Исследование антивирусов 7

**olejah** · 14.07.2010, 08:56

Очередная порция раздела Помогите -

Файл c:\windows\system32\nssm.exe -

Антивирус Версия Обновление Результат
a-squared 5.0.0.31 2010.07.13 Trojan-Dropper.Small!IK
AhnLab-V3 2010.07.13.01 2010.07.13 -
AntiVir 8.2.4.10 2010.07.13 -
Antiy-AVL 2.0.3.7 2010.07.12 -
Authentium 5.2.0.5 2010.07.13 -
Avast 4.8.1351.0 2010.07.13 -
Avast5 5.0.332.0 2010.07.13 -
AVG 9.0.0.836 2010.07.13 -
BitDefender 7.2 2010.07.13 -
CAT-QuickHeal 11.00 2010.07.13 -
ClamAV 0.96.0.3-git 2010.07.13 -
Comodo 5417 2010.07.13 -
DrWeb 5.0.2.03300 2010.07.13 -
eSafe 7.0.17.0 2010.07.11 -
eTrust-Vet 36.1.7703 2010.07.13 -
F-Prot 4.6.1.107 2010.07.13 -
F-Secure 9.0.15370.0 2010.07.13 -
Fortinet 4.1.143.0 2010.07.13 -
GData 21 2010.07.13 -
Ikarus T3.1.1.84.0 2010.07.13 Trojan-Dropper.Small
Jiangmin 13.0.900 2010.07.13 -
Kaspersky 7.0.0.125 2010.07.13 -
McAfee 5.400.0.1158 2010.07.13 Artemis!1416B62E8A99
McAfee-GW-Edition 2010.1 2010.07.13 Artemis!1416B62E8A99
Microsoft 1.5902 2010.07.13 -
NOD32 5276 2010.07.13 probably a variant of Win32/Injector.CHG
Norman 6.05.11 2010.07.13 -
nProtect 2010-07-13.01 2010.07.13 -
Panda 10.0.2.7 2010.07.13 -
PCTools 7.0.3.5 2010.07.13 -
Prevx 3.0 2010.07.13 High Risk Cloaked Malware
Rising 22.56.01.04 2010.07.13 -
Sophos 4.55.0 2010.07.13 Mal/VBInject-T
Sunbelt 6575 2010.07.13 -
SUPERAntiSpyware 4.40.0.1006 2010.07.13 -
Symantec 20101.1.0.89 2010.07.13 -
TheHacker 6.5.2.1.313 2010.07.13 -
TrendMicro 9.120.0.1004 2010.07.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.13 -
VBA32 3.12.12.6 2010.07.13 -
ViRobot 2010.7.12.3932 2010.07.13 -
VirusBuster 5.0.27.0 2010.07.13 -

virustotal.com

Файл - c:\documents and settings\Администратор.e09f1fec3b0f47d\application data\netprotocol.exe -

Антивирус Версия Обновление Результат
a-squared 5.0.0.31 2010.07.14 -
AhnLab-V3 2010.07.14.00 2010.07.13 -
AntiVir 8.2.4.10 2010.07.13 -
Antiy-AVL 2.0.3.7 2010.07.12 -
Authentium 5.2.0.5 2010.07.14 -
Avast 4.8.1351.0 2010.07.13 -
Avast5 5.0.332.0 2010.07.13 -
AVG 9.0.0.836 2010.07.13 -
BitDefender 7.2 2010.07.14 -
CAT-QuickHeal 11.00 2010.07.14 -
ClamAV 0.96.0.3-git 2010.07.14 -
Comodo 5419 2010.07.14 Heur.Suspicious
DrWeb 5.0.2.03300 2010.07.14 -
eSafe 7.0.17.0 2010.07.11 -
eTrust-Vet 36.1.7704 2010.07.13 -
F-Prot 4.6.1.107 2010.07.14 -
F-Secure 9.0.15370.0 2010.07.14 -
Fortinet 4.1.143.0 2010.07.13 -
GData 21 2010.07.14 -
Ikarus T3.1.1.84.0 2010.07.14 -
Jiangmin 13.0.900 2010.07.13 -
Kaspersky 7.0.0.125 2010.07.14 -
McAfee 5.400.0.1158 2010.07.14 -
McAfee-GW-Edition 2010.1 2010.07.13 -
Microsoft 1.5902 2010.07.13 -
NOD32 5276 2010.07.13 a variant of Win32/Kryptik.FJT
Norman 6.05.11 2010.07.13 -
nProtect 2010-07-13.01 2010.07.13 -
Panda 10.0.2.7 2010.07.13 -
PCTools 7.0.3.5 2010.07.14 -
Prevx 3.0 2010.07.14 -
Rising 22.56.02.01 2010.07.14 -
Sophos 4.55.0 2010.07.14 -
Sunbelt 6578 2010.07.14 -
SUPERAntiSpyware 4.40.0.1006 2010.07.14 -
Symantec 20101.1.1.7 2010.07.14 -
TheHacker 6.5.2.1.313 2010.07.13 -
TrendMicro 9.120.0.1004 2010.07.14 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.14 -
VBA32 3.12.12.6 2010.07.13 -
ViRobot 2010.7.12.3932 2010.07.14 -
VirusBuster 5.0.27.0 2010.07.13 -

virustotal.com/

Файл - c:\documents and settings\all users.windows\media\kasper_zaebal.exe -

Антивирус Версия Обновление Результат
a-squared 5.0.0.31 2010.07.12 -
AhnLab-V3 2010.07.10.00 2010.07.09 -
AntiVir 8.2.4.10 2010.07.12 -
Antiy-AVL 2.0.3.7 2010.07.12 -
Authentium 5.2.0.5 2010.07.11 -
Avast 4.8.1351.0 2010.07.12 -
Avast5 5.0.332.0 2010.07.12 Win32:SuspBehav-D
AVG 9.0.0.836 2010.07.12 -
BitDefender 7.2 2010.07.12 Gen:Variant.Renos.31
CAT-QuickHeal 11.00 2010.07.12 -
ClamAV 0.96.0.3-git 2010.07.12 -
Comodo 5403 2010.07.12 -
DrWeb 5.0.2.03300 2010.07.12 Trojan.Packed.1158
eSafe 7.0.17.0 2010.07.11 -
eTrust-Vet 36.1.7700 2010.07.12 -
F-Prot 4.6.1.107 2010.07.11 -
F-Secure 9.0.15370.0 2010.07.12 Gen:Variant.Renos.31
Fortinet 4.1.143.0 2010.07.11 -
GData 21 2010.07.12 Gen:Variant.Renos.31
Ikarus T3.1.1.84.0 2010.07.12 -
Jiangmin 13.0.900 2010.07.12 -
Kaspersky 7.0.0.125 2010.07.12 -
McAfee 5.400.0.1158 2010.07.12 Artemis!397CC549E3F5
McAfee-GW-Edition 2010.1 2010.07.12 Artemis!397CC549E3F5
Microsoft 1.5902 2010.07.12 -
NOD32 5272 2010.07.12 a variant of Win32/LockScreen.UZ
Norman 6.05.11 2010.07.12 -
nProtect 2010-07-12.01 2010.07.12 Gen:Variant.Renos.31
Panda 10.0.2.7 2010.07.11 Suspicious file
PCTools 7.0.3.5 2010.07.12 -
Prevx 3.0 2010.07.12 -
Rising 22.56.00.04 2010.07.12 -
Sophos 4.55.0 2010.07.12 -
Sunbelt 6566 2010.07.10 VirTool.Win32.Obfuscator.ah!a (v)
SUPERAntiSpyware 4.40.0.1006 2010.07.12 -
Symantec 20101.1.0.89 2010.07.12 -
TheHacker 6.5.2.1.312 2010.07.12 -
TrendMicro 9.120.0.1004 2010.07.12 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.12 -
VBA32 3.12.12.6 2010.07.12 BScope.Malware.FraudTool.xc
ViRobot 2010.7.12.3932 2010.07.12 -
VirusBuster 5.0.27.0 2010.07.12 -

virustotal.com/

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**ISO** · 20.07.2010, 09:36

File ali.exe received on 2010.07.20 05:24:22 (UTC)

