Исследование антивирусов 4

**Winsent** · 27.10.2006, 08:54

Complete scanning result of "Anna.scr", received in VirusTotal at 10.27.2006, 06:42:03 (CET).

Antivirus Version Update Result

AntiVir 7.2.0.32 10.26.2006 HEUR/Crypted
Authentium 4.93.8 10.27.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus
Avast 4.7.892.0 10.26.2006 no virus found
AVG 386 10.26.2006 PSW.Ldpinch.CKR
BitDefender 7.2 10.27.2006 DeepScan:Generic.Dialer.5DAB36F2
CAT-QuickHeal 8.00 10.26.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.27.2006 no virus found
DrWeb 4.33 10.26.2006 Trojan.PWS.LDPinch.1243
eTrust-InoculateIT 23.73.38 10.27.2006 no virus found
eTrust-Vet 30.3.3158 10.26.2006 no virus found
Ewido 4.0 10.26.2006 Trojan.LdPinch.bag
Fortinet 2.82.0.0 10.27.2006 SPY/LdPinch
F-Prot 3.16f 10.27.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus
F-Prot4 4.2.1.29 10.27.2006 W32/HLLI-MewOrleans-based!Maximus
Ikarus 0.2.65.0 10.26.2006 no virus found
Kaspersky 4.0.2.24 10.27.2006 Trojan-PSW.Win32.LdPinch.bag
McAfee 4882 10.26.2006 no virus found
Microsoft 1.1609 10.26.2006 Win32/Ldpinch
NOD32v2 1.1838 10.26.2006 no virus found
Norman 5.80.02 10.26.2006 W32/Suspicious_M.gen
Panda 9.0.0.4 10.27.2006 no virus found
Sophos 4.10.0 10.26.2006 Mal/Packer
TheHacker 6.0.1.106 10.26.2006 Trojan/PSW.LdPinch.bag
UNA 1.83 10.26.2006 Trojan.PSW.Win32.LdPinch.5EC9
VBA32 3.11.1 10.26.2006 Trojan-PSW.Win32.LdPinch.bag
VirusBuster 4.3.15:9 10.26.2006 no virus found

Aditional Information
File size: 53890 bytes
MD5: ecec55ce1dd960924dd8c01b636f1bcc
SHA1: 797811bbda799d00cecdc7f36fc4e51edf0f6e6e
packers: MEW
packers: MEW

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**Alex_Goodwin** · 27.10.2006, 12:26

STATUS: FINISHEDComplete scanning result of "__1056", received in VirusTotal at 10.27.2006, 10:23:48 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.27.2006 TR/Daideneg.A
Authentium 4.93.8 10.27.2006 no virus found
Avast 4.7.892.0 10.26.2006 Win32

aideneg
AVG 386 10.27.2006 Generic.WKG
BitDefender 7.2 10.27.2006 BehavesLike:Trojan.RegistryDisabler
CAT-QuickHeal 8.00 10.26.2006 no virus found
ClamAV devel-20060426 10.27.2006 no virus found
DrWeb 4.33 10.27.2006 no virus found
eTrust-InoculateIT 23.73.38 10.27.2006 no virus found
eTrust-Vet 30.3.3162 10.27.2006 no virus found
Ewido 4.0 10.27.2006 Trojan.Daideneg.a
Fortinet 2.82.0.0 10.27.2006 W32/Daideneg.A!tr
F-Prot 3.16f 10.27.2006 no virus found
F-Prot4 4.2.1.29 10.27.2006 no virus found
Ikarus 0.2.65.0 10.27.2006 no virus found
Kaspersky 4.0.2.24 10.27.2006 Trojan.Win32.Daideneg.a
McAfee 4882 10.26.2006 no virus found
Microsoft 1.1609 10.26.2006 no virus found
NOD32v2 1.1840 10.27.2006 Win32/Agent.NBY
Norman 5.80.02 10.26.2006 W32/Agent.AHAP
Panda 9.0.0.4 10.27.2006 Suspicious file
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.106 10.26.2006 no virus found
UNA 1.83 10.26.2006 Trojan.Win32.Daideneg.A951
VBA32 3.11.1 10.26.2006 Trojan.Win32.Daideneg.a
VirusBuster 4.3.15:9 10.27.2006 no virus found

Aditional Information
File size: 4608 bytes
MD5: 711bcd7321a4236691e2cce057897891
SHA1: 14a5ece4d49dbbea61d58ab922250dae0812c881
packers: UPX
packers: UPX
packers: UPX
packers: UPX

**Muffler** · 28.10.2006, 06:52

Complete scanning result of "winckhlp.exe", received in VirusTotal at 10.28.2006, 04:43:46 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.27.2006 HEUR/Crypted
Authentium 4.93.8 10.27.2006 no virus found
Avast 4.7.892.0 10.27.2006 no virus found
AVG 386 10.27.2006 no virus found
BitDefender 7.2 10.28.2006 no virus found
CAT-QuickHeal 8.00 10.27.2006 no virus found
ClamAV devel-20060426 10.27.2006 no virus found
DrWeb 4.33 10.27.2006 Trojan.PWS.Ebay
eTrust-InoculateIT 23.73.39 10.27.2006 no virus found
eTrust-Vet 30.3.3162 10.27.2006 no virus found
Ewido 4.0 10.27.2006 no virus found
Fortinet 2.82.0.0 10.28.2006 no virus found
F-Prot 3.16f 10.27.2006 no virus found
F-Prot4 4.2.1.29 10.27.2006 no virus found
Ikarus 0.2.65.0 10.28.2006 no virus found
Kaspersky 4.0.2.24 10.28.2006 no virus found
McAfee 4883 10.27.2006 no virus found
Microsoft 1.1609 10.26.2006 no virus found
NOD32v2 1.1842 10.27.2006 no virus found
Norman 5.80.02 10.27.2006 no virus found
Panda 9.0.0.4 10.27.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.107 10.27.2006 no virus found
UNA 1.83 10.27.2006 no virus found
VBA32 3.11.1 10.27.2006 no virus found
VirusBuster 4.3.15:9 10.27.2006 no virus found

Aditional Information
File size: 121856 bytes
MD5: b023adf7fe52f5250d23cca4ca60bbf0
SHA1: fcdab93ed2bbd119e734a71d235619dae6203be2
packers: ASPACK
packers: Aspack

