Исследование антивирусов 2

Printable View

Показывать 40 сообщений этой темы на одной странице

24.11.2005, 00:56
Alexey P.

This is a report processed by VirusTotal on 11/23/2005 at 22:54:48
(CET) after scanning the file "release3.exe" file.

Antivirus Version Update Result
AntiVir 6.32.0.6 11.23.2005 no virus found
Avast 4.6.695.0 11.23.2005 no virus found
AVG 718 11.23.2005 no virus found
Avira 6.32.0.6 11.23.2005 no virus found
BitDefender 7.2 11.23.2005 no virus found
CAT-QuickHeal 8.00 11.23.2005 (Suspicious) - DNAScan
ClamAV devel-20051108 11.23.2005 no virus found
DrWeb 4.33 11.23.2005 DLOADER.PWS.Trojan
eTrust-Iris 7.1.194.0 11.23.2005 no virus found
eTrust-Vet 11.9.1.0 11.23.2005 no virus found
Fortinet 2.48.0.0 11.23.2005 suspicious
F-Prot 3.16c 11.23.2005 could be infected with an unknown virus
Ikarus 0.2.59.0 11.23.2005 no virus found
Kaspersky 4.0.2.24 11.23.2005 no virus found
McAfee 4635 11.23.2005 no virus found
NOD32v2 1.1301 11.23.2005 probably unknown NewHeur_PE virus
Norman 5.70.10 11.23.2005 no virus found
Panda 8.02.00 11.23.2005 no virus found
Sophos 3.99.0 11.23.2005 no virus found
Symantec 8.0 11.22.2005 no virus found
TheHacker 5.9.1.044 11.23.2005 no virus found
VBA32 3.10.5 11.23.2005 no virus found

Тот же файл, прошло 4 дня.
Кто хотел. тот добавил :).

This is a report processed by VirusTotal on 11/27/2005 at 13:42:19
(CET) after scanning the file "release3.exe" file.

Antivirus Version Update Result
AntiVir 6.32.0.6 11.27.2005 no virus found
Avast 4.6.695.0 11.26.2005 no virus found
AVG 718 11.25.2005 BackDoor.Generic.VMA
Avira 6.32.0.6 11.27.2005 no virus found
BitDefender 7.2 11.27.2005 no virus found
CAT-QuickHeal 8.00 11.25.2005 (Suspicious) - DNAScan
ClamAV devel-20051108 11.25.2005 no virus found
DrWeb 4.33 11.27.2005 Trojan.PWS.Krot
eTrust-Iris 7.1.194.0 11.24.2005 no virus found
eTrust-Vet 11.9.1.0 11.25.2005 no virus found
Fortinet 2.48.0.0 11.26.2005 W32/Ubriel.F!bdr
F-Prot 3.16c 11.24.2005 could be infected with an unknown virus
Ikarus 0.2.59.0 11.26.2005 no virus found
Kaspersky 4.0.2.24 11.27.2005 Backdoor.Win32.Ubriel.f
McAfee 4637 11.25.2005 no virus found
NOD32v2 1.1305 11.25.2005 probably unknown NewHeur_PE virus
Norman 5.70.10 11.25.2005 no virus found
Panda 8.02.00 11.27.2005 no virus found
Sophos 4.00.0 11.26.2005 no virus found
Symantec 8.0 11.27.2005 Backdoor.Trojan
TheHacker 5.9.1.044 11.24.2005 no virus found
VBA32 3.10.5 11.26.2005 Trojan.PWS.Krot

ЗЫ: Даже симсы подшевелились. Удивительно :).
24.11.2005, 00:59
Alexey P.

This is a report processed by VirusTotal on 11/23/2005 at 22:58:37
(CET) after scanning the file "10.exe" file.

