb20c2f3f0591cf6e4928edf48
SHA256: bfab24d3610cfc7bb6413f83ffb0e0c8e5a94d6e04b15310390520108dada898
ssdeep: 6144:Ck+1qk930Yd3f3WfwG7HywYWfVeSsh3T5m:Ck+P3+fwo/HVezh3T5m<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (38.3%)<br>Win32 Dynamic Link Library (generic) (34.1%)<br>Win16/32 Executable Delphi generic (9.3%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1000<br>timedatestamp.....: 0x48554930 (Sun Jun 15 16:54:08 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x35000 0x35000 5.90 52154a290c0de9a4aeda8ab0f191bea7<br>.rdata 0x36000 0x1000 0x200 1.15 3d4c2b6aa8cdafebcbe808bd480f6c0f<br>.data 0x37000 0x1000 0x400 2.65 fbd44e8819bde55b78ec5e9e3a229c38<br>.rsrc 0x38000 0x36000 0x1400 3.81 2971fd64c858af83ad92968515511bce<br><br>( 1 imports ) <br>> kernel32.dll: GetProcAddress, LoadLibraryA<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
-
Файл Jimm2009.jar получен 2009.06.18 19:41:08 (UTC)
Текущий статус: закончено
Результат: 10/41 (24.4%)
[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.18 -
AhnLab-V3 5.0.0.2 2009.06.18 -
AntiVir 7.9.0.191 2009.06.18 -
[B]Antiy-AVL 2.0.3.1 2009.06.18 Trojan/J2ME.Swapi[/B]
Authentium 5.1.2.4 2009.06.18 -
[B]Avast 4.8.1335.0 2009.06.18 Other:Malware-gen
AVG 8.5.0.339 2009.06.18 Java/Swapi[/B]
BitDefender 7.2 2009.06.18 -
CAT-QuickHeal 10.00 2009.06.18 -
ClamAV 0.94.1 2009.06.18 -
[B]Comodo 1367 2009.06.18 TrojWare.J2ME.SMS.Swapi.n
DrWeb 5.0.0.12182 2009.06.18 Java.SmsFlood[/B]
eSafe 7.0.17.0 2009.06.18 -
eTrust-Vet 31.6.6567 2009.06.18 -
F-Prot 4.4.4.56 2009.06.18 -
[B]F-Secure 8.0.14470.0 2009.06.18 Trojan-SMS.J2ME.Swapi.n
Fortinet 3.117.0.0 2009.06.18 Java/Swapi.N!tr
GData 19 2009.06.18 Other:Malware-gen
Ikarus T3.1.1.59.0 2009.06.18 Trojan-SMS[/B]
Jiangmin 11.0.706 2009.06.18 -
K7AntiVirus 7.10.766 2009.06.17 -
[B]Kaspersky 7.0.0.125 2009.06.18 Trojan-SMS.J2ME.Swapi.n[/B]
McAfee 5650 2009.06.18 -
McAfee+Artemis 5650 2009.06.18 -
McAfee-GW-Edition 6.7.6 2009.06.18 -
Microsoft 1.4701 2009.06.18 -
NOD32 4168 2009.06.18 -
Norman 6.01.09 2009.06.18 -
nProtect 2009.1.8.0 2009.06.18 -
Panda 10.0.0.14 2009.06.18 -
PCTools 4.4.2.0 2009.06.17 -
Prevx 3.0 2009.06.18 -
Rising 21.34.34.00 2009.06.18 -
Sophos 4.42.0 2009.06.18 -
Sunbelt 3.2.1858.2 2009.06.18 -
Symantec 1.4.4.12 2009.06.18 -
TheHacker 6.3.4.3.348 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.18 -
VBA32 3.12.10.7 2009.06.18 -
ViRobot 2009.6.18.1794 2009.06.18 -
VirusBuster 4.6.5.0 2009.06.18 -[/QUOTE]
Дополнительная информация
File size: 135729 bytes
MD5...: 474815affb2614459241a04bab355400
SHA1..: a1c56600e9259931f5bf42b40bb78f9693c051b0
SHA256: e0abc06bbb2d05f43d9d20edd7c28aa75b8e0920c13ded05a741bf408db9c8d1
ssdeep: 3072:EYzNg2B5XHj04ANArHJ+ga5h90VX0KgblXQcjkVtr4wk7gr9:RzNRB5lAir
p+garRKOdljkVd4wkM9
PEiD..: -
TrID..: File type identification
Java Archive (78.2%)
ZIP compressed archive (21.5%)
Sybase iAnywhere database files (0.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
-
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\G1Q9SRO7\dakxxly[1].txt
После заражения блокируют IP
File op.php received on 2009.06.19 08:20 :20 (UTC)
Current status:finished
Result: 21/41 (51.22%)
[QUOTE][B]a-squared 4.5.0.18 2009.06.19 Trojan.Crypt!IK[/B]
AhnLab-V3 5.0.0.2 2009.06.19 -
[B]AntiVir 7.9.0.191 2009.06.19 TR/Crypt.ZPACK.Gen[/B]
Antiy-AVL 2.0.3.1 2009.06.18 -
Authentium 5.1.2.4 2009.06.19 -
[B]Avast 4.8.1335.0 2009.06.18 Win32:Crypt-EKF[/B]
AVG 8.5.0.339 2009.06.18 -
BitDefender 7.2 2009.06.19 -
[B]CAT-QuickHeal 10.00 2009.06.19 (Suspicious) - DNAScan[/B]
ClamAV 0.94.1 2009.06.19 -
[B]Comodo 1370 2009.06.19 TrojWare.Win32.Trojan.Agent.Gen[/B]
DrWeb 5.0.0.12182 2009.06.19 -
[B]eSafe 7.0.17.0 2009.06.18 Win32.TRCrypt.ZPACK[/B]
[B]eTrust-Vet 31.6.6568 2009.06.19 Win32/SillyDl.NYH[/B]
F-Prot 4.4.4.56 2009.06.19 -
F-Secure 8.0.14470.0 2009.06.18 -
[B]Fortinet 3.117.0.0 2009.06.19 W32/DwnLdr.HTD!tr[/B]
[B]GData 19 2009.06.19 Win32:Crypt-EKF[/B]
[B]Ikarus T3.1.1.59.0 2009.06.19 Trojan.Crypt[/B]
Jiangmin 11.0.706 2009.06.19 -
K7AntiVirus 7.10.766 2009.06.17 -
Kaspersky 7.0.0.125 2009.06.19 -
[B]McAfee 5650 2009.06.18 Generic.dx!lz[/B]
[B]McAfee+Artemis 5650 2009.06.18 Generic.dx!lz[/B]
[B]McAfee-GW-Edition 6.7.6 2009.06.19 Trojan.Crypt.ZPACK.Gen[/B]
[B]Microsoft 1.4701 2009.06.19 VirTool:Win32/Obfuscator.FM[/B]
NOD32 4169 2009.06.19 -
[B]Norman 6.01.09 2009.06.18 W32/Smalltroj.ONTT[/B]
nProtect 2009.1.8.0 2009.06.19 -
[B]Panda 10.0.0.14 2009.06.18 Suspicious file[/B]
PCTools 4.4.2.0 2009.06.17 -
[B]Prevx 3.0 2009.06.19 High Risk Cloaked Malware[/B]
Rising 21.34.41.00 2009.06.19 -
[B]Sophos 4.42.0 2009.06.19 Troj/DwnLdr-HTD[/B]
Sunbelt 3.2.1858.2 2009.06.18 -
[B]Symantec 1.4.4.12 2009.06.19 Trojan Horse[/B]
TheHacker 6.3.4.3.348 2009.06.19 -
[B]TrendMicro 8.950.0.1094 2009.06.19 TROJ_DLDR.DM[/B]
VBA32 3.12.10.7 2009.06.19 -
ViRobot 2009.6.19.1795 2009.06.19 -
[B]VirusBuster 4.6.5.0 2009.06.18 Trojan.ZPACK.CFP[/B][/QUOTE]
Additional information
File size: 10752 bytes
MD5...: 87bf948b9ec456b83942056a41748a12
SHA1..: 84c4eb5a7d392f5d642eae9f7c86539637154d9a
SHA256: ec644ee2163e735eb998f8769362f1513ce0d2b914a8a6dcb473e5470669d177
ssdeep: 192:biUVPNuluNtn73hwMHb/HyK5XhGYxsoqp:btPNuluNtnD2aDH3hGO0p
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x160d
timedatestamp.....: 0x4a34cff0 (Sun Jun 14 10:24:48 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8c0 0xa00 6.00 e7be871cceb9b48f97ada18eef6984bc
.rdata 0x2000 0x1c4 0x200 4.11 81f2061221431ad5f0743f356b0951b6
.data 0x3000 0x236d4 0x1600 7.11 dbf6a8f35a7d93f32a1d446dfa9f1cb1
.rsrc 0x27000 0x318 0x400 2.61 e369ef3a7e454143572e4e85b736b25b
( 1 imports )
> KERNEL32.dll: ExitProcess, GetLastError, CloseHandle, WriteFile, CreateFileA, GetTempPathA, GetTickCount, HeapFree, GetProcAddress, HeapAlloc, GetProcessHeap
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: [url]http://www.threatexpert.com/report.aspx?md5=87bf948b9ec456b83942056a41748a12[/url]
-
File load.exe received on 2009.06.20 09:26:37 (UTC)
Current status: finished
Result: 7/40 (17.50%)
[QUOTE]Antivirus Version Last Update Result
[B]a-squared 4.5.0.18 2009.06.20 Backdoor.Win32.Beastdoor!IK[/B]
AhnLab-V3 5.0.0.2 2009.06.19 -
AntiVir 7.9.0.193 2009.06.19 -
Antiy-AVL 2.0.3.1 2009.06.19 -
[B]Authentium 5.1.2.4 2009.06.19 W32/Zbot.I.gen!Eldorado[/B]
Avast 4.8.1335.0 2009.06.19 -
[B]AVG 8.5.0.339 2009.06.20 Downloader.Agent[/B]
BitDefender 7.2 2009.06.20 -
CAT-QuickHeal 10.00 2009.06.19 -
ClamAV 0.94.1 2009.06.20 -
Comodo 1377 2009.06.20 -
DrWeb 5.0.0.12182 2009.06.20 -
eSafe 7.0.17.0 2009.06.18 -
eTrust-Vet 31.6.6570 2009.06.19 -
[B]F-Prot 4.4.4.56 2009.06.19 W32/Zbot.I.gen!Eldorado[/B]
F-Secure 8.0.14470.0 2009.06.19 -
Fortinet 3.117.0.0 2009.06.19 -
GData 19 2009.06.20 -
[B]Ikarus T3.1.1.59.0 2009.06.20 Backdoor.Win32.Beastdoor[/B]
Jiangmin 11.0.706 2009.06.20 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.20 -
McAfee 5651 2009.06.19 -
McAfee+Artemis 5651 2009.06.19 -
McAfee-GW-Edition 6.7.6 2009.06.19 -
Microsoft 1.4803 2009.06.20 -
[B]NOD32 4173 2009.06.20 a variant of Win32/Kryptik.RG[/B]
Norman 6.01.09 2009.06.19 -
nProtect 2009.1.8.0 2009.06.20 -
Panda 10.0.0.16 2009.06.19 -
PCTools 4.4.2.0 2009.06.19 -
[B]Prevx 3.0 2009.06.20 High Risk Cloaked Malware[/B]
Rising 21.34.52.00 2009.06.20 -
Sophos 4.42.0 2009.06.20 -
Sunbelt 3.2.1858.2 2009.06.20 -
Symantec 1.4.4.12 2009.06.20 -
TheHacker 6.3.4.3.348 2009.06.19 -
TrendMicro 8.950.0.1094 2009.06.19 -
ViRobot 2009.6.19.1796 2009.06.19 -
VirusBuster 4.6.5.0 2009.06.19 -[/QUOTE]
Additional information
File size: 96794 bytes
MD5 : 9cbc5aaae324ef7fba035c5e70f2468c
SHA1 : 1ed3e701e094675d7cae1cbecee499d721797071
SHA256: be6f2a0f2d9267302c79834ff35a01771415a945f15e4002ff32eb5d5383a058
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10E2
timedatestamp.....: 0x4A1AD26C (Mon May 25 19:16:28 2009)
machinetype.......: 0x14C (Intel I386)
-
"Русик" для macromedia dreamweaver. После этого пришлось сменить антивирус
Файл RUS_8.0.1.exe получен 2009.06.20 19:43:27 (UTC)
Текущий статус: закончено
Результат: 27/41 (65.86%)
[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.20 -
[B]AhnLab-V3 5.0.0.2 2009.06.20 Packed/Upack
AntiVir 7.9.0.193 2009.06.20 TR/Spy.Gampass.KZ[/B]
Antiy-AVL 2.0.3.1 2009.06.19 -
[B]Authentium 5.1.2.4 2009.06.20 W32/Heuristic-210!Eldorado[/B]
Avast 4.8.1335.0 2009.06.20 -
[B]AVG 8.5.0.339 2009.06.20 Suspicion: unknown virus
BitDefender 7.2 2009.06.20 Trojan.Generic.1580847
CAT-QuickHeal 10.00 2009.06.19 (Suspicious) - DNAScan[/B]
ClamAV 0.94.1 2009.06.20 -
[B]Comodo 1381 2009.06.20 Unclassified Malware[/B]
DrWeb 5.0.0.12182 2009.06.20 -
[B]eSafe 7.0.17.0 2009.06.18 Win32.Infostealer.ga[/B]
eTrust-Vet 31.6.6570 2009.06.19 -
[B]F-Prot 4.4.4.56 2009.06.20 W32/Heuristic-210!Eldorado
F-Secure 8.0.14470.0 2009.06.19 W32/Packed_Upack.H[/B]
Fortinet 3.117.0.0 2009.06.19 -
[B]GData 19 2009.06.20 Trojan.Generic.1580847
Ikarus T3.1.1.59.0 2009.06.20 Trojan-Dropper.Delf[/B]
Jiangmin 11.0.706 2009.06.20 -
[B]K7AntiVirus 7.10.768 2009.06.19 Trojan.Win32.Malware[/B]
Kaspersky 7.0.0.125 2009.06.20 -
[B]McAfee 5652 2009.06.20 Generic.dx
McAfee+Artemis 5652 2009.06.20 Generic.dx
McAfee-GW-Edition 6.7.6 2009.06.20 Trojan.Spy.Gampass.KZ
Microsoft 1.4803 2009.06.20 VirTool:Win32/Obfuscator.C
NOD32 4173 2009.06.20 probably a variant of Win32/Spy.Agent
Norman 6.01.09 2009.06.19 W32/Packed_Upack.A
nProtect 2009.1.8.0 2009.06.20 -
Panda 10.0.0.16 2009.06.20 Generic Trojan
PCTools 4.4.2.0 2009.06.20 Packed/Upack[/B]
Prevx 3.0 2009.06.20 -
Rising 21.34.52.00 2009.06.20 -
[B]Sophos 4.42.0 2009.06.20 Mal/EncPk-BW
Sunbelt 3.2.1858.2 2009.06.20 Trojan.Win32.Packer.Upack0.3.9 (v)
Symantec 1.4.4.12 2009.06.20 Infostealer.Gampass
TheHacker 6.3.4.3.350 2009.06.20 W32/Behav-Heuristic-060
TrendMicro 8.950.0.1094 2009.06.20 PAK_Generic.006[/B]
VBA32 3.12.10.7 2009.06.20 -
ViRobot 2009.6.19.1796 2009.06.19 -
[B]VirusBuster 4.6.5.0 2009.06.20 Packed/Upack[/B][/QUOTE]
Дополнительная информация
File size: 811360 bytes
MD5...: 1a1e8346ca51f607a4219a26b169b62e
SHA1..: 66a8be7acd5b833ae6d5d0d533fb4e21c9ab2c91
SHA256: 0f36e8c330157f9be881d1b85a34e6f6289ae010b74629156803e4237031d0e6
ssdeep: 12288:/z1h7GqSWnNUzz+eQ0+LamYZ9gIA3+zl+Q0b38wnB0e2uppZzd3Lj55HN3
H:/X7kqeQ+m09RzlSbznB0ypHbHN3
PEiD..: -
TrID..: File type identification
DOS Executable Generic (100.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1018
timedatestamp.....: 0x4011b0be (Fri Jan 23 23:39:42 2004)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
PS 0x1000 0x34000 0x1f0 5.32 ec36b2de9b4d1ba7f6ecb3ad216dceeb
@DD 0x35000 0x1c000 0x1446c 7.51 9e7fbf904c98163998e872f6ee25440a
HC@ 0x51000 0x1000 0x1f0 5.32 ec36b2de9b4d1ba7f6ecb3ad216dceeb
( 0 imports )
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (Kaspersky): PE_Patch, UPack, UPack
packers (F-Prot): RAR, UPack
packers (Authentium): UPack, UPack, UPack, UPack
P.S это не фолс не пакер.
