Исследование антивирусов 3

**Alexey P.** · 10.06.2006, 03:07

Complete scanning result of "kpem.sys", received in VirusTotal at 06.10.2006, 00:56:15 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.10 06.09.2006 TR/Click.Aplugi.D.3
Authentium 4.93.8 06.09.2006 no virus found
Avast 4.7.844.0 06.09.2006 no virus found
AVG 386 06.09.2006 no virus found
BitDefender 7.2 06.10.2006 Trojan.Duganss.A
CAT-QuickHeal 8.00 06.09.2006 no virus found
ClamAV devel-20060426 06.09.2006 no virus found
DrWeb 4.33 06.09.2006 Trojan.DownLoader.4177
eTrust-InoculateIT 23.72.33 06.10.2006 no virus found
eTrust-Vet 12.6.2250 06.09.2006 no virus found
Ewido 3.5 06.09.2006 Downloader.Small
Fortinet 2.77.0.0 06.09.2006 no virus found
F-Prot 3.16f 06.09.2006 no virus found
Ikarus 0.2.65.0 06.09.2006 no virus found
Kaspersky 4.0.2.24 06.09.2006 no virus found
McAfee 4781 06.09.2006 no virus found
Microsoft 1.1441 06.09.2006 no virus found
NOD32v2 1.1589 06.09.2006 no virus found
Norman 5.90.21 06.09.2006 W32/DLoader.TKL
Panda 9.0.0.4 06.09.2006 Trj/Downloader.IJC
Sophos 4.06.0 06.10.2006 no virus found
Symantec 8.0 06.09.2006 Trojan.Duganss
TheHacker 5.9.8.156 06.08.2006 no virus found
UNA 1.83 06.09.2006 no virus found
VBA32 3.11.0 06.09.2006 Trojan.DownLoader.4177

Complete scanning result of "msbd32.dll", received in VirusTotal at 06.10.2006, 01:00:52 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.10 06.09.2006 TR/Click.Aplugi.D.1
Authentium 4.93.8 06.09.2006 no virus found
Avast 4.7.844.0 06.09.2006 no virus found
AVG 386 06.09.2006 no virus found
BitDefender 7.2 06.10.2006 no virus found
CAT-QuickHeal 8.00 06.09.2006 no virus found
ClamAV devel-20060426 06.09.2006 no virus found
DrWeb 4.33 06.09.2006 Trojan.DownLoader.8595
eTrust-InoculateIT 23.72.33 06.10.2006 no virus found
eTrust-Vet 12.6.2250 06.09.2006 no virus found
Ewido 3.5 06.09.2006 no virus found
Fortinet 2.77.0.0 06.09.2006 no virus found
F-Prot 3.16f 06.09.2006 no virus found
Ikarus 0.2.65.0 06.09.2006 Trojan.Win32.Agent.HA
Kaspersky 4.0.2.24 06.09.2006 no virus found
McAfee 4781 06.09.2006 Spy-Agent.n
Microsoft 1.1441 06.09.2006 no virus found
NOD32v2 1.1589 06.09.2006 no virus found
Norman 5.90.21 06.09.2006 no virus found
Panda 9.0.0.4 06.09.2006 Trj/Downloader.IJC
Sophos 4.06.0 06.10.2006 no virus found
Symantec 8.0 06.09.2006 no virus found
TheHacker 5.9.8.156 06.08.2006 no virus found
UNA 1.83 06.09.2006 no virus found
VBA32 3.11.0 06.09.2006 suspected of Trojan.Agent.52

ЗЫ: Не, я симсов потихоньку начинаю уважать. Могут ведь, если захотят (это я и о первом файле, который по у них Trojan.Duganss, и вообще по проверкам за последние пару недель).

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**drongo** · 10.06.2006, 13:15