**DoSTR** · 28.10.2006, 11:51

Complete scanning result of "pack_setup.exe", received in VirusTotal at 10.28.2006, 08:07:28 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.27.2006 Worm/IRCBot.32768.1
Authentium 4.93.8 10.28.2006 Possibly a new variant of W32/IRCBot-based!Maximus
Avast 4.7.892.0 10.27.2006 no virus found
AVG 386 10.27.2006 Generic2.FOK
BitDefender 7.2 10.28.2006 no virus found
CAT-QuickHeal 8.00 10.27.2006 Trojan.Horst.gen
ClamAV devel-20060426 10.27.2006 no virus found
DrWeb 4.33 10.27.2006 Win32.HLLW.Medbod
eTrust-InoculateIT 23.73.40 10.28.2006 Win32/Boxed.6vi!Trojan
eTrust-Vet 30.3.3162 10.27.2006 Win32/Boxed!generic
Ewido 4.0 10.27.2006 Backdoor.IRCBot.xq
Fortinet 2.82.0.0 10.28.2006 W32/BEAV_New_Malware.XQ!tr.bdr
F-Prot 3.16f 10.28.2006 Possibly a new variant of W32/IRCBot-based!Maximus
F-Prot4 4.2.1.29 10.27.2006 W32/IRCBot-based!Maximus
Ikarus 0.2.65.0 10.28.2006 Backdoor.Win32.IRCBot.xq
Kaspersky 4.0.2.24 10.28.2006 Backdoor.Win32.IRCBot.xq
McAfee 4883 10.27.2006 no virus found
Microsoft 1.1609 10.26.2006 no virus found
NOD32v2 1.1842 10.27.2006 Win32/Medbot.BU
Norman 5.80.02 10.27.2006 no virus found
Panda 9.0.0.4 10.27.2006 Suspicious file
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.107 10.27.2006 no virus found
UNA 1.83 10.27.2006 Backdoor.IRCBot.6CC9
VBA32 3.11.1 10.27.2006 no virus found
VirusBuster 4.3.15:9 10.27.2006 Worm.Medbot.Gen.6

Aditional Information
File size: 36864 bytes
MD5: c06956fe1ef2493912d9c58cc737e135
SHA1: f3f37cf792c0a15a23dcef7ac7417c0186c63670
packers: UPX
packers: UPX
packers: UPX
packers: UPX

**DoSTR** · 28.10.2006, 14:13

Complete scanning result of "ARM32.dLL", received in VirusTotal at 10.28.2006, 12:08:45 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.27.2006 TR/Proxy.Xorpi.AM.1
Authentium 4.93.8 10.28.2006 no virus found
Avast 4.7.892.0 10.27.2006 Win32

orpix-U
AVG 386 10.27.2006 Proxy.GBP
BitDefender 7.2 10.28.2006 no virus found
CAT-QuickHeal 8.00 10.27.2006 no virus found
ClamAV devel-20060426 10.28.2006 no virus found
DrWeb 4.33 10.28.2006 Trojan.Proxy.1098
eTrust-InoculateIT 23.73.40 10.28.2006 no virus found
eTrust-Vet 30.3.3164 10.28.2006 Win32/Hsow!generic
Ewido 4.0 10.27.2006 Proxy.Xorpix.am
Fortinet 2.82.0.0 10.28.2006 W32/Xorpix.AM!tr
F-Prot 3.16f 10.28.2006 no virus found
F-Prot4 4.2.1.29 10.27.2006 no virus found
Ikarus 0.2.65.0 10.28.2006 Packer.byDwing
Kaspersky 4.0.2.24 10.28.2006 Trojan-Proxy.Win32.Xorpix.am
McAfee 4883 10.27.2006 no virus found
Microsoft 1.1609 10.26.2006 no virus found
NOD32v2 1.1842 10.27.2006 Win32/TrojanProxy.Xorpix
Norman 5.80.02 10.27.2006 no virus found
Panda 9.0.0.4 10.27.2006 Suspicious file
Sophos 4.10.0 10.26.2006 Mal/Packer
TheHacker 6.0.1.107 10.27.2006 Trojan/Proxy.Xorpix.am
UNA 1.83 10.27.2006 TrojanProxy.Win32.Xorpix.477F
VBA32 3.11.1 10.27.2006 Trojan-Proxy.Win32.Xorpix.am
VirusBuster 4.3.15:9 10.27.2006 no virus found

Aditional Information
File size: 13185 bytes
MD5: 155b1b4353eba435ba2647fa7522954a
SHA1: f123a68db5bda8a42b9720bf915de2951df55a06
packers: Upack
packers: UPACK
packers: UPack

**DoSTR** · 28.10.2006, 14:18

Complete scanning result of "ZHanny_friski.exe", received in VirusTotal at 10.28.2006, 12:14:15 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.27.2006 TR/Spy.Agent.ACU
Authentium 4.93.8 10.28.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus
Avast 4.7.892.0 10.27.2006 no virus found
AVG 386 10.27.2006 PSW.Ldpinch.CKB
BitDefender 7.2 10.28.2006 DeepScan:Generic.Malware.FYd!lg.A3AD7032
CAT-QuickHeal 8.00 10.27.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.28.2006 no virus found
DrWeb 4.33 10.28.2006 Trojan.PWS.LDPinch.1233
eTrust-InoculateIT 23.73.40 10.28.2006 no virus found
eTrust-Vet 30.3.3164 10.28.2006 no virus found
Ewido 4.0 10.27.2006 Trojan.LdPinch.azw
Fortinet 2.82.0.0 10.28.2006 W32/LdPinch.AZW!tr.pws
F-Prot 3.16f 10.28.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus
F-Prot4 4.2.1.29 10.27.2006 W32/HLLI-MewOrleans-based!Maximus
Ikarus 0.2.65.0 10.28.2006 Backdoor.Win32.Ciadoor.N
Kaspersky 4.0.2.24 10.28.2006 Trojan-PSW.Win32.LdPinch.azw
McAfee 4883 10.27.2006 no virus found
Microsoft 1.1609 10.26.2006 Win32/Ldpinch
NOD32v2 1.1842 10.27.2006 no virus found
Norman 5.80.02 10.27.2006 W32/Suspicious_M.gen
Panda 9.0.0.4 10.27.2006 Trj/LDPinch.TT
Sophos 4.10.0 10.26.2006 Mal/Packer
TheHacker 6.0.1.107 10.27.2006 Trojan/PSW.LdPinch.azw
UNA 1.83 10.27.2006 Trojan.PSW.Win32.LdPinch.47B7
VBA32 3.11.1 10.27.2006 Trojan-PSW.Win32.LdPinch.azw
VirusBuster 4.3.15:9 10.27.2006 no virus found

Aditional Information
File size: 24384 bytes
MD5: 72d3fdba15a1c26b04d9c15e8a3afefe
SHA1: 0cb5e3f52e371342a0896fa8d71c99dd258fc6b1
packers: MEW
packers: MEW

**Winsent** · 29.10.2006, 15:20

Complete scanning result of "sex_scene.scr", received in VirusTotal at 10.29.2006, 13:16:07 (CET).