-
свеженький СМС вымогатель
[B]Файл dkjtk получен 2009.06.22 08:39:26 (UTC)[/B]
[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.22 -
AhnLab-V3 5.0.0.2 2009.06.22 -
AntiVir 7.9.0.193 2009.06.22 -
Antiy-AVL 2.0.3.1 2009.06.22 -
Authentium 5.1.2.4 2009.06.22 -
Avast 4.8.1335.0 2009.06.21 -
AVG 8.5.0.339 2009.06.22 -
BitDefender 7.2 2009.06.22 -
CAT-QuickHeal 10.00 2009.06.22 -
ClamAV 0.94.1 2009.06.22 -
Comodo 1390 2009.06.22 -
DrWeb 5.0.0.12182 2009.06.22 -
[B]eSafe 7.0.17.0 2009.06.18 Suspicious File[/B]
eTrust-Vet 31.6.6570 2009.06.19 -
F-Prot 4.4.4.56 2009.06.22 -
F-Secure 8.0.14470.0 2009.06.22 -
Fortinet 3.117.0.0 2009.06.22 -
GData 19 2009.06.22 -
Ikarus T3.1.1.59.0 2009.06.22 -
Jiangmin 11.0.706 2009.06.22 -
K7AntiVirus 7.10.768 2009.06.19 -
[B]Kaspersky 7.0.0.125 2009.06.22 Trojan-Ransom.Win32.SMSer.dm[/B]
McAfee 5653 2009.06.21 -
McAfee+Artemis 5653 2009.06.21 -
McAfee-GW-Edition 6.7.6 2009.06.22 -
Microsoft 1.4803 2009.06.22 -
NOD32 4176 2009.06.22 -
Norman 6.01.09 2009.06.19 -
nProtect 2009.1.8.0 2009.06.22 -
Panda 10.0.0.16 2009.06.21 -
PCTools 4.4.2.0 2009.06.22 -
Prevx 3.0 2009.06.22 -
Rising 21.35.01.00 2009.06.22 -
Sophos 4.42.0 2009.06.22 -
Sunbelt 3.2.1858.2 2009.06.21 -
Symantec 1.4.4.12 2009.06.22 -
TheHacker 6.3.4.3.350 2009.06.20 -
[B]TrendMicro 8.950.0.1094 2009.06.22 PAK_Generic.001[/B]
VBA32 3.12.10.7 2009.06.22 -
ViRobot 2009.6.22.1797 2009.06.22 -
VirusBuster 4.6.5.0 2009.06.21 -[/QUOTE]
Дополнительная информация
File size: 23552 bytes
MD5...: 3200c3c408604c9c917769a36809c729
SHA1..: 91a632ac9c02a1bf64d93e6ddf5af364948dc4f6
SHA256: fab66f6fe6076176d1d035b9be99ea914cbb11033317d46d12616a11f2445f44
[size="1"][color="#666686"][B][I]Добавлено через 3 часа 18 минут[/I][/B][/color][/size]
[B][COLOR="DarkRed"][COLOR="Red"]
Файл rdl12.exe получен 2009.06.22 11:54:00 (UTC)
Результат: 11/41 (26.83%)[/COLOR][/COLOR][/B]
[QUOTE]Антивирус Версия Обновление Результат
[B]a-squared 4.5.0.18 2009.06.22 Virus.Win32.Parite!IK
AhnLab-V3 5.0.0.2 2009.06.22 Win-Trojan/Xema.variant[/B]
AntiVir 7.9.0.193 2009.06.22 -
Antiy-AVL 2.0.3.1 2009.06.22 -
Authentium 5.1.2.4 2009.06.22 -
[B]Avast 4.8.1335.0 2009.06.21 Win32:Trojan-gen {Other}
AVG 8.5.0.339 2009.06.22 BackDoor.Generic11.WFJ[/B]
BitDefender 7.2 2009.06.22 -
CAT-QuickHeal 10.00 2009.06.22 -
ClamAV 0.94.1 2009.06.22 -
Comodo 1392 2009.06.22 -
[B]DrWeb 5.0.0.12182 2009.06.22 Trojan.DownLoad.38523
eSafe 7.0.17.0 2009.06.18 Suspicious File[/B]
eTrust-Vet 31.6.6570 2009.06.19 -
F-Prot 4.4.4.56 2009.06.22 -
F-Secure 8.0.14470.0 2009.06.22 -
Fortinet 3.117.0.0 2009.06.22 -
[B]GData 19 2009.06.22 Win32:Trojan-gen {Other}
Ikarus T3.1.1.59.0 2009.06.22 Virus.Win32.Parite[/B]
Jiangmin 11.0.706 2009.06.22 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.22 -
McAfee 5653 2009.06.21 -
[B]McAfee+Artemis 5653 2009.06.21 Artemis!E5EB1C1AF79A[/B]
McAfee-GW-Edition 6.7.6 2009.06.22 -
Microsoft 1.4803 2009.06.22 -
NOD32 4177 2009.06.22 -
[B]Norman 6.01.09 2009.06.22 W32/Banload.ASQU[/B]
nProtect 2009.1.8.0 2009.06.22 -
Panda 10.0.0.16 2009.06.21 -
PCTools 4.4.2.0 2009.06.22 -
Prevx 3.0 2009.06.22 -
Rising 21.35.03.00 2009.06.22 -
[B]Sophos 4.42.0 2009.06.22 Sus/Delf-J[/B]
Sunbelt 3.2.1858.2 2009.06.21 -
Symantec 1.4.4.12 2009.06.22 -
TheHacker 6.3.4.3.350 2009.06.20 -
TrendMicro 8.950.0.1094 2009.06.22 -
VBA32 3.12.10.7 2009.06.22 -
ViRobot 2009.6.22.1798 2009.06.22 -
VirusBuster 4.6.5.0 2009.06.21 -[/QUOTE]
[size="1"][color="#666686"][B][I]Добавлено через 2 минуты[/I][/B][/color][/size]
[B][COLOR="Red"]Файл svchost.exe получен 2009.06.22 11:55:48 (UTC)
Результат: 9/41 (21.96%)[/COLOR][/B]
[QUOTE]Антивирус Версия Обновление Результат
[B]a-squared 4.5.0.18 2009.06.22 Worm.Win32.Downloader!IK[/B]
AhnLab-V3 5.0.0.2 2009.06.22 -
AntiVir 7.9.0.193 2009.06.22 -
Antiy-AVL 2.0.3.1 2009.06.22 -
Authentium 5.1.2.4 2009.06.22 -
Avast 4.8.1335.0 2009.06.21 -
AVG 8.5.0.339 2009.06.22 -
BitDefender 7.2 2009.06.22 -
[B]CAT-QuickHeal 10.00 2009.06.22 (Suspicious) - DNAScan[/B]
ClamAV 0.94.1 2009.06.22 -
Comodo 1392 2009.06.22 -
[B]DrWeb 5.0.0.12182 2009.06.22 Win32.HLLW.Autoruner.6326
eSafe 7.0.17.0 2009.06.18 Suspicious File[/B]
eTrust-Vet 31.6.6570 2009.06.19 -
F-Prot 4.4.4.56 2009.06.22 -
F-Secure 8.0.14470.0 2009.06.22 -
Fortinet 3.117.0.0 2009.06.22 -
GData 19 2009.06.22 -
[B]Ikarus T3.1.1.59.0 2009.06.22 Worm.Win32.Downloader[/B]
Jiangmin 11.0.706 2009.06.22 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.22 -
McAfee 5653 2009.06.21 -
[B]McAfee+Artemis 5653 2009.06.21 Artemis!41E783B0A201[/B]
McAfee-GW-Edition 6.7.6 2009.06.22 -
[B]Microsoft 1.4803 2009.06.22 TrojanDropper:Win32/Emold.C
NOD32 4177 2009.06.22 a variant of Win32/Kryptik.UV[/B]
Norman 6.01.09 2009.06.22 -
nProtect 2009.1.8.0 2009.06.22 -
Panda 10.0.0.16 2009.06.21 -
PCTools 4.4.2.0 2009.06.22 -
Prevx 3.0 2009.06.22 -
Rising 21.35.03.00 2009.06.22 -
Sophos 4.42.0 2009.06.22 -
Sunbelt 3.2.1858.2 2009.06.21 -
Symantec 1.4.4.12 2009.06.22 -
TheHacker 6.3.4.3.350 2009.06.20 -
[B]TrendMicro 8.950.0.1094 2009.06.22 PAK_Generic.012[/B]
VBA32 3.12.10.7 2009.06.22 -
ViRobot 2009.6.22.1798 2009.06.22 -
VirusBuster 4.6.5.0 2009.06.21 -[/QUOTE]
-
Вот прислали в аську:
[QUOTE]Запрос авторизации
ураа!! мы xaker`s хакнули контакт! вот скачать прога, для накрутки рейтинга: :http:depositfiles.com/files/vpoqk95gk
в день нельзя накручивать больше 35 ГОЛОСО[/QUOTE]
File vkonreit.exe received on 2009.06.23 06:14:57 (UTC)
[CODE]Antivirus Version Last Update Result
[B]a-squared 4.5.0.18 2009.06.23 Trojan-Spy.Win32.Banker!IK
AhnLab-V3 5.0.0.2 2009.06.23 Win-Trojan/Vkont.677376
AntiVir 7.9.0.193 2009.06.22 TR/ATRAPS.Gen
Antiy-AVL 2.0.3.1 2009.06.23 Trojan/Win32.VKont.gen
Authentium 5.1.2.4 2009.06.23 W32/Trojan2.GYJC
Avast 4.8.1335.0 2009.06.22 Win32:Trojan-gen {Other}
AVG 8.5.0.339 2009.06.22 PSW.Generic7.GEB[/B]
BitDefender 7.2 2009.06.23 -
[B]CAT-QuickHeal 10.00 2009.06.22 Trojan.Agent.ATV
ClamAV 0.94.1 2009.06.23 Trojan.Spy-62164[/B]
Comodo 1396 2009.06.23 -
[B]DrWeb 5.0.0.12182 2009.06.23 Trojan.PWS.Vkontakte.8[/B]
eSafe 7.0.17.0 2009.06.22 -
eTrust-Vet 31.6.6573 2009.06.22 -
[B]F-Prot 4.4.4.56 2009.06.22 W32/Trojan2.GYJC
F-Secure 8.0.14470.0 2009.06.23 Trojan-PSW.Win32.VKont.m[/B]
Fortinet 3.117.0.0 2009.06.23 -
[B]GData 19 2009.06.23 Win32:Trojan-gen {Other}
Ikarus T3.1.1.59.0 2009.06.23 Trojan-Spy.Win32.Banker[/B]
Jiangmin 11.0.706 2009.06.23 -
K7AntiVirus 7.10.768 2009.06.19 -
[B]Kaspersky 7.0.0.125 2009.06.23 Trojan-PSW.Win32.VKont.m[/B]
McAfee 5654 2009.06.22 -
McAfee+Artemis 5654 2009.06.22 -
[B]McAfee-GW-Edition 6.7.6 2009.06.23 Trojan.ATRAPS.Gen[/B]
Microsoft 1.4803 2009.06.23 -
NOD32 4179 2009.06.22 -
[B]Norman 6.01.09 2009.06.22 W32/Atraps.HJJ
nProtect 2009.1.8.0 2009.06.23 Trojan-PWS/W32.VKont.677376[/B]
Panda 10.0.0.16 2009.06.23 -
PCTools 4.4.2.0 2009.06.22 -
[B]Prevx 3.0 2009.06.23 Medium Risk Malware[/B]
Rising 21.35.10.00 2009.06.23 -
[B]Sophos 4.42.0 2009.06.23 Sus/Behav-269[/B]
Sunbelt 3.2.1858.2 2009.06.23 -
Symantec 1.4.4.12 2009.06.23 -
[B]TheHacker 6.3.4.3.351 2009.06.22 Trojan/PSW.VKont.m
TrendMicro 8.950.0.1094 2009.06.23 TSPY_VKONT.E
VBA32 3.12.10.7 2009.06.23 Trojan-PSW.Win32.VKont.m[/B]
ViRobot 2009.6.22.1799 2009.06.23 -
VirusBuster 4.6.5.0 2009.06.22 -[/CODE]
Additional information
File size: 677376 bytes
MD5...: 705d7f707ccb390063b7f244d6005fa8
SHA1..: 446fdf510c4339f8b5a69695da7b734d81a9209f
SHA256: 95e3ae6c86eccc82f39ca1d19806dcf4a7c648a498bbb2914dcdd73fd2fd6b19
ssdeep: 12288:4ZB2FfbNQDw2Af3sstFxPCmygDlZbKOpz+CaRcDbQkh09:4ZoFbilA3sst
GWBoOpzPDfhW
PEiD..: BobSoft Mini Delphi -> BoB / BobSoft
-
Src=C:\Windows\system32\drivers\SKYNEThpxfbtsp.sys из "Помогите!"