STATUS: FINISHEDComplete scanning result of "super-porn-video.zip", received in VirusTotal at 06.10.2006, 11:11:55 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.10 06.10.2006 TR/Dldr.Dadobra.CF.2
Authentium 4.93.8 06.09.2006 no virus found
Avast 4.7.844.0 06.09.2006 no virus found
AVG 386 06.09.2006 Downloader.Generic2.AQW
BitDefender 7.2 06.10.2006 Trojan.Downloader.OC
CAT-QuickHeal 8.00 06.09.2006 no virus found
ClamAV devel-20060426 06.09.2006 no virus found
DrWeb 4.33 06.09.2006 Trojan.DownLoader.10144
eTrust-InoculateIT 23.72.33 06.10.2006 no virus found
eTrust-Vet 12.6.2250 06.09.2006 no virus found
Ewido 3.5 06.09.2006 Downloader.Dadobra.cf
Fortinet 2.77.0.0 06.09.2006 W32/Dadobra.CF!tr.dldr
F-Prot 3.16f 06.09.2006 no virus found
Ikarus 0.2.65.0 06.09.2006 Trojan-Downloader.Win32.Dadobra.DD
Kaspersky 4.0.2.24 06.10.2006 Trojan-Downloader.Win32.Dadobra.cf
McAfee 4781 06.09.2006 no virus found
Microsoft 1.1441 06.10.2006 no virus found
NOD32v2 1.1590 06.10.2006 probably unknown NewHeur_PE virus
Norman 5.90.21 06.09.2006 W32/Dadobra.AOY
Panda 9.0.0.4 06.09.2006 Trj/SexDownload.C
Sophos 4.06.0 06.10.2006 no virus found
Symantec 8.0 06.10.2006 no virus found
TheHacker 5.9.8.157 06.10.2006 Trojan/Downloader.Dadobra.cf
UNA 1.83 06.09.2006 TrojanDownloader.Win32.Dadobra
VBA32 3.11.0 06.09.2006 Trojan-Downloader.Win32.Dadobra.cf

**Alexey P.** · 10.06.2006, 18:03

Complete scanning result of "spoolsvv.exe", received in VirusTotal at 06.10.2006, 16:02:25 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.10 06.10.2006 TR/Crypt.F.Gen
Authentium 4.93.8 06.09.2006 no virus found
Avast 4.7.844.0 06.09.2006 no virus found
AVG 386 06.09.2006 no virus found
BitDefender 7.2 06.10.2006 Trojan.Proxy.Agent.HW
CAT-QuickHeal 8.00 06.10.2006 no virus found
ClamAV devel-20060426 06.09.2006 no virus found
DrWeb 4.33 06.10.2006 Trojan.Spambot
eTrust-InoculateIT 23.72.33 06.10.2006 no virus found
eTrust-Vet 12.6.2250 06.09.2006 Win32/Vxidl!generic
Ewido 3.5 06.10.2006 no virus found
Fortinet 2.77.0.0 06.09.2006 no virus found
F-Prot 3.16f 06.09.2006 no virus found
Ikarus 0.2.65.0 06.09.2006 no virus found
Kaspersky 4.0.2.24 06.10.2006 no virus found
McAfee 4781 06.09.2006 no virus found
Microsoft 1.1441 06.10.2006 no virus found
NOD32v2 1.1591 06.10.2006 probably unknown NewHeur_PE virus
Norman 5.90.21 06.09.2006 no virus found
Panda 9.0.0.4 06.10.2006 Suspicious file
Sophos 4.06.0 06.10.2006 no virus found
Symantec 8.0 06.10.2006 Bloodhound.Tibs
TheHacker 5.9.8.157 06.10.2006 no virus found
UNA 1.83 06.09.2006 no virus found
VBA32 3.11.0 06.09.2006 no virus found

**MOCT** · 10.06.2006, 18:51

Complete scanning result of "NvVid.exe", received in VirusTotal at 06.10.2006, 16:32:09 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.10 06.10.2006 Heuristic/Win32.Virus.HLLP
Authentium 4.93.8 06.09.2006 could be infected with an unknown virus
Avast 4.7.844.0 06.09.2006 no virus found
AVG 386 06.09.2006 no virus found
BitDefender 7.2 06.10.2006 no virus found
CAT-QuickHeal 8.00 06.10.2006 no virus found
ClamAV devel-20060426 06.09.2006 no virus found
DrWeb 4.33 06.10.2006 no virus found
eTrust-InoculateIT 23.72.33 06.10.2006 Win32/Unknown!Trojan
eTrust-Vet 12.6.2250 06.09.2006 no virus found
Ewido 3.5 06.10.2006 no virus found
Fortinet 2.77.0.0 06.09.2006 no virus found
F-Prot 3.16f 06.09.2006 could be infected with an unknown virus
Ikarus 0.2.65.0 06.09.2006 no virus found
Kaspersky 4.0.2.24 06.10.2006 no virus found
McAfee 4781 06.09.2006 no virus found
Microsoft 1.1441 06.10.2006 no virus found
NOD32v2 1.1591 06.10.2006 probably unknown NewHeur_PE virus
Norman 5.90.21 06.09.2006 W32/Haxdoor.SL.dropper
Panda 9.0.0.4 06.10.2006 Suspicious file
Sophos 4.06.0 06.10.2006 no virus found
Symantec 8.0 06.10.2006 no virus found
TheHacker 5.9.8.157 06.10.2006 no virus found
UNA 1.83 06.09.2006 no virus found
VBA32 3.11.0 06.09.2006 no virus found

Aditional Information
File size: 57422 bytes
MD5: ad5af3cdb03a903e96fcea1a964c8fc7
SHA1: 30b18fbcf5e242f06656856f550894b35cba9ad8
Norman SandBox:
[ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* File might be compressed.
* Decompressing Unk3!FSG?.
* File length: 57422 bytes.
[ Changes to filesystem ]
* Creates file C:TEMP mp107.tmp.
* Creates file C:TEMPlack.gif.
[ Process/window information ]
* Creates a mutex NvVideoCenter.
[ Signature Scanning ]
* C:TEMP mp107.tmp (52814 bytes) : no signature detection.
* C:TEMPlack.gif (50254 bytes) : W32/Haxdoor.SL.