Antivirus Version Update Result
AntiVir 6.32.0.6 11.23.2005 no virus found
Avast 4.6.695.0 11.23.2005 no virus found
AVG 718 11.23.2005 no virus found
Avira 6.32.0.6 11.23.2005 no virus found
BitDefender 7.2 11.23.2005 no virus found
CAT-QuickHeal 8.00 11.23.2005 (Suspicious) - DNAScan
ClamAV devel-20051108 11.23.2005 no virus found
DrWeb 4.33 11.23.2005 Trojan.DownLoader.5444
eTrust-Iris 7.1.194.0 11.23.2005 no virus found
eTrust-Vet 11.9.1.0 11.23.2005 no virus found
Fortinet 2.48.0.0 11.23.2005 suspicious
F-Prot 3.16c 11.23.2005 no virus found
Ikarus 0.2.59.0 11.23.2005 no virus found
Kaspersky 4.0.2.24 11.23.2005 Trojan-Downloader.Win32.Small.bve
McAfee 4635 11.23.2005 no virus found
NOD32v2 1.1301 11.23.2005 a variant of Win32/TrojanDownloader.Small.NFP
Norman 5.70.10 11.23.2005 no virus found
Panda 8.02.00 11.23.2005 no virus found
Sophos 3.99.0 11.23.2005 no virus found
Symantec 8.0 11.22.2005 no virus found
TheHacker 5.9.1.044 11.23.2005 no virus found
VBA32 3.10.5 11.23.2005 no virus found
24.11.2005, 01:01
Alexey P.

This is a report processed by VirusTotal on 11/23/2005 at 23:02:00
(CET) after scanning the file "30.exe" file.

Antivirus Version Update Result
AntiVir 6.32.0.6 11.23.2005 Heuristic/Virus.Win32
Avast 4.6.695.0 11.23.2005 no virus found
AVG 718 11.23.2005 no virus found
Avira 6.32.0.6 11.23.2005 Heuristic/Virus.Win32
BitDefender 7.2 11.23.2005 no virus found
CAT-QuickHeal 8.00 11.23.2005 no virus found
ClamAV devel-20051108 11.23.2005 Virtool.DllInjector.Elirt-1
DrWeb 4.33 11.23.2005 Trojan.DownLoader.5445
eTrust-Iris 7.1.194.0 11.23.2005 no virus found
eTrust-Vet 11.9.1.0 11.23.2005 no virus found
Fortinet 2.48.0.0 11.23.2005 HackerTool/Dllinjector
F-Prot 3.16c 11.23.2005 no virus found
Ikarus 0.2.59.0 11.23.2005 no virus found
Kaspersky 4.0.2.24 11.23.2005 no virus found
McAfee 4635 11.23.2005 no virus found
NOD32v2 1.1301 11.23.2005 no virus found
Norman 5.70.10 11.23.2005 no virus found
Panda 8.02.00 11.23.2005 no virus found
Sophos 3.99.0 11.23.2005 no virus found
Symantec 8.0 11.22.2005 no virus found
TheHacker 5.9.1.044 11.23.2005 no virus found
VBA32 3.10.5 11.23.2005 no virus found
24.11.2005, 08:37
kvit

[IMG]http://ex-vdcom.ru/files/vir_result_2.gif[/IMG]
KAV занял, считаю достойно, место лидера.
NOD32 медленно, но верно подобрался к лидерам.
Fortinet не смотря на его фиеричные показатели веры нет, слишком уж многое достигнуто за счет эвристика...
24.11.2005, 10:12
Geser

[QUOTE]Fortinet не смотря на его фиеричные показатели веры нет, слишком уж многое достигнуто за счет эвристика...[/QUOTE]
У нода тоже :)
24.11.2005, 11:01
kvit

Как ни странно, но я еще ни разу в своей жизни не видел ложного срабатывания у НОДа, хотя не отрицаю, что эвристика это палка о двух концах... Ради интереса займусь исследования на досуге...
24.11.2005, 15:57
Antivirus_KZ

Мля для тестов использовался Симантек 8.0 говно полное и результаты соответствующие...
Например 10 намного лучше ловит Spyware и Adware.. 8 и 9 не видели их практически.....
25.11.2005, 08:18
Shu_b

This is a report processed by VirusTotal on 11/25/2005 at 06:02:34 (CET) after scanning the file "winldra.exe" file.