Файл avz00001.dta получен 2009.06.23 07:02:04 (UTC)
[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.23 -
AhnLab-V3 5.0.0.2 2009.06.23 -
AntiVir 7.9.0.193 2009.06.23 -
Antiy-AVL 2.0.3.1 2009.06.23 -
Authentium 5.1.2.4 2009.06.23 -
[B]Avast 4.8.1335.0 2009.06.22 Win32:Alureon-BV [/B]
AVG 8.5.0.339 2009.06.22 -
BitDefender 7.2 2009.06.23 -
CAT-QuickHeal 10.00 2009.06.22 -
ClamAV 0.94.1 2009.06.23 -
Comodo 1396 2009.06.23 -
[B]DrWeb 5.0.0.12182 2009.06.23 Trojan.NtRootKit.2997
eSafe 7.0.17.0 2009.06.22 Suspicious File [/B]
eTrust-Vet 31.6.6573 2009.06.22 -
F-Prot 4.4.4.56 2009.06.22 -
F-Secure 8.0.14470.0 2009.06.23 -
Fortinet 3.117.0.0 2009.06.23 -
[B]GData 19 2009.06.23 Win32:Alureon-BV [/B]
Ikarus T3.1.1.59.0 2009.06.23 -
Jiangmin 11.0.706 2009.06.23 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.23 -
McAfee 5654 2009.06.22 -
McAfee+Artemis 5654 2009.06.22 -
McAfee-GW-Edition 6.7.6 2009.06.23 -
[B]Microsoft 1.4803 2009.06.23 VirTool:Win32/Obfuscator.ET [/B]
NOD32 4179 2009.06.22 -
Norman 6.01.09 2009.06.22 -
nProtect 2009.1.8.0 2009.06.23 -
Panda 10.0.0.16 2009.06.23 -
PCTools 4.4.2.0 2009.06.22 -
[B]Prevx 3.0 2009.06.23 High Risk Rootkit [/B]
Rising 21.35.10.00 2009.06.23 -
[B]Sophos 4.42.0 2009.06.23 Mal/TDSSPack-G [/B]
Sunbelt 3.2.1858.2 2009.06.23 -
Symantec 1.4.4.12 2009.06.23 -
TheHacker 6.3.4.3.351 2009.06.22 -
TrendMicro 8.950.0.1094 2009.06.23 -
VBA32 3.12.10.7 2009.06.23 -
ViRobot 2009.6.22.1799 2009.06.23 -
VirusBuster 4.6.5.0 2009.06.22 -
Дополнительная информация
File size: 69120 bytes
MD5...: 0e0fd0098a6ddbcf23808116c3cca139
SHA1..: fc5ed8a4ef35856cca0cf47392a13c4b3236de11
SHA256: 3601883531c559f5de5cfe35a3040ac6ef3d0e7572d1711272421318bfa69287[/QUOTE]
-
Файл foto15.scr получен 2009.06.24 07:08:13 (UTC)
[code]a-squared 4.5.0.18 2009.06.24 -
AhnLab-V3 5.0.0.2 2009.06.24 -
AntiVir 7.9.0.193 2009.06.23 -
Antiy-AVL 2.0.3.1 2009.06.24 -
Authentium 5.1.2.4 2009.06.24 -
Avast 4.8.1335.0 2009.06.23 -
[B]AVG 8.5.0.339 2009.06.23 Win32/Heur[/B]
BitDefender 7.2 2009.06.24 -
CAT-QuickHeal 10.00 2009.06.22 -
ClamAV 0.94.1 2009.06.24 -
Comodo 1404 2009.06.24 -
[B]DrWeb 5.0.0.12182 2009.06.23 Trojan.Packed.2480[/B]
eSafe 7.0.17.0 2009.06.23 -
eTrust-Vet 31.6.6575 2009.06.23 -
F-Prot 4.4.4.56 2009.06.23 -
F-Secure 8.0.14470.0 2009.06.24 -
Fortinet 3.117.0.0 2009.06.24 -
GData 19 2009.06.24 -
Ikarus T3.1.1.59.0 2009.06.24 -
Jiangmin 11.0.706 2009.06.24 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.24 -
McAfee 5655 2009.06.23 -
[B]McAfee+Artemis 5655 2009.06.23 Artemis!F747D59BE5EA[/B]
[B]McAfee-GW-Edition 6.7.6 2009.06.23 Win32.Malware.gen (suspicious)[/B]
[B]Microsoft 1.4803 2009.06.24 VirTool:Win32/Obfuscator.FL[/B]
NOD32 4182 2009.06.24 -
Norman 6.01.09 2009.06.23 -
nProtect 2009.1.8.0 2009.06.24 -
Panda 10.0.0.16 2009.06.24 -
PCTools 4.4.2.0 2009.06.22 -
[B]Prevx 3.0 2009.06.24 High Risk Worm[/B]
Rising 21.35.20.00 2009.06.24 -
Sophos 4.42.0 2009.06.24 -
Sunbelt 3.2.1858.2 2009.06.23 -
Symantec 1.4.4.12 2009.06.24 -
TheHacker 6.3.4.3.352 2009.06.24 -
TrendMicro 8.950.0.1094 2009.06.24 -
[B]VBA32 3.12.10.7 2009.06.24 Malware-Cryptor.Win32.Vals.3[/B]
ViRobot 2009.6.24.1801 2009.06.24 -
VirusBuster 4.6.5.0 2009.06.23 -[/code]
Дополнительная информация
File size: 269824 bytes
MD5...: f747d59be5ea95ab14fecc279010def4
SHA1..: f2cfd28ada99699a06dd03ef1a8bcc1e01247d7d
SHA256: bc49f23de1ef792d94ab41ebc5454307febecc64ec9ab84602629c5260b012a4
-
File setup.exe received on 2009.06.25 22:14:49 (UTC)
Current status: Finished
Result: 2/41 (4.88%)
[QUOTE]
A-squared 4.5.0.18 2009.06.25 -
AhnLab-V3 5.0.0.2 2009.06.25 -
AntiVir 7.9.0.196 2009.06.25 -
[B]Antiy-AVL 2.0.3.1 2009.06.25 - Packed/Win32.Klone.gen[/B]
Authentium 5.1.2.4 2009.06.25 -
Avast 4.8.1335.0 2009.06.25 -
AVG 8.5.0.339 2009.06.25 -
BitDefender 7.2 2009.06.26 -
CAT-QuickHeal 10.00 2009.06.25 -
ClamAV 0.94.1 2009.06.25 -
Comodo 1421 2009.06.26 -
[B]DrWeb 5.0.0.12182 2009.06.26 - Trojan.NtRootKit.103[/B]
eSafe 7.0.17.0 2009.06.25 -
eTrust-Vet 31.6.6580 2009.06.26 -
F-Prot 4.4.4.56 2009.06.25 -
F-Secure 8.0.14470.0 2009.06.25 -
Fortinet 3.117.0.0 2009.06.25 -
GData 19 2009.06.25 -
Ikarus T3.1.1.59.0 2009.06.25 -
Jiangmin 11.0.706 2009.06.25 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.25 -
McAfee 5657 2009.06.25 -
McAfee+Artemis 5657 2009.06.25 -
McAfee-GW-Edition 6.7.6 2009.06.25 -
Microsoft 1.4803 2009.06.25 -
NOD32 4189 2009.06.25 -
Norman 6.01.09 2009.06.25 -
nProtect 2009.1.8.0 2009.06.25 -
Panda 10.0.0.16 2009.06.25 -
PCTools 4.4.2.0 2009.06.25 -
Prevx 3.0 2009.06.26 -
Rising 21.35.34.00 2009.06.25 -
Sophos 4.43.0 2009.06.25 -
Sunbelt 3.2.1858.2 2009.06.25 -
Symantec 1.4.4.12 2009.06.25 -
TheHacker 6.3.4.3.354 2009.06.25 -
TrendMicro 8.950.0.1094 2009.06.25 -
VBA32 3.12.10.7 2009.06.25 -
ViRobot 2009.6.25.1804 2009.06.25 -
VirusBuster 4.6.5.0 2009.06.25 -[/QUOTE]
File size: 2388480 bytes
MD5...: 2683f1e64c2b3e2eab30e01682459390
SHA1..: ff6d2dbbe669384f907f0bfe930c6ca6961473c6
SHA256: 1effd9aa5a74caf1c692c86915a54c74ae465c9426292ffdcf2b06bbb1f452ab
ssdeep: 49152:j28mp97c9878rOa/kDDCDIMJ1Hzc9vUYxNFTlMlcam:K8mn7c987Q1/kvo
hTc9M+NDP
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x9a58
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
ThreatExpert info: [url]http://www.threatexpert.com/report.aspx?md5=2683f1e64c2b3e2eab30e01682459390[/url]
[size="1"][color="#666686"][B][I]Добавлено через 11 минут[/I][/B][/color][/size]
File nutilities.dll received on 2009.06.25 22:35:15 (UTC)
Current status: Finished
Result: 6/41 (14.64%)
[QUOTE]A-squared 4.5.0.18 2009.06.25 -
[B]AhnLab-V3 5.0.0.2 2009.06.25 - Win-Trojan/Horse.131072[/B]
AntiVir 7.9.0.196 2009.06.25 -
[B]Antiy-AVL 2.0.3.1 2009.06.25 - Packed/Win32.Klone.gen[/B]
Authentium 5.1.2.4 2009.06.25 -
Avast 4.8.1335.0 2009.06.25 -
AVG 8.5.0.339 2009.06.25 -
BitDefender 7.2 2009.06.26 -
CAT-QuickHeal 10.00 2009.06.25 -
ClamAV 0.94.1 2009.06.25 -
[B]Comodo 1421 2009.06.26 - Unclassified Malware[/B]
[B]DrWeb 5.0.0.12182 2009.06.26 - Trojan.NtRootKit.103[/B]
eSafe 7.0.17.0 2009.06.25 -
eTrust-Vet 31.6.6580 2009.06.26 -
F-Prot 4.4.4.56 2009.06.25 -
F-Secure 8.0.14470.0 2009.06.25 -
Fortinet 3.117.0.0 2009.06.25 -
GData 19 2009.06.26 -
Ikarus T3.1.1.59.0 2009.06.25 -
Jiangmin 11.0.706 2009.06.25 -
[B]K7AntiVirus 7.10.768 2009.06.19 - Trojan.Win32.Malware.1[/B]
Kaspersky 7.0.0.125 2009.06.26 -
McAfee 5657 2009.06.25 -
McAfee+Artemis 5657 2009.06.25 -
McAfee-GW-Edition 6.7.6 2009.06.25 -
Microsoft 1.4803 2009.06.26 -
NOD32 4189 2009.06.25 -
Norman 6.01.09 2009.06.25 -
nProtect 2009.1.8.0 2009.06.25 -
Panda 10.0.0.16 2009.06.26 -
PCTools 4.4.2.0 2009.06.25 -
Prevx 3.0 2009.06.26 -
Rising 21.35.34.00 2009.06.25 -
Sophos 4.43.0 2009.06.25 -
Sunbelt 3.2.1858.2 2009.06.25 -
Symantec 1.4.4.12 2009.06.26 -
TheHacker 6.3.4.3.354 2009.06.25 -
TrendMicro 8.950.0.1094 2009.06.25 -
[B]VBA32 3.12.10.7 2009.06.25 - FraudTool.Win32.NoAdware.a[/B]
ViRobot 2009.6.25.1804 2009.06.25 -
VirusBuster 4.6.5.0 2009.06.25 -[/QUOTE]
Additional information
File size: 131072 bytes
MD5...: 8b8464d090d814566269d9bb3fa8dde3
SHA1..: 1476ccb4e616b58bfc316d513478b58cfc05d781
SHA256: 5fcb4a705b0db55e499bfc019ef56a7a390b8758fef61bbd530929e5a86e16c7
ssdeep: 3072:yX5ZZ2q5P6DHruXy5beeUX0QzZ+vMwP0PyQ56183:CLZ2q56ruXy5bfQ/X6
18
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1210
timedatestamp.....: 0x42f31902 (Fri Aug 05 07:45:06 2005)
machinetype.......: 0x14c (I386)
ThreatExpert info: [url]http://www.threatexpert.com/report.aspx?md5=8b8464d090d814566269d9bb3fa8dde3[/url]
[size="1"][color="#666686"][B][I]Добавлено через 24 минуты[/I][/B][/color][/size]
File noadware.exe received on 2009.06.25 22:58:06 (UTC)
Current status: Finished
Result: 6/41 (14.64%)
[QUOTE]A-squared 4.5.0.18 2009.06.25 -
AhnLab-V3 5.0.0.2 2009.06.25 -
AntiVir 7.9.0.196 2009.06.25 -
[B]Antiy-AVL 2.0.3.1 2009.06.25 - Packed/Win32.Klone.gen[/B]
Authentium 5.1.2.4 2009.06.25 -
Avast 4.8.1335.0 2009.06.25 -
AVG 8.5.0.339 2009.06.25 -
BitDefender 7.2 2009.06.26 -
CAT-QuickHeal 10.00 2009.06.25 -
ClamAV 0.94.1 2009.06.25 -
[B]Comodo 1421 2009.06.26 - TrojWare.Win32.FraudTool.Delf.~B[/B]
[B]DrWeb 5.0.0.12182 2009.06.26 - Trojan.NtRootKit.103[/B]
[B]eSafe 7.0.17.0 2009.06.25 - Win32.Banker[/B]
eTrust-Vet 31.6.6580 2009.06.26 -
F-Prot 4.4.4.56 2009.06.25 -
F-Secure 8.0.14470.0 2009.06.25 -
Fortinet 3.117.0.0 2009.06.25 -
GData 19 2009.06.26 -
Ikarus T3.1.1.59.0 2009.06.25 -
Jiangmin 11.0.706 2009.06.25 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.26 -
McAfee 5657 2009.06.25 -
McAfee+Artemis 5657 2009.06.25 -
McAfee-GW-Edition 6.7.6 2009.06.25 -
Microsoft 1.4803 2009.06.26 -
NOD32 4189 2009.06.25 -
Norman 6.01.09 2009.06.25 -
nProtect 2009.1.8.0 2009.06.25 -
Panda 10.0.0.16 2009.06.26 -
PCTools 4.4.2.0 2009.06.25 -
[B]Prevx 3.0 2009.06.26 - Medium Risk Malware[/B]
Rising 21.35.34.00 2009.06.25 -
Sophos 4.43.0 2009.06.25 -
Sunbelt 3.2.1858.2 2009.06.25 -
Symantec 1.4.4.12 2009.06.26 -
TheHacker 6.3.4.3.354 2009.06.25 -
TrendMicro 8.950.0.1094 2009.06.25 -
[B]VBA32 3.12.10.7 2009.06.25 - Hoax.Win32.NoAdware[/B]
ViRobot 2009.6.25.1804 2009.06.25 -
VirusBuster 4.6.5.0 2009.06.25 -[/QUOTE]
File size: 2465376 bytes
MD5...: 56316159e4d93e570d878bddd7ab8ce2
SHA1..: 83d4f2296d9dbd2a036ea1d96bc716e2964e4314
SHA256: 2ec01a76368d7e3d3fce1029e92f9729a2dee1b6d5e267cb5bd5519f2c062e3a
ssdeep: 49152:u26NFj6aYPVq3PNeppnuh2EmHi69Heeq4AztBoQ8VfBk+rSao:3i16aHNk
ugS69+evVVfa
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x9a58
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
ThreatExpert info: [url]http://www.threatexpert.com/report.aspx?md5=56316159e4d93e570d878bddd7ab8ce2[/url]
Хм... нашёл, про это всё, тему в помогите за 2006 год [url]http://virusinfo.info/showthread.php?t=4971[/url]
-
Файл update_797.pdf получен 2009.06.30 12:44:26 (UTC)
Текущий статус: закончено
Результат: 12/41 (29.27%)