================================================== ==================
Complete scanning result of "tmpf00.exe", received in VirusTotal at 06.10.2006, 16:35:40 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.10 06.10.2006 no virus found
Authentium 4.93.8 06.09.2006 no virus found
Avast 4.7.844.0 06.09.2006 no virus found
AVG 386 06.09.2006 no virus found
BitDefender 7.2 06.10.2006 no virus found
CAT-QuickHeal 8.00 06.10.2006 no virus found
ClamAV devel-20060426 06.09.2006 no virus found
DrWeb 4.33 06.10.2006 no virus found
eTrust-InoculateIT 23.72.33 06.10.2006 no virus found
eTrust-Vet 12.6.2250 06.09.2006 no virus found
Ewido 3.5 06.10.2006 no virus found
Fortinet 2.77.0.0 06.09.2006 no virus found
F-Prot 3.16f 06.09.2006 no virus found
Ikarus 0.2.65.0 06.09.2006 no virus found
Kaspersky 4.0.2.24 06.10.2006 no virus found
McAfee 4781 06.09.2006 no virus found
Microsoft 1.1441 06.10.2006 no virus found
NOD32v2 1.1591 06.10.2006 a variant of Win32/Haxdoor
Norman 5.90.21 06.09.2006 W32/Haxdoor.SL.dropper
Panda 9.0.0.4 06.10.2006 Suspicious file
Sophos 4.06.0 06.10.2006 no virus found
Symantec 8.0 06.10.2006 no virus found
TheHacker 5.9.8.157 06.10.2006 no virus found
UNA 1.83 06.09.2006 no virus found
VBA32 3.11.0 06.09.2006 suspected of Trojan-Dropper.Microjoin.2

Aditional Information
File size: 52814 bytes
MD5: 81050798e6e16a08838fcc32012b0ef6
SHA1: 3d29bad224866e935d558ea7b005e31bab139c2d
Norman SandBox:
[ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* File might be compressed.
* Decompressing Unk3!FSG?.
* File length: 52814 bytes.
[ Changes to filesystem ]
* Creates file C:TEMPlack.gif.
[ Signature Scanning ]
* C:TEMPlack.gif (50254 bytes) : W32/Haxdoor.SL.
================================================== ==================
Complete scanning result of "vbsys2.dll", received in VirusTotal at 06.10.2006, 16:37:58 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.10 06.10.2006 TR/Click.Agent.AC
Authentium 4.93.8 06.09.2006 W32/Trojan.CHU
Avast 4.7.844.0 06.09.2006 no virus found
AVG 386 06.09.2006 Clicker.BZK
BitDefender 7.2 06.10.2006 no virus found
CAT-QuickHeal 8.00 06.10.2006 no virus found
ClamAV devel-20060426 06.09.2006 no virus found
DrWeb 4.33 06.10.2006 Trojan.Click.1127
eTrust-InoculateIT 23.72.33 06.10.2006 no virus found
eTrust-Vet 12.6.2250 06.09.2006 Win32/Pomelo!generic
Ewido 3.5 06.10.2006 Hijacker.Agent.ac
Fortinet 2.77.0.0 06.09.2006 Adware/Agent!018
F-Prot 3.16f 06.09.2006 destructive program named W32/Trojan.CHU
Ikarus 0.2.65.0 06.09.2006 Trojan-Clicker.Win32.Agent.ac
Kaspersky 4.0.2.24 06.10.2006 Trojan-Clicker.Win32.Agent.ac
McAfee 4781 06.09.2006 no virus found
Microsoft 1.1441 06.10.2006 no virus found
NOD32v2 1.1591 06.10.2006 no virus found
Norman 5.90.21 06.09.2006 W32/Agent.ZTW
Panda 9.0.0.4 06.10.2006 Suspicious file
Sophos 4.06.0 06.10.2006 no virus found
Symantec 8.0 06.10.2006 no virus found
TheHacker 5.9.8.157 06.10.2006 no virus found
UNA 1.83 06.09.2006 TrojanClicker.Win32.Agent
VBA32 3.11.0 06.09.2006 Trojan-Clicker.Win32.Agent.ac