Antivirus Version Update Result

AntiVir 7.2.0.34 10.28.2006 HEUR/Crypted
Authentium 4.93.8 10.28.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus
Avast 4.7.892.0 10.27.2006 no virus found
AVG 386 10.27.2006 no virus found
BitDefender 7.2 10.29.2006 no virus found
CAT-QuickHeal 8.00 10.28.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.29.2006 no virus found
DrWeb 4.33 10.29.2006 no virus found
eTrust-InoculateIT 23.73.40 10.28.2006 no virus found
eTrust-Vet 30.3.3164 10.28.2006 no virus found
Ewido 4.0 10.28.2006 no virus found
Fortinet 2.82.0.0 10.29.2006 no virus found
F-Prot 3.16f 10.28.2006 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus
F-Prot4 4.2.1.29 10.29.2006 W32/HLLI-MewOrleans-based!Maximus
Ikarus 0.2.65.0 10.29.2006 no virus found
Kaspersky 4.0.2.24 10.29.2006 Trojan-PSW.Win32.LdPinch.bbe
McAfee 4883 10.27.2006 no virus found
Microsoft 1.1609 10.26.2006 Win32/Ldpinch
NOD32v2 1.1842 10.27.2006 no virus found
Norman 5.80.02 10.27.2006 W32/Suspicious_M.gen
Panda 9.0.0.4 10.28.2006 Suspicious file
Sophos 4.10.0 10.26.2006 Mal/Packer
TheHacker 6.0.1.107 10.27.2006 no virus found
UNA 1.83 10.27.2006 no virus found
VBA32 3.11.1 10.27.2006 suspected of Malware.Agent.26 (paranoid heuristics)
VirusBuster 4.3.15:9 10.29.2006 no virus found

Aditional Information
File size: 49877 bytes
MD5: b2bdeb7ea1b04210de09eb581cacfc96
SHA1: 7c8d4ad69abffbb144abe82bba5863e0f42e21c9
packers: MEW
packers: MEW

**mvlab** · 01.11.2006, 01:48

Complete scanning result of "execute._xe", received in VirusTotal at 10.31.2006, 23:39:38 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 TR/Click.Delf.FZ
Authentium 4.93.8 10.31.2006 no virus found
Avast 4.7.892.0 10.31.2006 no virus found
AVG 386 10.31.2006 Clicker.CPS
BitDefender 7.2 10.31.2006 no virus found
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 10.31.2006 no virus found
DrWeb 4.33 10.31.2006 DLOADER.Trojan
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3170 10.31.2006 no virus found
Ewido 4.0 10.31.2006 no virus found
Fortinet 2.82.0.0 10.31.2006 Adware/Delf!017
F-Prot 3.16f 10.31.2006 no virus found
F-Prot4 4.2.1.29 10.31.2006 no virus found
Ikarus 0.2.65.0 10.31.2006 no virus found
Kaspersky 4.0.2.24 11.01.2006 Trojan-Clicker.Win32.Delf.fz
McAfee 4885 10.31.2006 no virus found
Microsoft 1.1609 10.31.2006 no virus found
NOD32v2 1.1846 10.31.2006 no virus found
Norman 5.80.02 10.31.2006 W32/Delf.SEM
Panda 9.0.0.4 10.31.2006 Trj/Regger.E
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.109 10.30.2006 no virus found
UNA 1.83 10.31.2006 TrojanClicker.Win32.Delf.A4FB
VBA32 3.11.1 10.31.2006 no virus found
VirusBuster 4.3.15:9 10.31.2006 Trojan.CL.Delf.SOG

Aditional Information
File size: 280576 bytes
MD5: b3cc2a0366ce124b04fc4f279b742a7c
SHA1: c638421da3cc811dac1f7472d9dd7f229b583a50
packers: UPX
packers: UPX
packers: UPX

**HATTIFNATTOR** · 01.11.2006, 12:20

Complete scanning result of "index_1_.htm", received in VirusTotal at 11.01.2006, 10:46:43 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 no virus found
Authentium 4.93.8 10.31.2006 no virus found
Avast 4.7.892.0 10.31.2006 no virus found
AVG 386 11.01.2006 no virus found
BitDefender 7.2 11.01.2006 no virus found
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 11.01.2006 Exploit.HTML.VML
DrWeb 4.33 11.01.2006 no virus found
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3172 11.01.2006 no virus found
Ewido 4.0 10.31.2006 no virus found
Fortinet 2.82.0.0 11.01.2006 no virus found
F-Prot 3.16f 10.31.2006 no virus found
F-Prot4 4.2.1.29 10.31.2006 no virus found
Ikarus 0.2.65.0 10.31.2006 no virus found
Kaspersky 4.0.2.24 11.01.2006 no virus found
McAfee 4885 10.31.2006 no virus found
Microsoft 1.1609 11.01.2006 no virus found
NOD32v2 1.1846 10.31.2006 no virus found
Norman 5.80.02 10.31.2006 JS/Exploit_based.D
Panda 9.0.0.4 11.01.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.109 10.30.2006 no virus found
UNA 1.83 10.31.2006 no virus found
VBA32 3.11.1 10.31.2006 no virus found
VirusBuster 4.3.15:9 10.31.2006 no virus found

Aditional Information
File size: 105081 bytes
MD5: 3507f4249a56487fd38c22a3c5c3276c
SHA1: f707aadf9bd467f64a9ade4a16a752c0a7476d7c

Complete scanning result of "_tmp0374.exe", received in VirusTotal at 11.01.2006, 10:15:37 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 HEUR/Malware
Authentium 4.93.8 10.31.2006 no virus found
Avast 4.7.892.0 10.31.2006 no virus found
AVG 386 11.01.2006 Downloader.Generic2.VGB
BitDefender 7.2 11.01.2006 Generic.Malware.dld!!.D72BBC9C
CAT-QuickHeal 8.00 10.31.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.01.2006 no virus found
DrWeb 4.33 11.01.2006 no virus found
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3172 11.01.2006 no virus found
Ewido 4.0 10.31.2006 no virus found
Fortinet 2.82.0.0 11.01.2006 suspicious
F-Prot 3.16f 10.31.2006 no virus found
F-Prot4 4.2.1.29 10.31.2006 no virus found
Ikarus 0.2.65.0 10.31.2006 no virus found
Kaspersky 4.0.2.24 11.01.2006 no virus found
McAfee 4885 10.31.2006 no virus found
Microsoft 1.1609 11.01.2006 no virus found
NOD32v2 1.1846 10.31.2006 no virus found
Norman 5.80.02 10.31.2006 Suspicious_F.gen
Panda 9.0.0.4 11.01.2006 Suspicious file
Sophos 4.10.0 10.26.2006 Mal/Packer
TheHacker 6.0.1.109 10.30.2006 no virus found
UNA 1.83 10.31.2006 no virus found
VBA32 3.11.1 10.31.2006 no virus found
VirusBuster 4.3.15:9 10.31.2006 no virus found