Antivirus Version Update Result
AntiVir 6.32.0.6 11.24.2005 no virus found
Avast 4.6.695.0 11.24.2005 no virus found
AVG 718 11.23.2005 no virus found
Avira 6.32.0.6 11.24.2005 no virus found
BitDefender 7.2 11.25.2005 Backdoor.Dumador.VM
CAT-QuickHeal 8.00 11.24.2005 no virus found
ClamAV devel-20051108 11.24.2005 no virus found
DrWeb 4.33 11.24.2005 BackDoor.Dumaru.34
eTrust-Iris 7.1.194.0 11.24.2005 no virus found
eTrust-Vet 11.9.1.0 11.24.2005 Win32.Bambo.BX
Fortinet 2.48.0.0 11.24.2005 suspicious
F-Prot 3.16c 11.24.2005 no virus found
Ikarus 0.2.59.0 11.24.2005 no virus found
Kaspersky 4.0.2.24 11.25.2005 no virus found
McAfee 4636 11.24.2005 no virus found
NOD32v2 1.1304 11.24.2005 no virus found
Norman 5.70.10 11.24.2005 no virus found
Panda 8.02.00 11.24.2005 Bck/Dumador.EO
Sophos 3.99.0 11.25.2005 no virus found
Symantec 8.0 11.25.2005 no virus found
TheHacker 5.9.1.044 11.24.2005 no virus found
VBA32 3.10.5 11.24.2005 suspected of Embedded.Backdoor.Win32.Dumador.eo

ps вчера его невидел никто, кроме эвристика VBA
25.11.2005, 08:24
kvit

[QUOTE=Shu_b]
Panda 8.02.00 11.24.2005 Bck/Dumador.EO
VBA32 3.10.5 11.24.2005 suspected of Embedded.Backdoor.Win32.Dumador.eo

ps вчера его невидел никто, кроме эвристика VBA[/QUOTE]

Такое ощущение что многие присваиват имена вирусам на основе анализа эвристика VBA...
26.11.2005, 03:16
Оби-Ван

This is a report processed by VirusTotal on 11/26/2005 at 01:14:12 (CET) after scanning the file "car.exe.exe" file.

Antivirus Version Update Result
AntiVir 6.32.0.6 11.25.2005 no virus found
Avast 4.6.695.0 11.24.2005 no virus found
AVG 718 11.25.2005 PSW.Banker.25.S
Avira 6.32.0.6 11.25.2005 no virus found
BitDefender 7.2 11.26.2005 Trojan.Spy.Agent.Y
CAT-QuickHeal 8.00 11.25.2005 no virus found
ClamAV devel-20051108 11.25.2005 no virus found
DrWeb 4.33 11.25.2005 Trojan.DownLoader.1817
eTrust-Iris 7.1.194.0 11.24.2005 no virus found
eTrust-Vet 11.9.1.0 11.25.2005 no virus found
Fortinet 2.48.0.0 11.25.2005 suspicious
F-Prot 3.16c 11.24.2005 no virus found
Ikarus 0.2.59.0 11.26.2005 no virus found
Kaspersky 4.0.2.24 11.26.2005 Trojan-Spy.Win32.Perfloger.l
McAfee 4637 11.25.2005 Keylog-Perfect.dr
NOD32v2 1.1305 11.25.2005 no virus found
Norman 5.70.10 11.25.2005 no virus found
Panda 8.02.00 11.25.2005 no virus found
Sophos 3.99.0 11.25.2005 no virus found
Symantec 8.0 11.26.2005 no virus found
TheHacker 5.9.1.044 11.24.2005 Trojan/Perfect
VBA32 3.10.5 11.26.2005 Trojan.Perflog.Mod.RAR
27.11.2005, 15:33
Alexey P.

This is a report processed by VirusTotal on 11/27/2005 at 08:23:27
(CET) after scanning the file "test.exe" file.