Antivirus Version Last Update Result
a-squared 5.0.0.34 2010.07.20 Trojan-Downloader.Small!IK
AhnLab-V3 2010.07.20.00 2010.07.19 Backdoor/Win32.Trup
AntiVir 8.2.4.12 2010.07.19 TR/Dldr.Small.ardp
Antiy-AVL 2.0.3.7 2010.07.15 Trojan/Win32.Small.gen
Authentium 5.2.0.5 2010.07.20 -
Avast 4.8.1351.0 2010.07.19 Win32:Trojan-gen
Avast5 5.0.332.0 2010.07.19 Win32:Trojan-gen
AVG 9.0.0.836 2010.07.19 Clicker.AIZI
BitDefender 7.2 2010.07.20 Trojan.Generic.4052955
CAT-QuickHeal 11.00 2010.07.20 -
ClamAV 0.96.0.3-git 2010.07.20 -
Comodo 5482 2010.07.19 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.07.20 Trojan.Siggen1.30703
eSafe 7.0.17.0 2010.07.19 -
eTrust-Vet 36.1.7722 2010.07.20 -
F-Prot 4.6.1.107 2010.07.19 -
F-Secure 9.0.15370.0 2010.07.20 Trojan.Generic.4052955
Fortinet 4.1.143.0 2010.07.19 -
GData 21 2010.07.20 Trojan.Generic.4052955
Ikarus T3.1.1.84.0 2010.07.20 Trojan-Downloader.Small
Jiangmin 13.0.900 2010.07.19 TrojanDownloader.Small.artz
Kaspersky 7.0.0.125 2010.07.20 Backdoor.Win32.Trup.am
McAfee 5.400.0.1158 2010.07.20 -
McAfee-GW-Edition 2010.1 2010.07.19 -
Microsoft 1.6004 2010.07.19 -
NOD32 5293 2010.07.19 a variant of Win32/TrojanClicker.Agent.NKS
Norman 6.05.11 2010.07.19 -
nProtect 2010-07-20.01 2010.07.20 Trojan/W32.Small.17920.BH
Panda 10.0.2.7 2010.07.19 Generic Trojan
PCTools 7.0.3.5 2010.07.20 Trojan.Gen
Prevx 3.0 2010.07.20 Medium Risk Malware
Rising 22.57.01.02 2010.07.20 Trojan.Win32.Generic.52052F0B
Sophos 4.55.0 2010.07.20 -
Sunbelt 6605 2010.07.20 Trojan.Win32.Generic!BT
Symantec 20101.1.1.7 2010.07.20 Trojan.Gen
TheHacker 6.5.2.1.320 2010.07.19 -
TrendMicro 9.120.0.1004 2010.07.19 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.20 -
VBA32 3.12.12.6 2010.07.19 -
ViRobot 2010.6.21.3896 2010.07.20 -
VirusBuster 5.0.27.0 2010.07.19 -

Additional information
File size: 17920 bytes
MD5...: f2782d280ff4765299eb5aec472acfdb
SHA1..: d8a0e1d9cfe4897e9eab31adb19ad1d6324de002
SHA256: 35668de01833bc1099834772d4f1e4b729ffe633699b92783d ba455c57af5a48
ssdeep: 384:UmP1u69a1AM4C0r1c7+RxBOsFt7QQ2xx1AIL3znvW/nlu4FtG:zArAM4Vr1c
7+zBOsFZQQ2xx3znvW/nlk
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3544
timedatestamp.....: 0x4bf10121 (Mon May 17 08:41:05 2010)
machinetype.......: 0x14c (I386)

**jerkol** · 20.07.2010, 12:13

File _WTR4132.tmp.rar received on 2010.07.20 08:07:56 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 24/42 (57.15%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 81 and 116 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2010.07.20.00 2010.07.19 -
AntiVir 8.2.4.12 2010.07.20 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.20 -
Avast 4.8.1351.0 2010.07.19 Win32:Malware-gen
Avast5 5.0.332.0 2010.07.19 Win32:Malware-gen
AVG 9.0.0.836 2010.07.19 Dropper.Generic2.YQQ
BitDefender 7.2 2010.07.20 Win32.Worm.Stuxnet.A
CAT-QuickHeal 11.00 2010.07.20 -
ClamAV 0.96.0.3-git 2010.07.20 Trojan.Stuxnet
Comodo 5483 2010.07.20 -
DrWeb 5.0.2.03300 2010.07.20 Trojan.Stuxnet.1
Emsisoft 5.0.0.34 2010.07.20 Trojan-Dropper.Win32.Stuxnet!IK
eSafe 7.0.17.0 2010.07.19 Win32.TRDrop.Stuxnet
eTrust-Vet 36.1.7723 2010.07.20 -
F-Prot 4.6.1.107 2010.07.19 -
F-Secure 9.0.15370.0 2010.07.20 Trojan-Dropper:W32/Stuxnet.A
Fortinet 4.1.143.0 2010.07.19 -
GData 21 2010.07.20 Win32.Worm.Stuxnet.A
Ikarus T3.1.1.84.0 2010.07.20 Trojan-Dropper.Win32.Stuxnet
Jiangmin 13.0.900 2010.07.20 TrojanDropper.Stuxnet.a
Kaspersky 7.0.0.125 2010.07.20 Trojan-Dropper.Win32.Stuxnet.a
McAfee 5.400.0.1158 2010.07.20 Stuxnet
McAfee-GW-Edition 2010.1 2010.07.20 Artemis!D7BC75397629
Microsoft 1.6004 2010.07.20 TrojanDropper:Win32/Stuxnet.A
NOD32 5293 2010.07.19 a variant of Win32/Stuxnet.A
Norman 6.05.11 2010.07.19 W32/Suspicious_Gen2.BOYEK
nProtect 2010-07-20.01 2010.07.20 -
Panda 10.0.2.7 2010.07.19 Rootkit/TmpHider
PCTools 7.0.3.5 2010.07.20 Malware.Stuxnet
Prevx 3.0 2010.07.20 -
Rising 22.57.01.04 2010.07.20 -
Sophos 4.55.0 2010.07.20 -
Sunbelt 6605 2010.07.20 Trojan.Win32.Generic!BT
SUPERAntiSpyware 4.40.0.1006 2010.07.20 -
Symantec 20101.1.1.7 2010.07.20 -
TheHacker 6.5.2.1.320 2010.07.19 -
TrendMicro 9.120.0.1004 2010.07.20 WORM_STUXNET.SM
TrendMicro-HouseCall 9.120.0.1004 2010.07.20 WORM_STUXNET.SM
VBA32 3.12.12.6 2010.07.19 Trojan-Spy.0485
ViRobot 2010.6.21.3896 2010.07.20 -
VirusBuster 5.0.27.0 2010.07.19 -
Additional information
File size: 1018519 bytes
MD5...: 32d3e83f195e687c552f0ba9262d5f77
SHA1..: ad7840007d32370aa25198ced30ff6dd70320945
SHA256: 64ef4ef3413e593c8fe2ecc852a75f951c4f91c2d9a0bfd17a 68efc2b6ec8dae
ssdeep: 24576:+4v853A7ekORdOvVeHNqogJXbaoumuTw4Nh:+4v856xO uvgNqZb1umuTw4
z
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: RAR Archive (83.3%)
REALbasic Project (16.6%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

**olejah** · 21.07.2010, 18:14

Файл - C:\WINDOWS\system32\driqst.exe - новый зловред, Backdoor.Win32.Shiz.ms

Антивирус Версия Обновление Результат
a-squared 5.0.0.34 2010.07.20 -
AhnLab-V3 2010.07.20.00 2010.07.19 -
AntiVir 8.2.4.12 2010.07.19 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.20 -
Avast 4.8.1351.0 2010.07.19 -
Avast5 5.0.332.0 2010.07.19 -
AVG 9.0.0.836 2010.07.19 -
BitDefender 7.2 2010.07.20 -
CAT-QuickHeal 11.00 2010.07.19 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.07.19 -
Comodo 5482 2010.07.19 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.07.20 Trojan.PWS.Ibank.53
eSafe 7.0.17.0 2010.07.19 -
eTrust-Vet 36.1.7722 2010.07.20 -
F-Prot 4.6.1.107 2010.07.19 -
F-Secure 9.0.15370.0 2010.07.20 -
Fortinet 4.1.143.0 2010.07.19 -
GData 21 2010.07.20 -
Ikarus T3.1.1.84.0 2010.07.20 -
Jiangmin 13.0.900 2010.07.19 -
Kaspersky 7.0.0.125 2010.07.20 Backdoor.Win32.Shiz.ms
McAfee 5.400.0.1158 2010.07.20 -
McAfee-GW-Edition 2010.1 2010.07.19 -
Microsoft 1.6004 2010.07.19 -
NOD32 5293 2010.07.19 Win32/Spy.Shiz.NAL
Norman 6.05.11 2010.07.19 -
nProtect 2010-07-19.01 2010.07.19 -
Panda 10.0.2.7 2010.07.19 Suspicious file
PCTools 7.0.3.5 2010.07.20 -
Prevx 3.0 2010.07.20 High Risk Cloaked Malware
Rising 22.57.00.04 2010.07.20 -
Sophos 4.55.0 2010.07.20 -
Sunbelt 6605 2010.07.20 -
SUPERAntiSpyware 4.40.0.1006 2010.07.20 -
Symantec 20101.1.1.7 2010.07.20 -
TheHacker 6.5.2.1.320 2010.07.19 -
TrendMicro 9.120.0.1004 2010.07.19 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.20 -
VBA32 3.12.12.6 2010.07.19 -
ViRobot 2010.6.21.3896 2010.07.19 -
VirusBuster 5.0.27.0 2010.07.19 -

virustotal.com

**olejah** · 25.07.2010, 10:01

Популярный в последнее время - \Documents and Settings\Username\Главное меню\Программы\Автозагрузка\wwwznv32.exe -

