-
В ящик на mail.ru свалилось сегодня
[QUOTE]
Return-path: <[email protected]>
Received: from [62.5.255.19] (port=63395 helo=umail.ru)
by mx26.mail.ru with esmtp
id 1Gt5FB-000BKu-00
for [email][email protected][/email]; Sat, 09 Dec 2006 19:40:09 +0300
Received-SPF: none (mx26.mail.ru: 62.5.255.19 is neither permitted nor denied by domain of icq.com) client-ip=62.5.255.19; [email protected]; helo=umail.ru;
Received: from [212.94.122.1] (account [email][email protected][/email] HELO icqm)
by fe01-umail.umail.ru (CommuniGate Pro SMTP 5.0.12)
with SMTPA id 69750782 for [email][email protected][/email]; Sat, 09 Dec 2006 19:39:11 +0300
From: "ICQ" <[email protected]>
To: [email][email protected][/email]
Subject: Новое сообщение
X-Mailer: The Bat! (v3.71.01) Professional
Reply-To: [email][email protected][/email]
Date: Sat, 9 Dec 2006 22:39:15 +0600
Mime-Version: 1.0
Content-Type: text/html; charset=windows-1251
Message-ID: <[email protected]>
X-Spam: Not detected
Здравствуйте!<br>
<br>
Вам отправлено аудио-сообщение от: <b>[email protected], ICQ 265074165</b><br>
<br>
<a href="http://icqm.ifastnet.com/message-678374.exe">[ Получить сообщение ]</a>
[/QUOTE]
Complete scanning result of "message-678374.exe", processed in VirusTotal at 12/11/2006 07:18:48 (CET).
[ file data ]
* name: message-678374.exe
* size: 40676
* md5.: 9ae2cb788e54d88d9bcf04ee6fa2f656
* sha1: a665d66cda9a23a0351fa6be7349f6433e89aa31
[ scan result ]
AntiVir 7.2.0.49/20061210 found [Worm/Agent.D.12]
Authentium 4.93.8/20061208 found nothing
Avast 4.7.892.0/20061208 found [Win32:Delf-CAT]
AVG 386/20061209 found nothing
BitDefender 7.2/20061211 found [Win32.Worm.Agent.D]
CAT-QuickHeal 8.00/20061209 found [(Suspicious) - DNAScan]
ClamAV devel-20060426/20061210 found nothing
DrWeb 4.33/20061210 found [Win32.HLLW.Kesk]
eSafe 7.0.14.0/20061207 found [suspicious Trojan/Worm]
eTrust-InoculateIT 23.73.81/20061209 found nothing
eTrust-Vet 30.3.3238/20061208 found nothing
Ewido 4.0/20061210 found [Worm.Agent.b]
F-Prot 3.16f/20061208 found nothing
F-Prot4 4.2.1.29/20061208 found nothing
Fortinet 2.82.0.0/20061211 found [W32/Agent.B!worm.im]
Ikarus T3.1.0.26/20061207 found [IM-Worm.Win32.Sumom.C]
Kaspersky 4.0.2.24/20061211 found [Net-Worm.Win32.Agent.b]
McAfee 4915/20061210 found nothing
Microsoft 1.1804/20061210 found nothing
[B]NOD32v2 1913/20061209 found nothing[/B]
Norman 5.80.02/20061208 found [W32/Suspicious_M.gen]
Panda 9.0.0.4/20061211 found [Suspicious file]
Prevx1 V2/20061211 found nothing
Sophos 4.12.0/20061210 found [Mal/Packer]
Sunbelt 2.2.907.0/20061130 found [VIPRE.Suspicious]
TheHacker 6.0.3.131/20061210 found nothing
UNA 1.83/20061208 found nothing
VBA32 3.11.1/20061210 found [suspected of MalwareScope.Trojan-PSW.PdPinch.2 (paranoid heuristics)]
VirusBuster 4.3.15:9/20061210 found [novirus:Packed/MEW]
[ notes ]
packers: MEW
packers: MEW
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
-
Просьба к администраторам подвести статистику за последний период, давно не было.
-
Complete scanning result of "setup.exe", received in VirusTotal at 12.11.2006, 17:28:15 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.49 12.11.2006 no virus found
[B]Authentium 4.93.8 12.08.2006 W32/Methodbod.gen2[/B]
Avast 4.7.892.0 12.11.2006 no virus found
AVG 386 12.09.2006 no virus found
[B]BitDefender 7.2 12.11.2006 DeepScan:Generic.Horst.2073FE1E[/B]
[B]CAT-QuickHeal 8.00 12.11.2006 Trojan.Horst.qf
ClamAV devel-20060426 12.11.2006 Trojan.Medbot-98[/B]
DrWeb 4.33 12.11.2006 no virus found
[B]eSafe 7.0.14.0 12.11.2006 suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.81 12.09.2006 no virus found
eTrust-Vet 30.3.3244 12.11.2006 no virus found
Ewido 4.0 12.10.2006 no virus found
Fortinet 2.82.0.0 12.11.2006 no virus found
[B]F-Prot 3.16f 12.08.2006 W32/Methodbod.gen2
F-Prot4 4.2.1.29 12.08.2006 W32/Methodbod.gen2[/B]
Ikarus T3.1.0.26 12.11.2006 no virus found
Kaspersky 4.0.2.24 12.11.2006 no virus found
McAfee 4915 12.10.2006 no virus found
Microsoft 1.1804 12.11.2006 no virus found
NOD32v2 1914 12.11.2006 no virus found
[B]Norman 5.80.02 12.11.2006 W32/Horst.gen14
Panda 9.0.0.4 12.11.2006 Suspicious file[/B]
Prevx1 V2 12.11.2006 no virus found
[B]Sophos 4.12.0 12.10.2006 Mal/Behav-080[/B]
Sunbelt 2.2.907.0 11.30.2006 no virus found
[B]TheHacker 6.0.3.131 12.10.2006 Trojan/Horst.gen[/B]
UNA 1.83 12.08.2006 no virus found
[B]VBA32 3.11.1 12.10.2006 MalwareScope.Trojan-Proxy.Horst.1[/B]
VirusBuster 4.3.15:9 12.11.2006 no virus found
Aditional Information
File size: 44544 bytes
MD5: 118e257037e8bbc57e81c3b282c122a3
SHA1: 4b911b91c813526728c4b9387efef19ee7f20cbe
packers: UPX
packers: UPX
packers: UPX
packers: UPX
-
Complete scanning result of "setup.exe", received in VirusTotal at 12.12.2006, 14:19:11 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.49 12.12.2006 no virus found
[B]Authentium 4.93.8 12.11.2006 W32/Methodbod.gen2[/B]
Avast 4.7.892.0 12.12.2006 no virus found
AVG 386 12.11.2006 no virus found
[B]BitDefender 7.2 12.12.2006 DeepScan:Generic.Horst.4BC9FDCC[/B]
[B]CAT-QuickHeal 8.00 12.11.2006 Trojan.Horst.qf
ClamAV devel-20060426 12.11.2006 Trojan.Medbot-98[/B]
DrWeb 4.33 12.12.2006 no virus found
[B]eSafe 7.0.14.0 12.11.2006 suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.83 12.12.2006 no virus found
[B]eTrust-Vet 30.3.3246 12.12.2006 Win32/Boxed!generic[/B]
Ewido 4.0 12.12.2006 no virus found
Fortinet 2.82.0.0 12.12.2006 no virus found
[B]F-Prot 3.16f 12.11.2006 W32/Methodbod.gen2
F-Prot4 4.2.1.29 12.11.2006 W32/Methodbod.gen2[/B]
Ikarus T3.1.0.26 12.12.2006 no virus found
Kaspersky 4.0.2.24 12.12.2006 no virus found
McAfee 4916 12.11.2006 no virus found
Microsoft 1.1804 12.12.2006 no virus found
NOD32v2 1916 12.12.2006 no virus found
[B]Norman 5.80.02 12.12.2006 W32/Horst.gen14
Panda 9.0.0.4 12.12.2006 Suspicious file[/B]
Prevx1 V2 12.12.2006 no virus found
[B]Sophos 4.12.0 12.10.2006 Mal/Behav-080[/B]
Sunbelt 2.2.907.0 11.30.2006 no virus found
[B]TheHacker 6.0.3.131 12.10.2006 Trojan/Horst.gen[/B]
UNA 1.83 12.11.2006 no virus found
[B]VBA32 3.11.1 12.11.2006 MalwareScope.Trojan-Proxy.Horst.1[/B]
VirusBuster 4.3.15:9 12.11.2006 no virus found
Aditional Information
File size: 44032 bytes
MD5: 00f7223e0a5625557aae42fe2ca9fdc3
SHA1: ac7c9f84fb1ff171ccf189a1eb3e898dab785561
packers: UPX
packers: UPX
packers: UPX
packers: UPX
-
Complete scanning result of "mailru.exe", received in VirusTotal at 12.12.2006, 19:04:12 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.15 12.12.2006 HEUR/Crypted
Authentium 4.93.8 12.11.2006 no virus found
Avast 4.7.892.0 12.12.2006 Win32:Small-DJC
AVG 386 12.12.2006 no virus found
BitDefender 7.2 12.12.2006 no virus found
CAT-QuickHeal 8.00 12.12.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 12.12.2006 no virus found
DrWeb 4.33 12.12.2006 no virus found
eSafe 7.0.14.0 12.11.2006 no virus found
eTrust-InoculateIT 23.73.83 12.12.2006 no virus found
eTrust-Vet 30.3.3246 12.12.2006 no virus found
Ewido 4.0 12.12.2006 Not-A-Virus.Hoax.Win32.Delf.g
Fortinet 2.82.0.0 12.12.2006 suspicious
F-Prot 3.16f 12.11.2006 no virus found
F-Prot4 4.2.1.29 12.11.2006 no virus found
Ikarus T3.1.0.26 12.12.2006
Kaspersky 4.0.2.24 12.12.2006 not-virus:Hoax.Win32.Delf.g