Antivirus Version Update Result
AntiVir 6.32.0.6 11.26.2005 no virus found
Avast 4.6.695.0 11.26.2005 no virus found
AVG 718 11.25.2005 no virus found
Avira 6.32.0.6 11.26.2005 no virus found
BitDefender 7.2 11.26.2005 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 8.00 11.25.2005 no virus found
ClamAV devel-20051108 11.25.2005 no virus found
DrWeb 4.33 11.26.2005 MULDROP.Trojan
eTrust-Iris 7.1.194.0 11.24.2005 no virus found
eTrust-Vet 11.9.1.0 11.25.2005 no virus found
Fortinet 2.48.0.0 11.26.2005 no virus found
F-Prot 3.16c 11.24.2005 no virus found
Ikarus 0.2.59.0 11.26.2005 no virus found
Kaspersky 4.0.2.24 11.27.2005 no virus found
McAfee 4637 11.25.2005 no virus found
NOD32v2 1.1305 11.25.2005 no virus found
Norman 5.70.10 11.25.2005 no virus found
Panda 8.02.00 11.26.2005 no virus found
Sophos 4.00.0 11.26.2005 no virus found
Symantec 8.0 11.27.2005 no virus found
TheHacker 5.9.1.044 11.24.2005 no virus found
VBA32 3.10.5 11.26.2005 suspected of Backdoor.xBot.80
27.11.2005, 15:34
Alexey P.

This is a report processed by VirusTotal on 11/26/2005 at 20:10:50
(CET) after scanning the file "q.chm" file.

Antivirus Version Update Result
AntiVir 6.32.0.6 11.26.2005 no virus found
Avast 4.6.695.0 11.26.2005 no virus found
AVG 718 11.25.2005 no virus found
Avira 6.32.0.6 11.26.2005 no virus found
BitDefender 7.2 11.26.2005 Exploit.Html.Codebase.Exec.Gen
CAT-QuickHeal 8.00 11.25.2005 no virus found
ClamAV devel-20051108 11.25.2005 no virus found
DrWeb 4.33 11.26.2005 DLOADER.Trojan
eTrust-Iris 7.1.194.0 11.24.2005 no virus found
eTrust-Vet 11.9.1.0 11.25.2005 no virus found
Fortinet 2.48.0.0 11.25.2005 no virus found
F-Prot 3.16c 11.24.2005 no virus found
Ikarus 0.2.59.0 11.26.2005 no virus found
Kaspersky 4.0.2.24 11.26.2005 no virus found
McAfee 4637 11.25.2005 no virus found
NOD32v2 1.1305 11.25.2005 no virus found
Norman 5.70.10 11.25.2005 no virus found
Panda 8.02.00 11.26.2005 no virus found
Sophos 4.00.0 11.26.2005 no virus found
Symantec 8.0 11.26.2005 no virus found
TheHacker 5.9.1.044 11.24.2005 no virus found
VBA32 3.10.5 11.26.2005 no virus found
27.11.2005, 15:36
Alexey P.

This is a report processed by VirusTotal on 11/26/2005 at 14:41:13
(CET) after scanning the file "pi1_20.exe" file.

Antivirus Version Update Result
AntiVir 6.32.0.6 11.26.2005 Heuristic/Trojan.Downloader
Avast 4.6.695.0 11.26.2005 no virus found
AVG 718 11.25.2005 Downloader.Generic.IKN
Avira 6.32.0.6 11.26.2005 Heuristic/Trojan.Downloader
BitDefender 7.2 11.26.2005 Trojan.Downloader.Small.BUE
CAT-QuickHeal 8.00 11.25.2005 TrojanDownloader.Small.bue
ClamAV devel-20051108 11.25.2005 no virus found
DrWeb 4.33 11.26.2005 DLOADER.Trojan
eTrust-Iris 7.1.194.0 11.24.2005 no virus found
eTrust-Vet 11.9.1.0 11.25.2005 no virus found
Fortinet 2.48.0.0 11.25.2005 no virus found
F-Prot 3.16c 11.24.2005 no virus found
Ikarus 0.2.59.0 11.26.2005 no virus found
Kaspersky 4.0.2.24 11.26.2005 Trojan-Downloader.Win32.Small.bue
McAfee 4637 11.25.2005 Downloader-VG
NOD32v2 1.1305 11.25.2005 no virus found
Norman 5.70.10 11.25.2005 no virus found
Panda 8.02.00 11.26.2005 no virus found
Sophos 4.00.0 11.26.2005 no virus found
Symantec 8.0 11.26.2005 no virus found
TheHacker 5.9.1.044 11.24.2005 no virus found
VBA32 3.10.5 11.26.2005 Trojan-Downloader.Win32.Small.bue
27.11.2005, 19:29
sergey_gum

Якобы ключ для VBA, но внутри находится файл setup.exe
This is a report processed by VirusTotal on 11/27/2005 at 17:27:50 (CET) after scanning the file "vba32.key.zip" file.