Aditional Information
File size: 1633 bytes
MD5: bd2c4f76f779f657e366c2c743571a72
SHA1: e758beb0eadfc1053f7b82cc39919438597d3771
packers: FSG
packers: FSG

Complete scanning result of "dminload.exe", received in VirusTotal at 11.01.2006, 10:21:29 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 no virus found
Authentium 4.93.8 10.31.2006 no virus found
Avast 4.7.892.0 10.31.2006 no virus found
AVG 386 11.01.2006 no virus found
BitDefender 7.2 11.01.2006 Win32.Stration.Gen@mm
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 11.01.2006 no virus found
DrWeb 4.33 11.01.2006 no virus found
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3172 11.01.2006 Win32/Stration!generic
Ewido 4.0 10.31.2006 no virus found
Fortinet 2.82.0.0 11.01.2006 no virus found
F-Prot 3.16f 10.31.2006 no virus found
F-Prot4 4.2.1.29 10.31.2006 no virus found
Ikarus 0.2.65.0 10.31.2006 no virus found
Kaspersky 4.0.2.24 11.01.2006 no virus found
McAfee 4885 10.31.2006 no virus found
Microsoft 1.1609 11.01.2006 Win32/Stration.gen!dl
NOD32v2 1.1846 10.31.2006 no virus found
Norman 5.80.02 10.31.2006 no virus found
Panda 9.0.0.4 11.01.2006 Suspicious file
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.109 10.30.2006 no virus found
UNA 1.83 10.31.2006 I-Worm.Warezov
VBA32 3.11.1 10.31.2006 no virus found
VirusBuster 4.3.15:9 10.31.2006 no virus found

Aditional Information
File size: 12288 bytes
MD5: 720046632947d427c7b8d979fba7044d
SHA1: 142bc914aff128335f424c42a586bd112fe10b12

Complete scanning result of "mqqmkbdu.dll", received in VirusTotal at 11.01.2006, 10:22:09 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 no virus found
Authentium 4.93.8 10.31.2006 Possibly a new variant of W32/Bongler-based
Avast 4.7.892.0 10.31.2006 no virus found
AVG 386 11.01.2006 no virus found
BitDefender 7.2 11.01.2006 Win32.Stration.Gen@mm
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 11.01.2006 no virus found
DrWeb 4.33 11.01.2006 no virus found
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3172 11.01.2006 Win32/Stration!generic
Ewido 4.0 10.31.2006 no virus found
Fortinet 2.82.0.0 11.01.2006 no virus found
F-Prot 3.16f 10.31.2006 Possibly a new variant of W32/Bongler-based
F-Prot4 4.2.1.29 10.31.2006 W32/Bongler-based
Ikarus 0.2.65.0 10.31.2006 no virus found
Kaspersky 4.0.2.24 11.01.2006 no virus found
McAfee 4885 10.31.2006 W32/Stration@MM
Microsoft 1.1609 11.01.2006 Win32/Stration.gen!dll.E
NOD32v2 1.1846 10.31.2006 a variant of Win32/Stration
Norman 5.80.02 10.31.2006 no virus found
Panda 9.0.0.4 11.01.2006 no virus found
Sophos 4.10.0 10.26.2006 W32/Strati-Gen
TheHacker 6.0.1.109 10.30.2006 W32/Stration@MM
UNA 1.83 10.31.2006 I-Worm.Warezov
VBA32 3.11.1 10.31.2006 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.15:9 10.31.2006 no virus found

Aditional Information
File size: 20480 bytes
MD5: 2c551bd1bb8de2a82238b91f1bcae8ee
SHA1: ea4ee89b6afce52816659b2763849012de5b72f4

Complete scanning result of "e1.dll", received in VirusTotal at 11.01.2006, 10:26:24 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 no virus found
Authentium 4.93.8 10.31.2006 Possibly a new variant of W32/Bongler-based
Avast 4.7.892.0 10.31.2006 no virus found
AVG 386 11.01.2006 no virus found
BitDefender 7.2 11.01.2006 Win32.Stration.Gen@mm
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 11.01.2006 no virus found
DrWeb 4.33 11.01.2006 no virus found
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3172 11.01.2006 Win32/Stration!generic
Ewido 4.0 10.31.2006 no virus found
Fortinet 2.82.0.0 11.01.2006 no virus found
F-Prot 3.16f 10.31.2006 Possibly a new variant of W32/Bongler-based
F-Prot4 4.2.1.29 10.31.2006 W32/Bongler-based
Ikarus 0.2.65.0 10.31.2006 no virus found
Kaspersky 4.0.2.24 11.01.2006 no virus found
McAfee 4885 10.31.2006 W32/Stration@MM
Microsoft 1.1609 11.01.2006 Win32/Stration.gen!dll.B
NOD32v2 1.1846 10.31.2006 no virus found
Norman 5.80.02 10.31.2006 no virus found
Panda 9.0.0.4 11.01.2006 no virus found
Sophos 4.10.0 10.26.2006 W32/Strati-Gen
TheHacker 6.0.1.109 10.30.2006 W32/Stration@MM
UNA 1.83 10.31.2006 I-Worm.Warezov
VBA32 3.11.1 10.31.2006 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.15:9 10.31.2006 no virus found

Aditional Information
File size: 8192 bytes
MD5: b25b8112b47c73a93df5f9a103761909
SHA1: 3df20c7e236e7739a8b15ee89e3243c04e371778

Complete scanning result of "mcd3stor.dll", received in VirusTotal at 11.01.2006, 10:26:53 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 WORM/Stration.Gen
Authentium 4.93.8 10.31.2006 W32/Warezov.gen4
Avast 4.7.892.0 10.31.2006 no virus found
AVG 386 11.01.2006 no virus found
BitDefender 7.2 11.01.2006 DeepScan:Generic.Stration.0CF2AF6E
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 11.01.2006 no virus found
DrWeb 4.33 11.01.2006 no virus found
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3172 11.01.2006 no virus found
Ewido 4.0 10.31.2006 no virus found
Fortinet 2.82.0.0 11.01.2006 no virus found
F-Prot 3.16f 10.31.2006 W32/Warezov.gen4
F-Prot4 4.2.1.29 10.31.2006 W32/Warezov.gen4
Ikarus 0.2.65.0 10.31.2006 no virus found
Kaspersky 4.0.2.24 11.01.2006 no virus found
McAfee 4885 10.31.2006 no virus found
Microsoft 1.1609 11.01.2006 no virus found
NOD32v2 1.1846 10.31.2006 no virus found
Norman 5.80.02 10.31.2006 no virus found
Panda 9.0.0.4 11.01.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.109 10.30.2006 no virus found
UNA 1.83 10.31.2006 I-Worm.Warezov
VBA32 3.11.1 10.31.2006 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.15:9 10.31.2006 no virus found