McAfee 4917 12.12.2006 no virus found
Microsoft 1.1804 12.12.2006 no virus found
[B]NOD32v2 1917 12.12.2006 no virus found[/B]
Norman 5.80.02 12.12.2006 Suspicious_F.gen
Panda 9.0.0.4 12.12.2006 Suspicious file
Prevx1 V2 12.12.2006 no virus found
Sophos 4.12.0 12.10.2006 Mal/Packer
Sunbelt 2.2.907.0 11.30.2006 VIPRE.Suspicious
TheHacker 6.0.3.131 12.10.2006 no virus found
UNA 1.83 12.11.2006 Hoax.Win32.Delf.299D
VBA32 3.11.1 12.12.2006 no virus found
VirusBuster 4.3.15:9 12.12.2006 no virus found
Aditional Information
File size: 246433 bytes
MD5: 8814c56326a8c3a81532e8662027188b
SHA1: eadb08cc4517c31b6d50b4e965c3ee979b75a591
packers: FSG
packers: FSG
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
-
Complete scanning result of "screensaver.exe", received in VirusTotal at 12.12.2006, 21:13:17 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.15 12.12.2006 HEUR/Crypted
Authentium 4.93.8 12.11.2006 Possibly a new variant of W32/Threat-HLLSI-based!Maximus
Avast 4.7.892.0 12.12.2006 Win32:Ldpinch-AH
AVG 386 12.12.2006 no virus found
BitDefender 7.2 12.12.2006 no virus found
CAT-QuickHeal 8.00 12.12.2006 no virus found
ClamAV devel-20060426 12.12.2006 no virus found
DrWeb 4.33 12.12.2006 BACKDOOR.PWS.Trojan
eSafe 7.0.14.0 12.11.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.83 12.12.2006 no virus found
eTrust-Vet 30.3.3246 12.12.2006 no virus found
Ewido 4.0 12.12.2006 no virus found
Fortinet 2.82.0.0 12.12.2006 W32/LdPinch.BFE!tr.pws
F-Prot 3.16f 12.12.2006 Possibly a new variant of W32/Threat-HLLSI-based!Maximus
F-Prot4 4.2.1.29 12.12.2006 W32/CrazyCrunch-based!Maximus
Ikarus T3.1.0.26 12.12.2006 Trojan-PSW.Win32.LdPinch
Kaspersky 4.0.2.24 12.12.2006 Trojan-PSW.Win32.LdPinch.bfe
McAfee 4917 12.12.2006 no virus found
Microsoft 1.1804 12.12.2006 no virus found
[B]NOD32v2 1918 12.12.2006 no virus found[/B]
Norman 5.80.02 12.12.2006 no virus found
Panda 9.0.0.4 12.12.2006 Suspicious file
Prevx1 V2 12.12.2006 no virus found
Sophos 4.12.0 12.10.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.131 12.10.2006 no virus found
UNA 1.83 12.11.2006 no virus found
VBA32 3.11.1 12.12.2006 MalwareScope.Trojan-PSW.PdPinch.5
VirusBuster 4.3.15:9 12.12.2006 no virus found
Aditional Information
File size: 14336 bytes
MD5: 90f100ef481774dca2be02004ee4967c
SHA1: 1f3d4f6340d62204c839d4fe5a0dc8352de26c8b
packers: ASPack
packers: ASPACK
packers: Aspack
-
Complete scanning result of "setup.exe", received in VirusTotal at 12.12.2006, 22:26:24 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.15 12.12.2006 no virus found
[B]Authentium 4.93.8 12.12.2006 W32/Methodbod.gen2[/B]
Avast 4.7.892.0 12.12.2006 no virus found
AVG 386 12.12.2006 no virus found
BitDefender 7.2 12.12.2006 no virus found
[B]CAT-QuickHeal 8.00 12.12.2006 Trojan.Horst.qf
ClamAV devel-20060426 12.12.2006 Trojan.Medbot-98[/B]
DrWeb 4.33 12.12.2006 no virus found
[B]eSafe 7.0.14.0 12.11.2006 suspicious Trojan/Wor[/B]m
eTrust-InoculateIT 23.73.83 12.12.2006 no virus found
[B]eTrust-Vet 30.3.3246 12.12.2006 Win32/Boxed!generic[/B]
Ewido 4.0 12.12.2006 no virus found
Fortinet 2.82.0.0 12.12.2006 no virus found
[B]F-Prot 3.16f 12.12.2006 W32/Methodbod.gen2
F-Prot4 4.2.1.29 12.12.2006 W32/Methodbod.gen2[/B]
Ikarus T3.1.0.26 12.12.2006 no virus found
Kaspersky 4.0.2.24 12.12.2006 no virus found
McAfee 4917 12.12.2006 no virus found
Microsoft 1.1804 12.12.2006 no virus found
[B]NOD32v2 1918 12.12.2006 a variant of Win32/Medbot.DR
Norman 5.80.02 12.12.2006 W32/Horst.gen14
Panda 9.0.0.4 12.12.2006 Suspicious file[/B]
Prevx1 V2 12.12.2006 no virus found
[B]Sophos 4.12.0 12.10.2006 Mal/Behav-080[/B]
Sunbelt 2.2.907.0 11.30.2006 no virus found
[B]TheHacker 6.0.3.131 12.10.2006 Trojan/Horst.gen[/B]
UNA 1.83 12.11.2006 no virus found
[B]VBA32 3.11.1 12.12.2006 MalwareScope.Trojan-Proxy.Horst.1[/B]
VirusBuster 4.3.15:9 12.12.2006 no virus found
Aditional Information
File size: 44032 bytes
MD5: 9eacd652327bf4f17d4f8e0e50367233
SHA1: 65e11afc63521d61e2973bbe33120bca2359e07a
packers: UPX
packers: UPX
packers: UPX
packers: UPX
-
STATUS: FINISHED
Complete scanning result of "server.exe", received in VirusTotal at 12.13.2006, 17:13:13 (CET).
Antivirus Version Update Result
[COLOR="Red"]AntiVir 7.3.0.15 12.13.2006 HEUR/Crypted[/COLOR]
Authentium 4.93.8 12.12.2006 no virus found
Avast 4.7.892.0 12.13.2006 no virus found
AVG 386 12.13.2006 no virus found
BitDefender 7.2 12.13.2006 no virus found
CAT-QuickHeal 8.00 12.13.2006 no virus found
ClamAV devel-20060426 12.13.2006 no virus found
DrWeb 4.33 12.13.2006 no virus found
eSafe 7.0.14.0 12.13.2006 no virus found
eTrust-InoculateIT 23.73.84 12.13.2006 no virus found
eTrust-Vet 30.3.3248 12.13.2006 no virus found
Ewido 4.0 12.13.2006 no virus found
[COLOR="Red"]Fortinet 2.82.0.0 12.13.2006 suspicious[/COLOR]
F-Prot 3.16f 12.12.2006 no virus found
F-Prot4 4.2.1.29 12.12.2006 no virus found
Ikarus T3.1.0.26 12.13.2006 no virus found
Kaspersky 4.0.2.24 12.13.2006 no virus found
[COLOR="Red"]McAfee 4917 12.12.2006 New Win32.g2[/COLOR]
Microsoft 1.1804 12.13.2006 no virus found
NOD32v2 1919 12.13.2006 no virus found
Norman 5.80.02 12.13.2006 no virus found
Panda 9.0.0.4 12.13.2006 no virus found
[COLOR="Red"]Prevx1 V2 12.13.2006 Backdoor.Optix[/COLOR]
Sophos 4.12.0 12.13.2006 no virus found
[COLOR="Red"]Sunbelt 2.2.907.0 11.30.2006 VIPRE.Suspicious[/COLOR]
TheHacker 6.0.3.131 12.10.2006 no virus found
UNA 1.83 12.13.2006 no virus found
[COLOR="Red"]VBA32 3.11.1 12.12.2006 suspected of Trojan-PSW.LdPinch.36 (paranoid heuristics)[/COLOR]
VirusBuster 4.3.15:9 12.13.2006 no virus found
P.s.
Файл сохранён как Kaspersky Keys Working_45802bec1f784.rar
Размер файла 1218470
MD5 3c7bdb437df990ef3ee3a45838e4b98e
-
Complete scanning result of "chkdsk.exe", received in VirusTotal at 12.15.2006, 11:41:02 (CET).
Antivirus Version Update Result
[B]AntiVir 7.3.0.15 12.15.2006 no virus found[/B]
Authentium 4.93.8 12.14.2006 no virus found
Avast 4.7.892.0 12.14.2006 Win32:Purityscan-Q
AVG 386 12.15.2006 no virus found
BitDefender 7.2 12.15.2006 no virus found
CAT-QuickHeal 8.00 12.14.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 12.15.2006 no virus found
[B]DrWeb 4.33 12.15.2006 no virus found[/B]
eSafe 7.0.14.0 12.14.2006 Suspicious Trojan/Worm
eTrust-InoculateIT 23.73.86 12.15.2006 no virus found
eTrust-Vet 30.3.3252 12.15.2006 no virus found
Ewido 4.0 12.15.2006 no virus found
Fortinet 2.82.0.0 12.15.2006 no virus found
F-Prot 3.16f 12.14.2006 no virus found
F-Prot4 4.2.1.29 12.14.2006 no virus found
Ikarus T3.1.0.26 12.15.2006 no virus found
[B]Kaspersky 4.0.2.24 12.15.2006 no virus found[/B]
McAfee 4919 12.14.2006 no virus found
Microsoft 1.1804 12.15.2006 no virus found
NOD32v2 1922 12.14.2006 a variant of Win32/TrojanDownloader.PurityScan
Norman 5.80.02 12.14.2006 no virus found
Panda 9.0.0.4 12.15.2006 Suspicious file
Prevx1 V2 12.15.2006 Spyware.Midaddle
Sophos 4.12.0 12.14.2006 ClickSpring
Sunbelt 2.2.907.0 11.30.2006 VIPRE.Suspicious
TheHacker 6.0.3.132 12.14.2006 no virus found
UNA 1.83 12.14.2006 no virus found
VBA32 3.11.1 12.14.2006 suspected of Backdoor.Rbot.2
VirusBuster 4.3.19:9 12.14.2006 no virus found
-
Complete scanning result of "WM_Keeper.exe", received in VirusTotal at 12.15.2006, 18:49:25 (CET).