Антивирус Версия Обновление Результат
AhnLab-V3 2010.07.24.01 2010.07.23 -
AntiVir 8.2.4.26 2010.07.23 -
Antiy-AVL 2.0.3.7 2010.07.23 -
Authentium 5.2.0.5 2010.07.24 -
Avast 4.8.1351.0 2010.07.24 Win32:Crypt-GYS
Avast5 5.0.332.0 2010.07.24 Win32:Crypt-GYS
AVG 9.0.0.851 2010.07.24 -
BitDefender 7.2 2010.07.24 Gen:Variant.Ursnif.19
CAT-QuickHeal 11.00 2010.07.24 -
ClamAV 0.96.0.3-git 2010.07.24 -
Comodo 5522 2010.07.23 -
DrWeb 5.0.2.03300 2010.07.24 -
Emsisoft 5.0.0.34 2010.07.24 -
eSafe 7.0.17.0 2010.07.22 -
eTrust-Vet 36.1.7734 2010.07.24 -
F-Prot 4.6.1.107 2010.07.24 -
F-Secure 9.0.15370.0 2010.07.24 Gen:Variant.Ursnif.19
Fortinet 4.1.143.0 2010.07.24 -
GData 21 2010.07.24 Gen:Variant.Ursnif.19
Ikarus T3.1.1.84.0 2010.07.24 -
Jiangmin 13.0.900 2010.07.24 -
Kaspersky 7.0.0.125 2010.07.24 -
McAfee 5.400.0.1158 2010.07.24 -
McAfee-GW-Edition 2010.1 2010.07.23 -
Microsoft 1.6004 2010.07.24 TrojanDownloader:Win32/Bredolab.AA
NOD32 5308 2010.07.24 -
Norman 6.05.11 2010.07.24 -
nProtect 2010-07-24.02 2010.07.24 Gen:Variant.Ursnif.19
Panda 10.0.2.7 2010.07.24 Suspicious file
PCTools 7.0.3.5 2010.07.24 -
Prevx 3.0 2010.07.24 Medium Risk Malware
Rising 22.57.03.08 2010.07.23 -
Sophos 4.55.0 2010.07.24 -
Sunbelt 6631 2010.07.24 Trojan.Win32.Generic.pak!cobra
SUPERAntiSpyware 4.40.0.1006 2010.07.24 Trojan.Agent/Gen-Faldesc
Symantec 20101.1.1.7 2010.07.24 -
TheHacker 6.5.2.1.324 2010.07.23 -
TrendMicro 9.120.0.1004 2010.07.23 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.24 TROJ_BURNIX.SMEP
VBA32 3.12.12.6 2010.07.23 -
ViRobot 2010.7.23.3956 2010.07.24 -
VirusBuster 5.0.27.0 2010.07.23 -

virustotal.com

**valho** · 27.07.2010, 15:12

В одной школе нашёл, на стареньком компике, есть цифровая подпись, может из за того что упаковано molebox так выдаёт

File GCLEAN.EXE received on 2010.07.27 10:24:42 (UTC)
Current status: finished
Result: 20/42 (47.62%)

AhnLab-V3 2010.07.27.00 2010.07.26 Backdoor/Win32.Trojan
AntiVir 8.2.4.26 2010.07.27 BDS/Bot.95399
Antiy-AVL 2.0.3.7 2010.07.26 -
Authentium 5.2.0.5 2010.07.27 -
Avast 4.8.1351.0 2010.07.26 -
Avast5 5.0.332.0 2010.07.26 -
AVG 9.0.0.851 2010.07.27 -
BitDefender 7.2 2010.07.27 Backdoor.Bot.95399
CAT-QuickHeal 11.00 2010.07.27 Trojan.Agent.ATV
ClamAV 0.96.0.3-git 2010.07.27 PUA.Packed.MoleBox.2X
Comodo 5554 2010.07.27 Heur.Suspicious
DrWeb 5.0.2.03300 2010.07.27 -
Emsisoft 5.0.0.34 2010.07.27 -
eSafe 7.0.17.0 2010.07.26 SuspiciousR-Mytob3
eTrust-Vet 36.1.7738 2010.07.26 -
F-Prot 4.6.1.107 2010.07.27 -
F-Secure 9.0.15370.0 2010.07.27 Backdoor.Bot.95399
Fortinet 4.1.143.0 2010.07.24 -
GData 21 2010.07.27 Backdoor.Bot.95399
Ikarus T3.1.1.84.0 2010.07.27 -
Jiangmin 13.0.900 2010.07.26 -
Kaspersky 7.0.0.125 2010.07.27 -
McAfee 5.400.0.1158 2010.07.27 Artemis!40D6BE49F665
McAfee-GW-Edition 2010.1 2010.07.27 Artemis!40D6BE49F665
Microsoft 1.6004 2010.07.27 -
NOD32 5316 2010.07.27 -
Norman 6.05.11 2010.07.27 W32/Bot.JO
nProtect 2010-07-27.01 2010.07.27 Backdoor.Bot.95399
Panda 10.0.2.7 2010.07.26 Trj/CI.A
PCTools 7.0.3.5 2010.07.27 Backdoor.Trojan
Prevx 3.0 2010.07.27 Medium Risk Malware
Rising 22.58.01.04 2010.07.27 -
Sophos 4.55.0 2010.07.27 -
Sunbelt 6647 2010.07.27 Trojan.Win32.Generic!BT
SUPERAntiSpyware 4.40.0.1006 2010.07.27 -
Symantec 20101.1.1.7 2010.07.27 Backdoor.Trojan
TheHacker 6.5.2.1.326 2010.07.27 W32/Behav-Heuristic-065
TrendMicro 9.120.0.1004 2010.07.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.27 -
VBA32 3.12.12.6 2010.07.27 -
ViRobot 2010.7.28.3961 2010.07.27 -
VirusBuster 5.0.27.0 2010.07.27 Packed/MoleBox

Additional information
File size: 350784 bytes
MD5 : 40d6be49f665e7a00686f69f24602a2e
SHA1 : a6ff7b33b1c7122f748bdd56a0b3ab923baaad26
SHA256: 622ca0f8943800438b3a97efad9d72e784f4ee0b6a4c85e49d 31643e64e759c7
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x85B63
timedatestamp.....: 0x2A425E19 (Sat Jun 20 00:22:17 1992)
machinetype.......: 0x14C (Intel I386)
sigcheck: publisher....: ___ ___ _______-_______
copyright....: (C) 2006 ___ ___ _______-_______
product......: ______. _________ F1
description..: _______ ______ - _______ _______
original name: gclean.exe
internal name: ______-_______
file version.: 6.3.0.19
comments.....: n/a
signers......: NPP Garant-Service
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 2:27 AM 1/27/2006
verified.....: -
Prevx Info: http://info.prevx.com/aboutprogramte...6AF80076EAAC1B

**grobik** · 30.07.2010, 04:19

C:\Documents and Settings\Username\Аpplication data\fuki.exe

Файл fuki.exe получен 2010.07.29 21:32:38 (UTC)

Результат: 8/42 (19.05%)

Антивирус Версия Обновление Результат
AhnLab-V3 2010.07.29.00 2010.07.28 -
AntiVir 8.2.4.32 2010.07.29 TR/Dropper.Gen
Antiy-AVL 2.0.3.7 2010.07.29 -
Authentium 5.2.0.5 2010.07.29 W32/Trojan2.NABV
Avast 4.8.1351.0 2010.07.29 -
Avast5 5.0.332.0 2010.07.29 -
AVG 9.0.0.851 2010.07.29 -
BitDefender 7.2 2010.07.29 Gen:Variant.Koobface.1
CAT-QuickHeal 11.00 2010.07.29 -
ClamAV 0.96.0.3-git 2010.07.29 -
Comodo 5584 2010.07.29 -
DrWeb 5.0.2.03300 2010.07.29 BackDoor.Qbot.20
Emsisoft 5.0.0.34 2010.07.29 -
eSafe 7.0.17.0 2010.07.29 -
eTrust-Vet 36.1.7748 2010.07.29 -
F-Prot 4.6.1.107 2010.07.29 W32/Trojan2.NABV
F-Secure 9.0.15370.0 2010.07.29 Gen:Variant.Koobface.1
Fortinet 4.1.143.0 2010.07.29 -
GData 21 2010.07.29 Gen:Variant.Koobface.1
Ikarus T3.1.1.84.0 2010.07.29 -
Jiangmin 13.0.900 2010.07.29 -
Kaspersky 7.0.0.125 2010.07.29 -
McAfee 5.400.0.1158 2010.07.29 -
McAfee-GW-Edition 2010.1 2010.07.29 -
Microsoft 1.6004 2010.07.29 -
NOD32 5324 2010.07.29 -
Norman 6.05.11 2010.07.29 -
nProtect 2010-07-29.01 2010.07.29 -
Panda 10.0.2.7 2010.07.29 -
PCTools 7.0.3.5 2010.07.29 -
Prevx 3.0 2010.07.29 -
Rising 22.58.03.04 2010.07.29 -
Sophos 4.56.0 2010.07.29 Mal/EncPk-LW
Sunbelt 6660 2010.07.29 -
SUPERAntiSpyware 4.40.0.1006 2010.07.29 -
Symantec 20101.1.1.7 2010.07.29 -
TheHacker 6.5.2.1.328 2010.07.29 -
TrendMicro 9.120.0.1004 2010.07.29 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.29 -
VBA32 3.12.12.6 2010.07.28 -
ViRobot 2010.7.29.3963 2010.07.29 -
VirusBuster 5.0.27.0 2010.07.29 -