[QUOTE]Антивирус Версия Обновление Результат
[B]a-squared 4.5.0.18 2009.06.30 Exploit.Win32.Pdfjsc!IK[/B]
AhnLab-V3 5.0.0.2 2009.06.30 -
[B]AntiVir 7.9.0.199 2009.06.30 HEUR/HTML.Malware[/B]
Antiy-AVL 2.0.3.1 2009.06.30 -
Authentium 5.1.2.4 2009.06.29 -
[B]Avast 4.8.1335.0 2009.06.29 JS:Pdfka-GF[/B]
AVG 8.5.0.339 2009.06.30 -
BitDefender 7.2 2009.06.30 -
CAT-QuickHeal 10.00 2009.06.29 -
[B]ClamAV 0.94.1 2009.06.30 Exploit.PDF-66[/B]
Comodo 1506 2009.06.30 -
DrWeb 5.0.0.12182 2009.06.30 -
[B]eSafe 7.0.17.0 2009.06.29 PDF.Exploit.2[/B]
eTrust-Vet 31.6.6590 2009.06.30 -
F-Prot 4.4.4.56 2009.06.29 -
F-Secure 8.0.14470.0 2009.06.30 -
Fortinet 3.117.0.0 2009.06.30 -
[B]GData 19 2009.06.30 JS:Pdfka-GF
Ikarus T3.1.1.64.0 2009.06.30 Exploit.Win32.Pdfjsc[/B]
Jiangmin 11.0.706 2009.06.30 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.30 -
McAfee 5661 2009.06.29 -
McAfee+Artemis 5661 2009.06.29 -
[B]McAfee-GW-Edition 6.7.6 2009.06.30 Heuristic.HTML.Malware
Microsoft 1.4803 2009.06.30 Exploit:Win32/Pdfjsc.AS[/B]
NOD32 4199 2009.06.30 -
Norman 6.01.09 2009.06.29 -
nProtect 2009.1.8.0 2009.06.30 -
Panda 10.0.0.14 2009.06.29 -
PCTools 4.4.2.0 2009.06.30 -
Prevx 3.0 2009.06.30 -
Rising 21.36.13.00 2009.06.30 -
[B]Sophos 4.43.0 2009.06.30 Sus/PDFJs-K
Sunbelt 3.2.1858.2 2009.06.29 Exploit.PDF-JS.Gen (v)[/B]
Symantec 1.4.4.12 2009.06.30 -
TheHacker 6.3.4.3.356 2009.06.27 -
TrendMicro 8.950.0.1094 2009.06.30 -
VBA32 3.12.10.7 2009.06.30 -
ViRobot 2009.6.30.1812 2009.06.30 -
[B]VirusBuster 4.6.5.0 2009.06.29 JS.Crypt.AOB[/B]
[/QUOTE]
Дополнительная информация
File size: 30842 bytes
MD5...: d661ec98b930cd0d5284fb624cf4be97
SHA1..: f8b6b387b3122e034e946dff67be3dcb488046d7
SHA256: d850a7128d08bd8351037f98cf82eec75d32b4cff55f3bc63121d3c3a2433c90
ssdeep: 768:oUxY3RIV48c1fzaHuCVINqlVU+UzX+2wY4LghEMczlZsQR44bx0YKDabTd:U
CMvq0j+7YjEfZJy4bx0R6d
PEiD..: -
TrID..: File type identification
Adobe Portable Document Format (50.0%)
MATLAB program (50.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
-
File x-file-MJacksonsKiller.exe received on 2009.07.02 02:15:47 (UTC)
Current status: Finished
Result: 19/41 (46.35%)
[QUOTE][B]a-squared 4.5.0.18 2009.07.02 Trojan-Spy.Zeus!IK[/B]
AhnLab-V3 5.0.0.2 2009.07.01 -
[B]AntiVir 7.9.0.199 2009.07.01 TR/Spy.ZBot.VG.1[/B]
Antiy-AVL 2.0.3.1 2009.07.02 -
[B]Authentium 5.1.2.4 2009.07.01 W32/Heuristic-CO3!Eldorado[/B]
Avast 4.8.1335.0 2009.07.01 -
[B]AVG 8.5.0.386 2009.07.01 Generic13.BRQM[/B]
[B]BitDefender 7.2 2009.07.02 Trojan.Spy.ZBot.VG[/B]
CAT-QuickHeal 10.00 2009.07.01 -
ClamAV 0.94.1 2009.07.02 -
Comodo 1537 2009.07.01 -
DrWeb 5.0.0.12182 2009.07.02 -
[B]eSafe 7.0.17.0 2009.06.29 Suspicious File[/B]
eTrust-Vet 31.6.6592 2009.07.02 -
[B]F-Prot 4.4.4.56 2009.07.01 W32/Heuristic-CO3!Eldorado[/B]
[B]F-Secure 8.0.14470.0 2009.07.02 Trojan-Spy:W32/Zbot.OVJ[/B]
Fortinet 3.117.0.0 2009.07.01 -
[B]GData 19 2009.07.02 Trojan.Spy.ZBot.VG[/B]
[B]Ikarus T3.1.1.64.0 2009.07.02 Trojan-Spy.Zeus[/B]
Jiangmin 11.0.706 2009.07.01 -
K7AntiVirus 7.10.768 2009.06.19 -
[B]Kaspersky 7.0.0.125 2009.07.02 Trojan-Spy.Win32.Zbot.xva[/B]
McAfee 5663 2009.07.01 -
[B]McAfee+Artemis 5663 2009.07.01 Artemis!0418E1FAD04C[/B]
[B]McAfee-GW-Edition 6.7.6 2009.07.01 Trojan.Spy.ZBot.VG.1[/B]
[B]Microsoft 1.4803 2009.07.01 PWS:Win32/Zbot.PN[/B]
[B]NOD32 4206 2009.07.02 a variant of Win32/Kryptik.VR[/B]
Norman 6.01.09 2009.07.01 -
nProtect 2009.1.8.0 2009.07.01 -
Panda 10.0.0.14 2009.07.01 -
PCTools 4.4.2.0 2009.07.01 -
Prevx 3.0 2009.07.02 -
Rising 21.36.24.00 2009.07.01 -
[B]Sophos 4.43.0 2009.07.02 Mal/Zbot-P[/B]
[B]Sunbelt 3.2.1858.2 2009.07.01 Trojan-Spy.Win32.Zbot.gen[/B]
[B]Symantec 1.4.4.12 2009.07.02 W32.Spybot.Worm[/B]
TheHacker 6.3.4.3.359 2009.07.02 -
[B]TrendMicro 8.950.0.1094 2009.07.01 PAK_Generic.001[/B]
VBA32 3.12.10.7 2009.07.02 -
ViRobot 2009.7.1.1814 2009.07.01 -
VirusBuster 4.6.5.0 2009.07.01 -[/QUOTE]
File size: 88576 bytes
MD5...: 0418e1fad04ca45e0353ac319f6594ab
SHA1..: 6ca7a11b240f05b7fcf449732f3309a063b2172c
SHA256: 80528a4868d561e4b29d12272a0aead18c161116893fdab2d30835ca40388ebe
ssdeep: 1536:DeR58K47q8xqBpu1tVbWl9dTCPRT8RzcRS1TQ2wGGMVjEOLChmIu62v3anF
hnUJz:6R+NLxqBw1zWlcuf1PPVjghQ62CnFhnC
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PDFiD.: -
RDS...: NSRL Reference Data Set
ThreatExpert info: [url]http://www.threatexpert.com/report.aspx?md5=0418e1fad04ca45e0353ac319f6594ab[/url]
Мдя, подленько как то...
-
Файл foto35.scr получен 2009.07.05 13:34:00 (UTC)
Результат: 6/41 (14.64%)
[QUOTE][B]a-squared 4.5.0.18 2009.07.05 Trojan-Dropper.Win32.Wlord!IK[/B]
AhnLab-V3 5.0.0.2 2009.07.05 -
[B]AntiVir 7.9.0.204 2009.07.03 DR/Delphi.Gen[/B]
Antiy-AVL 2.0.3.1 2009.07.03 -
Authentium 5.1.2.4 2009.07.04 -
Avast 4.8.1335.0 2009.07.04 -
AVG 8.5.0.386 2009.07.05 -
BitDefender 7.2 2009.07.05 -
[B]CAT-QuickHeal 10.00 2009.07.03 Win32.VirTool.DelfInject.gen!AM.8[/B]
ClamAV 0.94.1 2009.07.03 -
Comodo 1538 2009.07.02 -
DrWeb 5.0.0.12182 2009.07.05 -
eSafe 7.0.17.0 2009.07.02 -
eTrust-Vet 31.6.6596 2009.07.03 -
F-Prot 4.4.4.56 2009.07.04 -
F-Secure 8.0.14470.0 2009.07.05 -
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.05 -
[B]Ikarus T3.1.1.64.0 2009.07.05 Trojan-Dropper.Win32.Wlord[/B]
Jiangmin 11.0.706 2009.07.05 -
K7AntiVirus 7.10.783 2009.07.03 -
Kaspersky 7.0.0.125 2009.07.05 -
McAfee 5666 2009.07.04 -
McAfee+Artemis 5666 2009.07.04 -
[B]McAfee-GW-Edition 6.8.5 2009.07.05 Heuristic.LooksLike.Win32.Suspicious.C!92[/B]
Microsoft 1.4803 2009.07.05 -
NOD32 4218 2009.07.05 -
Norman 6.01.09 2009.07.04 -
nProtect 2009.1.8.0 2009.07.05 -
Panda 10.0.0.14 2009.07.05 -
PCTools 4.4.2.0 2009.07.05 -
Prevx 3.0 2009.07.05 -
[B]Rising 21.36.62.00 2009.07.05 Packer.Win32.Mian007.a[/B]
Sophos 4.43.0 2009.07.05 -
Sunbelt 3.2.1858.2 2009.07.05 -
Symantec 1.4.4.12 2009.07.05 -
TheHacker 6.3.4.3.362 2009.07.04 -
TrendMicro 8.950.0.1094 2009.07.05 -
VBA32 3.12.10.7 2009.07.05 -
ViRobot 2009.7.3.1818 2009.07.03 -
VirusBuster 4.6.5.0 2009.07.04 -[/QUOTE]
[url]http://www.virustotal.com/ru/analisis/e6932c0c868eaa474ad47f8e9f30d9e5a7d884d67033f08f7aa1ad36dd8fb15a-1246800840[/url]
-
Файл JimmPrO.jar получен 2009.07.07 13:39:57 (UTC)
Текущий статус: закончено
Результат: 8/41 (19.52%)
[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.07 -
AhnLab-V3 5.0.0.2 2009.07.07 -
[B]AntiVir 7.9.0.204 2009.07.07 JAVA/SMS.Konov.J
Antiy-AVL 2.0.3.1 2009.07.07 Trojan/J2ME.Konov[/B]
Authentium 5.1.2.4 2009.07.07 -
Avast 4.8.1335.0 2009.07.06 -
AVG 8.5.0.386 2009.07.07 -
BitDefender 7.2 2009.07.07 -
CAT-QuickHeal 10.00 2009.07.07 -
ClamAV 0.94.1 2009.07.07 -
[B]Comodo 1538 2009.07.02 TrojWare.J2ME.SMS.Konov.j
DrWeb 5.0.0.12182 2009.07.07 Java.SMSSend.45[/B]
eSafe 7.0.17.0 2009.07.07 -
eTrust-Vet 31.6.6601 2009.07.07 -
F-Prot 4.4.4.56 2009.07.06 -
[B]F-Secure 8.0.14470.0 2009.07.07 Trojan-SMS.J2ME.Konov.j[/B]
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.07 -
[B]Ikarus T3.1.1.64.0 2009.07.07 Trojan-SMS[/B]
Jiangmin 11.0.706 2009.07.07 -
K7AntiVirus 7.10.785 2009.07.06 -
[B]Kaspersky 7.0.0.125 2009.07.07 Trojan-SMS.J2ME.Konov.j[/B]
McAfee 5668 2009.07.06 -
McAfee+Artemis 5668 2009.07.06 -
[B]McAfee-GW-Edition 6.8.5 2009.07.07 Java.SMS.Konov.J[/B]
Microsoft 1.4803 2009.07.07 -
NOD32 4222 2009.07.07 -
Norman 6.01.09 2009.07.07 -
nProtect 2009.1.8.0 2009.07.07 -
Panda 10.0.0.14 2009.07.06 -
PCTools 4.4.2.0 2009.07.07 -
Prevx 3.0 2009.07.07 -
Rising 21.37.14.00 2009.07.07 -
Sophos 4.43.0 2009.07.07 -
Sunbelt 3.2.1858.2 2009.07.07 -
Symantec 1.4.4.12 2009.07.07 -
TheHacker 6.3.4.3.364 2009.07.06 -
TrendMicro 8.950.0.1094 2009.07.07 -
VBA32 3.12.10.7 2009.07.07 -
ViRobot 2009.7.7.1822 2009.07.07 -
VirusBuster 4.6.5.0 2009.07.06 -[/QUOTE]
Дополнительная информация
File size: 4577 bytes
MD5...: 4c149e6f307c5a3cdda87aa9cc7d87f6
SHA1..: 2235086b212826dd0d678bb0f0d57f77e17ebc84
SHA256: 83a3ec1dae7a8aaab333930d26fd415a70c08fa597049e6c2a2551380ebb7232
ssdeep: 96:sFTiOURs9qVeiTSK9kRRJd1xfOrEepznEWN7OdErQKL/2gfe:sZ5UdeiTSiiF
tsfGWSgt0
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
[CODE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.08 -
AhnLab-V3 5.0.0.2 2009.07.08 -
[B]AntiVir 7.9.0.204 2009.07.08 W32/Almanahe.B [/B]
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.07 -
AVG 8.5.0.386 2009.07.08 -
[B]BitDefender 7.2 2009.07.08 Win32.Almanahe.K.Dam [/B]
CAT-QuickHeal 10.00 2009.07.08 -
ClamAV 0.94.1 2009.07.08 -
Comodo 1578 2009.07.08 -
DrWeb 5.0.0.12182 2009.07.08 -
eSafe 7.0.17.0 2009.07.07 -
eTrust-Vet 31.6.6602 2009.07.08 -
F-Prot 4.4.4.56 2009.07.07 -
F-Secure 8.0.14470.0 2009.07.08 -
Fortinet 3.117.0.0 2009.07.03 -
[B]GData 19 2009.07.08 Win32.Almanahe.K.Dam [/B]
Ikarus T3.1.1.64.0 2009.07.08 -
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.786 2009.07.07 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5669 2009.07.07 -
McAfee+Artemis 5669 2009.07.07 -
[B]McAfee-GW-Edition 6.8.5 2009.07.08 Win32.Almanahe.B [/B]
Microsoft 1.4803 2009.07.08 -
NOD32 4223 2009.07.08 -
Norman 6.01.09 2009.07.07 -
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.07 -
PCTools 4.4.2.0 2009.07.07 -
Prevx 3.0 2009.07.08 -
Rising 21.37.22.00 2009.07.08 -
Sophos 4.43.0 2009.07.08 -
Sunbelt 3.2.1858.2 2009.07.08 -
Symantec 1.4.4.12 2009.07.08 -
TheHacker 6.3.4.3.363 2009.07.08 -
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.08 -
ViRobot 2009.7.8.1823 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.07 - [/CODE]
Дополнительная информация
File size: 157184 bytes
MD5...: 840830b0a6574dfda83a78a2fdaab991
SHA1..: 8ec2582692c6d30a427e320798d20ffa5ffb718f
[size="1"][color="#666686"][B][I]Добавлено через 6 минут[/I][/B][/color][/size]
Одноименная DLL вообще никем не детектится. Щаз в вирлаб отправлю обоих.
[size="1"][color="#666686"][B][I]Добавлено через 40 минут[/I][/B][/color][/size]
Еще один. Несмотря на название, внутри у него нет привычных секци и прочая.