Aditional Information
File size: 106496 bytes
MD5: 83f7be7ac48a8ca425115c4f4d24f134
SHA1: bf2174c0bb0fad7b37a7fc98f57f3fe0ff2a8140

Complete scanning result of "mqqmkbdu.dll", received in VirusTotal at 11.01.2006, 10:26:59 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 no virus found
Authentium 4.93.8 10.31.2006 Possibly a new variant of W32/Bongler-based
Avast 4.7.892.0 10.31.2006 no virus found
AVG 386 11.01.2006 no virus found
BitDefender 7.2 11.01.2006 Win32.Stration.Gen@mm
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 11.01.2006 no virus found
DrWeb 4.33 11.01.2006 no virus found
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3172 11.01.2006 Win32/Stration!generic
Ewido 4.0 10.31.2006 no virus found
Fortinet 2.82.0.0 11.01.2006 no virus found
F-Prot 3.16f 10.31.2006 Possibly a new variant of W32/Bongler-based
F-Prot4 4.2.1.29 10.31.2006 W32/Bongler-based
Ikarus 0.2.65.0 10.31.2006 no virus found
Kaspersky 4.0.2.24 11.01.2006 no virus found
McAfee 4885 10.31.2006 W32/Stration@MM
Microsoft 1.1609 11.01.2006 Win32/Stration.gen!dll.E
NOD32v2 1.1846 10.31.2006 a variant of Win32/Stration
Norman 5.80.02 10.31.2006 no virus found
Panda 9.0.0.4 11.01.2006 no virus found
Sophos 4.10.0 10.26.2006 W32/Strati-Gen
TheHacker 6.0.1.109 10.30.2006 W32/Stration@MM
UNA 1.83 10.31.2006 I-Worm.Warezov
VBA32 3.11.1 10.31.2006 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.15:9 10.31.2006 no virus found

Aditional Information
File size: 20480 bytes
MD5: 2c551bd1bb8de2a82238b91f1bcae8ee
SHA1: ea4ee89b6afce52816659b2763849012de5b72f4

**Alex_Goodwin** · 01.11.2006, 12:48

STATUS: FINISHEDComplete scanning result of "__1056", received in VirusTotal at 11.01.2006, 10:43:53 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 TR/PSW.LdPinch.VM
Authentium 4.93.8 10.31.2006 is a security risk or a "backdoor" program
Avast 4.7.892.0 10.31.2006 Win32:Trojan-gen. {VC}
AVG 386 11.01.2006 PSW.Ldpinch.10.AC
BitDefender 7.2 11.01.2006 Trojan.Pws.Ldpinch.VM
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 11.01.2006 no virus found
DrWeb 4.33 11.01.2006 no virus found
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3172 11.01.2006 no virus found
Ewido 4.0 10.31.2006 Trojan.LdPinch.vm
Fortinet 2.82.0.0 11.01.2006 W32/LdPinch.VM!tr.pws
F-Prot 3.16f 10.31.2006 security risk or a "backdoor" program
F-Prot4 4.2.1.29 10.31.2006 generic
Ikarus 0.2.65.0 10.31.2006 Trojan-PSW.Win32.LdPinch.vm
Kaspersky 4.0.2.24 11.01.2006 Trojan-PSW.Win32.LdPinch.vm
McAfee 4885 10.31.2006 PWS-LDPinch
Microsoft 1.1609 11.01.2006 no virus found
NOD32v2 1.1846 10.31.2006 Win32/PSW.LdPinch.VM
Norman 5.80.02 10.31.2006 W32/LdPinch.AZY
Panda 9.0.0.4 11.01.2006 no virus found
Sophos 4.10.0 10.26.2006 Troj/LDPinch-IS
TheHacker 6.0.1.109 10.30.2006 Trojan/PSW.LdPinch.vm
UNA 1.83 10.31.2006 Trojan.PSW.Win32.LdPinch.8695
VBA32 3.11.1 10.31.2006 Trojan-PSW.Win32.LdPinch.vm
VirusBuster 4.3.15:9 10.31.2006 Trojan.PWS.LdPinch.ER

Aditional Information
File size: 1421312 bytes
MD5: b8ddffbc16d4fb9122721b0eb1cd13fd
SHA1: 5bb058b071588d408b9f4c6da800e6691ae1b4a3

**ISO** · 01.11.2006, 16:15

Complete scanning result of "_______.exe", received in VirusTotal at 11.01.2006, 14:12:23 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 TR/Dldr.Delf.awg.2
Authentium 4.93.8 10.31.2006 no virus found
Avast 4.7.892.0 10.31.2006 Win32

elf-BNL
AVG 386 11.01.2006 Downloader.Generic2.OAH
BitDefender 7.2 11.01.2006 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 8.00 10.31.2006 TrojanDownloader.Delf.awg
ClamAV devel-20060426 11.01.2006 Trojan.Downloader.Small-2298
DrWeb 4.33 11.01.2006 Trojan.DownLoader.12541
eTrust-InoculateIT 23.73.42 11.01.2006 Win32/Areses.5xb!Trojan
eTrust-Vet 30.3.3172 11.01.2006 Win32/Areses.AE
Ewido 4.0 11.01.2006 Downloader.Delf.awg
Fortinet 2.82.0.0 11.01.2006 W32/Delf.AWG!tr.dldr
F-Prot 3.16f 10.31.2006 no virus found
F-Prot4 4.2.1.29 10.31.2006 no virus found
Ikarus 0.2.65.0 10.31.2006 Packer.byDwing
Kaspersky 4.0.2.24 11.01.2006 Trojan-Downloader.Win32.Delf.awg
McAfee 4885 10.31.2006 Downloader-AWA
Microsoft 1.1609 11.01.2006 no virus found
NOD32v2 1.1847 11.01.2006 a variant of Win32/TrojanDownloader.Delf.AJD
Norman 5.80.02 11.01.2006 W32/DLoader.RR
Panda 9.0.0.4 11.01.2006 Trj/Downloader.KHM
Sophos 4.10.0 10.26.2006 Troj/Dloadr-AMN
TheHacker 6.0.1.109 10.30.2006 no virus found
UNA 1.83 10.31.2006 TrojanDownloader.Win32.Delf.9EEB
VBA32 3.11.1 10.31.2006 Trojan-Downloader.Win32.Delf.awg
VirusBuster 4.3.15:9 10.31.2006 no virus found

Aditional Information
File size: 11131 bytes
MD5: 8563010d68c732950181f2d8e0b5753f
SHA1: cef385786fe03aa90a97a2b0545b07c51b3d2049
packers: Upack
packers: UPACK
packers: UPack