Дополнительная информация
File size: 166400 bytes
MD5...: e573040b8257f7d6b98adf47dddd6b02
SHA1..: 93f0d889b217625d67d3563541a92aaec633146b
SHA256: 0decedcda7378dca793c1d7e167df03e5d3051f2d2c071c4bc 9b84a088181d07

( base data )
entrypointaddress.: 0x11b0
timedatestamp.....: 0x3eabdc15 (Sun Apr 27 13:33:09 2003)
machinetype.......: 0x14c (I386)

sigcheck:
publisher....: VMware, Inc.
copyright....: Copyright (c) 1998-2008 VMware, Inc.
product......: VMware Workstation
description..: VMware Virtual Disk Manager
original name: vmware-vdiskmanager.exe
internal name: diskUtil
file version.: 6.5.1 build-126130
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
http://www.virustotal.com/ru/analisi...d07-1280439158

**olejah** · 30.07.2010, 23:33

Совсем-совсем свежачок - C:\WINDOWS\system32\sidebar32.exe, Касперский добавил вчера - новый зловред, Trojan-Spy.Win32.BZub.iad. Последние два дня очень часто встречается в Помогите -

Антивирус Версия Обновление Результат
AhnLab-V3 2010.07.30.00 2010.07.29 Spyware/Win32.BZub
AntiVir 8.2.4.32 2010.07.30 TR/Spy.BZub.iad
Antiy-AVL 2.0.3.7 2010.07.30 -
Authentium 5.2.0.5 2010.07.30 -
Avast 4.8.1351.0 2010.07.30 -
Avast5 5.0.332.0 2010.07.30 -
AVG 9.0.0.851 2010.07.30 -
BitDefender 7.2 2010.07.30 -
CAT-QuickHeal 11.00 2010.07.30 -
ClamAV 0.96.0.3-git 2010.07.30 -
Comodo 5590 2010.07.30 -
DrWeb 5.0.2.03300 2010.07.30 -
Emsisoft 5.0.0.34 2010.07.30 -
eSafe 7.0.17.0 2010.07.29 -
eTrust-Vet 36.1.7751 2010.07.30 -
F-Prot 4.6.1.107 2010.07.30 -
F-Secure 9.0.15370.0 2010.07.30 -
Fortinet 4.1.143.0 2010.07.30 -
GData 21 2010.07.30 -
Ikarus T3.1.1.84.0 2010.07.30 -
Jiangmin 13.0.900 2010.07.29 -
Kaspersky 7.0.0.125 2010.07.30 Trojan-Spy.Win32.BZub.iad
McAfee 5.400.0.1158 2010.07.30 -
McAfee-GW-Edition 2010.1 2010.07.30 -
Microsoft 1.6004 2010.07.30 -
NOD32 5327 2010.07.30 Win32/AutoRun.Agent.WA
Norman 6.05.11 2010.07.30 -
nProtect 2010-07-30.02 2010.07.30 -
Panda 10.0.2.7 2010.07.30 -
PCTools 7.0.3.5 2010.07.30 -
Prevx 3.0 2010.07.30 -
Rising 22.58.04.05 2010.07.30 -
Sophos 4.56.0 2010.07.30 Mal/Generic-L
Sunbelt 6664 2010.07.30 -
Symantec 20101.1.1.7 2010.07.30 -
TheHacker 6.5.2.1.328 2010.07.30 -
TrendMicro 9.120.0.1004 2010.07.30 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.30 -
VBA32 3.12.12.7 2010.07.30 -
ViRobot 2010.7.30.3963 2010.07.30 -
VirusBuster 5.0.27.0 2010.07.30 -

virustotal.com

**Никита Соловьев** · 03.08.2010, 00:09

Файл avz00001.dta получен 2010.08.02 20:05:46 (UTC)Антивирус Версия Обновление Результат

AhnLab-V3 2010.08.01.00 2010.07.31 -
AntiVir 8.2.4.32 2010.08.02 TR/Spy.98304.342
Antiy-AVL 2.0.3.7 2010.08.02 -
Authentium 5.2.0.5 2010.08.02 -
Avast 4.8.1351.0 2010.08.02 Win32:Rootkit-gen
Avast5 5.0.332.0 2010.08.02 Win32:Rootkit-gen
AVG 9.0.0.851 2010.08.02 SHeur3.AQXB
BitDefender 7.2 2010.08.02 Gen:Trojan.Heur.FU.gq0@aaDk4Mji
CAT-QuickHeal 11.00 2010.08.02 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.08.02 -
Comodo 5623 2010.08.02 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.08.02 -
Emsisoft 5.0.0.34 2010.07.30 -
eSafe 7.0.17.0 2010.08.02 -
eTrust-Vet 36.1.7757 2010.08.02 -
F-Prot 4.6.1.107 2010.08.02 -
F-Secure 9.0.15370.0 2010.08.02 Gen:Trojan.Heur.FU.gq0@aaDk4Mji
Fortinet 4.1.143.0 2010.08.02 -
GData 21 2010.08.02 Gen:Trojan.Heur.FU.gq0@aaDk4Mji
Ikarus T3.1.1.84.0 2010.08.02 -
Jiangmin 13.0.900 2010.08.01 -
Kaspersky 7.0.0.125 2010.08.02 -
McAfee 5.400.0.1158 2010.08.02 -
McAfee-GW-Edition 2010.1 2010.08.02 -
Microsoft 1.6004 2010.08.02 -
NOD32 5335 2010.08.02 -
Norman 6.05.11 2010.08.02 -
nProtect 2010-08-02.02 2010.08.02 -
Panda 10.0.2.7 2010.08.02 Suspicious file
PCTools 7.0.3.5 2010.08.02 -
Prevx 3.0 2010.08.02 -
Rising 22.59.00.04 2010.08.02 -
Sophos 4.56.0 2010.08.02 -
Sunbelt 6675 2010.08.02 -
SUPERAntiSpyware 4.40.0.1006 2010.08.02 -
Symantec 20101.1.1.7 2010.08.02 -
TheHacker 6.5.2.1.328 2010.07.30 -
TrendMicro 9.120.0.1004 2010.08.02 BKDR_SHIZ.V
TrendMicro-HouseCall 9.120.0.1004 2010.08.02 BKDR_SHIZ.V
VBA32 3.12.12.7 2010.08.02 -
ViRobot 2010.7.31.3965 2010.08.02 -
VirusBuster 5.0.27.0 2010.08.02 -

**Никита Соловьев** · 03.08.2010, 16:20

Сегодняшний

Файл avz00002.dta получен 2010.08.03 12:16:45 (UTC)Антивирус Версия Обновление Результат

AhnLab-V3 2010.08.03.00 2010.08.03 -
AntiVir 8.2.4.32 2010.08.03 -
Antiy-AVL 2.0.3.7 2010.08.03 -
Authentium 5.2.0.5 2010.08.03 -
Avast 4.8.1351.0 2010.08.03 -
Avast5 5.0.332.0 2010.08.03 -
AVG 9.0.0.851 2010.08.03 SHeur3.AQZJ
BitDefender 7.2 2010.08.03 -
CAT-QuickHeal 11.00 2010.08.03 -
ClamAV 0.96.0.3-git 2010.08.03 -
Comodo 5630 2010.08.03 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.08.03 -
Emsisoft 5.0.0.36 2010.08.03 -
eSafe 7.0.17.0 2010.08.02 -
eTrust-Vet 36.1.7759 2010.08.03 -
F-Prot 4.6.1.107 2010.08.03 -
F-Secure 9.0.15370.0 2010.08.03 Suspicious:W32/Malware!Gemini
Fortinet 4.1.143.0 2010.08.02 -
GData 21 2010.08.03 -
Ikarus T3.1.1.84.0 2010.08.03 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.03 -
McAfee 5.400.0.1158 2010.08.03 -
McAfee-GW-Edition 2010.1 2010.08.03 -
Microsoft 1.6004 2010.08.03 -
NOD32 5336 2010.08.03 -
Norman 6.05.11 2010.08.02 -
nProtect 2010-08-03.01 2010.08.03 -
Panda 10.0.2.7 2010.08.02 Suspicious file
PCTools 7.0.3.5 2010.08.03 -
Prevx 3.0 2010.08.03 -
Rising 22.59.01.04 2010.08.03 -
Sophos 4.56.0 2010.08.03 -
Sunbelt 6678 2010.08.03 -
SUPERAntiSpyware 4.40.0.1006 2010.08.03 -
Symantec 20101.1.1.7 2010.08.03 -
TheHacker 6.5.2.1.329 2010.08.03 -
TrendMicro 9.120.0.1004 2010.08.03 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.03 -
VBA32 3.12.12.7 2010.08.02 -
ViRobot 2010.8.3.3969 2010.08.03 -
VirusBuster 5.0.27.0 2010.08.02 -