Файл autorun.inf получен 2009.07.08 12:02:49 (UTC)
Текущий статус: закончено
Результат: 22/40 (55%)
Форматированные
Печать результатов
[codE]Антивирус Версия Обновление Результат
[B]a-squared 4.5.0.18 2009.07.08 Worm.Win32.Conficker!IK [/B]
AhnLab-V3 5.0.0.2 2009.07.08 -
AntiVir 7.9.0.204 2009.07.08 -
Antiy-AVL 2.0.3.1 2009.07.08 -
[B]Authentium 5.1.2.4 2009.07.08 JS/AutoRun
Avast 4.8.1335.0 2009.07.07 BV:AutoRun-S
AVG 8.5.0.386 2009.07.08 Worm/Generic_c.ZW
BitDefender 7.2 2009.07.08 Worm.Autorun.VHG [/B]
CAT-QuickHeal 10.00 2009.07.08 -
[B]ClamAV 0.94.1 2009.07.08 Worm.Autorun-1838
Comodo 1578 2009.07.08 Worm.Win32.AutoRun.etg
DrWeb 5.0.0.12182 2009.07.08 Win32.HLLW.Shadow [/B]
eSafe 7.0.17.0 2009.07.07 -
[B]eTrust-Vet 31.6.6602 2009.07.08 INF/Conficker
F-Prot 4.4.4.56 2009.07.07 JS/AutoRun [/B]
Fortinet 3.117.0.0 2009.07.03 -
[B]GData 19 2009.07.08 Worm.Autorun.VHG
Ikarus T3.1.1.64.0 2009.07.08 Worm.Win32.Conficker [/B]
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.786 2009.07.07 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5669 2009.07.07 -
McAfee+Artemis 5669 2009.07.07 -
McAfee-GW-Edition 6.8.5 2009.07.08 -
[B]Microsoft 1.4803 2009.07.08 Worm:Win32/Conficker.B!inf
NOD32 4224 2009.07.08 INF/Conficker [/B]
Norman 6.01.09 2009.07.07 -
nProtect 2009.1.8.0 2009.07.08 -
[B]Panda 10.0.0.14 2009.07.07 W32/Conficker.C.worm [/B]
PCTools 4.4.2.0 2009.07.08 -
Prevx 3.0 2009.07.08 -
Rising 21.37.23.00 2009.07.08 -
[B]Sophos 4.43.0 2009.07.08 Mal/ConfInf-A
Sunbelt 3.2.1858.2 2009.07.08 INF.Autorun (v)
Symantec 1.4.4.12 2009.07.08 W32.Downadup!autorun
TheHacker 6.3.4.3.363 2009.07.08 W32/Conficker.autorunL
TrendMicro 8.950.0.1094 2009.07.08 TROJ_DOWNAD.AF
VBA32 3.12.10.7 2009.07.08 Trojan.Autorun.gen [/B]
ViRobot 2009.7.8.1824 2009.07.08 -
[B]VirusBuster 4.6.5.0 2009.07.07 INF.Conficker.F [/B][/codE]
Дополнительная информация
File size: 59306 bytes
MD5...: 060dc978741e7ff27686ca8885802623
SHA1..: 4e32ff1cf3243ce56ff278cc0924b601784463d1
SHA256: 4202574ee60beb13a329f4ba6f6bc55a6e3cfbdfccab929f50024603d9cde020
ssdeep: 1536:IS+zcVPpjrVmdmwGvp1kGEJ5V7hAUJcFc00LZ:+g9plmW8PD2Gc2Z
PEiD..: -
TrID..: File type identification
Text - UTF-16 (LE) encoded (66.6%)
MP3 audio (33.3%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (F-Prot): Unicode
packers (Authentium): Unicode
[size="1"][color="#666686"][B][I]Добавлено через 57 минут[/I][/B][/color][/size]
Странно. По поводу [B]Win32.Almanahe[/B] c вирлаба ЛК пришел такой вот ответ:
[QUOTE]Здравствуйте,
mail.exe_, zmail.dll
Вредоносный код в файлах не обнаружен.[/QUOTE]
[QUOTE]RE: Re: [--Obscene--] Re: вирь [KLAN-25043727] [KLAN-25045485] [KLAN-25050003] [KLAN-25204047] [KLAN-25262127] [KLAN-27791285] [KLAN-29591337] [KLAN-32489729] [KLAN-33179613] [KLAN-33251659] [KLAN-35858789][/QUOTE]
Вероятно, не следует включать в статистику?
[size="1"][color="#666686"][B][I]Добавлено через 3 минуты[/I][/B][/color][/size]
[QUOTE]Последний раз редактировалось Shu_b; Сегодня в 15:31 Причина: третий удалён, дубль первого[/QUOTE]
На ВТ проверялись разные файлы, с различными результатами. Извините, перепутал. Вероятно, уже не важно.
-
Файл Dllcache.exe получен 2009.07.08 16:08:54 (UTC)[codE]Антивирус Версия Обновление Результат
[B]a-squared 4.5.0.18 2009.07.08 Riskware.Win32.Injector!IK
AhnLab-V3 5.0.0.2 2009.07.08 Win-Trojan/Agent.71680.CP[/B]
AntiVir 7.9.0.204 2009.07.08 -
[B]Antiy-AVL 2.0.3.1 2009.07.08 Backdoor/Win32.IRCBot.gen[/B]
Authentium 5.1.2.4 2009.07.08 -
[B]Avast 4.8.1335.0 2009.07.07 Win32:Inject-SW
AVG 8.5.0.386 2009.07.08 SHeur2.ANUC[/B]
BitDefender 7.2 2009.07.08 -
[B]CAT-QuickHeal 10.00 2009.07.08 Backdoor.IRCBot.lav[/B]
ClamAV 0.94.1 2009.07.08 -
Comodo 1578 2009.07.08 -
[B]DrWeb 5.0.0.12182 2009.07.08 Win32.HLLW.Druck.5[/B]
eSafe 7.0.17.0 2009.07.08 Suspicious File
eTrust-Vet 31.6.6602 2009.07.08 -
F-Prot 4.4.4.56 2009.07.07 -
[B]F-Secure 8.0.14470.0 2009.07.08 Backdoor.Win32.IRCBot.lav[/B]
Fortinet 3.117.0.0 2009.07.03 -
[B]GData 19 2009.07.08 Win32:Inject-SW
Ikarus T3.1.1.64.0 2009.07.08 VirTool.Win32.Injector[/B]
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
[B]Kaspersky 7.0.0.125 2009.07.08 Backdoor.Win32.IRCBot.lav
McAfee 5669 2009.07.07 BackDoor-DOQ.gen.e
McAfee+Artemis 5669 2009.07.07 BackDoor-DOQ.gen.e
McAfee-GW-Edition 6.8.5 2009.07.08 Heuristic.LooksLike.Win32.NewMalware.H
Microsoft 1.4803 2009.07.08 VirTool:Win32/Injector.gen!B
NOD32 4224 2009.07.08 Win32/IRCBot.AMC[/B]
Norman 6.01.09 2009.07.07 -
[B]nProtect 2009.1.8.0 2009.07.08 Backdoor/W32.IRCBot.71680.H[/B]
Panda 10.0.0.14 2009.07.08 -
PCTools 4.4.2.0 2009.07.08 -
Prevx 3.0 2009.07.08 -
[B]Rising 21.37.24.00 2009.07.08 Trojan.Win32.Nodef.kka
Sophos 4.43.0 2009.07.08 Mal/Behav-243[/B]
Sunbelt 3.2.1858.2 2009.07.08 -
Symantec 1.4.4.12 2009.07.08 -
TheHacker 6.3.4.3.363 2009.07.08 -
[B]TrendMicro 8.950.0.1094 2009.07.08 PAK_Generic.001
VBA32 3.12.10.7 2009.07.08 Backdoor.Win32.IRCBot.lav
ViRobot 2009.7.8.1824 2009.07.08 Backdoor.Win32.IRCBot.71680.F
VirusBuster 4.6.5.0 2009.07.08 Trojan.Inject.Gen.5
[/B][/codE]
Дополнительная информация
File size: 71680 bytes
MD5...: 002895ff98187a3cc21b7c67a9a0943e
-
Файл acleditf.exe получен 2009.07.08 17:10:09 (UTC)
Текущий статус: закончено
Результат: 13/41 (31.71%)
[CODE]
Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.08 -
AhnLab-V3 5.0.0.2 2009.07.08 -
AntiVir 7.9.0.204 2009.07.08 -
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.07 -
AVG 8.5.0.386 2009.07.08 Agent_r.NQ
BitDefender 7.2 2009.07.08 Gen:Trojan.Heur.Hype.2010EFEFEF
CAT-QuickHeal 10.00 2009.07.08 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.07.08 -
Comodo 1578 2009.07.08 -
DrWeb 5.0.0.12182 2009.07.08 Trojan.Packed.2463
eSafe 7.0.17.0 2009.07.08 Suspicious File
eTrust-Vet 31.6.6604 2009.07.08 -
F-Prot 4.4.4.56 2009.07.07 -
F-Secure 8.0.14470.0 2009.07.08 -
Fortinet 3.117.0.0 2009.07.03 -
[B]GData 19 2009.07.08 Gen:Trojan.Heur.Hype.2010EFEFEF[/B]
Ikarus T3.1.1.64.0 2009.07.08 -
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5670 2009.07.08 FakeAlert-DA
McAfee+Artemis 5670 2009.07.08 FakeAlert-DA
McAfee-GW-Edition 6.8.5 2009.07.08 -
Microsoft 1.4803 2009.07.08 Trojan:Win32/Ositki.A
NOD32 4224 2009.07.08 a variant of Win32/Kryptik.QL
Norman 6.01.09 2009.07.08 -
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.08 -
PCTools 4.4.2.0 2009.07.08 -
Prevx 3.0 2009.07.08 -
Rising 21.37.24.00 2009.07.08 -
Sophos 4.43.0 2009.07.08 Mal/EncPk-IF
Sunbelt 3.2.1858.2 2009.07.08 -
Symantec 1.4.4.12 2009.07.08 Packed.Generic.218
TheHacker 6.3.4.3.363 2009.07.08 -
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.08 Malware-Cryptor.Win32.Argin
ViRobot 2009.7.8.1824 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.08 -
[/CODE]
Дополнительная информация
File size: 40448 bytes
MD5...: 7da01b2fe2679ca3fe98c9780e749179
SHA1..: 1b5696e7d3dd5ecb86a17d84a232f1280bddab3d
SHA256: a4bd80501a350520cbf7557191760727342ef309d1b7d29c9e0487d609b7409a
ssdeep: 768:RFg6kNqifwvEpde2IvP2e0chZMHPtEipedK3AoTkCmw/rpviHtUVin+eCYI5
CH5T:fgPjwvEpo2OP2ekPfAdK3RrwHtgin+ej
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Файл nopmulti4.exe получен 2009.07.08 17:19:49 (UTC)
Текущий статус: закончено
Результат: 25/41 (60.98%)
[CODE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.08 Trojan.Win32.Winwebsec!IK
AhnLab-V3 5.0.0.2 2009.07.08 Win-Trojan/Clicker.311296.C
AntiVir 7.9.0.204 2009.07.08 TR/Clicker.23
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 W32/FakeAlert.AZ2.gen!Eldorado
Avast 4.8.1335.0 2009.07.08 Win32:Trojan-gen {Other}
AVG 8.5.0.386 2009.07.08 Clicker.ZIS
BitDefender 7.2 2009.07.08 Trojan.Generic.1930179
CAT-QuickHeal 10.00 2009.07.08 TrojanClicker.Klik
ClamAV 0.94.1 2009.07.08 -
Comodo 1578 2009.07.08 -
DrWeb 5.0.0.12182 2009.07.08 Trojan.Packed.2463
eSafe 7.0.17.0 2009.07.08 -
eTrust-Vet 31.6.6604 2009.07.08 -
F-Prot 4.4.4.56 2009.07.08 W32/FakeAlert.AZ2.gen!Eldorado
F-Secure 8.0.14470.0 2009.07.08 Trojan-Downloader:W32/Fakerean.gen!A
Fortinet 3.117.0.0 2009.07.03 Adware/AdClicker
GData 19 2009.07.08 Trojan.Generic.1930179
Ikarus T3.1.1.64.0 2009.07.08 Trojan.Win32.Winwebsec
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5670 2009.07.08 Adclicker-HB
McAfee+Artemis 5670 2009.07.08 Adclicker-HB
McAfee-GW-Edition 6.8.5 2009.07.08 Heuristic.BehavesLike.Backdoor.C
Microsoft 1.4803 2009.07.08 TrojanClicker:Win32/Klik
NOD32 4224 2009.07.08 a variant of Win32/Kryptik.PU
Norman 6.01.09 2009.07.08 -
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.08 Trj/CI.A
PCTools 4.4.2.0 2009.07.08 -
Prevx 3.0 2009.07.08 -
Rising 21.37.24.00 2009.07.08 -
Sophos 4.43.0 2009.07.08 Mal/EncPk-IF
Sunbelt 3.2.1858.2 2009.07.08 Packer.Lighty.Gen (v)
Symantec 1.4.4.12 2009.07.08 Trojan Horse
TheHacker 6.3.4.3.363 2009.07.08 -
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.08 Malware-Cryptor.Win32.Emo
ViRobot 2009.7.8.1824 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.08 Trojan.CL.Klik.NP
[/CODE]
Дополнительная информация
File size: 311296 bytes
MD5...: 8fa9aa822ba5e60aaefe1821ecdecc04
SHA1..: 8c201a254b1d5397c48deea52afb68501d4dea54
SHA256: c32908d14b460621cc7493a789ea02753ebeec71876655099a4fe2e34b758a27
ssdeep: 6144:bqeU7o3L24Kujej5ADrYjLGXigP67WbZj/sY1gcgsDHjHL/F9B0KY5n:bnQ
o7UZqXiGkWbx/91gFMHTL/Ff0KY5n
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Файл 100.tmp получен 2009.07.08 17:22:51 (UTC)
Текущий статус: закончено
Результат: 13/40 (32.5%)
[CODE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.08 -
AhnLab-V3 5.0.0.2 2009.07.08 -
AntiVir 7.9.0.204 2009.07.08 -
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.08 -
AVG 8.5.0.386 2009.07.08 FakeAlert.KO
BitDefender 7.2 2009.07.08 -
CAT-QuickHeal 10.00 2009.07.08 -
ClamAV 0.94.1 2009.07.08 -
Comodo 1578 2009.07.08 UnclassifiedMalware
DrWeb 5.0.0.12182 2009.07.08 -
eSafe 7.0.17.0 2009.07.08 Suspicious File
eTrust-Vet 31.6.6604 2009.07.08 Win32/AMalum.ZZYFU
F-Prot 4.4.4.56 2009.07.08 -
F-Secure 8.0.14470.0 2009.07.08 Trojan-Downloader:W32/Fakerean.gen!A
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.08 -
Ikarus T3.1.1.64.0 2009.07.08 -
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5670 2009.07.08 Generic PWS!hv.ao
McAfee+Artemis 5670 2009.07.08 Artemis!D3137DE98400
McAfee-GW-Edition 6.8.5 2009.07.08 Heuristic.BehavesLike.Packed.J
Microsoft 1.4803 2009.07.08 -
NOD32 4224 2009.07.08 -
Norman 6.01.09 2009.07.08 -
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.08 Suspicious file
Prevx 3.0 2009.07.08 Medium Risk Malware
Rising 21.37.24.00 2009.07.08 -
Sophos 4.43.0 2009.07.08 -
Sunbelt 3.2.1858.2 2009.07.08 VIPRE.Suspicious
Symantec 1.4.4.12 2009.07.08 Packed.Generic.233
TheHacker 6.3.4.3.363 2009.07.08 Trojan/Dropper.Microjoin.gqh
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.08 -
ViRobot 2009.7.8.1824 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.08 -[/CODE]
Дополнительная информация
File size: 589824 bytes