Antivirus Version Update Result
[B]AntiVir 7.3.0.19 12.15.2006 W32/Bizex.A.DLL
Authentium 4.93.8 12.14.2006 Possibly a new variant of W32/Threat-SysAdderSml-based!Maximus
Avast 4.7.892.0 12.15.2006 Win32:Trojano-1511[/B]
AVG 386 12.15.2006 no virus found
[B]BitDefender 7.2 12.15.2006 Generic.PWStealer.C89D5ED6
CAT-QuickHeal 8.00 12.15.2006 (Suspicious) - DNAScan[/B]
ClamAV devel-20060426 12.15.2006 no virus found
[B]DrWeb 4.33 12.15.2006 Trojan.PWS.M2.20
eSafe 7.0.14.0 12.14.2006 suspicious Trojan/Wor[/B]m
eTrust-InoculateIT 23.73.86 12.15.2006 no virus found
eTrust-Vet 30.3.3252 12.15.2006 no virus found
[B]Ewido 4.0 12.15.2006 Downloader.Small.ckp
Fortinet 2.82.0.0 12.15.2006 suspicious
F-Prot 3.16f 12.14.2006 Possibly a new variant of W32/Threat-SysAdderSml-based!Maximus[/B]
[B]F-Prot4 4.2.1.29 12.14.2006 W32/Threat-SysAdderSml-based!Maximus
Ikarus T3.1.0.26 12.15.2006 Trojan-PSW.Win32.M2.20.a[/B]
Kaspersky 4.0.2.24 12.15.2006 no virus found
[B]McAfee 4920 12.15.2006 New BackDoor1[/B]
Microsoft 1.1804 12.15.2006 no virus found
[B]NOD32v2 1924 12.15.2006 probably unknown NewHeur_PE[/B] virus
Norman 5.80.02 12.15.2006 no virus found
[B]Panda 9.0.0.4 12.15.2006 Suspicious file[/B]
Prevx1 V2 12.15.2006 no virus found
[B]Sophos 4.12.0 12.14.2006 Troj/RKProc-Fam
Sunbelt 2.2.907.0 11.30.2006 VIPRE.Suspicious[/B]
TheHacker 6.0.3.132 12.14.2006 no virus found
UNA 1.83 12.15.2006 no virus found
[B]VBA32 3.11.1 12.14.2006 suspected of Trojan-Downloader.VB.18[/B]
VirusBuster 4.3.19:9 12.15.2006 no virus found
Aditional Information
File size: 60178 bytes
MD5: 152a7495ff2d86fbe0b56c887abd4cc0
SHA1: 97adbb8f2d8efe4233b176397f2eadd7d1ad4526
packers: UPX
packers: UPX
packers: UPX
packers: UPX
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
-
Complete scanning result of "setup.exe", received in VirusTotal at 12.15.2006, 20:43:51 (CET).
Antivirus Version Update Result
[B]AntiVir 7.3.0.19 12.15.2006 TR/Proxy.Horst.Gen
Authentium 4.93.8 12.15.2006 W32/Methodbod.gen2[/B]
Avast 4.7.892.0 12.15.2006 no virus found
AVG 386 12.15.2006 no virus found
[B]BitDefender 7.2 12.15.2006 DeepScan:Generic.Horst.A3A0D00F[/B]
CAT-QuickHeal 8.00 12.15.2006 no virus found
[B]ClamAV devel-20060426 12.15.2006 Trojan.Medbot-98[/B]
DrWeb 4.33 12.15.2006 no virus found
[B]eSafe 7.0.14.0 12.14.2006 suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.86 12.15.2006 no virus found
[B]eTrust-Vet 30.3.3252 12.15.2006 Win32/Boxed!generic[/B]
Ewido 4.0 12.15.2006 no virus found
Fortinet 2.82.0.0 12.15.2006 no virus found
[B]F-Prot 3.16f 12.15.2006 W32/Methodbod.gen2
F-Prot4 4.2.1.29 12.14.2006 W32/Methodbod.gen2
Ikarus T3.1.0.26 12.15.2006 Trojan-Proxy.Win32.Horst.py[/B]
Kaspersky 4.0.2.24 12.15.2006 no virus found
[B]McAfee 4920 12.15.2006 BackDoor-CMQ.gen[/B]
Microsoft 1.1804 12.15.2006 no virus found
NOD32v2 1924 12.15.2006 no virus found
[B]Norman 5.80.02 12.15.2006 W32/Horst.gen14
Panda 9.0.0.4 12.15.2006 Suspicious file
Sophos 4.12.0 12.14.2006 Mal/Behav-080[/B]
Sunbelt 2.2.907.0 11.30.2006 no virus found
[B]TheHacker 6.0.3.132 12.14.2006 Trojan/Horst.gen
UNA 1.83 12.15.2006 I-Worm.Warezov.ex
VBA32 3.11.1 12.14.2006 MalwareScope.Trojan-Proxy.Horst.1[/B]
VirusBuster 4.3.19:9 12.15.2006 no virus found
Aditional Information
File size: 42496 bytes
MD5: 0e899957e8f650914e2a19ef53426e55
SHA1: 22bc6ca7ffd47d9618e110bc705c9e6b1cca998e
packers: UPX
packers: UPX
packers: UPX
packers: UPX
-
[B]Winsent[/B]
Ну вроде с Medbot'ом всё ясно, так же как и со zlob'ом
Не хотят его некоторые аналитики отслеживать, есть, наверное,у них мотивы или проблемы.:)
-
VirusTotal at 12.18.2006, 14:01:00 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.19 12.18.2006 no virus found
Authentium 4.93.8 12.15.2006 no virus found
Avast 4.7.892.0 12.16.2006 no virus found
AVG 386 12.17.2006 no virus found
[B]BitDefender 7.2 12.18.2006 Dropped:Generic.Malware.SD.9AEF6365[/B]
CAT-QuickHeal 8.00 12.17.2006 no virus found
ClamAV devel-20060426 12.18.2006 no virus found
[B]DrWeb 4.33 12.18.2006 Win32.HLLW.Grizzlie[/B]
[B]eSafe 7.0.14.0 12.17.2006 suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.88 12.18.2006 no virus found
eTrust-Vet 30.3.3254 12.15.2006 no virus found
Ewido 4.0 12.18.2006 no virus found
Fortinet 2.82.0.0 12.18.2006 no virus found
F-Prot 3.16f 12.15.2006 no virus found
F-Prot4 4.2.1.29 12.15.2006 no virus found
Ikarus T3.1.0.27 12.18.2006 no virus found
[B]Kaspersky 4.0.2.24 12.18.2006 Worm.Win32.RussoTuristo.b[/B]
McAfee 4920 12.15.2006 no virus found
Microsoft 1.1804 12.15.2006 no virus found
NOD32v2 1925 12.18.2006 no virus found
[B]Norman 5.80.02 12.18.2006 W32/NetworkWorm[/B]
[B]Panda 9.0.0.4 12.17.2006 W32/BlackHole.AM.worm[/B]
Prevx1 V2 12.18.2006 no virus found
Sophos 4.12.0 12.18.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.134 12.18.2006 no virus found
UNA 1.83 12.15.2006 no virus found
VBA32 3.11.1 12.18.2006 no virus found
[B]VirusBuster 4.3.19:9 12.17.2006 Worm.RussoTuristo.A[/B]
Aditional Information
File size: 53326 bytes
MD5: 7e1b628897f8e03a035266dad1f13ebe
SHA1: 5ac15a78826a31ca4dfbde670eddc090b0747cb7
packers: UPX
packers: UPX
packers: UPX
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email][email protected][/email] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Decompressing UPX.
* File length: 53326 bytes.
[ Changes to filesystem ]
* Creates file N:.._____ _____.exe.
[ Spreading through LAN/WAN ]
* Worm spreading over a network connection.
-
Complete scanning result of "vbsys2._dll", received in VirusTotal at 12.18.2006, 14:58:12 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.19 12.18.2006 no virus found
Authentium 4.93.8 12.15.2006 no virus found
Avast 4.7.892.0 12.16.2006 no virus found
AVG 386 12.17.2006 no virus found
BitDefender 7.2 12.18.2006 no virus found
CAT-QuickHeal 8.00 12.17.2006 no virus found
ClamAV devel-20060426 12.18.2006 no virus found
DrWeb 4.33 12.18.2006 no virus found
eSafe 7.0.14.0 12.17.2006 no virus found
eTrust-InoculateIT 23.73.88 12.18.2006 no virus found
[b] eTrust-Vet 30.3.3254 12.15.2006 Win32/Pomelo!generic [/b]
Ewido 4.0 12.18.2006 no virus found
Fortinet 2.82.0.0 12.18.2006 no virus found
F-Prot 3.16f 12.15.2006 no virus found
F-Prot4 4.2.1.29 12.15.2006 no virus found
[b]Ikarus T3.1.0.27 12.18.2006 Trojan-Clicker.Win32.Agent.ac [/b]
[b]Kaspersky 4.0.2.24 12.18.2006 Trojan-Clicker.Win32.Agent.ac [/b]
McAfee 4920 12.15.2006 no virus found
Microsoft 1.1804 12.15.2006 no virus found
NOD32v2 1925 12.18.2006 no virus found
Norman 5.80.02 12.18.2006 no virus found
[b]Panda 9.0.0.4 12.17.2006 Suspicious file [/b]
Prevx1 V2 12.18.2006 no virus found
Sophos 4.12.0 12.18.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.134 12.18.2006 no virus found
UNA 1.83 12.15.2006 no virus found
[b] VBA32 3.11.1 12.18.2006 suspected of Malware.Agent.19 [/b]
VirusBuster 4.3.19:9 12.18.2006 no virus found
Aditional Information
File size: 90112 bytes
MD5: 66f53ba90bcc3e43a323317711ae48b9
SHA1: 95893014ea2dfa3c09817be8a3aa5ce0c1fdc477
-
[b] AntiVir 7.3.0.19 12.18.2006 TR/LipGame.BM.1 [/b]
Authentium 4.93.8 12.15.2006 no virus found
[b] Avast 4.7.892.0 12.16.2006 Win32: Lipgame [/b]
[b] AVG 386 12.18.2006 Generic2.MCB [/b]
BitDefender 7.2 12.18.2006 no virus found
CAT-QuickHeal 8.00 12.17.2006 no virus found
[b] ClamAV devel-20060426 12.18.2006 Dialer-741 [/b]
DrWeb 4.33 12.18.2006 no virus found
eSafe 7.0.14.0 12.17.2006 no virus found
eTrust-InoculateIT 23.73.88 12.18.2006 no virus found
eTrust-Vet 30.3.3254 12.15.2006 no virus found
Ewido 4.0 12.18.2006 no virus found
[b] Fortinet 2.82.0.0 12.18.2006 W32/LipGame.BM!tr [/b]
F-Prot 3.16f 12.15.2006 no virus found
F-Prot4 4.2.1.29 12.15.2006 no virus found
Ikarus T3.1.0.27 12.18.2006 no virus found
[b] Kaspersky 4.0.2.24 12.18.2006 Trojan.Win32.LipGame.bm [/b]
McAfee 4920 12.15.2006 no virus found
Microsoft 1.1804 12.15.2006 no virus found
[b] NOD32v2 1925 12.18.2006 Win32/LipGame [/b]
Norman 5.80.02 12.18.2006 no virus found
Panda 9.0.0.4 12.17.2006 no virus found
Prevx1 V2 12.18.2006 no virus found
Sophos 4.12.0 12.18.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.134 12.18.2006 no virus found
UNA 1.83 12.15.2006 no virus found
[b] VBA32 3.11.1 12.18.2006 suspected of Malware.Agent.19 [/b]
VirusBuster 4.3.19:9 12.18.2006 no virus found
Aditional Information
File size: 53248 bytes
MD5: afc46df47e398d0b0bc4acdbd4ef94d4
SHA1: bd6df84399f0ff74a291c552b3bdcd4ba5d3b38f
-
Complete scanning result of "Telekom-Rechnung.pdf.exe", received in VirusTotal at 12.19.2006, 21:24:50 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.19 12.19.2006 TR/Dldr.EbayBill.L
Authentium 4.93.8 12.19.2006 W32/Downloader.gen2
Avast 4.7.892.0 12.19.2006 Win32:Nurech
AVG 386 12.19.2006 Downloader.Generic2.TTV
BitDefender 7.2 12.19.2006 Trojan.Downloader.Nurech.G
[B]CAT-QuickHeal 8.00 12.19.2006 no virus found[/B]
ClamAV devel-20060426 12.19.2006 Trojan.Small-373
[B]DrWeb 4.33 12.19.2006 no virus found[/B]
[B]eSafe 7.0.14.0 12.19.2006 no virus found[/B]
eTrust-InoculateIT 23.73.89 12.19.2006 Win32/SillyDL.3ev!Trojan
eTrust-Vet 30.3.3262 12.19.2006 Win32/DlWreck.AW
Ewido 4.0 12.19.2006 Downloader.Nurech.g
Fortinet 2.82.0.0 12.19.2006 W32/Yabe.W!tr.dldr
F-Prot 3.16f 12.15.2006 W32/Downloader.gen2
F-Prot4 4.2.1.29 12.19.2006 W32/Downloader.gen2
Ikarus T3.1.0.27 12.19.2006 Trojan-Downloader.Win32.Nurech.g
Kaspersky 4.0.2.24 12.19.2006 Trojan-Downloader.Win32.Nurech.g
McAfee 4922 12.19.2006 Downloader-AAP
Microsoft 1.1904 12.19.2006 TrojanDownloader:Win32/Agent.ET
NOD32v2 1928 12.19.2006 Win32/TrojanDownloader.Agent.UF
Norman 5.80.02 12.19.2006 W32/DLoader.BCTW
Panda 9.0.0.4 12.19.2006 Trj/Cimuz.BE
[B]Prevx1 V2 12.19.2006 no virus found[/B]
Sophos 4.12.0 12.18.2006 Troj/Clagger-AG
[B]Sunbelt 2.2.907.0 12.18.2006 no virus found[/B]
TheHacker 6.0.3.134 12.18.2006 Trojan/Downloader.Nurech.g
UNA 1.83 12.19.2006 TrojanDownloader.Win32.Nurech.C43F
VBA32 3.11.1 12.19.2006 Trojan-Downloader.Win32.Nurech.g
VirusBuster 4.3.19:9 12.19.2006 Trojan.DL.Nurech.H
Вот так облажался DrWeb... Этого старого трояна, который сегодня снова был массово разослан по Германии, скоро, думаю, даже "антивирус Калинина" будет детектить... :D
-
Complete scanning result of "setup.exe", received in VirusTotal at 12.20.2006, 17:11:52 (CET).