**grobik** · 04.08.2010, 05:07

Файл Reader.exe получен 2010.08.03 22:18:08 (UTC)
Текущий статус: закончено

Результат: 7/42 (16.67%)

Антивирус Версия Обновление Результат
AhnLab-V3 2010.08.04.00 2010.08.03 -
AntiVir 8.2.4.32 2010.08.03 -
Antiy-AVL 2.0.3.7 2010.08.03 -
Authentium 5.2.0.5 2010.08.03 W32/Bredolab.GC
Avast 4.8.1351.0 2010.08.03 -
Avast5 5.0.332.0 2010.08.03 -
AVG 9.0.0.851 2010.08.03 -
BitDefender 7.2 2010.08.03 -
CAT-QuickHeal 11.00 2010.08.03 -
ClamAV 0.96.0.3-git 2010.08.03 Trojan.GenericBL.3232
Comodo 5636 2010.08.04 -
DrWeb 5.0.2.03300 2010.08.03 -
Emsisoft 5.0.0.36 2010.08.04 -
eSafe 7.0.17.0 2010.08.03 -
eTrust-Vet 36.1.7759 2010.08.03 -
F-Prot 4.6.1.107 2010.08.03 -
F-Secure 9.0.15370.0 2010.08.03 Suspicious:W32/Malware!Gemini
Fortinet 4.1.143.0 2010.08.02 -
GData 21 2010.08.03 -
Ikarus T3.1.1.84.0 2010.08.03 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.03 -
McAfee 5.400.0.1158 2010.08.03 -
McAfee-GW-Edition 2010.1 2010.08.03 -
Microsoft 1.6004 2010.08.03 -
NOD32 5338 2010.08.03 -
Norman 6.05.11 2010.08.03 W32/Bredolab.B!genr
nProtect 2010-08-03.01 2010.08.03 -
Panda 10.0.2.7 2010.08.03 -
PCTools 7.0.3.5 2010.08.03 -
Prevx 3.0 2010.08.04 High Risk Cloaked Malware
Rising 22.59.01.04 2010.08.03 -
Sophos 4.56.0 2010.08.03 Mal/EncPk-QA
Sunbelt 6680 2010.08.03 Trojan.Win32.Generic.pak!cobra
SUPERAntiSpyware 4.40.0.1006 2010.08.03 -
Symantec 20101.1.1.7 2010.08.03 -
TheHacker 6.5.2.1.330 2010.08.03 -
TrendMicro 9.120.0.1004 2010.08.03 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.03 -
VBA32 3.12.12.7 2010.08.02 -
ViRobot 2010.8.3.3969 2010.08.03 -
VirusBuster 5.0.27.0 2010.08.03 -

File size: 21504 bytes
MD5...: 64149dde50077f83502bbf532966f69f
SHA1..: 29e8e72501cf4f8c779ec9698893bd946d29967b
SHA256: 025e6e8752194c34e1c3593c1f03f51479a4cb825fe7b02b79 cf15efe5b1d6b4
ssdeep: 384:scZZkDqx1uSQGT7UTw6AlT+WymHD9TRJSbIdMecgoq:fZk DqLuSQw7UTyiWy
CVJS2Me3h

( base data )
entrypointaddress.: 0x1390
timedatestamp.....: 0x4bdc490c (Sat May 01 15:30:20 2010)
machinetype.......: 0x14c (I386)
http://www.virustotal.com/ru/analisi...6b4-1280873888

**grobik** · 07.08.2010, 05:19

C:\Program Files\Common Files\Microsoft Shared\Help\1046\MicrosoftHelp.exe

Файл MicrosoftHelp.exe получен 2010.08.06 22:39:54 (UTC)

Результат: 8/42 (19.05%)

Антивирус Версия Обновление Результат
AhnLab-V3 2010.08.07.00 2010.08.06 -
AntiVir 8.2.4.34 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.06 W32/Katusha.C.gen!Eldorado
Avast 4.8.1351.0 2010.08.06 -
Avast5 5.0.332.0 2010.08.06 -
AVG 9.0.0.851 2010.08.06 Cryptic.ATF
BitDefender 7.2 2010.08.07 -
CAT-QuickHeal 11.00 2010.08.06 -
ClamAV 0.96.0.3-git 2010.08.06 -
Comodo 5671 2010.08.06 Heur.Packed.Unknown
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7771 2010.08.06 -
F-Prot 4.6.1.107 2010.08.06 W32/Katusha.C.gen!Eldorado
F-Secure 9.0.15370.0 2010.08.07 -
Fortinet 4.1.143.0 2010.08.06 -
GData 21 2010.08.06 -
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.06 -
McAfee 5.400.0.1158 2010.08.06 Downloader-CEW
McAfee-GW-Edition 2010.1 2010.08.06 Heuristic.BehavesLike.Win32.Suspicious.A
Microsoft 1.6004 2010.08.06 -
NOD32 5348 2010.08.06 -
Norman 6.05.11 2010.08.06 -
nProtect 2010-08-06.01 2010.08.06 -
Panda 10.0.2.7 2010.08.06 Suspicious file
PCTools 7.0.3.5 2010.08.06 -
Prevx 3.0 2010.08.07 -
Rising 22.59.04.04 2010.08.06 -
Sophos 4.56.0 2010.08.06 Mal/FakeAV-EI
Sunbelt 6696 2010.08.06 -
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.07 -
TheHacker 6.5.2.1.335 2010.08.07 -
TrendMicro 9.120.0.1004 2010.08.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.07 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.06 -
VirusBuster 5.0.27.0 2010.08.06 -

File size: 163840 bytes
MD5...: a974c620a84ca66a2445581a996822c3
SHA1..: 8bc98d6392014e2b22632dcea0227c4209a98d73
SHA256: dbac0281507987694f6217d655396bb7503bb4ebd2d1d14061 5e84b5c979171d
ssdeep: 3072:81XmnVKXi9DvPSX0rJ4OpbQp1Fj8Zk3n7Qeokrcj0fy:R 9DvPSX0VtpRZic

( base data )
entrypointaddress.: 0x2b74
timedatestamp.....: 0x3c6c7ff8 (Fri Feb 15 03:26:48 2002)
machinetype.......: 0x14c (I386)
http://www.virustotal.com/ru/analisi...71d-1281134394

**polar_owl** · 07.08.2010, 21:55

Поймал неделю назад у знакомого на компьютере. Жаловался, что при нажатии на ссылку на mail.ru его перенаправляет на порносайт.
Выложил результат проверки только сейчас, так как ждал вердикта аналитиков из Kaspersky или DrWeb. DrWeb только вчера его добавили. От Kaspersky, судя по Киберу, нет ответа с 20.07.
Зараза прописывается в AppInit_DLLs, имеет имя: C:\WINDOWS\system32\sysintm.dll

Файл avz00001.dta получен 2010.08.07 17:42:54 (UTC)
Результат: 4/42 (9.53%)

Антивирус Версия Обновление Результат
AhnLab-V3 2010.08.07.00 2010.08.06 -
AntiVir 8.2.4.34 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.07 -
Avast 4.8.1351.0 2010.08.07 -
Avast5 5.0.332.0 2010.08.07 -
AVG 9.0.0.851 2010.08.07 -
BitDefender 7.2 2010.08.07 -
CAT-QuickHeal 11.00 2010.08.07 -
ClamAV 0.96.0.3-git 2010.08.07 -
Comodo 5672 2010.08.07 -
DrWeb 5.0.2.03300 2010.08.07 Trojan.BrowseSpy.2
Emsisoft 5.0.0.36 2010.08.07 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7773 2010.08.07 -
F-Prot 4.6.1.107 2010.08.07 -
F-Secure 9.0.15370.0 2010.08.07 -
Fortinet 4.1.143.0 2010.08.07 -
GData 21 2010.08.07 -
Ikarus T3.1.1.84.0 2010.08.07 -
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.07 -
McAfee 5.400.0.1158 2010.08.07 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.07 -
NOD32 5348 2010.08.06 Win32/Agent.OGA
Norman 6.05.11 2010.08.07 -
nProtect 2010-08-07.01 2010.08.07 -
Panda 10.0.2.7 2010.08.07 -
PCTools 7.0.3.5 2010.08.07 -
Prevx 3.0 2010.08.07 -
Rising 22.59.05.04 2010.08.07 -
Sophos 4.56.0 2010.08.07 -
Sunbelt 6700 2010.08.07 -
SUPERAntiSpyware 4.40.0.1006 2010.08.07 -
Symantec 20101.1.1.7 2010.08.07 -
TheHacker 6.5.2.1.336 2010.08.07 Trojan/Agent.oga
TrendMicro 9.120.0.1004 2010.08.07 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.08.07 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.07 -
VirusBuster 5.0.27.0 2010.08.07 -

VirusTotal

**Никита Соловьев** · 08.08.2010, 01:54

Новое из раздела "помогите"