MD5...: d3137de98400fc46ff5173611233d5fd
SHA1..: 6b4d0bc7ff083519db8ce696ee929e032e552c47
SHA256: 58e6bc2e80eccc98baa4a4d55c042e2725b129b14580f125bf4097a4130bac45
ssdeep: 12288:6Ei+Kmau7RKmEf6o621a89PFXlgt3syui78yQve0fTkiLVza:6Rbu7da6s
aYPFXlgh7uQ8yX0fDa
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Файл 28.tmp получен 2009.07.08 17:29:35 (UTC)
Текущий статус: закончено
Результат: 15/40 (37.5%)
[CODE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.08 -
AhnLab-V3 5.0.0.2 2009.07.08 Dropper/Microjoin.1670144.B
AntiVir 7.9.0.204 2009.07.08 -
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.08 -
AVG 8.5.0.386 2009.07.08 FakeAlert.KO
BitDefender 7.2 2009.07.08 Trojan.Generic.2009297
CAT-QuickHeal 10.00 2009.07.08 -
ClamAV 0.94.1 2009.07.08 -
Comodo 1578 2009.07.08 -
DrWeb 5.0.0.12182 2009.07.08 Trojan.MulDrop.1161
eSafe 7.0.17.0 2009.07.08 Suspicious File
eTrust-Vet 31.6.6604 2009.07.08 Win32/AMalum.ZZXXP
F-Prot 4.4.4.56 2009.07.08 -
F-Secure 8.0.14470.0 2009.07.08 Trojan-Downloader:W32/Fakerean.gen!A
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.08 Trojan.Generic.2009297
Ikarus T3.1.1.64.0 2009.07.08 -
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5670 2009.07.08 -
McAfee+Artemis 5670 2009.07.08 Artemis!F53A88674B65
McAfee-GW-Edition 6.8.5 2009.07.08 Heuristic.LooksLike.Trojan.Crypt.I
Microsoft 1.4803 2009.07.08 -
NOD32 4224 2009.07.08 -
Norman 6.01.09 2009.07.08 W32/Renos.dam
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.08 Suspicious file
PCTools 4.4.2.0 2009.07.08 -
Rising 21.37.24.00 2009.07.08 Trojan.Clicker.Win32.Undef.ki
Sophos 4.43.0 2009.07.08 -
Sunbelt 3.2.1858.2 2009.07.08 Bulk Trojan
Symantec 1.4.4.12 2009.07.08 Packed.Generic.233
TheHacker 6.3.4.3.363 2009.07.08 -
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.08 -
ViRobot 2009.7.8.1824 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.08 -[/CODE]
Дополнительная информация
File size: 1474560 bytes
MD5...: f53a88674b65ef469670f9ef2b1656e6
SHA1..: a7bb16a3c943654b847d34ab847b0f58ce473e36
SHA256: f40be5f61b8dd0e0c8a844727695c3bc74aec5772407ea211621d1a5fd148f3d
ssdeep: 24576:cmJlz/UViFiakkUS1ANO86PT3upvrapo0UXPrKWbbmqmnpD5v9axMkQf/c
d76Gb:cmP/UQi7kUIcf6jGvr6GuWWqkNQ4fUdz
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Файл 39.tmp получен 2009.07.08 17:35:30 (UTC)
Текущий статус: закончено
Результат: 12/41 (29.27%)
[CODE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.08 -
AhnLab-V3 5.0.0.2 2009.07.08 -
AntiVir 7.9.0.204 2009.07.08 -
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.08 -
AVG 8.5.0.386 2009.07.08 -
BitDefender 7.2 2009.07.08 -
CAT-QuickHeal 10.00 2009.07.08 -
ClamAV 0.94.1 2009.07.08 -
Comodo 1578 2009.07.08 -
DrWeb 5.0.0.12182 2009.07.08 -
eSafe 7.0.17.0 2009.07.08 Win32.VirToolObfusca
eTrust-Vet 31.6.6604 2009.07.08 Win32/AntiVirus2008.Y
F-Prot 4.4.4.56 2009.07.08 -
F-Secure 8.0.14470.0 2009.07.08 -
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.08 -
Ikarus T3.1.1.64.0 2009.07.08 -
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5670 2009.07.08 -
McAfee+Artemis 5670 2009.07.08 Artemis!0DFC51CA6D30
McAfee-GW-Edition 6.8.5 2009.07.08 Heuristic.LooksLike.Win32.NewMalware.A
Microsoft 1.4803 2009.07.08 Trojan:Win32/Winwebsec
NOD32 4224 2009.07.08 -
Norman 6.01.09 2009.07.08 DLoader.QOPA
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.08 Suspicious file
PCTools 4.4.2.0 2009.07.08 -
Prevx 3.0 2009.07.08 Medium Risk Malware
Rising 21.37.24.00 2009.07.08 -
Sophos 4.43.0 2009.07.08 Mal/EncPk-IV
Sunbelt 3.2.1858.2 2009.07.08 FraudTool.Win32.RogueSecurity (v)
Symantec 1.4.4.12 2009.07.08 Packed.Generic.233
TheHacker 6.3.4.3.363 2009.07.08 Trojan/Dropper.Agent.atmg
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.08 -
ViRobot 2009.7.8.1824 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.08 -[/CODE]
Дополнительная информация
File size: 55480 bytes
MD5...: 0dfc51ca6d30728e6b5d7ad152c2c30c
SHA1..: e2a69ec84164617ebc2eecc31846eb1bff9d01cc
SHA256: 5fb522accb22eb65513b4db838edd12d8d8b65af64f4b60cb39cdcaeaa215688
ssdeep: 1536:U2B1GVN5qtGuDurTpuRTJzGqiiqO/1TovfWQ:gVutvur12hGqizOt0vfWQ
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Файл 3C.tmp получен 2009.07.08 17:44:48 (UTC)
Текущий статус: закончено
Результат: 7/41 (17.08%)
[CODE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.08 -
AhnLab-V3 5.0.0.2 2009.07.08 -
AntiVir 7.9.0.204 2009.07.08 -
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.08 -
AVG 8.5.0.386 2009.07.08 Generic13.BILN
BitDefender 7.2 2009.07.08 -
CAT-QuickHeal 10.00 2009.07.08 -
ClamAV 0.94.1 2009.07.08 -
Comodo 1578 2009.07.08 -
DrWeb 5.0.0.12182 2009.07.08 -
eSafe 7.0.17.0 2009.07.08 -
eTrust-Vet 31.6.6604 2009.07.08 -
F-Prot 4.4.4.56 2009.07.08 -
F-Secure 8.0.14470.0 2009.07.08 Suspicious:W32/Malware!Gemini
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.08 -
Ikarus T3.1.1.64.0 2009.07.08 -
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5670 2009.07.08 -
McAfee+Artemis 5670 2009.07.08 Artemis!7C2902AD16F6
McAfee-GW-Edition 6.8.5 2009.07.08 -
Microsoft 1.4803 2009.07.08 -
NOD32 4224 2009.07.08 -
Norman 6.01.09 2009.07.08 DLoader.QOPA
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.08 Suspicious file
PCTools 4.4.2.0 2009.07.08 -
Prevx 3.0 2009.07.08 -
Rising 21.37.24.00 2009.07.08 -
Sophos 4.43.0 2009.07.08 -
Sunbelt 3.2.1858.2 2009.07.08 -
Symantec 1.4.4.12 2009.07.08 Packed.Generic.233
TheHacker 6.3.4.3.363 2009.07.08 Trojan/Dropper.Microjoin.grm
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.08 -
ViRobot 2009.7.8.1824 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.08 -[/CODE]
Дополнительная информация
File size: 614400 bytes
MD5...: 7c2902ad16f6fc76e816609a2b59291d
SHA1..: ed1370d74f92e0d038c0924aa05cce5d33c9a74a
SHA256: 999ec2242d099477ca0b0eefa0700777f578352095988280d6ebdc0a320d10e1
ssdeep: 12288:sP9lzkA+P93kMry7JCa15Ud4z/vixnym5Prwr+zF8JkO:sVkD5kx15aa/v
gNJr5zAB
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Файл 38.tmp получен 2009.07.08 17:41:51 (UTC)
Текущий статус: закончено
Результат: 9/40 (22.5%)
[CODE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.08 -
AhnLab-V3 5.0.0.2 2009.07.08 Dropper/Microjoin.2626560
AntiVir 7.9.0.204 2009.07.08 -
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.08 -
AVG 8.5.0.386 2009.07.08 SHeur2.ALNO
BitDefender 7.2 2009.07.08 -
CAT-QuickHeal 10.00 2009.07.08 -
ClamAV 0.94.1 2009.07.08 Trojan.Dropper-19904
Comodo 1578 2009.07.08 -
DrWeb 5.0.0.12182 2009.07.08 -
eSafe 7.0.17.0 2009.07.08 Win32.TRCrypt.XPACK
eTrust-Vet 31.6.6604 2009.07.08 -
F-Prot 4.4.4.56 2009.07.08 -
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.08 -
Ikarus T3.1.1.64.0 2009.07.08 -
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5670 2009.07.08 -
McAfee+Artemis 5670 2009.07.08 Artemis!ED5D6DAD09AC
McAfee-GW-Edition 6.8.5 2009.07.08 -
Microsoft 1.4803 2009.07.08 -
NOD32 4224 2009.07.08 -
Norman 6.01.09 2009.07.08 DLoader.QOPA
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.08 Suspicious file
PCTools 4.4.2.0 2009.07.08 -
Prevx 3.0 2009.07.08 -
Rising 21.37.24.00 2009.07.08 -
Sophos 4.43.0 2009.07.08 -
Sunbelt 3.2.1858.2 2009.07.08 -
Symantec 1.4.4.12 2009.07.08 Packed.Generic.233
TheHacker 6.3.4.3.363 2009.07.08 Trojan/Dropper.Microjoin.grj
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.08 -
ViRobot 2009.7.8.1824 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.08 -[/CODE]
Дополнительная информация
File size: 2335760 bytes
MD5...: ed5d6dad09ac0453007b767d66871c71
SHA1..: d8e3f0fdfb601de1650b5c0d8b6adf3891d9e53d
SHA256: cb859efb2e6faaaea969ee89f1af197bd5ce9eac521da7c5e39ccc50ea656fd8
ssdeep: 49152:378KTBi1cLaFo4eaZNS31dGh/uoQ2BW4mHD1QTbt0irjQVznlC8XEV:37V
sUxmwoQzbD1QPtprjQ1480V
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Файл 32.tmp получен 2009.07.08 17:49:26 (UTC)
Текущий статус: закончено
Результат: 8/41 (19.52%)
[CODE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.08 -
AhnLab-V3 5.0.0.2 2009.07.08 -
AntiVir 7.9.0.204 2009.07.08 -
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.08 -
AVG 8.5.0.386 2009.07.08 FakeAlert.KO
BitDefender 7.2 2009.07.08 -
CAT-QuickHeal 10.00 2009.07.08 -
ClamAV 0.94.1 2009.07.08 -
Comodo 1578 2009.07.08 UnclassifiedMalware
DrWeb 5.0.0.12182 2009.07.08 -
eSafe 7.0.17.0 2009.07.08 -
eTrust-Vet 31.6.6604 2009.07.08 Win32/AMalum.ZZVJP
F-Prot 4.4.4.56 2009.07.08 -
F-Secure 8.0.14470.0 2009.07.08 Trojan-Downloader:W32/Fakerean.gen!A
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.08 -
Ikarus T3.1.1.64.0 2009.07.08 -
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5670 2009.07.08 Generic PWS!hv.ao
McAfee+Artemis 5670 2009.07.08 Artemis!473025A9DF16
McAfee-GW-Edition 6.8.5 2009.07.08 -
Microsoft 1.4803 2009.07.08 -
NOD32 4224 2009.07.08 -
Norman 6.01.09 2009.07.08 -
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.08 -
PCTools 4.4.2.0 2009.07.08 -
Prevx 3.0 2009.07.08 Medium Risk Malware
Rising 21.37.24.00 2009.07.08 -
Sophos 4.43.0 2009.07.08 -
Sunbelt 3.2.1858.2 2009.07.08 -
Symantec 1.4.4.12 2009.07.08 Packed.Generic.218
TheHacker 6.3.4.3.363 2009.07.08 -
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.08 -
ViRobot 2009.7.8.1824 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.08 -[/CODE]
Дополнительная информация
File size: 507904 bytes
MD5...: 473025a9df16200353512782738f0ac6
SHA1..: 4c92ec23b44d2e53c2862322652f5aac005dd26e
SHA256: 81f9360a34ca121c7f0511547ecc50b769250aab83b748406e868a4b1e0a08b0
ssdeep: 12288:FSd/O4dESGEQDy9n9sEL9SxA/fpF8V4sNP6bJccREf:YtOfTE8yLsEL9SG
w40AcIK
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Файл 29.tmp получен 2009.07.08 17:48:53 (UTC)
Текущий статус: закончено
Результат: 17/40 (42.5%)
[CODE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.08 Virus.Win32.Trojan!IK
AhnLab-V3 5.0.0.2 2009.07.08 -
AntiVir 7.9.0.204 2009.07.08 -
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.08 Win32:Trojan-gen {Other}
AVG 8.5.0.386 2009.07.08 SHeur2.AKYM
BitDefender 7.2 2009.07.08 -
CAT-QuickHeal 10.00 2009.07.08 -
ClamAV 0.94.1 2009.07.08 -
Comodo 1578 2009.07.08 -
DrWeb 5.0.0.12182 2009.07.08 -
eSafe 7.0.17.0 2009.07.08 Win32.Packed
eTrust-Vet 31.6.6604 2009.07.08 -
F-Prot 4.4.4.56 2009.07.08 -
F-Secure 8.0.14470.0 2009.07.08 -
Fortinet 3.117.0.0 2009.07.03 PossibleThreat
GData 19 2009.07.08 Win32:Trojan-gen {Other}
Ikarus T3.1.1.64.0 2009.07.08 Virus.Win32.Trojan
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
Kaspersky 7.0.0.125 2009.07.08 -
McAfee 5670 2009.07.08 FakeAlert-DA
McAfee+Artemis 5670 2009.07.08 FakeAlert-DA
McAfee-GW-Edition 6.8.5 2009.07.08 -
Microsoft 1.4803 2009.07.08 TrojanDropper:Win32/Microjoin.gen!B
NOD32 4224 2009.07.08 a variant of Win32/Kryptik.SM
Norman 6.01.09 2009.07.08 DLoader.QOPA
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.08 Generic Trojan
PCTools 4.4.2.0 2009.07.08 -
Rising 21.37.24.00 2009.07.08 -
Sophos 4.43.0 2009.07.08 Perfect Keylogger