Aditional Information
File size: 90112 bytes

================================================== ==================
Complete scanning result of "vinm32.dll", received in VirusTotal at 06.10.2006, 16:39:55 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.10 06.10.2006 Heuristic/Backdoor.Injector
Authentium 4.93.8 06.09.2006 no virus found
Avast 4.7.844.0 06.09.2006 Win32:Haxdoor-BW
AVG 386 06.09.2006 BackDoor.Generic2.JNB
BitDefender 7.2 06.10.2006 Backdoor.Haxdoor.GB
CAT-QuickHeal 8.00 06.10.2006 no virus found
ClamAV devel-20060426 06.09.2006 no virus found
DrWeb 4.33 06.10.2006 BackDoor.Haxdoor.195
eTrust-InoculateIT 23.72.33 06.10.2006 Win32/Haxdoor.Variant!HookDLL!Tr
eTrust-Vet 12.6.2250 06.09.2006 Win32/Haxdoor!generic
Ewido 3.5 06.10.2006 Backdoor.Haxdoor.gb
Fortinet 2.77.0.0 06.09.2006 suspicious
F-Prot 3.16f 06.09.2006 no virus found
Ikarus 0.2.65.0 06.09.2006 Backdoor.Win32.Haxdoor.gb
Kaspersky 4.0.2.24 06.10.2006 Backdoor.Win32.Haxdoor.gb
McAfee 4781 06.09.2006 BackDoor-BAC.dll
Microsoft 1.1441 06.10.2006 no virus found
NOD32v2 1.1591 06.10.2006 a variant of Win32/Haxdoor
Norman 5.90.21 06.09.2006 no virus found
Panda 9.0.0.4 06.10.2006 Bck/Haxdoor.GP
Sophos 4.06.0 06.10.2006 Troj/Haxdor-Fam
Symantec 8.0 06.10.2006 no virus found
TheHacker 5.9.8.157 06.10.2006 no virus found
UNA 1.83 06.09.2006 Backdoor.Haxdoor
VBA32 3.11.0 06.09.2006 suspected of Trojan-PSW.LdPinch.9

Aditional Information
File size: 34898 bytes
MD5: 6bbfca49575aa2fc7e2ea5de511e7ee4
SHA1: d44d2ec7e4a738a5188f996d4907b8fd5eb2dbe1
================================================== ==================
Complete scanning result of "winm32.sys", received in VirusTotal at 06.10.2006, 16:43:12 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.10 06.10.2006 no virus found
Authentium 4.93.8 06.09.2006 no virus found
Avast 4.7.844.0 06.09.2006 no virus found
AVG 386 06.09.2006 BackDoor.Generic2.FZB
BitDefender 7.2 06.10.2006 no virus found
CAT-QuickHeal 8.00 06.10.2006 no virus found
ClamAV devel-20060426 06.09.2006 Trojan.Haxdoor.E
DrWeb 4.33 06.10.2006 BackDoor.Haxdoor.195
eTrust-InoculateIT 23.72.33 06.10.2006 Win32/Haxdoor.Variant!Sys!Trojan
eTrust-Vet 12.6.2250 06.09.2006 Win32/Haxdoor!generic
Ewido 3.5 06.10.2006 Backdoor.Haxdoor.gb
Fortinet 2.77.0.0 06.09.2006 no virus found
F-Prot 3.16f 06.09.2006 no virus found
Ikarus 0.2.65.0 06.09.2006 no virus found
Kaspersky 4.0.2.24 06.10.2006 Backdoor.Win32.Haxdoor.gb
McAfee 4781 06.09.2006 BackDoor-BAC.gen
Microsoft 1.1441 06.10.2006 no virus found
NOD32v2 1.1591 06.10.2006 Win32/Haxdoor
Norman 5.90.21 06.09.2006 no virus found
Panda 9.0.0.4 06.10.2006 no virus found
Sophos 4.06.0 06.10.2006 Troj/Haxdor-Fam
Symantec 8.0 06.10.2006 no virus found
TheHacker 5.9.8.157 06.10.2006 no virus found
UNA 1.83 06.09.2006 no virus found
VBA32 3.11.0 06.09.2006 no virus found