Файл avz00001.dta получен 2010.08.07 21:49:55 (UTC)Антивирус Версия Обновление

Результат
AhnLab-V3 2010.08.08.00 2010.08.07 -
AntiVir 8.2.4.34 2010.08.07 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.07 -
Avast 4.8.1351.0 2010.08.07 -
Avast5 5.0.332.0 2010.08.07 -
AVG 9.0.0.851 2010.08.07 SHeur3.ASBP
BitDefender 7.2 2010.08.07 -
CAT-QuickHeal 11.00 2010.08.07 -
ClamAV 0.96.0.3-git 2010.08.07 -
Comodo 5676 2010.08.07 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.08.07 -
Emsisoft 5.0.0.36 2010.08.07 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7773 2010.08.07 -
F-Prot 4.6.1.107 2010.08.07 -
F-Secure 9.0.15370.0 2010.08.07 Suspicious:W32/Malware!Gemini
Fortinet 4.1.143.0 2010.08.07 -
GData 21 2010.08.07 -
Ikarus T3.1.1.84.0 2010.08.07 -
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.07 -
McAfee 5.400.0.1158 2010.08.07 -
McAfee-GW-Edition 2010.1 2010.08.07 -
Microsoft 1.6004 2010.08.07 -
NOD32 5349 2010.08.07 -
Norman 6.05.11 2010.08.07 -
nProtect 2010-08-07.01 2010.08.07 -
Panda 10.0.2.7 2010.08.07 Suspicious file
PCTools 7.0.3.5 2010.08.07 -
Prevx 3.0 2010.08.07 -
Rising 22.59.05.04 2010.08.07 -
Sophos 4.56.0 2010.08.07 -
Sunbelt 6700 2010.08.07 -
SUPERAntiSpyware 4.40.0.1006 2010.08.07 -
Symantec 20101.1.1.7 2010.08.07 Suspicious.Mystic
TheHacker 6.5.2.1.336 2010.08.07 -
TrendMicro 9.120.0.1004 2010.08.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.07 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.07 -
VirusBuster 5.0.27.0 2010.08.07 -

**DefesT** · 10.08.2010, 04:25

File _.exe received on 2010.08.10 00:12:29 (UTC)
Result: 17/42 (40.48%)

Antivirus Version Last Update Result
AhnLab-V3 2010.08.10.00 2010.08.09 Malware/Win32.Generic
AntiVir 8.2.4.34 2010.08.09 TR/Midgare.apwr
Antiy-AVL 2.0.3.7 2010.08.09 -
Authentium 5.2.0.5 2010.08.09 -
Avast 4.8.1351.0 2010.08.09 Win32:Trojan-gen
Avast5 5.0.332.0 2010.08.09 Win32:Trojan-gen
AVG 9.0.0.851 2010.08.09 -
BitDefender 7.2 2010.08.10 Trojan.Generic.KD.25631
CAT-QuickHeal 11.00 2010.08.09 -
ClamAV 0.96.0.3-git 2010.08.09 -
Comodo 5700 2010.08.10 -
DrWeb 5.0.2.03300 2010.08.10 Trojan.Inject.9224
Emsisoft 5.0.0.36 2010.08.09 Trojan.Win32.VBKrypt!IK
eSafe 7.0.17.0 2010.08.09 Suspicious File
eTrust-Vet 36.1.7778 2010.08.09 -
F-Prot 4.6.1.107 2010.08.09 -
F-Secure 9.0.15370.0 2010.08.10 Trojan.Generic.KD.25631
Fortinet 4.1.143.0 2010.08.09 -
GData 21 2010.08.10 Trojan.Generic.KD.25631
Ikarus T3.1.1.87.0 2010.08.09 Trojan.Win32.VBKrypt
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.09 -
McAfee 5.400.0.1158 2010.08.10 -
McAfee-GW-Edition 2010.1 2010.08.09 Heuristic.LooksLike.Win32.Suspicious.F!89
Microsoft 1.6004 2010.08.09 -
NOD32 5353 2010.08.09 -
Norman 6.05.11 2010.08.09 W32/VBTroj.CYEZ
nProtect 2010-08-09.02 2010.08.09 Trojan.Generic.KD.25631
Panda 10.0.2.7 2010.08.09 Suspicious file
PCTools 7.0.3.5 2010.08.09 -
Prevx 3.0 2010.08.10 Medium Risk Malware Dropper
Rising 22.60.00.04 2010.08.09 -
Sophos 4.56.0 2010.08.09 Mal/Dloadr-AL
Sunbelt 6709 2010.08.10 -
SUPERAntiSpyware 4.40.0.1006 2010.08.10 -
Symantec 20101.1.1.7 2010.08.09 -
TheHacker 6.5.2.1.341 2010.08.10 -
TrendMicro 9.120.0.1004 2010.08.09 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.10 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.8.9.3978 2010.08.09 -
VirusBuster 5.0.27.0 2010.08.09 -

Additional information
File size: 619086 bytes
MD5...: e8297474f8754cf041f86c16f161cacc
SHA1..: 366e37fea9891de5d8575d04c5ef2100d381e068
SHA256: 2ba13174bffd065339e6c7cd825430fbaf8f602b44293eada9 0d2ba81f1792af
http://www.virustotal.com/analisis/2...2af-1281399149

File flash_player.exe received on 2010.08.10 00:12:37 (UTC)
Result: 3/42 (7.15%)

Antivirus Version Last Update Result
AhnLab-V3 2010.08.10.00 2010.08.09 -
AntiVir 8.2.4.34 2010.08.09 -
Antiy-AVL 2.0.3.7 2010.08.09 -
Authentium 5.2.0.5 2010.08.09 -
Avast 4.8.1351.0 2010.08.09 -
Avast5 5.0.332.0 2010.08.09 -
AVG 9.0.0.851 2010.08.09 -
BitDefender 7.2 2010.08.10 -
CAT-QuickHeal 11.00 2010.08.09 -
ClamAV 0.96.0.3-git 2010.08.09 -
Comodo 5700 2010.08.10 -
DrWeb 5.0.2.03300 2010.08.10 -
Emsisoft 5.0.0.36 2010.08.09 -
eSafe 7.0.17.0 2010.08.09 -
eTrust-Vet 36.1.7778 2010.08.09 -
F-Prot 4.6.1.107 2010.08.09 -
F-Secure 9.0.15370.0 2010.08.10 Suspicious:W32/Malware!Gemini
Fortinet 4.1.143.0 2010.08.09 -
GData 21 2010.08.10 -
Ikarus T3.1.1.87.0 2010.08.09 -
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.09 -
McAfee 5.400.0.1158 2010.08.10 -
McAfee-GW-Edition 2010.1 2010.08.09 -
Microsoft 1.6004 2010.08.09 -
NOD32 5353 2010.08.09 a variant of Win32/Injector.CMA
Norman 6.05.11 2010.08.09 -
nProtect 2010-08-09.02 2010.08.09 -
Panda 10.0.2.7 2010.08.09 -
PCTools 7.0.3.5 2010.08.09 -
Prevx 3.0 2010.08.10 -
Rising 22.60.00.04 2010.08.09 -
Sophos 4.56.0 2010.08.09 -
Sunbelt 6709 2010.08.10 Virtool.Win32.Vbinject.1 (v)
SUPERAntiSpyware 4.40.0.1006 2010.08.10 -
Symantec 20101.1.1.7 2010.08.09 -
TheHacker 6.5.2.1.341 2010.08.10 -
TrendMicro 9.120.0.1004 2010.08.09 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.10 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.8.9.3978 2010.08.09 -
VirusBuster 5.0.27.0 2010.08.09 -

Additional information
File size: 112448 bytes
MD5...: b7859c16428982587c5f4cf5f167180a
SHA1..: e17ab5180d752fc1596964068003b81437e8a265
SHA256: ebc49d82097a19c3e41aef6c75bb66379d8cf9ec84b8dae7bb 9ae8ccd12c2bb3
http://www.virustotal.com/analisis/e...bb3-1281399157