**ISO** · 01.11.2006, 16:36

Complete scanning result of "Windows_2003_crack.scr", received in VirusTotal at 11.01.2006, 14:32:33 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 Worm/Scano.AB
Authentium 4.93.8 10.31.2006 no virus found
Avast 4.7.892.0 10.31.2006 Win32:Scano-AS
AVG 386 11.01.2006 I-Worm/Scano.BC
BitDefender 7.2 11.01.2006 Win32.Scano.AB@mm
CAT-QuickHeal 8.00 11.01.2006 I-Worm.Scano.x
ClamAV devel-20060426 11.01.2006 Worm.Scano.AH
DrWeb 4.33 11.01.2006 Win32.HLLM.Perf
eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
eTrust-Vet 30.3.3172 11.01.2006 Win32/Areses.AK
Ewido 4.0 11.01.2006 Worm.Scano.x
Fortinet 2.82.0.0 11.01.2006 W32/Areses.H
F-Prot 3.16f 10.31.2006 no virus found
F-Prot4 4.2.1.29 10.31.2006 no virus found
Ikarus 0.2.65.0 10.31.2006 Email-Worm.Win32.Scano.x
Kaspersky 4.0.2.24 11.01.2006 Email-Worm.Win32.Scano.x
McAfee 4885 10.31.2006 W32/Areses.h
Microsoft 1.1609 11.01.2006 Win32/Scano.gen
NOD32v2 1.1847 11.01.2006 Win32/Scano.NBC
Norman 5.80.02 11.01.2006 W32/Suspicious_U.gen
Panda 9.0.0.4 11.01.2006 W32/Areses.BF.worm
Sophos 4.10.0 10.26.2006 Mal/Packer
TheHacker 6.0.1.109 10.30.2006 no virus found
UNA 1.83 10.31.2006 no virus found
VBA32 3.11.1 10.31.2006 Worm.Win32.Scano.NBC
VirusBuster 4.3.15:9 10.31.2006 I-Worm.Scano.BD

Aditional Information
File size: 20900 bytes
MD5: e0ce6ec3ef1dd0db9ebc6bdb47664516
SHA1: e454e118476ccba6a32e0021ac8794eb2fa2fc43
packers: UPACK
packers: UPack

**Nike** · 03.11.2006, 17:35

Complete scanning result of "kbui32-virus.rar", received in VirusTotal at 11.03.2006, 15:28:59 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.37 11.03.2006 no virus found
Authentium 4.93.8 11.03.2006 no virus found
Avast 4.7.892.0 11.02.2006 no virus found
AVG 386 11.03.2006 no virus found
BitDefender 7.2 11.03.2006 no virus found
CAT-QuickHeal 8.00 11.03.2006 no virus found
ClamAV devel-20060426 11.03.2006 no virus found
DrWeb 4.33 11.03.2006 no virus found
eTrust-InoculateIT 23.73.44 11.03.2006 no virus found
eTrust-Vet 30.3.3176 11.03.2006 no virus found
Ewido 4.0 11.03.2006 no virus found
Fortinet 2.82.0.0 11.03.2006 suspicious
F-Prot 3.16f 11.03.2006 no virus found
F-Prot4 4.2.1.29 11.03.2006 no virus found
Ikarus 0.2.65.0 11.03.2006 no virus found
Kaspersky 4.0.2.24 11.03.2006 no virus found
McAfee 4887 11.02.2006 no virus found
Microsoft 1.1609 11.03.2006 no virus found
NOD32v2 1.1851 11.03.2006 no virus found
Norman 5.80.02 11.03.2006 no virus found
Panda 9.0.0.4 11.02.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.111 11.02.2006 no virus found
UNA 1.83 11.02.2006 no virus found
VBA32 3.11.1 11.02.2006 suspected of Email-Worm.Mydoom.3 (paranoid heuristics)
VirusBuster 4.3.15:9 11.03.2006 no virus found

Aditional Information
File size: 88083 bytes
MD5: 5f31c51064efab447fcd1ca42616f048
SHA1: e4fd8e42d2682ebd710808ccc5bc2ffbcf5f123a
packers: UPX
packers: UPX
packers: UPX

рассылало спам с машинки

**MOCT** · 05.11.2006, 02:24

Complete scanning result of "avz00005.dta", received in VirusTotal at 11.04.2006, 23:59:47 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.37 11.03.2006 no virus found
Authentium 4.93.8 11.04.2006 no virus found
Avast 4.7.892.0 11.03.2006 no virus found
AVG 386 11.04.2006 no virus found
BitDefender 7.2 11.04.2006 no virus found
CAT-QuickHeal 8.00 11.04.2006 no virus found
ClamAV devel-20060426 11.04.2006 no virus found
DrWeb 4.33 11.04.2006 Win32.HLLM.Limar
eTrust-InoculateIT 23.73.45 11.03.2006 no virus found
eTrust-Vet 30.3.3176 11.03.2006 no virus found
Ewido 4.0 11.04.2006 no virus found
Fortinet 2.82.0.0 11.04.2006 no virus found
F-Prot 3.16f 11.04.2006 no virus found
F-Prot4 4.2.1.29 11.04.2006 no virus found
Ikarus 0.2.65.0 11.03.2006 no virus found
Kaspersky 4.0.2.24 11.04.2006 no virus found
McAfee 4888 11.03.2006 no virus found
Microsoft 1.1609 11.04.2006 no virus found
NOD32v2 1.1853 11.03.2006 a variant of Win32/Stration
Norman 5.80.02 11.03.2006 no virus found
Panda 9.0.0.4 11.04.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.112 11.03.2006 no virus found
UNA 1.83 11.03.2006 I-Worm.Warezov.bg
VBA32 3.11.1 11.04.2006 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.15:9 11.04.2006 no virus found

Aditional Information
File size: 49152 bytes
MD5: 904492a4f1fd81035d744f780b56b437
SHA1: 9280066a44df6bdb584d014677b153154f79a887

Complete scanning result of "avz00006.dta", received in VirusTotal at 11.05.2006, 00:02:54 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.37 11.03.2006 no virus found
Authentium 4.93.8 11.04.2006 no virus found
Avast 4.7.892.0 11.03.2006 no virus found
AVG 386 11.04.2006 no virus found
BitDefender 7.2 11.04.2006 no virus found
CAT-QuickHeal 8.00 11.04.2006 no virus found
ClamAV devel-20060426 11.04.2006 no virus found
DrWeb 4.33 11.04.2006 Win32.HLLM.Limar
eTrust-InoculateIT 23.73.45 11.03.2006 no virus found
eTrust-Vet 30.3.3176 11.03.2006 no virus found
Ewido 4.0 11.04.2006 no virus found
Fortinet 2.82.0.0 11.04.2006 no virus found
F-Prot 3.16f 11.04.2006 no virus found
F-Prot4 4.2.1.29 11.04.2006 no virus found
Ikarus 0.2.65.0 11.03.2006 no virus found
Kaspersky 4.0.2.24 11.04.2006 no virus found
McAfee 4888 11.03.2006 no virus found
Microsoft 1.1609 11.04.2006 Win32/Stration.gen!dll.A
NOD32v2 1.1853 11.03.2006 no virus found
Norman 5.80.02 11.03.2006 no virus found
Panda 9.0.0.4 11.04.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.112 11.03.2006 no virus found
UNA 1.83 11.03.2006 I-Worm.Warezov.cp
VBA32 3.11.1 11.04.2006 MalwareScope.Worm.Warezov.1
VirusBuster 4.3.15:9 11.04.2006 no virus found