Antivirus Version Update Result
AntiVir 6.32.0.6 11.27.2005 no virus found
Avast 4.6.695.0 11.26.2005 no virus found
AVG 718 11.27.2005 no virus found
Avira 6.32.0.6 11.27.2005 no virus found
BitDefender 7.2 11.27.2005 no virus found
CAT-QuickHeal 8.00 11.25.2005 no virus found
ClamAV devel-20051108 11.25.2005 no virus found
DrWeb 4.33 11.27.2005 no virus found
eTrust-Iris 7.1.194.0 11.27.2005 no virus found
eTrust-Vet 11.9.1.0 11.25.2005 no virus found
Fortinet 2.48.0.0 11.26.2005 suspicious
F-Prot 3.16c 11.24.2005 no virus found
Ikarus 0.2.59.0 11.26.2005 no virus found
Kaspersky 4.0.2.24 11.27.2005 no virus found
McAfee 4637 11.25.2005 no virus found
NOD32v2 1.1305 11.25.2005 no virus found
Norman 5.70.10 11.25.2005 no virus found
Panda 8.02.00 11.27.2005 no virus found
Sophos 4.00.0 11.26.2005 no virus found
Symantec 8.0 11.27.2005 no virus found
TheHacker 5.9.1.044 11.24.2005 no virus found
VBA32 3.10.5 11.26.2005 no virus found
27.11.2005, 19:32
sergey_gum

Еще один:
This is a report processed by VirusTotal on 11/27/2005 at 17:32:42 (CET) after scanning the file "vba32.key__1_.zip" file.

Antivirus Version Update Result
AntiVir 6.32.0.6 11.27.2005 no virus found
Avast 4.6.695.0 11.26.2005 no virus found
AVG 718 11.27.2005 no virus found
Avira 6.32.0.6 11.27.2005 no virus found
BitDefender 7.2 11.27.2005 no virus found
CAT-QuickHeal 8.00 11.25.2005 no virus found
ClamAV devel-20051108 11.25.2005 no virus found
DrWeb 4.33 11.27.2005 no virus found
eTrust-Iris 7.1.194.0 11.27.2005 no virus found
eTrust-Vet 11.9.1.0 11.25.2005 no virus found
Fortinet 2.48.0.0 11.26.2005 suspicious
F-Prot 3.16c 11.24.2005 no virus found
Ikarus 0.2.59.0 11.26.2005 no virus found
Kaspersky 4.0.2.24 11.27.2005 Trojan-Downloader.Win32.IstBar.nk
McAfee 4637 11.25.2005 no virus found
NOD32v2 1.1305 11.25.2005 no virus found
Norman 5.70.10 11.25.2005 no virus found
Panda 8.02.00 11.27.2005 no virus found
Sophos 4.00.0 11.26.2005 no virus found
Symantec 8.0 11.27.2005 no virus found
TheHacker 5.9.1.044 11.24.2005 no virus found
VBA32 3.10.5 11.26.2005 no virus found
27.11.2005, 19:36
sergey_gum

Только шо на мыло пришло:
This is a report processed by VirusTotal on 11/27/2005 at 17:36:39 (CET) after scanning the file "nathaniell.zip" file.