Antivirus Version Update Result
[B]AntiVir 7.3.0.19 12.20.2006 TR/Proxy.Horst.Gen[/B]
Authentium 4.93.8 12.20.2006 no virus found
Avast 4.7.892.0 12.20.2006 no virus found
AVG 386 12.19.2006 no virus found
[B]BitDefender 7.2 12.20.2006 DeepScan:Generic.Horst.86744D0E[/B]
CAT-QuickHeal 8.00 12.20.2006 no virus found
ClamAV devel-20060426 12.20.2006 no virus found
DrWeb 4.33 12.20.2006 no virus found
[B]eSafe 7.0.14.0 12.19.2006 suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.91 12.20.2006 no virus found
eTrust-Vet 30.3.3264 12.20.2006 no virus found
Ewido 4.0 12.20.2006 no virus found
Fortinet 2.82.0.0 12.20.2006 no virus found
F-Prot 3.16f 12.20.2006 no virus found
F-Prot4 4.2.1.29 12.20.2006 no virus found
Ikarus T3.1.0.27 12.20.2006 no virus found
[B]Kaspersky 4.0.2.24 12.20.2006 Trojan-Proxy.Win32.Horst.te
McAfee 4922 12.19.2006 BackDoor-CMQ.gen[/B]
Microsoft 1.1904 12.20.2006 no virus found
NOD32v2 1931 12.20.2006 no virus found
[B]Norman 5.80.02 12.20.2006 W32/Malware
Panda 9.0.0.4 12.19.2006 Suspicious file[/B]
Prevx1 V2 12.20.2006 no virus found
[B]Sophos 4.12.0 12.18.2006 Mal/Behav-080[/B]
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.135 12.20.2006 no virus found
UNA 1.83 12.19.2006 no virus found
[B]VBA32 3.11.1 12.20.2006 MalwareScope.Trojan-Proxy.Horst.1[/B]
VirusBuster 4.3.19:9 12.20.2006 no virus found
Aditional Information
File size: 49664 bytes
MD5: 7653755c2c370f2f9e8ec0b59d7de106
SHA1: 9ea051fa7c8dfcd7163afd3b2a2da4d229a03c6a
packers: UPX
packers: UPX
packers: UPX
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email][email protected][/email] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Decompressing UPX.
* File length: 49664 bytes.
[ Process/window information ]
* Modifies other process memory.
* Modifies execution flow of a remote process.
-
Complete scanning result of "output.exe", received in VirusTotal at 12.20.2006, 22:09:52 (CET).
Antivirus Version Update Result
[B]AntiVir 7.3.0.19 12.20.2006 DR/Delphi.Gen[/B]
Authentium 4.93.8 12.20.2006 no virus found
Avast 4.7.892.0 12.20.2006 no virus found
AVG 386 12.20.2006 no virus found
BitDefender 7.2 12.20.2006 no virus found
[B]CAT-QuickHeal 8.00 12.20.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 12.20.2006 Trojan.Delf-293[/B]
DrWeb 4.33 12.20.2006 no virus found
[B]eSafe 7.0.14.0 12.19.2006 Suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.91 12.20.2006 no virus found
eTrust-Vet 30.3.3264 12.20.2006 no virus found
Ewido 4.0 12.20.2006 no virus found
[B]Fortinet 2.82.0.0 12.20.2006 suspicious[/B]
F-Prot 3.16f 12.20.2006 no virus found
F-Prot4 4.2.1.29 12.20.2006 no virus found
Ikarus T3.1.0.27 12.20.2006 no virus found
Kaspersky 4.0.2.24 12.20.2006 no virus found
McAfee 4923 12.20.2006 no virus found
Microsoft 1.1904 12.20.2006 no virus found
NOD32v2 1931 12.20.2006 no virus found
[B]Norman 5.80.02 12.20.2006 Suspicious_F.gen
Panda 9.0.0.4 12.20.2006 Suspicious file[/B]
Prevx1 V2 12.20.2006 no virus found
[B]Sophos 4.12.0 12.18.2006 Troj/Deldo-Gen
Sunbelt 2.2.907.0 12.18.2006 VIPRE.Suspicious[/B]
TheHacker 6.0.3.135 12.20.2006 no virus found
UNA 1.83 12.20.2006 no virus found
[B]VBA32 3.11.1 12.20.2006 MalwareScope.Trojan-Spy.BZub.1
VirusBuster 4.3.19:9 12.20.2006 novirus:Packed/FSG[/B]
Aditional Information
File size: 41498 bytes
MD5: 3426e99aad0ea528feb8d2bd55684930
SHA1: 7a7298c15d0f97d993f504cb1624d9dd7295153b
packers: FSG
packers: FSG
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
-
Только что пришло почтой:
Complete scanning result of "msg.ApKpfw", received in VirusTotal at 12.21.2006, 14:40:03 (CET).
Antivirus Version Update Result
[B]AntiVir 7.3.0.19 12.21.2006 no virus found[/B]
Authentium 4.93.8 12.21.2006 W32/Downloader.gen10
Avast 4.7.892.0 12.21.2006 Win32:Small-CFJ
AVG 386 12.20.2006 no virus found
BitDefender 7.2 12.21.2006 no virus found
CAT-QuickHeal 8.00 12.20.2006 no virus found
ClamAV devel-20060426 12.21.2006 no virus found
[B]DrWeb 4.33 12.21.2006 no virus found[/B]
eSafe 7.0.14.0 12.19.2006 no virus found
eTrust-InoculateIT 23.73.93 12.21.2006 no virus found
eTrust-Vet 30.3.3268 12.21.2006 no virus found
Ewido 4.0 12.21.2006 no virus found
Fortinet 2.82.0.0 12.21.2006 suspicious
F-Prot 3.16f 12.21.2006 W32/Downloader.gen10
F-Prot4 4.2.1.29 12.21.2006 W32/Downloader.gen10
Ikarus T3.1.0.27 12.21.2006 no virus found
[B]Kaspersky 4.0.2.24 12.21.2006 no virus found[/B]
McAfee 4923 12.20.2006 no virus found
Microsoft 1.1904 12.21.2006 no virus found
[B]NOD32v2 1932 12.20.2006 no virus found[/B]
Norman 5.80.02 12.20.2006 Suspicious_F.gen
Panda 9.0.0.4 12.21.2006 Suspicious file
Prevx1 V2 12.21.2006 no virus found
Sophos 4.12.0 12.21.2006 Mal/Packer
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.135 12.20.2006 no virus found
UNA 1.83 12.20.2006 no virus found
VBA32 3.11.1 12.20.2006 suspected of Downloader.Harnig.39
VirusBuster 4.3.19:9 12.21.2006 novirus:Packed/FSG
Aditional Information
File size: 10645 bytes
MD5: c0b6b8d350f718b63afdb9c329d754d2
SHA1: 3b1f7f0f16319fcb4ba8b55ec162fe6a3a858200
packers: FSG
packers: FSG
packers: FSG
-
Complete scanning result of "document1_zip_sfx.exe", received in VirusTotal at 12.21.2006, 17:58:13 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.19 12.21.2006 no virus found
Authentium 4.93.8 12.21.2006 no virus found
[B]Avast 4.7.892.0 12.21.2006 Win32:Delf-CAT[/B]
AVG 386 12.20.2006 no virus found
BitDefender 7.2 12.21.2006 no virus found
[B]CAT-QuickHeal 8.00 12.21.2006 (Suspicious) - DNAScan[/B]
ClamAV devel-20060426 12.21.2006 no virus found
DrWeb 4.33 12.21.2006 no virus found
eSafe 7.0.14.0 12.21.2006 no virus found
eTrust-InoculateIT 23.73.93 12.21.2006 no virus found
eTrust-Vet 30.3.3268 12.21.2006 no virus found
Ewido 4.0 12.21.2006 no virus found
Fortinet 2.82.0.0 12.21.2006 no virus found
F-Prot 3.16f 12.21.2006 no virus found
F-Prot4 4.2.1.29 12.21.2006 no virus found
[B]Ikarus T3.1.0.27 12.21.2006 Trojan-PSW.Win32.LdPinch.FI[/B]
Kaspersky 4.0.2.24 12.21.2006 no virus found
McAfee 4923 12.20.2006 no virus found
Microsoft 1.1904 12.21.2006 no virus found
NOD32v2 1933 12.21.2006 no virus found
Norman 5.80.02 12.21.2006 no virus found
[B]Panda 9.0.0.4 12.21.2006 Suspicious file[/B]
Prevx1 V2 12.21.2006 no virus found
Sophos 4.12.0 12.21.2006 no virus found
[B]Sunbelt 2.2.907.0 12.18.2006 VIPRE.Suspicious[/B]
TheHacker 6.0.3.135 12.20.2006 no virus found
UNA 1.83 12.20.2006 no virus found
[B]VBA32 3.11.1 12.20.2006 MalwareScope.Trojan-PSW.Pinch.2[/B]
VirusBuster 4.3.19:9 12.21.2006 no virus found
Aditional Information
File size: 49519 bytes
MD5: 052bb19f357ef961b89f0cae3ff61b22
SHA1: 91d2b1f347520af1afa90084b211d136f924c669
packers: UPX
packers: PECRYPT, UPX, BINARYRES
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
Оказался совсем и не Pinch, а [B]Net-Worm.Win32.Agent.b[/B] по KAV
-
Complete scanning result of "DSC_03546.exe", received in VirusTotal at 12.22.2006, 14:22:24 (CET).