Aditional Information
File size: 176128 bytes
MD5: 91c5a0af3c0e9e056ebd8e2ef0501f23
SHA1: 1e64815bc754a682bbc0d3de34ad98a1a5f2ca6b

**Shu_b** · 05.11.2006, 14:39

Сообщение от ZDM

Давненько шото итогов небыло. Какова там ситуаций ?

вот -

**Winsent** · 07.11.2006, 12:40

Complete scanning result of "_________.jpg_.exe", received in VirusTotal at 11.07.2006, 10:34:05 (CET).

Antivirus Version Update Result

AntiVir 7.2.0.37 11.07.2006 TR/Dldr.Delf.awg.2
Authentium 4.93.8 11.06.2006 no virus found
Avast 4.7.892.0 11.06.2006 Win32elf-BSE
AVG 386 11.07.2006 no virus found
BitDefender 7.2 11.06.2006 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 8.00 11.06.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.07.2006 Trojan.Downloader.Small-2298
DrWeb 4.33 11.07.2006 no virus found
eTrust-InoculateIT 23.73.48 11.07.2006 no virus found
eTrust-Vet 30.3.3178 11.06.2006 no virus found
Ewido 4.0 11.07.2006 no virus found
Fortinet 2.82.0.0 11.07.2006 suspicious
F-Prot 3.16f 11.06.2006 no virus found
F-Prot4 4.2.1.29 11.06.2006 no virus found
Ikarus 0.2.65.0 11.07.2006 Packer.byDwing
Kaspersky 4.0.2.24 11.07.2006 no virus found
McAfee 4889 11.06.2006 Downloader-AWA
Microsoft 1.1609 11.07.2006 no virus found
NOD32v2 1.1856 11.06.2006 a variant of Win32/TrojanDownloader.Delf.AJD
Norman 5.80.02 11.06.2006 W32/Downloader
Panda 9.0.0.4 11.06.2006 Suspicious file
Sophos 4.10.0 10.26.2006 Mal/Packer
TheHacker 6.0.1.113 11.06.2006 no virus found
UNA 1.83 11.06.2006 no virus found
VBA32 3.11.1 11.06.2006 no virus found
VirusBuster 4.3.15:9 11.07.2006 no virus found

Aditional Information
File size: 11128 bytes
MD5: 3cd3df1938e5e2d4f52dc78d940db5b8
SHA1: b375aec7a1898b2f4351a775b50d65e4228a2882
packers: Upack
packers: UPACK
packers: UPack
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* **Locates window "NULL [class AVP.AlertDialog]" on desktop.
* File length: 11128 bytes.

[ Changes to filesystem ]
* Creates file C:WINDOWSTEMPcsrss.exe.

[ Changes to registry ]
* Sets value "m"="m" in key "HKCUSoftwareMicrosoftWindows".

[ Network services ]
* Looks for an Internet connection.
* Opens URL: http://www.xeseretuo.com/px1.eхe

[ Security issues ]
* Starting downloaded file - potential security problem.

[ Process/window information ]
* Modifies other process memory.
* Attemps to open C:WINDOWSTEMPcsrss.exe NULL.

**Winsent** · 07.11.2006, 17:19

Сейчас выловил из автозагрузки. Откуда взялось так и не понял...

rundll32 C:\PROGRA~1\NewDotNet\newdotnet6_38.dll,NewDotNetS tartup -s

Complete scanning result of "newdotnet6_38.rar", received in VirusTotal at 11.07.2006, 15:09:59 (CET).

Antivirus Version Update Result

AntiVir 7.2.0.37 11.07.2006 ADSPY/NewDotNet.A.7
Authentium 4.93.8 11.06.2006 no virus found
Avast 4.7.892.0 11.07.2006 Win32:Adware-gen.
AVG 386 11.07.2006 Adware Generic.ATT
BitDefender 7.2 11.06.2006 Application.Adware.NewDotNet.B
CAT-QuickHeal 8.00 11.07.2006 AdvWare.NewDotNet
ClamAV devel-20060426 11.07.2006 Adware.NewDotNet.B
DrWeb 4.33 11.07.2006 no virus found
eTrust-InoculateIT 23.73.48 11.07.2006 no virus found
eTrust-Vet 30.3.3181 11.07.2006 no virus found
Ewido 4.0 11.07.2006 Adware.NewDotNet
Fortinet 2.82.0.0 11.07.2006 Adware/Newdotnet
F-Prot 3.16f 11.06.2006 no virus found
F-Prot4 4.2.1.29 11.06.2006 no virus found
Ikarus 0.2.65.0 11.07.2006 no virus found
Kaspersky 4.0.2.24 11.07.2006 not-a-virus:AdWare.Win32.NewDotNet
McAfee 4889 11.06.2006 potentially unwanted program NDotNet
Microsoft 1.1609 11.07.2006 NewDotNet (threat-c)
NOD32v2 1.1857 11.07.2006 no virus found
Norman 5.80.02 11.07.2006 no virus found
Panda 9.0.0.4 11.06.2006 Spyware/New.net
Sophos 4.11.0 11.07.2006 NewDotNet
TheHacker 6.0.1.113 11.06.2006 Aplicacion/NewDotnet
UNA 1.83 11.06.2006 Adware.NewDotNet.335A
VBA32 3.11.1 11.07.2006 Adware.NewDotNet
VirusBuster 4.3.15:9 11.07.2006 Adware.NewDotNet.F

Aditional Information
File size: 90079 bytes
MD5: 4bfef9ce6bdcd7e3180993802912ea59
SHA1: fe8c2e000fee70da6116ab76330fb632b5e5ac83
packers: embedded