Antivirus Version Update Result
AntiVir 6.32.0.6 11.27.2005 TR/Bagle.gen
Avast 4.6.695.0 11.27.2005 Win32:Beagle-FR
AVG 718 11.27.2005 I-Worm/Bagle
Avira 6.32.0.6 11.27.2005 TR/Bagle.gen
BitDefender 7.2 11.27.2005 Trojan.Bagle.BK
CAT-QuickHeal 8.00 11.27.2005 (Suspicious) - DNAScan
ClamAV devel-20051108 11.27.2005 Worm.Bagle.Gen-9
DrWeb 4.33 11.27.2005 no virus found
eTrust-Iris 7.1.194.0 11.27.2005 no virus found
eTrust-Vet 11.9.1.0 11.27.2005 no virus found
Fortinet 2.48.0.0 11.27.2005 W32/Mitglieder.GI!tr
F-Prot 3.16c 11.27.2005 security risk named W32/Mitglieder.GI
Ikarus 0.2.59.0 11.27.2005 no virus found
Kaspersky 4.0.2.24 11.27.2005 Trojan-Downloader.Win32.Bagle.e
McAfee 4635 11.27.2005 W32/Bagle.gen
NOD32v2 1.1301 11.27.2005 Win32/Bagle.DR
Norman 5.70.10 11.27.2005 W32/Mitglied.NQ
Panda 8.02.00 11.27.2005 Trj/Mitglieder.GB
Sophos 3.99.0 11.27.2005 no virus found
Symantec 8.0 11.27.2005 no virus found
TheHacker 5.9.1.044 11.27.2005 W32/Bagle.GEN@MM
VBA32 3.10.5 11.27.2005 Trojan-Downloader.Win32.Bagle.f
27.11.2005, 19:37
sergey_gum

This is a report processed by VirusTotal on 11/27/2005 at 17:37:04 (CET) after scanning the file "gamejack_5.0.4.2_keygen_by_kaizer_soze___core.zip" file.

Antivirus Version Update Result
AntiVir 6.32.0.6 11.27.2005 no virus found
Avast 4.6.695.0 11.26.2005 no virus found
AVG 718 11.27.2005 no virus found
Avira 6.32.0.6 11.27.2005 no virus found
BitDefender 7.2 11.27.2005 no virus found
CAT-QuickHeal 8.00 11.25.2005 no virus found
ClamAV devel-20051108 11.25.2005 no virus found
DrWeb 4.33 11.27.2005 no virus found
eTrust-Iris 7.1.194.0 11.27.2005 no virus found
eTrust-Vet 11.9.1.0 11.25.2005 no virus found
Fortinet 2.48.0.0 11.26.2005 suspicious
F-Prot 3.16c 11.24.2005 no virus found
Ikarus 0.2.59.0 11.26.2005 no virus found
Kaspersky 4.0.2.24 11.27.2005 Trojan-Downloader.Win32.IstBar.nk
McAfee 4637 11.25.2005 no virus found
NOD32v2 1.1305 11.25.2005 no virus found
Norman 5.70.10 11.25.2005 no virus found
Panda 8.02.00 11.27.2005 no virus found
Sophos 4.00.0 11.26.2005 no virus found
Symantec 8.0 11.27.2005 no virus found
TheHacker 5.9.1.044 11.24.2005 no virus found
VBA32 3.10.5 11.26.2005 no virus found
27.11.2005, 19:39
MOCT

[QUOTE=sergey_gum]Якобы ключ для VBA, но внутри находится файл setup.exe
This is a report processed by VirusTotal on 11/27/2005 at 17:27:50 (CET) after scanning the file "vba32.key.zip" file.
[/QUOTE]
ну может и правда ключ, раз ничего не находит, даже эвристика...
27.11.2005, 20:04
sergey_gum

[quote=MOCT]ну может и правда ключ, раз ничего не находит, даже эвристика...[/quote]
Тока стрёмно такой файл открывать...
З.Ы. Отправил в VBA.
27.11.2005, 21:45
Alexey P.

[QUOTE=sergey_gum]Еще один:
This is a report processed by VirusTotal on 11/27/2005 at 17:32:42 (CET) after scanning the file "vba32.key__1_.zip" file.

Kaspersky 4.0.2.24 11.27.2005 Trojan-Downloader.Win32.IstBar.nk
[/QUOTE]

Minos написал об этом: [url]http://www.virusinfo.info/showthread.php?t=4085[/url]
Фишка в том, что на любой запрос (даже при поиске файла с бредовым названием) выдается isbar - и именно с запрошенным именем архива.
Т.е. название архива лишь говорит о том, что искали :).

Социальная инженерия - шанс на запуск того, что сам искал, довольно высоки :). Особенно ежели оно антивирями еще не детектится.

Показывать 40 сообщений этой темы на одной странице