Sunbelt 3.2.1858.2 2009.07.08 VIPRE.Suspicious
Symantec 1.4.4.12 2009.07.08 Packed.Generic.233
TheHacker 6.3.4.3.363 2009.07.08 -
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.08 BScope.Dropper.Gen.17
ViRobot 2009.7.8.1824 2009.07.08 -
VirusBuster 4.6.5.0 2009.07.08 -[/CODE]
Дополнительная информация
File size: 1675264 bytes
MD5...: 7aa8ad673f88d85abd2fac999d05a924
SHA1..: 3c91e0b4ff9962835d6d9e222471489be6aeead1
SHA256: 4bdef2b9f2e1cb3eab132f01941b656fb12ba3116d94f9b72903e33078a47839
ssdeep: 49152:CafYip3diRY4e46g4klh9twVsM5UPqxZgH:pAoERY4ee44rcUPqx
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
-
Предложили скачать флеш плеер
Файл install_flash_player._exe получен 2009.07.09 03:17:07 (UTC)
[QUOTE]
Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.09 -
AhnLab-V3 5.0.0.2 2009.07.08 -
AntiVir 7.9.0.204 2009.07.08 -
Antiy-AVL 2.0.3.1 2009.07.08 -
Authentium 5.1.2.4 2009.07.08 -
Avast 4.8.1335.0 2009.07.08 -
AVG 8.5.0.386 2009.07.09 -
BitDefender 7.2 2009.07.09 -
CAT-QuickHeal 10.00 2009.07.08 -
ClamAV 0.94.1 2009.07.08 -
Comodo 1587 2009.07.09 -
[B]DrWeb 5.0.0.12182 2009.07.09 Trojan.DownLoad.34700[/B]
eSafe 7.0.17.0 2009.07.08 -
eTrust-Vet 31.6.6604 2009.07.08 -
F-Prot 4.4.4.56 2009.07.08 -
F-Secure 8.0.14470.0 2009.07.09 -
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.09 -
Ikarus T3.1.1.64.0 2009.07.09 -
Jiangmin 11.0.706 2009.07.08 -
K7AntiVirus 7.10.787 2009.07.08 -
Kaspersky 7.0.0.125 2009.07.09 -
McAfee 5670 2009.07.08 -
McAfee+Artemis 5670 2009.07.08 -
McAfee-GW-Edition 6.8.5 2009.07.09 -
Microsoft 1.4803 2009.07.08 -
[B]NOD32 4226 2009.07.09 Win32/VB.OHU[/B]
Norman 6.01.09 2009.07.08 -
nProtect 2009.1.8.0 2009.07.08 -
Panda 10.0.0.14 2009.07.08 -
PCTools 4.4.2.0 2009.07.08 -
Prevx 3.0 2009.07.09 -
Rising 21.37.24.00 2009.07.08 -
Sophos 4.43.0 2009.07.09 -
Sunbelt 3.2.1858.2 2009.07.08 -
Symantec 1.4.4.12 2009.07.09 -
TheHacker 6.3.4.3.363 2009.07.08 -
TrendMicro 8.950.0.1094 2009.07.08 -
VBA32 3.12.10.7 2009.07.09 -
ViRobot 2009.7.8.1824 2009.07.09 -
VirusBuster 4.6.5.0 2009.07.08 -[/QUOTE]
Дополнительная информация
File size: 33280 bytes
MD5...: 2542af8813cfd5513966fc529c38065e
SHA1..: b84d5ece478c47848b1feb57a760efc5ad607772
SHA256: 37e88827d450cf335c8d690215e6f41ae0c66a470c5bd61cd490481bc36e67a3
ssdeep: 384:v3zu83Dcet5Svtk/UU5JJO7nyjGWGvOIfZ/AL23hgqwDvWi:v3623DSvtksG<br>PAnySBOkR623ADO<br>
PEiD..: -
[URL="http://www.virustotal.com/ru/analisis/37e88827d450cf335c8d690215e6f41ae0c66a470c5bd61cd490481bc36e67a3-1247109427"]http://www.virustotal.com/ru/analisis/37e88827d450cf335c8d690215e6f41ae0c66a470c5bd61cd490481bc36e67a3-1247109427[/URL]
-
Файл 429.exe получен 2009.07.09 17:21:39 (UTC)
Текущий статус: закончено
Результат: 16/41 (39.03%)
[QUOTE]Антивирус Версия Обновление Результат
[B]a-squared 4.5.0.18 2009.07.09 Backdoor.Win32.VanBot!IK[/B]
AhnLab-V3 5.0.0.2 2009.07.09 -
[B]AntiVir 7.9.0.204 2009.07.09 TR/Buzus.bltq
Antiy-AVL 2.0.3.1 2009.07.09 Trojan/Win32.Buzus.gen[/B]
Authentium 5.1.2.4 2009.07.09 -
Avast 4.8.1335.0 2009.07.08 -
AVG 8.5.0.386 2009.07.09 -
BitDefender 7.2 2009.07.09 -
CAT-QuickHeal 10.00 2009.07.09 -
ClamAV 0.94.1 2009.07.09 -
Comodo 1594 2009.07.09 -
[B]DrWeb 5.0.0.12182 2009.07.09 Win32.HLLW.Lime.7[/B]
eSafe 7.0.17.0 2009.07.09 -
[B]eTrust-Vet 31.6.6606 2009.07.09 Win32/Slenfbot!generic[/B]
F-Prot 4.4.4.56 2009.07.09 -
[B]F-Secure 8.0.14470.0 2009.07.09 Trojan.Win32.Buzus.bltq[/B]
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.09 -
[B]Ikarus T3.1.1.64.0 2009.07.09 Backdoor.Win32.VanBot[/B]
Jiangmin 11.0.706 2009.07.09 -
K7AntiVirus 7.10.788 2009.07.09 -
[B]Kaspersky 7.0.0.125 2009.07.09 Trojan.Win32.Buzus.bltq[/B]
McAfee 5670 2009.07.08 -
[B]McAfee+Artemis 5670 2009.07.08 Artemis!810A4666F832
McAfee-GW-Edition 6.8.5 2009.07.09 Heuristic.LooksLike.Trojan.Buzus.H
Microsoft 1.4803 2009.07.09 VirTool:Win32/DelfInject.gen!AW
NOD32 4229 2009.07.09 Win32/Peerfrag.CF[/B]
Norman 6.01.09 2009.07.09 -
[B]nProtect 2009.1.8.0 2009.07.09 Trojan/W32.Buzus.136704.B
Panda 10.0.0.14 2009.07.09 Trj/Buzus.AH[/B]
PCTools 4.4.2.0 2009.07.09 -
[B]Prevx 3.0 2009.07.09 Medium Risk Malware
Rising 21.37.34.00 2009.07.09 Backdoor.Win32.Delf.efj[/B]
Sophos 4.43.0 2009.07.09 -
Sunbelt 3.2.1858.2 2009.07.09 -
Symantec 1.4.4.12 2009.07.09 -
TheHacker 6.3.4.3.363 2009.07.08 -
TrendMicro 8.950.0.1094 2009.07.09 -
VBA32 3.12.10.7 2009.07.09 -
ViRobot 2009.7.9.1827 2009.07.09 -
VirusBuster 4.6.5.0 2009.07.09 -[/QUOTE]
Дополнительная информация
File size: 136704 bytes
MD5...: 810a4666f83266ad3249758aa9073a11
SHA1..: f8fa1b3871214e0e4715b9a7ca9e137d0e90eb1f
SHA256: 4b85473175639e5c3e4c88bf373e2ca704af96098f531d084d890986bd273efd
ssdeep: 1536:vJDk2qAifOf8RFYOhRDgxvjNHjlQqdzNE6bLC/NbA/uu7HlXMI6AEyDXr5b
+0:txlf8R/hRD85k6ilbA7lHXPDZp
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
Файл 677.exe получен 2009.07.09 17:27:59 (UTC)
Текущий статус: закончено
Результат: 9/41 (21.96%)
[QUOTE]Антивирус Версия Обновление Результат
[B]a-squared 4.5.0.18 2009.07.09 Backdoor.Win32.VanBot!IK[/B]
AhnLab-V3 5.0.0.2 2009.07.09 -
AntiVir 7.9.0.204 2009.07.09 -
Antiy-AVL 2.0.3.1 2009.07.09 -
Authentium 5.1.2.4 2009.07.09 -
Avast 4.8.1335.0 2009.07.08 -
AVG 8.5.0.386 2009.07.09 -
BitDefender 7.2 2009.07.09 -
CAT-QuickHeal 10.00 2009.07.09 -
ClamAV 0.94.1 2009.07.09 -
Comodo 1594 2009.07.09 -
[B]DrWeb 5.0.0.12182 2009.07.09 Win32.HLLW.Lime.7
eSafe 7.0.17.0 2009.07.09 Win32.VirToolDelfInj
eTrust-Vet 31.6.6606 2009.07.09 Win32/Slenfbot!generic[/B]
F-Prot 4.4.4.56 2009.07.09 -
F-Secure 8.0.14470.0 2009.07.09 -
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.09 -
[B]Ikarus T3.1.1.64.0 2009.07.09 Backdoor.Win32.VanBot[/B]
Jiangmin 11.0.706 2009.07.09 -
K7AntiVirus 7.10.788 2009.07.09 -
Kaspersky 7.0.0.125 2009.07.09 -
McAfee 5670 2009.07.08 -
McAfee+Artemis 5670 2009.07.08 -
[B]McAfee-GW-Edition 6.8.5 2009.07.09 Heuristic.LooksLike.Trojan.Buzus.H
Microsoft 1.4803 2009.07.09 VirTool:Win32/DelfInject.gen!AW[/B]
NOD32 4229 2009.07.09 -
Norman 6.01.09 2009.07.09 -
nProtect 2009.1.8.0 2009.07.09 -
[B]Panda 10.0.0.14 2009.07.09 Suspicious file[/B]
PCTools 4.4.2.0 2009.07.09 -
[B]Prevx 3.0 2009.07.09 Medium Risk Malware[/B]
Rising 21.37.34.00 2009.07.09 -
Sophos 4.43.0 2009.07.09 -
Sunbelt 3.2.1858.2 2009.07.09 -
Symantec 1.4.4.12 2009.07.09 -
TheHacker 6.3.4.3.363 2009.07.08 -
TrendMicro 8.950.0.1094 2009.07.09 -
VBA32 3.12.10.7 2009.07.09 -
ViRobot 2009.7.9.1827 2009.07.09 -
VirusBuster 4.6.5.0 2009.07.09 -[/QUOTE]
Дополнительная информация
File size: 136704 bytes
MD5...: 854cc73a4bb31a327252b6c3920aacc5
SHA1..: ef9a3f94aa0cd98c4ff9294622c6d8178f94c0fe
SHA256: f27125662774bc97582520f4c3001a9e86aa8e2cc5012b6e8a0a1ca66ebeb063
ssdeep: 3072:8Qvmv9mYSJ3qw5YHqj0G8mOWzOTPUyeKINN9W8a0+KkQ:7UmYu3l6bpT89l
E2
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
Файл rdlC.tmp.exe получен 2009.07.09 17:28:06 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.2%)
[QUOTE]Антивирус Версия Обновление Результат
[B]a-squared 4.5.0.18 2009.07.09 Worm.Win32.Downloader!IK[/B]
AhnLab-V3 5.0.0.2 2009.07.09 -
AntiVir 7.9.0.204 2009.07.09 -
Antiy-AVL 2.0.3.1 2009.07.09 -
Authentium 5.1.2.4 2009.07.09 -
Avast 4.8.1335.0 2009.07.08 -
AVG 8.5.0.386 2009.07.09 -
BitDefender 7.2 2009.07.09 -
[B]CAT-QuickHeal 10.00 2009.07.09 (Suspicious) - DNAScan[/B]
ClamAV 0.94.1 2009.07.09 -
Comodo 1594 2009.07.09 -
[B]DrWeb 5.0.0.12182 2009.07.09 Trojan.PWS.Webmonier.137
eSafe 7.0.17.0 2009.07.09 Suspicious File[/B]
eTrust-Vet 31.6.6606 2009.07.09 -
F-Prot 4.4.4.56 2009.07.09 -
F-Secure 8.0.14470.0 2009.07.09 -
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.09 -
[B]Ikarus T3.1.1.64.0 2009.07.09 Worm.Win32.Downloader[/B]
Jiangmin 11.0.706 2009.07.09 -
K7AntiVirus 7.10.788 2009.07.09 -
Kaspersky 7.0.0.125 2009.07.09 -
McAfee 5670 2009.07.08 -
McAfee+Artemis 5670 2009.07.08 -
McAfee-GW-Edition 6.8.5 2009.07.09 -
Microsoft 1.4803 2009.07.09 -
NOD32 4229 2009.07.09 -
Norman 6.01.09 2009.07.09 -
nProtect 2009.1.8.0 2009.07.09 -
Panda 10.0.0.14 2009.07.09 -
PCTools 4.4.2.0 2009.07.09 -
Prevx 3.0 2009.07.09 -
Rising 21.37.34.00 2009.07.09 -
Sophos 4.43.0 2009.07.09 -
Sunbelt 3.2.1858.2 2009.07.09 -
Symantec 1.4.4.12 2009.07.09 -
TheHacker 6.3.4.3.363 2009.07.08 -
TrendMicro 8.950.0.1094 2009.07.09 -
VBA32 3.12.10.7 2009.07.09 -
ViRobot 2009.7.9.1827 2009.07.09 -
VirusBuster 4.6.5.0 2009.07.09 -[/QUOTE]
Дополнительная информация
File size: 41984 bytes
MD5...: 9425e83b7f3adfbbc1306ddf7e8acc36
SHA1..: 7d80a79c8d9cfb89a81e1247b701b64318c5a186
SHA256: 233afea1a9c7508b340087f3bdfd8ab931fdf97b2418606c2a5ac143c981f327
ssdeep: 768:GVYU6SpQtuk+xWHUYtoDYN41zjgi93oSjrXC5ZDItRUBK:S6OQLZHUYtiYu1
fDxjbC5ZaUk
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
-
Уже не знаю, что и думать... Вот результат проверки на ВТ:
[QUOTE]
Файл com.run получен 2009.07.10 17:20:46 (UTC)
Текущий статус: закончено
Результат: 15/40 (37.5%)
Форматированные
Печать результатов Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.10 HackTool.Win32.Patcher.A!IK
AhnLab-V3 5.0.0.2 2009.07.10 -
AntiVir 7.9.0.204 2009.07.10 TR/Agent.azpm.19
Antiy-AVL 2.0.3.1 2009.07.10 Backdoor/Win32.Small.gen
Authentium 5.1.2.4 2009.07.09 W32/Heuristic-210!Eldorado
Avast 4.8.1335.0 2009.07.09 -
AVG 8.5.0.387 2009.07.10 -
BitDefender 7.2 2009.07.10 -
CAT-QuickHeal 10.00 2009.07.10 Trojan.Agent.ATV
ClamAV 0.94.1 2009.07.10 -
Comodo 1606 2009.07.10 UnclassifiedMalware
DrWeb 5.0.0.12182 2009.07.10 -
eSafe 7.0.17.0 2009.07.09 Win32.Agent.azpm
eTrust-Vet 31.6.6607 2009.07.10 -
F-Prot 4.4.4.56 2009.07.09 W32/Heuristic-210!Eldorado
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.10 -
Ikarus T3.1.1.64.0 2009.07.10 HackTool.Win32.Patcher.A
Jiangmin 11.0.706 2009.07.09 -
K7AntiVirus 7.10.789 2009.07.10 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.07.10 -
McAfee 5672 2009.07.10 -
McAfee+Artemis 5672 2009.07.10 Artemis!C89BB06712D9
McAfee-GW-Edition 6.8.5 2009.07.10 Heuristic.LooksLike.Win32.Virus.I
Microsoft 1.4803 2009.07.10 -
NOD32 4232 2009.07.10 -
Norman 6.01.09 2009.07.09 -
nProtect 2009.1.8.0 2009.07.10 -
Panda 10.0.0.14 2009.07.09 -
PCTools 4.4.2.0 2009.07.10 -
Prevx 3.0 2009.07.10 Medium Risk Malware
Rising 21.37.44.00 2009.07.10 -
Sophos 4.43.0 2009.07.10 W32/Autorun-MN
Sunbelt 3.2.1858.2 2009.07.10 Trojan.Agent.azpm.19
Symantec 1.4.4.12 2009.07.10 -
TheHacker 6.3.4.3.363 2009.07.08 -
TrendMicro 8.950.0.1094 2009.07.10 -
VBA32 3.12.10.8 2009.07.10 -
ViRobot 2009.7.10.1829 2009.07.10 -
VirusBuster 4.6.5.0 2009.07.10 -
Дополнительная информация
File size: 270336 bytes
MD5...: c89bb06712d983a9ef5f39b0d4c6a6cd
SHA1..: f5a82ba60b6ddf0a71de749784fe6c542fdb2db9
SHA256: 9b868febffb6ecf236e7263bca087aef374037887a0a65c47653848d3889e27f
[/QUOTE]
Вот ответ от вирлаба ЛК:
[QUOTE]> > Hello,
> > com.run,
> > dp1.fne,
> > eAPI.fne,
> > krnln,
> > og.dll,
> > og.EDT,
> > RegEx.fnr,
> > shell.fne,
> > ul.dll,
> > wmcache.nld
> > No malicious code were found in these files.