**Никита Соловьев** · 10.08.2010, 16:44

monoca32.exe

AhnLab-V3 2010.08.10.01 2010.08.10 Win-Trojan/Xema.variant
AntiVir 8.2.4.34 2010.08.10 -
Antiy-AVL 2.0.3.7 2010.08.10 -
Authentium 5.2.0.5 2010.08.10 -
Avast 4.8.1351.0 2010.08.10 Win32:Crypt-HCS
Avast5 5.0.332.0 2010.08.10 Win32:Crypt-HCS
AVG 9.0.0.851 2010.08.10 Agent2.BCCT
BitDefender 7.2 2010.08.10 Trojan.Generic.4544889
CAT-QuickHeal 11.00 2010.08.10 -
ClamAV 0.96.0.3-git 2010.08.10 -
Comodo 5706 2010.08.10 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.08.10 Trojan.Winlock.2282
Emsisoft 5.0.0.37 2010.08.10 Trojan-Ransom.Win32.DigiPog!IK
eSafe 7.0.17.0 2010.08.09 Win32.Bredolab.W
eTrust-Vet 36.1.7779 2010.08.10 -
F-Prot 4.6.1.107 2010.08.10 -
F-Secure 9.0.15370.0 2010.08.10 Trojan.Generic.4544889
Fortinet 4.1.143.0 2010.08.10 W32/DigiPog.WC!tr
GData 21 2010.08.10 Trojan.Generic.4544889
Ikarus T3.1.1.87.0 2010.08.10 Trojan-Ransom.Win32.DigiPog
Jiangmin 13.0.900 2010.08.10 Trojan/DigiPog.yd
Kaspersky 7.0.0.125 2010.08.10 Trojan-Ransom.Win32.DigiPog.wc
McAfee 5.400.0.1158 2010.08.10 Bredolab.gen.w
McAfee-GW-Edition 2010.1 2010.08.10 -
Microsoft 1.6004 2010.08.10 TrojanDownloader:Win32/Bredolab.AA
NOD32 5353 2010.08.10 a variant of Win32/Kryptik.FSL
Norman 6.05.11 2010.08.09 W32/Harnig.A!genr
nProtect 2010-08-10.01 2010.08.10 Trojan.Generic.4544889
Panda 10.0.2.7 2010.08.10 Trj/CI.A
PCTools 7.0.3.5 2010.08.10 Trojan.Gen
Prevx 3.0 2010.08.10 Medium Risk Malware Dropper
Rising 22.60.01.04 2010.08.10 -
Sophos 4.56.0 2010.08.10 Mal/FakeAV-EA
Sunbelt 6711 2010.08.10 Trojan.Win32.Generic.pak!cobra
SUPERAntiSpyware 4.40.0.1006 2010.08.10 Trojan.Agent/Gen-Faldesc
Symantec 20101.1.1.7 2010.08.10 Trojan.Gen
TheHacker 6.5.2.1.341 2010.08.10 Trojan/DigiPog.wc
TrendMicro 9.120.0.1004 2010.08.10 TROJ_BURNIX.SMEP
TrendMicro-HouseCall 9.120.0.1004 2010.08.10 TROJ_BURNIX.SMEP
VBA32 3.12.12.8 2010.08.10 TrojanRansom.DigiPog.wc
ViRobot 2010.8.9.3978 2010.08.10 -
VirusBuster 5.0.27.0 2010.08.09 Trojan.DigiPog.RI

**Vadim_SVN** · 12.08.2010, 14:54

OSAM в столбцах написал, что это Userinit и паблишер BitDefender

Код:

File name: avz00001.dta
Submission date: 2010-08-12 08:11:44 (UTC)
Result: 5/ 41 (12.2%)

AhnLab-V3	2010.08.12.00	2010.08.11	-
AntiVir	8.2.4.34	2010.08.11	-
Antiy-AVL	2.0.3.7	2010.08.11	-
Authentium	5.2.0.5	2010.08.12	-
Avast	4.8.1351.0	2010.08.11	-
Avast5	5.0.332.0	2010.08.11	-
AVG	9.0.0.851	2010.08.11	-
BitDefender	7.2	2010.08.12	-
CAT-QuickHeal	11.00	2010.08.12	(Suspicious) - DNAScan
ClamAV	0.96.0.3-git	2010.08.12	-
Comodo	5714	2010.08.11	-
DrWeb	5.0.2.03300	2010.08.12	-
Emsisoft	5.0.0.37	2010.08.12	-
eSafe	7.0.17.0	2010.08.11	-
eTrust-Vet	36.1.7784	2010.08.12	-
F-Prot	4.6.1.107	2010.08.12	-
F-Secure	9.0.15370.0	2010.08.12	-
Fortinet	4.1.143.0	2010.08.11	-
GData	21	2010.08.12	-
Ikarus	T3.1.1.88.0	2010.08.12	-
Jiangmin	13.0.900	2010.08.12	-
Kaspersky	7.0.0.125	2010.08.12	-
McAfee	5.400.0.1158	2010.08.12	-
McAfee-GW-Edition	2010.1	2010.08.12	-
Microsoft	1.6004	2010.08.12	-
NOD32	5358	2010.08.11	a variant of Win32/Kryptik.FYA
Norman	6.05.11	2010.08.12	-
nProtect	2010-08-12.03	2010.08.12	-
Panda	10.0.2.7	2010.08.11	Suspicious file
PCTools	7.0.3.5	2010.08.12	-
Rising	22.60.03.01	2010.08.12	-
Sophos	4.56.0	2010.08.12	-
Sunbelt	6721	2010.08.12	-
SUPERAntiSpyware	4.40.0.1006	2010.08.12	-
Symantec	20101.1.1.7	2010.08.12	-
TheHacker	6.5.2.1.343	2010.08.11	-
TrendMicro	9.120.0.1004	2010.08.12	TSPY_LOGSKIE.SMF
TrendMicro-HouseCall	9.120.0.1004	2010.08.12	TSPY_LOGSKIE.SMF
VBA32	3.12.14.0	2010.08.11	-
ViRobot	2010.8.9.3978	2010.08.12	-
VirusBuster	5.0.27.0	2010.08.11	-

Additional information
MD5   : 9af33e507415daf1d7961523d162899c
SHA1  : 85e60304a851098c2cd654f4b4339f0c54baaa5b
SHA256: 2acab996ea2c7f5c96853ca2386ef80137a2d6c127c26dc0bd758e40f7d4a8a3

Код:

File name: avz00002.dta
Submission date: 2010-08-12 08:12:43 (UTC)
Result: 7/ 42 (16.7%)

AhnLab-V3	2010.08.12.00	2010.08.11	-
AntiVir	8.2.4.34	2010.08.11	-
Antiy-AVL	2.0.3.7	2010.08.11	-
Authentium	5.2.0.5	2010.08.12	-
Avast	4.8.1351.0	2010.08.11	-
Avast5	5.0.332.0	2010.08.11	-
AVG	9.0.0.851	2010.08.11	-
BitDefender	7.2	2010.08.12	-
CAT-QuickHeal	11.00	2010.08.12	(Suspicious) - DNAScan
ClamAV	0.96.0.3-git	2010.08.12	-
Comodo	5714	2010.08.11	TrojWare.Win32.Trojan.Agent.Gen
DrWeb	5.0.2.03300	2010.08.12	-
Emsisoft	5.0.0.37	2010.08.12	-
eSafe	7.0.17.0	2010.08.11	-
eTrust-Vet	36.1.7784	2010.08.12	-
F-Prot	4.6.1.107	2010.08.12	-
F-Secure	9.0.15370.0	2010.08.12	-
Fortinet	4.1.143.0	2010.08.11	-
GData	21	2010.08.12	-
Ikarus	T3.1.1.88.0	2010.08.12	-
Jiangmin	13.0.900	2010.08.12	-
Kaspersky	7.0.0.125	2010.08.12	-
McAfee	5.400.0.1158	2010.08.12	-
McAfee-GW-Edition	2010.1	2010.08.12	-
Microsoft	1.6004	2010.08.12	Trojan:Win32/Meredrop
NOD32	5358	2010.08.11	a variant of Win32/Kryptik.FYA
Norman	6.05.11	2010.08.12	-
nProtect	2010-08-12.03	2010.08.12	-
Panda	10.0.2.7	2010.08.11	Suspicious file
PCTools	7.0.3.5	2010.08.12	-
Prevx	3.0	2010.08.12	-
Rising	22.60.03.01	2010.08.12	-
Sophos	4.56.0	2010.08.12	-
Sunbelt	6721	2010.08.12	-
SUPERAntiSpyware	4.40.0.1006	2010.08.12	-
Symantec	20101.1.1.7	2010.08.12	-
TheHacker	6.5.2.1.343	2010.08.11	-
TrendMicro	9.120.0.1004	2010.08.12	TSPY_LOGSKIE.SMF
TrendMicro-HouseCall	9.120.0.1004	2010.08.12	TSPY_LOGSKIE.SMF
VBA32	3.12.14.0	2010.08.11	-
ViRobot	2010.8.9.3978	2010.08.12	-
VirusBuster	5.0.27.0	2010.08.11	-

Additional information
MD5   : ea368e1bf69a029e3433b354999e1c16
SHA1  : e8b74ee8584f63e4cc754297e7661d72de9e2298
SHA256: 07a1a9d51d74d0377c06140a2d8102507aa9071c37bac53d257799059e058f68

Сэмплы ушли Вебу и Касперу

Добавлено через 2 часа 14 минут

Уже проверены

Alexey Gashkin - Virus Monitoring Service Doctor Web Ltd.
avz00001.dta - Угроза: Trojan.PWS.Ibank.109
avz00002.dta - Угроза: BackDoor.Siggen.25748

**Nexus** · 15.08.2010, 15:01

Выловил monoca32.exe

File name:
avz00001.dta
Submission date:
2010-08-15 10:38:10 (UTC)
Result:
15/ 42 (35.7%)