[i]Antivirus Version Update Result[/i]
AntiVir 7.3.0.21 12.22.2006 TR/PSW.PdPinch.L.68
[COLOR="#ff0000"]Authentium 4.93.8 12.22.2006 no virus found
Avast 4.7.892.0 12.21.2006 no virus found
AVG 386 12.21.2006 no virus found[/COLOR]
BitDefender 7.2 12.22.2006 MemScan:Trojan.PWS.PdPinch.L
[COLOR="#ff0000"]CAT-QuickHeal 8.00 12.21.2006 no virus found
ClamAV devel-20060426 12.21.2006 no virus found[/COLOR]
DrWeb 4.33 12.22.2006 Trojan.MulDrop.4906
[COLOR="#ff0000"]eSafe 7.0.14.0 12.21.2006 no virus found
eTrust-InoculateIT 23.73.95 12.22.2006 no virus found
eTrust-Vet 30.3.3269 12.22.2006 no virus found
Ewido 4.0 12.22.2006 no virus found
Fortinet 2.82.0.0 12.22.2006 no virus found
F-Prot 3.16f 12.21.2006 no virus found
F-Prot4 4.2.1.29 12.21.2006 no virus found
Ikarus T3.1.0.27 12.22.2006 no virus found[/COLOR]
Kaspersky 4.0.2.24 12.22.2006 Trojan-PSW.Win32.LdPinch.bhg
[COLOR="#ff0000"]McAfee 4924 12.21.2006 no virus found
Microsoft 1.1904 12.22.2006 no virus found[/COLOR]
NOD32v2 1934 12.21.2006 a variant of Win32/PSW.LdPinch.NCB
Norman 5.80.02 12.22.2006 W32/EMailWorm.AR
Panda 9.0.0.4 12.22.2006 Suspicious file
[COLOR="#ff0000"]Prevx1 V2 12.22.2006 no virus found
Sophos 4.12.0 12.22.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.135 12.20.2006 no virus found
UNA 1.83 12.21.2006 no virus found
VBA32 3.11.1 12.21.2006 no virus found
VirusBuster 4.3.19:9 12.21.2006 no virus found[/COLOR]
Aditional Information
File size: 135542 bytes
MD5: d7f8adcf172a47399f9b174fdc3b9a07
SHA1: d368ce2e8ed5a91bd8219d44270ca5cd86bb6c1f
-
Complete scanning result of "sp_m2_v127_333.exe", received in VirusTotal at 12.22.2006, 23:01:43 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.21 12.22.2006 TR/Spambot.BXE
Authentium 4.93.8 12.22.2006 no virus found
Avast 4.7.892.0 12.21.2006 no virus found
AVG 386 12.22.2006 Proxy.JBD
BitDefender 7.2 12.22.2006 Trojan.Spambot.BXE
CAT-QuickHeal 8.00 12.22.2006 TrojanProxy.Dlena.bd
ClamAV devel-20060426 12.22.2006 no virus found
DrWeb 4.33 12.22.2006 no virus found
eSafe 7.0.14.0 12.21.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.95 12.22.2006 no virus found
eTrust-Vet 30.3.3269 12.22.2006 no virus found
Ewido 4.0 12.22.2006 Proxy.Dlena.bd
Fortinet 2.82.0.0 12.22.2006 no virus found
F-Prot 3.16f 12.22.2006 no virus found
F-Prot4 4.2.1.29 12.21.2006 no virus found
Ikarus T3.1.0.27 12.22.2006 Trojan.Spambot.BXE
Kaspersky 4.0.2.24 12.22.2006 Trojan-Proxy.Win32.Dlena.bd
McAfee 4925 12.22.2006 no virus found
Microsoft 1.1904 12.22.2006 no virus found
[B]NOD32v2 1935 12.22.2006 no virus found[/B]
Norman 5.80.02 12.22.2006 no virus found
Panda 9.0.0.4 12.22.2006 no virus found
Prevx1 V2 12.22.2006 Trojan.RPCC.Payload
Sophos 4.12.0 12.22.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.135 12.20.2006 Trojan/Proxy.Dlena.bd
UNA 1.83 12.22.2006 TrojanProxy.Win32.Dlena.2A57
VBA32 3.11.1 12.22.2006 no virus found
VirusBuster 4.3.19:9 12.22.2006 no virus found
Aditional Information
File size: 30720 bytes
MD5: a178ae2b44868723792f80452414ce6c
SHA1: 07cc219c6bc321e115e597449f0eb78dc5e98b76
Prevx info: [url]http://fileinfo.prevx.com/fileinfo.asp?PXC=a0b863369501[/url]
-
Complete scanning result of "postcard4.zip", received in VirusTotal at 12.25.2006, 13:07:03 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.21 12.24.2006 TR/Dldr.Stration.Gen
Authentium 4.93.8 12.22.2006 W32/Warezov.gen3!W32DL
Avast 4.7.892.0 12.21.2006 no virus found
AVG 386 12.25.2006 Downloader.Generic3.EAT
BitDefender 7.2 12.25.2006 Generic.Malware.dld!!.FDC38EE1
CAT-QuickHeal 8.00 12.23.2006 no virus found
ClamAV devel-20060426 12.25.2006 Trojan.Downloader-326
DrWeb 4.33 12.25.2006 DLOADER.Trojan
eSafe 7.0.14.0 12.24.2006 no virus found
eTrust-InoculateIT 23.73.98 12.24.2006 no virus found
eTrust-Vet 30.3.3271 12.23.2006 no virus found
Ewido 4.0 12.25.2006 no virus found
Fortinet 2.82.0.0 12.25.2006 no virus found
F-Prot 3.16f 12.22.2006 W32/Warezov.gen3!W32DL
F-Prot4 4.2.1.29 12.22.2006 W32/Warezov.gen3!W32DL
Ikarus T3.1.0.27 12.25.2006 Win32.Outbreak
Kaspersky 4.0.2.24 12.25.2006 Trojan-Downloader.Win32.Small.edn
McAfee 4925 12.22.2006 no virus found
Microsoft 1.1904 12.25.2006 no virus found
NOD32v2 1938 12.25.2006 Win32/TrojanDownloader.Small.EDN
Norman 5.80.02 12.22.2006 W32/Downloader
Panda 9.0.0.4 12.24.2006 Suspicious file
Prevx1 V2 12.25.2006 no virus found
Sophos 4.12.0 12.24.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.136 12.24.2006 no virus found
UNA 1.83 12.22.2006 no virus found
VBA32 3.11.1 12.25.2006 suspected of Win32.Trojan.Downloader ([url]http://.[/url]..)
VirusBuster 4.3.19:9 12.25.2006 no virus found
Aditional Information
File size: 1401 bytes
MD5: 8e87e3a0a92210a5aecbc8aec70a79f3
SHA1: a08fd3506dae5ae8df4b903ef5ab3595814283bd
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email][email protected][/email] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* File length: 3588 bytes.
[ Changes to filesystem ]
* Creates file C:WINDOWSmodule.exe.
[ Network services ]
* Opens URL: hххp://www6.easeruikingandefunjs.com/chr/893/nt.exe.
[ Security issues ]
* Starting downloaded file - potential security problem.
Complete scanning result of "nt.exe", received in VirusTotal at 12.25.2006, 13:10:33 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.21 12.24.2006 Worm/Stration.C
Authentium 4.93.8 12.22.2006 W32/Warezov.gen4
Avast 4.7.892.0 12.21.2006 no virus found
AVG 386 12.25.2006 I-Worm/Stration.BMS
BitDefender 7.2 12.25.2006 DeepScan:Generic.Malware.SFign!.59DD4136
CAT-QuickHeal 8.00 12.23.2006 no virus found
ClamAV devel-20060426 12.25.2006 Worm.Stration.WR
DrWeb 4.33 12.25.2006 no virus found
eSafe 7.0.14.0 12.24.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.98 12.24.2006 Win32/Stration.Variant!Worm
eTrust-Vet 30.3.3271 12.23.2006 Win32/Stration!generic
Ewido 4.0 12.25.2006 no virus found
Fortinet 2.82.0.0 12.25.2006 W32/Stration.DS@mm
F-Prot 3.16f 12.22.2006 W32/Warezov.gen4
F-Prot4 4.2.1.29 12.22.2006 W32/Warezov.gen4
Ikarus T3.1.0.27 12.25.2006 no virus found
Kaspersky 4.0.2.24 12.25.2006 Email-Worm.Win32.Warezov.fh
McAfee 4925 12.22.2006 no virus found
Microsoft 1.1904 12.25.2006 Win32/Stration.gen!dr
NOD32v2 1938 12.25.2006 Win32/Stration.UF
Norman 5.80.02 12.22.2006 W32/Malware
Panda 9.0.0.4 12.24.2006 no virus found
Prevx1 V2 12.25.2006 Win32.Malware.gen
Sophos 4.12.0 12.24.2006 W32/Strati-Gen
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.136 12.24.2006 W32/Warezov.hb
UNA 1.83 12.22.2006 no virus found
VBA32 3.11.1 12.25.2006 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.19:9 12.25.2006 no virus found
Aditional Information
File size: 89088 bytes
MD5: 5f7a2d9bc74fa5ad8727dc65572581e5
SHA1: f7ed50ce05b6ca252cb8a17f58671277d070078b
packers: UPX
packers: UPX
packers: UPX
packers: UPX, embedded
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email][email protected][/email] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Decompressing UPX.