Aditional Information
File size: 4096 bytes
MD5: dd7bd671f980d9b5b2c94ec675db71e9
SHA1: eae5f42942e976b5dcc540c4a98ee378e85a2f7b
================================================== ==================
Complete scanning result of "winm64.sys", received in VirusTotal at 06.10.2006, 16:46:50 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.10 06.10.2006 no virus found
Authentium 4.93.8 06.09.2006 no virus found
Avast 4.7.844.0 06.09.2006 Win32:Haxdoor-BJ
AVG 386 06.09.2006 BackDoor.Generic2.QQE
BitDefender 7.2 06.10.2006 no virus found
CAT-QuickHeal 8.00 06.10.2006 no virus found
ClamAV devel-20060426 06.09.2006 Trojan.Haxdoor.F
DrWeb 4.33 06.10.2006 BackDoor.Haxdoor.195
eTrust-InoculateIT 23.72.33 06.10.2006 Win32/Haxdoor.Variant!Sys!Trojan
eTrust-Vet 12.6.2250 06.09.2006 Win32/Haxdoor!generic
Ewido 3.5 06.10.2006 Backdoor.Haxdoor.gb
Fortinet 2.77.0.0 06.09.2006 no virus found
F-Prot 3.16f 06.09.2006 no virus found
Ikarus 0.2.65.0 06.09.2006 no virus found
Kaspersky 4.0.2.24 06.10.2006 Backdoor.Win32.Haxdoor.gb
McAfee 4781 06.09.2006 BackDoor-BAC.gen
Microsoft 1.1441 06.10.2006 no virus found
NOD32v2 1.1591 06.10.2006 a variant of Win32/Haxdoor
Norman 5.90.21 06.09.2006 no virus found
Panda 9.0.0.4 06.10.2006 no virus found
Sophos 4.06.0 06.10.2006 Troj/Haxdor-Fam
Symantec 8.0 06.10.2006 Trojan.Goldun
TheHacker 5.9.8.157 06.10.2006 no virus found
UNA 1.83 06.09.2006 Trojan.Spy.Haxdoor
VBA32 3.11.0 06.09.2006 suspected of Trojan-Downloader.Agent.83

Aditional Information
File size: 17040 bytes
MD5: 56b259b7a0a88ad7cbc62c455558828d
SHA1: 2c9da26e9fa54bc20224c2f071422923ac81ef28

**Shu_b** · 11.06.2006, 00:47

ну вы блин даёте.... (:

**MOCT** · 11.06.2006, 01:12

Сообщение от Shu_b

ну вы блин даёте.... (:

в каком таком смысле? :-)
кстати, а где же новые игроки в рейтинге? Мелкософт и т.п.

**Shu_b** · 11.06.2006, 08:57

Сообщение от MOCT

в каком таком смысле? :-)

Да вот, прорвало вас... :-)

Сообщение от MOCT

кстати, а где же новые игроки в рейтинге? Мелкософт и т.п.

В следующей версии теста.

**Alexey P.** · 11.06.2006, 14:01

Сообщение от MOCT

кстати, а где же новые игроки в рейтинге? Мелкософт и т.п.

А что толку с почти нулевых значений. Кроме широко известной классики - ничего, увы.
Authentium частенько криптованные файлы считает битыми. Наивный.

**MOCT** · 11.06.2006, 17:16

Сообщение от Alexey P.

А что толку с почти нулевых значений. Кроме широко известной классики - ничего, увы.

отрицательный результат - тоже результат

Сообщение от Alexey P.

Authentium частенько криптованные файлы считает битыми. Наивный.

он наверно формат PE по стандарту рассматривает, а там куча отхождений от эталона может быть

**Синауридзе Александр** · 12.06.2006, 00:38

Complete scanning result of "mp3_player.exe", received in VirusTotal at 06.11.2006, 22:34:43 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.10 06.10.2006 no virus found
Authentium 4.93.8 06.09.2006 no virus found
Avast 4.7.844.0 06.09.2006 no virus found
AVG 386 06.11.2006 no virus found
BitDefender 7.2 06.11.2006 no virus found
CAT-QuickHeal 8.00 06.10.2006 no virus found
ClamAV devel-20060426 06.11.2006 no virus found
DrWeb 4.33 06.11.2006 no virus found
eTrust-InoculateIT 23.72.34 06.11.2006 no virus found
eTrust-Vet 12.6.2250 06.09.2006 no virus found
Ewido 3.5 06.11.2006 no virus found
Fortinet 2.77.0.0 06.11.2006 suspicious
F-Prot 3.16f 06.09.2006 no virus found
Ikarus 0.2.65.0 06.09.2006 no virus found
Kaspersky 4.0.2.24 06.11.2006 no virus found
McAfee 4781 06.09.2006 no virus found
Microsoft 1.1441 06.11.2006 no virus found
NOD32v2 1.1592 06.11.2006 no virus found
Norman 5.90.21 06.09.2006 no virus found
Panda 9.0.0.4 06.11.2006 no virus found
Sophos 4.06.0 06.11.2006 no virus found
Symantec 8.0 06.11.2006 no virus found
TheHacker 5.9.8.157 06.10.2006 no virus found
UNA 1.83 06.09.2006 TrojanDownloader.Win32.Banload
VBA32 3.11.0 06.11.2006 no virus found

Aditional Information
File size: 577311 bytes
MD5: 73f9e27c39cf8852d95005c6dd956e81
SHA1: 4b15178cfdefd436c39eb2f7abca3cd3345059b3

**Terry** · 12.06.2006, 14:36

Сообщение от Синауридзе Александр

Complete scanning result of "mp3_player.exe", received in VirusTotal at 06.11.2006, 22:34:43 (CET

Гмм... плиз файлик в студию ( на [email protected] в архиве с паролем, с пометкой в теме FALSE ), слишком мы подозрительно одиноки в детектировании этого файла

Спасибо за сотрудничество!