[/QUOTE]
Причем, усомнясь в покуда любимом KIS, установил некую другую софтину. Настройки поставил, правда, параноидальные, ругается на этот зоопарк (и другие коллекции) почем зря. Я бы и не вспомнил про них, если бы не новый аверь.
Решил позакидывать на ВТ... В последнее время постоянно возникают подобные ситуации: Нахожу явно левые файлы, с подозрительными названиями, атрибутами. Выключение их из автозапуска (в широком смысле) приводит машину в нормальное рабочее состояние. Далее следует проверка на ВТ, отправка в ЛК. Итог - выше. Что это? Все кругом понтовщики, как семантек, и параноики? Один кис - д'артаньян?
Откуда такая дружная реакция у остальных аверей?
[QUOTE]Файл shell.fne получен 2009.07.10 17:46:43 (UTC)
Текущий статус: закончено
Результат: 21/41 (51.22%)
Форматированные
Печать результатов Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.10 Trojan.Peed!IK
AhnLab-V3 5.0.0.2 2009.07.10 Win-Trojan/Xema.variant
AntiVir 7.9.0.204 2009.07.10 TR/Peed.A.689
Antiy-AVL 2.0.3.1 2009.07.10 -
Authentium 5.1.2.4 2009.07.09 W32/Heuristic-210!Eldorado
Avast 4.8.1335.0 2009.07.09 Win32:Trojan-gen {Other}
AVG 8.5.0.387 2009.07.10 Generic12.ACWB
BitDefender 7.2 2009.07.10 -
CAT-QuickHeal 10.00 2009.07.10 Trojan.Agent.ATV
ClamAV 0.94.1 2009.07.10 -
Comodo 1606 2009.07.10 UnclassifiedMalware
DrWeb 5.0.0.12182 2009.07.10 -
eSafe 7.0.17.0 2009.07.09 -
eTrust-Vet 31.6.6607 2009.07.10 -
F-Prot 4.4.4.56 2009.07.09 W32/Heuristic-210!Eldorado
F-Secure 8.0.14470.0 2009.07.10 -
Fortinet 3.120.0.0 2009.07.10 PossibleThreat
GData 19 2009.07.10 Win32:Trojan-gen {Other}
Ikarus T3.1.1.64.0 2009.07.10 Trojan.Peed
Jiangmin 11.0.706 2009.07.09 -
K7AntiVirus 7.10.789 2009.07.10 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.07.10 -
McAfee 5672 2009.07.10 Generic.dx
McAfee+Artemis 5672 2009.07.10 Generic.dx
McAfee-GW-Edition 6.8.5 2009.07.10 Heuristic.LooksLike.Win32.Peed.H
Microsoft 1.4803 2009.07.10 -
NOD32 4232 2009.07.10 probably a variant of Win32/Agent
Norman 6.01.09 2009.07.10 Smalltroj.ITDL
nProtect 2009.1.8.0 2009.07.10 -
Panda 10.0.0.14 2009.07.09 Generic Trojan
PCTools 4.4.2.0 2009.07.10 -
Prevx 3.0 2009.07.10 -
Rising 21.37.44.00 2009.07.10 -
Sophos 4.43.0 2009.07.10 W32/Autorun-MN
Sunbelt 3.2.1858.2 2009.07.10 -
Symantec 1.4.4.12 2009.07.10 Trojan Horse
TheHacker 6.3.4.3.363 2009.07.08 -
TrendMicro 8.950.0.1094 2009.07.10 -
VBA32 3.12.10.8 2009.07.10 -
ViRobot 2009.7.10.1829 2009.07.10 -
VirusBuster 4.6.5.0 2009.07.10 -
Дополнительная информация
File size: 40960 bytes
MD5...: 2d90d835be22c176771d77246418fd52
SHA1..: 6c1bbb683b7e79d6b17ac3afed41a34e86bab788
SHA256: 653b7e26d15024a70b5862cbc8cbf2bf59582e26182be8141db985e9bdaf6475[/QUOTE]
Я понимаю, что отсутствие ложных срабатываний - большой плюс, но "миллионы мух не могут ошибаться... в НЕМ что-то есть" :)
-
Файл PrivateContent.exe получен 2009.07.11 19:05:21 (UTC)
Текущий статус: закончено
Результат: 8/41 (19.52%)
[QUOTE]Антивирус Версия Обновление Результат
[B]a-squared 4.5.0.18 2009.07.11 Trojan.Fake!IK[/B]
AhnLab-V3 5.0.0.2 2009.07.11 -
[B]AntiVir 7.9.0.204 2009.07.11 TR/Fake.GoogleBar.2[/B]
Antiy-AVL 2.0.3.1 2009.07.10 -
Authentium 5.1.2.4 2009.07.11 -
Avast 4.8.1335.0 2009.07.10 -
AVG 8.5.0.387 2009.07.11 -
BitDefender 7.2 2009.07.11 -
CAT-QuickHeal 10.00 2009.07.10 -
ClamAV 0.94.1 2009.07.11 -
Comodo 1618 2009.07.11 -
DrWeb 5.0.0.12182 2009.07.11 -
eSafe 7.0.17.0 2009.07.09 -
eTrust-Vet 31.6.6608 2009.07.10 -
F-Prot 4.4.4.56 2009.07.11 -
F-Secure 8.0.14470.0 2009.07.11 -
Fortinet 3.120.0.0 2009.07.11 -
GData 19 2009.07.11 -
[B]Ikarus T3.1.1.64.0 2009.07.11 Trojan.Fake[/B]
Jiangmin 11.0.706 2009.07.11 -
K7AntiVirus 7.10.790 2009.07.11 -
Kaspersky 7.0.0.125 2009.07.11 -
McAfee 5673 2009.07.11 -
[B]McAfee+Artemis 5673 2009.07.11 potentially unwanted program Artemis!0EEE7A49D5F4[/B]
[B]McAfee-GW-Edition 6.8.5 2009.07.11 Trojan.Fake.GoogleBar.2[/B]
Microsoft 1.4803 2009.07.11 -
[B]NOD32 4235 2009.07.11 probably a variant of Win32/Adware.BHO.NGL[/B]
Norman 6.01.09 2009.07.10 -
nProtect 2009.1.8.0 2009.07.11 -
Panda 10.0.0.14 2009.07.11 -
PCTools 4.4.2.0 2009.07.11 -
Prevx 3.0 2009.07.11 -
Rising 21.37.52.00 2009.07.11 -
[B]Sophos 4.43.0 2009.07.11 Mal/Generic-A[/B]
Sunbelt 3.2.1858.2 2009.07.11 -
Symantec 1.4.4.12 2009.07.11 -
TheHacker 6.3.4.3.365 2009.07.11 -
TrendMicro 8.950.0.1094 2009.07.10 -
[B]VBA32 3.12.10.8 2009.07.11 BScope.Trojan.Cinmus.54[/B]
ViRobot 2009.7.11.1831 2009.07.11 -
VirusBuster 4.6.5.0 2009.07.11 -[/QUOTE]
Дополнительная информация
File size: 99328 bytes
MD5...: 0eee7a49d5f4c29337f87a33a8507260
SHA1..: f6abfebf4b40d82ceb3fe0e62b6c3914edb2b8b4
SHA256: 34428d6f832b2ecf708af8e663910518fd71f9f7266fa948f6c6ed6a00c76dd2
ssdeep: 1536:lW/AsM5bATFbok+qi7CcUUcMVdJivWoHzdqDc8iA08qeJkb2v:xuTsXUBaM
WoH3zAqeJkG
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
-
Файл foto.jar получен 2009.07.12 16:50:55 (UTC)
Текущий статус: закончено
Результат: 18/40 (45%)
[QUOTE]Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.07.12 -
AhnLab-V3 5.0.0.2 2009.07.11 -
[B]AntiVir 7.9.0.204 2009.07.11 JAVA/Boxer.1
Antiy-AVL 2.0.3.1 2009.07.10 Trojan/J2ME.Boxer[/B]
Authentium 5.1.2.4 2009.07.11 -
[B]Avast 4.8.1335.0 2009.07.11 Other:Malware-gen
AVG 8.5.0.387 2009.07.12 Java/SMS.C[/B]
BitDefender 7.2 2009.07.12 -
CAT-QuickHeal 10.00 2009.07.10 -
ClamAV 0.94.1 2009.07.12 -
[B]Comodo 1627 2009.07.12 UnclassifiedMalware
DrWeb 5.0.0.12182 2009.07.12 Java.SMSSend.41[/B]
eSafe 7.0.17.0 2009.07.12 -
eTrust-Vet 31.6.6608 2009.07.10 -
F-Prot 4.4.4.56 2009.07.11 -
[B]F-Secure 8.0.14470.0 2009.07.12 Trojan-SMS.J2ME.Boxer.i[/B]
Fortinet 3.120.0.0 2009.07.12 -
[B]GData 19 2009.07.12 Other:Malware-gen
Ikarus T3.1.1.64.0 2009.07.12 Trojan-SMS[/B]
Jiangmin 11.0.706 2009.07.12 -
K7AntiVirus 7.10.790 2009.07.11 -
[B]Kaspersky 7.0.0.125 2009.07.12 Trojan-SMS.J2ME.Boxer.i
McAfee 5674 2009.07.12 J2ME/Boxer
McAfee+Artemis 5674 2009.07.12 J2ME/Boxer
McAfee-GW-Edition 6.8.5 2009.07.11 Java.Boxer.1
Microsoft 1.4803 2009.07.12 Trojan:Java/Boxer.A
NOD32 4237 2009.07.12 J2ME/TrojanSMS.Swapi.F[/B]
Norman 6.01.09 2009.07.10 -
nProtect 2009.1.8.0 2009.07.12 -
Panda 10.0.0.14 2009.07.12 -
Prevx 3.0 2009.07.12 -
Rising 21.37.62.00 2009.07.12 -
[B]Sophos 4.43.0 2009.07.12 Troj/Boxer-A[/B]
Sunbelt 3.2.1858.2 2009.07.12 -
[B]Symantec 1.4.4.12 2009.07.12 Trojan Horse[/B]
TheHacker 6.3.4.3.366 2009.07.12 -
[B]TrendMicro 8.950.0.1094 2009.07.10 TROJ_BOXER.B[/B]
VBA32 3.12.10.8 2009.07.12 -
ViRobot 2009.7.11.1831 2009.07.11 -
VirusBuster 4.6.5.0 2009.07.11 -[/QUOTE]
Дополнительная информация
File size: 8287 bytes
MD5...: 0f4b74ce4f097a9bbc02349a2f1f4ce2
SHA1..: 78de1813fbe54937022758d83aef05a6f69af58d
SHA256: 4e40f2080bdb0e67f16935a23bdcfde6f23d340c96bd1cf9c767cf96cc40ae93
ssdeep: 192:3AJ08neaMUeV1/EaaflyW2bZAgxK2WRpmPM49Vr3RGyB6fvK55F4313oE:3I
08errDClyW2ugxiKPM4z4xvY5I13oE
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
[url]http://www.virustotal.com/ru/analisis/4e40f2080bdb0e67f16935a23bdcfde6f23d340c96bd1cf9c767cf96cc40ae93-1247417455[/url]
-
File Light.WebMoney_Generator_1.1.0.exе received on 2009.07.13 07:35:10 (UTC)
Current status: Finished
Result: 23/41 (56.1%)
[QUOTE]a-squared 4.5.0.18 2009.07.13 -
[B]AhnLab-V3 5.0.0.2 2009.07.13 Packed/Upack[/B]
[B]AntiVir 7.9.0.204 2009.07.13 TR/Crypt.XPACK.Gen[/B]
Antiy-AVL 2.0.3.1 2009.07.10 -
[B]Authentium 5.1.2.4 2009.07.12 W32/Virut.AI!Generic[/B]
[B]Avast 4.8.1335.0 2009.07.12 Win32:LdPinch-CT[/B]
[B]AVG 8.5.0.387 2009.07.12 Suspicion: unknown virus[/B]
BitDefender 7.2 2009.07.13 -
[B]CAT-QuickHeal 10.00 2009.07.10 (Suspicious) - DNAScan[/B]
ClamAV 0.94.1 2009.07.13 -
Comodo 1632 2009.07.13 -
DrWeb 5.0.0.12182 2009.07.13 -
eSafe 7.0.17.0 2009.07.12 -
eTrust-Vet 31.6.6610 2009.07.13 -
[B]F-Prot 4.4.4.56 2009.07.12 W32/Virut.AI!Generic[/B]
[B]F-Secure 8.0.14470.0 2009.07.13 Suspicious:W32/Malware!Gemini[/B]
Fortinet 3.120.0.0 2009.07.13 -
[B]GData 19 2009.07.13 Win32:LdPinch-CT[/B]
Ikarus T3.1.1.64.0 2009.07.13 -
Jiangmin 11.0.706 2009.07.13 -
K7AntiVirus 7.10.790 2009.07.11 -
Kaspersky 7.0.0.125 2009.07.13 -
[B]McAfee 5674 2009.07.12 New Malware.n[/B]
[B]McAfee+Artemis 5674 2009.07.12 New Malware.n[/B]
[B]McAfee-GW-Edition 6.8.5 2009.07.13 Heuristic.BehavesLike.Backdoor.C[/B]
[B]Microsoft 1.4803 2009.07.13 PWS:Win32/Ldpinch[/B]
NOD32 4237 2009.07.12 -
[B]Norman 6.01.09 2009.07.10 W32/Suspicious_U.gen[/B]
nProtect 2009.1.8.0 2009.07.13 -
[B]Panda 10.0.0.14 2009.07.12 W32/Spamta.gen.worm[/B]
[B]PCTools 4.4.2.0 2009.07.11 Trojan.LdPinch.Gen.3[/B]
Prevx 3.0 2009.07.13 -
[B]Rising 21.38.00.00 2009.07.13 Trojan.PSW.LdPinch.ak[/B]
[B]Sophos 4.43.0 2009.07.13 Mal/Packer[/B]
Sunbelt 3.2.1858.2 2009.07.12 -
[B]Symantec 1.4.4.12 2009.07.13 Trojan.Goldun.I[/B]
[B]TheHacker 6.3.4.3.366 2009.07.12 W32/Behav-Heuristic-060[/B]
[B]TrendMicro 8.950.0.1094 2009.07.13 Cryp_Xed-12[/B]
[B]VBA32 3.12.10.8 2009.07.12 MalwareScope.Trojan-PSW.Pinch.1[/B]
ViRobot 2009.7.13.1832 2009.07.13 -
[B]VirusBuster 4.6.5.0 2009.07.12 Packed/Upack[/B][/QUOTE]
Additional information
File size: 337972 bytes
MD5...: dc2537c892419abb8ee5afdfdc66f1d4
SHA1..: bc52dbd8675dfc5f9b83edc5ae38861dda2d24ca
SHA256: a698c41738bee77172ef899f54bf751d0f18d389f0b7697f0a65e81b06e2fac6
ssdeep: 6144:IzLtV8Ou+gg0T4B6tUNDGzcyzYQB2LwB4Ia7fOv0eDE0gbn1sNBA/LIl5LX
:81eUwtUAzcyzYDLwB4IaSXUCLA8
PEiD..: -
TrID..: File type identification
DOS Executable Generic (100.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1030
timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970)
machinetype.......: 0x14c (I386)
Page generated in 0.01437 seconds with 10 queries