* File length: 89088 bytes.
[ Changes to filesystem ]
* Creates file C:WINDOWSwqpd32.exe.
* Creates file C:WINDOWSwqpd32.dat.
* Creates file C:WINDOWSSYSTEM32e1.dll.
[ Changes to registry ]
* Creates value "wqpd32"="C:WINDOWSwqpd32.exe s" in key "HKLMSoftwareMicrosoftWindowsCurrentVersionRun".
[ Process/window information ]
* Will automatically restart after boot (I'll be back...).
* Enumerates running processes.
* Modifies other process memory.
* Creates a remote thread.
Prevx info: [url]http://fileinfo.prevx.com/fileinfo.asp?PXC=c4ad65554348[/url]
-
Complete scanning result of "win32update.exe", received in VirusTotal at 12.27.2006, 09:04:22 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.21 12.27.2006 TR/Proxy.Agent.HD.18
Authentium 4.93.8 12.22.2006 no virus found
Avast 4.7.892.0 12.21.2006 Win32:Agent-DCJ
AVG 386 12.26.2006 Proxy.CEA
BitDefender 7.2 12.27.2006 Trojan.Proxy.Agent.ED
CAT-QuickHeal 8.00 12.26.2006 no virus found
ClamAV devel-20060426 12.26.2006 no virus found
DrWeb 4.33 12.27.2006 Trojan.Proxy.870
eSafe 7.0.14.0 12.26.2006 no virus found
eTrust-InoculateIT 23.73.99 12.27.2006 no virus found
eTrust-Vet 30.3.3271 12.23.2006 Win32/SillyProxy.AV
Ewido 4.0 12.26.2006 Proxy.Agent.hd
Fortinet 2.82.0.0 12.27.2006 W32/Agent.HD!tr
F-Prot 3.16f 12.22.2006 no virus found
F-Prot4 4.2.1.29 12.22.2006 generic
Ikarus T3.1.0.27 12.27.2006 Trojan-Proxy.Win32.Agent.hd
Kaspersky 4.0.2.24 12.27.2006 Trojan-Proxy.Win32.Agent.hd
McAfee 4926 12.26.2006 no virus found
Microsoft 1.1904 12.27.2006 TrojanProxy:Win32/Agent.IN
NOD32v2 1939 12.26.2006 a variant of Win32/TrojanProxy.Ranky
Norman 5.80.02 12.26.2006 W32/Agent.AHUU
Panda 9.0.0.4 12.27.2006 Adware/WUpd
Prevx1 V2 12.27.2006 Covert.Sys.Exec
Sophos 4.13.0 12.26.2006 Troj/Ranck-Gen
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.136 12.24.2006 no virus found
UNA 1.83 12.26.2006 TrojanProxy.Win32.Agent.B86C
VBA32 3.11.1 12.26.2006 Trojan-Proxy.Win32.Agent.hd
VirusBuster 4.3.19:9 12.26.2006 no virus found
Aditional Information
File size: 188494 bytes
MD5: 3d533d78a26c13e4ce1fef680c6ddd6a
SHA1: 04f6cba0023b1167cef0fe4aa5f4dbcf0489316d
Prevx info: [url]http://fileinfo.prevx.com/fileinfo.asp?PXC=70a316676736[/url]
-
Complete scanning result of "Savicheva_XXX.exe", received in VirusTotal at 12.28.2006, 06:42:52 (CET).
Antivirus Version Update Result
[B]AntiVir 7.3.0.21 12.27.2006 HEUR/Crypted[/B]
Authentium 4.93.8 12.27.2006 no virus found
Avast 4.7.892.0 12.21.2006 no virus found
AVG 386 12.28.2006 no virus found
[B]BitDefender 7.2 12.28.2006 MemScan:Trojan.PWS.PdPinch.L
CAT-QuickHeal 8.00 12.27.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 12.27.2006 Trojan.Dropper.Agent-106
DrWeb 4.33 12.27.2006 Trojan.PWS.LDPinch.1217
eSafe 7.0.14.0 12.26.2006 Suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.100 12.28.2006 no virus found
eTrust-Vet 30.3.3283 12.27.2006 no virus found
Ewido 4.0 12.27.2006 no virus found
Fortinet 2.82.0.0 12.27.2006 no virus found
F-Prot 3.16f 12.22.2006 no virus found
F-Prot4 4.2.1.29 12.22.2006 no virus found
Ikarus T3.1.0.27 12.28.2006 no virus found
[B]Kaspersky 4.0.2.24 12.28.2006 Trojan-PSW.Win32.LdPinch.bgj[/B]
McAfee 4927 12.27.2006 no virus found
[B]Microsoft 1.1904 12.27.2006 Win32/Ldpinch
NOD32v2 1941 12.28.2006 a variant of Win32/PSW.LdPinch.NCB[/B]
Norman 5.80.02 12.27.2006 no virus found
[B]Panda 9.0.0.4 12.28.2006 Suspicious file[/B]
Prevx1 V2 12.28.2006 no virus found
Sophos 4.13.0 12.26.2006 no virus found
[B]Sunbelt 2.2.907.0 12.18.2006 VIPRE.Suspicious[/B]
TheHacker 6.0.3.138 12.28.2006 no virus found
UNA 1.83 12.27.2006 no virus found
[B]VBA32 3.11.1 12.27.2006 MalwareScope.Trojan-PSW.Pinch.1[/B]
VirusBuster 4.3.19:9 12.27.2006 no virus found
Aditional Information
File size: 32256 bytes
MD5: 365a362e1022ee45f45d50fcbb6f177c
SHA1: 5421f84286dee6008cbf395fee3c00086104b216
packers: PECOMPACT
packers: PecBundle, PECompact
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
-
Complete scanning result of "setup.exe", received in VirusTotal at 12.29.2006, 20:48:24 (CET).
Antivirus Version Update Result
[B]AntiVir 7.3.0.21 12.29.2006 TR/Proxy.Horst.Gen[/B]
Authentium 4.93.8 12.29.2006 no virus found
Avast 4.7.892.0 12.21.2006 no virus found
[B]AVG 386 12.29.2006 Proxy.26.M
BitDefender 7.2 12.29.2006 DeepScan:Generic.Horst.7E87FB89[/B]
CAT-QuickHeal 8.00 12.29.2006 no virus found
ClamAV devel-20060426 12.29.2006 no virus found
DrWeb 4.33 12.29.2006 no virus found
[B]eSafe 7.0.14.0 12.28.2006 suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.101 12.29.2006 no virus found
[B]eTrust-Vet 30.3.3289 12.29.2006 Win32/Boxed!generic[/B]
Ewido 4.0 12.29.2006 no virus found
Fortinet 2.82.0.0 12.29.2006 no virus found
F-Prot 3.16f 12.29.2006 no virus found
F-Prot4 4.2.1.29 12.29.2006 no virus found
Ikarus T3.1.0.27 12.29.2006 no virus found
[B]Kaspersky 4.0.2.24 12.29.2006 Trojan-Proxy.Win32.Horst.gen[/B]
[B]McAfee 4929 12.29.2006 BackDoor-CMQ.dldr[/B]
Microsoft 1.1904 12.27.2006 no virus found
NOD32v2 1946 12.29.2006 no virus found
[B]Norman 5.80.02 12.29.2006 W32/Malware
Panda 9.0.0.4 12.29.2006 Suspicious file[/B]
Prevx1 V2 12.29.2006 no virus found
[B]Sophos 4.13.0 12.28.2006 Mal/Behav-080[/B]
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
[B]VBA32 3.11.1 12.29.2006 MalwareScope.Trojan-Proxy.Horst.1[/B]
VirusBuster 4.3.19:9 12.29.2006 no virus found
Aditional Information
File size: 42496 bytes
MD5: 7b429cc811c739822ddf355494637a2a
SHA1: 66452cb3ef2c65338d19f4eb732d550639d7f711
packers: UPX
packers: UPX
packers: UPX
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email][email protected][/email] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Decompressing UPX.
* File length: 42496 bytes.
[ Process/window information ]
* Modifies other process memory.
* Modifies execution flow of a remote process.
-
Complete scanning result of "__________ICQ.exe", received in VirusTotal at 12.29.2006, 21:44:08 (CET).
Antivirus Version Update Result
[B]AntiVir 7.3.0.21 12.29.2006 HEUR/Crypted[/B]
Authentium 4.93.8 12.29.2006 no virus found
Avast 4.7.892.0 12.21.2006 no virus found
AVG 386 12.29.2006 no virus found
[B]BitDefender 7.2 12.29.2006 MemScan:Trojan.PWS.PdPinch.L
CAT-QuickHeal 8.00 12.29.2006 (Suspicious) - DNAScan[/B]
ClamAV devel-20060426 12.29.2006 no virus found
[B]DrWeb 4.33 12.29.2006 Trojan.PWS.LDPinch.1217[/B]
eSafe 7.0.14.0 12.28.2006 no virus found
eTrust-InoculateIT 23.73.101 12.29.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
[B]Ewido 4.0 12.29.2006 Trojan.LdPinch.bet[/B]
Fortinet 2.82.0.0 12.29.2006 suspicious
F-Prot 3.16f 12.29.2006 no virus found
F-Prot4 4.2.1.29 12.29.2006 no virus found
[B]Ikarus T3.1.0.27 12.29.2006 Trojan-PSW.Win32.LdPinch.apk
Kaspersky 4.0.2.24 12.29.2006 Trojan-PSW.Win32.LdPinch.bgj[/B]
McAfee 4929 12.29.2006 no virus found
[B]Microsoft 1.1904 12.27.2006 Win32/Ldpinch
NOD32v2 1946 12.29.2006 a variant of Win32/PSW.LdPinch.NCB[/B]
Norman 5.80.02 12.29.2006 no virus found
[B]Panda 9.0.0.4 12.29.2006 Suspicious file[/B]
Prevx1 V2 12.29.2006 no virus found
Sophos 4.13.0 12.28.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
[B]VBA32 3.11.1 12.29.2006 MalwareScope.Trojan-PSW.Pinch.[/B]4
VirusBuster 4.3.19:9 12.29.2006 no virus found
Aditional Information
File size: 48057 bytes
MD5: 3aa158d23b0e149bb2cfbd5186b36f79
SHA1: 25fdda6cf8a1f41289c16c188acc03fc10ab7573
-
307
[QUOTE=Winsent;89475]Complete scanning result of "__________ICQ.exe", received in VirusTotal at 12.29.2006, 21:44:08 (CET).[/QUOTE]
То же самое в 305 топике.