**Синауридзе Александр** · 12.06.2006, 20:29

Сообщение от Terry

Гмм... плиз файлик в студию ( на [email protected] в архиве с паролем, с пометкой в теме FALSE ), слишком мы подозрительно одиноки в детектировании этого файла

Спасибо за сотрудничество!

Привет!
Файл обязательно отправлю. Не вопрос.

**MedvedD** · 13.06.2006, 12:03

STATUS: FINISHEDComplete scanning result of "SFR2.exe", received in VirusTotal at 06.13.2006, 09:55:04 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.10 06.13.2006 no virus found
Authentium 4.93.8 06.12.2006 no virus found
Avast 4.7.844.0 06.11.2006 no virus found
AVG 386 06.12.2006 no virus found
BitDefender 7.2 06.13.2006 no virus found
CAT-QuickHeal 8.00 06.12.2006 no virus found
ClamAV devel-20060426 06.12.2006 no virus found
DrWeb 4.33 06.13.2006 Trojan.MulDrop.1025
eTrust-InoculateIT 23.72.35 06.13.2006 no virus found
eTrust-Vet 12.6.2253 06.13.2006 no virus found
Ewido 3.5 06.13.2006 no virus found
Fortinet 2.77.0.0 06.13.2006 no virus found
F-Prot 3.16f 06.12.2006 no virus found
Ikarus 0.2.65.0 06.12.2006 Trojan.Win32.StartPage.aak
Kaspersky 4.0.2.24 06.13.2006 no virus found
McAfee 4782 06.12.2006 no virus found
Microsoft 1.1441 06.13.2006 no virus found
NOD32v2 1.1595 06.12.2006 no virus found
Norman 5.90.21 06.12.2006 no virus found
Panda 9.0.0.4 06.12.2006 no virus found
Sophos 4.06.0 06.13.2006 no virus found
Symantec 8.0 06.13.2006 no virus found
TheHacker 5.9.8.158 06.12.2006 no virus found
UNA 1.83 06.09.2006 no virus found
VBA32 3.11.0 06.12.2006 no virus found

PS: Рекламируется как средство взлома защиты СтарФорс. Это ложное дедектирование или всё-таки пытаются впарить трояна?

**HATTIFNATTOR** · 14.06.2006, 14:23

Complete scanning result of "upAYB_unk.int", received in VirusTotal at 06.14.2006, 12:16:06 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.13 06.14.2006 ADSPY/Lop.ag.23.E
Authentium 4.93.8 06.14.2006 no virus found
Avast 4.7.844.0 06.13.2006 Win32:Swizzor-gen
AVG 386 06.13.2006 no virus found
BitDefender 7.2 06.14.2006 Trojan.Swizzor.DH
CAT-QuickHeal 8.00 06.13.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 06.13.2006 no virus found
DrWeb 4.33 06.13.2006 no virus found
eTrust-InoculateIT 23.72.37 06.14.2006 no virus found
eTrust-Vet 12.6.2256 06.14.2006 no virus found
Ewido 3.5 06.14.2006 no virus found
Fortinet 2.77.0.0 06.14.2006 suspicious
F-Prot 3.16f 06.13.2006 no virus found
Ikarus 0.2.65.0 06.14.2006 no virus found
Kaspersky 4.0.2.24 06.14.2006 Trojan-Downloader.Win32.Swizzor.dv
McAfee 4783 06.13.2006 no virus found
Microsoft 1.1441 06.14.2006 C2.Lop.dldr
NOD32v2 1.1598 06.14.2006 Win32/TrojanDownloader.Swizzor
Norman 5.90.21 06.14.2006 Swizzor.gen.F
Panda 9.0.0.4 06.13.2006 Adware/Lop
Sophos 4.06.0 06.14.2006 no virus found
Symantec 8.0 06.14.2006 no virus found
TheHacker 5.9.8.159 06.14.2006 no virus found
UNA 1.83 06.13.2006 no virus found
VBA32 3.11.0 06.13.2006 Trojan-Downloader.Win32.Swizzor.dv
VirusBuster 4.3.7:9 06.13.2006 no virus found

Aditional Information
File size: 62570 bytes
MD5: d7d0309e1f54dea1099af06488b21c7e
SHA1: a833f75f5502328acccd5a8ffd06c0521851a18c

**Shu_b** · 14.06.2006, 14:37

Может всётаки лучше начать новую серию?
Вот тут и VirusBuster добавили...