AhnLab-V3 2010.08.15.01 2010.08.15 Win-Trojan/Bredolab.55808
AntiVir 8.2.4.34 2010.08.13 -
Antiy-AVL 2.0.3.7 2010.08.11 -
Authentium 5.2.0.5 2010.08.14 -
Avast 4.8.1351.0 2010.08.14 Win32:Crypt-HIB
Avast5 5.0.332.0 2010.08.14 Win32:Crypt-HIB
AVG 9.0.0.851 2010.08.15 -
BitDefender 7.2 2010.08.15 Gen:Variant.Ursnif.20
CAT-QuickHeal 11.00 2010.08.14 Win32.Packed.Krap.ao.7
ClamAV 0.96.0.3-git 2010.08.15 -
Comodo 5746 2010.08.15 -
DrWeb 5.0.2.03300 2010.08.15 -
Emsisoft 5.0.0.37 2010.08.15 -
eSafe 7.0.17.0 2010.08.12 -
eTrust-Vet 36.1.7790 2010.08.13 -
F-Prot 4.6.1.107 2010.08.14 -
F-Secure 9.0.15370.0 2010.08.15 -
Fortinet 4.1.143.0 2010.08.15 -
GData 21 2010.08.15 Gen:Variant.Ursnif.20
Ikarus T3.1.1.88.0 2010.08.15 -
Jiangmin 13.0.900 2010.08.15 -
Kaspersky 7.0.0.125 2010.08.15 -
McAfee 5.400.0.1158 2010.08.15 Downloader-BZI.gen.a
McAfee-GW-Edition 2010.1 2010.08.14 -
Microsoft 1.6004 2010.08.15 -
NOD32 5367 2010.08.14 a variant of Win32/Kryptik.FZR
Norman 6.05.11 2010.08.14 -
nProtect 2010-08-15.01 2010.08.15 Gen:Variant.Ursnif.20
Panda 10.0.2.7 2010.08.14 -
PCTools 7.0.3.5 2010.08.15 Downloader.Harnig
Prevx 3.0 2010.08.15 Medium Risk Malware
Rising 22.60.06.04 2010.08.15 -
Sophos 4.56.0 2010.08.15 -
Sunbelt 6735 2010.08.15 Trojan.Win32.Generic.pak!cobra
SUPERAntiSpyware 4.40.0.1006 2010.08.15 -
Symantec 20101.1.1.7 2010.08.15 Downloader.Harnig!gen1
TheHacker 6.5.2.1.348 2010.08.14 -
TrendMicro 9.120.0.1004 2010.08.15 TROJ_BURNIX.SMEP
TrendMicro-HouseCall 9.120.0.1004 2010.08.15 TROJ_BURNIX.SMEP
VBA32 3.12.14.0 2010.08.13 -
ViRobot 2010.8.9.3978 2010.08.14 -
VirusBuster 5.0.27.0 2010.08.14 -

**kvit** · 16.08.2010, 15:47

Код:

Antivirus	Version	Last Update	Result
AhnLab-V3	2010.08.16.02	2010.08.16	Malware/Win32.Generic
AntiVir	8.2.4.34	2010.08.16	-
Antiy-AVL	2.0.3.7	2010.08.16	-
Authentium	5.2.0.5	2010.08.16	W32/Infostealer.A!Maximus
Avast	4.8.1351.0	2010.08.15	-
Avast5	5.0.332.0	2010.08.15	-
AVG	9.0.0.851	2010.08.16	-
BitDefender	7.2	2010.08.16	DeepScan:Generic.Malware.FPPkTkg.7388E5A8
CAT-QuickHeal	11.00	2010.08.16	-
ClamAV	0.96.0.3-git	2010.08.16	-
Comodo	5758	2010.08.16	-
DrWeb	5.0.2.03300	2010.08.16	-
eSafe	7.0.17.0	2010.08.15	-
eTrust-Vet	36.1.7793	2010.08.16	-
F-Prot	4.6.1.107	2010.08.16	W32/Infostealer.A!Maximus
F-Secure	9.0.15370.0	2010.08.16	DeepScan:Generic.Malware.FPPkTkg.7388E5A8
Fortinet	4.1.143.0	2010.08.16	-
GData	21	2010.08.16	DeepScan:Generic.Malware.FPPkTkg.7388E5A8
Ikarus	T3.1.1.88.0	2010.08.16	Win32.SuspectCrc
Jiangmin	13.0.900	2010.08.16	-
Kaspersky	7.0.0.125	2010.08.16	-
McAfee	5.400.0.1158	2010.08.16	-
McAfee-GW-Edition	2010.1	2010.08.16	-
Microsoft	1.6004	2010.08.16	-
NOD32	5369	2010.08.16	-
Norman	6.05.11	2010.08.15	-
nProtect	2010-08-16.01	2010.08.16	-
Panda	10.0.2.7	2010.08.15	Suspicious file
PCTools	7.0.3.5	2010.08.16	-
Prevx	3.0	2010.08.16	-
Rising	22.61.00.04	2010.08.16	-
Sophos	4.56.0	2010.08.16	-
Sunbelt	6740	2010.08.16	Trojan.Win32.Generic!BT
SUPERAntiSpyware	4.40.0.1006	2010.08.16	-
Symantec	20101.1.1.7	2010.08.16	-
TheHacker	6.5.2.1.349	2010.08.16	-
TrendMicro	9.120.0.1004	2010.08.16	-
TrendMicro-HouseCall	9.120.0.1004	2010.08.16	-
VBA32	3.12.14.0	2010.08.13	-
ViRobot	2010.8.16.3990	2010.08.16	-
VirusBuster	5.0.27.0	2010.08.15	-

Код:

Additional informationShow all
MD5   : 058ebc415a27694b7cff3093cfaf2f4a
SHA1  : b0f3ccd65414853eb120b01e1ad7fbf25fc59690
SHA256: 41e19d03853208caec30a3c6c9bffa038e6b03f0a021b24bbac092dbdbff788c

**grobik** · 20.08.2010, 08:00

File name: nyik.exe
Submission date: 2010-08-20 00:18:41 (UTC)
Current status: finished

Result: 9/ 41 (22.0%)

Antivirus Version Last Update Result
AhnLab-V3 2010.08.20.00 2010.08.19 -
AntiVir 8.2.4.38 2010.08.19 -
Antiy-AVL 2.0.3.7 2010.08.16 -
Authentium 5.2.0.5 2010.08.20 W32/Skintrim.1!Generic
Avast 4.8.1351.0 2010.08.19 -
Avast5 5.0.332.0 2010.08.19 -
AVG 9.0.0.851 2010.08.19 -
BitDefender 7.2 2010.08.20 -
CAT-QuickHeal 11.00 2010.08.19 -
ClamAV 0.96.2.0-git 2010.08.20 -
Comodo 5788 2010.08.20 -
DrWeb 5.0.2.03300 2010.08.20 Trojan.PWS.Panda.387
Emsisoft 5.0.0.37 2010.08.20 -
eSafe 7.0.17.0 2010.08.19 -
eTrust-Vet 36.1.7801 2010.08.19 -
F-Prot 4.6.1.107 2010.08.19 W32/Skintrim.1!Generic
F-Secure 9.0.15370.0 2010.08.20 Trojan-Spy:W32/Zbot.AHGN
Fortinet 4.1.143.0 2010.08.19 -
GData 21 2010.08.20 -
Ikarus T3.1.1.88.0 2010.08.20 -
Jiangmin 13.0.900 2010.08.19 -
Kaspersky 7.0.0.125 2010.08.20 -
McAfee 5.400.0.1158 2010.08.20 -
Microsoft 1.6103 2010.08.20 PWS:Win32/Zbot.gen!Y
NOD32 5380 2010.08.19 a variant of Win32/Kryptik.GDT
Norman 6.05.11 2010.08.19 -
nProtect 2010-08-19.01 2010.08.19 -
Panda 10.0.2.7 2010.08.19 -
PCTools 7.0.3.5 2010.08.20 -
Prevx 3.0 2010.08.20 Medium Risk Malware
Rising 22.61.03.04 2010.08.19 -
Sophos 4.56.0 2010.08.20 Mal/Zbot-U
Sunbelt 6763 2010.08.20 -
SUPERAntiSpyware 4.40.0.1006 2010.08.20 Trojan.Agent/Gen-Faldesc
Symantec 20101.1.1.7 2010.08.20 -
TheHacker 6.5.2.1.351 2010.08.19 -
TrendMicro 9.120.0.1004 2010.08.19 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.20 -
VBA32 3.12.14.0 2010.08.20 -
ViRobot 2010.8.16.3990 2010.08.19 -
VirusBuster 5.0.27.0 2010.08.19 -

MD5 : af4c670a44086fb04d8bbd8d7cec3878
SHA1 : fd4e4077d2e17c7914a47e8a7bc63b4580aa8950
SHA256: 562992f1e18e5fb36f969ec9d1201449d6bdbe0c01a0e6aff6 8f30be699c5bf2
ssdeep: 3072:DFGKdZNPH53dJpakeOiZTdrk+C7riQtyXmiiuCYL31mf3 QCoGz:Nf5rpake1A7riQQ7nCY
zgvj

File size : 150528 bytes
First seen: 2010-08-20 00:18:41
Last seen : 2010-08-20 00:18:41
http://www.virustotal.com/file-scan/...bf2-1282263521

в автозапуске

Исследование антивирусов 7

Опции темы

Похожие темы

Исследование антивирусов 6

Исследование антивирусов 5

Исследование антивирусов 4

Исследование антивирусов 3

Исследование антивирусов 2

Метки для этой темы

Ваши права в разделе