-
Complete scanning result of "DCOMgui.zip", received in VirusTotal at 12.30.2006, 09:05:23 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.21 12.29.2006 no virus found
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 Win32:Interlac-B
AVG 386 12.29.2006 no virus found
BitDefender 7.2 12.30.2006 no virus found
CAT-QuickHeal 8.00 12.29.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 12.30.2006 no virus found
DrWeb 4.33 12.30.2006 BackDoor.Pigeon.516
eSafe 7.0.14.0 12.30.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.29.2006 Dropper.Interlac.10.b
Fortinet 2.82.0.0 12.30.2006 suspicious
F-Prot 3.16f 12.29.2006 no virus found
F-Prot4 4.2.1.29 12.29.2006 no virus found
Ikarus T3.1.0.27 12.30.2006 Backdoor.Win32.Hupigon.BV
Kaspersky 4.0.2.24 12.30.2006 Trojan-Dropper.Win32.Interlac.10.b
McAfee 4929 12.29.2006 New Malware.u
Microsoft 1.1904 12.27.2006 no virus found
NOD32v2 1947 12.30.2006 no virus found
Norman 5.80.02 12.29.2006 no virus found
Panda 9.0.0.4 12.30.2006 Suspicious file
Prevx1 V2 12.30.2006 no virus found
Sophos 4.13.0 12.28.2006 Mal/Packer
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 12.29.2006 no virus found
VirusBuster 4.3.19:9 12.29.2006 novirus:Packed/NSPack
Aditional Information
File size: 257436 bytes
MD5: 860e5b99b176b3120388234cdfb632d6
SHA1: 0f35491c52a52e2f5d192910ee61beb2afa068b0
packers: NsPack, Morphine
packers: NSPack, PE_Patch
-
Это письмо, в нём postcard.exe. На момент проверки Доктор зверя уже знал, а на момент прохождения ещё нет, и письмо я просто глазом в ящике нашёл.
[quote]Complete scanning result of "mzukh_completepkgltd.com_111_3731", received in VirusTotal at 12.30.2006, 10:53:32 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.21 12.30.2006 TR/Dldr.Tibs.JZ
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.29.2006 Downloader.Tibs
BitDefender 7.2 12.30.2006 no virus found
CAT-QuickHeal 8.00 12.29.2006 no virus found
ClamAV devel-20060426 12.30.2006 Trojan.Downloader-390
DrWeb 4.33 12.30.2006 Win32.Dref
eSafe 7.0.14.0 12.30.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 Win32/Tibs!generic
Ewido 4.0 12.29.2006 no virus found
Fortinet 2.82.0.0 12.30.2006 suspicious
F-Prot 3.16f 12.29.2006 no virus found
F-Prot4 4.2.1.29 12.29.2006 no virus found
Ikarus T3.1.0.27 12.30.2006 Trojan-Downloader.Win32.Tibs.jy
Kaspersky 4.0.2.24 12.30.2006 Trojan-Downloader.Win32.Tibs.jy
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 12.27.2006 no virus found
NOD32v2 1947 12.30.2006 no virus found
Norman 5.80.02 12.29.2006 no virus found
Panda 9.0.0.4 12.30.2006 no virus found
Prevx1 V2 12.30.2006 no virus found
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 12.29.2006 no virus found
VirusBuster 4.3.19:9 12.29.2006 Trojan.DL.Tibs.Gen!Pac10
Aditional Information
File size: 25146 bytes
MD5: 1ae86f854f959af0ca40007aad1f9ee1
SHA1: 6e474a99c0cd3c85186b1b1a387eb483a7419eb8[/quote]
-
Complete scanning result of "cheker.exe", received in VirusTotal at 12.30.2006, 11:02:21 (CET).
Antivirus Version Update Result
[B]AntiVir 7.3.0.21 12.30.2006 HEUR/Crypted[/B]
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.29.2006 no virus found
[B]BitDefender 7.2 12.30.2006 BehavesLike:Trojan.ShellObject[/B]
[B]CAT-QuickHeal 8.00 12.29.2006 (Suspicious) - DNAScan[/B]
ClamAV devel-20060426 12.30.2006 no virus found
DrWeb 4.33 12.30.2006 no virus found
[B]eSafe 7.0.14.0 12.30.2006 suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.29.2006 no virus found
Fortinet 2.82.0.0 12.30.2006 suspicious
F-Prot 3.16f 12.29.2006 no virus found
[B]F-Prot4 4.2.1.29 12.29.2006 generic[/B]
Ikarus T3.1.0.27 12.30.2006 no virus found
Kaspersky 4.0.2.24 12.30.2006 no virus found
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 12.27.2006 no virus found
NOD32v2 1947 12.30.2006 no virus found
Norman 5.80.02 12.29.2006 no virus found
[B]Panda 9.0.0.4 12.30.2006 Suspicious file[/B]
Prevx1 V2 12.30.2006 no virus found
Sophos 4.13.0 12.30.2006 no virus found
[B]Sunbelt 2.2.907.0 12.18.2006 VIPRE.Suspicious[/B]
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
[B]VBA32 3.11.1 12.29.2006 Trojan.PWS.Wmsender[/B]
VirusBuster 4.3.19:9 12.29.2006 no virus found
Aditional Information
File size: 11232 bytes
MD5: d3ccd699d4a6726795b2037635d79a35
SHA1: 1d6cc5d4ab10ad7eded76d672d41d2f0cac56e9b
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
[QUOTE=gines;89510]То же самое в 305 топике.[/QUOTE]
Размер разный, детектят не все что в прошлый раз. Название только такое же
-
[QUOTE=Winsent;89521]
Размер разный, детектят не все что в прошлый раз. Название только такое же[/QUOTE]
Размер, по-моему, не показатель. Первый вроде как сжат. Но, если всё-таки это две разновидности, то странно, что и касперский и доктор веб присвоили им одинаковые имена.
-
AntiVir 7.3.0.21 12.30.2006 TR/Dldr.Tibs.JY.A
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.30.2006 Downloader.Tibs
BitDefender 7.2 12.30.2006 GenPack:Trojan.Downloader.Agent.YC
CAT-QuickHeal 8.00 12.29.2006 no virus found
ClamAV devel-20060426 12.30.2006 Trojan.Small-914
DrWeb 4.33 12.30.2006 Win32.Dref
eSafe 7.0.14.0 12.30.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 Win32/Tibs!generic
Ewido 4.0 12.30.2006 no virus found
Fortinet 2.82.0.0 12.30.2006 suspicious
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
Ikarus T3.1.0.27 12.30.2006 Trojan-Downloader.Win32.Tibs.jy
Kaspersky 4.0.2.24 12.30.2006 Trojan-Downloader.Win32.Tibs.jy
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 12.30.2006 no virus found
NOD32v2 1949 12.30.2006 Win32/Nuwar.M
Norman 5.80.02 12.29.2006 no virus found
Panda 9.0.0.4 12.30.2006 Trj/Alanchum.MU
Prevx1 V2 12.30.2006 Spyware.VirusBurst
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 Trojan/Downloader.Generic
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 12.30.2006 no virus found
VirusBuster 4.3.19:9 12.30.2006 Trojan.DL.Tibs.Gen!Pac10
Aditional Information
File size: 54423 bytes
MD5: 80250d4b948dfb40013cedfa1261a997
SHA1: a01f706c20c2110394dd27d4eda33268844c8148
Prevx info: [url]http://fileinfo.prevx.com/fileinfo.asp?PXC=b20f66499269[/url]
-
Antivirus Version Update Result
[B]AntiVir 7.3.0.21 12.30.2006 HEUR/Crypted[/B]
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.30.2006 no virus found
[B]BitDefender 7.2 12.31.2006 DeepScan:Generic.PWStealer.A02C0538[/B]
CAT-QuickHeal 8.00 12.31.2006 no virus found
ClamAV devel-20060426 12.30.2006 no virus found
DrWeb 4.33 12.31.2006 no virus found
[B]eSafe 7.0.14.0 12.30.2006 suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.30.2006 no virus found
Fortinet 2.82.0.0 12.31.2006 suspicious
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
[B]Ikarus T3.1.0.27 12.31.2006 Trojan-PSW.Win32.LdPinch.apk
Kaspersky 4.0.2.24 12.31.2006 Trojan-PSW.Win32.LdPinch.bik[/B]
McAfee 4929 12.29.2006 no virus found
[B]Microsoft 1.1904 12.31.2006 Win32/Ldpinch
NOD32v2 1949 12.30.2006 Win32/PSW.LdPinch.NCS[/B]
Norman 5.80.02 12.29.2006 no virus found
Panda 9.0.0.4 12.30.2006 Suspicious file
Prevx1 V2 12.31.2006 no virus found
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
[B]VBA32 3.11.1 12.30.2006 MalwareScope.Trojan-PSW.Pinch.1[/B]
VirusBuster 4.3.19:9 12.30.2006 no virus found
Aditional Information
File size: 25600 bytes
MD5: 6c548c3a41bccae7c7cd75ef34a2b12c
SHA1: 0b46fee4995c0cb1cd3229f56f6a0676ba9117c9
packers: UPX
packers: UPX
packers: UPX
-
Antivirus Version Update Result
[B]AntiVir 7.3.0.21 12.30.2006 HEUR/Crypted[/B]
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.30.2006 no virus found
[B]BitDefender 7.2 12.31.2006 DeepScan:Generic.PWStealer.9D8B9DC6[/B]
CAT-QuickHeal 8.00 12.31.2006 no virus found
ClamAV devel-20060426 12.30.2006 no virus found
DrWeb 4.33 12.31.2006 no virus found
[B]eSafe 7.0.14.0 12.30.2006 suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.30.2006 no virus found
[B]Fortinet 2.82.0.0 12.31.2006 suspicious[/B]
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
[B]Ikarus T3.1.0.27 12.31.2006 Trojan-PSW.Win32.LdPinch.apk[/B]
Kaspersky 4.0.2.24 12.31.2006 no virus found
McAfee 4929 12.29.2006 no virus found
[B]Microsoft 1.1904 12.31.2006 Win32/Ldpinch[/B]
NOD32v2 1949 12.30.2006 no virus found
Norman 5.80.02 12.29.2006 no virus found
[B]Panda 9.0.0.4 12.30.2006 Suspicious file[/B]
Prevx1 V2 12.31.2006 no virus found
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
[B]VBA32 3.11.1 12.30.2006 MalwareScope.Trojan-PSW.Pinch.1[/B]
VirusBuster 4.3.19:9 12.30.2006 no virus found
Aditional Information
File size: 53248 bytes
MD5: 55ceb3fdc230b833e5f3a9aa84d1120b
SHA1: e5f2a7463b0bcbf8383fa87925f027cd4e3ab7d7
packers: UPX
packers: UPX
packers: UPX
-
Complete scanning result of "1.exe", received in VirusTotal at 12.31.2006, 14:20:09 (CET).