**Alex_Goodwin** · 08.11.2006, 15:32

Antivirus Version Update Result
AntiVir 7.2.0.39 11.08.2006 no virus found
Authentium 4.93.8 11.07.2006 no virus found
Avast 4.7.892.0 11.07.2006 no virus found
AVG 386 11.07.2006 no virus found
BitDefender 7.2 11.08.2006 no virus found
CAT-QuickHeal 8.00 11.07.2006 no virus found
ClamAV devel-20060426 11.08.2006 no virus found
DrWeb 4.33 11.08.2006 no virus found
eTrust-InoculateIT 23.73.49 11.08.2006 no virus found
eTrust-Vet 30.3.3182 11.08.2006 no virus found
Ewido 4.0 11.08.2006 no virus found
Fortinet 2.82.0.0 11.08.2006 no virus found
F-Prot 3.16f 11.07.2006 no virus found
F-Prot4 4.2.1.29 11.07.2006 no virus found
Ikarus 0.2.65.0 11.08.2006 no virus found
Kaspersky 4.0.2.24 11.08.2006 no virus found
McAfee 4890 11.07.2006 no virus found
Microsoft 1.1609 11.08.2006 no virus found
NOD32v2 1.1858 11.07.2006 no virus found
Norman 5.80.02 11.08.2006 W32/Malware
Panda 9.0.0.4 11.07.2006 Suspicious file
Sophos 4.11.0 11.07.2006 no virus found

Aditional Information
File size: 4234 bytes
MD5: 9de9cdbf3bdac48b9bbdc693079e8f0a
SHA1: 28f39847c99db5e076e61bc7ad0ea5cfb8acad43
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Attempts to run Visual Basic Script (VBS).
* File length: 4234 bytes.

[ Changes to filesystem ]
* Creates file C:WINDOWSTEMP.vbs.

[ Process/window information ]
* Attemps to open C:WINDOWSTEMP.vbs NULL.

Песочница рулит

**Nike** · 08.11.2006, 15:38

Complete scanning result of "agysteo.rar", received in VirusTotal at 11.08.2006, 13:34:42 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.39 11.08.2006 TR/Agent.aad.2
Authentium 4.93.8 11.07.2006 no virus found
Avast 4.7.892.0 11.07.2006 no virus found
AVG 386 11.07.2006 no virus found
BitDefender 7.2 11.08.2006 no virus found
CAT-QuickHeal 8.00 11.07.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.08.2006 no virus found
DrWeb 4.33 11.08.2006 BACKDOOR.Trojan
eTrust-InoculateIT 23.73.49 11.08.2006 no virus found
eTrust-Vet 30.3.3182 11.08.2006 no virus found
Ewido 4.0 11.08.2006 Trojan.Agent.aad
Fortinet 2.82.0.0 11.08.2006 W32/Agent.AAD!tr
F-Prot 3.16f 11.07.2006 no virus found
F-Prot4 4.2.1.29 11.07.2006 generic
Ikarus 0.2.65.0 11.08.2006 no virus found
Kaspersky 4.0.2.24 11.08.2006 Trojan.Win32.Agent.aad
McAfee 4890 11.07.2006 no virus found
Microsoft 1.1609 11.08.2006 no virus found
NOD32v2 1.1858 11.07.2006 probably unknown NewHeur_PE virus
Norman 5.80.02 11.08.2006 no virus found
Panda 9.0.0.4 11.07.2006 Trj/Agysteo.A
Sophos 4.11.0 11.07.2006 no virus found
TheHacker 6.0.1.114 11.08.2006 Trojan/Agent.aad
UNA 1.83 11.07.2006 no virus found
VBA32 3.11.1 11.08.2006 suspected of Trojan-Downloader.Delf.43 (paranoid heuristics)
VirusBuster 4.3.15:9 11.07.2006 no virus found

Aditional Information
File size: 3921 bytes
MD5: f87156570913d35465ddea6f2dddfdeb
SHA1: 00228dddf8d8f4c15cd4a34ea42ae0aab1fcbd23
packers: PECOMPACT
packers: PecBundle, PECompact

**DoSTR** · 09.11.2006, 10:39

Пришел сегодня файл со спамовой на Mail.ru расылкой пью кофе.exe или за столом.exe
Complete scanning result of "___1087", received in VirusTotal at 11.09.2006, 08:27:23 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.39 11.09.2006 TR/Dldr.Delf.awg.2
Authentium 4.93.8 11.08.2006 no virus found
Avast 4.7.892.0 11.07.2006 Win32

elf-BSE
AVG 386 11.08.2006 no virus found
BitDefender 7.2 11.09.2006 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 8.00 11.08.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 11.09.2006 Trojan.Downloader.Small-2298
DrWeb 4.33 11.08.2006 no virus found
eTrust-InoculateIT 23.73.50 11.09.2006 no virus found
eTrust-Vet 30.3.3184 11.09.2006 no virus found
Ewido 4.0 11.08.2006 no virus found
Fortinet 2.82.0.0 11.09.2006 suspicious
F-Prot 3.16f 11.08.2006 no virus found
--------F-Prot4 4.2.1.29 11.08.2006 no virus found
Ikarus 0.2.65.0 11.09.2006 Packer.byDwing
Kaspersky 4.0.2.24 11.09.2006 Trojan-Downloader.Win32.Delf.awg
McAfee 4891 11.08.2006 Downloader-AWA
Microsoft 1.1609 11.09.2006 no virus found
NOD32v2 1.1859 11.08.2006 a variant of Win32/TrojanDownloader.Delf.AJD
Norman 5.80.02 11.08.2006 W32/Downloader
Panda 9.0.0.4 11.08.2006 Suspicious file
Sophos 4.11.0 11.07.2006 Mal/Packer
TheHacker 6.0.1.116 11.09.2006 no virus found
UNA 1.83 11.08.2006 no virus found
VBA32 3.11.1 11.08.2006 no virus found
VirusBuster 4.3.15:9 11.08.2006 Trojan.DL.Delf.TZU

Aditional Information
File size: 11166 bytes
MD5: bc3fbbb394e6c75ad9ada7056beb5641
SHA1: 872bc3840d5e3055e928caea92eb4aac6f9834cd
packers: Upack
packers: UPACK
packers: UPack
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* **Locates window "NULL [class AVP.AlertDialog]" on desktop.
* File length: 11166 bytes.

[ Changes to filesystem ]
* Creates file C:WINDOWSTEMPcsrss.exe.

[ Changes to registry ]
* Sets value "m"="m" in key "HKCUSoftwareMicrosoftWindows".

[ Network services ]
* Looks for an Internet connection.
* Opens URL: http://www.xeseretuo.com/px1.exe.

[ Security issues ]
* Starting downloaded file - potential security problem.

[ Process/window information ]
* Modifies other process memory.
* Attemps to open C:WINDOWSTEMPcsrss.exe NULL.

Исследование антивирусов 4

Опции темы

Похожие темы

Исследование антивирусов 7

Исследование антивирусов 6

Исследование антивирусов 5

Исследование антивирусов 3

Исследование антивирусов 2

Ваши права в разделе