**anton_dr** · 14.06.2006, 14:41

Поддерживаю. Ток заодно б итоги подбить. И вывесить тут в последнем мессадже, и в первом новой темы

**Shu_b** · 14.06.2006, 16:31

Сообщение от anton_dr

Ток заодно б итоги подбить.

Так они подбиты - http://virusinfo.info/showthread.php?p=74529#post74529

**Синауридзе Александр** · 25.06.2006, 21:36

Complete scanning result of "188239238121.exe", received in VirusTotal at 06.25.2006, 17:55:07 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.16 06.25.2006 no virus found
Authentium 4.93.8 06.23.2006 no virus found
Avast 4.7.844.0 06.23.2006 no virus found
AVG 386 06.25.2006 no virus found
BitDefender 7.2 06.25.2006 Generic.Malware.SF.066A9ACB
CAT-QuickHeal 8.00 06.24.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 06.23.2006 no virus found
DrWeb 4.33 06.25.2006 Trojan.PWS.Stormpay
eTrust-InoculateIT 23.72.49 06.25.2006 no virus found
eTrust-Vet 12.6.2272 06.23.2006 no virus found
Ewido 3.5 06.25.2006 Trojan.Stormpay
Fortinet 2.77.0.0 06.25.2006 suspicious
F-Prot 3.16f 06.23.2006 no virus found
Ikarus 0.2.65.0 06.23.2006 no virus found
Kaspersky 4.0.2.24 06.25.2006 Backdoor.Win32.Agent.abk
McAfee 4792 06.23.2006 no virus found
Microsoft 1.1481 06.25.2006 no virus found
NOD32v2 1.1622 06.25.2006 no virus found
Norman 5.90.21 06.23.2006 no virus found
Panda 9.0.0.4 06.25.2006 Suspicious file
Sophos 4.07.0 06.25.2006 no virus found
Symantec 8.0 06.25.2006 no virus found
TheHacker 5.9.8.164 06.23.2006 no virus found
UNA 1.83 06.23.2006 no virus found
VBA32 3.11.0 06.24.2006 Trojan.PWS.Stormpay
VirusBuster 4.3.7:9 06.25.2006 no virus found

Aditional Information
File size: 14177 bytes
MD5: c2e983697293405aed42a20f3c477add
SHA1: 5b43ea7551b0827b1462b8533b674d095633d863

**Nike** · 26.06.2006, 13:44

Предложили почитать книжку:

Complete scanning result of "_____.zl9", received in VirusTotal at 06.26.2006, 11:35:02 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.16 06.26.2006 TR/Dldr.Small.AXL.1
Authentium 4.93.8 06.23.2006 no virus found
Avast 4.7.844.0 06.23.2006 no virus found
AVG 386 06.25.2006 no virus found
BitDefender 7.2 06.26.2006 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 8.00 06.24.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 06.26.2006 Trojan.Downloader.Small-1573
DrWeb 4.33 06.26.2006 Trojan.DownLoader.10639
eTrust-InoculateIT 23.72.49 06.25.2006 no virus found
eTrust-Vet 12.6.2275 06.26.2006 no virus found
Ewido 3.5 06.26.2006 no virus found
Fortinet 2.77.0.0 06.26.2006 suspicious
F-Prot 3.16f 06.23.2006 no virus found
Ikarus 0.2.65.0 06.26.2006 no virus found
Kaspersky 4.0.2.24 06.26.2006 Trojan-Downloader.Win32.Agent.uv
McAfee 4792 06.23.2006 New Malware.n
Microsoft 1.1481 06.25.2006 no virus found
NOD32v2 1.1623 06.26.2006 a variant of Win32/TrojanDownloader.Delf.AJD
Norman 5.90.21 06.26.2006 W32/Downloader
Panda 9.0.0.4 06.25.2006 Suspicious file
Sophos 4.07.0 06.26.2006 no virus found
Symantec 8.0 06.26.2006 no virus found
TheHacker 5.9.8.165 06.26.2006 no virus found
UNA 1.83 06.23.2006 no virus found
VBA32 3.11.0 06.26.2006 no virus found
VirusBuster 4.3.7:9 06.25.2006 no virus found

Aditional Information
File size: 13255 bytes
MD5: 3ae822a90ccf5ed870adbe6c1020b611
SHA1: f5838ffaac552210fba05817f395bb826096277b
Norman SandBox:
[ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* File length: 13255 bytes.