Antivirus Version Update Result
[B]AntiVir 7.3.0.21 12.30.2006 HEUR/Malware[/B]
[B]Authentium 4.93.8 12.30.2006 W32/Warezov.gen4[/B]
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.30.2006 no virus found
[B]BitDefender 7.2 12.31.2006 DeepScan:Generic.Sdbot.01ACBA66[/B]
CAT-QuickHeal 8.00 12.31.2006 no virus found
ClamAV devel-20060426 12.31.2006 no virus found
DrWeb 4.33 12.31.2006 no virus found
[B]eSafe 7.0.14.0 12.31.2006 suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.31.2006 no virus found
[B]Fortinet 2.82.0.0 12.31.2006 suspicious[/B]
[B]F-Prot 3.16f 12.30.2006 W32/Warezov.gen4[/B]
[B]F-Prot4 4.2.1.29 12.30.2006 W32/Warezov.gen4[/B]
[B]Ikarus T3.1.0.27 12.31.2006 Trojan-PSW.Win32.LdPinch.apk[/B]
Kaspersky 4.0.2.24 12.31.2006 no virus found
McAfee 4929 12.29.2006 no virus found
[B]Microsoft 1.1904 12.31.2006 Win32/Ldpinch[/B]
NOD32v2 1949 12.30.2006 no virus found
Norman 5.80.02 12.31.2006 no virus found
[B]Panda 9.0.0.4 12.31.2006 Suspicious file[/B]
Prevx1 V2 12.31.2006 no virus found
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
[B]VBA32 3.11.1 12.30.2006 MalwareScope.Trojan-PSW.Pinch.1[/B]
VirusBuster 4.3.19:9 12.30.2006 no virus found
Aditional Information
File size: 30720 bytes
MD5: 3945ca8dc0b7cfe4e568b22d23b78223
SHA1: 41f7fb7bd794c0f13172aa318d164fe120697fa9
packers: UPX
packers: UPX
packers: UPX
packers: UPX
Шло вместе с поющим Путиным :D Ушло в вирлаб ЛК
-
Complete scanning result of "maxsetup.1307.exe", received in VirusTotal at 01.01.2007, 18:56:32 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.21 12.31.2006 DR/Zlob.Gen
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.01.2007 Downloader.Zlob.FWR
BitDefender 7.2 01.01.2007 Trojan.Zlob.GT
CAT-QuickHeal 8.00 01.01.2007 TrojanDownloader.Zlob.gen
ClamAV devel-20060426 01.01.2007 Trojan.Downloader.Zlob-545
DrWeb 4.33 12.31.2006 no virus found
eSafe 7.0.14.0 01.01.2007 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 01.01.2007 no virus found
Fortinet 2.82.0.0 01.01.2007 suspicious
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
Ikarus T3.1.0.27 01.01.2007 Trojan-Downloader.Win32.Zlob.ni
Kaspersky 4.0.2.24 01.01.2007 Trojan-Downloader.Win32.Zlob.bbr
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 12.31.2006 no virus found
NOD32v2 1950 01.01.2007 no virus found
Norman 5.80.02 12.31.2007 W32/Zlob.XJU
Panda 9.0.0.4 01.01.2007 no virus found
Prevx1 V2 01.01.2007 no virus found
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.141 01.01.2007 no virus found
VBA32 3.11.1 01.01.2007 no virus found
VirusBuster 4.3.19:9 01.01.2007 Trojan.DR.Zlob.Gen!Pac13
Aditional Information
File size: 60347 bytes
MD5: a7f0bb706da9e508014ba8b6579c9177
SHA1: 7e5421398dd8d363c38e09b48dc27121bca642c8
packers: UPX
packers: UPX, BINARYRES, BINARYRES
packers: UPX
-
Antivirus Version Update Result
[B]AntiVir 7.3.0.21 01.02.2007 HEUR/Crypted[/B]
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.01.2007 no virus found
[B]BitDefender 7.2 01.02.2007 MemScan:Trojan.PWS.PdPinch.L
CAT-QuickHeal 8.00 01.01.2007 (Suspicious) - DNAScan[/B]
ClamAV devel-20060426 01.01.2007 no virus found
[B]DrWeb 4.33 01.02.2007 Trojan.MulDrop.4896[/B]
eSafe 7.0.14.0 01.01.2007 no virus found
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3296 01.02.2007 no virus found
Ewido 4.0 01.01.2007 no virus found
[B]Fortinet 2.82.0.0 01.02.2007 suspicious[/B]
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
Ikarus T3.1.0.27 01.02.2007 no virus found
Kaspersky 4.0.2.24 01.02.2007 no virus found
[B]McAfee 4929 12.29.2006 New Win32[/B]
Microsoft 1.1904 01.02.2007 no virus found
[B]NOD32v2 1951 01.01.2007 a variant of Win32/PSW.LdPinch.NCB[/B]
Norman 5.80.02 12.31.2007 no virus found
[B]Panda 9.0.0.4 01.01.2007 Suspicious file[/B]
Prevx1 V2 01.02.2007 no virus found
[B]Sophos 4.13.0 01.01.2007 no virus found
Sunbelt 2.2.907.0 12.18.2006 VIPRE.Suspicious[/B]
TheHacker 6.0.3.141 01.01.2007 no virus found
[B]VBA32 3.11.1 01.01.2007 suspected of Embedded.MalwareScope.Trojan-PSW.Pinch.[/B]1
VirusBuster 4.3.19:9 01.01.2007 no virus found
Aditional Information
File size: 51200 bytes
MD5: 7d69316e4faa3e2dfc5ab4814e5e0781
SHA1: f9b1e2f20b12b9b3c33505b6ac79e4a4ea0295fd
packers: PECRYPT
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
-
Antivirus Version Update Result
[B]AntiVir 7.3.0.21 01.05.2007 HEUR/Crypted
Authentium 4.93.8 12.30.2006 W32/Warezov.gen4[/B]
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.05.2007 no virus found
BitDefender 7.2 01.06.2007 no virus found
CAT-QuickHeal 9.00 01.05.2007 no virus found
ClamAV devel-20060426 01.06.2007 no virus found
DrWeb 4.33 01.06.2007 no virus found
[B]eSafe 7.0.14.0 01.05.2007 suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.107 01.06.2007 no virus found
eTrust-Vet 30.3.3307 01.06.2007 no virus found
Ewido 4.0 01.05.2007 no virus found
[B]Fortinet 2.82.0.0 01.06.2007 suspicious[/B]
[B]F-Prot 3.16f 01.05.2007 W32/Warezov.gen4
F-Prot4 4.2.1.29 01.05.2007 W32/Warezov.gen4
Ikarus T3.1.0.27 01.06.2007 Trojan-PSW.Win32.LdPinch.apk[/B]
Kaspersky 4.0.2.24 01.06.2007 no virus found
McAfee 4933 01.05.2007 no virus found
[B]Microsoft 1.1904 01.06.2007 Win32/Ldpinch
NOD32v2 1959 01.05.2007 a variant of Win32/PSW.LdPinch.BIE[/B]
Norman 5.80.02 12.31.2007 no virus found
[B]Panda 9.0.0.4 01.05.2007 Suspicious file[/B]
Prevx1 V2 01.06.2007 no virus found
Sophos 4.13.0 01.05.2007 no virus found
Sunbelt 2.2.907.0 01.05.2007 no virus found
TheHacker 6.0.3.143 01.05.2007 no virus found
UNA 1.83 01.04.2007 no virus found
[B]VBA32 3.11.1 01.06.2007 MalwareScope.Trojan-PSW.Pinch.1[/B]
VirusBuster 4.3.19:9 01.05.2007 no virus found
Aditional Information
File size: 31232 bytes
MD5: 1e3fb61c39e4921d65c3435b5c55f7f0
SHA1: ab91df5eafbc2244c543097d2ba302d9fa97081c
packers: UPX
packers: UPX
packers: UPX
packers: UPX
-
Antivirus Version Update Result
[B]AntiVir 7.3.0.21 01.05.2007 TR/Proxy.Horst.Gen[/B]
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.05.2007 no virus found
BitDefender 7.2 01.06.2007 no virus found
CAT-QuickHeal 9.00 01.05.2007 no virus found
ClamAV devel-20060426 01.06.2007 no virus found
DrWeb 4.33 01.06.2007 no virus found
[B]eSafe 7.0.14.0 01.05.2007 suspicious Trojan/Worm[/B]
eTrust-InoculateIT 23.73.107 01.06.2007 no virus found
eTrust-Vet 30.3.3307 01.06.2007 no virus found
Ewido 4.0 01.05.2007 no virus found
[B]Fortinet 2.82.0.0 01.06.2007 suspicious
F-Prot 3.16f 01.05.2007 W32/Methodbod.gen2
F-Prot4 4.2.1.29 01.05.2007 W32/Methodbod.gen2[/B]
Ikarus T3.1.0.27 01.06.2007 no virus found
Kaspersky 4.0.2.24 01.06.2007 no virus found
McAfee 4933 01.05.2007 no virus found
Microsoft 1.1904 01.06.2007 no virus found
NOD32v2 1959 01.05.2007 no virus found
[B]Norman 5.80.02 12.31.2007 W32/Malware
Panda 9.0.0.4 01.05.2007 Suspicious file[/B]
Prevx1 V2 01.06.2007 no virus found
[B]Sophos 4.13.0 01.05.2007 Mal/Behav-080[/B]
Sunbelt 2.2.907.0 01.05.2007 no virus found
TheHacker 6.0.3.143 01.05.2007 no virus found
UNA 1.83 01.04.2007 no virus found
VBA32 3.11.1 01.06.2007 no virus found
VirusBuster 4.3.19:9 01.05.2007 no virus found
Aditional Information
File size: 40448 bytes
MD5: ea7cfb190fa77011adb15b6072fa33bd
SHA1: 62ebc531b0b44ad33d133f9ceaeadb6ad6d972d6
packers: UPX
packers: UPX
packers: UPX
packers: UPX
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email][email protected][/email] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Decompressing UPX.
* File length: 40448 bytes.
[ Process/window information ]
* Modifies other process memory.
* Modifies execution flow of a remote process.
Page generated in 0.01376 seconds with 10 queries