[ Changes to filesystem ]
* Creates file C:WINDOWSTEMPcsrss.exe.

[ Changes to registry ]
* Sets value "Q"="Q" in key "HKCUSoftwareMicrosoftWindows".

[ Network services ]
* Looks for an Internet connection.
* Opens URL: http://rikoger.com/*****/una.exe.

[ Security issues ]
* Starting downloaded file - potential security problem.

[ Process/window information ]
* Modifies other process memory.
* Attemps to open C:WINDOWSTEMPcsrss.exe NULL.

это то, что эта штука скачивает:

Complete scanning result of "una.exe", received in VirusTotal at 06.26.2006, 11:22:22 (CET).
Antivirus Version Update Result
AntiVir 6.35.0.16 06.26.2006 HEUR/Crypted.Modified
Authentium 4.93.8 06.23.2006 no virus found
Avast 4.7.844.0 06.23.2006 no virus found
AVG 386 06.25.2006 no virus found
BitDefender 7.2 06.26.2006 no virus found
CAT-QuickHeal 8.00 06.24.2006 no virus found
ClamAV devel-20060426 06.26.2006 no virus found
DrWeb 4.33 06.25.2006 no virus found
eTrust-InoculateIT 23.72.49 06.25.2006 no virus found
eTrust-Vet 12.6.2275 06.26.2006 no virus found
Ewido 3.5 06.26.2006 no virus found
Fortinet 2.77.0.0 06.26.2006 suspicious
F-Prot 3.16f 06.23.2006 no virus found
Ikarus 0.2.65.0 06.26.2006 no virus found
Kaspersky 4.0.2.24 06.26.2006 Trojan-PSW.Win32.LdPinch.apu
McAfee 4792 06.23.2006 no virus found
Microsoft 1.1481 06.25.2006 no virus found
NOD32v2 1.1623 06.26.2006 no virus found
Norman 5.90.21 06.26.2006 no virus found
Panda 9.0.0.4 06.25.2006 Suspicious file
Sophos 4.07.0 06.26.2006 no virus found
Symantec 8.0 06.26.2006 no virus found
TheHacker 5.9.8.165 06.26.2006 no virus found
UNA 1.83 06.23.2006 no virus found
VBA32 3.11.0 06.26.2006 suspected of Trojan-PSW.PdPinch.1
VirusBuster 4.3.7:9 06.25.2006 no virus found

Aditional Information
File size: 22528 bytes
MD5: bc74e3cafb917b9041985211a5e7f76e
SHA1: 2a2161528cd672a55695034ea0f3b0d950ad3a16

**mvlab** · 28.06.2006, 14:07

Complete scanning result of "WarezP2P_TDL.exe", received in VirusTotal at 06.28.2006, 11:56:13 (CET).

Antivirus Version Update Result
AntiVir 6.35.0.19 06.28.2006 no virus found
Authentium 4.93.8 06.28.2006 no virus found
Avast 4.7.844.0 06.27.2006 no virus found
AVG 386 06.27.2006 no virus found
BitDefender 7.2 06.28.2006 no virus found
CAT-QuickHeal 8.00 06.27.2006 Downloader.Agent.h (Not a Virus)
ClamAV devel-20060426 06.27.2006 no virus found
DrWeb 4.33 06.27.2006 Trojan.DownLoader.10412
eTrust-InoculateIT 23.72.51 06.27.2006 no virus found
eTrust-Vet 12.6.2279 06.28.2006 no virus found
Ewido 3.5 06.28.2006 Downloader.Small
Fortinet 2.77.0.0 06.28.2006 P2P/Warez
F-Prot 3.16f 06.28.2006 no virus found
Ikarus 0.2.65.0 06.28.2006 no virus found
Kaspersky 4.0.2.24 06.28.2006 not-a-virus

ownloader.Win32.Agent.h
McAfee 4794 06.27.2006 no virus found
Microsoft 1.1481 06.28.2006 no virus found
NOD32v2 1.1629 06.28.2006 no virus found
Norman 5.90.21 06.27.2006 no virus found
Panda 9.0.0.4 06.27.2006 no virus found
Sophos 4.07.0 06.28.2006 no virus found
Symantec 8.0 06.28.2006 no virus found
TheHacker 5.9.8.166 06.28.2006 no virus found
UNA 1.83 06.27.2006 no virus found
VBA32 3.11.0 06.27.2006 Trojan.DownLoader.10412
VirusBuster 4.3.7:9 06.27.2006 no virus found

Исследование антивирусов 3

Опции темы

нашел новый haxdoor

Похожие темы

Исследование антивирусов 7

Исследование антивирусов 6

Исследование антивирусов 5

Исследование антивирусов 4

Исследование антивирусов 2

Ваши права в разделе